diff --git a/LICENSE b/LICENSE
new file mode 100644
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,367 @@
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
diff --git a/README.md b/README.md
new file mode 100644
--- /dev/null
+++ b/README.md
@@ -0,0 +1,44 @@
+# Amazon SecurityHub SDK
+
+* [Version](#version)
+* [Description](#description)
+* [Contribute](#contribute)
+* [Licence](#licence)
+
+
+## Version
+ 
+`2.0` - Derived from API version @2018-10-26@ of the AWS service descriptions, licensed under Apache 2.0.
+
+## Description
+
+Documentation is available via [Hackage](http://hackage.haskell.org/package/amazonka-securityhub)
+and the [AWS API Reference](https://aws.amazon.com/documentation/).
+
+The types from this library are intended to be used with [amazonka](http://hackage.haskell.org/package/amazonka),
+which provides mechanisms for specifying AuthN/AuthZ information, sending requests,
+and receiving responses.
+
+Lenses are used for constructing and manipulating types,
+due to the depth of nesting of AWS types and transparency regarding
+de/serialisation into more palatable Haskell values.
+The provided lenses should be compatible with any of the major lens libraries
+[lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core).
+
+See [Amazonka.SecurityHub](http://hackage.haskell.org/package/amazonka-securityhub/docs/Amazonka-SecurityHub.html)
+or [the AWS documentation](https://aws.amazon.com/documentation/) to get started.
+
+
+## Contribute
+
+For any problems, comments, or feedback please create an issue [here on GitHub](https://github.com/brendanhay/amazonka/issues).
+
+> _Note:_ this library is an auto-generated Haskell package. Please see `amazonka-gen` for more information.
+
+
+## Licence
+
+`amazonka-securityhub` is released under the [Mozilla Public License Version 2.0](http://www.mozilla.org/MPL/).
+
+Parts of the code are derived from AWS service descriptions, licensed under Apache 2.0.
+Source files subject to this contain an additional licensing clause in their header.
diff --git a/amazonka-securityhub.cabal b/amazonka-securityhub.cabal
new file mode 100644
--- /dev/null
+++ b/amazonka-securityhub.cabal
@@ -0,0 +1,701 @@
+cabal-version:      2.2
+name:               amazonka-securityhub
+version:            2.0
+synopsis:           Amazon SecurityHub SDK.
+homepage:           https://github.com/brendanhay/amazonka
+bug-reports:        https://github.com/brendanhay/amazonka/issues
+license:            MPL-2.0
+license-file:       LICENSE
+author:             Brendan Hay
+maintainer:
+  Brendan Hay <brendan.g.hay+amazonka@gmail.com>, Jack Kelly <jack@jackkelly.name>
+
+copyright:          Copyright (c) 2013-2023 Brendan Hay
+category:           AWS
+build-type:         Simple
+extra-source-files:
+  fixture/*.proto
+  fixture/*.yaml
+  README.md
+  src/.gitkeep
+
+description:
+  Derived from API version @2018-10-26@ of the AWS service descriptions, licensed under Apache 2.0.
+  .
+  The types from this library are intended to be used with <http://hackage.haskell.org/package/amazonka amazonka>,
+  which provides mechanisms for specifying AuthN/AuthZ information, sending requests, and receiving responses.
+  .
+  It is recommended to use generic lenses or optics from packages such as <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify optional fields and deconstruct responses.
+  .
+  Generated lenses can be found in "Amazonka.SecurityHub.Lens" and are
+  suitable for use with a lens package such as <http://hackage.haskell.org/package/lens lens> or <http://hackage.haskell.org/package/lens-family-core lens-family-core>.
+  .
+  See "Amazonka.SecurityHub" and the <https://aws.amazon.com/documentation/ AWS documentation> to get started.
+
+source-repository head
+  type:     git
+  location: git://github.com/brendanhay/amazonka.git
+  subdir:   amazonka-securityhub
+
+library
+  default-language: Haskell2010
+  hs-source-dirs:   src gen
+  ghc-options:
+    -Wall -fwarn-incomplete-uni-patterns
+    -fwarn-incomplete-record-updates -funbox-strict-fields
+
+  exposed-modules:
+    Amazonka.SecurityHub
+    Amazonka.SecurityHub.AcceptAdministratorInvitation
+    Amazonka.SecurityHub.BatchDisableStandards
+    Amazonka.SecurityHub.BatchEnableStandards
+    Amazonka.SecurityHub.BatchImportFindings
+    Amazonka.SecurityHub.BatchUpdateFindings
+    Amazonka.SecurityHub.CreateActionTarget
+    Amazonka.SecurityHub.CreateFindingAggregator
+    Amazonka.SecurityHub.CreateInsight
+    Amazonka.SecurityHub.CreateMembers
+    Amazonka.SecurityHub.DeclineInvitations
+    Amazonka.SecurityHub.DeleteActionTarget
+    Amazonka.SecurityHub.DeleteFindingAggregator
+    Amazonka.SecurityHub.DeleteInsight
+    Amazonka.SecurityHub.DeleteInvitations
+    Amazonka.SecurityHub.DeleteMembers
+    Amazonka.SecurityHub.DescribeActionTargets
+    Amazonka.SecurityHub.DescribeHub
+    Amazonka.SecurityHub.DescribeOrganizationConfiguration
+    Amazonka.SecurityHub.DescribeProducts
+    Amazonka.SecurityHub.DescribeStandards
+    Amazonka.SecurityHub.DescribeStandardsControls
+    Amazonka.SecurityHub.DisableImportFindingsForProduct
+    Amazonka.SecurityHub.DisableOrganizationAdminAccount
+    Amazonka.SecurityHub.DisableSecurityHub
+    Amazonka.SecurityHub.DisassociateFromAdministratorAccount
+    Amazonka.SecurityHub.DisassociateMembers
+    Amazonka.SecurityHub.EnableImportFindingsForProduct
+    Amazonka.SecurityHub.EnableOrganizationAdminAccount
+    Amazonka.SecurityHub.EnableSecurityHub
+    Amazonka.SecurityHub.GetAdministratorAccount
+    Amazonka.SecurityHub.GetEnabledStandards
+    Amazonka.SecurityHub.GetFindingAggregator
+    Amazonka.SecurityHub.GetFindings
+    Amazonka.SecurityHub.GetInsightResults
+    Amazonka.SecurityHub.GetInsights
+    Amazonka.SecurityHub.GetInvitationsCount
+    Amazonka.SecurityHub.GetMembers
+    Amazonka.SecurityHub.InviteMembers
+    Amazonka.SecurityHub.Lens
+    Amazonka.SecurityHub.ListEnabledProductsForImport
+    Amazonka.SecurityHub.ListFindingAggregators
+    Amazonka.SecurityHub.ListInvitations
+    Amazonka.SecurityHub.ListMembers
+    Amazonka.SecurityHub.ListOrganizationAdminAccounts
+    Amazonka.SecurityHub.ListTagsForResource
+    Amazonka.SecurityHub.TagResource
+    Amazonka.SecurityHub.Types
+    Amazonka.SecurityHub.Types.AccountDetails
+    Amazonka.SecurityHub.Types.Action
+    Amazonka.SecurityHub.Types.ActionLocalIpDetails
+    Amazonka.SecurityHub.Types.ActionLocalPortDetails
+    Amazonka.SecurityHub.Types.ActionRemoteIpDetails
+    Amazonka.SecurityHub.Types.ActionRemotePortDetails
+    Amazonka.SecurityHub.Types.ActionTarget
+    Amazonka.SecurityHub.Types.Adjustment
+    Amazonka.SecurityHub.Types.AdminAccount
+    Amazonka.SecurityHub.Types.AdminStatus
+    Amazonka.SecurityHub.Types.AutoEnableStandards
+    Amazonka.SecurityHub.Types.AvailabilityZone
+    Amazonka.SecurityHub.Types.AwsApiCallAction
+    Amazonka.SecurityHub.Types.AwsApiCallActionDomainDetails
+    Amazonka.SecurityHub.Types.AwsApiGatewayAccessLogSettings
+    Amazonka.SecurityHub.Types.AwsApiGatewayCanarySettings
+    Amazonka.SecurityHub.Types.AwsApiGatewayEndpointConfiguration
+    Amazonka.SecurityHub.Types.AwsApiGatewayMethodSettings
+    Amazonka.SecurityHub.Types.AwsApiGatewayRestApiDetails
+    Amazonka.SecurityHub.Types.AwsApiGatewayStageDetails
+    Amazonka.SecurityHub.Types.AwsApiGatewayV2ApiDetails
+    Amazonka.SecurityHub.Types.AwsApiGatewayV2RouteSettings
+    Amazonka.SecurityHub.Types.AwsApiGatewayV2StageDetails
+    Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
+    Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupDetails
+    Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification
+    Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
+    Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
+    Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
+    Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
+    Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
+    Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails
+    Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails
+    Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationDetails
+    Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails
+    Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationMetadataOptions
+    Amazonka.SecurityHub.Types.AwsBackupBackupPlanAdvancedBackupSettingsDetails
+    Amazonka.SecurityHub.Types.AwsBackupBackupPlanBackupPlanDetails
+    Amazonka.SecurityHub.Types.AwsBackupBackupPlanDetails
+    Amazonka.SecurityHub.Types.AwsBackupBackupPlanLifecycleDetails
+    Amazonka.SecurityHub.Types.AwsBackupBackupPlanRuleCopyActionsDetails
+    Amazonka.SecurityHub.Types.AwsBackupBackupPlanRuleDetails
+    Amazonka.SecurityHub.Types.AwsBackupBackupVaultDetails
+    Amazonka.SecurityHub.Types.AwsBackupBackupVaultNotificationsDetails
+    Amazonka.SecurityHub.Types.AwsBackupRecoveryPointCalculatedLifecycleDetails
+    Amazonka.SecurityHub.Types.AwsBackupRecoveryPointCreatedByDetails
+    Amazonka.SecurityHub.Types.AwsBackupRecoveryPointDetails
+    Amazonka.SecurityHub.Types.AwsBackupRecoveryPointLifecycleDetails
+    Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateDetails
+    Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateDomainValidationOption
+    Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateExtendedKeyUsage
+    Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateKeyUsage
+    Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateOptions
+    Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateRenewalSummary
+    Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateResourceRecord
+    Amazonka.SecurityHub.Types.AwsCloudFormationStackDetails
+    Amazonka.SecurityHub.Types.AwsCloudFormationStackDriftInformationDetails
+    Amazonka.SecurityHub.Types.AwsCloudFormationStackOutputsDetails
+    Amazonka.SecurityHub.Types.AwsCloudFrontDistributionCacheBehavior
+    Amazonka.SecurityHub.Types.AwsCloudFrontDistributionCacheBehaviors
+    Amazonka.SecurityHub.Types.AwsCloudFrontDistributionDefaultCacheBehavior
+    Amazonka.SecurityHub.Types.AwsCloudFrontDistributionDetails
+    Amazonka.SecurityHub.Types.AwsCloudFrontDistributionLogging
+    Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginCustomOriginConfig
+    Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroup
+    Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroupFailover
+    Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroupFailoverStatusCodes
+    Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroups
+    Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginItem
+    Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOrigins
+    Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginS3OriginConfig
+    Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginSslProtocols
+    Amazonka.SecurityHub.Types.AwsCloudFrontDistributionViewerCertificate
+    Amazonka.SecurityHub.Types.AwsCloudTrailTrailDetails
+    Amazonka.SecurityHub.Types.AwsCloudWatchAlarmDetails
+    Amazonka.SecurityHub.Types.AwsCloudWatchAlarmDimensionsDetails
+    Amazonka.SecurityHub.Types.AwsCodeBuildProjectArtifactsDetails
+    Amazonka.SecurityHub.Types.AwsCodeBuildProjectDetails
+    Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironment
+    Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails
+    Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironmentRegistryCredential
+    Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails
+    Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigDetails
+    Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigS3LogsDetails
+    Amazonka.SecurityHub.Types.AwsCodeBuildProjectSource
+    Amazonka.SecurityHub.Types.AwsCodeBuildProjectVpcConfig
+    Amazonka.SecurityHub.Types.AwsCorsConfiguration
+    Amazonka.SecurityHub.Types.AwsDynamoDbTableAttributeDefinition
+    Amazonka.SecurityHub.Types.AwsDynamoDbTableBillingModeSummary
+    Amazonka.SecurityHub.Types.AwsDynamoDbTableDetails
+    Amazonka.SecurityHub.Types.AwsDynamoDbTableGlobalSecondaryIndex
+    Amazonka.SecurityHub.Types.AwsDynamoDbTableKeySchema
+    Amazonka.SecurityHub.Types.AwsDynamoDbTableLocalSecondaryIndex
+    Amazonka.SecurityHub.Types.AwsDynamoDbTableProjection
+    Amazonka.SecurityHub.Types.AwsDynamoDbTableProvisionedThroughput
+    Amazonka.SecurityHub.Types.AwsDynamoDbTableProvisionedThroughputOverride
+    Amazonka.SecurityHub.Types.AwsDynamoDbTableReplica
+    Amazonka.SecurityHub.Types.AwsDynamoDbTableReplicaGlobalSecondaryIndex
+    Amazonka.SecurityHub.Types.AwsDynamoDbTableRestoreSummary
+    Amazonka.SecurityHub.Types.AwsDynamoDbTableSseDescription
+    Amazonka.SecurityHub.Types.AwsDynamoDbTableStreamSpecification
+    Amazonka.SecurityHub.Types.AwsEc2EipDetails
+    Amazonka.SecurityHub.Types.AwsEc2InstanceDetails
+    Amazonka.SecurityHub.Types.AwsEc2InstanceMetadataOptions
+    Amazonka.SecurityHub.Types.AwsEc2InstanceNetworkInterfacesDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCpuOptionsDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCreditSpecificationDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataEnclaveOptionsDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataHibernationOptionsDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataIamInstanceProfileDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataLicenseSetDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMaintenanceOptionsDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMetadataOptionsDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMonitoringDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataPlacementDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails
+    Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDetails
+    Amazonka.SecurityHub.Types.AwsEc2NetworkAclAssociation
+    Amazonka.SecurityHub.Types.AwsEc2NetworkAclDetails
+    Amazonka.SecurityHub.Types.AwsEc2NetworkAclEntry
+    Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceAttachment
+    Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceDetails
+    Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceIpV6AddressDetail
+    Amazonka.SecurityHub.Types.AwsEc2NetworkInterfacePrivateIpAddressDetail
+    Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceSecurityGroup
+    Amazonka.SecurityHub.Types.AwsEc2SecurityGroupDetails
+    Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpPermission
+    Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpRange
+    Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpv6Range
+    Amazonka.SecurityHub.Types.AwsEc2SecurityGroupPrefixListId
+    Amazonka.SecurityHub.Types.AwsEc2SecurityGroupUserIdGroupPair
+    Amazonka.SecurityHub.Types.AwsEc2SubnetDetails
+    Amazonka.SecurityHub.Types.AwsEc2TransitGatewayDetails
+    Amazonka.SecurityHub.Types.AwsEc2VolumeAttachment
+    Amazonka.SecurityHub.Types.AwsEc2VolumeDetails
+    Amazonka.SecurityHub.Types.AwsEc2VpcDetails
+    Amazonka.SecurityHub.Types.AwsEc2VpcEndpointServiceDetails
+    Amazonka.SecurityHub.Types.AwsEc2VpcEndpointServiceServiceTypeDetails
+    Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionDetails
+    Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionStatusDetails
+    Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionVpcInfoDetails
+    Amazonka.SecurityHub.Types.AwsEc2VpnConnectionDetails
+    Amazonka.SecurityHub.Types.AwsEc2VpnConnectionOptionsDetails
+    Amazonka.SecurityHub.Types.AwsEc2VpnConnectionOptionsTunnelOptionsDetails
+    Amazonka.SecurityHub.Types.AwsEc2VpnConnectionRoutesDetails
+    Amazonka.SecurityHub.Types.AwsEc2VpnConnectionVgwTelemetryDetails
+    Amazonka.SecurityHub.Types.AwsEcrContainerImageDetails
+    Amazonka.SecurityHub.Types.AwsEcrRepositoryDetails
+    Amazonka.SecurityHub.Types.AwsEcrRepositoryImageScanningConfigurationDetails
+    Amazonka.SecurityHub.Types.AwsEcrRepositoryLifecyclePolicyDetails
+    Amazonka.SecurityHub.Types.AwsEcsClusterClusterSettingsDetails
+    Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationDetails
+    Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationExecuteCommandConfigurationDetails
+    Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails
+    Amazonka.SecurityHub.Types.AwsEcsClusterDefaultCapacityProviderStrategyDetails
+    Amazonka.SecurityHub.Types.AwsEcsClusterDetails
+    Amazonka.SecurityHub.Types.AwsEcsContainerDetails
+    Amazonka.SecurityHub.Types.AwsEcsServiceCapacityProviderStrategyDetails
+    Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails
+    Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentConfigurationDetails
+    Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentControllerDetails
+    Amazonka.SecurityHub.Types.AwsEcsServiceDetails
+    Amazonka.SecurityHub.Types.AwsEcsServiceLoadBalancersDetails
+    Amazonka.SecurityHub.Types.AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails
+    Amazonka.SecurityHub.Types.AwsEcsServiceNetworkConfigurationDetails
+    Amazonka.SecurityHub.Types.AwsEcsServicePlacementConstraintsDetails
+    Amazonka.SecurityHub.Types.AwsEcsServicePlacementStrategiesDetails
+    Amazonka.SecurityHub.Types.AwsEcsServiceServiceRegistriesDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionInferenceAcceleratorsDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionPlacementConstraintsDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionProxyConfigurationDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesHostDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskVolumeDetails
+    Amazonka.SecurityHub.Types.AwsEcsTaskVolumeHostDetails
+    Amazonka.SecurityHub.Types.AwsEfsAccessPointDetails
+    Amazonka.SecurityHub.Types.AwsEfsAccessPointPosixUserDetails
+    Amazonka.SecurityHub.Types.AwsEfsAccessPointRootDirectoryCreationInfoDetails
+    Amazonka.SecurityHub.Types.AwsEfsAccessPointRootDirectoryDetails
+    Amazonka.SecurityHub.Types.AwsEksClusterDetails
+    Amazonka.SecurityHub.Types.AwsEksClusterLoggingClusterLoggingDetails
+    Amazonka.SecurityHub.Types.AwsEksClusterLoggingDetails
+    Amazonka.SecurityHub.Types.AwsEksClusterResourcesVpcConfigDetails
+    Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentDetails
+    Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentEnvironmentLink
+    Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentOptionSetting
+    Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentTier
+    Amazonka.SecurityHub.Types.AwsElasticsearchDomainDetails
+    Amazonka.SecurityHub.Types.AwsElasticsearchDomainDomainEndpointOptions
+    Amazonka.SecurityHub.Types.AwsElasticsearchDomainElasticsearchClusterConfigDetails
+    Amazonka.SecurityHub.Types.AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails
+    Amazonka.SecurityHub.Types.AwsElasticsearchDomainEncryptionAtRestOptions
+    Amazonka.SecurityHub.Types.AwsElasticsearchDomainLogPublishingOptions
+    Amazonka.SecurityHub.Types.AwsElasticsearchDomainLogPublishingOptionsLogConfig
+    Amazonka.SecurityHub.Types.AwsElasticsearchDomainNodeToNodeEncryptionOptions
+    Amazonka.SecurityHub.Types.AwsElasticsearchDomainServiceSoftwareOptions
+    Amazonka.SecurityHub.Types.AwsElasticsearchDomainVPCOptions
+    Amazonka.SecurityHub.Types.AwsElbAppCookieStickinessPolicy
+    Amazonka.SecurityHub.Types.AwsElbLbCookieStickinessPolicy
+    Amazonka.SecurityHub.Types.AwsElbLoadBalancerAccessLog
+    Amazonka.SecurityHub.Types.AwsElbLoadBalancerAdditionalAttribute
+    Amazonka.SecurityHub.Types.AwsElbLoadBalancerAttributes
+    Amazonka.SecurityHub.Types.AwsElbLoadBalancerBackendServerDescription
+    Amazonka.SecurityHub.Types.AwsElbLoadBalancerConnectionDraining
+    Amazonka.SecurityHub.Types.AwsElbLoadBalancerConnectionSettings
+    Amazonka.SecurityHub.Types.AwsElbLoadBalancerCrossZoneLoadBalancing
+    Amazonka.SecurityHub.Types.AwsElbLoadBalancerDetails
+    Amazonka.SecurityHub.Types.AwsElbLoadBalancerHealthCheck
+    Amazonka.SecurityHub.Types.AwsElbLoadBalancerInstance
+    Amazonka.SecurityHub.Types.AwsElbLoadBalancerListener
+    Amazonka.SecurityHub.Types.AwsElbLoadBalancerListenerDescription
+    Amazonka.SecurityHub.Types.AwsElbLoadBalancerPolicies
+    Amazonka.SecurityHub.Types.AwsElbLoadBalancerSourceSecurityGroup
+    Amazonka.SecurityHub.Types.AwsElbv2LoadBalancerAttribute
+    Amazonka.SecurityHub.Types.AwsElbv2LoadBalancerDetails
+    Amazonka.SecurityHub.Types.AwsIamAccessKeyDetails
+    Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContext
+    Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContextAttributes
+    Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContextSessionIssuer
+    Amazonka.SecurityHub.Types.AwsIamAccessKeyStatus
+    Amazonka.SecurityHub.Types.AwsIamAttachedManagedPolicy
+    Amazonka.SecurityHub.Types.AwsIamGroupDetails
+    Amazonka.SecurityHub.Types.AwsIamGroupPolicy
+    Amazonka.SecurityHub.Types.AwsIamInstanceProfile
+    Amazonka.SecurityHub.Types.AwsIamInstanceProfileRole
+    Amazonka.SecurityHub.Types.AwsIamPermissionsBoundary
+    Amazonka.SecurityHub.Types.AwsIamPolicyDetails
+    Amazonka.SecurityHub.Types.AwsIamPolicyVersion
+    Amazonka.SecurityHub.Types.AwsIamRoleDetails
+    Amazonka.SecurityHub.Types.AwsIamRolePolicy
+    Amazonka.SecurityHub.Types.AwsIamUserDetails
+    Amazonka.SecurityHub.Types.AwsIamUserPolicy
+    Amazonka.SecurityHub.Types.AwsKinesisStreamDetails
+    Amazonka.SecurityHub.Types.AwsKinesisStreamStreamEncryptionDetails
+    Amazonka.SecurityHub.Types.AwsKmsKeyDetails
+    Amazonka.SecurityHub.Types.AwsLambdaFunctionCode
+    Amazonka.SecurityHub.Types.AwsLambdaFunctionDeadLetterConfig
+    Amazonka.SecurityHub.Types.AwsLambdaFunctionDetails
+    Amazonka.SecurityHub.Types.AwsLambdaFunctionEnvironment
+    Amazonka.SecurityHub.Types.AwsLambdaFunctionEnvironmentError
+    Amazonka.SecurityHub.Types.AwsLambdaFunctionLayer
+    Amazonka.SecurityHub.Types.AwsLambdaFunctionTracingConfig
+    Amazonka.SecurityHub.Types.AwsLambdaFunctionVpcConfig
+    Amazonka.SecurityHub.Types.AwsLambdaLayerVersionDetails
+    Amazonka.SecurityHub.Types.AwsMountPoint
+    Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallDetails
+    Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallPolicyDetails
+    Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallSubnetMappingsDetails
+    Amazonka.SecurityHub.Types.AwsNetworkFirewallRuleGroupDetails
+    Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails
+    Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainClusterConfigDetails
+    Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails
+    Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainDetails
+    Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainDomainEndpointOptionsDetails
+    Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails
+    Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainLogPublishingOption
+    Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainLogPublishingOptionsDetails
+    Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainMasterUserOptionsDetails
+    Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails
+    Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails
+    Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainVpcOptionsDetails
+    Amazonka.SecurityHub.Types.AwsRdsDbClusterAssociatedRole
+    Amazonka.SecurityHub.Types.AwsRdsDbClusterDetails
+    Amazonka.SecurityHub.Types.AwsRdsDbClusterMember
+    Amazonka.SecurityHub.Types.AwsRdsDbClusterOptionGroupMembership
+    Amazonka.SecurityHub.Types.AwsRdsDbClusterSnapshotDetails
+    Amazonka.SecurityHub.Types.AwsRdsDbDomainMembership
+    Amazonka.SecurityHub.Types.AwsRdsDbInstanceAssociatedRole
+    Amazonka.SecurityHub.Types.AwsRdsDbInstanceDetails
+    Amazonka.SecurityHub.Types.AwsRdsDbInstanceEndpoint
+    Amazonka.SecurityHub.Types.AwsRdsDbInstanceVpcSecurityGroup
+    Amazonka.SecurityHub.Types.AwsRdsDbOptionGroupMembership
+    Amazonka.SecurityHub.Types.AwsRdsDbParameterGroup
+    Amazonka.SecurityHub.Types.AwsRdsDbPendingModifiedValues
+    Amazonka.SecurityHub.Types.AwsRdsDbProcessorFeature
+    Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupDetails
+    Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupEc2SecurityGroup
+    Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupIpRange
+    Amazonka.SecurityHub.Types.AwsRdsDbSnapshotDetails
+    Amazonka.SecurityHub.Types.AwsRdsDbStatusInfo
+    Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroup
+    Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroupSubnet
+    Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroupSubnetAvailabilityZone
+    Amazonka.SecurityHub.Types.AwsRdsEventSubscriptionDetails
+    Amazonka.SecurityHub.Types.AwsRdsPendingCloudWatchLogsExports
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterNode
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterParameterGroup
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterParameterStatus
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterSecurityGroup
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterSnapshotCopyStatus
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterDeferredMaintenanceWindow
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterDetails
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterElasticIpStatus
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterEndpoint
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterHsmStatus
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterIamRole
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterLoggingStatus
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterPendingModifiedValues
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterResizeInfo
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterRestoreStatus
+    Amazonka.SecurityHub.Types.AwsRedshiftClusterVpcSecurityGroup
+    Amazonka.SecurityHub.Types.AwsS3AccountPublicAccessBlockDetails
+    Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationDetails
+    Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails
+    Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesDetails
+    Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails
+    Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails
+    Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails
+    Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails
+    Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails
+    Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails
+    Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails
+    Amazonka.SecurityHub.Types.AwsS3BucketBucketVersioningConfiguration
+    Amazonka.SecurityHub.Types.AwsS3BucketDetails
+    Amazonka.SecurityHub.Types.AwsS3BucketLoggingConfiguration
+    Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfiguration
+    Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationDetail
+    Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationFilter
+    Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilter
+    Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilterRule
+    Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilterRuleName
+    Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionByDefault
+    Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionConfiguration
+    Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionRule
+    Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfiguration
+    Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRedirectTo
+    Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRule
+    Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRuleCondition
+    Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRuleRedirect
+    Amazonka.SecurityHub.Types.AwsS3ObjectDetails
+    Amazonka.SecurityHub.Types.AwsSageMakerNotebookInstanceDetails
+    Amazonka.SecurityHub.Types.AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails
+    Amazonka.SecurityHub.Types.AwsSecretsManagerSecretDetails
+    Amazonka.SecurityHub.Types.AwsSecretsManagerSecretRotationRules
+    Amazonka.SecurityHub.Types.AwsSecurityFinding
+    Amazonka.SecurityHub.Types.AwsSecurityFindingFilters
+    Amazonka.SecurityHub.Types.AwsSecurityFindingIdentifier
+    Amazonka.SecurityHub.Types.AwsSnsTopicDetails
+    Amazonka.SecurityHub.Types.AwsSnsTopicSubscription
+    Amazonka.SecurityHub.Types.AwsSqsQueueDetails
+    Amazonka.SecurityHub.Types.AwsSsmComplianceSummary
+    Amazonka.SecurityHub.Types.AwsSsmPatch
+    Amazonka.SecurityHub.Types.AwsSsmPatchComplianceDetails
+    Amazonka.SecurityHub.Types.AwsWafRateBasedRuleDetails
+    Amazonka.SecurityHub.Types.AwsWafRateBasedRuleMatchPredicate
+    Amazonka.SecurityHub.Types.AwsWafRegionalRateBasedRuleDetails
+    Amazonka.SecurityHub.Types.AwsWafRegionalRateBasedRuleMatchPredicate
+    Amazonka.SecurityHub.Types.AwsWafRegionalRuleDetails
+    Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupDetails
+    Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupRulesActionDetails
+    Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupRulesDetails
+    Amazonka.SecurityHub.Types.AwsWafRegionalRulePredicateListDetails
+    Amazonka.SecurityHub.Types.AwsWafRegionalWebAclDetails
+    Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListActionDetails
+    Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListDetails
+    Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListOverrideActionDetails
+    Amazonka.SecurityHub.Types.AwsWafRuleDetails
+    Amazonka.SecurityHub.Types.AwsWafRuleGroupDetails
+    Amazonka.SecurityHub.Types.AwsWafRuleGroupRulesActionDetails
+    Amazonka.SecurityHub.Types.AwsWafRuleGroupRulesDetails
+    Amazonka.SecurityHub.Types.AwsWafRulePredicateListDetails
+    Amazonka.SecurityHub.Types.AwsWafv2ActionAllowDetails
+    Amazonka.SecurityHub.Types.AwsWafv2ActionBlockDetails
+    Amazonka.SecurityHub.Types.AwsWafv2CustomHttpHeader
+    Amazonka.SecurityHub.Types.AwsWafv2CustomRequestHandlingDetails
+    Amazonka.SecurityHub.Types.AwsWafv2CustomResponseDetails
+    Amazonka.SecurityHub.Types.AwsWafv2RuleGroupDetails
+    Amazonka.SecurityHub.Types.AwsWafv2RulesActionCaptchaDetails
+    Amazonka.SecurityHub.Types.AwsWafv2RulesActionCountDetails
+    Amazonka.SecurityHub.Types.AwsWafv2RulesActionDetails
+    Amazonka.SecurityHub.Types.AwsWafv2RulesDetails
+    Amazonka.SecurityHub.Types.AwsWafv2VisibilityConfigDetails
+    Amazonka.SecurityHub.Types.AwsWafv2WebAclActionDetails
+    Amazonka.SecurityHub.Types.AwsWafv2WebAclCaptchaConfigDetails
+    Amazonka.SecurityHub.Types.AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails
+    Amazonka.SecurityHub.Types.AwsWafv2WebAclDetails
+    Amazonka.SecurityHub.Types.AwsWafWebAclDetails
+    Amazonka.SecurityHub.Types.AwsWafWebAclRule
+    Amazonka.SecurityHub.Types.AwsXrayEncryptionConfigDetails
+    Amazonka.SecurityHub.Types.BatchUpdateFindingsUnprocessedFinding
+    Amazonka.SecurityHub.Types.BooleanFilter
+    Amazonka.SecurityHub.Types.Cell
+    Amazonka.SecurityHub.Types.CidrBlockAssociation
+    Amazonka.SecurityHub.Types.City
+    Amazonka.SecurityHub.Types.ClassificationResult
+    Amazonka.SecurityHub.Types.ClassificationStatus
+    Amazonka.SecurityHub.Types.Compliance
+    Amazonka.SecurityHub.Types.ComplianceStatus
+    Amazonka.SecurityHub.Types.ContainerDetails
+    Amazonka.SecurityHub.Types.ControlStatus
+    Amazonka.SecurityHub.Types.Country
+    Amazonka.SecurityHub.Types.CustomDataIdentifiersDetections
+    Amazonka.SecurityHub.Types.CustomDataIdentifiersResult
+    Amazonka.SecurityHub.Types.Cvss
+    Amazonka.SecurityHub.Types.DataClassificationDetails
+    Amazonka.SecurityHub.Types.DateFilter
+    Amazonka.SecurityHub.Types.DateRange
+    Amazonka.SecurityHub.Types.DateRangeUnit
+    Amazonka.SecurityHub.Types.DnsRequestAction
+    Amazonka.SecurityHub.Types.FilePaths
+    Amazonka.SecurityHub.Types.FindingAggregator
+    Amazonka.SecurityHub.Types.FindingProviderFields
+    Amazonka.SecurityHub.Types.FindingProviderSeverity
+    Amazonka.SecurityHub.Types.FirewallPolicyDetails
+    Amazonka.SecurityHub.Types.FirewallPolicyStatefulRuleGroupReferencesDetails
+    Amazonka.SecurityHub.Types.FirewallPolicyStatelessCustomActionsDetails
+    Amazonka.SecurityHub.Types.FirewallPolicyStatelessRuleGroupReferencesDetails
+    Amazonka.SecurityHub.Types.GeoLocation
+    Amazonka.SecurityHub.Types.IcmpTypeCode
+    Amazonka.SecurityHub.Types.ImportFindingsError
+    Amazonka.SecurityHub.Types.Insight
+    Amazonka.SecurityHub.Types.InsightResults
+    Amazonka.SecurityHub.Types.InsightResultValue
+    Amazonka.SecurityHub.Types.IntegrationType
+    Amazonka.SecurityHub.Types.Invitation
+    Amazonka.SecurityHub.Types.IpFilter
+    Amazonka.SecurityHub.Types.IpOrganizationDetails
+    Amazonka.SecurityHub.Types.Ipv6CidrBlockAssociation
+    Amazonka.SecurityHub.Types.KeywordFilter
+    Amazonka.SecurityHub.Types.LoadBalancerState
+    Amazonka.SecurityHub.Types.Malware
+    Amazonka.SecurityHub.Types.MalwareState
+    Amazonka.SecurityHub.Types.MalwareType
+    Amazonka.SecurityHub.Types.MapFilter
+    Amazonka.SecurityHub.Types.MapFilterComparison
+    Amazonka.SecurityHub.Types.Member
+    Amazonka.SecurityHub.Types.Network
+    Amazonka.SecurityHub.Types.NetworkConnectionAction
+    Amazonka.SecurityHub.Types.NetworkDirection
+    Amazonka.SecurityHub.Types.NetworkHeader
+    Amazonka.SecurityHub.Types.NetworkPathComponent
+    Amazonka.SecurityHub.Types.NetworkPathComponentDetails
+    Amazonka.SecurityHub.Types.Note
+    Amazonka.SecurityHub.Types.NoteUpdate
+    Amazonka.SecurityHub.Types.NumberFilter
+    Amazonka.SecurityHub.Types.Occurrences
+    Amazonka.SecurityHub.Types.Page
+    Amazonka.SecurityHub.Types.Partition
+    Amazonka.SecurityHub.Types.PatchSummary
+    Amazonka.SecurityHub.Types.PortProbeAction
+    Amazonka.SecurityHub.Types.PortProbeDetail
+    Amazonka.SecurityHub.Types.PortRange
+    Amazonka.SecurityHub.Types.PortRangeFromTo
+    Amazonka.SecurityHub.Types.ProcessDetails
+    Amazonka.SecurityHub.Types.Product
+    Amazonka.SecurityHub.Types.Range
+    Amazonka.SecurityHub.Types.Recommendation
+    Amazonka.SecurityHub.Types.Record
+    Amazonka.SecurityHub.Types.RecordState
+    Amazonka.SecurityHub.Types.RelatedFinding
+    Amazonka.SecurityHub.Types.Remediation
+    Amazonka.SecurityHub.Types.Resource
+    Amazonka.SecurityHub.Types.ResourceDetails
+    Amazonka.SecurityHub.Types.Result
+    Amazonka.SecurityHub.Types.RuleGroupDetails
+    Amazonka.SecurityHub.Types.RuleGroupSource
+    Amazonka.SecurityHub.Types.RuleGroupSourceCustomActionsDetails
+    Amazonka.SecurityHub.Types.RuleGroupSourceListDetails
+    Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesDetails
+    Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesHeaderDetails
+    Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesOptionsDetails
+    Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleDefinition
+    Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributes
+    Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
+    Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesDestinations
+    Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
+    Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesSources
+    Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
+    Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRulesAndCustomActionsDetails
+    Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRulesDetails
+    Amazonka.SecurityHub.Types.RuleGroupVariables
+    Amazonka.SecurityHub.Types.RuleGroupVariablesIpSetsDetails
+    Amazonka.SecurityHub.Types.RuleGroupVariablesPortSetsDetails
+    Amazonka.SecurityHub.Types.SensitiveDataDetections
+    Amazonka.SecurityHub.Types.SensitiveDataResult
+    Amazonka.SecurityHub.Types.Severity
+    Amazonka.SecurityHub.Types.SeverityLabel
+    Amazonka.SecurityHub.Types.SeverityRating
+    Amazonka.SecurityHub.Types.SeverityUpdate
+    Amazonka.SecurityHub.Types.SoftwarePackage
+    Amazonka.SecurityHub.Types.SortCriterion
+    Amazonka.SecurityHub.Types.SortOrder
+    Amazonka.SecurityHub.Types.Standard
+    Amazonka.SecurityHub.Types.StandardsControl
+    Amazonka.SecurityHub.Types.StandardsManagedBy
+    Amazonka.SecurityHub.Types.StandardsStatus
+    Amazonka.SecurityHub.Types.StandardsStatusReason
+    Amazonka.SecurityHub.Types.StandardsSubscription
+    Amazonka.SecurityHub.Types.StandardsSubscriptionRequest
+    Amazonka.SecurityHub.Types.StatelessCustomActionDefinition
+    Amazonka.SecurityHub.Types.StatelessCustomPublishMetricAction
+    Amazonka.SecurityHub.Types.StatelessCustomPublishMetricActionDimension
+    Amazonka.SecurityHub.Types.StatusReason
+    Amazonka.SecurityHub.Types.StatusReasonCode
+    Amazonka.SecurityHub.Types.StringFilter
+    Amazonka.SecurityHub.Types.StringFilterComparison
+    Amazonka.SecurityHub.Types.Threat
+    Amazonka.SecurityHub.Types.ThreatIntelIndicator
+    Amazonka.SecurityHub.Types.ThreatIntelIndicatorCategory
+    Amazonka.SecurityHub.Types.ThreatIntelIndicatorType
+    Amazonka.SecurityHub.Types.VerificationState
+    Amazonka.SecurityHub.Types.VolumeMount
+    Amazonka.SecurityHub.Types.VpcInfoCidrBlockSetDetails
+    Amazonka.SecurityHub.Types.VpcInfoIpv6CidrBlockSetDetails
+    Amazonka.SecurityHub.Types.VpcInfoPeeringOptionsDetails
+    Amazonka.SecurityHub.Types.Vulnerability
+    Amazonka.SecurityHub.Types.VulnerabilityFixAvailable
+    Amazonka.SecurityHub.Types.VulnerabilityVendor
+    Amazonka.SecurityHub.Types.WafAction
+    Amazonka.SecurityHub.Types.WafExcludedRule
+    Amazonka.SecurityHub.Types.WafOverrideAction
+    Amazonka.SecurityHub.Types.Workflow
+    Amazonka.SecurityHub.Types.WorkflowState
+    Amazonka.SecurityHub.Types.WorkflowStatus
+    Amazonka.SecurityHub.Types.WorkflowUpdate
+    Amazonka.SecurityHub.UntagResource
+    Amazonka.SecurityHub.UpdateActionTarget
+    Amazonka.SecurityHub.UpdateFindingAggregator
+    Amazonka.SecurityHub.UpdateFindings
+    Amazonka.SecurityHub.UpdateInsight
+    Amazonka.SecurityHub.UpdateOrganizationConfiguration
+    Amazonka.SecurityHub.UpdateSecurityHubConfiguration
+    Amazonka.SecurityHub.UpdateStandardsControl
+    Amazonka.SecurityHub.Waiters
+
+  build-depends:
+    , amazonka-core  >=2.0  && <2.1
+    , base           >=4.12 && <5
+
+test-suite amazonka-securityhub-test
+  type:             exitcode-stdio-1.0
+  default-language: Haskell2010
+  hs-source-dirs:   test
+  main-is:          Main.hs
+  ghc-options:      -Wall -threaded
+
+  -- This section is encoded by the template and any modules added by
+  -- hand outside these namespaces will not correctly be added to the
+  -- distribution package.
+  other-modules:
+    Test.Amazonka.Gen.SecurityHub
+    Test.Amazonka.SecurityHub
+    Test.Amazonka.SecurityHub.Internal
+
+  build-depends:
+    , amazonka-core         >=2.0 && <2.1
+    , amazonka-securityhub
+    , amazonka-test         >=2.0 && <2.1
+    , base
+    , bytestring
+    , case-insensitive
+    , tasty
+    , tasty-hunit
+    , text
+    , time
+    , unordered-containers
diff --git a/fixture/AcceptAdministratorInvitation.yaml b/fixture/AcceptAdministratorInvitation.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AcceptAdministratorInvitation.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/AcceptAdministratorInvitationResponse.proto b/fixture/AcceptAdministratorInvitationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AcceptAdministratorInvitationResponse.proto
diff --git a/fixture/BatchDisableStandards.yaml b/fixture/BatchDisableStandards.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/BatchDisableStandards.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/BatchDisableStandardsResponse.proto b/fixture/BatchDisableStandardsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/BatchDisableStandardsResponse.proto
diff --git a/fixture/BatchEnableStandards.yaml b/fixture/BatchEnableStandards.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/BatchEnableStandards.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/BatchEnableStandardsResponse.proto b/fixture/BatchEnableStandardsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/BatchEnableStandardsResponse.proto
diff --git a/fixture/BatchImportFindings.yaml b/fixture/BatchImportFindings.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/BatchImportFindings.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/BatchImportFindingsResponse.proto b/fixture/BatchImportFindingsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/BatchImportFindingsResponse.proto
diff --git a/fixture/BatchUpdateFindings.yaml b/fixture/BatchUpdateFindings.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/BatchUpdateFindings.yaml
@@ -0,0 +1,10 @@
+---
+method: PATCH
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/BatchUpdateFindingsResponse.proto b/fixture/BatchUpdateFindingsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/BatchUpdateFindingsResponse.proto
diff --git a/fixture/CreateActionTarget.yaml b/fixture/CreateActionTarget.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateActionTarget.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateActionTargetResponse.proto b/fixture/CreateActionTargetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateActionTargetResponse.proto
diff --git a/fixture/CreateFindingAggregator.yaml b/fixture/CreateFindingAggregator.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateFindingAggregator.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateFindingAggregatorResponse.proto b/fixture/CreateFindingAggregatorResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateFindingAggregatorResponse.proto
diff --git a/fixture/CreateInsight.yaml b/fixture/CreateInsight.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateInsight.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateInsightResponse.proto b/fixture/CreateInsightResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateInsightResponse.proto
diff --git a/fixture/CreateMembers.yaml b/fixture/CreateMembers.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateMembers.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateMembersResponse.proto b/fixture/CreateMembersResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateMembersResponse.proto
diff --git a/fixture/DeclineInvitations.yaml b/fixture/DeclineInvitations.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeclineInvitations.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeclineInvitationsResponse.proto b/fixture/DeclineInvitationsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeclineInvitationsResponse.proto
diff --git a/fixture/DeleteActionTarget.yaml b/fixture/DeleteActionTarget.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteActionTarget.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteActionTargetResponse.proto b/fixture/DeleteActionTargetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteActionTargetResponse.proto
diff --git a/fixture/DeleteFindingAggregator.yaml b/fixture/DeleteFindingAggregator.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteFindingAggregator.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteFindingAggregatorResponse.proto b/fixture/DeleteFindingAggregatorResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteFindingAggregatorResponse.proto
diff --git a/fixture/DeleteInsight.yaml b/fixture/DeleteInsight.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteInsight.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteInsightResponse.proto b/fixture/DeleteInsightResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteInsightResponse.proto
diff --git a/fixture/DeleteInvitations.yaml b/fixture/DeleteInvitations.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteInvitations.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteInvitationsResponse.proto b/fixture/DeleteInvitationsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteInvitationsResponse.proto
diff --git a/fixture/DeleteMembers.yaml b/fixture/DeleteMembers.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteMembers.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteMembersResponse.proto b/fixture/DeleteMembersResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteMembersResponse.proto
diff --git a/fixture/DescribeActionTargets.yaml b/fixture/DescribeActionTargets.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeActionTargets.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeActionTargetsResponse.proto b/fixture/DescribeActionTargetsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeActionTargetsResponse.proto
diff --git a/fixture/DescribeHub.yaml b/fixture/DescribeHub.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeHub.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeHubResponse.proto b/fixture/DescribeHubResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeHubResponse.proto
diff --git a/fixture/DescribeOrganizationConfiguration.yaml b/fixture/DescribeOrganizationConfiguration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeOrganizationConfiguration.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeOrganizationConfigurationResponse.proto b/fixture/DescribeOrganizationConfigurationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeOrganizationConfigurationResponse.proto
diff --git a/fixture/DescribeProducts.yaml b/fixture/DescribeProducts.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeProducts.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeProductsResponse.proto b/fixture/DescribeProductsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeProductsResponse.proto
diff --git a/fixture/DescribeStandards.yaml b/fixture/DescribeStandards.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeStandards.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeStandardsControls.yaml b/fixture/DescribeStandardsControls.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeStandardsControls.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeStandardsControlsResponse.proto b/fixture/DescribeStandardsControlsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeStandardsControlsResponse.proto
diff --git a/fixture/DescribeStandardsResponse.proto b/fixture/DescribeStandardsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeStandardsResponse.proto
diff --git a/fixture/DisableImportFindingsForProduct.yaml b/fixture/DisableImportFindingsForProduct.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisableImportFindingsForProduct.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisableImportFindingsForProductResponse.proto b/fixture/DisableImportFindingsForProductResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisableImportFindingsForProductResponse.proto
diff --git a/fixture/DisableOrganizationAdminAccount.yaml b/fixture/DisableOrganizationAdminAccount.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisableOrganizationAdminAccount.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisableOrganizationAdminAccountResponse.proto b/fixture/DisableOrganizationAdminAccountResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisableOrganizationAdminAccountResponse.proto
diff --git a/fixture/DisableSecurityHub.yaml b/fixture/DisableSecurityHub.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisableSecurityHub.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisableSecurityHubResponse.proto b/fixture/DisableSecurityHubResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisableSecurityHubResponse.proto
diff --git a/fixture/DisassociateFromAdministratorAccount.yaml b/fixture/DisassociateFromAdministratorAccount.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateFromAdministratorAccount.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisassociateFromAdministratorAccountResponse.proto b/fixture/DisassociateFromAdministratorAccountResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateFromAdministratorAccountResponse.proto
diff --git a/fixture/DisassociateMembers.yaml b/fixture/DisassociateMembers.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateMembers.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisassociateMembersResponse.proto b/fixture/DisassociateMembersResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateMembersResponse.proto
diff --git a/fixture/EnableImportFindingsForProduct.yaml b/fixture/EnableImportFindingsForProduct.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/EnableImportFindingsForProduct.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/EnableImportFindingsForProductResponse.proto b/fixture/EnableImportFindingsForProductResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/EnableImportFindingsForProductResponse.proto
diff --git a/fixture/EnableOrganizationAdminAccount.yaml b/fixture/EnableOrganizationAdminAccount.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/EnableOrganizationAdminAccount.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/EnableOrganizationAdminAccountResponse.proto b/fixture/EnableOrganizationAdminAccountResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/EnableOrganizationAdminAccountResponse.proto
diff --git a/fixture/EnableSecurityHub.yaml b/fixture/EnableSecurityHub.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/EnableSecurityHub.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/EnableSecurityHubResponse.proto b/fixture/EnableSecurityHubResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/EnableSecurityHubResponse.proto
diff --git a/fixture/GetAdministratorAccount.yaml b/fixture/GetAdministratorAccount.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetAdministratorAccount.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetAdministratorAccountResponse.proto b/fixture/GetAdministratorAccountResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetAdministratorAccountResponse.proto
diff --git a/fixture/GetEnabledStandards.yaml b/fixture/GetEnabledStandards.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetEnabledStandards.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetEnabledStandardsResponse.proto b/fixture/GetEnabledStandardsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetEnabledStandardsResponse.proto
diff --git a/fixture/GetFindingAggregator.yaml b/fixture/GetFindingAggregator.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetFindingAggregator.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetFindingAggregatorResponse.proto b/fixture/GetFindingAggregatorResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetFindingAggregatorResponse.proto
diff --git a/fixture/GetFindings.yaml b/fixture/GetFindings.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetFindings.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetFindingsResponse.proto b/fixture/GetFindingsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetFindingsResponse.proto
diff --git a/fixture/GetInsightResults.yaml b/fixture/GetInsightResults.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetInsightResults.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetInsightResultsResponse.proto b/fixture/GetInsightResultsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetInsightResultsResponse.proto
diff --git a/fixture/GetInsights.yaml b/fixture/GetInsights.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetInsights.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetInsightsResponse.proto b/fixture/GetInsightsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetInsightsResponse.proto
diff --git a/fixture/GetInvitationsCount.yaml b/fixture/GetInvitationsCount.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetInvitationsCount.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetInvitationsCountResponse.proto b/fixture/GetInvitationsCountResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetInvitationsCountResponse.proto
diff --git a/fixture/GetMembers.yaml b/fixture/GetMembers.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetMembers.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetMembersResponse.proto b/fixture/GetMembersResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetMembersResponse.proto
diff --git a/fixture/InviteMembers.yaml b/fixture/InviteMembers.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/InviteMembers.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/InviteMembersResponse.proto b/fixture/InviteMembersResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/InviteMembersResponse.proto
diff --git a/fixture/ListEnabledProductsForImport.yaml b/fixture/ListEnabledProductsForImport.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListEnabledProductsForImport.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListEnabledProductsForImportResponse.proto b/fixture/ListEnabledProductsForImportResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListEnabledProductsForImportResponse.proto
diff --git a/fixture/ListFindingAggregators.yaml b/fixture/ListFindingAggregators.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListFindingAggregators.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListFindingAggregatorsResponse.proto b/fixture/ListFindingAggregatorsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListFindingAggregatorsResponse.proto
diff --git a/fixture/ListInvitations.yaml b/fixture/ListInvitations.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListInvitations.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListInvitationsResponse.proto b/fixture/ListInvitationsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListInvitationsResponse.proto
diff --git a/fixture/ListMembers.yaml b/fixture/ListMembers.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListMembers.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListMembersResponse.proto b/fixture/ListMembersResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListMembersResponse.proto
diff --git a/fixture/ListOrganizationAdminAccounts.yaml b/fixture/ListOrganizationAdminAccounts.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListOrganizationAdminAccounts.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListOrganizationAdminAccountsResponse.proto b/fixture/ListOrganizationAdminAccountsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListOrganizationAdminAccountsResponse.proto
diff --git a/fixture/ListTagsForResource.yaml b/fixture/ListTagsForResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResource.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListTagsForResourceResponse.proto b/fixture/ListTagsForResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResourceResponse.proto
diff --git a/fixture/TagResource.yaml b/fixture/TagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/TagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/TagResourceResponse.proto b/fixture/TagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/TagResourceResponse.proto
diff --git a/fixture/UntagResource.yaml b/fixture/UntagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UntagResourceResponse.proto b/fixture/UntagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResourceResponse.proto
diff --git a/fixture/UpdateActionTarget.yaml b/fixture/UpdateActionTarget.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateActionTarget.yaml
@@ -0,0 +1,10 @@
+---
+method: PATCH
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateActionTargetResponse.proto b/fixture/UpdateActionTargetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateActionTargetResponse.proto
diff --git a/fixture/UpdateFindingAggregator.yaml b/fixture/UpdateFindingAggregator.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateFindingAggregator.yaml
@@ -0,0 +1,10 @@
+---
+method: PATCH
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateFindingAggregatorResponse.proto b/fixture/UpdateFindingAggregatorResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateFindingAggregatorResponse.proto
diff --git a/fixture/UpdateFindings.yaml b/fixture/UpdateFindings.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateFindings.yaml
@@ -0,0 +1,10 @@
+---
+method: PATCH
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateFindingsResponse.proto b/fixture/UpdateFindingsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateFindingsResponse.proto
diff --git a/fixture/UpdateInsight.yaml b/fixture/UpdateInsight.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateInsight.yaml
@@ -0,0 +1,10 @@
+---
+method: PATCH
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateInsightResponse.proto b/fixture/UpdateInsightResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateInsightResponse.proto
diff --git a/fixture/UpdateOrganizationConfiguration.yaml b/fixture/UpdateOrganizationConfiguration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateOrganizationConfiguration.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateOrganizationConfigurationResponse.proto b/fixture/UpdateOrganizationConfigurationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateOrganizationConfigurationResponse.proto
diff --git a/fixture/UpdateSecurityHubConfiguration.yaml b/fixture/UpdateSecurityHubConfiguration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateSecurityHubConfiguration.yaml
@@ -0,0 +1,10 @@
+---
+method: PATCH
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateSecurityHubConfigurationResponse.proto b/fixture/UpdateSecurityHubConfigurationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateSecurityHubConfigurationResponse.proto
diff --git a/fixture/UpdateStandardsControl.yaml b/fixture/UpdateStandardsControl.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateStandardsControl.yaml
@@ -0,0 +1,10 @@
+---
+method: PATCH
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/securityhub/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  securityhub.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateStandardsControlResponse.proto b/fixture/UpdateStandardsControlResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateStandardsControlResponse.proto
diff --git a/gen/Amazonka/SecurityHub.hs b/gen/Amazonka/SecurityHub.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub.hs
@@ -0,0 +1,2731 @@
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Amazonka.SecurityHub
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Derived from API version @2018-10-26@ of the AWS service descriptions, licensed under Apache 2.0.
+--
+-- Security Hub provides you with a comprehensive view of the security
+-- state of your Amazon Web Services environment and resources. It also
+-- provides you with the readiness status of your environment based on
+-- controls from supported security standards. Security Hub collects
+-- security data from Amazon Web Services accounts, services, and
+-- integrated third-party products and helps you analyze security trends in
+-- your environment to identify the highest priority security issues. For
+-- more information about Security Hub, see the
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html Security HubUser Guide>
+-- .
+--
+-- When you use operations in the Security Hub API, the requests are
+-- executed only in the Amazon Web Services Region that is currently active
+-- or in the specific Amazon Web Services Region that you specify in your
+-- request. Any configuration or settings change that results from the
+-- operation is applied only to that Region. To make the same change in
+-- other Regions, execute the same command for each Region to apply the
+-- change to.
+--
+-- For example, if your Region is set to @us-west-2@, when you use
+-- @CreateMembers@ to add a member account to Security Hub, the association
+-- of the member account with the administrator account is created only in
+-- the @us-west-2@ Region. Security Hub must be enabled for the member
+-- account in the same Region that the invitation was sent from.
+--
+-- The following throttling limits apply to using Security Hub API
+-- operations.
+--
+-- -   @BatchEnableStandards@ - @RateLimit@ of 1 request per second,
+--     @BurstLimit@ of 1 request per second.
+--
+-- -   @GetFindings@ - @RateLimit@ of 3 requests per second. @BurstLimit@
+--     of 6 requests per second.
+--
+-- -   @BatchImportFindings@ - @RateLimit@ of 10 requests per second.
+--     @BurstLimit@ of 30 requests per second.
+--
+-- -   @BatchUpdateFindings@ - @RateLimit@ of 10 requests per second.
+--     @BurstLimit@ of 30 requests per second.
+--
+-- -   @UpdateStandardsControl@ - @RateLimit@ of 1 request per second,
+--     @BurstLimit@ of 5 requests per second.
+--
+-- -   All other operations - @RateLimit@ of 10 requests per second.
+--     @BurstLimit@ of 30 requests per second.
+module Amazonka.SecurityHub
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    -- $errors
+
+    -- ** AccessDeniedException
+    _AccessDeniedException,
+
+    -- ** InternalException
+    _InternalException,
+
+    -- ** InvalidAccessException
+    _InvalidAccessException,
+
+    -- ** InvalidInputException
+    _InvalidInputException,
+
+    -- ** LimitExceededException
+    _LimitExceededException,
+
+    -- ** ResourceConflictException
+    _ResourceConflictException,
+
+    -- ** ResourceNotFoundException
+    _ResourceNotFoundException,
+
+    -- * Waiters
+    -- $waiters
+
+    -- * Operations
+    -- $operations
+
+    -- ** AcceptAdministratorInvitation
+    AcceptAdministratorInvitation (AcceptAdministratorInvitation'),
+    newAcceptAdministratorInvitation,
+    AcceptAdministratorInvitationResponse (AcceptAdministratorInvitationResponse'),
+    newAcceptAdministratorInvitationResponse,
+
+    -- ** BatchDisableStandards
+    BatchDisableStandards (BatchDisableStandards'),
+    newBatchDisableStandards,
+    BatchDisableStandardsResponse (BatchDisableStandardsResponse'),
+    newBatchDisableStandardsResponse,
+
+    -- ** BatchEnableStandards
+    BatchEnableStandards (BatchEnableStandards'),
+    newBatchEnableStandards,
+    BatchEnableStandardsResponse (BatchEnableStandardsResponse'),
+    newBatchEnableStandardsResponse,
+
+    -- ** BatchImportFindings
+    BatchImportFindings (BatchImportFindings'),
+    newBatchImportFindings,
+    BatchImportFindingsResponse (BatchImportFindingsResponse'),
+    newBatchImportFindingsResponse,
+
+    -- ** BatchUpdateFindings
+    BatchUpdateFindings (BatchUpdateFindings'),
+    newBatchUpdateFindings,
+    BatchUpdateFindingsResponse (BatchUpdateFindingsResponse'),
+    newBatchUpdateFindingsResponse,
+
+    -- ** CreateActionTarget
+    CreateActionTarget (CreateActionTarget'),
+    newCreateActionTarget,
+    CreateActionTargetResponse (CreateActionTargetResponse'),
+    newCreateActionTargetResponse,
+
+    -- ** CreateFindingAggregator
+    CreateFindingAggregator (CreateFindingAggregator'),
+    newCreateFindingAggregator,
+    CreateFindingAggregatorResponse (CreateFindingAggregatorResponse'),
+    newCreateFindingAggregatorResponse,
+
+    -- ** CreateInsight
+    CreateInsight (CreateInsight'),
+    newCreateInsight,
+    CreateInsightResponse (CreateInsightResponse'),
+    newCreateInsightResponse,
+
+    -- ** CreateMembers
+    CreateMembers (CreateMembers'),
+    newCreateMembers,
+    CreateMembersResponse (CreateMembersResponse'),
+    newCreateMembersResponse,
+
+    -- ** DeclineInvitations
+    DeclineInvitations (DeclineInvitations'),
+    newDeclineInvitations,
+    DeclineInvitationsResponse (DeclineInvitationsResponse'),
+    newDeclineInvitationsResponse,
+
+    -- ** DeleteActionTarget
+    DeleteActionTarget (DeleteActionTarget'),
+    newDeleteActionTarget,
+    DeleteActionTargetResponse (DeleteActionTargetResponse'),
+    newDeleteActionTargetResponse,
+
+    -- ** DeleteFindingAggregator
+    DeleteFindingAggregator (DeleteFindingAggregator'),
+    newDeleteFindingAggregator,
+    DeleteFindingAggregatorResponse (DeleteFindingAggregatorResponse'),
+    newDeleteFindingAggregatorResponse,
+
+    -- ** DeleteInsight
+    DeleteInsight (DeleteInsight'),
+    newDeleteInsight,
+    DeleteInsightResponse (DeleteInsightResponse'),
+    newDeleteInsightResponse,
+
+    -- ** DeleteInvitations
+    DeleteInvitations (DeleteInvitations'),
+    newDeleteInvitations,
+    DeleteInvitationsResponse (DeleteInvitationsResponse'),
+    newDeleteInvitationsResponse,
+
+    -- ** DeleteMembers
+    DeleteMembers (DeleteMembers'),
+    newDeleteMembers,
+    DeleteMembersResponse (DeleteMembersResponse'),
+    newDeleteMembersResponse,
+
+    -- ** DescribeActionTargets (Paginated)
+    DescribeActionTargets (DescribeActionTargets'),
+    newDescribeActionTargets,
+    DescribeActionTargetsResponse (DescribeActionTargetsResponse'),
+    newDescribeActionTargetsResponse,
+
+    -- ** DescribeHub
+    DescribeHub (DescribeHub'),
+    newDescribeHub,
+    DescribeHubResponse (DescribeHubResponse'),
+    newDescribeHubResponse,
+
+    -- ** DescribeOrganizationConfiguration
+    DescribeOrganizationConfiguration (DescribeOrganizationConfiguration'),
+    newDescribeOrganizationConfiguration,
+    DescribeOrganizationConfigurationResponse (DescribeOrganizationConfigurationResponse'),
+    newDescribeOrganizationConfigurationResponse,
+
+    -- ** DescribeProducts (Paginated)
+    DescribeProducts (DescribeProducts'),
+    newDescribeProducts,
+    DescribeProductsResponse (DescribeProductsResponse'),
+    newDescribeProductsResponse,
+
+    -- ** DescribeStandards (Paginated)
+    DescribeStandards (DescribeStandards'),
+    newDescribeStandards,
+    DescribeStandardsResponse (DescribeStandardsResponse'),
+    newDescribeStandardsResponse,
+
+    -- ** DescribeStandardsControls (Paginated)
+    DescribeStandardsControls (DescribeStandardsControls'),
+    newDescribeStandardsControls,
+    DescribeStandardsControlsResponse (DescribeStandardsControlsResponse'),
+    newDescribeStandardsControlsResponse,
+
+    -- ** DisableImportFindingsForProduct
+    DisableImportFindingsForProduct (DisableImportFindingsForProduct'),
+    newDisableImportFindingsForProduct,
+    DisableImportFindingsForProductResponse (DisableImportFindingsForProductResponse'),
+    newDisableImportFindingsForProductResponse,
+
+    -- ** DisableOrganizationAdminAccount
+    DisableOrganizationAdminAccount (DisableOrganizationAdminAccount'),
+    newDisableOrganizationAdminAccount,
+    DisableOrganizationAdminAccountResponse (DisableOrganizationAdminAccountResponse'),
+    newDisableOrganizationAdminAccountResponse,
+
+    -- ** DisableSecurityHub
+    DisableSecurityHub (DisableSecurityHub'),
+    newDisableSecurityHub,
+    DisableSecurityHubResponse (DisableSecurityHubResponse'),
+    newDisableSecurityHubResponse,
+
+    -- ** DisassociateFromAdministratorAccount
+    DisassociateFromAdministratorAccount (DisassociateFromAdministratorAccount'),
+    newDisassociateFromAdministratorAccount,
+    DisassociateFromAdministratorAccountResponse (DisassociateFromAdministratorAccountResponse'),
+    newDisassociateFromAdministratorAccountResponse,
+
+    -- ** DisassociateMembers
+    DisassociateMembers (DisassociateMembers'),
+    newDisassociateMembers,
+    DisassociateMembersResponse (DisassociateMembersResponse'),
+    newDisassociateMembersResponse,
+
+    -- ** EnableImportFindingsForProduct
+    EnableImportFindingsForProduct (EnableImportFindingsForProduct'),
+    newEnableImportFindingsForProduct,
+    EnableImportFindingsForProductResponse (EnableImportFindingsForProductResponse'),
+    newEnableImportFindingsForProductResponse,
+
+    -- ** EnableOrganizationAdminAccount
+    EnableOrganizationAdminAccount (EnableOrganizationAdminAccount'),
+    newEnableOrganizationAdminAccount,
+    EnableOrganizationAdminAccountResponse (EnableOrganizationAdminAccountResponse'),
+    newEnableOrganizationAdminAccountResponse,
+
+    -- ** EnableSecurityHub
+    EnableSecurityHub (EnableSecurityHub'),
+    newEnableSecurityHub,
+    EnableSecurityHubResponse (EnableSecurityHubResponse'),
+    newEnableSecurityHubResponse,
+
+    -- ** GetAdministratorAccount
+    GetAdministratorAccount (GetAdministratorAccount'),
+    newGetAdministratorAccount,
+    GetAdministratorAccountResponse (GetAdministratorAccountResponse'),
+    newGetAdministratorAccountResponse,
+
+    -- ** GetEnabledStandards (Paginated)
+    GetEnabledStandards (GetEnabledStandards'),
+    newGetEnabledStandards,
+    GetEnabledStandardsResponse (GetEnabledStandardsResponse'),
+    newGetEnabledStandardsResponse,
+
+    -- ** GetFindingAggregator
+    GetFindingAggregator (GetFindingAggregator'),
+    newGetFindingAggregator,
+    GetFindingAggregatorResponse (GetFindingAggregatorResponse'),
+    newGetFindingAggregatorResponse,
+
+    -- ** GetFindings (Paginated)
+    GetFindings (GetFindings'),
+    newGetFindings,
+    GetFindingsResponse (GetFindingsResponse'),
+    newGetFindingsResponse,
+
+    -- ** GetInsightResults
+    GetInsightResults (GetInsightResults'),
+    newGetInsightResults,
+    GetInsightResultsResponse (GetInsightResultsResponse'),
+    newGetInsightResultsResponse,
+
+    -- ** GetInsights (Paginated)
+    GetInsights (GetInsights'),
+    newGetInsights,
+    GetInsightsResponse (GetInsightsResponse'),
+    newGetInsightsResponse,
+
+    -- ** GetInvitationsCount
+    GetInvitationsCount (GetInvitationsCount'),
+    newGetInvitationsCount,
+    GetInvitationsCountResponse (GetInvitationsCountResponse'),
+    newGetInvitationsCountResponse,
+
+    -- ** GetMembers
+    GetMembers (GetMembers'),
+    newGetMembers,
+    GetMembersResponse (GetMembersResponse'),
+    newGetMembersResponse,
+
+    -- ** InviteMembers
+    InviteMembers (InviteMembers'),
+    newInviteMembers,
+    InviteMembersResponse (InviteMembersResponse'),
+    newInviteMembersResponse,
+
+    -- ** ListEnabledProductsForImport (Paginated)
+    ListEnabledProductsForImport (ListEnabledProductsForImport'),
+    newListEnabledProductsForImport,
+    ListEnabledProductsForImportResponse (ListEnabledProductsForImportResponse'),
+    newListEnabledProductsForImportResponse,
+
+    -- ** ListFindingAggregators (Paginated)
+    ListFindingAggregators (ListFindingAggregators'),
+    newListFindingAggregators,
+    ListFindingAggregatorsResponse (ListFindingAggregatorsResponse'),
+    newListFindingAggregatorsResponse,
+
+    -- ** ListInvitations (Paginated)
+    ListInvitations (ListInvitations'),
+    newListInvitations,
+    ListInvitationsResponse (ListInvitationsResponse'),
+    newListInvitationsResponse,
+
+    -- ** ListMembers (Paginated)
+    ListMembers (ListMembers'),
+    newListMembers,
+    ListMembersResponse (ListMembersResponse'),
+    newListMembersResponse,
+
+    -- ** ListOrganizationAdminAccounts (Paginated)
+    ListOrganizationAdminAccounts (ListOrganizationAdminAccounts'),
+    newListOrganizationAdminAccounts,
+    ListOrganizationAdminAccountsResponse (ListOrganizationAdminAccountsResponse'),
+    newListOrganizationAdminAccountsResponse,
+
+    -- ** ListTagsForResource
+    ListTagsForResource (ListTagsForResource'),
+    newListTagsForResource,
+    ListTagsForResourceResponse (ListTagsForResourceResponse'),
+    newListTagsForResourceResponse,
+
+    -- ** TagResource
+    TagResource (TagResource'),
+    newTagResource,
+    TagResourceResponse (TagResourceResponse'),
+    newTagResourceResponse,
+
+    -- ** UntagResource
+    UntagResource (UntagResource'),
+    newUntagResource,
+    UntagResourceResponse (UntagResourceResponse'),
+    newUntagResourceResponse,
+
+    -- ** UpdateActionTarget
+    UpdateActionTarget (UpdateActionTarget'),
+    newUpdateActionTarget,
+    UpdateActionTargetResponse (UpdateActionTargetResponse'),
+    newUpdateActionTargetResponse,
+
+    -- ** UpdateFindingAggregator
+    UpdateFindingAggregator (UpdateFindingAggregator'),
+    newUpdateFindingAggregator,
+    UpdateFindingAggregatorResponse (UpdateFindingAggregatorResponse'),
+    newUpdateFindingAggregatorResponse,
+
+    -- ** UpdateFindings
+    UpdateFindings (UpdateFindings'),
+    newUpdateFindings,
+    UpdateFindingsResponse (UpdateFindingsResponse'),
+    newUpdateFindingsResponse,
+
+    -- ** UpdateInsight
+    UpdateInsight (UpdateInsight'),
+    newUpdateInsight,
+    UpdateInsightResponse (UpdateInsightResponse'),
+    newUpdateInsightResponse,
+
+    -- ** UpdateOrganizationConfiguration
+    UpdateOrganizationConfiguration (UpdateOrganizationConfiguration'),
+    newUpdateOrganizationConfiguration,
+    UpdateOrganizationConfigurationResponse (UpdateOrganizationConfigurationResponse'),
+    newUpdateOrganizationConfigurationResponse,
+
+    -- ** UpdateSecurityHubConfiguration
+    UpdateSecurityHubConfiguration (UpdateSecurityHubConfiguration'),
+    newUpdateSecurityHubConfiguration,
+    UpdateSecurityHubConfigurationResponse (UpdateSecurityHubConfigurationResponse'),
+    newUpdateSecurityHubConfigurationResponse,
+
+    -- ** UpdateStandardsControl
+    UpdateStandardsControl (UpdateStandardsControl'),
+    newUpdateStandardsControl,
+    UpdateStandardsControlResponse (UpdateStandardsControlResponse'),
+    newUpdateStandardsControlResponse,
+
+    -- * Types
+
+    -- ** AdminStatus
+    AdminStatus (..),
+
+    -- ** AutoEnableStandards
+    AutoEnableStandards (..),
+
+    -- ** AwsIamAccessKeyStatus
+    AwsIamAccessKeyStatus (..),
+
+    -- ** AwsS3BucketNotificationConfigurationS3KeyFilterRuleName
+    AwsS3BucketNotificationConfigurationS3KeyFilterRuleName (..),
+
+    -- ** ComplianceStatus
+    ComplianceStatus (..),
+
+    -- ** ControlStatus
+    ControlStatus (..),
+
+    -- ** DateRangeUnit
+    DateRangeUnit (..),
+
+    -- ** IntegrationType
+    IntegrationType (..),
+
+    -- ** MalwareState
+    MalwareState (..),
+
+    -- ** MalwareType
+    MalwareType (..),
+
+    -- ** MapFilterComparison
+    MapFilterComparison (..),
+
+    -- ** NetworkDirection
+    NetworkDirection (..),
+
+    -- ** Partition
+    Partition (..),
+
+    -- ** RecordState
+    RecordState (..),
+
+    -- ** SeverityLabel
+    SeverityLabel (..),
+
+    -- ** SeverityRating
+    SeverityRating (..),
+
+    -- ** SortOrder
+    SortOrder (..),
+
+    -- ** StandardsStatus
+    StandardsStatus (..),
+
+    -- ** StatusReasonCode
+    StatusReasonCode (..),
+
+    -- ** StringFilterComparison
+    StringFilterComparison (..),
+
+    -- ** ThreatIntelIndicatorCategory
+    ThreatIntelIndicatorCategory (..),
+
+    -- ** ThreatIntelIndicatorType
+    ThreatIntelIndicatorType (..),
+
+    -- ** VerificationState
+    VerificationState (..),
+
+    -- ** VulnerabilityFixAvailable
+    VulnerabilityFixAvailable (..),
+
+    -- ** WorkflowState
+    WorkflowState (..),
+
+    -- ** WorkflowStatus
+    WorkflowStatus (..),
+
+    -- ** AccountDetails
+    AccountDetails (AccountDetails'),
+    newAccountDetails,
+
+    -- ** Action
+    Action (Action'),
+    newAction,
+
+    -- ** ActionLocalIpDetails
+    ActionLocalIpDetails (ActionLocalIpDetails'),
+    newActionLocalIpDetails,
+
+    -- ** ActionLocalPortDetails
+    ActionLocalPortDetails (ActionLocalPortDetails'),
+    newActionLocalPortDetails,
+
+    -- ** ActionRemoteIpDetails
+    ActionRemoteIpDetails (ActionRemoteIpDetails'),
+    newActionRemoteIpDetails,
+
+    -- ** ActionRemotePortDetails
+    ActionRemotePortDetails (ActionRemotePortDetails'),
+    newActionRemotePortDetails,
+
+    -- ** ActionTarget
+    ActionTarget (ActionTarget'),
+    newActionTarget,
+
+    -- ** Adjustment
+    Adjustment (Adjustment'),
+    newAdjustment,
+
+    -- ** AdminAccount
+    AdminAccount (AdminAccount'),
+    newAdminAccount,
+
+    -- ** AvailabilityZone
+    AvailabilityZone (AvailabilityZone'),
+    newAvailabilityZone,
+
+    -- ** AwsApiCallAction
+    AwsApiCallAction (AwsApiCallAction'),
+    newAwsApiCallAction,
+
+    -- ** AwsApiCallActionDomainDetails
+    AwsApiCallActionDomainDetails (AwsApiCallActionDomainDetails'),
+    newAwsApiCallActionDomainDetails,
+
+    -- ** AwsApiGatewayAccessLogSettings
+    AwsApiGatewayAccessLogSettings (AwsApiGatewayAccessLogSettings'),
+    newAwsApiGatewayAccessLogSettings,
+
+    -- ** AwsApiGatewayCanarySettings
+    AwsApiGatewayCanarySettings (AwsApiGatewayCanarySettings'),
+    newAwsApiGatewayCanarySettings,
+
+    -- ** AwsApiGatewayEndpointConfiguration
+    AwsApiGatewayEndpointConfiguration (AwsApiGatewayEndpointConfiguration'),
+    newAwsApiGatewayEndpointConfiguration,
+
+    -- ** AwsApiGatewayMethodSettings
+    AwsApiGatewayMethodSettings (AwsApiGatewayMethodSettings'),
+    newAwsApiGatewayMethodSettings,
+
+    -- ** AwsApiGatewayRestApiDetails
+    AwsApiGatewayRestApiDetails (AwsApiGatewayRestApiDetails'),
+    newAwsApiGatewayRestApiDetails,
+
+    -- ** AwsApiGatewayStageDetails
+    AwsApiGatewayStageDetails (AwsApiGatewayStageDetails'),
+    newAwsApiGatewayStageDetails,
+
+    -- ** AwsApiGatewayV2ApiDetails
+    AwsApiGatewayV2ApiDetails (AwsApiGatewayV2ApiDetails'),
+    newAwsApiGatewayV2ApiDetails,
+
+    -- ** AwsApiGatewayV2RouteSettings
+    AwsApiGatewayV2RouteSettings (AwsApiGatewayV2RouteSettings'),
+    newAwsApiGatewayV2RouteSettings,
+
+    -- ** AwsApiGatewayV2StageDetails
+    AwsApiGatewayV2StageDetails (AwsApiGatewayV2StageDetails'),
+    newAwsApiGatewayV2StageDetails,
+
+    -- ** AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
+    AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails (AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails'),
+    newAwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails,
+
+    -- ** AwsAutoScalingAutoScalingGroupDetails
+    AwsAutoScalingAutoScalingGroupDetails (AwsAutoScalingAutoScalingGroupDetails'),
+    newAwsAutoScalingAutoScalingGroupDetails,
+
+    -- ** AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification
+    AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification (AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification'),
+    newAwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification,
+
+    -- ** AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails (AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails'),
+    newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails,
+
+    -- ** AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails (AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails'),
+    newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails,
+
+    -- ** AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails (AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails'),
+    newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails,
+
+    -- ** AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification (AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification'),
+    newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification,
+
+    -- ** AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails (AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails'),
+    newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails,
+
+    -- ** AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails (AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails'),
+    newAwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails,
+
+    -- ** AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails (AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails'),
+    newAwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails,
+
+    -- ** AwsAutoScalingLaunchConfigurationDetails
+    AwsAutoScalingLaunchConfigurationDetails (AwsAutoScalingLaunchConfigurationDetails'),
+    newAwsAutoScalingLaunchConfigurationDetails,
+
+    -- ** AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails
+    AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails (AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails'),
+    newAwsAutoScalingLaunchConfigurationInstanceMonitoringDetails,
+
+    -- ** AwsAutoScalingLaunchConfigurationMetadataOptions
+    AwsAutoScalingLaunchConfigurationMetadataOptions (AwsAutoScalingLaunchConfigurationMetadataOptions'),
+    newAwsAutoScalingLaunchConfigurationMetadataOptions,
+
+    -- ** AwsBackupBackupPlanAdvancedBackupSettingsDetails
+    AwsBackupBackupPlanAdvancedBackupSettingsDetails (AwsBackupBackupPlanAdvancedBackupSettingsDetails'),
+    newAwsBackupBackupPlanAdvancedBackupSettingsDetails,
+
+    -- ** AwsBackupBackupPlanBackupPlanDetails
+    AwsBackupBackupPlanBackupPlanDetails (AwsBackupBackupPlanBackupPlanDetails'),
+    newAwsBackupBackupPlanBackupPlanDetails,
+
+    -- ** AwsBackupBackupPlanDetails
+    AwsBackupBackupPlanDetails (AwsBackupBackupPlanDetails'),
+    newAwsBackupBackupPlanDetails,
+
+    -- ** AwsBackupBackupPlanLifecycleDetails
+    AwsBackupBackupPlanLifecycleDetails (AwsBackupBackupPlanLifecycleDetails'),
+    newAwsBackupBackupPlanLifecycleDetails,
+
+    -- ** AwsBackupBackupPlanRuleCopyActionsDetails
+    AwsBackupBackupPlanRuleCopyActionsDetails (AwsBackupBackupPlanRuleCopyActionsDetails'),
+    newAwsBackupBackupPlanRuleCopyActionsDetails,
+
+    -- ** AwsBackupBackupPlanRuleDetails
+    AwsBackupBackupPlanRuleDetails (AwsBackupBackupPlanRuleDetails'),
+    newAwsBackupBackupPlanRuleDetails,
+
+    -- ** AwsBackupBackupVaultDetails
+    AwsBackupBackupVaultDetails (AwsBackupBackupVaultDetails'),
+    newAwsBackupBackupVaultDetails,
+
+    -- ** AwsBackupBackupVaultNotificationsDetails
+    AwsBackupBackupVaultNotificationsDetails (AwsBackupBackupVaultNotificationsDetails'),
+    newAwsBackupBackupVaultNotificationsDetails,
+
+    -- ** AwsBackupRecoveryPointCalculatedLifecycleDetails
+    AwsBackupRecoveryPointCalculatedLifecycleDetails (AwsBackupRecoveryPointCalculatedLifecycleDetails'),
+    newAwsBackupRecoveryPointCalculatedLifecycleDetails,
+
+    -- ** AwsBackupRecoveryPointCreatedByDetails
+    AwsBackupRecoveryPointCreatedByDetails (AwsBackupRecoveryPointCreatedByDetails'),
+    newAwsBackupRecoveryPointCreatedByDetails,
+
+    -- ** AwsBackupRecoveryPointDetails
+    AwsBackupRecoveryPointDetails (AwsBackupRecoveryPointDetails'),
+    newAwsBackupRecoveryPointDetails,
+
+    -- ** AwsBackupRecoveryPointLifecycleDetails
+    AwsBackupRecoveryPointLifecycleDetails (AwsBackupRecoveryPointLifecycleDetails'),
+    newAwsBackupRecoveryPointLifecycleDetails,
+
+    -- ** AwsCertificateManagerCertificateDetails
+    AwsCertificateManagerCertificateDetails (AwsCertificateManagerCertificateDetails'),
+    newAwsCertificateManagerCertificateDetails,
+
+    -- ** AwsCertificateManagerCertificateDomainValidationOption
+    AwsCertificateManagerCertificateDomainValidationOption (AwsCertificateManagerCertificateDomainValidationOption'),
+    newAwsCertificateManagerCertificateDomainValidationOption,
+
+    -- ** AwsCertificateManagerCertificateExtendedKeyUsage
+    AwsCertificateManagerCertificateExtendedKeyUsage (AwsCertificateManagerCertificateExtendedKeyUsage'),
+    newAwsCertificateManagerCertificateExtendedKeyUsage,
+
+    -- ** AwsCertificateManagerCertificateKeyUsage
+    AwsCertificateManagerCertificateKeyUsage (AwsCertificateManagerCertificateKeyUsage'),
+    newAwsCertificateManagerCertificateKeyUsage,
+
+    -- ** AwsCertificateManagerCertificateOptions
+    AwsCertificateManagerCertificateOptions (AwsCertificateManagerCertificateOptions'),
+    newAwsCertificateManagerCertificateOptions,
+
+    -- ** AwsCertificateManagerCertificateRenewalSummary
+    AwsCertificateManagerCertificateRenewalSummary (AwsCertificateManagerCertificateRenewalSummary'),
+    newAwsCertificateManagerCertificateRenewalSummary,
+
+    -- ** AwsCertificateManagerCertificateResourceRecord
+    AwsCertificateManagerCertificateResourceRecord (AwsCertificateManagerCertificateResourceRecord'),
+    newAwsCertificateManagerCertificateResourceRecord,
+
+    -- ** AwsCloudFormationStackDetails
+    AwsCloudFormationStackDetails (AwsCloudFormationStackDetails'),
+    newAwsCloudFormationStackDetails,
+
+    -- ** AwsCloudFormationStackDriftInformationDetails
+    AwsCloudFormationStackDriftInformationDetails (AwsCloudFormationStackDriftInformationDetails'),
+    newAwsCloudFormationStackDriftInformationDetails,
+
+    -- ** AwsCloudFormationStackOutputsDetails
+    AwsCloudFormationStackOutputsDetails (AwsCloudFormationStackOutputsDetails'),
+    newAwsCloudFormationStackOutputsDetails,
+
+    -- ** AwsCloudFrontDistributionCacheBehavior
+    AwsCloudFrontDistributionCacheBehavior (AwsCloudFrontDistributionCacheBehavior'),
+    newAwsCloudFrontDistributionCacheBehavior,
+
+    -- ** AwsCloudFrontDistributionCacheBehaviors
+    AwsCloudFrontDistributionCacheBehaviors (AwsCloudFrontDistributionCacheBehaviors'),
+    newAwsCloudFrontDistributionCacheBehaviors,
+
+    -- ** AwsCloudFrontDistributionDefaultCacheBehavior
+    AwsCloudFrontDistributionDefaultCacheBehavior (AwsCloudFrontDistributionDefaultCacheBehavior'),
+    newAwsCloudFrontDistributionDefaultCacheBehavior,
+
+    -- ** AwsCloudFrontDistributionDetails
+    AwsCloudFrontDistributionDetails (AwsCloudFrontDistributionDetails'),
+    newAwsCloudFrontDistributionDetails,
+
+    -- ** AwsCloudFrontDistributionLogging
+    AwsCloudFrontDistributionLogging (AwsCloudFrontDistributionLogging'),
+    newAwsCloudFrontDistributionLogging,
+
+    -- ** AwsCloudFrontDistributionOriginCustomOriginConfig
+    AwsCloudFrontDistributionOriginCustomOriginConfig (AwsCloudFrontDistributionOriginCustomOriginConfig'),
+    newAwsCloudFrontDistributionOriginCustomOriginConfig,
+
+    -- ** AwsCloudFrontDistributionOriginGroup
+    AwsCloudFrontDistributionOriginGroup (AwsCloudFrontDistributionOriginGroup'),
+    newAwsCloudFrontDistributionOriginGroup,
+
+    -- ** AwsCloudFrontDistributionOriginGroupFailover
+    AwsCloudFrontDistributionOriginGroupFailover (AwsCloudFrontDistributionOriginGroupFailover'),
+    newAwsCloudFrontDistributionOriginGroupFailover,
+
+    -- ** AwsCloudFrontDistributionOriginGroupFailoverStatusCodes
+    AwsCloudFrontDistributionOriginGroupFailoverStatusCodes (AwsCloudFrontDistributionOriginGroupFailoverStatusCodes'),
+    newAwsCloudFrontDistributionOriginGroupFailoverStatusCodes,
+
+    -- ** AwsCloudFrontDistributionOriginGroups
+    AwsCloudFrontDistributionOriginGroups (AwsCloudFrontDistributionOriginGroups'),
+    newAwsCloudFrontDistributionOriginGroups,
+
+    -- ** AwsCloudFrontDistributionOriginItem
+    AwsCloudFrontDistributionOriginItem (AwsCloudFrontDistributionOriginItem'),
+    newAwsCloudFrontDistributionOriginItem,
+
+    -- ** AwsCloudFrontDistributionOriginS3OriginConfig
+    AwsCloudFrontDistributionOriginS3OriginConfig (AwsCloudFrontDistributionOriginS3OriginConfig'),
+    newAwsCloudFrontDistributionOriginS3OriginConfig,
+
+    -- ** AwsCloudFrontDistributionOriginSslProtocols
+    AwsCloudFrontDistributionOriginSslProtocols (AwsCloudFrontDistributionOriginSslProtocols'),
+    newAwsCloudFrontDistributionOriginSslProtocols,
+
+    -- ** AwsCloudFrontDistributionOrigins
+    AwsCloudFrontDistributionOrigins (AwsCloudFrontDistributionOrigins'),
+    newAwsCloudFrontDistributionOrigins,
+
+    -- ** AwsCloudFrontDistributionViewerCertificate
+    AwsCloudFrontDistributionViewerCertificate (AwsCloudFrontDistributionViewerCertificate'),
+    newAwsCloudFrontDistributionViewerCertificate,
+
+    -- ** AwsCloudTrailTrailDetails
+    AwsCloudTrailTrailDetails (AwsCloudTrailTrailDetails'),
+    newAwsCloudTrailTrailDetails,
+
+    -- ** AwsCloudWatchAlarmDetails
+    AwsCloudWatchAlarmDetails (AwsCloudWatchAlarmDetails'),
+    newAwsCloudWatchAlarmDetails,
+
+    -- ** AwsCloudWatchAlarmDimensionsDetails
+    AwsCloudWatchAlarmDimensionsDetails (AwsCloudWatchAlarmDimensionsDetails'),
+    newAwsCloudWatchAlarmDimensionsDetails,
+
+    -- ** AwsCodeBuildProjectArtifactsDetails
+    AwsCodeBuildProjectArtifactsDetails (AwsCodeBuildProjectArtifactsDetails'),
+    newAwsCodeBuildProjectArtifactsDetails,
+
+    -- ** AwsCodeBuildProjectDetails
+    AwsCodeBuildProjectDetails (AwsCodeBuildProjectDetails'),
+    newAwsCodeBuildProjectDetails,
+
+    -- ** AwsCodeBuildProjectEnvironment
+    AwsCodeBuildProjectEnvironment (AwsCodeBuildProjectEnvironment'),
+    newAwsCodeBuildProjectEnvironment,
+
+    -- ** AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails
+    AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails (AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails'),
+    newAwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails,
+
+    -- ** AwsCodeBuildProjectEnvironmentRegistryCredential
+    AwsCodeBuildProjectEnvironmentRegistryCredential (AwsCodeBuildProjectEnvironmentRegistryCredential'),
+    newAwsCodeBuildProjectEnvironmentRegistryCredential,
+
+    -- ** AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails
+    AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails (AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails'),
+    newAwsCodeBuildProjectLogsConfigCloudWatchLogsDetails,
+
+    -- ** AwsCodeBuildProjectLogsConfigDetails
+    AwsCodeBuildProjectLogsConfigDetails (AwsCodeBuildProjectLogsConfigDetails'),
+    newAwsCodeBuildProjectLogsConfigDetails,
+
+    -- ** AwsCodeBuildProjectLogsConfigS3LogsDetails
+    AwsCodeBuildProjectLogsConfigS3LogsDetails (AwsCodeBuildProjectLogsConfigS3LogsDetails'),
+    newAwsCodeBuildProjectLogsConfigS3LogsDetails,
+
+    -- ** AwsCodeBuildProjectSource
+    AwsCodeBuildProjectSource (AwsCodeBuildProjectSource'),
+    newAwsCodeBuildProjectSource,
+
+    -- ** AwsCodeBuildProjectVpcConfig
+    AwsCodeBuildProjectVpcConfig (AwsCodeBuildProjectVpcConfig'),
+    newAwsCodeBuildProjectVpcConfig,
+
+    -- ** AwsCorsConfiguration
+    AwsCorsConfiguration (AwsCorsConfiguration'),
+    newAwsCorsConfiguration,
+
+    -- ** AwsDynamoDbTableAttributeDefinition
+    AwsDynamoDbTableAttributeDefinition (AwsDynamoDbTableAttributeDefinition'),
+    newAwsDynamoDbTableAttributeDefinition,
+
+    -- ** AwsDynamoDbTableBillingModeSummary
+    AwsDynamoDbTableBillingModeSummary (AwsDynamoDbTableBillingModeSummary'),
+    newAwsDynamoDbTableBillingModeSummary,
+
+    -- ** AwsDynamoDbTableDetails
+    AwsDynamoDbTableDetails (AwsDynamoDbTableDetails'),
+    newAwsDynamoDbTableDetails,
+
+    -- ** AwsDynamoDbTableGlobalSecondaryIndex
+    AwsDynamoDbTableGlobalSecondaryIndex (AwsDynamoDbTableGlobalSecondaryIndex'),
+    newAwsDynamoDbTableGlobalSecondaryIndex,
+
+    -- ** AwsDynamoDbTableKeySchema
+    AwsDynamoDbTableKeySchema (AwsDynamoDbTableKeySchema'),
+    newAwsDynamoDbTableKeySchema,
+
+    -- ** AwsDynamoDbTableLocalSecondaryIndex
+    AwsDynamoDbTableLocalSecondaryIndex (AwsDynamoDbTableLocalSecondaryIndex'),
+    newAwsDynamoDbTableLocalSecondaryIndex,
+
+    -- ** AwsDynamoDbTableProjection
+    AwsDynamoDbTableProjection (AwsDynamoDbTableProjection'),
+    newAwsDynamoDbTableProjection,
+
+    -- ** AwsDynamoDbTableProvisionedThroughput
+    AwsDynamoDbTableProvisionedThroughput (AwsDynamoDbTableProvisionedThroughput'),
+    newAwsDynamoDbTableProvisionedThroughput,
+
+    -- ** AwsDynamoDbTableProvisionedThroughputOverride
+    AwsDynamoDbTableProvisionedThroughputOverride (AwsDynamoDbTableProvisionedThroughputOverride'),
+    newAwsDynamoDbTableProvisionedThroughputOverride,
+
+    -- ** AwsDynamoDbTableReplica
+    AwsDynamoDbTableReplica (AwsDynamoDbTableReplica'),
+    newAwsDynamoDbTableReplica,
+
+    -- ** AwsDynamoDbTableReplicaGlobalSecondaryIndex
+    AwsDynamoDbTableReplicaGlobalSecondaryIndex (AwsDynamoDbTableReplicaGlobalSecondaryIndex'),
+    newAwsDynamoDbTableReplicaGlobalSecondaryIndex,
+
+    -- ** AwsDynamoDbTableRestoreSummary
+    AwsDynamoDbTableRestoreSummary (AwsDynamoDbTableRestoreSummary'),
+    newAwsDynamoDbTableRestoreSummary,
+
+    -- ** AwsDynamoDbTableSseDescription
+    AwsDynamoDbTableSseDescription (AwsDynamoDbTableSseDescription'),
+    newAwsDynamoDbTableSseDescription,
+
+    -- ** AwsDynamoDbTableStreamSpecification
+    AwsDynamoDbTableStreamSpecification (AwsDynamoDbTableStreamSpecification'),
+    newAwsDynamoDbTableStreamSpecification,
+
+    -- ** AwsEc2EipDetails
+    AwsEc2EipDetails (AwsEc2EipDetails'),
+    newAwsEc2EipDetails,
+
+    -- ** AwsEc2InstanceDetails
+    AwsEc2InstanceDetails (AwsEc2InstanceDetails'),
+    newAwsEc2InstanceDetails,
+
+    -- ** AwsEc2InstanceMetadataOptions
+    AwsEc2InstanceMetadataOptions (AwsEc2InstanceMetadataOptions'),
+    newAwsEc2InstanceMetadataOptions,
+
+    -- ** AwsEc2InstanceNetworkInterfacesDetails
+    AwsEc2InstanceNetworkInterfacesDetails (AwsEc2InstanceNetworkInterfacesDetails'),
+    newAwsEc2InstanceNetworkInterfacesDetails,
+
+    -- ** AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails (AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails'),
+    newAwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails,
+
+    -- ** AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails (AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails'),
+    newAwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails,
+
+    -- ** AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails (AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails'),
+    newAwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails,
+
+    -- ** AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails (AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails'),
+    newAwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails,
+
+    -- ** AwsEc2LaunchTemplateDataCpuOptionsDetails
+    AwsEc2LaunchTemplateDataCpuOptionsDetails (AwsEc2LaunchTemplateDataCpuOptionsDetails'),
+    newAwsEc2LaunchTemplateDataCpuOptionsDetails,
+
+    -- ** AwsEc2LaunchTemplateDataCreditSpecificationDetails
+    AwsEc2LaunchTemplateDataCreditSpecificationDetails (AwsEc2LaunchTemplateDataCreditSpecificationDetails'),
+    newAwsEc2LaunchTemplateDataCreditSpecificationDetails,
+
+    -- ** AwsEc2LaunchTemplateDataDetails
+    AwsEc2LaunchTemplateDataDetails (AwsEc2LaunchTemplateDataDetails'),
+    newAwsEc2LaunchTemplateDataDetails,
+
+    -- ** AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails
+    AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails (AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails'),
+    newAwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails,
+
+    -- ** AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails
+    AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails (AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails'),
+    newAwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails,
+
+    -- ** AwsEc2LaunchTemplateDataEnclaveOptionsDetails
+    AwsEc2LaunchTemplateDataEnclaveOptionsDetails (AwsEc2LaunchTemplateDataEnclaveOptionsDetails'),
+    newAwsEc2LaunchTemplateDataEnclaveOptionsDetails,
+
+    -- ** AwsEc2LaunchTemplateDataHibernationOptionsDetails
+    AwsEc2LaunchTemplateDataHibernationOptionsDetails (AwsEc2LaunchTemplateDataHibernationOptionsDetails'),
+    newAwsEc2LaunchTemplateDataHibernationOptionsDetails,
+
+    -- ** AwsEc2LaunchTemplateDataIamInstanceProfileDetails
+    AwsEc2LaunchTemplateDataIamInstanceProfileDetails (AwsEc2LaunchTemplateDataIamInstanceProfileDetails'),
+    newAwsEc2LaunchTemplateDataIamInstanceProfileDetails,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails (AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails'),
+    newAwsEc2LaunchTemplateDataInstanceMarketOptionsDetails,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails (AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails'),
+    newAwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails (AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails'),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails (AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails'),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails (AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails'),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsDetails (AwsEc2LaunchTemplateDataInstanceRequirementsDetails'),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsDetails,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails (AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails'),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails (AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails'),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails (AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails'),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails (AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails'),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails (AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails'),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails,
+
+    -- ** AwsEc2LaunchTemplateDataLicenseSetDetails
+    AwsEc2LaunchTemplateDataLicenseSetDetails (AwsEc2LaunchTemplateDataLicenseSetDetails'),
+    newAwsEc2LaunchTemplateDataLicenseSetDetails,
+
+    -- ** AwsEc2LaunchTemplateDataMaintenanceOptionsDetails
+    AwsEc2LaunchTemplateDataMaintenanceOptionsDetails (AwsEc2LaunchTemplateDataMaintenanceOptionsDetails'),
+    newAwsEc2LaunchTemplateDataMaintenanceOptionsDetails,
+
+    -- ** AwsEc2LaunchTemplateDataMetadataOptionsDetails
+    AwsEc2LaunchTemplateDataMetadataOptionsDetails (AwsEc2LaunchTemplateDataMetadataOptionsDetails'),
+    newAwsEc2LaunchTemplateDataMetadataOptionsDetails,
+
+    -- ** AwsEc2LaunchTemplateDataMonitoringDetails
+    AwsEc2LaunchTemplateDataMonitoringDetails (AwsEc2LaunchTemplateDataMonitoringDetails'),
+    newAwsEc2LaunchTemplateDataMonitoringDetails,
+
+    -- ** AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails'),
+    newAwsEc2LaunchTemplateDataNetworkInterfaceSetDetails,
+
+    -- ** AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails (AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails'),
+    newAwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails,
+
+    -- ** AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails (AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails'),
+    newAwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails,
+
+    -- ** AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails (AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails'),
+    newAwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails,
+
+    -- ** AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails (AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails'),
+    newAwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails,
+
+    -- ** AwsEc2LaunchTemplateDataPlacementDetails
+    AwsEc2LaunchTemplateDataPlacementDetails (AwsEc2LaunchTemplateDataPlacementDetails'),
+    newAwsEc2LaunchTemplateDataPlacementDetails,
+
+    -- ** AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails
+    AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails (AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails'),
+    newAwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails,
+
+    -- ** AwsEc2LaunchTemplateDetails
+    AwsEc2LaunchTemplateDetails (AwsEc2LaunchTemplateDetails'),
+    newAwsEc2LaunchTemplateDetails,
+
+    -- ** AwsEc2NetworkAclAssociation
+    AwsEc2NetworkAclAssociation (AwsEc2NetworkAclAssociation'),
+    newAwsEc2NetworkAclAssociation,
+
+    -- ** AwsEc2NetworkAclDetails
+    AwsEc2NetworkAclDetails (AwsEc2NetworkAclDetails'),
+    newAwsEc2NetworkAclDetails,
+
+    -- ** AwsEc2NetworkAclEntry
+    AwsEc2NetworkAclEntry (AwsEc2NetworkAclEntry'),
+    newAwsEc2NetworkAclEntry,
+
+    -- ** AwsEc2NetworkInterfaceAttachment
+    AwsEc2NetworkInterfaceAttachment (AwsEc2NetworkInterfaceAttachment'),
+    newAwsEc2NetworkInterfaceAttachment,
+
+    -- ** AwsEc2NetworkInterfaceDetails
+    AwsEc2NetworkInterfaceDetails (AwsEc2NetworkInterfaceDetails'),
+    newAwsEc2NetworkInterfaceDetails,
+
+    -- ** AwsEc2NetworkInterfaceIpV6AddressDetail
+    AwsEc2NetworkInterfaceIpV6AddressDetail (AwsEc2NetworkInterfaceIpV6AddressDetail'),
+    newAwsEc2NetworkInterfaceIpV6AddressDetail,
+
+    -- ** AwsEc2NetworkInterfacePrivateIpAddressDetail
+    AwsEc2NetworkInterfacePrivateIpAddressDetail (AwsEc2NetworkInterfacePrivateIpAddressDetail'),
+    newAwsEc2NetworkInterfacePrivateIpAddressDetail,
+
+    -- ** AwsEc2NetworkInterfaceSecurityGroup
+    AwsEc2NetworkInterfaceSecurityGroup (AwsEc2NetworkInterfaceSecurityGroup'),
+    newAwsEc2NetworkInterfaceSecurityGroup,
+
+    -- ** AwsEc2SecurityGroupDetails
+    AwsEc2SecurityGroupDetails (AwsEc2SecurityGroupDetails'),
+    newAwsEc2SecurityGroupDetails,
+
+    -- ** AwsEc2SecurityGroupIpPermission
+    AwsEc2SecurityGroupIpPermission (AwsEc2SecurityGroupIpPermission'),
+    newAwsEc2SecurityGroupIpPermission,
+
+    -- ** AwsEc2SecurityGroupIpRange
+    AwsEc2SecurityGroupIpRange (AwsEc2SecurityGroupIpRange'),
+    newAwsEc2SecurityGroupIpRange,
+
+    -- ** AwsEc2SecurityGroupIpv6Range
+    AwsEc2SecurityGroupIpv6Range (AwsEc2SecurityGroupIpv6Range'),
+    newAwsEc2SecurityGroupIpv6Range,
+
+    -- ** AwsEc2SecurityGroupPrefixListId
+    AwsEc2SecurityGroupPrefixListId (AwsEc2SecurityGroupPrefixListId'),
+    newAwsEc2SecurityGroupPrefixListId,
+
+    -- ** AwsEc2SecurityGroupUserIdGroupPair
+    AwsEc2SecurityGroupUserIdGroupPair (AwsEc2SecurityGroupUserIdGroupPair'),
+    newAwsEc2SecurityGroupUserIdGroupPair,
+
+    -- ** AwsEc2SubnetDetails
+    AwsEc2SubnetDetails (AwsEc2SubnetDetails'),
+    newAwsEc2SubnetDetails,
+
+    -- ** AwsEc2TransitGatewayDetails
+    AwsEc2TransitGatewayDetails (AwsEc2TransitGatewayDetails'),
+    newAwsEc2TransitGatewayDetails,
+
+    -- ** AwsEc2VolumeAttachment
+    AwsEc2VolumeAttachment (AwsEc2VolumeAttachment'),
+    newAwsEc2VolumeAttachment,
+
+    -- ** AwsEc2VolumeDetails
+    AwsEc2VolumeDetails (AwsEc2VolumeDetails'),
+    newAwsEc2VolumeDetails,
+
+    -- ** AwsEc2VpcDetails
+    AwsEc2VpcDetails (AwsEc2VpcDetails'),
+    newAwsEc2VpcDetails,
+
+    -- ** AwsEc2VpcEndpointServiceDetails
+    AwsEc2VpcEndpointServiceDetails (AwsEc2VpcEndpointServiceDetails'),
+    newAwsEc2VpcEndpointServiceDetails,
+
+    -- ** AwsEc2VpcEndpointServiceServiceTypeDetails
+    AwsEc2VpcEndpointServiceServiceTypeDetails (AwsEc2VpcEndpointServiceServiceTypeDetails'),
+    newAwsEc2VpcEndpointServiceServiceTypeDetails,
+
+    -- ** AwsEc2VpcPeeringConnectionDetails
+    AwsEc2VpcPeeringConnectionDetails (AwsEc2VpcPeeringConnectionDetails'),
+    newAwsEc2VpcPeeringConnectionDetails,
+
+    -- ** AwsEc2VpcPeeringConnectionStatusDetails
+    AwsEc2VpcPeeringConnectionStatusDetails (AwsEc2VpcPeeringConnectionStatusDetails'),
+    newAwsEc2VpcPeeringConnectionStatusDetails,
+
+    -- ** AwsEc2VpcPeeringConnectionVpcInfoDetails
+    AwsEc2VpcPeeringConnectionVpcInfoDetails (AwsEc2VpcPeeringConnectionVpcInfoDetails'),
+    newAwsEc2VpcPeeringConnectionVpcInfoDetails,
+
+    -- ** AwsEc2VpnConnectionDetails
+    AwsEc2VpnConnectionDetails (AwsEc2VpnConnectionDetails'),
+    newAwsEc2VpnConnectionDetails,
+
+    -- ** AwsEc2VpnConnectionOptionsDetails
+    AwsEc2VpnConnectionOptionsDetails (AwsEc2VpnConnectionOptionsDetails'),
+    newAwsEc2VpnConnectionOptionsDetails,
+
+    -- ** AwsEc2VpnConnectionOptionsTunnelOptionsDetails
+    AwsEc2VpnConnectionOptionsTunnelOptionsDetails (AwsEc2VpnConnectionOptionsTunnelOptionsDetails'),
+    newAwsEc2VpnConnectionOptionsTunnelOptionsDetails,
+
+    -- ** AwsEc2VpnConnectionRoutesDetails
+    AwsEc2VpnConnectionRoutesDetails (AwsEc2VpnConnectionRoutesDetails'),
+    newAwsEc2VpnConnectionRoutesDetails,
+
+    -- ** AwsEc2VpnConnectionVgwTelemetryDetails
+    AwsEc2VpnConnectionVgwTelemetryDetails (AwsEc2VpnConnectionVgwTelemetryDetails'),
+    newAwsEc2VpnConnectionVgwTelemetryDetails,
+
+    -- ** AwsEcrContainerImageDetails
+    AwsEcrContainerImageDetails (AwsEcrContainerImageDetails'),
+    newAwsEcrContainerImageDetails,
+
+    -- ** AwsEcrRepositoryDetails
+    AwsEcrRepositoryDetails (AwsEcrRepositoryDetails'),
+    newAwsEcrRepositoryDetails,
+
+    -- ** AwsEcrRepositoryImageScanningConfigurationDetails
+    AwsEcrRepositoryImageScanningConfigurationDetails (AwsEcrRepositoryImageScanningConfigurationDetails'),
+    newAwsEcrRepositoryImageScanningConfigurationDetails,
+
+    -- ** AwsEcrRepositoryLifecyclePolicyDetails
+    AwsEcrRepositoryLifecyclePolicyDetails (AwsEcrRepositoryLifecyclePolicyDetails'),
+    newAwsEcrRepositoryLifecyclePolicyDetails,
+
+    -- ** AwsEcsClusterClusterSettingsDetails
+    AwsEcsClusterClusterSettingsDetails (AwsEcsClusterClusterSettingsDetails'),
+    newAwsEcsClusterClusterSettingsDetails,
+
+    -- ** AwsEcsClusterConfigurationDetails
+    AwsEcsClusterConfigurationDetails (AwsEcsClusterConfigurationDetails'),
+    newAwsEcsClusterConfigurationDetails,
+
+    -- ** AwsEcsClusterConfigurationExecuteCommandConfigurationDetails
+    AwsEcsClusterConfigurationExecuteCommandConfigurationDetails (AwsEcsClusterConfigurationExecuteCommandConfigurationDetails'),
+    newAwsEcsClusterConfigurationExecuteCommandConfigurationDetails,
+
+    -- ** AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails
+    AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails (AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails'),
+    newAwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails,
+
+    -- ** AwsEcsClusterDefaultCapacityProviderStrategyDetails
+    AwsEcsClusterDefaultCapacityProviderStrategyDetails (AwsEcsClusterDefaultCapacityProviderStrategyDetails'),
+    newAwsEcsClusterDefaultCapacityProviderStrategyDetails,
+
+    -- ** AwsEcsClusterDetails
+    AwsEcsClusterDetails (AwsEcsClusterDetails'),
+    newAwsEcsClusterDetails,
+
+    -- ** AwsEcsContainerDetails
+    AwsEcsContainerDetails (AwsEcsContainerDetails'),
+    newAwsEcsContainerDetails,
+
+    -- ** AwsEcsServiceCapacityProviderStrategyDetails
+    AwsEcsServiceCapacityProviderStrategyDetails (AwsEcsServiceCapacityProviderStrategyDetails'),
+    newAwsEcsServiceCapacityProviderStrategyDetails,
+
+    -- ** AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails
+    AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails (AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails'),
+    newAwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails,
+
+    -- ** AwsEcsServiceDeploymentConfigurationDetails
+    AwsEcsServiceDeploymentConfigurationDetails (AwsEcsServiceDeploymentConfigurationDetails'),
+    newAwsEcsServiceDeploymentConfigurationDetails,
+
+    -- ** AwsEcsServiceDeploymentControllerDetails
+    AwsEcsServiceDeploymentControllerDetails (AwsEcsServiceDeploymentControllerDetails'),
+    newAwsEcsServiceDeploymentControllerDetails,
+
+    -- ** AwsEcsServiceDetails
+    AwsEcsServiceDetails (AwsEcsServiceDetails'),
+    newAwsEcsServiceDetails,
+
+    -- ** AwsEcsServiceLoadBalancersDetails
+    AwsEcsServiceLoadBalancersDetails (AwsEcsServiceLoadBalancersDetails'),
+    newAwsEcsServiceLoadBalancersDetails,
+
+    -- ** AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails
+    AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails (AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails'),
+    newAwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails,
+
+    -- ** AwsEcsServiceNetworkConfigurationDetails
+    AwsEcsServiceNetworkConfigurationDetails (AwsEcsServiceNetworkConfigurationDetails'),
+    newAwsEcsServiceNetworkConfigurationDetails,
+
+    -- ** AwsEcsServicePlacementConstraintsDetails
+    AwsEcsServicePlacementConstraintsDetails (AwsEcsServicePlacementConstraintsDetails'),
+    newAwsEcsServicePlacementConstraintsDetails,
+
+    -- ** AwsEcsServicePlacementStrategiesDetails
+    AwsEcsServicePlacementStrategiesDetails (AwsEcsServicePlacementStrategiesDetails'),
+    newAwsEcsServicePlacementStrategiesDetails,
+
+    -- ** AwsEcsServiceServiceRegistriesDetails
+    AwsEcsServiceServiceRegistriesDetails (AwsEcsServiceServiceRegistriesDetails'),
+    newAwsEcsServiceServiceRegistriesDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails
+    AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails (AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsDetails (AwsEcsTaskDefinitionContainerDefinitionsDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails (AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails (AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails (AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails
+    AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails (AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails
+    AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails (AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails (AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails (AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails (AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails (AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails (AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails (AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails (AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails (AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails (AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails (AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails (AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsSecretsDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails (AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails (AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails
+    AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails (AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails'),
+    newAwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails,
+
+    -- ** AwsEcsTaskDefinitionDetails
+    AwsEcsTaskDefinitionDetails (AwsEcsTaskDefinitionDetails'),
+    newAwsEcsTaskDefinitionDetails,
+
+    -- ** AwsEcsTaskDefinitionInferenceAcceleratorsDetails
+    AwsEcsTaskDefinitionInferenceAcceleratorsDetails (AwsEcsTaskDefinitionInferenceAcceleratorsDetails'),
+    newAwsEcsTaskDefinitionInferenceAcceleratorsDetails,
+
+    -- ** AwsEcsTaskDefinitionPlacementConstraintsDetails
+    AwsEcsTaskDefinitionPlacementConstraintsDetails (AwsEcsTaskDefinitionPlacementConstraintsDetails'),
+    newAwsEcsTaskDefinitionPlacementConstraintsDetails,
+
+    -- ** AwsEcsTaskDefinitionProxyConfigurationDetails
+    AwsEcsTaskDefinitionProxyConfigurationDetails (AwsEcsTaskDefinitionProxyConfigurationDetails'),
+    newAwsEcsTaskDefinitionProxyConfigurationDetails,
+
+    -- ** AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails
+    AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails (AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails'),
+    newAwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails,
+
+    -- ** AwsEcsTaskDefinitionVolumesDetails
+    AwsEcsTaskDefinitionVolumesDetails (AwsEcsTaskDefinitionVolumesDetails'),
+    newAwsEcsTaskDefinitionVolumesDetails,
+
+    -- ** AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails
+    AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails (AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails'),
+    newAwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails,
+
+    -- ** AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails (AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails'),
+    newAwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails,
+
+    -- ** AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails (AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails'),
+    newAwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails,
+
+    -- ** AwsEcsTaskDefinitionVolumesHostDetails
+    AwsEcsTaskDefinitionVolumesHostDetails (AwsEcsTaskDefinitionVolumesHostDetails'),
+    newAwsEcsTaskDefinitionVolumesHostDetails,
+
+    -- ** AwsEcsTaskDetails
+    AwsEcsTaskDetails (AwsEcsTaskDetails'),
+    newAwsEcsTaskDetails,
+
+    -- ** AwsEcsTaskVolumeDetails
+    AwsEcsTaskVolumeDetails (AwsEcsTaskVolumeDetails'),
+    newAwsEcsTaskVolumeDetails,
+
+    -- ** AwsEcsTaskVolumeHostDetails
+    AwsEcsTaskVolumeHostDetails (AwsEcsTaskVolumeHostDetails'),
+    newAwsEcsTaskVolumeHostDetails,
+
+    -- ** AwsEfsAccessPointDetails
+    AwsEfsAccessPointDetails (AwsEfsAccessPointDetails'),
+    newAwsEfsAccessPointDetails,
+
+    -- ** AwsEfsAccessPointPosixUserDetails
+    AwsEfsAccessPointPosixUserDetails (AwsEfsAccessPointPosixUserDetails'),
+    newAwsEfsAccessPointPosixUserDetails,
+
+    -- ** AwsEfsAccessPointRootDirectoryCreationInfoDetails
+    AwsEfsAccessPointRootDirectoryCreationInfoDetails (AwsEfsAccessPointRootDirectoryCreationInfoDetails'),
+    newAwsEfsAccessPointRootDirectoryCreationInfoDetails,
+
+    -- ** AwsEfsAccessPointRootDirectoryDetails
+    AwsEfsAccessPointRootDirectoryDetails (AwsEfsAccessPointRootDirectoryDetails'),
+    newAwsEfsAccessPointRootDirectoryDetails,
+
+    -- ** AwsEksClusterDetails
+    AwsEksClusterDetails (AwsEksClusterDetails'),
+    newAwsEksClusterDetails,
+
+    -- ** AwsEksClusterLoggingClusterLoggingDetails
+    AwsEksClusterLoggingClusterLoggingDetails (AwsEksClusterLoggingClusterLoggingDetails'),
+    newAwsEksClusterLoggingClusterLoggingDetails,
+
+    -- ** AwsEksClusterLoggingDetails
+    AwsEksClusterLoggingDetails (AwsEksClusterLoggingDetails'),
+    newAwsEksClusterLoggingDetails,
+
+    -- ** AwsEksClusterResourcesVpcConfigDetails
+    AwsEksClusterResourcesVpcConfigDetails (AwsEksClusterResourcesVpcConfigDetails'),
+    newAwsEksClusterResourcesVpcConfigDetails,
+
+    -- ** AwsElasticBeanstalkEnvironmentDetails
+    AwsElasticBeanstalkEnvironmentDetails (AwsElasticBeanstalkEnvironmentDetails'),
+    newAwsElasticBeanstalkEnvironmentDetails,
+
+    -- ** AwsElasticBeanstalkEnvironmentEnvironmentLink
+    AwsElasticBeanstalkEnvironmentEnvironmentLink (AwsElasticBeanstalkEnvironmentEnvironmentLink'),
+    newAwsElasticBeanstalkEnvironmentEnvironmentLink,
+
+    -- ** AwsElasticBeanstalkEnvironmentOptionSetting
+    AwsElasticBeanstalkEnvironmentOptionSetting (AwsElasticBeanstalkEnvironmentOptionSetting'),
+    newAwsElasticBeanstalkEnvironmentOptionSetting,
+
+    -- ** AwsElasticBeanstalkEnvironmentTier
+    AwsElasticBeanstalkEnvironmentTier (AwsElasticBeanstalkEnvironmentTier'),
+    newAwsElasticBeanstalkEnvironmentTier,
+
+    -- ** AwsElasticsearchDomainDetails
+    AwsElasticsearchDomainDetails (AwsElasticsearchDomainDetails'),
+    newAwsElasticsearchDomainDetails,
+
+    -- ** AwsElasticsearchDomainDomainEndpointOptions
+    AwsElasticsearchDomainDomainEndpointOptions (AwsElasticsearchDomainDomainEndpointOptions'),
+    newAwsElasticsearchDomainDomainEndpointOptions,
+
+    -- ** AwsElasticsearchDomainElasticsearchClusterConfigDetails
+    AwsElasticsearchDomainElasticsearchClusterConfigDetails (AwsElasticsearchDomainElasticsearchClusterConfigDetails'),
+    newAwsElasticsearchDomainElasticsearchClusterConfigDetails,
+
+    -- ** AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails
+    AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails (AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails'),
+    newAwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails,
+
+    -- ** AwsElasticsearchDomainEncryptionAtRestOptions
+    AwsElasticsearchDomainEncryptionAtRestOptions (AwsElasticsearchDomainEncryptionAtRestOptions'),
+    newAwsElasticsearchDomainEncryptionAtRestOptions,
+
+    -- ** AwsElasticsearchDomainLogPublishingOptions
+    AwsElasticsearchDomainLogPublishingOptions (AwsElasticsearchDomainLogPublishingOptions'),
+    newAwsElasticsearchDomainLogPublishingOptions,
+
+    -- ** AwsElasticsearchDomainLogPublishingOptionsLogConfig
+    AwsElasticsearchDomainLogPublishingOptionsLogConfig (AwsElasticsearchDomainLogPublishingOptionsLogConfig'),
+    newAwsElasticsearchDomainLogPublishingOptionsLogConfig,
+
+    -- ** AwsElasticsearchDomainNodeToNodeEncryptionOptions
+    AwsElasticsearchDomainNodeToNodeEncryptionOptions (AwsElasticsearchDomainNodeToNodeEncryptionOptions'),
+    newAwsElasticsearchDomainNodeToNodeEncryptionOptions,
+
+    -- ** AwsElasticsearchDomainServiceSoftwareOptions
+    AwsElasticsearchDomainServiceSoftwareOptions (AwsElasticsearchDomainServiceSoftwareOptions'),
+    newAwsElasticsearchDomainServiceSoftwareOptions,
+
+    -- ** AwsElasticsearchDomainVPCOptions
+    AwsElasticsearchDomainVPCOptions (AwsElasticsearchDomainVPCOptions'),
+    newAwsElasticsearchDomainVPCOptions,
+
+    -- ** AwsElbAppCookieStickinessPolicy
+    AwsElbAppCookieStickinessPolicy (AwsElbAppCookieStickinessPolicy'),
+    newAwsElbAppCookieStickinessPolicy,
+
+    -- ** AwsElbLbCookieStickinessPolicy
+    AwsElbLbCookieStickinessPolicy (AwsElbLbCookieStickinessPolicy'),
+    newAwsElbLbCookieStickinessPolicy,
+
+    -- ** AwsElbLoadBalancerAccessLog
+    AwsElbLoadBalancerAccessLog (AwsElbLoadBalancerAccessLog'),
+    newAwsElbLoadBalancerAccessLog,
+
+    -- ** AwsElbLoadBalancerAdditionalAttribute
+    AwsElbLoadBalancerAdditionalAttribute (AwsElbLoadBalancerAdditionalAttribute'),
+    newAwsElbLoadBalancerAdditionalAttribute,
+
+    -- ** AwsElbLoadBalancerAttributes
+    AwsElbLoadBalancerAttributes (AwsElbLoadBalancerAttributes'),
+    newAwsElbLoadBalancerAttributes,
+
+    -- ** AwsElbLoadBalancerBackendServerDescription
+    AwsElbLoadBalancerBackendServerDescription (AwsElbLoadBalancerBackendServerDescription'),
+    newAwsElbLoadBalancerBackendServerDescription,
+
+    -- ** AwsElbLoadBalancerConnectionDraining
+    AwsElbLoadBalancerConnectionDraining (AwsElbLoadBalancerConnectionDraining'),
+    newAwsElbLoadBalancerConnectionDraining,
+
+    -- ** AwsElbLoadBalancerConnectionSettings
+    AwsElbLoadBalancerConnectionSettings (AwsElbLoadBalancerConnectionSettings'),
+    newAwsElbLoadBalancerConnectionSettings,
+
+    -- ** AwsElbLoadBalancerCrossZoneLoadBalancing
+    AwsElbLoadBalancerCrossZoneLoadBalancing (AwsElbLoadBalancerCrossZoneLoadBalancing'),
+    newAwsElbLoadBalancerCrossZoneLoadBalancing,
+
+    -- ** AwsElbLoadBalancerDetails
+    AwsElbLoadBalancerDetails (AwsElbLoadBalancerDetails'),
+    newAwsElbLoadBalancerDetails,
+
+    -- ** AwsElbLoadBalancerHealthCheck
+    AwsElbLoadBalancerHealthCheck (AwsElbLoadBalancerHealthCheck'),
+    newAwsElbLoadBalancerHealthCheck,
+
+    -- ** AwsElbLoadBalancerInstance
+    AwsElbLoadBalancerInstance (AwsElbLoadBalancerInstance'),
+    newAwsElbLoadBalancerInstance,
+
+    -- ** AwsElbLoadBalancerListener
+    AwsElbLoadBalancerListener (AwsElbLoadBalancerListener'),
+    newAwsElbLoadBalancerListener,
+
+    -- ** AwsElbLoadBalancerListenerDescription
+    AwsElbLoadBalancerListenerDescription (AwsElbLoadBalancerListenerDescription'),
+    newAwsElbLoadBalancerListenerDescription,
+
+    -- ** AwsElbLoadBalancerPolicies
+    AwsElbLoadBalancerPolicies (AwsElbLoadBalancerPolicies'),
+    newAwsElbLoadBalancerPolicies,
+
+    -- ** AwsElbLoadBalancerSourceSecurityGroup
+    AwsElbLoadBalancerSourceSecurityGroup (AwsElbLoadBalancerSourceSecurityGroup'),
+    newAwsElbLoadBalancerSourceSecurityGroup,
+
+    -- ** AwsElbv2LoadBalancerAttribute
+    AwsElbv2LoadBalancerAttribute (AwsElbv2LoadBalancerAttribute'),
+    newAwsElbv2LoadBalancerAttribute,
+
+    -- ** AwsElbv2LoadBalancerDetails
+    AwsElbv2LoadBalancerDetails (AwsElbv2LoadBalancerDetails'),
+    newAwsElbv2LoadBalancerDetails,
+
+    -- ** AwsIamAccessKeyDetails
+    AwsIamAccessKeyDetails (AwsIamAccessKeyDetails'),
+    newAwsIamAccessKeyDetails,
+
+    -- ** AwsIamAccessKeySessionContext
+    AwsIamAccessKeySessionContext (AwsIamAccessKeySessionContext'),
+    newAwsIamAccessKeySessionContext,
+
+    -- ** AwsIamAccessKeySessionContextAttributes
+    AwsIamAccessKeySessionContextAttributes (AwsIamAccessKeySessionContextAttributes'),
+    newAwsIamAccessKeySessionContextAttributes,
+
+    -- ** AwsIamAccessKeySessionContextSessionIssuer
+    AwsIamAccessKeySessionContextSessionIssuer (AwsIamAccessKeySessionContextSessionIssuer'),
+    newAwsIamAccessKeySessionContextSessionIssuer,
+
+    -- ** AwsIamAttachedManagedPolicy
+    AwsIamAttachedManagedPolicy (AwsIamAttachedManagedPolicy'),
+    newAwsIamAttachedManagedPolicy,
+
+    -- ** AwsIamGroupDetails
+    AwsIamGroupDetails (AwsIamGroupDetails'),
+    newAwsIamGroupDetails,
+
+    -- ** AwsIamGroupPolicy
+    AwsIamGroupPolicy (AwsIamGroupPolicy'),
+    newAwsIamGroupPolicy,
+
+    -- ** AwsIamInstanceProfile
+    AwsIamInstanceProfile (AwsIamInstanceProfile'),
+    newAwsIamInstanceProfile,
+
+    -- ** AwsIamInstanceProfileRole
+    AwsIamInstanceProfileRole (AwsIamInstanceProfileRole'),
+    newAwsIamInstanceProfileRole,
+
+    -- ** AwsIamPermissionsBoundary
+    AwsIamPermissionsBoundary (AwsIamPermissionsBoundary'),
+    newAwsIamPermissionsBoundary,
+
+    -- ** AwsIamPolicyDetails
+    AwsIamPolicyDetails (AwsIamPolicyDetails'),
+    newAwsIamPolicyDetails,
+
+    -- ** AwsIamPolicyVersion
+    AwsIamPolicyVersion (AwsIamPolicyVersion'),
+    newAwsIamPolicyVersion,
+
+    -- ** AwsIamRoleDetails
+    AwsIamRoleDetails (AwsIamRoleDetails'),
+    newAwsIamRoleDetails,
+
+    -- ** AwsIamRolePolicy
+    AwsIamRolePolicy (AwsIamRolePolicy'),
+    newAwsIamRolePolicy,
+
+    -- ** AwsIamUserDetails
+    AwsIamUserDetails (AwsIamUserDetails'),
+    newAwsIamUserDetails,
+
+    -- ** AwsIamUserPolicy
+    AwsIamUserPolicy (AwsIamUserPolicy'),
+    newAwsIamUserPolicy,
+
+    -- ** AwsKinesisStreamDetails
+    AwsKinesisStreamDetails (AwsKinesisStreamDetails'),
+    newAwsKinesisStreamDetails,
+
+    -- ** AwsKinesisStreamStreamEncryptionDetails
+    AwsKinesisStreamStreamEncryptionDetails (AwsKinesisStreamStreamEncryptionDetails'),
+    newAwsKinesisStreamStreamEncryptionDetails,
+
+    -- ** AwsKmsKeyDetails
+    AwsKmsKeyDetails (AwsKmsKeyDetails'),
+    newAwsKmsKeyDetails,
+
+    -- ** AwsLambdaFunctionCode
+    AwsLambdaFunctionCode (AwsLambdaFunctionCode'),
+    newAwsLambdaFunctionCode,
+
+    -- ** AwsLambdaFunctionDeadLetterConfig
+    AwsLambdaFunctionDeadLetterConfig (AwsLambdaFunctionDeadLetterConfig'),
+    newAwsLambdaFunctionDeadLetterConfig,
+
+    -- ** AwsLambdaFunctionDetails
+    AwsLambdaFunctionDetails (AwsLambdaFunctionDetails'),
+    newAwsLambdaFunctionDetails,
+
+    -- ** AwsLambdaFunctionEnvironment
+    AwsLambdaFunctionEnvironment (AwsLambdaFunctionEnvironment'),
+    newAwsLambdaFunctionEnvironment,
+
+    -- ** AwsLambdaFunctionEnvironmentError
+    AwsLambdaFunctionEnvironmentError (AwsLambdaFunctionEnvironmentError'),
+    newAwsLambdaFunctionEnvironmentError,
+
+    -- ** AwsLambdaFunctionLayer
+    AwsLambdaFunctionLayer (AwsLambdaFunctionLayer'),
+    newAwsLambdaFunctionLayer,
+
+    -- ** AwsLambdaFunctionTracingConfig
+    AwsLambdaFunctionTracingConfig (AwsLambdaFunctionTracingConfig'),
+    newAwsLambdaFunctionTracingConfig,
+
+    -- ** AwsLambdaFunctionVpcConfig
+    AwsLambdaFunctionVpcConfig (AwsLambdaFunctionVpcConfig'),
+    newAwsLambdaFunctionVpcConfig,
+
+    -- ** AwsLambdaLayerVersionDetails
+    AwsLambdaLayerVersionDetails (AwsLambdaLayerVersionDetails'),
+    newAwsLambdaLayerVersionDetails,
+
+    -- ** AwsMountPoint
+    AwsMountPoint (AwsMountPoint'),
+    newAwsMountPoint,
+
+    -- ** AwsNetworkFirewallFirewallDetails
+    AwsNetworkFirewallFirewallDetails (AwsNetworkFirewallFirewallDetails'),
+    newAwsNetworkFirewallFirewallDetails,
+
+    -- ** AwsNetworkFirewallFirewallPolicyDetails
+    AwsNetworkFirewallFirewallPolicyDetails (AwsNetworkFirewallFirewallPolicyDetails'),
+    newAwsNetworkFirewallFirewallPolicyDetails,
+
+    -- ** AwsNetworkFirewallFirewallSubnetMappingsDetails
+    AwsNetworkFirewallFirewallSubnetMappingsDetails (AwsNetworkFirewallFirewallSubnetMappingsDetails'),
+    newAwsNetworkFirewallFirewallSubnetMappingsDetails,
+
+    -- ** AwsNetworkFirewallRuleGroupDetails
+    AwsNetworkFirewallRuleGroupDetails (AwsNetworkFirewallRuleGroupDetails'),
+    newAwsNetworkFirewallRuleGroupDetails,
+
+    -- ** AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails
+    AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails (AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails'),
+    newAwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails,
+
+    -- ** AwsOpenSearchServiceDomainClusterConfigDetails
+    AwsOpenSearchServiceDomainClusterConfigDetails (AwsOpenSearchServiceDomainClusterConfigDetails'),
+    newAwsOpenSearchServiceDomainClusterConfigDetails,
+
+    -- ** AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails
+    AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails (AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails'),
+    newAwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails,
+
+    -- ** AwsOpenSearchServiceDomainDetails
+    AwsOpenSearchServiceDomainDetails (AwsOpenSearchServiceDomainDetails'),
+    newAwsOpenSearchServiceDomainDetails,
+
+    -- ** AwsOpenSearchServiceDomainDomainEndpointOptionsDetails
+    AwsOpenSearchServiceDomainDomainEndpointOptionsDetails (AwsOpenSearchServiceDomainDomainEndpointOptionsDetails'),
+    newAwsOpenSearchServiceDomainDomainEndpointOptionsDetails,
+
+    -- ** AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails
+    AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails (AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails'),
+    newAwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails,
+
+    -- ** AwsOpenSearchServiceDomainLogPublishingOption
+    AwsOpenSearchServiceDomainLogPublishingOption (AwsOpenSearchServiceDomainLogPublishingOption'),
+    newAwsOpenSearchServiceDomainLogPublishingOption,
+
+    -- ** AwsOpenSearchServiceDomainLogPublishingOptionsDetails
+    AwsOpenSearchServiceDomainLogPublishingOptionsDetails (AwsOpenSearchServiceDomainLogPublishingOptionsDetails'),
+    newAwsOpenSearchServiceDomainLogPublishingOptionsDetails,
+
+    -- ** AwsOpenSearchServiceDomainMasterUserOptionsDetails
+    AwsOpenSearchServiceDomainMasterUserOptionsDetails (AwsOpenSearchServiceDomainMasterUserOptionsDetails'),
+    newAwsOpenSearchServiceDomainMasterUserOptionsDetails,
+
+    -- ** AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails
+    AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails (AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails'),
+    newAwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails,
+
+    -- ** AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails
+    AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails (AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails'),
+    newAwsOpenSearchServiceDomainServiceSoftwareOptionsDetails,
+
+    -- ** AwsOpenSearchServiceDomainVpcOptionsDetails
+    AwsOpenSearchServiceDomainVpcOptionsDetails (AwsOpenSearchServiceDomainVpcOptionsDetails'),
+    newAwsOpenSearchServiceDomainVpcOptionsDetails,
+
+    -- ** AwsRdsDbClusterAssociatedRole
+    AwsRdsDbClusterAssociatedRole (AwsRdsDbClusterAssociatedRole'),
+    newAwsRdsDbClusterAssociatedRole,
+
+    -- ** AwsRdsDbClusterDetails
+    AwsRdsDbClusterDetails (AwsRdsDbClusterDetails'),
+    newAwsRdsDbClusterDetails,
+
+    -- ** AwsRdsDbClusterMember
+    AwsRdsDbClusterMember (AwsRdsDbClusterMember'),
+    newAwsRdsDbClusterMember,
+
+    -- ** AwsRdsDbClusterOptionGroupMembership
+    AwsRdsDbClusterOptionGroupMembership (AwsRdsDbClusterOptionGroupMembership'),
+    newAwsRdsDbClusterOptionGroupMembership,
+
+    -- ** AwsRdsDbClusterSnapshotDetails
+    AwsRdsDbClusterSnapshotDetails (AwsRdsDbClusterSnapshotDetails'),
+    newAwsRdsDbClusterSnapshotDetails,
+
+    -- ** AwsRdsDbDomainMembership
+    AwsRdsDbDomainMembership (AwsRdsDbDomainMembership'),
+    newAwsRdsDbDomainMembership,
+
+    -- ** AwsRdsDbInstanceAssociatedRole
+    AwsRdsDbInstanceAssociatedRole (AwsRdsDbInstanceAssociatedRole'),
+    newAwsRdsDbInstanceAssociatedRole,
+
+    -- ** AwsRdsDbInstanceDetails
+    AwsRdsDbInstanceDetails (AwsRdsDbInstanceDetails'),
+    newAwsRdsDbInstanceDetails,
+
+    -- ** AwsRdsDbInstanceEndpoint
+    AwsRdsDbInstanceEndpoint (AwsRdsDbInstanceEndpoint'),
+    newAwsRdsDbInstanceEndpoint,
+
+    -- ** AwsRdsDbInstanceVpcSecurityGroup
+    AwsRdsDbInstanceVpcSecurityGroup (AwsRdsDbInstanceVpcSecurityGroup'),
+    newAwsRdsDbInstanceVpcSecurityGroup,
+
+    -- ** AwsRdsDbOptionGroupMembership
+    AwsRdsDbOptionGroupMembership (AwsRdsDbOptionGroupMembership'),
+    newAwsRdsDbOptionGroupMembership,
+
+    -- ** AwsRdsDbParameterGroup
+    AwsRdsDbParameterGroup (AwsRdsDbParameterGroup'),
+    newAwsRdsDbParameterGroup,
+
+    -- ** AwsRdsDbPendingModifiedValues
+    AwsRdsDbPendingModifiedValues (AwsRdsDbPendingModifiedValues'),
+    newAwsRdsDbPendingModifiedValues,
+
+    -- ** AwsRdsDbProcessorFeature
+    AwsRdsDbProcessorFeature (AwsRdsDbProcessorFeature'),
+    newAwsRdsDbProcessorFeature,
+
+    -- ** AwsRdsDbSecurityGroupDetails
+    AwsRdsDbSecurityGroupDetails (AwsRdsDbSecurityGroupDetails'),
+    newAwsRdsDbSecurityGroupDetails,
+
+    -- ** AwsRdsDbSecurityGroupEc2SecurityGroup
+    AwsRdsDbSecurityGroupEc2SecurityGroup (AwsRdsDbSecurityGroupEc2SecurityGroup'),
+    newAwsRdsDbSecurityGroupEc2SecurityGroup,
+
+    -- ** AwsRdsDbSecurityGroupIpRange
+    AwsRdsDbSecurityGroupIpRange (AwsRdsDbSecurityGroupIpRange'),
+    newAwsRdsDbSecurityGroupIpRange,
+
+    -- ** AwsRdsDbSnapshotDetails
+    AwsRdsDbSnapshotDetails (AwsRdsDbSnapshotDetails'),
+    newAwsRdsDbSnapshotDetails,
+
+    -- ** AwsRdsDbStatusInfo
+    AwsRdsDbStatusInfo (AwsRdsDbStatusInfo'),
+    newAwsRdsDbStatusInfo,
+
+    -- ** AwsRdsDbSubnetGroup
+    AwsRdsDbSubnetGroup (AwsRdsDbSubnetGroup'),
+    newAwsRdsDbSubnetGroup,
+
+    -- ** AwsRdsDbSubnetGroupSubnet
+    AwsRdsDbSubnetGroupSubnet (AwsRdsDbSubnetGroupSubnet'),
+    newAwsRdsDbSubnetGroupSubnet,
+
+    -- ** AwsRdsDbSubnetGroupSubnetAvailabilityZone
+    AwsRdsDbSubnetGroupSubnetAvailabilityZone (AwsRdsDbSubnetGroupSubnetAvailabilityZone'),
+    newAwsRdsDbSubnetGroupSubnetAvailabilityZone,
+
+    -- ** AwsRdsEventSubscriptionDetails
+    AwsRdsEventSubscriptionDetails (AwsRdsEventSubscriptionDetails'),
+    newAwsRdsEventSubscriptionDetails,
+
+    -- ** AwsRdsPendingCloudWatchLogsExports
+    AwsRdsPendingCloudWatchLogsExports (AwsRdsPendingCloudWatchLogsExports'),
+    newAwsRdsPendingCloudWatchLogsExports,
+
+    -- ** AwsRedshiftClusterClusterNode
+    AwsRedshiftClusterClusterNode (AwsRedshiftClusterClusterNode'),
+    newAwsRedshiftClusterClusterNode,
+
+    -- ** AwsRedshiftClusterClusterParameterGroup
+    AwsRedshiftClusterClusterParameterGroup (AwsRedshiftClusterClusterParameterGroup'),
+    newAwsRedshiftClusterClusterParameterGroup,
+
+    -- ** AwsRedshiftClusterClusterParameterStatus
+    AwsRedshiftClusterClusterParameterStatus (AwsRedshiftClusterClusterParameterStatus'),
+    newAwsRedshiftClusterClusterParameterStatus,
+
+    -- ** AwsRedshiftClusterClusterSecurityGroup
+    AwsRedshiftClusterClusterSecurityGroup (AwsRedshiftClusterClusterSecurityGroup'),
+    newAwsRedshiftClusterClusterSecurityGroup,
+
+    -- ** AwsRedshiftClusterClusterSnapshotCopyStatus
+    AwsRedshiftClusterClusterSnapshotCopyStatus (AwsRedshiftClusterClusterSnapshotCopyStatus'),
+    newAwsRedshiftClusterClusterSnapshotCopyStatus,
+
+    -- ** AwsRedshiftClusterDeferredMaintenanceWindow
+    AwsRedshiftClusterDeferredMaintenanceWindow (AwsRedshiftClusterDeferredMaintenanceWindow'),
+    newAwsRedshiftClusterDeferredMaintenanceWindow,
+
+    -- ** AwsRedshiftClusterDetails
+    AwsRedshiftClusterDetails (AwsRedshiftClusterDetails'),
+    newAwsRedshiftClusterDetails,
+
+    -- ** AwsRedshiftClusterElasticIpStatus
+    AwsRedshiftClusterElasticIpStatus (AwsRedshiftClusterElasticIpStatus'),
+    newAwsRedshiftClusterElasticIpStatus,
+
+    -- ** AwsRedshiftClusterEndpoint
+    AwsRedshiftClusterEndpoint (AwsRedshiftClusterEndpoint'),
+    newAwsRedshiftClusterEndpoint,
+
+    -- ** AwsRedshiftClusterHsmStatus
+    AwsRedshiftClusterHsmStatus (AwsRedshiftClusterHsmStatus'),
+    newAwsRedshiftClusterHsmStatus,
+
+    -- ** AwsRedshiftClusterIamRole
+    AwsRedshiftClusterIamRole (AwsRedshiftClusterIamRole'),
+    newAwsRedshiftClusterIamRole,
+
+    -- ** AwsRedshiftClusterLoggingStatus
+    AwsRedshiftClusterLoggingStatus (AwsRedshiftClusterLoggingStatus'),
+    newAwsRedshiftClusterLoggingStatus,
+
+    -- ** AwsRedshiftClusterPendingModifiedValues
+    AwsRedshiftClusterPendingModifiedValues (AwsRedshiftClusterPendingModifiedValues'),
+    newAwsRedshiftClusterPendingModifiedValues,
+
+    -- ** AwsRedshiftClusterResizeInfo
+    AwsRedshiftClusterResizeInfo (AwsRedshiftClusterResizeInfo'),
+    newAwsRedshiftClusterResizeInfo,
+
+    -- ** AwsRedshiftClusterRestoreStatus
+    AwsRedshiftClusterRestoreStatus (AwsRedshiftClusterRestoreStatus'),
+    newAwsRedshiftClusterRestoreStatus,
+
+    -- ** AwsRedshiftClusterVpcSecurityGroup
+    AwsRedshiftClusterVpcSecurityGroup (AwsRedshiftClusterVpcSecurityGroup'),
+    newAwsRedshiftClusterVpcSecurityGroup,
+
+    -- ** AwsS3AccountPublicAccessBlockDetails
+    AwsS3AccountPublicAccessBlockDetails (AwsS3AccountPublicAccessBlockDetails'),
+    newAwsS3AccountPublicAccessBlockDetails,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationDetails
+    AwsS3BucketBucketLifecycleConfigurationDetails (AwsS3BucketBucketLifecycleConfigurationDetails'),
+    newAwsS3BucketBucketLifecycleConfigurationDetails,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails (AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails'),
+    newAwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesDetails (AwsS3BucketBucketLifecycleConfigurationRulesDetails'),
+    newAwsS3BucketBucketLifecycleConfigurationRulesDetails,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails (AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails'),
+    newAwsS3BucketBucketLifecycleConfigurationRulesFilterDetails,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails (AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails'),
+    newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails (AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails'),
+    newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails (AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails'),
+    newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails (AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails'),
+    newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails (AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails'),
+    newAwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails (AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails'),
+    newAwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails,
+
+    -- ** AwsS3BucketBucketVersioningConfiguration
+    AwsS3BucketBucketVersioningConfiguration (AwsS3BucketBucketVersioningConfiguration'),
+    newAwsS3BucketBucketVersioningConfiguration,
+
+    -- ** AwsS3BucketDetails
+    AwsS3BucketDetails (AwsS3BucketDetails'),
+    newAwsS3BucketDetails,
+
+    -- ** AwsS3BucketLoggingConfiguration
+    AwsS3BucketLoggingConfiguration (AwsS3BucketLoggingConfiguration'),
+    newAwsS3BucketLoggingConfiguration,
+
+    -- ** AwsS3BucketNotificationConfiguration
+    AwsS3BucketNotificationConfiguration (AwsS3BucketNotificationConfiguration'),
+    newAwsS3BucketNotificationConfiguration,
+
+    -- ** AwsS3BucketNotificationConfigurationDetail
+    AwsS3BucketNotificationConfigurationDetail (AwsS3BucketNotificationConfigurationDetail'),
+    newAwsS3BucketNotificationConfigurationDetail,
+
+    -- ** AwsS3BucketNotificationConfigurationFilter
+    AwsS3BucketNotificationConfigurationFilter (AwsS3BucketNotificationConfigurationFilter'),
+    newAwsS3BucketNotificationConfigurationFilter,
+
+    -- ** AwsS3BucketNotificationConfigurationS3KeyFilter
+    AwsS3BucketNotificationConfigurationS3KeyFilter (AwsS3BucketNotificationConfigurationS3KeyFilter'),
+    newAwsS3BucketNotificationConfigurationS3KeyFilter,
+
+    -- ** AwsS3BucketNotificationConfigurationS3KeyFilterRule
+    AwsS3BucketNotificationConfigurationS3KeyFilterRule (AwsS3BucketNotificationConfigurationS3KeyFilterRule'),
+    newAwsS3BucketNotificationConfigurationS3KeyFilterRule,
+
+    -- ** AwsS3BucketServerSideEncryptionByDefault
+    AwsS3BucketServerSideEncryptionByDefault (AwsS3BucketServerSideEncryptionByDefault'),
+    newAwsS3BucketServerSideEncryptionByDefault,
+
+    -- ** AwsS3BucketServerSideEncryptionConfiguration
+    AwsS3BucketServerSideEncryptionConfiguration (AwsS3BucketServerSideEncryptionConfiguration'),
+    newAwsS3BucketServerSideEncryptionConfiguration,
+
+    -- ** AwsS3BucketServerSideEncryptionRule
+    AwsS3BucketServerSideEncryptionRule (AwsS3BucketServerSideEncryptionRule'),
+    newAwsS3BucketServerSideEncryptionRule,
+
+    -- ** AwsS3BucketWebsiteConfiguration
+    AwsS3BucketWebsiteConfiguration (AwsS3BucketWebsiteConfiguration'),
+    newAwsS3BucketWebsiteConfiguration,
+
+    -- ** AwsS3BucketWebsiteConfigurationRedirectTo
+    AwsS3BucketWebsiteConfigurationRedirectTo (AwsS3BucketWebsiteConfigurationRedirectTo'),
+    newAwsS3BucketWebsiteConfigurationRedirectTo,
+
+    -- ** AwsS3BucketWebsiteConfigurationRoutingRule
+    AwsS3BucketWebsiteConfigurationRoutingRule (AwsS3BucketWebsiteConfigurationRoutingRule'),
+    newAwsS3BucketWebsiteConfigurationRoutingRule,
+
+    -- ** AwsS3BucketWebsiteConfigurationRoutingRuleCondition
+    AwsS3BucketWebsiteConfigurationRoutingRuleCondition (AwsS3BucketWebsiteConfigurationRoutingRuleCondition'),
+    newAwsS3BucketWebsiteConfigurationRoutingRuleCondition,
+
+    -- ** AwsS3BucketWebsiteConfigurationRoutingRuleRedirect
+    AwsS3BucketWebsiteConfigurationRoutingRuleRedirect (AwsS3BucketWebsiteConfigurationRoutingRuleRedirect'),
+    newAwsS3BucketWebsiteConfigurationRoutingRuleRedirect,
+
+    -- ** AwsS3ObjectDetails
+    AwsS3ObjectDetails (AwsS3ObjectDetails'),
+    newAwsS3ObjectDetails,
+
+    -- ** AwsSageMakerNotebookInstanceDetails
+    AwsSageMakerNotebookInstanceDetails (AwsSageMakerNotebookInstanceDetails'),
+    newAwsSageMakerNotebookInstanceDetails,
+
+    -- ** AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails
+    AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails (AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails'),
+    newAwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails,
+
+    -- ** AwsSecretsManagerSecretDetails
+    AwsSecretsManagerSecretDetails (AwsSecretsManagerSecretDetails'),
+    newAwsSecretsManagerSecretDetails,
+
+    -- ** AwsSecretsManagerSecretRotationRules
+    AwsSecretsManagerSecretRotationRules (AwsSecretsManagerSecretRotationRules'),
+    newAwsSecretsManagerSecretRotationRules,
+
+    -- ** AwsSecurityFinding
+    AwsSecurityFinding (AwsSecurityFinding'),
+    newAwsSecurityFinding,
+
+    -- ** AwsSecurityFindingFilters
+    AwsSecurityFindingFilters (AwsSecurityFindingFilters'),
+    newAwsSecurityFindingFilters,
+
+    -- ** AwsSecurityFindingIdentifier
+    AwsSecurityFindingIdentifier (AwsSecurityFindingIdentifier'),
+    newAwsSecurityFindingIdentifier,
+
+    -- ** AwsSnsTopicDetails
+    AwsSnsTopicDetails (AwsSnsTopicDetails'),
+    newAwsSnsTopicDetails,
+
+    -- ** AwsSnsTopicSubscription
+    AwsSnsTopicSubscription (AwsSnsTopicSubscription'),
+    newAwsSnsTopicSubscription,
+
+    -- ** AwsSqsQueueDetails
+    AwsSqsQueueDetails (AwsSqsQueueDetails'),
+    newAwsSqsQueueDetails,
+
+    -- ** AwsSsmComplianceSummary
+    AwsSsmComplianceSummary (AwsSsmComplianceSummary'),
+    newAwsSsmComplianceSummary,
+
+    -- ** AwsSsmPatch
+    AwsSsmPatch (AwsSsmPatch'),
+    newAwsSsmPatch,
+
+    -- ** AwsSsmPatchComplianceDetails
+    AwsSsmPatchComplianceDetails (AwsSsmPatchComplianceDetails'),
+    newAwsSsmPatchComplianceDetails,
+
+    -- ** AwsWafRateBasedRuleDetails
+    AwsWafRateBasedRuleDetails (AwsWafRateBasedRuleDetails'),
+    newAwsWafRateBasedRuleDetails,
+
+    -- ** AwsWafRateBasedRuleMatchPredicate
+    AwsWafRateBasedRuleMatchPredicate (AwsWafRateBasedRuleMatchPredicate'),
+    newAwsWafRateBasedRuleMatchPredicate,
+
+    -- ** AwsWafRegionalRateBasedRuleDetails
+    AwsWafRegionalRateBasedRuleDetails (AwsWafRegionalRateBasedRuleDetails'),
+    newAwsWafRegionalRateBasedRuleDetails,
+
+    -- ** AwsWafRegionalRateBasedRuleMatchPredicate
+    AwsWafRegionalRateBasedRuleMatchPredicate (AwsWafRegionalRateBasedRuleMatchPredicate'),
+    newAwsWafRegionalRateBasedRuleMatchPredicate,
+
+    -- ** AwsWafRegionalRuleDetails
+    AwsWafRegionalRuleDetails (AwsWafRegionalRuleDetails'),
+    newAwsWafRegionalRuleDetails,
+
+    -- ** AwsWafRegionalRuleGroupDetails
+    AwsWafRegionalRuleGroupDetails (AwsWafRegionalRuleGroupDetails'),
+    newAwsWafRegionalRuleGroupDetails,
+
+    -- ** AwsWafRegionalRuleGroupRulesActionDetails
+    AwsWafRegionalRuleGroupRulesActionDetails (AwsWafRegionalRuleGroupRulesActionDetails'),
+    newAwsWafRegionalRuleGroupRulesActionDetails,
+
+    -- ** AwsWafRegionalRuleGroupRulesDetails
+    AwsWafRegionalRuleGroupRulesDetails (AwsWafRegionalRuleGroupRulesDetails'),
+    newAwsWafRegionalRuleGroupRulesDetails,
+
+    -- ** AwsWafRegionalRulePredicateListDetails
+    AwsWafRegionalRulePredicateListDetails (AwsWafRegionalRulePredicateListDetails'),
+    newAwsWafRegionalRulePredicateListDetails,
+
+    -- ** AwsWafRegionalWebAclDetails
+    AwsWafRegionalWebAclDetails (AwsWafRegionalWebAclDetails'),
+    newAwsWafRegionalWebAclDetails,
+
+    -- ** AwsWafRegionalWebAclRulesListActionDetails
+    AwsWafRegionalWebAclRulesListActionDetails (AwsWafRegionalWebAclRulesListActionDetails'),
+    newAwsWafRegionalWebAclRulesListActionDetails,
+
+    -- ** AwsWafRegionalWebAclRulesListDetails
+    AwsWafRegionalWebAclRulesListDetails (AwsWafRegionalWebAclRulesListDetails'),
+    newAwsWafRegionalWebAclRulesListDetails,
+
+    -- ** AwsWafRegionalWebAclRulesListOverrideActionDetails
+    AwsWafRegionalWebAclRulesListOverrideActionDetails (AwsWafRegionalWebAclRulesListOverrideActionDetails'),
+    newAwsWafRegionalWebAclRulesListOverrideActionDetails,
+
+    -- ** AwsWafRuleDetails
+    AwsWafRuleDetails (AwsWafRuleDetails'),
+    newAwsWafRuleDetails,
+
+    -- ** AwsWafRuleGroupDetails
+    AwsWafRuleGroupDetails (AwsWafRuleGroupDetails'),
+    newAwsWafRuleGroupDetails,
+
+    -- ** AwsWafRuleGroupRulesActionDetails
+    AwsWafRuleGroupRulesActionDetails (AwsWafRuleGroupRulesActionDetails'),
+    newAwsWafRuleGroupRulesActionDetails,
+
+    -- ** AwsWafRuleGroupRulesDetails
+    AwsWafRuleGroupRulesDetails (AwsWafRuleGroupRulesDetails'),
+    newAwsWafRuleGroupRulesDetails,
+
+    -- ** AwsWafRulePredicateListDetails
+    AwsWafRulePredicateListDetails (AwsWafRulePredicateListDetails'),
+    newAwsWafRulePredicateListDetails,
+
+    -- ** AwsWafWebAclDetails
+    AwsWafWebAclDetails (AwsWafWebAclDetails'),
+    newAwsWafWebAclDetails,
+
+    -- ** AwsWafWebAclRule
+    AwsWafWebAclRule (AwsWafWebAclRule'),
+    newAwsWafWebAclRule,
+
+    -- ** AwsWafv2ActionAllowDetails
+    AwsWafv2ActionAllowDetails (AwsWafv2ActionAllowDetails'),
+    newAwsWafv2ActionAllowDetails,
+
+    -- ** AwsWafv2ActionBlockDetails
+    AwsWafv2ActionBlockDetails (AwsWafv2ActionBlockDetails'),
+    newAwsWafv2ActionBlockDetails,
+
+    -- ** AwsWafv2CustomHttpHeader
+    AwsWafv2CustomHttpHeader (AwsWafv2CustomHttpHeader'),
+    newAwsWafv2CustomHttpHeader,
+
+    -- ** AwsWafv2CustomRequestHandlingDetails
+    AwsWafv2CustomRequestHandlingDetails (AwsWafv2CustomRequestHandlingDetails'),
+    newAwsWafv2CustomRequestHandlingDetails,
+
+    -- ** AwsWafv2CustomResponseDetails
+    AwsWafv2CustomResponseDetails (AwsWafv2CustomResponseDetails'),
+    newAwsWafv2CustomResponseDetails,
+
+    -- ** AwsWafv2RuleGroupDetails
+    AwsWafv2RuleGroupDetails (AwsWafv2RuleGroupDetails'),
+    newAwsWafv2RuleGroupDetails,
+
+    -- ** AwsWafv2RulesActionCaptchaDetails
+    AwsWafv2RulesActionCaptchaDetails (AwsWafv2RulesActionCaptchaDetails'),
+    newAwsWafv2RulesActionCaptchaDetails,
+
+    -- ** AwsWafv2RulesActionCountDetails
+    AwsWafv2RulesActionCountDetails (AwsWafv2RulesActionCountDetails'),
+    newAwsWafv2RulesActionCountDetails,
+
+    -- ** AwsWafv2RulesActionDetails
+    AwsWafv2RulesActionDetails (AwsWafv2RulesActionDetails'),
+    newAwsWafv2RulesActionDetails,
+
+    -- ** AwsWafv2RulesDetails
+    AwsWafv2RulesDetails (AwsWafv2RulesDetails'),
+    newAwsWafv2RulesDetails,
+
+    -- ** AwsWafv2VisibilityConfigDetails
+    AwsWafv2VisibilityConfigDetails (AwsWafv2VisibilityConfigDetails'),
+    newAwsWafv2VisibilityConfigDetails,
+
+    -- ** AwsWafv2WebAclActionDetails
+    AwsWafv2WebAclActionDetails (AwsWafv2WebAclActionDetails'),
+    newAwsWafv2WebAclActionDetails,
+
+    -- ** AwsWafv2WebAclCaptchaConfigDetails
+    AwsWafv2WebAclCaptchaConfigDetails (AwsWafv2WebAclCaptchaConfigDetails'),
+    newAwsWafv2WebAclCaptchaConfigDetails,
+
+    -- ** AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails
+    AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails (AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails'),
+    newAwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails,
+
+    -- ** AwsWafv2WebAclDetails
+    AwsWafv2WebAclDetails (AwsWafv2WebAclDetails'),
+    newAwsWafv2WebAclDetails,
+
+    -- ** AwsXrayEncryptionConfigDetails
+    AwsXrayEncryptionConfigDetails (AwsXrayEncryptionConfigDetails'),
+    newAwsXrayEncryptionConfigDetails,
+
+    -- ** BatchUpdateFindingsUnprocessedFinding
+    BatchUpdateFindingsUnprocessedFinding (BatchUpdateFindingsUnprocessedFinding'),
+    newBatchUpdateFindingsUnprocessedFinding,
+
+    -- ** BooleanFilter
+    BooleanFilter (BooleanFilter'),
+    newBooleanFilter,
+
+    -- ** Cell
+    Cell (Cell'),
+    newCell,
+
+    -- ** CidrBlockAssociation
+    CidrBlockAssociation (CidrBlockAssociation'),
+    newCidrBlockAssociation,
+
+    -- ** City
+    City (City'),
+    newCity,
+
+    -- ** ClassificationResult
+    ClassificationResult (ClassificationResult'),
+    newClassificationResult,
+
+    -- ** ClassificationStatus
+    ClassificationStatus (ClassificationStatus'),
+    newClassificationStatus,
+
+    -- ** Compliance
+    Compliance (Compliance'),
+    newCompliance,
+
+    -- ** ContainerDetails
+    ContainerDetails (ContainerDetails'),
+    newContainerDetails,
+
+    -- ** Country
+    Country (Country'),
+    newCountry,
+
+    -- ** CustomDataIdentifiersDetections
+    CustomDataIdentifiersDetections (CustomDataIdentifiersDetections'),
+    newCustomDataIdentifiersDetections,
+
+    -- ** CustomDataIdentifiersResult
+    CustomDataIdentifiersResult (CustomDataIdentifiersResult'),
+    newCustomDataIdentifiersResult,
+
+    -- ** Cvss
+    Cvss (Cvss'),
+    newCvss,
+
+    -- ** DataClassificationDetails
+    DataClassificationDetails (DataClassificationDetails'),
+    newDataClassificationDetails,
+
+    -- ** DateFilter
+    DateFilter (DateFilter'),
+    newDateFilter,
+
+    -- ** DateRange
+    DateRange (DateRange'),
+    newDateRange,
+
+    -- ** DnsRequestAction
+    DnsRequestAction (DnsRequestAction'),
+    newDnsRequestAction,
+
+    -- ** FilePaths
+    FilePaths (FilePaths'),
+    newFilePaths,
+
+    -- ** FindingAggregator
+    FindingAggregator (FindingAggregator'),
+    newFindingAggregator,
+
+    -- ** FindingProviderFields
+    FindingProviderFields (FindingProviderFields'),
+    newFindingProviderFields,
+
+    -- ** FindingProviderSeverity
+    FindingProviderSeverity (FindingProviderSeverity'),
+    newFindingProviderSeverity,
+
+    -- ** FirewallPolicyDetails
+    FirewallPolicyDetails (FirewallPolicyDetails'),
+    newFirewallPolicyDetails,
+
+    -- ** FirewallPolicyStatefulRuleGroupReferencesDetails
+    FirewallPolicyStatefulRuleGroupReferencesDetails (FirewallPolicyStatefulRuleGroupReferencesDetails'),
+    newFirewallPolicyStatefulRuleGroupReferencesDetails,
+
+    -- ** FirewallPolicyStatelessCustomActionsDetails
+    FirewallPolicyStatelessCustomActionsDetails (FirewallPolicyStatelessCustomActionsDetails'),
+    newFirewallPolicyStatelessCustomActionsDetails,
+
+    -- ** FirewallPolicyStatelessRuleGroupReferencesDetails
+    FirewallPolicyStatelessRuleGroupReferencesDetails (FirewallPolicyStatelessRuleGroupReferencesDetails'),
+    newFirewallPolicyStatelessRuleGroupReferencesDetails,
+
+    -- ** GeoLocation
+    GeoLocation (GeoLocation'),
+    newGeoLocation,
+
+    -- ** IcmpTypeCode
+    IcmpTypeCode (IcmpTypeCode'),
+    newIcmpTypeCode,
+
+    -- ** ImportFindingsError
+    ImportFindingsError (ImportFindingsError'),
+    newImportFindingsError,
+
+    -- ** Insight
+    Insight (Insight'),
+    newInsight,
+
+    -- ** InsightResultValue
+    InsightResultValue (InsightResultValue'),
+    newInsightResultValue,
+
+    -- ** InsightResults
+    InsightResults (InsightResults'),
+    newInsightResults,
+
+    -- ** Invitation
+    Invitation (Invitation'),
+    newInvitation,
+
+    -- ** IpFilter
+    IpFilter (IpFilter'),
+    newIpFilter,
+
+    -- ** IpOrganizationDetails
+    IpOrganizationDetails (IpOrganizationDetails'),
+    newIpOrganizationDetails,
+
+    -- ** Ipv6CidrBlockAssociation
+    Ipv6CidrBlockAssociation (Ipv6CidrBlockAssociation'),
+    newIpv6CidrBlockAssociation,
+
+    -- ** KeywordFilter
+    KeywordFilter (KeywordFilter'),
+    newKeywordFilter,
+
+    -- ** LoadBalancerState
+    LoadBalancerState (LoadBalancerState'),
+    newLoadBalancerState,
+
+    -- ** Malware
+    Malware (Malware'),
+    newMalware,
+
+    -- ** MapFilter
+    MapFilter (MapFilter'),
+    newMapFilter,
+
+    -- ** Member
+    Member (Member'),
+    newMember,
+
+    -- ** Network
+    Network (Network'),
+    newNetwork,
+
+    -- ** NetworkConnectionAction
+    NetworkConnectionAction (NetworkConnectionAction'),
+    newNetworkConnectionAction,
+
+    -- ** NetworkHeader
+    NetworkHeader (NetworkHeader'),
+    newNetworkHeader,
+
+    -- ** NetworkPathComponent
+    NetworkPathComponent (NetworkPathComponent'),
+    newNetworkPathComponent,
+
+    -- ** NetworkPathComponentDetails
+    NetworkPathComponentDetails (NetworkPathComponentDetails'),
+    newNetworkPathComponentDetails,
+
+    -- ** Note
+    Note (Note'),
+    newNote,
+
+    -- ** NoteUpdate
+    NoteUpdate (NoteUpdate'),
+    newNoteUpdate,
+
+    -- ** NumberFilter
+    NumberFilter (NumberFilter'),
+    newNumberFilter,
+
+    -- ** Occurrences
+    Occurrences (Occurrences'),
+    newOccurrences,
+
+    -- ** Page
+    Page (Page'),
+    newPage,
+
+    -- ** PatchSummary
+    PatchSummary (PatchSummary'),
+    newPatchSummary,
+
+    -- ** PortProbeAction
+    PortProbeAction (PortProbeAction'),
+    newPortProbeAction,
+
+    -- ** PortProbeDetail
+    PortProbeDetail (PortProbeDetail'),
+    newPortProbeDetail,
+
+    -- ** PortRange
+    PortRange (PortRange'),
+    newPortRange,
+
+    -- ** PortRangeFromTo
+    PortRangeFromTo (PortRangeFromTo'),
+    newPortRangeFromTo,
+
+    -- ** ProcessDetails
+    ProcessDetails (ProcessDetails'),
+    newProcessDetails,
+
+    -- ** Product
+    Product (Product'),
+    newProduct,
+
+    -- ** Range
+    Range (Range'),
+    newRange,
+
+    -- ** Recommendation
+    Recommendation (Recommendation'),
+    newRecommendation,
+
+    -- ** Record
+    Record (Record'),
+    newRecord,
+
+    -- ** RelatedFinding
+    RelatedFinding (RelatedFinding'),
+    newRelatedFinding,
+
+    -- ** Remediation
+    Remediation (Remediation'),
+    newRemediation,
+
+    -- ** Resource
+    Resource (Resource'),
+    newResource,
+
+    -- ** ResourceDetails
+    ResourceDetails (ResourceDetails'),
+    newResourceDetails,
+
+    -- ** Result
+    Result (Result'),
+    newResult,
+
+    -- ** RuleGroupDetails
+    RuleGroupDetails (RuleGroupDetails'),
+    newRuleGroupDetails,
+
+    -- ** RuleGroupSource
+    RuleGroupSource (RuleGroupSource'),
+    newRuleGroupSource,
+
+    -- ** RuleGroupSourceCustomActionsDetails
+    RuleGroupSourceCustomActionsDetails (RuleGroupSourceCustomActionsDetails'),
+    newRuleGroupSourceCustomActionsDetails,
+
+    -- ** RuleGroupSourceListDetails
+    RuleGroupSourceListDetails (RuleGroupSourceListDetails'),
+    newRuleGroupSourceListDetails,
+
+    -- ** RuleGroupSourceStatefulRulesDetails
+    RuleGroupSourceStatefulRulesDetails (RuleGroupSourceStatefulRulesDetails'),
+    newRuleGroupSourceStatefulRulesDetails,
+
+    -- ** RuleGroupSourceStatefulRulesHeaderDetails
+    RuleGroupSourceStatefulRulesHeaderDetails (RuleGroupSourceStatefulRulesHeaderDetails'),
+    newRuleGroupSourceStatefulRulesHeaderDetails,
+
+    -- ** RuleGroupSourceStatefulRulesOptionsDetails
+    RuleGroupSourceStatefulRulesOptionsDetails (RuleGroupSourceStatefulRulesOptionsDetails'),
+    newRuleGroupSourceStatefulRulesOptionsDetails,
+
+    -- ** RuleGroupSourceStatelessRuleDefinition
+    RuleGroupSourceStatelessRuleDefinition (RuleGroupSourceStatelessRuleDefinition'),
+    newRuleGroupSourceStatelessRuleDefinition,
+
+    -- ** RuleGroupSourceStatelessRuleMatchAttributes
+    RuleGroupSourceStatelessRuleMatchAttributes (RuleGroupSourceStatelessRuleMatchAttributes'),
+    newRuleGroupSourceStatelessRuleMatchAttributes,
+
+    -- ** RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
+    RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts (RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts'),
+    newRuleGroupSourceStatelessRuleMatchAttributesDestinationPorts,
+
+    -- ** RuleGroupSourceStatelessRuleMatchAttributesDestinations
+    RuleGroupSourceStatelessRuleMatchAttributesDestinations (RuleGroupSourceStatelessRuleMatchAttributesDestinations'),
+    newRuleGroupSourceStatelessRuleMatchAttributesDestinations,
+
+    -- ** RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
+    RuleGroupSourceStatelessRuleMatchAttributesSourcePorts (RuleGroupSourceStatelessRuleMatchAttributesSourcePorts'),
+    newRuleGroupSourceStatelessRuleMatchAttributesSourcePorts,
+
+    -- ** RuleGroupSourceStatelessRuleMatchAttributesSources
+    RuleGroupSourceStatelessRuleMatchAttributesSources (RuleGroupSourceStatelessRuleMatchAttributesSources'),
+    newRuleGroupSourceStatelessRuleMatchAttributesSources,
+
+    -- ** RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
+    RuleGroupSourceStatelessRuleMatchAttributesTcpFlags (RuleGroupSourceStatelessRuleMatchAttributesTcpFlags'),
+    newRuleGroupSourceStatelessRuleMatchAttributesTcpFlags,
+
+    -- ** RuleGroupSourceStatelessRulesAndCustomActionsDetails
+    RuleGroupSourceStatelessRulesAndCustomActionsDetails (RuleGroupSourceStatelessRulesAndCustomActionsDetails'),
+    newRuleGroupSourceStatelessRulesAndCustomActionsDetails,
+
+    -- ** RuleGroupSourceStatelessRulesDetails
+    RuleGroupSourceStatelessRulesDetails (RuleGroupSourceStatelessRulesDetails'),
+    newRuleGroupSourceStatelessRulesDetails,
+
+    -- ** RuleGroupVariables
+    RuleGroupVariables (RuleGroupVariables'),
+    newRuleGroupVariables,
+
+    -- ** RuleGroupVariablesIpSetsDetails
+    RuleGroupVariablesIpSetsDetails (RuleGroupVariablesIpSetsDetails'),
+    newRuleGroupVariablesIpSetsDetails,
+
+    -- ** RuleGroupVariablesPortSetsDetails
+    RuleGroupVariablesPortSetsDetails (RuleGroupVariablesPortSetsDetails'),
+    newRuleGroupVariablesPortSetsDetails,
+
+    -- ** SensitiveDataDetections
+    SensitiveDataDetections (SensitiveDataDetections'),
+    newSensitiveDataDetections,
+
+    -- ** SensitiveDataResult
+    SensitiveDataResult (SensitiveDataResult'),
+    newSensitiveDataResult,
+
+    -- ** Severity
+    Severity (Severity'),
+    newSeverity,
+
+    -- ** SeverityUpdate
+    SeverityUpdate (SeverityUpdate'),
+    newSeverityUpdate,
+
+    -- ** SoftwarePackage
+    SoftwarePackage (SoftwarePackage'),
+    newSoftwarePackage,
+
+    -- ** SortCriterion
+    SortCriterion (SortCriterion'),
+    newSortCriterion,
+
+    -- ** Standard
+    Standard (Standard'),
+    newStandard,
+
+    -- ** StandardsControl
+    StandardsControl (StandardsControl'),
+    newStandardsControl,
+
+    -- ** StandardsManagedBy
+    StandardsManagedBy (StandardsManagedBy'),
+    newStandardsManagedBy,
+
+    -- ** StandardsStatusReason
+    StandardsStatusReason (StandardsStatusReason'),
+    newStandardsStatusReason,
+
+    -- ** StandardsSubscription
+    StandardsSubscription (StandardsSubscription'),
+    newStandardsSubscription,
+
+    -- ** StandardsSubscriptionRequest
+    StandardsSubscriptionRequest (StandardsSubscriptionRequest'),
+    newStandardsSubscriptionRequest,
+
+    -- ** StatelessCustomActionDefinition
+    StatelessCustomActionDefinition (StatelessCustomActionDefinition'),
+    newStatelessCustomActionDefinition,
+
+    -- ** StatelessCustomPublishMetricAction
+    StatelessCustomPublishMetricAction (StatelessCustomPublishMetricAction'),
+    newStatelessCustomPublishMetricAction,
+
+    -- ** StatelessCustomPublishMetricActionDimension
+    StatelessCustomPublishMetricActionDimension (StatelessCustomPublishMetricActionDimension'),
+    newStatelessCustomPublishMetricActionDimension,
+
+    -- ** StatusReason
+    StatusReason (StatusReason'),
+    newStatusReason,
+
+    -- ** StringFilter
+    StringFilter (StringFilter'),
+    newStringFilter,
+
+    -- ** Threat
+    Threat (Threat'),
+    newThreat,
+
+    -- ** ThreatIntelIndicator
+    ThreatIntelIndicator (ThreatIntelIndicator'),
+    newThreatIntelIndicator,
+
+    -- ** VolumeMount
+    VolumeMount (VolumeMount'),
+    newVolumeMount,
+
+    -- ** VpcInfoCidrBlockSetDetails
+    VpcInfoCidrBlockSetDetails (VpcInfoCidrBlockSetDetails'),
+    newVpcInfoCidrBlockSetDetails,
+
+    -- ** VpcInfoIpv6CidrBlockSetDetails
+    VpcInfoIpv6CidrBlockSetDetails (VpcInfoIpv6CidrBlockSetDetails'),
+    newVpcInfoIpv6CidrBlockSetDetails,
+
+    -- ** VpcInfoPeeringOptionsDetails
+    VpcInfoPeeringOptionsDetails (VpcInfoPeeringOptionsDetails'),
+    newVpcInfoPeeringOptionsDetails,
+
+    -- ** Vulnerability
+    Vulnerability (Vulnerability'),
+    newVulnerability,
+
+    -- ** VulnerabilityVendor
+    VulnerabilityVendor (VulnerabilityVendor'),
+    newVulnerabilityVendor,
+
+    -- ** WafAction
+    WafAction (WafAction'),
+    newWafAction,
+
+    -- ** WafExcludedRule
+    WafExcludedRule (WafExcludedRule'),
+    newWafExcludedRule,
+
+    -- ** WafOverrideAction
+    WafOverrideAction (WafOverrideAction'),
+    newWafOverrideAction,
+
+    -- ** Workflow
+    Workflow (Workflow'),
+    newWorkflow,
+
+    -- ** WorkflowUpdate
+    WorkflowUpdate (WorkflowUpdate'),
+    newWorkflowUpdate,
+  )
+where
+
+import Amazonka.SecurityHub.AcceptAdministratorInvitation
+import Amazonka.SecurityHub.BatchDisableStandards
+import Amazonka.SecurityHub.BatchEnableStandards
+import Amazonka.SecurityHub.BatchImportFindings
+import Amazonka.SecurityHub.BatchUpdateFindings
+import Amazonka.SecurityHub.CreateActionTarget
+import Amazonka.SecurityHub.CreateFindingAggregator
+import Amazonka.SecurityHub.CreateInsight
+import Amazonka.SecurityHub.CreateMembers
+import Amazonka.SecurityHub.DeclineInvitations
+import Amazonka.SecurityHub.DeleteActionTarget
+import Amazonka.SecurityHub.DeleteFindingAggregator
+import Amazonka.SecurityHub.DeleteInsight
+import Amazonka.SecurityHub.DeleteInvitations
+import Amazonka.SecurityHub.DeleteMembers
+import Amazonka.SecurityHub.DescribeActionTargets
+import Amazonka.SecurityHub.DescribeHub
+import Amazonka.SecurityHub.DescribeOrganizationConfiguration
+import Amazonka.SecurityHub.DescribeProducts
+import Amazonka.SecurityHub.DescribeStandards
+import Amazonka.SecurityHub.DescribeStandardsControls
+import Amazonka.SecurityHub.DisableImportFindingsForProduct
+import Amazonka.SecurityHub.DisableOrganizationAdminAccount
+import Amazonka.SecurityHub.DisableSecurityHub
+import Amazonka.SecurityHub.DisassociateFromAdministratorAccount
+import Amazonka.SecurityHub.DisassociateMembers
+import Amazonka.SecurityHub.EnableImportFindingsForProduct
+import Amazonka.SecurityHub.EnableOrganizationAdminAccount
+import Amazonka.SecurityHub.EnableSecurityHub
+import Amazonka.SecurityHub.GetAdministratorAccount
+import Amazonka.SecurityHub.GetEnabledStandards
+import Amazonka.SecurityHub.GetFindingAggregator
+import Amazonka.SecurityHub.GetFindings
+import Amazonka.SecurityHub.GetInsightResults
+import Amazonka.SecurityHub.GetInsights
+import Amazonka.SecurityHub.GetInvitationsCount
+import Amazonka.SecurityHub.GetMembers
+import Amazonka.SecurityHub.InviteMembers
+import Amazonka.SecurityHub.Lens
+import Amazonka.SecurityHub.ListEnabledProductsForImport
+import Amazonka.SecurityHub.ListFindingAggregators
+import Amazonka.SecurityHub.ListInvitations
+import Amazonka.SecurityHub.ListMembers
+import Amazonka.SecurityHub.ListOrganizationAdminAccounts
+import Amazonka.SecurityHub.ListTagsForResource
+import Amazonka.SecurityHub.TagResource
+import Amazonka.SecurityHub.Types
+import Amazonka.SecurityHub.UntagResource
+import Amazonka.SecurityHub.UpdateActionTarget
+import Amazonka.SecurityHub.UpdateFindingAggregator
+import Amazonka.SecurityHub.UpdateFindings
+import Amazonka.SecurityHub.UpdateInsight
+import Amazonka.SecurityHub.UpdateOrganizationConfiguration
+import Amazonka.SecurityHub.UpdateSecurityHubConfiguration
+import Amazonka.SecurityHub.UpdateStandardsControl
+import Amazonka.SecurityHub.Waiters
+
+-- $errors
+-- Error matchers are designed for use with the functions provided by
+-- <http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.
+-- This allows catching (and rethrowing) service specific errors returned
+-- by 'SecurityHub'.
+
+-- $operations
+-- Some AWS operations return results that are incomplete and require subsequent
+-- requests in order to obtain the entire result set. The process of sending
+-- subsequent requests to continue where a previous request left off is called
+-- pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to
+-- 1000 objects at a time, and you must send subsequent requests with the
+-- appropriate Marker in order to retrieve the next page of results.
+--
+-- Operations that have an 'AWSPager' instance can transparently perform subsequent
+-- requests, correctly setting Markers and other request facets to iterate through
+-- the entire result set of a truncated API operation. Operations which support
+-- this have an additional note in the documentation.
+--
+-- Many operations have the ability to filter results on the server side. See the
+-- individual operation parameters for details.
+
+-- $waiters
+-- Waiters poll by repeatedly sending a request until some remote success condition
+-- configured by the 'Wait' specification is fulfilled. The 'Wait' specification
+-- determines how many attempts should be made, in addition to delay and retry strategies.
diff --git a/gen/Amazonka/SecurityHub/AcceptAdministratorInvitation.hs b/gen/Amazonka/SecurityHub/AcceptAdministratorInvitation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/AcceptAdministratorInvitation.hs
@@ -0,0 +1,199 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.AcceptAdministratorInvitation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Accepts the invitation to be a member account and be monitored by the
+-- Security Hub administrator account that the invitation was sent from.
+--
+-- This operation is only used by member accounts that are not added
+-- through Organizations.
+--
+-- When the member account accepts the invitation, permission is granted to
+-- the administrator account to view findings generated in the member
+-- account.
+module Amazonka.SecurityHub.AcceptAdministratorInvitation
+  ( -- * Creating a Request
+    AcceptAdministratorInvitation (..),
+    newAcceptAdministratorInvitation,
+
+    -- * Request Lenses
+    acceptAdministratorInvitation_administratorId,
+    acceptAdministratorInvitation_invitationId,
+
+    -- * Destructuring the Response
+    AcceptAdministratorInvitationResponse (..),
+    newAcceptAdministratorInvitationResponse,
+
+    -- * Response Lenses
+    acceptAdministratorInvitationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newAcceptAdministratorInvitation' smart constructor.
+data AcceptAdministratorInvitation = AcceptAdministratorInvitation'
+  { -- | The account ID of the Security Hub administrator account that sent the
+    -- invitation.
+    administratorId :: Prelude.Text,
+    -- | The identifier of the invitation sent from the Security Hub
+    -- administrator account.
+    invitationId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AcceptAdministratorInvitation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'administratorId', 'acceptAdministratorInvitation_administratorId' - The account ID of the Security Hub administrator account that sent the
+-- invitation.
+--
+-- 'invitationId', 'acceptAdministratorInvitation_invitationId' - The identifier of the invitation sent from the Security Hub
+-- administrator account.
+newAcceptAdministratorInvitation ::
+  -- | 'administratorId'
+  Prelude.Text ->
+  -- | 'invitationId'
+  Prelude.Text ->
+  AcceptAdministratorInvitation
+newAcceptAdministratorInvitation
+  pAdministratorId_
+  pInvitationId_ =
+    AcceptAdministratorInvitation'
+      { administratorId =
+          pAdministratorId_,
+        invitationId = pInvitationId_
+      }
+
+-- | The account ID of the Security Hub administrator account that sent the
+-- invitation.
+acceptAdministratorInvitation_administratorId :: Lens.Lens' AcceptAdministratorInvitation Prelude.Text
+acceptAdministratorInvitation_administratorId = Lens.lens (\AcceptAdministratorInvitation' {administratorId} -> administratorId) (\s@AcceptAdministratorInvitation' {} a -> s {administratorId = a} :: AcceptAdministratorInvitation)
+
+-- | The identifier of the invitation sent from the Security Hub
+-- administrator account.
+acceptAdministratorInvitation_invitationId :: Lens.Lens' AcceptAdministratorInvitation Prelude.Text
+acceptAdministratorInvitation_invitationId = Lens.lens (\AcceptAdministratorInvitation' {invitationId} -> invitationId) (\s@AcceptAdministratorInvitation' {} a -> s {invitationId = a} :: AcceptAdministratorInvitation)
+
+instance
+  Core.AWSRequest
+    AcceptAdministratorInvitation
+  where
+  type
+    AWSResponse AcceptAdministratorInvitation =
+      AcceptAdministratorInvitationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          AcceptAdministratorInvitationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    AcceptAdministratorInvitation
+  where
+  hashWithSalt _salt AcceptAdministratorInvitation' {..} =
+    _salt
+      `Prelude.hashWithSalt` administratorId
+      `Prelude.hashWithSalt` invitationId
+
+instance Prelude.NFData AcceptAdministratorInvitation where
+  rnf AcceptAdministratorInvitation' {..} =
+    Prelude.rnf administratorId
+      `Prelude.seq` Prelude.rnf invitationId
+
+instance Data.ToHeaders AcceptAdministratorInvitation where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON AcceptAdministratorInvitation where
+  toJSON AcceptAdministratorInvitation' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("AdministratorId" Data..= administratorId),
+            Prelude.Just ("InvitationId" Data..= invitationId)
+          ]
+      )
+
+instance Data.ToPath AcceptAdministratorInvitation where
+  toPath = Prelude.const "/administrator"
+
+instance Data.ToQuery AcceptAdministratorInvitation where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newAcceptAdministratorInvitationResponse' smart constructor.
+data AcceptAdministratorInvitationResponse = AcceptAdministratorInvitationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AcceptAdministratorInvitationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'acceptAdministratorInvitationResponse_httpStatus' - The response's http status code.
+newAcceptAdministratorInvitationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  AcceptAdministratorInvitationResponse
+newAcceptAdministratorInvitationResponse pHttpStatus_ =
+  AcceptAdministratorInvitationResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+acceptAdministratorInvitationResponse_httpStatus :: Lens.Lens' AcceptAdministratorInvitationResponse Prelude.Int
+acceptAdministratorInvitationResponse_httpStatus = Lens.lens (\AcceptAdministratorInvitationResponse' {httpStatus} -> httpStatus) (\s@AcceptAdministratorInvitationResponse' {} a -> s {httpStatus = a} :: AcceptAdministratorInvitationResponse)
+
+instance
+  Prelude.NFData
+    AcceptAdministratorInvitationResponse
+  where
+  rnf AcceptAdministratorInvitationResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/BatchDisableStandards.hs b/gen/Amazonka/SecurityHub/BatchDisableStandards.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/BatchDisableStandards.hs
@@ -0,0 +1,181 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.BatchDisableStandards
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disables the standards specified by the provided
+-- @StandardsSubscriptionArns@.
+--
+-- For more information, see
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards.html Security Standards>
+-- section of the /Security Hub User Guide/.
+module Amazonka.SecurityHub.BatchDisableStandards
+  ( -- * Creating a Request
+    BatchDisableStandards (..),
+    newBatchDisableStandards,
+
+    -- * Request Lenses
+    batchDisableStandards_standardsSubscriptionArns,
+
+    -- * Destructuring the Response
+    BatchDisableStandardsResponse (..),
+    newBatchDisableStandardsResponse,
+
+    -- * Response Lenses
+    batchDisableStandardsResponse_standardsSubscriptions,
+    batchDisableStandardsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newBatchDisableStandards' smart constructor.
+data BatchDisableStandards = BatchDisableStandards'
+  { -- | The ARNs of the standards subscriptions to disable.
+    standardsSubscriptionArns :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'BatchDisableStandards' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'standardsSubscriptionArns', 'batchDisableStandards_standardsSubscriptionArns' - The ARNs of the standards subscriptions to disable.
+newBatchDisableStandards ::
+  -- | 'standardsSubscriptionArns'
+  Prelude.NonEmpty Prelude.Text ->
+  BatchDisableStandards
+newBatchDisableStandards pStandardsSubscriptionArns_ =
+  BatchDisableStandards'
+    { standardsSubscriptionArns =
+        Lens.coerced Lens.# pStandardsSubscriptionArns_
+    }
+
+-- | The ARNs of the standards subscriptions to disable.
+batchDisableStandards_standardsSubscriptionArns :: Lens.Lens' BatchDisableStandards (Prelude.NonEmpty Prelude.Text)
+batchDisableStandards_standardsSubscriptionArns = Lens.lens (\BatchDisableStandards' {standardsSubscriptionArns} -> standardsSubscriptionArns) (\s@BatchDisableStandards' {} a -> s {standardsSubscriptionArns = a} :: BatchDisableStandards) Prelude.. Lens.coerced
+
+instance Core.AWSRequest BatchDisableStandards where
+  type
+    AWSResponse BatchDisableStandards =
+      BatchDisableStandardsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          BatchDisableStandardsResponse'
+            Prelude.<$> ( x
+                            Data..?> "StandardsSubscriptions"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable BatchDisableStandards where
+  hashWithSalt _salt BatchDisableStandards' {..} =
+    _salt
+      `Prelude.hashWithSalt` standardsSubscriptionArns
+
+instance Prelude.NFData BatchDisableStandards where
+  rnf BatchDisableStandards' {..} =
+    Prelude.rnf standardsSubscriptionArns
+
+instance Data.ToHeaders BatchDisableStandards where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON BatchDisableStandards where
+  toJSON BatchDisableStandards' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "StandardsSubscriptionArns"
+                  Data..= standardsSubscriptionArns
+              )
+          ]
+      )
+
+instance Data.ToPath BatchDisableStandards where
+  toPath = Prelude.const "/standards/deregister"
+
+instance Data.ToQuery BatchDisableStandards where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newBatchDisableStandardsResponse' smart constructor.
+data BatchDisableStandardsResponse = BatchDisableStandardsResponse'
+  { -- | The details of the standards subscriptions that were disabled.
+    standardsSubscriptions :: Prelude.Maybe [StandardsSubscription],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'BatchDisableStandardsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'standardsSubscriptions', 'batchDisableStandardsResponse_standardsSubscriptions' - The details of the standards subscriptions that were disabled.
+--
+-- 'httpStatus', 'batchDisableStandardsResponse_httpStatus' - The response's http status code.
+newBatchDisableStandardsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  BatchDisableStandardsResponse
+newBatchDisableStandardsResponse pHttpStatus_ =
+  BatchDisableStandardsResponse'
+    { standardsSubscriptions =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The details of the standards subscriptions that were disabled.
+batchDisableStandardsResponse_standardsSubscriptions :: Lens.Lens' BatchDisableStandardsResponse (Prelude.Maybe [StandardsSubscription])
+batchDisableStandardsResponse_standardsSubscriptions = Lens.lens (\BatchDisableStandardsResponse' {standardsSubscriptions} -> standardsSubscriptions) (\s@BatchDisableStandardsResponse' {} a -> s {standardsSubscriptions = a} :: BatchDisableStandardsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+batchDisableStandardsResponse_httpStatus :: Lens.Lens' BatchDisableStandardsResponse Prelude.Int
+batchDisableStandardsResponse_httpStatus = Lens.lens (\BatchDisableStandardsResponse' {httpStatus} -> httpStatus) (\s@BatchDisableStandardsResponse' {} a -> s {httpStatus = a} :: BatchDisableStandardsResponse)
+
+instance Prelude.NFData BatchDisableStandardsResponse where
+  rnf BatchDisableStandardsResponse' {..} =
+    Prelude.rnf standardsSubscriptions
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/BatchEnableStandards.hs b/gen/Amazonka/SecurityHub/BatchEnableStandards.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/BatchEnableStandards.hs
@@ -0,0 +1,182 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.BatchEnableStandards
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Enables the standards specified by the provided @StandardsArn@. To
+-- obtain the ARN for a standard, use the @DescribeStandards@ operation.
+--
+-- For more information, see the
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards.html Security Standards>
+-- section of the /Security Hub User Guide/.
+module Amazonka.SecurityHub.BatchEnableStandards
+  ( -- * Creating a Request
+    BatchEnableStandards (..),
+    newBatchEnableStandards,
+
+    -- * Request Lenses
+    batchEnableStandards_standardsSubscriptionRequests,
+
+    -- * Destructuring the Response
+    BatchEnableStandardsResponse (..),
+    newBatchEnableStandardsResponse,
+
+    -- * Response Lenses
+    batchEnableStandardsResponse_standardsSubscriptions,
+    batchEnableStandardsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newBatchEnableStandards' smart constructor.
+data BatchEnableStandards = BatchEnableStandards'
+  { -- | The list of standards checks to enable.
+    standardsSubscriptionRequests :: Prelude.NonEmpty StandardsSubscriptionRequest
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'BatchEnableStandards' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'standardsSubscriptionRequests', 'batchEnableStandards_standardsSubscriptionRequests' - The list of standards checks to enable.
+newBatchEnableStandards ::
+  -- | 'standardsSubscriptionRequests'
+  Prelude.NonEmpty StandardsSubscriptionRequest ->
+  BatchEnableStandards
+newBatchEnableStandards
+  pStandardsSubscriptionRequests_ =
+    BatchEnableStandards'
+      { standardsSubscriptionRequests =
+          Lens.coerced Lens.# pStandardsSubscriptionRequests_
+      }
+
+-- | The list of standards checks to enable.
+batchEnableStandards_standardsSubscriptionRequests :: Lens.Lens' BatchEnableStandards (Prelude.NonEmpty StandardsSubscriptionRequest)
+batchEnableStandards_standardsSubscriptionRequests = Lens.lens (\BatchEnableStandards' {standardsSubscriptionRequests} -> standardsSubscriptionRequests) (\s@BatchEnableStandards' {} a -> s {standardsSubscriptionRequests = a} :: BatchEnableStandards) Prelude.. Lens.coerced
+
+instance Core.AWSRequest BatchEnableStandards where
+  type
+    AWSResponse BatchEnableStandards =
+      BatchEnableStandardsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          BatchEnableStandardsResponse'
+            Prelude.<$> ( x
+                            Data..?> "StandardsSubscriptions"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable BatchEnableStandards where
+  hashWithSalt _salt BatchEnableStandards' {..} =
+    _salt
+      `Prelude.hashWithSalt` standardsSubscriptionRequests
+
+instance Prelude.NFData BatchEnableStandards where
+  rnf BatchEnableStandards' {..} =
+    Prelude.rnf standardsSubscriptionRequests
+
+instance Data.ToHeaders BatchEnableStandards where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON BatchEnableStandards where
+  toJSON BatchEnableStandards' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "StandardsSubscriptionRequests"
+                  Data..= standardsSubscriptionRequests
+              )
+          ]
+      )
+
+instance Data.ToPath BatchEnableStandards where
+  toPath = Prelude.const "/standards/register"
+
+instance Data.ToQuery BatchEnableStandards where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newBatchEnableStandardsResponse' smart constructor.
+data BatchEnableStandardsResponse = BatchEnableStandardsResponse'
+  { -- | The details of the standards subscriptions that were enabled.
+    standardsSubscriptions :: Prelude.Maybe [StandardsSubscription],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'BatchEnableStandardsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'standardsSubscriptions', 'batchEnableStandardsResponse_standardsSubscriptions' - The details of the standards subscriptions that were enabled.
+--
+-- 'httpStatus', 'batchEnableStandardsResponse_httpStatus' - The response's http status code.
+newBatchEnableStandardsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  BatchEnableStandardsResponse
+newBatchEnableStandardsResponse pHttpStatus_ =
+  BatchEnableStandardsResponse'
+    { standardsSubscriptions =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The details of the standards subscriptions that were enabled.
+batchEnableStandardsResponse_standardsSubscriptions :: Lens.Lens' BatchEnableStandardsResponse (Prelude.Maybe [StandardsSubscription])
+batchEnableStandardsResponse_standardsSubscriptions = Lens.lens (\BatchEnableStandardsResponse' {standardsSubscriptions} -> standardsSubscriptions) (\s@BatchEnableStandardsResponse' {} a -> s {standardsSubscriptions = a} :: BatchEnableStandardsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+batchEnableStandardsResponse_httpStatus :: Lens.Lens' BatchEnableStandardsResponse Prelude.Int
+batchEnableStandardsResponse_httpStatus = Lens.lens (\BatchEnableStandardsResponse' {httpStatus} -> httpStatus) (\s@BatchEnableStandardsResponse' {} a -> s {httpStatus = a} :: BatchEnableStandardsResponse)
+
+instance Prelude.NFData BatchEnableStandardsResponse where
+  rnf BatchEnableStandardsResponse' {..} =
+    Prelude.rnf standardsSubscriptions
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/BatchImportFindings.hs b/gen/Amazonka/SecurityHub/BatchImportFindings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/BatchImportFindings.hs
@@ -0,0 +1,255 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.BatchImportFindings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Imports security findings generated by a finding provider into Security
+-- Hub. This action is requested by the finding provider to import its
+-- findings into Security Hub.
+--
+-- @BatchImportFindings@ must be called by one of the following:
+--
+-- -   The Amazon Web Services account that is associated with a finding if
+--     you are using the
+--     <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-custom-providers.html#securityhub-custom-providers-bfi-reqs default product ARN>
+--     or are a partner sending findings from within a customer\'s Amazon
+--     Web Services account. In these cases, the identifier of the account
+--     that you are calling @BatchImportFindings@ from needs to be the same
+--     as the @AwsAccountId@ attribute for the finding.
+--
+-- -   An Amazon Web Services account that Security Hub has allow-listed
+--     for an official partner integration. In this case, you can call
+--     @BatchImportFindings@ from the allow-listed account and send
+--     findings from different customer accounts in the same batch.
+--
+-- The maximum allowed size for a finding is 240 Kb. An error is returned
+-- for any finding larger than 240 Kb.
+--
+-- After a finding is created, @BatchImportFindings@ cannot be used to
+-- update the following finding fields and objects, which Security Hub
+-- customers use to manage their investigation workflow.
+--
+-- -   @Note@
+--
+-- -   @UserDefinedFields@
+--
+-- -   @VerificationState@
+--
+-- -   @Workflow@
+--
+-- Finding providers also should not use @BatchImportFindings@ to update
+-- the following attributes.
+--
+-- -   @Confidence@
+--
+-- -   @Criticality@
+--
+-- -   @RelatedFindings@
+--
+-- -   @Severity@
+--
+-- -   @Types@
+--
+-- Instead, finding providers use @FindingProviderFields@ to provide values
+-- for these attributes.
+module Amazonka.SecurityHub.BatchImportFindings
+  ( -- * Creating a Request
+    BatchImportFindings (..),
+    newBatchImportFindings,
+
+    -- * Request Lenses
+    batchImportFindings_findings,
+
+    -- * Destructuring the Response
+    BatchImportFindingsResponse (..),
+    newBatchImportFindingsResponse,
+
+    -- * Response Lenses
+    batchImportFindingsResponse_failedFindings,
+    batchImportFindingsResponse_httpStatus,
+    batchImportFindingsResponse_failedCount,
+    batchImportFindingsResponse_successCount,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newBatchImportFindings' smart constructor.
+data BatchImportFindings = BatchImportFindings'
+  { -- | A list of findings to import. To successfully import a finding, it must
+    -- follow the
+    -- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html Amazon Web Services Security Finding Format>.
+    -- Maximum of 100 findings per request.
+    findings :: Prelude.NonEmpty AwsSecurityFinding
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'BatchImportFindings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'findings', 'batchImportFindings_findings' - A list of findings to import. To successfully import a finding, it must
+-- follow the
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html Amazon Web Services Security Finding Format>.
+-- Maximum of 100 findings per request.
+newBatchImportFindings ::
+  -- | 'findings'
+  Prelude.NonEmpty AwsSecurityFinding ->
+  BatchImportFindings
+newBatchImportFindings pFindings_ =
+  BatchImportFindings'
+    { findings =
+        Lens.coerced Lens.# pFindings_
+    }
+
+-- | A list of findings to import. To successfully import a finding, it must
+-- follow the
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html Amazon Web Services Security Finding Format>.
+-- Maximum of 100 findings per request.
+batchImportFindings_findings :: Lens.Lens' BatchImportFindings (Prelude.NonEmpty AwsSecurityFinding)
+batchImportFindings_findings = Lens.lens (\BatchImportFindings' {findings} -> findings) (\s@BatchImportFindings' {} a -> s {findings = a} :: BatchImportFindings) Prelude.. Lens.coerced
+
+instance Core.AWSRequest BatchImportFindings where
+  type
+    AWSResponse BatchImportFindings =
+      BatchImportFindingsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          BatchImportFindingsResponse'
+            Prelude.<$> (x Data..?> "FailedFindings" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "FailedCount")
+            Prelude.<*> (x Data..:> "SuccessCount")
+      )
+
+instance Prelude.Hashable BatchImportFindings where
+  hashWithSalt _salt BatchImportFindings' {..} =
+    _salt `Prelude.hashWithSalt` findings
+
+instance Prelude.NFData BatchImportFindings where
+  rnf BatchImportFindings' {..} = Prelude.rnf findings
+
+instance Data.ToHeaders BatchImportFindings where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON BatchImportFindings where
+  toJSON BatchImportFindings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Findings" Data..= findings)]
+      )
+
+instance Data.ToPath BatchImportFindings where
+  toPath = Prelude.const "/findings/import"
+
+instance Data.ToQuery BatchImportFindings where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newBatchImportFindingsResponse' smart constructor.
+data BatchImportFindingsResponse = BatchImportFindingsResponse'
+  { -- | The list of findings that failed to import.
+    failedFindings :: Prelude.Maybe [ImportFindingsError],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The number of findings that failed to import.
+    failedCount :: Prelude.Int,
+    -- | The number of findings that were successfully imported.
+    successCount :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'BatchImportFindingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'failedFindings', 'batchImportFindingsResponse_failedFindings' - The list of findings that failed to import.
+--
+-- 'httpStatus', 'batchImportFindingsResponse_httpStatus' - The response's http status code.
+--
+-- 'failedCount', 'batchImportFindingsResponse_failedCount' - The number of findings that failed to import.
+--
+-- 'successCount', 'batchImportFindingsResponse_successCount' - The number of findings that were successfully imported.
+newBatchImportFindingsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'failedCount'
+  Prelude.Int ->
+  -- | 'successCount'
+  Prelude.Int ->
+  BatchImportFindingsResponse
+newBatchImportFindingsResponse
+  pHttpStatus_
+  pFailedCount_
+  pSuccessCount_ =
+    BatchImportFindingsResponse'
+      { failedFindings =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_,
+        failedCount = pFailedCount_,
+        successCount = pSuccessCount_
+      }
+
+-- | The list of findings that failed to import.
+batchImportFindingsResponse_failedFindings :: Lens.Lens' BatchImportFindingsResponse (Prelude.Maybe [ImportFindingsError])
+batchImportFindingsResponse_failedFindings = Lens.lens (\BatchImportFindingsResponse' {failedFindings} -> failedFindings) (\s@BatchImportFindingsResponse' {} a -> s {failedFindings = a} :: BatchImportFindingsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+batchImportFindingsResponse_httpStatus :: Lens.Lens' BatchImportFindingsResponse Prelude.Int
+batchImportFindingsResponse_httpStatus = Lens.lens (\BatchImportFindingsResponse' {httpStatus} -> httpStatus) (\s@BatchImportFindingsResponse' {} a -> s {httpStatus = a} :: BatchImportFindingsResponse)
+
+-- | The number of findings that failed to import.
+batchImportFindingsResponse_failedCount :: Lens.Lens' BatchImportFindingsResponse Prelude.Int
+batchImportFindingsResponse_failedCount = Lens.lens (\BatchImportFindingsResponse' {failedCount} -> failedCount) (\s@BatchImportFindingsResponse' {} a -> s {failedCount = a} :: BatchImportFindingsResponse)
+
+-- | The number of findings that were successfully imported.
+batchImportFindingsResponse_successCount :: Lens.Lens' BatchImportFindingsResponse Prelude.Int
+batchImportFindingsResponse_successCount = Lens.lens (\BatchImportFindingsResponse' {successCount} -> successCount) (\s@BatchImportFindingsResponse' {} a -> s {successCount = a} :: BatchImportFindingsResponse)
+
+instance Prelude.NFData BatchImportFindingsResponse where
+  rnf BatchImportFindingsResponse' {..} =
+    Prelude.rnf failedFindings
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf failedCount
+      `Prelude.seq` Prelude.rnf successCount
diff --git a/gen/Amazonka/SecurityHub/BatchUpdateFindings.hs b/gen/Amazonka/SecurityHub/BatchUpdateFindings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/BatchUpdateFindings.hs
@@ -0,0 +1,465 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.BatchUpdateFindings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Used by Security Hub customers to update information about their
+-- investigation into a finding. Requested by administrator accounts or
+-- member accounts. Administrator accounts can update findings for their
+-- account and their member accounts. Member accounts can update findings
+-- for their account.
+--
+-- Updates from @BatchUpdateFindings@ do not affect the value of
+-- @UpdatedAt@ for a finding.
+--
+-- Administrator and member accounts can use @BatchUpdateFindings@ to
+-- update the following finding fields and objects.
+--
+-- -   @Confidence@
+--
+-- -   @Criticality@
+--
+-- -   @Note@
+--
+-- -   @RelatedFindings@
+--
+-- -   @Severity@
+--
+-- -   @Types@
+--
+-- -   @UserDefinedFields@
+--
+-- -   @VerificationState@
+--
+-- -   @Workflow@
+--
+-- You can configure IAM policies to restrict access to fields and field
+-- values. For example, you might not want member accounts to be able to
+-- suppress findings or change the finding severity. See
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html#batchupdatefindings-configure-access Configuring access to BatchUpdateFindings>
+-- in the /Security Hub User Guide/.
+module Amazonka.SecurityHub.BatchUpdateFindings
+  ( -- * Creating a Request
+    BatchUpdateFindings (..),
+    newBatchUpdateFindings,
+
+    -- * Request Lenses
+    batchUpdateFindings_confidence,
+    batchUpdateFindings_criticality,
+    batchUpdateFindings_note,
+    batchUpdateFindings_relatedFindings,
+    batchUpdateFindings_severity,
+    batchUpdateFindings_types,
+    batchUpdateFindings_userDefinedFields,
+    batchUpdateFindings_verificationState,
+    batchUpdateFindings_workflow,
+    batchUpdateFindings_findingIdentifiers,
+
+    -- * Destructuring the Response
+    BatchUpdateFindingsResponse (..),
+    newBatchUpdateFindingsResponse,
+
+    -- * Response Lenses
+    batchUpdateFindingsResponse_httpStatus,
+    batchUpdateFindingsResponse_processedFindings,
+    batchUpdateFindingsResponse_unprocessedFindings,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newBatchUpdateFindings' smart constructor.
+data BatchUpdateFindings = BatchUpdateFindings'
+  { -- | The updated value for the finding confidence. Confidence is defined as
+    -- the likelihood that a finding accurately identifies the behavior or
+    -- issue that it was intended to identify.
+    --
+    -- Confidence is scored on a 0-100 basis using a ratio scale, where 0 means
+    -- zero percent confidence and 100 means 100 percent confidence.
+    confidence :: Prelude.Maybe Prelude.Natural,
+    -- | The updated value for the level of importance assigned to the resources
+    -- associated with the findings.
+    --
+    -- A score of 0 means that the underlying resources have no criticality,
+    -- and a score of 100 is reserved for the most critical resources.
+    criticality :: Prelude.Maybe Prelude.Natural,
+    note :: Prelude.Maybe NoteUpdate,
+    -- | A list of findings that are related to the updated findings.
+    relatedFindings :: Prelude.Maybe [RelatedFinding],
+    -- | Used to update the finding severity.
+    severity :: Prelude.Maybe SeverityUpdate,
+    -- | One or more finding types in the format of
+    -- namespace\/category\/classifier that classify a finding.
+    --
+    -- Valid namespace values are as follows.
+    --
+    -- -   Software and Configuration Checks
+    --
+    -- -   TTPs
+    --
+    -- -   Effects
+    --
+    -- -   Unusual Behaviors
+    --
+    -- -   Sensitive Data Identifications
+    types :: Prelude.Maybe [Prelude.Text],
+    -- | A list of name\/value string pairs associated with the finding. These
+    -- are custom, user-defined fields added to a finding.
+    userDefinedFields :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | Indicates the veracity of a finding.
+    --
+    -- The available values for @VerificationState@ are as follows.
+    --
+    -- -   @UNKNOWN@ – The default disposition of a security finding
+    --
+    -- -   @TRUE_POSITIVE@ – The security finding is confirmed
+    --
+    -- -   @FALSE_POSITIVE@ – The security finding was determined to be a false
+    --     alarm
+    --
+    -- -   @BENIGN_POSITIVE@ – A special case of @TRUE_POSITIVE@ where the
+    --     finding doesn\'t pose any threat, is expected, or both
+    verificationState :: Prelude.Maybe VerificationState,
+    -- | Used to update the workflow status of a finding.
+    --
+    -- The workflow status indicates the progress of the investigation into the
+    -- finding.
+    workflow :: Prelude.Maybe WorkflowUpdate,
+    -- | The list of findings to update. @BatchUpdateFindings@ can be used to
+    -- update up to 100 findings at a time.
+    --
+    -- For each finding, the list provides the finding identifier and the ARN
+    -- of the finding provider.
+    findingIdentifiers :: [AwsSecurityFindingIdentifier]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'BatchUpdateFindings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'confidence', 'batchUpdateFindings_confidence' - The updated value for the finding confidence. Confidence is defined as
+-- the likelihood that a finding accurately identifies the behavior or
+-- issue that it was intended to identify.
+--
+-- Confidence is scored on a 0-100 basis using a ratio scale, where 0 means
+-- zero percent confidence and 100 means 100 percent confidence.
+--
+-- 'criticality', 'batchUpdateFindings_criticality' - The updated value for the level of importance assigned to the resources
+-- associated with the findings.
+--
+-- A score of 0 means that the underlying resources have no criticality,
+-- and a score of 100 is reserved for the most critical resources.
+--
+-- 'note', 'batchUpdateFindings_note' - Undocumented member.
+--
+-- 'relatedFindings', 'batchUpdateFindings_relatedFindings' - A list of findings that are related to the updated findings.
+--
+-- 'severity', 'batchUpdateFindings_severity' - Used to update the finding severity.
+--
+-- 'types', 'batchUpdateFindings_types' - One or more finding types in the format of
+-- namespace\/category\/classifier that classify a finding.
+--
+-- Valid namespace values are as follows.
+--
+-- -   Software and Configuration Checks
+--
+-- -   TTPs
+--
+-- -   Effects
+--
+-- -   Unusual Behaviors
+--
+-- -   Sensitive Data Identifications
+--
+-- 'userDefinedFields', 'batchUpdateFindings_userDefinedFields' - A list of name\/value string pairs associated with the finding. These
+-- are custom, user-defined fields added to a finding.
+--
+-- 'verificationState', 'batchUpdateFindings_verificationState' - Indicates the veracity of a finding.
+--
+-- The available values for @VerificationState@ are as follows.
+--
+-- -   @UNKNOWN@ – The default disposition of a security finding
+--
+-- -   @TRUE_POSITIVE@ – The security finding is confirmed
+--
+-- -   @FALSE_POSITIVE@ – The security finding was determined to be a false
+--     alarm
+--
+-- -   @BENIGN_POSITIVE@ – A special case of @TRUE_POSITIVE@ where the
+--     finding doesn\'t pose any threat, is expected, or both
+--
+-- 'workflow', 'batchUpdateFindings_workflow' - Used to update the workflow status of a finding.
+--
+-- The workflow status indicates the progress of the investigation into the
+-- finding.
+--
+-- 'findingIdentifiers', 'batchUpdateFindings_findingIdentifiers' - The list of findings to update. @BatchUpdateFindings@ can be used to
+-- update up to 100 findings at a time.
+--
+-- For each finding, the list provides the finding identifier and the ARN
+-- of the finding provider.
+newBatchUpdateFindings ::
+  BatchUpdateFindings
+newBatchUpdateFindings =
+  BatchUpdateFindings'
+    { confidence = Prelude.Nothing,
+      criticality = Prelude.Nothing,
+      note = Prelude.Nothing,
+      relatedFindings = Prelude.Nothing,
+      severity = Prelude.Nothing,
+      types = Prelude.Nothing,
+      userDefinedFields = Prelude.Nothing,
+      verificationState = Prelude.Nothing,
+      workflow = Prelude.Nothing,
+      findingIdentifiers = Prelude.mempty
+    }
+
+-- | The updated value for the finding confidence. Confidence is defined as
+-- the likelihood that a finding accurately identifies the behavior or
+-- issue that it was intended to identify.
+--
+-- Confidence is scored on a 0-100 basis using a ratio scale, where 0 means
+-- zero percent confidence and 100 means 100 percent confidence.
+batchUpdateFindings_confidence :: Lens.Lens' BatchUpdateFindings (Prelude.Maybe Prelude.Natural)
+batchUpdateFindings_confidence = Lens.lens (\BatchUpdateFindings' {confidence} -> confidence) (\s@BatchUpdateFindings' {} a -> s {confidence = a} :: BatchUpdateFindings)
+
+-- | The updated value for the level of importance assigned to the resources
+-- associated with the findings.
+--
+-- A score of 0 means that the underlying resources have no criticality,
+-- and a score of 100 is reserved for the most critical resources.
+batchUpdateFindings_criticality :: Lens.Lens' BatchUpdateFindings (Prelude.Maybe Prelude.Natural)
+batchUpdateFindings_criticality = Lens.lens (\BatchUpdateFindings' {criticality} -> criticality) (\s@BatchUpdateFindings' {} a -> s {criticality = a} :: BatchUpdateFindings)
+
+-- | Undocumented member.
+batchUpdateFindings_note :: Lens.Lens' BatchUpdateFindings (Prelude.Maybe NoteUpdate)
+batchUpdateFindings_note = Lens.lens (\BatchUpdateFindings' {note} -> note) (\s@BatchUpdateFindings' {} a -> s {note = a} :: BatchUpdateFindings)
+
+-- | A list of findings that are related to the updated findings.
+batchUpdateFindings_relatedFindings :: Lens.Lens' BatchUpdateFindings (Prelude.Maybe [RelatedFinding])
+batchUpdateFindings_relatedFindings = Lens.lens (\BatchUpdateFindings' {relatedFindings} -> relatedFindings) (\s@BatchUpdateFindings' {} a -> s {relatedFindings = a} :: BatchUpdateFindings) Prelude.. Lens.mapping Lens.coerced
+
+-- | Used to update the finding severity.
+batchUpdateFindings_severity :: Lens.Lens' BatchUpdateFindings (Prelude.Maybe SeverityUpdate)
+batchUpdateFindings_severity = Lens.lens (\BatchUpdateFindings' {severity} -> severity) (\s@BatchUpdateFindings' {} a -> s {severity = a} :: BatchUpdateFindings)
+
+-- | One or more finding types in the format of
+-- namespace\/category\/classifier that classify a finding.
+--
+-- Valid namespace values are as follows.
+--
+-- -   Software and Configuration Checks
+--
+-- -   TTPs
+--
+-- -   Effects
+--
+-- -   Unusual Behaviors
+--
+-- -   Sensitive Data Identifications
+batchUpdateFindings_types :: Lens.Lens' BatchUpdateFindings (Prelude.Maybe [Prelude.Text])
+batchUpdateFindings_types = Lens.lens (\BatchUpdateFindings' {types} -> types) (\s@BatchUpdateFindings' {} a -> s {types = a} :: BatchUpdateFindings) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of name\/value string pairs associated with the finding. These
+-- are custom, user-defined fields added to a finding.
+batchUpdateFindings_userDefinedFields :: Lens.Lens' BatchUpdateFindings (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+batchUpdateFindings_userDefinedFields = Lens.lens (\BatchUpdateFindings' {userDefinedFields} -> userDefinedFields) (\s@BatchUpdateFindings' {} a -> s {userDefinedFields = a} :: BatchUpdateFindings) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates the veracity of a finding.
+--
+-- The available values for @VerificationState@ are as follows.
+--
+-- -   @UNKNOWN@ – The default disposition of a security finding
+--
+-- -   @TRUE_POSITIVE@ – The security finding is confirmed
+--
+-- -   @FALSE_POSITIVE@ – The security finding was determined to be a false
+--     alarm
+--
+-- -   @BENIGN_POSITIVE@ – A special case of @TRUE_POSITIVE@ where the
+--     finding doesn\'t pose any threat, is expected, or both
+batchUpdateFindings_verificationState :: Lens.Lens' BatchUpdateFindings (Prelude.Maybe VerificationState)
+batchUpdateFindings_verificationState = Lens.lens (\BatchUpdateFindings' {verificationState} -> verificationState) (\s@BatchUpdateFindings' {} a -> s {verificationState = a} :: BatchUpdateFindings)
+
+-- | Used to update the workflow status of a finding.
+--
+-- The workflow status indicates the progress of the investigation into the
+-- finding.
+batchUpdateFindings_workflow :: Lens.Lens' BatchUpdateFindings (Prelude.Maybe WorkflowUpdate)
+batchUpdateFindings_workflow = Lens.lens (\BatchUpdateFindings' {workflow} -> workflow) (\s@BatchUpdateFindings' {} a -> s {workflow = a} :: BatchUpdateFindings)
+
+-- | The list of findings to update. @BatchUpdateFindings@ can be used to
+-- update up to 100 findings at a time.
+--
+-- For each finding, the list provides the finding identifier and the ARN
+-- of the finding provider.
+batchUpdateFindings_findingIdentifiers :: Lens.Lens' BatchUpdateFindings [AwsSecurityFindingIdentifier]
+batchUpdateFindings_findingIdentifiers = Lens.lens (\BatchUpdateFindings' {findingIdentifiers} -> findingIdentifiers) (\s@BatchUpdateFindings' {} a -> s {findingIdentifiers = a} :: BatchUpdateFindings) Prelude.. Lens.coerced
+
+instance Core.AWSRequest BatchUpdateFindings where
+  type
+    AWSResponse BatchUpdateFindings =
+      BatchUpdateFindingsResponse
+  request overrides =
+    Request.patchJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          BatchUpdateFindingsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> ( x
+                            Data..?> "ProcessedFindings"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..?> "UnprocessedFindings"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable BatchUpdateFindings where
+  hashWithSalt _salt BatchUpdateFindings' {..} =
+    _salt
+      `Prelude.hashWithSalt` confidence
+      `Prelude.hashWithSalt` criticality
+      `Prelude.hashWithSalt` note
+      `Prelude.hashWithSalt` relatedFindings
+      `Prelude.hashWithSalt` severity
+      `Prelude.hashWithSalt` types
+      `Prelude.hashWithSalt` userDefinedFields
+      `Prelude.hashWithSalt` verificationState
+      `Prelude.hashWithSalt` workflow
+      `Prelude.hashWithSalt` findingIdentifiers
+
+instance Prelude.NFData BatchUpdateFindings where
+  rnf BatchUpdateFindings' {..} =
+    Prelude.rnf confidence
+      `Prelude.seq` Prelude.rnf criticality
+      `Prelude.seq` Prelude.rnf note
+      `Prelude.seq` Prelude.rnf relatedFindings
+      `Prelude.seq` Prelude.rnf severity
+      `Prelude.seq` Prelude.rnf types
+      `Prelude.seq` Prelude.rnf userDefinedFields
+      `Prelude.seq` Prelude.rnf verificationState
+      `Prelude.seq` Prelude.rnf workflow
+      `Prelude.seq` Prelude.rnf findingIdentifiers
+
+instance Data.ToHeaders BatchUpdateFindings where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON BatchUpdateFindings where
+  toJSON BatchUpdateFindings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Confidence" Data..=) Prelude.<$> confidence,
+            ("Criticality" Data..=) Prelude.<$> criticality,
+            ("Note" Data..=) Prelude.<$> note,
+            ("RelatedFindings" Data..=)
+              Prelude.<$> relatedFindings,
+            ("Severity" Data..=) Prelude.<$> severity,
+            ("Types" Data..=) Prelude.<$> types,
+            ("UserDefinedFields" Data..=)
+              Prelude.<$> userDefinedFields,
+            ("VerificationState" Data..=)
+              Prelude.<$> verificationState,
+            ("Workflow" Data..=) Prelude.<$> workflow,
+            Prelude.Just
+              ("FindingIdentifiers" Data..= findingIdentifiers)
+          ]
+      )
+
+instance Data.ToPath BatchUpdateFindings where
+  toPath = Prelude.const "/findings/batchupdate"
+
+instance Data.ToQuery BatchUpdateFindings where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newBatchUpdateFindingsResponse' smart constructor.
+data BatchUpdateFindingsResponse = BatchUpdateFindingsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The list of findings that were updated successfully.
+    processedFindings :: [AwsSecurityFindingIdentifier],
+    -- | The list of findings that were not updated.
+    unprocessedFindings :: [BatchUpdateFindingsUnprocessedFinding]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'BatchUpdateFindingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'batchUpdateFindingsResponse_httpStatus' - The response's http status code.
+--
+-- 'processedFindings', 'batchUpdateFindingsResponse_processedFindings' - The list of findings that were updated successfully.
+--
+-- 'unprocessedFindings', 'batchUpdateFindingsResponse_unprocessedFindings' - The list of findings that were not updated.
+newBatchUpdateFindingsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  BatchUpdateFindingsResponse
+newBatchUpdateFindingsResponse pHttpStatus_ =
+  BatchUpdateFindingsResponse'
+    { httpStatus =
+        pHttpStatus_,
+      processedFindings = Prelude.mempty,
+      unprocessedFindings = Prelude.mempty
+    }
+
+-- | The response's http status code.
+batchUpdateFindingsResponse_httpStatus :: Lens.Lens' BatchUpdateFindingsResponse Prelude.Int
+batchUpdateFindingsResponse_httpStatus = Lens.lens (\BatchUpdateFindingsResponse' {httpStatus} -> httpStatus) (\s@BatchUpdateFindingsResponse' {} a -> s {httpStatus = a} :: BatchUpdateFindingsResponse)
+
+-- | The list of findings that were updated successfully.
+batchUpdateFindingsResponse_processedFindings :: Lens.Lens' BatchUpdateFindingsResponse [AwsSecurityFindingIdentifier]
+batchUpdateFindingsResponse_processedFindings = Lens.lens (\BatchUpdateFindingsResponse' {processedFindings} -> processedFindings) (\s@BatchUpdateFindingsResponse' {} a -> s {processedFindings = a} :: BatchUpdateFindingsResponse) Prelude.. Lens.coerced
+
+-- | The list of findings that were not updated.
+batchUpdateFindingsResponse_unprocessedFindings :: Lens.Lens' BatchUpdateFindingsResponse [BatchUpdateFindingsUnprocessedFinding]
+batchUpdateFindingsResponse_unprocessedFindings = Lens.lens (\BatchUpdateFindingsResponse' {unprocessedFindings} -> unprocessedFindings) (\s@BatchUpdateFindingsResponse' {} a -> s {unprocessedFindings = a} :: BatchUpdateFindingsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData BatchUpdateFindingsResponse where
+  rnf BatchUpdateFindingsResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf processedFindings
+      `Prelude.seq` Prelude.rnf unprocessedFindings
diff --git a/gen/Amazonka/SecurityHub/CreateActionTarget.hs b/gen/Amazonka/SecurityHub/CreateActionTarget.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/CreateActionTarget.hs
@@ -0,0 +1,209 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.CreateActionTarget
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a custom action target in Security Hub.
+--
+-- You can use custom actions on findings and insights in Security Hub to
+-- trigger target actions in Amazon CloudWatch Events.
+module Amazonka.SecurityHub.CreateActionTarget
+  ( -- * Creating a Request
+    CreateActionTarget (..),
+    newCreateActionTarget,
+
+    -- * Request Lenses
+    createActionTarget_name,
+    createActionTarget_description,
+    createActionTarget_id,
+
+    -- * Destructuring the Response
+    CreateActionTargetResponse (..),
+    newCreateActionTargetResponse,
+
+    -- * Response Lenses
+    createActionTargetResponse_httpStatus,
+    createActionTargetResponse_actionTargetArn,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newCreateActionTarget' smart constructor.
+data CreateActionTarget = CreateActionTarget'
+  { -- | The name of the custom action target. Can contain up to 20 characters.
+    name :: Prelude.Text,
+    -- | The description for the custom action target.
+    description :: Prelude.Text,
+    -- | The ID for the custom action target. Can contain up to 20 alphanumeric
+    -- characters.
+    id :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateActionTarget' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'createActionTarget_name' - The name of the custom action target. Can contain up to 20 characters.
+--
+-- 'description', 'createActionTarget_description' - The description for the custom action target.
+--
+-- 'id', 'createActionTarget_id' - The ID for the custom action target. Can contain up to 20 alphanumeric
+-- characters.
+newCreateActionTarget ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'description'
+  Prelude.Text ->
+  -- | 'id'
+  Prelude.Text ->
+  CreateActionTarget
+newCreateActionTarget pName_ pDescription_ pId_ =
+  CreateActionTarget'
+    { name = pName_,
+      description = pDescription_,
+      id = pId_
+    }
+
+-- | The name of the custom action target. Can contain up to 20 characters.
+createActionTarget_name :: Lens.Lens' CreateActionTarget Prelude.Text
+createActionTarget_name = Lens.lens (\CreateActionTarget' {name} -> name) (\s@CreateActionTarget' {} a -> s {name = a} :: CreateActionTarget)
+
+-- | The description for the custom action target.
+createActionTarget_description :: Lens.Lens' CreateActionTarget Prelude.Text
+createActionTarget_description = Lens.lens (\CreateActionTarget' {description} -> description) (\s@CreateActionTarget' {} a -> s {description = a} :: CreateActionTarget)
+
+-- | The ID for the custom action target. Can contain up to 20 alphanumeric
+-- characters.
+createActionTarget_id :: Lens.Lens' CreateActionTarget Prelude.Text
+createActionTarget_id = Lens.lens (\CreateActionTarget' {id} -> id) (\s@CreateActionTarget' {} a -> s {id = a} :: CreateActionTarget)
+
+instance Core.AWSRequest CreateActionTarget where
+  type
+    AWSResponse CreateActionTarget =
+      CreateActionTargetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateActionTargetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "ActionTargetArn")
+      )
+
+instance Prelude.Hashable CreateActionTarget where
+  hashWithSalt _salt CreateActionTarget' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` id
+
+instance Prelude.NFData CreateActionTarget where
+  rnf CreateActionTarget' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf id
+
+instance Data.ToHeaders CreateActionTarget where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateActionTarget where
+  toJSON CreateActionTarget' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Description" Data..= description),
+            Prelude.Just ("Id" Data..= id)
+          ]
+      )
+
+instance Data.ToPath CreateActionTarget where
+  toPath = Prelude.const "/actionTargets"
+
+instance Data.ToQuery CreateActionTarget where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateActionTargetResponse' smart constructor.
+data CreateActionTargetResponse = CreateActionTargetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The ARN for the custom action target.
+    actionTargetArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateActionTargetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'createActionTargetResponse_httpStatus' - The response's http status code.
+--
+-- 'actionTargetArn', 'createActionTargetResponse_actionTargetArn' - The ARN for the custom action target.
+newCreateActionTargetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'actionTargetArn'
+  Prelude.Text ->
+  CreateActionTargetResponse
+newCreateActionTargetResponse
+  pHttpStatus_
+  pActionTargetArn_ =
+    CreateActionTargetResponse'
+      { httpStatus =
+          pHttpStatus_,
+        actionTargetArn = pActionTargetArn_
+      }
+
+-- | The response's http status code.
+createActionTargetResponse_httpStatus :: Lens.Lens' CreateActionTargetResponse Prelude.Int
+createActionTargetResponse_httpStatus = Lens.lens (\CreateActionTargetResponse' {httpStatus} -> httpStatus) (\s@CreateActionTargetResponse' {} a -> s {httpStatus = a} :: CreateActionTargetResponse)
+
+-- | The ARN for the custom action target.
+createActionTargetResponse_actionTargetArn :: Lens.Lens' CreateActionTargetResponse Prelude.Text
+createActionTargetResponse_actionTargetArn = Lens.lens (\CreateActionTargetResponse' {actionTargetArn} -> actionTargetArn) (\s@CreateActionTargetResponse' {} a -> s {actionTargetArn = a} :: CreateActionTargetResponse)
+
+instance Prelude.NFData CreateActionTargetResponse where
+  rnf CreateActionTargetResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf actionTargetArn
diff --git a/gen/Amazonka/SecurityHub/CreateFindingAggregator.hs b/gen/Amazonka/SecurityHub/CreateFindingAggregator.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/CreateFindingAggregator.hs
@@ -0,0 +1,320 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.CreateFindingAggregator
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Used to enable finding aggregation. Must be called from the aggregation
+-- Region.
+--
+-- For more details about cross-Region replication, see
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/finding-aggregation.html Configuring finding aggregation>
+-- in the /Security Hub User Guide/.
+module Amazonka.SecurityHub.CreateFindingAggregator
+  ( -- * Creating a Request
+    CreateFindingAggregator (..),
+    newCreateFindingAggregator,
+
+    -- * Request Lenses
+    createFindingAggregator_regions,
+    createFindingAggregator_regionLinkingMode,
+
+    -- * Destructuring the Response
+    CreateFindingAggregatorResponse (..),
+    newCreateFindingAggregatorResponse,
+
+    -- * Response Lenses
+    createFindingAggregatorResponse_findingAggregationRegion,
+    createFindingAggregatorResponse_findingAggregatorArn,
+    createFindingAggregatorResponse_regionLinkingMode,
+    createFindingAggregatorResponse_regions,
+    createFindingAggregatorResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newCreateFindingAggregator' smart constructor.
+data CreateFindingAggregator = CreateFindingAggregator'
+  { -- | If @RegionLinkingMode@ is @ALL_REGIONS_EXCEPT_SPECIFIED@, then this is a
+    -- space-separated list of Regions that do not aggregate findings to the
+    -- aggregation Region.
+    --
+    -- If @RegionLinkingMode@ is @SPECIFIED_REGIONS@, then this is a
+    -- space-separated list of Regions that do aggregate findings to the
+    -- aggregation Region.
+    regions :: Prelude.Maybe [Prelude.Text],
+    -- | Indicates whether to aggregate findings from all of the available
+    -- Regions in the current partition. Also determines whether to
+    -- automatically aggregate findings from new Regions as Security Hub
+    -- supports them and you opt into them.
+    --
+    -- The selected option also determines how to use the Regions provided in
+    -- the Regions list.
+    --
+    -- The options are as follows:
+    --
+    -- -   @ALL_REGIONS@ - Indicates to aggregate findings from all of the
+    --     Regions where Security Hub is enabled. When you choose this option,
+    --     Security Hub also automatically aggregates findings from new Regions
+    --     as Security Hub supports them and you opt into them.
+    --
+    -- -   @ALL_REGIONS_EXCEPT_SPECIFIED@ - Indicates to aggregate findings
+    --     from all of the Regions where Security Hub is enabled, except for
+    --     the Regions listed in the @Regions@ parameter. When you choose this
+    --     option, Security Hub also automatically aggregates findings from new
+    --     Regions as Security Hub supports them and you opt into them.
+    --
+    -- -   @SPECIFIED_REGIONS@ - Indicates to aggregate findings only from the
+    --     Regions listed in the @Regions@ parameter. Security Hub does not
+    --     automatically aggregate findings from new Regions.
+    regionLinkingMode :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateFindingAggregator' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'regions', 'createFindingAggregator_regions' - If @RegionLinkingMode@ is @ALL_REGIONS_EXCEPT_SPECIFIED@, then this is a
+-- space-separated list of Regions that do not aggregate findings to the
+-- aggregation Region.
+--
+-- If @RegionLinkingMode@ is @SPECIFIED_REGIONS@, then this is a
+-- space-separated list of Regions that do aggregate findings to the
+-- aggregation Region.
+--
+-- 'regionLinkingMode', 'createFindingAggregator_regionLinkingMode' - Indicates whether to aggregate findings from all of the available
+-- Regions in the current partition. Also determines whether to
+-- automatically aggregate findings from new Regions as Security Hub
+-- supports them and you opt into them.
+--
+-- The selected option also determines how to use the Regions provided in
+-- the Regions list.
+--
+-- The options are as follows:
+--
+-- -   @ALL_REGIONS@ - Indicates to aggregate findings from all of the
+--     Regions where Security Hub is enabled. When you choose this option,
+--     Security Hub also automatically aggregates findings from new Regions
+--     as Security Hub supports them and you opt into them.
+--
+-- -   @ALL_REGIONS_EXCEPT_SPECIFIED@ - Indicates to aggregate findings
+--     from all of the Regions where Security Hub is enabled, except for
+--     the Regions listed in the @Regions@ parameter. When you choose this
+--     option, Security Hub also automatically aggregates findings from new
+--     Regions as Security Hub supports them and you opt into them.
+--
+-- -   @SPECIFIED_REGIONS@ - Indicates to aggregate findings only from the
+--     Regions listed in the @Regions@ parameter. Security Hub does not
+--     automatically aggregate findings from new Regions.
+newCreateFindingAggregator ::
+  -- | 'regionLinkingMode'
+  Prelude.Text ->
+  CreateFindingAggregator
+newCreateFindingAggregator pRegionLinkingMode_ =
+  CreateFindingAggregator'
+    { regions = Prelude.Nothing,
+      regionLinkingMode = pRegionLinkingMode_
+    }
+
+-- | If @RegionLinkingMode@ is @ALL_REGIONS_EXCEPT_SPECIFIED@, then this is a
+-- space-separated list of Regions that do not aggregate findings to the
+-- aggregation Region.
+--
+-- If @RegionLinkingMode@ is @SPECIFIED_REGIONS@, then this is a
+-- space-separated list of Regions that do aggregate findings to the
+-- aggregation Region.
+createFindingAggregator_regions :: Lens.Lens' CreateFindingAggregator (Prelude.Maybe [Prelude.Text])
+createFindingAggregator_regions = Lens.lens (\CreateFindingAggregator' {regions} -> regions) (\s@CreateFindingAggregator' {} a -> s {regions = a} :: CreateFindingAggregator) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates whether to aggregate findings from all of the available
+-- Regions in the current partition. Also determines whether to
+-- automatically aggregate findings from new Regions as Security Hub
+-- supports them and you opt into them.
+--
+-- The selected option also determines how to use the Regions provided in
+-- the Regions list.
+--
+-- The options are as follows:
+--
+-- -   @ALL_REGIONS@ - Indicates to aggregate findings from all of the
+--     Regions where Security Hub is enabled. When you choose this option,
+--     Security Hub also automatically aggregates findings from new Regions
+--     as Security Hub supports them and you opt into them.
+--
+-- -   @ALL_REGIONS_EXCEPT_SPECIFIED@ - Indicates to aggregate findings
+--     from all of the Regions where Security Hub is enabled, except for
+--     the Regions listed in the @Regions@ parameter. When you choose this
+--     option, Security Hub also automatically aggregates findings from new
+--     Regions as Security Hub supports them and you opt into them.
+--
+-- -   @SPECIFIED_REGIONS@ - Indicates to aggregate findings only from the
+--     Regions listed in the @Regions@ parameter. Security Hub does not
+--     automatically aggregate findings from new Regions.
+createFindingAggregator_regionLinkingMode :: Lens.Lens' CreateFindingAggregator Prelude.Text
+createFindingAggregator_regionLinkingMode = Lens.lens (\CreateFindingAggregator' {regionLinkingMode} -> regionLinkingMode) (\s@CreateFindingAggregator' {} a -> s {regionLinkingMode = a} :: CreateFindingAggregator)
+
+instance Core.AWSRequest CreateFindingAggregator where
+  type
+    AWSResponse CreateFindingAggregator =
+      CreateFindingAggregatorResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateFindingAggregatorResponse'
+            Prelude.<$> (x Data..?> "FindingAggregationRegion")
+            Prelude.<*> (x Data..?> "FindingAggregatorArn")
+            Prelude.<*> (x Data..?> "RegionLinkingMode")
+            Prelude.<*> (x Data..?> "Regions" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateFindingAggregator where
+  hashWithSalt _salt CreateFindingAggregator' {..} =
+    _salt
+      `Prelude.hashWithSalt` regions
+      `Prelude.hashWithSalt` regionLinkingMode
+
+instance Prelude.NFData CreateFindingAggregator where
+  rnf CreateFindingAggregator' {..} =
+    Prelude.rnf regions
+      `Prelude.seq` Prelude.rnf regionLinkingMode
+
+instance Data.ToHeaders CreateFindingAggregator where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateFindingAggregator where
+  toJSON CreateFindingAggregator' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Regions" Data..=) Prelude.<$> regions,
+            Prelude.Just
+              ("RegionLinkingMode" Data..= regionLinkingMode)
+          ]
+      )
+
+instance Data.ToPath CreateFindingAggregator where
+  toPath = Prelude.const "/findingAggregator/create"
+
+instance Data.ToQuery CreateFindingAggregator where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateFindingAggregatorResponse' smart constructor.
+data CreateFindingAggregatorResponse = CreateFindingAggregatorResponse'
+  { -- | The aggregation Region.
+    findingAggregationRegion :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the finding aggregator. You use the finding aggregator ARN to
+    -- retrieve details for, update, and stop finding aggregation.
+    findingAggregatorArn :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether to link all Regions, all Regions except for a list of
+    -- excluded Regions, or a list of included Regions.
+    regionLinkingMode :: Prelude.Maybe Prelude.Text,
+    -- | The list of excluded Regions or included Regions.
+    regions :: Prelude.Maybe [Prelude.Text],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateFindingAggregatorResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'findingAggregationRegion', 'createFindingAggregatorResponse_findingAggregationRegion' - The aggregation Region.
+--
+-- 'findingAggregatorArn', 'createFindingAggregatorResponse_findingAggregatorArn' - The ARN of the finding aggregator. You use the finding aggregator ARN to
+-- retrieve details for, update, and stop finding aggregation.
+--
+-- 'regionLinkingMode', 'createFindingAggregatorResponse_regionLinkingMode' - Indicates whether to link all Regions, all Regions except for a list of
+-- excluded Regions, or a list of included Regions.
+--
+-- 'regions', 'createFindingAggregatorResponse_regions' - The list of excluded Regions or included Regions.
+--
+-- 'httpStatus', 'createFindingAggregatorResponse_httpStatus' - The response's http status code.
+newCreateFindingAggregatorResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateFindingAggregatorResponse
+newCreateFindingAggregatorResponse pHttpStatus_ =
+  CreateFindingAggregatorResponse'
+    { findingAggregationRegion =
+        Prelude.Nothing,
+      findingAggregatorArn = Prelude.Nothing,
+      regionLinkingMode = Prelude.Nothing,
+      regions = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The aggregation Region.
+createFindingAggregatorResponse_findingAggregationRegion :: Lens.Lens' CreateFindingAggregatorResponse (Prelude.Maybe Prelude.Text)
+createFindingAggregatorResponse_findingAggregationRegion = Lens.lens (\CreateFindingAggregatorResponse' {findingAggregationRegion} -> findingAggregationRegion) (\s@CreateFindingAggregatorResponse' {} a -> s {findingAggregationRegion = a} :: CreateFindingAggregatorResponse)
+
+-- | The ARN of the finding aggregator. You use the finding aggregator ARN to
+-- retrieve details for, update, and stop finding aggregation.
+createFindingAggregatorResponse_findingAggregatorArn :: Lens.Lens' CreateFindingAggregatorResponse (Prelude.Maybe Prelude.Text)
+createFindingAggregatorResponse_findingAggregatorArn = Lens.lens (\CreateFindingAggregatorResponse' {findingAggregatorArn} -> findingAggregatorArn) (\s@CreateFindingAggregatorResponse' {} a -> s {findingAggregatorArn = a} :: CreateFindingAggregatorResponse)
+
+-- | Indicates whether to link all Regions, all Regions except for a list of
+-- excluded Regions, or a list of included Regions.
+createFindingAggregatorResponse_regionLinkingMode :: Lens.Lens' CreateFindingAggregatorResponse (Prelude.Maybe Prelude.Text)
+createFindingAggregatorResponse_regionLinkingMode = Lens.lens (\CreateFindingAggregatorResponse' {regionLinkingMode} -> regionLinkingMode) (\s@CreateFindingAggregatorResponse' {} a -> s {regionLinkingMode = a} :: CreateFindingAggregatorResponse)
+
+-- | The list of excluded Regions or included Regions.
+createFindingAggregatorResponse_regions :: Lens.Lens' CreateFindingAggregatorResponse (Prelude.Maybe [Prelude.Text])
+createFindingAggregatorResponse_regions = Lens.lens (\CreateFindingAggregatorResponse' {regions} -> regions) (\s@CreateFindingAggregatorResponse' {} a -> s {regions = a} :: CreateFindingAggregatorResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+createFindingAggregatorResponse_httpStatus :: Lens.Lens' CreateFindingAggregatorResponse Prelude.Int
+createFindingAggregatorResponse_httpStatus = Lens.lens (\CreateFindingAggregatorResponse' {httpStatus} -> httpStatus) (\s@CreateFindingAggregatorResponse' {} a -> s {httpStatus = a} :: CreateFindingAggregatorResponse)
+
+instance
+  Prelude.NFData
+    CreateFindingAggregatorResponse
+  where
+  rnf CreateFindingAggregatorResponse' {..} =
+    Prelude.rnf findingAggregationRegion
+      `Prelude.seq` Prelude.rnf findingAggregatorArn
+      `Prelude.seq` Prelude.rnf regionLinkingMode
+      `Prelude.seq` Prelude.rnf regions
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/CreateInsight.hs b/gen/Amazonka/SecurityHub/CreateInsight.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/CreateInsight.hs
@@ -0,0 +1,221 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.CreateInsight
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a custom insight in Security Hub. An insight is a consolidation
+-- of findings that relate to a security issue that requires attention or
+-- remediation.
+--
+-- To group the related findings in the insight, use the
+-- @GroupByAttribute@.
+module Amazonka.SecurityHub.CreateInsight
+  ( -- * Creating a Request
+    CreateInsight (..),
+    newCreateInsight,
+
+    -- * Request Lenses
+    createInsight_name,
+    createInsight_filters,
+    createInsight_groupByAttribute,
+
+    -- * Destructuring the Response
+    CreateInsightResponse (..),
+    newCreateInsightResponse,
+
+    -- * Response Lenses
+    createInsightResponse_httpStatus,
+    createInsightResponse_insightArn,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newCreateInsight' smart constructor.
+data CreateInsight = CreateInsight'
+  { -- | The name of the custom insight to create.
+    name :: Prelude.Text,
+    -- | One or more attributes used to filter the findings included in the
+    -- insight. The insight only includes findings that match the criteria
+    -- defined in the filters.
+    filters :: AwsSecurityFindingFilters,
+    -- | The attribute used to group the findings for the insight. The grouping
+    -- attribute identifies the type of item that the insight applies to. For
+    -- example, if an insight is grouped by resource identifier, then the
+    -- insight produces a list of resource identifiers.
+    groupByAttribute :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateInsight' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'createInsight_name' - The name of the custom insight to create.
+--
+-- 'filters', 'createInsight_filters' - One or more attributes used to filter the findings included in the
+-- insight. The insight only includes findings that match the criteria
+-- defined in the filters.
+--
+-- 'groupByAttribute', 'createInsight_groupByAttribute' - The attribute used to group the findings for the insight. The grouping
+-- attribute identifies the type of item that the insight applies to. For
+-- example, if an insight is grouped by resource identifier, then the
+-- insight produces a list of resource identifiers.
+newCreateInsight ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'filters'
+  AwsSecurityFindingFilters ->
+  -- | 'groupByAttribute'
+  Prelude.Text ->
+  CreateInsight
+newCreateInsight pName_ pFilters_ pGroupByAttribute_ =
+  CreateInsight'
+    { name = pName_,
+      filters = pFilters_,
+      groupByAttribute = pGroupByAttribute_
+    }
+
+-- | The name of the custom insight to create.
+createInsight_name :: Lens.Lens' CreateInsight Prelude.Text
+createInsight_name = Lens.lens (\CreateInsight' {name} -> name) (\s@CreateInsight' {} a -> s {name = a} :: CreateInsight)
+
+-- | One or more attributes used to filter the findings included in the
+-- insight. The insight only includes findings that match the criteria
+-- defined in the filters.
+createInsight_filters :: Lens.Lens' CreateInsight AwsSecurityFindingFilters
+createInsight_filters = Lens.lens (\CreateInsight' {filters} -> filters) (\s@CreateInsight' {} a -> s {filters = a} :: CreateInsight)
+
+-- | The attribute used to group the findings for the insight. The grouping
+-- attribute identifies the type of item that the insight applies to. For
+-- example, if an insight is grouped by resource identifier, then the
+-- insight produces a list of resource identifiers.
+createInsight_groupByAttribute :: Lens.Lens' CreateInsight Prelude.Text
+createInsight_groupByAttribute = Lens.lens (\CreateInsight' {groupByAttribute} -> groupByAttribute) (\s@CreateInsight' {} a -> s {groupByAttribute = a} :: CreateInsight)
+
+instance Core.AWSRequest CreateInsight where
+  type
+    AWSResponse CreateInsight =
+      CreateInsightResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateInsightResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "InsightArn")
+      )
+
+instance Prelude.Hashable CreateInsight where
+  hashWithSalt _salt CreateInsight' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` filters
+      `Prelude.hashWithSalt` groupByAttribute
+
+instance Prelude.NFData CreateInsight where
+  rnf CreateInsight' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf filters
+      `Prelude.seq` Prelude.rnf groupByAttribute
+
+instance Data.ToHeaders CreateInsight where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateInsight where
+  toJSON CreateInsight' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Filters" Data..= filters),
+            Prelude.Just
+              ("GroupByAttribute" Data..= groupByAttribute)
+          ]
+      )
+
+instance Data.ToPath CreateInsight where
+  toPath = Prelude.const "/insights"
+
+instance Data.ToQuery CreateInsight where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateInsightResponse' smart constructor.
+data CreateInsightResponse = CreateInsightResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The ARN of the insight created.
+    insightArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateInsightResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'createInsightResponse_httpStatus' - The response's http status code.
+--
+-- 'insightArn', 'createInsightResponse_insightArn' - The ARN of the insight created.
+newCreateInsightResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'insightArn'
+  Prelude.Text ->
+  CreateInsightResponse
+newCreateInsightResponse pHttpStatus_ pInsightArn_ =
+  CreateInsightResponse'
+    { httpStatus = pHttpStatus_,
+      insightArn = pInsightArn_
+    }
+
+-- | The response's http status code.
+createInsightResponse_httpStatus :: Lens.Lens' CreateInsightResponse Prelude.Int
+createInsightResponse_httpStatus = Lens.lens (\CreateInsightResponse' {httpStatus} -> httpStatus) (\s@CreateInsightResponse' {} a -> s {httpStatus = a} :: CreateInsightResponse)
+
+-- | The ARN of the insight created.
+createInsightResponse_insightArn :: Lens.Lens' CreateInsightResponse Prelude.Text
+createInsightResponse_insightArn = Lens.lens (\CreateInsightResponse' {insightArn} -> insightArn) (\s@CreateInsightResponse' {} a -> s {insightArn = a} :: CreateInsightResponse)
+
+instance Prelude.NFData CreateInsightResponse where
+  rnf CreateInsightResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf insightArn
diff --git a/gen/Amazonka/SecurityHub/CreateMembers.hs b/gen/Amazonka/SecurityHub/CreateMembers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/CreateMembers.hs
@@ -0,0 +1,222 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.CreateMembers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a member association in Security Hub between the specified
+-- accounts and the account used to make the request, which is the
+-- administrator account. If you are integrated with Organizations, then
+-- the administrator account is designated by the organization management
+-- account.
+--
+-- @CreateMembers@ is always used to add accounts that are not organization
+-- members.
+--
+-- For accounts that are managed using Organizations, @CreateMembers@ is
+-- only used in the following cases:
+--
+-- -   Security Hub is not configured to automatically add new organization
+--     accounts.
+--
+-- -   The account was disassociated or deleted in Security Hub.
+--
+-- This action can only be used by an account that has Security Hub
+-- enabled. To enable Security Hub, you can use the @EnableSecurityHub@
+-- operation.
+--
+-- For accounts that are not organization members, you create the account
+-- association and then send an invitation to the member account. To send
+-- the invitation, you use the @InviteMembers@ operation. If the account
+-- owner accepts the invitation, the account becomes a member account in
+-- Security Hub.
+--
+-- Accounts that are managed using Organizations do not receive an
+-- invitation. They automatically become a member account in Security Hub.
+--
+-- -   If the organization account does not have Security Hub enabled, then
+--     Security Hub and the default standards are automatically enabled.
+--     Note that Security Hub cannot be enabled automatically for the
+--     organization management account. The organization management account
+--     must enable Security Hub before the administrator account enables it
+--     as a member account.
+--
+-- -   For organization accounts that already have Security Hub enabled,
+--     Security Hub does not make any other changes to those accounts. It
+--     does not change their enabled standards or controls.
+--
+-- A permissions policy is added that permits the administrator account to
+-- view the findings generated in the member account.
+--
+-- To remove the association between the administrator and member accounts,
+-- use the @DisassociateFromMasterAccount@ or @DisassociateMembers@
+-- operation.
+module Amazonka.SecurityHub.CreateMembers
+  ( -- * Creating a Request
+    CreateMembers (..),
+    newCreateMembers,
+
+    -- * Request Lenses
+    createMembers_accountDetails,
+
+    -- * Destructuring the Response
+    CreateMembersResponse (..),
+    newCreateMembersResponse,
+
+    -- * Response Lenses
+    createMembersResponse_unprocessedAccounts,
+    createMembersResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newCreateMembers' smart constructor.
+data CreateMembers = CreateMembers'
+  { -- | The list of accounts to associate with the Security Hub administrator
+    -- account. For each account, the list includes the account ID and
+    -- optionally the email address.
+    accountDetails :: [AccountDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateMembers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountDetails', 'createMembers_accountDetails' - The list of accounts to associate with the Security Hub administrator
+-- account. For each account, the list includes the account ID and
+-- optionally the email address.
+newCreateMembers ::
+  CreateMembers
+newCreateMembers =
+  CreateMembers' {accountDetails = Prelude.mempty}
+
+-- | The list of accounts to associate with the Security Hub administrator
+-- account. For each account, the list includes the account ID and
+-- optionally the email address.
+createMembers_accountDetails :: Lens.Lens' CreateMembers [AccountDetails]
+createMembers_accountDetails = Lens.lens (\CreateMembers' {accountDetails} -> accountDetails) (\s@CreateMembers' {} a -> s {accountDetails = a} :: CreateMembers) Prelude.. Lens.coerced
+
+instance Core.AWSRequest CreateMembers where
+  type
+    AWSResponse CreateMembers =
+      CreateMembersResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateMembersResponse'
+            Prelude.<$> ( x
+                            Data..?> "UnprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateMembers where
+  hashWithSalt _salt CreateMembers' {..} =
+    _salt `Prelude.hashWithSalt` accountDetails
+
+instance Prelude.NFData CreateMembers where
+  rnf CreateMembers' {..} = Prelude.rnf accountDetails
+
+instance Data.ToHeaders CreateMembers where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateMembers where
+  toJSON CreateMembers' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("AccountDetails" Data..= accountDetails)
+          ]
+      )
+
+instance Data.ToPath CreateMembers where
+  toPath = Prelude.const "/members"
+
+instance Data.ToQuery CreateMembers where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateMembersResponse' smart constructor.
+data CreateMembersResponse = CreateMembersResponse'
+  { -- | The list of Amazon Web Services accounts that were not processed. For
+    -- each account, the list includes the account ID and the email address.
+    unprocessedAccounts :: Prelude.Maybe [Result],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateMembersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'unprocessedAccounts', 'createMembersResponse_unprocessedAccounts' - The list of Amazon Web Services accounts that were not processed. For
+-- each account, the list includes the account ID and the email address.
+--
+-- 'httpStatus', 'createMembersResponse_httpStatus' - The response's http status code.
+newCreateMembersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateMembersResponse
+newCreateMembersResponse pHttpStatus_ =
+  CreateMembersResponse'
+    { unprocessedAccounts =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The list of Amazon Web Services accounts that were not processed. For
+-- each account, the list includes the account ID and the email address.
+createMembersResponse_unprocessedAccounts :: Lens.Lens' CreateMembersResponse (Prelude.Maybe [Result])
+createMembersResponse_unprocessedAccounts = Lens.lens (\CreateMembersResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@CreateMembersResponse' {} a -> s {unprocessedAccounts = a} :: CreateMembersResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+createMembersResponse_httpStatus :: Lens.Lens' CreateMembersResponse Prelude.Int
+createMembersResponse_httpStatus = Lens.lens (\CreateMembersResponse' {httpStatus} -> httpStatus) (\s@CreateMembersResponse' {} a -> s {httpStatus = a} :: CreateMembersResponse)
+
+instance Prelude.NFData CreateMembersResponse where
+  rnf CreateMembersResponse' {..} =
+    Prelude.rnf unprocessedAccounts
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/DeclineInvitations.hs b/gen/Amazonka/SecurityHub/DeclineInvitations.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DeclineInvitations.hs
@@ -0,0 +1,174 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DeclineInvitations
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Declines invitations to become a member account.
+--
+-- This operation is only used by accounts that are not part of an
+-- organization. Organization accounts do not receive invitations.
+module Amazonka.SecurityHub.DeclineInvitations
+  ( -- * Creating a Request
+    DeclineInvitations (..),
+    newDeclineInvitations,
+
+    -- * Request Lenses
+    declineInvitations_accountIds,
+
+    -- * Destructuring the Response
+    DeclineInvitationsResponse (..),
+    newDeclineInvitationsResponse,
+
+    -- * Response Lenses
+    declineInvitationsResponse_unprocessedAccounts,
+    declineInvitationsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDeclineInvitations' smart constructor.
+data DeclineInvitations = DeclineInvitations'
+  { -- | The list of account IDs for the accounts from which to decline the
+    -- invitations to Security Hub.
+    accountIds :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeclineInvitations' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountIds', 'declineInvitations_accountIds' - The list of account IDs for the accounts from which to decline the
+-- invitations to Security Hub.
+newDeclineInvitations ::
+  DeclineInvitations
+newDeclineInvitations =
+  DeclineInvitations' {accountIds = Prelude.mempty}
+
+-- | The list of account IDs for the accounts from which to decline the
+-- invitations to Security Hub.
+declineInvitations_accountIds :: Lens.Lens' DeclineInvitations [Prelude.Text]
+declineInvitations_accountIds = Lens.lens (\DeclineInvitations' {accountIds} -> accountIds) (\s@DeclineInvitations' {} a -> s {accountIds = a} :: DeclineInvitations) Prelude.. Lens.coerced
+
+instance Core.AWSRequest DeclineInvitations where
+  type
+    AWSResponse DeclineInvitations =
+      DeclineInvitationsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeclineInvitationsResponse'
+            Prelude.<$> ( x
+                            Data..?> "UnprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeclineInvitations where
+  hashWithSalt _salt DeclineInvitations' {..} =
+    _salt `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData DeclineInvitations where
+  rnf DeclineInvitations' {..} = Prelude.rnf accountIds
+
+instance Data.ToHeaders DeclineInvitations where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeclineInvitations where
+  toJSON DeclineInvitations' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("AccountIds" Data..= accountIds)]
+      )
+
+instance Data.ToPath DeclineInvitations where
+  toPath = Prelude.const "/invitations/decline"
+
+instance Data.ToQuery DeclineInvitations where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeclineInvitationsResponse' smart constructor.
+data DeclineInvitationsResponse = DeclineInvitationsResponse'
+  { -- | The list of Amazon Web Services accounts that were not processed. For
+    -- each account, the list includes the account ID and the email address.
+    unprocessedAccounts :: Prelude.Maybe [Result],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeclineInvitationsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'unprocessedAccounts', 'declineInvitationsResponse_unprocessedAccounts' - The list of Amazon Web Services accounts that were not processed. For
+-- each account, the list includes the account ID and the email address.
+--
+-- 'httpStatus', 'declineInvitationsResponse_httpStatus' - The response's http status code.
+newDeclineInvitationsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeclineInvitationsResponse
+newDeclineInvitationsResponse pHttpStatus_ =
+  DeclineInvitationsResponse'
+    { unprocessedAccounts =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The list of Amazon Web Services accounts that were not processed. For
+-- each account, the list includes the account ID and the email address.
+declineInvitationsResponse_unprocessedAccounts :: Lens.Lens' DeclineInvitationsResponse (Prelude.Maybe [Result])
+declineInvitationsResponse_unprocessedAccounts = Lens.lens (\DeclineInvitationsResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@DeclineInvitationsResponse' {} a -> s {unprocessedAccounts = a} :: DeclineInvitationsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+declineInvitationsResponse_httpStatus :: Lens.Lens' DeclineInvitationsResponse Prelude.Int
+declineInvitationsResponse_httpStatus = Lens.lens (\DeclineInvitationsResponse' {httpStatus} -> httpStatus) (\s@DeclineInvitationsResponse' {} a -> s {httpStatus = a} :: DeclineInvitationsResponse)
+
+instance Prelude.NFData DeclineInvitationsResponse where
+  rnf DeclineInvitationsResponse' {..} =
+    Prelude.rnf unprocessedAccounts
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/DeleteActionTarget.hs b/gen/Amazonka/SecurityHub/DeleteActionTarget.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DeleteActionTarget.hs
@@ -0,0 +1,171 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DeleteActionTarget
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes a custom action target from Security Hub.
+--
+-- Deleting a custom action target does not affect any findings or insights
+-- that were already sent to Amazon CloudWatch Events using the custom
+-- action.
+module Amazonka.SecurityHub.DeleteActionTarget
+  ( -- * Creating a Request
+    DeleteActionTarget (..),
+    newDeleteActionTarget,
+
+    -- * Request Lenses
+    deleteActionTarget_actionTargetArn,
+
+    -- * Destructuring the Response
+    DeleteActionTargetResponse (..),
+    newDeleteActionTargetResponse,
+
+    -- * Response Lenses
+    deleteActionTargetResponse_httpStatus,
+    deleteActionTargetResponse_actionTargetArn,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDeleteActionTarget' smart constructor.
+data DeleteActionTarget = DeleteActionTarget'
+  { -- | The ARN of the custom action target to delete.
+    actionTargetArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteActionTarget' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'actionTargetArn', 'deleteActionTarget_actionTargetArn' - The ARN of the custom action target to delete.
+newDeleteActionTarget ::
+  -- | 'actionTargetArn'
+  Prelude.Text ->
+  DeleteActionTarget
+newDeleteActionTarget pActionTargetArn_ =
+  DeleteActionTarget'
+    { actionTargetArn =
+        pActionTargetArn_
+    }
+
+-- | The ARN of the custom action target to delete.
+deleteActionTarget_actionTargetArn :: Lens.Lens' DeleteActionTarget Prelude.Text
+deleteActionTarget_actionTargetArn = Lens.lens (\DeleteActionTarget' {actionTargetArn} -> actionTargetArn) (\s@DeleteActionTarget' {} a -> s {actionTargetArn = a} :: DeleteActionTarget)
+
+instance Core.AWSRequest DeleteActionTarget where
+  type
+    AWSResponse DeleteActionTarget =
+      DeleteActionTargetResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteActionTargetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "ActionTargetArn")
+      )
+
+instance Prelude.Hashable DeleteActionTarget where
+  hashWithSalt _salt DeleteActionTarget' {..} =
+    _salt `Prelude.hashWithSalt` actionTargetArn
+
+instance Prelude.NFData DeleteActionTarget where
+  rnf DeleteActionTarget' {..} =
+    Prelude.rnf actionTargetArn
+
+instance Data.ToHeaders DeleteActionTarget where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DeleteActionTarget where
+  toPath DeleteActionTarget' {..} =
+    Prelude.mconcat
+      ["/actionTargets/", Data.toBS actionTargetArn]
+
+instance Data.ToQuery DeleteActionTarget where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteActionTargetResponse' smart constructor.
+data DeleteActionTargetResponse = DeleteActionTargetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The ARN of the custom action target that was deleted.
+    actionTargetArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteActionTargetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteActionTargetResponse_httpStatus' - The response's http status code.
+--
+-- 'actionTargetArn', 'deleteActionTargetResponse_actionTargetArn' - The ARN of the custom action target that was deleted.
+newDeleteActionTargetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'actionTargetArn'
+  Prelude.Text ->
+  DeleteActionTargetResponse
+newDeleteActionTargetResponse
+  pHttpStatus_
+  pActionTargetArn_ =
+    DeleteActionTargetResponse'
+      { httpStatus =
+          pHttpStatus_,
+        actionTargetArn = pActionTargetArn_
+      }
+
+-- | The response's http status code.
+deleteActionTargetResponse_httpStatus :: Lens.Lens' DeleteActionTargetResponse Prelude.Int
+deleteActionTargetResponse_httpStatus = Lens.lens (\DeleteActionTargetResponse' {httpStatus} -> httpStatus) (\s@DeleteActionTargetResponse' {} a -> s {httpStatus = a} :: DeleteActionTargetResponse)
+
+-- | The ARN of the custom action target that was deleted.
+deleteActionTargetResponse_actionTargetArn :: Lens.Lens' DeleteActionTargetResponse Prelude.Text
+deleteActionTargetResponse_actionTargetArn = Lens.lens (\DeleteActionTargetResponse' {actionTargetArn} -> actionTargetArn) (\s@DeleteActionTargetResponse' {} a -> s {actionTargetArn = a} :: DeleteActionTargetResponse)
+
+instance Prelude.NFData DeleteActionTargetResponse where
+  rnf DeleteActionTargetResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf actionTargetArn
diff --git a/gen/Amazonka/SecurityHub/DeleteFindingAggregator.hs b/gen/Amazonka/SecurityHub/DeleteFindingAggregator.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DeleteFindingAggregator.hs
@@ -0,0 +1,164 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DeleteFindingAggregator
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes a finding aggregator. When you delete the finding aggregator,
+-- you stop finding aggregation.
+--
+-- When you stop finding aggregation, findings that were already aggregated
+-- to the aggregation Region are still visible from the aggregation Region.
+-- New findings and finding updates are not aggregated.
+module Amazonka.SecurityHub.DeleteFindingAggregator
+  ( -- * Creating a Request
+    DeleteFindingAggregator (..),
+    newDeleteFindingAggregator,
+
+    -- * Request Lenses
+    deleteFindingAggregator_findingAggregatorArn,
+
+    -- * Destructuring the Response
+    DeleteFindingAggregatorResponse (..),
+    newDeleteFindingAggregatorResponse,
+
+    -- * Response Lenses
+    deleteFindingAggregatorResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDeleteFindingAggregator' smart constructor.
+data DeleteFindingAggregator = DeleteFindingAggregator'
+  { -- | The ARN of the finding aggregator to delete. To obtain the ARN, use
+    -- @ListFindingAggregators@.
+    findingAggregatorArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteFindingAggregator' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'findingAggregatorArn', 'deleteFindingAggregator_findingAggregatorArn' - The ARN of the finding aggregator to delete. To obtain the ARN, use
+-- @ListFindingAggregators@.
+newDeleteFindingAggregator ::
+  -- | 'findingAggregatorArn'
+  Prelude.Text ->
+  DeleteFindingAggregator
+newDeleteFindingAggregator pFindingAggregatorArn_ =
+  DeleteFindingAggregator'
+    { findingAggregatorArn =
+        pFindingAggregatorArn_
+    }
+
+-- | The ARN of the finding aggregator to delete. To obtain the ARN, use
+-- @ListFindingAggregators@.
+deleteFindingAggregator_findingAggregatorArn :: Lens.Lens' DeleteFindingAggregator Prelude.Text
+deleteFindingAggregator_findingAggregatorArn = Lens.lens (\DeleteFindingAggregator' {findingAggregatorArn} -> findingAggregatorArn) (\s@DeleteFindingAggregator' {} a -> s {findingAggregatorArn = a} :: DeleteFindingAggregator)
+
+instance Core.AWSRequest DeleteFindingAggregator where
+  type
+    AWSResponse DeleteFindingAggregator =
+      DeleteFindingAggregatorResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeleteFindingAggregatorResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteFindingAggregator where
+  hashWithSalt _salt DeleteFindingAggregator' {..} =
+    _salt `Prelude.hashWithSalt` findingAggregatorArn
+
+instance Prelude.NFData DeleteFindingAggregator where
+  rnf DeleteFindingAggregator' {..} =
+    Prelude.rnf findingAggregatorArn
+
+instance Data.ToHeaders DeleteFindingAggregator where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DeleteFindingAggregator where
+  toPath DeleteFindingAggregator' {..} =
+    Prelude.mconcat
+      [ "/findingAggregator/delete/",
+        Data.toBS findingAggregatorArn
+      ]
+
+instance Data.ToQuery DeleteFindingAggregator where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteFindingAggregatorResponse' smart constructor.
+data DeleteFindingAggregatorResponse = DeleteFindingAggregatorResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteFindingAggregatorResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteFindingAggregatorResponse_httpStatus' - The response's http status code.
+newDeleteFindingAggregatorResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteFindingAggregatorResponse
+newDeleteFindingAggregatorResponse pHttpStatus_ =
+  DeleteFindingAggregatorResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+deleteFindingAggregatorResponse_httpStatus :: Lens.Lens' DeleteFindingAggregatorResponse Prelude.Int
+deleteFindingAggregatorResponse_httpStatus = Lens.lens (\DeleteFindingAggregatorResponse' {httpStatus} -> httpStatus) (\s@DeleteFindingAggregatorResponse' {} a -> s {httpStatus = a} :: DeleteFindingAggregatorResponse)
+
+instance
+  Prelude.NFData
+    DeleteFindingAggregatorResponse
+  where
+  rnf DeleteFindingAggregatorResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/DeleteInsight.hs b/gen/Amazonka/SecurityHub/DeleteInsight.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DeleteInsight.hs
@@ -0,0 +1,160 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DeleteInsight
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the insight specified by the @InsightArn@.
+module Amazonka.SecurityHub.DeleteInsight
+  ( -- * Creating a Request
+    DeleteInsight (..),
+    newDeleteInsight,
+
+    -- * Request Lenses
+    deleteInsight_insightArn,
+
+    -- * Destructuring the Response
+    DeleteInsightResponse (..),
+    newDeleteInsightResponse,
+
+    -- * Response Lenses
+    deleteInsightResponse_httpStatus,
+    deleteInsightResponse_insightArn,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDeleteInsight' smart constructor.
+data DeleteInsight = DeleteInsight'
+  { -- | The ARN of the insight to delete.
+    insightArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteInsight' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'insightArn', 'deleteInsight_insightArn' - The ARN of the insight to delete.
+newDeleteInsight ::
+  -- | 'insightArn'
+  Prelude.Text ->
+  DeleteInsight
+newDeleteInsight pInsightArn_ =
+  DeleteInsight' {insightArn = pInsightArn_}
+
+-- | The ARN of the insight to delete.
+deleteInsight_insightArn :: Lens.Lens' DeleteInsight Prelude.Text
+deleteInsight_insightArn = Lens.lens (\DeleteInsight' {insightArn} -> insightArn) (\s@DeleteInsight' {} a -> s {insightArn = a} :: DeleteInsight)
+
+instance Core.AWSRequest DeleteInsight where
+  type
+    AWSResponse DeleteInsight =
+      DeleteInsightResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteInsightResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "InsightArn")
+      )
+
+instance Prelude.Hashable DeleteInsight where
+  hashWithSalt _salt DeleteInsight' {..} =
+    _salt `Prelude.hashWithSalt` insightArn
+
+instance Prelude.NFData DeleteInsight where
+  rnf DeleteInsight' {..} = Prelude.rnf insightArn
+
+instance Data.ToHeaders DeleteInsight where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DeleteInsight where
+  toPath DeleteInsight' {..} =
+    Prelude.mconcat
+      ["/insights/", Data.toBS insightArn]
+
+instance Data.ToQuery DeleteInsight where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteInsightResponse' smart constructor.
+data DeleteInsightResponse = DeleteInsightResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The ARN of the insight that was deleted.
+    insightArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteInsightResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteInsightResponse_httpStatus' - The response's http status code.
+--
+-- 'insightArn', 'deleteInsightResponse_insightArn' - The ARN of the insight that was deleted.
+newDeleteInsightResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'insightArn'
+  Prelude.Text ->
+  DeleteInsightResponse
+newDeleteInsightResponse pHttpStatus_ pInsightArn_ =
+  DeleteInsightResponse'
+    { httpStatus = pHttpStatus_,
+      insightArn = pInsightArn_
+    }
+
+-- | The response's http status code.
+deleteInsightResponse_httpStatus :: Lens.Lens' DeleteInsightResponse Prelude.Int
+deleteInsightResponse_httpStatus = Lens.lens (\DeleteInsightResponse' {httpStatus} -> httpStatus) (\s@DeleteInsightResponse' {} a -> s {httpStatus = a} :: DeleteInsightResponse)
+
+-- | The ARN of the insight that was deleted.
+deleteInsightResponse_insightArn :: Lens.Lens' DeleteInsightResponse Prelude.Text
+deleteInsightResponse_insightArn = Lens.lens (\DeleteInsightResponse' {insightArn} -> insightArn) (\s@DeleteInsightResponse' {} a -> s {insightArn = a} :: DeleteInsightResponse)
+
+instance Prelude.NFData DeleteInsightResponse where
+  rnf DeleteInsightResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf insightArn
diff --git a/gen/Amazonka/SecurityHub/DeleteInvitations.hs b/gen/Amazonka/SecurityHub/DeleteInvitations.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DeleteInvitations.hs
@@ -0,0 +1,175 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DeleteInvitations
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes invitations received by the Amazon Web Services account to
+-- become a member account.
+--
+-- This operation is only used by accounts that are not part of an
+-- organization. Organization accounts do not receive invitations.
+module Amazonka.SecurityHub.DeleteInvitations
+  ( -- * Creating a Request
+    DeleteInvitations (..),
+    newDeleteInvitations,
+
+    -- * Request Lenses
+    deleteInvitations_accountIds,
+
+    -- * Destructuring the Response
+    DeleteInvitationsResponse (..),
+    newDeleteInvitationsResponse,
+
+    -- * Response Lenses
+    deleteInvitationsResponse_unprocessedAccounts,
+    deleteInvitationsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDeleteInvitations' smart constructor.
+data DeleteInvitations = DeleteInvitations'
+  { -- | The list of the account IDs that sent the invitations to delete.
+    accountIds :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteInvitations' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountIds', 'deleteInvitations_accountIds' - The list of the account IDs that sent the invitations to delete.
+newDeleteInvitations ::
+  DeleteInvitations
+newDeleteInvitations =
+  DeleteInvitations' {accountIds = Prelude.mempty}
+
+-- | The list of the account IDs that sent the invitations to delete.
+deleteInvitations_accountIds :: Lens.Lens' DeleteInvitations [Prelude.Text]
+deleteInvitations_accountIds = Lens.lens (\DeleteInvitations' {accountIds} -> accountIds) (\s@DeleteInvitations' {} a -> s {accountIds = a} :: DeleteInvitations) Prelude.. Lens.coerced
+
+instance Core.AWSRequest DeleteInvitations where
+  type
+    AWSResponse DeleteInvitations =
+      DeleteInvitationsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteInvitationsResponse'
+            Prelude.<$> ( x
+                            Data..?> "UnprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteInvitations where
+  hashWithSalt _salt DeleteInvitations' {..} =
+    _salt `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData DeleteInvitations where
+  rnf DeleteInvitations' {..} = Prelude.rnf accountIds
+
+instance Data.ToHeaders DeleteInvitations where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteInvitations where
+  toJSON DeleteInvitations' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("AccountIds" Data..= accountIds)]
+      )
+
+instance Data.ToPath DeleteInvitations where
+  toPath = Prelude.const "/invitations/delete"
+
+instance Data.ToQuery DeleteInvitations where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteInvitationsResponse' smart constructor.
+data DeleteInvitationsResponse = DeleteInvitationsResponse'
+  { -- | The list of Amazon Web Services accounts for which the invitations were
+    -- not deleted. For each account, the list includes the account ID and the
+    -- email address.
+    unprocessedAccounts :: Prelude.Maybe [Result],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteInvitationsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'unprocessedAccounts', 'deleteInvitationsResponse_unprocessedAccounts' - The list of Amazon Web Services accounts for which the invitations were
+-- not deleted. For each account, the list includes the account ID and the
+-- email address.
+--
+-- 'httpStatus', 'deleteInvitationsResponse_httpStatus' - The response's http status code.
+newDeleteInvitationsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteInvitationsResponse
+newDeleteInvitationsResponse pHttpStatus_ =
+  DeleteInvitationsResponse'
+    { unprocessedAccounts =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The list of Amazon Web Services accounts for which the invitations were
+-- not deleted. For each account, the list includes the account ID and the
+-- email address.
+deleteInvitationsResponse_unprocessedAccounts :: Lens.Lens' DeleteInvitationsResponse (Prelude.Maybe [Result])
+deleteInvitationsResponse_unprocessedAccounts = Lens.lens (\DeleteInvitationsResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@DeleteInvitationsResponse' {} a -> s {unprocessedAccounts = a} :: DeleteInvitationsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+deleteInvitationsResponse_httpStatus :: Lens.Lens' DeleteInvitationsResponse Prelude.Int
+deleteInvitationsResponse_httpStatus = Lens.lens (\DeleteInvitationsResponse' {httpStatus} -> httpStatus) (\s@DeleteInvitationsResponse' {} a -> s {httpStatus = a} :: DeleteInvitationsResponse)
+
+instance Prelude.NFData DeleteInvitationsResponse where
+  rnf DeleteInvitationsResponse' {..} =
+    Prelude.rnf unprocessedAccounts
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/DeleteMembers.hs b/gen/Amazonka/SecurityHub/DeleteMembers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DeleteMembers.hs
@@ -0,0 +1,171 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DeleteMembers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the specified member accounts from Security Hub.
+--
+-- Can be used to delete member accounts that belong to an organization as
+-- well as member accounts that were invited manually.
+module Amazonka.SecurityHub.DeleteMembers
+  ( -- * Creating a Request
+    DeleteMembers (..),
+    newDeleteMembers,
+
+    -- * Request Lenses
+    deleteMembers_accountIds,
+
+    -- * Destructuring the Response
+    DeleteMembersResponse (..),
+    newDeleteMembersResponse,
+
+    -- * Response Lenses
+    deleteMembersResponse_unprocessedAccounts,
+    deleteMembersResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDeleteMembers' smart constructor.
+data DeleteMembers = DeleteMembers'
+  { -- | The list of account IDs for the member accounts to delete.
+    accountIds :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteMembers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountIds', 'deleteMembers_accountIds' - The list of account IDs for the member accounts to delete.
+newDeleteMembers ::
+  DeleteMembers
+newDeleteMembers =
+  DeleteMembers' {accountIds = Prelude.mempty}
+
+-- | The list of account IDs for the member accounts to delete.
+deleteMembers_accountIds :: Lens.Lens' DeleteMembers [Prelude.Text]
+deleteMembers_accountIds = Lens.lens (\DeleteMembers' {accountIds} -> accountIds) (\s@DeleteMembers' {} a -> s {accountIds = a} :: DeleteMembers) Prelude.. Lens.coerced
+
+instance Core.AWSRequest DeleteMembers where
+  type
+    AWSResponse DeleteMembers =
+      DeleteMembersResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteMembersResponse'
+            Prelude.<$> ( x
+                            Data..?> "UnprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteMembers where
+  hashWithSalt _salt DeleteMembers' {..} =
+    _salt `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData DeleteMembers where
+  rnf DeleteMembers' {..} = Prelude.rnf accountIds
+
+instance Data.ToHeaders DeleteMembers where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteMembers where
+  toJSON DeleteMembers' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("AccountIds" Data..= accountIds)]
+      )
+
+instance Data.ToPath DeleteMembers where
+  toPath = Prelude.const "/members/delete"
+
+instance Data.ToQuery DeleteMembers where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteMembersResponse' smart constructor.
+data DeleteMembersResponse = DeleteMembersResponse'
+  { -- | The list of Amazon Web Services accounts that were not deleted. For each
+    -- account, the list includes the account ID and the email address.
+    unprocessedAccounts :: Prelude.Maybe [Result],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteMembersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'unprocessedAccounts', 'deleteMembersResponse_unprocessedAccounts' - The list of Amazon Web Services accounts that were not deleted. For each
+-- account, the list includes the account ID and the email address.
+--
+-- 'httpStatus', 'deleteMembersResponse_httpStatus' - The response's http status code.
+newDeleteMembersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteMembersResponse
+newDeleteMembersResponse pHttpStatus_ =
+  DeleteMembersResponse'
+    { unprocessedAccounts =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The list of Amazon Web Services accounts that were not deleted. For each
+-- account, the list includes the account ID and the email address.
+deleteMembersResponse_unprocessedAccounts :: Lens.Lens' DeleteMembersResponse (Prelude.Maybe [Result])
+deleteMembersResponse_unprocessedAccounts = Lens.lens (\DeleteMembersResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@DeleteMembersResponse' {} a -> s {unprocessedAccounts = a} :: DeleteMembersResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+deleteMembersResponse_httpStatus :: Lens.Lens' DeleteMembersResponse Prelude.Int
+deleteMembersResponse_httpStatus = Lens.lens (\DeleteMembersResponse' {httpStatus} -> httpStatus) (\s@DeleteMembersResponse' {} a -> s {httpStatus = a} :: DeleteMembersResponse)
+
+instance Prelude.NFData DeleteMembersResponse where
+  rnf DeleteMembersResponse' {..} =
+    Prelude.rnf unprocessedAccounts
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/DescribeActionTargets.hs b/gen/Amazonka/SecurityHub/DescribeActionTargets.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DescribeActionTargets.hs
@@ -0,0 +1,258 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DescribeActionTargets
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns a list of the custom action targets in Security Hub in your
+-- account.
+--
+-- This operation returns paginated results.
+module Amazonka.SecurityHub.DescribeActionTargets
+  ( -- * Creating a Request
+    DescribeActionTargets (..),
+    newDescribeActionTargets,
+
+    -- * Request Lenses
+    describeActionTargets_actionTargetArns,
+    describeActionTargets_maxResults,
+    describeActionTargets_nextToken,
+
+    -- * Destructuring the Response
+    DescribeActionTargetsResponse (..),
+    newDescribeActionTargetsResponse,
+
+    -- * Response Lenses
+    describeActionTargetsResponse_nextToken,
+    describeActionTargetsResponse_httpStatus,
+    describeActionTargetsResponse_actionTargets,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDescribeActionTargets' smart constructor.
+data DescribeActionTargets = DescribeActionTargets'
+  { -- | A list of custom action target ARNs for the custom action targets to
+    -- retrieve.
+    actionTargetArns :: Prelude.Maybe [Prelude.Text],
+    -- | The maximum number of results to return.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The token that is required for pagination. On your first call to the
+    -- @DescribeActionTargets@ operation, set the value of this parameter to
+    -- @NULL@.
+    --
+    -- For subsequent calls to the operation, to continue listing data, set the
+    -- value of this parameter to the value returned from the previous
+    -- response.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeActionTargets' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'actionTargetArns', 'describeActionTargets_actionTargetArns' - A list of custom action target ARNs for the custom action targets to
+-- retrieve.
+--
+-- 'maxResults', 'describeActionTargets_maxResults' - The maximum number of results to return.
+--
+-- 'nextToken', 'describeActionTargets_nextToken' - The token that is required for pagination. On your first call to the
+-- @DescribeActionTargets@ operation, set the value of this parameter to
+-- @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+newDescribeActionTargets ::
+  DescribeActionTargets
+newDescribeActionTargets =
+  DescribeActionTargets'
+    { actionTargetArns =
+        Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | A list of custom action target ARNs for the custom action targets to
+-- retrieve.
+describeActionTargets_actionTargetArns :: Lens.Lens' DescribeActionTargets (Prelude.Maybe [Prelude.Text])
+describeActionTargets_actionTargetArns = Lens.lens (\DescribeActionTargets' {actionTargetArns} -> actionTargetArns) (\s@DescribeActionTargets' {} a -> s {actionTargetArns = a} :: DescribeActionTargets) Prelude.. Lens.mapping Lens.coerced
+
+-- | The maximum number of results to return.
+describeActionTargets_maxResults :: Lens.Lens' DescribeActionTargets (Prelude.Maybe Prelude.Natural)
+describeActionTargets_maxResults = Lens.lens (\DescribeActionTargets' {maxResults} -> maxResults) (\s@DescribeActionTargets' {} a -> s {maxResults = a} :: DescribeActionTargets)
+
+-- | The token that is required for pagination. On your first call to the
+-- @DescribeActionTargets@ operation, set the value of this parameter to
+-- @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+describeActionTargets_nextToken :: Lens.Lens' DescribeActionTargets (Prelude.Maybe Prelude.Text)
+describeActionTargets_nextToken = Lens.lens (\DescribeActionTargets' {nextToken} -> nextToken) (\s@DescribeActionTargets' {} a -> s {nextToken = a} :: DescribeActionTargets)
+
+instance Core.AWSPager DescribeActionTargets where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? describeActionTargetsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^. describeActionTargetsResponse_actionTargets
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& describeActionTargets_nextToken
+          Lens..~ rs
+          Lens.^? describeActionTargetsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest DescribeActionTargets where
+  type
+    AWSResponse DescribeActionTargets =
+      DescribeActionTargetsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeActionTargetsResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "ActionTargets" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable DescribeActionTargets where
+  hashWithSalt _salt DescribeActionTargets' {..} =
+    _salt
+      `Prelude.hashWithSalt` actionTargetArns
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData DescribeActionTargets where
+  rnf DescribeActionTargets' {..} =
+    Prelude.rnf actionTargetArns
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders DescribeActionTargets where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DescribeActionTargets where
+  toJSON DescribeActionTargets' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ActionTargetArns" Data..=)
+              Prelude.<$> actionTargetArns,
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken
+          ]
+      )
+
+instance Data.ToPath DescribeActionTargets where
+  toPath = Prelude.const "/actionTargets/get"
+
+instance Data.ToQuery DescribeActionTargets where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeActionTargetsResponse' smart constructor.
+data DescribeActionTargetsResponse = DescribeActionTargetsResponse'
+  { -- | The pagination token to use to request the next page of results.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of @ActionTarget@ objects. Each object includes the
+    -- @ActionTargetArn@, @Description@, and @Name@ of a custom action target
+    -- available in Security Hub.
+    actionTargets :: [ActionTarget]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeActionTargetsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'describeActionTargetsResponse_nextToken' - The pagination token to use to request the next page of results.
+--
+-- 'httpStatus', 'describeActionTargetsResponse_httpStatus' - The response's http status code.
+--
+-- 'actionTargets', 'describeActionTargetsResponse_actionTargets' - A list of @ActionTarget@ objects. Each object includes the
+-- @ActionTargetArn@, @Description@, and @Name@ of a custom action target
+-- available in Security Hub.
+newDescribeActionTargetsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeActionTargetsResponse
+newDescribeActionTargetsResponse pHttpStatus_ =
+  DescribeActionTargetsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      actionTargets = Prelude.mempty
+    }
+
+-- | The pagination token to use to request the next page of results.
+describeActionTargetsResponse_nextToken :: Lens.Lens' DescribeActionTargetsResponse (Prelude.Maybe Prelude.Text)
+describeActionTargetsResponse_nextToken = Lens.lens (\DescribeActionTargetsResponse' {nextToken} -> nextToken) (\s@DescribeActionTargetsResponse' {} a -> s {nextToken = a} :: DescribeActionTargetsResponse)
+
+-- | The response's http status code.
+describeActionTargetsResponse_httpStatus :: Lens.Lens' DescribeActionTargetsResponse Prelude.Int
+describeActionTargetsResponse_httpStatus = Lens.lens (\DescribeActionTargetsResponse' {httpStatus} -> httpStatus) (\s@DescribeActionTargetsResponse' {} a -> s {httpStatus = a} :: DescribeActionTargetsResponse)
+
+-- | A list of @ActionTarget@ objects. Each object includes the
+-- @ActionTargetArn@, @Description@, and @Name@ of a custom action target
+-- available in Security Hub.
+describeActionTargetsResponse_actionTargets :: Lens.Lens' DescribeActionTargetsResponse [ActionTarget]
+describeActionTargetsResponse_actionTargets = Lens.lens (\DescribeActionTargetsResponse' {actionTargets} -> actionTargets) (\s@DescribeActionTargetsResponse' {} a -> s {actionTargets = a} :: DescribeActionTargetsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData DescribeActionTargetsResponse where
+  rnf DescribeActionTargetsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf actionTargets
diff --git a/gen/Amazonka/SecurityHub/DescribeHub.hs b/gen/Amazonka/SecurityHub/DescribeHub.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DescribeHub.hs
@@ -0,0 +1,191 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DescribeHub
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns details about the Hub resource in your account, including the
+-- @HubArn@ and the time when you enabled Security Hub.
+module Amazonka.SecurityHub.DescribeHub
+  ( -- * Creating a Request
+    DescribeHub (..),
+    newDescribeHub,
+
+    -- * Request Lenses
+    describeHub_hubArn,
+
+    -- * Destructuring the Response
+    DescribeHubResponse (..),
+    newDescribeHubResponse,
+
+    -- * Response Lenses
+    describeHubResponse_autoEnableControls,
+    describeHubResponse_hubArn,
+    describeHubResponse_subscribedAt,
+    describeHubResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDescribeHub' smart constructor.
+data DescribeHub = DescribeHub'
+  { -- | The ARN of the Hub resource to retrieve.
+    hubArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeHub' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'hubArn', 'describeHub_hubArn' - The ARN of the Hub resource to retrieve.
+newDescribeHub ::
+  DescribeHub
+newDescribeHub =
+  DescribeHub' {hubArn = Prelude.Nothing}
+
+-- | The ARN of the Hub resource to retrieve.
+describeHub_hubArn :: Lens.Lens' DescribeHub (Prelude.Maybe Prelude.Text)
+describeHub_hubArn = Lens.lens (\DescribeHub' {hubArn} -> hubArn) (\s@DescribeHub' {} a -> s {hubArn = a} :: DescribeHub)
+
+instance Core.AWSRequest DescribeHub where
+  type AWSResponse DescribeHub = DescribeHubResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeHubResponse'
+            Prelude.<$> (x Data..?> "AutoEnableControls")
+            Prelude.<*> (x Data..?> "HubArn")
+            Prelude.<*> (x Data..?> "SubscribedAt")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DescribeHub where
+  hashWithSalt _salt DescribeHub' {..} =
+    _salt `Prelude.hashWithSalt` hubArn
+
+instance Prelude.NFData DescribeHub where
+  rnf DescribeHub' {..} = Prelude.rnf hubArn
+
+instance Data.ToHeaders DescribeHub where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DescribeHub where
+  toPath = Prelude.const "/accounts"
+
+instance Data.ToQuery DescribeHub where
+  toQuery DescribeHub' {..} =
+    Prelude.mconcat ["HubArn" Data.=: hubArn]
+
+-- | /See:/ 'newDescribeHubResponse' smart constructor.
+data DescribeHubResponse = DescribeHubResponse'
+  { -- | Whether to automatically enable new controls when they are added to
+    -- standards that are enabled.
+    --
+    -- If set to @true@, then new controls for enabled standards are enabled
+    -- automatically. If set to @false@, then new controls are not enabled.
+    autoEnableControls :: Prelude.Maybe Prelude.Bool,
+    -- | The ARN of the Hub resource that was retrieved.
+    hubArn :: Prelude.Maybe Prelude.Text,
+    -- | The date and time when Security Hub was enabled in the account.
+    subscribedAt :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeHubResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'autoEnableControls', 'describeHubResponse_autoEnableControls' - Whether to automatically enable new controls when they are added to
+-- standards that are enabled.
+--
+-- If set to @true@, then new controls for enabled standards are enabled
+-- automatically. If set to @false@, then new controls are not enabled.
+--
+-- 'hubArn', 'describeHubResponse_hubArn' - The ARN of the Hub resource that was retrieved.
+--
+-- 'subscribedAt', 'describeHubResponse_subscribedAt' - The date and time when Security Hub was enabled in the account.
+--
+-- 'httpStatus', 'describeHubResponse_httpStatus' - The response's http status code.
+newDescribeHubResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeHubResponse
+newDescribeHubResponse pHttpStatus_ =
+  DescribeHubResponse'
+    { autoEnableControls =
+        Prelude.Nothing,
+      hubArn = Prelude.Nothing,
+      subscribedAt = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Whether to automatically enable new controls when they are added to
+-- standards that are enabled.
+--
+-- If set to @true@, then new controls for enabled standards are enabled
+-- automatically. If set to @false@, then new controls are not enabled.
+describeHubResponse_autoEnableControls :: Lens.Lens' DescribeHubResponse (Prelude.Maybe Prelude.Bool)
+describeHubResponse_autoEnableControls = Lens.lens (\DescribeHubResponse' {autoEnableControls} -> autoEnableControls) (\s@DescribeHubResponse' {} a -> s {autoEnableControls = a} :: DescribeHubResponse)
+
+-- | The ARN of the Hub resource that was retrieved.
+describeHubResponse_hubArn :: Lens.Lens' DescribeHubResponse (Prelude.Maybe Prelude.Text)
+describeHubResponse_hubArn = Lens.lens (\DescribeHubResponse' {hubArn} -> hubArn) (\s@DescribeHubResponse' {} a -> s {hubArn = a} :: DescribeHubResponse)
+
+-- | The date and time when Security Hub was enabled in the account.
+describeHubResponse_subscribedAt :: Lens.Lens' DescribeHubResponse (Prelude.Maybe Prelude.Text)
+describeHubResponse_subscribedAt = Lens.lens (\DescribeHubResponse' {subscribedAt} -> subscribedAt) (\s@DescribeHubResponse' {} a -> s {subscribedAt = a} :: DescribeHubResponse)
+
+-- | The response's http status code.
+describeHubResponse_httpStatus :: Lens.Lens' DescribeHubResponse Prelude.Int
+describeHubResponse_httpStatus = Lens.lens (\DescribeHubResponse' {httpStatus} -> httpStatus) (\s@DescribeHubResponse' {} a -> s {httpStatus = a} :: DescribeHubResponse)
+
+instance Prelude.NFData DescribeHubResponse where
+  rnf DescribeHubResponse' {..} =
+    Prelude.rnf autoEnableControls
+      `Prelude.seq` Prelude.rnf hubArn
+      `Prelude.seq` Prelude.rnf subscribedAt
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/DescribeOrganizationConfiguration.hs b/gen/Amazonka/SecurityHub/DescribeOrganizationConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DescribeOrganizationConfiguration.hs
@@ -0,0 +1,230 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DescribeOrganizationConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns information about the Organizations configuration for Security
+-- Hub. Can only be called from a Security Hub administrator account.
+module Amazonka.SecurityHub.DescribeOrganizationConfiguration
+  ( -- * Creating a Request
+    DescribeOrganizationConfiguration (..),
+    newDescribeOrganizationConfiguration,
+
+    -- * Destructuring the Response
+    DescribeOrganizationConfigurationResponse (..),
+    newDescribeOrganizationConfigurationResponse,
+
+    -- * Response Lenses
+    describeOrganizationConfigurationResponse_autoEnable,
+    describeOrganizationConfigurationResponse_autoEnableStandards,
+    describeOrganizationConfigurationResponse_memberAccountLimitReached,
+    describeOrganizationConfigurationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDescribeOrganizationConfiguration' smart constructor.
+data DescribeOrganizationConfiguration = DescribeOrganizationConfiguration'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeOrganizationConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newDescribeOrganizationConfiguration ::
+  DescribeOrganizationConfiguration
+newDescribeOrganizationConfiguration =
+  DescribeOrganizationConfiguration'
+
+instance
+  Core.AWSRequest
+    DescribeOrganizationConfiguration
+  where
+  type
+    AWSResponse DescribeOrganizationConfiguration =
+      DescribeOrganizationConfigurationResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeOrganizationConfigurationResponse'
+            Prelude.<$> (x Data..?> "AutoEnable")
+            Prelude.<*> (x Data..?> "AutoEnableStandards")
+            Prelude.<*> (x Data..?> "MemberAccountLimitReached")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DescribeOrganizationConfiguration
+  where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance
+  Prelude.NFData
+    DescribeOrganizationConfiguration
+  where
+  rnf _ = ()
+
+instance
+  Data.ToHeaders
+    DescribeOrganizationConfiguration
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToPath
+    DescribeOrganizationConfiguration
+  where
+  toPath = Prelude.const "/organization/configuration"
+
+instance
+  Data.ToQuery
+    DescribeOrganizationConfiguration
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeOrganizationConfigurationResponse' smart constructor.
+data DescribeOrganizationConfigurationResponse = DescribeOrganizationConfigurationResponse'
+  { -- | Whether to automatically enable Security Hub for new accounts in the
+    -- organization.
+    --
+    -- If set to @true@, then Security Hub is enabled for new accounts. If set
+    -- to false, then new accounts are not added automatically.
+    autoEnable :: Prelude.Maybe Prelude.Bool,
+    -- | Whether to automatically enable Security Hub
+    -- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html default standards>
+    -- for new member accounts in the organization.
+    --
+    -- The default value of this parameter is equal to @DEFAULT@.
+    --
+    -- If equal to @DEFAULT@, then Security Hub default standards are
+    -- automatically enabled for new member accounts. If equal to @NONE@, then
+    -- default standards are not automatically enabled for new member accounts.
+    autoEnableStandards :: Prelude.Maybe AutoEnableStandards,
+    -- | Whether the maximum number of allowed member accounts are already
+    -- associated with the Security Hub administrator account.
+    memberAccountLimitReached :: Prelude.Maybe Prelude.Bool,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeOrganizationConfigurationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'autoEnable', 'describeOrganizationConfigurationResponse_autoEnable' - Whether to automatically enable Security Hub for new accounts in the
+-- organization.
+--
+-- If set to @true@, then Security Hub is enabled for new accounts. If set
+-- to false, then new accounts are not added automatically.
+--
+-- 'autoEnableStandards', 'describeOrganizationConfigurationResponse_autoEnableStandards' - Whether to automatically enable Security Hub
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html default standards>
+-- for new member accounts in the organization.
+--
+-- The default value of this parameter is equal to @DEFAULT@.
+--
+-- If equal to @DEFAULT@, then Security Hub default standards are
+-- automatically enabled for new member accounts. If equal to @NONE@, then
+-- default standards are not automatically enabled for new member accounts.
+--
+-- 'memberAccountLimitReached', 'describeOrganizationConfigurationResponse_memberAccountLimitReached' - Whether the maximum number of allowed member accounts are already
+-- associated with the Security Hub administrator account.
+--
+-- 'httpStatus', 'describeOrganizationConfigurationResponse_httpStatus' - The response's http status code.
+newDescribeOrganizationConfigurationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeOrganizationConfigurationResponse
+newDescribeOrganizationConfigurationResponse
+  pHttpStatus_ =
+    DescribeOrganizationConfigurationResponse'
+      { autoEnable =
+          Prelude.Nothing,
+        autoEnableStandards =
+          Prelude.Nothing,
+        memberAccountLimitReached =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | Whether to automatically enable Security Hub for new accounts in the
+-- organization.
+--
+-- If set to @true@, then Security Hub is enabled for new accounts. If set
+-- to false, then new accounts are not added automatically.
+describeOrganizationConfigurationResponse_autoEnable :: Lens.Lens' DescribeOrganizationConfigurationResponse (Prelude.Maybe Prelude.Bool)
+describeOrganizationConfigurationResponse_autoEnable = Lens.lens (\DescribeOrganizationConfigurationResponse' {autoEnable} -> autoEnable) (\s@DescribeOrganizationConfigurationResponse' {} a -> s {autoEnable = a} :: DescribeOrganizationConfigurationResponse)
+
+-- | Whether to automatically enable Security Hub
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html default standards>
+-- for new member accounts in the organization.
+--
+-- The default value of this parameter is equal to @DEFAULT@.
+--
+-- If equal to @DEFAULT@, then Security Hub default standards are
+-- automatically enabled for new member accounts. If equal to @NONE@, then
+-- default standards are not automatically enabled for new member accounts.
+describeOrganizationConfigurationResponse_autoEnableStandards :: Lens.Lens' DescribeOrganizationConfigurationResponse (Prelude.Maybe AutoEnableStandards)
+describeOrganizationConfigurationResponse_autoEnableStandards = Lens.lens (\DescribeOrganizationConfigurationResponse' {autoEnableStandards} -> autoEnableStandards) (\s@DescribeOrganizationConfigurationResponse' {} a -> s {autoEnableStandards = a} :: DescribeOrganizationConfigurationResponse)
+
+-- | Whether the maximum number of allowed member accounts are already
+-- associated with the Security Hub administrator account.
+describeOrganizationConfigurationResponse_memberAccountLimitReached :: Lens.Lens' DescribeOrganizationConfigurationResponse (Prelude.Maybe Prelude.Bool)
+describeOrganizationConfigurationResponse_memberAccountLimitReached = Lens.lens (\DescribeOrganizationConfigurationResponse' {memberAccountLimitReached} -> memberAccountLimitReached) (\s@DescribeOrganizationConfigurationResponse' {} a -> s {memberAccountLimitReached = a} :: DescribeOrganizationConfigurationResponse)
+
+-- | The response's http status code.
+describeOrganizationConfigurationResponse_httpStatus :: Lens.Lens' DescribeOrganizationConfigurationResponse Prelude.Int
+describeOrganizationConfigurationResponse_httpStatus = Lens.lens (\DescribeOrganizationConfigurationResponse' {httpStatus} -> httpStatus) (\s@DescribeOrganizationConfigurationResponse' {} a -> s {httpStatus = a} :: DescribeOrganizationConfigurationResponse)
+
+instance
+  Prelude.NFData
+    DescribeOrganizationConfigurationResponse
+  where
+  rnf DescribeOrganizationConfigurationResponse' {..} =
+    Prelude.rnf autoEnable
+      `Prelude.seq` Prelude.rnf autoEnableStandards
+      `Prelude.seq` Prelude.rnf memberAccountLimitReached
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/DescribeProducts.hs b/gen/Amazonka/SecurityHub/DescribeProducts.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DescribeProducts.hs
@@ -0,0 +1,242 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DescribeProducts
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns information about product integrations in Security Hub.
+--
+-- You can optionally provide an integration ARN. If you provide an
+-- integration ARN, then the results only include that integration.
+--
+-- If you do not provide an integration ARN, then the results include all
+-- of the available product integrations.
+--
+-- This operation returns paginated results.
+module Amazonka.SecurityHub.DescribeProducts
+  ( -- * Creating a Request
+    DescribeProducts (..),
+    newDescribeProducts,
+
+    -- * Request Lenses
+    describeProducts_maxResults,
+    describeProducts_nextToken,
+    describeProducts_productArn,
+
+    -- * Destructuring the Response
+    DescribeProductsResponse (..),
+    newDescribeProductsResponse,
+
+    -- * Response Lenses
+    describeProductsResponse_nextToken,
+    describeProductsResponse_httpStatus,
+    describeProductsResponse_products,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDescribeProducts' smart constructor.
+data DescribeProducts = DescribeProducts'
+  { -- | The maximum number of results to return.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The token that is required for pagination. On your first call to the
+    -- @DescribeProducts@ operation, set the value of this parameter to @NULL@.
+    --
+    -- For subsequent calls to the operation, to continue listing data, set the
+    -- value of this parameter to the value returned from the previous
+    -- response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the integration to return.
+    productArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeProducts' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'describeProducts_maxResults' - The maximum number of results to return.
+--
+-- 'nextToken', 'describeProducts_nextToken' - The token that is required for pagination. On your first call to the
+-- @DescribeProducts@ operation, set the value of this parameter to @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+--
+-- 'productArn', 'describeProducts_productArn' - The ARN of the integration to return.
+newDescribeProducts ::
+  DescribeProducts
+newDescribeProducts =
+  DescribeProducts'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      productArn = Prelude.Nothing
+    }
+
+-- | The maximum number of results to return.
+describeProducts_maxResults :: Lens.Lens' DescribeProducts (Prelude.Maybe Prelude.Natural)
+describeProducts_maxResults = Lens.lens (\DescribeProducts' {maxResults} -> maxResults) (\s@DescribeProducts' {} a -> s {maxResults = a} :: DescribeProducts)
+
+-- | The token that is required for pagination. On your first call to the
+-- @DescribeProducts@ operation, set the value of this parameter to @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+describeProducts_nextToken :: Lens.Lens' DescribeProducts (Prelude.Maybe Prelude.Text)
+describeProducts_nextToken = Lens.lens (\DescribeProducts' {nextToken} -> nextToken) (\s@DescribeProducts' {} a -> s {nextToken = a} :: DescribeProducts)
+
+-- | The ARN of the integration to return.
+describeProducts_productArn :: Lens.Lens' DescribeProducts (Prelude.Maybe Prelude.Text)
+describeProducts_productArn = Lens.lens (\DescribeProducts' {productArn} -> productArn) (\s@DescribeProducts' {} a -> s {productArn = a} :: DescribeProducts)
+
+instance Core.AWSPager DescribeProducts where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? describeProductsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        (rs Lens.^. describeProductsResponse_products) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& describeProducts_nextToken
+          Lens..~ rs
+          Lens.^? describeProductsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest DescribeProducts where
+  type
+    AWSResponse DescribeProducts =
+      DescribeProductsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeProductsResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "Products" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable DescribeProducts where
+  hashWithSalt _salt DescribeProducts' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` productArn
+
+instance Prelude.NFData DescribeProducts where
+  rnf DescribeProducts' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf productArn
+
+instance Data.ToHeaders DescribeProducts where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DescribeProducts where
+  toPath = Prelude.const "/products"
+
+instance Data.ToQuery DescribeProducts where
+  toQuery DescribeProducts' {..} =
+    Prelude.mconcat
+      [ "MaxResults" Data.=: maxResults,
+        "NextToken" Data.=: nextToken,
+        "ProductArn" Data.=: productArn
+      ]
+
+-- | /See:/ 'newDescribeProductsResponse' smart constructor.
+data DescribeProductsResponse = DescribeProductsResponse'
+  { -- | The pagination token to use to request the next page of results.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of products, including details for each product.
+    products :: [Product]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeProductsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'describeProductsResponse_nextToken' - The pagination token to use to request the next page of results.
+--
+-- 'httpStatus', 'describeProductsResponse_httpStatus' - The response's http status code.
+--
+-- 'products', 'describeProductsResponse_products' - A list of products, including details for each product.
+newDescribeProductsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeProductsResponse
+newDescribeProductsResponse pHttpStatus_ =
+  DescribeProductsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      products = Prelude.mempty
+    }
+
+-- | The pagination token to use to request the next page of results.
+describeProductsResponse_nextToken :: Lens.Lens' DescribeProductsResponse (Prelude.Maybe Prelude.Text)
+describeProductsResponse_nextToken = Lens.lens (\DescribeProductsResponse' {nextToken} -> nextToken) (\s@DescribeProductsResponse' {} a -> s {nextToken = a} :: DescribeProductsResponse)
+
+-- | The response's http status code.
+describeProductsResponse_httpStatus :: Lens.Lens' DescribeProductsResponse Prelude.Int
+describeProductsResponse_httpStatus = Lens.lens (\DescribeProductsResponse' {httpStatus} -> httpStatus) (\s@DescribeProductsResponse' {} a -> s {httpStatus = a} :: DescribeProductsResponse)
+
+-- | A list of products, including details for each product.
+describeProductsResponse_products :: Lens.Lens' DescribeProductsResponse [Product]
+describeProductsResponse_products = Lens.lens (\DescribeProductsResponse' {products} -> products) (\s@DescribeProductsResponse' {} a -> s {products = a} :: DescribeProductsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData DescribeProductsResponse where
+  rnf DescribeProductsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf products
diff --git a/gen/Amazonka/SecurityHub/DescribeStandards.hs b/gen/Amazonka/SecurityHub/DescribeStandards.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DescribeStandards.hs
@@ -0,0 +1,232 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DescribeStandards
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns a list of the available standards in Security Hub.
+--
+-- For each standard, the results include the standard ARN, the name, and a
+-- description.
+--
+-- This operation returns paginated results.
+module Amazonka.SecurityHub.DescribeStandards
+  ( -- * Creating a Request
+    DescribeStandards (..),
+    newDescribeStandards,
+
+    -- * Request Lenses
+    describeStandards_maxResults,
+    describeStandards_nextToken,
+
+    -- * Destructuring the Response
+    DescribeStandardsResponse (..),
+    newDescribeStandardsResponse,
+
+    -- * Response Lenses
+    describeStandardsResponse_nextToken,
+    describeStandardsResponse_standards,
+    describeStandardsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDescribeStandards' smart constructor.
+data DescribeStandards = DescribeStandards'
+  { -- | The maximum number of standards to return.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The token that is required for pagination. On your first call to the
+    -- @DescribeStandards@ operation, set the value of this parameter to
+    -- @NULL@.
+    --
+    -- For subsequent calls to the operation, to continue listing data, set the
+    -- value of this parameter to the value returned from the previous
+    -- response.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeStandards' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'describeStandards_maxResults' - The maximum number of standards to return.
+--
+-- 'nextToken', 'describeStandards_nextToken' - The token that is required for pagination. On your first call to the
+-- @DescribeStandards@ operation, set the value of this parameter to
+-- @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+newDescribeStandards ::
+  DescribeStandards
+newDescribeStandards =
+  DescribeStandards'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | The maximum number of standards to return.
+describeStandards_maxResults :: Lens.Lens' DescribeStandards (Prelude.Maybe Prelude.Natural)
+describeStandards_maxResults = Lens.lens (\DescribeStandards' {maxResults} -> maxResults) (\s@DescribeStandards' {} a -> s {maxResults = a} :: DescribeStandards)
+
+-- | The token that is required for pagination. On your first call to the
+-- @DescribeStandards@ operation, set the value of this parameter to
+-- @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+describeStandards_nextToken :: Lens.Lens' DescribeStandards (Prelude.Maybe Prelude.Text)
+describeStandards_nextToken = Lens.lens (\DescribeStandards' {nextToken} -> nextToken) (\s@DescribeStandards' {} a -> s {nextToken = a} :: DescribeStandards)
+
+instance Core.AWSPager DescribeStandards where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? describeStandardsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? describeStandardsResponse_standards
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& describeStandards_nextToken
+          Lens..~ rs
+          Lens.^? describeStandardsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest DescribeStandards where
+  type
+    AWSResponse DescribeStandards =
+      DescribeStandardsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeStandardsResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> (x Data..?> "Standards" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DescribeStandards where
+  hashWithSalt _salt DescribeStandards' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData DescribeStandards where
+  rnf DescribeStandards' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders DescribeStandards where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DescribeStandards where
+  toPath = Prelude.const "/standards"
+
+instance Data.ToQuery DescribeStandards where
+  toQuery DescribeStandards' {..} =
+    Prelude.mconcat
+      [ "MaxResults" Data.=: maxResults,
+        "NextToken" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newDescribeStandardsResponse' smart constructor.
+data DescribeStandardsResponse = DescribeStandardsResponse'
+  { -- | The pagination token to use to request the next page of results.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | A list of available standards.
+    standards :: Prelude.Maybe [Standard],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeStandardsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'describeStandardsResponse_nextToken' - The pagination token to use to request the next page of results.
+--
+-- 'standards', 'describeStandardsResponse_standards' - A list of available standards.
+--
+-- 'httpStatus', 'describeStandardsResponse_httpStatus' - The response's http status code.
+newDescribeStandardsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeStandardsResponse
+newDescribeStandardsResponse pHttpStatus_ =
+  DescribeStandardsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      standards = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The pagination token to use to request the next page of results.
+describeStandardsResponse_nextToken :: Lens.Lens' DescribeStandardsResponse (Prelude.Maybe Prelude.Text)
+describeStandardsResponse_nextToken = Lens.lens (\DescribeStandardsResponse' {nextToken} -> nextToken) (\s@DescribeStandardsResponse' {} a -> s {nextToken = a} :: DescribeStandardsResponse)
+
+-- | A list of available standards.
+describeStandardsResponse_standards :: Lens.Lens' DescribeStandardsResponse (Prelude.Maybe [Standard])
+describeStandardsResponse_standards = Lens.lens (\DescribeStandardsResponse' {standards} -> standards) (\s@DescribeStandardsResponse' {} a -> s {standards = a} :: DescribeStandardsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+describeStandardsResponse_httpStatus :: Lens.Lens' DescribeStandardsResponse Prelude.Int
+describeStandardsResponse_httpStatus = Lens.lens (\DescribeStandardsResponse' {httpStatus} -> httpStatus) (\s@DescribeStandardsResponse' {} a -> s {httpStatus = a} :: DescribeStandardsResponse)
+
+instance Prelude.NFData DescribeStandardsResponse where
+  rnf DescribeStandardsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf standards
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/DescribeStandardsControls.hs b/gen/Amazonka/SecurityHub/DescribeStandardsControls.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DescribeStandardsControls.hs
@@ -0,0 +1,262 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DescribeStandardsControls
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns a list of security standards controls.
+--
+-- For each control, the results include information about whether it is
+-- currently enabled, the severity, and a link to remediation information.
+--
+-- This operation returns paginated results.
+module Amazonka.SecurityHub.DescribeStandardsControls
+  ( -- * Creating a Request
+    DescribeStandardsControls (..),
+    newDescribeStandardsControls,
+
+    -- * Request Lenses
+    describeStandardsControls_maxResults,
+    describeStandardsControls_nextToken,
+    describeStandardsControls_standardsSubscriptionArn,
+
+    -- * Destructuring the Response
+    DescribeStandardsControlsResponse (..),
+    newDescribeStandardsControlsResponse,
+
+    -- * Response Lenses
+    describeStandardsControlsResponse_controls,
+    describeStandardsControlsResponse_nextToken,
+    describeStandardsControlsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDescribeStandardsControls' smart constructor.
+data DescribeStandardsControls = DescribeStandardsControls'
+  { -- | The maximum number of security standard controls to return.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The token that is required for pagination. On your first call to the
+    -- @DescribeStandardsControls@ operation, set the value of this parameter
+    -- to @NULL@.
+    --
+    -- For subsequent calls to the operation, to continue listing data, set the
+    -- value of this parameter to the value returned from the previous
+    -- response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of a resource that represents your subscription to a supported
+    -- standard. To get the subscription ARNs of the standards you have
+    -- enabled, use the @GetEnabledStandards@ operation.
+    standardsSubscriptionArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeStandardsControls' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'describeStandardsControls_maxResults' - The maximum number of security standard controls to return.
+--
+-- 'nextToken', 'describeStandardsControls_nextToken' - The token that is required for pagination. On your first call to the
+-- @DescribeStandardsControls@ operation, set the value of this parameter
+-- to @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+--
+-- 'standardsSubscriptionArn', 'describeStandardsControls_standardsSubscriptionArn' - The ARN of a resource that represents your subscription to a supported
+-- standard. To get the subscription ARNs of the standards you have
+-- enabled, use the @GetEnabledStandards@ operation.
+newDescribeStandardsControls ::
+  -- | 'standardsSubscriptionArn'
+  Prelude.Text ->
+  DescribeStandardsControls
+newDescribeStandardsControls
+  pStandardsSubscriptionArn_ =
+    DescribeStandardsControls'
+      { maxResults =
+          Prelude.Nothing,
+        nextToken = Prelude.Nothing,
+        standardsSubscriptionArn =
+          pStandardsSubscriptionArn_
+      }
+
+-- | The maximum number of security standard controls to return.
+describeStandardsControls_maxResults :: Lens.Lens' DescribeStandardsControls (Prelude.Maybe Prelude.Natural)
+describeStandardsControls_maxResults = Lens.lens (\DescribeStandardsControls' {maxResults} -> maxResults) (\s@DescribeStandardsControls' {} a -> s {maxResults = a} :: DescribeStandardsControls)
+
+-- | The token that is required for pagination. On your first call to the
+-- @DescribeStandardsControls@ operation, set the value of this parameter
+-- to @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+describeStandardsControls_nextToken :: Lens.Lens' DescribeStandardsControls (Prelude.Maybe Prelude.Text)
+describeStandardsControls_nextToken = Lens.lens (\DescribeStandardsControls' {nextToken} -> nextToken) (\s@DescribeStandardsControls' {} a -> s {nextToken = a} :: DescribeStandardsControls)
+
+-- | The ARN of a resource that represents your subscription to a supported
+-- standard. To get the subscription ARNs of the standards you have
+-- enabled, use the @GetEnabledStandards@ operation.
+describeStandardsControls_standardsSubscriptionArn :: Lens.Lens' DescribeStandardsControls Prelude.Text
+describeStandardsControls_standardsSubscriptionArn = Lens.lens (\DescribeStandardsControls' {standardsSubscriptionArn} -> standardsSubscriptionArn) (\s@DescribeStandardsControls' {} a -> s {standardsSubscriptionArn = a} :: DescribeStandardsControls)
+
+instance Core.AWSPager DescribeStandardsControls where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? describeStandardsControlsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? describeStandardsControlsResponse_controls
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& describeStandardsControls_nextToken
+          Lens..~ rs
+          Lens.^? describeStandardsControlsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest DescribeStandardsControls where
+  type
+    AWSResponse DescribeStandardsControls =
+      DescribeStandardsControlsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeStandardsControlsResponse'
+            Prelude.<$> (x Data..?> "Controls" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DescribeStandardsControls where
+  hashWithSalt _salt DescribeStandardsControls' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` standardsSubscriptionArn
+
+instance Prelude.NFData DescribeStandardsControls where
+  rnf DescribeStandardsControls' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf standardsSubscriptionArn
+
+instance Data.ToHeaders DescribeStandardsControls where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DescribeStandardsControls where
+  toPath DescribeStandardsControls' {..} =
+    Prelude.mconcat
+      [ "/standards/controls/",
+        Data.toBS standardsSubscriptionArn
+      ]
+
+instance Data.ToQuery DescribeStandardsControls where
+  toQuery DescribeStandardsControls' {..} =
+    Prelude.mconcat
+      [ "MaxResults" Data.=: maxResults,
+        "NextToken" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newDescribeStandardsControlsResponse' smart constructor.
+data DescribeStandardsControlsResponse = DescribeStandardsControlsResponse'
+  { -- | A list of security standards controls.
+    controls :: Prelude.Maybe [StandardsControl],
+    -- | The pagination token to use to request the next page of results.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeStandardsControlsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'controls', 'describeStandardsControlsResponse_controls' - A list of security standards controls.
+--
+-- 'nextToken', 'describeStandardsControlsResponse_nextToken' - The pagination token to use to request the next page of results.
+--
+-- 'httpStatus', 'describeStandardsControlsResponse_httpStatus' - The response's http status code.
+newDescribeStandardsControlsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeStandardsControlsResponse
+newDescribeStandardsControlsResponse pHttpStatus_ =
+  DescribeStandardsControlsResponse'
+    { controls =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A list of security standards controls.
+describeStandardsControlsResponse_controls :: Lens.Lens' DescribeStandardsControlsResponse (Prelude.Maybe [StandardsControl])
+describeStandardsControlsResponse_controls = Lens.lens (\DescribeStandardsControlsResponse' {controls} -> controls) (\s@DescribeStandardsControlsResponse' {} a -> s {controls = a} :: DescribeStandardsControlsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The pagination token to use to request the next page of results.
+describeStandardsControlsResponse_nextToken :: Lens.Lens' DescribeStandardsControlsResponse (Prelude.Maybe Prelude.Text)
+describeStandardsControlsResponse_nextToken = Lens.lens (\DescribeStandardsControlsResponse' {nextToken} -> nextToken) (\s@DescribeStandardsControlsResponse' {} a -> s {nextToken = a} :: DescribeStandardsControlsResponse)
+
+-- | The response's http status code.
+describeStandardsControlsResponse_httpStatus :: Lens.Lens' DescribeStandardsControlsResponse Prelude.Int
+describeStandardsControlsResponse_httpStatus = Lens.lens (\DescribeStandardsControlsResponse' {httpStatus} -> httpStatus) (\s@DescribeStandardsControlsResponse' {} a -> s {httpStatus = a} :: DescribeStandardsControlsResponse)
+
+instance
+  Prelude.NFData
+    DescribeStandardsControlsResponse
+  where
+  rnf DescribeStandardsControlsResponse' {..} =
+    Prelude.rnf controls
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/DisableImportFindingsForProduct.hs b/gen/Amazonka/SecurityHub/DisableImportFindingsForProduct.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DisableImportFindingsForProduct.hs
@@ -0,0 +1,174 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DisableImportFindingsForProduct
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disables the integration of the specified product with Security Hub.
+-- After the integration is disabled, findings from that product are no
+-- longer sent to Security Hub.
+module Amazonka.SecurityHub.DisableImportFindingsForProduct
+  ( -- * Creating a Request
+    DisableImportFindingsForProduct (..),
+    newDisableImportFindingsForProduct,
+
+    -- * Request Lenses
+    disableImportFindingsForProduct_productSubscriptionArn,
+
+    -- * Destructuring the Response
+    DisableImportFindingsForProductResponse (..),
+    newDisableImportFindingsForProductResponse,
+
+    -- * Response Lenses
+    disableImportFindingsForProductResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDisableImportFindingsForProduct' smart constructor.
+data DisableImportFindingsForProduct = DisableImportFindingsForProduct'
+  { -- | The ARN of the integrated product to disable the integration for.
+    productSubscriptionArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisableImportFindingsForProduct' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'productSubscriptionArn', 'disableImportFindingsForProduct_productSubscriptionArn' - The ARN of the integrated product to disable the integration for.
+newDisableImportFindingsForProduct ::
+  -- | 'productSubscriptionArn'
+  Prelude.Text ->
+  DisableImportFindingsForProduct
+newDisableImportFindingsForProduct
+  pProductSubscriptionArn_ =
+    DisableImportFindingsForProduct'
+      { productSubscriptionArn =
+          pProductSubscriptionArn_
+      }
+
+-- | The ARN of the integrated product to disable the integration for.
+disableImportFindingsForProduct_productSubscriptionArn :: Lens.Lens' DisableImportFindingsForProduct Prelude.Text
+disableImportFindingsForProduct_productSubscriptionArn = Lens.lens (\DisableImportFindingsForProduct' {productSubscriptionArn} -> productSubscriptionArn) (\s@DisableImportFindingsForProduct' {} a -> s {productSubscriptionArn = a} :: DisableImportFindingsForProduct)
+
+instance
+  Core.AWSRequest
+    DisableImportFindingsForProduct
+  where
+  type
+    AWSResponse DisableImportFindingsForProduct =
+      DisableImportFindingsForProductResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DisableImportFindingsForProductResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DisableImportFindingsForProduct
+  where
+  hashWithSalt
+    _salt
+    DisableImportFindingsForProduct' {..} =
+      _salt `Prelude.hashWithSalt` productSubscriptionArn
+
+instance
+  Prelude.NFData
+    DisableImportFindingsForProduct
+  where
+  rnf DisableImportFindingsForProduct' {..} =
+    Prelude.rnf productSubscriptionArn
+
+instance
+  Data.ToHeaders
+    DisableImportFindingsForProduct
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DisableImportFindingsForProduct where
+  toPath DisableImportFindingsForProduct' {..} =
+    Prelude.mconcat
+      [ "/productSubscriptions/",
+        Data.toBS productSubscriptionArn
+      ]
+
+instance Data.ToQuery DisableImportFindingsForProduct where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisableImportFindingsForProductResponse' smart constructor.
+data DisableImportFindingsForProductResponse = DisableImportFindingsForProductResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisableImportFindingsForProductResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'disableImportFindingsForProductResponse_httpStatus' - The response's http status code.
+newDisableImportFindingsForProductResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisableImportFindingsForProductResponse
+newDisableImportFindingsForProductResponse
+  pHttpStatus_ =
+    DisableImportFindingsForProductResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+disableImportFindingsForProductResponse_httpStatus :: Lens.Lens' DisableImportFindingsForProductResponse Prelude.Int
+disableImportFindingsForProductResponse_httpStatus = Lens.lens (\DisableImportFindingsForProductResponse' {httpStatus} -> httpStatus) (\s@DisableImportFindingsForProductResponse' {} a -> s {httpStatus = a} :: DisableImportFindingsForProductResponse)
+
+instance
+  Prelude.NFData
+    DisableImportFindingsForProductResponse
+  where
+  rnf DisableImportFindingsForProductResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/DisableOrganizationAdminAccount.hs b/gen/Amazonka/SecurityHub/DisableOrganizationAdminAccount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DisableOrganizationAdminAccount.hs
@@ -0,0 +1,180 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DisableOrganizationAdminAccount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disables a Security Hub administrator account. Can only be called by the
+-- organization management account.
+module Amazonka.SecurityHub.DisableOrganizationAdminAccount
+  ( -- * Creating a Request
+    DisableOrganizationAdminAccount (..),
+    newDisableOrganizationAdminAccount,
+
+    -- * Request Lenses
+    disableOrganizationAdminAccount_adminAccountId,
+
+    -- * Destructuring the Response
+    DisableOrganizationAdminAccountResponse (..),
+    newDisableOrganizationAdminAccountResponse,
+
+    -- * Response Lenses
+    disableOrganizationAdminAccountResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDisableOrganizationAdminAccount' smart constructor.
+data DisableOrganizationAdminAccount = DisableOrganizationAdminAccount'
+  { -- | The Amazon Web Services account identifier of the Security Hub
+    -- administrator account.
+    adminAccountId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisableOrganizationAdminAccount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'adminAccountId', 'disableOrganizationAdminAccount_adminAccountId' - The Amazon Web Services account identifier of the Security Hub
+-- administrator account.
+newDisableOrganizationAdminAccount ::
+  -- | 'adminAccountId'
+  Prelude.Text ->
+  DisableOrganizationAdminAccount
+newDisableOrganizationAdminAccount pAdminAccountId_ =
+  DisableOrganizationAdminAccount'
+    { adminAccountId =
+        pAdminAccountId_
+    }
+
+-- | The Amazon Web Services account identifier of the Security Hub
+-- administrator account.
+disableOrganizationAdminAccount_adminAccountId :: Lens.Lens' DisableOrganizationAdminAccount Prelude.Text
+disableOrganizationAdminAccount_adminAccountId = Lens.lens (\DisableOrganizationAdminAccount' {adminAccountId} -> adminAccountId) (\s@DisableOrganizationAdminAccount' {} a -> s {adminAccountId = a} :: DisableOrganizationAdminAccount)
+
+instance
+  Core.AWSRequest
+    DisableOrganizationAdminAccount
+  where
+  type
+    AWSResponse DisableOrganizationAdminAccount =
+      DisableOrganizationAdminAccountResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DisableOrganizationAdminAccountResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DisableOrganizationAdminAccount
+  where
+  hashWithSalt
+    _salt
+    DisableOrganizationAdminAccount' {..} =
+      _salt `Prelude.hashWithSalt` adminAccountId
+
+instance
+  Prelude.NFData
+    DisableOrganizationAdminAccount
+  where
+  rnf DisableOrganizationAdminAccount' {..} =
+    Prelude.rnf adminAccountId
+
+instance
+  Data.ToHeaders
+    DisableOrganizationAdminAccount
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DisableOrganizationAdminAccount where
+  toJSON DisableOrganizationAdminAccount' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("AdminAccountId" Data..= adminAccountId)
+          ]
+      )
+
+instance Data.ToPath DisableOrganizationAdminAccount where
+  toPath = Prelude.const "/organization/admin/disable"
+
+instance Data.ToQuery DisableOrganizationAdminAccount where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisableOrganizationAdminAccountResponse' smart constructor.
+data DisableOrganizationAdminAccountResponse = DisableOrganizationAdminAccountResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisableOrganizationAdminAccountResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'disableOrganizationAdminAccountResponse_httpStatus' - The response's http status code.
+newDisableOrganizationAdminAccountResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisableOrganizationAdminAccountResponse
+newDisableOrganizationAdminAccountResponse
+  pHttpStatus_ =
+    DisableOrganizationAdminAccountResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+disableOrganizationAdminAccountResponse_httpStatus :: Lens.Lens' DisableOrganizationAdminAccountResponse Prelude.Int
+disableOrganizationAdminAccountResponse_httpStatus = Lens.lens (\DisableOrganizationAdminAccountResponse' {httpStatus} -> httpStatus) (\s@DisableOrganizationAdminAccountResponse' {} a -> s {httpStatus = a} :: DisableOrganizationAdminAccountResponse)
+
+instance
+  Prelude.NFData
+    DisableOrganizationAdminAccountResponse
+  where
+  rnf DisableOrganizationAdminAccountResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/DisableSecurityHub.hs b/gen/Amazonka/SecurityHub/DisableSecurityHub.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DisableSecurityHub.hs
@@ -0,0 +1,142 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DisableSecurityHub
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disables Security Hub in your account only in the current Region. To
+-- disable Security Hub in all Regions, you must submit one request per
+-- Region where you have enabled Security Hub.
+--
+-- When you disable Security Hub for an administrator account, it doesn\'t
+-- disable Security Hub for any associated member accounts.
+--
+-- When you disable Security Hub, your existing findings and insights and
+-- any Security Hub configuration settings are deleted after 90 days and
+-- cannot be recovered. Any standards that were enabled are disabled, and
+-- your administrator and member account associations are removed.
+--
+-- If you want to save your existing findings, you must export them before
+-- you disable Security Hub.
+module Amazonka.SecurityHub.DisableSecurityHub
+  ( -- * Creating a Request
+    DisableSecurityHub (..),
+    newDisableSecurityHub,
+
+    -- * Destructuring the Response
+    DisableSecurityHubResponse (..),
+    newDisableSecurityHubResponse,
+
+    -- * Response Lenses
+    disableSecurityHubResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDisableSecurityHub' smart constructor.
+data DisableSecurityHub = DisableSecurityHub'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisableSecurityHub' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newDisableSecurityHub ::
+  DisableSecurityHub
+newDisableSecurityHub = DisableSecurityHub'
+
+instance Core.AWSRequest DisableSecurityHub where
+  type
+    AWSResponse DisableSecurityHub =
+      DisableSecurityHubResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DisableSecurityHubResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DisableSecurityHub where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData DisableSecurityHub where
+  rnf _ = ()
+
+instance Data.ToHeaders DisableSecurityHub where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DisableSecurityHub where
+  toPath = Prelude.const "/accounts"
+
+instance Data.ToQuery DisableSecurityHub where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisableSecurityHubResponse' smart constructor.
+data DisableSecurityHubResponse = DisableSecurityHubResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisableSecurityHubResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'disableSecurityHubResponse_httpStatus' - The response's http status code.
+newDisableSecurityHubResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisableSecurityHubResponse
+newDisableSecurityHubResponse pHttpStatus_ =
+  DisableSecurityHubResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+disableSecurityHubResponse_httpStatus :: Lens.Lens' DisableSecurityHubResponse Prelude.Int
+disableSecurityHubResponse_httpStatus = Lens.lens (\DisableSecurityHubResponse' {httpStatus} -> httpStatus) (\s@DisableSecurityHubResponse' {} a -> s {httpStatus = a} :: DisableSecurityHubResponse)
+
+instance Prelude.NFData DisableSecurityHubResponse where
+  rnf DisableSecurityHubResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/DisassociateFromAdministratorAccount.hs b/gen/Amazonka/SecurityHub/DisassociateFromAdministratorAccount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DisassociateFromAdministratorAccount.hs
@@ -0,0 +1,163 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DisassociateFromAdministratorAccount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disassociates the current Security Hub member account from the
+-- associated administrator account.
+--
+-- This operation is only used by accounts that are not part of an
+-- organization. For organization accounts, only the administrator account
+-- can disassociate a member account.
+module Amazonka.SecurityHub.DisassociateFromAdministratorAccount
+  ( -- * Creating a Request
+    DisassociateFromAdministratorAccount (..),
+    newDisassociateFromAdministratorAccount,
+
+    -- * Destructuring the Response
+    DisassociateFromAdministratorAccountResponse (..),
+    newDisassociateFromAdministratorAccountResponse,
+
+    -- * Response Lenses
+    disassociateFromAdministratorAccountResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDisassociateFromAdministratorAccount' smart constructor.
+data DisassociateFromAdministratorAccount = DisassociateFromAdministratorAccount'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateFromAdministratorAccount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newDisassociateFromAdministratorAccount ::
+  DisassociateFromAdministratorAccount
+newDisassociateFromAdministratorAccount =
+  DisassociateFromAdministratorAccount'
+
+instance
+  Core.AWSRequest
+    DisassociateFromAdministratorAccount
+  where
+  type
+    AWSResponse DisassociateFromAdministratorAccount =
+      DisassociateFromAdministratorAccountResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DisassociateFromAdministratorAccountResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DisassociateFromAdministratorAccount
+  where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance
+  Prelude.NFData
+    DisassociateFromAdministratorAccount
+  where
+  rnf _ = ()
+
+instance
+  Data.ToHeaders
+    DisassociateFromAdministratorAccount
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    DisassociateFromAdministratorAccount
+  where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance
+  Data.ToPath
+    DisassociateFromAdministratorAccount
+  where
+  toPath = Prelude.const "/administrator/disassociate"
+
+instance
+  Data.ToQuery
+    DisassociateFromAdministratorAccount
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisassociateFromAdministratorAccountResponse' smart constructor.
+data DisassociateFromAdministratorAccountResponse = DisassociateFromAdministratorAccountResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateFromAdministratorAccountResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'disassociateFromAdministratorAccountResponse_httpStatus' - The response's http status code.
+newDisassociateFromAdministratorAccountResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisassociateFromAdministratorAccountResponse
+newDisassociateFromAdministratorAccountResponse
+  pHttpStatus_ =
+    DisassociateFromAdministratorAccountResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+disassociateFromAdministratorAccountResponse_httpStatus :: Lens.Lens' DisassociateFromAdministratorAccountResponse Prelude.Int
+disassociateFromAdministratorAccountResponse_httpStatus = Lens.lens (\DisassociateFromAdministratorAccountResponse' {httpStatus} -> httpStatus) (\s@DisassociateFromAdministratorAccountResponse' {} a -> s {httpStatus = a} :: DisassociateFromAdministratorAccountResponse)
+
+instance
+  Prelude.NFData
+    DisassociateFromAdministratorAccountResponse
+  where
+  rnf DisassociateFromAdministratorAccountResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/DisassociateMembers.hs b/gen/Amazonka/SecurityHub/DisassociateMembers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/DisassociateMembers.hs
@@ -0,0 +1,157 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.DisassociateMembers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disassociates the specified member accounts from the associated
+-- administrator account.
+--
+-- Can be used to disassociate both accounts that are managed using
+-- Organizations and accounts that were invited manually.
+module Amazonka.SecurityHub.DisassociateMembers
+  ( -- * Creating a Request
+    DisassociateMembers (..),
+    newDisassociateMembers,
+
+    -- * Request Lenses
+    disassociateMembers_accountIds,
+
+    -- * Destructuring the Response
+    DisassociateMembersResponse (..),
+    newDisassociateMembersResponse,
+
+    -- * Response Lenses
+    disassociateMembersResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newDisassociateMembers' smart constructor.
+data DisassociateMembers = DisassociateMembers'
+  { -- | The account IDs of the member accounts to disassociate from the
+    -- administrator account.
+    accountIds :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateMembers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountIds', 'disassociateMembers_accountIds' - The account IDs of the member accounts to disassociate from the
+-- administrator account.
+newDisassociateMembers ::
+  DisassociateMembers
+newDisassociateMembers =
+  DisassociateMembers' {accountIds = Prelude.mempty}
+
+-- | The account IDs of the member accounts to disassociate from the
+-- administrator account.
+disassociateMembers_accountIds :: Lens.Lens' DisassociateMembers [Prelude.Text]
+disassociateMembers_accountIds = Lens.lens (\DisassociateMembers' {accountIds} -> accountIds) (\s@DisassociateMembers' {} a -> s {accountIds = a} :: DisassociateMembers) Prelude.. Lens.coerced
+
+instance Core.AWSRequest DisassociateMembers where
+  type
+    AWSResponse DisassociateMembers =
+      DisassociateMembersResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DisassociateMembersResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DisassociateMembers where
+  hashWithSalt _salt DisassociateMembers' {..} =
+    _salt `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData DisassociateMembers where
+  rnf DisassociateMembers' {..} = Prelude.rnf accountIds
+
+instance Data.ToHeaders DisassociateMembers where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DisassociateMembers where
+  toJSON DisassociateMembers' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("AccountIds" Data..= accountIds)]
+      )
+
+instance Data.ToPath DisassociateMembers where
+  toPath = Prelude.const "/members/disassociate"
+
+instance Data.ToQuery DisassociateMembers where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisassociateMembersResponse' smart constructor.
+data DisassociateMembersResponse = DisassociateMembersResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateMembersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'disassociateMembersResponse_httpStatus' - The response's http status code.
+newDisassociateMembersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisassociateMembersResponse
+newDisassociateMembersResponse pHttpStatus_ =
+  DisassociateMembersResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+disassociateMembersResponse_httpStatus :: Lens.Lens' DisassociateMembersResponse Prelude.Int
+disassociateMembersResponse_httpStatus = Lens.lens (\DisassociateMembersResponse' {httpStatus} -> httpStatus) (\s@DisassociateMembersResponse' {} a -> s {httpStatus = a} :: DisassociateMembersResponse)
+
+instance Prelude.NFData DisassociateMembersResponse where
+  rnf DisassociateMembersResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/EnableImportFindingsForProduct.hs b/gen/Amazonka/SecurityHub/EnableImportFindingsForProduct.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/EnableImportFindingsForProduct.hs
@@ -0,0 +1,190 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.EnableImportFindingsForProduct
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Enables the integration of a partner product with Security Hub.
+-- Integrated products send findings to Security Hub.
+--
+-- When you enable a product integration, a permissions policy that grants
+-- permission for the product to send findings to Security Hub is applied.
+module Amazonka.SecurityHub.EnableImportFindingsForProduct
+  ( -- * Creating a Request
+    EnableImportFindingsForProduct (..),
+    newEnableImportFindingsForProduct,
+
+    -- * Request Lenses
+    enableImportFindingsForProduct_productArn,
+
+    -- * Destructuring the Response
+    EnableImportFindingsForProductResponse (..),
+    newEnableImportFindingsForProductResponse,
+
+    -- * Response Lenses
+    enableImportFindingsForProductResponse_productSubscriptionArn,
+    enableImportFindingsForProductResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newEnableImportFindingsForProduct' smart constructor.
+data EnableImportFindingsForProduct = EnableImportFindingsForProduct'
+  { -- | The ARN of the product to enable the integration for.
+    productArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EnableImportFindingsForProduct' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'productArn', 'enableImportFindingsForProduct_productArn' - The ARN of the product to enable the integration for.
+newEnableImportFindingsForProduct ::
+  -- | 'productArn'
+  Prelude.Text ->
+  EnableImportFindingsForProduct
+newEnableImportFindingsForProduct pProductArn_ =
+  EnableImportFindingsForProduct'
+    { productArn =
+        pProductArn_
+    }
+
+-- | The ARN of the product to enable the integration for.
+enableImportFindingsForProduct_productArn :: Lens.Lens' EnableImportFindingsForProduct Prelude.Text
+enableImportFindingsForProduct_productArn = Lens.lens (\EnableImportFindingsForProduct' {productArn} -> productArn) (\s@EnableImportFindingsForProduct' {} a -> s {productArn = a} :: EnableImportFindingsForProduct)
+
+instance
+  Core.AWSRequest
+    EnableImportFindingsForProduct
+  where
+  type
+    AWSResponse EnableImportFindingsForProduct =
+      EnableImportFindingsForProductResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          EnableImportFindingsForProductResponse'
+            Prelude.<$> (x Data..?> "ProductSubscriptionArn")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    EnableImportFindingsForProduct
+  where
+  hashWithSalt
+    _salt
+    EnableImportFindingsForProduct' {..} =
+      _salt `Prelude.hashWithSalt` productArn
+
+instance
+  Prelude.NFData
+    EnableImportFindingsForProduct
+  where
+  rnf EnableImportFindingsForProduct' {..} =
+    Prelude.rnf productArn
+
+instance
+  Data.ToHeaders
+    EnableImportFindingsForProduct
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON EnableImportFindingsForProduct where
+  toJSON EnableImportFindingsForProduct' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("ProductArn" Data..= productArn)]
+      )
+
+instance Data.ToPath EnableImportFindingsForProduct where
+  toPath = Prelude.const "/productSubscriptions"
+
+instance Data.ToQuery EnableImportFindingsForProduct where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newEnableImportFindingsForProductResponse' smart constructor.
+data EnableImportFindingsForProductResponse = EnableImportFindingsForProductResponse'
+  { -- | The ARN of your subscription to the product to enable integrations for.
+    productSubscriptionArn :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EnableImportFindingsForProductResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'productSubscriptionArn', 'enableImportFindingsForProductResponse_productSubscriptionArn' - The ARN of your subscription to the product to enable integrations for.
+--
+-- 'httpStatus', 'enableImportFindingsForProductResponse_httpStatus' - The response's http status code.
+newEnableImportFindingsForProductResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  EnableImportFindingsForProductResponse
+newEnableImportFindingsForProductResponse
+  pHttpStatus_ =
+    EnableImportFindingsForProductResponse'
+      { productSubscriptionArn =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The ARN of your subscription to the product to enable integrations for.
+enableImportFindingsForProductResponse_productSubscriptionArn :: Lens.Lens' EnableImportFindingsForProductResponse (Prelude.Maybe Prelude.Text)
+enableImportFindingsForProductResponse_productSubscriptionArn = Lens.lens (\EnableImportFindingsForProductResponse' {productSubscriptionArn} -> productSubscriptionArn) (\s@EnableImportFindingsForProductResponse' {} a -> s {productSubscriptionArn = a} :: EnableImportFindingsForProductResponse)
+
+-- | The response's http status code.
+enableImportFindingsForProductResponse_httpStatus :: Lens.Lens' EnableImportFindingsForProductResponse Prelude.Int
+enableImportFindingsForProductResponse_httpStatus = Lens.lens (\EnableImportFindingsForProductResponse' {httpStatus} -> httpStatus) (\s@EnableImportFindingsForProductResponse' {} a -> s {httpStatus = a} :: EnableImportFindingsForProductResponse)
+
+instance
+  Prelude.NFData
+    EnableImportFindingsForProductResponse
+  where
+  rnf EnableImportFindingsForProductResponse' {..} =
+    Prelude.rnf productSubscriptionArn
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/EnableOrganizationAdminAccount.hs b/gen/Amazonka/SecurityHub/EnableOrganizationAdminAccount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/EnableOrganizationAdminAccount.hs
@@ -0,0 +1,180 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.EnableOrganizationAdminAccount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Designates the Security Hub administrator account for an organization.
+-- Can only be called by the organization management account.
+module Amazonka.SecurityHub.EnableOrganizationAdminAccount
+  ( -- * Creating a Request
+    EnableOrganizationAdminAccount (..),
+    newEnableOrganizationAdminAccount,
+
+    -- * Request Lenses
+    enableOrganizationAdminAccount_adminAccountId,
+
+    -- * Destructuring the Response
+    EnableOrganizationAdminAccountResponse (..),
+    newEnableOrganizationAdminAccountResponse,
+
+    -- * Response Lenses
+    enableOrganizationAdminAccountResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newEnableOrganizationAdminAccount' smart constructor.
+data EnableOrganizationAdminAccount = EnableOrganizationAdminAccount'
+  { -- | The Amazon Web Services account identifier of the account to designate
+    -- as the Security Hub administrator account.
+    adminAccountId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EnableOrganizationAdminAccount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'adminAccountId', 'enableOrganizationAdminAccount_adminAccountId' - The Amazon Web Services account identifier of the account to designate
+-- as the Security Hub administrator account.
+newEnableOrganizationAdminAccount ::
+  -- | 'adminAccountId'
+  Prelude.Text ->
+  EnableOrganizationAdminAccount
+newEnableOrganizationAdminAccount pAdminAccountId_ =
+  EnableOrganizationAdminAccount'
+    { adminAccountId =
+        pAdminAccountId_
+    }
+
+-- | The Amazon Web Services account identifier of the account to designate
+-- as the Security Hub administrator account.
+enableOrganizationAdminAccount_adminAccountId :: Lens.Lens' EnableOrganizationAdminAccount Prelude.Text
+enableOrganizationAdminAccount_adminAccountId = Lens.lens (\EnableOrganizationAdminAccount' {adminAccountId} -> adminAccountId) (\s@EnableOrganizationAdminAccount' {} a -> s {adminAccountId = a} :: EnableOrganizationAdminAccount)
+
+instance
+  Core.AWSRequest
+    EnableOrganizationAdminAccount
+  where
+  type
+    AWSResponse EnableOrganizationAdminAccount =
+      EnableOrganizationAdminAccountResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          EnableOrganizationAdminAccountResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    EnableOrganizationAdminAccount
+  where
+  hashWithSalt
+    _salt
+    EnableOrganizationAdminAccount' {..} =
+      _salt `Prelude.hashWithSalt` adminAccountId
+
+instance
+  Prelude.NFData
+    EnableOrganizationAdminAccount
+  where
+  rnf EnableOrganizationAdminAccount' {..} =
+    Prelude.rnf adminAccountId
+
+instance
+  Data.ToHeaders
+    EnableOrganizationAdminAccount
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON EnableOrganizationAdminAccount where
+  toJSON EnableOrganizationAdminAccount' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("AdminAccountId" Data..= adminAccountId)
+          ]
+      )
+
+instance Data.ToPath EnableOrganizationAdminAccount where
+  toPath = Prelude.const "/organization/admin/enable"
+
+instance Data.ToQuery EnableOrganizationAdminAccount where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newEnableOrganizationAdminAccountResponse' smart constructor.
+data EnableOrganizationAdminAccountResponse = EnableOrganizationAdminAccountResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EnableOrganizationAdminAccountResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'enableOrganizationAdminAccountResponse_httpStatus' - The response's http status code.
+newEnableOrganizationAdminAccountResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  EnableOrganizationAdminAccountResponse
+newEnableOrganizationAdminAccountResponse
+  pHttpStatus_ =
+    EnableOrganizationAdminAccountResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+enableOrganizationAdminAccountResponse_httpStatus :: Lens.Lens' EnableOrganizationAdminAccountResponse Prelude.Int
+enableOrganizationAdminAccountResponse_httpStatus = Lens.lens (\EnableOrganizationAdminAccountResponse' {httpStatus} -> httpStatus) (\s@EnableOrganizationAdminAccountResponse' {} a -> s {httpStatus = a} :: EnableOrganizationAdminAccountResponse)
+
+instance
+  Prelude.NFData
+    EnableOrganizationAdminAccountResponse
+  where
+  rnf EnableOrganizationAdminAccountResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/EnableSecurityHub.hs b/gen/Amazonka/SecurityHub/EnableSecurityHub.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/EnableSecurityHub.hs
@@ -0,0 +1,208 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.EnableSecurityHub
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Enables Security Hub for your account in the current Region or the
+-- Region you specify in the request.
+--
+-- When you enable Security Hub, you grant to Security Hub the permissions
+-- necessary to gather findings from other services that are integrated
+-- with Security Hub.
+--
+-- When you use the @EnableSecurityHub@ operation to enable Security Hub,
+-- you also automatically enable the following standards.
+--
+-- -   CIS Amazon Web Services Foundations
+--
+-- -   Amazon Web Services Foundational Security Best Practices
+--
+-- You do not enable the Payment Card Industry Data Security Standard (PCI
+-- DSS) standard.
+--
+-- To not enable the automatically enabled standards, set
+-- @EnableDefaultStandards@ to @false@.
+--
+-- After you enable Security Hub, to enable a standard, use the
+-- @BatchEnableStandards@ operation. To disable a standard, use the
+-- @BatchDisableStandards@ operation.
+--
+-- To learn more, see the
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html setup information>
+-- in the /Security Hub User Guide/.
+module Amazonka.SecurityHub.EnableSecurityHub
+  ( -- * Creating a Request
+    EnableSecurityHub (..),
+    newEnableSecurityHub,
+
+    -- * Request Lenses
+    enableSecurityHub_enableDefaultStandards,
+    enableSecurityHub_tags,
+
+    -- * Destructuring the Response
+    EnableSecurityHubResponse (..),
+    newEnableSecurityHubResponse,
+
+    -- * Response Lenses
+    enableSecurityHubResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newEnableSecurityHub' smart constructor.
+data EnableSecurityHub = EnableSecurityHub'
+  { -- | Whether to enable the security standards that Security Hub has
+    -- designated as automatically enabled. If you do not provide a value for
+    -- @EnableDefaultStandards@, it is set to @true@. To not enable the
+    -- automatically enabled standards, set @EnableDefaultStandards@ to
+    -- @false@.
+    enableDefaultStandards :: Prelude.Maybe Prelude.Bool,
+    -- | The tags to add to the hub resource when you enable Security Hub.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EnableSecurityHub' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enableDefaultStandards', 'enableSecurityHub_enableDefaultStandards' - Whether to enable the security standards that Security Hub has
+-- designated as automatically enabled. If you do not provide a value for
+-- @EnableDefaultStandards@, it is set to @true@. To not enable the
+-- automatically enabled standards, set @EnableDefaultStandards@ to
+-- @false@.
+--
+-- 'tags', 'enableSecurityHub_tags' - The tags to add to the hub resource when you enable Security Hub.
+newEnableSecurityHub ::
+  EnableSecurityHub
+newEnableSecurityHub =
+  EnableSecurityHub'
+    { enableDefaultStandards =
+        Prelude.Nothing,
+      tags = Prelude.Nothing
+    }
+
+-- | Whether to enable the security standards that Security Hub has
+-- designated as automatically enabled. If you do not provide a value for
+-- @EnableDefaultStandards@, it is set to @true@. To not enable the
+-- automatically enabled standards, set @EnableDefaultStandards@ to
+-- @false@.
+enableSecurityHub_enableDefaultStandards :: Lens.Lens' EnableSecurityHub (Prelude.Maybe Prelude.Bool)
+enableSecurityHub_enableDefaultStandards = Lens.lens (\EnableSecurityHub' {enableDefaultStandards} -> enableDefaultStandards) (\s@EnableSecurityHub' {} a -> s {enableDefaultStandards = a} :: EnableSecurityHub)
+
+-- | The tags to add to the hub resource when you enable Security Hub.
+enableSecurityHub_tags :: Lens.Lens' EnableSecurityHub (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+enableSecurityHub_tags = Lens.lens (\EnableSecurityHub' {tags} -> tags) (\s@EnableSecurityHub' {} a -> s {tags = a} :: EnableSecurityHub) Prelude.. Lens.mapping Lens.coerced
+
+instance Core.AWSRequest EnableSecurityHub where
+  type
+    AWSResponse EnableSecurityHub =
+      EnableSecurityHubResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          EnableSecurityHubResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable EnableSecurityHub where
+  hashWithSalt _salt EnableSecurityHub' {..} =
+    _salt
+      `Prelude.hashWithSalt` enableDefaultStandards
+      `Prelude.hashWithSalt` tags
+
+instance Prelude.NFData EnableSecurityHub where
+  rnf EnableSecurityHub' {..} =
+    Prelude.rnf enableDefaultStandards
+      `Prelude.seq` Prelude.rnf tags
+
+instance Data.ToHeaders EnableSecurityHub where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON EnableSecurityHub where
+  toJSON EnableSecurityHub' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("EnableDefaultStandards" Data..=)
+              Prelude.<$> enableDefaultStandards,
+            ("Tags" Data..=) Prelude.<$> tags
+          ]
+      )
+
+instance Data.ToPath EnableSecurityHub where
+  toPath = Prelude.const "/accounts"
+
+instance Data.ToQuery EnableSecurityHub where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newEnableSecurityHubResponse' smart constructor.
+data EnableSecurityHubResponse = EnableSecurityHubResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EnableSecurityHubResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'enableSecurityHubResponse_httpStatus' - The response's http status code.
+newEnableSecurityHubResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  EnableSecurityHubResponse
+newEnableSecurityHubResponse pHttpStatus_ =
+  EnableSecurityHubResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+enableSecurityHubResponse_httpStatus :: Lens.Lens' EnableSecurityHubResponse Prelude.Int
+enableSecurityHubResponse_httpStatus = Lens.lens (\EnableSecurityHubResponse' {httpStatus} -> httpStatus) (\s@EnableSecurityHubResponse' {} a -> s {httpStatus = a} :: EnableSecurityHubResponse)
+
+instance Prelude.NFData EnableSecurityHubResponse where
+  rnf EnableSecurityHubResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/GetAdministratorAccount.hs b/gen/Amazonka/SecurityHub/GetAdministratorAccount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/GetAdministratorAccount.hs
@@ -0,0 +1,147 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.GetAdministratorAccount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Provides the details for the Security Hub administrator account for the
+-- current member account.
+--
+-- Can be used by both member accounts that are managed using Organizations
+-- and accounts that were invited manually.
+module Amazonka.SecurityHub.GetAdministratorAccount
+  ( -- * Creating a Request
+    GetAdministratorAccount (..),
+    newGetAdministratorAccount,
+
+    -- * Destructuring the Response
+    GetAdministratorAccountResponse (..),
+    newGetAdministratorAccountResponse,
+
+    -- * Response Lenses
+    getAdministratorAccountResponse_administrator,
+    getAdministratorAccountResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newGetAdministratorAccount' smart constructor.
+data GetAdministratorAccount = GetAdministratorAccount'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetAdministratorAccount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newGetAdministratorAccount ::
+  GetAdministratorAccount
+newGetAdministratorAccount = GetAdministratorAccount'
+
+instance Core.AWSRequest GetAdministratorAccount where
+  type
+    AWSResponse GetAdministratorAccount =
+      GetAdministratorAccountResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetAdministratorAccountResponse'
+            Prelude.<$> (x Data..?> "Administrator")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetAdministratorAccount where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData GetAdministratorAccount where
+  rnf _ = ()
+
+instance Data.ToHeaders GetAdministratorAccount where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetAdministratorAccount where
+  toPath = Prelude.const "/administrator"
+
+instance Data.ToQuery GetAdministratorAccount where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetAdministratorAccountResponse' smart constructor.
+data GetAdministratorAccountResponse = GetAdministratorAccountResponse'
+  { administrator :: Prelude.Maybe Invitation,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetAdministratorAccountResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'administrator', 'getAdministratorAccountResponse_administrator' - Undocumented member.
+--
+-- 'httpStatus', 'getAdministratorAccountResponse_httpStatus' - The response's http status code.
+newGetAdministratorAccountResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetAdministratorAccountResponse
+newGetAdministratorAccountResponse pHttpStatus_ =
+  GetAdministratorAccountResponse'
+    { administrator =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Undocumented member.
+getAdministratorAccountResponse_administrator :: Lens.Lens' GetAdministratorAccountResponse (Prelude.Maybe Invitation)
+getAdministratorAccountResponse_administrator = Lens.lens (\GetAdministratorAccountResponse' {administrator} -> administrator) (\s@GetAdministratorAccountResponse' {} a -> s {administrator = a} :: GetAdministratorAccountResponse)
+
+-- | The response's http status code.
+getAdministratorAccountResponse_httpStatus :: Lens.Lens' GetAdministratorAccountResponse Prelude.Int
+getAdministratorAccountResponse_httpStatus = Lens.lens (\GetAdministratorAccountResponse' {httpStatus} -> httpStatus) (\s@GetAdministratorAccountResponse' {} a -> s {httpStatus = a} :: GetAdministratorAccountResponse)
+
+instance
+  Prelude.NFData
+    GetAdministratorAccountResponse
+  where
+  rnf GetAdministratorAccountResponse' {..} =
+    Prelude.rnf administrator
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/GetEnabledStandards.hs b/gen/Amazonka/SecurityHub/GetEnabledStandards.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/GetEnabledStandards.hs
@@ -0,0 +1,257 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.GetEnabledStandards
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns a list of the standards that are currently enabled.
+--
+-- This operation returns paginated results.
+module Amazonka.SecurityHub.GetEnabledStandards
+  ( -- * Creating a Request
+    GetEnabledStandards (..),
+    newGetEnabledStandards,
+
+    -- * Request Lenses
+    getEnabledStandards_maxResults,
+    getEnabledStandards_nextToken,
+    getEnabledStandards_standardsSubscriptionArns,
+
+    -- * Destructuring the Response
+    GetEnabledStandardsResponse (..),
+    newGetEnabledStandardsResponse,
+
+    -- * Response Lenses
+    getEnabledStandardsResponse_nextToken,
+    getEnabledStandardsResponse_standardsSubscriptions,
+    getEnabledStandardsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newGetEnabledStandards' smart constructor.
+data GetEnabledStandards = GetEnabledStandards'
+  { -- | The maximum number of results to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The token that is required for pagination. On your first call to the
+    -- @GetEnabledStandards@ operation, set the value of this parameter to
+    -- @NULL@.
+    --
+    -- For subsequent calls to the operation, to continue listing data, set the
+    -- value of this parameter to the value returned from the previous
+    -- response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The list of the standards subscription ARNs for the standards to
+    -- retrieve.
+    standardsSubscriptionArns :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetEnabledStandards' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'getEnabledStandards_maxResults' - The maximum number of results to return in the response.
+--
+-- 'nextToken', 'getEnabledStandards_nextToken' - The token that is required for pagination. On your first call to the
+-- @GetEnabledStandards@ operation, set the value of this parameter to
+-- @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+--
+-- 'standardsSubscriptionArns', 'getEnabledStandards_standardsSubscriptionArns' - The list of the standards subscription ARNs for the standards to
+-- retrieve.
+newGetEnabledStandards ::
+  GetEnabledStandards
+newGetEnabledStandards =
+  GetEnabledStandards'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      standardsSubscriptionArns = Prelude.Nothing
+    }
+
+-- | The maximum number of results to return in the response.
+getEnabledStandards_maxResults :: Lens.Lens' GetEnabledStandards (Prelude.Maybe Prelude.Natural)
+getEnabledStandards_maxResults = Lens.lens (\GetEnabledStandards' {maxResults} -> maxResults) (\s@GetEnabledStandards' {} a -> s {maxResults = a} :: GetEnabledStandards)
+
+-- | The token that is required for pagination. On your first call to the
+-- @GetEnabledStandards@ operation, set the value of this parameter to
+-- @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+getEnabledStandards_nextToken :: Lens.Lens' GetEnabledStandards (Prelude.Maybe Prelude.Text)
+getEnabledStandards_nextToken = Lens.lens (\GetEnabledStandards' {nextToken} -> nextToken) (\s@GetEnabledStandards' {} a -> s {nextToken = a} :: GetEnabledStandards)
+
+-- | The list of the standards subscription ARNs for the standards to
+-- retrieve.
+getEnabledStandards_standardsSubscriptionArns :: Lens.Lens' GetEnabledStandards (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+getEnabledStandards_standardsSubscriptionArns = Lens.lens (\GetEnabledStandards' {standardsSubscriptionArns} -> standardsSubscriptionArns) (\s@GetEnabledStandards' {} a -> s {standardsSubscriptionArns = a} :: GetEnabledStandards) Prelude.. Lens.mapping Lens.coerced
+
+instance Core.AWSPager GetEnabledStandards where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? getEnabledStandardsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? getEnabledStandardsResponse_standardsSubscriptions
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& getEnabledStandards_nextToken
+          Lens..~ rs
+          Lens.^? getEnabledStandardsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest GetEnabledStandards where
+  type
+    AWSResponse GetEnabledStandards =
+      GetEnabledStandardsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetEnabledStandardsResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> ( x
+                            Data..?> "StandardsSubscriptions"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetEnabledStandards where
+  hashWithSalt _salt GetEnabledStandards' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` standardsSubscriptionArns
+
+instance Prelude.NFData GetEnabledStandards where
+  rnf GetEnabledStandards' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf standardsSubscriptionArns
+
+instance Data.ToHeaders GetEnabledStandards where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetEnabledStandards where
+  toJSON GetEnabledStandards' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            ("StandardsSubscriptionArns" Data..=)
+              Prelude.<$> standardsSubscriptionArns
+          ]
+      )
+
+instance Data.ToPath GetEnabledStandards where
+  toPath = Prelude.const "/standards/get"
+
+instance Data.ToQuery GetEnabledStandards where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetEnabledStandardsResponse' smart constructor.
+data GetEnabledStandardsResponse = GetEnabledStandardsResponse'
+  { -- | The pagination token to use to request the next page of results.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The list of @StandardsSubscriptions@ objects that include information
+    -- about the enabled standards.
+    standardsSubscriptions :: Prelude.Maybe [StandardsSubscription],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetEnabledStandardsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'getEnabledStandardsResponse_nextToken' - The pagination token to use to request the next page of results.
+--
+-- 'standardsSubscriptions', 'getEnabledStandardsResponse_standardsSubscriptions' - The list of @StandardsSubscriptions@ objects that include information
+-- about the enabled standards.
+--
+-- 'httpStatus', 'getEnabledStandardsResponse_httpStatus' - The response's http status code.
+newGetEnabledStandardsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetEnabledStandardsResponse
+newGetEnabledStandardsResponse pHttpStatus_ =
+  GetEnabledStandardsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      standardsSubscriptions = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The pagination token to use to request the next page of results.
+getEnabledStandardsResponse_nextToken :: Lens.Lens' GetEnabledStandardsResponse (Prelude.Maybe Prelude.Text)
+getEnabledStandardsResponse_nextToken = Lens.lens (\GetEnabledStandardsResponse' {nextToken} -> nextToken) (\s@GetEnabledStandardsResponse' {} a -> s {nextToken = a} :: GetEnabledStandardsResponse)
+
+-- | The list of @StandardsSubscriptions@ objects that include information
+-- about the enabled standards.
+getEnabledStandardsResponse_standardsSubscriptions :: Lens.Lens' GetEnabledStandardsResponse (Prelude.Maybe [StandardsSubscription])
+getEnabledStandardsResponse_standardsSubscriptions = Lens.lens (\GetEnabledStandardsResponse' {standardsSubscriptions} -> standardsSubscriptions) (\s@GetEnabledStandardsResponse' {} a -> s {standardsSubscriptions = a} :: GetEnabledStandardsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+getEnabledStandardsResponse_httpStatus :: Lens.Lens' GetEnabledStandardsResponse Prelude.Int
+getEnabledStandardsResponse_httpStatus = Lens.lens (\GetEnabledStandardsResponse' {httpStatus} -> httpStatus) (\s@GetEnabledStandardsResponse' {} a -> s {httpStatus = a} :: GetEnabledStandardsResponse)
+
+instance Prelude.NFData GetEnabledStandardsResponse where
+  rnf GetEnabledStandardsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf standardsSubscriptions
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/GetFindingAggregator.hs b/gen/Amazonka/SecurityHub/GetFindingAggregator.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/GetFindingAggregator.hs
@@ -0,0 +1,207 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.GetFindingAggregator
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the current finding aggregation configuration.
+module Amazonka.SecurityHub.GetFindingAggregator
+  ( -- * Creating a Request
+    GetFindingAggregator (..),
+    newGetFindingAggregator,
+
+    -- * Request Lenses
+    getFindingAggregator_findingAggregatorArn,
+
+    -- * Destructuring the Response
+    GetFindingAggregatorResponse (..),
+    newGetFindingAggregatorResponse,
+
+    -- * Response Lenses
+    getFindingAggregatorResponse_findingAggregationRegion,
+    getFindingAggregatorResponse_findingAggregatorArn,
+    getFindingAggregatorResponse_regionLinkingMode,
+    getFindingAggregatorResponse_regions,
+    getFindingAggregatorResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newGetFindingAggregator' smart constructor.
+data GetFindingAggregator = GetFindingAggregator'
+  { -- | The ARN of the finding aggregator to return details for. To obtain the
+    -- ARN, use @ListFindingAggregators@.
+    findingAggregatorArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFindingAggregator' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'findingAggregatorArn', 'getFindingAggregator_findingAggregatorArn' - The ARN of the finding aggregator to return details for. To obtain the
+-- ARN, use @ListFindingAggregators@.
+newGetFindingAggregator ::
+  -- | 'findingAggregatorArn'
+  Prelude.Text ->
+  GetFindingAggregator
+newGetFindingAggregator pFindingAggregatorArn_ =
+  GetFindingAggregator'
+    { findingAggregatorArn =
+        pFindingAggregatorArn_
+    }
+
+-- | The ARN of the finding aggregator to return details for. To obtain the
+-- ARN, use @ListFindingAggregators@.
+getFindingAggregator_findingAggregatorArn :: Lens.Lens' GetFindingAggregator Prelude.Text
+getFindingAggregator_findingAggregatorArn = Lens.lens (\GetFindingAggregator' {findingAggregatorArn} -> findingAggregatorArn) (\s@GetFindingAggregator' {} a -> s {findingAggregatorArn = a} :: GetFindingAggregator)
+
+instance Core.AWSRequest GetFindingAggregator where
+  type
+    AWSResponse GetFindingAggregator =
+      GetFindingAggregatorResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetFindingAggregatorResponse'
+            Prelude.<$> (x Data..?> "FindingAggregationRegion")
+            Prelude.<*> (x Data..?> "FindingAggregatorArn")
+            Prelude.<*> (x Data..?> "RegionLinkingMode")
+            Prelude.<*> (x Data..?> "Regions" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetFindingAggregator where
+  hashWithSalt _salt GetFindingAggregator' {..} =
+    _salt `Prelude.hashWithSalt` findingAggregatorArn
+
+instance Prelude.NFData GetFindingAggregator where
+  rnf GetFindingAggregator' {..} =
+    Prelude.rnf findingAggregatorArn
+
+instance Data.ToHeaders GetFindingAggregator where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetFindingAggregator where
+  toPath GetFindingAggregator' {..} =
+    Prelude.mconcat
+      [ "/findingAggregator/get/",
+        Data.toBS findingAggregatorArn
+      ]
+
+instance Data.ToQuery GetFindingAggregator where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetFindingAggregatorResponse' smart constructor.
+data GetFindingAggregatorResponse = GetFindingAggregatorResponse'
+  { -- | The aggregation Region.
+    findingAggregationRegion :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the finding aggregator.
+    findingAggregatorArn :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether to link all Regions, all Regions except for a list of
+    -- excluded Regions, or a list of included Regions.
+    regionLinkingMode :: Prelude.Maybe Prelude.Text,
+    -- | The list of excluded Regions or included Regions.
+    regions :: Prelude.Maybe [Prelude.Text],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFindingAggregatorResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'findingAggregationRegion', 'getFindingAggregatorResponse_findingAggregationRegion' - The aggregation Region.
+--
+-- 'findingAggregatorArn', 'getFindingAggregatorResponse_findingAggregatorArn' - The ARN of the finding aggregator.
+--
+-- 'regionLinkingMode', 'getFindingAggregatorResponse_regionLinkingMode' - Indicates whether to link all Regions, all Regions except for a list of
+-- excluded Regions, or a list of included Regions.
+--
+-- 'regions', 'getFindingAggregatorResponse_regions' - The list of excluded Regions or included Regions.
+--
+-- 'httpStatus', 'getFindingAggregatorResponse_httpStatus' - The response's http status code.
+newGetFindingAggregatorResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetFindingAggregatorResponse
+newGetFindingAggregatorResponse pHttpStatus_ =
+  GetFindingAggregatorResponse'
+    { findingAggregationRegion =
+        Prelude.Nothing,
+      findingAggregatorArn = Prelude.Nothing,
+      regionLinkingMode = Prelude.Nothing,
+      regions = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The aggregation Region.
+getFindingAggregatorResponse_findingAggregationRegion :: Lens.Lens' GetFindingAggregatorResponse (Prelude.Maybe Prelude.Text)
+getFindingAggregatorResponse_findingAggregationRegion = Lens.lens (\GetFindingAggregatorResponse' {findingAggregationRegion} -> findingAggregationRegion) (\s@GetFindingAggregatorResponse' {} a -> s {findingAggregationRegion = a} :: GetFindingAggregatorResponse)
+
+-- | The ARN of the finding aggregator.
+getFindingAggregatorResponse_findingAggregatorArn :: Lens.Lens' GetFindingAggregatorResponse (Prelude.Maybe Prelude.Text)
+getFindingAggregatorResponse_findingAggregatorArn = Lens.lens (\GetFindingAggregatorResponse' {findingAggregatorArn} -> findingAggregatorArn) (\s@GetFindingAggregatorResponse' {} a -> s {findingAggregatorArn = a} :: GetFindingAggregatorResponse)
+
+-- | Indicates whether to link all Regions, all Regions except for a list of
+-- excluded Regions, or a list of included Regions.
+getFindingAggregatorResponse_regionLinkingMode :: Lens.Lens' GetFindingAggregatorResponse (Prelude.Maybe Prelude.Text)
+getFindingAggregatorResponse_regionLinkingMode = Lens.lens (\GetFindingAggregatorResponse' {regionLinkingMode} -> regionLinkingMode) (\s@GetFindingAggregatorResponse' {} a -> s {regionLinkingMode = a} :: GetFindingAggregatorResponse)
+
+-- | The list of excluded Regions or included Regions.
+getFindingAggregatorResponse_regions :: Lens.Lens' GetFindingAggregatorResponse (Prelude.Maybe [Prelude.Text])
+getFindingAggregatorResponse_regions = Lens.lens (\GetFindingAggregatorResponse' {regions} -> regions) (\s@GetFindingAggregatorResponse' {} a -> s {regions = a} :: GetFindingAggregatorResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+getFindingAggregatorResponse_httpStatus :: Lens.Lens' GetFindingAggregatorResponse Prelude.Int
+getFindingAggregatorResponse_httpStatus = Lens.lens (\GetFindingAggregatorResponse' {httpStatus} -> httpStatus) (\s@GetFindingAggregatorResponse' {} a -> s {httpStatus = a} :: GetFindingAggregatorResponse)
+
+instance Prelude.NFData GetFindingAggregatorResponse where
+  rnf GetFindingAggregatorResponse' {..} =
+    Prelude.rnf findingAggregationRegion
+      `Prelude.seq` Prelude.rnf findingAggregatorArn
+      `Prelude.seq` Prelude.rnf regionLinkingMode
+      `Prelude.seq` Prelude.rnf regions
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/GetFindings.hs b/gen/Amazonka/SecurityHub/GetFindings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/GetFindings.hs
@@ -0,0 +1,278 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.GetFindings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns a list of findings that match the specified criteria.
+--
+-- If finding aggregation is enabled, then when you call @GetFindings@ from
+-- the aggregation Region, the results include all of the matching findings
+-- from both the aggregation Region and the linked Regions.
+--
+-- This operation returns paginated results.
+module Amazonka.SecurityHub.GetFindings
+  ( -- * Creating a Request
+    GetFindings (..),
+    newGetFindings,
+
+    -- * Request Lenses
+    getFindings_filters,
+    getFindings_maxResults,
+    getFindings_nextToken,
+    getFindings_sortCriteria,
+
+    -- * Destructuring the Response
+    GetFindingsResponse (..),
+    newGetFindingsResponse,
+
+    -- * Response Lenses
+    getFindingsResponse_nextToken,
+    getFindingsResponse_httpStatus,
+    getFindingsResponse_findings,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newGetFindings' smart constructor.
+data GetFindings = GetFindings'
+  { -- | The finding attributes used to define a condition to filter the returned
+    -- findings.
+    --
+    -- You can filter by up to 10 finding attributes. For each attribute, you
+    -- can provide up to 20 filter values.
+    --
+    -- Note that in the available filter fields, @WorkflowState@ is deprecated.
+    -- To search for a finding based on its workflow status, use
+    -- @WorkflowStatus@.
+    filters :: Prelude.Maybe AwsSecurityFindingFilters,
+    -- | The maximum number of findings to return.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The token that is required for pagination. On your first call to the
+    -- @GetFindings@ operation, set the value of this parameter to @NULL@.
+    --
+    -- For subsequent calls to the operation, to continue listing data, set the
+    -- value of this parameter to the value returned from the previous
+    -- response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The finding attributes used to sort the list of returned findings.
+    sortCriteria :: Prelude.Maybe [SortCriterion]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFindings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filters', 'getFindings_filters' - The finding attributes used to define a condition to filter the returned
+-- findings.
+--
+-- You can filter by up to 10 finding attributes. For each attribute, you
+-- can provide up to 20 filter values.
+--
+-- Note that in the available filter fields, @WorkflowState@ is deprecated.
+-- To search for a finding based on its workflow status, use
+-- @WorkflowStatus@.
+--
+-- 'maxResults', 'getFindings_maxResults' - The maximum number of findings to return.
+--
+-- 'nextToken', 'getFindings_nextToken' - The token that is required for pagination. On your first call to the
+-- @GetFindings@ operation, set the value of this parameter to @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+--
+-- 'sortCriteria', 'getFindings_sortCriteria' - The finding attributes used to sort the list of returned findings.
+newGetFindings ::
+  GetFindings
+newGetFindings =
+  GetFindings'
+    { filters = Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      sortCriteria = Prelude.Nothing
+    }
+
+-- | The finding attributes used to define a condition to filter the returned
+-- findings.
+--
+-- You can filter by up to 10 finding attributes. For each attribute, you
+-- can provide up to 20 filter values.
+--
+-- Note that in the available filter fields, @WorkflowState@ is deprecated.
+-- To search for a finding based on its workflow status, use
+-- @WorkflowStatus@.
+getFindings_filters :: Lens.Lens' GetFindings (Prelude.Maybe AwsSecurityFindingFilters)
+getFindings_filters = Lens.lens (\GetFindings' {filters} -> filters) (\s@GetFindings' {} a -> s {filters = a} :: GetFindings)
+
+-- | The maximum number of findings to return.
+getFindings_maxResults :: Lens.Lens' GetFindings (Prelude.Maybe Prelude.Natural)
+getFindings_maxResults = Lens.lens (\GetFindings' {maxResults} -> maxResults) (\s@GetFindings' {} a -> s {maxResults = a} :: GetFindings)
+
+-- | The token that is required for pagination. On your first call to the
+-- @GetFindings@ operation, set the value of this parameter to @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+getFindings_nextToken :: Lens.Lens' GetFindings (Prelude.Maybe Prelude.Text)
+getFindings_nextToken = Lens.lens (\GetFindings' {nextToken} -> nextToken) (\s@GetFindings' {} a -> s {nextToken = a} :: GetFindings)
+
+-- | The finding attributes used to sort the list of returned findings.
+getFindings_sortCriteria :: Lens.Lens' GetFindings (Prelude.Maybe [SortCriterion])
+getFindings_sortCriteria = Lens.lens (\GetFindings' {sortCriteria} -> sortCriteria) (\s@GetFindings' {} a -> s {sortCriteria = a} :: GetFindings) Prelude.. Lens.mapping Lens.coerced
+
+instance Core.AWSPager GetFindings where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? getFindingsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop (rs Lens.^. getFindingsResponse_findings) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& getFindings_nextToken
+          Lens..~ rs
+          Lens.^? getFindingsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest GetFindings where
+  type AWSResponse GetFindings = GetFindingsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetFindingsResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "Findings" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable GetFindings where
+  hashWithSalt _salt GetFindings' {..} =
+    _salt
+      `Prelude.hashWithSalt` filters
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` sortCriteria
+
+instance Prelude.NFData GetFindings where
+  rnf GetFindings' {..} =
+    Prelude.rnf filters
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf sortCriteria
+
+instance Data.ToHeaders GetFindings where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetFindings where
+  toJSON GetFindings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Filters" Data..=) Prelude.<$> filters,
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            ("SortCriteria" Data..=) Prelude.<$> sortCriteria
+          ]
+      )
+
+instance Data.ToPath GetFindings where
+  toPath = Prelude.const "/findings"
+
+instance Data.ToQuery GetFindings where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetFindingsResponse' smart constructor.
+data GetFindingsResponse = GetFindingsResponse'
+  { -- | The pagination token to use to request the next page of results.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The findings that matched the filters specified in the request.
+    findings :: [AwsSecurityFinding]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFindingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'getFindingsResponse_nextToken' - The pagination token to use to request the next page of results.
+--
+-- 'httpStatus', 'getFindingsResponse_httpStatus' - The response's http status code.
+--
+-- 'findings', 'getFindingsResponse_findings' - The findings that matched the filters specified in the request.
+newGetFindingsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetFindingsResponse
+newGetFindingsResponse pHttpStatus_ =
+  GetFindingsResponse'
+    { nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      findings = Prelude.mempty
+    }
+
+-- | The pagination token to use to request the next page of results.
+getFindingsResponse_nextToken :: Lens.Lens' GetFindingsResponse (Prelude.Maybe Prelude.Text)
+getFindingsResponse_nextToken = Lens.lens (\GetFindingsResponse' {nextToken} -> nextToken) (\s@GetFindingsResponse' {} a -> s {nextToken = a} :: GetFindingsResponse)
+
+-- | The response's http status code.
+getFindingsResponse_httpStatus :: Lens.Lens' GetFindingsResponse Prelude.Int
+getFindingsResponse_httpStatus = Lens.lens (\GetFindingsResponse' {httpStatus} -> httpStatus) (\s@GetFindingsResponse' {} a -> s {httpStatus = a} :: GetFindingsResponse)
+
+-- | The findings that matched the filters specified in the request.
+getFindingsResponse_findings :: Lens.Lens' GetFindingsResponse [AwsSecurityFinding]
+getFindingsResponse_findings = Lens.lens (\GetFindingsResponse' {findings} -> findings) (\s@GetFindingsResponse' {} a -> s {findings = a} :: GetFindingsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData GetFindingsResponse where
+  rnf GetFindingsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf findings
diff --git a/gen/Amazonka/SecurityHub/GetInsightResults.hs b/gen/Amazonka/SecurityHub/GetInsightResults.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/GetInsightResults.hs
@@ -0,0 +1,164 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.GetInsightResults
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the results of the Security Hub insight specified by the insight
+-- ARN.
+module Amazonka.SecurityHub.GetInsightResults
+  ( -- * Creating a Request
+    GetInsightResults (..),
+    newGetInsightResults,
+
+    -- * Request Lenses
+    getInsightResults_insightArn,
+
+    -- * Destructuring the Response
+    GetInsightResultsResponse (..),
+    newGetInsightResultsResponse,
+
+    -- * Response Lenses
+    getInsightResultsResponse_httpStatus,
+    getInsightResultsResponse_insightResults,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newGetInsightResults' smart constructor.
+data GetInsightResults = GetInsightResults'
+  { -- | The ARN of the insight for which to return results.
+    insightArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetInsightResults' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'insightArn', 'getInsightResults_insightArn' - The ARN of the insight for which to return results.
+newGetInsightResults ::
+  -- | 'insightArn'
+  Prelude.Text ->
+  GetInsightResults
+newGetInsightResults pInsightArn_ =
+  GetInsightResults' {insightArn = pInsightArn_}
+
+-- | The ARN of the insight for which to return results.
+getInsightResults_insightArn :: Lens.Lens' GetInsightResults Prelude.Text
+getInsightResults_insightArn = Lens.lens (\GetInsightResults' {insightArn} -> insightArn) (\s@GetInsightResults' {} a -> s {insightArn = a} :: GetInsightResults)
+
+instance Core.AWSRequest GetInsightResults where
+  type
+    AWSResponse GetInsightResults =
+      GetInsightResultsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetInsightResultsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "InsightResults")
+      )
+
+instance Prelude.Hashable GetInsightResults where
+  hashWithSalt _salt GetInsightResults' {..} =
+    _salt `Prelude.hashWithSalt` insightArn
+
+instance Prelude.NFData GetInsightResults where
+  rnf GetInsightResults' {..} = Prelude.rnf insightArn
+
+instance Data.ToHeaders GetInsightResults where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetInsightResults where
+  toPath GetInsightResults' {..} =
+    Prelude.mconcat
+      ["/insights/results/", Data.toBS insightArn]
+
+instance Data.ToQuery GetInsightResults where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetInsightResultsResponse' smart constructor.
+data GetInsightResultsResponse = GetInsightResultsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The insight results returned by the operation.
+    insightResults :: InsightResults
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetInsightResultsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'getInsightResultsResponse_httpStatus' - The response's http status code.
+--
+-- 'insightResults', 'getInsightResultsResponse_insightResults' - The insight results returned by the operation.
+newGetInsightResultsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'insightResults'
+  InsightResults ->
+  GetInsightResultsResponse
+newGetInsightResultsResponse
+  pHttpStatus_
+  pInsightResults_ =
+    GetInsightResultsResponse'
+      { httpStatus =
+          pHttpStatus_,
+        insightResults = pInsightResults_
+      }
+
+-- | The response's http status code.
+getInsightResultsResponse_httpStatus :: Lens.Lens' GetInsightResultsResponse Prelude.Int
+getInsightResultsResponse_httpStatus = Lens.lens (\GetInsightResultsResponse' {httpStatus} -> httpStatus) (\s@GetInsightResultsResponse' {} a -> s {httpStatus = a} :: GetInsightResultsResponse)
+
+-- | The insight results returned by the operation.
+getInsightResultsResponse_insightResults :: Lens.Lens' GetInsightResultsResponse InsightResults
+getInsightResultsResponse_insightResults = Lens.lens (\GetInsightResultsResponse' {insightResults} -> insightResults) (\s@GetInsightResultsResponse' {} a -> s {insightResults = a} :: GetInsightResultsResponse)
+
+instance Prelude.NFData GetInsightResultsResponse where
+  rnf GetInsightResultsResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf insightResults
diff --git a/gen/Amazonka/SecurityHub/GetInsights.hs b/gen/Amazonka/SecurityHub/GetInsights.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/GetInsights.hs
@@ -0,0 +1,243 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.GetInsights
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists and describes insights for the specified insight ARNs.
+--
+-- This operation returns paginated results.
+module Amazonka.SecurityHub.GetInsights
+  ( -- * Creating a Request
+    GetInsights (..),
+    newGetInsights,
+
+    -- * Request Lenses
+    getInsights_insightArns,
+    getInsights_maxResults,
+    getInsights_nextToken,
+
+    -- * Destructuring the Response
+    GetInsightsResponse (..),
+    newGetInsightsResponse,
+
+    -- * Response Lenses
+    getInsightsResponse_nextToken,
+    getInsightsResponse_httpStatus,
+    getInsightsResponse_insights,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newGetInsights' smart constructor.
+data GetInsights = GetInsights'
+  { -- | The ARNs of the insights to describe. If you do not provide any insight
+    -- ARNs, then @GetInsights@ returns all of your custom insights. It does
+    -- not return any managed insights.
+    insightArns :: Prelude.Maybe [Prelude.Text],
+    -- | The maximum number of items to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The token that is required for pagination. On your first call to the
+    -- @GetInsights@ operation, set the value of this parameter to @NULL@.
+    --
+    -- For subsequent calls to the operation, to continue listing data, set the
+    -- value of this parameter to the value returned from the previous
+    -- response.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetInsights' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'insightArns', 'getInsights_insightArns' - The ARNs of the insights to describe. If you do not provide any insight
+-- ARNs, then @GetInsights@ returns all of your custom insights. It does
+-- not return any managed insights.
+--
+-- 'maxResults', 'getInsights_maxResults' - The maximum number of items to return in the response.
+--
+-- 'nextToken', 'getInsights_nextToken' - The token that is required for pagination. On your first call to the
+-- @GetInsights@ operation, set the value of this parameter to @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+newGetInsights ::
+  GetInsights
+newGetInsights =
+  GetInsights'
+    { insightArns = Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | The ARNs of the insights to describe. If you do not provide any insight
+-- ARNs, then @GetInsights@ returns all of your custom insights. It does
+-- not return any managed insights.
+getInsights_insightArns :: Lens.Lens' GetInsights (Prelude.Maybe [Prelude.Text])
+getInsights_insightArns = Lens.lens (\GetInsights' {insightArns} -> insightArns) (\s@GetInsights' {} a -> s {insightArns = a} :: GetInsights) Prelude.. Lens.mapping Lens.coerced
+
+-- | The maximum number of items to return in the response.
+getInsights_maxResults :: Lens.Lens' GetInsights (Prelude.Maybe Prelude.Natural)
+getInsights_maxResults = Lens.lens (\GetInsights' {maxResults} -> maxResults) (\s@GetInsights' {} a -> s {maxResults = a} :: GetInsights)
+
+-- | The token that is required for pagination. On your first call to the
+-- @GetInsights@ operation, set the value of this parameter to @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+getInsights_nextToken :: Lens.Lens' GetInsights (Prelude.Maybe Prelude.Text)
+getInsights_nextToken = Lens.lens (\GetInsights' {nextToken} -> nextToken) (\s@GetInsights' {} a -> s {nextToken = a} :: GetInsights)
+
+instance Core.AWSPager GetInsights where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? getInsightsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop (rs Lens.^. getInsightsResponse_insights) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& getInsights_nextToken
+          Lens..~ rs
+          Lens.^? getInsightsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest GetInsights where
+  type AWSResponse GetInsights = GetInsightsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetInsightsResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "Insights" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable GetInsights where
+  hashWithSalt _salt GetInsights' {..} =
+    _salt
+      `Prelude.hashWithSalt` insightArns
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData GetInsights where
+  rnf GetInsights' {..} =
+    Prelude.rnf insightArns
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders GetInsights where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetInsights where
+  toJSON GetInsights' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("InsightArns" Data..=) Prelude.<$> insightArns,
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken
+          ]
+      )
+
+instance Data.ToPath GetInsights where
+  toPath = Prelude.const "/insights/get"
+
+instance Data.ToQuery GetInsights where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetInsightsResponse' smart constructor.
+data GetInsightsResponse = GetInsightsResponse'
+  { -- | The pagination token to use to request the next page of results.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The insights returned by the operation.
+    insights :: [Insight]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetInsightsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'getInsightsResponse_nextToken' - The pagination token to use to request the next page of results.
+--
+-- 'httpStatus', 'getInsightsResponse_httpStatus' - The response's http status code.
+--
+-- 'insights', 'getInsightsResponse_insights' - The insights returned by the operation.
+newGetInsightsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetInsightsResponse
+newGetInsightsResponse pHttpStatus_ =
+  GetInsightsResponse'
+    { nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      insights = Prelude.mempty
+    }
+
+-- | The pagination token to use to request the next page of results.
+getInsightsResponse_nextToken :: Lens.Lens' GetInsightsResponse (Prelude.Maybe Prelude.Text)
+getInsightsResponse_nextToken = Lens.lens (\GetInsightsResponse' {nextToken} -> nextToken) (\s@GetInsightsResponse' {} a -> s {nextToken = a} :: GetInsightsResponse)
+
+-- | The response's http status code.
+getInsightsResponse_httpStatus :: Lens.Lens' GetInsightsResponse Prelude.Int
+getInsightsResponse_httpStatus = Lens.lens (\GetInsightsResponse' {httpStatus} -> httpStatus) (\s@GetInsightsResponse' {} a -> s {httpStatus = a} :: GetInsightsResponse)
+
+-- | The insights returned by the operation.
+getInsightsResponse_insights :: Lens.Lens' GetInsightsResponse [Insight]
+getInsightsResponse_insights = Lens.lens (\GetInsightsResponse' {insights} -> insights) (\s@GetInsightsResponse' {} a -> s {insights = a} :: GetInsightsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData GetInsightsResponse where
+  rnf GetInsightsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf insights
diff --git a/gen/Amazonka/SecurityHub/GetInvitationsCount.hs b/gen/Amazonka/SecurityHub/GetInvitationsCount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/GetInvitationsCount.hs
@@ -0,0 +1,146 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.GetInvitationsCount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the count of all Security Hub membership invitations that were
+-- sent to the current member account, not including the currently accepted
+-- invitation.
+module Amazonka.SecurityHub.GetInvitationsCount
+  ( -- * Creating a Request
+    GetInvitationsCount (..),
+    newGetInvitationsCount,
+
+    -- * Destructuring the Response
+    GetInvitationsCountResponse (..),
+    newGetInvitationsCountResponse,
+
+    -- * Response Lenses
+    getInvitationsCountResponse_invitationsCount,
+    getInvitationsCountResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newGetInvitationsCount' smart constructor.
+data GetInvitationsCount = GetInvitationsCount'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetInvitationsCount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newGetInvitationsCount ::
+  GetInvitationsCount
+newGetInvitationsCount = GetInvitationsCount'
+
+instance Core.AWSRequest GetInvitationsCount where
+  type
+    AWSResponse GetInvitationsCount =
+      GetInvitationsCountResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetInvitationsCountResponse'
+            Prelude.<$> (x Data..?> "InvitationsCount")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetInvitationsCount where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData GetInvitationsCount where
+  rnf _ = ()
+
+instance Data.ToHeaders GetInvitationsCount where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetInvitationsCount where
+  toPath = Prelude.const "/invitations/count"
+
+instance Data.ToQuery GetInvitationsCount where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetInvitationsCountResponse' smart constructor.
+data GetInvitationsCountResponse = GetInvitationsCountResponse'
+  { -- | The number of all membership invitations sent to this Security Hub
+    -- member account, not including the currently accepted invitation.
+    invitationsCount :: Prelude.Maybe Prelude.Int,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetInvitationsCountResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'invitationsCount', 'getInvitationsCountResponse_invitationsCount' - The number of all membership invitations sent to this Security Hub
+-- member account, not including the currently accepted invitation.
+--
+-- 'httpStatus', 'getInvitationsCountResponse_httpStatus' - The response's http status code.
+newGetInvitationsCountResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetInvitationsCountResponse
+newGetInvitationsCountResponse pHttpStatus_ =
+  GetInvitationsCountResponse'
+    { invitationsCount =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The number of all membership invitations sent to this Security Hub
+-- member account, not including the currently accepted invitation.
+getInvitationsCountResponse_invitationsCount :: Lens.Lens' GetInvitationsCountResponse (Prelude.Maybe Prelude.Int)
+getInvitationsCountResponse_invitationsCount = Lens.lens (\GetInvitationsCountResponse' {invitationsCount} -> invitationsCount) (\s@GetInvitationsCountResponse' {} a -> s {invitationsCount = a} :: GetInvitationsCountResponse)
+
+-- | The response's http status code.
+getInvitationsCountResponse_httpStatus :: Lens.Lens' GetInvitationsCountResponse Prelude.Int
+getInvitationsCountResponse_httpStatus = Lens.lens (\GetInvitationsCountResponse' {httpStatus} -> httpStatus) (\s@GetInvitationsCountResponse' {} a -> s {httpStatus = a} :: GetInvitationsCountResponse)
+
+instance Prelude.NFData GetInvitationsCountResponse where
+  rnf GetInvitationsCountResponse' {..} =
+    Prelude.rnf invitationsCount
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/GetMembers.hs b/gen/Amazonka/SecurityHub/GetMembers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/GetMembers.hs
@@ -0,0 +1,191 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.GetMembers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the details for the Security Hub member accounts for the
+-- specified account IDs.
+--
+-- An administrator account can be either the delegated Security Hub
+-- administrator account for an organization or an administrator account
+-- that enabled Security Hub manually.
+--
+-- The results include both member accounts that are managed using
+-- Organizations and accounts that were invited manually.
+module Amazonka.SecurityHub.GetMembers
+  ( -- * Creating a Request
+    GetMembers (..),
+    newGetMembers,
+
+    -- * Request Lenses
+    getMembers_accountIds,
+
+    -- * Destructuring the Response
+    GetMembersResponse (..),
+    newGetMembersResponse,
+
+    -- * Response Lenses
+    getMembersResponse_members,
+    getMembersResponse_unprocessedAccounts,
+    getMembersResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newGetMembers' smart constructor.
+data GetMembers = GetMembers'
+  { -- | The list of account IDs for the Security Hub member accounts to return
+    -- the details for.
+    accountIds :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetMembers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountIds', 'getMembers_accountIds' - The list of account IDs for the Security Hub member accounts to return
+-- the details for.
+newGetMembers ::
+  GetMembers
+newGetMembers =
+  GetMembers' {accountIds = Prelude.mempty}
+
+-- | The list of account IDs for the Security Hub member accounts to return
+-- the details for.
+getMembers_accountIds :: Lens.Lens' GetMembers [Prelude.Text]
+getMembers_accountIds = Lens.lens (\GetMembers' {accountIds} -> accountIds) (\s@GetMembers' {} a -> s {accountIds = a} :: GetMembers) Prelude.. Lens.coerced
+
+instance Core.AWSRequest GetMembers where
+  type AWSResponse GetMembers = GetMembersResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetMembersResponse'
+            Prelude.<$> (x Data..?> "Members" Core..!@ Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..?> "UnprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetMembers where
+  hashWithSalt _salt GetMembers' {..} =
+    _salt `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData GetMembers where
+  rnf GetMembers' {..} = Prelude.rnf accountIds
+
+instance Data.ToHeaders GetMembers where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetMembers where
+  toJSON GetMembers' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("AccountIds" Data..= accountIds)]
+      )
+
+instance Data.ToPath GetMembers where
+  toPath = Prelude.const "/members/get"
+
+instance Data.ToQuery GetMembers where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetMembersResponse' smart constructor.
+data GetMembersResponse = GetMembersResponse'
+  { -- | The list of details about the Security Hub member accounts.
+    members :: Prelude.Maybe [Member],
+    -- | The list of Amazon Web Services accounts that could not be processed.
+    -- For each account, the list includes the account ID and the email
+    -- address.
+    unprocessedAccounts :: Prelude.Maybe [Result],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetMembersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'members', 'getMembersResponse_members' - The list of details about the Security Hub member accounts.
+--
+-- 'unprocessedAccounts', 'getMembersResponse_unprocessedAccounts' - The list of Amazon Web Services accounts that could not be processed.
+-- For each account, the list includes the account ID and the email
+-- address.
+--
+-- 'httpStatus', 'getMembersResponse_httpStatus' - The response's http status code.
+newGetMembersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetMembersResponse
+newGetMembersResponse pHttpStatus_ =
+  GetMembersResponse'
+    { members = Prelude.Nothing,
+      unprocessedAccounts = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The list of details about the Security Hub member accounts.
+getMembersResponse_members :: Lens.Lens' GetMembersResponse (Prelude.Maybe [Member])
+getMembersResponse_members = Lens.lens (\GetMembersResponse' {members} -> members) (\s@GetMembersResponse' {} a -> s {members = a} :: GetMembersResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The list of Amazon Web Services accounts that could not be processed.
+-- For each account, the list includes the account ID and the email
+-- address.
+getMembersResponse_unprocessedAccounts :: Lens.Lens' GetMembersResponse (Prelude.Maybe [Result])
+getMembersResponse_unprocessedAccounts = Lens.lens (\GetMembersResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@GetMembersResponse' {} a -> s {unprocessedAccounts = a} :: GetMembersResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+getMembersResponse_httpStatus :: Lens.Lens' GetMembersResponse Prelude.Int
+getMembersResponse_httpStatus = Lens.lens (\GetMembersResponse' {httpStatus} -> httpStatus) (\s@GetMembersResponse' {} a -> s {httpStatus = a} :: GetMembersResponse)
+
+instance Prelude.NFData GetMembersResponse where
+  rnf GetMembersResponse' {..} =
+    Prelude.rnf members
+      `Prelude.seq` Prelude.rnf unprocessedAccounts
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/InviteMembers.hs b/gen/Amazonka/SecurityHub/InviteMembers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/InviteMembers.hs
@@ -0,0 +1,185 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.InviteMembers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Invites other Amazon Web Services accounts to become member accounts for
+-- the Security Hub administrator account that the invitation is sent from.
+--
+-- This operation is only used to invite accounts that do not belong to an
+-- organization. Organization accounts do not receive invitations.
+--
+-- Before you can use this action to invite a member, you must first use
+-- the @CreateMembers@ action to create the member account in Security Hub.
+--
+-- When the account owner enables Security Hub and accepts the invitation
+-- to become a member account, the administrator account can view the
+-- findings generated from the member account.
+module Amazonka.SecurityHub.InviteMembers
+  ( -- * Creating a Request
+    InviteMembers (..),
+    newInviteMembers,
+
+    -- * Request Lenses
+    inviteMembers_accountIds,
+
+    -- * Destructuring the Response
+    InviteMembersResponse (..),
+    newInviteMembersResponse,
+
+    -- * Response Lenses
+    inviteMembersResponse_unprocessedAccounts,
+    inviteMembersResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newInviteMembers' smart constructor.
+data InviteMembers = InviteMembers'
+  { -- | The list of account IDs of the Amazon Web Services accounts to invite to
+    -- Security Hub as members.
+    accountIds :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'InviteMembers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountIds', 'inviteMembers_accountIds' - The list of account IDs of the Amazon Web Services accounts to invite to
+-- Security Hub as members.
+newInviteMembers ::
+  InviteMembers
+newInviteMembers =
+  InviteMembers' {accountIds = Prelude.mempty}
+
+-- | The list of account IDs of the Amazon Web Services accounts to invite to
+-- Security Hub as members.
+inviteMembers_accountIds :: Lens.Lens' InviteMembers [Prelude.Text]
+inviteMembers_accountIds = Lens.lens (\InviteMembers' {accountIds} -> accountIds) (\s@InviteMembers' {} a -> s {accountIds = a} :: InviteMembers) Prelude.. Lens.coerced
+
+instance Core.AWSRequest InviteMembers where
+  type
+    AWSResponse InviteMembers =
+      InviteMembersResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          InviteMembersResponse'
+            Prelude.<$> ( x
+                            Data..?> "UnprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable InviteMembers where
+  hashWithSalt _salt InviteMembers' {..} =
+    _salt `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData InviteMembers where
+  rnf InviteMembers' {..} = Prelude.rnf accountIds
+
+instance Data.ToHeaders InviteMembers where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON InviteMembers where
+  toJSON InviteMembers' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("AccountIds" Data..= accountIds)]
+      )
+
+instance Data.ToPath InviteMembers where
+  toPath = Prelude.const "/members/invite"
+
+instance Data.ToQuery InviteMembers where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newInviteMembersResponse' smart constructor.
+data InviteMembersResponse = InviteMembersResponse'
+  { -- | The list of Amazon Web Services accounts that could not be processed.
+    -- For each account, the list includes the account ID and the email
+    -- address.
+    unprocessedAccounts :: Prelude.Maybe [Result],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'InviteMembersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'unprocessedAccounts', 'inviteMembersResponse_unprocessedAccounts' - The list of Amazon Web Services accounts that could not be processed.
+-- For each account, the list includes the account ID and the email
+-- address.
+--
+-- 'httpStatus', 'inviteMembersResponse_httpStatus' - The response's http status code.
+newInviteMembersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  InviteMembersResponse
+newInviteMembersResponse pHttpStatus_ =
+  InviteMembersResponse'
+    { unprocessedAccounts =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The list of Amazon Web Services accounts that could not be processed.
+-- For each account, the list includes the account ID and the email
+-- address.
+inviteMembersResponse_unprocessedAccounts :: Lens.Lens' InviteMembersResponse (Prelude.Maybe [Result])
+inviteMembersResponse_unprocessedAccounts = Lens.lens (\InviteMembersResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@InviteMembersResponse' {} a -> s {unprocessedAccounts = a} :: InviteMembersResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+inviteMembersResponse_httpStatus :: Lens.Lens' InviteMembersResponse Prelude.Int
+inviteMembersResponse_httpStatus = Lens.lens (\InviteMembersResponse' {httpStatus} -> httpStatus) (\s@InviteMembersResponse' {} a -> s {httpStatus = a} :: InviteMembersResponse)
+
+instance Prelude.NFData InviteMembersResponse where
+  rnf InviteMembersResponse' {..} =
+    Prelude.rnf unprocessedAccounts
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/Lens.hs b/gen/Amazonka/SecurityHub/Lens.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Lens.hs
@@ -0,0 +1,4606 @@
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Lens
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Lens
+  ( -- * Operations
+
+    -- ** AcceptAdministratorInvitation
+    acceptAdministratorInvitation_administratorId,
+    acceptAdministratorInvitation_invitationId,
+    acceptAdministratorInvitationResponse_httpStatus,
+
+    -- ** BatchDisableStandards
+    batchDisableStandards_standardsSubscriptionArns,
+    batchDisableStandardsResponse_standardsSubscriptions,
+    batchDisableStandardsResponse_httpStatus,
+
+    -- ** BatchEnableStandards
+    batchEnableStandards_standardsSubscriptionRequests,
+    batchEnableStandardsResponse_standardsSubscriptions,
+    batchEnableStandardsResponse_httpStatus,
+
+    -- ** BatchImportFindings
+    batchImportFindings_findings,
+    batchImportFindingsResponse_failedFindings,
+    batchImportFindingsResponse_httpStatus,
+    batchImportFindingsResponse_failedCount,
+    batchImportFindingsResponse_successCount,
+
+    -- ** BatchUpdateFindings
+    batchUpdateFindings_confidence,
+    batchUpdateFindings_criticality,
+    batchUpdateFindings_note,
+    batchUpdateFindings_relatedFindings,
+    batchUpdateFindings_severity,
+    batchUpdateFindings_types,
+    batchUpdateFindings_userDefinedFields,
+    batchUpdateFindings_verificationState,
+    batchUpdateFindings_workflow,
+    batchUpdateFindings_findingIdentifiers,
+    batchUpdateFindingsResponse_httpStatus,
+    batchUpdateFindingsResponse_processedFindings,
+    batchUpdateFindingsResponse_unprocessedFindings,
+
+    -- ** CreateActionTarget
+    createActionTarget_name,
+    createActionTarget_description,
+    createActionTarget_id,
+    createActionTargetResponse_httpStatus,
+    createActionTargetResponse_actionTargetArn,
+
+    -- ** CreateFindingAggregator
+    createFindingAggregator_regions,
+    createFindingAggregator_regionLinkingMode,
+    createFindingAggregatorResponse_findingAggregationRegion,
+    createFindingAggregatorResponse_findingAggregatorArn,
+    createFindingAggregatorResponse_regionLinkingMode,
+    createFindingAggregatorResponse_regions,
+    createFindingAggregatorResponse_httpStatus,
+
+    -- ** CreateInsight
+    createInsight_name,
+    createInsight_filters,
+    createInsight_groupByAttribute,
+    createInsightResponse_httpStatus,
+    createInsightResponse_insightArn,
+
+    -- ** CreateMembers
+    createMembers_accountDetails,
+    createMembersResponse_unprocessedAccounts,
+    createMembersResponse_httpStatus,
+
+    -- ** DeclineInvitations
+    declineInvitations_accountIds,
+    declineInvitationsResponse_unprocessedAccounts,
+    declineInvitationsResponse_httpStatus,
+
+    -- ** DeleteActionTarget
+    deleteActionTarget_actionTargetArn,
+    deleteActionTargetResponse_httpStatus,
+    deleteActionTargetResponse_actionTargetArn,
+
+    -- ** DeleteFindingAggregator
+    deleteFindingAggregator_findingAggregatorArn,
+    deleteFindingAggregatorResponse_httpStatus,
+
+    -- ** DeleteInsight
+    deleteInsight_insightArn,
+    deleteInsightResponse_httpStatus,
+    deleteInsightResponse_insightArn,
+
+    -- ** DeleteInvitations
+    deleteInvitations_accountIds,
+    deleteInvitationsResponse_unprocessedAccounts,
+    deleteInvitationsResponse_httpStatus,
+
+    -- ** DeleteMembers
+    deleteMembers_accountIds,
+    deleteMembersResponse_unprocessedAccounts,
+    deleteMembersResponse_httpStatus,
+
+    -- ** DescribeActionTargets
+    describeActionTargets_actionTargetArns,
+    describeActionTargets_maxResults,
+    describeActionTargets_nextToken,
+    describeActionTargetsResponse_nextToken,
+    describeActionTargetsResponse_httpStatus,
+    describeActionTargetsResponse_actionTargets,
+
+    -- ** DescribeHub
+    describeHub_hubArn,
+    describeHubResponse_autoEnableControls,
+    describeHubResponse_hubArn,
+    describeHubResponse_subscribedAt,
+    describeHubResponse_httpStatus,
+
+    -- ** DescribeOrganizationConfiguration
+    describeOrganizationConfigurationResponse_autoEnable,
+    describeOrganizationConfigurationResponse_autoEnableStandards,
+    describeOrganizationConfigurationResponse_memberAccountLimitReached,
+    describeOrganizationConfigurationResponse_httpStatus,
+
+    -- ** DescribeProducts
+    describeProducts_maxResults,
+    describeProducts_nextToken,
+    describeProducts_productArn,
+    describeProductsResponse_nextToken,
+    describeProductsResponse_httpStatus,
+    describeProductsResponse_products,
+
+    -- ** DescribeStandards
+    describeStandards_maxResults,
+    describeStandards_nextToken,
+    describeStandardsResponse_nextToken,
+    describeStandardsResponse_standards,
+    describeStandardsResponse_httpStatus,
+
+    -- ** DescribeStandardsControls
+    describeStandardsControls_maxResults,
+    describeStandardsControls_nextToken,
+    describeStandardsControls_standardsSubscriptionArn,
+    describeStandardsControlsResponse_controls,
+    describeStandardsControlsResponse_nextToken,
+    describeStandardsControlsResponse_httpStatus,
+
+    -- ** DisableImportFindingsForProduct
+    disableImportFindingsForProduct_productSubscriptionArn,
+    disableImportFindingsForProductResponse_httpStatus,
+
+    -- ** DisableOrganizationAdminAccount
+    disableOrganizationAdminAccount_adminAccountId,
+    disableOrganizationAdminAccountResponse_httpStatus,
+
+    -- ** DisableSecurityHub
+    disableSecurityHubResponse_httpStatus,
+
+    -- ** DisassociateFromAdministratorAccount
+    disassociateFromAdministratorAccountResponse_httpStatus,
+
+    -- ** DisassociateMembers
+    disassociateMembers_accountIds,
+    disassociateMembersResponse_httpStatus,
+
+    -- ** EnableImportFindingsForProduct
+    enableImportFindingsForProduct_productArn,
+    enableImportFindingsForProductResponse_productSubscriptionArn,
+    enableImportFindingsForProductResponse_httpStatus,
+
+    -- ** EnableOrganizationAdminAccount
+    enableOrganizationAdminAccount_adminAccountId,
+    enableOrganizationAdminAccountResponse_httpStatus,
+
+    -- ** EnableSecurityHub
+    enableSecurityHub_enableDefaultStandards,
+    enableSecurityHub_tags,
+    enableSecurityHubResponse_httpStatus,
+
+    -- ** GetAdministratorAccount
+    getAdministratorAccountResponse_administrator,
+    getAdministratorAccountResponse_httpStatus,
+
+    -- ** GetEnabledStandards
+    getEnabledStandards_maxResults,
+    getEnabledStandards_nextToken,
+    getEnabledStandards_standardsSubscriptionArns,
+    getEnabledStandardsResponse_nextToken,
+    getEnabledStandardsResponse_standardsSubscriptions,
+    getEnabledStandardsResponse_httpStatus,
+
+    -- ** GetFindingAggregator
+    getFindingAggregator_findingAggregatorArn,
+    getFindingAggregatorResponse_findingAggregationRegion,
+    getFindingAggregatorResponse_findingAggregatorArn,
+    getFindingAggregatorResponse_regionLinkingMode,
+    getFindingAggregatorResponse_regions,
+    getFindingAggregatorResponse_httpStatus,
+
+    -- ** GetFindings
+    getFindings_filters,
+    getFindings_maxResults,
+    getFindings_nextToken,
+    getFindings_sortCriteria,
+    getFindingsResponse_nextToken,
+    getFindingsResponse_httpStatus,
+    getFindingsResponse_findings,
+
+    -- ** GetInsightResults
+    getInsightResults_insightArn,
+    getInsightResultsResponse_httpStatus,
+    getInsightResultsResponse_insightResults,
+
+    -- ** GetInsights
+    getInsights_insightArns,
+    getInsights_maxResults,
+    getInsights_nextToken,
+    getInsightsResponse_nextToken,
+    getInsightsResponse_httpStatus,
+    getInsightsResponse_insights,
+
+    -- ** GetInvitationsCount
+    getInvitationsCountResponse_invitationsCount,
+    getInvitationsCountResponse_httpStatus,
+
+    -- ** GetMembers
+    getMembers_accountIds,
+    getMembersResponse_members,
+    getMembersResponse_unprocessedAccounts,
+    getMembersResponse_httpStatus,
+
+    -- ** InviteMembers
+    inviteMembers_accountIds,
+    inviteMembersResponse_unprocessedAccounts,
+    inviteMembersResponse_httpStatus,
+
+    -- ** ListEnabledProductsForImport
+    listEnabledProductsForImport_maxResults,
+    listEnabledProductsForImport_nextToken,
+    listEnabledProductsForImportResponse_nextToken,
+    listEnabledProductsForImportResponse_productSubscriptions,
+    listEnabledProductsForImportResponse_httpStatus,
+
+    -- ** ListFindingAggregators
+    listFindingAggregators_maxResults,
+    listFindingAggregators_nextToken,
+    listFindingAggregatorsResponse_findingAggregators,
+    listFindingAggregatorsResponse_nextToken,
+    listFindingAggregatorsResponse_httpStatus,
+
+    -- ** ListInvitations
+    listInvitations_maxResults,
+    listInvitations_nextToken,
+    listInvitationsResponse_invitations,
+    listInvitationsResponse_nextToken,
+    listInvitationsResponse_httpStatus,
+
+    -- ** ListMembers
+    listMembers_maxResults,
+    listMembers_nextToken,
+    listMembers_onlyAssociated,
+    listMembersResponse_members,
+    listMembersResponse_nextToken,
+    listMembersResponse_httpStatus,
+
+    -- ** ListOrganizationAdminAccounts
+    listOrganizationAdminAccounts_maxResults,
+    listOrganizationAdminAccounts_nextToken,
+    listOrganizationAdminAccountsResponse_adminAccounts,
+    listOrganizationAdminAccountsResponse_nextToken,
+    listOrganizationAdminAccountsResponse_httpStatus,
+
+    -- ** ListTagsForResource
+    listTagsForResource_resourceArn,
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+
+    -- ** TagResource
+    tagResource_resourceArn,
+    tagResource_tags,
+    tagResourceResponse_httpStatus,
+
+    -- ** UntagResource
+    untagResource_resourceArn,
+    untagResource_tagKeys,
+    untagResourceResponse_httpStatus,
+
+    -- ** UpdateActionTarget
+    updateActionTarget_description,
+    updateActionTarget_name,
+    updateActionTarget_actionTargetArn,
+    updateActionTargetResponse_httpStatus,
+
+    -- ** UpdateFindingAggregator
+    updateFindingAggregator_regions,
+    updateFindingAggregator_findingAggregatorArn,
+    updateFindingAggregator_regionLinkingMode,
+    updateFindingAggregatorResponse_findingAggregationRegion,
+    updateFindingAggregatorResponse_findingAggregatorArn,
+    updateFindingAggregatorResponse_regionLinkingMode,
+    updateFindingAggregatorResponse_regions,
+    updateFindingAggregatorResponse_httpStatus,
+
+    -- ** UpdateFindings
+    updateFindings_note,
+    updateFindings_recordState,
+    updateFindings_filters,
+    updateFindingsResponse_httpStatus,
+
+    -- ** UpdateInsight
+    updateInsight_filters,
+    updateInsight_groupByAttribute,
+    updateInsight_name,
+    updateInsight_insightArn,
+    updateInsightResponse_httpStatus,
+
+    -- ** UpdateOrganizationConfiguration
+    updateOrganizationConfiguration_autoEnableStandards,
+    updateOrganizationConfiguration_autoEnable,
+    updateOrganizationConfigurationResponse_httpStatus,
+
+    -- ** UpdateSecurityHubConfiguration
+    updateSecurityHubConfiguration_autoEnableControls,
+    updateSecurityHubConfigurationResponse_httpStatus,
+
+    -- ** UpdateStandardsControl
+    updateStandardsControl_controlStatus,
+    updateStandardsControl_disabledReason,
+    updateStandardsControl_standardsControlArn,
+    updateStandardsControlResponse_httpStatus,
+
+    -- * Types
+
+    -- ** AccountDetails
+    accountDetails_email,
+    accountDetails_accountId,
+
+    -- ** Action
+    action_actionType,
+    action_awsApiCallAction,
+    action_dnsRequestAction,
+    action_networkConnectionAction,
+    action_portProbeAction,
+
+    -- ** ActionLocalIpDetails
+    actionLocalIpDetails_ipAddressV4,
+
+    -- ** ActionLocalPortDetails
+    actionLocalPortDetails_port,
+    actionLocalPortDetails_portName,
+
+    -- ** ActionRemoteIpDetails
+    actionRemoteIpDetails_city,
+    actionRemoteIpDetails_country,
+    actionRemoteIpDetails_geoLocation,
+    actionRemoteIpDetails_ipAddressV4,
+    actionRemoteIpDetails_organization,
+
+    -- ** ActionRemotePortDetails
+    actionRemotePortDetails_port,
+    actionRemotePortDetails_portName,
+
+    -- ** ActionTarget
+    actionTarget_actionTargetArn,
+    actionTarget_name,
+    actionTarget_description,
+
+    -- ** Adjustment
+    adjustment_metric,
+    adjustment_reason,
+
+    -- ** AdminAccount
+    adminAccount_accountId,
+    adminAccount_status,
+
+    -- ** AvailabilityZone
+    availabilityZone_subnetId,
+    availabilityZone_zoneName,
+
+    -- ** AwsApiCallAction
+    awsApiCallAction_affectedResources,
+    awsApiCallAction_api,
+    awsApiCallAction_callerType,
+    awsApiCallAction_domainDetails,
+    awsApiCallAction_firstSeen,
+    awsApiCallAction_lastSeen,
+    awsApiCallAction_remoteIpDetails,
+    awsApiCallAction_serviceName,
+
+    -- ** AwsApiCallActionDomainDetails
+    awsApiCallActionDomainDetails_domain,
+
+    -- ** AwsApiGatewayAccessLogSettings
+    awsApiGatewayAccessLogSettings_destinationArn,
+    awsApiGatewayAccessLogSettings_format,
+
+    -- ** AwsApiGatewayCanarySettings
+    awsApiGatewayCanarySettings_deploymentId,
+    awsApiGatewayCanarySettings_percentTraffic,
+    awsApiGatewayCanarySettings_stageVariableOverrides,
+    awsApiGatewayCanarySettings_useStageCache,
+
+    -- ** AwsApiGatewayEndpointConfiguration
+    awsApiGatewayEndpointConfiguration_types,
+
+    -- ** AwsApiGatewayMethodSettings
+    awsApiGatewayMethodSettings_cacheDataEncrypted,
+    awsApiGatewayMethodSettings_cacheTtlInSeconds,
+    awsApiGatewayMethodSettings_cachingEnabled,
+    awsApiGatewayMethodSettings_dataTraceEnabled,
+    awsApiGatewayMethodSettings_httpMethod,
+    awsApiGatewayMethodSettings_loggingLevel,
+    awsApiGatewayMethodSettings_metricsEnabled,
+    awsApiGatewayMethodSettings_requireAuthorizationForCacheControl,
+    awsApiGatewayMethodSettings_resourcePath,
+    awsApiGatewayMethodSettings_throttlingBurstLimit,
+    awsApiGatewayMethodSettings_throttlingRateLimit,
+    awsApiGatewayMethodSettings_unauthorizedCacheControlHeaderStrategy,
+
+    -- ** AwsApiGatewayRestApiDetails
+    awsApiGatewayRestApiDetails_apiKeySource,
+    awsApiGatewayRestApiDetails_binaryMediaTypes,
+    awsApiGatewayRestApiDetails_createdDate,
+    awsApiGatewayRestApiDetails_description,
+    awsApiGatewayRestApiDetails_endpointConfiguration,
+    awsApiGatewayRestApiDetails_id,
+    awsApiGatewayRestApiDetails_minimumCompressionSize,
+    awsApiGatewayRestApiDetails_name,
+    awsApiGatewayRestApiDetails_version,
+
+    -- ** AwsApiGatewayStageDetails
+    awsApiGatewayStageDetails_accessLogSettings,
+    awsApiGatewayStageDetails_cacheClusterEnabled,
+    awsApiGatewayStageDetails_cacheClusterSize,
+    awsApiGatewayStageDetails_cacheClusterStatus,
+    awsApiGatewayStageDetails_canarySettings,
+    awsApiGatewayStageDetails_clientCertificateId,
+    awsApiGatewayStageDetails_createdDate,
+    awsApiGatewayStageDetails_deploymentId,
+    awsApiGatewayStageDetails_description,
+    awsApiGatewayStageDetails_documentationVersion,
+    awsApiGatewayStageDetails_lastUpdatedDate,
+    awsApiGatewayStageDetails_methodSettings,
+    awsApiGatewayStageDetails_stageName,
+    awsApiGatewayStageDetails_tracingEnabled,
+    awsApiGatewayStageDetails_variables,
+    awsApiGatewayStageDetails_webAclArn,
+
+    -- ** AwsApiGatewayV2ApiDetails
+    awsApiGatewayV2ApiDetails_apiEndpoint,
+    awsApiGatewayV2ApiDetails_apiId,
+    awsApiGatewayV2ApiDetails_apiKeySelectionExpression,
+    awsApiGatewayV2ApiDetails_corsConfiguration,
+    awsApiGatewayV2ApiDetails_createdDate,
+    awsApiGatewayV2ApiDetails_description,
+    awsApiGatewayV2ApiDetails_name,
+    awsApiGatewayV2ApiDetails_protocolType,
+    awsApiGatewayV2ApiDetails_routeSelectionExpression,
+    awsApiGatewayV2ApiDetails_version,
+
+    -- ** AwsApiGatewayV2RouteSettings
+    awsApiGatewayV2RouteSettings_dataTraceEnabled,
+    awsApiGatewayV2RouteSettings_detailedMetricsEnabled,
+    awsApiGatewayV2RouteSettings_loggingLevel,
+    awsApiGatewayV2RouteSettings_throttlingBurstLimit,
+    awsApiGatewayV2RouteSettings_throttlingRateLimit,
+
+    -- ** AwsApiGatewayV2StageDetails
+    awsApiGatewayV2StageDetails_accessLogSettings,
+    awsApiGatewayV2StageDetails_apiGatewayManaged,
+    awsApiGatewayV2StageDetails_autoDeploy,
+    awsApiGatewayV2StageDetails_clientCertificateId,
+    awsApiGatewayV2StageDetails_createdDate,
+    awsApiGatewayV2StageDetails_defaultRouteSettings,
+    awsApiGatewayV2StageDetails_deploymentId,
+    awsApiGatewayV2StageDetails_description,
+    awsApiGatewayV2StageDetails_lastDeploymentStatusMessage,
+    awsApiGatewayV2StageDetails_lastUpdatedDate,
+    awsApiGatewayV2StageDetails_routeSettings,
+    awsApiGatewayV2StageDetails_stageName,
+    awsApiGatewayV2StageDetails_stageVariables,
+
+    -- ** AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
+    awsAutoScalingAutoScalingGroupAvailabilityZonesListDetails_value,
+
+    -- ** AwsAutoScalingAutoScalingGroupDetails
+    awsAutoScalingAutoScalingGroupDetails_availabilityZones,
+    awsAutoScalingAutoScalingGroupDetails_capacityRebalance,
+    awsAutoScalingAutoScalingGroupDetails_createdTime,
+    awsAutoScalingAutoScalingGroupDetails_healthCheckGracePeriod,
+    awsAutoScalingAutoScalingGroupDetails_healthCheckType,
+    awsAutoScalingAutoScalingGroupDetails_launchConfigurationName,
+    awsAutoScalingAutoScalingGroupDetails_launchTemplate,
+    awsAutoScalingAutoScalingGroupDetails_loadBalancerNames,
+    awsAutoScalingAutoScalingGroupDetails_mixedInstancesPolicy,
+
+    -- ** AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification
+    awsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification_launchTemplateId,
+    awsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification_launchTemplateName,
+    awsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification_version,
+
+    -- ** AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails_instancesDistribution,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails_launchTemplate,
+
+    -- ** AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_onDemandAllocationStrategy,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_onDemandBaseCapacity,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_onDemandPercentageAboveBaseCapacity,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_spotAllocationStrategy,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_spotInstancePools,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_spotMaxPrice,
+
+    -- ** AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails_launchTemplateSpecification,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails_overrides,
+
+    -- ** AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification_launchTemplateId,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification_launchTemplateName,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification_version,
+
+    -- ** AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails_instanceType,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails_weightedCapacity,
+
+    -- ** AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_deviceName,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_ebs,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_noDevice,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_virtualName,
+
+    -- ** AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_deleteOnTermination,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_encrypted,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_iops,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_snapshotId,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_volumeSize,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_volumeType,
+
+    -- ** AwsAutoScalingLaunchConfigurationDetails
+    awsAutoScalingLaunchConfigurationDetails_associatePublicIpAddress,
+    awsAutoScalingLaunchConfigurationDetails_blockDeviceMappings,
+    awsAutoScalingLaunchConfigurationDetails_classicLinkVpcId,
+    awsAutoScalingLaunchConfigurationDetails_classicLinkVpcSecurityGroups,
+    awsAutoScalingLaunchConfigurationDetails_createdTime,
+    awsAutoScalingLaunchConfigurationDetails_ebsOptimized,
+    awsAutoScalingLaunchConfigurationDetails_iamInstanceProfile,
+    awsAutoScalingLaunchConfigurationDetails_imageId,
+    awsAutoScalingLaunchConfigurationDetails_instanceMonitoring,
+    awsAutoScalingLaunchConfigurationDetails_instanceType,
+    awsAutoScalingLaunchConfigurationDetails_kernelId,
+    awsAutoScalingLaunchConfigurationDetails_keyName,
+    awsAutoScalingLaunchConfigurationDetails_launchConfigurationName,
+    awsAutoScalingLaunchConfigurationDetails_metadataOptions,
+    awsAutoScalingLaunchConfigurationDetails_placementTenancy,
+    awsAutoScalingLaunchConfigurationDetails_ramdiskId,
+    awsAutoScalingLaunchConfigurationDetails_securityGroups,
+    awsAutoScalingLaunchConfigurationDetails_spotPrice,
+    awsAutoScalingLaunchConfigurationDetails_userData,
+
+    -- ** AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails
+    awsAutoScalingLaunchConfigurationInstanceMonitoringDetails_enabled,
+
+    -- ** AwsAutoScalingLaunchConfigurationMetadataOptions
+    awsAutoScalingLaunchConfigurationMetadataOptions_httpEndpoint,
+    awsAutoScalingLaunchConfigurationMetadataOptions_httpPutResponseHopLimit,
+    awsAutoScalingLaunchConfigurationMetadataOptions_httpTokens,
+
+    -- ** AwsBackupBackupPlanAdvancedBackupSettingsDetails
+    awsBackupBackupPlanAdvancedBackupSettingsDetails_backupOptions,
+    awsBackupBackupPlanAdvancedBackupSettingsDetails_resourceType,
+
+    -- ** AwsBackupBackupPlanBackupPlanDetails
+    awsBackupBackupPlanBackupPlanDetails_advancedBackupSettings,
+    awsBackupBackupPlanBackupPlanDetails_backupPlanName,
+    awsBackupBackupPlanBackupPlanDetails_backupPlanRule,
+
+    -- ** AwsBackupBackupPlanDetails
+    awsBackupBackupPlanDetails_backupPlan,
+    awsBackupBackupPlanDetails_backupPlanArn,
+    awsBackupBackupPlanDetails_backupPlanId,
+    awsBackupBackupPlanDetails_versionId,
+
+    -- ** AwsBackupBackupPlanLifecycleDetails
+    awsBackupBackupPlanLifecycleDetails_deleteAfterDays,
+    awsBackupBackupPlanLifecycleDetails_moveToColdStorageAfterDays,
+
+    -- ** AwsBackupBackupPlanRuleCopyActionsDetails
+    awsBackupBackupPlanRuleCopyActionsDetails_destinationBackupVaultArn,
+    awsBackupBackupPlanRuleCopyActionsDetails_lifecycle,
+
+    -- ** AwsBackupBackupPlanRuleDetails
+    awsBackupBackupPlanRuleDetails_completionWindowMinutes,
+    awsBackupBackupPlanRuleDetails_copyActions,
+    awsBackupBackupPlanRuleDetails_enableContinuousBackup,
+    awsBackupBackupPlanRuleDetails_lifecycle,
+    awsBackupBackupPlanRuleDetails_ruleId,
+    awsBackupBackupPlanRuleDetails_ruleName,
+    awsBackupBackupPlanRuleDetails_scheduleExpression,
+    awsBackupBackupPlanRuleDetails_startWindowMinutes,
+    awsBackupBackupPlanRuleDetails_targetBackupVault,
+
+    -- ** AwsBackupBackupVaultDetails
+    awsBackupBackupVaultDetails_accessPolicy,
+    awsBackupBackupVaultDetails_backupVaultArn,
+    awsBackupBackupVaultDetails_backupVaultName,
+    awsBackupBackupVaultDetails_encryptionKeyArn,
+    awsBackupBackupVaultDetails_notifications,
+
+    -- ** AwsBackupBackupVaultNotificationsDetails
+    awsBackupBackupVaultNotificationsDetails_backupVaultEvents,
+    awsBackupBackupVaultNotificationsDetails_snsTopicArn,
+
+    -- ** AwsBackupRecoveryPointCalculatedLifecycleDetails
+    awsBackupRecoveryPointCalculatedLifecycleDetails_deleteAt,
+    awsBackupRecoveryPointCalculatedLifecycleDetails_moveToColdStorageAt,
+
+    -- ** AwsBackupRecoveryPointCreatedByDetails
+    awsBackupRecoveryPointCreatedByDetails_backupPlanArn,
+    awsBackupRecoveryPointCreatedByDetails_backupPlanId,
+    awsBackupRecoveryPointCreatedByDetails_backupPlanVersion,
+    awsBackupRecoveryPointCreatedByDetails_backupRuleId,
+
+    -- ** AwsBackupRecoveryPointDetails
+    awsBackupRecoveryPointDetails_backupSizeInBytes,
+    awsBackupRecoveryPointDetails_backupVaultArn,
+    awsBackupRecoveryPointDetails_backupVaultName,
+    awsBackupRecoveryPointDetails_calculatedLifecycle,
+    awsBackupRecoveryPointDetails_completionDate,
+    awsBackupRecoveryPointDetails_createdBy,
+    awsBackupRecoveryPointDetails_creationDate,
+    awsBackupRecoveryPointDetails_encryptionKeyArn,
+    awsBackupRecoveryPointDetails_iamRoleArn,
+    awsBackupRecoveryPointDetails_isEncrypted,
+    awsBackupRecoveryPointDetails_lastRestoreTime,
+    awsBackupRecoveryPointDetails_lifecycle,
+    awsBackupRecoveryPointDetails_recoveryPointArn,
+    awsBackupRecoveryPointDetails_resourceArn,
+    awsBackupRecoveryPointDetails_resourceType,
+    awsBackupRecoveryPointDetails_sourceBackupVaultArn,
+    awsBackupRecoveryPointDetails_status,
+    awsBackupRecoveryPointDetails_statusMessage,
+    awsBackupRecoveryPointDetails_storageClass,
+
+    -- ** AwsBackupRecoveryPointLifecycleDetails
+    awsBackupRecoveryPointLifecycleDetails_deleteAfterDays,
+    awsBackupRecoveryPointLifecycleDetails_moveToColdStorageAfterDays,
+
+    -- ** AwsCertificateManagerCertificateDetails
+    awsCertificateManagerCertificateDetails_certificateAuthorityArn,
+    awsCertificateManagerCertificateDetails_createdAt,
+    awsCertificateManagerCertificateDetails_domainName,
+    awsCertificateManagerCertificateDetails_domainValidationOptions,
+    awsCertificateManagerCertificateDetails_extendedKeyUsages,
+    awsCertificateManagerCertificateDetails_failureReason,
+    awsCertificateManagerCertificateDetails_importedAt,
+    awsCertificateManagerCertificateDetails_inUseBy,
+    awsCertificateManagerCertificateDetails_issuedAt,
+    awsCertificateManagerCertificateDetails_issuer,
+    awsCertificateManagerCertificateDetails_keyAlgorithm,
+    awsCertificateManagerCertificateDetails_keyUsages,
+    awsCertificateManagerCertificateDetails_notAfter,
+    awsCertificateManagerCertificateDetails_notBefore,
+    awsCertificateManagerCertificateDetails_options,
+    awsCertificateManagerCertificateDetails_renewalEligibility,
+    awsCertificateManagerCertificateDetails_renewalSummary,
+    awsCertificateManagerCertificateDetails_serial,
+    awsCertificateManagerCertificateDetails_signatureAlgorithm,
+    awsCertificateManagerCertificateDetails_status,
+    awsCertificateManagerCertificateDetails_subject,
+    awsCertificateManagerCertificateDetails_subjectAlternativeNames,
+    awsCertificateManagerCertificateDetails_type,
+
+    -- ** AwsCertificateManagerCertificateDomainValidationOption
+    awsCertificateManagerCertificateDomainValidationOption_domainName,
+    awsCertificateManagerCertificateDomainValidationOption_resourceRecord,
+    awsCertificateManagerCertificateDomainValidationOption_validationDomain,
+    awsCertificateManagerCertificateDomainValidationOption_validationEmails,
+    awsCertificateManagerCertificateDomainValidationOption_validationMethod,
+    awsCertificateManagerCertificateDomainValidationOption_validationStatus,
+
+    -- ** AwsCertificateManagerCertificateExtendedKeyUsage
+    awsCertificateManagerCertificateExtendedKeyUsage_name,
+    awsCertificateManagerCertificateExtendedKeyUsage_oId,
+
+    -- ** AwsCertificateManagerCertificateKeyUsage
+    awsCertificateManagerCertificateKeyUsage_name,
+
+    -- ** AwsCertificateManagerCertificateOptions
+    awsCertificateManagerCertificateOptions_certificateTransparencyLoggingPreference,
+
+    -- ** AwsCertificateManagerCertificateRenewalSummary
+    awsCertificateManagerCertificateRenewalSummary_domainValidationOptions,
+    awsCertificateManagerCertificateRenewalSummary_renewalStatus,
+    awsCertificateManagerCertificateRenewalSummary_renewalStatusReason,
+    awsCertificateManagerCertificateRenewalSummary_updatedAt,
+
+    -- ** AwsCertificateManagerCertificateResourceRecord
+    awsCertificateManagerCertificateResourceRecord_name,
+    awsCertificateManagerCertificateResourceRecord_type,
+    awsCertificateManagerCertificateResourceRecord_value,
+
+    -- ** AwsCloudFormationStackDetails
+    awsCloudFormationStackDetails_capabilities,
+    awsCloudFormationStackDetails_creationTime,
+    awsCloudFormationStackDetails_description,
+    awsCloudFormationStackDetails_disableRollback,
+    awsCloudFormationStackDetails_driftInformation,
+    awsCloudFormationStackDetails_enableTerminationProtection,
+    awsCloudFormationStackDetails_lastUpdatedTime,
+    awsCloudFormationStackDetails_notificationArns,
+    awsCloudFormationStackDetails_outputs,
+    awsCloudFormationStackDetails_roleArn,
+    awsCloudFormationStackDetails_stackId,
+    awsCloudFormationStackDetails_stackName,
+    awsCloudFormationStackDetails_stackStatus,
+    awsCloudFormationStackDetails_stackStatusReason,
+    awsCloudFormationStackDetails_timeoutInMinutes,
+
+    -- ** AwsCloudFormationStackDriftInformationDetails
+    awsCloudFormationStackDriftInformationDetails_stackDriftStatus,
+
+    -- ** AwsCloudFormationStackOutputsDetails
+    awsCloudFormationStackOutputsDetails_description,
+    awsCloudFormationStackOutputsDetails_outputKey,
+    awsCloudFormationStackOutputsDetails_outputValue,
+
+    -- ** AwsCloudFrontDistributionCacheBehavior
+    awsCloudFrontDistributionCacheBehavior_viewerProtocolPolicy,
+
+    -- ** AwsCloudFrontDistributionCacheBehaviors
+    awsCloudFrontDistributionCacheBehaviors_items,
+
+    -- ** AwsCloudFrontDistributionDefaultCacheBehavior
+    awsCloudFrontDistributionDefaultCacheBehavior_viewerProtocolPolicy,
+
+    -- ** AwsCloudFrontDistributionDetails
+    awsCloudFrontDistributionDetails_cacheBehaviors,
+    awsCloudFrontDistributionDetails_defaultCacheBehavior,
+    awsCloudFrontDistributionDetails_defaultRootObject,
+    awsCloudFrontDistributionDetails_domainName,
+    awsCloudFrontDistributionDetails_eTag,
+    awsCloudFrontDistributionDetails_lastModifiedTime,
+    awsCloudFrontDistributionDetails_logging,
+    awsCloudFrontDistributionDetails_originGroups,
+    awsCloudFrontDistributionDetails_origins,
+    awsCloudFrontDistributionDetails_status,
+    awsCloudFrontDistributionDetails_viewerCertificate,
+    awsCloudFrontDistributionDetails_webAclId,
+
+    -- ** AwsCloudFrontDistributionLogging
+    awsCloudFrontDistributionLogging_bucket,
+    awsCloudFrontDistributionLogging_enabled,
+    awsCloudFrontDistributionLogging_includeCookies,
+    awsCloudFrontDistributionLogging_prefix,
+
+    -- ** AwsCloudFrontDistributionOriginCustomOriginConfig
+    awsCloudFrontDistributionOriginCustomOriginConfig_httpPort,
+    awsCloudFrontDistributionOriginCustomOriginConfig_httpsPort,
+    awsCloudFrontDistributionOriginCustomOriginConfig_originKeepaliveTimeout,
+    awsCloudFrontDistributionOriginCustomOriginConfig_originProtocolPolicy,
+    awsCloudFrontDistributionOriginCustomOriginConfig_originReadTimeout,
+    awsCloudFrontDistributionOriginCustomOriginConfig_originSslProtocols,
+
+    -- ** AwsCloudFrontDistributionOriginGroup
+    awsCloudFrontDistributionOriginGroup_failoverCriteria,
+
+    -- ** AwsCloudFrontDistributionOriginGroupFailover
+    awsCloudFrontDistributionOriginGroupFailover_statusCodes,
+
+    -- ** AwsCloudFrontDistributionOriginGroupFailoverStatusCodes
+    awsCloudFrontDistributionOriginGroupFailoverStatusCodes_items,
+    awsCloudFrontDistributionOriginGroupFailoverStatusCodes_quantity,
+
+    -- ** AwsCloudFrontDistributionOriginGroups
+    awsCloudFrontDistributionOriginGroups_items,
+
+    -- ** AwsCloudFrontDistributionOriginItem
+    awsCloudFrontDistributionOriginItem_customOriginConfig,
+    awsCloudFrontDistributionOriginItem_domainName,
+    awsCloudFrontDistributionOriginItem_id,
+    awsCloudFrontDistributionOriginItem_originPath,
+    awsCloudFrontDistributionOriginItem_s3OriginConfig,
+
+    -- ** AwsCloudFrontDistributionOriginS3OriginConfig
+    awsCloudFrontDistributionOriginS3OriginConfig_originAccessIdentity,
+
+    -- ** AwsCloudFrontDistributionOriginSslProtocols
+    awsCloudFrontDistributionOriginSslProtocols_items,
+    awsCloudFrontDistributionOriginSslProtocols_quantity,
+
+    -- ** AwsCloudFrontDistributionOrigins
+    awsCloudFrontDistributionOrigins_items,
+
+    -- ** AwsCloudFrontDistributionViewerCertificate
+    awsCloudFrontDistributionViewerCertificate_acmCertificateArn,
+    awsCloudFrontDistributionViewerCertificate_certificate,
+    awsCloudFrontDistributionViewerCertificate_certificateSource,
+    awsCloudFrontDistributionViewerCertificate_cloudFrontDefaultCertificate,
+    awsCloudFrontDistributionViewerCertificate_iamCertificateId,
+    awsCloudFrontDistributionViewerCertificate_minimumProtocolVersion,
+    awsCloudFrontDistributionViewerCertificate_sslSupportMethod,
+
+    -- ** AwsCloudTrailTrailDetails
+    awsCloudTrailTrailDetails_cloudWatchLogsLogGroupArn,
+    awsCloudTrailTrailDetails_cloudWatchLogsRoleArn,
+    awsCloudTrailTrailDetails_hasCustomEventSelectors,
+    awsCloudTrailTrailDetails_homeRegion,
+    awsCloudTrailTrailDetails_includeGlobalServiceEvents,
+    awsCloudTrailTrailDetails_isMultiRegionTrail,
+    awsCloudTrailTrailDetails_isOrganizationTrail,
+    awsCloudTrailTrailDetails_kmsKeyId,
+    awsCloudTrailTrailDetails_logFileValidationEnabled,
+    awsCloudTrailTrailDetails_name,
+    awsCloudTrailTrailDetails_s3BucketName,
+    awsCloudTrailTrailDetails_s3KeyPrefix,
+    awsCloudTrailTrailDetails_snsTopicArn,
+    awsCloudTrailTrailDetails_snsTopicName,
+    awsCloudTrailTrailDetails_trailArn,
+
+    -- ** AwsCloudWatchAlarmDetails
+    awsCloudWatchAlarmDetails_actionsEnabled,
+    awsCloudWatchAlarmDetails_alarmActions,
+    awsCloudWatchAlarmDetails_alarmArn,
+    awsCloudWatchAlarmDetails_alarmConfigurationUpdatedTimestamp,
+    awsCloudWatchAlarmDetails_alarmDescription,
+    awsCloudWatchAlarmDetails_alarmName,
+    awsCloudWatchAlarmDetails_comparisonOperator,
+    awsCloudWatchAlarmDetails_datapointsToAlarm,
+    awsCloudWatchAlarmDetails_dimensions,
+    awsCloudWatchAlarmDetails_evaluateLowSampleCountPercentile,
+    awsCloudWatchAlarmDetails_evaluationPeriods,
+    awsCloudWatchAlarmDetails_extendedStatistic,
+    awsCloudWatchAlarmDetails_insufficientDataActions,
+    awsCloudWatchAlarmDetails_metricName,
+    awsCloudWatchAlarmDetails_namespace,
+    awsCloudWatchAlarmDetails_okActions,
+    awsCloudWatchAlarmDetails_period,
+    awsCloudWatchAlarmDetails_statistic,
+    awsCloudWatchAlarmDetails_threshold,
+    awsCloudWatchAlarmDetails_thresholdMetricId,
+    awsCloudWatchAlarmDetails_treatMissingData,
+    awsCloudWatchAlarmDetails_unit,
+
+    -- ** AwsCloudWatchAlarmDimensionsDetails
+    awsCloudWatchAlarmDimensionsDetails_name,
+    awsCloudWatchAlarmDimensionsDetails_value,
+
+    -- ** AwsCodeBuildProjectArtifactsDetails
+    awsCodeBuildProjectArtifactsDetails_artifactIdentifier,
+    awsCodeBuildProjectArtifactsDetails_encryptionDisabled,
+    awsCodeBuildProjectArtifactsDetails_location,
+    awsCodeBuildProjectArtifactsDetails_name,
+    awsCodeBuildProjectArtifactsDetails_namespaceType,
+    awsCodeBuildProjectArtifactsDetails_overrideArtifactName,
+    awsCodeBuildProjectArtifactsDetails_packaging,
+    awsCodeBuildProjectArtifactsDetails_path,
+    awsCodeBuildProjectArtifactsDetails_type,
+
+    -- ** AwsCodeBuildProjectDetails
+    awsCodeBuildProjectDetails_artifacts,
+    awsCodeBuildProjectDetails_encryptionKey,
+    awsCodeBuildProjectDetails_environment,
+    awsCodeBuildProjectDetails_logsConfig,
+    awsCodeBuildProjectDetails_name,
+    awsCodeBuildProjectDetails_secondaryArtifacts,
+    awsCodeBuildProjectDetails_serviceRole,
+    awsCodeBuildProjectDetails_source,
+    awsCodeBuildProjectDetails_vpcConfig,
+
+    -- ** AwsCodeBuildProjectEnvironment
+    awsCodeBuildProjectEnvironment_certificate,
+    awsCodeBuildProjectEnvironment_environmentVariables,
+    awsCodeBuildProjectEnvironment_imagePullCredentialsType,
+    awsCodeBuildProjectEnvironment_privilegedMode,
+    awsCodeBuildProjectEnvironment_registryCredential,
+    awsCodeBuildProjectEnvironment_type,
+
+    -- ** AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails
+    awsCodeBuildProjectEnvironmentEnvironmentVariablesDetails_name,
+    awsCodeBuildProjectEnvironmentEnvironmentVariablesDetails_type,
+    awsCodeBuildProjectEnvironmentEnvironmentVariablesDetails_value,
+
+    -- ** AwsCodeBuildProjectEnvironmentRegistryCredential
+    awsCodeBuildProjectEnvironmentRegistryCredential_credential,
+    awsCodeBuildProjectEnvironmentRegistryCredential_credentialProvider,
+
+    -- ** AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails
+    awsCodeBuildProjectLogsConfigCloudWatchLogsDetails_groupName,
+    awsCodeBuildProjectLogsConfigCloudWatchLogsDetails_status,
+    awsCodeBuildProjectLogsConfigCloudWatchLogsDetails_streamName,
+
+    -- ** AwsCodeBuildProjectLogsConfigDetails
+    awsCodeBuildProjectLogsConfigDetails_cloudWatchLogs,
+    awsCodeBuildProjectLogsConfigDetails_s3Logs,
+
+    -- ** AwsCodeBuildProjectLogsConfigS3LogsDetails
+    awsCodeBuildProjectLogsConfigS3LogsDetails_encryptionDisabled,
+    awsCodeBuildProjectLogsConfigS3LogsDetails_location,
+    awsCodeBuildProjectLogsConfigS3LogsDetails_status,
+
+    -- ** AwsCodeBuildProjectSource
+    awsCodeBuildProjectSource_gitCloneDepth,
+    awsCodeBuildProjectSource_insecureSsl,
+    awsCodeBuildProjectSource_location,
+    awsCodeBuildProjectSource_type,
+
+    -- ** AwsCodeBuildProjectVpcConfig
+    awsCodeBuildProjectVpcConfig_securityGroupIds,
+    awsCodeBuildProjectVpcConfig_subnets,
+    awsCodeBuildProjectVpcConfig_vpcId,
+
+    -- ** AwsCorsConfiguration
+    awsCorsConfiguration_allowCredentials,
+    awsCorsConfiguration_allowHeaders,
+    awsCorsConfiguration_allowMethods,
+    awsCorsConfiguration_allowOrigins,
+    awsCorsConfiguration_exposeHeaders,
+    awsCorsConfiguration_maxAge,
+
+    -- ** AwsDynamoDbTableAttributeDefinition
+    awsDynamoDbTableAttributeDefinition_attributeName,
+    awsDynamoDbTableAttributeDefinition_attributeType,
+
+    -- ** AwsDynamoDbTableBillingModeSummary
+    awsDynamoDbTableBillingModeSummary_billingMode,
+    awsDynamoDbTableBillingModeSummary_lastUpdateToPayPerRequestDateTime,
+
+    -- ** AwsDynamoDbTableDetails
+    awsDynamoDbTableDetails_attributeDefinitions,
+    awsDynamoDbTableDetails_billingModeSummary,
+    awsDynamoDbTableDetails_creationDateTime,
+    awsDynamoDbTableDetails_globalSecondaryIndexes,
+    awsDynamoDbTableDetails_globalTableVersion,
+    awsDynamoDbTableDetails_itemCount,
+    awsDynamoDbTableDetails_keySchema,
+    awsDynamoDbTableDetails_latestStreamArn,
+    awsDynamoDbTableDetails_latestStreamLabel,
+    awsDynamoDbTableDetails_localSecondaryIndexes,
+    awsDynamoDbTableDetails_provisionedThroughput,
+    awsDynamoDbTableDetails_replicas,
+    awsDynamoDbTableDetails_restoreSummary,
+    awsDynamoDbTableDetails_sseDescription,
+    awsDynamoDbTableDetails_streamSpecification,
+    awsDynamoDbTableDetails_tableId,
+    awsDynamoDbTableDetails_tableName,
+    awsDynamoDbTableDetails_tableSizeBytes,
+    awsDynamoDbTableDetails_tableStatus,
+
+    -- ** AwsDynamoDbTableGlobalSecondaryIndex
+    awsDynamoDbTableGlobalSecondaryIndex_backfilling,
+    awsDynamoDbTableGlobalSecondaryIndex_indexArn,
+    awsDynamoDbTableGlobalSecondaryIndex_indexName,
+    awsDynamoDbTableGlobalSecondaryIndex_indexSizeBytes,
+    awsDynamoDbTableGlobalSecondaryIndex_indexStatus,
+    awsDynamoDbTableGlobalSecondaryIndex_itemCount,
+    awsDynamoDbTableGlobalSecondaryIndex_keySchema,
+    awsDynamoDbTableGlobalSecondaryIndex_projection,
+    awsDynamoDbTableGlobalSecondaryIndex_provisionedThroughput,
+
+    -- ** AwsDynamoDbTableKeySchema
+    awsDynamoDbTableKeySchema_attributeName,
+    awsDynamoDbTableKeySchema_keyType,
+
+    -- ** AwsDynamoDbTableLocalSecondaryIndex
+    awsDynamoDbTableLocalSecondaryIndex_indexArn,
+    awsDynamoDbTableLocalSecondaryIndex_indexName,
+    awsDynamoDbTableLocalSecondaryIndex_keySchema,
+    awsDynamoDbTableLocalSecondaryIndex_projection,
+
+    -- ** AwsDynamoDbTableProjection
+    awsDynamoDbTableProjection_nonKeyAttributes,
+    awsDynamoDbTableProjection_projectionType,
+
+    -- ** AwsDynamoDbTableProvisionedThroughput
+    awsDynamoDbTableProvisionedThroughput_lastDecreaseDateTime,
+    awsDynamoDbTableProvisionedThroughput_lastIncreaseDateTime,
+    awsDynamoDbTableProvisionedThroughput_numberOfDecreasesToday,
+    awsDynamoDbTableProvisionedThroughput_readCapacityUnits,
+    awsDynamoDbTableProvisionedThroughput_writeCapacityUnits,
+
+    -- ** AwsDynamoDbTableProvisionedThroughputOverride
+    awsDynamoDbTableProvisionedThroughputOverride_readCapacityUnits,
+
+    -- ** AwsDynamoDbTableReplica
+    awsDynamoDbTableReplica_globalSecondaryIndexes,
+    awsDynamoDbTableReplica_kmsMasterKeyId,
+    awsDynamoDbTableReplica_provisionedThroughputOverride,
+    awsDynamoDbTableReplica_regionName,
+    awsDynamoDbTableReplica_replicaStatus,
+    awsDynamoDbTableReplica_replicaStatusDescription,
+
+    -- ** AwsDynamoDbTableReplicaGlobalSecondaryIndex
+    awsDynamoDbTableReplicaGlobalSecondaryIndex_indexName,
+    awsDynamoDbTableReplicaGlobalSecondaryIndex_provisionedThroughputOverride,
+
+    -- ** AwsDynamoDbTableRestoreSummary
+    awsDynamoDbTableRestoreSummary_restoreDateTime,
+    awsDynamoDbTableRestoreSummary_restoreInProgress,
+    awsDynamoDbTableRestoreSummary_sourceBackupArn,
+    awsDynamoDbTableRestoreSummary_sourceTableArn,
+
+    -- ** AwsDynamoDbTableSseDescription
+    awsDynamoDbTableSseDescription_inaccessibleEncryptionDateTime,
+    awsDynamoDbTableSseDescription_kmsMasterKeyArn,
+    awsDynamoDbTableSseDescription_sseType,
+    awsDynamoDbTableSseDescription_status,
+
+    -- ** AwsDynamoDbTableStreamSpecification
+    awsDynamoDbTableStreamSpecification_streamEnabled,
+    awsDynamoDbTableStreamSpecification_streamViewType,
+
+    -- ** AwsEc2EipDetails
+    awsEc2EipDetails_allocationId,
+    awsEc2EipDetails_associationId,
+    awsEc2EipDetails_domain,
+    awsEc2EipDetails_instanceId,
+    awsEc2EipDetails_networkBorderGroup,
+    awsEc2EipDetails_networkInterfaceId,
+    awsEc2EipDetails_networkInterfaceOwnerId,
+    awsEc2EipDetails_privateIpAddress,
+    awsEc2EipDetails_publicIp,
+    awsEc2EipDetails_publicIpv4Pool,
+
+    -- ** AwsEc2InstanceDetails
+    awsEc2InstanceDetails_iamInstanceProfileArn,
+    awsEc2InstanceDetails_imageId,
+    awsEc2InstanceDetails_ipV4Addresses,
+    awsEc2InstanceDetails_ipV6Addresses,
+    awsEc2InstanceDetails_keyName,
+    awsEc2InstanceDetails_launchedAt,
+    awsEc2InstanceDetails_metadataOptions,
+    awsEc2InstanceDetails_networkInterfaces,
+    awsEc2InstanceDetails_subnetId,
+    awsEc2InstanceDetails_type,
+    awsEc2InstanceDetails_virtualizationType,
+    awsEc2InstanceDetails_vpcId,
+
+    -- ** AwsEc2InstanceMetadataOptions
+    awsEc2InstanceMetadataOptions_httpEndpoint,
+    awsEc2InstanceMetadataOptions_httpProtocolIpv6,
+    awsEc2InstanceMetadataOptions_httpPutResponseHopLimit,
+    awsEc2InstanceMetadataOptions_httpTokens,
+    awsEc2InstanceMetadataOptions_instanceMetadataTags,
+
+    -- ** AwsEc2InstanceNetworkInterfacesDetails
+    awsEc2InstanceNetworkInterfacesDetails_networkInterfaceId,
+
+    -- ** AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_deviceName,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_ebs,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_noDevice,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_virtualName,
+
+    -- ** AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_deleteOnTermination,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_encrypted,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_iops,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_kmsKeyId,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_snapshotId,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_throughput,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_volumeSize,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_volumeType,
+
+    -- ** AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails
+    awsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails_capacityReservationId,
+    awsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails_capacityReservationResourceGroupArn,
+
+    -- ** AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails
+    awsEc2LaunchTemplateDataCapacityReservationSpecificationDetails_capacityReservationPreference,
+    awsEc2LaunchTemplateDataCapacityReservationSpecificationDetails_capacityReservationTarget,
+
+    -- ** AwsEc2LaunchTemplateDataCpuOptionsDetails
+    awsEc2LaunchTemplateDataCpuOptionsDetails_coreCount,
+    awsEc2LaunchTemplateDataCpuOptionsDetails_threadsPerCore,
+
+    -- ** AwsEc2LaunchTemplateDataCreditSpecificationDetails
+    awsEc2LaunchTemplateDataCreditSpecificationDetails_cpuCredits,
+
+    -- ** AwsEc2LaunchTemplateDataDetails
+    awsEc2LaunchTemplateDataDetails_blockDeviceMappingSet,
+    awsEc2LaunchTemplateDataDetails_capacityReservationSpecification,
+    awsEc2LaunchTemplateDataDetails_cpuOptions,
+    awsEc2LaunchTemplateDataDetails_creditSpecification,
+    awsEc2LaunchTemplateDataDetails_disableApiStop,
+    awsEc2LaunchTemplateDataDetails_disableApiTermination,
+    awsEc2LaunchTemplateDataDetails_ebsOptimized,
+    awsEc2LaunchTemplateDataDetails_elasticGpuSpecificationSet,
+    awsEc2LaunchTemplateDataDetails_elasticInferenceAcceleratorSet,
+    awsEc2LaunchTemplateDataDetails_enclaveOptions,
+    awsEc2LaunchTemplateDataDetails_hibernationOptions,
+    awsEc2LaunchTemplateDataDetails_iamInstanceProfile,
+    awsEc2LaunchTemplateDataDetails_imageId,
+    awsEc2LaunchTemplateDataDetails_instanceInitiatedShutdownBehavior,
+    awsEc2LaunchTemplateDataDetails_instanceMarketOptions,
+    awsEc2LaunchTemplateDataDetails_instanceRequirements,
+    awsEc2LaunchTemplateDataDetails_instanceType,
+    awsEc2LaunchTemplateDataDetails_kernelId,
+    awsEc2LaunchTemplateDataDetails_keyName,
+    awsEc2LaunchTemplateDataDetails_licenseSet,
+    awsEc2LaunchTemplateDataDetails_maintenanceOptions,
+    awsEc2LaunchTemplateDataDetails_metadataOptions,
+    awsEc2LaunchTemplateDataDetails_monitoring,
+    awsEc2LaunchTemplateDataDetails_networkInterfaceSet,
+    awsEc2LaunchTemplateDataDetails_placement,
+    awsEc2LaunchTemplateDataDetails_privateDnsNameOptions,
+    awsEc2LaunchTemplateDataDetails_ramDiskId,
+    awsEc2LaunchTemplateDataDetails_securityGroupIdSet,
+    awsEc2LaunchTemplateDataDetails_securityGroupSet,
+    awsEc2LaunchTemplateDataDetails_userData,
+
+    -- ** AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails
+    awsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails_type,
+
+    -- ** AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails
+    awsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails_count,
+    awsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails_type,
+
+    -- ** AwsEc2LaunchTemplateDataEnclaveOptionsDetails
+    awsEc2LaunchTemplateDataEnclaveOptionsDetails_enabled,
+
+    -- ** AwsEc2LaunchTemplateDataHibernationOptionsDetails
+    awsEc2LaunchTemplateDataHibernationOptionsDetails_configured,
+
+    -- ** AwsEc2LaunchTemplateDataIamInstanceProfileDetails
+    awsEc2LaunchTemplateDataIamInstanceProfileDetails_arn,
+    awsEc2LaunchTemplateDataIamInstanceProfileDetails_name,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails
+    awsEc2LaunchTemplateDataInstanceMarketOptionsDetails_marketType,
+    awsEc2LaunchTemplateDataInstanceMarketOptionsDetails_spotOptions,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails
+    awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_blockDurationMinutes,
+    awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_instanceInterruptionBehavior,
+    awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_maxPrice,
+    awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_spotInstanceType,
+    awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_validUntil,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails
+    awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails_min,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails
+    awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails_min,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails
+    awsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails_min,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsDetails
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorCount,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorManufacturers,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorNames,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorTotalMemoryMiB,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorTypes,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_bareMetal,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_baselineEbsBandwidthMbps,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_burstablePerformance,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_cpuManufacturers,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_excludedInstanceTypes,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_instanceGenerations,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_localStorage,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_localStorageTypes,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_memoryGiBPerVCpu,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_memoryMiB,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_networkInterfaceCount,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_onDemandMaxPricePercentageOverLowestPrice,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_requireHibernateSupport,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_spotMaxPricePercentageOverLowestPrice,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_totalLocalStorageGB,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_vCpuCount,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails
+    awsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails_min,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails
+    awsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails_min,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails
+    awsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails_min,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails
+    awsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails_min,
+
+    -- ** AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails
+    awsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails_min,
+
+    -- ** AwsEc2LaunchTemplateDataLicenseSetDetails
+    awsEc2LaunchTemplateDataLicenseSetDetails_licenseConfigurationArn,
+
+    -- ** AwsEc2LaunchTemplateDataMaintenanceOptionsDetails
+    awsEc2LaunchTemplateDataMaintenanceOptionsDetails_autoRecovery,
+
+    -- ** AwsEc2LaunchTemplateDataMetadataOptionsDetails
+    awsEc2LaunchTemplateDataMetadataOptionsDetails_httpEndpoint,
+    awsEc2LaunchTemplateDataMetadataOptionsDetails_httpProtocolIpv6,
+    awsEc2LaunchTemplateDataMetadataOptionsDetails_httpPutResponseHopLimit,
+    awsEc2LaunchTemplateDataMetadataOptionsDetails_httpTokens,
+    awsEc2LaunchTemplateDataMetadataOptionsDetails_instanceMetadataTags,
+
+    -- ** AwsEc2LaunchTemplateDataMonitoringDetails
+    awsEc2LaunchTemplateDataMonitoringDetails_enabled,
+
+    -- ** AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_associateCarrierIpAddress,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_associatePublicIpAddress,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_deleteOnTermination,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_description,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_deviceIndex,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_groups,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_interfaceType,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv4PrefixCount,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv4Prefixes,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6AddressCount,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6Addresses,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6PrefixCount,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6Prefixes,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_networkCardIndex,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_networkInterfaceId,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_privateIpAddress,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_privateIpAddresses,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_secondaryPrivateIpAddressCount,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_subnetId,
+
+    -- ** AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails
+    awsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails_ipv4Prefix,
+
+    -- ** AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails
+    awsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails_ipv6Address,
+
+    -- ** AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails
+    awsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails_ipv6Prefix,
+
+    -- ** AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails
+    awsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails_primary,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails_privateIpAddress,
+
+    -- ** AwsEc2LaunchTemplateDataPlacementDetails
+    awsEc2LaunchTemplateDataPlacementDetails_affinity,
+    awsEc2LaunchTemplateDataPlacementDetails_availabilityZone,
+    awsEc2LaunchTemplateDataPlacementDetails_groupName,
+    awsEc2LaunchTemplateDataPlacementDetails_hostId,
+    awsEc2LaunchTemplateDataPlacementDetails_hostResourceGroupArn,
+    awsEc2LaunchTemplateDataPlacementDetails_partitionNumber,
+    awsEc2LaunchTemplateDataPlacementDetails_spreadDomain,
+    awsEc2LaunchTemplateDataPlacementDetails_tenancy,
+
+    -- ** AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails
+    awsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails_enableResourceNameDnsAAAARecord,
+    awsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails_enableResourceNameDnsARecord,
+    awsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails_hostnameType,
+
+    -- ** AwsEc2LaunchTemplateDetails
+    awsEc2LaunchTemplateDetails_defaultVersionNumber,
+    awsEc2LaunchTemplateDetails_id,
+    awsEc2LaunchTemplateDetails_latestVersionNumber,
+    awsEc2LaunchTemplateDetails_launchTemplateData,
+    awsEc2LaunchTemplateDetails_launchTemplateName,
+
+    -- ** AwsEc2NetworkAclAssociation
+    awsEc2NetworkAclAssociation_networkAclAssociationId,
+    awsEc2NetworkAclAssociation_networkAclId,
+    awsEc2NetworkAclAssociation_subnetId,
+
+    -- ** AwsEc2NetworkAclDetails
+    awsEc2NetworkAclDetails_associations,
+    awsEc2NetworkAclDetails_entries,
+    awsEc2NetworkAclDetails_isDefault,
+    awsEc2NetworkAclDetails_networkAclId,
+    awsEc2NetworkAclDetails_ownerId,
+    awsEc2NetworkAclDetails_vpcId,
+
+    -- ** AwsEc2NetworkAclEntry
+    awsEc2NetworkAclEntry_cidrBlock,
+    awsEc2NetworkAclEntry_egress,
+    awsEc2NetworkAclEntry_icmpTypeCode,
+    awsEc2NetworkAclEntry_ipv6CidrBlock,
+    awsEc2NetworkAclEntry_portRange,
+    awsEc2NetworkAclEntry_protocol,
+    awsEc2NetworkAclEntry_ruleAction,
+    awsEc2NetworkAclEntry_ruleNumber,
+
+    -- ** AwsEc2NetworkInterfaceAttachment
+    awsEc2NetworkInterfaceAttachment_attachTime,
+    awsEc2NetworkInterfaceAttachment_attachmentId,
+    awsEc2NetworkInterfaceAttachment_deleteOnTermination,
+    awsEc2NetworkInterfaceAttachment_deviceIndex,
+    awsEc2NetworkInterfaceAttachment_instanceId,
+    awsEc2NetworkInterfaceAttachment_instanceOwnerId,
+    awsEc2NetworkInterfaceAttachment_status,
+
+    -- ** AwsEc2NetworkInterfaceDetails
+    awsEc2NetworkInterfaceDetails_attachment,
+    awsEc2NetworkInterfaceDetails_ipV6Addresses,
+    awsEc2NetworkInterfaceDetails_networkInterfaceId,
+    awsEc2NetworkInterfaceDetails_privateIpAddresses,
+    awsEc2NetworkInterfaceDetails_publicDnsName,
+    awsEc2NetworkInterfaceDetails_publicIp,
+    awsEc2NetworkInterfaceDetails_securityGroups,
+    awsEc2NetworkInterfaceDetails_sourceDestCheck,
+
+    -- ** AwsEc2NetworkInterfaceIpV6AddressDetail
+    awsEc2NetworkInterfaceIpV6AddressDetail_ipV6Address,
+
+    -- ** AwsEc2NetworkInterfacePrivateIpAddressDetail
+    awsEc2NetworkInterfacePrivateIpAddressDetail_privateDnsName,
+    awsEc2NetworkInterfacePrivateIpAddressDetail_privateIpAddress,
+
+    -- ** AwsEc2NetworkInterfaceSecurityGroup
+    awsEc2NetworkInterfaceSecurityGroup_groupId,
+    awsEc2NetworkInterfaceSecurityGroup_groupName,
+
+    -- ** AwsEc2SecurityGroupDetails
+    awsEc2SecurityGroupDetails_groupId,
+    awsEc2SecurityGroupDetails_groupName,
+    awsEc2SecurityGroupDetails_ipPermissions,
+    awsEc2SecurityGroupDetails_ipPermissionsEgress,
+    awsEc2SecurityGroupDetails_ownerId,
+    awsEc2SecurityGroupDetails_vpcId,
+
+    -- ** AwsEc2SecurityGroupIpPermission
+    awsEc2SecurityGroupIpPermission_fromPort,
+    awsEc2SecurityGroupIpPermission_ipProtocol,
+    awsEc2SecurityGroupIpPermission_ipRanges,
+    awsEc2SecurityGroupIpPermission_ipv6Ranges,
+    awsEc2SecurityGroupIpPermission_prefixListIds,
+    awsEc2SecurityGroupIpPermission_toPort,
+    awsEc2SecurityGroupIpPermission_userIdGroupPairs,
+
+    -- ** AwsEc2SecurityGroupIpRange
+    awsEc2SecurityGroupIpRange_cidrIp,
+
+    -- ** AwsEc2SecurityGroupIpv6Range
+    awsEc2SecurityGroupIpv6Range_cidrIpv6,
+
+    -- ** AwsEc2SecurityGroupPrefixListId
+    awsEc2SecurityGroupPrefixListId_prefixListId,
+
+    -- ** AwsEc2SecurityGroupUserIdGroupPair
+    awsEc2SecurityGroupUserIdGroupPair_groupId,
+    awsEc2SecurityGroupUserIdGroupPair_groupName,
+    awsEc2SecurityGroupUserIdGroupPair_peeringStatus,
+    awsEc2SecurityGroupUserIdGroupPair_userId,
+    awsEc2SecurityGroupUserIdGroupPair_vpcId,
+    awsEc2SecurityGroupUserIdGroupPair_vpcPeeringConnectionId,
+
+    -- ** AwsEc2SubnetDetails
+    awsEc2SubnetDetails_assignIpv6AddressOnCreation,
+    awsEc2SubnetDetails_availabilityZone,
+    awsEc2SubnetDetails_availabilityZoneId,
+    awsEc2SubnetDetails_availableIpAddressCount,
+    awsEc2SubnetDetails_cidrBlock,
+    awsEc2SubnetDetails_defaultForAz,
+    awsEc2SubnetDetails_ipv6CidrBlockAssociationSet,
+    awsEc2SubnetDetails_mapPublicIpOnLaunch,
+    awsEc2SubnetDetails_ownerId,
+    awsEc2SubnetDetails_state,
+    awsEc2SubnetDetails_subnetArn,
+    awsEc2SubnetDetails_subnetId,
+    awsEc2SubnetDetails_vpcId,
+
+    -- ** AwsEc2TransitGatewayDetails
+    awsEc2TransitGatewayDetails_amazonSideAsn,
+    awsEc2TransitGatewayDetails_associationDefaultRouteTableId,
+    awsEc2TransitGatewayDetails_autoAcceptSharedAttachments,
+    awsEc2TransitGatewayDetails_defaultRouteTableAssociation,
+    awsEc2TransitGatewayDetails_defaultRouteTablePropagation,
+    awsEc2TransitGatewayDetails_description,
+    awsEc2TransitGatewayDetails_dnsSupport,
+    awsEc2TransitGatewayDetails_id,
+    awsEc2TransitGatewayDetails_multicastSupport,
+    awsEc2TransitGatewayDetails_propagationDefaultRouteTableId,
+    awsEc2TransitGatewayDetails_transitGatewayCidrBlocks,
+    awsEc2TransitGatewayDetails_vpnEcmpSupport,
+
+    -- ** AwsEc2VolumeAttachment
+    awsEc2VolumeAttachment_attachTime,
+    awsEc2VolumeAttachment_deleteOnTermination,
+    awsEc2VolumeAttachment_instanceId,
+    awsEc2VolumeAttachment_status,
+
+    -- ** AwsEc2VolumeDetails
+    awsEc2VolumeDetails_attachments,
+    awsEc2VolumeDetails_createTime,
+    awsEc2VolumeDetails_deviceName,
+    awsEc2VolumeDetails_encrypted,
+    awsEc2VolumeDetails_kmsKeyId,
+    awsEc2VolumeDetails_size,
+    awsEc2VolumeDetails_snapshotId,
+    awsEc2VolumeDetails_status,
+    awsEc2VolumeDetails_volumeId,
+    awsEc2VolumeDetails_volumeScanStatus,
+    awsEc2VolumeDetails_volumeType,
+
+    -- ** AwsEc2VpcDetails
+    awsEc2VpcDetails_cidrBlockAssociationSet,
+    awsEc2VpcDetails_dhcpOptionsId,
+    awsEc2VpcDetails_ipv6CidrBlockAssociationSet,
+    awsEc2VpcDetails_state,
+
+    -- ** AwsEc2VpcEndpointServiceDetails
+    awsEc2VpcEndpointServiceDetails_acceptanceRequired,
+    awsEc2VpcEndpointServiceDetails_availabilityZones,
+    awsEc2VpcEndpointServiceDetails_baseEndpointDnsNames,
+    awsEc2VpcEndpointServiceDetails_gatewayLoadBalancerArns,
+    awsEc2VpcEndpointServiceDetails_managesVpcEndpoints,
+    awsEc2VpcEndpointServiceDetails_networkLoadBalancerArns,
+    awsEc2VpcEndpointServiceDetails_privateDnsName,
+    awsEc2VpcEndpointServiceDetails_serviceId,
+    awsEc2VpcEndpointServiceDetails_serviceName,
+    awsEc2VpcEndpointServiceDetails_serviceState,
+    awsEc2VpcEndpointServiceDetails_serviceType,
+
+    -- ** AwsEc2VpcEndpointServiceServiceTypeDetails
+    awsEc2VpcEndpointServiceServiceTypeDetails_serviceType,
+
+    -- ** AwsEc2VpcPeeringConnectionDetails
+    awsEc2VpcPeeringConnectionDetails_accepterVpcInfo,
+    awsEc2VpcPeeringConnectionDetails_expirationTime,
+    awsEc2VpcPeeringConnectionDetails_requesterVpcInfo,
+    awsEc2VpcPeeringConnectionDetails_status,
+    awsEc2VpcPeeringConnectionDetails_vpcPeeringConnectionId,
+
+    -- ** AwsEc2VpcPeeringConnectionStatusDetails
+    awsEc2VpcPeeringConnectionStatusDetails_code,
+    awsEc2VpcPeeringConnectionStatusDetails_message,
+
+    -- ** AwsEc2VpcPeeringConnectionVpcInfoDetails
+    awsEc2VpcPeeringConnectionVpcInfoDetails_cidrBlock,
+    awsEc2VpcPeeringConnectionVpcInfoDetails_cidrBlockSet,
+    awsEc2VpcPeeringConnectionVpcInfoDetails_ipv6CidrBlockSet,
+    awsEc2VpcPeeringConnectionVpcInfoDetails_ownerId,
+    awsEc2VpcPeeringConnectionVpcInfoDetails_peeringOptions,
+    awsEc2VpcPeeringConnectionVpcInfoDetails_region,
+    awsEc2VpcPeeringConnectionVpcInfoDetails_vpcId,
+
+    -- ** AwsEc2VpnConnectionDetails
+    awsEc2VpnConnectionDetails_category,
+    awsEc2VpnConnectionDetails_customerGatewayConfiguration,
+    awsEc2VpnConnectionDetails_customerGatewayId,
+    awsEc2VpnConnectionDetails_options,
+    awsEc2VpnConnectionDetails_routes,
+    awsEc2VpnConnectionDetails_state,
+    awsEc2VpnConnectionDetails_transitGatewayId,
+    awsEc2VpnConnectionDetails_type,
+    awsEc2VpnConnectionDetails_vgwTelemetry,
+    awsEc2VpnConnectionDetails_vpnConnectionId,
+    awsEc2VpnConnectionDetails_vpnGatewayId,
+
+    -- ** AwsEc2VpnConnectionOptionsDetails
+    awsEc2VpnConnectionOptionsDetails_staticRoutesOnly,
+    awsEc2VpnConnectionOptionsDetails_tunnelOptions,
+
+    -- ** AwsEc2VpnConnectionOptionsTunnelOptionsDetails
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_dpdTimeoutSeconds,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_ikeVersions,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_outsideIpAddress,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1DhGroupNumbers,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1EncryptionAlgorithms,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1IntegrityAlgorithms,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1LifetimeSeconds,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2DhGroupNumbers,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2EncryptionAlgorithms,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2IntegrityAlgorithms,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2LifetimeSeconds,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_preSharedKey,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_rekeyFuzzPercentage,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_rekeyMarginTimeSeconds,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_replayWindowSize,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_tunnelInsideCidr,
+
+    -- ** AwsEc2VpnConnectionRoutesDetails
+    awsEc2VpnConnectionRoutesDetails_destinationCidrBlock,
+    awsEc2VpnConnectionRoutesDetails_state,
+
+    -- ** AwsEc2VpnConnectionVgwTelemetryDetails
+    awsEc2VpnConnectionVgwTelemetryDetails_acceptedRouteCount,
+    awsEc2VpnConnectionVgwTelemetryDetails_certificateArn,
+    awsEc2VpnConnectionVgwTelemetryDetails_lastStatusChange,
+    awsEc2VpnConnectionVgwTelemetryDetails_outsideIpAddress,
+    awsEc2VpnConnectionVgwTelemetryDetails_status,
+    awsEc2VpnConnectionVgwTelemetryDetails_statusMessage,
+
+    -- ** AwsEcrContainerImageDetails
+    awsEcrContainerImageDetails_architecture,
+    awsEcrContainerImageDetails_imageDigest,
+    awsEcrContainerImageDetails_imagePublishedAt,
+    awsEcrContainerImageDetails_imageTags,
+    awsEcrContainerImageDetails_registryId,
+    awsEcrContainerImageDetails_repositoryName,
+
+    -- ** AwsEcrRepositoryDetails
+    awsEcrRepositoryDetails_arn,
+    awsEcrRepositoryDetails_imageScanningConfiguration,
+    awsEcrRepositoryDetails_imageTagMutability,
+    awsEcrRepositoryDetails_lifecyclePolicy,
+    awsEcrRepositoryDetails_repositoryName,
+    awsEcrRepositoryDetails_repositoryPolicyText,
+
+    -- ** AwsEcrRepositoryImageScanningConfigurationDetails
+    awsEcrRepositoryImageScanningConfigurationDetails_scanOnPush,
+
+    -- ** AwsEcrRepositoryLifecyclePolicyDetails
+    awsEcrRepositoryLifecyclePolicyDetails_lifecyclePolicyText,
+    awsEcrRepositoryLifecyclePolicyDetails_registryId,
+
+    -- ** AwsEcsClusterClusterSettingsDetails
+    awsEcsClusterClusterSettingsDetails_name,
+    awsEcsClusterClusterSettingsDetails_value,
+
+    -- ** AwsEcsClusterConfigurationDetails
+    awsEcsClusterConfigurationDetails_executeCommandConfiguration,
+
+    -- ** AwsEcsClusterConfigurationExecuteCommandConfigurationDetails
+    awsEcsClusterConfigurationExecuteCommandConfigurationDetails_kmsKeyId,
+    awsEcsClusterConfigurationExecuteCommandConfigurationDetails_logConfiguration,
+    awsEcsClusterConfigurationExecuteCommandConfigurationDetails_logging,
+
+    -- ** AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails
+    awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_cloudWatchEncryptionEnabled,
+    awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_cloudWatchLogGroupName,
+    awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_s3BucketName,
+    awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_s3EncryptionEnabled,
+    awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_s3KeyPrefix,
+
+    -- ** AwsEcsClusterDefaultCapacityProviderStrategyDetails
+    awsEcsClusterDefaultCapacityProviderStrategyDetails_base,
+    awsEcsClusterDefaultCapacityProviderStrategyDetails_capacityProvider,
+    awsEcsClusterDefaultCapacityProviderStrategyDetails_weight,
+
+    -- ** AwsEcsClusterDetails
+    awsEcsClusterDetails_activeServicesCount,
+    awsEcsClusterDetails_capacityProviders,
+    awsEcsClusterDetails_clusterArn,
+    awsEcsClusterDetails_clusterName,
+    awsEcsClusterDetails_clusterSettings,
+    awsEcsClusterDetails_configuration,
+    awsEcsClusterDetails_defaultCapacityProviderStrategy,
+    awsEcsClusterDetails_registeredContainerInstancesCount,
+    awsEcsClusterDetails_runningTasksCount,
+    awsEcsClusterDetails_status,
+
+    -- ** AwsEcsContainerDetails
+    awsEcsContainerDetails_image,
+    awsEcsContainerDetails_mountPoints,
+    awsEcsContainerDetails_name,
+    awsEcsContainerDetails_privileged,
+
+    -- ** AwsEcsServiceCapacityProviderStrategyDetails
+    awsEcsServiceCapacityProviderStrategyDetails_base,
+    awsEcsServiceCapacityProviderStrategyDetails_capacityProvider,
+    awsEcsServiceCapacityProviderStrategyDetails_weight,
+
+    -- ** AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails
+    awsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails_enable,
+    awsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails_rollback,
+
+    -- ** AwsEcsServiceDeploymentConfigurationDetails
+    awsEcsServiceDeploymentConfigurationDetails_deploymentCircuitBreaker,
+    awsEcsServiceDeploymentConfigurationDetails_maximumPercent,
+    awsEcsServiceDeploymentConfigurationDetails_minimumHealthyPercent,
+
+    -- ** AwsEcsServiceDeploymentControllerDetails
+    awsEcsServiceDeploymentControllerDetails_type,
+
+    -- ** AwsEcsServiceDetails
+    awsEcsServiceDetails_capacityProviderStrategy,
+    awsEcsServiceDetails_cluster,
+    awsEcsServiceDetails_deploymentConfiguration,
+    awsEcsServiceDetails_deploymentController,
+    awsEcsServiceDetails_desiredCount,
+    awsEcsServiceDetails_enableEcsManagedTags,
+    awsEcsServiceDetails_enableExecuteCommand,
+    awsEcsServiceDetails_healthCheckGracePeriodSeconds,
+    awsEcsServiceDetails_launchType,
+    awsEcsServiceDetails_loadBalancers,
+    awsEcsServiceDetails_name,
+    awsEcsServiceDetails_networkConfiguration,
+    awsEcsServiceDetails_placementConstraints,
+    awsEcsServiceDetails_placementStrategies,
+    awsEcsServiceDetails_platformVersion,
+    awsEcsServiceDetails_propagateTags,
+    awsEcsServiceDetails_role,
+    awsEcsServiceDetails_schedulingStrategy,
+    awsEcsServiceDetails_serviceArn,
+    awsEcsServiceDetails_serviceName,
+    awsEcsServiceDetails_serviceRegistries,
+    awsEcsServiceDetails_taskDefinition,
+
+    -- ** AwsEcsServiceLoadBalancersDetails
+    awsEcsServiceLoadBalancersDetails_containerName,
+    awsEcsServiceLoadBalancersDetails_containerPort,
+    awsEcsServiceLoadBalancersDetails_loadBalancerName,
+    awsEcsServiceLoadBalancersDetails_targetGroupArn,
+
+    -- ** AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails
+    awsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails_assignPublicIp,
+    awsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails_securityGroups,
+    awsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails_subnets,
+
+    -- ** AwsEcsServiceNetworkConfigurationDetails
+    awsEcsServiceNetworkConfigurationDetails_awsVpcConfiguration,
+
+    -- ** AwsEcsServicePlacementConstraintsDetails
+    awsEcsServicePlacementConstraintsDetails_expression,
+    awsEcsServicePlacementConstraintsDetails_type,
+
+    -- ** AwsEcsServicePlacementStrategiesDetails
+    awsEcsServicePlacementStrategiesDetails_field,
+    awsEcsServicePlacementStrategiesDetails_type,
+
+    -- ** AwsEcsServiceServiceRegistriesDetails
+    awsEcsServiceServiceRegistriesDetails_containerName,
+    awsEcsServiceServiceRegistriesDetails_containerPort,
+    awsEcsServiceServiceRegistriesDetails_port,
+    awsEcsServiceServiceRegistriesDetails_registryArn,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails
+    awsEcsTaskDefinitionContainerDefinitionsDependsOnDetails_condition,
+    awsEcsTaskDefinitionContainerDefinitionsDependsOnDetails_containerName,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsDetails
+    awsEcsTaskDefinitionContainerDefinitionsDetails_command,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_cpu,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_dependsOn,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_disableNetworking,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_dnsSearchDomains,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_dnsServers,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_dockerLabels,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_dockerSecurityOptions,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_entryPoint,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_environment,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_environmentFiles,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_essential,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_extraHosts,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_firelensConfiguration,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_healthCheck,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_hostname,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_image,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_interactive,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_links,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_linuxParameters,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_logConfiguration,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_memory,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_memoryReservation,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_mountPoints,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_name,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_portMappings,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_privileged,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_pseudoTerminal,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_readonlyRootFilesystem,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_repositoryCredentials,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_resourceRequirements,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_secrets,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_startTimeout,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_stopTimeout,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_systemControls,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_ulimits,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_user,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_volumesFrom,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_workingDirectory,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails
+    awsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails_name,
+    awsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails_value,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails
+    awsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails_type,
+    awsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails_value,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails
+    awsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails_hostname,
+    awsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails_ipAddress,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails
+    awsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails_options,
+    awsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails_type,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails
+    awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_command,
+    awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_interval,
+    awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_retries,
+    awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_startPeriod,
+    awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_timeout,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails_add,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails_drop,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_capabilities,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_devices,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_initProcessEnabled,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_maxSwap,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_sharedMemorySize,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_swappiness,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_tmpfs,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails_containerPath,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails_hostPath,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails_permissions,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails_containerPath,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails_mountOptions,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails_size,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails
+    awsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails_logDriver,
+    awsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails_options,
+    awsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails_secretOptions,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails
+    awsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails_name,
+    awsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails_valueFrom,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails
+    awsEcsTaskDefinitionContainerDefinitionsMountPointsDetails_containerPath,
+    awsEcsTaskDefinitionContainerDefinitionsMountPointsDetails_readOnly,
+    awsEcsTaskDefinitionContainerDefinitionsMountPointsDetails_sourceVolume,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails
+    awsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails_containerPort,
+    awsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails_hostPort,
+    awsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails_protocol,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails
+    awsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails_credentialsParameter,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails
+    awsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails_type,
+    awsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails_value,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails
+    awsEcsTaskDefinitionContainerDefinitionsSecretsDetails_name,
+    awsEcsTaskDefinitionContainerDefinitionsSecretsDetails_valueFrom,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails
+    awsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails_namespace,
+    awsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails_value,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails
+    awsEcsTaskDefinitionContainerDefinitionsUlimitsDetails_hardLimit,
+    awsEcsTaskDefinitionContainerDefinitionsUlimitsDetails_name,
+    awsEcsTaskDefinitionContainerDefinitionsUlimitsDetails_softLimit,
+
+    -- ** AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails
+    awsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails_readOnly,
+    awsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails_sourceContainer,
+
+    -- ** AwsEcsTaskDefinitionDetails
+    awsEcsTaskDefinitionDetails_containerDefinitions,
+    awsEcsTaskDefinitionDetails_cpu,
+    awsEcsTaskDefinitionDetails_executionRoleArn,
+    awsEcsTaskDefinitionDetails_family,
+    awsEcsTaskDefinitionDetails_inferenceAccelerators,
+    awsEcsTaskDefinitionDetails_ipcMode,
+    awsEcsTaskDefinitionDetails_memory,
+    awsEcsTaskDefinitionDetails_networkMode,
+    awsEcsTaskDefinitionDetails_pidMode,
+    awsEcsTaskDefinitionDetails_placementConstraints,
+    awsEcsTaskDefinitionDetails_proxyConfiguration,
+    awsEcsTaskDefinitionDetails_requiresCompatibilities,
+    awsEcsTaskDefinitionDetails_taskRoleArn,
+    awsEcsTaskDefinitionDetails_volumes,
+
+    -- ** AwsEcsTaskDefinitionInferenceAcceleratorsDetails
+    awsEcsTaskDefinitionInferenceAcceleratorsDetails_deviceName,
+    awsEcsTaskDefinitionInferenceAcceleratorsDetails_deviceType,
+
+    -- ** AwsEcsTaskDefinitionPlacementConstraintsDetails
+    awsEcsTaskDefinitionPlacementConstraintsDetails_expression,
+    awsEcsTaskDefinitionPlacementConstraintsDetails_type,
+
+    -- ** AwsEcsTaskDefinitionProxyConfigurationDetails
+    awsEcsTaskDefinitionProxyConfigurationDetails_containerName,
+    awsEcsTaskDefinitionProxyConfigurationDetails_proxyConfigurationProperties,
+    awsEcsTaskDefinitionProxyConfigurationDetails_type,
+
+    -- ** AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails
+    awsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails_name,
+    awsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails_value,
+
+    -- ** AwsEcsTaskDefinitionVolumesDetails
+    awsEcsTaskDefinitionVolumesDetails_dockerVolumeConfiguration,
+    awsEcsTaskDefinitionVolumesDetails_efsVolumeConfiguration,
+    awsEcsTaskDefinitionVolumesDetails_host,
+    awsEcsTaskDefinitionVolumesDetails_name,
+
+    -- ** AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails
+    awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_autoprovision,
+    awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_driver,
+    awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_driverOpts,
+    awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_labels,
+    awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_scope,
+
+    -- ** AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails
+    awsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails_accessPointId,
+    awsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails_iam,
+
+    -- ** AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails
+    awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_authorizationConfig,
+    awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_filesystemId,
+    awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_rootDirectory,
+    awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_transitEncryption,
+    awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_transitEncryptionPort,
+
+    -- ** AwsEcsTaskDefinitionVolumesHostDetails
+    awsEcsTaskDefinitionVolumesHostDetails_sourcePath,
+
+    -- ** AwsEcsTaskDetails
+    awsEcsTaskDetails_clusterArn,
+    awsEcsTaskDetails_containers,
+    awsEcsTaskDetails_createdAt,
+    awsEcsTaskDetails_group,
+    awsEcsTaskDetails_startedAt,
+    awsEcsTaskDetails_startedBy,
+    awsEcsTaskDetails_taskDefinitionArn,
+    awsEcsTaskDetails_version,
+    awsEcsTaskDetails_volumes,
+
+    -- ** AwsEcsTaskVolumeDetails
+    awsEcsTaskVolumeDetails_host,
+    awsEcsTaskVolumeDetails_name,
+
+    -- ** AwsEcsTaskVolumeHostDetails
+    awsEcsTaskVolumeHostDetails_sourcePath,
+
+    -- ** AwsEfsAccessPointDetails
+    awsEfsAccessPointDetails_accessPointId,
+    awsEfsAccessPointDetails_arn,
+    awsEfsAccessPointDetails_clientToken,
+    awsEfsAccessPointDetails_fileSystemId,
+    awsEfsAccessPointDetails_posixUser,
+    awsEfsAccessPointDetails_rootDirectory,
+
+    -- ** AwsEfsAccessPointPosixUserDetails
+    awsEfsAccessPointPosixUserDetails_gid,
+    awsEfsAccessPointPosixUserDetails_secondaryGids,
+    awsEfsAccessPointPosixUserDetails_uid,
+
+    -- ** AwsEfsAccessPointRootDirectoryCreationInfoDetails
+    awsEfsAccessPointRootDirectoryCreationInfoDetails_ownerGid,
+    awsEfsAccessPointRootDirectoryCreationInfoDetails_ownerUid,
+    awsEfsAccessPointRootDirectoryCreationInfoDetails_permissions,
+
+    -- ** AwsEfsAccessPointRootDirectoryDetails
+    awsEfsAccessPointRootDirectoryDetails_creationInfo,
+    awsEfsAccessPointRootDirectoryDetails_path,
+
+    -- ** AwsEksClusterDetails
+    awsEksClusterDetails_arn,
+    awsEksClusterDetails_certificateAuthorityData,
+    awsEksClusterDetails_clusterStatus,
+    awsEksClusterDetails_endpoint,
+    awsEksClusterDetails_logging,
+    awsEksClusterDetails_name,
+    awsEksClusterDetails_resourcesVpcConfig,
+    awsEksClusterDetails_roleArn,
+    awsEksClusterDetails_version,
+
+    -- ** AwsEksClusterLoggingClusterLoggingDetails
+    awsEksClusterLoggingClusterLoggingDetails_enabled,
+    awsEksClusterLoggingClusterLoggingDetails_types,
+
+    -- ** AwsEksClusterLoggingDetails
+    awsEksClusterLoggingDetails_clusterLogging,
+
+    -- ** AwsEksClusterResourcesVpcConfigDetails
+    awsEksClusterResourcesVpcConfigDetails_securityGroupIds,
+    awsEksClusterResourcesVpcConfigDetails_subnetIds,
+
+    -- ** AwsElasticBeanstalkEnvironmentDetails
+    awsElasticBeanstalkEnvironmentDetails_applicationName,
+    awsElasticBeanstalkEnvironmentDetails_cname,
+    awsElasticBeanstalkEnvironmentDetails_dateCreated,
+    awsElasticBeanstalkEnvironmentDetails_dateUpdated,
+    awsElasticBeanstalkEnvironmentDetails_description,
+    awsElasticBeanstalkEnvironmentDetails_endpointUrl,
+    awsElasticBeanstalkEnvironmentDetails_environmentArn,
+    awsElasticBeanstalkEnvironmentDetails_environmentId,
+    awsElasticBeanstalkEnvironmentDetails_environmentLinks,
+    awsElasticBeanstalkEnvironmentDetails_environmentName,
+    awsElasticBeanstalkEnvironmentDetails_optionSettings,
+    awsElasticBeanstalkEnvironmentDetails_platformArn,
+    awsElasticBeanstalkEnvironmentDetails_solutionStackName,
+    awsElasticBeanstalkEnvironmentDetails_status,
+    awsElasticBeanstalkEnvironmentDetails_tier,
+    awsElasticBeanstalkEnvironmentDetails_versionLabel,
+
+    -- ** AwsElasticBeanstalkEnvironmentEnvironmentLink
+    awsElasticBeanstalkEnvironmentEnvironmentLink_environmentName,
+    awsElasticBeanstalkEnvironmentEnvironmentLink_linkName,
+
+    -- ** AwsElasticBeanstalkEnvironmentOptionSetting
+    awsElasticBeanstalkEnvironmentOptionSetting_namespace,
+    awsElasticBeanstalkEnvironmentOptionSetting_optionName,
+    awsElasticBeanstalkEnvironmentOptionSetting_resourceName,
+    awsElasticBeanstalkEnvironmentOptionSetting_value,
+
+    -- ** AwsElasticBeanstalkEnvironmentTier
+    awsElasticBeanstalkEnvironmentTier_name,
+    awsElasticBeanstalkEnvironmentTier_type,
+    awsElasticBeanstalkEnvironmentTier_version,
+
+    -- ** AwsElasticsearchDomainDetails
+    awsElasticsearchDomainDetails_accessPolicies,
+    awsElasticsearchDomainDetails_domainEndpointOptions,
+    awsElasticsearchDomainDetails_domainId,
+    awsElasticsearchDomainDetails_domainName,
+    awsElasticsearchDomainDetails_elasticsearchClusterConfig,
+    awsElasticsearchDomainDetails_elasticsearchVersion,
+    awsElasticsearchDomainDetails_encryptionAtRestOptions,
+    awsElasticsearchDomainDetails_endpoint,
+    awsElasticsearchDomainDetails_endpoints,
+    awsElasticsearchDomainDetails_logPublishingOptions,
+    awsElasticsearchDomainDetails_nodeToNodeEncryptionOptions,
+    awsElasticsearchDomainDetails_serviceSoftwareOptions,
+    awsElasticsearchDomainDetails_vPCOptions,
+
+    -- ** AwsElasticsearchDomainDomainEndpointOptions
+    awsElasticsearchDomainDomainEndpointOptions_enforceHTTPS,
+    awsElasticsearchDomainDomainEndpointOptions_tLSSecurityPolicy,
+
+    -- ** AwsElasticsearchDomainElasticsearchClusterConfigDetails
+    awsElasticsearchDomainElasticsearchClusterConfigDetails_dedicatedMasterCount,
+    awsElasticsearchDomainElasticsearchClusterConfigDetails_dedicatedMasterEnabled,
+    awsElasticsearchDomainElasticsearchClusterConfigDetails_dedicatedMasterType,
+    awsElasticsearchDomainElasticsearchClusterConfigDetails_instanceCount,
+    awsElasticsearchDomainElasticsearchClusterConfigDetails_instanceType,
+    awsElasticsearchDomainElasticsearchClusterConfigDetails_zoneAwarenessConfig,
+    awsElasticsearchDomainElasticsearchClusterConfigDetails_zoneAwarenessEnabled,
+
+    -- ** AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails
+    awsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails_availabilityZoneCount,
+
+    -- ** AwsElasticsearchDomainEncryptionAtRestOptions
+    awsElasticsearchDomainEncryptionAtRestOptions_enabled,
+    awsElasticsearchDomainEncryptionAtRestOptions_kmsKeyId,
+
+    -- ** AwsElasticsearchDomainLogPublishingOptions
+    awsElasticsearchDomainLogPublishingOptions_auditLogs,
+    awsElasticsearchDomainLogPublishingOptions_indexSlowLogs,
+    awsElasticsearchDomainLogPublishingOptions_searchSlowLogs,
+
+    -- ** AwsElasticsearchDomainLogPublishingOptionsLogConfig
+    awsElasticsearchDomainLogPublishingOptionsLogConfig_cloudWatchLogsLogGroupArn,
+    awsElasticsearchDomainLogPublishingOptionsLogConfig_enabled,
+
+    -- ** AwsElasticsearchDomainNodeToNodeEncryptionOptions
+    awsElasticsearchDomainNodeToNodeEncryptionOptions_enabled,
+
+    -- ** AwsElasticsearchDomainServiceSoftwareOptions
+    awsElasticsearchDomainServiceSoftwareOptions_automatedUpdateDate,
+    awsElasticsearchDomainServiceSoftwareOptions_cancellable,
+    awsElasticsearchDomainServiceSoftwareOptions_currentVersion,
+    awsElasticsearchDomainServiceSoftwareOptions_description,
+    awsElasticsearchDomainServiceSoftwareOptions_newVersion,
+    awsElasticsearchDomainServiceSoftwareOptions_updateAvailable,
+    awsElasticsearchDomainServiceSoftwareOptions_updateStatus,
+
+    -- ** AwsElasticsearchDomainVPCOptions
+    awsElasticsearchDomainVPCOptions_availabilityZones,
+    awsElasticsearchDomainVPCOptions_securityGroupIds,
+    awsElasticsearchDomainVPCOptions_subnetIds,
+    awsElasticsearchDomainVPCOptions_vPCId,
+
+    -- ** AwsElbAppCookieStickinessPolicy
+    awsElbAppCookieStickinessPolicy_cookieName,
+    awsElbAppCookieStickinessPolicy_policyName,
+
+    -- ** AwsElbLbCookieStickinessPolicy
+    awsElbLbCookieStickinessPolicy_cookieExpirationPeriod,
+    awsElbLbCookieStickinessPolicy_policyName,
+
+    -- ** AwsElbLoadBalancerAccessLog
+    awsElbLoadBalancerAccessLog_emitInterval,
+    awsElbLoadBalancerAccessLog_enabled,
+    awsElbLoadBalancerAccessLog_s3BucketName,
+    awsElbLoadBalancerAccessLog_s3BucketPrefix,
+
+    -- ** AwsElbLoadBalancerAdditionalAttribute
+    awsElbLoadBalancerAdditionalAttribute_key,
+    awsElbLoadBalancerAdditionalAttribute_value,
+
+    -- ** AwsElbLoadBalancerAttributes
+    awsElbLoadBalancerAttributes_accessLog,
+    awsElbLoadBalancerAttributes_additionalAttributes,
+    awsElbLoadBalancerAttributes_connectionDraining,
+    awsElbLoadBalancerAttributes_connectionSettings,
+    awsElbLoadBalancerAttributes_crossZoneLoadBalancing,
+
+    -- ** AwsElbLoadBalancerBackendServerDescription
+    awsElbLoadBalancerBackendServerDescription_instancePort,
+    awsElbLoadBalancerBackendServerDescription_policyNames,
+
+    -- ** AwsElbLoadBalancerConnectionDraining
+    awsElbLoadBalancerConnectionDraining_enabled,
+    awsElbLoadBalancerConnectionDraining_timeout,
+
+    -- ** AwsElbLoadBalancerConnectionSettings
+    awsElbLoadBalancerConnectionSettings_idleTimeout,
+
+    -- ** AwsElbLoadBalancerCrossZoneLoadBalancing
+    awsElbLoadBalancerCrossZoneLoadBalancing_enabled,
+
+    -- ** AwsElbLoadBalancerDetails
+    awsElbLoadBalancerDetails_availabilityZones,
+    awsElbLoadBalancerDetails_backendServerDescriptions,
+    awsElbLoadBalancerDetails_canonicalHostedZoneName,
+    awsElbLoadBalancerDetails_canonicalHostedZoneNameID,
+    awsElbLoadBalancerDetails_createdTime,
+    awsElbLoadBalancerDetails_dnsName,
+    awsElbLoadBalancerDetails_healthCheck,
+    awsElbLoadBalancerDetails_instances,
+    awsElbLoadBalancerDetails_listenerDescriptions,
+    awsElbLoadBalancerDetails_loadBalancerAttributes,
+    awsElbLoadBalancerDetails_loadBalancerName,
+    awsElbLoadBalancerDetails_policies,
+    awsElbLoadBalancerDetails_scheme,
+    awsElbLoadBalancerDetails_securityGroups,
+    awsElbLoadBalancerDetails_sourceSecurityGroup,
+    awsElbLoadBalancerDetails_subnets,
+    awsElbLoadBalancerDetails_vpcId,
+
+    -- ** AwsElbLoadBalancerHealthCheck
+    awsElbLoadBalancerHealthCheck_healthyThreshold,
+    awsElbLoadBalancerHealthCheck_interval,
+    awsElbLoadBalancerHealthCheck_target,
+    awsElbLoadBalancerHealthCheck_timeout,
+    awsElbLoadBalancerHealthCheck_unhealthyThreshold,
+
+    -- ** AwsElbLoadBalancerInstance
+    awsElbLoadBalancerInstance_instanceId,
+
+    -- ** AwsElbLoadBalancerListener
+    awsElbLoadBalancerListener_instancePort,
+    awsElbLoadBalancerListener_instanceProtocol,
+    awsElbLoadBalancerListener_loadBalancerPort,
+    awsElbLoadBalancerListener_protocol,
+    awsElbLoadBalancerListener_sslCertificateId,
+
+    -- ** AwsElbLoadBalancerListenerDescription
+    awsElbLoadBalancerListenerDescription_listener,
+    awsElbLoadBalancerListenerDescription_policyNames,
+
+    -- ** AwsElbLoadBalancerPolicies
+    awsElbLoadBalancerPolicies_appCookieStickinessPolicies,
+    awsElbLoadBalancerPolicies_lbCookieStickinessPolicies,
+    awsElbLoadBalancerPolicies_otherPolicies,
+
+    -- ** AwsElbLoadBalancerSourceSecurityGroup
+    awsElbLoadBalancerSourceSecurityGroup_groupName,
+    awsElbLoadBalancerSourceSecurityGroup_ownerAlias,
+
+    -- ** AwsElbv2LoadBalancerAttribute
+    awsElbv2LoadBalancerAttribute_key,
+    awsElbv2LoadBalancerAttribute_value,
+
+    -- ** AwsElbv2LoadBalancerDetails
+    awsElbv2LoadBalancerDetails_availabilityZones,
+    awsElbv2LoadBalancerDetails_canonicalHostedZoneId,
+    awsElbv2LoadBalancerDetails_createdTime,
+    awsElbv2LoadBalancerDetails_dNSName,
+    awsElbv2LoadBalancerDetails_ipAddressType,
+    awsElbv2LoadBalancerDetails_loadBalancerAttributes,
+    awsElbv2LoadBalancerDetails_scheme,
+    awsElbv2LoadBalancerDetails_securityGroups,
+    awsElbv2LoadBalancerDetails_state,
+    awsElbv2LoadBalancerDetails_type,
+    awsElbv2LoadBalancerDetails_vpcId,
+
+    -- ** AwsIamAccessKeyDetails
+    awsIamAccessKeyDetails_accessKeyId,
+    awsIamAccessKeyDetails_accountId,
+    awsIamAccessKeyDetails_createdAt,
+    awsIamAccessKeyDetails_principalId,
+    awsIamAccessKeyDetails_principalName,
+    awsIamAccessKeyDetails_principalType,
+    awsIamAccessKeyDetails_sessionContext,
+    awsIamAccessKeyDetails_status,
+    awsIamAccessKeyDetails_userName,
+
+    -- ** AwsIamAccessKeySessionContext
+    awsIamAccessKeySessionContext_attributes,
+    awsIamAccessKeySessionContext_sessionIssuer,
+
+    -- ** AwsIamAccessKeySessionContextAttributes
+    awsIamAccessKeySessionContextAttributes_creationDate,
+    awsIamAccessKeySessionContextAttributes_mfaAuthenticated,
+
+    -- ** AwsIamAccessKeySessionContextSessionIssuer
+    awsIamAccessKeySessionContextSessionIssuer_accountId,
+    awsIamAccessKeySessionContextSessionIssuer_arn,
+    awsIamAccessKeySessionContextSessionIssuer_principalId,
+    awsIamAccessKeySessionContextSessionIssuer_type,
+    awsIamAccessKeySessionContextSessionIssuer_userName,
+
+    -- ** AwsIamAttachedManagedPolicy
+    awsIamAttachedManagedPolicy_policyArn,
+    awsIamAttachedManagedPolicy_policyName,
+
+    -- ** AwsIamGroupDetails
+    awsIamGroupDetails_attachedManagedPolicies,
+    awsIamGroupDetails_createDate,
+    awsIamGroupDetails_groupId,
+    awsIamGroupDetails_groupName,
+    awsIamGroupDetails_groupPolicyList,
+    awsIamGroupDetails_path,
+
+    -- ** AwsIamGroupPolicy
+    awsIamGroupPolicy_policyName,
+
+    -- ** AwsIamInstanceProfile
+    awsIamInstanceProfile_arn,
+    awsIamInstanceProfile_createDate,
+    awsIamInstanceProfile_instanceProfileId,
+    awsIamInstanceProfile_instanceProfileName,
+    awsIamInstanceProfile_path,
+    awsIamInstanceProfile_roles,
+
+    -- ** AwsIamInstanceProfileRole
+    awsIamInstanceProfileRole_arn,
+    awsIamInstanceProfileRole_assumeRolePolicyDocument,
+    awsIamInstanceProfileRole_createDate,
+    awsIamInstanceProfileRole_path,
+    awsIamInstanceProfileRole_roleId,
+    awsIamInstanceProfileRole_roleName,
+
+    -- ** AwsIamPermissionsBoundary
+    awsIamPermissionsBoundary_permissionsBoundaryArn,
+    awsIamPermissionsBoundary_permissionsBoundaryType,
+
+    -- ** AwsIamPolicyDetails
+    awsIamPolicyDetails_attachmentCount,
+    awsIamPolicyDetails_createDate,
+    awsIamPolicyDetails_defaultVersionId,
+    awsIamPolicyDetails_description,
+    awsIamPolicyDetails_isAttachable,
+    awsIamPolicyDetails_path,
+    awsIamPolicyDetails_permissionsBoundaryUsageCount,
+    awsIamPolicyDetails_policyId,
+    awsIamPolicyDetails_policyName,
+    awsIamPolicyDetails_policyVersionList,
+    awsIamPolicyDetails_updateDate,
+
+    -- ** AwsIamPolicyVersion
+    awsIamPolicyVersion_createDate,
+    awsIamPolicyVersion_isDefaultVersion,
+    awsIamPolicyVersion_versionId,
+
+    -- ** AwsIamRoleDetails
+    awsIamRoleDetails_assumeRolePolicyDocument,
+    awsIamRoleDetails_attachedManagedPolicies,
+    awsIamRoleDetails_createDate,
+    awsIamRoleDetails_instanceProfileList,
+    awsIamRoleDetails_maxSessionDuration,
+    awsIamRoleDetails_path,
+    awsIamRoleDetails_permissionsBoundary,
+    awsIamRoleDetails_roleId,
+    awsIamRoleDetails_roleName,
+    awsIamRoleDetails_rolePolicyList,
+
+    -- ** AwsIamRolePolicy
+    awsIamRolePolicy_policyName,
+
+    -- ** AwsIamUserDetails
+    awsIamUserDetails_attachedManagedPolicies,
+    awsIamUserDetails_createDate,
+    awsIamUserDetails_groupList,
+    awsIamUserDetails_path,
+    awsIamUserDetails_permissionsBoundary,
+    awsIamUserDetails_userId,
+    awsIamUserDetails_userName,
+    awsIamUserDetails_userPolicyList,
+
+    -- ** AwsIamUserPolicy
+    awsIamUserPolicy_policyName,
+
+    -- ** AwsKinesisStreamDetails
+    awsKinesisStreamDetails_arn,
+    awsKinesisStreamDetails_name,
+    awsKinesisStreamDetails_retentionPeriodHours,
+    awsKinesisStreamDetails_shardCount,
+    awsKinesisStreamDetails_streamEncryption,
+
+    -- ** AwsKinesisStreamStreamEncryptionDetails
+    awsKinesisStreamStreamEncryptionDetails_encryptionType,
+    awsKinesisStreamStreamEncryptionDetails_keyId,
+
+    -- ** AwsKmsKeyDetails
+    awsKmsKeyDetails_aWSAccountId,
+    awsKmsKeyDetails_creationDate,
+    awsKmsKeyDetails_description,
+    awsKmsKeyDetails_keyId,
+    awsKmsKeyDetails_keyManager,
+    awsKmsKeyDetails_keyRotationStatus,
+    awsKmsKeyDetails_keyState,
+    awsKmsKeyDetails_origin,
+
+    -- ** AwsLambdaFunctionCode
+    awsLambdaFunctionCode_s3Bucket,
+    awsLambdaFunctionCode_s3Key,
+    awsLambdaFunctionCode_s3ObjectVersion,
+    awsLambdaFunctionCode_zipFile,
+
+    -- ** AwsLambdaFunctionDeadLetterConfig
+    awsLambdaFunctionDeadLetterConfig_targetArn,
+
+    -- ** AwsLambdaFunctionDetails
+    awsLambdaFunctionDetails_architectures,
+    awsLambdaFunctionDetails_code,
+    awsLambdaFunctionDetails_codeSha256,
+    awsLambdaFunctionDetails_deadLetterConfig,
+    awsLambdaFunctionDetails_environment,
+    awsLambdaFunctionDetails_functionName,
+    awsLambdaFunctionDetails_handler,
+    awsLambdaFunctionDetails_kmsKeyArn,
+    awsLambdaFunctionDetails_lastModified,
+    awsLambdaFunctionDetails_layers,
+    awsLambdaFunctionDetails_masterArn,
+    awsLambdaFunctionDetails_memorySize,
+    awsLambdaFunctionDetails_packageType,
+    awsLambdaFunctionDetails_revisionId,
+    awsLambdaFunctionDetails_role,
+    awsLambdaFunctionDetails_runtime,
+    awsLambdaFunctionDetails_timeout,
+    awsLambdaFunctionDetails_tracingConfig,
+    awsLambdaFunctionDetails_version,
+    awsLambdaFunctionDetails_vpcConfig,
+
+    -- ** AwsLambdaFunctionEnvironment
+    awsLambdaFunctionEnvironment_error,
+    awsLambdaFunctionEnvironment_variables,
+
+    -- ** AwsLambdaFunctionEnvironmentError
+    awsLambdaFunctionEnvironmentError_errorCode,
+    awsLambdaFunctionEnvironmentError_message,
+
+    -- ** AwsLambdaFunctionLayer
+    awsLambdaFunctionLayer_arn,
+    awsLambdaFunctionLayer_codeSize,
+
+    -- ** AwsLambdaFunctionTracingConfig
+    awsLambdaFunctionTracingConfig_mode,
+
+    -- ** AwsLambdaFunctionVpcConfig
+    awsLambdaFunctionVpcConfig_securityGroupIds,
+    awsLambdaFunctionVpcConfig_subnetIds,
+    awsLambdaFunctionVpcConfig_vpcId,
+
+    -- ** AwsLambdaLayerVersionDetails
+    awsLambdaLayerVersionDetails_compatibleRuntimes,
+    awsLambdaLayerVersionDetails_createdDate,
+    awsLambdaLayerVersionDetails_version,
+
+    -- ** AwsMountPoint
+    awsMountPoint_containerPath,
+    awsMountPoint_sourceVolume,
+
+    -- ** AwsNetworkFirewallFirewallDetails
+    awsNetworkFirewallFirewallDetails_deleteProtection,
+    awsNetworkFirewallFirewallDetails_description,
+    awsNetworkFirewallFirewallDetails_firewallArn,
+    awsNetworkFirewallFirewallDetails_firewallId,
+    awsNetworkFirewallFirewallDetails_firewallName,
+    awsNetworkFirewallFirewallDetails_firewallPolicyArn,
+    awsNetworkFirewallFirewallDetails_firewallPolicyChangeProtection,
+    awsNetworkFirewallFirewallDetails_subnetChangeProtection,
+    awsNetworkFirewallFirewallDetails_subnetMappings,
+    awsNetworkFirewallFirewallDetails_vpcId,
+
+    -- ** AwsNetworkFirewallFirewallPolicyDetails
+    awsNetworkFirewallFirewallPolicyDetails_description,
+    awsNetworkFirewallFirewallPolicyDetails_firewallPolicy,
+    awsNetworkFirewallFirewallPolicyDetails_firewallPolicyArn,
+    awsNetworkFirewallFirewallPolicyDetails_firewallPolicyId,
+    awsNetworkFirewallFirewallPolicyDetails_firewallPolicyName,
+
+    -- ** AwsNetworkFirewallFirewallSubnetMappingsDetails
+    awsNetworkFirewallFirewallSubnetMappingsDetails_subnetId,
+
+    -- ** AwsNetworkFirewallRuleGroupDetails
+    awsNetworkFirewallRuleGroupDetails_capacity,
+    awsNetworkFirewallRuleGroupDetails_description,
+    awsNetworkFirewallRuleGroupDetails_ruleGroup,
+    awsNetworkFirewallRuleGroupDetails_ruleGroupArn,
+    awsNetworkFirewallRuleGroupDetails_ruleGroupId,
+    awsNetworkFirewallRuleGroupDetails_ruleGroupName,
+    awsNetworkFirewallRuleGroupDetails_type,
+
+    -- ** AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails
+    awsOpenSearchServiceDomainAdvancedSecurityOptionsDetails_enabled,
+    awsOpenSearchServiceDomainAdvancedSecurityOptionsDetails_internalUserDatabaseEnabled,
+    awsOpenSearchServiceDomainAdvancedSecurityOptionsDetails_masterUserOptions,
+
+    -- ** AwsOpenSearchServiceDomainClusterConfigDetails
+    awsOpenSearchServiceDomainClusterConfigDetails_dedicatedMasterCount,
+    awsOpenSearchServiceDomainClusterConfigDetails_dedicatedMasterEnabled,
+    awsOpenSearchServiceDomainClusterConfigDetails_dedicatedMasterType,
+    awsOpenSearchServiceDomainClusterConfigDetails_instanceCount,
+    awsOpenSearchServiceDomainClusterConfigDetails_instanceType,
+    awsOpenSearchServiceDomainClusterConfigDetails_warmCount,
+    awsOpenSearchServiceDomainClusterConfigDetails_warmEnabled,
+    awsOpenSearchServiceDomainClusterConfigDetails_warmType,
+    awsOpenSearchServiceDomainClusterConfigDetails_zoneAwarenessConfig,
+    awsOpenSearchServiceDomainClusterConfigDetails_zoneAwarenessEnabled,
+
+    -- ** AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails
+    awsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails_availabilityZoneCount,
+
+    -- ** AwsOpenSearchServiceDomainDetails
+    awsOpenSearchServiceDomainDetails_accessPolicies,
+    awsOpenSearchServiceDomainDetails_advancedSecurityOptions,
+    awsOpenSearchServiceDomainDetails_arn,
+    awsOpenSearchServiceDomainDetails_clusterConfig,
+    awsOpenSearchServiceDomainDetails_domainEndpoint,
+    awsOpenSearchServiceDomainDetails_domainEndpointOptions,
+    awsOpenSearchServiceDomainDetails_domainEndpoints,
+    awsOpenSearchServiceDomainDetails_domainName,
+    awsOpenSearchServiceDomainDetails_encryptionAtRestOptions,
+    awsOpenSearchServiceDomainDetails_engineVersion,
+    awsOpenSearchServiceDomainDetails_id,
+    awsOpenSearchServiceDomainDetails_logPublishingOptions,
+    awsOpenSearchServiceDomainDetails_nodeToNodeEncryptionOptions,
+    awsOpenSearchServiceDomainDetails_serviceSoftwareOptions,
+    awsOpenSearchServiceDomainDetails_vpcOptions,
+
+    -- ** AwsOpenSearchServiceDomainDomainEndpointOptionsDetails
+    awsOpenSearchServiceDomainDomainEndpointOptionsDetails_customEndpoint,
+    awsOpenSearchServiceDomainDomainEndpointOptionsDetails_customEndpointCertificateArn,
+    awsOpenSearchServiceDomainDomainEndpointOptionsDetails_customEndpointEnabled,
+    awsOpenSearchServiceDomainDomainEndpointOptionsDetails_enforceHTTPS,
+    awsOpenSearchServiceDomainDomainEndpointOptionsDetails_tLSSecurityPolicy,
+
+    -- ** AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails
+    awsOpenSearchServiceDomainEncryptionAtRestOptionsDetails_enabled,
+    awsOpenSearchServiceDomainEncryptionAtRestOptionsDetails_kmsKeyId,
+
+    -- ** AwsOpenSearchServiceDomainLogPublishingOption
+    awsOpenSearchServiceDomainLogPublishingOption_cloudWatchLogsLogGroupArn,
+    awsOpenSearchServiceDomainLogPublishingOption_enabled,
+
+    -- ** AwsOpenSearchServiceDomainLogPublishingOptionsDetails
+    awsOpenSearchServiceDomainLogPublishingOptionsDetails_auditLogs,
+    awsOpenSearchServiceDomainLogPublishingOptionsDetails_indexSlowLogs,
+    awsOpenSearchServiceDomainLogPublishingOptionsDetails_searchSlowLogs,
+
+    -- ** AwsOpenSearchServiceDomainMasterUserOptionsDetails
+    awsOpenSearchServiceDomainMasterUserOptionsDetails_masterUserArn,
+    awsOpenSearchServiceDomainMasterUserOptionsDetails_masterUserName,
+    awsOpenSearchServiceDomainMasterUserOptionsDetails_masterUserPassword,
+
+    -- ** AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails
+    awsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails_enabled,
+
+    -- ** AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_automatedUpdateDate,
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_cancellable,
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_currentVersion,
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_description,
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_newVersion,
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_optionalDeployment,
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_updateAvailable,
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_updateStatus,
+
+    -- ** AwsOpenSearchServiceDomainVpcOptionsDetails
+    awsOpenSearchServiceDomainVpcOptionsDetails_securityGroupIds,
+    awsOpenSearchServiceDomainVpcOptionsDetails_subnetIds,
+
+    -- ** AwsRdsDbClusterAssociatedRole
+    awsRdsDbClusterAssociatedRole_roleArn,
+    awsRdsDbClusterAssociatedRole_status,
+
+    -- ** AwsRdsDbClusterDetails
+    awsRdsDbClusterDetails_activityStreamStatus,
+    awsRdsDbClusterDetails_allocatedStorage,
+    awsRdsDbClusterDetails_associatedRoles,
+    awsRdsDbClusterDetails_availabilityZones,
+    awsRdsDbClusterDetails_backupRetentionPeriod,
+    awsRdsDbClusterDetails_clusterCreateTime,
+    awsRdsDbClusterDetails_copyTagsToSnapshot,
+    awsRdsDbClusterDetails_crossAccountClone,
+    awsRdsDbClusterDetails_customEndpoints,
+    awsRdsDbClusterDetails_databaseName,
+    awsRdsDbClusterDetails_dbClusterIdentifier,
+    awsRdsDbClusterDetails_dbClusterMembers,
+    awsRdsDbClusterDetails_dbClusterOptionGroupMemberships,
+    awsRdsDbClusterDetails_dbClusterParameterGroup,
+    awsRdsDbClusterDetails_dbClusterResourceId,
+    awsRdsDbClusterDetails_dbSubnetGroup,
+    awsRdsDbClusterDetails_deletionProtection,
+    awsRdsDbClusterDetails_domainMemberships,
+    awsRdsDbClusterDetails_enabledCloudWatchLogsExports,
+    awsRdsDbClusterDetails_endpoint,
+    awsRdsDbClusterDetails_engine,
+    awsRdsDbClusterDetails_engineMode,
+    awsRdsDbClusterDetails_engineVersion,
+    awsRdsDbClusterDetails_hostedZoneId,
+    awsRdsDbClusterDetails_httpEndpointEnabled,
+    awsRdsDbClusterDetails_iamDatabaseAuthenticationEnabled,
+    awsRdsDbClusterDetails_kmsKeyId,
+    awsRdsDbClusterDetails_masterUsername,
+    awsRdsDbClusterDetails_multiAz,
+    awsRdsDbClusterDetails_port,
+    awsRdsDbClusterDetails_preferredBackupWindow,
+    awsRdsDbClusterDetails_preferredMaintenanceWindow,
+    awsRdsDbClusterDetails_readReplicaIdentifiers,
+    awsRdsDbClusterDetails_readerEndpoint,
+    awsRdsDbClusterDetails_status,
+    awsRdsDbClusterDetails_storageEncrypted,
+    awsRdsDbClusterDetails_vpcSecurityGroups,
+
+    -- ** AwsRdsDbClusterMember
+    awsRdsDbClusterMember_dbClusterParameterGroupStatus,
+    awsRdsDbClusterMember_dbInstanceIdentifier,
+    awsRdsDbClusterMember_isClusterWriter,
+    awsRdsDbClusterMember_promotionTier,
+
+    -- ** AwsRdsDbClusterOptionGroupMembership
+    awsRdsDbClusterOptionGroupMembership_dbClusterOptionGroupName,
+    awsRdsDbClusterOptionGroupMembership_status,
+
+    -- ** AwsRdsDbClusterSnapshotDetails
+    awsRdsDbClusterSnapshotDetails_allocatedStorage,
+    awsRdsDbClusterSnapshotDetails_availabilityZones,
+    awsRdsDbClusterSnapshotDetails_clusterCreateTime,
+    awsRdsDbClusterSnapshotDetails_dbClusterIdentifier,
+    awsRdsDbClusterSnapshotDetails_dbClusterSnapshotIdentifier,
+    awsRdsDbClusterSnapshotDetails_engine,
+    awsRdsDbClusterSnapshotDetails_engineVersion,
+    awsRdsDbClusterSnapshotDetails_iamDatabaseAuthenticationEnabled,
+    awsRdsDbClusterSnapshotDetails_kmsKeyId,
+    awsRdsDbClusterSnapshotDetails_licenseModel,
+    awsRdsDbClusterSnapshotDetails_masterUsername,
+    awsRdsDbClusterSnapshotDetails_percentProgress,
+    awsRdsDbClusterSnapshotDetails_port,
+    awsRdsDbClusterSnapshotDetails_snapshotCreateTime,
+    awsRdsDbClusterSnapshotDetails_snapshotType,
+    awsRdsDbClusterSnapshotDetails_status,
+    awsRdsDbClusterSnapshotDetails_storageEncrypted,
+    awsRdsDbClusterSnapshotDetails_vpcId,
+
+    -- ** AwsRdsDbDomainMembership
+    awsRdsDbDomainMembership_domain,
+    awsRdsDbDomainMembership_fqdn,
+    awsRdsDbDomainMembership_iamRoleName,
+    awsRdsDbDomainMembership_status,
+
+    -- ** AwsRdsDbInstanceAssociatedRole
+    awsRdsDbInstanceAssociatedRole_featureName,
+    awsRdsDbInstanceAssociatedRole_roleArn,
+    awsRdsDbInstanceAssociatedRole_status,
+
+    -- ** AwsRdsDbInstanceDetails
+    awsRdsDbInstanceDetails_allocatedStorage,
+    awsRdsDbInstanceDetails_associatedRoles,
+    awsRdsDbInstanceDetails_autoMinorVersionUpgrade,
+    awsRdsDbInstanceDetails_availabilityZone,
+    awsRdsDbInstanceDetails_backupRetentionPeriod,
+    awsRdsDbInstanceDetails_cACertificateIdentifier,
+    awsRdsDbInstanceDetails_characterSetName,
+    awsRdsDbInstanceDetails_copyTagsToSnapshot,
+    awsRdsDbInstanceDetails_dbClusterIdentifier,
+    awsRdsDbInstanceDetails_dbInstanceClass,
+    awsRdsDbInstanceDetails_dbInstanceIdentifier,
+    awsRdsDbInstanceDetails_dbName,
+    awsRdsDbInstanceDetails_dbInstancePort,
+    awsRdsDbInstanceDetails_dbInstanceStatus,
+    awsRdsDbInstanceDetails_dbParameterGroups,
+    awsRdsDbInstanceDetails_dbSecurityGroups,
+    awsRdsDbInstanceDetails_dbSubnetGroup,
+    awsRdsDbInstanceDetails_dbiResourceId,
+    awsRdsDbInstanceDetails_deletionProtection,
+    awsRdsDbInstanceDetails_domainMemberships,
+    awsRdsDbInstanceDetails_enabledCloudWatchLogsExports,
+    awsRdsDbInstanceDetails_endpoint,
+    awsRdsDbInstanceDetails_engine,
+    awsRdsDbInstanceDetails_engineVersion,
+    awsRdsDbInstanceDetails_enhancedMonitoringResourceArn,
+    awsRdsDbInstanceDetails_iAMDatabaseAuthenticationEnabled,
+    awsRdsDbInstanceDetails_instanceCreateTime,
+    awsRdsDbInstanceDetails_iops,
+    awsRdsDbInstanceDetails_kmsKeyId,
+    awsRdsDbInstanceDetails_latestRestorableTime,
+    awsRdsDbInstanceDetails_licenseModel,
+    awsRdsDbInstanceDetails_listenerEndpoint,
+    awsRdsDbInstanceDetails_masterUsername,
+    awsRdsDbInstanceDetails_maxAllocatedStorage,
+    awsRdsDbInstanceDetails_monitoringInterval,
+    awsRdsDbInstanceDetails_monitoringRoleArn,
+    awsRdsDbInstanceDetails_multiAz,
+    awsRdsDbInstanceDetails_optionGroupMemberships,
+    awsRdsDbInstanceDetails_pendingModifiedValues,
+    awsRdsDbInstanceDetails_performanceInsightsEnabled,
+    awsRdsDbInstanceDetails_performanceInsightsKmsKeyId,
+    awsRdsDbInstanceDetails_performanceInsightsRetentionPeriod,
+    awsRdsDbInstanceDetails_preferredBackupWindow,
+    awsRdsDbInstanceDetails_preferredMaintenanceWindow,
+    awsRdsDbInstanceDetails_processorFeatures,
+    awsRdsDbInstanceDetails_promotionTier,
+    awsRdsDbInstanceDetails_publiclyAccessible,
+    awsRdsDbInstanceDetails_readReplicaDBClusterIdentifiers,
+    awsRdsDbInstanceDetails_readReplicaDBInstanceIdentifiers,
+    awsRdsDbInstanceDetails_readReplicaSourceDBInstanceIdentifier,
+    awsRdsDbInstanceDetails_secondaryAvailabilityZone,
+    awsRdsDbInstanceDetails_statusInfos,
+    awsRdsDbInstanceDetails_storageEncrypted,
+    awsRdsDbInstanceDetails_storageType,
+    awsRdsDbInstanceDetails_tdeCredentialArn,
+    awsRdsDbInstanceDetails_timezone,
+    awsRdsDbInstanceDetails_vpcSecurityGroups,
+
+    -- ** AwsRdsDbInstanceEndpoint
+    awsRdsDbInstanceEndpoint_address,
+    awsRdsDbInstanceEndpoint_hostedZoneId,
+    awsRdsDbInstanceEndpoint_port,
+
+    -- ** AwsRdsDbInstanceVpcSecurityGroup
+    awsRdsDbInstanceVpcSecurityGroup_status,
+    awsRdsDbInstanceVpcSecurityGroup_vpcSecurityGroupId,
+
+    -- ** AwsRdsDbOptionGroupMembership
+    awsRdsDbOptionGroupMembership_optionGroupName,
+    awsRdsDbOptionGroupMembership_status,
+
+    -- ** AwsRdsDbParameterGroup
+    awsRdsDbParameterGroup_dbParameterGroupName,
+    awsRdsDbParameterGroup_parameterApplyStatus,
+
+    -- ** AwsRdsDbPendingModifiedValues
+    awsRdsDbPendingModifiedValues_allocatedStorage,
+    awsRdsDbPendingModifiedValues_backupRetentionPeriod,
+    awsRdsDbPendingModifiedValues_caCertificateIdentifier,
+    awsRdsDbPendingModifiedValues_dbInstanceClass,
+    awsRdsDbPendingModifiedValues_dbInstanceIdentifier,
+    awsRdsDbPendingModifiedValues_dbSubnetGroupName,
+    awsRdsDbPendingModifiedValues_engineVersion,
+    awsRdsDbPendingModifiedValues_iops,
+    awsRdsDbPendingModifiedValues_licenseModel,
+    awsRdsDbPendingModifiedValues_masterUserPassword,
+    awsRdsDbPendingModifiedValues_multiAZ,
+    awsRdsDbPendingModifiedValues_pendingCloudWatchLogsExports,
+    awsRdsDbPendingModifiedValues_port,
+    awsRdsDbPendingModifiedValues_processorFeatures,
+    awsRdsDbPendingModifiedValues_storageType,
+
+    -- ** AwsRdsDbProcessorFeature
+    awsRdsDbProcessorFeature_name,
+    awsRdsDbProcessorFeature_value,
+
+    -- ** AwsRdsDbSecurityGroupDetails
+    awsRdsDbSecurityGroupDetails_dbSecurityGroupArn,
+    awsRdsDbSecurityGroupDetails_dbSecurityGroupDescription,
+    awsRdsDbSecurityGroupDetails_dbSecurityGroupName,
+    awsRdsDbSecurityGroupDetails_ec2SecurityGroups,
+    awsRdsDbSecurityGroupDetails_ipRanges,
+    awsRdsDbSecurityGroupDetails_ownerId,
+    awsRdsDbSecurityGroupDetails_vpcId,
+
+    -- ** AwsRdsDbSecurityGroupEc2SecurityGroup
+    awsRdsDbSecurityGroupEc2SecurityGroup_ec2SecurityGroupId,
+    awsRdsDbSecurityGroupEc2SecurityGroup_ec2SecurityGroupName,
+    awsRdsDbSecurityGroupEc2SecurityGroup_ec2SecurityGroupOwnerId,
+    awsRdsDbSecurityGroupEc2SecurityGroup_status,
+
+    -- ** AwsRdsDbSecurityGroupIpRange
+    awsRdsDbSecurityGroupIpRange_cidrIp,
+    awsRdsDbSecurityGroupIpRange_status,
+
+    -- ** AwsRdsDbSnapshotDetails
+    awsRdsDbSnapshotDetails_allocatedStorage,
+    awsRdsDbSnapshotDetails_availabilityZone,
+    awsRdsDbSnapshotDetails_dbInstanceIdentifier,
+    awsRdsDbSnapshotDetails_dbSnapshotIdentifier,
+    awsRdsDbSnapshotDetails_dbiResourceId,
+    awsRdsDbSnapshotDetails_encrypted,
+    awsRdsDbSnapshotDetails_engine,
+    awsRdsDbSnapshotDetails_engineVersion,
+    awsRdsDbSnapshotDetails_iamDatabaseAuthenticationEnabled,
+    awsRdsDbSnapshotDetails_instanceCreateTime,
+    awsRdsDbSnapshotDetails_iops,
+    awsRdsDbSnapshotDetails_kmsKeyId,
+    awsRdsDbSnapshotDetails_licenseModel,
+    awsRdsDbSnapshotDetails_masterUsername,
+    awsRdsDbSnapshotDetails_optionGroupName,
+    awsRdsDbSnapshotDetails_percentProgress,
+    awsRdsDbSnapshotDetails_port,
+    awsRdsDbSnapshotDetails_processorFeatures,
+    awsRdsDbSnapshotDetails_snapshotCreateTime,
+    awsRdsDbSnapshotDetails_snapshotType,
+    awsRdsDbSnapshotDetails_sourceDbSnapshotIdentifier,
+    awsRdsDbSnapshotDetails_sourceRegion,
+    awsRdsDbSnapshotDetails_status,
+    awsRdsDbSnapshotDetails_storageType,
+    awsRdsDbSnapshotDetails_tdeCredentialArn,
+    awsRdsDbSnapshotDetails_timezone,
+    awsRdsDbSnapshotDetails_vpcId,
+
+    -- ** AwsRdsDbStatusInfo
+    awsRdsDbStatusInfo_message,
+    awsRdsDbStatusInfo_normal,
+    awsRdsDbStatusInfo_status,
+    awsRdsDbStatusInfo_statusType,
+
+    -- ** AwsRdsDbSubnetGroup
+    awsRdsDbSubnetGroup_dbSubnetGroupArn,
+    awsRdsDbSubnetGroup_dbSubnetGroupDescription,
+    awsRdsDbSubnetGroup_dbSubnetGroupName,
+    awsRdsDbSubnetGroup_subnetGroupStatus,
+    awsRdsDbSubnetGroup_subnets,
+    awsRdsDbSubnetGroup_vpcId,
+
+    -- ** AwsRdsDbSubnetGroupSubnet
+    awsRdsDbSubnetGroupSubnet_subnetAvailabilityZone,
+    awsRdsDbSubnetGroupSubnet_subnetIdentifier,
+    awsRdsDbSubnetGroupSubnet_subnetStatus,
+
+    -- ** AwsRdsDbSubnetGroupSubnetAvailabilityZone
+    awsRdsDbSubnetGroupSubnetAvailabilityZone_name,
+
+    -- ** AwsRdsEventSubscriptionDetails
+    awsRdsEventSubscriptionDetails_custSubscriptionId,
+    awsRdsEventSubscriptionDetails_customerAwsId,
+    awsRdsEventSubscriptionDetails_enabled,
+    awsRdsEventSubscriptionDetails_eventCategoriesList,
+    awsRdsEventSubscriptionDetails_eventSubscriptionArn,
+    awsRdsEventSubscriptionDetails_snsTopicArn,
+    awsRdsEventSubscriptionDetails_sourceIdsList,
+    awsRdsEventSubscriptionDetails_sourceType,
+    awsRdsEventSubscriptionDetails_status,
+    awsRdsEventSubscriptionDetails_subscriptionCreationTime,
+
+    -- ** AwsRdsPendingCloudWatchLogsExports
+    awsRdsPendingCloudWatchLogsExports_logTypesToDisable,
+    awsRdsPendingCloudWatchLogsExports_logTypesToEnable,
+
+    -- ** AwsRedshiftClusterClusterNode
+    awsRedshiftClusterClusterNode_nodeRole,
+    awsRedshiftClusterClusterNode_privateIpAddress,
+    awsRedshiftClusterClusterNode_publicIpAddress,
+
+    -- ** AwsRedshiftClusterClusterParameterGroup
+    awsRedshiftClusterClusterParameterGroup_clusterParameterStatusList,
+    awsRedshiftClusterClusterParameterGroup_parameterApplyStatus,
+    awsRedshiftClusterClusterParameterGroup_parameterGroupName,
+
+    -- ** AwsRedshiftClusterClusterParameterStatus
+    awsRedshiftClusterClusterParameterStatus_parameterApplyErrorDescription,
+    awsRedshiftClusterClusterParameterStatus_parameterApplyStatus,
+    awsRedshiftClusterClusterParameterStatus_parameterName,
+
+    -- ** AwsRedshiftClusterClusterSecurityGroup
+    awsRedshiftClusterClusterSecurityGroup_clusterSecurityGroupName,
+    awsRedshiftClusterClusterSecurityGroup_status,
+
+    -- ** AwsRedshiftClusterClusterSnapshotCopyStatus
+    awsRedshiftClusterClusterSnapshotCopyStatus_destinationRegion,
+    awsRedshiftClusterClusterSnapshotCopyStatus_manualSnapshotRetentionPeriod,
+    awsRedshiftClusterClusterSnapshotCopyStatus_retentionPeriod,
+    awsRedshiftClusterClusterSnapshotCopyStatus_snapshotCopyGrantName,
+
+    -- ** AwsRedshiftClusterDeferredMaintenanceWindow
+    awsRedshiftClusterDeferredMaintenanceWindow_deferMaintenanceEndTime,
+    awsRedshiftClusterDeferredMaintenanceWindow_deferMaintenanceIdentifier,
+    awsRedshiftClusterDeferredMaintenanceWindow_deferMaintenanceStartTime,
+
+    -- ** AwsRedshiftClusterDetails
+    awsRedshiftClusterDetails_allowVersionUpgrade,
+    awsRedshiftClusterDetails_automatedSnapshotRetentionPeriod,
+    awsRedshiftClusterDetails_availabilityZone,
+    awsRedshiftClusterDetails_clusterAvailabilityStatus,
+    awsRedshiftClusterDetails_clusterCreateTime,
+    awsRedshiftClusterDetails_clusterIdentifier,
+    awsRedshiftClusterDetails_clusterNodes,
+    awsRedshiftClusterDetails_clusterParameterGroups,
+    awsRedshiftClusterDetails_clusterPublicKey,
+    awsRedshiftClusterDetails_clusterRevisionNumber,
+    awsRedshiftClusterDetails_clusterSecurityGroups,
+    awsRedshiftClusterDetails_clusterSnapshotCopyStatus,
+    awsRedshiftClusterDetails_clusterStatus,
+    awsRedshiftClusterDetails_clusterSubnetGroupName,
+    awsRedshiftClusterDetails_clusterVersion,
+    awsRedshiftClusterDetails_dbName,
+    awsRedshiftClusterDetails_deferredMaintenanceWindows,
+    awsRedshiftClusterDetails_elasticIpStatus,
+    awsRedshiftClusterDetails_elasticResizeNumberOfNodeOptions,
+    awsRedshiftClusterDetails_encrypted,
+    awsRedshiftClusterDetails_endpoint,
+    awsRedshiftClusterDetails_enhancedVpcRouting,
+    awsRedshiftClusterDetails_expectedNextSnapshotScheduleTime,
+    awsRedshiftClusterDetails_expectedNextSnapshotScheduleTimeStatus,
+    awsRedshiftClusterDetails_hsmStatus,
+    awsRedshiftClusterDetails_iamRoles,
+    awsRedshiftClusterDetails_kmsKeyId,
+    awsRedshiftClusterDetails_loggingStatus,
+    awsRedshiftClusterDetails_maintenanceTrackName,
+    awsRedshiftClusterDetails_manualSnapshotRetentionPeriod,
+    awsRedshiftClusterDetails_masterUsername,
+    awsRedshiftClusterDetails_nextMaintenanceWindowStartTime,
+    awsRedshiftClusterDetails_nodeType,
+    awsRedshiftClusterDetails_numberOfNodes,
+    awsRedshiftClusterDetails_pendingActions,
+    awsRedshiftClusterDetails_pendingModifiedValues,
+    awsRedshiftClusterDetails_preferredMaintenanceWindow,
+    awsRedshiftClusterDetails_publiclyAccessible,
+    awsRedshiftClusterDetails_resizeInfo,
+    awsRedshiftClusterDetails_restoreStatus,
+    awsRedshiftClusterDetails_snapshotScheduleIdentifier,
+    awsRedshiftClusterDetails_snapshotScheduleState,
+    awsRedshiftClusterDetails_vpcId,
+    awsRedshiftClusterDetails_vpcSecurityGroups,
+
+    -- ** AwsRedshiftClusterElasticIpStatus
+    awsRedshiftClusterElasticIpStatus_elasticIp,
+    awsRedshiftClusterElasticIpStatus_status,
+
+    -- ** AwsRedshiftClusterEndpoint
+    awsRedshiftClusterEndpoint_address,
+    awsRedshiftClusterEndpoint_port,
+
+    -- ** AwsRedshiftClusterHsmStatus
+    awsRedshiftClusterHsmStatus_hsmClientCertificateIdentifier,
+    awsRedshiftClusterHsmStatus_hsmConfigurationIdentifier,
+    awsRedshiftClusterHsmStatus_status,
+
+    -- ** AwsRedshiftClusterIamRole
+    awsRedshiftClusterIamRole_applyStatus,
+    awsRedshiftClusterIamRole_iamRoleArn,
+
+    -- ** AwsRedshiftClusterLoggingStatus
+    awsRedshiftClusterLoggingStatus_bucketName,
+    awsRedshiftClusterLoggingStatus_lastFailureMessage,
+    awsRedshiftClusterLoggingStatus_lastFailureTime,
+    awsRedshiftClusterLoggingStatus_lastSuccessfulDeliveryTime,
+    awsRedshiftClusterLoggingStatus_loggingEnabled,
+    awsRedshiftClusterLoggingStatus_s3KeyPrefix,
+
+    -- ** AwsRedshiftClusterPendingModifiedValues
+    awsRedshiftClusterPendingModifiedValues_automatedSnapshotRetentionPeriod,
+    awsRedshiftClusterPendingModifiedValues_clusterIdentifier,
+    awsRedshiftClusterPendingModifiedValues_clusterType,
+    awsRedshiftClusterPendingModifiedValues_clusterVersion,
+    awsRedshiftClusterPendingModifiedValues_encryptionType,
+    awsRedshiftClusterPendingModifiedValues_enhancedVpcRouting,
+    awsRedshiftClusterPendingModifiedValues_maintenanceTrackName,
+    awsRedshiftClusterPendingModifiedValues_masterUserPassword,
+    awsRedshiftClusterPendingModifiedValues_nodeType,
+    awsRedshiftClusterPendingModifiedValues_numberOfNodes,
+    awsRedshiftClusterPendingModifiedValues_publiclyAccessible,
+
+    -- ** AwsRedshiftClusterResizeInfo
+    awsRedshiftClusterResizeInfo_allowCancelResize,
+    awsRedshiftClusterResizeInfo_resizeType,
+
+    -- ** AwsRedshiftClusterRestoreStatus
+    awsRedshiftClusterRestoreStatus_currentRestoreRateInMegaBytesPerSecond,
+    awsRedshiftClusterRestoreStatus_elapsedTimeInSeconds,
+    awsRedshiftClusterRestoreStatus_estimatedTimeToCompletionInSeconds,
+    awsRedshiftClusterRestoreStatus_progressInMegaBytes,
+    awsRedshiftClusterRestoreStatus_snapshotSizeInMegaBytes,
+    awsRedshiftClusterRestoreStatus_status,
+
+    -- ** AwsRedshiftClusterVpcSecurityGroup
+    awsRedshiftClusterVpcSecurityGroup_status,
+    awsRedshiftClusterVpcSecurityGroup_vpcSecurityGroupId,
+
+    -- ** AwsS3AccountPublicAccessBlockDetails
+    awsS3AccountPublicAccessBlockDetails_blockPublicAcls,
+    awsS3AccountPublicAccessBlockDetails_blockPublicPolicy,
+    awsS3AccountPublicAccessBlockDetails_ignorePublicAcls,
+    awsS3AccountPublicAccessBlockDetails_restrictPublicBuckets,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationDetails
+    awsS3BucketBucketLifecycleConfigurationDetails_rules,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails
+    awsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails_daysAfterInitiation,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesDetails
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_abortIncompleteMultipartUpload,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_expirationDate,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_expirationInDays,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_expiredObjectDeleteMarker,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_filter,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_id,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_noncurrentVersionExpirationInDays,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_noncurrentVersionTransitions,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_prefix,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_status,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_transitions,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails
+    awsS3BucketBucketLifecycleConfigurationRulesFilterDetails_predicate,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_operands,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_prefix,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_tag,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_type,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails_prefix,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails_tag,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails_type,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails_key,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails_value,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails_key,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails_value,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails
+    awsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails_days,
+    awsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails_storageClass,
+
+    -- ** AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails
+    awsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails_date,
+    awsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails_days,
+    awsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails_storageClass,
+
+    -- ** AwsS3BucketBucketVersioningConfiguration
+    awsS3BucketBucketVersioningConfiguration_isMfaDeleteEnabled,
+    awsS3BucketBucketVersioningConfiguration_status,
+
+    -- ** AwsS3BucketDetails
+    awsS3BucketDetails_accessControlList,
+    awsS3BucketDetails_bucketLifecycleConfiguration,
+    awsS3BucketDetails_bucketLoggingConfiguration,
+    awsS3BucketDetails_bucketNotificationConfiguration,
+    awsS3BucketDetails_bucketVersioningConfiguration,
+    awsS3BucketDetails_bucketWebsiteConfiguration,
+    awsS3BucketDetails_createdAt,
+    awsS3BucketDetails_ownerAccountId,
+    awsS3BucketDetails_ownerId,
+    awsS3BucketDetails_ownerName,
+    awsS3BucketDetails_publicAccessBlockConfiguration,
+    awsS3BucketDetails_serverSideEncryptionConfiguration,
+
+    -- ** AwsS3BucketLoggingConfiguration
+    awsS3BucketLoggingConfiguration_destinationBucketName,
+    awsS3BucketLoggingConfiguration_logFilePrefix,
+
+    -- ** AwsS3BucketNotificationConfiguration
+    awsS3BucketNotificationConfiguration_configurations,
+
+    -- ** AwsS3BucketNotificationConfigurationDetail
+    awsS3BucketNotificationConfigurationDetail_destination,
+    awsS3BucketNotificationConfigurationDetail_events,
+    awsS3BucketNotificationConfigurationDetail_filter,
+    awsS3BucketNotificationConfigurationDetail_type,
+
+    -- ** AwsS3BucketNotificationConfigurationFilter
+    awsS3BucketNotificationConfigurationFilter_s3KeyFilter,
+
+    -- ** AwsS3BucketNotificationConfigurationS3KeyFilter
+    awsS3BucketNotificationConfigurationS3KeyFilter_filterRules,
+
+    -- ** AwsS3BucketNotificationConfigurationS3KeyFilterRule
+    awsS3BucketNotificationConfigurationS3KeyFilterRule_name,
+    awsS3BucketNotificationConfigurationS3KeyFilterRule_value,
+
+    -- ** AwsS3BucketServerSideEncryptionByDefault
+    awsS3BucketServerSideEncryptionByDefault_kmsMasterKeyID,
+    awsS3BucketServerSideEncryptionByDefault_sSEAlgorithm,
+
+    -- ** AwsS3BucketServerSideEncryptionConfiguration
+    awsS3BucketServerSideEncryptionConfiguration_rules,
+
+    -- ** AwsS3BucketServerSideEncryptionRule
+    awsS3BucketServerSideEncryptionRule_applyServerSideEncryptionByDefault,
+
+    -- ** AwsS3BucketWebsiteConfiguration
+    awsS3BucketWebsiteConfiguration_errorDocument,
+    awsS3BucketWebsiteConfiguration_indexDocumentSuffix,
+    awsS3BucketWebsiteConfiguration_redirectAllRequestsTo,
+    awsS3BucketWebsiteConfiguration_routingRules,
+
+    -- ** AwsS3BucketWebsiteConfigurationRedirectTo
+    awsS3BucketWebsiteConfigurationRedirectTo_hostname,
+    awsS3BucketWebsiteConfigurationRedirectTo_protocol,
+
+    -- ** AwsS3BucketWebsiteConfigurationRoutingRule
+    awsS3BucketWebsiteConfigurationRoutingRule_condition,
+    awsS3BucketWebsiteConfigurationRoutingRule_redirect,
+
+    -- ** AwsS3BucketWebsiteConfigurationRoutingRuleCondition
+    awsS3BucketWebsiteConfigurationRoutingRuleCondition_httpErrorCodeReturnedEquals,
+    awsS3BucketWebsiteConfigurationRoutingRuleCondition_keyPrefixEquals,
+
+    -- ** AwsS3BucketWebsiteConfigurationRoutingRuleRedirect
+    awsS3BucketWebsiteConfigurationRoutingRuleRedirect_hostname,
+    awsS3BucketWebsiteConfigurationRoutingRuleRedirect_httpRedirectCode,
+    awsS3BucketWebsiteConfigurationRoutingRuleRedirect_protocol,
+    awsS3BucketWebsiteConfigurationRoutingRuleRedirect_replaceKeyPrefixWith,
+    awsS3BucketWebsiteConfigurationRoutingRuleRedirect_replaceKeyWith,
+
+    -- ** AwsS3ObjectDetails
+    awsS3ObjectDetails_contentType,
+    awsS3ObjectDetails_eTag,
+    awsS3ObjectDetails_lastModified,
+    awsS3ObjectDetails_sSEKMSKeyId,
+    awsS3ObjectDetails_serverSideEncryption,
+    awsS3ObjectDetails_versionId,
+
+    -- ** AwsSageMakerNotebookInstanceDetails
+    awsSageMakerNotebookInstanceDetails_acceleratorTypes,
+    awsSageMakerNotebookInstanceDetails_additionalCodeRepositories,
+    awsSageMakerNotebookInstanceDetails_defaultCodeRepository,
+    awsSageMakerNotebookInstanceDetails_directInternetAccess,
+    awsSageMakerNotebookInstanceDetails_failureReason,
+    awsSageMakerNotebookInstanceDetails_instanceMetadataServiceConfiguration,
+    awsSageMakerNotebookInstanceDetails_instanceType,
+    awsSageMakerNotebookInstanceDetails_kmsKeyId,
+    awsSageMakerNotebookInstanceDetails_networkInterfaceId,
+    awsSageMakerNotebookInstanceDetails_notebookInstanceArn,
+    awsSageMakerNotebookInstanceDetails_notebookInstanceLifecycleConfigName,
+    awsSageMakerNotebookInstanceDetails_notebookInstanceName,
+    awsSageMakerNotebookInstanceDetails_notebookInstanceStatus,
+    awsSageMakerNotebookInstanceDetails_platformIdentifier,
+    awsSageMakerNotebookInstanceDetails_roleArn,
+    awsSageMakerNotebookInstanceDetails_rootAccess,
+    awsSageMakerNotebookInstanceDetails_securityGroups,
+    awsSageMakerNotebookInstanceDetails_subnetId,
+    awsSageMakerNotebookInstanceDetails_url,
+    awsSageMakerNotebookInstanceDetails_volumeSizeInGB,
+
+    -- ** AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails
+    awsSageMakerNotebookInstanceMetadataServiceConfigurationDetails_minimumInstanceMetadataServiceVersion,
+
+    -- ** AwsSecretsManagerSecretDetails
+    awsSecretsManagerSecretDetails_deleted,
+    awsSecretsManagerSecretDetails_description,
+    awsSecretsManagerSecretDetails_kmsKeyId,
+    awsSecretsManagerSecretDetails_name,
+    awsSecretsManagerSecretDetails_rotationEnabled,
+    awsSecretsManagerSecretDetails_rotationLambdaArn,
+    awsSecretsManagerSecretDetails_rotationOccurredWithinFrequency,
+    awsSecretsManagerSecretDetails_rotationRules,
+
+    -- ** AwsSecretsManagerSecretRotationRules
+    awsSecretsManagerSecretRotationRules_automaticallyAfterDays,
+
+    -- ** AwsSecurityFinding
+    awsSecurityFinding_action,
+    awsSecurityFinding_companyName,
+    awsSecurityFinding_compliance,
+    awsSecurityFinding_confidence,
+    awsSecurityFinding_criticality,
+    awsSecurityFinding_findingProviderFields,
+    awsSecurityFinding_firstObservedAt,
+    awsSecurityFinding_lastObservedAt,
+    awsSecurityFinding_malware,
+    awsSecurityFinding_network,
+    awsSecurityFinding_networkPath,
+    awsSecurityFinding_note,
+    awsSecurityFinding_patchSummary,
+    awsSecurityFinding_process,
+    awsSecurityFinding_productFields,
+    awsSecurityFinding_productName,
+    awsSecurityFinding_recordState,
+    awsSecurityFinding_region,
+    awsSecurityFinding_relatedFindings,
+    awsSecurityFinding_remediation,
+    awsSecurityFinding_sample,
+    awsSecurityFinding_severity,
+    awsSecurityFinding_sourceUrl,
+    awsSecurityFinding_threatIntelIndicators,
+    awsSecurityFinding_threats,
+    awsSecurityFinding_types,
+    awsSecurityFinding_userDefinedFields,
+    awsSecurityFinding_verificationState,
+    awsSecurityFinding_vulnerabilities,
+    awsSecurityFinding_workflow,
+    awsSecurityFinding_workflowState,
+    awsSecurityFinding_schemaVersion,
+    awsSecurityFinding_id,
+    awsSecurityFinding_productArn,
+    awsSecurityFinding_generatorId,
+    awsSecurityFinding_awsAccountId,
+    awsSecurityFinding_createdAt,
+    awsSecurityFinding_updatedAt,
+    awsSecurityFinding_title,
+    awsSecurityFinding_description,
+    awsSecurityFinding_resources,
+
+    -- ** AwsSecurityFindingFilters
+    awsSecurityFindingFilters_awsAccountId,
+    awsSecurityFindingFilters_companyName,
+    awsSecurityFindingFilters_complianceStatus,
+    awsSecurityFindingFilters_confidence,
+    awsSecurityFindingFilters_createdAt,
+    awsSecurityFindingFilters_criticality,
+    awsSecurityFindingFilters_description,
+    awsSecurityFindingFilters_findingProviderFieldsConfidence,
+    awsSecurityFindingFilters_findingProviderFieldsCriticality,
+    awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsId,
+    awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsProductArn,
+    awsSecurityFindingFilters_findingProviderFieldsSeverityLabel,
+    awsSecurityFindingFilters_findingProviderFieldsSeverityOriginal,
+    awsSecurityFindingFilters_findingProviderFieldsTypes,
+    awsSecurityFindingFilters_firstObservedAt,
+    awsSecurityFindingFilters_generatorId,
+    awsSecurityFindingFilters_id,
+    awsSecurityFindingFilters_keyword,
+    awsSecurityFindingFilters_lastObservedAt,
+    awsSecurityFindingFilters_malwareName,
+    awsSecurityFindingFilters_malwarePath,
+    awsSecurityFindingFilters_malwareState,
+    awsSecurityFindingFilters_malwareType,
+    awsSecurityFindingFilters_networkDestinationDomain,
+    awsSecurityFindingFilters_networkDestinationIpV4,
+    awsSecurityFindingFilters_networkDestinationIpV6,
+    awsSecurityFindingFilters_networkDestinationPort,
+    awsSecurityFindingFilters_networkDirection,
+    awsSecurityFindingFilters_networkProtocol,
+    awsSecurityFindingFilters_networkSourceDomain,
+    awsSecurityFindingFilters_networkSourceIpV4,
+    awsSecurityFindingFilters_networkSourceIpV6,
+    awsSecurityFindingFilters_networkSourceMac,
+    awsSecurityFindingFilters_networkSourcePort,
+    awsSecurityFindingFilters_noteText,
+    awsSecurityFindingFilters_noteUpdatedAt,
+    awsSecurityFindingFilters_noteUpdatedBy,
+    awsSecurityFindingFilters_processLaunchedAt,
+    awsSecurityFindingFilters_processName,
+    awsSecurityFindingFilters_processParentPid,
+    awsSecurityFindingFilters_processPath,
+    awsSecurityFindingFilters_processPid,
+    awsSecurityFindingFilters_processTerminatedAt,
+    awsSecurityFindingFilters_productArn,
+    awsSecurityFindingFilters_productFields,
+    awsSecurityFindingFilters_productName,
+    awsSecurityFindingFilters_recommendationText,
+    awsSecurityFindingFilters_recordState,
+    awsSecurityFindingFilters_region,
+    awsSecurityFindingFilters_relatedFindingsId,
+    awsSecurityFindingFilters_relatedFindingsProductArn,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceIamInstanceProfileArn,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceImageId,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceIpV4Addresses,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceIpV6Addresses,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceKeyName,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceLaunchedAt,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceSubnetId,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceType,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceVpcId,
+    awsSecurityFindingFilters_resourceAwsIamAccessKeyCreatedAt,
+    awsSecurityFindingFilters_resourceAwsIamAccessKeyPrincipalName,
+    awsSecurityFindingFilters_resourceAwsIamAccessKeyStatus,
+    awsSecurityFindingFilters_resourceAwsIamAccessKeyUserName,
+    awsSecurityFindingFilters_resourceAwsIamUserUserName,
+    awsSecurityFindingFilters_resourceAwsS3BucketOwnerId,
+    awsSecurityFindingFilters_resourceAwsS3BucketOwnerName,
+    awsSecurityFindingFilters_resourceContainerImageId,
+    awsSecurityFindingFilters_resourceContainerImageName,
+    awsSecurityFindingFilters_resourceContainerLaunchedAt,
+    awsSecurityFindingFilters_resourceContainerName,
+    awsSecurityFindingFilters_resourceDetailsOther,
+    awsSecurityFindingFilters_resourceId,
+    awsSecurityFindingFilters_resourcePartition,
+    awsSecurityFindingFilters_resourceRegion,
+    awsSecurityFindingFilters_resourceTags,
+    awsSecurityFindingFilters_resourceType,
+    awsSecurityFindingFilters_sample,
+    awsSecurityFindingFilters_severityLabel,
+    awsSecurityFindingFilters_severityNormalized,
+    awsSecurityFindingFilters_severityProduct,
+    awsSecurityFindingFilters_sourceUrl,
+    awsSecurityFindingFilters_threatIntelIndicatorCategory,
+    awsSecurityFindingFilters_threatIntelIndicatorLastObservedAt,
+    awsSecurityFindingFilters_threatIntelIndicatorSource,
+    awsSecurityFindingFilters_threatIntelIndicatorSourceUrl,
+    awsSecurityFindingFilters_threatIntelIndicatorType,
+    awsSecurityFindingFilters_threatIntelIndicatorValue,
+    awsSecurityFindingFilters_title,
+    awsSecurityFindingFilters_type,
+    awsSecurityFindingFilters_updatedAt,
+    awsSecurityFindingFilters_userDefinedFields,
+    awsSecurityFindingFilters_verificationState,
+    awsSecurityFindingFilters_workflowState,
+    awsSecurityFindingFilters_workflowStatus,
+
+    -- ** AwsSecurityFindingIdentifier
+    awsSecurityFindingIdentifier_id,
+    awsSecurityFindingIdentifier_productArn,
+
+    -- ** AwsSnsTopicDetails
+    awsSnsTopicDetails_applicationSuccessFeedbackRoleArn,
+    awsSnsTopicDetails_firehoseFailureFeedbackRoleArn,
+    awsSnsTopicDetails_firehoseSuccessFeedbackRoleArn,
+    awsSnsTopicDetails_httpFailureFeedbackRoleArn,
+    awsSnsTopicDetails_httpSuccessFeedbackRoleArn,
+    awsSnsTopicDetails_kmsMasterKeyId,
+    awsSnsTopicDetails_owner,
+    awsSnsTopicDetails_sqsFailureFeedbackRoleArn,
+    awsSnsTopicDetails_sqsSuccessFeedbackRoleArn,
+    awsSnsTopicDetails_subscription,
+    awsSnsTopicDetails_topicName,
+
+    -- ** AwsSnsTopicSubscription
+    awsSnsTopicSubscription_endpoint,
+    awsSnsTopicSubscription_protocol,
+
+    -- ** AwsSqsQueueDetails
+    awsSqsQueueDetails_deadLetterTargetArn,
+    awsSqsQueueDetails_kmsDataKeyReusePeriodSeconds,
+    awsSqsQueueDetails_kmsMasterKeyId,
+    awsSqsQueueDetails_queueName,
+
+    -- ** AwsSsmComplianceSummary
+    awsSsmComplianceSummary_complianceType,
+    awsSsmComplianceSummary_compliantCriticalCount,
+    awsSsmComplianceSummary_compliantHighCount,
+    awsSsmComplianceSummary_compliantInformationalCount,
+    awsSsmComplianceSummary_compliantLowCount,
+    awsSsmComplianceSummary_compliantMediumCount,
+    awsSsmComplianceSummary_compliantUnspecifiedCount,
+    awsSsmComplianceSummary_executionType,
+    awsSsmComplianceSummary_nonCompliantCriticalCount,
+    awsSsmComplianceSummary_nonCompliantHighCount,
+    awsSsmComplianceSummary_nonCompliantInformationalCount,
+    awsSsmComplianceSummary_nonCompliantLowCount,
+    awsSsmComplianceSummary_nonCompliantMediumCount,
+    awsSsmComplianceSummary_nonCompliantUnspecifiedCount,
+    awsSsmComplianceSummary_overallSeverity,
+    awsSsmComplianceSummary_patchBaselineId,
+    awsSsmComplianceSummary_patchGroup,
+    awsSsmComplianceSummary_status,
+
+    -- ** AwsSsmPatch
+    awsSsmPatch_complianceSummary,
+
+    -- ** AwsSsmPatchComplianceDetails
+    awsSsmPatchComplianceDetails_patch,
+
+    -- ** AwsWafRateBasedRuleDetails
+    awsWafRateBasedRuleDetails_matchPredicates,
+    awsWafRateBasedRuleDetails_metricName,
+    awsWafRateBasedRuleDetails_name,
+    awsWafRateBasedRuleDetails_rateKey,
+    awsWafRateBasedRuleDetails_rateLimit,
+    awsWafRateBasedRuleDetails_ruleId,
+
+    -- ** AwsWafRateBasedRuleMatchPredicate
+    awsWafRateBasedRuleMatchPredicate_dataId,
+    awsWafRateBasedRuleMatchPredicate_negated,
+    awsWafRateBasedRuleMatchPredicate_type,
+
+    -- ** AwsWafRegionalRateBasedRuleDetails
+    awsWafRegionalRateBasedRuleDetails_matchPredicates,
+    awsWafRegionalRateBasedRuleDetails_metricName,
+    awsWafRegionalRateBasedRuleDetails_name,
+    awsWafRegionalRateBasedRuleDetails_rateKey,
+    awsWafRegionalRateBasedRuleDetails_rateLimit,
+    awsWafRegionalRateBasedRuleDetails_ruleId,
+
+    -- ** AwsWafRegionalRateBasedRuleMatchPredicate
+    awsWafRegionalRateBasedRuleMatchPredicate_dataId,
+    awsWafRegionalRateBasedRuleMatchPredicate_negated,
+    awsWafRegionalRateBasedRuleMatchPredicate_type,
+
+    -- ** AwsWafRegionalRuleDetails
+    awsWafRegionalRuleDetails_metricName,
+    awsWafRegionalRuleDetails_name,
+    awsWafRegionalRuleDetails_predicateList,
+    awsWafRegionalRuleDetails_ruleId,
+
+    -- ** AwsWafRegionalRuleGroupDetails
+    awsWafRegionalRuleGroupDetails_metricName,
+    awsWafRegionalRuleGroupDetails_name,
+    awsWafRegionalRuleGroupDetails_ruleGroupId,
+    awsWafRegionalRuleGroupDetails_rules,
+
+    -- ** AwsWafRegionalRuleGroupRulesActionDetails
+    awsWafRegionalRuleGroupRulesActionDetails_type,
+
+    -- ** AwsWafRegionalRuleGroupRulesDetails
+    awsWafRegionalRuleGroupRulesDetails_action,
+    awsWafRegionalRuleGroupRulesDetails_priority,
+    awsWafRegionalRuleGroupRulesDetails_ruleId,
+    awsWafRegionalRuleGroupRulesDetails_type,
+
+    -- ** AwsWafRegionalRulePredicateListDetails
+    awsWafRegionalRulePredicateListDetails_dataId,
+    awsWafRegionalRulePredicateListDetails_negated,
+    awsWafRegionalRulePredicateListDetails_type,
+
+    -- ** AwsWafRegionalWebAclDetails
+    awsWafRegionalWebAclDetails_defaultAction,
+    awsWafRegionalWebAclDetails_metricName,
+    awsWafRegionalWebAclDetails_name,
+    awsWafRegionalWebAclDetails_rulesList,
+    awsWafRegionalWebAclDetails_webAclId,
+
+    -- ** AwsWafRegionalWebAclRulesListActionDetails
+    awsWafRegionalWebAclRulesListActionDetails_type,
+
+    -- ** AwsWafRegionalWebAclRulesListDetails
+    awsWafRegionalWebAclRulesListDetails_action,
+    awsWafRegionalWebAclRulesListDetails_overrideAction,
+    awsWafRegionalWebAclRulesListDetails_priority,
+    awsWafRegionalWebAclRulesListDetails_ruleId,
+    awsWafRegionalWebAclRulesListDetails_type,
+
+    -- ** AwsWafRegionalWebAclRulesListOverrideActionDetails
+    awsWafRegionalWebAclRulesListOverrideActionDetails_type,
+
+    -- ** AwsWafRuleDetails
+    awsWafRuleDetails_metricName,
+    awsWafRuleDetails_name,
+    awsWafRuleDetails_predicateList,
+    awsWafRuleDetails_ruleId,
+
+    -- ** AwsWafRuleGroupDetails
+    awsWafRuleGroupDetails_metricName,
+    awsWafRuleGroupDetails_name,
+    awsWafRuleGroupDetails_ruleGroupId,
+    awsWafRuleGroupDetails_rules,
+
+    -- ** AwsWafRuleGroupRulesActionDetails
+    awsWafRuleGroupRulesActionDetails_type,
+
+    -- ** AwsWafRuleGroupRulesDetails
+    awsWafRuleGroupRulesDetails_action,
+    awsWafRuleGroupRulesDetails_priority,
+    awsWafRuleGroupRulesDetails_ruleId,
+    awsWafRuleGroupRulesDetails_type,
+
+    -- ** AwsWafRulePredicateListDetails
+    awsWafRulePredicateListDetails_dataId,
+    awsWafRulePredicateListDetails_negated,
+    awsWafRulePredicateListDetails_type,
+
+    -- ** AwsWafWebAclDetails
+    awsWafWebAclDetails_defaultAction,
+    awsWafWebAclDetails_name,
+    awsWafWebAclDetails_rules,
+    awsWafWebAclDetails_webAclId,
+
+    -- ** AwsWafWebAclRule
+    awsWafWebAclRule_action,
+    awsWafWebAclRule_excludedRules,
+    awsWafWebAclRule_overrideAction,
+    awsWafWebAclRule_priority,
+    awsWafWebAclRule_ruleId,
+    awsWafWebAclRule_type,
+
+    -- ** AwsWafv2ActionAllowDetails
+    awsWafv2ActionAllowDetails_customRequestHandling,
+
+    -- ** AwsWafv2ActionBlockDetails
+    awsWafv2ActionBlockDetails_customResponse,
+
+    -- ** AwsWafv2CustomHttpHeader
+    awsWafv2CustomHttpHeader_name,
+    awsWafv2CustomHttpHeader_value,
+
+    -- ** AwsWafv2CustomRequestHandlingDetails
+    awsWafv2CustomRequestHandlingDetails_insertHeaders,
+
+    -- ** AwsWafv2CustomResponseDetails
+    awsWafv2CustomResponseDetails_customResponseBodyKey,
+    awsWafv2CustomResponseDetails_responseCode,
+    awsWafv2CustomResponseDetails_responseHeaders,
+
+    -- ** AwsWafv2RuleGroupDetails
+    awsWafv2RuleGroupDetails_arn,
+    awsWafv2RuleGroupDetails_capacity,
+    awsWafv2RuleGroupDetails_description,
+    awsWafv2RuleGroupDetails_id,
+    awsWafv2RuleGroupDetails_name,
+    awsWafv2RuleGroupDetails_rules,
+    awsWafv2RuleGroupDetails_scope,
+    awsWafv2RuleGroupDetails_visibilityConfig,
+
+    -- ** AwsWafv2RulesActionCaptchaDetails
+    awsWafv2RulesActionCaptchaDetails_customRequestHandling,
+
+    -- ** AwsWafv2RulesActionCountDetails
+    awsWafv2RulesActionCountDetails_customRequestHandling,
+
+    -- ** AwsWafv2RulesActionDetails
+    awsWafv2RulesActionDetails_allow,
+    awsWafv2RulesActionDetails_block,
+    awsWafv2RulesActionDetails_captcha,
+    awsWafv2RulesActionDetails_count,
+
+    -- ** AwsWafv2RulesDetails
+    awsWafv2RulesDetails_action,
+    awsWafv2RulesDetails_name,
+    awsWafv2RulesDetails_overrideAction,
+    awsWafv2RulesDetails_priority,
+    awsWafv2RulesDetails_visibilityConfig,
+
+    -- ** AwsWafv2VisibilityConfigDetails
+    awsWafv2VisibilityConfigDetails_cloudWatchMetricsEnabled,
+    awsWafv2VisibilityConfigDetails_metricName,
+    awsWafv2VisibilityConfigDetails_sampledRequestsEnabled,
+
+    -- ** AwsWafv2WebAclActionDetails
+    awsWafv2WebAclActionDetails_allow,
+    awsWafv2WebAclActionDetails_block,
+
+    -- ** AwsWafv2WebAclCaptchaConfigDetails
+    awsWafv2WebAclCaptchaConfigDetails_immunityTimeProperty,
+
+    -- ** AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails
+    awsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails_immunityTime,
+
+    -- ** AwsWafv2WebAclDetails
+    awsWafv2WebAclDetails_arn,
+    awsWafv2WebAclDetails_capacity,
+    awsWafv2WebAclDetails_captchaConfig,
+    awsWafv2WebAclDetails_defaultAction,
+    awsWafv2WebAclDetails_description,
+    awsWafv2WebAclDetails_id,
+    awsWafv2WebAclDetails_managedbyFirewallManager,
+    awsWafv2WebAclDetails_name,
+    awsWafv2WebAclDetails_rules,
+    awsWafv2WebAclDetails_visibilityConfig,
+
+    -- ** AwsXrayEncryptionConfigDetails
+    awsXrayEncryptionConfigDetails_keyId,
+    awsXrayEncryptionConfigDetails_status,
+    awsXrayEncryptionConfigDetails_type,
+
+    -- ** BatchUpdateFindingsUnprocessedFinding
+    batchUpdateFindingsUnprocessedFinding_findingIdentifier,
+    batchUpdateFindingsUnprocessedFinding_errorCode,
+    batchUpdateFindingsUnprocessedFinding_errorMessage,
+
+    -- ** BooleanFilter
+    booleanFilter_value,
+
+    -- ** Cell
+    cell_cellReference,
+    cell_column,
+    cell_columnName,
+    cell_row,
+
+    -- ** CidrBlockAssociation
+    cidrBlockAssociation_associationId,
+    cidrBlockAssociation_cidrBlock,
+    cidrBlockAssociation_cidrBlockState,
+
+    -- ** City
+    city_cityName,
+
+    -- ** ClassificationResult
+    classificationResult_additionalOccurrences,
+    classificationResult_customDataIdentifiers,
+    classificationResult_mimeType,
+    classificationResult_sensitiveData,
+    classificationResult_sizeClassified,
+    classificationResult_status,
+
+    -- ** ClassificationStatus
+    classificationStatus_code,
+    classificationStatus_reason,
+
+    -- ** Compliance
+    compliance_relatedRequirements,
+    compliance_status,
+    compliance_statusReasons,
+
+    -- ** ContainerDetails
+    containerDetails_containerRuntime,
+    containerDetails_imageId,
+    containerDetails_imageName,
+    containerDetails_launchedAt,
+    containerDetails_name,
+    containerDetails_privileged,
+    containerDetails_volumeMounts,
+
+    -- ** Country
+    country_countryCode,
+    country_countryName,
+
+    -- ** CustomDataIdentifiersDetections
+    customDataIdentifiersDetections_arn,
+    customDataIdentifiersDetections_count,
+    customDataIdentifiersDetections_name,
+    customDataIdentifiersDetections_occurrences,
+
+    -- ** CustomDataIdentifiersResult
+    customDataIdentifiersResult_detections,
+    customDataIdentifiersResult_totalCount,
+
+    -- ** Cvss
+    cvss_adjustments,
+    cvss_baseScore,
+    cvss_baseVector,
+    cvss_source,
+    cvss_version,
+
+    -- ** DataClassificationDetails
+    dataClassificationDetails_detailedResultsLocation,
+    dataClassificationDetails_result,
+
+    -- ** DateFilter
+    dateFilter_dateRange,
+    dateFilter_end,
+    dateFilter_start,
+
+    -- ** DateRange
+    dateRange_unit,
+    dateRange_value,
+
+    -- ** DnsRequestAction
+    dnsRequestAction_blocked,
+    dnsRequestAction_domain,
+    dnsRequestAction_protocol,
+
+    -- ** FilePaths
+    filePaths_fileName,
+    filePaths_filePath,
+    filePaths_hash,
+    filePaths_resourceId,
+
+    -- ** FindingAggregator
+    findingAggregator_findingAggregatorArn,
+
+    -- ** FindingProviderFields
+    findingProviderFields_confidence,
+    findingProviderFields_criticality,
+    findingProviderFields_relatedFindings,
+    findingProviderFields_severity,
+    findingProviderFields_types,
+
+    -- ** FindingProviderSeverity
+    findingProviderSeverity_label,
+    findingProviderSeverity_original,
+
+    -- ** FirewallPolicyDetails
+    firewallPolicyDetails_statefulRuleGroupReferences,
+    firewallPolicyDetails_statelessCustomActions,
+    firewallPolicyDetails_statelessDefaultActions,
+    firewallPolicyDetails_statelessFragmentDefaultActions,
+    firewallPolicyDetails_statelessRuleGroupReferences,
+
+    -- ** FirewallPolicyStatefulRuleGroupReferencesDetails
+    firewallPolicyStatefulRuleGroupReferencesDetails_resourceArn,
+
+    -- ** FirewallPolicyStatelessCustomActionsDetails
+    firewallPolicyStatelessCustomActionsDetails_actionDefinition,
+    firewallPolicyStatelessCustomActionsDetails_actionName,
+
+    -- ** FirewallPolicyStatelessRuleGroupReferencesDetails
+    firewallPolicyStatelessRuleGroupReferencesDetails_priority,
+    firewallPolicyStatelessRuleGroupReferencesDetails_resourceArn,
+
+    -- ** GeoLocation
+    geoLocation_lat,
+    geoLocation_lon,
+
+    -- ** IcmpTypeCode
+    icmpTypeCode_code,
+    icmpTypeCode_type,
+
+    -- ** ImportFindingsError
+    importFindingsError_id,
+    importFindingsError_errorCode,
+    importFindingsError_errorMessage,
+
+    -- ** Insight
+    insight_insightArn,
+    insight_name,
+    insight_filters,
+    insight_groupByAttribute,
+
+    -- ** InsightResultValue
+    insightResultValue_groupByAttributeValue,
+    insightResultValue_count,
+
+    -- ** InsightResults
+    insightResults_insightArn,
+    insightResults_groupByAttribute,
+    insightResults_resultValues,
+
+    -- ** Invitation
+    invitation_accountId,
+    invitation_invitationId,
+    invitation_invitedAt,
+    invitation_memberStatus,
+
+    -- ** IpFilter
+    ipFilter_cidr,
+
+    -- ** IpOrganizationDetails
+    ipOrganizationDetails_asn,
+    ipOrganizationDetails_asnOrg,
+    ipOrganizationDetails_isp,
+    ipOrganizationDetails_org,
+
+    -- ** Ipv6CidrBlockAssociation
+    ipv6CidrBlockAssociation_associationId,
+    ipv6CidrBlockAssociation_cidrBlockState,
+    ipv6CidrBlockAssociation_ipv6CidrBlock,
+
+    -- ** KeywordFilter
+    keywordFilter_value,
+
+    -- ** LoadBalancerState
+    loadBalancerState_code,
+    loadBalancerState_reason,
+
+    -- ** Malware
+    malware_path,
+    malware_state,
+    malware_type,
+    malware_name,
+
+    -- ** MapFilter
+    mapFilter_comparison,
+    mapFilter_key,
+    mapFilter_value,
+
+    -- ** Member
+    member_accountId,
+    member_administratorId,
+    member_email,
+    member_invitedAt,
+    member_masterId,
+    member_memberStatus,
+    member_updatedAt,
+
+    -- ** Network
+    network_destinationDomain,
+    network_destinationIpV4,
+    network_destinationIpV6,
+    network_destinationPort,
+    network_direction,
+    network_openPortRange,
+    network_protocol,
+    network_sourceDomain,
+    network_sourceIpV4,
+    network_sourceIpV6,
+    network_sourceMac,
+    network_sourcePort,
+
+    -- ** NetworkConnectionAction
+    networkConnectionAction_blocked,
+    networkConnectionAction_connectionDirection,
+    networkConnectionAction_localPortDetails,
+    networkConnectionAction_protocol,
+    networkConnectionAction_remoteIpDetails,
+    networkConnectionAction_remotePortDetails,
+
+    -- ** NetworkHeader
+    networkHeader_destination,
+    networkHeader_protocol,
+    networkHeader_source,
+
+    -- ** NetworkPathComponent
+    networkPathComponent_componentId,
+    networkPathComponent_componentType,
+    networkPathComponent_egress,
+    networkPathComponent_ingress,
+
+    -- ** NetworkPathComponentDetails
+    networkPathComponentDetails_address,
+    networkPathComponentDetails_portRanges,
+
+    -- ** Note
+    note_text,
+    note_updatedBy,
+    note_updatedAt,
+
+    -- ** NoteUpdate
+    noteUpdate_text,
+    noteUpdate_updatedBy,
+
+    -- ** NumberFilter
+    numberFilter_eq,
+    numberFilter_gte,
+    numberFilter_lte,
+
+    -- ** Occurrences
+    occurrences_cells,
+    occurrences_lineRanges,
+    occurrences_offsetRanges,
+    occurrences_pages,
+    occurrences_records,
+
+    -- ** Page
+    page_lineRange,
+    page_offsetRange,
+    page_pageNumber,
+
+    -- ** PatchSummary
+    patchSummary_failedCount,
+    patchSummary_installedCount,
+    patchSummary_installedOtherCount,
+    patchSummary_installedPendingReboot,
+    patchSummary_installedRejectedCount,
+    patchSummary_missingCount,
+    patchSummary_operation,
+    patchSummary_operationEndTime,
+    patchSummary_operationStartTime,
+    patchSummary_rebootOption,
+    patchSummary_id,
+
+    -- ** PortProbeAction
+    portProbeAction_blocked,
+    portProbeAction_portProbeDetails,
+
+    -- ** PortProbeDetail
+    portProbeDetail_localIpDetails,
+    portProbeDetail_localPortDetails,
+    portProbeDetail_remoteIpDetails,
+
+    -- ** PortRange
+    portRange_begin,
+    portRange_end,
+
+    -- ** PortRangeFromTo
+    portRangeFromTo_from,
+    portRangeFromTo_to,
+
+    -- ** ProcessDetails
+    processDetails_launchedAt,
+    processDetails_name,
+    processDetails_parentPid,
+    processDetails_path,
+    processDetails_pid,
+    processDetails_terminatedAt,
+
+    -- ** Product
+    product_activationUrl,
+    product_categories,
+    product_companyName,
+    product_description,
+    product_integrationTypes,
+    product_marketplaceUrl,
+    product_productName,
+    product_productSubscriptionResourcePolicy,
+    product_productArn,
+
+    -- ** Range
+    range_end,
+    range_start,
+    range_startColumn,
+
+    -- ** Recommendation
+    recommendation_text,
+    recommendation_url,
+
+    -- ** Record
+    record_jsonPath,
+    record_recordIndex,
+
+    -- ** RelatedFinding
+    relatedFinding_productArn,
+    relatedFinding_id,
+
+    -- ** Remediation
+    remediation_recommendation,
+
+    -- ** Resource
+    resource_dataClassification,
+    resource_details,
+    resource_partition,
+    resource_region,
+    resource_resourceRole,
+    resource_tags,
+    resource_type,
+    resource_id,
+
+    -- ** ResourceDetails
+    resourceDetails_awsApiGatewayRestApi,
+    resourceDetails_awsApiGatewayStage,
+    resourceDetails_awsApiGatewayV2Api,
+    resourceDetails_awsApiGatewayV2Stage,
+    resourceDetails_awsAutoScalingAutoScalingGroup,
+    resourceDetails_awsAutoScalingLaunchConfiguration,
+    resourceDetails_awsBackupBackupPlan,
+    resourceDetails_awsBackupBackupVault,
+    resourceDetails_awsBackupRecoveryPoint,
+    resourceDetails_awsCertificateManagerCertificate,
+    resourceDetails_awsCloudFormationStack,
+    resourceDetails_awsCloudFrontDistribution,
+    resourceDetails_awsCloudTrailTrail,
+    resourceDetails_awsCloudWatchAlarm,
+    resourceDetails_awsCodeBuildProject,
+    resourceDetails_awsDynamoDbTable,
+    resourceDetails_awsEc2Eip,
+    resourceDetails_awsEc2Instance,
+    resourceDetails_awsEc2LaunchTemplate,
+    resourceDetails_awsEc2NetworkAcl,
+    resourceDetails_awsEc2NetworkInterface,
+    resourceDetails_awsEc2SecurityGroup,
+    resourceDetails_awsEc2Subnet,
+    resourceDetails_awsEc2TransitGateway,
+    resourceDetails_awsEc2Volume,
+    resourceDetails_awsEc2Vpc,
+    resourceDetails_awsEc2VpcEndpointService,
+    resourceDetails_awsEc2VpcPeeringConnection,
+    resourceDetails_awsEc2VpnConnection,
+    resourceDetails_awsEcrContainerImage,
+    resourceDetails_awsEcrRepository,
+    resourceDetails_awsEcsCluster,
+    resourceDetails_awsEcsContainer,
+    resourceDetails_awsEcsService,
+    resourceDetails_awsEcsTask,
+    resourceDetails_awsEcsTaskDefinition,
+    resourceDetails_awsEfsAccessPoint,
+    resourceDetails_awsEksCluster,
+    resourceDetails_awsElasticBeanstalkEnvironment,
+    resourceDetails_awsElasticsearchDomain,
+    resourceDetails_awsElbLoadBalancer,
+    resourceDetails_awsElbv2LoadBalancer,
+    resourceDetails_awsIamAccessKey,
+    resourceDetails_awsIamGroup,
+    resourceDetails_awsIamPolicy,
+    resourceDetails_awsIamRole,
+    resourceDetails_awsIamUser,
+    resourceDetails_awsKinesisStream,
+    resourceDetails_awsKmsKey,
+    resourceDetails_awsLambdaFunction,
+    resourceDetails_awsLambdaLayerVersion,
+    resourceDetails_awsNetworkFirewallFirewall,
+    resourceDetails_awsNetworkFirewallFirewallPolicy,
+    resourceDetails_awsNetworkFirewallRuleGroup,
+    resourceDetails_awsOpenSearchServiceDomain,
+    resourceDetails_awsRdsDbCluster,
+    resourceDetails_awsRdsDbClusterSnapshot,
+    resourceDetails_awsRdsDbInstance,
+    resourceDetails_awsRdsDbSecurityGroup,
+    resourceDetails_awsRdsDbSnapshot,
+    resourceDetails_awsRdsEventSubscription,
+    resourceDetails_awsRedshiftCluster,
+    resourceDetails_awsS3AccountPublicAccessBlock,
+    resourceDetails_awsS3Bucket,
+    resourceDetails_awsS3Object,
+    resourceDetails_awsSageMakerNotebookInstance,
+    resourceDetails_awsSecretsManagerSecret,
+    resourceDetails_awsSnsTopic,
+    resourceDetails_awsSqsQueue,
+    resourceDetails_awsSsmPatchCompliance,
+    resourceDetails_awsWafRateBasedRule,
+    resourceDetails_awsWafRegionalRateBasedRule,
+    resourceDetails_awsWafRegionalRule,
+    resourceDetails_awsWafRegionalRuleGroup,
+    resourceDetails_awsWafRegionalWebAcl,
+    resourceDetails_awsWafRule,
+    resourceDetails_awsWafRuleGroup,
+    resourceDetails_awsWafWebAcl,
+    resourceDetails_awsWafv2RuleGroup,
+    resourceDetails_awsWafv2WebAcl,
+    resourceDetails_awsXrayEncryptionConfig,
+    resourceDetails_container,
+    resourceDetails_other,
+
+    -- ** Result
+    result_accountId,
+    result_processingResult,
+
+    -- ** RuleGroupDetails
+    ruleGroupDetails_ruleVariables,
+    ruleGroupDetails_rulesSource,
+
+    -- ** RuleGroupSource
+    ruleGroupSource_rulesSourceList,
+    ruleGroupSource_rulesString,
+    ruleGroupSource_statefulRules,
+    ruleGroupSource_statelessRulesAndCustomActions,
+
+    -- ** RuleGroupSourceCustomActionsDetails
+    ruleGroupSourceCustomActionsDetails_actionDefinition,
+    ruleGroupSourceCustomActionsDetails_actionName,
+
+    -- ** RuleGroupSourceListDetails
+    ruleGroupSourceListDetails_generatedRulesType,
+    ruleGroupSourceListDetails_targetTypes,
+    ruleGroupSourceListDetails_targets,
+
+    -- ** RuleGroupSourceStatefulRulesDetails
+    ruleGroupSourceStatefulRulesDetails_action,
+    ruleGroupSourceStatefulRulesDetails_header,
+    ruleGroupSourceStatefulRulesDetails_ruleOptions,
+
+    -- ** RuleGroupSourceStatefulRulesHeaderDetails
+    ruleGroupSourceStatefulRulesHeaderDetails_destination,
+    ruleGroupSourceStatefulRulesHeaderDetails_destinationPort,
+    ruleGroupSourceStatefulRulesHeaderDetails_direction,
+    ruleGroupSourceStatefulRulesHeaderDetails_protocol,
+    ruleGroupSourceStatefulRulesHeaderDetails_source,
+    ruleGroupSourceStatefulRulesHeaderDetails_sourcePort,
+
+    -- ** RuleGroupSourceStatefulRulesOptionsDetails
+    ruleGroupSourceStatefulRulesOptionsDetails_keyword,
+    ruleGroupSourceStatefulRulesOptionsDetails_settings,
+
+    -- ** RuleGroupSourceStatelessRuleDefinition
+    ruleGroupSourceStatelessRuleDefinition_actions,
+    ruleGroupSourceStatelessRuleDefinition_matchAttributes,
+
+    -- ** RuleGroupSourceStatelessRuleMatchAttributes
+    ruleGroupSourceStatelessRuleMatchAttributes_destinationPorts,
+    ruleGroupSourceStatelessRuleMatchAttributes_destinations,
+    ruleGroupSourceStatelessRuleMatchAttributes_protocols,
+    ruleGroupSourceStatelessRuleMatchAttributes_sourcePorts,
+    ruleGroupSourceStatelessRuleMatchAttributes_sources,
+    ruleGroupSourceStatelessRuleMatchAttributes_tcpFlags,
+
+    -- ** RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
+    ruleGroupSourceStatelessRuleMatchAttributesDestinationPorts_fromPort,
+    ruleGroupSourceStatelessRuleMatchAttributesDestinationPorts_toPort,
+
+    -- ** RuleGroupSourceStatelessRuleMatchAttributesDestinations
+    ruleGroupSourceStatelessRuleMatchAttributesDestinations_addressDefinition,
+
+    -- ** RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
+    ruleGroupSourceStatelessRuleMatchAttributesSourcePorts_fromPort,
+    ruleGroupSourceStatelessRuleMatchAttributesSourcePorts_toPort,
+
+    -- ** RuleGroupSourceStatelessRuleMatchAttributesSources
+    ruleGroupSourceStatelessRuleMatchAttributesSources_addressDefinition,
+
+    -- ** RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
+    ruleGroupSourceStatelessRuleMatchAttributesTcpFlags_flags,
+    ruleGroupSourceStatelessRuleMatchAttributesTcpFlags_masks,
+
+    -- ** RuleGroupSourceStatelessRulesAndCustomActionsDetails
+    ruleGroupSourceStatelessRulesAndCustomActionsDetails_customActions,
+    ruleGroupSourceStatelessRulesAndCustomActionsDetails_statelessRules,
+
+    -- ** RuleGroupSourceStatelessRulesDetails
+    ruleGroupSourceStatelessRulesDetails_priority,
+    ruleGroupSourceStatelessRulesDetails_ruleDefinition,
+
+    -- ** RuleGroupVariables
+    ruleGroupVariables_ipSets,
+    ruleGroupVariables_portSets,
+
+    -- ** RuleGroupVariablesIpSetsDetails
+    ruleGroupVariablesIpSetsDetails_definition,
+
+    -- ** RuleGroupVariablesPortSetsDetails
+    ruleGroupVariablesPortSetsDetails_definition,
+
+    -- ** SensitiveDataDetections
+    sensitiveDataDetections_count,
+    sensitiveDataDetections_occurrences,
+    sensitiveDataDetections_type,
+
+    -- ** SensitiveDataResult
+    sensitiveDataResult_category,
+    sensitiveDataResult_detections,
+    sensitiveDataResult_totalCount,
+
+    -- ** Severity
+    severity_label,
+    severity_normalized,
+    severity_original,
+    severity_product,
+
+    -- ** SeverityUpdate
+    severityUpdate_label,
+    severityUpdate_normalized,
+    severityUpdate_product,
+
+    -- ** SoftwarePackage
+    softwarePackage_architecture,
+    softwarePackage_epoch,
+    softwarePackage_filePath,
+    softwarePackage_fixedInVersion,
+    softwarePackage_name,
+    softwarePackage_packageManager,
+    softwarePackage_release,
+    softwarePackage_remediation,
+    softwarePackage_sourceLayerArn,
+    softwarePackage_sourceLayerHash,
+    softwarePackage_version,
+
+    -- ** SortCriterion
+    sortCriterion_field,
+    sortCriterion_sortOrder,
+
+    -- ** Standard
+    standard_description,
+    standard_enabledByDefault,
+    standard_name,
+    standard_standardsArn,
+    standard_standardsManagedBy,
+
+    -- ** StandardsControl
+    standardsControl_controlId,
+    standardsControl_controlStatus,
+    standardsControl_controlStatusUpdatedAt,
+    standardsControl_description,
+    standardsControl_disabledReason,
+    standardsControl_relatedRequirements,
+    standardsControl_remediationUrl,
+    standardsControl_severityRating,
+    standardsControl_standardsControlArn,
+    standardsControl_title,
+
+    -- ** StandardsManagedBy
+    standardsManagedBy_company,
+    standardsManagedBy_product,
+
+    -- ** StandardsStatusReason
+    standardsStatusReason_statusReasonCode,
+
+    -- ** StandardsSubscription
+    standardsSubscription_standardsStatusReason,
+    standardsSubscription_standardsSubscriptionArn,
+    standardsSubscription_standardsArn,
+    standardsSubscription_standardsInput,
+    standardsSubscription_standardsStatus,
+
+    -- ** StandardsSubscriptionRequest
+    standardsSubscriptionRequest_standardsInput,
+    standardsSubscriptionRequest_standardsArn,
+
+    -- ** StatelessCustomActionDefinition
+    statelessCustomActionDefinition_publishMetricAction,
+
+    -- ** StatelessCustomPublishMetricAction
+    statelessCustomPublishMetricAction_dimensions,
+
+    -- ** StatelessCustomPublishMetricActionDimension
+    statelessCustomPublishMetricActionDimension_value,
+
+    -- ** StatusReason
+    statusReason_description,
+    statusReason_reasonCode,
+
+    -- ** StringFilter
+    stringFilter_comparison,
+    stringFilter_value,
+
+    -- ** Threat
+    threat_filePaths,
+    threat_itemCount,
+    threat_name,
+    threat_severity,
+
+    -- ** ThreatIntelIndicator
+    threatIntelIndicator_category,
+    threatIntelIndicator_lastObservedAt,
+    threatIntelIndicator_source,
+    threatIntelIndicator_sourceUrl,
+    threatIntelIndicator_type,
+    threatIntelIndicator_value,
+
+    -- ** VolumeMount
+    volumeMount_mountPath,
+    volumeMount_name,
+
+    -- ** VpcInfoCidrBlockSetDetails
+    vpcInfoCidrBlockSetDetails_cidrBlock,
+
+    -- ** VpcInfoIpv6CidrBlockSetDetails
+    vpcInfoIpv6CidrBlockSetDetails_ipv6CidrBlock,
+
+    -- ** VpcInfoPeeringOptionsDetails
+    vpcInfoPeeringOptionsDetails_allowDnsResolutionFromRemoteVpc,
+    vpcInfoPeeringOptionsDetails_allowEgressFromLocalClassicLinkToRemoteVpc,
+    vpcInfoPeeringOptionsDetails_allowEgressFromLocalVpcToRemoteClassicLink,
+
+    -- ** Vulnerability
+    vulnerability_cvss,
+    vulnerability_fixAvailable,
+    vulnerability_referenceUrls,
+    vulnerability_relatedVulnerabilities,
+    vulnerability_vendor,
+    vulnerability_vulnerablePackages,
+    vulnerability_id,
+
+    -- ** VulnerabilityVendor
+    vulnerabilityVendor_url,
+    vulnerabilityVendor_vendorCreatedAt,
+    vulnerabilityVendor_vendorSeverity,
+    vulnerabilityVendor_vendorUpdatedAt,
+    vulnerabilityVendor_name,
+
+    -- ** WafAction
+    wafAction_type,
+
+    -- ** WafExcludedRule
+    wafExcludedRule_ruleId,
+
+    -- ** WafOverrideAction
+    wafOverrideAction_type,
+
+    -- ** Workflow
+    workflow_status,
+
+    -- ** WorkflowUpdate
+    workflowUpdate_status,
+  )
+where
+
+import Amazonka.SecurityHub.AcceptAdministratorInvitation
+import Amazonka.SecurityHub.BatchDisableStandards
+import Amazonka.SecurityHub.BatchEnableStandards
+import Amazonka.SecurityHub.BatchImportFindings
+import Amazonka.SecurityHub.BatchUpdateFindings
+import Amazonka.SecurityHub.CreateActionTarget
+import Amazonka.SecurityHub.CreateFindingAggregator
+import Amazonka.SecurityHub.CreateInsight
+import Amazonka.SecurityHub.CreateMembers
+import Amazonka.SecurityHub.DeclineInvitations
+import Amazonka.SecurityHub.DeleteActionTarget
+import Amazonka.SecurityHub.DeleteFindingAggregator
+import Amazonka.SecurityHub.DeleteInsight
+import Amazonka.SecurityHub.DeleteInvitations
+import Amazonka.SecurityHub.DeleteMembers
+import Amazonka.SecurityHub.DescribeActionTargets
+import Amazonka.SecurityHub.DescribeHub
+import Amazonka.SecurityHub.DescribeOrganizationConfiguration
+import Amazonka.SecurityHub.DescribeProducts
+import Amazonka.SecurityHub.DescribeStandards
+import Amazonka.SecurityHub.DescribeStandardsControls
+import Amazonka.SecurityHub.DisableImportFindingsForProduct
+import Amazonka.SecurityHub.DisableOrganizationAdminAccount
+import Amazonka.SecurityHub.DisableSecurityHub
+import Amazonka.SecurityHub.DisassociateFromAdministratorAccount
+import Amazonka.SecurityHub.DisassociateMembers
+import Amazonka.SecurityHub.EnableImportFindingsForProduct
+import Amazonka.SecurityHub.EnableOrganizationAdminAccount
+import Amazonka.SecurityHub.EnableSecurityHub
+import Amazonka.SecurityHub.GetAdministratorAccount
+import Amazonka.SecurityHub.GetEnabledStandards
+import Amazonka.SecurityHub.GetFindingAggregator
+import Amazonka.SecurityHub.GetFindings
+import Amazonka.SecurityHub.GetInsightResults
+import Amazonka.SecurityHub.GetInsights
+import Amazonka.SecurityHub.GetInvitationsCount
+import Amazonka.SecurityHub.GetMembers
+import Amazonka.SecurityHub.InviteMembers
+import Amazonka.SecurityHub.ListEnabledProductsForImport
+import Amazonka.SecurityHub.ListFindingAggregators
+import Amazonka.SecurityHub.ListInvitations
+import Amazonka.SecurityHub.ListMembers
+import Amazonka.SecurityHub.ListOrganizationAdminAccounts
+import Amazonka.SecurityHub.ListTagsForResource
+import Amazonka.SecurityHub.TagResource
+import Amazonka.SecurityHub.Types.AccountDetails
+import Amazonka.SecurityHub.Types.Action
+import Amazonka.SecurityHub.Types.ActionLocalIpDetails
+import Amazonka.SecurityHub.Types.ActionLocalPortDetails
+import Amazonka.SecurityHub.Types.ActionRemoteIpDetails
+import Amazonka.SecurityHub.Types.ActionRemotePortDetails
+import Amazonka.SecurityHub.Types.ActionTarget
+import Amazonka.SecurityHub.Types.Adjustment
+import Amazonka.SecurityHub.Types.AdminAccount
+import Amazonka.SecurityHub.Types.AvailabilityZone
+import Amazonka.SecurityHub.Types.AwsApiCallAction
+import Amazonka.SecurityHub.Types.AwsApiCallActionDomainDetails
+import Amazonka.SecurityHub.Types.AwsApiGatewayAccessLogSettings
+import Amazonka.SecurityHub.Types.AwsApiGatewayCanarySettings
+import Amazonka.SecurityHub.Types.AwsApiGatewayEndpointConfiguration
+import Amazonka.SecurityHub.Types.AwsApiGatewayMethodSettings
+import Amazonka.SecurityHub.Types.AwsApiGatewayRestApiDetails
+import Amazonka.SecurityHub.Types.AwsApiGatewayStageDetails
+import Amazonka.SecurityHub.Types.AwsApiGatewayV2ApiDetails
+import Amazonka.SecurityHub.Types.AwsApiGatewayV2RouteSettings
+import Amazonka.SecurityHub.Types.AwsApiGatewayV2StageDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationMetadataOptions
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanAdvancedBackupSettingsDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanBackupPlanDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanLifecycleDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanRuleCopyActionsDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanRuleDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupVaultDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupVaultNotificationsDetails
+import Amazonka.SecurityHub.Types.AwsBackupRecoveryPointCalculatedLifecycleDetails
+import Amazonka.SecurityHub.Types.AwsBackupRecoveryPointCreatedByDetails
+import Amazonka.SecurityHub.Types.AwsBackupRecoveryPointDetails
+import Amazonka.SecurityHub.Types.AwsBackupRecoveryPointLifecycleDetails
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateDetails
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateDomainValidationOption
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateExtendedKeyUsage
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateKeyUsage
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateOptions
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateRenewalSummary
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateResourceRecord
+import Amazonka.SecurityHub.Types.AwsCloudFormationStackDetails
+import Amazonka.SecurityHub.Types.AwsCloudFormationStackDriftInformationDetails
+import Amazonka.SecurityHub.Types.AwsCloudFormationStackOutputsDetails
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionCacheBehavior
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionCacheBehaviors
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionDefaultCacheBehavior
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionDetails
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionLogging
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginCustomOriginConfig
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroup
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroupFailover
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroupFailoverStatusCodes
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroups
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginItem
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginS3OriginConfig
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginSslProtocols
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOrigins
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionViewerCertificate
+import Amazonka.SecurityHub.Types.AwsCloudTrailTrailDetails
+import Amazonka.SecurityHub.Types.AwsCloudWatchAlarmDetails
+import Amazonka.SecurityHub.Types.AwsCloudWatchAlarmDimensionsDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectArtifactsDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironment
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironmentRegistryCredential
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigS3LogsDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectSource
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectVpcConfig
+import Amazonka.SecurityHub.Types.AwsCorsConfiguration
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableAttributeDefinition
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableBillingModeSummary
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableDetails
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableGlobalSecondaryIndex
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableKeySchema
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableLocalSecondaryIndex
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableProjection
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableProvisionedThroughput
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableProvisionedThroughputOverride
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableReplica
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableReplicaGlobalSecondaryIndex
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableRestoreSummary
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableSseDescription
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableStreamSpecification
+import Amazonka.SecurityHub.Types.AwsEc2EipDetails
+import Amazonka.SecurityHub.Types.AwsEc2InstanceDetails
+import Amazonka.SecurityHub.Types.AwsEc2InstanceMetadataOptions
+import Amazonka.SecurityHub.Types.AwsEc2InstanceNetworkInterfacesDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCpuOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCreditSpecificationDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataEnclaveOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataHibernationOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataIamInstanceProfileDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataLicenseSetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMaintenanceOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMetadataOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMonitoringDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataPlacementDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDetails
+import Amazonka.SecurityHub.Types.AwsEc2NetworkAclAssociation
+import Amazonka.SecurityHub.Types.AwsEc2NetworkAclDetails
+import Amazonka.SecurityHub.Types.AwsEc2NetworkAclEntry
+import Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceAttachment
+import Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceDetails
+import Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceIpV6AddressDetail
+import Amazonka.SecurityHub.Types.AwsEc2NetworkInterfacePrivateIpAddressDetail
+import Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceSecurityGroup
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupDetails
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpPermission
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpRange
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpv6Range
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupPrefixListId
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupUserIdGroupPair
+import Amazonka.SecurityHub.Types.AwsEc2SubnetDetails
+import Amazonka.SecurityHub.Types.AwsEc2TransitGatewayDetails
+import Amazonka.SecurityHub.Types.AwsEc2VolumeAttachment
+import Amazonka.SecurityHub.Types.AwsEc2VolumeDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcEndpointServiceDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcEndpointServiceServiceTypeDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionStatusDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionVpcInfoDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpnConnectionDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpnConnectionOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpnConnectionOptionsTunnelOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpnConnectionRoutesDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpnConnectionVgwTelemetryDetails
+import Amazonka.SecurityHub.Types.AwsEcrContainerImageDetails
+import Amazonka.SecurityHub.Types.AwsEcrRepositoryDetails
+import Amazonka.SecurityHub.Types.AwsEcrRepositoryImageScanningConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcrRepositoryLifecyclePolicyDetails
+import Amazonka.SecurityHub.Types.AwsEcsClusterClusterSettingsDetails
+import Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationExecuteCommandConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsClusterDefaultCapacityProviderStrategyDetails
+import Amazonka.SecurityHub.Types.AwsEcsClusterDetails
+import Amazonka.SecurityHub.Types.AwsEcsContainerDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceCapacityProviderStrategyDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentControllerDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceLoadBalancersDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceNetworkConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsServicePlacementConstraintsDetails
+import Amazonka.SecurityHub.Types.AwsEcsServicePlacementStrategiesDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceServiceRegistriesDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionInferenceAcceleratorsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionPlacementConstraintsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionProxyConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesHostDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskVolumeDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskVolumeHostDetails
+import Amazonka.SecurityHub.Types.AwsEfsAccessPointDetails
+import Amazonka.SecurityHub.Types.AwsEfsAccessPointPosixUserDetails
+import Amazonka.SecurityHub.Types.AwsEfsAccessPointRootDirectoryCreationInfoDetails
+import Amazonka.SecurityHub.Types.AwsEfsAccessPointRootDirectoryDetails
+import Amazonka.SecurityHub.Types.AwsEksClusterDetails
+import Amazonka.SecurityHub.Types.AwsEksClusterLoggingClusterLoggingDetails
+import Amazonka.SecurityHub.Types.AwsEksClusterLoggingDetails
+import Amazonka.SecurityHub.Types.AwsEksClusterResourcesVpcConfigDetails
+import Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentDetails
+import Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentEnvironmentLink
+import Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentOptionSetting
+import Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentTier
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainDetails
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainDomainEndpointOptions
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainElasticsearchClusterConfigDetails
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainEncryptionAtRestOptions
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainLogPublishingOptions
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainLogPublishingOptionsLogConfig
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainNodeToNodeEncryptionOptions
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainServiceSoftwareOptions
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainVPCOptions
+import Amazonka.SecurityHub.Types.AwsElbAppCookieStickinessPolicy
+import Amazonka.SecurityHub.Types.AwsElbLbCookieStickinessPolicy
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerAccessLog
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerAdditionalAttribute
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerAttributes
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerBackendServerDescription
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerConnectionDraining
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerConnectionSettings
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerCrossZoneLoadBalancing
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerDetails
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerHealthCheck
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerInstance
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerListener
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerListenerDescription
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerPolicies
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerSourceSecurityGroup
+import Amazonka.SecurityHub.Types.AwsElbv2LoadBalancerAttribute
+import Amazonka.SecurityHub.Types.AwsElbv2LoadBalancerDetails
+import Amazonka.SecurityHub.Types.AwsIamAccessKeyDetails
+import Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContext
+import Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContextAttributes
+import Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContextSessionIssuer
+import Amazonka.SecurityHub.Types.AwsIamAttachedManagedPolicy
+import Amazonka.SecurityHub.Types.AwsIamGroupDetails
+import Amazonka.SecurityHub.Types.AwsIamGroupPolicy
+import Amazonka.SecurityHub.Types.AwsIamInstanceProfile
+import Amazonka.SecurityHub.Types.AwsIamInstanceProfileRole
+import Amazonka.SecurityHub.Types.AwsIamPermissionsBoundary
+import Amazonka.SecurityHub.Types.AwsIamPolicyDetails
+import Amazonka.SecurityHub.Types.AwsIamPolicyVersion
+import Amazonka.SecurityHub.Types.AwsIamRoleDetails
+import Amazonka.SecurityHub.Types.AwsIamRolePolicy
+import Amazonka.SecurityHub.Types.AwsIamUserDetails
+import Amazonka.SecurityHub.Types.AwsIamUserPolicy
+import Amazonka.SecurityHub.Types.AwsKinesisStreamDetails
+import Amazonka.SecurityHub.Types.AwsKinesisStreamStreamEncryptionDetails
+import Amazonka.SecurityHub.Types.AwsKmsKeyDetails
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionCode
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionDeadLetterConfig
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionDetails
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionEnvironment
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionEnvironmentError
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionLayer
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionTracingConfig
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionVpcConfig
+import Amazonka.SecurityHub.Types.AwsLambdaLayerVersionDetails
+import Amazonka.SecurityHub.Types.AwsMountPoint
+import Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallDetails
+import Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallPolicyDetails
+import Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallSubnetMappingsDetails
+import Amazonka.SecurityHub.Types.AwsNetworkFirewallRuleGroupDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainClusterConfigDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainDomainEndpointOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainLogPublishingOption
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainLogPublishingOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainMasterUserOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainVpcOptionsDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbClusterAssociatedRole
+import Amazonka.SecurityHub.Types.AwsRdsDbClusterDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbClusterMember
+import Amazonka.SecurityHub.Types.AwsRdsDbClusterOptionGroupMembership
+import Amazonka.SecurityHub.Types.AwsRdsDbClusterSnapshotDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbDomainMembership
+import Amazonka.SecurityHub.Types.AwsRdsDbInstanceAssociatedRole
+import Amazonka.SecurityHub.Types.AwsRdsDbInstanceDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbInstanceEndpoint
+import Amazonka.SecurityHub.Types.AwsRdsDbInstanceVpcSecurityGroup
+import Amazonka.SecurityHub.Types.AwsRdsDbOptionGroupMembership
+import Amazonka.SecurityHub.Types.AwsRdsDbParameterGroup
+import Amazonka.SecurityHub.Types.AwsRdsDbPendingModifiedValues
+import Amazonka.SecurityHub.Types.AwsRdsDbProcessorFeature
+import Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupEc2SecurityGroup
+import Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupIpRange
+import Amazonka.SecurityHub.Types.AwsRdsDbSnapshotDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbStatusInfo
+import Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroup
+import Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroupSubnet
+import Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroupSubnetAvailabilityZone
+import Amazonka.SecurityHub.Types.AwsRdsEventSubscriptionDetails
+import Amazonka.SecurityHub.Types.AwsRdsPendingCloudWatchLogsExports
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterNode
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterParameterGroup
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterParameterStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterSecurityGroup
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterSnapshotCopyStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterDeferredMaintenanceWindow
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterDetails
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterElasticIpStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterEndpoint
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterHsmStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterIamRole
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterLoggingStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterPendingModifiedValues
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterResizeInfo
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterRestoreStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterVpcSecurityGroup
+import Amazonka.SecurityHub.Types.AwsS3AccountPublicAccessBlockDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketVersioningConfiguration
+import Amazonka.SecurityHub.Types.AwsS3BucketDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketLoggingConfiguration
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfiguration
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationDetail
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationFilter
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilter
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilterRule
+import Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionByDefault
+import Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionConfiguration
+import Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionRule
+import Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfiguration
+import Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRedirectTo
+import Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRule
+import Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRuleCondition
+import Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRuleRedirect
+import Amazonka.SecurityHub.Types.AwsS3ObjectDetails
+import Amazonka.SecurityHub.Types.AwsSageMakerNotebookInstanceDetails
+import Amazonka.SecurityHub.Types.AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsSecretsManagerSecretDetails
+import Amazonka.SecurityHub.Types.AwsSecretsManagerSecretRotationRules
+import Amazonka.SecurityHub.Types.AwsSecurityFinding
+import Amazonka.SecurityHub.Types.AwsSecurityFindingFilters
+import Amazonka.SecurityHub.Types.AwsSecurityFindingIdentifier
+import Amazonka.SecurityHub.Types.AwsSnsTopicDetails
+import Amazonka.SecurityHub.Types.AwsSnsTopicSubscription
+import Amazonka.SecurityHub.Types.AwsSqsQueueDetails
+import Amazonka.SecurityHub.Types.AwsSsmComplianceSummary
+import Amazonka.SecurityHub.Types.AwsSsmPatch
+import Amazonka.SecurityHub.Types.AwsSsmPatchComplianceDetails
+import Amazonka.SecurityHub.Types.AwsWafRateBasedRuleDetails
+import Amazonka.SecurityHub.Types.AwsWafRateBasedRuleMatchPredicate
+import Amazonka.SecurityHub.Types.AwsWafRegionalRateBasedRuleDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalRateBasedRuleMatchPredicate
+import Amazonka.SecurityHub.Types.AwsWafRegionalRuleDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupRulesActionDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupRulesDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalRulePredicateListDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalWebAclDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListActionDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListOverrideActionDetails
+import Amazonka.SecurityHub.Types.AwsWafRuleDetails
+import Amazonka.SecurityHub.Types.AwsWafRuleGroupDetails
+import Amazonka.SecurityHub.Types.AwsWafRuleGroupRulesActionDetails
+import Amazonka.SecurityHub.Types.AwsWafRuleGroupRulesDetails
+import Amazonka.SecurityHub.Types.AwsWafRulePredicateListDetails
+import Amazonka.SecurityHub.Types.AwsWafWebAclDetails
+import Amazonka.SecurityHub.Types.AwsWafWebAclRule
+import Amazonka.SecurityHub.Types.AwsWafv2ActionAllowDetails
+import Amazonka.SecurityHub.Types.AwsWafv2ActionBlockDetails
+import Amazonka.SecurityHub.Types.AwsWafv2CustomHttpHeader
+import Amazonka.SecurityHub.Types.AwsWafv2CustomRequestHandlingDetails
+import Amazonka.SecurityHub.Types.AwsWafv2CustomResponseDetails
+import Amazonka.SecurityHub.Types.AwsWafv2RuleGroupDetails
+import Amazonka.SecurityHub.Types.AwsWafv2RulesActionCaptchaDetails
+import Amazonka.SecurityHub.Types.AwsWafv2RulesActionCountDetails
+import Amazonka.SecurityHub.Types.AwsWafv2RulesActionDetails
+import Amazonka.SecurityHub.Types.AwsWafv2RulesDetails
+import Amazonka.SecurityHub.Types.AwsWafv2VisibilityConfigDetails
+import Amazonka.SecurityHub.Types.AwsWafv2WebAclActionDetails
+import Amazonka.SecurityHub.Types.AwsWafv2WebAclCaptchaConfigDetails
+import Amazonka.SecurityHub.Types.AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails
+import Amazonka.SecurityHub.Types.AwsWafv2WebAclDetails
+import Amazonka.SecurityHub.Types.AwsXrayEncryptionConfigDetails
+import Amazonka.SecurityHub.Types.BatchUpdateFindingsUnprocessedFinding
+import Amazonka.SecurityHub.Types.BooleanFilter
+import Amazonka.SecurityHub.Types.Cell
+import Amazonka.SecurityHub.Types.CidrBlockAssociation
+import Amazonka.SecurityHub.Types.City
+import Amazonka.SecurityHub.Types.ClassificationResult
+import Amazonka.SecurityHub.Types.ClassificationStatus
+import Amazonka.SecurityHub.Types.Compliance
+import Amazonka.SecurityHub.Types.ContainerDetails
+import Amazonka.SecurityHub.Types.Country
+import Amazonka.SecurityHub.Types.CustomDataIdentifiersDetections
+import Amazonka.SecurityHub.Types.CustomDataIdentifiersResult
+import Amazonka.SecurityHub.Types.Cvss
+import Amazonka.SecurityHub.Types.DataClassificationDetails
+import Amazonka.SecurityHub.Types.DateFilter
+import Amazonka.SecurityHub.Types.DateRange
+import Amazonka.SecurityHub.Types.DnsRequestAction
+import Amazonka.SecurityHub.Types.FilePaths
+import Amazonka.SecurityHub.Types.FindingAggregator
+import Amazonka.SecurityHub.Types.FindingProviderFields
+import Amazonka.SecurityHub.Types.FindingProviderSeverity
+import Amazonka.SecurityHub.Types.FirewallPolicyDetails
+import Amazonka.SecurityHub.Types.FirewallPolicyStatefulRuleGroupReferencesDetails
+import Amazonka.SecurityHub.Types.FirewallPolicyStatelessCustomActionsDetails
+import Amazonka.SecurityHub.Types.FirewallPolicyStatelessRuleGroupReferencesDetails
+import Amazonka.SecurityHub.Types.GeoLocation
+import Amazonka.SecurityHub.Types.IcmpTypeCode
+import Amazonka.SecurityHub.Types.ImportFindingsError
+import Amazonka.SecurityHub.Types.Insight
+import Amazonka.SecurityHub.Types.InsightResultValue
+import Amazonka.SecurityHub.Types.InsightResults
+import Amazonka.SecurityHub.Types.Invitation
+import Amazonka.SecurityHub.Types.IpFilter
+import Amazonka.SecurityHub.Types.IpOrganizationDetails
+import Amazonka.SecurityHub.Types.Ipv6CidrBlockAssociation
+import Amazonka.SecurityHub.Types.KeywordFilter
+import Amazonka.SecurityHub.Types.LoadBalancerState
+import Amazonka.SecurityHub.Types.Malware
+import Amazonka.SecurityHub.Types.MapFilter
+import Amazonka.SecurityHub.Types.Member
+import Amazonka.SecurityHub.Types.Network
+import Amazonka.SecurityHub.Types.NetworkConnectionAction
+import Amazonka.SecurityHub.Types.NetworkHeader
+import Amazonka.SecurityHub.Types.NetworkPathComponent
+import Amazonka.SecurityHub.Types.NetworkPathComponentDetails
+import Amazonka.SecurityHub.Types.Note
+import Amazonka.SecurityHub.Types.NoteUpdate
+import Amazonka.SecurityHub.Types.NumberFilter
+import Amazonka.SecurityHub.Types.Occurrences
+import Amazonka.SecurityHub.Types.Page
+import Amazonka.SecurityHub.Types.PatchSummary
+import Amazonka.SecurityHub.Types.PortProbeAction
+import Amazonka.SecurityHub.Types.PortProbeDetail
+import Amazonka.SecurityHub.Types.PortRange
+import Amazonka.SecurityHub.Types.PortRangeFromTo
+import Amazonka.SecurityHub.Types.ProcessDetails
+import Amazonka.SecurityHub.Types.Product
+import Amazonka.SecurityHub.Types.Range
+import Amazonka.SecurityHub.Types.Recommendation
+import Amazonka.SecurityHub.Types.Record
+import Amazonka.SecurityHub.Types.RelatedFinding
+import Amazonka.SecurityHub.Types.Remediation
+import Amazonka.SecurityHub.Types.Resource
+import Amazonka.SecurityHub.Types.ResourceDetails
+import Amazonka.SecurityHub.Types.Result
+import Amazonka.SecurityHub.Types.RuleGroupDetails
+import Amazonka.SecurityHub.Types.RuleGroupSource
+import Amazonka.SecurityHub.Types.RuleGroupSourceCustomActionsDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceListDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesHeaderDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesOptionsDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleDefinition
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributes
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesDestinations
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesSources
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRulesAndCustomActionsDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRulesDetails
+import Amazonka.SecurityHub.Types.RuleGroupVariables
+import Amazonka.SecurityHub.Types.RuleGroupVariablesIpSetsDetails
+import Amazonka.SecurityHub.Types.RuleGroupVariablesPortSetsDetails
+import Amazonka.SecurityHub.Types.SensitiveDataDetections
+import Amazonka.SecurityHub.Types.SensitiveDataResult
+import Amazonka.SecurityHub.Types.Severity
+import Amazonka.SecurityHub.Types.SeverityUpdate
+import Amazonka.SecurityHub.Types.SoftwarePackage
+import Amazonka.SecurityHub.Types.SortCriterion
+import Amazonka.SecurityHub.Types.Standard
+import Amazonka.SecurityHub.Types.StandardsControl
+import Amazonka.SecurityHub.Types.StandardsManagedBy
+import Amazonka.SecurityHub.Types.StandardsStatusReason
+import Amazonka.SecurityHub.Types.StandardsSubscription
+import Amazonka.SecurityHub.Types.StandardsSubscriptionRequest
+import Amazonka.SecurityHub.Types.StatelessCustomActionDefinition
+import Amazonka.SecurityHub.Types.StatelessCustomPublishMetricAction
+import Amazonka.SecurityHub.Types.StatelessCustomPublishMetricActionDimension
+import Amazonka.SecurityHub.Types.StatusReason
+import Amazonka.SecurityHub.Types.StringFilter
+import Amazonka.SecurityHub.Types.Threat
+import Amazonka.SecurityHub.Types.ThreatIntelIndicator
+import Amazonka.SecurityHub.Types.VolumeMount
+import Amazonka.SecurityHub.Types.VpcInfoCidrBlockSetDetails
+import Amazonka.SecurityHub.Types.VpcInfoIpv6CidrBlockSetDetails
+import Amazonka.SecurityHub.Types.VpcInfoPeeringOptionsDetails
+import Amazonka.SecurityHub.Types.Vulnerability
+import Amazonka.SecurityHub.Types.VulnerabilityVendor
+import Amazonka.SecurityHub.Types.WafAction
+import Amazonka.SecurityHub.Types.WafExcludedRule
+import Amazonka.SecurityHub.Types.WafOverrideAction
+import Amazonka.SecurityHub.Types.Workflow
+import Amazonka.SecurityHub.Types.WorkflowUpdate
+import Amazonka.SecurityHub.UntagResource
+import Amazonka.SecurityHub.UpdateActionTarget
+import Amazonka.SecurityHub.UpdateFindingAggregator
+import Amazonka.SecurityHub.UpdateFindings
+import Amazonka.SecurityHub.UpdateInsight
+import Amazonka.SecurityHub.UpdateOrganizationConfiguration
+import Amazonka.SecurityHub.UpdateSecurityHubConfiguration
+import Amazonka.SecurityHub.UpdateStandardsControl
diff --git a/gen/Amazonka/SecurityHub/ListEnabledProductsForImport.hs b/gen/Amazonka/SecurityHub/ListEnabledProductsForImport.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/ListEnabledProductsForImport.hs
@@ -0,0 +1,244 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.ListEnabledProductsForImport
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists all findings-generating solutions (products) that you are
+-- subscribed to receive findings from in Security Hub.
+--
+-- This operation returns paginated results.
+module Amazonka.SecurityHub.ListEnabledProductsForImport
+  ( -- * Creating a Request
+    ListEnabledProductsForImport (..),
+    newListEnabledProductsForImport,
+
+    -- * Request Lenses
+    listEnabledProductsForImport_maxResults,
+    listEnabledProductsForImport_nextToken,
+
+    -- * Destructuring the Response
+    ListEnabledProductsForImportResponse (..),
+    newListEnabledProductsForImportResponse,
+
+    -- * Response Lenses
+    listEnabledProductsForImportResponse_nextToken,
+    listEnabledProductsForImportResponse_productSubscriptions,
+    listEnabledProductsForImportResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newListEnabledProductsForImport' smart constructor.
+data ListEnabledProductsForImport = ListEnabledProductsForImport'
+  { -- | The maximum number of items to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The token that is required for pagination. On your first call to the
+    -- @ListEnabledProductsForImport@ operation, set the value of this
+    -- parameter to @NULL@.
+    --
+    -- For subsequent calls to the operation, to continue listing data, set the
+    -- value of this parameter to the value returned from the previous
+    -- response.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListEnabledProductsForImport' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listEnabledProductsForImport_maxResults' - The maximum number of items to return in the response.
+--
+-- 'nextToken', 'listEnabledProductsForImport_nextToken' - The token that is required for pagination. On your first call to the
+-- @ListEnabledProductsForImport@ operation, set the value of this
+-- parameter to @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+newListEnabledProductsForImport ::
+  ListEnabledProductsForImport
+newListEnabledProductsForImport =
+  ListEnabledProductsForImport'
+    { maxResults =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | The maximum number of items to return in the response.
+listEnabledProductsForImport_maxResults :: Lens.Lens' ListEnabledProductsForImport (Prelude.Maybe Prelude.Natural)
+listEnabledProductsForImport_maxResults = Lens.lens (\ListEnabledProductsForImport' {maxResults} -> maxResults) (\s@ListEnabledProductsForImport' {} a -> s {maxResults = a} :: ListEnabledProductsForImport)
+
+-- | The token that is required for pagination. On your first call to the
+-- @ListEnabledProductsForImport@ operation, set the value of this
+-- parameter to @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+listEnabledProductsForImport_nextToken :: Lens.Lens' ListEnabledProductsForImport (Prelude.Maybe Prelude.Text)
+listEnabledProductsForImport_nextToken = Lens.lens (\ListEnabledProductsForImport' {nextToken} -> nextToken) (\s@ListEnabledProductsForImport' {} a -> s {nextToken = a} :: ListEnabledProductsForImport)
+
+instance Core.AWSPager ListEnabledProductsForImport where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listEnabledProductsForImportResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listEnabledProductsForImportResponse_productSubscriptions
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listEnabledProductsForImport_nextToken
+          Lens..~ rs
+          Lens.^? listEnabledProductsForImportResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListEnabledProductsForImport where
+  type
+    AWSResponse ListEnabledProductsForImport =
+      ListEnabledProductsForImportResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListEnabledProductsForImportResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> ( x
+                            Data..?> "ProductSubscriptions"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListEnabledProductsForImport
+  where
+  hashWithSalt _salt ListEnabledProductsForImport' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListEnabledProductsForImport where
+  rnf ListEnabledProductsForImport' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListEnabledProductsForImport where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListEnabledProductsForImport where
+  toPath = Prelude.const "/productSubscriptions"
+
+instance Data.ToQuery ListEnabledProductsForImport where
+  toQuery ListEnabledProductsForImport' {..} =
+    Prelude.mconcat
+      [ "MaxResults" Data.=: maxResults,
+        "NextToken" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newListEnabledProductsForImportResponse' smart constructor.
+data ListEnabledProductsForImportResponse = ListEnabledProductsForImportResponse'
+  { -- | The pagination token to use to request the next page of results.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The list of ARNs for the resources that represent your subscriptions to
+    -- products.
+    productSubscriptions :: Prelude.Maybe [Prelude.Text],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListEnabledProductsForImportResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listEnabledProductsForImportResponse_nextToken' - The pagination token to use to request the next page of results.
+--
+-- 'productSubscriptions', 'listEnabledProductsForImportResponse_productSubscriptions' - The list of ARNs for the resources that represent your subscriptions to
+-- products.
+--
+-- 'httpStatus', 'listEnabledProductsForImportResponse_httpStatus' - The response's http status code.
+newListEnabledProductsForImportResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListEnabledProductsForImportResponse
+newListEnabledProductsForImportResponse pHttpStatus_ =
+  ListEnabledProductsForImportResponse'
+    { nextToken =
+        Prelude.Nothing,
+      productSubscriptions =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The pagination token to use to request the next page of results.
+listEnabledProductsForImportResponse_nextToken :: Lens.Lens' ListEnabledProductsForImportResponse (Prelude.Maybe Prelude.Text)
+listEnabledProductsForImportResponse_nextToken = Lens.lens (\ListEnabledProductsForImportResponse' {nextToken} -> nextToken) (\s@ListEnabledProductsForImportResponse' {} a -> s {nextToken = a} :: ListEnabledProductsForImportResponse)
+
+-- | The list of ARNs for the resources that represent your subscriptions to
+-- products.
+listEnabledProductsForImportResponse_productSubscriptions :: Lens.Lens' ListEnabledProductsForImportResponse (Prelude.Maybe [Prelude.Text])
+listEnabledProductsForImportResponse_productSubscriptions = Lens.lens (\ListEnabledProductsForImportResponse' {productSubscriptions} -> productSubscriptions) (\s@ListEnabledProductsForImportResponse' {} a -> s {productSubscriptions = a} :: ListEnabledProductsForImportResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listEnabledProductsForImportResponse_httpStatus :: Lens.Lens' ListEnabledProductsForImportResponse Prelude.Int
+listEnabledProductsForImportResponse_httpStatus = Lens.lens (\ListEnabledProductsForImportResponse' {httpStatus} -> httpStatus) (\s@ListEnabledProductsForImportResponse' {} a -> s {httpStatus = a} :: ListEnabledProductsForImportResponse)
+
+instance
+  Prelude.NFData
+    ListEnabledProductsForImportResponse
+  where
+  rnf ListEnabledProductsForImportResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf productSubscriptions
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/ListFindingAggregators.hs b/gen/Amazonka/SecurityHub/ListFindingAggregators.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/ListFindingAggregators.hs
@@ -0,0 +1,238 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.ListFindingAggregators
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- If finding aggregation is enabled, then @ListFindingAggregators@ returns
+-- the ARN of the finding aggregator. You can run this operation from any
+-- Region.
+--
+-- This operation returns paginated results.
+module Amazonka.SecurityHub.ListFindingAggregators
+  ( -- * Creating a Request
+    ListFindingAggregators (..),
+    newListFindingAggregators,
+
+    -- * Request Lenses
+    listFindingAggregators_maxResults,
+    listFindingAggregators_nextToken,
+
+    -- * Destructuring the Response
+    ListFindingAggregatorsResponse (..),
+    newListFindingAggregatorsResponse,
+
+    -- * Response Lenses
+    listFindingAggregatorsResponse_findingAggregators,
+    listFindingAggregatorsResponse_nextToken,
+    listFindingAggregatorsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newListFindingAggregators' smart constructor.
+data ListFindingAggregators = ListFindingAggregators'
+  { -- | The maximum number of results to return. This operation currently only
+    -- returns a single result.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The token returned with the previous set of results. Identifies the next
+    -- set of results to return.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFindingAggregators' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listFindingAggregators_maxResults' - The maximum number of results to return. This operation currently only
+-- returns a single result.
+--
+-- 'nextToken', 'listFindingAggregators_nextToken' - The token returned with the previous set of results. Identifies the next
+-- set of results to return.
+newListFindingAggregators ::
+  ListFindingAggregators
+newListFindingAggregators =
+  ListFindingAggregators'
+    { maxResults =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | The maximum number of results to return. This operation currently only
+-- returns a single result.
+listFindingAggregators_maxResults :: Lens.Lens' ListFindingAggregators (Prelude.Maybe Prelude.Natural)
+listFindingAggregators_maxResults = Lens.lens (\ListFindingAggregators' {maxResults} -> maxResults) (\s@ListFindingAggregators' {} a -> s {maxResults = a} :: ListFindingAggregators)
+
+-- | The token returned with the previous set of results. Identifies the next
+-- set of results to return.
+listFindingAggregators_nextToken :: Lens.Lens' ListFindingAggregators (Prelude.Maybe Prelude.Text)
+listFindingAggregators_nextToken = Lens.lens (\ListFindingAggregators' {nextToken} -> nextToken) (\s@ListFindingAggregators' {} a -> s {nextToken = a} :: ListFindingAggregators)
+
+instance Core.AWSPager ListFindingAggregators where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listFindingAggregatorsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listFindingAggregatorsResponse_findingAggregators
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listFindingAggregators_nextToken
+          Lens..~ rs
+          Lens.^? listFindingAggregatorsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListFindingAggregators where
+  type
+    AWSResponse ListFindingAggregators =
+      ListFindingAggregatorsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListFindingAggregatorsResponse'
+            Prelude.<$> ( x
+                            Data..?> "FindingAggregators"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListFindingAggregators where
+  hashWithSalt _salt ListFindingAggregators' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListFindingAggregators where
+  rnf ListFindingAggregators' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListFindingAggregators where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListFindingAggregators where
+  toPath = Prelude.const "/findingAggregator/list"
+
+instance Data.ToQuery ListFindingAggregators where
+  toQuery ListFindingAggregators' {..} =
+    Prelude.mconcat
+      [ "MaxResults" Data.=: maxResults,
+        "NextToken" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newListFindingAggregatorsResponse' smart constructor.
+data ListFindingAggregatorsResponse = ListFindingAggregatorsResponse'
+  { -- | The list of finding aggregators. This operation currently only returns a
+    -- single result.
+    findingAggregators :: Prelude.Maybe [FindingAggregator],
+    -- | If there are more results, this is the token to provide in the next call
+    -- to @ListFindingAggregators@.
+    --
+    -- This operation currently only returns a single result.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFindingAggregatorsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'findingAggregators', 'listFindingAggregatorsResponse_findingAggregators' - The list of finding aggregators. This operation currently only returns a
+-- single result.
+--
+-- 'nextToken', 'listFindingAggregatorsResponse_nextToken' - If there are more results, this is the token to provide in the next call
+-- to @ListFindingAggregators@.
+--
+-- This operation currently only returns a single result.
+--
+-- 'httpStatus', 'listFindingAggregatorsResponse_httpStatus' - The response's http status code.
+newListFindingAggregatorsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListFindingAggregatorsResponse
+newListFindingAggregatorsResponse pHttpStatus_ =
+  ListFindingAggregatorsResponse'
+    { findingAggregators =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The list of finding aggregators. This operation currently only returns a
+-- single result.
+listFindingAggregatorsResponse_findingAggregators :: Lens.Lens' ListFindingAggregatorsResponse (Prelude.Maybe [FindingAggregator])
+listFindingAggregatorsResponse_findingAggregators = Lens.lens (\ListFindingAggregatorsResponse' {findingAggregators} -> findingAggregators) (\s@ListFindingAggregatorsResponse' {} a -> s {findingAggregators = a} :: ListFindingAggregatorsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | If there are more results, this is the token to provide in the next call
+-- to @ListFindingAggregators@.
+--
+-- This operation currently only returns a single result.
+listFindingAggregatorsResponse_nextToken :: Lens.Lens' ListFindingAggregatorsResponse (Prelude.Maybe Prelude.Text)
+listFindingAggregatorsResponse_nextToken = Lens.lens (\ListFindingAggregatorsResponse' {nextToken} -> nextToken) (\s@ListFindingAggregatorsResponse' {} a -> s {nextToken = a} :: ListFindingAggregatorsResponse)
+
+-- | The response's http status code.
+listFindingAggregatorsResponse_httpStatus :: Lens.Lens' ListFindingAggregatorsResponse Prelude.Int
+listFindingAggregatorsResponse_httpStatus = Lens.lens (\ListFindingAggregatorsResponse' {httpStatus} -> httpStatus) (\s@ListFindingAggregatorsResponse' {} a -> s {httpStatus = a} :: ListFindingAggregatorsResponse)
+
+instance
+  Prelude.NFData
+    ListFindingAggregatorsResponse
+  where
+  rnf ListFindingAggregatorsResponse' {..} =
+    Prelude.rnf findingAggregators
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/ListInvitations.hs b/gen/Amazonka/SecurityHub/ListInvitations.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/ListInvitations.hs
@@ -0,0 +1,231 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.ListInvitations
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists all Security Hub membership invitations that were sent to the
+-- current Amazon Web Services account.
+--
+-- This operation is only used by accounts that are managed by invitation.
+-- Accounts that are managed using the integration with Organizations do
+-- not receive invitations.
+--
+-- This operation returns paginated results.
+module Amazonka.SecurityHub.ListInvitations
+  ( -- * Creating a Request
+    ListInvitations (..),
+    newListInvitations,
+
+    -- * Request Lenses
+    listInvitations_maxResults,
+    listInvitations_nextToken,
+
+    -- * Destructuring the Response
+    ListInvitationsResponse (..),
+    newListInvitationsResponse,
+
+    -- * Response Lenses
+    listInvitationsResponse_invitations,
+    listInvitationsResponse_nextToken,
+    listInvitationsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newListInvitations' smart constructor.
+data ListInvitations = ListInvitations'
+  { -- | The maximum number of items to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The token that is required for pagination. On your first call to the
+    -- @ListInvitations@ operation, set the value of this parameter to @NULL@.
+    --
+    -- For subsequent calls to the operation, to continue listing data, set the
+    -- value of this parameter to the value returned from the previous
+    -- response.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListInvitations' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listInvitations_maxResults' - The maximum number of items to return in the response.
+--
+-- 'nextToken', 'listInvitations_nextToken' - The token that is required for pagination. On your first call to the
+-- @ListInvitations@ operation, set the value of this parameter to @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+newListInvitations ::
+  ListInvitations
+newListInvitations =
+  ListInvitations'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | The maximum number of items to return in the response.
+listInvitations_maxResults :: Lens.Lens' ListInvitations (Prelude.Maybe Prelude.Natural)
+listInvitations_maxResults = Lens.lens (\ListInvitations' {maxResults} -> maxResults) (\s@ListInvitations' {} a -> s {maxResults = a} :: ListInvitations)
+
+-- | The token that is required for pagination. On your first call to the
+-- @ListInvitations@ operation, set the value of this parameter to @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+listInvitations_nextToken :: Lens.Lens' ListInvitations (Prelude.Maybe Prelude.Text)
+listInvitations_nextToken = Lens.lens (\ListInvitations' {nextToken} -> nextToken) (\s@ListInvitations' {} a -> s {nextToken = a} :: ListInvitations)
+
+instance Core.AWSPager ListInvitations where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listInvitationsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listInvitationsResponse_invitations
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listInvitations_nextToken
+          Lens..~ rs
+          Lens.^? listInvitationsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListInvitations where
+  type
+    AWSResponse ListInvitations =
+      ListInvitationsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListInvitationsResponse'
+            Prelude.<$> (x Data..?> "Invitations" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListInvitations where
+  hashWithSalt _salt ListInvitations' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListInvitations where
+  rnf ListInvitations' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListInvitations where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListInvitations where
+  toPath = Prelude.const "/invitations"
+
+instance Data.ToQuery ListInvitations where
+  toQuery ListInvitations' {..} =
+    Prelude.mconcat
+      [ "MaxResults" Data.=: maxResults,
+        "NextToken" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newListInvitationsResponse' smart constructor.
+data ListInvitationsResponse = ListInvitationsResponse'
+  { -- | The details of the invitations returned by the operation.
+    invitations :: Prelude.Maybe [Invitation],
+    -- | The pagination token to use to request the next page of results.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListInvitationsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'invitations', 'listInvitationsResponse_invitations' - The details of the invitations returned by the operation.
+--
+-- 'nextToken', 'listInvitationsResponse_nextToken' - The pagination token to use to request the next page of results.
+--
+-- 'httpStatus', 'listInvitationsResponse_httpStatus' - The response's http status code.
+newListInvitationsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListInvitationsResponse
+newListInvitationsResponse pHttpStatus_ =
+  ListInvitationsResponse'
+    { invitations =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The details of the invitations returned by the operation.
+listInvitationsResponse_invitations :: Lens.Lens' ListInvitationsResponse (Prelude.Maybe [Invitation])
+listInvitationsResponse_invitations = Lens.lens (\ListInvitationsResponse' {invitations} -> invitations) (\s@ListInvitationsResponse' {} a -> s {invitations = a} :: ListInvitationsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The pagination token to use to request the next page of results.
+listInvitationsResponse_nextToken :: Lens.Lens' ListInvitationsResponse (Prelude.Maybe Prelude.Text)
+listInvitationsResponse_nextToken = Lens.lens (\ListInvitationsResponse' {nextToken} -> nextToken) (\s@ListInvitationsResponse' {} a -> s {nextToken = a} :: ListInvitationsResponse)
+
+-- | The response's http status code.
+listInvitationsResponse_httpStatus :: Lens.Lens' ListInvitationsResponse Prelude.Int
+listInvitationsResponse_httpStatus = Lens.lens (\ListInvitationsResponse' {httpStatus} -> httpStatus) (\s@ListInvitationsResponse' {} a -> s {httpStatus = a} :: ListInvitationsResponse)
+
+instance Prelude.NFData ListInvitationsResponse where
+  rnf ListInvitationsResponse' {..} =
+    Prelude.rnf invitations
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/ListMembers.hs b/gen/Amazonka/SecurityHub/ListMembers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/ListMembers.hs
@@ -0,0 +1,267 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.ListMembers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists details about all member accounts for the current Security Hub
+-- administrator account.
+--
+-- The results include both member accounts that belong to an organization
+-- and member accounts that were invited manually.
+--
+-- This operation returns paginated results.
+module Amazonka.SecurityHub.ListMembers
+  ( -- * Creating a Request
+    ListMembers (..),
+    newListMembers,
+
+    -- * Request Lenses
+    listMembers_maxResults,
+    listMembers_nextToken,
+    listMembers_onlyAssociated,
+
+    -- * Destructuring the Response
+    ListMembersResponse (..),
+    newListMembersResponse,
+
+    -- * Response Lenses
+    listMembersResponse_members,
+    listMembersResponse_nextToken,
+    listMembersResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newListMembers' smart constructor.
+data ListMembers = ListMembers'
+  { -- | The maximum number of items to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The token that is required for pagination. On your first call to the
+    -- @ListMembers@ operation, set the value of this parameter to @NULL@.
+    --
+    -- For subsequent calls to the operation, to continue listing data, set the
+    -- value of this parameter to the value returned from the previous
+    -- response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | Specifies which member accounts to include in the response based on
+    -- their relationship status with the administrator account. The default
+    -- value is @TRUE@.
+    --
+    -- If @OnlyAssociated@ is set to @TRUE@, the response includes member
+    -- accounts whose relationship status with the administrator account is set
+    -- to @ENABLED@.
+    --
+    -- If @OnlyAssociated@ is set to @FALSE@, the response includes all
+    -- existing member accounts.
+    onlyAssociated :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListMembers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listMembers_maxResults' - The maximum number of items to return in the response.
+--
+-- 'nextToken', 'listMembers_nextToken' - The token that is required for pagination. On your first call to the
+-- @ListMembers@ operation, set the value of this parameter to @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+--
+-- 'onlyAssociated', 'listMembers_onlyAssociated' - Specifies which member accounts to include in the response based on
+-- their relationship status with the administrator account. The default
+-- value is @TRUE@.
+--
+-- If @OnlyAssociated@ is set to @TRUE@, the response includes member
+-- accounts whose relationship status with the administrator account is set
+-- to @ENABLED@.
+--
+-- If @OnlyAssociated@ is set to @FALSE@, the response includes all
+-- existing member accounts.
+newListMembers ::
+  ListMembers
+newListMembers =
+  ListMembers'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      onlyAssociated = Prelude.Nothing
+    }
+
+-- | The maximum number of items to return in the response.
+listMembers_maxResults :: Lens.Lens' ListMembers (Prelude.Maybe Prelude.Natural)
+listMembers_maxResults = Lens.lens (\ListMembers' {maxResults} -> maxResults) (\s@ListMembers' {} a -> s {maxResults = a} :: ListMembers)
+
+-- | The token that is required for pagination. On your first call to the
+-- @ListMembers@ operation, set the value of this parameter to @NULL@.
+--
+-- For subsequent calls to the operation, to continue listing data, set the
+-- value of this parameter to the value returned from the previous
+-- response.
+listMembers_nextToken :: Lens.Lens' ListMembers (Prelude.Maybe Prelude.Text)
+listMembers_nextToken = Lens.lens (\ListMembers' {nextToken} -> nextToken) (\s@ListMembers' {} a -> s {nextToken = a} :: ListMembers)
+
+-- | Specifies which member accounts to include in the response based on
+-- their relationship status with the administrator account. The default
+-- value is @TRUE@.
+--
+-- If @OnlyAssociated@ is set to @TRUE@, the response includes member
+-- accounts whose relationship status with the administrator account is set
+-- to @ENABLED@.
+--
+-- If @OnlyAssociated@ is set to @FALSE@, the response includes all
+-- existing member accounts.
+listMembers_onlyAssociated :: Lens.Lens' ListMembers (Prelude.Maybe Prelude.Bool)
+listMembers_onlyAssociated = Lens.lens (\ListMembers' {onlyAssociated} -> onlyAssociated) (\s@ListMembers' {} a -> s {onlyAssociated = a} :: ListMembers)
+
+instance Core.AWSPager ListMembers where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listMembersResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listMembersResponse_members
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listMembers_nextToken
+          Lens..~ rs
+          Lens.^? listMembersResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListMembers where
+  type AWSResponse ListMembers = ListMembersResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListMembersResponse'
+            Prelude.<$> (x Data..?> "Members" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListMembers where
+  hashWithSalt _salt ListMembers' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` onlyAssociated
+
+instance Prelude.NFData ListMembers where
+  rnf ListMembers' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf onlyAssociated
+
+instance Data.ToHeaders ListMembers where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListMembers where
+  toPath = Prelude.const "/members"
+
+instance Data.ToQuery ListMembers where
+  toQuery ListMembers' {..} =
+    Prelude.mconcat
+      [ "MaxResults" Data.=: maxResults,
+        "NextToken" Data.=: nextToken,
+        "OnlyAssociated" Data.=: onlyAssociated
+      ]
+
+-- | /See:/ 'newListMembersResponse' smart constructor.
+data ListMembersResponse = ListMembersResponse'
+  { -- | Member details returned by the operation.
+    members :: Prelude.Maybe [Member],
+    -- | The pagination token to use to request the next page of results.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListMembersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'members', 'listMembersResponse_members' - Member details returned by the operation.
+--
+-- 'nextToken', 'listMembersResponse_nextToken' - The pagination token to use to request the next page of results.
+--
+-- 'httpStatus', 'listMembersResponse_httpStatus' - The response's http status code.
+newListMembersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListMembersResponse
+newListMembersResponse pHttpStatus_ =
+  ListMembersResponse'
+    { members = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Member details returned by the operation.
+listMembersResponse_members :: Lens.Lens' ListMembersResponse (Prelude.Maybe [Member])
+listMembersResponse_members = Lens.lens (\ListMembersResponse' {members} -> members) (\s@ListMembersResponse' {} a -> s {members = a} :: ListMembersResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The pagination token to use to request the next page of results.
+listMembersResponse_nextToken :: Lens.Lens' ListMembersResponse (Prelude.Maybe Prelude.Text)
+listMembersResponse_nextToken = Lens.lens (\ListMembersResponse' {nextToken} -> nextToken) (\s@ListMembersResponse' {} a -> s {nextToken = a} :: ListMembersResponse)
+
+-- | The response's http status code.
+listMembersResponse_httpStatus :: Lens.Lens' ListMembersResponse Prelude.Int
+listMembersResponse_httpStatus = Lens.lens (\ListMembersResponse' {httpStatus} -> httpStatus) (\s@ListMembersResponse' {} a -> s {httpStatus = a} :: ListMembersResponse)
+
+instance Prelude.NFData ListMembersResponse where
+  rnf ListMembersResponse' {..} =
+    Prelude.rnf members
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/ListOrganizationAdminAccounts.hs b/gen/Amazonka/SecurityHub/ListOrganizationAdminAccounts.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/ListOrganizationAdminAccounts.hs
@@ -0,0 +1,234 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.ListOrganizationAdminAccounts
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the Security Hub administrator accounts. Can only be called by the
+-- organization management account.
+--
+-- This operation returns paginated results.
+module Amazonka.SecurityHub.ListOrganizationAdminAccounts
+  ( -- * Creating a Request
+    ListOrganizationAdminAccounts (..),
+    newListOrganizationAdminAccounts,
+
+    -- * Request Lenses
+    listOrganizationAdminAccounts_maxResults,
+    listOrganizationAdminAccounts_nextToken,
+
+    -- * Destructuring the Response
+    ListOrganizationAdminAccountsResponse (..),
+    newListOrganizationAdminAccountsResponse,
+
+    -- * Response Lenses
+    listOrganizationAdminAccountsResponse_adminAccounts,
+    listOrganizationAdminAccountsResponse_nextToken,
+    listOrganizationAdminAccountsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newListOrganizationAdminAccounts' smart constructor.
+data ListOrganizationAdminAccounts = ListOrganizationAdminAccounts'
+  { -- | The maximum number of items to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The token that is required for pagination. On your first call to the
+    -- @ListOrganizationAdminAccounts@ operation, set the value of this
+    -- parameter to @NULL@. For subsequent calls to the operation, to continue
+    -- listing data, set the value of this parameter to the value returned from
+    -- the previous response.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListOrganizationAdminAccounts' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listOrganizationAdminAccounts_maxResults' - The maximum number of items to return in the response.
+--
+-- 'nextToken', 'listOrganizationAdminAccounts_nextToken' - The token that is required for pagination. On your first call to the
+-- @ListOrganizationAdminAccounts@ operation, set the value of this
+-- parameter to @NULL@. For subsequent calls to the operation, to continue
+-- listing data, set the value of this parameter to the value returned from
+-- the previous response.
+newListOrganizationAdminAccounts ::
+  ListOrganizationAdminAccounts
+newListOrganizationAdminAccounts =
+  ListOrganizationAdminAccounts'
+    { maxResults =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | The maximum number of items to return in the response.
+listOrganizationAdminAccounts_maxResults :: Lens.Lens' ListOrganizationAdminAccounts (Prelude.Maybe Prelude.Natural)
+listOrganizationAdminAccounts_maxResults = Lens.lens (\ListOrganizationAdminAccounts' {maxResults} -> maxResults) (\s@ListOrganizationAdminAccounts' {} a -> s {maxResults = a} :: ListOrganizationAdminAccounts)
+
+-- | The token that is required for pagination. On your first call to the
+-- @ListOrganizationAdminAccounts@ operation, set the value of this
+-- parameter to @NULL@. For subsequent calls to the operation, to continue
+-- listing data, set the value of this parameter to the value returned from
+-- the previous response.
+listOrganizationAdminAccounts_nextToken :: Lens.Lens' ListOrganizationAdminAccounts (Prelude.Maybe Prelude.Text)
+listOrganizationAdminAccounts_nextToken = Lens.lens (\ListOrganizationAdminAccounts' {nextToken} -> nextToken) (\s@ListOrganizationAdminAccounts' {} a -> s {nextToken = a} :: ListOrganizationAdminAccounts)
+
+instance Core.AWSPager ListOrganizationAdminAccounts where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listOrganizationAdminAccountsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listOrganizationAdminAccountsResponse_adminAccounts
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listOrganizationAdminAccounts_nextToken
+          Lens..~ rs
+          Lens.^? listOrganizationAdminAccountsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance
+  Core.AWSRequest
+    ListOrganizationAdminAccounts
+  where
+  type
+    AWSResponse ListOrganizationAdminAccounts =
+      ListOrganizationAdminAccountsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListOrganizationAdminAccountsResponse'
+            Prelude.<$> (x Data..?> "AdminAccounts" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListOrganizationAdminAccounts
+  where
+  hashWithSalt _salt ListOrganizationAdminAccounts' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListOrganizationAdminAccounts where
+  rnf ListOrganizationAdminAccounts' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListOrganizationAdminAccounts where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListOrganizationAdminAccounts where
+  toPath = Prelude.const "/organization/admin"
+
+instance Data.ToQuery ListOrganizationAdminAccounts where
+  toQuery ListOrganizationAdminAccounts' {..} =
+    Prelude.mconcat
+      [ "MaxResults" Data.=: maxResults,
+        "NextToken" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newListOrganizationAdminAccountsResponse' smart constructor.
+data ListOrganizationAdminAccountsResponse = ListOrganizationAdminAccountsResponse'
+  { -- | The list of Security Hub administrator accounts.
+    adminAccounts :: Prelude.Maybe [AdminAccount],
+    -- | The pagination token to use to request the next page of results.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListOrganizationAdminAccountsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'adminAccounts', 'listOrganizationAdminAccountsResponse_adminAccounts' - The list of Security Hub administrator accounts.
+--
+-- 'nextToken', 'listOrganizationAdminAccountsResponse_nextToken' - The pagination token to use to request the next page of results.
+--
+-- 'httpStatus', 'listOrganizationAdminAccountsResponse_httpStatus' - The response's http status code.
+newListOrganizationAdminAccountsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListOrganizationAdminAccountsResponse
+newListOrganizationAdminAccountsResponse pHttpStatus_ =
+  ListOrganizationAdminAccountsResponse'
+    { adminAccounts =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The list of Security Hub administrator accounts.
+listOrganizationAdminAccountsResponse_adminAccounts :: Lens.Lens' ListOrganizationAdminAccountsResponse (Prelude.Maybe [AdminAccount])
+listOrganizationAdminAccountsResponse_adminAccounts = Lens.lens (\ListOrganizationAdminAccountsResponse' {adminAccounts} -> adminAccounts) (\s@ListOrganizationAdminAccountsResponse' {} a -> s {adminAccounts = a} :: ListOrganizationAdminAccountsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The pagination token to use to request the next page of results.
+listOrganizationAdminAccountsResponse_nextToken :: Lens.Lens' ListOrganizationAdminAccountsResponse (Prelude.Maybe Prelude.Text)
+listOrganizationAdminAccountsResponse_nextToken = Lens.lens (\ListOrganizationAdminAccountsResponse' {nextToken} -> nextToken) (\s@ListOrganizationAdminAccountsResponse' {} a -> s {nextToken = a} :: ListOrganizationAdminAccountsResponse)
+
+-- | The response's http status code.
+listOrganizationAdminAccountsResponse_httpStatus :: Lens.Lens' ListOrganizationAdminAccountsResponse Prelude.Int
+listOrganizationAdminAccountsResponse_httpStatus = Lens.lens (\ListOrganizationAdminAccountsResponse' {httpStatus} -> httpStatus) (\s@ListOrganizationAdminAccountsResponse' {} a -> s {httpStatus = a} :: ListOrganizationAdminAccountsResponse)
+
+instance
+  Prelude.NFData
+    ListOrganizationAdminAccountsResponse
+  where
+  rnf ListOrganizationAdminAccountsResponse' {..} =
+    Prelude.rnf adminAccounts
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/ListTagsForResource.hs b/gen/Amazonka/SecurityHub/ListTagsForResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/ListTagsForResource.hs
@@ -0,0 +1,159 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.ListTagsForResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns a list of tags associated with a resource.
+module Amazonka.SecurityHub.ListTagsForResource
+  ( -- * Creating a Request
+    ListTagsForResource (..),
+    newListTagsForResource,
+
+    -- * Request Lenses
+    listTagsForResource_resourceArn,
+
+    -- * Destructuring the Response
+    ListTagsForResourceResponse (..),
+    newListTagsForResourceResponse,
+
+    -- * Response Lenses
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newListTagsForResource' smart constructor.
+data ListTagsForResource = ListTagsForResource'
+  { -- | The ARN of the resource to retrieve tags for.
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'listTagsForResource_resourceArn' - The ARN of the resource to retrieve tags for.
+newListTagsForResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  ListTagsForResource
+newListTagsForResource pResourceArn_ =
+  ListTagsForResource' {resourceArn = pResourceArn_}
+
+-- | The ARN of the resource to retrieve tags for.
+listTagsForResource_resourceArn :: Lens.Lens' ListTagsForResource Prelude.Text
+listTagsForResource_resourceArn = Lens.lens (\ListTagsForResource' {resourceArn} -> resourceArn) (\s@ListTagsForResource' {} a -> s {resourceArn = a} :: ListTagsForResource)
+
+instance Core.AWSRequest ListTagsForResource where
+  type
+    AWSResponse ListTagsForResource =
+      ListTagsForResourceResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListTagsForResourceResponse'
+            Prelude.<$> (x Data..?> "Tags" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListTagsForResource where
+  hashWithSalt _salt ListTagsForResource' {..} =
+    _salt `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData ListTagsForResource where
+  rnf ListTagsForResource' {..} =
+    Prelude.rnf resourceArn
+
+instance Data.ToHeaders ListTagsForResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListTagsForResource where
+  toPath ListTagsForResource' {..} =
+    Prelude.mconcat ["/tags/", Data.toBS resourceArn]
+
+instance Data.ToQuery ListTagsForResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListTagsForResourceResponse' smart constructor.
+data ListTagsForResourceResponse = ListTagsForResourceResponse'
+  { -- | The tags associated with a resource.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'tags', 'listTagsForResourceResponse_tags' - The tags associated with a resource.
+--
+-- 'httpStatus', 'listTagsForResourceResponse_httpStatus' - The response's http status code.
+newListTagsForResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListTagsForResourceResponse
+newListTagsForResourceResponse pHttpStatus_ =
+  ListTagsForResourceResponse'
+    { tags =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The tags associated with a resource.
+listTagsForResourceResponse_tags :: Lens.Lens' ListTagsForResourceResponse (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+listTagsForResourceResponse_tags = Lens.lens (\ListTagsForResourceResponse' {tags} -> tags) (\s@ListTagsForResourceResponse' {} a -> s {tags = a} :: ListTagsForResourceResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listTagsForResourceResponse_httpStatus :: Lens.Lens' ListTagsForResourceResponse Prelude.Int
+listTagsForResourceResponse_httpStatus = Lens.lens (\ListTagsForResourceResponse' {httpStatus} -> httpStatus) (\s@ListTagsForResourceResponse' {} a -> s {httpStatus = a} :: ListTagsForResourceResponse)
+
+instance Prelude.NFData ListTagsForResourceResponse where
+  rnf ListTagsForResourceResponse' {..} =
+    Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/TagResource.hs b/gen/Amazonka/SecurityHub/TagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/TagResource.hs
@@ -0,0 +1,169 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.TagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Adds one or more tags to a resource.
+module Amazonka.SecurityHub.TagResource
+  ( -- * Creating a Request
+    TagResource (..),
+    newTagResource,
+
+    -- * Request Lenses
+    tagResource_resourceArn,
+    tagResource_tags,
+
+    -- * Destructuring the Response
+    TagResourceResponse (..),
+    newTagResourceResponse,
+
+    -- * Response Lenses
+    tagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newTagResource' smart constructor.
+data TagResource = TagResource'
+  { -- | The ARN of the resource to apply the tags to.
+    resourceArn :: Prelude.Text,
+    -- | The tags to add to the resource. You can add up to 50 tags at a time.
+    -- The tag keys can be no longer than 128 characters. The tag values can be
+    -- no longer than 256 characters.
+    tags :: Prelude.HashMap Prelude.Text Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'tagResource_resourceArn' - The ARN of the resource to apply the tags to.
+--
+-- 'tags', 'tagResource_tags' - The tags to add to the resource. You can add up to 50 tags at a time.
+-- The tag keys can be no longer than 128 characters. The tag values can be
+-- no longer than 256 characters.
+newTagResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  TagResource
+newTagResource pResourceArn_ =
+  TagResource'
+    { resourceArn = pResourceArn_,
+      tags = Prelude.mempty
+    }
+
+-- | The ARN of the resource to apply the tags to.
+tagResource_resourceArn :: Lens.Lens' TagResource Prelude.Text
+tagResource_resourceArn = Lens.lens (\TagResource' {resourceArn} -> resourceArn) (\s@TagResource' {} a -> s {resourceArn = a} :: TagResource)
+
+-- | The tags to add to the resource. You can add up to 50 tags at a time.
+-- The tag keys can be no longer than 128 characters. The tag values can be
+-- no longer than 256 characters.
+tagResource_tags :: Lens.Lens' TagResource (Prelude.HashMap Prelude.Text Prelude.Text)
+tagResource_tags = Lens.lens (\TagResource' {tags} -> tags) (\s@TagResource' {} a -> s {tags = a} :: TagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest TagResource where
+  type AWSResponse TagResource = TagResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          TagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable TagResource where
+  hashWithSalt _salt TagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` tags
+
+instance Prelude.NFData TagResource where
+  rnf TagResource' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf tags
+
+instance Data.ToHeaders TagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON TagResource where
+  toJSON TagResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Tags" Data..= tags)]
+      )
+
+instance Data.ToPath TagResource where
+  toPath TagResource' {..} =
+    Prelude.mconcat ["/tags/", Data.toBS resourceArn]
+
+instance Data.ToQuery TagResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newTagResourceResponse' smart constructor.
+data TagResourceResponse = TagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'tagResourceResponse_httpStatus' - The response's http status code.
+newTagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  TagResourceResponse
+newTagResourceResponse pHttpStatus_ =
+  TagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+tagResourceResponse_httpStatus :: Lens.Lens' TagResourceResponse Prelude.Int
+tagResourceResponse_httpStatus = Lens.lens (\TagResourceResponse' {httpStatus} -> httpStatus) (\s@TagResourceResponse' {} a -> s {httpStatus = a} :: TagResourceResponse)
+
+instance Prelude.NFData TagResourceResponse where
+  rnf TagResourceResponse' {..} = Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/Types.hs b/gen/Amazonka/SecurityHub/Types.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types.hs
@@ -0,0 +1,5558 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    _AccessDeniedException,
+    _InternalException,
+    _InvalidAccessException,
+    _InvalidInputException,
+    _LimitExceededException,
+    _ResourceConflictException,
+    _ResourceNotFoundException,
+
+    -- * AdminStatus
+    AdminStatus (..),
+
+    -- * AutoEnableStandards
+    AutoEnableStandards (..),
+
+    -- * AwsIamAccessKeyStatus
+    AwsIamAccessKeyStatus (..),
+
+    -- * AwsS3BucketNotificationConfigurationS3KeyFilterRuleName
+    AwsS3BucketNotificationConfigurationS3KeyFilterRuleName (..),
+
+    -- * ComplianceStatus
+    ComplianceStatus (..),
+
+    -- * ControlStatus
+    ControlStatus (..),
+
+    -- * DateRangeUnit
+    DateRangeUnit (..),
+
+    -- * IntegrationType
+    IntegrationType (..),
+
+    -- * MalwareState
+    MalwareState (..),
+
+    -- * MalwareType
+    MalwareType (..),
+
+    -- * MapFilterComparison
+    MapFilterComparison (..),
+
+    -- * NetworkDirection
+    NetworkDirection (..),
+
+    -- * Partition
+    Partition (..),
+
+    -- * RecordState
+    RecordState (..),
+
+    -- * SeverityLabel
+    SeverityLabel (..),
+
+    -- * SeverityRating
+    SeverityRating (..),
+
+    -- * SortOrder
+    SortOrder (..),
+
+    -- * StandardsStatus
+    StandardsStatus (..),
+
+    -- * StatusReasonCode
+    StatusReasonCode (..),
+
+    -- * StringFilterComparison
+    StringFilterComparison (..),
+
+    -- * ThreatIntelIndicatorCategory
+    ThreatIntelIndicatorCategory (..),
+
+    -- * ThreatIntelIndicatorType
+    ThreatIntelIndicatorType (..),
+
+    -- * VerificationState
+    VerificationState (..),
+
+    -- * VulnerabilityFixAvailable
+    VulnerabilityFixAvailable (..),
+
+    -- * WorkflowState
+    WorkflowState (..),
+
+    -- * WorkflowStatus
+    WorkflowStatus (..),
+
+    -- * AccountDetails
+    AccountDetails (..),
+    newAccountDetails,
+    accountDetails_email,
+    accountDetails_accountId,
+
+    -- * Action
+    Action (..),
+    newAction,
+    action_actionType,
+    action_awsApiCallAction,
+    action_dnsRequestAction,
+    action_networkConnectionAction,
+    action_portProbeAction,
+
+    -- * ActionLocalIpDetails
+    ActionLocalIpDetails (..),
+    newActionLocalIpDetails,
+    actionLocalIpDetails_ipAddressV4,
+
+    -- * ActionLocalPortDetails
+    ActionLocalPortDetails (..),
+    newActionLocalPortDetails,
+    actionLocalPortDetails_port,
+    actionLocalPortDetails_portName,
+
+    -- * ActionRemoteIpDetails
+    ActionRemoteIpDetails (..),
+    newActionRemoteIpDetails,
+    actionRemoteIpDetails_city,
+    actionRemoteIpDetails_country,
+    actionRemoteIpDetails_geoLocation,
+    actionRemoteIpDetails_ipAddressV4,
+    actionRemoteIpDetails_organization,
+
+    -- * ActionRemotePortDetails
+    ActionRemotePortDetails (..),
+    newActionRemotePortDetails,
+    actionRemotePortDetails_port,
+    actionRemotePortDetails_portName,
+
+    -- * ActionTarget
+    ActionTarget (..),
+    newActionTarget,
+    actionTarget_actionTargetArn,
+    actionTarget_name,
+    actionTarget_description,
+
+    -- * Adjustment
+    Adjustment (..),
+    newAdjustment,
+    adjustment_metric,
+    adjustment_reason,
+
+    -- * AdminAccount
+    AdminAccount (..),
+    newAdminAccount,
+    adminAccount_accountId,
+    adminAccount_status,
+
+    -- * AvailabilityZone
+    AvailabilityZone (..),
+    newAvailabilityZone,
+    availabilityZone_subnetId,
+    availabilityZone_zoneName,
+
+    -- * AwsApiCallAction
+    AwsApiCallAction (..),
+    newAwsApiCallAction,
+    awsApiCallAction_affectedResources,
+    awsApiCallAction_api,
+    awsApiCallAction_callerType,
+    awsApiCallAction_domainDetails,
+    awsApiCallAction_firstSeen,
+    awsApiCallAction_lastSeen,
+    awsApiCallAction_remoteIpDetails,
+    awsApiCallAction_serviceName,
+
+    -- * AwsApiCallActionDomainDetails
+    AwsApiCallActionDomainDetails (..),
+    newAwsApiCallActionDomainDetails,
+    awsApiCallActionDomainDetails_domain,
+
+    -- * AwsApiGatewayAccessLogSettings
+    AwsApiGatewayAccessLogSettings (..),
+    newAwsApiGatewayAccessLogSettings,
+    awsApiGatewayAccessLogSettings_destinationArn,
+    awsApiGatewayAccessLogSettings_format,
+
+    -- * AwsApiGatewayCanarySettings
+    AwsApiGatewayCanarySettings (..),
+    newAwsApiGatewayCanarySettings,
+    awsApiGatewayCanarySettings_deploymentId,
+    awsApiGatewayCanarySettings_percentTraffic,
+    awsApiGatewayCanarySettings_stageVariableOverrides,
+    awsApiGatewayCanarySettings_useStageCache,
+
+    -- * AwsApiGatewayEndpointConfiguration
+    AwsApiGatewayEndpointConfiguration (..),
+    newAwsApiGatewayEndpointConfiguration,
+    awsApiGatewayEndpointConfiguration_types,
+
+    -- * AwsApiGatewayMethodSettings
+    AwsApiGatewayMethodSettings (..),
+    newAwsApiGatewayMethodSettings,
+    awsApiGatewayMethodSettings_cacheDataEncrypted,
+    awsApiGatewayMethodSettings_cacheTtlInSeconds,
+    awsApiGatewayMethodSettings_cachingEnabled,
+    awsApiGatewayMethodSettings_dataTraceEnabled,
+    awsApiGatewayMethodSettings_httpMethod,
+    awsApiGatewayMethodSettings_loggingLevel,
+    awsApiGatewayMethodSettings_metricsEnabled,
+    awsApiGatewayMethodSettings_requireAuthorizationForCacheControl,
+    awsApiGatewayMethodSettings_resourcePath,
+    awsApiGatewayMethodSettings_throttlingBurstLimit,
+    awsApiGatewayMethodSettings_throttlingRateLimit,
+    awsApiGatewayMethodSettings_unauthorizedCacheControlHeaderStrategy,
+
+    -- * AwsApiGatewayRestApiDetails
+    AwsApiGatewayRestApiDetails (..),
+    newAwsApiGatewayRestApiDetails,
+    awsApiGatewayRestApiDetails_apiKeySource,
+    awsApiGatewayRestApiDetails_binaryMediaTypes,
+    awsApiGatewayRestApiDetails_createdDate,
+    awsApiGatewayRestApiDetails_description,
+    awsApiGatewayRestApiDetails_endpointConfiguration,
+    awsApiGatewayRestApiDetails_id,
+    awsApiGatewayRestApiDetails_minimumCompressionSize,
+    awsApiGatewayRestApiDetails_name,
+    awsApiGatewayRestApiDetails_version,
+
+    -- * AwsApiGatewayStageDetails
+    AwsApiGatewayStageDetails (..),
+    newAwsApiGatewayStageDetails,
+    awsApiGatewayStageDetails_accessLogSettings,
+    awsApiGatewayStageDetails_cacheClusterEnabled,
+    awsApiGatewayStageDetails_cacheClusterSize,
+    awsApiGatewayStageDetails_cacheClusterStatus,
+    awsApiGatewayStageDetails_canarySettings,
+    awsApiGatewayStageDetails_clientCertificateId,
+    awsApiGatewayStageDetails_createdDate,
+    awsApiGatewayStageDetails_deploymentId,
+    awsApiGatewayStageDetails_description,
+    awsApiGatewayStageDetails_documentationVersion,
+    awsApiGatewayStageDetails_lastUpdatedDate,
+    awsApiGatewayStageDetails_methodSettings,
+    awsApiGatewayStageDetails_stageName,
+    awsApiGatewayStageDetails_tracingEnabled,
+    awsApiGatewayStageDetails_variables,
+    awsApiGatewayStageDetails_webAclArn,
+
+    -- * AwsApiGatewayV2ApiDetails
+    AwsApiGatewayV2ApiDetails (..),
+    newAwsApiGatewayV2ApiDetails,
+    awsApiGatewayV2ApiDetails_apiEndpoint,
+    awsApiGatewayV2ApiDetails_apiId,
+    awsApiGatewayV2ApiDetails_apiKeySelectionExpression,
+    awsApiGatewayV2ApiDetails_corsConfiguration,
+    awsApiGatewayV2ApiDetails_createdDate,
+    awsApiGatewayV2ApiDetails_description,
+    awsApiGatewayV2ApiDetails_name,
+    awsApiGatewayV2ApiDetails_protocolType,
+    awsApiGatewayV2ApiDetails_routeSelectionExpression,
+    awsApiGatewayV2ApiDetails_version,
+
+    -- * AwsApiGatewayV2RouteSettings
+    AwsApiGatewayV2RouteSettings (..),
+    newAwsApiGatewayV2RouteSettings,
+    awsApiGatewayV2RouteSettings_dataTraceEnabled,
+    awsApiGatewayV2RouteSettings_detailedMetricsEnabled,
+    awsApiGatewayV2RouteSettings_loggingLevel,
+    awsApiGatewayV2RouteSettings_throttlingBurstLimit,
+    awsApiGatewayV2RouteSettings_throttlingRateLimit,
+
+    -- * AwsApiGatewayV2StageDetails
+    AwsApiGatewayV2StageDetails (..),
+    newAwsApiGatewayV2StageDetails,
+    awsApiGatewayV2StageDetails_accessLogSettings,
+    awsApiGatewayV2StageDetails_apiGatewayManaged,
+    awsApiGatewayV2StageDetails_autoDeploy,
+    awsApiGatewayV2StageDetails_clientCertificateId,
+    awsApiGatewayV2StageDetails_createdDate,
+    awsApiGatewayV2StageDetails_defaultRouteSettings,
+    awsApiGatewayV2StageDetails_deploymentId,
+    awsApiGatewayV2StageDetails_description,
+    awsApiGatewayV2StageDetails_lastDeploymentStatusMessage,
+    awsApiGatewayV2StageDetails_lastUpdatedDate,
+    awsApiGatewayV2StageDetails_routeSettings,
+    awsApiGatewayV2StageDetails_stageName,
+    awsApiGatewayV2StageDetails_stageVariables,
+
+    -- * AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
+    AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails (..),
+    newAwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails,
+    awsAutoScalingAutoScalingGroupAvailabilityZonesListDetails_value,
+
+    -- * AwsAutoScalingAutoScalingGroupDetails
+    AwsAutoScalingAutoScalingGroupDetails (..),
+    newAwsAutoScalingAutoScalingGroupDetails,
+    awsAutoScalingAutoScalingGroupDetails_availabilityZones,
+    awsAutoScalingAutoScalingGroupDetails_capacityRebalance,
+    awsAutoScalingAutoScalingGroupDetails_createdTime,
+    awsAutoScalingAutoScalingGroupDetails_healthCheckGracePeriod,
+    awsAutoScalingAutoScalingGroupDetails_healthCheckType,
+    awsAutoScalingAutoScalingGroupDetails_launchConfigurationName,
+    awsAutoScalingAutoScalingGroupDetails_launchTemplate,
+    awsAutoScalingAutoScalingGroupDetails_loadBalancerNames,
+    awsAutoScalingAutoScalingGroupDetails_mixedInstancesPolicy,
+
+    -- * AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification
+    AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification (..),
+    newAwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification,
+    awsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification_launchTemplateId,
+    awsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification_launchTemplateName,
+    awsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification_version,
+
+    -- * AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails (..),
+    newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails_instancesDistribution,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails_launchTemplate,
+
+    -- * AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails (..),
+    newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_onDemandAllocationStrategy,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_onDemandBaseCapacity,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_onDemandPercentageAboveBaseCapacity,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_spotAllocationStrategy,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_spotInstancePools,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_spotMaxPrice,
+
+    -- * AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails (..),
+    newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails_launchTemplateSpecification,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails_overrides,
+
+    -- * AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification (..),
+    newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification_launchTemplateId,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification_launchTemplateName,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification_version,
+
+    -- * AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails (..),
+    newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails_instanceType,
+    awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails_weightedCapacity,
+
+    -- * AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails (..),
+    newAwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_deviceName,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_ebs,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_noDevice,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_virtualName,
+
+    -- * AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails (..),
+    newAwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_deleteOnTermination,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_encrypted,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_iops,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_snapshotId,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_volumeSize,
+    awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_volumeType,
+
+    -- * AwsAutoScalingLaunchConfigurationDetails
+    AwsAutoScalingLaunchConfigurationDetails (..),
+    newAwsAutoScalingLaunchConfigurationDetails,
+    awsAutoScalingLaunchConfigurationDetails_associatePublicIpAddress,
+    awsAutoScalingLaunchConfigurationDetails_blockDeviceMappings,
+    awsAutoScalingLaunchConfigurationDetails_classicLinkVpcId,
+    awsAutoScalingLaunchConfigurationDetails_classicLinkVpcSecurityGroups,
+    awsAutoScalingLaunchConfigurationDetails_createdTime,
+    awsAutoScalingLaunchConfigurationDetails_ebsOptimized,
+    awsAutoScalingLaunchConfigurationDetails_iamInstanceProfile,
+    awsAutoScalingLaunchConfigurationDetails_imageId,
+    awsAutoScalingLaunchConfigurationDetails_instanceMonitoring,
+    awsAutoScalingLaunchConfigurationDetails_instanceType,
+    awsAutoScalingLaunchConfigurationDetails_kernelId,
+    awsAutoScalingLaunchConfigurationDetails_keyName,
+    awsAutoScalingLaunchConfigurationDetails_launchConfigurationName,
+    awsAutoScalingLaunchConfigurationDetails_metadataOptions,
+    awsAutoScalingLaunchConfigurationDetails_placementTenancy,
+    awsAutoScalingLaunchConfigurationDetails_ramdiskId,
+    awsAutoScalingLaunchConfigurationDetails_securityGroups,
+    awsAutoScalingLaunchConfigurationDetails_spotPrice,
+    awsAutoScalingLaunchConfigurationDetails_userData,
+
+    -- * AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails
+    AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails (..),
+    newAwsAutoScalingLaunchConfigurationInstanceMonitoringDetails,
+    awsAutoScalingLaunchConfigurationInstanceMonitoringDetails_enabled,
+
+    -- * AwsAutoScalingLaunchConfigurationMetadataOptions
+    AwsAutoScalingLaunchConfigurationMetadataOptions (..),
+    newAwsAutoScalingLaunchConfigurationMetadataOptions,
+    awsAutoScalingLaunchConfigurationMetadataOptions_httpEndpoint,
+    awsAutoScalingLaunchConfigurationMetadataOptions_httpPutResponseHopLimit,
+    awsAutoScalingLaunchConfigurationMetadataOptions_httpTokens,
+
+    -- * AwsBackupBackupPlanAdvancedBackupSettingsDetails
+    AwsBackupBackupPlanAdvancedBackupSettingsDetails (..),
+    newAwsBackupBackupPlanAdvancedBackupSettingsDetails,
+    awsBackupBackupPlanAdvancedBackupSettingsDetails_backupOptions,
+    awsBackupBackupPlanAdvancedBackupSettingsDetails_resourceType,
+
+    -- * AwsBackupBackupPlanBackupPlanDetails
+    AwsBackupBackupPlanBackupPlanDetails (..),
+    newAwsBackupBackupPlanBackupPlanDetails,
+    awsBackupBackupPlanBackupPlanDetails_advancedBackupSettings,
+    awsBackupBackupPlanBackupPlanDetails_backupPlanName,
+    awsBackupBackupPlanBackupPlanDetails_backupPlanRule,
+
+    -- * AwsBackupBackupPlanDetails
+    AwsBackupBackupPlanDetails (..),
+    newAwsBackupBackupPlanDetails,
+    awsBackupBackupPlanDetails_backupPlan,
+    awsBackupBackupPlanDetails_backupPlanArn,
+    awsBackupBackupPlanDetails_backupPlanId,
+    awsBackupBackupPlanDetails_versionId,
+
+    -- * AwsBackupBackupPlanLifecycleDetails
+    AwsBackupBackupPlanLifecycleDetails (..),
+    newAwsBackupBackupPlanLifecycleDetails,
+    awsBackupBackupPlanLifecycleDetails_deleteAfterDays,
+    awsBackupBackupPlanLifecycleDetails_moveToColdStorageAfterDays,
+
+    -- * AwsBackupBackupPlanRuleCopyActionsDetails
+    AwsBackupBackupPlanRuleCopyActionsDetails (..),
+    newAwsBackupBackupPlanRuleCopyActionsDetails,
+    awsBackupBackupPlanRuleCopyActionsDetails_destinationBackupVaultArn,
+    awsBackupBackupPlanRuleCopyActionsDetails_lifecycle,
+
+    -- * AwsBackupBackupPlanRuleDetails
+    AwsBackupBackupPlanRuleDetails (..),
+    newAwsBackupBackupPlanRuleDetails,
+    awsBackupBackupPlanRuleDetails_completionWindowMinutes,
+    awsBackupBackupPlanRuleDetails_copyActions,
+    awsBackupBackupPlanRuleDetails_enableContinuousBackup,
+    awsBackupBackupPlanRuleDetails_lifecycle,
+    awsBackupBackupPlanRuleDetails_ruleId,
+    awsBackupBackupPlanRuleDetails_ruleName,
+    awsBackupBackupPlanRuleDetails_scheduleExpression,
+    awsBackupBackupPlanRuleDetails_startWindowMinutes,
+    awsBackupBackupPlanRuleDetails_targetBackupVault,
+
+    -- * AwsBackupBackupVaultDetails
+    AwsBackupBackupVaultDetails (..),
+    newAwsBackupBackupVaultDetails,
+    awsBackupBackupVaultDetails_accessPolicy,
+    awsBackupBackupVaultDetails_backupVaultArn,
+    awsBackupBackupVaultDetails_backupVaultName,
+    awsBackupBackupVaultDetails_encryptionKeyArn,
+    awsBackupBackupVaultDetails_notifications,
+
+    -- * AwsBackupBackupVaultNotificationsDetails
+    AwsBackupBackupVaultNotificationsDetails (..),
+    newAwsBackupBackupVaultNotificationsDetails,
+    awsBackupBackupVaultNotificationsDetails_backupVaultEvents,
+    awsBackupBackupVaultNotificationsDetails_snsTopicArn,
+
+    -- * AwsBackupRecoveryPointCalculatedLifecycleDetails
+    AwsBackupRecoveryPointCalculatedLifecycleDetails (..),
+    newAwsBackupRecoveryPointCalculatedLifecycleDetails,
+    awsBackupRecoveryPointCalculatedLifecycleDetails_deleteAt,
+    awsBackupRecoveryPointCalculatedLifecycleDetails_moveToColdStorageAt,
+
+    -- * AwsBackupRecoveryPointCreatedByDetails
+    AwsBackupRecoveryPointCreatedByDetails (..),
+    newAwsBackupRecoveryPointCreatedByDetails,
+    awsBackupRecoveryPointCreatedByDetails_backupPlanArn,
+    awsBackupRecoveryPointCreatedByDetails_backupPlanId,
+    awsBackupRecoveryPointCreatedByDetails_backupPlanVersion,
+    awsBackupRecoveryPointCreatedByDetails_backupRuleId,
+
+    -- * AwsBackupRecoveryPointDetails
+    AwsBackupRecoveryPointDetails (..),
+    newAwsBackupRecoveryPointDetails,
+    awsBackupRecoveryPointDetails_backupSizeInBytes,
+    awsBackupRecoveryPointDetails_backupVaultArn,
+    awsBackupRecoveryPointDetails_backupVaultName,
+    awsBackupRecoveryPointDetails_calculatedLifecycle,
+    awsBackupRecoveryPointDetails_completionDate,
+    awsBackupRecoveryPointDetails_createdBy,
+    awsBackupRecoveryPointDetails_creationDate,
+    awsBackupRecoveryPointDetails_encryptionKeyArn,
+    awsBackupRecoveryPointDetails_iamRoleArn,
+    awsBackupRecoveryPointDetails_isEncrypted,
+    awsBackupRecoveryPointDetails_lastRestoreTime,
+    awsBackupRecoveryPointDetails_lifecycle,
+    awsBackupRecoveryPointDetails_recoveryPointArn,
+    awsBackupRecoveryPointDetails_resourceArn,
+    awsBackupRecoveryPointDetails_resourceType,
+    awsBackupRecoveryPointDetails_sourceBackupVaultArn,
+    awsBackupRecoveryPointDetails_status,
+    awsBackupRecoveryPointDetails_statusMessage,
+    awsBackupRecoveryPointDetails_storageClass,
+
+    -- * AwsBackupRecoveryPointLifecycleDetails
+    AwsBackupRecoveryPointLifecycleDetails (..),
+    newAwsBackupRecoveryPointLifecycleDetails,
+    awsBackupRecoveryPointLifecycleDetails_deleteAfterDays,
+    awsBackupRecoveryPointLifecycleDetails_moveToColdStorageAfterDays,
+
+    -- * AwsCertificateManagerCertificateDetails
+    AwsCertificateManagerCertificateDetails (..),
+    newAwsCertificateManagerCertificateDetails,
+    awsCertificateManagerCertificateDetails_certificateAuthorityArn,
+    awsCertificateManagerCertificateDetails_createdAt,
+    awsCertificateManagerCertificateDetails_domainName,
+    awsCertificateManagerCertificateDetails_domainValidationOptions,
+    awsCertificateManagerCertificateDetails_extendedKeyUsages,
+    awsCertificateManagerCertificateDetails_failureReason,
+    awsCertificateManagerCertificateDetails_importedAt,
+    awsCertificateManagerCertificateDetails_inUseBy,
+    awsCertificateManagerCertificateDetails_issuedAt,
+    awsCertificateManagerCertificateDetails_issuer,
+    awsCertificateManagerCertificateDetails_keyAlgorithm,
+    awsCertificateManagerCertificateDetails_keyUsages,
+    awsCertificateManagerCertificateDetails_notAfter,
+    awsCertificateManagerCertificateDetails_notBefore,
+    awsCertificateManagerCertificateDetails_options,
+    awsCertificateManagerCertificateDetails_renewalEligibility,
+    awsCertificateManagerCertificateDetails_renewalSummary,
+    awsCertificateManagerCertificateDetails_serial,
+    awsCertificateManagerCertificateDetails_signatureAlgorithm,
+    awsCertificateManagerCertificateDetails_status,
+    awsCertificateManagerCertificateDetails_subject,
+    awsCertificateManagerCertificateDetails_subjectAlternativeNames,
+    awsCertificateManagerCertificateDetails_type,
+
+    -- * AwsCertificateManagerCertificateDomainValidationOption
+    AwsCertificateManagerCertificateDomainValidationOption (..),
+    newAwsCertificateManagerCertificateDomainValidationOption,
+    awsCertificateManagerCertificateDomainValidationOption_domainName,
+    awsCertificateManagerCertificateDomainValidationOption_resourceRecord,
+    awsCertificateManagerCertificateDomainValidationOption_validationDomain,
+    awsCertificateManagerCertificateDomainValidationOption_validationEmails,
+    awsCertificateManagerCertificateDomainValidationOption_validationMethod,
+    awsCertificateManagerCertificateDomainValidationOption_validationStatus,
+
+    -- * AwsCertificateManagerCertificateExtendedKeyUsage
+    AwsCertificateManagerCertificateExtendedKeyUsage (..),
+    newAwsCertificateManagerCertificateExtendedKeyUsage,
+    awsCertificateManagerCertificateExtendedKeyUsage_name,
+    awsCertificateManagerCertificateExtendedKeyUsage_oId,
+
+    -- * AwsCertificateManagerCertificateKeyUsage
+    AwsCertificateManagerCertificateKeyUsage (..),
+    newAwsCertificateManagerCertificateKeyUsage,
+    awsCertificateManagerCertificateKeyUsage_name,
+
+    -- * AwsCertificateManagerCertificateOptions
+    AwsCertificateManagerCertificateOptions (..),
+    newAwsCertificateManagerCertificateOptions,
+    awsCertificateManagerCertificateOptions_certificateTransparencyLoggingPreference,
+
+    -- * AwsCertificateManagerCertificateRenewalSummary
+    AwsCertificateManagerCertificateRenewalSummary (..),
+    newAwsCertificateManagerCertificateRenewalSummary,
+    awsCertificateManagerCertificateRenewalSummary_domainValidationOptions,
+    awsCertificateManagerCertificateRenewalSummary_renewalStatus,
+    awsCertificateManagerCertificateRenewalSummary_renewalStatusReason,
+    awsCertificateManagerCertificateRenewalSummary_updatedAt,
+
+    -- * AwsCertificateManagerCertificateResourceRecord
+    AwsCertificateManagerCertificateResourceRecord (..),
+    newAwsCertificateManagerCertificateResourceRecord,
+    awsCertificateManagerCertificateResourceRecord_name,
+    awsCertificateManagerCertificateResourceRecord_type,
+    awsCertificateManagerCertificateResourceRecord_value,
+
+    -- * AwsCloudFormationStackDetails
+    AwsCloudFormationStackDetails (..),
+    newAwsCloudFormationStackDetails,
+    awsCloudFormationStackDetails_capabilities,
+    awsCloudFormationStackDetails_creationTime,
+    awsCloudFormationStackDetails_description,
+    awsCloudFormationStackDetails_disableRollback,
+    awsCloudFormationStackDetails_driftInformation,
+    awsCloudFormationStackDetails_enableTerminationProtection,
+    awsCloudFormationStackDetails_lastUpdatedTime,
+    awsCloudFormationStackDetails_notificationArns,
+    awsCloudFormationStackDetails_outputs,
+    awsCloudFormationStackDetails_roleArn,
+    awsCloudFormationStackDetails_stackId,
+    awsCloudFormationStackDetails_stackName,
+    awsCloudFormationStackDetails_stackStatus,
+    awsCloudFormationStackDetails_stackStatusReason,
+    awsCloudFormationStackDetails_timeoutInMinutes,
+
+    -- * AwsCloudFormationStackDriftInformationDetails
+    AwsCloudFormationStackDriftInformationDetails (..),
+    newAwsCloudFormationStackDriftInformationDetails,
+    awsCloudFormationStackDriftInformationDetails_stackDriftStatus,
+
+    -- * AwsCloudFormationStackOutputsDetails
+    AwsCloudFormationStackOutputsDetails (..),
+    newAwsCloudFormationStackOutputsDetails,
+    awsCloudFormationStackOutputsDetails_description,
+    awsCloudFormationStackOutputsDetails_outputKey,
+    awsCloudFormationStackOutputsDetails_outputValue,
+
+    -- * AwsCloudFrontDistributionCacheBehavior
+    AwsCloudFrontDistributionCacheBehavior (..),
+    newAwsCloudFrontDistributionCacheBehavior,
+    awsCloudFrontDistributionCacheBehavior_viewerProtocolPolicy,
+
+    -- * AwsCloudFrontDistributionCacheBehaviors
+    AwsCloudFrontDistributionCacheBehaviors (..),
+    newAwsCloudFrontDistributionCacheBehaviors,
+    awsCloudFrontDistributionCacheBehaviors_items,
+
+    -- * AwsCloudFrontDistributionDefaultCacheBehavior
+    AwsCloudFrontDistributionDefaultCacheBehavior (..),
+    newAwsCloudFrontDistributionDefaultCacheBehavior,
+    awsCloudFrontDistributionDefaultCacheBehavior_viewerProtocolPolicy,
+
+    -- * AwsCloudFrontDistributionDetails
+    AwsCloudFrontDistributionDetails (..),
+    newAwsCloudFrontDistributionDetails,
+    awsCloudFrontDistributionDetails_cacheBehaviors,
+    awsCloudFrontDistributionDetails_defaultCacheBehavior,
+    awsCloudFrontDistributionDetails_defaultRootObject,
+    awsCloudFrontDistributionDetails_domainName,
+    awsCloudFrontDistributionDetails_eTag,
+    awsCloudFrontDistributionDetails_lastModifiedTime,
+    awsCloudFrontDistributionDetails_logging,
+    awsCloudFrontDistributionDetails_originGroups,
+    awsCloudFrontDistributionDetails_origins,
+    awsCloudFrontDistributionDetails_status,
+    awsCloudFrontDistributionDetails_viewerCertificate,
+    awsCloudFrontDistributionDetails_webAclId,
+
+    -- * AwsCloudFrontDistributionLogging
+    AwsCloudFrontDistributionLogging (..),
+    newAwsCloudFrontDistributionLogging,
+    awsCloudFrontDistributionLogging_bucket,
+    awsCloudFrontDistributionLogging_enabled,
+    awsCloudFrontDistributionLogging_includeCookies,
+    awsCloudFrontDistributionLogging_prefix,
+
+    -- * AwsCloudFrontDistributionOriginCustomOriginConfig
+    AwsCloudFrontDistributionOriginCustomOriginConfig (..),
+    newAwsCloudFrontDistributionOriginCustomOriginConfig,
+    awsCloudFrontDistributionOriginCustomOriginConfig_httpPort,
+    awsCloudFrontDistributionOriginCustomOriginConfig_httpsPort,
+    awsCloudFrontDistributionOriginCustomOriginConfig_originKeepaliveTimeout,
+    awsCloudFrontDistributionOriginCustomOriginConfig_originProtocolPolicy,
+    awsCloudFrontDistributionOriginCustomOriginConfig_originReadTimeout,
+    awsCloudFrontDistributionOriginCustomOriginConfig_originSslProtocols,
+
+    -- * AwsCloudFrontDistributionOriginGroup
+    AwsCloudFrontDistributionOriginGroup (..),
+    newAwsCloudFrontDistributionOriginGroup,
+    awsCloudFrontDistributionOriginGroup_failoverCriteria,
+
+    -- * AwsCloudFrontDistributionOriginGroupFailover
+    AwsCloudFrontDistributionOriginGroupFailover (..),
+    newAwsCloudFrontDistributionOriginGroupFailover,
+    awsCloudFrontDistributionOriginGroupFailover_statusCodes,
+
+    -- * AwsCloudFrontDistributionOriginGroupFailoverStatusCodes
+    AwsCloudFrontDistributionOriginGroupFailoverStatusCodes (..),
+    newAwsCloudFrontDistributionOriginGroupFailoverStatusCodes,
+    awsCloudFrontDistributionOriginGroupFailoverStatusCodes_items,
+    awsCloudFrontDistributionOriginGroupFailoverStatusCodes_quantity,
+
+    -- * AwsCloudFrontDistributionOriginGroups
+    AwsCloudFrontDistributionOriginGroups (..),
+    newAwsCloudFrontDistributionOriginGroups,
+    awsCloudFrontDistributionOriginGroups_items,
+
+    -- * AwsCloudFrontDistributionOriginItem
+    AwsCloudFrontDistributionOriginItem (..),
+    newAwsCloudFrontDistributionOriginItem,
+    awsCloudFrontDistributionOriginItem_customOriginConfig,
+    awsCloudFrontDistributionOriginItem_domainName,
+    awsCloudFrontDistributionOriginItem_id,
+    awsCloudFrontDistributionOriginItem_originPath,
+    awsCloudFrontDistributionOriginItem_s3OriginConfig,
+
+    -- * AwsCloudFrontDistributionOriginS3OriginConfig
+    AwsCloudFrontDistributionOriginS3OriginConfig (..),
+    newAwsCloudFrontDistributionOriginS3OriginConfig,
+    awsCloudFrontDistributionOriginS3OriginConfig_originAccessIdentity,
+
+    -- * AwsCloudFrontDistributionOriginSslProtocols
+    AwsCloudFrontDistributionOriginSslProtocols (..),
+    newAwsCloudFrontDistributionOriginSslProtocols,
+    awsCloudFrontDistributionOriginSslProtocols_items,
+    awsCloudFrontDistributionOriginSslProtocols_quantity,
+
+    -- * AwsCloudFrontDistributionOrigins
+    AwsCloudFrontDistributionOrigins (..),
+    newAwsCloudFrontDistributionOrigins,
+    awsCloudFrontDistributionOrigins_items,
+
+    -- * AwsCloudFrontDistributionViewerCertificate
+    AwsCloudFrontDistributionViewerCertificate (..),
+    newAwsCloudFrontDistributionViewerCertificate,
+    awsCloudFrontDistributionViewerCertificate_acmCertificateArn,
+    awsCloudFrontDistributionViewerCertificate_certificate,
+    awsCloudFrontDistributionViewerCertificate_certificateSource,
+    awsCloudFrontDistributionViewerCertificate_cloudFrontDefaultCertificate,
+    awsCloudFrontDistributionViewerCertificate_iamCertificateId,
+    awsCloudFrontDistributionViewerCertificate_minimumProtocolVersion,
+    awsCloudFrontDistributionViewerCertificate_sslSupportMethod,
+
+    -- * AwsCloudTrailTrailDetails
+    AwsCloudTrailTrailDetails (..),
+    newAwsCloudTrailTrailDetails,
+    awsCloudTrailTrailDetails_cloudWatchLogsLogGroupArn,
+    awsCloudTrailTrailDetails_cloudWatchLogsRoleArn,
+    awsCloudTrailTrailDetails_hasCustomEventSelectors,
+    awsCloudTrailTrailDetails_homeRegion,
+    awsCloudTrailTrailDetails_includeGlobalServiceEvents,
+    awsCloudTrailTrailDetails_isMultiRegionTrail,
+    awsCloudTrailTrailDetails_isOrganizationTrail,
+    awsCloudTrailTrailDetails_kmsKeyId,
+    awsCloudTrailTrailDetails_logFileValidationEnabled,
+    awsCloudTrailTrailDetails_name,
+    awsCloudTrailTrailDetails_s3BucketName,
+    awsCloudTrailTrailDetails_s3KeyPrefix,
+    awsCloudTrailTrailDetails_snsTopicArn,
+    awsCloudTrailTrailDetails_snsTopicName,
+    awsCloudTrailTrailDetails_trailArn,
+
+    -- * AwsCloudWatchAlarmDetails
+    AwsCloudWatchAlarmDetails (..),
+    newAwsCloudWatchAlarmDetails,
+    awsCloudWatchAlarmDetails_actionsEnabled,
+    awsCloudWatchAlarmDetails_alarmActions,
+    awsCloudWatchAlarmDetails_alarmArn,
+    awsCloudWatchAlarmDetails_alarmConfigurationUpdatedTimestamp,
+    awsCloudWatchAlarmDetails_alarmDescription,
+    awsCloudWatchAlarmDetails_alarmName,
+    awsCloudWatchAlarmDetails_comparisonOperator,
+    awsCloudWatchAlarmDetails_datapointsToAlarm,
+    awsCloudWatchAlarmDetails_dimensions,
+    awsCloudWatchAlarmDetails_evaluateLowSampleCountPercentile,
+    awsCloudWatchAlarmDetails_evaluationPeriods,
+    awsCloudWatchAlarmDetails_extendedStatistic,
+    awsCloudWatchAlarmDetails_insufficientDataActions,
+    awsCloudWatchAlarmDetails_metricName,
+    awsCloudWatchAlarmDetails_namespace,
+    awsCloudWatchAlarmDetails_okActions,
+    awsCloudWatchAlarmDetails_period,
+    awsCloudWatchAlarmDetails_statistic,
+    awsCloudWatchAlarmDetails_threshold,
+    awsCloudWatchAlarmDetails_thresholdMetricId,
+    awsCloudWatchAlarmDetails_treatMissingData,
+    awsCloudWatchAlarmDetails_unit,
+
+    -- * AwsCloudWatchAlarmDimensionsDetails
+    AwsCloudWatchAlarmDimensionsDetails (..),
+    newAwsCloudWatchAlarmDimensionsDetails,
+    awsCloudWatchAlarmDimensionsDetails_name,
+    awsCloudWatchAlarmDimensionsDetails_value,
+
+    -- * AwsCodeBuildProjectArtifactsDetails
+    AwsCodeBuildProjectArtifactsDetails (..),
+    newAwsCodeBuildProjectArtifactsDetails,
+    awsCodeBuildProjectArtifactsDetails_artifactIdentifier,
+    awsCodeBuildProjectArtifactsDetails_encryptionDisabled,
+    awsCodeBuildProjectArtifactsDetails_location,
+    awsCodeBuildProjectArtifactsDetails_name,
+    awsCodeBuildProjectArtifactsDetails_namespaceType,
+    awsCodeBuildProjectArtifactsDetails_overrideArtifactName,
+    awsCodeBuildProjectArtifactsDetails_packaging,
+    awsCodeBuildProjectArtifactsDetails_path,
+    awsCodeBuildProjectArtifactsDetails_type,
+
+    -- * AwsCodeBuildProjectDetails
+    AwsCodeBuildProjectDetails (..),
+    newAwsCodeBuildProjectDetails,
+    awsCodeBuildProjectDetails_artifacts,
+    awsCodeBuildProjectDetails_encryptionKey,
+    awsCodeBuildProjectDetails_environment,
+    awsCodeBuildProjectDetails_logsConfig,
+    awsCodeBuildProjectDetails_name,
+    awsCodeBuildProjectDetails_secondaryArtifacts,
+    awsCodeBuildProjectDetails_serviceRole,
+    awsCodeBuildProjectDetails_source,
+    awsCodeBuildProjectDetails_vpcConfig,
+
+    -- * AwsCodeBuildProjectEnvironment
+    AwsCodeBuildProjectEnvironment (..),
+    newAwsCodeBuildProjectEnvironment,
+    awsCodeBuildProjectEnvironment_certificate,
+    awsCodeBuildProjectEnvironment_environmentVariables,
+    awsCodeBuildProjectEnvironment_imagePullCredentialsType,
+    awsCodeBuildProjectEnvironment_privilegedMode,
+    awsCodeBuildProjectEnvironment_registryCredential,
+    awsCodeBuildProjectEnvironment_type,
+
+    -- * AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails
+    AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails (..),
+    newAwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails,
+    awsCodeBuildProjectEnvironmentEnvironmentVariablesDetails_name,
+    awsCodeBuildProjectEnvironmentEnvironmentVariablesDetails_type,
+    awsCodeBuildProjectEnvironmentEnvironmentVariablesDetails_value,
+
+    -- * AwsCodeBuildProjectEnvironmentRegistryCredential
+    AwsCodeBuildProjectEnvironmentRegistryCredential (..),
+    newAwsCodeBuildProjectEnvironmentRegistryCredential,
+    awsCodeBuildProjectEnvironmentRegistryCredential_credential,
+    awsCodeBuildProjectEnvironmentRegistryCredential_credentialProvider,
+
+    -- * AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails
+    AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails (..),
+    newAwsCodeBuildProjectLogsConfigCloudWatchLogsDetails,
+    awsCodeBuildProjectLogsConfigCloudWatchLogsDetails_groupName,
+    awsCodeBuildProjectLogsConfigCloudWatchLogsDetails_status,
+    awsCodeBuildProjectLogsConfigCloudWatchLogsDetails_streamName,
+
+    -- * AwsCodeBuildProjectLogsConfigDetails
+    AwsCodeBuildProjectLogsConfigDetails (..),
+    newAwsCodeBuildProjectLogsConfigDetails,
+    awsCodeBuildProjectLogsConfigDetails_cloudWatchLogs,
+    awsCodeBuildProjectLogsConfigDetails_s3Logs,
+
+    -- * AwsCodeBuildProjectLogsConfigS3LogsDetails
+    AwsCodeBuildProjectLogsConfigS3LogsDetails (..),
+    newAwsCodeBuildProjectLogsConfigS3LogsDetails,
+    awsCodeBuildProjectLogsConfigS3LogsDetails_encryptionDisabled,
+    awsCodeBuildProjectLogsConfigS3LogsDetails_location,
+    awsCodeBuildProjectLogsConfigS3LogsDetails_status,
+
+    -- * AwsCodeBuildProjectSource
+    AwsCodeBuildProjectSource (..),
+    newAwsCodeBuildProjectSource,
+    awsCodeBuildProjectSource_gitCloneDepth,
+    awsCodeBuildProjectSource_insecureSsl,
+    awsCodeBuildProjectSource_location,
+    awsCodeBuildProjectSource_type,
+
+    -- * AwsCodeBuildProjectVpcConfig
+    AwsCodeBuildProjectVpcConfig (..),
+    newAwsCodeBuildProjectVpcConfig,
+    awsCodeBuildProjectVpcConfig_securityGroupIds,
+    awsCodeBuildProjectVpcConfig_subnets,
+    awsCodeBuildProjectVpcConfig_vpcId,
+
+    -- * AwsCorsConfiguration
+    AwsCorsConfiguration (..),
+    newAwsCorsConfiguration,
+    awsCorsConfiguration_allowCredentials,
+    awsCorsConfiguration_allowHeaders,
+    awsCorsConfiguration_allowMethods,
+    awsCorsConfiguration_allowOrigins,
+    awsCorsConfiguration_exposeHeaders,
+    awsCorsConfiguration_maxAge,
+
+    -- * AwsDynamoDbTableAttributeDefinition
+    AwsDynamoDbTableAttributeDefinition (..),
+    newAwsDynamoDbTableAttributeDefinition,
+    awsDynamoDbTableAttributeDefinition_attributeName,
+    awsDynamoDbTableAttributeDefinition_attributeType,
+
+    -- * AwsDynamoDbTableBillingModeSummary
+    AwsDynamoDbTableBillingModeSummary (..),
+    newAwsDynamoDbTableBillingModeSummary,
+    awsDynamoDbTableBillingModeSummary_billingMode,
+    awsDynamoDbTableBillingModeSummary_lastUpdateToPayPerRequestDateTime,
+
+    -- * AwsDynamoDbTableDetails
+    AwsDynamoDbTableDetails (..),
+    newAwsDynamoDbTableDetails,
+    awsDynamoDbTableDetails_attributeDefinitions,
+    awsDynamoDbTableDetails_billingModeSummary,
+    awsDynamoDbTableDetails_creationDateTime,
+    awsDynamoDbTableDetails_globalSecondaryIndexes,
+    awsDynamoDbTableDetails_globalTableVersion,
+    awsDynamoDbTableDetails_itemCount,
+    awsDynamoDbTableDetails_keySchema,
+    awsDynamoDbTableDetails_latestStreamArn,
+    awsDynamoDbTableDetails_latestStreamLabel,
+    awsDynamoDbTableDetails_localSecondaryIndexes,
+    awsDynamoDbTableDetails_provisionedThroughput,
+    awsDynamoDbTableDetails_replicas,
+    awsDynamoDbTableDetails_restoreSummary,
+    awsDynamoDbTableDetails_sseDescription,
+    awsDynamoDbTableDetails_streamSpecification,
+    awsDynamoDbTableDetails_tableId,
+    awsDynamoDbTableDetails_tableName,
+    awsDynamoDbTableDetails_tableSizeBytes,
+    awsDynamoDbTableDetails_tableStatus,
+
+    -- * AwsDynamoDbTableGlobalSecondaryIndex
+    AwsDynamoDbTableGlobalSecondaryIndex (..),
+    newAwsDynamoDbTableGlobalSecondaryIndex,
+    awsDynamoDbTableGlobalSecondaryIndex_backfilling,
+    awsDynamoDbTableGlobalSecondaryIndex_indexArn,
+    awsDynamoDbTableGlobalSecondaryIndex_indexName,
+    awsDynamoDbTableGlobalSecondaryIndex_indexSizeBytes,
+    awsDynamoDbTableGlobalSecondaryIndex_indexStatus,
+    awsDynamoDbTableGlobalSecondaryIndex_itemCount,
+    awsDynamoDbTableGlobalSecondaryIndex_keySchema,
+    awsDynamoDbTableGlobalSecondaryIndex_projection,
+    awsDynamoDbTableGlobalSecondaryIndex_provisionedThroughput,
+
+    -- * AwsDynamoDbTableKeySchema
+    AwsDynamoDbTableKeySchema (..),
+    newAwsDynamoDbTableKeySchema,
+    awsDynamoDbTableKeySchema_attributeName,
+    awsDynamoDbTableKeySchema_keyType,
+
+    -- * AwsDynamoDbTableLocalSecondaryIndex
+    AwsDynamoDbTableLocalSecondaryIndex (..),
+    newAwsDynamoDbTableLocalSecondaryIndex,
+    awsDynamoDbTableLocalSecondaryIndex_indexArn,
+    awsDynamoDbTableLocalSecondaryIndex_indexName,
+    awsDynamoDbTableLocalSecondaryIndex_keySchema,
+    awsDynamoDbTableLocalSecondaryIndex_projection,
+
+    -- * AwsDynamoDbTableProjection
+    AwsDynamoDbTableProjection (..),
+    newAwsDynamoDbTableProjection,
+    awsDynamoDbTableProjection_nonKeyAttributes,
+    awsDynamoDbTableProjection_projectionType,
+
+    -- * AwsDynamoDbTableProvisionedThroughput
+    AwsDynamoDbTableProvisionedThroughput (..),
+    newAwsDynamoDbTableProvisionedThroughput,
+    awsDynamoDbTableProvisionedThroughput_lastDecreaseDateTime,
+    awsDynamoDbTableProvisionedThroughput_lastIncreaseDateTime,
+    awsDynamoDbTableProvisionedThroughput_numberOfDecreasesToday,
+    awsDynamoDbTableProvisionedThroughput_readCapacityUnits,
+    awsDynamoDbTableProvisionedThroughput_writeCapacityUnits,
+
+    -- * AwsDynamoDbTableProvisionedThroughputOverride
+    AwsDynamoDbTableProvisionedThroughputOverride (..),
+    newAwsDynamoDbTableProvisionedThroughputOverride,
+    awsDynamoDbTableProvisionedThroughputOverride_readCapacityUnits,
+
+    -- * AwsDynamoDbTableReplica
+    AwsDynamoDbTableReplica (..),
+    newAwsDynamoDbTableReplica,
+    awsDynamoDbTableReplica_globalSecondaryIndexes,
+    awsDynamoDbTableReplica_kmsMasterKeyId,
+    awsDynamoDbTableReplica_provisionedThroughputOverride,
+    awsDynamoDbTableReplica_regionName,
+    awsDynamoDbTableReplica_replicaStatus,
+    awsDynamoDbTableReplica_replicaStatusDescription,
+
+    -- * AwsDynamoDbTableReplicaGlobalSecondaryIndex
+    AwsDynamoDbTableReplicaGlobalSecondaryIndex (..),
+    newAwsDynamoDbTableReplicaGlobalSecondaryIndex,
+    awsDynamoDbTableReplicaGlobalSecondaryIndex_indexName,
+    awsDynamoDbTableReplicaGlobalSecondaryIndex_provisionedThroughputOverride,
+
+    -- * AwsDynamoDbTableRestoreSummary
+    AwsDynamoDbTableRestoreSummary (..),
+    newAwsDynamoDbTableRestoreSummary,
+    awsDynamoDbTableRestoreSummary_restoreDateTime,
+    awsDynamoDbTableRestoreSummary_restoreInProgress,
+    awsDynamoDbTableRestoreSummary_sourceBackupArn,
+    awsDynamoDbTableRestoreSummary_sourceTableArn,
+
+    -- * AwsDynamoDbTableSseDescription
+    AwsDynamoDbTableSseDescription (..),
+    newAwsDynamoDbTableSseDescription,
+    awsDynamoDbTableSseDescription_inaccessibleEncryptionDateTime,
+    awsDynamoDbTableSseDescription_kmsMasterKeyArn,
+    awsDynamoDbTableSseDescription_sseType,
+    awsDynamoDbTableSseDescription_status,
+
+    -- * AwsDynamoDbTableStreamSpecification
+    AwsDynamoDbTableStreamSpecification (..),
+    newAwsDynamoDbTableStreamSpecification,
+    awsDynamoDbTableStreamSpecification_streamEnabled,
+    awsDynamoDbTableStreamSpecification_streamViewType,
+
+    -- * AwsEc2EipDetails
+    AwsEc2EipDetails (..),
+    newAwsEc2EipDetails,
+    awsEc2EipDetails_allocationId,
+    awsEc2EipDetails_associationId,
+    awsEc2EipDetails_domain,
+    awsEc2EipDetails_instanceId,
+    awsEc2EipDetails_networkBorderGroup,
+    awsEc2EipDetails_networkInterfaceId,
+    awsEc2EipDetails_networkInterfaceOwnerId,
+    awsEc2EipDetails_privateIpAddress,
+    awsEc2EipDetails_publicIp,
+    awsEc2EipDetails_publicIpv4Pool,
+
+    -- * AwsEc2InstanceDetails
+    AwsEc2InstanceDetails (..),
+    newAwsEc2InstanceDetails,
+    awsEc2InstanceDetails_iamInstanceProfileArn,
+    awsEc2InstanceDetails_imageId,
+    awsEc2InstanceDetails_ipV4Addresses,
+    awsEc2InstanceDetails_ipV6Addresses,
+    awsEc2InstanceDetails_keyName,
+    awsEc2InstanceDetails_launchedAt,
+    awsEc2InstanceDetails_metadataOptions,
+    awsEc2InstanceDetails_networkInterfaces,
+    awsEc2InstanceDetails_subnetId,
+    awsEc2InstanceDetails_type,
+    awsEc2InstanceDetails_virtualizationType,
+    awsEc2InstanceDetails_vpcId,
+
+    -- * AwsEc2InstanceMetadataOptions
+    AwsEc2InstanceMetadataOptions (..),
+    newAwsEc2InstanceMetadataOptions,
+    awsEc2InstanceMetadataOptions_httpEndpoint,
+    awsEc2InstanceMetadataOptions_httpProtocolIpv6,
+    awsEc2InstanceMetadataOptions_httpPutResponseHopLimit,
+    awsEc2InstanceMetadataOptions_httpTokens,
+    awsEc2InstanceMetadataOptions_instanceMetadataTags,
+
+    -- * AwsEc2InstanceNetworkInterfacesDetails
+    AwsEc2InstanceNetworkInterfacesDetails (..),
+    newAwsEc2InstanceNetworkInterfacesDetails,
+    awsEc2InstanceNetworkInterfacesDetails_networkInterfaceId,
+
+    -- * AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails (..),
+    newAwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_deviceName,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_ebs,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_noDevice,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_virtualName,
+
+    -- * AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails (..),
+    newAwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_deleteOnTermination,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_encrypted,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_iops,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_kmsKeyId,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_snapshotId,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_throughput,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_volumeSize,
+    awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_volumeType,
+
+    -- * AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails (..),
+    newAwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails,
+    awsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails_capacityReservationId,
+    awsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails_capacityReservationResourceGroupArn,
+
+    -- * AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails (..),
+    newAwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails,
+    awsEc2LaunchTemplateDataCapacityReservationSpecificationDetails_capacityReservationPreference,
+    awsEc2LaunchTemplateDataCapacityReservationSpecificationDetails_capacityReservationTarget,
+
+    -- * AwsEc2LaunchTemplateDataCpuOptionsDetails
+    AwsEc2LaunchTemplateDataCpuOptionsDetails (..),
+    newAwsEc2LaunchTemplateDataCpuOptionsDetails,
+    awsEc2LaunchTemplateDataCpuOptionsDetails_coreCount,
+    awsEc2LaunchTemplateDataCpuOptionsDetails_threadsPerCore,
+
+    -- * AwsEc2LaunchTemplateDataCreditSpecificationDetails
+    AwsEc2LaunchTemplateDataCreditSpecificationDetails (..),
+    newAwsEc2LaunchTemplateDataCreditSpecificationDetails,
+    awsEc2LaunchTemplateDataCreditSpecificationDetails_cpuCredits,
+
+    -- * AwsEc2LaunchTemplateDataDetails
+    AwsEc2LaunchTemplateDataDetails (..),
+    newAwsEc2LaunchTemplateDataDetails,
+    awsEc2LaunchTemplateDataDetails_blockDeviceMappingSet,
+    awsEc2LaunchTemplateDataDetails_capacityReservationSpecification,
+    awsEc2LaunchTemplateDataDetails_cpuOptions,
+    awsEc2LaunchTemplateDataDetails_creditSpecification,
+    awsEc2LaunchTemplateDataDetails_disableApiStop,
+    awsEc2LaunchTemplateDataDetails_disableApiTermination,
+    awsEc2LaunchTemplateDataDetails_ebsOptimized,
+    awsEc2LaunchTemplateDataDetails_elasticGpuSpecificationSet,
+    awsEc2LaunchTemplateDataDetails_elasticInferenceAcceleratorSet,
+    awsEc2LaunchTemplateDataDetails_enclaveOptions,
+    awsEc2LaunchTemplateDataDetails_hibernationOptions,
+    awsEc2LaunchTemplateDataDetails_iamInstanceProfile,
+    awsEc2LaunchTemplateDataDetails_imageId,
+    awsEc2LaunchTemplateDataDetails_instanceInitiatedShutdownBehavior,
+    awsEc2LaunchTemplateDataDetails_instanceMarketOptions,
+    awsEc2LaunchTemplateDataDetails_instanceRequirements,
+    awsEc2LaunchTemplateDataDetails_instanceType,
+    awsEc2LaunchTemplateDataDetails_kernelId,
+    awsEc2LaunchTemplateDataDetails_keyName,
+    awsEc2LaunchTemplateDataDetails_licenseSet,
+    awsEc2LaunchTemplateDataDetails_maintenanceOptions,
+    awsEc2LaunchTemplateDataDetails_metadataOptions,
+    awsEc2LaunchTemplateDataDetails_monitoring,
+    awsEc2LaunchTemplateDataDetails_networkInterfaceSet,
+    awsEc2LaunchTemplateDataDetails_placement,
+    awsEc2LaunchTemplateDataDetails_privateDnsNameOptions,
+    awsEc2LaunchTemplateDataDetails_ramDiskId,
+    awsEc2LaunchTemplateDataDetails_securityGroupIdSet,
+    awsEc2LaunchTemplateDataDetails_securityGroupSet,
+    awsEc2LaunchTemplateDataDetails_userData,
+
+    -- * AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails
+    AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails (..),
+    newAwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails,
+    awsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails_type,
+
+    -- * AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails
+    AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails (..),
+    newAwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails,
+    awsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails_count,
+    awsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails_type,
+
+    -- * AwsEc2LaunchTemplateDataEnclaveOptionsDetails
+    AwsEc2LaunchTemplateDataEnclaveOptionsDetails (..),
+    newAwsEc2LaunchTemplateDataEnclaveOptionsDetails,
+    awsEc2LaunchTemplateDataEnclaveOptionsDetails_enabled,
+
+    -- * AwsEc2LaunchTemplateDataHibernationOptionsDetails
+    AwsEc2LaunchTemplateDataHibernationOptionsDetails (..),
+    newAwsEc2LaunchTemplateDataHibernationOptionsDetails,
+    awsEc2LaunchTemplateDataHibernationOptionsDetails_configured,
+
+    -- * AwsEc2LaunchTemplateDataIamInstanceProfileDetails
+    AwsEc2LaunchTemplateDataIamInstanceProfileDetails (..),
+    newAwsEc2LaunchTemplateDataIamInstanceProfileDetails,
+    awsEc2LaunchTemplateDataIamInstanceProfileDetails_arn,
+    awsEc2LaunchTemplateDataIamInstanceProfileDetails_name,
+
+    -- * AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails (..),
+    newAwsEc2LaunchTemplateDataInstanceMarketOptionsDetails,
+    awsEc2LaunchTemplateDataInstanceMarketOptionsDetails_marketType,
+    awsEc2LaunchTemplateDataInstanceMarketOptionsDetails_spotOptions,
+
+    -- * AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails (..),
+    newAwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails,
+    awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_blockDurationMinutes,
+    awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_instanceInterruptionBehavior,
+    awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_maxPrice,
+    awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_spotInstanceType,
+    awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_validUntil,
+
+    -- * AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails (..),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails,
+    awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails_min,
+
+    -- * AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails (..),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails,
+    awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails_min,
+
+    -- * AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails (..),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails,
+    awsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails_min,
+
+    -- * AwsEc2LaunchTemplateDataInstanceRequirementsDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsDetails (..),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsDetails,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorCount,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorManufacturers,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorNames,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorTotalMemoryMiB,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorTypes,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_bareMetal,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_baselineEbsBandwidthMbps,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_burstablePerformance,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_cpuManufacturers,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_excludedInstanceTypes,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_instanceGenerations,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_localStorage,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_localStorageTypes,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_memoryGiBPerVCpu,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_memoryMiB,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_networkInterfaceCount,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_onDemandMaxPricePercentageOverLowestPrice,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_requireHibernateSupport,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_spotMaxPricePercentageOverLowestPrice,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_totalLocalStorageGB,
+    awsEc2LaunchTemplateDataInstanceRequirementsDetails_vCpuCount,
+
+    -- * AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails (..),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails,
+    awsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails_min,
+
+    -- * AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails (..),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails,
+    awsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails_min,
+
+    -- * AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails (..),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails,
+    awsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails_min,
+
+    -- * AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails (..),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails,
+    awsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails_min,
+
+    -- * AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails
+    AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails (..),
+    newAwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails,
+    awsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails_max,
+    awsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails_min,
+
+    -- * AwsEc2LaunchTemplateDataLicenseSetDetails
+    AwsEc2LaunchTemplateDataLicenseSetDetails (..),
+    newAwsEc2LaunchTemplateDataLicenseSetDetails,
+    awsEc2LaunchTemplateDataLicenseSetDetails_licenseConfigurationArn,
+
+    -- * AwsEc2LaunchTemplateDataMaintenanceOptionsDetails
+    AwsEc2LaunchTemplateDataMaintenanceOptionsDetails (..),
+    newAwsEc2LaunchTemplateDataMaintenanceOptionsDetails,
+    awsEc2LaunchTemplateDataMaintenanceOptionsDetails_autoRecovery,
+
+    -- * AwsEc2LaunchTemplateDataMetadataOptionsDetails
+    AwsEc2LaunchTemplateDataMetadataOptionsDetails (..),
+    newAwsEc2LaunchTemplateDataMetadataOptionsDetails,
+    awsEc2LaunchTemplateDataMetadataOptionsDetails_httpEndpoint,
+    awsEc2LaunchTemplateDataMetadataOptionsDetails_httpProtocolIpv6,
+    awsEc2LaunchTemplateDataMetadataOptionsDetails_httpPutResponseHopLimit,
+    awsEc2LaunchTemplateDataMetadataOptionsDetails_httpTokens,
+    awsEc2LaunchTemplateDataMetadataOptionsDetails_instanceMetadataTags,
+
+    -- * AwsEc2LaunchTemplateDataMonitoringDetails
+    AwsEc2LaunchTemplateDataMonitoringDetails (..),
+    newAwsEc2LaunchTemplateDataMonitoringDetails,
+    awsEc2LaunchTemplateDataMonitoringDetails_enabled,
+
+    -- * AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (..),
+    newAwsEc2LaunchTemplateDataNetworkInterfaceSetDetails,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_associateCarrierIpAddress,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_associatePublicIpAddress,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_deleteOnTermination,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_description,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_deviceIndex,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_groups,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_interfaceType,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv4PrefixCount,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv4Prefixes,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6AddressCount,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6Addresses,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6PrefixCount,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6Prefixes,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_networkCardIndex,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_networkInterfaceId,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_privateIpAddress,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_privateIpAddresses,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_secondaryPrivateIpAddressCount,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_subnetId,
+
+    -- * AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails (..),
+    newAwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails_ipv4Prefix,
+
+    -- * AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails (..),
+    newAwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails_ipv6Address,
+
+    -- * AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails (..),
+    newAwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails_ipv6Prefix,
+
+    -- * AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails (..),
+    newAwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails_primary,
+    awsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails_privateIpAddress,
+
+    -- * AwsEc2LaunchTemplateDataPlacementDetails
+    AwsEc2LaunchTemplateDataPlacementDetails (..),
+    newAwsEc2LaunchTemplateDataPlacementDetails,
+    awsEc2LaunchTemplateDataPlacementDetails_affinity,
+    awsEc2LaunchTemplateDataPlacementDetails_availabilityZone,
+    awsEc2LaunchTemplateDataPlacementDetails_groupName,
+    awsEc2LaunchTemplateDataPlacementDetails_hostId,
+    awsEc2LaunchTemplateDataPlacementDetails_hostResourceGroupArn,
+    awsEc2LaunchTemplateDataPlacementDetails_partitionNumber,
+    awsEc2LaunchTemplateDataPlacementDetails_spreadDomain,
+    awsEc2LaunchTemplateDataPlacementDetails_tenancy,
+
+    -- * AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails
+    AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails (..),
+    newAwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails,
+    awsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails_enableResourceNameDnsAAAARecord,
+    awsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails_enableResourceNameDnsARecord,
+    awsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails_hostnameType,
+
+    -- * AwsEc2LaunchTemplateDetails
+    AwsEc2LaunchTemplateDetails (..),
+    newAwsEc2LaunchTemplateDetails,
+    awsEc2LaunchTemplateDetails_defaultVersionNumber,
+    awsEc2LaunchTemplateDetails_id,
+    awsEc2LaunchTemplateDetails_latestVersionNumber,
+    awsEc2LaunchTemplateDetails_launchTemplateData,
+    awsEc2LaunchTemplateDetails_launchTemplateName,
+
+    -- * AwsEc2NetworkAclAssociation
+    AwsEc2NetworkAclAssociation (..),
+    newAwsEc2NetworkAclAssociation,
+    awsEc2NetworkAclAssociation_networkAclAssociationId,
+    awsEc2NetworkAclAssociation_networkAclId,
+    awsEc2NetworkAclAssociation_subnetId,
+
+    -- * AwsEc2NetworkAclDetails
+    AwsEc2NetworkAclDetails (..),
+    newAwsEc2NetworkAclDetails,
+    awsEc2NetworkAclDetails_associations,
+    awsEc2NetworkAclDetails_entries,
+    awsEc2NetworkAclDetails_isDefault,
+    awsEc2NetworkAclDetails_networkAclId,
+    awsEc2NetworkAclDetails_ownerId,
+    awsEc2NetworkAclDetails_vpcId,
+
+    -- * AwsEc2NetworkAclEntry
+    AwsEc2NetworkAclEntry (..),
+    newAwsEc2NetworkAclEntry,
+    awsEc2NetworkAclEntry_cidrBlock,
+    awsEc2NetworkAclEntry_egress,
+    awsEc2NetworkAclEntry_icmpTypeCode,
+    awsEc2NetworkAclEntry_ipv6CidrBlock,
+    awsEc2NetworkAclEntry_portRange,
+    awsEc2NetworkAclEntry_protocol,
+    awsEc2NetworkAclEntry_ruleAction,
+    awsEc2NetworkAclEntry_ruleNumber,
+
+    -- * AwsEc2NetworkInterfaceAttachment
+    AwsEc2NetworkInterfaceAttachment (..),
+    newAwsEc2NetworkInterfaceAttachment,
+    awsEc2NetworkInterfaceAttachment_attachTime,
+    awsEc2NetworkInterfaceAttachment_attachmentId,
+    awsEc2NetworkInterfaceAttachment_deleteOnTermination,
+    awsEc2NetworkInterfaceAttachment_deviceIndex,
+    awsEc2NetworkInterfaceAttachment_instanceId,
+    awsEc2NetworkInterfaceAttachment_instanceOwnerId,
+    awsEc2NetworkInterfaceAttachment_status,
+
+    -- * AwsEc2NetworkInterfaceDetails
+    AwsEc2NetworkInterfaceDetails (..),
+    newAwsEc2NetworkInterfaceDetails,
+    awsEc2NetworkInterfaceDetails_attachment,
+    awsEc2NetworkInterfaceDetails_ipV6Addresses,
+    awsEc2NetworkInterfaceDetails_networkInterfaceId,
+    awsEc2NetworkInterfaceDetails_privateIpAddresses,
+    awsEc2NetworkInterfaceDetails_publicDnsName,
+    awsEc2NetworkInterfaceDetails_publicIp,
+    awsEc2NetworkInterfaceDetails_securityGroups,
+    awsEc2NetworkInterfaceDetails_sourceDestCheck,
+
+    -- * AwsEc2NetworkInterfaceIpV6AddressDetail
+    AwsEc2NetworkInterfaceIpV6AddressDetail (..),
+    newAwsEc2NetworkInterfaceIpV6AddressDetail,
+    awsEc2NetworkInterfaceIpV6AddressDetail_ipV6Address,
+
+    -- * AwsEc2NetworkInterfacePrivateIpAddressDetail
+    AwsEc2NetworkInterfacePrivateIpAddressDetail (..),
+    newAwsEc2NetworkInterfacePrivateIpAddressDetail,
+    awsEc2NetworkInterfacePrivateIpAddressDetail_privateDnsName,
+    awsEc2NetworkInterfacePrivateIpAddressDetail_privateIpAddress,
+
+    -- * AwsEc2NetworkInterfaceSecurityGroup
+    AwsEc2NetworkInterfaceSecurityGroup (..),
+    newAwsEc2NetworkInterfaceSecurityGroup,
+    awsEc2NetworkInterfaceSecurityGroup_groupId,
+    awsEc2NetworkInterfaceSecurityGroup_groupName,
+
+    -- * AwsEc2SecurityGroupDetails
+    AwsEc2SecurityGroupDetails (..),
+    newAwsEc2SecurityGroupDetails,
+    awsEc2SecurityGroupDetails_groupId,
+    awsEc2SecurityGroupDetails_groupName,
+    awsEc2SecurityGroupDetails_ipPermissions,
+    awsEc2SecurityGroupDetails_ipPermissionsEgress,
+    awsEc2SecurityGroupDetails_ownerId,
+    awsEc2SecurityGroupDetails_vpcId,
+
+    -- * AwsEc2SecurityGroupIpPermission
+    AwsEc2SecurityGroupIpPermission (..),
+    newAwsEc2SecurityGroupIpPermission,
+    awsEc2SecurityGroupIpPermission_fromPort,
+    awsEc2SecurityGroupIpPermission_ipProtocol,
+    awsEc2SecurityGroupIpPermission_ipRanges,
+    awsEc2SecurityGroupIpPermission_ipv6Ranges,
+    awsEc2SecurityGroupIpPermission_prefixListIds,
+    awsEc2SecurityGroupIpPermission_toPort,
+    awsEc2SecurityGroupIpPermission_userIdGroupPairs,
+
+    -- * AwsEc2SecurityGroupIpRange
+    AwsEc2SecurityGroupIpRange (..),
+    newAwsEc2SecurityGroupIpRange,
+    awsEc2SecurityGroupIpRange_cidrIp,
+
+    -- * AwsEc2SecurityGroupIpv6Range
+    AwsEc2SecurityGroupIpv6Range (..),
+    newAwsEc2SecurityGroupIpv6Range,
+    awsEc2SecurityGroupIpv6Range_cidrIpv6,
+
+    -- * AwsEc2SecurityGroupPrefixListId
+    AwsEc2SecurityGroupPrefixListId (..),
+    newAwsEc2SecurityGroupPrefixListId,
+    awsEc2SecurityGroupPrefixListId_prefixListId,
+
+    -- * AwsEc2SecurityGroupUserIdGroupPair
+    AwsEc2SecurityGroupUserIdGroupPair (..),
+    newAwsEc2SecurityGroupUserIdGroupPair,
+    awsEc2SecurityGroupUserIdGroupPair_groupId,
+    awsEc2SecurityGroupUserIdGroupPair_groupName,
+    awsEc2SecurityGroupUserIdGroupPair_peeringStatus,
+    awsEc2SecurityGroupUserIdGroupPair_userId,
+    awsEc2SecurityGroupUserIdGroupPair_vpcId,
+    awsEc2SecurityGroupUserIdGroupPair_vpcPeeringConnectionId,
+
+    -- * AwsEc2SubnetDetails
+    AwsEc2SubnetDetails (..),
+    newAwsEc2SubnetDetails,
+    awsEc2SubnetDetails_assignIpv6AddressOnCreation,
+    awsEc2SubnetDetails_availabilityZone,
+    awsEc2SubnetDetails_availabilityZoneId,
+    awsEc2SubnetDetails_availableIpAddressCount,
+    awsEc2SubnetDetails_cidrBlock,
+    awsEc2SubnetDetails_defaultForAz,
+    awsEc2SubnetDetails_ipv6CidrBlockAssociationSet,
+    awsEc2SubnetDetails_mapPublicIpOnLaunch,
+    awsEc2SubnetDetails_ownerId,
+    awsEc2SubnetDetails_state,
+    awsEc2SubnetDetails_subnetArn,
+    awsEc2SubnetDetails_subnetId,
+    awsEc2SubnetDetails_vpcId,
+
+    -- * AwsEc2TransitGatewayDetails
+    AwsEc2TransitGatewayDetails (..),
+    newAwsEc2TransitGatewayDetails,
+    awsEc2TransitGatewayDetails_amazonSideAsn,
+    awsEc2TransitGatewayDetails_associationDefaultRouteTableId,
+    awsEc2TransitGatewayDetails_autoAcceptSharedAttachments,
+    awsEc2TransitGatewayDetails_defaultRouteTableAssociation,
+    awsEc2TransitGatewayDetails_defaultRouteTablePropagation,
+    awsEc2TransitGatewayDetails_description,
+    awsEc2TransitGatewayDetails_dnsSupport,
+    awsEc2TransitGatewayDetails_id,
+    awsEc2TransitGatewayDetails_multicastSupport,
+    awsEc2TransitGatewayDetails_propagationDefaultRouteTableId,
+    awsEc2TransitGatewayDetails_transitGatewayCidrBlocks,
+    awsEc2TransitGatewayDetails_vpnEcmpSupport,
+
+    -- * AwsEc2VolumeAttachment
+    AwsEc2VolumeAttachment (..),
+    newAwsEc2VolumeAttachment,
+    awsEc2VolumeAttachment_attachTime,
+    awsEc2VolumeAttachment_deleteOnTermination,
+    awsEc2VolumeAttachment_instanceId,
+    awsEc2VolumeAttachment_status,
+
+    -- * AwsEc2VolumeDetails
+    AwsEc2VolumeDetails (..),
+    newAwsEc2VolumeDetails,
+    awsEc2VolumeDetails_attachments,
+    awsEc2VolumeDetails_createTime,
+    awsEc2VolumeDetails_deviceName,
+    awsEc2VolumeDetails_encrypted,
+    awsEc2VolumeDetails_kmsKeyId,
+    awsEc2VolumeDetails_size,
+    awsEc2VolumeDetails_snapshotId,
+    awsEc2VolumeDetails_status,
+    awsEc2VolumeDetails_volumeId,
+    awsEc2VolumeDetails_volumeScanStatus,
+    awsEc2VolumeDetails_volumeType,
+
+    -- * AwsEc2VpcDetails
+    AwsEc2VpcDetails (..),
+    newAwsEc2VpcDetails,
+    awsEc2VpcDetails_cidrBlockAssociationSet,
+    awsEc2VpcDetails_dhcpOptionsId,
+    awsEc2VpcDetails_ipv6CidrBlockAssociationSet,
+    awsEc2VpcDetails_state,
+
+    -- * AwsEc2VpcEndpointServiceDetails
+    AwsEc2VpcEndpointServiceDetails (..),
+    newAwsEc2VpcEndpointServiceDetails,
+    awsEc2VpcEndpointServiceDetails_acceptanceRequired,
+    awsEc2VpcEndpointServiceDetails_availabilityZones,
+    awsEc2VpcEndpointServiceDetails_baseEndpointDnsNames,
+    awsEc2VpcEndpointServiceDetails_gatewayLoadBalancerArns,
+    awsEc2VpcEndpointServiceDetails_managesVpcEndpoints,
+    awsEc2VpcEndpointServiceDetails_networkLoadBalancerArns,
+    awsEc2VpcEndpointServiceDetails_privateDnsName,
+    awsEc2VpcEndpointServiceDetails_serviceId,
+    awsEc2VpcEndpointServiceDetails_serviceName,
+    awsEc2VpcEndpointServiceDetails_serviceState,
+    awsEc2VpcEndpointServiceDetails_serviceType,
+
+    -- * AwsEc2VpcEndpointServiceServiceTypeDetails
+    AwsEc2VpcEndpointServiceServiceTypeDetails (..),
+    newAwsEc2VpcEndpointServiceServiceTypeDetails,
+    awsEc2VpcEndpointServiceServiceTypeDetails_serviceType,
+
+    -- * AwsEc2VpcPeeringConnectionDetails
+    AwsEc2VpcPeeringConnectionDetails (..),
+    newAwsEc2VpcPeeringConnectionDetails,
+    awsEc2VpcPeeringConnectionDetails_accepterVpcInfo,
+    awsEc2VpcPeeringConnectionDetails_expirationTime,
+    awsEc2VpcPeeringConnectionDetails_requesterVpcInfo,
+    awsEc2VpcPeeringConnectionDetails_status,
+    awsEc2VpcPeeringConnectionDetails_vpcPeeringConnectionId,
+
+    -- * AwsEc2VpcPeeringConnectionStatusDetails
+    AwsEc2VpcPeeringConnectionStatusDetails (..),
+    newAwsEc2VpcPeeringConnectionStatusDetails,
+    awsEc2VpcPeeringConnectionStatusDetails_code,
+    awsEc2VpcPeeringConnectionStatusDetails_message,
+
+    -- * AwsEc2VpcPeeringConnectionVpcInfoDetails
+    AwsEc2VpcPeeringConnectionVpcInfoDetails (..),
+    newAwsEc2VpcPeeringConnectionVpcInfoDetails,
+    awsEc2VpcPeeringConnectionVpcInfoDetails_cidrBlock,
+    awsEc2VpcPeeringConnectionVpcInfoDetails_cidrBlockSet,
+    awsEc2VpcPeeringConnectionVpcInfoDetails_ipv6CidrBlockSet,
+    awsEc2VpcPeeringConnectionVpcInfoDetails_ownerId,
+    awsEc2VpcPeeringConnectionVpcInfoDetails_peeringOptions,
+    awsEc2VpcPeeringConnectionVpcInfoDetails_region,
+    awsEc2VpcPeeringConnectionVpcInfoDetails_vpcId,
+
+    -- * AwsEc2VpnConnectionDetails
+    AwsEc2VpnConnectionDetails (..),
+    newAwsEc2VpnConnectionDetails,
+    awsEc2VpnConnectionDetails_category,
+    awsEc2VpnConnectionDetails_customerGatewayConfiguration,
+    awsEc2VpnConnectionDetails_customerGatewayId,
+    awsEc2VpnConnectionDetails_options,
+    awsEc2VpnConnectionDetails_routes,
+    awsEc2VpnConnectionDetails_state,
+    awsEc2VpnConnectionDetails_transitGatewayId,
+    awsEc2VpnConnectionDetails_type,
+    awsEc2VpnConnectionDetails_vgwTelemetry,
+    awsEc2VpnConnectionDetails_vpnConnectionId,
+    awsEc2VpnConnectionDetails_vpnGatewayId,
+
+    -- * AwsEc2VpnConnectionOptionsDetails
+    AwsEc2VpnConnectionOptionsDetails (..),
+    newAwsEc2VpnConnectionOptionsDetails,
+    awsEc2VpnConnectionOptionsDetails_staticRoutesOnly,
+    awsEc2VpnConnectionOptionsDetails_tunnelOptions,
+
+    -- * AwsEc2VpnConnectionOptionsTunnelOptionsDetails
+    AwsEc2VpnConnectionOptionsTunnelOptionsDetails (..),
+    newAwsEc2VpnConnectionOptionsTunnelOptionsDetails,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_dpdTimeoutSeconds,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_ikeVersions,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_outsideIpAddress,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1DhGroupNumbers,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1EncryptionAlgorithms,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1IntegrityAlgorithms,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1LifetimeSeconds,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2DhGroupNumbers,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2EncryptionAlgorithms,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2IntegrityAlgorithms,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2LifetimeSeconds,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_preSharedKey,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_rekeyFuzzPercentage,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_rekeyMarginTimeSeconds,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_replayWindowSize,
+    awsEc2VpnConnectionOptionsTunnelOptionsDetails_tunnelInsideCidr,
+
+    -- * AwsEc2VpnConnectionRoutesDetails
+    AwsEc2VpnConnectionRoutesDetails (..),
+    newAwsEc2VpnConnectionRoutesDetails,
+    awsEc2VpnConnectionRoutesDetails_destinationCidrBlock,
+    awsEc2VpnConnectionRoutesDetails_state,
+
+    -- * AwsEc2VpnConnectionVgwTelemetryDetails
+    AwsEc2VpnConnectionVgwTelemetryDetails (..),
+    newAwsEc2VpnConnectionVgwTelemetryDetails,
+    awsEc2VpnConnectionVgwTelemetryDetails_acceptedRouteCount,
+    awsEc2VpnConnectionVgwTelemetryDetails_certificateArn,
+    awsEc2VpnConnectionVgwTelemetryDetails_lastStatusChange,
+    awsEc2VpnConnectionVgwTelemetryDetails_outsideIpAddress,
+    awsEc2VpnConnectionVgwTelemetryDetails_status,
+    awsEc2VpnConnectionVgwTelemetryDetails_statusMessage,
+
+    -- * AwsEcrContainerImageDetails
+    AwsEcrContainerImageDetails (..),
+    newAwsEcrContainerImageDetails,
+    awsEcrContainerImageDetails_architecture,
+    awsEcrContainerImageDetails_imageDigest,
+    awsEcrContainerImageDetails_imagePublishedAt,
+    awsEcrContainerImageDetails_imageTags,
+    awsEcrContainerImageDetails_registryId,
+    awsEcrContainerImageDetails_repositoryName,
+
+    -- * AwsEcrRepositoryDetails
+    AwsEcrRepositoryDetails (..),
+    newAwsEcrRepositoryDetails,
+    awsEcrRepositoryDetails_arn,
+    awsEcrRepositoryDetails_imageScanningConfiguration,
+    awsEcrRepositoryDetails_imageTagMutability,
+    awsEcrRepositoryDetails_lifecyclePolicy,
+    awsEcrRepositoryDetails_repositoryName,
+    awsEcrRepositoryDetails_repositoryPolicyText,
+
+    -- * AwsEcrRepositoryImageScanningConfigurationDetails
+    AwsEcrRepositoryImageScanningConfigurationDetails (..),
+    newAwsEcrRepositoryImageScanningConfigurationDetails,
+    awsEcrRepositoryImageScanningConfigurationDetails_scanOnPush,
+
+    -- * AwsEcrRepositoryLifecyclePolicyDetails
+    AwsEcrRepositoryLifecyclePolicyDetails (..),
+    newAwsEcrRepositoryLifecyclePolicyDetails,
+    awsEcrRepositoryLifecyclePolicyDetails_lifecyclePolicyText,
+    awsEcrRepositoryLifecyclePolicyDetails_registryId,
+
+    -- * AwsEcsClusterClusterSettingsDetails
+    AwsEcsClusterClusterSettingsDetails (..),
+    newAwsEcsClusterClusterSettingsDetails,
+    awsEcsClusterClusterSettingsDetails_name,
+    awsEcsClusterClusterSettingsDetails_value,
+
+    -- * AwsEcsClusterConfigurationDetails
+    AwsEcsClusterConfigurationDetails (..),
+    newAwsEcsClusterConfigurationDetails,
+    awsEcsClusterConfigurationDetails_executeCommandConfiguration,
+
+    -- * AwsEcsClusterConfigurationExecuteCommandConfigurationDetails
+    AwsEcsClusterConfigurationExecuteCommandConfigurationDetails (..),
+    newAwsEcsClusterConfigurationExecuteCommandConfigurationDetails,
+    awsEcsClusterConfigurationExecuteCommandConfigurationDetails_kmsKeyId,
+    awsEcsClusterConfigurationExecuteCommandConfigurationDetails_logConfiguration,
+    awsEcsClusterConfigurationExecuteCommandConfigurationDetails_logging,
+
+    -- * AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails
+    AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails (..),
+    newAwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails,
+    awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_cloudWatchEncryptionEnabled,
+    awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_cloudWatchLogGroupName,
+    awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_s3BucketName,
+    awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_s3EncryptionEnabled,
+    awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_s3KeyPrefix,
+
+    -- * AwsEcsClusterDefaultCapacityProviderStrategyDetails
+    AwsEcsClusterDefaultCapacityProviderStrategyDetails (..),
+    newAwsEcsClusterDefaultCapacityProviderStrategyDetails,
+    awsEcsClusterDefaultCapacityProviderStrategyDetails_base,
+    awsEcsClusterDefaultCapacityProviderStrategyDetails_capacityProvider,
+    awsEcsClusterDefaultCapacityProviderStrategyDetails_weight,
+
+    -- * AwsEcsClusterDetails
+    AwsEcsClusterDetails (..),
+    newAwsEcsClusterDetails,
+    awsEcsClusterDetails_activeServicesCount,
+    awsEcsClusterDetails_capacityProviders,
+    awsEcsClusterDetails_clusterArn,
+    awsEcsClusterDetails_clusterName,
+    awsEcsClusterDetails_clusterSettings,
+    awsEcsClusterDetails_configuration,
+    awsEcsClusterDetails_defaultCapacityProviderStrategy,
+    awsEcsClusterDetails_registeredContainerInstancesCount,
+    awsEcsClusterDetails_runningTasksCount,
+    awsEcsClusterDetails_status,
+
+    -- * AwsEcsContainerDetails
+    AwsEcsContainerDetails (..),
+    newAwsEcsContainerDetails,
+    awsEcsContainerDetails_image,
+    awsEcsContainerDetails_mountPoints,
+    awsEcsContainerDetails_name,
+    awsEcsContainerDetails_privileged,
+
+    -- * AwsEcsServiceCapacityProviderStrategyDetails
+    AwsEcsServiceCapacityProviderStrategyDetails (..),
+    newAwsEcsServiceCapacityProviderStrategyDetails,
+    awsEcsServiceCapacityProviderStrategyDetails_base,
+    awsEcsServiceCapacityProviderStrategyDetails_capacityProvider,
+    awsEcsServiceCapacityProviderStrategyDetails_weight,
+
+    -- * AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails
+    AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails (..),
+    newAwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails,
+    awsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails_enable,
+    awsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails_rollback,
+
+    -- * AwsEcsServiceDeploymentConfigurationDetails
+    AwsEcsServiceDeploymentConfigurationDetails (..),
+    newAwsEcsServiceDeploymentConfigurationDetails,
+    awsEcsServiceDeploymentConfigurationDetails_deploymentCircuitBreaker,
+    awsEcsServiceDeploymentConfigurationDetails_maximumPercent,
+    awsEcsServiceDeploymentConfigurationDetails_minimumHealthyPercent,
+
+    -- * AwsEcsServiceDeploymentControllerDetails
+    AwsEcsServiceDeploymentControllerDetails (..),
+    newAwsEcsServiceDeploymentControllerDetails,
+    awsEcsServiceDeploymentControllerDetails_type,
+
+    -- * AwsEcsServiceDetails
+    AwsEcsServiceDetails (..),
+    newAwsEcsServiceDetails,
+    awsEcsServiceDetails_capacityProviderStrategy,
+    awsEcsServiceDetails_cluster,
+    awsEcsServiceDetails_deploymentConfiguration,
+    awsEcsServiceDetails_deploymentController,
+    awsEcsServiceDetails_desiredCount,
+    awsEcsServiceDetails_enableEcsManagedTags,
+    awsEcsServiceDetails_enableExecuteCommand,
+    awsEcsServiceDetails_healthCheckGracePeriodSeconds,
+    awsEcsServiceDetails_launchType,
+    awsEcsServiceDetails_loadBalancers,
+    awsEcsServiceDetails_name,
+    awsEcsServiceDetails_networkConfiguration,
+    awsEcsServiceDetails_placementConstraints,
+    awsEcsServiceDetails_placementStrategies,
+    awsEcsServiceDetails_platformVersion,
+    awsEcsServiceDetails_propagateTags,
+    awsEcsServiceDetails_role,
+    awsEcsServiceDetails_schedulingStrategy,
+    awsEcsServiceDetails_serviceArn,
+    awsEcsServiceDetails_serviceName,
+    awsEcsServiceDetails_serviceRegistries,
+    awsEcsServiceDetails_taskDefinition,
+
+    -- * AwsEcsServiceLoadBalancersDetails
+    AwsEcsServiceLoadBalancersDetails (..),
+    newAwsEcsServiceLoadBalancersDetails,
+    awsEcsServiceLoadBalancersDetails_containerName,
+    awsEcsServiceLoadBalancersDetails_containerPort,
+    awsEcsServiceLoadBalancersDetails_loadBalancerName,
+    awsEcsServiceLoadBalancersDetails_targetGroupArn,
+
+    -- * AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails
+    AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails (..),
+    newAwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails,
+    awsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails_assignPublicIp,
+    awsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails_securityGroups,
+    awsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails_subnets,
+
+    -- * AwsEcsServiceNetworkConfigurationDetails
+    AwsEcsServiceNetworkConfigurationDetails (..),
+    newAwsEcsServiceNetworkConfigurationDetails,
+    awsEcsServiceNetworkConfigurationDetails_awsVpcConfiguration,
+
+    -- * AwsEcsServicePlacementConstraintsDetails
+    AwsEcsServicePlacementConstraintsDetails (..),
+    newAwsEcsServicePlacementConstraintsDetails,
+    awsEcsServicePlacementConstraintsDetails_expression,
+    awsEcsServicePlacementConstraintsDetails_type,
+
+    -- * AwsEcsServicePlacementStrategiesDetails
+    AwsEcsServicePlacementStrategiesDetails (..),
+    newAwsEcsServicePlacementStrategiesDetails,
+    awsEcsServicePlacementStrategiesDetails_field,
+    awsEcsServicePlacementStrategiesDetails_type,
+
+    -- * AwsEcsServiceServiceRegistriesDetails
+    AwsEcsServiceServiceRegistriesDetails (..),
+    newAwsEcsServiceServiceRegistriesDetails,
+    awsEcsServiceServiceRegistriesDetails_containerName,
+    awsEcsServiceServiceRegistriesDetails_containerPort,
+    awsEcsServiceServiceRegistriesDetails_port,
+    awsEcsServiceServiceRegistriesDetails_registryArn,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails
+    AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails,
+    awsEcsTaskDefinitionContainerDefinitionsDependsOnDetails_condition,
+    awsEcsTaskDefinitionContainerDefinitionsDependsOnDetails_containerName,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsDetails,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_command,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_cpu,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_dependsOn,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_disableNetworking,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_dnsSearchDomains,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_dnsServers,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_dockerLabels,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_dockerSecurityOptions,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_entryPoint,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_environment,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_environmentFiles,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_essential,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_extraHosts,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_firelensConfiguration,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_healthCheck,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_hostname,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_image,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_interactive,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_links,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_linuxParameters,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_logConfiguration,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_memory,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_memoryReservation,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_mountPoints,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_name,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_portMappings,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_privileged,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_pseudoTerminal,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_readonlyRootFilesystem,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_repositoryCredentials,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_resourceRequirements,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_secrets,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_startTimeout,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_stopTimeout,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_systemControls,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_ulimits,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_user,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_volumesFrom,
+    awsEcsTaskDefinitionContainerDefinitionsDetails_workingDirectory,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails,
+    awsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails_name,
+    awsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails_value,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails,
+    awsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails_type,
+    awsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails_value,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails,
+    awsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails_hostname,
+    awsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails_ipAddress,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails
+    AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails,
+    awsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails_options,
+    awsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails_type,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails
+    AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails,
+    awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_command,
+    awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_interval,
+    awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_retries,
+    awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_startPeriod,
+    awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_timeout,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails_add,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails_drop,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_capabilities,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_devices,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_initProcessEnabled,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_maxSwap,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_sharedMemorySize,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_swappiness,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_tmpfs,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails_containerPath,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails_hostPath,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails_permissions,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails_containerPath,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails_mountOptions,
+    awsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails_size,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails,
+    awsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails_logDriver,
+    awsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails_options,
+    awsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails_secretOptions,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails,
+    awsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails_name,
+    awsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails_valueFrom,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails,
+    awsEcsTaskDefinitionContainerDefinitionsMountPointsDetails_containerPath,
+    awsEcsTaskDefinitionContainerDefinitionsMountPointsDetails_readOnly,
+    awsEcsTaskDefinitionContainerDefinitionsMountPointsDetails_sourceVolume,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails,
+    awsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails_containerPort,
+    awsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails_hostPort,
+    awsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails_protocol,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails,
+    awsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails_credentialsParameter,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails,
+    awsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails_type,
+    awsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails_value,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsSecretsDetails,
+    awsEcsTaskDefinitionContainerDefinitionsSecretsDetails_name,
+    awsEcsTaskDefinitionContainerDefinitionsSecretsDetails_valueFrom,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails,
+    awsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails_namespace,
+    awsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails_value,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails
+    AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails,
+    awsEcsTaskDefinitionContainerDefinitionsUlimitsDetails_hardLimit,
+    awsEcsTaskDefinitionContainerDefinitionsUlimitsDetails_name,
+    awsEcsTaskDefinitionContainerDefinitionsUlimitsDetails_softLimit,
+
+    -- * AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails
+    AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails (..),
+    newAwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails,
+    awsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails_readOnly,
+    awsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails_sourceContainer,
+
+    -- * AwsEcsTaskDefinitionDetails
+    AwsEcsTaskDefinitionDetails (..),
+    newAwsEcsTaskDefinitionDetails,
+    awsEcsTaskDefinitionDetails_containerDefinitions,
+    awsEcsTaskDefinitionDetails_cpu,
+    awsEcsTaskDefinitionDetails_executionRoleArn,
+    awsEcsTaskDefinitionDetails_family,
+    awsEcsTaskDefinitionDetails_inferenceAccelerators,
+    awsEcsTaskDefinitionDetails_ipcMode,
+    awsEcsTaskDefinitionDetails_memory,
+    awsEcsTaskDefinitionDetails_networkMode,
+    awsEcsTaskDefinitionDetails_pidMode,
+    awsEcsTaskDefinitionDetails_placementConstraints,
+    awsEcsTaskDefinitionDetails_proxyConfiguration,
+    awsEcsTaskDefinitionDetails_requiresCompatibilities,
+    awsEcsTaskDefinitionDetails_taskRoleArn,
+    awsEcsTaskDefinitionDetails_volumes,
+
+    -- * AwsEcsTaskDefinitionInferenceAcceleratorsDetails
+    AwsEcsTaskDefinitionInferenceAcceleratorsDetails (..),
+    newAwsEcsTaskDefinitionInferenceAcceleratorsDetails,
+    awsEcsTaskDefinitionInferenceAcceleratorsDetails_deviceName,
+    awsEcsTaskDefinitionInferenceAcceleratorsDetails_deviceType,
+
+    -- * AwsEcsTaskDefinitionPlacementConstraintsDetails
+    AwsEcsTaskDefinitionPlacementConstraintsDetails (..),
+    newAwsEcsTaskDefinitionPlacementConstraintsDetails,
+    awsEcsTaskDefinitionPlacementConstraintsDetails_expression,
+    awsEcsTaskDefinitionPlacementConstraintsDetails_type,
+
+    -- * AwsEcsTaskDefinitionProxyConfigurationDetails
+    AwsEcsTaskDefinitionProxyConfigurationDetails (..),
+    newAwsEcsTaskDefinitionProxyConfigurationDetails,
+    awsEcsTaskDefinitionProxyConfigurationDetails_containerName,
+    awsEcsTaskDefinitionProxyConfigurationDetails_proxyConfigurationProperties,
+    awsEcsTaskDefinitionProxyConfigurationDetails_type,
+
+    -- * AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails
+    AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails (..),
+    newAwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails,
+    awsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails_name,
+    awsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails_value,
+
+    -- * AwsEcsTaskDefinitionVolumesDetails
+    AwsEcsTaskDefinitionVolumesDetails (..),
+    newAwsEcsTaskDefinitionVolumesDetails,
+    awsEcsTaskDefinitionVolumesDetails_dockerVolumeConfiguration,
+    awsEcsTaskDefinitionVolumesDetails_efsVolumeConfiguration,
+    awsEcsTaskDefinitionVolumesDetails_host,
+    awsEcsTaskDefinitionVolumesDetails_name,
+
+    -- * AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails
+    AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails (..),
+    newAwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails,
+    awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_autoprovision,
+    awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_driver,
+    awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_driverOpts,
+    awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_labels,
+    awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_scope,
+
+    -- * AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails (..),
+    newAwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails,
+    awsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails_accessPointId,
+    awsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails_iam,
+
+    -- * AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails (..),
+    newAwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails,
+    awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_authorizationConfig,
+    awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_filesystemId,
+    awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_rootDirectory,
+    awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_transitEncryption,
+    awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_transitEncryptionPort,
+
+    -- * AwsEcsTaskDefinitionVolumesHostDetails
+    AwsEcsTaskDefinitionVolumesHostDetails (..),
+    newAwsEcsTaskDefinitionVolumesHostDetails,
+    awsEcsTaskDefinitionVolumesHostDetails_sourcePath,
+
+    -- * AwsEcsTaskDetails
+    AwsEcsTaskDetails (..),
+    newAwsEcsTaskDetails,
+    awsEcsTaskDetails_clusterArn,
+    awsEcsTaskDetails_containers,
+    awsEcsTaskDetails_createdAt,
+    awsEcsTaskDetails_group,
+    awsEcsTaskDetails_startedAt,
+    awsEcsTaskDetails_startedBy,
+    awsEcsTaskDetails_taskDefinitionArn,
+    awsEcsTaskDetails_version,
+    awsEcsTaskDetails_volumes,
+
+    -- * AwsEcsTaskVolumeDetails
+    AwsEcsTaskVolumeDetails (..),
+    newAwsEcsTaskVolumeDetails,
+    awsEcsTaskVolumeDetails_host,
+    awsEcsTaskVolumeDetails_name,
+
+    -- * AwsEcsTaskVolumeHostDetails
+    AwsEcsTaskVolumeHostDetails (..),
+    newAwsEcsTaskVolumeHostDetails,
+    awsEcsTaskVolumeHostDetails_sourcePath,
+
+    -- * AwsEfsAccessPointDetails
+    AwsEfsAccessPointDetails (..),
+    newAwsEfsAccessPointDetails,
+    awsEfsAccessPointDetails_accessPointId,
+    awsEfsAccessPointDetails_arn,
+    awsEfsAccessPointDetails_clientToken,
+    awsEfsAccessPointDetails_fileSystemId,
+    awsEfsAccessPointDetails_posixUser,
+    awsEfsAccessPointDetails_rootDirectory,
+
+    -- * AwsEfsAccessPointPosixUserDetails
+    AwsEfsAccessPointPosixUserDetails (..),
+    newAwsEfsAccessPointPosixUserDetails,
+    awsEfsAccessPointPosixUserDetails_gid,
+    awsEfsAccessPointPosixUserDetails_secondaryGids,
+    awsEfsAccessPointPosixUserDetails_uid,
+
+    -- * AwsEfsAccessPointRootDirectoryCreationInfoDetails
+    AwsEfsAccessPointRootDirectoryCreationInfoDetails (..),
+    newAwsEfsAccessPointRootDirectoryCreationInfoDetails,
+    awsEfsAccessPointRootDirectoryCreationInfoDetails_ownerGid,
+    awsEfsAccessPointRootDirectoryCreationInfoDetails_ownerUid,
+    awsEfsAccessPointRootDirectoryCreationInfoDetails_permissions,
+
+    -- * AwsEfsAccessPointRootDirectoryDetails
+    AwsEfsAccessPointRootDirectoryDetails (..),
+    newAwsEfsAccessPointRootDirectoryDetails,
+    awsEfsAccessPointRootDirectoryDetails_creationInfo,
+    awsEfsAccessPointRootDirectoryDetails_path,
+
+    -- * AwsEksClusterDetails
+    AwsEksClusterDetails (..),
+    newAwsEksClusterDetails,
+    awsEksClusterDetails_arn,
+    awsEksClusterDetails_certificateAuthorityData,
+    awsEksClusterDetails_clusterStatus,
+    awsEksClusterDetails_endpoint,
+    awsEksClusterDetails_logging,
+    awsEksClusterDetails_name,
+    awsEksClusterDetails_resourcesVpcConfig,
+    awsEksClusterDetails_roleArn,
+    awsEksClusterDetails_version,
+
+    -- * AwsEksClusterLoggingClusterLoggingDetails
+    AwsEksClusterLoggingClusterLoggingDetails (..),
+    newAwsEksClusterLoggingClusterLoggingDetails,
+    awsEksClusterLoggingClusterLoggingDetails_enabled,
+    awsEksClusterLoggingClusterLoggingDetails_types,
+
+    -- * AwsEksClusterLoggingDetails
+    AwsEksClusterLoggingDetails (..),
+    newAwsEksClusterLoggingDetails,
+    awsEksClusterLoggingDetails_clusterLogging,
+
+    -- * AwsEksClusterResourcesVpcConfigDetails
+    AwsEksClusterResourcesVpcConfigDetails (..),
+    newAwsEksClusterResourcesVpcConfigDetails,
+    awsEksClusterResourcesVpcConfigDetails_securityGroupIds,
+    awsEksClusterResourcesVpcConfigDetails_subnetIds,
+
+    -- * AwsElasticBeanstalkEnvironmentDetails
+    AwsElasticBeanstalkEnvironmentDetails (..),
+    newAwsElasticBeanstalkEnvironmentDetails,
+    awsElasticBeanstalkEnvironmentDetails_applicationName,
+    awsElasticBeanstalkEnvironmentDetails_cname,
+    awsElasticBeanstalkEnvironmentDetails_dateCreated,
+    awsElasticBeanstalkEnvironmentDetails_dateUpdated,
+    awsElasticBeanstalkEnvironmentDetails_description,
+    awsElasticBeanstalkEnvironmentDetails_endpointUrl,
+    awsElasticBeanstalkEnvironmentDetails_environmentArn,
+    awsElasticBeanstalkEnvironmentDetails_environmentId,
+    awsElasticBeanstalkEnvironmentDetails_environmentLinks,
+    awsElasticBeanstalkEnvironmentDetails_environmentName,
+    awsElasticBeanstalkEnvironmentDetails_optionSettings,
+    awsElasticBeanstalkEnvironmentDetails_platformArn,
+    awsElasticBeanstalkEnvironmentDetails_solutionStackName,
+    awsElasticBeanstalkEnvironmentDetails_status,
+    awsElasticBeanstalkEnvironmentDetails_tier,
+    awsElasticBeanstalkEnvironmentDetails_versionLabel,
+
+    -- * AwsElasticBeanstalkEnvironmentEnvironmentLink
+    AwsElasticBeanstalkEnvironmentEnvironmentLink (..),
+    newAwsElasticBeanstalkEnvironmentEnvironmentLink,
+    awsElasticBeanstalkEnvironmentEnvironmentLink_environmentName,
+    awsElasticBeanstalkEnvironmentEnvironmentLink_linkName,
+
+    -- * AwsElasticBeanstalkEnvironmentOptionSetting
+    AwsElasticBeanstalkEnvironmentOptionSetting (..),
+    newAwsElasticBeanstalkEnvironmentOptionSetting,
+    awsElasticBeanstalkEnvironmentOptionSetting_namespace,
+    awsElasticBeanstalkEnvironmentOptionSetting_optionName,
+    awsElasticBeanstalkEnvironmentOptionSetting_resourceName,
+    awsElasticBeanstalkEnvironmentOptionSetting_value,
+
+    -- * AwsElasticBeanstalkEnvironmentTier
+    AwsElasticBeanstalkEnvironmentTier (..),
+    newAwsElasticBeanstalkEnvironmentTier,
+    awsElasticBeanstalkEnvironmentTier_name,
+    awsElasticBeanstalkEnvironmentTier_type,
+    awsElasticBeanstalkEnvironmentTier_version,
+
+    -- * AwsElasticsearchDomainDetails
+    AwsElasticsearchDomainDetails (..),
+    newAwsElasticsearchDomainDetails,
+    awsElasticsearchDomainDetails_accessPolicies,
+    awsElasticsearchDomainDetails_domainEndpointOptions,
+    awsElasticsearchDomainDetails_domainId,
+    awsElasticsearchDomainDetails_domainName,
+    awsElasticsearchDomainDetails_elasticsearchClusterConfig,
+    awsElasticsearchDomainDetails_elasticsearchVersion,
+    awsElasticsearchDomainDetails_encryptionAtRestOptions,
+    awsElasticsearchDomainDetails_endpoint,
+    awsElasticsearchDomainDetails_endpoints,
+    awsElasticsearchDomainDetails_logPublishingOptions,
+    awsElasticsearchDomainDetails_nodeToNodeEncryptionOptions,
+    awsElasticsearchDomainDetails_serviceSoftwareOptions,
+    awsElasticsearchDomainDetails_vPCOptions,
+
+    -- * AwsElasticsearchDomainDomainEndpointOptions
+    AwsElasticsearchDomainDomainEndpointOptions (..),
+    newAwsElasticsearchDomainDomainEndpointOptions,
+    awsElasticsearchDomainDomainEndpointOptions_enforceHTTPS,
+    awsElasticsearchDomainDomainEndpointOptions_tLSSecurityPolicy,
+
+    -- * AwsElasticsearchDomainElasticsearchClusterConfigDetails
+    AwsElasticsearchDomainElasticsearchClusterConfigDetails (..),
+    newAwsElasticsearchDomainElasticsearchClusterConfigDetails,
+    awsElasticsearchDomainElasticsearchClusterConfigDetails_dedicatedMasterCount,
+    awsElasticsearchDomainElasticsearchClusterConfigDetails_dedicatedMasterEnabled,
+    awsElasticsearchDomainElasticsearchClusterConfigDetails_dedicatedMasterType,
+    awsElasticsearchDomainElasticsearchClusterConfigDetails_instanceCount,
+    awsElasticsearchDomainElasticsearchClusterConfigDetails_instanceType,
+    awsElasticsearchDomainElasticsearchClusterConfigDetails_zoneAwarenessConfig,
+    awsElasticsearchDomainElasticsearchClusterConfigDetails_zoneAwarenessEnabled,
+
+    -- * AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails
+    AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails (..),
+    newAwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails,
+    awsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails_availabilityZoneCount,
+
+    -- * AwsElasticsearchDomainEncryptionAtRestOptions
+    AwsElasticsearchDomainEncryptionAtRestOptions (..),
+    newAwsElasticsearchDomainEncryptionAtRestOptions,
+    awsElasticsearchDomainEncryptionAtRestOptions_enabled,
+    awsElasticsearchDomainEncryptionAtRestOptions_kmsKeyId,
+
+    -- * AwsElasticsearchDomainLogPublishingOptions
+    AwsElasticsearchDomainLogPublishingOptions (..),
+    newAwsElasticsearchDomainLogPublishingOptions,
+    awsElasticsearchDomainLogPublishingOptions_auditLogs,
+    awsElasticsearchDomainLogPublishingOptions_indexSlowLogs,
+    awsElasticsearchDomainLogPublishingOptions_searchSlowLogs,
+
+    -- * AwsElasticsearchDomainLogPublishingOptionsLogConfig
+    AwsElasticsearchDomainLogPublishingOptionsLogConfig (..),
+    newAwsElasticsearchDomainLogPublishingOptionsLogConfig,
+    awsElasticsearchDomainLogPublishingOptionsLogConfig_cloudWatchLogsLogGroupArn,
+    awsElasticsearchDomainLogPublishingOptionsLogConfig_enabled,
+
+    -- * AwsElasticsearchDomainNodeToNodeEncryptionOptions
+    AwsElasticsearchDomainNodeToNodeEncryptionOptions (..),
+    newAwsElasticsearchDomainNodeToNodeEncryptionOptions,
+    awsElasticsearchDomainNodeToNodeEncryptionOptions_enabled,
+
+    -- * AwsElasticsearchDomainServiceSoftwareOptions
+    AwsElasticsearchDomainServiceSoftwareOptions (..),
+    newAwsElasticsearchDomainServiceSoftwareOptions,
+    awsElasticsearchDomainServiceSoftwareOptions_automatedUpdateDate,
+    awsElasticsearchDomainServiceSoftwareOptions_cancellable,
+    awsElasticsearchDomainServiceSoftwareOptions_currentVersion,
+    awsElasticsearchDomainServiceSoftwareOptions_description,
+    awsElasticsearchDomainServiceSoftwareOptions_newVersion,
+    awsElasticsearchDomainServiceSoftwareOptions_updateAvailable,
+    awsElasticsearchDomainServiceSoftwareOptions_updateStatus,
+
+    -- * AwsElasticsearchDomainVPCOptions
+    AwsElasticsearchDomainVPCOptions (..),
+    newAwsElasticsearchDomainVPCOptions,
+    awsElasticsearchDomainVPCOptions_availabilityZones,
+    awsElasticsearchDomainVPCOptions_securityGroupIds,
+    awsElasticsearchDomainVPCOptions_subnetIds,
+    awsElasticsearchDomainVPCOptions_vPCId,
+
+    -- * AwsElbAppCookieStickinessPolicy
+    AwsElbAppCookieStickinessPolicy (..),
+    newAwsElbAppCookieStickinessPolicy,
+    awsElbAppCookieStickinessPolicy_cookieName,
+    awsElbAppCookieStickinessPolicy_policyName,
+
+    -- * AwsElbLbCookieStickinessPolicy
+    AwsElbLbCookieStickinessPolicy (..),
+    newAwsElbLbCookieStickinessPolicy,
+    awsElbLbCookieStickinessPolicy_cookieExpirationPeriod,
+    awsElbLbCookieStickinessPolicy_policyName,
+
+    -- * AwsElbLoadBalancerAccessLog
+    AwsElbLoadBalancerAccessLog (..),
+    newAwsElbLoadBalancerAccessLog,
+    awsElbLoadBalancerAccessLog_emitInterval,
+    awsElbLoadBalancerAccessLog_enabled,
+    awsElbLoadBalancerAccessLog_s3BucketName,
+    awsElbLoadBalancerAccessLog_s3BucketPrefix,
+
+    -- * AwsElbLoadBalancerAdditionalAttribute
+    AwsElbLoadBalancerAdditionalAttribute (..),
+    newAwsElbLoadBalancerAdditionalAttribute,
+    awsElbLoadBalancerAdditionalAttribute_key,
+    awsElbLoadBalancerAdditionalAttribute_value,
+
+    -- * AwsElbLoadBalancerAttributes
+    AwsElbLoadBalancerAttributes (..),
+    newAwsElbLoadBalancerAttributes,
+    awsElbLoadBalancerAttributes_accessLog,
+    awsElbLoadBalancerAttributes_additionalAttributes,
+    awsElbLoadBalancerAttributes_connectionDraining,
+    awsElbLoadBalancerAttributes_connectionSettings,
+    awsElbLoadBalancerAttributes_crossZoneLoadBalancing,
+
+    -- * AwsElbLoadBalancerBackendServerDescription
+    AwsElbLoadBalancerBackendServerDescription (..),
+    newAwsElbLoadBalancerBackendServerDescription,
+    awsElbLoadBalancerBackendServerDescription_instancePort,
+    awsElbLoadBalancerBackendServerDescription_policyNames,
+
+    -- * AwsElbLoadBalancerConnectionDraining
+    AwsElbLoadBalancerConnectionDraining (..),
+    newAwsElbLoadBalancerConnectionDraining,
+    awsElbLoadBalancerConnectionDraining_enabled,
+    awsElbLoadBalancerConnectionDraining_timeout,
+
+    -- * AwsElbLoadBalancerConnectionSettings
+    AwsElbLoadBalancerConnectionSettings (..),
+    newAwsElbLoadBalancerConnectionSettings,
+    awsElbLoadBalancerConnectionSettings_idleTimeout,
+
+    -- * AwsElbLoadBalancerCrossZoneLoadBalancing
+    AwsElbLoadBalancerCrossZoneLoadBalancing (..),
+    newAwsElbLoadBalancerCrossZoneLoadBalancing,
+    awsElbLoadBalancerCrossZoneLoadBalancing_enabled,
+
+    -- * AwsElbLoadBalancerDetails
+    AwsElbLoadBalancerDetails (..),
+    newAwsElbLoadBalancerDetails,
+    awsElbLoadBalancerDetails_availabilityZones,
+    awsElbLoadBalancerDetails_backendServerDescriptions,
+    awsElbLoadBalancerDetails_canonicalHostedZoneName,
+    awsElbLoadBalancerDetails_canonicalHostedZoneNameID,
+    awsElbLoadBalancerDetails_createdTime,
+    awsElbLoadBalancerDetails_dnsName,
+    awsElbLoadBalancerDetails_healthCheck,
+    awsElbLoadBalancerDetails_instances,
+    awsElbLoadBalancerDetails_listenerDescriptions,
+    awsElbLoadBalancerDetails_loadBalancerAttributes,
+    awsElbLoadBalancerDetails_loadBalancerName,
+    awsElbLoadBalancerDetails_policies,
+    awsElbLoadBalancerDetails_scheme,
+    awsElbLoadBalancerDetails_securityGroups,
+    awsElbLoadBalancerDetails_sourceSecurityGroup,
+    awsElbLoadBalancerDetails_subnets,
+    awsElbLoadBalancerDetails_vpcId,
+
+    -- * AwsElbLoadBalancerHealthCheck
+    AwsElbLoadBalancerHealthCheck (..),
+    newAwsElbLoadBalancerHealthCheck,
+    awsElbLoadBalancerHealthCheck_healthyThreshold,
+    awsElbLoadBalancerHealthCheck_interval,
+    awsElbLoadBalancerHealthCheck_target,
+    awsElbLoadBalancerHealthCheck_timeout,
+    awsElbLoadBalancerHealthCheck_unhealthyThreshold,
+
+    -- * AwsElbLoadBalancerInstance
+    AwsElbLoadBalancerInstance (..),
+    newAwsElbLoadBalancerInstance,
+    awsElbLoadBalancerInstance_instanceId,
+
+    -- * AwsElbLoadBalancerListener
+    AwsElbLoadBalancerListener (..),
+    newAwsElbLoadBalancerListener,
+    awsElbLoadBalancerListener_instancePort,
+    awsElbLoadBalancerListener_instanceProtocol,
+    awsElbLoadBalancerListener_loadBalancerPort,
+    awsElbLoadBalancerListener_protocol,
+    awsElbLoadBalancerListener_sslCertificateId,
+
+    -- * AwsElbLoadBalancerListenerDescription
+    AwsElbLoadBalancerListenerDescription (..),
+    newAwsElbLoadBalancerListenerDescription,
+    awsElbLoadBalancerListenerDescription_listener,
+    awsElbLoadBalancerListenerDescription_policyNames,
+
+    -- * AwsElbLoadBalancerPolicies
+    AwsElbLoadBalancerPolicies (..),
+    newAwsElbLoadBalancerPolicies,
+    awsElbLoadBalancerPolicies_appCookieStickinessPolicies,
+    awsElbLoadBalancerPolicies_lbCookieStickinessPolicies,
+    awsElbLoadBalancerPolicies_otherPolicies,
+
+    -- * AwsElbLoadBalancerSourceSecurityGroup
+    AwsElbLoadBalancerSourceSecurityGroup (..),
+    newAwsElbLoadBalancerSourceSecurityGroup,
+    awsElbLoadBalancerSourceSecurityGroup_groupName,
+    awsElbLoadBalancerSourceSecurityGroup_ownerAlias,
+
+    -- * AwsElbv2LoadBalancerAttribute
+    AwsElbv2LoadBalancerAttribute (..),
+    newAwsElbv2LoadBalancerAttribute,
+    awsElbv2LoadBalancerAttribute_key,
+    awsElbv2LoadBalancerAttribute_value,
+
+    -- * AwsElbv2LoadBalancerDetails
+    AwsElbv2LoadBalancerDetails (..),
+    newAwsElbv2LoadBalancerDetails,
+    awsElbv2LoadBalancerDetails_availabilityZones,
+    awsElbv2LoadBalancerDetails_canonicalHostedZoneId,
+    awsElbv2LoadBalancerDetails_createdTime,
+    awsElbv2LoadBalancerDetails_dNSName,
+    awsElbv2LoadBalancerDetails_ipAddressType,
+    awsElbv2LoadBalancerDetails_loadBalancerAttributes,
+    awsElbv2LoadBalancerDetails_scheme,
+    awsElbv2LoadBalancerDetails_securityGroups,
+    awsElbv2LoadBalancerDetails_state,
+    awsElbv2LoadBalancerDetails_type,
+    awsElbv2LoadBalancerDetails_vpcId,
+
+    -- * AwsIamAccessKeyDetails
+    AwsIamAccessKeyDetails (..),
+    newAwsIamAccessKeyDetails,
+    awsIamAccessKeyDetails_accessKeyId,
+    awsIamAccessKeyDetails_accountId,
+    awsIamAccessKeyDetails_createdAt,
+    awsIamAccessKeyDetails_principalId,
+    awsIamAccessKeyDetails_principalName,
+    awsIamAccessKeyDetails_principalType,
+    awsIamAccessKeyDetails_sessionContext,
+    awsIamAccessKeyDetails_status,
+    awsIamAccessKeyDetails_userName,
+
+    -- * AwsIamAccessKeySessionContext
+    AwsIamAccessKeySessionContext (..),
+    newAwsIamAccessKeySessionContext,
+    awsIamAccessKeySessionContext_attributes,
+    awsIamAccessKeySessionContext_sessionIssuer,
+
+    -- * AwsIamAccessKeySessionContextAttributes
+    AwsIamAccessKeySessionContextAttributes (..),
+    newAwsIamAccessKeySessionContextAttributes,
+    awsIamAccessKeySessionContextAttributes_creationDate,
+    awsIamAccessKeySessionContextAttributes_mfaAuthenticated,
+
+    -- * AwsIamAccessKeySessionContextSessionIssuer
+    AwsIamAccessKeySessionContextSessionIssuer (..),
+    newAwsIamAccessKeySessionContextSessionIssuer,
+    awsIamAccessKeySessionContextSessionIssuer_accountId,
+    awsIamAccessKeySessionContextSessionIssuer_arn,
+    awsIamAccessKeySessionContextSessionIssuer_principalId,
+    awsIamAccessKeySessionContextSessionIssuer_type,
+    awsIamAccessKeySessionContextSessionIssuer_userName,
+
+    -- * AwsIamAttachedManagedPolicy
+    AwsIamAttachedManagedPolicy (..),
+    newAwsIamAttachedManagedPolicy,
+    awsIamAttachedManagedPolicy_policyArn,
+    awsIamAttachedManagedPolicy_policyName,
+
+    -- * AwsIamGroupDetails
+    AwsIamGroupDetails (..),
+    newAwsIamGroupDetails,
+    awsIamGroupDetails_attachedManagedPolicies,
+    awsIamGroupDetails_createDate,
+    awsIamGroupDetails_groupId,
+    awsIamGroupDetails_groupName,
+    awsIamGroupDetails_groupPolicyList,
+    awsIamGroupDetails_path,
+
+    -- * AwsIamGroupPolicy
+    AwsIamGroupPolicy (..),
+    newAwsIamGroupPolicy,
+    awsIamGroupPolicy_policyName,
+
+    -- * AwsIamInstanceProfile
+    AwsIamInstanceProfile (..),
+    newAwsIamInstanceProfile,
+    awsIamInstanceProfile_arn,
+    awsIamInstanceProfile_createDate,
+    awsIamInstanceProfile_instanceProfileId,
+    awsIamInstanceProfile_instanceProfileName,
+    awsIamInstanceProfile_path,
+    awsIamInstanceProfile_roles,
+
+    -- * AwsIamInstanceProfileRole
+    AwsIamInstanceProfileRole (..),
+    newAwsIamInstanceProfileRole,
+    awsIamInstanceProfileRole_arn,
+    awsIamInstanceProfileRole_assumeRolePolicyDocument,
+    awsIamInstanceProfileRole_createDate,
+    awsIamInstanceProfileRole_path,
+    awsIamInstanceProfileRole_roleId,
+    awsIamInstanceProfileRole_roleName,
+
+    -- * AwsIamPermissionsBoundary
+    AwsIamPermissionsBoundary (..),
+    newAwsIamPermissionsBoundary,
+    awsIamPermissionsBoundary_permissionsBoundaryArn,
+    awsIamPermissionsBoundary_permissionsBoundaryType,
+
+    -- * AwsIamPolicyDetails
+    AwsIamPolicyDetails (..),
+    newAwsIamPolicyDetails,
+    awsIamPolicyDetails_attachmentCount,
+    awsIamPolicyDetails_createDate,
+    awsIamPolicyDetails_defaultVersionId,
+    awsIamPolicyDetails_description,
+    awsIamPolicyDetails_isAttachable,
+    awsIamPolicyDetails_path,
+    awsIamPolicyDetails_permissionsBoundaryUsageCount,
+    awsIamPolicyDetails_policyId,
+    awsIamPolicyDetails_policyName,
+    awsIamPolicyDetails_policyVersionList,
+    awsIamPolicyDetails_updateDate,
+
+    -- * AwsIamPolicyVersion
+    AwsIamPolicyVersion (..),
+    newAwsIamPolicyVersion,
+    awsIamPolicyVersion_createDate,
+    awsIamPolicyVersion_isDefaultVersion,
+    awsIamPolicyVersion_versionId,
+
+    -- * AwsIamRoleDetails
+    AwsIamRoleDetails (..),
+    newAwsIamRoleDetails,
+    awsIamRoleDetails_assumeRolePolicyDocument,
+    awsIamRoleDetails_attachedManagedPolicies,
+    awsIamRoleDetails_createDate,
+    awsIamRoleDetails_instanceProfileList,
+    awsIamRoleDetails_maxSessionDuration,
+    awsIamRoleDetails_path,
+    awsIamRoleDetails_permissionsBoundary,
+    awsIamRoleDetails_roleId,
+    awsIamRoleDetails_roleName,
+    awsIamRoleDetails_rolePolicyList,
+
+    -- * AwsIamRolePolicy
+    AwsIamRolePolicy (..),
+    newAwsIamRolePolicy,
+    awsIamRolePolicy_policyName,
+
+    -- * AwsIamUserDetails
+    AwsIamUserDetails (..),
+    newAwsIamUserDetails,
+    awsIamUserDetails_attachedManagedPolicies,
+    awsIamUserDetails_createDate,
+    awsIamUserDetails_groupList,
+    awsIamUserDetails_path,
+    awsIamUserDetails_permissionsBoundary,
+    awsIamUserDetails_userId,
+    awsIamUserDetails_userName,
+    awsIamUserDetails_userPolicyList,
+
+    -- * AwsIamUserPolicy
+    AwsIamUserPolicy (..),
+    newAwsIamUserPolicy,
+    awsIamUserPolicy_policyName,
+
+    -- * AwsKinesisStreamDetails
+    AwsKinesisStreamDetails (..),
+    newAwsKinesisStreamDetails,
+    awsKinesisStreamDetails_arn,
+    awsKinesisStreamDetails_name,
+    awsKinesisStreamDetails_retentionPeriodHours,
+    awsKinesisStreamDetails_shardCount,
+    awsKinesisStreamDetails_streamEncryption,
+
+    -- * AwsKinesisStreamStreamEncryptionDetails
+    AwsKinesisStreamStreamEncryptionDetails (..),
+    newAwsKinesisStreamStreamEncryptionDetails,
+    awsKinesisStreamStreamEncryptionDetails_encryptionType,
+    awsKinesisStreamStreamEncryptionDetails_keyId,
+
+    -- * AwsKmsKeyDetails
+    AwsKmsKeyDetails (..),
+    newAwsKmsKeyDetails,
+    awsKmsKeyDetails_aWSAccountId,
+    awsKmsKeyDetails_creationDate,
+    awsKmsKeyDetails_description,
+    awsKmsKeyDetails_keyId,
+    awsKmsKeyDetails_keyManager,
+    awsKmsKeyDetails_keyRotationStatus,
+    awsKmsKeyDetails_keyState,
+    awsKmsKeyDetails_origin,
+
+    -- * AwsLambdaFunctionCode
+    AwsLambdaFunctionCode (..),
+    newAwsLambdaFunctionCode,
+    awsLambdaFunctionCode_s3Bucket,
+    awsLambdaFunctionCode_s3Key,
+    awsLambdaFunctionCode_s3ObjectVersion,
+    awsLambdaFunctionCode_zipFile,
+
+    -- * AwsLambdaFunctionDeadLetterConfig
+    AwsLambdaFunctionDeadLetterConfig (..),
+    newAwsLambdaFunctionDeadLetterConfig,
+    awsLambdaFunctionDeadLetterConfig_targetArn,
+
+    -- * AwsLambdaFunctionDetails
+    AwsLambdaFunctionDetails (..),
+    newAwsLambdaFunctionDetails,
+    awsLambdaFunctionDetails_architectures,
+    awsLambdaFunctionDetails_code,
+    awsLambdaFunctionDetails_codeSha256,
+    awsLambdaFunctionDetails_deadLetterConfig,
+    awsLambdaFunctionDetails_environment,
+    awsLambdaFunctionDetails_functionName,
+    awsLambdaFunctionDetails_handler,
+    awsLambdaFunctionDetails_kmsKeyArn,
+    awsLambdaFunctionDetails_lastModified,
+    awsLambdaFunctionDetails_layers,
+    awsLambdaFunctionDetails_masterArn,
+    awsLambdaFunctionDetails_memorySize,
+    awsLambdaFunctionDetails_packageType,
+    awsLambdaFunctionDetails_revisionId,
+    awsLambdaFunctionDetails_role,
+    awsLambdaFunctionDetails_runtime,
+    awsLambdaFunctionDetails_timeout,
+    awsLambdaFunctionDetails_tracingConfig,
+    awsLambdaFunctionDetails_version,
+    awsLambdaFunctionDetails_vpcConfig,
+
+    -- * AwsLambdaFunctionEnvironment
+    AwsLambdaFunctionEnvironment (..),
+    newAwsLambdaFunctionEnvironment,
+    awsLambdaFunctionEnvironment_error,
+    awsLambdaFunctionEnvironment_variables,
+
+    -- * AwsLambdaFunctionEnvironmentError
+    AwsLambdaFunctionEnvironmentError (..),
+    newAwsLambdaFunctionEnvironmentError,
+    awsLambdaFunctionEnvironmentError_errorCode,
+    awsLambdaFunctionEnvironmentError_message,
+
+    -- * AwsLambdaFunctionLayer
+    AwsLambdaFunctionLayer (..),
+    newAwsLambdaFunctionLayer,
+    awsLambdaFunctionLayer_arn,
+    awsLambdaFunctionLayer_codeSize,
+
+    -- * AwsLambdaFunctionTracingConfig
+    AwsLambdaFunctionTracingConfig (..),
+    newAwsLambdaFunctionTracingConfig,
+    awsLambdaFunctionTracingConfig_mode,
+
+    -- * AwsLambdaFunctionVpcConfig
+    AwsLambdaFunctionVpcConfig (..),
+    newAwsLambdaFunctionVpcConfig,
+    awsLambdaFunctionVpcConfig_securityGroupIds,
+    awsLambdaFunctionVpcConfig_subnetIds,
+    awsLambdaFunctionVpcConfig_vpcId,
+
+    -- * AwsLambdaLayerVersionDetails
+    AwsLambdaLayerVersionDetails (..),
+    newAwsLambdaLayerVersionDetails,
+    awsLambdaLayerVersionDetails_compatibleRuntimes,
+    awsLambdaLayerVersionDetails_createdDate,
+    awsLambdaLayerVersionDetails_version,
+
+    -- * AwsMountPoint
+    AwsMountPoint (..),
+    newAwsMountPoint,
+    awsMountPoint_containerPath,
+    awsMountPoint_sourceVolume,
+
+    -- * AwsNetworkFirewallFirewallDetails
+    AwsNetworkFirewallFirewallDetails (..),
+    newAwsNetworkFirewallFirewallDetails,
+    awsNetworkFirewallFirewallDetails_deleteProtection,
+    awsNetworkFirewallFirewallDetails_description,
+    awsNetworkFirewallFirewallDetails_firewallArn,
+    awsNetworkFirewallFirewallDetails_firewallId,
+    awsNetworkFirewallFirewallDetails_firewallName,
+    awsNetworkFirewallFirewallDetails_firewallPolicyArn,
+    awsNetworkFirewallFirewallDetails_firewallPolicyChangeProtection,
+    awsNetworkFirewallFirewallDetails_subnetChangeProtection,
+    awsNetworkFirewallFirewallDetails_subnetMappings,
+    awsNetworkFirewallFirewallDetails_vpcId,
+
+    -- * AwsNetworkFirewallFirewallPolicyDetails
+    AwsNetworkFirewallFirewallPolicyDetails (..),
+    newAwsNetworkFirewallFirewallPolicyDetails,
+    awsNetworkFirewallFirewallPolicyDetails_description,
+    awsNetworkFirewallFirewallPolicyDetails_firewallPolicy,
+    awsNetworkFirewallFirewallPolicyDetails_firewallPolicyArn,
+    awsNetworkFirewallFirewallPolicyDetails_firewallPolicyId,
+    awsNetworkFirewallFirewallPolicyDetails_firewallPolicyName,
+
+    -- * AwsNetworkFirewallFirewallSubnetMappingsDetails
+    AwsNetworkFirewallFirewallSubnetMappingsDetails (..),
+    newAwsNetworkFirewallFirewallSubnetMappingsDetails,
+    awsNetworkFirewallFirewallSubnetMappingsDetails_subnetId,
+
+    -- * AwsNetworkFirewallRuleGroupDetails
+    AwsNetworkFirewallRuleGroupDetails (..),
+    newAwsNetworkFirewallRuleGroupDetails,
+    awsNetworkFirewallRuleGroupDetails_capacity,
+    awsNetworkFirewallRuleGroupDetails_description,
+    awsNetworkFirewallRuleGroupDetails_ruleGroup,
+    awsNetworkFirewallRuleGroupDetails_ruleGroupArn,
+    awsNetworkFirewallRuleGroupDetails_ruleGroupId,
+    awsNetworkFirewallRuleGroupDetails_ruleGroupName,
+    awsNetworkFirewallRuleGroupDetails_type,
+
+    -- * AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails
+    AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails (..),
+    newAwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails,
+    awsOpenSearchServiceDomainAdvancedSecurityOptionsDetails_enabled,
+    awsOpenSearchServiceDomainAdvancedSecurityOptionsDetails_internalUserDatabaseEnabled,
+    awsOpenSearchServiceDomainAdvancedSecurityOptionsDetails_masterUserOptions,
+
+    -- * AwsOpenSearchServiceDomainClusterConfigDetails
+    AwsOpenSearchServiceDomainClusterConfigDetails (..),
+    newAwsOpenSearchServiceDomainClusterConfigDetails,
+    awsOpenSearchServiceDomainClusterConfigDetails_dedicatedMasterCount,
+    awsOpenSearchServiceDomainClusterConfigDetails_dedicatedMasterEnabled,
+    awsOpenSearchServiceDomainClusterConfigDetails_dedicatedMasterType,
+    awsOpenSearchServiceDomainClusterConfigDetails_instanceCount,
+    awsOpenSearchServiceDomainClusterConfigDetails_instanceType,
+    awsOpenSearchServiceDomainClusterConfigDetails_warmCount,
+    awsOpenSearchServiceDomainClusterConfigDetails_warmEnabled,
+    awsOpenSearchServiceDomainClusterConfigDetails_warmType,
+    awsOpenSearchServiceDomainClusterConfigDetails_zoneAwarenessConfig,
+    awsOpenSearchServiceDomainClusterConfigDetails_zoneAwarenessEnabled,
+
+    -- * AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails
+    AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails (..),
+    newAwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails,
+    awsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails_availabilityZoneCount,
+
+    -- * AwsOpenSearchServiceDomainDetails
+    AwsOpenSearchServiceDomainDetails (..),
+    newAwsOpenSearchServiceDomainDetails,
+    awsOpenSearchServiceDomainDetails_accessPolicies,
+    awsOpenSearchServiceDomainDetails_advancedSecurityOptions,
+    awsOpenSearchServiceDomainDetails_arn,
+    awsOpenSearchServiceDomainDetails_clusterConfig,
+    awsOpenSearchServiceDomainDetails_domainEndpoint,
+    awsOpenSearchServiceDomainDetails_domainEndpointOptions,
+    awsOpenSearchServiceDomainDetails_domainEndpoints,
+    awsOpenSearchServiceDomainDetails_domainName,
+    awsOpenSearchServiceDomainDetails_encryptionAtRestOptions,
+    awsOpenSearchServiceDomainDetails_engineVersion,
+    awsOpenSearchServiceDomainDetails_id,
+    awsOpenSearchServiceDomainDetails_logPublishingOptions,
+    awsOpenSearchServiceDomainDetails_nodeToNodeEncryptionOptions,
+    awsOpenSearchServiceDomainDetails_serviceSoftwareOptions,
+    awsOpenSearchServiceDomainDetails_vpcOptions,
+
+    -- * AwsOpenSearchServiceDomainDomainEndpointOptionsDetails
+    AwsOpenSearchServiceDomainDomainEndpointOptionsDetails (..),
+    newAwsOpenSearchServiceDomainDomainEndpointOptionsDetails,
+    awsOpenSearchServiceDomainDomainEndpointOptionsDetails_customEndpoint,
+    awsOpenSearchServiceDomainDomainEndpointOptionsDetails_customEndpointCertificateArn,
+    awsOpenSearchServiceDomainDomainEndpointOptionsDetails_customEndpointEnabled,
+    awsOpenSearchServiceDomainDomainEndpointOptionsDetails_enforceHTTPS,
+    awsOpenSearchServiceDomainDomainEndpointOptionsDetails_tLSSecurityPolicy,
+
+    -- * AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails
+    AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails (..),
+    newAwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails,
+    awsOpenSearchServiceDomainEncryptionAtRestOptionsDetails_enabled,
+    awsOpenSearchServiceDomainEncryptionAtRestOptionsDetails_kmsKeyId,
+
+    -- * AwsOpenSearchServiceDomainLogPublishingOption
+    AwsOpenSearchServiceDomainLogPublishingOption (..),
+    newAwsOpenSearchServiceDomainLogPublishingOption,
+    awsOpenSearchServiceDomainLogPublishingOption_cloudWatchLogsLogGroupArn,
+    awsOpenSearchServiceDomainLogPublishingOption_enabled,
+
+    -- * AwsOpenSearchServiceDomainLogPublishingOptionsDetails
+    AwsOpenSearchServiceDomainLogPublishingOptionsDetails (..),
+    newAwsOpenSearchServiceDomainLogPublishingOptionsDetails,
+    awsOpenSearchServiceDomainLogPublishingOptionsDetails_auditLogs,
+    awsOpenSearchServiceDomainLogPublishingOptionsDetails_indexSlowLogs,
+    awsOpenSearchServiceDomainLogPublishingOptionsDetails_searchSlowLogs,
+
+    -- * AwsOpenSearchServiceDomainMasterUserOptionsDetails
+    AwsOpenSearchServiceDomainMasterUserOptionsDetails (..),
+    newAwsOpenSearchServiceDomainMasterUserOptionsDetails,
+    awsOpenSearchServiceDomainMasterUserOptionsDetails_masterUserArn,
+    awsOpenSearchServiceDomainMasterUserOptionsDetails_masterUserName,
+    awsOpenSearchServiceDomainMasterUserOptionsDetails_masterUserPassword,
+
+    -- * AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails
+    AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails (..),
+    newAwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails,
+    awsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails_enabled,
+
+    -- * AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails
+    AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails (..),
+    newAwsOpenSearchServiceDomainServiceSoftwareOptionsDetails,
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_automatedUpdateDate,
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_cancellable,
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_currentVersion,
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_description,
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_newVersion,
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_optionalDeployment,
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_updateAvailable,
+    awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_updateStatus,
+
+    -- * AwsOpenSearchServiceDomainVpcOptionsDetails
+    AwsOpenSearchServiceDomainVpcOptionsDetails (..),
+    newAwsOpenSearchServiceDomainVpcOptionsDetails,
+    awsOpenSearchServiceDomainVpcOptionsDetails_securityGroupIds,
+    awsOpenSearchServiceDomainVpcOptionsDetails_subnetIds,
+
+    -- * AwsRdsDbClusterAssociatedRole
+    AwsRdsDbClusterAssociatedRole (..),
+    newAwsRdsDbClusterAssociatedRole,
+    awsRdsDbClusterAssociatedRole_roleArn,
+    awsRdsDbClusterAssociatedRole_status,
+
+    -- * AwsRdsDbClusterDetails
+    AwsRdsDbClusterDetails (..),
+    newAwsRdsDbClusterDetails,
+    awsRdsDbClusterDetails_activityStreamStatus,
+    awsRdsDbClusterDetails_allocatedStorage,
+    awsRdsDbClusterDetails_associatedRoles,
+    awsRdsDbClusterDetails_availabilityZones,
+    awsRdsDbClusterDetails_backupRetentionPeriod,
+    awsRdsDbClusterDetails_clusterCreateTime,
+    awsRdsDbClusterDetails_copyTagsToSnapshot,
+    awsRdsDbClusterDetails_crossAccountClone,
+    awsRdsDbClusterDetails_customEndpoints,
+    awsRdsDbClusterDetails_databaseName,
+    awsRdsDbClusterDetails_dbClusterIdentifier,
+    awsRdsDbClusterDetails_dbClusterMembers,
+    awsRdsDbClusterDetails_dbClusterOptionGroupMemberships,
+    awsRdsDbClusterDetails_dbClusterParameterGroup,
+    awsRdsDbClusterDetails_dbClusterResourceId,
+    awsRdsDbClusterDetails_dbSubnetGroup,
+    awsRdsDbClusterDetails_deletionProtection,
+    awsRdsDbClusterDetails_domainMemberships,
+    awsRdsDbClusterDetails_enabledCloudWatchLogsExports,
+    awsRdsDbClusterDetails_endpoint,
+    awsRdsDbClusterDetails_engine,
+    awsRdsDbClusterDetails_engineMode,
+    awsRdsDbClusterDetails_engineVersion,
+    awsRdsDbClusterDetails_hostedZoneId,
+    awsRdsDbClusterDetails_httpEndpointEnabled,
+    awsRdsDbClusterDetails_iamDatabaseAuthenticationEnabled,
+    awsRdsDbClusterDetails_kmsKeyId,
+    awsRdsDbClusterDetails_masterUsername,
+    awsRdsDbClusterDetails_multiAz,
+    awsRdsDbClusterDetails_port,
+    awsRdsDbClusterDetails_preferredBackupWindow,
+    awsRdsDbClusterDetails_preferredMaintenanceWindow,
+    awsRdsDbClusterDetails_readReplicaIdentifiers,
+    awsRdsDbClusterDetails_readerEndpoint,
+    awsRdsDbClusterDetails_status,
+    awsRdsDbClusterDetails_storageEncrypted,
+    awsRdsDbClusterDetails_vpcSecurityGroups,
+
+    -- * AwsRdsDbClusterMember
+    AwsRdsDbClusterMember (..),
+    newAwsRdsDbClusterMember,
+    awsRdsDbClusterMember_dbClusterParameterGroupStatus,
+    awsRdsDbClusterMember_dbInstanceIdentifier,
+    awsRdsDbClusterMember_isClusterWriter,
+    awsRdsDbClusterMember_promotionTier,
+
+    -- * AwsRdsDbClusterOptionGroupMembership
+    AwsRdsDbClusterOptionGroupMembership (..),
+    newAwsRdsDbClusterOptionGroupMembership,
+    awsRdsDbClusterOptionGroupMembership_dbClusterOptionGroupName,
+    awsRdsDbClusterOptionGroupMembership_status,
+
+    -- * AwsRdsDbClusterSnapshotDetails
+    AwsRdsDbClusterSnapshotDetails (..),
+    newAwsRdsDbClusterSnapshotDetails,
+    awsRdsDbClusterSnapshotDetails_allocatedStorage,
+    awsRdsDbClusterSnapshotDetails_availabilityZones,
+    awsRdsDbClusterSnapshotDetails_clusterCreateTime,
+    awsRdsDbClusterSnapshotDetails_dbClusterIdentifier,
+    awsRdsDbClusterSnapshotDetails_dbClusterSnapshotIdentifier,
+    awsRdsDbClusterSnapshotDetails_engine,
+    awsRdsDbClusterSnapshotDetails_engineVersion,
+    awsRdsDbClusterSnapshotDetails_iamDatabaseAuthenticationEnabled,
+    awsRdsDbClusterSnapshotDetails_kmsKeyId,
+    awsRdsDbClusterSnapshotDetails_licenseModel,
+    awsRdsDbClusterSnapshotDetails_masterUsername,
+    awsRdsDbClusterSnapshotDetails_percentProgress,
+    awsRdsDbClusterSnapshotDetails_port,
+    awsRdsDbClusterSnapshotDetails_snapshotCreateTime,
+    awsRdsDbClusterSnapshotDetails_snapshotType,
+    awsRdsDbClusterSnapshotDetails_status,
+    awsRdsDbClusterSnapshotDetails_storageEncrypted,
+    awsRdsDbClusterSnapshotDetails_vpcId,
+
+    -- * AwsRdsDbDomainMembership
+    AwsRdsDbDomainMembership (..),
+    newAwsRdsDbDomainMembership,
+    awsRdsDbDomainMembership_domain,
+    awsRdsDbDomainMembership_fqdn,
+    awsRdsDbDomainMembership_iamRoleName,
+    awsRdsDbDomainMembership_status,
+
+    -- * AwsRdsDbInstanceAssociatedRole
+    AwsRdsDbInstanceAssociatedRole (..),
+    newAwsRdsDbInstanceAssociatedRole,
+    awsRdsDbInstanceAssociatedRole_featureName,
+    awsRdsDbInstanceAssociatedRole_roleArn,
+    awsRdsDbInstanceAssociatedRole_status,
+
+    -- * AwsRdsDbInstanceDetails
+    AwsRdsDbInstanceDetails (..),
+    newAwsRdsDbInstanceDetails,
+    awsRdsDbInstanceDetails_allocatedStorage,
+    awsRdsDbInstanceDetails_associatedRoles,
+    awsRdsDbInstanceDetails_autoMinorVersionUpgrade,
+    awsRdsDbInstanceDetails_availabilityZone,
+    awsRdsDbInstanceDetails_backupRetentionPeriod,
+    awsRdsDbInstanceDetails_cACertificateIdentifier,
+    awsRdsDbInstanceDetails_characterSetName,
+    awsRdsDbInstanceDetails_copyTagsToSnapshot,
+    awsRdsDbInstanceDetails_dbClusterIdentifier,
+    awsRdsDbInstanceDetails_dbInstanceClass,
+    awsRdsDbInstanceDetails_dbInstanceIdentifier,
+    awsRdsDbInstanceDetails_dbName,
+    awsRdsDbInstanceDetails_dbInstancePort,
+    awsRdsDbInstanceDetails_dbInstanceStatus,
+    awsRdsDbInstanceDetails_dbParameterGroups,
+    awsRdsDbInstanceDetails_dbSecurityGroups,
+    awsRdsDbInstanceDetails_dbSubnetGroup,
+    awsRdsDbInstanceDetails_dbiResourceId,
+    awsRdsDbInstanceDetails_deletionProtection,
+    awsRdsDbInstanceDetails_domainMemberships,
+    awsRdsDbInstanceDetails_enabledCloudWatchLogsExports,
+    awsRdsDbInstanceDetails_endpoint,
+    awsRdsDbInstanceDetails_engine,
+    awsRdsDbInstanceDetails_engineVersion,
+    awsRdsDbInstanceDetails_enhancedMonitoringResourceArn,
+    awsRdsDbInstanceDetails_iAMDatabaseAuthenticationEnabled,
+    awsRdsDbInstanceDetails_instanceCreateTime,
+    awsRdsDbInstanceDetails_iops,
+    awsRdsDbInstanceDetails_kmsKeyId,
+    awsRdsDbInstanceDetails_latestRestorableTime,
+    awsRdsDbInstanceDetails_licenseModel,
+    awsRdsDbInstanceDetails_listenerEndpoint,
+    awsRdsDbInstanceDetails_masterUsername,
+    awsRdsDbInstanceDetails_maxAllocatedStorage,
+    awsRdsDbInstanceDetails_monitoringInterval,
+    awsRdsDbInstanceDetails_monitoringRoleArn,
+    awsRdsDbInstanceDetails_multiAz,
+    awsRdsDbInstanceDetails_optionGroupMemberships,
+    awsRdsDbInstanceDetails_pendingModifiedValues,
+    awsRdsDbInstanceDetails_performanceInsightsEnabled,
+    awsRdsDbInstanceDetails_performanceInsightsKmsKeyId,
+    awsRdsDbInstanceDetails_performanceInsightsRetentionPeriod,
+    awsRdsDbInstanceDetails_preferredBackupWindow,
+    awsRdsDbInstanceDetails_preferredMaintenanceWindow,
+    awsRdsDbInstanceDetails_processorFeatures,
+    awsRdsDbInstanceDetails_promotionTier,
+    awsRdsDbInstanceDetails_publiclyAccessible,
+    awsRdsDbInstanceDetails_readReplicaDBClusterIdentifiers,
+    awsRdsDbInstanceDetails_readReplicaDBInstanceIdentifiers,
+    awsRdsDbInstanceDetails_readReplicaSourceDBInstanceIdentifier,
+    awsRdsDbInstanceDetails_secondaryAvailabilityZone,
+    awsRdsDbInstanceDetails_statusInfos,
+    awsRdsDbInstanceDetails_storageEncrypted,
+    awsRdsDbInstanceDetails_storageType,
+    awsRdsDbInstanceDetails_tdeCredentialArn,
+    awsRdsDbInstanceDetails_timezone,
+    awsRdsDbInstanceDetails_vpcSecurityGroups,
+
+    -- * AwsRdsDbInstanceEndpoint
+    AwsRdsDbInstanceEndpoint (..),
+    newAwsRdsDbInstanceEndpoint,
+    awsRdsDbInstanceEndpoint_address,
+    awsRdsDbInstanceEndpoint_hostedZoneId,
+    awsRdsDbInstanceEndpoint_port,
+
+    -- * AwsRdsDbInstanceVpcSecurityGroup
+    AwsRdsDbInstanceVpcSecurityGroup (..),
+    newAwsRdsDbInstanceVpcSecurityGroup,
+    awsRdsDbInstanceVpcSecurityGroup_status,
+    awsRdsDbInstanceVpcSecurityGroup_vpcSecurityGroupId,
+
+    -- * AwsRdsDbOptionGroupMembership
+    AwsRdsDbOptionGroupMembership (..),
+    newAwsRdsDbOptionGroupMembership,
+    awsRdsDbOptionGroupMembership_optionGroupName,
+    awsRdsDbOptionGroupMembership_status,
+
+    -- * AwsRdsDbParameterGroup
+    AwsRdsDbParameterGroup (..),
+    newAwsRdsDbParameterGroup,
+    awsRdsDbParameterGroup_dbParameterGroupName,
+    awsRdsDbParameterGroup_parameterApplyStatus,
+
+    -- * AwsRdsDbPendingModifiedValues
+    AwsRdsDbPendingModifiedValues (..),
+    newAwsRdsDbPendingModifiedValues,
+    awsRdsDbPendingModifiedValues_allocatedStorage,
+    awsRdsDbPendingModifiedValues_backupRetentionPeriod,
+    awsRdsDbPendingModifiedValues_caCertificateIdentifier,
+    awsRdsDbPendingModifiedValues_dbInstanceClass,
+    awsRdsDbPendingModifiedValues_dbInstanceIdentifier,
+    awsRdsDbPendingModifiedValues_dbSubnetGroupName,
+    awsRdsDbPendingModifiedValues_engineVersion,
+    awsRdsDbPendingModifiedValues_iops,
+    awsRdsDbPendingModifiedValues_licenseModel,
+    awsRdsDbPendingModifiedValues_masterUserPassword,
+    awsRdsDbPendingModifiedValues_multiAZ,
+    awsRdsDbPendingModifiedValues_pendingCloudWatchLogsExports,
+    awsRdsDbPendingModifiedValues_port,
+    awsRdsDbPendingModifiedValues_processorFeatures,
+    awsRdsDbPendingModifiedValues_storageType,
+
+    -- * AwsRdsDbProcessorFeature
+    AwsRdsDbProcessorFeature (..),
+    newAwsRdsDbProcessorFeature,
+    awsRdsDbProcessorFeature_name,
+    awsRdsDbProcessorFeature_value,
+
+    -- * AwsRdsDbSecurityGroupDetails
+    AwsRdsDbSecurityGroupDetails (..),
+    newAwsRdsDbSecurityGroupDetails,
+    awsRdsDbSecurityGroupDetails_dbSecurityGroupArn,
+    awsRdsDbSecurityGroupDetails_dbSecurityGroupDescription,
+    awsRdsDbSecurityGroupDetails_dbSecurityGroupName,
+    awsRdsDbSecurityGroupDetails_ec2SecurityGroups,
+    awsRdsDbSecurityGroupDetails_ipRanges,
+    awsRdsDbSecurityGroupDetails_ownerId,
+    awsRdsDbSecurityGroupDetails_vpcId,
+
+    -- * AwsRdsDbSecurityGroupEc2SecurityGroup
+    AwsRdsDbSecurityGroupEc2SecurityGroup (..),
+    newAwsRdsDbSecurityGroupEc2SecurityGroup,
+    awsRdsDbSecurityGroupEc2SecurityGroup_ec2SecurityGroupId,
+    awsRdsDbSecurityGroupEc2SecurityGroup_ec2SecurityGroupName,
+    awsRdsDbSecurityGroupEc2SecurityGroup_ec2SecurityGroupOwnerId,
+    awsRdsDbSecurityGroupEc2SecurityGroup_status,
+
+    -- * AwsRdsDbSecurityGroupIpRange
+    AwsRdsDbSecurityGroupIpRange (..),
+    newAwsRdsDbSecurityGroupIpRange,
+    awsRdsDbSecurityGroupIpRange_cidrIp,
+    awsRdsDbSecurityGroupIpRange_status,
+
+    -- * AwsRdsDbSnapshotDetails
+    AwsRdsDbSnapshotDetails (..),
+    newAwsRdsDbSnapshotDetails,
+    awsRdsDbSnapshotDetails_allocatedStorage,
+    awsRdsDbSnapshotDetails_availabilityZone,
+    awsRdsDbSnapshotDetails_dbInstanceIdentifier,
+    awsRdsDbSnapshotDetails_dbSnapshotIdentifier,
+    awsRdsDbSnapshotDetails_dbiResourceId,
+    awsRdsDbSnapshotDetails_encrypted,
+    awsRdsDbSnapshotDetails_engine,
+    awsRdsDbSnapshotDetails_engineVersion,
+    awsRdsDbSnapshotDetails_iamDatabaseAuthenticationEnabled,
+    awsRdsDbSnapshotDetails_instanceCreateTime,
+    awsRdsDbSnapshotDetails_iops,
+    awsRdsDbSnapshotDetails_kmsKeyId,
+    awsRdsDbSnapshotDetails_licenseModel,
+    awsRdsDbSnapshotDetails_masterUsername,
+    awsRdsDbSnapshotDetails_optionGroupName,
+    awsRdsDbSnapshotDetails_percentProgress,
+    awsRdsDbSnapshotDetails_port,
+    awsRdsDbSnapshotDetails_processorFeatures,
+    awsRdsDbSnapshotDetails_snapshotCreateTime,
+    awsRdsDbSnapshotDetails_snapshotType,
+    awsRdsDbSnapshotDetails_sourceDbSnapshotIdentifier,
+    awsRdsDbSnapshotDetails_sourceRegion,
+    awsRdsDbSnapshotDetails_status,
+    awsRdsDbSnapshotDetails_storageType,
+    awsRdsDbSnapshotDetails_tdeCredentialArn,
+    awsRdsDbSnapshotDetails_timezone,
+    awsRdsDbSnapshotDetails_vpcId,
+
+    -- * AwsRdsDbStatusInfo
+    AwsRdsDbStatusInfo (..),
+    newAwsRdsDbStatusInfo,
+    awsRdsDbStatusInfo_message,
+    awsRdsDbStatusInfo_normal,
+    awsRdsDbStatusInfo_status,
+    awsRdsDbStatusInfo_statusType,
+
+    -- * AwsRdsDbSubnetGroup
+    AwsRdsDbSubnetGroup (..),
+    newAwsRdsDbSubnetGroup,
+    awsRdsDbSubnetGroup_dbSubnetGroupArn,
+    awsRdsDbSubnetGroup_dbSubnetGroupDescription,
+    awsRdsDbSubnetGroup_dbSubnetGroupName,
+    awsRdsDbSubnetGroup_subnetGroupStatus,
+    awsRdsDbSubnetGroup_subnets,
+    awsRdsDbSubnetGroup_vpcId,
+
+    -- * AwsRdsDbSubnetGroupSubnet
+    AwsRdsDbSubnetGroupSubnet (..),
+    newAwsRdsDbSubnetGroupSubnet,
+    awsRdsDbSubnetGroupSubnet_subnetAvailabilityZone,
+    awsRdsDbSubnetGroupSubnet_subnetIdentifier,
+    awsRdsDbSubnetGroupSubnet_subnetStatus,
+
+    -- * AwsRdsDbSubnetGroupSubnetAvailabilityZone
+    AwsRdsDbSubnetGroupSubnetAvailabilityZone (..),
+    newAwsRdsDbSubnetGroupSubnetAvailabilityZone,
+    awsRdsDbSubnetGroupSubnetAvailabilityZone_name,
+
+    -- * AwsRdsEventSubscriptionDetails
+    AwsRdsEventSubscriptionDetails (..),
+    newAwsRdsEventSubscriptionDetails,
+    awsRdsEventSubscriptionDetails_custSubscriptionId,
+    awsRdsEventSubscriptionDetails_customerAwsId,
+    awsRdsEventSubscriptionDetails_enabled,
+    awsRdsEventSubscriptionDetails_eventCategoriesList,
+    awsRdsEventSubscriptionDetails_eventSubscriptionArn,
+    awsRdsEventSubscriptionDetails_snsTopicArn,
+    awsRdsEventSubscriptionDetails_sourceIdsList,
+    awsRdsEventSubscriptionDetails_sourceType,
+    awsRdsEventSubscriptionDetails_status,
+    awsRdsEventSubscriptionDetails_subscriptionCreationTime,
+
+    -- * AwsRdsPendingCloudWatchLogsExports
+    AwsRdsPendingCloudWatchLogsExports (..),
+    newAwsRdsPendingCloudWatchLogsExports,
+    awsRdsPendingCloudWatchLogsExports_logTypesToDisable,
+    awsRdsPendingCloudWatchLogsExports_logTypesToEnable,
+
+    -- * AwsRedshiftClusterClusterNode
+    AwsRedshiftClusterClusterNode (..),
+    newAwsRedshiftClusterClusterNode,
+    awsRedshiftClusterClusterNode_nodeRole,
+    awsRedshiftClusterClusterNode_privateIpAddress,
+    awsRedshiftClusterClusterNode_publicIpAddress,
+
+    -- * AwsRedshiftClusterClusterParameterGroup
+    AwsRedshiftClusterClusterParameterGroup (..),
+    newAwsRedshiftClusterClusterParameterGroup,
+    awsRedshiftClusterClusterParameterGroup_clusterParameterStatusList,
+    awsRedshiftClusterClusterParameterGroup_parameterApplyStatus,
+    awsRedshiftClusterClusterParameterGroup_parameterGroupName,
+
+    -- * AwsRedshiftClusterClusterParameterStatus
+    AwsRedshiftClusterClusterParameterStatus (..),
+    newAwsRedshiftClusterClusterParameterStatus,
+    awsRedshiftClusterClusterParameterStatus_parameterApplyErrorDescription,
+    awsRedshiftClusterClusterParameterStatus_parameterApplyStatus,
+    awsRedshiftClusterClusterParameterStatus_parameterName,
+
+    -- * AwsRedshiftClusterClusterSecurityGroup
+    AwsRedshiftClusterClusterSecurityGroup (..),
+    newAwsRedshiftClusterClusterSecurityGroup,
+    awsRedshiftClusterClusterSecurityGroup_clusterSecurityGroupName,
+    awsRedshiftClusterClusterSecurityGroup_status,
+
+    -- * AwsRedshiftClusterClusterSnapshotCopyStatus
+    AwsRedshiftClusterClusterSnapshotCopyStatus (..),
+    newAwsRedshiftClusterClusterSnapshotCopyStatus,
+    awsRedshiftClusterClusterSnapshotCopyStatus_destinationRegion,
+    awsRedshiftClusterClusterSnapshotCopyStatus_manualSnapshotRetentionPeriod,
+    awsRedshiftClusterClusterSnapshotCopyStatus_retentionPeriod,
+    awsRedshiftClusterClusterSnapshotCopyStatus_snapshotCopyGrantName,
+
+    -- * AwsRedshiftClusterDeferredMaintenanceWindow
+    AwsRedshiftClusterDeferredMaintenanceWindow (..),
+    newAwsRedshiftClusterDeferredMaintenanceWindow,
+    awsRedshiftClusterDeferredMaintenanceWindow_deferMaintenanceEndTime,
+    awsRedshiftClusterDeferredMaintenanceWindow_deferMaintenanceIdentifier,
+    awsRedshiftClusterDeferredMaintenanceWindow_deferMaintenanceStartTime,
+
+    -- * AwsRedshiftClusterDetails
+    AwsRedshiftClusterDetails (..),
+    newAwsRedshiftClusterDetails,
+    awsRedshiftClusterDetails_allowVersionUpgrade,
+    awsRedshiftClusterDetails_automatedSnapshotRetentionPeriod,
+    awsRedshiftClusterDetails_availabilityZone,
+    awsRedshiftClusterDetails_clusterAvailabilityStatus,
+    awsRedshiftClusterDetails_clusterCreateTime,
+    awsRedshiftClusterDetails_clusterIdentifier,
+    awsRedshiftClusterDetails_clusterNodes,
+    awsRedshiftClusterDetails_clusterParameterGroups,
+    awsRedshiftClusterDetails_clusterPublicKey,
+    awsRedshiftClusterDetails_clusterRevisionNumber,
+    awsRedshiftClusterDetails_clusterSecurityGroups,
+    awsRedshiftClusterDetails_clusterSnapshotCopyStatus,
+    awsRedshiftClusterDetails_clusterStatus,
+    awsRedshiftClusterDetails_clusterSubnetGroupName,
+    awsRedshiftClusterDetails_clusterVersion,
+    awsRedshiftClusterDetails_dbName,
+    awsRedshiftClusterDetails_deferredMaintenanceWindows,
+    awsRedshiftClusterDetails_elasticIpStatus,
+    awsRedshiftClusterDetails_elasticResizeNumberOfNodeOptions,
+    awsRedshiftClusterDetails_encrypted,
+    awsRedshiftClusterDetails_endpoint,
+    awsRedshiftClusterDetails_enhancedVpcRouting,
+    awsRedshiftClusterDetails_expectedNextSnapshotScheduleTime,
+    awsRedshiftClusterDetails_expectedNextSnapshotScheduleTimeStatus,
+    awsRedshiftClusterDetails_hsmStatus,
+    awsRedshiftClusterDetails_iamRoles,
+    awsRedshiftClusterDetails_kmsKeyId,
+    awsRedshiftClusterDetails_loggingStatus,
+    awsRedshiftClusterDetails_maintenanceTrackName,
+    awsRedshiftClusterDetails_manualSnapshotRetentionPeriod,
+    awsRedshiftClusterDetails_masterUsername,
+    awsRedshiftClusterDetails_nextMaintenanceWindowStartTime,
+    awsRedshiftClusterDetails_nodeType,
+    awsRedshiftClusterDetails_numberOfNodes,
+    awsRedshiftClusterDetails_pendingActions,
+    awsRedshiftClusterDetails_pendingModifiedValues,
+    awsRedshiftClusterDetails_preferredMaintenanceWindow,
+    awsRedshiftClusterDetails_publiclyAccessible,
+    awsRedshiftClusterDetails_resizeInfo,
+    awsRedshiftClusterDetails_restoreStatus,
+    awsRedshiftClusterDetails_snapshotScheduleIdentifier,
+    awsRedshiftClusterDetails_snapshotScheduleState,
+    awsRedshiftClusterDetails_vpcId,
+    awsRedshiftClusterDetails_vpcSecurityGroups,
+
+    -- * AwsRedshiftClusterElasticIpStatus
+    AwsRedshiftClusterElasticIpStatus (..),
+    newAwsRedshiftClusterElasticIpStatus,
+    awsRedshiftClusterElasticIpStatus_elasticIp,
+    awsRedshiftClusterElasticIpStatus_status,
+
+    -- * AwsRedshiftClusterEndpoint
+    AwsRedshiftClusterEndpoint (..),
+    newAwsRedshiftClusterEndpoint,
+    awsRedshiftClusterEndpoint_address,
+    awsRedshiftClusterEndpoint_port,
+
+    -- * AwsRedshiftClusterHsmStatus
+    AwsRedshiftClusterHsmStatus (..),
+    newAwsRedshiftClusterHsmStatus,
+    awsRedshiftClusterHsmStatus_hsmClientCertificateIdentifier,
+    awsRedshiftClusterHsmStatus_hsmConfigurationIdentifier,
+    awsRedshiftClusterHsmStatus_status,
+
+    -- * AwsRedshiftClusterIamRole
+    AwsRedshiftClusterIamRole (..),
+    newAwsRedshiftClusterIamRole,
+    awsRedshiftClusterIamRole_applyStatus,
+    awsRedshiftClusterIamRole_iamRoleArn,
+
+    -- * AwsRedshiftClusterLoggingStatus
+    AwsRedshiftClusterLoggingStatus (..),
+    newAwsRedshiftClusterLoggingStatus,
+    awsRedshiftClusterLoggingStatus_bucketName,
+    awsRedshiftClusterLoggingStatus_lastFailureMessage,
+    awsRedshiftClusterLoggingStatus_lastFailureTime,
+    awsRedshiftClusterLoggingStatus_lastSuccessfulDeliveryTime,
+    awsRedshiftClusterLoggingStatus_loggingEnabled,
+    awsRedshiftClusterLoggingStatus_s3KeyPrefix,
+
+    -- * AwsRedshiftClusterPendingModifiedValues
+    AwsRedshiftClusterPendingModifiedValues (..),
+    newAwsRedshiftClusterPendingModifiedValues,
+    awsRedshiftClusterPendingModifiedValues_automatedSnapshotRetentionPeriod,
+    awsRedshiftClusterPendingModifiedValues_clusterIdentifier,
+    awsRedshiftClusterPendingModifiedValues_clusterType,
+    awsRedshiftClusterPendingModifiedValues_clusterVersion,
+    awsRedshiftClusterPendingModifiedValues_encryptionType,
+    awsRedshiftClusterPendingModifiedValues_enhancedVpcRouting,
+    awsRedshiftClusterPendingModifiedValues_maintenanceTrackName,
+    awsRedshiftClusterPendingModifiedValues_masterUserPassword,
+    awsRedshiftClusterPendingModifiedValues_nodeType,
+    awsRedshiftClusterPendingModifiedValues_numberOfNodes,
+    awsRedshiftClusterPendingModifiedValues_publiclyAccessible,
+
+    -- * AwsRedshiftClusterResizeInfo
+    AwsRedshiftClusterResizeInfo (..),
+    newAwsRedshiftClusterResizeInfo,
+    awsRedshiftClusterResizeInfo_allowCancelResize,
+    awsRedshiftClusterResizeInfo_resizeType,
+
+    -- * AwsRedshiftClusterRestoreStatus
+    AwsRedshiftClusterRestoreStatus (..),
+    newAwsRedshiftClusterRestoreStatus,
+    awsRedshiftClusterRestoreStatus_currentRestoreRateInMegaBytesPerSecond,
+    awsRedshiftClusterRestoreStatus_elapsedTimeInSeconds,
+    awsRedshiftClusterRestoreStatus_estimatedTimeToCompletionInSeconds,
+    awsRedshiftClusterRestoreStatus_progressInMegaBytes,
+    awsRedshiftClusterRestoreStatus_snapshotSizeInMegaBytes,
+    awsRedshiftClusterRestoreStatus_status,
+
+    -- * AwsRedshiftClusterVpcSecurityGroup
+    AwsRedshiftClusterVpcSecurityGroup (..),
+    newAwsRedshiftClusterVpcSecurityGroup,
+    awsRedshiftClusterVpcSecurityGroup_status,
+    awsRedshiftClusterVpcSecurityGroup_vpcSecurityGroupId,
+
+    -- * AwsS3AccountPublicAccessBlockDetails
+    AwsS3AccountPublicAccessBlockDetails (..),
+    newAwsS3AccountPublicAccessBlockDetails,
+    awsS3AccountPublicAccessBlockDetails_blockPublicAcls,
+    awsS3AccountPublicAccessBlockDetails_blockPublicPolicy,
+    awsS3AccountPublicAccessBlockDetails_ignorePublicAcls,
+    awsS3AccountPublicAccessBlockDetails_restrictPublicBuckets,
+
+    -- * AwsS3BucketBucketLifecycleConfigurationDetails
+    AwsS3BucketBucketLifecycleConfigurationDetails (..),
+    newAwsS3BucketBucketLifecycleConfigurationDetails,
+    awsS3BucketBucketLifecycleConfigurationDetails_rules,
+
+    -- * AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails (..),
+    newAwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails,
+    awsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails_daysAfterInitiation,
+
+    -- * AwsS3BucketBucketLifecycleConfigurationRulesDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesDetails (..),
+    newAwsS3BucketBucketLifecycleConfigurationRulesDetails,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_abortIncompleteMultipartUpload,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_expirationDate,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_expirationInDays,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_expiredObjectDeleteMarker,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_filter,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_id,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_noncurrentVersionExpirationInDays,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_noncurrentVersionTransitions,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_prefix,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_status,
+    awsS3BucketBucketLifecycleConfigurationRulesDetails_transitions,
+
+    -- * AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails (..),
+    newAwsS3BucketBucketLifecycleConfigurationRulesFilterDetails,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterDetails_predicate,
+
+    -- * AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails (..),
+    newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_operands,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_prefix,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_tag,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_type,
+
+    -- * AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails (..),
+    newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails_prefix,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails_tag,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails_type,
+
+    -- * AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails (..),
+    newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails_key,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails_value,
+
+    -- * AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails (..),
+    newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails_key,
+    awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails_value,
+
+    -- * AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails (..),
+    newAwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails,
+    awsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails_days,
+    awsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails_storageClass,
+
+    -- * AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails
+    AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails (..),
+    newAwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails,
+    awsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails_date,
+    awsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails_days,
+    awsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails_storageClass,
+
+    -- * AwsS3BucketBucketVersioningConfiguration
+    AwsS3BucketBucketVersioningConfiguration (..),
+    newAwsS3BucketBucketVersioningConfiguration,
+    awsS3BucketBucketVersioningConfiguration_isMfaDeleteEnabled,
+    awsS3BucketBucketVersioningConfiguration_status,
+
+    -- * AwsS3BucketDetails
+    AwsS3BucketDetails (..),
+    newAwsS3BucketDetails,
+    awsS3BucketDetails_accessControlList,
+    awsS3BucketDetails_bucketLifecycleConfiguration,
+    awsS3BucketDetails_bucketLoggingConfiguration,
+    awsS3BucketDetails_bucketNotificationConfiguration,
+    awsS3BucketDetails_bucketVersioningConfiguration,
+    awsS3BucketDetails_bucketWebsiteConfiguration,
+    awsS3BucketDetails_createdAt,
+    awsS3BucketDetails_ownerAccountId,
+    awsS3BucketDetails_ownerId,
+    awsS3BucketDetails_ownerName,
+    awsS3BucketDetails_publicAccessBlockConfiguration,
+    awsS3BucketDetails_serverSideEncryptionConfiguration,
+
+    -- * AwsS3BucketLoggingConfiguration
+    AwsS3BucketLoggingConfiguration (..),
+    newAwsS3BucketLoggingConfiguration,
+    awsS3BucketLoggingConfiguration_destinationBucketName,
+    awsS3BucketLoggingConfiguration_logFilePrefix,
+
+    -- * AwsS3BucketNotificationConfiguration
+    AwsS3BucketNotificationConfiguration (..),
+    newAwsS3BucketNotificationConfiguration,
+    awsS3BucketNotificationConfiguration_configurations,
+
+    -- * AwsS3BucketNotificationConfigurationDetail
+    AwsS3BucketNotificationConfigurationDetail (..),
+    newAwsS3BucketNotificationConfigurationDetail,
+    awsS3BucketNotificationConfigurationDetail_destination,
+    awsS3BucketNotificationConfigurationDetail_events,
+    awsS3BucketNotificationConfigurationDetail_filter,
+    awsS3BucketNotificationConfigurationDetail_type,
+
+    -- * AwsS3BucketNotificationConfigurationFilter
+    AwsS3BucketNotificationConfigurationFilter (..),
+    newAwsS3BucketNotificationConfigurationFilter,
+    awsS3BucketNotificationConfigurationFilter_s3KeyFilter,
+
+    -- * AwsS3BucketNotificationConfigurationS3KeyFilter
+    AwsS3BucketNotificationConfigurationS3KeyFilter (..),
+    newAwsS3BucketNotificationConfigurationS3KeyFilter,
+    awsS3BucketNotificationConfigurationS3KeyFilter_filterRules,
+
+    -- * AwsS3BucketNotificationConfigurationS3KeyFilterRule
+    AwsS3BucketNotificationConfigurationS3KeyFilterRule (..),
+    newAwsS3BucketNotificationConfigurationS3KeyFilterRule,
+    awsS3BucketNotificationConfigurationS3KeyFilterRule_name,
+    awsS3BucketNotificationConfigurationS3KeyFilterRule_value,
+
+    -- * AwsS3BucketServerSideEncryptionByDefault
+    AwsS3BucketServerSideEncryptionByDefault (..),
+    newAwsS3BucketServerSideEncryptionByDefault,
+    awsS3BucketServerSideEncryptionByDefault_kmsMasterKeyID,
+    awsS3BucketServerSideEncryptionByDefault_sSEAlgorithm,
+
+    -- * AwsS3BucketServerSideEncryptionConfiguration
+    AwsS3BucketServerSideEncryptionConfiguration (..),
+    newAwsS3BucketServerSideEncryptionConfiguration,
+    awsS3BucketServerSideEncryptionConfiguration_rules,
+
+    -- * AwsS3BucketServerSideEncryptionRule
+    AwsS3BucketServerSideEncryptionRule (..),
+    newAwsS3BucketServerSideEncryptionRule,
+    awsS3BucketServerSideEncryptionRule_applyServerSideEncryptionByDefault,
+
+    -- * AwsS3BucketWebsiteConfiguration
+    AwsS3BucketWebsiteConfiguration (..),
+    newAwsS3BucketWebsiteConfiguration,
+    awsS3BucketWebsiteConfiguration_errorDocument,
+    awsS3BucketWebsiteConfiguration_indexDocumentSuffix,
+    awsS3BucketWebsiteConfiguration_redirectAllRequestsTo,
+    awsS3BucketWebsiteConfiguration_routingRules,
+
+    -- * AwsS3BucketWebsiteConfigurationRedirectTo
+    AwsS3BucketWebsiteConfigurationRedirectTo (..),
+    newAwsS3BucketWebsiteConfigurationRedirectTo,
+    awsS3BucketWebsiteConfigurationRedirectTo_hostname,
+    awsS3BucketWebsiteConfigurationRedirectTo_protocol,
+
+    -- * AwsS3BucketWebsiteConfigurationRoutingRule
+    AwsS3BucketWebsiteConfigurationRoutingRule (..),
+    newAwsS3BucketWebsiteConfigurationRoutingRule,
+    awsS3BucketWebsiteConfigurationRoutingRule_condition,
+    awsS3BucketWebsiteConfigurationRoutingRule_redirect,
+
+    -- * AwsS3BucketWebsiteConfigurationRoutingRuleCondition
+    AwsS3BucketWebsiteConfigurationRoutingRuleCondition (..),
+    newAwsS3BucketWebsiteConfigurationRoutingRuleCondition,
+    awsS3BucketWebsiteConfigurationRoutingRuleCondition_httpErrorCodeReturnedEquals,
+    awsS3BucketWebsiteConfigurationRoutingRuleCondition_keyPrefixEquals,
+
+    -- * AwsS3BucketWebsiteConfigurationRoutingRuleRedirect
+    AwsS3BucketWebsiteConfigurationRoutingRuleRedirect (..),
+    newAwsS3BucketWebsiteConfigurationRoutingRuleRedirect,
+    awsS3BucketWebsiteConfigurationRoutingRuleRedirect_hostname,
+    awsS3BucketWebsiteConfigurationRoutingRuleRedirect_httpRedirectCode,
+    awsS3BucketWebsiteConfigurationRoutingRuleRedirect_protocol,
+    awsS3BucketWebsiteConfigurationRoutingRuleRedirect_replaceKeyPrefixWith,
+    awsS3BucketWebsiteConfigurationRoutingRuleRedirect_replaceKeyWith,
+
+    -- * AwsS3ObjectDetails
+    AwsS3ObjectDetails (..),
+    newAwsS3ObjectDetails,
+    awsS3ObjectDetails_contentType,
+    awsS3ObjectDetails_eTag,
+    awsS3ObjectDetails_lastModified,
+    awsS3ObjectDetails_sSEKMSKeyId,
+    awsS3ObjectDetails_serverSideEncryption,
+    awsS3ObjectDetails_versionId,
+
+    -- * AwsSageMakerNotebookInstanceDetails
+    AwsSageMakerNotebookInstanceDetails (..),
+    newAwsSageMakerNotebookInstanceDetails,
+    awsSageMakerNotebookInstanceDetails_acceleratorTypes,
+    awsSageMakerNotebookInstanceDetails_additionalCodeRepositories,
+    awsSageMakerNotebookInstanceDetails_defaultCodeRepository,
+    awsSageMakerNotebookInstanceDetails_directInternetAccess,
+    awsSageMakerNotebookInstanceDetails_failureReason,
+    awsSageMakerNotebookInstanceDetails_instanceMetadataServiceConfiguration,
+    awsSageMakerNotebookInstanceDetails_instanceType,
+    awsSageMakerNotebookInstanceDetails_kmsKeyId,
+    awsSageMakerNotebookInstanceDetails_networkInterfaceId,
+    awsSageMakerNotebookInstanceDetails_notebookInstanceArn,
+    awsSageMakerNotebookInstanceDetails_notebookInstanceLifecycleConfigName,
+    awsSageMakerNotebookInstanceDetails_notebookInstanceName,
+    awsSageMakerNotebookInstanceDetails_notebookInstanceStatus,
+    awsSageMakerNotebookInstanceDetails_platformIdentifier,
+    awsSageMakerNotebookInstanceDetails_roleArn,
+    awsSageMakerNotebookInstanceDetails_rootAccess,
+    awsSageMakerNotebookInstanceDetails_securityGroups,
+    awsSageMakerNotebookInstanceDetails_subnetId,
+    awsSageMakerNotebookInstanceDetails_url,
+    awsSageMakerNotebookInstanceDetails_volumeSizeInGB,
+
+    -- * AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails
+    AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails (..),
+    newAwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails,
+    awsSageMakerNotebookInstanceMetadataServiceConfigurationDetails_minimumInstanceMetadataServiceVersion,
+
+    -- * AwsSecretsManagerSecretDetails
+    AwsSecretsManagerSecretDetails (..),
+    newAwsSecretsManagerSecretDetails,
+    awsSecretsManagerSecretDetails_deleted,
+    awsSecretsManagerSecretDetails_description,
+    awsSecretsManagerSecretDetails_kmsKeyId,
+    awsSecretsManagerSecretDetails_name,
+    awsSecretsManagerSecretDetails_rotationEnabled,
+    awsSecretsManagerSecretDetails_rotationLambdaArn,
+    awsSecretsManagerSecretDetails_rotationOccurredWithinFrequency,
+    awsSecretsManagerSecretDetails_rotationRules,
+
+    -- * AwsSecretsManagerSecretRotationRules
+    AwsSecretsManagerSecretRotationRules (..),
+    newAwsSecretsManagerSecretRotationRules,
+    awsSecretsManagerSecretRotationRules_automaticallyAfterDays,
+
+    -- * AwsSecurityFinding
+    AwsSecurityFinding (..),
+    newAwsSecurityFinding,
+    awsSecurityFinding_action,
+    awsSecurityFinding_companyName,
+    awsSecurityFinding_compliance,
+    awsSecurityFinding_confidence,
+    awsSecurityFinding_criticality,
+    awsSecurityFinding_findingProviderFields,
+    awsSecurityFinding_firstObservedAt,
+    awsSecurityFinding_lastObservedAt,
+    awsSecurityFinding_malware,
+    awsSecurityFinding_network,
+    awsSecurityFinding_networkPath,
+    awsSecurityFinding_note,
+    awsSecurityFinding_patchSummary,
+    awsSecurityFinding_process,
+    awsSecurityFinding_productFields,
+    awsSecurityFinding_productName,
+    awsSecurityFinding_recordState,
+    awsSecurityFinding_region,
+    awsSecurityFinding_relatedFindings,
+    awsSecurityFinding_remediation,
+    awsSecurityFinding_sample,
+    awsSecurityFinding_severity,
+    awsSecurityFinding_sourceUrl,
+    awsSecurityFinding_threatIntelIndicators,
+    awsSecurityFinding_threats,
+    awsSecurityFinding_types,
+    awsSecurityFinding_userDefinedFields,
+    awsSecurityFinding_verificationState,
+    awsSecurityFinding_vulnerabilities,
+    awsSecurityFinding_workflow,
+    awsSecurityFinding_workflowState,
+    awsSecurityFinding_schemaVersion,
+    awsSecurityFinding_id,
+    awsSecurityFinding_productArn,
+    awsSecurityFinding_generatorId,
+    awsSecurityFinding_awsAccountId,
+    awsSecurityFinding_createdAt,
+    awsSecurityFinding_updatedAt,
+    awsSecurityFinding_title,
+    awsSecurityFinding_description,
+    awsSecurityFinding_resources,
+
+    -- * AwsSecurityFindingFilters
+    AwsSecurityFindingFilters (..),
+    newAwsSecurityFindingFilters,
+    awsSecurityFindingFilters_awsAccountId,
+    awsSecurityFindingFilters_companyName,
+    awsSecurityFindingFilters_complianceStatus,
+    awsSecurityFindingFilters_confidence,
+    awsSecurityFindingFilters_createdAt,
+    awsSecurityFindingFilters_criticality,
+    awsSecurityFindingFilters_description,
+    awsSecurityFindingFilters_findingProviderFieldsConfidence,
+    awsSecurityFindingFilters_findingProviderFieldsCriticality,
+    awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsId,
+    awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsProductArn,
+    awsSecurityFindingFilters_findingProviderFieldsSeverityLabel,
+    awsSecurityFindingFilters_findingProviderFieldsSeverityOriginal,
+    awsSecurityFindingFilters_findingProviderFieldsTypes,
+    awsSecurityFindingFilters_firstObservedAt,
+    awsSecurityFindingFilters_generatorId,
+    awsSecurityFindingFilters_id,
+    awsSecurityFindingFilters_keyword,
+    awsSecurityFindingFilters_lastObservedAt,
+    awsSecurityFindingFilters_malwareName,
+    awsSecurityFindingFilters_malwarePath,
+    awsSecurityFindingFilters_malwareState,
+    awsSecurityFindingFilters_malwareType,
+    awsSecurityFindingFilters_networkDestinationDomain,
+    awsSecurityFindingFilters_networkDestinationIpV4,
+    awsSecurityFindingFilters_networkDestinationIpV6,
+    awsSecurityFindingFilters_networkDestinationPort,
+    awsSecurityFindingFilters_networkDirection,
+    awsSecurityFindingFilters_networkProtocol,
+    awsSecurityFindingFilters_networkSourceDomain,
+    awsSecurityFindingFilters_networkSourceIpV4,
+    awsSecurityFindingFilters_networkSourceIpV6,
+    awsSecurityFindingFilters_networkSourceMac,
+    awsSecurityFindingFilters_networkSourcePort,
+    awsSecurityFindingFilters_noteText,
+    awsSecurityFindingFilters_noteUpdatedAt,
+    awsSecurityFindingFilters_noteUpdatedBy,
+    awsSecurityFindingFilters_processLaunchedAt,
+    awsSecurityFindingFilters_processName,
+    awsSecurityFindingFilters_processParentPid,
+    awsSecurityFindingFilters_processPath,
+    awsSecurityFindingFilters_processPid,
+    awsSecurityFindingFilters_processTerminatedAt,
+    awsSecurityFindingFilters_productArn,
+    awsSecurityFindingFilters_productFields,
+    awsSecurityFindingFilters_productName,
+    awsSecurityFindingFilters_recommendationText,
+    awsSecurityFindingFilters_recordState,
+    awsSecurityFindingFilters_region,
+    awsSecurityFindingFilters_relatedFindingsId,
+    awsSecurityFindingFilters_relatedFindingsProductArn,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceIamInstanceProfileArn,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceImageId,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceIpV4Addresses,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceIpV6Addresses,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceKeyName,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceLaunchedAt,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceSubnetId,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceType,
+    awsSecurityFindingFilters_resourceAwsEc2InstanceVpcId,
+    awsSecurityFindingFilters_resourceAwsIamAccessKeyCreatedAt,
+    awsSecurityFindingFilters_resourceAwsIamAccessKeyPrincipalName,
+    awsSecurityFindingFilters_resourceAwsIamAccessKeyStatus,
+    awsSecurityFindingFilters_resourceAwsIamAccessKeyUserName,
+    awsSecurityFindingFilters_resourceAwsIamUserUserName,
+    awsSecurityFindingFilters_resourceAwsS3BucketOwnerId,
+    awsSecurityFindingFilters_resourceAwsS3BucketOwnerName,
+    awsSecurityFindingFilters_resourceContainerImageId,
+    awsSecurityFindingFilters_resourceContainerImageName,
+    awsSecurityFindingFilters_resourceContainerLaunchedAt,
+    awsSecurityFindingFilters_resourceContainerName,
+    awsSecurityFindingFilters_resourceDetailsOther,
+    awsSecurityFindingFilters_resourceId,
+    awsSecurityFindingFilters_resourcePartition,
+    awsSecurityFindingFilters_resourceRegion,
+    awsSecurityFindingFilters_resourceTags,
+    awsSecurityFindingFilters_resourceType,
+    awsSecurityFindingFilters_sample,
+    awsSecurityFindingFilters_severityLabel,
+    awsSecurityFindingFilters_severityNormalized,
+    awsSecurityFindingFilters_severityProduct,
+    awsSecurityFindingFilters_sourceUrl,
+    awsSecurityFindingFilters_threatIntelIndicatorCategory,
+    awsSecurityFindingFilters_threatIntelIndicatorLastObservedAt,
+    awsSecurityFindingFilters_threatIntelIndicatorSource,
+    awsSecurityFindingFilters_threatIntelIndicatorSourceUrl,
+    awsSecurityFindingFilters_threatIntelIndicatorType,
+    awsSecurityFindingFilters_threatIntelIndicatorValue,
+    awsSecurityFindingFilters_title,
+    awsSecurityFindingFilters_type,
+    awsSecurityFindingFilters_updatedAt,
+    awsSecurityFindingFilters_userDefinedFields,
+    awsSecurityFindingFilters_verificationState,
+    awsSecurityFindingFilters_workflowState,
+    awsSecurityFindingFilters_workflowStatus,
+
+    -- * AwsSecurityFindingIdentifier
+    AwsSecurityFindingIdentifier (..),
+    newAwsSecurityFindingIdentifier,
+    awsSecurityFindingIdentifier_id,
+    awsSecurityFindingIdentifier_productArn,
+
+    -- * AwsSnsTopicDetails
+    AwsSnsTopicDetails (..),
+    newAwsSnsTopicDetails,
+    awsSnsTopicDetails_applicationSuccessFeedbackRoleArn,
+    awsSnsTopicDetails_firehoseFailureFeedbackRoleArn,
+    awsSnsTopicDetails_firehoseSuccessFeedbackRoleArn,
+    awsSnsTopicDetails_httpFailureFeedbackRoleArn,
+    awsSnsTopicDetails_httpSuccessFeedbackRoleArn,
+    awsSnsTopicDetails_kmsMasterKeyId,
+    awsSnsTopicDetails_owner,
+    awsSnsTopicDetails_sqsFailureFeedbackRoleArn,
+    awsSnsTopicDetails_sqsSuccessFeedbackRoleArn,
+    awsSnsTopicDetails_subscription,
+    awsSnsTopicDetails_topicName,
+
+    -- * AwsSnsTopicSubscription
+    AwsSnsTopicSubscription (..),
+    newAwsSnsTopicSubscription,
+    awsSnsTopicSubscription_endpoint,
+    awsSnsTopicSubscription_protocol,
+
+    -- * AwsSqsQueueDetails
+    AwsSqsQueueDetails (..),
+    newAwsSqsQueueDetails,
+    awsSqsQueueDetails_deadLetterTargetArn,
+    awsSqsQueueDetails_kmsDataKeyReusePeriodSeconds,
+    awsSqsQueueDetails_kmsMasterKeyId,
+    awsSqsQueueDetails_queueName,
+
+    -- * AwsSsmComplianceSummary
+    AwsSsmComplianceSummary (..),
+    newAwsSsmComplianceSummary,
+    awsSsmComplianceSummary_complianceType,
+    awsSsmComplianceSummary_compliantCriticalCount,
+    awsSsmComplianceSummary_compliantHighCount,
+    awsSsmComplianceSummary_compliantInformationalCount,
+    awsSsmComplianceSummary_compliantLowCount,
+    awsSsmComplianceSummary_compliantMediumCount,
+    awsSsmComplianceSummary_compliantUnspecifiedCount,
+    awsSsmComplianceSummary_executionType,
+    awsSsmComplianceSummary_nonCompliantCriticalCount,
+    awsSsmComplianceSummary_nonCompliantHighCount,
+    awsSsmComplianceSummary_nonCompliantInformationalCount,
+    awsSsmComplianceSummary_nonCompliantLowCount,
+    awsSsmComplianceSummary_nonCompliantMediumCount,
+    awsSsmComplianceSummary_nonCompliantUnspecifiedCount,
+    awsSsmComplianceSummary_overallSeverity,
+    awsSsmComplianceSummary_patchBaselineId,
+    awsSsmComplianceSummary_patchGroup,
+    awsSsmComplianceSummary_status,
+
+    -- * AwsSsmPatch
+    AwsSsmPatch (..),
+    newAwsSsmPatch,
+    awsSsmPatch_complianceSummary,
+
+    -- * AwsSsmPatchComplianceDetails
+    AwsSsmPatchComplianceDetails (..),
+    newAwsSsmPatchComplianceDetails,
+    awsSsmPatchComplianceDetails_patch,
+
+    -- * AwsWafRateBasedRuleDetails
+    AwsWafRateBasedRuleDetails (..),
+    newAwsWafRateBasedRuleDetails,
+    awsWafRateBasedRuleDetails_matchPredicates,
+    awsWafRateBasedRuleDetails_metricName,
+    awsWafRateBasedRuleDetails_name,
+    awsWafRateBasedRuleDetails_rateKey,
+    awsWafRateBasedRuleDetails_rateLimit,
+    awsWafRateBasedRuleDetails_ruleId,
+
+    -- * AwsWafRateBasedRuleMatchPredicate
+    AwsWafRateBasedRuleMatchPredicate (..),
+    newAwsWafRateBasedRuleMatchPredicate,
+    awsWafRateBasedRuleMatchPredicate_dataId,
+    awsWafRateBasedRuleMatchPredicate_negated,
+    awsWafRateBasedRuleMatchPredicate_type,
+
+    -- * AwsWafRegionalRateBasedRuleDetails
+    AwsWafRegionalRateBasedRuleDetails (..),
+    newAwsWafRegionalRateBasedRuleDetails,
+    awsWafRegionalRateBasedRuleDetails_matchPredicates,
+    awsWafRegionalRateBasedRuleDetails_metricName,
+    awsWafRegionalRateBasedRuleDetails_name,
+    awsWafRegionalRateBasedRuleDetails_rateKey,
+    awsWafRegionalRateBasedRuleDetails_rateLimit,
+    awsWafRegionalRateBasedRuleDetails_ruleId,
+
+    -- * AwsWafRegionalRateBasedRuleMatchPredicate
+    AwsWafRegionalRateBasedRuleMatchPredicate (..),
+    newAwsWafRegionalRateBasedRuleMatchPredicate,
+    awsWafRegionalRateBasedRuleMatchPredicate_dataId,
+    awsWafRegionalRateBasedRuleMatchPredicate_negated,
+    awsWafRegionalRateBasedRuleMatchPredicate_type,
+
+    -- * AwsWafRegionalRuleDetails
+    AwsWafRegionalRuleDetails (..),
+    newAwsWafRegionalRuleDetails,
+    awsWafRegionalRuleDetails_metricName,
+    awsWafRegionalRuleDetails_name,
+    awsWafRegionalRuleDetails_predicateList,
+    awsWafRegionalRuleDetails_ruleId,
+
+    -- * AwsWafRegionalRuleGroupDetails
+    AwsWafRegionalRuleGroupDetails (..),
+    newAwsWafRegionalRuleGroupDetails,
+    awsWafRegionalRuleGroupDetails_metricName,
+    awsWafRegionalRuleGroupDetails_name,
+    awsWafRegionalRuleGroupDetails_ruleGroupId,
+    awsWafRegionalRuleGroupDetails_rules,
+
+    -- * AwsWafRegionalRuleGroupRulesActionDetails
+    AwsWafRegionalRuleGroupRulesActionDetails (..),
+    newAwsWafRegionalRuleGroupRulesActionDetails,
+    awsWafRegionalRuleGroupRulesActionDetails_type,
+
+    -- * AwsWafRegionalRuleGroupRulesDetails
+    AwsWafRegionalRuleGroupRulesDetails (..),
+    newAwsWafRegionalRuleGroupRulesDetails,
+    awsWafRegionalRuleGroupRulesDetails_action,
+    awsWafRegionalRuleGroupRulesDetails_priority,
+    awsWafRegionalRuleGroupRulesDetails_ruleId,
+    awsWafRegionalRuleGroupRulesDetails_type,
+
+    -- * AwsWafRegionalRulePredicateListDetails
+    AwsWafRegionalRulePredicateListDetails (..),
+    newAwsWafRegionalRulePredicateListDetails,
+    awsWafRegionalRulePredicateListDetails_dataId,
+    awsWafRegionalRulePredicateListDetails_negated,
+    awsWafRegionalRulePredicateListDetails_type,
+
+    -- * AwsWafRegionalWebAclDetails
+    AwsWafRegionalWebAclDetails (..),
+    newAwsWafRegionalWebAclDetails,
+    awsWafRegionalWebAclDetails_defaultAction,
+    awsWafRegionalWebAclDetails_metricName,
+    awsWafRegionalWebAclDetails_name,
+    awsWafRegionalWebAclDetails_rulesList,
+    awsWafRegionalWebAclDetails_webAclId,
+
+    -- * AwsWafRegionalWebAclRulesListActionDetails
+    AwsWafRegionalWebAclRulesListActionDetails (..),
+    newAwsWafRegionalWebAclRulesListActionDetails,
+    awsWafRegionalWebAclRulesListActionDetails_type,
+
+    -- * AwsWafRegionalWebAclRulesListDetails
+    AwsWafRegionalWebAclRulesListDetails (..),
+    newAwsWafRegionalWebAclRulesListDetails,
+    awsWafRegionalWebAclRulesListDetails_action,
+    awsWafRegionalWebAclRulesListDetails_overrideAction,
+    awsWafRegionalWebAclRulesListDetails_priority,
+    awsWafRegionalWebAclRulesListDetails_ruleId,
+    awsWafRegionalWebAclRulesListDetails_type,
+
+    -- * AwsWafRegionalWebAclRulesListOverrideActionDetails
+    AwsWafRegionalWebAclRulesListOverrideActionDetails (..),
+    newAwsWafRegionalWebAclRulesListOverrideActionDetails,
+    awsWafRegionalWebAclRulesListOverrideActionDetails_type,
+
+    -- * AwsWafRuleDetails
+    AwsWafRuleDetails (..),
+    newAwsWafRuleDetails,
+    awsWafRuleDetails_metricName,
+    awsWafRuleDetails_name,
+    awsWafRuleDetails_predicateList,
+    awsWafRuleDetails_ruleId,
+
+    -- * AwsWafRuleGroupDetails
+    AwsWafRuleGroupDetails (..),
+    newAwsWafRuleGroupDetails,
+    awsWafRuleGroupDetails_metricName,
+    awsWafRuleGroupDetails_name,
+    awsWafRuleGroupDetails_ruleGroupId,
+    awsWafRuleGroupDetails_rules,
+
+    -- * AwsWafRuleGroupRulesActionDetails
+    AwsWafRuleGroupRulesActionDetails (..),
+    newAwsWafRuleGroupRulesActionDetails,
+    awsWafRuleGroupRulesActionDetails_type,
+
+    -- * AwsWafRuleGroupRulesDetails
+    AwsWafRuleGroupRulesDetails (..),
+    newAwsWafRuleGroupRulesDetails,
+    awsWafRuleGroupRulesDetails_action,
+    awsWafRuleGroupRulesDetails_priority,
+    awsWafRuleGroupRulesDetails_ruleId,
+    awsWafRuleGroupRulesDetails_type,
+
+    -- * AwsWafRulePredicateListDetails
+    AwsWafRulePredicateListDetails (..),
+    newAwsWafRulePredicateListDetails,
+    awsWafRulePredicateListDetails_dataId,
+    awsWafRulePredicateListDetails_negated,
+    awsWafRulePredicateListDetails_type,
+
+    -- * AwsWafWebAclDetails
+    AwsWafWebAclDetails (..),
+    newAwsWafWebAclDetails,
+    awsWafWebAclDetails_defaultAction,
+    awsWafWebAclDetails_name,
+    awsWafWebAclDetails_rules,
+    awsWafWebAclDetails_webAclId,
+
+    -- * AwsWafWebAclRule
+    AwsWafWebAclRule (..),
+    newAwsWafWebAclRule,
+    awsWafWebAclRule_action,
+    awsWafWebAclRule_excludedRules,
+    awsWafWebAclRule_overrideAction,
+    awsWafWebAclRule_priority,
+    awsWafWebAclRule_ruleId,
+    awsWafWebAclRule_type,
+
+    -- * AwsWafv2ActionAllowDetails
+    AwsWafv2ActionAllowDetails (..),
+    newAwsWafv2ActionAllowDetails,
+    awsWafv2ActionAllowDetails_customRequestHandling,
+
+    -- * AwsWafv2ActionBlockDetails
+    AwsWafv2ActionBlockDetails (..),
+    newAwsWafv2ActionBlockDetails,
+    awsWafv2ActionBlockDetails_customResponse,
+
+    -- * AwsWafv2CustomHttpHeader
+    AwsWafv2CustomHttpHeader (..),
+    newAwsWafv2CustomHttpHeader,
+    awsWafv2CustomHttpHeader_name,
+    awsWafv2CustomHttpHeader_value,
+
+    -- * AwsWafv2CustomRequestHandlingDetails
+    AwsWafv2CustomRequestHandlingDetails (..),
+    newAwsWafv2CustomRequestHandlingDetails,
+    awsWafv2CustomRequestHandlingDetails_insertHeaders,
+
+    -- * AwsWafv2CustomResponseDetails
+    AwsWafv2CustomResponseDetails (..),
+    newAwsWafv2CustomResponseDetails,
+    awsWafv2CustomResponseDetails_customResponseBodyKey,
+    awsWafv2CustomResponseDetails_responseCode,
+    awsWafv2CustomResponseDetails_responseHeaders,
+
+    -- * AwsWafv2RuleGroupDetails
+    AwsWafv2RuleGroupDetails (..),
+    newAwsWafv2RuleGroupDetails,
+    awsWafv2RuleGroupDetails_arn,
+    awsWafv2RuleGroupDetails_capacity,
+    awsWafv2RuleGroupDetails_description,
+    awsWafv2RuleGroupDetails_id,
+    awsWafv2RuleGroupDetails_name,
+    awsWafv2RuleGroupDetails_rules,
+    awsWafv2RuleGroupDetails_scope,
+    awsWafv2RuleGroupDetails_visibilityConfig,
+
+    -- * AwsWafv2RulesActionCaptchaDetails
+    AwsWafv2RulesActionCaptchaDetails (..),
+    newAwsWafv2RulesActionCaptchaDetails,
+    awsWafv2RulesActionCaptchaDetails_customRequestHandling,
+
+    -- * AwsWafv2RulesActionCountDetails
+    AwsWafv2RulesActionCountDetails (..),
+    newAwsWafv2RulesActionCountDetails,
+    awsWafv2RulesActionCountDetails_customRequestHandling,
+
+    -- * AwsWafv2RulesActionDetails
+    AwsWafv2RulesActionDetails (..),
+    newAwsWafv2RulesActionDetails,
+    awsWafv2RulesActionDetails_allow,
+    awsWafv2RulesActionDetails_block,
+    awsWafv2RulesActionDetails_captcha,
+    awsWafv2RulesActionDetails_count,
+
+    -- * AwsWafv2RulesDetails
+    AwsWafv2RulesDetails (..),
+    newAwsWafv2RulesDetails,
+    awsWafv2RulesDetails_action,
+    awsWafv2RulesDetails_name,
+    awsWafv2RulesDetails_overrideAction,
+    awsWafv2RulesDetails_priority,
+    awsWafv2RulesDetails_visibilityConfig,
+
+    -- * AwsWafv2VisibilityConfigDetails
+    AwsWafv2VisibilityConfigDetails (..),
+    newAwsWafv2VisibilityConfigDetails,
+    awsWafv2VisibilityConfigDetails_cloudWatchMetricsEnabled,
+    awsWafv2VisibilityConfigDetails_metricName,
+    awsWafv2VisibilityConfigDetails_sampledRequestsEnabled,
+
+    -- * AwsWafv2WebAclActionDetails
+    AwsWafv2WebAclActionDetails (..),
+    newAwsWafv2WebAclActionDetails,
+    awsWafv2WebAclActionDetails_allow,
+    awsWafv2WebAclActionDetails_block,
+
+    -- * AwsWafv2WebAclCaptchaConfigDetails
+    AwsWafv2WebAclCaptchaConfigDetails (..),
+    newAwsWafv2WebAclCaptchaConfigDetails,
+    awsWafv2WebAclCaptchaConfigDetails_immunityTimeProperty,
+
+    -- * AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails
+    AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails (..),
+    newAwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails,
+    awsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails_immunityTime,
+
+    -- * AwsWafv2WebAclDetails
+    AwsWafv2WebAclDetails (..),
+    newAwsWafv2WebAclDetails,
+    awsWafv2WebAclDetails_arn,
+    awsWafv2WebAclDetails_capacity,
+    awsWafv2WebAclDetails_captchaConfig,
+    awsWafv2WebAclDetails_defaultAction,
+    awsWafv2WebAclDetails_description,
+    awsWafv2WebAclDetails_id,
+    awsWafv2WebAclDetails_managedbyFirewallManager,
+    awsWafv2WebAclDetails_name,
+    awsWafv2WebAclDetails_rules,
+    awsWafv2WebAclDetails_visibilityConfig,
+
+    -- * AwsXrayEncryptionConfigDetails
+    AwsXrayEncryptionConfigDetails (..),
+    newAwsXrayEncryptionConfigDetails,
+    awsXrayEncryptionConfigDetails_keyId,
+    awsXrayEncryptionConfigDetails_status,
+    awsXrayEncryptionConfigDetails_type,
+
+    -- * BatchUpdateFindingsUnprocessedFinding
+    BatchUpdateFindingsUnprocessedFinding (..),
+    newBatchUpdateFindingsUnprocessedFinding,
+    batchUpdateFindingsUnprocessedFinding_findingIdentifier,
+    batchUpdateFindingsUnprocessedFinding_errorCode,
+    batchUpdateFindingsUnprocessedFinding_errorMessage,
+
+    -- * BooleanFilter
+    BooleanFilter (..),
+    newBooleanFilter,
+    booleanFilter_value,
+
+    -- * Cell
+    Cell (..),
+    newCell,
+    cell_cellReference,
+    cell_column,
+    cell_columnName,
+    cell_row,
+
+    -- * CidrBlockAssociation
+    CidrBlockAssociation (..),
+    newCidrBlockAssociation,
+    cidrBlockAssociation_associationId,
+    cidrBlockAssociation_cidrBlock,
+    cidrBlockAssociation_cidrBlockState,
+
+    -- * City
+    City (..),
+    newCity,
+    city_cityName,
+
+    -- * ClassificationResult
+    ClassificationResult (..),
+    newClassificationResult,
+    classificationResult_additionalOccurrences,
+    classificationResult_customDataIdentifiers,
+    classificationResult_mimeType,
+    classificationResult_sensitiveData,
+    classificationResult_sizeClassified,
+    classificationResult_status,
+
+    -- * ClassificationStatus
+    ClassificationStatus (..),
+    newClassificationStatus,
+    classificationStatus_code,
+    classificationStatus_reason,
+
+    -- * Compliance
+    Compliance (..),
+    newCompliance,
+    compliance_relatedRequirements,
+    compliance_status,
+    compliance_statusReasons,
+
+    -- * ContainerDetails
+    ContainerDetails (..),
+    newContainerDetails,
+    containerDetails_containerRuntime,
+    containerDetails_imageId,
+    containerDetails_imageName,
+    containerDetails_launchedAt,
+    containerDetails_name,
+    containerDetails_privileged,
+    containerDetails_volumeMounts,
+
+    -- * Country
+    Country (..),
+    newCountry,
+    country_countryCode,
+    country_countryName,
+
+    -- * CustomDataIdentifiersDetections
+    CustomDataIdentifiersDetections (..),
+    newCustomDataIdentifiersDetections,
+    customDataIdentifiersDetections_arn,
+    customDataIdentifiersDetections_count,
+    customDataIdentifiersDetections_name,
+    customDataIdentifiersDetections_occurrences,
+
+    -- * CustomDataIdentifiersResult
+    CustomDataIdentifiersResult (..),
+    newCustomDataIdentifiersResult,
+    customDataIdentifiersResult_detections,
+    customDataIdentifiersResult_totalCount,
+
+    -- * Cvss
+    Cvss (..),
+    newCvss,
+    cvss_adjustments,
+    cvss_baseScore,
+    cvss_baseVector,
+    cvss_source,
+    cvss_version,
+
+    -- * DataClassificationDetails
+    DataClassificationDetails (..),
+    newDataClassificationDetails,
+    dataClassificationDetails_detailedResultsLocation,
+    dataClassificationDetails_result,
+
+    -- * DateFilter
+    DateFilter (..),
+    newDateFilter,
+    dateFilter_dateRange,
+    dateFilter_end,
+    dateFilter_start,
+
+    -- * DateRange
+    DateRange (..),
+    newDateRange,
+    dateRange_unit,
+    dateRange_value,
+
+    -- * DnsRequestAction
+    DnsRequestAction (..),
+    newDnsRequestAction,
+    dnsRequestAction_blocked,
+    dnsRequestAction_domain,
+    dnsRequestAction_protocol,
+
+    -- * FilePaths
+    FilePaths (..),
+    newFilePaths,
+    filePaths_fileName,
+    filePaths_filePath,
+    filePaths_hash,
+    filePaths_resourceId,
+
+    -- * FindingAggregator
+    FindingAggregator (..),
+    newFindingAggregator,
+    findingAggregator_findingAggregatorArn,
+
+    -- * FindingProviderFields
+    FindingProviderFields (..),
+    newFindingProviderFields,
+    findingProviderFields_confidence,
+    findingProviderFields_criticality,
+    findingProviderFields_relatedFindings,
+    findingProviderFields_severity,
+    findingProviderFields_types,
+
+    -- * FindingProviderSeverity
+    FindingProviderSeverity (..),
+    newFindingProviderSeverity,
+    findingProviderSeverity_label,
+    findingProviderSeverity_original,
+
+    -- * FirewallPolicyDetails
+    FirewallPolicyDetails (..),
+    newFirewallPolicyDetails,
+    firewallPolicyDetails_statefulRuleGroupReferences,
+    firewallPolicyDetails_statelessCustomActions,
+    firewallPolicyDetails_statelessDefaultActions,
+    firewallPolicyDetails_statelessFragmentDefaultActions,
+    firewallPolicyDetails_statelessRuleGroupReferences,
+
+    -- * FirewallPolicyStatefulRuleGroupReferencesDetails
+    FirewallPolicyStatefulRuleGroupReferencesDetails (..),
+    newFirewallPolicyStatefulRuleGroupReferencesDetails,
+    firewallPolicyStatefulRuleGroupReferencesDetails_resourceArn,
+
+    -- * FirewallPolicyStatelessCustomActionsDetails
+    FirewallPolicyStatelessCustomActionsDetails (..),
+    newFirewallPolicyStatelessCustomActionsDetails,
+    firewallPolicyStatelessCustomActionsDetails_actionDefinition,
+    firewallPolicyStatelessCustomActionsDetails_actionName,
+
+    -- * FirewallPolicyStatelessRuleGroupReferencesDetails
+    FirewallPolicyStatelessRuleGroupReferencesDetails (..),
+    newFirewallPolicyStatelessRuleGroupReferencesDetails,
+    firewallPolicyStatelessRuleGroupReferencesDetails_priority,
+    firewallPolicyStatelessRuleGroupReferencesDetails_resourceArn,
+
+    -- * GeoLocation
+    GeoLocation (..),
+    newGeoLocation,
+    geoLocation_lat,
+    geoLocation_lon,
+
+    -- * IcmpTypeCode
+    IcmpTypeCode (..),
+    newIcmpTypeCode,
+    icmpTypeCode_code,
+    icmpTypeCode_type,
+
+    -- * ImportFindingsError
+    ImportFindingsError (..),
+    newImportFindingsError,
+    importFindingsError_id,
+    importFindingsError_errorCode,
+    importFindingsError_errorMessage,
+
+    -- * Insight
+    Insight (..),
+    newInsight,
+    insight_insightArn,
+    insight_name,
+    insight_filters,
+    insight_groupByAttribute,
+
+    -- * InsightResultValue
+    InsightResultValue (..),
+    newInsightResultValue,
+    insightResultValue_groupByAttributeValue,
+    insightResultValue_count,
+
+    -- * InsightResults
+    InsightResults (..),
+    newInsightResults,
+    insightResults_insightArn,
+    insightResults_groupByAttribute,
+    insightResults_resultValues,
+
+    -- * Invitation
+    Invitation (..),
+    newInvitation,
+    invitation_accountId,
+    invitation_invitationId,
+    invitation_invitedAt,
+    invitation_memberStatus,
+
+    -- * IpFilter
+    IpFilter (..),
+    newIpFilter,
+    ipFilter_cidr,
+
+    -- * IpOrganizationDetails
+    IpOrganizationDetails (..),
+    newIpOrganizationDetails,
+    ipOrganizationDetails_asn,
+    ipOrganizationDetails_asnOrg,
+    ipOrganizationDetails_isp,
+    ipOrganizationDetails_org,
+
+    -- * Ipv6CidrBlockAssociation
+    Ipv6CidrBlockAssociation (..),
+    newIpv6CidrBlockAssociation,
+    ipv6CidrBlockAssociation_associationId,
+    ipv6CidrBlockAssociation_cidrBlockState,
+    ipv6CidrBlockAssociation_ipv6CidrBlock,
+
+    -- * KeywordFilter
+    KeywordFilter (..),
+    newKeywordFilter,
+    keywordFilter_value,
+
+    -- * LoadBalancerState
+    LoadBalancerState (..),
+    newLoadBalancerState,
+    loadBalancerState_code,
+    loadBalancerState_reason,
+
+    -- * Malware
+    Malware (..),
+    newMalware,
+    malware_path,
+    malware_state,
+    malware_type,
+    malware_name,
+
+    -- * MapFilter
+    MapFilter (..),
+    newMapFilter,
+    mapFilter_comparison,
+    mapFilter_key,
+    mapFilter_value,
+
+    -- * Member
+    Member (..),
+    newMember,
+    member_accountId,
+    member_administratorId,
+    member_email,
+    member_invitedAt,
+    member_masterId,
+    member_memberStatus,
+    member_updatedAt,
+
+    -- * Network
+    Network (..),
+    newNetwork,
+    network_destinationDomain,
+    network_destinationIpV4,
+    network_destinationIpV6,
+    network_destinationPort,
+    network_direction,
+    network_openPortRange,
+    network_protocol,
+    network_sourceDomain,
+    network_sourceIpV4,
+    network_sourceIpV6,
+    network_sourceMac,
+    network_sourcePort,
+
+    -- * NetworkConnectionAction
+    NetworkConnectionAction (..),
+    newNetworkConnectionAction,
+    networkConnectionAction_blocked,
+    networkConnectionAction_connectionDirection,
+    networkConnectionAction_localPortDetails,
+    networkConnectionAction_protocol,
+    networkConnectionAction_remoteIpDetails,
+    networkConnectionAction_remotePortDetails,
+
+    -- * NetworkHeader
+    NetworkHeader (..),
+    newNetworkHeader,
+    networkHeader_destination,
+    networkHeader_protocol,
+    networkHeader_source,
+
+    -- * NetworkPathComponent
+    NetworkPathComponent (..),
+    newNetworkPathComponent,
+    networkPathComponent_componentId,
+    networkPathComponent_componentType,
+    networkPathComponent_egress,
+    networkPathComponent_ingress,
+
+    -- * NetworkPathComponentDetails
+    NetworkPathComponentDetails (..),
+    newNetworkPathComponentDetails,
+    networkPathComponentDetails_address,
+    networkPathComponentDetails_portRanges,
+
+    -- * Note
+    Note (..),
+    newNote,
+    note_text,
+    note_updatedBy,
+    note_updatedAt,
+
+    -- * NoteUpdate
+    NoteUpdate (..),
+    newNoteUpdate,
+    noteUpdate_text,
+    noteUpdate_updatedBy,
+
+    -- * NumberFilter
+    NumberFilter (..),
+    newNumberFilter,
+    numberFilter_eq,
+    numberFilter_gte,
+    numberFilter_lte,
+
+    -- * Occurrences
+    Occurrences (..),
+    newOccurrences,
+    occurrences_cells,
+    occurrences_lineRanges,
+    occurrences_offsetRanges,
+    occurrences_pages,
+    occurrences_records,
+
+    -- * Page
+    Page (..),
+    newPage,
+    page_lineRange,
+    page_offsetRange,
+    page_pageNumber,
+
+    -- * PatchSummary
+    PatchSummary (..),
+    newPatchSummary,
+    patchSummary_failedCount,
+    patchSummary_installedCount,
+    patchSummary_installedOtherCount,
+    patchSummary_installedPendingReboot,
+    patchSummary_installedRejectedCount,
+    patchSummary_missingCount,
+    patchSummary_operation,
+    patchSummary_operationEndTime,
+    patchSummary_operationStartTime,
+    patchSummary_rebootOption,
+    patchSummary_id,
+
+    -- * PortProbeAction
+    PortProbeAction (..),
+    newPortProbeAction,
+    portProbeAction_blocked,
+    portProbeAction_portProbeDetails,
+
+    -- * PortProbeDetail
+    PortProbeDetail (..),
+    newPortProbeDetail,
+    portProbeDetail_localIpDetails,
+    portProbeDetail_localPortDetails,
+    portProbeDetail_remoteIpDetails,
+
+    -- * PortRange
+    PortRange (..),
+    newPortRange,
+    portRange_begin,
+    portRange_end,
+
+    -- * PortRangeFromTo
+    PortRangeFromTo (..),
+    newPortRangeFromTo,
+    portRangeFromTo_from,
+    portRangeFromTo_to,
+
+    -- * ProcessDetails
+    ProcessDetails (..),
+    newProcessDetails,
+    processDetails_launchedAt,
+    processDetails_name,
+    processDetails_parentPid,
+    processDetails_path,
+    processDetails_pid,
+    processDetails_terminatedAt,
+
+    -- * Product
+    Product (..),
+    newProduct,
+    product_activationUrl,
+    product_categories,
+    product_companyName,
+    product_description,
+    product_integrationTypes,
+    product_marketplaceUrl,
+    product_productName,
+    product_productSubscriptionResourcePolicy,
+    product_productArn,
+
+    -- * Range
+    Range (..),
+    newRange,
+    range_end,
+    range_start,
+    range_startColumn,
+
+    -- * Recommendation
+    Recommendation (..),
+    newRecommendation,
+    recommendation_text,
+    recommendation_url,
+
+    -- * Record
+    Record (..),
+    newRecord,
+    record_jsonPath,
+    record_recordIndex,
+
+    -- * RelatedFinding
+    RelatedFinding (..),
+    newRelatedFinding,
+    relatedFinding_productArn,
+    relatedFinding_id,
+
+    -- * Remediation
+    Remediation (..),
+    newRemediation,
+    remediation_recommendation,
+
+    -- * Resource
+    Resource (..),
+    newResource,
+    resource_dataClassification,
+    resource_details,
+    resource_partition,
+    resource_region,
+    resource_resourceRole,
+    resource_tags,
+    resource_type,
+    resource_id,
+
+    -- * ResourceDetails
+    ResourceDetails (..),
+    newResourceDetails,
+    resourceDetails_awsApiGatewayRestApi,
+    resourceDetails_awsApiGatewayStage,
+    resourceDetails_awsApiGatewayV2Api,
+    resourceDetails_awsApiGatewayV2Stage,
+    resourceDetails_awsAutoScalingAutoScalingGroup,
+    resourceDetails_awsAutoScalingLaunchConfiguration,
+    resourceDetails_awsBackupBackupPlan,
+    resourceDetails_awsBackupBackupVault,
+    resourceDetails_awsBackupRecoveryPoint,
+    resourceDetails_awsCertificateManagerCertificate,
+    resourceDetails_awsCloudFormationStack,
+    resourceDetails_awsCloudFrontDistribution,
+    resourceDetails_awsCloudTrailTrail,
+    resourceDetails_awsCloudWatchAlarm,
+    resourceDetails_awsCodeBuildProject,
+    resourceDetails_awsDynamoDbTable,
+    resourceDetails_awsEc2Eip,
+    resourceDetails_awsEc2Instance,
+    resourceDetails_awsEc2LaunchTemplate,
+    resourceDetails_awsEc2NetworkAcl,
+    resourceDetails_awsEc2NetworkInterface,
+    resourceDetails_awsEc2SecurityGroup,
+    resourceDetails_awsEc2Subnet,
+    resourceDetails_awsEc2TransitGateway,
+    resourceDetails_awsEc2Volume,
+    resourceDetails_awsEc2Vpc,
+    resourceDetails_awsEc2VpcEndpointService,
+    resourceDetails_awsEc2VpcPeeringConnection,
+    resourceDetails_awsEc2VpnConnection,
+    resourceDetails_awsEcrContainerImage,
+    resourceDetails_awsEcrRepository,
+    resourceDetails_awsEcsCluster,
+    resourceDetails_awsEcsContainer,
+    resourceDetails_awsEcsService,
+    resourceDetails_awsEcsTask,
+    resourceDetails_awsEcsTaskDefinition,
+    resourceDetails_awsEfsAccessPoint,
+    resourceDetails_awsEksCluster,
+    resourceDetails_awsElasticBeanstalkEnvironment,
+    resourceDetails_awsElasticsearchDomain,
+    resourceDetails_awsElbLoadBalancer,
+    resourceDetails_awsElbv2LoadBalancer,
+    resourceDetails_awsIamAccessKey,
+    resourceDetails_awsIamGroup,
+    resourceDetails_awsIamPolicy,
+    resourceDetails_awsIamRole,
+    resourceDetails_awsIamUser,
+    resourceDetails_awsKinesisStream,
+    resourceDetails_awsKmsKey,
+    resourceDetails_awsLambdaFunction,
+    resourceDetails_awsLambdaLayerVersion,
+    resourceDetails_awsNetworkFirewallFirewall,
+    resourceDetails_awsNetworkFirewallFirewallPolicy,
+    resourceDetails_awsNetworkFirewallRuleGroup,
+    resourceDetails_awsOpenSearchServiceDomain,
+    resourceDetails_awsRdsDbCluster,
+    resourceDetails_awsRdsDbClusterSnapshot,
+    resourceDetails_awsRdsDbInstance,
+    resourceDetails_awsRdsDbSecurityGroup,
+    resourceDetails_awsRdsDbSnapshot,
+    resourceDetails_awsRdsEventSubscription,
+    resourceDetails_awsRedshiftCluster,
+    resourceDetails_awsS3AccountPublicAccessBlock,
+    resourceDetails_awsS3Bucket,
+    resourceDetails_awsS3Object,
+    resourceDetails_awsSageMakerNotebookInstance,
+    resourceDetails_awsSecretsManagerSecret,
+    resourceDetails_awsSnsTopic,
+    resourceDetails_awsSqsQueue,
+    resourceDetails_awsSsmPatchCompliance,
+    resourceDetails_awsWafRateBasedRule,
+    resourceDetails_awsWafRegionalRateBasedRule,
+    resourceDetails_awsWafRegionalRule,
+    resourceDetails_awsWafRegionalRuleGroup,
+    resourceDetails_awsWafRegionalWebAcl,
+    resourceDetails_awsWafRule,
+    resourceDetails_awsWafRuleGroup,
+    resourceDetails_awsWafWebAcl,
+    resourceDetails_awsWafv2RuleGroup,
+    resourceDetails_awsWafv2WebAcl,
+    resourceDetails_awsXrayEncryptionConfig,
+    resourceDetails_container,
+    resourceDetails_other,
+
+    -- * Result
+    Result (..),
+    newResult,
+    result_accountId,
+    result_processingResult,
+
+    -- * RuleGroupDetails
+    RuleGroupDetails (..),
+    newRuleGroupDetails,
+    ruleGroupDetails_ruleVariables,
+    ruleGroupDetails_rulesSource,
+
+    -- * RuleGroupSource
+    RuleGroupSource (..),
+    newRuleGroupSource,
+    ruleGroupSource_rulesSourceList,
+    ruleGroupSource_rulesString,
+    ruleGroupSource_statefulRules,
+    ruleGroupSource_statelessRulesAndCustomActions,
+
+    -- * RuleGroupSourceCustomActionsDetails
+    RuleGroupSourceCustomActionsDetails (..),
+    newRuleGroupSourceCustomActionsDetails,
+    ruleGroupSourceCustomActionsDetails_actionDefinition,
+    ruleGroupSourceCustomActionsDetails_actionName,
+
+    -- * RuleGroupSourceListDetails
+    RuleGroupSourceListDetails (..),
+    newRuleGroupSourceListDetails,
+    ruleGroupSourceListDetails_generatedRulesType,
+    ruleGroupSourceListDetails_targetTypes,
+    ruleGroupSourceListDetails_targets,
+
+    -- * RuleGroupSourceStatefulRulesDetails
+    RuleGroupSourceStatefulRulesDetails (..),
+    newRuleGroupSourceStatefulRulesDetails,
+    ruleGroupSourceStatefulRulesDetails_action,
+    ruleGroupSourceStatefulRulesDetails_header,
+    ruleGroupSourceStatefulRulesDetails_ruleOptions,
+
+    -- * RuleGroupSourceStatefulRulesHeaderDetails
+    RuleGroupSourceStatefulRulesHeaderDetails (..),
+    newRuleGroupSourceStatefulRulesHeaderDetails,
+    ruleGroupSourceStatefulRulesHeaderDetails_destination,
+    ruleGroupSourceStatefulRulesHeaderDetails_destinationPort,
+    ruleGroupSourceStatefulRulesHeaderDetails_direction,
+    ruleGroupSourceStatefulRulesHeaderDetails_protocol,
+    ruleGroupSourceStatefulRulesHeaderDetails_source,
+    ruleGroupSourceStatefulRulesHeaderDetails_sourcePort,
+
+    -- * RuleGroupSourceStatefulRulesOptionsDetails
+    RuleGroupSourceStatefulRulesOptionsDetails (..),
+    newRuleGroupSourceStatefulRulesOptionsDetails,
+    ruleGroupSourceStatefulRulesOptionsDetails_keyword,
+    ruleGroupSourceStatefulRulesOptionsDetails_settings,
+
+    -- * RuleGroupSourceStatelessRuleDefinition
+    RuleGroupSourceStatelessRuleDefinition (..),
+    newRuleGroupSourceStatelessRuleDefinition,
+    ruleGroupSourceStatelessRuleDefinition_actions,
+    ruleGroupSourceStatelessRuleDefinition_matchAttributes,
+
+    -- * RuleGroupSourceStatelessRuleMatchAttributes
+    RuleGroupSourceStatelessRuleMatchAttributes (..),
+    newRuleGroupSourceStatelessRuleMatchAttributes,
+    ruleGroupSourceStatelessRuleMatchAttributes_destinationPorts,
+    ruleGroupSourceStatelessRuleMatchAttributes_destinations,
+    ruleGroupSourceStatelessRuleMatchAttributes_protocols,
+    ruleGroupSourceStatelessRuleMatchAttributes_sourcePorts,
+    ruleGroupSourceStatelessRuleMatchAttributes_sources,
+    ruleGroupSourceStatelessRuleMatchAttributes_tcpFlags,
+
+    -- * RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
+    RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts (..),
+    newRuleGroupSourceStatelessRuleMatchAttributesDestinationPorts,
+    ruleGroupSourceStatelessRuleMatchAttributesDestinationPorts_fromPort,
+    ruleGroupSourceStatelessRuleMatchAttributesDestinationPorts_toPort,
+
+    -- * RuleGroupSourceStatelessRuleMatchAttributesDestinations
+    RuleGroupSourceStatelessRuleMatchAttributesDestinations (..),
+    newRuleGroupSourceStatelessRuleMatchAttributesDestinations,
+    ruleGroupSourceStatelessRuleMatchAttributesDestinations_addressDefinition,
+
+    -- * RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
+    RuleGroupSourceStatelessRuleMatchAttributesSourcePorts (..),
+    newRuleGroupSourceStatelessRuleMatchAttributesSourcePorts,
+    ruleGroupSourceStatelessRuleMatchAttributesSourcePorts_fromPort,
+    ruleGroupSourceStatelessRuleMatchAttributesSourcePorts_toPort,
+
+    -- * RuleGroupSourceStatelessRuleMatchAttributesSources
+    RuleGroupSourceStatelessRuleMatchAttributesSources (..),
+    newRuleGroupSourceStatelessRuleMatchAttributesSources,
+    ruleGroupSourceStatelessRuleMatchAttributesSources_addressDefinition,
+
+    -- * RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
+    RuleGroupSourceStatelessRuleMatchAttributesTcpFlags (..),
+    newRuleGroupSourceStatelessRuleMatchAttributesTcpFlags,
+    ruleGroupSourceStatelessRuleMatchAttributesTcpFlags_flags,
+    ruleGroupSourceStatelessRuleMatchAttributesTcpFlags_masks,
+
+    -- * RuleGroupSourceStatelessRulesAndCustomActionsDetails
+    RuleGroupSourceStatelessRulesAndCustomActionsDetails (..),
+    newRuleGroupSourceStatelessRulesAndCustomActionsDetails,
+    ruleGroupSourceStatelessRulesAndCustomActionsDetails_customActions,
+    ruleGroupSourceStatelessRulesAndCustomActionsDetails_statelessRules,
+
+    -- * RuleGroupSourceStatelessRulesDetails
+    RuleGroupSourceStatelessRulesDetails (..),
+    newRuleGroupSourceStatelessRulesDetails,
+    ruleGroupSourceStatelessRulesDetails_priority,
+    ruleGroupSourceStatelessRulesDetails_ruleDefinition,
+
+    -- * RuleGroupVariables
+    RuleGroupVariables (..),
+    newRuleGroupVariables,
+    ruleGroupVariables_ipSets,
+    ruleGroupVariables_portSets,
+
+    -- * RuleGroupVariablesIpSetsDetails
+    RuleGroupVariablesIpSetsDetails (..),
+    newRuleGroupVariablesIpSetsDetails,
+    ruleGroupVariablesIpSetsDetails_definition,
+
+    -- * RuleGroupVariablesPortSetsDetails
+    RuleGroupVariablesPortSetsDetails (..),
+    newRuleGroupVariablesPortSetsDetails,
+    ruleGroupVariablesPortSetsDetails_definition,
+
+    -- * SensitiveDataDetections
+    SensitiveDataDetections (..),
+    newSensitiveDataDetections,
+    sensitiveDataDetections_count,
+    sensitiveDataDetections_occurrences,
+    sensitiveDataDetections_type,
+
+    -- * SensitiveDataResult
+    SensitiveDataResult (..),
+    newSensitiveDataResult,
+    sensitiveDataResult_category,
+    sensitiveDataResult_detections,
+    sensitiveDataResult_totalCount,
+
+    -- * Severity
+    Severity (..),
+    newSeverity,
+    severity_label,
+    severity_normalized,
+    severity_original,
+    severity_product,
+
+    -- * SeverityUpdate
+    SeverityUpdate (..),
+    newSeverityUpdate,
+    severityUpdate_label,
+    severityUpdate_normalized,
+    severityUpdate_product,
+
+    -- * SoftwarePackage
+    SoftwarePackage (..),
+    newSoftwarePackage,
+    softwarePackage_architecture,
+    softwarePackage_epoch,
+    softwarePackage_filePath,
+    softwarePackage_fixedInVersion,
+    softwarePackage_name,
+    softwarePackage_packageManager,
+    softwarePackage_release,
+    softwarePackage_remediation,
+    softwarePackage_sourceLayerArn,
+    softwarePackage_sourceLayerHash,
+    softwarePackage_version,
+
+    -- * SortCriterion
+    SortCriterion (..),
+    newSortCriterion,
+    sortCriterion_field,
+    sortCriterion_sortOrder,
+
+    -- * Standard
+    Standard (..),
+    newStandard,
+    standard_description,
+    standard_enabledByDefault,
+    standard_name,
+    standard_standardsArn,
+    standard_standardsManagedBy,
+
+    -- * StandardsControl
+    StandardsControl (..),
+    newStandardsControl,
+    standardsControl_controlId,
+    standardsControl_controlStatus,
+    standardsControl_controlStatusUpdatedAt,
+    standardsControl_description,
+    standardsControl_disabledReason,
+    standardsControl_relatedRequirements,
+    standardsControl_remediationUrl,
+    standardsControl_severityRating,
+    standardsControl_standardsControlArn,
+    standardsControl_title,
+
+    -- * StandardsManagedBy
+    StandardsManagedBy (..),
+    newStandardsManagedBy,
+    standardsManagedBy_company,
+    standardsManagedBy_product,
+
+    -- * StandardsStatusReason
+    StandardsStatusReason (..),
+    newStandardsStatusReason,
+    standardsStatusReason_statusReasonCode,
+
+    -- * StandardsSubscription
+    StandardsSubscription (..),
+    newStandardsSubscription,
+    standardsSubscription_standardsStatusReason,
+    standardsSubscription_standardsSubscriptionArn,
+    standardsSubscription_standardsArn,
+    standardsSubscription_standardsInput,
+    standardsSubscription_standardsStatus,
+
+    -- * StandardsSubscriptionRequest
+    StandardsSubscriptionRequest (..),
+    newStandardsSubscriptionRequest,
+    standardsSubscriptionRequest_standardsInput,
+    standardsSubscriptionRequest_standardsArn,
+
+    -- * StatelessCustomActionDefinition
+    StatelessCustomActionDefinition (..),
+    newStatelessCustomActionDefinition,
+    statelessCustomActionDefinition_publishMetricAction,
+
+    -- * StatelessCustomPublishMetricAction
+    StatelessCustomPublishMetricAction (..),
+    newStatelessCustomPublishMetricAction,
+    statelessCustomPublishMetricAction_dimensions,
+
+    -- * StatelessCustomPublishMetricActionDimension
+    StatelessCustomPublishMetricActionDimension (..),
+    newStatelessCustomPublishMetricActionDimension,
+    statelessCustomPublishMetricActionDimension_value,
+
+    -- * StatusReason
+    StatusReason (..),
+    newStatusReason,
+    statusReason_description,
+    statusReason_reasonCode,
+
+    -- * StringFilter
+    StringFilter (..),
+    newStringFilter,
+    stringFilter_comparison,
+    stringFilter_value,
+
+    -- * Threat
+    Threat (..),
+    newThreat,
+    threat_filePaths,
+    threat_itemCount,
+    threat_name,
+    threat_severity,
+
+    -- * ThreatIntelIndicator
+    ThreatIntelIndicator (..),
+    newThreatIntelIndicator,
+    threatIntelIndicator_category,
+    threatIntelIndicator_lastObservedAt,
+    threatIntelIndicator_source,
+    threatIntelIndicator_sourceUrl,
+    threatIntelIndicator_type,
+    threatIntelIndicator_value,
+
+    -- * VolumeMount
+    VolumeMount (..),
+    newVolumeMount,
+    volumeMount_mountPath,
+    volumeMount_name,
+
+    -- * VpcInfoCidrBlockSetDetails
+    VpcInfoCidrBlockSetDetails (..),
+    newVpcInfoCidrBlockSetDetails,
+    vpcInfoCidrBlockSetDetails_cidrBlock,
+
+    -- * VpcInfoIpv6CidrBlockSetDetails
+    VpcInfoIpv6CidrBlockSetDetails (..),
+    newVpcInfoIpv6CidrBlockSetDetails,
+    vpcInfoIpv6CidrBlockSetDetails_ipv6CidrBlock,
+
+    -- * VpcInfoPeeringOptionsDetails
+    VpcInfoPeeringOptionsDetails (..),
+    newVpcInfoPeeringOptionsDetails,
+    vpcInfoPeeringOptionsDetails_allowDnsResolutionFromRemoteVpc,
+    vpcInfoPeeringOptionsDetails_allowEgressFromLocalClassicLinkToRemoteVpc,
+    vpcInfoPeeringOptionsDetails_allowEgressFromLocalVpcToRemoteClassicLink,
+
+    -- * Vulnerability
+    Vulnerability (..),
+    newVulnerability,
+    vulnerability_cvss,
+    vulnerability_fixAvailable,
+    vulnerability_referenceUrls,
+    vulnerability_relatedVulnerabilities,
+    vulnerability_vendor,
+    vulnerability_vulnerablePackages,
+    vulnerability_id,
+
+    -- * VulnerabilityVendor
+    VulnerabilityVendor (..),
+    newVulnerabilityVendor,
+    vulnerabilityVendor_url,
+    vulnerabilityVendor_vendorCreatedAt,
+    vulnerabilityVendor_vendorSeverity,
+    vulnerabilityVendor_vendorUpdatedAt,
+    vulnerabilityVendor_name,
+
+    -- * WafAction
+    WafAction (..),
+    newWafAction,
+    wafAction_type,
+
+    -- * WafExcludedRule
+    WafExcludedRule (..),
+    newWafExcludedRule,
+    wafExcludedRule_ruleId,
+
+    -- * WafOverrideAction
+    WafOverrideAction (..),
+    newWafOverrideAction,
+    wafOverrideAction_type,
+
+    -- * Workflow
+    Workflow (..),
+    newWorkflow,
+    workflow_status,
+
+    -- * WorkflowUpdate
+    WorkflowUpdate (..),
+    newWorkflowUpdate,
+    workflowUpdate_status,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AccountDetails
+import Amazonka.SecurityHub.Types.Action
+import Amazonka.SecurityHub.Types.ActionLocalIpDetails
+import Amazonka.SecurityHub.Types.ActionLocalPortDetails
+import Amazonka.SecurityHub.Types.ActionRemoteIpDetails
+import Amazonka.SecurityHub.Types.ActionRemotePortDetails
+import Amazonka.SecurityHub.Types.ActionTarget
+import Amazonka.SecurityHub.Types.Adjustment
+import Amazonka.SecurityHub.Types.AdminAccount
+import Amazonka.SecurityHub.Types.AdminStatus
+import Amazonka.SecurityHub.Types.AutoEnableStandards
+import Amazonka.SecurityHub.Types.AvailabilityZone
+import Amazonka.SecurityHub.Types.AwsApiCallAction
+import Amazonka.SecurityHub.Types.AwsApiCallActionDomainDetails
+import Amazonka.SecurityHub.Types.AwsApiGatewayAccessLogSettings
+import Amazonka.SecurityHub.Types.AwsApiGatewayCanarySettings
+import Amazonka.SecurityHub.Types.AwsApiGatewayEndpointConfiguration
+import Amazonka.SecurityHub.Types.AwsApiGatewayMethodSettings
+import Amazonka.SecurityHub.Types.AwsApiGatewayRestApiDetails
+import Amazonka.SecurityHub.Types.AwsApiGatewayStageDetails
+import Amazonka.SecurityHub.Types.AwsApiGatewayV2ApiDetails
+import Amazonka.SecurityHub.Types.AwsApiGatewayV2RouteSettings
+import Amazonka.SecurityHub.Types.AwsApiGatewayV2StageDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationMetadataOptions
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanAdvancedBackupSettingsDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanBackupPlanDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanLifecycleDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanRuleCopyActionsDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanRuleDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupVaultDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupVaultNotificationsDetails
+import Amazonka.SecurityHub.Types.AwsBackupRecoveryPointCalculatedLifecycleDetails
+import Amazonka.SecurityHub.Types.AwsBackupRecoveryPointCreatedByDetails
+import Amazonka.SecurityHub.Types.AwsBackupRecoveryPointDetails
+import Amazonka.SecurityHub.Types.AwsBackupRecoveryPointLifecycleDetails
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateDetails
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateDomainValidationOption
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateExtendedKeyUsage
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateKeyUsage
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateOptions
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateRenewalSummary
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateResourceRecord
+import Amazonka.SecurityHub.Types.AwsCloudFormationStackDetails
+import Amazonka.SecurityHub.Types.AwsCloudFormationStackDriftInformationDetails
+import Amazonka.SecurityHub.Types.AwsCloudFormationStackOutputsDetails
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionCacheBehavior
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionCacheBehaviors
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionDefaultCacheBehavior
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionDetails
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionLogging
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginCustomOriginConfig
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroup
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroupFailover
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroupFailoverStatusCodes
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroups
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginItem
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginS3OriginConfig
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginSslProtocols
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOrigins
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionViewerCertificate
+import Amazonka.SecurityHub.Types.AwsCloudTrailTrailDetails
+import Amazonka.SecurityHub.Types.AwsCloudWatchAlarmDetails
+import Amazonka.SecurityHub.Types.AwsCloudWatchAlarmDimensionsDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectArtifactsDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironment
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironmentRegistryCredential
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigS3LogsDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectSource
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectVpcConfig
+import Amazonka.SecurityHub.Types.AwsCorsConfiguration
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableAttributeDefinition
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableBillingModeSummary
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableDetails
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableGlobalSecondaryIndex
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableKeySchema
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableLocalSecondaryIndex
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableProjection
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableProvisionedThroughput
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableProvisionedThroughputOverride
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableReplica
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableReplicaGlobalSecondaryIndex
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableRestoreSummary
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableSseDescription
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableStreamSpecification
+import Amazonka.SecurityHub.Types.AwsEc2EipDetails
+import Amazonka.SecurityHub.Types.AwsEc2InstanceDetails
+import Amazonka.SecurityHub.Types.AwsEc2InstanceMetadataOptions
+import Amazonka.SecurityHub.Types.AwsEc2InstanceNetworkInterfacesDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCpuOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCreditSpecificationDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataEnclaveOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataHibernationOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataIamInstanceProfileDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataLicenseSetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMaintenanceOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMetadataOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMonitoringDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataPlacementDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDetails
+import Amazonka.SecurityHub.Types.AwsEc2NetworkAclAssociation
+import Amazonka.SecurityHub.Types.AwsEc2NetworkAclDetails
+import Amazonka.SecurityHub.Types.AwsEc2NetworkAclEntry
+import Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceAttachment
+import Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceDetails
+import Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceIpV6AddressDetail
+import Amazonka.SecurityHub.Types.AwsEc2NetworkInterfacePrivateIpAddressDetail
+import Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceSecurityGroup
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupDetails
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpPermission
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpRange
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpv6Range
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupPrefixListId
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupUserIdGroupPair
+import Amazonka.SecurityHub.Types.AwsEc2SubnetDetails
+import Amazonka.SecurityHub.Types.AwsEc2TransitGatewayDetails
+import Amazonka.SecurityHub.Types.AwsEc2VolumeAttachment
+import Amazonka.SecurityHub.Types.AwsEc2VolumeDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcEndpointServiceDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcEndpointServiceServiceTypeDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionStatusDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionVpcInfoDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpnConnectionDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpnConnectionOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpnConnectionOptionsTunnelOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpnConnectionRoutesDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpnConnectionVgwTelemetryDetails
+import Amazonka.SecurityHub.Types.AwsEcrContainerImageDetails
+import Amazonka.SecurityHub.Types.AwsEcrRepositoryDetails
+import Amazonka.SecurityHub.Types.AwsEcrRepositoryImageScanningConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcrRepositoryLifecyclePolicyDetails
+import Amazonka.SecurityHub.Types.AwsEcsClusterClusterSettingsDetails
+import Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationExecuteCommandConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsClusterDefaultCapacityProviderStrategyDetails
+import Amazonka.SecurityHub.Types.AwsEcsClusterDetails
+import Amazonka.SecurityHub.Types.AwsEcsContainerDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceCapacityProviderStrategyDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentControllerDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceLoadBalancersDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceNetworkConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsServicePlacementConstraintsDetails
+import Amazonka.SecurityHub.Types.AwsEcsServicePlacementStrategiesDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceServiceRegistriesDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionInferenceAcceleratorsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionPlacementConstraintsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionProxyConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesHostDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskVolumeDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskVolumeHostDetails
+import Amazonka.SecurityHub.Types.AwsEfsAccessPointDetails
+import Amazonka.SecurityHub.Types.AwsEfsAccessPointPosixUserDetails
+import Amazonka.SecurityHub.Types.AwsEfsAccessPointRootDirectoryCreationInfoDetails
+import Amazonka.SecurityHub.Types.AwsEfsAccessPointRootDirectoryDetails
+import Amazonka.SecurityHub.Types.AwsEksClusterDetails
+import Amazonka.SecurityHub.Types.AwsEksClusterLoggingClusterLoggingDetails
+import Amazonka.SecurityHub.Types.AwsEksClusterLoggingDetails
+import Amazonka.SecurityHub.Types.AwsEksClusterResourcesVpcConfigDetails
+import Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentDetails
+import Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentEnvironmentLink
+import Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentOptionSetting
+import Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentTier
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainDetails
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainDomainEndpointOptions
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainElasticsearchClusterConfigDetails
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainEncryptionAtRestOptions
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainLogPublishingOptions
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainLogPublishingOptionsLogConfig
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainNodeToNodeEncryptionOptions
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainServiceSoftwareOptions
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainVPCOptions
+import Amazonka.SecurityHub.Types.AwsElbAppCookieStickinessPolicy
+import Amazonka.SecurityHub.Types.AwsElbLbCookieStickinessPolicy
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerAccessLog
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerAdditionalAttribute
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerAttributes
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerBackendServerDescription
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerConnectionDraining
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerConnectionSettings
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerCrossZoneLoadBalancing
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerDetails
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerHealthCheck
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerInstance
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerListener
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerListenerDescription
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerPolicies
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerSourceSecurityGroup
+import Amazonka.SecurityHub.Types.AwsElbv2LoadBalancerAttribute
+import Amazonka.SecurityHub.Types.AwsElbv2LoadBalancerDetails
+import Amazonka.SecurityHub.Types.AwsIamAccessKeyDetails
+import Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContext
+import Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContextAttributes
+import Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContextSessionIssuer
+import Amazonka.SecurityHub.Types.AwsIamAccessKeyStatus
+import Amazonka.SecurityHub.Types.AwsIamAttachedManagedPolicy
+import Amazonka.SecurityHub.Types.AwsIamGroupDetails
+import Amazonka.SecurityHub.Types.AwsIamGroupPolicy
+import Amazonka.SecurityHub.Types.AwsIamInstanceProfile
+import Amazonka.SecurityHub.Types.AwsIamInstanceProfileRole
+import Amazonka.SecurityHub.Types.AwsIamPermissionsBoundary
+import Amazonka.SecurityHub.Types.AwsIamPolicyDetails
+import Amazonka.SecurityHub.Types.AwsIamPolicyVersion
+import Amazonka.SecurityHub.Types.AwsIamRoleDetails
+import Amazonka.SecurityHub.Types.AwsIamRolePolicy
+import Amazonka.SecurityHub.Types.AwsIamUserDetails
+import Amazonka.SecurityHub.Types.AwsIamUserPolicy
+import Amazonka.SecurityHub.Types.AwsKinesisStreamDetails
+import Amazonka.SecurityHub.Types.AwsKinesisStreamStreamEncryptionDetails
+import Amazonka.SecurityHub.Types.AwsKmsKeyDetails
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionCode
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionDeadLetterConfig
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionDetails
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionEnvironment
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionEnvironmentError
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionLayer
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionTracingConfig
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionVpcConfig
+import Amazonka.SecurityHub.Types.AwsLambdaLayerVersionDetails
+import Amazonka.SecurityHub.Types.AwsMountPoint
+import Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallDetails
+import Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallPolicyDetails
+import Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallSubnetMappingsDetails
+import Amazonka.SecurityHub.Types.AwsNetworkFirewallRuleGroupDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainClusterConfigDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainDomainEndpointOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainLogPublishingOption
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainLogPublishingOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainMasterUserOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainVpcOptionsDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbClusterAssociatedRole
+import Amazonka.SecurityHub.Types.AwsRdsDbClusterDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbClusterMember
+import Amazonka.SecurityHub.Types.AwsRdsDbClusterOptionGroupMembership
+import Amazonka.SecurityHub.Types.AwsRdsDbClusterSnapshotDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbDomainMembership
+import Amazonka.SecurityHub.Types.AwsRdsDbInstanceAssociatedRole
+import Amazonka.SecurityHub.Types.AwsRdsDbInstanceDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbInstanceEndpoint
+import Amazonka.SecurityHub.Types.AwsRdsDbInstanceVpcSecurityGroup
+import Amazonka.SecurityHub.Types.AwsRdsDbOptionGroupMembership
+import Amazonka.SecurityHub.Types.AwsRdsDbParameterGroup
+import Amazonka.SecurityHub.Types.AwsRdsDbPendingModifiedValues
+import Amazonka.SecurityHub.Types.AwsRdsDbProcessorFeature
+import Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupEc2SecurityGroup
+import Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupIpRange
+import Amazonka.SecurityHub.Types.AwsRdsDbSnapshotDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbStatusInfo
+import Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroup
+import Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroupSubnet
+import Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroupSubnetAvailabilityZone
+import Amazonka.SecurityHub.Types.AwsRdsEventSubscriptionDetails
+import Amazonka.SecurityHub.Types.AwsRdsPendingCloudWatchLogsExports
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterNode
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterParameterGroup
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterParameterStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterSecurityGroup
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterSnapshotCopyStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterDeferredMaintenanceWindow
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterDetails
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterElasticIpStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterEndpoint
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterHsmStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterIamRole
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterLoggingStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterPendingModifiedValues
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterResizeInfo
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterRestoreStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterVpcSecurityGroup
+import Amazonka.SecurityHub.Types.AwsS3AccountPublicAccessBlockDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketVersioningConfiguration
+import Amazonka.SecurityHub.Types.AwsS3BucketDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketLoggingConfiguration
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfiguration
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationDetail
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationFilter
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilter
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilterRule
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilterRuleName
+import Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionByDefault
+import Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionConfiguration
+import Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionRule
+import Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfiguration
+import Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRedirectTo
+import Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRule
+import Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRuleCondition
+import Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRuleRedirect
+import Amazonka.SecurityHub.Types.AwsS3ObjectDetails
+import Amazonka.SecurityHub.Types.AwsSageMakerNotebookInstanceDetails
+import Amazonka.SecurityHub.Types.AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsSecretsManagerSecretDetails
+import Amazonka.SecurityHub.Types.AwsSecretsManagerSecretRotationRules
+import Amazonka.SecurityHub.Types.AwsSecurityFinding
+import Amazonka.SecurityHub.Types.AwsSecurityFindingFilters
+import Amazonka.SecurityHub.Types.AwsSecurityFindingIdentifier
+import Amazonka.SecurityHub.Types.AwsSnsTopicDetails
+import Amazonka.SecurityHub.Types.AwsSnsTopicSubscription
+import Amazonka.SecurityHub.Types.AwsSqsQueueDetails
+import Amazonka.SecurityHub.Types.AwsSsmComplianceSummary
+import Amazonka.SecurityHub.Types.AwsSsmPatch
+import Amazonka.SecurityHub.Types.AwsSsmPatchComplianceDetails
+import Amazonka.SecurityHub.Types.AwsWafRateBasedRuleDetails
+import Amazonka.SecurityHub.Types.AwsWafRateBasedRuleMatchPredicate
+import Amazonka.SecurityHub.Types.AwsWafRegionalRateBasedRuleDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalRateBasedRuleMatchPredicate
+import Amazonka.SecurityHub.Types.AwsWafRegionalRuleDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupRulesActionDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupRulesDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalRulePredicateListDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalWebAclDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListActionDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListOverrideActionDetails
+import Amazonka.SecurityHub.Types.AwsWafRuleDetails
+import Amazonka.SecurityHub.Types.AwsWafRuleGroupDetails
+import Amazonka.SecurityHub.Types.AwsWafRuleGroupRulesActionDetails
+import Amazonka.SecurityHub.Types.AwsWafRuleGroupRulesDetails
+import Amazonka.SecurityHub.Types.AwsWafRulePredicateListDetails
+import Amazonka.SecurityHub.Types.AwsWafWebAclDetails
+import Amazonka.SecurityHub.Types.AwsWafWebAclRule
+import Amazonka.SecurityHub.Types.AwsWafv2ActionAllowDetails
+import Amazonka.SecurityHub.Types.AwsWafv2ActionBlockDetails
+import Amazonka.SecurityHub.Types.AwsWafv2CustomHttpHeader
+import Amazonka.SecurityHub.Types.AwsWafv2CustomRequestHandlingDetails
+import Amazonka.SecurityHub.Types.AwsWafv2CustomResponseDetails
+import Amazonka.SecurityHub.Types.AwsWafv2RuleGroupDetails
+import Amazonka.SecurityHub.Types.AwsWafv2RulesActionCaptchaDetails
+import Amazonka.SecurityHub.Types.AwsWafv2RulesActionCountDetails
+import Amazonka.SecurityHub.Types.AwsWafv2RulesActionDetails
+import Amazonka.SecurityHub.Types.AwsWafv2RulesDetails
+import Amazonka.SecurityHub.Types.AwsWafv2VisibilityConfigDetails
+import Amazonka.SecurityHub.Types.AwsWafv2WebAclActionDetails
+import Amazonka.SecurityHub.Types.AwsWafv2WebAclCaptchaConfigDetails
+import Amazonka.SecurityHub.Types.AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails
+import Amazonka.SecurityHub.Types.AwsWafv2WebAclDetails
+import Amazonka.SecurityHub.Types.AwsXrayEncryptionConfigDetails
+import Amazonka.SecurityHub.Types.BatchUpdateFindingsUnprocessedFinding
+import Amazonka.SecurityHub.Types.BooleanFilter
+import Amazonka.SecurityHub.Types.Cell
+import Amazonka.SecurityHub.Types.CidrBlockAssociation
+import Amazonka.SecurityHub.Types.City
+import Amazonka.SecurityHub.Types.ClassificationResult
+import Amazonka.SecurityHub.Types.ClassificationStatus
+import Amazonka.SecurityHub.Types.Compliance
+import Amazonka.SecurityHub.Types.ComplianceStatus
+import Amazonka.SecurityHub.Types.ContainerDetails
+import Amazonka.SecurityHub.Types.ControlStatus
+import Amazonka.SecurityHub.Types.Country
+import Amazonka.SecurityHub.Types.CustomDataIdentifiersDetections
+import Amazonka.SecurityHub.Types.CustomDataIdentifiersResult
+import Amazonka.SecurityHub.Types.Cvss
+import Amazonka.SecurityHub.Types.DataClassificationDetails
+import Amazonka.SecurityHub.Types.DateFilter
+import Amazonka.SecurityHub.Types.DateRange
+import Amazonka.SecurityHub.Types.DateRangeUnit
+import Amazonka.SecurityHub.Types.DnsRequestAction
+import Amazonka.SecurityHub.Types.FilePaths
+import Amazonka.SecurityHub.Types.FindingAggregator
+import Amazonka.SecurityHub.Types.FindingProviderFields
+import Amazonka.SecurityHub.Types.FindingProviderSeverity
+import Amazonka.SecurityHub.Types.FirewallPolicyDetails
+import Amazonka.SecurityHub.Types.FirewallPolicyStatefulRuleGroupReferencesDetails
+import Amazonka.SecurityHub.Types.FirewallPolicyStatelessCustomActionsDetails
+import Amazonka.SecurityHub.Types.FirewallPolicyStatelessRuleGroupReferencesDetails
+import Amazonka.SecurityHub.Types.GeoLocation
+import Amazonka.SecurityHub.Types.IcmpTypeCode
+import Amazonka.SecurityHub.Types.ImportFindingsError
+import Amazonka.SecurityHub.Types.Insight
+import Amazonka.SecurityHub.Types.InsightResultValue
+import Amazonka.SecurityHub.Types.InsightResults
+import Amazonka.SecurityHub.Types.IntegrationType
+import Amazonka.SecurityHub.Types.Invitation
+import Amazonka.SecurityHub.Types.IpFilter
+import Amazonka.SecurityHub.Types.IpOrganizationDetails
+import Amazonka.SecurityHub.Types.Ipv6CidrBlockAssociation
+import Amazonka.SecurityHub.Types.KeywordFilter
+import Amazonka.SecurityHub.Types.LoadBalancerState
+import Amazonka.SecurityHub.Types.Malware
+import Amazonka.SecurityHub.Types.MalwareState
+import Amazonka.SecurityHub.Types.MalwareType
+import Amazonka.SecurityHub.Types.MapFilter
+import Amazonka.SecurityHub.Types.MapFilterComparison
+import Amazonka.SecurityHub.Types.Member
+import Amazonka.SecurityHub.Types.Network
+import Amazonka.SecurityHub.Types.NetworkConnectionAction
+import Amazonka.SecurityHub.Types.NetworkDirection
+import Amazonka.SecurityHub.Types.NetworkHeader
+import Amazonka.SecurityHub.Types.NetworkPathComponent
+import Amazonka.SecurityHub.Types.NetworkPathComponentDetails
+import Amazonka.SecurityHub.Types.Note
+import Amazonka.SecurityHub.Types.NoteUpdate
+import Amazonka.SecurityHub.Types.NumberFilter
+import Amazonka.SecurityHub.Types.Occurrences
+import Amazonka.SecurityHub.Types.Page
+import Amazonka.SecurityHub.Types.Partition
+import Amazonka.SecurityHub.Types.PatchSummary
+import Amazonka.SecurityHub.Types.PortProbeAction
+import Amazonka.SecurityHub.Types.PortProbeDetail
+import Amazonka.SecurityHub.Types.PortRange
+import Amazonka.SecurityHub.Types.PortRangeFromTo
+import Amazonka.SecurityHub.Types.ProcessDetails
+import Amazonka.SecurityHub.Types.Product
+import Amazonka.SecurityHub.Types.Range
+import Amazonka.SecurityHub.Types.Recommendation
+import Amazonka.SecurityHub.Types.Record
+import Amazonka.SecurityHub.Types.RecordState
+import Amazonka.SecurityHub.Types.RelatedFinding
+import Amazonka.SecurityHub.Types.Remediation
+import Amazonka.SecurityHub.Types.Resource
+import Amazonka.SecurityHub.Types.ResourceDetails
+import Amazonka.SecurityHub.Types.Result
+import Amazonka.SecurityHub.Types.RuleGroupDetails
+import Amazonka.SecurityHub.Types.RuleGroupSource
+import Amazonka.SecurityHub.Types.RuleGroupSourceCustomActionsDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceListDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesHeaderDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesOptionsDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleDefinition
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributes
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesDestinations
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesSources
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRulesAndCustomActionsDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRulesDetails
+import Amazonka.SecurityHub.Types.RuleGroupVariables
+import Amazonka.SecurityHub.Types.RuleGroupVariablesIpSetsDetails
+import Amazonka.SecurityHub.Types.RuleGroupVariablesPortSetsDetails
+import Amazonka.SecurityHub.Types.SensitiveDataDetections
+import Amazonka.SecurityHub.Types.SensitiveDataResult
+import Amazonka.SecurityHub.Types.Severity
+import Amazonka.SecurityHub.Types.SeverityLabel
+import Amazonka.SecurityHub.Types.SeverityRating
+import Amazonka.SecurityHub.Types.SeverityUpdate
+import Amazonka.SecurityHub.Types.SoftwarePackage
+import Amazonka.SecurityHub.Types.SortCriterion
+import Amazonka.SecurityHub.Types.SortOrder
+import Amazonka.SecurityHub.Types.Standard
+import Amazonka.SecurityHub.Types.StandardsControl
+import Amazonka.SecurityHub.Types.StandardsManagedBy
+import Amazonka.SecurityHub.Types.StandardsStatus
+import Amazonka.SecurityHub.Types.StandardsStatusReason
+import Amazonka.SecurityHub.Types.StandardsSubscription
+import Amazonka.SecurityHub.Types.StandardsSubscriptionRequest
+import Amazonka.SecurityHub.Types.StatelessCustomActionDefinition
+import Amazonka.SecurityHub.Types.StatelessCustomPublishMetricAction
+import Amazonka.SecurityHub.Types.StatelessCustomPublishMetricActionDimension
+import Amazonka.SecurityHub.Types.StatusReason
+import Amazonka.SecurityHub.Types.StatusReasonCode
+import Amazonka.SecurityHub.Types.StringFilter
+import Amazonka.SecurityHub.Types.StringFilterComparison
+import Amazonka.SecurityHub.Types.Threat
+import Amazonka.SecurityHub.Types.ThreatIntelIndicator
+import Amazonka.SecurityHub.Types.ThreatIntelIndicatorCategory
+import Amazonka.SecurityHub.Types.ThreatIntelIndicatorType
+import Amazonka.SecurityHub.Types.VerificationState
+import Amazonka.SecurityHub.Types.VolumeMount
+import Amazonka.SecurityHub.Types.VpcInfoCidrBlockSetDetails
+import Amazonka.SecurityHub.Types.VpcInfoIpv6CidrBlockSetDetails
+import Amazonka.SecurityHub.Types.VpcInfoPeeringOptionsDetails
+import Amazonka.SecurityHub.Types.Vulnerability
+import Amazonka.SecurityHub.Types.VulnerabilityFixAvailable
+import Amazonka.SecurityHub.Types.VulnerabilityVendor
+import Amazonka.SecurityHub.Types.WafAction
+import Amazonka.SecurityHub.Types.WafExcludedRule
+import Amazonka.SecurityHub.Types.WafOverrideAction
+import Amazonka.SecurityHub.Types.Workflow
+import Amazonka.SecurityHub.Types.WorkflowState
+import Amazonka.SecurityHub.Types.WorkflowStatus
+import Amazonka.SecurityHub.Types.WorkflowUpdate
+import qualified Amazonka.Sign.V4 as Sign
+
+-- | API version @2018-10-26@ of the Amazon SecurityHub SDK configuration.
+defaultService :: Core.Service
+defaultService =
+  Core.Service
+    { Core.abbrev = "SecurityHub",
+      Core.signer = Sign.v4,
+      Core.endpointPrefix = "securityhub",
+      Core.signingName = "securityhub",
+      Core.version = "2018-10-26",
+      Core.s3AddressingStyle = Core.S3AddressingStyleAuto,
+      Core.endpoint = Core.defaultEndpoint defaultService,
+      Core.timeout = Prelude.Just 70,
+      Core.check = Core.statusSuccess,
+      Core.error = Core.parseJSONError "SecurityHub",
+      Core.retry = retry
+    }
+  where
+    retry =
+      Core.Exponential
+        { Core.base = 5.0e-2,
+          Core.growth = 2,
+          Core.attempts = 5,
+          Core.check = check
+        }
+    check e
+      | Lens.has (Core.hasStatus 502) e =
+          Prelude.Just "bad_gateway"
+      | Lens.has (Core.hasStatus 504) e =
+          Prelude.Just "gateway_timeout"
+      | Lens.has (Core.hasStatus 500) e =
+          Prelude.Just "general_server_error"
+      | Lens.has (Core.hasStatus 509) e =
+          Prelude.Just "limit_exceeded"
+      | Lens.has
+          ( Core.hasCode "RequestThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "request_throttled_exception"
+      | Lens.has (Core.hasStatus 503) e =
+          Prelude.Just "service_unavailable"
+      | Lens.has
+          ( Core.hasCode "ThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttled_exception"
+      | Lens.has
+          ( Core.hasCode "Throttling"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling"
+      | Lens.has
+          ( Core.hasCode "ThrottlingException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling_exception"
+      | Lens.has
+          ( Core.hasCode
+              "ProvisionedThroughputExceededException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throughput_exceeded"
+      | Lens.has (Core.hasStatus 429) e =
+          Prelude.Just "too_many_requests"
+      | Prelude.otherwise = Prelude.Nothing
+
+-- | You don\'t have permission to perform the action specified in the
+-- request.
+_AccessDeniedException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_AccessDeniedException =
+  Core._MatchServiceError
+    defaultService
+    "AccessDeniedException"
+    Prelude.. Core.hasStatus 403
+
+-- | Internal server error.
+_InternalException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InternalException =
+  Core._MatchServiceError
+    defaultService
+    "InternalException"
+    Prelude.. Core.hasStatus 500
+
+-- | The account doesn\'t have permission to perform this action.
+_InvalidAccessException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidAccessException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidAccessException"
+    Prelude.. Core.hasStatus 401
+
+-- | The request was rejected because you supplied an invalid or out-of-range
+-- value for an input parameter.
+_InvalidInputException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidInputException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidInputException"
+    Prelude.. Core.hasStatus 400
+
+-- | The request was rejected because it attempted to create resources beyond
+-- the current Amazon Web Services account or throttling limits. The error
+-- code describes the limit exceeded.
+_LimitExceededException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_LimitExceededException =
+  Core._MatchServiceError
+    defaultService
+    "LimitExceededException"
+    Prelude.. Core.hasStatus 429
+
+-- | The resource specified in the request conflicts with an existing
+-- resource.
+_ResourceConflictException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ResourceConflictException =
+  Core._MatchServiceError
+    defaultService
+    "ResourceConflictException"
+    Prelude.. Core.hasStatus 409
+
+-- | The request was rejected because we can\'t find the specified resource.
+_ResourceNotFoundException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ResourceNotFoundException =
+  Core._MatchServiceError
+    defaultService
+    "ResourceNotFoundException"
+    Prelude.. Core.hasStatus 404
diff --git a/gen/Amazonka/SecurityHub/Types/AccountDetails.hs b/gen/Amazonka/SecurityHub/Types/AccountDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AccountDetails.hs
@@ -0,0 +1,85 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AccountDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AccountDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The details of an Amazon Web Services account.
+--
+-- /See:/ 'newAccountDetails' smart constructor.
+data AccountDetails = AccountDetails'
+  { -- | The email of an Amazon Web Services account.
+    email :: Prelude.Maybe Prelude.Text,
+    -- | The ID of an Amazon Web Services account.
+    accountId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccountDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'email', 'accountDetails_email' - The email of an Amazon Web Services account.
+--
+-- 'accountId', 'accountDetails_accountId' - The ID of an Amazon Web Services account.
+newAccountDetails ::
+  -- | 'accountId'
+  Prelude.Text ->
+  AccountDetails
+newAccountDetails pAccountId_ =
+  AccountDetails'
+    { email = Prelude.Nothing,
+      accountId = pAccountId_
+    }
+
+-- | The email of an Amazon Web Services account.
+accountDetails_email :: Lens.Lens' AccountDetails (Prelude.Maybe Prelude.Text)
+accountDetails_email = Lens.lens (\AccountDetails' {email} -> email) (\s@AccountDetails' {} a -> s {email = a} :: AccountDetails)
+
+-- | The ID of an Amazon Web Services account.
+accountDetails_accountId :: Lens.Lens' AccountDetails Prelude.Text
+accountDetails_accountId = Lens.lens (\AccountDetails' {accountId} -> accountId) (\s@AccountDetails' {} a -> s {accountId = a} :: AccountDetails)
+
+instance Prelude.Hashable AccountDetails where
+  hashWithSalt _salt AccountDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` email
+      `Prelude.hashWithSalt` accountId
+
+instance Prelude.NFData AccountDetails where
+  rnf AccountDetails' {..} =
+    Prelude.rnf email
+      `Prelude.seq` Prelude.rnf accountId
+
+instance Data.ToJSON AccountDetails where
+  toJSON AccountDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Email" Data..=) Prelude.<$> email,
+            Prelude.Just ("AccountId" Data..= accountId)
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Action.hs b/gen/Amazonka/SecurityHub/Types/Action.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Action.hs
@@ -0,0 +1,185 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Action
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Action where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsApiCallAction
+import Amazonka.SecurityHub.Types.DnsRequestAction
+import Amazonka.SecurityHub.Types.NetworkConnectionAction
+import Amazonka.SecurityHub.Types.PortProbeAction
+
+-- | Provides details about one of the following actions that affects or that
+-- was taken on a resource:
+--
+-- -   A remote IP address issued an Amazon Web Services API call
+--
+-- -   A DNS request was received
+--
+-- -   A remote IP address attempted to connect to an EC2 instance
+--
+-- -   A remote IP address attempted a port probe on an EC2 instance
+--
+-- /See:/ 'newAction' smart constructor.
+data Action = Action'
+  { -- | The type of action that was detected. The possible action types are:
+    --
+    -- -   @NETWORK_CONNECTION@
+    --
+    -- -   @AWS_API_CALL@
+    --
+    -- -   @DNS_REQUEST@
+    --
+    -- -   @PORT_PROBE@
+    actionType :: Prelude.Maybe Prelude.Text,
+    -- | Included if @ActionType@ is @AWS_API_CALL@. Provides details about the
+    -- API call that was detected.
+    awsApiCallAction :: Prelude.Maybe AwsApiCallAction,
+    -- | Included if @ActionType@ is @DNS_REQUEST@. Provides details about the
+    -- DNS request that was detected.
+    dnsRequestAction :: Prelude.Maybe DnsRequestAction,
+    -- | Included if @ActionType@ is @NETWORK_CONNECTION@. Provides details about
+    -- the network connection that was detected.
+    networkConnectionAction :: Prelude.Maybe NetworkConnectionAction,
+    -- | Included if @ActionType@ is @PORT_PROBE@. Provides details about the
+    -- port probe that was detected.
+    portProbeAction :: Prelude.Maybe PortProbeAction
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Action' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'actionType', 'action_actionType' - The type of action that was detected. The possible action types are:
+--
+-- -   @NETWORK_CONNECTION@
+--
+-- -   @AWS_API_CALL@
+--
+-- -   @DNS_REQUEST@
+--
+-- -   @PORT_PROBE@
+--
+-- 'awsApiCallAction', 'action_awsApiCallAction' - Included if @ActionType@ is @AWS_API_CALL@. Provides details about the
+-- API call that was detected.
+--
+-- 'dnsRequestAction', 'action_dnsRequestAction' - Included if @ActionType@ is @DNS_REQUEST@. Provides details about the
+-- DNS request that was detected.
+--
+-- 'networkConnectionAction', 'action_networkConnectionAction' - Included if @ActionType@ is @NETWORK_CONNECTION@. Provides details about
+-- the network connection that was detected.
+--
+-- 'portProbeAction', 'action_portProbeAction' - Included if @ActionType@ is @PORT_PROBE@. Provides details about the
+-- port probe that was detected.
+newAction ::
+  Action
+newAction =
+  Action'
+    { actionType = Prelude.Nothing,
+      awsApiCallAction = Prelude.Nothing,
+      dnsRequestAction = Prelude.Nothing,
+      networkConnectionAction = Prelude.Nothing,
+      portProbeAction = Prelude.Nothing
+    }
+
+-- | The type of action that was detected. The possible action types are:
+--
+-- -   @NETWORK_CONNECTION@
+--
+-- -   @AWS_API_CALL@
+--
+-- -   @DNS_REQUEST@
+--
+-- -   @PORT_PROBE@
+action_actionType :: Lens.Lens' Action (Prelude.Maybe Prelude.Text)
+action_actionType = Lens.lens (\Action' {actionType} -> actionType) (\s@Action' {} a -> s {actionType = a} :: Action)
+
+-- | Included if @ActionType@ is @AWS_API_CALL@. Provides details about the
+-- API call that was detected.
+action_awsApiCallAction :: Lens.Lens' Action (Prelude.Maybe AwsApiCallAction)
+action_awsApiCallAction = Lens.lens (\Action' {awsApiCallAction} -> awsApiCallAction) (\s@Action' {} a -> s {awsApiCallAction = a} :: Action)
+
+-- | Included if @ActionType@ is @DNS_REQUEST@. Provides details about the
+-- DNS request that was detected.
+action_dnsRequestAction :: Lens.Lens' Action (Prelude.Maybe DnsRequestAction)
+action_dnsRequestAction = Lens.lens (\Action' {dnsRequestAction} -> dnsRequestAction) (\s@Action' {} a -> s {dnsRequestAction = a} :: Action)
+
+-- | Included if @ActionType@ is @NETWORK_CONNECTION@. Provides details about
+-- the network connection that was detected.
+action_networkConnectionAction :: Lens.Lens' Action (Prelude.Maybe NetworkConnectionAction)
+action_networkConnectionAction = Lens.lens (\Action' {networkConnectionAction} -> networkConnectionAction) (\s@Action' {} a -> s {networkConnectionAction = a} :: Action)
+
+-- | Included if @ActionType@ is @PORT_PROBE@. Provides details about the
+-- port probe that was detected.
+action_portProbeAction :: Lens.Lens' Action (Prelude.Maybe PortProbeAction)
+action_portProbeAction = Lens.lens (\Action' {portProbeAction} -> portProbeAction) (\s@Action' {} a -> s {portProbeAction = a} :: Action)
+
+instance Data.FromJSON Action where
+  parseJSON =
+    Data.withObject
+      "Action"
+      ( \x ->
+          Action'
+            Prelude.<$> (x Data..:? "ActionType")
+            Prelude.<*> (x Data..:? "AwsApiCallAction")
+            Prelude.<*> (x Data..:? "DnsRequestAction")
+            Prelude.<*> (x Data..:? "NetworkConnectionAction")
+            Prelude.<*> (x Data..:? "PortProbeAction")
+      )
+
+instance Prelude.Hashable Action where
+  hashWithSalt _salt Action' {..} =
+    _salt
+      `Prelude.hashWithSalt` actionType
+      `Prelude.hashWithSalt` awsApiCallAction
+      `Prelude.hashWithSalt` dnsRequestAction
+      `Prelude.hashWithSalt` networkConnectionAction
+      `Prelude.hashWithSalt` portProbeAction
+
+instance Prelude.NFData Action where
+  rnf Action' {..} =
+    Prelude.rnf actionType
+      `Prelude.seq` Prelude.rnf awsApiCallAction
+      `Prelude.seq` Prelude.rnf dnsRequestAction
+      `Prelude.seq` Prelude.rnf networkConnectionAction
+      `Prelude.seq` Prelude.rnf portProbeAction
+
+instance Data.ToJSON Action where
+  toJSON Action' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ActionType" Data..=) Prelude.<$> actionType,
+            ("AwsApiCallAction" Data..=)
+              Prelude.<$> awsApiCallAction,
+            ("DnsRequestAction" Data..=)
+              Prelude.<$> dnsRequestAction,
+            ("NetworkConnectionAction" Data..=)
+              Prelude.<$> networkConnectionAction,
+            ("PortProbeAction" Data..=)
+              Prelude.<$> portProbeAction
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/ActionLocalIpDetails.hs b/gen/Amazonka/SecurityHub/Types/ActionLocalIpDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ActionLocalIpDetails.hs
@@ -0,0 +1,80 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ActionLocalIpDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ActionLocalIpDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about the IP address where the scanned port is
+-- located.
+--
+-- /See:/ 'newActionLocalIpDetails' smart constructor.
+data ActionLocalIpDetails = ActionLocalIpDetails'
+  { -- | The IP address.
+    ipAddressV4 :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ActionLocalIpDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ipAddressV4', 'actionLocalIpDetails_ipAddressV4' - The IP address.
+newActionLocalIpDetails ::
+  ActionLocalIpDetails
+newActionLocalIpDetails =
+  ActionLocalIpDetails'
+    { ipAddressV4 =
+        Prelude.Nothing
+    }
+
+-- | The IP address.
+actionLocalIpDetails_ipAddressV4 :: Lens.Lens' ActionLocalIpDetails (Prelude.Maybe Prelude.Text)
+actionLocalIpDetails_ipAddressV4 = Lens.lens (\ActionLocalIpDetails' {ipAddressV4} -> ipAddressV4) (\s@ActionLocalIpDetails' {} a -> s {ipAddressV4 = a} :: ActionLocalIpDetails)
+
+instance Data.FromJSON ActionLocalIpDetails where
+  parseJSON =
+    Data.withObject
+      "ActionLocalIpDetails"
+      ( \x ->
+          ActionLocalIpDetails'
+            Prelude.<$> (x Data..:? "IpAddressV4")
+      )
+
+instance Prelude.Hashable ActionLocalIpDetails where
+  hashWithSalt _salt ActionLocalIpDetails' {..} =
+    _salt `Prelude.hashWithSalt` ipAddressV4
+
+instance Prelude.NFData ActionLocalIpDetails where
+  rnf ActionLocalIpDetails' {..} =
+    Prelude.rnf ipAddressV4
+
+instance Data.ToJSON ActionLocalIpDetails where
+  toJSON ActionLocalIpDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("IpAddressV4" Data..=) Prelude.<$> ipAddressV4]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/ActionLocalPortDetails.hs b/gen/Amazonka/SecurityHub/Types/ActionLocalPortDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ActionLocalPortDetails.hs
@@ -0,0 +1,94 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ActionLocalPortDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ActionLocalPortDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | For @NetworkConnectionAction@ and @PortProbeDetails@, @LocalPortDetails@
+-- provides information about the local port that was involved in the
+-- action.
+--
+-- /See:/ 'newActionLocalPortDetails' smart constructor.
+data ActionLocalPortDetails = ActionLocalPortDetails'
+  { -- | The number of the port.
+    port :: Prelude.Maybe Prelude.Int,
+    -- | The port name of the local connection.
+    portName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ActionLocalPortDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'port', 'actionLocalPortDetails_port' - The number of the port.
+--
+-- 'portName', 'actionLocalPortDetails_portName' - The port name of the local connection.
+newActionLocalPortDetails ::
+  ActionLocalPortDetails
+newActionLocalPortDetails =
+  ActionLocalPortDetails'
+    { port = Prelude.Nothing,
+      portName = Prelude.Nothing
+    }
+
+-- | The number of the port.
+actionLocalPortDetails_port :: Lens.Lens' ActionLocalPortDetails (Prelude.Maybe Prelude.Int)
+actionLocalPortDetails_port = Lens.lens (\ActionLocalPortDetails' {port} -> port) (\s@ActionLocalPortDetails' {} a -> s {port = a} :: ActionLocalPortDetails)
+
+-- | The port name of the local connection.
+actionLocalPortDetails_portName :: Lens.Lens' ActionLocalPortDetails (Prelude.Maybe Prelude.Text)
+actionLocalPortDetails_portName = Lens.lens (\ActionLocalPortDetails' {portName} -> portName) (\s@ActionLocalPortDetails' {} a -> s {portName = a} :: ActionLocalPortDetails)
+
+instance Data.FromJSON ActionLocalPortDetails where
+  parseJSON =
+    Data.withObject
+      "ActionLocalPortDetails"
+      ( \x ->
+          ActionLocalPortDetails'
+            Prelude.<$> (x Data..:? "Port")
+            Prelude.<*> (x Data..:? "PortName")
+      )
+
+instance Prelude.Hashable ActionLocalPortDetails where
+  hashWithSalt _salt ActionLocalPortDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` port
+      `Prelude.hashWithSalt` portName
+
+instance Prelude.NFData ActionLocalPortDetails where
+  rnf ActionLocalPortDetails' {..} =
+    Prelude.rnf port `Prelude.seq` Prelude.rnf portName
+
+instance Data.ToJSON ActionLocalPortDetails where
+  toJSON ActionLocalPortDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Port" Data..=) Prelude.<$> port,
+            ("PortName" Data..=) Prelude.<$> portName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/ActionRemoteIpDetails.hs b/gen/Amazonka/SecurityHub/Types/ActionRemoteIpDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ActionRemoteIpDetails.hs
@@ -0,0 +1,141 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ActionRemoteIpDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ActionRemoteIpDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.City
+import Amazonka.SecurityHub.Types.Country
+import Amazonka.SecurityHub.Types.GeoLocation
+import Amazonka.SecurityHub.Types.IpOrganizationDetails
+
+-- | For @AwsApiAction@, @NetworkConnectionAction@, and @PortProbeAction@,
+-- @RemoteIpDetails@ provides information about the remote IP address that
+-- was involved in the action.
+--
+-- /See:/ 'newActionRemoteIpDetails' smart constructor.
+data ActionRemoteIpDetails = ActionRemoteIpDetails'
+  { -- | The city where the remote IP address is located.
+    city :: Prelude.Maybe City,
+    -- | The country where the remote IP address is located.
+    country :: Prelude.Maybe Country,
+    -- | The coordinates of the location of the remote IP address.
+    geoLocation :: Prelude.Maybe GeoLocation,
+    -- | The IP address.
+    ipAddressV4 :: Prelude.Maybe Prelude.Text,
+    -- | The internet service provider (ISP) organization associated with the
+    -- remote IP address.
+    organization :: Prelude.Maybe IpOrganizationDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ActionRemoteIpDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'city', 'actionRemoteIpDetails_city' - The city where the remote IP address is located.
+--
+-- 'country', 'actionRemoteIpDetails_country' - The country where the remote IP address is located.
+--
+-- 'geoLocation', 'actionRemoteIpDetails_geoLocation' - The coordinates of the location of the remote IP address.
+--
+-- 'ipAddressV4', 'actionRemoteIpDetails_ipAddressV4' - The IP address.
+--
+-- 'organization', 'actionRemoteIpDetails_organization' - The internet service provider (ISP) organization associated with the
+-- remote IP address.
+newActionRemoteIpDetails ::
+  ActionRemoteIpDetails
+newActionRemoteIpDetails =
+  ActionRemoteIpDetails'
+    { city = Prelude.Nothing,
+      country = Prelude.Nothing,
+      geoLocation = Prelude.Nothing,
+      ipAddressV4 = Prelude.Nothing,
+      organization = Prelude.Nothing
+    }
+
+-- | The city where the remote IP address is located.
+actionRemoteIpDetails_city :: Lens.Lens' ActionRemoteIpDetails (Prelude.Maybe City)
+actionRemoteIpDetails_city = Lens.lens (\ActionRemoteIpDetails' {city} -> city) (\s@ActionRemoteIpDetails' {} a -> s {city = a} :: ActionRemoteIpDetails)
+
+-- | The country where the remote IP address is located.
+actionRemoteIpDetails_country :: Lens.Lens' ActionRemoteIpDetails (Prelude.Maybe Country)
+actionRemoteIpDetails_country = Lens.lens (\ActionRemoteIpDetails' {country} -> country) (\s@ActionRemoteIpDetails' {} a -> s {country = a} :: ActionRemoteIpDetails)
+
+-- | The coordinates of the location of the remote IP address.
+actionRemoteIpDetails_geoLocation :: Lens.Lens' ActionRemoteIpDetails (Prelude.Maybe GeoLocation)
+actionRemoteIpDetails_geoLocation = Lens.lens (\ActionRemoteIpDetails' {geoLocation} -> geoLocation) (\s@ActionRemoteIpDetails' {} a -> s {geoLocation = a} :: ActionRemoteIpDetails)
+
+-- | The IP address.
+actionRemoteIpDetails_ipAddressV4 :: Lens.Lens' ActionRemoteIpDetails (Prelude.Maybe Prelude.Text)
+actionRemoteIpDetails_ipAddressV4 = Lens.lens (\ActionRemoteIpDetails' {ipAddressV4} -> ipAddressV4) (\s@ActionRemoteIpDetails' {} a -> s {ipAddressV4 = a} :: ActionRemoteIpDetails)
+
+-- | The internet service provider (ISP) organization associated with the
+-- remote IP address.
+actionRemoteIpDetails_organization :: Lens.Lens' ActionRemoteIpDetails (Prelude.Maybe IpOrganizationDetails)
+actionRemoteIpDetails_organization = Lens.lens (\ActionRemoteIpDetails' {organization} -> organization) (\s@ActionRemoteIpDetails' {} a -> s {organization = a} :: ActionRemoteIpDetails)
+
+instance Data.FromJSON ActionRemoteIpDetails where
+  parseJSON =
+    Data.withObject
+      "ActionRemoteIpDetails"
+      ( \x ->
+          ActionRemoteIpDetails'
+            Prelude.<$> (x Data..:? "City")
+            Prelude.<*> (x Data..:? "Country")
+            Prelude.<*> (x Data..:? "GeoLocation")
+            Prelude.<*> (x Data..:? "IpAddressV4")
+            Prelude.<*> (x Data..:? "Organization")
+      )
+
+instance Prelude.Hashable ActionRemoteIpDetails where
+  hashWithSalt _salt ActionRemoteIpDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` city
+      `Prelude.hashWithSalt` country
+      `Prelude.hashWithSalt` geoLocation
+      `Prelude.hashWithSalt` ipAddressV4
+      `Prelude.hashWithSalt` organization
+
+instance Prelude.NFData ActionRemoteIpDetails where
+  rnf ActionRemoteIpDetails' {..} =
+    Prelude.rnf city
+      `Prelude.seq` Prelude.rnf country
+      `Prelude.seq` Prelude.rnf geoLocation
+      `Prelude.seq` Prelude.rnf ipAddressV4
+      `Prelude.seq` Prelude.rnf organization
+
+instance Data.ToJSON ActionRemoteIpDetails where
+  toJSON ActionRemoteIpDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("City" Data..=) Prelude.<$> city,
+            ("Country" Data..=) Prelude.<$> country,
+            ("GeoLocation" Data..=) Prelude.<$> geoLocation,
+            ("IpAddressV4" Data..=) Prelude.<$> ipAddressV4,
+            ("Organization" Data..=) Prelude.<$> organization
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/ActionRemotePortDetails.hs b/gen/Amazonka/SecurityHub/Types/ActionRemotePortDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ActionRemotePortDetails.hs
@@ -0,0 +1,93 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ActionRemotePortDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ActionRemotePortDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about the remote port that was involved in an
+-- attempted network connection.
+--
+-- /See:/ 'newActionRemotePortDetails' smart constructor.
+data ActionRemotePortDetails = ActionRemotePortDetails'
+  { -- | The number of the port.
+    port :: Prelude.Maybe Prelude.Int,
+    -- | The port name of the remote connection.
+    portName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ActionRemotePortDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'port', 'actionRemotePortDetails_port' - The number of the port.
+--
+-- 'portName', 'actionRemotePortDetails_portName' - The port name of the remote connection.
+newActionRemotePortDetails ::
+  ActionRemotePortDetails
+newActionRemotePortDetails =
+  ActionRemotePortDetails'
+    { port = Prelude.Nothing,
+      portName = Prelude.Nothing
+    }
+
+-- | The number of the port.
+actionRemotePortDetails_port :: Lens.Lens' ActionRemotePortDetails (Prelude.Maybe Prelude.Int)
+actionRemotePortDetails_port = Lens.lens (\ActionRemotePortDetails' {port} -> port) (\s@ActionRemotePortDetails' {} a -> s {port = a} :: ActionRemotePortDetails)
+
+-- | The port name of the remote connection.
+actionRemotePortDetails_portName :: Lens.Lens' ActionRemotePortDetails (Prelude.Maybe Prelude.Text)
+actionRemotePortDetails_portName = Lens.lens (\ActionRemotePortDetails' {portName} -> portName) (\s@ActionRemotePortDetails' {} a -> s {portName = a} :: ActionRemotePortDetails)
+
+instance Data.FromJSON ActionRemotePortDetails where
+  parseJSON =
+    Data.withObject
+      "ActionRemotePortDetails"
+      ( \x ->
+          ActionRemotePortDetails'
+            Prelude.<$> (x Data..:? "Port")
+            Prelude.<*> (x Data..:? "PortName")
+      )
+
+instance Prelude.Hashable ActionRemotePortDetails where
+  hashWithSalt _salt ActionRemotePortDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` port
+      `Prelude.hashWithSalt` portName
+
+instance Prelude.NFData ActionRemotePortDetails where
+  rnf ActionRemotePortDetails' {..} =
+    Prelude.rnf port `Prelude.seq` Prelude.rnf portName
+
+instance Data.ToJSON ActionRemotePortDetails where
+  toJSON ActionRemotePortDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Port" Data..=) Prelude.<$> port,
+            ("PortName" Data..=) Prelude.<$> portName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/ActionTarget.hs b/gen/Amazonka/SecurityHub/Types/ActionTarget.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ActionTarget.hs
@@ -0,0 +1,105 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ActionTarget
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ActionTarget where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An @ActionTarget@ object.
+--
+-- /See:/ 'newActionTarget' smart constructor.
+data ActionTarget = ActionTarget'
+  { -- | The ARN for the target action.
+    actionTargetArn :: Prelude.Text,
+    -- | The name of the action target.
+    name :: Prelude.Text,
+    -- | The description of the target action.
+    description :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ActionTarget' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'actionTargetArn', 'actionTarget_actionTargetArn' - The ARN for the target action.
+--
+-- 'name', 'actionTarget_name' - The name of the action target.
+--
+-- 'description', 'actionTarget_description' - The description of the target action.
+newActionTarget ::
+  -- | 'actionTargetArn'
+  Prelude.Text ->
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'description'
+  Prelude.Text ->
+  ActionTarget
+newActionTarget
+  pActionTargetArn_
+  pName_
+  pDescription_ =
+    ActionTarget'
+      { actionTargetArn = pActionTargetArn_,
+        name = pName_,
+        description = pDescription_
+      }
+
+-- | The ARN for the target action.
+actionTarget_actionTargetArn :: Lens.Lens' ActionTarget Prelude.Text
+actionTarget_actionTargetArn = Lens.lens (\ActionTarget' {actionTargetArn} -> actionTargetArn) (\s@ActionTarget' {} a -> s {actionTargetArn = a} :: ActionTarget)
+
+-- | The name of the action target.
+actionTarget_name :: Lens.Lens' ActionTarget Prelude.Text
+actionTarget_name = Lens.lens (\ActionTarget' {name} -> name) (\s@ActionTarget' {} a -> s {name = a} :: ActionTarget)
+
+-- | The description of the target action.
+actionTarget_description :: Lens.Lens' ActionTarget Prelude.Text
+actionTarget_description = Lens.lens (\ActionTarget' {description} -> description) (\s@ActionTarget' {} a -> s {description = a} :: ActionTarget)
+
+instance Data.FromJSON ActionTarget where
+  parseJSON =
+    Data.withObject
+      "ActionTarget"
+      ( \x ->
+          ActionTarget'
+            Prelude.<$> (x Data..: "ActionTargetArn")
+            Prelude.<*> (x Data..: "Name")
+            Prelude.<*> (x Data..: "Description")
+      )
+
+instance Prelude.Hashable ActionTarget where
+  hashWithSalt _salt ActionTarget' {..} =
+    _salt
+      `Prelude.hashWithSalt` actionTargetArn
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` description
+
+instance Prelude.NFData ActionTarget where
+  rnf ActionTarget' {..} =
+    Prelude.rnf actionTargetArn
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf description
diff --git a/gen/Amazonka/SecurityHub/Types/Adjustment.hs b/gen/Amazonka/SecurityHub/Types/Adjustment.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Adjustment.hs
@@ -0,0 +1,92 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Adjustment
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Adjustment where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An adjustment to the CVSS metric.
+--
+-- /See:/ 'newAdjustment' smart constructor.
+data Adjustment = Adjustment'
+  { -- | The metric to adjust.
+    metric :: Prelude.Maybe Prelude.Text,
+    -- | The reason for the adjustment.
+    reason :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Adjustment' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'metric', 'adjustment_metric' - The metric to adjust.
+--
+-- 'reason', 'adjustment_reason' - The reason for the adjustment.
+newAdjustment ::
+  Adjustment
+newAdjustment =
+  Adjustment'
+    { metric = Prelude.Nothing,
+      reason = Prelude.Nothing
+    }
+
+-- | The metric to adjust.
+adjustment_metric :: Lens.Lens' Adjustment (Prelude.Maybe Prelude.Text)
+adjustment_metric = Lens.lens (\Adjustment' {metric} -> metric) (\s@Adjustment' {} a -> s {metric = a} :: Adjustment)
+
+-- | The reason for the adjustment.
+adjustment_reason :: Lens.Lens' Adjustment (Prelude.Maybe Prelude.Text)
+adjustment_reason = Lens.lens (\Adjustment' {reason} -> reason) (\s@Adjustment' {} a -> s {reason = a} :: Adjustment)
+
+instance Data.FromJSON Adjustment where
+  parseJSON =
+    Data.withObject
+      "Adjustment"
+      ( \x ->
+          Adjustment'
+            Prelude.<$> (x Data..:? "Metric")
+            Prelude.<*> (x Data..:? "Reason")
+      )
+
+instance Prelude.Hashable Adjustment where
+  hashWithSalt _salt Adjustment' {..} =
+    _salt
+      `Prelude.hashWithSalt` metric
+      `Prelude.hashWithSalt` reason
+
+instance Prelude.NFData Adjustment where
+  rnf Adjustment' {..} =
+    Prelude.rnf metric `Prelude.seq` Prelude.rnf reason
+
+instance Data.ToJSON Adjustment where
+  toJSON Adjustment' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Metric" Data..=) Prelude.<$> metric,
+            ("Reason" Data..=) Prelude.<$> reason
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AdminAccount.hs b/gen/Amazonka/SecurityHub/Types/AdminAccount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AdminAccount.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AdminAccount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AdminAccount where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AdminStatus
+
+-- | Represents a Security Hub administrator account designated by an
+-- organization management account.
+--
+-- /See:/ 'newAdminAccount' smart constructor.
+data AdminAccount = AdminAccount'
+  { -- | The Amazon Web Services account identifier of the Security Hub
+    -- administrator account.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | The current status of the Security Hub administrator account. Indicates
+    -- whether the account is currently enabled as a Security Hub
+    -- administrator.
+    status :: Prelude.Maybe AdminStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AdminAccount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'adminAccount_accountId' - The Amazon Web Services account identifier of the Security Hub
+-- administrator account.
+--
+-- 'status', 'adminAccount_status' - The current status of the Security Hub administrator account. Indicates
+-- whether the account is currently enabled as a Security Hub
+-- administrator.
+newAdminAccount ::
+  AdminAccount
+newAdminAccount =
+  AdminAccount'
+    { accountId = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The Amazon Web Services account identifier of the Security Hub
+-- administrator account.
+adminAccount_accountId :: Lens.Lens' AdminAccount (Prelude.Maybe Prelude.Text)
+adminAccount_accountId = Lens.lens (\AdminAccount' {accountId} -> accountId) (\s@AdminAccount' {} a -> s {accountId = a} :: AdminAccount)
+
+-- | The current status of the Security Hub administrator account. Indicates
+-- whether the account is currently enabled as a Security Hub
+-- administrator.
+adminAccount_status :: Lens.Lens' AdminAccount (Prelude.Maybe AdminStatus)
+adminAccount_status = Lens.lens (\AdminAccount' {status} -> status) (\s@AdminAccount' {} a -> s {status = a} :: AdminAccount)
+
+instance Data.FromJSON AdminAccount where
+  parseJSON =
+    Data.withObject
+      "AdminAccount"
+      ( \x ->
+          AdminAccount'
+            Prelude.<$> (x Data..:? "AccountId")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance Prelude.Hashable AdminAccount where
+  hashWithSalt _salt AdminAccount' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData AdminAccount where
+  rnf AdminAccount' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/SecurityHub/Types/AdminStatus.hs b/gen/Amazonka/SecurityHub/Types/AdminStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AdminStatus.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AdminStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AdminStatus
+  ( AdminStatus
+      ( ..,
+        AdminStatus_DISABLE_IN_PROGRESS,
+        AdminStatus_ENABLED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype AdminStatus = AdminStatus'
+  { fromAdminStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern AdminStatus_DISABLE_IN_PROGRESS :: AdminStatus
+pattern AdminStatus_DISABLE_IN_PROGRESS = AdminStatus' "DISABLE_IN_PROGRESS"
+
+pattern AdminStatus_ENABLED :: AdminStatus
+pattern AdminStatus_ENABLED = AdminStatus' "ENABLED"
+
+{-# COMPLETE
+  AdminStatus_DISABLE_IN_PROGRESS,
+  AdminStatus_ENABLED,
+  AdminStatus'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/AutoEnableStandards.hs b/gen/Amazonka/SecurityHub/Types/AutoEnableStandards.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AutoEnableStandards.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AutoEnableStandards
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AutoEnableStandards
+  ( AutoEnableStandards
+      ( ..,
+        AutoEnableStandards_DEFAULT,
+        AutoEnableStandards_NONE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype AutoEnableStandards = AutoEnableStandards'
+  { fromAutoEnableStandards ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern AutoEnableStandards_DEFAULT :: AutoEnableStandards
+pattern AutoEnableStandards_DEFAULT = AutoEnableStandards' "DEFAULT"
+
+pattern AutoEnableStandards_NONE :: AutoEnableStandards
+pattern AutoEnableStandards_NONE = AutoEnableStandards' "NONE"
+
+{-# COMPLETE
+  AutoEnableStandards_DEFAULT,
+  AutoEnableStandards_NONE,
+  AutoEnableStandards'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/AvailabilityZone.hs b/gen/Amazonka/SecurityHub/Types/AvailabilityZone.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AvailabilityZone.hs
@@ -0,0 +1,93 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AvailabilityZone
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AvailabilityZone where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about an Availability Zone.
+--
+-- /See:/ 'newAvailabilityZone' smart constructor.
+data AvailabilityZone = AvailabilityZone'
+  { -- | The ID of the subnet. You can specify one subnet per Availability Zone.
+    subnetId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the Availability Zone.
+    zoneName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AvailabilityZone' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'subnetId', 'availabilityZone_subnetId' - The ID of the subnet. You can specify one subnet per Availability Zone.
+--
+-- 'zoneName', 'availabilityZone_zoneName' - The name of the Availability Zone.
+newAvailabilityZone ::
+  AvailabilityZone
+newAvailabilityZone =
+  AvailabilityZone'
+    { subnetId = Prelude.Nothing,
+      zoneName = Prelude.Nothing
+    }
+
+-- | The ID of the subnet. You can specify one subnet per Availability Zone.
+availabilityZone_subnetId :: Lens.Lens' AvailabilityZone (Prelude.Maybe Prelude.Text)
+availabilityZone_subnetId = Lens.lens (\AvailabilityZone' {subnetId} -> subnetId) (\s@AvailabilityZone' {} a -> s {subnetId = a} :: AvailabilityZone)
+
+-- | The name of the Availability Zone.
+availabilityZone_zoneName :: Lens.Lens' AvailabilityZone (Prelude.Maybe Prelude.Text)
+availabilityZone_zoneName = Lens.lens (\AvailabilityZone' {zoneName} -> zoneName) (\s@AvailabilityZone' {} a -> s {zoneName = a} :: AvailabilityZone)
+
+instance Data.FromJSON AvailabilityZone where
+  parseJSON =
+    Data.withObject
+      "AvailabilityZone"
+      ( \x ->
+          AvailabilityZone'
+            Prelude.<$> (x Data..:? "SubnetId")
+            Prelude.<*> (x Data..:? "ZoneName")
+      )
+
+instance Prelude.Hashable AvailabilityZone where
+  hashWithSalt _salt AvailabilityZone' {..} =
+    _salt
+      `Prelude.hashWithSalt` subnetId
+      `Prelude.hashWithSalt` zoneName
+
+instance Prelude.NFData AvailabilityZone where
+  rnf AvailabilityZone' {..} =
+    Prelude.rnf subnetId
+      `Prelude.seq` Prelude.rnf zoneName
+
+instance Data.ToJSON AvailabilityZone where
+  toJSON AvailabilityZone' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("SubnetId" Data..=) Prelude.<$> subnetId,
+            ("ZoneName" Data..=) Prelude.<$> zoneName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsApiCallAction.hs b/gen/Amazonka/SecurityHub/Types/AwsApiCallAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsApiCallAction.hs
@@ -0,0 +1,198 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsApiCallAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsApiCallAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.ActionRemoteIpDetails
+import Amazonka.SecurityHub.Types.AwsApiCallActionDomainDetails
+
+-- | Provided if @ActionType@ is @AWS_API_CALL@. It provides details about
+-- the API call that was detected.
+--
+-- /See:/ 'newAwsApiCallAction' smart constructor.
+data AwsApiCallAction = AwsApiCallAction'
+  { -- | Identifies the resources that were affected by the API call.
+    affectedResources :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The name of the API method that was issued.
+    api :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether the API call originated from a remote IP address
+    -- (@remoteip@) or from a DNS domain (@domain@).
+    callerType :: Prelude.Maybe Prelude.Text,
+    -- | Provided if @CallerType@ is @domain@. Provides information about the DNS
+    -- domain that the API call originated from.
+    domainDetails :: Prelude.Maybe AwsApiCallActionDomainDetails,
+    -- | An ISO8601-formatted timestamp that indicates when the API call was
+    -- first observed.
+    firstSeen :: Prelude.Maybe Prelude.Text,
+    -- | An ISO8601-formatted timestamp that indicates when the API call was most
+    -- recently observed.
+    lastSeen :: Prelude.Maybe Prelude.Text,
+    -- | Provided if @CallerType@ is @remoteIp@. Provides information about the
+    -- remote IP address that the API call originated from.
+    remoteIpDetails :: Prelude.Maybe ActionRemoteIpDetails,
+    -- | The name of the Amazon Web Services service that the API method belongs
+    -- to.
+    serviceName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsApiCallAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'affectedResources', 'awsApiCallAction_affectedResources' - Identifies the resources that were affected by the API call.
+--
+-- 'api', 'awsApiCallAction_api' - The name of the API method that was issued.
+--
+-- 'callerType', 'awsApiCallAction_callerType' - Indicates whether the API call originated from a remote IP address
+-- (@remoteip@) or from a DNS domain (@domain@).
+--
+-- 'domainDetails', 'awsApiCallAction_domainDetails' - Provided if @CallerType@ is @domain@. Provides information about the DNS
+-- domain that the API call originated from.
+--
+-- 'firstSeen', 'awsApiCallAction_firstSeen' - An ISO8601-formatted timestamp that indicates when the API call was
+-- first observed.
+--
+-- 'lastSeen', 'awsApiCallAction_lastSeen' - An ISO8601-formatted timestamp that indicates when the API call was most
+-- recently observed.
+--
+-- 'remoteIpDetails', 'awsApiCallAction_remoteIpDetails' - Provided if @CallerType@ is @remoteIp@. Provides information about the
+-- remote IP address that the API call originated from.
+--
+-- 'serviceName', 'awsApiCallAction_serviceName' - The name of the Amazon Web Services service that the API method belongs
+-- to.
+newAwsApiCallAction ::
+  AwsApiCallAction
+newAwsApiCallAction =
+  AwsApiCallAction'
+    { affectedResources =
+        Prelude.Nothing,
+      api = Prelude.Nothing,
+      callerType = Prelude.Nothing,
+      domainDetails = Prelude.Nothing,
+      firstSeen = Prelude.Nothing,
+      lastSeen = Prelude.Nothing,
+      remoteIpDetails = Prelude.Nothing,
+      serviceName = Prelude.Nothing
+    }
+
+-- | Identifies the resources that were affected by the API call.
+awsApiCallAction_affectedResources :: Lens.Lens' AwsApiCallAction (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsApiCallAction_affectedResources = Lens.lens (\AwsApiCallAction' {affectedResources} -> affectedResources) (\s@AwsApiCallAction' {} a -> s {affectedResources = a} :: AwsApiCallAction) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the API method that was issued.
+awsApiCallAction_api :: Lens.Lens' AwsApiCallAction (Prelude.Maybe Prelude.Text)
+awsApiCallAction_api = Lens.lens (\AwsApiCallAction' {api} -> api) (\s@AwsApiCallAction' {} a -> s {api = a} :: AwsApiCallAction)
+
+-- | Indicates whether the API call originated from a remote IP address
+-- (@remoteip@) or from a DNS domain (@domain@).
+awsApiCallAction_callerType :: Lens.Lens' AwsApiCallAction (Prelude.Maybe Prelude.Text)
+awsApiCallAction_callerType = Lens.lens (\AwsApiCallAction' {callerType} -> callerType) (\s@AwsApiCallAction' {} a -> s {callerType = a} :: AwsApiCallAction)
+
+-- | Provided if @CallerType@ is @domain@. Provides information about the DNS
+-- domain that the API call originated from.
+awsApiCallAction_domainDetails :: Lens.Lens' AwsApiCallAction (Prelude.Maybe AwsApiCallActionDomainDetails)
+awsApiCallAction_domainDetails = Lens.lens (\AwsApiCallAction' {domainDetails} -> domainDetails) (\s@AwsApiCallAction' {} a -> s {domainDetails = a} :: AwsApiCallAction)
+
+-- | An ISO8601-formatted timestamp that indicates when the API call was
+-- first observed.
+awsApiCallAction_firstSeen :: Lens.Lens' AwsApiCallAction (Prelude.Maybe Prelude.Text)
+awsApiCallAction_firstSeen = Lens.lens (\AwsApiCallAction' {firstSeen} -> firstSeen) (\s@AwsApiCallAction' {} a -> s {firstSeen = a} :: AwsApiCallAction)
+
+-- | An ISO8601-formatted timestamp that indicates when the API call was most
+-- recently observed.
+awsApiCallAction_lastSeen :: Lens.Lens' AwsApiCallAction (Prelude.Maybe Prelude.Text)
+awsApiCallAction_lastSeen = Lens.lens (\AwsApiCallAction' {lastSeen} -> lastSeen) (\s@AwsApiCallAction' {} a -> s {lastSeen = a} :: AwsApiCallAction)
+
+-- | Provided if @CallerType@ is @remoteIp@. Provides information about the
+-- remote IP address that the API call originated from.
+awsApiCallAction_remoteIpDetails :: Lens.Lens' AwsApiCallAction (Prelude.Maybe ActionRemoteIpDetails)
+awsApiCallAction_remoteIpDetails = Lens.lens (\AwsApiCallAction' {remoteIpDetails} -> remoteIpDetails) (\s@AwsApiCallAction' {} a -> s {remoteIpDetails = a} :: AwsApiCallAction)
+
+-- | The name of the Amazon Web Services service that the API method belongs
+-- to.
+awsApiCallAction_serviceName :: Lens.Lens' AwsApiCallAction (Prelude.Maybe Prelude.Text)
+awsApiCallAction_serviceName = Lens.lens (\AwsApiCallAction' {serviceName} -> serviceName) (\s@AwsApiCallAction' {} a -> s {serviceName = a} :: AwsApiCallAction)
+
+instance Data.FromJSON AwsApiCallAction where
+  parseJSON =
+    Data.withObject
+      "AwsApiCallAction"
+      ( \x ->
+          AwsApiCallAction'
+            Prelude.<$> ( x
+                            Data..:? "AffectedResources"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Api")
+            Prelude.<*> (x Data..:? "CallerType")
+            Prelude.<*> (x Data..:? "DomainDetails")
+            Prelude.<*> (x Data..:? "FirstSeen")
+            Prelude.<*> (x Data..:? "LastSeen")
+            Prelude.<*> (x Data..:? "RemoteIpDetails")
+            Prelude.<*> (x Data..:? "ServiceName")
+      )
+
+instance Prelude.Hashable AwsApiCallAction where
+  hashWithSalt _salt AwsApiCallAction' {..} =
+    _salt
+      `Prelude.hashWithSalt` affectedResources
+      `Prelude.hashWithSalt` api
+      `Prelude.hashWithSalt` callerType
+      `Prelude.hashWithSalt` domainDetails
+      `Prelude.hashWithSalt` firstSeen
+      `Prelude.hashWithSalt` lastSeen
+      `Prelude.hashWithSalt` remoteIpDetails
+      `Prelude.hashWithSalt` serviceName
+
+instance Prelude.NFData AwsApiCallAction where
+  rnf AwsApiCallAction' {..} =
+    Prelude.rnf affectedResources
+      `Prelude.seq` Prelude.rnf api
+      `Prelude.seq` Prelude.rnf callerType
+      `Prelude.seq` Prelude.rnf domainDetails
+      `Prelude.seq` Prelude.rnf firstSeen
+      `Prelude.seq` Prelude.rnf lastSeen
+      `Prelude.seq` Prelude.rnf remoteIpDetails
+      `Prelude.seq` Prelude.rnf serviceName
+
+instance Data.ToJSON AwsApiCallAction where
+  toJSON AwsApiCallAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AffectedResources" Data..=)
+              Prelude.<$> affectedResources,
+            ("Api" Data..=) Prelude.<$> api,
+            ("CallerType" Data..=) Prelude.<$> callerType,
+            ("DomainDetails" Data..=) Prelude.<$> domainDetails,
+            ("FirstSeen" Data..=) Prelude.<$> firstSeen,
+            ("LastSeen" Data..=) Prelude.<$> lastSeen,
+            ("RemoteIpDetails" Data..=)
+              Prelude.<$> remoteIpDetails,
+            ("ServiceName" Data..=) Prelude.<$> serviceName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsApiCallActionDomainDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsApiCallActionDomainDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsApiCallActionDomainDetails.hs
@@ -0,0 +1,83 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsApiCallActionDomainDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsApiCallActionDomainDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provided if @CallerType@ is @domain@. It provides information about the
+-- DNS domain that issued the API call.
+--
+-- /See:/ 'newAwsApiCallActionDomainDetails' smart constructor.
+data AwsApiCallActionDomainDetails = AwsApiCallActionDomainDetails'
+  { -- | The name of the DNS domain that issued the API call.
+    domain :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsApiCallActionDomainDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'domain', 'awsApiCallActionDomainDetails_domain' - The name of the DNS domain that issued the API call.
+newAwsApiCallActionDomainDetails ::
+  AwsApiCallActionDomainDetails
+newAwsApiCallActionDomainDetails =
+  AwsApiCallActionDomainDetails'
+    { domain =
+        Prelude.Nothing
+    }
+
+-- | The name of the DNS domain that issued the API call.
+awsApiCallActionDomainDetails_domain :: Lens.Lens' AwsApiCallActionDomainDetails (Prelude.Maybe Prelude.Text)
+awsApiCallActionDomainDetails_domain = Lens.lens (\AwsApiCallActionDomainDetails' {domain} -> domain) (\s@AwsApiCallActionDomainDetails' {} a -> s {domain = a} :: AwsApiCallActionDomainDetails)
+
+instance Data.FromJSON AwsApiCallActionDomainDetails where
+  parseJSON =
+    Data.withObject
+      "AwsApiCallActionDomainDetails"
+      ( \x ->
+          AwsApiCallActionDomainDetails'
+            Prelude.<$> (x Data..:? "Domain")
+      )
+
+instance
+  Prelude.Hashable
+    AwsApiCallActionDomainDetails
+  where
+  hashWithSalt _salt AwsApiCallActionDomainDetails' {..} =
+    _salt `Prelude.hashWithSalt` domain
+
+instance Prelude.NFData AwsApiCallActionDomainDetails where
+  rnf AwsApiCallActionDomainDetails' {..} =
+    Prelude.rnf domain
+
+instance Data.ToJSON AwsApiCallActionDomainDetails where
+  toJSON AwsApiCallActionDomainDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Domain" Data..=) Prelude.<$> domain]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsApiGatewayAccessLogSettings.hs b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayAccessLogSettings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayAccessLogSettings.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsApiGatewayAccessLogSettings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsApiGatewayAccessLogSettings where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about settings for logging access for the stage.
+--
+-- /See:/ 'newAwsApiGatewayAccessLogSettings' smart constructor.
+data AwsApiGatewayAccessLogSettings = AwsApiGatewayAccessLogSettings'
+  { -- | The ARN of the CloudWatch Logs log group that receives the access logs.
+    destinationArn :: Prelude.Maybe Prelude.Text,
+    -- | A single-line format of the access logs of data, as specified by
+    -- selected @$context@ variables. The format must include at least
+    -- @$context.requestId@.
+    format :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsApiGatewayAccessLogSettings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'destinationArn', 'awsApiGatewayAccessLogSettings_destinationArn' - The ARN of the CloudWatch Logs log group that receives the access logs.
+--
+-- 'format', 'awsApiGatewayAccessLogSettings_format' - A single-line format of the access logs of data, as specified by
+-- selected @$context@ variables. The format must include at least
+-- @$context.requestId@.
+newAwsApiGatewayAccessLogSettings ::
+  AwsApiGatewayAccessLogSettings
+newAwsApiGatewayAccessLogSettings =
+  AwsApiGatewayAccessLogSettings'
+    { destinationArn =
+        Prelude.Nothing,
+      format = Prelude.Nothing
+    }
+
+-- | The ARN of the CloudWatch Logs log group that receives the access logs.
+awsApiGatewayAccessLogSettings_destinationArn :: Lens.Lens' AwsApiGatewayAccessLogSettings (Prelude.Maybe Prelude.Text)
+awsApiGatewayAccessLogSettings_destinationArn = Lens.lens (\AwsApiGatewayAccessLogSettings' {destinationArn} -> destinationArn) (\s@AwsApiGatewayAccessLogSettings' {} a -> s {destinationArn = a} :: AwsApiGatewayAccessLogSettings)
+
+-- | A single-line format of the access logs of data, as specified by
+-- selected @$context@ variables. The format must include at least
+-- @$context.requestId@.
+awsApiGatewayAccessLogSettings_format :: Lens.Lens' AwsApiGatewayAccessLogSettings (Prelude.Maybe Prelude.Text)
+awsApiGatewayAccessLogSettings_format = Lens.lens (\AwsApiGatewayAccessLogSettings' {format} -> format) (\s@AwsApiGatewayAccessLogSettings' {} a -> s {format = a} :: AwsApiGatewayAccessLogSettings)
+
+instance Data.FromJSON AwsApiGatewayAccessLogSettings where
+  parseJSON =
+    Data.withObject
+      "AwsApiGatewayAccessLogSettings"
+      ( \x ->
+          AwsApiGatewayAccessLogSettings'
+            Prelude.<$> (x Data..:? "DestinationArn")
+            Prelude.<*> (x Data..:? "Format")
+      )
+
+instance
+  Prelude.Hashable
+    AwsApiGatewayAccessLogSettings
+  where
+  hashWithSalt
+    _salt
+    AwsApiGatewayAccessLogSettings' {..} =
+      _salt
+        `Prelude.hashWithSalt` destinationArn
+        `Prelude.hashWithSalt` format
+
+instance
+  Prelude.NFData
+    AwsApiGatewayAccessLogSettings
+  where
+  rnf AwsApiGatewayAccessLogSettings' {..} =
+    Prelude.rnf destinationArn
+      `Prelude.seq` Prelude.rnf format
+
+instance Data.ToJSON AwsApiGatewayAccessLogSettings where
+  toJSON AwsApiGatewayAccessLogSettings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DestinationArn" Data..=)
+              Prelude.<$> destinationArn,
+            ("Format" Data..=) Prelude.<$> format
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsApiGatewayCanarySettings.hs b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayCanarySettings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayCanarySettings.hs
@@ -0,0 +1,140 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsApiGatewayCanarySettings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsApiGatewayCanarySettings where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about settings for canary deployment in the stage.
+--
+-- /See:/ 'newAwsApiGatewayCanarySettings' smart constructor.
+data AwsApiGatewayCanarySettings = AwsApiGatewayCanarySettings'
+  { -- | The deployment identifier for the canary deployment.
+    deploymentId :: Prelude.Maybe Prelude.Text,
+    -- | The percentage of traffic that is diverted to a canary deployment.
+    percentTraffic :: Prelude.Maybe Prelude.Double,
+    -- | Stage variables that are overridden in the canary release deployment.
+    -- The variables include new stage variables that are introduced in the
+    -- canary.
+    --
+    -- Each variable is represented as a string-to-string map between the stage
+    -- variable name and the variable value.
+    stageVariableOverrides :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | Indicates whether the canary deployment uses the stage cache.
+    useStageCache :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsApiGatewayCanarySettings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deploymentId', 'awsApiGatewayCanarySettings_deploymentId' - The deployment identifier for the canary deployment.
+--
+-- 'percentTraffic', 'awsApiGatewayCanarySettings_percentTraffic' - The percentage of traffic that is diverted to a canary deployment.
+--
+-- 'stageVariableOverrides', 'awsApiGatewayCanarySettings_stageVariableOverrides' - Stage variables that are overridden in the canary release deployment.
+-- The variables include new stage variables that are introduced in the
+-- canary.
+--
+-- Each variable is represented as a string-to-string map between the stage
+-- variable name and the variable value.
+--
+-- 'useStageCache', 'awsApiGatewayCanarySettings_useStageCache' - Indicates whether the canary deployment uses the stage cache.
+newAwsApiGatewayCanarySettings ::
+  AwsApiGatewayCanarySettings
+newAwsApiGatewayCanarySettings =
+  AwsApiGatewayCanarySettings'
+    { deploymentId =
+        Prelude.Nothing,
+      percentTraffic = Prelude.Nothing,
+      stageVariableOverrides = Prelude.Nothing,
+      useStageCache = Prelude.Nothing
+    }
+
+-- | The deployment identifier for the canary deployment.
+awsApiGatewayCanarySettings_deploymentId :: Lens.Lens' AwsApiGatewayCanarySettings (Prelude.Maybe Prelude.Text)
+awsApiGatewayCanarySettings_deploymentId = Lens.lens (\AwsApiGatewayCanarySettings' {deploymentId} -> deploymentId) (\s@AwsApiGatewayCanarySettings' {} a -> s {deploymentId = a} :: AwsApiGatewayCanarySettings)
+
+-- | The percentage of traffic that is diverted to a canary deployment.
+awsApiGatewayCanarySettings_percentTraffic :: Lens.Lens' AwsApiGatewayCanarySettings (Prelude.Maybe Prelude.Double)
+awsApiGatewayCanarySettings_percentTraffic = Lens.lens (\AwsApiGatewayCanarySettings' {percentTraffic} -> percentTraffic) (\s@AwsApiGatewayCanarySettings' {} a -> s {percentTraffic = a} :: AwsApiGatewayCanarySettings)
+
+-- | Stage variables that are overridden in the canary release deployment.
+-- The variables include new stage variables that are introduced in the
+-- canary.
+--
+-- Each variable is represented as a string-to-string map between the stage
+-- variable name and the variable value.
+awsApiGatewayCanarySettings_stageVariableOverrides :: Lens.Lens' AwsApiGatewayCanarySettings (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsApiGatewayCanarySettings_stageVariableOverrides = Lens.lens (\AwsApiGatewayCanarySettings' {stageVariableOverrides} -> stageVariableOverrides) (\s@AwsApiGatewayCanarySettings' {} a -> s {stageVariableOverrides = a} :: AwsApiGatewayCanarySettings) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates whether the canary deployment uses the stage cache.
+awsApiGatewayCanarySettings_useStageCache :: Lens.Lens' AwsApiGatewayCanarySettings (Prelude.Maybe Prelude.Bool)
+awsApiGatewayCanarySettings_useStageCache = Lens.lens (\AwsApiGatewayCanarySettings' {useStageCache} -> useStageCache) (\s@AwsApiGatewayCanarySettings' {} a -> s {useStageCache = a} :: AwsApiGatewayCanarySettings)
+
+instance Data.FromJSON AwsApiGatewayCanarySettings where
+  parseJSON =
+    Data.withObject
+      "AwsApiGatewayCanarySettings"
+      ( \x ->
+          AwsApiGatewayCanarySettings'
+            Prelude.<$> (x Data..:? "DeploymentId")
+            Prelude.<*> (x Data..:? "PercentTraffic")
+            Prelude.<*> ( x
+                            Data..:? "StageVariableOverrides"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "UseStageCache")
+      )
+
+instance Prelude.Hashable AwsApiGatewayCanarySettings where
+  hashWithSalt _salt AwsApiGatewayCanarySettings' {..} =
+    _salt
+      `Prelude.hashWithSalt` deploymentId
+      `Prelude.hashWithSalt` percentTraffic
+      `Prelude.hashWithSalt` stageVariableOverrides
+      `Prelude.hashWithSalt` useStageCache
+
+instance Prelude.NFData AwsApiGatewayCanarySettings where
+  rnf AwsApiGatewayCanarySettings' {..} =
+    Prelude.rnf deploymentId
+      `Prelude.seq` Prelude.rnf percentTraffic
+      `Prelude.seq` Prelude.rnf stageVariableOverrides
+      `Prelude.seq` Prelude.rnf useStageCache
+
+instance Data.ToJSON AwsApiGatewayCanarySettings where
+  toJSON AwsApiGatewayCanarySettings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DeploymentId" Data..=) Prelude.<$> deploymentId,
+            ("PercentTraffic" Data..=)
+              Prelude.<$> percentTraffic,
+            ("StageVariableOverrides" Data..=)
+              Prelude.<$> stageVariableOverrides,
+            ("UseStageCache" Data..=) Prelude.<$> useStageCache
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsApiGatewayEndpointConfiguration.hs b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayEndpointConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayEndpointConfiguration.hs
@@ -0,0 +1,105 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsApiGatewayEndpointConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsApiGatewayEndpointConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the endpoints for the API.
+--
+-- /See:/ 'newAwsApiGatewayEndpointConfiguration' smart constructor.
+data AwsApiGatewayEndpointConfiguration = AwsApiGatewayEndpointConfiguration'
+  { -- | A list of endpoint types for the REST API.
+    --
+    -- For an edge-optimized API, the endpoint type is @EDGE@. For a Regional
+    -- API, the endpoint type is @REGIONAL@. For a private API, the endpoint
+    -- type is @PRIVATE@.
+    types :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsApiGatewayEndpointConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'types', 'awsApiGatewayEndpointConfiguration_types' - A list of endpoint types for the REST API.
+--
+-- For an edge-optimized API, the endpoint type is @EDGE@. For a Regional
+-- API, the endpoint type is @REGIONAL@. For a private API, the endpoint
+-- type is @PRIVATE@.
+newAwsApiGatewayEndpointConfiguration ::
+  AwsApiGatewayEndpointConfiguration
+newAwsApiGatewayEndpointConfiguration =
+  AwsApiGatewayEndpointConfiguration'
+    { types =
+        Prelude.Nothing
+    }
+
+-- | A list of endpoint types for the REST API.
+--
+-- For an edge-optimized API, the endpoint type is @EDGE@. For a Regional
+-- API, the endpoint type is @REGIONAL@. For a private API, the endpoint
+-- type is @PRIVATE@.
+awsApiGatewayEndpointConfiguration_types :: Lens.Lens' AwsApiGatewayEndpointConfiguration (Prelude.Maybe [Prelude.Text])
+awsApiGatewayEndpointConfiguration_types = Lens.lens (\AwsApiGatewayEndpointConfiguration' {types} -> types) (\s@AwsApiGatewayEndpointConfiguration' {} a -> s {types = a} :: AwsApiGatewayEndpointConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsApiGatewayEndpointConfiguration
+  where
+  parseJSON =
+    Data.withObject
+      "AwsApiGatewayEndpointConfiguration"
+      ( \x ->
+          AwsApiGatewayEndpointConfiguration'
+            Prelude.<$> (x Data..:? "Types" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsApiGatewayEndpointConfiguration
+  where
+  hashWithSalt
+    _salt
+    AwsApiGatewayEndpointConfiguration' {..} =
+      _salt `Prelude.hashWithSalt` types
+
+instance
+  Prelude.NFData
+    AwsApiGatewayEndpointConfiguration
+  where
+  rnf AwsApiGatewayEndpointConfiguration' {..} =
+    Prelude.rnf types
+
+instance
+  Data.ToJSON
+    AwsApiGatewayEndpointConfiguration
+  where
+  toJSON AwsApiGatewayEndpointConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Types" Data..=) Prelude.<$> types]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsApiGatewayMethodSettings.hs b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayMethodSettings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayMethodSettings.hs
@@ -0,0 +1,313 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsApiGatewayMethodSettings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsApiGatewayMethodSettings where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Defines settings for a method for the stage.
+--
+-- /See:/ 'newAwsApiGatewayMethodSettings' smart constructor.
+data AwsApiGatewayMethodSettings = AwsApiGatewayMethodSettings'
+  { -- | Indicates whether the cached responses are encrypted.
+    cacheDataEncrypted :: Prelude.Maybe Prelude.Bool,
+    -- | Specifies the time to live (TTL), in seconds, for cached responses. The
+    -- higher the TTL, the longer the response is cached.
+    cacheTtlInSeconds :: Prelude.Maybe Prelude.Int,
+    -- | Indicates whether responses are cached and returned for requests. For
+    -- responses to be cached, a cache cluster must be enabled on the stage.
+    cachingEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates whether data trace logging is enabled for the method. Data
+    -- trace logging affects the log entries that are pushed to CloudWatch
+    -- Logs.
+    dataTraceEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | The HTTP method. You can use an asterisk (*) as a wildcard to apply
+    -- method settings to multiple methods.
+    httpMethod :: Prelude.Maybe Prelude.Text,
+    -- | The logging level for this method. The logging level affects the log
+    -- entries that are pushed to CloudWatch Logs.
+    --
+    -- If the logging level is @ERROR@, then the logs only include error-level
+    -- entries.
+    --
+    -- If the logging level is @INFO@, then the logs include both @ERROR@
+    -- events and extra informational events.
+    --
+    -- Valid values: @OFF@ | @ERROR@ | @INFO@
+    loggingLevel :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether CloudWatch metrics are enabled for the method.
+    metricsEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates whether authorization is required for a cache invalidation
+    -- request.
+    requireAuthorizationForCacheControl :: Prelude.Maybe Prelude.Bool,
+    -- | The resource path for this method. Forward slashes (\/) are encoded as
+    -- ~1 . The initial slash must include a forward slash.
+    --
+    -- For example, the path value @\/resource\/subresource@ must be encoded as
+    -- @\/~1resource~1subresource@.
+    --
+    -- To specify the root path, use only a slash (\/). You can use an asterisk
+    -- (*) as a wildcard to apply method settings to multiple methods.
+    resourcePath :: Prelude.Maybe Prelude.Text,
+    -- | The throttling burst limit for the method.
+    throttlingBurstLimit :: Prelude.Maybe Prelude.Int,
+    -- | The throttling rate limit for the method.
+    throttlingRateLimit :: Prelude.Maybe Prelude.Double,
+    -- | Indicates how to handle unauthorized requests for cache invalidation.
+    --
+    -- Valid values: @FAIL_WITH_403@ | @SUCCEED_WITH_RESPONSE_HEADER@ |
+    -- @SUCCEED_WITHOUT_RESPONSE_HEADER@
+    unauthorizedCacheControlHeaderStrategy :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsApiGatewayMethodSettings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cacheDataEncrypted', 'awsApiGatewayMethodSettings_cacheDataEncrypted' - Indicates whether the cached responses are encrypted.
+--
+-- 'cacheTtlInSeconds', 'awsApiGatewayMethodSettings_cacheTtlInSeconds' - Specifies the time to live (TTL), in seconds, for cached responses. The
+-- higher the TTL, the longer the response is cached.
+--
+-- 'cachingEnabled', 'awsApiGatewayMethodSettings_cachingEnabled' - Indicates whether responses are cached and returned for requests. For
+-- responses to be cached, a cache cluster must be enabled on the stage.
+--
+-- 'dataTraceEnabled', 'awsApiGatewayMethodSettings_dataTraceEnabled' - Indicates whether data trace logging is enabled for the method. Data
+-- trace logging affects the log entries that are pushed to CloudWatch
+-- Logs.
+--
+-- 'httpMethod', 'awsApiGatewayMethodSettings_httpMethod' - The HTTP method. You can use an asterisk (*) as a wildcard to apply
+-- method settings to multiple methods.
+--
+-- 'loggingLevel', 'awsApiGatewayMethodSettings_loggingLevel' - The logging level for this method. The logging level affects the log
+-- entries that are pushed to CloudWatch Logs.
+--
+-- If the logging level is @ERROR@, then the logs only include error-level
+-- entries.
+--
+-- If the logging level is @INFO@, then the logs include both @ERROR@
+-- events and extra informational events.
+--
+-- Valid values: @OFF@ | @ERROR@ | @INFO@
+--
+-- 'metricsEnabled', 'awsApiGatewayMethodSettings_metricsEnabled' - Indicates whether CloudWatch metrics are enabled for the method.
+--
+-- 'requireAuthorizationForCacheControl', 'awsApiGatewayMethodSettings_requireAuthorizationForCacheControl' - Indicates whether authorization is required for a cache invalidation
+-- request.
+--
+-- 'resourcePath', 'awsApiGatewayMethodSettings_resourcePath' - The resource path for this method. Forward slashes (\/) are encoded as
+-- ~1 . The initial slash must include a forward slash.
+--
+-- For example, the path value @\/resource\/subresource@ must be encoded as
+-- @\/~1resource~1subresource@.
+--
+-- To specify the root path, use only a slash (\/). You can use an asterisk
+-- (*) as a wildcard to apply method settings to multiple methods.
+--
+-- 'throttlingBurstLimit', 'awsApiGatewayMethodSettings_throttlingBurstLimit' - The throttling burst limit for the method.
+--
+-- 'throttlingRateLimit', 'awsApiGatewayMethodSettings_throttlingRateLimit' - The throttling rate limit for the method.
+--
+-- 'unauthorizedCacheControlHeaderStrategy', 'awsApiGatewayMethodSettings_unauthorizedCacheControlHeaderStrategy' - Indicates how to handle unauthorized requests for cache invalidation.
+--
+-- Valid values: @FAIL_WITH_403@ | @SUCCEED_WITH_RESPONSE_HEADER@ |
+-- @SUCCEED_WITHOUT_RESPONSE_HEADER@
+newAwsApiGatewayMethodSettings ::
+  AwsApiGatewayMethodSettings
+newAwsApiGatewayMethodSettings =
+  AwsApiGatewayMethodSettings'
+    { cacheDataEncrypted =
+        Prelude.Nothing,
+      cacheTtlInSeconds = Prelude.Nothing,
+      cachingEnabled = Prelude.Nothing,
+      dataTraceEnabled = Prelude.Nothing,
+      httpMethod = Prelude.Nothing,
+      loggingLevel = Prelude.Nothing,
+      metricsEnabled = Prelude.Nothing,
+      requireAuthorizationForCacheControl =
+        Prelude.Nothing,
+      resourcePath = Prelude.Nothing,
+      throttlingBurstLimit = Prelude.Nothing,
+      throttlingRateLimit = Prelude.Nothing,
+      unauthorizedCacheControlHeaderStrategy =
+        Prelude.Nothing
+    }
+
+-- | Indicates whether the cached responses are encrypted.
+awsApiGatewayMethodSettings_cacheDataEncrypted :: Lens.Lens' AwsApiGatewayMethodSettings (Prelude.Maybe Prelude.Bool)
+awsApiGatewayMethodSettings_cacheDataEncrypted = Lens.lens (\AwsApiGatewayMethodSettings' {cacheDataEncrypted} -> cacheDataEncrypted) (\s@AwsApiGatewayMethodSettings' {} a -> s {cacheDataEncrypted = a} :: AwsApiGatewayMethodSettings)
+
+-- | Specifies the time to live (TTL), in seconds, for cached responses. The
+-- higher the TTL, the longer the response is cached.
+awsApiGatewayMethodSettings_cacheTtlInSeconds :: Lens.Lens' AwsApiGatewayMethodSettings (Prelude.Maybe Prelude.Int)
+awsApiGatewayMethodSettings_cacheTtlInSeconds = Lens.lens (\AwsApiGatewayMethodSettings' {cacheTtlInSeconds} -> cacheTtlInSeconds) (\s@AwsApiGatewayMethodSettings' {} a -> s {cacheTtlInSeconds = a} :: AwsApiGatewayMethodSettings)
+
+-- | Indicates whether responses are cached and returned for requests. For
+-- responses to be cached, a cache cluster must be enabled on the stage.
+awsApiGatewayMethodSettings_cachingEnabled :: Lens.Lens' AwsApiGatewayMethodSettings (Prelude.Maybe Prelude.Bool)
+awsApiGatewayMethodSettings_cachingEnabled = Lens.lens (\AwsApiGatewayMethodSettings' {cachingEnabled} -> cachingEnabled) (\s@AwsApiGatewayMethodSettings' {} a -> s {cachingEnabled = a} :: AwsApiGatewayMethodSettings)
+
+-- | Indicates whether data trace logging is enabled for the method. Data
+-- trace logging affects the log entries that are pushed to CloudWatch
+-- Logs.
+awsApiGatewayMethodSettings_dataTraceEnabled :: Lens.Lens' AwsApiGatewayMethodSettings (Prelude.Maybe Prelude.Bool)
+awsApiGatewayMethodSettings_dataTraceEnabled = Lens.lens (\AwsApiGatewayMethodSettings' {dataTraceEnabled} -> dataTraceEnabled) (\s@AwsApiGatewayMethodSettings' {} a -> s {dataTraceEnabled = a} :: AwsApiGatewayMethodSettings)
+
+-- | The HTTP method. You can use an asterisk (*) as a wildcard to apply
+-- method settings to multiple methods.
+awsApiGatewayMethodSettings_httpMethod :: Lens.Lens' AwsApiGatewayMethodSettings (Prelude.Maybe Prelude.Text)
+awsApiGatewayMethodSettings_httpMethod = Lens.lens (\AwsApiGatewayMethodSettings' {httpMethod} -> httpMethod) (\s@AwsApiGatewayMethodSettings' {} a -> s {httpMethod = a} :: AwsApiGatewayMethodSettings)
+
+-- | The logging level for this method. The logging level affects the log
+-- entries that are pushed to CloudWatch Logs.
+--
+-- If the logging level is @ERROR@, then the logs only include error-level
+-- entries.
+--
+-- If the logging level is @INFO@, then the logs include both @ERROR@
+-- events and extra informational events.
+--
+-- Valid values: @OFF@ | @ERROR@ | @INFO@
+awsApiGatewayMethodSettings_loggingLevel :: Lens.Lens' AwsApiGatewayMethodSettings (Prelude.Maybe Prelude.Text)
+awsApiGatewayMethodSettings_loggingLevel = Lens.lens (\AwsApiGatewayMethodSettings' {loggingLevel} -> loggingLevel) (\s@AwsApiGatewayMethodSettings' {} a -> s {loggingLevel = a} :: AwsApiGatewayMethodSettings)
+
+-- | Indicates whether CloudWatch metrics are enabled for the method.
+awsApiGatewayMethodSettings_metricsEnabled :: Lens.Lens' AwsApiGatewayMethodSettings (Prelude.Maybe Prelude.Bool)
+awsApiGatewayMethodSettings_metricsEnabled = Lens.lens (\AwsApiGatewayMethodSettings' {metricsEnabled} -> metricsEnabled) (\s@AwsApiGatewayMethodSettings' {} a -> s {metricsEnabled = a} :: AwsApiGatewayMethodSettings)
+
+-- | Indicates whether authorization is required for a cache invalidation
+-- request.
+awsApiGatewayMethodSettings_requireAuthorizationForCacheControl :: Lens.Lens' AwsApiGatewayMethodSettings (Prelude.Maybe Prelude.Bool)
+awsApiGatewayMethodSettings_requireAuthorizationForCacheControl = Lens.lens (\AwsApiGatewayMethodSettings' {requireAuthorizationForCacheControl} -> requireAuthorizationForCacheControl) (\s@AwsApiGatewayMethodSettings' {} a -> s {requireAuthorizationForCacheControl = a} :: AwsApiGatewayMethodSettings)
+
+-- | The resource path for this method. Forward slashes (\/) are encoded as
+-- ~1 . The initial slash must include a forward slash.
+--
+-- For example, the path value @\/resource\/subresource@ must be encoded as
+-- @\/~1resource~1subresource@.
+--
+-- To specify the root path, use only a slash (\/). You can use an asterisk
+-- (*) as a wildcard to apply method settings to multiple methods.
+awsApiGatewayMethodSettings_resourcePath :: Lens.Lens' AwsApiGatewayMethodSettings (Prelude.Maybe Prelude.Text)
+awsApiGatewayMethodSettings_resourcePath = Lens.lens (\AwsApiGatewayMethodSettings' {resourcePath} -> resourcePath) (\s@AwsApiGatewayMethodSettings' {} a -> s {resourcePath = a} :: AwsApiGatewayMethodSettings)
+
+-- | The throttling burst limit for the method.
+awsApiGatewayMethodSettings_throttlingBurstLimit :: Lens.Lens' AwsApiGatewayMethodSettings (Prelude.Maybe Prelude.Int)
+awsApiGatewayMethodSettings_throttlingBurstLimit = Lens.lens (\AwsApiGatewayMethodSettings' {throttlingBurstLimit} -> throttlingBurstLimit) (\s@AwsApiGatewayMethodSettings' {} a -> s {throttlingBurstLimit = a} :: AwsApiGatewayMethodSettings)
+
+-- | The throttling rate limit for the method.
+awsApiGatewayMethodSettings_throttlingRateLimit :: Lens.Lens' AwsApiGatewayMethodSettings (Prelude.Maybe Prelude.Double)
+awsApiGatewayMethodSettings_throttlingRateLimit = Lens.lens (\AwsApiGatewayMethodSettings' {throttlingRateLimit} -> throttlingRateLimit) (\s@AwsApiGatewayMethodSettings' {} a -> s {throttlingRateLimit = a} :: AwsApiGatewayMethodSettings)
+
+-- | Indicates how to handle unauthorized requests for cache invalidation.
+--
+-- Valid values: @FAIL_WITH_403@ | @SUCCEED_WITH_RESPONSE_HEADER@ |
+-- @SUCCEED_WITHOUT_RESPONSE_HEADER@
+awsApiGatewayMethodSettings_unauthorizedCacheControlHeaderStrategy :: Lens.Lens' AwsApiGatewayMethodSettings (Prelude.Maybe Prelude.Text)
+awsApiGatewayMethodSettings_unauthorizedCacheControlHeaderStrategy = Lens.lens (\AwsApiGatewayMethodSettings' {unauthorizedCacheControlHeaderStrategy} -> unauthorizedCacheControlHeaderStrategy) (\s@AwsApiGatewayMethodSettings' {} a -> s {unauthorizedCacheControlHeaderStrategy = a} :: AwsApiGatewayMethodSettings)
+
+instance Data.FromJSON AwsApiGatewayMethodSettings where
+  parseJSON =
+    Data.withObject
+      "AwsApiGatewayMethodSettings"
+      ( \x ->
+          AwsApiGatewayMethodSettings'
+            Prelude.<$> (x Data..:? "CacheDataEncrypted")
+            Prelude.<*> (x Data..:? "CacheTtlInSeconds")
+            Prelude.<*> (x Data..:? "CachingEnabled")
+            Prelude.<*> (x Data..:? "DataTraceEnabled")
+            Prelude.<*> (x Data..:? "HttpMethod")
+            Prelude.<*> (x Data..:? "LoggingLevel")
+            Prelude.<*> (x Data..:? "MetricsEnabled")
+            Prelude.<*> (x Data..:? "RequireAuthorizationForCacheControl")
+            Prelude.<*> (x Data..:? "ResourcePath")
+            Prelude.<*> (x Data..:? "ThrottlingBurstLimit")
+            Prelude.<*> (x Data..:? "ThrottlingRateLimit")
+            Prelude.<*> ( x
+                            Data..:? "UnauthorizedCacheControlHeaderStrategy"
+                        )
+      )
+
+instance Prelude.Hashable AwsApiGatewayMethodSettings where
+  hashWithSalt _salt AwsApiGatewayMethodSettings' {..} =
+    _salt
+      `Prelude.hashWithSalt` cacheDataEncrypted
+      `Prelude.hashWithSalt` cacheTtlInSeconds
+      `Prelude.hashWithSalt` cachingEnabled
+      `Prelude.hashWithSalt` dataTraceEnabled
+      `Prelude.hashWithSalt` httpMethod
+      `Prelude.hashWithSalt` loggingLevel
+      `Prelude.hashWithSalt` metricsEnabled
+      `Prelude.hashWithSalt` requireAuthorizationForCacheControl
+      `Prelude.hashWithSalt` resourcePath
+      `Prelude.hashWithSalt` throttlingBurstLimit
+      `Prelude.hashWithSalt` throttlingRateLimit
+      `Prelude.hashWithSalt` unauthorizedCacheControlHeaderStrategy
+
+instance Prelude.NFData AwsApiGatewayMethodSettings where
+  rnf AwsApiGatewayMethodSettings' {..} =
+    Prelude.rnf cacheDataEncrypted
+      `Prelude.seq` Prelude.rnf cacheTtlInSeconds
+      `Prelude.seq` Prelude.rnf cachingEnabled
+      `Prelude.seq` Prelude.rnf dataTraceEnabled
+      `Prelude.seq` Prelude.rnf httpMethod
+      `Prelude.seq` Prelude.rnf loggingLevel
+      `Prelude.seq` Prelude.rnf metricsEnabled
+      `Prelude.seq` Prelude.rnf requireAuthorizationForCacheControl
+      `Prelude.seq` Prelude.rnf resourcePath
+      `Prelude.seq` Prelude.rnf throttlingBurstLimit
+      `Prelude.seq` Prelude.rnf throttlingRateLimit
+      `Prelude.seq` Prelude.rnf
+        unauthorizedCacheControlHeaderStrategy
+
+instance Data.ToJSON AwsApiGatewayMethodSettings where
+  toJSON AwsApiGatewayMethodSettings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CacheDataEncrypted" Data..=)
+              Prelude.<$> cacheDataEncrypted,
+            ("CacheTtlInSeconds" Data..=)
+              Prelude.<$> cacheTtlInSeconds,
+            ("CachingEnabled" Data..=)
+              Prelude.<$> cachingEnabled,
+            ("DataTraceEnabled" Data..=)
+              Prelude.<$> dataTraceEnabled,
+            ("HttpMethod" Data..=) Prelude.<$> httpMethod,
+            ("LoggingLevel" Data..=) Prelude.<$> loggingLevel,
+            ("MetricsEnabled" Data..=)
+              Prelude.<$> metricsEnabled,
+            ("RequireAuthorizationForCacheControl" Data..=)
+              Prelude.<$> requireAuthorizationForCacheControl,
+            ("ResourcePath" Data..=) Prelude.<$> resourcePath,
+            ("ThrottlingBurstLimit" Data..=)
+              Prelude.<$> throttlingBurstLimit,
+            ("ThrottlingRateLimit" Data..=)
+              Prelude.<$> throttlingRateLimit,
+            ("UnauthorizedCacheControlHeaderStrategy" Data..=)
+              Prelude.<$> unauthorizedCacheControlHeaderStrategy
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsApiGatewayRestApiDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayRestApiDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayRestApiDetails.hs
@@ -0,0 +1,241 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsApiGatewayRestApiDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsApiGatewayRestApiDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsApiGatewayEndpointConfiguration
+
+-- | Contains information about a REST API in version 1 of Amazon API
+-- Gateway.
+--
+-- /See:/ 'newAwsApiGatewayRestApiDetails' smart constructor.
+data AwsApiGatewayRestApiDetails = AwsApiGatewayRestApiDetails'
+  { -- | The source of the API key for metering requests according to a usage
+    -- plan.
+    --
+    -- @HEADER@ indicates whether to read the API key from the X-API-Key header
+    -- of a request.
+    --
+    -- @AUTHORIZER@ indicates whether to read the API key from the
+    -- @UsageIdentifierKey@ from a custom authorizer.
+    apiKeySource :: Prelude.Maybe Prelude.Text,
+    -- | The list of binary media types supported by the REST API.
+    binaryMediaTypes :: Prelude.Maybe [Prelude.Text],
+    -- | Indicates when the API was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createdDate :: Prelude.Maybe Prelude.Text,
+    -- | A description of the REST API.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The endpoint configuration of the REST API.
+    endpointConfiguration :: Prelude.Maybe AwsApiGatewayEndpointConfiguration,
+    -- | The identifier of the REST API.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The minimum size in bytes of a payload before compression is enabled.
+    --
+    -- If @null@, then compression is disabled.
+    --
+    -- If 0, then all payloads are compressed.
+    minimumCompressionSize :: Prelude.Maybe Prelude.Int,
+    -- | The name of the REST API.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The version identifier for the REST API.
+    version :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsApiGatewayRestApiDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'apiKeySource', 'awsApiGatewayRestApiDetails_apiKeySource' - The source of the API key for metering requests according to a usage
+-- plan.
+--
+-- @HEADER@ indicates whether to read the API key from the X-API-Key header
+-- of a request.
+--
+-- @AUTHORIZER@ indicates whether to read the API key from the
+-- @UsageIdentifierKey@ from a custom authorizer.
+--
+-- 'binaryMediaTypes', 'awsApiGatewayRestApiDetails_binaryMediaTypes' - The list of binary media types supported by the REST API.
+--
+-- 'createdDate', 'awsApiGatewayRestApiDetails_createdDate' - Indicates when the API was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'description', 'awsApiGatewayRestApiDetails_description' - A description of the REST API.
+--
+-- 'endpointConfiguration', 'awsApiGatewayRestApiDetails_endpointConfiguration' - The endpoint configuration of the REST API.
+--
+-- 'id', 'awsApiGatewayRestApiDetails_id' - The identifier of the REST API.
+--
+-- 'minimumCompressionSize', 'awsApiGatewayRestApiDetails_minimumCompressionSize' - The minimum size in bytes of a payload before compression is enabled.
+--
+-- If @null@, then compression is disabled.
+--
+-- If 0, then all payloads are compressed.
+--
+-- 'name', 'awsApiGatewayRestApiDetails_name' - The name of the REST API.
+--
+-- 'version', 'awsApiGatewayRestApiDetails_version' - The version identifier for the REST API.
+newAwsApiGatewayRestApiDetails ::
+  AwsApiGatewayRestApiDetails
+newAwsApiGatewayRestApiDetails =
+  AwsApiGatewayRestApiDetails'
+    { apiKeySource =
+        Prelude.Nothing,
+      binaryMediaTypes = Prelude.Nothing,
+      createdDate = Prelude.Nothing,
+      description = Prelude.Nothing,
+      endpointConfiguration = Prelude.Nothing,
+      id = Prelude.Nothing,
+      minimumCompressionSize = Prelude.Nothing,
+      name = Prelude.Nothing,
+      version = Prelude.Nothing
+    }
+
+-- | The source of the API key for metering requests according to a usage
+-- plan.
+--
+-- @HEADER@ indicates whether to read the API key from the X-API-Key header
+-- of a request.
+--
+-- @AUTHORIZER@ indicates whether to read the API key from the
+-- @UsageIdentifierKey@ from a custom authorizer.
+awsApiGatewayRestApiDetails_apiKeySource :: Lens.Lens' AwsApiGatewayRestApiDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayRestApiDetails_apiKeySource = Lens.lens (\AwsApiGatewayRestApiDetails' {apiKeySource} -> apiKeySource) (\s@AwsApiGatewayRestApiDetails' {} a -> s {apiKeySource = a} :: AwsApiGatewayRestApiDetails)
+
+-- | The list of binary media types supported by the REST API.
+awsApiGatewayRestApiDetails_binaryMediaTypes :: Lens.Lens' AwsApiGatewayRestApiDetails (Prelude.Maybe [Prelude.Text])
+awsApiGatewayRestApiDetails_binaryMediaTypes = Lens.lens (\AwsApiGatewayRestApiDetails' {binaryMediaTypes} -> binaryMediaTypes) (\s@AwsApiGatewayRestApiDetails' {} a -> s {binaryMediaTypes = a} :: AwsApiGatewayRestApiDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates when the API was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsApiGatewayRestApiDetails_createdDate :: Lens.Lens' AwsApiGatewayRestApiDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayRestApiDetails_createdDate = Lens.lens (\AwsApiGatewayRestApiDetails' {createdDate} -> createdDate) (\s@AwsApiGatewayRestApiDetails' {} a -> s {createdDate = a} :: AwsApiGatewayRestApiDetails)
+
+-- | A description of the REST API.
+awsApiGatewayRestApiDetails_description :: Lens.Lens' AwsApiGatewayRestApiDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayRestApiDetails_description = Lens.lens (\AwsApiGatewayRestApiDetails' {description} -> description) (\s@AwsApiGatewayRestApiDetails' {} a -> s {description = a} :: AwsApiGatewayRestApiDetails)
+
+-- | The endpoint configuration of the REST API.
+awsApiGatewayRestApiDetails_endpointConfiguration :: Lens.Lens' AwsApiGatewayRestApiDetails (Prelude.Maybe AwsApiGatewayEndpointConfiguration)
+awsApiGatewayRestApiDetails_endpointConfiguration = Lens.lens (\AwsApiGatewayRestApiDetails' {endpointConfiguration} -> endpointConfiguration) (\s@AwsApiGatewayRestApiDetails' {} a -> s {endpointConfiguration = a} :: AwsApiGatewayRestApiDetails)
+
+-- | The identifier of the REST API.
+awsApiGatewayRestApiDetails_id :: Lens.Lens' AwsApiGatewayRestApiDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayRestApiDetails_id = Lens.lens (\AwsApiGatewayRestApiDetails' {id} -> id) (\s@AwsApiGatewayRestApiDetails' {} a -> s {id = a} :: AwsApiGatewayRestApiDetails)
+
+-- | The minimum size in bytes of a payload before compression is enabled.
+--
+-- If @null@, then compression is disabled.
+--
+-- If 0, then all payloads are compressed.
+awsApiGatewayRestApiDetails_minimumCompressionSize :: Lens.Lens' AwsApiGatewayRestApiDetails (Prelude.Maybe Prelude.Int)
+awsApiGatewayRestApiDetails_minimumCompressionSize = Lens.lens (\AwsApiGatewayRestApiDetails' {minimumCompressionSize} -> minimumCompressionSize) (\s@AwsApiGatewayRestApiDetails' {} a -> s {minimumCompressionSize = a} :: AwsApiGatewayRestApiDetails)
+
+-- | The name of the REST API.
+awsApiGatewayRestApiDetails_name :: Lens.Lens' AwsApiGatewayRestApiDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayRestApiDetails_name = Lens.lens (\AwsApiGatewayRestApiDetails' {name} -> name) (\s@AwsApiGatewayRestApiDetails' {} a -> s {name = a} :: AwsApiGatewayRestApiDetails)
+
+-- | The version identifier for the REST API.
+awsApiGatewayRestApiDetails_version :: Lens.Lens' AwsApiGatewayRestApiDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayRestApiDetails_version = Lens.lens (\AwsApiGatewayRestApiDetails' {version} -> version) (\s@AwsApiGatewayRestApiDetails' {} a -> s {version = a} :: AwsApiGatewayRestApiDetails)
+
+instance Data.FromJSON AwsApiGatewayRestApiDetails where
+  parseJSON =
+    Data.withObject
+      "AwsApiGatewayRestApiDetails"
+      ( \x ->
+          AwsApiGatewayRestApiDetails'
+            Prelude.<$> (x Data..:? "ApiKeySource")
+            Prelude.<*> ( x
+                            Data..:? "BinaryMediaTypes"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "CreatedDate")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "EndpointConfiguration")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "MinimumCompressionSize")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Version")
+      )
+
+instance Prelude.Hashable AwsApiGatewayRestApiDetails where
+  hashWithSalt _salt AwsApiGatewayRestApiDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` apiKeySource
+      `Prelude.hashWithSalt` binaryMediaTypes
+      `Prelude.hashWithSalt` createdDate
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` endpointConfiguration
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` minimumCompressionSize
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` version
+
+instance Prelude.NFData AwsApiGatewayRestApiDetails where
+  rnf AwsApiGatewayRestApiDetails' {..} =
+    Prelude.rnf apiKeySource
+      `Prelude.seq` Prelude.rnf binaryMediaTypes
+      `Prelude.seq` Prelude.rnf createdDate
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf endpointConfiguration
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf minimumCompressionSize
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf version
+
+instance Data.ToJSON AwsApiGatewayRestApiDetails where
+  toJSON AwsApiGatewayRestApiDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ApiKeySource" Data..=) Prelude.<$> apiKeySource,
+            ("BinaryMediaTypes" Data..=)
+              Prelude.<$> binaryMediaTypes,
+            ("CreatedDate" Data..=) Prelude.<$> createdDate,
+            ("Description" Data..=) Prelude.<$> description,
+            ("EndpointConfiguration" Data..=)
+              Prelude.<$> endpointConfiguration,
+            ("Id" Data..=) Prelude.<$> id,
+            ("MinimumCompressionSize" Data..=)
+              Prelude.<$> minimumCompressionSize,
+            ("Name" Data..=) Prelude.<$> name,
+            ("Version" Data..=) Prelude.<$> version
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsApiGatewayStageDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayStageDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayStageDetails.hs
@@ -0,0 +1,349 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsApiGatewayStageDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsApiGatewayStageDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsApiGatewayAccessLogSettings
+import Amazonka.SecurityHub.Types.AwsApiGatewayCanarySettings
+import Amazonka.SecurityHub.Types.AwsApiGatewayMethodSettings
+
+-- | Provides information about a version 1 Amazon API Gateway stage.
+--
+-- /See:/ 'newAwsApiGatewayStageDetails' smart constructor.
+data AwsApiGatewayStageDetails = AwsApiGatewayStageDetails'
+  { -- | Settings for logging access for the stage.
+    accessLogSettings :: Prelude.Maybe AwsApiGatewayAccessLogSettings,
+    -- | Indicates whether a cache cluster is enabled for the stage.
+    cacheClusterEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | If a cache cluster is enabled, the size of the cache cluster.
+    cacheClusterSize :: Prelude.Maybe Prelude.Text,
+    -- | If a cache cluster is enabled, the status of the cache cluster.
+    cacheClusterStatus :: Prelude.Maybe Prelude.Text,
+    -- | Information about settings for canary deployment in the stage.
+    canarySettings :: Prelude.Maybe AwsApiGatewayCanarySettings,
+    -- | The identifier of the client certificate for the stage.
+    clientCertificateId :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the stage was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createdDate :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the deployment that the stage points to.
+    deploymentId :: Prelude.Maybe Prelude.Text,
+    -- | A description of the stage.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The version of the API documentation that is associated with the stage.
+    documentationVersion :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the stage was most recently updated.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    lastUpdatedDate :: Prelude.Maybe Prelude.Text,
+    -- | Defines the method settings for the stage.
+    methodSettings :: Prelude.Maybe [AwsApiGatewayMethodSettings],
+    -- | The name of the stage.
+    stageName :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether active tracing with X-Ray is enabled for the stage.
+    tracingEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | A map that defines the stage variables for the stage.
+    --
+    -- Variable names can have alphanumeric and underscore characters.
+    --
+    -- Variable values can contain the following characters:
+    --
+    -- -   Uppercase and lowercase letters
+    --
+    -- -   Numbers
+    --
+    -- -   Special characters -._~:\/?#&=,
+    variables :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The ARN of the web ACL associated with the stage.
+    webAclArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsApiGatewayStageDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessLogSettings', 'awsApiGatewayStageDetails_accessLogSettings' - Settings for logging access for the stage.
+--
+-- 'cacheClusterEnabled', 'awsApiGatewayStageDetails_cacheClusterEnabled' - Indicates whether a cache cluster is enabled for the stage.
+--
+-- 'cacheClusterSize', 'awsApiGatewayStageDetails_cacheClusterSize' - If a cache cluster is enabled, the size of the cache cluster.
+--
+-- 'cacheClusterStatus', 'awsApiGatewayStageDetails_cacheClusterStatus' - If a cache cluster is enabled, the status of the cache cluster.
+--
+-- 'canarySettings', 'awsApiGatewayStageDetails_canarySettings' - Information about settings for canary deployment in the stage.
+--
+-- 'clientCertificateId', 'awsApiGatewayStageDetails_clientCertificateId' - The identifier of the client certificate for the stage.
+--
+-- 'createdDate', 'awsApiGatewayStageDetails_createdDate' - Indicates when the stage was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'deploymentId', 'awsApiGatewayStageDetails_deploymentId' - The identifier of the deployment that the stage points to.
+--
+-- 'description', 'awsApiGatewayStageDetails_description' - A description of the stage.
+--
+-- 'documentationVersion', 'awsApiGatewayStageDetails_documentationVersion' - The version of the API documentation that is associated with the stage.
+--
+-- 'lastUpdatedDate', 'awsApiGatewayStageDetails_lastUpdatedDate' - Indicates when the stage was most recently updated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'methodSettings', 'awsApiGatewayStageDetails_methodSettings' - Defines the method settings for the stage.
+--
+-- 'stageName', 'awsApiGatewayStageDetails_stageName' - The name of the stage.
+--
+-- 'tracingEnabled', 'awsApiGatewayStageDetails_tracingEnabled' - Indicates whether active tracing with X-Ray is enabled for the stage.
+--
+-- 'variables', 'awsApiGatewayStageDetails_variables' - A map that defines the stage variables for the stage.
+--
+-- Variable names can have alphanumeric and underscore characters.
+--
+-- Variable values can contain the following characters:
+--
+-- -   Uppercase and lowercase letters
+--
+-- -   Numbers
+--
+-- -   Special characters -._~:\/?#&=,
+--
+-- 'webAclArn', 'awsApiGatewayStageDetails_webAclArn' - The ARN of the web ACL associated with the stage.
+newAwsApiGatewayStageDetails ::
+  AwsApiGatewayStageDetails
+newAwsApiGatewayStageDetails =
+  AwsApiGatewayStageDetails'
+    { accessLogSettings =
+        Prelude.Nothing,
+      cacheClusterEnabled = Prelude.Nothing,
+      cacheClusterSize = Prelude.Nothing,
+      cacheClusterStatus = Prelude.Nothing,
+      canarySettings = Prelude.Nothing,
+      clientCertificateId = Prelude.Nothing,
+      createdDate = Prelude.Nothing,
+      deploymentId = Prelude.Nothing,
+      description = Prelude.Nothing,
+      documentationVersion = Prelude.Nothing,
+      lastUpdatedDate = Prelude.Nothing,
+      methodSettings = Prelude.Nothing,
+      stageName = Prelude.Nothing,
+      tracingEnabled = Prelude.Nothing,
+      variables = Prelude.Nothing,
+      webAclArn = Prelude.Nothing
+    }
+
+-- | Settings for logging access for the stage.
+awsApiGatewayStageDetails_accessLogSettings :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe AwsApiGatewayAccessLogSettings)
+awsApiGatewayStageDetails_accessLogSettings = Lens.lens (\AwsApiGatewayStageDetails' {accessLogSettings} -> accessLogSettings) (\s@AwsApiGatewayStageDetails' {} a -> s {accessLogSettings = a} :: AwsApiGatewayStageDetails)
+
+-- | Indicates whether a cache cluster is enabled for the stage.
+awsApiGatewayStageDetails_cacheClusterEnabled :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe Prelude.Bool)
+awsApiGatewayStageDetails_cacheClusterEnabled = Lens.lens (\AwsApiGatewayStageDetails' {cacheClusterEnabled} -> cacheClusterEnabled) (\s@AwsApiGatewayStageDetails' {} a -> s {cacheClusterEnabled = a} :: AwsApiGatewayStageDetails)
+
+-- | If a cache cluster is enabled, the size of the cache cluster.
+awsApiGatewayStageDetails_cacheClusterSize :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayStageDetails_cacheClusterSize = Lens.lens (\AwsApiGatewayStageDetails' {cacheClusterSize} -> cacheClusterSize) (\s@AwsApiGatewayStageDetails' {} a -> s {cacheClusterSize = a} :: AwsApiGatewayStageDetails)
+
+-- | If a cache cluster is enabled, the status of the cache cluster.
+awsApiGatewayStageDetails_cacheClusterStatus :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayStageDetails_cacheClusterStatus = Lens.lens (\AwsApiGatewayStageDetails' {cacheClusterStatus} -> cacheClusterStatus) (\s@AwsApiGatewayStageDetails' {} a -> s {cacheClusterStatus = a} :: AwsApiGatewayStageDetails)
+
+-- | Information about settings for canary deployment in the stage.
+awsApiGatewayStageDetails_canarySettings :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe AwsApiGatewayCanarySettings)
+awsApiGatewayStageDetails_canarySettings = Lens.lens (\AwsApiGatewayStageDetails' {canarySettings} -> canarySettings) (\s@AwsApiGatewayStageDetails' {} a -> s {canarySettings = a} :: AwsApiGatewayStageDetails)
+
+-- | The identifier of the client certificate for the stage.
+awsApiGatewayStageDetails_clientCertificateId :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayStageDetails_clientCertificateId = Lens.lens (\AwsApiGatewayStageDetails' {clientCertificateId} -> clientCertificateId) (\s@AwsApiGatewayStageDetails' {} a -> s {clientCertificateId = a} :: AwsApiGatewayStageDetails)
+
+-- | Indicates when the stage was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsApiGatewayStageDetails_createdDate :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayStageDetails_createdDate = Lens.lens (\AwsApiGatewayStageDetails' {createdDate} -> createdDate) (\s@AwsApiGatewayStageDetails' {} a -> s {createdDate = a} :: AwsApiGatewayStageDetails)
+
+-- | The identifier of the deployment that the stage points to.
+awsApiGatewayStageDetails_deploymentId :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayStageDetails_deploymentId = Lens.lens (\AwsApiGatewayStageDetails' {deploymentId} -> deploymentId) (\s@AwsApiGatewayStageDetails' {} a -> s {deploymentId = a} :: AwsApiGatewayStageDetails)
+
+-- | A description of the stage.
+awsApiGatewayStageDetails_description :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayStageDetails_description = Lens.lens (\AwsApiGatewayStageDetails' {description} -> description) (\s@AwsApiGatewayStageDetails' {} a -> s {description = a} :: AwsApiGatewayStageDetails)
+
+-- | The version of the API documentation that is associated with the stage.
+awsApiGatewayStageDetails_documentationVersion :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayStageDetails_documentationVersion = Lens.lens (\AwsApiGatewayStageDetails' {documentationVersion} -> documentationVersion) (\s@AwsApiGatewayStageDetails' {} a -> s {documentationVersion = a} :: AwsApiGatewayStageDetails)
+
+-- | Indicates when the stage was most recently updated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsApiGatewayStageDetails_lastUpdatedDate :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayStageDetails_lastUpdatedDate = Lens.lens (\AwsApiGatewayStageDetails' {lastUpdatedDate} -> lastUpdatedDate) (\s@AwsApiGatewayStageDetails' {} a -> s {lastUpdatedDate = a} :: AwsApiGatewayStageDetails)
+
+-- | Defines the method settings for the stage.
+awsApiGatewayStageDetails_methodSettings :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe [AwsApiGatewayMethodSettings])
+awsApiGatewayStageDetails_methodSettings = Lens.lens (\AwsApiGatewayStageDetails' {methodSettings} -> methodSettings) (\s@AwsApiGatewayStageDetails' {} a -> s {methodSettings = a} :: AwsApiGatewayStageDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the stage.
+awsApiGatewayStageDetails_stageName :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayStageDetails_stageName = Lens.lens (\AwsApiGatewayStageDetails' {stageName} -> stageName) (\s@AwsApiGatewayStageDetails' {} a -> s {stageName = a} :: AwsApiGatewayStageDetails)
+
+-- | Indicates whether active tracing with X-Ray is enabled for the stage.
+awsApiGatewayStageDetails_tracingEnabled :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe Prelude.Bool)
+awsApiGatewayStageDetails_tracingEnabled = Lens.lens (\AwsApiGatewayStageDetails' {tracingEnabled} -> tracingEnabled) (\s@AwsApiGatewayStageDetails' {} a -> s {tracingEnabled = a} :: AwsApiGatewayStageDetails)
+
+-- | A map that defines the stage variables for the stage.
+--
+-- Variable names can have alphanumeric and underscore characters.
+--
+-- Variable values can contain the following characters:
+--
+-- -   Uppercase and lowercase letters
+--
+-- -   Numbers
+--
+-- -   Special characters -._~:\/?#&=,
+awsApiGatewayStageDetails_variables :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsApiGatewayStageDetails_variables = Lens.lens (\AwsApiGatewayStageDetails' {variables} -> variables) (\s@AwsApiGatewayStageDetails' {} a -> s {variables = a} :: AwsApiGatewayStageDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN of the web ACL associated with the stage.
+awsApiGatewayStageDetails_webAclArn :: Lens.Lens' AwsApiGatewayStageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayStageDetails_webAclArn = Lens.lens (\AwsApiGatewayStageDetails' {webAclArn} -> webAclArn) (\s@AwsApiGatewayStageDetails' {} a -> s {webAclArn = a} :: AwsApiGatewayStageDetails)
+
+instance Data.FromJSON AwsApiGatewayStageDetails where
+  parseJSON =
+    Data.withObject
+      "AwsApiGatewayStageDetails"
+      ( \x ->
+          AwsApiGatewayStageDetails'
+            Prelude.<$> (x Data..:? "AccessLogSettings")
+            Prelude.<*> (x Data..:? "CacheClusterEnabled")
+            Prelude.<*> (x Data..:? "CacheClusterSize")
+            Prelude.<*> (x Data..:? "CacheClusterStatus")
+            Prelude.<*> (x Data..:? "CanarySettings")
+            Prelude.<*> (x Data..:? "ClientCertificateId")
+            Prelude.<*> (x Data..:? "CreatedDate")
+            Prelude.<*> (x Data..:? "DeploymentId")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "DocumentationVersion")
+            Prelude.<*> (x Data..:? "LastUpdatedDate")
+            Prelude.<*> (x Data..:? "MethodSettings" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "StageName")
+            Prelude.<*> (x Data..:? "TracingEnabled")
+            Prelude.<*> (x Data..:? "Variables" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "WebAclArn")
+      )
+
+instance Prelude.Hashable AwsApiGatewayStageDetails where
+  hashWithSalt _salt AwsApiGatewayStageDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` accessLogSettings
+      `Prelude.hashWithSalt` cacheClusterEnabled
+      `Prelude.hashWithSalt` cacheClusterSize
+      `Prelude.hashWithSalt` cacheClusterStatus
+      `Prelude.hashWithSalt` canarySettings
+      `Prelude.hashWithSalt` clientCertificateId
+      `Prelude.hashWithSalt` createdDate
+      `Prelude.hashWithSalt` deploymentId
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` documentationVersion
+      `Prelude.hashWithSalt` lastUpdatedDate
+      `Prelude.hashWithSalt` methodSettings
+      `Prelude.hashWithSalt` stageName
+      `Prelude.hashWithSalt` tracingEnabled
+      `Prelude.hashWithSalt` variables
+      `Prelude.hashWithSalt` webAclArn
+
+instance Prelude.NFData AwsApiGatewayStageDetails where
+  rnf AwsApiGatewayStageDetails' {..} =
+    Prelude.rnf accessLogSettings
+      `Prelude.seq` Prelude.rnf cacheClusterEnabled
+      `Prelude.seq` Prelude.rnf cacheClusterSize
+      `Prelude.seq` Prelude.rnf cacheClusterStatus
+      `Prelude.seq` Prelude.rnf canarySettings
+      `Prelude.seq` Prelude.rnf clientCertificateId
+      `Prelude.seq` Prelude.rnf createdDate
+      `Prelude.seq` Prelude.rnf deploymentId
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf documentationVersion
+      `Prelude.seq` Prelude.rnf lastUpdatedDate
+      `Prelude.seq` Prelude.rnf methodSettings
+      `Prelude.seq` Prelude.rnf stageName
+      `Prelude.seq` Prelude.rnf tracingEnabled
+      `Prelude.seq` Prelude.rnf variables
+      `Prelude.seq` Prelude.rnf webAclArn
+
+instance Data.ToJSON AwsApiGatewayStageDetails where
+  toJSON AwsApiGatewayStageDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AccessLogSettings" Data..=)
+              Prelude.<$> accessLogSettings,
+            ("CacheClusterEnabled" Data..=)
+              Prelude.<$> cacheClusterEnabled,
+            ("CacheClusterSize" Data..=)
+              Prelude.<$> cacheClusterSize,
+            ("CacheClusterStatus" Data..=)
+              Prelude.<$> cacheClusterStatus,
+            ("CanarySettings" Data..=)
+              Prelude.<$> canarySettings,
+            ("ClientCertificateId" Data..=)
+              Prelude.<$> clientCertificateId,
+            ("CreatedDate" Data..=) Prelude.<$> createdDate,
+            ("DeploymentId" Data..=) Prelude.<$> deploymentId,
+            ("Description" Data..=) Prelude.<$> description,
+            ("DocumentationVersion" Data..=)
+              Prelude.<$> documentationVersion,
+            ("LastUpdatedDate" Data..=)
+              Prelude.<$> lastUpdatedDate,
+            ("MethodSettings" Data..=)
+              Prelude.<$> methodSettings,
+            ("StageName" Data..=) Prelude.<$> stageName,
+            ("TracingEnabled" Data..=)
+              Prelude.<$> tracingEnabled,
+            ("Variables" Data..=) Prelude.<$> variables,
+            ("WebAclArn" Data..=) Prelude.<$> webAclArn
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsApiGatewayV2ApiDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayV2ApiDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayV2ApiDetails.hs
@@ -0,0 +1,259 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsApiGatewayV2ApiDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsApiGatewayV2ApiDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCorsConfiguration
+
+-- | Contains information about a version 2 API in Amazon API Gateway.
+--
+-- /See:/ 'newAwsApiGatewayV2ApiDetails' smart constructor.
+data AwsApiGatewayV2ApiDetails = AwsApiGatewayV2ApiDetails'
+  { -- | The URI of the API.
+    --
+    -- Uses the format
+    -- @ @/@\<api-id>@/@.execute-api.@/@\<region>@/@.amazonaws.com@
+    --
+    -- The stage name is typically appended to the URI to form a complete path
+    -- to a deployed API stage.
+    apiEndpoint :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the API.
+    apiId :: Prelude.Maybe Prelude.Text,
+    -- | An API key selection expression. Supported only for WebSocket APIs.
+    apiKeySelectionExpression :: Prelude.Maybe Prelude.Text,
+    -- | A cross-origin resource sharing (CORS) configuration. Supported only for
+    -- HTTP APIs.
+    corsConfiguration :: Prelude.Maybe AwsCorsConfiguration,
+    -- | Indicates when the API was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createdDate :: Prelude.Maybe Prelude.Text,
+    -- | A description of the API.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The name of the API.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The API protocol for the API.
+    --
+    -- Valid values: @WEBSOCKET@ | @HTTP@
+    protocolType :: Prelude.Maybe Prelude.Text,
+    -- | The route selection expression for the API.
+    --
+    -- For HTTP APIs, must be @${request.method} ${request.path}@. This is the
+    -- default value for HTTP APIs.
+    --
+    -- For WebSocket APIs, there is no default value.
+    routeSelectionExpression :: Prelude.Maybe Prelude.Text,
+    -- | The version identifier for the API.
+    version :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsApiGatewayV2ApiDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'apiEndpoint', 'awsApiGatewayV2ApiDetails_apiEndpoint' - The URI of the API.
+--
+-- Uses the format
+-- @ @/@\<api-id>@/@.execute-api.@/@\<region>@/@.amazonaws.com@
+--
+-- The stage name is typically appended to the URI to form a complete path
+-- to a deployed API stage.
+--
+-- 'apiId', 'awsApiGatewayV2ApiDetails_apiId' - The identifier of the API.
+--
+-- 'apiKeySelectionExpression', 'awsApiGatewayV2ApiDetails_apiKeySelectionExpression' - An API key selection expression. Supported only for WebSocket APIs.
+--
+-- 'corsConfiguration', 'awsApiGatewayV2ApiDetails_corsConfiguration' - A cross-origin resource sharing (CORS) configuration. Supported only for
+-- HTTP APIs.
+--
+-- 'createdDate', 'awsApiGatewayV2ApiDetails_createdDate' - Indicates when the API was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'description', 'awsApiGatewayV2ApiDetails_description' - A description of the API.
+--
+-- 'name', 'awsApiGatewayV2ApiDetails_name' - The name of the API.
+--
+-- 'protocolType', 'awsApiGatewayV2ApiDetails_protocolType' - The API protocol for the API.
+--
+-- Valid values: @WEBSOCKET@ | @HTTP@
+--
+-- 'routeSelectionExpression', 'awsApiGatewayV2ApiDetails_routeSelectionExpression' - The route selection expression for the API.
+--
+-- For HTTP APIs, must be @${request.method} ${request.path}@. This is the
+-- default value for HTTP APIs.
+--
+-- For WebSocket APIs, there is no default value.
+--
+-- 'version', 'awsApiGatewayV2ApiDetails_version' - The version identifier for the API.
+newAwsApiGatewayV2ApiDetails ::
+  AwsApiGatewayV2ApiDetails
+newAwsApiGatewayV2ApiDetails =
+  AwsApiGatewayV2ApiDetails'
+    { apiEndpoint =
+        Prelude.Nothing,
+      apiId = Prelude.Nothing,
+      apiKeySelectionExpression = Prelude.Nothing,
+      corsConfiguration = Prelude.Nothing,
+      createdDate = Prelude.Nothing,
+      description = Prelude.Nothing,
+      name = Prelude.Nothing,
+      protocolType = Prelude.Nothing,
+      routeSelectionExpression = Prelude.Nothing,
+      version = Prelude.Nothing
+    }
+
+-- | The URI of the API.
+--
+-- Uses the format
+-- @ @/@\<api-id>@/@.execute-api.@/@\<region>@/@.amazonaws.com@
+--
+-- The stage name is typically appended to the URI to form a complete path
+-- to a deployed API stage.
+awsApiGatewayV2ApiDetails_apiEndpoint :: Lens.Lens' AwsApiGatewayV2ApiDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2ApiDetails_apiEndpoint = Lens.lens (\AwsApiGatewayV2ApiDetails' {apiEndpoint} -> apiEndpoint) (\s@AwsApiGatewayV2ApiDetails' {} a -> s {apiEndpoint = a} :: AwsApiGatewayV2ApiDetails)
+
+-- | The identifier of the API.
+awsApiGatewayV2ApiDetails_apiId :: Lens.Lens' AwsApiGatewayV2ApiDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2ApiDetails_apiId = Lens.lens (\AwsApiGatewayV2ApiDetails' {apiId} -> apiId) (\s@AwsApiGatewayV2ApiDetails' {} a -> s {apiId = a} :: AwsApiGatewayV2ApiDetails)
+
+-- | An API key selection expression. Supported only for WebSocket APIs.
+awsApiGatewayV2ApiDetails_apiKeySelectionExpression :: Lens.Lens' AwsApiGatewayV2ApiDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2ApiDetails_apiKeySelectionExpression = Lens.lens (\AwsApiGatewayV2ApiDetails' {apiKeySelectionExpression} -> apiKeySelectionExpression) (\s@AwsApiGatewayV2ApiDetails' {} a -> s {apiKeySelectionExpression = a} :: AwsApiGatewayV2ApiDetails)
+
+-- | A cross-origin resource sharing (CORS) configuration. Supported only for
+-- HTTP APIs.
+awsApiGatewayV2ApiDetails_corsConfiguration :: Lens.Lens' AwsApiGatewayV2ApiDetails (Prelude.Maybe AwsCorsConfiguration)
+awsApiGatewayV2ApiDetails_corsConfiguration = Lens.lens (\AwsApiGatewayV2ApiDetails' {corsConfiguration} -> corsConfiguration) (\s@AwsApiGatewayV2ApiDetails' {} a -> s {corsConfiguration = a} :: AwsApiGatewayV2ApiDetails)
+
+-- | Indicates when the API was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsApiGatewayV2ApiDetails_createdDate :: Lens.Lens' AwsApiGatewayV2ApiDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2ApiDetails_createdDate = Lens.lens (\AwsApiGatewayV2ApiDetails' {createdDate} -> createdDate) (\s@AwsApiGatewayV2ApiDetails' {} a -> s {createdDate = a} :: AwsApiGatewayV2ApiDetails)
+
+-- | A description of the API.
+awsApiGatewayV2ApiDetails_description :: Lens.Lens' AwsApiGatewayV2ApiDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2ApiDetails_description = Lens.lens (\AwsApiGatewayV2ApiDetails' {description} -> description) (\s@AwsApiGatewayV2ApiDetails' {} a -> s {description = a} :: AwsApiGatewayV2ApiDetails)
+
+-- | The name of the API.
+awsApiGatewayV2ApiDetails_name :: Lens.Lens' AwsApiGatewayV2ApiDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2ApiDetails_name = Lens.lens (\AwsApiGatewayV2ApiDetails' {name} -> name) (\s@AwsApiGatewayV2ApiDetails' {} a -> s {name = a} :: AwsApiGatewayV2ApiDetails)
+
+-- | The API protocol for the API.
+--
+-- Valid values: @WEBSOCKET@ | @HTTP@
+awsApiGatewayV2ApiDetails_protocolType :: Lens.Lens' AwsApiGatewayV2ApiDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2ApiDetails_protocolType = Lens.lens (\AwsApiGatewayV2ApiDetails' {protocolType} -> protocolType) (\s@AwsApiGatewayV2ApiDetails' {} a -> s {protocolType = a} :: AwsApiGatewayV2ApiDetails)
+
+-- | The route selection expression for the API.
+--
+-- For HTTP APIs, must be @${request.method} ${request.path}@. This is the
+-- default value for HTTP APIs.
+--
+-- For WebSocket APIs, there is no default value.
+awsApiGatewayV2ApiDetails_routeSelectionExpression :: Lens.Lens' AwsApiGatewayV2ApiDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2ApiDetails_routeSelectionExpression = Lens.lens (\AwsApiGatewayV2ApiDetails' {routeSelectionExpression} -> routeSelectionExpression) (\s@AwsApiGatewayV2ApiDetails' {} a -> s {routeSelectionExpression = a} :: AwsApiGatewayV2ApiDetails)
+
+-- | The version identifier for the API.
+awsApiGatewayV2ApiDetails_version :: Lens.Lens' AwsApiGatewayV2ApiDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2ApiDetails_version = Lens.lens (\AwsApiGatewayV2ApiDetails' {version} -> version) (\s@AwsApiGatewayV2ApiDetails' {} a -> s {version = a} :: AwsApiGatewayV2ApiDetails)
+
+instance Data.FromJSON AwsApiGatewayV2ApiDetails where
+  parseJSON =
+    Data.withObject
+      "AwsApiGatewayV2ApiDetails"
+      ( \x ->
+          AwsApiGatewayV2ApiDetails'
+            Prelude.<$> (x Data..:? "ApiEndpoint")
+            Prelude.<*> (x Data..:? "ApiId")
+            Prelude.<*> (x Data..:? "ApiKeySelectionExpression")
+            Prelude.<*> (x Data..:? "CorsConfiguration")
+            Prelude.<*> (x Data..:? "CreatedDate")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "ProtocolType")
+            Prelude.<*> (x Data..:? "RouteSelectionExpression")
+            Prelude.<*> (x Data..:? "Version")
+      )
+
+instance Prelude.Hashable AwsApiGatewayV2ApiDetails where
+  hashWithSalt _salt AwsApiGatewayV2ApiDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` apiEndpoint
+      `Prelude.hashWithSalt` apiId
+      `Prelude.hashWithSalt` apiKeySelectionExpression
+      `Prelude.hashWithSalt` corsConfiguration
+      `Prelude.hashWithSalt` createdDate
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` protocolType
+      `Prelude.hashWithSalt` routeSelectionExpression
+      `Prelude.hashWithSalt` version
+
+instance Prelude.NFData AwsApiGatewayV2ApiDetails where
+  rnf AwsApiGatewayV2ApiDetails' {..} =
+    Prelude.rnf apiEndpoint
+      `Prelude.seq` Prelude.rnf apiId
+      `Prelude.seq` Prelude.rnf apiKeySelectionExpression
+      `Prelude.seq` Prelude.rnf corsConfiguration
+      `Prelude.seq` Prelude.rnf createdDate
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf protocolType
+      `Prelude.seq` Prelude.rnf routeSelectionExpression
+      `Prelude.seq` Prelude.rnf version
+
+instance Data.ToJSON AwsApiGatewayV2ApiDetails where
+  toJSON AwsApiGatewayV2ApiDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ApiEndpoint" Data..=) Prelude.<$> apiEndpoint,
+            ("ApiId" Data..=) Prelude.<$> apiId,
+            ("ApiKeySelectionExpression" Data..=)
+              Prelude.<$> apiKeySelectionExpression,
+            ("CorsConfiguration" Data..=)
+              Prelude.<$> corsConfiguration,
+            ("CreatedDate" Data..=) Prelude.<$> createdDate,
+            ("Description" Data..=) Prelude.<$> description,
+            ("Name" Data..=) Prelude.<$> name,
+            ("ProtocolType" Data..=) Prelude.<$> protocolType,
+            ("RouteSelectionExpression" Data..=)
+              Prelude.<$> routeSelectionExpression,
+            ("Version" Data..=) Prelude.<$> version
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsApiGatewayV2RouteSettings.hs b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayV2RouteSettings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayV2RouteSettings.hs
@@ -0,0 +1,173 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsApiGatewayV2RouteSettings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsApiGatewayV2RouteSettings where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains route settings for a stage.
+--
+-- /See:/ 'newAwsApiGatewayV2RouteSettings' smart constructor.
+data AwsApiGatewayV2RouteSettings = AwsApiGatewayV2RouteSettings'
+  { -- | Indicates whether data trace logging is enabled. Data trace logging
+    -- affects the log entries that are pushed to CloudWatch Logs. Supported
+    -- only for WebSocket APIs.
+    dataTraceEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates whether detailed metrics are enabled.
+    detailedMetricsEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | The logging level. The logging level affects the log entries that are
+    -- pushed to CloudWatch Logs. Supported only for WebSocket APIs.
+    --
+    -- If the logging level is @ERROR@, then the logs only include error-level
+    -- entries.
+    --
+    -- If the logging level is @INFO@, then the logs include both @ERROR@
+    -- events and extra informational events.
+    --
+    -- Valid values: @OFF@ | @ERROR@ | @INFO@
+    loggingLevel :: Prelude.Maybe Prelude.Text,
+    -- | The throttling burst limit.
+    throttlingBurstLimit :: Prelude.Maybe Prelude.Int,
+    -- | The throttling rate limit.
+    throttlingRateLimit :: Prelude.Maybe Prelude.Double
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsApiGatewayV2RouteSettings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dataTraceEnabled', 'awsApiGatewayV2RouteSettings_dataTraceEnabled' - Indicates whether data trace logging is enabled. Data trace logging
+-- affects the log entries that are pushed to CloudWatch Logs. Supported
+-- only for WebSocket APIs.
+--
+-- 'detailedMetricsEnabled', 'awsApiGatewayV2RouteSettings_detailedMetricsEnabled' - Indicates whether detailed metrics are enabled.
+--
+-- 'loggingLevel', 'awsApiGatewayV2RouteSettings_loggingLevel' - The logging level. The logging level affects the log entries that are
+-- pushed to CloudWatch Logs. Supported only for WebSocket APIs.
+--
+-- If the logging level is @ERROR@, then the logs only include error-level
+-- entries.
+--
+-- If the logging level is @INFO@, then the logs include both @ERROR@
+-- events and extra informational events.
+--
+-- Valid values: @OFF@ | @ERROR@ | @INFO@
+--
+-- 'throttlingBurstLimit', 'awsApiGatewayV2RouteSettings_throttlingBurstLimit' - The throttling burst limit.
+--
+-- 'throttlingRateLimit', 'awsApiGatewayV2RouteSettings_throttlingRateLimit' - The throttling rate limit.
+newAwsApiGatewayV2RouteSettings ::
+  AwsApiGatewayV2RouteSettings
+newAwsApiGatewayV2RouteSettings =
+  AwsApiGatewayV2RouteSettings'
+    { dataTraceEnabled =
+        Prelude.Nothing,
+      detailedMetricsEnabled = Prelude.Nothing,
+      loggingLevel = Prelude.Nothing,
+      throttlingBurstLimit = Prelude.Nothing,
+      throttlingRateLimit = Prelude.Nothing
+    }
+
+-- | Indicates whether data trace logging is enabled. Data trace logging
+-- affects the log entries that are pushed to CloudWatch Logs. Supported
+-- only for WebSocket APIs.
+awsApiGatewayV2RouteSettings_dataTraceEnabled :: Lens.Lens' AwsApiGatewayV2RouteSettings (Prelude.Maybe Prelude.Bool)
+awsApiGatewayV2RouteSettings_dataTraceEnabled = Lens.lens (\AwsApiGatewayV2RouteSettings' {dataTraceEnabled} -> dataTraceEnabled) (\s@AwsApiGatewayV2RouteSettings' {} a -> s {dataTraceEnabled = a} :: AwsApiGatewayV2RouteSettings)
+
+-- | Indicates whether detailed metrics are enabled.
+awsApiGatewayV2RouteSettings_detailedMetricsEnabled :: Lens.Lens' AwsApiGatewayV2RouteSettings (Prelude.Maybe Prelude.Bool)
+awsApiGatewayV2RouteSettings_detailedMetricsEnabled = Lens.lens (\AwsApiGatewayV2RouteSettings' {detailedMetricsEnabled} -> detailedMetricsEnabled) (\s@AwsApiGatewayV2RouteSettings' {} a -> s {detailedMetricsEnabled = a} :: AwsApiGatewayV2RouteSettings)
+
+-- | The logging level. The logging level affects the log entries that are
+-- pushed to CloudWatch Logs. Supported only for WebSocket APIs.
+--
+-- If the logging level is @ERROR@, then the logs only include error-level
+-- entries.
+--
+-- If the logging level is @INFO@, then the logs include both @ERROR@
+-- events and extra informational events.
+--
+-- Valid values: @OFF@ | @ERROR@ | @INFO@
+awsApiGatewayV2RouteSettings_loggingLevel :: Lens.Lens' AwsApiGatewayV2RouteSettings (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2RouteSettings_loggingLevel = Lens.lens (\AwsApiGatewayV2RouteSettings' {loggingLevel} -> loggingLevel) (\s@AwsApiGatewayV2RouteSettings' {} a -> s {loggingLevel = a} :: AwsApiGatewayV2RouteSettings)
+
+-- | The throttling burst limit.
+awsApiGatewayV2RouteSettings_throttlingBurstLimit :: Lens.Lens' AwsApiGatewayV2RouteSettings (Prelude.Maybe Prelude.Int)
+awsApiGatewayV2RouteSettings_throttlingBurstLimit = Lens.lens (\AwsApiGatewayV2RouteSettings' {throttlingBurstLimit} -> throttlingBurstLimit) (\s@AwsApiGatewayV2RouteSettings' {} a -> s {throttlingBurstLimit = a} :: AwsApiGatewayV2RouteSettings)
+
+-- | The throttling rate limit.
+awsApiGatewayV2RouteSettings_throttlingRateLimit :: Lens.Lens' AwsApiGatewayV2RouteSettings (Prelude.Maybe Prelude.Double)
+awsApiGatewayV2RouteSettings_throttlingRateLimit = Lens.lens (\AwsApiGatewayV2RouteSettings' {throttlingRateLimit} -> throttlingRateLimit) (\s@AwsApiGatewayV2RouteSettings' {} a -> s {throttlingRateLimit = a} :: AwsApiGatewayV2RouteSettings)
+
+instance Data.FromJSON AwsApiGatewayV2RouteSettings where
+  parseJSON =
+    Data.withObject
+      "AwsApiGatewayV2RouteSettings"
+      ( \x ->
+          AwsApiGatewayV2RouteSettings'
+            Prelude.<$> (x Data..:? "DataTraceEnabled")
+            Prelude.<*> (x Data..:? "DetailedMetricsEnabled")
+            Prelude.<*> (x Data..:? "LoggingLevel")
+            Prelude.<*> (x Data..:? "ThrottlingBurstLimit")
+            Prelude.<*> (x Data..:? "ThrottlingRateLimit")
+      )
+
+instance
+  Prelude.Hashable
+    AwsApiGatewayV2RouteSettings
+  where
+  hashWithSalt _salt AwsApiGatewayV2RouteSettings' {..} =
+    _salt
+      `Prelude.hashWithSalt` dataTraceEnabled
+      `Prelude.hashWithSalt` detailedMetricsEnabled
+      `Prelude.hashWithSalt` loggingLevel
+      `Prelude.hashWithSalt` throttlingBurstLimit
+      `Prelude.hashWithSalt` throttlingRateLimit
+
+instance Prelude.NFData AwsApiGatewayV2RouteSettings where
+  rnf AwsApiGatewayV2RouteSettings' {..} =
+    Prelude.rnf dataTraceEnabled
+      `Prelude.seq` Prelude.rnf detailedMetricsEnabled
+      `Prelude.seq` Prelude.rnf loggingLevel
+      `Prelude.seq` Prelude.rnf throttlingBurstLimit
+      `Prelude.seq` Prelude.rnf throttlingRateLimit
+
+instance Data.ToJSON AwsApiGatewayV2RouteSettings where
+  toJSON AwsApiGatewayV2RouteSettings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DataTraceEnabled" Data..=)
+              Prelude.<$> dataTraceEnabled,
+            ("DetailedMetricsEnabled" Data..=)
+              Prelude.<$> detailedMetricsEnabled,
+            ("LoggingLevel" Data..=) Prelude.<$> loggingLevel,
+            ("ThrottlingBurstLimit" Data..=)
+              Prelude.<$> throttlingBurstLimit,
+            ("ThrottlingRateLimit" Data..=)
+              Prelude.<$> throttlingRateLimit
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsApiGatewayV2StageDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayV2StageDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsApiGatewayV2StageDetails.hs
@@ -0,0 +1,318 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsApiGatewayV2StageDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsApiGatewayV2StageDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsApiGatewayAccessLogSettings
+import Amazonka.SecurityHub.Types.AwsApiGatewayV2RouteSettings
+
+-- | Contains information about a version 2 stage for Amazon API Gateway.
+--
+-- /See:/ 'newAwsApiGatewayV2StageDetails' smart constructor.
+data AwsApiGatewayV2StageDetails = AwsApiGatewayV2StageDetails'
+  { -- | Information about settings for logging access for the stage.
+    accessLogSettings :: Prelude.Maybe AwsApiGatewayAccessLogSettings,
+    -- | Indicates whether the stage is managed by API Gateway.
+    apiGatewayManaged :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates whether updates to an API automatically trigger a new
+    -- deployment.
+    autoDeploy :: Prelude.Maybe Prelude.Bool,
+    -- | The identifier of a client certificate for a stage. Supported only for
+    -- WebSocket API calls.
+    clientCertificateId :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the stage was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createdDate :: Prelude.Maybe Prelude.Text,
+    -- | Default route settings for the stage.
+    defaultRouteSettings :: Prelude.Maybe AwsApiGatewayV2RouteSettings,
+    -- | The identifier of the deployment that the stage is associated with.
+    deploymentId :: Prelude.Maybe Prelude.Text,
+    -- | The description of the stage.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The status of the last deployment of a stage. Supported only if the
+    -- stage has automatic deployment enabled.
+    lastDeploymentStatusMessage :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the stage was most recently updated.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    lastUpdatedDate :: Prelude.Maybe Prelude.Text,
+    -- | The route settings for the stage.
+    routeSettings :: Prelude.Maybe AwsApiGatewayV2RouteSettings,
+    -- | The name of the stage.
+    stageName :: Prelude.Maybe Prelude.Text,
+    -- | A map that defines the stage variables for the stage.
+    --
+    -- Variable names can have alphanumeric and underscore characters.
+    --
+    -- Variable values can contain the following characters:
+    --
+    -- -   Uppercase and lowercase letters
+    --
+    -- -   Numbers
+    --
+    -- -   Special characters -._~:\/?#&=,
+    stageVariables :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsApiGatewayV2StageDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessLogSettings', 'awsApiGatewayV2StageDetails_accessLogSettings' - Information about settings for logging access for the stage.
+--
+-- 'apiGatewayManaged', 'awsApiGatewayV2StageDetails_apiGatewayManaged' - Indicates whether the stage is managed by API Gateway.
+--
+-- 'autoDeploy', 'awsApiGatewayV2StageDetails_autoDeploy' - Indicates whether updates to an API automatically trigger a new
+-- deployment.
+--
+-- 'clientCertificateId', 'awsApiGatewayV2StageDetails_clientCertificateId' - The identifier of a client certificate for a stage. Supported only for
+-- WebSocket API calls.
+--
+-- 'createdDate', 'awsApiGatewayV2StageDetails_createdDate' - Indicates when the stage was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'defaultRouteSettings', 'awsApiGatewayV2StageDetails_defaultRouteSettings' - Default route settings for the stage.
+--
+-- 'deploymentId', 'awsApiGatewayV2StageDetails_deploymentId' - The identifier of the deployment that the stage is associated with.
+--
+-- 'description', 'awsApiGatewayV2StageDetails_description' - The description of the stage.
+--
+-- 'lastDeploymentStatusMessage', 'awsApiGatewayV2StageDetails_lastDeploymentStatusMessage' - The status of the last deployment of a stage. Supported only if the
+-- stage has automatic deployment enabled.
+--
+-- 'lastUpdatedDate', 'awsApiGatewayV2StageDetails_lastUpdatedDate' - Indicates when the stage was most recently updated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'routeSettings', 'awsApiGatewayV2StageDetails_routeSettings' - The route settings for the stage.
+--
+-- 'stageName', 'awsApiGatewayV2StageDetails_stageName' - The name of the stage.
+--
+-- 'stageVariables', 'awsApiGatewayV2StageDetails_stageVariables' - A map that defines the stage variables for the stage.
+--
+-- Variable names can have alphanumeric and underscore characters.
+--
+-- Variable values can contain the following characters:
+--
+-- -   Uppercase and lowercase letters
+--
+-- -   Numbers
+--
+-- -   Special characters -._~:\/?#&=,
+newAwsApiGatewayV2StageDetails ::
+  AwsApiGatewayV2StageDetails
+newAwsApiGatewayV2StageDetails =
+  AwsApiGatewayV2StageDetails'
+    { accessLogSettings =
+        Prelude.Nothing,
+      apiGatewayManaged = Prelude.Nothing,
+      autoDeploy = Prelude.Nothing,
+      clientCertificateId = Prelude.Nothing,
+      createdDate = Prelude.Nothing,
+      defaultRouteSettings = Prelude.Nothing,
+      deploymentId = Prelude.Nothing,
+      description = Prelude.Nothing,
+      lastDeploymentStatusMessage = Prelude.Nothing,
+      lastUpdatedDate = Prelude.Nothing,
+      routeSettings = Prelude.Nothing,
+      stageName = Prelude.Nothing,
+      stageVariables = Prelude.Nothing
+    }
+
+-- | Information about settings for logging access for the stage.
+awsApiGatewayV2StageDetails_accessLogSettings :: Lens.Lens' AwsApiGatewayV2StageDetails (Prelude.Maybe AwsApiGatewayAccessLogSettings)
+awsApiGatewayV2StageDetails_accessLogSettings = Lens.lens (\AwsApiGatewayV2StageDetails' {accessLogSettings} -> accessLogSettings) (\s@AwsApiGatewayV2StageDetails' {} a -> s {accessLogSettings = a} :: AwsApiGatewayV2StageDetails)
+
+-- | Indicates whether the stage is managed by API Gateway.
+awsApiGatewayV2StageDetails_apiGatewayManaged :: Lens.Lens' AwsApiGatewayV2StageDetails (Prelude.Maybe Prelude.Bool)
+awsApiGatewayV2StageDetails_apiGatewayManaged = Lens.lens (\AwsApiGatewayV2StageDetails' {apiGatewayManaged} -> apiGatewayManaged) (\s@AwsApiGatewayV2StageDetails' {} a -> s {apiGatewayManaged = a} :: AwsApiGatewayV2StageDetails)
+
+-- | Indicates whether updates to an API automatically trigger a new
+-- deployment.
+awsApiGatewayV2StageDetails_autoDeploy :: Lens.Lens' AwsApiGatewayV2StageDetails (Prelude.Maybe Prelude.Bool)
+awsApiGatewayV2StageDetails_autoDeploy = Lens.lens (\AwsApiGatewayV2StageDetails' {autoDeploy} -> autoDeploy) (\s@AwsApiGatewayV2StageDetails' {} a -> s {autoDeploy = a} :: AwsApiGatewayV2StageDetails)
+
+-- | The identifier of a client certificate for a stage. Supported only for
+-- WebSocket API calls.
+awsApiGatewayV2StageDetails_clientCertificateId :: Lens.Lens' AwsApiGatewayV2StageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2StageDetails_clientCertificateId = Lens.lens (\AwsApiGatewayV2StageDetails' {clientCertificateId} -> clientCertificateId) (\s@AwsApiGatewayV2StageDetails' {} a -> s {clientCertificateId = a} :: AwsApiGatewayV2StageDetails)
+
+-- | Indicates when the stage was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsApiGatewayV2StageDetails_createdDate :: Lens.Lens' AwsApiGatewayV2StageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2StageDetails_createdDate = Lens.lens (\AwsApiGatewayV2StageDetails' {createdDate} -> createdDate) (\s@AwsApiGatewayV2StageDetails' {} a -> s {createdDate = a} :: AwsApiGatewayV2StageDetails)
+
+-- | Default route settings for the stage.
+awsApiGatewayV2StageDetails_defaultRouteSettings :: Lens.Lens' AwsApiGatewayV2StageDetails (Prelude.Maybe AwsApiGatewayV2RouteSettings)
+awsApiGatewayV2StageDetails_defaultRouteSettings = Lens.lens (\AwsApiGatewayV2StageDetails' {defaultRouteSettings} -> defaultRouteSettings) (\s@AwsApiGatewayV2StageDetails' {} a -> s {defaultRouteSettings = a} :: AwsApiGatewayV2StageDetails)
+
+-- | The identifier of the deployment that the stage is associated with.
+awsApiGatewayV2StageDetails_deploymentId :: Lens.Lens' AwsApiGatewayV2StageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2StageDetails_deploymentId = Lens.lens (\AwsApiGatewayV2StageDetails' {deploymentId} -> deploymentId) (\s@AwsApiGatewayV2StageDetails' {} a -> s {deploymentId = a} :: AwsApiGatewayV2StageDetails)
+
+-- | The description of the stage.
+awsApiGatewayV2StageDetails_description :: Lens.Lens' AwsApiGatewayV2StageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2StageDetails_description = Lens.lens (\AwsApiGatewayV2StageDetails' {description} -> description) (\s@AwsApiGatewayV2StageDetails' {} a -> s {description = a} :: AwsApiGatewayV2StageDetails)
+
+-- | The status of the last deployment of a stage. Supported only if the
+-- stage has automatic deployment enabled.
+awsApiGatewayV2StageDetails_lastDeploymentStatusMessage :: Lens.Lens' AwsApiGatewayV2StageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2StageDetails_lastDeploymentStatusMessage = Lens.lens (\AwsApiGatewayV2StageDetails' {lastDeploymentStatusMessage} -> lastDeploymentStatusMessage) (\s@AwsApiGatewayV2StageDetails' {} a -> s {lastDeploymentStatusMessage = a} :: AwsApiGatewayV2StageDetails)
+
+-- | Indicates when the stage was most recently updated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsApiGatewayV2StageDetails_lastUpdatedDate :: Lens.Lens' AwsApiGatewayV2StageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2StageDetails_lastUpdatedDate = Lens.lens (\AwsApiGatewayV2StageDetails' {lastUpdatedDate} -> lastUpdatedDate) (\s@AwsApiGatewayV2StageDetails' {} a -> s {lastUpdatedDate = a} :: AwsApiGatewayV2StageDetails)
+
+-- | The route settings for the stage.
+awsApiGatewayV2StageDetails_routeSettings :: Lens.Lens' AwsApiGatewayV2StageDetails (Prelude.Maybe AwsApiGatewayV2RouteSettings)
+awsApiGatewayV2StageDetails_routeSettings = Lens.lens (\AwsApiGatewayV2StageDetails' {routeSettings} -> routeSettings) (\s@AwsApiGatewayV2StageDetails' {} a -> s {routeSettings = a} :: AwsApiGatewayV2StageDetails)
+
+-- | The name of the stage.
+awsApiGatewayV2StageDetails_stageName :: Lens.Lens' AwsApiGatewayV2StageDetails (Prelude.Maybe Prelude.Text)
+awsApiGatewayV2StageDetails_stageName = Lens.lens (\AwsApiGatewayV2StageDetails' {stageName} -> stageName) (\s@AwsApiGatewayV2StageDetails' {} a -> s {stageName = a} :: AwsApiGatewayV2StageDetails)
+
+-- | A map that defines the stage variables for the stage.
+--
+-- Variable names can have alphanumeric and underscore characters.
+--
+-- Variable values can contain the following characters:
+--
+-- -   Uppercase and lowercase letters
+--
+-- -   Numbers
+--
+-- -   Special characters -._~:\/?#&=,
+awsApiGatewayV2StageDetails_stageVariables :: Lens.Lens' AwsApiGatewayV2StageDetails (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsApiGatewayV2StageDetails_stageVariables = Lens.lens (\AwsApiGatewayV2StageDetails' {stageVariables} -> stageVariables) (\s@AwsApiGatewayV2StageDetails' {} a -> s {stageVariables = a} :: AwsApiGatewayV2StageDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsApiGatewayV2StageDetails where
+  parseJSON =
+    Data.withObject
+      "AwsApiGatewayV2StageDetails"
+      ( \x ->
+          AwsApiGatewayV2StageDetails'
+            Prelude.<$> (x Data..:? "AccessLogSettings")
+            Prelude.<*> (x Data..:? "ApiGatewayManaged")
+            Prelude.<*> (x Data..:? "AutoDeploy")
+            Prelude.<*> (x Data..:? "ClientCertificateId")
+            Prelude.<*> (x Data..:? "CreatedDate")
+            Prelude.<*> (x Data..:? "DefaultRouteSettings")
+            Prelude.<*> (x Data..:? "DeploymentId")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "LastDeploymentStatusMessage")
+            Prelude.<*> (x Data..:? "LastUpdatedDate")
+            Prelude.<*> (x Data..:? "RouteSettings")
+            Prelude.<*> (x Data..:? "StageName")
+            Prelude.<*> ( x
+                            Data..:? "StageVariables"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable AwsApiGatewayV2StageDetails where
+  hashWithSalt _salt AwsApiGatewayV2StageDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` accessLogSettings
+      `Prelude.hashWithSalt` apiGatewayManaged
+      `Prelude.hashWithSalt` autoDeploy
+      `Prelude.hashWithSalt` clientCertificateId
+      `Prelude.hashWithSalt` createdDate
+      `Prelude.hashWithSalt` defaultRouteSettings
+      `Prelude.hashWithSalt` deploymentId
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` lastDeploymentStatusMessage
+      `Prelude.hashWithSalt` lastUpdatedDate
+      `Prelude.hashWithSalt` routeSettings
+      `Prelude.hashWithSalt` stageName
+      `Prelude.hashWithSalt` stageVariables
+
+instance Prelude.NFData AwsApiGatewayV2StageDetails where
+  rnf AwsApiGatewayV2StageDetails' {..} =
+    Prelude.rnf accessLogSettings
+      `Prelude.seq` Prelude.rnf apiGatewayManaged
+      `Prelude.seq` Prelude.rnf autoDeploy
+      `Prelude.seq` Prelude.rnf clientCertificateId
+      `Prelude.seq` Prelude.rnf createdDate
+      `Prelude.seq` Prelude.rnf defaultRouteSettings
+      `Prelude.seq` Prelude.rnf deploymentId
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf lastDeploymentStatusMessage
+      `Prelude.seq` Prelude.rnf lastUpdatedDate
+      `Prelude.seq` Prelude.rnf routeSettings
+      `Prelude.seq` Prelude.rnf stageName
+      `Prelude.seq` Prelude.rnf stageVariables
+
+instance Data.ToJSON AwsApiGatewayV2StageDetails where
+  toJSON AwsApiGatewayV2StageDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AccessLogSettings" Data..=)
+              Prelude.<$> accessLogSettings,
+            ("ApiGatewayManaged" Data..=)
+              Prelude.<$> apiGatewayManaged,
+            ("AutoDeploy" Data..=) Prelude.<$> autoDeploy,
+            ("ClientCertificateId" Data..=)
+              Prelude.<$> clientCertificateId,
+            ("CreatedDate" Data..=) Prelude.<$> createdDate,
+            ("DefaultRouteSettings" Data..=)
+              Prelude.<$> defaultRouteSettings,
+            ("DeploymentId" Data..=) Prelude.<$> deploymentId,
+            ("Description" Data..=) Prelude.<$> description,
+            ("LastDeploymentStatusMessage" Data..=)
+              Prelude.<$> lastDeploymentStatusMessage,
+            ("LastUpdatedDate" Data..=)
+              Prelude.<$> lastUpdatedDate,
+            ("RouteSettings" Data..=) Prelude.<$> routeSettings,
+            ("StageName" Data..=) Prelude.<$> stageName,
+            ("StageVariables" Data..=)
+              Prelude.<$> stageVariables
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An Availability Zone for the automatic scaling group.
+--
+-- /See:/ 'newAwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails' smart constructor.
+data AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails = AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails'
+  { -- | The name of the Availability Zone.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'value', 'awsAutoScalingAutoScalingGroupAvailabilityZonesListDetails_value' - The name of the Availability Zone.
+newAwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails ::
+  AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
+newAwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails =
+  AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails'
+    { value =
+        Prelude.Nothing
+    }
+
+-- | The name of the Availability Zone.
+awsAutoScalingAutoScalingGroupAvailabilityZonesListDetails_value :: Lens.Lens' AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingAutoScalingGroupAvailabilityZonesListDetails_value = Lens.lens (\AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails' {value} -> value) (\s@AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails' {} a -> s {value = a} :: AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails)
+
+instance
+  Data.FromJSON
+    AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails"
+      ( \x ->
+          AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails'
+            Prelude.<$> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
+  where
+  hashWithSalt
+    _salt
+    AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails' {..} =
+      _salt `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
+  where
+  rnf
+    AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails' {..} =
+      Prelude.rnf value
+
+instance
+  Data.ToJSON
+    AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
+  where
+  toJSON
+    AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Value" Data..=) Prelude.<$> value]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupDetails.hs
@@ -0,0 +1,243 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
+
+-- | Provides details about an auto scaling group.
+--
+-- /See:/ 'newAwsAutoScalingAutoScalingGroupDetails' smart constructor.
+data AwsAutoScalingAutoScalingGroupDetails = AwsAutoScalingAutoScalingGroupDetails'
+  { -- | The list of Availability Zones for the automatic scaling group.
+    availabilityZones :: Prelude.Maybe [AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails],
+    -- | Indicates whether capacity rebalancing is enabled.
+    capacityRebalance :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates when the auto scaling group was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createdTime :: Prelude.Maybe Prelude.Text,
+    -- | The amount of time, in seconds, that Amazon EC2 Auto Scaling waits
+    -- before it checks the health status of an EC2 instance that has come into
+    -- service.
+    healthCheckGracePeriod :: Prelude.Maybe Prelude.Int,
+    -- | The service to use for the health checks. Valid values are @EC2@ or
+    -- @ELB@.
+    healthCheckType :: Prelude.Maybe Prelude.Text,
+    -- | The name of the launch configuration.
+    launchConfigurationName :: Prelude.Maybe Prelude.Text,
+    -- | The launch template to use.
+    launchTemplate :: Prelude.Maybe AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification,
+    -- | The list of load balancers associated with the group.
+    loadBalancerNames :: Prelude.Maybe [Prelude.Text],
+    -- | The mixed instances policy for the automatic scaling group.
+    mixedInstancesPolicy :: Prelude.Maybe AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsAutoScalingAutoScalingGroupDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'availabilityZones', 'awsAutoScalingAutoScalingGroupDetails_availabilityZones' - The list of Availability Zones for the automatic scaling group.
+--
+-- 'capacityRebalance', 'awsAutoScalingAutoScalingGroupDetails_capacityRebalance' - Indicates whether capacity rebalancing is enabled.
+--
+-- 'createdTime', 'awsAutoScalingAutoScalingGroupDetails_createdTime' - Indicates when the auto scaling group was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'healthCheckGracePeriod', 'awsAutoScalingAutoScalingGroupDetails_healthCheckGracePeriod' - The amount of time, in seconds, that Amazon EC2 Auto Scaling waits
+-- before it checks the health status of an EC2 instance that has come into
+-- service.
+--
+-- 'healthCheckType', 'awsAutoScalingAutoScalingGroupDetails_healthCheckType' - The service to use for the health checks. Valid values are @EC2@ or
+-- @ELB@.
+--
+-- 'launchConfigurationName', 'awsAutoScalingAutoScalingGroupDetails_launchConfigurationName' - The name of the launch configuration.
+--
+-- 'launchTemplate', 'awsAutoScalingAutoScalingGroupDetails_launchTemplate' - The launch template to use.
+--
+-- 'loadBalancerNames', 'awsAutoScalingAutoScalingGroupDetails_loadBalancerNames' - The list of load balancers associated with the group.
+--
+-- 'mixedInstancesPolicy', 'awsAutoScalingAutoScalingGroupDetails_mixedInstancesPolicy' - The mixed instances policy for the automatic scaling group.
+newAwsAutoScalingAutoScalingGroupDetails ::
+  AwsAutoScalingAutoScalingGroupDetails
+newAwsAutoScalingAutoScalingGroupDetails =
+  AwsAutoScalingAutoScalingGroupDetails'
+    { availabilityZones =
+        Prelude.Nothing,
+      capacityRebalance = Prelude.Nothing,
+      createdTime = Prelude.Nothing,
+      healthCheckGracePeriod =
+        Prelude.Nothing,
+      healthCheckType = Prelude.Nothing,
+      launchConfigurationName =
+        Prelude.Nothing,
+      launchTemplate = Prelude.Nothing,
+      loadBalancerNames = Prelude.Nothing,
+      mixedInstancesPolicy =
+        Prelude.Nothing
+    }
+
+-- | The list of Availability Zones for the automatic scaling group.
+awsAutoScalingAutoScalingGroupDetails_availabilityZones :: Lens.Lens' AwsAutoScalingAutoScalingGroupDetails (Prelude.Maybe [AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails])
+awsAutoScalingAutoScalingGroupDetails_availabilityZones = Lens.lens (\AwsAutoScalingAutoScalingGroupDetails' {availabilityZones} -> availabilityZones) (\s@AwsAutoScalingAutoScalingGroupDetails' {} a -> s {availabilityZones = a} :: AwsAutoScalingAutoScalingGroupDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates whether capacity rebalancing is enabled.
+awsAutoScalingAutoScalingGroupDetails_capacityRebalance :: Lens.Lens' AwsAutoScalingAutoScalingGroupDetails (Prelude.Maybe Prelude.Bool)
+awsAutoScalingAutoScalingGroupDetails_capacityRebalance = Lens.lens (\AwsAutoScalingAutoScalingGroupDetails' {capacityRebalance} -> capacityRebalance) (\s@AwsAutoScalingAutoScalingGroupDetails' {} a -> s {capacityRebalance = a} :: AwsAutoScalingAutoScalingGroupDetails)
+
+-- | Indicates when the auto scaling group was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsAutoScalingAutoScalingGroupDetails_createdTime :: Lens.Lens' AwsAutoScalingAutoScalingGroupDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingAutoScalingGroupDetails_createdTime = Lens.lens (\AwsAutoScalingAutoScalingGroupDetails' {createdTime} -> createdTime) (\s@AwsAutoScalingAutoScalingGroupDetails' {} a -> s {createdTime = a} :: AwsAutoScalingAutoScalingGroupDetails)
+
+-- | The amount of time, in seconds, that Amazon EC2 Auto Scaling waits
+-- before it checks the health status of an EC2 instance that has come into
+-- service.
+awsAutoScalingAutoScalingGroupDetails_healthCheckGracePeriod :: Lens.Lens' AwsAutoScalingAutoScalingGroupDetails (Prelude.Maybe Prelude.Int)
+awsAutoScalingAutoScalingGroupDetails_healthCheckGracePeriod = Lens.lens (\AwsAutoScalingAutoScalingGroupDetails' {healthCheckGracePeriod} -> healthCheckGracePeriod) (\s@AwsAutoScalingAutoScalingGroupDetails' {} a -> s {healthCheckGracePeriod = a} :: AwsAutoScalingAutoScalingGroupDetails)
+
+-- | The service to use for the health checks. Valid values are @EC2@ or
+-- @ELB@.
+awsAutoScalingAutoScalingGroupDetails_healthCheckType :: Lens.Lens' AwsAutoScalingAutoScalingGroupDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingAutoScalingGroupDetails_healthCheckType = Lens.lens (\AwsAutoScalingAutoScalingGroupDetails' {healthCheckType} -> healthCheckType) (\s@AwsAutoScalingAutoScalingGroupDetails' {} a -> s {healthCheckType = a} :: AwsAutoScalingAutoScalingGroupDetails)
+
+-- | The name of the launch configuration.
+awsAutoScalingAutoScalingGroupDetails_launchConfigurationName :: Lens.Lens' AwsAutoScalingAutoScalingGroupDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingAutoScalingGroupDetails_launchConfigurationName = Lens.lens (\AwsAutoScalingAutoScalingGroupDetails' {launchConfigurationName} -> launchConfigurationName) (\s@AwsAutoScalingAutoScalingGroupDetails' {} a -> s {launchConfigurationName = a} :: AwsAutoScalingAutoScalingGroupDetails)
+
+-- | The launch template to use.
+awsAutoScalingAutoScalingGroupDetails_launchTemplate :: Lens.Lens' AwsAutoScalingAutoScalingGroupDetails (Prelude.Maybe AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification)
+awsAutoScalingAutoScalingGroupDetails_launchTemplate = Lens.lens (\AwsAutoScalingAutoScalingGroupDetails' {launchTemplate} -> launchTemplate) (\s@AwsAutoScalingAutoScalingGroupDetails' {} a -> s {launchTemplate = a} :: AwsAutoScalingAutoScalingGroupDetails)
+
+-- | The list of load balancers associated with the group.
+awsAutoScalingAutoScalingGroupDetails_loadBalancerNames :: Lens.Lens' AwsAutoScalingAutoScalingGroupDetails (Prelude.Maybe [Prelude.Text])
+awsAutoScalingAutoScalingGroupDetails_loadBalancerNames = Lens.lens (\AwsAutoScalingAutoScalingGroupDetails' {loadBalancerNames} -> loadBalancerNames) (\s@AwsAutoScalingAutoScalingGroupDetails' {} a -> s {loadBalancerNames = a} :: AwsAutoScalingAutoScalingGroupDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The mixed instances policy for the automatic scaling group.
+awsAutoScalingAutoScalingGroupDetails_mixedInstancesPolicy :: Lens.Lens' AwsAutoScalingAutoScalingGroupDetails (Prelude.Maybe AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails)
+awsAutoScalingAutoScalingGroupDetails_mixedInstancesPolicy = Lens.lens (\AwsAutoScalingAutoScalingGroupDetails' {mixedInstancesPolicy} -> mixedInstancesPolicy) (\s@AwsAutoScalingAutoScalingGroupDetails' {} a -> s {mixedInstancesPolicy = a} :: AwsAutoScalingAutoScalingGroupDetails)
+
+instance
+  Data.FromJSON
+    AwsAutoScalingAutoScalingGroupDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsAutoScalingAutoScalingGroupDetails"
+      ( \x ->
+          AwsAutoScalingAutoScalingGroupDetails'
+            Prelude.<$> ( x
+                            Data..:? "AvailabilityZones"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "CapacityRebalance")
+            Prelude.<*> (x Data..:? "CreatedTime")
+            Prelude.<*> (x Data..:? "HealthCheckGracePeriod")
+            Prelude.<*> (x Data..:? "HealthCheckType")
+            Prelude.<*> (x Data..:? "LaunchConfigurationName")
+            Prelude.<*> (x Data..:? "LaunchTemplate")
+            Prelude.<*> ( x
+                            Data..:? "LoadBalancerNames"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "MixedInstancesPolicy")
+      )
+
+instance
+  Prelude.Hashable
+    AwsAutoScalingAutoScalingGroupDetails
+  where
+  hashWithSalt
+    _salt
+    AwsAutoScalingAutoScalingGroupDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` availabilityZones
+        `Prelude.hashWithSalt` capacityRebalance
+        `Prelude.hashWithSalt` createdTime
+        `Prelude.hashWithSalt` healthCheckGracePeriod
+        `Prelude.hashWithSalt` healthCheckType
+        `Prelude.hashWithSalt` launchConfigurationName
+        `Prelude.hashWithSalt` launchTemplate
+        `Prelude.hashWithSalt` loadBalancerNames
+        `Prelude.hashWithSalt` mixedInstancesPolicy
+
+instance
+  Prelude.NFData
+    AwsAutoScalingAutoScalingGroupDetails
+  where
+  rnf AwsAutoScalingAutoScalingGroupDetails' {..} =
+    Prelude.rnf availabilityZones
+      `Prelude.seq` Prelude.rnf capacityRebalance
+      `Prelude.seq` Prelude.rnf createdTime
+      `Prelude.seq` Prelude.rnf healthCheckGracePeriod
+      `Prelude.seq` Prelude.rnf healthCheckType
+      `Prelude.seq` Prelude.rnf launchConfigurationName
+      `Prelude.seq` Prelude.rnf launchTemplate
+      `Prelude.seq` Prelude.rnf loadBalancerNames
+      `Prelude.seq` Prelude.rnf mixedInstancesPolicy
+
+instance
+  Data.ToJSON
+    AwsAutoScalingAutoScalingGroupDetails
+  where
+  toJSON AwsAutoScalingAutoScalingGroupDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AvailabilityZones" Data..=)
+              Prelude.<$> availabilityZones,
+            ("CapacityRebalance" Data..=)
+              Prelude.<$> capacityRebalance,
+            ("CreatedTime" Data..=) Prelude.<$> createdTime,
+            ("HealthCheckGracePeriod" Data..=)
+              Prelude.<$> healthCheckGracePeriod,
+            ("HealthCheckType" Data..=)
+              Prelude.<$> healthCheckType,
+            ("LaunchConfigurationName" Data..=)
+              Prelude.<$> launchConfigurationName,
+            ("LaunchTemplate" Data..=)
+              Prelude.<$> launchTemplate,
+            ("LoadBalancerNames" Data..=)
+              Prelude.<$> loadBalancerNames,
+            ("MixedInstancesPolicy" Data..=)
+              Prelude.<$> mixedInstancesPolicy
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification.hs b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification.hs
@@ -0,0 +1,136 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about the launch template to use.
+--
+-- /See:/ 'newAwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification' smart constructor.
+data AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification = AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification'
+  { -- | The identifier of the launch template. You must specify either
+    -- @LaunchTemplateId@ or @LaunchTemplateName@.
+    launchTemplateId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the launch template. You must specify either
+    -- @LaunchTemplateId@ or @LaunchTemplateName@.
+    launchTemplateName :: Prelude.Maybe Prelude.Text,
+    -- | Identifies the version of the launch template. You can specify a version
+    -- identifier, or use the values @$Latest@ or @$Default@.
+    version :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'launchTemplateId', 'awsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification_launchTemplateId' - The identifier of the launch template. You must specify either
+-- @LaunchTemplateId@ or @LaunchTemplateName@.
+--
+-- 'launchTemplateName', 'awsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification_launchTemplateName' - The name of the launch template. You must specify either
+-- @LaunchTemplateId@ or @LaunchTemplateName@.
+--
+-- 'version', 'awsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification_version' - Identifies the version of the launch template. You can specify a version
+-- identifier, or use the values @$Latest@ or @$Default@.
+newAwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification ::
+  AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification
+newAwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification =
+  AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification'
+    { launchTemplateId =
+        Prelude.Nothing,
+      launchTemplateName =
+        Prelude.Nothing,
+      version =
+        Prelude.Nothing
+    }
+
+-- | The identifier of the launch template. You must specify either
+-- @LaunchTemplateId@ or @LaunchTemplateName@.
+awsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification_launchTemplateId :: Lens.Lens' AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification (Prelude.Maybe Prelude.Text)
+awsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification_launchTemplateId = Lens.lens (\AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification' {launchTemplateId} -> launchTemplateId) (\s@AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification' {} a -> s {launchTemplateId = a} :: AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification)
+
+-- | The name of the launch template. You must specify either
+-- @LaunchTemplateId@ or @LaunchTemplateName@.
+awsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification_launchTemplateName :: Lens.Lens' AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification (Prelude.Maybe Prelude.Text)
+awsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification_launchTemplateName = Lens.lens (\AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification' {launchTemplateName} -> launchTemplateName) (\s@AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification' {} a -> s {launchTemplateName = a} :: AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification)
+
+-- | Identifies the version of the launch template. You can specify a version
+-- identifier, or use the values @$Latest@ or @$Default@.
+awsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification_version :: Lens.Lens' AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification (Prelude.Maybe Prelude.Text)
+awsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification_version = Lens.lens (\AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification' {version} -> version) (\s@AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification' {} a -> s {version = a} :: AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification)
+
+instance
+  Data.FromJSON
+    AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification
+  where
+  parseJSON =
+    Data.withObject
+      "AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification"
+      ( \x ->
+          AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification'
+            Prelude.<$> (x Data..:? "LaunchTemplateId")
+            Prelude.<*> (x Data..:? "LaunchTemplateName")
+            Prelude.<*> (x Data..:? "Version")
+      )
+
+instance
+  Prelude.Hashable
+    AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification
+  where
+  hashWithSalt
+    _salt
+    AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification' {..} =
+      _salt
+        `Prelude.hashWithSalt` launchTemplateId
+        `Prelude.hashWithSalt` launchTemplateName
+        `Prelude.hashWithSalt` version
+
+instance
+  Prelude.NFData
+    AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification
+  where
+  rnf
+    AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification' {..} =
+      Prelude.rnf launchTemplateId
+        `Prelude.seq` Prelude.rnf launchTemplateName
+        `Prelude.seq` Prelude.rnf version
+
+instance
+  Data.ToJSON
+    AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification
+  where
+  toJSON
+    AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("LaunchTemplateId" Data..=)
+                Prelude.<$> launchTemplateId,
+              ("LaunchTemplateName" Data..=)
+                Prelude.<$> launchTemplateName,
+              ("Version" Data..=) Prelude.<$> version
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails.hs
@@ -0,0 +1,127 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
+
+-- | The mixed instances policy for the automatic scaling group.
+--
+-- /See:/ 'newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails' smart constructor.
+data AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails = AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails'
+  { -- | The instances distribution. The instances distribution specifies the
+    -- distribution of On-Demand Instances and Spot Instances, the maximum
+    -- price to pay for Spot Instances, and how the Auto Scaling group
+    -- allocates instance types to fulfill On-Demand and Spot capacity.
+    instancesDistribution :: Prelude.Maybe AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails,
+    -- | The launch template to use and the instance types (overrides) to use to
+    -- provision EC2 instances to fulfill On-Demand and Spot capacities.
+    launchTemplate :: Prelude.Maybe AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instancesDistribution', 'awsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails_instancesDistribution' - The instances distribution. The instances distribution specifies the
+-- distribution of On-Demand Instances and Spot Instances, the maximum
+-- price to pay for Spot Instances, and how the Auto Scaling group
+-- allocates instance types to fulfill On-Demand and Spot capacity.
+--
+-- 'launchTemplate', 'awsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails_launchTemplate' - The launch template to use and the instance types (overrides) to use to
+-- provision EC2 instances to fulfill On-Demand and Spot capacities.
+newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails ::
+  AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
+newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails =
+  AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails'
+    { instancesDistribution =
+        Prelude.Nothing,
+      launchTemplate =
+        Prelude.Nothing
+    }
+
+-- | The instances distribution. The instances distribution specifies the
+-- distribution of On-Demand Instances and Spot Instances, the maximum
+-- price to pay for Spot Instances, and how the Auto Scaling group
+-- allocates instance types to fulfill On-Demand and Spot capacity.
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails_instancesDistribution :: Lens.Lens' AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails (Prelude.Maybe AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails)
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails_instancesDistribution = Lens.lens (\AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails' {instancesDistribution} -> instancesDistribution) (\s@AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails' {} a -> s {instancesDistribution = a} :: AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails)
+
+-- | The launch template to use and the instance types (overrides) to use to
+-- provision EC2 instances to fulfill On-Demand and Spot capacities.
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails_launchTemplate :: Lens.Lens' AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails (Prelude.Maybe AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails)
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails_launchTemplate = Lens.lens (\AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails' {launchTemplate} -> launchTemplate) (\s@AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails' {} a -> s {launchTemplate = a} :: AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails)
+
+instance
+  Data.FromJSON
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails"
+      ( \x ->
+          AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails'
+            Prelude.<$> (x Data..:? "InstancesDistribution")
+            Prelude.<*> (x Data..:? "LaunchTemplate")
+      )
+
+instance
+  Prelude.Hashable
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
+  where
+  hashWithSalt
+    _salt
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` instancesDistribution
+        `Prelude.hashWithSalt` launchTemplate
+
+instance
+  Prelude.NFData
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
+  where
+  rnf
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails' {..} =
+      Prelude.rnf instancesDistribution
+        `Prelude.seq` Prelude.rnf launchTemplate
+
+instance
+  Data.ToJSON
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails
+  where
+  toJSON
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("InstancesDistribution" Data..=)
+                Prelude.<$> instancesDistribution,
+              ("LaunchTemplate" Data..=)
+                Prelude.<$> launchTemplate
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails.hs
@@ -0,0 +1,208 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the instances distribution.
+--
+-- /See:/ 'newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' smart constructor.
+data AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails = AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails'
+  { -- | How to allocate instance types to fulfill On-Demand capacity. The valid
+    -- value is @prioritized@.
+    onDemandAllocationStrategy :: Prelude.Maybe Prelude.Text,
+    -- | The minimum amount of the Auto Scaling group\'s capacity that must be
+    -- fulfilled by On-Demand Instances.
+    onDemandBaseCapacity :: Prelude.Maybe Prelude.Int,
+    -- | The percentage of On-Demand Instances and Spot Instances for additional
+    -- capacity beyond @OnDemandBaseCapacity@.
+    onDemandPercentageAboveBaseCapacity :: Prelude.Maybe Prelude.Int,
+    -- | How to allocate instances across Spot Instance pools. Valid values are
+    -- as follows:
+    --
+    -- -   @lowest-price@
+    --
+    -- -   @capacity-optimized@
+    --
+    -- -   @capacity-optimized-prioritized@
+    spotAllocationStrategy :: Prelude.Maybe Prelude.Text,
+    -- | The number of Spot Instance pools across which to allocate your Spot
+    -- Instances.
+    spotInstancePools :: Prelude.Maybe Prelude.Int,
+    -- | The maximum price per unit hour that you are willing to pay for a Spot
+    -- Instance.
+    spotMaxPrice :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'onDemandAllocationStrategy', 'awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_onDemandAllocationStrategy' - How to allocate instance types to fulfill On-Demand capacity. The valid
+-- value is @prioritized@.
+--
+-- 'onDemandBaseCapacity', 'awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_onDemandBaseCapacity' - The minimum amount of the Auto Scaling group\'s capacity that must be
+-- fulfilled by On-Demand Instances.
+--
+-- 'onDemandPercentageAboveBaseCapacity', 'awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_onDemandPercentageAboveBaseCapacity' - The percentage of On-Demand Instances and Spot Instances for additional
+-- capacity beyond @OnDemandBaseCapacity@.
+--
+-- 'spotAllocationStrategy', 'awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_spotAllocationStrategy' - How to allocate instances across Spot Instance pools. Valid values are
+-- as follows:
+--
+-- -   @lowest-price@
+--
+-- -   @capacity-optimized@
+--
+-- -   @capacity-optimized-prioritized@
+--
+-- 'spotInstancePools', 'awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_spotInstancePools' - The number of Spot Instance pools across which to allocate your Spot
+-- Instances.
+--
+-- 'spotMaxPrice', 'awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_spotMaxPrice' - The maximum price per unit hour that you are willing to pay for a Spot
+-- Instance.
+newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails ::
+  AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
+newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails =
+  AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails'
+    { onDemandAllocationStrategy =
+        Prelude.Nothing,
+      onDemandBaseCapacity =
+        Prelude.Nothing,
+      onDemandPercentageAboveBaseCapacity =
+        Prelude.Nothing,
+      spotAllocationStrategy =
+        Prelude.Nothing,
+      spotInstancePools =
+        Prelude.Nothing,
+      spotMaxPrice =
+        Prelude.Nothing
+    }
+
+-- | How to allocate instance types to fulfill On-Demand capacity. The valid
+-- value is @prioritized@.
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_onDemandAllocationStrategy :: Lens.Lens' AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_onDemandAllocationStrategy = Lens.lens (\AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' {onDemandAllocationStrategy} -> onDemandAllocationStrategy) (\s@AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' {} a -> s {onDemandAllocationStrategy = a} :: AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails)
+
+-- | The minimum amount of the Auto Scaling group\'s capacity that must be
+-- fulfilled by On-Demand Instances.
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_onDemandBaseCapacity :: Lens.Lens' AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails (Prelude.Maybe Prelude.Int)
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_onDemandBaseCapacity = Lens.lens (\AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' {onDemandBaseCapacity} -> onDemandBaseCapacity) (\s@AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' {} a -> s {onDemandBaseCapacity = a} :: AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails)
+
+-- | The percentage of On-Demand Instances and Spot Instances for additional
+-- capacity beyond @OnDemandBaseCapacity@.
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_onDemandPercentageAboveBaseCapacity :: Lens.Lens' AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails (Prelude.Maybe Prelude.Int)
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_onDemandPercentageAboveBaseCapacity = Lens.lens (\AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' {onDemandPercentageAboveBaseCapacity} -> onDemandPercentageAboveBaseCapacity) (\s@AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' {} a -> s {onDemandPercentageAboveBaseCapacity = a} :: AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails)
+
+-- | How to allocate instances across Spot Instance pools. Valid values are
+-- as follows:
+--
+-- -   @lowest-price@
+--
+-- -   @capacity-optimized@
+--
+-- -   @capacity-optimized-prioritized@
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_spotAllocationStrategy :: Lens.Lens' AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_spotAllocationStrategy = Lens.lens (\AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' {spotAllocationStrategy} -> spotAllocationStrategy) (\s@AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' {} a -> s {spotAllocationStrategy = a} :: AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails)
+
+-- | The number of Spot Instance pools across which to allocate your Spot
+-- Instances.
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_spotInstancePools :: Lens.Lens' AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails (Prelude.Maybe Prelude.Int)
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_spotInstancePools = Lens.lens (\AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' {spotInstancePools} -> spotInstancePools) (\s@AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' {} a -> s {spotInstancePools = a} :: AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails)
+
+-- | The maximum price per unit hour that you are willing to pay for a Spot
+-- Instance.
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_spotMaxPrice :: Lens.Lens' AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails_spotMaxPrice = Lens.lens (\AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' {spotMaxPrice} -> spotMaxPrice) (\s@AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' {} a -> s {spotMaxPrice = a} :: AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails)
+
+instance
+  Data.FromJSON
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails"
+      ( \x ->
+          AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails'
+            Prelude.<$> (x Data..:? "OnDemandAllocationStrategy")
+            Prelude.<*> (x Data..:? "OnDemandBaseCapacity")
+            Prelude.<*> (x Data..:? "OnDemandPercentageAboveBaseCapacity")
+            Prelude.<*> (x Data..:? "SpotAllocationStrategy")
+            Prelude.<*> (x Data..:? "SpotInstancePools")
+            Prelude.<*> (x Data..:? "SpotMaxPrice")
+      )
+
+instance
+  Prelude.Hashable
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
+  where
+  hashWithSalt
+    _salt
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` onDemandAllocationStrategy
+        `Prelude.hashWithSalt` onDemandBaseCapacity
+        `Prelude.hashWithSalt` onDemandPercentageAboveBaseCapacity
+        `Prelude.hashWithSalt` spotAllocationStrategy
+        `Prelude.hashWithSalt` spotInstancePools
+        `Prelude.hashWithSalt` spotMaxPrice
+
+instance
+  Prelude.NFData
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
+  where
+  rnf
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' {..} =
+      Prelude.rnf onDemandAllocationStrategy
+        `Prelude.seq` Prelude.rnf onDemandBaseCapacity
+        `Prelude.seq` Prelude.rnf onDemandPercentageAboveBaseCapacity
+        `Prelude.seq` Prelude.rnf spotAllocationStrategy
+        `Prelude.seq` Prelude.rnf spotInstancePools
+        `Prelude.seq` Prelude.rnf spotMaxPrice
+
+instance
+  Data.ToJSON
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails
+  where
+  toJSON
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("OnDemandAllocationStrategy" Data..=)
+                Prelude.<$> onDemandAllocationStrategy,
+              ("OnDemandBaseCapacity" Data..=)
+                Prelude.<$> onDemandBaseCapacity,
+              ("OnDemandPercentageAboveBaseCapacity" Data..=)
+                Prelude.<$> onDemandPercentageAboveBaseCapacity,
+              ("SpotAllocationStrategy" Data..=)
+                Prelude.<$> spotAllocationStrategy,
+              ("SpotInstancePools" Data..=)
+                Prelude.<$> spotInstancePools,
+              ("SpotMaxPrice" Data..=) Prelude.<$> spotMaxPrice
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails.hs
@@ -0,0 +1,114 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
+
+-- | Describes a launch template and overrides for a mixed instances policy.
+--
+-- /See:/ 'newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails' smart constructor.
+data AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails = AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails'
+  { -- | The launch template to use for a mixed instances policy.
+    launchTemplateSpecification :: Prelude.Maybe AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification,
+    -- | Property values to use to override the values in the launch template.
+    overrides :: Prelude.Maybe [AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'launchTemplateSpecification', 'awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails_launchTemplateSpecification' - The launch template to use for a mixed instances policy.
+--
+-- 'overrides', 'awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails_overrides' - Property values to use to override the values in the launch template.
+newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails ::
+  AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
+newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails =
+  AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails'
+    { launchTemplateSpecification =
+        Prelude.Nothing,
+      overrides =
+        Prelude.Nothing
+    }
+
+-- | The launch template to use for a mixed instances policy.
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails_launchTemplateSpecification :: Lens.Lens' AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails (Prelude.Maybe AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification)
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails_launchTemplateSpecification = Lens.lens (\AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails' {launchTemplateSpecification} -> launchTemplateSpecification) (\s@AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails' {} a -> s {launchTemplateSpecification = a} :: AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails)
+
+-- | Property values to use to override the values in the launch template.
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails_overrides :: Lens.Lens' AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails (Prelude.Maybe [AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails])
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails_overrides = Lens.lens (\AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails' {overrides} -> overrides) (\s@AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails' {} a -> s {overrides = a} :: AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails"
+      ( \x ->
+          AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails'
+            Prelude.<$> (x Data..:? "LaunchTemplateSpecification")
+            Prelude.<*> (x Data..:? "Overrides" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
+  where
+  hashWithSalt
+    _salt
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` launchTemplateSpecification
+        `Prelude.hashWithSalt` overrides
+
+instance
+  Prelude.NFData
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
+  where
+  rnf
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails' {..} =
+      Prelude.rnf launchTemplateSpecification
+        `Prelude.seq` Prelude.rnf overrides
+
+instance
+  Data.ToJSON
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails
+  where
+  toJSON
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("LaunchTemplateSpecification" Data..=)
+                Prelude.<$> launchTemplateSpecification,
+              ("Overrides" Data..=) Prelude.<$> overrides
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification.hs b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification.hs
@@ -0,0 +1,136 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about the launch template to use for a mixed instances policy.
+--
+-- /See:/ 'newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification' smart constructor.
+data AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification = AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification'
+  { -- | The identifier of the launch template. You must specify either
+    -- @LaunchTemplateId@ or @LaunchTemplateName@.
+    launchTemplateId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the launch template. You must specify either
+    -- @LaunchTemplateId@ or @LaunchTemplateName@.
+    launchTemplateName :: Prelude.Maybe Prelude.Text,
+    -- | Identifies the version of the launch template. You can specify a version
+    -- identifier, or use the values @$Latest@ or @$Default@.
+    version :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'launchTemplateId', 'awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification_launchTemplateId' - The identifier of the launch template. You must specify either
+-- @LaunchTemplateId@ or @LaunchTemplateName@.
+--
+-- 'launchTemplateName', 'awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification_launchTemplateName' - The name of the launch template. You must specify either
+-- @LaunchTemplateId@ or @LaunchTemplateName@.
+--
+-- 'version', 'awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification_version' - Identifies the version of the launch template. You can specify a version
+-- identifier, or use the values @$Latest@ or @$Default@.
+newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification ::
+  AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
+newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification =
+  AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification'
+    { launchTemplateId =
+        Prelude.Nothing,
+      launchTemplateName =
+        Prelude.Nothing,
+      version =
+        Prelude.Nothing
+    }
+
+-- | The identifier of the launch template. You must specify either
+-- @LaunchTemplateId@ or @LaunchTemplateName@.
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification_launchTemplateId :: Lens.Lens' AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification (Prelude.Maybe Prelude.Text)
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification_launchTemplateId = Lens.lens (\AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification' {launchTemplateId} -> launchTemplateId) (\s@AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification' {} a -> s {launchTemplateId = a} :: AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification)
+
+-- | The name of the launch template. You must specify either
+-- @LaunchTemplateId@ or @LaunchTemplateName@.
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification_launchTemplateName :: Lens.Lens' AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification (Prelude.Maybe Prelude.Text)
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification_launchTemplateName = Lens.lens (\AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification' {launchTemplateName} -> launchTemplateName) (\s@AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification' {} a -> s {launchTemplateName = a} :: AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification)
+
+-- | Identifies the version of the launch template. You can specify a version
+-- identifier, or use the values @$Latest@ or @$Default@.
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification_version :: Lens.Lens' AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification (Prelude.Maybe Prelude.Text)
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification_version = Lens.lens (\AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification' {version} -> version) (\s@AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification' {} a -> s {version = a} :: AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification)
+
+instance
+  Data.FromJSON
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
+  where
+  parseJSON =
+    Data.withObject
+      "AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification"
+      ( \x ->
+          AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification'
+            Prelude.<$> (x Data..:? "LaunchTemplateId")
+            Prelude.<*> (x Data..:? "LaunchTemplateName")
+            Prelude.<*> (x Data..:? "Version")
+      )
+
+instance
+  Prelude.Hashable
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
+  where
+  hashWithSalt
+    _salt
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification' {..} =
+      _salt
+        `Prelude.hashWithSalt` launchTemplateId
+        `Prelude.hashWithSalt` launchTemplateName
+        `Prelude.hashWithSalt` version
+
+instance
+  Prelude.NFData
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
+  where
+  rnf
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification' {..} =
+      Prelude.rnf launchTemplateId
+        `Prelude.seq` Prelude.rnf launchTemplateName
+        `Prelude.seq` Prelude.rnf version
+
+instance
+  Data.ToJSON
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification
+  where
+  toJSON
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("LaunchTemplateId" Data..=)
+                Prelude.<$> launchTemplateId,
+              ("LaunchTemplateName" Data..=)
+                Prelude.<$> launchTemplateName,
+              ("Version" Data..=) Prelude.<$> version
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails.hs
@@ -0,0 +1,118 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Property values to use to override the values in the launch template.
+--
+-- /See:/ 'newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails' smart constructor.
+data AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails = AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails'
+  { -- | The instance type. For example, @m3.xlarge@.
+    instanceType :: Prelude.Maybe Prelude.Text,
+    -- | The number of capacity units provided by the specified instance type in
+    -- terms of virtual CPUs, memory, storage, throughput, or other relative
+    -- performance characteristic.
+    weightedCapacity :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceType', 'awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails_instanceType' - The instance type. For example, @m3.xlarge@.
+--
+-- 'weightedCapacity', 'awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails_weightedCapacity' - The number of capacity units provided by the specified instance type in
+-- terms of virtual CPUs, memory, storage, throughput, or other relative
+-- performance characteristic.
+newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails ::
+  AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
+newAwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails =
+  AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails'
+    { instanceType =
+        Prelude.Nothing,
+      weightedCapacity =
+        Prelude.Nothing
+    }
+
+-- | The instance type. For example, @m3.xlarge@.
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails_instanceType :: Lens.Lens' AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails_instanceType = Lens.lens (\AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails' {instanceType} -> instanceType) (\s@AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails' {} a -> s {instanceType = a} :: AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails)
+
+-- | The number of capacity units provided by the specified instance type in
+-- terms of virtual CPUs, memory, storage, throughput, or other relative
+-- performance characteristic.
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails_weightedCapacity :: Lens.Lens' AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails_weightedCapacity = Lens.lens (\AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails' {weightedCapacity} -> weightedCapacity) (\s@AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails' {} a -> s {weightedCapacity = a} :: AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails)
+
+instance
+  Data.FromJSON
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails"
+      ( \x ->
+          AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails'
+            Prelude.<$> (x Data..:? "InstanceType")
+            Prelude.<*> (x Data..:? "WeightedCapacity")
+      )
+
+instance
+  Prelude.Hashable
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
+  where
+  hashWithSalt
+    _salt
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceType
+        `Prelude.hashWithSalt` weightedCapacity
+
+instance
+  Prelude.NFData
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
+  where
+  rnf
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails' {..} =
+      Prelude.rnf instanceType
+        `Prelude.seq` Prelude.rnf weightedCapacity
+
+instance
+  Data.ToJSON
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails
+  where
+  toJSON
+    AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("InstanceType" Data..=) Prelude.<$> instanceType,
+              ("WeightedCapacity" Data..=)
+                Prelude.<$> weightedCapacity
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails.hs
@@ -0,0 +1,161 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails
+
+-- | A block device for the instance.
+--
+-- /See:/ 'newAwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails' smart constructor.
+data AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails = AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails'
+  { -- | The device name that is exposed to the EC2 instance. For example,
+    -- @\/dev\/sdh@ or @xvdh@.
+    deviceName :: Prelude.Maybe Prelude.Text,
+    -- | Parameters that are used to automatically set up Amazon EBS volumes when
+    -- an instance is launched.
+    ebs :: Prelude.Maybe AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails,
+    -- | Whether to suppress the device that is included in the block device
+    -- mapping of the Amazon Machine Image (AMI).
+    --
+    -- If @NoDevice@ is @true@, then you cannot specify @Ebs@.>
+    noDevice :: Prelude.Maybe Prelude.Bool,
+    -- | The name of the virtual device (for example, @ephemeral0@).
+    --
+    -- You can provide either @VirtualName@ or @Ebs@, but not both.
+    virtualName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deviceName', 'awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_deviceName' - The device name that is exposed to the EC2 instance. For example,
+-- @\/dev\/sdh@ or @xvdh@.
+--
+-- 'ebs', 'awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_ebs' - Parameters that are used to automatically set up Amazon EBS volumes when
+-- an instance is launched.
+--
+-- 'noDevice', 'awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_noDevice' - Whether to suppress the device that is included in the block device
+-- mapping of the Amazon Machine Image (AMI).
+--
+-- If @NoDevice@ is @true@, then you cannot specify @Ebs@.>
+--
+-- 'virtualName', 'awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_virtualName' - The name of the virtual device (for example, @ephemeral0@).
+--
+-- You can provide either @VirtualName@ or @Ebs@, but not both.
+newAwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails ::
+  AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails
+newAwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails =
+  AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails'
+    { deviceName =
+        Prelude.Nothing,
+      ebs =
+        Prelude.Nothing,
+      noDevice =
+        Prelude.Nothing,
+      virtualName =
+        Prelude.Nothing
+    }
+
+-- | The device name that is exposed to the EC2 instance. For example,
+-- @\/dev\/sdh@ or @xvdh@.
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_deviceName :: Lens.Lens' AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_deviceName = Lens.lens (\AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails' {deviceName} -> deviceName) (\s@AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails' {} a -> s {deviceName = a} :: AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails)
+
+-- | Parameters that are used to automatically set up Amazon EBS volumes when
+-- an instance is launched.
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_ebs :: Lens.Lens' AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails (Prelude.Maybe AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails)
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_ebs = Lens.lens (\AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails' {ebs} -> ebs) (\s@AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails' {} a -> s {ebs = a} :: AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails)
+
+-- | Whether to suppress the device that is included in the block device
+-- mapping of the Amazon Machine Image (AMI).
+--
+-- If @NoDevice@ is @true@, then you cannot specify @Ebs@.>
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_noDevice :: Lens.Lens' AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails (Prelude.Maybe Prelude.Bool)
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_noDevice = Lens.lens (\AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails' {noDevice} -> noDevice) (\s@AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails' {} a -> s {noDevice = a} :: AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails)
+
+-- | The name of the virtual device (for example, @ephemeral0@).
+--
+-- You can provide either @VirtualName@ or @Ebs@, but not both.
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_virtualName :: Lens.Lens' AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails_virtualName = Lens.lens (\AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails' {virtualName} -> virtualName) (\s@AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails' {} a -> s {virtualName = a} :: AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails)
+
+instance
+  Data.FromJSON
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails"
+      ( \x ->
+          AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails'
+            Prelude.<$> (x Data..:? "DeviceName")
+            Prelude.<*> (x Data..:? "Ebs")
+            Prelude.<*> (x Data..:? "NoDevice")
+            Prelude.<*> (x Data..:? "VirtualName")
+      )
+
+instance
+  Prelude.Hashable
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` deviceName
+        `Prelude.hashWithSalt` ebs
+        `Prelude.hashWithSalt` noDevice
+        `Prelude.hashWithSalt` virtualName
+
+instance
+  Prelude.NFData
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails
+  where
+  rnf
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails' {..} =
+      Prelude.rnf deviceName
+        `Prelude.seq` Prelude.rnf ebs
+        `Prelude.seq` Prelude.rnf noDevice
+        `Prelude.seq` Prelude.rnf virtualName
+
+instance
+  Data.ToJSON
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails
+  where
+  toJSON
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DeviceName" Data..=) Prelude.<$> deviceName,
+              ("Ebs" Data..=) Prelude.<$> ebs,
+              ("NoDevice" Data..=) Prelude.<$> noDevice,
+              ("VirtualName" Data..=) Prelude.<$> virtualName
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails.hs
@@ -0,0 +1,262 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Parameters that are used to automatically set up EBS volumes when an
+-- instance is launched.
+--
+-- /See:/ 'newAwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' smart constructor.
+data AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails = AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails'
+  { -- | Whether to delete the volume when the instance is terminated.
+    deleteOnTermination :: Prelude.Maybe Prelude.Bool,
+    -- | Whether to encrypt the volume.
+    encrypted :: Prelude.Maybe Prelude.Bool,
+    -- | The number of input\/output (I\/O) operations per second (IOPS) to
+    -- provision for the volume.
+    --
+    -- Only supported for @gp3@ or @io1@ volumes. Required for @io1@ volumes.
+    -- Not used with @standard@, @gp2@, @st1@, or @sc1@ volumes.
+    iops :: Prelude.Maybe Prelude.Int,
+    -- | The snapshot ID of the volume to use.
+    --
+    -- You must specify either @VolumeSize@ or @SnapshotId@.
+    snapshotId :: Prelude.Maybe Prelude.Text,
+    -- | The volume size, in GiBs. The following are the supported volumes sizes
+    -- for each volume type:
+    --
+    -- -   gp2 and gp3: 1-16,384
+    --
+    -- -   io1: 4-16,384
+    --
+    -- -   st1 and sc1: 125-16,384
+    --
+    -- -   standard: 1-1,024
+    --
+    -- You must specify either @SnapshotId@ or @VolumeSize@. If you specify
+    -- both @SnapshotId@ and @VolumeSize@, the volume size must be equal or
+    -- greater than the size of the snapshot.
+    volumeSize :: Prelude.Maybe Prelude.Int,
+    -- | The volume type. Valid values are as follows:
+    --
+    -- -   @gp2@
+    --
+    -- -   @gp3@
+    --
+    -- -   @io1@
+    --
+    -- -   @sc1@
+    --
+    -- -   @st1@
+    --
+    -- -   @standard@
+    volumeType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deleteOnTermination', 'awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_deleteOnTermination' - Whether to delete the volume when the instance is terminated.
+--
+-- 'encrypted', 'awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_encrypted' - Whether to encrypt the volume.
+--
+-- 'iops', 'awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_iops' - The number of input\/output (I\/O) operations per second (IOPS) to
+-- provision for the volume.
+--
+-- Only supported for @gp3@ or @io1@ volumes. Required for @io1@ volumes.
+-- Not used with @standard@, @gp2@, @st1@, or @sc1@ volumes.
+--
+-- 'snapshotId', 'awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_snapshotId' - The snapshot ID of the volume to use.
+--
+-- You must specify either @VolumeSize@ or @SnapshotId@.
+--
+-- 'volumeSize', 'awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_volumeSize' - The volume size, in GiBs. The following are the supported volumes sizes
+-- for each volume type:
+--
+-- -   gp2 and gp3: 1-16,384
+--
+-- -   io1: 4-16,384
+--
+-- -   st1 and sc1: 125-16,384
+--
+-- -   standard: 1-1,024
+--
+-- You must specify either @SnapshotId@ or @VolumeSize@. If you specify
+-- both @SnapshotId@ and @VolumeSize@, the volume size must be equal or
+-- greater than the size of the snapshot.
+--
+-- 'volumeType', 'awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_volumeType' - The volume type. Valid values are as follows:
+--
+-- -   @gp2@
+--
+-- -   @gp3@
+--
+-- -   @io1@
+--
+-- -   @sc1@
+--
+-- -   @st1@
+--
+-- -   @standard@
+newAwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails ::
+  AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails
+newAwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails =
+  AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails'
+    { deleteOnTermination =
+        Prelude.Nothing,
+      encrypted =
+        Prelude.Nothing,
+      iops =
+        Prelude.Nothing,
+      snapshotId =
+        Prelude.Nothing,
+      volumeSize =
+        Prelude.Nothing,
+      volumeType =
+        Prelude.Nothing
+    }
+
+-- | Whether to delete the volume when the instance is terminated.
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_deleteOnTermination :: Lens.Lens' AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails (Prelude.Maybe Prelude.Bool)
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_deleteOnTermination = Lens.lens (\AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' {deleteOnTermination} -> deleteOnTermination) (\s@AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' {} a -> s {deleteOnTermination = a} :: AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails)
+
+-- | Whether to encrypt the volume.
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_encrypted :: Lens.Lens' AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails (Prelude.Maybe Prelude.Bool)
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_encrypted = Lens.lens (\AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' {encrypted} -> encrypted) (\s@AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' {} a -> s {encrypted = a} :: AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails)
+
+-- | The number of input\/output (I\/O) operations per second (IOPS) to
+-- provision for the volume.
+--
+-- Only supported for @gp3@ or @io1@ volumes. Required for @io1@ volumes.
+-- Not used with @standard@, @gp2@, @st1@, or @sc1@ volumes.
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_iops :: Lens.Lens' AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails (Prelude.Maybe Prelude.Int)
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_iops = Lens.lens (\AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' {iops} -> iops) (\s@AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' {} a -> s {iops = a} :: AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails)
+
+-- | The snapshot ID of the volume to use.
+--
+-- You must specify either @VolumeSize@ or @SnapshotId@.
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_snapshotId :: Lens.Lens' AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_snapshotId = Lens.lens (\AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' {snapshotId} -> snapshotId) (\s@AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' {} a -> s {snapshotId = a} :: AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails)
+
+-- | The volume size, in GiBs. The following are the supported volumes sizes
+-- for each volume type:
+--
+-- -   gp2 and gp3: 1-16,384
+--
+-- -   io1: 4-16,384
+--
+-- -   st1 and sc1: 125-16,384
+--
+-- -   standard: 1-1,024
+--
+-- You must specify either @SnapshotId@ or @VolumeSize@. If you specify
+-- both @SnapshotId@ and @VolumeSize@, the volume size must be equal or
+-- greater than the size of the snapshot.
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_volumeSize :: Lens.Lens' AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails (Prelude.Maybe Prelude.Int)
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_volumeSize = Lens.lens (\AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' {volumeSize} -> volumeSize) (\s@AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' {} a -> s {volumeSize = a} :: AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails)
+
+-- | The volume type. Valid values are as follows:
+--
+-- -   @gp2@
+--
+-- -   @gp3@
+--
+-- -   @io1@
+--
+-- -   @sc1@
+--
+-- -   @st1@
+--
+-- -   @standard@
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_volumeType :: Lens.Lens' AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails_volumeType = Lens.lens (\AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' {volumeType} -> volumeType) (\s@AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' {} a -> s {volumeType = a} :: AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails)
+
+instance
+  Data.FromJSON
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails"
+      ( \x ->
+          AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails'
+            Prelude.<$> (x Data..:? "DeleteOnTermination")
+            Prelude.<*> (x Data..:? "Encrypted")
+            Prelude.<*> (x Data..:? "Iops")
+            Prelude.<*> (x Data..:? "SnapshotId")
+            Prelude.<*> (x Data..:? "VolumeSize")
+            Prelude.<*> (x Data..:? "VolumeType")
+      )
+
+instance
+  Prelude.Hashable
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` deleteOnTermination
+        `Prelude.hashWithSalt` encrypted
+        `Prelude.hashWithSalt` iops
+        `Prelude.hashWithSalt` snapshotId
+        `Prelude.hashWithSalt` volumeSize
+        `Prelude.hashWithSalt` volumeType
+
+instance
+  Prelude.NFData
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails
+  where
+  rnf
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' {..} =
+      Prelude.rnf deleteOnTermination
+        `Prelude.seq` Prelude.rnf encrypted
+        `Prelude.seq` Prelude.rnf iops
+        `Prelude.seq` Prelude.rnf snapshotId
+        `Prelude.seq` Prelude.rnf volumeSize
+        `Prelude.seq` Prelude.rnf volumeType
+
+instance
+  Data.ToJSON
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails
+  where
+  toJSON
+    AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DeleteOnTermination" Data..=)
+                Prelude.<$> deleteOnTermination,
+              ("Encrypted" Data..=) Prelude.<$> encrypted,
+              ("Iops" Data..=) Prelude.<$> iops,
+              ("SnapshotId" Data..=) Prelude.<$> snapshotId,
+              ("VolumeSize" Data..=) Prelude.<$> volumeSize,
+              ("VolumeType" Data..=) Prelude.<$> volumeType
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsAutoScalingLaunchConfigurationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingLaunchConfigurationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingLaunchConfigurationDetails.hs
@@ -0,0 +1,397 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationMetadataOptions
+
+-- | Details about a launch configuration.
+--
+-- /See:/ 'newAwsAutoScalingLaunchConfigurationDetails' smart constructor.
+data AwsAutoScalingLaunchConfigurationDetails = AwsAutoScalingLaunchConfigurationDetails'
+  { -- | For Auto Scaling groups that run in a VPC, specifies whether to assign a
+    -- public IP address to the group\'s instances.
+    associatePublicIpAddress :: Prelude.Maybe Prelude.Bool,
+    -- | Specifies the block devices for the instance.
+    blockDeviceMappings :: Prelude.Maybe [AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails],
+    -- | The identifier of a ClassicLink-enabled VPC that EC2-Classic instances
+    -- are linked to.
+    classicLinkVpcId :: Prelude.Maybe Prelude.Text,
+    -- | The identifiers of one or more security groups for the VPC that is
+    -- specified in @ClassicLinkVPCId@.
+    classicLinkVpcSecurityGroups :: Prelude.Maybe [Prelude.Text],
+    -- | The creation date and time for the launch configuration.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createdTime :: Prelude.Maybe Prelude.Text,
+    -- | Whether the launch configuration is optimized for Amazon EBS I\/O.
+    ebsOptimized :: Prelude.Maybe Prelude.Bool,
+    -- | The name or the ARN of the instance profile associated with the IAM role
+    -- for the instance. The instance profile contains the IAM role.
+    iamInstanceProfile :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the Amazon Machine Image (AMI) that is used to launch
+    -- EC2 instances.
+    imageId :: Prelude.Maybe Prelude.Text,
+    -- | Indicates the type of monitoring for instances in the group.
+    instanceMonitoring :: Prelude.Maybe AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails,
+    -- | The instance type for the instances.
+    instanceType :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the kernel associated with the AMI.
+    kernelId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the key pair.
+    keyName :: Prelude.Maybe Prelude.Text,
+    -- | The name of the launch configuration.
+    launchConfigurationName :: Prelude.Maybe Prelude.Text,
+    -- | The metadata options for the instances.
+    metadataOptions :: Prelude.Maybe AwsAutoScalingLaunchConfigurationMetadataOptions,
+    -- | The tenancy of the instance. An instance with @dedicated@ tenancy runs
+    -- on isolated, single-tenant hardware and can only be launched into a VPC.
+    placementTenancy :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the RAM disk associated with the AMI.
+    ramdiskId :: Prelude.Maybe Prelude.Text,
+    -- | The security groups to assign to the instances in the Auto Scaling
+    -- group.
+    securityGroups :: Prelude.Maybe [Prelude.Text],
+    -- | The maximum hourly price to be paid for any Spot Instance that is
+    -- launched to fulfill the request.
+    spotPrice :: Prelude.Maybe Prelude.Text,
+    -- | The user data to make available to the launched EC2 instances. Must be
+    -- base64-encoded text.
+    userData :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsAutoScalingLaunchConfigurationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'associatePublicIpAddress', 'awsAutoScalingLaunchConfigurationDetails_associatePublicIpAddress' - For Auto Scaling groups that run in a VPC, specifies whether to assign a
+-- public IP address to the group\'s instances.
+--
+-- 'blockDeviceMappings', 'awsAutoScalingLaunchConfigurationDetails_blockDeviceMappings' - Specifies the block devices for the instance.
+--
+-- 'classicLinkVpcId', 'awsAutoScalingLaunchConfigurationDetails_classicLinkVpcId' - The identifier of a ClassicLink-enabled VPC that EC2-Classic instances
+-- are linked to.
+--
+-- 'classicLinkVpcSecurityGroups', 'awsAutoScalingLaunchConfigurationDetails_classicLinkVpcSecurityGroups' - The identifiers of one or more security groups for the VPC that is
+-- specified in @ClassicLinkVPCId@.
+--
+-- 'createdTime', 'awsAutoScalingLaunchConfigurationDetails_createdTime' - The creation date and time for the launch configuration.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'ebsOptimized', 'awsAutoScalingLaunchConfigurationDetails_ebsOptimized' - Whether the launch configuration is optimized for Amazon EBS I\/O.
+--
+-- 'iamInstanceProfile', 'awsAutoScalingLaunchConfigurationDetails_iamInstanceProfile' - The name or the ARN of the instance profile associated with the IAM role
+-- for the instance. The instance profile contains the IAM role.
+--
+-- 'imageId', 'awsAutoScalingLaunchConfigurationDetails_imageId' - The identifier of the Amazon Machine Image (AMI) that is used to launch
+-- EC2 instances.
+--
+-- 'instanceMonitoring', 'awsAutoScalingLaunchConfigurationDetails_instanceMonitoring' - Indicates the type of monitoring for instances in the group.
+--
+-- 'instanceType', 'awsAutoScalingLaunchConfigurationDetails_instanceType' - The instance type for the instances.
+--
+-- 'kernelId', 'awsAutoScalingLaunchConfigurationDetails_kernelId' - The identifier of the kernel associated with the AMI.
+--
+-- 'keyName', 'awsAutoScalingLaunchConfigurationDetails_keyName' - The name of the key pair.
+--
+-- 'launchConfigurationName', 'awsAutoScalingLaunchConfigurationDetails_launchConfigurationName' - The name of the launch configuration.
+--
+-- 'metadataOptions', 'awsAutoScalingLaunchConfigurationDetails_metadataOptions' - The metadata options for the instances.
+--
+-- 'placementTenancy', 'awsAutoScalingLaunchConfigurationDetails_placementTenancy' - The tenancy of the instance. An instance with @dedicated@ tenancy runs
+-- on isolated, single-tenant hardware and can only be launched into a VPC.
+--
+-- 'ramdiskId', 'awsAutoScalingLaunchConfigurationDetails_ramdiskId' - The identifier of the RAM disk associated with the AMI.
+--
+-- 'securityGroups', 'awsAutoScalingLaunchConfigurationDetails_securityGroups' - The security groups to assign to the instances in the Auto Scaling
+-- group.
+--
+-- 'spotPrice', 'awsAutoScalingLaunchConfigurationDetails_spotPrice' - The maximum hourly price to be paid for any Spot Instance that is
+-- launched to fulfill the request.
+--
+-- 'userData', 'awsAutoScalingLaunchConfigurationDetails_userData' - The user data to make available to the launched EC2 instances. Must be
+-- base64-encoded text.
+newAwsAutoScalingLaunchConfigurationDetails ::
+  AwsAutoScalingLaunchConfigurationDetails
+newAwsAutoScalingLaunchConfigurationDetails =
+  AwsAutoScalingLaunchConfigurationDetails'
+    { associatePublicIpAddress =
+        Prelude.Nothing,
+      blockDeviceMappings =
+        Prelude.Nothing,
+      classicLinkVpcId =
+        Prelude.Nothing,
+      classicLinkVpcSecurityGroups =
+        Prelude.Nothing,
+      createdTime = Prelude.Nothing,
+      ebsOptimized = Prelude.Nothing,
+      iamInstanceProfile =
+        Prelude.Nothing,
+      imageId = Prelude.Nothing,
+      instanceMonitoring =
+        Prelude.Nothing,
+      instanceType = Prelude.Nothing,
+      kernelId = Prelude.Nothing,
+      keyName = Prelude.Nothing,
+      launchConfigurationName =
+        Prelude.Nothing,
+      metadataOptions = Prelude.Nothing,
+      placementTenancy =
+        Prelude.Nothing,
+      ramdiskId = Prelude.Nothing,
+      securityGroups = Prelude.Nothing,
+      spotPrice = Prelude.Nothing,
+      userData = Prelude.Nothing
+    }
+
+-- | For Auto Scaling groups that run in a VPC, specifies whether to assign a
+-- public IP address to the group\'s instances.
+awsAutoScalingLaunchConfigurationDetails_associatePublicIpAddress :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe Prelude.Bool)
+awsAutoScalingLaunchConfigurationDetails_associatePublicIpAddress = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {associatePublicIpAddress} -> associatePublicIpAddress) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {associatePublicIpAddress = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+-- | Specifies the block devices for the instance.
+awsAutoScalingLaunchConfigurationDetails_blockDeviceMappings :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe [AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails])
+awsAutoScalingLaunchConfigurationDetails_blockDeviceMappings = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {blockDeviceMappings} -> blockDeviceMappings) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {blockDeviceMappings = a} :: AwsAutoScalingLaunchConfigurationDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The identifier of a ClassicLink-enabled VPC that EC2-Classic instances
+-- are linked to.
+awsAutoScalingLaunchConfigurationDetails_classicLinkVpcId :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationDetails_classicLinkVpcId = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {classicLinkVpcId} -> classicLinkVpcId) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {classicLinkVpcId = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+-- | The identifiers of one or more security groups for the VPC that is
+-- specified in @ClassicLinkVPCId@.
+awsAutoScalingLaunchConfigurationDetails_classicLinkVpcSecurityGroups :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe [Prelude.Text])
+awsAutoScalingLaunchConfigurationDetails_classicLinkVpcSecurityGroups = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {classicLinkVpcSecurityGroups} -> classicLinkVpcSecurityGroups) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {classicLinkVpcSecurityGroups = a} :: AwsAutoScalingLaunchConfigurationDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The creation date and time for the launch configuration.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsAutoScalingLaunchConfigurationDetails_createdTime :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationDetails_createdTime = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {createdTime} -> createdTime) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {createdTime = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+-- | Whether the launch configuration is optimized for Amazon EBS I\/O.
+awsAutoScalingLaunchConfigurationDetails_ebsOptimized :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe Prelude.Bool)
+awsAutoScalingLaunchConfigurationDetails_ebsOptimized = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {ebsOptimized} -> ebsOptimized) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {ebsOptimized = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+-- | The name or the ARN of the instance profile associated with the IAM role
+-- for the instance. The instance profile contains the IAM role.
+awsAutoScalingLaunchConfigurationDetails_iamInstanceProfile :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationDetails_iamInstanceProfile = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {iamInstanceProfile} -> iamInstanceProfile) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {iamInstanceProfile = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+-- | The identifier of the Amazon Machine Image (AMI) that is used to launch
+-- EC2 instances.
+awsAutoScalingLaunchConfigurationDetails_imageId :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationDetails_imageId = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {imageId} -> imageId) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {imageId = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+-- | Indicates the type of monitoring for instances in the group.
+awsAutoScalingLaunchConfigurationDetails_instanceMonitoring :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails)
+awsAutoScalingLaunchConfigurationDetails_instanceMonitoring = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {instanceMonitoring} -> instanceMonitoring) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {instanceMonitoring = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+-- | The instance type for the instances.
+awsAutoScalingLaunchConfigurationDetails_instanceType :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationDetails_instanceType = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {instanceType} -> instanceType) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {instanceType = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+-- | The identifier of the kernel associated with the AMI.
+awsAutoScalingLaunchConfigurationDetails_kernelId :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationDetails_kernelId = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {kernelId} -> kernelId) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {kernelId = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+-- | The name of the key pair.
+awsAutoScalingLaunchConfigurationDetails_keyName :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationDetails_keyName = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {keyName} -> keyName) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {keyName = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+-- | The name of the launch configuration.
+awsAutoScalingLaunchConfigurationDetails_launchConfigurationName :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationDetails_launchConfigurationName = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {launchConfigurationName} -> launchConfigurationName) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {launchConfigurationName = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+-- | The metadata options for the instances.
+awsAutoScalingLaunchConfigurationDetails_metadataOptions :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe AwsAutoScalingLaunchConfigurationMetadataOptions)
+awsAutoScalingLaunchConfigurationDetails_metadataOptions = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {metadataOptions} -> metadataOptions) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {metadataOptions = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+-- | The tenancy of the instance. An instance with @dedicated@ tenancy runs
+-- on isolated, single-tenant hardware and can only be launched into a VPC.
+awsAutoScalingLaunchConfigurationDetails_placementTenancy :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationDetails_placementTenancy = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {placementTenancy} -> placementTenancy) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {placementTenancy = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+-- | The identifier of the RAM disk associated with the AMI.
+awsAutoScalingLaunchConfigurationDetails_ramdiskId :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationDetails_ramdiskId = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {ramdiskId} -> ramdiskId) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {ramdiskId = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+-- | The security groups to assign to the instances in the Auto Scaling
+-- group.
+awsAutoScalingLaunchConfigurationDetails_securityGroups :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe [Prelude.Text])
+awsAutoScalingLaunchConfigurationDetails_securityGroups = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {securityGroups} -> securityGroups) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {securityGroups = a} :: AwsAutoScalingLaunchConfigurationDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The maximum hourly price to be paid for any Spot Instance that is
+-- launched to fulfill the request.
+awsAutoScalingLaunchConfigurationDetails_spotPrice :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationDetails_spotPrice = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {spotPrice} -> spotPrice) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {spotPrice = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+-- | The user data to make available to the launched EC2 instances. Must be
+-- base64-encoded text.
+awsAutoScalingLaunchConfigurationDetails_userData :: Lens.Lens' AwsAutoScalingLaunchConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationDetails_userData = Lens.lens (\AwsAutoScalingLaunchConfigurationDetails' {userData} -> userData) (\s@AwsAutoScalingLaunchConfigurationDetails' {} a -> s {userData = a} :: AwsAutoScalingLaunchConfigurationDetails)
+
+instance
+  Data.FromJSON
+    AwsAutoScalingLaunchConfigurationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsAutoScalingLaunchConfigurationDetails"
+      ( \x ->
+          AwsAutoScalingLaunchConfigurationDetails'
+            Prelude.<$> (x Data..:? "AssociatePublicIpAddress")
+            Prelude.<*> ( x
+                            Data..:? "BlockDeviceMappings"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ClassicLinkVpcId")
+            Prelude.<*> ( x
+                            Data..:? "ClassicLinkVpcSecurityGroups"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "CreatedTime")
+            Prelude.<*> (x Data..:? "EbsOptimized")
+            Prelude.<*> (x Data..:? "IamInstanceProfile")
+            Prelude.<*> (x Data..:? "ImageId")
+            Prelude.<*> (x Data..:? "InstanceMonitoring")
+            Prelude.<*> (x Data..:? "InstanceType")
+            Prelude.<*> (x Data..:? "KernelId")
+            Prelude.<*> (x Data..:? "KeyName")
+            Prelude.<*> (x Data..:? "LaunchConfigurationName")
+            Prelude.<*> (x Data..:? "MetadataOptions")
+            Prelude.<*> (x Data..:? "PlacementTenancy")
+            Prelude.<*> (x Data..:? "RamdiskId")
+            Prelude.<*> (x Data..:? "SecurityGroups" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "SpotPrice")
+            Prelude.<*> (x Data..:? "UserData")
+      )
+
+instance
+  Prelude.Hashable
+    AwsAutoScalingLaunchConfigurationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsAutoScalingLaunchConfigurationDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` associatePublicIpAddress
+        `Prelude.hashWithSalt` blockDeviceMappings
+        `Prelude.hashWithSalt` classicLinkVpcId
+        `Prelude.hashWithSalt` classicLinkVpcSecurityGroups
+        `Prelude.hashWithSalt` createdTime
+        `Prelude.hashWithSalt` ebsOptimized
+        `Prelude.hashWithSalt` iamInstanceProfile
+        `Prelude.hashWithSalt` imageId
+        `Prelude.hashWithSalt` instanceMonitoring
+        `Prelude.hashWithSalt` instanceType
+        `Prelude.hashWithSalt` kernelId
+        `Prelude.hashWithSalt` keyName
+        `Prelude.hashWithSalt` launchConfigurationName
+        `Prelude.hashWithSalt` metadataOptions
+        `Prelude.hashWithSalt` placementTenancy
+        `Prelude.hashWithSalt` ramdiskId
+        `Prelude.hashWithSalt` securityGroups
+        `Prelude.hashWithSalt` spotPrice
+        `Prelude.hashWithSalt` userData
+
+instance
+  Prelude.NFData
+    AwsAutoScalingLaunchConfigurationDetails
+  where
+  rnf AwsAutoScalingLaunchConfigurationDetails' {..} =
+    Prelude.rnf associatePublicIpAddress
+      `Prelude.seq` Prelude.rnf blockDeviceMappings
+      `Prelude.seq` Prelude.rnf classicLinkVpcId
+      `Prelude.seq` Prelude.rnf classicLinkVpcSecurityGroups
+      `Prelude.seq` Prelude.rnf createdTime
+      `Prelude.seq` Prelude.rnf ebsOptimized
+      `Prelude.seq` Prelude.rnf iamInstanceProfile
+      `Prelude.seq` Prelude.rnf imageId
+      `Prelude.seq` Prelude.rnf instanceMonitoring
+      `Prelude.seq` Prelude.rnf instanceType
+      `Prelude.seq` Prelude.rnf kernelId
+      `Prelude.seq` Prelude.rnf keyName
+      `Prelude.seq` Prelude.rnf launchConfigurationName
+      `Prelude.seq` Prelude.rnf metadataOptions
+      `Prelude.seq` Prelude.rnf placementTenancy
+      `Prelude.seq` Prelude.rnf ramdiskId
+      `Prelude.seq` Prelude.rnf securityGroups
+      `Prelude.seq` Prelude.rnf spotPrice
+      `Prelude.seq` Prelude.rnf userData
+
+instance
+  Data.ToJSON
+    AwsAutoScalingLaunchConfigurationDetails
+  where
+  toJSON AwsAutoScalingLaunchConfigurationDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AssociatePublicIpAddress" Data..=)
+              Prelude.<$> associatePublicIpAddress,
+            ("BlockDeviceMappings" Data..=)
+              Prelude.<$> blockDeviceMappings,
+            ("ClassicLinkVpcId" Data..=)
+              Prelude.<$> classicLinkVpcId,
+            ("ClassicLinkVpcSecurityGroups" Data..=)
+              Prelude.<$> classicLinkVpcSecurityGroups,
+            ("CreatedTime" Data..=) Prelude.<$> createdTime,
+            ("EbsOptimized" Data..=) Prelude.<$> ebsOptimized,
+            ("IamInstanceProfile" Data..=)
+              Prelude.<$> iamInstanceProfile,
+            ("ImageId" Data..=) Prelude.<$> imageId,
+            ("InstanceMonitoring" Data..=)
+              Prelude.<$> instanceMonitoring,
+            ("InstanceType" Data..=) Prelude.<$> instanceType,
+            ("KernelId" Data..=) Prelude.<$> kernelId,
+            ("KeyName" Data..=) Prelude.<$> keyName,
+            ("LaunchConfigurationName" Data..=)
+              Prelude.<$> launchConfigurationName,
+            ("MetadataOptions" Data..=)
+              Prelude.<$> metadataOptions,
+            ("PlacementTenancy" Data..=)
+              Prelude.<$> placementTenancy,
+            ("RamdiskId" Data..=) Prelude.<$> ramdiskId,
+            ("SecurityGroups" Data..=)
+              Prelude.<$> securityGroups,
+            ("SpotPrice" Data..=) Prelude.<$> spotPrice,
+            ("UserData" Data..=) Prelude.<$> userData
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails.hs
@@ -0,0 +1,107 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the type of monitoring for instances in the group.
+--
+-- /See:/ 'newAwsAutoScalingLaunchConfigurationInstanceMonitoringDetails' smart constructor.
+data AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails = AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails'
+  { -- | If set to @true@, then instances in the group launch with detailed
+    -- monitoring.
+    --
+    -- If set to @false@, then instances in the group launch with basic
+    -- monitoring.
+    enabled :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enabled', 'awsAutoScalingLaunchConfigurationInstanceMonitoringDetails_enabled' - If set to @true@, then instances in the group launch with detailed
+-- monitoring.
+--
+-- If set to @false@, then instances in the group launch with basic
+-- monitoring.
+newAwsAutoScalingLaunchConfigurationInstanceMonitoringDetails ::
+  AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails
+newAwsAutoScalingLaunchConfigurationInstanceMonitoringDetails =
+  AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails'
+    { enabled =
+        Prelude.Nothing
+    }
+
+-- | If set to @true@, then instances in the group launch with detailed
+-- monitoring.
+--
+-- If set to @false@, then instances in the group launch with basic
+-- monitoring.
+awsAutoScalingLaunchConfigurationInstanceMonitoringDetails_enabled :: Lens.Lens' AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails (Prelude.Maybe Prelude.Bool)
+awsAutoScalingLaunchConfigurationInstanceMonitoringDetails_enabled = Lens.lens (\AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails' {enabled} -> enabled) (\s@AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails' {} a -> s {enabled = a} :: AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails)
+
+instance
+  Data.FromJSON
+    AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails"
+      ( \x ->
+          AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails'
+            Prelude.<$> (x Data..:? "Enabled")
+      )
+
+instance
+  Prelude.Hashable
+    AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails
+  where
+  hashWithSalt
+    _salt
+    AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails' {..} =
+      _salt `Prelude.hashWithSalt` enabled
+
+instance
+  Prelude.NFData
+    AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails
+  where
+  rnf
+    AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails' {..} =
+      Prelude.rnf enabled
+
+instance
+  Data.ToJSON
+    AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails
+  where
+  toJSON
+    AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Enabled" Data..=) Prelude.<$> enabled]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsAutoScalingLaunchConfigurationMetadataOptions.hs b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingLaunchConfigurationMetadataOptions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsAutoScalingLaunchConfigurationMetadataOptions.hs
@@ -0,0 +1,135 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationMetadataOptions
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationMetadataOptions where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The metadata options for the instances.
+--
+-- /See:/ 'newAwsAutoScalingLaunchConfigurationMetadataOptions' smart constructor.
+data AwsAutoScalingLaunchConfigurationMetadataOptions = AwsAutoScalingLaunchConfigurationMetadataOptions'
+  { -- | Enables or disables the HTTP metadata endpoint on your instances. By
+    -- default, the metadata endpoint is enabled.
+    httpEndpoint :: Prelude.Maybe Prelude.Text,
+    -- | The HTTP @PUT@ response hop limit for instance metadata requests. The
+    -- larger the number, the further instance metadata requests can travel.
+    httpPutResponseHopLimit :: Prelude.Maybe Prelude.Int,
+    -- | Indicates whether token usage is @required@ or @optional@ for metadata
+    -- requests. By default, token usage is @optional@.
+    httpTokens :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsAutoScalingLaunchConfigurationMetadataOptions' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpEndpoint', 'awsAutoScalingLaunchConfigurationMetadataOptions_httpEndpoint' - Enables or disables the HTTP metadata endpoint on your instances. By
+-- default, the metadata endpoint is enabled.
+--
+-- 'httpPutResponseHopLimit', 'awsAutoScalingLaunchConfigurationMetadataOptions_httpPutResponseHopLimit' - The HTTP @PUT@ response hop limit for instance metadata requests. The
+-- larger the number, the further instance metadata requests can travel.
+--
+-- 'httpTokens', 'awsAutoScalingLaunchConfigurationMetadataOptions_httpTokens' - Indicates whether token usage is @required@ or @optional@ for metadata
+-- requests. By default, token usage is @optional@.
+newAwsAutoScalingLaunchConfigurationMetadataOptions ::
+  AwsAutoScalingLaunchConfigurationMetadataOptions
+newAwsAutoScalingLaunchConfigurationMetadataOptions =
+  AwsAutoScalingLaunchConfigurationMetadataOptions'
+    { httpEndpoint =
+        Prelude.Nothing,
+      httpPutResponseHopLimit =
+        Prelude.Nothing,
+      httpTokens =
+        Prelude.Nothing
+    }
+
+-- | Enables or disables the HTTP metadata endpoint on your instances. By
+-- default, the metadata endpoint is enabled.
+awsAutoScalingLaunchConfigurationMetadataOptions_httpEndpoint :: Lens.Lens' AwsAutoScalingLaunchConfigurationMetadataOptions (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationMetadataOptions_httpEndpoint = Lens.lens (\AwsAutoScalingLaunchConfigurationMetadataOptions' {httpEndpoint} -> httpEndpoint) (\s@AwsAutoScalingLaunchConfigurationMetadataOptions' {} a -> s {httpEndpoint = a} :: AwsAutoScalingLaunchConfigurationMetadataOptions)
+
+-- | The HTTP @PUT@ response hop limit for instance metadata requests. The
+-- larger the number, the further instance metadata requests can travel.
+awsAutoScalingLaunchConfigurationMetadataOptions_httpPutResponseHopLimit :: Lens.Lens' AwsAutoScalingLaunchConfigurationMetadataOptions (Prelude.Maybe Prelude.Int)
+awsAutoScalingLaunchConfigurationMetadataOptions_httpPutResponseHopLimit = Lens.lens (\AwsAutoScalingLaunchConfigurationMetadataOptions' {httpPutResponseHopLimit} -> httpPutResponseHopLimit) (\s@AwsAutoScalingLaunchConfigurationMetadataOptions' {} a -> s {httpPutResponseHopLimit = a} :: AwsAutoScalingLaunchConfigurationMetadataOptions)
+
+-- | Indicates whether token usage is @required@ or @optional@ for metadata
+-- requests. By default, token usage is @optional@.
+awsAutoScalingLaunchConfigurationMetadataOptions_httpTokens :: Lens.Lens' AwsAutoScalingLaunchConfigurationMetadataOptions (Prelude.Maybe Prelude.Text)
+awsAutoScalingLaunchConfigurationMetadataOptions_httpTokens = Lens.lens (\AwsAutoScalingLaunchConfigurationMetadataOptions' {httpTokens} -> httpTokens) (\s@AwsAutoScalingLaunchConfigurationMetadataOptions' {} a -> s {httpTokens = a} :: AwsAutoScalingLaunchConfigurationMetadataOptions)
+
+instance
+  Data.FromJSON
+    AwsAutoScalingLaunchConfigurationMetadataOptions
+  where
+  parseJSON =
+    Data.withObject
+      "AwsAutoScalingLaunchConfigurationMetadataOptions"
+      ( \x ->
+          AwsAutoScalingLaunchConfigurationMetadataOptions'
+            Prelude.<$> (x Data..:? "HttpEndpoint")
+            Prelude.<*> (x Data..:? "HttpPutResponseHopLimit")
+            Prelude.<*> (x Data..:? "HttpTokens")
+      )
+
+instance
+  Prelude.Hashable
+    AwsAutoScalingLaunchConfigurationMetadataOptions
+  where
+  hashWithSalt
+    _salt
+    AwsAutoScalingLaunchConfigurationMetadataOptions' {..} =
+      _salt
+        `Prelude.hashWithSalt` httpEndpoint
+        `Prelude.hashWithSalt` httpPutResponseHopLimit
+        `Prelude.hashWithSalt` httpTokens
+
+instance
+  Prelude.NFData
+    AwsAutoScalingLaunchConfigurationMetadataOptions
+  where
+  rnf
+    AwsAutoScalingLaunchConfigurationMetadataOptions' {..} =
+      Prelude.rnf httpEndpoint
+        `Prelude.seq` Prelude.rnf httpPutResponseHopLimit
+        `Prelude.seq` Prelude.rnf httpTokens
+
+instance
+  Data.ToJSON
+    AwsAutoScalingLaunchConfigurationMetadataOptions
+  where
+  toJSON
+    AwsAutoScalingLaunchConfigurationMetadataOptions' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("HttpEndpoint" Data..=) Prelude.<$> httpEndpoint,
+              ("HttpPutResponseHopLimit" Data..=)
+                Prelude.<$> httpPutResponseHopLimit,
+              ("HttpTokens" Data..=) Prelude.<$> httpTokens
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanAdvancedBackupSettingsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanAdvancedBackupSettingsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanAdvancedBackupSettingsDetails.hs
@@ -0,0 +1,144 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsBackupBackupPlanAdvancedBackupSettingsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsBackupBackupPlanAdvancedBackupSettingsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides a list of backup options for each resource type.
+--
+-- /See:/ 'newAwsBackupBackupPlanAdvancedBackupSettingsDetails' smart constructor.
+data AwsBackupBackupPlanAdvancedBackupSettingsDetails = AwsBackupBackupPlanAdvancedBackupSettingsDetails'
+  { -- | Specifies the backup option for a selected resource. This option is only
+    -- available for Windows Volume Shadow Copy Service (VSS) backup jobs.
+    -- Valid values are as follows:
+    --
+    -- -   Set to @WindowsVSS: enabled@ to enable the WindowsVSS backup option
+    --     and create a Windows VSS backup.
+    --
+    -- -   Set to @WindowsVSS: disabled@ to create a regular backup. The
+    --     @WindowsVSS@ option is not enabled by default.
+    backupOptions :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The name of a resource type. The only supported resource type is Amazon
+    -- EC2 instances with Windows VSS.
+    --
+    -- The only valid value is @EC2@.
+    resourceType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsBackupBackupPlanAdvancedBackupSettingsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'backupOptions', 'awsBackupBackupPlanAdvancedBackupSettingsDetails_backupOptions' - Specifies the backup option for a selected resource. This option is only
+-- available for Windows Volume Shadow Copy Service (VSS) backup jobs.
+-- Valid values are as follows:
+--
+-- -   Set to @WindowsVSS: enabled@ to enable the WindowsVSS backup option
+--     and create a Windows VSS backup.
+--
+-- -   Set to @WindowsVSS: disabled@ to create a regular backup. The
+--     @WindowsVSS@ option is not enabled by default.
+--
+-- 'resourceType', 'awsBackupBackupPlanAdvancedBackupSettingsDetails_resourceType' - The name of a resource type. The only supported resource type is Amazon
+-- EC2 instances with Windows VSS.
+--
+-- The only valid value is @EC2@.
+newAwsBackupBackupPlanAdvancedBackupSettingsDetails ::
+  AwsBackupBackupPlanAdvancedBackupSettingsDetails
+newAwsBackupBackupPlanAdvancedBackupSettingsDetails =
+  AwsBackupBackupPlanAdvancedBackupSettingsDetails'
+    { backupOptions =
+        Prelude.Nothing,
+      resourceType =
+        Prelude.Nothing
+    }
+
+-- | Specifies the backup option for a selected resource. This option is only
+-- available for Windows Volume Shadow Copy Service (VSS) backup jobs.
+-- Valid values are as follows:
+--
+-- -   Set to @WindowsVSS: enabled@ to enable the WindowsVSS backup option
+--     and create a Windows VSS backup.
+--
+-- -   Set to @WindowsVSS: disabled@ to create a regular backup. The
+--     @WindowsVSS@ option is not enabled by default.
+awsBackupBackupPlanAdvancedBackupSettingsDetails_backupOptions :: Lens.Lens' AwsBackupBackupPlanAdvancedBackupSettingsDetails (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsBackupBackupPlanAdvancedBackupSettingsDetails_backupOptions = Lens.lens (\AwsBackupBackupPlanAdvancedBackupSettingsDetails' {backupOptions} -> backupOptions) (\s@AwsBackupBackupPlanAdvancedBackupSettingsDetails' {} a -> s {backupOptions = a} :: AwsBackupBackupPlanAdvancedBackupSettingsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of a resource type. The only supported resource type is Amazon
+-- EC2 instances with Windows VSS.
+--
+-- The only valid value is @EC2@.
+awsBackupBackupPlanAdvancedBackupSettingsDetails_resourceType :: Lens.Lens' AwsBackupBackupPlanAdvancedBackupSettingsDetails (Prelude.Maybe Prelude.Text)
+awsBackupBackupPlanAdvancedBackupSettingsDetails_resourceType = Lens.lens (\AwsBackupBackupPlanAdvancedBackupSettingsDetails' {resourceType} -> resourceType) (\s@AwsBackupBackupPlanAdvancedBackupSettingsDetails' {} a -> s {resourceType = a} :: AwsBackupBackupPlanAdvancedBackupSettingsDetails)
+
+instance
+  Data.FromJSON
+    AwsBackupBackupPlanAdvancedBackupSettingsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsBackupBackupPlanAdvancedBackupSettingsDetails"
+      ( \x ->
+          AwsBackupBackupPlanAdvancedBackupSettingsDetails'
+            Prelude.<$> (x Data..:? "BackupOptions" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "ResourceType")
+      )
+
+instance
+  Prelude.Hashable
+    AwsBackupBackupPlanAdvancedBackupSettingsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsBackupBackupPlanAdvancedBackupSettingsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` backupOptions
+        `Prelude.hashWithSalt` resourceType
+
+instance
+  Prelude.NFData
+    AwsBackupBackupPlanAdvancedBackupSettingsDetails
+  where
+  rnf
+    AwsBackupBackupPlanAdvancedBackupSettingsDetails' {..} =
+      Prelude.rnf backupOptions
+        `Prelude.seq` Prelude.rnf resourceType
+
+instance
+  Data.ToJSON
+    AwsBackupBackupPlanAdvancedBackupSettingsDetails
+  where
+  toJSON
+    AwsBackupBackupPlanAdvancedBackupSettingsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("BackupOptions" Data..=) Prelude.<$> backupOptions,
+              ("ResourceType" Data..=) Prelude.<$> resourceType
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanBackupPlanDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanBackupPlanDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanBackupPlanDetails.hs
@@ -0,0 +1,136 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsBackupBackupPlanBackupPlanDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsBackupBackupPlanBackupPlanDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanAdvancedBackupSettingsDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanRuleDetails
+
+-- | Provides details about an Backup backup plan and an array of
+-- @BackupRule@ objects, each of which specifies a backup rule.
+--
+-- /See:/ 'newAwsBackupBackupPlanBackupPlanDetails' smart constructor.
+data AwsBackupBackupPlanBackupPlanDetails = AwsBackupBackupPlanBackupPlanDetails'
+  { -- | A list of backup options for each resource type.
+    advancedBackupSettings :: Prelude.Maybe [AwsBackupBackupPlanAdvancedBackupSettingsDetails],
+    -- | The display name of a backup plan.
+    backupPlanName :: Prelude.Maybe Prelude.Text,
+    -- | An array of @BackupRule@ objects, each of which specifies a scheduled
+    -- task that is used to back up a selection of resources.
+    backupPlanRule :: Prelude.Maybe [AwsBackupBackupPlanRuleDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsBackupBackupPlanBackupPlanDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'advancedBackupSettings', 'awsBackupBackupPlanBackupPlanDetails_advancedBackupSettings' - A list of backup options for each resource type.
+--
+-- 'backupPlanName', 'awsBackupBackupPlanBackupPlanDetails_backupPlanName' - The display name of a backup plan.
+--
+-- 'backupPlanRule', 'awsBackupBackupPlanBackupPlanDetails_backupPlanRule' - An array of @BackupRule@ objects, each of which specifies a scheduled
+-- task that is used to back up a selection of resources.
+newAwsBackupBackupPlanBackupPlanDetails ::
+  AwsBackupBackupPlanBackupPlanDetails
+newAwsBackupBackupPlanBackupPlanDetails =
+  AwsBackupBackupPlanBackupPlanDetails'
+    { advancedBackupSettings =
+        Prelude.Nothing,
+      backupPlanName = Prelude.Nothing,
+      backupPlanRule = Prelude.Nothing
+    }
+
+-- | A list of backup options for each resource type.
+awsBackupBackupPlanBackupPlanDetails_advancedBackupSettings :: Lens.Lens' AwsBackupBackupPlanBackupPlanDetails (Prelude.Maybe [AwsBackupBackupPlanAdvancedBackupSettingsDetails])
+awsBackupBackupPlanBackupPlanDetails_advancedBackupSettings = Lens.lens (\AwsBackupBackupPlanBackupPlanDetails' {advancedBackupSettings} -> advancedBackupSettings) (\s@AwsBackupBackupPlanBackupPlanDetails' {} a -> s {advancedBackupSettings = a} :: AwsBackupBackupPlanBackupPlanDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The display name of a backup plan.
+awsBackupBackupPlanBackupPlanDetails_backupPlanName :: Lens.Lens' AwsBackupBackupPlanBackupPlanDetails (Prelude.Maybe Prelude.Text)
+awsBackupBackupPlanBackupPlanDetails_backupPlanName = Lens.lens (\AwsBackupBackupPlanBackupPlanDetails' {backupPlanName} -> backupPlanName) (\s@AwsBackupBackupPlanBackupPlanDetails' {} a -> s {backupPlanName = a} :: AwsBackupBackupPlanBackupPlanDetails)
+
+-- | An array of @BackupRule@ objects, each of which specifies a scheduled
+-- task that is used to back up a selection of resources.
+awsBackupBackupPlanBackupPlanDetails_backupPlanRule :: Lens.Lens' AwsBackupBackupPlanBackupPlanDetails (Prelude.Maybe [AwsBackupBackupPlanRuleDetails])
+awsBackupBackupPlanBackupPlanDetails_backupPlanRule = Lens.lens (\AwsBackupBackupPlanBackupPlanDetails' {backupPlanRule} -> backupPlanRule) (\s@AwsBackupBackupPlanBackupPlanDetails' {} a -> s {backupPlanRule = a} :: AwsBackupBackupPlanBackupPlanDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsBackupBackupPlanBackupPlanDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsBackupBackupPlanBackupPlanDetails"
+      ( \x ->
+          AwsBackupBackupPlanBackupPlanDetails'
+            Prelude.<$> ( x
+                            Data..:? "AdvancedBackupSettings"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "BackupPlanName")
+            Prelude.<*> ( x
+                            Data..:? "BackupPlanRule"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance
+  Prelude.Hashable
+    AwsBackupBackupPlanBackupPlanDetails
+  where
+  hashWithSalt
+    _salt
+    AwsBackupBackupPlanBackupPlanDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` advancedBackupSettings
+        `Prelude.hashWithSalt` backupPlanName
+        `Prelude.hashWithSalt` backupPlanRule
+
+instance
+  Prelude.NFData
+    AwsBackupBackupPlanBackupPlanDetails
+  where
+  rnf AwsBackupBackupPlanBackupPlanDetails' {..} =
+    Prelude.rnf advancedBackupSettings
+      `Prelude.seq` Prelude.rnf backupPlanName
+      `Prelude.seq` Prelude.rnf backupPlanRule
+
+instance
+  Data.ToJSON
+    AwsBackupBackupPlanBackupPlanDetails
+  where
+  toJSON AwsBackupBackupPlanBackupPlanDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AdvancedBackupSettings" Data..=)
+              Prelude.<$> advancedBackupSettings,
+            ("BackupPlanName" Data..=)
+              Prelude.<$> backupPlanName,
+            ("BackupPlanRule" Data..=)
+              Prelude.<$> backupPlanRule
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanDetails.hs
@@ -0,0 +1,128 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsBackupBackupPlanDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsBackupBackupPlanDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanBackupPlanDetails
+
+-- | Provides details about an Backup backup plan and an array of
+-- @BackupRule@ objects, each of which specifies a backup rule.
+--
+-- /See:/ 'newAwsBackupBackupPlanDetails' smart constructor.
+data AwsBackupBackupPlanDetails = AwsBackupBackupPlanDetails'
+  { -- | Uniquely identifies the backup plan to be associated with the selection
+    -- of resources.
+    backupPlan :: Prelude.Maybe AwsBackupBackupPlanBackupPlanDetails,
+    -- | An Amazon Resource Name (ARN) that uniquely identifies the backup plan.
+    backupPlanArn :: Prelude.Maybe Prelude.Text,
+    -- | A unique ID for the backup plan.
+    backupPlanId :: Prelude.Maybe Prelude.Text,
+    -- | Unique, randomly generated, Unicode, UTF-8 encoded strings. Version IDs
+    -- cannot be edited.
+    versionId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsBackupBackupPlanDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'backupPlan', 'awsBackupBackupPlanDetails_backupPlan' - Uniquely identifies the backup plan to be associated with the selection
+-- of resources.
+--
+-- 'backupPlanArn', 'awsBackupBackupPlanDetails_backupPlanArn' - An Amazon Resource Name (ARN) that uniquely identifies the backup plan.
+--
+-- 'backupPlanId', 'awsBackupBackupPlanDetails_backupPlanId' - A unique ID for the backup plan.
+--
+-- 'versionId', 'awsBackupBackupPlanDetails_versionId' - Unique, randomly generated, Unicode, UTF-8 encoded strings. Version IDs
+-- cannot be edited.
+newAwsBackupBackupPlanDetails ::
+  AwsBackupBackupPlanDetails
+newAwsBackupBackupPlanDetails =
+  AwsBackupBackupPlanDetails'
+    { backupPlan =
+        Prelude.Nothing,
+      backupPlanArn = Prelude.Nothing,
+      backupPlanId = Prelude.Nothing,
+      versionId = Prelude.Nothing
+    }
+
+-- | Uniquely identifies the backup plan to be associated with the selection
+-- of resources.
+awsBackupBackupPlanDetails_backupPlan :: Lens.Lens' AwsBackupBackupPlanDetails (Prelude.Maybe AwsBackupBackupPlanBackupPlanDetails)
+awsBackupBackupPlanDetails_backupPlan = Lens.lens (\AwsBackupBackupPlanDetails' {backupPlan} -> backupPlan) (\s@AwsBackupBackupPlanDetails' {} a -> s {backupPlan = a} :: AwsBackupBackupPlanDetails)
+
+-- | An Amazon Resource Name (ARN) that uniquely identifies the backup plan.
+awsBackupBackupPlanDetails_backupPlanArn :: Lens.Lens' AwsBackupBackupPlanDetails (Prelude.Maybe Prelude.Text)
+awsBackupBackupPlanDetails_backupPlanArn = Lens.lens (\AwsBackupBackupPlanDetails' {backupPlanArn} -> backupPlanArn) (\s@AwsBackupBackupPlanDetails' {} a -> s {backupPlanArn = a} :: AwsBackupBackupPlanDetails)
+
+-- | A unique ID for the backup plan.
+awsBackupBackupPlanDetails_backupPlanId :: Lens.Lens' AwsBackupBackupPlanDetails (Prelude.Maybe Prelude.Text)
+awsBackupBackupPlanDetails_backupPlanId = Lens.lens (\AwsBackupBackupPlanDetails' {backupPlanId} -> backupPlanId) (\s@AwsBackupBackupPlanDetails' {} a -> s {backupPlanId = a} :: AwsBackupBackupPlanDetails)
+
+-- | Unique, randomly generated, Unicode, UTF-8 encoded strings. Version IDs
+-- cannot be edited.
+awsBackupBackupPlanDetails_versionId :: Lens.Lens' AwsBackupBackupPlanDetails (Prelude.Maybe Prelude.Text)
+awsBackupBackupPlanDetails_versionId = Lens.lens (\AwsBackupBackupPlanDetails' {versionId} -> versionId) (\s@AwsBackupBackupPlanDetails' {} a -> s {versionId = a} :: AwsBackupBackupPlanDetails)
+
+instance Data.FromJSON AwsBackupBackupPlanDetails where
+  parseJSON =
+    Data.withObject
+      "AwsBackupBackupPlanDetails"
+      ( \x ->
+          AwsBackupBackupPlanDetails'
+            Prelude.<$> (x Data..:? "BackupPlan")
+            Prelude.<*> (x Data..:? "BackupPlanArn")
+            Prelude.<*> (x Data..:? "BackupPlanId")
+            Prelude.<*> (x Data..:? "VersionId")
+      )
+
+instance Prelude.Hashable AwsBackupBackupPlanDetails where
+  hashWithSalt _salt AwsBackupBackupPlanDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` backupPlan
+      `Prelude.hashWithSalt` backupPlanArn
+      `Prelude.hashWithSalt` backupPlanId
+      `Prelude.hashWithSalt` versionId
+
+instance Prelude.NFData AwsBackupBackupPlanDetails where
+  rnf AwsBackupBackupPlanDetails' {..} =
+    Prelude.rnf backupPlan
+      `Prelude.seq` Prelude.rnf backupPlanArn
+      `Prelude.seq` Prelude.rnf backupPlanId
+      `Prelude.seq` Prelude.rnf versionId
+
+instance Data.ToJSON AwsBackupBackupPlanDetails where
+  toJSON AwsBackupBackupPlanDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("BackupPlan" Data..=) Prelude.<$> backupPlan,
+            ("BackupPlanArn" Data..=) Prelude.<$> backupPlanArn,
+            ("BackupPlanId" Data..=) Prelude.<$> backupPlanId,
+            ("VersionId" Data..=) Prelude.<$> versionId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanLifecycleDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanLifecycleDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanLifecycleDetails.hs
@@ -0,0 +1,118 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsBackupBackupPlanLifecycleDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsBackupBackupPlanLifecycleDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides lifecycle details for the backup plan. A lifecycle defines when
+-- a backup is transitioned to cold storage and when it expires.
+--
+-- /See:/ 'newAwsBackupBackupPlanLifecycleDetails' smart constructor.
+data AwsBackupBackupPlanLifecycleDetails = AwsBackupBackupPlanLifecycleDetails'
+  { -- | Specifies the number of days after creation that a recovery point is
+    -- deleted. Must be greater than 90 days plus @MoveToColdStorageAfterDays@.
+    deleteAfterDays :: Prelude.Maybe Prelude.Integer,
+    -- | Specifies the number of days after creation that a recovery point is
+    -- moved to cold storage.
+    moveToColdStorageAfterDays :: Prelude.Maybe Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsBackupBackupPlanLifecycleDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deleteAfterDays', 'awsBackupBackupPlanLifecycleDetails_deleteAfterDays' - Specifies the number of days after creation that a recovery point is
+-- deleted. Must be greater than 90 days plus @MoveToColdStorageAfterDays@.
+--
+-- 'moveToColdStorageAfterDays', 'awsBackupBackupPlanLifecycleDetails_moveToColdStorageAfterDays' - Specifies the number of days after creation that a recovery point is
+-- moved to cold storage.
+newAwsBackupBackupPlanLifecycleDetails ::
+  AwsBackupBackupPlanLifecycleDetails
+newAwsBackupBackupPlanLifecycleDetails =
+  AwsBackupBackupPlanLifecycleDetails'
+    { deleteAfterDays =
+        Prelude.Nothing,
+      moveToColdStorageAfterDays =
+        Prelude.Nothing
+    }
+
+-- | Specifies the number of days after creation that a recovery point is
+-- deleted. Must be greater than 90 days plus @MoveToColdStorageAfterDays@.
+awsBackupBackupPlanLifecycleDetails_deleteAfterDays :: Lens.Lens' AwsBackupBackupPlanLifecycleDetails (Prelude.Maybe Prelude.Integer)
+awsBackupBackupPlanLifecycleDetails_deleteAfterDays = Lens.lens (\AwsBackupBackupPlanLifecycleDetails' {deleteAfterDays} -> deleteAfterDays) (\s@AwsBackupBackupPlanLifecycleDetails' {} a -> s {deleteAfterDays = a} :: AwsBackupBackupPlanLifecycleDetails)
+
+-- | Specifies the number of days after creation that a recovery point is
+-- moved to cold storage.
+awsBackupBackupPlanLifecycleDetails_moveToColdStorageAfterDays :: Lens.Lens' AwsBackupBackupPlanLifecycleDetails (Prelude.Maybe Prelude.Integer)
+awsBackupBackupPlanLifecycleDetails_moveToColdStorageAfterDays = Lens.lens (\AwsBackupBackupPlanLifecycleDetails' {moveToColdStorageAfterDays} -> moveToColdStorageAfterDays) (\s@AwsBackupBackupPlanLifecycleDetails' {} a -> s {moveToColdStorageAfterDays = a} :: AwsBackupBackupPlanLifecycleDetails)
+
+instance
+  Data.FromJSON
+    AwsBackupBackupPlanLifecycleDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsBackupBackupPlanLifecycleDetails"
+      ( \x ->
+          AwsBackupBackupPlanLifecycleDetails'
+            Prelude.<$> (x Data..:? "DeleteAfterDays")
+            Prelude.<*> (x Data..:? "MoveToColdStorageAfterDays")
+      )
+
+instance
+  Prelude.Hashable
+    AwsBackupBackupPlanLifecycleDetails
+  where
+  hashWithSalt
+    _salt
+    AwsBackupBackupPlanLifecycleDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` deleteAfterDays
+        `Prelude.hashWithSalt` moveToColdStorageAfterDays
+
+instance
+  Prelude.NFData
+    AwsBackupBackupPlanLifecycleDetails
+  where
+  rnf AwsBackupBackupPlanLifecycleDetails' {..} =
+    Prelude.rnf deleteAfterDays
+      `Prelude.seq` Prelude.rnf moveToColdStorageAfterDays
+
+instance
+  Data.ToJSON
+    AwsBackupBackupPlanLifecycleDetails
+  where
+  toJSON AwsBackupBackupPlanLifecycleDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DeleteAfterDays" Data..=)
+              Prelude.<$> deleteAfterDays,
+            ("MoveToColdStorageAfterDays" Data..=)
+              Prelude.<$> moveToColdStorageAfterDays
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanRuleCopyActionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanRuleCopyActionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanRuleCopyActionsDetails.hs
@@ -0,0 +1,135 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsBackupBackupPlanRuleCopyActionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsBackupBackupPlanRuleCopyActionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanLifecycleDetails
+
+-- | An array of @CopyAction@ objects, each of which contains details of the
+-- copy operation.
+--
+-- /See:/ 'newAwsBackupBackupPlanRuleCopyActionsDetails' smart constructor.
+data AwsBackupBackupPlanRuleCopyActionsDetails = AwsBackupBackupPlanRuleCopyActionsDetails'
+  { -- | An Amazon Resource Name (ARN) that uniquely identifies the destination
+    -- backup vault for the copied backup.
+    destinationBackupVaultArn :: Prelude.Maybe Prelude.Text,
+    -- | Defines when a protected resource is transitioned to cold storage and
+    -- when it expires. Backup transitions and expires backups automatically
+    -- according to the lifecycle that you define. If you do not specify a
+    -- lifecycle, Backup applies the lifecycle policy of the source backup to
+    -- the destination backup.
+    --
+    -- Backups transitioned to cold storage must be stored in cold storage for
+    -- a minimum of 90 days.
+    lifecycle :: Prelude.Maybe AwsBackupBackupPlanLifecycleDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsBackupBackupPlanRuleCopyActionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'destinationBackupVaultArn', 'awsBackupBackupPlanRuleCopyActionsDetails_destinationBackupVaultArn' - An Amazon Resource Name (ARN) that uniquely identifies the destination
+-- backup vault for the copied backup.
+--
+-- 'lifecycle', 'awsBackupBackupPlanRuleCopyActionsDetails_lifecycle' - Defines when a protected resource is transitioned to cold storage and
+-- when it expires. Backup transitions and expires backups automatically
+-- according to the lifecycle that you define. If you do not specify a
+-- lifecycle, Backup applies the lifecycle policy of the source backup to
+-- the destination backup.
+--
+-- Backups transitioned to cold storage must be stored in cold storage for
+-- a minimum of 90 days.
+newAwsBackupBackupPlanRuleCopyActionsDetails ::
+  AwsBackupBackupPlanRuleCopyActionsDetails
+newAwsBackupBackupPlanRuleCopyActionsDetails =
+  AwsBackupBackupPlanRuleCopyActionsDetails'
+    { destinationBackupVaultArn =
+        Prelude.Nothing,
+      lifecycle = Prelude.Nothing
+    }
+
+-- | An Amazon Resource Name (ARN) that uniquely identifies the destination
+-- backup vault for the copied backup.
+awsBackupBackupPlanRuleCopyActionsDetails_destinationBackupVaultArn :: Lens.Lens' AwsBackupBackupPlanRuleCopyActionsDetails (Prelude.Maybe Prelude.Text)
+awsBackupBackupPlanRuleCopyActionsDetails_destinationBackupVaultArn = Lens.lens (\AwsBackupBackupPlanRuleCopyActionsDetails' {destinationBackupVaultArn} -> destinationBackupVaultArn) (\s@AwsBackupBackupPlanRuleCopyActionsDetails' {} a -> s {destinationBackupVaultArn = a} :: AwsBackupBackupPlanRuleCopyActionsDetails)
+
+-- | Defines when a protected resource is transitioned to cold storage and
+-- when it expires. Backup transitions and expires backups automatically
+-- according to the lifecycle that you define. If you do not specify a
+-- lifecycle, Backup applies the lifecycle policy of the source backup to
+-- the destination backup.
+--
+-- Backups transitioned to cold storage must be stored in cold storage for
+-- a minimum of 90 days.
+awsBackupBackupPlanRuleCopyActionsDetails_lifecycle :: Lens.Lens' AwsBackupBackupPlanRuleCopyActionsDetails (Prelude.Maybe AwsBackupBackupPlanLifecycleDetails)
+awsBackupBackupPlanRuleCopyActionsDetails_lifecycle = Lens.lens (\AwsBackupBackupPlanRuleCopyActionsDetails' {lifecycle} -> lifecycle) (\s@AwsBackupBackupPlanRuleCopyActionsDetails' {} a -> s {lifecycle = a} :: AwsBackupBackupPlanRuleCopyActionsDetails)
+
+instance
+  Data.FromJSON
+    AwsBackupBackupPlanRuleCopyActionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsBackupBackupPlanRuleCopyActionsDetails"
+      ( \x ->
+          AwsBackupBackupPlanRuleCopyActionsDetails'
+            Prelude.<$> (x Data..:? "DestinationBackupVaultArn")
+            Prelude.<*> (x Data..:? "Lifecycle")
+      )
+
+instance
+  Prelude.Hashable
+    AwsBackupBackupPlanRuleCopyActionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsBackupBackupPlanRuleCopyActionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` destinationBackupVaultArn
+        `Prelude.hashWithSalt` lifecycle
+
+instance
+  Prelude.NFData
+    AwsBackupBackupPlanRuleCopyActionsDetails
+  where
+  rnf AwsBackupBackupPlanRuleCopyActionsDetails' {..} =
+    Prelude.rnf destinationBackupVaultArn
+      `Prelude.seq` Prelude.rnf lifecycle
+
+instance
+  Data.ToJSON
+    AwsBackupBackupPlanRuleCopyActionsDetails
+  where
+  toJSON AwsBackupBackupPlanRuleCopyActionsDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DestinationBackupVaultArn" Data..=)
+              Prelude.<$> destinationBackupVaultArn,
+            ("Lifecycle" Data..=) Prelude.<$> lifecycle
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanRuleDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanRuleDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupPlanRuleDetails.hs
@@ -0,0 +1,250 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsBackupBackupPlanRuleDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsBackupBackupPlanRuleDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanLifecycleDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanRuleCopyActionsDetails
+
+-- | Provides details about an array of @BackupRule@ objects, each of which
+-- specifies a scheduled task that is used to back up a selection of
+-- resources.
+--
+-- /See:/ 'newAwsBackupBackupPlanRuleDetails' smart constructor.
+data AwsBackupBackupPlanRuleDetails = AwsBackupBackupPlanRuleDetails'
+  { -- | A value in minutes after a backup job is successfully started before it
+    -- must be completed, or it is canceled by Backup.
+    completionWindowMinutes :: Prelude.Maybe Prelude.Integer,
+    -- | An array of @CopyAction@ objects, each of which contains details of the
+    -- copy operation.
+    copyActions :: Prelude.Maybe [AwsBackupBackupPlanRuleCopyActionsDetails],
+    -- | Specifies whether Backup creates continuous backups capable of
+    -- point-in-time restore (PITR).
+    enableContinuousBackup :: Prelude.Maybe Prelude.Bool,
+    -- | Defines when a protected resource is transitioned to cold storage and
+    -- when it expires. Backup transitions and expires backups automatically
+    -- according to the lifecycle that you define. If you do not specify a
+    -- lifecycle, Backup applies the lifecycle policy of the source backup to
+    -- the destination backup.
+    --
+    -- Backups transitioned to cold storage must be stored in cold storage for
+    -- a minimum of 90 days.
+    lifecycle :: Prelude.Maybe AwsBackupBackupPlanLifecycleDetails,
+    -- | Uniquely identifies a rule that is used to schedule the backup of a
+    -- selection of resources.
+    ruleId :: Prelude.Maybe Prelude.Text,
+    -- | A display name for a backup rule. Must contain 1 to 50 alphanumeric or
+    -- \'-_.\' characters.
+    ruleName :: Prelude.Maybe Prelude.Text,
+    -- | A cron expression in UTC specifying when Backup initiates a backup job.
+    scheduleExpression :: Prelude.Maybe Prelude.Text,
+    -- | A value in minutes after a backup is scheduled before a job will be
+    -- canceled if it doesn\'t start successfully.
+    startWindowMinutes :: Prelude.Maybe Prelude.Integer,
+    -- | The name of a logical container where backups are stored. Backup vaults
+    -- are identified by names that are unique to the Amazon Web Services
+    -- account used to create them and the Amazon Web Services Region where
+    -- they are created. They consist of letters, numbers, and hyphens.
+    targetBackupVault :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsBackupBackupPlanRuleDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'completionWindowMinutes', 'awsBackupBackupPlanRuleDetails_completionWindowMinutes' - A value in minutes after a backup job is successfully started before it
+-- must be completed, or it is canceled by Backup.
+--
+-- 'copyActions', 'awsBackupBackupPlanRuleDetails_copyActions' - An array of @CopyAction@ objects, each of which contains details of the
+-- copy operation.
+--
+-- 'enableContinuousBackup', 'awsBackupBackupPlanRuleDetails_enableContinuousBackup' - Specifies whether Backup creates continuous backups capable of
+-- point-in-time restore (PITR).
+--
+-- 'lifecycle', 'awsBackupBackupPlanRuleDetails_lifecycle' - Defines when a protected resource is transitioned to cold storage and
+-- when it expires. Backup transitions and expires backups automatically
+-- according to the lifecycle that you define. If you do not specify a
+-- lifecycle, Backup applies the lifecycle policy of the source backup to
+-- the destination backup.
+--
+-- Backups transitioned to cold storage must be stored in cold storage for
+-- a minimum of 90 days.
+--
+-- 'ruleId', 'awsBackupBackupPlanRuleDetails_ruleId' - Uniquely identifies a rule that is used to schedule the backup of a
+-- selection of resources.
+--
+-- 'ruleName', 'awsBackupBackupPlanRuleDetails_ruleName' - A display name for a backup rule. Must contain 1 to 50 alphanumeric or
+-- \'-_.\' characters.
+--
+-- 'scheduleExpression', 'awsBackupBackupPlanRuleDetails_scheduleExpression' - A cron expression in UTC specifying when Backup initiates a backup job.
+--
+-- 'startWindowMinutes', 'awsBackupBackupPlanRuleDetails_startWindowMinutes' - A value in minutes after a backup is scheduled before a job will be
+-- canceled if it doesn\'t start successfully.
+--
+-- 'targetBackupVault', 'awsBackupBackupPlanRuleDetails_targetBackupVault' - The name of a logical container where backups are stored. Backup vaults
+-- are identified by names that are unique to the Amazon Web Services
+-- account used to create them and the Amazon Web Services Region where
+-- they are created. They consist of letters, numbers, and hyphens.
+newAwsBackupBackupPlanRuleDetails ::
+  AwsBackupBackupPlanRuleDetails
+newAwsBackupBackupPlanRuleDetails =
+  AwsBackupBackupPlanRuleDetails'
+    { completionWindowMinutes =
+        Prelude.Nothing,
+      copyActions = Prelude.Nothing,
+      enableContinuousBackup = Prelude.Nothing,
+      lifecycle = Prelude.Nothing,
+      ruleId = Prelude.Nothing,
+      ruleName = Prelude.Nothing,
+      scheduleExpression = Prelude.Nothing,
+      startWindowMinutes = Prelude.Nothing,
+      targetBackupVault = Prelude.Nothing
+    }
+
+-- | A value in minutes after a backup job is successfully started before it
+-- must be completed, or it is canceled by Backup.
+awsBackupBackupPlanRuleDetails_completionWindowMinutes :: Lens.Lens' AwsBackupBackupPlanRuleDetails (Prelude.Maybe Prelude.Integer)
+awsBackupBackupPlanRuleDetails_completionWindowMinutes = Lens.lens (\AwsBackupBackupPlanRuleDetails' {completionWindowMinutes} -> completionWindowMinutes) (\s@AwsBackupBackupPlanRuleDetails' {} a -> s {completionWindowMinutes = a} :: AwsBackupBackupPlanRuleDetails)
+
+-- | An array of @CopyAction@ objects, each of which contains details of the
+-- copy operation.
+awsBackupBackupPlanRuleDetails_copyActions :: Lens.Lens' AwsBackupBackupPlanRuleDetails (Prelude.Maybe [AwsBackupBackupPlanRuleCopyActionsDetails])
+awsBackupBackupPlanRuleDetails_copyActions = Lens.lens (\AwsBackupBackupPlanRuleDetails' {copyActions} -> copyActions) (\s@AwsBackupBackupPlanRuleDetails' {} a -> s {copyActions = a} :: AwsBackupBackupPlanRuleDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies whether Backup creates continuous backups capable of
+-- point-in-time restore (PITR).
+awsBackupBackupPlanRuleDetails_enableContinuousBackup :: Lens.Lens' AwsBackupBackupPlanRuleDetails (Prelude.Maybe Prelude.Bool)
+awsBackupBackupPlanRuleDetails_enableContinuousBackup = Lens.lens (\AwsBackupBackupPlanRuleDetails' {enableContinuousBackup} -> enableContinuousBackup) (\s@AwsBackupBackupPlanRuleDetails' {} a -> s {enableContinuousBackup = a} :: AwsBackupBackupPlanRuleDetails)
+
+-- | Defines when a protected resource is transitioned to cold storage and
+-- when it expires. Backup transitions and expires backups automatically
+-- according to the lifecycle that you define. If you do not specify a
+-- lifecycle, Backup applies the lifecycle policy of the source backup to
+-- the destination backup.
+--
+-- Backups transitioned to cold storage must be stored in cold storage for
+-- a minimum of 90 days.
+awsBackupBackupPlanRuleDetails_lifecycle :: Lens.Lens' AwsBackupBackupPlanRuleDetails (Prelude.Maybe AwsBackupBackupPlanLifecycleDetails)
+awsBackupBackupPlanRuleDetails_lifecycle = Lens.lens (\AwsBackupBackupPlanRuleDetails' {lifecycle} -> lifecycle) (\s@AwsBackupBackupPlanRuleDetails' {} a -> s {lifecycle = a} :: AwsBackupBackupPlanRuleDetails)
+
+-- | Uniquely identifies a rule that is used to schedule the backup of a
+-- selection of resources.
+awsBackupBackupPlanRuleDetails_ruleId :: Lens.Lens' AwsBackupBackupPlanRuleDetails (Prelude.Maybe Prelude.Text)
+awsBackupBackupPlanRuleDetails_ruleId = Lens.lens (\AwsBackupBackupPlanRuleDetails' {ruleId} -> ruleId) (\s@AwsBackupBackupPlanRuleDetails' {} a -> s {ruleId = a} :: AwsBackupBackupPlanRuleDetails)
+
+-- | A display name for a backup rule. Must contain 1 to 50 alphanumeric or
+-- \'-_.\' characters.
+awsBackupBackupPlanRuleDetails_ruleName :: Lens.Lens' AwsBackupBackupPlanRuleDetails (Prelude.Maybe Prelude.Text)
+awsBackupBackupPlanRuleDetails_ruleName = Lens.lens (\AwsBackupBackupPlanRuleDetails' {ruleName} -> ruleName) (\s@AwsBackupBackupPlanRuleDetails' {} a -> s {ruleName = a} :: AwsBackupBackupPlanRuleDetails)
+
+-- | A cron expression in UTC specifying when Backup initiates a backup job.
+awsBackupBackupPlanRuleDetails_scheduleExpression :: Lens.Lens' AwsBackupBackupPlanRuleDetails (Prelude.Maybe Prelude.Text)
+awsBackupBackupPlanRuleDetails_scheduleExpression = Lens.lens (\AwsBackupBackupPlanRuleDetails' {scheduleExpression} -> scheduleExpression) (\s@AwsBackupBackupPlanRuleDetails' {} a -> s {scheduleExpression = a} :: AwsBackupBackupPlanRuleDetails)
+
+-- | A value in minutes after a backup is scheduled before a job will be
+-- canceled if it doesn\'t start successfully.
+awsBackupBackupPlanRuleDetails_startWindowMinutes :: Lens.Lens' AwsBackupBackupPlanRuleDetails (Prelude.Maybe Prelude.Integer)
+awsBackupBackupPlanRuleDetails_startWindowMinutes = Lens.lens (\AwsBackupBackupPlanRuleDetails' {startWindowMinutes} -> startWindowMinutes) (\s@AwsBackupBackupPlanRuleDetails' {} a -> s {startWindowMinutes = a} :: AwsBackupBackupPlanRuleDetails)
+
+-- | The name of a logical container where backups are stored. Backup vaults
+-- are identified by names that are unique to the Amazon Web Services
+-- account used to create them and the Amazon Web Services Region where
+-- they are created. They consist of letters, numbers, and hyphens.
+awsBackupBackupPlanRuleDetails_targetBackupVault :: Lens.Lens' AwsBackupBackupPlanRuleDetails (Prelude.Maybe Prelude.Text)
+awsBackupBackupPlanRuleDetails_targetBackupVault = Lens.lens (\AwsBackupBackupPlanRuleDetails' {targetBackupVault} -> targetBackupVault) (\s@AwsBackupBackupPlanRuleDetails' {} a -> s {targetBackupVault = a} :: AwsBackupBackupPlanRuleDetails)
+
+instance Data.FromJSON AwsBackupBackupPlanRuleDetails where
+  parseJSON =
+    Data.withObject
+      "AwsBackupBackupPlanRuleDetails"
+      ( \x ->
+          AwsBackupBackupPlanRuleDetails'
+            Prelude.<$> (x Data..:? "CompletionWindowMinutes")
+            Prelude.<*> (x Data..:? "CopyActions" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "EnableContinuousBackup")
+            Prelude.<*> (x Data..:? "Lifecycle")
+            Prelude.<*> (x Data..:? "RuleId")
+            Prelude.<*> (x Data..:? "RuleName")
+            Prelude.<*> (x Data..:? "ScheduleExpression")
+            Prelude.<*> (x Data..:? "StartWindowMinutes")
+            Prelude.<*> (x Data..:? "TargetBackupVault")
+      )
+
+instance
+  Prelude.Hashable
+    AwsBackupBackupPlanRuleDetails
+  where
+  hashWithSalt
+    _salt
+    AwsBackupBackupPlanRuleDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` completionWindowMinutes
+        `Prelude.hashWithSalt` copyActions
+        `Prelude.hashWithSalt` enableContinuousBackup
+        `Prelude.hashWithSalt` lifecycle
+        `Prelude.hashWithSalt` ruleId
+        `Prelude.hashWithSalt` ruleName
+        `Prelude.hashWithSalt` scheduleExpression
+        `Prelude.hashWithSalt` startWindowMinutes
+        `Prelude.hashWithSalt` targetBackupVault
+
+instance
+  Prelude.NFData
+    AwsBackupBackupPlanRuleDetails
+  where
+  rnf AwsBackupBackupPlanRuleDetails' {..} =
+    Prelude.rnf completionWindowMinutes
+      `Prelude.seq` Prelude.rnf copyActions
+      `Prelude.seq` Prelude.rnf enableContinuousBackup
+      `Prelude.seq` Prelude.rnf lifecycle
+      `Prelude.seq` Prelude.rnf ruleId
+      `Prelude.seq` Prelude.rnf ruleName
+      `Prelude.seq` Prelude.rnf scheduleExpression
+      `Prelude.seq` Prelude.rnf startWindowMinutes
+      `Prelude.seq` Prelude.rnf targetBackupVault
+
+instance Data.ToJSON AwsBackupBackupPlanRuleDetails where
+  toJSON AwsBackupBackupPlanRuleDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CompletionWindowMinutes" Data..=)
+              Prelude.<$> completionWindowMinutes,
+            ("CopyActions" Data..=) Prelude.<$> copyActions,
+            ("EnableContinuousBackup" Data..=)
+              Prelude.<$> enableContinuousBackup,
+            ("Lifecycle" Data..=) Prelude.<$> lifecycle,
+            ("RuleId" Data..=) Prelude.<$> ruleId,
+            ("RuleName" Data..=) Prelude.<$> ruleName,
+            ("ScheduleExpression" Data..=)
+              Prelude.<$> scheduleExpression,
+            ("StartWindowMinutes" Data..=)
+              Prelude.<$> startWindowMinutes,
+            ("TargetBackupVault" Data..=)
+              Prelude.<$> targetBackupVault
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsBackupBackupVaultDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupVaultDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupVaultDetails.hs
@@ -0,0 +1,162 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsBackupBackupVaultDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsBackupBackupVaultDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsBackupBackupVaultNotificationsDetails
+
+-- | Provides details about an Backup backup vault. In Backup, a backup vault
+-- is a container that stores and organizes your backups.
+--
+-- /See:/ 'newAwsBackupBackupVaultDetails' smart constructor.
+data AwsBackupBackupVaultDetails = AwsBackupBackupVaultDetails'
+  { -- | A resource-based policy that is used to manage access permissions on the
+    -- target backup vault.
+    accessPolicy :: Prelude.Maybe Prelude.Text,
+    -- | An Amazon Resource Name (ARN) that uniquely identifies a backup vault.
+    backupVaultArn :: Prelude.Maybe Prelude.Text,
+    -- | The name of a logical container where backups are stored. Backup vaults
+    -- are identified by names that are unique to the Amazon Web Services
+    -- account used to create them and the Amazon Web Services Region where
+    -- they are created. They consist of lowercase letters, numbers, and
+    -- hyphens.
+    backupVaultName :: Prelude.Maybe Prelude.Text,
+    -- | The unique ARN associated with the server-side encryption key. You can
+    -- specify a key to encrypt your backups from services that support full
+    -- Backup management. If you do not specify a key, Backup creates an KMS
+    -- key for you by default.
+    encryptionKeyArn :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon SNS event notifications for the specified backup vault.
+    notifications :: Prelude.Maybe AwsBackupBackupVaultNotificationsDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsBackupBackupVaultDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessPolicy', 'awsBackupBackupVaultDetails_accessPolicy' - A resource-based policy that is used to manage access permissions on the
+-- target backup vault.
+--
+-- 'backupVaultArn', 'awsBackupBackupVaultDetails_backupVaultArn' - An Amazon Resource Name (ARN) that uniquely identifies a backup vault.
+--
+-- 'backupVaultName', 'awsBackupBackupVaultDetails_backupVaultName' - The name of a logical container where backups are stored. Backup vaults
+-- are identified by names that are unique to the Amazon Web Services
+-- account used to create them and the Amazon Web Services Region where
+-- they are created. They consist of lowercase letters, numbers, and
+-- hyphens.
+--
+-- 'encryptionKeyArn', 'awsBackupBackupVaultDetails_encryptionKeyArn' - The unique ARN associated with the server-side encryption key. You can
+-- specify a key to encrypt your backups from services that support full
+-- Backup management. If you do not specify a key, Backup creates an KMS
+-- key for you by default.
+--
+-- 'notifications', 'awsBackupBackupVaultDetails_notifications' - The Amazon SNS event notifications for the specified backup vault.
+newAwsBackupBackupVaultDetails ::
+  AwsBackupBackupVaultDetails
+newAwsBackupBackupVaultDetails =
+  AwsBackupBackupVaultDetails'
+    { accessPolicy =
+        Prelude.Nothing,
+      backupVaultArn = Prelude.Nothing,
+      backupVaultName = Prelude.Nothing,
+      encryptionKeyArn = Prelude.Nothing,
+      notifications = Prelude.Nothing
+    }
+
+-- | A resource-based policy that is used to manage access permissions on the
+-- target backup vault.
+awsBackupBackupVaultDetails_accessPolicy :: Lens.Lens' AwsBackupBackupVaultDetails (Prelude.Maybe Prelude.Text)
+awsBackupBackupVaultDetails_accessPolicy = Lens.lens (\AwsBackupBackupVaultDetails' {accessPolicy} -> accessPolicy) (\s@AwsBackupBackupVaultDetails' {} a -> s {accessPolicy = a} :: AwsBackupBackupVaultDetails)
+
+-- | An Amazon Resource Name (ARN) that uniquely identifies a backup vault.
+awsBackupBackupVaultDetails_backupVaultArn :: Lens.Lens' AwsBackupBackupVaultDetails (Prelude.Maybe Prelude.Text)
+awsBackupBackupVaultDetails_backupVaultArn = Lens.lens (\AwsBackupBackupVaultDetails' {backupVaultArn} -> backupVaultArn) (\s@AwsBackupBackupVaultDetails' {} a -> s {backupVaultArn = a} :: AwsBackupBackupVaultDetails)
+
+-- | The name of a logical container where backups are stored. Backup vaults
+-- are identified by names that are unique to the Amazon Web Services
+-- account used to create them and the Amazon Web Services Region where
+-- they are created. They consist of lowercase letters, numbers, and
+-- hyphens.
+awsBackupBackupVaultDetails_backupVaultName :: Lens.Lens' AwsBackupBackupVaultDetails (Prelude.Maybe Prelude.Text)
+awsBackupBackupVaultDetails_backupVaultName = Lens.lens (\AwsBackupBackupVaultDetails' {backupVaultName} -> backupVaultName) (\s@AwsBackupBackupVaultDetails' {} a -> s {backupVaultName = a} :: AwsBackupBackupVaultDetails)
+
+-- | The unique ARN associated with the server-side encryption key. You can
+-- specify a key to encrypt your backups from services that support full
+-- Backup management. If you do not specify a key, Backup creates an KMS
+-- key for you by default.
+awsBackupBackupVaultDetails_encryptionKeyArn :: Lens.Lens' AwsBackupBackupVaultDetails (Prelude.Maybe Prelude.Text)
+awsBackupBackupVaultDetails_encryptionKeyArn = Lens.lens (\AwsBackupBackupVaultDetails' {encryptionKeyArn} -> encryptionKeyArn) (\s@AwsBackupBackupVaultDetails' {} a -> s {encryptionKeyArn = a} :: AwsBackupBackupVaultDetails)
+
+-- | The Amazon SNS event notifications for the specified backup vault.
+awsBackupBackupVaultDetails_notifications :: Lens.Lens' AwsBackupBackupVaultDetails (Prelude.Maybe AwsBackupBackupVaultNotificationsDetails)
+awsBackupBackupVaultDetails_notifications = Lens.lens (\AwsBackupBackupVaultDetails' {notifications} -> notifications) (\s@AwsBackupBackupVaultDetails' {} a -> s {notifications = a} :: AwsBackupBackupVaultDetails)
+
+instance Data.FromJSON AwsBackupBackupVaultDetails where
+  parseJSON =
+    Data.withObject
+      "AwsBackupBackupVaultDetails"
+      ( \x ->
+          AwsBackupBackupVaultDetails'
+            Prelude.<$> (x Data..:? "AccessPolicy")
+            Prelude.<*> (x Data..:? "BackupVaultArn")
+            Prelude.<*> (x Data..:? "BackupVaultName")
+            Prelude.<*> (x Data..:? "EncryptionKeyArn")
+            Prelude.<*> (x Data..:? "Notifications")
+      )
+
+instance Prelude.Hashable AwsBackupBackupVaultDetails where
+  hashWithSalt _salt AwsBackupBackupVaultDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` accessPolicy
+      `Prelude.hashWithSalt` backupVaultArn
+      `Prelude.hashWithSalt` backupVaultName
+      `Prelude.hashWithSalt` encryptionKeyArn
+      `Prelude.hashWithSalt` notifications
+
+instance Prelude.NFData AwsBackupBackupVaultDetails where
+  rnf AwsBackupBackupVaultDetails' {..} =
+    Prelude.rnf accessPolicy
+      `Prelude.seq` Prelude.rnf backupVaultArn
+      `Prelude.seq` Prelude.rnf backupVaultName
+      `Prelude.seq` Prelude.rnf encryptionKeyArn
+      `Prelude.seq` Prelude.rnf notifications
+
+instance Data.ToJSON AwsBackupBackupVaultDetails where
+  toJSON AwsBackupBackupVaultDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AccessPolicy" Data..=) Prelude.<$> accessPolicy,
+            ("BackupVaultArn" Data..=)
+              Prelude.<$> backupVaultArn,
+            ("BackupVaultName" Data..=)
+              Prelude.<$> backupVaultName,
+            ("EncryptionKeyArn" Data..=)
+              Prelude.<$> encryptionKeyArn,
+            ("Notifications" Data..=) Prelude.<$> notifications
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsBackupBackupVaultNotificationsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupVaultNotificationsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsBackupBackupVaultNotificationsDetails.hs
@@ -0,0 +1,143 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsBackupBackupVaultNotificationsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsBackupBackupVaultNotificationsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about the Amazon SNS event notifications for the
+-- specified backup vault.
+--
+-- /See:/ 'newAwsBackupBackupVaultNotificationsDetails' smart constructor.
+data AwsBackupBackupVaultNotificationsDetails = AwsBackupBackupVaultNotificationsDetails'
+  { -- | An array of events that indicate the status of jobs to back up resources
+    -- to the backup vault. The following events are supported:
+    --
+    -- -   @BACKUP_JOB_STARTED | BACKUP_JOB_COMPLETED@
+    --
+    -- -   @COPY_JOB_STARTED | COPY_JOB_SUCCESSFUL | COPY_JOB_FAILED@
+    --
+    -- -   @RESTORE_JOB_STARTED | RESTORE_JOB_COMPLETED | RECOVERY_POINT_MODIFIED@
+    --
+    -- -   @S3_BACKUP_OBJECT_FAILED | S3_RESTORE_OBJECT_FAILED@
+    backupVaultEvents :: Prelude.Maybe [Prelude.Text],
+    -- | An ARN that uniquely identifies the Amazon SNS topic for a backup
+    -- vault’s events.
+    snsTopicArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsBackupBackupVaultNotificationsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'backupVaultEvents', 'awsBackupBackupVaultNotificationsDetails_backupVaultEvents' - An array of events that indicate the status of jobs to back up resources
+-- to the backup vault. The following events are supported:
+--
+-- -   @BACKUP_JOB_STARTED | BACKUP_JOB_COMPLETED@
+--
+-- -   @COPY_JOB_STARTED | COPY_JOB_SUCCESSFUL | COPY_JOB_FAILED@
+--
+-- -   @RESTORE_JOB_STARTED | RESTORE_JOB_COMPLETED | RECOVERY_POINT_MODIFIED@
+--
+-- -   @S3_BACKUP_OBJECT_FAILED | S3_RESTORE_OBJECT_FAILED@
+--
+-- 'snsTopicArn', 'awsBackupBackupVaultNotificationsDetails_snsTopicArn' - An ARN that uniquely identifies the Amazon SNS topic for a backup
+-- vault’s events.
+newAwsBackupBackupVaultNotificationsDetails ::
+  AwsBackupBackupVaultNotificationsDetails
+newAwsBackupBackupVaultNotificationsDetails =
+  AwsBackupBackupVaultNotificationsDetails'
+    { backupVaultEvents =
+        Prelude.Nothing,
+      snsTopicArn = Prelude.Nothing
+    }
+
+-- | An array of events that indicate the status of jobs to back up resources
+-- to the backup vault. The following events are supported:
+--
+-- -   @BACKUP_JOB_STARTED | BACKUP_JOB_COMPLETED@
+--
+-- -   @COPY_JOB_STARTED | COPY_JOB_SUCCESSFUL | COPY_JOB_FAILED@
+--
+-- -   @RESTORE_JOB_STARTED | RESTORE_JOB_COMPLETED | RECOVERY_POINT_MODIFIED@
+--
+-- -   @S3_BACKUP_OBJECT_FAILED | S3_RESTORE_OBJECT_FAILED@
+awsBackupBackupVaultNotificationsDetails_backupVaultEvents :: Lens.Lens' AwsBackupBackupVaultNotificationsDetails (Prelude.Maybe [Prelude.Text])
+awsBackupBackupVaultNotificationsDetails_backupVaultEvents = Lens.lens (\AwsBackupBackupVaultNotificationsDetails' {backupVaultEvents} -> backupVaultEvents) (\s@AwsBackupBackupVaultNotificationsDetails' {} a -> s {backupVaultEvents = a} :: AwsBackupBackupVaultNotificationsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | An ARN that uniquely identifies the Amazon SNS topic for a backup
+-- vault’s events.
+awsBackupBackupVaultNotificationsDetails_snsTopicArn :: Lens.Lens' AwsBackupBackupVaultNotificationsDetails (Prelude.Maybe Prelude.Text)
+awsBackupBackupVaultNotificationsDetails_snsTopicArn = Lens.lens (\AwsBackupBackupVaultNotificationsDetails' {snsTopicArn} -> snsTopicArn) (\s@AwsBackupBackupVaultNotificationsDetails' {} a -> s {snsTopicArn = a} :: AwsBackupBackupVaultNotificationsDetails)
+
+instance
+  Data.FromJSON
+    AwsBackupBackupVaultNotificationsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsBackupBackupVaultNotificationsDetails"
+      ( \x ->
+          AwsBackupBackupVaultNotificationsDetails'
+            Prelude.<$> ( x
+                            Data..:? "BackupVaultEvents"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "SnsTopicArn")
+      )
+
+instance
+  Prelude.Hashable
+    AwsBackupBackupVaultNotificationsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsBackupBackupVaultNotificationsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` backupVaultEvents
+        `Prelude.hashWithSalt` snsTopicArn
+
+instance
+  Prelude.NFData
+    AwsBackupBackupVaultNotificationsDetails
+  where
+  rnf AwsBackupBackupVaultNotificationsDetails' {..} =
+    Prelude.rnf backupVaultEvents
+      `Prelude.seq` Prelude.rnf snsTopicArn
+
+instance
+  Data.ToJSON
+    AwsBackupBackupVaultNotificationsDetails
+  where
+  toJSON AwsBackupBackupVaultNotificationsDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("BackupVaultEvents" Data..=)
+              Prelude.<$> backupVaultEvents,
+            ("SnsTopicArn" Data..=) Prelude.<$> snsTopicArn
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsBackupRecoveryPointCalculatedLifecycleDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsBackupRecoveryPointCalculatedLifecycleDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsBackupRecoveryPointCalculatedLifecycleDetails.hs
@@ -0,0 +1,119 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsBackupRecoveryPointCalculatedLifecycleDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsBackupRecoveryPointCalculatedLifecycleDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies how long in days before a recovery point transitions to cold
+-- storage or is deleted.
+--
+-- /See:/ 'newAwsBackupRecoveryPointCalculatedLifecycleDetails' smart constructor.
+data AwsBackupRecoveryPointCalculatedLifecycleDetails = AwsBackupRecoveryPointCalculatedLifecycleDetails'
+  { -- | Specifies the number of days after creation that a recovery point is
+    -- deleted. Must be greater than 90 days plus @MoveToColdStorageAfterDays@.
+    deleteAt :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the number of days after creation that a recovery point is
+    -- moved to cold storage.
+    moveToColdStorageAt :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsBackupRecoveryPointCalculatedLifecycleDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deleteAt', 'awsBackupRecoveryPointCalculatedLifecycleDetails_deleteAt' - Specifies the number of days after creation that a recovery point is
+-- deleted. Must be greater than 90 days plus @MoveToColdStorageAfterDays@.
+--
+-- 'moveToColdStorageAt', 'awsBackupRecoveryPointCalculatedLifecycleDetails_moveToColdStorageAt' - Specifies the number of days after creation that a recovery point is
+-- moved to cold storage.
+newAwsBackupRecoveryPointCalculatedLifecycleDetails ::
+  AwsBackupRecoveryPointCalculatedLifecycleDetails
+newAwsBackupRecoveryPointCalculatedLifecycleDetails =
+  AwsBackupRecoveryPointCalculatedLifecycleDetails'
+    { deleteAt =
+        Prelude.Nothing,
+      moveToColdStorageAt =
+        Prelude.Nothing
+    }
+
+-- | Specifies the number of days after creation that a recovery point is
+-- deleted. Must be greater than 90 days plus @MoveToColdStorageAfterDays@.
+awsBackupRecoveryPointCalculatedLifecycleDetails_deleteAt :: Lens.Lens' AwsBackupRecoveryPointCalculatedLifecycleDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointCalculatedLifecycleDetails_deleteAt = Lens.lens (\AwsBackupRecoveryPointCalculatedLifecycleDetails' {deleteAt} -> deleteAt) (\s@AwsBackupRecoveryPointCalculatedLifecycleDetails' {} a -> s {deleteAt = a} :: AwsBackupRecoveryPointCalculatedLifecycleDetails)
+
+-- | Specifies the number of days after creation that a recovery point is
+-- moved to cold storage.
+awsBackupRecoveryPointCalculatedLifecycleDetails_moveToColdStorageAt :: Lens.Lens' AwsBackupRecoveryPointCalculatedLifecycleDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointCalculatedLifecycleDetails_moveToColdStorageAt = Lens.lens (\AwsBackupRecoveryPointCalculatedLifecycleDetails' {moveToColdStorageAt} -> moveToColdStorageAt) (\s@AwsBackupRecoveryPointCalculatedLifecycleDetails' {} a -> s {moveToColdStorageAt = a} :: AwsBackupRecoveryPointCalculatedLifecycleDetails)
+
+instance
+  Data.FromJSON
+    AwsBackupRecoveryPointCalculatedLifecycleDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsBackupRecoveryPointCalculatedLifecycleDetails"
+      ( \x ->
+          AwsBackupRecoveryPointCalculatedLifecycleDetails'
+            Prelude.<$> (x Data..:? "DeleteAt")
+            Prelude.<*> (x Data..:? "MoveToColdStorageAt")
+      )
+
+instance
+  Prelude.Hashable
+    AwsBackupRecoveryPointCalculatedLifecycleDetails
+  where
+  hashWithSalt
+    _salt
+    AwsBackupRecoveryPointCalculatedLifecycleDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` deleteAt
+        `Prelude.hashWithSalt` moveToColdStorageAt
+
+instance
+  Prelude.NFData
+    AwsBackupRecoveryPointCalculatedLifecycleDetails
+  where
+  rnf
+    AwsBackupRecoveryPointCalculatedLifecycleDetails' {..} =
+      Prelude.rnf deleteAt
+        `Prelude.seq` Prelude.rnf moveToColdStorageAt
+
+instance
+  Data.ToJSON
+    AwsBackupRecoveryPointCalculatedLifecycleDetails
+  where
+  toJSON
+    AwsBackupRecoveryPointCalculatedLifecycleDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DeleteAt" Data..=) Prelude.<$> deleteAt,
+              ("MoveToColdStorageAt" Data..=)
+                Prelude.<$> moveToColdStorageAt
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsBackupRecoveryPointCreatedByDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsBackupRecoveryPointCreatedByDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsBackupRecoveryPointCreatedByDetails.hs
@@ -0,0 +1,142 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsBackupRecoveryPointCreatedByDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsBackupRecoveryPointCreatedByDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the backup plan and rule that Backup used to
+-- initiate the recovery point backup.
+--
+-- /See:/ 'newAwsBackupRecoveryPointCreatedByDetails' smart constructor.
+data AwsBackupRecoveryPointCreatedByDetails = AwsBackupRecoveryPointCreatedByDetails'
+  { -- | An Amazon Resource Name (ARN) that uniquely identifies a backup plan.
+    backupPlanArn :: Prelude.Maybe Prelude.Text,
+    -- | Uniquely identifies a backup plan.
+    backupPlanId :: Prelude.Maybe Prelude.Text,
+    -- | Unique, randomly generated, Unicode, UTF-8 encoded strings that are at
+    -- most 1,024 bytes long. Version IDs cannot be edited.
+    backupPlanVersion :: Prelude.Maybe Prelude.Text,
+    -- | Uniquely identifies a rule used to schedule the backup of a selection of
+    -- resources.
+    backupRuleId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsBackupRecoveryPointCreatedByDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'backupPlanArn', 'awsBackupRecoveryPointCreatedByDetails_backupPlanArn' - An Amazon Resource Name (ARN) that uniquely identifies a backup plan.
+--
+-- 'backupPlanId', 'awsBackupRecoveryPointCreatedByDetails_backupPlanId' - Uniquely identifies a backup plan.
+--
+-- 'backupPlanVersion', 'awsBackupRecoveryPointCreatedByDetails_backupPlanVersion' - Unique, randomly generated, Unicode, UTF-8 encoded strings that are at
+-- most 1,024 bytes long. Version IDs cannot be edited.
+--
+-- 'backupRuleId', 'awsBackupRecoveryPointCreatedByDetails_backupRuleId' - Uniquely identifies a rule used to schedule the backup of a selection of
+-- resources.
+newAwsBackupRecoveryPointCreatedByDetails ::
+  AwsBackupRecoveryPointCreatedByDetails
+newAwsBackupRecoveryPointCreatedByDetails =
+  AwsBackupRecoveryPointCreatedByDetails'
+    { backupPlanArn =
+        Prelude.Nothing,
+      backupPlanId = Prelude.Nothing,
+      backupPlanVersion = Prelude.Nothing,
+      backupRuleId = Prelude.Nothing
+    }
+
+-- | An Amazon Resource Name (ARN) that uniquely identifies a backup plan.
+awsBackupRecoveryPointCreatedByDetails_backupPlanArn :: Lens.Lens' AwsBackupRecoveryPointCreatedByDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointCreatedByDetails_backupPlanArn = Lens.lens (\AwsBackupRecoveryPointCreatedByDetails' {backupPlanArn} -> backupPlanArn) (\s@AwsBackupRecoveryPointCreatedByDetails' {} a -> s {backupPlanArn = a} :: AwsBackupRecoveryPointCreatedByDetails)
+
+-- | Uniquely identifies a backup plan.
+awsBackupRecoveryPointCreatedByDetails_backupPlanId :: Lens.Lens' AwsBackupRecoveryPointCreatedByDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointCreatedByDetails_backupPlanId = Lens.lens (\AwsBackupRecoveryPointCreatedByDetails' {backupPlanId} -> backupPlanId) (\s@AwsBackupRecoveryPointCreatedByDetails' {} a -> s {backupPlanId = a} :: AwsBackupRecoveryPointCreatedByDetails)
+
+-- | Unique, randomly generated, Unicode, UTF-8 encoded strings that are at
+-- most 1,024 bytes long. Version IDs cannot be edited.
+awsBackupRecoveryPointCreatedByDetails_backupPlanVersion :: Lens.Lens' AwsBackupRecoveryPointCreatedByDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointCreatedByDetails_backupPlanVersion = Lens.lens (\AwsBackupRecoveryPointCreatedByDetails' {backupPlanVersion} -> backupPlanVersion) (\s@AwsBackupRecoveryPointCreatedByDetails' {} a -> s {backupPlanVersion = a} :: AwsBackupRecoveryPointCreatedByDetails)
+
+-- | Uniquely identifies a rule used to schedule the backup of a selection of
+-- resources.
+awsBackupRecoveryPointCreatedByDetails_backupRuleId :: Lens.Lens' AwsBackupRecoveryPointCreatedByDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointCreatedByDetails_backupRuleId = Lens.lens (\AwsBackupRecoveryPointCreatedByDetails' {backupRuleId} -> backupRuleId) (\s@AwsBackupRecoveryPointCreatedByDetails' {} a -> s {backupRuleId = a} :: AwsBackupRecoveryPointCreatedByDetails)
+
+instance
+  Data.FromJSON
+    AwsBackupRecoveryPointCreatedByDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsBackupRecoveryPointCreatedByDetails"
+      ( \x ->
+          AwsBackupRecoveryPointCreatedByDetails'
+            Prelude.<$> (x Data..:? "BackupPlanArn")
+            Prelude.<*> (x Data..:? "BackupPlanId")
+            Prelude.<*> (x Data..:? "BackupPlanVersion")
+            Prelude.<*> (x Data..:? "BackupRuleId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsBackupRecoveryPointCreatedByDetails
+  where
+  hashWithSalt
+    _salt
+    AwsBackupRecoveryPointCreatedByDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` backupPlanArn
+        `Prelude.hashWithSalt` backupPlanId
+        `Prelude.hashWithSalt` backupPlanVersion
+        `Prelude.hashWithSalt` backupRuleId
+
+instance
+  Prelude.NFData
+    AwsBackupRecoveryPointCreatedByDetails
+  where
+  rnf AwsBackupRecoveryPointCreatedByDetails' {..} =
+    Prelude.rnf backupPlanArn
+      `Prelude.seq` Prelude.rnf backupPlanId
+      `Prelude.seq` Prelude.rnf backupPlanVersion
+      `Prelude.seq` Prelude.rnf backupRuleId
+
+instance
+  Data.ToJSON
+    AwsBackupRecoveryPointCreatedByDetails
+  where
+  toJSON AwsBackupRecoveryPointCreatedByDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("BackupPlanArn" Data..=) Prelude.<$> backupPlanArn,
+            ("BackupPlanId" Data..=) Prelude.<$> backupPlanId,
+            ("BackupPlanVersion" Data..=)
+              Prelude.<$> backupPlanVersion,
+            ("BackupRuleId" Data..=) Prelude.<$> backupRuleId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsBackupRecoveryPointDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsBackupRecoveryPointDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsBackupRecoveryPointDetails.hs
@@ -0,0 +1,452 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsBackupRecoveryPointDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsBackupRecoveryPointDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsBackupRecoveryPointCalculatedLifecycleDetails
+import Amazonka.SecurityHub.Types.AwsBackupRecoveryPointCreatedByDetails
+import Amazonka.SecurityHub.Types.AwsBackupRecoveryPointLifecycleDetails
+
+-- | Contains detailed information about the recovery points stored in an
+-- Backup backup vault. A backup, or recovery point, represents the content
+-- of a resource at a specified time.
+--
+-- /See:/ 'newAwsBackupRecoveryPointDetails' smart constructor.
+data AwsBackupRecoveryPointDetails = AwsBackupRecoveryPointDetails'
+  { -- | The size, in bytes, of a backup.
+    backupSizeInBytes :: Prelude.Maybe Prelude.Integer,
+    -- | An Amazon Resource Name (ARN) that uniquely identifies a backup vault.
+    backupVaultArn :: Prelude.Maybe Prelude.Text,
+    -- | The name of a logical container where backups are stored. Backup vaults
+    -- are identified by names that are unique to the Amazon Web Services
+    -- account used to create them and the Amazon Web Services Region where
+    -- they are created. They consist of lowercase letters, numbers, and
+    -- hyphens.
+    backupVaultName :: Prelude.Maybe Prelude.Text,
+    -- | A @CalculatedLifecycle@ object containing @DeleteAt@ and
+    -- @MoveToColdStorageAt@ timestamps.
+    calculatedLifecycle :: Prelude.Maybe AwsBackupRecoveryPointCalculatedLifecycleDetails,
+    -- | The date and time that a job to create a recovery point is completed, in
+    -- Unix format and UTC. The value of @CompletionDate@ is accurate to
+    -- milliseconds. For example, the value 1516925490.087 represents Friday,
+    -- January 26, 2018 12:11:30.087 AM.
+    completionDate :: Prelude.Maybe Prelude.Text,
+    -- | Contains identifying information about the creation of a recovery point,
+    -- including the @BackupPlanArn@, @BackupPlanId@, @BackupPlanVersion@, and
+    -- @BackupRuleId@ of the backup plan that is used to create it.
+    createdBy :: Prelude.Maybe AwsBackupRecoveryPointCreatedByDetails,
+    -- | The date and time a recovery point is created, in Unix format and UTC.
+    -- The value of @CreationDate@ is accurate to milliseconds. For example,
+    -- the value 1516925490.087 represents Friday, January 26, 2018
+    -- 12:11:30.087 AM.
+    creationDate :: Prelude.Maybe Prelude.Text,
+    -- | The ARN for the server-side encryption key that is used to protect your
+    -- backups.
+    encryptionKeyArn :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the IAM role ARN used to create the target recovery point
+    iamRoleArn :: Prelude.Maybe Prelude.Text,
+    -- | A Boolean value that is returned as @TRUE@ if the specified recovery
+    -- point is encrypted, or @FALSE@ if the recovery point is not encrypted.
+    isEncrypted :: Prelude.Maybe Prelude.Bool,
+    -- | The date and time that a recovery point was last restored, in Unix
+    -- format and UTC. The value of @LastRestoreTime@ is accurate to
+    -- milliseconds. For example, the value 1516925490.087 represents Friday,
+    -- January 26, 2018 12:11:30.087 AM.
+    lastRestoreTime :: Prelude.Maybe Prelude.Text,
+    -- | The lifecycle defines when a protected resource is transitioned to cold
+    -- storage and when it expires. Backup transitions and expires backups
+    -- automatically according to the lifecycle that you define
+    lifecycle :: Prelude.Maybe AwsBackupRecoveryPointLifecycleDetails,
+    -- | An ARN that uniquely identifies a recovery point.
+    recoveryPointArn :: Prelude.Maybe Prelude.Text,
+    -- | An ARN that uniquely identifies a resource. The format of the ARN
+    -- depends on the resource type.
+    resourceArn :: Prelude.Maybe Prelude.Text,
+    -- | The type of Amazon Web Services resource saved as a recovery point, such
+    -- as an Amazon EBS volume or an Amazon RDS database.
+    resourceType :: Prelude.Maybe Prelude.Text,
+    -- | The ARN for the backup vault where the recovery point was originally
+    -- copied from. If the recovery point is restored to the same account, this
+    -- value will be null.
+    sourceBackupVaultArn :: Prelude.Maybe Prelude.Text,
+    -- | A status code specifying the state of the recovery point. Valid values
+    -- are as follows:
+    --
+    -- -   @COMPLETED@
+    --
+    -- -   @DELETING@
+    --
+    -- -   @EXPIRED@
+    --
+    -- -   @PARTIAL@
+    status :: Prelude.Maybe Prelude.Text,
+    -- | A message explaining the reason of the recovery point deletion failure.
+    statusMessage :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the storage class of the recovery point. Valid values are as
+    -- follows:
+    --
+    -- -   @COLD@
+    --
+    -- -   @DELETED@
+    --
+    -- -   @WARM@
+    storageClass :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsBackupRecoveryPointDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'backupSizeInBytes', 'awsBackupRecoveryPointDetails_backupSizeInBytes' - The size, in bytes, of a backup.
+--
+-- 'backupVaultArn', 'awsBackupRecoveryPointDetails_backupVaultArn' - An Amazon Resource Name (ARN) that uniquely identifies a backup vault.
+--
+-- 'backupVaultName', 'awsBackupRecoveryPointDetails_backupVaultName' - The name of a logical container where backups are stored. Backup vaults
+-- are identified by names that are unique to the Amazon Web Services
+-- account used to create them and the Amazon Web Services Region where
+-- they are created. They consist of lowercase letters, numbers, and
+-- hyphens.
+--
+-- 'calculatedLifecycle', 'awsBackupRecoveryPointDetails_calculatedLifecycle' - A @CalculatedLifecycle@ object containing @DeleteAt@ and
+-- @MoveToColdStorageAt@ timestamps.
+--
+-- 'completionDate', 'awsBackupRecoveryPointDetails_completionDate' - The date and time that a job to create a recovery point is completed, in
+-- Unix format and UTC. The value of @CompletionDate@ is accurate to
+-- milliseconds. For example, the value 1516925490.087 represents Friday,
+-- January 26, 2018 12:11:30.087 AM.
+--
+-- 'createdBy', 'awsBackupRecoveryPointDetails_createdBy' - Contains identifying information about the creation of a recovery point,
+-- including the @BackupPlanArn@, @BackupPlanId@, @BackupPlanVersion@, and
+-- @BackupRuleId@ of the backup plan that is used to create it.
+--
+-- 'creationDate', 'awsBackupRecoveryPointDetails_creationDate' - The date and time a recovery point is created, in Unix format and UTC.
+-- The value of @CreationDate@ is accurate to milliseconds. For example,
+-- the value 1516925490.087 represents Friday, January 26, 2018
+-- 12:11:30.087 AM.
+--
+-- 'encryptionKeyArn', 'awsBackupRecoveryPointDetails_encryptionKeyArn' - The ARN for the server-side encryption key that is used to protect your
+-- backups.
+--
+-- 'iamRoleArn', 'awsBackupRecoveryPointDetails_iamRoleArn' - Specifies the IAM role ARN used to create the target recovery point
+--
+-- 'isEncrypted', 'awsBackupRecoveryPointDetails_isEncrypted' - A Boolean value that is returned as @TRUE@ if the specified recovery
+-- point is encrypted, or @FALSE@ if the recovery point is not encrypted.
+--
+-- 'lastRestoreTime', 'awsBackupRecoveryPointDetails_lastRestoreTime' - The date and time that a recovery point was last restored, in Unix
+-- format and UTC. The value of @LastRestoreTime@ is accurate to
+-- milliseconds. For example, the value 1516925490.087 represents Friday,
+-- January 26, 2018 12:11:30.087 AM.
+--
+-- 'lifecycle', 'awsBackupRecoveryPointDetails_lifecycle' - The lifecycle defines when a protected resource is transitioned to cold
+-- storage and when it expires. Backup transitions and expires backups
+-- automatically according to the lifecycle that you define
+--
+-- 'recoveryPointArn', 'awsBackupRecoveryPointDetails_recoveryPointArn' - An ARN that uniquely identifies a recovery point.
+--
+-- 'resourceArn', 'awsBackupRecoveryPointDetails_resourceArn' - An ARN that uniquely identifies a resource. The format of the ARN
+-- depends on the resource type.
+--
+-- 'resourceType', 'awsBackupRecoveryPointDetails_resourceType' - The type of Amazon Web Services resource saved as a recovery point, such
+-- as an Amazon EBS volume or an Amazon RDS database.
+--
+-- 'sourceBackupVaultArn', 'awsBackupRecoveryPointDetails_sourceBackupVaultArn' - The ARN for the backup vault where the recovery point was originally
+-- copied from. If the recovery point is restored to the same account, this
+-- value will be null.
+--
+-- 'status', 'awsBackupRecoveryPointDetails_status' - A status code specifying the state of the recovery point. Valid values
+-- are as follows:
+--
+-- -   @COMPLETED@
+--
+-- -   @DELETING@
+--
+-- -   @EXPIRED@
+--
+-- -   @PARTIAL@
+--
+-- 'statusMessage', 'awsBackupRecoveryPointDetails_statusMessage' - A message explaining the reason of the recovery point deletion failure.
+--
+-- 'storageClass', 'awsBackupRecoveryPointDetails_storageClass' - Specifies the storage class of the recovery point. Valid values are as
+-- follows:
+--
+-- -   @COLD@
+--
+-- -   @DELETED@
+--
+-- -   @WARM@
+newAwsBackupRecoveryPointDetails ::
+  AwsBackupRecoveryPointDetails
+newAwsBackupRecoveryPointDetails =
+  AwsBackupRecoveryPointDetails'
+    { backupSizeInBytes =
+        Prelude.Nothing,
+      backupVaultArn = Prelude.Nothing,
+      backupVaultName = Prelude.Nothing,
+      calculatedLifecycle = Prelude.Nothing,
+      completionDate = Prelude.Nothing,
+      createdBy = Prelude.Nothing,
+      creationDate = Prelude.Nothing,
+      encryptionKeyArn = Prelude.Nothing,
+      iamRoleArn = Prelude.Nothing,
+      isEncrypted = Prelude.Nothing,
+      lastRestoreTime = Prelude.Nothing,
+      lifecycle = Prelude.Nothing,
+      recoveryPointArn = Prelude.Nothing,
+      resourceArn = Prelude.Nothing,
+      resourceType = Prelude.Nothing,
+      sourceBackupVaultArn = Prelude.Nothing,
+      status = Prelude.Nothing,
+      statusMessage = Prelude.Nothing,
+      storageClass = Prelude.Nothing
+    }
+
+-- | The size, in bytes, of a backup.
+awsBackupRecoveryPointDetails_backupSizeInBytes :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Integer)
+awsBackupRecoveryPointDetails_backupSizeInBytes = Lens.lens (\AwsBackupRecoveryPointDetails' {backupSizeInBytes} -> backupSizeInBytes) (\s@AwsBackupRecoveryPointDetails' {} a -> s {backupSizeInBytes = a} :: AwsBackupRecoveryPointDetails)
+
+-- | An Amazon Resource Name (ARN) that uniquely identifies a backup vault.
+awsBackupRecoveryPointDetails_backupVaultArn :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointDetails_backupVaultArn = Lens.lens (\AwsBackupRecoveryPointDetails' {backupVaultArn} -> backupVaultArn) (\s@AwsBackupRecoveryPointDetails' {} a -> s {backupVaultArn = a} :: AwsBackupRecoveryPointDetails)
+
+-- | The name of a logical container where backups are stored. Backup vaults
+-- are identified by names that are unique to the Amazon Web Services
+-- account used to create them and the Amazon Web Services Region where
+-- they are created. They consist of lowercase letters, numbers, and
+-- hyphens.
+awsBackupRecoveryPointDetails_backupVaultName :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointDetails_backupVaultName = Lens.lens (\AwsBackupRecoveryPointDetails' {backupVaultName} -> backupVaultName) (\s@AwsBackupRecoveryPointDetails' {} a -> s {backupVaultName = a} :: AwsBackupRecoveryPointDetails)
+
+-- | A @CalculatedLifecycle@ object containing @DeleteAt@ and
+-- @MoveToColdStorageAt@ timestamps.
+awsBackupRecoveryPointDetails_calculatedLifecycle :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe AwsBackupRecoveryPointCalculatedLifecycleDetails)
+awsBackupRecoveryPointDetails_calculatedLifecycle = Lens.lens (\AwsBackupRecoveryPointDetails' {calculatedLifecycle} -> calculatedLifecycle) (\s@AwsBackupRecoveryPointDetails' {} a -> s {calculatedLifecycle = a} :: AwsBackupRecoveryPointDetails)
+
+-- | The date and time that a job to create a recovery point is completed, in
+-- Unix format and UTC. The value of @CompletionDate@ is accurate to
+-- milliseconds. For example, the value 1516925490.087 represents Friday,
+-- January 26, 2018 12:11:30.087 AM.
+awsBackupRecoveryPointDetails_completionDate :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointDetails_completionDate = Lens.lens (\AwsBackupRecoveryPointDetails' {completionDate} -> completionDate) (\s@AwsBackupRecoveryPointDetails' {} a -> s {completionDate = a} :: AwsBackupRecoveryPointDetails)
+
+-- | Contains identifying information about the creation of a recovery point,
+-- including the @BackupPlanArn@, @BackupPlanId@, @BackupPlanVersion@, and
+-- @BackupRuleId@ of the backup plan that is used to create it.
+awsBackupRecoveryPointDetails_createdBy :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe AwsBackupRecoveryPointCreatedByDetails)
+awsBackupRecoveryPointDetails_createdBy = Lens.lens (\AwsBackupRecoveryPointDetails' {createdBy} -> createdBy) (\s@AwsBackupRecoveryPointDetails' {} a -> s {createdBy = a} :: AwsBackupRecoveryPointDetails)
+
+-- | The date and time a recovery point is created, in Unix format and UTC.
+-- The value of @CreationDate@ is accurate to milliseconds. For example,
+-- the value 1516925490.087 represents Friday, January 26, 2018
+-- 12:11:30.087 AM.
+awsBackupRecoveryPointDetails_creationDate :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointDetails_creationDate = Lens.lens (\AwsBackupRecoveryPointDetails' {creationDate} -> creationDate) (\s@AwsBackupRecoveryPointDetails' {} a -> s {creationDate = a} :: AwsBackupRecoveryPointDetails)
+
+-- | The ARN for the server-side encryption key that is used to protect your
+-- backups.
+awsBackupRecoveryPointDetails_encryptionKeyArn :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointDetails_encryptionKeyArn = Lens.lens (\AwsBackupRecoveryPointDetails' {encryptionKeyArn} -> encryptionKeyArn) (\s@AwsBackupRecoveryPointDetails' {} a -> s {encryptionKeyArn = a} :: AwsBackupRecoveryPointDetails)
+
+-- | Specifies the IAM role ARN used to create the target recovery point
+awsBackupRecoveryPointDetails_iamRoleArn :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointDetails_iamRoleArn = Lens.lens (\AwsBackupRecoveryPointDetails' {iamRoleArn} -> iamRoleArn) (\s@AwsBackupRecoveryPointDetails' {} a -> s {iamRoleArn = a} :: AwsBackupRecoveryPointDetails)
+
+-- | A Boolean value that is returned as @TRUE@ if the specified recovery
+-- point is encrypted, or @FALSE@ if the recovery point is not encrypted.
+awsBackupRecoveryPointDetails_isEncrypted :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Bool)
+awsBackupRecoveryPointDetails_isEncrypted = Lens.lens (\AwsBackupRecoveryPointDetails' {isEncrypted} -> isEncrypted) (\s@AwsBackupRecoveryPointDetails' {} a -> s {isEncrypted = a} :: AwsBackupRecoveryPointDetails)
+
+-- | The date and time that a recovery point was last restored, in Unix
+-- format and UTC. The value of @LastRestoreTime@ is accurate to
+-- milliseconds. For example, the value 1516925490.087 represents Friday,
+-- January 26, 2018 12:11:30.087 AM.
+awsBackupRecoveryPointDetails_lastRestoreTime :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointDetails_lastRestoreTime = Lens.lens (\AwsBackupRecoveryPointDetails' {lastRestoreTime} -> lastRestoreTime) (\s@AwsBackupRecoveryPointDetails' {} a -> s {lastRestoreTime = a} :: AwsBackupRecoveryPointDetails)
+
+-- | The lifecycle defines when a protected resource is transitioned to cold
+-- storage and when it expires. Backup transitions and expires backups
+-- automatically according to the lifecycle that you define
+awsBackupRecoveryPointDetails_lifecycle :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe AwsBackupRecoveryPointLifecycleDetails)
+awsBackupRecoveryPointDetails_lifecycle = Lens.lens (\AwsBackupRecoveryPointDetails' {lifecycle} -> lifecycle) (\s@AwsBackupRecoveryPointDetails' {} a -> s {lifecycle = a} :: AwsBackupRecoveryPointDetails)
+
+-- | An ARN that uniquely identifies a recovery point.
+awsBackupRecoveryPointDetails_recoveryPointArn :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointDetails_recoveryPointArn = Lens.lens (\AwsBackupRecoveryPointDetails' {recoveryPointArn} -> recoveryPointArn) (\s@AwsBackupRecoveryPointDetails' {} a -> s {recoveryPointArn = a} :: AwsBackupRecoveryPointDetails)
+
+-- | An ARN that uniquely identifies a resource. The format of the ARN
+-- depends on the resource type.
+awsBackupRecoveryPointDetails_resourceArn :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointDetails_resourceArn = Lens.lens (\AwsBackupRecoveryPointDetails' {resourceArn} -> resourceArn) (\s@AwsBackupRecoveryPointDetails' {} a -> s {resourceArn = a} :: AwsBackupRecoveryPointDetails)
+
+-- | The type of Amazon Web Services resource saved as a recovery point, such
+-- as an Amazon EBS volume or an Amazon RDS database.
+awsBackupRecoveryPointDetails_resourceType :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointDetails_resourceType = Lens.lens (\AwsBackupRecoveryPointDetails' {resourceType} -> resourceType) (\s@AwsBackupRecoveryPointDetails' {} a -> s {resourceType = a} :: AwsBackupRecoveryPointDetails)
+
+-- | The ARN for the backup vault where the recovery point was originally
+-- copied from. If the recovery point is restored to the same account, this
+-- value will be null.
+awsBackupRecoveryPointDetails_sourceBackupVaultArn :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointDetails_sourceBackupVaultArn = Lens.lens (\AwsBackupRecoveryPointDetails' {sourceBackupVaultArn} -> sourceBackupVaultArn) (\s@AwsBackupRecoveryPointDetails' {} a -> s {sourceBackupVaultArn = a} :: AwsBackupRecoveryPointDetails)
+
+-- | A status code specifying the state of the recovery point. Valid values
+-- are as follows:
+--
+-- -   @COMPLETED@
+--
+-- -   @DELETING@
+--
+-- -   @EXPIRED@
+--
+-- -   @PARTIAL@
+awsBackupRecoveryPointDetails_status :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointDetails_status = Lens.lens (\AwsBackupRecoveryPointDetails' {status} -> status) (\s@AwsBackupRecoveryPointDetails' {} a -> s {status = a} :: AwsBackupRecoveryPointDetails)
+
+-- | A message explaining the reason of the recovery point deletion failure.
+awsBackupRecoveryPointDetails_statusMessage :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointDetails_statusMessage = Lens.lens (\AwsBackupRecoveryPointDetails' {statusMessage} -> statusMessage) (\s@AwsBackupRecoveryPointDetails' {} a -> s {statusMessage = a} :: AwsBackupRecoveryPointDetails)
+
+-- | Specifies the storage class of the recovery point. Valid values are as
+-- follows:
+--
+-- -   @COLD@
+--
+-- -   @DELETED@
+--
+-- -   @WARM@
+awsBackupRecoveryPointDetails_storageClass :: Lens.Lens' AwsBackupRecoveryPointDetails (Prelude.Maybe Prelude.Text)
+awsBackupRecoveryPointDetails_storageClass = Lens.lens (\AwsBackupRecoveryPointDetails' {storageClass} -> storageClass) (\s@AwsBackupRecoveryPointDetails' {} a -> s {storageClass = a} :: AwsBackupRecoveryPointDetails)
+
+instance Data.FromJSON AwsBackupRecoveryPointDetails where
+  parseJSON =
+    Data.withObject
+      "AwsBackupRecoveryPointDetails"
+      ( \x ->
+          AwsBackupRecoveryPointDetails'
+            Prelude.<$> (x Data..:? "BackupSizeInBytes")
+            Prelude.<*> (x Data..:? "BackupVaultArn")
+            Prelude.<*> (x Data..:? "BackupVaultName")
+            Prelude.<*> (x Data..:? "CalculatedLifecycle")
+            Prelude.<*> (x Data..:? "CompletionDate")
+            Prelude.<*> (x Data..:? "CreatedBy")
+            Prelude.<*> (x Data..:? "CreationDate")
+            Prelude.<*> (x Data..:? "EncryptionKeyArn")
+            Prelude.<*> (x Data..:? "IamRoleArn")
+            Prelude.<*> (x Data..:? "IsEncrypted")
+            Prelude.<*> (x Data..:? "LastRestoreTime")
+            Prelude.<*> (x Data..:? "Lifecycle")
+            Prelude.<*> (x Data..:? "RecoveryPointArn")
+            Prelude.<*> (x Data..:? "ResourceArn")
+            Prelude.<*> (x Data..:? "ResourceType")
+            Prelude.<*> (x Data..:? "SourceBackupVaultArn")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "StatusMessage")
+            Prelude.<*> (x Data..:? "StorageClass")
+      )
+
+instance
+  Prelude.Hashable
+    AwsBackupRecoveryPointDetails
+  where
+  hashWithSalt _salt AwsBackupRecoveryPointDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` backupSizeInBytes
+      `Prelude.hashWithSalt` backupVaultArn
+      `Prelude.hashWithSalt` backupVaultName
+      `Prelude.hashWithSalt` calculatedLifecycle
+      `Prelude.hashWithSalt` completionDate
+      `Prelude.hashWithSalt` createdBy
+      `Prelude.hashWithSalt` creationDate
+      `Prelude.hashWithSalt` encryptionKeyArn
+      `Prelude.hashWithSalt` iamRoleArn
+      `Prelude.hashWithSalt` isEncrypted
+      `Prelude.hashWithSalt` lastRestoreTime
+      `Prelude.hashWithSalt` lifecycle
+      `Prelude.hashWithSalt` recoveryPointArn
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` resourceType
+      `Prelude.hashWithSalt` sourceBackupVaultArn
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` statusMessage
+      `Prelude.hashWithSalt` storageClass
+
+instance Prelude.NFData AwsBackupRecoveryPointDetails where
+  rnf AwsBackupRecoveryPointDetails' {..} =
+    Prelude.rnf backupSizeInBytes
+      `Prelude.seq` Prelude.rnf backupVaultArn
+      `Prelude.seq` Prelude.rnf backupVaultName
+      `Prelude.seq` Prelude.rnf calculatedLifecycle
+      `Prelude.seq` Prelude.rnf completionDate
+      `Prelude.seq` Prelude.rnf createdBy
+      `Prelude.seq` Prelude.rnf creationDate
+      `Prelude.seq` Prelude.rnf encryptionKeyArn
+      `Prelude.seq` Prelude.rnf iamRoleArn
+      `Prelude.seq` Prelude.rnf isEncrypted
+      `Prelude.seq` Prelude.rnf lastRestoreTime
+      `Prelude.seq` Prelude.rnf lifecycle
+      `Prelude.seq` Prelude.rnf recoveryPointArn
+      `Prelude.seq` Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf resourceType
+      `Prelude.seq` Prelude.rnf sourceBackupVaultArn
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf statusMessage
+      `Prelude.seq` Prelude.rnf storageClass
+
+instance Data.ToJSON AwsBackupRecoveryPointDetails where
+  toJSON AwsBackupRecoveryPointDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("BackupSizeInBytes" Data..=)
+              Prelude.<$> backupSizeInBytes,
+            ("BackupVaultArn" Data..=)
+              Prelude.<$> backupVaultArn,
+            ("BackupVaultName" Data..=)
+              Prelude.<$> backupVaultName,
+            ("CalculatedLifecycle" Data..=)
+              Prelude.<$> calculatedLifecycle,
+            ("CompletionDate" Data..=)
+              Prelude.<$> completionDate,
+            ("CreatedBy" Data..=) Prelude.<$> createdBy,
+            ("CreationDate" Data..=) Prelude.<$> creationDate,
+            ("EncryptionKeyArn" Data..=)
+              Prelude.<$> encryptionKeyArn,
+            ("IamRoleArn" Data..=) Prelude.<$> iamRoleArn,
+            ("IsEncrypted" Data..=) Prelude.<$> isEncrypted,
+            ("LastRestoreTime" Data..=)
+              Prelude.<$> lastRestoreTime,
+            ("Lifecycle" Data..=) Prelude.<$> lifecycle,
+            ("RecoveryPointArn" Data..=)
+              Prelude.<$> recoveryPointArn,
+            ("ResourceArn" Data..=) Prelude.<$> resourceArn,
+            ("ResourceType" Data..=) Prelude.<$> resourceType,
+            ("SourceBackupVaultArn" Data..=)
+              Prelude.<$> sourceBackupVaultArn,
+            ("Status" Data..=) Prelude.<$> status,
+            ("StatusMessage" Data..=) Prelude.<$> statusMessage,
+            ("StorageClass" Data..=) Prelude.<$> storageClass
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsBackupRecoveryPointLifecycleDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsBackupRecoveryPointLifecycleDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsBackupRecoveryPointLifecycleDetails.hs
@@ -0,0 +1,118 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsBackupRecoveryPointLifecycleDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsBackupRecoveryPointLifecycleDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains an array of Transition objects specifying how long in days
+-- before a recovery point transitions to cold storage or is deleted.
+--
+-- /See:/ 'newAwsBackupRecoveryPointLifecycleDetails' smart constructor.
+data AwsBackupRecoveryPointLifecycleDetails = AwsBackupRecoveryPointLifecycleDetails'
+  { -- | Specifies the number of days after creation that a recovery point is
+    -- deleted. Must be greater than 90 days plus @MoveToColdStorageAfterDays@.
+    deleteAfterDays :: Prelude.Maybe Prelude.Integer,
+    -- | Specifies the number of days after creation that a recovery point is
+    -- moved to cold storage.
+    moveToColdStorageAfterDays :: Prelude.Maybe Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsBackupRecoveryPointLifecycleDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deleteAfterDays', 'awsBackupRecoveryPointLifecycleDetails_deleteAfterDays' - Specifies the number of days after creation that a recovery point is
+-- deleted. Must be greater than 90 days plus @MoveToColdStorageAfterDays@.
+--
+-- 'moveToColdStorageAfterDays', 'awsBackupRecoveryPointLifecycleDetails_moveToColdStorageAfterDays' - Specifies the number of days after creation that a recovery point is
+-- moved to cold storage.
+newAwsBackupRecoveryPointLifecycleDetails ::
+  AwsBackupRecoveryPointLifecycleDetails
+newAwsBackupRecoveryPointLifecycleDetails =
+  AwsBackupRecoveryPointLifecycleDetails'
+    { deleteAfterDays =
+        Prelude.Nothing,
+      moveToColdStorageAfterDays =
+        Prelude.Nothing
+    }
+
+-- | Specifies the number of days after creation that a recovery point is
+-- deleted. Must be greater than 90 days plus @MoveToColdStorageAfterDays@.
+awsBackupRecoveryPointLifecycleDetails_deleteAfterDays :: Lens.Lens' AwsBackupRecoveryPointLifecycleDetails (Prelude.Maybe Prelude.Integer)
+awsBackupRecoveryPointLifecycleDetails_deleteAfterDays = Lens.lens (\AwsBackupRecoveryPointLifecycleDetails' {deleteAfterDays} -> deleteAfterDays) (\s@AwsBackupRecoveryPointLifecycleDetails' {} a -> s {deleteAfterDays = a} :: AwsBackupRecoveryPointLifecycleDetails)
+
+-- | Specifies the number of days after creation that a recovery point is
+-- moved to cold storage.
+awsBackupRecoveryPointLifecycleDetails_moveToColdStorageAfterDays :: Lens.Lens' AwsBackupRecoveryPointLifecycleDetails (Prelude.Maybe Prelude.Integer)
+awsBackupRecoveryPointLifecycleDetails_moveToColdStorageAfterDays = Lens.lens (\AwsBackupRecoveryPointLifecycleDetails' {moveToColdStorageAfterDays} -> moveToColdStorageAfterDays) (\s@AwsBackupRecoveryPointLifecycleDetails' {} a -> s {moveToColdStorageAfterDays = a} :: AwsBackupRecoveryPointLifecycleDetails)
+
+instance
+  Data.FromJSON
+    AwsBackupRecoveryPointLifecycleDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsBackupRecoveryPointLifecycleDetails"
+      ( \x ->
+          AwsBackupRecoveryPointLifecycleDetails'
+            Prelude.<$> (x Data..:? "DeleteAfterDays")
+            Prelude.<*> (x Data..:? "MoveToColdStorageAfterDays")
+      )
+
+instance
+  Prelude.Hashable
+    AwsBackupRecoveryPointLifecycleDetails
+  where
+  hashWithSalt
+    _salt
+    AwsBackupRecoveryPointLifecycleDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` deleteAfterDays
+        `Prelude.hashWithSalt` moveToColdStorageAfterDays
+
+instance
+  Prelude.NFData
+    AwsBackupRecoveryPointLifecycleDetails
+  where
+  rnf AwsBackupRecoveryPointLifecycleDetails' {..} =
+    Prelude.rnf deleteAfterDays
+      `Prelude.seq` Prelude.rnf moveToColdStorageAfterDays
+
+instance
+  Data.ToJSON
+    AwsBackupRecoveryPointLifecycleDetails
+  where
+  toJSON AwsBackupRecoveryPointLifecycleDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DeleteAfterDays" Data..=)
+              Prelude.<$> deleteAfterDays,
+            ("MoveToColdStorageAfterDays" Data..=)
+              Prelude.<$> moveToColdStorageAfterDays
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateDetails.hs
@@ -0,0 +1,606 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateDomainValidationOption
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateExtendedKeyUsage
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateKeyUsage
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateOptions
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateRenewalSummary
+
+-- | Provides details about an Certificate Manager certificate.
+--
+-- /See:/ 'newAwsCertificateManagerCertificateDetails' smart constructor.
+data AwsCertificateManagerCertificateDetails = AwsCertificateManagerCertificateDetails'
+  { -- | The ARN of the private certificate authority (CA) that will be used to
+    -- issue the certificate.
+    certificateAuthorityArn :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the certificate was requested.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createdAt :: Prelude.Maybe Prelude.Text,
+    -- | The fully qualified domain name (FQDN), such as www.example.com, that is
+    -- secured by the certificate.
+    domainName :: Prelude.Maybe Prelude.Text,
+    -- | Contains information about the initial validation of each domain name
+    -- that occurs as a result of the @RequestCertificate@ request.
+    --
+    -- Only provided if the certificate type is @AMAZON_ISSUED@.
+    domainValidationOptions :: Prelude.Maybe [AwsCertificateManagerCertificateDomainValidationOption],
+    -- | Contains a list of Extended Key Usage X.509 v3 extension objects. Each
+    -- object specifies a purpose for which the certificate public key can be
+    -- used and consists of a name and an object identifier (OID).
+    extendedKeyUsages :: Prelude.Maybe [AwsCertificateManagerCertificateExtendedKeyUsage],
+    -- | For a failed certificate request, the reason for the failure.
+    --
+    -- Valid values: @NO_AVAILABLE_CONTACTS@ |
+    -- @ADDITIONAL_VERIFICATION_REQUIRED@ | @DOMAIN_NOT_ALLOWED@ |
+    -- @INVALID_PUBLIC_DOMAIN@ | @DOMAIN_VALIDATION_DENIED@ | @CAA_ERROR@ |
+    -- @PCA_LIMIT_EXCEEDED@ | @PCA_INVALID_ARN@ | @PCA_INVALID_STATE@ |
+    -- @PCA_REQUEST_FAILED@ | @PCA_NAME_CONSTRAINTS_VALIDATION@ |
+    -- @PCA_RESOURCE_NOT_FOUND@ | @PCA_INVALID_ARGS@ | @PCA_INVALID_DURATION@ |
+    -- @PCA_ACCESS_DENIED@ | @SLR_NOT_FOUND@ | @OTHER@
+    failureReason :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the certificate was imported. Provided if the certificate
+    -- type is @IMPORTED@.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    importedAt :: Prelude.Maybe Prelude.Text,
+    -- | The list of ARNs for the Amazon Web Services resources that use the
+    -- certificate.
+    inUseBy :: Prelude.Maybe [Prelude.Text],
+    -- | Indicates when the certificate was issued. Provided if the certificate
+    -- type is @AMAZON_ISSUED@.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    issuedAt :: Prelude.Maybe Prelude.Text,
+    -- | The name of the certificate authority that issued and signed the
+    -- certificate.
+    issuer :: Prelude.Maybe Prelude.Text,
+    -- | The algorithm that was used to generate the public-private key pair.
+    --
+    -- Valid values: @RSA_2048@ | @RSA_1024@ |@ RSA_4096@ | @EC_prime256v1@ |
+    -- @EC_secp384r1@ | @EC_secp521r1@
+    keyAlgorithm :: Prelude.Maybe Prelude.Text,
+    -- | A list of key usage X.509 v3 extension objects.
+    keyUsages :: Prelude.Maybe [AwsCertificateManagerCertificateKeyUsage],
+    -- | The time after which the certificate becomes invalid.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    notAfter :: Prelude.Maybe Prelude.Text,
+    -- | The time before which the certificate is not valid.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    notBefore :: Prelude.Maybe Prelude.Text,
+    -- | Provides a value that specifies whether to add the certificate to a
+    -- transparency log.
+    options :: Prelude.Maybe AwsCertificateManagerCertificateOptions,
+    -- | Whether the certificate is eligible for renewal.
+    --
+    -- Valid values: @ELIGIBLE@ | @INELIGIBLE@
+    renewalEligibility :: Prelude.Maybe Prelude.Text,
+    -- | Information about the status of the Certificate Manager managed renewal
+    -- for the certificate. Provided only when the certificate type is
+    -- @AMAZON_ISSUED@.
+    renewalSummary :: Prelude.Maybe AwsCertificateManagerCertificateRenewalSummary,
+    -- | The serial number of the certificate.
+    serial :: Prelude.Maybe Prelude.Text,
+    -- | The algorithm that was used to sign the certificate.
+    signatureAlgorithm :: Prelude.Maybe Prelude.Text,
+    -- | The status of the certificate.
+    --
+    -- Valid values: @PENDING_VALIDATION@ | @ISSUED@ | @INACTIVE@ | @EXPIRED@ |
+    -- @VALIDATION_TIMED_OUT@ | @REVOKED@ | @FAILED@
+    status :: Prelude.Maybe Prelude.Text,
+    -- | The name of the entity that is associated with the public key contained
+    -- in the certificate.
+    subject :: Prelude.Maybe Prelude.Text,
+    -- | One or more domain names (subject alternative names) included in the
+    -- certificate. This list contains the domain names that are bound to the
+    -- public key that is contained in the certificate.
+    --
+    -- The subject alternative names include the canonical domain name (CN) of
+    -- the certificate and additional domain names that can be used to connect
+    -- to the website.
+    subjectAlternativeNames :: Prelude.Maybe [Prelude.Text],
+    -- | The source of the certificate. For certificates that Certificate Manager
+    -- provides, @Type@ is @AMAZON_ISSUED@. For certificates that are imported
+    -- with @ImportCertificate@, @Type@ is @IMPORTED@.
+    --
+    -- Valid values: @IMPORTED@ | @AMAZON_ISSUED@ | @PRIVATE@
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCertificateManagerCertificateDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'certificateAuthorityArn', 'awsCertificateManagerCertificateDetails_certificateAuthorityArn' - The ARN of the private certificate authority (CA) that will be used to
+-- issue the certificate.
+--
+-- 'createdAt', 'awsCertificateManagerCertificateDetails_createdAt' - Indicates when the certificate was requested.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'domainName', 'awsCertificateManagerCertificateDetails_domainName' - The fully qualified domain name (FQDN), such as www.example.com, that is
+-- secured by the certificate.
+--
+-- 'domainValidationOptions', 'awsCertificateManagerCertificateDetails_domainValidationOptions' - Contains information about the initial validation of each domain name
+-- that occurs as a result of the @RequestCertificate@ request.
+--
+-- Only provided if the certificate type is @AMAZON_ISSUED@.
+--
+-- 'extendedKeyUsages', 'awsCertificateManagerCertificateDetails_extendedKeyUsages' - Contains a list of Extended Key Usage X.509 v3 extension objects. Each
+-- object specifies a purpose for which the certificate public key can be
+-- used and consists of a name and an object identifier (OID).
+--
+-- 'failureReason', 'awsCertificateManagerCertificateDetails_failureReason' - For a failed certificate request, the reason for the failure.
+--
+-- Valid values: @NO_AVAILABLE_CONTACTS@ |
+-- @ADDITIONAL_VERIFICATION_REQUIRED@ | @DOMAIN_NOT_ALLOWED@ |
+-- @INVALID_PUBLIC_DOMAIN@ | @DOMAIN_VALIDATION_DENIED@ | @CAA_ERROR@ |
+-- @PCA_LIMIT_EXCEEDED@ | @PCA_INVALID_ARN@ | @PCA_INVALID_STATE@ |
+-- @PCA_REQUEST_FAILED@ | @PCA_NAME_CONSTRAINTS_VALIDATION@ |
+-- @PCA_RESOURCE_NOT_FOUND@ | @PCA_INVALID_ARGS@ | @PCA_INVALID_DURATION@ |
+-- @PCA_ACCESS_DENIED@ | @SLR_NOT_FOUND@ | @OTHER@
+--
+-- 'importedAt', 'awsCertificateManagerCertificateDetails_importedAt' - Indicates when the certificate was imported. Provided if the certificate
+-- type is @IMPORTED@.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'inUseBy', 'awsCertificateManagerCertificateDetails_inUseBy' - The list of ARNs for the Amazon Web Services resources that use the
+-- certificate.
+--
+-- 'issuedAt', 'awsCertificateManagerCertificateDetails_issuedAt' - Indicates when the certificate was issued. Provided if the certificate
+-- type is @AMAZON_ISSUED@.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'issuer', 'awsCertificateManagerCertificateDetails_issuer' - The name of the certificate authority that issued and signed the
+-- certificate.
+--
+-- 'keyAlgorithm', 'awsCertificateManagerCertificateDetails_keyAlgorithm' - The algorithm that was used to generate the public-private key pair.
+--
+-- Valid values: @RSA_2048@ | @RSA_1024@ |@ RSA_4096@ | @EC_prime256v1@ |
+-- @EC_secp384r1@ | @EC_secp521r1@
+--
+-- 'keyUsages', 'awsCertificateManagerCertificateDetails_keyUsages' - A list of key usage X.509 v3 extension objects.
+--
+-- 'notAfter', 'awsCertificateManagerCertificateDetails_notAfter' - The time after which the certificate becomes invalid.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'notBefore', 'awsCertificateManagerCertificateDetails_notBefore' - The time before which the certificate is not valid.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'options', 'awsCertificateManagerCertificateDetails_options' - Provides a value that specifies whether to add the certificate to a
+-- transparency log.
+--
+-- 'renewalEligibility', 'awsCertificateManagerCertificateDetails_renewalEligibility' - Whether the certificate is eligible for renewal.
+--
+-- Valid values: @ELIGIBLE@ | @INELIGIBLE@
+--
+-- 'renewalSummary', 'awsCertificateManagerCertificateDetails_renewalSummary' - Information about the status of the Certificate Manager managed renewal
+-- for the certificate. Provided only when the certificate type is
+-- @AMAZON_ISSUED@.
+--
+-- 'serial', 'awsCertificateManagerCertificateDetails_serial' - The serial number of the certificate.
+--
+-- 'signatureAlgorithm', 'awsCertificateManagerCertificateDetails_signatureAlgorithm' - The algorithm that was used to sign the certificate.
+--
+-- 'status', 'awsCertificateManagerCertificateDetails_status' - The status of the certificate.
+--
+-- Valid values: @PENDING_VALIDATION@ | @ISSUED@ | @INACTIVE@ | @EXPIRED@ |
+-- @VALIDATION_TIMED_OUT@ | @REVOKED@ | @FAILED@
+--
+-- 'subject', 'awsCertificateManagerCertificateDetails_subject' - The name of the entity that is associated with the public key contained
+-- in the certificate.
+--
+-- 'subjectAlternativeNames', 'awsCertificateManagerCertificateDetails_subjectAlternativeNames' - One or more domain names (subject alternative names) included in the
+-- certificate. This list contains the domain names that are bound to the
+-- public key that is contained in the certificate.
+--
+-- The subject alternative names include the canonical domain name (CN) of
+-- the certificate and additional domain names that can be used to connect
+-- to the website.
+--
+-- 'type'', 'awsCertificateManagerCertificateDetails_type' - The source of the certificate. For certificates that Certificate Manager
+-- provides, @Type@ is @AMAZON_ISSUED@. For certificates that are imported
+-- with @ImportCertificate@, @Type@ is @IMPORTED@.
+--
+-- Valid values: @IMPORTED@ | @AMAZON_ISSUED@ | @PRIVATE@
+newAwsCertificateManagerCertificateDetails ::
+  AwsCertificateManagerCertificateDetails
+newAwsCertificateManagerCertificateDetails =
+  AwsCertificateManagerCertificateDetails'
+    { certificateAuthorityArn =
+        Prelude.Nothing,
+      createdAt = Prelude.Nothing,
+      domainName = Prelude.Nothing,
+      domainValidationOptions =
+        Prelude.Nothing,
+      extendedKeyUsages =
+        Prelude.Nothing,
+      failureReason = Prelude.Nothing,
+      importedAt = Prelude.Nothing,
+      inUseBy = Prelude.Nothing,
+      issuedAt = Prelude.Nothing,
+      issuer = Prelude.Nothing,
+      keyAlgorithm = Prelude.Nothing,
+      keyUsages = Prelude.Nothing,
+      notAfter = Prelude.Nothing,
+      notBefore = Prelude.Nothing,
+      options = Prelude.Nothing,
+      renewalEligibility =
+        Prelude.Nothing,
+      renewalSummary = Prelude.Nothing,
+      serial = Prelude.Nothing,
+      signatureAlgorithm =
+        Prelude.Nothing,
+      status = Prelude.Nothing,
+      subject = Prelude.Nothing,
+      subjectAlternativeNames =
+        Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The ARN of the private certificate authority (CA) that will be used to
+-- issue the certificate.
+awsCertificateManagerCertificateDetails_certificateAuthorityArn :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_certificateAuthorityArn = Lens.lens (\AwsCertificateManagerCertificateDetails' {certificateAuthorityArn} -> certificateAuthorityArn) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {certificateAuthorityArn = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | Indicates when the certificate was requested.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsCertificateManagerCertificateDetails_createdAt :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_createdAt = Lens.lens (\AwsCertificateManagerCertificateDetails' {createdAt} -> createdAt) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {createdAt = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | The fully qualified domain name (FQDN), such as www.example.com, that is
+-- secured by the certificate.
+awsCertificateManagerCertificateDetails_domainName :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_domainName = Lens.lens (\AwsCertificateManagerCertificateDetails' {domainName} -> domainName) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {domainName = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | Contains information about the initial validation of each domain name
+-- that occurs as a result of the @RequestCertificate@ request.
+--
+-- Only provided if the certificate type is @AMAZON_ISSUED@.
+awsCertificateManagerCertificateDetails_domainValidationOptions :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe [AwsCertificateManagerCertificateDomainValidationOption])
+awsCertificateManagerCertificateDetails_domainValidationOptions = Lens.lens (\AwsCertificateManagerCertificateDetails' {domainValidationOptions} -> domainValidationOptions) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {domainValidationOptions = a} :: AwsCertificateManagerCertificateDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Contains a list of Extended Key Usage X.509 v3 extension objects. Each
+-- object specifies a purpose for which the certificate public key can be
+-- used and consists of a name and an object identifier (OID).
+awsCertificateManagerCertificateDetails_extendedKeyUsages :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe [AwsCertificateManagerCertificateExtendedKeyUsage])
+awsCertificateManagerCertificateDetails_extendedKeyUsages = Lens.lens (\AwsCertificateManagerCertificateDetails' {extendedKeyUsages} -> extendedKeyUsages) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {extendedKeyUsages = a} :: AwsCertificateManagerCertificateDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | For a failed certificate request, the reason for the failure.
+--
+-- Valid values: @NO_AVAILABLE_CONTACTS@ |
+-- @ADDITIONAL_VERIFICATION_REQUIRED@ | @DOMAIN_NOT_ALLOWED@ |
+-- @INVALID_PUBLIC_DOMAIN@ | @DOMAIN_VALIDATION_DENIED@ | @CAA_ERROR@ |
+-- @PCA_LIMIT_EXCEEDED@ | @PCA_INVALID_ARN@ | @PCA_INVALID_STATE@ |
+-- @PCA_REQUEST_FAILED@ | @PCA_NAME_CONSTRAINTS_VALIDATION@ |
+-- @PCA_RESOURCE_NOT_FOUND@ | @PCA_INVALID_ARGS@ | @PCA_INVALID_DURATION@ |
+-- @PCA_ACCESS_DENIED@ | @SLR_NOT_FOUND@ | @OTHER@
+awsCertificateManagerCertificateDetails_failureReason :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_failureReason = Lens.lens (\AwsCertificateManagerCertificateDetails' {failureReason} -> failureReason) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {failureReason = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | Indicates when the certificate was imported. Provided if the certificate
+-- type is @IMPORTED@.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsCertificateManagerCertificateDetails_importedAt :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_importedAt = Lens.lens (\AwsCertificateManagerCertificateDetails' {importedAt} -> importedAt) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {importedAt = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | The list of ARNs for the Amazon Web Services resources that use the
+-- certificate.
+awsCertificateManagerCertificateDetails_inUseBy :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe [Prelude.Text])
+awsCertificateManagerCertificateDetails_inUseBy = Lens.lens (\AwsCertificateManagerCertificateDetails' {inUseBy} -> inUseBy) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {inUseBy = a} :: AwsCertificateManagerCertificateDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates when the certificate was issued. Provided if the certificate
+-- type is @AMAZON_ISSUED@.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsCertificateManagerCertificateDetails_issuedAt :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_issuedAt = Lens.lens (\AwsCertificateManagerCertificateDetails' {issuedAt} -> issuedAt) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {issuedAt = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | The name of the certificate authority that issued and signed the
+-- certificate.
+awsCertificateManagerCertificateDetails_issuer :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_issuer = Lens.lens (\AwsCertificateManagerCertificateDetails' {issuer} -> issuer) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {issuer = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | The algorithm that was used to generate the public-private key pair.
+--
+-- Valid values: @RSA_2048@ | @RSA_1024@ |@ RSA_4096@ | @EC_prime256v1@ |
+-- @EC_secp384r1@ | @EC_secp521r1@
+awsCertificateManagerCertificateDetails_keyAlgorithm :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_keyAlgorithm = Lens.lens (\AwsCertificateManagerCertificateDetails' {keyAlgorithm} -> keyAlgorithm) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {keyAlgorithm = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | A list of key usage X.509 v3 extension objects.
+awsCertificateManagerCertificateDetails_keyUsages :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe [AwsCertificateManagerCertificateKeyUsage])
+awsCertificateManagerCertificateDetails_keyUsages = Lens.lens (\AwsCertificateManagerCertificateDetails' {keyUsages} -> keyUsages) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {keyUsages = a} :: AwsCertificateManagerCertificateDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The time after which the certificate becomes invalid.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsCertificateManagerCertificateDetails_notAfter :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_notAfter = Lens.lens (\AwsCertificateManagerCertificateDetails' {notAfter} -> notAfter) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {notAfter = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | The time before which the certificate is not valid.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsCertificateManagerCertificateDetails_notBefore :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_notBefore = Lens.lens (\AwsCertificateManagerCertificateDetails' {notBefore} -> notBefore) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {notBefore = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | Provides a value that specifies whether to add the certificate to a
+-- transparency log.
+awsCertificateManagerCertificateDetails_options :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe AwsCertificateManagerCertificateOptions)
+awsCertificateManagerCertificateDetails_options = Lens.lens (\AwsCertificateManagerCertificateDetails' {options} -> options) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {options = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | Whether the certificate is eligible for renewal.
+--
+-- Valid values: @ELIGIBLE@ | @INELIGIBLE@
+awsCertificateManagerCertificateDetails_renewalEligibility :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_renewalEligibility = Lens.lens (\AwsCertificateManagerCertificateDetails' {renewalEligibility} -> renewalEligibility) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {renewalEligibility = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | Information about the status of the Certificate Manager managed renewal
+-- for the certificate. Provided only when the certificate type is
+-- @AMAZON_ISSUED@.
+awsCertificateManagerCertificateDetails_renewalSummary :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe AwsCertificateManagerCertificateRenewalSummary)
+awsCertificateManagerCertificateDetails_renewalSummary = Lens.lens (\AwsCertificateManagerCertificateDetails' {renewalSummary} -> renewalSummary) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {renewalSummary = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | The serial number of the certificate.
+awsCertificateManagerCertificateDetails_serial :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_serial = Lens.lens (\AwsCertificateManagerCertificateDetails' {serial} -> serial) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {serial = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | The algorithm that was used to sign the certificate.
+awsCertificateManagerCertificateDetails_signatureAlgorithm :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_signatureAlgorithm = Lens.lens (\AwsCertificateManagerCertificateDetails' {signatureAlgorithm} -> signatureAlgorithm) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {signatureAlgorithm = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | The status of the certificate.
+--
+-- Valid values: @PENDING_VALIDATION@ | @ISSUED@ | @INACTIVE@ | @EXPIRED@ |
+-- @VALIDATION_TIMED_OUT@ | @REVOKED@ | @FAILED@
+awsCertificateManagerCertificateDetails_status :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_status = Lens.lens (\AwsCertificateManagerCertificateDetails' {status} -> status) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {status = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | The name of the entity that is associated with the public key contained
+-- in the certificate.
+awsCertificateManagerCertificateDetails_subject :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_subject = Lens.lens (\AwsCertificateManagerCertificateDetails' {subject} -> subject) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {subject = a} :: AwsCertificateManagerCertificateDetails)
+
+-- | One or more domain names (subject alternative names) included in the
+-- certificate. This list contains the domain names that are bound to the
+-- public key that is contained in the certificate.
+--
+-- The subject alternative names include the canonical domain name (CN) of
+-- the certificate and additional domain names that can be used to connect
+-- to the website.
+awsCertificateManagerCertificateDetails_subjectAlternativeNames :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe [Prelude.Text])
+awsCertificateManagerCertificateDetails_subjectAlternativeNames = Lens.lens (\AwsCertificateManagerCertificateDetails' {subjectAlternativeNames} -> subjectAlternativeNames) (\s@AwsCertificateManagerCertificateDetails' {} a -> s {subjectAlternativeNames = a} :: AwsCertificateManagerCertificateDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The source of the certificate. For certificates that Certificate Manager
+-- provides, @Type@ is @AMAZON_ISSUED@. For certificates that are imported
+-- with @ImportCertificate@, @Type@ is @IMPORTED@.
+--
+-- Valid values: @IMPORTED@ | @AMAZON_ISSUED@ | @PRIVATE@
+awsCertificateManagerCertificateDetails_type :: Lens.Lens' AwsCertificateManagerCertificateDetails (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDetails_type = Lens.lens (\AwsCertificateManagerCertificateDetails' {type'} -> type') (\s@AwsCertificateManagerCertificateDetails' {} a -> s {type' = a} :: AwsCertificateManagerCertificateDetails)
+
+instance
+  Data.FromJSON
+    AwsCertificateManagerCertificateDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCertificateManagerCertificateDetails"
+      ( \x ->
+          AwsCertificateManagerCertificateDetails'
+            Prelude.<$> (x Data..:? "CertificateAuthorityArn")
+            Prelude.<*> (x Data..:? "CreatedAt")
+            Prelude.<*> (x Data..:? "DomainName")
+            Prelude.<*> ( x
+                            Data..:? "DomainValidationOptions"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ExtendedKeyUsages"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "FailureReason")
+            Prelude.<*> (x Data..:? "ImportedAt")
+            Prelude.<*> (x Data..:? "InUseBy" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "IssuedAt")
+            Prelude.<*> (x Data..:? "Issuer")
+            Prelude.<*> (x Data..:? "KeyAlgorithm")
+            Prelude.<*> (x Data..:? "KeyUsages" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "NotAfter")
+            Prelude.<*> (x Data..:? "NotBefore")
+            Prelude.<*> (x Data..:? "Options")
+            Prelude.<*> (x Data..:? "RenewalEligibility")
+            Prelude.<*> (x Data..:? "RenewalSummary")
+            Prelude.<*> (x Data..:? "Serial")
+            Prelude.<*> (x Data..:? "SignatureAlgorithm")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "Subject")
+            Prelude.<*> ( x
+                            Data..:? "SubjectAlternativeNames"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCertificateManagerCertificateDetails
+  where
+  hashWithSalt
+    _salt
+    AwsCertificateManagerCertificateDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` certificateAuthorityArn
+        `Prelude.hashWithSalt` createdAt
+        `Prelude.hashWithSalt` domainName
+        `Prelude.hashWithSalt` domainValidationOptions
+        `Prelude.hashWithSalt` extendedKeyUsages
+        `Prelude.hashWithSalt` failureReason
+        `Prelude.hashWithSalt` importedAt
+        `Prelude.hashWithSalt` inUseBy
+        `Prelude.hashWithSalt` issuedAt
+        `Prelude.hashWithSalt` issuer
+        `Prelude.hashWithSalt` keyAlgorithm
+        `Prelude.hashWithSalt` keyUsages
+        `Prelude.hashWithSalt` notAfter
+        `Prelude.hashWithSalt` notBefore
+        `Prelude.hashWithSalt` options
+        `Prelude.hashWithSalt` renewalEligibility
+        `Prelude.hashWithSalt` renewalSummary
+        `Prelude.hashWithSalt` serial
+        `Prelude.hashWithSalt` signatureAlgorithm
+        `Prelude.hashWithSalt` status
+        `Prelude.hashWithSalt` subject
+        `Prelude.hashWithSalt` subjectAlternativeNames
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsCertificateManagerCertificateDetails
+  where
+  rnf AwsCertificateManagerCertificateDetails' {..} =
+    Prelude.rnf certificateAuthorityArn
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf domainName
+      `Prelude.seq` Prelude.rnf domainValidationOptions
+      `Prelude.seq` Prelude.rnf extendedKeyUsages
+      `Prelude.seq` Prelude.rnf failureReason
+      `Prelude.seq` Prelude.rnf importedAt
+      `Prelude.seq` Prelude.rnf inUseBy
+      `Prelude.seq` Prelude.rnf issuedAt
+      `Prelude.seq` Prelude.rnf issuer
+      `Prelude.seq` Prelude.rnf keyAlgorithm
+      `Prelude.seq` Prelude.rnf keyUsages
+      `Prelude.seq` Prelude.rnf notAfter
+      `Prelude.seq` Prelude.rnf notBefore
+      `Prelude.seq` Prelude.rnf options
+      `Prelude.seq` Prelude.rnf renewalEligibility
+      `Prelude.seq` Prelude.rnf renewalSummary
+      `Prelude.seq` Prelude.rnf serial
+      `Prelude.seq` Prelude.rnf signatureAlgorithm
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf subject
+      `Prelude.seq` Prelude.rnf
+        subjectAlternativeNames
+      `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsCertificateManagerCertificateDetails
+  where
+  toJSON AwsCertificateManagerCertificateDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CertificateAuthorityArn" Data..=)
+              Prelude.<$> certificateAuthorityArn,
+            ("CreatedAt" Data..=) Prelude.<$> createdAt,
+            ("DomainName" Data..=) Prelude.<$> domainName,
+            ("DomainValidationOptions" Data..=)
+              Prelude.<$> domainValidationOptions,
+            ("ExtendedKeyUsages" Data..=)
+              Prelude.<$> extendedKeyUsages,
+            ("FailureReason" Data..=) Prelude.<$> failureReason,
+            ("ImportedAt" Data..=) Prelude.<$> importedAt,
+            ("InUseBy" Data..=) Prelude.<$> inUseBy,
+            ("IssuedAt" Data..=) Prelude.<$> issuedAt,
+            ("Issuer" Data..=) Prelude.<$> issuer,
+            ("KeyAlgorithm" Data..=) Prelude.<$> keyAlgorithm,
+            ("KeyUsages" Data..=) Prelude.<$> keyUsages,
+            ("NotAfter" Data..=) Prelude.<$> notAfter,
+            ("NotBefore" Data..=) Prelude.<$> notBefore,
+            ("Options" Data..=) Prelude.<$> options,
+            ("RenewalEligibility" Data..=)
+              Prelude.<$> renewalEligibility,
+            ("RenewalSummary" Data..=)
+              Prelude.<$> renewalSummary,
+            ("Serial" Data..=) Prelude.<$> serial,
+            ("SignatureAlgorithm" Data..=)
+              Prelude.<$> signatureAlgorithm,
+            ("Status" Data..=) Prelude.<$> status,
+            ("Subject" Data..=) Prelude.<$> subject,
+            ("SubjectAlternativeNames" Data..=)
+              Prelude.<$> subjectAlternativeNames,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateDomainValidationOption.hs b/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateDomainValidationOption.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateDomainValidationOption.hs
@@ -0,0 +1,191 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateDomainValidationOption
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateDomainValidationOption where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateResourceRecord
+
+-- | Contains information about one of the following:
+--
+-- -   The initial validation of each domain name that occurs as a result
+--     of the @RequestCertificate@ request
+--
+-- -   The validation of each domain name in the certificate, as it
+--     pertains to Certificate Manager managed renewal
+--
+-- /See:/ 'newAwsCertificateManagerCertificateDomainValidationOption' smart constructor.
+data AwsCertificateManagerCertificateDomainValidationOption = AwsCertificateManagerCertificateDomainValidationOption'
+  { -- | A fully qualified domain name (FQDN) in the certificate.
+    domainName :: Prelude.Maybe Prelude.Text,
+    -- | The CNAME record that is added to the DNS database for domain
+    -- validation.
+    resourceRecord :: Prelude.Maybe AwsCertificateManagerCertificateResourceRecord,
+    -- | The domain name that Certificate Manager uses to send domain validation
+    -- emails.
+    validationDomain :: Prelude.Maybe Prelude.Text,
+    -- | A list of email addresses that Certificate Manager uses to send domain
+    -- validation emails.
+    validationEmails :: Prelude.Maybe [Prelude.Text],
+    -- | The method used to validate the domain name.
+    validationMethod :: Prelude.Maybe Prelude.Text,
+    -- | The validation status of the domain name.
+    validationStatus :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCertificateManagerCertificateDomainValidationOption' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'domainName', 'awsCertificateManagerCertificateDomainValidationOption_domainName' - A fully qualified domain name (FQDN) in the certificate.
+--
+-- 'resourceRecord', 'awsCertificateManagerCertificateDomainValidationOption_resourceRecord' - The CNAME record that is added to the DNS database for domain
+-- validation.
+--
+-- 'validationDomain', 'awsCertificateManagerCertificateDomainValidationOption_validationDomain' - The domain name that Certificate Manager uses to send domain validation
+-- emails.
+--
+-- 'validationEmails', 'awsCertificateManagerCertificateDomainValidationOption_validationEmails' - A list of email addresses that Certificate Manager uses to send domain
+-- validation emails.
+--
+-- 'validationMethod', 'awsCertificateManagerCertificateDomainValidationOption_validationMethod' - The method used to validate the domain name.
+--
+-- 'validationStatus', 'awsCertificateManagerCertificateDomainValidationOption_validationStatus' - The validation status of the domain name.
+newAwsCertificateManagerCertificateDomainValidationOption ::
+  AwsCertificateManagerCertificateDomainValidationOption
+newAwsCertificateManagerCertificateDomainValidationOption =
+  AwsCertificateManagerCertificateDomainValidationOption'
+    { domainName =
+        Prelude.Nothing,
+      resourceRecord =
+        Prelude.Nothing,
+      validationDomain =
+        Prelude.Nothing,
+      validationEmails =
+        Prelude.Nothing,
+      validationMethod =
+        Prelude.Nothing,
+      validationStatus =
+        Prelude.Nothing
+    }
+
+-- | A fully qualified domain name (FQDN) in the certificate.
+awsCertificateManagerCertificateDomainValidationOption_domainName :: Lens.Lens' AwsCertificateManagerCertificateDomainValidationOption (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDomainValidationOption_domainName = Lens.lens (\AwsCertificateManagerCertificateDomainValidationOption' {domainName} -> domainName) (\s@AwsCertificateManagerCertificateDomainValidationOption' {} a -> s {domainName = a} :: AwsCertificateManagerCertificateDomainValidationOption)
+
+-- | The CNAME record that is added to the DNS database for domain
+-- validation.
+awsCertificateManagerCertificateDomainValidationOption_resourceRecord :: Lens.Lens' AwsCertificateManagerCertificateDomainValidationOption (Prelude.Maybe AwsCertificateManagerCertificateResourceRecord)
+awsCertificateManagerCertificateDomainValidationOption_resourceRecord = Lens.lens (\AwsCertificateManagerCertificateDomainValidationOption' {resourceRecord} -> resourceRecord) (\s@AwsCertificateManagerCertificateDomainValidationOption' {} a -> s {resourceRecord = a} :: AwsCertificateManagerCertificateDomainValidationOption)
+
+-- | The domain name that Certificate Manager uses to send domain validation
+-- emails.
+awsCertificateManagerCertificateDomainValidationOption_validationDomain :: Lens.Lens' AwsCertificateManagerCertificateDomainValidationOption (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDomainValidationOption_validationDomain = Lens.lens (\AwsCertificateManagerCertificateDomainValidationOption' {validationDomain} -> validationDomain) (\s@AwsCertificateManagerCertificateDomainValidationOption' {} a -> s {validationDomain = a} :: AwsCertificateManagerCertificateDomainValidationOption)
+
+-- | A list of email addresses that Certificate Manager uses to send domain
+-- validation emails.
+awsCertificateManagerCertificateDomainValidationOption_validationEmails :: Lens.Lens' AwsCertificateManagerCertificateDomainValidationOption (Prelude.Maybe [Prelude.Text])
+awsCertificateManagerCertificateDomainValidationOption_validationEmails = Lens.lens (\AwsCertificateManagerCertificateDomainValidationOption' {validationEmails} -> validationEmails) (\s@AwsCertificateManagerCertificateDomainValidationOption' {} a -> s {validationEmails = a} :: AwsCertificateManagerCertificateDomainValidationOption) Prelude.. Lens.mapping Lens.coerced
+
+-- | The method used to validate the domain name.
+awsCertificateManagerCertificateDomainValidationOption_validationMethod :: Lens.Lens' AwsCertificateManagerCertificateDomainValidationOption (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDomainValidationOption_validationMethod = Lens.lens (\AwsCertificateManagerCertificateDomainValidationOption' {validationMethod} -> validationMethod) (\s@AwsCertificateManagerCertificateDomainValidationOption' {} a -> s {validationMethod = a} :: AwsCertificateManagerCertificateDomainValidationOption)
+
+-- | The validation status of the domain name.
+awsCertificateManagerCertificateDomainValidationOption_validationStatus :: Lens.Lens' AwsCertificateManagerCertificateDomainValidationOption (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateDomainValidationOption_validationStatus = Lens.lens (\AwsCertificateManagerCertificateDomainValidationOption' {validationStatus} -> validationStatus) (\s@AwsCertificateManagerCertificateDomainValidationOption' {} a -> s {validationStatus = a} :: AwsCertificateManagerCertificateDomainValidationOption)
+
+instance
+  Data.FromJSON
+    AwsCertificateManagerCertificateDomainValidationOption
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCertificateManagerCertificateDomainValidationOption"
+      ( \x ->
+          AwsCertificateManagerCertificateDomainValidationOption'
+            Prelude.<$> (x Data..:? "DomainName")
+            Prelude.<*> (x Data..:? "ResourceRecord")
+            Prelude.<*> (x Data..:? "ValidationDomain")
+            Prelude.<*> ( x
+                            Data..:? "ValidationEmails"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ValidationMethod")
+            Prelude.<*> (x Data..:? "ValidationStatus")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCertificateManagerCertificateDomainValidationOption
+  where
+  hashWithSalt
+    _salt
+    AwsCertificateManagerCertificateDomainValidationOption' {..} =
+      _salt
+        `Prelude.hashWithSalt` domainName
+        `Prelude.hashWithSalt` resourceRecord
+        `Prelude.hashWithSalt` validationDomain
+        `Prelude.hashWithSalt` validationEmails
+        `Prelude.hashWithSalt` validationMethod
+        `Prelude.hashWithSalt` validationStatus
+
+instance
+  Prelude.NFData
+    AwsCertificateManagerCertificateDomainValidationOption
+  where
+  rnf
+    AwsCertificateManagerCertificateDomainValidationOption' {..} =
+      Prelude.rnf domainName
+        `Prelude.seq` Prelude.rnf resourceRecord
+        `Prelude.seq` Prelude.rnf validationDomain
+        `Prelude.seq` Prelude.rnf validationEmails
+        `Prelude.seq` Prelude.rnf validationMethod
+        `Prelude.seq` Prelude.rnf validationStatus
+
+instance
+  Data.ToJSON
+    AwsCertificateManagerCertificateDomainValidationOption
+  where
+  toJSON
+    AwsCertificateManagerCertificateDomainValidationOption' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DomainName" Data..=) Prelude.<$> domainName,
+              ("ResourceRecord" Data..=)
+                Prelude.<$> resourceRecord,
+              ("ValidationDomain" Data..=)
+                Prelude.<$> validationDomain,
+              ("ValidationEmails" Data..=)
+                Prelude.<$> validationEmails,
+              ("ValidationMethod" Data..=)
+                Prelude.<$> validationMethod,
+              ("ValidationStatus" Data..=)
+                Prelude.<$> validationStatus
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateExtendedKeyUsage.hs b/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateExtendedKeyUsage.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateExtendedKeyUsage.hs
@@ -0,0 +1,119 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateExtendedKeyUsage
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateExtendedKeyUsage where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about an extended key usage X.509 v3 extension
+-- object.
+--
+-- /See:/ 'newAwsCertificateManagerCertificateExtendedKeyUsage' smart constructor.
+data AwsCertificateManagerCertificateExtendedKeyUsage = AwsCertificateManagerCertificateExtendedKeyUsage'
+  { -- | The name of an extension value. Indicates the purpose for which the
+    -- certificate public key can be used.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | An object identifier (OID) for the extension value.
+    --
+    -- The format is numbers separated by periods.
+    oId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCertificateManagerCertificateExtendedKeyUsage' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'awsCertificateManagerCertificateExtendedKeyUsage_name' - The name of an extension value. Indicates the purpose for which the
+-- certificate public key can be used.
+--
+-- 'oId', 'awsCertificateManagerCertificateExtendedKeyUsage_oId' - An object identifier (OID) for the extension value.
+--
+-- The format is numbers separated by periods.
+newAwsCertificateManagerCertificateExtendedKeyUsage ::
+  AwsCertificateManagerCertificateExtendedKeyUsage
+newAwsCertificateManagerCertificateExtendedKeyUsage =
+  AwsCertificateManagerCertificateExtendedKeyUsage'
+    { name =
+        Prelude.Nothing,
+      oId = Prelude.Nothing
+    }
+
+-- | The name of an extension value. Indicates the purpose for which the
+-- certificate public key can be used.
+awsCertificateManagerCertificateExtendedKeyUsage_name :: Lens.Lens' AwsCertificateManagerCertificateExtendedKeyUsage (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateExtendedKeyUsage_name = Lens.lens (\AwsCertificateManagerCertificateExtendedKeyUsage' {name} -> name) (\s@AwsCertificateManagerCertificateExtendedKeyUsage' {} a -> s {name = a} :: AwsCertificateManagerCertificateExtendedKeyUsage)
+
+-- | An object identifier (OID) for the extension value.
+--
+-- The format is numbers separated by periods.
+awsCertificateManagerCertificateExtendedKeyUsage_oId :: Lens.Lens' AwsCertificateManagerCertificateExtendedKeyUsage (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateExtendedKeyUsage_oId = Lens.lens (\AwsCertificateManagerCertificateExtendedKeyUsage' {oId} -> oId) (\s@AwsCertificateManagerCertificateExtendedKeyUsage' {} a -> s {oId = a} :: AwsCertificateManagerCertificateExtendedKeyUsage)
+
+instance
+  Data.FromJSON
+    AwsCertificateManagerCertificateExtendedKeyUsage
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCertificateManagerCertificateExtendedKeyUsage"
+      ( \x ->
+          AwsCertificateManagerCertificateExtendedKeyUsage'
+            Prelude.<$> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "OId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCertificateManagerCertificateExtendedKeyUsage
+  where
+  hashWithSalt
+    _salt
+    AwsCertificateManagerCertificateExtendedKeyUsage' {..} =
+      _salt
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` oId
+
+instance
+  Prelude.NFData
+    AwsCertificateManagerCertificateExtendedKeyUsage
+  where
+  rnf
+    AwsCertificateManagerCertificateExtendedKeyUsage' {..} =
+      Prelude.rnf name `Prelude.seq` Prelude.rnf oId
+
+instance
+  Data.ToJSON
+    AwsCertificateManagerCertificateExtendedKeyUsage
+  where
+  toJSON
+    AwsCertificateManagerCertificateExtendedKeyUsage' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Name" Data..=) Prelude.<$> name,
+              ("OId" Data..=) Prelude.<$> oId
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateKeyUsage.hs b/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateKeyUsage.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateKeyUsage.hs
@@ -0,0 +1,93 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateKeyUsage
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateKeyUsage where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about a key usage X.509 v3 extension object.
+--
+-- /See:/ 'newAwsCertificateManagerCertificateKeyUsage' smart constructor.
+data AwsCertificateManagerCertificateKeyUsage = AwsCertificateManagerCertificateKeyUsage'
+  { -- | The key usage extension name.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCertificateManagerCertificateKeyUsage' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'awsCertificateManagerCertificateKeyUsage_name' - The key usage extension name.
+newAwsCertificateManagerCertificateKeyUsage ::
+  AwsCertificateManagerCertificateKeyUsage
+newAwsCertificateManagerCertificateKeyUsage =
+  AwsCertificateManagerCertificateKeyUsage'
+    { name =
+        Prelude.Nothing
+    }
+
+-- | The key usage extension name.
+awsCertificateManagerCertificateKeyUsage_name :: Lens.Lens' AwsCertificateManagerCertificateKeyUsage (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateKeyUsage_name = Lens.lens (\AwsCertificateManagerCertificateKeyUsage' {name} -> name) (\s@AwsCertificateManagerCertificateKeyUsage' {} a -> s {name = a} :: AwsCertificateManagerCertificateKeyUsage)
+
+instance
+  Data.FromJSON
+    AwsCertificateManagerCertificateKeyUsage
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCertificateManagerCertificateKeyUsage"
+      ( \x ->
+          AwsCertificateManagerCertificateKeyUsage'
+            Prelude.<$> (x Data..:? "Name")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCertificateManagerCertificateKeyUsage
+  where
+  hashWithSalt
+    _salt
+    AwsCertificateManagerCertificateKeyUsage' {..} =
+      _salt `Prelude.hashWithSalt` name
+
+instance
+  Prelude.NFData
+    AwsCertificateManagerCertificateKeyUsage
+  where
+  rnf AwsCertificateManagerCertificateKeyUsage' {..} =
+    Prelude.rnf name
+
+instance
+  Data.ToJSON
+    AwsCertificateManagerCertificateKeyUsage
+  where
+  toJSON AwsCertificateManagerCertificateKeyUsage' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Name" Data..=) Prelude.<$> name]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateOptions.hs b/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateOptions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateOptions.hs
@@ -0,0 +1,105 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateOptions
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateOptions where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains other options for the certificate.
+--
+-- /See:/ 'newAwsCertificateManagerCertificateOptions' smart constructor.
+data AwsCertificateManagerCertificateOptions = AwsCertificateManagerCertificateOptions'
+  { -- | Whether to add the certificate to a transparency log.
+    --
+    -- Valid values: @DISABLED@ | @ENABLED@
+    certificateTransparencyLoggingPreference :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCertificateManagerCertificateOptions' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'certificateTransparencyLoggingPreference', 'awsCertificateManagerCertificateOptions_certificateTransparencyLoggingPreference' - Whether to add the certificate to a transparency log.
+--
+-- Valid values: @DISABLED@ | @ENABLED@
+newAwsCertificateManagerCertificateOptions ::
+  AwsCertificateManagerCertificateOptions
+newAwsCertificateManagerCertificateOptions =
+  AwsCertificateManagerCertificateOptions'
+    { certificateTransparencyLoggingPreference =
+        Prelude.Nothing
+    }
+
+-- | Whether to add the certificate to a transparency log.
+--
+-- Valid values: @DISABLED@ | @ENABLED@
+awsCertificateManagerCertificateOptions_certificateTransparencyLoggingPreference :: Lens.Lens' AwsCertificateManagerCertificateOptions (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateOptions_certificateTransparencyLoggingPreference = Lens.lens (\AwsCertificateManagerCertificateOptions' {certificateTransparencyLoggingPreference} -> certificateTransparencyLoggingPreference) (\s@AwsCertificateManagerCertificateOptions' {} a -> s {certificateTransparencyLoggingPreference = a} :: AwsCertificateManagerCertificateOptions)
+
+instance
+  Data.FromJSON
+    AwsCertificateManagerCertificateOptions
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCertificateManagerCertificateOptions"
+      ( \x ->
+          AwsCertificateManagerCertificateOptions'
+            Prelude.<$> ( x
+                            Data..:? "CertificateTransparencyLoggingPreference"
+                        )
+      )
+
+instance
+  Prelude.Hashable
+    AwsCertificateManagerCertificateOptions
+  where
+  hashWithSalt
+    _salt
+    AwsCertificateManagerCertificateOptions' {..} =
+      _salt
+        `Prelude.hashWithSalt` certificateTransparencyLoggingPreference
+
+instance
+  Prelude.NFData
+    AwsCertificateManagerCertificateOptions
+  where
+  rnf AwsCertificateManagerCertificateOptions' {..} =
+    Prelude.rnf
+      certificateTransparencyLoggingPreference
+
+instance
+  Data.ToJSON
+    AwsCertificateManagerCertificateOptions
+  where
+  toJSON AwsCertificateManagerCertificateOptions' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CertificateTransparencyLoggingPreference" Data..=)
+              Prelude.<$> certificateTransparencyLoggingPreference
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateRenewalSummary.hs b/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateRenewalSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateRenewalSummary.hs
@@ -0,0 +1,205 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateRenewalSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateRenewalSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateDomainValidationOption
+
+-- | Contains information about the Certificate Manager managed renewal for
+-- an @AMAZON_ISSUED@ certificate.
+--
+-- /See:/ 'newAwsCertificateManagerCertificateRenewalSummary' smart constructor.
+data AwsCertificateManagerCertificateRenewalSummary = AwsCertificateManagerCertificateRenewalSummary'
+  { -- | Information about the validation of each domain name in the certificate,
+    -- as it pertains to Certificate Manager managed renewal. Provided only
+    -- when the certificate type is @AMAZON_ISSUED@.
+    domainValidationOptions :: Prelude.Maybe [AwsCertificateManagerCertificateDomainValidationOption],
+    -- | The status of the Certificate Manager managed renewal of the
+    -- certificate.
+    --
+    -- Valid values: @PENDING_AUTO_RENEWAL@ | @PENDING_VALIDATION@ | @SUCCESS@
+    -- | @FAILED@
+    renewalStatus :: Prelude.Maybe Prelude.Text,
+    -- | The reason that a renewal request was unsuccessful. This attribute is
+    -- used only when @RenewalStatus@ is @FAILED@.
+    --
+    -- Valid values: @NO_AVAILABLE_CONTACTS@ |
+    -- @ADDITIONAL_VERIFICATION_REQUIRED@ | @DOMAIN_NOT_ALLOWED@ |
+    -- @INVALID_PUBLIC_DOMAIN@ | @DOMAIN_VALIDATION_DENIED@ | @CAA_ERROR@ |
+    -- @PCA_LIMIT_EXCEEDED@ | @PCA_INVALID_ARN@ | @PCA_INVALID_STATE@ |
+    -- @PCA_REQUEST_FAILED@ | @PCA_NAME_CONSTRAINTS_VALIDATION@ |
+    -- @PCA_RESOURCE_NOT_FOUND@ | @PCA_INVALID_ARGS@ | @PCA_INVALID_DURATION@ |
+    -- @PCA_ACCESS_DENIED@ | @SLR_NOT_FOUND@ | @OTHER@
+    renewalStatusReason :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the renewal summary was last updated.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    updatedAt :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCertificateManagerCertificateRenewalSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'domainValidationOptions', 'awsCertificateManagerCertificateRenewalSummary_domainValidationOptions' - Information about the validation of each domain name in the certificate,
+-- as it pertains to Certificate Manager managed renewal. Provided only
+-- when the certificate type is @AMAZON_ISSUED@.
+--
+-- 'renewalStatus', 'awsCertificateManagerCertificateRenewalSummary_renewalStatus' - The status of the Certificate Manager managed renewal of the
+-- certificate.
+--
+-- Valid values: @PENDING_AUTO_RENEWAL@ | @PENDING_VALIDATION@ | @SUCCESS@
+-- | @FAILED@
+--
+-- 'renewalStatusReason', 'awsCertificateManagerCertificateRenewalSummary_renewalStatusReason' - The reason that a renewal request was unsuccessful. This attribute is
+-- used only when @RenewalStatus@ is @FAILED@.
+--
+-- Valid values: @NO_AVAILABLE_CONTACTS@ |
+-- @ADDITIONAL_VERIFICATION_REQUIRED@ | @DOMAIN_NOT_ALLOWED@ |
+-- @INVALID_PUBLIC_DOMAIN@ | @DOMAIN_VALIDATION_DENIED@ | @CAA_ERROR@ |
+-- @PCA_LIMIT_EXCEEDED@ | @PCA_INVALID_ARN@ | @PCA_INVALID_STATE@ |
+-- @PCA_REQUEST_FAILED@ | @PCA_NAME_CONSTRAINTS_VALIDATION@ |
+-- @PCA_RESOURCE_NOT_FOUND@ | @PCA_INVALID_ARGS@ | @PCA_INVALID_DURATION@ |
+-- @PCA_ACCESS_DENIED@ | @SLR_NOT_FOUND@ | @OTHER@
+--
+-- 'updatedAt', 'awsCertificateManagerCertificateRenewalSummary_updatedAt' - Indicates when the renewal summary was last updated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+newAwsCertificateManagerCertificateRenewalSummary ::
+  AwsCertificateManagerCertificateRenewalSummary
+newAwsCertificateManagerCertificateRenewalSummary =
+  AwsCertificateManagerCertificateRenewalSummary'
+    { domainValidationOptions =
+        Prelude.Nothing,
+      renewalStatus =
+        Prelude.Nothing,
+      renewalStatusReason =
+        Prelude.Nothing,
+      updatedAt = Prelude.Nothing
+    }
+
+-- | Information about the validation of each domain name in the certificate,
+-- as it pertains to Certificate Manager managed renewal. Provided only
+-- when the certificate type is @AMAZON_ISSUED@.
+awsCertificateManagerCertificateRenewalSummary_domainValidationOptions :: Lens.Lens' AwsCertificateManagerCertificateRenewalSummary (Prelude.Maybe [AwsCertificateManagerCertificateDomainValidationOption])
+awsCertificateManagerCertificateRenewalSummary_domainValidationOptions = Lens.lens (\AwsCertificateManagerCertificateRenewalSummary' {domainValidationOptions} -> domainValidationOptions) (\s@AwsCertificateManagerCertificateRenewalSummary' {} a -> s {domainValidationOptions = a} :: AwsCertificateManagerCertificateRenewalSummary) Prelude.. Lens.mapping Lens.coerced
+
+-- | The status of the Certificate Manager managed renewal of the
+-- certificate.
+--
+-- Valid values: @PENDING_AUTO_RENEWAL@ | @PENDING_VALIDATION@ | @SUCCESS@
+-- | @FAILED@
+awsCertificateManagerCertificateRenewalSummary_renewalStatus :: Lens.Lens' AwsCertificateManagerCertificateRenewalSummary (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateRenewalSummary_renewalStatus = Lens.lens (\AwsCertificateManagerCertificateRenewalSummary' {renewalStatus} -> renewalStatus) (\s@AwsCertificateManagerCertificateRenewalSummary' {} a -> s {renewalStatus = a} :: AwsCertificateManagerCertificateRenewalSummary)
+
+-- | The reason that a renewal request was unsuccessful. This attribute is
+-- used only when @RenewalStatus@ is @FAILED@.
+--
+-- Valid values: @NO_AVAILABLE_CONTACTS@ |
+-- @ADDITIONAL_VERIFICATION_REQUIRED@ | @DOMAIN_NOT_ALLOWED@ |
+-- @INVALID_PUBLIC_DOMAIN@ | @DOMAIN_VALIDATION_DENIED@ | @CAA_ERROR@ |
+-- @PCA_LIMIT_EXCEEDED@ | @PCA_INVALID_ARN@ | @PCA_INVALID_STATE@ |
+-- @PCA_REQUEST_FAILED@ | @PCA_NAME_CONSTRAINTS_VALIDATION@ |
+-- @PCA_RESOURCE_NOT_FOUND@ | @PCA_INVALID_ARGS@ | @PCA_INVALID_DURATION@ |
+-- @PCA_ACCESS_DENIED@ | @SLR_NOT_FOUND@ | @OTHER@
+awsCertificateManagerCertificateRenewalSummary_renewalStatusReason :: Lens.Lens' AwsCertificateManagerCertificateRenewalSummary (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateRenewalSummary_renewalStatusReason = Lens.lens (\AwsCertificateManagerCertificateRenewalSummary' {renewalStatusReason} -> renewalStatusReason) (\s@AwsCertificateManagerCertificateRenewalSummary' {} a -> s {renewalStatusReason = a} :: AwsCertificateManagerCertificateRenewalSummary)
+
+-- | Indicates when the renewal summary was last updated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsCertificateManagerCertificateRenewalSummary_updatedAt :: Lens.Lens' AwsCertificateManagerCertificateRenewalSummary (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateRenewalSummary_updatedAt = Lens.lens (\AwsCertificateManagerCertificateRenewalSummary' {updatedAt} -> updatedAt) (\s@AwsCertificateManagerCertificateRenewalSummary' {} a -> s {updatedAt = a} :: AwsCertificateManagerCertificateRenewalSummary)
+
+instance
+  Data.FromJSON
+    AwsCertificateManagerCertificateRenewalSummary
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCertificateManagerCertificateRenewalSummary"
+      ( \x ->
+          AwsCertificateManagerCertificateRenewalSummary'
+            Prelude.<$> ( x
+                            Data..:? "DomainValidationOptions"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "RenewalStatus")
+            Prelude.<*> (x Data..:? "RenewalStatusReason")
+            Prelude.<*> (x Data..:? "UpdatedAt")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCertificateManagerCertificateRenewalSummary
+  where
+  hashWithSalt
+    _salt
+    AwsCertificateManagerCertificateRenewalSummary' {..} =
+      _salt
+        `Prelude.hashWithSalt` domainValidationOptions
+        `Prelude.hashWithSalt` renewalStatus
+        `Prelude.hashWithSalt` renewalStatusReason
+        `Prelude.hashWithSalt` updatedAt
+
+instance
+  Prelude.NFData
+    AwsCertificateManagerCertificateRenewalSummary
+  where
+  rnf
+    AwsCertificateManagerCertificateRenewalSummary' {..} =
+      Prelude.rnf domainValidationOptions
+        `Prelude.seq` Prelude.rnf renewalStatus
+        `Prelude.seq` Prelude.rnf renewalStatusReason
+        `Prelude.seq` Prelude.rnf updatedAt
+
+instance
+  Data.ToJSON
+    AwsCertificateManagerCertificateRenewalSummary
+  where
+  toJSON
+    AwsCertificateManagerCertificateRenewalSummary' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DomainValidationOptions" Data..=)
+                Prelude.<$> domainValidationOptions,
+              ("RenewalStatus" Data..=) Prelude.<$> renewalStatus,
+              ("RenewalStatusReason" Data..=)
+                Prelude.<$> renewalStatusReason,
+              ("UpdatedAt" Data..=) Prelude.<$> updatedAt
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateResourceRecord.hs b/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateResourceRecord.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCertificateManagerCertificateResourceRecord.hs
@@ -0,0 +1,124 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateResourceRecord
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateResourceRecord where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about the CNAME record that is added to the DNS
+-- database for domain validation.
+--
+-- /See:/ 'newAwsCertificateManagerCertificateResourceRecord' smart constructor.
+data AwsCertificateManagerCertificateResourceRecord = AwsCertificateManagerCertificateResourceRecord'
+  { -- | The name of the resource.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The type of resource.
+    type' :: Prelude.Maybe Prelude.Text,
+    -- | The value of the resource.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCertificateManagerCertificateResourceRecord' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'awsCertificateManagerCertificateResourceRecord_name' - The name of the resource.
+--
+-- 'type'', 'awsCertificateManagerCertificateResourceRecord_type' - The type of resource.
+--
+-- 'value', 'awsCertificateManagerCertificateResourceRecord_value' - The value of the resource.
+newAwsCertificateManagerCertificateResourceRecord ::
+  AwsCertificateManagerCertificateResourceRecord
+newAwsCertificateManagerCertificateResourceRecord =
+  AwsCertificateManagerCertificateResourceRecord'
+    { name =
+        Prelude.Nothing,
+      type' = Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | The name of the resource.
+awsCertificateManagerCertificateResourceRecord_name :: Lens.Lens' AwsCertificateManagerCertificateResourceRecord (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateResourceRecord_name = Lens.lens (\AwsCertificateManagerCertificateResourceRecord' {name} -> name) (\s@AwsCertificateManagerCertificateResourceRecord' {} a -> s {name = a} :: AwsCertificateManagerCertificateResourceRecord)
+
+-- | The type of resource.
+awsCertificateManagerCertificateResourceRecord_type :: Lens.Lens' AwsCertificateManagerCertificateResourceRecord (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateResourceRecord_type = Lens.lens (\AwsCertificateManagerCertificateResourceRecord' {type'} -> type') (\s@AwsCertificateManagerCertificateResourceRecord' {} a -> s {type' = a} :: AwsCertificateManagerCertificateResourceRecord)
+
+-- | The value of the resource.
+awsCertificateManagerCertificateResourceRecord_value :: Lens.Lens' AwsCertificateManagerCertificateResourceRecord (Prelude.Maybe Prelude.Text)
+awsCertificateManagerCertificateResourceRecord_value = Lens.lens (\AwsCertificateManagerCertificateResourceRecord' {value} -> value) (\s@AwsCertificateManagerCertificateResourceRecord' {} a -> s {value = a} :: AwsCertificateManagerCertificateResourceRecord)
+
+instance
+  Data.FromJSON
+    AwsCertificateManagerCertificateResourceRecord
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCertificateManagerCertificateResourceRecord"
+      ( \x ->
+          AwsCertificateManagerCertificateResourceRecord'
+            Prelude.<$> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Type")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCertificateManagerCertificateResourceRecord
+  where
+  hashWithSalt
+    _salt
+    AwsCertificateManagerCertificateResourceRecord' {..} =
+      _salt
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` type'
+        `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    AwsCertificateManagerCertificateResourceRecord
+  where
+  rnf
+    AwsCertificateManagerCertificateResourceRecord' {..} =
+      Prelude.rnf name
+        `Prelude.seq` Prelude.rnf type'
+        `Prelude.seq` Prelude.rnf value
+
+instance
+  Data.ToJSON
+    AwsCertificateManagerCertificateResourceRecord
+  where
+  toJSON
+    AwsCertificateManagerCertificateResourceRecord' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Name" Data..=) Prelude.<$> name,
+              ("Type" Data..=) Prelude.<$> type',
+              ("Value" Data..=) Prelude.<$> value
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFormationStackDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFormationStackDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFormationStackDetails.hs
@@ -0,0 +1,295 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFormationStackDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFormationStackDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCloudFormationStackDriftInformationDetails
+import Amazonka.SecurityHub.Types.AwsCloudFormationStackOutputsDetails
+
+-- | Nests a stack as a resource in a top-level template. Nested stacks are
+-- stacks created as resources for another stack.
+--
+-- /See:/ 'newAwsCloudFormationStackDetails' smart constructor.
+data AwsCloudFormationStackDetails = AwsCloudFormationStackDetails'
+  { -- | The capabilities allowed in the stack.
+    capabilities :: Prelude.Maybe [Prelude.Text],
+    -- | The time at which the stack was created.
+    creationTime :: Prelude.Maybe Prelude.Text,
+    -- | A user-defined description associated with the stack.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | Boolean to enable or disable rollback on stack creation failures.
+    disableRollback :: Prelude.Maybe Prelude.Bool,
+    -- | Information about whether a stack\'s actual configuration differs, or
+    -- has drifted, from its expected configuration, as defined in the stack
+    -- template and any values specified as template parameters.
+    driftInformation :: Prelude.Maybe AwsCloudFormationStackDriftInformationDetails,
+    -- | Whether termination protection is enabled for the stack.
+    enableTerminationProtection :: Prelude.Maybe Prelude.Bool,
+    -- | The time the nested stack was last updated. This field will only be
+    -- returned if the stack has been updated at least once.
+    lastUpdatedTime :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Resource Names (ARNs) of the Amazon SNS topic to which
+    -- stack-related events are published.
+    notificationArns :: Prelude.Maybe [Prelude.Text],
+    -- | A list of output structures.
+    outputs :: Prelude.Maybe [AwsCloudFormationStackOutputsDetails],
+    -- | The ARN of an IAM role that\'s associated with the stack.
+    roleArn :: Prelude.Maybe Prelude.Text,
+    -- | Unique identifier of the stack.
+    stackId :: Prelude.Maybe Prelude.Text,
+    -- | The name associated with the stack.
+    stackName :: Prelude.Maybe Prelude.Text,
+    -- | Current status of the stack.
+    stackStatus :: Prelude.Maybe Prelude.Text,
+    -- | Success or failure message associated with the stack status.
+    stackStatusReason :: Prelude.Maybe Prelude.Text,
+    -- | The length of time, in minutes, that CloudFormation waits for the nested
+    -- stack to reach the @CREATE_COMPLETE@ state.
+    timeoutInMinutes :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFormationStackDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'capabilities', 'awsCloudFormationStackDetails_capabilities' - The capabilities allowed in the stack.
+--
+-- 'creationTime', 'awsCloudFormationStackDetails_creationTime' - The time at which the stack was created.
+--
+-- 'description', 'awsCloudFormationStackDetails_description' - A user-defined description associated with the stack.
+--
+-- 'disableRollback', 'awsCloudFormationStackDetails_disableRollback' - Boolean to enable or disable rollback on stack creation failures.
+--
+-- 'driftInformation', 'awsCloudFormationStackDetails_driftInformation' - Information about whether a stack\'s actual configuration differs, or
+-- has drifted, from its expected configuration, as defined in the stack
+-- template and any values specified as template parameters.
+--
+-- 'enableTerminationProtection', 'awsCloudFormationStackDetails_enableTerminationProtection' - Whether termination protection is enabled for the stack.
+--
+-- 'lastUpdatedTime', 'awsCloudFormationStackDetails_lastUpdatedTime' - The time the nested stack was last updated. This field will only be
+-- returned if the stack has been updated at least once.
+--
+-- 'notificationArns', 'awsCloudFormationStackDetails_notificationArns' - The Amazon Resource Names (ARNs) of the Amazon SNS topic to which
+-- stack-related events are published.
+--
+-- 'outputs', 'awsCloudFormationStackDetails_outputs' - A list of output structures.
+--
+-- 'roleArn', 'awsCloudFormationStackDetails_roleArn' - The ARN of an IAM role that\'s associated with the stack.
+--
+-- 'stackId', 'awsCloudFormationStackDetails_stackId' - Unique identifier of the stack.
+--
+-- 'stackName', 'awsCloudFormationStackDetails_stackName' - The name associated with the stack.
+--
+-- 'stackStatus', 'awsCloudFormationStackDetails_stackStatus' - Current status of the stack.
+--
+-- 'stackStatusReason', 'awsCloudFormationStackDetails_stackStatusReason' - Success or failure message associated with the stack status.
+--
+-- 'timeoutInMinutes', 'awsCloudFormationStackDetails_timeoutInMinutes' - The length of time, in minutes, that CloudFormation waits for the nested
+-- stack to reach the @CREATE_COMPLETE@ state.
+newAwsCloudFormationStackDetails ::
+  AwsCloudFormationStackDetails
+newAwsCloudFormationStackDetails =
+  AwsCloudFormationStackDetails'
+    { capabilities =
+        Prelude.Nothing,
+      creationTime = Prelude.Nothing,
+      description = Prelude.Nothing,
+      disableRollback = Prelude.Nothing,
+      driftInformation = Prelude.Nothing,
+      enableTerminationProtection =
+        Prelude.Nothing,
+      lastUpdatedTime = Prelude.Nothing,
+      notificationArns = Prelude.Nothing,
+      outputs = Prelude.Nothing,
+      roleArn = Prelude.Nothing,
+      stackId = Prelude.Nothing,
+      stackName = Prelude.Nothing,
+      stackStatus = Prelude.Nothing,
+      stackStatusReason = Prelude.Nothing,
+      timeoutInMinutes = Prelude.Nothing
+    }
+
+-- | The capabilities allowed in the stack.
+awsCloudFormationStackDetails_capabilities :: Lens.Lens' AwsCloudFormationStackDetails (Prelude.Maybe [Prelude.Text])
+awsCloudFormationStackDetails_capabilities = Lens.lens (\AwsCloudFormationStackDetails' {capabilities} -> capabilities) (\s@AwsCloudFormationStackDetails' {} a -> s {capabilities = a} :: AwsCloudFormationStackDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The time at which the stack was created.
+awsCloudFormationStackDetails_creationTime :: Lens.Lens' AwsCloudFormationStackDetails (Prelude.Maybe Prelude.Text)
+awsCloudFormationStackDetails_creationTime = Lens.lens (\AwsCloudFormationStackDetails' {creationTime} -> creationTime) (\s@AwsCloudFormationStackDetails' {} a -> s {creationTime = a} :: AwsCloudFormationStackDetails)
+
+-- | A user-defined description associated with the stack.
+awsCloudFormationStackDetails_description :: Lens.Lens' AwsCloudFormationStackDetails (Prelude.Maybe Prelude.Text)
+awsCloudFormationStackDetails_description = Lens.lens (\AwsCloudFormationStackDetails' {description} -> description) (\s@AwsCloudFormationStackDetails' {} a -> s {description = a} :: AwsCloudFormationStackDetails)
+
+-- | Boolean to enable or disable rollback on stack creation failures.
+awsCloudFormationStackDetails_disableRollback :: Lens.Lens' AwsCloudFormationStackDetails (Prelude.Maybe Prelude.Bool)
+awsCloudFormationStackDetails_disableRollback = Lens.lens (\AwsCloudFormationStackDetails' {disableRollback} -> disableRollback) (\s@AwsCloudFormationStackDetails' {} a -> s {disableRollback = a} :: AwsCloudFormationStackDetails)
+
+-- | Information about whether a stack\'s actual configuration differs, or
+-- has drifted, from its expected configuration, as defined in the stack
+-- template and any values specified as template parameters.
+awsCloudFormationStackDetails_driftInformation :: Lens.Lens' AwsCloudFormationStackDetails (Prelude.Maybe AwsCloudFormationStackDriftInformationDetails)
+awsCloudFormationStackDetails_driftInformation = Lens.lens (\AwsCloudFormationStackDetails' {driftInformation} -> driftInformation) (\s@AwsCloudFormationStackDetails' {} a -> s {driftInformation = a} :: AwsCloudFormationStackDetails)
+
+-- | Whether termination protection is enabled for the stack.
+awsCloudFormationStackDetails_enableTerminationProtection :: Lens.Lens' AwsCloudFormationStackDetails (Prelude.Maybe Prelude.Bool)
+awsCloudFormationStackDetails_enableTerminationProtection = Lens.lens (\AwsCloudFormationStackDetails' {enableTerminationProtection} -> enableTerminationProtection) (\s@AwsCloudFormationStackDetails' {} a -> s {enableTerminationProtection = a} :: AwsCloudFormationStackDetails)
+
+-- | The time the nested stack was last updated. This field will only be
+-- returned if the stack has been updated at least once.
+awsCloudFormationStackDetails_lastUpdatedTime :: Lens.Lens' AwsCloudFormationStackDetails (Prelude.Maybe Prelude.Text)
+awsCloudFormationStackDetails_lastUpdatedTime = Lens.lens (\AwsCloudFormationStackDetails' {lastUpdatedTime} -> lastUpdatedTime) (\s@AwsCloudFormationStackDetails' {} a -> s {lastUpdatedTime = a} :: AwsCloudFormationStackDetails)
+
+-- | The Amazon Resource Names (ARNs) of the Amazon SNS topic to which
+-- stack-related events are published.
+awsCloudFormationStackDetails_notificationArns :: Lens.Lens' AwsCloudFormationStackDetails (Prelude.Maybe [Prelude.Text])
+awsCloudFormationStackDetails_notificationArns = Lens.lens (\AwsCloudFormationStackDetails' {notificationArns} -> notificationArns) (\s@AwsCloudFormationStackDetails' {} a -> s {notificationArns = a} :: AwsCloudFormationStackDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of output structures.
+awsCloudFormationStackDetails_outputs :: Lens.Lens' AwsCloudFormationStackDetails (Prelude.Maybe [AwsCloudFormationStackOutputsDetails])
+awsCloudFormationStackDetails_outputs = Lens.lens (\AwsCloudFormationStackDetails' {outputs} -> outputs) (\s@AwsCloudFormationStackDetails' {} a -> s {outputs = a} :: AwsCloudFormationStackDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN of an IAM role that\'s associated with the stack.
+awsCloudFormationStackDetails_roleArn :: Lens.Lens' AwsCloudFormationStackDetails (Prelude.Maybe Prelude.Text)
+awsCloudFormationStackDetails_roleArn = Lens.lens (\AwsCloudFormationStackDetails' {roleArn} -> roleArn) (\s@AwsCloudFormationStackDetails' {} a -> s {roleArn = a} :: AwsCloudFormationStackDetails)
+
+-- | Unique identifier of the stack.
+awsCloudFormationStackDetails_stackId :: Lens.Lens' AwsCloudFormationStackDetails (Prelude.Maybe Prelude.Text)
+awsCloudFormationStackDetails_stackId = Lens.lens (\AwsCloudFormationStackDetails' {stackId} -> stackId) (\s@AwsCloudFormationStackDetails' {} a -> s {stackId = a} :: AwsCloudFormationStackDetails)
+
+-- | The name associated with the stack.
+awsCloudFormationStackDetails_stackName :: Lens.Lens' AwsCloudFormationStackDetails (Prelude.Maybe Prelude.Text)
+awsCloudFormationStackDetails_stackName = Lens.lens (\AwsCloudFormationStackDetails' {stackName} -> stackName) (\s@AwsCloudFormationStackDetails' {} a -> s {stackName = a} :: AwsCloudFormationStackDetails)
+
+-- | Current status of the stack.
+awsCloudFormationStackDetails_stackStatus :: Lens.Lens' AwsCloudFormationStackDetails (Prelude.Maybe Prelude.Text)
+awsCloudFormationStackDetails_stackStatus = Lens.lens (\AwsCloudFormationStackDetails' {stackStatus} -> stackStatus) (\s@AwsCloudFormationStackDetails' {} a -> s {stackStatus = a} :: AwsCloudFormationStackDetails)
+
+-- | Success or failure message associated with the stack status.
+awsCloudFormationStackDetails_stackStatusReason :: Lens.Lens' AwsCloudFormationStackDetails (Prelude.Maybe Prelude.Text)
+awsCloudFormationStackDetails_stackStatusReason = Lens.lens (\AwsCloudFormationStackDetails' {stackStatusReason} -> stackStatusReason) (\s@AwsCloudFormationStackDetails' {} a -> s {stackStatusReason = a} :: AwsCloudFormationStackDetails)
+
+-- | The length of time, in minutes, that CloudFormation waits for the nested
+-- stack to reach the @CREATE_COMPLETE@ state.
+awsCloudFormationStackDetails_timeoutInMinutes :: Lens.Lens' AwsCloudFormationStackDetails (Prelude.Maybe Prelude.Int)
+awsCloudFormationStackDetails_timeoutInMinutes = Lens.lens (\AwsCloudFormationStackDetails' {timeoutInMinutes} -> timeoutInMinutes) (\s@AwsCloudFormationStackDetails' {} a -> s {timeoutInMinutes = a} :: AwsCloudFormationStackDetails)
+
+instance Data.FromJSON AwsCloudFormationStackDetails where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFormationStackDetails"
+      ( \x ->
+          AwsCloudFormationStackDetails'
+            Prelude.<$> (x Data..:? "Capabilities" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "CreationTime")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "DisableRollback")
+            Prelude.<*> (x Data..:? "DriftInformation")
+            Prelude.<*> (x Data..:? "EnableTerminationProtection")
+            Prelude.<*> (x Data..:? "LastUpdatedTime")
+            Prelude.<*> ( x
+                            Data..:? "NotificationArns"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Outputs" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "RoleArn")
+            Prelude.<*> (x Data..:? "StackId")
+            Prelude.<*> (x Data..:? "StackName")
+            Prelude.<*> (x Data..:? "StackStatus")
+            Prelude.<*> (x Data..:? "StackStatusReason")
+            Prelude.<*> (x Data..:? "TimeoutInMinutes")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFormationStackDetails
+  where
+  hashWithSalt _salt AwsCloudFormationStackDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` capabilities
+      `Prelude.hashWithSalt` creationTime
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` disableRollback
+      `Prelude.hashWithSalt` driftInformation
+      `Prelude.hashWithSalt` enableTerminationProtection
+      `Prelude.hashWithSalt` lastUpdatedTime
+      `Prelude.hashWithSalt` notificationArns
+      `Prelude.hashWithSalt` outputs
+      `Prelude.hashWithSalt` roleArn
+      `Prelude.hashWithSalt` stackId
+      `Prelude.hashWithSalt` stackName
+      `Prelude.hashWithSalt` stackStatus
+      `Prelude.hashWithSalt` stackStatusReason
+      `Prelude.hashWithSalt` timeoutInMinutes
+
+instance Prelude.NFData AwsCloudFormationStackDetails where
+  rnf AwsCloudFormationStackDetails' {..} =
+    Prelude.rnf capabilities
+      `Prelude.seq` Prelude.rnf creationTime
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf disableRollback
+      `Prelude.seq` Prelude.rnf driftInformation
+      `Prelude.seq` Prelude.rnf enableTerminationProtection
+      `Prelude.seq` Prelude.rnf lastUpdatedTime
+      `Prelude.seq` Prelude.rnf notificationArns
+      `Prelude.seq` Prelude.rnf outputs
+      `Prelude.seq` Prelude.rnf roleArn
+      `Prelude.seq` Prelude.rnf stackId
+      `Prelude.seq` Prelude.rnf stackName
+      `Prelude.seq` Prelude.rnf stackStatus
+      `Prelude.seq` Prelude.rnf stackStatusReason
+      `Prelude.seq` Prelude.rnf timeoutInMinutes
+
+instance Data.ToJSON AwsCloudFormationStackDetails where
+  toJSON AwsCloudFormationStackDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Capabilities" Data..=) Prelude.<$> capabilities,
+            ("CreationTime" Data..=) Prelude.<$> creationTime,
+            ("Description" Data..=) Prelude.<$> description,
+            ("DisableRollback" Data..=)
+              Prelude.<$> disableRollback,
+            ("DriftInformation" Data..=)
+              Prelude.<$> driftInformation,
+            ("EnableTerminationProtection" Data..=)
+              Prelude.<$> enableTerminationProtection,
+            ("LastUpdatedTime" Data..=)
+              Prelude.<$> lastUpdatedTime,
+            ("NotificationArns" Data..=)
+              Prelude.<$> notificationArns,
+            ("Outputs" Data..=) Prelude.<$> outputs,
+            ("RoleArn" Data..=) Prelude.<$> roleArn,
+            ("StackId" Data..=) Prelude.<$> stackId,
+            ("StackName" Data..=) Prelude.<$> stackName,
+            ("StackStatus" Data..=) Prelude.<$> stackStatus,
+            ("StackStatusReason" Data..=)
+              Prelude.<$> stackStatusReason,
+            ("TimeoutInMinutes" Data..=)
+              Prelude.<$> timeoutInMinutes
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFormationStackDriftInformationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFormationStackDriftInformationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFormationStackDriftInformationDetails.hs
@@ -0,0 +1,101 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFormationStackDriftInformationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFormationStackDriftInformationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about the stack\'s conformity to its expected
+-- template configuration.
+--
+-- /See:/ 'newAwsCloudFormationStackDriftInformationDetails' smart constructor.
+data AwsCloudFormationStackDriftInformationDetails = AwsCloudFormationStackDriftInformationDetails'
+  { -- | Status of the stack\'s actual configuration compared to its expected
+    -- template configuration.
+    stackDriftStatus :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFormationStackDriftInformationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'stackDriftStatus', 'awsCloudFormationStackDriftInformationDetails_stackDriftStatus' - Status of the stack\'s actual configuration compared to its expected
+-- template configuration.
+newAwsCloudFormationStackDriftInformationDetails ::
+  AwsCloudFormationStackDriftInformationDetails
+newAwsCloudFormationStackDriftInformationDetails =
+  AwsCloudFormationStackDriftInformationDetails'
+    { stackDriftStatus =
+        Prelude.Nothing
+    }
+
+-- | Status of the stack\'s actual configuration compared to its expected
+-- template configuration.
+awsCloudFormationStackDriftInformationDetails_stackDriftStatus :: Lens.Lens' AwsCloudFormationStackDriftInformationDetails (Prelude.Maybe Prelude.Text)
+awsCloudFormationStackDriftInformationDetails_stackDriftStatus = Lens.lens (\AwsCloudFormationStackDriftInformationDetails' {stackDriftStatus} -> stackDriftStatus) (\s@AwsCloudFormationStackDriftInformationDetails' {} a -> s {stackDriftStatus = a} :: AwsCloudFormationStackDriftInformationDetails)
+
+instance
+  Data.FromJSON
+    AwsCloudFormationStackDriftInformationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFormationStackDriftInformationDetails"
+      ( \x ->
+          AwsCloudFormationStackDriftInformationDetails'
+            Prelude.<$> (x Data..:? "StackDriftStatus")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFormationStackDriftInformationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFormationStackDriftInformationDetails' {..} =
+      _salt `Prelude.hashWithSalt` stackDriftStatus
+
+instance
+  Prelude.NFData
+    AwsCloudFormationStackDriftInformationDetails
+  where
+  rnf
+    AwsCloudFormationStackDriftInformationDetails' {..} =
+      Prelude.rnf stackDriftStatus
+
+instance
+  Data.ToJSON
+    AwsCloudFormationStackDriftInformationDetails
+  where
+  toJSON
+    AwsCloudFormationStackDriftInformationDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("StackDriftStatus" Data..=)
+                Prelude.<$> stackDriftStatus
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFormationStackOutputsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFormationStackOutputsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFormationStackOutputsDetails.hs
@@ -0,0 +1,121 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFormationStackOutputsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFormationStackOutputsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about the CloudFormation stack output.
+--
+-- /See:/ 'newAwsCloudFormationStackOutputsDetails' smart constructor.
+data AwsCloudFormationStackOutputsDetails = AwsCloudFormationStackOutputsDetails'
+  { -- | A user-defined description associated with the output.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The key associated with the output.
+    outputKey :: Prelude.Maybe Prelude.Text,
+    -- | The value associated with the output.
+    outputValue :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFormationStackOutputsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'awsCloudFormationStackOutputsDetails_description' - A user-defined description associated with the output.
+--
+-- 'outputKey', 'awsCloudFormationStackOutputsDetails_outputKey' - The key associated with the output.
+--
+-- 'outputValue', 'awsCloudFormationStackOutputsDetails_outputValue' - The value associated with the output.
+newAwsCloudFormationStackOutputsDetails ::
+  AwsCloudFormationStackOutputsDetails
+newAwsCloudFormationStackOutputsDetails =
+  AwsCloudFormationStackOutputsDetails'
+    { description =
+        Prelude.Nothing,
+      outputKey = Prelude.Nothing,
+      outputValue = Prelude.Nothing
+    }
+
+-- | A user-defined description associated with the output.
+awsCloudFormationStackOutputsDetails_description :: Lens.Lens' AwsCloudFormationStackOutputsDetails (Prelude.Maybe Prelude.Text)
+awsCloudFormationStackOutputsDetails_description = Lens.lens (\AwsCloudFormationStackOutputsDetails' {description} -> description) (\s@AwsCloudFormationStackOutputsDetails' {} a -> s {description = a} :: AwsCloudFormationStackOutputsDetails)
+
+-- | The key associated with the output.
+awsCloudFormationStackOutputsDetails_outputKey :: Lens.Lens' AwsCloudFormationStackOutputsDetails (Prelude.Maybe Prelude.Text)
+awsCloudFormationStackOutputsDetails_outputKey = Lens.lens (\AwsCloudFormationStackOutputsDetails' {outputKey} -> outputKey) (\s@AwsCloudFormationStackOutputsDetails' {} a -> s {outputKey = a} :: AwsCloudFormationStackOutputsDetails)
+
+-- | The value associated with the output.
+awsCloudFormationStackOutputsDetails_outputValue :: Lens.Lens' AwsCloudFormationStackOutputsDetails (Prelude.Maybe Prelude.Text)
+awsCloudFormationStackOutputsDetails_outputValue = Lens.lens (\AwsCloudFormationStackOutputsDetails' {outputValue} -> outputValue) (\s@AwsCloudFormationStackOutputsDetails' {} a -> s {outputValue = a} :: AwsCloudFormationStackOutputsDetails)
+
+instance
+  Data.FromJSON
+    AwsCloudFormationStackOutputsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFormationStackOutputsDetails"
+      ( \x ->
+          AwsCloudFormationStackOutputsDetails'
+            Prelude.<$> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "OutputKey")
+            Prelude.<*> (x Data..:? "OutputValue")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFormationStackOutputsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFormationStackOutputsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` description
+        `Prelude.hashWithSalt` outputKey
+        `Prelude.hashWithSalt` outputValue
+
+instance
+  Prelude.NFData
+    AwsCloudFormationStackOutputsDetails
+  where
+  rnf AwsCloudFormationStackOutputsDetails' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf outputKey
+      `Prelude.seq` Prelude.rnf outputValue
+
+instance
+  Data.ToJSON
+    AwsCloudFormationStackOutputsDetails
+  where
+  toJSON AwsCloudFormationStackOutputsDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Description" Data..=) Prelude.<$> description,
+            ("OutputKey" Data..=) Prelude.<$> outputKey,
+            ("OutputValue" Data..=) Prelude.<$> outputValue
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionCacheBehavior.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionCacheBehavior.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionCacheBehavior.hs
@@ -0,0 +1,125 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFrontDistributionCacheBehavior
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFrontDistributionCacheBehavior where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about a cache behavior for the distribution.
+--
+-- /See:/ 'newAwsCloudFrontDistributionCacheBehavior' smart constructor.
+data AwsCloudFrontDistributionCacheBehavior = AwsCloudFrontDistributionCacheBehavior'
+  { -- | The protocol that viewers can use to access the files in an origin. You
+    -- can specify the following options:
+    --
+    -- -   @allow-all@ - Viewers can use HTTP or HTTPS.
+    --
+    -- -   @redirect-to-https@ - CloudFront responds to HTTP requests with an
+    --     HTTP status code of 301 (Moved Permanently) and the HTTPS URL. The
+    --     viewer then uses the new URL to resubmit.
+    --
+    -- -   @https-only@ - CloudFront responds to HTTP request with an HTTP
+    --     status code of 403 (Forbidden).
+    viewerProtocolPolicy :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFrontDistributionCacheBehavior' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'viewerProtocolPolicy', 'awsCloudFrontDistributionCacheBehavior_viewerProtocolPolicy' - The protocol that viewers can use to access the files in an origin. You
+-- can specify the following options:
+--
+-- -   @allow-all@ - Viewers can use HTTP or HTTPS.
+--
+-- -   @redirect-to-https@ - CloudFront responds to HTTP requests with an
+--     HTTP status code of 301 (Moved Permanently) and the HTTPS URL. The
+--     viewer then uses the new URL to resubmit.
+--
+-- -   @https-only@ - CloudFront responds to HTTP request with an HTTP
+--     status code of 403 (Forbidden).
+newAwsCloudFrontDistributionCacheBehavior ::
+  AwsCloudFrontDistributionCacheBehavior
+newAwsCloudFrontDistributionCacheBehavior =
+  AwsCloudFrontDistributionCacheBehavior'
+    { viewerProtocolPolicy =
+        Prelude.Nothing
+    }
+
+-- | The protocol that viewers can use to access the files in an origin. You
+-- can specify the following options:
+--
+-- -   @allow-all@ - Viewers can use HTTP or HTTPS.
+--
+-- -   @redirect-to-https@ - CloudFront responds to HTTP requests with an
+--     HTTP status code of 301 (Moved Permanently) and the HTTPS URL. The
+--     viewer then uses the new URL to resubmit.
+--
+-- -   @https-only@ - CloudFront responds to HTTP request with an HTTP
+--     status code of 403 (Forbidden).
+awsCloudFrontDistributionCacheBehavior_viewerProtocolPolicy :: Lens.Lens' AwsCloudFrontDistributionCacheBehavior (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionCacheBehavior_viewerProtocolPolicy = Lens.lens (\AwsCloudFrontDistributionCacheBehavior' {viewerProtocolPolicy} -> viewerProtocolPolicy) (\s@AwsCloudFrontDistributionCacheBehavior' {} a -> s {viewerProtocolPolicy = a} :: AwsCloudFrontDistributionCacheBehavior)
+
+instance
+  Data.FromJSON
+    AwsCloudFrontDistributionCacheBehavior
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFrontDistributionCacheBehavior"
+      ( \x ->
+          AwsCloudFrontDistributionCacheBehavior'
+            Prelude.<$> (x Data..:? "ViewerProtocolPolicy")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFrontDistributionCacheBehavior
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFrontDistributionCacheBehavior' {..} =
+      _salt `Prelude.hashWithSalt` viewerProtocolPolicy
+
+instance
+  Prelude.NFData
+    AwsCloudFrontDistributionCacheBehavior
+  where
+  rnf AwsCloudFrontDistributionCacheBehavior' {..} =
+    Prelude.rnf viewerProtocolPolicy
+
+instance
+  Data.ToJSON
+    AwsCloudFrontDistributionCacheBehavior
+  where
+  toJSON AwsCloudFrontDistributionCacheBehavior' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ViewerProtocolPolicy" Data..=)
+              Prelude.<$> viewerProtocolPolicy
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionCacheBehaviors.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionCacheBehaviors.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionCacheBehaviors.hs
@@ -0,0 +1,94 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFrontDistributionCacheBehaviors
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFrontDistributionCacheBehaviors where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionCacheBehavior
+
+-- | Provides information about caching for the CloudFront distribution.
+--
+-- /See:/ 'newAwsCloudFrontDistributionCacheBehaviors' smart constructor.
+data AwsCloudFrontDistributionCacheBehaviors = AwsCloudFrontDistributionCacheBehaviors'
+  { -- | The cache behaviors for the distribution.
+    items :: Prelude.Maybe [AwsCloudFrontDistributionCacheBehavior]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFrontDistributionCacheBehaviors' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'items', 'awsCloudFrontDistributionCacheBehaviors_items' - The cache behaviors for the distribution.
+newAwsCloudFrontDistributionCacheBehaviors ::
+  AwsCloudFrontDistributionCacheBehaviors
+newAwsCloudFrontDistributionCacheBehaviors =
+  AwsCloudFrontDistributionCacheBehaviors'
+    { items =
+        Prelude.Nothing
+    }
+
+-- | The cache behaviors for the distribution.
+awsCloudFrontDistributionCacheBehaviors_items :: Lens.Lens' AwsCloudFrontDistributionCacheBehaviors (Prelude.Maybe [AwsCloudFrontDistributionCacheBehavior])
+awsCloudFrontDistributionCacheBehaviors_items = Lens.lens (\AwsCloudFrontDistributionCacheBehaviors' {items} -> items) (\s@AwsCloudFrontDistributionCacheBehaviors' {} a -> s {items = a} :: AwsCloudFrontDistributionCacheBehaviors) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsCloudFrontDistributionCacheBehaviors
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFrontDistributionCacheBehaviors"
+      ( \x ->
+          AwsCloudFrontDistributionCacheBehaviors'
+            Prelude.<$> (x Data..:? "Items" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFrontDistributionCacheBehaviors
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFrontDistributionCacheBehaviors' {..} =
+      _salt `Prelude.hashWithSalt` items
+
+instance
+  Prelude.NFData
+    AwsCloudFrontDistributionCacheBehaviors
+  where
+  rnf AwsCloudFrontDistributionCacheBehaviors' {..} =
+    Prelude.rnf items
+
+instance
+  Data.ToJSON
+    AwsCloudFrontDistributionCacheBehaviors
+  where
+  toJSON AwsCloudFrontDistributionCacheBehaviors' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Items" Data..=) Prelude.<$> items]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionDefaultCacheBehavior.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionDefaultCacheBehavior.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionDefaultCacheBehavior.hs
@@ -0,0 +1,128 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFrontDistributionDefaultCacheBehavior
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFrontDistributionDefaultCacheBehavior where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the default cache configuration for the
+-- CloudFront distribution.
+--
+-- /See:/ 'newAwsCloudFrontDistributionDefaultCacheBehavior' smart constructor.
+data AwsCloudFrontDistributionDefaultCacheBehavior = AwsCloudFrontDistributionDefaultCacheBehavior'
+  { -- | The protocol that viewers can use to access the files in an origin. You
+    -- can specify the following options:
+    --
+    -- -   @allow-all@ - Viewers can use HTTP or HTTPS.
+    --
+    -- -   @redirect-to-https@ - CloudFront responds to HTTP requests with an
+    --     HTTP status code of 301 (Moved Permanently) and the HTTPS URL. The
+    --     viewer then uses the new URL to resubmit.
+    --
+    -- -   @https-only@ - CloudFront responds to HTTP request with an HTTP
+    --     status code of 403 (Forbidden).
+    viewerProtocolPolicy :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFrontDistributionDefaultCacheBehavior' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'viewerProtocolPolicy', 'awsCloudFrontDistributionDefaultCacheBehavior_viewerProtocolPolicy' - The protocol that viewers can use to access the files in an origin. You
+-- can specify the following options:
+--
+-- -   @allow-all@ - Viewers can use HTTP or HTTPS.
+--
+-- -   @redirect-to-https@ - CloudFront responds to HTTP requests with an
+--     HTTP status code of 301 (Moved Permanently) and the HTTPS URL. The
+--     viewer then uses the new URL to resubmit.
+--
+-- -   @https-only@ - CloudFront responds to HTTP request with an HTTP
+--     status code of 403 (Forbidden).
+newAwsCloudFrontDistributionDefaultCacheBehavior ::
+  AwsCloudFrontDistributionDefaultCacheBehavior
+newAwsCloudFrontDistributionDefaultCacheBehavior =
+  AwsCloudFrontDistributionDefaultCacheBehavior'
+    { viewerProtocolPolicy =
+        Prelude.Nothing
+    }
+
+-- | The protocol that viewers can use to access the files in an origin. You
+-- can specify the following options:
+--
+-- -   @allow-all@ - Viewers can use HTTP or HTTPS.
+--
+-- -   @redirect-to-https@ - CloudFront responds to HTTP requests with an
+--     HTTP status code of 301 (Moved Permanently) and the HTTPS URL. The
+--     viewer then uses the new URL to resubmit.
+--
+-- -   @https-only@ - CloudFront responds to HTTP request with an HTTP
+--     status code of 403 (Forbidden).
+awsCloudFrontDistributionDefaultCacheBehavior_viewerProtocolPolicy :: Lens.Lens' AwsCloudFrontDistributionDefaultCacheBehavior (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionDefaultCacheBehavior_viewerProtocolPolicy = Lens.lens (\AwsCloudFrontDistributionDefaultCacheBehavior' {viewerProtocolPolicy} -> viewerProtocolPolicy) (\s@AwsCloudFrontDistributionDefaultCacheBehavior' {} a -> s {viewerProtocolPolicy = a} :: AwsCloudFrontDistributionDefaultCacheBehavior)
+
+instance
+  Data.FromJSON
+    AwsCloudFrontDistributionDefaultCacheBehavior
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFrontDistributionDefaultCacheBehavior"
+      ( \x ->
+          AwsCloudFrontDistributionDefaultCacheBehavior'
+            Prelude.<$> (x Data..:? "ViewerProtocolPolicy")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFrontDistributionDefaultCacheBehavior
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFrontDistributionDefaultCacheBehavior' {..} =
+      _salt `Prelude.hashWithSalt` viewerProtocolPolicy
+
+instance
+  Prelude.NFData
+    AwsCloudFrontDistributionDefaultCacheBehavior
+  where
+  rnf
+    AwsCloudFrontDistributionDefaultCacheBehavior' {..} =
+      Prelude.rnf viewerProtocolPolicy
+
+instance
+  Data.ToJSON
+    AwsCloudFrontDistributionDefaultCacheBehavior
+  where
+  toJSON
+    AwsCloudFrontDistributionDefaultCacheBehavior' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("ViewerProtocolPolicy" Data..=)
+                Prelude.<$> viewerProtocolPolicy
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionDetails.hs
@@ -0,0 +1,282 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFrontDistributionDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFrontDistributionDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionCacheBehaviors
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionDefaultCacheBehavior
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionLogging
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroups
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOrigins
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionViewerCertificate
+
+-- | A CloudFront distribution configuration.
+--
+-- /See:/ 'newAwsCloudFrontDistributionDetails' smart constructor.
+data AwsCloudFrontDistributionDetails = AwsCloudFrontDistributionDetails'
+  { -- | Provides information about the cache configuration for the distribution.
+    cacheBehaviors :: Prelude.Maybe AwsCloudFrontDistributionCacheBehaviors,
+    -- | The default cache behavior for the configuration.
+    defaultCacheBehavior :: Prelude.Maybe AwsCloudFrontDistributionDefaultCacheBehavior,
+    -- | The object that CloudFront sends in response to requests from the origin
+    -- (for example, index.html) when a viewer requests the root URL for the
+    -- distribution (http:\/\/www.example.com) instead of an object in your
+    -- distribution (http:\/\/www.example.com\/product-description.html).
+    defaultRootObject :: Prelude.Maybe Prelude.Text,
+    -- | The domain name corresponding to the distribution.
+    domainName :: Prelude.Maybe Prelude.Text,
+    -- | The entity tag is a hash of the object.
+    eTag :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when that the distribution was last modified.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    lastModifiedTime :: Prelude.Maybe Prelude.Text,
+    -- | A complex type that controls whether access logs are written for the
+    -- distribution.
+    logging :: Prelude.Maybe AwsCloudFrontDistributionLogging,
+    -- | Provides information about the origin groups in the distribution.
+    originGroups :: Prelude.Maybe AwsCloudFrontDistributionOriginGroups,
+    -- | A complex type that contains information about origins for this
+    -- distribution.
+    origins :: Prelude.Maybe AwsCloudFrontDistributionOrigins,
+    -- | Indicates the current status of the distribution.
+    status :: Prelude.Maybe Prelude.Text,
+    -- | Provides information about the TLS\/SSL configuration that the
+    -- distribution uses to communicate with viewers.
+    viewerCertificate :: Prelude.Maybe AwsCloudFrontDistributionViewerCertificate,
+    -- | A unique identifier that specifies the WAF web ACL, if any, to associate
+    -- with this distribution.
+    webAclId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFrontDistributionDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cacheBehaviors', 'awsCloudFrontDistributionDetails_cacheBehaviors' - Provides information about the cache configuration for the distribution.
+--
+-- 'defaultCacheBehavior', 'awsCloudFrontDistributionDetails_defaultCacheBehavior' - The default cache behavior for the configuration.
+--
+-- 'defaultRootObject', 'awsCloudFrontDistributionDetails_defaultRootObject' - The object that CloudFront sends in response to requests from the origin
+-- (for example, index.html) when a viewer requests the root URL for the
+-- distribution (http:\/\/www.example.com) instead of an object in your
+-- distribution (http:\/\/www.example.com\/product-description.html).
+--
+-- 'domainName', 'awsCloudFrontDistributionDetails_domainName' - The domain name corresponding to the distribution.
+--
+-- 'eTag', 'awsCloudFrontDistributionDetails_eTag' - The entity tag is a hash of the object.
+--
+-- 'lastModifiedTime', 'awsCloudFrontDistributionDetails_lastModifiedTime' - Indicates when that the distribution was last modified.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'logging', 'awsCloudFrontDistributionDetails_logging' - A complex type that controls whether access logs are written for the
+-- distribution.
+--
+-- 'originGroups', 'awsCloudFrontDistributionDetails_originGroups' - Provides information about the origin groups in the distribution.
+--
+-- 'origins', 'awsCloudFrontDistributionDetails_origins' - A complex type that contains information about origins for this
+-- distribution.
+--
+-- 'status', 'awsCloudFrontDistributionDetails_status' - Indicates the current status of the distribution.
+--
+-- 'viewerCertificate', 'awsCloudFrontDistributionDetails_viewerCertificate' - Provides information about the TLS\/SSL configuration that the
+-- distribution uses to communicate with viewers.
+--
+-- 'webAclId', 'awsCloudFrontDistributionDetails_webAclId' - A unique identifier that specifies the WAF web ACL, if any, to associate
+-- with this distribution.
+newAwsCloudFrontDistributionDetails ::
+  AwsCloudFrontDistributionDetails
+newAwsCloudFrontDistributionDetails =
+  AwsCloudFrontDistributionDetails'
+    { cacheBehaviors =
+        Prelude.Nothing,
+      defaultCacheBehavior = Prelude.Nothing,
+      defaultRootObject = Prelude.Nothing,
+      domainName = Prelude.Nothing,
+      eTag = Prelude.Nothing,
+      lastModifiedTime = Prelude.Nothing,
+      logging = Prelude.Nothing,
+      originGroups = Prelude.Nothing,
+      origins = Prelude.Nothing,
+      status = Prelude.Nothing,
+      viewerCertificate = Prelude.Nothing,
+      webAclId = Prelude.Nothing
+    }
+
+-- | Provides information about the cache configuration for the distribution.
+awsCloudFrontDistributionDetails_cacheBehaviors :: Lens.Lens' AwsCloudFrontDistributionDetails (Prelude.Maybe AwsCloudFrontDistributionCacheBehaviors)
+awsCloudFrontDistributionDetails_cacheBehaviors = Lens.lens (\AwsCloudFrontDistributionDetails' {cacheBehaviors} -> cacheBehaviors) (\s@AwsCloudFrontDistributionDetails' {} a -> s {cacheBehaviors = a} :: AwsCloudFrontDistributionDetails)
+
+-- | The default cache behavior for the configuration.
+awsCloudFrontDistributionDetails_defaultCacheBehavior :: Lens.Lens' AwsCloudFrontDistributionDetails (Prelude.Maybe AwsCloudFrontDistributionDefaultCacheBehavior)
+awsCloudFrontDistributionDetails_defaultCacheBehavior = Lens.lens (\AwsCloudFrontDistributionDetails' {defaultCacheBehavior} -> defaultCacheBehavior) (\s@AwsCloudFrontDistributionDetails' {} a -> s {defaultCacheBehavior = a} :: AwsCloudFrontDistributionDetails)
+
+-- | The object that CloudFront sends in response to requests from the origin
+-- (for example, index.html) when a viewer requests the root URL for the
+-- distribution (http:\/\/www.example.com) instead of an object in your
+-- distribution (http:\/\/www.example.com\/product-description.html).
+awsCloudFrontDistributionDetails_defaultRootObject :: Lens.Lens' AwsCloudFrontDistributionDetails (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionDetails_defaultRootObject = Lens.lens (\AwsCloudFrontDistributionDetails' {defaultRootObject} -> defaultRootObject) (\s@AwsCloudFrontDistributionDetails' {} a -> s {defaultRootObject = a} :: AwsCloudFrontDistributionDetails)
+
+-- | The domain name corresponding to the distribution.
+awsCloudFrontDistributionDetails_domainName :: Lens.Lens' AwsCloudFrontDistributionDetails (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionDetails_domainName = Lens.lens (\AwsCloudFrontDistributionDetails' {domainName} -> domainName) (\s@AwsCloudFrontDistributionDetails' {} a -> s {domainName = a} :: AwsCloudFrontDistributionDetails)
+
+-- | The entity tag is a hash of the object.
+awsCloudFrontDistributionDetails_eTag :: Lens.Lens' AwsCloudFrontDistributionDetails (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionDetails_eTag = Lens.lens (\AwsCloudFrontDistributionDetails' {eTag} -> eTag) (\s@AwsCloudFrontDistributionDetails' {} a -> s {eTag = a} :: AwsCloudFrontDistributionDetails)
+
+-- | Indicates when that the distribution was last modified.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsCloudFrontDistributionDetails_lastModifiedTime :: Lens.Lens' AwsCloudFrontDistributionDetails (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionDetails_lastModifiedTime = Lens.lens (\AwsCloudFrontDistributionDetails' {lastModifiedTime} -> lastModifiedTime) (\s@AwsCloudFrontDistributionDetails' {} a -> s {lastModifiedTime = a} :: AwsCloudFrontDistributionDetails)
+
+-- | A complex type that controls whether access logs are written for the
+-- distribution.
+awsCloudFrontDistributionDetails_logging :: Lens.Lens' AwsCloudFrontDistributionDetails (Prelude.Maybe AwsCloudFrontDistributionLogging)
+awsCloudFrontDistributionDetails_logging = Lens.lens (\AwsCloudFrontDistributionDetails' {logging} -> logging) (\s@AwsCloudFrontDistributionDetails' {} a -> s {logging = a} :: AwsCloudFrontDistributionDetails)
+
+-- | Provides information about the origin groups in the distribution.
+awsCloudFrontDistributionDetails_originGroups :: Lens.Lens' AwsCloudFrontDistributionDetails (Prelude.Maybe AwsCloudFrontDistributionOriginGroups)
+awsCloudFrontDistributionDetails_originGroups = Lens.lens (\AwsCloudFrontDistributionDetails' {originGroups} -> originGroups) (\s@AwsCloudFrontDistributionDetails' {} a -> s {originGroups = a} :: AwsCloudFrontDistributionDetails)
+
+-- | A complex type that contains information about origins for this
+-- distribution.
+awsCloudFrontDistributionDetails_origins :: Lens.Lens' AwsCloudFrontDistributionDetails (Prelude.Maybe AwsCloudFrontDistributionOrigins)
+awsCloudFrontDistributionDetails_origins = Lens.lens (\AwsCloudFrontDistributionDetails' {origins} -> origins) (\s@AwsCloudFrontDistributionDetails' {} a -> s {origins = a} :: AwsCloudFrontDistributionDetails)
+
+-- | Indicates the current status of the distribution.
+awsCloudFrontDistributionDetails_status :: Lens.Lens' AwsCloudFrontDistributionDetails (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionDetails_status = Lens.lens (\AwsCloudFrontDistributionDetails' {status} -> status) (\s@AwsCloudFrontDistributionDetails' {} a -> s {status = a} :: AwsCloudFrontDistributionDetails)
+
+-- | Provides information about the TLS\/SSL configuration that the
+-- distribution uses to communicate with viewers.
+awsCloudFrontDistributionDetails_viewerCertificate :: Lens.Lens' AwsCloudFrontDistributionDetails (Prelude.Maybe AwsCloudFrontDistributionViewerCertificate)
+awsCloudFrontDistributionDetails_viewerCertificate = Lens.lens (\AwsCloudFrontDistributionDetails' {viewerCertificate} -> viewerCertificate) (\s@AwsCloudFrontDistributionDetails' {} a -> s {viewerCertificate = a} :: AwsCloudFrontDistributionDetails)
+
+-- | A unique identifier that specifies the WAF web ACL, if any, to associate
+-- with this distribution.
+awsCloudFrontDistributionDetails_webAclId :: Lens.Lens' AwsCloudFrontDistributionDetails (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionDetails_webAclId = Lens.lens (\AwsCloudFrontDistributionDetails' {webAclId} -> webAclId) (\s@AwsCloudFrontDistributionDetails' {} a -> s {webAclId = a} :: AwsCloudFrontDistributionDetails)
+
+instance
+  Data.FromJSON
+    AwsCloudFrontDistributionDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFrontDistributionDetails"
+      ( \x ->
+          AwsCloudFrontDistributionDetails'
+            Prelude.<$> (x Data..:? "CacheBehaviors")
+            Prelude.<*> (x Data..:? "DefaultCacheBehavior")
+            Prelude.<*> (x Data..:? "DefaultRootObject")
+            Prelude.<*> (x Data..:? "DomainName")
+            Prelude.<*> (x Data..:? "ETag")
+            Prelude.<*> (x Data..:? "LastModifiedTime")
+            Prelude.<*> (x Data..:? "Logging")
+            Prelude.<*> (x Data..:? "OriginGroups")
+            Prelude.<*> (x Data..:? "Origins")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "ViewerCertificate")
+            Prelude.<*> (x Data..:? "WebAclId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFrontDistributionDetails
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFrontDistributionDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` cacheBehaviors
+        `Prelude.hashWithSalt` defaultCacheBehavior
+        `Prelude.hashWithSalt` defaultRootObject
+        `Prelude.hashWithSalt` domainName
+        `Prelude.hashWithSalt` eTag
+        `Prelude.hashWithSalt` lastModifiedTime
+        `Prelude.hashWithSalt` logging
+        `Prelude.hashWithSalt` originGroups
+        `Prelude.hashWithSalt` origins
+        `Prelude.hashWithSalt` status
+        `Prelude.hashWithSalt` viewerCertificate
+        `Prelude.hashWithSalt` webAclId
+
+instance
+  Prelude.NFData
+    AwsCloudFrontDistributionDetails
+  where
+  rnf AwsCloudFrontDistributionDetails' {..} =
+    Prelude.rnf cacheBehaviors
+      `Prelude.seq` Prelude.rnf defaultCacheBehavior
+      `Prelude.seq` Prelude.rnf defaultRootObject
+      `Prelude.seq` Prelude.rnf domainName
+      `Prelude.seq` Prelude.rnf eTag
+      `Prelude.seq` Prelude.rnf lastModifiedTime
+      `Prelude.seq` Prelude.rnf logging
+      `Prelude.seq` Prelude.rnf originGroups
+      `Prelude.seq` Prelude.rnf origins
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf viewerCertificate
+      `Prelude.seq` Prelude.rnf webAclId
+
+instance Data.ToJSON AwsCloudFrontDistributionDetails where
+  toJSON AwsCloudFrontDistributionDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CacheBehaviors" Data..=)
+              Prelude.<$> cacheBehaviors,
+            ("DefaultCacheBehavior" Data..=)
+              Prelude.<$> defaultCacheBehavior,
+            ("DefaultRootObject" Data..=)
+              Prelude.<$> defaultRootObject,
+            ("DomainName" Data..=) Prelude.<$> domainName,
+            ("ETag" Data..=) Prelude.<$> eTag,
+            ("LastModifiedTime" Data..=)
+              Prelude.<$> lastModifiedTime,
+            ("Logging" Data..=) Prelude.<$> logging,
+            ("OriginGroups" Data..=) Prelude.<$> originGroups,
+            ("Origins" Data..=) Prelude.<$> origins,
+            ("Status" Data..=) Prelude.<$> status,
+            ("ViewerCertificate" Data..=)
+              Prelude.<$> viewerCertificate,
+            ("WebAclId" Data..=) Prelude.<$> webAclId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionLogging.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionLogging.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionLogging.hs
@@ -0,0 +1,136 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFrontDistributionLogging
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFrontDistributionLogging where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A complex type that controls whether access logs are written for the
+-- CloudFront distribution.
+--
+-- /See:/ 'newAwsCloudFrontDistributionLogging' smart constructor.
+data AwsCloudFrontDistributionLogging = AwsCloudFrontDistributionLogging'
+  { -- | The S3 bucket to store the access logs in.
+    bucket :: Prelude.Maybe Prelude.Text,
+    -- | With this field, you can enable or disable the selected distribution.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | Specifies whether you want CloudFront to include cookies in access logs.
+    includeCookies :: Prelude.Maybe Prelude.Bool,
+    -- | An optional string that you want CloudFront to use as a prefix to the
+    -- access log filenames for this distribution.
+    prefix :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFrontDistributionLogging' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'bucket', 'awsCloudFrontDistributionLogging_bucket' - The S3 bucket to store the access logs in.
+--
+-- 'enabled', 'awsCloudFrontDistributionLogging_enabled' - With this field, you can enable or disable the selected distribution.
+--
+-- 'includeCookies', 'awsCloudFrontDistributionLogging_includeCookies' - Specifies whether you want CloudFront to include cookies in access logs.
+--
+-- 'prefix', 'awsCloudFrontDistributionLogging_prefix' - An optional string that you want CloudFront to use as a prefix to the
+-- access log filenames for this distribution.
+newAwsCloudFrontDistributionLogging ::
+  AwsCloudFrontDistributionLogging
+newAwsCloudFrontDistributionLogging =
+  AwsCloudFrontDistributionLogging'
+    { bucket =
+        Prelude.Nothing,
+      enabled = Prelude.Nothing,
+      includeCookies = Prelude.Nothing,
+      prefix = Prelude.Nothing
+    }
+
+-- | The S3 bucket to store the access logs in.
+awsCloudFrontDistributionLogging_bucket :: Lens.Lens' AwsCloudFrontDistributionLogging (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionLogging_bucket = Lens.lens (\AwsCloudFrontDistributionLogging' {bucket} -> bucket) (\s@AwsCloudFrontDistributionLogging' {} a -> s {bucket = a} :: AwsCloudFrontDistributionLogging)
+
+-- | With this field, you can enable or disable the selected distribution.
+awsCloudFrontDistributionLogging_enabled :: Lens.Lens' AwsCloudFrontDistributionLogging (Prelude.Maybe Prelude.Bool)
+awsCloudFrontDistributionLogging_enabled = Lens.lens (\AwsCloudFrontDistributionLogging' {enabled} -> enabled) (\s@AwsCloudFrontDistributionLogging' {} a -> s {enabled = a} :: AwsCloudFrontDistributionLogging)
+
+-- | Specifies whether you want CloudFront to include cookies in access logs.
+awsCloudFrontDistributionLogging_includeCookies :: Lens.Lens' AwsCloudFrontDistributionLogging (Prelude.Maybe Prelude.Bool)
+awsCloudFrontDistributionLogging_includeCookies = Lens.lens (\AwsCloudFrontDistributionLogging' {includeCookies} -> includeCookies) (\s@AwsCloudFrontDistributionLogging' {} a -> s {includeCookies = a} :: AwsCloudFrontDistributionLogging)
+
+-- | An optional string that you want CloudFront to use as a prefix to the
+-- access log filenames for this distribution.
+awsCloudFrontDistributionLogging_prefix :: Lens.Lens' AwsCloudFrontDistributionLogging (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionLogging_prefix = Lens.lens (\AwsCloudFrontDistributionLogging' {prefix} -> prefix) (\s@AwsCloudFrontDistributionLogging' {} a -> s {prefix = a} :: AwsCloudFrontDistributionLogging)
+
+instance
+  Data.FromJSON
+    AwsCloudFrontDistributionLogging
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFrontDistributionLogging"
+      ( \x ->
+          AwsCloudFrontDistributionLogging'
+            Prelude.<$> (x Data..:? "Bucket")
+            Prelude.<*> (x Data..:? "Enabled")
+            Prelude.<*> (x Data..:? "IncludeCookies")
+            Prelude.<*> (x Data..:? "Prefix")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFrontDistributionLogging
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFrontDistributionLogging' {..} =
+      _salt
+        `Prelude.hashWithSalt` bucket
+        `Prelude.hashWithSalt` enabled
+        `Prelude.hashWithSalt` includeCookies
+        `Prelude.hashWithSalt` prefix
+
+instance
+  Prelude.NFData
+    AwsCloudFrontDistributionLogging
+  where
+  rnf AwsCloudFrontDistributionLogging' {..} =
+    Prelude.rnf bucket
+      `Prelude.seq` Prelude.rnf enabled
+      `Prelude.seq` Prelude.rnf includeCookies
+      `Prelude.seq` Prelude.rnf prefix
+
+instance Data.ToJSON AwsCloudFrontDistributionLogging where
+  toJSON AwsCloudFrontDistributionLogging' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Bucket" Data..=) Prelude.<$> bucket,
+            ("Enabled" Data..=) Prelude.<$> enabled,
+            ("IncludeCookies" Data..=)
+              Prelude.<$> includeCookies,
+            ("Prefix" Data..=) Prelude.<$> prefix
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginCustomOriginConfig.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginCustomOriginConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginCustomOriginConfig.hs
@@ -0,0 +1,187 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginCustomOriginConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginCustomOriginConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginSslProtocols
+
+-- | A custom origin. A custom origin is any origin that is not an Amazon S3
+-- bucket, with one exception. An Amazon S3 bucket that is
+-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html configured with static website hosting>
+-- is a custom origin.
+--
+-- /See:/ 'newAwsCloudFrontDistributionOriginCustomOriginConfig' smart constructor.
+data AwsCloudFrontDistributionOriginCustomOriginConfig = AwsCloudFrontDistributionOriginCustomOriginConfig'
+  { -- | The HTTP port that CloudFront uses to connect to the origin.
+    httpPort :: Prelude.Maybe Prelude.Int,
+    -- | The HTTPS port that CloudFront uses to connect to the origin.
+    httpsPort :: Prelude.Maybe Prelude.Int,
+    -- | Specifies how long, in seconds, CloudFront persists its connection to
+    -- the origin.
+    originKeepaliveTimeout :: Prelude.Maybe Prelude.Int,
+    -- | Specifies the protocol (HTTP or HTTPS) that CloudFront uses to connect
+    -- to the origin.
+    originProtocolPolicy :: Prelude.Maybe Prelude.Text,
+    -- | Specifies how long, in seconds, CloudFront waits for a response from the
+    -- origin.
+    originReadTimeout :: Prelude.Maybe Prelude.Int,
+    -- | Specifies the minimum SSL\/TLS protocol that CloudFront uses when
+    -- connecting to your origin over HTTPS.
+    originSslProtocols :: Prelude.Maybe AwsCloudFrontDistributionOriginSslProtocols
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFrontDistributionOriginCustomOriginConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpPort', 'awsCloudFrontDistributionOriginCustomOriginConfig_httpPort' - The HTTP port that CloudFront uses to connect to the origin.
+--
+-- 'httpsPort', 'awsCloudFrontDistributionOriginCustomOriginConfig_httpsPort' - The HTTPS port that CloudFront uses to connect to the origin.
+--
+-- 'originKeepaliveTimeout', 'awsCloudFrontDistributionOriginCustomOriginConfig_originKeepaliveTimeout' - Specifies how long, in seconds, CloudFront persists its connection to
+-- the origin.
+--
+-- 'originProtocolPolicy', 'awsCloudFrontDistributionOriginCustomOriginConfig_originProtocolPolicy' - Specifies the protocol (HTTP or HTTPS) that CloudFront uses to connect
+-- to the origin.
+--
+-- 'originReadTimeout', 'awsCloudFrontDistributionOriginCustomOriginConfig_originReadTimeout' - Specifies how long, in seconds, CloudFront waits for a response from the
+-- origin.
+--
+-- 'originSslProtocols', 'awsCloudFrontDistributionOriginCustomOriginConfig_originSslProtocols' - Specifies the minimum SSL\/TLS protocol that CloudFront uses when
+-- connecting to your origin over HTTPS.
+newAwsCloudFrontDistributionOriginCustomOriginConfig ::
+  AwsCloudFrontDistributionOriginCustomOriginConfig
+newAwsCloudFrontDistributionOriginCustomOriginConfig =
+  AwsCloudFrontDistributionOriginCustomOriginConfig'
+    { httpPort =
+        Prelude.Nothing,
+      httpsPort =
+        Prelude.Nothing,
+      originKeepaliveTimeout =
+        Prelude.Nothing,
+      originProtocolPolicy =
+        Prelude.Nothing,
+      originReadTimeout =
+        Prelude.Nothing,
+      originSslProtocols =
+        Prelude.Nothing
+    }
+
+-- | The HTTP port that CloudFront uses to connect to the origin.
+awsCloudFrontDistributionOriginCustomOriginConfig_httpPort :: Lens.Lens' AwsCloudFrontDistributionOriginCustomOriginConfig (Prelude.Maybe Prelude.Int)
+awsCloudFrontDistributionOriginCustomOriginConfig_httpPort = Lens.lens (\AwsCloudFrontDistributionOriginCustomOriginConfig' {httpPort} -> httpPort) (\s@AwsCloudFrontDistributionOriginCustomOriginConfig' {} a -> s {httpPort = a} :: AwsCloudFrontDistributionOriginCustomOriginConfig)
+
+-- | The HTTPS port that CloudFront uses to connect to the origin.
+awsCloudFrontDistributionOriginCustomOriginConfig_httpsPort :: Lens.Lens' AwsCloudFrontDistributionOriginCustomOriginConfig (Prelude.Maybe Prelude.Int)
+awsCloudFrontDistributionOriginCustomOriginConfig_httpsPort = Lens.lens (\AwsCloudFrontDistributionOriginCustomOriginConfig' {httpsPort} -> httpsPort) (\s@AwsCloudFrontDistributionOriginCustomOriginConfig' {} a -> s {httpsPort = a} :: AwsCloudFrontDistributionOriginCustomOriginConfig)
+
+-- | Specifies how long, in seconds, CloudFront persists its connection to
+-- the origin.
+awsCloudFrontDistributionOriginCustomOriginConfig_originKeepaliveTimeout :: Lens.Lens' AwsCloudFrontDistributionOriginCustomOriginConfig (Prelude.Maybe Prelude.Int)
+awsCloudFrontDistributionOriginCustomOriginConfig_originKeepaliveTimeout = Lens.lens (\AwsCloudFrontDistributionOriginCustomOriginConfig' {originKeepaliveTimeout} -> originKeepaliveTimeout) (\s@AwsCloudFrontDistributionOriginCustomOriginConfig' {} a -> s {originKeepaliveTimeout = a} :: AwsCloudFrontDistributionOriginCustomOriginConfig)
+
+-- | Specifies the protocol (HTTP or HTTPS) that CloudFront uses to connect
+-- to the origin.
+awsCloudFrontDistributionOriginCustomOriginConfig_originProtocolPolicy :: Lens.Lens' AwsCloudFrontDistributionOriginCustomOriginConfig (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionOriginCustomOriginConfig_originProtocolPolicy = Lens.lens (\AwsCloudFrontDistributionOriginCustomOriginConfig' {originProtocolPolicy} -> originProtocolPolicy) (\s@AwsCloudFrontDistributionOriginCustomOriginConfig' {} a -> s {originProtocolPolicy = a} :: AwsCloudFrontDistributionOriginCustomOriginConfig)
+
+-- | Specifies how long, in seconds, CloudFront waits for a response from the
+-- origin.
+awsCloudFrontDistributionOriginCustomOriginConfig_originReadTimeout :: Lens.Lens' AwsCloudFrontDistributionOriginCustomOriginConfig (Prelude.Maybe Prelude.Int)
+awsCloudFrontDistributionOriginCustomOriginConfig_originReadTimeout = Lens.lens (\AwsCloudFrontDistributionOriginCustomOriginConfig' {originReadTimeout} -> originReadTimeout) (\s@AwsCloudFrontDistributionOriginCustomOriginConfig' {} a -> s {originReadTimeout = a} :: AwsCloudFrontDistributionOriginCustomOriginConfig)
+
+-- | Specifies the minimum SSL\/TLS protocol that CloudFront uses when
+-- connecting to your origin over HTTPS.
+awsCloudFrontDistributionOriginCustomOriginConfig_originSslProtocols :: Lens.Lens' AwsCloudFrontDistributionOriginCustomOriginConfig (Prelude.Maybe AwsCloudFrontDistributionOriginSslProtocols)
+awsCloudFrontDistributionOriginCustomOriginConfig_originSslProtocols = Lens.lens (\AwsCloudFrontDistributionOriginCustomOriginConfig' {originSslProtocols} -> originSslProtocols) (\s@AwsCloudFrontDistributionOriginCustomOriginConfig' {} a -> s {originSslProtocols = a} :: AwsCloudFrontDistributionOriginCustomOriginConfig)
+
+instance
+  Data.FromJSON
+    AwsCloudFrontDistributionOriginCustomOriginConfig
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFrontDistributionOriginCustomOriginConfig"
+      ( \x ->
+          AwsCloudFrontDistributionOriginCustomOriginConfig'
+            Prelude.<$> (x Data..:? "HttpPort")
+            Prelude.<*> (x Data..:? "HttpsPort")
+            Prelude.<*> (x Data..:? "OriginKeepaliveTimeout")
+            Prelude.<*> (x Data..:? "OriginProtocolPolicy")
+            Prelude.<*> (x Data..:? "OriginReadTimeout")
+            Prelude.<*> (x Data..:? "OriginSslProtocols")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFrontDistributionOriginCustomOriginConfig
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFrontDistributionOriginCustomOriginConfig' {..} =
+      _salt
+        `Prelude.hashWithSalt` httpPort
+        `Prelude.hashWithSalt` httpsPort
+        `Prelude.hashWithSalt` originKeepaliveTimeout
+        `Prelude.hashWithSalt` originProtocolPolicy
+        `Prelude.hashWithSalt` originReadTimeout
+        `Prelude.hashWithSalt` originSslProtocols
+
+instance
+  Prelude.NFData
+    AwsCloudFrontDistributionOriginCustomOriginConfig
+  where
+  rnf
+    AwsCloudFrontDistributionOriginCustomOriginConfig' {..} =
+      Prelude.rnf httpPort
+        `Prelude.seq` Prelude.rnf httpsPort
+        `Prelude.seq` Prelude.rnf originKeepaliveTimeout
+        `Prelude.seq` Prelude.rnf originProtocolPolicy
+        `Prelude.seq` Prelude.rnf originReadTimeout
+        `Prelude.seq` Prelude.rnf originSslProtocols
+
+instance
+  Data.ToJSON
+    AwsCloudFrontDistributionOriginCustomOriginConfig
+  where
+  toJSON
+    AwsCloudFrontDistributionOriginCustomOriginConfig' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("HttpPort" Data..=) Prelude.<$> httpPort,
+              ("HttpsPort" Data..=) Prelude.<$> httpsPort,
+              ("OriginKeepaliveTimeout" Data..=)
+                Prelude.<$> originKeepaliveTimeout,
+              ("OriginProtocolPolicy" Data..=)
+                Prelude.<$> originProtocolPolicy,
+              ("OriginReadTimeout" Data..=)
+                Prelude.<$> originReadTimeout,
+              ("OriginSslProtocols" Data..=)
+                Prelude.<$> originSslProtocols
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginGroup.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginGroup.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroup where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroupFailover
+
+-- | Information about an origin group for the CloudFront distribution.
+--
+-- /See:/ 'newAwsCloudFrontDistributionOriginGroup' smart constructor.
+data AwsCloudFrontDistributionOriginGroup = AwsCloudFrontDistributionOriginGroup'
+  { -- | Provides the criteria for an origin group to fail over.
+    failoverCriteria :: Prelude.Maybe AwsCloudFrontDistributionOriginGroupFailover
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFrontDistributionOriginGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'failoverCriteria', 'awsCloudFrontDistributionOriginGroup_failoverCriteria' - Provides the criteria for an origin group to fail over.
+newAwsCloudFrontDistributionOriginGroup ::
+  AwsCloudFrontDistributionOriginGroup
+newAwsCloudFrontDistributionOriginGroup =
+  AwsCloudFrontDistributionOriginGroup'
+    { failoverCriteria =
+        Prelude.Nothing
+    }
+
+-- | Provides the criteria for an origin group to fail over.
+awsCloudFrontDistributionOriginGroup_failoverCriteria :: Lens.Lens' AwsCloudFrontDistributionOriginGroup (Prelude.Maybe AwsCloudFrontDistributionOriginGroupFailover)
+awsCloudFrontDistributionOriginGroup_failoverCriteria = Lens.lens (\AwsCloudFrontDistributionOriginGroup' {failoverCriteria} -> failoverCriteria) (\s@AwsCloudFrontDistributionOriginGroup' {} a -> s {failoverCriteria = a} :: AwsCloudFrontDistributionOriginGroup)
+
+instance
+  Data.FromJSON
+    AwsCloudFrontDistributionOriginGroup
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFrontDistributionOriginGroup"
+      ( \x ->
+          AwsCloudFrontDistributionOriginGroup'
+            Prelude.<$> (x Data..:? "FailoverCriteria")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFrontDistributionOriginGroup
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFrontDistributionOriginGroup' {..} =
+      _salt `Prelude.hashWithSalt` failoverCriteria
+
+instance
+  Prelude.NFData
+    AwsCloudFrontDistributionOriginGroup
+  where
+  rnf AwsCloudFrontDistributionOriginGroup' {..} =
+    Prelude.rnf failoverCriteria
+
+instance
+  Data.ToJSON
+    AwsCloudFrontDistributionOriginGroup
+  where
+  toJSON AwsCloudFrontDistributionOriginGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("FailoverCriteria" Data..=)
+              Prelude.<$> failoverCriteria
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginGroupFailover.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginGroupFailover.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginGroupFailover.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroupFailover
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroupFailover where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroupFailoverStatusCodes
+
+-- | Provides information about when an origin group fails over.
+--
+-- /See:/ 'newAwsCloudFrontDistributionOriginGroupFailover' smart constructor.
+data AwsCloudFrontDistributionOriginGroupFailover = AwsCloudFrontDistributionOriginGroupFailover'
+  { -- | Information about the status codes that cause an origin group to fail
+    -- over.
+    statusCodes :: Prelude.Maybe AwsCloudFrontDistributionOriginGroupFailoverStatusCodes
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFrontDistributionOriginGroupFailover' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'statusCodes', 'awsCloudFrontDistributionOriginGroupFailover_statusCodes' - Information about the status codes that cause an origin group to fail
+-- over.
+newAwsCloudFrontDistributionOriginGroupFailover ::
+  AwsCloudFrontDistributionOriginGroupFailover
+newAwsCloudFrontDistributionOriginGroupFailover =
+  AwsCloudFrontDistributionOriginGroupFailover'
+    { statusCodes =
+        Prelude.Nothing
+    }
+
+-- | Information about the status codes that cause an origin group to fail
+-- over.
+awsCloudFrontDistributionOriginGroupFailover_statusCodes :: Lens.Lens' AwsCloudFrontDistributionOriginGroupFailover (Prelude.Maybe AwsCloudFrontDistributionOriginGroupFailoverStatusCodes)
+awsCloudFrontDistributionOriginGroupFailover_statusCodes = Lens.lens (\AwsCloudFrontDistributionOriginGroupFailover' {statusCodes} -> statusCodes) (\s@AwsCloudFrontDistributionOriginGroupFailover' {} a -> s {statusCodes = a} :: AwsCloudFrontDistributionOriginGroupFailover)
+
+instance
+  Data.FromJSON
+    AwsCloudFrontDistributionOriginGroupFailover
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFrontDistributionOriginGroupFailover"
+      ( \x ->
+          AwsCloudFrontDistributionOriginGroupFailover'
+            Prelude.<$> (x Data..:? "StatusCodes")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFrontDistributionOriginGroupFailover
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFrontDistributionOriginGroupFailover' {..} =
+      _salt `Prelude.hashWithSalt` statusCodes
+
+instance
+  Prelude.NFData
+    AwsCloudFrontDistributionOriginGroupFailover
+  where
+  rnf AwsCloudFrontDistributionOriginGroupFailover' {..} =
+    Prelude.rnf statusCodes
+
+instance
+  Data.ToJSON
+    AwsCloudFrontDistributionOriginGroupFailover
+  where
+  toJSON
+    AwsCloudFrontDistributionOriginGroupFailover' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("StatusCodes" Data..=) Prelude.<$> statusCodes]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginGroupFailoverStatusCodes.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginGroupFailoverStatusCodes.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginGroupFailoverStatusCodes.hs
@@ -0,0 +1,114 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroupFailoverStatusCodes
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroupFailoverStatusCodes where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The status codes that cause an origin group to fail over.
+--
+-- /See:/ 'newAwsCloudFrontDistributionOriginGroupFailoverStatusCodes' smart constructor.
+data AwsCloudFrontDistributionOriginGroupFailoverStatusCodes = AwsCloudFrontDistributionOriginGroupFailoverStatusCodes'
+  { -- | The list of status code values that can cause a failover to the next
+    -- origin.
+    items :: Prelude.Maybe [Prelude.Int],
+    -- | The number of status codes that can cause a failover.
+    quantity :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFrontDistributionOriginGroupFailoverStatusCodes' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'items', 'awsCloudFrontDistributionOriginGroupFailoverStatusCodes_items' - The list of status code values that can cause a failover to the next
+-- origin.
+--
+-- 'quantity', 'awsCloudFrontDistributionOriginGroupFailoverStatusCodes_quantity' - The number of status codes that can cause a failover.
+newAwsCloudFrontDistributionOriginGroupFailoverStatusCodes ::
+  AwsCloudFrontDistributionOriginGroupFailoverStatusCodes
+newAwsCloudFrontDistributionOriginGroupFailoverStatusCodes =
+  AwsCloudFrontDistributionOriginGroupFailoverStatusCodes'
+    { items =
+        Prelude.Nothing,
+      quantity =
+        Prelude.Nothing
+    }
+
+-- | The list of status code values that can cause a failover to the next
+-- origin.
+awsCloudFrontDistributionOriginGroupFailoverStatusCodes_items :: Lens.Lens' AwsCloudFrontDistributionOriginGroupFailoverStatusCodes (Prelude.Maybe [Prelude.Int])
+awsCloudFrontDistributionOriginGroupFailoverStatusCodes_items = Lens.lens (\AwsCloudFrontDistributionOriginGroupFailoverStatusCodes' {items} -> items) (\s@AwsCloudFrontDistributionOriginGroupFailoverStatusCodes' {} a -> s {items = a} :: AwsCloudFrontDistributionOriginGroupFailoverStatusCodes) Prelude.. Lens.mapping Lens.coerced
+
+-- | The number of status codes that can cause a failover.
+awsCloudFrontDistributionOriginGroupFailoverStatusCodes_quantity :: Lens.Lens' AwsCloudFrontDistributionOriginGroupFailoverStatusCodes (Prelude.Maybe Prelude.Int)
+awsCloudFrontDistributionOriginGroupFailoverStatusCodes_quantity = Lens.lens (\AwsCloudFrontDistributionOriginGroupFailoverStatusCodes' {quantity} -> quantity) (\s@AwsCloudFrontDistributionOriginGroupFailoverStatusCodes' {} a -> s {quantity = a} :: AwsCloudFrontDistributionOriginGroupFailoverStatusCodes)
+
+instance
+  Data.FromJSON
+    AwsCloudFrontDistributionOriginGroupFailoverStatusCodes
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFrontDistributionOriginGroupFailoverStatusCodes"
+      ( \x ->
+          AwsCloudFrontDistributionOriginGroupFailoverStatusCodes'
+            Prelude.<$> (x Data..:? "Items" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Quantity")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFrontDistributionOriginGroupFailoverStatusCodes
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFrontDistributionOriginGroupFailoverStatusCodes' {..} =
+      _salt
+        `Prelude.hashWithSalt` items
+        `Prelude.hashWithSalt` quantity
+
+instance
+  Prelude.NFData
+    AwsCloudFrontDistributionOriginGroupFailoverStatusCodes
+  where
+  rnf
+    AwsCloudFrontDistributionOriginGroupFailoverStatusCodes' {..} =
+      Prelude.rnf items
+        `Prelude.seq` Prelude.rnf quantity
+
+instance
+  Data.ToJSON
+    AwsCloudFrontDistributionOriginGroupFailoverStatusCodes
+  where
+  toJSON
+    AwsCloudFrontDistributionOriginGroupFailoverStatusCodes' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Items" Data..=) Prelude.<$> items,
+              ("Quantity" Data..=) Prelude.<$> quantity
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginGroups.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginGroups.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginGroups.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroups
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroups where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginGroup
+
+-- | Provides information about origin groups that are associated with the
+-- CloudFront distribution.
+--
+-- /See:/ 'newAwsCloudFrontDistributionOriginGroups' smart constructor.
+data AwsCloudFrontDistributionOriginGroups = AwsCloudFrontDistributionOriginGroups'
+  { -- | The list of origin groups.
+    items :: Prelude.Maybe [AwsCloudFrontDistributionOriginGroup]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFrontDistributionOriginGroups' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'items', 'awsCloudFrontDistributionOriginGroups_items' - The list of origin groups.
+newAwsCloudFrontDistributionOriginGroups ::
+  AwsCloudFrontDistributionOriginGroups
+newAwsCloudFrontDistributionOriginGroups =
+  AwsCloudFrontDistributionOriginGroups'
+    { items =
+        Prelude.Nothing
+    }
+
+-- | The list of origin groups.
+awsCloudFrontDistributionOriginGroups_items :: Lens.Lens' AwsCloudFrontDistributionOriginGroups (Prelude.Maybe [AwsCloudFrontDistributionOriginGroup])
+awsCloudFrontDistributionOriginGroups_items = Lens.lens (\AwsCloudFrontDistributionOriginGroups' {items} -> items) (\s@AwsCloudFrontDistributionOriginGroups' {} a -> s {items = a} :: AwsCloudFrontDistributionOriginGroups) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsCloudFrontDistributionOriginGroups
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFrontDistributionOriginGroups"
+      ( \x ->
+          AwsCloudFrontDistributionOriginGroups'
+            Prelude.<$> (x Data..:? "Items" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFrontDistributionOriginGroups
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFrontDistributionOriginGroups' {..} =
+      _salt `Prelude.hashWithSalt` items
+
+instance
+  Prelude.NFData
+    AwsCloudFrontDistributionOriginGroups
+  where
+  rnf AwsCloudFrontDistributionOriginGroups' {..} =
+    Prelude.rnf items
+
+instance
+  Data.ToJSON
+    AwsCloudFrontDistributionOriginGroups
+  where
+  toJSON AwsCloudFrontDistributionOriginGroups' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Items" Data..=) Prelude.<$> items]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginItem.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginItem.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginItem.hs
@@ -0,0 +1,171 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginItem
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginItem where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginCustomOriginConfig
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginS3OriginConfig
+
+-- | A complex type that describes the Amazon S3 bucket, HTTP server (for
+-- example, a web server), AWS Elemental MediaStore, or other server from
+-- which CloudFront gets your files.
+--
+-- /See:/ 'newAwsCloudFrontDistributionOriginItem' smart constructor.
+data AwsCloudFrontDistributionOriginItem = AwsCloudFrontDistributionOriginItem'
+  { -- | An origin that is not an Amazon S3 bucket, with one exception. If the
+    -- Amazon S3 bucket is configured with static website hosting, use this
+    -- attribute. If the Amazon S3 bucket is not configured with static website
+    -- hosting, use the @S3OriginConfig@ type instead.
+    customOriginConfig :: Prelude.Maybe AwsCloudFrontDistributionOriginCustomOriginConfig,
+    -- | Amazon S3 origins: The DNS name of the S3 bucket from which you want
+    -- CloudFront to get objects for this origin.
+    domainName :: Prelude.Maybe Prelude.Text,
+    -- | A unique identifier for the origin or origin group.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | An optional element that causes CloudFront to request your content from
+    -- a directory in your Amazon S3 bucket or your custom origin.
+    originPath :: Prelude.Maybe Prelude.Text,
+    -- | An origin that is an S3 bucket that is not configured with static
+    -- website hosting.
+    s3OriginConfig :: Prelude.Maybe AwsCloudFrontDistributionOriginS3OriginConfig
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFrontDistributionOriginItem' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customOriginConfig', 'awsCloudFrontDistributionOriginItem_customOriginConfig' - An origin that is not an Amazon S3 bucket, with one exception. If the
+-- Amazon S3 bucket is configured with static website hosting, use this
+-- attribute. If the Amazon S3 bucket is not configured with static website
+-- hosting, use the @S3OriginConfig@ type instead.
+--
+-- 'domainName', 'awsCloudFrontDistributionOriginItem_domainName' - Amazon S3 origins: The DNS name of the S3 bucket from which you want
+-- CloudFront to get objects for this origin.
+--
+-- 'id', 'awsCloudFrontDistributionOriginItem_id' - A unique identifier for the origin or origin group.
+--
+-- 'originPath', 'awsCloudFrontDistributionOriginItem_originPath' - An optional element that causes CloudFront to request your content from
+-- a directory in your Amazon S3 bucket or your custom origin.
+--
+-- 's3OriginConfig', 'awsCloudFrontDistributionOriginItem_s3OriginConfig' - An origin that is an S3 bucket that is not configured with static
+-- website hosting.
+newAwsCloudFrontDistributionOriginItem ::
+  AwsCloudFrontDistributionOriginItem
+newAwsCloudFrontDistributionOriginItem =
+  AwsCloudFrontDistributionOriginItem'
+    { customOriginConfig =
+        Prelude.Nothing,
+      domainName = Prelude.Nothing,
+      id = Prelude.Nothing,
+      originPath = Prelude.Nothing,
+      s3OriginConfig = Prelude.Nothing
+    }
+
+-- | An origin that is not an Amazon S3 bucket, with one exception. If the
+-- Amazon S3 bucket is configured with static website hosting, use this
+-- attribute. If the Amazon S3 bucket is not configured with static website
+-- hosting, use the @S3OriginConfig@ type instead.
+awsCloudFrontDistributionOriginItem_customOriginConfig :: Lens.Lens' AwsCloudFrontDistributionOriginItem (Prelude.Maybe AwsCloudFrontDistributionOriginCustomOriginConfig)
+awsCloudFrontDistributionOriginItem_customOriginConfig = Lens.lens (\AwsCloudFrontDistributionOriginItem' {customOriginConfig} -> customOriginConfig) (\s@AwsCloudFrontDistributionOriginItem' {} a -> s {customOriginConfig = a} :: AwsCloudFrontDistributionOriginItem)
+
+-- | Amazon S3 origins: The DNS name of the S3 bucket from which you want
+-- CloudFront to get objects for this origin.
+awsCloudFrontDistributionOriginItem_domainName :: Lens.Lens' AwsCloudFrontDistributionOriginItem (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionOriginItem_domainName = Lens.lens (\AwsCloudFrontDistributionOriginItem' {domainName} -> domainName) (\s@AwsCloudFrontDistributionOriginItem' {} a -> s {domainName = a} :: AwsCloudFrontDistributionOriginItem)
+
+-- | A unique identifier for the origin or origin group.
+awsCloudFrontDistributionOriginItem_id :: Lens.Lens' AwsCloudFrontDistributionOriginItem (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionOriginItem_id = Lens.lens (\AwsCloudFrontDistributionOriginItem' {id} -> id) (\s@AwsCloudFrontDistributionOriginItem' {} a -> s {id = a} :: AwsCloudFrontDistributionOriginItem)
+
+-- | An optional element that causes CloudFront to request your content from
+-- a directory in your Amazon S3 bucket or your custom origin.
+awsCloudFrontDistributionOriginItem_originPath :: Lens.Lens' AwsCloudFrontDistributionOriginItem (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionOriginItem_originPath = Lens.lens (\AwsCloudFrontDistributionOriginItem' {originPath} -> originPath) (\s@AwsCloudFrontDistributionOriginItem' {} a -> s {originPath = a} :: AwsCloudFrontDistributionOriginItem)
+
+-- | An origin that is an S3 bucket that is not configured with static
+-- website hosting.
+awsCloudFrontDistributionOriginItem_s3OriginConfig :: Lens.Lens' AwsCloudFrontDistributionOriginItem (Prelude.Maybe AwsCloudFrontDistributionOriginS3OriginConfig)
+awsCloudFrontDistributionOriginItem_s3OriginConfig = Lens.lens (\AwsCloudFrontDistributionOriginItem' {s3OriginConfig} -> s3OriginConfig) (\s@AwsCloudFrontDistributionOriginItem' {} a -> s {s3OriginConfig = a} :: AwsCloudFrontDistributionOriginItem)
+
+instance
+  Data.FromJSON
+    AwsCloudFrontDistributionOriginItem
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFrontDistributionOriginItem"
+      ( \x ->
+          AwsCloudFrontDistributionOriginItem'
+            Prelude.<$> (x Data..:? "CustomOriginConfig")
+            Prelude.<*> (x Data..:? "DomainName")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "OriginPath")
+            Prelude.<*> (x Data..:? "S3OriginConfig")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFrontDistributionOriginItem
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFrontDistributionOriginItem' {..} =
+      _salt
+        `Prelude.hashWithSalt` customOriginConfig
+        `Prelude.hashWithSalt` domainName
+        `Prelude.hashWithSalt` id
+        `Prelude.hashWithSalt` originPath
+        `Prelude.hashWithSalt` s3OriginConfig
+
+instance
+  Prelude.NFData
+    AwsCloudFrontDistributionOriginItem
+  where
+  rnf AwsCloudFrontDistributionOriginItem' {..} =
+    Prelude.rnf customOriginConfig
+      `Prelude.seq` Prelude.rnf domainName
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf originPath
+      `Prelude.seq` Prelude.rnf s3OriginConfig
+
+instance
+  Data.ToJSON
+    AwsCloudFrontDistributionOriginItem
+  where
+  toJSON AwsCloudFrontDistributionOriginItem' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustomOriginConfig" Data..=)
+              Prelude.<$> customOriginConfig,
+            ("DomainName" Data..=) Prelude.<$> domainName,
+            ("Id" Data..=) Prelude.<$> id,
+            ("OriginPath" Data..=) Prelude.<$> originPath,
+            ("S3OriginConfig" Data..=)
+              Prelude.<$> s3OriginConfig
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginS3OriginConfig.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginS3OriginConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginS3OriginConfig.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginS3OriginConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginS3OriginConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about an origin that is an Amazon S3 bucket that is not
+-- configured with static website hosting.
+--
+-- /See:/ 'newAwsCloudFrontDistributionOriginS3OriginConfig' smart constructor.
+data AwsCloudFrontDistributionOriginS3OriginConfig = AwsCloudFrontDistributionOriginS3OriginConfig'
+  { -- | The CloudFront origin access identity to associate with the origin.
+    originAccessIdentity :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFrontDistributionOriginS3OriginConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'originAccessIdentity', 'awsCloudFrontDistributionOriginS3OriginConfig_originAccessIdentity' - The CloudFront origin access identity to associate with the origin.
+newAwsCloudFrontDistributionOriginS3OriginConfig ::
+  AwsCloudFrontDistributionOriginS3OriginConfig
+newAwsCloudFrontDistributionOriginS3OriginConfig =
+  AwsCloudFrontDistributionOriginS3OriginConfig'
+    { originAccessIdentity =
+        Prelude.Nothing
+    }
+
+-- | The CloudFront origin access identity to associate with the origin.
+awsCloudFrontDistributionOriginS3OriginConfig_originAccessIdentity :: Lens.Lens' AwsCloudFrontDistributionOriginS3OriginConfig (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionOriginS3OriginConfig_originAccessIdentity = Lens.lens (\AwsCloudFrontDistributionOriginS3OriginConfig' {originAccessIdentity} -> originAccessIdentity) (\s@AwsCloudFrontDistributionOriginS3OriginConfig' {} a -> s {originAccessIdentity = a} :: AwsCloudFrontDistributionOriginS3OriginConfig)
+
+instance
+  Data.FromJSON
+    AwsCloudFrontDistributionOriginS3OriginConfig
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFrontDistributionOriginS3OriginConfig"
+      ( \x ->
+          AwsCloudFrontDistributionOriginS3OriginConfig'
+            Prelude.<$> (x Data..:? "OriginAccessIdentity")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFrontDistributionOriginS3OriginConfig
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFrontDistributionOriginS3OriginConfig' {..} =
+      _salt `Prelude.hashWithSalt` originAccessIdentity
+
+instance
+  Prelude.NFData
+    AwsCloudFrontDistributionOriginS3OriginConfig
+  where
+  rnf
+    AwsCloudFrontDistributionOriginS3OriginConfig' {..} =
+      Prelude.rnf originAccessIdentity
+
+instance
+  Data.ToJSON
+    AwsCloudFrontDistributionOriginS3OriginConfig
+  where
+  toJSON
+    AwsCloudFrontDistributionOriginS3OriginConfig' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("OriginAccessIdentity" Data..=)
+                Prelude.<$> originAccessIdentity
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginSslProtocols.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginSslProtocols.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOriginSslProtocols.hs
@@ -0,0 +1,114 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginSslProtocols
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginSslProtocols where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A complex type that contains information about the SSL\/TLS protocols
+-- that CloudFront can use when establishing an HTTPS connection with your
+-- origin.
+--
+-- /See:/ 'newAwsCloudFrontDistributionOriginSslProtocols' smart constructor.
+data AwsCloudFrontDistributionOriginSslProtocols = AwsCloudFrontDistributionOriginSslProtocols'
+  { -- | A list that contains allowed SSL\/TLS protocols for this distribution.
+    items :: Prelude.Maybe [Prelude.Text],
+    -- | The number of SSL\/TLS protocols that you want to allow CloudFront to
+    -- use when establishing an HTTPS connection with this origin.
+    quantity :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFrontDistributionOriginSslProtocols' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'items', 'awsCloudFrontDistributionOriginSslProtocols_items' - A list that contains allowed SSL\/TLS protocols for this distribution.
+--
+-- 'quantity', 'awsCloudFrontDistributionOriginSslProtocols_quantity' - The number of SSL\/TLS protocols that you want to allow CloudFront to
+-- use when establishing an HTTPS connection with this origin.
+newAwsCloudFrontDistributionOriginSslProtocols ::
+  AwsCloudFrontDistributionOriginSslProtocols
+newAwsCloudFrontDistributionOriginSslProtocols =
+  AwsCloudFrontDistributionOriginSslProtocols'
+    { items =
+        Prelude.Nothing,
+      quantity = Prelude.Nothing
+    }
+
+-- | A list that contains allowed SSL\/TLS protocols for this distribution.
+awsCloudFrontDistributionOriginSslProtocols_items :: Lens.Lens' AwsCloudFrontDistributionOriginSslProtocols (Prelude.Maybe [Prelude.Text])
+awsCloudFrontDistributionOriginSslProtocols_items = Lens.lens (\AwsCloudFrontDistributionOriginSslProtocols' {items} -> items) (\s@AwsCloudFrontDistributionOriginSslProtocols' {} a -> s {items = a} :: AwsCloudFrontDistributionOriginSslProtocols) Prelude.. Lens.mapping Lens.coerced
+
+-- | The number of SSL\/TLS protocols that you want to allow CloudFront to
+-- use when establishing an HTTPS connection with this origin.
+awsCloudFrontDistributionOriginSslProtocols_quantity :: Lens.Lens' AwsCloudFrontDistributionOriginSslProtocols (Prelude.Maybe Prelude.Int)
+awsCloudFrontDistributionOriginSslProtocols_quantity = Lens.lens (\AwsCloudFrontDistributionOriginSslProtocols' {quantity} -> quantity) (\s@AwsCloudFrontDistributionOriginSslProtocols' {} a -> s {quantity = a} :: AwsCloudFrontDistributionOriginSslProtocols)
+
+instance
+  Data.FromJSON
+    AwsCloudFrontDistributionOriginSslProtocols
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFrontDistributionOriginSslProtocols"
+      ( \x ->
+          AwsCloudFrontDistributionOriginSslProtocols'
+            Prelude.<$> (x Data..:? "Items" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Quantity")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFrontDistributionOriginSslProtocols
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFrontDistributionOriginSslProtocols' {..} =
+      _salt
+        `Prelude.hashWithSalt` items
+        `Prelude.hashWithSalt` quantity
+
+instance
+  Prelude.NFData
+    AwsCloudFrontDistributionOriginSslProtocols
+  where
+  rnf AwsCloudFrontDistributionOriginSslProtocols' {..} =
+    Prelude.rnf items
+      `Prelude.seq` Prelude.rnf quantity
+
+instance
+  Data.ToJSON
+    AwsCloudFrontDistributionOriginSslProtocols
+  where
+  toJSON
+    AwsCloudFrontDistributionOriginSslProtocols' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Items" Data..=) Prelude.<$> items,
+              ("Quantity" Data..=) Prelude.<$> quantity
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOrigins.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOrigins.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionOrigins.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOrigins
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOrigins where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionOriginItem
+
+-- | A complex type that contains information about origins and origin groups
+-- for this CloudFront distribution.
+--
+-- /See:/ 'newAwsCloudFrontDistributionOrigins' smart constructor.
+data AwsCloudFrontDistributionOrigins = AwsCloudFrontDistributionOrigins'
+  { -- | A complex type that contains origins or origin groups for this
+    -- distribution.
+    items :: Prelude.Maybe [AwsCloudFrontDistributionOriginItem]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFrontDistributionOrigins' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'items', 'awsCloudFrontDistributionOrigins_items' - A complex type that contains origins or origin groups for this
+-- distribution.
+newAwsCloudFrontDistributionOrigins ::
+  AwsCloudFrontDistributionOrigins
+newAwsCloudFrontDistributionOrigins =
+  AwsCloudFrontDistributionOrigins'
+    { items =
+        Prelude.Nothing
+    }
+
+-- | A complex type that contains origins or origin groups for this
+-- distribution.
+awsCloudFrontDistributionOrigins_items :: Lens.Lens' AwsCloudFrontDistributionOrigins (Prelude.Maybe [AwsCloudFrontDistributionOriginItem])
+awsCloudFrontDistributionOrigins_items = Lens.lens (\AwsCloudFrontDistributionOrigins' {items} -> items) (\s@AwsCloudFrontDistributionOrigins' {} a -> s {items = a} :: AwsCloudFrontDistributionOrigins) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsCloudFrontDistributionOrigins
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFrontDistributionOrigins"
+      ( \x ->
+          AwsCloudFrontDistributionOrigins'
+            Prelude.<$> (x Data..:? "Items" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFrontDistributionOrigins
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFrontDistributionOrigins' {..} =
+      _salt `Prelude.hashWithSalt` items
+
+instance
+  Prelude.NFData
+    AwsCloudFrontDistributionOrigins
+  where
+  rnf AwsCloudFrontDistributionOrigins' {..} =
+    Prelude.rnf items
+
+instance Data.ToJSON AwsCloudFrontDistributionOrigins where
+  toJSON AwsCloudFrontDistributionOrigins' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Items" Data..=) Prelude.<$> items]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionViewerCertificate.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionViewerCertificate.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudFrontDistributionViewerCertificate.hs
@@ -0,0 +1,216 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudFrontDistributionViewerCertificate
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudFrontDistributionViewerCertificate where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about the TLS\/SSL configuration that the
+-- CloudFront distribution uses to communicate with viewers.
+--
+-- /See:/ 'newAwsCloudFrontDistributionViewerCertificate' smart constructor.
+data AwsCloudFrontDistributionViewerCertificate = AwsCloudFrontDistributionViewerCertificate'
+  { -- | The ARN of the ACM certificate. Used if the certificate is stored in
+    -- ACM. If you provide an ACM certificate ARN, you must also provide
+    -- @MinimumCertificateVersion@ and @SslSupportMethod@.
+    acmCertificateArn :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the certificate. Note that in CloudFront, this
+    -- attribute is deprecated.
+    certificate :: Prelude.Maybe Prelude.Text,
+    -- | The source of the certificate identified by @Certificate@. Note that in
+    -- CloudFront, this attribute is deprecated.
+    certificateSource :: Prelude.Maybe Prelude.Text,
+    -- | Whether the distribution uses the CloudFront domain name. If set to
+    -- @false@, then you provide either @AcmCertificateArn@ or
+    -- @IamCertificateId@.
+    cloudFrontDefaultCertificate :: Prelude.Maybe Prelude.Bool,
+    -- | The identifier of the IAM certificate. Used if the certificate is stored
+    -- in IAM. If you provide @IamCertificateId@, then you also must provide
+    -- @MinimumProtocolVersion@ and @SslSupportMethod@.
+    iamCertificateId :: Prelude.Maybe Prelude.Text,
+    -- | The security policy that CloudFront uses for HTTPS connections with
+    -- viewers. If @SslSupportMethod@ is @sni-only@, then
+    -- @MinimumProtocolVersion@ must be @TLSv1@ or higher.
+    minimumProtocolVersion :: Prelude.Maybe Prelude.Text,
+    -- | The viewers that the distribution accepts HTTPS connections from.
+    sslSupportMethod :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudFrontDistributionViewerCertificate' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'acmCertificateArn', 'awsCloudFrontDistributionViewerCertificate_acmCertificateArn' - The ARN of the ACM certificate. Used if the certificate is stored in
+-- ACM. If you provide an ACM certificate ARN, you must also provide
+-- @MinimumCertificateVersion@ and @SslSupportMethod@.
+--
+-- 'certificate', 'awsCloudFrontDistributionViewerCertificate_certificate' - The identifier of the certificate. Note that in CloudFront, this
+-- attribute is deprecated.
+--
+-- 'certificateSource', 'awsCloudFrontDistributionViewerCertificate_certificateSource' - The source of the certificate identified by @Certificate@. Note that in
+-- CloudFront, this attribute is deprecated.
+--
+-- 'cloudFrontDefaultCertificate', 'awsCloudFrontDistributionViewerCertificate_cloudFrontDefaultCertificate' - Whether the distribution uses the CloudFront domain name. If set to
+-- @false@, then you provide either @AcmCertificateArn@ or
+-- @IamCertificateId@.
+--
+-- 'iamCertificateId', 'awsCloudFrontDistributionViewerCertificate_iamCertificateId' - The identifier of the IAM certificate. Used if the certificate is stored
+-- in IAM. If you provide @IamCertificateId@, then you also must provide
+-- @MinimumProtocolVersion@ and @SslSupportMethod@.
+--
+-- 'minimumProtocolVersion', 'awsCloudFrontDistributionViewerCertificate_minimumProtocolVersion' - The security policy that CloudFront uses for HTTPS connections with
+-- viewers. If @SslSupportMethod@ is @sni-only@, then
+-- @MinimumProtocolVersion@ must be @TLSv1@ or higher.
+--
+-- 'sslSupportMethod', 'awsCloudFrontDistributionViewerCertificate_sslSupportMethod' - The viewers that the distribution accepts HTTPS connections from.
+newAwsCloudFrontDistributionViewerCertificate ::
+  AwsCloudFrontDistributionViewerCertificate
+newAwsCloudFrontDistributionViewerCertificate =
+  AwsCloudFrontDistributionViewerCertificate'
+    { acmCertificateArn =
+        Prelude.Nothing,
+      certificate = Prelude.Nothing,
+      certificateSource =
+        Prelude.Nothing,
+      cloudFrontDefaultCertificate =
+        Prelude.Nothing,
+      iamCertificateId =
+        Prelude.Nothing,
+      minimumProtocolVersion =
+        Prelude.Nothing,
+      sslSupportMethod =
+        Prelude.Nothing
+    }
+
+-- | The ARN of the ACM certificate. Used if the certificate is stored in
+-- ACM. If you provide an ACM certificate ARN, you must also provide
+-- @MinimumCertificateVersion@ and @SslSupportMethod@.
+awsCloudFrontDistributionViewerCertificate_acmCertificateArn :: Lens.Lens' AwsCloudFrontDistributionViewerCertificate (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionViewerCertificate_acmCertificateArn = Lens.lens (\AwsCloudFrontDistributionViewerCertificate' {acmCertificateArn} -> acmCertificateArn) (\s@AwsCloudFrontDistributionViewerCertificate' {} a -> s {acmCertificateArn = a} :: AwsCloudFrontDistributionViewerCertificate)
+
+-- | The identifier of the certificate. Note that in CloudFront, this
+-- attribute is deprecated.
+awsCloudFrontDistributionViewerCertificate_certificate :: Lens.Lens' AwsCloudFrontDistributionViewerCertificate (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionViewerCertificate_certificate = Lens.lens (\AwsCloudFrontDistributionViewerCertificate' {certificate} -> certificate) (\s@AwsCloudFrontDistributionViewerCertificate' {} a -> s {certificate = a} :: AwsCloudFrontDistributionViewerCertificate)
+
+-- | The source of the certificate identified by @Certificate@. Note that in
+-- CloudFront, this attribute is deprecated.
+awsCloudFrontDistributionViewerCertificate_certificateSource :: Lens.Lens' AwsCloudFrontDistributionViewerCertificate (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionViewerCertificate_certificateSource = Lens.lens (\AwsCloudFrontDistributionViewerCertificate' {certificateSource} -> certificateSource) (\s@AwsCloudFrontDistributionViewerCertificate' {} a -> s {certificateSource = a} :: AwsCloudFrontDistributionViewerCertificate)
+
+-- | Whether the distribution uses the CloudFront domain name. If set to
+-- @false@, then you provide either @AcmCertificateArn@ or
+-- @IamCertificateId@.
+awsCloudFrontDistributionViewerCertificate_cloudFrontDefaultCertificate :: Lens.Lens' AwsCloudFrontDistributionViewerCertificate (Prelude.Maybe Prelude.Bool)
+awsCloudFrontDistributionViewerCertificate_cloudFrontDefaultCertificate = Lens.lens (\AwsCloudFrontDistributionViewerCertificate' {cloudFrontDefaultCertificate} -> cloudFrontDefaultCertificate) (\s@AwsCloudFrontDistributionViewerCertificate' {} a -> s {cloudFrontDefaultCertificate = a} :: AwsCloudFrontDistributionViewerCertificate)
+
+-- | The identifier of the IAM certificate. Used if the certificate is stored
+-- in IAM. If you provide @IamCertificateId@, then you also must provide
+-- @MinimumProtocolVersion@ and @SslSupportMethod@.
+awsCloudFrontDistributionViewerCertificate_iamCertificateId :: Lens.Lens' AwsCloudFrontDistributionViewerCertificate (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionViewerCertificate_iamCertificateId = Lens.lens (\AwsCloudFrontDistributionViewerCertificate' {iamCertificateId} -> iamCertificateId) (\s@AwsCloudFrontDistributionViewerCertificate' {} a -> s {iamCertificateId = a} :: AwsCloudFrontDistributionViewerCertificate)
+
+-- | The security policy that CloudFront uses for HTTPS connections with
+-- viewers. If @SslSupportMethod@ is @sni-only@, then
+-- @MinimumProtocolVersion@ must be @TLSv1@ or higher.
+awsCloudFrontDistributionViewerCertificate_minimumProtocolVersion :: Lens.Lens' AwsCloudFrontDistributionViewerCertificate (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionViewerCertificate_minimumProtocolVersion = Lens.lens (\AwsCloudFrontDistributionViewerCertificate' {minimumProtocolVersion} -> minimumProtocolVersion) (\s@AwsCloudFrontDistributionViewerCertificate' {} a -> s {minimumProtocolVersion = a} :: AwsCloudFrontDistributionViewerCertificate)
+
+-- | The viewers that the distribution accepts HTTPS connections from.
+awsCloudFrontDistributionViewerCertificate_sslSupportMethod :: Lens.Lens' AwsCloudFrontDistributionViewerCertificate (Prelude.Maybe Prelude.Text)
+awsCloudFrontDistributionViewerCertificate_sslSupportMethod = Lens.lens (\AwsCloudFrontDistributionViewerCertificate' {sslSupportMethod} -> sslSupportMethod) (\s@AwsCloudFrontDistributionViewerCertificate' {} a -> s {sslSupportMethod = a} :: AwsCloudFrontDistributionViewerCertificate)
+
+instance
+  Data.FromJSON
+    AwsCloudFrontDistributionViewerCertificate
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudFrontDistributionViewerCertificate"
+      ( \x ->
+          AwsCloudFrontDistributionViewerCertificate'
+            Prelude.<$> (x Data..:? "AcmCertificateArn")
+            Prelude.<*> (x Data..:? "Certificate")
+            Prelude.<*> (x Data..:? "CertificateSource")
+            Prelude.<*> (x Data..:? "CloudFrontDefaultCertificate")
+            Prelude.<*> (x Data..:? "IamCertificateId")
+            Prelude.<*> (x Data..:? "MinimumProtocolVersion")
+            Prelude.<*> (x Data..:? "SslSupportMethod")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudFrontDistributionViewerCertificate
+  where
+  hashWithSalt
+    _salt
+    AwsCloudFrontDistributionViewerCertificate' {..} =
+      _salt
+        `Prelude.hashWithSalt` acmCertificateArn
+        `Prelude.hashWithSalt` certificate
+        `Prelude.hashWithSalt` certificateSource
+        `Prelude.hashWithSalt` cloudFrontDefaultCertificate
+        `Prelude.hashWithSalt` iamCertificateId
+        `Prelude.hashWithSalt` minimumProtocolVersion
+        `Prelude.hashWithSalt` sslSupportMethod
+
+instance
+  Prelude.NFData
+    AwsCloudFrontDistributionViewerCertificate
+  where
+  rnf AwsCloudFrontDistributionViewerCertificate' {..} =
+    Prelude.rnf acmCertificateArn
+      `Prelude.seq` Prelude.rnf certificate
+      `Prelude.seq` Prelude.rnf certificateSource
+      `Prelude.seq` Prelude.rnf cloudFrontDefaultCertificate
+      `Prelude.seq` Prelude.rnf iamCertificateId
+      `Prelude.seq` Prelude.rnf minimumProtocolVersion
+      `Prelude.seq` Prelude.rnf sslSupportMethod
+
+instance
+  Data.ToJSON
+    AwsCloudFrontDistributionViewerCertificate
+  where
+  toJSON
+    AwsCloudFrontDistributionViewerCertificate' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AcmCertificateArn" Data..=)
+                Prelude.<$> acmCertificateArn,
+              ("Certificate" Data..=) Prelude.<$> certificate,
+              ("CertificateSource" Data..=)
+                Prelude.<$> certificateSource,
+              ("CloudFrontDefaultCertificate" Data..=)
+                Prelude.<$> cloudFrontDefaultCertificate,
+              ("IamCertificateId" Data..=)
+                Prelude.<$> iamCertificateId,
+              ("MinimumProtocolVersion" Data..=)
+                Prelude.<$> minimumProtocolVersion,
+              ("SslSupportMethod" Data..=)
+                Prelude.<$> sslSupportMethod
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudTrailTrailDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudTrailTrailDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudTrailTrailDetails.hs
@@ -0,0 +1,291 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudTrailTrailDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudTrailTrailDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about a CloudTrail trail.
+--
+-- /See:/ 'newAwsCloudTrailTrailDetails' smart constructor.
+data AwsCloudTrailTrailDetails = AwsCloudTrailTrailDetails'
+  { -- | The ARN of the log group that CloudTrail logs are delivered to.
+    cloudWatchLogsLogGroupArn :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the role that the CloudWatch Events endpoint assumes when it
+    -- writes to the log group.
+    cloudWatchLogsRoleArn :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether the trail has custom event selectors.
+    hasCustomEventSelectors :: Prelude.Maybe Prelude.Bool,
+    -- | The Region where the trail was created.
+    homeRegion :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether the trail publishes events from global services such
+    -- as IAM to the log files.
+    includeGlobalServiceEvents :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates whether the trail applies only to the current Region or to all
+    -- Regions.
+    isMultiRegionTrail :: Prelude.Maybe Prelude.Bool,
+    -- | Whether the trail is created for all accounts in an organization in
+    -- Organizations, or only for the current Amazon Web Services account.
+    isOrganizationTrail :: Prelude.Maybe Prelude.Bool,
+    -- | The KMS key ID to use to encrypt the logs.
+    kmsKeyId :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether CloudTrail log file validation is enabled.
+    logFileValidationEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | The name of the trail.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The name of the S3 bucket where the log files are published.
+    s3BucketName :: Prelude.Maybe Prelude.Text,
+    -- | The S3 key prefix. The key prefix is added after the name of the S3
+    -- bucket where the log files are published.
+    s3KeyPrefix :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the SNS topic that is used for notifications of log file
+    -- delivery.
+    snsTopicArn :: Prelude.Maybe Prelude.Text,
+    -- | The name of the SNS topic that is used for notifications of log file
+    -- delivery.
+    snsTopicName :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the trail.
+    trailArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudTrailTrailDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cloudWatchLogsLogGroupArn', 'awsCloudTrailTrailDetails_cloudWatchLogsLogGroupArn' - The ARN of the log group that CloudTrail logs are delivered to.
+--
+-- 'cloudWatchLogsRoleArn', 'awsCloudTrailTrailDetails_cloudWatchLogsRoleArn' - The ARN of the role that the CloudWatch Events endpoint assumes when it
+-- writes to the log group.
+--
+-- 'hasCustomEventSelectors', 'awsCloudTrailTrailDetails_hasCustomEventSelectors' - Indicates whether the trail has custom event selectors.
+--
+-- 'homeRegion', 'awsCloudTrailTrailDetails_homeRegion' - The Region where the trail was created.
+--
+-- 'includeGlobalServiceEvents', 'awsCloudTrailTrailDetails_includeGlobalServiceEvents' - Indicates whether the trail publishes events from global services such
+-- as IAM to the log files.
+--
+-- 'isMultiRegionTrail', 'awsCloudTrailTrailDetails_isMultiRegionTrail' - Indicates whether the trail applies only to the current Region or to all
+-- Regions.
+--
+-- 'isOrganizationTrail', 'awsCloudTrailTrailDetails_isOrganizationTrail' - Whether the trail is created for all accounts in an organization in
+-- Organizations, or only for the current Amazon Web Services account.
+--
+-- 'kmsKeyId', 'awsCloudTrailTrailDetails_kmsKeyId' - The KMS key ID to use to encrypt the logs.
+--
+-- 'logFileValidationEnabled', 'awsCloudTrailTrailDetails_logFileValidationEnabled' - Indicates whether CloudTrail log file validation is enabled.
+--
+-- 'name', 'awsCloudTrailTrailDetails_name' - The name of the trail.
+--
+-- 's3BucketName', 'awsCloudTrailTrailDetails_s3BucketName' - The name of the S3 bucket where the log files are published.
+--
+-- 's3KeyPrefix', 'awsCloudTrailTrailDetails_s3KeyPrefix' - The S3 key prefix. The key prefix is added after the name of the S3
+-- bucket where the log files are published.
+--
+-- 'snsTopicArn', 'awsCloudTrailTrailDetails_snsTopicArn' - The ARN of the SNS topic that is used for notifications of log file
+-- delivery.
+--
+-- 'snsTopicName', 'awsCloudTrailTrailDetails_snsTopicName' - The name of the SNS topic that is used for notifications of log file
+-- delivery.
+--
+-- 'trailArn', 'awsCloudTrailTrailDetails_trailArn' - The ARN of the trail.
+newAwsCloudTrailTrailDetails ::
+  AwsCloudTrailTrailDetails
+newAwsCloudTrailTrailDetails =
+  AwsCloudTrailTrailDetails'
+    { cloudWatchLogsLogGroupArn =
+        Prelude.Nothing,
+      cloudWatchLogsRoleArn = Prelude.Nothing,
+      hasCustomEventSelectors = Prelude.Nothing,
+      homeRegion = Prelude.Nothing,
+      includeGlobalServiceEvents = Prelude.Nothing,
+      isMultiRegionTrail = Prelude.Nothing,
+      isOrganizationTrail = Prelude.Nothing,
+      kmsKeyId = Prelude.Nothing,
+      logFileValidationEnabled = Prelude.Nothing,
+      name = Prelude.Nothing,
+      s3BucketName = Prelude.Nothing,
+      s3KeyPrefix = Prelude.Nothing,
+      snsTopicArn = Prelude.Nothing,
+      snsTopicName = Prelude.Nothing,
+      trailArn = Prelude.Nothing
+    }
+
+-- | The ARN of the log group that CloudTrail logs are delivered to.
+awsCloudTrailTrailDetails_cloudWatchLogsLogGroupArn :: Lens.Lens' AwsCloudTrailTrailDetails (Prelude.Maybe Prelude.Text)
+awsCloudTrailTrailDetails_cloudWatchLogsLogGroupArn = Lens.lens (\AwsCloudTrailTrailDetails' {cloudWatchLogsLogGroupArn} -> cloudWatchLogsLogGroupArn) (\s@AwsCloudTrailTrailDetails' {} a -> s {cloudWatchLogsLogGroupArn = a} :: AwsCloudTrailTrailDetails)
+
+-- | The ARN of the role that the CloudWatch Events endpoint assumes when it
+-- writes to the log group.
+awsCloudTrailTrailDetails_cloudWatchLogsRoleArn :: Lens.Lens' AwsCloudTrailTrailDetails (Prelude.Maybe Prelude.Text)
+awsCloudTrailTrailDetails_cloudWatchLogsRoleArn = Lens.lens (\AwsCloudTrailTrailDetails' {cloudWatchLogsRoleArn} -> cloudWatchLogsRoleArn) (\s@AwsCloudTrailTrailDetails' {} a -> s {cloudWatchLogsRoleArn = a} :: AwsCloudTrailTrailDetails)
+
+-- | Indicates whether the trail has custom event selectors.
+awsCloudTrailTrailDetails_hasCustomEventSelectors :: Lens.Lens' AwsCloudTrailTrailDetails (Prelude.Maybe Prelude.Bool)
+awsCloudTrailTrailDetails_hasCustomEventSelectors = Lens.lens (\AwsCloudTrailTrailDetails' {hasCustomEventSelectors} -> hasCustomEventSelectors) (\s@AwsCloudTrailTrailDetails' {} a -> s {hasCustomEventSelectors = a} :: AwsCloudTrailTrailDetails)
+
+-- | The Region where the trail was created.
+awsCloudTrailTrailDetails_homeRegion :: Lens.Lens' AwsCloudTrailTrailDetails (Prelude.Maybe Prelude.Text)
+awsCloudTrailTrailDetails_homeRegion = Lens.lens (\AwsCloudTrailTrailDetails' {homeRegion} -> homeRegion) (\s@AwsCloudTrailTrailDetails' {} a -> s {homeRegion = a} :: AwsCloudTrailTrailDetails)
+
+-- | Indicates whether the trail publishes events from global services such
+-- as IAM to the log files.
+awsCloudTrailTrailDetails_includeGlobalServiceEvents :: Lens.Lens' AwsCloudTrailTrailDetails (Prelude.Maybe Prelude.Bool)
+awsCloudTrailTrailDetails_includeGlobalServiceEvents = Lens.lens (\AwsCloudTrailTrailDetails' {includeGlobalServiceEvents} -> includeGlobalServiceEvents) (\s@AwsCloudTrailTrailDetails' {} a -> s {includeGlobalServiceEvents = a} :: AwsCloudTrailTrailDetails)
+
+-- | Indicates whether the trail applies only to the current Region or to all
+-- Regions.
+awsCloudTrailTrailDetails_isMultiRegionTrail :: Lens.Lens' AwsCloudTrailTrailDetails (Prelude.Maybe Prelude.Bool)
+awsCloudTrailTrailDetails_isMultiRegionTrail = Lens.lens (\AwsCloudTrailTrailDetails' {isMultiRegionTrail} -> isMultiRegionTrail) (\s@AwsCloudTrailTrailDetails' {} a -> s {isMultiRegionTrail = a} :: AwsCloudTrailTrailDetails)
+
+-- | Whether the trail is created for all accounts in an organization in
+-- Organizations, or only for the current Amazon Web Services account.
+awsCloudTrailTrailDetails_isOrganizationTrail :: Lens.Lens' AwsCloudTrailTrailDetails (Prelude.Maybe Prelude.Bool)
+awsCloudTrailTrailDetails_isOrganizationTrail = Lens.lens (\AwsCloudTrailTrailDetails' {isOrganizationTrail} -> isOrganizationTrail) (\s@AwsCloudTrailTrailDetails' {} a -> s {isOrganizationTrail = a} :: AwsCloudTrailTrailDetails)
+
+-- | The KMS key ID to use to encrypt the logs.
+awsCloudTrailTrailDetails_kmsKeyId :: Lens.Lens' AwsCloudTrailTrailDetails (Prelude.Maybe Prelude.Text)
+awsCloudTrailTrailDetails_kmsKeyId = Lens.lens (\AwsCloudTrailTrailDetails' {kmsKeyId} -> kmsKeyId) (\s@AwsCloudTrailTrailDetails' {} a -> s {kmsKeyId = a} :: AwsCloudTrailTrailDetails)
+
+-- | Indicates whether CloudTrail log file validation is enabled.
+awsCloudTrailTrailDetails_logFileValidationEnabled :: Lens.Lens' AwsCloudTrailTrailDetails (Prelude.Maybe Prelude.Bool)
+awsCloudTrailTrailDetails_logFileValidationEnabled = Lens.lens (\AwsCloudTrailTrailDetails' {logFileValidationEnabled} -> logFileValidationEnabled) (\s@AwsCloudTrailTrailDetails' {} a -> s {logFileValidationEnabled = a} :: AwsCloudTrailTrailDetails)
+
+-- | The name of the trail.
+awsCloudTrailTrailDetails_name :: Lens.Lens' AwsCloudTrailTrailDetails (Prelude.Maybe Prelude.Text)
+awsCloudTrailTrailDetails_name = Lens.lens (\AwsCloudTrailTrailDetails' {name} -> name) (\s@AwsCloudTrailTrailDetails' {} a -> s {name = a} :: AwsCloudTrailTrailDetails)
+
+-- | The name of the S3 bucket where the log files are published.
+awsCloudTrailTrailDetails_s3BucketName :: Lens.Lens' AwsCloudTrailTrailDetails (Prelude.Maybe Prelude.Text)
+awsCloudTrailTrailDetails_s3BucketName = Lens.lens (\AwsCloudTrailTrailDetails' {s3BucketName} -> s3BucketName) (\s@AwsCloudTrailTrailDetails' {} a -> s {s3BucketName = a} :: AwsCloudTrailTrailDetails)
+
+-- | The S3 key prefix. The key prefix is added after the name of the S3
+-- bucket where the log files are published.
+awsCloudTrailTrailDetails_s3KeyPrefix :: Lens.Lens' AwsCloudTrailTrailDetails (Prelude.Maybe Prelude.Text)
+awsCloudTrailTrailDetails_s3KeyPrefix = Lens.lens (\AwsCloudTrailTrailDetails' {s3KeyPrefix} -> s3KeyPrefix) (\s@AwsCloudTrailTrailDetails' {} a -> s {s3KeyPrefix = a} :: AwsCloudTrailTrailDetails)
+
+-- | The ARN of the SNS topic that is used for notifications of log file
+-- delivery.
+awsCloudTrailTrailDetails_snsTopicArn :: Lens.Lens' AwsCloudTrailTrailDetails (Prelude.Maybe Prelude.Text)
+awsCloudTrailTrailDetails_snsTopicArn = Lens.lens (\AwsCloudTrailTrailDetails' {snsTopicArn} -> snsTopicArn) (\s@AwsCloudTrailTrailDetails' {} a -> s {snsTopicArn = a} :: AwsCloudTrailTrailDetails)
+
+-- | The name of the SNS topic that is used for notifications of log file
+-- delivery.
+awsCloudTrailTrailDetails_snsTopicName :: Lens.Lens' AwsCloudTrailTrailDetails (Prelude.Maybe Prelude.Text)
+awsCloudTrailTrailDetails_snsTopicName = Lens.lens (\AwsCloudTrailTrailDetails' {snsTopicName} -> snsTopicName) (\s@AwsCloudTrailTrailDetails' {} a -> s {snsTopicName = a} :: AwsCloudTrailTrailDetails)
+
+-- | The ARN of the trail.
+awsCloudTrailTrailDetails_trailArn :: Lens.Lens' AwsCloudTrailTrailDetails (Prelude.Maybe Prelude.Text)
+awsCloudTrailTrailDetails_trailArn = Lens.lens (\AwsCloudTrailTrailDetails' {trailArn} -> trailArn) (\s@AwsCloudTrailTrailDetails' {} a -> s {trailArn = a} :: AwsCloudTrailTrailDetails)
+
+instance Data.FromJSON AwsCloudTrailTrailDetails where
+  parseJSON =
+    Data.withObject
+      "AwsCloudTrailTrailDetails"
+      ( \x ->
+          AwsCloudTrailTrailDetails'
+            Prelude.<$> (x Data..:? "CloudWatchLogsLogGroupArn")
+            Prelude.<*> (x Data..:? "CloudWatchLogsRoleArn")
+            Prelude.<*> (x Data..:? "HasCustomEventSelectors")
+            Prelude.<*> (x Data..:? "HomeRegion")
+            Prelude.<*> (x Data..:? "IncludeGlobalServiceEvents")
+            Prelude.<*> (x Data..:? "IsMultiRegionTrail")
+            Prelude.<*> (x Data..:? "IsOrganizationTrail")
+            Prelude.<*> (x Data..:? "KmsKeyId")
+            Prelude.<*> (x Data..:? "LogFileValidationEnabled")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "S3BucketName")
+            Prelude.<*> (x Data..:? "S3KeyPrefix")
+            Prelude.<*> (x Data..:? "SnsTopicArn")
+            Prelude.<*> (x Data..:? "SnsTopicName")
+            Prelude.<*> (x Data..:? "TrailArn")
+      )
+
+instance Prelude.Hashable AwsCloudTrailTrailDetails where
+  hashWithSalt _salt AwsCloudTrailTrailDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` cloudWatchLogsLogGroupArn
+      `Prelude.hashWithSalt` cloudWatchLogsRoleArn
+      `Prelude.hashWithSalt` hasCustomEventSelectors
+      `Prelude.hashWithSalt` homeRegion
+      `Prelude.hashWithSalt` includeGlobalServiceEvents
+      `Prelude.hashWithSalt` isMultiRegionTrail
+      `Prelude.hashWithSalt` isOrganizationTrail
+      `Prelude.hashWithSalt` kmsKeyId
+      `Prelude.hashWithSalt` logFileValidationEnabled
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` s3BucketName
+      `Prelude.hashWithSalt` s3KeyPrefix
+      `Prelude.hashWithSalt` snsTopicArn
+      `Prelude.hashWithSalt` snsTopicName
+      `Prelude.hashWithSalt` trailArn
+
+instance Prelude.NFData AwsCloudTrailTrailDetails where
+  rnf AwsCloudTrailTrailDetails' {..} =
+    Prelude.rnf cloudWatchLogsLogGroupArn
+      `Prelude.seq` Prelude.rnf cloudWatchLogsRoleArn
+      `Prelude.seq` Prelude.rnf hasCustomEventSelectors
+      `Prelude.seq` Prelude.rnf homeRegion
+      `Prelude.seq` Prelude.rnf includeGlobalServiceEvents
+      `Prelude.seq` Prelude.rnf isMultiRegionTrail
+      `Prelude.seq` Prelude.rnf isOrganizationTrail
+      `Prelude.seq` Prelude.rnf kmsKeyId
+      `Prelude.seq` Prelude.rnf logFileValidationEnabled
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf s3BucketName
+      `Prelude.seq` Prelude.rnf s3KeyPrefix
+      `Prelude.seq` Prelude.rnf snsTopicArn
+      `Prelude.seq` Prelude.rnf snsTopicName
+      `Prelude.seq` Prelude.rnf trailArn
+
+instance Data.ToJSON AwsCloudTrailTrailDetails where
+  toJSON AwsCloudTrailTrailDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CloudWatchLogsLogGroupArn" Data..=)
+              Prelude.<$> cloudWatchLogsLogGroupArn,
+            ("CloudWatchLogsRoleArn" Data..=)
+              Prelude.<$> cloudWatchLogsRoleArn,
+            ("HasCustomEventSelectors" Data..=)
+              Prelude.<$> hasCustomEventSelectors,
+            ("HomeRegion" Data..=) Prelude.<$> homeRegion,
+            ("IncludeGlobalServiceEvents" Data..=)
+              Prelude.<$> includeGlobalServiceEvents,
+            ("IsMultiRegionTrail" Data..=)
+              Prelude.<$> isMultiRegionTrail,
+            ("IsOrganizationTrail" Data..=)
+              Prelude.<$> isOrganizationTrail,
+            ("KmsKeyId" Data..=) Prelude.<$> kmsKeyId,
+            ("LogFileValidationEnabled" Data..=)
+              Prelude.<$> logFileValidationEnabled,
+            ("Name" Data..=) Prelude.<$> name,
+            ("S3BucketName" Data..=) Prelude.<$> s3BucketName,
+            ("S3KeyPrefix" Data..=) Prelude.<$> s3KeyPrefix,
+            ("SnsTopicArn" Data..=) Prelude.<$> snsTopicArn,
+            ("SnsTopicName" Data..=) Prelude.<$> snsTopicName,
+            ("TrailArn" Data..=) Prelude.<$> trailArn
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudWatchAlarmDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudWatchAlarmDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudWatchAlarmDetails.hs
@@ -0,0 +1,453 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudWatchAlarmDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudWatchAlarmDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCloudWatchAlarmDimensionsDetails
+
+-- | Specifies an alarm and associates it with the specified metric or metric
+-- math expression.
+--
+-- /See:/ 'newAwsCloudWatchAlarmDetails' smart constructor.
+data AwsCloudWatchAlarmDetails = AwsCloudWatchAlarmDetails'
+  { -- | Indicates whether actions should be executed during any changes to the
+    -- alarm state.
+    actionsEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | The list of actions, specified as Amazon Resource Names (ARNs) to
+    -- execute when this alarm transitions into an @ALARM@ state from any other
+    -- state.
+    alarmActions :: Prelude.Maybe [Prelude.Text],
+    -- | The ARN of the alarm.
+    alarmArn :: Prelude.Maybe Prelude.Text,
+    -- | The time stamp of the last update to the alarm configuration.
+    alarmConfigurationUpdatedTimestamp :: Prelude.Maybe Prelude.Text,
+    -- | The description of the alarm.
+    alarmDescription :: Prelude.Maybe Prelude.Text,
+    -- | The name of the alarm. If you don\'t specify a name, CloudFront
+    -- generates a unique physical ID and uses that ID for the alarm name.
+    alarmName :: Prelude.Maybe Prelude.Text,
+    -- | The arithmetic operation to use when comparing the specified statistic
+    -- and threshold. The specified statistic value is used as the first
+    -- operand.
+    comparisonOperator :: Prelude.Maybe Prelude.Text,
+    -- | The number of datapoints that must be breaching to trigger the alarm.
+    datapointsToAlarm :: Prelude.Maybe Prelude.Int,
+    -- | The dimensions for the metric associated with the alarm.
+    dimensions :: Prelude.Maybe [AwsCloudWatchAlarmDimensionsDetails],
+    -- | Used only for alarms based on percentiles. If @ignore@, the alarm state
+    -- does not change during periods with too few data points to be
+    -- statistically significant. If @evaluate@ or this parameter is not used,
+    -- the alarm is always evaluated and possibly changes state no matter how
+    -- many data points are available.
+    evaluateLowSampleCountPercentile :: Prelude.Maybe Prelude.Text,
+    -- | The number of periods over which data is compared to the specified
+    -- threshold.
+    evaluationPeriods :: Prelude.Maybe Prelude.Int,
+    -- | The percentile statistic for the metric associated with the alarm.
+    extendedStatistic :: Prelude.Maybe Prelude.Text,
+    -- | The actions to execute when this alarm transitions to the
+    -- @INSUFFICIENT_DATA@ state from any other state. Each action is specified
+    -- as an ARN.
+    insufficientDataActions :: Prelude.Maybe [Prelude.Text],
+    -- | The name of the metric associated with the alarm. This is required for
+    -- an alarm based on a metric. For an alarm based on a math expression, you
+    -- use @Metrics@ instead and you can\'t specify @MetricName@.
+    metricName :: Prelude.Maybe Prelude.Text,
+    -- | The namespace of the metric associated with the alarm. This is required
+    -- for an alarm based on a metric. For an alarm based on a math expression,
+    -- you can\'t specify @Namespace@ and you use @Metrics@ instead.
+    namespace :: Prelude.Maybe Prelude.Text,
+    -- | The actions to execute when this alarm transitions to the @OK@ state
+    -- from any other state. Each action is specified as an ARN.
+    okActions :: Prelude.Maybe [Prelude.Text],
+    -- | The period, in seconds, over which the statistic is applied. This is
+    -- required for an alarm based on a metric.
+    period :: Prelude.Maybe Prelude.Int,
+    -- | The statistic for the metric associated with the alarm, other than
+    -- percentile. For percentile statistics, use @ExtendedStatistic@.
+    --
+    -- For an alarm based on a metric, you must specify either @Statistic@ or
+    -- @ExtendedStatistic@ but not both.
+    --
+    -- For an alarm based on a math expression, you can\'t specify @Statistic@.
+    -- Instead, you use @Metrics@.
+    statistic :: Prelude.Maybe Prelude.Text,
+    -- | The value to compare with the specified statistic.
+    threshold :: Prelude.Maybe Prelude.Double,
+    -- | n an alarm based on an anomaly detection model, this is the ID of the
+    -- @ANOMALY_DETECTION_BAND@ function used as the threshold for the alarm.
+    thresholdMetricId :: Prelude.Maybe Prelude.Text,
+    -- | Sets how this alarm is to handle missing data points.
+    treatMissingData :: Prelude.Maybe Prelude.Text,
+    -- | The unit of the metric associated with the alarm.
+    unit :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudWatchAlarmDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'actionsEnabled', 'awsCloudWatchAlarmDetails_actionsEnabled' - Indicates whether actions should be executed during any changes to the
+-- alarm state.
+--
+-- 'alarmActions', 'awsCloudWatchAlarmDetails_alarmActions' - The list of actions, specified as Amazon Resource Names (ARNs) to
+-- execute when this alarm transitions into an @ALARM@ state from any other
+-- state.
+--
+-- 'alarmArn', 'awsCloudWatchAlarmDetails_alarmArn' - The ARN of the alarm.
+--
+-- 'alarmConfigurationUpdatedTimestamp', 'awsCloudWatchAlarmDetails_alarmConfigurationUpdatedTimestamp' - The time stamp of the last update to the alarm configuration.
+--
+-- 'alarmDescription', 'awsCloudWatchAlarmDetails_alarmDescription' - The description of the alarm.
+--
+-- 'alarmName', 'awsCloudWatchAlarmDetails_alarmName' - The name of the alarm. If you don\'t specify a name, CloudFront
+-- generates a unique physical ID and uses that ID for the alarm name.
+--
+-- 'comparisonOperator', 'awsCloudWatchAlarmDetails_comparisonOperator' - The arithmetic operation to use when comparing the specified statistic
+-- and threshold. The specified statistic value is used as the first
+-- operand.
+--
+-- 'datapointsToAlarm', 'awsCloudWatchAlarmDetails_datapointsToAlarm' - The number of datapoints that must be breaching to trigger the alarm.
+--
+-- 'dimensions', 'awsCloudWatchAlarmDetails_dimensions' - The dimensions for the metric associated with the alarm.
+--
+-- 'evaluateLowSampleCountPercentile', 'awsCloudWatchAlarmDetails_evaluateLowSampleCountPercentile' - Used only for alarms based on percentiles. If @ignore@, the alarm state
+-- does not change during periods with too few data points to be
+-- statistically significant. If @evaluate@ or this parameter is not used,
+-- the alarm is always evaluated and possibly changes state no matter how
+-- many data points are available.
+--
+-- 'evaluationPeriods', 'awsCloudWatchAlarmDetails_evaluationPeriods' - The number of periods over which data is compared to the specified
+-- threshold.
+--
+-- 'extendedStatistic', 'awsCloudWatchAlarmDetails_extendedStatistic' - The percentile statistic for the metric associated with the alarm.
+--
+-- 'insufficientDataActions', 'awsCloudWatchAlarmDetails_insufficientDataActions' - The actions to execute when this alarm transitions to the
+-- @INSUFFICIENT_DATA@ state from any other state. Each action is specified
+-- as an ARN.
+--
+-- 'metricName', 'awsCloudWatchAlarmDetails_metricName' - The name of the metric associated with the alarm. This is required for
+-- an alarm based on a metric. For an alarm based on a math expression, you
+-- use @Metrics@ instead and you can\'t specify @MetricName@.
+--
+-- 'namespace', 'awsCloudWatchAlarmDetails_namespace' - The namespace of the metric associated with the alarm. This is required
+-- for an alarm based on a metric. For an alarm based on a math expression,
+-- you can\'t specify @Namespace@ and you use @Metrics@ instead.
+--
+-- 'okActions', 'awsCloudWatchAlarmDetails_okActions' - The actions to execute when this alarm transitions to the @OK@ state
+-- from any other state. Each action is specified as an ARN.
+--
+-- 'period', 'awsCloudWatchAlarmDetails_period' - The period, in seconds, over which the statistic is applied. This is
+-- required for an alarm based on a metric.
+--
+-- 'statistic', 'awsCloudWatchAlarmDetails_statistic' - The statistic for the metric associated with the alarm, other than
+-- percentile. For percentile statistics, use @ExtendedStatistic@.
+--
+-- For an alarm based on a metric, you must specify either @Statistic@ or
+-- @ExtendedStatistic@ but not both.
+--
+-- For an alarm based on a math expression, you can\'t specify @Statistic@.
+-- Instead, you use @Metrics@.
+--
+-- 'threshold', 'awsCloudWatchAlarmDetails_threshold' - The value to compare with the specified statistic.
+--
+-- 'thresholdMetricId', 'awsCloudWatchAlarmDetails_thresholdMetricId' - n an alarm based on an anomaly detection model, this is the ID of the
+-- @ANOMALY_DETECTION_BAND@ function used as the threshold for the alarm.
+--
+-- 'treatMissingData', 'awsCloudWatchAlarmDetails_treatMissingData' - Sets how this alarm is to handle missing data points.
+--
+-- 'unit', 'awsCloudWatchAlarmDetails_unit' - The unit of the metric associated with the alarm.
+newAwsCloudWatchAlarmDetails ::
+  AwsCloudWatchAlarmDetails
+newAwsCloudWatchAlarmDetails =
+  AwsCloudWatchAlarmDetails'
+    { actionsEnabled =
+        Prelude.Nothing,
+      alarmActions = Prelude.Nothing,
+      alarmArn = Prelude.Nothing,
+      alarmConfigurationUpdatedTimestamp =
+        Prelude.Nothing,
+      alarmDescription = Prelude.Nothing,
+      alarmName = Prelude.Nothing,
+      comparisonOperator = Prelude.Nothing,
+      datapointsToAlarm = Prelude.Nothing,
+      dimensions = Prelude.Nothing,
+      evaluateLowSampleCountPercentile =
+        Prelude.Nothing,
+      evaluationPeriods = Prelude.Nothing,
+      extendedStatistic = Prelude.Nothing,
+      insufficientDataActions = Prelude.Nothing,
+      metricName = Prelude.Nothing,
+      namespace = Prelude.Nothing,
+      okActions = Prelude.Nothing,
+      period = Prelude.Nothing,
+      statistic = Prelude.Nothing,
+      threshold = Prelude.Nothing,
+      thresholdMetricId = Prelude.Nothing,
+      treatMissingData = Prelude.Nothing,
+      unit = Prelude.Nothing
+    }
+
+-- | Indicates whether actions should be executed during any changes to the
+-- alarm state.
+awsCloudWatchAlarmDetails_actionsEnabled :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Bool)
+awsCloudWatchAlarmDetails_actionsEnabled = Lens.lens (\AwsCloudWatchAlarmDetails' {actionsEnabled} -> actionsEnabled) (\s@AwsCloudWatchAlarmDetails' {} a -> s {actionsEnabled = a} :: AwsCloudWatchAlarmDetails)
+
+-- | The list of actions, specified as Amazon Resource Names (ARNs) to
+-- execute when this alarm transitions into an @ALARM@ state from any other
+-- state.
+awsCloudWatchAlarmDetails_alarmActions :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe [Prelude.Text])
+awsCloudWatchAlarmDetails_alarmActions = Lens.lens (\AwsCloudWatchAlarmDetails' {alarmActions} -> alarmActions) (\s@AwsCloudWatchAlarmDetails' {} a -> s {alarmActions = a} :: AwsCloudWatchAlarmDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN of the alarm.
+awsCloudWatchAlarmDetails_alarmArn :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Text)
+awsCloudWatchAlarmDetails_alarmArn = Lens.lens (\AwsCloudWatchAlarmDetails' {alarmArn} -> alarmArn) (\s@AwsCloudWatchAlarmDetails' {} a -> s {alarmArn = a} :: AwsCloudWatchAlarmDetails)
+
+-- | The time stamp of the last update to the alarm configuration.
+awsCloudWatchAlarmDetails_alarmConfigurationUpdatedTimestamp :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Text)
+awsCloudWatchAlarmDetails_alarmConfigurationUpdatedTimestamp = Lens.lens (\AwsCloudWatchAlarmDetails' {alarmConfigurationUpdatedTimestamp} -> alarmConfigurationUpdatedTimestamp) (\s@AwsCloudWatchAlarmDetails' {} a -> s {alarmConfigurationUpdatedTimestamp = a} :: AwsCloudWatchAlarmDetails)
+
+-- | The description of the alarm.
+awsCloudWatchAlarmDetails_alarmDescription :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Text)
+awsCloudWatchAlarmDetails_alarmDescription = Lens.lens (\AwsCloudWatchAlarmDetails' {alarmDescription} -> alarmDescription) (\s@AwsCloudWatchAlarmDetails' {} a -> s {alarmDescription = a} :: AwsCloudWatchAlarmDetails)
+
+-- | The name of the alarm. If you don\'t specify a name, CloudFront
+-- generates a unique physical ID and uses that ID for the alarm name.
+awsCloudWatchAlarmDetails_alarmName :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Text)
+awsCloudWatchAlarmDetails_alarmName = Lens.lens (\AwsCloudWatchAlarmDetails' {alarmName} -> alarmName) (\s@AwsCloudWatchAlarmDetails' {} a -> s {alarmName = a} :: AwsCloudWatchAlarmDetails)
+
+-- | The arithmetic operation to use when comparing the specified statistic
+-- and threshold. The specified statistic value is used as the first
+-- operand.
+awsCloudWatchAlarmDetails_comparisonOperator :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Text)
+awsCloudWatchAlarmDetails_comparisonOperator = Lens.lens (\AwsCloudWatchAlarmDetails' {comparisonOperator} -> comparisonOperator) (\s@AwsCloudWatchAlarmDetails' {} a -> s {comparisonOperator = a} :: AwsCloudWatchAlarmDetails)
+
+-- | The number of datapoints that must be breaching to trigger the alarm.
+awsCloudWatchAlarmDetails_datapointsToAlarm :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Int)
+awsCloudWatchAlarmDetails_datapointsToAlarm = Lens.lens (\AwsCloudWatchAlarmDetails' {datapointsToAlarm} -> datapointsToAlarm) (\s@AwsCloudWatchAlarmDetails' {} a -> s {datapointsToAlarm = a} :: AwsCloudWatchAlarmDetails)
+
+-- | The dimensions for the metric associated with the alarm.
+awsCloudWatchAlarmDetails_dimensions :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe [AwsCloudWatchAlarmDimensionsDetails])
+awsCloudWatchAlarmDetails_dimensions = Lens.lens (\AwsCloudWatchAlarmDetails' {dimensions} -> dimensions) (\s@AwsCloudWatchAlarmDetails' {} a -> s {dimensions = a} :: AwsCloudWatchAlarmDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Used only for alarms based on percentiles. If @ignore@, the alarm state
+-- does not change during periods with too few data points to be
+-- statistically significant. If @evaluate@ or this parameter is not used,
+-- the alarm is always evaluated and possibly changes state no matter how
+-- many data points are available.
+awsCloudWatchAlarmDetails_evaluateLowSampleCountPercentile :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Text)
+awsCloudWatchAlarmDetails_evaluateLowSampleCountPercentile = Lens.lens (\AwsCloudWatchAlarmDetails' {evaluateLowSampleCountPercentile} -> evaluateLowSampleCountPercentile) (\s@AwsCloudWatchAlarmDetails' {} a -> s {evaluateLowSampleCountPercentile = a} :: AwsCloudWatchAlarmDetails)
+
+-- | The number of periods over which data is compared to the specified
+-- threshold.
+awsCloudWatchAlarmDetails_evaluationPeriods :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Int)
+awsCloudWatchAlarmDetails_evaluationPeriods = Lens.lens (\AwsCloudWatchAlarmDetails' {evaluationPeriods} -> evaluationPeriods) (\s@AwsCloudWatchAlarmDetails' {} a -> s {evaluationPeriods = a} :: AwsCloudWatchAlarmDetails)
+
+-- | The percentile statistic for the metric associated with the alarm.
+awsCloudWatchAlarmDetails_extendedStatistic :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Text)
+awsCloudWatchAlarmDetails_extendedStatistic = Lens.lens (\AwsCloudWatchAlarmDetails' {extendedStatistic} -> extendedStatistic) (\s@AwsCloudWatchAlarmDetails' {} a -> s {extendedStatistic = a} :: AwsCloudWatchAlarmDetails)
+
+-- | The actions to execute when this alarm transitions to the
+-- @INSUFFICIENT_DATA@ state from any other state. Each action is specified
+-- as an ARN.
+awsCloudWatchAlarmDetails_insufficientDataActions :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe [Prelude.Text])
+awsCloudWatchAlarmDetails_insufficientDataActions = Lens.lens (\AwsCloudWatchAlarmDetails' {insufficientDataActions} -> insufficientDataActions) (\s@AwsCloudWatchAlarmDetails' {} a -> s {insufficientDataActions = a} :: AwsCloudWatchAlarmDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the metric associated with the alarm. This is required for
+-- an alarm based on a metric. For an alarm based on a math expression, you
+-- use @Metrics@ instead and you can\'t specify @MetricName@.
+awsCloudWatchAlarmDetails_metricName :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Text)
+awsCloudWatchAlarmDetails_metricName = Lens.lens (\AwsCloudWatchAlarmDetails' {metricName} -> metricName) (\s@AwsCloudWatchAlarmDetails' {} a -> s {metricName = a} :: AwsCloudWatchAlarmDetails)
+
+-- | The namespace of the metric associated with the alarm. This is required
+-- for an alarm based on a metric. For an alarm based on a math expression,
+-- you can\'t specify @Namespace@ and you use @Metrics@ instead.
+awsCloudWatchAlarmDetails_namespace :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Text)
+awsCloudWatchAlarmDetails_namespace = Lens.lens (\AwsCloudWatchAlarmDetails' {namespace} -> namespace) (\s@AwsCloudWatchAlarmDetails' {} a -> s {namespace = a} :: AwsCloudWatchAlarmDetails)
+
+-- | The actions to execute when this alarm transitions to the @OK@ state
+-- from any other state. Each action is specified as an ARN.
+awsCloudWatchAlarmDetails_okActions :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe [Prelude.Text])
+awsCloudWatchAlarmDetails_okActions = Lens.lens (\AwsCloudWatchAlarmDetails' {okActions} -> okActions) (\s@AwsCloudWatchAlarmDetails' {} a -> s {okActions = a} :: AwsCloudWatchAlarmDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The period, in seconds, over which the statistic is applied. This is
+-- required for an alarm based on a metric.
+awsCloudWatchAlarmDetails_period :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Int)
+awsCloudWatchAlarmDetails_period = Lens.lens (\AwsCloudWatchAlarmDetails' {period} -> period) (\s@AwsCloudWatchAlarmDetails' {} a -> s {period = a} :: AwsCloudWatchAlarmDetails)
+
+-- | The statistic for the metric associated with the alarm, other than
+-- percentile. For percentile statistics, use @ExtendedStatistic@.
+--
+-- For an alarm based on a metric, you must specify either @Statistic@ or
+-- @ExtendedStatistic@ but not both.
+--
+-- For an alarm based on a math expression, you can\'t specify @Statistic@.
+-- Instead, you use @Metrics@.
+awsCloudWatchAlarmDetails_statistic :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Text)
+awsCloudWatchAlarmDetails_statistic = Lens.lens (\AwsCloudWatchAlarmDetails' {statistic} -> statistic) (\s@AwsCloudWatchAlarmDetails' {} a -> s {statistic = a} :: AwsCloudWatchAlarmDetails)
+
+-- | The value to compare with the specified statistic.
+awsCloudWatchAlarmDetails_threshold :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Double)
+awsCloudWatchAlarmDetails_threshold = Lens.lens (\AwsCloudWatchAlarmDetails' {threshold} -> threshold) (\s@AwsCloudWatchAlarmDetails' {} a -> s {threshold = a} :: AwsCloudWatchAlarmDetails)
+
+-- | n an alarm based on an anomaly detection model, this is the ID of the
+-- @ANOMALY_DETECTION_BAND@ function used as the threshold for the alarm.
+awsCloudWatchAlarmDetails_thresholdMetricId :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Text)
+awsCloudWatchAlarmDetails_thresholdMetricId = Lens.lens (\AwsCloudWatchAlarmDetails' {thresholdMetricId} -> thresholdMetricId) (\s@AwsCloudWatchAlarmDetails' {} a -> s {thresholdMetricId = a} :: AwsCloudWatchAlarmDetails)
+
+-- | Sets how this alarm is to handle missing data points.
+awsCloudWatchAlarmDetails_treatMissingData :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Text)
+awsCloudWatchAlarmDetails_treatMissingData = Lens.lens (\AwsCloudWatchAlarmDetails' {treatMissingData} -> treatMissingData) (\s@AwsCloudWatchAlarmDetails' {} a -> s {treatMissingData = a} :: AwsCloudWatchAlarmDetails)
+
+-- | The unit of the metric associated with the alarm.
+awsCloudWatchAlarmDetails_unit :: Lens.Lens' AwsCloudWatchAlarmDetails (Prelude.Maybe Prelude.Text)
+awsCloudWatchAlarmDetails_unit = Lens.lens (\AwsCloudWatchAlarmDetails' {unit} -> unit) (\s@AwsCloudWatchAlarmDetails' {} a -> s {unit = a} :: AwsCloudWatchAlarmDetails)
+
+instance Data.FromJSON AwsCloudWatchAlarmDetails where
+  parseJSON =
+    Data.withObject
+      "AwsCloudWatchAlarmDetails"
+      ( \x ->
+          AwsCloudWatchAlarmDetails'
+            Prelude.<$> (x Data..:? "ActionsEnabled")
+            Prelude.<*> (x Data..:? "AlarmActions" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "AlarmArn")
+            Prelude.<*> (x Data..:? "AlarmConfigurationUpdatedTimestamp")
+            Prelude.<*> (x Data..:? "AlarmDescription")
+            Prelude.<*> (x Data..:? "AlarmName")
+            Prelude.<*> (x Data..:? "ComparisonOperator")
+            Prelude.<*> (x Data..:? "DatapointsToAlarm")
+            Prelude.<*> (x Data..:? "Dimensions" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "EvaluateLowSampleCountPercentile")
+            Prelude.<*> (x Data..:? "EvaluationPeriods")
+            Prelude.<*> (x Data..:? "ExtendedStatistic")
+            Prelude.<*> ( x
+                            Data..:? "InsufficientDataActions"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "MetricName")
+            Prelude.<*> (x Data..:? "Namespace")
+            Prelude.<*> (x Data..:? "OkActions" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Period")
+            Prelude.<*> (x Data..:? "Statistic")
+            Prelude.<*> (x Data..:? "Threshold")
+            Prelude.<*> (x Data..:? "ThresholdMetricId")
+            Prelude.<*> (x Data..:? "TreatMissingData")
+            Prelude.<*> (x Data..:? "Unit")
+      )
+
+instance Prelude.Hashable AwsCloudWatchAlarmDetails where
+  hashWithSalt _salt AwsCloudWatchAlarmDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` actionsEnabled
+      `Prelude.hashWithSalt` alarmActions
+      `Prelude.hashWithSalt` alarmArn
+      `Prelude.hashWithSalt` alarmConfigurationUpdatedTimestamp
+      `Prelude.hashWithSalt` alarmDescription
+      `Prelude.hashWithSalt` alarmName
+      `Prelude.hashWithSalt` comparisonOperator
+      `Prelude.hashWithSalt` datapointsToAlarm
+      `Prelude.hashWithSalt` dimensions
+      `Prelude.hashWithSalt` evaluateLowSampleCountPercentile
+      `Prelude.hashWithSalt` evaluationPeriods
+      `Prelude.hashWithSalt` extendedStatistic
+      `Prelude.hashWithSalt` insufficientDataActions
+      `Prelude.hashWithSalt` metricName
+      `Prelude.hashWithSalt` namespace
+      `Prelude.hashWithSalt` okActions
+      `Prelude.hashWithSalt` period
+      `Prelude.hashWithSalt` statistic
+      `Prelude.hashWithSalt` threshold
+      `Prelude.hashWithSalt` thresholdMetricId
+      `Prelude.hashWithSalt` treatMissingData
+      `Prelude.hashWithSalt` unit
+
+instance Prelude.NFData AwsCloudWatchAlarmDetails where
+  rnf AwsCloudWatchAlarmDetails' {..} =
+    Prelude.rnf actionsEnabled
+      `Prelude.seq` Prelude.rnf alarmActions
+      `Prelude.seq` Prelude.rnf alarmArn
+      `Prelude.seq` Prelude.rnf alarmConfigurationUpdatedTimestamp
+      `Prelude.seq` Prelude.rnf alarmDescription
+      `Prelude.seq` Prelude.rnf alarmName
+      `Prelude.seq` Prelude.rnf comparisonOperator
+      `Prelude.seq` Prelude.rnf datapointsToAlarm
+      `Prelude.seq` Prelude.rnf dimensions
+      `Prelude.seq` Prelude.rnf evaluateLowSampleCountPercentile
+      `Prelude.seq` Prelude.rnf evaluationPeriods
+      `Prelude.seq` Prelude.rnf extendedStatistic
+      `Prelude.seq` Prelude.rnf insufficientDataActions
+      `Prelude.seq` Prelude.rnf metricName
+      `Prelude.seq` Prelude.rnf namespace
+      `Prelude.seq` Prelude.rnf okActions
+      `Prelude.seq` Prelude.rnf period
+      `Prelude.seq` Prelude.rnf statistic
+      `Prelude.seq` Prelude.rnf threshold
+      `Prelude.seq` Prelude.rnf thresholdMetricId
+      `Prelude.seq` Prelude.rnf treatMissingData
+      `Prelude.seq` Prelude.rnf unit
+
+instance Data.ToJSON AwsCloudWatchAlarmDetails where
+  toJSON AwsCloudWatchAlarmDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ActionsEnabled" Data..=)
+              Prelude.<$> actionsEnabled,
+            ("AlarmActions" Data..=) Prelude.<$> alarmActions,
+            ("AlarmArn" Data..=) Prelude.<$> alarmArn,
+            ("AlarmConfigurationUpdatedTimestamp" Data..=)
+              Prelude.<$> alarmConfigurationUpdatedTimestamp,
+            ("AlarmDescription" Data..=)
+              Prelude.<$> alarmDescription,
+            ("AlarmName" Data..=) Prelude.<$> alarmName,
+            ("ComparisonOperator" Data..=)
+              Prelude.<$> comparisonOperator,
+            ("DatapointsToAlarm" Data..=)
+              Prelude.<$> datapointsToAlarm,
+            ("Dimensions" Data..=) Prelude.<$> dimensions,
+            ("EvaluateLowSampleCountPercentile" Data..=)
+              Prelude.<$> evaluateLowSampleCountPercentile,
+            ("EvaluationPeriods" Data..=)
+              Prelude.<$> evaluationPeriods,
+            ("ExtendedStatistic" Data..=)
+              Prelude.<$> extendedStatistic,
+            ("InsufficientDataActions" Data..=)
+              Prelude.<$> insufficientDataActions,
+            ("MetricName" Data..=) Prelude.<$> metricName,
+            ("Namespace" Data..=) Prelude.<$> namespace,
+            ("OkActions" Data..=) Prelude.<$> okActions,
+            ("Period" Data..=) Prelude.<$> period,
+            ("Statistic" Data..=) Prelude.<$> statistic,
+            ("Threshold" Data..=) Prelude.<$> threshold,
+            ("ThresholdMetricId" Data..=)
+              Prelude.<$> thresholdMetricId,
+            ("TreatMissingData" Data..=)
+              Prelude.<$> treatMissingData,
+            ("Unit" Data..=) Prelude.<$> unit
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCloudWatchAlarmDimensionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsCloudWatchAlarmDimensionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCloudWatchAlarmDimensionsDetails.hs
@@ -0,0 +1,107 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCloudWatchAlarmDimensionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCloudWatchAlarmDimensionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about the dimensions for the metric associated with the alarm.
+--
+-- /See:/ 'newAwsCloudWatchAlarmDimensionsDetails' smart constructor.
+data AwsCloudWatchAlarmDimensionsDetails = AwsCloudWatchAlarmDimensionsDetails'
+  { -- | The name of a dimension.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The value of a dimension.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCloudWatchAlarmDimensionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'awsCloudWatchAlarmDimensionsDetails_name' - The name of a dimension.
+--
+-- 'value', 'awsCloudWatchAlarmDimensionsDetails_value' - The value of a dimension.
+newAwsCloudWatchAlarmDimensionsDetails ::
+  AwsCloudWatchAlarmDimensionsDetails
+newAwsCloudWatchAlarmDimensionsDetails =
+  AwsCloudWatchAlarmDimensionsDetails'
+    { name =
+        Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | The name of a dimension.
+awsCloudWatchAlarmDimensionsDetails_name :: Lens.Lens' AwsCloudWatchAlarmDimensionsDetails (Prelude.Maybe Prelude.Text)
+awsCloudWatchAlarmDimensionsDetails_name = Lens.lens (\AwsCloudWatchAlarmDimensionsDetails' {name} -> name) (\s@AwsCloudWatchAlarmDimensionsDetails' {} a -> s {name = a} :: AwsCloudWatchAlarmDimensionsDetails)
+
+-- | The value of a dimension.
+awsCloudWatchAlarmDimensionsDetails_value :: Lens.Lens' AwsCloudWatchAlarmDimensionsDetails (Prelude.Maybe Prelude.Text)
+awsCloudWatchAlarmDimensionsDetails_value = Lens.lens (\AwsCloudWatchAlarmDimensionsDetails' {value} -> value) (\s@AwsCloudWatchAlarmDimensionsDetails' {} a -> s {value = a} :: AwsCloudWatchAlarmDimensionsDetails)
+
+instance
+  Data.FromJSON
+    AwsCloudWatchAlarmDimensionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCloudWatchAlarmDimensionsDetails"
+      ( \x ->
+          AwsCloudWatchAlarmDimensionsDetails'
+            Prelude.<$> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCloudWatchAlarmDimensionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsCloudWatchAlarmDimensionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    AwsCloudWatchAlarmDimensionsDetails
+  where
+  rnf AwsCloudWatchAlarmDimensionsDetails' {..} =
+    Prelude.rnf name `Prelude.seq` Prelude.rnf value
+
+instance
+  Data.ToJSON
+    AwsCloudWatchAlarmDimensionsDetails
+  where
+  toJSON AwsCloudWatchAlarmDimensionsDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Name" Data..=) Prelude.<$> name,
+            ("Value" Data..=) Prelude.<$> value
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectArtifactsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectArtifactsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectArtifactsDetails.hs
@@ -0,0 +1,229 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCodeBuildProjectArtifactsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCodeBuildProjectArtifactsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the build artifacts for the CodeBuild project.
+--
+-- /See:/ 'newAwsCodeBuildProjectArtifactsDetails' smart constructor.
+data AwsCodeBuildProjectArtifactsDetails = AwsCodeBuildProjectArtifactsDetails'
+  { -- | An identifier for the artifact definition.
+    artifactIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether to disable encryption on the artifact. Only valid when
+    -- @Type@ is @S3@.
+    encryptionDisabled :: Prelude.Maybe Prelude.Bool,
+    -- | Only used when @Type@ is @S3@. The name of the S3 bucket where the
+    -- artifact is located.
+    location :: Prelude.Maybe Prelude.Text,
+    -- | Only used when Type is S3. The name of the artifact. Used with
+    -- @NamepaceType@ and @Path@ to determine the pattern for storing the
+    -- artifact.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | Only used when @Type@ is @S3@. The value to use for the namespace. Used
+    -- with @Name@ and @Path@ to determine the pattern for storing the
+    -- artifact.
+    namespaceType :: Prelude.Maybe Prelude.Text,
+    -- | Whether the name specified in the buildspec file overrides the artifact
+    -- name.
+    overrideArtifactName :: Prelude.Maybe Prelude.Bool,
+    -- | Only used when @Type@ is @S3@. The type of output artifact to create.
+    packaging :: Prelude.Maybe Prelude.Text,
+    -- | Only used when @Type@ is @S3@. The path to the artifact. Used with
+    -- @Name@ and @NamespaceType@ to determine the pattern for storing the
+    -- artifact.
+    path :: Prelude.Maybe Prelude.Text,
+    -- | The type of build artifact.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCodeBuildProjectArtifactsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'artifactIdentifier', 'awsCodeBuildProjectArtifactsDetails_artifactIdentifier' - An identifier for the artifact definition.
+--
+-- 'encryptionDisabled', 'awsCodeBuildProjectArtifactsDetails_encryptionDisabled' - Indicates whether to disable encryption on the artifact. Only valid when
+-- @Type@ is @S3@.
+--
+-- 'location', 'awsCodeBuildProjectArtifactsDetails_location' - Only used when @Type@ is @S3@. The name of the S3 bucket where the
+-- artifact is located.
+--
+-- 'name', 'awsCodeBuildProjectArtifactsDetails_name' - Only used when Type is S3. The name of the artifact. Used with
+-- @NamepaceType@ and @Path@ to determine the pattern for storing the
+-- artifact.
+--
+-- 'namespaceType', 'awsCodeBuildProjectArtifactsDetails_namespaceType' - Only used when @Type@ is @S3@. The value to use for the namespace. Used
+-- with @Name@ and @Path@ to determine the pattern for storing the
+-- artifact.
+--
+-- 'overrideArtifactName', 'awsCodeBuildProjectArtifactsDetails_overrideArtifactName' - Whether the name specified in the buildspec file overrides the artifact
+-- name.
+--
+-- 'packaging', 'awsCodeBuildProjectArtifactsDetails_packaging' - Only used when @Type@ is @S3@. The type of output artifact to create.
+--
+-- 'path', 'awsCodeBuildProjectArtifactsDetails_path' - Only used when @Type@ is @S3@. The path to the artifact. Used with
+-- @Name@ and @NamespaceType@ to determine the pattern for storing the
+-- artifact.
+--
+-- 'type'', 'awsCodeBuildProjectArtifactsDetails_type' - The type of build artifact.
+newAwsCodeBuildProjectArtifactsDetails ::
+  AwsCodeBuildProjectArtifactsDetails
+newAwsCodeBuildProjectArtifactsDetails =
+  AwsCodeBuildProjectArtifactsDetails'
+    { artifactIdentifier =
+        Prelude.Nothing,
+      encryptionDisabled = Prelude.Nothing,
+      location = Prelude.Nothing,
+      name = Prelude.Nothing,
+      namespaceType = Prelude.Nothing,
+      overrideArtifactName = Prelude.Nothing,
+      packaging = Prelude.Nothing,
+      path = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | An identifier for the artifact definition.
+awsCodeBuildProjectArtifactsDetails_artifactIdentifier :: Lens.Lens' AwsCodeBuildProjectArtifactsDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectArtifactsDetails_artifactIdentifier = Lens.lens (\AwsCodeBuildProjectArtifactsDetails' {artifactIdentifier} -> artifactIdentifier) (\s@AwsCodeBuildProjectArtifactsDetails' {} a -> s {artifactIdentifier = a} :: AwsCodeBuildProjectArtifactsDetails)
+
+-- | Indicates whether to disable encryption on the artifact. Only valid when
+-- @Type@ is @S3@.
+awsCodeBuildProjectArtifactsDetails_encryptionDisabled :: Lens.Lens' AwsCodeBuildProjectArtifactsDetails (Prelude.Maybe Prelude.Bool)
+awsCodeBuildProjectArtifactsDetails_encryptionDisabled = Lens.lens (\AwsCodeBuildProjectArtifactsDetails' {encryptionDisabled} -> encryptionDisabled) (\s@AwsCodeBuildProjectArtifactsDetails' {} a -> s {encryptionDisabled = a} :: AwsCodeBuildProjectArtifactsDetails)
+
+-- | Only used when @Type@ is @S3@. The name of the S3 bucket where the
+-- artifact is located.
+awsCodeBuildProjectArtifactsDetails_location :: Lens.Lens' AwsCodeBuildProjectArtifactsDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectArtifactsDetails_location = Lens.lens (\AwsCodeBuildProjectArtifactsDetails' {location} -> location) (\s@AwsCodeBuildProjectArtifactsDetails' {} a -> s {location = a} :: AwsCodeBuildProjectArtifactsDetails)
+
+-- | Only used when Type is S3. The name of the artifact. Used with
+-- @NamepaceType@ and @Path@ to determine the pattern for storing the
+-- artifact.
+awsCodeBuildProjectArtifactsDetails_name :: Lens.Lens' AwsCodeBuildProjectArtifactsDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectArtifactsDetails_name = Lens.lens (\AwsCodeBuildProjectArtifactsDetails' {name} -> name) (\s@AwsCodeBuildProjectArtifactsDetails' {} a -> s {name = a} :: AwsCodeBuildProjectArtifactsDetails)
+
+-- | Only used when @Type@ is @S3@. The value to use for the namespace. Used
+-- with @Name@ and @Path@ to determine the pattern for storing the
+-- artifact.
+awsCodeBuildProjectArtifactsDetails_namespaceType :: Lens.Lens' AwsCodeBuildProjectArtifactsDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectArtifactsDetails_namespaceType = Lens.lens (\AwsCodeBuildProjectArtifactsDetails' {namespaceType} -> namespaceType) (\s@AwsCodeBuildProjectArtifactsDetails' {} a -> s {namespaceType = a} :: AwsCodeBuildProjectArtifactsDetails)
+
+-- | Whether the name specified in the buildspec file overrides the artifact
+-- name.
+awsCodeBuildProjectArtifactsDetails_overrideArtifactName :: Lens.Lens' AwsCodeBuildProjectArtifactsDetails (Prelude.Maybe Prelude.Bool)
+awsCodeBuildProjectArtifactsDetails_overrideArtifactName = Lens.lens (\AwsCodeBuildProjectArtifactsDetails' {overrideArtifactName} -> overrideArtifactName) (\s@AwsCodeBuildProjectArtifactsDetails' {} a -> s {overrideArtifactName = a} :: AwsCodeBuildProjectArtifactsDetails)
+
+-- | Only used when @Type@ is @S3@. The type of output artifact to create.
+awsCodeBuildProjectArtifactsDetails_packaging :: Lens.Lens' AwsCodeBuildProjectArtifactsDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectArtifactsDetails_packaging = Lens.lens (\AwsCodeBuildProjectArtifactsDetails' {packaging} -> packaging) (\s@AwsCodeBuildProjectArtifactsDetails' {} a -> s {packaging = a} :: AwsCodeBuildProjectArtifactsDetails)
+
+-- | Only used when @Type@ is @S3@. The path to the artifact. Used with
+-- @Name@ and @NamespaceType@ to determine the pattern for storing the
+-- artifact.
+awsCodeBuildProjectArtifactsDetails_path :: Lens.Lens' AwsCodeBuildProjectArtifactsDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectArtifactsDetails_path = Lens.lens (\AwsCodeBuildProjectArtifactsDetails' {path} -> path) (\s@AwsCodeBuildProjectArtifactsDetails' {} a -> s {path = a} :: AwsCodeBuildProjectArtifactsDetails)
+
+-- | The type of build artifact.
+awsCodeBuildProjectArtifactsDetails_type :: Lens.Lens' AwsCodeBuildProjectArtifactsDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectArtifactsDetails_type = Lens.lens (\AwsCodeBuildProjectArtifactsDetails' {type'} -> type') (\s@AwsCodeBuildProjectArtifactsDetails' {} a -> s {type' = a} :: AwsCodeBuildProjectArtifactsDetails)
+
+instance
+  Data.FromJSON
+    AwsCodeBuildProjectArtifactsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCodeBuildProjectArtifactsDetails"
+      ( \x ->
+          AwsCodeBuildProjectArtifactsDetails'
+            Prelude.<$> (x Data..:? "ArtifactIdentifier")
+            Prelude.<*> (x Data..:? "EncryptionDisabled")
+            Prelude.<*> (x Data..:? "Location")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "NamespaceType")
+            Prelude.<*> (x Data..:? "OverrideArtifactName")
+            Prelude.<*> (x Data..:? "Packaging")
+            Prelude.<*> (x Data..:? "Path")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCodeBuildProjectArtifactsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsCodeBuildProjectArtifactsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` artifactIdentifier
+        `Prelude.hashWithSalt` encryptionDisabled
+        `Prelude.hashWithSalt` location
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` namespaceType
+        `Prelude.hashWithSalt` overrideArtifactName
+        `Prelude.hashWithSalt` packaging
+        `Prelude.hashWithSalt` path
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsCodeBuildProjectArtifactsDetails
+  where
+  rnf AwsCodeBuildProjectArtifactsDetails' {..} =
+    Prelude.rnf artifactIdentifier
+      `Prelude.seq` Prelude.rnf encryptionDisabled
+      `Prelude.seq` Prelude.rnf location
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf namespaceType
+      `Prelude.seq` Prelude.rnf overrideArtifactName
+      `Prelude.seq` Prelude.rnf packaging
+      `Prelude.seq` Prelude.rnf path
+      `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsCodeBuildProjectArtifactsDetails
+  where
+  toJSON AwsCodeBuildProjectArtifactsDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ArtifactIdentifier" Data..=)
+              Prelude.<$> artifactIdentifier,
+            ("EncryptionDisabled" Data..=)
+              Prelude.<$> encryptionDisabled,
+            ("Location" Data..=) Prelude.<$> location,
+            ("Name" Data..=) Prelude.<$> name,
+            ("NamespaceType" Data..=) Prelude.<$> namespaceType,
+            ("OverrideArtifactName" Data..=)
+              Prelude.<$> overrideArtifactName,
+            ("Packaging" Data..=) Prelude.<$> packaging,
+            ("Path" Data..=) Prelude.<$> path,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectDetails.hs
@@ -0,0 +1,209 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCodeBuildProjectDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCodeBuildProjectDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectArtifactsDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironment
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectSource
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectVpcConfig
+
+-- | Information about an CodeBuild project.
+--
+-- /See:/ 'newAwsCodeBuildProjectDetails' smart constructor.
+data AwsCodeBuildProjectDetails = AwsCodeBuildProjectDetails'
+  { -- | Information about the build artifacts for the CodeBuild project.
+    artifacts :: Prelude.Maybe [AwsCodeBuildProjectArtifactsDetails],
+    -- | The KMS key used to encrypt the build output artifacts.
+    --
+    -- You can specify either the ARN of the KMS key or, if available, the KMS
+    -- key alias (using the format alias\/alias-name).
+    encryptionKey :: Prelude.Maybe Prelude.Text,
+    -- | Information about the build environment for this build project.
+    environment :: Prelude.Maybe AwsCodeBuildProjectEnvironment,
+    -- | Information about logs for the build project.
+    logsConfig :: Prelude.Maybe AwsCodeBuildProjectLogsConfigDetails,
+    -- | The name of the build project.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | Information about the secondary artifacts for the CodeBuild project.
+    secondaryArtifacts :: Prelude.Maybe [AwsCodeBuildProjectArtifactsDetails],
+    -- | The ARN of the IAM role that enables CodeBuild to interact with
+    -- dependent Amazon Web Services services on behalf of the Amazon Web
+    -- Services account.
+    serviceRole :: Prelude.Maybe Prelude.Text,
+    -- | Information about the build input source code for this build project.
+    source :: Prelude.Maybe AwsCodeBuildProjectSource,
+    -- | Information about the VPC configuration that CodeBuild accesses.
+    vpcConfig :: Prelude.Maybe AwsCodeBuildProjectVpcConfig
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCodeBuildProjectDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'artifacts', 'awsCodeBuildProjectDetails_artifacts' - Information about the build artifacts for the CodeBuild project.
+--
+-- 'encryptionKey', 'awsCodeBuildProjectDetails_encryptionKey' - The KMS key used to encrypt the build output artifacts.
+--
+-- You can specify either the ARN of the KMS key or, if available, the KMS
+-- key alias (using the format alias\/alias-name).
+--
+-- 'environment', 'awsCodeBuildProjectDetails_environment' - Information about the build environment for this build project.
+--
+-- 'logsConfig', 'awsCodeBuildProjectDetails_logsConfig' - Information about logs for the build project.
+--
+-- 'name', 'awsCodeBuildProjectDetails_name' - The name of the build project.
+--
+-- 'secondaryArtifacts', 'awsCodeBuildProjectDetails_secondaryArtifacts' - Information about the secondary artifacts for the CodeBuild project.
+--
+-- 'serviceRole', 'awsCodeBuildProjectDetails_serviceRole' - The ARN of the IAM role that enables CodeBuild to interact with
+-- dependent Amazon Web Services services on behalf of the Amazon Web
+-- Services account.
+--
+-- 'source', 'awsCodeBuildProjectDetails_source' - Information about the build input source code for this build project.
+--
+-- 'vpcConfig', 'awsCodeBuildProjectDetails_vpcConfig' - Information about the VPC configuration that CodeBuild accesses.
+newAwsCodeBuildProjectDetails ::
+  AwsCodeBuildProjectDetails
+newAwsCodeBuildProjectDetails =
+  AwsCodeBuildProjectDetails'
+    { artifacts =
+        Prelude.Nothing,
+      encryptionKey = Prelude.Nothing,
+      environment = Prelude.Nothing,
+      logsConfig = Prelude.Nothing,
+      name = Prelude.Nothing,
+      secondaryArtifacts = Prelude.Nothing,
+      serviceRole = Prelude.Nothing,
+      source = Prelude.Nothing,
+      vpcConfig = Prelude.Nothing
+    }
+
+-- | Information about the build artifacts for the CodeBuild project.
+awsCodeBuildProjectDetails_artifacts :: Lens.Lens' AwsCodeBuildProjectDetails (Prelude.Maybe [AwsCodeBuildProjectArtifactsDetails])
+awsCodeBuildProjectDetails_artifacts = Lens.lens (\AwsCodeBuildProjectDetails' {artifacts} -> artifacts) (\s@AwsCodeBuildProjectDetails' {} a -> s {artifacts = a} :: AwsCodeBuildProjectDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The KMS key used to encrypt the build output artifacts.
+--
+-- You can specify either the ARN of the KMS key or, if available, the KMS
+-- key alias (using the format alias\/alias-name).
+awsCodeBuildProjectDetails_encryptionKey :: Lens.Lens' AwsCodeBuildProjectDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectDetails_encryptionKey = Lens.lens (\AwsCodeBuildProjectDetails' {encryptionKey} -> encryptionKey) (\s@AwsCodeBuildProjectDetails' {} a -> s {encryptionKey = a} :: AwsCodeBuildProjectDetails)
+
+-- | Information about the build environment for this build project.
+awsCodeBuildProjectDetails_environment :: Lens.Lens' AwsCodeBuildProjectDetails (Prelude.Maybe AwsCodeBuildProjectEnvironment)
+awsCodeBuildProjectDetails_environment = Lens.lens (\AwsCodeBuildProjectDetails' {environment} -> environment) (\s@AwsCodeBuildProjectDetails' {} a -> s {environment = a} :: AwsCodeBuildProjectDetails)
+
+-- | Information about logs for the build project.
+awsCodeBuildProjectDetails_logsConfig :: Lens.Lens' AwsCodeBuildProjectDetails (Prelude.Maybe AwsCodeBuildProjectLogsConfigDetails)
+awsCodeBuildProjectDetails_logsConfig = Lens.lens (\AwsCodeBuildProjectDetails' {logsConfig} -> logsConfig) (\s@AwsCodeBuildProjectDetails' {} a -> s {logsConfig = a} :: AwsCodeBuildProjectDetails)
+
+-- | The name of the build project.
+awsCodeBuildProjectDetails_name :: Lens.Lens' AwsCodeBuildProjectDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectDetails_name = Lens.lens (\AwsCodeBuildProjectDetails' {name} -> name) (\s@AwsCodeBuildProjectDetails' {} a -> s {name = a} :: AwsCodeBuildProjectDetails)
+
+-- | Information about the secondary artifacts for the CodeBuild project.
+awsCodeBuildProjectDetails_secondaryArtifacts :: Lens.Lens' AwsCodeBuildProjectDetails (Prelude.Maybe [AwsCodeBuildProjectArtifactsDetails])
+awsCodeBuildProjectDetails_secondaryArtifacts = Lens.lens (\AwsCodeBuildProjectDetails' {secondaryArtifacts} -> secondaryArtifacts) (\s@AwsCodeBuildProjectDetails' {} a -> s {secondaryArtifacts = a} :: AwsCodeBuildProjectDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN of the IAM role that enables CodeBuild to interact with
+-- dependent Amazon Web Services services on behalf of the Amazon Web
+-- Services account.
+awsCodeBuildProjectDetails_serviceRole :: Lens.Lens' AwsCodeBuildProjectDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectDetails_serviceRole = Lens.lens (\AwsCodeBuildProjectDetails' {serviceRole} -> serviceRole) (\s@AwsCodeBuildProjectDetails' {} a -> s {serviceRole = a} :: AwsCodeBuildProjectDetails)
+
+-- | Information about the build input source code for this build project.
+awsCodeBuildProjectDetails_source :: Lens.Lens' AwsCodeBuildProjectDetails (Prelude.Maybe AwsCodeBuildProjectSource)
+awsCodeBuildProjectDetails_source = Lens.lens (\AwsCodeBuildProjectDetails' {source} -> source) (\s@AwsCodeBuildProjectDetails' {} a -> s {source = a} :: AwsCodeBuildProjectDetails)
+
+-- | Information about the VPC configuration that CodeBuild accesses.
+awsCodeBuildProjectDetails_vpcConfig :: Lens.Lens' AwsCodeBuildProjectDetails (Prelude.Maybe AwsCodeBuildProjectVpcConfig)
+awsCodeBuildProjectDetails_vpcConfig = Lens.lens (\AwsCodeBuildProjectDetails' {vpcConfig} -> vpcConfig) (\s@AwsCodeBuildProjectDetails' {} a -> s {vpcConfig = a} :: AwsCodeBuildProjectDetails)
+
+instance Data.FromJSON AwsCodeBuildProjectDetails where
+  parseJSON =
+    Data.withObject
+      "AwsCodeBuildProjectDetails"
+      ( \x ->
+          AwsCodeBuildProjectDetails'
+            Prelude.<$> (x Data..:? "Artifacts" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "EncryptionKey")
+            Prelude.<*> (x Data..:? "Environment")
+            Prelude.<*> (x Data..:? "LogsConfig")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> ( x
+                            Data..:? "SecondaryArtifacts"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ServiceRole")
+            Prelude.<*> (x Data..:? "Source")
+            Prelude.<*> (x Data..:? "VpcConfig")
+      )
+
+instance Prelude.Hashable AwsCodeBuildProjectDetails where
+  hashWithSalt _salt AwsCodeBuildProjectDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` artifacts
+      `Prelude.hashWithSalt` encryptionKey
+      `Prelude.hashWithSalt` environment
+      `Prelude.hashWithSalt` logsConfig
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` secondaryArtifacts
+      `Prelude.hashWithSalt` serviceRole
+      `Prelude.hashWithSalt` source
+      `Prelude.hashWithSalt` vpcConfig
+
+instance Prelude.NFData AwsCodeBuildProjectDetails where
+  rnf AwsCodeBuildProjectDetails' {..} =
+    Prelude.rnf artifacts
+      `Prelude.seq` Prelude.rnf encryptionKey
+      `Prelude.seq` Prelude.rnf environment
+      `Prelude.seq` Prelude.rnf logsConfig
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf secondaryArtifacts
+      `Prelude.seq` Prelude.rnf serviceRole
+      `Prelude.seq` Prelude.rnf source
+      `Prelude.seq` Prelude.rnf vpcConfig
+
+instance Data.ToJSON AwsCodeBuildProjectDetails where
+  toJSON AwsCodeBuildProjectDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Artifacts" Data..=) Prelude.<$> artifacts,
+            ("EncryptionKey" Data..=) Prelude.<$> encryptionKey,
+            ("Environment" Data..=) Prelude.<$> environment,
+            ("LogsConfig" Data..=) Prelude.<$> logsConfig,
+            ("Name" Data..=) Prelude.<$> name,
+            ("SecondaryArtifacts" Data..=)
+              Prelude.<$> secondaryArtifacts,
+            ("ServiceRole" Data..=) Prelude.<$> serviceRole,
+            ("Source" Data..=) Prelude.<$> source,
+            ("VpcConfig" Data..=) Prelude.<$> vpcConfig
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectEnvironment.hs b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectEnvironment.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectEnvironment.hs
@@ -0,0 +1,271 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironment
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironment where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironmentRegistryCredential
+
+-- | Information about the build environment for this build project.
+--
+-- /See:/ 'newAwsCodeBuildProjectEnvironment' smart constructor.
+data AwsCodeBuildProjectEnvironment = AwsCodeBuildProjectEnvironment'
+  { -- | The certificate to use with this build project.
+    certificate :: Prelude.Maybe Prelude.Text,
+    -- | A set of environment variables to make available to builds for the build
+    -- project.
+    environmentVariables :: Prelude.Maybe [AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails],
+    -- | The type of credentials CodeBuild uses to pull images in your build.
+    --
+    -- Valid values:
+    --
+    -- -   @CODEBUILD@ specifies that CodeBuild uses its own credentials. This
+    --     requires that you modify your ECR repository policy to trust the
+    --     CodeBuild service principal.
+    --
+    -- -   @SERVICE_ROLE@ specifies that CodeBuild uses your build project\'s
+    --     service role.
+    --
+    -- When you use a cross-account or private registry image, you must use
+    -- @SERVICE_ROLE@ credentials. When you use an CodeBuild curated image, you
+    -- must use @CODEBUILD@ credentials.
+    imagePullCredentialsType :: Prelude.Maybe Prelude.Text,
+    -- | Whether to allow the Docker daemon to run inside a Docker container. Set
+    -- to @true@ if the build project is used to build Docker images.
+    privilegedMode :: Prelude.Maybe Prelude.Bool,
+    -- | The credentials for access to a private registry.
+    registryCredential :: Prelude.Maybe AwsCodeBuildProjectEnvironmentRegistryCredential,
+    -- | The type of build environment to use for related builds.
+    --
+    -- The environment type @ARM_CONTAINER@ is available only in Regions US
+    -- East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland),
+    -- Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific (Sydney), and
+    -- Europe (Frankfurt).
+    --
+    -- The environment type @LINUX_CONTAINER@ with compute type
+    -- build.general1.2xlarge is available only in Regions US East (N.
+    -- Virginia), US East (N. Virginia), US West (Oregon), Canada (Central),
+    -- Europe (Ireland), Europe (London), Europe (Frankfurt), Asia Pacific
+    -- (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific
+    -- (Sydney), China (Beijing), and China (Ningxia).
+    --
+    -- The environment type @LINUX_GPU_CONTAINER@ is available only in Regions
+    -- US East (N. Virginia), US East (N. Virginia), US West (Oregon), Canada
+    -- (Central), Europe (Ireland), Europe (London), Europe (Frankfurt), Asia
+    -- Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia
+    -- Pacific (Sydney), China (Beijing), and China (Ningxia).
+    --
+    -- Valid values: @WINDOWS_CONTAINER@ | @LINUX_CONTAINER@ |
+    -- @LINUX_GPU_CONTAINER@ | @ARM_CONTAINER@
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCodeBuildProjectEnvironment' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'certificate', 'awsCodeBuildProjectEnvironment_certificate' - The certificate to use with this build project.
+--
+-- 'environmentVariables', 'awsCodeBuildProjectEnvironment_environmentVariables' - A set of environment variables to make available to builds for the build
+-- project.
+--
+-- 'imagePullCredentialsType', 'awsCodeBuildProjectEnvironment_imagePullCredentialsType' - The type of credentials CodeBuild uses to pull images in your build.
+--
+-- Valid values:
+--
+-- -   @CODEBUILD@ specifies that CodeBuild uses its own credentials. This
+--     requires that you modify your ECR repository policy to trust the
+--     CodeBuild service principal.
+--
+-- -   @SERVICE_ROLE@ specifies that CodeBuild uses your build project\'s
+--     service role.
+--
+-- When you use a cross-account or private registry image, you must use
+-- @SERVICE_ROLE@ credentials. When you use an CodeBuild curated image, you
+-- must use @CODEBUILD@ credentials.
+--
+-- 'privilegedMode', 'awsCodeBuildProjectEnvironment_privilegedMode' - Whether to allow the Docker daemon to run inside a Docker container. Set
+-- to @true@ if the build project is used to build Docker images.
+--
+-- 'registryCredential', 'awsCodeBuildProjectEnvironment_registryCredential' - The credentials for access to a private registry.
+--
+-- 'type'', 'awsCodeBuildProjectEnvironment_type' - The type of build environment to use for related builds.
+--
+-- The environment type @ARM_CONTAINER@ is available only in Regions US
+-- East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland),
+-- Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific (Sydney), and
+-- Europe (Frankfurt).
+--
+-- The environment type @LINUX_CONTAINER@ with compute type
+-- build.general1.2xlarge is available only in Regions US East (N.
+-- Virginia), US East (N. Virginia), US West (Oregon), Canada (Central),
+-- Europe (Ireland), Europe (London), Europe (Frankfurt), Asia Pacific
+-- (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific
+-- (Sydney), China (Beijing), and China (Ningxia).
+--
+-- The environment type @LINUX_GPU_CONTAINER@ is available only in Regions
+-- US East (N. Virginia), US East (N. Virginia), US West (Oregon), Canada
+-- (Central), Europe (Ireland), Europe (London), Europe (Frankfurt), Asia
+-- Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia
+-- Pacific (Sydney), China (Beijing), and China (Ningxia).
+--
+-- Valid values: @WINDOWS_CONTAINER@ | @LINUX_CONTAINER@ |
+-- @LINUX_GPU_CONTAINER@ | @ARM_CONTAINER@
+newAwsCodeBuildProjectEnvironment ::
+  AwsCodeBuildProjectEnvironment
+newAwsCodeBuildProjectEnvironment =
+  AwsCodeBuildProjectEnvironment'
+    { certificate =
+        Prelude.Nothing,
+      environmentVariables = Prelude.Nothing,
+      imagePullCredentialsType = Prelude.Nothing,
+      privilegedMode = Prelude.Nothing,
+      registryCredential = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The certificate to use with this build project.
+awsCodeBuildProjectEnvironment_certificate :: Lens.Lens' AwsCodeBuildProjectEnvironment (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectEnvironment_certificate = Lens.lens (\AwsCodeBuildProjectEnvironment' {certificate} -> certificate) (\s@AwsCodeBuildProjectEnvironment' {} a -> s {certificate = a} :: AwsCodeBuildProjectEnvironment)
+
+-- | A set of environment variables to make available to builds for the build
+-- project.
+awsCodeBuildProjectEnvironment_environmentVariables :: Lens.Lens' AwsCodeBuildProjectEnvironment (Prelude.Maybe [AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails])
+awsCodeBuildProjectEnvironment_environmentVariables = Lens.lens (\AwsCodeBuildProjectEnvironment' {environmentVariables} -> environmentVariables) (\s@AwsCodeBuildProjectEnvironment' {} a -> s {environmentVariables = a} :: AwsCodeBuildProjectEnvironment) Prelude.. Lens.mapping Lens.coerced
+
+-- | The type of credentials CodeBuild uses to pull images in your build.
+--
+-- Valid values:
+--
+-- -   @CODEBUILD@ specifies that CodeBuild uses its own credentials. This
+--     requires that you modify your ECR repository policy to trust the
+--     CodeBuild service principal.
+--
+-- -   @SERVICE_ROLE@ specifies that CodeBuild uses your build project\'s
+--     service role.
+--
+-- When you use a cross-account or private registry image, you must use
+-- @SERVICE_ROLE@ credentials. When you use an CodeBuild curated image, you
+-- must use @CODEBUILD@ credentials.
+awsCodeBuildProjectEnvironment_imagePullCredentialsType :: Lens.Lens' AwsCodeBuildProjectEnvironment (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectEnvironment_imagePullCredentialsType = Lens.lens (\AwsCodeBuildProjectEnvironment' {imagePullCredentialsType} -> imagePullCredentialsType) (\s@AwsCodeBuildProjectEnvironment' {} a -> s {imagePullCredentialsType = a} :: AwsCodeBuildProjectEnvironment)
+
+-- | Whether to allow the Docker daemon to run inside a Docker container. Set
+-- to @true@ if the build project is used to build Docker images.
+awsCodeBuildProjectEnvironment_privilegedMode :: Lens.Lens' AwsCodeBuildProjectEnvironment (Prelude.Maybe Prelude.Bool)
+awsCodeBuildProjectEnvironment_privilegedMode = Lens.lens (\AwsCodeBuildProjectEnvironment' {privilegedMode} -> privilegedMode) (\s@AwsCodeBuildProjectEnvironment' {} a -> s {privilegedMode = a} :: AwsCodeBuildProjectEnvironment)
+
+-- | The credentials for access to a private registry.
+awsCodeBuildProjectEnvironment_registryCredential :: Lens.Lens' AwsCodeBuildProjectEnvironment (Prelude.Maybe AwsCodeBuildProjectEnvironmentRegistryCredential)
+awsCodeBuildProjectEnvironment_registryCredential = Lens.lens (\AwsCodeBuildProjectEnvironment' {registryCredential} -> registryCredential) (\s@AwsCodeBuildProjectEnvironment' {} a -> s {registryCredential = a} :: AwsCodeBuildProjectEnvironment)
+
+-- | The type of build environment to use for related builds.
+--
+-- The environment type @ARM_CONTAINER@ is available only in Regions US
+-- East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland),
+-- Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific (Sydney), and
+-- Europe (Frankfurt).
+--
+-- The environment type @LINUX_CONTAINER@ with compute type
+-- build.general1.2xlarge is available only in Regions US East (N.
+-- Virginia), US East (N. Virginia), US West (Oregon), Canada (Central),
+-- Europe (Ireland), Europe (London), Europe (Frankfurt), Asia Pacific
+-- (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific
+-- (Sydney), China (Beijing), and China (Ningxia).
+--
+-- The environment type @LINUX_GPU_CONTAINER@ is available only in Regions
+-- US East (N. Virginia), US East (N. Virginia), US West (Oregon), Canada
+-- (Central), Europe (Ireland), Europe (London), Europe (Frankfurt), Asia
+-- Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia
+-- Pacific (Sydney), China (Beijing), and China (Ningxia).
+--
+-- Valid values: @WINDOWS_CONTAINER@ | @LINUX_CONTAINER@ |
+-- @LINUX_GPU_CONTAINER@ | @ARM_CONTAINER@
+awsCodeBuildProjectEnvironment_type :: Lens.Lens' AwsCodeBuildProjectEnvironment (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectEnvironment_type = Lens.lens (\AwsCodeBuildProjectEnvironment' {type'} -> type') (\s@AwsCodeBuildProjectEnvironment' {} a -> s {type' = a} :: AwsCodeBuildProjectEnvironment)
+
+instance Data.FromJSON AwsCodeBuildProjectEnvironment where
+  parseJSON =
+    Data.withObject
+      "AwsCodeBuildProjectEnvironment"
+      ( \x ->
+          AwsCodeBuildProjectEnvironment'
+            Prelude.<$> (x Data..:? "Certificate")
+            Prelude.<*> ( x
+                            Data..:? "EnvironmentVariables"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ImagePullCredentialsType")
+            Prelude.<*> (x Data..:? "PrivilegedMode")
+            Prelude.<*> (x Data..:? "RegistryCredential")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCodeBuildProjectEnvironment
+  where
+  hashWithSalt
+    _salt
+    AwsCodeBuildProjectEnvironment' {..} =
+      _salt
+        `Prelude.hashWithSalt` certificate
+        `Prelude.hashWithSalt` environmentVariables
+        `Prelude.hashWithSalt` imagePullCredentialsType
+        `Prelude.hashWithSalt` privilegedMode
+        `Prelude.hashWithSalt` registryCredential
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsCodeBuildProjectEnvironment
+  where
+  rnf AwsCodeBuildProjectEnvironment' {..} =
+    Prelude.rnf certificate
+      `Prelude.seq` Prelude.rnf environmentVariables
+      `Prelude.seq` Prelude.rnf imagePullCredentialsType
+      `Prelude.seq` Prelude.rnf privilegedMode
+      `Prelude.seq` Prelude.rnf registryCredential
+      `Prelude.seq` Prelude.rnf type'
+
+instance Data.ToJSON AwsCodeBuildProjectEnvironment where
+  toJSON AwsCodeBuildProjectEnvironment' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Certificate" Data..=) Prelude.<$> certificate,
+            ("EnvironmentVariables" Data..=)
+              Prelude.<$> environmentVariables,
+            ("ImagePullCredentialsType" Data..=)
+              Prelude.<$> imagePullCredentialsType,
+            ("PrivilegedMode" Data..=)
+              Prelude.<$> privilegedMode,
+            ("RegistryCredential" Data..=)
+              Prelude.<$> registryCredential,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails.hs
@@ -0,0 +1,126 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about an environment variable that is available to builds
+-- for the build project.
+--
+-- /See:/ 'newAwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails' smart constructor.
+data AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails = AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails'
+  { -- | The name of the environment variable.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The type of environment variable.
+    type' :: Prelude.Maybe Prelude.Text,
+    -- | The value of the environment variable.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'awsCodeBuildProjectEnvironmentEnvironmentVariablesDetails_name' - The name of the environment variable.
+--
+-- 'type'', 'awsCodeBuildProjectEnvironmentEnvironmentVariablesDetails_type' - The type of environment variable.
+--
+-- 'value', 'awsCodeBuildProjectEnvironmentEnvironmentVariablesDetails_value' - The value of the environment variable.
+newAwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails ::
+  AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails
+newAwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails =
+  AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails'
+    { name =
+        Prelude.Nothing,
+      type' =
+        Prelude.Nothing,
+      value =
+        Prelude.Nothing
+    }
+
+-- | The name of the environment variable.
+awsCodeBuildProjectEnvironmentEnvironmentVariablesDetails_name :: Lens.Lens' AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectEnvironmentEnvironmentVariablesDetails_name = Lens.lens (\AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails' {name} -> name) (\s@AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails' {} a -> s {name = a} :: AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails)
+
+-- | The type of environment variable.
+awsCodeBuildProjectEnvironmentEnvironmentVariablesDetails_type :: Lens.Lens' AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectEnvironmentEnvironmentVariablesDetails_type = Lens.lens (\AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails' {type'} -> type') (\s@AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails' {} a -> s {type' = a} :: AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails)
+
+-- | The value of the environment variable.
+awsCodeBuildProjectEnvironmentEnvironmentVariablesDetails_value :: Lens.Lens' AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectEnvironmentEnvironmentVariablesDetails_value = Lens.lens (\AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails' {value} -> value) (\s@AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails' {} a -> s {value = a} :: AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails)
+
+instance
+  Data.FromJSON
+    AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails"
+      ( \x ->
+          AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails'
+            Prelude.<$> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Type")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` type'
+        `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails
+  where
+  rnf
+    AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails' {..} =
+      Prelude.rnf name
+        `Prelude.seq` Prelude.rnf type'
+        `Prelude.seq` Prelude.rnf value
+
+instance
+  Data.ToJSON
+    AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails
+  where
+  toJSON
+    AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Name" Data..=) Prelude.<$> name,
+              ("Type" Data..=) Prelude.<$> type',
+              ("Value" Data..=) Prelude.<$> value
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectEnvironmentRegistryCredential.hs b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectEnvironmentRegistryCredential.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectEnvironmentRegistryCredential.hs
@@ -0,0 +1,130 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironmentRegistryCredential
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCodeBuildProjectEnvironmentRegistryCredential where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The credentials for access to a private registry.
+--
+-- /See:/ 'newAwsCodeBuildProjectEnvironmentRegistryCredential' smart constructor.
+data AwsCodeBuildProjectEnvironmentRegistryCredential = AwsCodeBuildProjectEnvironmentRegistryCredential'
+  { -- | The ARN or name of credentials created using Secrets Manager.
+    --
+    -- The credential can use the name of the credentials only if they exist in
+    -- your current Amazon Web Services Region.
+    credential :: Prelude.Maybe Prelude.Text,
+    -- | The service that created the credentials to access a private Docker
+    -- registry.
+    --
+    -- The valid value,@ SECRETS_MANAGER@, is for Secrets Manager.
+    credentialProvider :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCodeBuildProjectEnvironmentRegistryCredential' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'credential', 'awsCodeBuildProjectEnvironmentRegistryCredential_credential' - The ARN or name of credentials created using Secrets Manager.
+--
+-- The credential can use the name of the credentials only if they exist in
+-- your current Amazon Web Services Region.
+--
+-- 'credentialProvider', 'awsCodeBuildProjectEnvironmentRegistryCredential_credentialProvider' - The service that created the credentials to access a private Docker
+-- registry.
+--
+-- The valid value,@ SECRETS_MANAGER@, is for Secrets Manager.
+newAwsCodeBuildProjectEnvironmentRegistryCredential ::
+  AwsCodeBuildProjectEnvironmentRegistryCredential
+newAwsCodeBuildProjectEnvironmentRegistryCredential =
+  AwsCodeBuildProjectEnvironmentRegistryCredential'
+    { credential =
+        Prelude.Nothing,
+      credentialProvider =
+        Prelude.Nothing
+    }
+
+-- | The ARN or name of credentials created using Secrets Manager.
+--
+-- The credential can use the name of the credentials only if they exist in
+-- your current Amazon Web Services Region.
+awsCodeBuildProjectEnvironmentRegistryCredential_credential :: Lens.Lens' AwsCodeBuildProjectEnvironmentRegistryCredential (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectEnvironmentRegistryCredential_credential = Lens.lens (\AwsCodeBuildProjectEnvironmentRegistryCredential' {credential} -> credential) (\s@AwsCodeBuildProjectEnvironmentRegistryCredential' {} a -> s {credential = a} :: AwsCodeBuildProjectEnvironmentRegistryCredential)
+
+-- | The service that created the credentials to access a private Docker
+-- registry.
+--
+-- The valid value,@ SECRETS_MANAGER@, is for Secrets Manager.
+awsCodeBuildProjectEnvironmentRegistryCredential_credentialProvider :: Lens.Lens' AwsCodeBuildProjectEnvironmentRegistryCredential (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectEnvironmentRegistryCredential_credentialProvider = Lens.lens (\AwsCodeBuildProjectEnvironmentRegistryCredential' {credentialProvider} -> credentialProvider) (\s@AwsCodeBuildProjectEnvironmentRegistryCredential' {} a -> s {credentialProvider = a} :: AwsCodeBuildProjectEnvironmentRegistryCredential)
+
+instance
+  Data.FromJSON
+    AwsCodeBuildProjectEnvironmentRegistryCredential
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCodeBuildProjectEnvironmentRegistryCredential"
+      ( \x ->
+          AwsCodeBuildProjectEnvironmentRegistryCredential'
+            Prelude.<$> (x Data..:? "Credential")
+            Prelude.<*> (x Data..:? "CredentialProvider")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCodeBuildProjectEnvironmentRegistryCredential
+  where
+  hashWithSalt
+    _salt
+    AwsCodeBuildProjectEnvironmentRegistryCredential' {..} =
+      _salt
+        `Prelude.hashWithSalt` credential
+        `Prelude.hashWithSalt` credentialProvider
+
+instance
+  Prelude.NFData
+    AwsCodeBuildProjectEnvironmentRegistryCredential
+  where
+  rnf
+    AwsCodeBuildProjectEnvironmentRegistryCredential' {..} =
+      Prelude.rnf credential
+        `Prelude.seq` Prelude.rnf credentialProvider
+
+instance
+  Data.ToJSON
+    AwsCodeBuildProjectEnvironmentRegistryCredential
+  where
+  toJSON
+    AwsCodeBuildProjectEnvironmentRegistryCredential' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Credential" Data..=) Prelude.<$> credential,
+              ("CredentialProvider" Data..=)
+                Prelude.<$> credentialProvider
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails.hs
@@ -0,0 +1,125 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about CloudWatch Logs for the build project.
+--
+-- /See:/ 'newAwsCodeBuildProjectLogsConfigCloudWatchLogsDetails' smart constructor.
+data AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails = AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails'
+  { -- | The group name of the logs in CloudWatch Logs.
+    groupName :: Prelude.Maybe Prelude.Text,
+    -- | The current status of the logs in CloudWatch Logs for a build project.
+    status :: Prelude.Maybe Prelude.Text,
+    -- | The prefix of the stream name of the CloudWatch Logs.
+    streamName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'groupName', 'awsCodeBuildProjectLogsConfigCloudWatchLogsDetails_groupName' - The group name of the logs in CloudWatch Logs.
+--
+-- 'status', 'awsCodeBuildProjectLogsConfigCloudWatchLogsDetails_status' - The current status of the logs in CloudWatch Logs for a build project.
+--
+-- 'streamName', 'awsCodeBuildProjectLogsConfigCloudWatchLogsDetails_streamName' - The prefix of the stream name of the CloudWatch Logs.
+newAwsCodeBuildProjectLogsConfigCloudWatchLogsDetails ::
+  AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails
+newAwsCodeBuildProjectLogsConfigCloudWatchLogsDetails =
+  AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails'
+    { groupName =
+        Prelude.Nothing,
+      status =
+        Prelude.Nothing,
+      streamName =
+        Prelude.Nothing
+    }
+
+-- | The group name of the logs in CloudWatch Logs.
+awsCodeBuildProjectLogsConfigCloudWatchLogsDetails_groupName :: Lens.Lens' AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectLogsConfigCloudWatchLogsDetails_groupName = Lens.lens (\AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails' {groupName} -> groupName) (\s@AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails' {} a -> s {groupName = a} :: AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails)
+
+-- | The current status of the logs in CloudWatch Logs for a build project.
+awsCodeBuildProjectLogsConfigCloudWatchLogsDetails_status :: Lens.Lens' AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectLogsConfigCloudWatchLogsDetails_status = Lens.lens (\AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails' {status} -> status) (\s@AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails' {} a -> s {status = a} :: AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails)
+
+-- | The prefix of the stream name of the CloudWatch Logs.
+awsCodeBuildProjectLogsConfigCloudWatchLogsDetails_streamName :: Lens.Lens' AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectLogsConfigCloudWatchLogsDetails_streamName = Lens.lens (\AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails' {streamName} -> streamName) (\s@AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails' {} a -> s {streamName = a} :: AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails)
+
+instance
+  Data.FromJSON
+    AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails"
+      ( \x ->
+          AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails'
+            Prelude.<$> (x Data..:? "GroupName")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "StreamName")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` groupName
+        `Prelude.hashWithSalt` status
+        `Prelude.hashWithSalt` streamName
+
+instance
+  Prelude.NFData
+    AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails
+  where
+  rnf
+    AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails' {..} =
+      Prelude.rnf groupName
+        `Prelude.seq` Prelude.rnf status
+        `Prelude.seq` Prelude.rnf streamName
+
+instance
+  Data.ToJSON
+    AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails
+  where
+  toJSON
+    AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("GroupName" Data..=) Prelude.<$> groupName,
+              ("Status" Data..=) Prelude.<$> status,
+              ("StreamName" Data..=) Prelude.<$> streamName
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectLogsConfigDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectLogsConfigDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectLogsConfigDetails.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigS3LogsDetails
+
+-- | Information about logs for the build project.
+--
+-- /See:/ 'newAwsCodeBuildProjectLogsConfigDetails' smart constructor.
+data AwsCodeBuildProjectLogsConfigDetails = AwsCodeBuildProjectLogsConfigDetails'
+  { -- | Information about CloudWatch Logs for the build project.
+    cloudWatchLogs :: Prelude.Maybe AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails,
+    -- | Information about logs built to an S3 bucket for a build project.
+    s3Logs :: Prelude.Maybe AwsCodeBuildProjectLogsConfigS3LogsDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCodeBuildProjectLogsConfigDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cloudWatchLogs', 'awsCodeBuildProjectLogsConfigDetails_cloudWatchLogs' - Information about CloudWatch Logs for the build project.
+--
+-- 's3Logs', 'awsCodeBuildProjectLogsConfigDetails_s3Logs' - Information about logs built to an S3 bucket for a build project.
+newAwsCodeBuildProjectLogsConfigDetails ::
+  AwsCodeBuildProjectLogsConfigDetails
+newAwsCodeBuildProjectLogsConfigDetails =
+  AwsCodeBuildProjectLogsConfigDetails'
+    { cloudWatchLogs =
+        Prelude.Nothing,
+      s3Logs = Prelude.Nothing
+    }
+
+-- | Information about CloudWatch Logs for the build project.
+awsCodeBuildProjectLogsConfigDetails_cloudWatchLogs :: Lens.Lens' AwsCodeBuildProjectLogsConfigDetails (Prelude.Maybe AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails)
+awsCodeBuildProjectLogsConfigDetails_cloudWatchLogs = Lens.lens (\AwsCodeBuildProjectLogsConfigDetails' {cloudWatchLogs} -> cloudWatchLogs) (\s@AwsCodeBuildProjectLogsConfigDetails' {} a -> s {cloudWatchLogs = a} :: AwsCodeBuildProjectLogsConfigDetails)
+
+-- | Information about logs built to an S3 bucket for a build project.
+awsCodeBuildProjectLogsConfigDetails_s3Logs :: Lens.Lens' AwsCodeBuildProjectLogsConfigDetails (Prelude.Maybe AwsCodeBuildProjectLogsConfigS3LogsDetails)
+awsCodeBuildProjectLogsConfigDetails_s3Logs = Lens.lens (\AwsCodeBuildProjectLogsConfigDetails' {s3Logs} -> s3Logs) (\s@AwsCodeBuildProjectLogsConfigDetails' {} a -> s {s3Logs = a} :: AwsCodeBuildProjectLogsConfigDetails)
+
+instance
+  Data.FromJSON
+    AwsCodeBuildProjectLogsConfigDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCodeBuildProjectLogsConfigDetails"
+      ( \x ->
+          AwsCodeBuildProjectLogsConfigDetails'
+            Prelude.<$> (x Data..:? "CloudWatchLogs")
+            Prelude.<*> (x Data..:? "S3Logs")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCodeBuildProjectLogsConfigDetails
+  where
+  hashWithSalt
+    _salt
+    AwsCodeBuildProjectLogsConfigDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` cloudWatchLogs
+        `Prelude.hashWithSalt` s3Logs
+
+instance
+  Prelude.NFData
+    AwsCodeBuildProjectLogsConfigDetails
+  where
+  rnf AwsCodeBuildProjectLogsConfigDetails' {..} =
+    Prelude.rnf cloudWatchLogs
+      `Prelude.seq` Prelude.rnf s3Logs
+
+instance
+  Data.ToJSON
+    AwsCodeBuildProjectLogsConfigDetails
+  where
+  toJSON AwsCodeBuildProjectLogsConfigDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CloudWatchLogs" Data..=)
+              Prelude.<$> cloudWatchLogs,
+            ("S3Logs" Data..=) Prelude.<$> s3Logs
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectLogsConfigS3LogsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectLogsConfigS3LogsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectLogsConfigS3LogsDetails.hs
@@ -0,0 +1,123 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigS3LogsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCodeBuildProjectLogsConfigS3LogsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about logs built to an S3 bucket for a build project.
+--
+-- /See:/ 'newAwsCodeBuildProjectLogsConfigS3LogsDetails' smart constructor.
+data AwsCodeBuildProjectLogsConfigS3LogsDetails = AwsCodeBuildProjectLogsConfigS3LogsDetails'
+  { -- | Whether to disable encryption of the S3 build log output.
+    encryptionDisabled :: Prelude.Maybe Prelude.Bool,
+    -- | The ARN of the S3 bucket and the path prefix for S3 logs.
+    location :: Prelude.Maybe Prelude.Text,
+    -- | The current status of the S3 build logs.
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCodeBuildProjectLogsConfigS3LogsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'encryptionDisabled', 'awsCodeBuildProjectLogsConfigS3LogsDetails_encryptionDisabled' - Whether to disable encryption of the S3 build log output.
+--
+-- 'location', 'awsCodeBuildProjectLogsConfigS3LogsDetails_location' - The ARN of the S3 bucket and the path prefix for S3 logs.
+--
+-- 'status', 'awsCodeBuildProjectLogsConfigS3LogsDetails_status' - The current status of the S3 build logs.
+newAwsCodeBuildProjectLogsConfigS3LogsDetails ::
+  AwsCodeBuildProjectLogsConfigS3LogsDetails
+newAwsCodeBuildProjectLogsConfigS3LogsDetails =
+  AwsCodeBuildProjectLogsConfigS3LogsDetails'
+    { encryptionDisabled =
+        Prelude.Nothing,
+      location = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | Whether to disable encryption of the S3 build log output.
+awsCodeBuildProjectLogsConfigS3LogsDetails_encryptionDisabled :: Lens.Lens' AwsCodeBuildProjectLogsConfigS3LogsDetails (Prelude.Maybe Prelude.Bool)
+awsCodeBuildProjectLogsConfigS3LogsDetails_encryptionDisabled = Lens.lens (\AwsCodeBuildProjectLogsConfigS3LogsDetails' {encryptionDisabled} -> encryptionDisabled) (\s@AwsCodeBuildProjectLogsConfigS3LogsDetails' {} a -> s {encryptionDisabled = a} :: AwsCodeBuildProjectLogsConfigS3LogsDetails)
+
+-- | The ARN of the S3 bucket and the path prefix for S3 logs.
+awsCodeBuildProjectLogsConfigS3LogsDetails_location :: Lens.Lens' AwsCodeBuildProjectLogsConfigS3LogsDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectLogsConfigS3LogsDetails_location = Lens.lens (\AwsCodeBuildProjectLogsConfigS3LogsDetails' {location} -> location) (\s@AwsCodeBuildProjectLogsConfigS3LogsDetails' {} a -> s {location = a} :: AwsCodeBuildProjectLogsConfigS3LogsDetails)
+
+-- | The current status of the S3 build logs.
+awsCodeBuildProjectLogsConfigS3LogsDetails_status :: Lens.Lens' AwsCodeBuildProjectLogsConfigS3LogsDetails (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectLogsConfigS3LogsDetails_status = Lens.lens (\AwsCodeBuildProjectLogsConfigS3LogsDetails' {status} -> status) (\s@AwsCodeBuildProjectLogsConfigS3LogsDetails' {} a -> s {status = a} :: AwsCodeBuildProjectLogsConfigS3LogsDetails)
+
+instance
+  Data.FromJSON
+    AwsCodeBuildProjectLogsConfigS3LogsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsCodeBuildProjectLogsConfigS3LogsDetails"
+      ( \x ->
+          AwsCodeBuildProjectLogsConfigS3LogsDetails'
+            Prelude.<$> (x Data..:? "EncryptionDisabled")
+            Prelude.<*> (x Data..:? "Location")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCodeBuildProjectLogsConfigS3LogsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsCodeBuildProjectLogsConfigS3LogsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` encryptionDisabled
+        `Prelude.hashWithSalt` location
+        `Prelude.hashWithSalt` status
+
+instance
+  Prelude.NFData
+    AwsCodeBuildProjectLogsConfigS3LogsDetails
+  where
+  rnf AwsCodeBuildProjectLogsConfigS3LogsDetails' {..} =
+    Prelude.rnf encryptionDisabled
+      `Prelude.seq` Prelude.rnf location
+      `Prelude.seq` Prelude.rnf status
+
+instance
+  Data.ToJSON
+    AwsCodeBuildProjectLogsConfigS3LogsDetails
+  where
+  toJSON
+    AwsCodeBuildProjectLogsConfigS3LogsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("EncryptionDisabled" Data..=)
+                Prelude.<$> encryptionDisabled,
+              ("Location" Data..=) Prelude.<$> location,
+              ("Status" Data..=) Prelude.<$> status
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectSource.hs b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectSource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectSource.hs
@@ -0,0 +1,258 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCodeBuildProjectSource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCodeBuildProjectSource where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the build input source code for this build project.
+--
+-- /See:/ 'newAwsCodeBuildProjectSource' smart constructor.
+data AwsCodeBuildProjectSource = AwsCodeBuildProjectSource'
+  { -- | Information about the Git clone depth for the build project.
+    gitCloneDepth :: Prelude.Maybe Prelude.Int,
+    -- | Whether to ignore SSL warnings while connecting to the project source
+    -- code.
+    insecureSsl :: Prelude.Maybe Prelude.Bool,
+    -- | Information about the location of the source code to be built.
+    --
+    -- Valid values include:
+    --
+    -- -   For source code settings that are specified in the source action of
+    --     a pipeline in CodePipeline, location should not be specified. If it
+    --     is specified, CodePipeline ignores it. This is because CodePipeline
+    --     uses the settings in a pipeline\'s source action instead of this
+    --     value.
+    --
+    -- -   For source code in an CodeCommit repository, the HTTPS clone URL to
+    --     the repository that contains the source code and the build spec file
+    --     (for example,
+    --     @https:\/\/git-codecommit.region-ID.amazonaws.com\/v1\/repos\/repo-name@
+    --     ).
+    --
+    -- -   For source code in an S3 input bucket, one of the following.
+    --
+    --     -   The path to the ZIP file that contains the source code (for
+    --         example, @bucket-name\/path\/to\/object-name.zip@).
+    --
+    --     -   The path to the folder that contains the source code (for
+    --         example, @bucket-name\/path\/to\/source-code\/folder\/@).
+    --
+    -- -   For source code in a GitHub repository, the HTTPS clone URL to the
+    --     repository that contains the source and the build spec file.
+    --
+    -- -   For source code in a Bitbucket repository, the HTTPS clone URL to
+    --     the repository that contains the source and the build spec file.
+    location :: Prelude.Maybe Prelude.Text,
+    -- | The type of repository that contains the source code to be built. Valid
+    -- values are:
+    --
+    -- -   @BITBUCKET@ - The source code is in a Bitbucket repository.
+    --
+    -- -   @CODECOMMIT@ - The source code is in an CodeCommit repository.
+    --
+    -- -   @CODEPIPELINE@ - The source code settings are specified in the
+    --     source action of a pipeline in CodePipeline.
+    --
+    -- -   @GITHUB@ - The source code is in a GitHub repository.
+    --
+    -- -   @GITHUB_ENTERPRISE@ - The source code is in a GitHub Enterprise
+    --     repository.
+    --
+    -- -   @NO_SOURCE@ - The project does not have input source code.
+    --
+    -- -   @S3@ - The source code is in an S3 input bucket.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCodeBuildProjectSource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'gitCloneDepth', 'awsCodeBuildProjectSource_gitCloneDepth' - Information about the Git clone depth for the build project.
+--
+-- 'insecureSsl', 'awsCodeBuildProjectSource_insecureSsl' - Whether to ignore SSL warnings while connecting to the project source
+-- code.
+--
+-- 'location', 'awsCodeBuildProjectSource_location' - Information about the location of the source code to be built.
+--
+-- Valid values include:
+--
+-- -   For source code settings that are specified in the source action of
+--     a pipeline in CodePipeline, location should not be specified. If it
+--     is specified, CodePipeline ignores it. This is because CodePipeline
+--     uses the settings in a pipeline\'s source action instead of this
+--     value.
+--
+-- -   For source code in an CodeCommit repository, the HTTPS clone URL to
+--     the repository that contains the source code and the build spec file
+--     (for example,
+--     @https:\/\/git-codecommit.region-ID.amazonaws.com\/v1\/repos\/repo-name@
+--     ).
+--
+-- -   For source code in an S3 input bucket, one of the following.
+--
+--     -   The path to the ZIP file that contains the source code (for
+--         example, @bucket-name\/path\/to\/object-name.zip@).
+--
+--     -   The path to the folder that contains the source code (for
+--         example, @bucket-name\/path\/to\/source-code\/folder\/@).
+--
+-- -   For source code in a GitHub repository, the HTTPS clone URL to the
+--     repository that contains the source and the build spec file.
+--
+-- -   For source code in a Bitbucket repository, the HTTPS clone URL to
+--     the repository that contains the source and the build spec file.
+--
+-- 'type'', 'awsCodeBuildProjectSource_type' - The type of repository that contains the source code to be built. Valid
+-- values are:
+--
+-- -   @BITBUCKET@ - The source code is in a Bitbucket repository.
+--
+-- -   @CODECOMMIT@ - The source code is in an CodeCommit repository.
+--
+-- -   @CODEPIPELINE@ - The source code settings are specified in the
+--     source action of a pipeline in CodePipeline.
+--
+-- -   @GITHUB@ - The source code is in a GitHub repository.
+--
+-- -   @GITHUB_ENTERPRISE@ - The source code is in a GitHub Enterprise
+--     repository.
+--
+-- -   @NO_SOURCE@ - The project does not have input source code.
+--
+-- -   @S3@ - The source code is in an S3 input bucket.
+newAwsCodeBuildProjectSource ::
+  AwsCodeBuildProjectSource
+newAwsCodeBuildProjectSource =
+  AwsCodeBuildProjectSource'
+    { gitCloneDepth =
+        Prelude.Nothing,
+      insecureSsl = Prelude.Nothing,
+      location = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | Information about the Git clone depth for the build project.
+awsCodeBuildProjectSource_gitCloneDepth :: Lens.Lens' AwsCodeBuildProjectSource (Prelude.Maybe Prelude.Int)
+awsCodeBuildProjectSource_gitCloneDepth = Lens.lens (\AwsCodeBuildProjectSource' {gitCloneDepth} -> gitCloneDepth) (\s@AwsCodeBuildProjectSource' {} a -> s {gitCloneDepth = a} :: AwsCodeBuildProjectSource)
+
+-- | Whether to ignore SSL warnings while connecting to the project source
+-- code.
+awsCodeBuildProjectSource_insecureSsl :: Lens.Lens' AwsCodeBuildProjectSource (Prelude.Maybe Prelude.Bool)
+awsCodeBuildProjectSource_insecureSsl = Lens.lens (\AwsCodeBuildProjectSource' {insecureSsl} -> insecureSsl) (\s@AwsCodeBuildProjectSource' {} a -> s {insecureSsl = a} :: AwsCodeBuildProjectSource)
+
+-- | Information about the location of the source code to be built.
+--
+-- Valid values include:
+--
+-- -   For source code settings that are specified in the source action of
+--     a pipeline in CodePipeline, location should not be specified. If it
+--     is specified, CodePipeline ignores it. This is because CodePipeline
+--     uses the settings in a pipeline\'s source action instead of this
+--     value.
+--
+-- -   For source code in an CodeCommit repository, the HTTPS clone URL to
+--     the repository that contains the source code and the build spec file
+--     (for example,
+--     @https:\/\/git-codecommit.region-ID.amazonaws.com\/v1\/repos\/repo-name@
+--     ).
+--
+-- -   For source code in an S3 input bucket, one of the following.
+--
+--     -   The path to the ZIP file that contains the source code (for
+--         example, @bucket-name\/path\/to\/object-name.zip@).
+--
+--     -   The path to the folder that contains the source code (for
+--         example, @bucket-name\/path\/to\/source-code\/folder\/@).
+--
+-- -   For source code in a GitHub repository, the HTTPS clone URL to the
+--     repository that contains the source and the build spec file.
+--
+-- -   For source code in a Bitbucket repository, the HTTPS clone URL to
+--     the repository that contains the source and the build spec file.
+awsCodeBuildProjectSource_location :: Lens.Lens' AwsCodeBuildProjectSource (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectSource_location = Lens.lens (\AwsCodeBuildProjectSource' {location} -> location) (\s@AwsCodeBuildProjectSource' {} a -> s {location = a} :: AwsCodeBuildProjectSource)
+
+-- | The type of repository that contains the source code to be built. Valid
+-- values are:
+--
+-- -   @BITBUCKET@ - The source code is in a Bitbucket repository.
+--
+-- -   @CODECOMMIT@ - The source code is in an CodeCommit repository.
+--
+-- -   @CODEPIPELINE@ - The source code settings are specified in the
+--     source action of a pipeline in CodePipeline.
+--
+-- -   @GITHUB@ - The source code is in a GitHub repository.
+--
+-- -   @GITHUB_ENTERPRISE@ - The source code is in a GitHub Enterprise
+--     repository.
+--
+-- -   @NO_SOURCE@ - The project does not have input source code.
+--
+-- -   @S3@ - The source code is in an S3 input bucket.
+awsCodeBuildProjectSource_type :: Lens.Lens' AwsCodeBuildProjectSource (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectSource_type = Lens.lens (\AwsCodeBuildProjectSource' {type'} -> type') (\s@AwsCodeBuildProjectSource' {} a -> s {type' = a} :: AwsCodeBuildProjectSource)
+
+instance Data.FromJSON AwsCodeBuildProjectSource where
+  parseJSON =
+    Data.withObject
+      "AwsCodeBuildProjectSource"
+      ( \x ->
+          AwsCodeBuildProjectSource'
+            Prelude.<$> (x Data..:? "GitCloneDepth")
+            Prelude.<*> (x Data..:? "InsecureSsl")
+            Prelude.<*> (x Data..:? "Location")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance Prelude.Hashable AwsCodeBuildProjectSource where
+  hashWithSalt _salt AwsCodeBuildProjectSource' {..} =
+    _salt
+      `Prelude.hashWithSalt` gitCloneDepth
+      `Prelude.hashWithSalt` insecureSsl
+      `Prelude.hashWithSalt` location
+      `Prelude.hashWithSalt` type'
+
+instance Prelude.NFData AwsCodeBuildProjectSource where
+  rnf AwsCodeBuildProjectSource' {..} =
+    Prelude.rnf gitCloneDepth
+      `Prelude.seq` Prelude.rnf insecureSsl
+      `Prelude.seq` Prelude.rnf location
+      `Prelude.seq` Prelude.rnf type'
+
+instance Data.ToJSON AwsCodeBuildProjectSource where
+  toJSON AwsCodeBuildProjectSource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("GitCloneDepth" Data..=) Prelude.<$> gitCloneDepth,
+            ("InsecureSsl" Data..=) Prelude.<$> insecureSsl,
+            ("Location" Data..=) Prelude.<$> location,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectVpcConfig.hs b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectVpcConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCodeBuildProjectVpcConfig.hs
@@ -0,0 +1,114 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCodeBuildProjectVpcConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCodeBuildProjectVpcConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the VPC configuration that CodeBuild accesses.
+--
+-- /See:/ 'newAwsCodeBuildProjectVpcConfig' smart constructor.
+data AwsCodeBuildProjectVpcConfig = AwsCodeBuildProjectVpcConfig'
+  { -- | A list of one or more security group IDs in your VPC.
+    securityGroupIds :: Prelude.Maybe [Prelude.Text],
+    -- | A list of one or more subnet IDs in your VPC.
+    subnets :: Prelude.Maybe [Prelude.Text],
+    -- | The ID of the VPC.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCodeBuildProjectVpcConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'securityGroupIds', 'awsCodeBuildProjectVpcConfig_securityGroupIds' - A list of one or more security group IDs in your VPC.
+--
+-- 'subnets', 'awsCodeBuildProjectVpcConfig_subnets' - A list of one or more subnet IDs in your VPC.
+--
+-- 'vpcId', 'awsCodeBuildProjectVpcConfig_vpcId' - The ID of the VPC.
+newAwsCodeBuildProjectVpcConfig ::
+  AwsCodeBuildProjectVpcConfig
+newAwsCodeBuildProjectVpcConfig =
+  AwsCodeBuildProjectVpcConfig'
+    { securityGroupIds =
+        Prelude.Nothing,
+      subnets = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | A list of one or more security group IDs in your VPC.
+awsCodeBuildProjectVpcConfig_securityGroupIds :: Lens.Lens' AwsCodeBuildProjectVpcConfig (Prelude.Maybe [Prelude.Text])
+awsCodeBuildProjectVpcConfig_securityGroupIds = Lens.lens (\AwsCodeBuildProjectVpcConfig' {securityGroupIds} -> securityGroupIds) (\s@AwsCodeBuildProjectVpcConfig' {} a -> s {securityGroupIds = a} :: AwsCodeBuildProjectVpcConfig) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of one or more subnet IDs in your VPC.
+awsCodeBuildProjectVpcConfig_subnets :: Lens.Lens' AwsCodeBuildProjectVpcConfig (Prelude.Maybe [Prelude.Text])
+awsCodeBuildProjectVpcConfig_subnets = Lens.lens (\AwsCodeBuildProjectVpcConfig' {subnets} -> subnets) (\s@AwsCodeBuildProjectVpcConfig' {} a -> s {subnets = a} :: AwsCodeBuildProjectVpcConfig) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the VPC.
+awsCodeBuildProjectVpcConfig_vpcId :: Lens.Lens' AwsCodeBuildProjectVpcConfig (Prelude.Maybe Prelude.Text)
+awsCodeBuildProjectVpcConfig_vpcId = Lens.lens (\AwsCodeBuildProjectVpcConfig' {vpcId} -> vpcId) (\s@AwsCodeBuildProjectVpcConfig' {} a -> s {vpcId = a} :: AwsCodeBuildProjectVpcConfig)
+
+instance Data.FromJSON AwsCodeBuildProjectVpcConfig where
+  parseJSON =
+    Data.withObject
+      "AwsCodeBuildProjectVpcConfig"
+      ( \x ->
+          AwsCodeBuildProjectVpcConfig'
+            Prelude.<$> ( x
+                            Data..:? "SecurityGroupIds"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Subnets" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "VpcId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsCodeBuildProjectVpcConfig
+  where
+  hashWithSalt _salt AwsCodeBuildProjectVpcConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` securityGroupIds
+      `Prelude.hashWithSalt` subnets
+      `Prelude.hashWithSalt` vpcId
+
+instance Prelude.NFData AwsCodeBuildProjectVpcConfig where
+  rnf AwsCodeBuildProjectVpcConfig' {..} =
+    Prelude.rnf securityGroupIds
+      `Prelude.seq` Prelude.rnf subnets
+      `Prelude.seq` Prelude.rnf vpcId
+
+instance Data.ToJSON AwsCodeBuildProjectVpcConfig where
+  toJSON AwsCodeBuildProjectVpcConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("SecurityGroupIds" Data..=)
+              Prelude.<$> securityGroupIds,
+            ("Subnets" Data..=) Prelude.<$> subnets,
+            ("VpcId" Data..=) Prelude.<$> vpcId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsCorsConfiguration.hs b/gen/Amazonka/SecurityHub/Types/AwsCorsConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsCorsConfiguration.hs
@@ -0,0 +1,151 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsCorsConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsCorsConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains the cross-origin resource sharing (CORS) configuration for the
+-- API. CORS is only supported for HTTP APIs.
+--
+-- /See:/ 'newAwsCorsConfiguration' smart constructor.
+data AwsCorsConfiguration = AwsCorsConfiguration'
+  { -- | Indicates whether the CORS request includes credentials.
+    allowCredentials :: Prelude.Maybe Prelude.Bool,
+    -- | The allowed headers for CORS requests.
+    allowHeaders :: Prelude.Maybe [Prelude.Text],
+    -- | The allowed methods for CORS requests.
+    allowMethods :: Prelude.Maybe [Prelude.Text],
+    -- | The allowed origins for CORS requests.
+    allowOrigins :: Prelude.Maybe [Prelude.Text],
+    -- | The exposed headers for CORS requests.
+    exposeHeaders :: Prelude.Maybe [Prelude.Text],
+    -- | The number of seconds for which the browser caches preflight request
+    -- results.
+    maxAge :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsCorsConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allowCredentials', 'awsCorsConfiguration_allowCredentials' - Indicates whether the CORS request includes credentials.
+--
+-- 'allowHeaders', 'awsCorsConfiguration_allowHeaders' - The allowed headers for CORS requests.
+--
+-- 'allowMethods', 'awsCorsConfiguration_allowMethods' - The allowed methods for CORS requests.
+--
+-- 'allowOrigins', 'awsCorsConfiguration_allowOrigins' - The allowed origins for CORS requests.
+--
+-- 'exposeHeaders', 'awsCorsConfiguration_exposeHeaders' - The exposed headers for CORS requests.
+--
+-- 'maxAge', 'awsCorsConfiguration_maxAge' - The number of seconds for which the browser caches preflight request
+-- results.
+newAwsCorsConfiguration ::
+  AwsCorsConfiguration
+newAwsCorsConfiguration =
+  AwsCorsConfiguration'
+    { allowCredentials =
+        Prelude.Nothing,
+      allowHeaders = Prelude.Nothing,
+      allowMethods = Prelude.Nothing,
+      allowOrigins = Prelude.Nothing,
+      exposeHeaders = Prelude.Nothing,
+      maxAge = Prelude.Nothing
+    }
+
+-- | Indicates whether the CORS request includes credentials.
+awsCorsConfiguration_allowCredentials :: Lens.Lens' AwsCorsConfiguration (Prelude.Maybe Prelude.Bool)
+awsCorsConfiguration_allowCredentials = Lens.lens (\AwsCorsConfiguration' {allowCredentials} -> allowCredentials) (\s@AwsCorsConfiguration' {} a -> s {allowCredentials = a} :: AwsCorsConfiguration)
+
+-- | The allowed headers for CORS requests.
+awsCorsConfiguration_allowHeaders :: Lens.Lens' AwsCorsConfiguration (Prelude.Maybe [Prelude.Text])
+awsCorsConfiguration_allowHeaders = Lens.lens (\AwsCorsConfiguration' {allowHeaders} -> allowHeaders) (\s@AwsCorsConfiguration' {} a -> s {allowHeaders = a} :: AwsCorsConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+-- | The allowed methods for CORS requests.
+awsCorsConfiguration_allowMethods :: Lens.Lens' AwsCorsConfiguration (Prelude.Maybe [Prelude.Text])
+awsCorsConfiguration_allowMethods = Lens.lens (\AwsCorsConfiguration' {allowMethods} -> allowMethods) (\s@AwsCorsConfiguration' {} a -> s {allowMethods = a} :: AwsCorsConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+-- | The allowed origins for CORS requests.
+awsCorsConfiguration_allowOrigins :: Lens.Lens' AwsCorsConfiguration (Prelude.Maybe [Prelude.Text])
+awsCorsConfiguration_allowOrigins = Lens.lens (\AwsCorsConfiguration' {allowOrigins} -> allowOrigins) (\s@AwsCorsConfiguration' {} a -> s {allowOrigins = a} :: AwsCorsConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+-- | The exposed headers for CORS requests.
+awsCorsConfiguration_exposeHeaders :: Lens.Lens' AwsCorsConfiguration (Prelude.Maybe [Prelude.Text])
+awsCorsConfiguration_exposeHeaders = Lens.lens (\AwsCorsConfiguration' {exposeHeaders} -> exposeHeaders) (\s@AwsCorsConfiguration' {} a -> s {exposeHeaders = a} :: AwsCorsConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+-- | The number of seconds for which the browser caches preflight request
+-- results.
+awsCorsConfiguration_maxAge :: Lens.Lens' AwsCorsConfiguration (Prelude.Maybe Prelude.Int)
+awsCorsConfiguration_maxAge = Lens.lens (\AwsCorsConfiguration' {maxAge} -> maxAge) (\s@AwsCorsConfiguration' {} a -> s {maxAge = a} :: AwsCorsConfiguration)
+
+instance Data.FromJSON AwsCorsConfiguration where
+  parseJSON =
+    Data.withObject
+      "AwsCorsConfiguration"
+      ( \x ->
+          AwsCorsConfiguration'
+            Prelude.<$> (x Data..:? "AllowCredentials")
+            Prelude.<*> (x Data..:? "AllowHeaders" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "AllowMethods" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "AllowOrigins" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "ExposeHeaders" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "MaxAge")
+      )
+
+instance Prelude.Hashable AwsCorsConfiguration where
+  hashWithSalt _salt AwsCorsConfiguration' {..} =
+    _salt
+      `Prelude.hashWithSalt` allowCredentials
+      `Prelude.hashWithSalt` allowHeaders
+      `Prelude.hashWithSalt` allowMethods
+      `Prelude.hashWithSalt` allowOrigins
+      `Prelude.hashWithSalt` exposeHeaders
+      `Prelude.hashWithSalt` maxAge
+
+instance Prelude.NFData AwsCorsConfiguration where
+  rnf AwsCorsConfiguration' {..} =
+    Prelude.rnf allowCredentials
+      `Prelude.seq` Prelude.rnf allowHeaders
+      `Prelude.seq` Prelude.rnf allowMethods
+      `Prelude.seq` Prelude.rnf allowOrigins
+      `Prelude.seq` Prelude.rnf exposeHeaders
+      `Prelude.seq` Prelude.rnf maxAge
+
+instance Data.ToJSON AwsCorsConfiguration where
+  toJSON AwsCorsConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AllowCredentials" Data..=)
+              Prelude.<$> allowCredentials,
+            ("AllowHeaders" Data..=) Prelude.<$> allowHeaders,
+            ("AllowMethods" Data..=) Prelude.<$> allowMethods,
+            ("AllowOrigins" Data..=) Prelude.<$> allowOrigins,
+            ("ExposeHeaders" Data..=) Prelude.<$> exposeHeaders,
+            ("MaxAge" Data..=) Prelude.<$> maxAge
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableAttributeDefinition.hs b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableAttributeDefinition.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableAttributeDefinition.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsDynamoDbTableAttributeDefinition
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsDynamoDbTableAttributeDefinition where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains a definition of an attribute for the table.
+--
+-- /See:/ 'newAwsDynamoDbTableAttributeDefinition' smart constructor.
+data AwsDynamoDbTableAttributeDefinition = AwsDynamoDbTableAttributeDefinition'
+  { -- | The name of the attribute.
+    attributeName :: Prelude.Maybe Prelude.Text,
+    -- | The type of the attribute.
+    attributeType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsDynamoDbTableAttributeDefinition' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attributeName', 'awsDynamoDbTableAttributeDefinition_attributeName' - The name of the attribute.
+--
+-- 'attributeType', 'awsDynamoDbTableAttributeDefinition_attributeType' - The type of the attribute.
+newAwsDynamoDbTableAttributeDefinition ::
+  AwsDynamoDbTableAttributeDefinition
+newAwsDynamoDbTableAttributeDefinition =
+  AwsDynamoDbTableAttributeDefinition'
+    { attributeName =
+        Prelude.Nothing,
+      attributeType = Prelude.Nothing
+    }
+
+-- | The name of the attribute.
+awsDynamoDbTableAttributeDefinition_attributeName :: Lens.Lens' AwsDynamoDbTableAttributeDefinition (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableAttributeDefinition_attributeName = Lens.lens (\AwsDynamoDbTableAttributeDefinition' {attributeName} -> attributeName) (\s@AwsDynamoDbTableAttributeDefinition' {} a -> s {attributeName = a} :: AwsDynamoDbTableAttributeDefinition)
+
+-- | The type of the attribute.
+awsDynamoDbTableAttributeDefinition_attributeType :: Lens.Lens' AwsDynamoDbTableAttributeDefinition (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableAttributeDefinition_attributeType = Lens.lens (\AwsDynamoDbTableAttributeDefinition' {attributeType} -> attributeType) (\s@AwsDynamoDbTableAttributeDefinition' {} a -> s {attributeType = a} :: AwsDynamoDbTableAttributeDefinition)
+
+instance
+  Data.FromJSON
+    AwsDynamoDbTableAttributeDefinition
+  where
+  parseJSON =
+    Data.withObject
+      "AwsDynamoDbTableAttributeDefinition"
+      ( \x ->
+          AwsDynamoDbTableAttributeDefinition'
+            Prelude.<$> (x Data..:? "AttributeName")
+            Prelude.<*> (x Data..:? "AttributeType")
+      )
+
+instance
+  Prelude.Hashable
+    AwsDynamoDbTableAttributeDefinition
+  where
+  hashWithSalt
+    _salt
+    AwsDynamoDbTableAttributeDefinition' {..} =
+      _salt
+        `Prelude.hashWithSalt` attributeName
+        `Prelude.hashWithSalt` attributeType
+
+instance
+  Prelude.NFData
+    AwsDynamoDbTableAttributeDefinition
+  where
+  rnf AwsDynamoDbTableAttributeDefinition' {..} =
+    Prelude.rnf attributeName
+      `Prelude.seq` Prelude.rnf attributeType
+
+instance
+  Data.ToJSON
+    AwsDynamoDbTableAttributeDefinition
+  where
+  toJSON AwsDynamoDbTableAttributeDefinition' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AttributeName" Data..=) Prelude.<$> attributeName,
+            ("AttributeType" Data..=) Prelude.<$> attributeType
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableBillingModeSummary.hs b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableBillingModeSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableBillingModeSummary.hs
@@ -0,0 +1,132 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsDynamoDbTableBillingModeSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsDynamoDbTableBillingModeSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about the billing for read\/write capacity on the
+-- table.
+--
+-- /See:/ 'newAwsDynamoDbTableBillingModeSummary' smart constructor.
+data AwsDynamoDbTableBillingModeSummary = AwsDynamoDbTableBillingModeSummary'
+  { -- | The method used to charge for read and write throughput and to manage
+    -- capacity.
+    billingMode :: Prelude.Maybe Prelude.Text,
+    -- | If the billing mode is @PAY_PER_REQUEST@, indicates when the billing
+    -- mode was set to that value.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    lastUpdateToPayPerRequestDateTime :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsDynamoDbTableBillingModeSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'billingMode', 'awsDynamoDbTableBillingModeSummary_billingMode' - The method used to charge for read and write throughput and to manage
+-- capacity.
+--
+-- 'lastUpdateToPayPerRequestDateTime', 'awsDynamoDbTableBillingModeSummary_lastUpdateToPayPerRequestDateTime' - If the billing mode is @PAY_PER_REQUEST@, indicates when the billing
+-- mode was set to that value.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+newAwsDynamoDbTableBillingModeSummary ::
+  AwsDynamoDbTableBillingModeSummary
+newAwsDynamoDbTableBillingModeSummary =
+  AwsDynamoDbTableBillingModeSummary'
+    { billingMode =
+        Prelude.Nothing,
+      lastUpdateToPayPerRequestDateTime =
+        Prelude.Nothing
+    }
+
+-- | The method used to charge for read and write throughput and to manage
+-- capacity.
+awsDynamoDbTableBillingModeSummary_billingMode :: Lens.Lens' AwsDynamoDbTableBillingModeSummary (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableBillingModeSummary_billingMode = Lens.lens (\AwsDynamoDbTableBillingModeSummary' {billingMode} -> billingMode) (\s@AwsDynamoDbTableBillingModeSummary' {} a -> s {billingMode = a} :: AwsDynamoDbTableBillingModeSummary)
+
+-- | If the billing mode is @PAY_PER_REQUEST@, indicates when the billing
+-- mode was set to that value.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsDynamoDbTableBillingModeSummary_lastUpdateToPayPerRequestDateTime :: Lens.Lens' AwsDynamoDbTableBillingModeSummary (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableBillingModeSummary_lastUpdateToPayPerRequestDateTime = Lens.lens (\AwsDynamoDbTableBillingModeSummary' {lastUpdateToPayPerRequestDateTime} -> lastUpdateToPayPerRequestDateTime) (\s@AwsDynamoDbTableBillingModeSummary' {} a -> s {lastUpdateToPayPerRequestDateTime = a} :: AwsDynamoDbTableBillingModeSummary)
+
+instance
+  Data.FromJSON
+    AwsDynamoDbTableBillingModeSummary
+  where
+  parseJSON =
+    Data.withObject
+      "AwsDynamoDbTableBillingModeSummary"
+      ( \x ->
+          AwsDynamoDbTableBillingModeSummary'
+            Prelude.<$> (x Data..:? "BillingMode")
+            Prelude.<*> (x Data..:? "LastUpdateToPayPerRequestDateTime")
+      )
+
+instance
+  Prelude.Hashable
+    AwsDynamoDbTableBillingModeSummary
+  where
+  hashWithSalt
+    _salt
+    AwsDynamoDbTableBillingModeSummary' {..} =
+      _salt
+        `Prelude.hashWithSalt` billingMode
+        `Prelude.hashWithSalt` lastUpdateToPayPerRequestDateTime
+
+instance
+  Prelude.NFData
+    AwsDynamoDbTableBillingModeSummary
+  where
+  rnf AwsDynamoDbTableBillingModeSummary' {..} =
+    Prelude.rnf billingMode
+      `Prelude.seq` Prelude.rnf lastUpdateToPayPerRequestDateTime
+
+instance
+  Data.ToJSON
+    AwsDynamoDbTableBillingModeSummary
+  where
+  toJSON AwsDynamoDbTableBillingModeSummary' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("BillingMode" Data..=) Prelude.<$> billingMode,
+            ("LastUpdateToPayPerRequestDateTime" Data..=)
+              Prelude.<$> lastUpdateToPayPerRequestDateTime
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableDetails.hs
@@ -0,0 +1,404 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsDynamoDbTableDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsDynamoDbTableDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableAttributeDefinition
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableBillingModeSummary
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableGlobalSecondaryIndex
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableKeySchema
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableLocalSecondaryIndex
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableProvisionedThroughput
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableReplica
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableRestoreSummary
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableSseDescription
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableStreamSpecification
+
+-- | Provides details about a DynamoDB table.
+--
+-- /See:/ 'newAwsDynamoDbTableDetails' smart constructor.
+data AwsDynamoDbTableDetails = AwsDynamoDbTableDetails'
+  { -- | A list of attribute definitions for the table.
+    attributeDefinitions :: Prelude.Maybe [AwsDynamoDbTableAttributeDefinition],
+    -- | Information about the billing for read\/write capacity on the table.
+    billingModeSummary :: Prelude.Maybe AwsDynamoDbTableBillingModeSummary,
+    -- | Indicates when the table was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    creationDateTime :: Prelude.Maybe Prelude.Text,
+    -- | List of global secondary indexes for the table.
+    globalSecondaryIndexes :: Prelude.Maybe [AwsDynamoDbTableGlobalSecondaryIndex],
+    -- | The version of global tables being used.
+    globalTableVersion :: Prelude.Maybe Prelude.Text,
+    -- | The number of items in the table.
+    itemCount :: Prelude.Maybe Prelude.Int,
+    -- | The primary key structure for the table.
+    keySchema :: Prelude.Maybe [AwsDynamoDbTableKeySchema],
+    -- | The ARN of the latest stream for the table.
+    latestStreamArn :: Prelude.Maybe Prelude.Text,
+    -- | The label of the latest stream. The label is not a unique identifier.
+    latestStreamLabel :: Prelude.Maybe Prelude.Text,
+    -- | The list of local secondary indexes for the table.
+    localSecondaryIndexes :: Prelude.Maybe [AwsDynamoDbTableLocalSecondaryIndex],
+    -- | Information about the provisioned throughput for the table.
+    provisionedThroughput :: Prelude.Maybe AwsDynamoDbTableProvisionedThroughput,
+    -- | The list of replicas of this table.
+    replicas :: Prelude.Maybe [AwsDynamoDbTableReplica],
+    -- | Information about the restore for the table.
+    restoreSummary :: Prelude.Maybe AwsDynamoDbTableRestoreSummary,
+    -- | Information about the server-side encryption for the table.
+    sseDescription :: Prelude.Maybe AwsDynamoDbTableSseDescription,
+    -- | The current DynamoDB Streams configuration for the table.
+    streamSpecification :: Prelude.Maybe AwsDynamoDbTableStreamSpecification,
+    -- | The identifier of the table.
+    tableId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the table.
+    tableName :: Prelude.Maybe Prelude.Text,
+    -- | The total size of the table in bytes.
+    tableSizeBytes :: Prelude.Maybe Prelude.Integer,
+    -- | The current status of the table. Valid values are as follows:
+    --
+    -- -   @ACTIVE@
+    --
+    -- -   @ARCHIVED@
+    --
+    -- -   @ARCHIVING@
+    --
+    -- -   @CREATING@
+    --
+    -- -   @DELETING@
+    --
+    -- -   @INACCESSIBLE_ENCRYPTION_CREDENTIALS@
+    --
+    -- -   @UPDATING@
+    tableStatus :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsDynamoDbTableDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attributeDefinitions', 'awsDynamoDbTableDetails_attributeDefinitions' - A list of attribute definitions for the table.
+--
+-- 'billingModeSummary', 'awsDynamoDbTableDetails_billingModeSummary' - Information about the billing for read\/write capacity on the table.
+--
+-- 'creationDateTime', 'awsDynamoDbTableDetails_creationDateTime' - Indicates when the table was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'globalSecondaryIndexes', 'awsDynamoDbTableDetails_globalSecondaryIndexes' - List of global secondary indexes for the table.
+--
+-- 'globalTableVersion', 'awsDynamoDbTableDetails_globalTableVersion' - The version of global tables being used.
+--
+-- 'itemCount', 'awsDynamoDbTableDetails_itemCount' - The number of items in the table.
+--
+-- 'keySchema', 'awsDynamoDbTableDetails_keySchema' - The primary key structure for the table.
+--
+-- 'latestStreamArn', 'awsDynamoDbTableDetails_latestStreamArn' - The ARN of the latest stream for the table.
+--
+-- 'latestStreamLabel', 'awsDynamoDbTableDetails_latestStreamLabel' - The label of the latest stream. The label is not a unique identifier.
+--
+-- 'localSecondaryIndexes', 'awsDynamoDbTableDetails_localSecondaryIndexes' - The list of local secondary indexes for the table.
+--
+-- 'provisionedThroughput', 'awsDynamoDbTableDetails_provisionedThroughput' - Information about the provisioned throughput for the table.
+--
+-- 'replicas', 'awsDynamoDbTableDetails_replicas' - The list of replicas of this table.
+--
+-- 'restoreSummary', 'awsDynamoDbTableDetails_restoreSummary' - Information about the restore for the table.
+--
+-- 'sseDescription', 'awsDynamoDbTableDetails_sseDescription' - Information about the server-side encryption for the table.
+--
+-- 'streamSpecification', 'awsDynamoDbTableDetails_streamSpecification' - The current DynamoDB Streams configuration for the table.
+--
+-- 'tableId', 'awsDynamoDbTableDetails_tableId' - The identifier of the table.
+--
+-- 'tableName', 'awsDynamoDbTableDetails_tableName' - The name of the table.
+--
+-- 'tableSizeBytes', 'awsDynamoDbTableDetails_tableSizeBytes' - The total size of the table in bytes.
+--
+-- 'tableStatus', 'awsDynamoDbTableDetails_tableStatus' - The current status of the table. Valid values are as follows:
+--
+-- -   @ACTIVE@
+--
+-- -   @ARCHIVED@
+--
+-- -   @ARCHIVING@
+--
+-- -   @CREATING@
+--
+-- -   @DELETING@
+--
+-- -   @INACCESSIBLE_ENCRYPTION_CREDENTIALS@
+--
+-- -   @UPDATING@
+newAwsDynamoDbTableDetails ::
+  AwsDynamoDbTableDetails
+newAwsDynamoDbTableDetails =
+  AwsDynamoDbTableDetails'
+    { attributeDefinitions =
+        Prelude.Nothing,
+      billingModeSummary = Prelude.Nothing,
+      creationDateTime = Prelude.Nothing,
+      globalSecondaryIndexes = Prelude.Nothing,
+      globalTableVersion = Prelude.Nothing,
+      itemCount = Prelude.Nothing,
+      keySchema = Prelude.Nothing,
+      latestStreamArn = Prelude.Nothing,
+      latestStreamLabel = Prelude.Nothing,
+      localSecondaryIndexes = Prelude.Nothing,
+      provisionedThroughput = Prelude.Nothing,
+      replicas = Prelude.Nothing,
+      restoreSummary = Prelude.Nothing,
+      sseDescription = Prelude.Nothing,
+      streamSpecification = Prelude.Nothing,
+      tableId = Prelude.Nothing,
+      tableName = Prelude.Nothing,
+      tableSizeBytes = Prelude.Nothing,
+      tableStatus = Prelude.Nothing
+    }
+
+-- | A list of attribute definitions for the table.
+awsDynamoDbTableDetails_attributeDefinitions :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe [AwsDynamoDbTableAttributeDefinition])
+awsDynamoDbTableDetails_attributeDefinitions = Lens.lens (\AwsDynamoDbTableDetails' {attributeDefinitions} -> attributeDefinitions) (\s@AwsDynamoDbTableDetails' {} a -> s {attributeDefinitions = a} :: AwsDynamoDbTableDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Information about the billing for read\/write capacity on the table.
+awsDynamoDbTableDetails_billingModeSummary :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe AwsDynamoDbTableBillingModeSummary)
+awsDynamoDbTableDetails_billingModeSummary = Lens.lens (\AwsDynamoDbTableDetails' {billingModeSummary} -> billingModeSummary) (\s@AwsDynamoDbTableDetails' {} a -> s {billingModeSummary = a} :: AwsDynamoDbTableDetails)
+
+-- | Indicates when the table was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsDynamoDbTableDetails_creationDateTime :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableDetails_creationDateTime = Lens.lens (\AwsDynamoDbTableDetails' {creationDateTime} -> creationDateTime) (\s@AwsDynamoDbTableDetails' {} a -> s {creationDateTime = a} :: AwsDynamoDbTableDetails)
+
+-- | List of global secondary indexes for the table.
+awsDynamoDbTableDetails_globalSecondaryIndexes :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe [AwsDynamoDbTableGlobalSecondaryIndex])
+awsDynamoDbTableDetails_globalSecondaryIndexes = Lens.lens (\AwsDynamoDbTableDetails' {globalSecondaryIndexes} -> globalSecondaryIndexes) (\s@AwsDynamoDbTableDetails' {} a -> s {globalSecondaryIndexes = a} :: AwsDynamoDbTableDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The version of global tables being used.
+awsDynamoDbTableDetails_globalTableVersion :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableDetails_globalTableVersion = Lens.lens (\AwsDynamoDbTableDetails' {globalTableVersion} -> globalTableVersion) (\s@AwsDynamoDbTableDetails' {} a -> s {globalTableVersion = a} :: AwsDynamoDbTableDetails)
+
+-- | The number of items in the table.
+awsDynamoDbTableDetails_itemCount :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe Prelude.Int)
+awsDynamoDbTableDetails_itemCount = Lens.lens (\AwsDynamoDbTableDetails' {itemCount} -> itemCount) (\s@AwsDynamoDbTableDetails' {} a -> s {itemCount = a} :: AwsDynamoDbTableDetails)
+
+-- | The primary key structure for the table.
+awsDynamoDbTableDetails_keySchema :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe [AwsDynamoDbTableKeySchema])
+awsDynamoDbTableDetails_keySchema = Lens.lens (\AwsDynamoDbTableDetails' {keySchema} -> keySchema) (\s@AwsDynamoDbTableDetails' {} a -> s {keySchema = a} :: AwsDynamoDbTableDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN of the latest stream for the table.
+awsDynamoDbTableDetails_latestStreamArn :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableDetails_latestStreamArn = Lens.lens (\AwsDynamoDbTableDetails' {latestStreamArn} -> latestStreamArn) (\s@AwsDynamoDbTableDetails' {} a -> s {latestStreamArn = a} :: AwsDynamoDbTableDetails)
+
+-- | The label of the latest stream. The label is not a unique identifier.
+awsDynamoDbTableDetails_latestStreamLabel :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableDetails_latestStreamLabel = Lens.lens (\AwsDynamoDbTableDetails' {latestStreamLabel} -> latestStreamLabel) (\s@AwsDynamoDbTableDetails' {} a -> s {latestStreamLabel = a} :: AwsDynamoDbTableDetails)
+
+-- | The list of local secondary indexes for the table.
+awsDynamoDbTableDetails_localSecondaryIndexes :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe [AwsDynamoDbTableLocalSecondaryIndex])
+awsDynamoDbTableDetails_localSecondaryIndexes = Lens.lens (\AwsDynamoDbTableDetails' {localSecondaryIndexes} -> localSecondaryIndexes) (\s@AwsDynamoDbTableDetails' {} a -> s {localSecondaryIndexes = a} :: AwsDynamoDbTableDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Information about the provisioned throughput for the table.
+awsDynamoDbTableDetails_provisionedThroughput :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe AwsDynamoDbTableProvisionedThroughput)
+awsDynamoDbTableDetails_provisionedThroughput = Lens.lens (\AwsDynamoDbTableDetails' {provisionedThroughput} -> provisionedThroughput) (\s@AwsDynamoDbTableDetails' {} a -> s {provisionedThroughput = a} :: AwsDynamoDbTableDetails)
+
+-- | The list of replicas of this table.
+awsDynamoDbTableDetails_replicas :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe [AwsDynamoDbTableReplica])
+awsDynamoDbTableDetails_replicas = Lens.lens (\AwsDynamoDbTableDetails' {replicas} -> replicas) (\s@AwsDynamoDbTableDetails' {} a -> s {replicas = a} :: AwsDynamoDbTableDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Information about the restore for the table.
+awsDynamoDbTableDetails_restoreSummary :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe AwsDynamoDbTableRestoreSummary)
+awsDynamoDbTableDetails_restoreSummary = Lens.lens (\AwsDynamoDbTableDetails' {restoreSummary} -> restoreSummary) (\s@AwsDynamoDbTableDetails' {} a -> s {restoreSummary = a} :: AwsDynamoDbTableDetails)
+
+-- | Information about the server-side encryption for the table.
+awsDynamoDbTableDetails_sseDescription :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe AwsDynamoDbTableSseDescription)
+awsDynamoDbTableDetails_sseDescription = Lens.lens (\AwsDynamoDbTableDetails' {sseDescription} -> sseDescription) (\s@AwsDynamoDbTableDetails' {} a -> s {sseDescription = a} :: AwsDynamoDbTableDetails)
+
+-- | The current DynamoDB Streams configuration for the table.
+awsDynamoDbTableDetails_streamSpecification :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe AwsDynamoDbTableStreamSpecification)
+awsDynamoDbTableDetails_streamSpecification = Lens.lens (\AwsDynamoDbTableDetails' {streamSpecification} -> streamSpecification) (\s@AwsDynamoDbTableDetails' {} a -> s {streamSpecification = a} :: AwsDynamoDbTableDetails)
+
+-- | The identifier of the table.
+awsDynamoDbTableDetails_tableId :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableDetails_tableId = Lens.lens (\AwsDynamoDbTableDetails' {tableId} -> tableId) (\s@AwsDynamoDbTableDetails' {} a -> s {tableId = a} :: AwsDynamoDbTableDetails)
+
+-- | The name of the table.
+awsDynamoDbTableDetails_tableName :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableDetails_tableName = Lens.lens (\AwsDynamoDbTableDetails' {tableName} -> tableName) (\s@AwsDynamoDbTableDetails' {} a -> s {tableName = a} :: AwsDynamoDbTableDetails)
+
+-- | The total size of the table in bytes.
+awsDynamoDbTableDetails_tableSizeBytes :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe Prelude.Integer)
+awsDynamoDbTableDetails_tableSizeBytes = Lens.lens (\AwsDynamoDbTableDetails' {tableSizeBytes} -> tableSizeBytes) (\s@AwsDynamoDbTableDetails' {} a -> s {tableSizeBytes = a} :: AwsDynamoDbTableDetails)
+
+-- | The current status of the table. Valid values are as follows:
+--
+-- -   @ACTIVE@
+--
+-- -   @ARCHIVED@
+--
+-- -   @ARCHIVING@
+--
+-- -   @CREATING@
+--
+-- -   @DELETING@
+--
+-- -   @INACCESSIBLE_ENCRYPTION_CREDENTIALS@
+--
+-- -   @UPDATING@
+awsDynamoDbTableDetails_tableStatus :: Lens.Lens' AwsDynamoDbTableDetails (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableDetails_tableStatus = Lens.lens (\AwsDynamoDbTableDetails' {tableStatus} -> tableStatus) (\s@AwsDynamoDbTableDetails' {} a -> s {tableStatus = a} :: AwsDynamoDbTableDetails)
+
+instance Data.FromJSON AwsDynamoDbTableDetails where
+  parseJSON =
+    Data.withObject
+      "AwsDynamoDbTableDetails"
+      ( \x ->
+          AwsDynamoDbTableDetails'
+            Prelude.<$> ( x
+                            Data..:? "AttributeDefinitions"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "BillingModeSummary")
+            Prelude.<*> (x Data..:? "CreationDateTime")
+            Prelude.<*> ( x
+                            Data..:? "GlobalSecondaryIndexes"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "GlobalTableVersion")
+            Prelude.<*> (x Data..:? "ItemCount")
+            Prelude.<*> (x Data..:? "KeySchema" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "LatestStreamArn")
+            Prelude.<*> (x Data..:? "LatestStreamLabel")
+            Prelude.<*> ( x
+                            Data..:? "LocalSecondaryIndexes"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ProvisionedThroughput")
+            Prelude.<*> (x Data..:? "Replicas" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "RestoreSummary")
+            Prelude.<*> (x Data..:? "SseDescription")
+            Prelude.<*> (x Data..:? "StreamSpecification")
+            Prelude.<*> (x Data..:? "TableId")
+            Prelude.<*> (x Data..:? "TableName")
+            Prelude.<*> (x Data..:? "TableSizeBytes")
+            Prelude.<*> (x Data..:? "TableStatus")
+      )
+
+instance Prelude.Hashable AwsDynamoDbTableDetails where
+  hashWithSalt _salt AwsDynamoDbTableDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` attributeDefinitions
+      `Prelude.hashWithSalt` billingModeSummary
+      `Prelude.hashWithSalt` creationDateTime
+      `Prelude.hashWithSalt` globalSecondaryIndexes
+      `Prelude.hashWithSalt` globalTableVersion
+      `Prelude.hashWithSalt` itemCount
+      `Prelude.hashWithSalt` keySchema
+      `Prelude.hashWithSalt` latestStreamArn
+      `Prelude.hashWithSalt` latestStreamLabel
+      `Prelude.hashWithSalt` localSecondaryIndexes
+      `Prelude.hashWithSalt` provisionedThroughput
+      `Prelude.hashWithSalt` replicas
+      `Prelude.hashWithSalt` restoreSummary
+      `Prelude.hashWithSalt` sseDescription
+      `Prelude.hashWithSalt` streamSpecification
+      `Prelude.hashWithSalt` tableId
+      `Prelude.hashWithSalt` tableName
+      `Prelude.hashWithSalt` tableSizeBytes
+      `Prelude.hashWithSalt` tableStatus
+
+instance Prelude.NFData AwsDynamoDbTableDetails where
+  rnf AwsDynamoDbTableDetails' {..} =
+    Prelude.rnf attributeDefinitions
+      `Prelude.seq` Prelude.rnf billingModeSummary
+      `Prelude.seq` Prelude.rnf creationDateTime
+      `Prelude.seq` Prelude.rnf globalSecondaryIndexes
+      `Prelude.seq` Prelude.rnf globalTableVersion
+      `Prelude.seq` Prelude.rnf itemCount
+      `Prelude.seq` Prelude.rnf keySchema
+      `Prelude.seq` Prelude.rnf latestStreamArn
+      `Prelude.seq` Prelude.rnf latestStreamLabel
+      `Prelude.seq` Prelude.rnf localSecondaryIndexes
+      `Prelude.seq` Prelude.rnf provisionedThroughput
+      `Prelude.seq` Prelude.rnf replicas
+      `Prelude.seq` Prelude.rnf restoreSummary
+      `Prelude.seq` Prelude.rnf sseDescription
+      `Prelude.seq` Prelude.rnf streamSpecification
+      `Prelude.seq` Prelude.rnf tableId
+      `Prelude.seq` Prelude.rnf tableName
+      `Prelude.seq` Prelude.rnf tableSizeBytes
+      `Prelude.seq` Prelude.rnf tableStatus
+
+instance Data.ToJSON AwsDynamoDbTableDetails where
+  toJSON AwsDynamoDbTableDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AttributeDefinitions" Data..=)
+              Prelude.<$> attributeDefinitions,
+            ("BillingModeSummary" Data..=)
+              Prelude.<$> billingModeSummary,
+            ("CreationDateTime" Data..=)
+              Prelude.<$> creationDateTime,
+            ("GlobalSecondaryIndexes" Data..=)
+              Prelude.<$> globalSecondaryIndexes,
+            ("GlobalTableVersion" Data..=)
+              Prelude.<$> globalTableVersion,
+            ("ItemCount" Data..=) Prelude.<$> itemCount,
+            ("KeySchema" Data..=) Prelude.<$> keySchema,
+            ("LatestStreamArn" Data..=)
+              Prelude.<$> latestStreamArn,
+            ("LatestStreamLabel" Data..=)
+              Prelude.<$> latestStreamLabel,
+            ("LocalSecondaryIndexes" Data..=)
+              Prelude.<$> localSecondaryIndexes,
+            ("ProvisionedThroughput" Data..=)
+              Prelude.<$> provisionedThroughput,
+            ("Replicas" Data..=) Prelude.<$> replicas,
+            ("RestoreSummary" Data..=)
+              Prelude.<$> restoreSummary,
+            ("SseDescription" Data..=)
+              Prelude.<$> sseDescription,
+            ("StreamSpecification" Data..=)
+              Prelude.<$> streamSpecification,
+            ("TableId" Data..=) Prelude.<$> tableId,
+            ("TableName" Data..=) Prelude.<$> tableName,
+            ("TableSizeBytes" Data..=)
+              Prelude.<$> tableSizeBytes,
+            ("TableStatus" Data..=) Prelude.<$> tableStatus
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableGlobalSecondaryIndex.hs b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableGlobalSecondaryIndex.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableGlobalSecondaryIndex.hs
@@ -0,0 +1,229 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsDynamoDbTableGlobalSecondaryIndex
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsDynamoDbTableGlobalSecondaryIndex where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableKeySchema
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableProjection
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableProvisionedThroughput
+
+-- | Information abut a global secondary index for the table.
+--
+-- /See:/ 'newAwsDynamoDbTableGlobalSecondaryIndex' smart constructor.
+data AwsDynamoDbTableGlobalSecondaryIndex = AwsDynamoDbTableGlobalSecondaryIndex'
+  { -- | Whether the index is currently backfilling.
+    backfilling :: Prelude.Maybe Prelude.Bool,
+    -- | The ARN of the index.
+    indexArn :: Prelude.Maybe Prelude.Text,
+    -- | The name of the index.
+    indexName :: Prelude.Maybe Prelude.Text,
+    -- | The total size in bytes of the index.
+    indexSizeBytes :: Prelude.Maybe Prelude.Integer,
+    -- | The current status of the index.
+    --
+    -- -   @ACTIVE@
+    --
+    -- -   @CREATING@
+    --
+    -- -   @DELETING@
+    --
+    -- -   @UPDATING@
+    indexStatus :: Prelude.Maybe Prelude.Text,
+    -- | The number of items in the index.
+    itemCount :: Prelude.Maybe Prelude.Int,
+    -- | The key schema for the index.
+    keySchema :: Prelude.Maybe [AwsDynamoDbTableKeySchema],
+    -- | Attributes that are copied from the table into an index.
+    projection :: Prelude.Maybe AwsDynamoDbTableProjection,
+    -- | Information about the provisioned throughput settings for the indexes.
+    provisionedThroughput :: Prelude.Maybe AwsDynamoDbTableProvisionedThroughput
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsDynamoDbTableGlobalSecondaryIndex' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'backfilling', 'awsDynamoDbTableGlobalSecondaryIndex_backfilling' - Whether the index is currently backfilling.
+--
+-- 'indexArn', 'awsDynamoDbTableGlobalSecondaryIndex_indexArn' - The ARN of the index.
+--
+-- 'indexName', 'awsDynamoDbTableGlobalSecondaryIndex_indexName' - The name of the index.
+--
+-- 'indexSizeBytes', 'awsDynamoDbTableGlobalSecondaryIndex_indexSizeBytes' - The total size in bytes of the index.
+--
+-- 'indexStatus', 'awsDynamoDbTableGlobalSecondaryIndex_indexStatus' - The current status of the index.
+--
+-- -   @ACTIVE@
+--
+-- -   @CREATING@
+--
+-- -   @DELETING@
+--
+-- -   @UPDATING@
+--
+-- 'itemCount', 'awsDynamoDbTableGlobalSecondaryIndex_itemCount' - The number of items in the index.
+--
+-- 'keySchema', 'awsDynamoDbTableGlobalSecondaryIndex_keySchema' - The key schema for the index.
+--
+-- 'projection', 'awsDynamoDbTableGlobalSecondaryIndex_projection' - Attributes that are copied from the table into an index.
+--
+-- 'provisionedThroughput', 'awsDynamoDbTableGlobalSecondaryIndex_provisionedThroughput' - Information about the provisioned throughput settings for the indexes.
+newAwsDynamoDbTableGlobalSecondaryIndex ::
+  AwsDynamoDbTableGlobalSecondaryIndex
+newAwsDynamoDbTableGlobalSecondaryIndex =
+  AwsDynamoDbTableGlobalSecondaryIndex'
+    { backfilling =
+        Prelude.Nothing,
+      indexArn = Prelude.Nothing,
+      indexName = Prelude.Nothing,
+      indexSizeBytes = Prelude.Nothing,
+      indexStatus = Prelude.Nothing,
+      itemCount = Prelude.Nothing,
+      keySchema = Prelude.Nothing,
+      projection = Prelude.Nothing,
+      provisionedThroughput =
+        Prelude.Nothing
+    }
+
+-- | Whether the index is currently backfilling.
+awsDynamoDbTableGlobalSecondaryIndex_backfilling :: Lens.Lens' AwsDynamoDbTableGlobalSecondaryIndex (Prelude.Maybe Prelude.Bool)
+awsDynamoDbTableGlobalSecondaryIndex_backfilling = Lens.lens (\AwsDynamoDbTableGlobalSecondaryIndex' {backfilling} -> backfilling) (\s@AwsDynamoDbTableGlobalSecondaryIndex' {} a -> s {backfilling = a} :: AwsDynamoDbTableGlobalSecondaryIndex)
+
+-- | The ARN of the index.
+awsDynamoDbTableGlobalSecondaryIndex_indexArn :: Lens.Lens' AwsDynamoDbTableGlobalSecondaryIndex (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableGlobalSecondaryIndex_indexArn = Lens.lens (\AwsDynamoDbTableGlobalSecondaryIndex' {indexArn} -> indexArn) (\s@AwsDynamoDbTableGlobalSecondaryIndex' {} a -> s {indexArn = a} :: AwsDynamoDbTableGlobalSecondaryIndex)
+
+-- | The name of the index.
+awsDynamoDbTableGlobalSecondaryIndex_indexName :: Lens.Lens' AwsDynamoDbTableGlobalSecondaryIndex (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableGlobalSecondaryIndex_indexName = Lens.lens (\AwsDynamoDbTableGlobalSecondaryIndex' {indexName} -> indexName) (\s@AwsDynamoDbTableGlobalSecondaryIndex' {} a -> s {indexName = a} :: AwsDynamoDbTableGlobalSecondaryIndex)
+
+-- | The total size in bytes of the index.
+awsDynamoDbTableGlobalSecondaryIndex_indexSizeBytes :: Lens.Lens' AwsDynamoDbTableGlobalSecondaryIndex (Prelude.Maybe Prelude.Integer)
+awsDynamoDbTableGlobalSecondaryIndex_indexSizeBytes = Lens.lens (\AwsDynamoDbTableGlobalSecondaryIndex' {indexSizeBytes} -> indexSizeBytes) (\s@AwsDynamoDbTableGlobalSecondaryIndex' {} a -> s {indexSizeBytes = a} :: AwsDynamoDbTableGlobalSecondaryIndex)
+
+-- | The current status of the index.
+--
+-- -   @ACTIVE@
+--
+-- -   @CREATING@
+--
+-- -   @DELETING@
+--
+-- -   @UPDATING@
+awsDynamoDbTableGlobalSecondaryIndex_indexStatus :: Lens.Lens' AwsDynamoDbTableGlobalSecondaryIndex (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableGlobalSecondaryIndex_indexStatus = Lens.lens (\AwsDynamoDbTableGlobalSecondaryIndex' {indexStatus} -> indexStatus) (\s@AwsDynamoDbTableGlobalSecondaryIndex' {} a -> s {indexStatus = a} :: AwsDynamoDbTableGlobalSecondaryIndex)
+
+-- | The number of items in the index.
+awsDynamoDbTableGlobalSecondaryIndex_itemCount :: Lens.Lens' AwsDynamoDbTableGlobalSecondaryIndex (Prelude.Maybe Prelude.Int)
+awsDynamoDbTableGlobalSecondaryIndex_itemCount = Lens.lens (\AwsDynamoDbTableGlobalSecondaryIndex' {itemCount} -> itemCount) (\s@AwsDynamoDbTableGlobalSecondaryIndex' {} a -> s {itemCount = a} :: AwsDynamoDbTableGlobalSecondaryIndex)
+
+-- | The key schema for the index.
+awsDynamoDbTableGlobalSecondaryIndex_keySchema :: Lens.Lens' AwsDynamoDbTableGlobalSecondaryIndex (Prelude.Maybe [AwsDynamoDbTableKeySchema])
+awsDynamoDbTableGlobalSecondaryIndex_keySchema = Lens.lens (\AwsDynamoDbTableGlobalSecondaryIndex' {keySchema} -> keySchema) (\s@AwsDynamoDbTableGlobalSecondaryIndex' {} a -> s {keySchema = a} :: AwsDynamoDbTableGlobalSecondaryIndex) Prelude.. Lens.mapping Lens.coerced
+
+-- | Attributes that are copied from the table into an index.
+awsDynamoDbTableGlobalSecondaryIndex_projection :: Lens.Lens' AwsDynamoDbTableGlobalSecondaryIndex (Prelude.Maybe AwsDynamoDbTableProjection)
+awsDynamoDbTableGlobalSecondaryIndex_projection = Lens.lens (\AwsDynamoDbTableGlobalSecondaryIndex' {projection} -> projection) (\s@AwsDynamoDbTableGlobalSecondaryIndex' {} a -> s {projection = a} :: AwsDynamoDbTableGlobalSecondaryIndex)
+
+-- | Information about the provisioned throughput settings for the indexes.
+awsDynamoDbTableGlobalSecondaryIndex_provisionedThroughput :: Lens.Lens' AwsDynamoDbTableGlobalSecondaryIndex (Prelude.Maybe AwsDynamoDbTableProvisionedThroughput)
+awsDynamoDbTableGlobalSecondaryIndex_provisionedThroughput = Lens.lens (\AwsDynamoDbTableGlobalSecondaryIndex' {provisionedThroughput} -> provisionedThroughput) (\s@AwsDynamoDbTableGlobalSecondaryIndex' {} a -> s {provisionedThroughput = a} :: AwsDynamoDbTableGlobalSecondaryIndex)
+
+instance
+  Data.FromJSON
+    AwsDynamoDbTableGlobalSecondaryIndex
+  where
+  parseJSON =
+    Data.withObject
+      "AwsDynamoDbTableGlobalSecondaryIndex"
+      ( \x ->
+          AwsDynamoDbTableGlobalSecondaryIndex'
+            Prelude.<$> (x Data..:? "Backfilling")
+            Prelude.<*> (x Data..:? "IndexArn")
+            Prelude.<*> (x Data..:? "IndexName")
+            Prelude.<*> (x Data..:? "IndexSizeBytes")
+            Prelude.<*> (x Data..:? "IndexStatus")
+            Prelude.<*> (x Data..:? "ItemCount")
+            Prelude.<*> (x Data..:? "KeySchema" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Projection")
+            Prelude.<*> (x Data..:? "ProvisionedThroughput")
+      )
+
+instance
+  Prelude.Hashable
+    AwsDynamoDbTableGlobalSecondaryIndex
+  where
+  hashWithSalt
+    _salt
+    AwsDynamoDbTableGlobalSecondaryIndex' {..} =
+      _salt
+        `Prelude.hashWithSalt` backfilling
+        `Prelude.hashWithSalt` indexArn
+        `Prelude.hashWithSalt` indexName
+        `Prelude.hashWithSalt` indexSizeBytes
+        `Prelude.hashWithSalt` indexStatus
+        `Prelude.hashWithSalt` itemCount
+        `Prelude.hashWithSalt` keySchema
+        `Prelude.hashWithSalt` projection
+        `Prelude.hashWithSalt` provisionedThroughput
+
+instance
+  Prelude.NFData
+    AwsDynamoDbTableGlobalSecondaryIndex
+  where
+  rnf AwsDynamoDbTableGlobalSecondaryIndex' {..} =
+    Prelude.rnf backfilling
+      `Prelude.seq` Prelude.rnf indexArn
+      `Prelude.seq` Prelude.rnf indexName
+      `Prelude.seq` Prelude.rnf indexSizeBytes
+      `Prelude.seq` Prelude.rnf indexStatus
+      `Prelude.seq` Prelude.rnf itemCount
+      `Prelude.seq` Prelude.rnf keySchema
+      `Prelude.seq` Prelude.rnf projection
+      `Prelude.seq` Prelude.rnf provisionedThroughput
+
+instance
+  Data.ToJSON
+    AwsDynamoDbTableGlobalSecondaryIndex
+  where
+  toJSON AwsDynamoDbTableGlobalSecondaryIndex' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Backfilling" Data..=) Prelude.<$> backfilling,
+            ("IndexArn" Data..=) Prelude.<$> indexArn,
+            ("IndexName" Data..=) Prelude.<$> indexName,
+            ("IndexSizeBytes" Data..=)
+              Prelude.<$> indexSizeBytes,
+            ("IndexStatus" Data..=) Prelude.<$> indexStatus,
+            ("ItemCount" Data..=) Prelude.<$> itemCount,
+            ("KeySchema" Data..=) Prelude.<$> keySchema,
+            ("Projection" Data..=) Prelude.<$> projection,
+            ("ProvisionedThroughput" Data..=)
+              Prelude.<$> provisionedThroughput
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableKeySchema.hs b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableKeySchema.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableKeySchema.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsDynamoDbTableKeySchema
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsDynamoDbTableKeySchema where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A component of the key schema for the DynamoDB table, a global secondary
+-- index, or a local secondary index.
+--
+-- /See:/ 'newAwsDynamoDbTableKeySchema' smart constructor.
+data AwsDynamoDbTableKeySchema = AwsDynamoDbTableKeySchema'
+  { -- | The name of the key schema attribute.
+    attributeName :: Prelude.Maybe Prelude.Text,
+    -- | The type of key used for the key schema attribute. Valid values are
+    -- @HASH@ or @RANGE@.
+    keyType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsDynamoDbTableKeySchema' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attributeName', 'awsDynamoDbTableKeySchema_attributeName' - The name of the key schema attribute.
+--
+-- 'keyType', 'awsDynamoDbTableKeySchema_keyType' - The type of key used for the key schema attribute. Valid values are
+-- @HASH@ or @RANGE@.
+newAwsDynamoDbTableKeySchema ::
+  AwsDynamoDbTableKeySchema
+newAwsDynamoDbTableKeySchema =
+  AwsDynamoDbTableKeySchema'
+    { attributeName =
+        Prelude.Nothing,
+      keyType = Prelude.Nothing
+    }
+
+-- | The name of the key schema attribute.
+awsDynamoDbTableKeySchema_attributeName :: Lens.Lens' AwsDynamoDbTableKeySchema (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableKeySchema_attributeName = Lens.lens (\AwsDynamoDbTableKeySchema' {attributeName} -> attributeName) (\s@AwsDynamoDbTableKeySchema' {} a -> s {attributeName = a} :: AwsDynamoDbTableKeySchema)
+
+-- | The type of key used for the key schema attribute. Valid values are
+-- @HASH@ or @RANGE@.
+awsDynamoDbTableKeySchema_keyType :: Lens.Lens' AwsDynamoDbTableKeySchema (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableKeySchema_keyType = Lens.lens (\AwsDynamoDbTableKeySchema' {keyType} -> keyType) (\s@AwsDynamoDbTableKeySchema' {} a -> s {keyType = a} :: AwsDynamoDbTableKeySchema)
+
+instance Data.FromJSON AwsDynamoDbTableKeySchema where
+  parseJSON =
+    Data.withObject
+      "AwsDynamoDbTableKeySchema"
+      ( \x ->
+          AwsDynamoDbTableKeySchema'
+            Prelude.<$> (x Data..:? "AttributeName")
+            Prelude.<*> (x Data..:? "KeyType")
+      )
+
+instance Prelude.Hashable AwsDynamoDbTableKeySchema where
+  hashWithSalt _salt AwsDynamoDbTableKeySchema' {..} =
+    _salt
+      `Prelude.hashWithSalt` attributeName
+      `Prelude.hashWithSalt` keyType
+
+instance Prelude.NFData AwsDynamoDbTableKeySchema where
+  rnf AwsDynamoDbTableKeySchema' {..} =
+    Prelude.rnf attributeName
+      `Prelude.seq` Prelude.rnf keyType
+
+instance Data.ToJSON AwsDynamoDbTableKeySchema where
+  toJSON AwsDynamoDbTableKeySchema' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AttributeName" Data..=) Prelude.<$> attributeName,
+            ("KeyType" Data..=) Prelude.<$> keyType
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableLocalSecondaryIndex.hs b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableLocalSecondaryIndex.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableLocalSecondaryIndex.hs
@@ -0,0 +1,142 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsDynamoDbTableLocalSecondaryIndex
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsDynamoDbTableLocalSecondaryIndex where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableKeySchema
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableProjection
+
+-- | Information about a local secondary index for a DynamoDB table.
+--
+-- /See:/ 'newAwsDynamoDbTableLocalSecondaryIndex' smart constructor.
+data AwsDynamoDbTableLocalSecondaryIndex = AwsDynamoDbTableLocalSecondaryIndex'
+  { -- | The ARN of the index.
+    indexArn :: Prelude.Maybe Prelude.Text,
+    -- | The name of the index.
+    indexName :: Prelude.Maybe Prelude.Text,
+    -- | The complete key schema for the index.
+    keySchema :: Prelude.Maybe [AwsDynamoDbTableKeySchema],
+    -- | Attributes that are copied from the table into the index. These are in
+    -- addition to the primary key attributes and index key attributes, which
+    -- are automatically projected.
+    projection :: Prelude.Maybe AwsDynamoDbTableProjection
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsDynamoDbTableLocalSecondaryIndex' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'indexArn', 'awsDynamoDbTableLocalSecondaryIndex_indexArn' - The ARN of the index.
+--
+-- 'indexName', 'awsDynamoDbTableLocalSecondaryIndex_indexName' - The name of the index.
+--
+-- 'keySchema', 'awsDynamoDbTableLocalSecondaryIndex_keySchema' - The complete key schema for the index.
+--
+-- 'projection', 'awsDynamoDbTableLocalSecondaryIndex_projection' - Attributes that are copied from the table into the index. These are in
+-- addition to the primary key attributes and index key attributes, which
+-- are automatically projected.
+newAwsDynamoDbTableLocalSecondaryIndex ::
+  AwsDynamoDbTableLocalSecondaryIndex
+newAwsDynamoDbTableLocalSecondaryIndex =
+  AwsDynamoDbTableLocalSecondaryIndex'
+    { indexArn =
+        Prelude.Nothing,
+      indexName = Prelude.Nothing,
+      keySchema = Prelude.Nothing,
+      projection = Prelude.Nothing
+    }
+
+-- | The ARN of the index.
+awsDynamoDbTableLocalSecondaryIndex_indexArn :: Lens.Lens' AwsDynamoDbTableLocalSecondaryIndex (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableLocalSecondaryIndex_indexArn = Lens.lens (\AwsDynamoDbTableLocalSecondaryIndex' {indexArn} -> indexArn) (\s@AwsDynamoDbTableLocalSecondaryIndex' {} a -> s {indexArn = a} :: AwsDynamoDbTableLocalSecondaryIndex)
+
+-- | The name of the index.
+awsDynamoDbTableLocalSecondaryIndex_indexName :: Lens.Lens' AwsDynamoDbTableLocalSecondaryIndex (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableLocalSecondaryIndex_indexName = Lens.lens (\AwsDynamoDbTableLocalSecondaryIndex' {indexName} -> indexName) (\s@AwsDynamoDbTableLocalSecondaryIndex' {} a -> s {indexName = a} :: AwsDynamoDbTableLocalSecondaryIndex)
+
+-- | The complete key schema for the index.
+awsDynamoDbTableLocalSecondaryIndex_keySchema :: Lens.Lens' AwsDynamoDbTableLocalSecondaryIndex (Prelude.Maybe [AwsDynamoDbTableKeySchema])
+awsDynamoDbTableLocalSecondaryIndex_keySchema = Lens.lens (\AwsDynamoDbTableLocalSecondaryIndex' {keySchema} -> keySchema) (\s@AwsDynamoDbTableLocalSecondaryIndex' {} a -> s {keySchema = a} :: AwsDynamoDbTableLocalSecondaryIndex) Prelude.. Lens.mapping Lens.coerced
+
+-- | Attributes that are copied from the table into the index. These are in
+-- addition to the primary key attributes and index key attributes, which
+-- are automatically projected.
+awsDynamoDbTableLocalSecondaryIndex_projection :: Lens.Lens' AwsDynamoDbTableLocalSecondaryIndex (Prelude.Maybe AwsDynamoDbTableProjection)
+awsDynamoDbTableLocalSecondaryIndex_projection = Lens.lens (\AwsDynamoDbTableLocalSecondaryIndex' {projection} -> projection) (\s@AwsDynamoDbTableLocalSecondaryIndex' {} a -> s {projection = a} :: AwsDynamoDbTableLocalSecondaryIndex)
+
+instance
+  Data.FromJSON
+    AwsDynamoDbTableLocalSecondaryIndex
+  where
+  parseJSON =
+    Data.withObject
+      "AwsDynamoDbTableLocalSecondaryIndex"
+      ( \x ->
+          AwsDynamoDbTableLocalSecondaryIndex'
+            Prelude.<$> (x Data..:? "IndexArn")
+            Prelude.<*> (x Data..:? "IndexName")
+            Prelude.<*> (x Data..:? "KeySchema" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Projection")
+      )
+
+instance
+  Prelude.Hashable
+    AwsDynamoDbTableLocalSecondaryIndex
+  where
+  hashWithSalt
+    _salt
+    AwsDynamoDbTableLocalSecondaryIndex' {..} =
+      _salt
+        `Prelude.hashWithSalt` indexArn
+        `Prelude.hashWithSalt` indexName
+        `Prelude.hashWithSalt` keySchema
+        `Prelude.hashWithSalt` projection
+
+instance
+  Prelude.NFData
+    AwsDynamoDbTableLocalSecondaryIndex
+  where
+  rnf AwsDynamoDbTableLocalSecondaryIndex' {..} =
+    Prelude.rnf indexArn
+      `Prelude.seq` Prelude.rnf indexName
+      `Prelude.seq` Prelude.rnf keySchema
+      `Prelude.seq` Prelude.rnf projection
+
+instance
+  Data.ToJSON
+    AwsDynamoDbTableLocalSecondaryIndex
+  where
+  toJSON AwsDynamoDbTableLocalSecondaryIndex' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("IndexArn" Data..=) Prelude.<$> indexArn,
+            ("IndexName" Data..=) Prelude.<$> indexName,
+            ("KeySchema" Data..=) Prelude.<$> keySchema,
+            ("Projection" Data..=) Prelude.<$> projection
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableProjection.hs b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableProjection.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableProjection.hs
@@ -0,0 +1,124 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsDynamoDbTableProjection
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsDynamoDbTableProjection where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | For global and local secondary indexes, identifies the attributes that
+-- are copied from the table into the index.
+--
+-- /See:/ 'newAwsDynamoDbTableProjection' smart constructor.
+data AwsDynamoDbTableProjection = AwsDynamoDbTableProjection'
+  { -- | The nonkey attributes that are projected into the index. For each
+    -- attribute, provide the attribute name.
+    nonKeyAttributes :: Prelude.Maybe [Prelude.Text],
+    -- | The types of attributes that are projected into the index. Valid values
+    -- are as follows:
+    --
+    -- -   @ALL@
+    --
+    -- -   @INCLUDE@
+    --
+    -- -   @KEYS_ONLY@
+    projectionType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsDynamoDbTableProjection' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nonKeyAttributes', 'awsDynamoDbTableProjection_nonKeyAttributes' - The nonkey attributes that are projected into the index. For each
+-- attribute, provide the attribute name.
+--
+-- 'projectionType', 'awsDynamoDbTableProjection_projectionType' - The types of attributes that are projected into the index. Valid values
+-- are as follows:
+--
+-- -   @ALL@
+--
+-- -   @INCLUDE@
+--
+-- -   @KEYS_ONLY@
+newAwsDynamoDbTableProjection ::
+  AwsDynamoDbTableProjection
+newAwsDynamoDbTableProjection =
+  AwsDynamoDbTableProjection'
+    { nonKeyAttributes =
+        Prelude.Nothing,
+      projectionType = Prelude.Nothing
+    }
+
+-- | The nonkey attributes that are projected into the index. For each
+-- attribute, provide the attribute name.
+awsDynamoDbTableProjection_nonKeyAttributes :: Lens.Lens' AwsDynamoDbTableProjection (Prelude.Maybe [Prelude.Text])
+awsDynamoDbTableProjection_nonKeyAttributes = Lens.lens (\AwsDynamoDbTableProjection' {nonKeyAttributes} -> nonKeyAttributes) (\s@AwsDynamoDbTableProjection' {} a -> s {nonKeyAttributes = a} :: AwsDynamoDbTableProjection) Prelude.. Lens.mapping Lens.coerced
+
+-- | The types of attributes that are projected into the index. Valid values
+-- are as follows:
+--
+-- -   @ALL@
+--
+-- -   @INCLUDE@
+--
+-- -   @KEYS_ONLY@
+awsDynamoDbTableProjection_projectionType :: Lens.Lens' AwsDynamoDbTableProjection (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableProjection_projectionType = Lens.lens (\AwsDynamoDbTableProjection' {projectionType} -> projectionType) (\s@AwsDynamoDbTableProjection' {} a -> s {projectionType = a} :: AwsDynamoDbTableProjection)
+
+instance Data.FromJSON AwsDynamoDbTableProjection where
+  parseJSON =
+    Data.withObject
+      "AwsDynamoDbTableProjection"
+      ( \x ->
+          AwsDynamoDbTableProjection'
+            Prelude.<$> ( x
+                            Data..:? "NonKeyAttributes"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ProjectionType")
+      )
+
+instance Prelude.Hashable AwsDynamoDbTableProjection where
+  hashWithSalt _salt AwsDynamoDbTableProjection' {..} =
+    _salt
+      `Prelude.hashWithSalt` nonKeyAttributes
+      `Prelude.hashWithSalt` projectionType
+
+instance Prelude.NFData AwsDynamoDbTableProjection where
+  rnf AwsDynamoDbTableProjection' {..} =
+    Prelude.rnf nonKeyAttributes
+      `Prelude.seq` Prelude.rnf projectionType
+
+instance Data.ToJSON AwsDynamoDbTableProjection where
+  toJSON AwsDynamoDbTableProjection' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("NonKeyAttributes" Data..=)
+              Prelude.<$> nonKeyAttributes,
+            ("ProjectionType" Data..=)
+              Prelude.<$> projectionType
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableProvisionedThroughput.hs b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableProvisionedThroughput.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableProvisionedThroughput.hs
@@ -0,0 +1,194 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsDynamoDbTableProvisionedThroughput
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsDynamoDbTableProvisionedThroughput where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the provisioned throughput for the table or for a
+-- global secondary index.
+--
+-- /See:/ 'newAwsDynamoDbTableProvisionedThroughput' smart constructor.
+data AwsDynamoDbTableProvisionedThroughput = AwsDynamoDbTableProvisionedThroughput'
+  { -- | Indicates when the provisioned throughput was last decreased.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    lastDecreaseDateTime :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the provisioned throughput was last increased.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    lastIncreaseDateTime :: Prelude.Maybe Prelude.Text,
+    -- | The number of times during the current UTC calendar day that the
+    -- provisioned throughput was decreased.
+    numberOfDecreasesToday :: Prelude.Maybe Prelude.Int,
+    -- | The maximum number of strongly consistent reads consumed per second
+    -- before DynamoDB returns a @ThrottlingException@.
+    readCapacityUnits :: Prelude.Maybe Prelude.Int,
+    -- | The maximum number of writes consumed per second before DynamoDB returns
+    -- a @ThrottlingException@.
+    writeCapacityUnits :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsDynamoDbTableProvisionedThroughput' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'lastDecreaseDateTime', 'awsDynamoDbTableProvisionedThroughput_lastDecreaseDateTime' - Indicates when the provisioned throughput was last decreased.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'lastIncreaseDateTime', 'awsDynamoDbTableProvisionedThroughput_lastIncreaseDateTime' - Indicates when the provisioned throughput was last increased.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'numberOfDecreasesToday', 'awsDynamoDbTableProvisionedThroughput_numberOfDecreasesToday' - The number of times during the current UTC calendar day that the
+-- provisioned throughput was decreased.
+--
+-- 'readCapacityUnits', 'awsDynamoDbTableProvisionedThroughput_readCapacityUnits' - The maximum number of strongly consistent reads consumed per second
+-- before DynamoDB returns a @ThrottlingException@.
+--
+-- 'writeCapacityUnits', 'awsDynamoDbTableProvisionedThroughput_writeCapacityUnits' - The maximum number of writes consumed per second before DynamoDB returns
+-- a @ThrottlingException@.
+newAwsDynamoDbTableProvisionedThroughput ::
+  AwsDynamoDbTableProvisionedThroughput
+newAwsDynamoDbTableProvisionedThroughput =
+  AwsDynamoDbTableProvisionedThroughput'
+    { lastDecreaseDateTime =
+        Prelude.Nothing,
+      lastIncreaseDateTime =
+        Prelude.Nothing,
+      numberOfDecreasesToday =
+        Prelude.Nothing,
+      readCapacityUnits = Prelude.Nothing,
+      writeCapacityUnits = Prelude.Nothing
+    }
+
+-- | Indicates when the provisioned throughput was last decreased.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsDynamoDbTableProvisionedThroughput_lastDecreaseDateTime :: Lens.Lens' AwsDynamoDbTableProvisionedThroughput (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableProvisionedThroughput_lastDecreaseDateTime = Lens.lens (\AwsDynamoDbTableProvisionedThroughput' {lastDecreaseDateTime} -> lastDecreaseDateTime) (\s@AwsDynamoDbTableProvisionedThroughput' {} a -> s {lastDecreaseDateTime = a} :: AwsDynamoDbTableProvisionedThroughput)
+
+-- | Indicates when the provisioned throughput was last increased.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsDynamoDbTableProvisionedThroughput_lastIncreaseDateTime :: Lens.Lens' AwsDynamoDbTableProvisionedThroughput (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableProvisionedThroughput_lastIncreaseDateTime = Lens.lens (\AwsDynamoDbTableProvisionedThroughput' {lastIncreaseDateTime} -> lastIncreaseDateTime) (\s@AwsDynamoDbTableProvisionedThroughput' {} a -> s {lastIncreaseDateTime = a} :: AwsDynamoDbTableProvisionedThroughput)
+
+-- | The number of times during the current UTC calendar day that the
+-- provisioned throughput was decreased.
+awsDynamoDbTableProvisionedThroughput_numberOfDecreasesToday :: Lens.Lens' AwsDynamoDbTableProvisionedThroughput (Prelude.Maybe Prelude.Int)
+awsDynamoDbTableProvisionedThroughput_numberOfDecreasesToday = Lens.lens (\AwsDynamoDbTableProvisionedThroughput' {numberOfDecreasesToday} -> numberOfDecreasesToday) (\s@AwsDynamoDbTableProvisionedThroughput' {} a -> s {numberOfDecreasesToday = a} :: AwsDynamoDbTableProvisionedThroughput)
+
+-- | The maximum number of strongly consistent reads consumed per second
+-- before DynamoDB returns a @ThrottlingException@.
+awsDynamoDbTableProvisionedThroughput_readCapacityUnits :: Lens.Lens' AwsDynamoDbTableProvisionedThroughput (Prelude.Maybe Prelude.Int)
+awsDynamoDbTableProvisionedThroughput_readCapacityUnits = Lens.lens (\AwsDynamoDbTableProvisionedThroughput' {readCapacityUnits} -> readCapacityUnits) (\s@AwsDynamoDbTableProvisionedThroughput' {} a -> s {readCapacityUnits = a} :: AwsDynamoDbTableProvisionedThroughput)
+
+-- | The maximum number of writes consumed per second before DynamoDB returns
+-- a @ThrottlingException@.
+awsDynamoDbTableProvisionedThroughput_writeCapacityUnits :: Lens.Lens' AwsDynamoDbTableProvisionedThroughput (Prelude.Maybe Prelude.Int)
+awsDynamoDbTableProvisionedThroughput_writeCapacityUnits = Lens.lens (\AwsDynamoDbTableProvisionedThroughput' {writeCapacityUnits} -> writeCapacityUnits) (\s@AwsDynamoDbTableProvisionedThroughput' {} a -> s {writeCapacityUnits = a} :: AwsDynamoDbTableProvisionedThroughput)
+
+instance
+  Data.FromJSON
+    AwsDynamoDbTableProvisionedThroughput
+  where
+  parseJSON =
+    Data.withObject
+      "AwsDynamoDbTableProvisionedThroughput"
+      ( \x ->
+          AwsDynamoDbTableProvisionedThroughput'
+            Prelude.<$> (x Data..:? "LastDecreaseDateTime")
+            Prelude.<*> (x Data..:? "LastIncreaseDateTime")
+            Prelude.<*> (x Data..:? "NumberOfDecreasesToday")
+            Prelude.<*> (x Data..:? "ReadCapacityUnits")
+            Prelude.<*> (x Data..:? "WriteCapacityUnits")
+      )
+
+instance
+  Prelude.Hashable
+    AwsDynamoDbTableProvisionedThroughput
+  where
+  hashWithSalt
+    _salt
+    AwsDynamoDbTableProvisionedThroughput' {..} =
+      _salt
+        `Prelude.hashWithSalt` lastDecreaseDateTime
+        `Prelude.hashWithSalt` lastIncreaseDateTime
+        `Prelude.hashWithSalt` numberOfDecreasesToday
+        `Prelude.hashWithSalt` readCapacityUnits
+        `Prelude.hashWithSalt` writeCapacityUnits
+
+instance
+  Prelude.NFData
+    AwsDynamoDbTableProvisionedThroughput
+  where
+  rnf AwsDynamoDbTableProvisionedThroughput' {..} =
+    Prelude.rnf lastDecreaseDateTime
+      `Prelude.seq` Prelude.rnf lastIncreaseDateTime
+      `Prelude.seq` Prelude.rnf numberOfDecreasesToday
+      `Prelude.seq` Prelude.rnf readCapacityUnits
+      `Prelude.seq` Prelude.rnf writeCapacityUnits
+
+instance
+  Data.ToJSON
+    AwsDynamoDbTableProvisionedThroughput
+  where
+  toJSON AwsDynamoDbTableProvisionedThroughput' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("LastDecreaseDateTime" Data..=)
+              Prelude.<$> lastDecreaseDateTime,
+            ("LastIncreaseDateTime" Data..=)
+              Prelude.<$> lastIncreaseDateTime,
+            ("NumberOfDecreasesToday" Data..=)
+              Prelude.<$> numberOfDecreasesToday,
+            ("ReadCapacityUnits" Data..=)
+              Prelude.<$> readCapacityUnits,
+            ("WriteCapacityUnits" Data..=)
+              Prelude.<$> writeCapacityUnits
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableProvisionedThroughputOverride.hs b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableProvisionedThroughputOverride.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableProvisionedThroughputOverride.hs
@@ -0,0 +1,97 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsDynamoDbTableProvisionedThroughputOverride
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsDynamoDbTableProvisionedThroughputOverride where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Replica-specific configuration for the provisioned throughput.
+--
+-- /See:/ 'newAwsDynamoDbTableProvisionedThroughputOverride' smart constructor.
+data AwsDynamoDbTableProvisionedThroughputOverride = AwsDynamoDbTableProvisionedThroughputOverride'
+  { -- | The read capacity units for the replica.
+    readCapacityUnits :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsDynamoDbTableProvisionedThroughputOverride' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'readCapacityUnits', 'awsDynamoDbTableProvisionedThroughputOverride_readCapacityUnits' - The read capacity units for the replica.
+newAwsDynamoDbTableProvisionedThroughputOverride ::
+  AwsDynamoDbTableProvisionedThroughputOverride
+newAwsDynamoDbTableProvisionedThroughputOverride =
+  AwsDynamoDbTableProvisionedThroughputOverride'
+    { readCapacityUnits =
+        Prelude.Nothing
+    }
+
+-- | The read capacity units for the replica.
+awsDynamoDbTableProvisionedThroughputOverride_readCapacityUnits :: Lens.Lens' AwsDynamoDbTableProvisionedThroughputOverride (Prelude.Maybe Prelude.Int)
+awsDynamoDbTableProvisionedThroughputOverride_readCapacityUnits = Lens.lens (\AwsDynamoDbTableProvisionedThroughputOverride' {readCapacityUnits} -> readCapacityUnits) (\s@AwsDynamoDbTableProvisionedThroughputOverride' {} a -> s {readCapacityUnits = a} :: AwsDynamoDbTableProvisionedThroughputOverride)
+
+instance
+  Data.FromJSON
+    AwsDynamoDbTableProvisionedThroughputOverride
+  where
+  parseJSON =
+    Data.withObject
+      "AwsDynamoDbTableProvisionedThroughputOverride"
+      ( \x ->
+          AwsDynamoDbTableProvisionedThroughputOverride'
+            Prelude.<$> (x Data..:? "ReadCapacityUnits")
+      )
+
+instance
+  Prelude.Hashable
+    AwsDynamoDbTableProvisionedThroughputOverride
+  where
+  hashWithSalt
+    _salt
+    AwsDynamoDbTableProvisionedThroughputOverride' {..} =
+      _salt `Prelude.hashWithSalt` readCapacityUnits
+
+instance
+  Prelude.NFData
+    AwsDynamoDbTableProvisionedThroughputOverride
+  where
+  rnf
+    AwsDynamoDbTableProvisionedThroughputOverride' {..} =
+      Prelude.rnf readCapacityUnits
+
+instance
+  Data.ToJSON
+    AwsDynamoDbTableProvisionedThroughputOverride
+  where
+  toJSON
+    AwsDynamoDbTableProvisionedThroughputOverride' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("ReadCapacityUnits" Data..=)
+                Prelude.<$> readCapacityUnits
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableReplica.hs b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableReplica.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableReplica.hs
@@ -0,0 +1,188 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsDynamoDbTableReplica
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsDynamoDbTableReplica where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableProvisionedThroughputOverride
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableReplicaGlobalSecondaryIndex
+
+-- | Information about a replica of a DynamoDB table.
+--
+-- /See:/ 'newAwsDynamoDbTableReplica' smart constructor.
+data AwsDynamoDbTableReplica = AwsDynamoDbTableReplica'
+  { -- | List of global secondary indexes for the replica.
+    globalSecondaryIndexes :: Prelude.Maybe [AwsDynamoDbTableReplicaGlobalSecondaryIndex],
+    -- | The identifier of the KMS key that will be used for KMS encryption for
+    -- the replica.
+    kmsMasterKeyId :: Prelude.Maybe Prelude.Text,
+    -- | Replica-specific configuration for the provisioned throughput.
+    provisionedThroughputOverride :: Prelude.Maybe AwsDynamoDbTableProvisionedThroughputOverride,
+    -- | The name of the Region where the replica is located.
+    regionName :: Prelude.Maybe Prelude.Text,
+    -- | The current status of the replica. Valid values are as follows:
+    --
+    -- -   @ACTIVE@
+    --
+    -- -   @CREATING@
+    --
+    -- -   @CREATION_FAILED@
+    --
+    -- -   @DELETING@
+    --
+    -- -   @UPDATING@
+    replicaStatus :: Prelude.Maybe Prelude.Text,
+    -- | Detailed information about the replica status.
+    replicaStatusDescription :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsDynamoDbTableReplica' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'globalSecondaryIndexes', 'awsDynamoDbTableReplica_globalSecondaryIndexes' - List of global secondary indexes for the replica.
+--
+-- 'kmsMasterKeyId', 'awsDynamoDbTableReplica_kmsMasterKeyId' - The identifier of the KMS key that will be used for KMS encryption for
+-- the replica.
+--
+-- 'provisionedThroughputOverride', 'awsDynamoDbTableReplica_provisionedThroughputOverride' - Replica-specific configuration for the provisioned throughput.
+--
+-- 'regionName', 'awsDynamoDbTableReplica_regionName' - The name of the Region where the replica is located.
+--
+-- 'replicaStatus', 'awsDynamoDbTableReplica_replicaStatus' - The current status of the replica. Valid values are as follows:
+--
+-- -   @ACTIVE@
+--
+-- -   @CREATING@
+--
+-- -   @CREATION_FAILED@
+--
+-- -   @DELETING@
+--
+-- -   @UPDATING@
+--
+-- 'replicaStatusDescription', 'awsDynamoDbTableReplica_replicaStatusDescription' - Detailed information about the replica status.
+newAwsDynamoDbTableReplica ::
+  AwsDynamoDbTableReplica
+newAwsDynamoDbTableReplica =
+  AwsDynamoDbTableReplica'
+    { globalSecondaryIndexes =
+        Prelude.Nothing,
+      kmsMasterKeyId = Prelude.Nothing,
+      provisionedThroughputOverride = Prelude.Nothing,
+      regionName = Prelude.Nothing,
+      replicaStatus = Prelude.Nothing,
+      replicaStatusDescription = Prelude.Nothing
+    }
+
+-- | List of global secondary indexes for the replica.
+awsDynamoDbTableReplica_globalSecondaryIndexes :: Lens.Lens' AwsDynamoDbTableReplica (Prelude.Maybe [AwsDynamoDbTableReplicaGlobalSecondaryIndex])
+awsDynamoDbTableReplica_globalSecondaryIndexes = Lens.lens (\AwsDynamoDbTableReplica' {globalSecondaryIndexes} -> globalSecondaryIndexes) (\s@AwsDynamoDbTableReplica' {} a -> s {globalSecondaryIndexes = a} :: AwsDynamoDbTableReplica) Prelude.. Lens.mapping Lens.coerced
+
+-- | The identifier of the KMS key that will be used for KMS encryption for
+-- the replica.
+awsDynamoDbTableReplica_kmsMasterKeyId :: Lens.Lens' AwsDynamoDbTableReplica (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableReplica_kmsMasterKeyId = Lens.lens (\AwsDynamoDbTableReplica' {kmsMasterKeyId} -> kmsMasterKeyId) (\s@AwsDynamoDbTableReplica' {} a -> s {kmsMasterKeyId = a} :: AwsDynamoDbTableReplica)
+
+-- | Replica-specific configuration for the provisioned throughput.
+awsDynamoDbTableReplica_provisionedThroughputOverride :: Lens.Lens' AwsDynamoDbTableReplica (Prelude.Maybe AwsDynamoDbTableProvisionedThroughputOverride)
+awsDynamoDbTableReplica_provisionedThroughputOverride = Lens.lens (\AwsDynamoDbTableReplica' {provisionedThroughputOverride} -> provisionedThroughputOverride) (\s@AwsDynamoDbTableReplica' {} a -> s {provisionedThroughputOverride = a} :: AwsDynamoDbTableReplica)
+
+-- | The name of the Region where the replica is located.
+awsDynamoDbTableReplica_regionName :: Lens.Lens' AwsDynamoDbTableReplica (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableReplica_regionName = Lens.lens (\AwsDynamoDbTableReplica' {regionName} -> regionName) (\s@AwsDynamoDbTableReplica' {} a -> s {regionName = a} :: AwsDynamoDbTableReplica)
+
+-- | The current status of the replica. Valid values are as follows:
+--
+-- -   @ACTIVE@
+--
+-- -   @CREATING@
+--
+-- -   @CREATION_FAILED@
+--
+-- -   @DELETING@
+--
+-- -   @UPDATING@
+awsDynamoDbTableReplica_replicaStatus :: Lens.Lens' AwsDynamoDbTableReplica (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableReplica_replicaStatus = Lens.lens (\AwsDynamoDbTableReplica' {replicaStatus} -> replicaStatus) (\s@AwsDynamoDbTableReplica' {} a -> s {replicaStatus = a} :: AwsDynamoDbTableReplica)
+
+-- | Detailed information about the replica status.
+awsDynamoDbTableReplica_replicaStatusDescription :: Lens.Lens' AwsDynamoDbTableReplica (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableReplica_replicaStatusDescription = Lens.lens (\AwsDynamoDbTableReplica' {replicaStatusDescription} -> replicaStatusDescription) (\s@AwsDynamoDbTableReplica' {} a -> s {replicaStatusDescription = a} :: AwsDynamoDbTableReplica)
+
+instance Data.FromJSON AwsDynamoDbTableReplica where
+  parseJSON =
+    Data.withObject
+      "AwsDynamoDbTableReplica"
+      ( \x ->
+          AwsDynamoDbTableReplica'
+            Prelude.<$> ( x
+                            Data..:? "GlobalSecondaryIndexes"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "KmsMasterKeyId")
+            Prelude.<*> (x Data..:? "ProvisionedThroughputOverride")
+            Prelude.<*> (x Data..:? "RegionName")
+            Prelude.<*> (x Data..:? "ReplicaStatus")
+            Prelude.<*> (x Data..:? "ReplicaStatusDescription")
+      )
+
+instance Prelude.Hashable AwsDynamoDbTableReplica where
+  hashWithSalt _salt AwsDynamoDbTableReplica' {..} =
+    _salt
+      `Prelude.hashWithSalt` globalSecondaryIndexes
+      `Prelude.hashWithSalt` kmsMasterKeyId
+      `Prelude.hashWithSalt` provisionedThroughputOverride
+      `Prelude.hashWithSalt` regionName
+      `Prelude.hashWithSalt` replicaStatus
+      `Prelude.hashWithSalt` replicaStatusDescription
+
+instance Prelude.NFData AwsDynamoDbTableReplica where
+  rnf AwsDynamoDbTableReplica' {..} =
+    Prelude.rnf globalSecondaryIndexes
+      `Prelude.seq` Prelude.rnf kmsMasterKeyId
+      `Prelude.seq` Prelude.rnf provisionedThroughputOverride
+      `Prelude.seq` Prelude.rnf regionName
+      `Prelude.seq` Prelude.rnf replicaStatus
+      `Prelude.seq` Prelude.rnf replicaStatusDescription
+
+instance Data.ToJSON AwsDynamoDbTableReplica where
+  toJSON AwsDynamoDbTableReplica' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("GlobalSecondaryIndexes" Data..=)
+              Prelude.<$> globalSecondaryIndexes,
+            ("KmsMasterKeyId" Data..=)
+              Prelude.<$> kmsMasterKeyId,
+            ("ProvisionedThroughputOverride" Data..=)
+              Prelude.<$> provisionedThroughputOverride,
+            ("RegionName" Data..=) Prelude.<$> regionName,
+            ("ReplicaStatus" Data..=) Prelude.<$> replicaStatus,
+            ("ReplicaStatusDescription" Data..=)
+              Prelude.<$> replicaStatusDescription
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableReplicaGlobalSecondaryIndex.hs b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableReplicaGlobalSecondaryIndex.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableReplicaGlobalSecondaryIndex.hs
@@ -0,0 +1,115 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsDynamoDbTableReplicaGlobalSecondaryIndex
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsDynamoDbTableReplicaGlobalSecondaryIndex where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableProvisionedThroughputOverride
+
+-- | Information about a global secondary index for a DynamoDB table replica.
+--
+-- /See:/ 'newAwsDynamoDbTableReplicaGlobalSecondaryIndex' smart constructor.
+data AwsDynamoDbTableReplicaGlobalSecondaryIndex = AwsDynamoDbTableReplicaGlobalSecondaryIndex'
+  { -- | The name of the index.
+    indexName :: Prelude.Maybe Prelude.Text,
+    -- | Replica-specific configuration for the provisioned throughput for the
+    -- index.
+    provisionedThroughputOverride :: Prelude.Maybe AwsDynamoDbTableProvisionedThroughputOverride
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsDynamoDbTableReplicaGlobalSecondaryIndex' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'indexName', 'awsDynamoDbTableReplicaGlobalSecondaryIndex_indexName' - The name of the index.
+--
+-- 'provisionedThroughputOverride', 'awsDynamoDbTableReplicaGlobalSecondaryIndex_provisionedThroughputOverride' - Replica-specific configuration for the provisioned throughput for the
+-- index.
+newAwsDynamoDbTableReplicaGlobalSecondaryIndex ::
+  AwsDynamoDbTableReplicaGlobalSecondaryIndex
+newAwsDynamoDbTableReplicaGlobalSecondaryIndex =
+  AwsDynamoDbTableReplicaGlobalSecondaryIndex'
+    { indexName =
+        Prelude.Nothing,
+      provisionedThroughputOverride =
+        Prelude.Nothing
+    }
+
+-- | The name of the index.
+awsDynamoDbTableReplicaGlobalSecondaryIndex_indexName :: Lens.Lens' AwsDynamoDbTableReplicaGlobalSecondaryIndex (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableReplicaGlobalSecondaryIndex_indexName = Lens.lens (\AwsDynamoDbTableReplicaGlobalSecondaryIndex' {indexName} -> indexName) (\s@AwsDynamoDbTableReplicaGlobalSecondaryIndex' {} a -> s {indexName = a} :: AwsDynamoDbTableReplicaGlobalSecondaryIndex)
+
+-- | Replica-specific configuration for the provisioned throughput for the
+-- index.
+awsDynamoDbTableReplicaGlobalSecondaryIndex_provisionedThroughputOverride :: Lens.Lens' AwsDynamoDbTableReplicaGlobalSecondaryIndex (Prelude.Maybe AwsDynamoDbTableProvisionedThroughputOverride)
+awsDynamoDbTableReplicaGlobalSecondaryIndex_provisionedThroughputOverride = Lens.lens (\AwsDynamoDbTableReplicaGlobalSecondaryIndex' {provisionedThroughputOverride} -> provisionedThroughputOverride) (\s@AwsDynamoDbTableReplicaGlobalSecondaryIndex' {} a -> s {provisionedThroughputOverride = a} :: AwsDynamoDbTableReplicaGlobalSecondaryIndex)
+
+instance
+  Data.FromJSON
+    AwsDynamoDbTableReplicaGlobalSecondaryIndex
+  where
+  parseJSON =
+    Data.withObject
+      "AwsDynamoDbTableReplicaGlobalSecondaryIndex"
+      ( \x ->
+          AwsDynamoDbTableReplicaGlobalSecondaryIndex'
+            Prelude.<$> (x Data..:? "IndexName")
+            Prelude.<*> (x Data..:? "ProvisionedThroughputOverride")
+      )
+
+instance
+  Prelude.Hashable
+    AwsDynamoDbTableReplicaGlobalSecondaryIndex
+  where
+  hashWithSalt
+    _salt
+    AwsDynamoDbTableReplicaGlobalSecondaryIndex' {..} =
+      _salt
+        `Prelude.hashWithSalt` indexName
+        `Prelude.hashWithSalt` provisionedThroughputOverride
+
+instance
+  Prelude.NFData
+    AwsDynamoDbTableReplicaGlobalSecondaryIndex
+  where
+  rnf AwsDynamoDbTableReplicaGlobalSecondaryIndex' {..} =
+    Prelude.rnf indexName
+      `Prelude.seq` Prelude.rnf provisionedThroughputOverride
+
+instance
+  Data.ToJSON
+    AwsDynamoDbTableReplicaGlobalSecondaryIndex
+  where
+  toJSON
+    AwsDynamoDbTableReplicaGlobalSecondaryIndex' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("IndexName" Data..=) Prelude.<$> indexName,
+              ("ProvisionedThroughputOverride" Data..=)
+                Prelude.<$> provisionedThroughputOverride
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableRestoreSummary.hs b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableRestoreSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableRestoreSummary.hs
@@ -0,0 +1,147 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsDynamoDbTableRestoreSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsDynamoDbTableRestoreSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the restore for the table.
+--
+-- /See:/ 'newAwsDynamoDbTableRestoreSummary' smart constructor.
+data AwsDynamoDbTableRestoreSummary = AwsDynamoDbTableRestoreSummary'
+  { -- | Indicates the point in time that the table was restored to.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    restoreDateTime :: Prelude.Maybe Prelude.Text,
+    -- | Whether a restore is currently in progress.
+    restoreInProgress :: Prelude.Maybe Prelude.Bool,
+    -- | The ARN of the source backup from which the table was restored.
+    sourceBackupArn :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the source table for the backup.
+    sourceTableArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsDynamoDbTableRestoreSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'restoreDateTime', 'awsDynamoDbTableRestoreSummary_restoreDateTime' - Indicates the point in time that the table was restored to.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'restoreInProgress', 'awsDynamoDbTableRestoreSummary_restoreInProgress' - Whether a restore is currently in progress.
+--
+-- 'sourceBackupArn', 'awsDynamoDbTableRestoreSummary_sourceBackupArn' - The ARN of the source backup from which the table was restored.
+--
+-- 'sourceTableArn', 'awsDynamoDbTableRestoreSummary_sourceTableArn' - The ARN of the source table for the backup.
+newAwsDynamoDbTableRestoreSummary ::
+  AwsDynamoDbTableRestoreSummary
+newAwsDynamoDbTableRestoreSummary =
+  AwsDynamoDbTableRestoreSummary'
+    { restoreDateTime =
+        Prelude.Nothing,
+      restoreInProgress = Prelude.Nothing,
+      sourceBackupArn = Prelude.Nothing,
+      sourceTableArn = Prelude.Nothing
+    }
+
+-- | Indicates the point in time that the table was restored to.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsDynamoDbTableRestoreSummary_restoreDateTime :: Lens.Lens' AwsDynamoDbTableRestoreSummary (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableRestoreSummary_restoreDateTime = Lens.lens (\AwsDynamoDbTableRestoreSummary' {restoreDateTime} -> restoreDateTime) (\s@AwsDynamoDbTableRestoreSummary' {} a -> s {restoreDateTime = a} :: AwsDynamoDbTableRestoreSummary)
+
+-- | Whether a restore is currently in progress.
+awsDynamoDbTableRestoreSummary_restoreInProgress :: Lens.Lens' AwsDynamoDbTableRestoreSummary (Prelude.Maybe Prelude.Bool)
+awsDynamoDbTableRestoreSummary_restoreInProgress = Lens.lens (\AwsDynamoDbTableRestoreSummary' {restoreInProgress} -> restoreInProgress) (\s@AwsDynamoDbTableRestoreSummary' {} a -> s {restoreInProgress = a} :: AwsDynamoDbTableRestoreSummary)
+
+-- | The ARN of the source backup from which the table was restored.
+awsDynamoDbTableRestoreSummary_sourceBackupArn :: Lens.Lens' AwsDynamoDbTableRestoreSummary (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableRestoreSummary_sourceBackupArn = Lens.lens (\AwsDynamoDbTableRestoreSummary' {sourceBackupArn} -> sourceBackupArn) (\s@AwsDynamoDbTableRestoreSummary' {} a -> s {sourceBackupArn = a} :: AwsDynamoDbTableRestoreSummary)
+
+-- | The ARN of the source table for the backup.
+awsDynamoDbTableRestoreSummary_sourceTableArn :: Lens.Lens' AwsDynamoDbTableRestoreSummary (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableRestoreSummary_sourceTableArn = Lens.lens (\AwsDynamoDbTableRestoreSummary' {sourceTableArn} -> sourceTableArn) (\s@AwsDynamoDbTableRestoreSummary' {} a -> s {sourceTableArn = a} :: AwsDynamoDbTableRestoreSummary)
+
+instance Data.FromJSON AwsDynamoDbTableRestoreSummary where
+  parseJSON =
+    Data.withObject
+      "AwsDynamoDbTableRestoreSummary"
+      ( \x ->
+          AwsDynamoDbTableRestoreSummary'
+            Prelude.<$> (x Data..:? "RestoreDateTime")
+            Prelude.<*> (x Data..:? "RestoreInProgress")
+            Prelude.<*> (x Data..:? "SourceBackupArn")
+            Prelude.<*> (x Data..:? "SourceTableArn")
+      )
+
+instance
+  Prelude.Hashable
+    AwsDynamoDbTableRestoreSummary
+  where
+  hashWithSalt
+    _salt
+    AwsDynamoDbTableRestoreSummary' {..} =
+      _salt
+        `Prelude.hashWithSalt` restoreDateTime
+        `Prelude.hashWithSalt` restoreInProgress
+        `Prelude.hashWithSalt` sourceBackupArn
+        `Prelude.hashWithSalt` sourceTableArn
+
+instance
+  Prelude.NFData
+    AwsDynamoDbTableRestoreSummary
+  where
+  rnf AwsDynamoDbTableRestoreSummary' {..} =
+    Prelude.rnf restoreDateTime
+      `Prelude.seq` Prelude.rnf restoreInProgress
+      `Prelude.seq` Prelude.rnf sourceBackupArn
+      `Prelude.seq` Prelude.rnf sourceTableArn
+
+instance Data.ToJSON AwsDynamoDbTableRestoreSummary where
+  toJSON AwsDynamoDbTableRestoreSummary' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("RestoreDateTime" Data..=)
+              Prelude.<$> restoreDateTime,
+            ("RestoreInProgress" Data..=)
+              Prelude.<$> restoreInProgress,
+            ("SourceBackupArn" Data..=)
+              Prelude.<$> sourceBackupArn,
+            ("SourceTableArn" Data..=)
+              Prelude.<$> sourceTableArn
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableSseDescription.hs b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableSseDescription.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableSseDescription.hs
@@ -0,0 +1,148 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsDynamoDbTableSseDescription
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsDynamoDbTableSseDescription where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the server-side encryption for the table.
+--
+-- /See:/ 'newAwsDynamoDbTableSseDescription' smart constructor.
+data AwsDynamoDbTableSseDescription = AwsDynamoDbTableSseDescription'
+  { -- | If the key is inaccessible, the date and time when DynamoDB detected
+    -- that the key was inaccessible.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    inaccessibleEncryptionDateTime :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the KMS key that is used for the KMS encryption.
+    kmsMasterKeyArn :: Prelude.Maybe Prelude.Text,
+    -- | The type of server-side encryption.
+    sseType :: Prelude.Maybe Prelude.Text,
+    -- | The status of the server-side encryption.
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsDynamoDbTableSseDescription' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'inaccessibleEncryptionDateTime', 'awsDynamoDbTableSseDescription_inaccessibleEncryptionDateTime' - If the key is inaccessible, the date and time when DynamoDB detected
+-- that the key was inaccessible.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'kmsMasterKeyArn', 'awsDynamoDbTableSseDescription_kmsMasterKeyArn' - The ARN of the KMS key that is used for the KMS encryption.
+--
+-- 'sseType', 'awsDynamoDbTableSseDescription_sseType' - The type of server-side encryption.
+--
+-- 'status', 'awsDynamoDbTableSseDescription_status' - The status of the server-side encryption.
+newAwsDynamoDbTableSseDescription ::
+  AwsDynamoDbTableSseDescription
+newAwsDynamoDbTableSseDescription =
+  AwsDynamoDbTableSseDescription'
+    { inaccessibleEncryptionDateTime =
+        Prelude.Nothing,
+      kmsMasterKeyArn = Prelude.Nothing,
+      sseType = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | If the key is inaccessible, the date and time when DynamoDB detected
+-- that the key was inaccessible.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsDynamoDbTableSseDescription_inaccessibleEncryptionDateTime :: Lens.Lens' AwsDynamoDbTableSseDescription (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableSseDescription_inaccessibleEncryptionDateTime = Lens.lens (\AwsDynamoDbTableSseDescription' {inaccessibleEncryptionDateTime} -> inaccessibleEncryptionDateTime) (\s@AwsDynamoDbTableSseDescription' {} a -> s {inaccessibleEncryptionDateTime = a} :: AwsDynamoDbTableSseDescription)
+
+-- | The ARN of the KMS key that is used for the KMS encryption.
+awsDynamoDbTableSseDescription_kmsMasterKeyArn :: Lens.Lens' AwsDynamoDbTableSseDescription (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableSseDescription_kmsMasterKeyArn = Lens.lens (\AwsDynamoDbTableSseDescription' {kmsMasterKeyArn} -> kmsMasterKeyArn) (\s@AwsDynamoDbTableSseDescription' {} a -> s {kmsMasterKeyArn = a} :: AwsDynamoDbTableSseDescription)
+
+-- | The type of server-side encryption.
+awsDynamoDbTableSseDescription_sseType :: Lens.Lens' AwsDynamoDbTableSseDescription (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableSseDescription_sseType = Lens.lens (\AwsDynamoDbTableSseDescription' {sseType} -> sseType) (\s@AwsDynamoDbTableSseDescription' {} a -> s {sseType = a} :: AwsDynamoDbTableSseDescription)
+
+-- | The status of the server-side encryption.
+awsDynamoDbTableSseDescription_status :: Lens.Lens' AwsDynamoDbTableSseDescription (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableSseDescription_status = Lens.lens (\AwsDynamoDbTableSseDescription' {status} -> status) (\s@AwsDynamoDbTableSseDescription' {} a -> s {status = a} :: AwsDynamoDbTableSseDescription)
+
+instance Data.FromJSON AwsDynamoDbTableSseDescription where
+  parseJSON =
+    Data.withObject
+      "AwsDynamoDbTableSseDescription"
+      ( \x ->
+          AwsDynamoDbTableSseDescription'
+            Prelude.<$> (x Data..:? "InaccessibleEncryptionDateTime")
+            Prelude.<*> (x Data..:? "KmsMasterKeyArn")
+            Prelude.<*> (x Data..:? "SseType")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    AwsDynamoDbTableSseDescription
+  where
+  hashWithSalt
+    _salt
+    AwsDynamoDbTableSseDescription' {..} =
+      _salt
+        `Prelude.hashWithSalt` inaccessibleEncryptionDateTime
+        `Prelude.hashWithSalt` kmsMasterKeyArn
+        `Prelude.hashWithSalt` sseType
+        `Prelude.hashWithSalt` status
+
+instance
+  Prelude.NFData
+    AwsDynamoDbTableSseDescription
+  where
+  rnf AwsDynamoDbTableSseDescription' {..} =
+    Prelude.rnf inaccessibleEncryptionDateTime
+      `Prelude.seq` Prelude.rnf kmsMasterKeyArn
+      `Prelude.seq` Prelude.rnf sseType
+      `Prelude.seq` Prelude.rnf status
+
+instance Data.ToJSON AwsDynamoDbTableSseDescription where
+  toJSON AwsDynamoDbTableSseDescription' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("InaccessibleEncryptionDateTime" Data..=)
+              Prelude.<$> inaccessibleEncryptionDateTime,
+            ("KmsMasterKeyArn" Data..=)
+              Prelude.<$> kmsMasterKeyArn,
+            ("SseType" Data..=) Prelude.<$> sseType,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableStreamSpecification.hs b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableStreamSpecification.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsDynamoDbTableStreamSpecification.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsDynamoDbTableStreamSpecification
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsDynamoDbTableStreamSpecification where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The current DynamoDB Streams configuration for the table.
+--
+-- /See:/ 'newAwsDynamoDbTableStreamSpecification' smart constructor.
+data AwsDynamoDbTableStreamSpecification = AwsDynamoDbTableStreamSpecification'
+  { -- | Indicates whether DynamoDB Streams is enabled on the table.
+    streamEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | Determines the information that is written to the table.
+    streamViewType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsDynamoDbTableStreamSpecification' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'streamEnabled', 'awsDynamoDbTableStreamSpecification_streamEnabled' - Indicates whether DynamoDB Streams is enabled on the table.
+--
+-- 'streamViewType', 'awsDynamoDbTableStreamSpecification_streamViewType' - Determines the information that is written to the table.
+newAwsDynamoDbTableStreamSpecification ::
+  AwsDynamoDbTableStreamSpecification
+newAwsDynamoDbTableStreamSpecification =
+  AwsDynamoDbTableStreamSpecification'
+    { streamEnabled =
+        Prelude.Nothing,
+      streamViewType = Prelude.Nothing
+    }
+
+-- | Indicates whether DynamoDB Streams is enabled on the table.
+awsDynamoDbTableStreamSpecification_streamEnabled :: Lens.Lens' AwsDynamoDbTableStreamSpecification (Prelude.Maybe Prelude.Bool)
+awsDynamoDbTableStreamSpecification_streamEnabled = Lens.lens (\AwsDynamoDbTableStreamSpecification' {streamEnabled} -> streamEnabled) (\s@AwsDynamoDbTableStreamSpecification' {} a -> s {streamEnabled = a} :: AwsDynamoDbTableStreamSpecification)
+
+-- | Determines the information that is written to the table.
+awsDynamoDbTableStreamSpecification_streamViewType :: Lens.Lens' AwsDynamoDbTableStreamSpecification (Prelude.Maybe Prelude.Text)
+awsDynamoDbTableStreamSpecification_streamViewType = Lens.lens (\AwsDynamoDbTableStreamSpecification' {streamViewType} -> streamViewType) (\s@AwsDynamoDbTableStreamSpecification' {} a -> s {streamViewType = a} :: AwsDynamoDbTableStreamSpecification)
+
+instance
+  Data.FromJSON
+    AwsDynamoDbTableStreamSpecification
+  where
+  parseJSON =
+    Data.withObject
+      "AwsDynamoDbTableStreamSpecification"
+      ( \x ->
+          AwsDynamoDbTableStreamSpecification'
+            Prelude.<$> (x Data..:? "StreamEnabled")
+            Prelude.<*> (x Data..:? "StreamViewType")
+      )
+
+instance
+  Prelude.Hashable
+    AwsDynamoDbTableStreamSpecification
+  where
+  hashWithSalt
+    _salt
+    AwsDynamoDbTableStreamSpecification' {..} =
+      _salt
+        `Prelude.hashWithSalt` streamEnabled
+        `Prelude.hashWithSalt` streamViewType
+
+instance
+  Prelude.NFData
+    AwsDynamoDbTableStreamSpecification
+  where
+  rnf AwsDynamoDbTableStreamSpecification' {..} =
+    Prelude.rnf streamEnabled
+      `Prelude.seq` Prelude.rnf streamViewType
+
+instance
+  Data.ToJSON
+    AwsDynamoDbTableStreamSpecification
+  where
+  toJSON AwsDynamoDbTableStreamSpecification' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("StreamEnabled" Data..=) Prelude.<$> streamEnabled,
+            ("StreamViewType" Data..=)
+              Prelude.<$> streamViewType
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2EipDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2EipDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2EipDetails.hs
@@ -0,0 +1,226 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2EipDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2EipDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about an Elastic IP address.
+--
+-- /See:/ 'newAwsEc2EipDetails' smart constructor.
+data AwsEc2EipDetails = AwsEc2EipDetails'
+  { -- | The identifier that Amazon Web Services assigns to represent the
+    -- allocation of the Elastic IP address for use with Amazon VPC.
+    allocationId :: Prelude.Maybe Prelude.Text,
+    -- | The identifier that represents the association of the Elastic IP address
+    -- with an EC2 instance.
+    associationId :: Prelude.Maybe Prelude.Text,
+    -- | The domain in which to allocate the address.
+    --
+    -- If the address is for use with EC2 instances in a VPC, then @Domain@ is
+    -- @vpc@. Otherwise, @Domain@ is @standard@.
+    domain :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the EC2 instance.
+    instanceId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the location from which the Elastic IP address is
+    -- advertised.
+    networkBorderGroup :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the network interface.
+    networkInterfaceId :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Web Services account ID of the owner of the network
+    -- interface.
+    networkInterfaceOwnerId :: Prelude.Maybe Prelude.Text,
+    -- | The private IP address that is associated with the Elastic IP address.
+    privateIpAddress :: Prelude.Maybe Prelude.Text,
+    -- | A public IP address that is associated with the EC2 instance.
+    publicIp :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of an IP address pool. This parameter allows Amazon EC2
+    -- to select an IP address from the address pool.
+    publicIpv4Pool :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2EipDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allocationId', 'awsEc2EipDetails_allocationId' - The identifier that Amazon Web Services assigns to represent the
+-- allocation of the Elastic IP address for use with Amazon VPC.
+--
+-- 'associationId', 'awsEc2EipDetails_associationId' - The identifier that represents the association of the Elastic IP address
+-- with an EC2 instance.
+--
+-- 'domain', 'awsEc2EipDetails_domain' - The domain in which to allocate the address.
+--
+-- If the address is for use with EC2 instances in a VPC, then @Domain@ is
+-- @vpc@. Otherwise, @Domain@ is @standard@.
+--
+-- 'instanceId', 'awsEc2EipDetails_instanceId' - The identifier of the EC2 instance.
+--
+-- 'networkBorderGroup', 'awsEc2EipDetails_networkBorderGroup' - The name of the location from which the Elastic IP address is
+-- advertised.
+--
+-- 'networkInterfaceId', 'awsEc2EipDetails_networkInterfaceId' - The identifier of the network interface.
+--
+-- 'networkInterfaceOwnerId', 'awsEc2EipDetails_networkInterfaceOwnerId' - The Amazon Web Services account ID of the owner of the network
+-- interface.
+--
+-- 'privateIpAddress', 'awsEc2EipDetails_privateIpAddress' - The private IP address that is associated with the Elastic IP address.
+--
+-- 'publicIp', 'awsEc2EipDetails_publicIp' - A public IP address that is associated with the EC2 instance.
+--
+-- 'publicIpv4Pool', 'awsEc2EipDetails_publicIpv4Pool' - The identifier of an IP address pool. This parameter allows Amazon EC2
+-- to select an IP address from the address pool.
+newAwsEc2EipDetails ::
+  AwsEc2EipDetails
+newAwsEc2EipDetails =
+  AwsEc2EipDetails'
+    { allocationId = Prelude.Nothing,
+      associationId = Prelude.Nothing,
+      domain = Prelude.Nothing,
+      instanceId = Prelude.Nothing,
+      networkBorderGroup = Prelude.Nothing,
+      networkInterfaceId = Prelude.Nothing,
+      networkInterfaceOwnerId = Prelude.Nothing,
+      privateIpAddress = Prelude.Nothing,
+      publicIp = Prelude.Nothing,
+      publicIpv4Pool = Prelude.Nothing
+    }
+
+-- | The identifier that Amazon Web Services assigns to represent the
+-- allocation of the Elastic IP address for use with Amazon VPC.
+awsEc2EipDetails_allocationId :: Lens.Lens' AwsEc2EipDetails (Prelude.Maybe Prelude.Text)
+awsEc2EipDetails_allocationId = Lens.lens (\AwsEc2EipDetails' {allocationId} -> allocationId) (\s@AwsEc2EipDetails' {} a -> s {allocationId = a} :: AwsEc2EipDetails)
+
+-- | The identifier that represents the association of the Elastic IP address
+-- with an EC2 instance.
+awsEc2EipDetails_associationId :: Lens.Lens' AwsEc2EipDetails (Prelude.Maybe Prelude.Text)
+awsEc2EipDetails_associationId = Lens.lens (\AwsEc2EipDetails' {associationId} -> associationId) (\s@AwsEc2EipDetails' {} a -> s {associationId = a} :: AwsEc2EipDetails)
+
+-- | The domain in which to allocate the address.
+--
+-- If the address is for use with EC2 instances in a VPC, then @Domain@ is
+-- @vpc@. Otherwise, @Domain@ is @standard@.
+awsEc2EipDetails_domain :: Lens.Lens' AwsEc2EipDetails (Prelude.Maybe Prelude.Text)
+awsEc2EipDetails_domain = Lens.lens (\AwsEc2EipDetails' {domain} -> domain) (\s@AwsEc2EipDetails' {} a -> s {domain = a} :: AwsEc2EipDetails)
+
+-- | The identifier of the EC2 instance.
+awsEc2EipDetails_instanceId :: Lens.Lens' AwsEc2EipDetails (Prelude.Maybe Prelude.Text)
+awsEc2EipDetails_instanceId = Lens.lens (\AwsEc2EipDetails' {instanceId} -> instanceId) (\s@AwsEc2EipDetails' {} a -> s {instanceId = a} :: AwsEc2EipDetails)
+
+-- | The name of the location from which the Elastic IP address is
+-- advertised.
+awsEc2EipDetails_networkBorderGroup :: Lens.Lens' AwsEc2EipDetails (Prelude.Maybe Prelude.Text)
+awsEc2EipDetails_networkBorderGroup = Lens.lens (\AwsEc2EipDetails' {networkBorderGroup} -> networkBorderGroup) (\s@AwsEc2EipDetails' {} a -> s {networkBorderGroup = a} :: AwsEc2EipDetails)
+
+-- | The identifier of the network interface.
+awsEc2EipDetails_networkInterfaceId :: Lens.Lens' AwsEc2EipDetails (Prelude.Maybe Prelude.Text)
+awsEc2EipDetails_networkInterfaceId = Lens.lens (\AwsEc2EipDetails' {networkInterfaceId} -> networkInterfaceId) (\s@AwsEc2EipDetails' {} a -> s {networkInterfaceId = a} :: AwsEc2EipDetails)
+
+-- | The Amazon Web Services account ID of the owner of the network
+-- interface.
+awsEc2EipDetails_networkInterfaceOwnerId :: Lens.Lens' AwsEc2EipDetails (Prelude.Maybe Prelude.Text)
+awsEc2EipDetails_networkInterfaceOwnerId = Lens.lens (\AwsEc2EipDetails' {networkInterfaceOwnerId} -> networkInterfaceOwnerId) (\s@AwsEc2EipDetails' {} a -> s {networkInterfaceOwnerId = a} :: AwsEc2EipDetails)
+
+-- | The private IP address that is associated with the Elastic IP address.
+awsEc2EipDetails_privateIpAddress :: Lens.Lens' AwsEc2EipDetails (Prelude.Maybe Prelude.Text)
+awsEc2EipDetails_privateIpAddress = Lens.lens (\AwsEc2EipDetails' {privateIpAddress} -> privateIpAddress) (\s@AwsEc2EipDetails' {} a -> s {privateIpAddress = a} :: AwsEc2EipDetails)
+
+-- | A public IP address that is associated with the EC2 instance.
+awsEc2EipDetails_publicIp :: Lens.Lens' AwsEc2EipDetails (Prelude.Maybe Prelude.Text)
+awsEc2EipDetails_publicIp = Lens.lens (\AwsEc2EipDetails' {publicIp} -> publicIp) (\s@AwsEc2EipDetails' {} a -> s {publicIp = a} :: AwsEc2EipDetails)
+
+-- | The identifier of an IP address pool. This parameter allows Amazon EC2
+-- to select an IP address from the address pool.
+awsEc2EipDetails_publicIpv4Pool :: Lens.Lens' AwsEc2EipDetails (Prelude.Maybe Prelude.Text)
+awsEc2EipDetails_publicIpv4Pool = Lens.lens (\AwsEc2EipDetails' {publicIpv4Pool} -> publicIpv4Pool) (\s@AwsEc2EipDetails' {} a -> s {publicIpv4Pool = a} :: AwsEc2EipDetails)
+
+instance Data.FromJSON AwsEc2EipDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEc2EipDetails"
+      ( \x ->
+          AwsEc2EipDetails'
+            Prelude.<$> (x Data..:? "AllocationId")
+            Prelude.<*> (x Data..:? "AssociationId")
+            Prelude.<*> (x Data..:? "Domain")
+            Prelude.<*> (x Data..:? "InstanceId")
+            Prelude.<*> (x Data..:? "NetworkBorderGroup")
+            Prelude.<*> (x Data..:? "NetworkInterfaceId")
+            Prelude.<*> (x Data..:? "NetworkInterfaceOwnerId")
+            Prelude.<*> (x Data..:? "PrivateIpAddress")
+            Prelude.<*> (x Data..:? "PublicIp")
+            Prelude.<*> (x Data..:? "PublicIpv4Pool")
+      )
+
+instance Prelude.Hashable AwsEc2EipDetails where
+  hashWithSalt _salt AwsEc2EipDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` allocationId
+      `Prelude.hashWithSalt` associationId
+      `Prelude.hashWithSalt` domain
+      `Prelude.hashWithSalt` instanceId
+      `Prelude.hashWithSalt` networkBorderGroup
+      `Prelude.hashWithSalt` networkInterfaceId
+      `Prelude.hashWithSalt` networkInterfaceOwnerId
+      `Prelude.hashWithSalt` privateIpAddress
+      `Prelude.hashWithSalt` publicIp
+      `Prelude.hashWithSalt` publicIpv4Pool
+
+instance Prelude.NFData AwsEc2EipDetails where
+  rnf AwsEc2EipDetails' {..} =
+    Prelude.rnf allocationId
+      `Prelude.seq` Prelude.rnf associationId
+      `Prelude.seq` Prelude.rnf domain
+      `Prelude.seq` Prelude.rnf instanceId
+      `Prelude.seq` Prelude.rnf networkBorderGroup
+      `Prelude.seq` Prelude.rnf networkInterfaceId
+      `Prelude.seq` Prelude.rnf networkInterfaceOwnerId
+      `Prelude.seq` Prelude.rnf privateIpAddress
+      `Prelude.seq` Prelude.rnf publicIp
+      `Prelude.seq` Prelude.rnf publicIpv4Pool
+
+instance Data.ToJSON AwsEc2EipDetails where
+  toJSON AwsEc2EipDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AllocationId" Data..=) Prelude.<$> allocationId,
+            ("AssociationId" Data..=) Prelude.<$> associationId,
+            ("Domain" Data..=) Prelude.<$> domain,
+            ("InstanceId" Data..=) Prelude.<$> instanceId,
+            ("NetworkBorderGroup" Data..=)
+              Prelude.<$> networkBorderGroup,
+            ("NetworkInterfaceId" Data..=)
+              Prelude.<$> networkInterfaceId,
+            ("NetworkInterfaceOwnerId" Data..=)
+              Prelude.<$> networkInterfaceOwnerId,
+            ("PrivateIpAddress" Data..=)
+              Prelude.<$> privateIpAddress,
+            ("PublicIp" Data..=) Prelude.<$> publicIp,
+            ("PublicIpv4Pool" Data..=)
+              Prelude.<$> publicIpv4Pool
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2InstanceDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2InstanceDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2InstanceDetails.hs
@@ -0,0 +1,257 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2InstanceDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2InstanceDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2InstanceMetadataOptions
+import Amazonka.SecurityHub.Types.AwsEc2InstanceNetworkInterfacesDetails
+
+-- | The details of an Amazon EC2 instance.
+--
+-- /See:/ 'newAwsEc2InstanceDetails' smart constructor.
+data AwsEc2InstanceDetails = AwsEc2InstanceDetails'
+  { -- | The IAM profile ARN of the instance.
+    iamInstanceProfileArn :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Machine Image (AMI) ID of the instance.
+    imageId :: Prelude.Maybe Prelude.Text,
+    -- | The IPv4 addresses associated with the instance.
+    ipV4Addresses :: Prelude.Maybe [Prelude.Text],
+    -- | The IPv6 addresses associated with the instance.
+    ipV6Addresses :: Prelude.Maybe [Prelude.Text],
+    -- | The key name associated with the instance.
+    keyName :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the instance was launched.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    launchedAt :: Prelude.Maybe Prelude.Text,
+    -- | Details about the metadata options for the Amazon EC2 instance.
+    metadataOptions :: Prelude.Maybe AwsEc2InstanceMetadataOptions,
+    -- | The identifiers of the network interfaces for the EC2 instance. The
+    -- details for each network interface are in a corresponding
+    -- @AwsEc2NetworkInterfacesDetails@ object.
+    networkInterfaces :: Prelude.Maybe [AwsEc2InstanceNetworkInterfacesDetails],
+    -- | The identifier of the subnet that the instance was launched in.
+    subnetId :: Prelude.Maybe Prelude.Text,
+    -- | The instance type of the instance.
+    type' :: Prelude.Maybe Prelude.Text,
+    -- | The virtualization type of the Amazon Machine Image (AMI) required to
+    -- launch the instance.
+    virtualizationType :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the VPC that the instance was launched in.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2InstanceDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'iamInstanceProfileArn', 'awsEc2InstanceDetails_iamInstanceProfileArn' - The IAM profile ARN of the instance.
+--
+-- 'imageId', 'awsEc2InstanceDetails_imageId' - The Amazon Machine Image (AMI) ID of the instance.
+--
+-- 'ipV4Addresses', 'awsEc2InstanceDetails_ipV4Addresses' - The IPv4 addresses associated with the instance.
+--
+-- 'ipV6Addresses', 'awsEc2InstanceDetails_ipV6Addresses' - The IPv6 addresses associated with the instance.
+--
+-- 'keyName', 'awsEc2InstanceDetails_keyName' - The key name associated with the instance.
+--
+-- 'launchedAt', 'awsEc2InstanceDetails_launchedAt' - Indicates when the instance was launched.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'metadataOptions', 'awsEc2InstanceDetails_metadataOptions' - Details about the metadata options for the Amazon EC2 instance.
+--
+-- 'networkInterfaces', 'awsEc2InstanceDetails_networkInterfaces' - The identifiers of the network interfaces for the EC2 instance. The
+-- details for each network interface are in a corresponding
+-- @AwsEc2NetworkInterfacesDetails@ object.
+--
+-- 'subnetId', 'awsEc2InstanceDetails_subnetId' - The identifier of the subnet that the instance was launched in.
+--
+-- 'type'', 'awsEc2InstanceDetails_type' - The instance type of the instance.
+--
+-- 'virtualizationType', 'awsEc2InstanceDetails_virtualizationType' - The virtualization type of the Amazon Machine Image (AMI) required to
+-- launch the instance.
+--
+-- 'vpcId', 'awsEc2InstanceDetails_vpcId' - The identifier of the VPC that the instance was launched in.
+newAwsEc2InstanceDetails ::
+  AwsEc2InstanceDetails
+newAwsEc2InstanceDetails =
+  AwsEc2InstanceDetails'
+    { iamInstanceProfileArn =
+        Prelude.Nothing,
+      imageId = Prelude.Nothing,
+      ipV4Addresses = Prelude.Nothing,
+      ipV6Addresses = Prelude.Nothing,
+      keyName = Prelude.Nothing,
+      launchedAt = Prelude.Nothing,
+      metadataOptions = Prelude.Nothing,
+      networkInterfaces = Prelude.Nothing,
+      subnetId = Prelude.Nothing,
+      type' = Prelude.Nothing,
+      virtualizationType = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | The IAM profile ARN of the instance.
+awsEc2InstanceDetails_iamInstanceProfileArn :: Lens.Lens' AwsEc2InstanceDetails (Prelude.Maybe Prelude.Text)
+awsEc2InstanceDetails_iamInstanceProfileArn = Lens.lens (\AwsEc2InstanceDetails' {iamInstanceProfileArn} -> iamInstanceProfileArn) (\s@AwsEc2InstanceDetails' {} a -> s {iamInstanceProfileArn = a} :: AwsEc2InstanceDetails)
+
+-- | The Amazon Machine Image (AMI) ID of the instance.
+awsEc2InstanceDetails_imageId :: Lens.Lens' AwsEc2InstanceDetails (Prelude.Maybe Prelude.Text)
+awsEc2InstanceDetails_imageId = Lens.lens (\AwsEc2InstanceDetails' {imageId} -> imageId) (\s@AwsEc2InstanceDetails' {} a -> s {imageId = a} :: AwsEc2InstanceDetails)
+
+-- | The IPv4 addresses associated with the instance.
+awsEc2InstanceDetails_ipV4Addresses :: Lens.Lens' AwsEc2InstanceDetails (Prelude.Maybe [Prelude.Text])
+awsEc2InstanceDetails_ipV4Addresses = Lens.lens (\AwsEc2InstanceDetails' {ipV4Addresses} -> ipV4Addresses) (\s@AwsEc2InstanceDetails' {} a -> s {ipV4Addresses = a} :: AwsEc2InstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The IPv6 addresses associated with the instance.
+awsEc2InstanceDetails_ipV6Addresses :: Lens.Lens' AwsEc2InstanceDetails (Prelude.Maybe [Prelude.Text])
+awsEc2InstanceDetails_ipV6Addresses = Lens.lens (\AwsEc2InstanceDetails' {ipV6Addresses} -> ipV6Addresses) (\s@AwsEc2InstanceDetails' {} a -> s {ipV6Addresses = a} :: AwsEc2InstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The key name associated with the instance.
+awsEc2InstanceDetails_keyName :: Lens.Lens' AwsEc2InstanceDetails (Prelude.Maybe Prelude.Text)
+awsEc2InstanceDetails_keyName = Lens.lens (\AwsEc2InstanceDetails' {keyName} -> keyName) (\s@AwsEc2InstanceDetails' {} a -> s {keyName = a} :: AwsEc2InstanceDetails)
+
+-- | Indicates when the instance was launched.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsEc2InstanceDetails_launchedAt :: Lens.Lens' AwsEc2InstanceDetails (Prelude.Maybe Prelude.Text)
+awsEc2InstanceDetails_launchedAt = Lens.lens (\AwsEc2InstanceDetails' {launchedAt} -> launchedAt) (\s@AwsEc2InstanceDetails' {} a -> s {launchedAt = a} :: AwsEc2InstanceDetails)
+
+-- | Details about the metadata options for the Amazon EC2 instance.
+awsEc2InstanceDetails_metadataOptions :: Lens.Lens' AwsEc2InstanceDetails (Prelude.Maybe AwsEc2InstanceMetadataOptions)
+awsEc2InstanceDetails_metadataOptions = Lens.lens (\AwsEc2InstanceDetails' {metadataOptions} -> metadataOptions) (\s@AwsEc2InstanceDetails' {} a -> s {metadataOptions = a} :: AwsEc2InstanceDetails)
+
+-- | The identifiers of the network interfaces for the EC2 instance. The
+-- details for each network interface are in a corresponding
+-- @AwsEc2NetworkInterfacesDetails@ object.
+awsEc2InstanceDetails_networkInterfaces :: Lens.Lens' AwsEc2InstanceDetails (Prelude.Maybe [AwsEc2InstanceNetworkInterfacesDetails])
+awsEc2InstanceDetails_networkInterfaces = Lens.lens (\AwsEc2InstanceDetails' {networkInterfaces} -> networkInterfaces) (\s@AwsEc2InstanceDetails' {} a -> s {networkInterfaces = a} :: AwsEc2InstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The identifier of the subnet that the instance was launched in.
+awsEc2InstanceDetails_subnetId :: Lens.Lens' AwsEc2InstanceDetails (Prelude.Maybe Prelude.Text)
+awsEc2InstanceDetails_subnetId = Lens.lens (\AwsEc2InstanceDetails' {subnetId} -> subnetId) (\s@AwsEc2InstanceDetails' {} a -> s {subnetId = a} :: AwsEc2InstanceDetails)
+
+-- | The instance type of the instance.
+awsEc2InstanceDetails_type :: Lens.Lens' AwsEc2InstanceDetails (Prelude.Maybe Prelude.Text)
+awsEc2InstanceDetails_type = Lens.lens (\AwsEc2InstanceDetails' {type'} -> type') (\s@AwsEc2InstanceDetails' {} a -> s {type' = a} :: AwsEc2InstanceDetails)
+
+-- | The virtualization type of the Amazon Machine Image (AMI) required to
+-- launch the instance.
+awsEc2InstanceDetails_virtualizationType :: Lens.Lens' AwsEc2InstanceDetails (Prelude.Maybe Prelude.Text)
+awsEc2InstanceDetails_virtualizationType = Lens.lens (\AwsEc2InstanceDetails' {virtualizationType} -> virtualizationType) (\s@AwsEc2InstanceDetails' {} a -> s {virtualizationType = a} :: AwsEc2InstanceDetails)
+
+-- | The identifier of the VPC that the instance was launched in.
+awsEc2InstanceDetails_vpcId :: Lens.Lens' AwsEc2InstanceDetails (Prelude.Maybe Prelude.Text)
+awsEc2InstanceDetails_vpcId = Lens.lens (\AwsEc2InstanceDetails' {vpcId} -> vpcId) (\s@AwsEc2InstanceDetails' {} a -> s {vpcId = a} :: AwsEc2InstanceDetails)
+
+instance Data.FromJSON AwsEc2InstanceDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEc2InstanceDetails"
+      ( \x ->
+          AwsEc2InstanceDetails'
+            Prelude.<$> (x Data..:? "IamInstanceProfileArn")
+            Prelude.<*> (x Data..:? "ImageId")
+            Prelude.<*> (x Data..:? "IpV4Addresses" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "IpV6Addresses" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "KeyName")
+            Prelude.<*> (x Data..:? "LaunchedAt")
+            Prelude.<*> (x Data..:? "MetadataOptions")
+            Prelude.<*> ( x
+                            Data..:? "NetworkInterfaces"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "SubnetId")
+            Prelude.<*> (x Data..:? "Type")
+            Prelude.<*> (x Data..:? "VirtualizationType")
+            Prelude.<*> (x Data..:? "VpcId")
+      )
+
+instance Prelude.Hashable AwsEc2InstanceDetails where
+  hashWithSalt _salt AwsEc2InstanceDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` iamInstanceProfileArn
+      `Prelude.hashWithSalt` imageId
+      `Prelude.hashWithSalt` ipV4Addresses
+      `Prelude.hashWithSalt` ipV6Addresses
+      `Prelude.hashWithSalt` keyName
+      `Prelude.hashWithSalt` launchedAt
+      `Prelude.hashWithSalt` metadataOptions
+      `Prelude.hashWithSalt` networkInterfaces
+      `Prelude.hashWithSalt` subnetId
+      `Prelude.hashWithSalt` type'
+      `Prelude.hashWithSalt` virtualizationType
+      `Prelude.hashWithSalt` vpcId
+
+instance Prelude.NFData AwsEc2InstanceDetails where
+  rnf AwsEc2InstanceDetails' {..} =
+    Prelude.rnf iamInstanceProfileArn
+      `Prelude.seq` Prelude.rnf imageId
+      `Prelude.seq` Prelude.rnf ipV4Addresses
+      `Prelude.seq` Prelude.rnf ipV6Addresses
+      `Prelude.seq` Prelude.rnf keyName
+      `Prelude.seq` Prelude.rnf launchedAt
+      `Prelude.seq` Prelude.rnf metadataOptions
+      `Prelude.seq` Prelude.rnf networkInterfaces
+      `Prelude.seq` Prelude.rnf subnetId
+      `Prelude.seq` Prelude.rnf type'
+      `Prelude.seq` Prelude.rnf virtualizationType
+      `Prelude.seq` Prelude.rnf vpcId
+
+instance Data.ToJSON AwsEc2InstanceDetails where
+  toJSON AwsEc2InstanceDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("IamInstanceProfileArn" Data..=)
+              Prelude.<$> iamInstanceProfileArn,
+            ("ImageId" Data..=) Prelude.<$> imageId,
+            ("IpV4Addresses" Data..=) Prelude.<$> ipV4Addresses,
+            ("IpV6Addresses" Data..=) Prelude.<$> ipV6Addresses,
+            ("KeyName" Data..=) Prelude.<$> keyName,
+            ("LaunchedAt" Data..=) Prelude.<$> launchedAt,
+            ("MetadataOptions" Data..=)
+              Prelude.<$> metadataOptions,
+            ("NetworkInterfaces" Data..=)
+              Prelude.<$> networkInterfaces,
+            ("SubnetId" Data..=) Prelude.<$> subnetId,
+            ("Type" Data..=) Prelude.<$> type',
+            ("VirtualizationType" Data..=)
+              Prelude.<$> virtualizationType,
+            ("VpcId" Data..=) Prelude.<$> vpcId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2InstanceMetadataOptions.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2InstanceMetadataOptions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2InstanceMetadataOptions.hs
@@ -0,0 +1,149 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2InstanceMetadataOptions
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2InstanceMetadataOptions where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Metadata options that allow you to configure and secure the Amazon EC2
+-- instance.
+--
+-- /See:/ 'newAwsEc2InstanceMetadataOptions' smart constructor.
+data AwsEc2InstanceMetadataOptions = AwsEc2InstanceMetadataOptions'
+  { -- | Enables or disables the HTTP metadata endpoint on the instance.
+    httpEndpoint :: Prelude.Maybe Prelude.Text,
+    -- | Enables or disables the IPv6 endpoint for the instance metadata service.
+    httpProtocolIpv6 :: Prelude.Maybe Prelude.Text,
+    -- | The desired HTTP PUT response hop limit for instance metadata requests.
+    -- The larger the number, the further instance metadata requests can
+    -- travel.
+    httpPutResponseHopLimit :: Prelude.Maybe Prelude.Int,
+    -- | The state of token usage for your instance metadata requests.
+    httpTokens :: Prelude.Maybe Prelude.Text,
+    -- | Specifies whether to allow access to instance tags from the instance
+    -- metadata.
+    instanceMetadataTags :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2InstanceMetadataOptions' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpEndpoint', 'awsEc2InstanceMetadataOptions_httpEndpoint' - Enables or disables the HTTP metadata endpoint on the instance.
+--
+-- 'httpProtocolIpv6', 'awsEc2InstanceMetadataOptions_httpProtocolIpv6' - Enables or disables the IPv6 endpoint for the instance metadata service.
+--
+-- 'httpPutResponseHopLimit', 'awsEc2InstanceMetadataOptions_httpPutResponseHopLimit' - The desired HTTP PUT response hop limit for instance metadata requests.
+-- The larger the number, the further instance metadata requests can
+-- travel.
+--
+-- 'httpTokens', 'awsEc2InstanceMetadataOptions_httpTokens' - The state of token usage for your instance metadata requests.
+--
+-- 'instanceMetadataTags', 'awsEc2InstanceMetadataOptions_instanceMetadataTags' - Specifies whether to allow access to instance tags from the instance
+-- metadata.
+newAwsEc2InstanceMetadataOptions ::
+  AwsEc2InstanceMetadataOptions
+newAwsEc2InstanceMetadataOptions =
+  AwsEc2InstanceMetadataOptions'
+    { httpEndpoint =
+        Prelude.Nothing,
+      httpProtocolIpv6 = Prelude.Nothing,
+      httpPutResponseHopLimit = Prelude.Nothing,
+      httpTokens = Prelude.Nothing,
+      instanceMetadataTags = Prelude.Nothing
+    }
+
+-- | Enables or disables the HTTP metadata endpoint on the instance.
+awsEc2InstanceMetadataOptions_httpEndpoint :: Lens.Lens' AwsEc2InstanceMetadataOptions (Prelude.Maybe Prelude.Text)
+awsEc2InstanceMetadataOptions_httpEndpoint = Lens.lens (\AwsEc2InstanceMetadataOptions' {httpEndpoint} -> httpEndpoint) (\s@AwsEc2InstanceMetadataOptions' {} a -> s {httpEndpoint = a} :: AwsEc2InstanceMetadataOptions)
+
+-- | Enables or disables the IPv6 endpoint for the instance metadata service.
+awsEc2InstanceMetadataOptions_httpProtocolIpv6 :: Lens.Lens' AwsEc2InstanceMetadataOptions (Prelude.Maybe Prelude.Text)
+awsEc2InstanceMetadataOptions_httpProtocolIpv6 = Lens.lens (\AwsEc2InstanceMetadataOptions' {httpProtocolIpv6} -> httpProtocolIpv6) (\s@AwsEc2InstanceMetadataOptions' {} a -> s {httpProtocolIpv6 = a} :: AwsEc2InstanceMetadataOptions)
+
+-- | The desired HTTP PUT response hop limit for instance metadata requests.
+-- The larger the number, the further instance metadata requests can
+-- travel.
+awsEc2InstanceMetadataOptions_httpPutResponseHopLimit :: Lens.Lens' AwsEc2InstanceMetadataOptions (Prelude.Maybe Prelude.Int)
+awsEc2InstanceMetadataOptions_httpPutResponseHopLimit = Lens.lens (\AwsEc2InstanceMetadataOptions' {httpPutResponseHopLimit} -> httpPutResponseHopLimit) (\s@AwsEc2InstanceMetadataOptions' {} a -> s {httpPutResponseHopLimit = a} :: AwsEc2InstanceMetadataOptions)
+
+-- | The state of token usage for your instance metadata requests.
+awsEc2InstanceMetadataOptions_httpTokens :: Lens.Lens' AwsEc2InstanceMetadataOptions (Prelude.Maybe Prelude.Text)
+awsEc2InstanceMetadataOptions_httpTokens = Lens.lens (\AwsEc2InstanceMetadataOptions' {httpTokens} -> httpTokens) (\s@AwsEc2InstanceMetadataOptions' {} a -> s {httpTokens = a} :: AwsEc2InstanceMetadataOptions)
+
+-- | Specifies whether to allow access to instance tags from the instance
+-- metadata.
+awsEc2InstanceMetadataOptions_instanceMetadataTags :: Lens.Lens' AwsEc2InstanceMetadataOptions (Prelude.Maybe Prelude.Text)
+awsEc2InstanceMetadataOptions_instanceMetadataTags = Lens.lens (\AwsEc2InstanceMetadataOptions' {instanceMetadataTags} -> instanceMetadataTags) (\s@AwsEc2InstanceMetadataOptions' {} a -> s {instanceMetadataTags = a} :: AwsEc2InstanceMetadataOptions)
+
+instance Data.FromJSON AwsEc2InstanceMetadataOptions where
+  parseJSON =
+    Data.withObject
+      "AwsEc2InstanceMetadataOptions"
+      ( \x ->
+          AwsEc2InstanceMetadataOptions'
+            Prelude.<$> (x Data..:? "HttpEndpoint")
+            Prelude.<*> (x Data..:? "HttpProtocolIpv6")
+            Prelude.<*> (x Data..:? "HttpPutResponseHopLimit")
+            Prelude.<*> (x Data..:? "HttpTokens")
+            Prelude.<*> (x Data..:? "InstanceMetadataTags")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2InstanceMetadataOptions
+  where
+  hashWithSalt _salt AwsEc2InstanceMetadataOptions' {..} =
+    _salt
+      `Prelude.hashWithSalt` httpEndpoint
+      `Prelude.hashWithSalt` httpProtocolIpv6
+      `Prelude.hashWithSalt` httpPutResponseHopLimit
+      `Prelude.hashWithSalt` httpTokens
+      `Prelude.hashWithSalt` instanceMetadataTags
+
+instance Prelude.NFData AwsEc2InstanceMetadataOptions where
+  rnf AwsEc2InstanceMetadataOptions' {..} =
+    Prelude.rnf httpEndpoint
+      `Prelude.seq` Prelude.rnf httpProtocolIpv6
+      `Prelude.seq` Prelude.rnf httpPutResponseHopLimit
+      `Prelude.seq` Prelude.rnf httpTokens
+      `Prelude.seq` Prelude.rnf instanceMetadataTags
+
+instance Data.ToJSON AwsEc2InstanceMetadataOptions where
+  toJSON AwsEc2InstanceMetadataOptions' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("HttpEndpoint" Data..=) Prelude.<$> httpEndpoint,
+            ("HttpProtocolIpv6" Data..=)
+              Prelude.<$> httpProtocolIpv6,
+            ("HttpPutResponseHopLimit" Data..=)
+              Prelude.<$> httpPutResponseHopLimit,
+            ("HttpTokens" Data..=) Prelude.<$> httpTokens,
+            ("InstanceMetadataTags" Data..=)
+              Prelude.<$> instanceMetadataTags
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2InstanceNetworkInterfacesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2InstanceNetworkInterfacesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2InstanceNetworkInterfacesDetails.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2InstanceNetworkInterfacesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2InstanceNetworkInterfacesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Identifies a network interface for the Amazon EC2 instance.
+--
+-- /See:/ 'newAwsEc2InstanceNetworkInterfacesDetails' smart constructor.
+data AwsEc2InstanceNetworkInterfacesDetails = AwsEc2InstanceNetworkInterfacesDetails'
+  { -- | The identifier of the network interface. The details are in a
+    -- corresponding @AwsEc2NetworkInterfacesDetails@ object.
+    networkInterfaceId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2InstanceNetworkInterfacesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'networkInterfaceId', 'awsEc2InstanceNetworkInterfacesDetails_networkInterfaceId' - The identifier of the network interface. The details are in a
+-- corresponding @AwsEc2NetworkInterfacesDetails@ object.
+newAwsEc2InstanceNetworkInterfacesDetails ::
+  AwsEc2InstanceNetworkInterfacesDetails
+newAwsEc2InstanceNetworkInterfacesDetails =
+  AwsEc2InstanceNetworkInterfacesDetails'
+    { networkInterfaceId =
+        Prelude.Nothing
+    }
+
+-- | The identifier of the network interface. The details are in a
+-- corresponding @AwsEc2NetworkInterfacesDetails@ object.
+awsEc2InstanceNetworkInterfacesDetails_networkInterfaceId :: Lens.Lens' AwsEc2InstanceNetworkInterfacesDetails (Prelude.Maybe Prelude.Text)
+awsEc2InstanceNetworkInterfacesDetails_networkInterfaceId = Lens.lens (\AwsEc2InstanceNetworkInterfacesDetails' {networkInterfaceId} -> networkInterfaceId) (\s@AwsEc2InstanceNetworkInterfacesDetails' {} a -> s {networkInterfaceId = a} :: AwsEc2InstanceNetworkInterfacesDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2InstanceNetworkInterfacesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2InstanceNetworkInterfacesDetails"
+      ( \x ->
+          AwsEc2InstanceNetworkInterfacesDetails'
+            Prelude.<$> (x Data..:? "NetworkInterfaceId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2InstanceNetworkInterfacesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2InstanceNetworkInterfacesDetails' {..} =
+      _salt `Prelude.hashWithSalt` networkInterfaceId
+
+instance
+  Prelude.NFData
+    AwsEc2InstanceNetworkInterfacesDetails
+  where
+  rnf AwsEc2InstanceNetworkInterfacesDetails' {..} =
+    Prelude.rnf networkInterfaceId
+
+instance
+  Data.ToJSON
+    AwsEc2InstanceNetworkInterfacesDetails
+  where
+  toJSON AwsEc2InstanceNetworkInterfacesDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("NetworkInterfaceId" Data..=)
+              Prelude.<$> networkInterfaceId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails.hs
@@ -0,0 +1,158 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails
+
+-- | Information about a block device mapping for an Amazon Elastic Compute
+-- Cloud (Amazon EC2) launch template.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails' smart constructor.
+data AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails = AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails'
+  { -- | The device name.
+    deviceName :: Prelude.Maybe Prelude.Text,
+    -- | Parameters used to automatically set up Amazon EBS volumes when the
+    -- instance is launched.
+    ebs :: Prelude.Maybe AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails,
+    -- | Omits the device from the block device mapping when an empty string is
+    -- specified.
+    noDevice :: Prelude.Maybe Prelude.Text,
+    -- | The virtual device name (ephemeralN). Instance store volumes are
+    -- numbered starting from 0. An instance type with 2 available instance
+    -- store volumes can specify mappings for @ephemeral0@ and @ephemeral1@.
+    -- The number of available instance store volumes depends on the instance
+    -- type.
+    virtualName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deviceName', 'awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_deviceName' - The device name.
+--
+-- 'ebs', 'awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_ebs' - Parameters used to automatically set up Amazon EBS volumes when the
+-- instance is launched.
+--
+-- 'noDevice', 'awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_noDevice' - Omits the device from the block device mapping when an empty string is
+-- specified.
+--
+-- 'virtualName', 'awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_virtualName' - The virtual device name (ephemeralN). Instance store volumes are
+-- numbered starting from 0. An instance type with 2 available instance
+-- store volumes can specify mappings for @ephemeral0@ and @ephemeral1@.
+-- The number of available instance store volumes depends on the instance
+-- type.
+newAwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails ::
+  AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails
+newAwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails =
+  AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails'
+    { deviceName =
+        Prelude.Nothing,
+      ebs = Prelude.Nothing,
+      noDevice =
+        Prelude.Nothing,
+      virtualName =
+        Prelude.Nothing
+    }
+
+-- | The device name.
+awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_deviceName :: Lens.Lens' AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_deviceName = Lens.lens (\AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails' {deviceName} -> deviceName) (\s@AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails' {} a -> s {deviceName = a} :: AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails)
+
+-- | Parameters used to automatically set up Amazon EBS volumes when the
+-- instance is launched.
+awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_ebs :: Lens.Lens' AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails (Prelude.Maybe AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails)
+awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_ebs = Lens.lens (\AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails' {ebs} -> ebs) (\s@AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails' {} a -> s {ebs = a} :: AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails)
+
+-- | Omits the device from the block device mapping when an empty string is
+-- specified.
+awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_noDevice :: Lens.Lens' AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_noDevice = Lens.lens (\AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails' {noDevice} -> noDevice) (\s@AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails' {} a -> s {noDevice = a} :: AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails)
+
+-- | The virtual device name (ephemeralN). Instance store volumes are
+-- numbered starting from 0. An instance type with 2 available instance
+-- store volumes can specify mappings for @ephemeral0@ and @ephemeral1@.
+-- The number of available instance store volumes depends on the instance
+-- type.
+awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_virtualName :: Lens.Lens' AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataBlockDeviceMappingSetDetails_virtualName = Lens.lens (\AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails' {virtualName} -> virtualName) (\s@AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails' {} a -> s {virtualName = a} :: AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails'
+            Prelude.<$> (x Data..:? "DeviceName")
+            Prelude.<*> (x Data..:? "Ebs")
+            Prelude.<*> (x Data..:? "NoDevice")
+            Prelude.<*> (x Data..:? "VirtualName")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` deviceName
+        `Prelude.hashWithSalt` ebs
+        `Prelude.hashWithSalt` noDevice
+        `Prelude.hashWithSalt` virtualName
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails' {..} =
+      Prelude.rnf deviceName
+        `Prelude.seq` Prelude.rnf ebs
+        `Prelude.seq` Prelude.rnf noDevice
+        `Prelude.seq` Prelude.rnf virtualName
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DeviceName" Data..=) Prelude.<$> deviceName,
+              ("Ebs" Data..=) Prelude.<$> ebs,
+              ("NoDevice" Data..=) Prelude.<$> noDevice,
+              ("VirtualName" Data..=) Prelude.<$> virtualName
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails.hs
@@ -0,0 +1,215 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Parameters for a block device for an Amazon Elastic Block Store (Amazon
+-- EBS) volume in an Amazon EC2 launch template.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' smart constructor.
+data AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails = AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails'
+  { -- | Indicates whether the EBS volume is deleted on instance termination.
+    deleteOnTermination :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates whether the EBS volume is encrypted. Encrypted volumes can
+    -- only be attached to instances that support Amazon EBS encryption. If
+    -- you\'re creating a volume from a snapshot, you can\'t specify an
+    -- encryption value.
+    encrypted :: Prelude.Maybe Prelude.Bool,
+    -- | The number of I\/O operations per second (IOPS).
+    iops :: Prelude.Maybe Prelude.Int,
+    -- | The Amazon Resource Name (ARN) of the symmetric Key Management Service
+    -- (KMS) customer managed key used for encryption.
+    kmsKeyId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the EBS snapshot.
+    snapshotId :: Prelude.Maybe Prelude.Text,
+    -- | The throughput to provision for a gp3 volume, with a maximum of 1,000
+    -- MiB\/s.
+    throughput :: Prelude.Maybe Prelude.Int,
+    -- | The size of the volume, in GiBs. You must specify either a snapshot ID
+    -- or a volume size.
+    volumeSize :: Prelude.Maybe Prelude.Int,
+    -- | The volume type.
+    volumeType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deleteOnTermination', 'awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_deleteOnTermination' - Indicates whether the EBS volume is deleted on instance termination.
+--
+-- 'encrypted', 'awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_encrypted' - Indicates whether the EBS volume is encrypted. Encrypted volumes can
+-- only be attached to instances that support Amazon EBS encryption. If
+-- you\'re creating a volume from a snapshot, you can\'t specify an
+-- encryption value.
+--
+-- 'iops', 'awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_iops' - The number of I\/O operations per second (IOPS).
+--
+-- 'kmsKeyId', 'awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_kmsKeyId' - The Amazon Resource Name (ARN) of the symmetric Key Management Service
+-- (KMS) customer managed key used for encryption.
+--
+-- 'snapshotId', 'awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_snapshotId' - The ID of the EBS snapshot.
+--
+-- 'throughput', 'awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_throughput' - The throughput to provision for a gp3 volume, with a maximum of 1,000
+-- MiB\/s.
+--
+-- 'volumeSize', 'awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_volumeSize' - The size of the volume, in GiBs. You must specify either a snapshot ID
+-- or a volume size.
+--
+-- 'volumeType', 'awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_volumeType' - The volume type.
+newAwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails ::
+  AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails
+newAwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails =
+  AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails'
+    { deleteOnTermination =
+        Prelude.Nothing,
+      encrypted =
+        Prelude.Nothing,
+      iops =
+        Prelude.Nothing,
+      kmsKeyId =
+        Prelude.Nothing,
+      snapshotId =
+        Prelude.Nothing,
+      throughput =
+        Prelude.Nothing,
+      volumeSize =
+        Prelude.Nothing,
+      volumeType =
+        Prelude.Nothing
+    }
+
+-- | Indicates whether the EBS volume is deleted on instance termination.
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_deleteOnTermination :: Lens.Lens' AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails (Prelude.Maybe Prelude.Bool)
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_deleteOnTermination = Lens.lens (\AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {deleteOnTermination} -> deleteOnTermination) (\s@AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {} a -> s {deleteOnTermination = a} :: AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails)
+
+-- | Indicates whether the EBS volume is encrypted. Encrypted volumes can
+-- only be attached to instances that support Amazon EBS encryption. If
+-- you\'re creating a volume from a snapshot, you can\'t specify an
+-- encryption value.
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_encrypted :: Lens.Lens' AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails (Prelude.Maybe Prelude.Bool)
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_encrypted = Lens.lens (\AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {encrypted} -> encrypted) (\s@AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {} a -> s {encrypted = a} :: AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails)
+
+-- | The number of I\/O operations per second (IOPS).
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_iops :: Lens.Lens' AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_iops = Lens.lens (\AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {iops} -> iops) (\s@AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {} a -> s {iops = a} :: AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails)
+
+-- | The Amazon Resource Name (ARN) of the symmetric Key Management Service
+-- (KMS) customer managed key used for encryption.
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_kmsKeyId :: Lens.Lens' AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_kmsKeyId = Lens.lens (\AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {kmsKeyId} -> kmsKeyId) (\s@AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {} a -> s {kmsKeyId = a} :: AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails)
+
+-- | The ID of the EBS snapshot.
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_snapshotId :: Lens.Lens' AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_snapshotId = Lens.lens (\AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {snapshotId} -> snapshotId) (\s@AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {} a -> s {snapshotId = a} :: AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails)
+
+-- | The throughput to provision for a gp3 volume, with a maximum of 1,000
+-- MiB\/s.
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_throughput :: Lens.Lens' AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_throughput = Lens.lens (\AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {throughput} -> throughput) (\s@AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {} a -> s {throughput = a} :: AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails)
+
+-- | The size of the volume, in GiBs. You must specify either a snapshot ID
+-- or a volume size.
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_volumeSize :: Lens.Lens' AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_volumeSize = Lens.lens (\AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {volumeSize} -> volumeSize) (\s@AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {} a -> s {volumeSize = a} :: AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails)
+
+-- | The volume type.
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_volumeType :: Lens.Lens' AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails_volumeType = Lens.lens (\AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {volumeType} -> volumeType) (\s@AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {} a -> s {volumeType = a} :: AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails'
+            Prelude.<$> (x Data..:? "DeleteOnTermination")
+            Prelude.<*> (x Data..:? "Encrypted")
+            Prelude.<*> (x Data..:? "Iops")
+            Prelude.<*> (x Data..:? "KmsKeyId")
+            Prelude.<*> (x Data..:? "SnapshotId")
+            Prelude.<*> (x Data..:? "Throughput")
+            Prelude.<*> (x Data..:? "VolumeSize")
+            Prelude.<*> (x Data..:? "VolumeType")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` deleteOnTermination
+        `Prelude.hashWithSalt` encrypted
+        `Prelude.hashWithSalt` iops
+        `Prelude.hashWithSalt` kmsKeyId
+        `Prelude.hashWithSalt` snapshotId
+        `Prelude.hashWithSalt` throughput
+        `Prelude.hashWithSalt` volumeSize
+        `Prelude.hashWithSalt` volumeType
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {..} =
+      Prelude.rnf deleteOnTermination
+        `Prelude.seq` Prelude.rnf encrypted
+        `Prelude.seq` Prelude.rnf iops
+        `Prelude.seq` Prelude.rnf kmsKeyId
+        `Prelude.seq` Prelude.rnf snapshotId
+        `Prelude.seq` Prelude.rnf throughput
+        `Prelude.seq` Prelude.rnf volumeSize
+        `Prelude.seq` Prelude.rnf volumeType
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DeleteOnTermination" Data..=)
+                Prelude.<$> deleteOnTermination,
+              ("Encrypted" Data..=) Prelude.<$> encrypted,
+              ("Iops" Data..=) Prelude.<$> iops,
+              ("KmsKeyId" Data..=) Prelude.<$> kmsKeyId,
+              ("SnapshotId" Data..=) Prelude.<$> snapshotId,
+              ("Throughput" Data..=) Prelude.<$> throughput,
+              ("VolumeSize" Data..=) Prelude.<$> volumeSize,
+              ("VolumeType" Data..=) Prelude.<$> volumeType
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails.hs
@@ -0,0 +1,117 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the target Capacity Reservation or Capacity
+-- Reservation group in which to run an Amazon EC2 instance.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails' smart constructor.
+data AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails = AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails'
+  { -- | The ID of the Capacity Reservation in which to run the instance.
+    capacityReservationId :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of the Capacity Reservation resource
+    -- group in which to run the instance.
+    capacityReservationResourceGroupArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'capacityReservationId', 'awsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails_capacityReservationId' - The ID of the Capacity Reservation in which to run the instance.
+--
+-- 'capacityReservationResourceGroupArn', 'awsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails_capacityReservationResourceGroupArn' - The Amazon Resource Name (ARN) of the Capacity Reservation resource
+-- group in which to run the instance.
+newAwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails ::
+  AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails
+newAwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails =
+  AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails'
+    { capacityReservationId =
+        Prelude.Nothing,
+      capacityReservationResourceGroupArn =
+        Prelude.Nothing
+    }
+
+-- | The ID of the Capacity Reservation in which to run the instance.
+awsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails_capacityReservationId :: Lens.Lens' AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails_capacityReservationId = Lens.lens (\AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails' {capacityReservationId} -> capacityReservationId) (\s@AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails' {} a -> s {capacityReservationId = a} :: AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails)
+
+-- | The Amazon Resource Name (ARN) of the Capacity Reservation resource
+-- group in which to run the instance.
+awsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails_capacityReservationResourceGroupArn :: Lens.Lens' AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails_capacityReservationResourceGroupArn = Lens.lens (\AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails' {capacityReservationResourceGroupArn} -> capacityReservationResourceGroupArn) (\s@AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails' {} a -> s {capacityReservationResourceGroupArn = a} :: AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails'
+            Prelude.<$> (x Data..:? "CapacityReservationId")
+            Prelude.<*> (x Data..:? "CapacityReservationResourceGroupArn")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` capacityReservationId
+        `Prelude.hashWithSalt` capacityReservationResourceGroupArn
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails' {..} =
+      Prelude.rnf capacityReservationId
+        `Prelude.seq` Prelude.rnf capacityReservationResourceGroupArn
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("CapacityReservationId" Data..=)
+                Prelude.<$> capacityReservationId,
+              ("CapacityReservationResourceGroupArn" Data..=)
+                Prelude.<$> capacityReservationResourceGroupArn
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails.hs
@@ -0,0 +1,127 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails
+
+-- | Specifies the Capacity Reservation targeting option of an Amazon EC2
+-- instance.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails' smart constructor.
+data AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails = AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails'
+  { -- | Indicates the instance\'s Capacity Reservation preferences. If equal to
+    -- @open@, the instance can run in any open Capacity Reservation that has
+    -- matching attributes (instance type, platform, Availability Zone). If
+    -- equal to @none@, the instance avoids running in a Capacity Reservation
+    -- even if one is available. The instance runs in On-Demand capacity.
+    capacityReservationPreference :: Prelude.Maybe Prelude.Text,
+    -- | Specifies a target Capacity Reservation.
+    capacityReservationTarget :: Prelude.Maybe AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'capacityReservationPreference', 'awsEc2LaunchTemplateDataCapacityReservationSpecificationDetails_capacityReservationPreference' - Indicates the instance\'s Capacity Reservation preferences. If equal to
+-- @open@, the instance can run in any open Capacity Reservation that has
+-- matching attributes (instance type, platform, Availability Zone). If
+-- equal to @none@, the instance avoids running in a Capacity Reservation
+-- even if one is available. The instance runs in On-Demand capacity.
+--
+-- 'capacityReservationTarget', 'awsEc2LaunchTemplateDataCapacityReservationSpecificationDetails_capacityReservationTarget' - Specifies a target Capacity Reservation.
+newAwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails ::
+  AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails
+newAwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails =
+  AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails'
+    { capacityReservationPreference =
+        Prelude.Nothing,
+      capacityReservationTarget =
+        Prelude.Nothing
+    }
+
+-- | Indicates the instance\'s Capacity Reservation preferences. If equal to
+-- @open@, the instance can run in any open Capacity Reservation that has
+-- matching attributes (instance type, platform, Availability Zone). If
+-- equal to @none@, the instance avoids running in a Capacity Reservation
+-- even if one is available. The instance runs in On-Demand capacity.
+awsEc2LaunchTemplateDataCapacityReservationSpecificationDetails_capacityReservationPreference :: Lens.Lens' AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataCapacityReservationSpecificationDetails_capacityReservationPreference = Lens.lens (\AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails' {capacityReservationPreference} -> capacityReservationPreference) (\s@AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails' {} a -> s {capacityReservationPreference = a} :: AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails)
+
+-- | Specifies a target Capacity Reservation.
+awsEc2LaunchTemplateDataCapacityReservationSpecificationDetails_capacityReservationTarget :: Lens.Lens' AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails (Prelude.Maybe AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails)
+awsEc2LaunchTemplateDataCapacityReservationSpecificationDetails_capacityReservationTarget = Lens.lens (\AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails' {capacityReservationTarget} -> capacityReservationTarget) (\s@AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails' {} a -> s {capacityReservationTarget = a} :: AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails'
+            Prelude.<$> (x Data..:? "CapacityReservationPreference")
+            Prelude.<*> (x Data..:? "CapacityReservationTarget")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` capacityReservationPreference
+        `Prelude.hashWithSalt` capacityReservationTarget
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails' {..} =
+      Prelude.rnf capacityReservationPreference
+        `Prelude.seq` Prelude.rnf capacityReservationTarget
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("CapacityReservationPreference" Data..=)
+                Prelude.<$> capacityReservationPreference,
+              ("CapacityReservationTarget" Data..=)
+                Prelude.<$> capacityReservationTarget
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataCpuOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataCpuOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataCpuOptionsDetails.hs
@@ -0,0 +1,115 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCpuOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCpuOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies the CPU options for an Amazon EC2 instance. For more
+-- information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html Optimize CPU options>
+-- in the /Amazon Elastic Compute Cloud User Guide/.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataCpuOptionsDetails' smart constructor.
+data AwsEc2LaunchTemplateDataCpuOptionsDetails = AwsEc2LaunchTemplateDataCpuOptionsDetails'
+  { -- | The number of CPU cores for the instance.
+    coreCount :: Prelude.Maybe Prelude.Int,
+    -- | The number of threads per CPU core. A value of @1@ disables
+    -- multithreading for the instance, The default value is @2@.
+    threadsPerCore :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataCpuOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'coreCount', 'awsEc2LaunchTemplateDataCpuOptionsDetails_coreCount' - The number of CPU cores for the instance.
+--
+-- 'threadsPerCore', 'awsEc2LaunchTemplateDataCpuOptionsDetails_threadsPerCore' - The number of threads per CPU core. A value of @1@ disables
+-- multithreading for the instance, The default value is @2@.
+newAwsEc2LaunchTemplateDataCpuOptionsDetails ::
+  AwsEc2LaunchTemplateDataCpuOptionsDetails
+newAwsEc2LaunchTemplateDataCpuOptionsDetails =
+  AwsEc2LaunchTemplateDataCpuOptionsDetails'
+    { coreCount =
+        Prelude.Nothing,
+      threadsPerCore = Prelude.Nothing
+    }
+
+-- | The number of CPU cores for the instance.
+awsEc2LaunchTemplateDataCpuOptionsDetails_coreCount :: Lens.Lens' AwsEc2LaunchTemplateDataCpuOptionsDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataCpuOptionsDetails_coreCount = Lens.lens (\AwsEc2LaunchTemplateDataCpuOptionsDetails' {coreCount} -> coreCount) (\s@AwsEc2LaunchTemplateDataCpuOptionsDetails' {} a -> s {coreCount = a} :: AwsEc2LaunchTemplateDataCpuOptionsDetails)
+
+-- | The number of threads per CPU core. A value of @1@ disables
+-- multithreading for the instance, The default value is @2@.
+awsEc2LaunchTemplateDataCpuOptionsDetails_threadsPerCore :: Lens.Lens' AwsEc2LaunchTemplateDataCpuOptionsDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataCpuOptionsDetails_threadsPerCore = Lens.lens (\AwsEc2LaunchTemplateDataCpuOptionsDetails' {threadsPerCore} -> threadsPerCore) (\s@AwsEc2LaunchTemplateDataCpuOptionsDetails' {} a -> s {threadsPerCore = a} :: AwsEc2LaunchTemplateDataCpuOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataCpuOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataCpuOptionsDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataCpuOptionsDetails'
+            Prelude.<$> (x Data..:? "CoreCount")
+            Prelude.<*> (x Data..:? "ThreadsPerCore")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataCpuOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataCpuOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` coreCount
+        `Prelude.hashWithSalt` threadsPerCore
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataCpuOptionsDetails
+  where
+  rnf AwsEc2LaunchTemplateDataCpuOptionsDetails' {..} =
+    Prelude.rnf coreCount
+      `Prelude.seq` Prelude.rnf threadsPerCore
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataCpuOptionsDetails
+  where
+  toJSON AwsEc2LaunchTemplateDataCpuOptionsDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CoreCount" Data..=) Prelude.<$> coreCount,
+            ("ThreadsPerCore" Data..=)
+              Prelude.<$> threadsPerCore
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataCreditSpecificationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataCreditSpecificationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataCreditSpecificationDetails.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCreditSpecificationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCreditSpecificationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies the credit option for CPU usage of a T2, T3, or T3a Amazon EC2
+-- instance.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataCreditSpecificationDetails' smart constructor.
+data AwsEc2LaunchTemplateDataCreditSpecificationDetails = AwsEc2LaunchTemplateDataCreditSpecificationDetails'
+  { -- | The credit option for CPU usage of a T instance.
+    cpuCredits :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataCreditSpecificationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cpuCredits', 'awsEc2LaunchTemplateDataCreditSpecificationDetails_cpuCredits' - The credit option for CPU usage of a T instance.
+newAwsEc2LaunchTemplateDataCreditSpecificationDetails ::
+  AwsEc2LaunchTemplateDataCreditSpecificationDetails
+newAwsEc2LaunchTemplateDataCreditSpecificationDetails =
+  AwsEc2LaunchTemplateDataCreditSpecificationDetails'
+    { cpuCredits =
+        Prelude.Nothing
+    }
+
+-- | The credit option for CPU usage of a T instance.
+awsEc2LaunchTemplateDataCreditSpecificationDetails_cpuCredits :: Lens.Lens' AwsEc2LaunchTemplateDataCreditSpecificationDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataCreditSpecificationDetails_cpuCredits = Lens.lens (\AwsEc2LaunchTemplateDataCreditSpecificationDetails' {cpuCredits} -> cpuCredits) (\s@AwsEc2LaunchTemplateDataCreditSpecificationDetails' {} a -> s {cpuCredits = a} :: AwsEc2LaunchTemplateDataCreditSpecificationDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataCreditSpecificationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataCreditSpecificationDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataCreditSpecificationDetails'
+            Prelude.<$> (x Data..:? "CpuCredits")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataCreditSpecificationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataCreditSpecificationDetails' {..} =
+      _salt `Prelude.hashWithSalt` cpuCredits
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataCreditSpecificationDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataCreditSpecificationDetails' {..} =
+      Prelude.rnf cpuCredits
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataCreditSpecificationDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataCreditSpecificationDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("CpuCredits" Data..=) Prelude.<$> cpuCredits]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataDetails.hs
@@ -0,0 +1,608 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCpuOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataCreditSpecificationDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataEnclaveOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataHibernationOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataIamInstanceProfileDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataLicenseSetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMaintenanceOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMetadataOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMonitoringDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataPlacementDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails
+
+-- | The information to include in an Amazon Elastic Compute Cloud (Amazon
+-- EC2) launch template.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataDetails' smart constructor.
+data AwsEc2LaunchTemplateDataDetails = AwsEc2LaunchTemplateDataDetails'
+  { -- | Information about a block device mapping for an Amazon EC2 launch
+    -- template.
+    blockDeviceMappingSet :: Prelude.Maybe [AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails],
+    -- | Specifies an instance\'s Capacity Reservation targeting option. You can
+    -- specify only one option at a time.
+    capacityReservationSpecification :: Prelude.Maybe AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails,
+    -- | Specifies the CPU options for an instance. For more information, see
+    -- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html Optimize CPU options>
+    -- in the /Amazon Elastic Compute Cloud User Guide/.
+    cpuOptions :: Prelude.Maybe AwsEc2LaunchTemplateDataCpuOptionsDetails,
+    -- | Specifies the credit option for CPU usage of a T2, T3, or T3a instance.
+    creditSpecification :: Prelude.Maybe AwsEc2LaunchTemplateDataCreditSpecificationDetails,
+    -- | Indicates whether to enable the instance for stop protection. For more
+    -- information, see
+    -- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#Using_StopProtection Enable stop protection>
+    -- in the /Amazon EC2 User Guide/.
+    disableApiStop :: Prelude.Maybe Prelude.Bool,
+    -- | If you set this parameter to @true@, you can\'t terminate the instance
+    -- using the Amazon EC2 console, CLI, or API. If set to @true@, you can.
+    disableApiTermination :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates whether the instance is optimized for Amazon EBS I\/O.
+    ebsOptimized :: Prelude.Maybe Prelude.Bool,
+    -- | Provides details about Elastic Graphics accelerators to associate with
+    -- the instance.
+    elasticGpuSpecificationSet :: Prelude.Maybe [AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails],
+    -- | The Amazon Elastic Inference accelerator for the instance.
+    elasticInferenceAcceleratorSet :: Prelude.Maybe [AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails],
+    -- | Indicates whether the Amazon EC2 instance is enabled for Amazon Web
+    -- Services Nitro Enclaves.
+    enclaveOptions :: Prelude.Maybe AwsEc2LaunchTemplateDataEnclaveOptionsDetails,
+    -- | Specifies whether your Amazon EC2 instance is configured for
+    -- hibernation.
+    hibernationOptions :: Prelude.Maybe AwsEc2LaunchTemplateDataHibernationOptionsDetails,
+    -- | The name or Amazon Resource Name (ARN) of an IAM instance profile.
+    iamInstanceProfile :: Prelude.Maybe AwsEc2LaunchTemplateDataIamInstanceProfileDetails,
+    -- | The ID of the Amazon Machine Image (AMI).
+    imageId :: Prelude.Maybe Prelude.Text,
+    -- | Provides the options for specifying the instance initiated shutdown
+    -- behavior.
+    instanceInitiatedShutdownBehavior :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the market (purchasing) option for an instance.
+    instanceMarketOptions :: Prelude.Maybe AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails,
+    -- | The attributes for the instance types. When you specify instance
+    -- attributes, Amazon EC2 will identify instance types with these
+    -- attributes. If you specify @InstanceRequirements@, you can\'t specify
+    -- @InstanceType@.
+    instanceRequirements :: Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsDetails,
+    -- | The instance type. For more information, see
+    -- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html Instance types>
+    -- in the /Amazon EC2 User Guide/. If you specify @InstanceType@, you
+    -- can\'t specify @InstanceRequirements@.
+    instanceType :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the kernel.
+    kernelId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the key pair that allows users to connect to the instance.
+    keyName :: Prelude.Maybe Prelude.Text,
+    -- | Specifies a license configuration for an instance.
+    licenseSet :: Prelude.Maybe [AwsEc2LaunchTemplateDataLicenseSetDetails],
+    -- | The maintenance options of your instance.
+    maintenanceOptions :: Prelude.Maybe AwsEc2LaunchTemplateDataMaintenanceOptionsDetails,
+    -- | The metadata options for the instance. For more information, see
+    -- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html Instance metadata and user data>
+    -- in the /Amazon EC2 User Guide/.
+    metadataOptions :: Prelude.Maybe AwsEc2LaunchTemplateDataMetadataOptionsDetails,
+    -- | The monitoring for the instance.
+    monitoring :: Prelude.Maybe AwsEc2LaunchTemplateDataMonitoringDetails,
+    -- | Specifies the parameters for a network interface that is attached to the
+    -- instance.
+    networkInterfaceSet :: Prelude.Maybe [AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails],
+    -- | Specifies the placement of an instance.
+    placement :: Prelude.Maybe AwsEc2LaunchTemplateDataPlacementDetails,
+    -- | The options for the instance hostname.
+    privateDnsNameOptions :: Prelude.Maybe AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails,
+    -- | The ID of the RAM disk.
+    ramDiskId :: Prelude.Maybe Prelude.Text,
+    -- | One or more security group IDs.
+    securityGroupIdSet :: Prelude.Maybe [Prelude.Text],
+    -- | One or more security group names. For a nondefault VPC, you must use
+    -- security group IDs instead. You cannot specify both a security group ID
+    -- and security name in the same request.
+    securityGroupSet :: Prelude.Maybe [Prelude.Text],
+    -- | The user data to make available to the instance.
+    userData :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'blockDeviceMappingSet', 'awsEc2LaunchTemplateDataDetails_blockDeviceMappingSet' - Information about a block device mapping for an Amazon EC2 launch
+-- template.
+--
+-- 'capacityReservationSpecification', 'awsEc2LaunchTemplateDataDetails_capacityReservationSpecification' - Specifies an instance\'s Capacity Reservation targeting option. You can
+-- specify only one option at a time.
+--
+-- 'cpuOptions', 'awsEc2LaunchTemplateDataDetails_cpuOptions' - Specifies the CPU options for an instance. For more information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html Optimize CPU options>
+-- in the /Amazon Elastic Compute Cloud User Guide/.
+--
+-- 'creditSpecification', 'awsEc2LaunchTemplateDataDetails_creditSpecification' - Specifies the credit option for CPU usage of a T2, T3, or T3a instance.
+--
+-- 'disableApiStop', 'awsEc2LaunchTemplateDataDetails_disableApiStop' - Indicates whether to enable the instance for stop protection. For more
+-- information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#Using_StopProtection Enable stop protection>
+-- in the /Amazon EC2 User Guide/.
+--
+-- 'disableApiTermination', 'awsEc2LaunchTemplateDataDetails_disableApiTermination' - If you set this parameter to @true@, you can\'t terminate the instance
+-- using the Amazon EC2 console, CLI, or API. If set to @true@, you can.
+--
+-- 'ebsOptimized', 'awsEc2LaunchTemplateDataDetails_ebsOptimized' - Indicates whether the instance is optimized for Amazon EBS I\/O.
+--
+-- 'elasticGpuSpecificationSet', 'awsEc2LaunchTemplateDataDetails_elasticGpuSpecificationSet' - Provides details about Elastic Graphics accelerators to associate with
+-- the instance.
+--
+-- 'elasticInferenceAcceleratorSet', 'awsEc2LaunchTemplateDataDetails_elasticInferenceAcceleratorSet' - The Amazon Elastic Inference accelerator for the instance.
+--
+-- 'enclaveOptions', 'awsEc2LaunchTemplateDataDetails_enclaveOptions' - Indicates whether the Amazon EC2 instance is enabled for Amazon Web
+-- Services Nitro Enclaves.
+--
+-- 'hibernationOptions', 'awsEc2LaunchTemplateDataDetails_hibernationOptions' - Specifies whether your Amazon EC2 instance is configured for
+-- hibernation.
+--
+-- 'iamInstanceProfile', 'awsEc2LaunchTemplateDataDetails_iamInstanceProfile' - The name or Amazon Resource Name (ARN) of an IAM instance profile.
+--
+-- 'imageId', 'awsEc2LaunchTemplateDataDetails_imageId' - The ID of the Amazon Machine Image (AMI).
+--
+-- 'instanceInitiatedShutdownBehavior', 'awsEc2LaunchTemplateDataDetails_instanceInitiatedShutdownBehavior' - Provides the options for specifying the instance initiated shutdown
+-- behavior.
+--
+-- 'instanceMarketOptions', 'awsEc2LaunchTemplateDataDetails_instanceMarketOptions' - Specifies the market (purchasing) option for an instance.
+--
+-- 'instanceRequirements', 'awsEc2LaunchTemplateDataDetails_instanceRequirements' - The attributes for the instance types. When you specify instance
+-- attributes, Amazon EC2 will identify instance types with these
+-- attributes. If you specify @InstanceRequirements@, you can\'t specify
+-- @InstanceType@.
+--
+-- 'instanceType', 'awsEc2LaunchTemplateDataDetails_instanceType' - The instance type. For more information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html Instance types>
+-- in the /Amazon EC2 User Guide/. If you specify @InstanceType@, you
+-- can\'t specify @InstanceRequirements@.
+--
+-- 'kernelId', 'awsEc2LaunchTemplateDataDetails_kernelId' - The ID of the kernel.
+--
+-- 'keyName', 'awsEc2LaunchTemplateDataDetails_keyName' - The name of the key pair that allows users to connect to the instance.
+--
+-- 'licenseSet', 'awsEc2LaunchTemplateDataDetails_licenseSet' - Specifies a license configuration for an instance.
+--
+-- 'maintenanceOptions', 'awsEc2LaunchTemplateDataDetails_maintenanceOptions' - The maintenance options of your instance.
+--
+-- 'metadataOptions', 'awsEc2LaunchTemplateDataDetails_metadataOptions' - The metadata options for the instance. For more information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html Instance metadata and user data>
+-- in the /Amazon EC2 User Guide/.
+--
+-- 'monitoring', 'awsEc2LaunchTemplateDataDetails_monitoring' - The monitoring for the instance.
+--
+-- 'networkInterfaceSet', 'awsEc2LaunchTemplateDataDetails_networkInterfaceSet' - Specifies the parameters for a network interface that is attached to the
+-- instance.
+--
+-- 'placement', 'awsEc2LaunchTemplateDataDetails_placement' - Specifies the placement of an instance.
+--
+-- 'privateDnsNameOptions', 'awsEc2LaunchTemplateDataDetails_privateDnsNameOptions' - The options for the instance hostname.
+--
+-- 'ramDiskId', 'awsEc2LaunchTemplateDataDetails_ramDiskId' - The ID of the RAM disk.
+--
+-- 'securityGroupIdSet', 'awsEc2LaunchTemplateDataDetails_securityGroupIdSet' - One or more security group IDs.
+--
+-- 'securityGroupSet', 'awsEc2LaunchTemplateDataDetails_securityGroupSet' - One or more security group names. For a nondefault VPC, you must use
+-- security group IDs instead. You cannot specify both a security group ID
+-- and security name in the same request.
+--
+-- 'userData', 'awsEc2LaunchTemplateDataDetails_userData' - The user data to make available to the instance.
+newAwsEc2LaunchTemplateDataDetails ::
+  AwsEc2LaunchTemplateDataDetails
+newAwsEc2LaunchTemplateDataDetails =
+  AwsEc2LaunchTemplateDataDetails'
+    { blockDeviceMappingSet =
+        Prelude.Nothing,
+      capacityReservationSpecification =
+        Prelude.Nothing,
+      cpuOptions = Prelude.Nothing,
+      creditSpecification = Prelude.Nothing,
+      disableApiStop = Prelude.Nothing,
+      disableApiTermination = Prelude.Nothing,
+      ebsOptimized = Prelude.Nothing,
+      elasticGpuSpecificationSet =
+        Prelude.Nothing,
+      elasticInferenceAcceleratorSet =
+        Prelude.Nothing,
+      enclaveOptions = Prelude.Nothing,
+      hibernationOptions = Prelude.Nothing,
+      iamInstanceProfile = Prelude.Nothing,
+      imageId = Prelude.Nothing,
+      instanceInitiatedShutdownBehavior =
+        Prelude.Nothing,
+      instanceMarketOptions = Prelude.Nothing,
+      instanceRequirements = Prelude.Nothing,
+      instanceType = Prelude.Nothing,
+      kernelId = Prelude.Nothing,
+      keyName = Prelude.Nothing,
+      licenseSet = Prelude.Nothing,
+      maintenanceOptions = Prelude.Nothing,
+      metadataOptions = Prelude.Nothing,
+      monitoring = Prelude.Nothing,
+      networkInterfaceSet = Prelude.Nothing,
+      placement = Prelude.Nothing,
+      privateDnsNameOptions = Prelude.Nothing,
+      ramDiskId = Prelude.Nothing,
+      securityGroupIdSet = Prelude.Nothing,
+      securityGroupSet = Prelude.Nothing,
+      userData = Prelude.Nothing
+    }
+
+-- | Information about a block device mapping for an Amazon EC2 launch
+-- template.
+awsEc2LaunchTemplateDataDetails_blockDeviceMappingSet :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe [AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails])
+awsEc2LaunchTemplateDataDetails_blockDeviceMappingSet = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {blockDeviceMappingSet} -> blockDeviceMappingSet) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {blockDeviceMappingSet = a} :: AwsEc2LaunchTemplateDataDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies an instance\'s Capacity Reservation targeting option. You can
+-- specify only one option at a time.
+awsEc2LaunchTemplateDataDetails_capacityReservationSpecification :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails)
+awsEc2LaunchTemplateDataDetails_capacityReservationSpecification = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {capacityReservationSpecification} -> capacityReservationSpecification) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {capacityReservationSpecification = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | Specifies the CPU options for an instance. For more information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html Optimize CPU options>
+-- in the /Amazon Elastic Compute Cloud User Guide/.
+awsEc2LaunchTemplateDataDetails_cpuOptions :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe AwsEc2LaunchTemplateDataCpuOptionsDetails)
+awsEc2LaunchTemplateDataDetails_cpuOptions = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {cpuOptions} -> cpuOptions) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {cpuOptions = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | Specifies the credit option for CPU usage of a T2, T3, or T3a instance.
+awsEc2LaunchTemplateDataDetails_creditSpecification :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe AwsEc2LaunchTemplateDataCreditSpecificationDetails)
+awsEc2LaunchTemplateDataDetails_creditSpecification = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {creditSpecification} -> creditSpecification) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {creditSpecification = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | Indicates whether to enable the instance for stop protection. For more
+-- information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#Using_StopProtection Enable stop protection>
+-- in the /Amazon EC2 User Guide/.
+awsEc2LaunchTemplateDataDetails_disableApiStop :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe Prelude.Bool)
+awsEc2LaunchTemplateDataDetails_disableApiStop = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {disableApiStop} -> disableApiStop) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {disableApiStop = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | If you set this parameter to @true@, you can\'t terminate the instance
+-- using the Amazon EC2 console, CLI, or API. If set to @true@, you can.
+awsEc2LaunchTemplateDataDetails_disableApiTermination :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe Prelude.Bool)
+awsEc2LaunchTemplateDataDetails_disableApiTermination = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {disableApiTermination} -> disableApiTermination) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {disableApiTermination = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | Indicates whether the instance is optimized for Amazon EBS I\/O.
+awsEc2LaunchTemplateDataDetails_ebsOptimized :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe Prelude.Bool)
+awsEc2LaunchTemplateDataDetails_ebsOptimized = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {ebsOptimized} -> ebsOptimized) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {ebsOptimized = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | Provides details about Elastic Graphics accelerators to associate with
+-- the instance.
+awsEc2LaunchTemplateDataDetails_elasticGpuSpecificationSet :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe [AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails])
+awsEc2LaunchTemplateDataDetails_elasticGpuSpecificationSet = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {elasticGpuSpecificationSet} -> elasticGpuSpecificationSet) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {elasticGpuSpecificationSet = a} :: AwsEc2LaunchTemplateDataDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Amazon Elastic Inference accelerator for the instance.
+awsEc2LaunchTemplateDataDetails_elasticInferenceAcceleratorSet :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe [AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails])
+awsEc2LaunchTemplateDataDetails_elasticInferenceAcceleratorSet = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {elasticInferenceAcceleratorSet} -> elasticInferenceAcceleratorSet) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {elasticInferenceAcceleratorSet = a} :: AwsEc2LaunchTemplateDataDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates whether the Amazon EC2 instance is enabled for Amazon Web
+-- Services Nitro Enclaves.
+awsEc2LaunchTemplateDataDetails_enclaveOptions :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe AwsEc2LaunchTemplateDataEnclaveOptionsDetails)
+awsEc2LaunchTemplateDataDetails_enclaveOptions = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {enclaveOptions} -> enclaveOptions) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {enclaveOptions = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | Specifies whether your Amazon EC2 instance is configured for
+-- hibernation.
+awsEc2LaunchTemplateDataDetails_hibernationOptions :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe AwsEc2LaunchTemplateDataHibernationOptionsDetails)
+awsEc2LaunchTemplateDataDetails_hibernationOptions = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {hibernationOptions} -> hibernationOptions) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {hibernationOptions = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | The name or Amazon Resource Name (ARN) of an IAM instance profile.
+awsEc2LaunchTemplateDataDetails_iamInstanceProfile :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe AwsEc2LaunchTemplateDataIamInstanceProfileDetails)
+awsEc2LaunchTemplateDataDetails_iamInstanceProfile = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {iamInstanceProfile} -> iamInstanceProfile) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {iamInstanceProfile = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | The ID of the Amazon Machine Image (AMI).
+awsEc2LaunchTemplateDataDetails_imageId :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataDetails_imageId = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {imageId} -> imageId) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {imageId = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | Provides the options for specifying the instance initiated shutdown
+-- behavior.
+awsEc2LaunchTemplateDataDetails_instanceInitiatedShutdownBehavior :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataDetails_instanceInitiatedShutdownBehavior = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {instanceInitiatedShutdownBehavior} -> instanceInitiatedShutdownBehavior) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {instanceInitiatedShutdownBehavior = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | Specifies the market (purchasing) option for an instance.
+awsEc2LaunchTemplateDataDetails_instanceMarketOptions :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails)
+awsEc2LaunchTemplateDataDetails_instanceMarketOptions = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {instanceMarketOptions} -> instanceMarketOptions) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {instanceMarketOptions = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | The attributes for the instance types. When you specify instance
+-- attributes, Amazon EC2 will identify instance types with these
+-- attributes. If you specify @InstanceRequirements@, you can\'t specify
+-- @InstanceType@.
+awsEc2LaunchTemplateDataDetails_instanceRequirements :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsDetails)
+awsEc2LaunchTemplateDataDetails_instanceRequirements = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {instanceRequirements} -> instanceRequirements) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {instanceRequirements = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | The instance type. For more information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html Instance types>
+-- in the /Amazon EC2 User Guide/. If you specify @InstanceType@, you
+-- can\'t specify @InstanceRequirements@.
+awsEc2LaunchTemplateDataDetails_instanceType :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataDetails_instanceType = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {instanceType} -> instanceType) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {instanceType = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | The ID of the kernel.
+awsEc2LaunchTemplateDataDetails_kernelId :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataDetails_kernelId = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {kernelId} -> kernelId) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {kernelId = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | The name of the key pair that allows users to connect to the instance.
+awsEc2LaunchTemplateDataDetails_keyName :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataDetails_keyName = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {keyName} -> keyName) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {keyName = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | Specifies a license configuration for an instance.
+awsEc2LaunchTemplateDataDetails_licenseSet :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe [AwsEc2LaunchTemplateDataLicenseSetDetails])
+awsEc2LaunchTemplateDataDetails_licenseSet = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {licenseSet} -> licenseSet) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {licenseSet = a} :: AwsEc2LaunchTemplateDataDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The maintenance options of your instance.
+awsEc2LaunchTemplateDataDetails_maintenanceOptions :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe AwsEc2LaunchTemplateDataMaintenanceOptionsDetails)
+awsEc2LaunchTemplateDataDetails_maintenanceOptions = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {maintenanceOptions} -> maintenanceOptions) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {maintenanceOptions = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | The metadata options for the instance. For more information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html Instance metadata and user data>
+-- in the /Amazon EC2 User Guide/.
+awsEc2LaunchTemplateDataDetails_metadataOptions :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe AwsEc2LaunchTemplateDataMetadataOptionsDetails)
+awsEc2LaunchTemplateDataDetails_metadataOptions = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {metadataOptions} -> metadataOptions) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {metadataOptions = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | The monitoring for the instance.
+awsEc2LaunchTemplateDataDetails_monitoring :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe AwsEc2LaunchTemplateDataMonitoringDetails)
+awsEc2LaunchTemplateDataDetails_monitoring = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {monitoring} -> monitoring) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {monitoring = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | Specifies the parameters for a network interface that is attached to the
+-- instance.
+awsEc2LaunchTemplateDataDetails_networkInterfaceSet :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe [AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails])
+awsEc2LaunchTemplateDataDetails_networkInterfaceSet = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {networkInterfaceSet} -> networkInterfaceSet) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {networkInterfaceSet = a} :: AwsEc2LaunchTemplateDataDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies the placement of an instance.
+awsEc2LaunchTemplateDataDetails_placement :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe AwsEc2LaunchTemplateDataPlacementDetails)
+awsEc2LaunchTemplateDataDetails_placement = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {placement} -> placement) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {placement = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | The options for the instance hostname.
+awsEc2LaunchTemplateDataDetails_privateDnsNameOptions :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails)
+awsEc2LaunchTemplateDataDetails_privateDnsNameOptions = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {privateDnsNameOptions} -> privateDnsNameOptions) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {privateDnsNameOptions = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | The ID of the RAM disk.
+awsEc2LaunchTemplateDataDetails_ramDiskId :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataDetails_ramDiskId = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {ramDiskId} -> ramDiskId) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {ramDiskId = a} :: AwsEc2LaunchTemplateDataDetails)
+
+-- | One or more security group IDs.
+awsEc2LaunchTemplateDataDetails_securityGroupIdSet :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe [Prelude.Text])
+awsEc2LaunchTemplateDataDetails_securityGroupIdSet = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {securityGroupIdSet} -> securityGroupIdSet) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {securityGroupIdSet = a} :: AwsEc2LaunchTemplateDataDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | One or more security group names. For a nondefault VPC, you must use
+-- security group IDs instead. You cannot specify both a security group ID
+-- and security name in the same request.
+awsEc2LaunchTemplateDataDetails_securityGroupSet :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe [Prelude.Text])
+awsEc2LaunchTemplateDataDetails_securityGroupSet = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {securityGroupSet} -> securityGroupSet) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {securityGroupSet = a} :: AwsEc2LaunchTemplateDataDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The user data to make available to the instance.
+awsEc2LaunchTemplateDataDetails_userData :: Lens.Lens' AwsEc2LaunchTemplateDataDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataDetails_userData = Lens.lens (\AwsEc2LaunchTemplateDataDetails' {userData} -> userData) (\s@AwsEc2LaunchTemplateDataDetails' {} a -> s {userData = a} :: AwsEc2LaunchTemplateDataDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataDetails'
+            Prelude.<$> ( x
+                            Data..:? "BlockDeviceMappingSet"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "CapacityReservationSpecification")
+            Prelude.<*> (x Data..:? "CpuOptions")
+            Prelude.<*> (x Data..:? "CreditSpecification")
+            Prelude.<*> (x Data..:? "DisableApiStop")
+            Prelude.<*> (x Data..:? "DisableApiTermination")
+            Prelude.<*> (x Data..:? "EbsOptimized")
+            Prelude.<*> ( x
+                            Data..:? "ElasticGpuSpecificationSet"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ElasticInferenceAcceleratorSet"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "EnclaveOptions")
+            Prelude.<*> (x Data..:? "HibernationOptions")
+            Prelude.<*> (x Data..:? "IamInstanceProfile")
+            Prelude.<*> (x Data..:? "ImageId")
+            Prelude.<*> (x Data..:? "InstanceInitiatedShutdownBehavior")
+            Prelude.<*> (x Data..:? "InstanceMarketOptions")
+            Prelude.<*> (x Data..:? "InstanceRequirements")
+            Prelude.<*> (x Data..:? "InstanceType")
+            Prelude.<*> (x Data..:? "KernelId")
+            Prelude.<*> (x Data..:? "KeyName")
+            Prelude.<*> (x Data..:? "LicenseSet" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "MaintenanceOptions")
+            Prelude.<*> (x Data..:? "MetadataOptions")
+            Prelude.<*> (x Data..:? "Monitoring")
+            Prelude.<*> ( x
+                            Data..:? "NetworkInterfaceSet"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Placement")
+            Prelude.<*> (x Data..:? "PrivateDnsNameOptions")
+            Prelude.<*> (x Data..:? "RamDiskId")
+            Prelude.<*> ( x
+                            Data..:? "SecurityGroupIdSet"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "SecurityGroupSet"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "UserData")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` blockDeviceMappingSet
+        `Prelude.hashWithSalt` capacityReservationSpecification
+        `Prelude.hashWithSalt` cpuOptions
+        `Prelude.hashWithSalt` creditSpecification
+        `Prelude.hashWithSalt` disableApiStop
+        `Prelude.hashWithSalt` disableApiTermination
+        `Prelude.hashWithSalt` ebsOptimized
+        `Prelude.hashWithSalt` elasticGpuSpecificationSet
+        `Prelude.hashWithSalt` elasticInferenceAcceleratorSet
+        `Prelude.hashWithSalt` enclaveOptions
+        `Prelude.hashWithSalt` hibernationOptions
+        `Prelude.hashWithSalt` iamInstanceProfile
+        `Prelude.hashWithSalt` imageId
+        `Prelude.hashWithSalt` instanceInitiatedShutdownBehavior
+        `Prelude.hashWithSalt` instanceMarketOptions
+        `Prelude.hashWithSalt` instanceRequirements
+        `Prelude.hashWithSalt` instanceType
+        `Prelude.hashWithSalt` kernelId
+        `Prelude.hashWithSalt` keyName
+        `Prelude.hashWithSalt` licenseSet
+        `Prelude.hashWithSalt` maintenanceOptions
+        `Prelude.hashWithSalt` metadataOptions
+        `Prelude.hashWithSalt` monitoring
+        `Prelude.hashWithSalt` networkInterfaceSet
+        `Prelude.hashWithSalt` placement
+        `Prelude.hashWithSalt` privateDnsNameOptions
+        `Prelude.hashWithSalt` ramDiskId
+        `Prelude.hashWithSalt` securityGroupIdSet
+        `Prelude.hashWithSalt` securityGroupSet
+        `Prelude.hashWithSalt` userData
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataDetails
+  where
+  rnf AwsEc2LaunchTemplateDataDetails' {..} =
+    Prelude.rnf blockDeviceMappingSet
+      `Prelude.seq` Prelude.rnf capacityReservationSpecification
+      `Prelude.seq` Prelude.rnf cpuOptions
+      `Prelude.seq` Prelude.rnf creditSpecification
+      `Prelude.seq` Prelude.rnf disableApiStop
+      `Prelude.seq` Prelude.rnf disableApiTermination
+      `Prelude.seq` Prelude.rnf ebsOptimized
+      `Prelude.seq` Prelude.rnf elasticGpuSpecificationSet
+      `Prelude.seq` Prelude.rnf elasticInferenceAcceleratorSet
+      `Prelude.seq` Prelude.rnf enclaveOptions
+      `Prelude.seq` Prelude.rnf hibernationOptions
+      `Prelude.seq` Prelude.rnf iamInstanceProfile
+      `Prelude.seq` Prelude.rnf imageId
+      `Prelude.seq` Prelude.rnf
+        instanceInitiatedShutdownBehavior
+      `Prelude.seq` Prelude.rnf instanceMarketOptions
+      `Prelude.seq` Prelude.rnf instanceRequirements
+      `Prelude.seq` Prelude.rnf instanceType
+      `Prelude.seq` Prelude.rnf kernelId
+      `Prelude.seq` Prelude.rnf keyName
+      `Prelude.seq` Prelude.rnf licenseSet
+      `Prelude.seq` Prelude.rnf
+        maintenanceOptions
+      `Prelude.seq` Prelude.rnf
+        metadataOptions
+      `Prelude.seq` Prelude.rnf monitoring
+      `Prelude.seq` Prelude.rnf
+        networkInterfaceSet
+      `Prelude.seq` Prelude.rnf
+        placement
+      `Prelude.seq` Prelude.rnf
+        privateDnsNameOptions
+      `Prelude.seq` Prelude.rnf
+        ramDiskId
+      `Prelude.seq` Prelude.rnf
+        securityGroupIdSet
+      `Prelude.seq` Prelude.rnf
+        securityGroupSet
+      `Prelude.seq` Prelude.rnf
+        userData
+
+instance Data.ToJSON AwsEc2LaunchTemplateDataDetails where
+  toJSON AwsEc2LaunchTemplateDataDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("BlockDeviceMappingSet" Data..=)
+              Prelude.<$> blockDeviceMappingSet,
+            ("CapacityReservationSpecification" Data..=)
+              Prelude.<$> capacityReservationSpecification,
+            ("CpuOptions" Data..=) Prelude.<$> cpuOptions,
+            ("CreditSpecification" Data..=)
+              Prelude.<$> creditSpecification,
+            ("DisableApiStop" Data..=)
+              Prelude.<$> disableApiStop,
+            ("DisableApiTermination" Data..=)
+              Prelude.<$> disableApiTermination,
+            ("EbsOptimized" Data..=) Prelude.<$> ebsOptimized,
+            ("ElasticGpuSpecificationSet" Data..=)
+              Prelude.<$> elasticGpuSpecificationSet,
+            ("ElasticInferenceAcceleratorSet" Data..=)
+              Prelude.<$> elasticInferenceAcceleratorSet,
+            ("EnclaveOptions" Data..=)
+              Prelude.<$> enclaveOptions,
+            ("HibernationOptions" Data..=)
+              Prelude.<$> hibernationOptions,
+            ("IamInstanceProfile" Data..=)
+              Prelude.<$> iamInstanceProfile,
+            ("ImageId" Data..=) Prelude.<$> imageId,
+            ("InstanceInitiatedShutdownBehavior" Data..=)
+              Prelude.<$> instanceInitiatedShutdownBehavior,
+            ("InstanceMarketOptions" Data..=)
+              Prelude.<$> instanceMarketOptions,
+            ("InstanceRequirements" Data..=)
+              Prelude.<$> instanceRequirements,
+            ("InstanceType" Data..=) Prelude.<$> instanceType,
+            ("KernelId" Data..=) Prelude.<$> kernelId,
+            ("KeyName" Data..=) Prelude.<$> keyName,
+            ("LicenseSet" Data..=) Prelude.<$> licenseSet,
+            ("MaintenanceOptions" Data..=)
+              Prelude.<$> maintenanceOptions,
+            ("MetadataOptions" Data..=)
+              Prelude.<$> metadataOptions,
+            ("Monitoring" Data..=) Prelude.<$> monitoring,
+            ("NetworkInterfaceSet" Data..=)
+              Prelude.<$> networkInterfaceSet,
+            ("Placement" Data..=) Prelude.<$> placement,
+            ("PrivateDnsNameOptions" Data..=)
+              Prelude.<$> privateDnsNameOptions,
+            ("RamDiskId" Data..=) Prelude.<$> ramDiskId,
+            ("SecurityGroupIdSet" Data..=)
+              Prelude.<$> securityGroupIdSet,
+            ("SecurityGroupSet" Data..=)
+              Prelude.<$> securityGroupSet,
+            ("UserData" Data..=) Prelude.<$> userData
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about an Elastic Graphics specification for an Amazon
+-- EC2 launch template.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails' smart constructor.
+data AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails = AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails'
+  { -- | The type of Elastic Graphics accelerator.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'type'', 'awsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails_type' - The type of Elastic Graphics accelerator.
+newAwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails ::
+  AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails
+newAwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails =
+  AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails'
+    { type' =
+        Prelude.Nothing
+    }
+
+-- | The type of Elastic Graphics accelerator.
+awsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails_type :: Lens.Lens' AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails_type = Lens.lens (\AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails' {type'} -> type') (\s@AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails' {} a -> s {type' = a} :: AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails'
+            Prelude.<$> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails' {..} =
+      _salt `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails' {..} =
+      Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Type" Data..=) Prelude.<$> type']
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details for an Amazon Elastic Inference accelerator.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails' smart constructor.
+data AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails = AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails'
+  { -- | The number of Elastic Inference accelerators to attach to the instance.
+    count :: Prelude.Maybe Prelude.Int,
+    -- | The type of Elastic Inference accelerator.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'count', 'awsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails_count' - The number of Elastic Inference accelerators to attach to the instance.
+--
+-- 'type'', 'awsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails_type' - The type of Elastic Inference accelerator.
+newAwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails ::
+  AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails
+newAwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails =
+  AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails'
+    { count =
+        Prelude.Nothing,
+      type' =
+        Prelude.Nothing
+    }
+
+-- | The number of Elastic Inference accelerators to attach to the instance.
+awsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails_count :: Lens.Lens' AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails_count = Lens.lens (\AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails' {count} -> count) (\s@AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails' {} a -> s {count = a} :: AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails)
+
+-- | The type of Elastic Inference accelerator.
+awsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails_type :: Lens.Lens' AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails_type = Lens.lens (\AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails' {type'} -> type') (\s@AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails' {} a -> s {type' = a} :: AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails'
+            Prelude.<$> (x Data..:? "Count")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` count
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails' {..} =
+      Prelude.rnf count `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Count" Data..=) Prelude.<$> count,
+              ("Type" Data..=) Prelude.<$> type'
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataEnclaveOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataEnclaveOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataEnclaveOptionsDetails.hs
@@ -0,0 +1,99 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataEnclaveOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataEnclaveOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Indicates whether the instance is enabled for Amazon Web Services Nitro
+-- Enclaves.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataEnclaveOptionsDetails' smart constructor.
+data AwsEc2LaunchTemplateDataEnclaveOptionsDetails = AwsEc2LaunchTemplateDataEnclaveOptionsDetails'
+  { -- | If this parameter is set to @true@, the instance is enabled for Amazon
+    -- Web Services Nitro Enclaves.
+    enabled :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataEnclaveOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enabled', 'awsEc2LaunchTemplateDataEnclaveOptionsDetails_enabled' - If this parameter is set to @true@, the instance is enabled for Amazon
+-- Web Services Nitro Enclaves.
+newAwsEc2LaunchTemplateDataEnclaveOptionsDetails ::
+  AwsEc2LaunchTemplateDataEnclaveOptionsDetails
+newAwsEc2LaunchTemplateDataEnclaveOptionsDetails =
+  AwsEc2LaunchTemplateDataEnclaveOptionsDetails'
+    { enabled =
+        Prelude.Nothing
+    }
+
+-- | If this parameter is set to @true@, the instance is enabled for Amazon
+-- Web Services Nitro Enclaves.
+awsEc2LaunchTemplateDataEnclaveOptionsDetails_enabled :: Lens.Lens' AwsEc2LaunchTemplateDataEnclaveOptionsDetails (Prelude.Maybe Prelude.Bool)
+awsEc2LaunchTemplateDataEnclaveOptionsDetails_enabled = Lens.lens (\AwsEc2LaunchTemplateDataEnclaveOptionsDetails' {enabled} -> enabled) (\s@AwsEc2LaunchTemplateDataEnclaveOptionsDetails' {} a -> s {enabled = a} :: AwsEc2LaunchTemplateDataEnclaveOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataEnclaveOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataEnclaveOptionsDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataEnclaveOptionsDetails'
+            Prelude.<$> (x Data..:? "Enabled")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataEnclaveOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataEnclaveOptionsDetails' {..} =
+      _salt `Prelude.hashWithSalt` enabled
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataEnclaveOptionsDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataEnclaveOptionsDetails' {..} =
+      Prelude.rnf enabled
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataEnclaveOptionsDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataEnclaveOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Enabled" Data..=) Prelude.<$> enabled]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataHibernationOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataHibernationOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataHibernationOptionsDetails.hs
@@ -0,0 +1,99 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataHibernationOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataHibernationOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies whether your Amazon EC2 instance is configured for
+-- hibernation.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataHibernationOptionsDetails' smart constructor.
+data AwsEc2LaunchTemplateDataHibernationOptionsDetails = AwsEc2LaunchTemplateDataHibernationOptionsDetails'
+  { -- | If you set this parameter to @true@, the instance is enabled for
+    -- hibernation.
+    configured :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataHibernationOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'configured', 'awsEc2LaunchTemplateDataHibernationOptionsDetails_configured' - If you set this parameter to @true@, the instance is enabled for
+-- hibernation.
+newAwsEc2LaunchTemplateDataHibernationOptionsDetails ::
+  AwsEc2LaunchTemplateDataHibernationOptionsDetails
+newAwsEc2LaunchTemplateDataHibernationOptionsDetails =
+  AwsEc2LaunchTemplateDataHibernationOptionsDetails'
+    { configured =
+        Prelude.Nothing
+    }
+
+-- | If you set this parameter to @true@, the instance is enabled for
+-- hibernation.
+awsEc2LaunchTemplateDataHibernationOptionsDetails_configured :: Lens.Lens' AwsEc2LaunchTemplateDataHibernationOptionsDetails (Prelude.Maybe Prelude.Bool)
+awsEc2LaunchTemplateDataHibernationOptionsDetails_configured = Lens.lens (\AwsEc2LaunchTemplateDataHibernationOptionsDetails' {configured} -> configured) (\s@AwsEc2LaunchTemplateDataHibernationOptionsDetails' {} a -> s {configured = a} :: AwsEc2LaunchTemplateDataHibernationOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataHibernationOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataHibernationOptionsDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataHibernationOptionsDetails'
+            Prelude.<$> (x Data..:? "Configured")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataHibernationOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataHibernationOptionsDetails' {..} =
+      _salt `Prelude.hashWithSalt` configured
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataHibernationOptionsDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataHibernationOptionsDetails' {..} =
+      Prelude.rnf configured
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataHibernationOptionsDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataHibernationOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Configured" Data..=) Prelude.<$> configured]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataIamInstanceProfileDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataIamInstanceProfileDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataIamInstanceProfileDetails.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataIamInstanceProfileDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataIamInstanceProfileDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details for an Identity and Access Management (IAM) instance
+-- profile, which is a container for an IAM role for your instance.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataIamInstanceProfileDetails' smart constructor.
+data AwsEc2LaunchTemplateDataIamInstanceProfileDetails = AwsEc2LaunchTemplateDataIamInstanceProfileDetails'
+  { -- | The Amazon Resource Name (ARN) of the instance profile.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The name of the instance profile.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataIamInstanceProfileDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'awsEc2LaunchTemplateDataIamInstanceProfileDetails_arn' - The Amazon Resource Name (ARN) of the instance profile.
+--
+-- 'name', 'awsEc2LaunchTemplateDataIamInstanceProfileDetails_name' - The name of the instance profile.
+newAwsEc2LaunchTemplateDataIamInstanceProfileDetails ::
+  AwsEc2LaunchTemplateDataIamInstanceProfileDetails
+newAwsEc2LaunchTemplateDataIamInstanceProfileDetails =
+  AwsEc2LaunchTemplateDataIamInstanceProfileDetails'
+    { arn =
+        Prelude.Nothing,
+      name = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the instance profile.
+awsEc2LaunchTemplateDataIamInstanceProfileDetails_arn :: Lens.Lens' AwsEc2LaunchTemplateDataIamInstanceProfileDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataIamInstanceProfileDetails_arn = Lens.lens (\AwsEc2LaunchTemplateDataIamInstanceProfileDetails' {arn} -> arn) (\s@AwsEc2LaunchTemplateDataIamInstanceProfileDetails' {} a -> s {arn = a} :: AwsEc2LaunchTemplateDataIamInstanceProfileDetails)
+
+-- | The name of the instance profile.
+awsEc2LaunchTemplateDataIamInstanceProfileDetails_name :: Lens.Lens' AwsEc2LaunchTemplateDataIamInstanceProfileDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataIamInstanceProfileDetails_name = Lens.lens (\AwsEc2LaunchTemplateDataIamInstanceProfileDetails' {name} -> name) (\s@AwsEc2LaunchTemplateDataIamInstanceProfileDetails' {} a -> s {name = a} :: AwsEc2LaunchTemplateDataIamInstanceProfileDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataIamInstanceProfileDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataIamInstanceProfileDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataIamInstanceProfileDetails'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "Name")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataIamInstanceProfileDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataIamInstanceProfileDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` arn
+        `Prelude.hashWithSalt` name
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataIamInstanceProfileDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataIamInstanceProfileDetails' {..} =
+      Prelude.rnf arn `Prelude.seq` Prelude.rnf name
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataIamInstanceProfileDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataIamInstanceProfileDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Arn" Data..=) Prelude.<$> arn,
+              ("Name" Data..=) Prelude.<$> name
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails.hs
@@ -0,0 +1,113 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails
+
+-- | Provides details about the market (purchasing) option for an Amazon EC2
+-- instance.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataInstanceMarketOptionsDetails' smart constructor.
+data AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails = AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails'
+  { -- | The market type.
+    marketType :: Prelude.Maybe Prelude.Text,
+    -- | The options for Spot Instances.
+    spotOptions :: Prelude.Maybe AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'marketType', 'awsEc2LaunchTemplateDataInstanceMarketOptionsDetails_marketType' - The market type.
+--
+-- 'spotOptions', 'awsEc2LaunchTemplateDataInstanceMarketOptionsDetails_spotOptions' - The options for Spot Instances.
+newAwsEc2LaunchTemplateDataInstanceMarketOptionsDetails ::
+  AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails
+newAwsEc2LaunchTemplateDataInstanceMarketOptionsDetails =
+  AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails'
+    { marketType =
+        Prelude.Nothing,
+      spotOptions =
+        Prelude.Nothing
+    }
+
+-- | The market type.
+awsEc2LaunchTemplateDataInstanceMarketOptionsDetails_marketType :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataInstanceMarketOptionsDetails_marketType = Lens.lens (\AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails' {marketType} -> marketType) (\s@AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails' {} a -> s {marketType = a} :: AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails)
+
+-- | The options for Spot Instances.
+awsEc2LaunchTemplateDataInstanceMarketOptionsDetails_spotOptions :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails (Prelude.Maybe AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails)
+awsEc2LaunchTemplateDataInstanceMarketOptionsDetails_spotOptions = Lens.lens (\AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails' {spotOptions} -> spotOptions) (\s@AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails' {} a -> s {spotOptions = a} :: AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails'
+            Prelude.<$> (x Data..:? "MarketType")
+            Prelude.<*> (x Data..:? "SpotOptions")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` marketType
+        `Prelude.hashWithSalt` spotOptions
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails' {..} =
+      Prelude.rnf marketType
+        `Prelude.seq` Prelude.rnf spotOptions
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("MarketType" Data..=) Prelude.<$> marketType,
+              ("SpotOptions" Data..=) Prelude.<$> spotOptions
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails.hs
@@ -0,0 +1,160 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about the market (purchasing) options for Spot
+-- Instances.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails' smart constructor.
+data AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails = AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails'
+  { -- | Deprecated.
+    blockDurationMinutes :: Prelude.Maybe Prelude.Int,
+    -- | The behavior when a Spot Instance is interrupted.
+    instanceInterruptionBehavior :: Prelude.Maybe Prelude.Text,
+    -- | The maximum hourly price you\'re willing to pay for the Spot Instances.
+    maxPrice :: Prelude.Maybe Prelude.Text,
+    -- | The Spot Instance request type.
+    spotInstanceType :: Prelude.Maybe Prelude.Text,
+    -- | The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ), for
+    -- persistent requests.
+    validUntil :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'blockDurationMinutes', 'awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_blockDurationMinutes' - Deprecated.
+--
+-- 'instanceInterruptionBehavior', 'awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_instanceInterruptionBehavior' - The behavior when a Spot Instance is interrupted.
+--
+-- 'maxPrice', 'awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_maxPrice' - The maximum hourly price you\'re willing to pay for the Spot Instances.
+--
+-- 'spotInstanceType', 'awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_spotInstanceType' - The Spot Instance request type.
+--
+-- 'validUntil', 'awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_validUntil' - The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ), for
+-- persistent requests.
+newAwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails ::
+  AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails
+newAwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails =
+  AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails'
+    { blockDurationMinutes =
+        Prelude.Nothing,
+      instanceInterruptionBehavior =
+        Prelude.Nothing,
+      maxPrice =
+        Prelude.Nothing,
+      spotInstanceType =
+        Prelude.Nothing,
+      validUntil =
+        Prelude.Nothing
+    }
+
+-- | Deprecated.
+awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_blockDurationMinutes :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_blockDurationMinutes = Lens.lens (\AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails' {blockDurationMinutes} -> blockDurationMinutes) (\s@AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails' {} a -> s {blockDurationMinutes = a} :: AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails)
+
+-- | The behavior when a Spot Instance is interrupted.
+awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_instanceInterruptionBehavior :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_instanceInterruptionBehavior = Lens.lens (\AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails' {instanceInterruptionBehavior} -> instanceInterruptionBehavior) (\s@AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails' {} a -> s {instanceInterruptionBehavior = a} :: AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails)
+
+-- | The maximum hourly price you\'re willing to pay for the Spot Instances.
+awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_maxPrice :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_maxPrice = Lens.lens (\AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails' {maxPrice} -> maxPrice) (\s@AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails' {} a -> s {maxPrice = a} :: AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails)
+
+-- | The Spot Instance request type.
+awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_spotInstanceType :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_spotInstanceType = Lens.lens (\AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails' {spotInstanceType} -> spotInstanceType) (\s@AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails' {} a -> s {spotInstanceType = a} :: AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails)
+
+-- | The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ), for
+-- persistent requests.
+awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_validUntil :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails_validUntil = Lens.lens (\AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails' {validUntil} -> validUntil) (\s@AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails' {} a -> s {validUntil = a} :: AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails'
+            Prelude.<$> (x Data..:? "BlockDurationMinutes")
+            Prelude.<*> (x Data..:? "InstanceInterruptionBehavior")
+            Prelude.<*> (x Data..:? "MaxPrice")
+            Prelude.<*> (x Data..:? "SpotInstanceType")
+            Prelude.<*> (x Data..:? "ValidUntil")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` blockDurationMinutes
+        `Prelude.hashWithSalt` instanceInterruptionBehavior
+        `Prelude.hashWithSalt` maxPrice
+        `Prelude.hashWithSalt` spotInstanceType
+        `Prelude.hashWithSalt` validUntil
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails' {..} =
+      Prelude.rnf blockDurationMinutes
+        `Prelude.seq` Prelude.rnf instanceInterruptionBehavior
+        `Prelude.seq` Prelude.rnf maxPrice
+        `Prelude.seq` Prelude.rnf spotInstanceType
+        `Prelude.seq` Prelude.rnf validUntil
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("BlockDurationMinutes" Data..=)
+                Prelude.<$> blockDurationMinutes,
+              ("InstanceInterruptionBehavior" Data..=)
+                Prelude.<$> instanceInterruptionBehavior,
+              ("MaxPrice" Data..=) Prelude.<$> maxPrice,
+              ("SpotInstanceType" Data..=)
+                Prelude.<$> spotInstanceType,
+              ("ValidUntil" Data..=) Prelude.<$> validUntil
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails.hs
@@ -0,0 +1,120 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon
+-- Web Services Inferentia chips) on an Amazon EC2 instance.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails' smart constructor.
+data AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails = AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails'
+  { -- | The maximum number of accelerators. If this parameter isn\'t specified,
+    -- there\'s no maximum limit. To exclude accelerator-enabled instance
+    -- types, set @Max@ to @0@.
+    max :: Prelude.Maybe Prelude.Int,
+    -- | The minimum number of accelerators. If this parameter isn\'t specified,
+    -- there\'s no minimum limit.
+    min :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'max', 'awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails_max' - The maximum number of accelerators. If this parameter isn\'t specified,
+-- there\'s no maximum limit. To exclude accelerator-enabled instance
+-- types, set @Max@ to @0@.
+--
+-- 'min', 'awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails_min' - The minimum number of accelerators. If this parameter isn\'t specified,
+-- there\'s no minimum limit.
+newAwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails ::
+  AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails
+newAwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails =
+  AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails'
+    { max =
+        Prelude.Nothing,
+      min =
+        Prelude.Nothing
+    }
+
+-- | The maximum number of accelerators. If this parameter isn\'t specified,
+-- there\'s no maximum limit. To exclude accelerator-enabled instance
+-- types, set @Max@ to @0@.
+awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails_max :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails_max = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails' {max} -> max) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails' {} a -> s {max = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails)
+
+-- | The minimum number of accelerators. If this parameter isn\'t specified,
+-- there\'s no minimum limit.
+awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails_min :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails_min = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails' {min} -> min) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails' {} a -> s {min = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails'
+            Prelude.<$> (x Data..:? "Max")
+            Prelude.<*> (x Data..:? "Min")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` max
+        `Prelude.hashWithSalt` min
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails' {..} =
+      Prelude.rnf max `Prelude.seq` Prelude.rnf min
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Max" Data..=) Prelude.<$> max,
+              ("Min" Data..=) Prelude.<$> min
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails.hs
@@ -0,0 +1,117 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The minimum and maximum amount of memory, in MiB, for the accelerators
+-- on an Amazon EC2 instance.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails' smart constructor.
+data AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails = AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails'
+  { -- | The maximum amount of memory, in MiB. If this parameter isn\'t
+    -- specified, there\'s no maximum limit.
+    max :: Prelude.Maybe Prelude.Int,
+    -- | The minimum amount of memory, in MiB. If @0@ is specified, there\'s no
+    -- maximum limit.
+    min :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'max', 'awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails_max' - The maximum amount of memory, in MiB. If this parameter isn\'t
+-- specified, there\'s no maximum limit.
+--
+-- 'min', 'awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails_min' - The minimum amount of memory, in MiB. If @0@ is specified, there\'s no
+-- maximum limit.
+newAwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails ::
+  AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails
+newAwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails =
+  AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails'
+    { max =
+        Prelude.Nothing,
+      min =
+        Prelude.Nothing
+    }
+
+-- | The maximum amount of memory, in MiB. If this parameter isn\'t
+-- specified, there\'s no maximum limit.
+awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails_max :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails_max = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails' {max} -> max) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails' {} a -> s {max = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails)
+
+-- | The minimum amount of memory, in MiB. If @0@ is specified, there\'s no
+-- maximum limit.
+awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails_min :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails_min = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails' {min} -> min) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails' {} a -> s {min = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails'
+            Prelude.<$> (x Data..:? "Max")
+            Prelude.<*> (x Data..:? "Min")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` max
+        `Prelude.hashWithSalt` min
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails' {..} =
+      Prelude.rnf max `Prelude.seq` Prelude.rnf min
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Max" Data..=) Prelude.<$> max,
+              ("Min" Data..=) Prelude.<$> min
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails.hs
@@ -0,0 +1,119 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The minimum and maximum baseline bandwidth to Amazon Elastic Block Store
+-- (Amazon EBS), in Mbps. For more information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html Amazon EBS–optimized instances>
+-- in the /Amazon EC2 User Guide/.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails' smart constructor.
+data AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails = AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails'
+  { -- | The maximum baseline bandwidth, in Mbps. If this parameter is omitted,
+    -- there\'s no maximum limit.
+    max :: Prelude.Maybe Prelude.Int,
+    -- | The minimum baseline bandwidth, in Mbps. If this parameter is omitted,
+    -- there\'s no minimum limit.
+    min :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'max', 'awsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails_max' - The maximum baseline bandwidth, in Mbps. If this parameter is omitted,
+-- there\'s no maximum limit.
+--
+-- 'min', 'awsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails_min' - The minimum baseline bandwidth, in Mbps. If this parameter is omitted,
+-- there\'s no minimum limit.
+newAwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails ::
+  AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails
+newAwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails =
+  AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails'
+    { max =
+        Prelude.Nothing,
+      min =
+        Prelude.Nothing
+    }
+
+-- | The maximum baseline bandwidth, in Mbps. If this parameter is omitted,
+-- there\'s no maximum limit.
+awsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails_max :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails_max = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails' {max} -> max) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails' {} a -> s {max = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails)
+
+-- | The minimum baseline bandwidth, in Mbps. If this parameter is omitted,
+-- there\'s no minimum limit.
+awsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails_min :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails_min = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails' {min} -> min) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails' {} a -> s {min = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails'
+            Prelude.<$> (x Data..:? "Max")
+            Prelude.<*> (x Data..:? "Min")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` max
+        `Prelude.hashWithSalt` min
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails' {..} =
+      Prelude.rnf max `Prelude.seq` Prelude.rnf min
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Max" Data..=) Prelude.<$> max,
+              ("Min" Data..=) Prelude.<$> min
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsDetails.hs
@@ -0,0 +1,528 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails
+
+-- | The attributes for the Amazon EC2 instance types.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataInstanceRequirementsDetails' smart constructor.
+data AwsEc2LaunchTemplateDataInstanceRequirementsDetails = AwsEc2LaunchTemplateDataInstanceRequirementsDetails'
+  { -- | The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon
+    -- Web Services Inferentia chips) on an instance.
+    acceleratorCount :: Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails,
+    -- | Indicates whether instance types must have accelerators by specific
+    -- manufacturers.
+    acceleratorManufacturers :: Prelude.Maybe [Prelude.Text],
+    -- | The accelerators that must be on the instance type.
+    acceleratorNames :: Prelude.Maybe [Prelude.Text],
+    -- | The minimum and maximum amount of total accelerator memory, in MiB.
+    acceleratorTotalMemoryMiB :: Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails,
+    -- | The accelerator types that must be on the instance type.
+    acceleratorTypes :: Prelude.Maybe [Prelude.Text],
+    -- | Indicates whether bare metal instance types must be included, excluded,
+    -- or required.
+    bareMetal :: Prelude.Maybe Prelude.Text,
+    -- | The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For
+    -- more information, see
+    -- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html Amazon EBS optimized instances>
+    -- in the /Amazon EC2 User Guide/.
+    baselineEbsBandwidthMbps :: Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails,
+    -- | Indicates whether burstable performance T instance types are included,
+    -- excluded, or required. For more information,
+    -- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html Burstable performance instances>
+    -- in the /Amazon EC2 User Guide/.
+    burstablePerformance :: Prelude.Maybe Prelude.Text,
+    -- | The CPU manufacturers to include.
+    cpuManufacturers :: Prelude.Maybe [Prelude.Text],
+    -- | The instance types to exclude.
+    excludedInstanceTypes :: Prelude.Maybe [Prelude.Text],
+    -- | Indicates whether current or previous generation instance types are
+    -- included.
+    instanceGenerations :: Prelude.Maybe [Prelude.Text],
+    -- | Indicates whether instance types with instance store volumes are
+    -- included, excluded, or required. For more information, see
+    -- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html Amazon EC2 instance store>
+    -- in the /Amazon EC2 User Guide/.
+    localStorage :: Prelude.Maybe Prelude.Text,
+    -- | The type of local storage that is required.
+    localStorageTypes :: Prelude.Maybe [Prelude.Text],
+    -- | The minimum and maximum amount of memory per vCPU, in GiB.
+    memoryGiBPerVCpu :: Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails,
+    -- | The minimum and maximum amount of memory, in MiB.
+    memoryMiB :: Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails,
+    -- | The minimum and maximum number of network interfaces.
+    networkInterfaceCount :: Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails,
+    -- | The price protection threshold for On-Demand Instances. This is the
+    -- maximum you’ll pay for an On-Demand Instance, expressed as a percentage
+    -- above the least expensive current generation M, C, or R instance type
+    -- with your specified attributes. When Amazon EC2 selects instance types
+    -- with your attributes, it excludes instance types priced above your
+    -- threshold.
+    --
+    -- The parameter accepts an integer, which Amazon EC2 interprets as a
+    -- percentage.
+    --
+    -- A high value, such as @999999@, turns off price protection.
+    onDemandMaxPricePercentageOverLowestPrice :: Prelude.Maybe Prelude.Int,
+    -- | Indicates whether instance types must support hibernation for On-Demand
+    -- Instances.
+    requireHibernateSupport :: Prelude.Maybe Prelude.Bool,
+    -- | The price protection threshold for Spot Instances. This is the maximum
+    -- you’ll pay for a Spot Instance, expressed as a percentage above the
+    -- least expensive current generation M, C, or R instance type with your
+    -- specified attributes. When Amazon EC2 selects instance types with your
+    -- attributes, it excludes instance types priced above your threshold.
+    --
+    -- The parameter accepts an integer, which Amazon EC2 interprets as a
+    -- percentage.
+    --
+    -- A high value, such as @999999@, turns off price protection.
+    spotMaxPricePercentageOverLowestPrice :: Prelude.Maybe Prelude.Int,
+    -- | The minimum and maximum amount of total local storage, in GB.
+    totalLocalStorageGB :: Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails,
+    -- | The minimum and maximum number of vCPUs.
+    vCpuCount :: Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataInstanceRequirementsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'acceleratorCount', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorCount' - The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon
+-- Web Services Inferentia chips) on an instance.
+--
+-- 'acceleratorManufacturers', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorManufacturers' - Indicates whether instance types must have accelerators by specific
+-- manufacturers.
+--
+-- 'acceleratorNames', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorNames' - The accelerators that must be on the instance type.
+--
+-- 'acceleratorTotalMemoryMiB', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorTotalMemoryMiB' - The minimum and maximum amount of total accelerator memory, in MiB.
+--
+-- 'acceleratorTypes', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorTypes' - The accelerator types that must be on the instance type.
+--
+-- 'bareMetal', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_bareMetal' - Indicates whether bare metal instance types must be included, excluded,
+-- or required.
+--
+-- 'baselineEbsBandwidthMbps', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_baselineEbsBandwidthMbps' - The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For
+-- more information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html Amazon EBS optimized instances>
+-- in the /Amazon EC2 User Guide/.
+--
+-- 'burstablePerformance', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_burstablePerformance' - Indicates whether burstable performance T instance types are included,
+-- excluded, or required. For more information,
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html Burstable performance instances>
+-- in the /Amazon EC2 User Guide/.
+--
+-- 'cpuManufacturers', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_cpuManufacturers' - The CPU manufacturers to include.
+--
+-- 'excludedInstanceTypes', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_excludedInstanceTypes' - The instance types to exclude.
+--
+-- 'instanceGenerations', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_instanceGenerations' - Indicates whether current or previous generation instance types are
+-- included.
+--
+-- 'localStorage', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_localStorage' - Indicates whether instance types with instance store volumes are
+-- included, excluded, or required. For more information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html Amazon EC2 instance store>
+-- in the /Amazon EC2 User Guide/.
+--
+-- 'localStorageTypes', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_localStorageTypes' - The type of local storage that is required.
+--
+-- 'memoryGiBPerVCpu', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_memoryGiBPerVCpu' - The minimum and maximum amount of memory per vCPU, in GiB.
+--
+-- 'memoryMiB', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_memoryMiB' - The minimum and maximum amount of memory, in MiB.
+--
+-- 'networkInterfaceCount', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_networkInterfaceCount' - The minimum and maximum number of network interfaces.
+--
+-- 'onDemandMaxPricePercentageOverLowestPrice', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_onDemandMaxPricePercentageOverLowestPrice' - The price protection threshold for On-Demand Instances. This is the
+-- maximum you’ll pay for an On-Demand Instance, expressed as a percentage
+-- above the least expensive current generation M, C, or R instance type
+-- with your specified attributes. When Amazon EC2 selects instance types
+-- with your attributes, it excludes instance types priced above your
+-- threshold.
+--
+-- The parameter accepts an integer, which Amazon EC2 interprets as a
+-- percentage.
+--
+-- A high value, such as @999999@, turns off price protection.
+--
+-- 'requireHibernateSupport', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_requireHibernateSupport' - Indicates whether instance types must support hibernation for On-Demand
+-- Instances.
+--
+-- 'spotMaxPricePercentageOverLowestPrice', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_spotMaxPricePercentageOverLowestPrice' - The price protection threshold for Spot Instances. This is the maximum
+-- you’ll pay for a Spot Instance, expressed as a percentage above the
+-- least expensive current generation M, C, or R instance type with your
+-- specified attributes. When Amazon EC2 selects instance types with your
+-- attributes, it excludes instance types priced above your threshold.
+--
+-- The parameter accepts an integer, which Amazon EC2 interprets as a
+-- percentage.
+--
+-- A high value, such as @999999@, turns off price protection.
+--
+-- 'totalLocalStorageGB', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_totalLocalStorageGB' - The minimum and maximum amount of total local storage, in GB.
+--
+-- 'vCpuCount', 'awsEc2LaunchTemplateDataInstanceRequirementsDetails_vCpuCount' - The minimum and maximum number of vCPUs.
+newAwsEc2LaunchTemplateDataInstanceRequirementsDetails ::
+  AwsEc2LaunchTemplateDataInstanceRequirementsDetails
+newAwsEc2LaunchTemplateDataInstanceRequirementsDetails =
+  AwsEc2LaunchTemplateDataInstanceRequirementsDetails'
+    { acceleratorCount =
+        Prelude.Nothing,
+      acceleratorManufacturers =
+        Prelude.Nothing,
+      acceleratorNames =
+        Prelude.Nothing,
+      acceleratorTotalMemoryMiB =
+        Prelude.Nothing,
+      acceleratorTypes =
+        Prelude.Nothing,
+      bareMetal =
+        Prelude.Nothing,
+      baselineEbsBandwidthMbps =
+        Prelude.Nothing,
+      burstablePerformance =
+        Prelude.Nothing,
+      cpuManufacturers =
+        Prelude.Nothing,
+      excludedInstanceTypes =
+        Prelude.Nothing,
+      instanceGenerations =
+        Prelude.Nothing,
+      localStorage =
+        Prelude.Nothing,
+      localStorageTypes =
+        Prelude.Nothing,
+      memoryGiBPerVCpu =
+        Prelude.Nothing,
+      memoryMiB =
+        Prelude.Nothing,
+      networkInterfaceCount =
+        Prelude.Nothing,
+      onDemandMaxPricePercentageOverLowestPrice =
+        Prelude.Nothing,
+      requireHibernateSupport =
+        Prelude.Nothing,
+      spotMaxPricePercentageOverLowestPrice =
+        Prelude.Nothing,
+      totalLocalStorageGB =
+        Prelude.Nothing,
+      vCpuCount =
+        Prelude.Nothing
+    }
+
+-- | The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon
+-- Web Services Inferentia chips) on an instance.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorCount :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails)
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorCount = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {acceleratorCount} -> acceleratorCount) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {acceleratorCount = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails)
+
+-- | Indicates whether instance types must have accelerators by specific
+-- manufacturers.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorManufacturers :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe [Prelude.Text])
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorManufacturers = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {acceleratorManufacturers} -> acceleratorManufacturers) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {acceleratorManufacturers = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The accelerators that must be on the instance type.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorNames :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe [Prelude.Text])
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorNames = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {acceleratorNames} -> acceleratorNames) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {acceleratorNames = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The minimum and maximum amount of total accelerator memory, in MiB.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorTotalMemoryMiB :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails)
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorTotalMemoryMiB = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {acceleratorTotalMemoryMiB} -> acceleratorTotalMemoryMiB) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {acceleratorTotalMemoryMiB = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails)
+
+-- | The accelerator types that must be on the instance type.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorTypes :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe [Prelude.Text])
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_acceleratorTypes = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {acceleratorTypes} -> acceleratorTypes) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {acceleratorTypes = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates whether bare metal instance types must be included, excluded,
+-- or required.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_bareMetal :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_bareMetal = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {bareMetal} -> bareMetal) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {bareMetal = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails)
+
+-- | The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For
+-- more information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html Amazon EBS optimized instances>
+-- in the /Amazon EC2 User Guide/.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_baselineEbsBandwidthMbps :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails)
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_baselineEbsBandwidthMbps = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {baselineEbsBandwidthMbps} -> baselineEbsBandwidthMbps) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {baselineEbsBandwidthMbps = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails)
+
+-- | Indicates whether burstable performance T instance types are included,
+-- excluded, or required. For more information,
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances.html Burstable performance instances>
+-- in the /Amazon EC2 User Guide/.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_burstablePerformance :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_burstablePerformance = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {burstablePerformance} -> burstablePerformance) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {burstablePerformance = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails)
+
+-- | The CPU manufacturers to include.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_cpuManufacturers :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe [Prelude.Text])
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_cpuManufacturers = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {cpuManufacturers} -> cpuManufacturers) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {cpuManufacturers = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The instance types to exclude.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_excludedInstanceTypes :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe [Prelude.Text])
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_excludedInstanceTypes = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {excludedInstanceTypes} -> excludedInstanceTypes) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {excludedInstanceTypes = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates whether current or previous generation instance types are
+-- included.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_instanceGenerations :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe [Prelude.Text])
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_instanceGenerations = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {instanceGenerations} -> instanceGenerations) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {instanceGenerations = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates whether instance types with instance store volumes are
+-- included, excluded, or required. For more information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html Amazon EC2 instance store>
+-- in the /Amazon EC2 User Guide/.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_localStorage :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_localStorage = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {localStorage} -> localStorage) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {localStorage = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails)
+
+-- | The type of local storage that is required.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_localStorageTypes :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe [Prelude.Text])
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_localStorageTypes = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {localStorageTypes} -> localStorageTypes) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {localStorageTypes = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The minimum and maximum amount of memory per vCPU, in GiB.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_memoryGiBPerVCpu :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails)
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_memoryGiBPerVCpu = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {memoryGiBPerVCpu} -> memoryGiBPerVCpu) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {memoryGiBPerVCpu = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails)
+
+-- | The minimum and maximum amount of memory, in MiB.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_memoryMiB :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails)
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_memoryMiB = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {memoryMiB} -> memoryMiB) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {memoryMiB = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails)
+
+-- | The minimum and maximum number of network interfaces.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_networkInterfaceCount :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails)
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_networkInterfaceCount = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {networkInterfaceCount} -> networkInterfaceCount) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {networkInterfaceCount = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails)
+
+-- | The price protection threshold for On-Demand Instances. This is the
+-- maximum you’ll pay for an On-Demand Instance, expressed as a percentage
+-- above the least expensive current generation M, C, or R instance type
+-- with your specified attributes. When Amazon EC2 selects instance types
+-- with your attributes, it excludes instance types priced above your
+-- threshold.
+--
+-- The parameter accepts an integer, which Amazon EC2 interprets as a
+-- percentage.
+--
+-- A high value, such as @999999@, turns off price protection.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_onDemandMaxPricePercentageOverLowestPrice :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_onDemandMaxPricePercentageOverLowestPrice = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {onDemandMaxPricePercentageOverLowestPrice} -> onDemandMaxPricePercentageOverLowestPrice) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {onDemandMaxPricePercentageOverLowestPrice = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails)
+
+-- | Indicates whether instance types must support hibernation for On-Demand
+-- Instances.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_requireHibernateSupport :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe Prelude.Bool)
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_requireHibernateSupport = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {requireHibernateSupport} -> requireHibernateSupport) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {requireHibernateSupport = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails)
+
+-- | The price protection threshold for Spot Instances. This is the maximum
+-- you’ll pay for a Spot Instance, expressed as a percentage above the
+-- least expensive current generation M, C, or R instance type with your
+-- specified attributes. When Amazon EC2 selects instance types with your
+-- attributes, it excludes instance types priced above your threshold.
+--
+-- The parameter accepts an integer, which Amazon EC2 interprets as a
+-- percentage.
+--
+-- A high value, such as @999999@, turns off price protection.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_spotMaxPricePercentageOverLowestPrice :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_spotMaxPricePercentageOverLowestPrice = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {spotMaxPricePercentageOverLowestPrice} -> spotMaxPricePercentageOverLowestPrice) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {spotMaxPricePercentageOverLowestPrice = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails)
+
+-- | The minimum and maximum amount of total local storage, in GB.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_totalLocalStorageGB :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails)
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_totalLocalStorageGB = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {totalLocalStorageGB} -> totalLocalStorageGB) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {totalLocalStorageGB = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails)
+
+-- | The minimum and maximum number of vCPUs.
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_vCpuCount :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsDetails (Prelude.Maybe AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails)
+awsEc2LaunchTemplateDataInstanceRequirementsDetails_vCpuCount = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {vCpuCount} -> vCpuCount) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {} a -> s {vCpuCount = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataInstanceRequirementsDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataInstanceRequirementsDetails'
+            Prelude.<$> (x Data..:? "AcceleratorCount")
+            Prelude.<*> ( x
+                            Data..:? "AcceleratorManufacturers"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "AcceleratorNames"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "AcceleratorTotalMemoryMiB")
+            Prelude.<*> ( x
+                            Data..:? "AcceleratorTypes"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "BareMetal")
+            Prelude.<*> (x Data..:? "BaselineEbsBandwidthMbps")
+            Prelude.<*> (x Data..:? "BurstablePerformance")
+            Prelude.<*> ( x
+                            Data..:? "CpuManufacturers"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ExcludedInstanceTypes"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "InstanceGenerations"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "LocalStorage")
+            Prelude.<*> ( x
+                            Data..:? "LocalStorageTypes"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "MemoryGiBPerVCpu")
+            Prelude.<*> (x Data..:? "MemoryMiB")
+            Prelude.<*> (x Data..:? "NetworkInterfaceCount")
+            Prelude.<*> ( x
+                            Data..:? "OnDemandMaxPricePercentageOverLowestPrice"
+                        )
+            Prelude.<*> (x Data..:? "RequireHibernateSupport")
+            Prelude.<*> (x Data..:? "SpotMaxPricePercentageOverLowestPrice")
+            Prelude.<*> (x Data..:? "TotalLocalStorageGB")
+            Prelude.<*> (x Data..:? "VCpuCount")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataInstanceRequirementsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` acceleratorCount
+        `Prelude.hashWithSalt` acceleratorManufacturers
+        `Prelude.hashWithSalt` acceleratorNames
+        `Prelude.hashWithSalt` acceleratorTotalMemoryMiB
+        `Prelude.hashWithSalt` acceleratorTypes
+        `Prelude.hashWithSalt` bareMetal
+        `Prelude.hashWithSalt` baselineEbsBandwidthMbps
+        `Prelude.hashWithSalt` burstablePerformance
+        `Prelude.hashWithSalt` cpuManufacturers
+        `Prelude.hashWithSalt` excludedInstanceTypes
+        `Prelude.hashWithSalt` instanceGenerations
+        `Prelude.hashWithSalt` localStorage
+        `Prelude.hashWithSalt` localStorageTypes
+        `Prelude.hashWithSalt` memoryGiBPerVCpu
+        `Prelude.hashWithSalt` memoryMiB
+        `Prelude.hashWithSalt` networkInterfaceCount
+        `Prelude.hashWithSalt` onDemandMaxPricePercentageOverLowestPrice
+        `Prelude.hashWithSalt` requireHibernateSupport
+        `Prelude.hashWithSalt` spotMaxPricePercentageOverLowestPrice
+        `Prelude.hashWithSalt` totalLocalStorageGB
+        `Prelude.hashWithSalt` vCpuCount
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataInstanceRequirementsDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {..} =
+      Prelude.rnf acceleratorCount
+        `Prelude.seq` Prelude.rnf acceleratorManufacturers
+        `Prelude.seq` Prelude.rnf acceleratorNames
+        `Prelude.seq` Prelude.rnf acceleratorTotalMemoryMiB
+        `Prelude.seq` Prelude.rnf acceleratorTypes
+        `Prelude.seq` Prelude.rnf bareMetal
+        `Prelude.seq` Prelude.rnf baselineEbsBandwidthMbps
+        `Prelude.seq` Prelude.rnf burstablePerformance
+        `Prelude.seq` Prelude.rnf cpuManufacturers
+        `Prelude.seq` Prelude.rnf excludedInstanceTypes
+        `Prelude.seq` Prelude.rnf instanceGenerations
+        `Prelude.seq` Prelude.rnf localStorage
+        `Prelude.seq` Prelude.rnf localStorageTypes
+        `Prelude.seq` Prelude.rnf memoryGiBPerVCpu
+        `Prelude.seq` Prelude.rnf memoryMiB
+        `Prelude.seq` Prelude.rnf networkInterfaceCount
+        `Prelude.seq` Prelude.rnf
+          onDemandMaxPricePercentageOverLowestPrice
+        `Prelude.seq` Prelude.rnf
+          requireHibernateSupport
+        `Prelude.seq` Prelude.rnf
+          spotMaxPricePercentageOverLowestPrice
+        `Prelude.seq` Prelude.rnf
+          totalLocalStorageGB
+        `Prelude.seq` Prelude.rnf vCpuCount
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AcceleratorCount" Data..=)
+                Prelude.<$> acceleratorCount,
+              ("AcceleratorManufacturers" Data..=)
+                Prelude.<$> acceleratorManufacturers,
+              ("AcceleratorNames" Data..=)
+                Prelude.<$> acceleratorNames,
+              ("AcceleratorTotalMemoryMiB" Data..=)
+                Prelude.<$> acceleratorTotalMemoryMiB,
+              ("AcceleratorTypes" Data..=)
+                Prelude.<$> acceleratorTypes,
+              ("BareMetal" Data..=) Prelude.<$> bareMetal,
+              ("BaselineEbsBandwidthMbps" Data..=)
+                Prelude.<$> baselineEbsBandwidthMbps,
+              ("BurstablePerformance" Data..=)
+                Prelude.<$> burstablePerformance,
+              ("CpuManufacturers" Data..=)
+                Prelude.<$> cpuManufacturers,
+              ("ExcludedInstanceTypes" Data..=)
+                Prelude.<$> excludedInstanceTypes,
+              ("InstanceGenerations" Data..=)
+                Prelude.<$> instanceGenerations,
+              ("LocalStorage" Data..=) Prelude.<$> localStorage,
+              ("LocalStorageTypes" Data..=)
+                Prelude.<$> localStorageTypes,
+              ("MemoryGiBPerVCpu" Data..=)
+                Prelude.<$> memoryGiBPerVCpu,
+              ("MemoryMiB" Data..=) Prelude.<$> memoryMiB,
+              ("NetworkInterfaceCount" Data..=)
+                Prelude.<$> networkInterfaceCount,
+              ("OnDemandMaxPricePercentageOverLowestPrice" Data..=)
+                Prelude.<$> onDemandMaxPricePercentageOverLowestPrice,
+              ("RequireHibernateSupport" Data..=)
+                Prelude.<$> requireHibernateSupport,
+              ("SpotMaxPricePercentageOverLowestPrice" Data..=)
+                Prelude.<$> spotMaxPricePercentageOverLowestPrice,
+              ("TotalLocalStorageGB" Data..=)
+                Prelude.<$> totalLocalStorageGB,
+              ("VCpuCount" Data..=) Prelude.<$> vCpuCount
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails.hs
@@ -0,0 +1,116 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The minimum and maximum amount of memory per vCPU, in GiB.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails' smart constructor.
+data AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails = AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails'
+  { -- | The maximum amount of memory per vCPU, in GiB. If this parameter is
+    -- omitted, there\'s no maximum limit.
+    max :: Prelude.Maybe Prelude.Double,
+    -- | The minimum amount of memory per vCPU, in GiB. If this parameter is
+    -- omitted, there\'s no maximum limit.
+    min :: Prelude.Maybe Prelude.Double
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'max', 'awsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails_max' - The maximum amount of memory per vCPU, in GiB. If this parameter is
+-- omitted, there\'s no maximum limit.
+--
+-- 'min', 'awsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails_min' - The minimum amount of memory per vCPU, in GiB. If this parameter is
+-- omitted, there\'s no maximum limit.
+newAwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails ::
+  AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails
+newAwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails =
+  AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails'
+    { max =
+        Prelude.Nothing,
+      min =
+        Prelude.Nothing
+    }
+
+-- | The maximum amount of memory per vCPU, in GiB. If this parameter is
+-- omitted, there\'s no maximum limit.
+awsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails_max :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails (Prelude.Maybe Prelude.Double)
+awsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails_max = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails' {max} -> max) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails' {} a -> s {max = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails)
+
+-- | The minimum amount of memory per vCPU, in GiB. If this parameter is
+-- omitted, there\'s no maximum limit.
+awsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails_min :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails (Prelude.Maybe Prelude.Double)
+awsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails_min = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails' {min} -> min) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails' {} a -> s {min = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails'
+            Prelude.<$> (x Data..:? "Max")
+            Prelude.<*> (x Data..:? "Min")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` max
+        `Prelude.hashWithSalt` min
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails' {..} =
+      Prelude.rnf max `Prelude.seq` Prelude.rnf min
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Max" Data..=) Prelude.<$> max,
+              ("Min" Data..=) Prelude.<$> min
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The minimum and maximum amount of memory, in MiB, for an Amazon EC2
+-- instance.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails' smart constructor.
+data AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails = AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails'
+  { -- | The maximum amount of memory, in MiB.
+    max :: Prelude.Maybe Prelude.Int,
+    -- | The minimum amount of memory, in MiB.
+    min :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'max', 'awsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails_max' - The maximum amount of memory, in MiB.
+--
+-- 'min', 'awsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails_min' - The minimum amount of memory, in MiB.
+newAwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails ::
+  AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails
+newAwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails =
+  AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails'
+    { max =
+        Prelude.Nothing,
+      min =
+        Prelude.Nothing
+    }
+
+-- | The maximum amount of memory, in MiB.
+awsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails_max :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails_max = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails' {max} -> max) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails' {} a -> s {max = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails)
+
+-- | The minimum amount of memory, in MiB.
+awsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails_min :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails_min = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails' {min} -> min) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails' {} a -> s {min = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails'
+            Prelude.<$> (x Data..:? "Max")
+            Prelude.<*> (x Data..:? "Min")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` max
+        `Prelude.hashWithSalt` min
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails' {..} =
+      Prelude.rnf max `Prelude.seq` Prelude.rnf min
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Max" Data..=) Prelude.<$> max,
+              ("Min" Data..=) Prelude.<$> min
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The minimum and maximum number of network interfaces to be attached to
+-- an Amazon EC2 instance.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails' smart constructor.
+data AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails = AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails'
+  { -- | The maximum number of network interfaces.
+    max :: Prelude.Maybe Prelude.Int,
+    -- | The minimum number of network interfaces.
+    min :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'max', 'awsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails_max' - The maximum number of network interfaces.
+--
+-- 'min', 'awsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails_min' - The minimum number of network interfaces.
+newAwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails ::
+  AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails
+newAwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails =
+  AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails'
+    { max =
+        Prelude.Nothing,
+      min =
+        Prelude.Nothing
+    }
+
+-- | The maximum number of network interfaces.
+awsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails_max :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails_max = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails' {max} -> max) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails' {} a -> s {max = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails)
+
+-- | The minimum number of network interfaces.
+awsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails_min :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails_min = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails' {min} -> min) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails' {} a -> s {min = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails'
+            Prelude.<$> (x Data..:? "Max")
+            Prelude.<*> (x Data..:? "Min")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` max
+        `Prelude.hashWithSalt` min
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails' {..} =
+      Prelude.rnf max `Prelude.seq` Prelude.rnf min
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Max" Data..=) Prelude.<$> max,
+              ("Min" Data..=) Prelude.<$> min
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The minimum and maximum amount of total local storage, in GB, that an
+-- Amazon EC2 instance uses.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails' smart constructor.
+data AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails = AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails'
+  { -- | The maximum amount of total local storage, in GB.
+    max :: Prelude.Maybe Prelude.Double,
+    -- | The minimum amount of total local storage, in GB.
+    min :: Prelude.Maybe Prelude.Double
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'max', 'awsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails_max' - The maximum amount of total local storage, in GB.
+--
+-- 'min', 'awsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails_min' - The minimum amount of total local storage, in GB.
+newAwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails ::
+  AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails
+newAwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails =
+  AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails'
+    { max =
+        Prelude.Nothing,
+      min =
+        Prelude.Nothing
+    }
+
+-- | The maximum amount of total local storage, in GB.
+awsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails_max :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails (Prelude.Maybe Prelude.Double)
+awsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails_max = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails' {max} -> max) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails' {} a -> s {max = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails)
+
+-- | The minimum amount of total local storage, in GB.
+awsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails_min :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails (Prelude.Maybe Prelude.Double)
+awsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails_min = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails' {min} -> min) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails' {} a -> s {min = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails'
+            Prelude.<$> (x Data..:? "Max")
+            Prelude.<*> (x Data..:? "Min")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` max
+        `Prelude.hashWithSalt` min
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails' {..} =
+      Prelude.rnf max `Prelude.seq` Prelude.rnf min
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Max" Data..=) Prelude.<$> max,
+              ("Min" Data..=) Prelude.<$> min
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The minimum and maximum number of vCPUs for an Amazon EC2 instance.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails' smart constructor.
+data AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails = AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails'
+  { -- | The maximum number of vCPUs.
+    max :: Prelude.Maybe Prelude.Int,
+    -- | The minimum number of vCPUs.
+    min :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'max', 'awsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails_max' - The maximum number of vCPUs.
+--
+-- 'min', 'awsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails_min' - The minimum number of vCPUs.
+newAwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails ::
+  AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails
+newAwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails =
+  AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails'
+    { max =
+        Prelude.Nothing,
+      min =
+        Prelude.Nothing
+    }
+
+-- | The maximum number of vCPUs.
+awsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails_max :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails_max = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails' {max} -> max) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails' {} a -> s {max = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails)
+
+-- | The minimum number of vCPUs.
+awsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails_min :: Lens.Lens' AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails_min = Lens.lens (\AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails' {min} -> min) (\s@AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails' {} a -> s {min = a} :: AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails'
+            Prelude.<$> (x Data..:? "Max")
+            Prelude.<*> (x Data..:? "Min")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` max
+        `Prelude.hashWithSalt` min
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails' {..} =
+      Prelude.rnf max `Prelude.seq` Prelude.rnf min
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Max" Data..=) Prelude.<$> max,
+              ("Min" Data..=) Prelude.<$> min
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataLicenseSetDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataLicenseSetDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataLicenseSetDetails.hs
@@ -0,0 +1,97 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataLicenseSetDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataLicenseSetDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about the license configuration for an Amazon EC2
+-- instance.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataLicenseSetDetails' smart constructor.
+data AwsEc2LaunchTemplateDataLicenseSetDetails = AwsEc2LaunchTemplateDataLicenseSetDetails'
+  { -- | The Amazon Resource Name (ARN) of the license configuration.
+    licenseConfigurationArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataLicenseSetDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'licenseConfigurationArn', 'awsEc2LaunchTemplateDataLicenseSetDetails_licenseConfigurationArn' - The Amazon Resource Name (ARN) of the license configuration.
+newAwsEc2LaunchTemplateDataLicenseSetDetails ::
+  AwsEc2LaunchTemplateDataLicenseSetDetails
+newAwsEc2LaunchTemplateDataLicenseSetDetails =
+  AwsEc2LaunchTemplateDataLicenseSetDetails'
+    { licenseConfigurationArn =
+        Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the license configuration.
+awsEc2LaunchTemplateDataLicenseSetDetails_licenseConfigurationArn :: Lens.Lens' AwsEc2LaunchTemplateDataLicenseSetDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataLicenseSetDetails_licenseConfigurationArn = Lens.lens (\AwsEc2LaunchTemplateDataLicenseSetDetails' {licenseConfigurationArn} -> licenseConfigurationArn) (\s@AwsEc2LaunchTemplateDataLicenseSetDetails' {} a -> s {licenseConfigurationArn = a} :: AwsEc2LaunchTemplateDataLicenseSetDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataLicenseSetDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataLicenseSetDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataLicenseSetDetails'
+            Prelude.<$> (x Data..:? "LicenseConfigurationArn")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataLicenseSetDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataLicenseSetDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` licenseConfigurationArn
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataLicenseSetDetails
+  where
+  rnf AwsEc2LaunchTemplateDataLicenseSetDetails' {..} =
+    Prelude.rnf licenseConfigurationArn
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataLicenseSetDetails
+  where
+  toJSON AwsEc2LaunchTemplateDataLicenseSetDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("LicenseConfigurationArn" Data..=)
+              Prelude.<$> licenseConfigurationArn
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataMaintenanceOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataMaintenanceOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataMaintenanceOptionsDetails.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMaintenanceOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMaintenanceOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The maintenance options of an Amazon EC2 instance.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataMaintenanceOptionsDetails' smart constructor.
+data AwsEc2LaunchTemplateDataMaintenanceOptionsDetails = AwsEc2LaunchTemplateDataMaintenanceOptionsDetails'
+  { -- | Disables the automatic recovery behavior of your instance or sets it to
+    -- default.
+    autoRecovery :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataMaintenanceOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'autoRecovery', 'awsEc2LaunchTemplateDataMaintenanceOptionsDetails_autoRecovery' - Disables the automatic recovery behavior of your instance or sets it to
+-- default.
+newAwsEc2LaunchTemplateDataMaintenanceOptionsDetails ::
+  AwsEc2LaunchTemplateDataMaintenanceOptionsDetails
+newAwsEc2LaunchTemplateDataMaintenanceOptionsDetails =
+  AwsEc2LaunchTemplateDataMaintenanceOptionsDetails'
+    { autoRecovery =
+        Prelude.Nothing
+    }
+
+-- | Disables the automatic recovery behavior of your instance or sets it to
+-- default.
+awsEc2LaunchTemplateDataMaintenanceOptionsDetails_autoRecovery :: Lens.Lens' AwsEc2LaunchTemplateDataMaintenanceOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataMaintenanceOptionsDetails_autoRecovery = Lens.lens (\AwsEc2LaunchTemplateDataMaintenanceOptionsDetails' {autoRecovery} -> autoRecovery) (\s@AwsEc2LaunchTemplateDataMaintenanceOptionsDetails' {} a -> s {autoRecovery = a} :: AwsEc2LaunchTemplateDataMaintenanceOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataMaintenanceOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataMaintenanceOptionsDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataMaintenanceOptionsDetails'
+            Prelude.<$> (x Data..:? "AutoRecovery")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataMaintenanceOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataMaintenanceOptionsDetails' {..} =
+      _salt `Prelude.hashWithSalt` autoRecovery
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataMaintenanceOptionsDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataMaintenanceOptionsDetails' {..} =
+      Prelude.rnf autoRecovery
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataMaintenanceOptionsDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataMaintenanceOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("AutoRecovery" Data..=) Prelude.<$> autoRecovery]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataMetadataOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataMetadataOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataMetadataOptionsDetails.hs
@@ -0,0 +1,180 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMetadataOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMetadataOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies the metadata options for an Amazon EC2 instance.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataMetadataOptionsDetails' smart constructor.
+data AwsEc2LaunchTemplateDataMetadataOptionsDetails = AwsEc2LaunchTemplateDataMetadataOptionsDetails'
+  { -- | Enables or disables the HTTP metadata endpoint on your instances. If the
+    -- parameter is not specified, the default state is enabled, and you won’t
+    -- be able to access your instance metadata.
+    httpEndpoint :: Prelude.Maybe Prelude.Text,
+    -- | Enables or disables the IPv6 endpoint for the instance metadata service.
+    httpProtocolIpv6 :: Prelude.Maybe Prelude.Text,
+    -- | The desired HTTP PUT response hop limit for instance metadata requests.
+    -- The larger the number, the further instance metadata requests can
+    -- travel.
+    httpPutResponseHopLimit :: Prelude.Maybe Prelude.Int,
+    -- | The state of token usage for your instance metadata requests.
+    httpTokens :: Prelude.Maybe Prelude.Text,
+    -- | When set to @enabled@, this parameter allows access to instance tags
+    -- from the instance metadata. When set to @disabled@, it turns off access
+    -- to instance tags from the instance metadata. For more information, see
+    -- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS Work with instance tags in instance metadata>
+    -- in the /Amazon EC2 User Guide/.
+    instanceMetadataTags :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataMetadataOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpEndpoint', 'awsEc2LaunchTemplateDataMetadataOptionsDetails_httpEndpoint' - Enables or disables the HTTP metadata endpoint on your instances. If the
+-- parameter is not specified, the default state is enabled, and you won’t
+-- be able to access your instance metadata.
+--
+-- 'httpProtocolIpv6', 'awsEc2LaunchTemplateDataMetadataOptionsDetails_httpProtocolIpv6' - Enables or disables the IPv6 endpoint for the instance metadata service.
+--
+-- 'httpPutResponseHopLimit', 'awsEc2LaunchTemplateDataMetadataOptionsDetails_httpPutResponseHopLimit' - The desired HTTP PUT response hop limit for instance metadata requests.
+-- The larger the number, the further instance metadata requests can
+-- travel.
+--
+-- 'httpTokens', 'awsEc2LaunchTemplateDataMetadataOptionsDetails_httpTokens' - The state of token usage for your instance metadata requests.
+--
+-- 'instanceMetadataTags', 'awsEc2LaunchTemplateDataMetadataOptionsDetails_instanceMetadataTags' - When set to @enabled@, this parameter allows access to instance tags
+-- from the instance metadata. When set to @disabled@, it turns off access
+-- to instance tags from the instance metadata. For more information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS Work with instance tags in instance metadata>
+-- in the /Amazon EC2 User Guide/.
+newAwsEc2LaunchTemplateDataMetadataOptionsDetails ::
+  AwsEc2LaunchTemplateDataMetadataOptionsDetails
+newAwsEc2LaunchTemplateDataMetadataOptionsDetails =
+  AwsEc2LaunchTemplateDataMetadataOptionsDetails'
+    { httpEndpoint =
+        Prelude.Nothing,
+      httpProtocolIpv6 =
+        Prelude.Nothing,
+      httpPutResponseHopLimit =
+        Prelude.Nothing,
+      httpTokens =
+        Prelude.Nothing,
+      instanceMetadataTags =
+        Prelude.Nothing
+    }
+
+-- | Enables or disables the HTTP metadata endpoint on your instances. If the
+-- parameter is not specified, the default state is enabled, and you won’t
+-- be able to access your instance metadata.
+awsEc2LaunchTemplateDataMetadataOptionsDetails_httpEndpoint :: Lens.Lens' AwsEc2LaunchTemplateDataMetadataOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataMetadataOptionsDetails_httpEndpoint = Lens.lens (\AwsEc2LaunchTemplateDataMetadataOptionsDetails' {httpEndpoint} -> httpEndpoint) (\s@AwsEc2LaunchTemplateDataMetadataOptionsDetails' {} a -> s {httpEndpoint = a} :: AwsEc2LaunchTemplateDataMetadataOptionsDetails)
+
+-- | Enables or disables the IPv6 endpoint for the instance metadata service.
+awsEc2LaunchTemplateDataMetadataOptionsDetails_httpProtocolIpv6 :: Lens.Lens' AwsEc2LaunchTemplateDataMetadataOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataMetadataOptionsDetails_httpProtocolIpv6 = Lens.lens (\AwsEc2LaunchTemplateDataMetadataOptionsDetails' {httpProtocolIpv6} -> httpProtocolIpv6) (\s@AwsEc2LaunchTemplateDataMetadataOptionsDetails' {} a -> s {httpProtocolIpv6 = a} :: AwsEc2LaunchTemplateDataMetadataOptionsDetails)
+
+-- | The desired HTTP PUT response hop limit for instance metadata requests.
+-- The larger the number, the further instance metadata requests can
+-- travel.
+awsEc2LaunchTemplateDataMetadataOptionsDetails_httpPutResponseHopLimit :: Lens.Lens' AwsEc2LaunchTemplateDataMetadataOptionsDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataMetadataOptionsDetails_httpPutResponseHopLimit = Lens.lens (\AwsEc2LaunchTemplateDataMetadataOptionsDetails' {httpPutResponseHopLimit} -> httpPutResponseHopLimit) (\s@AwsEc2LaunchTemplateDataMetadataOptionsDetails' {} a -> s {httpPutResponseHopLimit = a} :: AwsEc2LaunchTemplateDataMetadataOptionsDetails)
+
+-- | The state of token usage for your instance metadata requests.
+awsEc2LaunchTemplateDataMetadataOptionsDetails_httpTokens :: Lens.Lens' AwsEc2LaunchTemplateDataMetadataOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataMetadataOptionsDetails_httpTokens = Lens.lens (\AwsEc2LaunchTemplateDataMetadataOptionsDetails' {httpTokens} -> httpTokens) (\s@AwsEc2LaunchTemplateDataMetadataOptionsDetails' {} a -> s {httpTokens = a} :: AwsEc2LaunchTemplateDataMetadataOptionsDetails)
+
+-- | When set to @enabled@, this parameter allows access to instance tags
+-- from the instance metadata. When set to @disabled@, it turns off access
+-- to instance tags from the instance metadata. For more information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS Work with instance tags in instance metadata>
+-- in the /Amazon EC2 User Guide/.
+awsEc2LaunchTemplateDataMetadataOptionsDetails_instanceMetadataTags :: Lens.Lens' AwsEc2LaunchTemplateDataMetadataOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataMetadataOptionsDetails_instanceMetadataTags = Lens.lens (\AwsEc2LaunchTemplateDataMetadataOptionsDetails' {instanceMetadataTags} -> instanceMetadataTags) (\s@AwsEc2LaunchTemplateDataMetadataOptionsDetails' {} a -> s {instanceMetadataTags = a} :: AwsEc2LaunchTemplateDataMetadataOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataMetadataOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataMetadataOptionsDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataMetadataOptionsDetails'
+            Prelude.<$> (x Data..:? "HttpEndpoint")
+            Prelude.<*> (x Data..:? "HttpProtocolIpv6")
+            Prelude.<*> (x Data..:? "HttpPutResponseHopLimit")
+            Prelude.<*> (x Data..:? "HttpTokens")
+            Prelude.<*> (x Data..:? "InstanceMetadataTags")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataMetadataOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataMetadataOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` httpEndpoint
+        `Prelude.hashWithSalt` httpProtocolIpv6
+        `Prelude.hashWithSalt` httpPutResponseHopLimit
+        `Prelude.hashWithSalt` httpTokens
+        `Prelude.hashWithSalt` instanceMetadataTags
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataMetadataOptionsDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataMetadataOptionsDetails' {..} =
+      Prelude.rnf httpEndpoint
+        `Prelude.seq` Prelude.rnf httpProtocolIpv6
+        `Prelude.seq` Prelude.rnf httpPutResponseHopLimit
+        `Prelude.seq` Prelude.rnf httpTokens
+        `Prelude.seq` Prelude.rnf instanceMetadataTags
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataMetadataOptionsDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataMetadataOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("HttpEndpoint" Data..=) Prelude.<$> httpEndpoint,
+              ("HttpProtocolIpv6" Data..=)
+                Prelude.<$> httpProtocolIpv6,
+              ("HttpPutResponseHopLimit" Data..=)
+                Prelude.<$> httpPutResponseHopLimit,
+              ("HttpTokens" Data..=) Prelude.<$> httpTokens,
+              ("InstanceMetadataTags" Data..=)
+                Prelude.<$> instanceMetadataTags
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataMonitoringDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataMonitoringDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataMonitoringDetails.hs
@@ -0,0 +1,105 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMonitoringDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataMonitoringDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The monitoring for an Amazon EC2 instance.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataMonitoringDetails' smart constructor.
+data AwsEc2LaunchTemplateDataMonitoringDetails = AwsEc2LaunchTemplateDataMonitoringDetails'
+  { -- | Enables detailed monitoring when @true@ is specified. Otherwise, basic
+    -- monitoring is enabled. For more information about detailed monitoring,
+    -- see
+    -- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html Enable or turn off detailed monitoring for your instances>
+    -- in the /Amazon EC2 User Guide/.
+    enabled :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataMonitoringDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enabled', 'awsEc2LaunchTemplateDataMonitoringDetails_enabled' - Enables detailed monitoring when @true@ is specified. Otherwise, basic
+-- monitoring is enabled. For more information about detailed monitoring,
+-- see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html Enable or turn off detailed monitoring for your instances>
+-- in the /Amazon EC2 User Guide/.
+newAwsEc2LaunchTemplateDataMonitoringDetails ::
+  AwsEc2LaunchTemplateDataMonitoringDetails
+newAwsEc2LaunchTemplateDataMonitoringDetails =
+  AwsEc2LaunchTemplateDataMonitoringDetails'
+    { enabled =
+        Prelude.Nothing
+    }
+
+-- | Enables detailed monitoring when @true@ is specified. Otherwise, basic
+-- monitoring is enabled. For more information about detailed monitoring,
+-- see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html Enable or turn off detailed monitoring for your instances>
+-- in the /Amazon EC2 User Guide/.
+awsEc2LaunchTemplateDataMonitoringDetails_enabled :: Lens.Lens' AwsEc2LaunchTemplateDataMonitoringDetails (Prelude.Maybe Prelude.Bool)
+awsEc2LaunchTemplateDataMonitoringDetails_enabled = Lens.lens (\AwsEc2LaunchTemplateDataMonitoringDetails' {enabled} -> enabled) (\s@AwsEc2LaunchTemplateDataMonitoringDetails' {} a -> s {enabled = a} :: AwsEc2LaunchTemplateDataMonitoringDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataMonitoringDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataMonitoringDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataMonitoringDetails'
+            Prelude.<$> (x Data..:? "Enabled")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataMonitoringDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataMonitoringDetails' {..} =
+      _salt `Prelude.hashWithSalt` enabled
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataMonitoringDetails
+  where
+  rnf AwsEc2LaunchTemplateDataMonitoringDetails' {..} =
+    Prelude.rnf enabled
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataMonitoringDetails
+  where
+  toJSON AwsEc2LaunchTemplateDataMonitoringDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Enabled" Data..=) Prelude.<$> enabled]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails.hs
@@ -0,0 +1,424 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails
+
+-- | One or more network interfaces to attach to an Amazon EC2 instance. If
+-- you specify a network interface, you must specify security groups and
+-- subnets as part of the network interface.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' smart constructor.
+data AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails = AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails'
+  { -- | Indicates whether to associate a Carrier IP address with eth0 for a new
+    -- network interface. You use this option when you launch an instance in a
+    -- Wavelength Zone and want to associate a Carrier IP address with the
+    -- network interface. For more information, see
+    -- <https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html#provider-owned-ip Carrier IP address>
+    -- in the /Wavelength Developer Guide/.
+    associateCarrierIpAddress :: Prelude.Maybe Prelude.Bool,
+    -- | Associates a public IPv4 address with eth0 for a new network interface.
+    associatePublicIpAddress :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates whether the network interface is deleted when the instance is
+    -- terminated.
+    deleteOnTermination :: Prelude.Maybe Prelude.Bool,
+    -- | A description for the network interface.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The device index for the network interface attachment.
+    deviceIndex :: Prelude.Maybe Prelude.Int,
+    -- | The IDs of one or more security groups.
+    groups :: Prelude.Maybe [Prelude.Text],
+    -- | The type of network interface.
+    interfaceType :: Prelude.Maybe Prelude.Text,
+    -- | The number of IPv4 prefixes to be automatically assigned to the network
+    -- interface. You cannot use this option if you use the @Ipv4Prefixes@
+    -- option.
+    ipv4PrefixCount :: Prelude.Maybe Prelude.Int,
+    -- | One or more IPv4 prefixes to be assigned to the network interface. You
+    -- cannot use this option if you use the @Ipv4PrefixCount@ option.
+    ipv4Prefixes :: Prelude.Maybe [AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails],
+    -- | The number of IPv6 addresses to assign to a network interface. Amazon
+    -- EC2 automatically selects the IPv6 addresses from the subnet range. You
+    -- can\'t use this option if you use @Ipv6Addresses@.
+    ipv6AddressCount :: Prelude.Maybe Prelude.Int,
+    -- | One or more specific IPv6 addresses from the IPv6 CIDR block range of
+    -- your subnet. You can\'t use this option if you use @Ipv6AddressCount@.
+    ipv6Addresses :: Prelude.Maybe [AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails],
+    -- | The number of IPv6 prefixes to be automatically assigned to the network
+    -- interface. You cannot use this option if you use the @Ipv6Prefix@
+    -- option.
+    ipv6PrefixCount :: Prelude.Maybe Prelude.Int,
+    -- | One or more IPv6 prefixes to be assigned to the network interface. You
+    -- cannot use this option if you use the @Ipv6PrefixCount@ option.
+    ipv6Prefixes :: Prelude.Maybe [AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails],
+    -- | The index of the network card. Some instance types support multiple
+    -- network cards. The primary network interface must be assigned to network
+    -- card index @0@. The default is network card index @0@.
+    networkCardIndex :: Prelude.Maybe Prelude.Int,
+    -- | The ID of the network interface.
+    networkInterfaceId :: Prelude.Maybe Prelude.Text,
+    -- | The primary private IPv4 address of the network interface.
+    privateIpAddress :: Prelude.Maybe Prelude.Text,
+    -- | One or more private IPv4 addresses.
+    privateIpAddresses :: Prelude.Maybe [AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails],
+    -- | The number of secondary private IPv4 addresses to assign to a network
+    -- interface.
+    secondaryPrivateIpAddressCount :: Prelude.Maybe Prelude.Int,
+    -- | The ID of the subnet for the network interface.
+    subnetId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'associateCarrierIpAddress', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_associateCarrierIpAddress' - Indicates whether to associate a Carrier IP address with eth0 for a new
+-- network interface. You use this option when you launch an instance in a
+-- Wavelength Zone and want to associate a Carrier IP address with the
+-- network interface. For more information, see
+-- <https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html#provider-owned-ip Carrier IP address>
+-- in the /Wavelength Developer Guide/.
+--
+-- 'associatePublicIpAddress', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_associatePublicIpAddress' - Associates a public IPv4 address with eth0 for a new network interface.
+--
+-- 'deleteOnTermination', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_deleteOnTermination' - Indicates whether the network interface is deleted when the instance is
+-- terminated.
+--
+-- 'description', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_description' - A description for the network interface.
+--
+-- 'deviceIndex', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_deviceIndex' - The device index for the network interface attachment.
+--
+-- 'groups', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_groups' - The IDs of one or more security groups.
+--
+-- 'interfaceType', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_interfaceType' - The type of network interface.
+--
+-- 'ipv4PrefixCount', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv4PrefixCount' - The number of IPv4 prefixes to be automatically assigned to the network
+-- interface. You cannot use this option if you use the @Ipv4Prefixes@
+-- option.
+--
+-- 'ipv4Prefixes', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv4Prefixes' - One or more IPv4 prefixes to be assigned to the network interface. You
+-- cannot use this option if you use the @Ipv4PrefixCount@ option.
+--
+-- 'ipv6AddressCount', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6AddressCount' - The number of IPv6 addresses to assign to a network interface. Amazon
+-- EC2 automatically selects the IPv6 addresses from the subnet range. You
+-- can\'t use this option if you use @Ipv6Addresses@.
+--
+-- 'ipv6Addresses', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6Addresses' - One or more specific IPv6 addresses from the IPv6 CIDR block range of
+-- your subnet. You can\'t use this option if you use @Ipv6AddressCount@.
+--
+-- 'ipv6PrefixCount', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6PrefixCount' - The number of IPv6 prefixes to be automatically assigned to the network
+-- interface. You cannot use this option if you use the @Ipv6Prefix@
+-- option.
+--
+-- 'ipv6Prefixes', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6Prefixes' - One or more IPv6 prefixes to be assigned to the network interface. You
+-- cannot use this option if you use the @Ipv6PrefixCount@ option.
+--
+-- 'networkCardIndex', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_networkCardIndex' - The index of the network card. Some instance types support multiple
+-- network cards. The primary network interface must be assigned to network
+-- card index @0@. The default is network card index @0@.
+--
+-- 'networkInterfaceId', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_networkInterfaceId' - The ID of the network interface.
+--
+-- 'privateIpAddress', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_privateIpAddress' - The primary private IPv4 address of the network interface.
+--
+-- 'privateIpAddresses', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_privateIpAddresses' - One or more private IPv4 addresses.
+--
+-- 'secondaryPrivateIpAddressCount', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_secondaryPrivateIpAddressCount' - The number of secondary private IPv4 addresses to assign to a network
+-- interface.
+--
+-- 'subnetId', 'awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_subnetId' - The ID of the subnet for the network interface.
+newAwsEc2LaunchTemplateDataNetworkInterfaceSetDetails ::
+  AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails
+newAwsEc2LaunchTemplateDataNetworkInterfaceSetDetails =
+  AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails'
+    { associateCarrierIpAddress =
+        Prelude.Nothing,
+      associatePublicIpAddress =
+        Prelude.Nothing,
+      deleteOnTermination =
+        Prelude.Nothing,
+      description =
+        Prelude.Nothing,
+      deviceIndex =
+        Prelude.Nothing,
+      groups =
+        Prelude.Nothing,
+      interfaceType =
+        Prelude.Nothing,
+      ipv4PrefixCount =
+        Prelude.Nothing,
+      ipv4Prefixes =
+        Prelude.Nothing,
+      ipv6AddressCount =
+        Prelude.Nothing,
+      ipv6Addresses =
+        Prelude.Nothing,
+      ipv6PrefixCount =
+        Prelude.Nothing,
+      ipv6Prefixes =
+        Prelude.Nothing,
+      networkCardIndex =
+        Prelude.Nothing,
+      networkInterfaceId =
+        Prelude.Nothing,
+      privateIpAddress =
+        Prelude.Nothing,
+      privateIpAddresses =
+        Prelude.Nothing,
+      secondaryPrivateIpAddressCount =
+        Prelude.Nothing,
+      subnetId =
+        Prelude.Nothing
+    }
+
+-- | Indicates whether to associate a Carrier IP address with eth0 for a new
+-- network interface. You use this option when you launch an instance in a
+-- Wavelength Zone and want to associate a Carrier IP address with the
+-- network interface. For more information, see
+-- <https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html#provider-owned-ip Carrier IP address>
+-- in the /Wavelength Developer Guide/.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_associateCarrierIpAddress :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe Prelude.Bool)
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_associateCarrierIpAddress = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {associateCarrierIpAddress} -> associateCarrierIpAddress) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {associateCarrierIpAddress = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails)
+
+-- | Associates a public IPv4 address with eth0 for a new network interface.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_associatePublicIpAddress :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe Prelude.Bool)
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_associatePublicIpAddress = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {associatePublicIpAddress} -> associatePublicIpAddress) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {associatePublicIpAddress = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails)
+
+-- | Indicates whether the network interface is deleted when the instance is
+-- terminated.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_deleteOnTermination :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe Prelude.Bool)
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_deleteOnTermination = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {deleteOnTermination} -> deleteOnTermination) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {deleteOnTermination = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails)
+
+-- | A description for the network interface.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_description :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_description = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {description} -> description) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {description = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails)
+
+-- | The device index for the network interface attachment.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_deviceIndex :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_deviceIndex = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {deviceIndex} -> deviceIndex) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {deviceIndex = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails)
+
+-- | The IDs of one or more security groups.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_groups :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe [Prelude.Text])
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_groups = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {groups} -> groups) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {groups = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The type of network interface.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_interfaceType :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_interfaceType = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {interfaceType} -> interfaceType) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {interfaceType = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails)
+
+-- | The number of IPv4 prefixes to be automatically assigned to the network
+-- interface. You cannot use this option if you use the @Ipv4Prefixes@
+-- option.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv4PrefixCount :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv4PrefixCount = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {ipv4PrefixCount} -> ipv4PrefixCount) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {ipv4PrefixCount = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails)
+
+-- | One or more IPv4 prefixes to be assigned to the network interface. You
+-- cannot use this option if you use the @Ipv4PrefixCount@ option.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv4Prefixes :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe [AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails])
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv4Prefixes = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {ipv4Prefixes} -> ipv4Prefixes) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {ipv4Prefixes = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The number of IPv6 addresses to assign to a network interface. Amazon
+-- EC2 automatically selects the IPv6 addresses from the subnet range. You
+-- can\'t use this option if you use @Ipv6Addresses@.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6AddressCount :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6AddressCount = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {ipv6AddressCount} -> ipv6AddressCount) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {ipv6AddressCount = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails)
+
+-- | One or more specific IPv6 addresses from the IPv6 CIDR block range of
+-- your subnet. You can\'t use this option if you use @Ipv6AddressCount@.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6Addresses :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe [AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails])
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6Addresses = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {ipv6Addresses} -> ipv6Addresses) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {ipv6Addresses = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The number of IPv6 prefixes to be automatically assigned to the network
+-- interface. You cannot use this option if you use the @Ipv6Prefix@
+-- option.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6PrefixCount :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6PrefixCount = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {ipv6PrefixCount} -> ipv6PrefixCount) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {ipv6PrefixCount = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails)
+
+-- | One or more IPv6 prefixes to be assigned to the network interface. You
+-- cannot use this option if you use the @Ipv6PrefixCount@ option.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6Prefixes :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe [AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails])
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_ipv6Prefixes = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {ipv6Prefixes} -> ipv6Prefixes) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {ipv6Prefixes = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The index of the network card. Some instance types support multiple
+-- network cards. The primary network interface must be assigned to network
+-- card index @0@. The default is network card index @0@.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_networkCardIndex :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_networkCardIndex = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {networkCardIndex} -> networkCardIndex) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {networkCardIndex = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails)
+
+-- | The ID of the network interface.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_networkInterfaceId :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_networkInterfaceId = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {networkInterfaceId} -> networkInterfaceId) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {networkInterfaceId = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails)
+
+-- | The primary private IPv4 address of the network interface.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_privateIpAddress :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_privateIpAddress = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {privateIpAddress} -> privateIpAddress) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {privateIpAddress = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails)
+
+-- | One or more private IPv4 addresses.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_privateIpAddresses :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe [AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails])
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_privateIpAddresses = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {privateIpAddresses} -> privateIpAddresses) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {privateIpAddresses = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The number of secondary private IPv4 addresses to assign to a network
+-- interface.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_secondaryPrivateIpAddressCount :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_secondaryPrivateIpAddressCount = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {secondaryPrivateIpAddressCount} -> secondaryPrivateIpAddressCount) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {secondaryPrivateIpAddressCount = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails)
+
+-- | The ID of the subnet for the network interface.
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_subnetId :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataNetworkInterfaceSetDetails_subnetId = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {subnetId} -> subnetId) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {} a -> s {subnetId = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails'
+            Prelude.<$> (x Data..:? "AssociateCarrierIpAddress")
+            Prelude.<*> (x Data..:? "AssociatePublicIpAddress")
+            Prelude.<*> (x Data..:? "DeleteOnTermination")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "DeviceIndex")
+            Prelude.<*> (x Data..:? "Groups" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "InterfaceType")
+            Prelude.<*> (x Data..:? "Ipv4PrefixCount")
+            Prelude.<*> (x Data..:? "Ipv4Prefixes" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Ipv6AddressCount")
+            Prelude.<*> (x Data..:? "Ipv6Addresses" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Ipv6PrefixCount")
+            Prelude.<*> (x Data..:? "Ipv6Prefixes" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "NetworkCardIndex")
+            Prelude.<*> (x Data..:? "NetworkInterfaceId")
+            Prelude.<*> (x Data..:? "PrivateIpAddress")
+            Prelude.<*> ( x
+                            Data..:? "PrivateIpAddresses"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "SecondaryPrivateIpAddressCount")
+            Prelude.<*> (x Data..:? "SubnetId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` associateCarrierIpAddress
+        `Prelude.hashWithSalt` associatePublicIpAddress
+        `Prelude.hashWithSalt` deleteOnTermination
+        `Prelude.hashWithSalt` description
+        `Prelude.hashWithSalt` deviceIndex
+        `Prelude.hashWithSalt` groups
+        `Prelude.hashWithSalt` interfaceType
+        `Prelude.hashWithSalt` ipv4PrefixCount
+        `Prelude.hashWithSalt` ipv4Prefixes
+        `Prelude.hashWithSalt` ipv6AddressCount
+        `Prelude.hashWithSalt` ipv6Addresses
+        `Prelude.hashWithSalt` ipv6PrefixCount
+        `Prelude.hashWithSalt` ipv6Prefixes
+        `Prelude.hashWithSalt` networkCardIndex
+        `Prelude.hashWithSalt` networkInterfaceId
+        `Prelude.hashWithSalt` privateIpAddress
+        `Prelude.hashWithSalt` privateIpAddresses
+        `Prelude.hashWithSalt` secondaryPrivateIpAddressCount
+        `Prelude.hashWithSalt` subnetId
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {..} =
+      Prelude.rnf associateCarrierIpAddress
+        `Prelude.seq` Prelude.rnf associatePublicIpAddress
+        `Prelude.seq` Prelude.rnf deleteOnTermination
+        `Prelude.seq` Prelude.rnf description
+        `Prelude.seq` Prelude.rnf deviceIndex
+        `Prelude.seq` Prelude.rnf groups
+        `Prelude.seq` Prelude.rnf interfaceType
+        `Prelude.seq` Prelude.rnf ipv4PrefixCount
+        `Prelude.seq` Prelude.rnf ipv4Prefixes
+        `Prelude.seq` Prelude.rnf ipv6AddressCount
+        `Prelude.seq` Prelude.rnf ipv6Addresses
+        `Prelude.seq` Prelude.rnf ipv6PrefixCount
+        `Prelude.seq` Prelude.rnf ipv6Prefixes
+        `Prelude.seq` Prelude.rnf networkCardIndex
+        `Prelude.seq` Prelude.rnf networkInterfaceId
+        `Prelude.seq` Prelude.rnf privateIpAddress
+        `Prelude.seq` Prelude.rnf privateIpAddresses
+        `Prelude.seq` Prelude.rnf
+          secondaryPrivateIpAddressCount
+        `Prelude.seq` Prelude.rnf subnetId
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AssociateCarrierIpAddress" Data..=)
+                Prelude.<$> associateCarrierIpAddress,
+              ("AssociatePublicIpAddress" Data..=)
+                Prelude.<$> associatePublicIpAddress,
+              ("DeleteOnTermination" Data..=)
+                Prelude.<$> deleteOnTermination,
+              ("Description" Data..=) Prelude.<$> description,
+              ("DeviceIndex" Data..=) Prelude.<$> deviceIndex,
+              ("Groups" Data..=) Prelude.<$> groups,
+              ("InterfaceType" Data..=) Prelude.<$> interfaceType,
+              ("Ipv4PrefixCount" Data..=)
+                Prelude.<$> ipv4PrefixCount,
+              ("Ipv4Prefixes" Data..=) Prelude.<$> ipv4Prefixes,
+              ("Ipv6AddressCount" Data..=)
+                Prelude.<$> ipv6AddressCount,
+              ("Ipv6Addresses" Data..=) Prelude.<$> ipv6Addresses,
+              ("Ipv6PrefixCount" Data..=)
+                Prelude.<$> ipv6PrefixCount,
+              ("Ipv6Prefixes" Data..=) Prelude.<$> ipv6Prefixes,
+              ("NetworkCardIndex" Data..=)
+                Prelude.<$> networkCardIndex,
+              ("NetworkInterfaceId" Data..=)
+                Prelude.<$> networkInterfaceId,
+              ("PrivateIpAddress" Data..=)
+                Prelude.<$> privateIpAddress,
+              ("PrivateIpAddresses" Data..=)
+                Prelude.<$> privateIpAddresses,
+              ("SecondaryPrivateIpAddressCount" Data..=)
+                Prelude.<$> secondaryPrivateIpAddressCount,
+              ("SubnetId" Data..=) Prelude.<$> subnetId
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails.hs
@@ -0,0 +1,101 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details on one or more IPv4 prefixes for a network interface.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails' smart constructor.
+data AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails = AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails'
+  { -- | The IPv4 prefix. For more information, see
+    -- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html Assigning prefixes to Amazon EC2 network interfaces>
+    -- in the /Amazon Elastic Compute Cloud User Guide/.
+    ipv4Prefix :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ipv4Prefix', 'awsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails_ipv4Prefix' - The IPv4 prefix. For more information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html Assigning prefixes to Amazon EC2 network interfaces>
+-- in the /Amazon Elastic Compute Cloud User Guide/.
+newAwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails ::
+  AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails
+newAwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails =
+  AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails'
+    { ipv4Prefix =
+        Prelude.Nothing
+    }
+
+-- | The IPv4 prefix. For more information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-prefix-eni.html Assigning prefixes to Amazon EC2 network interfaces>
+-- in the /Amazon Elastic Compute Cloud User Guide/.
+awsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails_ipv4Prefix :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails_ipv4Prefix = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails' {ipv4Prefix} -> ipv4Prefix) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails' {} a -> s {ipv4Prefix = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails'
+            Prelude.<$> (x Data..:? "Ipv4Prefix")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails' {..} =
+      _salt `Prelude.hashWithSalt` ipv4Prefix
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails' {..} =
+      Prelude.rnf ipv4Prefix
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Ipv4Prefix" Data..=) Prelude.<$> ipv4Prefix]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies an IPv6 address in an Amazon EC2 launch template.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails' smart constructor.
+data AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails = AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails'
+  { -- | One or more specific IPv6 addresses from the IPv6 CIDR block range of
+    -- your subnet.
+    ipv6Address :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ipv6Address', 'awsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails_ipv6Address' - One or more specific IPv6 addresses from the IPv6 CIDR block range of
+-- your subnet.
+newAwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails ::
+  AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails
+newAwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails =
+  AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails'
+    { ipv6Address =
+        Prelude.Nothing
+    }
+
+-- | One or more specific IPv6 addresses from the IPv6 CIDR block range of
+-- your subnet.
+awsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails_ipv6Address :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails_ipv6Address = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails' {ipv6Address} -> ipv6Address) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails' {} a -> s {ipv6Address = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails'
+            Prelude.<$> (x Data..:? "Ipv6Address")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails' {..} =
+      _salt `Prelude.hashWithSalt` ipv6Address
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails' {..} =
+      Prelude.rnf ipv6Address
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Ipv6Address" Data..=) Prelude.<$> ipv6Address]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details on one or more IPv6 prefixes to be assigned to the
+-- network interface.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails' smart constructor.
+data AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails = AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails'
+  { -- | The IPv6 prefix.
+    ipv6Prefix :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ipv6Prefix', 'awsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails_ipv6Prefix' - The IPv6 prefix.
+newAwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails ::
+  AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails
+newAwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails =
+  AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails'
+    { ipv6Prefix =
+        Prelude.Nothing
+    }
+
+-- | The IPv6 prefix.
+awsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails_ipv6Prefix :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails_ipv6Prefix = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails' {ipv6Prefix} -> ipv6Prefix) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails' {} a -> s {ipv6Prefix = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails'
+            Prelude.<$> (x Data..:? "Ipv6Prefix")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails' {..} =
+      _salt `Prelude.hashWithSalt` ipv6Prefix
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails' {..} =
+      Prelude.rnf ipv6Prefix
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Ipv6Prefix" Data..=) Prelude.<$> ipv6Prefix]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails.hs
@@ -0,0 +1,115 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | One or more private IPv4 addresses.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails' smart constructor.
+data AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails = AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails'
+  { -- | Indicates whether the private IPv4 address is the primary private IPv4
+    -- address. Only one IPv4 address can be designated as primary.
+    primary :: Prelude.Maybe Prelude.Bool,
+    -- | The private IPv4 address.
+    privateIpAddress :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'primary', 'awsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails_primary' - Indicates whether the private IPv4 address is the primary private IPv4
+-- address. Only one IPv4 address can be designated as primary.
+--
+-- 'privateIpAddress', 'awsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails_privateIpAddress' - The private IPv4 address.
+newAwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails ::
+  AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails
+newAwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails =
+  AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails'
+    { primary =
+        Prelude.Nothing,
+      privateIpAddress =
+        Prelude.Nothing
+    }
+
+-- | Indicates whether the private IPv4 address is the primary private IPv4
+-- address. Only one IPv4 address can be designated as primary.
+awsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails_primary :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails (Prelude.Maybe Prelude.Bool)
+awsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails_primary = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails' {primary} -> primary) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails' {} a -> s {primary = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails)
+
+-- | The private IPv4 address.
+awsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails_privateIpAddress :: Lens.Lens' AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails_privateIpAddress = Lens.lens (\AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails' {privateIpAddress} -> privateIpAddress) (\s@AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails' {} a -> s {privateIpAddress = a} :: AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails'
+            Prelude.<$> (x Data..:? "Primary")
+            Prelude.<*> (x Data..:? "PrivateIpAddress")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` primary
+        `Prelude.hashWithSalt` privateIpAddress
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails' {..} =
+      Prelude.rnf primary
+        `Prelude.seq` Prelude.rnf privateIpAddress
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Primary" Data..=) Prelude.<$> primary,
+              ("PrivateIpAddress" Data..=)
+                Prelude.<$> privateIpAddress
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataPlacementDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataPlacementDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataPlacementDetails.hs
@@ -0,0 +1,197 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataPlacementDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataPlacementDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about the placement of an Amazon EC2 instance.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataPlacementDetails' smart constructor.
+data AwsEc2LaunchTemplateDataPlacementDetails = AwsEc2LaunchTemplateDataPlacementDetails'
+  { -- | The affinity setting for an instance on an EC2 Dedicated Host.
+    affinity :: Prelude.Maybe Prelude.Text,
+    -- | The Availability Zone for the instance.
+    availabilityZone :: Prelude.Maybe Prelude.Text,
+    -- | The name of the placement group for the instance.
+    groupName :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the Dedicated Host for the instance.
+    hostId :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of the host resource group in which to
+    -- launch the instances.
+    hostResourceGroupArn :: Prelude.Maybe Prelude.Text,
+    -- | The number of the partition the instance should launch in.
+    partitionNumber :: Prelude.Maybe Prelude.Int,
+    -- | Reserved for future use.
+    spreadDomain :: Prelude.Maybe Prelude.Text,
+    -- | The tenancy of the instance (if the instance is running in a VPC). An
+    -- instance with a tenancy of dedicated runs on single-tenant hardware.
+    tenancy :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataPlacementDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'affinity', 'awsEc2LaunchTemplateDataPlacementDetails_affinity' - The affinity setting for an instance on an EC2 Dedicated Host.
+--
+-- 'availabilityZone', 'awsEc2LaunchTemplateDataPlacementDetails_availabilityZone' - The Availability Zone for the instance.
+--
+-- 'groupName', 'awsEc2LaunchTemplateDataPlacementDetails_groupName' - The name of the placement group for the instance.
+--
+-- 'hostId', 'awsEc2LaunchTemplateDataPlacementDetails_hostId' - The ID of the Dedicated Host for the instance.
+--
+-- 'hostResourceGroupArn', 'awsEc2LaunchTemplateDataPlacementDetails_hostResourceGroupArn' - The Amazon Resource Name (ARN) of the host resource group in which to
+-- launch the instances.
+--
+-- 'partitionNumber', 'awsEc2LaunchTemplateDataPlacementDetails_partitionNumber' - The number of the partition the instance should launch in.
+--
+-- 'spreadDomain', 'awsEc2LaunchTemplateDataPlacementDetails_spreadDomain' - Reserved for future use.
+--
+-- 'tenancy', 'awsEc2LaunchTemplateDataPlacementDetails_tenancy' - The tenancy of the instance (if the instance is running in a VPC). An
+-- instance with a tenancy of dedicated runs on single-tenant hardware.
+newAwsEc2LaunchTemplateDataPlacementDetails ::
+  AwsEc2LaunchTemplateDataPlacementDetails
+newAwsEc2LaunchTemplateDataPlacementDetails =
+  AwsEc2LaunchTemplateDataPlacementDetails'
+    { affinity =
+        Prelude.Nothing,
+      availabilityZone =
+        Prelude.Nothing,
+      groupName = Prelude.Nothing,
+      hostId = Prelude.Nothing,
+      hostResourceGroupArn =
+        Prelude.Nothing,
+      partitionNumber = Prelude.Nothing,
+      spreadDomain = Prelude.Nothing,
+      tenancy = Prelude.Nothing
+    }
+
+-- | The affinity setting for an instance on an EC2 Dedicated Host.
+awsEc2LaunchTemplateDataPlacementDetails_affinity :: Lens.Lens' AwsEc2LaunchTemplateDataPlacementDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataPlacementDetails_affinity = Lens.lens (\AwsEc2LaunchTemplateDataPlacementDetails' {affinity} -> affinity) (\s@AwsEc2LaunchTemplateDataPlacementDetails' {} a -> s {affinity = a} :: AwsEc2LaunchTemplateDataPlacementDetails)
+
+-- | The Availability Zone for the instance.
+awsEc2LaunchTemplateDataPlacementDetails_availabilityZone :: Lens.Lens' AwsEc2LaunchTemplateDataPlacementDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataPlacementDetails_availabilityZone = Lens.lens (\AwsEc2LaunchTemplateDataPlacementDetails' {availabilityZone} -> availabilityZone) (\s@AwsEc2LaunchTemplateDataPlacementDetails' {} a -> s {availabilityZone = a} :: AwsEc2LaunchTemplateDataPlacementDetails)
+
+-- | The name of the placement group for the instance.
+awsEc2LaunchTemplateDataPlacementDetails_groupName :: Lens.Lens' AwsEc2LaunchTemplateDataPlacementDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataPlacementDetails_groupName = Lens.lens (\AwsEc2LaunchTemplateDataPlacementDetails' {groupName} -> groupName) (\s@AwsEc2LaunchTemplateDataPlacementDetails' {} a -> s {groupName = a} :: AwsEc2LaunchTemplateDataPlacementDetails)
+
+-- | The ID of the Dedicated Host for the instance.
+awsEc2LaunchTemplateDataPlacementDetails_hostId :: Lens.Lens' AwsEc2LaunchTemplateDataPlacementDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataPlacementDetails_hostId = Lens.lens (\AwsEc2LaunchTemplateDataPlacementDetails' {hostId} -> hostId) (\s@AwsEc2LaunchTemplateDataPlacementDetails' {} a -> s {hostId = a} :: AwsEc2LaunchTemplateDataPlacementDetails)
+
+-- | The Amazon Resource Name (ARN) of the host resource group in which to
+-- launch the instances.
+awsEc2LaunchTemplateDataPlacementDetails_hostResourceGroupArn :: Lens.Lens' AwsEc2LaunchTemplateDataPlacementDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataPlacementDetails_hostResourceGroupArn = Lens.lens (\AwsEc2LaunchTemplateDataPlacementDetails' {hostResourceGroupArn} -> hostResourceGroupArn) (\s@AwsEc2LaunchTemplateDataPlacementDetails' {} a -> s {hostResourceGroupArn = a} :: AwsEc2LaunchTemplateDataPlacementDetails)
+
+-- | The number of the partition the instance should launch in.
+awsEc2LaunchTemplateDataPlacementDetails_partitionNumber :: Lens.Lens' AwsEc2LaunchTemplateDataPlacementDetails (Prelude.Maybe Prelude.Int)
+awsEc2LaunchTemplateDataPlacementDetails_partitionNumber = Lens.lens (\AwsEc2LaunchTemplateDataPlacementDetails' {partitionNumber} -> partitionNumber) (\s@AwsEc2LaunchTemplateDataPlacementDetails' {} a -> s {partitionNumber = a} :: AwsEc2LaunchTemplateDataPlacementDetails)
+
+-- | Reserved for future use.
+awsEc2LaunchTemplateDataPlacementDetails_spreadDomain :: Lens.Lens' AwsEc2LaunchTemplateDataPlacementDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataPlacementDetails_spreadDomain = Lens.lens (\AwsEc2LaunchTemplateDataPlacementDetails' {spreadDomain} -> spreadDomain) (\s@AwsEc2LaunchTemplateDataPlacementDetails' {} a -> s {spreadDomain = a} :: AwsEc2LaunchTemplateDataPlacementDetails)
+
+-- | The tenancy of the instance (if the instance is running in a VPC). An
+-- instance with a tenancy of dedicated runs on single-tenant hardware.
+awsEc2LaunchTemplateDataPlacementDetails_tenancy :: Lens.Lens' AwsEc2LaunchTemplateDataPlacementDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataPlacementDetails_tenancy = Lens.lens (\AwsEc2LaunchTemplateDataPlacementDetails' {tenancy} -> tenancy) (\s@AwsEc2LaunchTemplateDataPlacementDetails' {} a -> s {tenancy = a} :: AwsEc2LaunchTemplateDataPlacementDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataPlacementDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataPlacementDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataPlacementDetails'
+            Prelude.<$> (x Data..:? "Affinity")
+            Prelude.<*> (x Data..:? "AvailabilityZone")
+            Prelude.<*> (x Data..:? "GroupName")
+            Prelude.<*> (x Data..:? "HostId")
+            Prelude.<*> (x Data..:? "HostResourceGroupArn")
+            Prelude.<*> (x Data..:? "PartitionNumber")
+            Prelude.<*> (x Data..:? "SpreadDomain")
+            Prelude.<*> (x Data..:? "Tenancy")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataPlacementDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataPlacementDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` affinity
+        `Prelude.hashWithSalt` availabilityZone
+        `Prelude.hashWithSalt` groupName
+        `Prelude.hashWithSalt` hostId
+        `Prelude.hashWithSalt` hostResourceGroupArn
+        `Prelude.hashWithSalt` partitionNumber
+        `Prelude.hashWithSalt` spreadDomain
+        `Prelude.hashWithSalt` tenancy
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataPlacementDetails
+  where
+  rnf AwsEc2LaunchTemplateDataPlacementDetails' {..} =
+    Prelude.rnf affinity
+      `Prelude.seq` Prelude.rnf availabilityZone
+      `Prelude.seq` Prelude.rnf groupName
+      `Prelude.seq` Prelude.rnf hostId
+      `Prelude.seq` Prelude.rnf hostResourceGroupArn
+      `Prelude.seq` Prelude.rnf partitionNumber
+      `Prelude.seq` Prelude.rnf spreadDomain
+      `Prelude.seq` Prelude.rnf tenancy
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataPlacementDetails
+  where
+  toJSON AwsEc2LaunchTemplateDataPlacementDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Affinity" Data..=) Prelude.<$> affinity,
+            ("AvailabilityZone" Data..=)
+              Prelude.<$> availabilityZone,
+            ("GroupName" Data..=) Prelude.<$> groupName,
+            ("HostId" Data..=) Prelude.<$> hostId,
+            ("HostResourceGroupArn" Data..=)
+              Prelude.<$> hostResourceGroupArn,
+            ("PartitionNumber" Data..=)
+              Prelude.<$> partitionNumber,
+            ("SpreadDomain" Data..=) Prelude.<$> spreadDomain,
+            ("Tenancy" Data..=) Prelude.<$> tenancy
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails.hs
@@ -0,0 +1,133 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes the options for Amazon EC2 instance hostnames.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails' smart constructor.
+data AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails = AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails'
+  { -- | Indicates whether to respond to DNS queries for instance hostnames with
+    -- DNS AAAA records.
+    enableResourceNameDnsAAAARecord :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates whether to respond to DNS queries for instance hostnames with
+    -- DNS A records.
+    enableResourceNameDnsARecord :: Prelude.Maybe Prelude.Bool,
+    -- | The type of hostname for EC2 instances.
+    hostnameType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enableResourceNameDnsAAAARecord', 'awsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails_enableResourceNameDnsAAAARecord' - Indicates whether to respond to DNS queries for instance hostnames with
+-- DNS AAAA records.
+--
+-- 'enableResourceNameDnsARecord', 'awsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails_enableResourceNameDnsARecord' - Indicates whether to respond to DNS queries for instance hostnames with
+-- DNS A records.
+--
+-- 'hostnameType', 'awsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails_hostnameType' - The type of hostname for EC2 instances.
+newAwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails ::
+  AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails
+newAwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails =
+  AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails'
+    { enableResourceNameDnsAAAARecord =
+        Prelude.Nothing,
+      enableResourceNameDnsARecord =
+        Prelude.Nothing,
+      hostnameType =
+        Prelude.Nothing
+    }
+
+-- | Indicates whether to respond to DNS queries for instance hostnames with
+-- DNS AAAA records.
+awsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails_enableResourceNameDnsAAAARecord :: Lens.Lens' AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails (Prelude.Maybe Prelude.Bool)
+awsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails_enableResourceNameDnsAAAARecord = Lens.lens (\AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails' {enableResourceNameDnsAAAARecord} -> enableResourceNameDnsAAAARecord) (\s@AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails' {} a -> s {enableResourceNameDnsAAAARecord = a} :: AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails)
+
+-- | Indicates whether to respond to DNS queries for instance hostnames with
+-- DNS A records.
+awsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails_enableResourceNameDnsARecord :: Lens.Lens' AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails (Prelude.Maybe Prelude.Bool)
+awsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails_enableResourceNameDnsARecord = Lens.lens (\AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails' {enableResourceNameDnsARecord} -> enableResourceNameDnsARecord) (\s@AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails' {} a -> s {enableResourceNameDnsARecord = a} :: AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails)
+
+-- | The type of hostname for EC2 instances.
+awsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails_hostnameType :: Lens.Lens' AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails_hostnameType = Lens.lens (\AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails' {hostnameType} -> hostnameType) (\s@AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails' {} a -> s {hostnameType = a} :: AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails'
+            Prelude.<$> (x Data..:? "EnableResourceNameDnsAAAARecord")
+            Prelude.<*> (x Data..:? "EnableResourceNameDnsARecord")
+            Prelude.<*> (x Data..:? "HostnameType")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` enableResourceNameDnsAAAARecord
+        `Prelude.hashWithSalt` enableResourceNameDnsARecord
+        `Prelude.hashWithSalt` hostnameType
+
+instance
+  Prelude.NFData
+    AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails
+  where
+  rnf
+    AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails' {..} =
+      Prelude.rnf enableResourceNameDnsAAAARecord
+        `Prelude.seq` Prelude.rnf enableResourceNameDnsARecord
+        `Prelude.seq` Prelude.rnf hostnameType
+
+instance
+  Data.ToJSON
+    AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails
+  where
+  toJSON
+    AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("EnableResourceNameDnsAAAARecord" Data..=)
+                Prelude.<$> enableResourceNameDnsAAAARecord,
+              ("EnableResourceNameDnsARecord" Data..=)
+                Prelude.<$> enableResourceNameDnsARecord,
+              ("HostnameType" Data..=) Prelude.<$> hostnameType
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2LaunchTemplateDetails.hs
@@ -0,0 +1,139 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDataDetails
+
+-- | Specifies the properties for creating an Amazon Elastic Compute Cloud
+-- (Amazon EC2) launch template.
+--
+-- /See:/ 'newAwsEc2LaunchTemplateDetails' smart constructor.
+data AwsEc2LaunchTemplateDetails = AwsEc2LaunchTemplateDetails'
+  { -- | The default version of the launch template.
+    defaultVersionNumber :: Prelude.Maybe Prelude.Integer,
+    -- | An ID for the launch template.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The latest version of the launch template.
+    latestVersionNumber :: Prelude.Maybe Prelude.Integer,
+    -- | The information to include in the launch template.
+    launchTemplateData :: Prelude.Maybe AwsEc2LaunchTemplateDataDetails,
+    -- | A name for the launch template.
+    launchTemplateName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2LaunchTemplateDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'defaultVersionNumber', 'awsEc2LaunchTemplateDetails_defaultVersionNumber' - The default version of the launch template.
+--
+-- 'id', 'awsEc2LaunchTemplateDetails_id' - An ID for the launch template.
+--
+-- 'latestVersionNumber', 'awsEc2LaunchTemplateDetails_latestVersionNumber' - The latest version of the launch template.
+--
+-- 'launchTemplateData', 'awsEc2LaunchTemplateDetails_launchTemplateData' - The information to include in the launch template.
+--
+-- 'launchTemplateName', 'awsEc2LaunchTemplateDetails_launchTemplateName' - A name for the launch template.
+newAwsEc2LaunchTemplateDetails ::
+  AwsEc2LaunchTemplateDetails
+newAwsEc2LaunchTemplateDetails =
+  AwsEc2LaunchTemplateDetails'
+    { defaultVersionNumber =
+        Prelude.Nothing,
+      id = Prelude.Nothing,
+      latestVersionNumber = Prelude.Nothing,
+      launchTemplateData = Prelude.Nothing,
+      launchTemplateName = Prelude.Nothing
+    }
+
+-- | The default version of the launch template.
+awsEc2LaunchTemplateDetails_defaultVersionNumber :: Lens.Lens' AwsEc2LaunchTemplateDetails (Prelude.Maybe Prelude.Integer)
+awsEc2LaunchTemplateDetails_defaultVersionNumber = Lens.lens (\AwsEc2LaunchTemplateDetails' {defaultVersionNumber} -> defaultVersionNumber) (\s@AwsEc2LaunchTemplateDetails' {} a -> s {defaultVersionNumber = a} :: AwsEc2LaunchTemplateDetails)
+
+-- | An ID for the launch template.
+awsEc2LaunchTemplateDetails_id :: Lens.Lens' AwsEc2LaunchTemplateDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDetails_id = Lens.lens (\AwsEc2LaunchTemplateDetails' {id} -> id) (\s@AwsEc2LaunchTemplateDetails' {} a -> s {id = a} :: AwsEc2LaunchTemplateDetails)
+
+-- | The latest version of the launch template.
+awsEc2LaunchTemplateDetails_latestVersionNumber :: Lens.Lens' AwsEc2LaunchTemplateDetails (Prelude.Maybe Prelude.Integer)
+awsEc2LaunchTemplateDetails_latestVersionNumber = Lens.lens (\AwsEc2LaunchTemplateDetails' {latestVersionNumber} -> latestVersionNumber) (\s@AwsEc2LaunchTemplateDetails' {} a -> s {latestVersionNumber = a} :: AwsEc2LaunchTemplateDetails)
+
+-- | The information to include in the launch template.
+awsEc2LaunchTemplateDetails_launchTemplateData :: Lens.Lens' AwsEc2LaunchTemplateDetails (Prelude.Maybe AwsEc2LaunchTemplateDataDetails)
+awsEc2LaunchTemplateDetails_launchTemplateData = Lens.lens (\AwsEc2LaunchTemplateDetails' {launchTemplateData} -> launchTemplateData) (\s@AwsEc2LaunchTemplateDetails' {} a -> s {launchTemplateData = a} :: AwsEc2LaunchTemplateDetails)
+
+-- | A name for the launch template.
+awsEc2LaunchTemplateDetails_launchTemplateName :: Lens.Lens' AwsEc2LaunchTemplateDetails (Prelude.Maybe Prelude.Text)
+awsEc2LaunchTemplateDetails_launchTemplateName = Lens.lens (\AwsEc2LaunchTemplateDetails' {launchTemplateName} -> launchTemplateName) (\s@AwsEc2LaunchTemplateDetails' {} a -> s {launchTemplateName = a} :: AwsEc2LaunchTemplateDetails)
+
+instance Data.FromJSON AwsEc2LaunchTemplateDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEc2LaunchTemplateDetails"
+      ( \x ->
+          AwsEc2LaunchTemplateDetails'
+            Prelude.<$> (x Data..:? "DefaultVersionNumber")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "LatestVersionNumber")
+            Prelude.<*> (x Data..:? "LaunchTemplateData")
+            Prelude.<*> (x Data..:? "LaunchTemplateName")
+      )
+
+instance Prelude.Hashable AwsEc2LaunchTemplateDetails where
+  hashWithSalt _salt AwsEc2LaunchTemplateDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` defaultVersionNumber
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` latestVersionNumber
+      `Prelude.hashWithSalt` launchTemplateData
+      `Prelude.hashWithSalt` launchTemplateName
+
+instance Prelude.NFData AwsEc2LaunchTemplateDetails where
+  rnf AwsEc2LaunchTemplateDetails' {..} =
+    Prelude.rnf defaultVersionNumber
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf latestVersionNumber
+      `Prelude.seq` Prelude.rnf launchTemplateData
+      `Prelude.seq` Prelude.rnf launchTemplateName
+
+instance Data.ToJSON AwsEc2LaunchTemplateDetails where
+  toJSON AwsEc2LaunchTemplateDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DefaultVersionNumber" Data..=)
+              Prelude.<$> defaultVersionNumber,
+            ("Id" Data..=) Prelude.<$> id,
+            ("LatestVersionNumber" Data..=)
+              Prelude.<$> latestVersionNumber,
+            ("LaunchTemplateData" Data..=)
+              Prelude.<$> launchTemplateData,
+            ("LaunchTemplateName" Data..=)
+              Prelude.<$> launchTemplateName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkAclAssociation.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkAclAssociation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkAclAssociation.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2NetworkAclAssociation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2NetworkAclAssociation where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An association between the network ACL and a subnet.
+--
+-- /See:/ 'newAwsEc2NetworkAclAssociation' smart constructor.
+data AwsEc2NetworkAclAssociation = AwsEc2NetworkAclAssociation'
+  { -- | The identifier of the association between the network ACL and the
+    -- subnet.
+    networkAclAssociationId :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the network ACL.
+    networkAclId :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the subnet that is associated with the network ACL.
+    subnetId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2NetworkAclAssociation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'networkAclAssociationId', 'awsEc2NetworkAclAssociation_networkAclAssociationId' - The identifier of the association between the network ACL and the
+-- subnet.
+--
+-- 'networkAclId', 'awsEc2NetworkAclAssociation_networkAclId' - The identifier of the network ACL.
+--
+-- 'subnetId', 'awsEc2NetworkAclAssociation_subnetId' - The identifier of the subnet that is associated with the network ACL.
+newAwsEc2NetworkAclAssociation ::
+  AwsEc2NetworkAclAssociation
+newAwsEc2NetworkAclAssociation =
+  AwsEc2NetworkAclAssociation'
+    { networkAclAssociationId =
+        Prelude.Nothing,
+      networkAclId = Prelude.Nothing,
+      subnetId = Prelude.Nothing
+    }
+
+-- | The identifier of the association between the network ACL and the
+-- subnet.
+awsEc2NetworkAclAssociation_networkAclAssociationId :: Lens.Lens' AwsEc2NetworkAclAssociation (Prelude.Maybe Prelude.Text)
+awsEc2NetworkAclAssociation_networkAclAssociationId = Lens.lens (\AwsEc2NetworkAclAssociation' {networkAclAssociationId} -> networkAclAssociationId) (\s@AwsEc2NetworkAclAssociation' {} a -> s {networkAclAssociationId = a} :: AwsEc2NetworkAclAssociation)
+
+-- | The identifier of the network ACL.
+awsEc2NetworkAclAssociation_networkAclId :: Lens.Lens' AwsEc2NetworkAclAssociation (Prelude.Maybe Prelude.Text)
+awsEc2NetworkAclAssociation_networkAclId = Lens.lens (\AwsEc2NetworkAclAssociation' {networkAclId} -> networkAclId) (\s@AwsEc2NetworkAclAssociation' {} a -> s {networkAclId = a} :: AwsEc2NetworkAclAssociation)
+
+-- | The identifier of the subnet that is associated with the network ACL.
+awsEc2NetworkAclAssociation_subnetId :: Lens.Lens' AwsEc2NetworkAclAssociation (Prelude.Maybe Prelude.Text)
+awsEc2NetworkAclAssociation_subnetId = Lens.lens (\AwsEc2NetworkAclAssociation' {subnetId} -> subnetId) (\s@AwsEc2NetworkAclAssociation' {} a -> s {subnetId = a} :: AwsEc2NetworkAclAssociation)
+
+instance Data.FromJSON AwsEc2NetworkAclAssociation where
+  parseJSON =
+    Data.withObject
+      "AwsEc2NetworkAclAssociation"
+      ( \x ->
+          AwsEc2NetworkAclAssociation'
+            Prelude.<$> (x Data..:? "NetworkAclAssociationId")
+            Prelude.<*> (x Data..:? "NetworkAclId")
+            Prelude.<*> (x Data..:? "SubnetId")
+      )
+
+instance Prelude.Hashable AwsEc2NetworkAclAssociation where
+  hashWithSalt _salt AwsEc2NetworkAclAssociation' {..} =
+    _salt
+      `Prelude.hashWithSalt` networkAclAssociationId
+      `Prelude.hashWithSalt` networkAclId
+      `Prelude.hashWithSalt` subnetId
+
+instance Prelude.NFData AwsEc2NetworkAclAssociation where
+  rnf AwsEc2NetworkAclAssociation' {..} =
+    Prelude.rnf networkAclAssociationId
+      `Prelude.seq` Prelude.rnf networkAclId
+      `Prelude.seq` Prelude.rnf subnetId
+
+instance Data.ToJSON AwsEc2NetworkAclAssociation where
+  toJSON AwsEc2NetworkAclAssociation' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("NetworkAclAssociationId" Data..=)
+              Prelude.<$> networkAclAssociationId,
+            ("NetworkAclId" Data..=) Prelude.<$> networkAclId,
+            ("SubnetId" Data..=) Prelude.<$> subnetId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkAclDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkAclDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkAclDetails.hs
@@ -0,0 +1,151 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2NetworkAclDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2NetworkAclDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2NetworkAclAssociation
+import Amazonka.SecurityHub.Types.AwsEc2NetworkAclEntry
+
+-- | Contains details about an Amazon EC2 network access control list (ACL).
+--
+-- /See:/ 'newAwsEc2NetworkAclDetails' smart constructor.
+data AwsEc2NetworkAclDetails = AwsEc2NetworkAclDetails'
+  { -- | Associations between the network ACL and subnets.
+    associations :: Prelude.Maybe [AwsEc2NetworkAclAssociation],
+    -- | The set of rules in the network ACL.
+    entries :: Prelude.Maybe [AwsEc2NetworkAclEntry],
+    -- | Whether this is the default network ACL for the VPC.
+    isDefault :: Prelude.Maybe Prelude.Bool,
+    -- | The identifier of the network ACL.
+    networkAclId :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the Amazon Web Services account that owns the network
+    -- ACL.
+    ownerId :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the VPC for the network ACL.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2NetworkAclDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'associations', 'awsEc2NetworkAclDetails_associations' - Associations between the network ACL and subnets.
+--
+-- 'entries', 'awsEc2NetworkAclDetails_entries' - The set of rules in the network ACL.
+--
+-- 'isDefault', 'awsEc2NetworkAclDetails_isDefault' - Whether this is the default network ACL for the VPC.
+--
+-- 'networkAclId', 'awsEc2NetworkAclDetails_networkAclId' - The identifier of the network ACL.
+--
+-- 'ownerId', 'awsEc2NetworkAclDetails_ownerId' - The identifier of the Amazon Web Services account that owns the network
+-- ACL.
+--
+-- 'vpcId', 'awsEc2NetworkAclDetails_vpcId' - The identifier of the VPC for the network ACL.
+newAwsEc2NetworkAclDetails ::
+  AwsEc2NetworkAclDetails
+newAwsEc2NetworkAclDetails =
+  AwsEc2NetworkAclDetails'
+    { associations =
+        Prelude.Nothing,
+      entries = Prelude.Nothing,
+      isDefault = Prelude.Nothing,
+      networkAclId = Prelude.Nothing,
+      ownerId = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | Associations between the network ACL and subnets.
+awsEc2NetworkAclDetails_associations :: Lens.Lens' AwsEc2NetworkAclDetails (Prelude.Maybe [AwsEc2NetworkAclAssociation])
+awsEc2NetworkAclDetails_associations = Lens.lens (\AwsEc2NetworkAclDetails' {associations} -> associations) (\s@AwsEc2NetworkAclDetails' {} a -> s {associations = a} :: AwsEc2NetworkAclDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The set of rules in the network ACL.
+awsEc2NetworkAclDetails_entries :: Lens.Lens' AwsEc2NetworkAclDetails (Prelude.Maybe [AwsEc2NetworkAclEntry])
+awsEc2NetworkAclDetails_entries = Lens.lens (\AwsEc2NetworkAclDetails' {entries} -> entries) (\s@AwsEc2NetworkAclDetails' {} a -> s {entries = a} :: AwsEc2NetworkAclDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Whether this is the default network ACL for the VPC.
+awsEc2NetworkAclDetails_isDefault :: Lens.Lens' AwsEc2NetworkAclDetails (Prelude.Maybe Prelude.Bool)
+awsEc2NetworkAclDetails_isDefault = Lens.lens (\AwsEc2NetworkAclDetails' {isDefault} -> isDefault) (\s@AwsEc2NetworkAclDetails' {} a -> s {isDefault = a} :: AwsEc2NetworkAclDetails)
+
+-- | The identifier of the network ACL.
+awsEc2NetworkAclDetails_networkAclId :: Lens.Lens' AwsEc2NetworkAclDetails (Prelude.Maybe Prelude.Text)
+awsEc2NetworkAclDetails_networkAclId = Lens.lens (\AwsEc2NetworkAclDetails' {networkAclId} -> networkAclId) (\s@AwsEc2NetworkAclDetails' {} a -> s {networkAclId = a} :: AwsEc2NetworkAclDetails)
+
+-- | The identifier of the Amazon Web Services account that owns the network
+-- ACL.
+awsEc2NetworkAclDetails_ownerId :: Lens.Lens' AwsEc2NetworkAclDetails (Prelude.Maybe Prelude.Text)
+awsEc2NetworkAclDetails_ownerId = Lens.lens (\AwsEc2NetworkAclDetails' {ownerId} -> ownerId) (\s@AwsEc2NetworkAclDetails' {} a -> s {ownerId = a} :: AwsEc2NetworkAclDetails)
+
+-- | The identifier of the VPC for the network ACL.
+awsEc2NetworkAclDetails_vpcId :: Lens.Lens' AwsEc2NetworkAclDetails (Prelude.Maybe Prelude.Text)
+awsEc2NetworkAclDetails_vpcId = Lens.lens (\AwsEc2NetworkAclDetails' {vpcId} -> vpcId) (\s@AwsEc2NetworkAclDetails' {} a -> s {vpcId = a} :: AwsEc2NetworkAclDetails)
+
+instance Data.FromJSON AwsEc2NetworkAclDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEc2NetworkAclDetails"
+      ( \x ->
+          AwsEc2NetworkAclDetails'
+            Prelude.<$> (x Data..:? "Associations" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Entries" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "IsDefault")
+            Prelude.<*> (x Data..:? "NetworkAclId")
+            Prelude.<*> (x Data..:? "OwnerId")
+            Prelude.<*> (x Data..:? "VpcId")
+      )
+
+instance Prelude.Hashable AwsEc2NetworkAclDetails where
+  hashWithSalt _salt AwsEc2NetworkAclDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` associations
+      `Prelude.hashWithSalt` entries
+      `Prelude.hashWithSalt` isDefault
+      `Prelude.hashWithSalt` networkAclId
+      `Prelude.hashWithSalt` ownerId
+      `Prelude.hashWithSalt` vpcId
+
+instance Prelude.NFData AwsEc2NetworkAclDetails where
+  rnf AwsEc2NetworkAclDetails' {..} =
+    Prelude.rnf associations
+      `Prelude.seq` Prelude.rnf entries
+      `Prelude.seq` Prelude.rnf isDefault
+      `Prelude.seq` Prelude.rnf networkAclId
+      `Prelude.seq` Prelude.rnf ownerId
+      `Prelude.seq` Prelude.rnf vpcId
+
+instance Data.ToJSON AwsEc2NetworkAclDetails where
+  toJSON AwsEc2NetworkAclDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Associations" Data..=) Prelude.<$> associations,
+            ("Entries" Data..=) Prelude.<$> entries,
+            ("IsDefault" Data..=) Prelude.<$> isDefault,
+            ("NetworkAclId" Data..=) Prelude.<$> networkAclId,
+            ("OwnerId" Data..=) Prelude.<$> ownerId,
+            ("VpcId" Data..=) Prelude.<$> vpcId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkAclEntry.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkAclEntry.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkAclEntry.hs
@@ -0,0 +1,183 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2NetworkAclEntry
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2NetworkAclEntry where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.IcmpTypeCode
+import Amazonka.SecurityHub.Types.PortRangeFromTo
+
+-- | A rule for the network ACL. Each rule allows or denies access based on
+-- the IP address, traffic direction, port, and protocol.
+--
+-- /See:/ 'newAwsEc2NetworkAclEntry' smart constructor.
+data AwsEc2NetworkAclEntry = AwsEc2NetworkAclEntry'
+  { -- | The IPV4 network range for which to deny or allow access.
+    cidrBlock :: Prelude.Maybe Prelude.Text,
+    -- | Whether the rule is an egress rule. An egress rule is a rule that
+    -- applies to traffic that leaves the subnet.
+    egress :: Prelude.Maybe Prelude.Bool,
+    -- | The Internet Control Message Protocol (ICMP) type and code for which to
+    -- deny or allow access.
+    icmpTypeCode :: Prelude.Maybe IcmpTypeCode,
+    -- | The IPV6 network range for which to deny or allow access.
+    ipv6CidrBlock :: Prelude.Maybe Prelude.Text,
+    -- | For TCP or UDP protocols, the range of ports that the rule applies to.
+    portRange :: Prelude.Maybe PortRangeFromTo,
+    -- | The protocol that the rule applies to. To deny or allow access to all
+    -- protocols, use the value @-1@.
+    protocol :: Prelude.Maybe Prelude.Text,
+    -- | Whether the rule is used to allow access or deny access.
+    ruleAction :: Prelude.Maybe Prelude.Text,
+    -- | The rule number. The rules are processed in order by their number.
+    ruleNumber :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2NetworkAclEntry' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cidrBlock', 'awsEc2NetworkAclEntry_cidrBlock' - The IPV4 network range for which to deny or allow access.
+--
+-- 'egress', 'awsEc2NetworkAclEntry_egress' - Whether the rule is an egress rule. An egress rule is a rule that
+-- applies to traffic that leaves the subnet.
+--
+-- 'icmpTypeCode', 'awsEc2NetworkAclEntry_icmpTypeCode' - The Internet Control Message Protocol (ICMP) type and code for which to
+-- deny or allow access.
+--
+-- 'ipv6CidrBlock', 'awsEc2NetworkAclEntry_ipv6CidrBlock' - The IPV6 network range for which to deny or allow access.
+--
+-- 'portRange', 'awsEc2NetworkAclEntry_portRange' - For TCP or UDP protocols, the range of ports that the rule applies to.
+--
+-- 'protocol', 'awsEc2NetworkAclEntry_protocol' - The protocol that the rule applies to. To deny or allow access to all
+-- protocols, use the value @-1@.
+--
+-- 'ruleAction', 'awsEc2NetworkAclEntry_ruleAction' - Whether the rule is used to allow access or deny access.
+--
+-- 'ruleNumber', 'awsEc2NetworkAclEntry_ruleNumber' - The rule number. The rules are processed in order by their number.
+newAwsEc2NetworkAclEntry ::
+  AwsEc2NetworkAclEntry
+newAwsEc2NetworkAclEntry =
+  AwsEc2NetworkAclEntry'
+    { cidrBlock = Prelude.Nothing,
+      egress = Prelude.Nothing,
+      icmpTypeCode = Prelude.Nothing,
+      ipv6CidrBlock = Prelude.Nothing,
+      portRange = Prelude.Nothing,
+      protocol = Prelude.Nothing,
+      ruleAction = Prelude.Nothing,
+      ruleNumber = Prelude.Nothing
+    }
+
+-- | The IPV4 network range for which to deny or allow access.
+awsEc2NetworkAclEntry_cidrBlock :: Lens.Lens' AwsEc2NetworkAclEntry (Prelude.Maybe Prelude.Text)
+awsEc2NetworkAclEntry_cidrBlock = Lens.lens (\AwsEc2NetworkAclEntry' {cidrBlock} -> cidrBlock) (\s@AwsEc2NetworkAclEntry' {} a -> s {cidrBlock = a} :: AwsEc2NetworkAclEntry)
+
+-- | Whether the rule is an egress rule. An egress rule is a rule that
+-- applies to traffic that leaves the subnet.
+awsEc2NetworkAclEntry_egress :: Lens.Lens' AwsEc2NetworkAclEntry (Prelude.Maybe Prelude.Bool)
+awsEc2NetworkAclEntry_egress = Lens.lens (\AwsEc2NetworkAclEntry' {egress} -> egress) (\s@AwsEc2NetworkAclEntry' {} a -> s {egress = a} :: AwsEc2NetworkAclEntry)
+
+-- | The Internet Control Message Protocol (ICMP) type and code for which to
+-- deny or allow access.
+awsEc2NetworkAclEntry_icmpTypeCode :: Lens.Lens' AwsEc2NetworkAclEntry (Prelude.Maybe IcmpTypeCode)
+awsEc2NetworkAclEntry_icmpTypeCode = Lens.lens (\AwsEc2NetworkAclEntry' {icmpTypeCode} -> icmpTypeCode) (\s@AwsEc2NetworkAclEntry' {} a -> s {icmpTypeCode = a} :: AwsEc2NetworkAclEntry)
+
+-- | The IPV6 network range for which to deny or allow access.
+awsEc2NetworkAclEntry_ipv6CidrBlock :: Lens.Lens' AwsEc2NetworkAclEntry (Prelude.Maybe Prelude.Text)
+awsEc2NetworkAclEntry_ipv6CidrBlock = Lens.lens (\AwsEc2NetworkAclEntry' {ipv6CidrBlock} -> ipv6CidrBlock) (\s@AwsEc2NetworkAclEntry' {} a -> s {ipv6CidrBlock = a} :: AwsEc2NetworkAclEntry)
+
+-- | For TCP or UDP protocols, the range of ports that the rule applies to.
+awsEc2NetworkAclEntry_portRange :: Lens.Lens' AwsEc2NetworkAclEntry (Prelude.Maybe PortRangeFromTo)
+awsEc2NetworkAclEntry_portRange = Lens.lens (\AwsEc2NetworkAclEntry' {portRange} -> portRange) (\s@AwsEc2NetworkAclEntry' {} a -> s {portRange = a} :: AwsEc2NetworkAclEntry)
+
+-- | The protocol that the rule applies to. To deny or allow access to all
+-- protocols, use the value @-1@.
+awsEc2NetworkAclEntry_protocol :: Lens.Lens' AwsEc2NetworkAclEntry (Prelude.Maybe Prelude.Text)
+awsEc2NetworkAclEntry_protocol = Lens.lens (\AwsEc2NetworkAclEntry' {protocol} -> protocol) (\s@AwsEc2NetworkAclEntry' {} a -> s {protocol = a} :: AwsEc2NetworkAclEntry)
+
+-- | Whether the rule is used to allow access or deny access.
+awsEc2NetworkAclEntry_ruleAction :: Lens.Lens' AwsEc2NetworkAclEntry (Prelude.Maybe Prelude.Text)
+awsEc2NetworkAclEntry_ruleAction = Lens.lens (\AwsEc2NetworkAclEntry' {ruleAction} -> ruleAction) (\s@AwsEc2NetworkAclEntry' {} a -> s {ruleAction = a} :: AwsEc2NetworkAclEntry)
+
+-- | The rule number. The rules are processed in order by their number.
+awsEc2NetworkAclEntry_ruleNumber :: Lens.Lens' AwsEc2NetworkAclEntry (Prelude.Maybe Prelude.Int)
+awsEc2NetworkAclEntry_ruleNumber = Lens.lens (\AwsEc2NetworkAclEntry' {ruleNumber} -> ruleNumber) (\s@AwsEc2NetworkAclEntry' {} a -> s {ruleNumber = a} :: AwsEc2NetworkAclEntry)
+
+instance Data.FromJSON AwsEc2NetworkAclEntry where
+  parseJSON =
+    Data.withObject
+      "AwsEc2NetworkAclEntry"
+      ( \x ->
+          AwsEc2NetworkAclEntry'
+            Prelude.<$> (x Data..:? "CidrBlock")
+            Prelude.<*> (x Data..:? "Egress")
+            Prelude.<*> (x Data..:? "IcmpTypeCode")
+            Prelude.<*> (x Data..:? "Ipv6CidrBlock")
+            Prelude.<*> (x Data..:? "PortRange")
+            Prelude.<*> (x Data..:? "Protocol")
+            Prelude.<*> (x Data..:? "RuleAction")
+            Prelude.<*> (x Data..:? "RuleNumber")
+      )
+
+instance Prelude.Hashable AwsEc2NetworkAclEntry where
+  hashWithSalt _salt AwsEc2NetworkAclEntry' {..} =
+    _salt
+      `Prelude.hashWithSalt` cidrBlock
+      `Prelude.hashWithSalt` egress
+      `Prelude.hashWithSalt` icmpTypeCode
+      `Prelude.hashWithSalt` ipv6CidrBlock
+      `Prelude.hashWithSalt` portRange
+      `Prelude.hashWithSalt` protocol
+      `Prelude.hashWithSalt` ruleAction
+      `Prelude.hashWithSalt` ruleNumber
+
+instance Prelude.NFData AwsEc2NetworkAclEntry where
+  rnf AwsEc2NetworkAclEntry' {..} =
+    Prelude.rnf cidrBlock
+      `Prelude.seq` Prelude.rnf egress
+      `Prelude.seq` Prelude.rnf icmpTypeCode
+      `Prelude.seq` Prelude.rnf ipv6CidrBlock
+      `Prelude.seq` Prelude.rnf portRange
+      `Prelude.seq` Prelude.rnf protocol
+      `Prelude.seq` Prelude.rnf ruleAction
+      `Prelude.seq` Prelude.rnf ruleNumber
+
+instance Data.ToJSON AwsEc2NetworkAclEntry where
+  toJSON AwsEc2NetworkAclEntry' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CidrBlock" Data..=) Prelude.<$> cidrBlock,
+            ("Egress" Data..=) Prelude.<$> egress,
+            ("IcmpTypeCode" Data..=) Prelude.<$> icmpTypeCode,
+            ("Ipv6CidrBlock" Data..=) Prelude.<$> ipv6CidrBlock,
+            ("PortRange" Data..=) Prelude.<$> portRange,
+            ("Protocol" Data..=) Prelude.<$> protocol,
+            ("RuleAction" Data..=) Prelude.<$> ruleAction,
+            ("RuleNumber" Data..=) Prelude.<$> ruleNumber
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkInterfaceAttachment.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkInterfaceAttachment.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkInterfaceAttachment.hs
@@ -0,0 +1,196 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceAttachment
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceAttachment where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the network interface attachment.
+--
+-- /See:/ 'newAwsEc2NetworkInterfaceAttachment' smart constructor.
+data AwsEc2NetworkInterfaceAttachment = AwsEc2NetworkInterfaceAttachment'
+  { -- | Indicates when the attachment initiated.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    attachTime :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the network interface attachment
+    attachmentId :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether the network interface is deleted when the instance is
+    -- terminated.
+    deleteOnTermination :: Prelude.Maybe Prelude.Bool,
+    -- | The device index of the network interface attachment on the instance.
+    deviceIndex :: Prelude.Maybe Prelude.Int,
+    -- | The ID of the instance.
+    instanceId :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Web Services account ID of the owner of the instance.
+    instanceOwnerId :: Prelude.Maybe Prelude.Text,
+    -- | The attachment state.
+    --
+    -- Valid values: @attaching@ | @attached@ | @detaching@ | @detached@
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2NetworkInterfaceAttachment' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attachTime', 'awsEc2NetworkInterfaceAttachment_attachTime' - Indicates when the attachment initiated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'attachmentId', 'awsEc2NetworkInterfaceAttachment_attachmentId' - The identifier of the network interface attachment
+--
+-- 'deleteOnTermination', 'awsEc2NetworkInterfaceAttachment_deleteOnTermination' - Indicates whether the network interface is deleted when the instance is
+-- terminated.
+--
+-- 'deviceIndex', 'awsEc2NetworkInterfaceAttachment_deviceIndex' - The device index of the network interface attachment on the instance.
+--
+-- 'instanceId', 'awsEc2NetworkInterfaceAttachment_instanceId' - The ID of the instance.
+--
+-- 'instanceOwnerId', 'awsEc2NetworkInterfaceAttachment_instanceOwnerId' - The Amazon Web Services account ID of the owner of the instance.
+--
+-- 'status', 'awsEc2NetworkInterfaceAttachment_status' - The attachment state.
+--
+-- Valid values: @attaching@ | @attached@ | @detaching@ | @detached@
+newAwsEc2NetworkInterfaceAttachment ::
+  AwsEc2NetworkInterfaceAttachment
+newAwsEc2NetworkInterfaceAttachment =
+  AwsEc2NetworkInterfaceAttachment'
+    { attachTime =
+        Prelude.Nothing,
+      attachmentId = Prelude.Nothing,
+      deleteOnTermination = Prelude.Nothing,
+      deviceIndex = Prelude.Nothing,
+      instanceId = Prelude.Nothing,
+      instanceOwnerId = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | Indicates when the attachment initiated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsEc2NetworkInterfaceAttachment_attachTime :: Lens.Lens' AwsEc2NetworkInterfaceAttachment (Prelude.Maybe Prelude.Text)
+awsEc2NetworkInterfaceAttachment_attachTime = Lens.lens (\AwsEc2NetworkInterfaceAttachment' {attachTime} -> attachTime) (\s@AwsEc2NetworkInterfaceAttachment' {} a -> s {attachTime = a} :: AwsEc2NetworkInterfaceAttachment)
+
+-- | The identifier of the network interface attachment
+awsEc2NetworkInterfaceAttachment_attachmentId :: Lens.Lens' AwsEc2NetworkInterfaceAttachment (Prelude.Maybe Prelude.Text)
+awsEc2NetworkInterfaceAttachment_attachmentId = Lens.lens (\AwsEc2NetworkInterfaceAttachment' {attachmentId} -> attachmentId) (\s@AwsEc2NetworkInterfaceAttachment' {} a -> s {attachmentId = a} :: AwsEc2NetworkInterfaceAttachment)
+
+-- | Indicates whether the network interface is deleted when the instance is
+-- terminated.
+awsEc2NetworkInterfaceAttachment_deleteOnTermination :: Lens.Lens' AwsEc2NetworkInterfaceAttachment (Prelude.Maybe Prelude.Bool)
+awsEc2NetworkInterfaceAttachment_deleteOnTermination = Lens.lens (\AwsEc2NetworkInterfaceAttachment' {deleteOnTermination} -> deleteOnTermination) (\s@AwsEc2NetworkInterfaceAttachment' {} a -> s {deleteOnTermination = a} :: AwsEc2NetworkInterfaceAttachment)
+
+-- | The device index of the network interface attachment on the instance.
+awsEc2NetworkInterfaceAttachment_deviceIndex :: Lens.Lens' AwsEc2NetworkInterfaceAttachment (Prelude.Maybe Prelude.Int)
+awsEc2NetworkInterfaceAttachment_deviceIndex = Lens.lens (\AwsEc2NetworkInterfaceAttachment' {deviceIndex} -> deviceIndex) (\s@AwsEc2NetworkInterfaceAttachment' {} a -> s {deviceIndex = a} :: AwsEc2NetworkInterfaceAttachment)
+
+-- | The ID of the instance.
+awsEc2NetworkInterfaceAttachment_instanceId :: Lens.Lens' AwsEc2NetworkInterfaceAttachment (Prelude.Maybe Prelude.Text)
+awsEc2NetworkInterfaceAttachment_instanceId = Lens.lens (\AwsEc2NetworkInterfaceAttachment' {instanceId} -> instanceId) (\s@AwsEc2NetworkInterfaceAttachment' {} a -> s {instanceId = a} :: AwsEc2NetworkInterfaceAttachment)
+
+-- | The Amazon Web Services account ID of the owner of the instance.
+awsEc2NetworkInterfaceAttachment_instanceOwnerId :: Lens.Lens' AwsEc2NetworkInterfaceAttachment (Prelude.Maybe Prelude.Text)
+awsEc2NetworkInterfaceAttachment_instanceOwnerId = Lens.lens (\AwsEc2NetworkInterfaceAttachment' {instanceOwnerId} -> instanceOwnerId) (\s@AwsEc2NetworkInterfaceAttachment' {} a -> s {instanceOwnerId = a} :: AwsEc2NetworkInterfaceAttachment)
+
+-- | The attachment state.
+--
+-- Valid values: @attaching@ | @attached@ | @detaching@ | @detached@
+awsEc2NetworkInterfaceAttachment_status :: Lens.Lens' AwsEc2NetworkInterfaceAttachment (Prelude.Maybe Prelude.Text)
+awsEc2NetworkInterfaceAttachment_status = Lens.lens (\AwsEc2NetworkInterfaceAttachment' {status} -> status) (\s@AwsEc2NetworkInterfaceAttachment' {} a -> s {status = a} :: AwsEc2NetworkInterfaceAttachment)
+
+instance
+  Data.FromJSON
+    AwsEc2NetworkInterfaceAttachment
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2NetworkInterfaceAttachment"
+      ( \x ->
+          AwsEc2NetworkInterfaceAttachment'
+            Prelude.<$> (x Data..:? "AttachTime")
+            Prelude.<*> (x Data..:? "AttachmentId")
+            Prelude.<*> (x Data..:? "DeleteOnTermination")
+            Prelude.<*> (x Data..:? "DeviceIndex")
+            Prelude.<*> (x Data..:? "InstanceId")
+            Prelude.<*> (x Data..:? "InstanceOwnerId")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2NetworkInterfaceAttachment
+  where
+  hashWithSalt
+    _salt
+    AwsEc2NetworkInterfaceAttachment' {..} =
+      _salt
+        `Prelude.hashWithSalt` attachTime
+        `Prelude.hashWithSalt` attachmentId
+        `Prelude.hashWithSalt` deleteOnTermination
+        `Prelude.hashWithSalt` deviceIndex
+        `Prelude.hashWithSalt` instanceId
+        `Prelude.hashWithSalt` instanceOwnerId
+        `Prelude.hashWithSalt` status
+
+instance
+  Prelude.NFData
+    AwsEc2NetworkInterfaceAttachment
+  where
+  rnf AwsEc2NetworkInterfaceAttachment' {..} =
+    Prelude.rnf attachTime
+      `Prelude.seq` Prelude.rnf attachmentId
+      `Prelude.seq` Prelude.rnf deleteOnTermination
+      `Prelude.seq` Prelude.rnf deviceIndex
+      `Prelude.seq` Prelude.rnf instanceId
+      `Prelude.seq` Prelude.rnf instanceOwnerId
+      `Prelude.seq` Prelude.rnf status
+
+instance Data.ToJSON AwsEc2NetworkInterfaceAttachment where
+  toJSON AwsEc2NetworkInterfaceAttachment' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AttachTime" Data..=) Prelude.<$> attachTime,
+            ("AttachmentId" Data..=) Prelude.<$> attachmentId,
+            ("DeleteOnTermination" Data..=)
+              Prelude.<$> deleteOnTermination,
+            ("DeviceIndex" Data..=) Prelude.<$> deviceIndex,
+            ("InstanceId" Data..=) Prelude.<$> instanceId,
+            ("InstanceOwnerId" Data..=)
+              Prelude.<$> instanceOwnerId,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkInterfaceDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkInterfaceDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkInterfaceDetails.hs
@@ -0,0 +1,186 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceAttachment
+import Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceIpV6AddressDetail
+import Amazonka.SecurityHub.Types.AwsEc2NetworkInterfacePrivateIpAddressDetail
+import Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceSecurityGroup
+
+-- | Details about the network interface
+--
+-- /See:/ 'newAwsEc2NetworkInterfaceDetails' smart constructor.
+data AwsEc2NetworkInterfaceDetails = AwsEc2NetworkInterfaceDetails'
+  { -- | The network interface attachment.
+    attachment :: Prelude.Maybe AwsEc2NetworkInterfaceAttachment,
+    -- | The IPv6 addresses associated with the network interface.
+    ipV6Addresses :: Prelude.Maybe [AwsEc2NetworkInterfaceIpV6AddressDetail],
+    -- | The ID of the network interface.
+    networkInterfaceId :: Prelude.Maybe Prelude.Text,
+    -- | The private IPv4 addresses associated with the network interface.
+    privateIpAddresses :: Prelude.Maybe [AwsEc2NetworkInterfacePrivateIpAddressDetail],
+    -- | The public DNS name of the network interface.
+    publicDnsName :: Prelude.Maybe Prelude.Text,
+    -- | The address of the Elastic IP address bound to the network interface.
+    publicIp :: Prelude.Maybe Prelude.Text,
+    -- | Security groups for the network interface.
+    securityGroups :: Prelude.Maybe [AwsEc2NetworkInterfaceSecurityGroup],
+    -- | Indicates whether traffic to or from the instance is validated.
+    sourceDestCheck :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2NetworkInterfaceDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attachment', 'awsEc2NetworkInterfaceDetails_attachment' - The network interface attachment.
+--
+-- 'ipV6Addresses', 'awsEc2NetworkInterfaceDetails_ipV6Addresses' - The IPv6 addresses associated with the network interface.
+--
+-- 'networkInterfaceId', 'awsEc2NetworkInterfaceDetails_networkInterfaceId' - The ID of the network interface.
+--
+-- 'privateIpAddresses', 'awsEc2NetworkInterfaceDetails_privateIpAddresses' - The private IPv4 addresses associated with the network interface.
+--
+-- 'publicDnsName', 'awsEc2NetworkInterfaceDetails_publicDnsName' - The public DNS name of the network interface.
+--
+-- 'publicIp', 'awsEc2NetworkInterfaceDetails_publicIp' - The address of the Elastic IP address bound to the network interface.
+--
+-- 'securityGroups', 'awsEc2NetworkInterfaceDetails_securityGroups' - Security groups for the network interface.
+--
+-- 'sourceDestCheck', 'awsEc2NetworkInterfaceDetails_sourceDestCheck' - Indicates whether traffic to or from the instance is validated.
+newAwsEc2NetworkInterfaceDetails ::
+  AwsEc2NetworkInterfaceDetails
+newAwsEc2NetworkInterfaceDetails =
+  AwsEc2NetworkInterfaceDetails'
+    { attachment =
+        Prelude.Nothing,
+      ipV6Addresses = Prelude.Nothing,
+      networkInterfaceId = Prelude.Nothing,
+      privateIpAddresses = Prelude.Nothing,
+      publicDnsName = Prelude.Nothing,
+      publicIp = Prelude.Nothing,
+      securityGroups = Prelude.Nothing,
+      sourceDestCheck = Prelude.Nothing
+    }
+
+-- | The network interface attachment.
+awsEc2NetworkInterfaceDetails_attachment :: Lens.Lens' AwsEc2NetworkInterfaceDetails (Prelude.Maybe AwsEc2NetworkInterfaceAttachment)
+awsEc2NetworkInterfaceDetails_attachment = Lens.lens (\AwsEc2NetworkInterfaceDetails' {attachment} -> attachment) (\s@AwsEc2NetworkInterfaceDetails' {} a -> s {attachment = a} :: AwsEc2NetworkInterfaceDetails)
+
+-- | The IPv6 addresses associated with the network interface.
+awsEc2NetworkInterfaceDetails_ipV6Addresses :: Lens.Lens' AwsEc2NetworkInterfaceDetails (Prelude.Maybe [AwsEc2NetworkInterfaceIpV6AddressDetail])
+awsEc2NetworkInterfaceDetails_ipV6Addresses = Lens.lens (\AwsEc2NetworkInterfaceDetails' {ipV6Addresses} -> ipV6Addresses) (\s@AwsEc2NetworkInterfaceDetails' {} a -> s {ipV6Addresses = a} :: AwsEc2NetworkInterfaceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the network interface.
+awsEc2NetworkInterfaceDetails_networkInterfaceId :: Lens.Lens' AwsEc2NetworkInterfaceDetails (Prelude.Maybe Prelude.Text)
+awsEc2NetworkInterfaceDetails_networkInterfaceId = Lens.lens (\AwsEc2NetworkInterfaceDetails' {networkInterfaceId} -> networkInterfaceId) (\s@AwsEc2NetworkInterfaceDetails' {} a -> s {networkInterfaceId = a} :: AwsEc2NetworkInterfaceDetails)
+
+-- | The private IPv4 addresses associated with the network interface.
+awsEc2NetworkInterfaceDetails_privateIpAddresses :: Lens.Lens' AwsEc2NetworkInterfaceDetails (Prelude.Maybe [AwsEc2NetworkInterfacePrivateIpAddressDetail])
+awsEc2NetworkInterfaceDetails_privateIpAddresses = Lens.lens (\AwsEc2NetworkInterfaceDetails' {privateIpAddresses} -> privateIpAddresses) (\s@AwsEc2NetworkInterfaceDetails' {} a -> s {privateIpAddresses = a} :: AwsEc2NetworkInterfaceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The public DNS name of the network interface.
+awsEc2NetworkInterfaceDetails_publicDnsName :: Lens.Lens' AwsEc2NetworkInterfaceDetails (Prelude.Maybe Prelude.Text)
+awsEc2NetworkInterfaceDetails_publicDnsName = Lens.lens (\AwsEc2NetworkInterfaceDetails' {publicDnsName} -> publicDnsName) (\s@AwsEc2NetworkInterfaceDetails' {} a -> s {publicDnsName = a} :: AwsEc2NetworkInterfaceDetails)
+
+-- | The address of the Elastic IP address bound to the network interface.
+awsEc2NetworkInterfaceDetails_publicIp :: Lens.Lens' AwsEc2NetworkInterfaceDetails (Prelude.Maybe Prelude.Text)
+awsEc2NetworkInterfaceDetails_publicIp = Lens.lens (\AwsEc2NetworkInterfaceDetails' {publicIp} -> publicIp) (\s@AwsEc2NetworkInterfaceDetails' {} a -> s {publicIp = a} :: AwsEc2NetworkInterfaceDetails)
+
+-- | Security groups for the network interface.
+awsEc2NetworkInterfaceDetails_securityGroups :: Lens.Lens' AwsEc2NetworkInterfaceDetails (Prelude.Maybe [AwsEc2NetworkInterfaceSecurityGroup])
+awsEc2NetworkInterfaceDetails_securityGroups = Lens.lens (\AwsEc2NetworkInterfaceDetails' {securityGroups} -> securityGroups) (\s@AwsEc2NetworkInterfaceDetails' {} a -> s {securityGroups = a} :: AwsEc2NetworkInterfaceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates whether traffic to or from the instance is validated.
+awsEc2NetworkInterfaceDetails_sourceDestCheck :: Lens.Lens' AwsEc2NetworkInterfaceDetails (Prelude.Maybe Prelude.Bool)
+awsEc2NetworkInterfaceDetails_sourceDestCheck = Lens.lens (\AwsEc2NetworkInterfaceDetails' {sourceDestCheck} -> sourceDestCheck) (\s@AwsEc2NetworkInterfaceDetails' {} a -> s {sourceDestCheck = a} :: AwsEc2NetworkInterfaceDetails)
+
+instance Data.FromJSON AwsEc2NetworkInterfaceDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEc2NetworkInterfaceDetails"
+      ( \x ->
+          AwsEc2NetworkInterfaceDetails'
+            Prelude.<$> (x Data..:? "Attachment")
+            Prelude.<*> (x Data..:? "IpV6Addresses" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "NetworkInterfaceId")
+            Prelude.<*> ( x
+                            Data..:? "PrivateIpAddresses"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "PublicDnsName")
+            Prelude.<*> (x Data..:? "PublicIp")
+            Prelude.<*> (x Data..:? "SecurityGroups" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "SourceDestCheck")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2NetworkInterfaceDetails
+  where
+  hashWithSalt _salt AwsEc2NetworkInterfaceDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` attachment
+      `Prelude.hashWithSalt` ipV6Addresses
+      `Prelude.hashWithSalt` networkInterfaceId
+      `Prelude.hashWithSalt` privateIpAddresses
+      `Prelude.hashWithSalt` publicDnsName
+      `Prelude.hashWithSalt` publicIp
+      `Prelude.hashWithSalt` securityGroups
+      `Prelude.hashWithSalt` sourceDestCheck
+
+instance Prelude.NFData AwsEc2NetworkInterfaceDetails where
+  rnf AwsEc2NetworkInterfaceDetails' {..} =
+    Prelude.rnf attachment
+      `Prelude.seq` Prelude.rnf ipV6Addresses
+      `Prelude.seq` Prelude.rnf networkInterfaceId
+      `Prelude.seq` Prelude.rnf privateIpAddresses
+      `Prelude.seq` Prelude.rnf publicDnsName
+      `Prelude.seq` Prelude.rnf publicIp
+      `Prelude.seq` Prelude.rnf securityGroups
+      `Prelude.seq` Prelude.rnf sourceDestCheck
+
+instance Data.ToJSON AwsEc2NetworkInterfaceDetails where
+  toJSON AwsEc2NetworkInterfaceDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Attachment" Data..=) Prelude.<$> attachment,
+            ("IpV6Addresses" Data..=) Prelude.<$> ipV6Addresses,
+            ("NetworkInterfaceId" Data..=)
+              Prelude.<$> networkInterfaceId,
+            ("PrivateIpAddresses" Data..=)
+              Prelude.<$> privateIpAddresses,
+            ("PublicDnsName" Data..=) Prelude.<$> publicDnsName,
+            ("PublicIp" Data..=) Prelude.<$> publicIp,
+            ("SecurityGroups" Data..=)
+              Prelude.<$> securityGroups,
+            ("SourceDestCheck" Data..=)
+              Prelude.<$> sourceDestCheck
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkInterfaceIpV6AddressDetail.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkInterfaceIpV6AddressDetail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkInterfaceIpV6AddressDetail.hs
@@ -0,0 +1,94 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceIpV6AddressDetail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceIpV6AddressDetail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about an IPV6 address that is associated with the
+-- network interface.
+--
+-- /See:/ 'newAwsEc2NetworkInterfaceIpV6AddressDetail' smart constructor.
+data AwsEc2NetworkInterfaceIpV6AddressDetail = AwsEc2NetworkInterfaceIpV6AddressDetail'
+  { -- | The IPV6 address.
+    ipV6Address :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2NetworkInterfaceIpV6AddressDetail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ipV6Address', 'awsEc2NetworkInterfaceIpV6AddressDetail_ipV6Address' - The IPV6 address.
+newAwsEc2NetworkInterfaceIpV6AddressDetail ::
+  AwsEc2NetworkInterfaceIpV6AddressDetail
+newAwsEc2NetworkInterfaceIpV6AddressDetail =
+  AwsEc2NetworkInterfaceIpV6AddressDetail'
+    { ipV6Address =
+        Prelude.Nothing
+    }
+
+-- | The IPV6 address.
+awsEc2NetworkInterfaceIpV6AddressDetail_ipV6Address :: Lens.Lens' AwsEc2NetworkInterfaceIpV6AddressDetail (Prelude.Maybe Prelude.Text)
+awsEc2NetworkInterfaceIpV6AddressDetail_ipV6Address = Lens.lens (\AwsEc2NetworkInterfaceIpV6AddressDetail' {ipV6Address} -> ipV6Address) (\s@AwsEc2NetworkInterfaceIpV6AddressDetail' {} a -> s {ipV6Address = a} :: AwsEc2NetworkInterfaceIpV6AddressDetail)
+
+instance
+  Data.FromJSON
+    AwsEc2NetworkInterfaceIpV6AddressDetail
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2NetworkInterfaceIpV6AddressDetail"
+      ( \x ->
+          AwsEc2NetworkInterfaceIpV6AddressDetail'
+            Prelude.<$> (x Data..:? "IpV6Address")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2NetworkInterfaceIpV6AddressDetail
+  where
+  hashWithSalt
+    _salt
+    AwsEc2NetworkInterfaceIpV6AddressDetail' {..} =
+      _salt `Prelude.hashWithSalt` ipV6Address
+
+instance
+  Prelude.NFData
+    AwsEc2NetworkInterfaceIpV6AddressDetail
+  where
+  rnf AwsEc2NetworkInterfaceIpV6AddressDetail' {..} =
+    Prelude.rnf ipV6Address
+
+instance
+  Data.ToJSON
+    AwsEc2NetworkInterfaceIpV6AddressDetail
+  where
+  toJSON AwsEc2NetworkInterfaceIpV6AddressDetail' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("IpV6Address" Data..=) Prelude.<$> ipV6Address]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkInterfacePrivateIpAddressDetail.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkInterfacePrivateIpAddressDetail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkInterfacePrivateIpAddressDetail.hs
@@ -0,0 +1,113 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2NetworkInterfacePrivateIpAddressDetail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2NetworkInterfacePrivateIpAddressDetail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about a private IPv4 address that is with the
+-- network interface.
+--
+-- /See:/ 'newAwsEc2NetworkInterfacePrivateIpAddressDetail' smart constructor.
+data AwsEc2NetworkInterfacePrivateIpAddressDetail = AwsEc2NetworkInterfacePrivateIpAddressDetail'
+  { -- | The private DNS name for the IP address.
+    privateDnsName :: Prelude.Maybe Prelude.Text,
+    -- | The IP address.
+    privateIpAddress :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2NetworkInterfacePrivateIpAddressDetail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'privateDnsName', 'awsEc2NetworkInterfacePrivateIpAddressDetail_privateDnsName' - The private DNS name for the IP address.
+--
+-- 'privateIpAddress', 'awsEc2NetworkInterfacePrivateIpAddressDetail_privateIpAddress' - The IP address.
+newAwsEc2NetworkInterfacePrivateIpAddressDetail ::
+  AwsEc2NetworkInterfacePrivateIpAddressDetail
+newAwsEc2NetworkInterfacePrivateIpAddressDetail =
+  AwsEc2NetworkInterfacePrivateIpAddressDetail'
+    { privateDnsName =
+        Prelude.Nothing,
+      privateIpAddress =
+        Prelude.Nothing
+    }
+
+-- | The private DNS name for the IP address.
+awsEc2NetworkInterfacePrivateIpAddressDetail_privateDnsName :: Lens.Lens' AwsEc2NetworkInterfacePrivateIpAddressDetail (Prelude.Maybe Prelude.Text)
+awsEc2NetworkInterfacePrivateIpAddressDetail_privateDnsName = Lens.lens (\AwsEc2NetworkInterfacePrivateIpAddressDetail' {privateDnsName} -> privateDnsName) (\s@AwsEc2NetworkInterfacePrivateIpAddressDetail' {} a -> s {privateDnsName = a} :: AwsEc2NetworkInterfacePrivateIpAddressDetail)
+
+-- | The IP address.
+awsEc2NetworkInterfacePrivateIpAddressDetail_privateIpAddress :: Lens.Lens' AwsEc2NetworkInterfacePrivateIpAddressDetail (Prelude.Maybe Prelude.Text)
+awsEc2NetworkInterfacePrivateIpAddressDetail_privateIpAddress = Lens.lens (\AwsEc2NetworkInterfacePrivateIpAddressDetail' {privateIpAddress} -> privateIpAddress) (\s@AwsEc2NetworkInterfacePrivateIpAddressDetail' {} a -> s {privateIpAddress = a} :: AwsEc2NetworkInterfacePrivateIpAddressDetail)
+
+instance
+  Data.FromJSON
+    AwsEc2NetworkInterfacePrivateIpAddressDetail
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2NetworkInterfacePrivateIpAddressDetail"
+      ( \x ->
+          AwsEc2NetworkInterfacePrivateIpAddressDetail'
+            Prelude.<$> (x Data..:? "PrivateDnsName")
+            Prelude.<*> (x Data..:? "PrivateIpAddress")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2NetworkInterfacePrivateIpAddressDetail
+  where
+  hashWithSalt
+    _salt
+    AwsEc2NetworkInterfacePrivateIpAddressDetail' {..} =
+      _salt
+        `Prelude.hashWithSalt` privateDnsName
+        `Prelude.hashWithSalt` privateIpAddress
+
+instance
+  Prelude.NFData
+    AwsEc2NetworkInterfacePrivateIpAddressDetail
+  where
+  rnf AwsEc2NetworkInterfacePrivateIpAddressDetail' {..} =
+    Prelude.rnf privateDnsName
+      `Prelude.seq` Prelude.rnf privateIpAddress
+
+instance
+  Data.ToJSON
+    AwsEc2NetworkInterfacePrivateIpAddressDetail
+  where
+  toJSON
+    AwsEc2NetworkInterfacePrivateIpAddressDetail' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("PrivateDnsName" Data..=)
+                Prelude.<$> privateDnsName,
+              ("PrivateIpAddress" Data..=)
+                Prelude.<$> privateIpAddress
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkInterfaceSecurityGroup.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkInterfaceSecurityGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2NetworkInterfaceSecurityGroup.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceSecurityGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceSecurityGroup where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A security group associated with the network interface.
+--
+-- /See:/ 'newAwsEc2NetworkInterfaceSecurityGroup' smart constructor.
+data AwsEc2NetworkInterfaceSecurityGroup = AwsEc2NetworkInterfaceSecurityGroup'
+  { -- | The ID of the security group.
+    groupId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the security group.
+    groupName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2NetworkInterfaceSecurityGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'groupId', 'awsEc2NetworkInterfaceSecurityGroup_groupId' - The ID of the security group.
+--
+-- 'groupName', 'awsEc2NetworkInterfaceSecurityGroup_groupName' - The name of the security group.
+newAwsEc2NetworkInterfaceSecurityGroup ::
+  AwsEc2NetworkInterfaceSecurityGroup
+newAwsEc2NetworkInterfaceSecurityGroup =
+  AwsEc2NetworkInterfaceSecurityGroup'
+    { groupId =
+        Prelude.Nothing,
+      groupName = Prelude.Nothing
+    }
+
+-- | The ID of the security group.
+awsEc2NetworkInterfaceSecurityGroup_groupId :: Lens.Lens' AwsEc2NetworkInterfaceSecurityGroup (Prelude.Maybe Prelude.Text)
+awsEc2NetworkInterfaceSecurityGroup_groupId = Lens.lens (\AwsEc2NetworkInterfaceSecurityGroup' {groupId} -> groupId) (\s@AwsEc2NetworkInterfaceSecurityGroup' {} a -> s {groupId = a} :: AwsEc2NetworkInterfaceSecurityGroup)
+
+-- | The name of the security group.
+awsEc2NetworkInterfaceSecurityGroup_groupName :: Lens.Lens' AwsEc2NetworkInterfaceSecurityGroup (Prelude.Maybe Prelude.Text)
+awsEc2NetworkInterfaceSecurityGroup_groupName = Lens.lens (\AwsEc2NetworkInterfaceSecurityGroup' {groupName} -> groupName) (\s@AwsEc2NetworkInterfaceSecurityGroup' {} a -> s {groupName = a} :: AwsEc2NetworkInterfaceSecurityGroup)
+
+instance
+  Data.FromJSON
+    AwsEc2NetworkInterfaceSecurityGroup
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2NetworkInterfaceSecurityGroup"
+      ( \x ->
+          AwsEc2NetworkInterfaceSecurityGroup'
+            Prelude.<$> (x Data..:? "GroupId")
+            Prelude.<*> (x Data..:? "GroupName")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2NetworkInterfaceSecurityGroup
+  where
+  hashWithSalt
+    _salt
+    AwsEc2NetworkInterfaceSecurityGroup' {..} =
+      _salt
+        `Prelude.hashWithSalt` groupId
+        `Prelude.hashWithSalt` groupName
+
+instance
+  Prelude.NFData
+    AwsEc2NetworkInterfaceSecurityGroup
+  where
+  rnf AwsEc2NetworkInterfaceSecurityGroup' {..} =
+    Prelude.rnf groupId
+      `Prelude.seq` Prelude.rnf groupName
+
+instance
+  Data.ToJSON
+    AwsEc2NetworkInterfaceSecurityGroup
+  where
+  toJSON AwsEc2NetworkInterfaceSecurityGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("GroupId" Data..=) Prelude.<$> groupId,
+            ("GroupName" Data..=) Prelude.<$> groupName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupDetails.hs
@@ -0,0 +1,151 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2SecurityGroupDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2SecurityGroupDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpPermission
+
+-- | Details about an Amazon EC2 security group.
+--
+-- /See:/ 'newAwsEc2SecurityGroupDetails' smart constructor.
+data AwsEc2SecurityGroupDetails = AwsEc2SecurityGroupDetails'
+  { -- | The ID of the security group.
+    groupId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the security group.
+    groupName :: Prelude.Maybe Prelude.Text,
+    -- | The inbound rules associated with the security group.
+    ipPermissions :: Prelude.Maybe [AwsEc2SecurityGroupIpPermission],
+    -- | [VPC only] The outbound rules associated with the security group.
+    ipPermissionsEgress :: Prelude.Maybe [AwsEc2SecurityGroupIpPermission],
+    -- | The Amazon Web Services account ID of the owner of the security group.
+    ownerId :: Prelude.Maybe Prelude.Text,
+    -- | [VPC only] The ID of the VPC for the security group.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2SecurityGroupDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'groupId', 'awsEc2SecurityGroupDetails_groupId' - The ID of the security group.
+--
+-- 'groupName', 'awsEc2SecurityGroupDetails_groupName' - The name of the security group.
+--
+-- 'ipPermissions', 'awsEc2SecurityGroupDetails_ipPermissions' - The inbound rules associated with the security group.
+--
+-- 'ipPermissionsEgress', 'awsEc2SecurityGroupDetails_ipPermissionsEgress' - [VPC only] The outbound rules associated with the security group.
+--
+-- 'ownerId', 'awsEc2SecurityGroupDetails_ownerId' - The Amazon Web Services account ID of the owner of the security group.
+--
+-- 'vpcId', 'awsEc2SecurityGroupDetails_vpcId' - [VPC only] The ID of the VPC for the security group.
+newAwsEc2SecurityGroupDetails ::
+  AwsEc2SecurityGroupDetails
+newAwsEc2SecurityGroupDetails =
+  AwsEc2SecurityGroupDetails'
+    { groupId =
+        Prelude.Nothing,
+      groupName = Prelude.Nothing,
+      ipPermissions = Prelude.Nothing,
+      ipPermissionsEgress = Prelude.Nothing,
+      ownerId = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | The ID of the security group.
+awsEc2SecurityGroupDetails_groupId :: Lens.Lens' AwsEc2SecurityGroupDetails (Prelude.Maybe Prelude.Text)
+awsEc2SecurityGroupDetails_groupId = Lens.lens (\AwsEc2SecurityGroupDetails' {groupId} -> groupId) (\s@AwsEc2SecurityGroupDetails' {} a -> s {groupId = a} :: AwsEc2SecurityGroupDetails)
+
+-- | The name of the security group.
+awsEc2SecurityGroupDetails_groupName :: Lens.Lens' AwsEc2SecurityGroupDetails (Prelude.Maybe Prelude.Text)
+awsEc2SecurityGroupDetails_groupName = Lens.lens (\AwsEc2SecurityGroupDetails' {groupName} -> groupName) (\s@AwsEc2SecurityGroupDetails' {} a -> s {groupName = a} :: AwsEc2SecurityGroupDetails)
+
+-- | The inbound rules associated with the security group.
+awsEc2SecurityGroupDetails_ipPermissions :: Lens.Lens' AwsEc2SecurityGroupDetails (Prelude.Maybe [AwsEc2SecurityGroupIpPermission])
+awsEc2SecurityGroupDetails_ipPermissions = Lens.lens (\AwsEc2SecurityGroupDetails' {ipPermissions} -> ipPermissions) (\s@AwsEc2SecurityGroupDetails' {} a -> s {ipPermissions = a} :: AwsEc2SecurityGroupDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | [VPC only] The outbound rules associated with the security group.
+awsEc2SecurityGroupDetails_ipPermissionsEgress :: Lens.Lens' AwsEc2SecurityGroupDetails (Prelude.Maybe [AwsEc2SecurityGroupIpPermission])
+awsEc2SecurityGroupDetails_ipPermissionsEgress = Lens.lens (\AwsEc2SecurityGroupDetails' {ipPermissionsEgress} -> ipPermissionsEgress) (\s@AwsEc2SecurityGroupDetails' {} a -> s {ipPermissionsEgress = a} :: AwsEc2SecurityGroupDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Amazon Web Services account ID of the owner of the security group.
+awsEc2SecurityGroupDetails_ownerId :: Lens.Lens' AwsEc2SecurityGroupDetails (Prelude.Maybe Prelude.Text)
+awsEc2SecurityGroupDetails_ownerId = Lens.lens (\AwsEc2SecurityGroupDetails' {ownerId} -> ownerId) (\s@AwsEc2SecurityGroupDetails' {} a -> s {ownerId = a} :: AwsEc2SecurityGroupDetails)
+
+-- | [VPC only] The ID of the VPC for the security group.
+awsEc2SecurityGroupDetails_vpcId :: Lens.Lens' AwsEc2SecurityGroupDetails (Prelude.Maybe Prelude.Text)
+awsEc2SecurityGroupDetails_vpcId = Lens.lens (\AwsEc2SecurityGroupDetails' {vpcId} -> vpcId) (\s@AwsEc2SecurityGroupDetails' {} a -> s {vpcId = a} :: AwsEc2SecurityGroupDetails)
+
+instance Data.FromJSON AwsEc2SecurityGroupDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEc2SecurityGroupDetails"
+      ( \x ->
+          AwsEc2SecurityGroupDetails'
+            Prelude.<$> (x Data..:? "GroupId")
+            Prelude.<*> (x Data..:? "GroupName")
+            Prelude.<*> (x Data..:? "IpPermissions" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "IpPermissionsEgress"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "OwnerId")
+            Prelude.<*> (x Data..:? "VpcId")
+      )
+
+instance Prelude.Hashable AwsEc2SecurityGroupDetails where
+  hashWithSalt _salt AwsEc2SecurityGroupDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` groupId
+      `Prelude.hashWithSalt` groupName
+      `Prelude.hashWithSalt` ipPermissions
+      `Prelude.hashWithSalt` ipPermissionsEgress
+      `Prelude.hashWithSalt` ownerId
+      `Prelude.hashWithSalt` vpcId
+
+instance Prelude.NFData AwsEc2SecurityGroupDetails where
+  rnf AwsEc2SecurityGroupDetails' {..} =
+    Prelude.rnf groupId
+      `Prelude.seq` Prelude.rnf groupName
+      `Prelude.seq` Prelude.rnf ipPermissions
+      `Prelude.seq` Prelude.rnf ipPermissionsEgress
+      `Prelude.seq` Prelude.rnf ownerId
+      `Prelude.seq` Prelude.rnf vpcId
+
+instance Data.ToJSON AwsEc2SecurityGroupDetails where
+  toJSON AwsEc2SecurityGroupDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("GroupId" Data..=) Prelude.<$> groupId,
+            ("GroupName" Data..=) Prelude.<$> groupName,
+            ("IpPermissions" Data..=) Prelude.<$> ipPermissions,
+            ("IpPermissionsEgress" Data..=)
+              Prelude.<$> ipPermissionsEgress,
+            ("OwnerId" Data..=) Prelude.<$> ownerId,
+            ("VpcId" Data..=) Prelude.<$> vpcId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupIpPermission.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupIpPermission.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupIpPermission.hs
@@ -0,0 +1,244 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpPermission
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpPermission where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpRange
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpv6Range
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupPrefixListId
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupUserIdGroupPair
+
+-- | An IP permission for an EC2 security group.
+--
+-- /See:/ 'newAwsEc2SecurityGroupIpPermission' smart constructor.
+data AwsEc2SecurityGroupIpPermission = AwsEc2SecurityGroupIpPermission'
+  { -- | The start of the port range for the TCP and UDP protocols, or an
+    -- ICMP\/ICMPv6 type number.
+    --
+    -- A value of -1 indicates all ICMP\/ICMPv6 types. If you specify all
+    -- ICMP\/ICMPv6 types, you must specify all codes.
+    fromPort :: Prelude.Maybe Prelude.Int,
+    -- | The IP protocol name (@tcp@, @udp@, @icmp@, @icmpv6@) or number.
+    --
+    -- [VPC only] Use @-1@ to specify all protocols.
+    --
+    -- When authorizing security group rules, specifying @-1@ or a protocol
+    -- number other than @tcp@, @udp@, @icmp@, or @icmpv6@ allows traffic on
+    -- all ports, regardless of any port range you specify.
+    --
+    -- For @tcp@, @udp@, and @icmp@, you must specify a port range.
+    --
+    -- For @icmpv6@, the port range is optional. If you omit the port range,
+    -- traffic for all types and codes is allowed.
+    ipProtocol :: Prelude.Maybe Prelude.Text,
+    -- | The IPv4 ranges.
+    ipRanges :: Prelude.Maybe [AwsEc2SecurityGroupIpRange],
+    -- | The IPv6 ranges.
+    ipv6Ranges :: Prelude.Maybe [AwsEc2SecurityGroupIpv6Range],
+    -- | [VPC only] The prefix list IDs for an Amazon Web Services service. With
+    -- outbound rules, this is the Amazon Web Services service to access
+    -- through a VPC endpoint from instances associated with the security
+    -- group.
+    prefixListIds :: Prelude.Maybe [AwsEc2SecurityGroupPrefixListId],
+    -- | The end of the port range for the TCP and UDP protocols, or an
+    -- ICMP\/ICMPv6 code.
+    --
+    -- A value of @-1@ indicates all ICMP\/ICMPv6 codes. If you specify all
+    -- ICMP\/ICMPv6 types, you must specify all codes.
+    toPort :: Prelude.Maybe Prelude.Int,
+    -- | The security group and Amazon Web Services account ID pairs.
+    userIdGroupPairs :: Prelude.Maybe [AwsEc2SecurityGroupUserIdGroupPair]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2SecurityGroupIpPermission' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'fromPort', 'awsEc2SecurityGroupIpPermission_fromPort' - The start of the port range for the TCP and UDP protocols, or an
+-- ICMP\/ICMPv6 type number.
+--
+-- A value of -1 indicates all ICMP\/ICMPv6 types. If you specify all
+-- ICMP\/ICMPv6 types, you must specify all codes.
+--
+-- 'ipProtocol', 'awsEc2SecurityGroupIpPermission_ipProtocol' - The IP protocol name (@tcp@, @udp@, @icmp@, @icmpv6@) or number.
+--
+-- [VPC only] Use @-1@ to specify all protocols.
+--
+-- When authorizing security group rules, specifying @-1@ or a protocol
+-- number other than @tcp@, @udp@, @icmp@, or @icmpv6@ allows traffic on
+-- all ports, regardless of any port range you specify.
+--
+-- For @tcp@, @udp@, and @icmp@, you must specify a port range.
+--
+-- For @icmpv6@, the port range is optional. If you omit the port range,
+-- traffic for all types and codes is allowed.
+--
+-- 'ipRanges', 'awsEc2SecurityGroupIpPermission_ipRanges' - The IPv4 ranges.
+--
+-- 'ipv6Ranges', 'awsEc2SecurityGroupIpPermission_ipv6Ranges' - The IPv6 ranges.
+--
+-- 'prefixListIds', 'awsEc2SecurityGroupIpPermission_prefixListIds' - [VPC only] The prefix list IDs for an Amazon Web Services service. With
+-- outbound rules, this is the Amazon Web Services service to access
+-- through a VPC endpoint from instances associated with the security
+-- group.
+--
+-- 'toPort', 'awsEc2SecurityGroupIpPermission_toPort' - The end of the port range for the TCP and UDP protocols, or an
+-- ICMP\/ICMPv6 code.
+--
+-- A value of @-1@ indicates all ICMP\/ICMPv6 codes. If you specify all
+-- ICMP\/ICMPv6 types, you must specify all codes.
+--
+-- 'userIdGroupPairs', 'awsEc2SecurityGroupIpPermission_userIdGroupPairs' - The security group and Amazon Web Services account ID pairs.
+newAwsEc2SecurityGroupIpPermission ::
+  AwsEc2SecurityGroupIpPermission
+newAwsEc2SecurityGroupIpPermission =
+  AwsEc2SecurityGroupIpPermission'
+    { fromPort =
+        Prelude.Nothing,
+      ipProtocol = Prelude.Nothing,
+      ipRanges = Prelude.Nothing,
+      ipv6Ranges = Prelude.Nothing,
+      prefixListIds = Prelude.Nothing,
+      toPort = Prelude.Nothing,
+      userIdGroupPairs = Prelude.Nothing
+    }
+
+-- | The start of the port range for the TCP and UDP protocols, or an
+-- ICMP\/ICMPv6 type number.
+--
+-- A value of -1 indicates all ICMP\/ICMPv6 types. If you specify all
+-- ICMP\/ICMPv6 types, you must specify all codes.
+awsEc2SecurityGroupIpPermission_fromPort :: Lens.Lens' AwsEc2SecurityGroupIpPermission (Prelude.Maybe Prelude.Int)
+awsEc2SecurityGroupIpPermission_fromPort = Lens.lens (\AwsEc2SecurityGroupIpPermission' {fromPort} -> fromPort) (\s@AwsEc2SecurityGroupIpPermission' {} a -> s {fromPort = a} :: AwsEc2SecurityGroupIpPermission)
+
+-- | The IP protocol name (@tcp@, @udp@, @icmp@, @icmpv6@) or number.
+--
+-- [VPC only] Use @-1@ to specify all protocols.
+--
+-- When authorizing security group rules, specifying @-1@ or a protocol
+-- number other than @tcp@, @udp@, @icmp@, or @icmpv6@ allows traffic on
+-- all ports, regardless of any port range you specify.
+--
+-- For @tcp@, @udp@, and @icmp@, you must specify a port range.
+--
+-- For @icmpv6@, the port range is optional. If you omit the port range,
+-- traffic for all types and codes is allowed.
+awsEc2SecurityGroupIpPermission_ipProtocol :: Lens.Lens' AwsEc2SecurityGroupIpPermission (Prelude.Maybe Prelude.Text)
+awsEc2SecurityGroupIpPermission_ipProtocol = Lens.lens (\AwsEc2SecurityGroupIpPermission' {ipProtocol} -> ipProtocol) (\s@AwsEc2SecurityGroupIpPermission' {} a -> s {ipProtocol = a} :: AwsEc2SecurityGroupIpPermission)
+
+-- | The IPv4 ranges.
+awsEc2SecurityGroupIpPermission_ipRanges :: Lens.Lens' AwsEc2SecurityGroupIpPermission (Prelude.Maybe [AwsEc2SecurityGroupIpRange])
+awsEc2SecurityGroupIpPermission_ipRanges = Lens.lens (\AwsEc2SecurityGroupIpPermission' {ipRanges} -> ipRanges) (\s@AwsEc2SecurityGroupIpPermission' {} a -> s {ipRanges = a} :: AwsEc2SecurityGroupIpPermission) Prelude.. Lens.mapping Lens.coerced
+
+-- | The IPv6 ranges.
+awsEc2SecurityGroupIpPermission_ipv6Ranges :: Lens.Lens' AwsEc2SecurityGroupIpPermission (Prelude.Maybe [AwsEc2SecurityGroupIpv6Range])
+awsEc2SecurityGroupIpPermission_ipv6Ranges = Lens.lens (\AwsEc2SecurityGroupIpPermission' {ipv6Ranges} -> ipv6Ranges) (\s@AwsEc2SecurityGroupIpPermission' {} a -> s {ipv6Ranges = a} :: AwsEc2SecurityGroupIpPermission) Prelude.. Lens.mapping Lens.coerced
+
+-- | [VPC only] The prefix list IDs for an Amazon Web Services service. With
+-- outbound rules, this is the Amazon Web Services service to access
+-- through a VPC endpoint from instances associated with the security
+-- group.
+awsEc2SecurityGroupIpPermission_prefixListIds :: Lens.Lens' AwsEc2SecurityGroupIpPermission (Prelude.Maybe [AwsEc2SecurityGroupPrefixListId])
+awsEc2SecurityGroupIpPermission_prefixListIds = Lens.lens (\AwsEc2SecurityGroupIpPermission' {prefixListIds} -> prefixListIds) (\s@AwsEc2SecurityGroupIpPermission' {} a -> s {prefixListIds = a} :: AwsEc2SecurityGroupIpPermission) Prelude.. Lens.mapping Lens.coerced
+
+-- | The end of the port range for the TCP and UDP protocols, or an
+-- ICMP\/ICMPv6 code.
+--
+-- A value of @-1@ indicates all ICMP\/ICMPv6 codes. If you specify all
+-- ICMP\/ICMPv6 types, you must specify all codes.
+awsEc2SecurityGroupIpPermission_toPort :: Lens.Lens' AwsEc2SecurityGroupIpPermission (Prelude.Maybe Prelude.Int)
+awsEc2SecurityGroupIpPermission_toPort = Lens.lens (\AwsEc2SecurityGroupIpPermission' {toPort} -> toPort) (\s@AwsEc2SecurityGroupIpPermission' {} a -> s {toPort = a} :: AwsEc2SecurityGroupIpPermission)
+
+-- | The security group and Amazon Web Services account ID pairs.
+awsEc2SecurityGroupIpPermission_userIdGroupPairs :: Lens.Lens' AwsEc2SecurityGroupIpPermission (Prelude.Maybe [AwsEc2SecurityGroupUserIdGroupPair])
+awsEc2SecurityGroupIpPermission_userIdGroupPairs = Lens.lens (\AwsEc2SecurityGroupIpPermission' {userIdGroupPairs} -> userIdGroupPairs) (\s@AwsEc2SecurityGroupIpPermission' {} a -> s {userIdGroupPairs = a} :: AwsEc2SecurityGroupIpPermission) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsEc2SecurityGroupIpPermission
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2SecurityGroupIpPermission"
+      ( \x ->
+          AwsEc2SecurityGroupIpPermission'
+            Prelude.<$> (x Data..:? "FromPort")
+            Prelude.<*> (x Data..:? "IpProtocol")
+            Prelude.<*> (x Data..:? "IpRanges" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Ipv6Ranges" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "PrefixListIds" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "ToPort")
+            Prelude.<*> ( x
+                            Data..:? "UserIdGroupPairs"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2SecurityGroupIpPermission
+  where
+  hashWithSalt
+    _salt
+    AwsEc2SecurityGroupIpPermission' {..} =
+      _salt
+        `Prelude.hashWithSalt` fromPort
+        `Prelude.hashWithSalt` ipProtocol
+        `Prelude.hashWithSalt` ipRanges
+        `Prelude.hashWithSalt` ipv6Ranges
+        `Prelude.hashWithSalt` prefixListIds
+        `Prelude.hashWithSalt` toPort
+        `Prelude.hashWithSalt` userIdGroupPairs
+
+instance
+  Prelude.NFData
+    AwsEc2SecurityGroupIpPermission
+  where
+  rnf AwsEc2SecurityGroupIpPermission' {..} =
+    Prelude.rnf fromPort
+      `Prelude.seq` Prelude.rnf ipProtocol
+      `Prelude.seq` Prelude.rnf ipRanges
+      `Prelude.seq` Prelude.rnf ipv6Ranges
+      `Prelude.seq` Prelude.rnf prefixListIds
+      `Prelude.seq` Prelude.rnf toPort
+      `Prelude.seq` Prelude.rnf userIdGroupPairs
+
+instance Data.ToJSON AwsEc2SecurityGroupIpPermission where
+  toJSON AwsEc2SecurityGroupIpPermission' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("FromPort" Data..=) Prelude.<$> fromPort,
+            ("IpProtocol" Data..=) Prelude.<$> ipProtocol,
+            ("IpRanges" Data..=) Prelude.<$> ipRanges,
+            ("Ipv6Ranges" Data..=) Prelude.<$> ipv6Ranges,
+            ("PrefixListIds" Data..=) Prelude.<$> prefixListIds,
+            ("ToPort" Data..=) Prelude.<$> toPort,
+            ("UserIdGroupPairs" Data..=)
+              Prelude.<$> userIdGroupPairs
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupIpRange.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupIpRange.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupIpRange.hs
@@ -0,0 +1,85 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpRange
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpRange where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A range of IPv4 addresses.
+--
+-- /See:/ 'newAwsEc2SecurityGroupIpRange' smart constructor.
+data AwsEc2SecurityGroupIpRange = AwsEc2SecurityGroupIpRange'
+  { -- | The IPv4 CIDR range. You can specify either a CIDR range or a source
+    -- security group, but not both. To specify a single IPv4 address, use the
+    -- \/32 prefix length.
+    cidrIp :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2SecurityGroupIpRange' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cidrIp', 'awsEc2SecurityGroupIpRange_cidrIp' - The IPv4 CIDR range. You can specify either a CIDR range or a source
+-- security group, but not both. To specify a single IPv4 address, use the
+-- \/32 prefix length.
+newAwsEc2SecurityGroupIpRange ::
+  AwsEc2SecurityGroupIpRange
+newAwsEc2SecurityGroupIpRange =
+  AwsEc2SecurityGroupIpRange'
+    { cidrIp =
+        Prelude.Nothing
+    }
+
+-- | The IPv4 CIDR range. You can specify either a CIDR range or a source
+-- security group, but not both. To specify a single IPv4 address, use the
+-- \/32 prefix length.
+awsEc2SecurityGroupIpRange_cidrIp :: Lens.Lens' AwsEc2SecurityGroupIpRange (Prelude.Maybe Prelude.Text)
+awsEc2SecurityGroupIpRange_cidrIp = Lens.lens (\AwsEc2SecurityGroupIpRange' {cidrIp} -> cidrIp) (\s@AwsEc2SecurityGroupIpRange' {} a -> s {cidrIp = a} :: AwsEc2SecurityGroupIpRange)
+
+instance Data.FromJSON AwsEc2SecurityGroupIpRange where
+  parseJSON =
+    Data.withObject
+      "AwsEc2SecurityGroupIpRange"
+      ( \x ->
+          AwsEc2SecurityGroupIpRange'
+            Prelude.<$> (x Data..:? "CidrIp")
+      )
+
+instance Prelude.Hashable AwsEc2SecurityGroupIpRange where
+  hashWithSalt _salt AwsEc2SecurityGroupIpRange' {..} =
+    _salt `Prelude.hashWithSalt` cidrIp
+
+instance Prelude.NFData AwsEc2SecurityGroupIpRange where
+  rnf AwsEc2SecurityGroupIpRange' {..} =
+    Prelude.rnf cidrIp
+
+instance Data.ToJSON AwsEc2SecurityGroupIpRange where
+  toJSON AwsEc2SecurityGroupIpRange' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("CidrIp" Data..=) Prelude.<$> cidrIp]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupIpv6Range.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupIpv6Range.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupIpv6Range.hs
@@ -0,0 +1,88 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpv6Range
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2SecurityGroupIpv6Range where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A range of IPv6 addresses.
+--
+-- /See:/ 'newAwsEc2SecurityGroupIpv6Range' smart constructor.
+data AwsEc2SecurityGroupIpv6Range = AwsEc2SecurityGroupIpv6Range'
+  { -- | The IPv6 CIDR range. You can specify either a CIDR range or a source
+    -- security group, but not both. To specify a single IPv6 address, use the
+    -- \/128 prefix length.
+    cidrIpv6 :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2SecurityGroupIpv6Range' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cidrIpv6', 'awsEc2SecurityGroupIpv6Range_cidrIpv6' - The IPv6 CIDR range. You can specify either a CIDR range or a source
+-- security group, but not both. To specify a single IPv6 address, use the
+-- \/128 prefix length.
+newAwsEc2SecurityGroupIpv6Range ::
+  AwsEc2SecurityGroupIpv6Range
+newAwsEc2SecurityGroupIpv6Range =
+  AwsEc2SecurityGroupIpv6Range'
+    { cidrIpv6 =
+        Prelude.Nothing
+    }
+
+-- | The IPv6 CIDR range. You can specify either a CIDR range or a source
+-- security group, but not both. To specify a single IPv6 address, use the
+-- \/128 prefix length.
+awsEc2SecurityGroupIpv6Range_cidrIpv6 :: Lens.Lens' AwsEc2SecurityGroupIpv6Range (Prelude.Maybe Prelude.Text)
+awsEc2SecurityGroupIpv6Range_cidrIpv6 = Lens.lens (\AwsEc2SecurityGroupIpv6Range' {cidrIpv6} -> cidrIpv6) (\s@AwsEc2SecurityGroupIpv6Range' {} a -> s {cidrIpv6 = a} :: AwsEc2SecurityGroupIpv6Range)
+
+instance Data.FromJSON AwsEc2SecurityGroupIpv6Range where
+  parseJSON =
+    Data.withObject
+      "AwsEc2SecurityGroupIpv6Range"
+      ( \x ->
+          AwsEc2SecurityGroupIpv6Range'
+            Prelude.<$> (x Data..:? "CidrIpv6")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2SecurityGroupIpv6Range
+  where
+  hashWithSalt _salt AwsEc2SecurityGroupIpv6Range' {..} =
+    _salt `Prelude.hashWithSalt` cidrIpv6
+
+instance Prelude.NFData AwsEc2SecurityGroupIpv6Range where
+  rnf AwsEc2SecurityGroupIpv6Range' {..} =
+    Prelude.rnf cidrIpv6
+
+instance Data.ToJSON AwsEc2SecurityGroupIpv6Range where
+  toJSON AwsEc2SecurityGroupIpv6Range' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("CidrIpv6" Data..=) Prelude.<$> cidrIpv6]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupPrefixListId.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupPrefixListId.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupPrefixListId.hs
@@ -0,0 +1,90 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2SecurityGroupPrefixListId
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2SecurityGroupPrefixListId where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A prefix list ID.
+--
+-- /See:/ 'newAwsEc2SecurityGroupPrefixListId' smart constructor.
+data AwsEc2SecurityGroupPrefixListId = AwsEc2SecurityGroupPrefixListId'
+  { -- | The ID of the prefix.
+    prefixListId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2SecurityGroupPrefixListId' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'prefixListId', 'awsEc2SecurityGroupPrefixListId_prefixListId' - The ID of the prefix.
+newAwsEc2SecurityGroupPrefixListId ::
+  AwsEc2SecurityGroupPrefixListId
+newAwsEc2SecurityGroupPrefixListId =
+  AwsEc2SecurityGroupPrefixListId'
+    { prefixListId =
+        Prelude.Nothing
+    }
+
+-- | The ID of the prefix.
+awsEc2SecurityGroupPrefixListId_prefixListId :: Lens.Lens' AwsEc2SecurityGroupPrefixListId (Prelude.Maybe Prelude.Text)
+awsEc2SecurityGroupPrefixListId_prefixListId = Lens.lens (\AwsEc2SecurityGroupPrefixListId' {prefixListId} -> prefixListId) (\s@AwsEc2SecurityGroupPrefixListId' {} a -> s {prefixListId = a} :: AwsEc2SecurityGroupPrefixListId)
+
+instance
+  Data.FromJSON
+    AwsEc2SecurityGroupPrefixListId
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2SecurityGroupPrefixListId"
+      ( \x ->
+          AwsEc2SecurityGroupPrefixListId'
+            Prelude.<$> (x Data..:? "PrefixListId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2SecurityGroupPrefixListId
+  where
+  hashWithSalt
+    _salt
+    AwsEc2SecurityGroupPrefixListId' {..} =
+      _salt `Prelude.hashWithSalt` prefixListId
+
+instance
+  Prelude.NFData
+    AwsEc2SecurityGroupPrefixListId
+  where
+  rnf AwsEc2SecurityGroupPrefixListId' {..} =
+    Prelude.rnf prefixListId
+
+instance Data.ToJSON AwsEc2SecurityGroupPrefixListId where
+  toJSON AwsEc2SecurityGroupPrefixListId' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("PrefixListId" Data..=) Prelude.<$> prefixListId]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupUserIdGroupPair.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupUserIdGroupPair.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2SecurityGroupUserIdGroupPair.hs
@@ -0,0 +1,183 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2SecurityGroupUserIdGroupPair
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2SecurityGroupUserIdGroupPair where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A relationship between a security group and a user.
+--
+-- /See:/ 'newAwsEc2SecurityGroupUserIdGroupPair' smart constructor.
+data AwsEc2SecurityGroupUserIdGroupPair = AwsEc2SecurityGroupUserIdGroupPair'
+  { -- | The ID of the security group.
+    groupId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the security group.
+    groupName :: Prelude.Maybe Prelude.Text,
+    -- | The status of a VPC peering connection, if applicable.
+    peeringStatus :: Prelude.Maybe Prelude.Text,
+    -- | The ID of an Amazon Web Services account.
+    --
+    -- For a referenced security group in another VPC, the account ID of the
+    -- referenced security group is returned in the response. If the referenced
+    -- security group is deleted, this value is not returned.
+    --
+    -- [EC2-Classic] Required when adding or removing rules that reference a
+    -- security group in another VPC.
+    userId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the VPC for the referenced security group, if applicable.
+    vpcId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the VPC peering connection, if applicable.
+    vpcPeeringConnectionId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2SecurityGroupUserIdGroupPair' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'groupId', 'awsEc2SecurityGroupUserIdGroupPair_groupId' - The ID of the security group.
+--
+-- 'groupName', 'awsEc2SecurityGroupUserIdGroupPair_groupName' - The name of the security group.
+--
+-- 'peeringStatus', 'awsEc2SecurityGroupUserIdGroupPair_peeringStatus' - The status of a VPC peering connection, if applicable.
+--
+-- 'userId', 'awsEc2SecurityGroupUserIdGroupPair_userId' - The ID of an Amazon Web Services account.
+--
+-- For a referenced security group in another VPC, the account ID of the
+-- referenced security group is returned in the response. If the referenced
+-- security group is deleted, this value is not returned.
+--
+-- [EC2-Classic] Required when adding or removing rules that reference a
+-- security group in another VPC.
+--
+-- 'vpcId', 'awsEc2SecurityGroupUserIdGroupPair_vpcId' - The ID of the VPC for the referenced security group, if applicable.
+--
+-- 'vpcPeeringConnectionId', 'awsEc2SecurityGroupUserIdGroupPair_vpcPeeringConnectionId' - The ID of the VPC peering connection, if applicable.
+newAwsEc2SecurityGroupUserIdGroupPair ::
+  AwsEc2SecurityGroupUserIdGroupPair
+newAwsEc2SecurityGroupUserIdGroupPair =
+  AwsEc2SecurityGroupUserIdGroupPair'
+    { groupId =
+        Prelude.Nothing,
+      groupName = Prelude.Nothing,
+      peeringStatus = Prelude.Nothing,
+      userId = Prelude.Nothing,
+      vpcId = Prelude.Nothing,
+      vpcPeeringConnectionId =
+        Prelude.Nothing
+    }
+
+-- | The ID of the security group.
+awsEc2SecurityGroupUserIdGroupPair_groupId :: Lens.Lens' AwsEc2SecurityGroupUserIdGroupPair (Prelude.Maybe Prelude.Text)
+awsEc2SecurityGroupUserIdGroupPair_groupId = Lens.lens (\AwsEc2SecurityGroupUserIdGroupPair' {groupId} -> groupId) (\s@AwsEc2SecurityGroupUserIdGroupPair' {} a -> s {groupId = a} :: AwsEc2SecurityGroupUserIdGroupPair)
+
+-- | The name of the security group.
+awsEc2SecurityGroupUserIdGroupPair_groupName :: Lens.Lens' AwsEc2SecurityGroupUserIdGroupPair (Prelude.Maybe Prelude.Text)
+awsEc2SecurityGroupUserIdGroupPair_groupName = Lens.lens (\AwsEc2SecurityGroupUserIdGroupPair' {groupName} -> groupName) (\s@AwsEc2SecurityGroupUserIdGroupPair' {} a -> s {groupName = a} :: AwsEc2SecurityGroupUserIdGroupPair)
+
+-- | The status of a VPC peering connection, if applicable.
+awsEc2SecurityGroupUserIdGroupPair_peeringStatus :: Lens.Lens' AwsEc2SecurityGroupUserIdGroupPair (Prelude.Maybe Prelude.Text)
+awsEc2SecurityGroupUserIdGroupPair_peeringStatus = Lens.lens (\AwsEc2SecurityGroupUserIdGroupPair' {peeringStatus} -> peeringStatus) (\s@AwsEc2SecurityGroupUserIdGroupPair' {} a -> s {peeringStatus = a} :: AwsEc2SecurityGroupUserIdGroupPair)
+
+-- | The ID of an Amazon Web Services account.
+--
+-- For a referenced security group in another VPC, the account ID of the
+-- referenced security group is returned in the response. If the referenced
+-- security group is deleted, this value is not returned.
+--
+-- [EC2-Classic] Required when adding or removing rules that reference a
+-- security group in another VPC.
+awsEc2SecurityGroupUserIdGroupPair_userId :: Lens.Lens' AwsEc2SecurityGroupUserIdGroupPair (Prelude.Maybe Prelude.Text)
+awsEc2SecurityGroupUserIdGroupPair_userId = Lens.lens (\AwsEc2SecurityGroupUserIdGroupPair' {userId} -> userId) (\s@AwsEc2SecurityGroupUserIdGroupPair' {} a -> s {userId = a} :: AwsEc2SecurityGroupUserIdGroupPair)
+
+-- | The ID of the VPC for the referenced security group, if applicable.
+awsEc2SecurityGroupUserIdGroupPair_vpcId :: Lens.Lens' AwsEc2SecurityGroupUserIdGroupPair (Prelude.Maybe Prelude.Text)
+awsEc2SecurityGroupUserIdGroupPair_vpcId = Lens.lens (\AwsEc2SecurityGroupUserIdGroupPair' {vpcId} -> vpcId) (\s@AwsEc2SecurityGroupUserIdGroupPair' {} a -> s {vpcId = a} :: AwsEc2SecurityGroupUserIdGroupPair)
+
+-- | The ID of the VPC peering connection, if applicable.
+awsEc2SecurityGroupUserIdGroupPair_vpcPeeringConnectionId :: Lens.Lens' AwsEc2SecurityGroupUserIdGroupPair (Prelude.Maybe Prelude.Text)
+awsEc2SecurityGroupUserIdGroupPair_vpcPeeringConnectionId = Lens.lens (\AwsEc2SecurityGroupUserIdGroupPair' {vpcPeeringConnectionId} -> vpcPeeringConnectionId) (\s@AwsEc2SecurityGroupUserIdGroupPair' {} a -> s {vpcPeeringConnectionId = a} :: AwsEc2SecurityGroupUserIdGroupPair)
+
+instance
+  Data.FromJSON
+    AwsEc2SecurityGroupUserIdGroupPair
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2SecurityGroupUserIdGroupPair"
+      ( \x ->
+          AwsEc2SecurityGroupUserIdGroupPair'
+            Prelude.<$> (x Data..:? "GroupId")
+            Prelude.<*> (x Data..:? "GroupName")
+            Prelude.<*> (x Data..:? "PeeringStatus")
+            Prelude.<*> (x Data..:? "UserId")
+            Prelude.<*> (x Data..:? "VpcId")
+            Prelude.<*> (x Data..:? "VpcPeeringConnectionId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2SecurityGroupUserIdGroupPair
+  where
+  hashWithSalt
+    _salt
+    AwsEc2SecurityGroupUserIdGroupPair' {..} =
+      _salt
+        `Prelude.hashWithSalt` groupId
+        `Prelude.hashWithSalt` groupName
+        `Prelude.hashWithSalt` peeringStatus
+        `Prelude.hashWithSalt` userId
+        `Prelude.hashWithSalt` vpcId
+        `Prelude.hashWithSalt` vpcPeeringConnectionId
+
+instance
+  Prelude.NFData
+    AwsEc2SecurityGroupUserIdGroupPair
+  where
+  rnf AwsEc2SecurityGroupUserIdGroupPair' {..} =
+    Prelude.rnf groupId
+      `Prelude.seq` Prelude.rnf groupName
+      `Prelude.seq` Prelude.rnf peeringStatus
+      `Prelude.seq` Prelude.rnf userId
+      `Prelude.seq` Prelude.rnf vpcId
+      `Prelude.seq` Prelude.rnf vpcPeeringConnectionId
+
+instance
+  Data.ToJSON
+    AwsEc2SecurityGroupUserIdGroupPair
+  where
+  toJSON AwsEc2SecurityGroupUserIdGroupPair' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("GroupId" Data..=) Prelude.<$> groupId,
+            ("GroupName" Data..=) Prelude.<$> groupName,
+            ("PeeringStatus" Data..=) Prelude.<$> peeringStatus,
+            ("UserId" Data..=) Prelude.<$> userId,
+            ("VpcId" Data..=) Prelude.<$> vpcId,
+            ("VpcPeeringConnectionId" Data..=)
+              Prelude.<$> vpcPeeringConnectionId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2SubnetDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2SubnetDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2SubnetDetails.hs
@@ -0,0 +1,256 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2SubnetDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2SubnetDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.Ipv6CidrBlockAssociation
+
+-- | Contains information about a subnet in Amazon EC2.
+--
+-- /See:/ 'newAwsEc2SubnetDetails' smart constructor.
+data AwsEc2SubnetDetails = AwsEc2SubnetDetails'
+  { -- | Whether to assign an IPV6 address to a network interface that is created
+    -- in this subnet.
+    assignIpv6AddressOnCreation :: Prelude.Maybe Prelude.Bool,
+    -- | The Availability Zone for the subnet.
+    availabilityZone :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the Availability Zone for the subnet.
+    availabilityZoneId :: Prelude.Maybe Prelude.Text,
+    -- | The number of available IPV4 addresses in the subnet. Does not include
+    -- addresses for stopped instances.
+    availableIpAddressCount :: Prelude.Maybe Prelude.Int,
+    -- | The IPV4 CIDR block that is assigned to the subnet.
+    cidrBlock :: Prelude.Maybe Prelude.Text,
+    -- | Whether this subnet is the default subnet for the Availability Zone.
+    defaultForAz :: Prelude.Maybe Prelude.Bool,
+    -- | The IPV6 CIDR blocks that are associated with the subnet.
+    ipv6CidrBlockAssociationSet :: Prelude.Maybe [Ipv6CidrBlockAssociation],
+    -- | Whether instances in this subnet receive a public IP address.
+    mapPublicIpOnLaunch :: Prelude.Maybe Prelude.Bool,
+    -- | The identifier of the Amazon Web Services account that owns the subnet.
+    ownerId :: Prelude.Maybe Prelude.Text,
+    -- | The current state of the subnet. Valid values are @available@ or
+    -- @pending@.
+    state :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the subnet.
+    subnetArn :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the subnet.
+    subnetId :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the VPC that contains the subnet.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2SubnetDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'assignIpv6AddressOnCreation', 'awsEc2SubnetDetails_assignIpv6AddressOnCreation' - Whether to assign an IPV6 address to a network interface that is created
+-- in this subnet.
+--
+-- 'availabilityZone', 'awsEc2SubnetDetails_availabilityZone' - The Availability Zone for the subnet.
+--
+-- 'availabilityZoneId', 'awsEc2SubnetDetails_availabilityZoneId' - The identifier of the Availability Zone for the subnet.
+--
+-- 'availableIpAddressCount', 'awsEc2SubnetDetails_availableIpAddressCount' - The number of available IPV4 addresses in the subnet. Does not include
+-- addresses for stopped instances.
+--
+-- 'cidrBlock', 'awsEc2SubnetDetails_cidrBlock' - The IPV4 CIDR block that is assigned to the subnet.
+--
+-- 'defaultForAz', 'awsEc2SubnetDetails_defaultForAz' - Whether this subnet is the default subnet for the Availability Zone.
+--
+-- 'ipv6CidrBlockAssociationSet', 'awsEc2SubnetDetails_ipv6CidrBlockAssociationSet' - The IPV6 CIDR blocks that are associated with the subnet.
+--
+-- 'mapPublicIpOnLaunch', 'awsEc2SubnetDetails_mapPublicIpOnLaunch' - Whether instances in this subnet receive a public IP address.
+--
+-- 'ownerId', 'awsEc2SubnetDetails_ownerId' - The identifier of the Amazon Web Services account that owns the subnet.
+--
+-- 'state', 'awsEc2SubnetDetails_state' - The current state of the subnet. Valid values are @available@ or
+-- @pending@.
+--
+-- 'subnetArn', 'awsEc2SubnetDetails_subnetArn' - The ARN of the subnet.
+--
+-- 'subnetId', 'awsEc2SubnetDetails_subnetId' - The identifier of the subnet.
+--
+-- 'vpcId', 'awsEc2SubnetDetails_vpcId' - The identifier of the VPC that contains the subnet.
+newAwsEc2SubnetDetails ::
+  AwsEc2SubnetDetails
+newAwsEc2SubnetDetails =
+  AwsEc2SubnetDetails'
+    { assignIpv6AddressOnCreation =
+        Prelude.Nothing,
+      availabilityZone = Prelude.Nothing,
+      availabilityZoneId = Prelude.Nothing,
+      availableIpAddressCount = Prelude.Nothing,
+      cidrBlock = Prelude.Nothing,
+      defaultForAz = Prelude.Nothing,
+      ipv6CidrBlockAssociationSet = Prelude.Nothing,
+      mapPublicIpOnLaunch = Prelude.Nothing,
+      ownerId = Prelude.Nothing,
+      state = Prelude.Nothing,
+      subnetArn = Prelude.Nothing,
+      subnetId = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | Whether to assign an IPV6 address to a network interface that is created
+-- in this subnet.
+awsEc2SubnetDetails_assignIpv6AddressOnCreation :: Lens.Lens' AwsEc2SubnetDetails (Prelude.Maybe Prelude.Bool)
+awsEc2SubnetDetails_assignIpv6AddressOnCreation = Lens.lens (\AwsEc2SubnetDetails' {assignIpv6AddressOnCreation} -> assignIpv6AddressOnCreation) (\s@AwsEc2SubnetDetails' {} a -> s {assignIpv6AddressOnCreation = a} :: AwsEc2SubnetDetails)
+
+-- | The Availability Zone for the subnet.
+awsEc2SubnetDetails_availabilityZone :: Lens.Lens' AwsEc2SubnetDetails (Prelude.Maybe Prelude.Text)
+awsEc2SubnetDetails_availabilityZone = Lens.lens (\AwsEc2SubnetDetails' {availabilityZone} -> availabilityZone) (\s@AwsEc2SubnetDetails' {} a -> s {availabilityZone = a} :: AwsEc2SubnetDetails)
+
+-- | The identifier of the Availability Zone for the subnet.
+awsEc2SubnetDetails_availabilityZoneId :: Lens.Lens' AwsEc2SubnetDetails (Prelude.Maybe Prelude.Text)
+awsEc2SubnetDetails_availabilityZoneId = Lens.lens (\AwsEc2SubnetDetails' {availabilityZoneId} -> availabilityZoneId) (\s@AwsEc2SubnetDetails' {} a -> s {availabilityZoneId = a} :: AwsEc2SubnetDetails)
+
+-- | The number of available IPV4 addresses in the subnet. Does not include
+-- addresses for stopped instances.
+awsEc2SubnetDetails_availableIpAddressCount :: Lens.Lens' AwsEc2SubnetDetails (Prelude.Maybe Prelude.Int)
+awsEc2SubnetDetails_availableIpAddressCount = Lens.lens (\AwsEc2SubnetDetails' {availableIpAddressCount} -> availableIpAddressCount) (\s@AwsEc2SubnetDetails' {} a -> s {availableIpAddressCount = a} :: AwsEc2SubnetDetails)
+
+-- | The IPV4 CIDR block that is assigned to the subnet.
+awsEc2SubnetDetails_cidrBlock :: Lens.Lens' AwsEc2SubnetDetails (Prelude.Maybe Prelude.Text)
+awsEc2SubnetDetails_cidrBlock = Lens.lens (\AwsEc2SubnetDetails' {cidrBlock} -> cidrBlock) (\s@AwsEc2SubnetDetails' {} a -> s {cidrBlock = a} :: AwsEc2SubnetDetails)
+
+-- | Whether this subnet is the default subnet for the Availability Zone.
+awsEc2SubnetDetails_defaultForAz :: Lens.Lens' AwsEc2SubnetDetails (Prelude.Maybe Prelude.Bool)
+awsEc2SubnetDetails_defaultForAz = Lens.lens (\AwsEc2SubnetDetails' {defaultForAz} -> defaultForAz) (\s@AwsEc2SubnetDetails' {} a -> s {defaultForAz = a} :: AwsEc2SubnetDetails)
+
+-- | The IPV6 CIDR blocks that are associated with the subnet.
+awsEc2SubnetDetails_ipv6CidrBlockAssociationSet :: Lens.Lens' AwsEc2SubnetDetails (Prelude.Maybe [Ipv6CidrBlockAssociation])
+awsEc2SubnetDetails_ipv6CidrBlockAssociationSet = Lens.lens (\AwsEc2SubnetDetails' {ipv6CidrBlockAssociationSet} -> ipv6CidrBlockAssociationSet) (\s@AwsEc2SubnetDetails' {} a -> s {ipv6CidrBlockAssociationSet = a} :: AwsEc2SubnetDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Whether instances in this subnet receive a public IP address.
+awsEc2SubnetDetails_mapPublicIpOnLaunch :: Lens.Lens' AwsEc2SubnetDetails (Prelude.Maybe Prelude.Bool)
+awsEc2SubnetDetails_mapPublicIpOnLaunch = Lens.lens (\AwsEc2SubnetDetails' {mapPublicIpOnLaunch} -> mapPublicIpOnLaunch) (\s@AwsEc2SubnetDetails' {} a -> s {mapPublicIpOnLaunch = a} :: AwsEc2SubnetDetails)
+
+-- | The identifier of the Amazon Web Services account that owns the subnet.
+awsEc2SubnetDetails_ownerId :: Lens.Lens' AwsEc2SubnetDetails (Prelude.Maybe Prelude.Text)
+awsEc2SubnetDetails_ownerId = Lens.lens (\AwsEc2SubnetDetails' {ownerId} -> ownerId) (\s@AwsEc2SubnetDetails' {} a -> s {ownerId = a} :: AwsEc2SubnetDetails)
+
+-- | The current state of the subnet. Valid values are @available@ or
+-- @pending@.
+awsEc2SubnetDetails_state :: Lens.Lens' AwsEc2SubnetDetails (Prelude.Maybe Prelude.Text)
+awsEc2SubnetDetails_state = Lens.lens (\AwsEc2SubnetDetails' {state} -> state) (\s@AwsEc2SubnetDetails' {} a -> s {state = a} :: AwsEc2SubnetDetails)
+
+-- | The ARN of the subnet.
+awsEc2SubnetDetails_subnetArn :: Lens.Lens' AwsEc2SubnetDetails (Prelude.Maybe Prelude.Text)
+awsEc2SubnetDetails_subnetArn = Lens.lens (\AwsEc2SubnetDetails' {subnetArn} -> subnetArn) (\s@AwsEc2SubnetDetails' {} a -> s {subnetArn = a} :: AwsEc2SubnetDetails)
+
+-- | The identifier of the subnet.
+awsEc2SubnetDetails_subnetId :: Lens.Lens' AwsEc2SubnetDetails (Prelude.Maybe Prelude.Text)
+awsEc2SubnetDetails_subnetId = Lens.lens (\AwsEc2SubnetDetails' {subnetId} -> subnetId) (\s@AwsEc2SubnetDetails' {} a -> s {subnetId = a} :: AwsEc2SubnetDetails)
+
+-- | The identifier of the VPC that contains the subnet.
+awsEc2SubnetDetails_vpcId :: Lens.Lens' AwsEc2SubnetDetails (Prelude.Maybe Prelude.Text)
+awsEc2SubnetDetails_vpcId = Lens.lens (\AwsEc2SubnetDetails' {vpcId} -> vpcId) (\s@AwsEc2SubnetDetails' {} a -> s {vpcId = a} :: AwsEc2SubnetDetails)
+
+instance Data.FromJSON AwsEc2SubnetDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEc2SubnetDetails"
+      ( \x ->
+          AwsEc2SubnetDetails'
+            Prelude.<$> (x Data..:? "AssignIpv6AddressOnCreation")
+            Prelude.<*> (x Data..:? "AvailabilityZone")
+            Prelude.<*> (x Data..:? "AvailabilityZoneId")
+            Prelude.<*> (x Data..:? "AvailableIpAddressCount")
+            Prelude.<*> (x Data..:? "CidrBlock")
+            Prelude.<*> (x Data..:? "DefaultForAz")
+            Prelude.<*> ( x
+                            Data..:? "Ipv6CidrBlockAssociationSet"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "MapPublicIpOnLaunch")
+            Prelude.<*> (x Data..:? "OwnerId")
+            Prelude.<*> (x Data..:? "State")
+            Prelude.<*> (x Data..:? "SubnetArn")
+            Prelude.<*> (x Data..:? "SubnetId")
+            Prelude.<*> (x Data..:? "VpcId")
+      )
+
+instance Prelude.Hashable AwsEc2SubnetDetails where
+  hashWithSalt _salt AwsEc2SubnetDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` assignIpv6AddressOnCreation
+      `Prelude.hashWithSalt` availabilityZone
+      `Prelude.hashWithSalt` availabilityZoneId
+      `Prelude.hashWithSalt` availableIpAddressCount
+      `Prelude.hashWithSalt` cidrBlock
+      `Prelude.hashWithSalt` defaultForAz
+      `Prelude.hashWithSalt` ipv6CidrBlockAssociationSet
+      `Prelude.hashWithSalt` mapPublicIpOnLaunch
+      `Prelude.hashWithSalt` ownerId
+      `Prelude.hashWithSalt` state
+      `Prelude.hashWithSalt` subnetArn
+      `Prelude.hashWithSalt` subnetId
+      `Prelude.hashWithSalt` vpcId
+
+instance Prelude.NFData AwsEc2SubnetDetails where
+  rnf AwsEc2SubnetDetails' {..} =
+    Prelude.rnf assignIpv6AddressOnCreation
+      `Prelude.seq` Prelude.rnf availabilityZone
+      `Prelude.seq` Prelude.rnf availabilityZoneId
+      `Prelude.seq` Prelude.rnf availableIpAddressCount
+      `Prelude.seq` Prelude.rnf cidrBlock
+      `Prelude.seq` Prelude.rnf defaultForAz
+      `Prelude.seq` Prelude.rnf ipv6CidrBlockAssociationSet
+      `Prelude.seq` Prelude.rnf mapPublicIpOnLaunch
+      `Prelude.seq` Prelude.rnf ownerId
+      `Prelude.seq` Prelude.rnf state
+      `Prelude.seq` Prelude.rnf subnetArn
+      `Prelude.seq` Prelude.rnf subnetId
+      `Prelude.seq` Prelude.rnf vpcId
+
+instance Data.ToJSON AwsEc2SubnetDetails where
+  toJSON AwsEc2SubnetDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AssignIpv6AddressOnCreation" Data..=)
+              Prelude.<$> assignIpv6AddressOnCreation,
+            ("AvailabilityZone" Data..=)
+              Prelude.<$> availabilityZone,
+            ("AvailabilityZoneId" Data..=)
+              Prelude.<$> availabilityZoneId,
+            ("AvailableIpAddressCount" Data..=)
+              Prelude.<$> availableIpAddressCount,
+            ("CidrBlock" Data..=) Prelude.<$> cidrBlock,
+            ("DefaultForAz" Data..=) Prelude.<$> defaultForAz,
+            ("Ipv6CidrBlockAssociationSet" Data..=)
+              Prelude.<$> ipv6CidrBlockAssociationSet,
+            ("MapPublicIpOnLaunch" Data..=)
+              Prelude.<$> mapPublicIpOnLaunch,
+            ("OwnerId" Data..=) Prelude.<$> ownerId,
+            ("State" Data..=) Prelude.<$> state,
+            ("SubnetArn" Data..=) Prelude.<$> subnetArn,
+            ("SubnetId" Data..=) Prelude.<$> subnetId,
+            ("VpcId" Data..=) Prelude.<$> vpcId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2TransitGatewayDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2TransitGatewayDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2TransitGatewayDetails.hs
@@ -0,0 +1,247 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2TransitGatewayDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2TransitGatewayDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about an Amazon Web Services Amazon EC2 Transit Gateway that
+-- interconnects virtual private clouds (VPCs) and on-premises networks.
+--
+-- /See:/ 'newAwsEc2TransitGatewayDetails' smart constructor.
+data AwsEc2TransitGatewayDetails = AwsEc2TransitGatewayDetails'
+  { -- | A private Autonomous System Number (ASN) for the Amazon side of a BGP
+    -- session.
+    amazonSideAsn :: Prelude.Maybe Prelude.Int,
+    -- | The ID of the default association route table.
+    associationDefaultRouteTableId :: Prelude.Maybe Prelude.Text,
+    -- | Turn on or turn off automatic acceptance of attachment requests.
+    autoAcceptSharedAttachments :: Prelude.Maybe Prelude.Text,
+    -- | Turn on or turn off automatic association with the default association
+    -- route table.
+    defaultRouteTableAssociation :: Prelude.Maybe Prelude.Text,
+    -- | Turn on or turn off automatic propagation of routes to the default
+    -- propagation route table.
+    defaultRouteTablePropagation :: Prelude.Maybe Prelude.Text,
+    -- | The description of the transit gateway.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | Turn on or turn off DNS support.
+    dnsSupport :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the transit gateway.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether multicast is supported on the transit gateway.
+    multicastSupport :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the default propagation route table.
+    propagationDefaultRouteTableId :: Prelude.Maybe Prelude.Text,
+    -- | The transit gateway Classless Inter-Domain Routing (CIDR) blocks.
+    transitGatewayCidrBlocks :: Prelude.Maybe [Prelude.Text],
+    -- | Turn on or turn off Equal Cost Multipath Protocol (ECMP) support.
+    vpnEcmpSupport :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2TransitGatewayDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'amazonSideAsn', 'awsEc2TransitGatewayDetails_amazonSideAsn' - A private Autonomous System Number (ASN) for the Amazon side of a BGP
+-- session.
+--
+-- 'associationDefaultRouteTableId', 'awsEc2TransitGatewayDetails_associationDefaultRouteTableId' - The ID of the default association route table.
+--
+-- 'autoAcceptSharedAttachments', 'awsEc2TransitGatewayDetails_autoAcceptSharedAttachments' - Turn on or turn off automatic acceptance of attachment requests.
+--
+-- 'defaultRouteTableAssociation', 'awsEc2TransitGatewayDetails_defaultRouteTableAssociation' - Turn on or turn off automatic association with the default association
+-- route table.
+--
+-- 'defaultRouteTablePropagation', 'awsEc2TransitGatewayDetails_defaultRouteTablePropagation' - Turn on or turn off automatic propagation of routes to the default
+-- propagation route table.
+--
+-- 'description', 'awsEc2TransitGatewayDetails_description' - The description of the transit gateway.
+--
+-- 'dnsSupport', 'awsEc2TransitGatewayDetails_dnsSupport' - Turn on or turn off DNS support.
+--
+-- 'id', 'awsEc2TransitGatewayDetails_id' - The ID of the transit gateway.
+--
+-- 'multicastSupport', 'awsEc2TransitGatewayDetails_multicastSupport' - Indicates whether multicast is supported on the transit gateway.
+--
+-- 'propagationDefaultRouteTableId', 'awsEc2TransitGatewayDetails_propagationDefaultRouteTableId' - The ID of the default propagation route table.
+--
+-- 'transitGatewayCidrBlocks', 'awsEc2TransitGatewayDetails_transitGatewayCidrBlocks' - The transit gateway Classless Inter-Domain Routing (CIDR) blocks.
+--
+-- 'vpnEcmpSupport', 'awsEc2TransitGatewayDetails_vpnEcmpSupport' - Turn on or turn off Equal Cost Multipath Protocol (ECMP) support.
+newAwsEc2TransitGatewayDetails ::
+  AwsEc2TransitGatewayDetails
+newAwsEc2TransitGatewayDetails =
+  AwsEc2TransitGatewayDetails'
+    { amazonSideAsn =
+        Prelude.Nothing,
+      associationDefaultRouteTableId =
+        Prelude.Nothing,
+      autoAcceptSharedAttachments = Prelude.Nothing,
+      defaultRouteTableAssociation = Prelude.Nothing,
+      defaultRouteTablePropagation = Prelude.Nothing,
+      description = Prelude.Nothing,
+      dnsSupport = Prelude.Nothing,
+      id = Prelude.Nothing,
+      multicastSupport = Prelude.Nothing,
+      propagationDefaultRouteTableId =
+        Prelude.Nothing,
+      transitGatewayCidrBlocks = Prelude.Nothing,
+      vpnEcmpSupport = Prelude.Nothing
+    }
+
+-- | A private Autonomous System Number (ASN) for the Amazon side of a BGP
+-- session.
+awsEc2TransitGatewayDetails_amazonSideAsn :: Lens.Lens' AwsEc2TransitGatewayDetails (Prelude.Maybe Prelude.Int)
+awsEc2TransitGatewayDetails_amazonSideAsn = Lens.lens (\AwsEc2TransitGatewayDetails' {amazonSideAsn} -> amazonSideAsn) (\s@AwsEc2TransitGatewayDetails' {} a -> s {amazonSideAsn = a} :: AwsEc2TransitGatewayDetails)
+
+-- | The ID of the default association route table.
+awsEc2TransitGatewayDetails_associationDefaultRouteTableId :: Lens.Lens' AwsEc2TransitGatewayDetails (Prelude.Maybe Prelude.Text)
+awsEc2TransitGatewayDetails_associationDefaultRouteTableId = Lens.lens (\AwsEc2TransitGatewayDetails' {associationDefaultRouteTableId} -> associationDefaultRouteTableId) (\s@AwsEc2TransitGatewayDetails' {} a -> s {associationDefaultRouteTableId = a} :: AwsEc2TransitGatewayDetails)
+
+-- | Turn on or turn off automatic acceptance of attachment requests.
+awsEc2TransitGatewayDetails_autoAcceptSharedAttachments :: Lens.Lens' AwsEc2TransitGatewayDetails (Prelude.Maybe Prelude.Text)
+awsEc2TransitGatewayDetails_autoAcceptSharedAttachments = Lens.lens (\AwsEc2TransitGatewayDetails' {autoAcceptSharedAttachments} -> autoAcceptSharedAttachments) (\s@AwsEc2TransitGatewayDetails' {} a -> s {autoAcceptSharedAttachments = a} :: AwsEc2TransitGatewayDetails)
+
+-- | Turn on or turn off automatic association with the default association
+-- route table.
+awsEc2TransitGatewayDetails_defaultRouteTableAssociation :: Lens.Lens' AwsEc2TransitGatewayDetails (Prelude.Maybe Prelude.Text)
+awsEc2TransitGatewayDetails_defaultRouteTableAssociation = Lens.lens (\AwsEc2TransitGatewayDetails' {defaultRouteTableAssociation} -> defaultRouteTableAssociation) (\s@AwsEc2TransitGatewayDetails' {} a -> s {defaultRouteTableAssociation = a} :: AwsEc2TransitGatewayDetails)
+
+-- | Turn on or turn off automatic propagation of routes to the default
+-- propagation route table.
+awsEc2TransitGatewayDetails_defaultRouteTablePropagation :: Lens.Lens' AwsEc2TransitGatewayDetails (Prelude.Maybe Prelude.Text)
+awsEc2TransitGatewayDetails_defaultRouteTablePropagation = Lens.lens (\AwsEc2TransitGatewayDetails' {defaultRouteTablePropagation} -> defaultRouteTablePropagation) (\s@AwsEc2TransitGatewayDetails' {} a -> s {defaultRouteTablePropagation = a} :: AwsEc2TransitGatewayDetails)
+
+-- | The description of the transit gateway.
+awsEc2TransitGatewayDetails_description :: Lens.Lens' AwsEc2TransitGatewayDetails (Prelude.Maybe Prelude.Text)
+awsEc2TransitGatewayDetails_description = Lens.lens (\AwsEc2TransitGatewayDetails' {description} -> description) (\s@AwsEc2TransitGatewayDetails' {} a -> s {description = a} :: AwsEc2TransitGatewayDetails)
+
+-- | Turn on or turn off DNS support.
+awsEc2TransitGatewayDetails_dnsSupport :: Lens.Lens' AwsEc2TransitGatewayDetails (Prelude.Maybe Prelude.Text)
+awsEc2TransitGatewayDetails_dnsSupport = Lens.lens (\AwsEc2TransitGatewayDetails' {dnsSupport} -> dnsSupport) (\s@AwsEc2TransitGatewayDetails' {} a -> s {dnsSupport = a} :: AwsEc2TransitGatewayDetails)
+
+-- | The ID of the transit gateway.
+awsEc2TransitGatewayDetails_id :: Lens.Lens' AwsEc2TransitGatewayDetails (Prelude.Maybe Prelude.Text)
+awsEc2TransitGatewayDetails_id = Lens.lens (\AwsEc2TransitGatewayDetails' {id} -> id) (\s@AwsEc2TransitGatewayDetails' {} a -> s {id = a} :: AwsEc2TransitGatewayDetails)
+
+-- | Indicates whether multicast is supported on the transit gateway.
+awsEc2TransitGatewayDetails_multicastSupport :: Lens.Lens' AwsEc2TransitGatewayDetails (Prelude.Maybe Prelude.Text)
+awsEc2TransitGatewayDetails_multicastSupport = Lens.lens (\AwsEc2TransitGatewayDetails' {multicastSupport} -> multicastSupport) (\s@AwsEc2TransitGatewayDetails' {} a -> s {multicastSupport = a} :: AwsEc2TransitGatewayDetails)
+
+-- | The ID of the default propagation route table.
+awsEc2TransitGatewayDetails_propagationDefaultRouteTableId :: Lens.Lens' AwsEc2TransitGatewayDetails (Prelude.Maybe Prelude.Text)
+awsEc2TransitGatewayDetails_propagationDefaultRouteTableId = Lens.lens (\AwsEc2TransitGatewayDetails' {propagationDefaultRouteTableId} -> propagationDefaultRouteTableId) (\s@AwsEc2TransitGatewayDetails' {} a -> s {propagationDefaultRouteTableId = a} :: AwsEc2TransitGatewayDetails)
+
+-- | The transit gateway Classless Inter-Domain Routing (CIDR) blocks.
+awsEc2TransitGatewayDetails_transitGatewayCidrBlocks :: Lens.Lens' AwsEc2TransitGatewayDetails (Prelude.Maybe [Prelude.Text])
+awsEc2TransitGatewayDetails_transitGatewayCidrBlocks = Lens.lens (\AwsEc2TransitGatewayDetails' {transitGatewayCidrBlocks} -> transitGatewayCidrBlocks) (\s@AwsEc2TransitGatewayDetails' {} a -> s {transitGatewayCidrBlocks = a} :: AwsEc2TransitGatewayDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Turn on or turn off Equal Cost Multipath Protocol (ECMP) support.
+awsEc2TransitGatewayDetails_vpnEcmpSupport :: Lens.Lens' AwsEc2TransitGatewayDetails (Prelude.Maybe Prelude.Text)
+awsEc2TransitGatewayDetails_vpnEcmpSupport = Lens.lens (\AwsEc2TransitGatewayDetails' {vpnEcmpSupport} -> vpnEcmpSupport) (\s@AwsEc2TransitGatewayDetails' {} a -> s {vpnEcmpSupport = a} :: AwsEc2TransitGatewayDetails)
+
+instance Data.FromJSON AwsEc2TransitGatewayDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEc2TransitGatewayDetails"
+      ( \x ->
+          AwsEc2TransitGatewayDetails'
+            Prelude.<$> (x Data..:? "AmazonSideAsn")
+            Prelude.<*> (x Data..:? "AssociationDefaultRouteTableId")
+            Prelude.<*> (x Data..:? "AutoAcceptSharedAttachments")
+            Prelude.<*> (x Data..:? "DefaultRouteTableAssociation")
+            Prelude.<*> (x Data..:? "DefaultRouteTablePropagation")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "DnsSupport")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "MulticastSupport")
+            Prelude.<*> (x Data..:? "PropagationDefaultRouteTableId")
+            Prelude.<*> ( x
+                            Data..:? "TransitGatewayCidrBlocks"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "VpnEcmpSupport")
+      )
+
+instance Prelude.Hashable AwsEc2TransitGatewayDetails where
+  hashWithSalt _salt AwsEc2TransitGatewayDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` amazonSideAsn
+      `Prelude.hashWithSalt` associationDefaultRouteTableId
+      `Prelude.hashWithSalt` autoAcceptSharedAttachments
+      `Prelude.hashWithSalt` defaultRouteTableAssociation
+      `Prelude.hashWithSalt` defaultRouteTablePropagation
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` dnsSupport
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` multicastSupport
+      `Prelude.hashWithSalt` propagationDefaultRouteTableId
+      `Prelude.hashWithSalt` transitGatewayCidrBlocks
+      `Prelude.hashWithSalt` vpnEcmpSupport
+
+instance Prelude.NFData AwsEc2TransitGatewayDetails where
+  rnf AwsEc2TransitGatewayDetails' {..} =
+    Prelude.rnf amazonSideAsn
+      `Prelude.seq` Prelude.rnf associationDefaultRouteTableId
+      `Prelude.seq` Prelude.rnf autoAcceptSharedAttachments
+      `Prelude.seq` Prelude.rnf defaultRouteTableAssociation
+      `Prelude.seq` Prelude.rnf defaultRouteTablePropagation
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf dnsSupport
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf multicastSupport
+      `Prelude.seq` Prelude.rnf propagationDefaultRouteTableId
+      `Prelude.seq` Prelude.rnf transitGatewayCidrBlocks
+      `Prelude.seq` Prelude.rnf vpnEcmpSupport
+
+instance Data.ToJSON AwsEc2TransitGatewayDetails where
+  toJSON AwsEc2TransitGatewayDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AmazonSideAsn" Data..=) Prelude.<$> amazonSideAsn,
+            ("AssociationDefaultRouteTableId" Data..=)
+              Prelude.<$> associationDefaultRouteTableId,
+            ("AutoAcceptSharedAttachments" Data..=)
+              Prelude.<$> autoAcceptSharedAttachments,
+            ("DefaultRouteTableAssociation" Data..=)
+              Prelude.<$> defaultRouteTableAssociation,
+            ("DefaultRouteTablePropagation" Data..=)
+              Prelude.<$> defaultRouteTablePropagation,
+            ("Description" Data..=) Prelude.<$> description,
+            ("DnsSupport" Data..=) Prelude.<$> dnsSupport,
+            ("Id" Data..=) Prelude.<$> id,
+            ("MulticastSupport" Data..=)
+              Prelude.<$> multicastSupport,
+            ("PropagationDefaultRouteTableId" Data..=)
+              Prelude.<$> propagationDefaultRouteTableId,
+            ("TransitGatewayCidrBlocks" Data..=)
+              Prelude.<$> transitGatewayCidrBlocks,
+            ("VpnEcmpSupport" Data..=)
+              Prelude.<$> vpnEcmpSupport
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2VolumeAttachment.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2VolumeAttachment.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2VolumeAttachment.hs
@@ -0,0 +1,151 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2VolumeAttachment
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2VolumeAttachment where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An attachment to an Amazon EC2 volume.
+--
+-- /See:/ 'newAwsEc2VolumeAttachment' smart constructor.
+data AwsEc2VolumeAttachment = AwsEc2VolumeAttachment'
+  { -- | The datetime when the attachment initiated.
+    attachTime :: Prelude.Maybe Prelude.Text,
+    -- | Whether the EBS volume is deleted when the EC2 instance is terminated.
+    deleteOnTermination :: Prelude.Maybe Prelude.Bool,
+    -- | The identifier of the EC2 instance.
+    instanceId :: Prelude.Maybe Prelude.Text,
+    -- | The attachment state of the volume. Valid values are as follows:
+    --
+    -- -   @attaching@
+    --
+    -- -   @attached@
+    --
+    -- -   @busy@
+    --
+    -- -   @detaching@
+    --
+    -- -   @detached@
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2VolumeAttachment' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attachTime', 'awsEc2VolumeAttachment_attachTime' - The datetime when the attachment initiated.
+--
+-- 'deleteOnTermination', 'awsEc2VolumeAttachment_deleteOnTermination' - Whether the EBS volume is deleted when the EC2 instance is terminated.
+--
+-- 'instanceId', 'awsEc2VolumeAttachment_instanceId' - The identifier of the EC2 instance.
+--
+-- 'status', 'awsEc2VolumeAttachment_status' - The attachment state of the volume. Valid values are as follows:
+--
+-- -   @attaching@
+--
+-- -   @attached@
+--
+-- -   @busy@
+--
+-- -   @detaching@
+--
+-- -   @detached@
+newAwsEc2VolumeAttachment ::
+  AwsEc2VolumeAttachment
+newAwsEc2VolumeAttachment =
+  AwsEc2VolumeAttachment'
+    { attachTime =
+        Prelude.Nothing,
+      deleteOnTermination = Prelude.Nothing,
+      instanceId = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The datetime when the attachment initiated.
+awsEc2VolumeAttachment_attachTime :: Lens.Lens' AwsEc2VolumeAttachment (Prelude.Maybe Prelude.Text)
+awsEc2VolumeAttachment_attachTime = Lens.lens (\AwsEc2VolumeAttachment' {attachTime} -> attachTime) (\s@AwsEc2VolumeAttachment' {} a -> s {attachTime = a} :: AwsEc2VolumeAttachment)
+
+-- | Whether the EBS volume is deleted when the EC2 instance is terminated.
+awsEc2VolumeAttachment_deleteOnTermination :: Lens.Lens' AwsEc2VolumeAttachment (Prelude.Maybe Prelude.Bool)
+awsEc2VolumeAttachment_deleteOnTermination = Lens.lens (\AwsEc2VolumeAttachment' {deleteOnTermination} -> deleteOnTermination) (\s@AwsEc2VolumeAttachment' {} a -> s {deleteOnTermination = a} :: AwsEc2VolumeAttachment)
+
+-- | The identifier of the EC2 instance.
+awsEc2VolumeAttachment_instanceId :: Lens.Lens' AwsEc2VolumeAttachment (Prelude.Maybe Prelude.Text)
+awsEc2VolumeAttachment_instanceId = Lens.lens (\AwsEc2VolumeAttachment' {instanceId} -> instanceId) (\s@AwsEc2VolumeAttachment' {} a -> s {instanceId = a} :: AwsEc2VolumeAttachment)
+
+-- | The attachment state of the volume. Valid values are as follows:
+--
+-- -   @attaching@
+--
+-- -   @attached@
+--
+-- -   @busy@
+--
+-- -   @detaching@
+--
+-- -   @detached@
+awsEc2VolumeAttachment_status :: Lens.Lens' AwsEc2VolumeAttachment (Prelude.Maybe Prelude.Text)
+awsEc2VolumeAttachment_status = Lens.lens (\AwsEc2VolumeAttachment' {status} -> status) (\s@AwsEc2VolumeAttachment' {} a -> s {status = a} :: AwsEc2VolumeAttachment)
+
+instance Data.FromJSON AwsEc2VolumeAttachment where
+  parseJSON =
+    Data.withObject
+      "AwsEc2VolumeAttachment"
+      ( \x ->
+          AwsEc2VolumeAttachment'
+            Prelude.<$> (x Data..:? "AttachTime")
+            Prelude.<*> (x Data..:? "DeleteOnTermination")
+            Prelude.<*> (x Data..:? "InstanceId")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance Prelude.Hashable AwsEc2VolumeAttachment where
+  hashWithSalt _salt AwsEc2VolumeAttachment' {..} =
+    _salt
+      `Prelude.hashWithSalt` attachTime
+      `Prelude.hashWithSalt` deleteOnTermination
+      `Prelude.hashWithSalt` instanceId
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData AwsEc2VolumeAttachment where
+  rnf AwsEc2VolumeAttachment' {..} =
+    Prelude.rnf attachTime
+      `Prelude.seq` Prelude.rnf deleteOnTermination
+      `Prelude.seq` Prelude.rnf instanceId
+      `Prelude.seq` Prelude.rnf status
+
+instance Data.ToJSON AwsEc2VolumeAttachment where
+  toJSON AwsEc2VolumeAttachment' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AttachTime" Data..=) Prelude.<$> attachTime,
+            ("DeleteOnTermination" Data..=)
+              Prelude.<$> deleteOnTermination,
+            ("InstanceId" Data..=) Prelude.<$> instanceId,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2VolumeDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2VolumeDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2VolumeDetails.hs
@@ -0,0 +1,266 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2VolumeDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2VolumeDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2VolumeAttachment
+
+-- | Details about an EC2 volume.
+--
+-- /See:/ 'newAwsEc2VolumeDetails' smart constructor.
+data AwsEc2VolumeDetails = AwsEc2VolumeDetails'
+  { -- | The volume attachments.
+    attachments :: Prelude.Maybe [AwsEc2VolumeAttachment],
+    -- | Indicates when the volume was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createTime :: Prelude.Maybe Prelude.Text,
+    -- | The device name for the volume that is attached to the instance.
+    deviceName :: Prelude.Maybe Prelude.Text,
+    -- | Specifies whether the volume is encrypted.
+    encrypted :: Prelude.Maybe Prelude.Bool,
+    -- | The ARN of the KMS key that was used to protect the volume encryption
+    -- key for the volume.
+    kmsKeyId :: Prelude.Maybe Prelude.Text,
+    -- | The size of the volume, in GiBs.
+    size :: Prelude.Maybe Prelude.Int,
+    -- | The snapshot from which the volume was created.
+    snapshotId :: Prelude.Maybe Prelude.Text,
+    -- | The volume state. Valid values are as follows:
+    --
+    -- -   @available@
+    --
+    -- -   @creating@
+    --
+    -- -   @deleted@
+    --
+    -- -   @deleting@
+    --
+    -- -   @error@
+    --
+    -- -   @in-use@
+    status :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the volume.
+    volumeId :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether the volume was scanned or skipped.
+    volumeScanStatus :: Prelude.Maybe Prelude.Text,
+    -- | The volume type.
+    volumeType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2VolumeDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attachments', 'awsEc2VolumeDetails_attachments' - The volume attachments.
+--
+-- 'createTime', 'awsEc2VolumeDetails_createTime' - Indicates when the volume was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'deviceName', 'awsEc2VolumeDetails_deviceName' - The device name for the volume that is attached to the instance.
+--
+-- 'encrypted', 'awsEc2VolumeDetails_encrypted' - Specifies whether the volume is encrypted.
+--
+-- 'kmsKeyId', 'awsEc2VolumeDetails_kmsKeyId' - The ARN of the KMS key that was used to protect the volume encryption
+-- key for the volume.
+--
+-- 'size', 'awsEc2VolumeDetails_size' - The size of the volume, in GiBs.
+--
+-- 'snapshotId', 'awsEc2VolumeDetails_snapshotId' - The snapshot from which the volume was created.
+--
+-- 'status', 'awsEc2VolumeDetails_status' - The volume state. Valid values are as follows:
+--
+-- -   @available@
+--
+-- -   @creating@
+--
+-- -   @deleted@
+--
+-- -   @deleting@
+--
+-- -   @error@
+--
+-- -   @in-use@
+--
+-- 'volumeId', 'awsEc2VolumeDetails_volumeId' - The ID of the volume.
+--
+-- 'volumeScanStatus', 'awsEc2VolumeDetails_volumeScanStatus' - Indicates whether the volume was scanned or skipped.
+--
+-- 'volumeType', 'awsEc2VolumeDetails_volumeType' - The volume type.
+newAwsEc2VolumeDetails ::
+  AwsEc2VolumeDetails
+newAwsEc2VolumeDetails =
+  AwsEc2VolumeDetails'
+    { attachments = Prelude.Nothing,
+      createTime = Prelude.Nothing,
+      deviceName = Prelude.Nothing,
+      encrypted = Prelude.Nothing,
+      kmsKeyId = Prelude.Nothing,
+      size = Prelude.Nothing,
+      snapshotId = Prelude.Nothing,
+      status = Prelude.Nothing,
+      volumeId = Prelude.Nothing,
+      volumeScanStatus = Prelude.Nothing,
+      volumeType = Prelude.Nothing
+    }
+
+-- | The volume attachments.
+awsEc2VolumeDetails_attachments :: Lens.Lens' AwsEc2VolumeDetails (Prelude.Maybe [AwsEc2VolumeAttachment])
+awsEc2VolumeDetails_attachments = Lens.lens (\AwsEc2VolumeDetails' {attachments} -> attachments) (\s@AwsEc2VolumeDetails' {} a -> s {attachments = a} :: AwsEc2VolumeDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates when the volume was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsEc2VolumeDetails_createTime :: Lens.Lens' AwsEc2VolumeDetails (Prelude.Maybe Prelude.Text)
+awsEc2VolumeDetails_createTime = Lens.lens (\AwsEc2VolumeDetails' {createTime} -> createTime) (\s@AwsEc2VolumeDetails' {} a -> s {createTime = a} :: AwsEc2VolumeDetails)
+
+-- | The device name for the volume that is attached to the instance.
+awsEc2VolumeDetails_deviceName :: Lens.Lens' AwsEc2VolumeDetails (Prelude.Maybe Prelude.Text)
+awsEc2VolumeDetails_deviceName = Lens.lens (\AwsEc2VolumeDetails' {deviceName} -> deviceName) (\s@AwsEc2VolumeDetails' {} a -> s {deviceName = a} :: AwsEc2VolumeDetails)
+
+-- | Specifies whether the volume is encrypted.
+awsEc2VolumeDetails_encrypted :: Lens.Lens' AwsEc2VolumeDetails (Prelude.Maybe Prelude.Bool)
+awsEc2VolumeDetails_encrypted = Lens.lens (\AwsEc2VolumeDetails' {encrypted} -> encrypted) (\s@AwsEc2VolumeDetails' {} a -> s {encrypted = a} :: AwsEc2VolumeDetails)
+
+-- | The ARN of the KMS key that was used to protect the volume encryption
+-- key for the volume.
+awsEc2VolumeDetails_kmsKeyId :: Lens.Lens' AwsEc2VolumeDetails (Prelude.Maybe Prelude.Text)
+awsEc2VolumeDetails_kmsKeyId = Lens.lens (\AwsEc2VolumeDetails' {kmsKeyId} -> kmsKeyId) (\s@AwsEc2VolumeDetails' {} a -> s {kmsKeyId = a} :: AwsEc2VolumeDetails)
+
+-- | The size of the volume, in GiBs.
+awsEc2VolumeDetails_size :: Lens.Lens' AwsEc2VolumeDetails (Prelude.Maybe Prelude.Int)
+awsEc2VolumeDetails_size = Lens.lens (\AwsEc2VolumeDetails' {size} -> size) (\s@AwsEc2VolumeDetails' {} a -> s {size = a} :: AwsEc2VolumeDetails)
+
+-- | The snapshot from which the volume was created.
+awsEc2VolumeDetails_snapshotId :: Lens.Lens' AwsEc2VolumeDetails (Prelude.Maybe Prelude.Text)
+awsEc2VolumeDetails_snapshotId = Lens.lens (\AwsEc2VolumeDetails' {snapshotId} -> snapshotId) (\s@AwsEc2VolumeDetails' {} a -> s {snapshotId = a} :: AwsEc2VolumeDetails)
+
+-- | The volume state. Valid values are as follows:
+--
+-- -   @available@
+--
+-- -   @creating@
+--
+-- -   @deleted@
+--
+-- -   @deleting@
+--
+-- -   @error@
+--
+-- -   @in-use@
+awsEc2VolumeDetails_status :: Lens.Lens' AwsEc2VolumeDetails (Prelude.Maybe Prelude.Text)
+awsEc2VolumeDetails_status = Lens.lens (\AwsEc2VolumeDetails' {status} -> status) (\s@AwsEc2VolumeDetails' {} a -> s {status = a} :: AwsEc2VolumeDetails)
+
+-- | The ID of the volume.
+awsEc2VolumeDetails_volumeId :: Lens.Lens' AwsEc2VolumeDetails (Prelude.Maybe Prelude.Text)
+awsEc2VolumeDetails_volumeId = Lens.lens (\AwsEc2VolumeDetails' {volumeId} -> volumeId) (\s@AwsEc2VolumeDetails' {} a -> s {volumeId = a} :: AwsEc2VolumeDetails)
+
+-- | Indicates whether the volume was scanned or skipped.
+awsEc2VolumeDetails_volumeScanStatus :: Lens.Lens' AwsEc2VolumeDetails (Prelude.Maybe Prelude.Text)
+awsEc2VolumeDetails_volumeScanStatus = Lens.lens (\AwsEc2VolumeDetails' {volumeScanStatus} -> volumeScanStatus) (\s@AwsEc2VolumeDetails' {} a -> s {volumeScanStatus = a} :: AwsEc2VolumeDetails)
+
+-- | The volume type.
+awsEc2VolumeDetails_volumeType :: Lens.Lens' AwsEc2VolumeDetails (Prelude.Maybe Prelude.Text)
+awsEc2VolumeDetails_volumeType = Lens.lens (\AwsEc2VolumeDetails' {volumeType} -> volumeType) (\s@AwsEc2VolumeDetails' {} a -> s {volumeType = a} :: AwsEc2VolumeDetails)
+
+instance Data.FromJSON AwsEc2VolumeDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEc2VolumeDetails"
+      ( \x ->
+          AwsEc2VolumeDetails'
+            Prelude.<$> (x Data..:? "Attachments" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "CreateTime")
+            Prelude.<*> (x Data..:? "DeviceName")
+            Prelude.<*> (x Data..:? "Encrypted")
+            Prelude.<*> (x Data..:? "KmsKeyId")
+            Prelude.<*> (x Data..:? "Size")
+            Prelude.<*> (x Data..:? "SnapshotId")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "VolumeId")
+            Prelude.<*> (x Data..:? "VolumeScanStatus")
+            Prelude.<*> (x Data..:? "VolumeType")
+      )
+
+instance Prelude.Hashable AwsEc2VolumeDetails where
+  hashWithSalt _salt AwsEc2VolumeDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` attachments
+      `Prelude.hashWithSalt` createTime
+      `Prelude.hashWithSalt` deviceName
+      `Prelude.hashWithSalt` encrypted
+      `Prelude.hashWithSalt` kmsKeyId
+      `Prelude.hashWithSalt` size
+      `Prelude.hashWithSalt` snapshotId
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` volumeId
+      `Prelude.hashWithSalt` volumeScanStatus
+      `Prelude.hashWithSalt` volumeType
+
+instance Prelude.NFData AwsEc2VolumeDetails where
+  rnf AwsEc2VolumeDetails' {..} =
+    Prelude.rnf attachments
+      `Prelude.seq` Prelude.rnf createTime
+      `Prelude.seq` Prelude.rnf deviceName
+      `Prelude.seq` Prelude.rnf encrypted
+      `Prelude.seq` Prelude.rnf kmsKeyId
+      `Prelude.seq` Prelude.rnf size
+      `Prelude.seq` Prelude.rnf snapshotId
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf volumeId
+      `Prelude.seq` Prelude.rnf volumeScanStatus
+      `Prelude.seq` Prelude.rnf volumeType
+
+instance Data.ToJSON AwsEc2VolumeDetails where
+  toJSON AwsEc2VolumeDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Attachments" Data..=) Prelude.<$> attachments,
+            ("CreateTime" Data..=) Prelude.<$> createTime,
+            ("DeviceName" Data..=) Prelude.<$> deviceName,
+            ("Encrypted" Data..=) Prelude.<$> encrypted,
+            ("KmsKeyId" Data..=) Prelude.<$> kmsKeyId,
+            ("Size" Data..=) Prelude.<$> size,
+            ("SnapshotId" Data..=) Prelude.<$> snapshotId,
+            ("Status" Data..=) Prelude.<$> status,
+            ("VolumeId" Data..=) Prelude.<$> volumeId,
+            ("VolumeScanStatus" Data..=)
+              Prelude.<$> volumeScanStatus,
+            ("VolumeType" Data..=) Prelude.<$> volumeType
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2VpcDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2VpcDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2VpcDetails.hs
@@ -0,0 +1,136 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2VpcDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2VpcDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.CidrBlockAssociation
+import Amazonka.SecurityHub.Types.Ipv6CidrBlockAssociation
+
+-- | Details about an EC2 VPC.
+--
+-- /See:/ 'newAwsEc2VpcDetails' smart constructor.
+data AwsEc2VpcDetails = AwsEc2VpcDetails'
+  { -- | Information about the IPv4 CIDR blocks associated with the VPC.
+    cidrBlockAssociationSet :: Prelude.Maybe [CidrBlockAssociation],
+    -- | The identifier of the set of Dynamic Host Configuration Protocol (DHCP)
+    -- options that are associated with the VPC. If the default options are
+    -- associated with the VPC, then this is default.
+    dhcpOptionsId :: Prelude.Maybe Prelude.Text,
+    -- | Information about the IPv6 CIDR blocks associated with the VPC.
+    ipv6CidrBlockAssociationSet :: Prelude.Maybe [Ipv6CidrBlockAssociation],
+    -- | The current state of the VPC. Valid values are @available@ or @pending@.
+    state :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2VpcDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cidrBlockAssociationSet', 'awsEc2VpcDetails_cidrBlockAssociationSet' - Information about the IPv4 CIDR blocks associated with the VPC.
+--
+-- 'dhcpOptionsId', 'awsEc2VpcDetails_dhcpOptionsId' - The identifier of the set of Dynamic Host Configuration Protocol (DHCP)
+-- options that are associated with the VPC. If the default options are
+-- associated with the VPC, then this is default.
+--
+-- 'ipv6CidrBlockAssociationSet', 'awsEc2VpcDetails_ipv6CidrBlockAssociationSet' - Information about the IPv6 CIDR blocks associated with the VPC.
+--
+-- 'state', 'awsEc2VpcDetails_state' - The current state of the VPC. Valid values are @available@ or @pending@.
+newAwsEc2VpcDetails ::
+  AwsEc2VpcDetails
+newAwsEc2VpcDetails =
+  AwsEc2VpcDetails'
+    { cidrBlockAssociationSet =
+        Prelude.Nothing,
+      dhcpOptionsId = Prelude.Nothing,
+      ipv6CidrBlockAssociationSet = Prelude.Nothing,
+      state = Prelude.Nothing
+    }
+
+-- | Information about the IPv4 CIDR blocks associated with the VPC.
+awsEc2VpcDetails_cidrBlockAssociationSet :: Lens.Lens' AwsEc2VpcDetails (Prelude.Maybe [CidrBlockAssociation])
+awsEc2VpcDetails_cidrBlockAssociationSet = Lens.lens (\AwsEc2VpcDetails' {cidrBlockAssociationSet} -> cidrBlockAssociationSet) (\s@AwsEc2VpcDetails' {} a -> s {cidrBlockAssociationSet = a} :: AwsEc2VpcDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The identifier of the set of Dynamic Host Configuration Protocol (DHCP)
+-- options that are associated with the VPC. If the default options are
+-- associated with the VPC, then this is default.
+awsEc2VpcDetails_dhcpOptionsId :: Lens.Lens' AwsEc2VpcDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpcDetails_dhcpOptionsId = Lens.lens (\AwsEc2VpcDetails' {dhcpOptionsId} -> dhcpOptionsId) (\s@AwsEc2VpcDetails' {} a -> s {dhcpOptionsId = a} :: AwsEc2VpcDetails)
+
+-- | Information about the IPv6 CIDR blocks associated with the VPC.
+awsEc2VpcDetails_ipv6CidrBlockAssociationSet :: Lens.Lens' AwsEc2VpcDetails (Prelude.Maybe [Ipv6CidrBlockAssociation])
+awsEc2VpcDetails_ipv6CidrBlockAssociationSet = Lens.lens (\AwsEc2VpcDetails' {ipv6CidrBlockAssociationSet} -> ipv6CidrBlockAssociationSet) (\s@AwsEc2VpcDetails' {} a -> s {ipv6CidrBlockAssociationSet = a} :: AwsEc2VpcDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The current state of the VPC. Valid values are @available@ or @pending@.
+awsEc2VpcDetails_state :: Lens.Lens' AwsEc2VpcDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpcDetails_state = Lens.lens (\AwsEc2VpcDetails' {state} -> state) (\s@AwsEc2VpcDetails' {} a -> s {state = a} :: AwsEc2VpcDetails)
+
+instance Data.FromJSON AwsEc2VpcDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEc2VpcDetails"
+      ( \x ->
+          AwsEc2VpcDetails'
+            Prelude.<$> ( x
+                            Data..:? "CidrBlockAssociationSet"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "DhcpOptionsId")
+            Prelude.<*> ( x
+                            Data..:? "Ipv6CidrBlockAssociationSet"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "State")
+      )
+
+instance Prelude.Hashable AwsEc2VpcDetails where
+  hashWithSalt _salt AwsEc2VpcDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` cidrBlockAssociationSet
+      `Prelude.hashWithSalt` dhcpOptionsId
+      `Prelude.hashWithSalt` ipv6CidrBlockAssociationSet
+      `Prelude.hashWithSalt` state
+
+instance Prelude.NFData AwsEc2VpcDetails where
+  rnf AwsEc2VpcDetails' {..} =
+    Prelude.rnf cidrBlockAssociationSet
+      `Prelude.seq` Prelude.rnf dhcpOptionsId
+      `Prelude.seq` Prelude.rnf ipv6CidrBlockAssociationSet
+      `Prelude.seq` Prelude.rnf state
+
+instance Data.ToJSON AwsEc2VpcDetails where
+  toJSON AwsEc2VpcDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CidrBlockAssociationSet" Data..=)
+              Prelude.<$> cidrBlockAssociationSet,
+            ("DhcpOptionsId" Data..=) Prelude.<$> dhcpOptionsId,
+            ("Ipv6CidrBlockAssociationSet" Data..=)
+              Prelude.<$> ipv6CidrBlockAssociationSet,
+            ("State" Data..=) Prelude.<$> state
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2VpcEndpointServiceDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2VpcEndpointServiceDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2VpcEndpointServiceDetails.hs
@@ -0,0 +1,276 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2VpcEndpointServiceDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2VpcEndpointServiceDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2VpcEndpointServiceServiceTypeDetails
+
+-- | Contains details about the service configuration for a VPC endpoint
+-- service.
+--
+-- /See:/ 'newAwsEc2VpcEndpointServiceDetails' smart constructor.
+data AwsEc2VpcEndpointServiceDetails = AwsEc2VpcEndpointServiceDetails'
+  { -- | Whether requests from other Amazon Web Services accounts to create an
+    -- endpoint to the service must first be accepted.
+    acceptanceRequired :: Prelude.Maybe Prelude.Bool,
+    -- | The Availability Zones where the service is available.
+    availabilityZones :: Prelude.Maybe [Prelude.Text],
+    -- | The DNS names for the service.
+    baseEndpointDnsNames :: Prelude.Maybe [Prelude.Text],
+    -- | The ARNs of the Gateway Load Balancers for the service.
+    gatewayLoadBalancerArns :: Prelude.Maybe [Prelude.Text],
+    -- | Whether the service manages its VPC endpoints.
+    managesVpcEndpoints :: Prelude.Maybe Prelude.Bool,
+    -- | The ARNs of the Network Load Balancers for the service.
+    networkLoadBalancerArns :: Prelude.Maybe [Prelude.Text],
+    -- | The private DNS name for the service.
+    privateDnsName :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the service.
+    serviceId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the service.
+    serviceName :: Prelude.Maybe Prelude.Text,
+    -- | The current state of the service. Valid values are as follows:
+    --
+    -- -   @Available@
+    --
+    -- -   @Deleted@
+    --
+    -- -   @Deleting@
+    --
+    -- -   @Failed@
+    --
+    -- -   @Pending@
+    serviceState :: Prelude.Maybe Prelude.Text,
+    -- | The types for the service.
+    serviceType :: Prelude.Maybe [AwsEc2VpcEndpointServiceServiceTypeDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2VpcEndpointServiceDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'acceptanceRequired', 'awsEc2VpcEndpointServiceDetails_acceptanceRequired' - Whether requests from other Amazon Web Services accounts to create an
+-- endpoint to the service must first be accepted.
+--
+-- 'availabilityZones', 'awsEc2VpcEndpointServiceDetails_availabilityZones' - The Availability Zones where the service is available.
+--
+-- 'baseEndpointDnsNames', 'awsEc2VpcEndpointServiceDetails_baseEndpointDnsNames' - The DNS names for the service.
+--
+-- 'gatewayLoadBalancerArns', 'awsEc2VpcEndpointServiceDetails_gatewayLoadBalancerArns' - The ARNs of the Gateway Load Balancers for the service.
+--
+-- 'managesVpcEndpoints', 'awsEc2VpcEndpointServiceDetails_managesVpcEndpoints' - Whether the service manages its VPC endpoints.
+--
+-- 'networkLoadBalancerArns', 'awsEc2VpcEndpointServiceDetails_networkLoadBalancerArns' - The ARNs of the Network Load Balancers for the service.
+--
+-- 'privateDnsName', 'awsEc2VpcEndpointServiceDetails_privateDnsName' - The private DNS name for the service.
+--
+-- 'serviceId', 'awsEc2VpcEndpointServiceDetails_serviceId' - The identifier of the service.
+--
+-- 'serviceName', 'awsEc2VpcEndpointServiceDetails_serviceName' - The name of the service.
+--
+-- 'serviceState', 'awsEc2VpcEndpointServiceDetails_serviceState' - The current state of the service. Valid values are as follows:
+--
+-- -   @Available@
+--
+-- -   @Deleted@
+--
+-- -   @Deleting@
+--
+-- -   @Failed@
+--
+-- -   @Pending@
+--
+-- 'serviceType', 'awsEc2VpcEndpointServiceDetails_serviceType' - The types for the service.
+newAwsEc2VpcEndpointServiceDetails ::
+  AwsEc2VpcEndpointServiceDetails
+newAwsEc2VpcEndpointServiceDetails =
+  AwsEc2VpcEndpointServiceDetails'
+    { acceptanceRequired =
+        Prelude.Nothing,
+      availabilityZones = Prelude.Nothing,
+      baseEndpointDnsNames = Prelude.Nothing,
+      gatewayLoadBalancerArns = Prelude.Nothing,
+      managesVpcEndpoints = Prelude.Nothing,
+      networkLoadBalancerArns = Prelude.Nothing,
+      privateDnsName = Prelude.Nothing,
+      serviceId = Prelude.Nothing,
+      serviceName = Prelude.Nothing,
+      serviceState = Prelude.Nothing,
+      serviceType = Prelude.Nothing
+    }
+
+-- | Whether requests from other Amazon Web Services accounts to create an
+-- endpoint to the service must first be accepted.
+awsEc2VpcEndpointServiceDetails_acceptanceRequired :: Lens.Lens' AwsEc2VpcEndpointServiceDetails (Prelude.Maybe Prelude.Bool)
+awsEc2VpcEndpointServiceDetails_acceptanceRequired = Lens.lens (\AwsEc2VpcEndpointServiceDetails' {acceptanceRequired} -> acceptanceRequired) (\s@AwsEc2VpcEndpointServiceDetails' {} a -> s {acceptanceRequired = a} :: AwsEc2VpcEndpointServiceDetails)
+
+-- | The Availability Zones where the service is available.
+awsEc2VpcEndpointServiceDetails_availabilityZones :: Lens.Lens' AwsEc2VpcEndpointServiceDetails (Prelude.Maybe [Prelude.Text])
+awsEc2VpcEndpointServiceDetails_availabilityZones = Lens.lens (\AwsEc2VpcEndpointServiceDetails' {availabilityZones} -> availabilityZones) (\s@AwsEc2VpcEndpointServiceDetails' {} a -> s {availabilityZones = a} :: AwsEc2VpcEndpointServiceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The DNS names for the service.
+awsEc2VpcEndpointServiceDetails_baseEndpointDnsNames :: Lens.Lens' AwsEc2VpcEndpointServiceDetails (Prelude.Maybe [Prelude.Text])
+awsEc2VpcEndpointServiceDetails_baseEndpointDnsNames = Lens.lens (\AwsEc2VpcEndpointServiceDetails' {baseEndpointDnsNames} -> baseEndpointDnsNames) (\s@AwsEc2VpcEndpointServiceDetails' {} a -> s {baseEndpointDnsNames = a} :: AwsEc2VpcEndpointServiceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARNs of the Gateway Load Balancers for the service.
+awsEc2VpcEndpointServiceDetails_gatewayLoadBalancerArns :: Lens.Lens' AwsEc2VpcEndpointServiceDetails (Prelude.Maybe [Prelude.Text])
+awsEc2VpcEndpointServiceDetails_gatewayLoadBalancerArns = Lens.lens (\AwsEc2VpcEndpointServiceDetails' {gatewayLoadBalancerArns} -> gatewayLoadBalancerArns) (\s@AwsEc2VpcEndpointServiceDetails' {} a -> s {gatewayLoadBalancerArns = a} :: AwsEc2VpcEndpointServiceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Whether the service manages its VPC endpoints.
+awsEc2VpcEndpointServiceDetails_managesVpcEndpoints :: Lens.Lens' AwsEc2VpcEndpointServiceDetails (Prelude.Maybe Prelude.Bool)
+awsEc2VpcEndpointServiceDetails_managesVpcEndpoints = Lens.lens (\AwsEc2VpcEndpointServiceDetails' {managesVpcEndpoints} -> managesVpcEndpoints) (\s@AwsEc2VpcEndpointServiceDetails' {} a -> s {managesVpcEndpoints = a} :: AwsEc2VpcEndpointServiceDetails)
+
+-- | The ARNs of the Network Load Balancers for the service.
+awsEc2VpcEndpointServiceDetails_networkLoadBalancerArns :: Lens.Lens' AwsEc2VpcEndpointServiceDetails (Prelude.Maybe [Prelude.Text])
+awsEc2VpcEndpointServiceDetails_networkLoadBalancerArns = Lens.lens (\AwsEc2VpcEndpointServiceDetails' {networkLoadBalancerArns} -> networkLoadBalancerArns) (\s@AwsEc2VpcEndpointServiceDetails' {} a -> s {networkLoadBalancerArns = a} :: AwsEc2VpcEndpointServiceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The private DNS name for the service.
+awsEc2VpcEndpointServiceDetails_privateDnsName :: Lens.Lens' AwsEc2VpcEndpointServiceDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpcEndpointServiceDetails_privateDnsName = Lens.lens (\AwsEc2VpcEndpointServiceDetails' {privateDnsName} -> privateDnsName) (\s@AwsEc2VpcEndpointServiceDetails' {} a -> s {privateDnsName = a} :: AwsEc2VpcEndpointServiceDetails)
+
+-- | The identifier of the service.
+awsEc2VpcEndpointServiceDetails_serviceId :: Lens.Lens' AwsEc2VpcEndpointServiceDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpcEndpointServiceDetails_serviceId = Lens.lens (\AwsEc2VpcEndpointServiceDetails' {serviceId} -> serviceId) (\s@AwsEc2VpcEndpointServiceDetails' {} a -> s {serviceId = a} :: AwsEc2VpcEndpointServiceDetails)
+
+-- | The name of the service.
+awsEc2VpcEndpointServiceDetails_serviceName :: Lens.Lens' AwsEc2VpcEndpointServiceDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpcEndpointServiceDetails_serviceName = Lens.lens (\AwsEc2VpcEndpointServiceDetails' {serviceName} -> serviceName) (\s@AwsEc2VpcEndpointServiceDetails' {} a -> s {serviceName = a} :: AwsEc2VpcEndpointServiceDetails)
+
+-- | The current state of the service. Valid values are as follows:
+--
+-- -   @Available@
+--
+-- -   @Deleted@
+--
+-- -   @Deleting@
+--
+-- -   @Failed@
+--
+-- -   @Pending@
+awsEc2VpcEndpointServiceDetails_serviceState :: Lens.Lens' AwsEc2VpcEndpointServiceDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpcEndpointServiceDetails_serviceState = Lens.lens (\AwsEc2VpcEndpointServiceDetails' {serviceState} -> serviceState) (\s@AwsEc2VpcEndpointServiceDetails' {} a -> s {serviceState = a} :: AwsEc2VpcEndpointServiceDetails)
+
+-- | The types for the service.
+awsEc2VpcEndpointServiceDetails_serviceType :: Lens.Lens' AwsEc2VpcEndpointServiceDetails (Prelude.Maybe [AwsEc2VpcEndpointServiceServiceTypeDetails])
+awsEc2VpcEndpointServiceDetails_serviceType = Lens.lens (\AwsEc2VpcEndpointServiceDetails' {serviceType} -> serviceType) (\s@AwsEc2VpcEndpointServiceDetails' {} a -> s {serviceType = a} :: AwsEc2VpcEndpointServiceDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsEc2VpcEndpointServiceDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2VpcEndpointServiceDetails"
+      ( \x ->
+          AwsEc2VpcEndpointServiceDetails'
+            Prelude.<$> (x Data..:? "AcceptanceRequired")
+            Prelude.<*> ( x
+                            Data..:? "AvailabilityZones"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "BaseEndpointDnsNames"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "GatewayLoadBalancerArns"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ManagesVpcEndpoints")
+            Prelude.<*> ( x
+                            Data..:? "NetworkLoadBalancerArns"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "PrivateDnsName")
+            Prelude.<*> (x Data..:? "ServiceId")
+            Prelude.<*> (x Data..:? "ServiceName")
+            Prelude.<*> (x Data..:? "ServiceState")
+            Prelude.<*> (x Data..:? "ServiceType" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2VpcEndpointServiceDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2VpcEndpointServiceDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` acceptanceRequired
+        `Prelude.hashWithSalt` availabilityZones
+        `Prelude.hashWithSalt` baseEndpointDnsNames
+        `Prelude.hashWithSalt` gatewayLoadBalancerArns
+        `Prelude.hashWithSalt` managesVpcEndpoints
+        `Prelude.hashWithSalt` networkLoadBalancerArns
+        `Prelude.hashWithSalt` privateDnsName
+        `Prelude.hashWithSalt` serviceId
+        `Prelude.hashWithSalt` serviceName
+        `Prelude.hashWithSalt` serviceState
+        `Prelude.hashWithSalt` serviceType
+
+instance
+  Prelude.NFData
+    AwsEc2VpcEndpointServiceDetails
+  where
+  rnf AwsEc2VpcEndpointServiceDetails' {..} =
+    Prelude.rnf acceptanceRequired
+      `Prelude.seq` Prelude.rnf availabilityZones
+      `Prelude.seq` Prelude.rnf baseEndpointDnsNames
+      `Prelude.seq` Prelude.rnf gatewayLoadBalancerArns
+      `Prelude.seq` Prelude.rnf managesVpcEndpoints
+      `Prelude.seq` Prelude.rnf networkLoadBalancerArns
+      `Prelude.seq` Prelude.rnf privateDnsName
+      `Prelude.seq` Prelude.rnf serviceId
+      `Prelude.seq` Prelude.rnf serviceName
+      `Prelude.seq` Prelude.rnf serviceState
+      `Prelude.seq` Prelude.rnf serviceType
+
+instance Data.ToJSON AwsEc2VpcEndpointServiceDetails where
+  toJSON AwsEc2VpcEndpointServiceDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AcceptanceRequired" Data..=)
+              Prelude.<$> acceptanceRequired,
+            ("AvailabilityZones" Data..=)
+              Prelude.<$> availabilityZones,
+            ("BaseEndpointDnsNames" Data..=)
+              Prelude.<$> baseEndpointDnsNames,
+            ("GatewayLoadBalancerArns" Data..=)
+              Prelude.<$> gatewayLoadBalancerArns,
+            ("ManagesVpcEndpoints" Data..=)
+              Prelude.<$> managesVpcEndpoints,
+            ("NetworkLoadBalancerArns" Data..=)
+              Prelude.<$> networkLoadBalancerArns,
+            ("PrivateDnsName" Data..=)
+              Prelude.<$> privateDnsName,
+            ("ServiceId" Data..=) Prelude.<$> serviceId,
+            ("ServiceName" Data..=) Prelude.<$> serviceName,
+            ("ServiceState" Data..=) Prelude.<$> serviceState,
+            ("ServiceType" Data..=) Prelude.<$> serviceType
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2VpcEndpointServiceServiceTypeDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2VpcEndpointServiceServiceTypeDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2VpcEndpointServiceServiceTypeDetails.hs
@@ -0,0 +1,94 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2VpcEndpointServiceServiceTypeDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2VpcEndpointServiceServiceTypeDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The service type information for a VPC endpoint service.
+--
+-- /See:/ 'newAwsEc2VpcEndpointServiceServiceTypeDetails' smart constructor.
+data AwsEc2VpcEndpointServiceServiceTypeDetails = AwsEc2VpcEndpointServiceServiceTypeDetails'
+  { -- | The type of service.
+    serviceType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2VpcEndpointServiceServiceTypeDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'serviceType', 'awsEc2VpcEndpointServiceServiceTypeDetails_serviceType' - The type of service.
+newAwsEc2VpcEndpointServiceServiceTypeDetails ::
+  AwsEc2VpcEndpointServiceServiceTypeDetails
+newAwsEc2VpcEndpointServiceServiceTypeDetails =
+  AwsEc2VpcEndpointServiceServiceTypeDetails'
+    { serviceType =
+        Prelude.Nothing
+    }
+
+-- | The type of service.
+awsEc2VpcEndpointServiceServiceTypeDetails_serviceType :: Lens.Lens' AwsEc2VpcEndpointServiceServiceTypeDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpcEndpointServiceServiceTypeDetails_serviceType = Lens.lens (\AwsEc2VpcEndpointServiceServiceTypeDetails' {serviceType} -> serviceType) (\s@AwsEc2VpcEndpointServiceServiceTypeDetails' {} a -> s {serviceType = a} :: AwsEc2VpcEndpointServiceServiceTypeDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2VpcEndpointServiceServiceTypeDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2VpcEndpointServiceServiceTypeDetails"
+      ( \x ->
+          AwsEc2VpcEndpointServiceServiceTypeDetails'
+            Prelude.<$> (x Data..:? "ServiceType")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2VpcEndpointServiceServiceTypeDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2VpcEndpointServiceServiceTypeDetails' {..} =
+      _salt `Prelude.hashWithSalt` serviceType
+
+instance
+  Prelude.NFData
+    AwsEc2VpcEndpointServiceServiceTypeDetails
+  where
+  rnf AwsEc2VpcEndpointServiceServiceTypeDetails' {..} =
+    Prelude.rnf serviceType
+
+instance
+  Data.ToJSON
+    AwsEc2VpcEndpointServiceServiceTypeDetails
+  where
+  toJSON
+    AwsEc2VpcEndpointServiceServiceTypeDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("ServiceType" Data..=) Prelude.<$> serviceType]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2VpcPeeringConnectionDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2VpcPeeringConnectionDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2VpcPeeringConnectionDetails.hs
@@ -0,0 +1,155 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionStatusDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionVpcInfoDetails
+
+-- | Provides information about a VPC peering connection between two VPCs: a
+-- requester VPC that you own and an accepter VPC with which to create the
+-- connection.
+--
+-- /See:/ 'newAwsEc2VpcPeeringConnectionDetails' smart constructor.
+data AwsEc2VpcPeeringConnectionDetails = AwsEc2VpcPeeringConnectionDetails'
+  { -- | Information about the accepter VPC.
+    accepterVpcInfo :: Prelude.Maybe AwsEc2VpcPeeringConnectionVpcInfoDetails,
+    -- | The time at which an unaccepted VPC peering connection will expire.
+    expirationTime :: Prelude.Maybe Prelude.Text,
+    -- | Information about the requester VPC.
+    requesterVpcInfo :: Prelude.Maybe AwsEc2VpcPeeringConnectionVpcInfoDetails,
+    -- | The status of the VPC peering connection.
+    status :: Prelude.Maybe AwsEc2VpcPeeringConnectionStatusDetails,
+    -- | The ID of the VPC peering connection.
+    vpcPeeringConnectionId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2VpcPeeringConnectionDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accepterVpcInfo', 'awsEc2VpcPeeringConnectionDetails_accepterVpcInfo' - Information about the accepter VPC.
+--
+-- 'expirationTime', 'awsEc2VpcPeeringConnectionDetails_expirationTime' - The time at which an unaccepted VPC peering connection will expire.
+--
+-- 'requesterVpcInfo', 'awsEc2VpcPeeringConnectionDetails_requesterVpcInfo' - Information about the requester VPC.
+--
+-- 'status', 'awsEc2VpcPeeringConnectionDetails_status' - The status of the VPC peering connection.
+--
+-- 'vpcPeeringConnectionId', 'awsEc2VpcPeeringConnectionDetails_vpcPeeringConnectionId' - The ID of the VPC peering connection.
+newAwsEc2VpcPeeringConnectionDetails ::
+  AwsEc2VpcPeeringConnectionDetails
+newAwsEc2VpcPeeringConnectionDetails =
+  AwsEc2VpcPeeringConnectionDetails'
+    { accepterVpcInfo =
+        Prelude.Nothing,
+      expirationTime = Prelude.Nothing,
+      requesterVpcInfo = Prelude.Nothing,
+      status = Prelude.Nothing,
+      vpcPeeringConnectionId = Prelude.Nothing
+    }
+
+-- | Information about the accepter VPC.
+awsEc2VpcPeeringConnectionDetails_accepterVpcInfo :: Lens.Lens' AwsEc2VpcPeeringConnectionDetails (Prelude.Maybe AwsEc2VpcPeeringConnectionVpcInfoDetails)
+awsEc2VpcPeeringConnectionDetails_accepterVpcInfo = Lens.lens (\AwsEc2VpcPeeringConnectionDetails' {accepterVpcInfo} -> accepterVpcInfo) (\s@AwsEc2VpcPeeringConnectionDetails' {} a -> s {accepterVpcInfo = a} :: AwsEc2VpcPeeringConnectionDetails)
+
+-- | The time at which an unaccepted VPC peering connection will expire.
+awsEc2VpcPeeringConnectionDetails_expirationTime :: Lens.Lens' AwsEc2VpcPeeringConnectionDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpcPeeringConnectionDetails_expirationTime = Lens.lens (\AwsEc2VpcPeeringConnectionDetails' {expirationTime} -> expirationTime) (\s@AwsEc2VpcPeeringConnectionDetails' {} a -> s {expirationTime = a} :: AwsEc2VpcPeeringConnectionDetails)
+
+-- | Information about the requester VPC.
+awsEc2VpcPeeringConnectionDetails_requesterVpcInfo :: Lens.Lens' AwsEc2VpcPeeringConnectionDetails (Prelude.Maybe AwsEc2VpcPeeringConnectionVpcInfoDetails)
+awsEc2VpcPeeringConnectionDetails_requesterVpcInfo = Lens.lens (\AwsEc2VpcPeeringConnectionDetails' {requesterVpcInfo} -> requesterVpcInfo) (\s@AwsEc2VpcPeeringConnectionDetails' {} a -> s {requesterVpcInfo = a} :: AwsEc2VpcPeeringConnectionDetails)
+
+-- | The status of the VPC peering connection.
+awsEc2VpcPeeringConnectionDetails_status :: Lens.Lens' AwsEc2VpcPeeringConnectionDetails (Prelude.Maybe AwsEc2VpcPeeringConnectionStatusDetails)
+awsEc2VpcPeeringConnectionDetails_status = Lens.lens (\AwsEc2VpcPeeringConnectionDetails' {status} -> status) (\s@AwsEc2VpcPeeringConnectionDetails' {} a -> s {status = a} :: AwsEc2VpcPeeringConnectionDetails)
+
+-- | The ID of the VPC peering connection.
+awsEc2VpcPeeringConnectionDetails_vpcPeeringConnectionId :: Lens.Lens' AwsEc2VpcPeeringConnectionDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpcPeeringConnectionDetails_vpcPeeringConnectionId = Lens.lens (\AwsEc2VpcPeeringConnectionDetails' {vpcPeeringConnectionId} -> vpcPeeringConnectionId) (\s@AwsEc2VpcPeeringConnectionDetails' {} a -> s {vpcPeeringConnectionId = a} :: AwsEc2VpcPeeringConnectionDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2VpcPeeringConnectionDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2VpcPeeringConnectionDetails"
+      ( \x ->
+          AwsEc2VpcPeeringConnectionDetails'
+            Prelude.<$> (x Data..:? "AccepterVpcInfo")
+            Prelude.<*> (x Data..:? "ExpirationTime")
+            Prelude.<*> (x Data..:? "RequesterVpcInfo")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "VpcPeeringConnectionId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2VpcPeeringConnectionDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2VpcPeeringConnectionDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` accepterVpcInfo
+        `Prelude.hashWithSalt` expirationTime
+        `Prelude.hashWithSalt` requesterVpcInfo
+        `Prelude.hashWithSalt` status
+        `Prelude.hashWithSalt` vpcPeeringConnectionId
+
+instance
+  Prelude.NFData
+    AwsEc2VpcPeeringConnectionDetails
+  where
+  rnf AwsEc2VpcPeeringConnectionDetails' {..} =
+    Prelude.rnf accepterVpcInfo
+      `Prelude.seq` Prelude.rnf expirationTime
+      `Prelude.seq` Prelude.rnf requesterVpcInfo
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf vpcPeeringConnectionId
+
+instance
+  Data.ToJSON
+    AwsEc2VpcPeeringConnectionDetails
+  where
+  toJSON AwsEc2VpcPeeringConnectionDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AccepterVpcInfo" Data..=)
+              Prelude.<$> accepterVpcInfo,
+            ("ExpirationTime" Data..=)
+              Prelude.<$> expirationTime,
+            ("RequesterVpcInfo" Data..=)
+              Prelude.<$> requesterVpcInfo,
+            ("Status" Data..=) Prelude.<$> status,
+            ("VpcPeeringConnectionId" Data..=)
+              Prelude.<$> vpcPeeringConnectionId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2VpcPeeringConnectionStatusDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2VpcPeeringConnectionStatusDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2VpcPeeringConnectionStatusDetails.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionStatusDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionStatusDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about the status of the VPC peering connection.
+--
+-- /See:/ 'newAwsEc2VpcPeeringConnectionStatusDetails' smart constructor.
+data AwsEc2VpcPeeringConnectionStatusDetails = AwsEc2VpcPeeringConnectionStatusDetails'
+  { -- | The status of the VPC peering connection.
+    code :: Prelude.Maybe Prelude.Text,
+    -- | A message that provides more information about the status, if
+    -- applicable.
+    message :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2VpcPeeringConnectionStatusDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'code', 'awsEc2VpcPeeringConnectionStatusDetails_code' - The status of the VPC peering connection.
+--
+-- 'message', 'awsEc2VpcPeeringConnectionStatusDetails_message' - A message that provides more information about the status, if
+-- applicable.
+newAwsEc2VpcPeeringConnectionStatusDetails ::
+  AwsEc2VpcPeeringConnectionStatusDetails
+newAwsEc2VpcPeeringConnectionStatusDetails =
+  AwsEc2VpcPeeringConnectionStatusDetails'
+    { code =
+        Prelude.Nothing,
+      message = Prelude.Nothing
+    }
+
+-- | The status of the VPC peering connection.
+awsEc2VpcPeeringConnectionStatusDetails_code :: Lens.Lens' AwsEc2VpcPeeringConnectionStatusDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpcPeeringConnectionStatusDetails_code = Lens.lens (\AwsEc2VpcPeeringConnectionStatusDetails' {code} -> code) (\s@AwsEc2VpcPeeringConnectionStatusDetails' {} a -> s {code = a} :: AwsEc2VpcPeeringConnectionStatusDetails)
+
+-- | A message that provides more information about the status, if
+-- applicable.
+awsEc2VpcPeeringConnectionStatusDetails_message :: Lens.Lens' AwsEc2VpcPeeringConnectionStatusDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpcPeeringConnectionStatusDetails_message = Lens.lens (\AwsEc2VpcPeeringConnectionStatusDetails' {message} -> message) (\s@AwsEc2VpcPeeringConnectionStatusDetails' {} a -> s {message = a} :: AwsEc2VpcPeeringConnectionStatusDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2VpcPeeringConnectionStatusDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2VpcPeeringConnectionStatusDetails"
+      ( \x ->
+          AwsEc2VpcPeeringConnectionStatusDetails'
+            Prelude.<$> (x Data..:? "Code")
+            Prelude.<*> (x Data..:? "Message")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2VpcPeeringConnectionStatusDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2VpcPeeringConnectionStatusDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` code
+        `Prelude.hashWithSalt` message
+
+instance
+  Prelude.NFData
+    AwsEc2VpcPeeringConnectionStatusDetails
+  where
+  rnf AwsEc2VpcPeeringConnectionStatusDetails' {..} =
+    Prelude.rnf code `Prelude.seq` Prelude.rnf message
+
+instance
+  Data.ToJSON
+    AwsEc2VpcPeeringConnectionStatusDetails
+  where
+  toJSON AwsEc2VpcPeeringConnectionStatusDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Code" Data..=) Prelude.<$> code,
+            ("Message" Data..=) Prelude.<$> message
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2VpcPeeringConnectionVpcInfoDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2VpcPeeringConnectionVpcInfoDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2VpcPeeringConnectionVpcInfoDetails.hs
@@ -0,0 +1,185 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionVpcInfoDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionVpcInfoDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.VpcInfoCidrBlockSetDetails
+import Amazonka.SecurityHub.Types.VpcInfoIpv6CidrBlockSetDetails
+import Amazonka.SecurityHub.Types.VpcInfoPeeringOptionsDetails
+
+-- | Describes a VPC in a VPC peering connection.
+--
+-- /See:/ 'newAwsEc2VpcPeeringConnectionVpcInfoDetails' smart constructor.
+data AwsEc2VpcPeeringConnectionVpcInfoDetails = AwsEc2VpcPeeringConnectionVpcInfoDetails'
+  { -- | The IPv4 CIDR block for the VPC.
+    cidrBlock :: Prelude.Maybe Prelude.Text,
+    -- | Information about the IPv4 CIDR blocks for the VPC.
+    cidrBlockSet :: Prelude.Maybe [VpcInfoCidrBlockSetDetails],
+    -- | The IPv6 CIDR block for the VPC.
+    ipv6CidrBlockSet :: Prelude.Maybe [VpcInfoIpv6CidrBlockSetDetails],
+    -- | The ID of the Amazon Web Services account that owns the VPC.
+    ownerId :: Prelude.Maybe Prelude.Text,
+    -- | Information about the VPC peering connection options for the accepter or
+    -- requester VPC.
+    peeringOptions :: Prelude.Maybe VpcInfoPeeringOptionsDetails,
+    -- | The Amazon Web Services Region in which the VPC is located.
+    region :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the VPC.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2VpcPeeringConnectionVpcInfoDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cidrBlock', 'awsEc2VpcPeeringConnectionVpcInfoDetails_cidrBlock' - The IPv4 CIDR block for the VPC.
+--
+-- 'cidrBlockSet', 'awsEc2VpcPeeringConnectionVpcInfoDetails_cidrBlockSet' - Information about the IPv4 CIDR blocks for the VPC.
+--
+-- 'ipv6CidrBlockSet', 'awsEc2VpcPeeringConnectionVpcInfoDetails_ipv6CidrBlockSet' - The IPv6 CIDR block for the VPC.
+--
+-- 'ownerId', 'awsEc2VpcPeeringConnectionVpcInfoDetails_ownerId' - The ID of the Amazon Web Services account that owns the VPC.
+--
+-- 'peeringOptions', 'awsEc2VpcPeeringConnectionVpcInfoDetails_peeringOptions' - Information about the VPC peering connection options for the accepter or
+-- requester VPC.
+--
+-- 'region', 'awsEc2VpcPeeringConnectionVpcInfoDetails_region' - The Amazon Web Services Region in which the VPC is located.
+--
+-- 'vpcId', 'awsEc2VpcPeeringConnectionVpcInfoDetails_vpcId' - The ID of the VPC.
+newAwsEc2VpcPeeringConnectionVpcInfoDetails ::
+  AwsEc2VpcPeeringConnectionVpcInfoDetails
+newAwsEc2VpcPeeringConnectionVpcInfoDetails =
+  AwsEc2VpcPeeringConnectionVpcInfoDetails'
+    { cidrBlock =
+        Prelude.Nothing,
+      cidrBlockSet = Prelude.Nothing,
+      ipv6CidrBlockSet =
+        Prelude.Nothing,
+      ownerId = Prelude.Nothing,
+      peeringOptions = Prelude.Nothing,
+      region = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | The IPv4 CIDR block for the VPC.
+awsEc2VpcPeeringConnectionVpcInfoDetails_cidrBlock :: Lens.Lens' AwsEc2VpcPeeringConnectionVpcInfoDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpcPeeringConnectionVpcInfoDetails_cidrBlock = Lens.lens (\AwsEc2VpcPeeringConnectionVpcInfoDetails' {cidrBlock} -> cidrBlock) (\s@AwsEc2VpcPeeringConnectionVpcInfoDetails' {} a -> s {cidrBlock = a} :: AwsEc2VpcPeeringConnectionVpcInfoDetails)
+
+-- | Information about the IPv4 CIDR blocks for the VPC.
+awsEc2VpcPeeringConnectionVpcInfoDetails_cidrBlockSet :: Lens.Lens' AwsEc2VpcPeeringConnectionVpcInfoDetails (Prelude.Maybe [VpcInfoCidrBlockSetDetails])
+awsEc2VpcPeeringConnectionVpcInfoDetails_cidrBlockSet = Lens.lens (\AwsEc2VpcPeeringConnectionVpcInfoDetails' {cidrBlockSet} -> cidrBlockSet) (\s@AwsEc2VpcPeeringConnectionVpcInfoDetails' {} a -> s {cidrBlockSet = a} :: AwsEc2VpcPeeringConnectionVpcInfoDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The IPv6 CIDR block for the VPC.
+awsEc2VpcPeeringConnectionVpcInfoDetails_ipv6CidrBlockSet :: Lens.Lens' AwsEc2VpcPeeringConnectionVpcInfoDetails (Prelude.Maybe [VpcInfoIpv6CidrBlockSetDetails])
+awsEc2VpcPeeringConnectionVpcInfoDetails_ipv6CidrBlockSet = Lens.lens (\AwsEc2VpcPeeringConnectionVpcInfoDetails' {ipv6CidrBlockSet} -> ipv6CidrBlockSet) (\s@AwsEc2VpcPeeringConnectionVpcInfoDetails' {} a -> s {ipv6CidrBlockSet = a} :: AwsEc2VpcPeeringConnectionVpcInfoDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the Amazon Web Services account that owns the VPC.
+awsEc2VpcPeeringConnectionVpcInfoDetails_ownerId :: Lens.Lens' AwsEc2VpcPeeringConnectionVpcInfoDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpcPeeringConnectionVpcInfoDetails_ownerId = Lens.lens (\AwsEc2VpcPeeringConnectionVpcInfoDetails' {ownerId} -> ownerId) (\s@AwsEc2VpcPeeringConnectionVpcInfoDetails' {} a -> s {ownerId = a} :: AwsEc2VpcPeeringConnectionVpcInfoDetails)
+
+-- | Information about the VPC peering connection options for the accepter or
+-- requester VPC.
+awsEc2VpcPeeringConnectionVpcInfoDetails_peeringOptions :: Lens.Lens' AwsEc2VpcPeeringConnectionVpcInfoDetails (Prelude.Maybe VpcInfoPeeringOptionsDetails)
+awsEc2VpcPeeringConnectionVpcInfoDetails_peeringOptions = Lens.lens (\AwsEc2VpcPeeringConnectionVpcInfoDetails' {peeringOptions} -> peeringOptions) (\s@AwsEc2VpcPeeringConnectionVpcInfoDetails' {} a -> s {peeringOptions = a} :: AwsEc2VpcPeeringConnectionVpcInfoDetails)
+
+-- | The Amazon Web Services Region in which the VPC is located.
+awsEc2VpcPeeringConnectionVpcInfoDetails_region :: Lens.Lens' AwsEc2VpcPeeringConnectionVpcInfoDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpcPeeringConnectionVpcInfoDetails_region = Lens.lens (\AwsEc2VpcPeeringConnectionVpcInfoDetails' {region} -> region) (\s@AwsEc2VpcPeeringConnectionVpcInfoDetails' {} a -> s {region = a} :: AwsEc2VpcPeeringConnectionVpcInfoDetails)
+
+-- | The ID of the VPC.
+awsEc2VpcPeeringConnectionVpcInfoDetails_vpcId :: Lens.Lens' AwsEc2VpcPeeringConnectionVpcInfoDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpcPeeringConnectionVpcInfoDetails_vpcId = Lens.lens (\AwsEc2VpcPeeringConnectionVpcInfoDetails' {vpcId} -> vpcId) (\s@AwsEc2VpcPeeringConnectionVpcInfoDetails' {} a -> s {vpcId = a} :: AwsEc2VpcPeeringConnectionVpcInfoDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2VpcPeeringConnectionVpcInfoDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2VpcPeeringConnectionVpcInfoDetails"
+      ( \x ->
+          AwsEc2VpcPeeringConnectionVpcInfoDetails'
+            Prelude.<$> (x Data..:? "CidrBlock")
+            Prelude.<*> (x Data..:? "CidrBlockSet" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "Ipv6CidrBlockSet"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "OwnerId")
+            Prelude.<*> (x Data..:? "PeeringOptions")
+            Prelude.<*> (x Data..:? "Region")
+            Prelude.<*> (x Data..:? "VpcId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2VpcPeeringConnectionVpcInfoDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2VpcPeeringConnectionVpcInfoDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` cidrBlock
+        `Prelude.hashWithSalt` cidrBlockSet
+        `Prelude.hashWithSalt` ipv6CidrBlockSet
+        `Prelude.hashWithSalt` ownerId
+        `Prelude.hashWithSalt` peeringOptions
+        `Prelude.hashWithSalt` region
+        `Prelude.hashWithSalt` vpcId
+
+instance
+  Prelude.NFData
+    AwsEc2VpcPeeringConnectionVpcInfoDetails
+  where
+  rnf AwsEc2VpcPeeringConnectionVpcInfoDetails' {..} =
+    Prelude.rnf cidrBlock
+      `Prelude.seq` Prelude.rnf cidrBlockSet
+      `Prelude.seq` Prelude.rnf ipv6CidrBlockSet
+      `Prelude.seq` Prelude.rnf ownerId
+      `Prelude.seq` Prelude.rnf peeringOptions
+      `Prelude.seq` Prelude.rnf region
+      `Prelude.seq` Prelude.rnf vpcId
+
+instance
+  Data.ToJSON
+    AwsEc2VpcPeeringConnectionVpcInfoDetails
+  where
+  toJSON AwsEc2VpcPeeringConnectionVpcInfoDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CidrBlock" Data..=) Prelude.<$> cidrBlock,
+            ("CidrBlockSet" Data..=) Prelude.<$> cidrBlockSet,
+            ("Ipv6CidrBlockSet" Data..=)
+              Prelude.<$> ipv6CidrBlockSet,
+            ("OwnerId" Data..=) Prelude.<$> ownerId,
+            ("PeeringOptions" Data..=)
+              Prelude.<$> peeringOptions,
+            ("Region" Data..=) Prelude.<$> region,
+            ("VpcId" Data..=) Prelude.<$> vpcId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2VpnConnectionDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2VpnConnectionDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2VpnConnectionDetails.hs
@@ -0,0 +1,260 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2VpnConnectionDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2VpnConnectionDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2VpnConnectionOptionsDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpnConnectionRoutesDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpnConnectionVgwTelemetryDetails
+
+-- | Details about an Amazon EC2 VPN connection.
+--
+-- /See:/ 'newAwsEc2VpnConnectionDetails' smart constructor.
+data AwsEc2VpnConnectionDetails = AwsEc2VpnConnectionDetails'
+  { -- | The category of the VPN connection. @VPN@ indicates an Amazon Web
+    -- Services VPN connection. @VPN-Classic@ indicates an Amazon Web Services
+    -- Classic VPN connection.
+    category :: Prelude.Maybe Prelude.Text,
+    -- | The configuration information for the VPN connection\'s customer
+    -- gateway, in the native XML format.
+    customerGatewayConfiguration :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the customer gateway that is at your end of the VPN
+    -- connection.
+    customerGatewayId :: Prelude.Maybe Prelude.Text,
+    -- | The VPN connection options.
+    options :: Prelude.Maybe AwsEc2VpnConnectionOptionsDetails,
+    -- | The static routes that are associated with the VPN connection.
+    routes :: Prelude.Maybe [AwsEc2VpnConnectionRoutesDetails],
+    -- | The current state of the VPN connection. Valid values are as follows:
+    --
+    -- -   @available@
+    --
+    -- -   @deleted@
+    --
+    -- -   @deleting@
+    --
+    -- -   @pending@
+    state :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the transit gateway that is associated with the VPN
+    -- connection.
+    transitGatewayId :: Prelude.Maybe Prelude.Text,
+    -- | The type of VPN connection.
+    type' :: Prelude.Maybe Prelude.Text,
+    -- | Information about the VPN tunnel.
+    vgwTelemetry :: Prelude.Maybe [AwsEc2VpnConnectionVgwTelemetryDetails],
+    -- | The identifier of the VPN connection.
+    vpnConnectionId :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the virtual private gateway that is at the Amazon Web
+    -- Services side of the VPN connection.
+    vpnGatewayId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2VpnConnectionDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'category', 'awsEc2VpnConnectionDetails_category' - The category of the VPN connection. @VPN@ indicates an Amazon Web
+-- Services VPN connection. @VPN-Classic@ indicates an Amazon Web Services
+-- Classic VPN connection.
+--
+-- 'customerGatewayConfiguration', 'awsEc2VpnConnectionDetails_customerGatewayConfiguration' - The configuration information for the VPN connection\'s customer
+-- gateway, in the native XML format.
+--
+-- 'customerGatewayId', 'awsEc2VpnConnectionDetails_customerGatewayId' - The identifier of the customer gateway that is at your end of the VPN
+-- connection.
+--
+-- 'options', 'awsEc2VpnConnectionDetails_options' - The VPN connection options.
+--
+-- 'routes', 'awsEc2VpnConnectionDetails_routes' - The static routes that are associated with the VPN connection.
+--
+-- 'state', 'awsEc2VpnConnectionDetails_state' - The current state of the VPN connection. Valid values are as follows:
+--
+-- -   @available@
+--
+-- -   @deleted@
+--
+-- -   @deleting@
+--
+-- -   @pending@
+--
+-- 'transitGatewayId', 'awsEc2VpnConnectionDetails_transitGatewayId' - The identifier of the transit gateway that is associated with the VPN
+-- connection.
+--
+-- 'type'', 'awsEc2VpnConnectionDetails_type' - The type of VPN connection.
+--
+-- 'vgwTelemetry', 'awsEc2VpnConnectionDetails_vgwTelemetry' - Information about the VPN tunnel.
+--
+-- 'vpnConnectionId', 'awsEc2VpnConnectionDetails_vpnConnectionId' - The identifier of the VPN connection.
+--
+-- 'vpnGatewayId', 'awsEc2VpnConnectionDetails_vpnGatewayId' - The identifier of the virtual private gateway that is at the Amazon Web
+-- Services side of the VPN connection.
+newAwsEc2VpnConnectionDetails ::
+  AwsEc2VpnConnectionDetails
+newAwsEc2VpnConnectionDetails =
+  AwsEc2VpnConnectionDetails'
+    { category =
+        Prelude.Nothing,
+      customerGatewayConfiguration = Prelude.Nothing,
+      customerGatewayId = Prelude.Nothing,
+      options = Prelude.Nothing,
+      routes = Prelude.Nothing,
+      state = Prelude.Nothing,
+      transitGatewayId = Prelude.Nothing,
+      type' = Prelude.Nothing,
+      vgwTelemetry = Prelude.Nothing,
+      vpnConnectionId = Prelude.Nothing,
+      vpnGatewayId = Prelude.Nothing
+    }
+
+-- | The category of the VPN connection. @VPN@ indicates an Amazon Web
+-- Services VPN connection. @VPN-Classic@ indicates an Amazon Web Services
+-- Classic VPN connection.
+awsEc2VpnConnectionDetails_category :: Lens.Lens' AwsEc2VpnConnectionDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionDetails_category = Lens.lens (\AwsEc2VpnConnectionDetails' {category} -> category) (\s@AwsEc2VpnConnectionDetails' {} a -> s {category = a} :: AwsEc2VpnConnectionDetails)
+
+-- | The configuration information for the VPN connection\'s customer
+-- gateway, in the native XML format.
+awsEc2VpnConnectionDetails_customerGatewayConfiguration :: Lens.Lens' AwsEc2VpnConnectionDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionDetails_customerGatewayConfiguration = Lens.lens (\AwsEc2VpnConnectionDetails' {customerGatewayConfiguration} -> customerGatewayConfiguration) (\s@AwsEc2VpnConnectionDetails' {} a -> s {customerGatewayConfiguration = a} :: AwsEc2VpnConnectionDetails)
+
+-- | The identifier of the customer gateway that is at your end of the VPN
+-- connection.
+awsEc2VpnConnectionDetails_customerGatewayId :: Lens.Lens' AwsEc2VpnConnectionDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionDetails_customerGatewayId = Lens.lens (\AwsEc2VpnConnectionDetails' {customerGatewayId} -> customerGatewayId) (\s@AwsEc2VpnConnectionDetails' {} a -> s {customerGatewayId = a} :: AwsEc2VpnConnectionDetails)
+
+-- | The VPN connection options.
+awsEc2VpnConnectionDetails_options :: Lens.Lens' AwsEc2VpnConnectionDetails (Prelude.Maybe AwsEc2VpnConnectionOptionsDetails)
+awsEc2VpnConnectionDetails_options = Lens.lens (\AwsEc2VpnConnectionDetails' {options} -> options) (\s@AwsEc2VpnConnectionDetails' {} a -> s {options = a} :: AwsEc2VpnConnectionDetails)
+
+-- | The static routes that are associated with the VPN connection.
+awsEc2VpnConnectionDetails_routes :: Lens.Lens' AwsEc2VpnConnectionDetails (Prelude.Maybe [AwsEc2VpnConnectionRoutesDetails])
+awsEc2VpnConnectionDetails_routes = Lens.lens (\AwsEc2VpnConnectionDetails' {routes} -> routes) (\s@AwsEc2VpnConnectionDetails' {} a -> s {routes = a} :: AwsEc2VpnConnectionDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The current state of the VPN connection. Valid values are as follows:
+--
+-- -   @available@
+--
+-- -   @deleted@
+--
+-- -   @deleting@
+--
+-- -   @pending@
+awsEc2VpnConnectionDetails_state :: Lens.Lens' AwsEc2VpnConnectionDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionDetails_state = Lens.lens (\AwsEc2VpnConnectionDetails' {state} -> state) (\s@AwsEc2VpnConnectionDetails' {} a -> s {state = a} :: AwsEc2VpnConnectionDetails)
+
+-- | The identifier of the transit gateway that is associated with the VPN
+-- connection.
+awsEc2VpnConnectionDetails_transitGatewayId :: Lens.Lens' AwsEc2VpnConnectionDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionDetails_transitGatewayId = Lens.lens (\AwsEc2VpnConnectionDetails' {transitGatewayId} -> transitGatewayId) (\s@AwsEc2VpnConnectionDetails' {} a -> s {transitGatewayId = a} :: AwsEc2VpnConnectionDetails)
+
+-- | The type of VPN connection.
+awsEc2VpnConnectionDetails_type :: Lens.Lens' AwsEc2VpnConnectionDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionDetails_type = Lens.lens (\AwsEc2VpnConnectionDetails' {type'} -> type') (\s@AwsEc2VpnConnectionDetails' {} a -> s {type' = a} :: AwsEc2VpnConnectionDetails)
+
+-- | Information about the VPN tunnel.
+awsEc2VpnConnectionDetails_vgwTelemetry :: Lens.Lens' AwsEc2VpnConnectionDetails (Prelude.Maybe [AwsEc2VpnConnectionVgwTelemetryDetails])
+awsEc2VpnConnectionDetails_vgwTelemetry = Lens.lens (\AwsEc2VpnConnectionDetails' {vgwTelemetry} -> vgwTelemetry) (\s@AwsEc2VpnConnectionDetails' {} a -> s {vgwTelemetry = a} :: AwsEc2VpnConnectionDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The identifier of the VPN connection.
+awsEc2VpnConnectionDetails_vpnConnectionId :: Lens.Lens' AwsEc2VpnConnectionDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionDetails_vpnConnectionId = Lens.lens (\AwsEc2VpnConnectionDetails' {vpnConnectionId} -> vpnConnectionId) (\s@AwsEc2VpnConnectionDetails' {} a -> s {vpnConnectionId = a} :: AwsEc2VpnConnectionDetails)
+
+-- | The identifier of the virtual private gateway that is at the Amazon Web
+-- Services side of the VPN connection.
+awsEc2VpnConnectionDetails_vpnGatewayId :: Lens.Lens' AwsEc2VpnConnectionDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionDetails_vpnGatewayId = Lens.lens (\AwsEc2VpnConnectionDetails' {vpnGatewayId} -> vpnGatewayId) (\s@AwsEc2VpnConnectionDetails' {} a -> s {vpnGatewayId = a} :: AwsEc2VpnConnectionDetails)
+
+instance Data.FromJSON AwsEc2VpnConnectionDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEc2VpnConnectionDetails"
+      ( \x ->
+          AwsEc2VpnConnectionDetails'
+            Prelude.<$> (x Data..:? "Category")
+            Prelude.<*> (x Data..:? "CustomerGatewayConfiguration")
+            Prelude.<*> (x Data..:? "CustomerGatewayId")
+            Prelude.<*> (x Data..:? "Options")
+            Prelude.<*> (x Data..:? "Routes" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "State")
+            Prelude.<*> (x Data..:? "TransitGatewayId")
+            Prelude.<*> (x Data..:? "Type")
+            Prelude.<*> (x Data..:? "VgwTelemetry" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "VpnConnectionId")
+            Prelude.<*> (x Data..:? "VpnGatewayId")
+      )
+
+instance Prelude.Hashable AwsEc2VpnConnectionDetails where
+  hashWithSalt _salt AwsEc2VpnConnectionDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` category
+      `Prelude.hashWithSalt` customerGatewayConfiguration
+      `Prelude.hashWithSalt` customerGatewayId
+      `Prelude.hashWithSalt` options
+      `Prelude.hashWithSalt` routes
+      `Prelude.hashWithSalt` state
+      `Prelude.hashWithSalt` transitGatewayId
+      `Prelude.hashWithSalt` type'
+      `Prelude.hashWithSalt` vgwTelemetry
+      `Prelude.hashWithSalt` vpnConnectionId
+      `Prelude.hashWithSalt` vpnGatewayId
+
+instance Prelude.NFData AwsEc2VpnConnectionDetails where
+  rnf AwsEc2VpnConnectionDetails' {..} =
+    Prelude.rnf category
+      `Prelude.seq` Prelude.rnf customerGatewayConfiguration
+      `Prelude.seq` Prelude.rnf customerGatewayId
+      `Prelude.seq` Prelude.rnf options
+      `Prelude.seq` Prelude.rnf routes
+      `Prelude.seq` Prelude.rnf state
+      `Prelude.seq` Prelude.rnf transitGatewayId
+      `Prelude.seq` Prelude.rnf type'
+      `Prelude.seq` Prelude.rnf vgwTelemetry
+      `Prelude.seq` Prelude.rnf vpnConnectionId
+      `Prelude.seq` Prelude.rnf vpnGatewayId
+
+instance Data.ToJSON AwsEc2VpnConnectionDetails where
+  toJSON AwsEc2VpnConnectionDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Category" Data..=) Prelude.<$> category,
+            ("CustomerGatewayConfiguration" Data..=)
+              Prelude.<$> customerGatewayConfiguration,
+            ("CustomerGatewayId" Data..=)
+              Prelude.<$> customerGatewayId,
+            ("Options" Data..=) Prelude.<$> options,
+            ("Routes" Data..=) Prelude.<$> routes,
+            ("State" Data..=) Prelude.<$> state,
+            ("TransitGatewayId" Data..=)
+              Prelude.<$> transitGatewayId,
+            ("Type" Data..=) Prelude.<$> type',
+            ("VgwTelemetry" Data..=) Prelude.<$> vgwTelemetry,
+            ("VpnConnectionId" Data..=)
+              Prelude.<$> vpnConnectionId,
+            ("VpnGatewayId" Data..=) Prelude.<$> vpnGatewayId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2VpnConnectionOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2VpnConnectionOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2VpnConnectionOptionsDetails.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2VpnConnectionOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2VpnConnectionOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEc2VpnConnectionOptionsTunnelOptionsDetails
+
+-- | VPN connection options.
+--
+-- /See:/ 'newAwsEc2VpnConnectionOptionsDetails' smart constructor.
+data AwsEc2VpnConnectionOptionsDetails = AwsEc2VpnConnectionOptionsDetails'
+  { -- | Whether the VPN connection uses static routes only.
+    staticRoutesOnly :: Prelude.Maybe Prelude.Bool,
+    -- | The VPN tunnel options.
+    tunnelOptions :: Prelude.Maybe [AwsEc2VpnConnectionOptionsTunnelOptionsDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2VpnConnectionOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'staticRoutesOnly', 'awsEc2VpnConnectionOptionsDetails_staticRoutesOnly' - Whether the VPN connection uses static routes only.
+--
+-- 'tunnelOptions', 'awsEc2VpnConnectionOptionsDetails_tunnelOptions' - The VPN tunnel options.
+newAwsEc2VpnConnectionOptionsDetails ::
+  AwsEc2VpnConnectionOptionsDetails
+newAwsEc2VpnConnectionOptionsDetails =
+  AwsEc2VpnConnectionOptionsDetails'
+    { staticRoutesOnly =
+        Prelude.Nothing,
+      tunnelOptions = Prelude.Nothing
+    }
+
+-- | Whether the VPN connection uses static routes only.
+awsEc2VpnConnectionOptionsDetails_staticRoutesOnly :: Lens.Lens' AwsEc2VpnConnectionOptionsDetails (Prelude.Maybe Prelude.Bool)
+awsEc2VpnConnectionOptionsDetails_staticRoutesOnly = Lens.lens (\AwsEc2VpnConnectionOptionsDetails' {staticRoutesOnly} -> staticRoutesOnly) (\s@AwsEc2VpnConnectionOptionsDetails' {} a -> s {staticRoutesOnly = a} :: AwsEc2VpnConnectionOptionsDetails)
+
+-- | The VPN tunnel options.
+awsEc2VpnConnectionOptionsDetails_tunnelOptions :: Lens.Lens' AwsEc2VpnConnectionOptionsDetails (Prelude.Maybe [AwsEc2VpnConnectionOptionsTunnelOptionsDetails])
+awsEc2VpnConnectionOptionsDetails_tunnelOptions = Lens.lens (\AwsEc2VpnConnectionOptionsDetails' {tunnelOptions} -> tunnelOptions) (\s@AwsEc2VpnConnectionOptionsDetails' {} a -> s {tunnelOptions = a} :: AwsEc2VpnConnectionOptionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsEc2VpnConnectionOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2VpnConnectionOptionsDetails"
+      ( \x ->
+          AwsEc2VpnConnectionOptionsDetails'
+            Prelude.<$> (x Data..:? "StaticRoutesOnly")
+            Prelude.<*> (x Data..:? "TunnelOptions" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2VpnConnectionOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2VpnConnectionOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` staticRoutesOnly
+        `Prelude.hashWithSalt` tunnelOptions
+
+instance
+  Prelude.NFData
+    AwsEc2VpnConnectionOptionsDetails
+  where
+  rnf AwsEc2VpnConnectionOptionsDetails' {..} =
+    Prelude.rnf staticRoutesOnly
+      `Prelude.seq` Prelude.rnf tunnelOptions
+
+instance
+  Data.ToJSON
+    AwsEc2VpnConnectionOptionsDetails
+  where
+  toJSON AwsEc2VpnConnectionOptionsDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("StaticRoutesOnly" Data..=)
+              Prelude.<$> staticRoutesOnly,
+            ("TunnelOptions" Data..=) Prelude.<$> tunnelOptions
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2VpnConnectionOptionsTunnelOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2VpnConnectionOptionsTunnelOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2VpnConnectionOptionsTunnelOptionsDetails.hs
@@ -0,0 +1,378 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2VpnConnectionOptionsTunnelOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2VpnConnectionOptionsTunnelOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The VPN tunnel options.
+--
+-- /See:/ 'newAwsEc2VpnConnectionOptionsTunnelOptionsDetails' smart constructor.
+data AwsEc2VpnConnectionOptionsTunnelOptionsDetails = AwsEc2VpnConnectionOptionsTunnelOptionsDetails'
+  { -- | The number of seconds after which a Dead Peer Detection (DPD) timeout
+    -- occurs.
+    dpdTimeoutSeconds :: Prelude.Maybe Prelude.Int,
+    -- | The Internet Key Exchange (IKE) versions that are permitted for the VPN
+    -- tunnel.
+    ikeVersions :: Prelude.Maybe [Prelude.Text],
+    -- | The external IP address of the VPN tunnel.
+    outsideIpAddress :: Prelude.Maybe Prelude.Text,
+    -- | The permitted Diffie-Hellman group numbers for the VPN tunnel for phase
+    -- 1 IKE negotiations.
+    phase1DhGroupNumbers :: Prelude.Maybe [Prelude.Int],
+    -- | The permitted encryption algorithms for the VPN tunnel for phase 1 IKE
+    -- negotiations.
+    phase1EncryptionAlgorithms :: Prelude.Maybe [Prelude.Text],
+    -- | The permitted integrity algorithms for the VPN tunnel for phase 1 IKE
+    -- negotiations.
+    phase1IntegrityAlgorithms :: Prelude.Maybe [Prelude.Text],
+    -- | The lifetime for phase 1 of the IKE negotiation, in seconds.
+    phase1LifetimeSeconds :: Prelude.Maybe Prelude.Int,
+    -- | The permitted Diffie-Hellman group numbers for the VPN tunnel for phase
+    -- 2 IKE negotiations.
+    phase2DhGroupNumbers :: Prelude.Maybe [Prelude.Int],
+    -- | The permitted encryption algorithms for the VPN tunnel for phase 2 IKE
+    -- negotiations.
+    phase2EncryptionAlgorithms :: Prelude.Maybe [Prelude.Text],
+    -- | The permitted integrity algorithms for the VPN tunnel for phase 2 IKE
+    -- negotiations.
+    phase2IntegrityAlgorithms :: Prelude.Maybe [Prelude.Text],
+    -- | The lifetime for phase 2 of the IKE negotiation, in seconds.
+    phase2LifetimeSeconds :: Prelude.Maybe Prelude.Int,
+    -- | The preshared key to establish initial authentication between the
+    -- virtual private gateway and the customer gateway.
+    preSharedKey :: Prelude.Maybe Prelude.Text,
+    -- | The percentage of the rekey window, which is determined by
+    -- @RekeyMarginTimeSeconds@ during which the rekey time is randomly
+    -- selected.
+    rekeyFuzzPercentage :: Prelude.Maybe Prelude.Int,
+    -- | The margin time, in seconds, before the phase 2 lifetime expires, during
+    -- which the Amazon Web Services side of the VPN connection performs an IKE
+    -- rekey.
+    rekeyMarginTimeSeconds :: Prelude.Maybe Prelude.Int,
+    -- | The number of packets in an IKE replay window.
+    replayWindowSize :: Prelude.Maybe Prelude.Int,
+    -- | The range of inside IPv4 addresses for the tunnel.
+    tunnelInsideCidr :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2VpnConnectionOptionsTunnelOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dpdTimeoutSeconds', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_dpdTimeoutSeconds' - The number of seconds after which a Dead Peer Detection (DPD) timeout
+-- occurs.
+--
+-- 'ikeVersions', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_ikeVersions' - The Internet Key Exchange (IKE) versions that are permitted for the VPN
+-- tunnel.
+--
+-- 'outsideIpAddress', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_outsideIpAddress' - The external IP address of the VPN tunnel.
+--
+-- 'phase1DhGroupNumbers', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1DhGroupNumbers' - The permitted Diffie-Hellman group numbers for the VPN tunnel for phase
+-- 1 IKE negotiations.
+--
+-- 'phase1EncryptionAlgorithms', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1EncryptionAlgorithms' - The permitted encryption algorithms for the VPN tunnel for phase 1 IKE
+-- negotiations.
+--
+-- 'phase1IntegrityAlgorithms', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1IntegrityAlgorithms' - The permitted integrity algorithms for the VPN tunnel for phase 1 IKE
+-- negotiations.
+--
+-- 'phase1LifetimeSeconds', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1LifetimeSeconds' - The lifetime for phase 1 of the IKE negotiation, in seconds.
+--
+-- 'phase2DhGroupNumbers', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2DhGroupNumbers' - The permitted Diffie-Hellman group numbers for the VPN tunnel for phase
+-- 2 IKE negotiations.
+--
+-- 'phase2EncryptionAlgorithms', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2EncryptionAlgorithms' - The permitted encryption algorithms for the VPN tunnel for phase 2 IKE
+-- negotiations.
+--
+-- 'phase2IntegrityAlgorithms', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2IntegrityAlgorithms' - The permitted integrity algorithms for the VPN tunnel for phase 2 IKE
+-- negotiations.
+--
+-- 'phase2LifetimeSeconds', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2LifetimeSeconds' - The lifetime for phase 2 of the IKE negotiation, in seconds.
+--
+-- 'preSharedKey', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_preSharedKey' - The preshared key to establish initial authentication between the
+-- virtual private gateway and the customer gateway.
+--
+-- 'rekeyFuzzPercentage', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_rekeyFuzzPercentage' - The percentage of the rekey window, which is determined by
+-- @RekeyMarginTimeSeconds@ during which the rekey time is randomly
+-- selected.
+--
+-- 'rekeyMarginTimeSeconds', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_rekeyMarginTimeSeconds' - The margin time, in seconds, before the phase 2 lifetime expires, during
+-- which the Amazon Web Services side of the VPN connection performs an IKE
+-- rekey.
+--
+-- 'replayWindowSize', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_replayWindowSize' - The number of packets in an IKE replay window.
+--
+-- 'tunnelInsideCidr', 'awsEc2VpnConnectionOptionsTunnelOptionsDetails_tunnelInsideCidr' - The range of inside IPv4 addresses for the tunnel.
+newAwsEc2VpnConnectionOptionsTunnelOptionsDetails ::
+  AwsEc2VpnConnectionOptionsTunnelOptionsDetails
+newAwsEc2VpnConnectionOptionsTunnelOptionsDetails =
+  AwsEc2VpnConnectionOptionsTunnelOptionsDetails'
+    { dpdTimeoutSeconds =
+        Prelude.Nothing,
+      ikeVersions =
+        Prelude.Nothing,
+      outsideIpAddress =
+        Prelude.Nothing,
+      phase1DhGroupNumbers =
+        Prelude.Nothing,
+      phase1EncryptionAlgorithms =
+        Prelude.Nothing,
+      phase1IntegrityAlgorithms =
+        Prelude.Nothing,
+      phase1LifetimeSeconds =
+        Prelude.Nothing,
+      phase2DhGroupNumbers =
+        Prelude.Nothing,
+      phase2EncryptionAlgorithms =
+        Prelude.Nothing,
+      phase2IntegrityAlgorithms =
+        Prelude.Nothing,
+      phase2LifetimeSeconds =
+        Prelude.Nothing,
+      preSharedKey =
+        Prelude.Nothing,
+      rekeyFuzzPercentage =
+        Prelude.Nothing,
+      rekeyMarginTimeSeconds =
+        Prelude.Nothing,
+      replayWindowSize =
+        Prelude.Nothing,
+      tunnelInsideCidr =
+        Prelude.Nothing
+    }
+
+-- | The number of seconds after which a Dead Peer Detection (DPD) timeout
+-- occurs.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_dpdTimeoutSeconds :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe Prelude.Int)
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_dpdTimeoutSeconds = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {dpdTimeoutSeconds} -> dpdTimeoutSeconds) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {dpdTimeoutSeconds = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails)
+
+-- | The Internet Key Exchange (IKE) versions that are permitted for the VPN
+-- tunnel.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_ikeVersions :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe [Prelude.Text])
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_ikeVersions = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {ikeVersions} -> ikeVersions) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {ikeVersions = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The external IP address of the VPN tunnel.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_outsideIpAddress :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_outsideIpAddress = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {outsideIpAddress} -> outsideIpAddress) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {outsideIpAddress = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails)
+
+-- | The permitted Diffie-Hellman group numbers for the VPN tunnel for phase
+-- 1 IKE negotiations.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1DhGroupNumbers :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe [Prelude.Int])
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1DhGroupNumbers = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {phase1DhGroupNumbers} -> phase1DhGroupNumbers) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {phase1DhGroupNumbers = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The permitted encryption algorithms for the VPN tunnel for phase 1 IKE
+-- negotiations.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1EncryptionAlgorithms :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe [Prelude.Text])
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1EncryptionAlgorithms = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {phase1EncryptionAlgorithms} -> phase1EncryptionAlgorithms) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {phase1EncryptionAlgorithms = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The permitted integrity algorithms for the VPN tunnel for phase 1 IKE
+-- negotiations.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1IntegrityAlgorithms :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe [Prelude.Text])
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1IntegrityAlgorithms = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {phase1IntegrityAlgorithms} -> phase1IntegrityAlgorithms) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {phase1IntegrityAlgorithms = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The lifetime for phase 1 of the IKE negotiation, in seconds.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1LifetimeSeconds :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe Prelude.Int)
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase1LifetimeSeconds = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {phase1LifetimeSeconds} -> phase1LifetimeSeconds) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {phase1LifetimeSeconds = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails)
+
+-- | The permitted Diffie-Hellman group numbers for the VPN tunnel for phase
+-- 2 IKE negotiations.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2DhGroupNumbers :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe [Prelude.Int])
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2DhGroupNumbers = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {phase2DhGroupNumbers} -> phase2DhGroupNumbers) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {phase2DhGroupNumbers = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The permitted encryption algorithms for the VPN tunnel for phase 2 IKE
+-- negotiations.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2EncryptionAlgorithms :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe [Prelude.Text])
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2EncryptionAlgorithms = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {phase2EncryptionAlgorithms} -> phase2EncryptionAlgorithms) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {phase2EncryptionAlgorithms = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The permitted integrity algorithms for the VPN tunnel for phase 2 IKE
+-- negotiations.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2IntegrityAlgorithms :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe [Prelude.Text])
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2IntegrityAlgorithms = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {phase2IntegrityAlgorithms} -> phase2IntegrityAlgorithms) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {phase2IntegrityAlgorithms = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The lifetime for phase 2 of the IKE negotiation, in seconds.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2LifetimeSeconds :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe Prelude.Int)
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_phase2LifetimeSeconds = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {phase2LifetimeSeconds} -> phase2LifetimeSeconds) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {phase2LifetimeSeconds = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails)
+
+-- | The preshared key to establish initial authentication between the
+-- virtual private gateway and the customer gateway.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_preSharedKey :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_preSharedKey = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {preSharedKey} -> preSharedKey) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {preSharedKey = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails)
+
+-- | The percentage of the rekey window, which is determined by
+-- @RekeyMarginTimeSeconds@ during which the rekey time is randomly
+-- selected.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_rekeyFuzzPercentage :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe Prelude.Int)
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_rekeyFuzzPercentage = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {rekeyFuzzPercentage} -> rekeyFuzzPercentage) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {rekeyFuzzPercentage = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails)
+
+-- | The margin time, in seconds, before the phase 2 lifetime expires, during
+-- which the Amazon Web Services side of the VPN connection performs an IKE
+-- rekey.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_rekeyMarginTimeSeconds :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe Prelude.Int)
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_rekeyMarginTimeSeconds = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {rekeyMarginTimeSeconds} -> rekeyMarginTimeSeconds) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {rekeyMarginTimeSeconds = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails)
+
+-- | The number of packets in an IKE replay window.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_replayWindowSize :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe Prelude.Int)
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_replayWindowSize = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {replayWindowSize} -> replayWindowSize) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {replayWindowSize = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails)
+
+-- | The range of inside IPv4 addresses for the tunnel.
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_tunnelInsideCidr :: Lens.Lens' AwsEc2VpnConnectionOptionsTunnelOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionOptionsTunnelOptionsDetails_tunnelInsideCidr = Lens.lens (\AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {tunnelInsideCidr} -> tunnelInsideCidr) (\s@AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {} a -> s {tunnelInsideCidr = a} :: AwsEc2VpnConnectionOptionsTunnelOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2VpnConnectionOptionsTunnelOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2VpnConnectionOptionsTunnelOptionsDetails"
+      ( \x ->
+          AwsEc2VpnConnectionOptionsTunnelOptionsDetails'
+            Prelude.<$> (x Data..:? "DpdTimeoutSeconds")
+            Prelude.<*> (x Data..:? "IkeVersions" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "OutsideIpAddress")
+            Prelude.<*> ( x
+                            Data..:? "Phase1DhGroupNumbers"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "Phase1EncryptionAlgorithms"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "Phase1IntegrityAlgorithms"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Phase1LifetimeSeconds")
+            Prelude.<*> ( x
+                            Data..:? "Phase2DhGroupNumbers"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "Phase2EncryptionAlgorithms"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "Phase2IntegrityAlgorithms"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Phase2LifetimeSeconds")
+            Prelude.<*> (x Data..:? "PreSharedKey")
+            Prelude.<*> (x Data..:? "RekeyFuzzPercentage")
+            Prelude.<*> (x Data..:? "RekeyMarginTimeSeconds")
+            Prelude.<*> (x Data..:? "ReplayWindowSize")
+            Prelude.<*> (x Data..:? "TunnelInsideCidr")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2VpnConnectionOptionsTunnelOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` dpdTimeoutSeconds
+        `Prelude.hashWithSalt` ikeVersions
+        `Prelude.hashWithSalt` outsideIpAddress
+        `Prelude.hashWithSalt` phase1DhGroupNumbers
+        `Prelude.hashWithSalt` phase1EncryptionAlgorithms
+        `Prelude.hashWithSalt` phase1IntegrityAlgorithms
+        `Prelude.hashWithSalt` phase1LifetimeSeconds
+        `Prelude.hashWithSalt` phase2DhGroupNumbers
+        `Prelude.hashWithSalt` phase2EncryptionAlgorithms
+        `Prelude.hashWithSalt` phase2IntegrityAlgorithms
+        `Prelude.hashWithSalt` phase2LifetimeSeconds
+        `Prelude.hashWithSalt` preSharedKey
+        `Prelude.hashWithSalt` rekeyFuzzPercentage
+        `Prelude.hashWithSalt` rekeyMarginTimeSeconds
+        `Prelude.hashWithSalt` replayWindowSize
+        `Prelude.hashWithSalt` tunnelInsideCidr
+
+instance
+  Prelude.NFData
+    AwsEc2VpnConnectionOptionsTunnelOptionsDetails
+  where
+  rnf
+    AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {..} =
+      Prelude.rnf dpdTimeoutSeconds
+        `Prelude.seq` Prelude.rnf ikeVersions
+        `Prelude.seq` Prelude.rnf outsideIpAddress
+        `Prelude.seq` Prelude.rnf phase1DhGroupNumbers
+        `Prelude.seq` Prelude.rnf phase1EncryptionAlgorithms
+        `Prelude.seq` Prelude.rnf phase1IntegrityAlgorithms
+        `Prelude.seq` Prelude.rnf phase1LifetimeSeconds
+        `Prelude.seq` Prelude.rnf phase2DhGroupNumbers
+        `Prelude.seq` Prelude.rnf phase2EncryptionAlgorithms
+        `Prelude.seq` Prelude.rnf phase2IntegrityAlgorithms
+        `Prelude.seq` Prelude.rnf phase2LifetimeSeconds
+        `Prelude.seq` Prelude.rnf preSharedKey
+        `Prelude.seq` Prelude.rnf rekeyFuzzPercentage
+        `Prelude.seq` Prelude.rnf rekeyMarginTimeSeconds
+        `Prelude.seq` Prelude.rnf replayWindowSize
+        `Prelude.seq` Prelude.rnf tunnelInsideCidr
+
+instance
+  Data.ToJSON
+    AwsEc2VpnConnectionOptionsTunnelOptionsDetails
+  where
+  toJSON
+    AwsEc2VpnConnectionOptionsTunnelOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DpdTimeoutSeconds" Data..=)
+                Prelude.<$> dpdTimeoutSeconds,
+              ("IkeVersions" Data..=) Prelude.<$> ikeVersions,
+              ("OutsideIpAddress" Data..=)
+                Prelude.<$> outsideIpAddress,
+              ("Phase1DhGroupNumbers" Data..=)
+                Prelude.<$> phase1DhGroupNumbers,
+              ("Phase1EncryptionAlgorithms" Data..=)
+                Prelude.<$> phase1EncryptionAlgorithms,
+              ("Phase1IntegrityAlgorithms" Data..=)
+                Prelude.<$> phase1IntegrityAlgorithms,
+              ("Phase1LifetimeSeconds" Data..=)
+                Prelude.<$> phase1LifetimeSeconds,
+              ("Phase2DhGroupNumbers" Data..=)
+                Prelude.<$> phase2DhGroupNumbers,
+              ("Phase2EncryptionAlgorithms" Data..=)
+                Prelude.<$> phase2EncryptionAlgorithms,
+              ("Phase2IntegrityAlgorithms" Data..=)
+                Prelude.<$> phase2IntegrityAlgorithms,
+              ("Phase2LifetimeSeconds" Data..=)
+                Prelude.<$> phase2LifetimeSeconds,
+              ("PreSharedKey" Data..=) Prelude.<$> preSharedKey,
+              ("RekeyFuzzPercentage" Data..=)
+                Prelude.<$> rekeyFuzzPercentage,
+              ("RekeyMarginTimeSeconds" Data..=)
+                Prelude.<$> rekeyMarginTimeSeconds,
+              ("ReplayWindowSize" Data..=)
+                Prelude.<$> replayWindowSize,
+              ("TunnelInsideCidr" Data..=)
+                Prelude.<$> tunnelInsideCidr
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2VpnConnectionRoutesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2VpnConnectionRoutesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2VpnConnectionRoutesDetails.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2VpnConnectionRoutesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2VpnConnectionRoutesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A static routes associated with the VPN connection.
+--
+-- /See:/ 'newAwsEc2VpnConnectionRoutesDetails' smart constructor.
+data AwsEc2VpnConnectionRoutesDetails = AwsEc2VpnConnectionRoutesDetails'
+  { -- | The CIDR block associated with the local subnet of the customer data
+    -- center.
+    destinationCidrBlock :: Prelude.Maybe Prelude.Text,
+    -- | The current state of the static route.
+    state :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2VpnConnectionRoutesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'destinationCidrBlock', 'awsEc2VpnConnectionRoutesDetails_destinationCidrBlock' - The CIDR block associated with the local subnet of the customer data
+-- center.
+--
+-- 'state', 'awsEc2VpnConnectionRoutesDetails_state' - The current state of the static route.
+newAwsEc2VpnConnectionRoutesDetails ::
+  AwsEc2VpnConnectionRoutesDetails
+newAwsEc2VpnConnectionRoutesDetails =
+  AwsEc2VpnConnectionRoutesDetails'
+    { destinationCidrBlock =
+        Prelude.Nothing,
+      state = Prelude.Nothing
+    }
+
+-- | The CIDR block associated with the local subnet of the customer data
+-- center.
+awsEc2VpnConnectionRoutesDetails_destinationCidrBlock :: Lens.Lens' AwsEc2VpnConnectionRoutesDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionRoutesDetails_destinationCidrBlock = Lens.lens (\AwsEc2VpnConnectionRoutesDetails' {destinationCidrBlock} -> destinationCidrBlock) (\s@AwsEc2VpnConnectionRoutesDetails' {} a -> s {destinationCidrBlock = a} :: AwsEc2VpnConnectionRoutesDetails)
+
+-- | The current state of the static route.
+awsEc2VpnConnectionRoutesDetails_state :: Lens.Lens' AwsEc2VpnConnectionRoutesDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionRoutesDetails_state = Lens.lens (\AwsEc2VpnConnectionRoutesDetails' {state} -> state) (\s@AwsEc2VpnConnectionRoutesDetails' {} a -> s {state = a} :: AwsEc2VpnConnectionRoutesDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2VpnConnectionRoutesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2VpnConnectionRoutesDetails"
+      ( \x ->
+          AwsEc2VpnConnectionRoutesDetails'
+            Prelude.<$> (x Data..:? "DestinationCidrBlock")
+            Prelude.<*> (x Data..:? "State")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2VpnConnectionRoutesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2VpnConnectionRoutesDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` destinationCidrBlock
+        `Prelude.hashWithSalt` state
+
+instance
+  Prelude.NFData
+    AwsEc2VpnConnectionRoutesDetails
+  where
+  rnf AwsEc2VpnConnectionRoutesDetails' {..} =
+    Prelude.rnf destinationCidrBlock
+      `Prelude.seq` Prelude.rnf state
+
+instance Data.ToJSON AwsEc2VpnConnectionRoutesDetails where
+  toJSON AwsEc2VpnConnectionRoutesDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DestinationCidrBlock" Data..=)
+              Prelude.<$> destinationCidrBlock,
+            ("State" Data..=) Prelude.<$> state
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEc2VpnConnectionVgwTelemetryDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEc2VpnConnectionVgwTelemetryDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEc2VpnConnectionVgwTelemetryDetails.hs
@@ -0,0 +1,182 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEc2VpnConnectionVgwTelemetryDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEc2VpnConnectionVgwTelemetryDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the VPN tunnel.
+--
+-- /See:/ 'newAwsEc2VpnConnectionVgwTelemetryDetails' smart constructor.
+data AwsEc2VpnConnectionVgwTelemetryDetails = AwsEc2VpnConnectionVgwTelemetryDetails'
+  { -- | The number of accepted routes.
+    acceptedRouteCount :: Prelude.Maybe Prelude.Int,
+    -- | The ARN of the VPN tunnel endpoint certificate.
+    certificateArn :: Prelude.Maybe Prelude.Text,
+    -- | The date and time of the last change in status.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    lastStatusChange :: Prelude.Maybe Prelude.Text,
+    -- | The Internet-routable IP address of the virtual private gateway\'s
+    -- outside interface.
+    outsideIpAddress :: Prelude.Maybe Prelude.Text,
+    -- | The status of the VPN tunnel. Valid values are @DOWN@ or @UP@.
+    status :: Prelude.Maybe Prelude.Text,
+    -- | If an error occurs, a description of the error.
+    statusMessage :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEc2VpnConnectionVgwTelemetryDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'acceptedRouteCount', 'awsEc2VpnConnectionVgwTelemetryDetails_acceptedRouteCount' - The number of accepted routes.
+--
+-- 'certificateArn', 'awsEc2VpnConnectionVgwTelemetryDetails_certificateArn' - The ARN of the VPN tunnel endpoint certificate.
+--
+-- 'lastStatusChange', 'awsEc2VpnConnectionVgwTelemetryDetails_lastStatusChange' - The date and time of the last change in status.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'outsideIpAddress', 'awsEc2VpnConnectionVgwTelemetryDetails_outsideIpAddress' - The Internet-routable IP address of the virtual private gateway\'s
+-- outside interface.
+--
+-- 'status', 'awsEc2VpnConnectionVgwTelemetryDetails_status' - The status of the VPN tunnel. Valid values are @DOWN@ or @UP@.
+--
+-- 'statusMessage', 'awsEc2VpnConnectionVgwTelemetryDetails_statusMessage' - If an error occurs, a description of the error.
+newAwsEc2VpnConnectionVgwTelemetryDetails ::
+  AwsEc2VpnConnectionVgwTelemetryDetails
+newAwsEc2VpnConnectionVgwTelemetryDetails =
+  AwsEc2VpnConnectionVgwTelemetryDetails'
+    { acceptedRouteCount =
+        Prelude.Nothing,
+      certificateArn = Prelude.Nothing,
+      lastStatusChange = Prelude.Nothing,
+      outsideIpAddress = Prelude.Nothing,
+      status = Prelude.Nothing,
+      statusMessage = Prelude.Nothing
+    }
+
+-- | The number of accepted routes.
+awsEc2VpnConnectionVgwTelemetryDetails_acceptedRouteCount :: Lens.Lens' AwsEc2VpnConnectionVgwTelemetryDetails (Prelude.Maybe Prelude.Int)
+awsEc2VpnConnectionVgwTelemetryDetails_acceptedRouteCount = Lens.lens (\AwsEc2VpnConnectionVgwTelemetryDetails' {acceptedRouteCount} -> acceptedRouteCount) (\s@AwsEc2VpnConnectionVgwTelemetryDetails' {} a -> s {acceptedRouteCount = a} :: AwsEc2VpnConnectionVgwTelemetryDetails)
+
+-- | The ARN of the VPN tunnel endpoint certificate.
+awsEc2VpnConnectionVgwTelemetryDetails_certificateArn :: Lens.Lens' AwsEc2VpnConnectionVgwTelemetryDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionVgwTelemetryDetails_certificateArn = Lens.lens (\AwsEc2VpnConnectionVgwTelemetryDetails' {certificateArn} -> certificateArn) (\s@AwsEc2VpnConnectionVgwTelemetryDetails' {} a -> s {certificateArn = a} :: AwsEc2VpnConnectionVgwTelemetryDetails)
+
+-- | The date and time of the last change in status.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsEc2VpnConnectionVgwTelemetryDetails_lastStatusChange :: Lens.Lens' AwsEc2VpnConnectionVgwTelemetryDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionVgwTelemetryDetails_lastStatusChange = Lens.lens (\AwsEc2VpnConnectionVgwTelemetryDetails' {lastStatusChange} -> lastStatusChange) (\s@AwsEc2VpnConnectionVgwTelemetryDetails' {} a -> s {lastStatusChange = a} :: AwsEc2VpnConnectionVgwTelemetryDetails)
+
+-- | The Internet-routable IP address of the virtual private gateway\'s
+-- outside interface.
+awsEc2VpnConnectionVgwTelemetryDetails_outsideIpAddress :: Lens.Lens' AwsEc2VpnConnectionVgwTelemetryDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionVgwTelemetryDetails_outsideIpAddress = Lens.lens (\AwsEc2VpnConnectionVgwTelemetryDetails' {outsideIpAddress} -> outsideIpAddress) (\s@AwsEc2VpnConnectionVgwTelemetryDetails' {} a -> s {outsideIpAddress = a} :: AwsEc2VpnConnectionVgwTelemetryDetails)
+
+-- | The status of the VPN tunnel. Valid values are @DOWN@ or @UP@.
+awsEc2VpnConnectionVgwTelemetryDetails_status :: Lens.Lens' AwsEc2VpnConnectionVgwTelemetryDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionVgwTelemetryDetails_status = Lens.lens (\AwsEc2VpnConnectionVgwTelemetryDetails' {status} -> status) (\s@AwsEc2VpnConnectionVgwTelemetryDetails' {} a -> s {status = a} :: AwsEc2VpnConnectionVgwTelemetryDetails)
+
+-- | If an error occurs, a description of the error.
+awsEc2VpnConnectionVgwTelemetryDetails_statusMessage :: Lens.Lens' AwsEc2VpnConnectionVgwTelemetryDetails (Prelude.Maybe Prelude.Text)
+awsEc2VpnConnectionVgwTelemetryDetails_statusMessage = Lens.lens (\AwsEc2VpnConnectionVgwTelemetryDetails' {statusMessage} -> statusMessage) (\s@AwsEc2VpnConnectionVgwTelemetryDetails' {} a -> s {statusMessage = a} :: AwsEc2VpnConnectionVgwTelemetryDetails)
+
+instance
+  Data.FromJSON
+    AwsEc2VpnConnectionVgwTelemetryDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEc2VpnConnectionVgwTelemetryDetails"
+      ( \x ->
+          AwsEc2VpnConnectionVgwTelemetryDetails'
+            Prelude.<$> (x Data..:? "AcceptedRouteCount")
+            Prelude.<*> (x Data..:? "CertificateArn")
+            Prelude.<*> (x Data..:? "LastStatusChange")
+            Prelude.<*> (x Data..:? "OutsideIpAddress")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "StatusMessage")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEc2VpnConnectionVgwTelemetryDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEc2VpnConnectionVgwTelemetryDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` acceptedRouteCount
+        `Prelude.hashWithSalt` certificateArn
+        `Prelude.hashWithSalt` lastStatusChange
+        `Prelude.hashWithSalt` outsideIpAddress
+        `Prelude.hashWithSalt` status
+        `Prelude.hashWithSalt` statusMessage
+
+instance
+  Prelude.NFData
+    AwsEc2VpnConnectionVgwTelemetryDetails
+  where
+  rnf AwsEc2VpnConnectionVgwTelemetryDetails' {..} =
+    Prelude.rnf acceptedRouteCount
+      `Prelude.seq` Prelude.rnf certificateArn
+      `Prelude.seq` Prelude.rnf lastStatusChange
+      `Prelude.seq` Prelude.rnf outsideIpAddress
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf statusMessage
+
+instance
+  Data.ToJSON
+    AwsEc2VpnConnectionVgwTelemetryDetails
+  where
+  toJSON AwsEc2VpnConnectionVgwTelemetryDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AcceptedRouteCount" Data..=)
+              Prelude.<$> acceptedRouteCount,
+            ("CertificateArn" Data..=)
+              Prelude.<$> certificateArn,
+            ("LastStatusChange" Data..=)
+              Prelude.<$> lastStatusChange,
+            ("OutsideIpAddress" Data..=)
+              Prelude.<$> outsideIpAddress,
+            ("Status" Data..=) Prelude.<$> status,
+            ("StatusMessage" Data..=) Prelude.<$> statusMessage
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcrContainerImageDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcrContainerImageDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcrContainerImageDetails.hs
@@ -0,0 +1,184 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcrContainerImageDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcrContainerImageDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about an Amazon ECR image.
+--
+-- /See:/ 'newAwsEcrContainerImageDetails' smart constructor.
+data AwsEcrContainerImageDetails = AwsEcrContainerImageDetails'
+  { -- | The architecture of the image. Valid values are as follows:
+    --
+    -- -   @arm64@
+    --
+    -- -   @i386@
+    --
+    -- -   @x86_64@
+    architecture :: Prelude.Maybe Prelude.Text,
+    -- | The sha256 digest of the image manifest.
+    imageDigest :: Prelude.Maybe Prelude.Text,
+    -- | The date and time when the image was pushed to the repository.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    imagePublishedAt :: Prelude.Maybe Prelude.Text,
+    -- | The list of tags that are associated with the image.
+    imageTags :: Prelude.Maybe [Prelude.Text],
+    -- | The Amazon Web Services account identifier that is associated with the
+    -- registry that the image belongs to.
+    registryId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the repository that the image belongs to.
+    repositoryName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcrContainerImageDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'architecture', 'awsEcrContainerImageDetails_architecture' - The architecture of the image. Valid values are as follows:
+--
+-- -   @arm64@
+--
+-- -   @i386@
+--
+-- -   @x86_64@
+--
+-- 'imageDigest', 'awsEcrContainerImageDetails_imageDigest' - The sha256 digest of the image manifest.
+--
+-- 'imagePublishedAt', 'awsEcrContainerImageDetails_imagePublishedAt' - The date and time when the image was pushed to the repository.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'imageTags', 'awsEcrContainerImageDetails_imageTags' - The list of tags that are associated with the image.
+--
+-- 'registryId', 'awsEcrContainerImageDetails_registryId' - The Amazon Web Services account identifier that is associated with the
+-- registry that the image belongs to.
+--
+-- 'repositoryName', 'awsEcrContainerImageDetails_repositoryName' - The name of the repository that the image belongs to.
+newAwsEcrContainerImageDetails ::
+  AwsEcrContainerImageDetails
+newAwsEcrContainerImageDetails =
+  AwsEcrContainerImageDetails'
+    { architecture =
+        Prelude.Nothing,
+      imageDigest = Prelude.Nothing,
+      imagePublishedAt = Prelude.Nothing,
+      imageTags = Prelude.Nothing,
+      registryId = Prelude.Nothing,
+      repositoryName = Prelude.Nothing
+    }
+
+-- | The architecture of the image. Valid values are as follows:
+--
+-- -   @arm64@
+--
+-- -   @i386@
+--
+-- -   @x86_64@
+awsEcrContainerImageDetails_architecture :: Lens.Lens' AwsEcrContainerImageDetails (Prelude.Maybe Prelude.Text)
+awsEcrContainerImageDetails_architecture = Lens.lens (\AwsEcrContainerImageDetails' {architecture} -> architecture) (\s@AwsEcrContainerImageDetails' {} a -> s {architecture = a} :: AwsEcrContainerImageDetails)
+
+-- | The sha256 digest of the image manifest.
+awsEcrContainerImageDetails_imageDigest :: Lens.Lens' AwsEcrContainerImageDetails (Prelude.Maybe Prelude.Text)
+awsEcrContainerImageDetails_imageDigest = Lens.lens (\AwsEcrContainerImageDetails' {imageDigest} -> imageDigest) (\s@AwsEcrContainerImageDetails' {} a -> s {imageDigest = a} :: AwsEcrContainerImageDetails)
+
+-- | The date and time when the image was pushed to the repository.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsEcrContainerImageDetails_imagePublishedAt :: Lens.Lens' AwsEcrContainerImageDetails (Prelude.Maybe Prelude.Text)
+awsEcrContainerImageDetails_imagePublishedAt = Lens.lens (\AwsEcrContainerImageDetails' {imagePublishedAt} -> imagePublishedAt) (\s@AwsEcrContainerImageDetails' {} a -> s {imagePublishedAt = a} :: AwsEcrContainerImageDetails)
+
+-- | The list of tags that are associated with the image.
+awsEcrContainerImageDetails_imageTags :: Lens.Lens' AwsEcrContainerImageDetails (Prelude.Maybe [Prelude.Text])
+awsEcrContainerImageDetails_imageTags = Lens.lens (\AwsEcrContainerImageDetails' {imageTags} -> imageTags) (\s@AwsEcrContainerImageDetails' {} a -> s {imageTags = a} :: AwsEcrContainerImageDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Amazon Web Services account identifier that is associated with the
+-- registry that the image belongs to.
+awsEcrContainerImageDetails_registryId :: Lens.Lens' AwsEcrContainerImageDetails (Prelude.Maybe Prelude.Text)
+awsEcrContainerImageDetails_registryId = Lens.lens (\AwsEcrContainerImageDetails' {registryId} -> registryId) (\s@AwsEcrContainerImageDetails' {} a -> s {registryId = a} :: AwsEcrContainerImageDetails)
+
+-- | The name of the repository that the image belongs to.
+awsEcrContainerImageDetails_repositoryName :: Lens.Lens' AwsEcrContainerImageDetails (Prelude.Maybe Prelude.Text)
+awsEcrContainerImageDetails_repositoryName = Lens.lens (\AwsEcrContainerImageDetails' {repositoryName} -> repositoryName) (\s@AwsEcrContainerImageDetails' {} a -> s {repositoryName = a} :: AwsEcrContainerImageDetails)
+
+instance Data.FromJSON AwsEcrContainerImageDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEcrContainerImageDetails"
+      ( \x ->
+          AwsEcrContainerImageDetails'
+            Prelude.<$> (x Data..:? "Architecture")
+            Prelude.<*> (x Data..:? "ImageDigest")
+            Prelude.<*> (x Data..:? "ImagePublishedAt")
+            Prelude.<*> (x Data..:? "ImageTags" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "RegistryId")
+            Prelude.<*> (x Data..:? "RepositoryName")
+      )
+
+instance Prelude.Hashable AwsEcrContainerImageDetails where
+  hashWithSalt _salt AwsEcrContainerImageDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` architecture
+      `Prelude.hashWithSalt` imageDigest
+      `Prelude.hashWithSalt` imagePublishedAt
+      `Prelude.hashWithSalt` imageTags
+      `Prelude.hashWithSalt` registryId
+      `Prelude.hashWithSalt` repositoryName
+
+instance Prelude.NFData AwsEcrContainerImageDetails where
+  rnf AwsEcrContainerImageDetails' {..} =
+    Prelude.rnf architecture
+      `Prelude.seq` Prelude.rnf imageDigest
+      `Prelude.seq` Prelude.rnf imagePublishedAt
+      `Prelude.seq` Prelude.rnf imageTags
+      `Prelude.seq` Prelude.rnf registryId
+      `Prelude.seq` Prelude.rnf repositoryName
+
+instance Data.ToJSON AwsEcrContainerImageDetails where
+  toJSON AwsEcrContainerImageDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Architecture" Data..=) Prelude.<$> architecture,
+            ("ImageDigest" Data..=) Prelude.<$> imageDigest,
+            ("ImagePublishedAt" Data..=)
+              Prelude.<$> imagePublishedAt,
+            ("ImageTags" Data..=) Prelude.<$> imageTags,
+            ("RegistryId" Data..=) Prelude.<$> registryId,
+            ("RepositoryName" Data..=)
+              Prelude.<$> repositoryName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcrRepositoryDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcrRepositoryDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcrRepositoryDetails.hs
@@ -0,0 +1,156 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcrRepositoryDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcrRepositoryDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcrRepositoryImageScanningConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcrRepositoryLifecyclePolicyDetails
+
+-- | Provides information about an Amazon Elastic Container Registry
+-- repository.
+--
+-- /See:/ 'newAwsEcrRepositoryDetails' smart constructor.
+data AwsEcrRepositoryDetails = AwsEcrRepositoryDetails'
+  { -- | The ARN of the repository.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The image scanning configuration for a repository.
+    imageScanningConfiguration :: Prelude.Maybe AwsEcrRepositoryImageScanningConfigurationDetails,
+    -- | The tag mutability setting for the repository. Valid values are
+    -- @IMMUTABLE@ or @MUTABLE@.
+    imageTagMutability :: Prelude.Maybe Prelude.Text,
+    -- | Information about the lifecycle policy for the repository.
+    lifecyclePolicy :: Prelude.Maybe AwsEcrRepositoryLifecyclePolicyDetails,
+    -- | The name of the repository.
+    repositoryName :: Prelude.Maybe Prelude.Text,
+    -- | The text of the repository policy.
+    repositoryPolicyText :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcrRepositoryDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'awsEcrRepositoryDetails_arn' - The ARN of the repository.
+--
+-- 'imageScanningConfiguration', 'awsEcrRepositoryDetails_imageScanningConfiguration' - The image scanning configuration for a repository.
+--
+-- 'imageTagMutability', 'awsEcrRepositoryDetails_imageTagMutability' - The tag mutability setting for the repository. Valid values are
+-- @IMMUTABLE@ or @MUTABLE@.
+--
+-- 'lifecyclePolicy', 'awsEcrRepositoryDetails_lifecyclePolicy' - Information about the lifecycle policy for the repository.
+--
+-- 'repositoryName', 'awsEcrRepositoryDetails_repositoryName' - The name of the repository.
+--
+-- 'repositoryPolicyText', 'awsEcrRepositoryDetails_repositoryPolicyText' - The text of the repository policy.
+newAwsEcrRepositoryDetails ::
+  AwsEcrRepositoryDetails
+newAwsEcrRepositoryDetails =
+  AwsEcrRepositoryDetails'
+    { arn = Prelude.Nothing,
+      imageScanningConfiguration = Prelude.Nothing,
+      imageTagMutability = Prelude.Nothing,
+      lifecyclePolicy = Prelude.Nothing,
+      repositoryName = Prelude.Nothing,
+      repositoryPolicyText = Prelude.Nothing
+    }
+
+-- | The ARN of the repository.
+awsEcrRepositoryDetails_arn :: Lens.Lens' AwsEcrRepositoryDetails (Prelude.Maybe Prelude.Text)
+awsEcrRepositoryDetails_arn = Lens.lens (\AwsEcrRepositoryDetails' {arn} -> arn) (\s@AwsEcrRepositoryDetails' {} a -> s {arn = a} :: AwsEcrRepositoryDetails)
+
+-- | The image scanning configuration for a repository.
+awsEcrRepositoryDetails_imageScanningConfiguration :: Lens.Lens' AwsEcrRepositoryDetails (Prelude.Maybe AwsEcrRepositoryImageScanningConfigurationDetails)
+awsEcrRepositoryDetails_imageScanningConfiguration = Lens.lens (\AwsEcrRepositoryDetails' {imageScanningConfiguration} -> imageScanningConfiguration) (\s@AwsEcrRepositoryDetails' {} a -> s {imageScanningConfiguration = a} :: AwsEcrRepositoryDetails)
+
+-- | The tag mutability setting for the repository. Valid values are
+-- @IMMUTABLE@ or @MUTABLE@.
+awsEcrRepositoryDetails_imageTagMutability :: Lens.Lens' AwsEcrRepositoryDetails (Prelude.Maybe Prelude.Text)
+awsEcrRepositoryDetails_imageTagMutability = Lens.lens (\AwsEcrRepositoryDetails' {imageTagMutability} -> imageTagMutability) (\s@AwsEcrRepositoryDetails' {} a -> s {imageTagMutability = a} :: AwsEcrRepositoryDetails)
+
+-- | Information about the lifecycle policy for the repository.
+awsEcrRepositoryDetails_lifecyclePolicy :: Lens.Lens' AwsEcrRepositoryDetails (Prelude.Maybe AwsEcrRepositoryLifecyclePolicyDetails)
+awsEcrRepositoryDetails_lifecyclePolicy = Lens.lens (\AwsEcrRepositoryDetails' {lifecyclePolicy} -> lifecyclePolicy) (\s@AwsEcrRepositoryDetails' {} a -> s {lifecyclePolicy = a} :: AwsEcrRepositoryDetails)
+
+-- | The name of the repository.
+awsEcrRepositoryDetails_repositoryName :: Lens.Lens' AwsEcrRepositoryDetails (Prelude.Maybe Prelude.Text)
+awsEcrRepositoryDetails_repositoryName = Lens.lens (\AwsEcrRepositoryDetails' {repositoryName} -> repositoryName) (\s@AwsEcrRepositoryDetails' {} a -> s {repositoryName = a} :: AwsEcrRepositoryDetails)
+
+-- | The text of the repository policy.
+awsEcrRepositoryDetails_repositoryPolicyText :: Lens.Lens' AwsEcrRepositoryDetails (Prelude.Maybe Prelude.Text)
+awsEcrRepositoryDetails_repositoryPolicyText = Lens.lens (\AwsEcrRepositoryDetails' {repositoryPolicyText} -> repositoryPolicyText) (\s@AwsEcrRepositoryDetails' {} a -> s {repositoryPolicyText = a} :: AwsEcrRepositoryDetails)
+
+instance Data.FromJSON AwsEcrRepositoryDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEcrRepositoryDetails"
+      ( \x ->
+          AwsEcrRepositoryDetails'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "ImageScanningConfiguration")
+            Prelude.<*> (x Data..:? "ImageTagMutability")
+            Prelude.<*> (x Data..:? "LifecyclePolicy")
+            Prelude.<*> (x Data..:? "RepositoryName")
+            Prelude.<*> (x Data..:? "RepositoryPolicyText")
+      )
+
+instance Prelude.Hashable AwsEcrRepositoryDetails where
+  hashWithSalt _salt AwsEcrRepositoryDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` imageScanningConfiguration
+      `Prelude.hashWithSalt` imageTagMutability
+      `Prelude.hashWithSalt` lifecyclePolicy
+      `Prelude.hashWithSalt` repositoryName
+      `Prelude.hashWithSalt` repositoryPolicyText
+
+instance Prelude.NFData AwsEcrRepositoryDetails where
+  rnf AwsEcrRepositoryDetails' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf imageScanningConfiguration
+      `Prelude.seq` Prelude.rnf imageTagMutability
+      `Prelude.seq` Prelude.rnf lifecyclePolicy
+      `Prelude.seq` Prelude.rnf repositoryName
+      `Prelude.seq` Prelude.rnf repositoryPolicyText
+
+instance Data.ToJSON AwsEcrRepositoryDetails where
+  toJSON AwsEcrRepositoryDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Arn" Data..=) Prelude.<$> arn,
+            ("ImageScanningConfiguration" Data..=)
+              Prelude.<$> imageScanningConfiguration,
+            ("ImageTagMutability" Data..=)
+              Prelude.<$> imageTagMutability,
+            ("LifecyclePolicy" Data..=)
+              Prelude.<$> lifecyclePolicy,
+            ("RepositoryName" Data..=)
+              Prelude.<$> repositoryName,
+            ("RepositoryPolicyText" Data..=)
+              Prelude.<$> repositoryPolicyText
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcrRepositoryImageScanningConfigurationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcrRepositoryImageScanningConfigurationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcrRepositoryImageScanningConfigurationDetails.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcrRepositoryImageScanningConfigurationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcrRepositoryImageScanningConfigurationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The image scanning configuration for a repository.
+--
+-- /See:/ 'newAwsEcrRepositoryImageScanningConfigurationDetails' smart constructor.
+data AwsEcrRepositoryImageScanningConfigurationDetails = AwsEcrRepositoryImageScanningConfigurationDetails'
+  { -- | Whether to scan images after they are pushed to a repository.
+    scanOnPush :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcrRepositoryImageScanningConfigurationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'scanOnPush', 'awsEcrRepositoryImageScanningConfigurationDetails_scanOnPush' - Whether to scan images after they are pushed to a repository.
+newAwsEcrRepositoryImageScanningConfigurationDetails ::
+  AwsEcrRepositoryImageScanningConfigurationDetails
+newAwsEcrRepositoryImageScanningConfigurationDetails =
+  AwsEcrRepositoryImageScanningConfigurationDetails'
+    { scanOnPush =
+        Prelude.Nothing
+    }
+
+-- | Whether to scan images after they are pushed to a repository.
+awsEcrRepositoryImageScanningConfigurationDetails_scanOnPush :: Lens.Lens' AwsEcrRepositoryImageScanningConfigurationDetails (Prelude.Maybe Prelude.Bool)
+awsEcrRepositoryImageScanningConfigurationDetails_scanOnPush = Lens.lens (\AwsEcrRepositoryImageScanningConfigurationDetails' {scanOnPush} -> scanOnPush) (\s@AwsEcrRepositoryImageScanningConfigurationDetails' {} a -> s {scanOnPush = a} :: AwsEcrRepositoryImageScanningConfigurationDetails)
+
+instance
+  Data.FromJSON
+    AwsEcrRepositoryImageScanningConfigurationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcrRepositoryImageScanningConfigurationDetails"
+      ( \x ->
+          AwsEcrRepositoryImageScanningConfigurationDetails'
+            Prelude.<$> (x Data..:? "ScanOnPush")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcrRepositoryImageScanningConfigurationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcrRepositoryImageScanningConfigurationDetails' {..} =
+      _salt `Prelude.hashWithSalt` scanOnPush
+
+instance
+  Prelude.NFData
+    AwsEcrRepositoryImageScanningConfigurationDetails
+  where
+  rnf
+    AwsEcrRepositoryImageScanningConfigurationDetails' {..} =
+      Prelude.rnf scanOnPush
+
+instance
+  Data.ToJSON
+    AwsEcrRepositoryImageScanningConfigurationDetails
+  where
+  toJSON
+    AwsEcrRepositoryImageScanningConfigurationDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("ScanOnPush" Data..=) Prelude.<$> scanOnPush]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcrRepositoryLifecyclePolicyDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcrRepositoryLifecyclePolicyDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcrRepositoryLifecyclePolicyDetails.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcrRepositoryLifecyclePolicyDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcrRepositoryLifecyclePolicyDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the lifecycle policy for the repository.
+--
+-- /See:/ 'newAwsEcrRepositoryLifecyclePolicyDetails' smart constructor.
+data AwsEcrRepositoryLifecyclePolicyDetails = AwsEcrRepositoryLifecyclePolicyDetails'
+  { -- | The text of the lifecycle policy.
+    lifecyclePolicyText :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Web Services account identifier that is associated with the
+    -- registry that contains the repository.
+    registryId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcrRepositoryLifecyclePolicyDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'lifecyclePolicyText', 'awsEcrRepositoryLifecyclePolicyDetails_lifecyclePolicyText' - The text of the lifecycle policy.
+--
+-- 'registryId', 'awsEcrRepositoryLifecyclePolicyDetails_registryId' - The Amazon Web Services account identifier that is associated with the
+-- registry that contains the repository.
+newAwsEcrRepositoryLifecyclePolicyDetails ::
+  AwsEcrRepositoryLifecyclePolicyDetails
+newAwsEcrRepositoryLifecyclePolicyDetails =
+  AwsEcrRepositoryLifecyclePolicyDetails'
+    { lifecyclePolicyText =
+        Prelude.Nothing,
+      registryId = Prelude.Nothing
+    }
+
+-- | The text of the lifecycle policy.
+awsEcrRepositoryLifecyclePolicyDetails_lifecyclePolicyText :: Lens.Lens' AwsEcrRepositoryLifecyclePolicyDetails (Prelude.Maybe Prelude.Text)
+awsEcrRepositoryLifecyclePolicyDetails_lifecyclePolicyText = Lens.lens (\AwsEcrRepositoryLifecyclePolicyDetails' {lifecyclePolicyText} -> lifecyclePolicyText) (\s@AwsEcrRepositoryLifecyclePolicyDetails' {} a -> s {lifecyclePolicyText = a} :: AwsEcrRepositoryLifecyclePolicyDetails)
+
+-- | The Amazon Web Services account identifier that is associated with the
+-- registry that contains the repository.
+awsEcrRepositoryLifecyclePolicyDetails_registryId :: Lens.Lens' AwsEcrRepositoryLifecyclePolicyDetails (Prelude.Maybe Prelude.Text)
+awsEcrRepositoryLifecyclePolicyDetails_registryId = Lens.lens (\AwsEcrRepositoryLifecyclePolicyDetails' {registryId} -> registryId) (\s@AwsEcrRepositoryLifecyclePolicyDetails' {} a -> s {registryId = a} :: AwsEcrRepositoryLifecyclePolicyDetails)
+
+instance
+  Data.FromJSON
+    AwsEcrRepositoryLifecyclePolicyDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcrRepositoryLifecyclePolicyDetails"
+      ( \x ->
+          AwsEcrRepositoryLifecyclePolicyDetails'
+            Prelude.<$> (x Data..:? "LifecyclePolicyText")
+            Prelude.<*> (x Data..:? "RegistryId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcrRepositoryLifecyclePolicyDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcrRepositoryLifecyclePolicyDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` lifecyclePolicyText
+        `Prelude.hashWithSalt` registryId
+
+instance
+  Prelude.NFData
+    AwsEcrRepositoryLifecyclePolicyDetails
+  where
+  rnf AwsEcrRepositoryLifecyclePolicyDetails' {..} =
+    Prelude.rnf lifecyclePolicyText
+      `Prelude.seq` Prelude.rnf registryId
+
+instance
+  Data.ToJSON
+    AwsEcrRepositoryLifecyclePolicyDetails
+  where
+  toJSON AwsEcrRepositoryLifecyclePolicyDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("LifecyclePolicyText" Data..=)
+              Prelude.<$> lifecyclePolicyText,
+            ("RegistryId" Data..=) Prelude.<$> registryId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsClusterClusterSettingsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsClusterClusterSettingsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsClusterClusterSettingsDetails.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsClusterClusterSettingsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsClusterClusterSettingsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Indicates whether to enable CloudWatch Container Insights for the ECS
+-- cluster.
+--
+-- /See:/ 'newAwsEcsClusterClusterSettingsDetails' smart constructor.
+data AwsEcsClusterClusterSettingsDetails = AwsEcsClusterClusterSettingsDetails'
+  { -- | The name of the setting. The valid value is @containerInsights@.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The value of the setting. Valid values are @disabled@ or @enabled@.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsClusterClusterSettingsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'awsEcsClusterClusterSettingsDetails_name' - The name of the setting. The valid value is @containerInsights@.
+--
+-- 'value', 'awsEcsClusterClusterSettingsDetails_value' - The value of the setting. Valid values are @disabled@ or @enabled@.
+newAwsEcsClusterClusterSettingsDetails ::
+  AwsEcsClusterClusterSettingsDetails
+newAwsEcsClusterClusterSettingsDetails =
+  AwsEcsClusterClusterSettingsDetails'
+    { name =
+        Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | The name of the setting. The valid value is @containerInsights@.
+awsEcsClusterClusterSettingsDetails_name :: Lens.Lens' AwsEcsClusterClusterSettingsDetails (Prelude.Maybe Prelude.Text)
+awsEcsClusterClusterSettingsDetails_name = Lens.lens (\AwsEcsClusterClusterSettingsDetails' {name} -> name) (\s@AwsEcsClusterClusterSettingsDetails' {} a -> s {name = a} :: AwsEcsClusterClusterSettingsDetails)
+
+-- | The value of the setting. Valid values are @disabled@ or @enabled@.
+awsEcsClusterClusterSettingsDetails_value :: Lens.Lens' AwsEcsClusterClusterSettingsDetails (Prelude.Maybe Prelude.Text)
+awsEcsClusterClusterSettingsDetails_value = Lens.lens (\AwsEcsClusterClusterSettingsDetails' {value} -> value) (\s@AwsEcsClusterClusterSettingsDetails' {} a -> s {value = a} :: AwsEcsClusterClusterSettingsDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsClusterClusterSettingsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsClusterClusterSettingsDetails"
+      ( \x ->
+          AwsEcsClusterClusterSettingsDetails'
+            Prelude.<$> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsClusterClusterSettingsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsClusterClusterSettingsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    AwsEcsClusterClusterSettingsDetails
+  where
+  rnf AwsEcsClusterClusterSettingsDetails' {..} =
+    Prelude.rnf name `Prelude.seq` Prelude.rnf value
+
+instance
+  Data.ToJSON
+    AwsEcsClusterClusterSettingsDetails
+  where
+  toJSON AwsEcsClusterClusterSettingsDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Name" Data..=) Prelude.<$> name,
+            ("Value" Data..=) Prelude.<$> value
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsClusterConfigurationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsClusterConfigurationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsClusterConfigurationDetails.hs
@@ -0,0 +1,97 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationExecuteCommandConfigurationDetails
+
+-- | The run command configuration for the cluster.
+--
+-- /See:/ 'newAwsEcsClusterConfigurationDetails' smart constructor.
+data AwsEcsClusterConfigurationDetails = AwsEcsClusterConfigurationDetails'
+  { -- | Contains the run command configuration for the cluster.
+    executeCommandConfiguration :: Prelude.Maybe AwsEcsClusterConfigurationExecuteCommandConfigurationDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsClusterConfigurationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'executeCommandConfiguration', 'awsEcsClusterConfigurationDetails_executeCommandConfiguration' - Contains the run command configuration for the cluster.
+newAwsEcsClusterConfigurationDetails ::
+  AwsEcsClusterConfigurationDetails
+newAwsEcsClusterConfigurationDetails =
+  AwsEcsClusterConfigurationDetails'
+    { executeCommandConfiguration =
+        Prelude.Nothing
+    }
+
+-- | Contains the run command configuration for the cluster.
+awsEcsClusterConfigurationDetails_executeCommandConfiguration :: Lens.Lens' AwsEcsClusterConfigurationDetails (Prelude.Maybe AwsEcsClusterConfigurationExecuteCommandConfigurationDetails)
+awsEcsClusterConfigurationDetails_executeCommandConfiguration = Lens.lens (\AwsEcsClusterConfigurationDetails' {executeCommandConfiguration} -> executeCommandConfiguration) (\s@AwsEcsClusterConfigurationDetails' {} a -> s {executeCommandConfiguration = a} :: AwsEcsClusterConfigurationDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsClusterConfigurationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsClusterConfigurationDetails"
+      ( \x ->
+          AwsEcsClusterConfigurationDetails'
+            Prelude.<$> (x Data..:? "ExecuteCommandConfiguration")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsClusterConfigurationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsClusterConfigurationDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` executeCommandConfiguration
+
+instance
+  Prelude.NFData
+    AwsEcsClusterConfigurationDetails
+  where
+  rnf AwsEcsClusterConfigurationDetails' {..} =
+    Prelude.rnf executeCommandConfiguration
+
+instance
+  Data.ToJSON
+    AwsEcsClusterConfigurationDetails
+  where
+  toJSON AwsEcsClusterConfigurationDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ExecuteCommandConfiguration" Data..=)
+              Prelude.<$> executeCommandConfiguration
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsClusterConfigurationExecuteCommandConfigurationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsClusterConfigurationExecuteCommandConfigurationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsClusterConfigurationExecuteCommandConfigurationDetails.hs
@@ -0,0 +1,133 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationExecuteCommandConfigurationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationExecuteCommandConfigurationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails
+
+-- | Contains the run command configuration for the cluster.
+--
+-- /See:/ 'newAwsEcsClusterConfigurationExecuteCommandConfigurationDetails' smart constructor.
+data AwsEcsClusterConfigurationExecuteCommandConfigurationDetails = AwsEcsClusterConfigurationExecuteCommandConfigurationDetails'
+  { -- | The identifier of the KMS key that is used to encrypt the data between
+    -- the local client and the container.
+    kmsKeyId :: Prelude.Maybe Prelude.Text,
+    -- | The log configuration for the results of the run command actions.
+    -- Required if @Logging@ is @NONE@.
+    logConfiguration :: Prelude.Maybe AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails,
+    -- | The log setting to use for redirecting logs for run command results.
+    logging :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsClusterConfigurationExecuteCommandConfigurationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'kmsKeyId', 'awsEcsClusterConfigurationExecuteCommandConfigurationDetails_kmsKeyId' - The identifier of the KMS key that is used to encrypt the data between
+-- the local client and the container.
+--
+-- 'logConfiguration', 'awsEcsClusterConfigurationExecuteCommandConfigurationDetails_logConfiguration' - The log configuration for the results of the run command actions.
+-- Required if @Logging@ is @NONE@.
+--
+-- 'logging', 'awsEcsClusterConfigurationExecuteCommandConfigurationDetails_logging' - The log setting to use for redirecting logs for run command results.
+newAwsEcsClusterConfigurationExecuteCommandConfigurationDetails ::
+  AwsEcsClusterConfigurationExecuteCommandConfigurationDetails
+newAwsEcsClusterConfigurationExecuteCommandConfigurationDetails =
+  AwsEcsClusterConfigurationExecuteCommandConfigurationDetails'
+    { kmsKeyId =
+        Prelude.Nothing,
+      logConfiguration =
+        Prelude.Nothing,
+      logging =
+        Prelude.Nothing
+    }
+
+-- | The identifier of the KMS key that is used to encrypt the data between
+-- the local client and the container.
+awsEcsClusterConfigurationExecuteCommandConfigurationDetails_kmsKeyId :: Lens.Lens' AwsEcsClusterConfigurationExecuteCommandConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsEcsClusterConfigurationExecuteCommandConfigurationDetails_kmsKeyId = Lens.lens (\AwsEcsClusterConfigurationExecuteCommandConfigurationDetails' {kmsKeyId} -> kmsKeyId) (\s@AwsEcsClusterConfigurationExecuteCommandConfigurationDetails' {} a -> s {kmsKeyId = a} :: AwsEcsClusterConfigurationExecuteCommandConfigurationDetails)
+
+-- | The log configuration for the results of the run command actions.
+-- Required if @Logging@ is @NONE@.
+awsEcsClusterConfigurationExecuteCommandConfigurationDetails_logConfiguration :: Lens.Lens' AwsEcsClusterConfigurationExecuteCommandConfigurationDetails (Prelude.Maybe AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails)
+awsEcsClusterConfigurationExecuteCommandConfigurationDetails_logConfiguration = Lens.lens (\AwsEcsClusterConfigurationExecuteCommandConfigurationDetails' {logConfiguration} -> logConfiguration) (\s@AwsEcsClusterConfigurationExecuteCommandConfigurationDetails' {} a -> s {logConfiguration = a} :: AwsEcsClusterConfigurationExecuteCommandConfigurationDetails)
+
+-- | The log setting to use for redirecting logs for run command results.
+awsEcsClusterConfigurationExecuteCommandConfigurationDetails_logging :: Lens.Lens' AwsEcsClusterConfigurationExecuteCommandConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsEcsClusterConfigurationExecuteCommandConfigurationDetails_logging = Lens.lens (\AwsEcsClusterConfigurationExecuteCommandConfigurationDetails' {logging} -> logging) (\s@AwsEcsClusterConfigurationExecuteCommandConfigurationDetails' {} a -> s {logging = a} :: AwsEcsClusterConfigurationExecuteCommandConfigurationDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsClusterConfigurationExecuteCommandConfigurationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsClusterConfigurationExecuteCommandConfigurationDetails"
+      ( \x ->
+          AwsEcsClusterConfigurationExecuteCommandConfigurationDetails'
+            Prelude.<$> (x Data..:? "KmsKeyId")
+            Prelude.<*> (x Data..:? "LogConfiguration")
+            Prelude.<*> (x Data..:? "Logging")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsClusterConfigurationExecuteCommandConfigurationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsClusterConfigurationExecuteCommandConfigurationDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` kmsKeyId
+        `Prelude.hashWithSalt` logConfiguration
+        `Prelude.hashWithSalt` logging
+
+instance
+  Prelude.NFData
+    AwsEcsClusterConfigurationExecuteCommandConfigurationDetails
+  where
+  rnf
+    AwsEcsClusterConfigurationExecuteCommandConfigurationDetails' {..} =
+      Prelude.rnf kmsKeyId
+        `Prelude.seq` Prelude.rnf logConfiguration
+        `Prelude.seq` Prelude.rnf logging
+
+instance
+  Data.ToJSON
+    AwsEcsClusterConfigurationExecuteCommandConfigurationDetails
+  where
+  toJSON
+    AwsEcsClusterConfigurationExecuteCommandConfigurationDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("KmsKeyId" Data..=) Prelude.<$> kmsKeyId,
+              ("LogConfiguration" Data..=)
+                Prelude.<$> logConfiguration,
+              ("Logging" Data..=) Prelude.<$> logging
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails.hs
@@ -0,0 +1,156 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The log configuration for the results of the run command actions.
+--
+-- /See:/ 'newAwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails' smart constructor.
+data AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails = AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails'
+  { -- | Whether to enable encryption on the CloudWatch logs.
+    cloudWatchEncryptionEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | The name of the CloudWatch log group to send the logs to.
+    cloudWatchLogGroupName :: Prelude.Maybe Prelude.Text,
+    -- | The name of the S3 bucket to send logs to.
+    s3BucketName :: Prelude.Maybe Prelude.Text,
+    -- | Whether to encrypt the logs that are sent to the S3 bucket.
+    s3EncryptionEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | Identifies the folder in the S3 bucket to send the logs to.
+    s3KeyPrefix :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cloudWatchEncryptionEnabled', 'awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_cloudWatchEncryptionEnabled' - Whether to enable encryption on the CloudWatch logs.
+--
+-- 'cloudWatchLogGroupName', 'awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_cloudWatchLogGroupName' - The name of the CloudWatch log group to send the logs to.
+--
+-- 's3BucketName', 'awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_s3BucketName' - The name of the S3 bucket to send logs to.
+--
+-- 's3EncryptionEnabled', 'awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_s3EncryptionEnabled' - Whether to encrypt the logs that are sent to the S3 bucket.
+--
+-- 's3KeyPrefix', 'awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_s3KeyPrefix' - Identifies the folder in the S3 bucket to send the logs to.
+newAwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails ::
+  AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails
+newAwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails =
+  AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails'
+    { cloudWatchEncryptionEnabled =
+        Prelude.Nothing,
+      cloudWatchLogGroupName =
+        Prelude.Nothing,
+      s3BucketName =
+        Prelude.Nothing,
+      s3EncryptionEnabled =
+        Prelude.Nothing,
+      s3KeyPrefix =
+        Prelude.Nothing
+    }
+
+-- | Whether to enable encryption on the CloudWatch logs.
+awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_cloudWatchEncryptionEnabled :: Lens.Lens' AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails (Prelude.Maybe Prelude.Bool)
+awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_cloudWatchEncryptionEnabled = Lens.lens (\AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails' {cloudWatchEncryptionEnabled} -> cloudWatchEncryptionEnabled) (\s@AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails' {} a -> s {cloudWatchEncryptionEnabled = a} :: AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails)
+
+-- | The name of the CloudWatch log group to send the logs to.
+awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_cloudWatchLogGroupName :: Lens.Lens' AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_cloudWatchLogGroupName = Lens.lens (\AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails' {cloudWatchLogGroupName} -> cloudWatchLogGroupName) (\s@AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails' {} a -> s {cloudWatchLogGroupName = a} :: AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails)
+
+-- | The name of the S3 bucket to send logs to.
+awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_s3BucketName :: Lens.Lens' AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_s3BucketName = Lens.lens (\AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails' {s3BucketName} -> s3BucketName) (\s@AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails' {} a -> s {s3BucketName = a} :: AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails)
+
+-- | Whether to encrypt the logs that are sent to the S3 bucket.
+awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_s3EncryptionEnabled :: Lens.Lens' AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails (Prelude.Maybe Prelude.Bool)
+awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_s3EncryptionEnabled = Lens.lens (\AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails' {s3EncryptionEnabled} -> s3EncryptionEnabled) (\s@AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails' {} a -> s {s3EncryptionEnabled = a} :: AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails)
+
+-- | Identifies the folder in the S3 bucket to send the logs to.
+awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_s3KeyPrefix :: Lens.Lens' AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails_s3KeyPrefix = Lens.lens (\AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails' {s3KeyPrefix} -> s3KeyPrefix) (\s@AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails' {} a -> s {s3KeyPrefix = a} :: AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails"
+      ( \x ->
+          AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails'
+            Prelude.<$> (x Data..:? "CloudWatchEncryptionEnabled")
+            Prelude.<*> (x Data..:? "CloudWatchLogGroupName")
+            Prelude.<*> (x Data..:? "S3BucketName")
+            Prelude.<*> (x Data..:? "S3EncryptionEnabled")
+            Prelude.<*> (x Data..:? "S3KeyPrefix")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` cloudWatchEncryptionEnabled
+        `Prelude.hashWithSalt` cloudWatchLogGroupName
+        `Prelude.hashWithSalt` s3BucketName
+        `Prelude.hashWithSalt` s3EncryptionEnabled
+        `Prelude.hashWithSalt` s3KeyPrefix
+
+instance
+  Prelude.NFData
+    AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails
+  where
+  rnf
+    AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails' {..} =
+      Prelude.rnf cloudWatchEncryptionEnabled
+        `Prelude.seq` Prelude.rnf cloudWatchLogGroupName
+        `Prelude.seq` Prelude.rnf s3BucketName
+        `Prelude.seq` Prelude.rnf s3EncryptionEnabled
+        `Prelude.seq` Prelude.rnf s3KeyPrefix
+
+instance
+  Data.ToJSON
+    AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails
+  where
+  toJSON
+    AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("CloudWatchEncryptionEnabled" Data..=)
+                Prelude.<$> cloudWatchEncryptionEnabled,
+              ("CloudWatchLogGroupName" Data..=)
+                Prelude.<$> cloudWatchLogGroupName,
+              ("S3BucketName" Data..=) Prelude.<$> s3BucketName,
+              ("S3EncryptionEnabled" Data..=)
+                Prelude.<$> s3EncryptionEnabled,
+              ("S3KeyPrefix" Data..=) Prelude.<$> s3KeyPrefix
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsClusterDefaultCapacityProviderStrategyDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsClusterDefaultCapacityProviderStrategyDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsClusterDefaultCapacityProviderStrategyDetails.hs
@@ -0,0 +1,131 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsClusterDefaultCapacityProviderStrategyDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsClusterDefaultCapacityProviderStrategyDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The default capacity provider strategy for the cluster. The default
+-- capacity provider strategy is used when services or tasks are run
+-- without a specified launch type or capacity provider strategy.
+--
+-- /See:/ 'newAwsEcsClusterDefaultCapacityProviderStrategyDetails' smart constructor.
+data AwsEcsClusterDefaultCapacityProviderStrategyDetails = AwsEcsClusterDefaultCapacityProviderStrategyDetails'
+  { -- | The minimum number of tasks to run on the specified capacity provider.
+    base :: Prelude.Maybe Prelude.Int,
+    -- | The name of the capacity provider.
+    capacityProvider :: Prelude.Maybe Prelude.Text,
+    -- | The relative percentage of the total number of tasks launched that
+    -- should use the capacity provider.
+    weight :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsClusterDefaultCapacityProviderStrategyDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'base', 'awsEcsClusterDefaultCapacityProviderStrategyDetails_base' - The minimum number of tasks to run on the specified capacity provider.
+--
+-- 'capacityProvider', 'awsEcsClusterDefaultCapacityProviderStrategyDetails_capacityProvider' - The name of the capacity provider.
+--
+-- 'weight', 'awsEcsClusterDefaultCapacityProviderStrategyDetails_weight' - The relative percentage of the total number of tasks launched that
+-- should use the capacity provider.
+newAwsEcsClusterDefaultCapacityProviderStrategyDetails ::
+  AwsEcsClusterDefaultCapacityProviderStrategyDetails
+newAwsEcsClusterDefaultCapacityProviderStrategyDetails =
+  AwsEcsClusterDefaultCapacityProviderStrategyDetails'
+    { base =
+        Prelude.Nothing,
+      capacityProvider =
+        Prelude.Nothing,
+      weight =
+        Prelude.Nothing
+    }
+
+-- | The minimum number of tasks to run on the specified capacity provider.
+awsEcsClusterDefaultCapacityProviderStrategyDetails_base :: Lens.Lens' AwsEcsClusterDefaultCapacityProviderStrategyDetails (Prelude.Maybe Prelude.Int)
+awsEcsClusterDefaultCapacityProviderStrategyDetails_base = Lens.lens (\AwsEcsClusterDefaultCapacityProviderStrategyDetails' {base} -> base) (\s@AwsEcsClusterDefaultCapacityProviderStrategyDetails' {} a -> s {base = a} :: AwsEcsClusterDefaultCapacityProviderStrategyDetails)
+
+-- | The name of the capacity provider.
+awsEcsClusterDefaultCapacityProviderStrategyDetails_capacityProvider :: Lens.Lens' AwsEcsClusterDefaultCapacityProviderStrategyDetails (Prelude.Maybe Prelude.Text)
+awsEcsClusterDefaultCapacityProviderStrategyDetails_capacityProvider = Lens.lens (\AwsEcsClusterDefaultCapacityProviderStrategyDetails' {capacityProvider} -> capacityProvider) (\s@AwsEcsClusterDefaultCapacityProviderStrategyDetails' {} a -> s {capacityProvider = a} :: AwsEcsClusterDefaultCapacityProviderStrategyDetails)
+
+-- | The relative percentage of the total number of tasks launched that
+-- should use the capacity provider.
+awsEcsClusterDefaultCapacityProviderStrategyDetails_weight :: Lens.Lens' AwsEcsClusterDefaultCapacityProviderStrategyDetails (Prelude.Maybe Prelude.Int)
+awsEcsClusterDefaultCapacityProviderStrategyDetails_weight = Lens.lens (\AwsEcsClusterDefaultCapacityProviderStrategyDetails' {weight} -> weight) (\s@AwsEcsClusterDefaultCapacityProviderStrategyDetails' {} a -> s {weight = a} :: AwsEcsClusterDefaultCapacityProviderStrategyDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsClusterDefaultCapacityProviderStrategyDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsClusterDefaultCapacityProviderStrategyDetails"
+      ( \x ->
+          AwsEcsClusterDefaultCapacityProviderStrategyDetails'
+            Prelude.<$> (x Data..:? "Base")
+            Prelude.<*> (x Data..:? "CapacityProvider")
+            Prelude.<*> (x Data..:? "Weight")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsClusterDefaultCapacityProviderStrategyDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsClusterDefaultCapacityProviderStrategyDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` base
+        `Prelude.hashWithSalt` capacityProvider
+        `Prelude.hashWithSalt` weight
+
+instance
+  Prelude.NFData
+    AwsEcsClusterDefaultCapacityProviderStrategyDetails
+  where
+  rnf
+    AwsEcsClusterDefaultCapacityProviderStrategyDetails' {..} =
+      Prelude.rnf base
+        `Prelude.seq` Prelude.rnf capacityProvider
+        `Prelude.seq` Prelude.rnf weight
+
+instance
+  Data.ToJSON
+    AwsEcsClusterDefaultCapacityProviderStrategyDetails
+  where
+  toJSON
+    AwsEcsClusterDefaultCapacityProviderStrategyDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Base" Data..=) Prelude.<$> base,
+              ("CapacityProvider" Data..=)
+                Prelude.<$> capacityProvider,
+              ("Weight" Data..=) Prelude.<$> weight
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsClusterDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsClusterDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsClusterDetails.hs
@@ -0,0 +1,240 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsClusterDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsClusterDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcsClusterClusterSettingsDetails
+import Amazonka.SecurityHub.Types.AwsEcsClusterConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsClusterDefaultCapacityProviderStrategyDetails
+
+-- | Provides details about an Amazon ECS cluster.
+--
+-- /See:/ 'newAwsEcsClusterDetails' smart constructor.
+data AwsEcsClusterDetails = AwsEcsClusterDetails'
+  { -- | The number of services that are running on the cluster in an @ACTIVE@
+    -- state. You can view these services with the Amazon ECS
+    -- <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ListServices.html ListServices>
+    -- API operation.
+    activeServicesCount :: Prelude.Maybe Prelude.Int,
+    -- | The short name of one or more capacity providers to associate with the
+    -- cluster.
+    capacityProviders :: Prelude.Maybe [Prelude.Text],
+    -- | The Amazon Resource Name (ARN) that identifies the cluster.
+    clusterArn :: Prelude.Maybe Prelude.Text,
+    -- | A name that you use to identify your cluster.
+    clusterName :: Prelude.Maybe Prelude.Text,
+    -- | The setting to use to create the cluster. Specifically used to configure
+    -- whether to enable CloudWatch Container Insights for the cluster.
+    clusterSettings :: Prelude.Maybe [AwsEcsClusterClusterSettingsDetails],
+    -- | The run command configuration for the cluster.
+    configuration :: Prelude.Maybe AwsEcsClusterConfigurationDetails,
+    -- | The default capacity provider strategy for the cluster. The default
+    -- capacity provider strategy is used when services or tasks are run
+    -- without a specified launch type or capacity provider strategy.
+    defaultCapacityProviderStrategy :: Prelude.Maybe [AwsEcsClusterDefaultCapacityProviderStrategyDetails],
+    -- | The number of container instances registered into the cluster. This
+    -- includes container instances in both @ACTIVE@ and @DRAINING@ status.
+    registeredContainerInstancesCount :: Prelude.Maybe Prelude.Int,
+    -- | The number of tasks in the cluster that are in the @RUNNING@ state.
+    runningTasksCount :: Prelude.Maybe Prelude.Int,
+    -- | The status of the cluster.
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsClusterDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'activeServicesCount', 'awsEcsClusterDetails_activeServicesCount' - The number of services that are running on the cluster in an @ACTIVE@
+-- state. You can view these services with the Amazon ECS
+-- <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ListServices.html ListServices>
+-- API operation.
+--
+-- 'capacityProviders', 'awsEcsClusterDetails_capacityProviders' - The short name of one or more capacity providers to associate with the
+-- cluster.
+--
+-- 'clusterArn', 'awsEcsClusterDetails_clusterArn' - The Amazon Resource Name (ARN) that identifies the cluster.
+--
+-- 'clusterName', 'awsEcsClusterDetails_clusterName' - A name that you use to identify your cluster.
+--
+-- 'clusterSettings', 'awsEcsClusterDetails_clusterSettings' - The setting to use to create the cluster. Specifically used to configure
+-- whether to enable CloudWatch Container Insights for the cluster.
+--
+-- 'configuration', 'awsEcsClusterDetails_configuration' - The run command configuration for the cluster.
+--
+-- 'defaultCapacityProviderStrategy', 'awsEcsClusterDetails_defaultCapacityProviderStrategy' - The default capacity provider strategy for the cluster. The default
+-- capacity provider strategy is used when services or tasks are run
+-- without a specified launch type or capacity provider strategy.
+--
+-- 'registeredContainerInstancesCount', 'awsEcsClusterDetails_registeredContainerInstancesCount' - The number of container instances registered into the cluster. This
+-- includes container instances in both @ACTIVE@ and @DRAINING@ status.
+--
+-- 'runningTasksCount', 'awsEcsClusterDetails_runningTasksCount' - The number of tasks in the cluster that are in the @RUNNING@ state.
+--
+-- 'status', 'awsEcsClusterDetails_status' - The status of the cluster.
+newAwsEcsClusterDetails ::
+  AwsEcsClusterDetails
+newAwsEcsClusterDetails =
+  AwsEcsClusterDetails'
+    { activeServicesCount =
+        Prelude.Nothing,
+      capacityProviders = Prelude.Nothing,
+      clusterArn = Prelude.Nothing,
+      clusterName = Prelude.Nothing,
+      clusterSettings = Prelude.Nothing,
+      configuration = Prelude.Nothing,
+      defaultCapacityProviderStrategy = Prelude.Nothing,
+      registeredContainerInstancesCount = Prelude.Nothing,
+      runningTasksCount = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The number of services that are running on the cluster in an @ACTIVE@
+-- state. You can view these services with the Amazon ECS
+-- <https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ListServices.html ListServices>
+-- API operation.
+awsEcsClusterDetails_activeServicesCount :: Lens.Lens' AwsEcsClusterDetails (Prelude.Maybe Prelude.Int)
+awsEcsClusterDetails_activeServicesCount = Lens.lens (\AwsEcsClusterDetails' {activeServicesCount} -> activeServicesCount) (\s@AwsEcsClusterDetails' {} a -> s {activeServicesCount = a} :: AwsEcsClusterDetails)
+
+-- | The short name of one or more capacity providers to associate with the
+-- cluster.
+awsEcsClusterDetails_capacityProviders :: Lens.Lens' AwsEcsClusterDetails (Prelude.Maybe [Prelude.Text])
+awsEcsClusterDetails_capacityProviders = Lens.lens (\AwsEcsClusterDetails' {capacityProviders} -> capacityProviders) (\s@AwsEcsClusterDetails' {} a -> s {capacityProviders = a} :: AwsEcsClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Amazon Resource Name (ARN) that identifies the cluster.
+awsEcsClusterDetails_clusterArn :: Lens.Lens' AwsEcsClusterDetails (Prelude.Maybe Prelude.Text)
+awsEcsClusterDetails_clusterArn = Lens.lens (\AwsEcsClusterDetails' {clusterArn} -> clusterArn) (\s@AwsEcsClusterDetails' {} a -> s {clusterArn = a} :: AwsEcsClusterDetails)
+
+-- | A name that you use to identify your cluster.
+awsEcsClusterDetails_clusterName :: Lens.Lens' AwsEcsClusterDetails (Prelude.Maybe Prelude.Text)
+awsEcsClusterDetails_clusterName = Lens.lens (\AwsEcsClusterDetails' {clusterName} -> clusterName) (\s@AwsEcsClusterDetails' {} a -> s {clusterName = a} :: AwsEcsClusterDetails)
+
+-- | The setting to use to create the cluster. Specifically used to configure
+-- whether to enable CloudWatch Container Insights for the cluster.
+awsEcsClusterDetails_clusterSettings :: Lens.Lens' AwsEcsClusterDetails (Prelude.Maybe [AwsEcsClusterClusterSettingsDetails])
+awsEcsClusterDetails_clusterSettings = Lens.lens (\AwsEcsClusterDetails' {clusterSettings} -> clusterSettings) (\s@AwsEcsClusterDetails' {} a -> s {clusterSettings = a} :: AwsEcsClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The run command configuration for the cluster.
+awsEcsClusterDetails_configuration :: Lens.Lens' AwsEcsClusterDetails (Prelude.Maybe AwsEcsClusterConfigurationDetails)
+awsEcsClusterDetails_configuration = Lens.lens (\AwsEcsClusterDetails' {configuration} -> configuration) (\s@AwsEcsClusterDetails' {} a -> s {configuration = a} :: AwsEcsClusterDetails)
+
+-- | The default capacity provider strategy for the cluster. The default
+-- capacity provider strategy is used when services or tasks are run
+-- without a specified launch type or capacity provider strategy.
+awsEcsClusterDetails_defaultCapacityProviderStrategy :: Lens.Lens' AwsEcsClusterDetails (Prelude.Maybe [AwsEcsClusterDefaultCapacityProviderStrategyDetails])
+awsEcsClusterDetails_defaultCapacityProviderStrategy = Lens.lens (\AwsEcsClusterDetails' {defaultCapacityProviderStrategy} -> defaultCapacityProviderStrategy) (\s@AwsEcsClusterDetails' {} a -> s {defaultCapacityProviderStrategy = a} :: AwsEcsClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The number of container instances registered into the cluster. This
+-- includes container instances in both @ACTIVE@ and @DRAINING@ status.
+awsEcsClusterDetails_registeredContainerInstancesCount :: Lens.Lens' AwsEcsClusterDetails (Prelude.Maybe Prelude.Int)
+awsEcsClusterDetails_registeredContainerInstancesCount = Lens.lens (\AwsEcsClusterDetails' {registeredContainerInstancesCount} -> registeredContainerInstancesCount) (\s@AwsEcsClusterDetails' {} a -> s {registeredContainerInstancesCount = a} :: AwsEcsClusterDetails)
+
+-- | The number of tasks in the cluster that are in the @RUNNING@ state.
+awsEcsClusterDetails_runningTasksCount :: Lens.Lens' AwsEcsClusterDetails (Prelude.Maybe Prelude.Int)
+awsEcsClusterDetails_runningTasksCount = Lens.lens (\AwsEcsClusterDetails' {runningTasksCount} -> runningTasksCount) (\s@AwsEcsClusterDetails' {} a -> s {runningTasksCount = a} :: AwsEcsClusterDetails)
+
+-- | The status of the cluster.
+awsEcsClusterDetails_status :: Lens.Lens' AwsEcsClusterDetails (Prelude.Maybe Prelude.Text)
+awsEcsClusterDetails_status = Lens.lens (\AwsEcsClusterDetails' {status} -> status) (\s@AwsEcsClusterDetails' {} a -> s {status = a} :: AwsEcsClusterDetails)
+
+instance Data.FromJSON AwsEcsClusterDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEcsClusterDetails"
+      ( \x ->
+          AwsEcsClusterDetails'
+            Prelude.<$> (x Data..:? "ActiveServicesCount")
+            Prelude.<*> ( x
+                            Data..:? "CapacityProviders"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ClusterArn")
+            Prelude.<*> (x Data..:? "ClusterName")
+            Prelude.<*> ( x
+                            Data..:? "ClusterSettings"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Configuration")
+            Prelude.<*> ( x
+                            Data..:? "DefaultCapacityProviderStrategy"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "RegisteredContainerInstancesCount")
+            Prelude.<*> (x Data..:? "RunningTasksCount")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance Prelude.Hashable AwsEcsClusterDetails where
+  hashWithSalt _salt AwsEcsClusterDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` activeServicesCount
+      `Prelude.hashWithSalt` capacityProviders
+      `Prelude.hashWithSalt` clusterArn
+      `Prelude.hashWithSalt` clusterName
+      `Prelude.hashWithSalt` clusterSettings
+      `Prelude.hashWithSalt` configuration
+      `Prelude.hashWithSalt` defaultCapacityProviderStrategy
+      `Prelude.hashWithSalt` registeredContainerInstancesCount
+      `Prelude.hashWithSalt` runningTasksCount
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData AwsEcsClusterDetails where
+  rnf AwsEcsClusterDetails' {..} =
+    Prelude.rnf activeServicesCount
+      `Prelude.seq` Prelude.rnf capacityProviders
+      `Prelude.seq` Prelude.rnf clusterArn
+      `Prelude.seq` Prelude.rnf clusterName
+      `Prelude.seq` Prelude.rnf clusterSettings
+      `Prelude.seq` Prelude.rnf configuration
+      `Prelude.seq` Prelude.rnf defaultCapacityProviderStrategy
+      `Prelude.seq` Prelude.rnf registeredContainerInstancesCount
+      `Prelude.seq` Prelude.rnf runningTasksCount
+      `Prelude.seq` Prelude.rnf status
+
+instance Data.ToJSON AwsEcsClusterDetails where
+  toJSON AwsEcsClusterDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ActiveServicesCount" Data..=)
+              Prelude.<$> activeServicesCount,
+            ("CapacityProviders" Data..=)
+              Prelude.<$> capacityProviders,
+            ("ClusterArn" Data..=) Prelude.<$> clusterArn,
+            ("ClusterName" Data..=) Prelude.<$> clusterName,
+            ("ClusterSettings" Data..=)
+              Prelude.<$> clusterSettings,
+            ("Configuration" Data..=) Prelude.<$> configuration,
+            ("DefaultCapacityProviderStrategy" Data..=)
+              Prelude.<$> defaultCapacityProviderStrategy,
+            ("RegisteredContainerInstancesCount" Data..=)
+              Prelude.<$> registeredContainerInstancesCount,
+            ("RunningTasksCount" Data..=)
+              Prelude.<$> runningTasksCount,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsContainerDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsContainerDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsContainerDetails.hs
@@ -0,0 +1,123 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsContainerDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsContainerDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsMountPoint
+
+-- | Provides information about an Amazon ECS container.
+--
+-- /See:/ 'newAwsEcsContainerDetails' smart constructor.
+data AwsEcsContainerDetails = AwsEcsContainerDetails'
+  { -- | The image used for the container.
+    image :: Prelude.Maybe Prelude.Text,
+    -- | The mount points for data volumes in your container.
+    mountPoints :: Prelude.Maybe [AwsMountPoint],
+    -- | The name of the container.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | When this parameter is true, the container is given elevated privileges
+    -- on the host container instance (similar to the root user).
+    privileged :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsContainerDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'image', 'awsEcsContainerDetails_image' - The image used for the container.
+--
+-- 'mountPoints', 'awsEcsContainerDetails_mountPoints' - The mount points for data volumes in your container.
+--
+-- 'name', 'awsEcsContainerDetails_name' - The name of the container.
+--
+-- 'privileged', 'awsEcsContainerDetails_privileged' - When this parameter is true, the container is given elevated privileges
+-- on the host container instance (similar to the root user).
+newAwsEcsContainerDetails ::
+  AwsEcsContainerDetails
+newAwsEcsContainerDetails =
+  AwsEcsContainerDetails'
+    { image = Prelude.Nothing,
+      mountPoints = Prelude.Nothing,
+      name = Prelude.Nothing,
+      privileged = Prelude.Nothing
+    }
+
+-- | The image used for the container.
+awsEcsContainerDetails_image :: Lens.Lens' AwsEcsContainerDetails (Prelude.Maybe Prelude.Text)
+awsEcsContainerDetails_image = Lens.lens (\AwsEcsContainerDetails' {image} -> image) (\s@AwsEcsContainerDetails' {} a -> s {image = a} :: AwsEcsContainerDetails)
+
+-- | The mount points for data volumes in your container.
+awsEcsContainerDetails_mountPoints :: Lens.Lens' AwsEcsContainerDetails (Prelude.Maybe [AwsMountPoint])
+awsEcsContainerDetails_mountPoints = Lens.lens (\AwsEcsContainerDetails' {mountPoints} -> mountPoints) (\s@AwsEcsContainerDetails' {} a -> s {mountPoints = a} :: AwsEcsContainerDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the container.
+awsEcsContainerDetails_name :: Lens.Lens' AwsEcsContainerDetails (Prelude.Maybe Prelude.Text)
+awsEcsContainerDetails_name = Lens.lens (\AwsEcsContainerDetails' {name} -> name) (\s@AwsEcsContainerDetails' {} a -> s {name = a} :: AwsEcsContainerDetails)
+
+-- | When this parameter is true, the container is given elevated privileges
+-- on the host container instance (similar to the root user).
+awsEcsContainerDetails_privileged :: Lens.Lens' AwsEcsContainerDetails (Prelude.Maybe Prelude.Bool)
+awsEcsContainerDetails_privileged = Lens.lens (\AwsEcsContainerDetails' {privileged} -> privileged) (\s@AwsEcsContainerDetails' {} a -> s {privileged = a} :: AwsEcsContainerDetails)
+
+instance Data.FromJSON AwsEcsContainerDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEcsContainerDetails"
+      ( \x ->
+          AwsEcsContainerDetails'
+            Prelude.<$> (x Data..:? "Image")
+            Prelude.<*> (x Data..:? "MountPoints" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Privileged")
+      )
+
+instance Prelude.Hashable AwsEcsContainerDetails where
+  hashWithSalt _salt AwsEcsContainerDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` image
+      `Prelude.hashWithSalt` mountPoints
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` privileged
+
+instance Prelude.NFData AwsEcsContainerDetails where
+  rnf AwsEcsContainerDetails' {..} =
+    Prelude.rnf image
+      `Prelude.seq` Prelude.rnf mountPoints
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf privileged
+
+instance Data.ToJSON AwsEcsContainerDetails where
+  toJSON AwsEcsContainerDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Image" Data..=) Prelude.<$> image,
+            ("MountPoints" Data..=) Prelude.<$> mountPoints,
+            ("Name" Data..=) Prelude.<$> name,
+            ("Privileged" Data..=) Prelude.<$> privileged
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsServiceCapacityProviderStrategyDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceCapacityProviderStrategyDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceCapacityProviderStrategyDetails.hs
@@ -0,0 +1,151 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsServiceCapacityProviderStrategyDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsServiceCapacityProviderStrategyDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Strategy item for the capacity provider strategy that the service uses.
+--
+-- /See:/ 'newAwsEcsServiceCapacityProviderStrategyDetails' smart constructor.
+data AwsEcsServiceCapacityProviderStrategyDetails = AwsEcsServiceCapacityProviderStrategyDetails'
+  { -- | The minimum number of tasks to run on the capacity provider. Only one
+    -- strategy item can specify a value for @Base@.
+    --
+    -- The value must be between 0 and 100000.
+    base :: Prelude.Maybe Prelude.Int,
+    -- | The short name of the capacity provider.
+    capacityProvider :: Prelude.Maybe Prelude.Text,
+    -- | The relative percentage of the total number of tasks that should use the
+    -- capacity provider.
+    --
+    -- If no weight is specified, the default value is 0. At least one capacity
+    -- provider must have a weight greater than 0.
+    --
+    -- The value can be between 0 and 1000.
+    weight :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsServiceCapacityProviderStrategyDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'base', 'awsEcsServiceCapacityProviderStrategyDetails_base' - The minimum number of tasks to run on the capacity provider. Only one
+-- strategy item can specify a value for @Base@.
+--
+-- The value must be between 0 and 100000.
+--
+-- 'capacityProvider', 'awsEcsServiceCapacityProviderStrategyDetails_capacityProvider' - The short name of the capacity provider.
+--
+-- 'weight', 'awsEcsServiceCapacityProviderStrategyDetails_weight' - The relative percentage of the total number of tasks that should use the
+-- capacity provider.
+--
+-- If no weight is specified, the default value is 0. At least one capacity
+-- provider must have a weight greater than 0.
+--
+-- The value can be between 0 and 1000.
+newAwsEcsServiceCapacityProviderStrategyDetails ::
+  AwsEcsServiceCapacityProviderStrategyDetails
+newAwsEcsServiceCapacityProviderStrategyDetails =
+  AwsEcsServiceCapacityProviderStrategyDetails'
+    { base =
+        Prelude.Nothing,
+      capacityProvider =
+        Prelude.Nothing,
+      weight = Prelude.Nothing
+    }
+
+-- | The minimum number of tasks to run on the capacity provider. Only one
+-- strategy item can specify a value for @Base@.
+--
+-- The value must be between 0 and 100000.
+awsEcsServiceCapacityProviderStrategyDetails_base :: Lens.Lens' AwsEcsServiceCapacityProviderStrategyDetails (Prelude.Maybe Prelude.Int)
+awsEcsServiceCapacityProviderStrategyDetails_base = Lens.lens (\AwsEcsServiceCapacityProviderStrategyDetails' {base} -> base) (\s@AwsEcsServiceCapacityProviderStrategyDetails' {} a -> s {base = a} :: AwsEcsServiceCapacityProviderStrategyDetails)
+
+-- | The short name of the capacity provider.
+awsEcsServiceCapacityProviderStrategyDetails_capacityProvider :: Lens.Lens' AwsEcsServiceCapacityProviderStrategyDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceCapacityProviderStrategyDetails_capacityProvider = Lens.lens (\AwsEcsServiceCapacityProviderStrategyDetails' {capacityProvider} -> capacityProvider) (\s@AwsEcsServiceCapacityProviderStrategyDetails' {} a -> s {capacityProvider = a} :: AwsEcsServiceCapacityProviderStrategyDetails)
+
+-- | The relative percentage of the total number of tasks that should use the
+-- capacity provider.
+--
+-- If no weight is specified, the default value is 0. At least one capacity
+-- provider must have a weight greater than 0.
+--
+-- The value can be between 0 and 1000.
+awsEcsServiceCapacityProviderStrategyDetails_weight :: Lens.Lens' AwsEcsServiceCapacityProviderStrategyDetails (Prelude.Maybe Prelude.Int)
+awsEcsServiceCapacityProviderStrategyDetails_weight = Lens.lens (\AwsEcsServiceCapacityProviderStrategyDetails' {weight} -> weight) (\s@AwsEcsServiceCapacityProviderStrategyDetails' {} a -> s {weight = a} :: AwsEcsServiceCapacityProviderStrategyDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsServiceCapacityProviderStrategyDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsServiceCapacityProviderStrategyDetails"
+      ( \x ->
+          AwsEcsServiceCapacityProviderStrategyDetails'
+            Prelude.<$> (x Data..:? "Base")
+            Prelude.<*> (x Data..:? "CapacityProvider")
+            Prelude.<*> (x Data..:? "Weight")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsServiceCapacityProviderStrategyDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsServiceCapacityProviderStrategyDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` base
+        `Prelude.hashWithSalt` capacityProvider
+        `Prelude.hashWithSalt` weight
+
+instance
+  Prelude.NFData
+    AwsEcsServiceCapacityProviderStrategyDetails
+  where
+  rnf AwsEcsServiceCapacityProviderStrategyDetails' {..} =
+    Prelude.rnf base
+      `Prelude.seq` Prelude.rnf capacityProvider
+      `Prelude.seq` Prelude.rnf weight
+
+instance
+  Data.ToJSON
+    AwsEcsServiceCapacityProviderStrategyDetails
+  where
+  toJSON
+    AwsEcsServiceCapacityProviderStrategyDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Base" Data..=) Prelude.<$> base,
+              ("CapacityProvider" Data..=)
+                Prelude.<$> capacityProvider,
+              ("Weight" Data..=) Prelude.<$> weight
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails.hs
@@ -0,0 +1,118 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Determines whether a service deployment fails if a service cannot reach
+-- a steady state.
+--
+-- /See:/ 'newAwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails' smart constructor.
+data AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails = AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails'
+  { -- | Whether to enable the deployment circuit breaker logic for the service.
+    enable :: Prelude.Maybe Prelude.Bool,
+    -- | Whether to roll back the service if a service deployment fails. If
+    -- rollback is enabled, when a service deployment fails, the service is
+    -- rolled back to the last deployment that completed successfully.
+    rollback :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enable', 'awsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails_enable' - Whether to enable the deployment circuit breaker logic for the service.
+--
+-- 'rollback', 'awsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails_rollback' - Whether to roll back the service if a service deployment fails. If
+-- rollback is enabled, when a service deployment fails, the service is
+-- rolled back to the last deployment that completed successfully.
+newAwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails ::
+  AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails
+newAwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails =
+  AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails'
+    { enable =
+        Prelude.Nothing,
+      rollback =
+        Prelude.Nothing
+    }
+
+-- | Whether to enable the deployment circuit breaker logic for the service.
+awsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails_enable :: Lens.Lens' AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails (Prelude.Maybe Prelude.Bool)
+awsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails_enable = Lens.lens (\AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails' {enable} -> enable) (\s@AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails' {} a -> s {enable = a} :: AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails)
+
+-- | Whether to roll back the service if a service deployment fails. If
+-- rollback is enabled, when a service deployment fails, the service is
+-- rolled back to the last deployment that completed successfully.
+awsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails_rollback :: Lens.Lens' AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails (Prelude.Maybe Prelude.Bool)
+awsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails_rollback = Lens.lens (\AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails' {rollback} -> rollback) (\s@AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails' {} a -> s {rollback = a} :: AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails"
+      ( \x ->
+          AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails'
+            Prelude.<$> (x Data..:? "Enable")
+            Prelude.<*> (x Data..:? "Rollback")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` enable
+        `Prelude.hashWithSalt` rollback
+
+instance
+  Prelude.NFData
+    AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails
+  where
+  rnf
+    AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails' {..} =
+      Prelude.rnf enable
+        `Prelude.seq` Prelude.rnf rollback
+
+instance
+  Data.ToJSON
+    AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails
+  where
+  toJSON
+    AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Enable" Data..=) Prelude.<$> enable,
+              ("Rollback" Data..=) Prelude.<$> rollback
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsServiceDeploymentConfigurationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceDeploymentConfigurationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceDeploymentConfigurationDetails.hs
@@ -0,0 +1,206 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentConfigurationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentConfigurationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails
+
+-- | Optional deployment parameters for the service.
+--
+-- /See:/ 'newAwsEcsServiceDeploymentConfigurationDetails' smart constructor.
+data AwsEcsServiceDeploymentConfigurationDetails = AwsEcsServiceDeploymentConfigurationDetails'
+  { -- | Determines whether a service deployment fails if a service cannot reach
+    -- a steady state.
+    deploymentCircuitBreaker :: Prelude.Maybe AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails,
+    -- | For a service that uses the rolling update (@ECS@) deployment type, the
+    -- maximum number of tasks in a service that are allowed in the @RUNNING@
+    -- or @PENDING@ state during a deployment, and for tasks that use the EC2
+    -- launch type, when any container instances are in the @DRAINING@ state.
+    -- Provided as a percentage of the desired number of tasks. The default
+    -- value is 200%.
+    --
+    -- For a service that uses the blue\/green (@CODE_DEPLOY@) or @EXTERNAL@
+    -- deployment types, and tasks that use the EC2 launch type, the maximum
+    -- number of tasks in the service that remain in the @RUNNING@ state while
+    -- the container instances are in the @DRAINING@ state.
+    --
+    -- For the Fargate launch type, the maximum percent value is not used.
+    maximumPercent :: Prelude.Maybe Prelude.Int,
+    -- | For a service that uses the rolling update (@ECS@) deployment type, the
+    -- minimum number of tasks in a service that must remain in the @RUNNING@
+    -- state during a deployment, and while any container instances are in the
+    -- @DRAINING@ state if the service contains tasks using the EC2 launch
+    -- type. Expressed as a percentage of the desired number of tasks. The
+    -- default value is 100%.
+    --
+    -- For a service that uses the blue\/green (@CODE_DEPLOY@) or @EXTERNAL@
+    -- deployment types and tasks that use the EC2 launch type, the minimum
+    -- number of the tasks in the service that remain in the @RUNNING@ state
+    -- while the container instances are in the @DRAINING@ state.
+    --
+    -- For the Fargate launch type, the minimum healthy percent value is not
+    -- used.
+    minimumHealthyPercent :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsServiceDeploymentConfigurationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deploymentCircuitBreaker', 'awsEcsServiceDeploymentConfigurationDetails_deploymentCircuitBreaker' - Determines whether a service deployment fails if a service cannot reach
+-- a steady state.
+--
+-- 'maximumPercent', 'awsEcsServiceDeploymentConfigurationDetails_maximumPercent' - For a service that uses the rolling update (@ECS@) deployment type, the
+-- maximum number of tasks in a service that are allowed in the @RUNNING@
+-- or @PENDING@ state during a deployment, and for tasks that use the EC2
+-- launch type, when any container instances are in the @DRAINING@ state.
+-- Provided as a percentage of the desired number of tasks. The default
+-- value is 200%.
+--
+-- For a service that uses the blue\/green (@CODE_DEPLOY@) or @EXTERNAL@
+-- deployment types, and tasks that use the EC2 launch type, the maximum
+-- number of tasks in the service that remain in the @RUNNING@ state while
+-- the container instances are in the @DRAINING@ state.
+--
+-- For the Fargate launch type, the maximum percent value is not used.
+--
+-- 'minimumHealthyPercent', 'awsEcsServiceDeploymentConfigurationDetails_minimumHealthyPercent' - For a service that uses the rolling update (@ECS@) deployment type, the
+-- minimum number of tasks in a service that must remain in the @RUNNING@
+-- state during a deployment, and while any container instances are in the
+-- @DRAINING@ state if the service contains tasks using the EC2 launch
+-- type. Expressed as a percentage of the desired number of tasks. The
+-- default value is 100%.
+--
+-- For a service that uses the blue\/green (@CODE_DEPLOY@) or @EXTERNAL@
+-- deployment types and tasks that use the EC2 launch type, the minimum
+-- number of the tasks in the service that remain in the @RUNNING@ state
+-- while the container instances are in the @DRAINING@ state.
+--
+-- For the Fargate launch type, the minimum healthy percent value is not
+-- used.
+newAwsEcsServiceDeploymentConfigurationDetails ::
+  AwsEcsServiceDeploymentConfigurationDetails
+newAwsEcsServiceDeploymentConfigurationDetails =
+  AwsEcsServiceDeploymentConfigurationDetails'
+    { deploymentCircuitBreaker =
+        Prelude.Nothing,
+      maximumPercent =
+        Prelude.Nothing,
+      minimumHealthyPercent =
+        Prelude.Nothing
+    }
+
+-- | Determines whether a service deployment fails if a service cannot reach
+-- a steady state.
+awsEcsServiceDeploymentConfigurationDetails_deploymentCircuitBreaker :: Lens.Lens' AwsEcsServiceDeploymentConfigurationDetails (Prelude.Maybe AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails)
+awsEcsServiceDeploymentConfigurationDetails_deploymentCircuitBreaker = Lens.lens (\AwsEcsServiceDeploymentConfigurationDetails' {deploymentCircuitBreaker} -> deploymentCircuitBreaker) (\s@AwsEcsServiceDeploymentConfigurationDetails' {} a -> s {deploymentCircuitBreaker = a} :: AwsEcsServiceDeploymentConfigurationDetails)
+
+-- | For a service that uses the rolling update (@ECS@) deployment type, the
+-- maximum number of tasks in a service that are allowed in the @RUNNING@
+-- or @PENDING@ state during a deployment, and for tasks that use the EC2
+-- launch type, when any container instances are in the @DRAINING@ state.
+-- Provided as a percentage of the desired number of tasks. The default
+-- value is 200%.
+--
+-- For a service that uses the blue\/green (@CODE_DEPLOY@) or @EXTERNAL@
+-- deployment types, and tasks that use the EC2 launch type, the maximum
+-- number of tasks in the service that remain in the @RUNNING@ state while
+-- the container instances are in the @DRAINING@ state.
+--
+-- For the Fargate launch type, the maximum percent value is not used.
+awsEcsServiceDeploymentConfigurationDetails_maximumPercent :: Lens.Lens' AwsEcsServiceDeploymentConfigurationDetails (Prelude.Maybe Prelude.Int)
+awsEcsServiceDeploymentConfigurationDetails_maximumPercent = Lens.lens (\AwsEcsServiceDeploymentConfigurationDetails' {maximumPercent} -> maximumPercent) (\s@AwsEcsServiceDeploymentConfigurationDetails' {} a -> s {maximumPercent = a} :: AwsEcsServiceDeploymentConfigurationDetails)
+
+-- | For a service that uses the rolling update (@ECS@) deployment type, the
+-- minimum number of tasks in a service that must remain in the @RUNNING@
+-- state during a deployment, and while any container instances are in the
+-- @DRAINING@ state if the service contains tasks using the EC2 launch
+-- type. Expressed as a percentage of the desired number of tasks. The
+-- default value is 100%.
+--
+-- For a service that uses the blue\/green (@CODE_DEPLOY@) or @EXTERNAL@
+-- deployment types and tasks that use the EC2 launch type, the minimum
+-- number of the tasks in the service that remain in the @RUNNING@ state
+-- while the container instances are in the @DRAINING@ state.
+--
+-- For the Fargate launch type, the minimum healthy percent value is not
+-- used.
+awsEcsServiceDeploymentConfigurationDetails_minimumHealthyPercent :: Lens.Lens' AwsEcsServiceDeploymentConfigurationDetails (Prelude.Maybe Prelude.Int)
+awsEcsServiceDeploymentConfigurationDetails_minimumHealthyPercent = Lens.lens (\AwsEcsServiceDeploymentConfigurationDetails' {minimumHealthyPercent} -> minimumHealthyPercent) (\s@AwsEcsServiceDeploymentConfigurationDetails' {} a -> s {minimumHealthyPercent = a} :: AwsEcsServiceDeploymentConfigurationDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsServiceDeploymentConfigurationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsServiceDeploymentConfigurationDetails"
+      ( \x ->
+          AwsEcsServiceDeploymentConfigurationDetails'
+            Prelude.<$> (x Data..:? "DeploymentCircuitBreaker")
+            Prelude.<*> (x Data..:? "MaximumPercent")
+            Prelude.<*> (x Data..:? "MinimumHealthyPercent")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsServiceDeploymentConfigurationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsServiceDeploymentConfigurationDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` deploymentCircuitBreaker
+        `Prelude.hashWithSalt` maximumPercent
+        `Prelude.hashWithSalt` minimumHealthyPercent
+
+instance
+  Prelude.NFData
+    AwsEcsServiceDeploymentConfigurationDetails
+  where
+  rnf AwsEcsServiceDeploymentConfigurationDetails' {..} =
+    Prelude.rnf deploymentCircuitBreaker
+      `Prelude.seq` Prelude.rnf maximumPercent
+      `Prelude.seq` Prelude.rnf minimumHealthyPercent
+
+instance
+  Data.ToJSON
+    AwsEcsServiceDeploymentConfigurationDetails
+  where
+  toJSON
+    AwsEcsServiceDeploymentConfigurationDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DeploymentCircuitBreaker" Data..=)
+                Prelude.<$> deploymentCircuitBreaker,
+              ("MaximumPercent" Data..=)
+                Prelude.<$> maximumPercent,
+              ("MinimumHealthyPercent" Data..=)
+                Prelude.<$> minimumHealthyPercent
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsServiceDeploymentControllerDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceDeploymentControllerDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceDeploymentControllerDetails.hs
@@ -0,0 +1,129 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentControllerDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentControllerDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the deployment controller type that the service uses.
+--
+-- /See:/ 'newAwsEcsServiceDeploymentControllerDetails' smart constructor.
+data AwsEcsServiceDeploymentControllerDetails = AwsEcsServiceDeploymentControllerDetails'
+  { -- | The rolling update (@ECS@) deployment type replaces the current running
+    -- version of the container with the latest version.
+    --
+    -- The blue\/green (@CODE_DEPLOY@) deployment type uses the blue\/green
+    -- deployment model that is powered by CodeDeploy. This deployment model a
+    -- new deployment of a service can be verified before production traffic is
+    -- sent to it.
+    --
+    -- The external (@EXTERNAL@) deployment type allows the use of any
+    -- third-party deployment controller for full control over the deployment
+    -- process for an Amazon ECS service.
+    --
+    -- Valid values: @ECS@ | @CODE_DEPLOY@ | @EXTERNAL@
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsServiceDeploymentControllerDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'type'', 'awsEcsServiceDeploymentControllerDetails_type' - The rolling update (@ECS@) deployment type replaces the current running
+-- version of the container with the latest version.
+--
+-- The blue\/green (@CODE_DEPLOY@) deployment type uses the blue\/green
+-- deployment model that is powered by CodeDeploy. This deployment model a
+-- new deployment of a service can be verified before production traffic is
+-- sent to it.
+--
+-- The external (@EXTERNAL@) deployment type allows the use of any
+-- third-party deployment controller for full control over the deployment
+-- process for an Amazon ECS service.
+--
+-- Valid values: @ECS@ | @CODE_DEPLOY@ | @EXTERNAL@
+newAwsEcsServiceDeploymentControllerDetails ::
+  AwsEcsServiceDeploymentControllerDetails
+newAwsEcsServiceDeploymentControllerDetails =
+  AwsEcsServiceDeploymentControllerDetails'
+    { type' =
+        Prelude.Nothing
+    }
+
+-- | The rolling update (@ECS@) deployment type replaces the current running
+-- version of the container with the latest version.
+--
+-- The blue\/green (@CODE_DEPLOY@) deployment type uses the blue\/green
+-- deployment model that is powered by CodeDeploy. This deployment model a
+-- new deployment of a service can be verified before production traffic is
+-- sent to it.
+--
+-- The external (@EXTERNAL@) deployment type allows the use of any
+-- third-party deployment controller for full control over the deployment
+-- process for an Amazon ECS service.
+--
+-- Valid values: @ECS@ | @CODE_DEPLOY@ | @EXTERNAL@
+awsEcsServiceDeploymentControllerDetails_type :: Lens.Lens' AwsEcsServiceDeploymentControllerDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceDeploymentControllerDetails_type = Lens.lens (\AwsEcsServiceDeploymentControllerDetails' {type'} -> type') (\s@AwsEcsServiceDeploymentControllerDetails' {} a -> s {type' = a} :: AwsEcsServiceDeploymentControllerDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsServiceDeploymentControllerDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsServiceDeploymentControllerDetails"
+      ( \x ->
+          AwsEcsServiceDeploymentControllerDetails'
+            Prelude.<$> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsServiceDeploymentControllerDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsServiceDeploymentControllerDetails' {..} =
+      _salt `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsEcsServiceDeploymentControllerDetails
+  where
+  rnf AwsEcsServiceDeploymentControllerDetails' {..} =
+    Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsEcsServiceDeploymentControllerDetails
+  where
+  toJSON AwsEcsServiceDeploymentControllerDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Type" Data..=) Prelude.<$> type']
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsServiceDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceDetails.hs
@@ -0,0 +1,484 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsServiceDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsServiceDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcsServiceCapacityProviderStrategyDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceDeploymentControllerDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceLoadBalancersDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceNetworkConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsServicePlacementConstraintsDetails
+import Amazonka.SecurityHub.Types.AwsEcsServicePlacementStrategiesDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceServiceRegistriesDetails
+
+-- | Provides details about a service within an ECS cluster.
+--
+-- /See:/ 'newAwsEcsServiceDetails' smart constructor.
+data AwsEcsServiceDetails = AwsEcsServiceDetails'
+  { -- | The capacity provider strategy that the service uses.
+    capacityProviderStrategy :: Prelude.Maybe [AwsEcsServiceCapacityProviderStrategyDetails],
+    -- | The ARN of the cluster that hosts the service.
+    cluster :: Prelude.Maybe Prelude.Text,
+    -- | Deployment parameters for the service. Includes the number of tasks that
+    -- run and the order in which to start and stop tasks.
+    deploymentConfiguration :: Prelude.Maybe AwsEcsServiceDeploymentConfigurationDetails,
+    -- | Contains the deployment controller type that the service uses.
+    deploymentController :: Prelude.Maybe AwsEcsServiceDeploymentControllerDetails,
+    -- | The number of instantiations of the task definition to run on the
+    -- service.
+    desiredCount :: Prelude.Maybe Prelude.Int,
+    -- | Whether to enable Amazon ECS managed tags for the tasks in the service.
+    enableEcsManagedTags :: Prelude.Maybe Prelude.Bool,
+    -- | Whether the execute command functionality is enabled for the service.
+    enableExecuteCommand :: Prelude.Maybe Prelude.Bool,
+    -- | After a task starts, the amount of time in seconds that the Amazon ECS
+    -- service scheduler ignores unhealthy Elastic Load Balancing target health
+    -- checks.
+    healthCheckGracePeriodSeconds :: Prelude.Maybe Prelude.Int,
+    -- | The launch type that the service uses.
+    --
+    -- Valid values: @EC2@ | @FARGATE@ | @EXTERNAL@
+    launchType :: Prelude.Maybe Prelude.Text,
+    -- | Information about the load balancers that the service uses.
+    loadBalancers :: Prelude.Maybe [AwsEcsServiceLoadBalancersDetails],
+    -- | The name of the service.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | For tasks that use the @awsvpc@ networking mode, the VPC subnet and
+    -- security group configuration.
+    networkConfiguration :: Prelude.Maybe AwsEcsServiceNetworkConfigurationDetails,
+    -- | The placement constraints for the tasks in the service.
+    placementConstraints :: Prelude.Maybe [AwsEcsServicePlacementConstraintsDetails],
+    -- | Information about how tasks for the service are placed.
+    placementStrategies :: Prelude.Maybe [AwsEcsServicePlacementStrategiesDetails],
+    -- | The platform version on which to run the service. Only specified for
+    -- tasks that are hosted on Fargate. If a platform version is not
+    -- specified, the @LATEST@ platform version is used by default.
+    platformVersion :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether to propagate the tags from the task definition to the
+    -- task or from the service to the task. If no value is provided, then tags
+    -- are not propagated.
+    --
+    -- Valid values: @TASK_DEFINITION@ | @SERVICE@
+    propagateTags :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the IAM role that is associated with the service. The role
+    -- allows the Amazon ECS container agent to register container instances
+    -- with an Elastic Load Balancing load balancer.
+    role' :: Prelude.Maybe Prelude.Text,
+    -- | The scheduling strategy to use for the service.
+    --
+    -- The @REPLICA@ scheduling strategy places and maintains the desired
+    -- number of tasks across the cluster. By default, the service scheduler
+    -- spreads tasks across Availability Zones. Task placement strategies and
+    -- constraints are used to customize task placement decisions.
+    --
+    -- The @DAEMON@ scheduling strategy deploys exactly one task on each active
+    -- container instance that meets all of the task placement constraints that
+    -- are specified in the cluster. The service scheduler also evaluates the
+    -- task placement constraints for running tasks and stops tasks that do not
+    -- meet the placement constraints.
+    --
+    -- Valid values: @REPLICA@ | @DAEMON@
+    schedulingStrategy :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the service.
+    serviceArn :: Prelude.Maybe Prelude.Text,
+    -- | The name of the service.
+    --
+    -- The name can contain up to 255 characters. It can use letters, numbers,
+    -- underscores, and hyphens.
+    serviceName :: Prelude.Maybe Prelude.Text,
+    -- | Information about the service discovery registries to assign to the
+    -- service.
+    serviceRegistries :: Prelude.Maybe [AwsEcsServiceServiceRegistriesDetails],
+    -- | The task definition to use for tasks in the service.
+    taskDefinition :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsServiceDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'capacityProviderStrategy', 'awsEcsServiceDetails_capacityProviderStrategy' - The capacity provider strategy that the service uses.
+--
+-- 'cluster', 'awsEcsServiceDetails_cluster' - The ARN of the cluster that hosts the service.
+--
+-- 'deploymentConfiguration', 'awsEcsServiceDetails_deploymentConfiguration' - Deployment parameters for the service. Includes the number of tasks that
+-- run and the order in which to start and stop tasks.
+--
+-- 'deploymentController', 'awsEcsServiceDetails_deploymentController' - Contains the deployment controller type that the service uses.
+--
+-- 'desiredCount', 'awsEcsServiceDetails_desiredCount' - The number of instantiations of the task definition to run on the
+-- service.
+--
+-- 'enableEcsManagedTags', 'awsEcsServiceDetails_enableEcsManagedTags' - Whether to enable Amazon ECS managed tags for the tasks in the service.
+--
+-- 'enableExecuteCommand', 'awsEcsServiceDetails_enableExecuteCommand' - Whether the execute command functionality is enabled for the service.
+--
+-- 'healthCheckGracePeriodSeconds', 'awsEcsServiceDetails_healthCheckGracePeriodSeconds' - After a task starts, the amount of time in seconds that the Amazon ECS
+-- service scheduler ignores unhealthy Elastic Load Balancing target health
+-- checks.
+--
+-- 'launchType', 'awsEcsServiceDetails_launchType' - The launch type that the service uses.
+--
+-- Valid values: @EC2@ | @FARGATE@ | @EXTERNAL@
+--
+-- 'loadBalancers', 'awsEcsServiceDetails_loadBalancers' - Information about the load balancers that the service uses.
+--
+-- 'name', 'awsEcsServiceDetails_name' - The name of the service.
+--
+-- 'networkConfiguration', 'awsEcsServiceDetails_networkConfiguration' - For tasks that use the @awsvpc@ networking mode, the VPC subnet and
+-- security group configuration.
+--
+-- 'placementConstraints', 'awsEcsServiceDetails_placementConstraints' - The placement constraints for the tasks in the service.
+--
+-- 'placementStrategies', 'awsEcsServiceDetails_placementStrategies' - Information about how tasks for the service are placed.
+--
+-- 'platformVersion', 'awsEcsServiceDetails_platformVersion' - The platform version on which to run the service. Only specified for
+-- tasks that are hosted on Fargate. If a platform version is not
+-- specified, the @LATEST@ platform version is used by default.
+--
+-- 'propagateTags', 'awsEcsServiceDetails_propagateTags' - Indicates whether to propagate the tags from the task definition to the
+-- task or from the service to the task. If no value is provided, then tags
+-- are not propagated.
+--
+-- Valid values: @TASK_DEFINITION@ | @SERVICE@
+--
+-- 'role'', 'awsEcsServiceDetails_role' - The ARN of the IAM role that is associated with the service. The role
+-- allows the Amazon ECS container agent to register container instances
+-- with an Elastic Load Balancing load balancer.
+--
+-- 'schedulingStrategy', 'awsEcsServiceDetails_schedulingStrategy' - The scheduling strategy to use for the service.
+--
+-- The @REPLICA@ scheduling strategy places and maintains the desired
+-- number of tasks across the cluster. By default, the service scheduler
+-- spreads tasks across Availability Zones. Task placement strategies and
+-- constraints are used to customize task placement decisions.
+--
+-- The @DAEMON@ scheduling strategy deploys exactly one task on each active
+-- container instance that meets all of the task placement constraints that
+-- are specified in the cluster. The service scheduler also evaluates the
+-- task placement constraints for running tasks and stops tasks that do not
+-- meet the placement constraints.
+--
+-- Valid values: @REPLICA@ | @DAEMON@
+--
+-- 'serviceArn', 'awsEcsServiceDetails_serviceArn' - The ARN of the service.
+--
+-- 'serviceName', 'awsEcsServiceDetails_serviceName' - The name of the service.
+--
+-- The name can contain up to 255 characters. It can use letters, numbers,
+-- underscores, and hyphens.
+--
+-- 'serviceRegistries', 'awsEcsServiceDetails_serviceRegistries' - Information about the service discovery registries to assign to the
+-- service.
+--
+-- 'taskDefinition', 'awsEcsServiceDetails_taskDefinition' - The task definition to use for tasks in the service.
+newAwsEcsServiceDetails ::
+  AwsEcsServiceDetails
+newAwsEcsServiceDetails =
+  AwsEcsServiceDetails'
+    { capacityProviderStrategy =
+        Prelude.Nothing,
+      cluster = Prelude.Nothing,
+      deploymentConfiguration = Prelude.Nothing,
+      deploymentController = Prelude.Nothing,
+      desiredCount = Prelude.Nothing,
+      enableEcsManagedTags = Prelude.Nothing,
+      enableExecuteCommand = Prelude.Nothing,
+      healthCheckGracePeriodSeconds = Prelude.Nothing,
+      launchType = Prelude.Nothing,
+      loadBalancers = Prelude.Nothing,
+      name = Prelude.Nothing,
+      networkConfiguration = Prelude.Nothing,
+      placementConstraints = Prelude.Nothing,
+      placementStrategies = Prelude.Nothing,
+      platformVersion = Prelude.Nothing,
+      propagateTags = Prelude.Nothing,
+      role' = Prelude.Nothing,
+      schedulingStrategy = Prelude.Nothing,
+      serviceArn = Prelude.Nothing,
+      serviceName = Prelude.Nothing,
+      serviceRegistries = Prelude.Nothing,
+      taskDefinition = Prelude.Nothing
+    }
+
+-- | The capacity provider strategy that the service uses.
+awsEcsServiceDetails_capacityProviderStrategy :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe [AwsEcsServiceCapacityProviderStrategyDetails])
+awsEcsServiceDetails_capacityProviderStrategy = Lens.lens (\AwsEcsServiceDetails' {capacityProviderStrategy} -> capacityProviderStrategy) (\s@AwsEcsServiceDetails' {} a -> s {capacityProviderStrategy = a} :: AwsEcsServiceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN of the cluster that hosts the service.
+awsEcsServiceDetails_cluster :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceDetails_cluster = Lens.lens (\AwsEcsServiceDetails' {cluster} -> cluster) (\s@AwsEcsServiceDetails' {} a -> s {cluster = a} :: AwsEcsServiceDetails)
+
+-- | Deployment parameters for the service. Includes the number of tasks that
+-- run and the order in which to start and stop tasks.
+awsEcsServiceDetails_deploymentConfiguration :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe AwsEcsServiceDeploymentConfigurationDetails)
+awsEcsServiceDetails_deploymentConfiguration = Lens.lens (\AwsEcsServiceDetails' {deploymentConfiguration} -> deploymentConfiguration) (\s@AwsEcsServiceDetails' {} a -> s {deploymentConfiguration = a} :: AwsEcsServiceDetails)
+
+-- | Contains the deployment controller type that the service uses.
+awsEcsServiceDetails_deploymentController :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe AwsEcsServiceDeploymentControllerDetails)
+awsEcsServiceDetails_deploymentController = Lens.lens (\AwsEcsServiceDetails' {deploymentController} -> deploymentController) (\s@AwsEcsServiceDetails' {} a -> s {deploymentController = a} :: AwsEcsServiceDetails)
+
+-- | The number of instantiations of the task definition to run on the
+-- service.
+awsEcsServiceDetails_desiredCount :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe Prelude.Int)
+awsEcsServiceDetails_desiredCount = Lens.lens (\AwsEcsServiceDetails' {desiredCount} -> desiredCount) (\s@AwsEcsServiceDetails' {} a -> s {desiredCount = a} :: AwsEcsServiceDetails)
+
+-- | Whether to enable Amazon ECS managed tags for the tasks in the service.
+awsEcsServiceDetails_enableEcsManagedTags :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe Prelude.Bool)
+awsEcsServiceDetails_enableEcsManagedTags = Lens.lens (\AwsEcsServiceDetails' {enableEcsManagedTags} -> enableEcsManagedTags) (\s@AwsEcsServiceDetails' {} a -> s {enableEcsManagedTags = a} :: AwsEcsServiceDetails)
+
+-- | Whether the execute command functionality is enabled for the service.
+awsEcsServiceDetails_enableExecuteCommand :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe Prelude.Bool)
+awsEcsServiceDetails_enableExecuteCommand = Lens.lens (\AwsEcsServiceDetails' {enableExecuteCommand} -> enableExecuteCommand) (\s@AwsEcsServiceDetails' {} a -> s {enableExecuteCommand = a} :: AwsEcsServiceDetails)
+
+-- | After a task starts, the amount of time in seconds that the Amazon ECS
+-- service scheduler ignores unhealthy Elastic Load Balancing target health
+-- checks.
+awsEcsServiceDetails_healthCheckGracePeriodSeconds :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe Prelude.Int)
+awsEcsServiceDetails_healthCheckGracePeriodSeconds = Lens.lens (\AwsEcsServiceDetails' {healthCheckGracePeriodSeconds} -> healthCheckGracePeriodSeconds) (\s@AwsEcsServiceDetails' {} a -> s {healthCheckGracePeriodSeconds = a} :: AwsEcsServiceDetails)
+
+-- | The launch type that the service uses.
+--
+-- Valid values: @EC2@ | @FARGATE@ | @EXTERNAL@
+awsEcsServiceDetails_launchType :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceDetails_launchType = Lens.lens (\AwsEcsServiceDetails' {launchType} -> launchType) (\s@AwsEcsServiceDetails' {} a -> s {launchType = a} :: AwsEcsServiceDetails)
+
+-- | Information about the load balancers that the service uses.
+awsEcsServiceDetails_loadBalancers :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe [AwsEcsServiceLoadBalancersDetails])
+awsEcsServiceDetails_loadBalancers = Lens.lens (\AwsEcsServiceDetails' {loadBalancers} -> loadBalancers) (\s@AwsEcsServiceDetails' {} a -> s {loadBalancers = a} :: AwsEcsServiceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the service.
+awsEcsServiceDetails_name :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceDetails_name = Lens.lens (\AwsEcsServiceDetails' {name} -> name) (\s@AwsEcsServiceDetails' {} a -> s {name = a} :: AwsEcsServiceDetails)
+
+-- | For tasks that use the @awsvpc@ networking mode, the VPC subnet and
+-- security group configuration.
+awsEcsServiceDetails_networkConfiguration :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe AwsEcsServiceNetworkConfigurationDetails)
+awsEcsServiceDetails_networkConfiguration = Lens.lens (\AwsEcsServiceDetails' {networkConfiguration} -> networkConfiguration) (\s@AwsEcsServiceDetails' {} a -> s {networkConfiguration = a} :: AwsEcsServiceDetails)
+
+-- | The placement constraints for the tasks in the service.
+awsEcsServiceDetails_placementConstraints :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe [AwsEcsServicePlacementConstraintsDetails])
+awsEcsServiceDetails_placementConstraints = Lens.lens (\AwsEcsServiceDetails' {placementConstraints} -> placementConstraints) (\s@AwsEcsServiceDetails' {} a -> s {placementConstraints = a} :: AwsEcsServiceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Information about how tasks for the service are placed.
+awsEcsServiceDetails_placementStrategies :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe [AwsEcsServicePlacementStrategiesDetails])
+awsEcsServiceDetails_placementStrategies = Lens.lens (\AwsEcsServiceDetails' {placementStrategies} -> placementStrategies) (\s@AwsEcsServiceDetails' {} a -> s {placementStrategies = a} :: AwsEcsServiceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The platform version on which to run the service. Only specified for
+-- tasks that are hosted on Fargate. If a platform version is not
+-- specified, the @LATEST@ platform version is used by default.
+awsEcsServiceDetails_platformVersion :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceDetails_platformVersion = Lens.lens (\AwsEcsServiceDetails' {platformVersion} -> platformVersion) (\s@AwsEcsServiceDetails' {} a -> s {platformVersion = a} :: AwsEcsServiceDetails)
+
+-- | Indicates whether to propagate the tags from the task definition to the
+-- task or from the service to the task. If no value is provided, then tags
+-- are not propagated.
+--
+-- Valid values: @TASK_DEFINITION@ | @SERVICE@
+awsEcsServiceDetails_propagateTags :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceDetails_propagateTags = Lens.lens (\AwsEcsServiceDetails' {propagateTags} -> propagateTags) (\s@AwsEcsServiceDetails' {} a -> s {propagateTags = a} :: AwsEcsServiceDetails)
+
+-- | The ARN of the IAM role that is associated with the service. The role
+-- allows the Amazon ECS container agent to register container instances
+-- with an Elastic Load Balancing load balancer.
+awsEcsServiceDetails_role :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceDetails_role = Lens.lens (\AwsEcsServiceDetails' {role'} -> role') (\s@AwsEcsServiceDetails' {} a -> s {role' = a} :: AwsEcsServiceDetails)
+
+-- | The scheduling strategy to use for the service.
+--
+-- The @REPLICA@ scheduling strategy places and maintains the desired
+-- number of tasks across the cluster. By default, the service scheduler
+-- spreads tasks across Availability Zones. Task placement strategies and
+-- constraints are used to customize task placement decisions.
+--
+-- The @DAEMON@ scheduling strategy deploys exactly one task on each active
+-- container instance that meets all of the task placement constraints that
+-- are specified in the cluster. The service scheduler also evaluates the
+-- task placement constraints for running tasks and stops tasks that do not
+-- meet the placement constraints.
+--
+-- Valid values: @REPLICA@ | @DAEMON@
+awsEcsServiceDetails_schedulingStrategy :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceDetails_schedulingStrategy = Lens.lens (\AwsEcsServiceDetails' {schedulingStrategy} -> schedulingStrategy) (\s@AwsEcsServiceDetails' {} a -> s {schedulingStrategy = a} :: AwsEcsServiceDetails)
+
+-- | The ARN of the service.
+awsEcsServiceDetails_serviceArn :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceDetails_serviceArn = Lens.lens (\AwsEcsServiceDetails' {serviceArn} -> serviceArn) (\s@AwsEcsServiceDetails' {} a -> s {serviceArn = a} :: AwsEcsServiceDetails)
+
+-- | The name of the service.
+--
+-- The name can contain up to 255 characters. It can use letters, numbers,
+-- underscores, and hyphens.
+awsEcsServiceDetails_serviceName :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceDetails_serviceName = Lens.lens (\AwsEcsServiceDetails' {serviceName} -> serviceName) (\s@AwsEcsServiceDetails' {} a -> s {serviceName = a} :: AwsEcsServiceDetails)
+
+-- | Information about the service discovery registries to assign to the
+-- service.
+awsEcsServiceDetails_serviceRegistries :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe [AwsEcsServiceServiceRegistriesDetails])
+awsEcsServiceDetails_serviceRegistries = Lens.lens (\AwsEcsServiceDetails' {serviceRegistries} -> serviceRegistries) (\s@AwsEcsServiceDetails' {} a -> s {serviceRegistries = a} :: AwsEcsServiceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The task definition to use for tasks in the service.
+awsEcsServiceDetails_taskDefinition :: Lens.Lens' AwsEcsServiceDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceDetails_taskDefinition = Lens.lens (\AwsEcsServiceDetails' {taskDefinition} -> taskDefinition) (\s@AwsEcsServiceDetails' {} a -> s {taskDefinition = a} :: AwsEcsServiceDetails)
+
+instance Data.FromJSON AwsEcsServiceDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEcsServiceDetails"
+      ( \x ->
+          AwsEcsServiceDetails'
+            Prelude.<$> ( x
+                            Data..:? "CapacityProviderStrategy"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Cluster")
+            Prelude.<*> (x Data..:? "DeploymentConfiguration")
+            Prelude.<*> (x Data..:? "DeploymentController")
+            Prelude.<*> (x Data..:? "DesiredCount")
+            Prelude.<*> (x Data..:? "EnableEcsManagedTags")
+            Prelude.<*> (x Data..:? "EnableExecuteCommand")
+            Prelude.<*> (x Data..:? "HealthCheckGracePeriodSeconds")
+            Prelude.<*> (x Data..:? "LaunchType")
+            Prelude.<*> (x Data..:? "LoadBalancers" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "NetworkConfiguration")
+            Prelude.<*> ( x
+                            Data..:? "PlacementConstraints"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "PlacementStrategies"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "PlatformVersion")
+            Prelude.<*> (x Data..:? "PropagateTags")
+            Prelude.<*> (x Data..:? "Role")
+            Prelude.<*> (x Data..:? "SchedulingStrategy")
+            Prelude.<*> (x Data..:? "ServiceArn")
+            Prelude.<*> (x Data..:? "ServiceName")
+            Prelude.<*> ( x
+                            Data..:? "ServiceRegistries"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "TaskDefinition")
+      )
+
+instance Prelude.Hashable AwsEcsServiceDetails where
+  hashWithSalt _salt AwsEcsServiceDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` capacityProviderStrategy
+      `Prelude.hashWithSalt` cluster
+      `Prelude.hashWithSalt` deploymentConfiguration
+      `Prelude.hashWithSalt` deploymentController
+      `Prelude.hashWithSalt` desiredCount
+      `Prelude.hashWithSalt` enableEcsManagedTags
+      `Prelude.hashWithSalt` enableExecuteCommand
+      `Prelude.hashWithSalt` healthCheckGracePeriodSeconds
+      `Prelude.hashWithSalt` launchType
+      `Prelude.hashWithSalt` loadBalancers
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` networkConfiguration
+      `Prelude.hashWithSalt` placementConstraints
+      `Prelude.hashWithSalt` placementStrategies
+      `Prelude.hashWithSalt` platformVersion
+      `Prelude.hashWithSalt` propagateTags
+      `Prelude.hashWithSalt` role'
+      `Prelude.hashWithSalt` schedulingStrategy
+      `Prelude.hashWithSalt` serviceArn
+      `Prelude.hashWithSalt` serviceName
+      `Prelude.hashWithSalt` serviceRegistries
+      `Prelude.hashWithSalt` taskDefinition
+
+instance Prelude.NFData AwsEcsServiceDetails where
+  rnf AwsEcsServiceDetails' {..} =
+    Prelude.rnf capacityProviderStrategy
+      `Prelude.seq` Prelude.rnf cluster
+      `Prelude.seq` Prelude.rnf deploymentConfiguration
+      `Prelude.seq` Prelude.rnf deploymentController
+      `Prelude.seq` Prelude.rnf desiredCount
+      `Prelude.seq` Prelude.rnf enableEcsManagedTags
+      `Prelude.seq` Prelude.rnf enableExecuteCommand
+      `Prelude.seq` Prelude.rnf healthCheckGracePeriodSeconds
+      `Prelude.seq` Prelude.rnf launchType
+      `Prelude.seq` Prelude.rnf loadBalancers
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf networkConfiguration
+      `Prelude.seq` Prelude.rnf placementConstraints
+      `Prelude.seq` Prelude.rnf placementStrategies
+      `Prelude.seq` Prelude.rnf platformVersion
+      `Prelude.seq` Prelude.rnf propagateTags
+      `Prelude.seq` Prelude.rnf role'
+      `Prelude.seq` Prelude.rnf schedulingStrategy
+      `Prelude.seq` Prelude.rnf serviceArn
+      `Prelude.seq` Prelude.rnf serviceName
+      `Prelude.seq` Prelude.rnf
+        serviceRegistries
+      `Prelude.seq` Prelude.rnf taskDefinition
+
+instance Data.ToJSON AwsEcsServiceDetails where
+  toJSON AwsEcsServiceDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CapacityProviderStrategy" Data..=)
+              Prelude.<$> capacityProviderStrategy,
+            ("Cluster" Data..=) Prelude.<$> cluster,
+            ("DeploymentConfiguration" Data..=)
+              Prelude.<$> deploymentConfiguration,
+            ("DeploymentController" Data..=)
+              Prelude.<$> deploymentController,
+            ("DesiredCount" Data..=) Prelude.<$> desiredCount,
+            ("EnableEcsManagedTags" Data..=)
+              Prelude.<$> enableEcsManagedTags,
+            ("EnableExecuteCommand" Data..=)
+              Prelude.<$> enableExecuteCommand,
+            ("HealthCheckGracePeriodSeconds" Data..=)
+              Prelude.<$> healthCheckGracePeriodSeconds,
+            ("LaunchType" Data..=) Prelude.<$> launchType,
+            ("LoadBalancers" Data..=) Prelude.<$> loadBalancers,
+            ("Name" Data..=) Prelude.<$> name,
+            ("NetworkConfiguration" Data..=)
+              Prelude.<$> networkConfiguration,
+            ("PlacementConstraints" Data..=)
+              Prelude.<$> placementConstraints,
+            ("PlacementStrategies" Data..=)
+              Prelude.<$> placementStrategies,
+            ("PlatformVersion" Data..=)
+              Prelude.<$> platformVersion,
+            ("PropagateTags" Data..=) Prelude.<$> propagateTags,
+            ("Role" Data..=) Prelude.<$> role',
+            ("SchedulingStrategy" Data..=)
+              Prelude.<$> schedulingStrategy,
+            ("ServiceArn" Data..=) Prelude.<$> serviceArn,
+            ("ServiceName" Data..=) Prelude.<$> serviceName,
+            ("ServiceRegistries" Data..=)
+              Prelude.<$> serviceRegistries,
+            ("TaskDefinition" Data..=)
+              Prelude.<$> taskDefinition
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsServiceLoadBalancersDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceLoadBalancersDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceLoadBalancersDetails.hs
@@ -0,0 +1,175 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsServiceLoadBalancersDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsServiceLoadBalancersDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about a load balancer that the service uses.
+--
+-- /See:/ 'newAwsEcsServiceLoadBalancersDetails' smart constructor.
+data AwsEcsServiceLoadBalancersDetails = AwsEcsServiceLoadBalancersDetails'
+  { -- | The name of the container to associate with the load balancer.
+    containerName :: Prelude.Maybe Prelude.Text,
+    -- | The port on the container to associate with the load balancer. This port
+    -- must correspond to a @containerPort@ in the task definition the tasks in
+    -- the service are using. For tasks that use the EC2 launch type, the
+    -- container instance they are launched on must allow ingress traffic on
+    -- the @hostPort@ of the port mapping.
+    containerPort :: Prelude.Maybe Prelude.Int,
+    -- | The name of the load balancer to associate with the Amazon ECS service
+    -- or task set.
+    --
+    -- Only specified when using a Classic Load Balancer. For an Application
+    -- Load Balancer or a Network Load Balancer, the load balancer name is
+    -- omitted.
+    loadBalancerName :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the Elastic Load Balancing target group or groups associated
+    -- with a service or task set.
+    --
+    -- Only specified when using an Application Load Balancer or a Network Load
+    -- Balancer. For a Classic Load Balancer, the target group ARN is omitted.
+    targetGroupArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsServiceLoadBalancersDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'containerName', 'awsEcsServiceLoadBalancersDetails_containerName' - The name of the container to associate with the load balancer.
+--
+-- 'containerPort', 'awsEcsServiceLoadBalancersDetails_containerPort' - The port on the container to associate with the load balancer. This port
+-- must correspond to a @containerPort@ in the task definition the tasks in
+-- the service are using. For tasks that use the EC2 launch type, the
+-- container instance they are launched on must allow ingress traffic on
+-- the @hostPort@ of the port mapping.
+--
+-- 'loadBalancerName', 'awsEcsServiceLoadBalancersDetails_loadBalancerName' - The name of the load balancer to associate with the Amazon ECS service
+-- or task set.
+--
+-- Only specified when using a Classic Load Balancer. For an Application
+-- Load Balancer or a Network Load Balancer, the load balancer name is
+-- omitted.
+--
+-- 'targetGroupArn', 'awsEcsServiceLoadBalancersDetails_targetGroupArn' - The ARN of the Elastic Load Balancing target group or groups associated
+-- with a service or task set.
+--
+-- Only specified when using an Application Load Balancer or a Network Load
+-- Balancer. For a Classic Load Balancer, the target group ARN is omitted.
+newAwsEcsServiceLoadBalancersDetails ::
+  AwsEcsServiceLoadBalancersDetails
+newAwsEcsServiceLoadBalancersDetails =
+  AwsEcsServiceLoadBalancersDetails'
+    { containerName =
+        Prelude.Nothing,
+      containerPort = Prelude.Nothing,
+      loadBalancerName = Prelude.Nothing,
+      targetGroupArn = Prelude.Nothing
+    }
+
+-- | The name of the container to associate with the load balancer.
+awsEcsServiceLoadBalancersDetails_containerName :: Lens.Lens' AwsEcsServiceLoadBalancersDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceLoadBalancersDetails_containerName = Lens.lens (\AwsEcsServiceLoadBalancersDetails' {containerName} -> containerName) (\s@AwsEcsServiceLoadBalancersDetails' {} a -> s {containerName = a} :: AwsEcsServiceLoadBalancersDetails)
+
+-- | The port on the container to associate with the load balancer. This port
+-- must correspond to a @containerPort@ in the task definition the tasks in
+-- the service are using. For tasks that use the EC2 launch type, the
+-- container instance they are launched on must allow ingress traffic on
+-- the @hostPort@ of the port mapping.
+awsEcsServiceLoadBalancersDetails_containerPort :: Lens.Lens' AwsEcsServiceLoadBalancersDetails (Prelude.Maybe Prelude.Int)
+awsEcsServiceLoadBalancersDetails_containerPort = Lens.lens (\AwsEcsServiceLoadBalancersDetails' {containerPort} -> containerPort) (\s@AwsEcsServiceLoadBalancersDetails' {} a -> s {containerPort = a} :: AwsEcsServiceLoadBalancersDetails)
+
+-- | The name of the load balancer to associate with the Amazon ECS service
+-- or task set.
+--
+-- Only specified when using a Classic Load Balancer. For an Application
+-- Load Balancer or a Network Load Balancer, the load balancer name is
+-- omitted.
+awsEcsServiceLoadBalancersDetails_loadBalancerName :: Lens.Lens' AwsEcsServiceLoadBalancersDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceLoadBalancersDetails_loadBalancerName = Lens.lens (\AwsEcsServiceLoadBalancersDetails' {loadBalancerName} -> loadBalancerName) (\s@AwsEcsServiceLoadBalancersDetails' {} a -> s {loadBalancerName = a} :: AwsEcsServiceLoadBalancersDetails)
+
+-- | The ARN of the Elastic Load Balancing target group or groups associated
+-- with a service or task set.
+--
+-- Only specified when using an Application Load Balancer or a Network Load
+-- Balancer. For a Classic Load Balancer, the target group ARN is omitted.
+awsEcsServiceLoadBalancersDetails_targetGroupArn :: Lens.Lens' AwsEcsServiceLoadBalancersDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceLoadBalancersDetails_targetGroupArn = Lens.lens (\AwsEcsServiceLoadBalancersDetails' {targetGroupArn} -> targetGroupArn) (\s@AwsEcsServiceLoadBalancersDetails' {} a -> s {targetGroupArn = a} :: AwsEcsServiceLoadBalancersDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsServiceLoadBalancersDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsServiceLoadBalancersDetails"
+      ( \x ->
+          AwsEcsServiceLoadBalancersDetails'
+            Prelude.<$> (x Data..:? "ContainerName")
+            Prelude.<*> (x Data..:? "ContainerPort")
+            Prelude.<*> (x Data..:? "LoadBalancerName")
+            Prelude.<*> (x Data..:? "TargetGroupArn")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsServiceLoadBalancersDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsServiceLoadBalancersDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` containerName
+        `Prelude.hashWithSalt` containerPort
+        `Prelude.hashWithSalt` loadBalancerName
+        `Prelude.hashWithSalt` targetGroupArn
+
+instance
+  Prelude.NFData
+    AwsEcsServiceLoadBalancersDetails
+  where
+  rnf AwsEcsServiceLoadBalancersDetails' {..} =
+    Prelude.rnf containerName
+      `Prelude.seq` Prelude.rnf containerPort
+      `Prelude.seq` Prelude.rnf loadBalancerName
+      `Prelude.seq` Prelude.rnf targetGroupArn
+
+instance
+  Data.ToJSON
+    AwsEcsServiceLoadBalancersDetails
+  where
+  toJSON AwsEcsServiceLoadBalancersDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ContainerName" Data..=) Prelude.<$> containerName,
+            ("ContainerPort" Data..=) Prelude.<$> containerPort,
+            ("LoadBalancerName" Data..=)
+              Prelude.<$> loadBalancerName,
+            ("TargetGroupArn" Data..=)
+              Prelude.<$> targetGroupArn
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails.hs
@@ -0,0 +1,149 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | For tasks that use the @awsvpc@ networking mode, the VPC subnet and
+-- security group configuration.
+--
+-- /See:/ 'newAwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails' smart constructor.
+data AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails = AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails'
+  { -- | Whether the task\'s elastic network interface receives a public IP
+    -- address. The default value is @DISABLED@.
+    --
+    -- Valid values: @ENABLED@ | @DISABLED@
+    assignPublicIp :: Prelude.Maybe Prelude.Text,
+    -- | The IDs of the security groups associated with the task or service.
+    --
+    -- You can provide up to five security groups.
+    securityGroups :: Prelude.Maybe [Prelude.Text],
+    -- | The IDs of the subnets associated with the task or service.
+    --
+    -- You can provide up to 16 subnets.
+    subnets :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'assignPublicIp', 'awsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails_assignPublicIp' - Whether the task\'s elastic network interface receives a public IP
+-- address. The default value is @DISABLED@.
+--
+-- Valid values: @ENABLED@ | @DISABLED@
+--
+-- 'securityGroups', 'awsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails_securityGroups' - The IDs of the security groups associated with the task or service.
+--
+-- You can provide up to five security groups.
+--
+-- 'subnets', 'awsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails_subnets' - The IDs of the subnets associated with the task or service.
+--
+-- You can provide up to 16 subnets.
+newAwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails ::
+  AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails
+newAwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails =
+  AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails'
+    { assignPublicIp =
+        Prelude.Nothing,
+      securityGroups =
+        Prelude.Nothing,
+      subnets =
+        Prelude.Nothing
+    }
+
+-- | Whether the task\'s elastic network interface receives a public IP
+-- address. The default value is @DISABLED@.
+--
+-- Valid values: @ENABLED@ | @DISABLED@
+awsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails_assignPublicIp :: Lens.Lens' AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails_assignPublicIp = Lens.lens (\AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails' {assignPublicIp} -> assignPublicIp) (\s@AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails' {} a -> s {assignPublicIp = a} :: AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails)
+
+-- | The IDs of the security groups associated with the task or service.
+--
+-- You can provide up to five security groups.
+awsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails_securityGroups :: Lens.Lens' AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails (Prelude.Maybe [Prelude.Text])
+awsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails_securityGroups = Lens.lens (\AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails' {securityGroups} -> securityGroups) (\s@AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails' {} a -> s {securityGroups = a} :: AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The IDs of the subnets associated with the task or service.
+--
+-- You can provide up to 16 subnets.
+awsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails_subnets :: Lens.Lens' AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails (Prelude.Maybe [Prelude.Text])
+awsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails_subnets = Lens.lens (\AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails' {subnets} -> subnets) (\s@AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails' {} a -> s {subnets = a} :: AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails"
+      ( \x ->
+          AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails'
+            Prelude.<$> (x Data..:? "AssignPublicIp")
+            Prelude.<*> (x Data..:? "SecurityGroups" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Subnets" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` assignPublicIp
+        `Prelude.hashWithSalt` securityGroups
+        `Prelude.hashWithSalt` subnets
+
+instance
+  Prelude.NFData
+    AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails
+  where
+  rnf
+    AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails' {..} =
+      Prelude.rnf assignPublicIp
+        `Prelude.seq` Prelude.rnf securityGroups
+        `Prelude.seq` Prelude.rnf subnets
+
+instance
+  Data.ToJSON
+    AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails
+  where
+  toJSON
+    AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AssignPublicIp" Data..=)
+                Prelude.<$> assignPublicIp,
+              ("SecurityGroups" Data..=)
+                Prelude.<$> securityGroups,
+              ("Subnets" Data..=) Prelude.<$> subnets
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsServiceNetworkConfigurationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceNetworkConfigurationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceNetworkConfigurationDetails.hs
@@ -0,0 +1,97 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsServiceNetworkConfigurationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsServiceNetworkConfigurationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails
+
+-- | For tasks that use the @awsvpc@ networking mode, the VPC subnet and
+-- security group configuration.
+--
+-- /See:/ 'newAwsEcsServiceNetworkConfigurationDetails' smart constructor.
+data AwsEcsServiceNetworkConfigurationDetails = AwsEcsServiceNetworkConfigurationDetails'
+  { -- | The VPC subnet and security group configuration.
+    awsVpcConfiguration :: Prelude.Maybe AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsServiceNetworkConfigurationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'awsVpcConfiguration', 'awsEcsServiceNetworkConfigurationDetails_awsVpcConfiguration' - The VPC subnet and security group configuration.
+newAwsEcsServiceNetworkConfigurationDetails ::
+  AwsEcsServiceNetworkConfigurationDetails
+newAwsEcsServiceNetworkConfigurationDetails =
+  AwsEcsServiceNetworkConfigurationDetails'
+    { awsVpcConfiguration =
+        Prelude.Nothing
+    }
+
+-- | The VPC subnet and security group configuration.
+awsEcsServiceNetworkConfigurationDetails_awsVpcConfiguration :: Lens.Lens' AwsEcsServiceNetworkConfigurationDetails (Prelude.Maybe AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails)
+awsEcsServiceNetworkConfigurationDetails_awsVpcConfiguration = Lens.lens (\AwsEcsServiceNetworkConfigurationDetails' {awsVpcConfiguration} -> awsVpcConfiguration) (\s@AwsEcsServiceNetworkConfigurationDetails' {} a -> s {awsVpcConfiguration = a} :: AwsEcsServiceNetworkConfigurationDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsServiceNetworkConfigurationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsServiceNetworkConfigurationDetails"
+      ( \x ->
+          AwsEcsServiceNetworkConfigurationDetails'
+            Prelude.<$> (x Data..:? "AwsVpcConfiguration")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsServiceNetworkConfigurationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsServiceNetworkConfigurationDetails' {..} =
+      _salt `Prelude.hashWithSalt` awsVpcConfiguration
+
+instance
+  Prelude.NFData
+    AwsEcsServiceNetworkConfigurationDetails
+  where
+  rnf AwsEcsServiceNetworkConfigurationDetails' {..} =
+    Prelude.rnf awsVpcConfiguration
+
+instance
+  Data.ToJSON
+    AwsEcsServiceNetworkConfigurationDetails
+  where
+  toJSON AwsEcsServiceNetworkConfigurationDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AwsVpcConfiguration" Data..=)
+              Prelude.<$> awsVpcConfiguration
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsServicePlacementConstraintsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsServicePlacementConstraintsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsServicePlacementConstraintsDetails.hs
@@ -0,0 +1,126 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsServicePlacementConstraintsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsServicePlacementConstraintsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A placement constraint for the tasks in the service.
+--
+-- /See:/ 'newAwsEcsServicePlacementConstraintsDetails' smart constructor.
+data AwsEcsServicePlacementConstraintsDetails = AwsEcsServicePlacementConstraintsDetails'
+  { -- | A cluster query language expression to apply to the constraint. You
+    -- cannot specify an expression if the constraint type is
+    -- @distinctInstance@.
+    expression :: Prelude.Maybe Prelude.Text,
+    -- | The type of constraint. Use @distinctInstance@ to run each task in a
+    -- particular group on a different container instance. Use @memberOf@ to
+    -- restrict the selection to a group of valid candidates.
+    --
+    -- Valid values: @distinctInstance@ | @memberOf@
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsServicePlacementConstraintsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'expression', 'awsEcsServicePlacementConstraintsDetails_expression' - A cluster query language expression to apply to the constraint. You
+-- cannot specify an expression if the constraint type is
+-- @distinctInstance@.
+--
+-- 'type'', 'awsEcsServicePlacementConstraintsDetails_type' - The type of constraint. Use @distinctInstance@ to run each task in a
+-- particular group on a different container instance. Use @memberOf@ to
+-- restrict the selection to a group of valid candidates.
+--
+-- Valid values: @distinctInstance@ | @memberOf@
+newAwsEcsServicePlacementConstraintsDetails ::
+  AwsEcsServicePlacementConstraintsDetails
+newAwsEcsServicePlacementConstraintsDetails =
+  AwsEcsServicePlacementConstraintsDetails'
+    { expression =
+        Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | A cluster query language expression to apply to the constraint. You
+-- cannot specify an expression if the constraint type is
+-- @distinctInstance@.
+awsEcsServicePlacementConstraintsDetails_expression :: Lens.Lens' AwsEcsServicePlacementConstraintsDetails (Prelude.Maybe Prelude.Text)
+awsEcsServicePlacementConstraintsDetails_expression = Lens.lens (\AwsEcsServicePlacementConstraintsDetails' {expression} -> expression) (\s@AwsEcsServicePlacementConstraintsDetails' {} a -> s {expression = a} :: AwsEcsServicePlacementConstraintsDetails)
+
+-- | The type of constraint. Use @distinctInstance@ to run each task in a
+-- particular group on a different container instance. Use @memberOf@ to
+-- restrict the selection to a group of valid candidates.
+--
+-- Valid values: @distinctInstance@ | @memberOf@
+awsEcsServicePlacementConstraintsDetails_type :: Lens.Lens' AwsEcsServicePlacementConstraintsDetails (Prelude.Maybe Prelude.Text)
+awsEcsServicePlacementConstraintsDetails_type = Lens.lens (\AwsEcsServicePlacementConstraintsDetails' {type'} -> type') (\s@AwsEcsServicePlacementConstraintsDetails' {} a -> s {type' = a} :: AwsEcsServicePlacementConstraintsDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsServicePlacementConstraintsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsServicePlacementConstraintsDetails"
+      ( \x ->
+          AwsEcsServicePlacementConstraintsDetails'
+            Prelude.<$> (x Data..:? "Expression")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsServicePlacementConstraintsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsServicePlacementConstraintsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` expression
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsEcsServicePlacementConstraintsDetails
+  where
+  rnf AwsEcsServicePlacementConstraintsDetails' {..} =
+    Prelude.rnf expression
+      `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsEcsServicePlacementConstraintsDetails
+  where
+  toJSON AwsEcsServicePlacementConstraintsDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Expression" Data..=) Prelude.<$> expression,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsServicePlacementStrategiesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsServicePlacementStrategiesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsServicePlacementStrategiesDetails.hs
@@ -0,0 +1,171 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsServicePlacementStrategiesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsServicePlacementStrategiesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A placement strategy that determines how to place the tasks for the
+-- service.
+--
+-- /See:/ 'newAwsEcsServicePlacementStrategiesDetails' smart constructor.
+data AwsEcsServicePlacementStrategiesDetails = AwsEcsServicePlacementStrategiesDetails'
+  { -- | The field to apply the placement strategy against.
+    --
+    -- For the @spread@ placement strategy, valid values are @instanceId@ (or
+    -- @host@, which has the same effect), or any platform or custom attribute
+    -- that is applied to a container instance, such as
+    -- @attribute:ecs.availability-zone@.
+    --
+    -- For the @binpack@ placement strategy, valid values are @cpu@ and
+    -- @memory@.
+    --
+    -- For the @random@ placement strategy, this attribute is not used.
+    field :: Prelude.Maybe Prelude.Text,
+    -- | The type of placement strategy.
+    --
+    -- The @random@ placement strategy randomly places tasks on available
+    -- candidates.
+    --
+    -- The @spread@ placement strategy spreads placement across available
+    -- candidates evenly based on the value of @Field@.
+    --
+    -- The @binpack@ strategy places tasks on available candidates that have
+    -- the least available amount of the resource that is specified in @Field@.
+    --
+    -- Valid values: @random@ | @spread@ | @binpack@
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsServicePlacementStrategiesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'field', 'awsEcsServicePlacementStrategiesDetails_field' - The field to apply the placement strategy against.
+--
+-- For the @spread@ placement strategy, valid values are @instanceId@ (or
+-- @host@, which has the same effect), or any platform or custom attribute
+-- that is applied to a container instance, such as
+-- @attribute:ecs.availability-zone@.
+--
+-- For the @binpack@ placement strategy, valid values are @cpu@ and
+-- @memory@.
+--
+-- For the @random@ placement strategy, this attribute is not used.
+--
+-- 'type'', 'awsEcsServicePlacementStrategiesDetails_type' - The type of placement strategy.
+--
+-- The @random@ placement strategy randomly places tasks on available
+-- candidates.
+--
+-- The @spread@ placement strategy spreads placement across available
+-- candidates evenly based on the value of @Field@.
+--
+-- The @binpack@ strategy places tasks on available candidates that have
+-- the least available amount of the resource that is specified in @Field@.
+--
+-- Valid values: @random@ | @spread@ | @binpack@
+newAwsEcsServicePlacementStrategiesDetails ::
+  AwsEcsServicePlacementStrategiesDetails
+newAwsEcsServicePlacementStrategiesDetails =
+  AwsEcsServicePlacementStrategiesDetails'
+    { field =
+        Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The field to apply the placement strategy against.
+--
+-- For the @spread@ placement strategy, valid values are @instanceId@ (or
+-- @host@, which has the same effect), or any platform or custom attribute
+-- that is applied to a container instance, such as
+-- @attribute:ecs.availability-zone@.
+--
+-- For the @binpack@ placement strategy, valid values are @cpu@ and
+-- @memory@.
+--
+-- For the @random@ placement strategy, this attribute is not used.
+awsEcsServicePlacementStrategiesDetails_field :: Lens.Lens' AwsEcsServicePlacementStrategiesDetails (Prelude.Maybe Prelude.Text)
+awsEcsServicePlacementStrategiesDetails_field = Lens.lens (\AwsEcsServicePlacementStrategiesDetails' {field} -> field) (\s@AwsEcsServicePlacementStrategiesDetails' {} a -> s {field = a} :: AwsEcsServicePlacementStrategiesDetails)
+
+-- | The type of placement strategy.
+--
+-- The @random@ placement strategy randomly places tasks on available
+-- candidates.
+--
+-- The @spread@ placement strategy spreads placement across available
+-- candidates evenly based on the value of @Field@.
+--
+-- The @binpack@ strategy places tasks on available candidates that have
+-- the least available amount of the resource that is specified in @Field@.
+--
+-- Valid values: @random@ | @spread@ | @binpack@
+awsEcsServicePlacementStrategiesDetails_type :: Lens.Lens' AwsEcsServicePlacementStrategiesDetails (Prelude.Maybe Prelude.Text)
+awsEcsServicePlacementStrategiesDetails_type = Lens.lens (\AwsEcsServicePlacementStrategiesDetails' {type'} -> type') (\s@AwsEcsServicePlacementStrategiesDetails' {} a -> s {type' = a} :: AwsEcsServicePlacementStrategiesDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsServicePlacementStrategiesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsServicePlacementStrategiesDetails"
+      ( \x ->
+          AwsEcsServicePlacementStrategiesDetails'
+            Prelude.<$> (x Data..:? "Field")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsServicePlacementStrategiesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsServicePlacementStrategiesDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` field
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsEcsServicePlacementStrategiesDetails
+  where
+  rnf AwsEcsServicePlacementStrategiesDetails' {..} =
+    Prelude.rnf field `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsEcsServicePlacementStrategiesDetails
+  where
+  toJSON AwsEcsServicePlacementStrategiesDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Field" Data..=) Prelude.<$> field,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsServiceServiceRegistriesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceServiceRegistriesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsServiceServiceRegistriesDetails.hs
@@ -0,0 +1,182 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsServiceServiceRegistriesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsServiceServiceRegistriesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about a service discovery registry to assign to the service.
+--
+-- /See:/ 'newAwsEcsServiceServiceRegistriesDetails' smart constructor.
+data AwsEcsServiceServiceRegistriesDetails = AwsEcsServiceServiceRegistriesDetails'
+  { -- | The container name value to use for the service discovery service.
+    --
+    -- If the task definition uses the @bridge@ or @host@ network mode, you
+    -- must specify @ContainerName@ and @ContainerPort@.
+    --
+    -- If the task definition uses the @awsvpc@ network mode and a type SRV DNS
+    -- record, you must specify either @ContainerName@ and @ContainerPort@, or
+    -- @Port@ , but not both.
+    containerName :: Prelude.Maybe Prelude.Text,
+    -- | The port value to use for the service discovery service.
+    --
+    -- If the task definition uses the @bridge@ or @host@ network mode, you
+    -- must specify @ContainerName@ and @ContainerPort@.
+    --
+    -- If the task definition uses the @awsvpc@ network mode and a type SRV DNS
+    -- record, you must specify either @ContainerName@ and @ContainerPort@, or
+    -- @Port@ , but not both.
+    containerPort :: Prelude.Maybe Prelude.Int,
+    -- | The port value to use for a service discovery service that specifies an
+    -- SRV record. This field can be used if both the @awsvpc@awsvpc network
+    -- mode and SRV records are used.
+    port :: Prelude.Maybe Prelude.Int,
+    -- | The ARN of the service registry.
+    registryArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsServiceServiceRegistriesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'containerName', 'awsEcsServiceServiceRegistriesDetails_containerName' - The container name value to use for the service discovery service.
+--
+-- If the task definition uses the @bridge@ or @host@ network mode, you
+-- must specify @ContainerName@ and @ContainerPort@.
+--
+-- If the task definition uses the @awsvpc@ network mode and a type SRV DNS
+-- record, you must specify either @ContainerName@ and @ContainerPort@, or
+-- @Port@ , but not both.
+--
+-- 'containerPort', 'awsEcsServiceServiceRegistriesDetails_containerPort' - The port value to use for the service discovery service.
+--
+-- If the task definition uses the @bridge@ or @host@ network mode, you
+-- must specify @ContainerName@ and @ContainerPort@.
+--
+-- If the task definition uses the @awsvpc@ network mode and a type SRV DNS
+-- record, you must specify either @ContainerName@ and @ContainerPort@, or
+-- @Port@ , but not both.
+--
+-- 'port', 'awsEcsServiceServiceRegistriesDetails_port' - The port value to use for a service discovery service that specifies an
+-- SRV record. This field can be used if both the @awsvpc@awsvpc network
+-- mode and SRV records are used.
+--
+-- 'registryArn', 'awsEcsServiceServiceRegistriesDetails_registryArn' - The ARN of the service registry.
+newAwsEcsServiceServiceRegistriesDetails ::
+  AwsEcsServiceServiceRegistriesDetails
+newAwsEcsServiceServiceRegistriesDetails =
+  AwsEcsServiceServiceRegistriesDetails'
+    { containerName =
+        Prelude.Nothing,
+      containerPort = Prelude.Nothing,
+      port = Prelude.Nothing,
+      registryArn = Prelude.Nothing
+    }
+
+-- | The container name value to use for the service discovery service.
+--
+-- If the task definition uses the @bridge@ or @host@ network mode, you
+-- must specify @ContainerName@ and @ContainerPort@.
+--
+-- If the task definition uses the @awsvpc@ network mode and a type SRV DNS
+-- record, you must specify either @ContainerName@ and @ContainerPort@, or
+-- @Port@ , but not both.
+awsEcsServiceServiceRegistriesDetails_containerName :: Lens.Lens' AwsEcsServiceServiceRegistriesDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceServiceRegistriesDetails_containerName = Lens.lens (\AwsEcsServiceServiceRegistriesDetails' {containerName} -> containerName) (\s@AwsEcsServiceServiceRegistriesDetails' {} a -> s {containerName = a} :: AwsEcsServiceServiceRegistriesDetails)
+
+-- | The port value to use for the service discovery service.
+--
+-- If the task definition uses the @bridge@ or @host@ network mode, you
+-- must specify @ContainerName@ and @ContainerPort@.
+--
+-- If the task definition uses the @awsvpc@ network mode and a type SRV DNS
+-- record, you must specify either @ContainerName@ and @ContainerPort@, or
+-- @Port@ , but not both.
+awsEcsServiceServiceRegistriesDetails_containerPort :: Lens.Lens' AwsEcsServiceServiceRegistriesDetails (Prelude.Maybe Prelude.Int)
+awsEcsServiceServiceRegistriesDetails_containerPort = Lens.lens (\AwsEcsServiceServiceRegistriesDetails' {containerPort} -> containerPort) (\s@AwsEcsServiceServiceRegistriesDetails' {} a -> s {containerPort = a} :: AwsEcsServiceServiceRegistriesDetails)
+
+-- | The port value to use for a service discovery service that specifies an
+-- SRV record. This field can be used if both the @awsvpc@awsvpc network
+-- mode and SRV records are used.
+awsEcsServiceServiceRegistriesDetails_port :: Lens.Lens' AwsEcsServiceServiceRegistriesDetails (Prelude.Maybe Prelude.Int)
+awsEcsServiceServiceRegistriesDetails_port = Lens.lens (\AwsEcsServiceServiceRegistriesDetails' {port} -> port) (\s@AwsEcsServiceServiceRegistriesDetails' {} a -> s {port = a} :: AwsEcsServiceServiceRegistriesDetails)
+
+-- | The ARN of the service registry.
+awsEcsServiceServiceRegistriesDetails_registryArn :: Lens.Lens' AwsEcsServiceServiceRegistriesDetails (Prelude.Maybe Prelude.Text)
+awsEcsServiceServiceRegistriesDetails_registryArn = Lens.lens (\AwsEcsServiceServiceRegistriesDetails' {registryArn} -> registryArn) (\s@AwsEcsServiceServiceRegistriesDetails' {} a -> s {registryArn = a} :: AwsEcsServiceServiceRegistriesDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsServiceServiceRegistriesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsServiceServiceRegistriesDetails"
+      ( \x ->
+          AwsEcsServiceServiceRegistriesDetails'
+            Prelude.<$> (x Data..:? "ContainerName")
+            Prelude.<*> (x Data..:? "ContainerPort")
+            Prelude.<*> (x Data..:? "Port")
+            Prelude.<*> (x Data..:? "RegistryArn")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsServiceServiceRegistriesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsServiceServiceRegistriesDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` containerName
+        `Prelude.hashWithSalt` containerPort
+        `Prelude.hashWithSalt` port
+        `Prelude.hashWithSalt` registryArn
+
+instance
+  Prelude.NFData
+    AwsEcsServiceServiceRegistriesDetails
+  where
+  rnf AwsEcsServiceServiceRegistriesDetails' {..} =
+    Prelude.rnf containerName
+      `Prelude.seq` Prelude.rnf containerPort
+      `Prelude.seq` Prelude.rnf port
+      `Prelude.seq` Prelude.rnf registryArn
+
+instance
+  Data.ToJSON
+    AwsEcsServiceServiceRegistriesDetails
+  where
+  toJSON AwsEcsServiceServiceRegistriesDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ContainerName" Data..=) Prelude.<$> containerName,
+            ("ContainerPort" Data..=) Prelude.<$> containerPort,
+            ("Port" Data..=) Prelude.<$> port,
+            ("RegistryArn" Data..=) Prelude.<$> registryArn
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails.hs
@@ -0,0 +1,141 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A dependency that is defined for container startup and shutdown.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails = AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails'
+  { -- | The dependency condition of the dependent container. Indicates the
+    -- required status of the dependent container before the current container
+    -- can start. Valid values are as follows:
+    --
+    -- -   @COMPLETE@
+    --
+    -- -   @HEALTHY@
+    --
+    -- -   @SUCCESS@
+    --
+    -- -   @START@
+    condition :: Prelude.Maybe Prelude.Text,
+    -- | The name of the dependent container.
+    containerName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'condition', 'awsEcsTaskDefinitionContainerDefinitionsDependsOnDetails_condition' - The dependency condition of the dependent container. Indicates the
+-- required status of the dependent container before the current container
+-- can start. Valid values are as follows:
+--
+-- -   @COMPLETE@
+--
+-- -   @HEALTHY@
+--
+-- -   @SUCCESS@
+--
+-- -   @START@
+--
+-- 'containerName', 'awsEcsTaskDefinitionContainerDefinitionsDependsOnDetails_containerName' - The name of the dependent container.
+newAwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails
+newAwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails'
+    { condition =
+        Prelude.Nothing,
+      containerName =
+        Prelude.Nothing
+    }
+
+-- | The dependency condition of the dependent container. Indicates the
+-- required status of the dependent container before the current container
+-- can start. Valid values are as follows:
+--
+-- -   @COMPLETE@
+--
+-- -   @HEALTHY@
+--
+-- -   @SUCCESS@
+--
+-- -   @START@
+awsEcsTaskDefinitionContainerDefinitionsDependsOnDetails_condition :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsDependsOnDetails_condition = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails' {condition} -> condition) (\s@AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails' {} a -> s {condition = a} :: AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails)
+
+-- | The name of the dependent container.
+awsEcsTaskDefinitionContainerDefinitionsDependsOnDetails_containerName :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsDependsOnDetails_containerName = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails' {containerName} -> containerName) (\s@AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails' {} a -> s {containerName = a} :: AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails'
+            Prelude.<$> (x Data..:? "Condition")
+            Prelude.<*> (x Data..:? "ContainerName")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` condition
+        `Prelude.hashWithSalt` containerName
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails' {..} =
+      Prelude.rnf condition
+        `Prelude.seq` Prelude.rnf containerName
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Condition" Data..=) Prelude.<$> condition,
+              ("ContainerName" Data..=) Prelude.<$> containerName
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsDetails.hs
@@ -0,0 +1,771 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails
+
+-- | A container definition that describes a container in the task.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsDetails = AwsEcsTaskDefinitionContainerDefinitionsDetails'
+  { -- | The command that is passed to the container.
+    command :: Prelude.Maybe [Prelude.Text],
+    -- | The number of CPU units reserved for the container.
+    cpu :: Prelude.Maybe Prelude.Int,
+    -- | The dependencies that are defined for container startup and shutdown.
+    dependsOn :: Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails],
+    -- | Whether to disable networking within the container.
+    disableNetworking :: Prelude.Maybe Prelude.Bool,
+    -- | A list of DNS search domains that are presented to the container.
+    dnsSearchDomains :: Prelude.Maybe [Prelude.Text],
+    -- | A list of DNS servers that are presented to the container.
+    dnsServers :: Prelude.Maybe [Prelude.Text],
+    -- | A key-value map of labels to add to the container.
+    dockerLabels :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | A list of strings to provide custom labels for SELinux and AppArmor
+    -- multi-level security systems.
+    dockerSecurityOptions :: Prelude.Maybe [Prelude.Text],
+    -- | The entry point that is passed to the container.
+    entryPoint :: Prelude.Maybe [Prelude.Text],
+    -- | The environment variables to pass to a container.
+    environment :: Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails],
+    -- | A list of files containing the environment variables to pass to a
+    -- container.
+    environmentFiles :: Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails],
+    -- | Whether the container is essential. All tasks must have at least one
+    -- essential container.
+    essential :: Prelude.Maybe Prelude.Bool,
+    -- | A list of hostnames and IP address mappings to append to the
+    -- __\/etc\/hosts__ file on the container.
+    extraHosts :: Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails],
+    -- | The FireLens configuration for the container. Specifies and configures a
+    -- log router for container logs.
+    firelensConfiguration :: Prelude.Maybe AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails,
+    -- | The container health check command and associated configuration
+    -- parameters for the container.
+    healthCheck :: Prelude.Maybe AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails,
+    -- | The hostname to use for the container.
+    hostname :: Prelude.Maybe Prelude.Text,
+    -- | The image used to start the container.
+    image :: Prelude.Maybe Prelude.Text,
+    -- | If set to true, then containerized applications can be deployed that
+    -- require @stdin@ or a @tty@ to be allocated.
+    interactive :: Prelude.Maybe Prelude.Bool,
+    -- | A list of links for the container in the form
+    -- @ @/@container_name@/@:@/@alias@/@ @. Allows containers to communicate
+    -- with each other without the need for port mappings.
+    links :: Prelude.Maybe [Prelude.Text],
+    -- | Linux-specific modifications that are applied to the container, such as
+    -- Linux kernel capabilities.
+    linuxParameters :: Prelude.Maybe AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails,
+    -- | The log configuration specification for the container.
+    logConfiguration :: Prelude.Maybe AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails,
+    -- | The amount (in MiB) of memory to present to the container. If the
+    -- container attempts to exceed the memory specified here, the container is
+    -- shut down. The total amount of memory reserved for all containers within
+    -- a task must be lower than the task memory value, if one is specified.
+    memory :: Prelude.Maybe Prelude.Int,
+    -- | The soft limit (in MiB) of memory to reserve for the container.
+    memoryReservation :: Prelude.Maybe Prelude.Int,
+    -- | The mount points for the data volumes in the container.
+    mountPoints :: Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails],
+    -- | The name of the container.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The list of port mappings for the container.
+    portMappings :: Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails],
+    -- | Whether the container is given elevated privileges on the host container
+    -- instance. The elevated privileges are similar to the root user.
+    privileged :: Prelude.Maybe Prelude.Bool,
+    -- | Whether to allocate a TTY to the container.
+    pseudoTerminal :: Prelude.Maybe Prelude.Bool,
+    -- | Whether the container is given read-only access to its root file system.
+    readonlyRootFilesystem :: Prelude.Maybe Prelude.Bool,
+    -- | The private repository authentication credentials to use.
+    repositoryCredentials :: Prelude.Maybe AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails,
+    -- | The type and amount of a resource to assign to a container. The only
+    -- supported resource is a GPU.
+    resourceRequirements :: Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails],
+    -- | The secrets to pass to the container.
+    secrets :: Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails],
+    -- | The number of seconds to wait before giving up on resolving dependencies
+    -- for a container.
+    startTimeout :: Prelude.Maybe Prelude.Int,
+    -- | The number of seconds to wait before the container is stopped if it
+    -- doesn\'t shut down normally on its own.
+    stopTimeout :: Prelude.Maybe Prelude.Int,
+    -- | A list of namespaced kernel parameters to set in the container.
+    systemControls :: Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails],
+    -- | A list of ulimits to set in the container.
+    ulimits :: Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails],
+    -- | The user to use inside the container.
+    --
+    -- The value can use one of the following formats.
+    --
+    -- -   @ @/@user@/@ @
+    --
+    -- -   @ @/@user@/@ @:@ @/@group@/@ @
+    --
+    -- -   @ @/@uid@/@ @
+    --
+    -- -   @ @/@uid@/@ @:@ @/@gid@/@ @
+    --
+    -- -   @ @/@user@/@ @:@ @/@gid@/@ @
+    --
+    -- -   @ @/@uid@/@ @:@ @/@group@/@ @
+    user :: Prelude.Maybe Prelude.Text,
+    -- | Data volumes to mount from another container.
+    volumesFrom :: Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails],
+    -- | The working directory in which to run commands inside the container.
+    workingDirectory :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'command', 'awsEcsTaskDefinitionContainerDefinitionsDetails_command' - The command that is passed to the container.
+--
+-- 'cpu', 'awsEcsTaskDefinitionContainerDefinitionsDetails_cpu' - The number of CPU units reserved for the container.
+--
+-- 'dependsOn', 'awsEcsTaskDefinitionContainerDefinitionsDetails_dependsOn' - The dependencies that are defined for container startup and shutdown.
+--
+-- 'disableNetworking', 'awsEcsTaskDefinitionContainerDefinitionsDetails_disableNetworking' - Whether to disable networking within the container.
+--
+-- 'dnsSearchDomains', 'awsEcsTaskDefinitionContainerDefinitionsDetails_dnsSearchDomains' - A list of DNS search domains that are presented to the container.
+--
+-- 'dnsServers', 'awsEcsTaskDefinitionContainerDefinitionsDetails_dnsServers' - A list of DNS servers that are presented to the container.
+--
+-- 'dockerLabels', 'awsEcsTaskDefinitionContainerDefinitionsDetails_dockerLabels' - A key-value map of labels to add to the container.
+--
+-- 'dockerSecurityOptions', 'awsEcsTaskDefinitionContainerDefinitionsDetails_dockerSecurityOptions' - A list of strings to provide custom labels for SELinux and AppArmor
+-- multi-level security systems.
+--
+-- 'entryPoint', 'awsEcsTaskDefinitionContainerDefinitionsDetails_entryPoint' - The entry point that is passed to the container.
+--
+-- 'environment', 'awsEcsTaskDefinitionContainerDefinitionsDetails_environment' - The environment variables to pass to a container.
+--
+-- 'environmentFiles', 'awsEcsTaskDefinitionContainerDefinitionsDetails_environmentFiles' - A list of files containing the environment variables to pass to a
+-- container.
+--
+-- 'essential', 'awsEcsTaskDefinitionContainerDefinitionsDetails_essential' - Whether the container is essential. All tasks must have at least one
+-- essential container.
+--
+-- 'extraHosts', 'awsEcsTaskDefinitionContainerDefinitionsDetails_extraHosts' - A list of hostnames and IP address mappings to append to the
+-- __\/etc\/hosts__ file on the container.
+--
+-- 'firelensConfiguration', 'awsEcsTaskDefinitionContainerDefinitionsDetails_firelensConfiguration' - The FireLens configuration for the container. Specifies and configures a
+-- log router for container logs.
+--
+-- 'healthCheck', 'awsEcsTaskDefinitionContainerDefinitionsDetails_healthCheck' - The container health check command and associated configuration
+-- parameters for the container.
+--
+-- 'hostname', 'awsEcsTaskDefinitionContainerDefinitionsDetails_hostname' - The hostname to use for the container.
+--
+-- 'image', 'awsEcsTaskDefinitionContainerDefinitionsDetails_image' - The image used to start the container.
+--
+-- 'interactive', 'awsEcsTaskDefinitionContainerDefinitionsDetails_interactive' - If set to true, then containerized applications can be deployed that
+-- require @stdin@ or a @tty@ to be allocated.
+--
+-- 'links', 'awsEcsTaskDefinitionContainerDefinitionsDetails_links' - A list of links for the container in the form
+-- @ @/@container_name@/@:@/@alias@/@ @. Allows containers to communicate
+-- with each other without the need for port mappings.
+--
+-- 'linuxParameters', 'awsEcsTaskDefinitionContainerDefinitionsDetails_linuxParameters' - Linux-specific modifications that are applied to the container, such as
+-- Linux kernel capabilities.
+--
+-- 'logConfiguration', 'awsEcsTaskDefinitionContainerDefinitionsDetails_logConfiguration' - The log configuration specification for the container.
+--
+-- 'memory', 'awsEcsTaskDefinitionContainerDefinitionsDetails_memory' - The amount (in MiB) of memory to present to the container. If the
+-- container attempts to exceed the memory specified here, the container is
+-- shut down. The total amount of memory reserved for all containers within
+-- a task must be lower than the task memory value, if one is specified.
+--
+-- 'memoryReservation', 'awsEcsTaskDefinitionContainerDefinitionsDetails_memoryReservation' - The soft limit (in MiB) of memory to reserve for the container.
+--
+-- 'mountPoints', 'awsEcsTaskDefinitionContainerDefinitionsDetails_mountPoints' - The mount points for the data volumes in the container.
+--
+-- 'name', 'awsEcsTaskDefinitionContainerDefinitionsDetails_name' - The name of the container.
+--
+-- 'portMappings', 'awsEcsTaskDefinitionContainerDefinitionsDetails_portMappings' - The list of port mappings for the container.
+--
+-- 'privileged', 'awsEcsTaskDefinitionContainerDefinitionsDetails_privileged' - Whether the container is given elevated privileges on the host container
+-- instance. The elevated privileges are similar to the root user.
+--
+-- 'pseudoTerminal', 'awsEcsTaskDefinitionContainerDefinitionsDetails_pseudoTerminal' - Whether to allocate a TTY to the container.
+--
+-- 'readonlyRootFilesystem', 'awsEcsTaskDefinitionContainerDefinitionsDetails_readonlyRootFilesystem' - Whether the container is given read-only access to its root file system.
+--
+-- 'repositoryCredentials', 'awsEcsTaskDefinitionContainerDefinitionsDetails_repositoryCredentials' - The private repository authentication credentials to use.
+--
+-- 'resourceRequirements', 'awsEcsTaskDefinitionContainerDefinitionsDetails_resourceRequirements' - The type and amount of a resource to assign to a container. The only
+-- supported resource is a GPU.
+--
+-- 'secrets', 'awsEcsTaskDefinitionContainerDefinitionsDetails_secrets' - The secrets to pass to the container.
+--
+-- 'startTimeout', 'awsEcsTaskDefinitionContainerDefinitionsDetails_startTimeout' - The number of seconds to wait before giving up on resolving dependencies
+-- for a container.
+--
+-- 'stopTimeout', 'awsEcsTaskDefinitionContainerDefinitionsDetails_stopTimeout' - The number of seconds to wait before the container is stopped if it
+-- doesn\'t shut down normally on its own.
+--
+-- 'systemControls', 'awsEcsTaskDefinitionContainerDefinitionsDetails_systemControls' - A list of namespaced kernel parameters to set in the container.
+--
+-- 'ulimits', 'awsEcsTaskDefinitionContainerDefinitionsDetails_ulimits' - A list of ulimits to set in the container.
+--
+-- 'user', 'awsEcsTaskDefinitionContainerDefinitionsDetails_user' - The user to use inside the container.
+--
+-- The value can use one of the following formats.
+--
+-- -   @ @/@user@/@ @
+--
+-- -   @ @/@user@/@ @:@ @/@group@/@ @
+--
+-- -   @ @/@uid@/@ @
+--
+-- -   @ @/@uid@/@ @:@ @/@gid@/@ @
+--
+-- -   @ @/@user@/@ @:@ @/@gid@/@ @
+--
+-- -   @ @/@uid@/@ @:@ @/@group@/@ @
+--
+-- 'volumesFrom', 'awsEcsTaskDefinitionContainerDefinitionsDetails_volumesFrom' - Data volumes to mount from another container.
+--
+-- 'workingDirectory', 'awsEcsTaskDefinitionContainerDefinitionsDetails_workingDirectory' - The working directory in which to run commands inside the container.
+newAwsEcsTaskDefinitionContainerDefinitionsDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsDetails
+newAwsEcsTaskDefinitionContainerDefinitionsDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsDetails'
+    { command =
+        Prelude.Nothing,
+      cpu = Prelude.Nothing,
+      dependsOn =
+        Prelude.Nothing,
+      disableNetworking =
+        Prelude.Nothing,
+      dnsSearchDomains =
+        Prelude.Nothing,
+      dnsServers =
+        Prelude.Nothing,
+      dockerLabels =
+        Prelude.Nothing,
+      dockerSecurityOptions =
+        Prelude.Nothing,
+      entryPoint =
+        Prelude.Nothing,
+      environment =
+        Prelude.Nothing,
+      environmentFiles =
+        Prelude.Nothing,
+      essential =
+        Prelude.Nothing,
+      extraHosts =
+        Prelude.Nothing,
+      firelensConfiguration =
+        Prelude.Nothing,
+      healthCheck =
+        Prelude.Nothing,
+      hostname = Prelude.Nothing,
+      image = Prelude.Nothing,
+      interactive =
+        Prelude.Nothing,
+      links = Prelude.Nothing,
+      linuxParameters =
+        Prelude.Nothing,
+      logConfiguration =
+        Prelude.Nothing,
+      memory = Prelude.Nothing,
+      memoryReservation =
+        Prelude.Nothing,
+      mountPoints =
+        Prelude.Nothing,
+      name = Prelude.Nothing,
+      portMappings =
+        Prelude.Nothing,
+      privileged =
+        Prelude.Nothing,
+      pseudoTerminal =
+        Prelude.Nothing,
+      readonlyRootFilesystem =
+        Prelude.Nothing,
+      repositoryCredentials =
+        Prelude.Nothing,
+      resourceRequirements =
+        Prelude.Nothing,
+      secrets = Prelude.Nothing,
+      startTimeout =
+        Prelude.Nothing,
+      stopTimeout =
+        Prelude.Nothing,
+      systemControls =
+        Prelude.Nothing,
+      ulimits = Prelude.Nothing,
+      user = Prelude.Nothing,
+      volumesFrom =
+        Prelude.Nothing,
+      workingDirectory =
+        Prelude.Nothing
+    }
+
+-- | The command that is passed to the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_command :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [Prelude.Text])
+awsEcsTaskDefinitionContainerDefinitionsDetails_command = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {command} -> command) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {command = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The number of CPU units reserved for the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_cpu :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsDetails_cpu = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {cpu} -> cpu) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {cpu = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | The dependencies that are defined for container startup and shutdown.
+awsEcsTaskDefinitionContainerDefinitionsDetails_dependsOn :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails])
+awsEcsTaskDefinitionContainerDefinitionsDetails_dependsOn = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {dependsOn} -> dependsOn) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {dependsOn = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Whether to disable networking within the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_disableNetworking :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Bool)
+awsEcsTaskDefinitionContainerDefinitionsDetails_disableNetworking = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {disableNetworking} -> disableNetworking) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {disableNetworking = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | A list of DNS search domains that are presented to the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_dnsSearchDomains :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [Prelude.Text])
+awsEcsTaskDefinitionContainerDefinitionsDetails_dnsSearchDomains = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {dnsSearchDomains} -> dnsSearchDomains) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {dnsSearchDomains = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of DNS servers that are presented to the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_dnsServers :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [Prelude.Text])
+awsEcsTaskDefinitionContainerDefinitionsDetails_dnsServers = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {dnsServers} -> dnsServers) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {dnsServers = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A key-value map of labels to add to the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_dockerLabels :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsEcsTaskDefinitionContainerDefinitionsDetails_dockerLabels = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {dockerLabels} -> dockerLabels) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {dockerLabels = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of strings to provide custom labels for SELinux and AppArmor
+-- multi-level security systems.
+awsEcsTaskDefinitionContainerDefinitionsDetails_dockerSecurityOptions :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [Prelude.Text])
+awsEcsTaskDefinitionContainerDefinitionsDetails_dockerSecurityOptions = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {dockerSecurityOptions} -> dockerSecurityOptions) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {dockerSecurityOptions = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The entry point that is passed to the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_entryPoint :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [Prelude.Text])
+awsEcsTaskDefinitionContainerDefinitionsDetails_entryPoint = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {entryPoint} -> entryPoint) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {entryPoint = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The environment variables to pass to a container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_environment :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails])
+awsEcsTaskDefinitionContainerDefinitionsDetails_environment = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {environment} -> environment) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {environment = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of files containing the environment variables to pass to a
+-- container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_environmentFiles :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails])
+awsEcsTaskDefinitionContainerDefinitionsDetails_environmentFiles = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {environmentFiles} -> environmentFiles) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {environmentFiles = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Whether the container is essential. All tasks must have at least one
+-- essential container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_essential :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Bool)
+awsEcsTaskDefinitionContainerDefinitionsDetails_essential = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {essential} -> essential) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {essential = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | A list of hostnames and IP address mappings to append to the
+-- __\/etc\/hosts__ file on the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_extraHosts :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails])
+awsEcsTaskDefinitionContainerDefinitionsDetails_extraHosts = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {extraHosts} -> extraHosts) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {extraHosts = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The FireLens configuration for the container. Specifies and configures a
+-- log router for container logs.
+awsEcsTaskDefinitionContainerDefinitionsDetails_firelensConfiguration :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails)
+awsEcsTaskDefinitionContainerDefinitionsDetails_firelensConfiguration = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {firelensConfiguration} -> firelensConfiguration) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {firelensConfiguration = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | The container health check command and associated configuration
+-- parameters for the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_healthCheck :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails)
+awsEcsTaskDefinitionContainerDefinitionsDetails_healthCheck = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {healthCheck} -> healthCheck) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {healthCheck = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | The hostname to use for the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_hostname :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsDetails_hostname = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {hostname} -> hostname) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {hostname = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | The image used to start the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_image :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsDetails_image = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {image} -> image) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {image = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | If set to true, then containerized applications can be deployed that
+-- require @stdin@ or a @tty@ to be allocated.
+awsEcsTaskDefinitionContainerDefinitionsDetails_interactive :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Bool)
+awsEcsTaskDefinitionContainerDefinitionsDetails_interactive = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {interactive} -> interactive) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {interactive = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | A list of links for the container in the form
+-- @ @/@container_name@/@:@/@alias@/@ @. Allows containers to communicate
+-- with each other without the need for port mappings.
+awsEcsTaskDefinitionContainerDefinitionsDetails_links :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [Prelude.Text])
+awsEcsTaskDefinitionContainerDefinitionsDetails_links = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {links} -> links) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {links = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Linux-specific modifications that are applied to the container, such as
+-- Linux kernel capabilities.
+awsEcsTaskDefinitionContainerDefinitionsDetails_linuxParameters :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails)
+awsEcsTaskDefinitionContainerDefinitionsDetails_linuxParameters = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {linuxParameters} -> linuxParameters) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {linuxParameters = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | The log configuration specification for the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_logConfiguration :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails)
+awsEcsTaskDefinitionContainerDefinitionsDetails_logConfiguration = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {logConfiguration} -> logConfiguration) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {logConfiguration = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | The amount (in MiB) of memory to present to the container. If the
+-- container attempts to exceed the memory specified here, the container is
+-- shut down. The total amount of memory reserved for all containers within
+-- a task must be lower than the task memory value, if one is specified.
+awsEcsTaskDefinitionContainerDefinitionsDetails_memory :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsDetails_memory = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {memory} -> memory) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {memory = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | The soft limit (in MiB) of memory to reserve for the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_memoryReservation :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsDetails_memoryReservation = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {memoryReservation} -> memoryReservation) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {memoryReservation = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | The mount points for the data volumes in the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_mountPoints :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails])
+awsEcsTaskDefinitionContainerDefinitionsDetails_mountPoints = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {mountPoints} -> mountPoints) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {mountPoints = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_name :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsDetails_name = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {name} -> name) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {name = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | The list of port mappings for the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_portMappings :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails])
+awsEcsTaskDefinitionContainerDefinitionsDetails_portMappings = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {portMappings} -> portMappings) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {portMappings = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Whether the container is given elevated privileges on the host container
+-- instance. The elevated privileges are similar to the root user.
+awsEcsTaskDefinitionContainerDefinitionsDetails_privileged :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Bool)
+awsEcsTaskDefinitionContainerDefinitionsDetails_privileged = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {privileged} -> privileged) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {privileged = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | Whether to allocate a TTY to the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_pseudoTerminal :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Bool)
+awsEcsTaskDefinitionContainerDefinitionsDetails_pseudoTerminal = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {pseudoTerminal} -> pseudoTerminal) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {pseudoTerminal = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | Whether the container is given read-only access to its root file system.
+awsEcsTaskDefinitionContainerDefinitionsDetails_readonlyRootFilesystem :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Bool)
+awsEcsTaskDefinitionContainerDefinitionsDetails_readonlyRootFilesystem = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {readonlyRootFilesystem} -> readonlyRootFilesystem) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {readonlyRootFilesystem = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | The private repository authentication credentials to use.
+awsEcsTaskDefinitionContainerDefinitionsDetails_repositoryCredentials :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails)
+awsEcsTaskDefinitionContainerDefinitionsDetails_repositoryCredentials = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {repositoryCredentials} -> repositoryCredentials) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {repositoryCredentials = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | The type and amount of a resource to assign to a container. The only
+-- supported resource is a GPU.
+awsEcsTaskDefinitionContainerDefinitionsDetails_resourceRequirements :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails])
+awsEcsTaskDefinitionContainerDefinitionsDetails_resourceRequirements = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {resourceRequirements} -> resourceRequirements) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {resourceRequirements = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The secrets to pass to the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_secrets :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails])
+awsEcsTaskDefinitionContainerDefinitionsDetails_secrets = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {secrets} -> secrets) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {secrets = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The number of seconds to wait before giving up on resolving dependencies
+-- for a container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_startTimeout :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsDetails_startTimeout = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {startTimeout} -> startTimeout) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {startTimeout = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | The number of seconds to wait before the container is stopped if it
+-- doesn\'t shut down normally on its own.
+awsEcsTaskDefinitionContainerDefinitionsDetails_stopTimeout :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsDetails_stopTimeout = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {stopTimeout} -> stopTimeout) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {stopTimeout = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | A list of namespaced kernel parameters to set in the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_systemControls :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails])
+awsEcsTaskDefinitionContainerDefinitionsDetails_systemControls = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {systemControls} -> systemControls) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {systemControls = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of ulimits to set in the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_ulimits :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails])
+awsEcsTaskDefinitionContainerDefinitionsDetails_ulimits = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {ulimits} -> ulimits) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {ulimits = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The user to use inside the container.
+--
+-- The value can use one of the following formats.
+--
+-- -   @ @/@user@/@ @
+--
+-- -   @ @/@user@/@ @:@ @/@group@/@ @
+--
+-- -   @ @/@uid@/@ @
+--
+-- -   @ @/@uid@/@ @:@ @/@gid@/@ @
+--
+-- -   @ @/@user@/@ @:@ @/@gid@/@ @
+--
+-- -   @ @/@uid@/@ @:@ @/@group@/@ @
+awsEcsTaskDefinitionContainerDefinitionsDetails_user :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsDetails_user = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {user} -> user) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {user = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+-- | Data volumes to mount from another container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_volumesFrom :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails])
+awsEcsTaskDefinitionContainerDefinitionsDetails_volumesFrom = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {volumesFrom} -> volumesFrom) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {volumesFrom = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The working directory in which to run commands inside the container.
+awsEcsTaskDefinitionContainerDefinitionsDetails_workingDirectory :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsDetails_workingDirectory = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsDetails' {workingDirectory} -> workingDirectory) (\s@AwsEcsTaskDefinitionContainerDefinitionsDetails' {} a -> s {workingDirectory = a} :: AwsEcsTaskDefinitionContainerDefinitionsDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsDetails'
+            Prelude.<$> (x Data..:? "Command" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Cpu")
+            Prelude.<*> (x Data..:? "DependsOn" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "DisableNetworking")
+            Prelude.<*> ( x
+                            Data..:? "DnsSearchDomains"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "DnsServers" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "DockerLabels" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "DockerSecurityOptions"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "EntryPoint" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Environment" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "EnvironmentFiles"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Essential")
+            Prelude.<*> (x Data..:? "ExtraHosts" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "FirelensConfiguration")
+            Prelude.<*> (x Data..:? "HealthCheck")
+            Prelude.<*> (x Data..:? "Hostname")
+            Prelude.<*> (x Data..:? "Image")
+            Prelude.<*> (x Data..:? "Interactive")
+            Prelude.<*> (x Data..:? "Links" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "LinuxParameters")
+            Prelude.<*> (x Data..:? "LogConfiguration")
+            Prelude.<*> (x Data..:? "Memory")
+            Prelude.<*> (x Data..:? "MemoryReservation")
+            Prelude.<*> (x Data..:? "MountPoints" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "PortMappings" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Privileged")
+            Prelude.<*> (x Data..:? "PseudoTerminal")
+            Prelude.<*> (x Data..:? "ReadonlyRootFilesystem")
+            Prelude.<*> (x Data..:? "RepositoryCredentials")
+            Prelude.<*> ( x
+                            Data..:? "ResourceRequirements"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Secrets" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "StartTimeout")
+            Prelude.<*> (x Data..:? "StopTimeout")
+            Prelude.<*> (x Data..:? "SystemControls" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Ulimits" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "User")
+            Prelude.<*> (x Data..:? "VolumesFrom" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "WorkingDirectory")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` command
+        `Prelude.hashWithSalt` cpu
+        `Prelude.hashWithSalt` dependsOn
+        `Prelude.hashWithSalt` disableNetworking
+        `Prelude.hashWithSalt` dnsSearchDomains
+        `Prelude.hashWithSalt` dnsServers
+        `Prelude.hashWithSalt` dockerLabels
+        `Prelude.hashWithSalt` dockerSecurityOptions
+        `Prelude.hashWithSalt` entryPoint
+        `Prelude.hashWithSalt` environment
+        `Prelude.hashWithSalt` environmentFiles
+        `Prelude.hashWithSalt` essential
+        `Prelude.hashWithSalt` extraHosts
+        `Prelude.hashWithSalt` firelensConfiguration
+        `Prelude.hashWithSalt` healthCheck
+        `Prelude.hashWithSalt` hostname
+        `Prelude.hashWithSalt` image
+        `Prelude.hashWithSalt` interactive
+        `Prelude.hashWithSalt` links
+        `Prelude.hashWithSalt` linuxParameters
+        `Prelude.hashWithSalt` logConfiguration
+        `Prelude.hashWithSalt` memory
+        `Prelude.hashWithSalt` memoryReservation
+        `Prelude.hashWithSalt` mountPoints
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` portMappings
+        `Prelude.hashWithSalt` privileged
+        `Prelude.hashWithSalt` pseudoTerminal
+        `Prelude.hashWithSalt` readonlyRootFilesystem
+        `Prelude.hashWithSalt` repositoryCredentials
+        `Prelude.hashWithSalt` resourceRequirements
+        `Prelude.hashWithSalt` secrets
+        `Prelude.hashWithSalt` startTimeout
+        `Prelude.hashWithSalt` stopTimeout
+        `Prelude.hashWithSalt` systemControls
+        `Prelude.hashWithSalt` ulimits
+        `Prelude.hashWithSalt` user
+        `Prelude.hashWithSalt` volumesFrom
+        `Prelude.hashWithSalt` workingDirectory
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsDetails' {..} =
+      Prelude.rnf command
+        `Prelude.seq` Prelude.rnf cpu
+        `Prelude.seq` Prelude.rnf dependsOn
+        `Prelude.seq` Prelude.rnf disableNetworking
+        `Prelude.seq` Prelude.rnf dnsSearchDomains
+        `Prelude.seq` Prelude.rnf dnsServers
+        `Prelude.seq` Prelude.rnf dockerLabels
+        `Prelude.seq` Prelude.rnf dockerSecurityOptions
+        `Prelude.seq` Prelude.rnf entryPoint
+        `Prelude.seq` Prelude.rnf environment
+        `Prelude.seq` Prelude.rnf environmentFiles
+        `Prelude.seq` Prelude.rnf essential
+        `Prelude.seq` Prelude.rnf extraHosts
+        `Prelude.seq` Prelude.rnf firelensConfiguration
+        `Prelude.seq` Prelude.rnf healthCheck
+        `Prelude.seq` Prelude.rnf hostname
+        `Prelude.seq` Prelude.rnf image
+        `Prelude.seq` Prelude.rnf interactive
+        `Prelude.seq` Prelude.rnf links
+        `Prelude.seq` Prelude.rnf linuxParameters
+        `Prelude.seq` Prelude.rnf logConfiguration
+        `Prelude.seq` Prelude.rnf memory
+        `Prelude.seq` Prelude.rnf
+          memoryReservation
+        `Prelude.seq` Prelude.rnf
+          mountPoints
+        `Prelude.seq` Prelude.rnf name
+        `Prelude.seq` Prelude.rnf
+          portMappings
+        `Prelude.seq` Prelude.rnf
+          privileged
+        `Prelude.seq` Prelude.rnf
+          pseudoTerminal
+        `Prelude.seq` Prelude.rnf
+          readonlyRootFilesystem
+        `Prelude.seq` Prelude.rnf
+          repositoryCredentials
+        `Prelude.seq` Prelude.rnf
+          resourceRequirements
+        `Prelude.seq` Prelude.rnf
+          secrets
+        `Prelude.seq` Prelude.rnf
+          startTimeout
+        `Prelude.seq` Prelude.rnf
+          stopTimeout
+        `Prelude.seq` Prelude.rnf
+          systemControls
+        `Prelude.seq` Prelude.rnf
+          ulimits
+        `Prelude.seq` Prelude.rnf
+          user
+        `Prelude.seq` Prelude.rnf
+          volumesFrom
+        `Prelude.seq` Prelude.rnf
+          workingDirectory
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Command" Data..=) Prelude.<$> command,
+              ("Cpu" Data..=) Prelude.<$> cpu,
+              ("DependsOn" Data..=) Prelude.<$> dependsOn,
+              ("DisableNetworking" Data..=)
+                Prelude.<$> disableNetworking,
+              ("DnsSearchDomains" Data..=)
+                Prelude.<$> dnsSearchDomains,
+              ("DnsServers" Data..=) Prelude.<$> dnsServers,
+              ("DockerLabels" Data..=) Prelude.<$> dockerLabels,
+              ("DockerSecurityOptions" Data..=)
+                Prelude.<$> dockerSecurityOptions,
+              ("EntryPoint" Data..=) Prelude.<$> entryPoint,
+              ("Environment" Data..=) Prelude.<$> environment,
+              ("EnvironmentFiles" Data..=)
+                Prelude.<$> environmentFiles,
+              ("Essential" Data..=) Prelude.<$> essential,
+              ("ExtraHosts" Data..=) Prelude.<$> extraHosts,
+              ("FirelensConfiguration" Data..=)
+                Prelude.<$> firelensConfiguration,
+              ("HealthCheck" Data..=) Prelude.<$> healthCheck,
+              ("Hostname" Data..=) Prelude.<$> hostname,
+              ("Image" Data..=) Prelude.<$> image,
+              ("Interactive" Data..=) Prelude.<$> interactive,
+              ("Links" Data..=) Prelude.<$> links,
+              ("LinuxParameters" Data..=)
+                Prelude.<$> linuxParameters,
+              ("LogConfiguration" Data..=)
+                Prelude.<$> logConfiguration,
+              ("Memory" Data..=) Prelude.<$> memory,
+              ("MemoryReservation" Data..=)
+                Prelude.<$> memoryReservation,
+              ("MountPoints" Data..=) Prelude.<$> mountPoints,
+              ("Name" Data..=) Prelude.<$> name,
+              ("PortMappings" Data..=) Prelude.<$> portMappings,
+              ("Privileged" Data..=) Prelude.<$> privileged,
+              ("PseudoTerminal" Data..=)
+                Prelude.<$> pseudoTerminal,
+              ("ReadonlyRootFilesystem" Data..=)
+                Prelude.<$> readonlyRootFilesystem,
+              ("RepositoryCredentials" Data..=)
+                Prelude.<$> repositoryCredentials,
+              ("ResourceRequirements" Data..=)
+                Prelude.<$> resourceRequirements,
+              ("Secrets" Data..=) Prelude.<$> secrets,
+              ("StartTimeout" Data..=) Prelude.<$> startTimeout,
+              ("StopTimeout" Data..=) Prelude.<$> stopTimeout,
+              ("SystemControls" Data..=)
+                Prelude.<$> systemControls,
+              ("Ulimits" Data..=) Prelude.<$> ulimits,
+              ("User" Data..=) Prelude.<$> user,
+              ("VolumesFrom" Data..=) Prelude.<$> volumesFrom,
+              ("WorkingDirectory" Data..=)
+                Prelude.<$> workingDirectory
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An environment variable to pass to the container.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails = AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails'
+  { -- | The name of the environment variable.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The value of the environment variable.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'awsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails_name' - The name of the environment variable.
+--
+-- 'value', 'awsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails_value' - The value of the environment variable.
+newAwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails
+newAwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails'
+    { name =
+        Prelude.Nothing,
+      value =
+        Prelude.Nothing
+    }
+
+-- | The name of the environment variable.
+awsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails_name :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails_name = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails' {name} -> name) (\s@AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails' {} a -> s {name = a} :: AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails)
+
+-- | The value of the environment variable.
+awsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails_value :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails_value = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails' {value} -> value) (\s@AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails' {} a -> s {value = a} :: AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails'
+            Prelude.<$> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails' {..} =
+      Prelude.rnf name `Prelude.seq` Prelude.rnf value
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Name" Data..=) Prelude.<$> name,
+              ("Value" Data..=) Prelude.<$> value
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A file that contain environment variables to pass to a container.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails = AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails'
+  { -- | The type of environment file. The valid value is @s3@.
+    type' :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the S3 object that contains the environment variable file.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'type'', 'awsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails_type' - The type of environment file. The valid value is @s3@.
+--
+-- 'value', 'awsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails_value' - The ARN of the S3 object that contains the environment variable file.
+newAwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails
+newAwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails'
+    { type' =
+        Prelude.Nothing,
+      value =
+        Prelude.Nothing
+    }
+
+-- | The type of environment file. The valid value is @s3@.
+awsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails_type :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails_type = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails' {type'} -> type') (\s@AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails' {} a -> s {type' = a} :: AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails)
+
+-- | The ARN of the S3 object that contains the environment variable file.
+awsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails_value :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails_value = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails' {value} -> value) (\s@AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails' {} a -> s {value = a} :: AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails'
+            Prelude.<$> (x Data..:? "Type")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` type'
+        `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails' {..} =
+      Prelude.rnf type' `Prelude.seq` Prelude.rnf value
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Type" Data..=) Prelude.<$> type',
+              ("Value" Data..=) Prelude.<$> value
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A hostname and IP address mapping to append to the __\/etc\/hosts__ file
+-- on the container.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails = AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails'
+  { -- | The hostname to use in the __\/etc\/hosts__ entry.
+    hostname :: Prelude.Maybe Prelude.Text,
+    -- | The IP address to use in the __\/etc\/hosts__ entry.
+    ipAddress :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'hostname', 'awsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails_hostname' - The hostname to use in the __\/etc\/hosts__ entry.
+--
+-- 'ipAddress', 'awsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails_ipAddress' - The IP address to use in the __\/etc\/hosts__ entry.
+newAwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails
+newAwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails'
+    { hostname =
+        Prelude.Nothing,
+      ipAddress =
+        Prelude.Nothing
+    }
+
+-- | The hostname to use in the __\/etc\/hosts__ entry.
+awsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails_hostname :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails_hostname = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails' {hostname} -> hostname) (\s@AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails' {} a -> s {hostname = a} :: AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails)
+
+-- | The IP address to use in the __\/etc\/hosts__ entry.
+awsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails_ipAddress :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails_ipAddress = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails' {ipAddress} -> ipAddress) (\s@AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails' {} a -> s {ipAddress = a} :: AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails'
+            Prelude.<$> (x Data..:? "Hostname")
+            Prelude.<*> (x Data..:? "IpAddress")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` hostname
+        `Prelude.hashWithSalt` ipAddress
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails' {..} =
+      Prelude.rnf hostname
+        `Prelude.seq` Prelude.rnf ipAddress
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Hostname" Data..=) Prelude.<$> hostname,
+              ("IpAddress" Data..=) Prelude.<$> ipAddress
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails.hs
@@ -0,0 +1,135 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The FireLens configuration for the container. The configuration
+-- specifies and configures a log router for container logs.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails = AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails'
+  { -- | The options to use to configure the log router.
+    --
+    -- The valid option keys are as follows:
+    --
+    -- -   @enable-ecs-log-metadata@. The value can be @true@ or @false@.
+    --
+    -- -   @config-file-type@. The value can be @s3@ or @file@.
+    --
+    -- -   @config-file-value@. The value is either an S3 ARN or a file path.
+    options :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The log router to use. Valid values are @fluentbit@ or @fluentd@.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'options', 'awsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails_options' - The options to use to configure the log router.
+--
+-- The valid option keys are as follows:
+--
+-- -   @enable-ecs-log-metadata@. The value can be @true@ or @false@.
+--
+-- -   @config-file-type@. The value can be @s3@ or @file@.
+--
+-- -   @config-file-value@. The value is either an S3 ARN or a file path.
+--
+-- 'type'', 'awsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails_type' - The log router to use. Valid values are @fluentbit@ or @fluentd@.
+newAwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails
+newAwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails'
+    { options =
+        Prelude.Nothing,
+      type' =
+        Prelude.Nothing
+    }
+
+-- | The options to use to configure the log router.
+--
+-- The valid option keys are as follows:
+--
+-- -   @enable-ecs-log-metadata@. The value can be @true@ or @false@.
+--
+-- -   @config-file-type@. The value can be @s3@ or @file@.
+--
+-- -   @config-file-value@. The value is either an S3 ARN or a file path.
+awsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails_options :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails_options = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails' {options} -> options) (\s@AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails' {} a -> s {options = a} :: AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The log router to use. Valid values are @fluentbit@ or @fluentd@.
+awsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails_type :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails_type = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails' {type'} -> type') (\s@AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails' {} a -> s {type' = a} :: AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails'
+            Prelude.<$> (x Data..:? "Options" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` options
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails' {..} =
+      Prelude.rnf options `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Options" Data..=) Prelude.<$> options,
+              ("Type" Data..=) Prelude.<$> type'
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails.hs
@@ -0,0 +1,169 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The container health check command and associated configuration
+-- parameters for the container.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails = AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails'
+  { -- | The command that the container runs to determine whether it is healthy.
+    command :: Prelude.Maybe [Prelude.Text],
+    -- | The time period in seconds between each health check execution. The
+    -- default value is 30 seconds.
+    interval :: Prelude.Maybe Prelude.Int,
+    -- | The number of times to retry a failed health check before the container
+    -- is considered unhealthy. The default value is 3.
+    retries :: Prelude.Maybe Prelude.Int,
+    -- | The optional grace period in seconds that allows containers time to
+    -- bootstrap before failed health checks count towards the maximum number
+    -- of retries.
+    startPeriod :: Prelude.Maybe Prelude.Int,
+    -- | The time period in seconds to wait for a health check to succeed before
+    -- it is considered a failure. The default value is 5.
+    timeout :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'command', 'awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_command' - The command that the container runs to determine whether it is healthy.
+--
+-- 'interval', 'awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_interval' - The time period in seconds between each health check execution. The
+-- default value is 30 seconds.
+--
+-- 'retries', 'awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_retries' - The number of times to retry a failed health check before the container
+-- is considered unhealthy. The default value is 3.
+--
+-- 'startPeriod', 'awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_startPeriod' - The optional grace period in seconds that allows containers time to
+-- bootstrap before failed health checks count towards the maximum number
+-- of retries.
+--
+-- 'timeout', 'awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_timeout' - The time period in seconds to wait for a health check to succeed before
+-- it is considered a failure. The default value is 5.
+newAwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails
+newAwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails'
+    { command =
+        Prelude.Nothing,
+      interval =
+        Prelude.Nothing,
+      retries =
+        Prelude.Nothing,
+      startPeriod =
+        Prelude.Nothing,
+      timeout =
+        Prelude.Nothing
+    }
+
+-- | The command that the container runs to determine whether it is healthy.
+awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_command :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails (Prelude.Maybe [Prelude.Text])
+awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_command = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails' {command} -> command) (\s@AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails' {} a -> s {command = a} :: AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The time period in seconds between each health check execution. The
+-- default value is 30 seconds.
+awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_interval :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_interval = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails' {interval} -> interval) (\s@AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails' {} a -> s {interval = a} :: AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails)
+
+-- | The number of times to retry a failed health check before the container
+-- is considered unhealthy. The default value is 3.
+awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_retries :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_retries = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails' {retries} -> retries) (\s@AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails' {} a -> s {retries = a} :: AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails)
+
+-- | The optional grace period in seconds that allows containers time to
+-- bootstrap before failed health checks count towards the maximum number
+-- of retries.
+awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_startPeriod :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_startPeriod = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails' {startPeriod} -> startPeriod) (\s@AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails' {} a -> s {startPeriod = a} :: AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails)
+
+-- | The time period in seconds to wait for a health check to succeed before
+-- it is considered a failure. The default value is 5.
+awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_timeout :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails_timeout = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails' {timeout} -> timeout) (\s@AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails' {} a -> s {timeout = a} :: AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails'
+            Prelude.<$> (x Data..:? "Command" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Interval")
+            Prelude.<*> (x Data..:? "Retries")
+            Prelude.<*> (x Data..:? "StartPeriod")
+            Prelude.<*> (x Data..:? "Timeout")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` command
+        `Prelude.hashWithSalt` interval
+        `Prelude.hashWithSalt` retries
+        `Prelude.hashWithSalt` startPeriod
+        `Prelude.hashWithSalt` timeout
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails' {..} =
+      Prelude.rnf command
+        `Prelude.seq` Prelude.rnf interval
+        `Prelude.seq` Prelude.rnf retries
+        `Prelude.seq` Prelude.rnf startPeriod
+        `Prelude.seq` Prelude.rnf timeout
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Command" Data..=) Prelude.<$> command,
+              ("Interval" Data..=) Prelude.<$> interval,
+              ("Retries" Data..=) Prelude.<$> retries,
+              ("StartPeriod" Data..=) Prelude.<$> startPeriod,
+              ("Timeout" Data..=) Prelude.<$> timeout
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails.hs
@@ -0,0 +1,189 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The Linux capabilities for the container that are added to or dropped
+-- from the default configuration provided by Docker.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails = AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails'
+  { -- | The Linux capabilities for the container that are added to the default
+    -- configuration provided by Docker. Valid values are as follows:
+    --
+    -- Valid values: @\"ALL\"@ | @\"AUDIT_CONTROL\"@ |@ \"AUDIT_WRITE\"@ |
+    -- @\"BLOCK_SUSPEND\"@ | @\"CHOWN\"@ | @\"DAC_OVERRIDE\"@ |
+    -- @\"DAC_READ_SEARCH\"@ | @\"FOWNER\"@ | @\"FSETID\"@ | @\"IPC_LOCK\"@ |
+    -- @\"IPC_OWNER\"@ | @\"KILL\"@ | @\"LEASE\"@ | @\"LINUX_IMMUTABLE\"@ |
+    -- @\"MAC_ADMIN\"@ |@ \"MAC_OVERRIDE\"@ | @\"MKNOD\"@ | @\"NET_ADMIN\"@ |
+    -- @\"NET_BIND_SERVICE\"@ | @\"NET_BROADCAST\"@ | @\"NET_RAW\"@ |
+    -- @\"SETFCAP\"@ | @\"SETGID\"@ | @\"SETPCAP\"@ | @\"SETUID\"@ |
+    -- @\"SYS_ADMIN\"@ | @\"SYS_BOOT\"@ | @\"SYS_CHROOT\"@ | @\"SYS_MODULE\"@ |
+    -- @\"SYS_NICE\"@ | @\"SYS_PACCT\"@ | @\"SYS_PTRACE\"@ | @\"SYS_RAWIO\"@ |
+    -- @\"SYS_RESOURCE\"@ | @\"SYS_TIME\"@ | @\"SYS_TTY_CONFIG\"@ |
+    -- @\"SYSLOG\"@ | @\"WAKE_ALARM\"@
+    add :: Prelude.Maybe [Prelude.Text],
+    -- | The Linux capabilities for the container that are dropped from the
+    -- default configuration provided by Docker.
+    --
+    -- Valid values: @\"ALL\"@ | @\"AUDIT_CONTROL\"@ |@ \"AUDIT_WRITE\"@ |
+    -- @\"BLOCK_SUSPEND\"@ | @\"CHOWN\"@ | @\"DAC_OVERRIDE\"@ |
+    -- @\"DAC_READ_SEARCH\"@ | @\"FOWNER\"@ | @\"FSETID\"@ | @\"IPC_LOCK\"@ |
+    -- @\"IPC_OWNER\"@ | @\"KILL\"@ | @\"LEASE\"@ | @\"LINUX_IMMUTABLE\"@ |
+    -- @\"MAC_ADMIN\"@ |@ \"MAC_OVERRIDE\"@ | @\"MKNOD\"@ | @\"NET_ADMIN\"@ |
+    -- @\"NET_BIND_SERVICE\"@ | @\"NET_BROADCAST\"@ | @\"NET_RAW\"@ |
+    -- @\"SETFCAP\"@ | @\"SETGID\"@ | @\"SETPCAP\"@ | @\"SETUID\"@ |
+    -- @\"SYS_ADMIN\"@ | @\"SYS_BOOT\"@ | @\"SYS_CHROOT\"@ | @\"SYS_MODULE\"@ |
+    -- @\"SYS_NICE\"@ | @\"SYS_PACCT\"@ | @\"SYS_PTRACE\"@ | @\"SYS_RAWIO\"@ |
+    -- @\"SYS_RESOURCE\"@ | @\"SYS_TIME\"@ | @\"SYS_TTY_CONFIG\"@ |
+    -- @\"SYSLOG\"@ | @\"WAKE_ALARM\"@
+    drop :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'add', 'awsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails_add' - The Linux capabilities for the container that are added to the default
+-- configuration provided by Docker. Valid values are as follows:
+--
+-- Valid values: @\"ALL\"@ | @\"AUDIT_CONTROL\"@ |@ \"AUDIT_WRITE\"@ |
+-- @\"BLOCK_SUSPEND\"@ | @\"CHOWN\"@ | @\"DAC_OVERRIDE\"@ |
+-- @\"DAC_READ_SEARCH\"@ | @\"FOWNER\"@ | @\"FSETID\"@ | @\"IPC_LOCK\"@ |
+-- @\"IPC_OWNER\"@ | @\"KILL\"@ | @\"LEASE\"@ | @\"LINUX_IMMUTABLE\"@ |
+-- @\"MAC_ADMIN\"@ |@ \"MAC_OVERRIDE\"@ | @\"MKNOD\"@ | @\"NET_ADMIN\"@ |
+-- @\"NET_BIND_SERVICE\"@ | @\"NET_BROADCAST\"@ | @\"NET_RAW\"@ |
+-- @\"SETFCAP\"@ | @\"SETGID\"@ | @\"SETPCAP\"@ | @\"SETUID\"@ |
+-- @\"SYS_ADMIN\"@ | @\"SYS_BOOT\"@ | @\"SYS_CHROOT\"@ | @\"SYS_MODULE\"@ |
+-- @\"SYS_NICE\"@ | @\"SYS_PACCT\"@ | @\"SYS_PTRACE\"@ | @\"SYS_RAWIO\"@ |
+-- @\"SYS_RESOURCE\"@ | @\"SYS_TIME\"@ | @\"SYS_TTY_CONFIG\"@ |
+-- @\"SYSLOG\"@ | @\"WAKE_ALARM\"@
+--
+-- 'drop', 'awsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails_drop' - The Linux capabilities for the container that are dropped from the
+-- default configuration provided by Docker.
+--
+-- Valid values: @\"ALL\"@ | @\"AUDIT_CONTROL\"@ |@ \"AUDIT_WRITE\"@ |
+-- @\"BLOCK_SUSPEND\"@ | @\"CHOWN\"@ | @\"DAC_OVERRIDE\"@ |
+-- @\"DAC_READ_SEARCH\"@ | @\"FOWNER\"@ | @\"FSETID\"@ | @\"IPC_LOCK\"@ |
+-- @\"IPC_OWNER\"@ | @\"KILL\"@ | @\"LEASE\"@ | @\"LINUX_IMMUTABLE\"@ |
+-- @\"MAC_ADMIN\"@ |@ \"MAC_OVERRIDE\"@ | @\"MKNOD\"@ | @\"NET_ADMIN\"@ |
+-- @\"NET_BIND_SERVICE\"@ | @\"NET_BROADCAST\"@ | @\"NET_RAW\"@ |
+-- @\"SETFCAP\"@ | @\"SETGID\"@ | @\"SETPCAP\"@ | @\"SETUID\"@ |
+-- @\"SYS_ADMIN\"@ | @\"SYS_BOOT\"@ | @\"SYS_CHROOT\"@ | @\"SYS_MODULE\"@ |
+-- @\"SYS_NICE\"@ | @\"SYS_PACCT\"@ | @\"SYS_PTRACE\"@ | @\"SYS_RAWIO\"@ |
+-- @\"SYS_RESOURCE\"@ | @\"SYS_TIME\"@ | @\"SYS_TTY_CONFIG\"@ |
+-- @\"SYSLOG\"@ | @\"WAKE_ALARM\"@
+newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails
+newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails'
+    { add =
+        Prelude.Nothing,
+      drop =
+        Prelude.Nothing
+    }
+
+-- | The Linux capabilities for the container that are added to the default
+-- configuration provided by Docker. Valid values are as follows:
+--
+-- Valid values: @\"ALL\"@ | @\"AUDIT_CONTROL\"@ |@ \"AUDIT_WRITE\"@ |
+-- @\"BLOCK_SUSPEND\"@ | @\"CHOWN\"@ | @\"DAC_OVERRIDE\"@ |
+-- @\"DAC_READ_SEARCH\"@ | @\"FOWNER\"@ | @\"FSETID\"@ | @\"IPC_LOCK\"@ |
+-- @\"IPC_OWNER\"@ | @\"KILL\"@ | @\"LEASE\"@ | @\"LINUX_IMMUTABLE\"@ |
+-- @\"MAC_ADMIN\"@ |@ \"MAC_OVERRIDE\"@ | @\"MKNOD\"@ | @\"NET_ADMIN\"@ |
+-- @\"NET_BIND_SERVICE\"@ | @\"NET_BROADCAST\"@ | @\"NET_RAW\"@ |
+-- @\"SETFCAP\"@ | @\"SETGID\"@ | @\"SETPCAP\"@ | @\"SETUID\"@ |
+-- @\"SYS_ADMIN\"@ | @\"SYS_BOOT\"@ | @\"SYS_CHROOT\"@ | @\"SYS_MODULE\"@ |
+-- @\"SYS_NICE\"@ | @\"SYS_PACCT\"@ | @\"SYS_PTRACE\"@ | @\"SYS_RAWIO\"@ |
+-- @\"SYS_RESOURCE\"@ | @\"SYS_TIME\"@ | @\"SYS_TTY_CONFIG\"@ |
+-- @\"SYSLOG\"@ | @\"WAKE_ALARM\"@
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails_add :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails (Prelude.Maybe [Prelude.Text])
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails_add = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails' {add} -> add) (\s@AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails' {} a -> s {add = a} :: AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Linux capabilities for the container that are dropped from the
+-- default configuration provided by Docker.
+--
+-- Valid values: @\"ALL\"@ | @\"AUDIT_CONTROL\"@ |@ \"AUDIT_WRITE\"@ |
+-- @\"BLOCK_SUSPEND\"@ | @\"CHOWN\"@ | @\"DAC_OVERRIDE\"@ |
+-- @\"DAC_READ_SEARCH\"@ | @\"FOWNER\"@ | @\"FSETID\"@ | @\"IPC_LOCK\"@ |
+-- @\"IPC_OWNER\"@ | @\"KILL\"@ | @\"LEASE\"@ | @\"LINUX_IMMUTABLE\"@ |
+-- @\"MAC_ADMIN\"@ |@ \"MAC_OVERRIDE\"@ | @\"MKNOD\"@ | @\"NET_ADMIN\"@ |
+-- @\"NET_BIND_SERVICE\"@ | @\"NET_BROADCAST\"@ | @\"NET_RAW\"@ |
+-- @\"SETFCAP\"@ | @\"SETGID\"@ | @\"SETPCAP\"@ | @\"SETUID\"@ |
+-- @\"SYS_ADMIN\"@ | @\"SYS_BOOT\"@ | @\"SYS_CHROOT\"@ | @\"SYS_MODULE\"@ |
+-- @\"SYS_NICE\"@ | @\"SYS_PACCT\"@ | @\"SYS_PTRACE\"@ | @\"SYS_RAWIO\"@ |
+-- @\"SYS_RESOURCE\"@ | @\"SYS_TIME\"@ | @\"SYS_TTY_CONFIG\"@ |
+-- @\"SYSLOG\"@ | @\"WAKE_ALARM\"@
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails_drop :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails (Prelude.Maybe [Prelude.Text])
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails_drop = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails' {drop} -> drop) (\s@AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails' {} a -> s {drop = a} :: AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails'
+            Prelude.<$> (x Data..:? "Add" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Drop" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` add
+        `Prelude.hashWithSalt` drop
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails' {..} =
+      Prelude.rnf add `Prelude.seq` Prelude.rnf drop
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Add" Data..=) Prelude.<$> add,
+              ("Drop" Data..=) Prelude.<$> drop
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails.hs
@@ -0,0 +1,199 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails
+
+-- | >Linux-specific modifications that are applied to the container, such as
+-- Linux kernel capabilities.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails = AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails'
+  { -- | The Linux capabilities for the container that are added to or dropped
+    -- from the default configuration provided by Docker.
+    capabilities :: Prelude.Maybe AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails,
+    -- | The host devices to expose to the container.
+    devices :: Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails],
+    -- | Whether to run an @init@ process inside the container that forwards
+    -- signals and reaps processes.
+    initProcessEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | The total amount of swap memory (in MiB) that a container can use.
+    maxSwap :: Prelude.Maybe Prelude.Int,
+    -- | The value for the size (in MiB) of the __\/dev\/shm__ volume.
+    sharedMemorySize :: Prelude.Maybe Prelude.Int,
+    -- | Configures the container\'s memory swappiness behavior. Determines how
+    -- aggressively pages are swapped. The higher the value, the more
+    -- aggressive the swappiness. The default is 60.
+    swappiness :: Prelude.Maybe Prelude.Int,
+    -- | The container path, mount options, and size (in MiB) of the tmpfs mount.
+    tmpfs :: Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'capabilities', 'awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_capabilities' - The Linux capabilities for the container that are added to or dropped
+-- from the default configuration provided by Docker.
+--
+-- 'devices', 'awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_devices' - The host devices to expose to the container.
+--
+-- 'initProcessEnabled', 'awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_initProcessEnabled' - Whether to run an @init@ process inside the container that forwards
+-- signals and reaps processes.
+--
+-- 'maxSwap', 'awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_maxSwap' - The total amount of swap memory (in MiB) that a container can use.
+--
+-- 'sharedMemorySize', 'awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_sharedMemorySize' - The value for the size (in MiB) of the __\/dev\/shm__ volume.
+--
+-- 'swappiness', 'awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_swappiness' - Configures the container\'s memory swappiness behavior. Determines how
+-- aggressively pages are swapped. The higher the value, the more
+-- aggressive the swappiness. The default is 60.
+--
+-- 'tmpfs', 'awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_tmpfs' - The container path, mount options, and size (in MiB) of the tmpfs mount.
+newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails
+newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails'
+    { capabilities =
+        Prelude.Nothing,
+      devices =
+        Prelude.Nothing,
+      initProcessEnabled =
+        Prelude.Nothing,
+      maxSwap =
+        Prelude.Nothing,
+      sharedMemorySize =
+        Prelude.Nothing,
+      swappiness =
+        Prelude.Nothing,
+      tmpfs =
+        Prelude.Nothing
+    }
+
+-- | The Linux capabilities for the container that are added to or dropped
+-- from the default configuration provided by Docker.
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_capabilities :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails (Prelude.Maybe AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails)
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_capabilities = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {capabilities} -> capabilities) (\s@AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {} a -> s {capabilities = a} :: AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails)
+
+-- | The host devices to expose to the container.
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_devices :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails (Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails])
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_devices = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {devices} -> devices) (\s@AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {} a -> s {devices = a} :: AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Whether to run an @init@ process inside the container that forwards
+-- signals and reaps processes.
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_initProcessEnabled :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails (Prelude.Maybe Prelude.Bool)
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_initProcessEnabled = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {initProcessEnabled} -> initProcessEnabled) (\s@AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {} a -> s {initProcessEnabled = a} :: AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails)
+
+-- | The total amount of swap memory (in MiB) that a container can use.
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_maxSwap :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_maxSwap = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {maxSwap} -> maxSwap) (\s@AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {} a -> s {maxSwap = a} :: AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails)
+
+-- | The value for the size (in MiB) of the __\/dev\/shm__ volume.
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_sharedMemorySize :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_sharedMemorySize = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {sharedMemorySize} -> sharedMemorySize) (\s@AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {} a -> s {sharedMemorySize = a} :: AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails)
+
+-- | Configures the container\'s memory swappiness behavior. Determines how
+-- aggressively pages are swapped. The higher the value, the more
+-- aggressive the swappiness. The default is 60.
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_swappiness :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_swappiness = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {swappiness} -> swappiness) (\s@AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {} a -> s {swappiness = a} :: AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails)
+
+-- | The container path, mount options, and size (in MiB) of the tmpfs mount.
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_tmpfs :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails (Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails])
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails_tmpfs = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {tmpfs} -> tmpfs) (\s@AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {} a -> s {tmpfs = a} :: AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails'
+            Prelude.<$> (x Data..:? "Capabilities")
+            Prelude.<*> (x Data..:? "Devices" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "InitProcessEnabled")
+            Prelude.<*> (x Data..:? "MaxSwap")
+            Prelude.<*> (x Data..:? "SharedMemorySize")
+            Prelude.<*> (x Data..:? "Swappiness")
+            Prelude.<*> (x Data..:? "Tmpfs" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` capabilities
+        `Prelude.hashWithSalt` devices
+        `Prelude.hashWithSalt` initProcessEnabled
+        `Prelude.hashWithSalt` maxSwap
+        `Prelude.hashWithSalt` sharedMemorySize
+        `Prelude.hashWithSalt` swappiness
+        `Prelude.hashWithSalt` tmpfs
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {..} =
+      Prelude.rnf capabilities
+        `Prelude.seq` Prelude.rnf devices
+        `Prelude.seq` Prelude.rnf initProcessEnabled
+        `Prelude.seq` Prelude.rnf maxSwap
+        `Prelude.seq` Prelude.rnf sharedMemorySize
+        `Prelude.seq` Prelude.rnf swappiness
+        `Prelude.seq` Prelude.rnf tmpfs
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Capabilities" Data..=) Prelude.<$> capabilities,
+              ("Devices" Data..=) Prelude.<$> devices,
+              ("InitProcessEnabled" Data..=)
+                Prelude.<$> initProcessEnabled,
+              ("MaxSwap" Data..=) Prelude.<$> maxSwap,
+              ("SharedMemorySize" Data..=)
+                Prelude.<$> sharedMemorySize,
+              ("Swappiness" Data..=) Prelude.<$> swappiness,
+              ("Tmpfs" Data..=) Prelude.<$> tmpfs
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails.hs
@@ -0,0 +1,131 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A host device to expose to the container.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails = AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails'
+  { -- | The path inside the container at which to expose the host device.
+    containerPath :: Prelude.Maybe Prelude.Text,
+    -- | The path for the device on the host container instance.
+    hostPath :: Prelude.Maybe Prelude.Text,
+    -- | The explicit permissions to provide to the container for the device. By
+    -- default, the container has permissions for read, write, and @mknod@ for
+    -- the device.
+    permissions :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'containerPath', 'awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails_containerPath' - The path inside the container at which to expose the host device.
+--
+-- 'hostPath', 'awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails_hostPath' - The path for the device on the host container instance.
+--
+-- 'permissions', 'awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails_permissions' - The explicit permissions to provide to the container for the device. By
+-- default, the container has permissions for read, write, and @mknod@ for
+-- the device.
+newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails
+newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails'
+    { containerPath =
+        Prelude.Nothing,
+      hostPath =
+        Prelude.Nothing,
+      permissions =
+        Prelude.Nothing
+    }
+
+-- | The path inside the container at which to expose the host device.
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails_containerPath :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails_containerPath = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails' {containerPath} -> containerPath) (\s@AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails' {} a -> s {containerPath = a} :: AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails)
+
+-- | The path for the device on the host container instance.
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails_hostPath :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails_hostPath = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails' {hostPath} -> hostPath) (\s@AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails' {} a -> s {hostPath = a} :: AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails)
+
+-- | The explicit permissions to provide to the container for the device. By
+-- default, the container has permissions for read, write, and @mknod@ for
+-- the device.
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails_permissions :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails (Prelude.Maybe [Prelude.Text])
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails_permissions = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails' {permissions} -> permissions) (\s@AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails' {} a -> s {permissions = a} :: AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails'
+            Prelude.<$> (x Data..:? "ContainerPath")
+            Prelude.<*> (x Data..:? "HostPath")
+            Prelude.<*> (x Data..:? "Permissions" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` containerPath
+        `Prelude.hashWithSalt` hostPath
+        `Prelude.hashWithSalt` permissions
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails' {..} =
+      Prelude.rnf containerPath
+        `Prelude.seq` Prelude.rnf hostPath
+        `Prelude.seq` Prelude.rnf permissions
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("ContainerPath" Data..=) Prelude.<$> containerPath,
+              ("HostPath" Data..=) Prelude.<$> hostPath,
+              ("Permissions" Data..=) Prelude.<$> permissions
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails.hs
@@ -0,0 +1,155 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The container path, mount options, and size (in MiB) of a tmpfs mount.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails = AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails'
+  { -- | The absolute file path where the tmpfs volume is to be mounted.
+    containerPath :: Prelude.Maybe Prelude.Text,
+    -- | The list of tmpfs volume mount options.
+    --
+    -- Valid values: @\"defaults\"@ | @\"ro\"@ | @\"rw\"@ | @\"suid\"@ |
+    -- @\"nosuid\"@ | @\"dev\"@ | @\"nodev\"@ |@ \"exec\"@ | @\"noexec\"@ |
+    -- @\"sync\"@ | @\"async\"@ | @\"dirsync\"@ | @\"remount\"@ | @\"mand\"@ |
+    -- @\"nomand\"@ | @\"atime\"@ | @\"noatime\"@ | @\"diratime\"@ |
+    -- @\"nodiratime\"@ | @\"bind\"@ | @\"rbind\"@ | @\"unbindable\"@ |
+    -- @\"runbindable\"@ | @\"private\"@ | @\"rprivate\"@ | @\"shared\"@ |
+    -- @\"rshared\"@ | @\"slave\"@ | @\"rslave\"@ | @\"relatime\"@ |
+    -- @\"norelatime\"@ | @\"strictatime\"@ | @\"nostrictatime\"@ |@ \"mode\"@
+    -- | @\"uid\"@ | @\"gid\"@ | @\"nr_inodes\"@ |@ \"nr_blocks\"@ | @\"mpol\"@
+    mountOptions :: Prelude.Maybe [Prelude.Text],
+    -- | The maximum size (in MiB) of the tmpfs volume.
+    size :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'containerPath', 'awsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails_containerPath' - The absolute file path where the tmpfs volume is to be mounted.
+--
+-- 'mountOptions', 'awsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails_mountOptions' - The list of tmpfs volume mount options.
+--
+-- Valid values: @\"defaults\"@ | @\"ro\"@ | @\"rw\"@ | @\"suid\"@ |
+-- @\"nosuid\"@ | @\"dev\"@ | @\"nodev\"@ |@ \"exec\"@ | @\"noexec\"@ |
+-- @\"sync\"@ | @\"async\"@ | @\"dirsync\"@ | @\"remount\"@ | @\"mand\"@ |
+-- @\"nomand\"@ | @\"atime\"@ | @\"noatime\"@ | @\"diratime\"@ |
+-- @\"nodiratime\"@ | @\"bind\"@ | @\"rbind\"@ | @\"unbindable\"@ |
+-- @\"runbindable\"@ | @\"private\"@ | @\"rprivate\"@ | @\"shared\"@ |
+-- @\"rshared\"@ | @\"slave\"@ | @\"rslave\"@ | @\"relatime\"@ |
+-- @\"norelatime\"@ | @\"strictatime\"@ | @\"nostrictatime\"@ |@ \"mode\"@
+-- | @\"uid\"@ | @\"gid\"@ | @\"nr_inodes\"@ |@ \"nr_blocks\"@ | @\"mpol\"@
+--
+-- 'size', 'awsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails_size' - The maximum size (in MiB) of the tmpfs volume.
+newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails
+newAwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails'
+    { containerPath =
+        Prelude.Nothing,
+      mountOptions =
+        Prelude.Nothing,
+      size =
+        Prelude.Nothing
+    }
+
+-- | The absolute file path where the tmpfs volume is to be mounted.
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails_containerPath :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails_containerPath = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails' {containerPath} -> containerPath) (\s@AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails' {} a -> s {containerPath = a} :: AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails)
+
+-- | The list of tmpfs volume mount options.
+--
+-- Valid values: @\"defaults\"@ | @\"ro\"@ | @\"rw\"@ | @\"suid\"@ |
+-- @\"nosuid\"@ | @\"dev\"@ | @\"nodev\"@ |@ \"exec\"@ | @\"noexec\"@ |
+-- @\"sync\"@ | @\"async\"@ | @\"dirsync\"@ | @\"remount\"@ | @\"mand\"@ |
+-- @\"nomand\"@ | @\"atime\"@ | @\"noatime\"@ | @\"diratime\"@ |
+-- @\"nodiratime\"@ | @\"bind\"@ | @\"rbind\"@ | @\"unbindable\"@ |
+-- @\"runbindable\"@ | @\"private\"@ | @\"rprivate\"@ | @\"shared\"@ |
+-- @\"rshared\"@ | @\"slave\"@ | @\"rslave\"@ | @\"relatime\"@ |
+-- @\"norelatime\"@ | @\"strictatime\"@ | @\"nostrictatime\"@ |@ \"mode\"@
+-- | @\"uid\"@ | @\"gid\"@ | @\"nr_inodes\"@ |@ \"nr_blocks\"@ | @\"mpol\"@
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails_mountOptions :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails (Prelude.Maybe [Prelude.Text])
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails_mountOptions = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails' {mountOptions} -> mountOptions) (\s@AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails' {} a -> s {mountOptions = a} :: AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The maximum size (in MiB) of the tmpfs volume.
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails_size :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails_size = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails' {size} -> size) (\s@AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails' {} a -> s {size = a} :: AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails'
+            Prelude.<$> (x Data..:? "ContainerPath")
+            Prelude.<*> (x Data..:? "MountOptions" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Size")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` containerPath
+        `Prelude.hashWithSalt` mountOptions
+        `Prelude.hashWithSalt` size
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails' {..} =
+      Prelude.rnf containerPath
+        `Prelude.seq` Prelude.rnf mountOptions
+        `Prelude.seq` Prelude.rnf size
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("ContainerPath" Data..=) Prelude.<$> containerPath,
+              ("MountOptions" Data..=) Prelude.<$> mountOptions,
+              ("Size" Data..=) Prelude.<$> size
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails.hs
@@ -0,0 +1,213 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails
+
+-- | The log configuration specification for the container.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails = AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails'
+  { -- | The log driver to use for the container.
+    --
+    -- Valid values on Fargate are as follows:
+    --
+    -- -   @awsfirelens@
+    --
+    -- -   @awslogs@
+    --
+    -- -   @splunk@
+    --
+    -- Valid values on Amazon EC2 are as follows:
+    --
+    -- -   @awsfirelens@
+    --
+    -- -   @awslogs@
+    --
+    -- -   @fluentd@
+    --
+    -- -   @gelf@
+    --
+    -- -   @journald@
+    --
+    -- -   @json-file@
+    --
+    -- -   @logentries@
+    --
+    -- -   @splunk@
+    --
+    -- -   @syslog@
+    logDriver :: Prelude.Maybe Prelude.Text,
+    -- | The configuration options to send to the log driver. Requires version
+    -- 1.19 of the Docker Remote API or greater on your container instance.
+    options :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The secrets to pass to the log configuration.
+    secretOptions :: Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'logDriver', 'awsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails_logDriver' - The log driver to use for the container.
+--
+-- Valid values on Fargate are as follows:
+--
+-- -   @awsfirelens@
+--
+-- -   @awslogs@
+--
+-- -   @splunk@
+--
+-- Valid values on Amazon EC2 are as follows:
+--
+-- -   @awsfirelens@
+--
+-- -   @awslogs@
+--
+-- -   @fluentd@
+--
+-- -   @gelf@
+--
+-- -   @journald@
+--
+-- -   @json-file@
+--
+-- -   @logentries@
+--
+-- -   @splunk@
+--
+-- -   @syslog@
+--
+-- 'options', 'awsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails_options' - The configuration options to send to the log driver. Requires version
+-- 1.19 of the Docker Remote API or greater on your container instance.
+--
+-- 'secretOptions', 'awsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails_secretOptions' - The secrets to pass to the log configuration.
+newAwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails
+newAwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails'
+    { logDriver =
+        Prelude.Nothing,
+      options =
+        Prelude.Nothing,
+      secretOptions =
+        Prelude.Nothing
+    }
+
+-- | The log driver to use for the container.
+--
+-- Valid values on Fargate are as follows:
+--
+-- -   @awsfirelens@
+--
+-- -   @awslogs@
+--
+-- -   @splunk@
+--
+-- Valid values on Amazon EC2 are as follows:
+--
+-- -   @awsfirelens@
+--
+-- -   @awslogs@
+--
+-- -   @fluentd@
+--
+-- -   @gelf@
+--
+-- -   @journald@
+--
+-- -   @json-file@
+--
+-- -   @logentries@
+--
+-- -   @splunk@
+--
+-- -   @syslog@
+awsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails_logDriver :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails_logDriver = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails' {logDriver} -> logDriver) (\s@AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails' {} a -> s {logDriver = a} :: AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails)
+
+-- | The configuration options to send to the log driver. Requires version
+-- 1.19 of the Docker Remote API or greater on your container instance.
+awsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails_options :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails_options = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails' {options} -> options) (\s@AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails' {} a -> s {options = a} :: AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The secrets to pass to the log configuration.
+awsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails_secretOptions :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails (Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails])
+awsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails_secretOptions = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails' {secretOptions} -> secretOptions) (\s@AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails' {} a -> s {secretOptions = a} :: AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails'
+            Prelude.<$> (x Data..:? "LogDriver")
+            Prelude.<*> (x Data..:? "Options" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "SecretOptions" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` logDriver
+        `Prelude.hashWithSalt` options
+        `Prelude.hashWithSalt` secretOptions
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails' {..} =
+      Prelude.rnf logDriver
+        `Prelude.seq` Prelude.rnf options
+        `Prelude.seq` Prelude.rnf secretOptions
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("LogDriver" Data..=) Prelude.<$> logDriver,
+              ("Options" Data..=) Prelude.<$> options,
+              ("SecretOptions" Data..=) Prelude.<$> secretOptions
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails.hs
@@ -0,0 +1,120 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A secret to pass to the log configuration.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails = AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails'
+  { -- | The name of the secret.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The secret to expose to the container.
+    --
+    -- The value is either the full ARN of the Secrets Manager secret or the
+    -- full ARN of the parameter in the Systems Manager Parameter Store.
+    valueFrom :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'awsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails_name' - The name of the secret.
+--
+-- 'valueFrom', 'awsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails_valueFrom' - The secret to expose to the container.
+--
+-- The value is either the full ARN of the Secrets Manager secret or the
+-- full ARN of the parameter in the Systems Manager Parameter Store.
+newAwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails
+newAwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails'
+    { name =
+        Prelude.Nothing,
+      valueFrom =
+        Prelude.Nothing
+    }
+
+-- | The name of the secret.
+awsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails_name :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails_name = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails' {name} -> name) (\s@AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails' {} a -> s {name = a} :: AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails)
+
+-- | The secret to expose to the container.
+--
+-- The value is either the full ARN of the Secrets Manager secret or the
+-- full ARN of the parameter in the Systems Manager Parameter Store.
+awsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails_valueFrom :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails_valueFrom = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails' {valueFrom} -> valueFrom) (\s@AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails' {} a -> s {valueFrom = a} :: AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails'
+            Prelude.<$> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "ValueFrom")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` valueFrom
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails' {..} =
+      Prelude.rnf name
+        `Prelude.seq` Prelude.rnf valueFrom
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Name" Data..=) Prelude.<$> name,
+              ("ValueFrom" Data..=) Prelude.<$> valueFrom
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails.hs
@@ -0,0 +1,128 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A mount point for the data volumes in the container.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails = AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails'
+  { -- | The path on the container to mount the host volume at.
+    containerPath :: Prelude.Maybe Prelude.Text,
+    -- | Whether the container has read-only access to the volume.
+    readOnly :: Prelude.Maybe Prelude.Bool,
+    -- | The name of the volume to mount. Must match the name of a volume listed
+    -- in @VolumeDetails@ for the task definition.
+    sourceVolume :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'containerPath', 'awsEcsTaskDefinitionContainerDefinitionsMountPointsDetails_containerPath' - The path on the container to mount the host volume at.
+--
+-- 'readOnly', 'awsEcsTaskDefinitionContainerDefinitionsMountPointsDetails_readOnly' - Whether the container has read-only access to the volume.
+--
+-- 'sourceVolume', 'awsEcsTaskDefinitionContainerDefinitionsMountPointsDetails_sourceVolume' - The name of the volume to mount. Must match the name of a volume listed
+-- in @VolumeDetails@ for the task definition.
+newAwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails
+newAwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails'
+    { containerPath =
+        Prelude.Nothing,
+      readOnly =
+        Prelude.Nothing,
+      sourceVolume =
+        Prelude.Nothing
+    }
+
+-- | The path on the container to mount the host volume at.
+awsEcsTaskDefinitionContainerDefinitionsMountPointsDetails_containerPath :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsMountPointsDetails_containerPath = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails' {containerPath} -> containerPath) (\s@AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails' {} a -> s {containerPath = a} :: AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails)
+
+-- | Whether the container has read-only access to the volume.
+awsEcsTaskDefinitionContainerDefinitionsMountPointsDetails_readOnly :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails (Prelude.Maybe Prelude.Bool)
+awsEcsTaskDefinitionContainerDefinitionsMountPointsDetails_readOnly = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails' {readOnly} -> readOnly) (\s@AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails' {} a -> s {readOnly = a} :: AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails)
+
+-- | The name of the volume to mount. Must match the name of a volume listed
+-- in @VolumeDetails@ for the task definition.
+awsEcsTaskDefinitionContainerDefinitionsMountPointsDetails_sourceVolume :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsMountPointsDetails_sourceVolume = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails' {sourceVolume} -> sourceVolume) (\s@AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails' {} a -> s {sourceVolume = a} :: AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails'
+            Prelude.<$> (x Data..:? "ContainerPath")
+            Prelude.<*> (x Data..:? "ReadOnly")
+            Prelude.<*> (x Data..:? "SourceVolume")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` containerPath
+        `Prelude.hashWithSalt` readOnly
+        `Prelude.hashWithSalt` sourceVolume
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails' {..} =
+      Prelude.rnf containerPath
+        `Prelude.seq` Prelude.rnf readOnly
+        `Prelude.seq` Prelude.rnf sourceVolume
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("ContainerPath" Data..=) Prelude.<$> containerPath,
+              ("ReadOnly" Data..=) Prelude.<$> readOnly,
+              ("SourceVolume" Data..=) Prelude.<$> sourceVolume
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails.hs
@@ -0,0 +1,128 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A port mapping for the container.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails = AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails'
+  { -- | The port number on the container that is bound to the user-specified or
+    -- automatically assigned host port.
+    containerPort :: Prelude.Maybe Prelude.Int,
+    -- | The port number on the container instance to reserve for the container.
+    hostPort :: Prelude.Maybe Prelude.Int,
+    -- | The protocol used for the port mapping. The default is @tcp@.
+    protocol :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'containerPort', 'awsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails_containerPort' - The port number on the container that is bound to the user-specified or
+-- automatically assigned host port.
+--
+-- 'hostPort', 'awsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails_hostPort' - The port number on the container instance to reserve for the container.
+--
+-- 'protocol', 'awsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails_protocol' - The protocol used for the port mapping. The default is @tcp@.
+newAwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails
+newAwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails'
+    { containerPort =
+        Prelude.Nothing,
+      hostPort =
+        Prelude.Nothing,
+      protocol =
+        Prelude.Nothing
+    }
+
+-- | The port number on the container that is bound to the user-specified or
+-- automatically assigned host port.
+awsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails_containerPort :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails_containerPort = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails' {containerPort} -> containerPort) (\s@AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails' {} a -> s {containerPort = a} :: AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails)
+
+-- | The port number on the container instance to reserve for the container.
+awsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails_hostPort :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails_hostPort = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails' {hostPort} -> hostPort) (\s@AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails' {} a -> s {hostPort = a} :: AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails)
+
+-- | The protocol used for the port mapping. The default is @tcp@.
+awsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails_protocol :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails_protocol = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails' {protocol} -> protocol) (\s@AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails' {} a -> s {protocol = a} :: AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails'
+            Prelude.<$> (x Data..:? "ContainerPort")
+            Prelude.<*> (x Data..:? "HostPort")
+            Prelude.<*> (x Data..:? "Protocol")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` containerPort
+        `Prelude.hashWithSalt` hostPort
+        `Prelude.hashWithSalt` protocol
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails' {..} =
+      Prelude.rnf containerPort
+        `Prelude.seq` Prelude.rnf hostPort
+        `Prelude.seq` Prelude.rnf protocol
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("ContainerPort" Data..=) Prelude.<$> containerPort,
+              ("HostPort" Data..=) Prelude.<$> hostPort,
+              ("Protocol" Data..=) Prelude.<$> protocol
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails.hs
@@ -0,0 +1,97 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The private repository authentication credentials to use.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails = AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails'
+  { -- | The ARN of the secret that contains the private repository credentials.
+    credentialsParameter :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'credentialsParameter', 'awsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails_credentialsParameter' - The ARN of the secret that contains the private repository credentials.
+newAwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails
+newAwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails'
+    { credentialsParameter =
+        Prelude.Nothing
+    }
+
+-- | The ARN of the secret that contains the private repository credentials.
+awsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails_credentialsParameter :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails_credentialsParameter = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails' {credentialsParameter} -> credentialsParameter) (\s@AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails' {} a -> s {credentialsParameter = a} :: AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails'
+            Prelude.<$> (x Data..:? "CredentialsParameter")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails' {..} =
+      _salt `Prelude.hashWithSalt` credentialsParameter
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails' {..} =
+      Prelude.rnf credentialsParameter
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("CredentialsParameter" Data..=)
+                Prelude.<$> credentialsParameter
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails.hs
@@ -0,0 +1,131 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A resource to assign to a container.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails = AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails'
+  { -- | The type of resource to assign to a container. Valid values are @GPU@ or
+    -- @InferenceAccelerator@.
+    type' :: Prelude.Maybe Prelude.Text,
+    -- | The value for the specified resource type.
+    --
+    -- For @GPU@, the value is the number of physical GPUs the Amazon ECS
+    -- container agent reserves for the container.
+    --
+    -- For @InferenceAccelerator@, the value should match the @DeviceName@
+    -- attribute of an entry in @InferenceAccelerators@.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'type'', 'awsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails_type' - The type of resource to assign to a container. Valid values are @GPU@ or
+-- @InferenceAccelerator@.
+--
+-- 'value', 'awsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails_value' - The value for the specified resource type.
+--
+-- For @GPU@, the value is the number of physical GPUs the Amazon ECS
+-- container agent reserves for the container.
+--
+-- For @InferenceAccelerator@, the value should match the @DeviceName@
+-- attribute of an entry in @InferenceAccelerators@.
+newAwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails
+newAwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails'
+    { type' =
+        Prelude.Nothing,
+      value =
+        Prelude.Nothing
+    }
+
+-- | The type of resource to assign to a container. Valid values are @GPU@ or
+-- @InferenceAccelerator@.
+awsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails_type :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails_type = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails' {type'} -> type') (\s@AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails' {} a -> s {type' = a} :: AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails)
+
+-- | The value for the specified resource type.
+--
+-- For @GPU@, the value is the number of physical GPUs the Amazon ECS
+-- container agent reserves for the container.
+--
+-- For @InferenceAccelerator@, the value should match the @DeviceName@
+-- attribute of an entry in @InferenceAccelerators@.
+awsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails_value :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails_value = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails' {value} -> value) (\s@AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails' {} a -> s {value = a} :: AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails'
+            Prelude.<$> (x Data..:? "Type")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` type'
+        `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails' {..} =
+      Prelude.rnf type' `Prelude.seq` Prelude.rnf value
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Type" Data..=) Prelude.<$> type',
+              ("Value" Data..=) Prelude.<$> value
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails.hs
@@ -0,0 +1,117 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A secret to pass to the container.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsSecretsDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails = AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails'
+  { -- | The name of the secret.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The secret to expose to the container. The value is either the full ARN
+    -- of the Secrets Manager secret or the full ARN of the parameter in the
+    -- Systems Manager Parameter Store.
+    valueFrom :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'awsEcsTaskDefinitionContainerDefinitionsSecretsDetails_name' - The name of the secret.
+--
+-- 'valueFrom', 'awsEcsTaskDefinitionContainerDefinitionsSecretsDetails_valueFrom' - The secret to expose to the container. The value is either the full ARN
+-- of the Secrets Manager secret or the full ARN of the parameter in the
+-- Systems Manager Parameter Store.
+newAwsEcsTaskDefinitionContainerDefinitionsSecretsDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails
+newAwsEcsTaskDefinitionContainerDefinitionsSecretsDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails'
+    { name =
+        Prelude.Nothing,
+      valueFrom =
+        Prelude.Nothing
+    }
+
+-- | The name of the secret.
+awsEcsTaskDefinitionContainerDefinitionsSecretsDetails_name :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsSecretsDetails_name = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails' {name} -> name) (\s@AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails' {} a -> s {name = a} :: AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails)
+
+-- | The secret to expose to the container. The value is either the full ARN
+-- of the Secrets Manager secret or the full ARN of the parameter in the
+-- Systems Manager Parameter Store.
+awsEcsTaskDefinitionContainerDefinitionsSecretsDetails_valueFrom :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsSecretsDetails_valueFrom = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails' {valueFrom} -> valueFrom) (\s@AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails' {} a -> s {valueFrom = a} :: AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails'
+            Prelude.<$> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "ValueFrom")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` valueFrom
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails' {..} =
+      Prelude.rnf name
+        `Prelude.seq` Prelude.rnf valueFrom
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Name" Data..=) Prelude.<$> name,
+              ("ValueFrom" Data..=) Prelude.<$> valueFrom
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A namespaced kernel parameter to set in the container.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails = AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails'
+  { -- | The namespaced kernel parameter for which to set a value.
+    namespace :: Prelude.Maybe Prelude.Text,
+    -- | The value of the parameter.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'namespace', 'awsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails_namespace' - The namespaced kernel parameter for which to set a value.
+--
+-- 'value', 'awsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails_value' - The value of the parameter.
+newAwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails
+newAwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails'
+    { namespace =
+        Prelude.Nothing,
+      value =
+        Prelude.Nothing
+    }
+
+-- | The namespaced kernel parameter for which to set a value.
+awsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails_namespace :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails_namespace = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails' {namespace} -> namespace) (\s@AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails' {} a -> s {namespace = a} :: AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails)
+
+-- | The value of the parameter.
+awsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails_value :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails_value = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails' {value} -> value) (\s@AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails' {} a -> s {value = a} :: AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails'
+            Prelude.<$> (x Data..:? "Namespace")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` namespace
+        `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails' {..} =
+      Prelude.rnf namespace
+        `Prelude.seq` Prelude.rnf value
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Namespace" Data..=) Prelude.<$> namespace,
+              ("Value" Data..=) Prelude.<$> value
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails.hs
@@ -0,0 +1,215 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A ulimit to set in the container.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails = AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails'
+  { -- | The hard limit for the ulimit type.
+    hardLimit :: Prelude.Maybe Prelude.Int,
+    -- | The type of the ulimit. Valid values are as follows:
+    --
+    -- -   @core@
+    --
+    -- -   @cpu@
+    --
+    -- -   @data@
+    --
+    -- -   @fsize@
+    --
+    -- -   @locks@
+    --
+    -- -   @memlock@
+    --
+    -- -   @msgqueue@
+    --
+    -- -   @nice@
+    --
+    -- -   @nofile@
+    --
+    -- -   @nproc@
+    --
+    -- -   @rss@
+    --
+    -- -   @rtprio@
+    --
+    -- -   @rttime@
+    --
+    -- -   @sigpending@
+    --
+    -- -   @stack@
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The soft limit for the ulimit type.
+    softLimit :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'hardLimit', 'awsEcsTaskDefinitionContainerDefinitionsUlimitsDetails_hardLimit' - The hard limit for the ulimit type.
+--
+-- 'name', 'awsEcsTaskDefinitionContainerDefinitionsUlimitsDetails_name' - The type of the ulimit. Valid values are as follows:
+--
+-- -   @core@
+--
+-- -   @cpu@
+--
+-- -   @data@
+--
+-- -   @fsize@
+--
+-- -   @locks@
+--
+-- -   @memlock@
+--
+-- -   @msgqueue@
+--
+-- -   @nice@
+--
+-- -   @nofile@
+--
+-- -   @nproc@
+--
+-- -   @rss@
+--
+-- -   @rtprio@
+--
+-- -   @rttime@
+--
+-- -   @sigpending@
+--
+-- -   @stack@
+--
+-- 'softLimit', 'awsEcsTaskDefinitionContainerDefinitionsUlimitsDetails_softLimit' - The soft limit for the ulimit type.
+newAwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails
+newAwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails'
+    { hardLimit =
+        Prelude.Nothing,
+      name =
+        Prelude.Nothing,
+      softLimit =
+        Prelude.Nothing
+    }
+
+-- | The hard limit for the ulimit type.
+awsEcsTaskDefinitionContainerDefinitionsUlimitsDetails_hardLimit :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsUlimitsDetails_hardLimit = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails' {hardLimit} -> hardLimit) (\s@AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails' {} a -> s {hardLimit = a} :: AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails)
+
+-- | The type of the ulimit. Valid values are as follows:
+--
+-- -   @core@
+--
+-- -   @cpu@
+--
+-- -   @data@
+--
+-- -   @fsize@
+--
+-- -   @locks@
+--
+-- -   @memlock@
+--
+-- -   @msgqueue@
+--
+-- -   @nice@
+--
+-- -   @nofile@
+--
+-- -   @nproc@
+--
+-- -   @rss@
+--
+-- -   @rtprio@
+--
+-- -   @rttime@
+--
+-- -   @sigpending@
+--
+-- -   @stack@
+awsEcsTaskDefinitionContainerDefinitionsUlimitsDetails_name :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsUlimitsDetails_name = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails' {name} -> name) (\s@AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails' {} a -> s {name = a} :: AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails)
+
+-- | The soft limit for the ulimit type.
+awsEcsTaskDefinitionContainerDefinitionsUlimitsDetails_softLimit :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionContainerDefinitionsUlimitsDetails_softLimit = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails' {softLimit} -> softLimit) (\s@AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails' {} a -> s {softLimit = a} :: AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails'
+            Prelude.<$> (x Data..:? "HardLimit")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "SoftLimit")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` hardLimit
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` softLimit
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails' {..} =
+      Prelude.rnf hardLimit
+        `Prelude.seq` Prelude.rnf name
+        `Prelude.seq` Prelude.rnf softLimit
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("HardLimit" Data..=) Prelude.<$> hardLimit,
+              ("Name" Data..=) Prelude.<$> name,
+              ("SoftLimit" Data..=) Prelude.<$> softLimit
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails.hs
@@ -0,0 +1,115 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A data volume to mount from another container.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails' smart constructor.
+data AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails = AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails'
+  { -- | Whether the container has read-only access to the volume.
+    readOnly :: Prelude.Maybe Prelude.Bool,
+    -- | The name of another container within the same task definition from which
+    -- to mount volumes.
+    sourceContainer :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'readOnly', 'awsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails_readOnly' - Whether the container has read-only access to the volume.
+--
+-- 'sourceContainer', 'awsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails_sourceContainer' - The name of another container within the same task definition from which
+-- to mount volumes.
+newAwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails ::
+  AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails
+newAwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails =
+  AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails'
+    { readOnly =
+        Prelude.Nothing,
+      sourceContainer =
+        Prelude.Nothing
+    }
+
+-- | Whether the container has read-only access to the volume.
+awsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails_readOnly :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails (Prelude.Maybe Prelude.Bool)
+awsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails_readOnly = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails' {readOnly} -> readOnly) (\s@AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails' {} a -> s {readOnly = a} :: AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails)
+
+-- | The name of another container within the same task definition from which
+-- to mount volumes.
+awsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails_sourceContainer :: Lens.Lens' AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails_sourceContainer = Lens.lens (\AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails' {sourceContainer} -> sourceContainer) (\s@AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails' {} a -> s {sourceContainer = a} :: AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails'
+            Prelude.<$> (x Data..:? "ReadOnly")
+            Prelude.<*> (x Data..:? "SourceContainer")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` readOnly
+        `Prelude.hashWithSalt` sourceContainer
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails' {..} =
+      Prelude.rnf readOnly
+        `Prelude.seq` Prelude.rnf sourceContainer
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("ReadOnly" Data..=) Prelude.<$> readOnly,
+              ("SourceContainer" Data..=)
+                Prelude.<$> sourceContainer
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionDetails.hs
@@ -0,0 +1,392 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionContainerDefinitionsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionInferenceAcceleratorsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionPlacementConstraintsDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionProxyConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesDetails
+
+-- | Details about a task definition. A task definition describes the
+-- container and volume definitions of an Amazon Elastic Container Service
+-- task.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionDetails' smart constructor.
+data AwsEcsTaskDefinitionDetails = AwsEcsTaskDefinitionDetails'
+  { -- | The container definitions that describe the containers that make up the
+    -- task.
+    containerDefinitions :: Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsDetails],
+    -- | The number of CPU units used by the task.Valid values are as follows:
+    --
+    -- -   @256 (.25 vCPU)@
+    --
+    -- -   @512 (.5 vCPU)@
+    --
+    -- -   @1024 (1 vCPU)@
+    --
+    -- -   @2048 (2 vCPU)@
+    --
+    -- -   @4096 (4 vCPU)@
+    cpu :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the task execution role that grants the container agent
+    -- permission to make API calls on behalf of the container user.
+    executionRoleArn :: Prelude.Maybe Prelude.Text,
+    -- | The name of a family that this task definition is registered to.
+    family :: Prelude.Maybe Prelude.Text,
+    -- | The Elastic Inference accelerators to use for the containers in the
+    -- task.
+    inferenceAccelerators :: Prelude.Maybe [AwsEcsTaskDefinitionInferenceAcceleratorsDetails],
+    -- | The inter-process communication (IPC) resource namespace to use for the
+    -- containers in the task. Valid values are as follows:
+    --
+    -- -   @host@
+    --
+    -- -   @none@
+    --
+    -- -   @task@
+    ipcMode :: Prelude.Maybe Prelude.Text,
+    -- | The amount (in MiB) of memory used by the task.
+    --
+    -- For tasks that are hosted on Amazon EC2, you can provide a task-level
+    -- memory value or a container-level memory value. For tasks that are
+    -- hosted on Fargate, you must use one of the
+    -- <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size specified values>
+    -- in the //Amazon Elastic Container Service Developer Guide// , which
+    -- determines your range of supported values for the @Cpu@ and @Memory@
+    -- parameters.
+    memory :: Prelude.Maybe Prelude.Text,
+    -- | The Docker networking mode to use for the containers in the task. Valid
+    -- values are as follows:
+    --
+    -- -   @awsvpc@
+    --
+    -- -   @bridge@
+    --
+    -- -   @host@
+    --
+    -- -   @none@
+    networkMode :: Prelude.Maybe Prelude.Text,
+    -- | The process namespace to use for the containers in the task. Valid
+    -- values are @host@ or @task@.
+    pidMode :: Prelude.Maybe Prelude.Text,
+    -- | The placement constraint objects to use for tasks.
+    placementConstraints :: Prelude.Maybe [AwsEcsTaskDefinitionPlacementConstraintsDetails],
+    -- | The configuration details for the App Mesh proxy.
+    proxyConfiguration :: Prelude.Maybe AwsEcsTaskDefinitionProxyConfigurationDetails,
+    -- | The task launch types that the task definition was validated against.
+    requiresCompatibilities :: Prelude.Maybe [Prelude.Text],
+    -- | The short name or ARN of the IAM role that grants containers in the task
+    -- permission to call Amazon Web Services API operations on your behalf.
+    taskRoleArn :: Prelude.Maybe Prelude.Text,
+    -- | The data volume definitions for the task.
+    volumes :: Prelude.Maybe [AwsEcsTaskDefinitionVolumesDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'containerDefinitions', 'awsEcsTaskDefinitionDetails_containerDefinitions' - The container definitions that describe the containers that make up the
+-- task.
+--
+-- 'cpu', 'awsEcsTaskDefinitionDetails_cpu' - The number of CPU units used by the task.Valid values are as follows:
+--
+-- -   @256 (.25 vCPU)@
+--
+-- -   @512 (.5 vCPU)@
+--
+-- -   @1024 (1 vCPU)@
+--
+-- -   @2048 (2 vCPU)@
+--
+-- -   @4096 (4 vCPU)@
+--
+-- 'executionRoleArn', 'awsEcsTaskDefinitionDetails_executionRoleArn' - The ARN of the task execution role that grants the container agent
+-- permission to make API calls on behalf of the container user.
+--
+-- 'family', 'awsEcsTaskDefinitionDetails_family' - The name of a family that this task definition is registered to.
+--
+-- 'inferenceAccelerators', 'awsEcsTaskDefinitionDetails_inferenceAccelerators' - The Elastic Inference accelerators to use for the containers in the
+-- task.
+--
+-- 'ipcMode', 'awsEcsTaskDefinitionDetails_ipcMode' - The inter-process communication (IPC) resource namespace to use for the
+-- containers in the task. Valid values are as follows:
+--
+-- -   @host@
+--
+-- -   @none@
+--
+-- -   @task@
+--
+-- 'memory', 'awsEcsTaskDefinitionDetails_memory' - The amount (in MiB) of memory used by the task.
+--
+-- For tasks that are hosted on Amazon EC2, you can provide a task-level
+-- memory value or a container-level memory value. For tasks that are
+-- hosted on Fargate, you must use one of the
+-- <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size specified values>
+-- in the //Amazon Elastic Container Service Developer Guide// , which
+-- determines your range of supported values for the @Cpu@ and @Memory@
+-- parameters.
+--
+-- 'networkMode', 'awsEcsTaskDefinitionDetails_networkMode' - The Docker networking mode to use for the containers in the task. Valid
+-- values are as follows:
+--
+-- -   @awsvpc@
+--
+-- -   @bridge@
+--
+-- -   @host@
+--
+-- -   @none@
+--
+-- 'pidMode', 'awsEcsTaskDefinitionDetails_pidMode' - The process namespace to use for the containers in the task. Valid
+-- values are @host@ or @task@.
+--
+-- 'placementConstraints', 'awsEcsTaskDefinitionDetails_placementConstraints' - The placement constraint objects to use for tasks.
+--
+-- 'proxyConfiguration', 'awsEcsTaskDefinitionDetails_proxyConfiguration' - The configuration details for the App Mesh proxy.
+--
+-- 'requiresCompatibilities', 'awsEcsTaskDefinitionDetails_requiresCompatibilities' - The task launch types that the task definition was validated against.
+--
+-- 'taskRoleArn', 'awsEcsTaskDefinitionDetails_taskRoleArn' - The short name or ARN of the IAM role that grants containers in the task
+-- permission to call Amazon Web Services API operations on your behalf.
+--
+-- 'volumes', 'awsEcsTaskDefinitionDetails_volumes' - The data volume definitions for the task.
+newAwsEcsTaskDefinitionDetails ::
+  AwsEcsTaskDefinitionDetails
+newAwsEcsTaskDefinitionDetails =
+  AwsEcsTaskDefinitionDetails'
+    { containerDefinitions =
+        Prelude.Nothing,
+      cpu = Prelude.Nothing,
+      executionRoleArn = Prelude.Nothing,
+      family = Prelude.Nothing,
+      inferenceAccelerators = Prelude.Nothing,
+      ipcMode = Prelude.Nothing,
+      memory = Prelude.Nothing,
+      networkMode = Prelude.Nothing,
+      pidMode = Prelude.Nothing,
+      placementConstraints = Prelude.Nothing,
+      proxyConfiguration = Prelude.Nothing,
+      requiresCompatibilities = Prelude.Nothing,
+      taskRoleArn = Prelude.Nothing,
+      volumes = Prelude.Nothing
+    }
+
+-- | The container definitions that describe the containers that make up the
+-- task.
+awsEcsTaskDefinitionDetails_containerDefinitions :: Lens.Lens' AwsEcsTaskDefinitionDetails (Prelude.Maybe [AwsEcsTaskDefinitionContainerDefinitionsDetails])
+awsEcsTaskDefinitionDetails_containerDefinitions = Lens.lens (\AwsEcsTaskDefinitionDetails' {containerDefinitions} -> containerDefinitions) (\s@AwsEcsTaskDefinitionDetails' {} a -> s {containerDefinitions = a} :: AwsEcsTaskDefinitionDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The number of CPU units used by the task.Valid values are as follows:
+--
+-- -   @256 (.25 vCPU)@
+--
+-- -   @512 (.5 vCPU)@
+--
+-- -   @1024 (1 vCPU)@
+--
+-- -   @2048 (2 vCPU)@
+--
+-- -   @4096 (4 vCPU)@
+awsEcsTaskDefinitionDetails_cpu :: Lens.Lens' AwsEcsTaskDefinitionDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionDetails_cpu = Lens.lens (\AwsEcsTaskDefinitionDetails' {cpu} -> cpu) (\s@AwsEcsTaskDefinitionDetails' {} a -> s {cpu = a} :: AwsEcsTaskDefinitionDetails)
+
+-- | The ARN of the task execution role that grants the container agent
+-- permission to make API calls on behalf of the container user.
+awsEcsTaskDefinitionDetails_executionRoleArn :: Lens.Lens' AwsEcsTaskDefinitionDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionDetails_executionRoleArn = Lens.lens (\AwsEcsTaskDefinitionDetails' {executionRoleArn} -> executionRoleArn) (\s@AwsEcsTaskDefinitionDetails' {} a -> s {executionRoleArn = a} :: AwsEcsTaskDefinitionDetails)
+
+-- | The name of a family that this task definition is registered to.
+awsEcsTaskDefinitionDetails_family :: Lens.Lens' AwsEcsTaskDefinitionDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionDetails_family = Lens.lens (\AwsEcsTaskDefinitionDetails' {family} -> family) (\s@AwsEcsTaskDefinitionDetails' {} a -> s {family = a} :: AwsEcsTaskDefinitionDetails)
+
+-- | The Elastic Inference accelerators to use for the containers in the
+-- task.
+awsEcsTaskDefinitionDetails_inferenceAccelerators :: Lens.Lens' AwsEcsTaskDefinitionDetails (Prelude.Maybe [AwsEcsTaskDefinitionInferenceAcceleratorsDetails])
+awsEcsTaskDefinitionDetails_inferenceAccelerators = Lens.lens (\AwsEcsTaskDefinitionDetails' {inferenceAccelerators} -> inferenceAccelerators) (\s@AwsEcsTaskDefinitionDetails' {} a -> s {inferenceAccelerators = a} :: AwsEcsTaskDefinitionDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The inter-process communication (IPC) resource namespace to use for the
+-- containers in the task. Valid values are as follows:
+--
+-- -   @host@
+--
+-- -   @none@
+--
+-- -   @task@
+awsEcsTaskDefinitionDetails_ipcMode :: Lens.Lens' AwsEcsTaskDefinitionDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionDetails_ipcMode = Lens.lens (\AwsEcsTaskDefinitionDetails' {ipcMode} -> ipcMode) (\s@AwsEcsTaskDefinitionDetails' {} a -> s {ipcMode = a} :: AwsEcsTaskDefinitionDetails)
+
+-- | The amount (in MiB) of memory used by the task.
+--
+-- For tasks that are hosted on Amazon EC2, you can provide a task-level
+-- memory value or a container-level memory value. For tasks that are
+-- hosted on Fargate, you must use one of the
+-- <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size specified values>
+-- in the //Amazon Elastic Container Service Developer Guide// , which
+-- determines your range of supported values for the @Cpu@ and @Memory@
+-- parameters.
+awsEcsTaskDefinitionDetails_memory :: Lens.Lens' AwsEcsTaskDefinitionDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionDetails_memory = Lens.lens (\AwsEcsTaskDefinitionDetails' {memory} -> memory) (\s@AwsEcsTaskDefinitionDetails' {} a -> s {memory = a} :: AwsEcsTaskDefinitionDetails)
+
+-- | The Docker networking mode to use for the containers in the task. Valid
+-- values are as follows:
+--
+-- -   @awsvpc@
+--
+-- -   @bridge@
+--
+-- -   @host@
+--
+-- -   @none@
+awsEcsTaskDefinitionDetails_networkMode :: Lens.Lens' AwsEcsTaskDefinitionDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionDetails_networkMode = Lens.lens (\AwsEcsTaskDefinitionDetails' {networkMode} -> networkMode) (\s@AwsEcsTaskDefinitionDetails' {} a -> s {networkMode = a} :: AwsEcsTaskDefinitionDetails)
+
+-- | The process namespace to use for the containers in the task. Valid
+-- values are @host@ or @task@.
+awsEcsTaskDefinitionDetails_pidMode :: Lens.Lens' AwsEcsTaskDefinitionDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionDetails_pidMode = Lens.lens (\AwsEcsTaskDefinitionDetails' {pidMode} -> pidMode) (\s@AwsEcsTaskDefinitionDetails' {} a -> s {pidMode = a} :: AwsEcsTaskDefinitionDetails)
+
+-- | The placement constraint objects to use for tasks.
+awsEcsTaskDefinitionDetails_placementConstraints :: Lens.Lens' AwsEcsTaskDefinitionDetails (Prelude.Maybe [AwsEcsTaskDefinitionPlacementConstraintsDetails])
+awsEcsTaskDefinitionDetails_placementConstraints = Lens.lens (\AwsEcsTaskDefinitionDetails' {placementConstraints} -> placementConstraints) (\s@AwsEcsTaskDefinitionDetails' {} a -> s {placementConstraints = a} :: AwsEcsTaskDefinitionDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The configuration details for the App Mesh proxy.
+awsEcsTaskDefinitionDetails_proxyConfiguration :: Lens.Lens' AwsEcsTaskDefinitionDetails (Prelude.Maybe AwsEcsTaskDefinitionProxyConfigurationDetails)
+awsEcsTaskDefinitionDetails_proxyConfiguration = Lens.lens (\AwsEcsTaskDefinitionDetails' {proxyConfiguration} -> proxyConfiguration) (\s@AwsEcsTaskDefinitionDetails' {} a -> s {proxyConfiguration = a} :: AwsEcsTaskDefinitionDetails)
+
+-- | The task launch types that the task definition was validated against.
+awsEcsTaskDefinitionDetails_requiresCompatibilities :: Lens.Lens' AwsEcsTaskDefinitionDetails (Prelude.Maybe [Prelude.Text])
+awsEcsTaskDefinitionDetails_requiresCompatibilities = Lens.lens (\AwsEcsTaskDefinitionDetails' {requiresCompatibilities} -> requiresCompatibilities) (\s@AwsEcsTaskDefinitionDetails' {} a -> s {requiresCompatibilities = a} :: AwsEcsTaskDefinitionDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The short name or ARN of the IAM role that grants containers in the task
+-- permission to call Amazon Web Services API operations on your behalf.
+awsEcsTaskDefinitionDetails_taskRoleArn :: Lens.Lens' AwsEcsTaskDefinitionDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionDetails_taskRoleArn = Lens.lens (\AwsEcsTaskDefinitionDetails' {taskRoleArn} -> taskRoleArn) (\s@AwsEcsTaskDefinitionDetails' {} a -> s {taskRoleArn = a} :: AwsEcsTaskDefinitionDetails)
+
+-- | The data volume definitions for the task.
+awsEcsTaskDefinitionDetails_volumes :: Lens.Lens' AwsEcsTaskDefinitionDetails (Prelude.Maybe [AwsEcsTaskDefinitionVolumesDetails])
+awsEcsTaskDefinitionDetails_volumes = Lens.lens (\AwsEcsTaskDefinitionDetails' {volumes} -> volumes) (\s@AwsEcsTaskDefinitionDetails' {} a -> s {volumes = a} :: AwsEcsTaskDefinitionDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsEcsTaskDefinitionDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionDetails'
+            Prelude.<$> ( x
+                            Data..:? "ContainerDefinitions"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Cpu")
+            Prelude.<*> (x Data..:? "ExecutionRoleArn")
+            Prelude.<*> (x Data..:? "Family")
+            Prelude.<*> ( x
+                            Data..:? "InferenceAccelerators"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "IpcMode")
+            Prelude.<*> (x Data..:? "Memory")
+            Prelude.<*> (x Data..:? "NetworkMode")
+            Prelude.<*> (x Data..:? "PidMode")
+            Prelude.<*> ( x
+                            Data..:? "PlacementConstraints"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ProxyConfiguration")
+            Prelude.<*> ( x
+                            Data..:? "RequiresCompatibilities"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "TaskRoleArn")
+            Prelude.<*> (x Data..:? "Volumes" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable AwsEcsTaskDefinitionDetails where
+  hashWithSalt _salt AwsEcsTaskDefinitionDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` containerDefinitions
+      `Prelude.hashWithSalt` cpu
+      `Prelude.hashWithSalt` executionRoleArn
+      `Prelude.hashWithSalt` family
+      `Prelude.hashWithSalt` inferenceAccelerators
+      `Prelude.hashWithSalt` ipcMode
+      `Prelude.hashWithSalt` memory
+      `Prelude.hashWithSalt` networkMode
+      `Prelude.hashWithSalt` pidMode
+      `Prelude.hashWithSalt` placementConstraints
+      `Prelude.hashWithSalt` proxyConfiguration
+      `Prelude.hashWithSalt` requiresCompatibilities
+      `Prelude.hashWithSalt` taskRoleArn
+      `Prelude.hashWithSalt` volumes
+
+instance Prelude.NFData AwsEcsTaskDefinitionDetails where
+  rnf AwsEcsTaskDefinitionDetails' {..} =
+    Prelude.rnf containerDefinitions
+      `Prelude.seq` Prelude.rnf cpu
+      `Prelude.seq` Prelude.rnf executionRoleArn
+      `Prelude.seq` Prelude.rnf family
+      `Prelude.seq` Prelude.rnf inferenceAccelerators
+      `Prelude.seq` Prelude.rnf ipcMode
+      `Prelude.seq` Prelude.rnf memory
+      `Prelude.seq` Prelude.rnf networkMode
+      `Prelude.seq` Prelude.rnf pidMode
+      `Prelude.seq` Prelude.rnf placementConstraints
+      `Prelude.seq` Prelude.rnf proxyConfiguration
+      `Prelude.seq` Prelude.rnf requiresCompatibilities
+      `Prelude.seq` Prelude.rnf taskRoleArn
+      `Prelude.seq` Prelude.rnf volumes
+
+instance Data.ToJSON AwsEcsTaskDefinitionDetails where
+  toJSON AwsEcsTaskDefinitionDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ContainerDefinitions" Data..=)
+              Prelude.<$> containerDefinitions,
+            ("Cpu" Data..=) Prelude.<$> cpu,
+            ("ExecutionRoleArn" Data..=)
+              Prelude.<$> executionRoleArn,
+            ("Family" Data..=) Prelude.<$> family,
+            ("InferenceAccelerators" Data..=)
+              Prelude.<$> inferenceAccelerators,
+            ("IpcMode" Data..=) Prelude.<$> ipcMode,
+            ("Memory" Data..=) Prelude.<$> memory,
+            ("NetworkMode" Data..=) Prelude.<$> networkMode,
+            ("PidMode" Data..=) Prelude.<$> pidMode,
+            ("PlacementConstraints" Data..=)
+              Prelude.<$> placementConstraints,
+            ("ProxyConfiguration" Data..=)
+              Prelude.<$> proxyConfiguration,
+            ("RequiresCompatibilities" Data..=)
+              Prelude.<$> requiresCompatibilities,
+            ("TaskRoleArn" Data..=) Prelude.<$> taskRoleArn,
+            ("Volumes" Data..=) Prelude.<$> volumes
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionInferenceAcceleratorsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionInferenceAcceleratorsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionInferenceAcceleratorsDetails.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionInferenceAcceleratorsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionInferenceAcceleratorsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An Elastic Inference accelerator to use for the containers in the task.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionInferenceAcceleratorsDetails' smart constructor.
+data AwsEcsTaskDefinitionInferenceAcceleratorsDetails = AwsEcsTaskDefinitionInferenceAcceleratorsDetails'
+  { -- | The Elastic Inference accelerator device name.
+    deviceName :: Prelude.Maybe Prelude.Text,
+    -- | The Elastic Inference accelerator type to use.
+    deviceType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionInferenceAcceleratorsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deviceName', 'awsEcsTaskDefinitionInferenceAcceleratorsDetails_deviceName' - The Elastic Inference accelerator device name.
+--
+-- 'deviceType', 'awsEcsTaskDefinitionInferenceAcceleratorsDetails_deviceType' - The Elastic Inference accelerator type to use.
+newAwsEcsTaskDefinitionInferenceAcceleratorsDetails ::
+  AwsEcsTaskDefinitionInferenceAcceleratorsDetails
+newAwsEcsTaskDefinitionInferenceAcceleratorsDetails =
+  AwsEcsTaskDefinitionInferenceAcceleratorsDetails'
+    { deviceName =
+        Prelude.Nothing,
+      deviceType =
+        Prelude.Nothing
+    }
+
+-- | The Elastic Inference accelerator device name.
+awsEcsTaskDefinitionInferenceAcceleratorsDetails_deviceName :: Lens.Lens' AwsEcsTaskDefinitionInferenceAcceleratorsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionInferenceAcceleratorsDetails_deviceName = Lens.lens (\AwsEcsTaskDefinitionInferenceAcceleratorsDetails' {deviceName} -> deviceName) (\s@AwsEcsTaskDefinitionInferenceAcceleratorsDetails' {} a -> s {deviceName = a} :: AwsEcsTaskDefinitionInferenceAcceleratorsDetails)
+
+-- | The Elastic Inference accelerator type to use.
+awsEcsTaskDefinitionInferenceAcceleratorsDetails_deviceType :: Lens.Lens' AwsEcsTaskDefinitionInferenceAcceleratorsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionInferenceAcceleratorsDetails_deviceType = Lens.lens (\AwsEcsTaskDefinitionInferenceAcceleratorsDetails' {deviceType} -> deviceType) (\s@AwsEcsTaskDefinitionInferenceAcceleratorsDetails' {} a -> s {deviceType = a} :: AwsEcsTaskDefinitionInferenceAcceleratorsDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionInferenceAcceleratorsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionInferenceAcceleratorsDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionInferenceAcceleratorsDetails'
+            Prelude.<$> (x Data..:? "DeviceName")
+            Prelude.<*> (x Data..:? "DeviceType")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionInferenceAcceleratorsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionInferenceAcceleratorsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` deviceName
+        `Prelude.hashWithSalt` deviceType
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionInferenceAcceleratorsDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionInferenceAcceleratorsDetails' {..} =
+      Prelude.rnf deviceName
+        `Prelude.seq` Prelude.rnf deviceType
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionInferenceAcceleratorsDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionInferenceAcceleratorsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DeviceName" Data..=) Prelude.<$> deviceName,
+              ("DeviceType" Data..=) Prelude.<$> deviceType
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionPlacementConstraintsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionPlacementConstraintsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionPlacementConstraintsDetails.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionPlacementConstraintsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionPlacementConstraintsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A placement constraint object to use for tasks.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionPlacementConstraintsDetails' smart constructor.
+data AwsEcsTaskDefinitionPlacementConstraintsDetails = AwsEcsTaskDefinitionPlacementConstraintsDetails'
+  { -- | A cluster query language expression to apply to the constraint.
+    expression :: Prelude.Maybe Prelude.Text,
+    -- | The type of constraint.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionPlacementConstraintsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'expression', 'awsEcsTaskDefinitionPlacementConstraintsDetails_expression' - A cluster query language expression to apply to the constraint.
+--
+-- 'type'', 'awsEcsTaskDefinitionPlacementConstraintsDetails_type' - The type of constraint.
+newAwsEcsTaskDefinitionPlacementConstraintsDetails ::
+  AwsEcsTaskDefinitionPlacementConstraintsDetails
+newAwsEcsTaskDefinitionPlacementConstraintsDetails =
+  AwsEcsTaskDefinitionPlacementConstraintsDetails'
+    { expression =
+        Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | A cluster query language expression to apply to the constraint.
+awsEcsTaskDefinitionPlacementConstraintsDetails_expression :: Lens.Lens' AwsEcsTaskDefinitionPlacementConstraintsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionPlacementConstraintsDetails_expression = Lens.lens (\AwsEcsTaskDefinitionPlacementConstraintsDetails' {expression} -> expression) (\s@AwsEcsTaskDefinitionPlacementConstraintsDetails' {} a -> s {expression = a} :: AwsEcsTaskDefinitionPlacementConstraintsDetails)
+
+-- | The type of constraint.
+awsEcsTaskDefinitionPlacementConstraintsDetails_type :: Lens.Lens' AwsEcsTaskDefinitionPlacementConstraintsDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionPlacementConstraintsDetails_type = Lens.lens (\AwsEcsTaskDefinitionPlacementConstraintsDetails' {type'} -> type') (\s@AwsEcsTaskDefinitionPlacementConstraintsDetails' {} a -> s {type' = a} :: AwsEcsTaskDefinitionPlacementConstraintsDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionPlacementConstraintsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionPlacementConstraintsDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionPlacementConstraintsDetails'
+            Prelude.<$> (x Data..:? "Expression")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionPlacementConstraintsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionPlacementConstraintsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` expression
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionPlacementConstraintsDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionPlacementConstraintsDetails' {..} =
+      Prelude.rnf expression
+        `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionPlacementConstraintsDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionPlacementConstraintsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Expression" Data..=) Prelude.<$> expression,
+              ("Type" Data..=) Prelude.<$> type'
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionProxyConfigurationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionProxyConfigurationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionProxyConfigurationDetails.hs
@@ -0,0 +1,132 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionProxyConfigurationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionProxyConfigurationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails
+
+-- | The configuration details for the App Mesh proxy.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionProxyConfigurationDetails' smart constructor.
+data AwsEcsTaskDefinitionProxyConfigurationDetails = AwsEcsTaskDefinitionProxyConfigurationDetails'
+  { -- | The name of the container that will serve as the App Mesh proxy.
+    containerName :: Prelude.Maybe Prelude.Text,
+    -- | The set of network configuration parameters to provide to the Container
+    -- Network Interface (CNI) plugin, specified as key-value pairs.
+    proxyConfigurationProperties :: Prelude.Maybe [AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails],
+    -- | The proxy type.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionProxyConfigurationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'containerName', 'awsEcsTaskDefinitionProxyConfigurationDetails_containerName' - The name of the container that will serve as the App Mesh proxy.
+--
+-- 'proxyConfigurationProperties', 'awsEcsTaskDefinitionProxyConfigurationDetails_proxyConfigurationProperties' - The set of network configuration parameters to provide to the Container
+-- Network Interface (CNI) plugin, specified as key-value pairs.
+--
+-- 'type'', 'awsEcsTaskDefinitionProxyConfigurationDetails_type' - The proxy type.
+newAwsEcsTaskDefinitionProxyConfigurationDetails ::
+  AwsEcsTaskDefinitionProxyConfigurationDetails
+newAwsEcsTaskDefinitionProxyConfigurationDetails =
+  AwsEcsTaskDefinitionProxyConfigurationDetails'
+    { containerName =
+        Prelude.Nothing,
+      proxyConfigurationProperties =
+        Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The name of the container that will serve as the App Mesh proxy.
+awsEcsTaskDefinitionProxyConfigurationDetails_containerName :: Lens.Lens' AwsEcsTaskDefinitionProxyConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionProxyConfigurationDetails_containerName = Lens.lens (\AwsEcsTaskDefinitionProxyConfigurationDetails' {containerName} -> containerName) (\s@AwsEcsTaskDefinitionProxyConfigurationDetails' {} a -> s {containerName = a} :: AwsEcsTaskDefinitionProxyConfigurationDetails)
+
+-- | The set of network configuration parameters to provide to the Container
+-- Network Interface (CNI) plugin, specified as key-value pairs.
+awsEcsTaskDefinitionProxyConfigurationDetails_proxyConfigurationProperties :: Lens.Lens' AwsEcsTaskDefinitionProxyConfigurationDetails (Prelude.Maybe [AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails])
+awsEcsTaskDefinitionProxyConfigurationDetails_proxyConfigurationProperties = Lens.lens (\AwsEcsTaskDefinitionProxyConfigurationDetails' {proxyConfigurationProperties} -> proxyConfigurationProperties) (\s@AwsEcsTaskDefinitionProxyConfigurationDetails' {} a -> s {proxyConfigurationProperties = a} :: AwsEcsTaskDefinitionProxyConfigurationDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The proxy type.
+awsEcsTaskDefinitionProxyConfigurationDetails_type :: Lens.Lens' AwsEcsTaskDefinitionProxyConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionProxyConfigurationDetails_type = Lens.lens (\AwsEcsTaskDefinitionProxyConfigurationDetails' {type'} -> type') (\s@AwsEcsTaskDefinitionProxyConfigurationDetails' {} a -> s {type' = a} :: AwsEcsTaskDefinitionProxyConfigurationDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionProxyConfigurationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionProxyConfigurationDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionProxyConfigurationDetails'
+            Prelude.<$> (x Data..:? "ContainerName")
+            Prelude.<*> ( x
+                            Data..:? "ProxyConfigurationProperties"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionProxyConfigurationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionProxyConfigurationDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` containerName
+        `Prelude.hashWithSalt` proxyConfigurationProperties
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionProxyConfigurationDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionProxyConfigurationDetails' {..} =
+      Prelude.rnf containerName
+        `Prelude.seq` Prelude.rnf proxyConfigurationProperties
+        `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionProxyConfigurationDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionProxyConfigurationDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("ContainerName" Data..=) Prelude.<$> containerName,
+              ("ProxyConfigurationProperties" Data..=)
+                Prelude.<$> proxyConfigurationProperties,
+              ("Type" Data..=) Prelude.<$> type'
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A network configuration parameter to provide to the Container Network
+-- Interface (CNI) plugin.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails' smart constructor.
+data AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails = AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails'
+  { -- | The name of the property.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The value of the property.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'awsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails_name' - The name of the property.
+--
+-- 'value', 'awsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails_value' - The value of the property.
+newAwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails ::
+  AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails
+newAwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails =
+  AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails'
+    { name =
+        Prelude.Nothing,
+      value =
+        Prelude.Nothing
+    }
+
+-- | The name of the property.
+awsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails_name :: Lens.Lens' AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails_name = Lens.lens (\AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails' {name} -> name) (\s@AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails' {} a -> s {name = a} :: AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails)
+
+-- | The value of the property.
+awsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails_value :: Lens.Lens' AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails_value = Lens.lens (\AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails' {value} -> value) (\s@AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails' {} a -> s {value = a} :: AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails'
+            Prelude.<$> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails' {..} =
+      Prelude.rnf name `Prelude.seq` Prelude.rnf value
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Name" Data..=) Prelude.<$> name,
+              ("Value" Data..=) Prelude.<$> value
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionVolumesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionVolumesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionVolumesDetails.hs
@@ -0,0 +1,143 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesHostDetails
+
+-- | A data volume to mount from another container.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionVolumesDetails' smart constructor.
+data AwsEcsTaskDefinitionVolumesDetails = AwsEcsTaskDefinitionVolumesDetails'
+  { -- | Information about a Docker volume.
+    dockerVolumeConfiguration :: Prelude.Maybe AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails,
+    -- | Information about the Amazon Elastic File System file system that is
+    -- used for task storage.
+    efsVolumeConfiguration :: Prelude.Maybe AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails,
+    -- | Information about a bind mount host volume.
+    host :: Prelude.Maybe AwsEcsTaskDefinitionVolumesHostDetails,
+    -- | The name of the data volume.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionVolumesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dockerVolumeConfiguration', 'awsEcsTaskDefinitionVolumesDetails_dockerVolumeConfiguration' - Information about a Docker volume.
+--
+-- 'efsVolumeConfiguration', 'awsEcsTaskDefinitionVolumesDetails_efsVolumeConfiguration' - Information about the Amazon Elastic File System file system that is
+-- used for task storage.
+--
+-- 'host', 'awsEcsTaskDefinitionVolumesDetails_host' - Information about a bind mount host volume.
+--
+-- 'name', 'awsEcsTaskDefinitionVolumesDetails_name' - The name of the data volume.
+newAwsEcsTaskDefinitionVolumesDetails ::
+  AwsEcsTaskDefinitionVolumesDetails
+newAwsEcsTaskDefinitionVolumesDetails =
+  AwsEcsTaskDefinitionVolumesDetails'
+    { dockerVolumeConfiguration =
+        Prelude.Nothing,
+      efsVolumeConfiguration =
+        Prelude.Nothing,
+      host = Prelude.Nothing,
+      name = Prelude.Nothing
+    }
+
+-- | Information about a Docker volume.
+awsEcsTaskDefinitionVolumesDetails_dockerVolumeConfiguration :: Lens.Lens' AwsEcsTaskDefinitionVolumesDetails (Prelude.Maybe AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails)
+awsEcsTaskDefinitionVolumesDetails_dockerVolumeConfiguration = Lens.lens (\AwsEcsTaskDefinitionVolumesDetails' {dockerVolumeConfiguration} -> dockerVolumeConfiguration) (\s@AwsEcsTaskDefinitionVolumesDetails' {} a -> s {dockerVolumeConfiguration = a} :: AwsEcsTaskDefinitionVolumesDetails)
+
+-- | Information about the Amazon Elastic File System file system that is
+-- used for task storage.
+awsEcsTaskDefinitionVolumesDetails_efsVolumeConfiguration :: Lens.Lens' AwsEcsTaskDefinitionVolumesDetails (Prelude.Maybe AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails)
+awsEcsTaskDefinitionVolumesDetails_efsVolumeConfiguration = Lens.lens (\AwsEcsTaskDefinitionVolumesDetails' {efsVolumeConfiguration} -> efsVolumeConfiguration) (\s@AwsEcsTaskDefinitionVolumesDetails' {} a -> s {efsVolumeConfiguration = a} :: AwsEcsTaskDefinitionVolumesDetails)
+
+-- | Information about a bind mount host volume.
+awsEcsTaskDefinitionVolumesDetails_host :: Lens.Lens' AwsEcsTaskDefinitionVolumesDetails (Prelude.Maybe AwsEcsTaskDefinitionVolumesHostDetails)
+awsEcsTaskDefinitionVolumesDetails_host = Lens.lens (\AwsEcsTaskDefinitionVolumesDetails' {host} -> host) (\s@AwsEcsTaskDefinitionVolumesDetails' {} a -> s {host = a} :: AwsEcsTaskDefinitionVolumesDetails)
+
+-- | The name of the data volume.
+awsEcsTaskDefinitionVolumesDetails_name :: Lens.Lens' AwsEcsTaskDefinitionVolumesDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionVolumesDetails_name = Lens.lens (\AwsEcsTaskDefinitionVolumesDetails' {name} -> name) (\s@AwsEcsTaskDefinitionVolumesDetails' {} a -> s {name = a} :: AwsEcsTaskDefinitionVolumesDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionVolumesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionVolumesDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionVolumesDetails'
+            Prelude.<$> (x Data..:? "DockerVolumeConfiguration")
+            Prelude.<*> (x Data..:? "EfsVolumeConfiguration")
+            Prelude.<*> (x Data..:? "Host")
+            Prelude.<*> (x Data..:? "Name")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionVolumesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionVolumesDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` dockerVolumeConfiguration
+        `Prelude.hashWithSalt` efsVolumeConfiguration
+        `Prelude.hashWithSalt` host
+        `Prelude.hashWithSalt` name
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionVolumesDetails
+  where
+  rnf AwsEcsTaskDefinitionVolumesDetails' {..} =
+    Prelude.rnf dockerVolumeConfiguration
+      `Prelude.seq` Prelude.rnf efsVolumeConfiguration
+      `Prelude.seq` Prelude.rnf host
+      `Prelude.seq` Prelude.rnf name
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionVolumesDetails
+  where
+  toJSON AwsEcsTaskDefinitionVolumesDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DockerVolumeConfiguration" Data..=)
+              Prelude.<$> dockerVolumeConfiguration,
+            ("EfsVolumeConfiguration" Data..=)
+              Prelude.<$> efsVolumeConfiguration,
+            ("Host" Data..=) Prelude.<$> host,
+            ("Name" Data..=) Prelude.<$> name
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails.hs
@@ -0,0 +1,168 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about a Docker volume.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails' smart constructor.
+data AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails = AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails'
+  { -- | Whether to create the Docker volume automatically if it does not already
+    -- exist.
+    autoprovision :: Prelude.Maybe Prelude.Bool,
+    -- | The Docker volume driver to use.
+    driver :: Prelude.Maybe Prelude.Text,
+    -- | A map of Docker driver-specific options that are passed through.
+    driverOpts :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | Custom metadata to add to the Docker volume.
+    labels :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The scope for the Docker volume that determines its lifecycle. Docker
+    -- volumes that are scoped to a task are provisioned automatically when the
+    -- task starts and destroyed when the task stops. Docker volumes that are
+    -- shared persist after the task stops. Valid values are @shared@ or
+    -- @task@.
+    scope :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'autoprovision', 'awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_autoprovision' - Whether to create the Docker volume automatically if it does not already
+-- exist.
+--
+-- 'driver', 'awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_driver' - The Docker volume driver to use.
+--
+-- 'driverOpts', 'awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_driverOpts' - A map of Docker driver-specific options that are passed through.
+--
+-- 'labels', 'awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_labels' - Custom metadata to add to the Docker volume.
+--
+-- 'scope', 'awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_scope' - The scope for the Docker volume that determines its lifecycle. Docker
+-- volumes that are scoped to a task are provisioned automatically when the
+-- task starts and destroyed when the task stops. Docker volumes that are
+-- shared persist after the task stops. Valid values are @shared@ or
+-- @task@.
+newAwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails ::
+  AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails
+newAwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails =
+  AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails'
+    { autoprovision =
+        Prelude.Nothing,
+      driver =
+        Prelude.Nothing,
+      driverOpts =
+        Prelude.Nothing,
+      labels =
+        Prelude.Nothing,
+      scope =
+        Prelude.Nothing
+    }
+
+-- | Whether to create the Docker volume automatically if it does not already
+-- exist.
+awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_autoprovision :: Lens.Lens' AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails (Prelude.Maybe Prelude.Bool)
+awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_autoprovision = Lens.lens (\AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails' {autoprovision} -> autoprovision) (\s@AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails' {} a -> s {autoprovision = a} :: AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails)
+
+-- | The Docker volume driver to use.
+awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_driver :: Lens.Lens' AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_driver = Lens.lens (\AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails' {driver} -> driver) (\s@AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails' {} a -> s {driver = a} :: AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails)
+
+-- | A map of Docker driver-specific options that are passed through.
+awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_driverOpts :: Lens.Lens' AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_driverOpts = Lens.lens (\AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails' {driverOpts} -> driverOpts) (\s@AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails' {} a -> s {driverOpts = a} :: AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Custom metadata to add to the Docker volume.
+awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_labels :: Lens.Lens' AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_labels = Lens.lens (\AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails' {labels} -> labels) (\s@AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails' {} a -> s {labels = a} :: AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The scope for the Docker volume that determines its lifecycle. Docker
+-- volumes that are scoped to a task are provisioned automatically when the
+-- task starts and destroyed when the task stops. Docker volumes that are
+-- shared persist after the task stops. Valid values are @shared@ or
+-- @task@.
+awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_scope :: Lens.Lens' AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails_scope = Lens.lens (\AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails' {scope} -> scope) (\s@AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails' {} a -> s {scope = a} :: AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails'
+            Prelude.<$> (x Data..:? "Autoprovision")
+            Prelude.<*> (x Data..:? "Driver")
+            Prelude.<*> (x Data..:? "DriverOpts" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Labels" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Scope")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` autoprovision
+        `Prelude.hashWithSalt` driver
+        `Prelude.hashWithSalt` driverOpts
+        `Prelude.hashWithSalt` labels
+        `Prelude.hashWithSalt` scope
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails' {..} =
+      Prelude.rnf autoprovision
+        `Prelude.seq` Prelude.rnf driver
+        `Prelude.seq` Prelude.rnf driverOpts
+        `Prelude.seq` Prelude.rnf labels
+        `Prelude.seq` Prelude.rnf scope
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Autoprovision" Data..=) Prelude.<$> autoprovision,
+              ("Driver" Data..=) Prelude.<$> driver,
+              ("DriverOpts" Data..=) Prelude.<$> driverOpts,
+              ("Labels" Data..=) Prelude.<$> labels,
+              ("Scope" Data..=) Prelude.<$> scope
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails.hs
@@ -0,0 +1,114 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- |
+--
+-- /See:/ 'newAwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails' smart constructor.
+data AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails = AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails'
+  { -- | The Amazon EFS access point identifier to use.
+    accessPointId :: Prelude.Maybe Prelude.Text,
+    -- | Whether to use the Amazon ECS task IAM role defined in a task definition
+    -- when mounting the Amazon EFS file system.
+    iam :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessPointId', 'awsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails_accessPointId' - The Amazon EFS access point identifier to use.
+--
+-- 'iam', 'awsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails_iam' - Whether to use the Amazon ECS task IAM role defined in a task definition
+-- when mounting the Amazon EFS file system.
+newAwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails ::
+  AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails
+newAwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails =
+  AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails'
+    { accessPointId =
+        Prelude.Nothing,
+      iam =
+        Prelude.Nothing
+    }
+
+-- | The Amazon EFS access point identifier to use.
+awsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails_accessPointId :: Lens.Lens' AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails_accessPointId = Lens.lens (\AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails' {accessPointId} -> accessPointId) (\s@AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails' {} a -> s {accessPointId = a} :: AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails)
+
+-- | Whether to use the Amazon ECS task IAM role defined in a task definition
+-- when mounting the Amazon EFS file system.
+awsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails_iam :: Lens.Lens' AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails_iam = Lens.lens (\AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails' {iam} -> iam) (\s@AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails' {} a -> s {iam = a} :: AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails'
+            Prelude.<$> (x Data..:? "AccessPointId")
+            Prelude.<*> (x Data..:? "Iam")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` accessPointId
+        `Prelude.hashWithSalt` iam
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails' {..} =
+      Prelude.rnf accessPointId
+        `Prelude.seq` Prelude.rnf iam
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AccessPointId" Data..=) Prelude.<$> accessPointId,
+              ("Iam" Data..=) Prelude.<$> iam
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails.hs
@@ -0,0 +1,167 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails
+
+-- | Information about the Amazon Elastic File System file system that is
+-- used for task storage.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails' smart constructor.
+data AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails = AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails'
+  { -- | The authorization configuration details for the Amazon EFS file system.
+    authorizationConfig :: Prelude.Maybe AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails,
+    -- | The Amazon EFS file system identifier to use.
+    filesystemId :: Prelude.Maybe Prelude.Text,
+    -- | The directory within the Amazon EFS file system to mount as the root
+    -- directory inside the host.
+    rootDirectory :: Prelude.Maybe Prelude.Text,
+    -- | Whether to enable encryption for Amazon EFS data in transit between the
+    -- Amazon ECS host and the Amazon EFS server.
+    transitEncryption :: Prelude.Maybe Prelude.Text,
+    -- | The port to use when sending encrypted data between the Amazon ECS host
+    -- and the Amazon EFS server.
+    transitEncryptionPort :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'authorizationConfig', 'awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_authorizationConfig' - The authorization configuration details for the Amazon EFS file system.
+--
+-- 'filesystemId', 'awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_filesystemId' - The Amazon EFS file system identifier to use.
+--
+-- 'rootDirectory', 'awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_rootDirectory' - The directory within the Amazon EFS file system to mount as the root
+-- directory inside the host.
+--
+-- 'transitEncryption', 'awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_transitEncryption' - Whether to enable encryption for Amazon EFS data in transit between the
+-- Amazon ECS host and the Amazon EFS server.
+--
+-- 'transitEncryptionPort', 'awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_transitEncryptionPort' - The port to use when sending encrypted data between the Amazon ECS host
+-- and the Amazon EFS server.
+newAwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails ::
+  AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails
+newAwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails =
+  AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails'
+    { authorizationConfig =
+        Prelude.Nothing,
+      filesystemId =
+        Prelude.Nothing,
+      rootDirectory =
+        Prelude.Nothing,
+      transitEncryption =
+        Prelude.Nothing,
+      transitEncryptionPort =
+        Prelude.Nothing
+    }
+
+-- | The authorization configuration details for the Amazon EFS file system.
+awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_authorizationConfig :: Lens.Lens' AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails (Prelude.Maybe AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails)
+awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_authorizationConfig = Lens.lens (\AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails' {authorizationConfig} -> authorizationConfig) (\s@AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails' {} a -> s {authorizationConfig = a} :: AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails)
+
+-- | The Amazon EFS file system identifier to use.
+awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_filesystemId :: Lens.Lens' AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_filesystemId = Lens.lens (\AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails' {filesystemId} -> filesystemId) (\s@AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails' {} a -> s {filesystemId = a} :: AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails)
+
+-- | The directory within the Amazon EFS file system to mount as the root
+-- directory inside the host.
+awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_rootDirectory :: Lens.Lens' AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_rootDirectory = Lens.lens (\AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails' {rootDirectory} -> rootDirectory) (\s@AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails' {} a -> s {rootDirectory = a} :: AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails)
+
+-- | Whether to enable encryption for Amazon EFS data in transit between the
+-- Amazon ECS host and the Amazon EFS server.
+awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_transitEncryption :: Lens.Lens' AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_transitEncryption = Lens.lens (\AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails' {transitEncryption} -> transitEncryption) (\s@AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails' {} a -> s {transitEncryption = a} :: AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails)
+
+-- | The port to use when sending encrypted data between the Amazon ECS host
+-- and the Amazon EFS server.
+awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_transitEncryptionPort :: Lens.Lens' AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails (Prelude.Maybe Prelude.Int)
+awsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails_transitEncryptionPort = Lens.lens (\AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails' {transitEncryptionPort} -> transitEncryptionPort) (\s@AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails' {} a -> s {transitEncryptionPort = a} :: AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails'
+            Prelude.<$> (x Data..:? "AuthorizationConfig")
+            Prelude.<*> (x Data..:? "FilesystemId")
+            Prelude.<*> (x Data..:? "RootDirectory")
+            Prelude.<*> (x Data..:? "TransitEncryption")
+            Prelude.<*> (x Data..:? "TransitEncryptionPort")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` authorizationConfig
+        `Prelude.hashWithSalt` filesystemId
+        `Prelude.hashWithSalt` rootDirectory
+        `Prelude.hashWithSalt` transitEncryption
+        `Prelude.hashWithSalt` transitEncryptionPort
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails
+  where
+  rnf
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails' {..} =
+      Prelude.rnf authorizationConfig
+        `Prelude.seq` Prelude.rnf filesystemId
+        `Prelude.seq` Prelude.rnf rootDirectory
+        `Prelude.seq` Prelude.rnf transitEncryption
+        `Prelude.seq` Prelude.rnf transitEncryptionPort
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails
+  where
+  toJSON
+    AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AuthorizationConfig" Data..=)
+                Prelude.<$> authorizationConfig,
+              ("FilesystemId" Data..=) Prelude.<$> filesystemId,
+              ("RootDirectory" Data..=) Prelude.<$> rootDirectory,
+              ("TransitEncryption" Data..=)
+                Prelude.<$> transitEncryption,
+              ("TransitEncryptionPort" Data..=)
+                Prelude.<$> transitEncryptionPort
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionVolumesHostDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionVolumesHostDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDefinitionVolumesHostDetails.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesHostDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionVolumesHostDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about a bind mount host volume.
+--
+-- /See:/ 'newAwsEcsTaskDefinitionVolumesHostDetails' smart constructor.
+data AwsEcsTaskDefinitionVolumesHostDetails = AwsEcsTaskDefinitionVolumesHostDetails'
+  { -- | The path on the host container instance that is presented to the
+    -- container.
+    sourcePath :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDefinitionVolumesHostDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'sourcePath', 'awsEcsTaskDefinitionVolumesHostDetails_sourcePath' - The path on the host container instance that is presented to the
+-- container.
+newAwsEcsTaskDefinitionVolumesHostDetails ::
+  AwsEcsTaskDefinitionVolumesHostDetails
+newAwsEcsTaskDefinitionVolumesHostDetails =
+  AwsEcsTaskDefinitionVolumesHostDetails'
+    { sourcePath =
+        Prelude.Nothing
+    }
+
+-- | The path on the host container instance that is presented to the
+-- container.
+awsEcsTaskDefinitionVolumesHostDetails_sourcePath :: Lens.Lens' AwsEcsTaskDefinitionVolumesHostDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDefinitionVolumesHostDetails_sourcePath = Lens.lens (\AwsEcsTaskDefinitionVolumesHostDetails' {sourcePath} -> sourcePath) (\s@AwsEcsTaskDefinitionVolumesHostDetails' {} a -> s {sourcePath = a} :: AwsEcsTaskDefinitionVolumesHostDetails)
+
+instance
+  Data.FromJSON
+    AwsEcsTaskDefinitionVolumesHostDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDefinitionVolumesHostDetails"
+      ( \x ->
+          AwsEcsTaskDefinitionVolumesHostDetails'
+            Prelude.<$> (x Data..:? "SourcePath")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEcsTaskDefinitionVolumesHostDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEcsTaskDefinitionVolumesHostDetails' {..} =
+      _salt `Prelude.hashWithSalt` sourcePath
+
+instance
+  Prelude.NFData
+    AwsEcsTaskDefinitionVolumesHostDetails
+  where
+  rnf AwsEcsTaskDefinitionVolumesHostDetails' {..} =
+    Prelude.rnf sourcePath
+
+instance
+  Data.ToJSON
+    AwsEcsTaskDefinitionVolumesHostDetails
+  where
+  toJSON AwsEcsTaskDefinitionVolumesHostDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("SourcePath" Data..=) Prelude.<$> sourcePath]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskDetails.hs
@@ -0,0 +1,205 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcsContainerDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskVolumeDetails
+
+-- | Provides details about a task in a cluster.
+--
+-- /See:/ 'newAwsEcsTaskDetails' smart constructor.
+data AwsEcsTaskDetails = AwsEcsTaskDetails'
+  { -- | The Amazon Resource Name (ARN) of the cluster that hosts the task.
+    clusterArn :: Prelude.Maybe Prelude.Text,
+    -- | The containers that are associated with the task.
+    containers :: Prelude.Maybe [AwsEcsContainerDetails],
+    -- | The Unix timestamp for the time when the task was created. More
+    -- specifically, it\'s for the time when the task entered the @PENDING@
+    -- state.
+    createdAt :: Prelude.Maybe Prelude.Text,
+    -- | The name of the task group that\'s associated with the task.
+    group' :: Prelude.Maybe Prelude.Text,
+    -- | The Unix timestamp for the time when the task started. More
+    -- specifically, it\'s for the time when the task transitioned from the
+    -- @PENDING@ state to the @RUNNING@ state.
+    startedAt :: Prelude.Maybe Prelude.Text,
+    -- | The tag specified when a task is started. If an Amazon ECS service
+    -- started the task, the @startedBy@ parameter contains the deployment ID
+    -- of that service.
+    startedBy :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the task definition that creates the task.
+    taskDefinitionArn :: Prelude.Maybe Prelude.Text,
+    -- | The version counter for the task.
+    version :: Prelude.Maybe Prelude.Text,
+    -- | Details about the data volume that is used in a task definition.
+    volumes :: Prelude.Maybe [AwsEcsTaskVolumeDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clusterArn', 'awsEcsTaskDetails_clusterArn' - The Amazon Resource Name (ARN) of the cluster that hosts the task.
+--
+-- 'containers', 'awsEcsTaskDetails_containers' - The containers that are associated with the task.
+--
+-- 'createdAt', 'awsEcsTaskDetails_createdAt' - The Unix timestamp for the time when the task was created. More
+-- specifically, it\'s for the time when the task entered the @PENDING@
+-- state.
+--
+-- 'group'', 'awsEcsTaskDetails_group' - The name of the task group that\'s associated with the task.
+--
+-- 'startedAt', 'awsEcsTaskDetails_startedAt' - The Unix timestamp for the time when the task started. More
+-- specifically, it\'s for the time when the task transitioned from the
+-- @PENDING@ state to the @RUNNING@ state.
+--
+-- 'startedBy', 'awsEcsTaskDetails_startedBy' - The tag specified when a task is started. If an Amazon ECS service
+-- started the task, the @startedBy@ parameter contains the deployment ID
+-- of that service.
+--
+-- 'taskDefinitionArn', 'awsEcsTaskDetails_taskDefinitionArn' - The ARN of the task definition that creates the task.
+--
+-- 'version', 'awsEcsTaskDetails_version' - The version counter for the task.
+--
+-- 'volumes', 'awsEcsTaskDetails_volumes' - Details about the data volume that is used in a task definition.
+newAwsEcsTaskDetails ::
+  AwsEcsTaskDetails
+newAwsEcsTaskDetails =
+  AwsEcsTaskDetails'
+    { clusterArn = Prelude.Nothing,
+      containers = Prelude.Nothing,
+      createdAt = Prelude.Nothing,
+      group' = Prelude.Nothing,
+      startedAt = Prelude.Nothing,
+      startedBy = Prelude.Nothing,
+      taskDefinitionArn = Prelude.Nothing,
+      version = Prelude.Nothing,
+      volumes = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the cluster that hosts the task.
+awsEcsTaskDetails_clusterArn :: Lens.Lens' AwsEcsTaskDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDetails_clusterArn = Lens.lens (\AwsEcsTaskDetails' {clusterArn} -> clusterArn) (\s@AwsEcsTaskDetails' {} a -> s {clusterArn = a} :: AwsEcsTaskDetails)
+
+-- | The containers that are associated with the task.
+awsEcsTaskDetails_containers :: Lens.Lens' AwsEcsTaskDetails (Prelude.Maybe [AwsEcsContainerDetails])
+awsEcsTaskDetails_containers = Lens.lens (\AwsEcsTaskDetails' {containers} -> containers) (\s@AwsEcsTaskDetails' {} a -> s {containers = a} :: AwsEcsTaskDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Unix timestamp for the time when the task was created. More
+-- specifically, it\'s for the time when the task entered the @PENDING@
+-- state.
+awsEcsTaskDetails_createdAt :: Lens.Lens' AwsEcsTaskDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDetails_createdAt = Lens.lens (\AwsEcsTaskDetails' {createdAt} -> createdAt) (\s@AwsEcsTaskDetails' {} a -> s {createdAt = a} :: AwsEcsTaskDetails)
+
+-- | The name of the task group that\'s associated with the task.
+awsEcsTaskDetails_group :: Lens.Lens' AwsEcsTaskDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDetails_group = Lens.lens (\AwsEcsTaskDetails' {group'} -> group') (\s@AwsEcsTaskDetails' {} a -> s {group' = a} :: AwsEcsTaskDetails)
+
+-- | The Unix timestamp for the time when the task started. More
+-- specifically, it\'s for the time when the task transitioned from the
+-- @PENDING@ state to the @RUNNING@ state.
+awsEcsTaskDetails_startedAt :: Lens.Lens' AwsEcsTaskDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDetails_startedAt = Lens.lens (\AwsEcsTaskDetails' {startedAt} -> startedAt) (\s@AwsEcsTaskDetails' {} a -> s {startedAt = a} :: AwsEcsTaskDetails)
+
+-- | The tag specified when a task is started. If an Amazon ECS service
+-- started the task, the @startedBy@ parameter contains the deployment ID
+-- of that service.
+awsEcsTaskDetails_startedBy :: Lens.Lens' AwsEcsTaskDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDetails_startedBy = Lens.lens (\AwsEcsTaskDetails' {startedBy} -> startedBy) (\s@AwsEcsTaskDetails' {} a -> s {startedBy = a} :: AwsEcsTaskDetails)
+
+-- | The ARN of the task definition that creates the task.
+awsEcsTaskDetails_taskDefinitionArn :: Lens.Lens' AwsEcsTaskDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDetails_taskDefinitionArn = Lens.lens (\AwsEcsTaskDetails' {taskDefinitionArn} -> taskDefinitionArn) (\s@AwsEcsTaskDetails' {} a -> s {taskDefinitionArn = a} :: AwsEcsTaskDetails)
+
+-- | The version counter for the task.
+awsEcsTaskDetails_version :: Lens.Lens' AwsEcsTaskDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskDetails_version = Lens.lens (\AwsEcsTaskDetails' {version} -> version) (\s@AwsEcsTaskDetails' {} a -> s {version = a} :: AwsEcsTaskDetails)
+
+-- | Details about the data volume that is used in a task definition.
+awsEcsTaskDetails_volumes :: Lens.Lens' AwsEcsTaskDetails (Prelude.Maybe [AwsEcsTaskVolumeDetails])
+awsEcsTaskDetails_volumes = Lens.lens (\AwsEcsTaskDetails' {volumes} -> volumes) (\s@AwsEcsTaskDetails' {} a -> s {volumes = a} :: AwsEcsTaskDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsEcsTaskDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskDetails"
+      ( \x ->
+          AwsEcsTaskDetails'
+            Prelude.<$> (x Data..:? "ClusterArn")
+            Prelude.<*> (x Data..:? "Containers" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "CreatedAt")
+            Prelude.<*> (x Data..:? "Group")
+            Prelude.<*> (x Data..:? "StartedAt")
+            Prelude.<*> (x Data..:? "StartedBy")
+            Prelude.<*> (x Data..:? "TaskDefinitionArn")
+            Prelude.<*> (x Data..:? "Version")
+            Prelude.<*> (x Data..:? "Volumes" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable AwsEcsTaskDetails where
+  hashWithSalt _salt AwsEcsTaskDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` clusterArn
+      `Prelude.hashWithSalt` containers
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` group'
+      `Prelude.hashWithSalt` startedAt
+      `Prelude.hashWithSalt` startedBy
+      `Prelude.hashWithSalt` taskDefinitionArn
+      `Prelude.hashWithSalt` version
+      `Prelude.hashWithSalt` volumes
+
+instance Prelude.NFData AwsEcsTaskDetails where
+  rnf AwsEcsTaskDetails' {..} =
+    Prelude.rnf clusterArn
+      `Prelude.seq` Prelude.rnf containers
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf group'
+      `Prelude.seq` Prelude.rnf startedAt
+      `Prelude.seq` Prelude.rnf startedBy
+      `Prelude.seq` Prelude.rnf taskDefinitionArn
+      `Prelude.seq` Prelude.rnf version
+      `Prelude.seq` Prelude.rnf volumes
+
+instance Data.ToJSON AwsEcsTaskDetails where
+  toJSON AwsEcsTaskDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ClusterArn" Data..=) Prelude.<$> clusterArn,
+            ("Containers" Data..=) Prelude.<$> containers,
+            ("CreatedAt" Data..=) Prelude.<$> createdAt,
+            ("Group" Data..=) Prelude.<$> group',
+            ("StartedAt" Data..=) Prelude.<$> startedAt,
+            ("StartedBy" Data..=) Prelude.<$> startedBy,
+            ("TaskDefinitionArn" Data..=)
+              Prelude.<$> taskDefinitionArn,
+            ("Version" Data..=) Prelude.<$> version,
+            ("Volumes" Data..=) Prelude.<$> volumes
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskVolumeDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskVolumeDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskVolumeDetails.hs
@@ -0,0 +1,106 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskVolumeDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskVolumeDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEcsTaskVolumeHostDetails
+
+-- | Provides information about a data volume that\'s used in a task
+-- definition.
+--
+-- /See:/ 'newAwsEcsTaskVolumeDetails' smart constructor.
+data AwsEcsTaskVolumeDetails = AwsEcsTaskVolumeDetails'
+  { -- | This parameter is specified when you use bind mount host volumes. The
+    -- contents of the @host@ parameter determine whether your bind mount host
+    -- volume persists on the host container instance and where it\'s stored.
+    host :: Prelude.Maybe AwsEcsTaskVolumeHostDetails,
+    -- | The name of the volume. Up to 255 letters (uppercase and lowercase),
+    -- numbers, underscores, and hyphens are allowed. This name is referenced
+    -- in the @sourceVolume@ parameter of container definition @mountPoints@.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskVolumeDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'host', 'awsEcsTaskVolumeDetails_host' - This parameter is specified when you use bind mount host volumes. The
+-- contents of the @host@ parameter determine whether your bind mount host
+-- volume persists on the host container instance and where it\'s stored.
+--
+-- 'name', 'awsEcsTaskVolumeDetails_name' - The name of the volume. Up to 255 letters (uppercase and lowercase),
+-- numbers, underscores, and hyphens are allowed. This name is referenced
+-- in the @sourceVolume@ parameter of container definition @mountPoints@.
+newAwsEcsTaskVolumeDetails ::
+  AwsEcsTaskVolumeDetails
+newAwsEcsTaskVolumeDetails =
+  AwsEcsTaskVolumeDetails'
+    { host = Prelude.Nothing,
+      name = Prelude.Nothing
+    }
+
+-- | This parameter is specified when you use bind mount host volumes. The
+-- contents of the @host@ parameter determine whether your bind mount host
+-- volume persists on the host container instance and where it\'s stored.
+awsEcsTaskVolumeDetails_host :: Lens.Lens' AwsEcsTaskVolumeDetails (Prelude.Maybe AwsEcsTaskVolumeHostDetails)
+awsEcsTaskVolumeDetails_host = Lens.lens (\AwsEcsTaskVolumeDetails' {host} -> host) (\s@AwsEcsTaskVolumeDetails' {} a -> s {host = a} :: AwsEcsTaskVolumeDetails)
+
+-- | The name of the volume. Up to 255 letters (uppercase and lowercase),
+-- numbers, underscores, and hyphens are allowed. This name is referenced
+-- in the @sourceVolume@ parameter of container definition @mountPoints@.
+awsEcsTaskVolumeDetails_name :: Lens.Lens' AwsEcsTaskVolumeDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskVolumeDetails_name = Lens.lens (\AwsEcsTaskVolumeDetails' {name} -> name) (\s@AwsEcsTaskVolumeDetails' {} a -> s {name = a} :: AwsEcsTaskVolumeDetails)
+
+instance Data.FromJSON AwsEcsTaskVolumeDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskVolumeDetails"
+      ( \x ->
+          AwsEcsTaskVolumeDetails'
+            Prelude.<$> (x Data..:? "Host")
+            Prelude.<*> (x Data..:? "Name")
+      )
+
+instance Prelude.Hashable AwsEcsTaskVolumeDetails where
+  hashWithSalt _salt AwsEcsTaskVolumeDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` host
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData AwsEcsTaskVolumeDetails where
+  rnf AwsEcsTaskVolumeDetails' {..} =
+    Prelude.rnf host `Prelude.seq` Prelude.rnf name
+
+instance Data.ToJSON AwsEcsTaskVolumeDetails where
+  toJSON AwsEcsTaskVolumeDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Host" Data..=) Prelude.<$> host,
+            ("Name" Data..=) Prelude.<$> name
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEcsTaskVolumeHostDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskVolumeHostDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEcsTaskVolumeHostDetails.hs
@@ -0,0 +1,82 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEcsTaskVolumeHostDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEcsTaskVolumeHostDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details on a container instance bind mount host volume.
+--
+-- /See:/ 'newAwsEcsTaskVolumeHostDetails' smart constructor.
+data AwsEcsTaskVolumeHostDetails = AwsEcsTaskVolumeHostDetails'
+  { -- | When the @host@ parameter is used, specify a @sourcePath@ to declare the
+    -- path on the host container instance that\'s presented to the container.
+    sourcePath :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEcsTaskVolumeHostDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'sourcePath', 'awsEcsTaskVolumeHostDetails_sourcePath' - When the @host@ parameter is used, specify a @sourcePath@ to declare the
+-- path on the host container instance that\'s presented to the container.
+newAwsEcsTaskVolumeHostDetails ::
+  AwsEcsTaskVolumeHostDetails
+newAwsEcsTaskVolumeHostDetails =
+  AwsEcsTaskVolumeHostDetails'
+    { sourcePath =
+        Prelude.Nothing
+    }
+
+-- | When the @host@ parameter is used, specify a @sourcePath@ to declare the
+-- path on the host container instance that\'s presented to the container.
+awsEcsTaskVolumeHostDetails_sourcePath :: Lens.Lens' AwsEcsTaskVolumeHostDetails (Prelude.Maybe Prelude.Text)
+awsEcsTaskVolumeHostDetails_sourcePath = Lens.lens (\AwsEcsTaskVolumeHostDetails' {sourcePath} -> sourcePath) (\s@AwsEcsTaskVolumeHostDetails' {} a -> s {sourcePath = a} :: AwsEcsTaskVolumeHostDetails)
+
+instance Data.FromJSON AwsEcsTaskVolumeHostDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEcsTaskVolumeHostDetails"
+      ( \x ->
+          AwsEcsTaskVolumeHostDetails'
+            Prelude.<$> (x Data..:? "SourcePath")
+      )
+
+instance Prelude.Hashable AwsEcsTaskVolumeHostDetails where
+  hashWithSalt _salt AwsEcsTaskVolumeHostDetails' {..} =
+    _salt `Prelude.hashWithSalt` sourcePath
+
+instance Prelude.NFData AwsEcsTaskVolumeHostDetails where
+  rnf AwsEcsTaskVolumeHostDetails' {..} =
+    Prelude.rnf sourcePath
+
+instance Data.ToJSON AwsEcsTaskVolumeHostDetails where
+  toJSON AwsEcsTaskVolumeHostDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("SourcePath" Data..=) Prelude.<$> sourcePath]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEfsAccessPointDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEfsAccessPointDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEfsAccessPointDetails.hs
@@ -0,0 +1,160 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEfsAccessPointDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEfsAccessPointDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEfsAccessPointPosixUserDetails
+import Amazonka.SecurityHub.Types.AwsEfsAccessPointRootDirectoryDetails
+
+-- | Provides information about an Amazon EFS access point.
+--
+-- /See:/ 'newAwsEfsAccessPointDetails' smart constructor.
+data AwsEfsAccessPointDetails = AwsEfsAccessPointDetails'
+  { -- | The ID of the Amazon EFS access point.
+    accessPointId :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of the Amazon EFS access point.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The opaque string specified in the request to ensure idempotent
+    -- creation.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the Amazon EFS file system that the access point applies to.
+    fileSystemId :: Prelude.Maybe Prelude.Text,
+    -- | The full POSIX identity, including the user ID, group ID, and secondary
+    -- group IDs on the access point, that is used for all file operations by
+    -- NFS clients using the access point.
+    posixUser :: Prelude.Maybe AwsEfsAccessPointPosixUserDetails,
+    -- | The directory on the Amazon EFS file system that the access point
+    -- exposes as the root directory to NFS clients using the access point.
+    rootDirectory :: Prelude.Maybe AwsEfsAccessPointRootDirectoryDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEfsAccessPointDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessPointId', 'awsEfsAccessPointDetails_accessPointId' - The ID of the Amazon EFS access point.
+--
+-- 'arn', 'awsEfsAccessPointDetails_arn' - The Amazon Resource Name (ARN) of the Amazon EFS access point.
+--
+-- 'clientToken', 'awsEfsAccessPointDetails_clientToken' - The opaque string specified in the request to ensure idempotent
+-- creation.
+--
+-- 'fileSystemId', 'awsEfsAccessPointDetails_fileSystemId' - The ID of the Amazon EFS file system that the access point applies to.
+--
+-- 'posixUser', 'awsEfsAccessPointDetails_posixUser' - The full POSIX identity, including the user ID, group ID, and secondary
+-- group IDs on the access point, that is used for all file operations by
+-- NFS clients using the access point.
+--
+-- 'rootDirectory', 'awsEfsAccessPointDetails_rootDirectory' - The directory on the Amazon EFS file system that the access point
+-- exposes as the root directory to NFS clients using the access point.
+newAwsEfsAccessPointDetails ::
+  AwsEfsAccessPointDetails
+newAwsEfsAccessPointDetails =
+  AwsEfsAccessPointDetails'
+    { accessPointId =
+        Prelude.Nothing,
+      arn = Prelude.Nothing,
+      clientToken = Prelude.Nothing,
+      fileSystemId = Prelude.Nothing,
+      posixUser = Prelude.Nothing,
+      rootDirectory = Prelude.Nothing
+    }
+
+-- | The ID of the Amazon EFS access point.
+awsEfsAccessPointDetails_accessPointId :: Lens.Lens' AwsEfsAccessPointDetails (Prelude.Maybe Prelude.Text)
+awsEfsAccessPointDetails_accessPointId = Lens.lens (\AwsEfsAccessPointDetails' {accessPointId} -> accessPointId) (\s@AwsEfsAccessPointDetails' {} a -> s {accessPointId = a} :: AwsEfsAccessPointDetails)
+
+-- | The Amazon Resource Name (ARN) of the Amazon EFS access point.
+awsEfsAccessPointDetails_arn :: Lens.Lens' AwsEfsAccessPointDetails (Prelude.Maybe Prelude.Text)
+awsEfsAccessPointDetails_arn = Lens.lens (\AwsEfsAccessPointDetails' {arn} -> arn) (\s@AwsEfsAccessPointDetails' {} a -> s {arn = a} :: AwsEfsAccessPointDetails)
+
+-- | The opaque string specified in the request to ensure idempotent
+-- creation.
+awsEfsAccessPointDetails_clientToken :: Lens.Lens' AwsEfsAccessPointDetails (Prelude.Maybe Prelude.Text)
+awsEfsAccessPointDetails_clientToken = Lens.lens (\AwsEfsAccessPointDetails' {clientToken} -> clientToken) (\s@AwsEfsAccessPointDetails' {} a -> s {clientToken = a} :: AwsEfsAccessPointDetails)
+
+-- | The ID of the Amazon EFS file system that the access point applies to.
+awsEfsAccessPointDetails_fileSystemId :: Lens.Lens' AwsEfsAccessPointDetails (Prelude.Maybe Prelude.Text)
+awsEfsAccessPointDetails_fileSystemId = Lens.lens (\AwsEfsAccessPointDetails' {fileSystemId} -> fileSystemId) (\s@AwsEfsAccessPointDetails' {} a -> s {fileSystemId = a} :: AwsEfsAccessPointDetails)
+
+-- | The full POSIX identity, including the user ID, group ID, and secondary
+-- group IDs on the access point, that is used for all file operations by
+-- NFS clients using the access point.
+awsEfsAccessPointDetails_posixUser :: Lens.Lens' AwsEfsAccessPointDetails (Prelude.Maybe AwsEfsAccessPointPosixUserDetails)
+awsEfsAccessPointDetails_posixUser = Lens.lens (\AwsEfsAccessPointDetails' {posixUser} -> posixUser) (\s@AwsEfsAccessPointDetails' {} a -> s {posixUser = a} :: AwsEfsAccessPointDetails)
+
+-- | The directory on the Amazon EFS file system that the access point
+-- exposes as the root directory to NFS clients using the access point.
+awsEfsAccessPointDetails_rootDirectory :: Lens.Lens' AwsEfsAccessPointDetails (Prelude.Maybe AwsEfsAccessPointRootDirectoryDetails)
+awsEfsAccessPointDetails_rootDirectory = Lens.lens (\AwsEfsAccessPointDetails' {rootDirectory} -> rootDirectory) (\s@AwsEfsAccessPointDetails' {} a -> s {rootDirectory = a} :: AwsEfsAccessPointDetails)
+
+instance Data.FromJSON AwsEfsAccessPointDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEfsAccessPointDetails"
+      ( \x ->
+          AwsEfsAccessPointDetails'
+            Prelude.<$> (x Data..:? "AccessPointId")
+            Prelude.<*> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "ClientToken")
+            Prelude.<*> (x Data..:? "FileSystemId")
+            Prelude.<*> (x Data..:? "PosixUser")
+            Prelude.<*> (x Data..:? "RootDirectory")
+      )
+
+instance Prelude.Hashable AwsEfsAccessPointDetails where
+  hashWithSalt _salt AwsEfsAccessPointDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` accessPointId
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` fileSystemId
+      `Prelude.hashWithSalt` posixUser
+      `Prelude.hashWithSalt` rootDirectory
+
+instance Prelude.NFData AwsEfsAccessPointDetails where
+  rnf AwsEfsAccessPointDetails' {..} =
+    Prelude.rnf accessPointId
+      `Prelude.seq` Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf fileSystemId
+      `Prelude.seq` Prelude.rnf posixUser
+      `Prelude.seq` Prelude.rnf rootDirectory
+
+instance Data.ToJSON AwsEfsAccessPointDetails where
+  toJSON AwsEfsAccessPointDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AccessPointId" Data..=) Prelude.<$> accessPointId,
+            ("Arn" Data..=) Prelude.<$> arn,
+            ("ClientToken" Data..=) Prelude.<$> clientToken,
+            ("FileSystemId" Data..=) Prelude.<$> fileSystemId,
+            ("PosixUser" Data..=) Prelude.<$> posixUser,
+            ("RootDirectory" Data..=) Prelude.<$> rootDirectory
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEfsAccessPointPosixUserDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEfsAccessPointPosixUserDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEfsAccessPointPosixUserDetails.hs
@@ -0,0 +1,131 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEfsAccessPointPosixUserDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEfsAccessPointPosixUserDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details for all file system operations using this Amazon EFS
+-- access point.
+--
+-- /See:/ 'newAwsEfsAccessPointPosixUserDetails' smart constructor.
+data AwsEfsAccessPointPosixUserDetails = AwsEfsAccessPointPosixUserDetails'
+  { -- | The POSIX group ID used for all file system operations using this access
+    -- point.
+    gid :: Prelude.Maybe Prelude.Text,
+    -- | Secondary POSIX group IDs used for all file system operations using this
+    -- access point.
+    secondaryGids :: Prelude.Maybe [Prelude.Text],
+    -- | The POSIX user ID used for all file system operations using this access
+    -- point.
+    uid :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEfsAccessPointPosixUserDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'gid', 'awsEfsAccessPointPosixUserDetails_gid' - The POSIX group ID used for all file system operations using this access
+-- point.
+--
+-- 'secondaryGids', 'awsEfsAccessPointPosixUserDetails_secondaryGids' - Secondary POSIX group IDs used for all file system operations using this
+-- access point.
+--
+-- 'uid', 'awsEfsAccessPointPosixUserDetails_uid' - The POSIX user ID used for all file system operations using this access
+-- point.
+newAwsEfsAccessPointPosixUserDetails ::
+  AwsEfsAccessPointPosixUserDetails
+newAwsEfsAccessPointPosixUserDetails =
+  AwsEfsAccessPointPosixUserDetails'
+    { gid =
+        Prelude.Nothing,
+      secondaryGids = Prelude.Nothing,
+      uid = Prelude.Nothing
+    }
+
+-- | The POSIX group ID used for all file system operations using this access
+-- point.
+awsEfsAccessPointPosixUserDetails_gid :: Lens.Lens' AwsEfsAccessPointPosixUserDetails (Prelude.Maybe Prelude.Text)
+awsEfsAccessPointPosixUserDetails_gid = Lens.lens (\AwsEfsAccessPointPosixUserDetails' {gid} -> gid) (\s@AwsEfsAccessPointPosixUserDetails' {} a -> s {gid = a} :: AwsEfsAccessPointPosixUserDetails)
+
+-- | Secondary POSIX group IDs used for all file system operations using this
+-- access point.
+awsEfsAccessPointPosixUserDetails_secondaryGids :: Lens.Lens' AwsEfsAccessPointPosixUserDetails (Prelude.Maybe [Prelude.Text])
+awsEfsAccessPointPosixUserDetails_secondaryGids = Lens.lens (\AwsEfsAccessPointPosixUserDetails' {secondaryGids} -> secondaryGids) (\s@AwsEfsAccessPointPosixUserDetails' {} a -> s {secondaryGids = a} :: AwsEfsAccessPointPosixUserDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The POSIX user ID used for all file system operations using this access
+-- point.
+awsEfsAccessPointPosixUserDetails_uid :: Lens.Lens' AwsEfsAccessPointPosixUserDetails (Prelude.Maybe Prelude.Text)
+awsEfsAccessPointPosixUserDetails_uid = Lens.lens (\AwsEfsAccessPointPosixUserDetails' {uid} -> uid) (\s@AwsEfsAccessPointPosixUserDetails' {} a -> s {uid = a} :: AwsEfsAccessPointPosixUserDetails)
+
+instance
+  Data.FromJSON
+    AwsEfsAccessPointPosixUserDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEfsAccessPointPosixUserDetails"
+      ( \x ->
+          AwsEfsAccessPointPosixUserDetails'
+            Prelude.<$> (x Data..:? "Gid")
+            Prelude.<*> (x Data..:? "SecondaryGids" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Uid")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEfsAccessPointPosixUserDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEfsAccessPointPosixUserDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` gid
+        `Prelude.hashWithSalt` secondaryGids
+        `Prelude.hashWithSalt` uid
+
+instance
+  Prelude.NFData
+    AwsEfsAccessPointPosixUserDetails
+  where
+  rnf AwsEfsAccessPointPosixUserDetails' {..} =
+    Prelude.rnf gid
+      `Prelude.seq` Prelude.rnf secondaryGids
+      `Prelude.seq` Prelude.rnf uid
+
+instance
+  Data.ToJSON
+    AwsEfsAccessPointPosixUserDetails
+  where
+  toJSON AwsEfsAccessPointPosixUserDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Gid" Data..=) Prelude.<$> gid,
+            ("SecondaryGids" Data..=) Prelude.<$> secondaryGids,
+            ("Uid" Data..=) Prelude.<$> uid
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEfsAccessPointRootDirectoryCreationInfoDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEfsAccessPointRootDirectoryCreationInfoDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEfsAccessPointRootDirectoryCreationInfoDetails.hs
@@ -0,0 +1,129 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEfsAccessPointRootDirectoryCreationInfoDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEfsAccessPointRootDirectoryCreationInfoDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about the settings that Amazon EFS uses to create
+-- the root directory when a client connects to an access point.
+--
+-- /See:/ 'newAwsEfsAccessPointRootDirectoryCreationInfoDetails' smart constructor.
+data AwsEfsAccessPointRootDirectoryCreationInfoDetails = AwsEfsAccessPointRootDirectoryCreationInfoDetails'
+  { -- | Specifies the POSIX group ID to apply to the root directory.
+    ownerGid :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the POSIX user ID to apply to the root directory.
+    ownerUid :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the POSIX permissions to apply to the root directory, in the
+    -- format of an octal number representing the file\'s mode bits.
+    permissions :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEfsAccessPointRootDirectoryCreationInfoDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ownerGid', 'awsEfsAccessPointRootDirectoryCreationInfoDetails_ownerGid' - Specifies the POSIX group ID to apply to the root directory.
+--
+-- 'ownerUid', 'awsEfsAccessPointRootDirectoryCreationInfoDetails_ownerUid' - Specifies the POSIX user ID to apply to the root directory.
+--
+-- 'permissions', 'awsEfsAccessPointRootDirectoryCreationInfoDetails_permissions' - Specifies the POSIX permissions to apply to the root directory, in the
+-- format of an octal number representing the file\'s mode bits.
+newAwsEfsAccessPointRootDirectoryCreationInfoDetails ::
+  AwsEfsAccessPointRootDirectoryCreationInfoDetails
+newAwsEfsAccessPointRootDirectoryCreationInfoDetails =
+  AwsEfsAccessPointRootDirectoryCreationInfoDetails'
+    { ownerGid =
+        Prelude.Nothing,
+      ownerUid =
+        Prelude.Nothing,
+      permissions =
+        Prelude.Nothing
+    }
+
+-- | Specifies the POSIX group ID to apply to the root directory.
+awsEfsAccessPointRootDirectoryCreationInfoDetails_ownerGid :: Lens.Lens' AwsEfsAccessPointRootDirectoryCreationInfoDetails (Prelude.Maybe Prelude.Text)
+awsEfsAccessPointRootDirectoryCreationInfoDetails_ownerGid = Lens.lens (\AwsEfsAccessPointRootDirectoryCreationInfoDetails' {ownerGid} -> ownerGid) (\s@AwsEfsAccessPointRootDirectoryCreationInfoDetails' {} a -> s {ownerGid = a} :: AwsEfsAccessPointRootDirectoryCreationInfoDetails)
+
+-- | Specifies the POSIX user ID to apply to the root directory.
+awsEfsAccessPointRootDirectoryCreationInfoDetails_ownerUid :: Lens.Lens' AwsEfsAccessPointRootDirectoryCreationInfoDetails (Prelude.Maybe Prelude.Text)
+awsEfsAccessPointRootDirectoryCreationInfoDetails_ownerUid = Lens.lens (\AwsEfsAccessPointRootDirectoryCreationInfoDetails' {ownerUid} -> ownerUid) (\s@AwsEfsAccessPointRootDirectoryCreationInfoDetails' {} a -> s {ownerUid = a} :: AwsEfsAccessPointRootDirectoryCreationInfoDetails)
+
+-- | Specifies the POSIX permissions to apply to the root directory, in the
+-- format of an octal number representing the file\'s mode bits.
+awsEfsAccessPointRootDirectoryCreationInfoDetails_permissions :: Lens.Lens' AwsEfsAccessPointRootDirectoryCreationInfoDetails (Prelude.Maybe Prelude.Text)
+awsEfsAccessPointRootDirectoryCreationInfoDetails_permissions = Lens.lens (\AwsEfsAccessPointRootDirectoryCreationInfoDetails' {permissions} -> permissions) (\s@AwsEfsAccessPointRootDirectoryCreationInfoDetails' {} a -> s {permissions = a} :: AwsEfsAccessPointRootDirectoryCreationInfoDetails)
+
+instance
+  Data.FromJSON
+    AwsEfsAccessPointRootDirectoryCreationInfoDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEfsAccessPointRootDirectoryCreationInfoDetails"
+      ( \x ->
+          AwsEfsAccessPointRootDirectoryCreationInfoDetails'
+            Prelude.<$> (x Data..:? "OwnerGid")
+            Prelude.<*> (x Data..:? "OwnerUid")
+            Prelude.<*> (x Data..:? "Permissions")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEfsAccessPointRootDirectoryCreationInfoDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEfsAccessPointRootDirectoryCreationInfoDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` ownerGid
+        `Prelude.hashWithSalt` ownerUid
+        `Prelude.hashWithSalt` permissions
+
+instance
+  Prelude.NFData
+    AwsEfsAccessPointRootDirectoryCreationInfoDetails
+  where
+  rnf
+    AwsEfsAccessPointRootDirectoryCreationInfoDetails' {..} =
+      Prelude.rnf ownerGid
+        `Prelude.seq` Prelude.rnf ownerUid
+        `Prelude.seq` Prelude.rnf permissions
+
+instance
+  Data.ToJSON
+    AwsEfsAccessPointRootDirectoryCreationInfoDetails
+  where
+  toJSON
+    AwsEfsAccessPointRootDirectoryCreationInfoDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("OwnerGid" Data..=) Prelude.<$> ownerGid,
+              ("OwnerUid" Data..=) Prelude.<$> ownerUid,
+              ("Permissions" Data..=) Prelude.<$> permissions
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEfsAccessPointRootDirectoryDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEfsAccessPointRootDirectoryDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEfsAccessPointRootDirectoryDetails.hs
@@ -0,0 +1,123 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEfsAccessPointRootDirectoryDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEfsAccessPointRootDirectoryDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEfsAccessPointRootDirectoryCreationInfoDetails
+
+-- | Provides information about the directory on the Amazon EFS file system
+-- that the access point exposes as the root directory to NFS clients using
+-- the access point.
+--
+-- /See:/ 'newAwsEfsAccessPointRootDirectoryDetails' smart constructor.
+data AwsEfsAccessPointRootDirectoryDetails = AwsEfsAccessPointRootDirectoryDetails'
+  { -- | Specifies the POSIX IDs and permissions to apply to the access point\'s
+    -- root directory.
+    creationInfo :: Prelude.Maybe AwsEfsAccessPointRootDirectoryCreationInfoDetails,
+    -- | Specifies the path on the Amazon EFS file system to expose as the root
+    -- directory to NFS clients using the access point to access the EFS file
+    -- system. A path can have up to four subdirectories. If the specified path
+    -- does not exist, you are required to provide @CreationInfo@.
+    path :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEfsAccessPointRootDirectoryDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'creationInfo', 'awsEfsAccessPointRootDirectoryDetails_creationInfo' - Specifies the POSIX IDs and permissions to apply to the access point\'s
+-- root directory.
+--
+-- 'path', 'awsEfsAccessPointRootDirectoryDetails_path' - Specifies the path on the Amazon EFS file system to expose as the root
+-- directory to NFS clients using the access point to access the EFS file
+-- system. A path can have up to four subdirectories. If the specified path
+-- does not exist, you are required to provide @CreationInfo@.
+newAwsEfsAccessPointRootDirectoryDetails ::
+  AwsEfsAccessPointRootDirectoryDetails
+newAwsEfsAccessPointRootDirectoryDetails =
+  AwsEfsAccessPointRootDirectoryDetails'
+    { creationInfo =
+        Prelude.Nothing,
+      path = Prelude.Nothing
+    }
+
+-- | Specifies the POSIX IDs and permissions to apply to the access point\'s
+-- root directory.
+awsEfsAccessPointRootDirectoryDetails_creationInfo :: Lens.Lens' AwsEfsAccessPointRootDirectoryDetails (Prelude.Maybe AwsEfsAccessPointRootDirectoryCreationInfoDetails)
+awsEfsAccessPointRootDirectoryDetails_creationInfo = Lens.lens (\AwsEfsAccessPointRootDirectoryDetails' {creationInfo} -> creationInfo) (\s@AwsEfsAccessPointRootDirectoryDetails' {} a -> s {creationInfo = a} :: AwsEfsAccessPointRootDirectoryDetails)
+
+-- | Specifies the path on the Amazon EFS file system to expose as the root
+-- directory to NFS clients using the access point to access the EFS file
+-- system. A path can have up to four subdirectories. If the specified path
+-- does not exist, you are required to provide @CreationInfo@.
+awsEfsAccessPointRootDirectoryDetails_path :: Lens.Lens' AwsEfsAccessPointRootDirectoryDetails (Prelude.Maybe Prelude.Text)
+awsEfsAccessPointRootDirectoryDetails_path = Lens.lens (\AwsEfsAccessPointRootDirectoryDetails' {path} -> path) (\s@AwsEfsAccessPointRootDirectoryDetails' {} a -> s {path = a} :: AwsEfsAccessPointRootDirectoryDetails)
+
+instance
+  Data.FromJSON
+    AwsEfsAccessPointRootDirectoryDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEfsAccessPointRootDirectoryDetails"
+      ( \x ->
+          AwsEfsAccessPointRootDirectoryDetails'
+            Prelude.<$> (x Data..:? "CreationInfo")
+            Prelude.<*> (x Data..:? "Path")
+      )
+
+instance
+  Prelude.Hashable
+    AwsEfsAccessPointRootDirectoryDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEfsAccessPointRootDirectoryDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` creationInfo
+        `Prelude.hashWithSalt` path
+
+instance
+  Prelude.NFData
+    AwsEfsAccessPointRootDirectoryDetails
+  where
+  rnf AwsEfsAccessPointRootDirectoryDetails' {..} =
+    Prelude.rnf creationInfo
+      `Prelude.seq` Prelude.rnf path
+
+instance
+  Data.ToJSON
+    AwsEfsAccessPointRootDirectoryDetails
+  where
+  toJSON AwsEfsAccessPointRootDirectoryDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CreationInfo" Data..=) Prelude.<$> creationInfo,
+            ("Path" Data..=) Prelude.<$> path
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEksClusterDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEksClusterDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEksClusterDetails.hs
@@ -0,0 +1,230 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEksClusterDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEksClusterDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEksClusterLoggingDetails
+import Amazonka.SecurityHub.Types.AwsEksClusterResourcesVpcConfigDetails
+
+-- | Provides details about an Amazon EKS cluster.
+--
+-- /See:/ 'newAwsEksClusterDetails' smart constructor.
+data AwsEksClusterDetails = AwsEksClusterDetails'
+  { -- | The ARN of the cluster.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The certificate authority data for the cluster.
+    certificateAuthorityData :: Prelude.Maybe Prelude.Text,
+    -- | The status of the cluster. Valid values are as follows:
+    --
+    -- -   @ACTIVE@
+    --
+    -- -   @CREATING@
+    --
+    -- -   @DELETING@
+    --
+    -- -   @FAILED@
+    --
+    -- -   @PENDING@
+    --
+    -- -   @UPDATING@
+    clusterStatus :: Prelude.Maybe Prelude.Text,
+    -- | The endpoint for the Amazon EKS API server.
+    endpoint :: Prelude.Maybe Prelude.Text,
+    -- | The logging configuration for the cluster.
+    logging :: Prelude.Maybe AwsEksClusterLoggingDetails,
+    -- | The name of the cluster.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The VPC configuration used by the cluster control plane.
+    resourcesVpcConfig :: Prelude.Maybe AwsEksClusterResourcesVpcConfigDetails,
+    -- | The ARN of the IAM role that provides permissions for the Amazon EKS
+    -- control plane to make calls to Amazon Web Services API operations on
+    -- your behalf.
+    roleArn :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon EKS server version for the cluster.
+    version :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEksClusterDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'awsEksClusterDetails_arn' - The ARN of the cluster.
+--
+-- 'certificateAuthorityData', 'awsEksClusterDetails_certificateAuthorityData' - The certificate authority data for the cluster.
+--
+-- 'clusterStatus', 'awsEksClusterDetails_clusterStatus' - The status of the cluster. Valid values are as follows:
+--
+-- -   @ACTIVE@
+--
+-- -   @CREATING@
+--
+-- -   @DELETING@
+--
+-- -   @FAILED@
+--
+-- -   @PENDING@
+--
+-- -   @UPDATING@
+--
+-- 'endpoint', 'awsEksClusterDetails_endpoint' - The endpoint for the Amazon EKS API server.
+--
+-- 'logging', 'awsEksClusterDetails_logging' - The logging configuration for the cluster.
+--
+-- 'name', 'awsEksClusterDetails_name' - The name of the cluster.
+--
+-- 'resourcesVpcConfig', 'awsEksClusterDetails_resourcesVpcConfig' - The VPC configuration used by the cluster control plane.
+--
+-- 'roleArn', 'awsEksClusterDetails_roleArn' - The ARN of the IAM role that provides permissions for the Amazon EKS
+-- control plane to make calls to Amazon Web Services API operations on
+-- your behalf.
+--
+-- 'version', 'awsEksClusterDetails_version' - The Amazon EKS server version for the cluster.
+newAwsEksClusterDetails ::
+  AwsEksClusterDetails
+newAwsEksClusterDetails =
+  AwsEksClusterDetails'
+    { arn = Prelude.Nothing,
+      certificateAuthorityData = Prelude.Nothing,
+      clusterStatus = Prelude.Nothing,
+      endpoint = Prelude.Nothing,
+      logging = Prelude.Nothing,
+      name = Prelude.Nothing,
+      resourcesVpcConfig = Prelude.Nothing,
+      roleArn = Prelude.Nothing,
+      version = Prelude.Nothing
+    }
+
+-- | The ARN of the cluster.
+awsEksClusterDetails_arn :: Lens.Lens' AwsEksClusterDetails (Prelude.Maybe Prelude.Text)
+awsEksClusterDetails_arn = Lens.lens (\AwsEksClusterDetails' {arn} -> arn) (\s@AwsEksClusterDetails' {} a -> s {arn = a} :: AwsEksClusterDetails)
+
+-- | The certificate authority data for the cluster.
+awsEksClusterDetails_certificateAuthorityData :: Lens.Lens' AwsEksClusterDetails (Prelude.Maybe Prelude.Text)
+awsEksClusterDetails_certificateAuthorityData = Lens.lens (\AwsEksClusterDetails' {certificateAuthorityData} -> certificateAuthorityData) (\s@AwsEksClusterDetails' {} a -> s {certificateAuthorityData = a} :: AwsEksClusterDetails)
+
+-- | The status of the cluster. Valid values are as follows:
+--
+-- -   @ACTIVE@
+--
+-- -   @CREATING@
+--
+-- -   @DELETING@
+--
+-- -   @FAILED@
+--
+-- -   @PENDING@
+--
+-- -   @UPDATING@
+awsEksClusterDetails_clusterStatus :: Lens.Lens' AwsEksClusterDetails (Prelude.Maybe Prelude.Text)
+awsEksClusterDetails_clusterStatus = Lens.lens (\AwsEksClusterDetails' {clusterStatus} -> clusterStatus) (\s@AwsEksClusterDetails' {} a -> s {clusterStatus = a} :: AwsEksClusterDetails)
+
+-- | The endpoint for the Amazon EKS API server.
+awsEksClusterDetails_endpoint :: Lens.Lens' AwsEksClusterDetails (Prelude.Maybe Prelude.Text)
+awsEksClusterDetails_endpoint = Lens.lens (\AwsEksClusterDetails' {endpoint} -> endpoint) (\s@AwsEksClusterDetails' {} a -> s {endpoint = a} :: AwsEksClusterDetails)
+
+-- | The logging configuration for the cluster.
+awsEksClusterDetails_logging :: Lens.Lens' AwsEksClusterDetails (Prelude.Maybe AwsEksClusterLoggingDetails)
+awsEksClusterDetails_logging = Lens.lens (\AwsEksClusterDetails' {logging} -> logging) (\s@AwsEksClusterDetails' {} a -> s {logging = a} :: AwsEksClusterDetails)
+
+-- | The name of the cluster.
+awsEksClusterDetails_name :: Lens.Lens' AwsEksClusterDetails (Prelude.Maybe Prelude.Text)
+awsEksClusterDetails_name = Lens.lens (\AwsEksClusterDetails' {name} -> name) (\s@AwsEksClusterDetails' {} a -> s {name = a} :: AwsEksClusterDetails)
+
+-- | The VPC configuration used by the cluster control plane.
+awsEksClusterDetails_resourcesVpcConfig :: Lens.Lens' AwsEksClusterDetails (Prelude.Maybe AwsEksClusterResourcesVpcConfigDetails)
+awsEksClusterDetails_resourcesVpcConfig = Lens.lens (\AwsEksClusterDetails' {resourcesVpcConfig} -> resourcesVpcConfig) (\s@AwsEksClusterDetails' {} a -> s {resourcesVpcConfig = a} :: AwsEksClusterDetails)
+
+-- | The ARN of the IAM role that provides permissions for the Amazon EKS
+-- control plane to make calls to Amazon Web Services API operations on
+-- your behalf.
+awsEksClusterDetails_roleArn :: Lens.Lens' AwsEksClusterDetails (Prelude.Maybe Prelude.Text)
+awsEksClusterDetails_roleArn = Lens.lens (\AwsEksClusterDetails' {roleArn} -> roleArn) (\s@AwsEksClusterDetails' {} a -> s {roleArn = a} :: AwsEksClusterDetails)
+
+-- | The Amazon EKS server version for the cluster.
+awsEksClusterDetails_version :: Lens.Lens' AwsEksClusterDetails (Prelude.Maybe Prelude.Text)
+awsEksClusterDetails_version = Lens.lens (\AwsEksClusterDetails' {version} -> version) (\s@AwsEksClusterDetails' {} a -> s {version = a} :: AwsEksClusterDetails)
+
+instance Data.FromJSON AwsEksClusterDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEksClusterDetails"
+      ( \x ->
+          AwsEksClusterDetails'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "CertificateAuthorityData")
+            Prelude.<*> (x Data..:? "ClusterStatus")
+            Prelude.<*> (x Data..:? "Endpoint")
+            Prelude.<*> (x Data..:? "Logging")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "ResourcesVpcConfig")
+            Prelude.<*> (x Data..:? "RoleArn")
+            Prelude.<*> (x Data..:? "Version")
+      )
+
+instance Prelude.Hashable AwsEksClusterDetails where
+  hashWithSalt _salt AwsEksClusterDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` certificateAuthorityData
+      `Prelude.hashWithSalt` clusterStatus
+      `Prelude.hashWithSalt` endpoint
+      `Prelude.hashWithSalt` logging
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` resourcesVpcConfig
+      `Prelude.hashWithSalt` roleArn
+      `Prelude.hashWithSalt` version
+
+instance Prelude.NFData AwsEksClusterDetails where
+  rnf AwsEksClusterDetails' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf certificateAuthorityData
+      `Prelude.seq` Prelude.rnf clusterStatus
+      `Prelude.seq` Prelude.rnf endpoint
+      `Prelude.seq` Prelude.rnf logging
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf resourcesVpcConfig
+      `Prelude.seq` Prelude.rnf roleArn
+      `Prelude.seq` Prelude.rnf version
+
+instance Data.ToJSON AwsEksClusterDetails where
+  toJSON AwsEksClusterDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Arn" Data..=) Prelude.<$> arn,
+            ("CertificateAuthorityData" Data..=)
+              Prelude.<$> certificateAuthorityData,
+            ("ClusterStatus" Data..=) Prelude.<$> clusterStatus,
+            ("Endpoint" Data..=) Prelude.<$> endpoint,
+            ("Logging" Data..=) Prelude.<$> logging,
+            ("Name" Data..=) Prelude.<$> name,
+            ("ResourcesVpcConfig" Data..=)
+              Prelude.<$> resourcesVpcConfig,
+            ("RoleArn" Data..=) Prelude.<$> roleArn,
+            ("Version" Data..=) Prelude.<$> version
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEksClusterLoggingClusterLoggingDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEksClusterLoggingClusterLoggingDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEksClusterLoggingClusterLoggingDetails.hs
@@ -0,0 +1,137 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEksClusterLoggingClusterLoggingDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEksClusterLoggingClusterLoggingDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details for a cluster logging configuration.
+--
+-- /See:/ 'newAwsEksClusterLoggingClusterLoggingDetails' smart constructor.
+data AwsEksClusterLoggingClusterLoggingDetails = AwsEksClusterLoggingClusterLoggingDetails'
+  { -- | Whether the logging types that are listed in @Types@ are enabled.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | A list of logging types. Valid values are as follows:
+    --
+    -- -   @api@
+    --
+    -- -   @audit@
+    --
+    -- -   @authenticator@
+    --
+    -- -   @controllerManager@
+    --
+    -- -   @scheduler@
+    types :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEksClusterLoggingClusterLoggingDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enabled', 'awsEksClusterLoggingClusterLoggingDetails_enabled' - Whether the logging types that are listed in @Types@ are enabled.
+--
+-- 'types', 'awsEksClusterLoggingClusterLoggingDetails_types' - A list of logging types. Valid values are as follows:
+--
+-- -   @api@
+--
+-- -   @audit@
+--
+-- -   @authenticator@
+--
+-- -   @controllerManager@
+--
+-- -   @scheduler@
+newAwsEksClusterLoggingClusterLoggingDetails ::
+  AwsEksClusterLoggingClusterLoggingDetails
+newAwsEksClusterLoggingClusterLoggingDetails =
+  AwsEksClusterLoggingClusterLoggingDetails'
+    { enabled =
+        Prelude.Nothing,
+      types = Prelude.Nothing
+    }
+
+-- | Whether the logging types that are listed in @Types@ are enabled.
+awsEksClusterLoggingClusterLoggingDetails_enabled :: Lens.Lens' AwsEksClusterLoggingClusterLoggingDetails (Prelude.Maybe Prelude.Bool)
+awsEksClusterLoggingClusterLoggingDetails_enabled = Lens.lens (\AwsEksClusterLoggingClusterLoggingDetails' {enabled} -> enabled) (\s@AwsEksClusterLoggingClusterLoggingDetails' {} a -> s {enabled = a} :: AwsEksClusterLoggingClusterLoggingDetails)
+
+-- | A list of logging types. Valid values are as follows:
+--
+-- -   @api@
+--
+-- -   @audit@
+--
+-- -   @authenticator@
+--
+-- -   @controllerManager@
+--
+-- -   @scheduler@
+awsEksClusterLoggingClusterLoggingDetails_types :: Lens.Lens' AwsEksClusterLoggingClusterLoggingDetails (Prelude.Maybe [Prelude.Text])
+awsEksClusterLoggingClusterLoggingDetails_types = Lens.lens (\AwsEksClusterLoggingClusterLoggingDetails' {types} -> types) (\s@AwsEksClusterLoggingClusterLoggingDetails' {} a -> s {types = a} :: AwsEksClusterLoggingClusterLoggingDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsEksClusterLoggingClusterLoggingDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEksClusterLoggingClusterLoggingDetails"
+      ( \x ->
+          AwsEksClusterLoggingClusterLoggingDetails'
+            Prelude.<$> (x Data..:? "Enabled")
+            Prelude.<*> (x Data..:? "Types" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsEksClusterLoggingClusterLoggingDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEksClusterLoggingClusterLoggingDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` enabled
+        `Prelude.hashWithSalt` types
+
+instance
+  Prelude.NFData
+    AwsEksClusterLoggingClusterLoggingDetails
+  where
+  rnf AwsEksClusterLoggingClusterLoggingDetails' {..} =
+    Prelude.rnf enabled `Prelude.seq` Prelude.rnf types
+
+instance
+  Data.ToJSON
+    AwsEksClusterLoggingClusterLoggingDetails
+  where
+  toJSON AwsEksClusterLoggingClusterLoggingDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Enabled" Data..=) Prelude.<$> enabled,
+            ("Types" Data..=) Prelude.<$> types
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEksClusterLoggingDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEksClusterLoggingDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEksClusterLoggingDetails.hs
@@ -0,0 +1,85 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEksClusterLoggingDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEksClusterLoggingDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsEksClusterLoggingClusterLoggingDetails
+
+-- | The logging configuration for an Amazon EKS cluster.
+--
+-- /See:/ 'newAwsEksClusterLoggingDetails' smart constructor.
+data AwsEksClusterLoggingDetails = AwsEksClusterLoggingDetails'
+  { -- | Cluster logging configurations.
+    clusterLogging :: Prelude.Maybe [AwsEksClusterLoggingClusterLoggingDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEksClusterLoggingDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clusterLogging', 'awsEksClusterLoggingDetails_clusterLogging' - Cluster logging configurations.
+newAwsEksClusterLoggingDetails ::
+  AwsEksClusterLoggingDetails
+newAwsEksClusterLoggingDetails =
+  AwsEksClusterLoggingDetails'
+    { clusterLogging =
+        Prelude.Nothing
+    }
+
+-- | Cluster logging configurations.
+awsEksClusterLoggingDetails_clusterLogging :: Lens.Lens' AwsEksClusterLoggingDetails (Prelude.Maybe [AwsEksClusterLoggingClusterLoggingDetails])
+awsEksClusterLoggingDetails_clusterLogging = Lens.lens (\AwsEksClusterLoggingDetails' {clusterLogging} -> clusterLogging) (\s@AwsEksClusterLoggingDetails' {} a -> s {clusterLogging = a} :: AwsEksClusterLoggingDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsEksClusterLoggingDetails where
+  parseJSON =
+    Data.withObject
+      "AwsEksClusterLoggingDetails"
+      ( \x ->
+          AwsEksClusterLoggingDetails'
+            Prelude.<$> ( x
+                            Data..:? "ClusterLogging"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable AwsEksClusterLoggingDetails where
+  hashWithSalt _salt AwsEksClusterLoggingDetails' {..} =
+    _salt `Prelude.hashWithSalt` clusterLogging
+
+instance Prelude.NFData AwsEksClusterLoggingDetails where
+  rnf AwsEksClusterLoggingDetails' {..} =
+    Prelude.rnf clusterLogging
+
+instance Data.ToJSON AwsEksClusterLoggingDetails where
+  toJSON AwsEksClusterLoggingDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ClusterLogging" Data..=)
+              Prelude.<$> clusterLogging
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsEksClusterResourcesVpcConfigDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsEksClusterResourcesVpcConfigDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsEksClusterResourcesVpcConfigDetails.hs
@@ -0,0 +1,119 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsEksClusterResourcesVpcConfigDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsEksClusterResourcesVpcConfigDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the VPC configuration used by the cluster control
+-- plane.
+--
+-- /See:/ 'newAwsEksClusterResourcesVpcConfigDetails' smart constructor.
+data AwsEksClusterResourcesVpcConfigDetails = AwsEksClusterResourcesVpcConfigDetails'
+  { -- | The security groups that are associated with the cross-account elastic
+    -- network interfaces that are used to allow communication between your
+    -- nodes and the Amazon EKS control plane.
+    securityGroupIds :: Prelude.Maybe [Prelude.Text],
+    -- | The subnets that are associated with the cluster.
+    subnetIds :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsEksClusterResourcesVpcConfigDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'securityGroupIds', 'awsEksClusterResourcesVpcConfigDetails_securityGroupIds' - The security groups that are associated with the cross-account elastic
+-- network interfaces that are used to allow communication between your
+-- nodes and the Amazon EKS control plane.
+--
+-- 'subnetIds', 'awsEksClusterResourcesVpcConfigDetails_subnetIds' - The subnets that are associated with the cluster.
+newAwsEksClusterResourcesVpcConfigDetails ::
+  AwsEksClusterResourcesVpcConfigDetails
+newAwsEksClusterResourcesVpcConfigDetails =
+  AwsEksClusterResourcesVpcConfigDetails'
+    { securityGroupIds =
+        Prelude.Nothing,
+      subnetIds = Prelude.Nothing
+    }
+
+-- | The security groups that are associated with the cross-account elastic
+-- network interfaces that are used to allow communication between your
+-- nodes and the Amazon EKS control plane.
+awsEksClusterResourcesVpcConfigDetails_securityGroupIds :: Lens.Lens' AwsEksClusterResourcesVpcConfigDetails (Prelude.Maybe [Prelude.Text])
+awsEksClusterResourcesVpcConfigDetails_securityGroupIds = Lens.lens (\AwsEksClusterResourcesVpcConfigDetails' {securityGroupIds} -> securityGroupIds) (\s@AwsEksClusterResourcesVpcConfigDetails' {} a -> s {securityGroupIds = a} :: AwsEksClusterResourcesVpcConfigDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The subnets that are associated with the cluster.
+awsEksClusterResourcesVpcConfigDetails_subnetIds :: Lens.Lens' AwsEksClusterResourcesVpcConfigDetails (Prelude.Maybe [Prelude.Text])
+awsEksClusterResourcesVpcConfigDetails_subnetIds = Lens.lens (\AwsEksClusterResourcesVpcConfigDetails' {subnetIds} -> subnetIds) (\s@AwsEksClusterResourcesVpcConfigDetails' {} a -> s {subnetIds = a} :: AwsEksClusterResourcesVpcConfigDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsEksClusterResourcesVpcConfigDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsEksClusterResourcesVpcConfigDetails"
+      ( \x ->
+          AwsEksClusterResourcesVpcConfigDetails'
+            Prelude.<$> ( x
+                            Data..:? "SecurityGroupIds"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "SubnetIds" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsEksClusterResourcesVpcConfigDetails
+  where
+  hashWithSalt
+    _salt
+    AwsEksClusterResourcesVpcConfigDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` securityGroupIds
+        `Prelude.hashWithSalt` subnetIds
+
+instance
+  Prelude.NFData
+    AwsEksClusterResourcesVpcConfigDetails
+  where
+  rnf AwsEksClusterResourcesVpcConfigDetails' {..} =
+    Prelude.rnf securityGroupIds
+      `Prelude.seq` Prelude.rnf subnetIds
+
+instance
+  Data.ToJSON
+    AwsEksClusterResourcesVpcConfigDetails
+  where
+  toJSON AwsEksClusterResourcesVpcConfigDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("SecurityGroupIds" Data..=)
+              Prelude.<$> securityGroupIds,
+            ("SubnetIds" Data..=) Prelude.<$> subnetIds
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElasticBeanstalkEnvironmentDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsElasticBeanstalkEnvironmentDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElasticBeanstalkEnvironmentDetails.hs
@@ -0,0 +1,359 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentEnvironmentLink
+import Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentOptionSetting
+import Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentTier
+
+-- | Contains details about an Elastic Beanstalk environment.
+--
+-- /See:/ 'newAwsElasticBeanstalkEnvironmentDetails' smart constructor.
+data AwsElasticBeanstalkEnvironmentDetails = AwsElasticBeanstalkEnvironmentDetails'
+  { -- | The name of the application that is associated with the environment.
+    applicationName :: Prelude.Maybe Prelude.Text,
+    -- | The URL to the CNAME for this environment.
+    cname :: Prelude.Maybe Prelude.Text,
+    -- | The creation date for this environment.
+    dateCreated :: Prelude.Maybe Prelude.Text,
+    -- | The date when this environment was last modified.
+    dateUpdated :: Prelude.Maybe Prelude.Text,
+    -- | A description of the environment.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | For load-balanced, autoscaling environments, the URL to the load
+    -- balancer. For single-instance environments, the IP address of the
+    -- instance.
+    endpointUrl :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the environment.
+    environmentArn :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the environment.
+    environmentId :: Prelude.Maybe Prelude.Text,
+    -- | Links to other environments in the same group.
+    environmentLinks :: Prelude.Maybe [AwsElasticBeanstalkEnvironmentEnvironmentLink],
+    -- | The name of the environment.
+    environmentName :: Prelude.Maybe Prelude.Text,
+    -- | The configuration setting for the environment.
+    optionSettings :: Prelude.Maybe [AwsElasticBeanstalkEnvironmentOptionSetting],
+    -- | The ARN of the platform version for the environment.
+    platformArn :: Prelude.Maybe Prelude.Text,
+    -- | The name of the solution stack that is deployed with the environment.
+    solutionStackName :: Prelude.Maybe Prelude.Text,
+    -- | The current operational status of the environment. Valid values are as
+    -- follows:
+    --
+    -- -   @Aborting@
+    --
+    -- -   @Launching@
+    --
+    -- -   @LinkingFrom@
+    --
+    -- -   @LinkingTo@
+    --
+    -- -   @Ready@
+    --
+    -- -   @Terminated@
+    --
+    -- -   @Terminating@
+    --
+    -- -   @Updating@
+    status :: Prelude.Maybe Prelude.Text,
+    -- | The tier of the environment.
+    tier :: Prelude.Maybe AwsElasticBeanstalkEnvironmentTier,
+    -- | The application version of the environment.
+    versionLabel :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElasticBeanstalkEnvironmentDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'applicationName', 'awsElasticBeanstalkEnvironmentDetails_applicationName' - The name of the application that is associated with the environment.
+--
+-- 'cname', 'awsElasticBeanstalkEnvironmentDetails_cname' - The URL to the CNAME for this environment.
+--
+-- 'dateCreated', 'awsElasticBeanstalkEnvironmentDetails_dateCreated' - The creation date for this environment.
+--
+-- 'dateUpdated', 'awsElasticBeanstalkEnvironmentDetails_dateUpdated' - The date when this environment was last modified.
+--
+-- 'description', 'awsElasticBeanstalkEnvironmentDetails_description' - A description of the environment.
+--
+-- 'endpointUrl', 'awsElasticBeanstalkEnvironmentDetails_endpointUrl' - For load-balanced, autoscaling environments, the URL to the load
+-- balancer. For single-instance environments, the IP address of the
+-- instance.
+--
+-- 'environmentArn', 'awsElasticBeanstalkEnvironmentDetails_environmentArn' - The ARN of the environment.
+--
+-- 'environmentId', 'awsElasticBeanstalkEnvironmentDetails_environmentId' - The identifier of the environment.
+--
+-- 'environmentLinks', 'awsElasticBeanstalkEnvironmentDetails_environmentLinks' - Links to other environments in the same group.
+--
+-- 'environmentName', 'awsElasticBeanstalkEnvironmentDetails_environmentName' - The name of the environment.
+--
+-- 'optionSettings', 'awsElasticBeanstalkEnvironmentDetails_optionSettings' - The configuration setting for the environment.
+--
+-- 'platformArn', 'awsElasticBeanstalkEnvironmentDetails_platformArn' - The ARN of the platform version for the environment.
+--
+-- 'solutionStackName', 'awsElasticBeanstalkEnvironmentDetails_solutionStackName' - The name of the solution stack that is deployed with the environment.
+--
+-- 'status', 'awsElasticBeanstalkEnvironmentDetails_status' - The current operational status of the environment. Valid values are as
+-- follows:
+--
+-- -   @Aborting@
+--
+-- -   @Launching@
+--
+-- -   @LinkingFrom@
+--
+-- -   @LinkingTo@
+--
+-- -   @Ready@
+--
+-- -   @Terminated@
+--
+-- -   @Terminating@
+--
+-- -   @Updating@
+--
+-- 'tier', 'awsElasticBeanstalkEnvironmentDetails_tier' - The tier of the environment.
+--
+-- 'versionLabel', 'awsElasticBeanstalkEnvironmentDetails_versionLabel' - The application version of the environment.
+newAwsElasticBeanstalkEnvironmentDetails ::
+  AwsElasticBeanstalkEnvironmentDetails
+newAwsElasticBeanstalkEnvironmentDetails =
+  AwsElasticBeanstalkEnvironmentDetails'
+    { applicationName =
+        Prelude.Nothing,
+      cname = Prelude.Nothing,
+      dateCreated = Prelude.Nothing,
+      dateUpdated = Prelude.Nothing,
+      description = Prelude.Nothing,
+      endpointUrl = Prelude.Nothing,
+      environmentArn = Prelude.Nothing,
+      environmentId = Prelude.Nothing,
+      environmentLinks = Prelude.Nothing,
+      environmentName = Prelude.Nothing,
+      optionSettings = Prelude.Nothing,
+      platformArn = Prelude.Nothing,
+      solutionStackName = Prelude.Nothing,
+      status = Prelude.Nothing,
+      tier = Prelude.Nothing,
+      versionLabel = Prelude.Nothing
+    }
+
+-- | The name of the application that is associated with the environment.
+awsElasticBeanstalkEnvironmentDetails_applicationName :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentDetails_applicationName = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {applicationName} -> applicationName) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {applicationName = a} :: AwsElasticBeanstalkEnvironmentDetails)
+
+-- | The URL to the CNAME for this environment.
+awsElasticBeanstalkEnvironmentDetails_cname :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentDetails_cname = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {cname} -> cname) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {cname = a} :: AwsElasticBeanstalkEnvironmentDetails)
+
+-- | The creation date for this environment.
+awsElasticBeanstalkEnvironmentDetails_dateCreated :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentDetails_dateCreated = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {dateCreated} -> dateCreated) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {dateCreated = a} :: AwsElasticBeanstalkEnvironmentDetails)
+
+-- | The date when this environment was last modified.
+awsElasticBeanstalkEnvironmentDetails_dateUpdated :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentDetails_dateUpdated = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {dateUpdated} -> dateUpdated) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {dateUpdated = a} :: AwsElasticBeanstalkEnvironmentDetails)
+
+-- | A description of the environment.
+awsElasticBeanstalkEnvironmentDetails_description :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentDetails_description = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {description} -> description) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {description = a} :: AwsElasticBeanstalkEnvironmentDetails)
+
+-- | For load-balanced, autoscaling environments, the URL to the load
+-- balancer. For single-instance environments, the IP address of the
+-- instance.
+awsElasticBeanstalkEnvironmentDetails_endpointUrl :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentDetails_endpointUrl = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {endpointUrl} -> endpointUrl) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {endpointUrl = a} :: AwsElasticBeanstalkEnvironmentDetails)
+
+-- | The ARN of the environment.
+awsElasticBeanstalkEnvironmentDetails_environmentArn :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentDetails_environmentArn = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {environmentArn} -> environmentArn) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {environmentArn = a} :: AwsElasticBeanstalkEnvironmentDetails)
+
+-- | The identifier of the environment.
+awsElasticBeanstalkEnvironmentDetails_environmentId :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentDetails_environmentId = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {environmentId} -> environmentId) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {environmentId = a} :: AwsElasticBeanstalkEnvironmentDetails)
+
+-- | Links to other environments in the same group.
+awsElasticBeanstalkEnvironmentDetails_environmentLinks :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe [AwsElasticBeanstalkEnvironmentEnvironmentLink])
+awsElasticBeanstalkEnvironmentDetails_environmentLinks = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {environmentLinks} -> environmentLinks) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {environmentLinks = a} :: AwsElasticBeanstalkEnvironmentDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the environment.
+awsElasticBeanstalkEnvironmentDetails_environmentName :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentDetails_environmentName = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {environmentName} -> environmentName) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {environmentName = a} :: AwsElasticBeanstalkEnvironmentDetails)
+
+-- | The configuration setting for the environment.
+awsElasticBeanstalkEnvironmentDetails_optionSettings :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe [AwsElasticBeanstalkEnvironmentOptionSetting])
+awsElasticBeanstalkEnvironmentDetails_optionSettings = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {optionSettings} -> optionSettings) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {optionSettings = a} :: AwsElasticBeanstalkEnvironmentDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN of the platform version for the environment.
+awsElasticBeanstalkEnvironmentDetails_platformArn :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentDetails_platformArn = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {platformArn} -> platformArn) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {platformArn = a} :: AwsElasticBeanstalkEnvironmentDetails)
+
+-- | The name of the solution stack that is deployed with the environment.
+awsElasticBeanstalkEnvironmentDetails_solutionStackName :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentDetails_solutionStackName = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {solutionStackName} -> solutionStackName) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {solutionStackName = a} :: AwsElasticBeanstalkEnvironmentDetails)
+
+-- | The current operational status of the environment. Valid values are as
+-- follows:
+--
+-- -   @Aborting@
+--
+-- -   @Launching@
+--
+-- -   @LinkingFrom@
+--
+-- -   @LinkingTo@
+--
+-- -   @Ready@
+--
+-- -   @Terminated@
+--
+-- -   @Terminating@
+--
+-- -   @Updating@
+awsElasticBeanstalkEnvironmentDetails_status :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentDetails_status = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {status} -> status) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {status = a} :: AwsElasticBeanstalkEnvironmentDetails)
+
+-- | The tier of the environment.
+awsElasticBeanstalkEnvironmentDetails_tier :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe AwsElasticBeanstalkEnvironmentTier)
+awsElasticBeanstalkEnvironmentDetails_tier = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {tier} -> tier) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {tier = a} :: AwsElasticBeanstalkEnvironmentDetails)
+
+-- | The application version of the environment.
+awsElasticBeanstalkEnvironmentDetails_versionLabel :: Lens.Lens' AwsElasticBeanstalkEnvironmentDetails (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentDetails_versionLabel = Lens.lens (\AwsElasticBeanstalkEnvironmentDetails' {versionLabel} -> versionLabel) (\s@AwsElasticBeanstalkEnvironmentDetails' {} a -> s {versionLabel = a} :: AwsElasticBeanstalkEnvironmentDetails)
+
+instance
+  Data.FromJSON
+    AwsElasticBeanstalkEnvironmentDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElasticBeanstalkEnvironmentDetails"
+      ( \x ->
+          AwsElasticBeanstalkEnvironmentDetails'
+            Prelude.<$> (x Data..:? "ApplicationName")
+            Prelude.<*> (x Data..:? "Cname")
+            Prelude.<*> (x Data..:? "DateCreated")
+            Prelude.<*> (x Data..:? "DateUpdated")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "EndpointUrl")
+            Prelude.<*> (x Data..:? "EnvironmentArn")
+            Prelude.<*> (x Data..:? "EnvironmentId")
+            Prelude.<*> ( x
+                            Data..:? "EnvironmentLinks"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "EnvironmentName")
+            Prelude.<*> (x Data..:? "OptionSettings" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "PlatformArn")
+            Prelude.<*> (x Data..:? "SolutionStackName")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "Tier")
+            Prelude.<*> (x Data..:? "VersionLabel")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElasticBeanstalkEnvironmentDetails
+  where
+  hashWithSalt
+    _salt
+    AwsElasticBeanstalkEnvironmentDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` applicationName
+        `Prelude.hashWithSalt` cname
+        `Prelude.hashWithSalt` dateCreated
+        `Prelude.hashWithSalt` dateUpdated
+        `Prelude.hashWithSalt` description
+        `Prelude.hashWithSalt` endpointUrl
+        `Prelude.hashWithSalt` environmentArn
+        `Prelude.hashWithSalt` environmentId
+        `Prelude.hashWithSalt` environmentLinks
+        `Prelude.hashWithSalt` environmentName
+        `Prelude.hashWithSalt` optionSettings
+        `Prelude.hashWithSalt` platformArn
+        `Prelude.hashWithSalt` solutionStackName
+        `Prelude.hashWithSalt` status
+        `Prelude.hashWithSalt` tier
+        `Prelude.hashWithSalt` versionLabel
+
+instance
+  Prelude.NFData
+    AwsElasticBeanstalkEnvironmentDetails
+  where
+  rnf AwsElasticBeanstalkEnvironmentDetails' {..} =
+    Prelude.rnf applicationName
+      `Prelude.seq` Prelude.rnf cname
+      `Prelude.seq` Prelude.rnf dateCreated
+      `Prelude.seq` Prelude.rnf dateUpdated
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf endpointUrl
+      `Prelude.seq` Prelude.rnf environmentArn
+      `Prelude.seq` Prelude.rnf environmentId
+      `Prelude.seq` Prelude.rnf environmentLinks
+      `Prelude.seq` Prelude.rnf environmentName
+      `Prelude.seq` Prelude.rnf optionSettings
+      `Prelude.seq` Prelude.rnf platformArn
+      `Prelude.seq` Prelude.rnf solutionStackName
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf tier
+      `Prelude.seq` Prelude.rnf versionLabel
+
+instance
+  Data.ToJSON
+    AwsElasticBeanstalkEnvironmentDetails
+  where
+  toJSON AwsElasticBeanstalkEnvironmentDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ApplicationName" Data..=)
+              Prelude.<$> applicationName,
+            ("Cname" Data..=) Prelude.<$> cname,
+            ("DateCreated" Data..=) Prelude.<$> dateCreated,
+            ("DateUpdated" Data..=) Prelude.<$> dateUpdated,
+            ("Description" Data..=) Prelude.<$> description,
+            ("EndpointUrl" Data..=) Prelude.<$> endpointUrl,
+            ("EnvironmentArn" Data..=)
+              Prelude.<$> environmentArn,
+            ("EnvironmentId" Data..=) Prelude.<$> environmentId,
+            ("EnvironmentLinks" Data..=)
+              Prelude.<$> environmentLinks,
+            ("EnvironmentName" Data..=)
+              Prelude.<$> environmentName,
+            ("OptionSettings" Data..=)
+              Prelude.<$> optionSettings,
+            ("PlatformArn" Data..=) Prelude.<$> platformArn,
+            ("SolutionStackName" Data..=)
+              Prelude.<$> solutionStackName,
+            ("Status" Data..=) Prelude.<$> status,
+            ("Tier" Data..=) Prelude.<$> tier,
+            ("VersionLabel" Data..=) Prelude.<$> versionLabel
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElasticBeanstalkEnvironmentEnvironmentLink.hs b/gen/Amazonka/SecurityHub/Types/AwsElasticBeanstalkEnvironmentEnvironmentLink.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElasticBeanstalkEnvironmentEnvironmentLink.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentEnvironmentLink
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentEnvironmentLink where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about a link to another environment that is in the
+-- same group.
+--
+-- /See:/ 'newAwsElasticBeanstalkEnvironmentEnvironmentLink' smart constructor.
+data AwsElasticBeanstalkEnvironmentEnvironmentLink = AwsElasticBeanstalkEnvironmentEnvironmentLink'
+  { -- | The name of the linked environment.
+    environmentName :: Prelude.Maybe Prelude.Text,
+    -- | The name of the environment link.
+    linkName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElasticBeanstalkEnvironmentEnvironmentLink' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'environmentName', 'awsElasticBeanstalkEnvironmentEnvironmentLink_environmentName' - The name of the linked environment.
+--
+-- 'linkName', 'awsElasticBeanstalkEnvironmentEnvironmentLink_linkName' - The name of the environment link.
+newAwsElasticBeanstalkEnvironmentEnvironmentLink ::
+  AwsElasticBeanstalkEnvironmentEnvironmentLink
+newAwsElasticBeanstalkEnvironmentEnvironmentLink =
+  AwsElasticBeanstalkEnvironmentEnvironmentLink'
+    { environmentName =
+        Prelude.Nothing,
+      linkName = Prelude.Nothing
+    }
+
+-- | The name of the linked environment.
+awsElasticBeanstalkEnvironmentEnvironmentLink_environmentName :: Lens.Lens' AwsElasticBeanstalkEnvironmentEnvironmentLink (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentEnvironmentLink_environmentName = Lens.lens (\AwsElasticBeanstalkEnvironmentEnvironmentLink' {environmentName} -> environmentName) (\s@AwsElasticBeanstalkEnvironmentEnvironmentLink' {} a -> s {environmentName = a} :: AwsElasticBeanstalkEnvironmentEnvironmentLink)
+
+-- | The name of the environment link.
+awsElasticBeanstalkEnvironmentEnvironmentLink_linkName :: Lens.Lens' AwsElasticBeanstalkEnvironmentEnvironmentLink (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentEnvironmentLink_linkName = Lens.lens (\AwsElasticBeanstalkEnvironmentEnvironmentLink' {linkName} -> linkName) (\s@AwsElasticBeanstalkEnvironmentEnvironmentLink' {} a -> s {linkName = a} :: AwsElasticBeanstalkEnvironmentEnvironmentLink)
+
+instance
+  Data.FromJSON
+    AwsElasticBeanstalkEnvironmentEnvironmentLink
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElasticBeanstalkEnvironmentEnvironmentLink"
+      ( \x ->
+          AwsElasticBeanstalkEnvironmentEnvironmentLink'
+            Prelude.<$> (x Data..:? "EnvironmentName")
+            Prelude.<*> (x Data..:? "LinkName")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElasticBeanstalkEnvironmentEnvironmentLink
+  where
+  hashWithSalt
+    _salt
+    AwsElasticBeanstalkEnvironmentEnvironmentLink' {..} =
+      _salt
+        `Prelude.hashWithSalt` environmentName
+        `Prelude.hashWithSalt` linkName
+
+instance
+  Prelude.NFData
+    AwsElasticBeanstalkEnvironmentEnvironmentLink
+  where
+  rnf
+    AwsElasticBeanstalkEnvironmentEnvironmentLink' {..} =
+      Prelude.rnf environmentName
+        `Prelude.seq` Prelude.rnf linkName
+
+instance
+  Data.ToJSON
+    AwsElasticBeanstalkEnvironmentEnvironmentLink
+  where
+  toJSON
+    AwsElasticBeanstalkEnvironmentEnvironmentLink' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("EnvironmentName" Data..=)
+                Prelude.<$> environmentName,
+              ("LinkName" Data..=) Prelude.<$> linkName
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElasticBeanstalkEnvironmentOptionSetting.hs b/gen/Amazonka/SecurityHub/Types/AwsElasticBeanstalkEnvironmentOptionSetting.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElasticBeanstalkEnvironmentOptionSetting.hs
@@ -0,0 +1,135 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentOptionSetting
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentOptionSetting where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A configuration option setting for the environment.
+--
+-- /See:/ 'newAwsElasticBeanstalkEnvironmentOptionSetting' smart constructor.
+data AwsElasticBeanstalkEnvironmentOptionSetting = AwsElasticBeanstalkEnvironmentOptionSetting'
+  { -- | The type of resource that the configuration option is associated with.
+    namespace :: Prelude.Maybe Prelude.Text,
+    -- | The name of the option.
+    optionName :: Prelude.Maybe Prelude.Text,
+    -- | The name of the resource.
+    resourceName :: Prelude.Maybe Prelude.Text,
+    -- | The value of the configuration setting.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElasticBeanstalkEnvironmentOptionSetting' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'namespace', 'awsElasticBeanstalkEnvironmentOptionSetting_namespace' - The type of resource that the configuration option is associated with.
+--
+-- 'optionName', 'awsElasticBeanstalkEnvironmentOptionSetting_optionName' - The name of the option.
+--
+-- 'resourceName', 'awsElasticBeanstalkEnvironmentOptionSetting_resourceName' - The name of the resource.
+--
+-- 'value', 'awsElasticBeanstalkEnvironmentOptionSetting_value' - The value of the configuration setting.
+newAwsElasticBeanstalkEnvironmentOptionSetting ::
+  AwsElasticBeanstalkEnvironmentOptionSetting
+newAwsElasticBeanstalkEnvironmentOptionSetting =
+  AwsElasticBeanstalkEnvironmentOptionSetting'
+    { namespace =
+        Prelude.Nothing,
+      optionName = Prelude.Nothing,
+      resourceName = Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | The type of resource that the configuration option is associated with.
+awsElasticBeanstalkEnvironmentOptionSetting_namespace :: Lens.Lens' AwsElasticBeanstalkEnvironmentOptionSetting (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentOptionSetting_namespace = Lens.lens (\AwsElasticBeanstalkEnvironmentOptionSetting' {namespace} -> namespace) (\s@AwsElasticBeanstalkEnvironmentOptionSetting' {} a -> s {namespace = a} :: AwsElasticBeanstalkEnvironmentOptionSetting)
+
+-- | The name of the option.
+awsElasticBeanstalkEnvironmentOptionSetting_optionName :: Lens.Lens' AwsElasticBeanstalkEnvironmentOptionSetting (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentOptionSetting_optionName = Lens.lens (\AwsElasticBeanstalkEnvironmentOptionSetting' {optionName} -> optionName) (\s@AwsElasticBeanstalkEnvironmentOptionSetting' {} a -> s {optionName = a} :: AwsElasticBeanstalkEnvironmentOptionSetting)
+
+-- | The name of the resource.
+awsElasticBeanstalkEnvironmentOptionSetting_resourceName :: Lens.Lens' AwsElasticBeanstalkEnvironmentOptionSetting (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentOptionSetting_resourceName = Lens.lens (\AwsElasticBeanstalkEnvironmentOptionSetting' {resourceName} -> resourceName) (\s@AwsElasticBeanstalkEnvironmentOptionSetting' {} a -> s {resourceName = a} :: AwsElasticBeanstalkEnvironmentOptionSetting)
+
+-- | The value of the configuration setting.
+awsElasticBeanstalkEnvironmentOptionSetting_value :: Lens.Lens' AwsElasticBeanstalkEnvironmentOptionSetting (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentOptionSetting_value = Lens.lens (\AwsElasticBeanstalkEnvironmentOptionSetting' {value} -> value) (\s@AwsElasticBeanstalkEnvironmentOptionSetting' {} a -> s {value = a} :: AwsElasticBeanstalkEnvironmentOptionSetting)
+
+instance
+  Data.FromJSON
+    AwsElasticBeanstalkEnvironmentOptionSetting
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElasticBeanstalkEnvironmentOptionSetting"
+      ( \x ->
+          AwsElasticBeanstalkEnvironmentOptionSetting'
+            Prelude.<$> (x Data..:? "Namespace")
+            Prelude.<*> (x Data..:? "OptionName")
+            Prelude.<*> (x Data..:? "ResourceName")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElasticBeanstalkEnvironmentOptionSetting
+  where
+  hashWithSalt
+    _salt
+    AwsElasticBeanstalkEnvironmentOptionSetting' {..} =
+      _salt
+        `Prelude.hashWithSalt` namespace
+        `Prelude.hashWithSalt` optionName
+        `Prelude.hashWithSalt` resourceName
+        `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    AwsElasticBeanstalkEnvironmentOptionSetting
+  where
+  rnf AwsElasticBeanstalkEnvironmentOptionSetting' {..} =
+    Prelude.rnf namespace
+      `Prelude.seq` Prelude.rnf optionName
+      `Prelude.seq` Prelude.rnf resourceName
+      `Prelude.seq` Prelude.rnf value
+
+instance
+  Data.ToJSON
+    AwsElasticBeanstalkEnvironmentOptionSetting
+  where
+  toJSON
+    AwsElasticBeanstalkEnvironmentOptionSetting' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Namespace" Data..=) Prelude.<$> namespace,
+              ("OptionName" Data..=) Prelude.<$> optionName,
+              ("ResourceName" Data..=) Prelude.<$> resourceName,
+              ("Value" Data..=) Prelude.<$> value
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElasticBeanstalkEnvironmentTier.hs b/gen/Amazonka/SecurityHub/Types/AwsElasticBeanstalkEnvironmentTier.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElasticBeanstalkEnvironmentTier.hs
@@ -0,0 +1,127 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentTier
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentTier where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the tier of the environment.
+--
+-- /See:/ 'newAwsElasticBeanstalkEnvironmentTier' smart constructor.
+data AwsElasticBeanstalkEnvironmentTier = AwsElasticBeanstalkEnvironmentTier'
+  { -- | The name of the environment tier. Valid values are @WebServer@ or
+    -- @Worker@.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The type of environment tier. Valid values are @Standard@ or
+    -- @SQS\/HTTP@.
+    type' :: Prelude.Maybe Prelude.Text,
+    -- | The version of the environment tier.
+    version :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElasticBeanstalkEnvironmentTier' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'awsElasticBeanstalkEnvironmentTier_name' - The name of the environment tier. Valid values are @WebServer@ or
+-- @Worker@.
+--
+-- 'type'', 'awsElasticBeanstalkEnvironmentTier_type' - The type of environment tier. Valid values are @Standard@ or
+-- @SQS\/HTTP@.
+--
+-- 'version', 'awsElasticBeanstalkEnvironmentTier_version' - The version of the environment tier.
+newAwsElasticBeanstalkEnvironmentTier ::
+  AwsElasticBeanstalkEnvironmentTier
+newAwsElasticBeanstalkEnvironmentTier =
+  AwsElasticBeanstalkEnvironmentTier'
+    { name =
+        Prelude.Nothing,
+      type' = Prelude.Nothing,
+      version = Prelude.Nothing
+    }
+
+-- | The name of the environment tier. Valid values are @WebServer@ or
+-- @Worker@.
+awsElasticBeanstalkEnvironmentTier_name :: Lens.Lens' AwsElasticBeanstalkEnvironmentTier (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentTier_name = Lens.lens (\AwsElasticBeanstalkEnvironmentTier' {name} -> name) (\s@AwsElasticBeanstalkEnvironmentTier' {} a -> s {name = a} :: AwsElasticBeanstalkEnvironmentTier)
+
+-- | The type of environment tier. Valid values are @Standard@ or
+-- @SQS\/HTTP@.
+awsElasticBeanstalkEnvironmentTier_type :: Lens.Lens' AwsElasticBeanstalkEnvironmentTier (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentTier_type = Lens.lens (\AwsElasticBeanstalkEnvironmentTier' {type'} -> type') (\s@AwsElasticBeanstalkEnvironmentTier' {} a -> s {type' = a} :: AwsElasticBeanstalkEnvironmentTier)
+
+-- | The version of the environment tier.
+awsElasticBeanstalkEnvironmentTier_version :: Lens.Lens' AwsElasticBeanstalkEnvironmentTier (Prelude.Maybe Prelude.Text)
+awsElasticBeanstalkEnvironmentTier_version = Lens.lens (\AwsElasticBeanstalkEnvironmentTier' {version} -> version) (\s@AwsElasticBeanstalkEnvironmentTier' {} a -> s {version = a} :: AwsElasticBeanstalkEnvironmentTier)
+
+instance
+  Data.FromJSON
+    AwsElasticBeanstalkEnvironmentTier
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElasticBeanstalkEnvironmentTier"
+      ( \x ->
+          AwsElasticBeanstalkEnvironmentTier'
+            Prelude.<$> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Type")
+            Prelude.<*> (x Data..:? "Version")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElasticBeanstalkEnvironmentTier
+  where
+  hashWithSalt
+    _salt
+    AwsElasticBeanstalkEnvironmentTier' {..} =
+      _salt
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` type'
+        `Prelude.hashWithSalt` version
+
+instance
+  Prelude.NFData
+    AwsElasticBeanstalkEnvironmentTier
+  where
+  rnf AwsElasticBeanstalkEnvironmentTier' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf type'
+      `Prelude.seq` Prelude.rnf version
+
+instance
+  Data.ToJSON
+    AwsElasticBeanstalkEnvironmentTier
+  where
+  toJSON AwsElasticBeanstalkEnvironmentTier' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Name" Data..=) Prelude.<$> name,
+            ("Type" Data..=) Prelude.<$> type',
+            ("Version" Data..=) Prelude.<$> version
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainDetails.hs
@@ -0,0 +1,301 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElasticsearchDomainDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElasticsearchDomainDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainDomainEndpointOptions
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainElasticsearchClusterConfigDetails
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainEncryptionAtRestOptions
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainLogPublishingOptions
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainNodeToNodeEncryptionOptions
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainServiceSoftwareOptions
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainVPCOptions
+
+-- | Information about an Elasticsearch domain.
+--
+-- /See:/ 'newAwsElasticsearchDomainDetails' smart constructor.
+data AwsElasticsearchDomainDetails = AwsElasticsearchDomainDetails'
+  { -- | IAM policy document specifying the access policies for the new
+    -- Elasticsearch domain.
+    accessPolicies :: Prelude.Maybe Prelude.Text,
+    -- | Additional options for the domain endpoint.
+    domainEndpointOptions :: Prelude.Maybe AwsElasticsearchDomainDomainEndpointOptions,
+    -- | Unique identifier for an Elasticsearch domain.
+    domainId :: Prelude.Maybe Prelude.Text,
+    -- | Name of an Elasticsearch domain.
+    --
+    -- Domain names are unique across all domains owned by the same account
+    -- within an Amazon Web Services Region.
+    --
+    -- Domain names must start with a lowercase letter and must be between 3
+    -- and 28 characters.
+    --
+    -- Valid characters are a-z (lowercase only), 0-9, and – (hyphen).
+    domainName :: Prelude.Maybe Prelude.Text,
+    -- | Information about an OpenSearch cluster configuration.
+    elasticsearchClusterConfig :: Prelude.Maybe AwsElasticsearchDomainElasticsearchClusterConfigDetails,
+    -- | OpenSearch version.
+    elasticsearchVersion :: Prelude.Maybe Prelude.Text,
+    -- | Details about the configuration for encryption at rest.
+    encryptionAtRestOptions :: Prelude.Maybe AwsElasticsearchDomainEncryptionAtRestOptions,
+    -- | Domain-specific endpoint used to submit index, search, and data upload
+    -- requests to an Elasticsearch domain.
+    --
+    -- The endpoint is a service URL.
+    endpoint :: Prelude.Maybe Prelude.Text,
+    -- | The key-value pair that exists if the Elasticsearch domain uses VPC
+    -- endpoints.
+    endpoints :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | Configures the CloudWatch Logs to publish for the Elasticsearch domain.
+    logPublishingOptions :: Prelude.Maybe AwsElasticsearchDomainLogPublishingOptions,
+    -- | Details about the configuration for node-to-node encryption.
+    nodeToNodeEncryptionOptions :: Prelude.Maybe AwsElasticsearchDomainNodeToNodeEncryptionOptions,
+    -- | Information about the status of a domain relative to the latest service
+    -- software.
+    serviceSoftwareOptions :: Prelude.Maybe AwsElasticsearchDomainServiceSoftwareOptions,
+    -- | Information that OpenSearch derives based on @VPCOptions@ for the
+    -- domain.
+    vPCOptions :: Prelude.Maybe AwsElasticsearchDomainVPCOptions
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElasticsearchDomainDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessPolicies', 'awsElasticsearchDomainDetails_accessPolicies' - IAM policy document specifying the access policies for the new
+-- Elasticsearch domain.
+--
+-- 'domainEndpointOptions', 'awsElasticsearchDomainDetails_domainEndpointOptions' - Additional options for the domain endpoint.
+--
+-- 'domainId', 'awsElasticsearchDomainDetails_domainId' - Unique identifier for an Elasticsearch domain.
+--
+-- 'domainName', 'awsElasticsearchDomainDetails_domainName' - Name of an Elasticsearch domain.
+--
+-- Domain names are unique across all domains owned by the same account
+-- within an Amazon Web Services Region.
+--
+-- Domain names must start with a lowercase letter and must be between 3
+-- and 28 characters.
+--
+-- Valid characters are a-z (lowercase only), 0-9, and – (hyphen).
+--
+-- 'elasticsearchClusterConfig', 'awsElasticsearchDomainDetails_elasticsearchClusterConfig' - Information about an OpenSearch cluster configuration.
+--
+-- 'elasticsearchVersion', 'awsElasticsearchDomainDetails_elasticsearchVersion' - OpenSearch version.
+--
+-- 'encryptionAtRestOptions', 'awsElasticsearchDomainDetails_encryptionAtRestOptions' - Details about the configuration for encryption at rest.
+--
+-- 'endpoint', 'awsElasticsearchDomainDetails_endpoint' - Domain-specific endpoint used to submit index, search, and data upload
+-- requests to an Elasticsearch domain.
+--
+-- The endpoint is a service URL.
+--
+-- 'endpoints', 'awsElasticsearchDomainDetails_endpoints' - The key-value pair that exists if the Elasticsearch domain uses VPC
+-- endpoints.
+--
+-- 'logPublishingOptions', 'awsElasticsearchDomainDetails_logPublishingOptions' - Configures the CloudWatch Logs to publish for the Elasticsearch domain.
+--
+-- 'nodeToNodeEncryptionOptions', 'awsElasticsearchDomainDetails_nodeToNodeEncryptionOptions' - Details about the configuration for node-to-node encryption.
+--
+-- 'serviceSoftwareOptions', 'awsElasticsearchDomainDetails_serviceSoftwareOptions' - Information about the status of a domain relative to the latest service
+-- software.
+--
+-- 'vPCOptions', 'awsElasticsearchDomainDetails_vPCOptions' - Information that OpenSearch derives based on @VPCOptions@ for the
+-- domain.
+newAwsElasticsearchDomainDetails ::
+  AwsElasticsearchDomainDetails
+newAwsElasticsearchDomainDetails =
+  AwsElasticsearchDomainDetails'
+    { accessPolicies =
+        Prelude.Nothing,
+      domainEndpointOptions = Prelude.Nothing,
+      domainId = Prelude.Nothing,
+      domainName = Prelude.Nothing,
+      elasticsearchClusterConfig = Prelude.Nothing,
+      elasticsearchVersion = Prelude.Nothing,
+      encryptionAtRestOptions = Prelude.Nothing,
+      endpoint = Prelude.Nothing,
+      endpoints = Prelude.Nothing,
+      logPublishingOptions = Prelude.Nothing,
+      nodeToNodeEncryptionOptions =
+        Prelude.Nothing,
+      serviceSoftwareOptions = Prelude.Nothing,
+      vPCOptions = Prelude.Nothing
+    }
+
+-- | IAM policy document specifying the access policies for the new
+-- Elasticsearch domain.
+awsElasticsearchDomainDetails_accessPolicies :: Lens.Lens' AwsElasticsearchDomainDetails (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainDetails_accessPolicies = Lens.lens (\AwsElasticsearchDomainDetails' {accessPolicies} -> accessPolicies) (\s@AwsElasticsearchDomainDetails' {} a -> s {accessPolicies = a} :: AwsElasticsearchDomainDetails)
+
+-- | Additional options for the domain endpoint.
+awsElasticsearchDomainDetails_domainEndpointOptions :: Lens.Lens' AwsElasticsearchDomainDetails (Prelude.Maybe AwsElasticsearchDomainDomainEndpointOptions)
+awsElasticsearchDomainDetails_domainEndpointOptions = Lens.lens (\AwsElasticsearchDomainDetails' {domainEndpointOptions} -> domainEndpointOptions) (\s@AwsElasticsearchDomainDetails' {} a -> s {domainEndpointOptions = a} :: AwsElasticsearchDomainDetails)
+
+-- | Unique identifier for an Elasticsearch domain.
+awsElasticsearchDomainDetails_domainId :: Lens.Lens' AwsElasticsearchDomainDetails (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainDetails_domainId = Lens.lens (\AwsElasticsearchDomainDetails' {domainId} -> domainId) (\s@AwsElasticsearchDomainDetails' {} a -> s {domainId = a} :: AwsElasticsearchDomainDetails)
+
+-- | Name of an Elasticsearch domain.
+--
+-- Domain names are unique across all domains owned by the same account
+-- within an Amazon Web Services Region.
+--
+-- Domain names must start with a lowercase letter and must be between 3
+-- and 28 characters.
+--
+-- Valid characters are a-z (lowercase only), 0-9, and – (hyphen).
+awsElasticsearchDomainDetails_domainName :: Lens.Lens' AwsElasticsearchDomainDetails (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainDetails_domainName = Lens.lens (\AwsElasticsearchDomainDetails' {domainName} -> domainName) (\s@AwsElasticsearchDomainDetails' {} a -> s {domainName = a} :: AwsElasticsearchDomainDetails)
+
+-- | Information about an OpenSearch cluster configuration.
+awsElasticsearchDomainDetails_elasticsearchClusterConfig :: Lens.Lens' AwsElasticsearchDomainDetails (Prelude.Maybe AwsElasticsearchDomainElasticsearchClusterConfigDetails)
+awsElasticsearchDomainDetails_elasticsearchClusterConfig = Lens.lens (\AwsElasticsearchDomainDetails' {elasticsearchClusterConfig} -> elasticsearchClusterConfig) (\s@AwsElasticsearchDomainDetails' {} a -> s {elasticsearchClusterConfig = a} :: AwsElasticsearchDomainDetails)
+
+-- | OpenSearch version.
+awsElasticsearchDomainDetails_elasticsearchVersion :: Lens.Lens' AwsElasticsearchDomainDetails (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainDetails_elasticsearchVersion = Lens.lens (\AwsElasticsearchDomainDetails' {elasticsearchVersion} -> elasticsearchVersion) (\s@AwsElasticsearchDomainDetails' {} a -> s {elasticsearchVersion = a} :: AwsElasticsearchDomainDetails)
+
+-- | Details about the configuration for encryption at rest.
+awsElasticsearchDomainDetails_encryptionAtRestOptions :: Lens.Lens' AwsElasticsearchDomainDetails (Prelude.Maybe AwsElasticsearchDomainEncryptionAtRestOptions)
+awsElasticsearchDomainDetails_encryptionAtRestOptions = Lens.lens (\AwsElasticsearchDomainDetails' {encryptionAtRestOptions} -> encryptionAtRestOptions) (\s@AwsElasticsearchDomainDetails' {} a -> s {encryptionAtRestOptions = a} :: AwsElasticsearchDomainDetails)
+
+-- | Domain-specific endpoint used to submit index, search, and data upload
+-- requests to an Elasticsearch domain.
+--
+-- The endpoint is a service URL.
+awsElasticsearchDomainDetails_endpoint :: Lens.Lens' AwsElasticsearchDomainDetails (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainDetails_endpoint = Lens.lens (\AwsElasticsearchDomainDetails' {endpoint} -> endpoint) (\s@AwsElasticsearchDomainDetails' {} a -> s {endpoint = a} :: AwsElasticsearchDomainDetails)
+
+-- | The key-value pair that exists if the Elasticsearch domain uses VPC
+-- endpoints.
+awsElasticsearchDomainDetails_endpoints :: Lens.Lens' AwsElasticsearchDomainDetails (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsElasticsearchDomainDetails_endpoints = Lens.lens (\AwsElasticsearchDomainDetails' {endpoints} -> endpoints) (\s@AwsElasticsearchDomainDetails' {} a -> s {endpoints = a} :: AwsElasticsearchDomainDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Configures the CloudWatch Logs to publish for the Elasticsearch domain.
+awsElasticsearchDomainDetails_logPublishingOptions :: Lens.Lens' AwsElasticsearchDomainDetails (Prelude.Maybe AwsElasticsearchDomainLogPublishingOptions)
+awsElasticsearchDomainDetails_logPublishingOptions = Lens.lens (\AwsElasticsearchDomainDetails' {logPublishingOptions} -> logPublishingOptions) (\s@AwsElasticsearchDomainDetails' {} a -> s {logPublishingOptions = a} :: AwsElasticsearchDomainDetails)
+
+-- | Details about the configuration for node-to-node encryption.
+awsElasticsearchDomainDetails_nodeToNodeEncryptionOptions :: Lens.Lens' AwsElasticsearchDomainDetails (Prelude.Maybe AwsElasticsearchDomainNodeToNodeEncryptionOptions)
+awsElasticsearchDomainDetails_nodeToNodeEncryptionOptions = Lens.lens (\AwsElasticsearchDomainDetails' {nodeToNodeEncryptionOptions} -> nodeToNodeEncryptionOptions) (\s@AwsElasticsearchDomainDetails' {} a -> s {nodeToNodeEncryptionOptions = a} :: AwsElasticsearchDomainDetails)
+
+-- | Information about the status of a domain relative to the latest service
+-- software.
+awsElasticsearchDomainDetails_serviceSoftwareOptions :: Lens.Lens' AwsElasticsearchDomainDetails (Prelude.Maybe AwsElasticsearchDomainServiceSoftwareOptions)
+awsElasticsearchDomainDetails_serviceSoftwareOptions = Lens.lens (\AwsElasticsearchDomainDetails' {serviceSoftwareOptions} -> serviceSoftwareOptions) (\s@AwsElasticsearchDomainDetails' {} a -> s {serviceSoftwareOptions = a} :: AwsElasticsearchDomainDetails)
+
+-- | Information that OpenSearch derives based on @VPCOptions@ for the
+-- domain.
+awsElasticsearchDomainDetails_vPCOptions :: Lens.Lens' AwsElasticsearchDomainDetails (Prelude.Maybe AwsElasticsearchDomainVPCOptions)
+awsElasticsearchDomainDetails_vPCOptions = Lens.lens (\AwsElasticsearchDomainDetails' {vPCOptions} -> vPCOptions) (\s@AwsElasticsearchDomainDetails' {} a -> s {vPCOptions = a} :: AwsElasticsearchDomainDetails)
+
+instance Data.FromJSON AwsElasticsearchDomainDetails where
+  parseJSON =
+    Data.withObject
+      "AwsElasticsearchDomainDetails"
+      ( \x ->
+          AwsElasticsearchDomainDetails'
+            Prelude.<$> (x Data..:? "AccessPolicies")
+            Prelude.<*> (x Data..:? "DomainEndpointOptions")
+            Prelude.<*> (x Data..:? "DomainId")
+            Prelude.<*> (x Data..:? "DomainName")
+            Prelude.<*> (x Data..:? "ElasticsearchClusterConfig")
+            Prelude.<*> (x Data..:? "ElasticsearchVersion")
+            Prelude.<*> (x Data..:? "EncryptionAtRestOptions")
+            Prelude.<*> (x Data..:? "Endpoint")
+            Prelude.<*> (x Data..:? "Endpoints" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "LogPublishingOptions")
+            Prelude.<*> (x Data..:? "NodeToNodeEncryptionOptions")
+            Prelude.<*> (x Data..:? "ServiceSoftwareOptions")
+            Prelude.<*> (x Data..:? "VPCOptions")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElasticsearchDomainDetails
+  where
+  hashWithSalt _salt AwsElasticsearchDomainDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` accessPolicies
+      `Prelude.hashWithSalt` domainEndpointOptions
+      `Prelude.hashWithSalt` domainId
+      `Prelude.hashWithSalt` domainName
+      `Prelude.hashWithSalt` elasticsearchClusterConfig
+      `Prelude.hashWithSalt` elasticsearchVersion
+      `Prelude.hashWithSalt` encryptionAtRestOptions
+      `Prelude.hashWithSalt` endpoint
+      `Prelude.hashWithSalt` endpoints
+      `Prelude.hashWithSalt` logPublishingOptions
+      `Prelude.hashWithSalt` nodeToNodeEncryptionOptions
+      `Prelude.hashWithSalt` serviceSoftwareOptions
+      `Prelude.hashWithSalt` vPCOptions
+
+instance Prelude.NFData AwsElasticsearchDomainDetails where
+  rnf AwsElasticsearchDomainDetails' {..} =
+    Prelude.rnf accessPolicies
+      `Prelude.seq` Prelude.rnf domainEndpointOptions
+      `Prelude.seq` Prelude.rnf domainId
+      `Prelude.seq` Prelude.rnf domainName
+      `Prelude.seq` Prelude.rnf elasticsearchClusterConfig
+      `Prelude.seq` Prelude.rnf elasticsearchVersion
+      `Prelude.seq` Prelude.rnf encryptionAtRestOptions
+      `Prelude.seq` Prelude.rnf endpoint
+      `Prelude.seq` Prelude.rnf endpoints
+      `Prelude.seq` Prelude.rnf logPublishingOptions
+      `Prelude.seq` Prelude.rnf nodeToNodeEncryptionOptions
+      `Prelude.seq` Prelude.rnf serviceSoftwareOptions
+      `Prelude.seq` Prelude.rnf vPCOptions
+
+instance Data.ToJSON AwsElasticsearchDomainDetails where
+  toJSON AwsElasticsearchDomainDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AccessPolicies" Data..=)
+              Prelude.<$> accessPolicies,
+            ("DomainEndpointOptions" Data..=)
+              Prelude.<$> domainEndpointOptions,
+            ("DomainId" Data..=) Prelude.<$> domainId,
+            ("DomainName" Data..=) Prelude.<$> domainName,
+            ("ElasticsearchClusterConfig" Data..=)
+              Prelude.<$> elasticsearchClusterConfig,
+            ("ElasticsearchVersion" Data..=)
+              Prelude.<$> elasticsearchVersion,
+            ("EncryptionAtRestOptions" Data..=)
+              Prelude.<$> encryptionAtRestOptions,
+            ("Endpoint" Data..=) Prelude.<$> endpoint,
+            ("Endpoints" Data..=) Prelude.<$> endpoints,
+            ("LogPublishingOptions" Data..=)
+              Prelude.<$> logPublishingOptions,
+            ("NodeToNodeEncryptionOptions" Data..=)
+              Prelude.<$> nodeToNodeEncryptionOptions,
+            ("ServiceSoftwareOptions" Data..=)
+              Prelude.<$> serviceSoftwareOptions,
+            ("VPCOptions" Data..=) Prelude.<$> vPCOptions
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainDomainEndpointOptions.hs b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainDomainEndpointOptions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainDomainEndpointOptions.hs
@@ -0,0 +1,133 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElasticsearchDomainDomainEndpointOptions
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElasticsearchDomainDomainEndpointOptions where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Additional options for the domain endpoint, such as whether to require
+-- HTTPS for all traffic.
+--
+-- /See:/ 'newAwsElasticsearchDomainDomainEndpointOptions' smart constructor.
+data AwsElasticsearchDomainDomainEndpointOptions = AwsElasticsearchDomainDomainEndpointOptions'
+  { -- | Whether to require that all traffic to the domain arrive over HTTPS.
+    enforceHTTPS :: Prelude.Maybe Prelude.Bool,
+    -- | The TLS security policy to apply to the HTTPS endpoint of the OpenSearch
+    -- domain.
+    --
+    -- Valid values:
+    --
+    -- -   @Policy-Min-TLS-1-0-2019-07@, which supports TLSv1.0 and higher
+    --
+    -- -   @Policy-Min-TLS-1-2-2019-07@, which only supports TLSv1.2
+    tLSSecurityPolicy :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElasticsearchDomainDomainEndpointOptions' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enforceHTTPS', 'awsElasticsearchDomainDomainEndpointOptions_enforceHTTPS' - Whether to require that all traffic to the domain arrive over HTTPS.
+--
+-- 'tLSSecurityPolicy', 'awsElasticsearchDomainDomainEndpointOptions_tLSSecurityPolicy' - The TLS security policy to apply to the HTTPS endpoint of the OpenSearch
+-- domain.
+--
+-- Valid values:
+--
+-- -   @Policy-Min-TLS-1-0-2019-07@, which supports TLSv1.0 and higher
+--
+-- -   @Policy-Min-TLS-1-2-2019-07@, which only supports TLSv1.2
+newAwsElasticsearchDomainDomainEndpointOptions ::
+  AwsElasticsearchDomainDomainEndpointOptions
+newAwsElasticsearchDomainDomainEndpointOptions =
+  AwsElasticsearchDomainDomainEndpointOptions'
+    { enforceHTTPS =
+        Prelude.Nothing,
+      tLSSecurityPolicy =
+        Prelude.Nothing
+    }
+
+-- | Whether to require that all traffic to the domain arrive over HTTPS.
+awsElasticsearchDomainDomainEndpointOptions_enforceHTTPS :: Lens.Lens' AwsElasticsearchDomainDomainEndpointOptions (Prelude.Maybe Prelude.Bool)
+awsElasticsearchDomainDomainEndpointOptions_enforceHTTPS = Lens.lens (\AwsElasticsearchDomainDomainEndpointOptions' {enforceHTTPS} -> enforceHTTPS) (\s@AwsElasticsearchDomainDomainEndpointOptions' {} a -> s {enforceHTTPS = a} :: AwsElasticsearchDomainDomainEndpointOptions)
+
+-- | The TLS security policy to apply to the HTTPS endpoint of the OpenSearch
+-- domain.
+--
+-- Valid values:
+--
+-- -   @Policy-Min-TLS-1-0-2019-07@, which supports TLSv1.0 and higher
+--
+-- -   @Policy-Min-TLS-1-2-2019-07@, which only supports TLSv1.2
+awsElasticsearchDomainDomainEndpointOptions_tLSSecurityPolicy :: Lens.Lens' AwsElasticsearchDomainDomainEndpointOptions (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainDomainEndpointOptions_tLSSecurityPolicy = Lens.lens (\AwsElasticsearchDomainDomainEndpointOptions' {tLSSecurityPolicy} -> tLSSecurityPolicy) (\s@AwsElasticsearchDomainDomainEndpointOptions' {} a -> s {tLSSecurityPolicy = a} :: AwsElasticsearchDomainDomainEndpointOptions)
+
+instance
+  Data.FromJSON
+    AwsElasticsearchDomainDomainEndpointOptions
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElasticsearchDomainDomainEndpointOptions"
+      ( \x ->
+          AwsElasticsearchDomainDomainEndpointOptions'
+            Prelude.<$> (x Data..:? "EnforceHTTPS")
+            Prelude.<*> (x Data..:? "TLSSecurityPolicy")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElasticsearchDomainDomainEndpointOptions
+  where
+  hashWithSalt
+    _salt
+    AwsElasticsearchDomainDomainEndpointOptions' {..} =
+      _salt
+        `Prelude.hashWithSalt` enforceHTTPS
+        `Prelude.hashWithSalt` tLSSecurityPolicy
+
+instance
+  Prelude.NFData
+    AwsElasticsearchDomainDomainEndpointOptions
+  where
+  rnf AwsElasticsearchDomainDomainEndpointOptions' {..} =
+    Prelude.rnf enforceHTTPS
+      `Prelude.seq` Prelude.rnf tLSSecurityPolicy
+
+instance
+  Data.ToJSON
+    AwsElasticsearchDomainDomainEndpointOptions
+  where
+  toJSON
+    AwsElasticsearchDomainDomainEndpointOptions' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("EnforceHTTPS" Data..=) Prelude.<$> enforceHTTPS,
+              ("TLSSecurityPolicy" Data..=)
+                Prelude.<$> tLSSecurityPolicy
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainElasticsearchClusterConfigDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainElasticsearchClusterConfigDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainElasticsearchClusterConfigDetails.hs
@@ -0,0 +1,244 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElasticsearchDomainElasticsearchClusterConfigDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElasticsearchDomainElasticsearchClusterConfigDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails
+
+-- | details about the configuration of an OpenSearch cluster.
+--
+-- /See:/ 'newAwsElasticsearchDomainElasticsearchClusterConfigDetails' smart constructor.
+data AwsElasticsearchDomainElasticsearchClusterConfigDetails = AwsElasticsearchDomainElasticsearchClusterConfigDetails'
+  { -- | The number of instances to use for the master node. If this attribute is
+    -- specified, then @DedicatedMasterEnabled@ must be @true@.
+    dedicatedMasterCount :: Prelude.Maybe Prelude.Int,
+    -- | Whether to use a dedicated master node for the Elasticsearch domain. A
+    -- dedicated master node performs cluster management tasks, but doesn\'t
+    -- hold data or respond to data upload requests.
+    dedicatedMasterEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | The hardware configuration of the computer that hosts the dedicated
+    -- master node. A sample value is @m3.medium.elasticsearch@. If this
+    -- attribute is specified, then @DedicatedMasterEnabled@ must be @true@.
+    --
+    -- For a list of valid values, see
+    -- <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html Supported instance types in Amazon OpenSearch Service>
+    -- in the /Amazon OpenSearch Service Developer Guide/.
+    dedicatedMasterType :: Prelude.Maybe Prelude.Text,
+    -- | The number of data nodes to use in the Elasticsearch domain.
+    instanceCount :: Prelude.Maybe Prelude.Int,
+    -- | The instance type for your data nodes. For example,
+    -- @m3.medium.elasticsearch@.
+    --
+    -- For a list of valid values, see
+    -- <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html Supported instance types in Amazon OpenSearch Service>
+    -- in the /Amazon OpenSearch Service Developer Guide/.
+    instanceType :: Prelude.Maybe Prelude.Text,
+    -- | Configuration options for zone awareness. Provided if
+    -- @ZoneAwarenessEnabled@ is @true@.
+    zoneAwarenessConfig :: Prelude.Maybe AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails,
+    -- | Whether to enable zone awareness for the Elasticsearch domain. When zone
+    -- awareness is enabled, OpenSearch allocates the cluster\'s nodes and
+    -- replica index shards across Availability Zones in the same Region. This
+    -- prevents data loss and minimizes downtime if a node or data center
+    -- fails.
+    zoneAwarenessEnabled :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElasticsearchDomainElasticsearchClusterConfigDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dedicatedMasterCount', 'awsElasticsearchDomainElasticsearchClusterConfigDetails_dedicatedMasterCount' - The number of instances to use for the master node. If this attribute is
+-- specified, then @DedicatedMasterEnabled@ must be @true@.
+--
+-- 'dedicatedMasterEnabled', 'awsElasticsearchDomainElasticsearchClusterConfigDetails_dedicatedMasterEnabled' - Whether to use a dedicated master node for the Elasticsearch domain. A
+-- dedicated master node performs cluster management tasks, but doesn\'t
+-- hold data or respond to data upload requests.
+--
+-- 'dedicatedMasterType', 'awsElasticsearchDomainElasticsearchClusterConfigDetails_dedicatedMasterType' - The hardware configuration of the computer that hosts the dedicated
+-- master node. A sample value is @m3.medium.elasticsearch@. If this
+-- attribute is specified, then @DedicatedMasterEnabled@ must be @true@.
+--
+-- For a list of valid values, see
+-- <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html Supported instance types in Amazon OpenSearch Service>
+-- in the /Amazon OpenSearch Service Developer Guide/.
+--
+-- 'instanceCount', 'awsElasticsearchDomainElasticsearchClusterConfigDetails_instanceCount' - The number of data nodes to use in the Elasticsearch domain.
+--
+-- 'instanceType', 'awsElasticsearchDomainElasticsearchClusterConfigDetails_instanceType' - The instance type for your data nodes. For example,
+-- @m3.medium.elasticsearch@.
+--
+-- For a list of valid values, see
+-- <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html Supported instance types in Amazon OpenSearch Service>
+-- in the /Amazon OpenSearch Service Developer Guide/.
+--
+-- 'zoneAwarenessConfig', 'awsElasticsearchDomainElasticsearchClusterConfigDetails_zoneAwarenessConfig' - Configuration options for zone awareness. Provided if
+-- @ZoneAwarenessEnabled@ is @true@.
+--
+-- 'zoneAwarenessEnabled', 'awsElasticsearchDomainElasticsearchClusterConfigDetails_zoneAwarenessEnabled' - Whether to enable zone awareness for the Elasticsearch domain. When zone
+-- awareness is enabled, OpenSearch allocates the cluster\'s nodes and
+-- replica index shards across Availability Zones in the same Region. This
+-- prevents data loss and minimizes downtime if a node or data center
+-- fails.
+newAwsElasticsearchDomainElasticsearchClusterConfigDetails ::
+  AwsElasticsearchDomainElasticsearchClusterConfigDetails
+newAwsElasticsearchDomainElasticsearchClusterConfigDetails =
+  AwsElasticsearchDomainElasticsearchClusterConfigDetails'
+    { dedicatedMasterCount =
+        Prelude.Nothing,
+      dedicatedMasterEnabled =
+        Prelude.Nothing,
+      dedicatedMasterType =
+        Prelude.Nothing,
+      instanceCount =
+        Prelude.Nothing,
+      instanceType =
+        Prelude.Nothing,
+      zoneAwarenessConfig =
+        Prelude.Nothing,
+      zoneAwarenessEnabled =
+        Prelude.Nothing
+    }
+
+-- | The number of instances to use for the master node. If this attribute is
+-- specified, then @DedicatedMasterEnabled@ must be @true@.
+awsElasticsearchDomainElasticsearchClusterConfigDetails_dedicatedMasterCount :: Lens.Lens' AwsElasticsearchDomainElasticsearchClusterConfigDetails (Prelude.Maybe Prelude.Int)
+awsElasticsearchDomainElasticsearchClusterConfigDetails_dedicatedMasterCount = Lens.lens (\AwsElasticsearchDomainElasticsearchClusterConfigDetails' {dedicatedMasterCount} -> dedicatedMasterCount) (\s@AwsElasticsearchDomainElasticsearchClusterConfigDetails' {} a -> s {dedicatedMasterCount = a} :: AwsElasticsearchDomainElasticsearchClusterConfigDetails)
+
+-- | Whether to use a dedicated master node for the Elasticsearch domain. A
+-- dedicated master node performs cluster management tasks, but doesn\'t
+-- hold data or respond to data upload requests.
+awsElasticsearchDomainElasticsearchClusterConfigDetails_dedicatedMasterEnabled :: Lens.Lens' AwsElasticsearchDomainElasticsearchClusterConfigDetails (Prelude.Maybe Prelude.Bool)
+awsElasticsearchDomainElasticsearchClusterConfigDetails_dedicatedMasterEnabled = Lens.lens (\AwsElasticsearchDomainElasticsearchClusterConfigDetails' {dedicatedMasterEnabled} -> dedicatedMasterEnabled) (\s@AwsElasticsearchDomainElasticsearchClusterConfigDetails' {} a -> s {dedicatedMasterEnabled = a} :: AwsElasticsearchDomainElasticsearchClusterConfigDetails)
+
+-- | The hardware configuration of the computer that hosts the dedicated
+-- master node. A sample value is @m3.medium.elasticsearch@. If this
+-- attribute is specified, then @DedicatedMasterEnabled@ must be @true@.
+--
+-- For a list of valid values, see
+-- <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html Supported instance types in Amazon OpenSearch Service>
+-- in the /Amazon OpenSearch Service Developer Guide/.
+awsElasticsearchDomainElasticsearchClusterConfigDetails_dedicatedMasterType :: Lens.Lens' AwsElasticsearchDomainElasticsearchClusterConfigDetails (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainElasticsearchClusterConfigDetails_dedicatedMasterType = Lens.lens (\AwsElasticsearchDomainElasticsearchClusterConfigDetails' {dedicatedMasterType} -> dedicatedMasterType) (\s@AwsElasticsearchDomainElasticsearchClusterConfigDetails' {} a -> s {dedicatedMasterType = a} :: AwsElasticsearchDomainElasticsearchClusterConfigDetails)
+
+-- | The number of data nodes to use in the Elasticsearch domain.
+awsElasticsearchDomainElasticsearchClusterConfigDetails_instanceCount :: Lens.Lens' AwsElasticsearchDomainElasticsearchClusterConfigDetails (Prelude.Maybe Prelude.Int)
+awsElasticsearchDomainElasticsearchClusterConfigDetails_instanceCount = Lens.lens (\AwsElasticsearchDomainElasticsearchClusterConfigDetails' {instanceCount} -> instanceCount) (\s@AwsElasticsearchDomainElasticsearchClusterConfigDetails' {} a -> s {instanceCount = a} :: AwsElasticsearchDomainElasticsearchClusterConfigDetails)
+
+-- | The instance type for your data nodes. For example,
+-- @m3.medium.elasticsearch@.
+--
+-- For a list of valid values, see
+-- <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html Supported instance types in Amazon OpenSearch Service>
+-- in the /Amazon OpenSearch Service Developer Guide/.
+awsElasticsearchDomainElasticsearchClusterConfigDetails_instanceType :: Lens.Lens' AwsElasticsearchDomainElasticsearchClusterConfigDetails (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainElasticsearchClusterConfigDetails_instanceType = Lens.lens (\AwsElasticsearchDomainElasticsearchClusterConfigDetails' {instanceType} -> instanceType) (\s@AwsElasticsearchDomainElasticsearchClusterConfigDetails' {} a -> s {instanceType = a} :: AwsElasticsearchDomainElasticsearchClusterConfigDetails)
+
+-- | Configuration options for zone awareness. Provided if
+-- @ZoneAwarenessEnabled@ is @true@.
+awsElasticsearchDomainElasticsearchClusterConfigDetails_zoneAwarenessConfig :: Lens.Lens' AwsElasticsearchDomainElasticsearchClusterConfigDetails (Prelude.Maybe AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails)
+awsElasticsearchDomainElasticsearchClusterConfigDetails_zoneAwarenessConfig = Lens.lens (\AwsElasticsearchDomainElasticsearchClusterConfigDetails' {zoneAwarenessConfig} -> zoneAwarenessConfig) (\s@AwsElasticsearchDomainElasticsearchClusterConfigDetails' {} a -> s {zoneAwarenessConfig = a} :: AwsElasticsearchDomainElasticsearchClusterConfigDetails)
+
+-- | Whether to enable zone awareness for the Elasticsearch domain. When zone
+-- awareness is enabled, OpenSearch allocates the cluster\'s nodes and
+-- replica index shards across Availability Zones in the same Region. This
+-- prevents data loss and minimizes downtime if a node or data center
+-- fails.
+awsElasticsearchDomainElasticsearchClusterConfigDetails_zoneAwarenessEnabled :: Lens.Lens' AwsElasticsearchDomainElasticsearchClusterConfigDetails (Prelude.Maybe Prelude.Bool)
+awsElasticsearchDomainElasticsearchClusterConfigDetails_zoneAwarenessEnabled = Lens.lens (\AwsElasticsearchDomainElasticsearchClusterConfigDetails' {zoneAwarenessEnabled} -> zoneAwarenessEnabled) (\s@AwsElasticsearchDomainElasticsearchClusterConfigDetails' {} a -> s {zoneAwarenessEnabled = a} :: AwsElasticsearchDomainElasticsearchClusterConfigDetails)
+
+instance
+  Data.FromJSON
+    AwsElasticsearchDomainElasticsearchClusterConfigDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElasticsearchDomainElasticsearchClusterConfigDetails"
+      ( \x ->
+          AwsElasticsearchDomainElasticsearchClusterConfigDetails'
+            Prelude.<$> (x Data..:? "DedicatedMasterCount")
+            Prelude.<*> (x Data..:? "DedicatedMasterEnabled")
+            Prelude.<*> (x Data..:? "DedicatedMasterType")
+            Prelude.<*> (x Data..:? "InstanceCount")
+            Prelude.<*> (x Data..:? "InstanceType")
+            Prelude.<*> (x Data..:? "ZoneAwarenessConfig")
+            Prelude.<*> (x Data..:? "ZoneAwarenessEnabled")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElasticsearchDomainElasticsearchClusterConfigDetails
+  where
+  hashWithSalt
+    _salt
+    AwsElasticsearchDomainElasticsearchClusterConfigDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` dedicatedMasterCount
+        `Prelude.hashWithSalt` dedicatedMasterEnabled
+        `Prelude.hashWithSalt` dedicatedMasterType
+        `Prelude.hashWithSalt` instanceCount
+        `Prelude.hashWithSalt` instanceType
+        `Prelude.hashWithSalt` zoneAwarenessConfig
+        `Prelude.hashWithSalt` zoneAwarenessEnabled
+
+instance
+  Prelude.NFData
+    AwsElasticsearchDomainElasticsearchClusterConfigDetails
+  where
+  rnf
+    AwsElasticsearchDomainElasticsearchClusterConfigDetails' {..} =
+      Prelude.rnf dedicatedMasterCount
+        `Prelude.seq` Prelude.rnf dedicatedMasterEnabled
+        `Prelude.seq` Prelude.rnf dedicatedMasterType
+        `Prelude.seq` Prelude.rnf instanceCount
+        `Prelude.seq` Prelude.rnf instanceType
+        `Prelude.seq` Prelude.rnf zoneAwarenessConfig
+        `Prelude.seq` Prelude.rnf zoneAwarenessEnabled
+
+instance
+  Data.ToJSON
+    AwsElasticsearchDomainElasticsearchClusterConfigDetails
+  where
+  toJSON
+    AwsElasticsearchDomainElasticsearchClusterConfigDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DedicatedMasterCount" Data..=)
+                Prelude.<$> dedicatedMasterCount,
+              ("DedicatedMasterEnabled" Data..=)
+                Prelude.<$> dedicatedMasterEnabled,
+              ("DedicatedMasterType" Data..=)
+                Prelude.<$> dedicatedMasterType,
+              ("InstanceCount" Data..=) Prelude.<$> instanceCount,
+              ("InstanceType" Data..=) Prelude.<$> instanceType,
+              ("ZoneAwarenessConfig" Data..=)
+                Prelude.<$> zoneAwarenessConfig,
+              ("ZoneAwarenessEnabled" Data..=)
+                Prelude.<$> zoneAwarenessEnabled
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails.hs
@@ -0,0 +1,100 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Configuration options for zone awareness.
+--
+-- /See:/ 'newAwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails' smart constructor.
+data AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails = AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails'
+  { -- | he number of Availability Zones that the domain uses. Valid values are 2
+    -- and 3. The default is 2.
+    availabilityZoneCount :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'availabilityZoneCount', 'awsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails_availabilityZoneCount' - he number of Availability Zones that the domain uses. Valid values are 2
+-- and 3. The default is 2.
+newAwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails ::
+  AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails
+newAwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails =
+  AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails'
+    { availabilityZoneCount =
+        Prelude.Nothing
+    }
+
+-- | he number of Availability Zones that the domain uses. Valid values are 2
+-- and 3. The default is 2.
+awsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails_availabilityZoneCount :: Lens.Lens' AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails (Prelude.Maybe Prelude.Int)
+awsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails_availabilityZoneCount = Lens.lens (\AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails' {availabilityZoneCount} -> availabilityZoneCount) (\s@AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails' {} a -> s {availabilityZoneCount = a} :: AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails)
+
+instance
+  Data.FromJSON
+    AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails"
+      ( \x ->
+          AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails'
+            Prelude.<$> (x Data..:? "AvailabilityZoneCount")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails
+  where
+  hashWithSalt
+    _salt
+    AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails' {..} =
+      _salt `Prelude.hashWithSalt` availabilityZoneCount
+
+instance
+  Prelude.NFData
+    AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails
+  where
+  rnf
+    AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails' {..} =
+      Prelude.rnf availabilityZoneCount
+
+instance
+  Data.ToJSON
+    AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails
+  where
+  toJSON
+    AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AvailabilityZoneCount" Data..=)
+                Prelude.<$> availabilityZoneCount
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainEncryptionAtRestOptions.hs b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainEncryptionAtRestOptions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainEncryptionAtRestOptions.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElasticsearchDomainEncryptionAtRestOptions
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElasticsearchDomainEncryptionAtRestOptions where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about the configuration for encryption at rest.
+--
+-- /See:/ 'newAwsElasticsearchDomainEncryptionAtRestOptions' smart constructor.
+data AwsElasticsearchDomainEncryptionAtRestOptions = AwsElasticsearchDomainEncryptionAtRestOptions'
+  { -- | Whether encryption at rest is enabled.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | The KMS key ID. Takes the form @1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a@.
+    kmsKeyId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElasticsearchDomainEncryptionAtRestOptions' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enabled', 'awsElasticsearchDomainEncryptionAtRestOptions_enabled' - Whether encryption at rest is enabled.
+--
+-- 'kmsKeyId', 'awsElasticsearchDomainEncryptionAtRestOptions_kmsKeyId' - The KMS key ID. Takes the form @1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a@.
+newAwsElasticsearchDomainEncryptionAtRestOptions ::
+  AwsElasticsearchDomainEncryptionAtRestOptions
+newAwsElasticsearchDomainEncryptionAtRestOptions =
+  AwsElasticsearchDomainEncryptionAtRestOptions'
+    { enabled =
+        Prelude.Nothing,
+      kmsKeyId = Prelude.Nothing
+    }
+
+-- | Whether encryption at rest is enabled.
+awsElasticsearchDomainEncryptionAtRestOptions_enabled :: Lens.Lens' AwsElasticsearchDomainEncryptionAtRestOptions (Prelude.Maybe Prelude.Bool)
+awsElasticsearchDomainEncryptionAtRestOptions_enabled = Lens.lens (\AwsElasticsearchDomainEncryptionAtRestOptions' {enabled} -> enabled) (\s@AwsElasticsearchDomainEncryptionAtRestOptions' {} a -> s {enabled = a} :: AwsElasticsearchDomainEncryptionAtRestOptions)
+
+-- | The KMS key ID. Takes the form @1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a@.
+awsElasticsearchDomainEncryptionAtRestOptions_kmsKeyId :: Lens.Lens' AwsElasticsearchDomainEncryptionAtRestOptions (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainEncryptionAtRestOptions_kmsKeyId = Lens.lens (\AwsElasticsearchDomainEncryptionAtRestOptions' {kmsKeyId} -> kmsKeyId) (\s@AwsElasticsearchDomainEncryptionAtRestOptions' {} a -> s {kmsKeyId = a} :: AwsElasticsearchDomainEncryptionAtRestOptions)
+
+instance
+  Data.FromJSON
+    AwsElasticsearchDomainEncryptionAtRestOptions
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElasticsearchDomainEncryptionAtRestOptions"
+      ( \x ->
+          AwsElasticsearchDomainEncryptionAtRestOptions'
+            Prelude.<$> (x Data..:? "Enabled")
+            Prelude.<*> (x Data..:? "KmsKeyId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElasticsearchDomainEncryptionAtRestOptions
+  where
+  hashWithSalt
+    _salt
+    AwsElasticsearchDomainEncryptionAtRestOptions' {..} =
+      _salt
+        `Prelude.hashWithSalt` enabled
+        `Prelude.hashWithSalt` kmsKeyId
+
+instance
+  Prelude.NFData
+    AwsElasticsearchDomainEncryptionAtRestOptions
+  where
+  rnf
+    AwsElasticsearchDomainEncryptionAtRestOptions' {..} =
+      Prelude.rnf enabled
+        `Prelude.seq` Prelude.rnf kmsKeyId
+
+instance
+  Data.ToJSON
+    AwsElasticsearchDomainEncryptionAtRestOptions
+  where
+  toJSON
+    AwsElasticsearchDomainEncryptionAtRestOptions' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Enabled" Data..=) Prelude.<$> enabled,
+              ("KmsKeyId" Data..=) Prelude.<$> kmsKeyId
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainLogPublishingOptions.hs b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainLogPublishingOptions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainLogPublishingOptions.hs
@@ -0,0 +1,124 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElasticsearchDomainLogPublishingOptions
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElasticsearchDomainLogPublishingOptions where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainLogPublishingOptionsLogConfig
+
+-- | configures the CloudWatch Logs to publish for the Elasticsearch domain.
+--
+-- /See:/ 'newAwsElasticsearchDomainLogPublishingOptions' smart constructor.
+data AwsElasticsearchDomainLogPublishingOptions = AwsElasticsearchDomainLogPublishingOptions'
+  { auditLogs :: Prelude.Maybe AwsElasticsearchDomainLogPublishingOptionsLogConfig,
+    -- | Configures the OpenSearch index logs publishing.
+    indexSlowLogs :: Prelude.Maybe AwsElasticsearchDomainLogPublishingOptionsLogConfig,
+    -- | Configures the OpenSearch search slow log publishing.
+    searchSlowLogs :: Prelude.Maybe AwsElasticsearchDomainLogPublishingOptionsLogConfig
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElasticsearchDomainLogPublishingOptions' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'auditLogs', 'awsElasticsearchDomainLogPublishingOptions_auditLogs' - Undocumented member.
+--
+-- 'indexSlowLogs', 'awsElasticsearchDomainLogPublishingOptions_indexSlowLogs' - Configures the OpenSearch index logs publishing.
+--
+-- 'searchSlowLogs', 'awsElasticsearchDomainLogPublishingOptions_searchSlowLogs' - Configures the OpenSearch search slow log publishing.
+newAwsElasticsearchDomainLogPublishingOptions ::
+  AwsElasticsearchDomainLogPublishingOptions
+newAwsElasticsearchDomainLogPublishingOptions =
+  AwsElasticsearchDomainLogPublishingOptions'
+    { auditLogs =
+        Prelude.Nothing,
+      indexSlowLogs = Prelude.Nothing,
+      searchSlowLogs =
+        Prelude.Nothing
+    }
+
+-- | Undocumented member.
+awsElasticsearchDomainLogPublishingOptions_auditLogs :: Lens.Lens' AwsElasticsearchDomainLogPublishingOptions (Prelude.Maybe AwsElasticsearchDomainLogPublishingOptionsLogConfig)
+awsElasticsearchDomainLogPublishingOptions_auditLogs = Lens.lens (\AwsElasticsearchDomainLogPublishingOptions' {auditLogs} -> auditLogs) (\s@AwsElasticsearchDomainLogPublishingOptions' {} a -> s {auditLogs = a} :: AwsElasticsearchDomainLogPublishingOptions)
+
+-- | Configures the OpenSearch index logs publishing.
+awsElasticsearchDomainLogPublishingOptions_indexSlowLogs :: Lens.Lens' AwsElasticsearchDomainLogPublishingOptions (Prelude.Maybe AwsElasticsearchDomainLogPublishingOptionsLogConfig)
+awsElasticsearchDomainLogPublishingOptions_indexSlowLogs = Lens.lens (\AwsElasticsearchDomainLogPublishingOptions' {indexSlowLogs} -> indexSlowLogs) (\s@AwsElasticsearchDomainLogPublishingOptions' {} a -> s {indexSlowLogs = a} :: AwsElasticsearchDomainLogPublishingOptions)
+
+-- | Configures the OpenSearch search slow log publishing.
+awsElasticsearchDomainLogPublishingOptions_searchSlowLogs :: Lens.Lens' AwsElasticsearchDomainLogPublishingOptions (Prelude.Maybe AwsElasticsearchDomainLogPublishingOptionsLogConfig)
+awsElasticsearchDomainLogPublishingOptions_searchSlowLogs = Lens.lens (\AwsElasticsearchDomainLogPublishingOptions' {searchSlowLogs} -> searchSlowLogs) (\s@AwsElasticsearchDomainLogPublishingOptions' {} a -> s {searchSlowLogs = a} :: AwsElasticsearchDomainLogPublishingOptions)
+
+instance
+  Data.FromJSON
+    AwsElasticsearchDomainLogPublishingOptions
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElasticsearchDomainLogPublishingOptions"
+      ( \x ->
+          AwsElasticsearchDomainLogPublishingOptions'
+            Prelude.<$> (x Data..:? "AuditLogs")
+            Prelude.<*> (x Data..:? "IndexSlowLogs")
+            Prelude.<*> (x Data..:? "SearchSlowLogs")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElasticsearchDomainLogPublishingOptions
+  where
+  hashWithSalt
+    _salt
+    AwsElasticsearchDomainLogPublishingOptions' {..} =
+      _salt
+        `Prelude.hashWithSalt` auditLogs
+        `Prelude.hashWithSalt` indexSlowLogs
+        `Prelude.hashWithSalt` searchSlowLogs
+
+instance
+  Prelude.NFData
+    AwsElasticsearchDomainLogPublishingOptions
+  where
+  rnf AwsElasticsearchDomainLogPublishingOptions' {..} =
+    Prelude.rnf auditLogs
+      `Prelude.seq` Prelude.rnf indexSlowLogs
+      `Prelude.seq` Prelude.rnf searchSlowLogs
+
+instance
+  Data.ToJSON
+    AwsElasticsearchDomainLogPublishingOptions
+  where
+  toJSON
+    AwsElasticsearchDomainLogPublishingOptions' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AuditLogs" Data..=) Prelude.<$> auditLogs,
+              ("IndexSlowLogs" Data..=) Prelude.<$> indexSlowLogs,
+              ("SearchSlowLogs" Data..=)
+                Prelude.<$> searchSlowLogs
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainLogPublishingOptionsLogConfig.hs b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainLogPublishingOptionsLogConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainLogPublishingOptionsLogConfig.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElasticsearchDomainLogPublishingOptionsLogConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElasticsearchDomainLogPublishingOptionsLogConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The log configuration.
+--
+-- /See:/ 'newAwsElasticsearchDomainLogPublishingOptionsLogConfig' smart constructor.
+data AwsElasticsearchDomainLogPublishingOptionsLogConfig = AwsElasticsearchDomainLogPublishingOptionsLogConfig'
+  { -- | The ARN of the CloudWatch Logs group to publish the logs to.
+    cloudWatchLogsLogGroupArn :: Prelude.Maybe Prelude.Text,
+    -- | Whether the log publishing is enabled.
+    enabled :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElasticsearchDomainLogPublishingOptionsLogConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cloudWatchLogsLogGroupArn', 'awsElasticsearchDomainLogPublishingOptionsLogConfig_cloudWatchLogsLogGroupArn' - The ARN of the CloudWatch Logs group to publish the logs to.
+--
+-- 'enabled', 'awsElasticsearchDomainLogPublishingOptionsLogConfig_enabled' - Whether the log publishing is enabled.
+newAwsElasticsearchDomainLogPublishingOptionsLogConfig ::
+  AwsElasticsearchDomainLogPublishingOptionsLogConfig
+newAwsElasticsearchDomainLogPublishingOptionsLogConfig =
+  AwsElasticsearchDomainLogPublishingOptionsLogConfig'
+    { cloudWatchLogsLogGroupArn =
+        Prelude.Nothing,
+      enabled =
+        Prelude.Nothing
+    }
+
+-- | The ARN of the CloudWatch Logs group to publish the logs to.
+awsElasticsearchDomainLogPublishingOptionsLogConfig_cloudWatchLogsLogGroupArn :: Lens.Lens' AwsElasticsearchDomainLogPublishingOptionsLogConfig (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainLogPublishingOptionsLogConfig_cloudWatchLogsLogGroupArn = Lens.lens (\AwsElasticsearchDomainLogPublishingOptionsLogConfig' {cloudWatchLogsLogGroupArn} -> cloudWatchLogsLogGroupArn) (\s@AwsElasticsearchDomainLogPublishingOptionsLogConfig' {} a -> s {cloudWatchLogsLogGroupArn = a} :: AwsElasticsearchDomainLogPublishingOptionsLogConfig)
+
+-- | Whether the log publishing is enabled.
+awsElasticsearchDomainLogPublishingOptionsLogConfig_enabled :: Lens.Lens' AwsElasticsearchDomainLogPublishingOptionsLogConfig (Prelude.Maybe Prelude.Bool)
+awsElasticsearchDomainLogPublishingOptionsLogConfig_enabled = Lens.lens (\AwsElasticsearchDomainLogPublishingOptionsLogConfig' {enabled} -> enabled) (\s@AwsElasticsearchDomainLogPublishingOptionsLogConfig' {} a -> s {enabled = a} :: AwsElasticsearchDomainLogPublishingOptionsLogConfig)
+
+instance
+  Data.FromJSON
+    AwsElasticsearchDomainLogPublishingOptionsLogConfig
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElasticsearchDomainLogPublishingOptionsLogConfig"
+      ( \x ->
+          AwsElasticsearchDomainLogPublishingOptionsLogConfig'
+            Prelude.<$> (x Data..:? "CloudWatchLogsLogGroupArn")
+            Prelude.<*> (x Data..:? "Enabled")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElasticsearchDomainLogPublishingOptionsLogConfig
+  where
+  hashWithSalt
+    _salt
+    AwsElasticsearchDomainLogPublishingOptionsLogConfig' {..} =
+      _salt
+        `Prelude.hashWithSalt` cloudWatchLogsLogGroupArn
+        `Prelude.hashWithSalt` enabled
+
+instance
+  Prelude.NFData
+    AwsElasticsearchDomainLogPublishingOptionsLogConfig
+  where
+  rnf
+    AwsElasticsearchDomainLogPublishingOptionsLogConfig' {..} =
+      Prelude.rnf cloudWatchLogsLogGroupArn
+        `Prelude.seq` Prelude.rnf enabled
+
+instance
+  Data.ToJSON
+    AwsElasticsearchDomainLogPublishingOptionsLogConfig
+  where
+  toJSON
+    AwsElasticsearchDomainLogPublishingOptionsLogConfig' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("CloudWatchLogsLogGroupArn" Data..=)
+                Prelude.<$> cloudWatchLogsLogGroupArn,
+              ("Enabled" Data..=) Prelude.<$> enabled
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainNodeToNodeEncryptionOptions.hs b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainNodeToNodeEncryptionOptions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainNodeToNodeEncryptionOptions.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElasticsearchDomainNodeToNodeEncryptionOptions
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElasticsearchDomainNodeToNodeEncryptionOptions where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about the configuration for node-to-node encryption.
+--
+-- /See:/ 'newAwsElasticsearchDomainNodeToNodeEncryptionOptions' smart constructor.
+data AwsElasticsearchDomainNodeToNodeEncryptionOptions = AwsElasticsearchDomainNodeToNodeEncryptionOptions'
+  { -- | Whether node-to-node encryption is enabled.
+    enabled :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElasticsearchDomainNodeToNodeEncryptionOptions' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enabled', 'awsElasticsearchDomainNodeToNodeEncryptionOptions_enabled' - Whether node-to-node encryption is enabled.
+newAwsElasticsearchDomainNodeToNodeEncryptionOptions ::
+  AwsElasticsearchDomainNodeToNodeEncryptionOptions
+newAwsElasticsearchDomainNodeToNodeEncryptionOptions =
+  AwsElasticsearchDomainNodeToNodeEncryptionOptions'
+    { enabled =
+        Prelude.Nothing
+    }
+
+-- | Whether node-to-node encryption is enabled.
+awsElasticsearchDomainNodeToNodeEncryptionOptions_enabled :: Lens.Lens' AwsElasticsearchDomainNodeToNodeEncryptionOptions (Prelude.Maybe Prelude.Bool)
+awsElasticsearchDomainNodeToNodeEncryptionOptions_enabled = Lens.lens (\AwsElasticsearchDomainNodeToNodeEncryptionOptions' {enabled} -> enabled) (\s@AwsElasticsearchDomainNodeToNodeEncryptionOptions' {} a -> s {enabled = a} :: AwsElasticsearchDomainNodeToNodeEncryptionOptions)
+
+instance
+  Data.FromJSON
+    AwsElasticsearchDomainNodeToNodeEncryptionOptions
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElasticsearchDomainNodeToNodeEncryptionOptions"
+      ( \x ->
+          AwsElasticsearchDomainNodeToNodeEncryptionOptions'
+            Prelude.<$> (x Data..:? "Enabled")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElasticsearchDomainNodeToNodeEncryptionOptions
+  where
+  hashWithSalt
+    _salt
+    AwsElasticsearchDomainNodeToNodeEncryptionOptions' {..} =
+      _salt `Prelude.hashWithSalt` enabled
+
+instance
+  Prelude.NFData
+    AwsElasticsearchDomainNodeToNodeEncryptionOptions
+  where
+  rnf
+    AwsElasticsearchDomainNodeToNodeEncryptionOptions' {..} =
+      Prelude.rnf enabled
+
+instance
+  Data.ToJSON
+    AwsElasticsearchDomainNodeToNodeEncryptionOptions
+  where
+  toJSON
+    AwsElasticsearchDomainNodeToNodeEncryptionOptions' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Enabled" Data..=) Prelude.<$> enabled]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainServiceSoftwareOptions.hs b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainServiceSoftwareOptions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainServiceSoftwareOptions.hs
@@ -0,0 +1,220 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElasticsearchDomainServiceSoftwareOptions
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElasticsearchDomainServiceSoftwareOptions where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the state of the domain relative to the latest service
+-- software.
+--
+-- /See:/ 'newAwsElasticsearchDomainServiceSoftwareOptions' smart constructor.
+data AwsElasticsearchDomainServiceSoftwareOptions = AwsElasticsearchDomainServiceSoftwareOptions'
+  { -- | The epoch time when the deployment window closes for required updates.
+    -- After this time, Amazon OpenSearch Service schedules the software
+    -- upgrade automatically.
+    automatedUpdateDate :: Prelude.Maybe Prelude.Text,
+    -- | Whether a request to update the domain can be canceled.
+    cancellable :: Prelude.Maybe Prelude.Bool,
+    -- | The version of the service software that is currently installed on the
+    -- domain.
+    currentVersion :: Prelude.Maybe Prelude.Text,
+    -- | A more detailed description of the service software status.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The most recent version of the service software.
+    newVersion' :: Prelude.Maybe Prelude.Text,
+    -- | Whether a service software update is available for the domain.
+    updateAvailable :: Prelude.Maybe Prelude.Bool,
+    -- | The status of the service software update. Valid values are as follows:
+    --
+    -- -   @COMPLETED@
+    --
+    -- -   @ELIGIBLE@
+    --
+    -- -   @IN_PROGRESS@
+    --
+    -- -   @NOT_ELIGIBLE@
+    --
+    -- -   @PENDING_UPDATE@
+    updateStatus :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElasticsearchDomainServiceSoftwareOptions' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'automatedUpdateDate', 'awsElasticsearchDomainServiceSoftwareOptions_automatedUpdateDate' - The epoch time when the deployment window closes for required updates.
+-- After this time, Amazon OpenSearch Service schedules the software
+-- upgrade automatically.
+--
+-- 'cancellable', 'awsElasticsearchDomainServiceSoftwareOptions_cancellable' - Whether a request to update the domain can be canceled.
+--
+-- 'currentVersion', 'awsElasticsearchDomainServiceSoftwareOptions_currentVersion' - The version of the service software that is currently installed on the
+-- domain.
+--
+-- 'description', 'awsElasticsearchDomainServiceSoftwareOptions_description' - A more detailed description of the service software status.
+--
+-- 'newVersion'', 'awsElasticsearchDomainServiceSoftwareOptions_newVersion' - The most recent version of the service software.
+--
+-- 'updateAvailable', 'awsElasticsearchDomainServiceSoftwareOptions_updateAvailable' - Whether a service software update is available for the domain.
+--
+-- 'updateStatus', 'awsElasticsearchDomainServiceSoftwareOptions_updateStatus' - The status of the service software update. Valid values are as follows:
+--
+-- -   @COMPLETED@
+--
+-- -   @ELIGIBLE@
+--
+-- -   @IN_PROGRESS@
+--
+-- -   @NOT_ELIGIBLE@
+--
+-- -   @PENDING_UPDATE@
+newAwsElasticsearchDomainServiceSoftwareOptions ::
+  AwsElasticsearchDomainServiceSoftwareOptions
+newAwsElasticsearchDomainServiceSoftwareOptions =
+  AwsElasticsearchDomainServiceSoftwareOptions'
+    { automatedUpdateDate =
+        Prelude.Nothing,
+      cancellable = Prelude.Nothing,
+      currentVersion =
+        Prelude.Nothing,
+      description = Prelude.Nothing,
+      newVersion' = Prelude.Nothing,
+      updateAvailable =
+        Prelude.Nothing,
+      updateStatus =
+        Prelude.Nothing
+    }
+
+-- | The epoch time when the deployment window closes for required updates.
+-- After this time, Amazon OpenSearch Service schedules the software
+-- upgrade automatically.
+awsElasticsearchDomainServiceSoftwareOptions_automatedUpdateDate :: Lens.Lens' AwsElasticsearchDomainServiceSoftwareOptions (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainServiceSoftwareOptions_automatedUpdateDate = Lens.lens (\AwsElasticsearchDomainServiceSoftwareOptions' {automatedUpdateDate} -> automatedUpdateDate) (\s@AwsElasticsearchDomainServiceSoftwareOptions' {} a -> s {automatedUpdateDate = a} :: AwsElasticsearchDomainServiceSoftwareOptions)
+
+-- | Whether a request to update the domain can be canceled.
+awsElasticsearchDomainServiceSoftwareOptions_cancellable :: Lens.Lens' AwsElasticsearchDomainServiceSoftwareOptions (Prelude.Maybe Prelude.Bool)
+awsElasticsearchDomainServiceSoftwareOptions_cancellable = Lens.lens (\AwsElasticsearchDomainServiceSoftwareOptions' {cancellable} -> cancellable) (\s@AwsElasticsearchDomainServiceSoftwareOptions' {} a -> s {cancellable = a} :: AwsElasticsearchDomainServiceSoftwareOptions)
+
+-- | The version of the service software that is currently installed on the
+-- domain.
+awsElasticsearchDomainServiceSoftwareOptions_currentVersion :: Lens.Lens' AwsElasticsearchDomainServiceSoftwareOptions (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainServiceSoftwareOptions_currentVersion = Lens.lens (\AwsElasticsearchDomainServiceSoftwareOptions' {currentVersion} -> currentVersion) (\s@AwsElasticsearchDomainServiceSoftwareOptions' {} a -> s {currentVersion = a} :: AwsElasticsearchDomainServiceSoftwareOptions)
+
+-- | A more detailed description of the service software status.
+awsElasticsearchDomainServiceSoftwareOptions_description :: Lens.Lens' AwsElasticsearchDomainServiceSoftwareOptions (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainServiceSoftwareOptions_description = Lens.lens (\AwsElasticsearchDomainServiceSoftwareOptions' {description} -> description) (\s@AwsElasticsearchDomainServiceSoftwareOptions' {} a -> s {description = a} :: AwsElasticsearchDomainServiceSoftwareOptions)
+
+-- | The most recent version of the service software.
+awsElasticsearchDomainServiceSoftwareOptions_newVersion :: Lens.Lens' AwsElasticsearchDomainServiceSoftwareOptions (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainServiceSoftwareOptions_newVersion = Lens.lens (\AwsElasticsearchDomainServiceSoftwareOptions' {newVersion'} -> newVersion') (\s@AwsElasticsearchDomainServiceSoftwareOptions' {} a -> s {newVersion' = a} :: AwsElasticsearchDomainServiceSoftwareOptions)
+
+-- | Whether a service software update is available for the domain.
+awsElasticsearchDomainServiceSoftwareOptions_updateAvailable :: Lens.Lens' AwsElasticsearchDomainServiceSoftwareOptions (Prelude.Maybe Prelude.Bool)
+awsElasticsearchDomainServiceSoftwareOptions_updateAvailable = Lens.lens (\AwsElasticsearchDomainServiceSoftwareOptions' {updateAvailable} -> updateAvailable) (\s@AwsElasticsearchDomainServiceSoftwareOptions' {} a -> s {updateAvailable = a} :: AwsElasticsearchDomainServiceSoftwareOptions)
+
+-- | The status of the service software update. Valid values are as follows:
+--
+-- -   @COMPLETED@
+--
+-- -   @ELIGIBLE@
+--
+-- -   @IN_PROGRESS@
+--
+-- -   @NOT_ELIGIBLE@
+--
+-- -   @PENDING_UPDATE@
+awsElasticsearchDomainServiceSoftwareOptions_updateStatus :: Lens.Lens' AwsElasticsearchDomainServiceSoftwareOptions (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainServiceSoftwareOptions_updateStatus = Lens.lens (\AwsElasticsearchDomainServiceSoftwareOptions' {updateStatus} -> updateStatus) (\s@AwsElasticsearchDomainServiceSoftwareOptions' {} a -> s {updateStatus = a} :: AwsElasticsearchDomainServiceSoftwareOptions)
+
+instance
+  Data.FromJSON
+    AwsElasticsearchDomainServiceSoftwareOptions
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElasticsearchDomainServiceSoftwareOptions"
+      ( \x ->
+          AwsElasticsearchDomainServiceSoftwareOptions'
+            Prelude.<$> (x Data..:? "AutomatedUpdateDate")
+            Prelude.<*> (x Data..:? "Cancellable")
+            Prelude.<*> (x Data..:? "CurrentVersion")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "NewVersion")
+            Prelude.<*> (x Data..:? "UpdateAvailable")
+            Prelude.<*> (x Data..:? "UpdateStatus")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElasticsearchDomainServiceSoftwareOptions
+  where
+  hashWithSalt
+    _salt
+    AwsElasticsearchDomainServiceSoftwareOptions' {..} =
+      _salt
+        `Prelude.hashWithSalt` automatedUpdateDate
+        `Prelude.hashWithSalt` cancellable
+        `Prelude.hashWithSalt` currentVersion
+        `Prelude.hashWithSalt` description
+        `Prelude.hashWithSalt` newVersion'
+        `Prelude.hashWithSalt` updateAvailable
+        `Prelude.hashWithSalt` updateStatus
+
+instance
+  Prelude.NFData
+    AwsElasticsearchDomainServiceSoftwareOptions
+  where
+  rnf AwsElasticsearchDomainServiceSoftwareOptions' {..} =
+    Prelude.rnf automatedUpdateDate
+      `Prelude.seq` Prelude.rnf cancellable
+      `Prelude.seq` Prelude.rnf currentVersion
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf newVersion'
+      `Prelude.seq` Prelude.rnf updateAvailable
+      `Prelude.seq` Prelude.rnf updateStatus
+
+instance
+  Data.ToJSON
+    AwsElasticsearchDomainServiceSoftwareOptions
+  where
+  toJSON
+    AwsElasticsearchDomainServiceSoftwareOptions' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AutomatedUpdateDate" Data..=)
+                Prelude.<$> automatedUpdateDate,
+              ("Cancellable" Data..=) Prelude.<$> cancellable,
+              ("CurrentVersion" Data..=)
+                Prelude.<$> currentVersion,
+              ("Description" Data..=) Prelude.<$> description,
+              ("NewVersion" Data..=) Prelude.<$> newVersion',
+              ("UpdateAvailable" Data..=)
+                Prelude.<$> updateAvailable,
+              ("UpdateStatus" Data..=) Prelude.<$> updateStatus
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainVPCOptions.hs b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainVPCOptions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElasticsearchDomainVPCOptions.hs
@@ -0,0 +1,143 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElasticsearchDomainVPCOptions
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElasticsearchDomainVPCOptions where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information that OpenSearch derives based on @VPCOptions@ for the
+-- domain.
+--
+-- /See:/ 'newAwsElasticsearchDomainVPCOptions' smart constructor.
+data AwsElasticsearchDomainVPCOptions = AwsElasticsearchDomainVPCOptions'
+  { -- | The list of Availability Zones associated with the VPC subnets.
+    availabilityZones :: Prelude.Maybe [Prelude.Text],
+    -- | The list of security group IDs associated with the VPC endpoints for the
+    -- domain.
+    securityGroupIds :: Prelude.Maybe [Prelude.Text],
+    -- | A list of subnet IDs associated with the VPC endpoints for the domain.
+    subnetIds :: Prelude.Maybe [Prelude.Text],
+    -- | ID for the VPC.
+    vPCId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElasticsearchDomainVPCOptions' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'availabilityZones', 'awsElasticsearchDomainVPCOptions_availabilityZones' - The list of Availability Zones associated with the VPC subnets.
+--
+-- 'securityGroupIds', 'awsElasticsearchDomainVPCOptions_securityGroupIds' - The list of security group IDs associated with the VPC endpoints for the
+-- domain.
+--
+-- 'subnetIds', 'awsElasticsearchDomainVPCOptions_subnetIds' - A list of subnet IDs associated with the VPC endpoints for the domain.
+--
+-- 'vPCId', 'awsElasticsearchDomainVPCOptions_vPCId' - ID for the VPC.
+newAwsElasticsearchDomainVPCOptions ::
+  AwsElasticsearchDomainVPCOptions
+newAwsElasticsearchDomainVPCOptions =
+  AwsElasticsearchDomainVPCOptions'
+    { availabilityZones =
+        Prelude.Nothing,
+      securityGroupIds = Prelude.Nothing,
+      subnetIds = Prelude.Nothing,
+      vPCId = Prelude.Nothing
+    }
+
+-- | The list of Availability Zones associated with the VPC subnets.
+awsElasticsearchDomainVPCOptions_availabilityZones :: Lens.Lens' AwsElasticsearchDomainVPCOptions (Prelude.Maybe [Prelude.Text])
+awsElasticsearchDomainVPCOptions_availabilityZones = Lens.lens (\AwsElasticsearchDomainVPCOptions' {availabilityZones} -> availabilityZones) (\s@AwsElasticsearchDomainVPCOptions' {} a -> s {availabilityZones = a} :: AwsElasticsearchDomainVPCOptions) Prelude.. Lens.mapping Lens.coerced
+
+-- | The list of security group IDs associated with the VPC endpoints for the
+-- domain.
+awsElasticsearchDomainVPCOptions_securityGroupIds :: Lens.Lens' AwsElasticsearchDomainVPCOptions (Prelude.Maybe [Prelude.Text])
+awsElasticsearchDomainVPCOptions_securityGroupIds = Lens.lens (\AwsElasticsearchDomainVPCOptions' {securityGroupIds} -> securityGroupIds) (\s@AwsElasticsearchDomainVPCOptions' {} a -> s {securityGroupIds = a} :: AwsElasticsearchDomainVPCOptions) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of subnet IDs associated with the VPC endpoints for the domain.
+awsElasticsearchDomainVPCOptions_subnetIds :: Lens.Lens' AwsElasticsearchDomainVPCOptions (Prelude.Maybe [Prelude.Text])
+awsElasticsearchDomainVPCOptions_subnetIds = Lens.lens (\AwsElasticsearchDomainVPCOptions' {subnetIds} -> subnetIds) (\s@AwsElasticsearchDomainVPCOptions' {} a -> s {subnetIds = a} :: AwsElasticsearchDomainVPCOptions) Prelude.. Lens.mapping Lens.coerced
+
+-- | ID for the VPC.
+awsElasticsearchDomainVPCOptions_vPCId :: Lens.Lens' AwsElasticsearchDomainVPCOptions (Prelude.Maybe Prelude.Text)
+awsElasticsearchDomainVPCOptions_vPCId = Lens.lens (\AwsElasticsearchDomainVPCOptions' {vPCId} -> vPCId) (\s@AwsElasticsearchDomainVPCOptions' {} a -> s {vPCId = a} :: AwsElasticsearchDomainVPCOptions)
+
+instance
+  Data.FromJSON
+    AwsElasticsearchDomainVPCOptions
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElasticsearchDomainVPCOptions"
+      ( \x ->
+          AwsElasticsearchDomainVPCOptions'
+            Prelude.<$> ( x
+                            Data..:? "AvailabilityZones"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "SecurityGroupIds"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "SubnetIds" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "VPCId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElasticsearchDomainVPCOptions
+  where
+  hashWithSalt
+    _salt
+    AwsElasticsearchDomainVPCOptions' {..} =
+      _salt
+        `Prelude.hashWithSalt` availabilityZones
+        `Prelude.hashWithSalt` securityGroupIds
+        `Prelude.hashWithSalt` subnetIds
+        `Prelude.hashWithSalt` vPCId
+
+instance
+  Prelude.NFData
+    AwsElasticsearchDomainVPCOptions
+  where
+  rnf AwsElasticsearchDomainVPCOptions' {..} =
+    Prelude.rnf availabilityZones
+      `Prelude.seq` Prelude.rnf securityGroupIds
+      `Prelude.seq` Prelude.rnf subnetIds
+      `Prelude.seq` Prelude.rnf vPCId
+
+instance Data.ToJSON AwsElasticsearchDomainVPCOptions where
+  toJSON AwsElasticsearchDomainVPCOptions' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AvailabilityZones" Data..=)
+              Prelude.<$> availabilityZones,
+            ("SecurityGroupIds" Data..=)
+              Prelude.<$> securityGroupIds,
+            ("SubnetIds" Data..=) Prelude.<$> subnetIds,
+            ("VPCId" Data..=) Prelude.<$> vPCId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbAppCookieStickinessPolicy.hs b/gen/Amazonka/SecurityHub/Types/AwsElbAppCookieStickinessPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbAppCookieStickinessPolicy.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbAppCookieStickinessPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbAppCookieStickinessPolicy where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about a stickiness policy that was created using
+-- @CreateAppCookieStickinessPolicy@.
+--
+-- /See:/ 'newAwsElbAppCookieStickinessPolicy' smart constructor.
+data AwsElbAppCookieStickinessPolicy = AwsElbAppCookieStickinessPolicy'
+  { -- | The name of the application cookie used for stickiness.
+    cookieName :: Prelude.Maybe Prelude.Text,
+    -- | The mnemonic name for the policy being created. The name must be unique
+    -- within the set of policies for the load balancer.
+    policyName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbAppCookieStickinessPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cookieName', 'awsElbAppCookieStickinessPolicy_cookieName' - The name of the application cookie used for stickiness.
+--
+-- 'policyName', 'awsElbAppCookieStickinessPolicy_policyName' - The mnemonic name for the policy being created. The name must be unique
+-- within the set of policies for the load balancer.
+newAwsElbAppCookieStickinessPolicy ::
+  AwsElbAppCookieStickinessPolicy
+newAwsElbAppCookieStickinessPolicy =
+  AwsElbAppCookieStickinessPolicy'
+    { cookieName =
+        Prelude.Nothing,
+      policyName = Prelude.Nothing
+    }
+
+-- | The name of the application cookie used for stickiness.
+awsElbAppCookieStickinessPolicy_cookieName :: Lens.Lens' AwsElbAppCookieStickinessPolicy (Prelude.Maybe Prelude.Text)
+awsElbAppCookieStickinessPolicy_cookieName = Lens.lens (\AwsElbAppCookieStickinessPolicy' {cookieName} -> cookieName) (\s@AwsElbAppCookieStickinessPolicy' {} a -> s {cookieName = a} :: AwsElbAppCookieStickinessPolicy)
+
+-- | The mnemonic name for the policy being created. The name must be unique
+-- within the set of policies for the load balancer.
+awsElbAppCookieStickinessPolicy_policyName :: Lens.Lens' AwsElbAppCookieStickinessPolicy (Prelude.Maybe Prelude.Text)
+awsElbAppCookieStickinessPolicy_policyName = Lens.lens (\AwsElbAppCookieStickinessPolicy' {policyName} -> policyName) (\s@AwsElbAppCookieStickinessPolicy' {} a -> s {policyName = a} :: AwsElbAppCookieStickinessPolicy)
+
+instance
+  Data.FromJSON
+    AwsElbAppCookieStickinessPolicy
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElbAppCookieStickinessPolicy"
+      ( \x ->
+          AwsElbAppCookieStickinessPolicy'
+            Prelude.<$> (x Data..:? "CookieName")
+            Prelude.<*> (x Data..:? "PolicyName")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElbAppCookieStickinessPolicy
+  where
+  hashWithSalt
+    _salt
+    AwsElbAppCookieStickinessPolicy' {..} =
+      _salt
+        `Prelude.hashWithSalt` cookieName
+        `Prelude.hashWithSalt` policyName
+
+instance
+  Prelude.NFData
+    AwsElbAppCookieStickinessPolicy
+  where
+  rnf AwsElbAppCookieStickinessPolicy' {..} =
+    Prelude.rnf cookieName
+      `Prelude.seq` Prelude.rnf policyName
+
+instance Data.ToJSON AwsElbAppCookieStickinessPolicy where
+  toJSON AwsElbAppCookieStickinessPolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CookieName" Data..=) Prelude.<$> cookieName,
+            ("PolicyName" Data..=) Prelude.<$> policyName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbLbCookieStickinessPolicy.hs b/gen/Amazonka/SecurityHub/Types/AwsElbLbCookieStickinessPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbLbCookieStickinessPolicy.hs
@@ -0,0 +1,113 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbLbCookieStickinessPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbLbCookieStickinessPolicy where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about a stickiness policy that was created using
+-- @CreateLBCookieStickinessPolicy@.
+--
+-- /See:/ 'newAwsElbLbCookieStickinessPolicy' smart constructor.
+data AwsElbLbCookieStickinessPolicy = AwsElbLbCookieStickinessPolicy'
+  { -- | The amount of time, in seconds, after which the cookie is considered
+    -- stale. If an expiration period is not specified, the stickiness session
+    -- lasts for the duration of the browser session.
+    cookieExpirationPeriod :: Prelude.Maybe Prelude.Integer,
+    -- | The name of the policy. The name must be unique within the set of
+    -- policies for the load balancer.
+    policyName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbLbCookieStickinessPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cookieExpirationPeriod', 'awsElbLbCookieStickinessPolicy_cookieExpirationPeriod' - The amount of time, in seconds, after which the cookie is considered
+-- stale. If an expiration period is not specified, the stickiness session
+-- lasts for the duration of the browser session.
+--
+-- 'policyName', 'awsElbLbCookieStickinessPolicy_policyName' - The name of the policy. The name must be unique within the set of
+-- policies for the load balancer.
+newAwsElbLbCookieStickinessPolicy ::
+  AwsElbLbCookieStickinessPolicy
+newAwsElbLbCookieStickinessPolicy =
+  AwsElbLbCookieStickinessPolicy'
+    { cookieExpirationPeriod =
+        Prelude.Nothing,
+      policyName = Prelude.Nothing
+    }
+
+-- | The amount of time, in seconds, after which the cookie is considered
+-- stale. If an expiration period is not specified, the stickiness session
+-- lasts for the duration of the browser session.
+awsElbLbCookieStickinessPolicy_cookieExpirationPeriod :: Lens.Lens' AwsElbLbCookieStickinessPolicy (Prelude.Maybe Prelude.Integer)
+awsElbLbCookieStickinessPolicy_cookieExpirationPeriod = Lens.lens (\AwsElbLbCookieStickinessPolicy' {cookieExpirationPeriod} -> cookieExpirationPeriod) (\s@AwsElbLbCookieStickinessPolicy' {} a -> s {cookieExpirationPeriod = a} :: AwsElbLbCookieStickinessPolicy)
+
+-- | The name of the policy. The name must be unique within the set of
+-- policies for the load balancer.
+awsElbLbCookieStickinessPolicy_policyName :: Lens.Lens' AwsElbLbCookieStickinessPolicy (Prelude.Maybe Prelude.Text)
+awsElbLbCookieStickinessPolicy_policyName = Lens.lens (\AwsElbLbCookieStickinessPolicy' {policyName} -> policyName) (\s@AwsElbLbCookieStickinessPolicy' {} a -> s {policyName = a} :: AwsElbLbCookieStickinessPolicy)
+
+instance Data.FromJSON AwsElbLbCookieStickinessPolicy where
+  parseJSON =
+    Data.withObject
+      "AwsElbLbCookieStickinessPolicy"
+      ( \x ->
+          AwsElbLbCookieStickinessPolicy'
+            Prelude.<$> (x Data..:? "CookieExpirationPeriod")
+            Prelude.<*> (x Data..:? "PolicyName")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElbLbCookieStickinessPolicy
+  where
+  hashWithSalt
+    _salt
+    AwsElbLbCookieStickinessPolicy' {..} =
+      _salt
+        `Prelude.hashWithSalt` cookieExpirationPeriod
+        `Prelude.hashWithSalt` policyName
+
+instance
+  Prelude.NFData
+    AwsElbLbCookieStickinessPolicy
+  where
+  rnf AwsElbLbCookieStickinessPolicy' {..} =
+    Prelude.rnf cookieExpirationPeriod
+      `Prelude.seq` Prelude.rnf policyName
+
+instance Data.ToJSON AwsElbLbCookieStickinessPolicy where
+  toJSON AwsElbLbCookieStickinessPolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CookieExpirationPeriod" Data..=)
+              Prelude.<$> cookieExpirationPeriod,
+            ("PolicyName" Data..=) Prelude.<$> policyName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerAccessLog.hs b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerAccessLog.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerAccessLog.hs
@@ -0,0 +1,137 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbLoadBalancerAccessLog
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbLoadBalancerAccessLog where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the access log configuration for the load
+-- balancer.
+--
+-- /See:/ 'newAwsElbLoadBalancerAccessLog' smart constructor.
+data AwsElbLoadBalancerAccessLog = AwsElbLoadBalancerAccessLog'
+  { -- | The interval in minutes for publishing the access logs.
+    --
+    -- You can publish access logs either every 5 minutes or every 60 minutes.
+    emitInterval :: Prelude.Maybe Prelude.Int,
+    -- | Indicates whether access logs are enabled for the load balancer.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | The name of the S3 bucket where the access logs are stored.
+    s3BucketName :: Prelude.Maybe Prelude.Text,
+    -- | The logical hierarchy that was created for the S3 bucket.
+    --
+    -- If a prefix is not provided, the log is placed at the root level of the
+    -- bucket.
+    s3BucketPrefix :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbLoadBalancerAccessLog' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'emitInterval', 'awsElbLoadBalancerAccessLog_emitInterval' - The interval in minutes for publishing the access logs.
+--
+-- You can publish access logs either every 5 minutes or every 60 minutes.
+--
+-- 'enabled', 'awsElbLoadBalancerAccessLog_enabled' - Indicates whether access logs are enabled for the load balancer.
+--
+-- 's3BucketName', 'awsElbLoadBalancerAccessLog_s3BucketName' - The name of the S3 bucket where the access logs are stored.
+--
+-- 's3BucketPrefix', 'awsElbLoadBalancerAccessLog_s3BucketPrefix' - The logical hierarchy that was created for the S3 bucket.
+--
+-- If a prefix is not provided, the log is placed at the root level of the
+-- bucket.
+newAwsElbLoadBalancerAccessLog ::
+  AwsElbLoadBalancerAccessLog
+newAwsElbLoadBalancerAccessLog =
+  AwsElbLoadBalancerAccessLog'
+    { emitInterval =
+        Prelude.Nothing,
+      enabled = Prelude.Nothing,
+      s3BucketName = Prelude.Nothing,
+      s3BucketPrefix = Prelude.Nothing
+    }
+
+-- | The interval in minutes for publishing the access logs.
+--
+-- You can publish access logs either every 5 minutes or every 60 minutes.
+awsElbLoadBalancerAccessLog_emitInterval :: Lens.Lens' AwsElbLoadBalancerAccessLog (Prelude.Maybe Prelude.Int)
+awsElbLoadBalancerAccessLog_emitInterval = Lens.lens (\AwsElbLoadBalancerAccessLog' {emitInterval} -> emitInterval) (\s@AwsElbLoadBalancerAccessLog' {} a -> s {emitInterval = a} :: AwsElbLoadBalancerAccessLog)
+
+-- | Indicates whether access logs are enabled for the load balancer.
+awsElbLoadBalancerAccessLog_enabled :: Lens.Lens' AwsElbLoadBalancerAccessLog (Prelude.Maybe Prelude.Bool)
+awsElbLoadBalancerAccessLog_enabled = Lens.lens (\AwsElbLoadBalancerAccessLog' {enabled} -> enabled) (\s@AwsElbLoadBalancerAccessLog' {} a -> s {enabled = a} :: AwsElbLoadBalancerAccessLog)
+
+-- | The name of the S3 bucket where the access logs are stored.
+awsElbLoadBalancerAccessLog_s3BucketName :: Lens.Lens' AwsElbLoadBalancerAccessLog (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerAccessLog_s3BucketName = Lens.lens (\AwsElbLoadBalancerAccessLog' {s3BucketName} -> s3BucketName) (\s@AwsElbLoadBalancerAccessLog' {} a -> s {s3BucketName = a} :: AwsElbLoadBalancerAccessLog)
+
+-- | The logical hierarchy that was created for the S3 bucket.
+--
+-- If a prefix is not provided, the log is placed at the root level of the
+-- bucket.
+awsElbLoadBalancerAccessLog_s3BucketPrefix :: Lens.Lens' AwsElbLoadBalancerAccessLog (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerAccessLog_s3BucketPrefix = Lens.lens (\AwsElbLoadBalancerAccessLog' {s3BucketPrefix} -> s3BucketPrefix) (\s@AwsElbLoadBalancerAccessLog' {} a -> s {s3BucketPrefix = a} :: AwsElbLoadBalancerAccessLog)
+
+instance Data.FromJSON AwsElbLoadBalancerAccessLog where
+  parseJSON =
+    Data.withObject
+      "AwsElbLoadBalancerAccessLog"
+      ( \x ->
+          AwsElbLoadBalancerAccessLog'
+            Prelude.<$> (x Data..:? "EmitInterval")
+            Prelude.<*> (x Data..:? "Enabled")
+            Prelude.<*> (x Data..:? "S3BucketName")
+            Prelude.<*> (x Data..:? "S3BucketPrefix")
+      )
+
+instance Prelude.Hashable AwsElbLoadBalancerAccessLog where
+  hashWithSalt _salt AwsElbLoadBalancerAccessLog' {..} =
+    _salt
+      `Prelude.hashWithSalt` emitInterval
+      `Prelude.hashWithSalt` enabled
+      `Prelude.hashWithSalt` s3BucketName
+      `Prelude.hashWithSalt` s3BucketPrefix
+
+instance Prelude.NFData AwsElbLoadBalancerAccessLog where
+  rnf AwsElbLoadBalancerAccessLog' {..} =
+    Prelude.rnf emitInterval
+      `Prelude.seq` Prelude.rnf enabled
+      `Prelude.seq` Prelude.rnf s3BucketName
+      `Prelude.seq` Prelude.rnf s3BucketPrefix
+
+instance Data.ToJSON AwsElbLoadBalancerAccessLog where
+  toJSON AwsElbLoadBalancerAccessLog' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("EmitInterval" Data..=) Prelude.<$> emitInterval,
+            ("Enabled" Data..=) Prelude.<$> enabled,
+            ("S3BucketName" Data..=) Prelude.<$> s3BucketName,
+            ("S3BucketPrefix" Data..=)
+              Prelude.<$> s3BucketPrefix
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerAdditionalAttribute.hs b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerAdditionalAttribute.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerAdditionalAttribute.hs
@@ -0,0 +1,107 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbLoadBalancerAdditionalAttribute
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbLoadBalancerAdditionalAttribute where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about additional attributes for the load balancer.
+--
+-- /See:/ 'newAwsElbLoadBalancerAdditionalAttribute' smart constructor.
+data AwsElbLoadBalancerAdditionalAttribute = AwsElbLoadBalancerAdditionalAttribute'
+  { -- | The name of the attribute.
+    key :: Prelude.Maybe Prelude.Text,
+    -- | The value of the attribute.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbLoadBalancerAdditionalAttribute' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'key', 'awsElbLoadBalancerAdditionalAttribute_key' - The name of the attribute.
+--
+-- 'value', 'awsElbLoadBalancerAdditionalAttribute_value' - The value of the attribute.
+newAwsElbLoadBalancerAdditionalAttribute ::
+  AwsElbLoadBalancerAdditionalAttribute
+newAwsElbLoadBalancerAdditionalAttribute =
+  AwsElbLoadBalancerAdditionalAttribute'
+    { key =
+        Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | The name of the attribute.
+awsElbLoadBalancerAdditionalAttribute_key :: Lens.Lens' AwsElbLoadBalancerAdditionalAttribute (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerAdditionalAttribute_key = Lens.lens (\AwsElbLoadBalancerAdditionalAttribute' {key} -> key) (\s@AwsElbLoadBalancerAdditionalAttribute' {} a -> s {key = a} :: AwsElbLoadBalancerAdditionalAttribute)
+
+-- | The value of the attribute.
+awsElbLoadBalancerAdditionalAttribute_value :: Lens.Lens' AwsElbLoadBalancerAdditionalAttribute (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerAdditionalAttribute_value = Lens.lens (\AwsElbLoadBalancerAdditionalAttribute' {value} -> value) (\s@AwsElbLoadBalancerAdditionalAttribute' {} a -> s {value = a} :: AwsElbLoadBalancerAdditionalAttribute)
+
+instance
+  Data.FromJSON
+    AwsElbLoadBalancerAdditionalAttribute
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElbLoadBalancerAdditionalAttribute"
+      ( \x ->
+          AwsElbLoadBalancerAdditionalAttribute'
+            Prelude.<$> (x Data..:? "Key")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElbLoadBalancerAdditionalAttribute
+  where
+  hashWithSalt
+    _salt
+    AwsElbLoadBalancerAdditionalAttribute' {..} =
+      _salt
+        `Prelude.hashWithSalt` key
+        `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    AwsElbLoadBalancerAdditionalAttribute
+  where
+  rnf AwsElbLoadBalancerAdditionalAttribute' {..} =
+    Prelude.rnf key `Prelude.seq` Prelude.rnf value
+
+instance
+  Data.ToJSON
+    AwsElbLoadBalancerAdditionalAttribute
+  where
+  toJSON AwsElbLoadBalancerAdditionalAttribute' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Key" Data..=) Prelude.<$> key,
+            ("Value" Data..=) Prelude.<$> value
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerAttributes.hs b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerAttributes.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerAttributes.hs
@@ -0,0 +1,199 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbLoadBalancerAttributes
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbLoadBalancerAttributes where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerAccessLog
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerAdditionalAttribute
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerConnectionDraining
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerConnectionSettings
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerCrossZoneLoadBalancing
+
+-- | Contains attributes for the load balancer.
+--
+-- /See:/ 'newAwsElbLoadBalancerAttributes' smart constructor.
+data AwsElbLoadBalancerAttributes = AwsElbLoadBalancerAttributes'
+  { -- | Information about the access log configuration for the load balancer.
+    --
+    -- If the access log is enabled, the load balancer captures detailed
+    -- information about all requests. It delivers the information to a
+    -- specified S3 bucket.
+    accessLog :: Prelude.Maybe AwsElbLoadBalancerAccessLog,
+    -- | Any additional attributes for a load balancer.
+    additionalAttributes :: Prelude.Maybe [AwsElbLoadBalancerAdditionalAttribute],
+    -- | Information about the connection draining configuration for the load
+    -- balancer.
+    --
+    -- If connection draining is enabled, the load balancer allows existing
+    -- requests to complete before it shifts traffic away from a deregistered
+    -- or unhealthy instance.
+    connectionDraining :: Prelude.Maybe AwsElbLoadBalancerConnectionDraining,
+    -- | Connection settings for the load balancer.
+    --
+    -- If an idle timeout is configured, the load balancer allows connections
+    -- to remain idle for the specified duration. When a connection is idle, no
+    -- data is sent over the connection.
+    connectionSettings :: Prelude.Maybe AwsElbLoadBalancerConnectionSettings,
+    -- | Cross-zone load balancing settings for the load balancer.
+    --
+    -- If cross-zone load balancing is enabled, the load balancer routes the
+    -- request traffic evenly across all instances regardless of the
+    -- Availability Zones.
+    crossZoneLoadBalancing :: Prelude.Maybe AwsElbLoadBalancerCrossZoneLoadBalancing
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbLoadBalancerAttributes' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessLog', 'awsElbLoadBalancerAttributes_accessLog' - Information about the access log configuration for the load balancer.
+--
+-- If the access log is enabled, the load balancer captures detailed
+-- information about all requests. It delivers the information to a
+-- specified S3 bucket.
+--
+-- 'additionalAttributes', 'awsElbLoadBalancerAttributes_additionalAttributes' - Any additional attributes for a load balancer.
+--
+-- 'connectionDraining', 'awsElbLoadBalancerAttributes_connectionDraining' - Information about the connection draining configuration for the load
+-- balancer.
+--
+-- If connection draining is enabled, the load balancer allows existing
+-- requests to complete before it shifts traffic away from a deregistered
+-- or unhealthy instance.
+--
+-- 'connectionSettings', 'awsElbLoadBalancerAttributes_connectionSettings' - Connection settings for the load balancer.
+--
+-- If an idle timeout is configured, the load balancer allows connections
+-- to remain idle for the specified duration. When a connection is idle, no
+-- data is sent over the connection.
+--
+-- 'crossZoneLoadBalancing', 'awsElbLoadBalancerAttributes_crossZoneLoadBalancing' - Cross-zone load balancing settings for the load balancer.
+--
+-- If cross-zone load balancing is enabled, the load balancer routes the
+-- request traffic evenly across all instances regardless of the
+-- Availability Zones.
+newAwsElbLoadBalancerAttributes ::
+  AwsElbLoadBalancerAttributes
+newAwsElbLoadBalancerAttributes =
+  AwsElbLoadBalancerAttributes'
+    { accessLog =
+        Prelude.Nothing,
+      additionalAttributes = Prelude.Nothing,
+      connectionDraining = Prelude.Nothing,
+      connectionSettings = Prelude.Nothing,
+      crossZoneLoadBalancing = Prelude.Nothing
+    }
+
+-- | Information about the access log configuration for the load balancer.
+--
+-- If the access log is enabled, the load balancer captures detailed
+-- information about all requests. It delivers the information to a
+-- specified S3 bucket.
+awsElbLoadBalancerAttributes_accessLog :: Lens.Lens' AwsElbLoadBalancerAttributes (Prelude.Maybe AwsElbLoadBalancerAccessLog)
+awsElbLoadBalancerAttributes_accessLog = Lens.lens (\AwsElbLoadBalancerAttributes' {accessLog} -> accessLog) (\s@AwsElbLoadBalancerAttributes' {} a -> s {accessLog = a} :: AwsElbLoadBalancerAttributes)
+
+-- | Any additional attributes for a load balancer.
+awsElbLoadBalancerAttributes_additionalAttributes :: Lens.Lens' AwsElbLoadBalancerAttributes (Prelude.Maybe [AwsElbLoadBalancerAdditionalAttribute])
+awsElbLoadBalancerAttributes_additionalAttributes = Lens.lens (\AwsElbLoadBalancerAttributes' {additionalAttributes} -> additionalAttributes) (\s@AwsElbLoadBalancerAttributes' {} a -> s {additionalAttributes = a} :: AwsElbLoadBalancerAttributes) Prelude.. Lens.mapping Lens.coerced
+
+-- | Information about the connection draining configuration for the load
+-- balancer.
+--
+-- If connection draining is enabled, the load balancer allows existing
+-- requests to complete before it shifts traffic away from a deregistered
+-- or unhealthy instance.
+awsElbLoadBalancerAttributes_connectionDraining :: Lens.Lens' AwsElbLoadBalancerAttributes (Prelude.Maybe AwsElbLoadBalancerConnectionDraining)
+awsElbLoadBalancerAttributes_connectionDraining = Lens.lens (\AwsElbLoadBalancerAttributes' {connectionDraining} -> connectionDraining) (\s@AwsElbLoadBalancerAttributes' {} a -> s {connectionDraining = a} :: AwsElbLoadBalancerAttributes)
+
+-- | Connection settings for the load balancer.
+--
+-- If an idle timeout is configured, the load balancer allows connections
+-- to remain idle for the specified duration. When a connection is idle, no
+-- data is sent over the connection.
+awsElbLoadBalancerAttributes_connectionSettings :: Lens.Lens' AwsElbLoadBalancerAttributes (Prelude.Maybe AwsElbLoadBalancerConnectionSettings)
+awsElbLoadBalancerAttributes_connectionSettings = Lens.lens (\AwsElbLoadBalancerAttributes' {connectionSettings} -> connectionSettings) (\s@AwsElbLoadBalancerAttributes' {} a -> s {connectionSettings = a} :: AwsElbLoadBalancerAttributes)
+
+-- | Cross-zone load balancing settings for the load balancer.
+--
+-- If cross-zone load balancing is enabled, the load balancer routes the
+-- request traffic evenly across all instances regardless of the
+-- Availability Zones.
+awsElbLoadBalancerAttributes_crossZoneLoadBalancing :: Lens.Lens' AwsElbLoadBalancerAttributes (Prelude.Maybe AwsElbLoadBalancerCrossZoneLoadBalancing)
+awsElbLoadBalancerAttributes_crossZoneLoadBalancing = Lens.lens (\AwsElbLoadBalancerAttributes' {crossZoneLoadBalancing} -> crossZoneLoadBalancing) (\s@AwsElbLoadBalancerAttributes' {} a -> s {crossZoneLoadBalancing = a} :: AwsElbLoadBalancerAttributes)
+
+instance Data.FromJSON AwsElbLoadBalancerAttributes where
+  parseJSON =
+    Data.withObject
+      "AwsElbLoadBalancerAttributes"
+      ( \x ->
+          AwsElbLoadBalancerAttributes'
+            Prelude.<$> (x Data..:? "AccessLog")
+            Prelude.<*> ( x
+                            Data..:? "AdditionalAttributes"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ConnectionDraining")
+            Prelude.<*> (x Data..:? "ConnectionSettings")
+            Prelude.<*> (x Data..:? "CrossZoneLoadBalancing")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElbLoadBalancerAttributes
+  where
+  hashWithSalt _salt AwsElbLoadBalancerAttributes' {..} =
+    _salt
+      `Prelude.hashWithSalt` accessLog
+      `Prelude.hashWithSalt` additionalAttributes
+      `Prelude.hashWithSalt` connectionDraining
+      `Prelude.hashWithSalt` connectionSettings
+      `Prelude.hashWithSalt` crossZoneLoadBalancing
+
+instance Prelude.NFData AwsElbLoadBalancerAttributes where
+  rnf AwsElbLoadBalancerAttributes' {..} =
+    Prelude.rnf accessLog
+      `Prelude.seq` Prelude.rnf additionalAttributes
+      `Prelude.seq` Prelude.rnf connectionDraining
+      `Prelude.seq` Prelude.rnf connectionSettings
+      `Prelude.seq` Prelude.rnf crossZoneLoadBalancing
+
+instance Data.ToJSON AwsElbLoadBalancerAttributes where
+  toJSON AwsElbLoadBalancerAttributes' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AccessLog" Data..=) Prelude.<$> accessLog,
+            ("AdditionalAttributes" Data..=)
+              Prelude.<$> additionalAttributes,
+            ("ConnectionDraining" Data..=)
+              Prelude.<$> connectionDraining,
+            ("ConnectionSettings" Data..=)
+              Prelude.<$> connectionSettings,
+            ("CrossZoneLoadBalancing" Data..=)
+              Prelude.<$> crossZoneLoadBalancing
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerBackendServerDescription.hs b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerBackendServerDescription.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerBackendServerDescription.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbLoadBalancerBackendServerDescription
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbLoadBalancerBackendServerDescription where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about the configuration of an EC2 instance for the
+-- load balancer.
+--
+-- /See:/ 'newAwsElbLoadBalancerBackendServerDescription' smart constructor.
+data AwsElbLoadBalancerBackendServerDescription = AwsElbLoadBalancerBackendServerDescription'
+  { -- | The port on which the EC2 instance is listening.
+    instancePort :: Prelude.Maybe Prelude.Int,
+    -- | The names of the policies that are enabled for the EC2 instance.
+    policyNames :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbLoadBalancerBackendServerDescription' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instancePort', 'awsElbLoadBalancerBackendServerDescription_instancePort' - The port on which the EC2 instance is listening.
+--
+-- 'policyNames', 'awsElbLoadBalancerBackendServerDescription_policyNames' - The names of the policies that are enabled for the EC2 instance.
+newAwsElbLoadBalancerBackendServerDescription ::
+  AwsElbLoadBalancerBackendServerDescription
+newAwsElbLoadBalancerBackendServerDescription =
+  AwsElbLoadBalancerBackendServerDescription'
+    { instancePort =
+        Prelude.Nothing,
+      policyNames = Prelude.Nothing
+    }
+
+-- | The port on which the EC2 instance is listening.
+awsElbLoadBalancerBackendServerDescription_instancePort :: Lens.Lens' AwsElbLoadBalancerBackendServerDescription (Prelude.Maybe Prelude.Int)
+awsElbLoadBalancerBackendServerDescription_instancePort = Lens.lens (\AwsElbLoadBalancerBackendServerDescription' {instancePort} -> instancePort) (\s@AwsElbLoadBalancerBackendServerDescription' {} a -> s {instancePort = a} :: AwsElbLoadBalancerBackendServerDescription)
+
+-- | The names of the policies that are enabled for the EC2 instance.
+awsElbLoadBalancerBackendServerDescription_policyNames :: Lens.Lens' AwsElbLoadBalancerBackendServerDescription (Prelude.Maybe [Prelude.Text])
+awsElbLoadBalancerBackendServerDescription_policyNames = Lens.lens (\AwsElbLoadBalancerBackendServerDescription' {policyNames} -> policyNames) (\s@AwsElbLoadBalancerBackendServerDescription' {} a -> s {policyNames = a} :: AwsElbLoadBalancerBackendServerDescription) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsElbLoadBalancerBackendServerDescription
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElbLoadBalancerBackendServerDescription"
+      ( \x ->
+          AwsElbLoadBalancerBackendServerDescription'
+            Prelude.<$> (x Data..:? "InstancePort")
+            Prelude.<*> (x Data..:? "PolicyNames" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsElbLoadBalancerBackendServerDescription
+  where
+  hashWithSalt
+    _salt
+    AwsElbLoadBalancerBackendServerDescription' {..} =
+      _salt
+        `Prelude.hashWithSalt` instancePort
+        `Prelude.hashWithSalt` policyNames
+
+instance
+  Prelude.NFData
+    AwsElbLoadBalancerBackendServerDescription
+  where
+  rnf AwsElbLoadBalancerBackendServerDescription' {..} =
+    Prelude.rnf instancePort
+      `Prelude.seq` Prelude.rnf policyNames
+
+instance
+  Data.ToJSON
+    AwsElbLoadBalancerBackendServerDescription
+  where
+  toJSON
+    AwsElbLoadBalancerBackendServerDescription' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("InstancePort" Data..=) Prelude.<$> instancePort,
+              ("PolicyNames" Data..=) Prelude.<$> policyNames
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerConnectionDraining.hs b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerConnectionDraining.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerConnectionDraining.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbLoadBalancerConnectionDraining
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbLoadBalancerConnectionDraining where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the connection draining configuration for the
+-- load balancer.
+--
+-- /See:/ 'newAwsElbLoadBalancerConnectionDraining' smart constructor.
+data AwsElbLoadBalancerConnectionDraining = AwsElbLoadBalancerConnectionDraining'
+  { -- | Indicates whether connection draining is enabled for the load balancer.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | The maximum time, in seconds, to keep the existing connections open
+    -- before deregistering the instances.
+    timeout :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbLoadBalancerConnectionDraining' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enabled', 'awsElbLoadBalancerConnectionDraining_enabled' - Indicates whether connection draining is enabled for the load balancer.
+--
+-- 'timeout', 'awsElbLoadBalancerConnectionDraining_timeout' - The maximum time, in seconds, to keep the existing connections open
+-- before deregistering the instances.
+newAwsElbLoadBalancerConnectionDraining ::
+  AwsElbLoadBalancerConnectionDraining
+newAwsElbLoadBalancerConnectionDraining =
+  AwsElbLoadBalancerConnectionDraining'
+    { enabled =
+        Prelude.Nothing,
+      timeout = Prelude.Nothing
+    }
+
+-- | Indicates whether connection draining is enabled for the load balancer.
+awsElbLoadBalancerConnectionDraining_enabled :: Lens.Lens' AwsElbLoadBalancerConnectionDraining (Prelude.Maybe Prelude.Bool)
+awsElbLoadBalancerConnectionDraining_enabled = Lens.lens (\AwsElbLoadBalancerConnectionDraining' {enabled} -> enabled) (\s@AwsElbLoadBalancerConnectionDraining' {} a -> s {enabled = a} :: AwsElbLoadBalancerConnectionDraining)
+
+-- | The maximum time, in seconds, to keep the existing connections open
+-- before deregistering the instances.
+awsElbLoadBalancerConnectionDraining_timeout :: Lens.Lens' AwsElbLoadBalancerConnectionDraining (Prelude.Maybe Prelude.Int)
+awsElbLoadBalancerConnectionDraining_timeout = Lens.lens (\AwsElbLoadBalancerConnectionDraining' {timeout} -> timeout) (\s@AwsElbLoadBalancerConnectionDraining' {} a -> s {timeout = a} :: AwsElbLoadBalancerConnectionDraining)
+
+instance
+  Data.FromJSON
+    AwsElbLoadBalancerConnectionDraining
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElbLoadBalancerConnectionDraining"
+      ( \x ->
+          AwsElbLoadBalancerConnectionDraining'
+            Prelude.<$> (x Data..:? "Enabled")
+            Prelude.<*> (x Data..:? "Timeout")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElbLoadBalancerConnectionDraining
+  where
+  hashWithSalt
+    _salt
+    AwsElbLoadBalancerConnectionDraining' {..} =
+      _salt
+        `Prelude.hashWithSalt` enabled
+        `Prelude.hashWithSalt` timeout
+
+instance
+  Prelude.NFData
+    AwsElbLoadBalancerConnectionDraining
+  where
+  rnf AwsElbLoadBalancerConnectionDraining' {..} =
+    Prelude.rnf enabled
+      `Prelude.seq` Prelude.rnf timeout
+
+instance
+  Data.ToJSON
+    AwsElbLoadBalancerConnectionDraining
+  where
+  toJSON AwsElbLoadBalancerConnectionDraining' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Enabled" Data..=) Prelude.<$> enabled,
+            ("Timeout" Data..=) Prelude.<$> timeout
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerConnectionSettings.hs b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerConnectionSettings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerConnectionSettings.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbLoadBalancerConnectionSettings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbLoadBalancerConnectionSettings where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains connection settings for the load balancer.
+--
+-- /See:/ 'newAwsElbLoadBalancerConnectionSettings' smart constructor.
+data AwsElbLoadBalancerConnectionSettings = AwsElbLoadBalancerConnectionSettings'
+  { -- | The time, in seconds, that the connection can be idle (no data is sent
+    -- over the connection) before it is closed by the load balancer.
+    idleTimeout :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbLoadBalancerConnectionSettings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'idleTimeout', 'awsElbLoadBalancerConnectionSettings_idleTimeout' - The time, in seconds, that the connection can be idle (no data is sent
+-- over the connection) before it is closed by the load balancer.
+newAwsElbLoadBalancerConnectionSettings ::
+  AwsElbLoadBalancerConnectionSettings
+newAwsElbLoadBalancerConnectionSettings =
+  AwsElbLoadBalancerConnectionSettings'
+    { idleTimeout =
+        Prelude.Nothing
+    }
+
+-- | The time, in seconds, that the connection can be idle (no data is sent
+-- over the connection) before it is closed by the load balancer.
+awsElbLoadBalancerConnectionSettings_idleTimeout :: Lens.Lens' AwsElbLoadBalancerConnectionSettings (Prelude.Maybe Prelude.Int)
+awsElbLoadBalancerConnectionSettings_idleTimeout = Lens.lens (\AwsElbLoadBalancerConnectionSettings' {idleTimeout} -> idleTimeout) (\s@AwsElbLoadBalancerConnectionSettings' {} a -> s {idleTimeout = a} :: AwsElbLoadBalancerConnectionSettings)
+
+instance
+  Data.FromJSON
+    AwsElbLoadBalancerConnectionSettings
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElbLoadBalancerConnectionSettings"
+      ( \x ->
+          AwsElbLoadBalancerConnectionSettings'
+            Prelude.<$> (x Data..:? "IdleTimeout")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElbLoadBalancerConnectionSettings
+  where
+  hashWithSalt
+    _salt
+    AwsElbLoadBalancerConnectionSettings' {..} =
+      _salt `Prelude.hashWithSalt` idleTimeout
+
+instance
+  Prelude.NFData
+    AwsElbLoadBalancerConnectionSettings
+  where
+  rnf AwsElbLoadBalancerConnectionSettings' {..} =
+    Prelude.rnf idleTimeout
+
+instance
+  Data.ToJSON
+    AwsElbLoadBalancerConnectionSettings
+  where
+  toJSON AwsElbLoadBalancerConnectionSettings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("IdleTimeout" Data..=) Prelude.<$> idleTimeout]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerCrossZoneLoadBalancing.hs b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerCrossZoneLoadBalancing.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerCrossZoneLoadBalancing.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbLoadBalancerCrossZoneLoadBalancing
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbLoadBalancerCrossZoneLoadBalancing where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains cross-zone load balancing settings for the load balancer.
+--
+-- /See:/ 'newAwsElbLoadBalancerCrossZoneLoadBalancing' smart constructor.
+data AwsElbLoadBalancerCrossZoneLoadBalancing = AwsElbLoadBalancerCrossZoneLoadBalancing'
+  { -- | Indicates whether cross-zone load balancing is enabled for the load
+    -- balancer.
+    enabled :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbLoadBalancerCrossZoneLoadBalancing' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enabled', 'awsElbLoadBalancerCrossZoneLoadBalancing_enabled' - Indicates whether cross-zone load balancing is enabled for the load
+-- balancer.
+newAwsElbLoadBalancerCrossZoneLoadBalancing ::
+  AwsElbLoadBalancerCrossZoneLoadBalancing
+newAwsElbLoadBalancerCrossZoneLoadBalancing =
+  AwsElbLoadBalancerCrossZoneLoadBalancing'
+    { enabled =
+        Prelude.Nothing
+    }
+
+-- | Indicates whether cross-zone load balancing is enabled for the load
+-- balancer.
+awsElbLoadBalancerCrossZoneLoadBalancing_enabled :: Lens.Lens' AwsElbLoadBalancerCrossZoneLoadBalancing (Prelude.Maybe Prelude.Bool)
+awsElbLoadBalancerCrossZoneLoadBalancing_enabled = Lens.lens (\AwsElbLoadBalancerCrossZoneLoadBalancing' {enabled} -> enabled) (\s@AwsElbLoadBalancerCrossZoneLoadBalancing' {} a -> s {enabled = a} :: AwsElbLoadBalancerCrossZoneLoadBalancing)
+
+instance
+  Data.FromJSON
+    AwsElbLoadBalancerCrossZoneLoadBalancing
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElbLoadBalancerCrossZoneLoadBalancing"
+      ( \x ->
+          AwsElbLoadBalancerCrossZoneLoadBalancing'
+            Prelude.<$> (x Data..:? "Enabled")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElbLoadBalancerCrossZoneLoadBalancing
+  where
+  hashWithSalt
+    _salt
+    AwsElbLoadBalancerCrossZoneLoadBalancing' {..} =
+      _salt `Prelude.hashWithSalt` enabled
+
+instance
+  Prelude.NFData
+    AwsElbLoadBalancerCrossZoneLoadBalancing
+  where
+  rnf AwsElbLoadBalancerCrossZoneLoadBalancing' {..} =
+    Prelude.rnf enabled
+
+instance
+  Data.ToJSON
+    AwsElbLoadBalancerCrossZoneLoadBalancing
+  where
+  toJSON AwsElbLoadBalancerCrossZoneLoadBalancing' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Enabled" Data..=) Prelude.<$> enabled]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerDetails.hs
@@ -0,0 +1,359 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbLoadBalancerDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbLoadBalancerDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerAttributes
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerBackendServerDescription
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerHealthCheck
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerInstance
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerListenerDescription
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerPolicies
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerSourceSecurityGroup
+
+-- | Contains details about a Classic Load Balancer.
+--
+-- /See:/ 'newAwsElbLoadBalancerDetails' smart constructor.
+data AwsElbLoadBalancerDetails = AwsElbLoadBalancerDetails'
+  { -- | The list of Availability Zones for the load balancer.
+    availabilityZones :: Prelude.Maybe [Prelude.Text],
+    -- | Information about the configuration of the EC2 instances.
+    backendServerDescriptions :: Prelude.Maybe [AwsElbLoadBalancerBackendServerDescription],
+    -- | The name of the Amazon Route 53 hosted zone for the load balancer.
+    canonicalHostedZoneName :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the Amazon Route 53 hosted zone for the load balancer.
+    canonicalHostedZoneNameID :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the load balancer was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createdTime :: Prelude.Maybe Prelude.Text,
+    -- | The DNS name of the load balancer.
+    dnsName :: Prelude.Maybe Prelude.Text,
+    -- | Information about the health checks that are conducted on the load
+    -- balancer.
+    healthCheck :: Prelude.Maybe AwsElbLoadBalancerHealthCheck,
+    -- | List of EC2 instances for the load balancer.
+    instances :: Prelude.Maybe [AwsElbLoadBalancerInstance],
+    -- | The policies that are enabled for the load balancer listeners.
+    listenerDescriptions :: Prelude.Maybe [AwsElbLoadBalancerListenerDescription],
+    -- | The attributes for a load balancer.
+    loadBalancerAttributes :: Prelude.Maybe AwsElbLoadBalancerAttributes,
+    -- | The name of the load balancer.
+    loadBalancerName :: Prelude.Maybe Prelude.Text,
+    -- | The policies for a load balancer.
+    policies :: Prelude.Maybe AwsElbLoadBalancerPolicies,
+    -- | The type of load balancer. Only provided if the load balancer is in a
+    -- VPC.
+    --
+    -- If @Scheme@ is @internet-facing@, the load balancer has a public DNS
+    -- name that resolves to a public IP address.
+    --
+    -- If @Scheme@ is @internal@, the load balancer has a public DNS name that
+    -- resolves to a private IP address.
+    scheme :: Prelude.Maybe Prelude.Text,
+    -- | The security groups for the load balancer. Only provided if the load
+    -- balancer is in a VPC.
+    securityGroups :: Prelude.Maybe [Prelude.Text],
+    -- | Information about the security group for the load balancer. This is the
+    -- security group that is used for inbound rules.
+    sourceSecurityGroup :: Prelude.Maybe AwsElbLoadBalancerSourceSecurityGroup,
+    -- | The list of subnet identifiers for the load balancer.
+    subnets :: Prelude.Maybe [Prelude.Text],
+    -- | The identifier of the VPC for the load balancer.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbLoadBalancerDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'availabilityZones', 'awsElbLoadBalancerDetails_availabilityZones' - The list of Availability Zones for the load balancer.
+--
+-- 'backendServerDescriptions', 'awsElbLoadBalancerDetails_backendServerDescriptions' - Information about the configuration of the EC2 instances.
+--
+-- 'canonicalHostedZoneName', 'awsElbLoadBalancerDetails_canonicalHostedZoneName' - The name of the Amazon Route 53 hosted zone for the load balancer.
+--
+-- 'canonicalHostedZoneNameID', 'awsElbLoadBalancerDetails_canonicalHostedZoneNameID' - The ID of the Amazon Route 53 hosted zone for the load balancer.
+--
+-- 'createdTime', 'awsElbLoadBalancerDetails_createdTime' - Indicates when the load balancer was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'dnsName', 'awsElbLoadBalancerDetails_dnsName' - The DNS name of the load balancer.
+--
+-- 'healthCheck', 'awsElbLoadBalancerDetails_healthCheck' - Information about the health checks that are conducted on the load
+-- balancer.
+--
+-- 'instances', 'awsElbLoadBalancerDetails_instances' - List of EC2 instances for the load balancer.
+--
+-- 'listenerDescriptions', 'awsElbLoadBalancerDetails_listenerDescriptions' - The policies that are enabled for the load balancer listeners.
+--
+-- 'loadBalancerAttributes', 'awsElbLoadBalancerDetails_loadBalancerAttributes' - The attributes for a load balancer.
+--
+-- 'loadBalancerName', 'awsElbLoadBalancerDetails_loadBalancerName' - The name of the load balancer.
+--
+-- 'policies', 'awsElbLoadBalancerDetails_policies' - The policies for a load balancer.
+--
+-- 'scheme', 'awsElbLoadBalancerDetails_scheme' - The type of load balancer. Only provided if the load balancer is in a
+-- VPC.
+--
+-- If @Scheme@ is @internet-facing@, the load balancer has a public DNS
+-- name that resolves to a public IP address.
+--
+-- If @Scheme@ is @internal@, the load balancer has a public DNS name that
+-- resolves to a private IP address.
+--
+-- 'securityGroups', 'awsElbLoadBalancerDetails_securityGroups' - The security groups for the load balancer. Only provided if the load
+-- balancer is in a VPC.
+--
+-- 'sourceSecurityGroup', 'awsElbLoadBalancerDetails_sourceSecurityGroup' - Information about the security group for the load balancer. This is the
+-- security group that is used for inbound rules.
+--
+-- 'subnets', 'awsElbLoadBalancerDetails_subnets' - The list of subnet identifiers for the load balancer.
+--
+-- 'vpcId', 'awsElbLoadBalancerDetails_vpcId' - The identifier of the VPC for the load balancer.
+newAwsElbLoadBalancerDetails ::
+  AwsElbLoadBalancerDetails
+newAwsElbLoadBalancerDetails =
+  AwsElbLoadBalancerDetails'
+    { availabilityZones =
+        Prelude.Nothing,
+      backendServerDescriptions = Prelude.Nothing,
+      canonicalHostedZoneName = Prelude.Nothing,
+      canonicalHostedZoneNameID = Prelude.Nothing,
+      createdTime = Prelude.Nothing,
+      dnsName = Prelude.Nothing,
+      healthCheck = Prelude.Nothing,
+      instances = Prelude.Nothing,
+      listenerDescriptions = Prelude.Nothing,
+      loadBalancerAttributes = Prelude.Nothing,
+      loadBalancerName = Prelude.Nothing,
+      policies = Prelude.Nothing,
+      scheme = Prelude.Nothing,
+      securityGroups = Prelude.Nothing,
+      sourceSecurityGroup = Prelude.Nothing,
+      subnets = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | The list of Availability Zones for the load balancer.
+awsElbLoadBalancerDetails_availabilityZones :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe [Prelude.Text])
+awsElbLoadBalancerDetails_availabilityZones = Lens.lens (\AwsElbLoadBalancerDetails' {availabilityZones} -> availabilityZones) (\s@AwsElbLoadBalancerDetails' {} a -> s {availabilityZones = a} :: AwsElbLoadBalancerDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Information about the configuration of the EC2 instances.
+awsElbLoadBalancerDetails_backendServerDescriptions :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe [AwsElbLoadBalancerBackendServerDescription])
+awsElbLoadBalancerDetails_backendServerDescriptions = Lens.lens (\AwsElbLoadBalancerDetails' {backendServerDescriptions} -> backendServerDescriptions) (\s@AwsElbLoadBalancerDetails' {} a -> s {backendServerDescriptions = a} :: AwsElbLoadBalancerDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the Amazon Route 53 hosted zone for the load balancer.
+awsElbLoadBalancerDetails_canonicalHostedZoneName :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerDetails_canonicalHostedZoneName = Lens.lens (\AwsElbLoadBalancerDetails' {canonicalHostedZoneName} -> canonicalHostedZoneName) (\s@AwsElbLoadBalancerDetails' {} a -> s {canonicalHostedZoneName = a} :: AwsElbLoadBalancerDetails)
+
+-- | The ID of the Amazon Route 53 hosted zone for the load balancer.
+awsElbLoadBalancerDetails_canonicalHostedZoneNameID :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerDetails_canonicalHostedZoneNameID = Lens.lens (\AwsElbLoadBalancerDetails' {canonicalHostedZoneNameID} -> canonicalHostedZoneNameID) (\s@AwsElbLoadBalancerDetails' {} a -> s {canonicalHostedZoneNameID = a} :: AwsElbLoadBalancerDetails)
+
+-- | Indicates when the load balancer was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsElbLoadBalancerDetails_createdTime :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerDetails_createdTime = Lens.lens (\AwsElbLoadBalancerDetails' {createdTime} -> createdTime) (\s@AwsElbLoadBalancerDetails' {} a -> s {createdTime = a} :: AwsElbLoadBalancerDetails)
+
+-- | The DNS name of the load balancer.
+awsElbLoadBalancerDetails_dnsName :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerDetails_dnsName = Lens.lens (\AwsElbLoadBalancerDetails' {dnsName} -> dnsName) (\s@AwsElbLoadBalancerDetails' {} a -> s {dnsName = a} :: AwsElbLoadBalancerDetails)
+
+-- | Information about the health checks that are conducted on the load
+-- balancer.
+awsElbLoadBalancerDetails_healthCheck :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe AwsElbLoadBalancerHealthCheck)
+awsElbLoadBalancerDetails_healthCheck = Lens.lens (\AwsElbLoadBalancerDetails' {healthCheck} -> healthCheck) (\s@AwsElbLoadBalancerDetails' {} a -> s {healthCheck = a} :: AwsElbLoadBalancerDetails)
+
+-- | List of EC2 instances for the load balancer.
+awsElbLoadBalancerDetails_instances :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe [AwsElbLoadBalancerInstance])
+awsElbLoadBalancerDetails_instances = Lens.lens (\AwsElbLoadBalancerDetails' {instances} -> instances) (\s@AwsElbLoadBalancerDetails' {} a -> s {instances = a} :: AwsElbLoadBalancerDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The policies that are enabled for the load balancer listeners.
+awsElbLoadBalancerDetails_listenerDescriptions :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe [AwsElbLoadBalancerListenerDescription])
+awsElbLoadBalancerDetails_listenerDescriptions = Lens.lens (\AwsElbLoadBalancerDetails' {listenerDescriptions} -> listenerDescriptions) (\s@AwsElbLoadBalancerDetails' {} a -> s {listenerDescriptions = a} :: AwsElbLoadBalancerDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The attributes for a load balancer.
+awsElbLoadBalancerDetails_loadBalancerAttributes :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe AwsElbLoadBalancerAttributes)
+awsElbLoadBalancerDetails_loadBalancerAttributes = Lens.lens (\AwsElbLoadBalancerDetails' {loadBalancerAttributes} -> loadBalancerAttributes) (\s@AwsElbLoadBalancerDetails' {} a -> s {loadBalancerAttributes = a} :: AwsElbLoadBalancerDetails)
+
+-- | The name of the load balancer.
+awsElbLoadBalancerDetails_loadBalancerName :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerDetails_loadBalancerName = Lens.lens (\AwsElbLoadBalancerDetails' {loadBalancerName} -> loadBalancerName) (\s@AwsElbLoadBalancerDetails' {} a -> s {loadBalancerName = a} :: AwsElbLoadBalancerDetails)
+
+-- | The policies for a load balancer.
+awsElbLoadBalancerDetails_policies :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe AwsElbLoadBalancerPolicies)
+awsElbLoadBalancerDetails_policies = Lens.lens (\AwsElbLoadBalancerDetails' {policies} -> policies) (\s@AwsElbLoadBalancerDetails' {} a -> s {policies = a} :: AwsElbLoadBalancerDetails)
+
+-- | The type of load balancer. Only provided if the load balancer is in a
+-- VPC.
+--
+-- If @Scheme@ is @internet-facing@, the load balancer has a public DNS
+-- name that resolves to a public IP address.
+--
+-- If @Scheme@ is @internal@, the load balancer has a public DNS name that
+-- resolves to a private IP address.
+awsElbLoadBalancerDetails_scheme :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerDetails_scheme = Lens.lens (\AwsElbLoadBalancerDetails' {scheme} -> scheme) (\s@AwsElbLoadBalancerDetails' {} a -> s {scheme = a} :: AwsElbLoadBalancerDetails)
+
+-- | The security groups for the load balancer. Only provided if the load
+-- balancer is in a VPC.
+awsElbLoadBalancerDetails_securityGroups :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe [Prelude.Text])
+awsElbLoadBalancerDetails_securityGroups = Lens.lens (\AwsElbLoadBalancerDetails' {securityGroups} -> securityGroups) (\s@AwsElbLoadBalancerDetails' {} a -> s {securityGroups = a} :: AwsElbLoadBalancerDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Information about the security group for the load balancer. This is the
+-- security group that is used for inbound rules.
+awsElbLoadBalancerDetails_sourceSecurityGroup :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe AwsElbLoadBalancerSourceSecurityGroup)
+awsElbLoadBalancerDetails_sourceSecurityGroup = Lens.lens (\AwsElbLoadBalancerDetails' {sourceSecurityGroup} -> sourceSecurityGroup) (\s@AwsElbLoadBalancerDetails' {} a -> s {sourceSecurityGroup = a} :: AwsElbLoadBalancerDetails)
+
+-- | The list of subnet identifiers for the load balancer.
+awsElbLoadBalancerDetails_subnets :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe [Prelude.Text])
+awsElbLoadBalancerDetails_subnets = Lens.lens (\AwsElbLoadBalancerDetails' {subnets} -> subnets) (\s@AwsElbLoadBalancerDetails' {} a -> s {subnets = a} :: AwsElbLoadBalancerDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The identifier of the VPC for the load balancer.
+awsElbLoadBalancerDetails_vpcId :: Lens.Lens' AwsElbLoadBalancerDetails (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerDetails_vpcId = Lens.lens (\AwsElbLoadBalancerDetails' {vpcId} -> vpcId) (\s@AwsElbLoadBalancerDetails' {} a -> s {vpcId = a} :: AwsElbLoadBalancerDetails)
+
+instance Data.FromJSON AwsElbLoadBalancerDetails where
+  parseJSON =
+    Data.withObject
+      "AwsElbLoadBalancerDetails"
+      ( \x ->
+          AwsElbLoadBalancerDetails'
+            Prelude.<$> ( x
+                            Data..:? "AvailabilityZones"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "BackendServerDescriptions"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "CanonicalHostedZoneName")
+            Prelude.<*> (x Data..:? "CanonicalHostedZoneNameID")
+            Prelude.<*> (x Data..:? "CreatedTime")
+            Prelude.<*> (x Data..:? "DnsName")
+            Prelude.<*> (x Data..:? "HealthCheck")
+            Prelude.<*> (x Data..:? "Instances" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "ListenerDescriptions"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "LoadBalancerAttributes")
+            Prelude.<*> (x Data..:? "LoadBalancerName")
+            Prelude.<*> (x Data..:? "Policies")
+            Prelude.<*> (x Data..:? "Scheme")
+            Prelude.<*> (x Data..:? "SecurityGroups" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "SourceSecurityGroup")
+            Prelude.<*> (x Data..:? "Subnets" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "VpcId")
+      )
+
+instance Prelude.Hashable AwsElbLoadBalancerDetails where
+  hashWithSalt _salt AwsElbLoadBalancerDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` availabilityZones
+      `Prelude.hashWithSalt` backendServerDescriptions
+      `Prelude.hashWithSalt` canonicalHostedZoneName
+      `Prelude.hashWithSalt` canonicalHostedZoneNameID
+      `Prelude.hashWithSalt` createdTime
+      `Prelude.hashWithSalt` dnsName
+      `Prelude.hashWithSalt` healthCheck
+      `Prelude.hashWithSalt` instances
+      `Prelude.hashWithSalt` listenerDescriptions
+      `Prelude.hashWithSalt` loadBalancerAttributes
+      `Prelude.hashWithSalt` loadBalancerName
+      `Prelude.hashWithSalt` policies
+      `Prelude.hashWithSalt` scheme
+      `Prelude.hashWithSalt` securityGroups
+      `Prelude.hashWithSalt` sourceSecurityGroup
+      `Prelude.hashWithSalt` subnets
+      `Prelude.hashWithSalt` vpcId
+
+instance Prelude.NFData AwsElbLoadBalancerDetails where
+  rnf AwsElbLoadBalancerDetails' {..} =
+    Prelude.rnf availabilityZones
+      `Prelude.seq` Prelude.rnf backendServerDescriptions
+      `Prelude.seq` Prelude.rnf canonicalHostedZoneName
+      `Prelude.seq` Prelude.rnf canonicalHostedZoneNameID
+      `Prelude.seq` Prelude.rnf createdTime
+      `Prelude.seq` Prelude.rnf dnsName
+      `Prelude.seq` Prelude.rnf healthCheck
+      `Prelude.seq` Prelude.rnf instances
+      `Prelude.seq` Prelude.rnf listenerDescriptions
+      `Prelude.seq` Prelude.rnf loadBalancerAttributes
+      `Prelude.seq` Prelude.rnf loadBalancerName
+      `Prelude.seq` Prelude.rnf policies
+      `Prelude.seq` Prelude.rnf scheme
+      `Prelude.seq` Prelude.rnf securityGroups
+      `Prelude.seq` Prelude.rnf sourceSecurityGroup
+      `Prelude.seq` Prelude.rnf subnets
+      `Prelude.seq` Prelude.rnf vpcId
+
+instance Data.ToJSON AwsElbLoadBalancerDetails where
+  toJSON AwsElbLoadBalancerDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AvailabilityZones" Data..=)
+              Prelude.<$> availabilityZones,
+            ("BackendServerDescriptions" Data..=)
+              Prelude.<$> backendServerDescriptions,
+            ("CanonicalHostedZoneName" Data..=)
+              Prelude.<$> canonicalHostedZoneName,
+            ("CanonicalHostedZoneNameID" Data..=)
+              Prelude.<$> canonicalHostedZoneNameID,
+            ("CreatedTime" Data..=) Prelude.<$> createdTime,
+            ("DnsName" Data..=) Prelude.<$> dnsName,
+            ("HealthCheck" Data..=) Prelude.<$> healthCheck,
+            ("Instances" Data..=) Prelude.<$> instances,
+            ("ListenerDescriptions" Data..=)
+              Prelude.<$> listenerDescriptions,
+            ("LoadBalancerAttributes" Data..=)
+              Prelude.<$> loadBalancerAttributes,
+            ("LoadBalancerName" Data..=)
+              Prelude.<$> loadBalancerName,
+            ("Policies" Data..=) Prelude.<$> policies,
+            ("Scheme" Data..=) Prelude.<$> scheme,
+            ("SecurityGroups" Data..=)
+              Prelude.<$> securityGroups,
+            ("SourceSecurityGroup" Data..=)
+              Prelude.<$> sourceSecurityGroup,
+            ("Subnets" Data..=) Prelude.<$> subnets,
+            ("VpcId" Data..=) Prelude.<$> vpcId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerHealthCheck.hs b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerHealthCheck.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerHealthCheck.hs
@@ -0,0 +1,187 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbLoadBalancerHealthCheck
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbLoadBalancerHealthCheck where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the health checks that are conducted on the
+-- load balancer.
+--
+-- /See:/ 'newAwsElbLoadBalancerHealthCheck' smart constructor.
+data AwsElbLoadBalancerHealthCheck = AwsElbLoadBalancerHealthCheck'
+  { -- | The number of consecutive health check successes required before the
+    -- instance is moved to the Healthy state.
+    healthyThreshold :: Prelude.Maybe Prelude.Int,
+    -- | The approximate interval, in seconds, between health checks of an
+    -- individual instance.
+    interval :: Prelude.Maybe Prelude.Int,
+    -- | The instance that is being checked. The target specifies the protocol
+    -- and port. The available protocols are TCP, SSL, HTTP, and HTTPS. The
+    -- range of valid ports is 1 through 65535.
+    --
+    -- For the HTTP and HTTPS protocols, the target also specifies the ping
+    -- path.
+    --
+    -- For the TCP protocol, the target is specified as @TCP: @/@\<port>@/@ @.
+    --
+    -- For the SSL protocol, the target is specified as @SSL.@/@\<port>@/@ @.
+    --
+    -- For the HTTP and HTTPS protocols, the target is specified as
+    -- @ @/@\<protocol>@/@:@/@\<port>@/@\/@/@\<path to ping>@/@ @.
+    target :: Prelude.Maybe Prelude.Text,
+    -- | The amount of time, in seconds, during which no response means a failed
+    -- health check.
+    timeout :: Prelude.Maybe Prelude.Int,
+    -- | The number of consecutive health check failures that must occur before
+    -- the instance is moved to the Unhealthy state.
+    unhealthyThreshold :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbLoadBalancerHealthCheck' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'healthyThreshold', 'awsElbLoadBalancerHealthCheck_healthyThreshold' - The number of consecutive health check successes required before the
+-- instance is moved to the Healthy state.
+--
+-- 'interval', 'awsElbLoadBalancerHealthCheck_interval' - The approximate interval, in seconds, between health checks of an
+-- individual instance.
+--
+-- 'target', 'awsElbLoadBalancerHealthCheck_target' - The instance that is being checked. The target specifies the protocol
+-- and port. The available protocols are TCP, SSL, HTTP, and HTTPS. The
+-- range of valid ports is 1 through 65535.
+--
+-- For the HTTP and HTTPS protocols, the target also specifies the ping
+-- path.
+--
+-- For the TCP protocol, the target is specified as @TCP: @/@\<port>@/@ @.
+--
+-- For the SSL protocol, the target is specified as @SSL.@/@\<port>@/@ @.
+--
+-- For the HTTP and HTTPS protocols, the target is specified as
+-- @ @/@\<protocol>@/@:@/@\<port>@/@\/@/@\<path to ping>@/@ @.
+--
+-- 'timeout', 'awsElbLoadBalancerHealthCheck_timeout' - The amount of time, in seconds, during which no response means a failed
+-- health check.
+--
+-- 'unhealthyThreshold', 'awsElbLoadBalancerHealthCheck_unhealthyThreshold' - The number of consecutive health check failures that must occur before
+-- the instance is moved to the Unhealthy state.
+newAwsElbLoadBalancerHealthCheck ::
+  AwsElbLoadBalancerHealthCheck
+newAwsElbLoadBalancerHealthCheck =
+  AwsElbLoadBalancerHealthCheck'
+    { healthyThreshold =
+        Prelude.Nothing,
+      interval = Prelude.Nothing,
+      target = Prelude.Nothing,
+      timeout = Prelude.Nothing,
+      unhealthyThreshold = Prelude.Nothing
+    }
+
+-- | The number of consecutive health check successes required before the
+-- instance is moved to the Healthy state.
+awsElbLoadBalancerHealthCheck_healthyThreshold :: Lens.Lens' AwsElbLoadBalancerHealthCheck (Prelude.Maybe Prelude.Int)
+awsElbLoadBalancerHealthCheck_healthyThreshold = Lens.lens (\AwsElbLoadBalancerHealthCheck' {healthyThreshold} -> healthyThreshold) (\s@AwsElbLoadBalancerHealthCheck' {} a -> s {healthyThreshold = a} :: AwsElbLoadBalancerHealthCheck)
+
+-- | The approximate interval, in seconds, between health checks of an
+-- individual instance.
+awsElbLoadBalancerHealthCheck_interval :: Lens.Lens' AwsElbLoadBalancerHealthCheck (Prelude.Maybe Prelude.Int)
+awsElbLoadBalancerHealthCheck_interval = Lens.lens (\AwsElbLoadBalancerHealthCheck' {interval} -> interval) (\s@AwsElbLoadBalancerHealthCheck' {} a -> s {interval = a} :: AwsElbLoadBalancerHealthCheck)
+
+-- | The instance that is being checked. The target specifies the protocol
+-- and port. The available protocols are TCP, SSL, HTTP, and HTTPS. The
+-- range of valid ports is 1 through 65535.
+--
+-- For the HTTP and HTTPS protocols, the target also specifies the ping
+-- path.
+--
+-- For the TCP protocol, the target is specified as @TCP: @/@\<port>@/@ @.
+--
+-- For the SSL protocol, the target is specified as @SSL.@/@\<port>@/@ @.
+--
+-- For the HTTP and HTTPS protocols, the target is specified as
+-- @ @/@\<protocol>@/@:@/@\<port>@/@\/@/@\<path to ping>@/@ @.
+awsElbLoadBalancerHealthCheck_target :: Lens.Lens' AwsElbLoadBalancerHealthCheck (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerHealthCheck_target = Lens.lens (\AwsElbLoadBalancerHealthCheck' {target} -> target) (\s@AwsElbLoadBalancerHealthCheck' {} a -> s {target = a} :: AwsElbLoadBalancerHealthCheck)
+
+-- | The amount of time, in seconds, during which no response means a failed
+-- health check.
+awsElbLoadBalancerHealthCheck_timeout :: Lens.Lens' AwsElbLoadBalancerHealthCheck (Prelude.Maybe Prelude.Int)
+awsElbLoadBalancerHealthCheck_timeout = Lens.lens (\AwsElbLoadBalancerHealthCheck' {timeout} -> timeout) (\s@AwsElbLoadBalancerHealthCheck' {} a -> s {timeout = a} :: AwsElbLoadBalancerHealthCheck)
+
+-- | The number of consecutive health check failures that must occur before
+-- the instance is moved to the Unhealthy state.
+awsElbLoadBalancerHealthCheck_unhealthyThreshold :: Lens.Lens' AwsElbLoadBalancerHealthCheck (Prelude.Maybe Prelude.Int)
+awsElbLoadBalancerHealthCheck_unhealthyThreshold = Lens.lens (\AwsElbLoadBalancerHealthCheck' {unhealthyThreshold} -> unhealthyThreshold) (\s@AwsElbLoadBalancerHealthCheck' {} a -> s {unhealthyThreshold = a} :: AwsElbLoadBalancerHealthCheck)
+
+instance Data.FromJSON AwsElbLoadBalancerHealthCheck where
+  parseJSON =
+    Data.withObject
+      "AwsElbLoadBalancerHealthCheck"
+      ( \x ->
+          AwsElbLoadBalancerHealthCheck'
+            Prelude.<$> (x Data..:? "HealthyThreshold")
+            Prelude.<*> (x Data..:? "Interval")
+            Prelude.<*> (x Data..:? "Target")
+            Prelude.<*> (x Data..:? "Timeout")
+            Prelude.<*> (x Data..:? "UnhealthyThreshold")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElbLoadBalancerHealthCheck
+  where
+  hashWithSalt _salt AwsElbLoadBalancerHealthCheck' {..} =
+    _salt
+      `Prelude.hashWithSalt` healthyThreshold
+      `Prelude.hashWithSalt` interval
+      `Prelude.hashWithSalt` target
+      `Prelude.hashWithSalt` timeout
+      `Prelude.hashWithSalt` unhealthyThreshold
+
+instance Prelude.NFData AwsElbLoadBalancerHealthCheck where
+  rnf AwsElbLoadBalancerHealthCheck' {..} =
+    Prelude.rnf healthyThreshold
+      `Prelude.seq` Prelude.rnf interval
+      `Prelude.seq` Prelude.rnf target
+      `Prelude.seq` Prelude.rnf timeout
+      `Prelude.seq` Prelude.rnf unhealthyThreshold
+
+instance Data.ToJSON AwsElbLoadBalancerHealthCheck where
+  toJSON AwsElbLoadBalancerHealthCheck' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("HealthyThreshold" Data..=)
+              Prelude.<$> healthyThreshold,
+            ("Interval" Data..=) Prelude.<$> interval,
+            ("Target" Data..=) Prelude.<$> target,
+            ("Timeout" Data..=) Prelude.<$> timeout,
+            ("UnhealthyThreshold" Data..=)
+              Prelude.<$> unhealthyThreshold
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerInstance.hs b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerInstance.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerInstance.hs
@@ -0,0 +1,79 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbLoadBalancerInstance
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbLoadBalancerInstance where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about an EC2 instance for a load balancer.
+--
+-- /See:/ 'newAwsElbLoadBalancerInstance' smart constructor.
+data AwsElbLoadBalancerInstance = AwsElbLoadBalancerInstance'
+  { -- | The instance identifier.
+    instanceId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbLoadBalancerInstance' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceId', 'awsElbLoadBalancerInstance_instanceId' - The instance identifier.
+newAwsElbLoadBalancerInstance ::
+  AwsElbLoadBalancerInstance
+newAwsElbLoadBalancerInstance =
+  AwsElbLoadBalancerInstance'
+    { instanceId =
+        Prelude.Nothing
+    }
+
+-- | The instance identifier.
+awsElbLoadBalancerInstance_instanceId :: Lens.Lens' AwsElbLoadBalancerInstance (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerInstance_instanceId = Lens.lens (\AwsElbLoadBalancerInstance' {instanceId} -> instanceId) (\s@AwsElbLoadBalancerInstance' {} a -> s {instanceId = a} :: AwsElbLoadBalancerInstance)
+
+instance Data.FromJSON AwsElbLoadBalancerInstance where
+  parseJSON =
+    Data.withObject
+      "AwsElbLoadBalancerInstance"
+      ( \x ->
+          AwsElbLoadBalancerInstance'
+            Prelude.<$> (x Data..:? "InstanceId")
+      )
+
+instance Prelude.Hashable AwsElbLoadBalancerInstance where
+  hashWithSalt _salt AwsElbLoadBalancerInstance' {..} =
+    _salt `Prelude.hashWithSalt` instanceId
+
+instance Prelude.NFData AwsElbLoadBalancerInstance where
+  rnf AwsElbLoadBalancerInstance' {..} =
+    Prelude.rnf instanceId
+
+instance Data.ToJSON AwsElbLoadBalancerInstance where
+  toJSON AwsElbLoadBalancerInstance' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("InstanceId" Data..=) Prelude.<$> instanceId]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerListener.hs b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerListener.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerListener.hs
@@ -0,0 +1,163 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbLoadBalancerListener
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbLoadBalancerListener where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about a load balancer listener.
+--
+-- /See:/ 'newAwsElbLoadBalancerListener' smart constructor.
+data AwsElbLoadBalancerListener = AwsElbLoadBalancerListener'
+  { -- | The port on which the instance is listening.
+    instancePort :: Prelude.Maybe Prelude.Int,
+    -- | The protocol to use to route traffic to instances.
+    --
+    -- Valid values: @HTTP@ | @HTTPS@ | @TCP@ | @SSL@
+    instanceProtocol :: Prelude.Maybe Prelude.Text,
+    -- | The port on which the load balancer is listening.
+    --
+    -- On EC2-VPC, you can specify any port from the range 1-65535.
+    --
+    -- On EC2-Classic, you can specify any port from the following list: 25,
+    -- 80, 443, 465, 587, 1024-65535.
+    loadBalancerPort :: Prelude.Maybe Prelude.Int,
+    -- | The load balancer transport protocol to use for routing.
+    --
+    -- Valid values: @HTTP@ | @HTTPS@ | @TCP@ | @SSL@
+    protocol :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the server certificate.
+    sslCertificateId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbLoadBalancerListener' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instancePort', 'awsElbLoadBalancerListener_instancePort' - The port on which the instance is listening.
+--
+-- 'instanceProtocol', 'awsElbLoadBalancerListener_instanceProtocol' - The protocol to use to route traffic to instances.
+--
+-- Valid values: @HTTP@ | @HTTPS@ | @TCP@ | @SSL@
+--
+-- 'loadBalancerPort', 'awsElbLoadBalancerListener_loadBalancerPort' - The port on which the load balancer is listening.
+--
+-- On EC2-VPC, you can specify any port from the range 1-65535.
+--
+-- On EC2-Classic, you can specify any port from the following list: 25,
+-- 80, 443, 465, 587, 1024-65535.
+--
+-- 'protocol', 'awsElbLoadBalancerListener_protocol' - The load balancer transport protocol to use for routing.
+--
+-- Valid values: @HTTP@ | @HTTPS@ | @TCP@ | @SSL@
+--
+-- 'sslCertificateId', 'awsElbLoadBalancerListener_sslCertificateId' - The ARN of the server certificate.
+newAwsElbLoadBalancerListener ::
+  AwsElbLoadBalancerListener
+newAwsElbLoadBalancerListener =
+  AwsElbLoadBalancerListener'
+    { instancePort =
+        Prelude.Nothing,
+      instanceProtocol = Prelude.Nothing,
+      loadBalancerPort = Prelude.Nothing,
+      protocol = Prelude.Nothing,
+      sslCertificateId = Prelude.Nothing
+    }
+
+-- | The port on which the instance is listening.
+awsElbLoadBalancerListener_instancePort :: Lens.Lens' AwsElbLoadBalancerListener (Prelude.Maybe Prelude.Int)
+awsElbLoadBalancerListener_instancePort = Lens.lens (\AwsElbLoadBalancerListener' {instancePort} -> instancePort) (\s@AwsElbLoadBalancerListener' {} a -> s {instancePort = a} :: AwsElbLoadBalancerListener)
+
+-- | The protocol to use to route traffic to instances.
+--
+-- Valid values: @HTTP@ | @HTTPS@ | @TCP@ | @SSL@
+awsElbLoadBalancerListener_instanceProtocol :: Lens.Lens' AwsElbLoadBalancerListener (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerListener_instanceProtocol = Lens.lens (\AwsElbLoadBalancerListener' {instanceProtocol} -> instanceProtocol) (\s@AwsElbLoadBalancerListener' {} a -> s {instanceProtocol = a} :: AwsElbLoadBalancerListener)
+
+-- | The port on which the load balancer is listening.
+--
+-- On EC2-VPC, you can specify any port from the range 1-65535.
+--
+-- On EC2-Classic, you can specify any port from the following list: 25,
+-- 80, 443, 465, 587, 1024-65535.
+awsElbLoadBalancerListener_loadBalancerPort :: Lens.Lens' AwsElbLoadBalancerListener (Prelude.Maybe Prelude.Int)
+awsElbLoadBalancerListener_loadBalancerPort = Lens.lens (\AwsElbLoadBalancerListener' {loadBalancerPort} -> loadBalancerPort) (\s@AwsElbLoadBalancerListener' {} a -> s {loadBalancerPort = a} :: AwsElbLoadBalancerListener)
+
+-- | The load balancer transport protocol to use for routing.
+--
+-- Valid values: @HTTP@ | @HTTPS@ | @TCP@ | @SSL@
+awsElbLoadBalancerListener_protocol :: Lens.Lens' AwsElbLoadBalancerListener (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerListener_protocol = Lens.lens (\AwsElbLoadBalancerListener' {protocol} -> protocol) (\s@AwsElbLoadBalancerListener' {} a -> s {protocol = a} :: AwsElbLoadBalancerListener)
+
+-- | The ARN of the server certificate.
+awsElbLoadBalancerListener_sslCertificateId :: Lens.Lens' AwsElbLoadBalancerListener (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerListener_sslCertificateId = Lens.lens (\AwsElbLoadBalancerListener' {sslCertificateId} -> sslCertificateId) (\s@AwsElbLoadBalancerListener' {} a -> s {sslCertificateId = a} :: AwsElbLoadBalancerListener)
+
+instance Data.FromJSON AwsElbLoadBalancerListener where
+  parseJSON =
+    Data.withObject
+      "AwsElbLoadBalancerListener"
+      ( \x ->
+          AwsElbLoadBalancerListener'
+            Prelude.<$> (x Data..:? "InstancePort")
+            Prelude.<*> (x Data..:? "InstanceProtocol")
+            Prelude.<*> (x Data..:? "LoadBalancerPort")
+            Prelude.<*> (x Data..:? "Protocol")
+            Prelude.<*> (x Data..:? "SslCertificateId")
+      )
+
+instance Prelude.Hashable AwsElbLoadBalancerListener where
+  hashWithSalt _salt AwsElbLoadBalancerListener' {..} =
+    _salt
+      `Prelude.hashWithSalt` instancePort
+      `Prelude.hashWithSalt` instanceProtocol
+      `Prelude.hashWithSalt` loadBalancerPort
+      `Prelude.hashWithSalt` protocol
+      `Prelude.hashWithSalt` sslCertificateId
+
+instance Prelude.NFData AwsElbLoadBalancerListener where
+  rnf AwsElbLoadBalancerListener' {..} =
+    Prelude.rnf instancePort
+      `Prelude.seq` Prelude.rnf instanceProtocol
+      `Prelude.seq` Prelude.rnf loadBalancerPort
+      `Prelude.seq` Prelude.rnf protocol
+      `Prelude.seq` Prelude.rnf sslCertificateId
+
+instance Data.ToJSON AwsElbLoadBalancerListener where
+  toJSON AwsElbLoadBalancerListener' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("InstancePort" Data..=) Prelude.<$> instancePort,
+            ("InstanceProtocol" Data..=)
+              Prelude.<$> instanceProtocol,
+            ("LoadBalancerPort" Data..=)
+              Prelude.<$> loadBalancerPort,
+            ("Protocol" Data..=) Prelude.<$> protocol,
+            ("SslCertificateId" Data..=)
+              Prelude.<$> sslCertificateId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerListenerDescription.hs b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerListenerDescription.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerListenerDescription.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbLoadBalancerListenerDescription
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbLoadBalancerListenerDescription where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerListener
+
+-- | Lists the policies that are enabled for a load balancer listener.
+--
+-- /See:/ 'newAwsElbLoadBalancerListenerDescription' smart constructor.
+data AwsElbLoadBalancerListenerDescription = AwsElbLoadBalancerListenerDescription'
+  { -- | Information about the listener.
+    listener :: Prelude.Maybe AwsElbLoadBalancerListener,
+    -- | The policies enabled for the listener.
+    policyNames :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbLoadBalancerListenerDescription' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'listener', 'awsElbLoadBalancerListenerDescription_listener' - Information about the listener.
+--
+-- 'policyNames', 'awsElbLoadBalancerListenerDescription_policyNames' - The policies enabled for the listener.
+newAwsElbLoadBalancerListenerDescription ::
+  AwsElbLoadBalancerListenerDescription
+newAwsElbLoadBalancerListenerDescription =
+  AwsElbLoadBalancerListenerDescription'
+    { listener =
+        Prelude.Nothing,
+      policyNames = Prelude.Nothing
+    }
+
+-- | Information about the listener.
+awsElbLoadBalancerListenerDescription_listener :: Lens.Lens' AwsElbLoadBalancerListenerDescription (Prelude.Maybe AwsElbLoadBalancerListener)
+awsElbLoadBalancerListenerDescription_listener = Lens.lens (\AwsElbLoadBalancerListenerDescription' {listener} -> listener) (\s@AwsElbLoadBalancerListenerDescription' {} a -> s {listener = a} :: AwsElbLoadBalancerListenerDescription)
+
+-- | The policies enabled for the listener.
+awsElbLoadBalancerListenerDescription_policyNames :: Lens.Lens' AwsElbLoadBalancerListenerDescription (Prelude.Maybe [Prelude.Text])
+awsElbLoadBalancerListenerDescription_policyNames = Lens.lens (\AwsElbLoadBalancerListenerDescription' {policyNames} -> policyNames) (\s@AwsElbLoadBalancerListenerDescription' {} a -> s {policyNames = a} :: AwsElbLoadBalancerListenerDescription) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsElbLoadBalancerListenerDescription
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElbLoadBalancerListenerDescription"
+      ( \x ->
+          AwsElbLoadBalancerListenerDescription'
+            Prelude.<$> (x Data..:? "Listener")
+            Prelude.<*> (x Data..:? "PolicyNames" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsElbLoadBalancerListenerDescription
+  where
+  hashWithSalt
+    _salt
+    AwsElbLoadBalancerListenerDescription' {..} =
+      _salt
+        `Prelude.hashWithSalt` listener
+        `Prelude.hashWithSalt` policyNames
+
+instance
+  Prelude.NFData
+    AwsElbLoadBalancerListenerDescription
+  where
+  rnf AwsElbLoadBalancerListenerDescription' {..} =
+    Prelude.rnf listener
+      `Prelude.seq` Prelude.rnf policyNames
+
+instance
+  Data.ToJSON
+    AwsElbLoadBalancerListenerDescription
+  where
+  toJSON AwsElbLoadBalancerListenerDescription' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Listener" Data..=) Prelude.<$> listener,
+            ("PolicyNames" Data..=) Prelude.<$> policyNames
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerPolicies.hs b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerPolicies.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerPolicies.hs
@@ -0,0 +1,123 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbLoadBalancerPolicies
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbLoadBalancerPolicies where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsElbAppCookieStickinessPolicy
+import Amazonka.SecurityHub.Types.AwsElbLbCookieStickinessPolicy
+
+-- | Contains information about the policies for a load balancer.
+--
+-- /See:/ 'newAwsElbLoadBalancerPolicies' smart constructor.
+data AwsElbLoadBalancerPolicies = AwsElbLoadBalancerPolicies'
+  { -- | The stickiness policies that are created using
+    -- @CreateAppCookieStickinessPolicy@.
+    appCookieStickinessPolicies :: Prelude.Maybe [AwsElbAppCookieStickinessPolicy],
+    -- | The stickiness policies that are created using
+    -- @CreateLBCookieStickinessPolicy@.
+    lbCookieStickinessPolicies :: Prelude.Maybe [AwsElbLbCookieStickinessPolicy],
+    -- | The policies other than the stickiness policies.
+    otherPolicies :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbLoadBalancerPolicies' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'appCookieStickinessPolicies', 'awsElbLoadBalancerPolicies_appCookieStickinessPolicies' - The stickiness policies that are created using
+-- @CreateAppCookieStickinessPolicy@.
+--
+-- 'lbCookieStickinessPolicies', 'awsElbLoadBalancerPolicies_lbCookieStickinessPolicies' - The stickiness policies that are created using
+-- @CreateLBCookieStickinessPolicy@.
+--
+-- 'otherPolicies', 'awsElbLoadBalancerPolicies_otherPolicies' - The policies other than the stickiness policies.
+newAwsElbLoadBalancerPolicies ::
+  AwsElbLoadBalancerPolicies
+newAwsElbLoadBalancerPolicies =
+  AwsElbLoadBalancerPolicies'
+    { appCookieStickinessPolicies =
+        Prelude.Nothing,
+      lbCookieStickinessPolicies = Prelude.Nothing,
+      otherPolicies = Prelude.Nothing
+    }
+
+-- | The stickiness policies that are created using
+-- @CreateAppCookieStickinessPolicy@.
+awsElbLoadBalancerPolicies_appCookieStickinessPolicies :: Lens.Lens' AwsElbLoadBalancerPolicies (Prelude.Maybe [AwsElbAppCookieStickinessPolicy])
+awsElbLoadBalancerPolicies_appCookieStickinessPolicies = Lens.lens (\AwsElbLoadBalancerPolicies' {appCookieStickinessPolicies} -> appCookieStickinessPolicies) (\s@AwsElbLoadBalancerPolicies' {} a -> s {appCookieStickinessPolicies = a} :: AwsElbLoadBalancerPolicies) Prelude.. Lens.mapping Lens.coerced
+
+-- | The stickiness policies that are created using
+-- @CreateLBCookieStickinessPolicy@.
+awsElbLoadBalancerPolicies_lbCookieStickinessPolicies :: Lens.Lens' AwsElbLoadBalancerPolicies (Prelude.Maybe [AwsElbLbCookieStickinessPolicy])
+awsElbLoadBalancerPolicies_lbCookieStickinessPolicies = Lens.lens (\AwsElbLoadBalancerPolicies' {lbCookieStickinessPolicies} -> lbCookieStickinessPolicies) (\s@AwsElbLoadBalancerPolicies' {} a -> s {lbCookieStickinessPolicies = a} :: AwsElbLoadBalancerPolicies) Prelude.. Lens.mapping Lens.coerced
+
+-- | The policies other than the stickiness policies.
+awsElbLoadBalancerPolicies_otherPolicies :: Lens.Lens' AwsElbLoadBalancerPolicies (Prelude.Maybe [Prelude.Text])
+awsElbLoadBalancerPolicies_otherPolicies = Lens.lens (\AwsElbLoadBalancerPolicies' {otherPolicies} -> otherPolicies) (\s@AwsElbLoadBalancerPolicies' {} a -> s {otherPolicies = a} :: AwsElbLoadBalancerPolicies) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsElbLoadBalancerPolicies where
+  parseJSON =
+    Data.withObject
+      "AwsElbLoadBalancerPolicies"
+      ( \x ->
+          AwsElbLoadBalancerPolicies'
+            Prelude.<$> ( x
+                            Data..:? "AppCookieStickinessPolicies"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "LbCookieStickinessPolicies"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "OtherPolicies" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable AwsElbLoadBalancerPolicies where
+  hashWithSalt _salt AwsElbLoadBalancerPolicies' {..} =
+    _salt
+      `Prelude.hashWithSalt` appCookieStickinessPolicies
+      `Prelude.hashWithSalt` lbCookieStickinessPolicies
+      `Prelude.hashWithSalt` otherPolicies
+
+instance Prelude.NFData AwsElbLoadBalancerPolicies where
+  rnf AwsElbLoadBalancerPolicies' {..} =
+    Prelude.rnf appCookieStickinessPolicies
+      `Prelude.seq` Prelude.rnf lbCookieStickinessPolicies
+      `Prelude.seq` Prelude.rnf otherPolicies
+
+instance Data.ToJSON AwsElbLoadBalancerPolicies where
+  toJSON AwsElbLoadBalancerPolicies' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AppCookieStickinessPolicies" Data..=)
+              Prelude.<$> appCookieStickinessPolicies,
+            ("LbCookieStickinessPolicies" Data..=)
+              Prelude.<$> lbCookieStickinessPolicies,
+            ("OtherPolicies" Data..=) Prelude.<$> otherPolicies
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerSourceSecurityGroup.hs b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerSourceSecurityGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbLoadBalancerSourceSecurityGroup.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbLoadBalancerSourceSecurityGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbLoadBalancerSourceSecurityGroup where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the security group for the load balancer.
+--
+-- /See:/ 'newAwsElbLoadBalancerSourceSecurityGroup' smart constructor.
+data AwsElbLoadBalancerSourceSecurityGroup = AwsElbLoadBalancerSourceSecurityGroup'
+  { -- | The name of the security group.
+    groupName :: Prelude.Maybe Prelude.Text,
+    -- | The owner of the security group.
+    ownerAlias :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbLoadBalancerSourceSecurityGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'groupName', 'awsElbLoadBalancerSourceSecurityGroup_groupName' - The name of the security group.
+--
+-- 'ownerAlias', 'awsElbLoadBalancerSourceSecurityGroup_ownerAlias' - The owner of the security group.
+newAwsElbLoadBalancerSourceSecurityGroup ::
+  AwsElbLoadBalancerSourceSecurityGroup
+newAwsElbLoadBalancerSourceSecurityGroup =
+  AwsElbLoadBalancerSourceSecurityGroup'
+    { groupName =
+        Prelude.Nothing,
+      ownerAlias = Prelude.Nothing
+    }
+
+-- | The name of the security group.
+awsElbLoadBalancerSourceSecurityGroup_groupName :: Lens.Lens' AwsElbLoadBalancerSourceSecurityGroup (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerSourceSecurityGroup_groupName = Lens.lens (\AwsElbLoadBalancerSourceSecurityGroup' {groupName} -> groupName) (\s@AwsElbLoadBalancerSourceSecurityGroup' {} a -> s {groupName = a} :: AwsElbLoadBalancerSourceSecurityGroup)
+
+-- | The owner of the security group.
+awsElbLoadBalancerSourceSecurityGroup_ownerAlias :: Lens.Lens' AwsElbLoadBalancerSourceSecurityGroup (Prelude.Maybe Prelude.Text)
+awsElbLoadBalancerSourceSecurityGroup_ownerAlias = Lens.lens (\AwsElbLoadBalancerSourceSecurityGroup' {ownerAlias} -> ownerAlias) (\s@AwsElbLoadBalancerSourceSecurityGroup' {} a -> s {ownerAlias = a} :: AwsElbLoadBalancerSourceSecurityGroup)
+
+instance
+  Data.FromJSON
+    AwsElbLoadBalancerSourceSecurityGroup
+  where
+  parseJSON =
+    Data.withObject
+      "AwsElbLoadBalancerSourceSecurityGroup"
+      ( \x ->
+          AwsElbLoadBalancerSourceSecurityGroup'
+            Prelude.<$> (x Data..:? "GroupName")
+            Prelude.<*> (x Data..:? "OwnerAlias")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElbLoadBalancerSourceSecurityGroup
+  where
+  hashWithSalt
+    _salt
+    AwsElbLoadBalancerSourceSecurityGroup' {..} =
+      _salt
+        `Prelude.hashWithSalt` groupName
+        `Prelude.hashWithSalt` ownerAlias
+
+instance
+  Prelude.NFData
+    AwsElbLoadBalancerSourceSecurityGroup
+  where
+  rnf AwsElbLoadBalancerSourceSecurityGroup' {..} =
+    Prelude.rnf groupName
+      `Prelude.seq` Prelude.rnf ownerAlias
+
+instance
+  Data.ToJSON
+    AwsElbLoadBalancerSourceSecurityGroup
+  where
+  toJSON AwsElbLoadBalancerSourceSecurityGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("GroupName" Data..=) Prelude.<$> groupName,
+            ("OwnerAlias" Data..=) Prelude.<$> ownerAlias
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbv2LoadBalancerAttribute.hs b/gen/Amazonka/SecurityHub/Types/AwsElbv2LoadBalancerAttribute.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbv2LoadBalancerAttribute.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbv2LoadBalancerAttribute
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbv2LoadBalancerAttribute where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A load balancer attribute.
+--
+-- /See:/ 'newAwsElbv2LoadBalancerAttribute' smart constructor.
+data AwsElbv2LoadBalancerAttribute = AwsElbv2LoadBalancerAttribute'
+  { -- | The name of the load balancer attribute.
+    key :: Prelude.Maybe Prelude.Text,
+    -- | The value of the load balancer attribute.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbv2LoadBalancerAttribute' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'key', 'awsElbv2LoadBalancerAttribute_key' - The name of the load balancer attribute.
+--
+-- 'value', 'awsElbv2LoadBalancerAttribute_value' - The value of the load balancer attribute.
+newAwsElbv2LoadBalancerAttribute ::
+  AwsElbv2LoadBalancerAttribute
+newAwsElbv2LoadBalancerAttribute =
+  AwsElbv2LoadBalancerAttribute'
+    { key =
+        Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | The name of the load balancer attribute.
+awsElbv2LoadBalancerAttribute_key :: Lens.Lens' AwsElbv2LoadBalancerAttribute (Prelude.Maybe Prelude.Text)
+awsElbv2LoadBalancerAttribute_key = Lens.lens (\AwsElbv2LoadBalancerAttribute' {key} -> key) (\s@AwsElbv2LoadBalancerAttribute' {} a -> s {key = a} :: AwsElbv2LoadBalancerAttribute)
+
+-- | The value of the load balancer attribute.
+awsElbv2LoadBalancerAttribute_value :: Lens.Lens' AwsElbv2LoadBalancerAttribute (Prelude.Maybe Prelude.Text)
+awsElbv2LoadBalancerAttribute_value = Lens.lens (\AwsElbv2LoadBalancerAttribute' {value} -> value) (\s@AwsElbv2LoadBalancerAttribute' {} a -> s {value = a} :: AwsElbv2LoadBalancerAttribute)
+
+instance Data.FromJSON AwsElbv2LoadBalancerAttribute where
+  parseJSON =
+    Data.withObject
+      "AwsElbv2LoadBalancerAttribute"
+      ( \x ->
+          AwsElbv2LoadBalancerAttribute'
+            Prelude.<$> (x Data..:? "Key")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsElbv2LoadBalancerAttribute
+  where
+  hashWithSalt _salt AwsElbv2LoadBalancerAttribute' {..} =
+    _salt
+      `Prelude.hashWithSalt` key
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData AwsElbv2LoadBalancerAttribute where
+  rnf AwsElbv2LoadBalancerAttribute' {..} =
+    Prelude.rnf key `Prelude.seq` Prelude.rnf value
+
+instance Data.ToJSON AwsElbv2LoadBalancerAttribute where
+  toJSON AwsElbv2LoadBalancerAttribute' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Key" Data..=) Prelude.<$> key,
+            ("Value" Data..=) Prelude.<$> value
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsElbv2LoadBalancerDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsElbv2LoadBalancerDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsElbv2LoadBalancerDetails.hs
@@ -0,0 +1,248 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsElbv2LoadBalancerDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsElbv2LoadBalancerDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AvailabilityZone
+import Amazonka.SecurityHub.Types.AwsElbv2LoadBalancerAttribute
+import Amazonka.SecurityHub.Types.LoadBalancerState
+
+-- | Information about a load balancer.
+--
+-- /See:/ 'newAwsElbv2LoadBalancerDetails' smart constructor.
+data AwsElbv2LoadBalancerDetails = AwsElbv2LoadBalancerDetails'
+  { -- | The Availability Zones for the load balancer.
+    availabilityZones :: Prelude.Maybe [AvailabilityZone],
+    -- | The ID of the Amazon Route 53 hosted zone associated with the load
+    -- balancer.
+    canonicalHostedZoneId :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the load balancer was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createdTime :: Prelude.Maybe Prelude.Text,
+    -- | The public DNS name of the load balancer.
+    dNSName :: Prelude.Maybe Prelude.Text,
+    -- | The type of IP addresses used by the subnets for your load balancer. The
+    -- possible values are @ipv4@ (for IPv4 addresses) and @dualstack@ (for
+    -- IPv4 and IPv6 addresses).
+    ipAddressType :: Prelude.Maybe Prelude.Text,
+    -- | Attributes of the load balancer.
+    loadBalancerAttributes :: Prelude.Maybe [AwsElbv2LoadBalancerAttribute],
+    -- | The nodes of an Internet-facing load balancer have public IP addresses.
+    scheme :: Prelude.Maybe Prelude.Text,
+    -- | The IDs of the security groups for the load balancer.
+    securityGroups :: Prelude.Maybe [Prelude.Text],
+    -- | The state of the load balancer.
+    state :: Prelude.Maybe LoadBalancerState,
+    -- | The type of load balancer.
+    type' :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the VPC for the load balancer.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsElbv2LoadBalancerDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'availabilityZones', 'awsElbv2LoadBalancerDetails_availabilityZones' - The Availability Zones for the load balancer.
+--
+-- 'canonicalHostedZoneId', 'awsElbv2LoadBalancerDetails_canonicalHostedZoneId' - The ID of the Amazon Route 53 hosted zone associated with the load
+-- balancer.
+--
+-- 'createdTime', 'awsElbv2LoadBalancerDetails_createdTime' - Indicates when the load balancer was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'dNSName', 'awsElbv2LoadBalancerDetails_dNSName' - The public DNS name of the load balancer.
+--
+-- 'ipAddressType', 'awsElbv2LoadBalancerDetails_ipAddressType' - The type of IP addresses used by the subnets for your load balancer. The
+-- possible values are @ipv4@ (for IPv4 addresses) and @dualstack@ (for
+-- IPv4 and IPv6 addresses).
+--
+-- 'loadBalancerAttributes', 'awsElbv2LoadBalancerDetails_loadBalancerAttributes' - Attributes of the load balancer.
+--
+-- 'scheme', 'awsElbv2LoadBalancerDetails_scheme' - The nodes of an Internet-facing load balancer have public IP addresses.
+--
+-- 'securityGroups', 'awsElbv2LoadBalancerDetails_securityGroups' - The IDs of the security groups for the load balancer.
+--
+-- 'state', 'awsElbv2LoadBalancerDetails_state' - The state of the load balancer.
+--
+-- 'type'', 'awsElbv2LoadBalancerDetails_type' - The type of load balancer.
+--
+-- 'vpcId', 'awsElbv2LoadBalancerDetails_vpcId' - The ID of the VPC for the load balancer.
+newAwsElbv2LoadBalancerDetails ::
+  AwsElbv2LoadBalancerDetails
+newAwsElbv2LoadBalancerDetails =
+  AwsElbv2LoadBalancerDetails'
+    { availabilityZones =
+        Prelude.Nothing,
+      canonicalHostedZoneId = Prelude.Nothing,
+      createdTime = Prelude.Nothing,
+      dNSName = Prelude.Nothing,
+      ipAddressType = Prelude.Nothing,
+      loadBalancerAttributes = Prelude.Nothing,
+      scheme = Prelude.Nothing,
+      securityGroups = Prelude.Nothing,
+      state = Prelude.Nothing,
+      type' = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | The Availability Zones for the load balancer.
+awsElbv2LoadBalancerDetails_availabilityZones :: Lens.Lens' AwsElbv2LoadBalancerDetails (Prelude.Maybe [AvailabilityZone])
+awsElbv2LoadBalancerDetails_availabilityZones = Lens.lens (\AwsElbv2LoadBalancerDetails' {availabilityZones} -> availabilityZones) (\s@AwsElbv2LoadBalancerDetails' {} a -> s {availabilityZones = a} :: AwsElbv2LoadBalancerDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the Amazon Route 53 hosted zone associated with the load
+-- balancer.
+awsElbv2LoadBalancerDetails_canonicalHostedZoneId :: Lens.Lens' AwsElbv2LoadBalancerDetails (Prelude.Maybe Prelude.Text)
+awsElbv2LoadBalancerDetails_canonicalHostedZoneId = Lens.lens (\AwsElbv2LoadBalancerDetails' {canonicalHostedZoneId} -> canonicalHostedZoneId) (\s@AwsElbv2LoadBalancerDetails' {} a -> s {canonicalHostedZoneId = a} :: AwsElbv2LoadBalancerDetails)
+
+-- | Indicates when the load balancer was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsElbv2LoadBalancerDetails_createdTime :: Lens.Lens' AwsElbv2LoadBalancerDetails (Prelude.Maybe Prelude.Text)
+awsElbv2LoadBalancerDetails_createdTime = Lens.lens (\AwsElbv2LoadBalancerDetails' {createdTime} -> createdTime) (\s@AwsElbv2LoadBalancerDetails' {} a -> s {createdTime = a} :: AwsElbv2LoadBalancerDetails)
+
+-- | The public DNS name of the load balancer.
+awsElbv2LoadBalancerDetails_dNSName :: Lens.Lens' AwsElbv2LoadBalancerDetails (Prelude.Maybe Prelude.Text)
+awsElbv2LoadBalancerDetails_dNSName = Lens.lens (\AwsElbv2LoadBalancerDetails' {dNSName} -> dNSName) (\s@AwsElbv2LoadBalancerDetails' {} a -> s {dNSName = a} :: AwsElbv2LoadBalancerDetails)
+
+-- | The type of IP addresses used by the subnets for your load balancer. The
+-- possible values are @ipv4@ (for IPv4 addresses) and @dualstack@ (for
+-- IPv4 and IPv6 addresses).
+awsElbv2LoadBalancerDetails_ipAddressType :: Lens.Lens' AwsElbv2LoadBalancerDetails (Prelude.Maybe Prelude.Text)
+awsElbv2LoadBalancerDetails_ipAddressType = Lens.lens (\AwsElbv2LoadBalancerDetails' {ipAddressType} -> ipAddressType) (\s@AwsElbv2LoadBalancerDetails' {} a -> s {ipAddressType = a} :: AwsElbv2LoadBalancerDetails)
+
+-- | Attributes of the load balancer.
+awsElbv2LoadBalancerDetails_loadBalancerAttributes :: Lens.Lens' AwsElbv2LoadBalancerDetails (Prelude.Maybe [AwsElbv2LoadBalancerAttribute])
+awsElbv2LoadBalancerDetails_loadBalancerAttributes = Lens.lens (\AwsElbv2LoadBalancerDetails' {loadBalancerAttributes} -> loadBalancerAttributes) (\s@AwsElbv2LoadBalancerDetails' {} a -> s {loadBalancerAttributes = a} :: AwsElbv2LoadBalancerDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The nodes of an Internet-facing load balancer have public IP addresses.
+awsElbv2LoadBalancerDetails_scheme :: Lens.Lens' AwsElbv2LoadBalancerDetails (Prelude.Maybe Prelude.Text)
+awsElbv2LoadBalancerDetails_scheme = Lens.lens (\AwsElbv2LoadBalancerDetails' {scheme} -> scheme) (\s@AwsElbv2LoadBalancerDetails' {} a -> s {scheme = a} :: AwsElbv2LoadBalancerDetails)
+
+-- | The IDs of the security groups for the load balancer.
+awsElbv2LoadBalancerDetails_securityGroups :: Lens.Lens' AwsElbv2LoadBalancerDetails (Prelude.Maybe [Prelude.Text])
+awsElbv2LoadBalancerDetails_securityGroups = Lens.lens (\AwsElbv2LoadBalancerDetails' {securityGroups} -> securityGroups) (\s@AwsElbv2LoadBalancerDetails' {} a -> s {securityGroups = a} :: AwsElbv2LoadBalancerDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The state of the load balancer.
+awsElbv2LoadBalancerDetails_state :: Lens.Lens' AwsElbv2LoadBalancerDetails (Prelude.Maybe LoadBalancerState)
+awsElbv2LoadBalancerDetails_state = Lens.lens (\AwsElbv2LoadBalancerDetails' {state} -> state) (\s@AwsElbv2LoadBalancerDetails' {} a -> s {state = a} :: AwsElbv2LoadBalancerDetails)
+
+-- | The type of load balancer.
+awsElbv2LoadBalancerDetails_type :: Lens.Lens' AwsElbv2LoadBalancerDetails (Prelude.Maybe Prelude.Text)
+awsElbv2LoadBalancerDetails_type = Lens.lens (\AwsElbv2LoadBalancerDetails' {type'} -> type') (\s@AwsElbv2LoadBalancerDetails' {} a -> s {type' = a} :: AwsElbv2LoadBalancerDetails)
+
+-- | The ID of the VPC for the load balancer.
+awsElbv2LoadBalancerDetails_vpcId :: Lens.Lens' AwsElbv2LoadBalancerDetails (Prelude.Maybe Prelude.Text)
+awsElbv2LoadBalancerDetails_vpcId = Lens.lens (\AwsElbv2LoadBalancerDetails' {vpcId} -> vpcId) (\s@AwsElbv2LoadBalancerDetails' {} a -> s {vpcId = a} :: AwsElbv2LoadBalancerDetails)
+
+instance Data.FromJSON AwsElbv2LoadBalancerDetails where
+  parseJSON =
+    Data.withObject
+      "AwsElbv2LoadBalancerDetails"
+      ( \x ->
+          AwsElbv2LoadBalancerDetails'
+            Prelude.<$> ( x
+                            Data..:? "AvailabilityZones"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "CanonicalHostedZoneId")
+            Prelude.<*> (x Data..:? "CreatedTime")
+            Prelude.<*> (x Data..:? "DNSName")
+            Prelude.<*> (x Data..:? "IpAddressType")
+            Prelude.<*> ( x
+                            Data..:? "LoadBalancerAttributes"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Scheme")
+            Prelude.<*> (x Data..:? "SecurityGroups" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "State")
+            Prelude.<*> (x Data..:? "Type")
+            Prelude.<*> (x Data..:? "VpcId")
+      )
+
+instance Prelude.Hashable AwsElbv2LoadBalancerDetails where
+  hashWithSalt _salt AwsElbv2LoadBalancerDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` availabilityZones
+      `Prelude.hashWithSalt` canonicalHostedZoneId
+      `Prelude.hashWithSalt` createdTime
+      `Prelude.hashWithSalt` dNSName
+      `Prelude.hashWithSalt` ipAddressType
+      `Prelude.hashWithSalt` loadBalancerAttributes
+      `Prelude.hashWithSalt` scheme
+      `Prelude.hashWithSalt` securityGroups
+      `Prelude.hashWithSalt` state
+      `Prelude.hashWithSalt` type'
+      `Prelude.hashWithSalt` vpcId
+
+instance Prelude.NFData AwsElbv2LoadBalancerDetails where
+  rnf AwsElbv2LoadBalancerDetails' {..} =
+    Prelude.rnf availabilityZones
+      `Prelude.seq` Prelude.rnf canonicalHostedZoneId
+      `Prelude.seq` Prelude.rnf createdTime
+      `Prelude.seq` Prelude.rnf dNSName
+      `Prelude.seq` Prelude.rnf ipAddressType
+      `Prelude.seq` Prelude.rnf loadBalancerAttributes
+      `Prelude.seq` Prelude.rnf scheme
+      `Prelude.seq` Prelude.rnf securityGroups
+      `Prelude.seq` Prelude.rnf state
+      `Prelude.seq` Prelude.rnf type'
+      `Prelude.seq` Prelude.rnf vpcId
+
+instance Data.ToJSON AwsElbv2LoadBalancerDetails where
+  toJSON AwsElbv2LoadBalancerDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AvailabilityZones" Data..=)
+              Prelude.<$> availabilityZones,
+            ("CanonicalHostedZoneId" Data..=)
+              Prelude.<$> canonicalHostedZoneId,
+            ("CreatedTime" Data..=) Prelude.<$> createdTime,
+            ("DNSName" Data..=) Prelude.<$> dNSName,
+            ("IpAddressType" Data..=) Prelude.<$> ipAddressType,
+            ("LoadBalancerAttributes" Data..=)
+              Prelude.<$> loadBalancerAttributes,
+            ("Scheme" Data..=) Prelude.<$> scheme,
+            ("SecurityGroups" Data..=)
+              Prelude.<$> securityGroups,
+            ("State" Data..=) Prelude.<$> state,
+            ("Type" Data..=) Prelude.<$> type',
+            ("VpcId" Data..=) Prelude.<$> vpcId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamAccessKeyDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsIamAccessKeyDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamAccessKeyDetails.hs
@@ -0,0 +1,215 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamAccessKeyDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamAccessKeyDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContext
+import Amazonka.SecurityHub.Types.AwsIamAccessKeyStatus
+
+-- | IAM access key details related to a finding.
+--
+-- /See:/ 'newAwsIamAccessKeyDetails' smart constructor.
+data AwsIamAccessKeyDetails = AwsIamAccessKeyDetails'
+  { -- | The identifier of the access key.
+    accessKeyId :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Web Services account ID of the account for the key.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the IAM access key was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createdAt :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the principal associated with an access key.
+    principalId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the principal.
+    principalName :: Prelude.Maybe Prelude.Text,
+    -- | The type of principal associated with an access key.
+    principalType :: Prelude.Maybe Prelude.Text,
+    -- | Information about the session that the key was used for.
+    sessionContext :: Prelude.Maybe AwsIamAccessKeySessionContext,
+    -- | The status of the IAM access key related to a finding.
+    status :: Prelude.Maybe AwsIamAccessKeyStatus,
+    -- | The user associated with the IAM access key related to a finding.
+    --
+    -- The @UserName@ parameter has been replaced with the @PrincipalName@
+    -- parameter because access keys can also be assigned to principals that
+    -- are not IAM users.
+    userName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamAccessKeyDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessKeyId', 'awsIamAccessKeyDetails_accessKeyId' - The identifier of the access key.
+--
+-- 'accountId', 'awsIamAccessKeyDetails_accountId' - The Amazon Web Services account ID of the account for the key.
+--
+-- 'createdAt', 'awsIamAccessKeyDetails_createdAt' - Indicates when the IAM access key was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'principalId', 'awsIamAccessKeyDetails_principalId' - The ID of the principal associated with an access key.
+--
+-- 'principalName', 'awsIamAccessKeyDetails_principalName' - The name of the principal.
+--
+-- 'principalType', 'awsIamAccessKeyDetails_principalType' - The type of principal associated with an access key.
+--
+-- 'sessionContext', 'awsIamAccessKeyDetails_sessionContext' - Information about the session that the key was used for.
+--
+-- 'status', 'awsIamAccessKeyDetails_status' - The status of the IAM access key related to a finding.
+--
+-- 'userName', 'awsIamAccessKeyDetails_userName' - The user associated with the IAM access key related to a finding.
+--
+-- The @UserName@ parameter has been replaced with the @PrincipalName@
+-- parameter because access keys can also be assigned to principals that
+-- are not IAM users.
+newAwsIamAccessKeyDetails ::
+  AwsIamAccessKeyDetails
+newAwsIamAccessKeyDetails =
+  AwsIamAccessKeyDetails'
+    { accessKeyId =
+        Prelude.Nothing,
+      accountId = Prelude.Nothing,
+      createdAt = Prelude.Nothing,
+      principalId = Prelude.Nothing,
+      principalName = Prelude.Nothing,
+      principalType = Prelude.Nothing,
+      sessionContext = Prelude.Nothing,
+      status = Prelude.Nothing,
+      userName = Prelude.Nothing
+    }
+
+-- | The identifier of the access key.
+awsIamAccessKeyDetails_accessKeyId :: Lens.Lens' AwsIamAccessKeyDetails (Prelude.Maybe Prelude.Text)
+awsIamAccessKeyDetails_accessKeyId = Lens.lens (\AwsIamAccessKeyDetails' {accessKeyId} -> accessKeyId) (\s@AwsIamAccessKeyDetails' {} a -> s {accessKeyId = a} :: AwsIamAccessKeyDetails)
+
+-- | The Amazon Web Services account ID of the account for the key.
+awsIamAccessKeyDetails_accountId :: Lens.Lens' AwsIamAccessKeyDetails (Prelude.Maybe Prelude.Text)
+awsIamAccessKeyDetails_accountId = Lens.lens (\AwsIamAccessKeyDetails' {accountId} -> accountId) (\s@AwsIamAccessKeyDetails' {} a -> s {accountId = a} :: AwsIamAccessKeyDetails)
+
+-- | Indicates when the IAM access key was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsIamAccessKeyDetails_createdAt :: Lens.Lens' AwsIamAccessKeyDetails (Prelude.Maybe Prelude.Text)
+awsIamAccessKeyDetails_createdAt = Lens.lens (\AwsIamAccessKeyDetails' {createdAt} -> createdAt) (\s@AwsIamAccessKeyDetails' {} a -> s {createdAt = a} :: AwsIamAccessKeyDetails)
+
+-- | The ID of the principal associated with an access key.
+awsIamAccessKeyDetails_principalId :: Lens.Lens' AwsIamAccessKeyDetails (Prelude.Maybe Prelude.Text)
+awsIamAccessKeyDetails_principalId = Lens.lens (\AwsIamAccessKeyDetails' {principalId} -> principalId) (\s@AwsIamAccessKeyDetails' {} a -> s {principalId = a} :: AwsIamAccessKeyDetails)
+
+-- | The name of the principal.
+awsIamAccessKeyDetails_principalName :: Lens.Lens' AwsIamAccessKeyDetails (Prelude.Maybe Prelude.Text)
+awsIamAccessKeyDetails_principalName = Lens.lens (\AwsIamAccessKeyDetails' {principalName} -> principalName) (\s@AwsIamAccessKeyDetails' {} a -> s {principalName = a} :: AwsIamAccessKeyDetails)
+
+-- | The type of principal associated with an access key.
+awsIamAccessKeyDetails_principalType :: Lens.Lens' AwsIamAccessKeyDetails (Prelude.Maybe Prelude.Text)
+awsIamAccessKeyDetails_principalType = Lens.lens (\AwsIamAccessKeyDetails' {principalType} -> principalType) (\s@AwsIamAccessKeyDetails' {} a -> s {principalType = a} :: AwsIamAccessKeyDetails)
+
+-- | Information about the session that the key was used for.
+awsIamAccessKeyDetails_sessionContext :: Lens.Lens' AwsIamAccessKeyDetails (Prelude.Maybe AwsIamAccessKeySessionContext)
+awsIamAccessKeyDetails_sessionContext = Lens.lens (\AwsIamAccessKeyDetails' {sessionContext} -> sessionContext) (\s@AwsIamAccessKeyDetails' {} a -> s {sessionContext = a} :: AwsIamAccessKeyDetails)
+
+-- | The status of the IAM access key related to a finding.
+awsIamAccessKeyDetails_status :: Lens.Lens' AwsIamAccessKeyDetails (Prelude.Maybe AwsIamAccessKeyStatus)
+awsIamAccessKeyDetails_status = Lens.lens (\AwsIamAccessKeyDetails' {status} -> status) (\s@AwsIamAccessKeyDetails' {} a -> s {status = a} :: AwsIamAccessKeyDetails)
+
+-- | The user associated with the IAM access key related to a finding.
+--
+-- The @UserName@ parameter has been replaced with the @PrincipalName@
+-- parameter because access keys can also be assigned to principals that
+-- are not IAM users.
+awsIamAccessKeyDetails_userName :: Lens.Lens' AwsIamAccessKeyDetails (Prelude.Maybe Prelude.Text)
+awsIamAccessKeyDetails_userName = Lens.lens (\AwsIamAccessKeyDetails' {userName} -> userName) (\s@AwsIamAccessKeyDetails' {} a -> s {userName = a} :: AwsIamAccessKeyDetails)
+
+instance Data.FromJSON AwsIamAccessKeyDetails where
+  parseJSON =
+    Data.withObject
+      "AwsIamAccessKeyDetails"
+      ( \x ->
+          AwsIamAccessKeyDetails'
+            Prelude.<$> (x Data..:? "AccessKeyId")
+            Prelude.<*> (x Data..:? "AccountId")
+            Prelude.<*> (x Data..:? "CreatedAt")
+            Prelude.<*> (x Data..:? "PrincipalId")
+            Prelude.<*> (x Data..:? "PrincipalName")
+            Prelude.<*> (x Data..:? "PrincipalType")
+            Prelude.<*> (x Data..:? "SessionContext")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "UserName")
+      )
+
+instance Prelude.Hashable AwsIamAccessKeyDetails where
+  hashWithSalt _salt AwsIamAccessKeyDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` accessKeyId
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` principalId
+      `Prelude.hashWithSalt` principalName
+      `Prelude.hashWithSalt` principalType
+      `Prelude.hashWithSalt` sessionContext
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` userName
+
+instance Prelude.NFData AwsIamAccessKeyDetails where
+  rnf AwsIamAccessKeyDetails' {..} =
+    Prelude.rnf accessKeyId
+      `Prelude.seq` Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf principalId
+      `Prelude.seq` Prelude.rnf principalName
+      `Prelude.seq` Prelude.rnf principalType
+      `Prelude.seq` Prelude.rnf sessionContext
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf userName
+
+instance Data.ToJSON AwsIamAccessKeyDetails where
+  toJSON AwsIamAccessKeyDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AccessKeyId" Data..=) Prelude.<$> accessKeyId,
+            ("AccountId" Data..=) Prelude.<$> accountId,
+            ("CreatedAt" Data..=) Prelude.<$> createdAt,
+            ("PrincipalId" Data..=) Prelude.<$> principalId,
+            ("PrincipalName" Data..=) Prelude.<$> principalName,
+            ("PrincipalType" Data..=) Prelude.<$> principalType,
+            ("SessionContext" Data..=)
+              Prelude.<$> sessionContext,
+            ("Status" Data..=) Prelude.<$> status,
+            ("UserName" Data..=) Prelude.<$> userName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamAccessKeySessionContext.hs b/gen/Amazonka/SecurityHub/Types/AwsIamAccessKeySessionContext.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamAccessKeySessionContext.hs
@@ -0,0 +1,99 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContext
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContext where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContextAttributes
+import Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContextSessionIssuer
+
+-- | Provides information about the session that the key was used for.
+--
+-- /See:/ 'newAwsIamAccessKeySessionContext' smart constructor.
+data AwsIamAccessKeySessionContext = AwsIamAccessKeySessionContext'
+  { -- | Attributes of the session that the key was used for.
+    attributes :: Prelude.Maybe AwsIamAccessKeySessionContextAttributes,
+    -- | Information about the entity that created the session.
+    sessionIssuer :: Prelude.Maybe AwsIamAccessKeySessionContextSessionIssuer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamAccessKeySessionContext' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attributes', 'awsIamAccessKeySessionContext_attributes' - Attributes of the session that the key was used for.
+--
+-- 'sessionIssuer', 'awsIamAccessKeySessionContext_sessionIssuer' - Information about the entity that created the session.
+newAwsIamAccessKeySessionContext ::
+  AwsIamAccessKeySessionContext
+newAwsIamAccessKeySessionContext =
+  AwsIamAccessKeySessionContext'
+    { attributes =
+        Prelude.Nothing,
+      sessionIssuer = Prelude.Nothing
+    }
+
+-- | Attributes of the session that the key was used for.
+awsIamAccessKeySessionContext_attributes :: Lens.Lens' AwsIamAccessKeySessionContext (Prelude.Maybe AwsIamAccessKeySessionContextAttributes)
+awsIamAccessKeySessionContext_attributes = Lens.lens (\AwsIamAccessKeySessionContext' {attributes} -> attributes) (\s@AwsIamAccessKeySessionContext' {} a -> s {attributes = a} :: AwsIamAccessKeySessionContext)
+
+-- | Information about the entity that created the session.
+awsIamAccessKeySessionContext_sessionIssuer :: Lens.Lens' AwsIamAccessKeySessionContext (Prelude.Maybe AwsIamAccessKeySessionContextSessionIssuer)
+awsIamAccessKeySessionContext_sessionIssuer = Lens.lens (\AwsIamAccessKeySessionContext' {sessionIssuer} -> sessionIssuer) (\s@AwsIamAccessKeySessionContext' {} a -> s {sessionIssuer = a} :: AwsIamAccessKeySessionContext)
+
+instance Data.FromJSON AwsIamAccessKeySessionContext where
+  parseJSON =
+    Data.withObject
+      "AwsIamAccessKeySessionContext"
+      ( \x ->
+          AwsIamAccessKeySessionContext'
+            Prelude.<$> (x Data..:? "Attributes")
+            Prelude.<*> (x Data..:? "SessionIssuer")
+      )
+
+instance
+  Prelude.Hashable
+    AwsIamAccessKeySessionContext
+  where
+  hashWithSalt _salt AwsIamAccessKeySessionContext' {..} =
+    _salt
+      `Prelude.hashWithSalt` attributes
+      `Prelude.hashWithSalt` sessionIssuer
+
+instance Prelude.NFData AwsIamAccessKeySessionContext where
+  rnf AwsIamAccessKeySessionContext' {..} =
+    Prelude.rnf attributes
+      `Prelude.seq` Prelude.rnf sessionIssuer
+
+instance Data.ToJSON AwsIamAccessKeySessionContext where
+  toJSON AwsIamAccessKeySessionContext' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Attributes" Data..=) Prelude.<$> attributes,
+            ("SessionIssuer" Data..=) Prelude.<$> sessionIssuer
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamAccessKeySessionContextAttributes.hs b/gen/Amazonka/SecurityHub/Types/AwsIamAccessKeySessionContextAttributes.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamAccessKeySessionContextAttributes.hs
@@ -0,0 +1,124 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContextAttributes
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContextAttributes where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Attributes of the session that the key was used for.
+--
+-- /See:/ 'newAwsIamAccessKeySessionContextAttributes' smart constructor.
+data AwsIamAccessKeySessionContextAttributes = AwsIamAccessKeySessionContextAttributes'
+  { -- | Indicates when the session was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    creationDate :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether the session used multi-factor authentication (MFA).
+    mfaAuthenticated :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamAccessKeySessionContextAttributes' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'creationDate', 'awsIamAccessKeySessionContextAttributes_creationDate' - Indicates when the session was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'mfaAuthenticated', 'awsIamAccessKeySessionContextAttributes_mfaAuthenticated' - Indicates whether the session used multi-factor authentication (MFA).
+newAwsIamAccessKeySessionContextAttributes ::
+  AwsIamAccessKeySessionContextAttributes
+newAwsIamAccessKeySessionContextAttributes =
+  AwsIamAccessKeySessionContextAttributes'
+    { creationDate =
+        Prelude.Nothing,
+      mfaAuthenticated = Prelude.Nothing
+    }
+
+-- | Indicates when the session was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsIamAccessKeySessionContextAttributes_creationDate :: Lens.Lens' AwsIamAccessKeySessionContextAttributes (Prelude.Maybe Prelude.Text)
+awsIamAccessKeySessionContextAttributes_creationDate = Lens.lens (\AwsIamAccessKeySessionContextAttributes' {creationDate} -> creationDate) (\s@AwsIamAccessKeySessionContextAttributes' {} a -> s {creationDate = a} :: AwsIamAccessKeySessionContextAttributes)
+
+-- | Indicates whether the session used multi-factor authentication (MFA).
+awsIamAccessKeySessionContextAttributes_mfaAuthenticated :: Lens.Lens' AwsIamAccessKeySessionContextAttributes (Prelude.Maybe Prelude.Bool)
+awsIamAccessKeySessionContextAttributes_mfaAuthenticated = Lens.lens (\AwsIamAccessKeySessionContextAttributes' {mfaAuthenticated} -> mfaAuthenticated) (\s@AwsIamAccessKeySessionContextAttributes' {} a -> s {mfaAuthenticated = a} :: AwsIamAccessKeySessionContextAttributes)
+
+instance
+  Data.FromJSON
+    AwsIamAccessKeySessionContextAttributes
+  where
+  parseJSON =
+    Data.withObject
+      "AwsIamAccessKeySessionContextAttributes"
+      ( \x ->
+          AwsIamAccessKeySessionContextAttributes'
+            Prelude.<$> (x Data..:? "CreationDate")
+            Prelude.<*> (x Data..:? "MfaAuthenticated")
+      )
+
+instance
+  Prelude.Hashable
+    AwsIamAccessKeySessionContextAttributes
+  where
+  hashWithSalt
+    _salt
+    AwsIamAccessKeySessionContextAttributes' {..} =
+      _salt
+        `Prelude.hashWithSalt` creationDate
+        `Prelude.hashWithSalt` mfaAuthenticated
+
+instance
+  Prelude.NFData
+    AwsIamAccessKeySessionContextAttributes
+  where
+  rnf AwsIamAccessKeySessionContextAttributes' {..} =
+    Prelude.rnf creationDate
+      `Prelude.seq` Prelude.rnf mfaAuthenticated
+
+instance
+  Data.ToJSON
+    AwsIamAccessKeySessionContextAttributes
+  where
+  toJSON AwsIamAccessKeySessionContextAttributes' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CreationDate" Data..=) Prelude.<$> creationDate,
+            ("MfaAuthenticated" Data..=)
+              Prelude.<$> mfaAuthenticated
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamAccessKeySessionContextSessionIssuer.hs b/gen/Amazonka/SecurityHub/Types/AwsIamAccessKeySessionContextSessionIssuer.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamAccessKeySessionContextSessionIssuer.hs
@@ -0,0 +1,154 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContextSessionIssuer
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamAccessKeySessionContextSessionIssuer where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the entity that created the session.
+--
+-- /See:/ 'newAwsIamAccessKeySessionContextSessionIssuer' smart constructor.
+data AwsIamAccessKeySessionContextSessionIssuer = AwsIamAccessKeySessionContextSessionIssuer'
+  { -- | The identifier of the Amazon Web Services account that created the
+    -- session.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the session.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The principal ID of the principal (user, role, or group) that created
+    -- the session.
+    principalId :: Prelude.Maybe Prelude.Text,
+    -- | The type of principal (user, role, or group) that created the session.
+    type' :: Prelude.Maybe Prelude.Text,
+    -- | The name of the principal that created the session.
+    userName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamAccessKeySessionContextSessionIssuer' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'awsIamAccessKeySessionContextSessionIssuer_accountId' - The identifier of the Amazon Web Services account that created the
+-- session.
+--
+-- 'arn', 'awsIamAccessKeySessionContextSessionIssuer_arn' - The ARN of the session.
+--
+-- 'principalId', 'awsIamAccessKeySessionContextSessionIssuer_principalId' - The principal ID of the principal (user, role, or group) that created
+-- the session.
+--
+-- 'type'', 'awsIamAccessKeySessionContextSessionIssuer_type' - The type of principal (user, role, or group) that created the session.
+--
+-- 'userName', 'awsIamAccessKeySessionContextSessionIssuer_userName' - The name of the principal that created the session.
+newAwsIamAccessKeySessionContextSessionIssuer ::
+  AwsIamAccessKeySessionContextSessionIssuer
+newAwsIamAccessKeySessionContextSessionIssuer =
+  AwsIamAccessKeySessionContextSessionIssuer'
+    { accountId =
+        Prelude.Nothing,
+      arn = Prelude.Nothing,
+      principalId = Prelude.Nothing,
+      type' = Prelude.Nothing,
+      userName = Prelude.Nothing
+    }
+
+-- | The identifier of the Amazon Web Services account that created the
+-- session.
+awsIamAccessKeySessionContextSessionIssuer_accountId :: Lens.Lens' AwsIamAccessKeySessionContextSessionIssuer (Prelude.Maybe Prelude.Text)
+awsIamAccessKeySessionContextSessionIssuer_accountId = Lens.lens (\AwsIamAccessKeySessionContextSessionIssuer' {accountId} -> accountId) (\s@AwsIamAccessKeySessionContextSessionIssuer' {} a -> s {accountId = a} :: AwsIamAccessKeySessionContextSessionIssuer)
+
+-- | The ARN of the session.
+awsIamAccessKeySessionContextSessionIssuer_arn :: Lens.Lens' AwsIamAccessKeySessionContextSessionIssuer (Prelude.Maybe Prelude.Text)
+awsIamAccessKeySessionContextSessionIssuer_arn = Lens.lens (\AwsIamAccessKeySessionContextSessionIssuer' {arn} -> arn) (\s@AwsIamAccessKeySessionContextSessionIssuer' {} a -> s {arn = a} :: AwsIamAccessKeySessionContextSessionIssuer)
+
+-- | The principal ID of the principal (user, role, or group) that created
+-- the session.
+awsIamAccessKeySessionContextSessionIssuer_principalId :: Lens.Lens' AwsIamAccessKeySessionContextSessionIssuer (Prelude.Maybe Prelude.Text)
+awsIamAccessKeySessionContextSessionIssuer_principalId = Lens.lens (\AwsIamAccessKeySessionContextSessionIssuer' {principalId} -> principalId) (\s@AwsIamAccessKeySessionContextSessionIssuer' {} a -> s {principalId = a} :: AwsIamAccessKeySessionContextSessionIssuer)
+
+-- | The type of principal (user, role, or group) that created the session.
+awsIamAccessKeySessionContextSessionIssuer_type :: Lens.Lens' AwsIamAccessKeySessionContextSessionIssuer (Prelude.Maybe Prelude.Text)
+awsIamAccessKeySessionContextSessionIssuer_type = Lens.lens (\AwsIamAccessKeySessionContextSessionIssuer' {type'} -> type') (\s@AwsIamAccessKeySessionContextSessionIssuer' {} a -> s {type' = a} :: AwsIamAccessKeySessionContextSessionIssuer)
+
+-- | The name of the principal that created the session.
+awsIamAccessKeySessionContextSessionIssuer_userName :: Lens.Lens' AwsIamAccessKeySessionContextSessionIssuer (Prelude.Maybe Prelude.Text)
+awsIamAccessKeySessionContextSessionIssuer_userName = Lens.lens (\AwsIamAccessKeySessionContextSessionIssuer' {userName} -> userName) (\s@AwsIamAccessKeySessionContextSessionIssuer' {} a -> s {userName = a} :: AwsIamAccessKeySessionContextSessionIssuer)
+
+instance
+  Data.FromJSON
+    AwsIamAccessKeySessionContextSessionIssuer
+  where
+  parseJSON =
+    Data.withObject
+      "AwsIamAccessKeySessionContextSessionIssuer"
+      ( \x ->
+          AwsIamAccessKeySessionContextSessionIssuer'
+            Prelude.<$> (x Data..:? "AccountId")
+            Prelude.<*> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "PrincipalId")
+            Prelude.<*> (x Data..:? "Type")
+            Prelude.<*> (x Data..:? "UserName")
+      )
+
+instance
+  Prelude.Hashable
+    AwsIamAccessKeySessionContextSessionIssuer
+  where
+  hashWithSalt
+    _salt
+    AwsIamAccessKeySessionContextSessionIssuer' {..} =
+      _salt
+        `Prelude.hashWithSalt` accountId
+        `Prelude.hashWithSalt` arn
+        `Prelude.hashWithSalt` principalId
+        `Prelude.hashWithSalt` type'
+        `Prelude.hashWithSalt` userName
+
+instance
+  Prelude.NFData
+    AwsIamAccessKeySessionContextSessionIssuer
+  where
+  rnf AwsIamAccessKeySessionContextSessionIssuer' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf principalId
+      `Prelude.seq` Prelude.rnf type'
+      `Prelude.seq` Prelude.rnf userName
+
+instance
+  Data.ToJSON
+    AwsIamAccessKeySessionContextSessionIssuer
+  where
+  toJSON
+    AwsIamAccessKeySessionContextSessionIssuer' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AccountId" Data..=) Prelude.<$> accountId,
+              ("Arn" Data..=) Prelude.<$> arn,
+              ("PrincipalId" Data..=) Prelude.<$> principalId,
+              ("Type" Data..=) Prelude.<$> type',
+              ("UserName" Data..=) Prelude.<$> userName
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamAccessKeyStatus.hs b/gen/Amazonka/SecurityHub/Types/AwsIamAccessKeyStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamAccessKeyStatus.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamAccessKeyStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamAccessKeyStatus
+  ( AwsIamAccessKeyStatus
+      ( ..,
+        AwsIamAccessKeyStatus_Active,
+        AwsIamAccessKeyStatus_Inactive
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype AwsIamAccessKeyStatus = AwsIamAccessKeyStatus'
+  { fromAwsIamAccessKeyStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern AwsIamAccessKeyStatus_Active :: AwsIamAccessKeyStatus
+pattern AwsIamAccessKeyStatus_Active = AwsIamAccessKeyStatus' "Active"
+
+pattern AwsIamAccessKeyStatus_Inactive :: AwsIamAccessKeyStatus
+pattern AwsIamAccessKeyStatus_Inactive = AwsIamAccessKeyStatus' "Inactive"
+
+{-# COMPLETE
+  AwsIamAccessKeyStatus_Active,
+  AwsIamAccessKeyStatus_Inactive,
+  AwsIamAccessKeyStatus'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamAttachedManagedPolicy.hs b/gen/Amazonka/SecurityHub/Types/AwsIamAttachedManagedPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamAttachedManagedPolicy.hs
@@ -0,0 +1,94 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamAttachedManagedPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamAttachedManagedPolicy where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A managed policy that is attached to an IAM principal.
+--
+-- /See:/ 'newAwsIamAttachedManagedPolicy' smart constructor.
+data AwsIamAttachedManagedPolicy = AwsIamAttachedManagedPolicy'
+  { -- | The ARN of the policy.
+    policyArn :: Prelude.Maybe Prelude.Text,
+    -- | The name of the policy.
+    policyName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamAttachedManagedPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'policyArn', 'awsIamAttachedManagedPolicy_policyArn' - The ARN of the policy.
+--
+-- 'policyName', 'awsIamAttachedManagedPolicy_policyName' - The name of the policy.
+newAwsIamAttachedManagedPolicy ::
+  AwsIamAttachedManagedPolicy
+newAwsIamAttachedManagedPolicy =
+  AwsIamAttachedManagedPolicy'
+    { policyArn =
+        Prelude.Nothing,
+      policyName = Prelude.Nothing
+    }
+
+-- | The ARN of the policy.
+awsIamAttachedManagedPolicy_policyArn :: Lens.Lens' AwsIamAttachedManagedPolicy (Prelude.Maybe Prelude.Text)
+awsIamAttachedManagedPolicy_policyArn = Lens.lens (\AwsIamAttachedManagedPolicy' {policyArn} -> policyArn) (\s@AwsIamAttachedManagedPolicy' {} a -> s {policyArn = a} :: AwsIamAttachedManagedPolicy)
+
+-- | The name of the policy.
+awsIamAttachedManagedPolicy_policyName :: Lens.Lens' AwsIamAttachedManagedPolicy (Prelude.Maybe Prelude.Text)
+awsIamAttachedManagedPolicy_policyName = Lens.lens (\AwsIamAttachedManagedPolicy' {policyName} -> policyName) (\s@AwsIamAttachedManagedPolicy' {} a -> s {policyName = a} :: AwsIamAttachedManagedPolicy)
+
+instance Data.FromJSON AwsIamAttachedManagedPolicy where
+  parseJSON =
+    Data.withObject
+      "AwsIamAttachedManagedPolicy"
+      ( \x ->
+          AwsIamAttachedManagedPolicy'
+            Prelude.<$> (x Data..:? "PolicyArn")
+            Prelude.<*> (x Data..:? "PolicyName")
+      )
+
+instance Prelude.Hashable AwsIamAttachedManagedPolicy where
+  hashWithSalt _salt AwsIamAttachedManagedPolicy' {..} =
+    _salt
+      `Prelude.hashWithSalt` policyArn
+      `Prelude.hashWithSalt` policyName
+
+instance Prelude.NFData AwsIamAttachedManagedPolicy where
+  rnf AwsIamAttachedManagedPolicy' {..} =
+    Prelude.rnf policyArn
+      `Prelude.seq` Prelude.rnf policyName
+
+instance Data.ToJSON AwsIamAttachedManagedPolicy where
+  toJSON AwsIamAttachedManagedPolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("PolicyArn" Data..=) Prelude.<$> policyArn,
+            ("PolicyName" Data..=) Prelude.<$> policyName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamGroupDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsIamGroupDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamGroupDetails.hs
@@ -0,0 +1,171 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamGroupDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamGroupDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsIamAttachedManagedPolicy
+import Amazonka.SecurityHub.Types.AwsIamGroupPolicy
+
+-- | Contains details about an IAM group.
+--
+-- /See:/ 'newAwsIamGroupDetails' smart constructor.
+data AwsIamGroupDetails = AwsIamGroupDetails'
+  { -- | A list of the managed policies that are attached to the IAM group.
+    attachedManagedPolicies :: Prelude.Maybe [AwsIamAttachedManagedPolicy],
+    -- | Indicates when the IAM group was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createDate :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the IAM group.
+    groupId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the IAM group.
+    groupName :: Prelude.Maybe Prelude.Text,
+    -- | The list of inline policies that are embedded in the group.
+    groupPolicyList :: Prelude.Maybe [AwsIamGroupPolicy],
+    -- | The path to the group.
+    path :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamGroupDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attachedManagedPolicies', 'awsIamGroupDetails_attachedManagedPolicies' - A list of the managed policies that are attached to the IAM group.
+--
+-- 'createDate', 'awsIamGroupDetails_createDate' - Indicates when the IAM group was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'groupId', 'awsIamGroupDetails_groupId' - The identifier of the IAM group.
+--
+-- 'groupName', 'awsIamGroupDetails_groupName' - The name of the IAM group.
+--
+-- 'groupPolicyList', 'awsIamGroupDetails_groupPolicyList' - The list of inline policies that are embedded in the group.
+--
+-- 'path', 'awsIamGroupDetails_path' - The path to the group.
+newAwsIamGroupDetails ::
+  AwsIamGroupDetails
+newAwsIamGroupDetails =
+  AwsIamGroupDetails'
+    { attachedManagedPolicies =
+        Prelude.Nothing,
+      createDate = Prelude.Nothing,
+      groupId = Prelude.Nothing,
+      groupName = Prelude.Nothing,
+      groupPolicyList = Prelude.Nothing,
+      path = Prelude.Nothing
+    }
+
+-- | A list of the managed policies that are attached to the IAM group.
+awsIamGroupDetails_attachedManagedPolicies :: Lens.Lens' AwsIamGroupDetails (Prelude.Maybe [AwsIamAttachedManagedPolicy])
+awsIamGroupDetails_attachedManagedPolicies = Lens.lens (\AwsIamGroupDetails' {attachedManagedPolicies} -> attachedManagedPolicies) (\s@AwsIamGroupDetails' {} a -> s {attachedManagedPolicies = a} :: AwsIamGroupDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates when the IAM group was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsIamGroupDetails_createDate :: Lens.Lens' AwsIamGroupDetails (Prelude.Maybe Prelude.Text)
+awsIamGroupDetails_createDate = Lens.lens (\AwsIamGroupDetails' {createDate} -> createDate) (\s@AwsIamGroupDetails' {} a -> s {createDate = a} :: AwsIamGroupDetails)
+
+-- | The identifier of the IAM group.
+awsIamGroupDetails_groupId :: Lens.Lens' AwsIamGroupDetails (Prelude.Maybe Prelude.Text)
+awsIamGroupDetails_groupId = Lens.lens (\AwsIamGroupDetails' {groupId} -> groupId) (\s@AwsIamGroupDetails' {} a -> s {groupId = a} :: AwsIamGroupDetails)
+
+-- | The name of the IAM group.
+awsIamGroupDetails_groupName :: Lens.Lens' AwsIamGroupDetails (Prelude.Maybe Prelude.Text)
+awsIamGroupDetails_groupName = Lens.lens (\AwsIamGroupDetails' {groupName} -> groupName) (\s@AwsIamGroupDetails' {} a -> s {groupName = a} :: AwsIamGroupDetails)
+
+-- | The list of inline policies that are embedded in the group.
+awsIamGroupDetails_groupPolicyList :: Lens.Lens' AwsIamGroupDetails (Prelude.Maybe [AwsIamGroupPolicy])
+awsIamGroupDetails_groupPolicyList = Lens.lens (\AwsIamGroupDetails' {groupPolicyList} -> groupPolicyList) (\s@AwsIamGroupDetails' {} a -> s {groupPolicyList = a} :: AwsIamGroupDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The path to the group.
+awsIamGroupDetails_path :: Lens.Lens' AwsIamGroupDetails (Prelude.Maybe Prelude.Text)
+awsIamGroupDetails_path = Lens.lens (\AwsIamGroupDetails' {path} -> path) (\s@AwsIamGroupDetails' {} a -> s {path = a} :: AwsIamGroupDetails)
+
+instance Data.FromJSON AwsIamGroupDetails where
+  parseJSON =
+    Data.withObject
+      "AwsIamGroupDetails"
+      ( \x ->
+          AwsIamGroupDetails'
+            Prelude.<$> ( x
+                            Data..:? "AttachedManagedPolicies"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "CreateDate")
+            Prelude.<*> (x Data..:? "GroupId")
+            Prelude.<*> (x Data..:? "GroupName")
+            Prelude.<*> ( x
+                            Data..:? "GroupPolicyList"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Path")
+      )
+
+instance Prelude.Hashable AwsIamGroupDetails where
+  hashWithSalt _salt AwsIamGroupDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` attachedManagedPolicies
+      `Prelude.hashWithSalt` createDate
+      `Prelude.hashWithSalt` groupId
+      `Prelude.hashWithSalt` groupName
+      `Prelude.hashWithSalt` groupPolicyList
+      `Prelude.hashWithSalt` path
+
+instance Prelude.NFData AwsIamGroupDetails where
+  rnf AwsIamGroupDetails' {..} =
+    Prelude.rnf attachedManagedPolicies
+      `Prelude.seq` Prelude.rnf createDate
+      `Prelude.seq` Prelude.rnf groupId
+      `Prelude.seq` Prelude.rnf groupName
+      `Prelude.seq` Prelude.rnf groupPolicyList
+      `Prelude.seq` Prelude.rnf path
+
+instance Data.ToJSON AwsIamGroupDetails where
+  toJSON AwsIamGroupDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AttachedManagedPolicies" Data..=)
+              Prelude.<$> attachedManagedPolicies,
+            ("CreateDate" Data..=) Prelude.<$> createDate,
+            ("GroupId" Data..=) Prelude.<$> groupId,
+            ("GroupName" Data..=) Prelude.<$> groupName,
+            ("GroupPolicyList" Data..=)
+              Prelude.<$> groupPolicyList,
+            ("Path" Data..=) Prelude.<$> path
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamGroupPolicy.hs b/gen/Amazonka/SecurityHub/Types/AwsIamGroupPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamGroupPolicy.hs
@@ -0,0 +1,75 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamGroupPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamGroupPolicy where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A managed policy that is attached to the IAM group.
+--
+-- /See:/ 'newAwsIamGroupPolicy' smart constructor.
+data AwsIamGroupPolicy = AwsIamGroupPolicy'
+  { -- | The name of the policy.
+    policyName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamGroupPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'policyName', 'awsIamGroupPolicy_policyName' - The name of the policy.
+newAwsIamGroupPolicy ::
+  AwsIamGroupPolicy
+newAwsIamGroupPolicy =
+  AwsIamGroupPolicy' {policyName = Prelude.Nothing}
+
+-- | The name of the policy.
+awsIamGroupPolicy_policyName :: Lens.Lens' AwsIamGroupPolicy (Prelude.Maybe Prelude.Text)
+awsIamGroupPolicy_policyName = Lens.lens (\AwsIamGroupPolicy' {policyName} -> policyName) (\s@AwsIamGroupPolicy' {} a -> s {policyName = a} :: AwsIamGroupPolicy)
+
+instance Data.FromJSON AwsIamGroupPolicy where
+  parseJSON =
+    Data.withObject
+      "AwsIamGroupPolicy"
+      ( \x ->
+          AwsIamGroupPolicy'
+            Prelude.<$> (x Data..:? "PolicyName")
+      )
+
+instance Prelude.Hashable AwsIamGroupPolicy where
+  hashWithSalt _salt AwsIamGroupPolicy' {..} =
+    _salt `Prelude.hashWithSalt` policyName
+
+instance Prelude.NFData AwsIamGroupPolicy where
+  rnf AwsIamGroupPolicy' {..} = Prelude.rnf policyName
+
+instance Data.ToJSON AwsIamGroupPolicy where
+  toJSON AwsIamGroupPolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("PolicyName" Data..=) Prelude.<$> policyName]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamInstanceProfile.hs b/gen/Amazonka/SecurityHub/Types/AwsIamInstanceProfile.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamInstanceProfile.hs
@@ -0,0 +1,163 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamInstanceProfile
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamInstanceProfile where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsIamInstanceProfileRole
+
+-- | Information about an instance profile.
+--
+-- /See:/ 'newAwsIamInstanceProfile' smart constructor.
+data AwsIamInstanceProfile = AwsIamInstanceProfile'
+  { -- | The ARN of the instance profile.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the instance profile was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createDate :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the instance profile.
+    instanceProfileId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the instance profile.
+    instanceProfileName :: Prelude.Maybe Prelude.Text,
+    -- | The path to the instance profile.
+    path :: Prelude.Maybe Prelude.Text,
+    -- | The roles associated with the instance profile.
+    roles :: Prelude.Maybe [AwsIamInstanceProfileRole]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamInstanceProfile' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'awsIamInstanceProfile_arn' - The ARN of the instance profile.
+--
+-- 'createDate', 'awsIamInstanceProfile_createDate' - Indicates when the instance profile was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'instanceProfileId', 'awsIamInstanceProfile_instanceProfileId' - The identifier of the instance profile.
+--
+-- 'instanceProfileName', 'awsIamInstanceProfile_instanceProfileName' - The name of the instance profile.
+--
+-- 'path', 'awsIamInstanceProfile_path' - The path to the instance profile.
+--
+-- 'roles', 'awsIamInstanceProfile_roles' - The roles associated with the instance profile.
+newAwsIamInstanceProfile ::
+  AwsIamInstanceProfile
+newAwsIamInstanceProfile =
+  AwsIamInstanceProfile'
+    { arn = Prelude.Nothing,
+      createDate = Prelude.Nothing,
+      instanceProfileId = Prelude.Nothing,
+      instanceProfileName = Prelude.Nothing,
+      path = Prelude.Nothing,
+      roles = Prelude.Nothing
+    }
+
+-- | The ARN of the instance profile.
+awsIamInstanceProfile_arn :: Lens.Lens' AwsIamInstanceProfile (Prelude.Maybe Prelude.Text)
+awsIamInstanceProfile_arn = Lens.lens (\AwsIamInstanceProfile' {arn} -> arn) (\s@AwsIamInstanceProfile' {} a -> s {arn = a} :: AwsIamInstanceProfile)
+
+-- | Indicates when the instance profile was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsIamInstanceProfile_createDate :: Lens.Lens' AwsIamInstanceProfile (Prelude.Maybe Prelude.Text)
+awsIamInstanceProfile_createDate = Lens.lens (\AwsIamInstanceProfile' {createDate} -> createDate) (\s@AwsIamInstanceProfile' {} a -> s {createDate = a} :: AwsIamInstanceProfile)
+
+-- | The identifier of the instance profile.
+awsIamInstanceProfile_instanceProfileId :: Lens.Lens' AwsIamInstanceProfile (Prelude.Maybe Prelude.Text)
+awsIamInstanceProfile_instanceProfileId = Lens.lens (\AwsIamInstanceProfile' {instanceProfileId} -> instanceProfileId) (\s@AwsIamInstanceProfile' {} a -> s {instanceProfileId = a} :: AwsIamInstanceProfile)
+
+-- | The name of the instance profile.
+awsIamInstanceProfile_instanceProfileName :: Lens.Lens' AwsIamInstanceProfile (Prelude.Maybe Prelude.Text)
+awsIamInstanceProfile_instanceProfileName = Lens.lens (\AwsIamInstanceProfile' {instanceProfileName} -> instanceProfileName) (\s@AwsIamInstanceProfile' {} a -> s {instanceProfileName = a} :: AwsIamInstanceProfile)
+
+-- | The path to the instance profile.
+awsIamInstanceProfile_path :: Lens.Lens' AwsIamInstanceProfile (Prelude.Maybe Prelude.Text)
+awsIamInstanceProfile_path = Lens.lens (\AwsIamInstanceProfile' {path} -> path) (\s@AwsIamInstanceProfile' {} a -> s {path = a} :: AwsIamInstanceProfile)
+
+-- | The roles associated with the instance profile.
+awsIamInstanceProfile_roles :: Lens.Lens' AwsIamInstanceProfile (Prelude.Maybe [AwsIamInstanceProfileRole])
+awsIamInstanceProfile_roles = Lens.lens (\AwsIamInstanceProfile' {roles} -> roles) (\s@AwsIamInstanceProfile' {} a -> s {roles = a} :: AwsIamInstanceProfile) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsIamInstanceProfile where
+  parseJSON =
+    Data.withObject
+      "AwsIamInstanceProfile"
+      ( \x ->
+          AwsIamInstanceProfile'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "CreateDate")
+            Prelude.<*> (x Data..:? "InstanceProfileId")
+            Prelude.<*> (x Data..:? "InstanceProfileName")
+            Prelude.<*> (x Data..:? "Path")
+            Prelude.<*> (x Data..:? "Roles" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable AwsIamInstanceProfile where
+  hashWithSalt _salt AwsIamInstanceProfile' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` createDate
+      `Prelude.hashWithSalt` instanceProfileId
+      `Prelude.hashWithSalt` instanceProfileName
+      `Prelude.hashWithSalt` path
+      `Prelude.hashWithSalt` roles
+
+instance Prelude.NFData AwsIamInstanceProfile where
+  rnf AwsIamInstanceProfile' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf createDate
+      `Prelude.seq` Prelude.rnf instanceProfileId
+      `Prelude.seq` Prelude.rnf instanceProfileName
+      `Prelude.seq` Prelude.rnf path
+      `Prelude.seq` Prelude.rnf roles
+
+instance Data.ToJSON AwsIamInstanceProfile where
+  toJSON AwsIamInstanceProfile' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Arn" Data..=) Prelude.<$> arn,
+            ("CreateDate" Data..=) Prelude.<$> createDate,
+            ("InstanceProfileId" Data..=)
+              Prelude.<$> instanceProfileId,
+            ("InstanceProfileName" Data..=)
+              Prelude.<$> instanceProfileName,
+            ("Path" Data..=) Prelude.<$> path,
+            ("Roles" Data..=) Prelude.<$> roles
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamInstanceProfileRole.hs b/gen/Amazonka/SecurityHub/Types/AwsIamInstanceProfileRole.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamInstanceProfileRole.hs
@@ -0,0 +1,161 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamInstanceProfileRole
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamInstanceProfileRole where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about a role associated with an instance profile.
+--
+-- /See:/ 'newAwsIamInstanceProfileRole' smart constructor.
+data AwsIamInstanceProfileRole = AwsIamInstanceProfileRole'
+  { -- | The ARN of the role.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The policy that grants an entity permission to assume the role.
+    assumeRolePolicyDocument :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the role was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createDate :: Prelude.Maybe Prelude.Text,
+    -- | The path to the role.
+    path :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the role.
+    roleId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the role.
+    roleName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamInstanceProfileRole' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'awsIamInstanceProfileRole_arn' - The ARN of the role.
+--
+-- 'assumeRolePolicyDocument', 'awsIamInstanceProfileRole_assumeRolePolicyDocument' - The policy that grants an entity permission to assume the role.
+--
+-- 'createDate', 'awsIamInstanceProfileRole_createDate' - Indicates when the role was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'path', 'awsIamInstanceProfileRole_path' - The path to the role.
+--
+-- 'roleId', 'awsIamInstanceProfileRole_roleId' - The identifier of the role.
+--
+-- 'roleName', 'awsIamInstanceProfileRole_roleName' - The name of the role.
+newAwsIamInstanceProfileRole ::
+  AwsIamInstanceProfileRole
+newAwsIamInstanceProfileRole =
+  AwsIamInstanceProfileRole'
+    { arn = Prelude.Nothing,
+      assumeRolePolicyDocument = Prelude.Nothing,
+      createDate = Prelude.Nothing,
+      path = Prelude.Nothing,
+      roleId = Prelude.Nothing,
+      roleName = Prelude.Nothing
+    }
+
+-- | The ARN of the role.
+awsIamInstanceProfileRole_arn :: Lens.Lens' AwsIamInstanceProfileRole (Prelude.Maybe Prelude.Text)
+awsIamInstanceProfileRole_arn = Lens.lens (\AwsIamInstanceProfileRole' {arn} -> arn) (\s@AwsIamInstanceProfileRole' {} a -> s {arn = a} :: AwsIamInstanceProfileRole)
+
+-- | The policy that grants an entity permission to assume the role.
+awsIamInstanceProfileRole_assumeRolePolicyDocument :: Lens.Lens' AwsIamInstanceProfileRole (Prelude.Maybe Prelude.Text)
+awsIamInstanceProfileRole_assumeRolePolicyDocument = Lens.lens (\AwsIamInstanceProfileRole' {assumeRolePolicyDocument} -> assumeRolePolicyDocument) (\s@AwsIamInstanceProfileRole' {} a -> s {assumeRolePolicyDocument = a} :: AwsIamInstanceProfileRole)
+
+-- | Indicates when the role was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsIamInstanceProfileRole_createDate :: Lens.Lens' AwsIamInstanceProfileRole (Prelude.Maybe Prelude.Text)
+awsIamInstanceProfileRole_createDate = Lens.lens (\AwsIamInstanceProfileRole' {createDate} -> createDate) (\s@AwsIamInstanceProfileRole' {} a -> s {createDate = a} :: AwsIamInstanceProfileRole)
+
+-- | The path to the role.
+awsIamInstanceProfileRole_path :: Lens.Lens' AwsIamInstanceProfileRole (Prelude.Maybe Prelude.Text)
+awsIamInstanceProfileRole_path = Lens.lens (\AwsIamInstanceProfileRole' {path} -> path) (\s@AwsIamInstanceProfileRole' {} a -> s {path = a} :: AwsIamInstanceProfileRole)
+
+-- | The identifier of the role.
+awsIamInstanceProfileRole_roleId :: Lens.Lens' AwsIamInstanceProfileRole (Prelude.Maybe Prelude.Text)
+awsIamInstanceProfileRole_roleId = Lens.lens (\AwsIamInstanceProfileRole' {roleId} -> roleId) (\s@AwsIamInstanceProfileRole' {} a -> s {roleId = a} :: AwsIamInstanceProfileRole)
+
+-- | The name of the role.
+awsIamInstanceProfileRole_roleName :: Lens.Lens' AwsIamInstanceProfileRole (Prelude.Maybe Prelude.Text)
+awsIamInstanceProfileRole_roleName = Lens.lens (\AwsIamInstanceProfileRole' {roleName} -> roleName) (\s@AwsIamInstanceProfileRole' {} a -> s {roleName = a} :: AwsIamInstanceProfileRole)
+
+instance Data.FromJSON AwsIamInstanceProfileRole where
+  parseJSON =
+    Data.withObject
+      "AwsIamInstanceProfileRole"
+      ( \x ->
+          AwsIamInstanceProfileRole'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "AssumeRolePolicyDocument")
+            Prelude.<*> (x Data..:? "CreateDate")
+            Prelude.<*> (x Data..:? "Path")
+            Prelude.<*> (x Data..:? "RoleId")
+            Prelude.<*> (x Data..:? "RoleName")
+      )
+
+instance Prelude.Hashable AwsIamInstanceProfileRole where
+  hashWithSalt _salt AwsIamInstanceProfileRole' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` assumeRolePolicyDocument
+      `Prelude.hashWithSalt` createDate
+      `Prelude.hashWithSalt` path
+      `Prelude.hashWithSalt` roleId
+      `Prelude.hashWithSalt` roleName
+
+instance Prelude.NFData AwsIamInstanceProfileRole where
+  rnf AwsIamInstanceProfileRole' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf assumeRolePolicyDocument
+      `Prelude.seq` Prelude.rnf createDate
+      `Prelude.seq` Prelude.rnf path
+      `Prelude.seq` Prelude.rnf roleId
+      `Prelude.seq` Prelude.rnf roleName
+
+instance Data.ToJSON AwsIamInstanceProfileRole where
+  toJSON AwsIamInstanceProfileRole' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Arn" Data..=) Prelude.<$> arn,
+            ("AssumeRolePolicyDocument" Data..=)
+              Prelude.<$> assumeRolePolicyDocument,
+            ("CreateDate" Data..=) Prelude.<$> createDate,
+            ("Path" Data..=) Prelude.<$> path,
+            ("RoleId" Data..=) Prelude.<$> roleId,
+            ("RoleName" Data..=) Prelude.<$> roleName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamPermissionsBoundary.hs b/gen/Amazonka/SecurityHub/Types/AwsIamPermissionsBoundary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamPermissionsBoundary.hs
@@ -0,0 +1,97 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamPermissionsBoundary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamPermissionsBoundary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the policy used to set the permissions boundary for an
+-- IAM principal.
+--
+-- /See:/ 'newAwsIamPermissionsBoundary' smart constructor.
+data AwsIamPermissionsBoundary = AwsIamPermissionsBoundary'
+  { -- | The ARN of the policy used to set the permissions boundary.
+    permissionsBoundaryArn :: Prelude.Maybe Prelude.Text,
+    -- | The usage type for the permissions boundary.
+    permissionsBoundaryType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamPermissionsBoundary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'permissionsBoundaryArn', 'awsIamPermissionsBoundary_permissionsBoundaryArn' - The ARN of the policy used to set the permissions boundary.
+--
+-- 'permissionsBoundaryType', 'awsIamPermissionsBoundary_permissionsBoundaryType' - The usage type for the permissions boundary.
+newAwsIamPermissionsBoundary ::
+  AwsIamPermissionsBoundary
+newAwsIamPermissionsBoundary =
+  AwsIamPermissionsBoundary'
+    { permissionsBoundaryArn =
+        Prelude.Nothing,
+      permissionsBoundaryType = Prelude.Nothing
+    }
+
+-- | The ARN of the policy used to set the permissions boundary.
+awsIamPermissionsBoundary_permissionsBoundaryArn :: Lens.Lens' AwsIamPermissionsBoundary (Prelude.Maybe Prelude.Text)
+awsIamPermissionsBoundary_permissionsBoundaryArn = Lens.lens (\AwsIamPermissionsBoundary' {permissionsBoundaryArn} -> permissionsBoundaryArn) (\s@AwsIamPermissionsBoundary' {} a -> s {permissionsBoundaryArn = a} :: AwsIamPermissionsBoundary)
+
+-- | The usage type for the permissions boundary.
+awsIamPermissionsBoundary_permissionsBoundaryType :: Lens.Lens' AwsIamPermissionsBoundary (Prelude.Maybe Prelude.Text)
+awsIamPermissionsBoundary_permissionsBoundaryType = Lens.lens (\AwsIamPermissionsBoundary' {permissionsBoundaryType} -> permissionsBoundaryType) (\s@AwsIamPermissionsBoundary' {} a -> s {permissionsBoundaryType = a} :: AwsIamPermissionsBoundary)
+
+instance Data.FromJSON AwsIamPermissionsBoundary where
+  parseJSON =
+    Data.withObject
+      "AwsIamPermissionsBoundary"
+      ( \x ->
+          AwsIamPermissionsBoundary'
+            Prelude.<$> (x Data..:? "PermissionsBoundaryArn")
+            Prelude.<*> (x Data..:? "PermissionsBoundaryType")
+      )
+
+instance Prelude.Hashable AwsIamPermissionsBoundary where
+  hashWithSalt _salt AwsIamPermissionsBoundary' {..} =
+    _salt
+      `Prelude.hashWithSalt` permissionsBoundaryArn
+      `Prelude.hashWithSalt` permissionsBoundaryType
+
+instance Prelude.NFData AwsIamPermissionsBoundary where
+  rnf AwsIamPermissionsBoundary' {..} =
+    Prelude.rnf permissionsBoundaryArn
+      `Prelude.seq` Prelude.rnf permissionsBoundaryType
+
+instance Data.ToJSON AwsIamPermissionsBoundary where
+  toJSON AwsIamPermissionsBoundary' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("PermissionsBoundaryArn" Data..=)
+              Prelude.<$> permissionsBoundaryArn,
+            ("PermissionsBoundaryType" Data..=)
+              Prelude.<$> permissionsBoundaryType
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamPolicyDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsIamPolicyDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamPolicyDetails.hs
@@ -0,0 +1,252 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamPolicyDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamPolicyDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsIamPolicyVersion
+
+-- | Represents an IAM permissions policy.
+--
+-- /See:/ 'newAwsIamPolicyDetails' smart constructor.
+data AwsIamPolicyDetails = AwsIamPolicyDetails'
+  { -- | The number of users, groups, and roles that the policy is attached to.
+    attachmentCount :: Prelude.Maybe Prelude.Int,
+    -- | When the policy was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createDate :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the default version of the policy.
+    defaultVersionId :: Prelude.Maybe Prelude.Text,
+    -- | A description of the policy.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | Whether the policy can be attached to a user, group, or role.
+    isAttachable :: Prelude.Maybe Prelude.Bool,
+    -- | The path to the policy.
+    path :: Prelude.Maybe Prelude.Text,
+    -- | The number of users and roles that use the policy to set the permissions
+    -- boundary.
+    permissionsBoundaryUsageCount :: Prelude.Maybe Prelude.Int,
+    -- | The unique identifier of the policy.
+    policyId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the policy.
+    policyName :: Prelude.Maybe Prelude.Text,
+    -- | List of versions of the policy.
+    policyVersionList :: Prelude.Maybe [AwsIamPolicyVersion],
+    -- | When the policy was most recently updated.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    updateDate :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamPolicyDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attachmentCount', 'awsIamPolicyDetails_attachmentCount' - The number of users, groups, and roles that the policy is attached to.
+--
+-- 'createDate', 'awsIamPolicyDetails_createDate' - When the policy was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'defaultVersionId', 'awsIamPolicyDetails_defaultVersionId' - The identifier of the default version of the policy.
+--
+-- 'description', 'awsIamPolicyDetails_description' - A description of the policy.
+--
+-- 'isAttachable', 'awsIamPolicyDetails_isAttachable' - Whether the policy can be attached to a user, group, or role.
+--
+-- 'path', 'awsIamPolicyDetails_path' - The path to the policy.
+--
+-- 'permissionsBoundaryUsageCount', 'awsIamPolicyDetails_permissionsBoundaryUsageCount' - The number of users and roles that use the policy to set the permissions
+-- boundary.
+--
+-- 'policyId', 'awsIamPolicyDetails_policyId' - The unique identifier of the policy.
+--
+-- 'policyName', 'awsIamPolicyDetails_policyName' - The name of the policy.
+--
+-- 'policyVersionList', 'awsIamPolicyDetails_policyVersionList' - List of versions of the policy.
+--
+-- 'updateDate', 'awsIamPolicyDetails_updateDate' - When the policy was most recently updated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+newAwsIamPolicyDetails ::
+  AwsIamPolicyDetails
+newAwsIamPolicyDetails =
+  AwsIamPolicyDetails'
+    { attachmentCount =
+        Prelude.Nothing,
+      createDate = Prelude.Nothing,
+      defaultVersionId = Prelude.Nothing,
+      description = Prelude.Nothing,
+      isAttachable = Prelude.Nothing,
+      path = Prelude.Nothing,
+      permissionsBoundaryUsageCount = Prelude.Nothing,
+      policyId = Prelude.Nothing,
+      policyName = Prelude.Nothing,
+      policyVersionList = Prelude.Nothing,
+      updateDate = Prelude.Nothing
+    }
+
+-- | The number of users, groups, and roles that the policy is attached to.
+awsIamPolicyDetails_attachmentCount :: Lens.Lens' AwsIamPolicyDetails (Prelude.Maybe Prelude.Int)
+awsIamPolicyDetails_attachmentCount = Lens.lens (\AwsIamPolicyDetails' {attachmentCount} -> attachmentCount) (\s@AwsIamPolicyDetails' {} a -> s {attachmentCount = a} :: AwsIamPolicyDetails)
+
+-- | When the policy was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsIamPolicyDetails_createDate :: Lens.Lens' AwsIamPolicyDetails (Prelude.Maybe Prelude.Text)
+awsIamPolicyDetails_createDate = Lens.lens (\AwsIamPolicyDetails' {createDate} -> createDate) (\s@AwsIamPolicyDetails' {} a -> s {createDate = a} :: AwsIamPolicyDetails)
+
+-- | The identifier of the default version of the policy.
+awsIamPolicyDetails_defaultVersionId :: Lens.Lens' AwsIamPolicyDetails (Prelude.Maybe Prelude.Text)
+awsIamPolicyDetails_defaultVersionId = Lens.lens (\AwsIamPolicyDetails' {defaultVersionId} -> defaultVersionId) (\s@AwsIamPolicyDetails' {} a -> s {defaultVersionId = a} :: AwsIamPolicyDetails)
+
+-- | A description of the policy.
+awsIamPolicyDetails_description :: Lens.Lens' AwsIamPolicyDetails (Prelude.Maybe Prelude.Text)
+awsIamPolicyDetails_description = Lens.lens (\AwsIamPolicyDetails' {description} -> description) (\s@AwsIamPolicyDetails' {} a -> s {description = a} :: AwsIamPolicyDetails)
+
+-- | Whether the policy can be attached to a user, group, or role.
+awsIamPolicyDetails_isAttachable :: Lens.Lens' AwsIamPolicyDetails (Prelude.Maybe Prelude.Bool)
+awsIamPolicyDetails_isAttachable = Lens.lens (\AwsIamPolicyDetails' {isAttachable} -> isAttachable) (\s@AwsIamPolicyDetails' {} a -> s {isAttachable = a} :: AwsIamPolicyDetails)
+
+-- | The path to the policy.
+awsIamPolicyDetails_path :: Lens.Lens' AwsIamPolicyDetails (Prelude.Maybe Prelude.Text)
+awsIamPolicyDetails_path = Lens.lens (\AwsIamPolicyDetails' {path} -> path) (\s@AwsIamPolicyDetails' {} a -> s {path = a} :: AwsIamPolicyDetails)
+
+-- | The number of users and roles that use the policy to set the permissions
+-- boundary.
+awsIamPolicyDetails_permissionsBoundaryUsageCount :: Lens.Lens' AwsIamPolicyDetails (Prelude.Maybe Prelude.Int)
+awsIamPolicyDetails_permissionsBoundaryUsageCount = Lens.lens (\AwsIamPolicyDetails' {permissionsBoundaryUsageCount} -> permissionsBoundaryUsageCount) (\s@AwsIamPolicyDetails' {} a -> s {permissionsBoundaryUsageCount = a} :: AwsIamPolicyDetails)
+
+-- | The unique identifier of the policy.
+awsIamPolicyDetails_policyId :: Lens.Lens' AwsIamPolicyDetails (Prelude.Maybe Prelude.Text)
+awsIamPolicyDetails_policyId = Lens.lens (\AwsIamPolicyDetails' {policyId} -> policyId) (\s@AwsIamPolicyDetails' {} a -> s {policyId = a} :: AwsIamPolicyDetails)
+
+-- | The name of the policy.
+awsIamPolicyDetails_policyName :: Lens.Lens' AwsIamPolicyDetails (Prelude.Maybe Prelude.Text)
+awsIamPolicyDetails_policyName = Lens.lens (\AwsIamPolicyDetails' {policyName} -> policyName) (\s@AwsIamPolicyDetails' {} a -> s {policyName = a} :: AwsIamPolicyDetails)
+
+-- | List of versions of the policy.
+awsIamPolicyDetails_policyVersionList :: Lens.Lens' AwsIamPolicyDetails (Prelude.Maybe [AwsIamPolicyVersion])
+awsIamPolicyDetails_policyVersionList = Lens.lens (\AwsIamPolicyDetails' {policyVersionList} -> policyVersionList) (\s@AwsIamPolicyDetails' {} a -> s {policyVersionList = a} :: AwsIamPolicyDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | When the policy was most recently updated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsIamPolicyDetails_updateDate :: Lens.Lens' AwsIamPolicyDetails (Prelude.Maybe Prelude.Text)
+awsIamPolicyDetails_updateDate = Lens.lens (\AwsIamPolicyDetails' {updateDate} -> updateDate) (\s@AwsIamPolicyDetails' {} a -> s {updateDate = a} :: AwsIamPolicyDetails)
+
+instance Data.FromJSON AwsIamPolicyDetails where
+  parseJSON =
+    Data.withObject
+      "AwsIamPolicyDetails"
+      ( \x ->
+          AwsIamPolicyDetails'
+            Prelude.<$> (x Data..:? "AttachmentCount")
+            Prelude.<*> (x Data..:? "CreateDate")
+            Prelude.<*> (x Data..:? "DefaultVersionId")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "IsAttachable")
+            Prelude.<*> (x Data..:? "Path")
+            Prelude.<*> (x Data..:? "PermissionsBoundaryUsageCount")
+            Prelude.<*> (x Data..:? "PolicyId")
+            Prelude.<*> (x Data..:? "PolicyName")
+            Prelude.<*> ( x
+                            Data..:? "PolicyVersionList"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "UpdateDate")
+      )
+
+instance Prelude.Hashable AwsIamPolicyDetails where
+  hashWithSalt _salt AwsIamPolicyDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` attachmentCount
+      `Prelude.hashWithSalt` createDate
+      `Prelude.hashWithSalt` defaultVersionId
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` isAttachable
+      `Prelude.hashWithSalt` path
+      `Prelude.hashWithSalt` permissionsBoundaryUsageCount
+      `Prelude.hashWithSalt` policyId
+      `Prelude.hashWithSalt` policyName
+      `Prelude.hashWithSalt` policyVersionList
+      `Prelude.hashWithSalt` updateDate
+
+instance Prelude.NFData AwsIamPolicyDetails where
+  rnf AwsIamPolicyDetails' {..} =
+    Prelude.rnf attachmentCount
+      `Prelude.seq` Prelude.rnf createDate
+      `Prelude.seq` Prelude.rnf defaultVersionId
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf isAttachable
+      `Prelude.seq` Prelude.rnf path
+      `Prelude.seq` Prelude.rnf permissionsBoundaryUsageCount
+      `Prelude.seq` Prelude.rnf policyId
+      `Prelude.seq` Prelude.rnf policyName
+      `Prelude.seq` Prelude.rnf policyVersionList
+      `Prelude.seq` Prelude.rnf updateDate
+
+instance Data.ToJSON AwsIamPolicyDetails where
+  toJSON AwsIamPolicyDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AttachmentCount" Data..=)
+              Prelude.<$> attachmentCount,
+            ("CreateDate" Data..=) Prelude.<$> createDate,
+            ("DefaultVersionId" Data..=)
+              Prelude.<$> defaultVersionId,
+            ("Description" Data..=) Prelude.<$> description,
+            ("IsAttachable" Data..=) Prelude.<$> isAttachable,
+            ("Path" Data..=) Prelude.<$> path,
+            ("PermissionsBoundaryUsageCount" Data..=)
+              Prelude.<$> permissionsBoundaryUsageCount,
+            ("PolicyId" Data..=) Prelude.<$> policyId,
+            ("PolicyName" Data..=) Prelude.<$> policyName,
+            ("PolicyVersionList" Data..=)
+              Prelude.<$> policyVersionList,
+            ("UpdateDate" Data..=) Prelude.<$> updateDate
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamPolicyVersion.hs b/gen/Amazonka/SecurityHub/Types/AwsIamPolicyVersion.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamPolicyVersion.hs
@@ -0,0 +1,122 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamPolicyVersion
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamPolicyVersion where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A version of an IAM policy.
+--
+-- /See:/ 'newAwsIamPolicyVersion' smart constructor.
+data AwsIamPolicyVersion = AwsIamPolicyVersion'
+  { -- | Indicates when the version was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createDate :: Prelude.Maybe Prelude.Text,
+    -- | Whether the version is the default version.
+    isDefaultVersion :: Prelude.Maybe Prelude.Bool,
+    -- | The identifier of the policy version.
+    versionId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamPolicyVersion' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'createDate', 'awsIamPolicyVersion_createDate' - Indicates when the version was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'isDefaultVersion', 'awsIamPolicyVersion_isDefaultVersion' - Whether the version is the default version.
+--
+-- 'versionId', 'awsIamPolicyVersion_versionId' - The identifier of the policy version.
+newAwsIamPolicyVersion ::
+  AwsIamPolicyVersion
+newAwsIamPolicyVersion =
+  AwsIamPolicyVersion'
+    { createDate = Prelude.Nothing,
+      isDefaultVersion = Prelude.Nothing,
+      versionId = Prelude.Nothing
+    }
+
+-- | Indicates when the version was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsIamPolicyVersion_createDate :: Lens.Lens' AwsIamPolicyVersion (Prelude.Maybe Prelude.Text)
+awsIamPolicyVersion_createDate = Lens.lens (\AwsIamPolicyVersion' {createDate} -> createDate) (\s@AwsIamPolicyVersion' {} a -> s {createDate = a} :: AwsIamPolicyVersion)
+
+-- | Whether the version is the default version.
+awsIamPolicyVersion_isDefaultVersion :: Lens.Lens' AwsIamPolicyVersion (Prelude.Maybe Prelude.Bool)
+awsIamPolicyVersion_isDefaultVersion = Lens.lens (\AwsIamPolicyVersion' {isDefaultVersion} -> isDefaultVersion) (\s@AwsIamPolicyVersion' {} a -> s {isDefaultVersion = a} :: AwsIamPolicyVersion)
+
+-- | The identifier of the policy version.
+awsIamPolicyVersion_versionId :: Lens.Lens' AwsIamPolicyVersion (Prelude.Maybe Prelude.Text)
+awsIamPolicyVersion_versionId = Lens.lens (\AwsIamPolicyVersion' {versionId} -> versionId) (\s@AwsIamPolicyVersion' {} a -> s {versionId = a} :: AwsIamPolicyVersion)
+
+instance Data.FromJSON AwsIamPolicyVersion where
+  parseJSON =
+    Data.withObject
+      "AwsIamPolicyVersion"
+      ( \x ->
+          AwsIamPolicyVersion'
+            Prelude.<$> (x Data..:? "CreateDate")
+            Prelude.<*> (x Data..:? "IsDefaultVersion")
+            Prelude.<*> (x Data..:? "VersionId")
+      )
+
+instance Prelude.Hashable AwsIamPolicyVersion where
+  hashWithSalt _salt AwsIamPolicyVersion' {..} =
+    _salt
+      `Prelude.hashWithSalt` createDate
+      `Prelude.hashWithSalt` isDefaultVersion
+      `Prelude.hashWithSalt` versionId
+
+instance Prelude.NFData AwsIamPolicyVersion where
+  rnf AwsIamPolicyVersion' {..} =
+    Prelude.rnf createDate
+      `Prelude.seq` Prelude.rnf isDefaultVersion
+      `Prelude.seq` Prelude.rnf versionId
+
+instance Data.ToJSON AwsIamPolicyVersion where
+  toJSON AwsIamPolicyVersion' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CreateDate" Data..=) Prelude.<$> createDate,
+            ("IsDefaultVersion" Data..=)
+              Prelude.<$> isDefaultVersion,
+            ("VersionId" Data..=) Prelude.<$> versionId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamRoleDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsIamRoleDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamRoleDetails.hs
@@ -0,0 +1,235 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamRoleDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamRoleDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsIamAttachedManagedPolicy
+import Amazonka.SecurityHub.Types.AwsIamInstanceProfile
+import Amazonka.SecurityHub.Types.AwsIamPermissionsBoundary
+import Amazonka.SecurityHub.Types.AwsIamRolePolicy
+
+-- | Contains information about an IAM role, including all of the role\'s
+-- policies.
+--
+-- /See:/ 'newAwsIamRoleDetails' smart constructor.
+data AwsIamRoleDetails = AwsIamRoleDetails'
+  { -- | The trust policy that grants permission to assume the role.
+    assumeRolePolicyDocument :: Prelude.Maybe Prelude.Text,
+    -- | The list of the managed policies that are attached to the role.
+    attachedManagedPolicies :: Prelude.Maybe [AwsIamAttachedManagedPolicy],
+    -- | Indicates when the role was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createDate :: Prelude.Maybe Prelude.Text,
+    -- | The list of instance profiles that contain this role.
+    instanceProfileList :: Prelude.Maybe [AwsIamInstanceProfile],
+    -- | The maximum session duration (in seconds) that you want to set for the
+    -- specified role.
+    maxSessionDuration :: Prelude.Maybe Prelude.Int,
+    -- | The path to the role.
+    path :: Prelude.Maybe Prelude.Text,
+    permissionsBoundary :: Prelude.Maybe AwsIamPermissionsBoundary,
+    -- | The stable and unique string identifying the role.
+    roleId :: Prelude.Maybe Prelude.Text,
+    -- | The friendly name that identifies the role.
+    roleName :: Prelude.Maybe Prelude.Text,
+    -- | The list of inline policies that are embedded in the role.
+    rolePolicyList :: Prelude.Maybe [AwsIamRolePolicy]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamRoleDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'assumeRolePolicyDocument', 'awsIamRoleDetails_assumeRolePolicyDocument' - The trust policy that grants permission to assume the role.
+--
+-- 'attachedManagedPolicies', 'awsIamRoleDetails_attachedManagedPolicies' - The list of the managed policies that are attached to the role.
+--
+-- 'createDate', 'awsIamRoleDetails_createDate' - Indicates when the role was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'instanceProfileList', 'awsIamRoleDetails_instanceProfileList' - The list of instance profiles that contain this role.
+--
+-- 'maxSessionDuration', 'awsIamRoleDetails_maxSessionDuration' - The maximum session duration (in seconds) that you want to set for the
+-- specified role.
+--
+-- 'path', 'awsIamRoleDetails_path' - The path to the role.
+--
+-- 'permissionsBoundary', 'awsIamRoleDetails_permissionsBoundary' - Undocumented member.
+--
+-- 'roleId', 'awsIamRoleDetails_roleId' - The stable and unique string identifying the role.
+--
+-- 'roleName', 'awsIamRoleDetails_roleName' - The friendly name that identifies the role.
+--
+-- 'rolePolicyList', 'awsIamRoleDetails_rolePolicyList' - The list of inline policies that are embedded in the role.
+newAwsIamRoleDetails ::
+  AwsIamRoleDetails
+newAwsIamRoleDetails =
+  AwsIamRoleDetails'
+    { assumeRolePolicyDocument =
+        Prelude.Nothing,
+      attachedManagedPolicies = Prelude.Nothing,
+      createDate = Prelude.Nothing,
+      instanceProfileList = Prelude.Nothing,
+      maxSessionDuration = Prelude.Nothing,
+      path = Prelude.Nothing,
+      permissionsBoundary = Prelude.Nothing,
+      roleId = Prelude.Nothing,
+      roleName = Prelude.Nothing,
+      rolePolicyList = Prelude.Nothing
+    }
+
+-- | The trust policy that grants permission to assume the role.
+awsIamRoleDetails_assumeRolePolicyDocument :: Lens.Lens' AwsIamRoleDetails (Prelude.Maybe Prelude.Text)
+awsIamRoleDetails_assumeRolePolicyDocument = Lens.lens (\AwsIamRoleDetails' {assumeRolePolicyDocument} -> assumeRolePolicyDocument) (\s@AwsIamRoleDetails' {} a -> s {assumeRolePolicyDocument = a} :: AwsIamRoleDetails)
+
+-- | The list of the managed policies that are attached to the role.
+awsIamRoleDetails_attachedManagedPolicies :: Lens.Lens' AwsIamRoleDetails (Prelude.Maybe [AwsIamAttachedManagedPolicy])
+awsIamRoleDetails_attachedManagedPolicies = Lens.lens (\AwsIamRoleDetails' {attachedManagedPolicies} -> attachedManagedPolicies) (\s@AwsIamRoleDetails' {} a -> s {attachedManagedPolicies = a} :: AwsIamRoleDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates when the role was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsIamRoleDetails_createDate :: Lens.Lens' AwsIamRoleDetails (Prelude.Maybe Prelude.Text)
+awsIamRoleDetails_createDate = Lens.lens (\AwsIamRoleDetails' {createDate} -> createDate) (\s@AwsIamRoleDetails' {} a -> s {createDate = a} :: AwsIamRoleDetails)
+
+-- | The list of instance profiles that contain this role.
+awsIamRoleDetails_instanceProfileList :: Lens.Lens' AwsIamRoleDetails (Prelude.Maybe [AwsIamInstanceProfile])
+awsIamRoleDetails_instanceProfileList = Lens.lens (\AwsIamRoleDetails' {instanceProfileList} -> instanceProfileList) (\s@AwsIamRoleDetails' {} a -> s {instanceProfileList = a} :: AwsIamRoleDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The maximum session duration (in seconds) that you want to set for the
+-- specified role.
+awsIamRoleDetails_maxSessionDuration :: Lens.Lens' AwsIamRoleDetails (Prelude.Maybe Prelude.Int)
+awsIamRoleDetails_maxSessionDuration = Lens.lens (\AwsIamRoleDetails' {maxSessionDuration} -> maxSessionDuration) (\s@AwsIamRoleDetails' {} a -> s {maxSessionDuration = a} :: AwsIamRoleDetails)
+
+-- | The path to the role.
+awsIamRoleDetails_path :: Lens.Lens' AwsIamRoleDetails (Prelude.Maybe Prelude.Text)
+awsIamRoleDetails_path = Lens.lens (\AwsIamRoleDetails' {path} -> path) (\s@AwsIamRoleDetails' {} a -> s {path = a} :: AwsIamRoleDetails)
+
+-- | Undocumented member.
+awsIamRoleDetails_permissionsBoundary :: Lens.Lens' AwsIamRoleDetails (Prelude.Maybe AwsIamPermissionsBoundary)
+awsIamRoleDetails_permissionsBoundary = Lens.lens (\AwsIamRoleDetails' {permissionsBoundary} -> permissionsBoundary) (\s@AwsIamRoleDetails' {} a -> s {permissionsBoundary = a} :: AwsIamRoleDetails)
+
+-- | The stable and unique string identifying the role.
+awsIamRoleDetails_roleId :: Lens.Lens' AwsIamRoleDetails (Prelude.Maybe Prelude.Text)
+awsIamRoleDetails_roleId = Lens.lens (\AwsIamRoleDetails' {roleId} -> roleId) (\s@AwsIamRoleDetails' {} a -> s {roleId = a} :: AwsIamRoleDetails)
+
+-- | The friendly name that identifies the role.
+awsIamRoleDetails_roleName :: Lens.Lens' AwsIamRoleDetails (Prelude.Maybe Prelude.Text)
+awsIamRoleDetails_roleName = Lens.lens (\AwsIamRoleDetails' {roleName} -> roleName) (\s@AwsIamRoleDetails' {} a -> s {roleName = a} :: AwsIamRoleDetails)
+
+-- | The list of inline policies that are embedded in the role.
+awsIamRoleDetails_rolePolicyList :: Lens.Lens' AwsIamRoleDetails (Prelude.Maybe [AwsIamRolePolicy])
+awsIamRoleDetails_rolePolicyList = Lens.lens (\AwsIamRoleDetails' {rolePolicyList} -> rolePolicyList) (\s@AwsIamRoleDetails' {} a -> s {rolePolicyList = a} :: AwsIamRoleDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsIamRoleDetails where
+  parseJSON =
+    Data.withObject
+      "AwsIamRoleDetails"
+      ( \x ->
+          AwsIamRoleDetails'
+            Prelude.<$> (x Data..:? "AssumeRolePolicyDocument")
+            Prelude.<*> ( x
+                            Data..:? "AttachedManagedPolicies"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "CreateDate")
+            Prelude.<*> ( x
+                            Data..:? "InstanceProfileList"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "MaxSessionDuration")
+            Prelude.<*> (x Data..:? "Path")
+            Prelude.<*> (x Data..:? "PermissionsBoundary")
+            Prelude.<*> (x Data..:? "RoleId")
+            Prelude.<*> (x Data..:? "RoleName")
+            Prelude.<*> ( x
+                            Data..:? "RolePolicyList"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable AwsIamRoleDetails where
+  hashWithSalt _salt AwsIamRoleDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` assumeRolePolicyDocument
+      `Prelude.hashWithSalt` attachedManagedPolicies
+      `Prelude.hashWithSalt` createDate
+      `Prelude.hashWithSalt` instanceProfileList
+      `Prelude.hashWithSalt` maxSessionDuration
+      `Prelude.hashWithSalt` path
+      `Prelude.hashWithSalt` permissionsBoundary
+      `Prelude.hashWithSalt` roleId
+      `Prelude.hashWithSalt` roleName
+      `Prelude.hashWithSalt` rolePolicyList
+
+instance Prelude.NFData AwsIamRoleDetails where
+  rnf AwsIamRoleDetails' {..} =
+    Prelude.rnf assumeRolePolicyDocument
+      `Prelude.seq` Prelude.rnf attachedManagedPolicies
+      `Prelude.seq` Prelude.rnf createDate
+      `Prelude.seq` Prelude.rnf instanceProfileList
+      `Prelude.seq` Prelude.rnf maxSessionDuration
+      `Prelude.seq` Prelude.rnf path
+      `Prelude.seq` Prelude.rnf permissionsBoundary
+      `Prelude.seq` Prelude.rnf roleId
+      `Prelude.seq` Prelude.rnf roleName
+      `Prelude.seq` Prelude.rnf rolePolicyList
+
+instance Data.ToJSON AwsIamRoleDetails where
+  toJSON AwsIamRoleDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AssumeRolePolicyDocument" Data..=)
+              Prelude.<$> assumeRolePolicyDocument,
+            ("AttachedManagedPolicies" Data..=)
+              Prelude.<$> attachedManagedPolicies,
+            ("CreateDate" Data..=) Prelude.<$> createDate,
+            ("InstanceProfileList" Data..=)
+              Prelude.<$> instanceProfileList,
+            ("MaxSessionDuration" Data..=)
+              Prelude.<$> maxSessionDuration,
+            ("Path" Data..=) Prelude.<$> path,
+            ("PermissionsBoundary" Data..=)
+              Prelude.<$> permissionsBoundary,
+            ("RoleId" Data..=) Prelude.<$> roleId,
+            ("RoleName" Data..=) Prelude.<$> roleName,
+            ("RolePolicyList" Data..=)
+              Prelude.<$> rolePolicyList
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamRolePolicy.hs b/gen/Amazonka/SecurityHub/Types/AwsIamRolePolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamRolePolicy.hs
@@ -0,0 +1,75 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamRolePolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamRolePolicy where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An inline policy that is embedded in the role.
+--
+-- /See:/ 'newAwsIamRolePolicy' smart constructor.
+data AwsIamRolePolicy = AwsIamRolePolicy'
+  { -- | The name of the policy.
+    policyName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamRolePolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'policyName', 'awsIamRolePolicy_policyName' - The name of the policy.
+newAwsIamRolePolicy ::
+  AwsIamRolePolicy
+newAwsIamRolePolicy =
+  AwsIamRolePolicy' {policyName = Prelude.Nothing}
+
+-- | The name of the policy.
+awsIamRolePolicy_policyName :: Lens.Lens' AwsIamRolePolicy (Prelude.Maybe Prelude.Text)
+awsIamRolePolicy_policyName = Lens.lens (\AwsIamRolePolicy' {policyName} -> policyName) (\s@AwsIamRolePolicy' {} a -> s {policyName = a} :: AwsIamRolePolicy)
+
+instance Data.FromJSON AwsIamRolePolicy where
+  parseJSON =
+    Data.withObject
+      "AwsIamRolePolicy"
+      ( \x ->
+          AwsIamRolePolicy'
+            Prelude.<$> (x Data..:? "PolicyName")
+      )
+
+instance Prelude.Hashable AwsIamRolePolicy where
+  hashWithSalt _salt AwsIamRolePolicy' {..} =
+    _salt `Prelude.hashWithSalt` policyName
+
+instance Prelude.NFData AwsIamRolePolicy where
+  rnf AwsIamRolePolicy' {..} = Prelude.rnf policyName
+
+instance Data.ToJSON AwsIamRolePolicy where
+  toJSON AwsIamRolePolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("PolicyName" Data..=) Prelude.<$> policyName]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamUserDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsIamUserDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamUserDetails.hs
@@ -0,0 +1,199 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamUserDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamUserDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsIamAttachedManagedPolicy
+import Amazonka.SecurityHub.Types.AwsIamPermissionsBoundary
+import Amazonka.SecurityHub.Types.AwsIamUserPolicy
+
+-- | Information about an IAM user.
+--
+-- /See:/ 'newAwsIamUserDetails' smart constructor.
+data AwsIamUserDetails = AwsIamUserDetails'
+  { -- | A list of the managed policies that are attached to the user.
+    attachedManagedPolicies :: Prelude.Maybe [AwsIamAttachedManagedPolicy],
+    -- | Indicates when the user was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createDate :: Prelude.Maybe Prelude.Text,
+    -- | A list of IAM groups that the user belongs to.
+    groupList :: Prelude.Maybe [Prelude.Text],
+    -- | The path to the user.
+    path :: Prelude.Maybe Prelude.Text,
+    -- | The permissions boundary for the user.
+    permissionsBoundary :: Prelude.Maybe AwsIamPermissionsBoundary,
+    -- | The unique identifier for the user.
+    userId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the user.
+    userName :: Prelude.Maybe Prelude.Text,
+    -- | The list of inline policies that are embedded in the user.
+    userPolicyList :: Prelude.Maybe [AwsIamUserPolicy]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamUserDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attachedManagedPolicies', 'awsIamUserDetails_attachedManagedPolicies' - A list of the managed policies that are attached to the user.
+--
+-- 'createDate', 'awsIamUserDetails_createDate' - Indicates when the user was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'groupList', 'awsIamUserDetails_groupList' - A list of IAM groups that the user belongs to.
+--
+-- 'path', 'awsIamUserDetails_path' - The path to the user.
+--
+-- 'permissionsBoundary', 'awsIamUserDetails_permissionsBoundary' - The permissions boundary for the user.
+--
+-- 'userId', 'awsIamUserDetails_userId' - The unique identifier for the user.
+--
+-- 'userName', 'awsIamUserDetails_userName' - The name of the user.
+--
+-- 'userPolicyList', 'awsIamUserDetails_userPolicyList' - The list of inline policies that are embedded in the user.
+newAwsIamUserDetails ::
+  AwsIamUserDetails
+newAwsIamUserDetails =
+  AwsIamUserDetails'
+    { attachedManagedPolicies =
+        Prelude.Nothing,
+      createDate = Prelude.Nothing,
+      groupList = Prelude.Nothing,
+      path = Prelude.Nothing,
+      permissionsBoundary = Prelude.Nothing,
+      userId = Prelude.Nothing,
+      userName = Prelude.Nothing,
+      userPolicyList = Prelude.Nothing
+    }
+
+-- | A list of the managed policies that are attached to the user.
+awsIamUserDetails_attachedManagedPolicies :: Lens.Lens' AwsIamUserDetails (Prelude.Maybe [AwsIamAttachedManagedPolicy])
+awsIamUserDetails_attachedManagedPolicies = Lens.lens (\AwsIamUserDetails' {attachedManagedPolicies} -> attachedManagedPolicies) (\s@AwsIamUserDetails' {} a -> s {attachedManagedPolicies = a} :: AwsIamUserDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates when the user was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsIamUserDetails_createDate :: Lens.Lens' AwsIamUserDetails (Prelude.Maybe Prelude.Text)
+awsIamUserDetails_createDate = Lens.lens (\AwsIamUserDetails' {createDate} -> createDate) (\s@AwsIamUserDetails' {} a -> s {createDate = a} :: AwsIamUserDetails)
+
+-- | A list of IAM groups that the user belongs to.
+awsIamUserDetails_groupList :: Lens.Lens' AwsIamUserDetails (Prelude.Maybe [Prelude.Text])
+awsIamUserDetails_groupList = Lens.lens (\AwsIamUserDetails' {groupList} -> groupList) (\s@AwsIamUserDetails' {} a -> s {groupList = a} :: AwsIamUserDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The path to the user.
+awsIamUserDetails_path :: Lens.Lens' AwsIamUserDetails (Prelude.Maybe Prelude.Text)
+awsIamUserDetails_path = Lens.lens (\AwsIamUserDetails' {path} -> path) (\s@AwsIamUserDetails' {} a -> s {path = a} :: AwsIamUserDetails)
+
+-- | The permissions boundary for the user.
+awsIamUserDetails_permissionsBoundary :: Lens.Lens' AwsIamUserDetails (Prelude.Maybe AwsIamPermissionsBoundary)
+awsIamUserDetails_permissionsBoundary = Lens.lens (\AwsIamUserDetails' {permissionsBoundary} -> permissionsBoundary) (\s@AwsIamUserDetails' {} a -> s {permissionsBoundary = a} :: AwsIamUserDetails)
+
+-- | The unique identifier for the user.
+awsIamUserDetails_userId :: Lens.Lens' AwsIamUserDetails (Prelude.Maybe Prelude.Text)
+awsIamUserDetails_userId = Lens.lens (\AwsIamUserDetails' {userId} -> userId) (\s@AwsIamUserDetails' {} a -> s {userId = a} :: AwsIamUserDetails)
+
+-- | The name of the user.
+awsIamUserDetails_userName :: Lens.Lens' AwsIamUserDetails (Prelude.Maybe Prelude.Text)
+awsIamUserDetails_userName = Lens.lens (\AwsIamUserDetails' {userName} -> userName) (\s@AwsIamUserDetails' {} a -> s {userName = a} :: AwsIamUserDetails)
+
+-- | The list of inline policies that are embedded in the user.
+awsIamUserDetails_userPolicyList :: Lens.Lens' AwsIamUserDetails (Prelude.Maybe [AwsIamUserPolicy])
+awsIamUserDetails_userPolicyList = Lens.lens (\AwsIamUserDetails' {userPolicyList} -> userPolicyList) (\s@AwsIamUserDetails' {} a -> s {userPolicyList = a} :: AwsIamUserDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsIamUserDetails where
+  parseJSON =
+    Data.withObject
+      "AwsIamUserDetails"
+      ( \x ->
+          AwsIamUserDetails'
+            Prelude.<$> ( x
+                            Data..:? "AttachedManagedPolicies"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "CreateDate")
+            Prelude.<*> (x Data..:? "GroupList" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Path")
+            Prelude.<*> (x Data..:? "PermissionsBoundary")
+            Prelude.<*> (x Data..:? "UserId")
+            Prelude.<*> (x Data..:? "UserName")
+            Prelude.<*> ( x
+                            Data..:? "UserPolicyList"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable AwsIamUserDetails where
+  hashWithSalt _salt AwsIamUserDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` attachedManagedPolicies
+      `Prelude.hashWithSalt` createDate
+      `Prelude.hashWithSalt` groupList
+      `Prelude.hashWithSalt` path
+      `Prelude.hashWithSalt` permissionsBoundary
+      `Prelude.hashWithSalt` userId
+      `Prelude.hashWithSalt` userName
+      `Prelude.hashWithSalt` userPolicyList
+
+instance Prelude.NFData AwsIamUserDetails where
+  rnf AwsIamUserDetails' {..} =
+    Prelude.rnf attachedManagedPolicies
+      `Prelude.seq` Prelude.rnf createDate
+      `Prelude.seq` Prelude.rnf groupList
+      `Prelude.seq` Prelude.rnf path
+      `Prelude.seq` Prelude.rnf permissionsBoundary
+      `Prelude.seq` Prelude.rnf userId
+      `Prelude.seq` Prelude.rnf userName
+      `Prelude.seq` Prelude.rnf userPolicyList
+
+instance Data.ToJSON AwsIamUserDetails where
+  toJSON AwsIamUserDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AttachedManagedPolicies" Data..=)
+              Prelude.<$> attachedManagedPolicies,
+            ("CreateDate" Data..=) Prelude.<$> createDate,
+            ("GroupList" Data..=) Prelude.<$> groupList,
+            ("Path" Data..=) Prelude.<$> path,
+            ("PermissionsBoundary" Data..=)
+              Prelude.<$> permissionsBoundary,
+            ("UserId" Data..=) Prelude.<$> userId,
+            ("UserName" Data..=) Prelude.<$> userName,
+            ("UserPolicyList" Data..=)
+              Prelude.<$> userPolicyList
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsIamUserPolicy.hs b/gen/Amazonka/SecurityHub/Types/AwsIamUserPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsIamUserPolicy.hs
@@ -0,0 +1,75 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsIamUserPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsIamUserPolicy where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about an inline policy that is embedded in the user.
+--
+-- /See:/ 'newAwsIamUserPolicy' smart constructor.
+data AwsIamUserPolicy = AwsIamUserPolicy'
+  { -- | The name of the policy.
+    policyName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsIamUserPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'policyName', 'awsIamUserPolicy_policyName' - The name of the policy.
+newAwsIamUserPolicy ::
+  AwsIamUserPolicy
+newAwsIamUserPolicy =
+  AwsIamUserPolicy' {policyName = Prelude.Nothing}
+
+-- | The name of the policy.
+awsIamUserPolicy_policyName :: Lens.Lens' AwsIamUserPolicy (Prelude.Maybe Prelude.Text)
+awsIamUserPolicy_policyName = Lens.lens (\AwsIamUserPolicy' {policyName} -> policyName) (\s@AwsIamUserPolicy' {} a -> s {policyName = a} :: AwsIamUserPolicy)
+
+instance Data.FromJSON AwsIamUserPolicy where
+  parseJSON =
+    Data.withObject
+      "AwsIamUserPolicy"
+      ( \x ->
+          AwsIamUserPolicy'
+            Prelude.<$> (x Data..:? "PolicyName")
+      )
+
+instance Prelude.Hashable AwsIamUserPolicy where
+  hashWithSalt _salt AwsIamUserPolicy' {..} =
+    _salt `Prelude.hashWithSalt` policyName
+
+instance Prelude.NFData AwsIamUserPolicy where
+  rnf AwsIamUserPolicy' {..} = Prelude.rnf policyName
+
+instance Data.ToJSON AwsIamUserPolicy where
+  toJSON AwsIamUserPolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("PolicyName" Data..=) Prelude.<$> policyName]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsKinesisStreamDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsKinesisStreamDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsKinesisStreamDetails.hs
@@ -0,0 +1,147 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsKinesisStreamDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsKinesisStreamDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsKinesisStreamStreamEncryptionDetails
+
+-- | Provides information about an Amazon Kinesis data stream.
+--
+-- /See:/ 'newAwsKinesisStreamDetails' smart constructor.
+data AwsKinesisStreamDetails = AwsKinesisStreamDetails'
+  { -- | The Amazon Resource Name (ARN) of the Kinesis data stream.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The name of the Kinesis stream. If you don\'t specify a name, CloudFront
+    -- generates a unique physical ID and uses that ID for the stream name.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The number of hours for the data records that are stored in shards to
+    -- remain accessible.
+    retentionPeriodHours :: Prelude.Maybe Prelude.Int,
+    -- | The number of shards that the stream uses.
+    shardCount :: Prelude.Maybe Prelude.Int,
+    -- | When specified, enables or updates server-side encryption using an KMS
+    -- key for a specified stream. Removing this property from your stack
+    -- template and updating your stack disables encryption.
+    streamEncryption :: Prelude.Maybe AwsKinesisStreamStreamEncryptionDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsKinesisStreamDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'awsKinesisStreamDetails_arn' - The Amazon Resource Name (ARN) of the Kinesis data stream.
+--
+-- 'name', 'awsKinesisStreamDetails_name' - The name of the Kinesis stream. If you don\'t specify a name, CloudFront
+-- generates a unique physical ID and uses that ID for the stream name.
+--
+-- 'retentionPeriodHours', 'awsKinesisStreamDetails_retentionPeriodHours' - The number of hours for the data records that are stored in shards to
+-- remain accessible.
+--
+-- 'shardCount', 'awsKinesisStreamDetails_shardCount' - The number of shards that the stream uses.
+--
+-- 'streamEncryption', 'awsKinesisStreamDetails_streamEncryption' - When specified, enables or updates server-side encryption using an KMS
+-- key for a specified stream. Removing this property from your stack
+-- template and updating your stack disables encryption.
+newAwsKinesisStreamDetails ::
+  AwsKinesisStreamDetails
+newAwsKinesisStreamDetails =
+  AwsKinesisStreamDetails'
+    { arn = Prelude.Nothing,
+      name = Prelude.Nothing,
+      retentionPeriodHours = Prelude.Nothing,
+      shardCount = Prelude.Nothing,
+      streamEncryption = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the Kinesis data stream.
+awsKinesisStreamDetails_arn :: Lens.Lens' AwsKinesisStreamDetails (Prelude.Maybe Prelude.Text)
+awsKinesisStreamDetails_arn = Lens.lens (\AwsKinesisStreamDetails' {arn} -> arn) (\s@AwsKinesisStreamDetails' {} a -> s {arn = a} :: AwsKinesisStreamDetails)
+
+-- | The name of the Kinesis stream. If you don\'t specify a name, CloudFront
+-- generates a unique physical ID and uses that ID for the stream name.
+awsKinesisStreamDetails_name :: Lens.Lens' AwsKinesisStreamDetails (Prelude.Maybe Prelude.Text)
+awsKinesisStreamDetails_name = Lens.lens (\AwsKinesisStreamDetails' {name} -> name) (\s@AwsKinesisStreamDetails' {} a -> s {name = a} :: AwsKinesisStreamDetails)
+
+-- | The number of hours for the data records that are stored in shards to
+-- remain accessible.
+awsKinesisStreamDetails_retentionPeriodHours :: Lens.Lens' AwsKinesisStreamDetails (Prelude.Maybe Prelude.Int)
+awsKinesisStreamDetails_retentionPeriodHours = Lens.lens (\AwsKinesisStreamDetails' {retentionPeriodHours} -> retentionPeriodHours) (\s@AwsKinesisStreamDetails' {} a -> s {retentionPeriodHours = a} :: AwsKinesisStreamDetails)
+
+-- | The number of shards that the stream uses.
+awsKinesisStreamDetails_shardCount :: Lens.Lens' AwsKinesisStreamDetails (Prelude.Maybe Prelude.Int)
+awsKinesisStreamDetails_shardCount = Lens.lens (\AwsKinesisStreamDetails' {shardCount} -> shardCount) (\s@AwsKinesisStreamDetails' {} a -> s {shardCount = a} :: AwsKinesisStreamDetails)
+
+-- | When specified, enables or updates server-side encryption using an KMS
+-- key for a specified stream. Removing this property from your stack
+-- template and updating your stack disables encryption.
+awsKinesisStreamDetails_streamEncryption :: Lens.Lens' AwsKinesisStreamDetails (Prelude.Maybe AwsKinesisStreamStreamEncryptionDetails)
+awsKinesisStreamDetails_streamEncryption = Lens.lens (\AwsKinesisStreamDetails' {streamEncryption} -> streamEncryption) (\s@AwsKinesisStreamDetails' {} a -> s {streamEncryption = a} :: AwsKinesisStreamDetails)
+
+instance Data.FromJSON AwsKinesisStreamDetails where
+  parseJSON =
+    Data.withObject
+      "AwsKinesisStreamDetails"
+      ( \x ->
+          AwsKinesisStreamDetails'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "RetentionPeriodHours")
+            Prelude.<*> (x Data..:? "ShardCount")
+            Prelude.<*> (x Data..:? "StreamEncryption")
+      )
+
+instance Prelude.Hashable AwsKinesisStreamDetails where
+  hashWithSalt _salt AwsKinesisStreamDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` retentionPeriodHours
+      `Prelude.hashWithSalt` shardCount
+      `Prelude.hashWithSalt` streamEncryption
+
+instance Prelude.NFData AwsKinesisStreamDetails where
+  rnf AwsKinesisStreamDetails' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf retentionPeriodHours
+      `Prelude.seq` Prelude.rnf shardCount
+      `Prelude.seq` Prelude.rnf streamEncryption
+
+instance Data.ToJSON AwsKinesisStreamDetails where
+  toJSON AwsKinesisStreamDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Arn" Data..=) Prelude.<$> arn,
+            ("Name" Data..=) Prelude.<$> name,
+            ("RetentionPeriodHours" Data..=)
+              Prelude.<$> retentionPeriodHours,
+            ("ShardCount" Data..=) Prelude.<$> shardCount,
+            ("StreamEncryption" Data..=)
+              Prelude.<$> streamEncryption
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsKinesisStreamStreamEncryptionDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsKinesisStreamStreamEncryptionDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsKinesisStreamStreamEncryptionDetails.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsKinesisStreamStreamEncryptionDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsKinesisStreamStreamEncryptionDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about stream encryption.
+--
+-- /See:/ 'newAwsKinesisStreamStreamEncryptionDetails' smart constructor.
+data AwsKinesisStreamStreamEncryptionDetails = AwsKinesisStreamStreamEncryptionDetails'
+  { -- | The encryption type to use.
+    encryptionType :: Prelude.Maybe Prelude.Text,
+    -- | The globally unique identifier for the customer-managed KMS key to use
+    -- for encryption.
+    keyId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsKinesisStreamStreamEncryptionDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'encryptionType', 'awsKinesisStreamStreamEncryptionDetails_encryptionType' - The encryption type to use.
+--
+-- 'keyId', 'awsKinesisStreamStreamEncryptionDetails_keyId' - The globally unique identifier for the customer-managed KMS key to use
+-- for encryption.
+newAwsKinesisStreamStreamEncryptionDetails ::
+  AwsKinesisStreamStreamEncryptionDetails
+newAwsKinesisStreamStreamEncryptionDetails =
+  AwsKinesisStreamStreamEncryptionDetails'
+    { encryptionType =
+        Prelude.Nothing,
+      keyId = Prelude.Nothing
+    }
+
+-- | The encryption type to use.
+awsKinesisStreamStreamEncryptionDetails_encryptionType :: Lens.Lens' AwsKinesisStreamStreamEncryptionDetails (Prelude.Maybe Prelude.Text)
+awsKinesisStreamStreamEncryptionDetails_encryptionType = Lens.lens (\AwsKinesisStreamStreamEncryptionDetails' {encryptionType} -> encryptionType) (\s@AwsKinesisStreamStreamEncryptionDetails' {} a -> s {encryptionType = a} :: AwsKinesisStreamStreamEncryptionDetails)
+
+-- | The globally unique identifier for the customer-managed KMS key to use
+-- for encryption.
+awsKinesisStreamStreamEncryptionDetails_keyId :: Lens.Lens' AwsKinesisStreamStreamEncryptionDetails (Prelude.Maybe Prelude.Text)
+awsKinesisStreamStreamEncryptionDetails_keyId = Lens.lens (\AwsKinesisStreamStreamEncryptionDetails' {keyId} -> keyId) (\s@AwsKinesisStreamStreamEncryptionDetails' {} a -> s {keyId = a} :: AwsKinesisStreamStreamEncryptionDetails)
+
+instance
+  Data.FromJSON
+    AwsKinesisStreamStreamEncryptionDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsKinesisStreamStreamEncryptionDetails"
+      ( \x ->
+          AwsKinesisStreamStreamEncryptionDetails'
+            Prelude.<$> (x Data..:? "EncryptionType")
+            Prelude.<*> (x Data..:? "KeyId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsKinesisStreamStreamEncryptionDetails
+  where
+  hashWithSalt
+    _salt
+    AwsKinesisStreamStreamEncryptionDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` encryptionType
+        `Prelude.hashWithSalt` keyId
+
+instance
+  Prelude.NFData
+    AwsKinesisStreamStreamEncryptionDetails
+  where
+  rnf AwsKinesisStreamStreamEncryptionDetails' {..} =
+    Prelude.rnf encryptionType
+      `Prelude.seq` Prelude.rnf keyId
+
+instance
+  Data.ToJSON
+    AwsKinesisStreamStreamEncryptionDetails
+  where
+  toJSON AwsKinesisStreamStreamEncryptionDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("EncryptionType" Data..=)
+              Prelude.<$> encryptionType,
+            ("KeyId" Data..=) Prelude.<$> keyId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsKmsKeyDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsKmsKeyDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsKmsKeyDetails.hs
@@ -0,0 +1,250 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsKmsKeyDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsKmsKeyDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains metadata about an KMS key.
+--
+-- /See:/ 'newAwsKmsKeyDetails' smart constructor.
+data AwsKmsKeyDetails = AwsKmsKeyDetails'
+  { -- | The twelve-digit account ID of the Amazon Web Services account that owns
+    -- the KMS key.
+    aWSAccountId :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the KMS key was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    creationDate :: Prelude.Maybe Prelude.Double,
+    -- | A description of the KMS key.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The globally unique identifier for the KMS key.
+    keyId :: Prelude.Maybe Prelude.Text,
+    -- | The manager of the KMS key. KMS keys in your Amazon Web Services account
+    -- are either customer managed or Amazon Web Services managed.
+    keyManager :: Prelude.Maybe Prelude.Text,
+    -- | Whether the key has key rotation enabled.
+    keyRotationStatus :: Prelude.Maybe Prelude.Bool,
+    -- | The state of the KMS key. Valid values are as follows:
+    --
+    -- -   @Disabled@
+    --
+    -- -   @Enabled@
+    --
+    -- -   @PendingDeletion@
+    --
+    -- -   @PendingImport@
+    --
+    -- -   @Unavailable@
+    keyState :: Prelude.Maybe Prelude.Text,
+    -- | The source of the KMS key material.
+    --
+    -- When this value is @AWS_KMS@, KMS created the key material.
+    --
+    -- When this value is @EXTERNAL@, the key material was imported from your
+    -- existing key management infrastructure or the KMS key lacks key
+    -- material.
+    --
+    -- When this value is @AWS_CLOUDHSM@, the key material was created in the
+    -- CloudHSM cluster associated with a custom key store.
+    origin :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsKmsKeyDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'aWSAccountId', 'awsKmsKeyDetails_aWSAccountId' - The twelve-digit account ID of the Amazon Web Services account that owns
+-- the KMS key.
+--
+-- 'creationDate', 'awsKmsKeyDetails_creationDate' - Indicates when the KMS key was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'description', 'awsKmsKeyDetails_description' - A description of the KMS key.
+--
+-- 'keyId', 'awsKmsKeyDetails_keyId' - The globally unique identifier for the KMS key.
+--
+-- 'keyManager', 'awsKmsKeyDetails_keyManager' - The manager of the KMS key. KMS keys in your Amazon Web Services account
+-- are either customer managed or Amazon Web Services managed.
+--
+-- 'keyRotationStatus', 'awsKmsKeyDetails_keyRotationStatus' - Whether the key has key rotation enabled.
+--
+-- 'keyState', 'awsKmsKeyDetails_keyState' - The state of the KMS key. Valid values are as follows:
+--
+-- -   @Disabled@
+--
+-- -   @Enabled@
+--
+-- -   @PendingDeletion@
+--
+-- -   @PendingImport@
+--
+-- -   @Unavailable@
+--
+-- 'origin', 'awsKmsKeyDetails_origin' - The source of the KMS key material.
+--
+-- When this value is @AWS_KMS@, KMS created the key material.
+--
+-- When this value is @EXTERNAL@, the key material was imported from your
+-- existing key management infrastructure or the KMS key lacks key
+-- material.
+--
+-- When this value is @AWS_CLOUDHSM@, the key material was created in the
+-- CloudHSM cluster associated with a custom key store.
+newAwsKmsKeyDetails ::
+  AwsKmsKeyDetails
+newAwsKmsKeyDetails =
+  AwsKmsKeyDetails'
+    { aWSAccountId = Prelude.Nothing,
+      creationDate = Prelude.Nothing,
+      description = Prelude.Nothing,
+      keyId = Prelude.Nothing,
+      keyManager = Prelude.Nothing,
+      keyRotationStatus = Prelude.Nothing,
+      keyState = Prelude.Nothing,
+      origin = Prelude.Nothing
+    }
+
+-- | The twelve-digit account ID of the Amazon Web Services account that owns
+-- the KMS key.
+awsKmsKeyDetails_aWSAccountId :: Lens.Lens' AwsKmsKeyDetails (Prelude.Maybe Prelude.Text)
+awsKmsKeyDetails_aWSAccountId = Lens.lens (\AwsKmsKeyDetails' {aWSAccountId} -> aWSAccountId) (\s@AwsKmsKeyDetails' {} a -> s {aWSAccountId = a} :: AwsKmsKeyDetails)
+
+-- | Indicates when the KMS key was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsKmsKeyDetails_creationDate :: Lens.Lens' AwsKmsKeyDetails (Prelude.Maybe Prelude.Double)
+awsKmsKeyDetails_creationDate = Lens.lens (\AwsKmsKeyDetails' {creationDate} -> creationDate) (\s@AwsKmsKeyDetails' {} a -> s {creationDate = a} :: AwsKmsKeyDetails)
+
+-- | A description of the KMS key.
+awsKmsKeyDetails_description :: Lens.Lens' AwsKmsKeyDetails (Prelude.Maybe Prelude.Text)
+awsKmsKeyDetails_description = Lens.lens (\AwsKmsKeyDetails' {description} -> description) (\s@AwsKmsKeyDetails' {} a -> s {description = a} :: AwsKmsKeyDetails)
+
+-- | The globally unique identifier for the KMS key.
+awsKmsKeyDetails_keyId :: Lens.Lens' AwsKmsKeyDetails (Prelude.Maybe Prelude.Text)
+awsKmsKeyDetails_keyId = Lens.lens (\AwsKmsKeyDetails' {keyId} -> keyId) (\s@AwsKmsKeyDetails' {} a -> s {keyId = a} :: AwsKmsKeyDetails)
+
+-- | The manager of the KMS key. KMS keys in your Amazon Web Services account
+-- are either customer managed or Amazon Web Services managed.
+awsKmsKeyDetails_keyManager :: Lens.Lens' AwsKmsKeyDetails (Prelude.Maybe Prelude.Text)
+awsKmsKeyDetails_keyManager = Lens.lens (\AwsKmsKeyDetails' {keyManager} -> keyManager) (\s@AwsKmsKeyDetails' {} a -> s {keyManager = a} :: AwsKmsKeyDetails)
+
+-- | Whether the key has key rotation enabled.
+awsKmsKeyDetails_keyRotationStatus :: Lens.Lens' AwsKmsKeyDetails (Prelude.Maybe Prelude.Bool)
+awsKmsKeyDetails_keyRotationStatus = Lens.lens (\AwsKmsKeyDetails' {keyRotationStatus} -> keyRotationStatus) (\s@AwsKmsKeyDetails' {} a -> s {keyRotationStatus = a} :: AwsKmsKeyDetails)
+
+-- | The state of the KMS key. Valid values are as follows:
+--
+-- -   @Disabled@
+--
+-- -   @Enabled@
+--
+-- -   @PendingDeletion@
+--
+-- -   @PendingImport@
+--
+-- -   @Unavailable@
+awsKmsKeyDetails_keyState :: Lens.Lens' AwsKmsKeyDetails (Prelude.Maybe Prelude.Text)
+awsKmsKeyDetails_keyState = Lens.lens (\AwsKmsKeyDetails' {keyState} -> keyState) (\s@AwsKmsKeyDetails' {} a -> s {keyState = a} :: AwsKmsKeyDetails)
+
+-- | The source of the KMS key material.
+--
+-- When this value is @AWS_KMS@, KMS created the key material.
+--
+-- When this value is @EXTERNAL@, the key material was imported from your
+-- existing key management infrastructure or the KMS key lacks key
+-- material.
+--
+-- When this value is @AWS_CLOUDHSM@, the key material was created in the
+-- CloudHSM cluster associated with a custom key store.
+awsKmsKeyDetails_origin :: Lens.Lens' AwsKmsKeyDetails (Prelude.Maybe Prelude.Text)
+awsKmsKeyDetails_origin = Lens.lens (\AwsKmsKeyDetails' {origin} -> origin) (\s@AwsKmsKeyDetails' {} a -> s {origin = a} :: AwsKmsKeyDetails)
+
+instance Data.FromJSON AwsKmsKeyDetails where
+  parseJSON =
+    Data.withObject
+      "AwsKmsKeyDetails"
+      ( \x ->
+          AwsKmsKeyDetails'
+            Prelude.<$> (x Data..:? "AWSAccountId")
+            Prelude.<*> (x Data..:? "CreationDate")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "KeyId")
+            Prelude.<*> (x Data..:? "KeyManager")
+            Prelude.<*> (x Data..:? "KeyRotationStatus")
+            Prelude.<*> (x Data..:? "KeyState")
+            Prelude.<*> (x Data..:? "Origin")
+      )
+
+instance Prelude.Hashable AwsKmsKeyDetails where
+  hashWithSalt _salt AwsKmsKeyDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` aWSAccountId
+      `Prelude.hashWithSalt` creationDate
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` keyId
+      `Prelude.hashWithSalt` keyManager
+      `Prelude.hashWithSalt` keyRotationStatus
+      `Prelude.hashWithSalt` keyState
+      `Prelude.hashWithSalt` origin
+
+instance Prelude.NFData AwsKmsKeyDetails where
+  rnf AwsKmsKeyDetails' {..} =
+    Prelude.rnf aWSAccountId
+      `Prelude.seq` Prelude.rnf creationDate
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf keyId
+      `Prelude.seq` Prelude.rnf keyManager
+      `Prelude.seq` Prelude.rnf keyRotationStatus
+      `Prelude.seq` Prelude.rnf keyState
+      `Prelude.seq` Prelude.rnf origin
+
+instance Data.ToJSON AwsKmsKeyDetails where
+  toJSON AwsKmsKeyDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AWSAccountId" Data..=) Prelude.<$> aWSAccountId,
+            ("CreationDate" Data..=) Prelude.<$> creationDate,
+            ("Description" Data..=) Prelude.<$> description,
+            ("KeyId" Data..=) Prelude.<$> keyId,
+            ("KeyManager" Data..=) Prelude.<$> keyManager,
+            ("KeyRotationStatus" Data..=)
+              Prelude.<$> keyRotationStatus,
+            ("KeyState" Data..=) Prelude.<$> keyState,
+            ("Origin" Data..=) Prelude.<$> origin
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionCode.hs b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionCode.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionCode.hs
@@ -0,0 +1,133 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsLambdaFunctionCode
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsLambdaFunctionCode where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The code for the Lambda function. You can specify either an object in
+-- Amazon S3, or upload a deployment package directly.
+--
+-- /See:/ 'newAwsLambdaFunctionCode' smart constructor.
+data AwsLambdaFunctionCode = AwsLambdaFunctionCode'
+  { -- | An Amazon S3 bucket in the same Amazon Web Services Region as your
+    -- function. The bucket can be in a different Amazon Web Services account.
+    s3Bucket :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon S3 key of the deployment package.
+    s3Key :: Prelude.Maybe Prelude.Text,
+    -- | For versioned objects, the version of the deployment package object to
+    -- use.
+    s3ObjectVersion :: Prelude.Maybe Prelude.Text,
+    -- | The base64-encoded contents of the deployment package. Amazon Web
+    -- Services SDK and Amazon Web Services CLI clients handle the encoding for
+    -- you.
+    zipFile :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsLambdaFunctionCode' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 's3Bucket', 'awsLambdaFunctionCode_s3Bucket' - An Amazon S3 bucket in the same Amazon Web Services Region as your
+-- function. The bucket can be in a different Amazon Web Services account.
+--
+-- 's3Key', 'awsLambdaFunctionCode_s3Key' - The Amazon S3 key of the deployment package.
+--
+-- 's3ObjectVersion', 'awsLambdaFunctionCode_s3ObjectVersion' - For versioned objects, the version of the deployment package object to
+-- use.
+--
+-- 'zipFile', 'awsLambdaFunctionCode_zipFile' - The base64-encoded contents of the deployment package. Amazon Web
+-- Services SDK and Amazon Web Services CLI clients handle the encoding for
+-- you.
+newAwsLambdaFunctionCode ::
+  AwsLambdaFunctionCode
+newAwsLambdaFunctionCode =
+  AwsLambdaFunctionCode'
+    { s3Bucket = Prelude.Nothing,
+      s3Key = Prelude.Nothing,
+      s3ObjectVersion = Prelude.Nothing,
+      zipFile = Prelude.Nothing
+    }
+
+-- | An Amazon S3 bucket in the same Amazon Web Services Region as your
+-- function. The bucket can be in a different Amazon Web Services account.
+awsLambdaFunctionCode_s3Bucket :: Lens.Lens' AwsLambdaFunctionCode (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionCode_s3Bucket = Lens.lens (\AwsLambdaFunctionCode' {s3Bucket} -> s3Bucket) (\s@AwsLambdaFunctionCode' {} a -> s {s3Bucket = a} :: AwsLambdaFunctionCode)
+
+-- | The Amazon S3 key of the deployment package.
+awsLambdaFunctionCode_s3Key :: Lens.Lens' AwsLambdaFunctionCode (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionCode_s3Key = Lens.lens (\AwsLambdaFunctionCode' {s3Key} -> s3Key) (\s@AwsLambdaFunctionCode' {} a -> s {s3Key = a} :: AwsLambdaFunctionCode)
+
+-- | For versioned objects, the version of the deployment package object to
+-- use.
+awsLambdaFunctionCode_s3ObjectVersion :: Lens.Lens' AwsLambdaFunctionCode (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionCode_s3ObjectVersion = Lens.lens (\AwsLambdaFunctionCode' {s3ObjectVersion} -> s3ObjectVersion) (\s@AwsLambdaFunctionCode' {} a -> s {s3ObjectVersion = a} :: AwsLambdaFunctionCode)
+
+-- | The base64-encoded contents of the deployment package. Amazon Web
+-- Services SDK and Amazon Web Services CLI clients handle the encoding for
+-- you.
+awsLambdaFunctionCode_zipFile :: Lens.Lens' AwsLambdaFunctionCode (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionCode_zipFile = Lens.lens (\AwsLambdaFunctionCode' {zipFile} -> zipFile) (\s@AwsLambdaFunctionCode' {} a -> s {zipFile = a} :: AwsLambdaFunctionCode)
+
+instance Data.FromJSON AwsLambdaFunctionCode where
+  parseJSON =
+    Data.withObject
+      "AwsLambdaFunctionCode"
+      ( \x ->
+          AwsLambdaFunctionCode'
+            Prelude.<$> (x Data..:? "S3Bucket")
+            Prelude.<*> (x Data..:? "S3Key")
+            Prelude.<*> (x Data..:? "S3ObjectVersion")
+            Prelude.<*> (x Data..:? "ZipFile")
+      )
+
+instance Prelude.Hashable AwsLambdaFunctionCode where
+  hashWithSalt _salt AwsLambdaFunctionCode' {..} =
+    _salt
+      `Prelude.hashWithSalt` s3Bucket
+      `Prelude.hashWithSalt` s3Key
+      `Prelude.hashWithSalt` s3ObjectVersion
+      `Prelude.hashWithSalt` zipFile
+
+instance Prelude.NFData AwsLambdaFunctionCode where
+  rnf AwsLambdaFunctionCode' {..} =
+    Prelude.rnf s3Bucket
+      `Prelude.seq` Prelude.rnf s3Key
+      `Prelude.seq` Prelude.rnf s3ObjectVersion
+      `Prelude.seq` Prelude.rnf zipFile
+
+instance Data.ToJSON AwsLambdaFunctionCode where
+  toJSON AwsLambdaFunctionCode' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("S3Bucket" Data..=) Prelude.<$> s3Bucket,
+            ("S3Key" Data..=) Prelude.<$> s3Key,
+            ("S3ObjectVersion" Data..=)
+              Prelude.<$> s3ObjectVersion,
+            ("ZipFile" Data..=) Prelude.<$> zipFile
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionDeadLetterConfig.hs b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionDeadLetterConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionDeadLetterConfig.hs
@@ -0,0 +1,93 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsLambdaFunctionDeadLetterConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsLambdaFunctionDeadLetterConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The dead-letter queue for failed asynchronous invocations.
+--
+-- /See:/ 'newAwsLambdaFunctionDeadLetterConfig' smart constructor.
+data AwsLambdaFunctionDeadLetterConfig = AwsLambdaFunctionDeadLetterConfig'
+  { -- | The ARN of an SQS queue or SNS topic.
+    targetArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsLambdaFunctionDeadLetterConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'targetArn', 'awsLambdaFunctionDeadLetterConfig_targetArn' - The ARN of an SQS queue or SNS topic.
+newAwsLambdaFunctionDeadLetterConfig ::
+  AwsLambdaFunctionDeadLetterConfig
+newAwsLambdaFunctionDeadLetterConfig =
+  AwsLambdaFunctionDeadLetterConfig'
+    { targetArn =
+        Prelude.Nothing
+    }
+
+-- | The ARN of an SQS queue or SNS topic.
+awsLambdaFunctionDeadLetterConfig_targetArn :: Lens.Lens' AwsLambdaFunctionDeadLetterConfig (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionDeadLetterConfig_targetArn = Lens.lens (\AwsLambdaFunctionDeadLetterConfig' {targetArn} -> targetArn) (\s@AwsLambdaFunctionDeadLetterConfig' {} a -> s {targetArn = a} :: AwsLambdaFunctionDeadLetterConfig)
+
+instance
+  Data.FromJSON
+    AwsLambdaFunctionDeadLetterConfig
+  where
+  parseJSON =
+    Data.withObject
+      "AwsLambdaFunctionDeadLetterConfig"
+      ( \x ->
+          AwsLambdaFunctionDeadLetterConfig'
+            Prelude.<$> (x Data..:? "TargetArn")
+      )
+
+instance
+  Prelude.Hashable
+    AwsLambdaFunctionDeadLetterConfig
+  where
+  hashWithSalt
+    _salt
+    AwsLambdaFunctionDeadLetterConfig' {..} =
+      _salt `Prelude.hashWithSalt` targetArn
+
+instance
+  Prelude.NFData
+    AwsLambdaFunctionDeadLetterConfig
+  where
+  rnf AwsLambdaFunctionDeadLetterConfig' {..} =
+    Prelude.rnf targetArn
+
+instance
+  Data.ToJSON
+    AwsLambdaFunctionDeadLetterConfig
+  where
+  toJSON AwsLambdaFunctionDeadLetterConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("TargetArn" Data..=) Prelude.<$> targetArn]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionDetails.hs
@@ -0,0 +1,368 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsLambdaFunctionDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsLambdaFunctionDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionCode
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionDeadLetterConfig
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionEnvironment
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionLayer
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionTracingConfig
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionVpcConfig
+
+-- | Details about an Lambda function\'s configuration.
+--
+-- /See:/ 'newAwsLambdaFunctionDetails' smart constructor.
+data AwsLambdaFunctionDetails = AwsLambdaFunctionDetails'
+  { -- | The instruction set architecture that the function uses. Valid values
+    -- are @x86_64@ or @arm64@.
+    architectures :: Prelude.Maybe [Prelude.Text],
+    -- | An @AwsLambdaFunctionCode@ object.
+    code :: Prelude.Maybe AwsLambdaFunctionCode,
+    -- | The SHA256 hash of the function\'s deployment package.
+    codeSha256 :: Prelude.Maybe Prelude.Text,
+    -- | The function\'s dead letter queue.
+    deadLetterConfig :: Prelude.Maybe AwsLambdaFunctionDeadLetterConfig,
+    -- | The function\'s environment variables.
+    environment :: Prelude.Maybe AwsLambdaFunctionEnvironment,
+    -- | The name of the function.
+    functionName :: Prelude.Maybe Prelude.Text,
+    -- | The function that Lambda calls to begin executing your function.
+    handler :: Prelude.Maybe Prelude.Text,
+    -- | The KMS key that is used to encrypt the function\'s environment
+    -- variables. This key is only returned if you\'ve configured a customer
+    -- managed customer managed key.
+    kmsKeyArn :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the function was last updated.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    lastModified :: Prelude.Maybe Prelude.Text,
+    -- | The function\'s layers.
+    layers :: Prelude.Maybe [AwsLambdaFunctionLayer],
+    -- | For Lambda\@Edge functions, the ARN of the master function.
+    masterArn :: Prelude.Maybe Prelude.Text,
+    -- | The memory that is allocated to the function.
+    memorySize :: Prelude.Maybe Prelude.Int,
+    -- | The type of deployment package that\'s used to deploy the function code
+    -- to Lambda. Set to @Image@ for a container image and @Zip@ for a .zip
+    -- file archive.
+    packageType :: Prelude.Maybe Prelude.Text,
+    -- | The latest updated revision of the function or alias.
+    revisionId :: Prelude.Maybe Prelude.Text,
+    -- | The function\'s execution role.
+    role' :: Prelude.Maybe Prelude.Text,
+    -- | The runtime environment for the Lambda function.
+    runtime :: Prelude.Maybe Prelude.Text,
+    -- | The amount of time that Lambda allows a function to run before stopping
+    -- it.
+    timeout :: Prelude.Maybe Prelude.Int,
+    -- | The function\'s X-Ray tracing configuration.
+    tracingConfig :: Prelude.Maybe AwsLambdaFunctionTracingConfig,
+    -- | The version of the Lambda function.
+    version :: Prelude.Maybe Prelude.Text,
+    -- | The function\'s networking configuration.
+    vpcConfig :: Prelude.Maybe AwsLambdaFunctionVpcConfig
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsLambdaFunctionDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'architectures', 'awsLambdaFunctionDetails_architectures' - The instruction set architecture that the function uses. Valid values
+-- are @x86_64@ or @arm64@.
+--
+-- 'code', 'awsLambdaFunctionDetails_code' - An @AwsLambdaFunctionCode@ object.
+--
+-- 'codeSha256', 'awsLambdaFunctionDetails_codeSha256' - The SHA256 hash of the function\'s deployment package.
+--
+-- 'deadLetterConfig', 'awsLambdaFunctionDetails_deadLetterConfig' - The function\'s dead letter queue.
+--
+-- 'environment', 'awsLambdaFunctionDetails_environment' - The function\'s environment variables.
+--
+-- 'functionName', 'awsLambdaFunctionDetails_functionName' - The name of the function.
+--
+-- 'handler', 'awsLambdaFunctionDetails_handler' - The function that Lambda calls to begin executing your function.
+--
+-- 'kmsKeyArn', 'awsLambdaFunctionDetails_kmsKeyArn' - The KMS key that is used to encrypt the function\'s environment
+-- variables. This key is only returned if you\'ve configured a customer
+-- managed customer managed key.
+--
+-- 'lastModified', 'awsLambdaFunctionDetails_lastModified' - Indicates when the function was last updated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'layers', 'awsLambdaFunctionDetails_layers' - The function\'s layers.
+--
+-- 'masterArn', 'awsLambdaFunctionDetails_masterArn' - For Lambda\@Edge functions, the ARN of the master function.
+--
+-- 'memorySize', 'awsLambdaFunctionDetails_memorySize' - The memory that is allocated to the function.
+--
+-- 'packageType', 'awsLambdaFunctionDetails_packageType' - The type of deployment package that\'s used to deploy the function code
+-- to Lambda. Set to @Image@ for a container image and @Zip@ for a .zip
+-- file archive.
+--
+-- 'revisionId', 'awsLambdaFunctionDetails_revisionId' - The latest updated revision of the function or alias.
+--
+-- 'role'', 'awsLambdaFunctionDetails_role' - The function\'s execution role.
+--
+-- 'runtime', 'awsLambdaFunctionDetails_runtime' - The runtime environment for the Lambda function.
+--
+-- 'timeout', 'awsLambdaFunctionDetails_timeout' - The amount of time that Lambda allows a function to run before stopping
+-- it.
+--
+-- 'tracingConfig', 'awsLambdaFunctionDetails_tracingConfig' - The function\'s X-Ray tracing configuration.
+--
+-- 'version', 'awsLambdaFunctionDetails_version' - The version of the Lambda function.
+--
+-- 'vpcConfig', 'awsLambdaFunctionDetails_vpcConfig' - The function\'s networking configuration.
+newAwsLambdaFunctionDetails ::
+  AwsLambdaFunctionDetails
+newAwsLambdaFunctionDetails =
+  AwsLambdaFunctionDetails'
+    { architectures =
+        Prelude.Nothing,
+      code = Prelude.Nothing,
+      codeSha256 = Prelude.Nothing,
+      deadLetterConfig = Prelude.Nothing,
+      environment = Prelude.Nothing,
+      functionName = Prelude.Nothing,
+      handler = Prelude.Nothing,
+      kmsKeyArn = Prelude.Nothing,
+      lastModified = Prelude.Nothing,
+      layers = Prelude.Nothing,
+      masterArn = Prelude.Nothing,
+      memorySize = Prelude.Nothing,
+      packageType = Prelude.Nothing,
+      revisionId = Prelude.Nothing,
+      role' = Prelude.Nothing,
+      runtime = Prelude.Nothing,
+      timeout = Prelude.Nothing,
+      tracingConfig = Prelude.Nothing,
+      version = Prelude.Nothing,
+      vpcConfig = Prelude.Nothing
+    }
+
+-- | The instruction set architecture that the function uses. Valid values
+-- are @x86_64@ or @arm64@.
+awsLambdaFunctionDetails_architectures :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe [Prelude.Text])
+awsLambdaFunctionDetails_architectures = Lens.lens (\AwsLambdaFunctionDetails' {architectures} -> architectures) (\s@AwsLambdaFunctionDetails' {} a -> s {architectures = a} :: AwsLambdaFunctionDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | An @AwsLambdaFunctionCode@ object.
+awsLambdaFunctionDetails_code :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe AwsLambdaFunctionCode)
+awsLambdaFunctionDetails_code = Lens.lens (\AwsLambdaFunctionDetails' {code} -> code) (\s@AwsLambdaFunctionDetails' {} a -> s {code = a} :: AwsLambdaFunctionDetails)
+
+-- | The SHA256 hash of the function\'s deployment package.
+awsLambdaFunctionDetails_codeSha256 :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionDetails_codeSha256 = Lens.lens (\AwsLambdaFunctionDetails' {codeSha256} -> codeSha256) (\s@AwsLambdaFunctionDetails' {} a -> s {codeSha256 = a} :: AwsLambdaFunctionDetails)
+
+-- | The function\'s dead letter queue.
+awsLambdaFunctionDetails_deadLetterConfig :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe AwsLambdaFunctionDeadLetterConfig)
+awsLambdaFunctionDetails_deadLetterConfig = Lens.lens (\AwsLambdaFunctionDetails' {deadLetterConfig} -> deadLetterConfig) (\s@AwsLambdaFunctionDetails' {} a -> s {deadLetterConfig = a} :: AwsLambdaFunctionDetails)
+
+-- | The function\'s environment variables.
+awsLambdaFunctionDetails_environment :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe AwsLambdaFunctionEnvironment)
+awsLambdaFunctionDetails_environment = Lens.lens (\AwsLambdaFunctionDetails' {environment} -> environment) (\s@AwsLambdaFunctionDetails' {} a -> s {environment = a} :: AwsLambdaFunctionDetails)
+
+-- | The name of the function.
+awsLambdaFunctionDetails_functionName :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionDetails_functionName = Lens.lens (\AwsLambdaFunctionDetails' {functionName} -> functionName) (\s@AwsLambdaFunctionDetails' {} a -> s {functionName = a} :: AwsLambdaFunctionDetails)
+
+-- | The function that Lambda calls to begin executing your function.
+awsLambdaFunctionDetails_handler :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionDetails_handler = Lens.lens (\AwsLambdaFunctionDetails' {handler} -> handler) (\s@AwsLambdaFunctionDetails' {} a -> s {handler = a} :: AwsLambdaFunctionDetails)
+
+-- | The KMS key that is used to encrypt the function\'s environment
+-- variables. This key is only returned if you\'ve configured a customer
+-- managed customer managed key.
+awsLambdaFunctionDetails_kmsKeyArn :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionDetails_kmsKeyArn = Lens.lens (\AwsLambdaFunctionDetails' {kmsKeyArn} -> kmsKeyArn) (\s@AwsLambdaFunctionDetails' {} a -> s {kmsKeyArn = a} :: AwsLambdaFunctionDetails)
+
+-- | Indicates when the function was last updated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsLambdaFunctionDetails_lastModified :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionDetails_lastModified = Lens.lens (\AwsLambdaFunctionDetails' {lastModified} -> lastModified) (\s@AwsLambdaFunctionDetails' {} a -> s {lastModified = a} :: AwsLambdaFunctionDetails)
+
+-- | The function\'s layers.
+awsLambdaFunctionDetails_layers :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe [AwsLambdaFunctionLayer])
+awsLambdaFunctionDetails_layers = Lens.lens (\AwsLambdaFunctionDetails' {layers} -> layers) (\s@AwsLambdaFunctionDetails' {} a -> s {layers = a} :: AwsLambdaFunctionDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | For Lambda\@Edge functions, the ARN of the master function.
+awsLambdaFunctionDetails_masterArn :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionDetails_masterArn = Lens.lens (\AwsLambdaFunctionDetails' {masterArn} -> masterArn) (\s@AwsLambdaFunctionDetails' {} a -> s {masterArn = a} :: AwsLambdaFunctionDetails)
+
+-- | The memory that is allocated to the function.
+awsLambdaFunctionDetails_memorySize :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe Prelude.Int)
+awsLambdaFunctionDetails_memorySize = Lens.lens (\AwsLambdaFunctionDetails' {memorySize} -> memorySize) (\s@AwsLambdaFunctionDetails' {} a -> s {memorySize = a} :: AwsLambdaFunctionDetails)
+
+-- | The type of deployment package that\'s used to deploy the function code
+-- to Lambda. Set to @Image@ for a container image and @Zip@ for a .zip
+-- file archive.
+awsLambdaFunctionDetails_packageType :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionDetails_packageType = Lens.lens (\AwsLambdaFunctionDetails' {packageType} -> packageType) (\s@AwsLambdaFunctionDetails' {} a -> s {packageType = a} :: AwsLambdaFunctionDetails)
+
+-- | The latest updated revision of the function or alias.
+awsLambdaFunctionDetails_revisionId :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionDetails_revisionId = Lens.lens (\AwsLambdaFunctionDetails' {revisionId} -> revisionId) (\s@AwsLambdaFunctionDetails' {} a -> s {revisionId = a} :: AwsLambdaFunctionDetails)
+
+-- | The function\'s execution role.
+awsLambdaFunctionDetails_role :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionDetails_role = Lens.lens (\AwsLambdaFunctionDetails' {role'} -> role') (\s@AwsLambdaFunctionDetails' {} a -> s {role' = a} :: AwsLambdaFunctionDetails)
+
+-- | The runtime environment for the Lambda function.
+awsLambdaFunctionDetails_runtime :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionDetails_runtime = Lens.lens (\AwsLambdaFunctionDetails' {runtime} -> runtime) (\s@AwsLambdaFunctionDetails' {} a -> s {runtime = a} :: AwsLambdaFunctionDetails)
+
+-- | The amount of time that Lambda allows a function to run before stopping
+-- it.
+awsLambdaFunctionDetails_timeout :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe Prelude.Int)
+awsLambdaFunctionDetails_timeout = Lens.lens (\AwsLambdaFunctionDetails' {timeout} -> timeout) (\s@AwsLambdaFunctionDetails' {} a -> s {timeout = a} :: AwsLambdaFunctionDetails)
+
+-- | The function\'s X-Ray tracing configuration.
+awsLambdaFunctionDetails_tracingConfig :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe AwsLambdaFunctionTracingConfig)
+awsLambdaFunctionDetails_tracingConfig = Lens.lens (\AwsLambdaFunctionDetails' {tracingConfig} -> tracingConfig) (\s@AwsLambdaFunctionDetails' {} a -> s {tracingConfig = a} :: AwsLambdaFunctionDetails)
+
+-- | The version of the Lambda function.
+awsLambdaFunctionDetails_version :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionDetails_version = Lens.lens (\AwsLambdaFunctionDetails' {version} -> version) (\s@AwsLambdaFunctionDetails' {} a -> s {version = a} :: AwsLambdaFunctionDetails)
+
+-- | The function\'s networking configuration.
+awsLambdaFunctionDetails_vpcConfig :: Lens.Lens' AwsLambdaFunctionDetails (Prelude.Maybe AwsLambdaFunctionVpcConfig)
+awsLambdaFunctionDetails_vpcConfig = Lens.lens (\AwsLambdaFunctionDetails' {vpcConfig} -> vpcConfig) (\s@AwsLambdaFunctionDetails' {} a -> s {vpcConfig = a} :: AwsLambdaFunctionDetails)
+
+instance Data.FromJSON AwsLambdaFunctionDetails where
+  parseJSON =
+    Data.withObject
+      "AwsLambdaFunctionDetails"
+      ( \x ->
+          AwsLambdaFunctionDetails'
+            Prelude.<$> (x Data..:? "Architectures" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Code")
+            Prelude.<*> (x Data..:? "CodeSha256")
+            Prelude.<*> (x Data..:? "DeadLetterConfig")
+            Prelude.<*> (x Data..:? "Environment")
+            Prelude.<*> (x Data..:? "FunctionName")
+            Prelude.<*> (x Data..:? "Handler")
+            Prelude.<*> (x Data..:? "KmsKeyArn")
+            Prelude.<*> (x Data..:? "LastModified")
+            Prelude.<*> (x Data..:? "Layers" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "MasterArn")
+            Prelude.<*> (x Data..:? "MemorySize")
+            Prelude.<*> (x Data..:? "PackageType")
+            Prelude.<*> (x Data..:? "RevisionId")
+            Prelude.<*> (x Data..:? "Role")
+            Prelude.<*> (x Data..:? "Runtime")
+            Prelude.<*> (x Data..:? "Timeout")
+            Prelude.<*> (x Data..:? "TracingConfig")
+            Prelude.<*> (x Data..:? "Version")
+            Prelude.<*> (x Data..:? "VpcConfig")
+      )
+
+instance Prelude.Hashable AwsLambdaFunctionDetails where
+  hashWithSalt _salt AwsLambdaFunctionDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` architectures
+      `Prelude.hashWithSalt` code
+      `Prelude.hashWithSalt` codeSha256
+      `Prelude.hashWithSalt` deadLetterConfig
+      `Prelude.hashWithSalt` environment
+      `Prelude.hashWithSalt` functionName
+      `Prelude.hashWithSalt` handler
+      `Prelude.hashWithSalt` kmsKeyArn
+      `Prelude.hashWithSalt` lastModified
+      `Prelude.hashWithSalt` layers
+      `Prelude.hashWithSalt` masterArn
+      `Prelude.hashWithSalt` memorySize
+      `Prelude.hashWithSalt` packageType
+      `Prelude.hashWithSalt` revisionId
+      `Prelude.hashWithSalt` role'
+      `Prelude.hashWithSalt` runtime
+      `Prelude.hashWithSalt` timeout
+      `Prelude.hashWithSalt` tracingConfig
+      `Prelude.hashWithSalt` version
+      `Prelude.hashWithSalt` vpcConfig
+
+instance Prelude.NFData AwsLambdaFunctionDetails where
+  rnf AwsLambdaFunctionDetails' {..} =
+    Prelude.rnf architectures
+      `Prelude.seq` Prelude.rnf code
+      `Prelude.seq` Prelude.rnf codeSha256
+      `Prelude.seq` Prelude.rnf deadLetterConfig
+      `Prelude.seq` Prelude.rnf environment
+      `Prelude.seq` Prelude.rnf functionName
+      `Prelude.seq` Prelude.rnf handler
+      `Prelude.seq` Prelude.rnf kmsKeyArn
+      `Prelude.seq` Prelude.rnf lastModified
+      `Prelude.seq` Prelude.rnf layers
+      `Prelude.seq` Prelude.rnf masterArn
+      `Prelude.seq` Prelude.rnf memorySize
+      `Prelude.seq` Prelude.rnf packageType
+      `Prelude.seq` Prelude.rnf revisionId
+      `Prelude.seq` Prelude.rnf role'
+      `Prelude.seq` Prelude.rnf runtime
+      `Prelude.seq` Prelude.rnf timeout
+      `Prelude.seq` Prelude.rnf tracingConfig
+      `Prelude.seq` Prelude.rnf version
+      `Prelude.seq` Prelude.rnf vpcConfig
+
+instance Data.ToJSON AwsLambdaFunctionDetails where
+  toJSON AwsLambdaFunctionDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Architectures" Data..=) Prelude.<$> architectures,
+            ("Code" Data..=) Prelude.<$> code,
+            ("CodeSha256" Data..=) Prelude.<$> codeSha256,
+            ("DeadLetterConfig" Data..=)
+              Prelude.<$> deadLetterConfig,
+            ("Environment" Data..=) Prelude.<$> environment,
+            ("FunctionName" Data..=) Prelude.<$> functionName,
+            ("Handler" Data..=) Prelude.<$> handler,
+            ("KmsKeyArn" Data..=) Prelude.<$> kmsKeyArn,
+            ("LastModified" Data..=) Prelude.<$> lastModified,
+            ("Layers" Data..=) Prelude.<$> layers,
+            ("MasterArn" Data..=) Prelude.<$> masterArn,
+            ("MemorySize" Data..=) Prelude.<$> memorySize,
+            ("PackageType" Data..=) Prelude.<$> packageType,
+            ("RevisionId" Data..=) Prelude.<$> revisionId,
+            ("Role" Data..=) Prelude.<$> role',
+            ("Runtime" Data..=) Prelude.<$> runtime,
+            ("Timeout" Data..=) Prelude.<$> timeout,
+            ("TracingConfig" Data..=) Prelude.<$> tracingConfig,
+            ("Version" Data..=) Prelude.<$> version,
+            ("VpcConfig" Data..=) Prelude.<$> vpcConfig
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionEnvironment.hs b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionEnvironment.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionEnvironment.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsLambdaFunctionEnvironment
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsLambdaFunctionEnvironment where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionEnvironmentError
+
+-- | A function\'s environment variable settings.
+--
+-- /See:/ 'newAwsLambdaFunctionEnvironment' smart constructor.
+data AwsLambdaFunctionEnvironment = AwsLambdaFunctionEnvironment'
+  { -- | An @AwsLambdaFunctionEnvironmentError@ object.
+    error :: Prelude.Maybe AwsLambdaFunctionEnvironmentError,
+    -- | Environment variable key-value pairs.
+    variables :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsLambdaFunctionEnvironment' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'error', 'awsLambdaFunctionEnvironment_error' - An @AwsLambdaFunctionEnvironmentError@ object.
+--
+-- 'variables', 'awsLambdaFunctionEnvironment_variables' - Environment variable key-value pairs.
+newAwsLambdaFunctionEnvironment ::
+  AwsLambdaFunctionEnvironment
+newAwsLambdaFunctionEnvironment =
+  AwsLambdaFunctionEnvironment'
+    { error =
+        Prelude.Nothing,
+      variables = Prelude.Nothing
+    }
+
+-- | An @AwsLambdaFunctionEnvironmentError@ object.
+awsLambdaFunctionEnvironment_error :: Lens.Lens' AwsLambdaFunctionEnvironment (Prelude.Maybe AwsLambdaFunctionEnvironmentError)
+awsLambdaFunctionEnvironment_error = Lens.lens (\AwsLambdaFunctionEnvironment' {error} -> error) (\s@AwsLambdaFunctionEnvironment' {} a -> s {error = a} :: AwsLambdaFunctionEnvironment)
+
+-- | Environment variable key-value pairs.
+awsLambdaFunctionEnvironment_variables :: Lens.Lens' AwsLambdaFunctionEnvironment (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsLambdaFunctionEnvironment_variables = Lens.lens (\AwsLambdaFunctionEnvironment' {variables} -> variables) (\s@AwsLambdaFunctionEnvironment' {} a -> s {variables = a} :: AwsLambdaFunctionEnvironment) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsLambdaFunctionEnvironment where
+  parseJSON =
+    Data.withObject
+      "AwsLambdaFunctionEnvironment"
+      ( \x ->
+          AwsLambdaFunctionEnvironment'
+            Prelude.<$> (x Data..:? "Error")
+            Prelude.<*> (x Data..:? "Variables" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsLambdaFunctionEnvironment
+  where
+  hashWithSalt _salt AwsLambdaFunctionEnvironment' {..} =
+    _salt
+      `Prelude.hashWithSalt` error
+      `Prelude.hashWithSalt` variables
+
+instance Prelude.NFData AwsLambdaFunctionEnvironment where
+  rnf AwsLambdaFunctionEnvironment' {..} =
+    Prelude.rnf error
+      `Prelude.seq` Prelude.rnf variables
+
+instance Data.ToJSON AwsLambdaFunctionEnvironment where
+  toJSON AwsLambdaFunctionEnvironment' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Error" Data..=) Prelude.<$> error,
+            ("Variables" Data..=) Prelude.<$> variables
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionEnvironmentError.hs b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionEnvironmentError.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionEnvironmentError.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsLambdaFunctionEnvironmentError
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsLambdaFunctionEnvironmentError where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Error messages for environment variables that could not be applied.
+--
+-- /See:/ 'newAwsLambdaFunctionEnvironmentError' smart constructor.
+data AwsLambdaFunctionEnvironmentError = AwsLambdaFunctionEnvironmentError'
+  { -- | The error code.
+    errorCode :: Prelude.Maybe Prelude.Text,
+    -- | The error message.
+    message :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsLambdaFunctionEnvironmentError' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'errorCode', 'awsLambdaFunctionEnvironmentError_errorCode' - The error code.
+--
+-- 'message', 'awsLambdaFunctionEnvironmentError_message' - The error message.
+newAwsLambdaFunctionEnvironmentError ::
+  AwsLambdaFunctionEnvironmentError
+newAwsLambdaFunctionEnvironmentError =
+  AwsLambdaFunctionEnvironmentError'
+    { errorCode =
+        Prelude.Nothing,
+      message = Prelude.Nothing
+    }
+
+-- | The error code.
+awsLambdaFunctionEnvironmentError_errorCode :: Lens.Lens' AwsLambdaFunctionEnvironmentError (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionEnvironmentError_errorCode = Lens.lens (\AwsLambdaFunctionEnvironmentError' {errorCode} -> errorCode) (\s@AwsLambdaFunctionEnvironmentError' {} a -> s {errorCode = a} :: AwsLambdaFunctionEnvironmentError)
+
+-- | The error message.
+awsLambdaFunctionEnvironmentError_message :: Lens.Lens' AwsLambdaFunctionEnvironmentError (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionEnvironmentError_message = Lens.lens (\AwsLambdaFunctionEnvironmentError' {message} -> message) (\s@AwsLambdaFunctionEnvironmentError' {} a -> s {message = a} :: AwsLambdaFunctionEnvironmentError)
+
+instance
+  Data.FromJSON
+    AwsLambdaFunctionEnvironmentError
+  where
+  parseJSON =
+    Data.withObject
+      "AwsLambdaFunctionEnvironmentError"
+      ( \x ->
+          AwsLambdaFunctionEnvironmentError'
+            Prelude.<$> (x Data..:? "ErrorCode")
+            Prelude.<*> (x Data..:? "Message")
+      )
+
+instance
+  Prelude.Hashable
+    AwsLambdaFunctionEnvironmentError
+  where
+  hashWithSalt
+    _salt
+    AwsLambdaFunctionEnvironmentError' {..} =
+      _salt
+        `Prelude.hashWithSalt` errorCode
+        `Prelude.hashWithSalt` message
+
+instance
+  Prelude.NFData
+    AwsLambdaFunctionEnvironmentError
+  where
+  rnf AwsLambdaFunctionEnvironmentError' {..} =
+    Prelude.rnf errorCode
+      `Prelude.seq` Prelude.rnf message
+
+instance
+  Data.ToJSON
+    AwsLambdaFunctionEnvironmentError
+  where
+  toJSON AwsLambdaFunctionEnvironmentError' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ErrorCode" Data..=) Prelude.<$> errorCode,
+            ("Message" Data..=) Prelude.<$> message
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionLayer.hs b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionLayer.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionLayer.hs
@@ -0,0 +1,92 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsLambdaFunctionLayer
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsLambdaFunctionLayer where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An Lambda layer.
+--
+-- /See:/ 'newAwsLambdaFunctionLayer' smart constructor.
+data AwsLambdaFunctionLayer = AwsLambdaFunctionLayer'
+  { -- | The ARN of the function layer.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The size of the layer archive in bytes.
+    codeSize :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsLambdaFunctionLayer' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'awsLambdaFunctionLayer_arn' - The ARN of the function layer.
+--
+-- 'codeSize', 'awsLambdaFunctionLayer_codeSize' - The size of the layer archive in bytes.
+newAwsLambdaFunctionLayer ::
+  AwsLambdaFunctionLayer
+newAwsLambdaFunctionLayer =
+  AwsLambdaFunctionLayer'
+    { arn = Prelude.Nothing,
+      codeSize = Prelude.Nothing
+    }
+
+-- | The ARN of the function layer.
+awsLambdaFunctionLayer_arn :: Lens.Lens' AwsLambdaFunctionLayer (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionLayer_arn = Lens.lens (\AwsLambdaFunctionLayer' {arn} -> arn) (\s@AwsLambdaFunctionLayer' {} a -> s {arn = a} :: AwsLambdaFunctionLayer)
+
+-- | The size of the layer archive in bytes.
+awsLambdaFunctionLayer_codeSize :: Lens.Lens' AwsLambdaFunctionLayer (Prelude.Maybe Prelude.Int)
+awsLambdaFunctionLayer_codeSize = Lens.lens (\AwsLambdaFunctionLayer' {codeSize} -> codeSize) (\s@AwsLambdaFunctionLayer' {} a -> s {codeSize = a} :: AwsLambdaFunctionLayer)
+
+instance Data.FromJSON AwsLambdaFunctionLayer where
+  parseJSON =
+    Data.withObject
+      "AwsLambdaFunctionLayer"
+      ( \x ->
+          AwsLambdaFunctionLayer'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "CodeSize")
+      )
+
+instance Prelude.Hashable AwsLambdaFunctionLayer where
+  hashWithSalt _salt AwsLambdaFunctionLayer' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` codeSize
+
+instance Prelude.NFData AwsLambdaFunctionLayer where
+  rnf AwsLambdaFunctionLayer' {..} =
+    Prelude.rnf arn `Prelude.seq` Prelude.rnf codeSize
+
+instance Data.ToJSON AwsLambdaFunctionLayer where
+  toJSON AwsLambdaFunctionLayer' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Arn" Data..=) Prelude.<$> arn,
+            ("CodeSize" Data..=) Prelude.<$> codeSize
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionTracingConfig.hs b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionTracingConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionTracingConfig.hs
@@ -0,0 +1,87 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsLambdaFunctionTracingConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsLambdaFunctionTracingConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The function\'s X-Ray tracing configuration.
+--
+-- /See:/ 'newAwsLambdaFunctionTracingConfig' smart constructor.
+data AwsLambdaFunctionTracingConfig = AwsLambdaFunctionTracingConfig'
+  { -- | The tracing mode.
+    mode :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsLambdaFunctionTracingConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'mode', 'awsLambdaFunctionTracingConfig_mode' - The tracing mode.
+newAwsLambdaFunctionTracingConfig ::
+  AwsLambdaFunctionTracingConfig
+newAwsLambdaFunctionTracingConfig =
+  AwsLambdaFunctionTracingConfig'
+    { mode =
+        Prelude.Nothing
+    }
+
+-- | The tracing mode.
+awsLambdaFunctionTracingConfig_mode :: Lens.Lens' AwsLambdaFunctionTracingConfig (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionTracingConfig_mode = Lens.lens (\AwsLambdaFunctionTracingConfig' {mode} -> mode) (\s@AwsLambdaFunctionTracingConfig' {} a -> s {mode = a} :: AwsLambdaFunctionTracingConfig)
+
+instance Data.FromJSON AwsLambdaFunctionTracingConfig where
+  parseJSON =
+    Data.withObject
+      "AwsLambdaFunctionTracingConfig"
+      ( \x ->
+          AwsLambdaFunctionTracingConfig'
+            Prelude.<$> (x Data..:? "Mode")
+      )
+
+instance
+  Prelude.Hashable
+    AwsLambdaFunctionTracingConfig
+  where
+  hashWithSalt
+    _salt
+    AwsLambdaFunctionTracingConfig' {..} =
+      _salt `Prelude.hashWithSalt` mode
+
+instance
+  Prelude.NFData
+    AwsLambdaFunctionTracingConfig
+  where
+  rnf AwsLambdaFunctionTracingConfig' {..} =
+    Prelude.rnf mode
+
+instance Data.ToJSON AwsLambdaFunctionTracingConfig where
+  toJSON AwsLambdaFunctionTracingConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Mode" Data..=) Prelude.<$> mode]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionVpcConfig.hs b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionVpcConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsLambdaFunctionVpcConfig.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsLambdaFunctionVpcConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsLambdaFunctionVpcConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The VPC security groups and subnets that are attached to a Lambda
+-- function.
+--
+-- /See:/ 'newAwsLambdaFunctionVpcConfig' smart constructor.
+data AwsLambdaFunctionVpcConfig = AwsLambdaFunctionVpcConfig'
+  { -- | A list of VPC security groups IDs.
+    securityGroupIds :: Prelude.Maybe [Prelude.Text],
+    -- | A list of VPC subnet IDs.
+    subnetIds :: Prelude.Maybe [Prelude.Text],
+    -- | The ID of the VPC.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsLambdaFunctionVpcConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'securityGroupIds', 'awsLambdaFunctionVpcConfig_securityGroupIds' - A list of VPC security groups IDs.
+--
+-- 'subnetIds', 'awsLambdaFunctionVpcConfig_subnetIds' - A list of VPC subnet IDs.
+--
+-- 'vpcId', 'awsLambdaFunctionVpcConfig_vpcId' - The ID of the VPC.
+newAwsLambdaFunctionVpcConfig ::
+  AwsLambdaFunctionVpcConfig
+newAwsLambdaFunctionVpcConfig =
+  AwsLambdaFunctionVpcConfig'
+    { securityGroupIds =
+        Prelude.Nothing,
+      subnetIds = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | A list of VPC security groups IDs.
+awsLambdaFunctionVpcConfig_securityGroupIds :: Lens.Lens' AwsLambdaFunctionVpcConfig (Prelude.Maybe [Prelude.Text])
+awsLambdaFunctionVpcConfig_securityGroupIds = Lens.lens (\AwsLambdaFunctionVpcConfig' {securityGroupIds} -> securityGroupIds) (\s@AwsLambdaFunctionVpcConfig' {} a -> s {securityGroupIds = a} :: AwsLambdaFunctionVpcConfig) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of VPC subnet IDs.
+awsLambdaFunctionVpcConfig_subnetIds :: Lens.Lens' AwsLambdaFunctionVpcConfig (Prelude.Maybe [Prelude.Text])
+awsLambdaFunctionVpcConfig_subnetIds = Lens.lens (\AwsLambdaFunctionVpcConfig' {subnetIds} -> subnetIds) (\s@AwsLambdaFunctionVpcConfig' {} a -> s {subnetIds = a} :: AwsLambdaFunctionVpcConfig) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the VPC.
+awsLambdaFunctionVpcConfig_vpcId :: Lens.Lens' AwsLambdaFunctionVpcConfig (Prelude.Maybe Prelude.Text)
+awsLambdaFunctionVpcConfig_vpcId = Lens.lens (\AwsLambdaFunctionVpcConfig' {vpcId} -> vpcId) (\s@AwsLambdaFunctionVpcConfig' {} a -> s {vpcId = a} :: AwsLambdaFunctionVpcConfig)
+
+instance Data.FromJSON AwsLambdaFunctionVpcConfig where
+  parseJSON =
+    Data.withObject
+      "AwsLambdaFunctionVpcConfig"
+      ( \x ->
+          AwsLambdaFunctionVpcConfig'
+            Prelude.<$> ( x
+                            Data..:? "SecurityGroupIds"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "SubnetIds" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "VpcId")
+      )
+
+instance Prelude.Hashable AwsLambdaFunctionVpcConfig where
+  hashWithSalt _salt AwsLambdaFunctionVpcConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` securityGroupIds
+      `Prelude.hashWithSalt` subnetIds
+      `Prelude.hashWithSalt` vpcId
+
+instance Prelude.NFData AwsLambdaFunctionVpcConfig where
+  rnf AwsLambdaFunctionVpcConfig' {..} =
+    Prelude.rnf securityGroupIds
+      `Prelude.seq` Prelude.rnf subnetIds
+      `Prelude.seq` Prelude.rnf vpcId
+
+instance Data.ToJSON AwsLambdaFunctionVpcConfig where
+  toJSON AwsLambdaFunctionVpcConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("SecurityGroupIds" Data..=)
+              Prelude.<$> securityGroupIds,
+            ("SubnetIds" Data..=) Prelude.<$> subnetIds,
+            ("VpcId" Data..=) Prelude.<$> vpcId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsLambdaLayerVersionDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsLambdaLayerVersionDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsLambdaLayerVersionDetails.hs
@@ -0,0 +1,141 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsLambdaLayerVersionDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsLambdaLayerVersionDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about a Lambda layer version.
+--
+-- /See:/ 'newAwsLambdaLayerVersionDetails' smart constructor.
+data AwsLambdaLayerVersionDetails = AwsLambdaLayerVersionDetails'
+  { -- | The layer\'s compatible runtimes. Maximum number of five items.
+    --
+    -- Valid values: @nodejs10.x@ | @nodejs12.x@ | @java8@ | @java11@ |
+    -- @python2.7@ | @python3.6@ | @python3.7@ | @python3.8@ | @dotnetcore1.0@
+    -- | @dotnetcore2.1@ | @go1.x@ | @ruby2.5@ | @provided@
+    compatibleRuntimes :: Prelude.Maybe [Prelude.Text],
+    -- | Indicates when the version was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createdDate :: Prelude.Maybe Prelude.Text,
+    -- | The version number.
+    version :: Prelude.Maybe Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsLambdaLayerVersionDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'compatibleRuntimes', 'awsLambdaLayerVersionDetails_compatibleRuntimes' - The layer\'s compatible runtimes. Maximum number of five items.
+--
+-- Valid values: @nodejs10.x@ | @nodejs12.x@ | @java8@ | @java11@ |
+-- @python2.7@ | @python3.6@ | @python3.7@ | @python3.8@ | @dotnetcore1.0@
+-- | @dotnetcore2.1@ | @go1.x@ | @ruby2.5@ | @provided@
+--
+-- 'createdDate', 'awsLambdaLayerVersionDetails_createdDate' - Indicates when the version was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'version', 'awsLambdaLayerVersionDetails_version' - The version number.
+newAwsLambdaLayerVersionDetails ::
+  AwsLambdaLayerVersionDetails
+newAwsLambdaLayerVersionDetails =
+  AwsLambdaLayerVersionDetails'
+    { compatibleRuntimes =
+        Prelude.Nothing,
+      createdDate = Prelude.Nothing,
+      version = Prelude.Nothing
+    }
+
+-- | The layer\'s compatible runtimes. Maximum number of five items.
+--
+-- Valid values: @nodejs10.x@ | @nodejs12.x@ | @java8@ | @java11@ |
+-- @python2.7@ | @python3.6@ | @python3.7@ | @python3.8@ | @dotnetcore1.0@
+-- | @dotnetcore2.1@ | @go1.x@ | @ruby2.5@ | @provided@
+awsLambdaLayerVersionDetails_compatibleRuntimes :: Lens.Lens' AwsLambdaLayerVersionDetails (Prelude.Maybe [Prelude.Text])
+awsLambdaLayerVersionDetails_compatibleRuntimes = Lens.lens (\AwsLambdaLayerVersionDetails' {compatibleRuntimes} -> compatibleRuntimes) (\s@AwsLambdaLayerVersionDetails' {} a -> s {compatibleRuntimes = a} :: AwsLambdaLayerVersionDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates when the version was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsLambdaLayerVersionDetails_createdDate :: Lens.Lens' AwsLambdaLayerVersionDetails (Prelude.Maybe Prelude.Text)
+awsLambdaLayerVersionDetails_createdDate = Lens.lens (\AwsLambdaLayerVersionDetails' {createdDate} -> createdDate) (\s@AwsLambdaLayerVersionDetails' {} a -> s {createdDate = a} :: AwsLambdaLayerVersionDetails)
+
+-- | The version number.
+awsLambdaLayerVersionDetails_version :: Lens.Lens' AwsLambdaLayerVersionDetails (Prelude.Maybe Prelude.Integer)
+awsLambdaLayerVersionDetails_version = Lens.lens (\AwsLambdaLayerVersionDetails' {version} -> version) (\s@AwsLambdaLayerVersionDetails' {} a -> s {version = a} :: AwsLambdaLayerVersionDetails)
+
+instance Data.FromJSON AwsLambdaLayerVersionDetails where
+  parseJSON =
+    Data.withObject
+      "AwsLambdaLayerVersionDetails"
+      ( \x ->
+          AwsLambdaLayerVersionDetails'
+            Prelude.<$> ( x
+                            Data..:? "CompatibleRuntimes"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "CreatedDate")
+            Prelude.<*> (x Data..:? "Version")
+      )
+
+instance
+  Prelude.Hashable
+    AwsLambdaLayerVersionDetails
+  where
+  hashWithSalt _salt AwsLambdaLayerVersionDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` compatibleRuntimes
+      `Prelude.hashWithSalt` createdDate
+      `Prelude.hashWithSalt` version
+
+instance Prelude.NFData AwsLambdaLayerVersionDetails where
+  rnf AwsLambdaLayerVersionDetails' {..} =
+    Prelude.rnf compatibleRuntimes
+      `Prelude.seq` Prelude.rnf createdDate
+      `Prelude.seq` Prelude.rnf version
+
+instance Data.ToJSON AwsLambdaLayerVersionDetails where
+  toJSON AwsLambdaLayerVersionDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CompatibleRuntimes" Data..=)
+              Prelude.<$> compatibleRuntimes,
+            ("CreatedDate" Data..=) Prelude.<$> createdDate,
+            ("Version" Data..=) Prelude.<$> version
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsMountPoint.hs b/gen/Amazonka/SecurityHub/Types/AwsMountPoint.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsMountPoint.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsMountPoint
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsMountPoint where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details for a volume mount point that\'s used in a container definition.
+--
+-- /See:/ 'newAwsMountPoint' smart constructor.
+data AwsMountPoint = AwsMountPoint'
+  { -- | The path on the container to mount the host volume at.
+    containerPath :: Prelude.Maybe Prelude.Text,
+    -- | The name of the volume to mount. Must be a volume name referenced in the
+    -- @name@ parameter of task definition @volume@.
+    sourceVolume :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsMountPoint' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'containerPath', 'awsMountPoint_containerPath' - The path on the container to mount the host volume at.
+--
+-- 'sourceVolume', 'awsMountPoint_sourceVolume' - The name of the volume to mount. Must be a volume name referenced in the
+-- @name@ parameter of task definition @volume@.
+newAwsMountPoint ::
+  AwsMountPoint
+newAwsMountPoint =
+  AwsMountPoint'
+    { containerPath = Prelude.Nothing,
+      sourceVolume = Prelude.Nothing
+    }
+
+-- | The path on the container to mount the host volume at.
+awsMountPoint_containerPath :: Lens.Lens' AwsMountPoint (Prelude.Maybe Prelude.Text)
+awsMountPoint_containerPath = Lens.lens (\AwsMountPoint' {containerPath} -> containerPath) (\s@AwsMountPoint' {} a -> s {containerPath = a} :: AwsMountPoint)
+
+-- | The name of the volume to mount. Must be a volume name referenced in the
+-- @name@ parameter of task definition @volume@.
+awsMountPoint_sourceVolume :: Lens.Lens' AwsMountPoint (Prelude.Maybe Prelude.Text)
+awsMountPoint_sourceVolume = Lens.lens (\AwsMountPoint' {sourceVolume} -> sourceVolume) (\s@AwsMountPoint' {} a -> s {sourceVolume = a} :: AwsMountPoint)
+
+instance Data.FromJSON AwsMountPoint where
+  parseJSON =
+    Data.withObject
+      "AwsMountPoint"
+      ( \x ->
+          AwsMountPoint'
+            Prelude.<$> (x Data..:? "ContainerPath")
+            Prelude.<*> (x Data..:? "SourceVolume")
+      )
+
+instance Prelude.Hashable AwsMountPoint where
+  hashWithSalt _salt AwsMountPoint' {..} =
+    _salt
+      `Prelude.hashWithSalt` containerPath
+      `Prelude.hashWithSalt` sourceVolume
+
+instance Prelude.NFData AwsMountPoint where
+  rnf AwsMountPoint' {..} =
+    Prelude.rnf containerPath
+      `Prelude.seq` Prelude.rnf sourceVolume
+
+instance Data.ToJSON AwsMountPoint where
+  toJSON AwsMountPoint' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ContainerPath" Data..=) Prelude.<$> containerPath,
+            ("SourceVolume" Data..=) Prelude.<$> sourceVolume
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsNetworkFirewallFirewallDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsNetworkFirewallFirewallDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsNetworkFirewallFirewallDetails.hs
@@ -0,0 +1,237 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallSubnetMappingsDetails
+
+-- | Details about an Network Firewall firewall.
+--
+-- /See:/ 'newAwsNetworkFirewallFirewallDetails' smart constructor.
+data AwsNetworkFirewallFirewallDetails = AwsNetworkFirewallFirewallDetails'
+  { -- | Whether the firewall is protected from deletion. If set to @true@, then
+    -- the firewall cannot be deleted.
+    deleteProtection :: Prelude.Maybe Prelude.Bool,
+    -- | A description of the firewall.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the firewall.
+    firewallArn :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the firewall.
+    firewallId :: Prelude.Maybe Prelude.Text,
+    -- | A descriptive name of the firewall.
+    firewallName :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the firewall policy.
+    firewallPolicyArn :: Prelude.Maybe Prelude.Text,
+    -- | Whether the firewall is protected from a change to the firewall policy.
+    -- If set to @true@, you cannot associate a different policy with the
+    -- firewall.
+    firewallPolicyChangeProtection :: Prelude.Maybe Prelude.Bool,
+    -- | Whether the firewall is protected from a change to the subnet
+    -- associations. If set to @true@, you cannot map different subnets to the
+    -- firewall.
+    subnetChangeProtection :: Prelude.Maybe Prelude.Bool,
+    -- | The public subnets that Network Firewall uses for the firewall. Each
+    -- subnet must belong to a different Availability Zone.
+    subnetMappings :: Prelude.Maybe [AwsNetworkFirewallFirewallSubnetMappingsDetails],
+    -- | The identifier of the VPC where the firewall is used.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsNetworkFirewallFirewallDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deleteProtection', 'awsNetworkFirewallFirewallDetails_deleteProtection' - Whether the firewall is protected from deletion. If set to @true@, then
+-- the firewall cannot be deleted.
+--
+-- 'description', 'awsNetworkFirewallFirewallDetails_description' - A description of the firewall.
+--
+-- 'firewallArn', 'awsNetworkFirewallFirewallDetails_firewallArn' - The ARN of the firewall.
+--
+-- 'firewallId', 'awsNetworkFirewallFirewallDetails_firewallId' - The identifier of the firewall.
+--
+-- 'firewallName', 'awsNetworkFirewallFirewallDetails_firewallName' - A descriptive name of the firewall.
+--
+-- 'firewallPolicyArn', 'awsNetworkFirewallFirewallDetails_firewallPolicyArn' - The ARN of the firewall policy.
+--
+-- 'firewallPolicyChangeProtection', 'awsNetworkFirewallFirewallDetails_firewallPolicyChangeProtection' - Whether the firewall is protected from a change to the firewall policy.
+-- If set to @true@, you cannot associate a different policy with the
+-- firewall.
+--
+-- 'subnetChangeProtection', 'awsNetworkFirewallFirewallDetails_subnetChangeProtection' - Whether the firewall is protected from a change to the subnet
+-- associations. If set to @true@, you cannot map different subnets to the
+-- firewall.
+--
+-- 'subnetMappings', 'awsNetworkFirewallFirewallDetails_subnetMappings' - The public subnets that Network Firewall uses for the firewall. Each
+-- subnet must belong to a different Availability Zone.
+--
+-- 'vpcId', 'awsNetworkFirewallFirewallDetails_vpcId' - The identifier of the VPC where the firewall is used.
+newAwsNetworkFirewallFirewallDetails ::
+  AwsNetworkFirewallFirewallDetails
+newAwsNetworkFirewallFirewallDetails =
+  AwsNetworkFirewallFirewallDetails'
+    { deleteProtection =
+        Prelude.Nothing,
+      description = Prelude.Nothing,
+      firewallArn = Prelude.Nothing,
+      firewallId = Prelude.Nothing,
+      firewallName = Prelude.Nothing,
+      firewallPolicyArn = Prelude.Nothing,
+      firewallPolicyChangeProtection =
+        Prelude.Nothing,
+      subnetChangeProtection = Prelude.Nothing,
+      subnetMappings = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | Whether the firewall is protected from deletion. If set to @true@, then
+-- the firewall cannot be deleted.
+awsNetworkFirewallFirewallDetails_deleteProtection :: Lens.Lens' AwsNetworkFirewallFirewallDetails (Prelude.Maybe Prelude.Bool)
+awsNetworkFirewallFirewallDetails_deleteProtection = Lens.lens (\AwsNetworkFirewallFirewallDetails' {deleteProtection} -> deleteProtection) (\s@AwsNetworkFirewallFirewallDetails' {} a -> s {deleteProtection = a} :: AwsNetworkFirewallFirewallDetails)
+
+-- | A description of the firewall.
+awsNetworkFirewallFirewallDetails_description :: Lens.Lens' AwsNetworkFirewallFirewallDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallFirewallDetails_description = Lens.lens (\AwsNetworkFirewallFirewallDetails' {description} -> description) (\s@AwsNetworkFirewallFirewallDetails' {} a -> s {description = a} :: AwsNetworkFirewallFirewallDetails)
+
+-- | The ARN of the firewall.
+awsNetworkFirewallFirewallDetails_firewallArn :: Lens.Lens' AwsNetworkFirewallFirewallDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallFirewallDetails_firewallArn = Lens.lens (\AwsNetworkFirewallFirewallDetails' {firewallArn} -> firewallArn) (\s@AwsNetworkFirewallFirewallDetails' {} a -> s {firewallArn = a} :: AwsNetworkFirewallFirewallDetails)
+
+-- | The identifier of the firewall.
+awsNetworkFirewallFirewallDetails_firewallId :: Lens.Lens' AwsNetworkFirewallFirewallDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallFirewallDetails_firewallId = Lens.lens (\AwsNetworkFirewallFirewallDetails' {firewallId} -> firewallId) (\s@AwsNetworkFirewallFirewallDetails' {} a -> s {firewallId = a} :: AwsNetworkFirewallFirewallDetails)
+
+-- | A descriptive name of the firewall.
+awsNetworkFirewallFirewallDetails_firewallName :: Lens.Lens' AwsNetworkFirewallFirewallDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallFirewallDetails_firewallName = Lens.lens (\AwsNetworkFirewallFirewallDetails' {firewallName} -> firewallName) (\s@AwsNetworkFirewallFirewallDetails' {} a -> s {firewallName = a} :: AwsNetworkFirewallFirewallDetails)
+
+-- | The ARN of the firewall policy.
+awsNetworkFirewallFirewallDetails_firewallPolicyArn :: Lens.Lens' AwsNetworkFirewallFirewallDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallFirewallDetails_firewallPolicyArn = Lens.lens (\AwsNetworkFirewallFirewallDetails' {firewallPolicyArn} -> firewallPolicyArn) (\s@AwsNetworkFirewallFirewallDetails' {} a -> s {firewallPolicyArn = a} :: AwsNetworkFirewallFirewallDetails)
+
+-- | Whether the firewall is protected from a change to the firewall policy.
+-- If set to @true@, you cannot associate a different policy with the
+-- firewall.
+awsNetworkFirewallFirewallDetails_firewallPolicyChangeProtection :: Lens.Lens' AwsNetworkFirewallFirewallDetails (Prelude.Maybe Prelude.Bool)
+awsNetworkFirewallFirewallDetails_firewallPolicyChangeProtection = Lens.lens (\AwsNetworkFirewallFirewallDetails' {firewallPolicyChangeProtection} -> firewallPolicyChangeProtection) (\s@AwsNetworkFirewallFirewallDetails' {} a -> s {firewallPolicyChangeProtection = a} :: AwsNetworkFirewallFirewallDetails)
+
+-- | Whether the firewall is protected from a change to the subnet
+-- associations. If set to @true@, you cannot map different subnets to the
+-- firewall.
+awsNetworkFirewallFirewallDetails_subnetChangeProtection :: Lens.Lens' AwsNetworkFirewallFirewallDetails (Prelude.Maybe Prelude.Bool)
+awsNetworkFirewallFirewallDetails_subnetChangeProtection = Lens.lens (\AwsNetworkFirewallFirewallDetails' {subnetChangeProtection} -> subnetChangeProtection) (\s@AwsNetworkFirewallFirewallDetails' {} a -> s {subnetChangeProtection = a} :: AwsNetworkFirewallFirewallDetails)
+
+-- | The public subnets that Network Firewall uses for the firewall. Each
+-- subnet must belong to a different Availability Zone.
+awsNetworkFirewallFirewallDetails_subnetMappings :: Lens.Lens' AwsNetworkFirewallFirewallDetails (Prelude.Maybe [AwsNetworkFirewallFirewallSubnetMappingsDetails])
+awsNetworkFirewallFirewallDetails_subnetMappings = Lens.lens (\AwsNetworkFirewallFirewallDetails' {subnetMappings} -> subnetMappings) (\s@AwsNetworkFirewallFirewallDetails' {} a -> s {subnetMappings = a} :: AwsNetworkFirewallFirewallDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The identifier of the VPC where the firewall is used.
+awsNetworkFirewallFirewallDetails_vpcId :: Lens.Lens' AwsNetworkFirewallFirewallDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallFirewallDetails_vpcId = Lens.lens (\AwsNetworkFirewallFirewallDetails' {vpcId} -> vpcId) (\s@AwsNetworkFirewallFirewallDetails' {} a -> s {vpcId = a} :: AwsNetworkFirewallFirewallDetails)
+
+instance
+  Data.FromJSON
+    AwsNetworkFirewallFirewallDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsNetworkFirewallFirewallDetails"
+      ( \x ->
+          AwsNetworkFirewallFirewallDetails'
+            Prelude.<$> (x Data..:? "DeleteProtection")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "FirewallArn")
+            Prelude.<*> (x Data..:? "FirewallId")
+            Prelude.<*> (x Data..:? "FirewallName")
+            Prelude.<*> (x Data..:? "FirewallPolicyArn")
+            Prelude.<*> (x Data..:? "FirewallPolicyChangeProtection")
+            Prelude.<*> (x Data..:? "SubnetChangeProtection")
+            Prelude.<*> (x Data..:? "SubnetMappings" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "VpcId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsNetworkFirewallFirewallDetails
+  where
+  hashWithSalt
+    _salt
+    AwsNetworkFirewallFirewallDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` deleteProtection
+        `Prelude.hashWithSalt` description
+        `Prelude.hashWithSalt` firewallArn
+        `Prelude.hashWithSalt` firewallId
+        `Prelude.hashWithSalt` firewallName
+        `Prelude.hashWithSalt` firewallPolicyArn
+        `Prelude.hashWithSalt` firewallPolicyChangeProtection
+        `Prelude.hashWithSalt` subnetChangeProtection
+        `Prelude.hashWithSalt` subnetMappings
+        `Prelude.hashWithSalt` vpcId
+
+instance
+  Prelude.NFData
+    AwsNetworkFirewallFirewallDetails
+  where
+  rnf AwsNetworkFirewallFirewallDetails' {..} =
+    Prelude.rnf deleteProtection
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf firewallArn
+      `Prelude.seq` Prelude.rnf firewallId
+      `Prelude.seq` Prelude.rnf firewallName
+      `Prelude.seq` Prelude.rnf firewallPolicyArn
+      `Prelude.seq` Prelude.rnf firewallPolicyChangeProtection
+      `Prelude.seq` Prelude.rnf subnetChangeProtection
+      `Prelude.seq` Prelude.rnf subnetMappings
+      `Prelude.seq` Prelude.rnf vpcId
+
+instance
+  Data.ToJSON
+    AwsNetworkFirewallFirewallDetails
+  where
+  toJSON AwsNetworkFirewallFirewallDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DeleteProtection" Data..=)
+              Prelude.<$> deleteProtection,
+            ("Description" Data..=) Prelude.<$> description,
+            ("FirewallArn" Data..=) Prelude.<$> firewallArn,
+            ("FirewallId" Data..=) Prelude.<$> firewallId,
+            ("FirewallName" Data..=) Prelude.<$> firewallName,
+            ("FirewallPolicyArn" Data..=)
+              Prelude.<$> firewallPolicyArn,
+            ("FirewallPolicyChangeProtection" Data..=)
+              Prelude.<$> firewallPolicyChangeProtection,
+            ("SubnetChangeProtection" Data..=)
+              Prelude.<$> subnetChangeProtection,
+            ("SubnetMappings" Data..=)
+              Prelude.<$> subnetMappings,
+            ("VpcId" Data..=) Prelude.<$> vpcId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsNetworkFirewallFirewallPolicyDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsNetworkFirewallFirewallPolicyDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsNetworkFirewallFirewallPolicyDetails.hs
@@ -0,0 +1,155 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallPolicyDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallPolicyDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.FirewallPolicyDetails
+
+-- | Details about a firewall policy. A firewall policy defines the behavior
+-- of a network firewall.
+--
+-- /See:/ 'newAwsNetworkFirewallFirewallPolicyDetails' smart constructor.
+data AwsNetworkFirewallFirewallPolicyDetails = AwsNetworkFirewallFirewallPolicyDetails'
+  { -- | A description of the firewall policy.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The firewall policy configuration.
+    firewallPolicy :: Prelude.Maybe FirewallPolicyDetails,
+    -- | The ARN of the firewall policy.
+    firewallPolicyArn :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the firewall policy.
+    firewallPolicyId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the firewall policy.
+    firewallPolicyName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsNetworkFirewallFirewallPolicyDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'awsNetworkFirewallFirewallPolicyDetails_description' - A description of the firewall policy.
+--
+-- 'firewallPolicy', 'awsNetworkFirewallFirewallPolicyDetails_firewallPolicy' - The firewall policy configuration.
+--
+-- 'firewallPolicyArn', 'awsNetworkFirewallFirewallPolicyDetails_firewallPolicyArn' - The ARN of the firewall policy.
+--
+-- 'firewallPolicyId', 'awsNetworkFirewallFirewallPolicyDetails_firewallPolicyId' - The identifier of the firewall policy.
+--
+-- 'firewallPolicyName', 'awsNetworkFirewallFirewallPolicyDetails_firewallPolicyName' - The name of the firewall policy.
+newAwsNetworkFirewallFirewallPolicyDetails ::
+  AwsNetworkFirewallFirewallPolicyDetails
+newAwsNetworkFirewallFirewallPolicyDetails =
+  AwsNetworkFirewallFirewallPolicyDetails'
+    { description =
+        Prelude.Nothing,
+      firewallPolicy = Prelude.Nothing,
+      firewallPolicyArn =
+        Prelude.Nothing,
+      firewallPolicyId = Prelude.Nothing,
+      firewallPolicyName =
+        Prelude.Nothing
+    }
+
+-- | A description of the firewall policy.
+awsNetworkFirewallFirewallPolicyDetails_description :: Lens.Lens' AwsNetworkFirewallFirewallPolicyDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallFirewallPolicyDetails_description = Lens.lens (\AwsNetworkFirewallFirewallPolicyDetails' {description} -> description) (\s@AwsNetworkFirewallFirewallPolicyDetails' {} a -> s {description = a} :: AwsNetworkFirewallFirewallPolicyDetails)
+
+-- | The firewall policy configuration.
+awsNetworkFirewallFirewallPolicyDetails_firewallPolicy :: Lens.Lens' AwsNetworkFirewallFirewallPolicyDetails (Prelude.Maybe FirewallPolicyDetails)
+awsNetworkFirewallFirewallPolicyDetails_firewallPolicy = Lens.lens (\AwsNetworkFirewallFirewallPolicyDetails' {firewallPolicy} -> firewallPolicy) (\s@AwsNetworkFirewallFirewallPolicyDetails' {} a -> s {firewallPolicy = a} :: AwsNetworkFirewallFirewallPolicyDetails)
+
+-- | The ARN of the firewall policy.
+awsNetworkFirewallFirewallPolicyDetails_firewallPolicyArn :: Lens.Lens' AwsNetworkFirewallFirewallPolicyDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallFirewallPolicyDetails_firewallPolicyArn = Lens.lens (\AwsNetworkFirewallFirewallPolicyDetails' {firewallPolicyArn} -> firewallPolicyArn) (\s@AwsNetworkFirewallFirewallPolicyDetails' {} a -> s {firewallPolicyArn = a} :: AwsNetworkFirewallFirewallPolicyDetails)
+
+-- | The identifier of the firewall policy.
+awsNetworkFirewallFirewallPolicyDetails_firewallPolicyId :: Lens.Lens' AwsNetworkFirewallFirewallPolicyDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallFirewallPolicyDetails_firewallPolicyId = Lens.lens (\AwsNetworkFirewallFirewallPolicyDetails' {firewallPolicyId} -> firewallPolicyId) (\s@AwsNetworkFirewallFirewallPolicyDetails' {} a -> s {firewallPolicyId = a} :: AwsNetworkFirewallFirewallPolicyDetails)
+
+-- | The name of the firewall policy.
+awsNetworkFirewallFirewallPolicyDetails_firewallPolicyName :: Lens.Lens' AwsNetworkFirewallFirewallPolicyDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallFirewallPolicyDetails_firewallPolicyName = Lens.lens (\AwsNetworkFirewallFirewallPolicyDetails' {firewallPolicyName} -> firewallPolicyName) (\s@AwsNetworkFirewallFirewallPolicyDetails' {} a -> s {firewallPolicyName = a} :: AwsNetworkFirewallFirewallPolicyDetails)
+
+instance
+  Data.FromJSON
+    AwsNetworkFirewallFirewallPolicyDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsNetworkFirewallFirewallPolicyDetails"
+      ( \x ->
+          AwsNetworkFirewallFirewallPolicyDetails'
+            Prelude.<$> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "FirewallPolicy")
+            Prelude.<*> (x Data..:? "FirewallPolicyArn")
+            Prelude.<*> (x Data..:? "FirewallPolicyId")
+            Prelude.<*> (x Data..:? "FirewallPolicyName")
+      )
+
+instance
+  Prelude.Hashable
+    AwsNetworkFirewallFirewallPolicyDetails
+  where
+  hashWithSalt
+    _salt
+    AwsNetworkFirewallFirewallPolicyDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` description
+        `Prelude.hashWithSalt` firewallPolicy
+        `Prelude.hashWithSalt` firewallPolicyArn
+        `Prelude.hashWithSalt` firewallPolicyId
+        `Prelude.hashWithSalt` firewallPolicyName
+
+instance
+  Prelude.NFData
+    AwsNetworkFirewallFirewallPolicyDetails
+  where
+  rnf AwsNetworkFirewallFirewallPolicyDetails' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf firewallPolicy
+      `Prelude.seq` Prelude.rnf firewallPolicyArn
+      `Prelude.seq` Prelude.rnf firewallPolicyId
+      `Prelude.seq` Prelude.rnf firewallPolicyName
+
+instance
+  Data.ToJSON
+    AwsNetworkFirewallFirewallPolicyDetails
+  where
+  toJSON AwsNetworkFirewallFirewallPolicyDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Description" Data..=) Prelude.<$> description,
+            ("FirewallPolicy" Data..=)
+              Prelude.<$> firewallPolicy,
+            ("FirewallPolicyArn" Data..=)
+              Prelude.<$> firewallPolicyArn,
+            ("FirewallPolicyId" Data..=)
+              Prelude.<$> firewallPolicyId,
+            ("FirewallPolicyName" Data..=)
+              Prelude.<$> firewallPolicyName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsNetworkFirewallFirewallSubnetMappingsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsNetworkFirewallFirewallSubnetMappingsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsNetworkFirewallFirewallSubnetMappingsDetails.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallSubnetMappingsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallSubnetMappingsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A public subnet that Network Firewall uses for the firewall.
+--
+-- /See:/ 'newAwsNetworkFirewallFirewallSubnetMappingsDetails' smart constructor.
+data AwsNetworkFirewallFirewallSubnetMappingsDetails = AwsNetworkFirewallFirewallSubnetMappingsDetails'
+  { -- | The identifier of the subnet
+    subnetId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsNetworkFirewallFirewallSubnetMappingsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'subnetId', 'awsNetworkFirewallFirewallSubnetMappingsDetails_subnetId' - The identifier of the subnet
+newAwsNetworkFirewallFirewallSubnetMappingsDetails ::
+  AwsNetworkFirewallFirewallSubnetMappingsDetails
+newAwsNetworkFirewallFirewallSubnetMappingsDetails =
+  AwsNetworkFirewallFirewallSubnetMappingsDetails'
+    { subnetId =
+        Prelude.Nothing
+    }
+
+-- | The identifier of the subnet
+awsNetworkFirewallFirewallSubnetMappingsDetails_subnetId :: Lens.Lens' AwsNetworkFirewallFirewallSubnetMappingsDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallFirewallSubnetMappingsDetails_subnetId = Lens.lens (\AwsNetworkFirewallFirewallSubnetMappingsDetails' {subnetId} -> subnetId) (\s@AwsNetworkFirewallFirewallSubnetMappingsDetails' {} a -> s {subnetId = a} :: AwsNetworkFirewallFirewallSubnetMappingsDetails)
+
+instance
+  Data.FromJSON
+    AwsNetworkFirewallFirewallSubnetMappingsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsNetworkFirewallFirewallSubnetMappingsDetails"
+      ( \x ->
+          AwsNetworkFirewallFirewallSubnetMappingsDetails'
+            Prelude.<$> (x Data..:? "SubnetId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsNetworkFirewallFirewallSubnetMappingsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsNetworkFirewallFirewallSubnetMappingsDetails' {..} =
+      _salt `Prelude.hashWithSalt` subnetId
+
+instance
+  Prelude.NFData
+    AwsNetworkFirewallFirewallSubnetMappingsDetails
+  where
+  rnf
+    AwsNetworkFirewallFirewallSubnetMappingsDetails' {..} =
+      Prelude.rnf subnetId
+
+instance
+  Data.ToJSON
+    AwsNetworkFirewallFirewallSubnetMappingsDetails
+  where
+  toJSON
+    AwsNetworkFirewallFirewallSubnetMappingsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("SubnetId" Data..=) Prelude.<$> subnetId]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsNetworkFirewallRuleGroupDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsNetworkFirewallRuleGroupDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsNetworkFirewallRuleGroupDetails.hs
@@ -0,0 +1,179 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsNetworkFirewallRuleGroupDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsNetworkFirewallRuleGroupDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.RuleGroupDetails
+
+-- | Details about an Network Firewall rule group. Rule groups are used to
+-- inspect and control network traffic. Stateless rule groups apply to
+-- individual packets. Stateful rule groups apply to packets in the context
+-- of their traffic flow.
+--
+-- Rule groups are referenced in firewall policies.
+--
+-- /See:/ 'newAwsNetworkFirewallRuleGroupDetails' smart constructor.
+data AwsNetworkFirewallRuleGroupDetails = AwsNetworkFirewallRuleGroupDetails'
+  { -- | The maximum number of operating resources that this rule group can use.
+    capacity :: Prelude.Maybe Prelude.Int,
+    -- | A description of the rule group.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | Details about the rule group.
+    ruleGroup :: Prelude.Maybe RuleGroupDetails,
+    -- | The ARN of the rule group.
+    ruleGroupArn :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the rule group.
+    ruleGroupId :: Prelude.Maybe Prelude.Text,
+    -- | The descriptive name of the rule group.
+    ruleGroupName :: Prelude.Maybe Prelude.Text,
+    -- | The type of rule group. A rule group can be stateful or stateless.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsNetworkFirewallRuleGroupDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'capacity', 'awsNetworkFirewallRuleGroupDetails_capacity' - The maximum number of operating resources that this rule group can use.
+--
+-- 'description', 'awsNetworkFirewallRuleGroupDetails_description' - A description of the rule group.
+--
+-- 'ruleGroup', 'awsNetworkFirewallRuleGroupDetails_ruleGroup' - Details about the rule group.
+--
+-- 'ruleGroupArn', 'awsNetworkFirewallRuleGroupDetails_ruleGroupArn' - The ARN of the rule group.
+--
+-- 'ruleGroupId', 'awsNetworkFirewallRuleGroupDetails_ruleGroupId' - The identifier of the rule group.
+--
+-- 'ruleGroupName', 'awsNetworkFirewallRuleGroupDetails_ruleGroupName' - The descriptive name of the rule group.
+--
+-- 'type'', 'awsNetworkFirewallRuleGroupDetails_type' - The type of rule group. A rule group can be stateful or stateless.
+newAwsNetworkFirewallRuleGroupDetails ::
+  AwsNetworkFirewallRuleGroupDetails
+newAwsNetworkFirewallRuleGroupDetails =
+  AwsNetworkFirewallRuleGroupDetails'
+    { capacity =
+        Prelude.Nothing,
+      description = Prelude.Nothing,
+      ruleGroup = Prelude.Nothing,
+      ruleGroupArn = Prelude.Nothing,
+      ruleGroupId = Prelude.Nothing,
+      ruleGroupName = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The maximum number of operating resources that this rule group can use.
+awsNetworkFirewallRuleGroupDetails_capacity :: Lens.Lens' AwsNetworkFirewallRuleGroupDetails (Prelude.Maybe Prelude.Int)
+awsNetworkFirewallRuleGroupDetails_capacity = Lens.lens (\AwsNetworkFirewallRuleGroupDetails' {capacity} -> capacity) (\s@AwsNetworkFirewallRuleGroupDetails' {} a -> s {capacity = a} :: AwsNetworkFirewallRuleGroupDetails)
+
+-- | A description of the rule group.
+awsNetworkFirewallRuleGroupDetails_description :: Lens.Lens' AwsNetworkFirewallRuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallRuleGroupDetails_description = Lens.lens (\AwsNetworkFirewallRuleGroupDetails' {description} -> description) (\s@AwsNetworkFirewallRuleGroupDetails' {} a -> s {description = a} :: AwsNetworkFirewallRuleGroupDetails)
+
+-- | Details about the rule group.
+awsNetworkFirewallRuleGroupDetails_ruleGroup :: Lens.Lens' AwsNetworkFirewallRuleGroupDetails (Prelude.Maybe RuleGroupDetails)
+awsNetworkFirewallRuleGroupDetails_ruleGroup = Lens.lens (\AwsNetworkFirewallRuleGroupDetails' {ruleGroup} -> ruleGroup) (\s@AwsNetworkFirewallRuleGroupDetails' {} a -> s {ruleGroup = a} :: AwsNetworkFirewallRuleGroupDetails)
+
+-- | The ARN of the rule group.
+awsNetworkFirewallRuleGroupDetails_ruleGroupArn :: Lens.Lens' AwsNetworkFirewallRuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallRuleGroupDetails_ruleGroupArn = Lens.lens (\AwsNetworkFirewallRuleGroupDetails' {ruleGroupArn} -> ruleGroupArn) (\s@AwsNetworkFirewallRuleGroupDetails' {} a -> s {ruleGroupArn = a} :: AwsNetworkFirewallRuleGroupDetails)
+
+-- | The identifier of the rule group.
+awsNetworkFirewallRuleGroupDetails_ruleGroupId :: Lens.Lens' AwsNetworkFirewallRuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallRuleGroupDetails_ruleGroupId = Lens.lens (\AwsNetworkFirewallRuleGroupDetails' {ruleGroupId} -> ruleGroupId) (\s@AwsNetworkFirewallRuleGroupDetails' {} a -> s {ruleGroupId = a} :: AwsNetworkFirewallRuleGroupDetails)
+
+-- | The descriptive name of the rule group.
+awsNetworkFirewallRuleGroupDetails_ruleGroupName :: Lens.Lens' AwsNetworkFirewallRuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallRuleGroupDetails_ruleGroupName = Lens.lens (\AwsNetworkFirewallRuleGroupDetails' {ruleGroupName} -> ruleGroupName) (\s@AwsNetworkFirewallRuleGroupDetails' {} a -> s {ruleGroupName = a} :: AwsNetworkFirewallRuleGroupDetails)
+
+-- | The type of rule group. A rule group can be stateful or stateless.
+awsNetworkFirewallRuleGroupDetails_type :: Lens.Lens' AwsNetworkFirewallRuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsNetworkFirewallRuleGroupDetails_type = Lens.lens (\AwsNetworkFirewallRuleGroupDetails' {type'} -> type') (\s@AwsNetworkFirewallRuleGroupDetails' {} a -> s {type' = a} :: AwsNetworkFirewallRuleGroupDetails)
+
+instance
+  Data.FromJSON
+    AwsNetworkFirewallRuleGroupDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsNetworkFirewallRuleGroupDetails"
+      ( \x ->
+          AwsNetworkFirewallRuleGroupDetails'
+            Prelude.<$> (x Data..:? "Capacity")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "RuleGroup")
+            Prelude.<*> (x Data..:? "RuleGroupArn")
+            Prelude.<*> (x Data..:? "RuleGroupId")
+            Prelude.<*> (x Data..:? "RuleGroupName")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsNetworkFirewallRuleGroupDetails
+  where
+  hashWithSalt
+    _salt
+    AwsNetworkFirewallRuleGroupDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` capacity
+        `Prelude.hashWithSalt` description
+        `Prelude.hashWithSalt` ruleGroup
+        `Prelude.hashWithSalt` ruleGroupArn
+        `Prelude.hashWithSalt` ruleGroupId
+        `Prelude.hashWithSalt` ruleGroupName
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsNetworkFirewallRuleGroupDetails
+  where
+  rnf AwsNetworkFirewallRuleGroupDetails' {..} =
+    Prelude.rnf capacity
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf ruleGroup
+      `Prelude.seq` Prelude.rnf ruleGroupArn
+      `Prelude.seq` Prelude.rnf ruleGroupId
+      `Prelude.seq` Prelude.rnf ruleGroupName
+      `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsNetworkFirewallRuleGroupDetails
+  where
+  toJSON AwsNetworkFirewallRuleGroupDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Capacity" Data..=) Prelude.<$> capacity,
+            ("Description" Data..=) Prelude.<$> description,
+            ("RuleGroup" Data..=) Prelude.<$> ruleGroup,
+            ("RuleGroupArn" Data..=) Prelude.<$> ruleGroupArn,
+            ("RuleGroupId" Data..=) Prelude.<$> ruleGroupId,
+            ("RuleGroupName" Data..=) Prelude.<$> ruleGroupName,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails.hs
@@ -0,0 +1,128 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainMasterUserOptionsDetails
+
+-- | Provides information about domain access control options.
+--
+-- /See:/ 'newAwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails' smart constructor.
+data AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails = AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails'
+  { -- | Enables fine-grained access control.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | Enables the internal user database.
+    internalUserDatabaseEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | Specifies information about the master user of the domain.
+    masterUserOptions :: Prelude.Maybe AwsOpenSearchServiceDomainMasterUserOptionsDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enabled', 'awsOpenSearchServiceDomainAdvancedSecurityOptionsDetails_enabled' - Enables fine-grained access control.
+--
+-- 'internalUserDatabaseEnabled', 'awsOpenSearchServiceDomainAdvancedSecurityOptionsDetails_internalUserDatabaseEnabled' - Enables the internal user database.
+--
+-- 'masterUserOptions', 'awsOpenSearchServiceDomainAdvancedSecurityOptionsDetails_masterUserOptions' - Specifies information about the master user of the domain.
+newAwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails ::
+  AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails
+newAwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails =
+  AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails'
+    { enabled =
+        Prelude.Nothing,
+      internalUserDatabaseEnabled =
+        Prelude.Nothing,
+      masterUserOptions =
+        Prelude.Nothing
+    }
+
+-- | Enables fine-grained access control.
+awsOpenSearchServiceDomainAdvancedSecurityOptionsDetails_enabled :: Lens.Lens' AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails (Prelude.Maybe Prelude.Bool)
+awsOpenSearchServiceDomainAdvancedSecurityOptionsDetails_enabled = Lens.lens (\AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails' {enabled} -> enabled) (\s@AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails' {} a -> s {enabled = a} :: AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails)
+
+-- | Enables the internal user database.
+awsOpenSearchServiceDomainAdvancedSecurityOptionsDetails_internalUserDatabaseEnabled :: Lens.Lens' AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails (Prelude.Maybe Prelude.Bool)
+awsOpenSearchServiceDomainAdvancedSecurityOptionsDetails_internalUserDatabaseEnabled = Lens.lens (\AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails' {internalUserDatabaseEnabled} -> internalUserDatabaseEnabled) (\s@AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails' {} a -> s {internalUserDatabaseEnabled = a} :: AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails)
+
+-- | Specifies information about the master user of the domain.
+awsOpenSearchServiceDomainAdvancedSecurityOptionsDetails_masterUserOptions :: Lens.Lens' AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails (Prelude.Maybe AwsOpenSearchServiceDomainMasterUserOptionsDetails)
+awsOpenSearchServiceDomainAdvancedSecurityOptionsDetails_masterUserOptions = Lens.lens (\AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails' {masterUserOptions} -> masterUserOptions) (\s@AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails' {} a -> s {masterUserOptions = a} :: AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails"
+      ( \x ->
+          AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails'
+            Prelude.<$> (x Data..:? "Enabled")
+            Prelude.<*> (x Data..:? "InternalUserDatabaseEnabled")
+            Prelude.<*> (x Data..:? "MasterUserOptions")
+      )
+
+instance
+  Prelude.Hashable
+    AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` enabled
+        `Prelude.hashWithSalt` internalUserDatabaseEnabled
+        `Prelude.hashWithSalt` masterUserOptions
+
+instance
+  Prelude.NFData
+    AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails
+  where
+  rnf
+    AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails' {..} =
+      Prelude.rnf enabled
+        `Prelude.seq` Prelude.rnf internalUserDatabaseEnabled
+        `Prelude.seq` Prelude.rnf masterUserOptions
+
+instance
+  Data.ToJSON
+    AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails
+  where
+  toJSON
+    AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Enabled" Data..=) Prelude.<$> enabled,
+              ("InternalUserDatabaseEnabled" Data..=)
+                Prelude.<$> internalUserDatabaseEnabled,
+              ("MasterUserOptions" Data..=)
+                Prelude.<$> masterUserOptions
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainClusterConfigDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainClusterConfigDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainClusterConfigDetails.hs
@@ -0,0 +1,275 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainClusterConfigDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainClusterConfigDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails
+
+-- | Details about the configuration of an OpenSearch cluster.
+--
+-- /See:/ 'newAwsOpenSearchServiceDomainClusterConfigDetails' smart constructor.
+data AwsOpenSearchServiceDomainClusterConfigDetails = AwsOpenSearchServiceDomainClusterConfigDetails'
+  { -- | The number of instances to use for the master node. If this attribute is
+    -- specified, then @DedicatedMasterEnabled@ must be @true@.
+    dedicatedMasterCount :: Prelude.Maybe Prelude.Int,
+    -- | Whether to use a dedicated master node for the OpenSearch domain. A
+    -- dedicated master node performs cluster management tasks, but does not
+    -- hold data or respond to data upload requests.
+    dedicatedMasterEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | The hardware configuration of the computer that hosts the dedicated
+    -- master node.
+    --
+    -- If this attribute is specified, then @DedicatedMasterEnabled@ must be
+    -- @true@.
+    dedicatedMasterType :: Prelude.Maybe Prelude.Text,
+    -- | The number of data nodes to use in the OpenSearch domain.
+    instanceCount :: Prelude.Maybe Prelude.Int,
+    -- | The instance type for your data nodes.
+    --
+    -- For a list of valid values, see
+    -- <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html Supported instance types in Amazon OpenSearch Service>
+    -- in the /Amazon OpenSearch Service Developer Guide/.
+    instanceType :: Prelude.Maybe Prelude.Text,
+    -- | The number of UltraWarm instances.
+    warmCount :: Prelude.Maybe Prelude.Int,
+    -- | Whether UltraWarm is enabled.
+    warmEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | The type of UltraWarm instance.
+    warmType :: Prelude.Maybe Prelude.Text,
+    -- | Configuration options for zone awareness. Provided if
+    -- @ZoneAwarenessEnabled@ is @true@.
+    zoneAwarenessConfig :: Prelude.Maybe AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails,
+    -- | Whether to enable zone awareness for the OpenSearch domain. When zone
+    -- awareness is enabled, OpenSearch Service allocates the cluster\'s nodes
+    -- and replica index shards across Availability Zones (AZs) in the same
+    -- Region. This prevents data loss and minimizes downtime if a node or data
+    -- center fails.
+    zoneAwarenessEnabled :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsOpenSearchServiceDomainClusterConfigDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dedicatedMasterCount', 'awsOpenSearchServiceDomainClusterConfigDetails_dedicatedMasterCount' - The number of instances to use for the master node. If this attribute is
+-- specified, then @DedicatedMasterEnabled@ must be @true@.
+--
+-- 'dedicatedMasterEnabled', 'awsOpenSearchServiceDomainClusterConfigDetails_dedicatedMasterEnabled' - Whether to use a dedicated master node for the OpenSearch domain. A
+-- dedicated master node performs cluster management tasks, but does not
+-- hold data or respond to data upload requests.
+--
+-- 'dedicatedMasterType', 'awsOpenSearchServiceDomainClusterConfigDetails_dedicatedMasterType' - The hardware configuration of the computer that hosts the dedicated
+-- master node.
+--
+-- If this attribute is specified, then @DedicatedMasterEnabled@ must be
+-- @true@.
+--
+-- 'instanceCount', 'awsOpenSearchServiceDomainClusterConfigDetails_instanceCount' - The number of data nodes to use in the OpenSearch domain.
+--
+-- 'instanceType', 'awsOpenSearchServiceDomainClusterConfigDetails_instanceType' - The instance type for your data nodes.
+--
+-- For a list of valid values, see
+-- <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html Supported instance types in Amazon OpenSearch Service>
+-- in the /Amazon OpenSearch Service Developer Guide/.
+--
+-- 'warmCount', 'awsOpenSearchServiceDomainClusterConfigDetails_warmCount' - The number of UltraWarm instances.
+--
+-- 'warmEnabled', 'awsOpenSearchServiceDomainClusterConfigDetails_warmEnabled' - Whether UltraWarm is enabled.
+--
+-- 'warmType', 'awsOpenSearchServiceDomainClusterConfigDetails_warmType' - The type of UltraWarm instance.
+--
+-- 'zoneAwarenessConfig', 'awsOpenSearchServiceDomainClusterConfigDetails_zoneAwarenessConfig' - Configuration options for zone awareness. Provided if
+-- @ZoneAwarenessEnabled@ is @true@.
+--
+-- 'zoneAwarenessEnabled', 'awsOpenSearchServiceDomainClusterConfigDetails_zoneAwarenessEnabled' - Whether to enable zone awareness for the OpenSearch domain. When zone
+-- awareness is enabled, OpenSearch Service allocates the cluster\'s nodes
+-- and replica index shards across Availability Zones (AZs) in the same
+-- Region. This prevents data loss and minimizes downtime if a node or data
+-- center fails.
+newAwsOpenSearchServiceDomainClusterConfigDetails ::
+  AwsOpenSearchServiceDomainClusterConfigDetails
+newAwsOpenSearchServiceDomainClusterConfigDetails =
+  AwsOpenSearchServiceDomainClusterConfigDetails'
+    { dedicatedMasterCount =
+        Prelude.Nothing,
+      dedicatedMasterEnabled =
+        Prelude.Nothing,
+      dedicatedMasterType =
+        Prelude.Nothing,
+      instanceCount =
+        Prelude.Nothing,
+      instanceType =
+        Prelude.Nothing,
+      warmCount = Prelude.Nothing,
+      warmEnabled =
+        Prelude.Nothing,
+      warmType = Prelude.Nothing,
+      zoneAwarenessConfig =
+        Prelude.Nothing,
+      zoneAwarenessEnabled =
+        Prelude.Nothing
+    }
+
+-- | The number of instances to use for the master node. If this attribute is
+-- specified, then @DedicatedMasterEnabled@ must be @true@.
+awsOpenSearchServiceDomainClusterConfigDetails_dedicatedMasterCount :: Lens.Lens' AwsOpenSearchServiceDomainClusterConfigDetails (Prelude.Maybe Prelude.Int)
+awsOpenSearchServiceDomainClusterConfigDetails_dedicatedMasterCount = Lens.lens (\AwsOpenSearchServiceDomainClusterConfigDetails' {dedicatedMasterCount} -> dedicatedMasterCount) (\s@AwsOpenSearchServiceDomainClusterConfigDetails' {} a -> s {dedicatedMasterCount = a} :: AwsOpenSearchServiceDomainClusterConfigDetails)
+
+-- | Whether to use a dedicated master node for the OpenSearch domain. A
+-- dedicated master node performs cluster management tasks, but does not
+-- hold data or respond to data upload requests.
+awsOpenSearchServiceDomainClusterConfigDetails_dedicatedMasterEnabled :: Lens.Lens' AwsOpenSearchServiceDomainClusterConfigDetails (Prelude.Maybe Prelude.Bool)
+awsOpenSearchServiceDomainClusterConfigDetails_dedicatedMasterEnabled = Lens.lens (\AwsOpenSearchServiceDomainClusterConfigDetails' {dedicatedMasterEnabled} -> dedicatedMasterEnabled) (\s@AwsOpenSearchServiceDomainClusterConfigDetails' {} a -> s {dedicatedMasterEnabled = a} :: AwsOpenSearchServiceDomainClusterConfigDetails)
+
+-- | The hardware configuration of the computer that hosts the dedicated
+-- master node.
+--
+-- If this attribute is specified, then @DedicatedMasterEnabled@ must be
+-- @true@.
+awsOpenSearchServiceDomainClusterConfigDetails_dedicatedMasterType :: Lens.Lens' AwsOpenSearchServiceDomainClusterConfigDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainClusterConfigDetails_dedicatedMasterType = Lens.lens (\AwsOpenSearchServiceDomainClusterConfigDetails' {dedicatedMasterType} -> dedicatedMasterType) (\s@AwsOpenSearchServiceDomainClusterConfigDetails' {} a -> s {dedicatedMasterType = a} :: AwsOpenSearchServiceDomainClusterConfigDetails)
+
+-- | The number of data nodes to use in the OpenSearch domain.
+awsOpenSearchServiceDomainClusterConfigDetails_instanceCount :: Lens.Lens' AwsOpenSearchServiceDomainClusterConfigDetails (Prelude.Maybe Prelude.Int)
+awsOpenSearchServiceDomainClusterConfigDetails_instanceCount = Lens.lens (\AwsOpenSearchServiceDomainClusterConfigDetails' {instanceCount} -> instanceCount) (\s@AwsOpenSearchServiceDomainClusterConfigDetails' {} a -> s {instanceCount = a} :: AwsOpenSearchServiceDomainClusterConfigDetails)
+
+-- | The instance type for your data nodes.
+--
+-- For a list of valid values, see
+-- <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html Supported instance types in Amazon OpenSearch Service>
+-- in the /Amazon OpenSearch Service Developer Guide/.
+awsOpenSearchServiceDomainClusterConfigDetails_instanceType :: Lens.Lens' AwsOpenSearchServiceDomainClusterConfigDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainClusterConfigDetails_instanceType = Lens.lens (\AwsOpenSearchServiceDomainClusterConfigDetails' {instanceType} -> instanceType) (\s@AwsOpenSearchServiceDomainClusterConfigDetails' {} a -> s {instanceType = a} :: AwsOpenSearchServiceDomainClusterConfigDetails)
+
+-- | The number of UltraWarm instances.
+awsOpenSearchServiceDomainClusterConfigDetails_warmCount :: Lens.Lens' AwsOpenSearchServiceDomainClusterConfigDetails (Prelude.Maybe Prelude.Int)
+awsOpenSearchServiceDomainClusterConfigDetails_warmCount = Lens.lens (\AwsOpenSearchServiceDomainClusterConfigDetails' {warmCount} -> warmCount) (\s@AwsOpenSearchServiceDomainClusterConfigDetails' {} a -> s {warmCount = a} :: AwsOpenSearchServiceDomainClusterConfigDetails)
+
+-- | Whether UltraWarm is enabled.
+awsOpenSearchServiceDomainClusterConfigDetails_warmEnabled :: Lens.Lens' AwsOpenSearchServiceDomainClusterConfigDetails (Prelude.Maybe Prelude.Bool)
+awsOpenSearchServiceDomainClusterConfigDetails_warmEnabled = Lens.lens (\AwsOpenSearchServiceDomainClusterConfigDetails' {warmEnabled} -> warmEnabled) (\s@AwsOpenSearchServiceDomainClusterConfigDetails' {} a -> s {warmEnabled = a} :: AwsOpenSearchServiceDomainClusterConfigDetails)
+
+-- | The type of UltraWarm instance.
+awsOpenSearchServiceDomainClusterConfigDetails_warmType :: Lens.Lens' AwsOpenSearchServiceDomainClusterConfigDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainClusterConfigDetails_warmType = Lens.lens (\AwsOpenSearchServiceDomainClusterConfigDetails' {warmType} -> warmType) (\s@AwsOpenSearchServiceDomainClusterConfigDetails' {} a -> s {warmType = a} :: AwsOpenSearchServiceDomainClusterConfigDetails)
+
+-- | Configuration options for zone awareness. Provided if
+-- @ZoneAwarenessEnabled@ is @true@.
+awsOpenSearchServiceDomainClusterConfigDetails_zoneAwarenessConfig :: Lens.Lens' AwsOpenSearchServiceDomainClusterConfigDetails (Prelude.Maybe AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails)
+awsOpenSearchServiceDomainClusterConfigDetails_zoneAwarenessConfig = Lens.lens (\AwsOpenSearchServiceDomainClusterConfigDetails' {zoneAwarenessConfig} -> zoneAwarenessConfig) (\s@AwsOpenSearchServiceDomainClusterConfigDetails' {} a -> s {zoneAwarenessConfig = a} :: AwsOpenSearchServiceDomainClusterConfigDetails)
+
+-- | Whether to enable zone awareness for the OpenSearch domain. When zone
+-- awareness is enabled, OpenSearch Service allocates the cluster\'s nodes
+-- and replica index shards across Availability Zones (AZs) in the same
+-- Region. This prevents data loss and minimizes downtime if a node or data
+-- center fails.
+awsOpenSearchServiceDomainClusterConfigDetails_zoneAwarenessEnabled :: Lens.Lens' AwsOpenSearchServiceDomainClusterConfigDetails (Prelude.Maybe Prelude.Bool)
+awsOpenSearchServiceDomainClusterConfigDetails_zoneAwarenessEnabled = Lens.lens (\AwsOpenSearchServiceDomainClusterConfigDetails' {zoneAwarenessEnabled} -> zoneAwarenessEnabled) (\s@AwsOpenSearchServiceDomainClusterConfigDetails' {} a -> s {zoneAwarenessEnabled = a} :: AwsOpenSearchServiceDomainClusterConfigDetails)
+
+instance
+  Data.FromJSON
+    AwsOpenSearchServiceDomainClusterConfigDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsOpenSearchServiceDomainClusterConfigDetails"
+      ( \x ->
+          AwsOpenSearchServiceDomainClusterConfigDetails'
+            Prelude.<$> (x Data..:? "DedicatedMasterCount")
+            Prelude.<*> (x Data..:? "DedicatedMasterEnabled")
+            Prelude.<*> (x Data..:? "DedicatedMasterType")
+            Prelude.<*> (x Data..:? "InstanceCount")
+            Prelude.<*> (x Data..:? "InstanceType")
+            Prelude.<*> (x Data..:? "WarmCount")
+            Prelude.<*> (x Data..:? "WarmEnabled")
+            Prelude.<*> (x Data..:? "WarmType")
+            Prelude.<*> (x Data..:? "ZoneAwarenessConfig")
+            Prelude.<*> (x Data..:? "ZoneAwarenessEnabled")
+      )
+
+instance
+  Prelude.Hashable
+    AwsOpenSearchServiceDomainClusterConfigDetails
+  where
+  hashWithSalt
+    _salt
+    AwsOpenSearchServiceDomainClusterConfigDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` dedicatedMasterCount
+        `Prelude.hashWithSalt` dedicatedMasterEnabled
+        `Prelude.hashWithSalt` dedicatedMasterType
+        `Prelude.hashWithSalt` instanceCount
+        `Prelude.hashWithSalt` instanceType
+        `Prelude.hashWithSalt` warmCount
+        `Prelude.hashWithSalt` warmEnabled
+        `Prelude.hashWithSalt` warmType
+        `Prelude.hashWithSalt` zoneAwarenessConfig
+        `Prelude.hashWithSalt` zoneAwarenessEnabled
+
+instance
+  Prelude.NFData
+    AwsOpenSearchServiceDomainClusterConfigDetails
+  where
+  rnf
+    AwsOpenSearchServiceDomainClusterConfigDetails' {..} =
+      Prelude.rnf dedicatedMasterCount
+        `Prelude.seq` Prelude.rnf dedicatedMasterEnabled
+        `Prelude.seq` Prelude.rnf dedicatedMasterType
+        `Prelude.seq` Prelude.rnf instanceCount
+        `Prelude.seq` Prelude.rnf instanceType
+        `Prelude.seq` Prelude.rnf warmCount
+        `Prelude.seq` Prelude.rnf warmEnabled
+        `Prelude.seq` Prelude.rnf warmType
+        `Prelude.seq` Prelude.rnf zoneAwarenessConfig
+        `Prelude.seq` Prelude.rnf zoneAwarenessEnabled
+
+instance
+  Data.ToJSON
+    AwsOpenSearchServiceDomainClusterConfigDetails
+  where
+  toJSON
+    AwsOpenSearchServiceDomainClusterConfigDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DedicatedMasterCount" Data..=)
+                Prelude.<$> dedicatedMasterCount,
+              ("DedicatedMasterEnabled" Data..=)
+                Prelude.<$> dedicatedMasterEnabled,
+              ("DedicatedMasterType" Data..=)
+                Prelude.<$> dedicatedMasterType,
+              ("InstanceCount" Data..=) Prelude.<$> instanceCount,
+              ("InstanceType" Data..=) Prelude.<$> instanceType,
+              ("WarmCount" Data..=) Prelude.<$> warmCount,
+              ("WarmEnabled" Data..=) Prelude.<$> warmEnabled,
+              ("WarmType" Data..=) Prelude.<$> warmType,
+              ("ZoneAwarenessConfig" Data..=)
+                Prelude.<$> zoneAwarenessConfig,
+              ("ZoneAwarenessEnabled" Data..=)
+                Prelude.<$> zoneAwarenessEnabled
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails.hs
@@ -0,0 +1,100 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Configuration options for zone awareness.
+--
+-- /See:/ 'newAwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails' smart constructor.
+data AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails = AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails'
+  { -- | The number of Availability Zones that the domain uses. Valid values are
+    -- @2@ or @3@. The default is @2@.
+    availabilityZoneCount :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'availabilityZoneCount', 'awsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails_availabilityZoneCount' - The number of Availability Zones that the domain uses. Valid values are
+-- @2@ or @3@. The default is @2@.
+newAwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails ::
+  AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails
+newAwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails =
+  AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails'
+    { availabilityZoneCount =
+        Prelude.Nothing
+    }
+
+-- | The number of Availability Zones that the domain uses. Valid values are
+-- @2@ or @3@. The default is @2@.
+awsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails_availabilityZoneCount :: Lens.Lens' AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails (Prelude.Maybe Prelude.Int)
+awsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails_availabilityZoneCount = Lens.lens (\AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails' {availabilityZoneCount} -> availabilityZoneCount) (\s@AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails' {} a -> s {availabilityZoneCount = a} :: AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails)
+
+instance
+  Data.FromJSON
+    AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails"
+      ( \x ->
+          AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails'
+            Prelude.<$> (x Data..:? "AvailabilityZoneCount")
+      )
+
+instance
+  Prelude.Hashable
+    AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails
+  where
+  hashWithSalt
+    _salt
+    AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails' {..} =
+      _salt `Prelude.hashWithSalt` availabilityZoneCount
+
+instance
+  Prelude.NFData
+    AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails
+  where
+  rnf
+    AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails' {..} =
+      Prelude.rnf availabilityZoneCount
+
+instance
+  Data.ToJSON
+    AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails
+  where
+  toJSON
+    AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AvailabilityZoneCount" Data..=)
+                Prelude.<$> availabilityZoneCount
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainDetails.hs
@@ -0,0 +1,318 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainClusterConfigDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainDomainEndpointOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainLogPublishingOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainVpcOptionsDetails
+
+-- | Information about an Amazon OpenSearch Service domain.
+--
+-- /See:/ 'newAwsOpenSearchServiceDomainDetails' smart constructor.
+data AwsOpenSearchServiceDomainDetails = AwsOpenSearchServiceDomainDetails'
+  { -- | IAM policy document that specifies the access policies for the
+    -- OpenSearch Service domain.
+    accessPolicies :: Prelude.Maybe Prelude.Text,
+    -- | Specifies options for fine-grained access control.
+    advancedSecurityOptions :: Prelude.Maybe AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails,
+    -- | The ARN of the OpenSearch Service domain.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | Details about the configuration of an OpenSearch cluster.
+    clusterConfig :: Prelude.Maybe AwsOpenSearchServiceDomainClusterConfigDetails,
+    -- | The domain endpoint.
+    domainEndpoint :: Prelude.Maybe Prelude.Text,
+    -- | Additional options for the domain endpoint.
+    domainEndpointOptions :: Prelude.Maybe AwsOpenSearchServiceDomainDomainEndpointOptionsDetails,
+    -- | The domain endpoints. Used if the OpenSearch domain resides in a VPC.
+    --
+    -- This is a map of key-value pairs. The key is always @vpc@. The value is
+    -- the endpoint.
+    domainEndpoints :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The name of the endpoint.
+    domainName :: Prelude.Maybe Prelude.Text,
+    -- | Details about the configuration for encryption at rest.
+    encryptionAtRestOptions :: Prelude.Maybe AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails,
+    -- | The version of the domain engine.
+    engineVersion :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the domain.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | Configures the CloudWatch Logs to publish for the OpenSearch domain.
+    logPublishingOptions :: Prelude.Maybe AwsOpenSearchServiceDomainLogPublishingOptionsDetails,
+    -- | Details about the configuration for node-to-node encryption.
+    nodeToNodeEncryptionOptions :: Prelude.Maybe AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails,
+    -- | Information about the status of a domain relative to the latest service
+    -- software.
+    serviceSoftwareOptions :: Prelude.Maybe AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails,
+    -- | Information that OpenSearch Service derives based on @VPCOptions@ for
+    -- the domain.
+    vpcOptions :: Prelude.Maybe AwsOpenSearchServiceDomainVpcOptionsDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsOpenSearchServiceDomainDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessPolicies', 'awsOpenSearchServiceDomainDetails_accessPolicies' - IAM policy document that specifies the access policies for the
+-- OpenSearch Service domain.
+--
+-- 'advancedSecurityOptions', 'awsOpenSearchServiceDomainDetails_advancedSecurityOptions' - Specifies options for fine-grained access control.
+--
+-- 'arn', 'awsOpenSearchServiceDomainDetails_arn' - The ARN of the OpenSearch Service domain.
+--
+-- 'clusterConfig', 'awsOpenSearchServiceDomainDetails_clusterConfig' - Details about the configuration of an OpenSearch cluster.
+--
+-- 'domainEndpoint', 'awsOpenSearchServiceDomainDetails_domainEndpoint' - The domain endpoint.
+--
+-- 'domainEndpointOptions', 'awsOpenSearchServiceDomainDetails_domainEndpointOptions' - Additional options for the domain endpoint.
+--
+-- 'domainEndpoints', 'awsOpenSearchServiceDomainDetails_domainEndpoints' - The domain endpoints. Used if the OpenSearch domain resides in a VPC.
+--
+-- This is a map of key-value pairs. The key is always @vpc@. The value is
+-- the endpoint.
+--
+-- 'domainName', 'awsOpenSearchServiceDomainDetails_domainName' - The name of the endpoint.
+--
+-- 'encryptionAtRestOptions', 'awsOpenSearchServiceDomainDetails_encryptionAtRestOptions' - Details about the configuration for encryption at rest.
+--
+-- 'engineVersion', 'awsOpenSearchServiceDomainDetails_engineVersion' - The version of the domain engine.
+--
+-- 'id', 'awsOpenSearchServiceDomainDetails_id' - The identifier of the domain.
+--
+-- 'logPublishingOptions', 'awsOpenSearchServiceDomainDetails_logPublishingOptions' - Configures the CloudWatch Logs to publish for the OpenSearch domain.
+--
+-- 'nodeToNodeEncryptionOptions', 'awsOpenSearchServiceDomainDetails_nodeToNodeEncryptionOptions' - Details about the configuration for node-to-node encryption.
+--
+-- 'serviceSoftwareOptions', 'awsOpenSearchServiceDomainDetails_serviceSoftwareOptions' - Information about the status of a domain relative to the latest service
+-- software.
+--
+-- 'vpcOptions', 'awsOpenSearchServiceDomainDetails_vpcOptions' - Information that OpenSearch Service derives based on @VPCOptions@ for
+-- the domain.
+newAwsOpenSearchServiceDomainDetails ::
+  AwsOpenSearchServiceDomainDetails
+newAwsOpenSearchServiceDomainDetails =
+  AwsOpenSearchServiceDomainDetails'
+    { accessPolicies =
+        Prelude.Nothing,
+      advancedSecurityOptions =
+        Prelude.Nothing,
+      arn = Prelude.Nothing,
+      clusterConfig = Prelude.Nothing,
+      domainEndpoint = Prelude.Nothing,
+      domainEndpointOptions = Prelude.Nothing,
+      domainEndpoints = Prelude.Nothing,
+      domainName = Prelude.Nothing,
+      encryptionAtRestOptions =
+        Prelude.Nothing,
+      engineVersion = Prelude.Nothing,
+      id = Prelude.Nothing,
+      logPublishingOptions = Prelude.Nothing,
+      nodeToNodeEncryptionOptions =
+        Prelude.Nothing,
+      serviceSoftwareOptions = Prelude.Nothing,
+      vpcOptions = Prelude.Nothing
+    }
+
+-- | IAM policy document that specifies the access policies for the
+-- OpenSearch Service domain.
+awsOpenSearchServiceDomainDetails_accessPolicies :: Lens.Lens' AwsOpenSearchServiceDomainDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainDetails_accessPolicies = Lens.lens (\AwsOpenSearchServiceDomainDetails' {accessPolicies} -> accessPolicies) (\s@AwsOpenSearchServiceDomainDetails' {} a -> s {accessPolicies = a} :: AwsOpenSearchServiceDomainDetails)
+
+-- | Specifies options for fine-grained access control.
+awsOpenSearchServiceDomainDetails_advancedSecurityOptions :: Lens.Lens' AwsOpenSearchServiceDomainDetails (Prelude.Maybe AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails)
+awsOpenSearchServiceDomainDetails_advancedSecurityOptions = Lens.lens (\AwsOpenSearchServiceDomainDetails' {advancedSecurityOptions} -> advancedSecurityOptions) (\s@AwsOpenSearchServiceDomainDetails' {} a -> s {advancedSecurityOptions = a} :: AwsOpenSearchServiceDomainDetails)
+
+-- | The ARN of the OpenSearch Service domain.
+awsOpenSearchServiceDomainDetails_arn :: Lens.Lens' AwsOpenSearchServiceDomainDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainDetails_arn = Lens.lens (\AwsOpenSearchServiceDomainDetails' {arn} -> arn) (\s@AwsOpenSearchServiceDomainDetails' {} a -> s {arn = a} :: AwsOpenSearchServiceDomainDetails)
+
+-- | Details about the configuration of an OpenSearch cluster.
+awsOpenSearchServiceDomainDetails_clusterConfig :: Lens.Lens' AwsOpenSearchServiceDomainDetails (Prelude.Maybe AwsOpenSearchServiceDomainClusterConfigDetails)
+awsOpenSearchServiceDomainDetails_clusterConfig = Lens.lens (\AwsOpenSearchServiceDomainDetails' {clusterConfig} -> clusterConfig) (\s@AwsOpenSearchServiceDomainDetails' {} a -> s {clusterConfig = a} :: AwsOpenSearchServiceDomainDetails)
+
+-- | The domain endpoint.
+awsOpenSearchServiceDomainDetails_domainEndpoint :: Lens.Lens' AwsOpenSearchServiceDomainDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainDetails_domainEndpoint = Lens.lens (\AwsOpenSearchServiceDomainDetails' {domainEndpoint} -> domainEndpoint) (\s@AwsOpenSearchServiceDomainDetails' {} a -> s {domainEndpoint = a} :: AwsOpenSearchServiceDomainDetails)
+
+-- | Additional options for the domain endpoint.
+awsOpenSearchServiceDomainDetails_domainEndpointOptions :: Lens.Lens' AwsOpenSearchServiceDomainDetails (Prelude.Maybe AwsOpenSearchServiceDomainDomainEndpointOptionsDetails)
+awsOpenSearchServiceDomainDetails_domainEndpointOptions = Lens.lens (\AwsOpenSearchServiceDomainDetails' {domainEndpointOptions} -> domainEndpointOptions) (\s@AwsOpenSearchServiceDomainDetails' {} a -> s {domainEndpointOptions = a} :: AwsOpenSearchServiceDomainDetails)
+
+-- | The domain endpoints. Used if the OpenSearch domain resides in a VPC.
+--
+-- This is a map of key-value pairs. The key is always @vpc@. The value is
+-- the endpoint.
+awsOpenSearchServiceDomainDetails_domainEndpoints :: Lens.Lens' AwsOpenSearchServiceDomainDetails (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsOpenSearchServiceDomainDetails_domainEndpoints = Lens.lens (\AwsOpenSearchServiceDomainDetails' {domainEndpoints} -> domainEndpoints) (\s@AwsOpenSearchServiceDomainDetails' {} a -> s {domainEndpoints = a} :: AwsOpenSearchServiceDomainDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the endpoint.
+awsOpenSearchServiceDomainDetails_domainName :: Lens.Lens' AwsOpenSearchServiceDomainDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainDetails_domainName = Lens.lens (\AwsOpenSearchServiceDomainDetails' {domainName} -> domainName) (\s@AwsOpenSearchServiceDomainDetails' {} a -> s {domainName = a} :: AwsOpenSearchServiceDomainDetails)
+
+-- | Details about the configuration for encryption at rest.
+awsOpenSearchServiceDomainDetails_encryptionAtRestOptions :: Lens.Lens' AwsOpenSearchServiceDomainDetails (Prelude.Maybe AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails)
+awsOpenSearchServiceDomainDetails_encryptionAtRestOptions = Lens.lens (\AwsOpenSearchServiceDomainDetails' {encryptionAtRestOptions} -> encryptionAtRestOptions) (\s@AwsOpenSearchServiceDomainDetails' {} a -> s {encryptionAtRestOptions = a} :: AwsOpenSearchServiceDomainDetails)
+
+-- | The version of the domain engine.
+awsOpenSearchServiceDomainDetails_engineVersion :: Lens.Lens' AwsOpenSearchServiceDomainDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainDetails_engineVersion = Lens.lens (\AwsOpenSearchServiceDomainDetails' {engineVersion} -> engineVersion) (\s@AwsOpenSearchServiceDomainDetails' {} a -> s {engineVersion = a} :: AwsOpenSearchServiceDomainDetails)
+
+-- | The identifier of the domain.
+awsOpenSearchServiceDomainDetails_id :: Lens.Lens' AwsOpenSearchServiceDomainDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainDetails_id = Lens.lens (\AwsOpenSearchServiceDomainDetails' {id} -> id) (\s@AwsOpenSearchServiceDomainDetails' {} a -> s {id = a} :: AwsOpenSearchServiceDomainDetails)
+
+-- | Configures the CloudWatch Logs to publish for the OpenSearch domain.
+awsOpenSearchServiceDomainDetails_logPublishingOptions :: Lens.Lens' AwsOpenSearchServiceDomainDetails (Prelude.Maybe AwsOpenSearchServiceDomainLogPublishingOptionsDetails)
+awsOpenSearchServiceDomainDetails_logPublishingOptions = Lens.lens (\AwsOpenSearchServiceDomainDetails' {logPublishingOptions} -> logPublishingOptions) (\s@AwsOpenSearchServiceDomainDetails' {} a -> s {logPublishingOptions = a} :: AwsOpenSearchServiceDomainDetails)
+
+-- | Details about the configuration for node-to-node encryption.
+awsOpenSearchServiceDomainDetails_nodeToNodeEncryptionOptions :: Lens.Lens' AwsOpenSearchServiceDomainDetails (Prelude.Maybe AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails)
+awsOpenSearchServiceDomainDetails_nodeToNodeEncryptionOptions = Lens.lens (\AwsOpenSearchServiceDomainDetails' {nodeToNodeEncryptionOptions} -> nodeToNodeEncryptionOptions) (\s@AwsOpenSearchServiceDomainDetails' {} a -> s {nodeToNodeEncryptionOptions = a} :: AwsOpenSearchServiceDomainDetails)
+
+-- | Information about the status of a domain relative to the latest service
+-- software.
+awsOpenSearchServiceDomainDetails_serviceSoftwareOptions :: Lens.Lens' AwsOpenSearchServiceDomainDetails (Prelude.Maybe AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails)
+awsOpenSearchServiceDomainDetails_serviceSoftwareOptions = Lens.lens (\AwsOpenSearchServiceDomainDetails' {serviceSoftwareOptions} -> serviceSoftwareOptions) (\s@AwsOpenSearchServiceDomainDetails' {} a -> s {serviceSoftwareOptions = a} :: AwsOpenSearchServiceDomainDetails)
+
+-- | Information that OpenSearch Service derives based on @VPCOptions@ for
+-- the domain.
+awsOpenSearchServiceDomainDetails_vpcOptions :: Lens.Lens' AwsOpenSearchServiceDomainDetails (Prelude.Maybe AwsOpenSearchServiceDomainVpcOptionsDetails)
+awsOpenSearchServiceDomainDetails_vpcOptions = Lens.lens (\AwsOpenSearchServiceDomainDetails' {vpcOptions} -> vpcOptions) (\s@AwsOpenSearchServiceDomainDetails' {} a -> s {vpcOptions = a} :: AwsOpenSearchServiceDomainDetails)
+
+instance
+  Data.FromJSON
+    AwsOpenSearchServiceDomainDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsOpenSearchServiceDomainDetails"
+      ( \x ->
+          AwsOpenSearchServiceDomainDetails'
+            Prelude.<$> (x Data..:? "AccessPolicies")
+            Prelude.<*> (x Data..:? "AdvancedSecurityOptions")
+            Prelude.<*> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "ClusterConfig")
+            Prelude.<*> (x Data..:? "DomainEndpoint")
+            Prelude.<*> (x Data..:? "DomainEndpointOptions")
+            Prelude.<*> ( x
+                            Data..:? "DomainEndpoints"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "DomainName")
+            Prelude.<*> (x Data..:? "EncryptionAtRestOptions")
+            Prelude.<*> (x Data..:? "EngineVersion")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "LogPublishingOptions")
+            Prelude.<*> (x Data..:? "NodeToNodeEncryptionOptions")
+            Prelude.<*> (x Data..:? "ServiceSoftwareOptions")
+            Prelude.<*> (x Data..:? "VpcOptions")
+      )
+
+instance
+  Prelude.Hashable
+    AwsOpenSearchServiceDomainDetails
+  where
+  hashWithSalt
+    _salt
+    AwsOpenSearchServiceDomainDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` accessPolicies
+        `Prelude.hashWithSalt` advancedSecurityOptions
+        `Prelude.hashWithSalt` arn
+        `Prelude.hashWithSalt` clusterConfig
+        `Prelude.hashWithSalt` domainEndpoint
+        `Prelude.hashWithSalt` domainEndpointOptions
+        `Prelude.hashWithSalt` domainEndpoints
+        `Prelude.hashWithSalt` domainName
+        `Prelude.hashWithSalt` encryptionAtRestOptions
+        `Prelude.hashWithSalt` engineVersion
+        `Prelude.hashWithSalt` id
+        `Prelude.hashWithSalt` logPublishingOptions
+        `Prelude.hashWithSalt` nodeToNodeEncryptionOptions
+        `Prelude.hashWithSalt` serviceSoftwareOptions
+        `Prelude.hashWithSalt` vpcOptions
+
+instance
+  Prelude.NFData
+    AwsOpenSearchServiceDomainDetails
+  where
+  rnf AwsOpenSearchServiceDomainDetails' {..} =
+    Prelude.rnf accessPolicies
+      `Prelude.seq` Prelude.rnf advancedSecurityOptions
+      `Prelude.seq` Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf clusterConfig
+      `Prelude.seq` Prelude.rnf domainEndpoint
+      `Prelude.seq` Prelude.rnf domainEndpointOptions
+      `Prelude.seq` Prelude.rnf domainEndpoints
+      `Prelude.seq` Prelude.rnf domainName
+      `Prelude.seq` Prelude.rnf encryptionAtRestOptions
+      `Prelude.seq` Prelude.rnf engineVersion
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf logPublishingOptions
+      `Prelude.seq` Prelude.rnf nodeToNodeEncryptionOptions
+      `Prelude.seq` Prelude.rnf serviceSoftwareOptions
+      `Prelude.seq` Prelude.rnf vpcOptions
+
+instance
+  Data.ToJSON
+    AwsOpenSearchServiceDomainDetails
+  where
+  toJSON AwsOpenSearchServiceDomainDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AccessPolicies" Data..=)
+              Prelude.<$> accessPolicies,
+            ("AdvancedSecurityOptions" Data..=)
+              Prelude.<$> advancedSecurityOptions,
+            ("Arn" Data..=) Prelude.<$> arn,
+            ("ClusterConfig" Data..=) Prelude.<$> clusterConfig,
+            ("DomainEndpoint" Data..=)
+              Prelude.<$> domainEndpoint,
+            ("DomainEndpointOptions" Data..=)
+              Prelude.<$> domainEndpointOptions,
+            ("DomainEndpoints" Data..=)
+              Prelude.<$> domainEndpoints,
+            ("DomainName" Data..=) Prelude.<$> domainName,
+            ("EncryptionAtRestOptions" Data..=)
+              Prelude.<$> encryptionAtRestOptions,
+            ("EngineVersion" Data..=) Prelude.<$> engineVersion,
+            ("Id" Data..=) Prelude.<$> id,
+            ("LogPublishingOptions" Data..=)
+              Prelude.<$> logPublishingOptions,
+            ("NodeToNodeEncryptionOptions" Data..=)
+              Prelude.<$> nodeToNodeEncryptionOptions,
+            ("ServiceSoftwareOptions" Data..=)
+              Prelude.<$> serviceSoftwareOptions,
+            ("VpcOptions" Data..=) Prelude.<$> vpcOptions
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainDomainEndpointOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainDomainEndpointOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainDomainEndpointOptionsDetails.hs
@@ -0,0 +1,160 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainDomainEndpointOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainDomainEndpointOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about additional options for the domain endpoint.
+--
+-- /See:/ 'newAwsOpenSearchServiceDomainDomainEndpointOptionsDetails' smart constructor.
+data AwsOpenSearchServiceDomainDomainEndpointOptionsDetails = AwsOpenSearchServiceDomainDomainEndpointOptionsDetails'
+  { -- | The fully qualified URL for the custom endpoint.
+    customEndpoint :: Prelude.Maybe Prelude.Text,
+    -- | The ARN for the security certificate. The certificate is managed in ACM.
+    customEndpointCertificateArn :: Prelude.Maybe Prelude.Text,
+    -- | Whether to enable a custom endpoint for the domain.
+    customEndpointEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | Whether to require that all traffic to the domain arrive over HTTPS.
+    enforceHTTPS :: Prelude.Maybe Prelude.Bool,
+    -- | The TLS security policy to apply to the HTTPS endpoint of the OpenSearch
+    -- domain.
+    tLSSecurityPolicy :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsOpenSearchServiceDomainDomainEndpointOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customEndpoint', 'awsOpenSearchServiceDomainDomainEndpointOptionsDetails_customEndpoint' - The fully qualified URL for the custom endpoint.
+--
+-- 'customEndpointCertificateArn', 'awsOpenSearchServiceDomainDomainEndpointOptionsDetails_customEndpointCertificateArn' - The ARN for the security certificate. The certificate is managed in ACM.
+--
+-- 'customEndpointEnabled', 'awsOpenSearchServiceDomainDomainEndpointOptionsDetails_customEndpointEnabled' - Whether to enable a custom endpoint for the domain.
+--
+-- 'enforceHTTPS', 'awsOpenSearchServiceDomainDomainEndpointOptionsDetails_enforceHTTPS' - Whether to require that all traffic to the domain arrive over HTTPS.
+--
+-- 'tLSSecurityPolicy', 'awsOpenSearchServiceDomainDomainEndpointOptionsDetails_tLSSecurityPolicy' - The TLS security policy to apply to the HTTPS endpoint of the OpenSearch
+-- domain.
+newAwsOpenSearchServiceDomainDomainEndpointOptionsDetails ::
+  AwsOpenSearchServiceDomainDomainEndpointOptionsDetails
+newAwsOpenSearchServiceDomainDomainEndpointOptionsDetails =
+  AwsOpenSearchServiceDomainDomainEndpointOptionsDetails'
+    { customEndpoint =
+        Prelude.Nothing,
+      customEndpointCertificateArn =
+        Prelude.Nothing,
+      customEndpointEnabled =
+        Prelude.Nothing,
+      enforceHTTPS =
+        Prelude.Nothing,
+      tLSSecurityPolicy =
+        Prelude.Nothing
+    }
+
+-- | The fully qualified URL for the custom endpoint.
+awsOpenSearchServiceDomainDomainEndpointOptionsDetails_customEndpoint :: Lens.Lens' AwsOpenSearchServiceDomainDomainEndpointOptionsDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainDomainEndpointOptionsDetails_customEndpoint = Lens.lens (\AwsOpenSearchServiceDomainDomainEndpointOptionsDetails' {customEndpoint} -> customEndpoint) (\s@AwsOpenSearchServiceDomainDomainEndpointOptionsDetails' {} a -> s {customEndpoint = a} :: AwsOpenSearchServiceDomainDomainEndpointOptionsDetails)
+
+-- | The ARN for the security certificate. The certificate is managed in ACM.
+awsOpenSearchServiceDomainDomainEndpointOptionsDetails_customEndpointCertificateArn :: Lens.Lens' AwsOpenSearchServiceDomainDomainEndpointOptionsDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainDomainEndpointOptionsDetails_customEndpointCertificateArn = Lens.lens (\AwsOpenSearchServiceDomainDomainEndpointOptionsDetails' {customEndpointCertificateArn} -> customEndpointCertificateArn) (\s@AwsOpenSearchServiceDomainDomainEndpointOptionsDetails' {} a -> s {customEndpointCertificateArn = a} :: AwsOpenSearchServiceDomainDomainEndpointOptionsDetails)
+
+-- | Whether to enable a custom endpoint for the domain.
+awsOpenSearchServiceDomainDomainEndpointOptionsDetails_customEndpointEnabled :: Lens.Lens' AwsOpenSearchServiceDomainDomainEndpointOptionsDetails (Prelude.Maybe Prelude.Bool)
+awsOpenSearchServiceDomainDomainEndpointOptionsDetails_customEndpointEnabled = Lens.lens (\AwsOpenSearchServiceDomainDomainEndpointOptionsDetails' {customEndpointEnabled} -> customEndpointEnabled) (\s@AwsOpenSearchServiceDomainDomainEndpointOptionsDetails' {} a -> s {customEndpointEnabled = a} :: AwsOpenSearchServiceDomainDomainEndpointOptionsDetails)
+
+-- | Whether to require that all traffic to the domain arrive over HTTPS.
+awsOpenSearchServiceDomainDomainEndpointOptionsDetails_enforceHTTPS :: Lens.Lens' AwsOpenSearchServiceDomainDomainEndpointOptionsDetails (Prelude.Maybe Prelude.Bool)
+awsOpenSearchServiceDomainDomainEndpointOptionsDetails_enforceHTTPS = Lens.lens (\AwsOpenSearchServiceDomainDomainEndpointOptionsDetails' {enforceHTTPS} -> enforceHTTPS) (\s@AwsOpenSearchServiceDomainDomainEndpointOptionsDetails' {} a -> s {enforceHTTPS = a} :: AwsOpenSearchServiceDomainDomainEndpointOptionsDetails)
+
+-- | The TLS security policy to apply to the HTTPS endpoint of the OpenSearch
+-- domain.
+awsOpenSearchServiceDomainDomainEndpointOptionsDetails_tLSSecurityPolicy :: Lens.Lens' AwsOpenSearchServiceDomainDomainEndpointOptionsDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainDomainEndpointOptionsDetails_tLSSecurityPolicy = Lens.lens (\AwsOpenSearchServiceDomainDomainEndpointOptionsDetails' {tLSSecurityPolicy} -> tLSSecurityPolicy) (\s@AwsOpenSearchServiceDomainDomainEndpointOptionsDetails' {} a -> s {tLSSecurityPolicy = a} :: AwsOpenSearchServiceDomainDomainEndpointOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsOpenSearchServiceDomainDomainEndpointOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsOpenSearchServiceDomainDomainEndpointOptionsDetails"
+      ( \x ->
+          AwsOpenSearchServiceDomainDomainEndpointOptionsDetails'
+            Prelude.<$> (x Data..:? "CustomEndpoint")
+            Prelude.<*> (x Data..:? "CustomEndpointCertificateArn")
+            Prelude.<*> (x Data..:? "CustomEndpointEnabled")
+            Prelude.<*> (x Data..:? "EnforceHTTPS")
+            Prelude.<*> (x Data..:? "TLSSecurityPolicy")
+      )
+
+instance
+  Prelude.Hashable
+    AwsOpenSearchServiceDomainDomainEndpointOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsOpenSearchServiceDomainDomainEndpointOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` customEndpoint
+        `Prelude.hashWithSalt` customEndpointCertificateArn
+        `Prelude.hashWithSalt` customEndpointEnabled
+        `Prelude.hashWithSalt` enforceHTTPS
+        `Prelude.hashWithSalt` tLSSecurityPolicy
+
+instance
+  Prelude.NFData
+    AwsOpenSearchServiceDomainDomainEndpointOptionsDetails
+  where
+  rnf
+    AwsOpenSearchServiceDomainDomainEndpointOptionsDetails' {..} =
+      Prelude.rnf customEndpoint
+        `Prelude.seq` Prelude.rnf customEndpointCertificateArn
+        `Prelude.seq` Prelude.rnf customEndpointEnabled
+        `Prelude.seq` Prelude.rnf enforceHTTPS
+        `Prelude.seq` Prelude.rnf tLSSecurityPolicy
+
+instance
+  Data.ToJSON
+    AwsOpenSearchServiceDomainDomainEndpointOptionsDetails
+  where
+  toJSON
+    AwsOpenSearchServiceDomainDomainEndpointOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("CustomEndpoint" Data..=)
+                Prelude.<$> customEndpoint,
+              ("CustomEndpointCertificateArn" Data..=)
+                Prelude.<$> customEndpointCertificateArn,
+              ("CustomEndpointEnabled" Data..=)
+                Prelude.<$> customEndpointEnabled,
+              ("EnforceHTTPS" Data..=) Prelude.<$> enforceHTTPS,
+              ("TLSSecurityPolicy" Data..=)
+                Prelude.<$> tLSSecurityPolicy
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about the configuration for encryption at rest for the
+-- OpenSearch domain.
+--
+-- /See:/ 'newAwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails' smart constructor.
+data AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails = AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails'
+  { -- | Whether encryption at rest is enabled.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | The KMS key ID.
+    kmsKeyId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enabled', 'awsOpenSearchServiceDomainEncryptionAtRestOptionsDetails_enabled' - Whether encryption at rest is enabled.
+--
+-- 'kmsKeyId', 'awsOpenSearchServiceDomainEncryptionAtRestOptionsDetails_kmsKeyId' - The KMS key ID.
+newAwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails ::
+  AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails
+newAwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails =
+  AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails'
+    { enabled =
+        Prelude.Nothing,
+      kmsKeyId =
+        Prelude.Nothing
+    }
+
+-- | Whether encryption at rest is enabled.
+awsOpenSearchServiceDomainEncryptionAtRestOptionsDetails_enabled :: Lens.Lens' AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails (Prelude.Maybe Prelude.Bool)
+awsOpenSearchServiceDomainEncryptionAtRestOptionsDetails_enabled = Lens.lens (\AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails' {enabled} -> enabled) (\s@AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails' {} a -> s {enabled = a} :: AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails)
+
+-- | The KMS key ID.
+awsOpenSearchServiceDomainEncryptionAtRestOptionsDetails_kmsKeyId :: Lens.Lens' AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainEncryptionAtRestOptionsDetails_kmsKeyId = Lens.lens (\AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails' {kmsKeyId} -> kmsKeyId) (\s@AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails' {} a -> s {kmsKeyId = a} :: AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails"
+      ( \x ->
+          AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails'
+            Prelude.<$> (x Data..:? "Enabled")
+            Prelude.<*> (x Data..:? "KmsKeyId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` enabled
+        `Prelude.hashWithSalt` kmsKeyId
+
+instance
+  Prelude.NFData
+    AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails
+  where
+  rnf
+    AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails' {..} =
+      Prelude.rnf enabled
+        `Prelude.seq` Prelude.rnf kmsKeyId
+
+instance
+  Data.ToJSON
+    AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails
+  where
+  toJSON
+    AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Enabled" Data..=) Prelude.<$> enabled,
+              ("KmsKeyId" Data..=) Prelude.<$> kmsKeyId
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainLogPublishingOption.hs b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainLogPublishingOption.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainLogPublishingOption.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainLogPublishingOption
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainLogPublishingOption where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Configuration details for a log publishing option.
+--
+-- /See:/ 'newAwsOpenSearchServiceDomainLogPublishingOption' smart constructor.
+data AwsOpenSearchServiceDomainLogPublishingOption = AwsOpenSearchServiceDomainLogPublishingOption'
+  { -- | The ARN of the CloudWatch Logs group to publish the logs to.
+    cloudWatchLogsLogGroupArn :: Prelude.Maybe Prelude.Text,
+    -- | Whether the log publishing is enabled.
+    enabled :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsOpenSearchServiceDomainLogPublishingOption' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cloudWatchLogsLogGroupArn', 'awsOpenSearchServiceDomainLogPublishingOption_cloudWatchLogsLogGroupArn' - The ARN of the CloudWatch Logs group to publish the logs to.
+--
+-- 'enabled', 'awsOpenSearchServiceDomainLogPublishingOption_enabled' - Whether the log publishing is enabled.
+newAwsOpenSearchServiceDomainLogPublishingOption ::
+  AwsOpenSearchServiceDomainLogPublishingOption
+newAwsOpenSearchServiceDomainLogPublishingOption =
+  AwsOpenSearchServiceDomainLogPublishingOption'
+    { cloudWatchLogsLogGroupArn =
+        Prelude.Nothing,
+      enabled = Prelude.Nothing
+    }
+
+-- | The ARN of the CloudWatch Logs group to publish the logs to.
+awsOpenSearchServiceDomainLogPublishingOption_cloudWatchLogsLogGroupArn :: Lens.Lens' AwsOpenSearchServiceDomainLogPublishingOption (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainLogPublishingOption_cloudWatchLogsLogGroupArn = Lens.lens (\AwsOpenSearchServiceDomainLogPublishingOption' {cloudWatchLogsLogGroupArn} -> cloudWatchLogsLogGroupArn) (\s@AwsOpenSearchServiceDomainLogPublishingOption' {} a -> s {cloudWatchLogsLogGroupArn = a} :: AwsOpenSearchServiceDomainLogPublishingOption)
+
+-- | Whether the log publishing is enabled.
+awsOpenSearchServiceDomainLogPublishingOption_enabled :: Lens.Lens' AwsOpenSearchServiceDomainLogPublishingOption (Prelude.Maybe Prelude.Bool)
+awsOpenSearchServiceDomainLogPublishingOption_enabled = Lens.lens (\AwsOpenSearchServiceDomainLogPublishingOption' {enabled} -> enabled) (\s@AwsOpenSearchServiceDomainLogPublishingOption' {} a -> s {enabled = a} :: AwsOpenSearchServiceDomainLogPublishingOption)
+
+instance
+  Data.FromJSON
+    AwsOpenSearchServiceDomainLogPublishingOption
+  where
+  parseJSON =
+    Data.withObject
+      "AwsOpenSearchServiceDomainLogPublishingOption"
+      ( \x ->
+          AwsOpenSearchServiceDomainLogPublishingOption'
+            Prelude.<$> (x Data..:? "CloudWatchLogsLogGroupArn")
+            Prelude.<*> (x Data..:? "Enabled")
+      )
+
+instance
+  Prelude.Hashable
+    AwsOpenSearchServiceDomainLogPublishingOption
+  where
+  hashWithSalt
+    _salt
+    AwsOpenSearchServiceDomainLogPublishingOption' {..} =
+      _salt
+        `Prelude.hashWithSalt` cloudWatchLogsLogGroupArn
+        `Prelude.hashWithSalt` enabled
+
+instance
+  Prelude.NFData
+    AwsOpenSearchServiceDomainLogPublishingOption
+  where
+  rnf
+    AwsOpenSearchServiceDomainLogPublishingOption' {..} =
+      Prelude.rnf cloudWatchLogsLogGroupArn
+        `Prelude.seq` Prelude.rnf enabled
+
+instance
+  Data.ToJSON
+    AwsOpenSearchServiceDomainLogPublishingOption
+  where
+  toJSON
+    AwsOpenSearchServiceDomainLogPublishingOption' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("CloudWatchLogsLogGroupArn" Data..=)
+                Prelude.<$> cloudWatchLogsLogGroupArn,
+              ("Enabled" Data..=) Prelude.<$> enabled
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainLogPublishingOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainLogPublishingOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainLogPublishingOptionsDetails.hs
@@ -0,0 +1,127 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainLogPublishingOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainLogPublishingOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainLogPublishingOption
+
+-- | Configures the CloudWatch Logs to publish for the OpenSearch domain.
+--
+-- /See:/ 'newAwsOpenSearchServiceDomainLogPublishingOptionsDetails' smart constructor.
+data AwsOpenSearchServiceDomainLogPublishingOptionsDetails = AwsOpenSearchServiceDomainLogPublishingOptionsDetails'
+  { -- | Configures the OpenSearch audit logs publishing.
+    auditLogs :: Prelude.Maybe AwsOpenSearchServiceDomainLogPublishingOption,
+    -- | Configures the OpenSearch index logs publishing.
+    indexSlowLogs :: Prelude.Maybe AwsOpenSearchServiceDomainLogPublishingOption,
+    -- | Configures the OpenSearch search slow log publishing.
+    searchSlowLogs :: Prelude.Maybe AwsOpenSearchServiceDomainLogPublishingOption
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsOpenSearchServiceDomainLogPublishingOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'auditLogs', 'awsOpenSearchServiceDomainLogPublishingOptionsDetails_auditLogs' - Configures the OpenSearch audit logs publishing.
+--
+-- 'indexSlowLogs', 'awsOpenSearchServiceDomainLogPublishingOptionsDetails_indexSlowLogs' - Configures the OpenSearch index logs publishing.
+--
+-- 'searchSlowLogs', 'awsOpenSearchServiceDomainLogPublishingOptionsDetails_searchSlowLogs' - Configures the OpenSearch search slow log publishing.
+newAwsOpenSearchServiceDomainLogPublishingOptionsDetails ::
+  AwsOpenSearchServiceDomainLogPublishingOptionsDetails
+newAwsOpenSearchServiceDomainLogPublishingOptionsDetails =
+  AwsOpenSearchServiceDomainLogPublishingOptionsDetails'
+    { auditLogs =
+        Prelude.Nothing,
+      indexSlowLogs =
+        Prelude.Nothing,
+      searchSlowLogs =
+        Prelude.Nothing
+    }
+
+-- | Configures the OpenSearch audit logs publishing.
+awsOpenSearchServiceDomainLogPublishingOptionsDetails_auditLogs :: Lens.Lens' AwsOpenSearchServiceDomainLogPublishingOptionsDetails (Prelude.Maybe AwsOpenSearchServiceDomainLogPublishingOption)
+awsOpenSearchServiceDomainLogPublishingOptionsDetails_auditLogs = Lens.lens (\AwsOpenSearchServiceDomainLogPublishingOptionsDetails' {auditLogs} -> auditLogs) (\s@AwsOpenSearchServiceDomainLogPublishingOptionsDetails' {} a -> s {auditLogs = a} :: AwsOpenSearchServiceDomainLogPublishingOptionsDetails)
+
+-- | Configures the OpenSearch index logs publishing.
+awsOpenSearchServiceDomainLogPublishingOptionsDetails_indexSlowLogs :: Lens.Lens' AwsOpenSearchServiceDomainLogPublishingOptionsDetails (Prelude.Maybe AwsOpenSearchServiceDomainLogPublishingOption)
+awsOpenSearchServiceDomainLogPublishingOptionsDetails_indexSlowLogs = Lens.lens (\AwsOpenSearchServiceDomainLogPublishingOptionsDetails' {indexSlowLogs} -> indexSlowLogs) (\s@AwsOpenSearchServiceDomainLogPublishingOptionsDetails' {} a -> s {indexSlowLogs = a} :: AwsOpenSearchServiceDomainLogPublishingOptionsDetails)
+
+-- | Configures the OpenSearch search slow log publishing.
+awsOpenSearchServiceDomainLogPublishingOptionsDetails_searchSlowLogs :: Lens.Lens' AwsOpenSearchServiceDomainLogPublishingOptionsDetails (Prelude.Maybe AwsOpenSearchServiceDomainLogPublishingOption)
+awsOpenSearchServiceDomainLogPublishingOptionsDetails_searchSlowLogs = Lens.lens (\AwsOpenSearchServiceDomainLogPublishingOptionsDetails' {searchSlowLogs} -> searchSlowLogs) (\s@AwsOpenSearchServiceDomainLogPublishingOptionsDetails' {} a -> s {searchSlowLogs = a} :: AwsOpenSearchServiceDomainLogPublishingOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsOpenSearchServiceDomainLogPublishingOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsOpenSearchServiceDomainLogPublishingOptionsDetails"
+      ( \x ->
+          AwsOpenSearchServiceDomainLogPublishingOptionsDetails'
+            Prelude.<$> (x Data..:? "AuditLogs")
+            Prelude.<*> (x Data..:? "IndexSlowLogs")
+            Prelude.<*> (x Data..:? "SearchSlowLogs")
+      )
+
+instance
+  Prelude.Hashable
+    AwsOpenSearchServiceDomainLogPublishingOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsOpenSearchServiceDomainLogPublishingOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` auditLogs
+        `Prelude.hashWithSalt` indexSlowLogs
+        `Prelude.hashWithSalt` searchSlowLogs
+
+instance
+  Prelude.NFData
+    AwsOpenSearchServiceDomainLogPublishingOptionsDetails
+  where
+  rnf
+    AwsOpenSearchServiceDomainLogPublishingOptionsDetails' {..} =
+      Prelude.rnf auditLogs
+        `Prelude.seq` Prelude.rnf indexSlowLogs
+        `Prelude.seq` Prelude.rnf searchSlowLogs
+
+instance
+  Data.ToJSON
+    AwsOpenSearchServiceDomainLogPublishingOptionsDetails
+  where
+  toJSON
+    AwsOpenSearchServiceDomainLogPublishingOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AuditLogs" Data..=) Prelude.<$> auditLogs,
+              ("IndexSlowLogs" Data..=) Prelude.<$> indexSlowLogs,
+              ("SearchSlowLogs" Data..=)
+                Prelude.<$> searchSlowLogs
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainMasterUserOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainMasterUserOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainMasterUserOptionsDetails.hs
@@ -0,0 +1,127 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainMasterUserOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainMasterUserOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies information about the master user of the domain.
+--
+-- /See:/ 'newAwsOpenSearchServiceDomainMasterUserOptionsDetails' smart constructor.
+data AwsOpenSearchServiceDomainMasterUserOptionsDetails = AwsOpenSearchServiceDomainMasterUserOptionsDetails'
+  { -- | The Amazon Resource Name (ARN) for the master user.
+    masterUserArn :: Prelude.Maybe Prelude.Text,
+    -- | The username for the master user.
+    masterUserName :: Prelude.Maybe Prelude.Text,
+    -- | The password for the master user.
+    masterUserPassword :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsOpenSearchServiceDomainMasterUserOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'masterUserArn', 'awsOpenSearchServiceDomainMasterUserOptionsDetails_masterUserArn' - The Amazon Resource Name (ARN) for the master user.
+--
+-- 'masterUserName', 'awsOpenSearchServiceDomainMasterUserOptionsDetails_masterUserName' - The username for the master user.
+--
+-- 'masterUserPassword', 'awsOpenSearchServiceDomainMasterUserOptionsDetails_masterUserPassword' - The password for the master user.
+newAwsOpenSearchServiceDomainMasterUserOptionsDetails ::
+  AwsOpenSearchServiceDomainMasterUserOptionsDetails
+newAwsOpenSearchServiceDomainMasterUserOptionsDetails =
+  AwsOpenSearchServiceDomainMasterUserOptionsDetails'
+    { masterUserArn =
+        Prelude.Nothing,
+      masterUserName =
+        Prelude.Nothing,
+      masterUserPassword =
+        Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) for the master user.
+awsOpenSearchServiceDomainMasterUserOptionsDetails_masterUserArn :: Lens.Lens' AwsOpenSearchServiceDomainMasterUserOptionsDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainMasterUserOptionsDetails_masterUserArn = Lens.lens (\AwsOpenSearchServiceDomainMasterUserOptionsDetails' {masterUserArn} -> masterUserArn) (\s@AwsOpenSearchServiceDomainMasterUserOptionsDetails' {} a -> s {masterUserArn = a} :: AwsOpenSearchServiceDomainMasterUserOptionsDetails)
+
+-- | The username for the master user.
+awsOpenSearchServiceDomainMasterUserOptionsDetails_masterUserName :: Lens.Lens' AwsOpenSearchServiceDomainMasterUserOptionsDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainMasterUserOptionsDetails_masterUserName = Lens.lens (\AwsOpenSearchServiceDomainMasterUserOptionsDetails' {masterUserName} -> masterUserName) (\s@AwsOpenSearchServiceDomainMasterUserOptionsDetails' {} a -> s {masterUserName = a} :: AwsOpenSearchServiceDomainMasterUserOptionsDetails)
+
+-- | The password for the master user.
+awsOpenSearchServiceDomainMasterUserOptionsDetails_masterUserPassword :: Lens.Lens' AwsOpenSearchServiceDomainMasterUserOptionsDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainMasterUserOptionsDetails_masterUserPassword = Lens.lens (\AwsOpenSearchServiceDomainMasterUserOptionsDetails' {masterUserPassword} -> masterUserPassword) (\s@AwsOpenSearchServiceDomainMasterUserOptionsDetails' {} a -> s {masterUserPassword = a} :: AwsOpenSearchServiceDomainMasterUserOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsOpenSearchServiceDomainMasterUserOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsOpenSearchServiceDomainMasterUserOptionsDetails"
+      ( \x ->
+          AwsOpenSearchServiceDomainMasterUserOptionsDetails'
+            Prelude.<$> (x Data..:? "MasterUserArn")
+            Prelude.<*> (x Data..:? "MasterUserName")
+            Prelude.<*> (x Data..:? "MasterUserPassword")
+      )
+
+instance
+  Prelude.Hashable
+    AwsOpenSearchServiceDomainMasterUserOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsOpenSearchServiceDomainMasterUserOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` masterUserArn
+        `Prelude.hashWithSalt` masterUserName
+        `Prelude.hashWithSalt` masterUserPassword
+
+instance
+  Prelude.NFData
+    AwsOpenSearchServiceDomainMasterUserOptionsDetails
+  where
+  rnf
+    AwsOpenSearchServiceDomainMasterUserOptionsDetails' {..} =
+      Prelude.rnf masterUserArn
+        `Prelude.seq` Prelude.rnf masterUserName
+        `Prelude.seq` Prelude.rnf masterUserPassword
+
+instance
+  Data.ToJSON
+    AwsOpenSearchServiceDomainMasterUserOptionsDetails
+  where
+  toJSON
+    AwsOpenSearchServiceDomainMasterUserOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("MasterUserArn" Data..=) Prelude.<$> masterUserArn,
+              ("MasterUserName" Data..=)
+                Prelude.<$> masterUserName,
+              ("MasterUserPassword" Data..=)
+                Prelude.<$> masterUserPassword
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about the configuration for node-to-node encryption.
+--
+-- /See:/ 'newAwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails' smart constructor.
+data AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails = AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails'
+  { -- | Whether node-to-node encryption is enabled.
+    enabled :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enabled', 'awsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails_enabled' - Whether node-to-node encryption is enabled.
+newAwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails ::
+  AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails
+newAwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails =
+  AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails'
+    { enabled =
+        Prelude.Nothing
+    }
+
+-- | Whether node-to-node encryption is enabled.
+awsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails_enabled :: Lens.Lens' AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails (Prelude.Maybe Prelude.Bool)
+awsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails_enabled = Lens.lens (\AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails' {enabled} -> enabled) (\s@AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails' {} a -> s {enabled = a} :: AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails"
+      ( \x ->
+          AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails'
+            Prelude.<$> (x Data..:? "Enabled")
+      )
+
+instance
+  Prelude.Hashable
+    AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails' {..} =
+      _salt `Prelude.hashWithSalt` enabled
+
+instance
+  Prelude.NFData
+    AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails
+  where
+  rnf
+    AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails' {..} =
+      Prelude.rnf enabled
+
+instance
+  Data.ToJSON
+    AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails
+  where
+  toJSON
+    AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Enabled" Data..=) Prelude.<$> enabled]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails.hs
@@ -0,0 +1,239 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about the state of the domain relative to the
+-- latest service software.
+--
+-- /See:/ 'newAwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' smart constructor.
+data AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails = AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails'
+  { -- | The epoch time when the deployment window closes for required updates.
+    -- After this time, OpenSearch Service schedules the software upgrade
+    -- automatically.
+    automatedUpdateDate :: Prelude.Maybe Prelude.Text,
+    -- | Whether a request to update the domain can be canceled.
+    cancellable :: Prelude.Maybe Prelude.Bool,
+    -- | The version of the service software that is currently installed on the
+    -- domain.
+    currentVersion :: Prelude.Maybe Prelude.Text,
+    -- | A more detailed description of the service software status.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The most recent version of the service software.
+    newVersion' :: Prelude.Maybe Prelude.Text,
+    -- | Whether the service software update is optional.
+    optionalDeployment :: Prelude.Maybe Prelude.Bool,
+    -- | Whether a service software update is available for the domain.
+    updateAvailable :: Prelude.Maybe Prelude.Bool,
+    -- | The status of the service software update. Valid values are as follows:
+    --
+    -- -   @COMPLETED@
+    --
+    -- -   @ELIGIBLE@
+    --
+    -- -   @IN_PROGRESS@
+    --
+    -- -   @NOT_ELIGIBLE@
+    --
+    -- -   @PENDING_UPDATE@
+    updateStatus :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'automatedUpdateDate', 'awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_automatedUpdateDate' - The epoch time when the deployment window closes for required updates.
+-- After this time, OpenSearch Service schedules the software upgrade
+-- automatically.
+--
+-- 'cancellable', 'awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_cancellable' - Whether a request to update the domain can be canceled.
+--
+-- 'currentVersion', 'awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_currentVersion' - The version of the service software that is currently installed on the
+-- domain.
+--
+-- 'description', 'awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_description' - A more detailed description of the service software status.
+--
+-- 'newVersion'', 'awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_newVersion' - The most recent version of the service software.
+--
+-- 'optionalDeployment', 'awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_optionalDeployment' - Whether the service software update is optional.
+--
+-- 'updateAvailable', 'awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_updateAvailable' - Whether a service software update is available for the domain.
+--
+-- 'updateStatus', 'awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_updateStatus' - The status of the service software update. Valid values are as follows:
+--
+-- -   @COMPLETED@
+--
+-- -   @ELIGIBLE@
+--
+-- -   @IN_PROGRESS@
+--
+-- -   @NOT_ELIGIBLE@
+--
+-- -   @PENDING_UPDATE@
+newAwsOpenSearchServiceDomainServiceSoftwareOptionsDetails ::
+  AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails
+newAwsOpenSearchServiceDomainServiceSoftwareOptionsDetails =
+  AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails'
+    { automatedUpdateDate =
+        Prelude.Nothing,
+      cancellable =
+        Prelude.Nothing,
+      currentVersion =
+        Prelude.Nothing,
+      description =
+        Prelude.Nothing,
+      newVersion' =
+        Prelude.Nothing,
+      optionalDeployment =
+        Prelude.Nothing,
+      updateAvailable =
+        Prelude.Nothing,
+      updateStatus =
+        Prelude.Nothing
+    }
+
+-- | The epoch time when the deployment window closes for required updates.
+-- After this time, OpenSearch Service schedules the software upgrade
+-- automatically.
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_automatedUpdateDate :: Lens.Lens' AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_automatedUpdateDate = Lens.lens (\AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {automatedUpdateDate} -> automatedUpdateDate) (\s@AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {} a -> s {automatedUpdateDate = a} :: AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails)
+
+-- | Whether a request to update the domain can be canceled.
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_cancellable :: Lens.Lens' AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails (Prelude.Maybe Prelude.Bool)
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_cancellable = Lens.lens (\AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {cancellable} -> cancellable) (\s@AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {} a -> s {cancellable = a} :: AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails)
+
+-- | The version of the service software that is currently installed on the
+-- domain.
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_currentVersion :: Lens.Lens' AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_currentVersion = Lens.lens (\AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {currentVersion} -> currentVersion) (\s@AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {} a -> s {currentVersion = a} :: AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails)
+
+-- | A more detailed description of the service software status.
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_description :: Lens.Lens' AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_description = Lens.lens (\AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {description} -> description) (\s@AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {} a -> s {description = a} :: AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails)
+
+-- | The most recent version of the service software.
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_newVersion :: Lens.Lens' AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_newVersion = Lens.lens (\AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {newVersion'} -> newVersion') (\s@AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {} a -> s {newVersion' = a} :: AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails)
+
+-- | Whether the service software update is optional.
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_optionalDeployment :: Lens.Lens' AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails (Prelude.Maybe Prelude.Bool)
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_optionalDeployment = Lens.lens (\AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {optionalDeployment} -> optionalDeployment) (\s@AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {} a -> s {optionalDeployment = a} :: AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails)
+
+-- | Whether a service software update is available for the domain.
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_updateAvailable :: Lens.Lens' AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails (Prelude.Maybe Prelude.Bool)
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_updateAvailable = Lens.lens (\AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {updateAvailable} -> updateAvailable) (\s@AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {} a -> s {updateAvailable = a} :: AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails)
+
+-- | The status of the service software update. Valid values are as follows:
+--
+-- -   @COMPLETED@
+--
+-- -   @ELIGIBLE@
+--
+-- -   @IN_PROGRESS@
+--
+-- -   @NOT_ELIGIBLE@
+--
+-- -   @PENDING_UPDATE@
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_updateStatus :: Lens.Lens' AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails (Prelude.Maybe Prelude.Text)
+awsOpenSearchServiceDomainServiceSoftwareOptionsDetails_updateStatus = Lens.lens (\AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {updateStatus} -> updateStatus) (\s@AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {} a -> s {updateStatus = a} :: AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails)
+
+instance
+  Data.FromJSON
+    AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails"
+      ( \x ->
+          AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails'
+            Prelude.<$> (x Data..:? "AutomatedUpdateDate")
+            Prelude.<*> (x Data..:? "Cancellable")
+            Prelude.<*> (x Data..:? "CurrentVersion")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "NewVersion")
+            Prelude.<*> (x Data..:? "OptionalDeployment")
+            Prelude.<*> (x Data..:? "UpdateAvailable")
+            Prelude.<*> (x Data..:? "UpdateStatus")
+      )
+
+instance
+  Prelude.Hashable
+    AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` automatedUpdateDate
+        `Prelude.hashWithSalt` cancellable
+        `Prelude.hashWithSalt` currentVersion
+        `Prelude.hashWithSalt` description
+        `Prelude.hashWithSalt` newVersion'
+        `Prelude.hashWithSalt` optionalDeployment
+        `Prelude.hashWithSalt` updateAvailable
+        `Prelude.hashWithSalt` updateStatus
+
+instance
+  Prelude.NFData
+    AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails
+  where
+  rnf
+    AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {..} =
+      Prelude.rnf automatedUpdateDate
+        `Prelude.seq` Prelude.rnf cancellable
+        `Prelude.seq` Prelude.rnf currentVersion
+        `Prelude.seq` Prelude.rnf description
+        `Prelude.seq` Prelude.rnf newVersion'
+        `Prelude.seq` Prelude.rnf optionalDeployment
+        `Prelude.seq` Prelude.rnf updateAvailable
+        `Prelude.seq` Prelude.rnf updateStatus
+
+instance
+  Data.ToJSON
+    AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails
+  where
+  toJSON
+    AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AutomatedUpdateDate" Data..=)
+                Prelude.<$> automatedUpdateDate,
+              ("Cancellable" Data..=) Prelude.<$> cancellable,
+              ("CurrentVersion" Data..=)
+                Prelude.<$> currentVersion,
+              ("Description" Data..=) Prelude.<$> description,
+              ("NewVersion" Data..=) Prelude.<$> newVersion',
+              ("OptionalDeployment" Data..=)
+                Prelude.<$> optionalDeployment,
+              ("UpdateAvailable" Data..=)
+                Prelude.<$> updateAvailable,
+              ("UpdateStatus" Data..=) Prelude.<$> updateStatus
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainVpcOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainVpcOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsOpenSearchServiceDomainVpcOptionsDetails.hs
@@ -0,0 +1,120 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainVpcOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainVpcOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information that OpenSearch Service derives based on the
+-- @VPCOptions@ for the domain.
+--
+-- /See:/ 'newAwsOpenSearchServiceDomainVpcOptionsDetails' smart constructor.
+data AwsOpenSearchServiceDomainVpcOptionsDetails = AwsOpenSearchServiceDomainVpcOptionsDetails'
+  { -- | The list of security group IDs that are associated with the VPC
+    -- endpoints for the domain.
+    securityGroupIds :: Prelude.Maybe [Prelude.Text],
+    -- | A list of subnet IDs that are associated with the VPC endpoints for the
+    -- domain.
+    subnetIds :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsOpenSearchServiceDomainVpcOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'securityGroupIds', 'awsOpenSearchServiceDomainVpcOptionsDetails_securityGroupIds' - The list of security group IDs that are associated with the VPC
+-- endpoints for the domain.
+--
+-- 'subnetIds', 'awsOpenSearchServiceDomainVpcOptionsDetails_subnetIds' - A list of subnet IDs that are associated with the VPC endpoints for the
+-- domain.
+newAwsOpenSearchServiceDomainVpcOptionsDetails ::
+  AwsOpenSearchServiceDomainVpcOptionsDetails
+newAwsOpenSearchServiceDomainVpcOptionsDetails =
+  AwsOpenSearchServiceDomainVpcOptionsDetails'
+    { securityGroupIds =
+        Prelude.Nothing,
+      subnetIds = Prelude.Nothing
+    }
+
+-- | The list of security group IDs that are associated with the VPC
+-- endpoints for the domain.
+awsOpenSearchServiceDomainVpcOptionsDetails_securityGroupIds :: Lens.Lens' AwsOpenSearchServiceDomainVpcOptionsDetails (Prelude.Maybe [Prelude.Text])
+awsOpenSearchServiceDomainVpcOptionsDetails_securityGroupIds = Lens.lens (\AwsOpenSearchServiceDomainVpcOptionsDetails' {securityGroupIds} -> securityGroupIds) (\s@AwsOpenSearchServiceDomainVpcOptionsDetails' {} a -> s {securityGroupIds = a} :: AwsOpenSearchServiceDomainVpcOptionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of subnet IDs that are associated with the VPC endpoints for the
+-- domain.
+awsOpenSearchServiceDomainVpcOptionsDetails_subnetIds :: Lens.Lens' AwsOpenSearchServiceDomainVpcOptionsDetails (Prelude.Maybe [Prelude.Text])
+awsOpenSearchServiceDomainVpcOptionsDetails_subnetIds = Lens.lens (\AwsOpenSearchServiceDomainVpcOptionsDetails' {subnetIds} -> subnetIds) (\s@AwsOpenSearchServiceDomainVpcOptionsDetails' {} a -> s {subnetIds = a} :: AwsOpenSearchServiceDomainVpcOptionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsOpenSearchServiceDomainVpcOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsOpenSearchServiceDomainVpcOptionsDetails"
+      ( \x ->
+          AwsOpenSearchServiceDomainVpcOptionsDetails'
+            Prelude.<$> ( x
+                            Data..:? "SecurityGroupIds"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "SubnetIds" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsOpenSearchServiceDomainVpcOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsOpenSearchServiceDomainVpcOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` securityGroupIds
+        `Prelude.hashWithSalt` subnetIds
+
+instance
+  Prelude.NFData
+    AwsOpenSearchServiceDomainVpcOptionsDetails
+  where
+  rnf AwsOpenSearchServiceDomainVpcOptionsDetails' {..} =
+    Prelude.rnf securityGroupIds
+      `Prelude.seq` Prelude.rnf subnetIds
+
+instance
+  Data.ToJSON
+    AwsOpenSearchServiceDomainVpcOptionsDetails
+  where
+  toJSON
+    AwsOpenSearchServiceDomainVpcOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("SecurityGroupIds" Data..=)
+                Prelude.<$> securityGroupIds,
+              ("SubnetIds" Data..=) Prelude.<$> subnetIds
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbClusterAssociatedRole.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbClusterAssociatedRole.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbClusterAssociatedRole.hs
@@ -0,0 +1,118 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbClusterAssociatedRole
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbClusterAssociatedRole where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An IAM role that is associated with the Amazon RDS DB cluster.
+--
+-- /See:/ 'newAwsRdsDbClusterAssociatedRole' smart constructor.
+data AwsRdsDbClusterAssociatedRole = AwsRdsDbClusterAssociatedRole'
+  { -- | The ARN of the IAM role.
+    roleArn :: Prelude.Maybe Prelude.Text,
+    -- | The status of the association between the IAM role and the DB cluster.
+    -- Valid values are as follows:
+    --
+    -- -   @ACTIVE@
+    --
+    -- -   @INVALID@
+    --
+    -- -   @PENDING@
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbClusterAssociatedRole' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'roleArn', 'awsRdsDbClusterAssociatedRole_roleArn' - The ARN of the IAM role.
+--
+-- 'status', 'awsRdsDbClusterAssociatedRole_status' - The status of the association between the IAM role and the DB cluster.
+-- Valid values are as follows:
+--
+-- -   @ACTIVE@
+--
+-- -   @INVALID@
+--
+-- -   @PENDING@
+newAwsRdsDbClusterAssociatedRole ::
+  AwsRdsDbClusterAssociatedRole
+newAwsRdsDbClusterAssociatedRole =
+  AwsRdsDbClusterAssociatedRole'
+    { roleArn =
+        Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The ARN of the IAM role.
+awsRdsDbClusterAssociatedRole_roleArn :: Lens.Lens' AwsRdsDbClusterAssociatedRole (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterAssociatedRole_roleArn = Lens.lens (\AwsRdsDbClusterAssociatedRole' {roleArn} -> roleArn) (\s@AwsRdsDbClusterAssociatedRole' {} a -> s {roleArn = a} :: AwsRdsDbClusterAssociatedRole)
+
+-- | The status of the association between the IAM role and the DB cluster.
+-- Valid values are as follows:
+--
+-- -   @ACTIVE@
+--
+-- -   @INVALID@
+--
+-- -   @PENDING@
+awsRdsDbClusterAssociatedRole_status :: Lens.Lens' AwsRdsDbClusterAssociatedRole (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterAssociatedRole_status = Lens.lens (\AwsRdsDbClusterAssociatedRole' {status} -> status) (\s@AwsRdsDbClusterAssociatedRole' {} a -> s {status = a} :: AwsRdsDbClusterAssociatedRole)
+
+instance Data.FromJSON AwsRdsDbClusterAssociatedRole where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbClusterAssociatedRole"
+      ( \x ->
+          AwsRdsDbClusterAssociatedRole'
+            Prelude.<$> (x Data..:? "RoleArn")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRdsDbClusterAssociatedRole
+  where
+  hashWithSalt _salt AwsRdsDbClusterAssociatedRole' {..} =
+    _salt
+      `Prelude.hashWithSalt` roleArn
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData AwsRdsDbClusterAssociatedRole where
+  rnf AwsRdsDbClusterAssociatedRole' {..} =
+    Prelude.rnf roleArn
+      `Prelude.seq` Prelude.rnf status
+
+instance Data.ToJSON AwsRdsDbClusterAssociatedRole where
+  toJSON AwsRdsDbClusterAssociatedRole' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("RoleArn" Data..=) Prelude.<$> roleArn,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbClusterDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbClusterDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbClusterDetails.hs
@@ -0,0 +1,788 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbClusterDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbClusterDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsRdsDbClusterAssociatedRole
+import Amazonka.SecurityHub.Types.AwsRdsDbClusterMember
+import Amazonka.SecurityHub.Types.AwsRdsDbClusterOptionGroupMembership
+import Amazonka.SecurityHub.Types.AwsRdsDbDomainMembership
+import Amazonka.SecurityHub.Types.AwsRdsDbInstanceVpcSecurityGroup
+
+-- | Information about an Amazon RDS DB cluster.
+--
+-- /See:/ 'newAwsRdsDbClusterDetails' smart constructor.
+data AwsRdsDbClusterDetails = AwsRdsDbClusterDetails'
+  { -- | The status of the database activity stream. Valid values are as follows:
+    --
+    -- -   @started@
+    --
+    -- -   @starting@
+    --
+    -- -   @stopped@
+    --
+    -- -   @stopping@
+    activityStreamStatus :: Prelude.Maybe Prelude.Text,
+    -- | For all database engines except Aurora, specifies the allocated storage
+    -- size in gibibytes (GiB).
+    allocatedStorage :: Prelude.Maybe Prelude.Int,
+    -- | A list of the IAM roles that are associated with the DB cluster.
+    associatedRoles :: Prelude.Maybe [AwsRdsDbClusterAssociatedRole],
+    -- | A list of Availability Zones (AZs) where instances in the DB cluster can
+    -- be created.
+    availabilityZones :: Prelude.Maybe [Prelude.Text],
+    -- | The number of days for which automated backups are retained.
+    backupRetentionPeriod :: Prelude.Maybe Prelude.Int,
+    -- | Indicates when the DB cluster was created, in Universal Coordinated Time
+    -- (UTC).
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    clusterCreateTime :: Prelude.Maybe Prelude.Text,
+    -- | Whether tags are copied from the DB cluster to snapshots of the DB
+    -- cluster.
+    copyTagsToSnapshot :: Prelude.Maybe Prelude.Bool,
+    -- | Whether the DB cluster is a clone of a DB cluster owned by a different
+    -- Amazon Web Services account.
+    crossAccountClone :: Prelude.Maybe Prelude.Bool,
+    -- | A list of custom endpoints for the DB cluster.
+    customEndpoints :: Prelude.Maybe [Prelude.Text],
+    -- | The name of the database.
+    databaseName :: Prelude.Maybe Prelude.Text,
+    -- | The DB cluster identifier that the user assigned to the cluster. This
+    -- identifier is the unique key that identifies a DB cluster.
+    dbClusterIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The list of instances that make up the DB cluster.
+    dbClusterMembers :: Prelude.Maybe [AwsRdsDbClusterMember],
+    -- | The list of option group memberships for this DB cluster.
+    dbClusterOptionGroupMemberships :: Prelude.Maybe [AwsRdsDbClusterOptionGroupMembership],
+    -- | The name of the DB cluster parameter group for the DB cluster.
+    dbClusterParameterGroup :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the DB cluster. The identifier must be unique within
+    -- each Amazon Web Services Region and is immutable.
+    dbClusterResourceId :: Prelude.Maybe Prelude.Text,
+    -- | The subnet group that is associated with the DB cluster, including the
+    -- name, description, and subnets in the subnet group.
+    dbSubnetGroup :: Prelude.Maybe Prelude.Text,
+    -- | Whether the DB cluster has deletion protection enabled.
+    deletionProtection :: Prelude.Maybe Prelude.Bool,
+    -- | The Active Directory domain membership records that are associated with
+    -- the DB cluster.
+    domainMemberships :: Prelude.Maybe [AwsRdsDbDomainMembership],
+    -- | A list of log types that this DB cluster is configured to export to
+    -- CloudWatch Logs.
+    enabledCloudWatchLogsExports :: Prelude.Maybe [Prelude.Text],
+    -- | The connection endpoint for the primary instance of the DB cluster.
+    endpoint :: Prelude.Maybe Prelude.Text,
+    -- | The name of the database engine to use for this DB cluster. Valid values
+    -- are as follows:
+    --
+    -- -   @aurora@
+    --
+    -- -   @aurora-mysql@
+    --
+    -- -   @aurora-postgresql@
+    engine :: Prelude.Maybe Prelude.Text,
+    -- | The database engine mode of the DB cluster.Valid values are as follows:
+    --
+    -- -   @global@
+    --
+    -- -   @multimaster@
+    --
+    -- -   @parallelquery@
+    --
+    -- -   @provisioned@
+    --
+    -- -   @serverless@
+    engineMode :: Prelude.Maybe Prelude.Text,
+    -- | The version number of the database engine to use.
+    engineVersion :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the identifier that Amazon Route 53 assigns when you create a
+    -- hosted zone.
+    hostedZoneId :: Prelude.Maybe Prelude.Text,
+    -- | Whether the HTTP endpoint for an Aurora Serverless DB cluster is
+    -- enabled.
+    httpEndpointEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | Whether the mapping of IAM accounts to database accounts is enabled.
+    iamDatabaseAuthenticationEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | The ARN of the KMS master key that is used to encrypt the database
+    -- instances in the DB cluster.
+    kmsKeyId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the master user for the DB cluster.
+    masterUsername :: Prelude.Maybe Prelude.Text,
+    -- | Whether the DB cluster has instances in multiple Availability Zones.
+    multiAz :: Prelude.Maybe Prelude.Bool,
+    -- | The port number on which the DB instances in the DB cluster accept
+    -- connections.
+    port :: Prelude.Maybe Prelude.Int,
+    -- | The range of time each day when automated backups are created, if
+    -- automated backups are enabled.
+    --
+    -- Uses the format @HH:MM-HH:MM@. For example, @04:52-05:22@.
+    preferredBackupWindow :: Prelude.Maybe Prelude.Text,
+    -- | The weekly time range during which system maintenance can occur, in
+    -- Universal Coordinated Time (UTC).
+    --
+    -- Uses the format @\<day>:HH:MM-\<day>:HH:MM@.
+    --
+    -- For the day values, use @mon@|@tue@|@wed@|@thu@|@fri@|@sat@|@sun@.
+    --
+    -- For example, @sun:09:32-sun:10:02@.
+    preferredMaintenanceWindow :: Prelude.Maybe Prelude.Text,
+    -- | The identifiers of the read replicas that are associated with this DB
+    -- cluster.
+    readReplicaIdentifiers :: Prelude.Maybe [Prelude.Text],
+    -- | The reader endpoint for the DB cluster.
+    readerEndpoint :: Prelude.Maybe Prelude.Text,
+    -- | The current status of this DB cluster.
+    status :: Prelude.Maybe Prelude.Text,
+    -- | Whether the DB cluster is encrypted.
+    storageEncrypted :: Prelude.Maybe Prelude.Bool,
+    -- | A list of VPC security groups that the DB cluster belongs to.
+    vpcSecurityGroups :: Prelude.Maybe [AwsRdsDbInstanceVpcSecurityGroup]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbClusterDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'activityStreamStatus', 'awsRdsDbClusterDetails_activityStreamStatus' - The status of the database activity stream. Valid values are as follows:
+--
+-- -   @started@
+--
+-- -   @starting@
+--
+-- -   @stopped@
+--
+-- -   @stopping@
+--
+-- 'allocatedStorage', 'awsRdsDbClusterDetails_allocatedStorage' - For all database engines except Aurora, specifies the allocated storage
+-- size in gibibytes (GiB).
+--
+-- 'associatedRoles', 'awsRdsDbClusterDetails_associatedRoles' - A list of the IAM roles that are associated with the DB cluster.
+--
+-- 'availabilityZones', 'awsRdsDbClusterDetails_availabilityZones' - A list of Availability Zones (AZs) where instances in the DB cluster can
+-- be created.
+--
+-- 'backupRetentionPeriod', 'awsRdsDbClusterDetails_backupRetentionPeriod' - The number of days for which automated backups are retained.
+--
+-- 'clusterCreateTime', 'awsRdsDbClusterDetails_clusterCreateTime' - Indicates when the DB cluster was created, in Universal Coordinated Time
+-- (UTC).
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'copyTagsToSnapshot', 'awsRdsDbClusterDetails_copyTagsToSnapshot' - Whether tags are copied from the DB cluster to snapshots of the DB
+-- cluster.
+--
+-- 'crossAccountClone', 'awsRdsDbClusterDetails_crossAccountClone' - Whether the DB cluster is a clone of a DB cluster owned by a different
+-- Amazon Web Services account.
+--
+-- 'customEndpoints', 'awsRdsDbClusterDetails_customEndpoints' - A list of custom endpoints for the DB cluster.
+--
+-- 'databaseName', 'awsRdsDbClusterDetails_databaseName' - The name of the database.
+--
+-- 'dbClusterIdentifier', 'awsRdsDbClusterDetails_dbClusterIdentifier' - The DB cluster identifier that the user assigned to the cluster. This
+-- identifier is the unique key that identifies a DB cluster.
+--
+-- 'dbClusterMembers', 'awsRdsDbClusterDetails_dbClusterMembers' - The list of instances that make up the DB cluster.
+--
+-- 'dbClusterOptionGroupMemberships', 'awsRdsDbClusterDetails_dbClusterOptionGroupMemberships' - The list of option group memberships for this DB cluster.
+--
+-- 'dbClusterParameterGroup', 'awsRdsDbClusterDetails_dbClusterParameterGroup' - The name of the DB cluster parameter group for the DB cluster.
+--
+-- 'dbClusterResourceId', 'awsRdsDbClusterDetails_dbClusterResourceId' - The identifier of the DB cluster. The identifier must be unique within
+-- each Amazon Web Services Region and is immutable.
+--
+-- 'dbSubnetGroup', 'awsRdsDbClusterDetails_dbSubnetGroup' - The subnet group that is associated with the DB cluster, including the
+-- name, description, and subnets in the subnet group.
+--
+-- 'deletionProtection', 'awsRdsDbClusterDetails_deletionProtection' - Whether the DB cluster has deletion protection enabled.
+--
+-- 'domainMemberships', 'awsRdsDbClusterDetails_domainMemberships' - The Active Directory domain membership records that are associated with
+-- the DB cluster.
+--
+-- 'enabledCloudWatchLogsExports', 'awsRdsDbClusterDetails_enabledCloudWatchLogsExports' - A list of log types that this DB cluster is configured to export to
+-- CloudWatch Logs.
+--
+-- 'endpoint', 'awsRdsDbClusterDetails_endpoint' - The connection endpoint for the primary instance of the DB cluster.
+--
+-- 'engine', 'awsRdsDbClusterDetails_engine' - The name of the database engine to use for this DB cluster. Valid values
+-- are as follows:
+--
+-- -   @aurora@
+--
+-- -   @aurora-mysql@
+--
+-- -   @aurora-postgresql@
+--
+-- 'engineMode', 'awsRdsDbClusterDetails_engineMode' - The database engine mode of the DB cluster.Valid values are as follows:
+--
+-- -   @global@
+--
+-- -   @multimaster@
+--
+-- -   @parallelquery@
+--
+-- -   @provisioned@
+--
+-- -   @serverless@
+--
+-- 'engineVersion', 'awsRdsDbClusterDetails_engineVersion' - The version number of the database engine to use.
+--
+-- 'hostedZoneId', 'awsRdsDbClusterDetails_hostedZoneId' - Specifies the identifier that Amazon Route 53 assigns when you create a
+-- hosted zone.
+--
+-- 'httpEndpointEnabled', 'awsRdsDbClusterDetails_httpEndpointEnabled' - Whether the HTTP endpoint for an Aurora Serverless DB cluster is
+-- enabled.
+--
+-- 'iamDatabaseAuthenticationEnabled', 'awsRdsDbClusterDetails_iamDatabaseAuthenticationEnabled' - Whether the mapping of IAM accounts to database accounts is enabled.
+--
+-- 'kmsKeyId', 'awsRdsDbClusterDetails_kmsKeyId' - The ARN of the KMS master key that is used to encrypt the database
+-- instances in the DB cluster.
+--
+-- 'masterUsername', 'awsRdsDbClusterDetails_masterUsername' - The name of the master user for the DB cluster.
+--
+-- 'multiAz', 'awsRdsDbClusterDetails_multiAz' - Whether the DB cluster has instances in multiple Availability Zones.
+--
+-- 'port', 'awsRdsDbClusterDetails_port' - The port number on which the DB instances in the DB cluster accept
+-- connections.
+--
+-- 'preferredBackupWindow', 'awsRdsDbClusterDetails_preferredBackupWindow' - The range of time each day when automated backups are created, if
+-- automated backups are enabled.
+--
+-- Uses the format @HH:MM-HH:MM@. For example, @04:52-05:22@.
+--
+-- 'preferredMaintenanceWindow', 'awsRdsDbClusterDetails_preferredMaintenanceWindow' - The weekly time range during which system maintenance can occur, in
+-- Universal Coordinated Time (UTC).
+--
+-- Uses the format @\<day>:HH:MM-\<day>:HH:MM@.
+--
+-- For the day values, use @mon@|@tue@|@wed@|@thu@|@fri@|@sat@|@sun@.
+--
+-- For example, @sun:09:32-sun:10:02@.
+--
+-- 'readReplicaIdentifiers', 'awsRdsDbClusterDetails_readReplicaIdentifiers' - The identifiers of the read replicas that are associated with this DB
+-- cluster.
+--
+-- 'readerEndpoint', 'awsRdsDbClusterDetails_readerEndpoint' - The reader endpoint for the DB cluster.
+--
+-- 'status', 'awsRdsDbClusterDetails_status' - The current status of this DB cluster.
+--
+-- 'storageEncrypted', 'awsRdsDbClusterDetails_storageEncrypted' - Whether the DB cluster is encrypted.
+--
+-- 'vpcSecurityGroups', 'awsRdsDbClusterDetails_vpcSecurityGroups' - A list of VPC security groups that the DB cluster belongs to.
+newAwsRdsDbClusterDetails ::
+  AwsRdsDbClusterDetails
+newAwsRdsDbClusterDetails =
+  AwsRdsDbClusterDetails'
+    { activityStreamStatus =
+        Prelude.Nothing,
+      allocatedStorage = Prelude.Nothing,
+      associatedRoles = Prelude.Nothing,
+      availabilityZones = Prelude.Nothing,
+      backupRetentionPeriod = Prelude.Nothing,
+      clusterCreateTime = Prelude.Nothing,
+      copyTagsToSnapshot = Prelude.Nothing,
+      crossAccountClone = Prelude.Nothing,
+      customEndpoints = Prelude.Nothing,
+      databaseName = Prelude.Nothing,
+      dbClusterIdentifier = Prelude.Nothing,
+      dbClusterMembers = Prelude.Nothing,
+      dbClusterOptionGroupMemberships = Prelude.Nothing,
+      dbClusterParameterGroup = Prelude.Nothing,
+      dbClusterResourceId = Prelude.Nothing,
+      dbSubnetGroup = Prelude.Nothing,
+      deletionProtection = Prelude.Nothing,
+      domainMemberships = Prelude.Nothing,
+      enabledCloudWatchLogsExports = Prelude.Nothing,
+      endpoint = Prelude.Nothing,
+      engine = Prelude.Nothing,
+      engineMode = Prelude.Nothing,
+      engineVersion = Prelude.Nothing,
+      hostedZoneId = Prelude.Nothing,
+      httpEndpointEnabled = Prelude.Nothing,
+      iamDatabaseAuthenticationEnabled = Prelude.Nothing,
+      kmsKeyId = Prelude.Nothing,
+      masterUsername = Prelude.Nothing,
+      multiAz = Prelude.Nothing,
+      port = Prelude.Nothing,
+      preferredBackupWindow = Prelude.Nothing,
+      preferredMaintenanceWindow = Prelude.Nothing,
+      readReplicaIdentifiers = Prelude.Nothing,
+      readerEndpoint = Prelude.Nothing,
+      status = Prelude.Nothing,
+      storageEncrypted = Prelude.Nothing,
+      vpcSecurityGroups = Prelude.Nothing
+    }
+
+-- | The status of the database activity stream. Valid values are as follows:
+--
+-- -   @started@
+--
+-- -   @starting@
+--
+-- -   @stopped@
+--
+-- -   @stopping@
+awsRdsDbClusterDetails_activityStreamStatus :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_activityStreamStatus = Lens.lens (\AwsRdsDbClusterDetails' {activityStreamStatus} -> activityStreamStatus) (\s@AwsRdsDbClusterDetails' {} a -> s {activityStreamStatus = a} :: AwsRdsDbClusterDetails)
+
+-- | For all database engines except Aurora, specifies the allocated storage
+-- size in gibibytes (GiB).
+awsRdsDbClusterDetails_allocatedStorage :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbClusterDetails_allocatedStorage = Lens.lens (\AwsRdsDbClusterDetails' {allocatedStorage} -> allocatedStorage) (\s@AwsRdsDbClusterDetails' {} a -> s {allocatedStorage = a} :: AwsRdsDbClusterDetails)
+
+-- | A list of the IAM roles that are associated with the DB cluster.
+awsRdsDbClusterDetails_associatedRoles :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe [AwsRdsDbClusterAssociatedRole])
+awsRdsDbClusterDetails_associatedRoles = Lens.lens (\AwsRdsDbClusterDetails' {associatedRoles} -> associatedRoles) (\s@AwsRdsDbClusterDetails' {} a -> s {associatedRoles = a} :: AwsRdsDbClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of Availability Zones (AZs) where instances in the DB cluster can
+-- be created.
+awsRdsDbClusterDetails_availabilityZones :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe [Prelude.Text])
+awsRdsDbClusterDetails_availabilityZones = Lens.lens (\AwsRdsDbClusterDetails' {availabilityZones} -> availabilityZones) (\s@AwsRdsDbClusterDetails' {} a -> s {availabilityZones = a} :: AwsRdsDbClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The number of days for which automated backups are retained.
+awsRdsDbClusterDetails_backupRetentionPeriod :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbClusterDetails_backupRetentionPeriod = Lens.lens (\AwsRdsDbClusterDetails' {backupRetentionPeriod} -> backupRetentionPeriod) (\s@AwsRdsDbClusterDetails' {} a -> s {backupRetentionPeriod = a} :: AwsRdsDbClusterDetails)
+
+-- | Indicates when the DB cluster was created, in Universal Coordinated Time
+-- (UTC).
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsRdsDbClusterDetails_clusterCreateTime :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_clusterCreateTime = Lens.lens (\AwsRdsDbClusterDetails' {clusterCreateTime} -> clusterCreateTime) (\s@AwsRdsDbClusterDetails' {} a -> s {clusterCreateTime = a} :: AwsRdsDbClusterDetails)
+
+-- | Whether tags are copied from the DB cluster to snapshots of the DB
+-- cluster.
+awsRdsDbClusterDetails_copyTagsToSnapshot :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbClusterDetails_copyTagsToSnapshot = Lens.lens (\AwsRdsDbClusterDetails' {copyTagsToSnapshot} -> copyTagsToSnapshot) (\s@AwsRdsDbClusterDetails' {} a -> s {copyTagsToSnapshot = a} :: AwsRdsDbClusterDetails)
+
+-- | Whether the DB cluster is a clone of a DB cluster owned by a different
+-- Amazon Web Services account.
+awsRdsDbClusterDetails_crossAccountClone :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbClusterDetails_crossAccountClone = Lens.lens (\AwsRdsDbClusterDetails' {crossAccountClone} -> crossAccountClone) (\s@AwsRdsDbClusterDetails' {} a -> s {crossAccountClone = a} :: AwsRdsDbClusterDetails)
+
+-- | A list of custom endpoints for the DB cluster.
+awsRdsDbClusterDetails_customEndpoints :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe [Prelude.Text])
+awsRdsDbClusterDetails_customEndpoints = Lens.lens (\AwsRdsDbClusterDetails' {customEndpoints} -> customEndpoints) (\s@AwsRdsDbClusterDetails' {} a -> s {customEndpoints = a} :: AwsRdsDbClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the database.
+awsRdsDbClusterDetails_databaseName :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_databaseName = Lens.lens (\AwsRdsDbClusterDetails' {databaseName} -> databaseName) (\s@AwsRdsDbClusterDetails' {} a -> s {databaseName = a} :: AwsRdsDbClusterDetails)
+
+-- | The DB cluster identifier that the user assigned to the cluster. This
+-- identifier is the unique key that identifies a DB cluster.
+awsRdsDbClusterDetails_dbClusterIdentifier :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_dbClusterIdentifier = Lens.lens (\AwsRdsDbClusterDetails' {dbClusterIdentifier} -> dbClusterIdentifier) (\s@AwsRdsDbClusterDetails' {} a -> s {dbClusterIdentifier = a} :: AwsRdsDbClusterDetails)
+
+-- | The list of instances that make up the DB cluster.
+awsRdsDbClusterDetails_dbClusterMembers :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe [AwsRdsDbClusterMember])
+awsRdsDbClusterDetails_dbClusterMembers = Lens.lens (\AwsRdsDbClusterDetails' {dbClusterMembers} -> dbClusterMembers) (\s@AwsRdsDbClusterDetails' {} a -> s {dbClusterMembers = a} :: AwsRdsDbClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The list of option group memberships for this DB cluster.
+awsRdsDbClusterDetails_dbClusterOptionGroupMemberships :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe [AwsRdsDbClusterOptionGroupMembership])
+awsRdsDbClusterDetails_dbClusterOptionGroupMemberships = Lens.lens (\AwsRdsDbClusterDetails' {dbClusterOptionGroupMemberships} -> dbClusterOptionGroupMemberships) (\s@AwsRdsDbClusterDetails' {} a -> s {dbClusterOptionGroupMemberships = a} :: AwsRdsDbClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the DB cluster parameter group for the DB cluster.
+awsRdsDbClusterDetails_dbClusterParameterGroup :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_dbClusterParameterGroup = Lens.lens (\AwsRdsDbClusterDetails' {dbClusterParameterGroup} -> dbClusterParameterGroup) (\s@AwsRdsDbClusterDetails' {} a -> s {dbClusterParameterGroup = a} :: AwsRdsDbClusterDetails)
+
+-- | The identifier of the DB cluster. The identifier must be unique within
+-- each Amazon Web Services Region and is immutable.
+awsRdsDbClusterDetails_dbClusterResourceId :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_dbClusterResourceId = Lens.lens (\AwsRdsDbClusterDetails' {dbClusterResourceId} -> dbClusterResourceId) (\s@AwsRdsDbClusterDetails' {} a -> s {dbClusterResourceId = a} :: AwsRdsDbClusterDetails)
+
+-- | The subnet group that is associated with the DB cluster, including the
+-- name, description, and subnets in the subnet group.
+awsRdsDbClusterDetails_dbSubnetGroup :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_dbSubnetGroup = Lens.lens (\AwsRdsDbClusterDetails' {dbSubnetGroup} -> dbSubnetGroup) (\s@AwsRdsDbClusterDetails' {} a -> s {dbSubnetGroup = a} :: AwsRdsDbClusterDetails)
+
+-- | Whether the DB cluster has deletion protection enabled.
+awsRdsDbClusterDetails_deletionProtection :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbClusterDetails_deletionProtection = Lens.lens (\AwsRdsDbClusterDetails' {deletionProtection} -> deletionProtection) (\s@AwsRdsDbClusterDetails' {} a -> s {deletionProtection = a} :: AwsRdsDbClusterDetails)
+
+-- | The Active Directory domain membership records that are associated with
+-- the DB cluster.
+awsRdsDbClusterDetails_domainMemberships :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe [AwsRdsDbDomainMembership])
+awsRdsDbClusterDetails_domainMemberships = Lens.lens (\AwsRdsDbClusterDetails' {domainMemberships} -> domainMemberships) (\s@AwsRdsDbClusterDetails' {} a -> s {domainMemberships = a} :: AwsRdsDbClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of log types that this DB cluster is configured to export to
+-- CloudWatch Logs.
+awsRdsDbClusterDetails_enabledCloudWatchLogsExports :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe [Prelude.Text])
+awsRdsDbClusterDetails_enabledCloudWatchLogsExports = Lens.lens (\AwsRdsDbClusterDetails' {enabledCloudWatchLogsExports} -> enabledCloudWatchLogsExports) (\s@AwsRdsDbClusterDetails' {} a -> s {enabledCloudWatchLogsExports = a} :: AwsRdsDbClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The connection endpoint for the primary instance of the DB cluster.
+awsRdsDbClusterDetails_endpoint :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_endpoint = Lens.lens (\AwsRdsDbClusterDetails' {endpoint} -> endpoint) (\s@AwsRdsDbClusterDetails' {} a -> s {endpoint = a} :: AwsRdsDbClusterDetails)
+
+-- | The name of the database engine to use for this DB cluster. Valid values
+-- are as follows:
+--
+-- -   @aurora@
+--
+-- -   @aurora-mysql@
+--
+-- -   @aurora-postgresql@
+awsRdsDbClusterDetails_engine :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_engine = Lens.lens (\AwsRdsDbClusterDetails' {engine} -> engine) (\s@AwsRdsDbClusterDetails' {} a -> s {engine = a} :: AwsRdsDbClusterDetails)
+
+-- | The database engine mode of the DB cluster.Valid values are as follows:
+--
+-- -   @global@
+--
+-- -   @multimaster@
+--
+-- -   @parallelquery@
+--
+-- -   @provisioned@
+--
+-- -   @serverless@
+awsRdsDbClusterDetails_engineMode :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_engineMode = Lens.lens (\AwsRdsDbClusterDetails' {engineMode} -> engineMode) (\s@AwsRdsDbClusterDetails' {} a -> s {engineMode = a} :: AwsRdsDbClusterDetails)
+
+-- | The version number of the database engine to use.
+awsRdsDbClusterDetails_engineVersion :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_engineVersion = Lens.lens (\AwsRdsDbClusterDetails' {engineVersion} -> engineVersion) (\s@AwsRdsDbClusterDetails' {} a -> s {engineVersion = a} :: AwsRdsDbClusterDetails)
+
+-- | Specifies the identifier that Amazon Route 53 assigns when you create a
+-- hosted zone.
+awsRdsDbClusterDetails_hostedZoneId :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_hostedZoneId = Lens.lens (\AwsRdsDbClusterDetails' {hostedZoneId} -> hostedZoneId) (\s@AwsRdsDbClusterDetails' {} a -> s {hostedZoneId = a} :: AwsRdsDbClusterDetails)
+
+-- | Whether the HTTP endpoint for an Aurora Serverless DB cluster is
+-- enabled.
+awsRdsDbClusterDetails_httpEndpointEnabled :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbClusterDetails_httpEndpointEnabled = Lens.lens (\AwsRdsDbClusterDetails' {httpEndpointEnabled} -> httpEndpointEnabled) (\s@AwsRdsDbClusterDetails' {} a -> s {httpEndpointEnabled = a} :: AwsRdsDbClusterDetails)
+
+-- | Whether the mapping of IAM accounts to database accounts is enabled.
+awsRdsDbClusterDetails_iamDatabaseAuthenticationEnabled :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbClusterDetails_iamDatabaseAuthenticationEnabled = Lens.lens (\AwsRdsDbClusterDetails' {iamDatabaseAuthenticationEnabled} -> iamDatabaseAuthenticationEnabled) (\s@AwsRdsDbClusterDetails' {} a -> s {iamDatabaseAuthenticationEnabled = a} :: AwsRdsDbClusterDetails)
+
+-- | The ARN of the KMS master key that is used to encrypt the database
+-- instances in the DB cluster.
+awsRdsDbClusterDetails_kmsKeyId :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_kmsKeyId = Lens.lens (\AwsRdsDbClusterDetails' {kmsKeyId} -> kmsKeyId) (\s@AwsRdsDbClusterDetails' {} a -> s {kmsKeyId = a} :: AwsRdsDbClusterDetails)
+
+-- | The name of the master user for the DB cluster.
+awsRdsDbClusterDetails_masterUsername :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_masterUsername = Lens.lens (\AwsRdsDbClusterDetails' {masterUsername} -> masterUsername) (\s@AwsRdsDbClusterDetails' {} a -> s {masterUsername = a} :: AwsRdsDbClusterDetails)
+
+-- | Whether the DB cluster has instances in multiple Availability Zones.
+awsRdsDbClusterDetails_multiAz :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbClusterDetails_multiAz = Lens.lens (\AwsRdsDbClusterDetails' {multiAz} -> multiAz) (\s@AwsRdsDbClusterDetails' {} a -> s {multiAz = a} :: AwsRdsDbClusterDetails)
+
+-- | The port number on which the DB instances in the DB cluster accept
+-- connections.
+awsRdsDbClusterDetails_port :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbClusterDetails_port = Lens.lens (\AwsRdsDbClusterDetails' {port} -> port) (\s@AwsRdsDbClusterDetails' {} a -> s {port = a} :: AwsRdsDbClusterDetails)
+
+-- | The range of time each day when automated backups are created, if
+-- automated backups are enabled.
+--
+-- Uses the format @HH:MM-HH:MM@. For example, @04:52-05:22@.
+awsRdsDbClusterDetails_preferredBackupWindow :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_preferredBackupWindow = Lens.lens (\AwsRdsDbClusterDetails' {preferredBackupWindow} -> preferredBackupWindow) (\s@AwsRdsDbClusterDetails' {} a -> s {preferredBackupWindow = a} :: AwsRdsDbClusterDetails)
+
+-- | The weekly time range during which system maintenance can occur, in
+-- Universal Coordinated Time (UTC).
+--
+-- Uses the format @\<day>:HH:MM-\<day>:HH:MM@.
+--
+-- For the day values, use @mon@|@tue@|@wed@|@thu@|@fri@|@sat@|@sun@.
+--
+-- For example, @sun:09:32-sun:10:02@.
+awsRdsDbClusterDetails_preferredMaintenanceWindow :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_preferredMaintenanceWindow = Lens.lens (\AwsRdsDbClusterDetails' {preferredMaintenanceWindow} -> preferredMaintenanceWindow) (\s@AwsRdsDbClusterDetails' {} a -> s {preferredMaintenanceWindow = a} :: AwsRdsDbClusterDetails)
+
+-- | The identifiers of the read replicas that are associated with this DB
+-- cluster.
+awsRdsDbClusterDetails_readReplicaIdentifiers :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe [Prelude.Text])
+awsRdsDbClusterDetails_readReplicaIdentifiers = Lens.lens (\AwsRdsDbClusterDetails' {readReplicaIdentifiers} -> readReplicaIdentifiers) (\s@AwsRdsDbClusterDetails' {} a -> s {readReplicaIdentifiers = a} :: AwsRdsDbClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The reader endpoint for the DB cluster.
+awsRdsDbClusterDetails_readerEndpoint :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_readerEndpoint = Lens.lens (\AwsRdsDbClusterDetails' {readerEndpoint} -> readerEndpoint) (\s@AwsRdsDbClusterDetails' {} a -> s {readerEndpoint = a} :: AwsRdsDbClusterDetails)
+
+-- | The current status of this DB cluster.
+awsRdsDbClusterDetails_status :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterDetails_status = Lens.lens (\AwsRdsDbClusterDetails' {status} -> status) (\s@AwsRdsDbClusterDetails' {} a -> s {status = a} :: AwsRdsDbClusterDetails)
+
+-- | Whether the DB cluster is encrypted.
+awsRdsDbClusterDetails_storageEncrypted :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbClusterDetails_storageEncrypted = Lens.lens (\AwsRdsDbClusterDetails' {storageEncrypted} -> storageEncrypted) (\s@AwsRdsDbClusterDetails' {} a -> s {storageEncrypted = a} :: AwsRdsDbClusterDetails)
+
+-- | A list of VPC security groups that the DB cluster belongs to.
+awsRdsDbClusterDetails_vpcSecurityGroups :: Lens.Lens' AwsRdsDbClusterDetails (Prelude.Maybe [AwsRdsDbInstanceVpcSecurityGroup])
+awsRdsDbClusterDetails_vpcSecurityGroups = Lens.lens (\AwsRdsDbClusterDetails' {vpcSecurityGroups} -> vpcSecurityGroups) (\s@AwsRdsDbClusterDetails' {} a -> s {vpcSecurityGroups = a} :: AwsRdsDbClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsRdsDbClusterDetails where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbClusterDetails"
+      ( \x ->
+          AwsRdsDbClusterDetails'
+            Prelude.<$> (x Data..:? "ActivityStreamStatus")
+            Prelude.<*> (x Data..:? "AllocatedStorage")
+            Prelude.<*> ( x
+                            Data..:? "AssociatedRoles"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "AvailabilityZones"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "BackupRetentionPeriod")
+            Prelude.<*> (x Data..:? "ClusterCreateTime")
+            Prelude.<*> (x Data..:? "CopyTagsToSnapshot")
+            Prelude.<*> (x Data..:? "CrossAccountClone")
+            Prelude.<*> ( x
+                            Data..:? "CustomEndpoints"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "DatabaseName")
+            Prelude.<*> (x Data..:? "DbClusterIdentifier")
+            Prelude.<*> ( x
+                            Data..:? "DbClusterMembers"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "DbClusterOptionGroupMemberships"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "DbClusterParameterGroup")
+            Prelude.<*> (x Data..:? "DbClusterResourceId")
+            Prelude.<*> (x Data..:? "DbSubnetGroup")
+            Prelude.<*> (x Data..:? "DeletionProtection")
+            Prelude.<*> ( x
+                            Data..:? "DomainMemberships"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "EnabledCloudWatchLogsExports"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Endpoint")
+            Prelude.<*> (x Data..:? "Engine")
+            Prelude.<*> (x Data..:? "EngineMode")
+            Prelude.<*> (x Data..:? "EngineVersion")
+            Prelude.<*> (x Data..:? "HostedZoneId")
+            Prelude.<*> (x Data..:? "HttpEndpointEnabled")
+            Prelude.<*> (x Data..:? "IamDatabaseAuthenticationEnabled")
+            Prelude.<*> (x Data..:? "KmsKeyId")
+            Prelude.<*> (x Data..:? "MasterUsername")
+            Prelude.<*> (x Data..:? "MultiAz")
+            Prelude.<*> (x Data..:? "Port")
+            Prelude.<*> (x Data..:? "PreferredBackupWindow")
+            Prelude.<*> (x Data..:? "PreferredMaintenanceWindow")
+            Prelude.<*> ( x
+                            Data..:? "ReadReplicaIdentifiers"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ReaderEndpoint")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "StorageEncrypted")
+            Prelude.<*> ( x
+                            Data..:? "VpcSecurityGroups"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable AwsRdsDbClusterDetails where
+  hashWithSalt _salt AwsRdsDbClusterDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` activityStreamStatus
+      `Prelude.hashWithSalt` allocatedStorage
+      `Prelude.hashWithSalt` associatedRoles
+      `Prelude.hashWithSalt` availabilityZones
+      `Prelude.hashWithSalt` backupRetentionPeriod
+      `Prelude.hashWithSalt` clusterCreateTime
+      `Prelude.hashWithSalt` copyTagsToSnapshot
+      `Prelude.hashWithSalt` crossAccountClone
+      `Prelude.hashWithSalt` customEndpoints
+      `Prelude.hashWithSalt` databaseName
+      `Prelude.hashWithSalt` dbClusterIdentifier
+      `Prelude.hashWithSalt` dbClusterMembers
+      `Prelude.hashWithSalt` dbClusterOptionGroupMemberships
+      `Prelude.hashWithSalt` dbClusterParameterGroup
+      `Prelude.hashWithSalt` dbClusterResourceId
+      `Prelude.hashWithSalt` dbSubnetGroup
+      `Prelude.hashWithSalt` deletionProtection
+      `Prelude.hashWithSalt` domainMemberships
+      `Prelude.hashWithSalt` enabledCloudWatchLogsExports
+      `Prelude.hashWithSalt` endpoint
+      `Prelude.hashWithSalt` engine
+      `Prelude.hashWithSalt` engineMode
+      `Prelude.hashWithSalt` engineVersion
+      `Prelude.hashWithSalt` hostedZoneId
+      `Prelude.hashWithSalt` httpEndpointEnabled
+      `Prelude.hashWithSalt` iamDatabaseAuthenticationEnabled
+      `Prelude.hashWithSalt` kmsKeyId
+      `Prelude.hashWithSalt` masterUsername
+      `Prelude.hashWithSalt` multiAz
+      `Prelude.hashWithSalt` port
+      `Prelude.hashWithSalt` preferredBackupWindow
+      `Prelude.hashWithSalt` preferredMaintenanceWindow
+      `Prelude.hashWithSalt` readReplicaIdentifiers
+      `Prelude.hashWithSalt` readerEndpoint
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` storageEncrypted
+      `Prelude.hashWithSalt` vpcSecurityGroups
+
+instance Prelude.NFData AwsRdsDbClusterDetails where
+  rnf AwsRdsDbClusterDetails' {..} =
+    Prelude.rnf activityStreamStatus
+      `Prelude.seq` Prelude.rnf allocatedStorage
+      `Prelude.seq` Prelude.rnf associatedRoles
+      `Prelude.seq` Prelude.rnf availabilityZones
+      `Prelude.seq` Prelude.rnf backupRetentionPeriod
+      `Prelude.seq` Prelude.rnf clusterCreateTime
+      `Prelude.seq` Prelude.rnf copyTagsToSnapshot
+      `Prelude.seq` Prelude.rnf crossAccountClone
+      `Prelude.seq` Prelude.rnf customEndpoints
+      `Prelude.seq` Prelude.rnf databaseName
+      `Prelude.seq` Prelude.rnf dbClusterIdentifier
+      `Prelude.seq` Prelude.rnf dbClusterMembers
+      `Prelude.seq` Prelude.rnf dbClusterOptionGroupMemberships
+      `Prelude.seq` Prelude.rnf dbClusterParameterGroup
+      `Prelude.seq` Prelude.rnf dbClusterResourceId
+      `Prelude.seq` Prelude.rnf dbSubnetGroup
+      `Prelude.seq` Prelude.rnf deletionProtection
+      `Prelude.seq` Prelude.rnf domainMemberships
+      `Prelude.seq` Prelude.rnf
+        enabledCloudWatchLogsExports
+      `Prelude.seq` Prelude.rnf endpoint
+      `Prelude.seq` Prelude.rnf engine
+      `Prelude.seq` Prelude.rnf engineMode
+      `Prelude.seq` Prelude.rnf
+        engineVersion
+      `Prelude.seq` Prelude.rnf
+        hostedZoneId
+      `Prelude.seq` Prelude.rnf
+        httpEndpointEnabled
+      `Prelude.seq` Prelude.rnf
+        iamDatabaseAuthenticationEnabled
+      `Prelude.seq` Prelude.rnf
+        kmsKeyId
+      `Prelude.seq` Prelude.rnf
+        masterUsername
+      `Prelude.seq` Prelude.rnf
+        multiAz
+      `Prelude.seq` Prelude.rnf
+        port
+      `Prelude.seq` Prelude.rnf
+        preferredBackupWindow
+      `Prelude.seq` Prelude.rnf
+        preferredMaintenanceWindow
+      `Prelude.seq` Prelude.rnf
+        readReplicaIdentifiers
+      `Prelude.seq` Prelude.rnf
+        readerEndpoint
+      `Prelude.seq` Prelude.rnf
+        status
+      `Prelude.seq` Prelude.rnf
+        storageEncrypted
+      `Prelude.seq` Prelude.rnf
+        vpcSecurityGroups
+
+instance Data.ToJSON AwsRdsDbClusterDetails where
+  toJSON AwsRdsDbClusterDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ActivityStreamStatus" Data..=)
+              Prelude.<$> activityStreamStatus,
+            ("AllocatedStorage" Data..=)
+              Prelude.<$> allocatedStorage,
+            ("AssociatedRoles" Data..=)
+              Prelude.<$> associatedRoles,
+            ("AvailabilityZones" Data..=)
+              Prelude.<$> availabilityZones,
+            ("BackupRetentionPeriod" Data..=)
+              Prelude.<$> backupRetentionPeriod,
+            ("ClusterCreateTime" Data..=)
+              Prelude.<$> clusterCreateTime,
+            ("CopyTagsToSnapshot" Data..=)
+              Prelude.<$> copyTagsToSnapshot,
+            ("CrossAccountClone" Data..=)
+              Prelude.<$> crossAccountClone,
+            ("CustomEndpoints" Data..=)
+              Prelude.<$> customEndpoints,
+            ("DatabaseName" Data..=) Prelude.<$> databaseName,
+            ("DbClusterIdentifier" Data..=)
+              Prelude.<$> dbClusterIdentifier,
+            ("DbClusterMembers" Data..=)
+              Prelude.<$> dbClusterMembers,
+            ("DbClusterOptionGroupMemberships" Data..=)
+              Prelude.<$> dbClusterOptionGroupMemberships,
+            ("DbClusterParameterGroup" Data..=)
+              Prelude.<$> dbClusterParameterGroup,
+            ("DbClusterResourceId" Data..=)
+              Prelude.<$> dbClusterResourceId,
+            ("DbSubnetGroup" Data..=) Prelude.<$> dbSubnetGroup,
+            ("DeletionProtection" Data..=)
+              Prelude.<$> deletionProtection,
+            ("DomainMemberships" Data..=)
+              Prelude.<$> domainMemberships,
+            ("EnabledCloudWatchLogsExports" Data..=)
+              Prelude.<$> enabledCloudWatchLogsExports,
+            ("Endpoint" Data..=) Prelude.<$> endpoint,
+            ("Engine" Data..=) Prelude.<$> engine,
+            ("EngineMode" Data..=) Prelude.<$> engineMode,
+            ("EngineVersion" Data..=) Prelude.<$> engineVersion,
+            ("HostedZoneId" Data..=) Prelude.<$> hostedZoneId,
+            ("HttpEndpointEnabled" Data..=)
+              Prelude.<$> httpEndpointEnabled,
+            ("IamDatabaseAuthenticationEnabled" Data..=)
+              Prelude.<$> iamDatabaseAuthenticationEnabled,
+            ("KmsKeyId" Data..=) Prelude.<$> kmsKeyId,
+            ("MasterUsername" Data..=)
+              Prelude.<$> masterUsername,
+            ("MultiAz" Data..=) Prelude.<$> multiAz,
+            ("Port" Data..=) Prelude.<$> port,
+            ("PreferredBackupWindow" Data..=)
+              Prelude.<$> preferredBackupWindow,
+            ("PreferredMaintenanceWindow" Data..=)
+              Prelude.<$> preferredMaintenanceWindow,
+            ("ReadReplicaIdentifiers" Data..=)
+              Prelude.<$> readReplicaIdentifiers,
+            ("ReaderEndpoint" Data..=)
+              Prelude.<$> readerEndpoint,
+            ("Status" Data..=) Prelude.<$> status,
+            ("StorageEncrypted" Data..=)
+              Prelude.<$> storageEncrypted,
+            ("VpcSecurityGroups" Data..=)
+              Prelude.<$> vpcSecurityGroups
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbClusterMember.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbClusterMember.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbClusterMember.hs
@@ -0,0 +1,129 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbClusterMember
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbClusterMember where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about an instance in the DB cluster.
+--
+-- /See:/ 'newAwsRdsDbClusterMember' smart constructor.
+data AwsRdsDbClusterMember = AwsRdsDbClusterMember'
+  { -- | The status of the DB cluster parameter group for this member of the DB
+    -- cluster.
+    dbClusterParameterGroupStatus :: Prelude.Maybe Prelude.Text,
+    -- | The instance identifier for this member of the DB cluster.
+    dbInstanceIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | Whether the cluster member is the primary instance for the DB cluster.
+    isClusterWriter :: Prelude.Maybe Prelude.Bool,
+    -- | Specifies the order in which an Aurora replica is promoted to the
+    -- primary instance when the existing primary instance fails.
+    promotionTier :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbClusterMember' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dbClusterParameterGroupStatus', 'awsRdsDbClusterMember_dbClusterParameterGroupStatus' - The status of the DB cluster parameter group for this member of the DB
+-- cluster.
+--
+-- 'dbInstanceIdentifier', 'awsRdsDbClusterMember_dbInstanceIdentifier' - The instance identifier for this member of the DB cluster.
+--
+-- 'isClusterWriter', 'awsRdsDbClusterMember_isClusterWriter' - Whether the cluster member is the primary instance for the DB cluster.
+--
+-- 'promotionTier', 'awsRdsDbClusterMember_promotionTier' - Specifies the order in which an Aurora replica is promoted to the
+-- primary instance when the existing primary instance fails.
+newAwsRdsDbClusterMember ::
+  AwsRdsDbClusterMember
+newAwsRdsDbClusterMember =
+  AwsRdsDbClusterMember'
+    { dbClusterParameterGroupStatus =
+        Prelude.Nothing,
+      dbInstanceIdentifier = Prelude.Nothing,
+      isClusterWriter = Prelude.Nothing,
+      promotionTier = Prelude.Nothing
+    }
+
+-- | The status of the DB cluster parameter group for this member of the DB
+-- cluster.
+awsRdsDbClusterMember_dbClusterParameterGroupStatus :: Lens.Lens' AwsRdsDbClusterMember (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterMember_dbClusterParameterGroupStatus = Lens.lens (\AwsRdsDbClusterMember' {dbClusterParameterGroupStatus} -> dbClusterParameterGroupStatus) (\s@AwsRdsDbClusterMember' {} a -> s {dbClusterParameterGroupStatus = a} :: AwsRdsDbClusterMember)
+
+-- | The instance identifier for this member of the DB cluster.
+awsRdsDbClusterMember_dbInstanceIdentifier :: Lens.Lens' AwsRdsDbClusterMember (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterMember_dbInstanceIdentifier = Lens.lens (\AwsRdsDbClusterMember' {dbInstanceIdentifier} -> dbInstanceIdentifier) (\s@AwsRdsDbClusterMember' {} a -> s {dbInstanceIdentifier = a} :: AwsRdsDbClusterMember)
+
+-- | Whether the cluster member is the primary instance for the DB cluster.
+awsRdsDbClusterMember_isClusterWriter :: Lens.Lens' AwsRdsDbClusterMember (Prelude.Maybe Prelude.Bool)
+awsRdsDbClusterMember_isClusterWriter = Lens.lens (\AwsRdsDbClusterMember' {isClusterWriter} -> isClusterWriter) (\s@AwsRdsDbClusterMember' {} a -> s {isClusterWriter = a} :: AwsRdsDbClusterMember)
+
+-- | Specifies the order in which an Aurora replica is promoted to the
+-- primary instance when the existing primary instance fails.
+awsRdsDbClusterMember_promotionTier :: Lens.Lens' AwsRdsDbClusterMember (Prelude.Maybe Prelude.Int)
+awsRdsDbClusterMember_promotionTier = Lens.lens (\AwsRdsDbClusterMember' {promotionTier} -> promotionTier) (\s@AwsRdsDbClusterMember' {} a -> s {promotionTier = a} :: AwsRdsDbClusterMember)
+
+instance Data.FromJSON AwsRdsDbClusterMember where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbClusterMember"
+      ( \x ->
+          AwsRdsDbClusterMember'
+            Prelude.<$> (x Data..:? "DbClusterParameterGroupStatus")
+            Prelude.<*> (x Data..:? "DbInstanceIdentifier")
+            Prelude.<*> (x Data..:? "IsClusterWriter")
+            Prelude.<*> (x Data..:? "PromotionTier")
+      )
+
+instance Prelude.Hashable AwsRdsDbClusterMember where
+  hashWithSalt _salt AwsRdsDbClusterMember' {..} =
+    _salt
+      `Prelude.hashWithSalt` dbClusterParameterGroupStatus
+      `Prelude.hashWithSalt` dbInstanceIdentifier
+      `Prelude.hashWithSalt` isClusterWriter
+      `Prelude.hashWithSalt` promotionTier
+
+instance Prelude.NFData AwsRdsDbClusterMember where
+  rnf AwsRdsDbClusterMember' {..} =
+    Prelude.rnf dbClusterParameterGroupStatus
+      `Prelude.seq` Prelude.rnf dbInstanceIdentifier
+      `Prelude.seq` Prelude.rnf isClusterWriter
+      `Prelude.seq` Prelude.rnf promotionTier
+
+instance Data.ToJSON AwsRdsDbClusterMember where
+  toJSON AwsRdsDbClusterMember' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DbClusterParameterGroupStatus" Data..=)
+              Prelude.<$> dbClusterParameterGroupStatus,
+            ("DbInstanceIdentifier" Data..=)
+              Prelude.<$> dbInstanceIdentifier,
+            ("IsClusterWriter" Data..=)
+              Prelude.<$> isClusterWriter,
+            ("PromotionTier" Data..=) Prelude.<$> promotionTier
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbClusterOptionGroupMembership.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbClusterOptionGroupMembership.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbClusterOptionGroupMembership.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbClusterOptionGroupMembership
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbClusterOptionGroupMembership where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about an option group membership for a DB cluster.
+--
+-- /See:/ 'newAwsRdsDbClusterOptionGroupMembership' smart constructor.
+data AwsRdsDbClusterOptionGroupMembership = AwsRdsDbClusterOptionGroupMembership'
+  { -- | The name of the DB cluster option group.
+    dbClusterOptionGroupName :: Prelude.Maybe Prelude.Text,
+    -- | The status of the DB cluster option group.
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbClusterOptionGroupMembership' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dbClusterOptionGroupName', 'awsRdsDbClusterOptionGroupMembership_dbClusterOptionGroupName' - The name of the DB cluster option group.
+--
+-- 'status', 'awsRdsDbClusterOptionGroupMembership_status' - The status of the DB cluster option group.
+newAwsRdsDbClusterOptionGroupMembership ::
+  AwsRdsDbClusterOptionGroupMembership
+newAwsRdsDbClusterOptionGroupMembership =
+  AwsRdsDbClusterOptionGroupMembership'
+    { dbClusterOptionGroupName =
+        Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The name of the DB cluster option group.
+awsRdsDbClusterOptionGroupMembership_dbClusterOptionGroupName :: Lens.Lens' AwsRdsDbClusterOptionGroupMembership (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterOptionGroupMembership_dbClusterOptionGroupName = Lens.lens (\AwsRdsDbClusterOptionGroupMembership' {dbClusterOptionGroupName} -> dbClusterOptionGroupName) (\s@AwsRdsDbClusterOptionGroupMembership' {} a -> s {dbClusterOptionGroupName = a} :: AwsRdsDbClusterOptionGroupMembership)
+
+-- | The status of the DB cluster option group.
+awsRdsDbClusterOptionGroupMembership_status :: Lens.Lens' AwsRdsDbClusterOptionGroupMembership (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterOptionGroupMembership_status = Lens.lens (\AwsRdsDbClusterOptionGroupMembership' {status} -> status) (\s@AwsRdsDbClusterOptionGroupMembership' {} a -> s {status = a} :: AwsRdsDbClusterOptionGroupMembership)
+
+instance
+  Data.FromJSON
+    AwsRdsDbClusterOptionGroupMembership
+  where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbClusterOptionGroupMembership"
+      ( \x ->
+          AwsRdsDbClusterOptionGroupMembership'
+            Prelude.<$> (x Data..:? "DbClusterOptionGroupName")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRdsDbClusterOptionGroupMembership
+  where
+  hashWithSalt
+    _salt
+    AwsRdsDbClusterOptionGroupMembership' {..} =
+      _salt
+        `Prelude.hashWithSalt` dbClusterOptionGroupName
+        `Prelude.hashWithSalt` status
+
+instance
+  Prelude.NFData
+    AwsRdsDbClusterOptionGroupMembership
+  where
+  rnf AwsRdsDbClusterOptionGroupMembership' {..} =
+    Prelude.rnf dbClusterOptionGroupName
+      `Prelude.seq` Prelude.rnf status
+
+instance
+  Data.ToJSON
+    AwsRdsDbClusterOptionGroupMembership
+  where
+  toJSON AwsRdsDbClusterOptionGroupMembership' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DbClusterOptionGroupName" Data..=)
+              Prelude.<$> dbClusterOptionGroupName,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbClusterSnapshotDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbClusterSnapshotDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbClusterSnapshotDetails.hs
@@ -0,0 +1,373 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbClusterSnapshotDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbClusterSnapshotDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about an Amazon RDS DB cluster snapshot.
+--
+-- /See:/ 'newAwsRdsDbClusterSnapshotDetails' smart constructor.
+data AwsRdsDbClusterSnapshotDetails = AwsRdsDbClusterSnapshotDetails'
+  { -- | Specifies the allocated storage size in gibibytes (GiB).
+    allocatedStorage :: Prelude.Maybe Prelude.Int,
+    -- | A list of Availability Zones where instances in the DB cluster can be
+    -- created.
+    availabilityZones :: Prelude.Maybe [Prelude.Text],
+    -- | Indicates when the DB cluster was created, in Universal Coordinated Time
+    -- (UTC).
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    clusterCreateTime :: Prelude.Maybe Prelude.Text,
+    -- | The DB cluster identifier.
+    dbClusterIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the DB cluster snapshot.
+    dbClusterSnapshotIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The name of the database engine that you want to use for this DB
+    -- instance.
+    engine :: Prelude.Maybe Prelude.Text,
+    -- | The version of the database engine to use.
+    engineVersion :: Prelude.Maybe Prelude.Text,
+    -- | Whether mapping of IAM accounts to database accounts is enabled.
+    iamDatabaseAuthenticationEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | The ARN of the KMS master key that is used to encrypt the database
+    -- instances in the DB cluster.
+    kmsKeyId :: Prelude.Maybe Prelude.Text,
+    -- | The license model information for this DB cluster snapshot.
+    licenseModel :: Prelude.Maybe Prelude.Text,
+    -- | The name of the master user for the DB cluster.
+    masterUsername :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the percentage of the estimated data that has been
+    -- transferred.
+    percentProgress :: Prelude.Maybe Prelude.Int,
+    -- | The port number on which the DB instances in the DB cluster accept
+    -- connections.
+    port :: Prelude.Maybe Prelude.Int,
+    -- | Indicates when the snapshot was taken.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    snapshotCreateTime :: Prelude.Maybe Prelude.Text,
+    -- | The type of DB cluster snapshot.
+    snapshotType :: Prelude.Maybe Prelude.Text,
+    -- | The status of this DB cluster snapshot.
+    status :: Prelude.Maybe Prelude.Text,
+    -- | Whether the DB cluster is encrypted.
+    storageEncrypted :: Prelude.Maybe Prelude.Bool,
+    -- | The VPC ID that is associated with the DB cluster snapshot.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbClusterSnapshotDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allocatedStorage', 'awsRdsDbClusterSnapshotDetails_allocatedStorage' - Specifies the allocated storage size in gibibytes (GiB).
+--
+-- 'availabilityZones', 'awsRdsDbClusterSnapshotDetails_availabilityZones' - A list of Availability Zones where instances in the DB cluster can be
+-- created.
+--
+-- 'clusterCreateTime', 'awsRdsDbClusterSnapshotDetails_clusterCreateTime' - Indicates when the DB cluster was created, in Universal Coordinated Time
+-- (UTC).
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'dbClusterIdentifier', 'awsRdsDbClusterSnapshotDetails_dbClusterIdentifier' - The DB cluster identifier.
+--
+-- 'dbClusterSnapshotIdentifier', 'awsRdsDbClusterSnapshotDetails_dbClusterSnapshotIdentifier' - The identifier of the DB cluster snapshot.
+--
+-- 'engine', 'awsRdsDbClusterSnapshotDetails_engine' - The name of the database engine that you want to use for this DB
+-- instance.
+--
+-- 'engineVersion', 'awsRdsDbClusterSnapshotDetails_engineVersion' - The version of the database engine to use.
+--
+-- 'iamDatabaseAuthenticationEnabled', 'awsRdsDbClusterSnapshotDetails_iamDatabaseAuthenticationEnabled' - Whether mapping of IAM accounts to database accounts is enabled.
+--
+-- 'kmsKeyId', 'awsRdsDbClusterSnapshotDetails_kmsKeyId' - The ARN of the KMS master key that is used to encrypt the database
+-- instances in the DB cluster.
+--
+-- 'licenseModel', 'awsRdsDbClusterSnapshotDetails_licenseModel' - The license model information for this DB cluster snapshot.
+--
+-- 'masterUsername', 'awsRdsDbClusterSnapshotDetails_masterUsername' - The name of the master user for the DB cluster.
+--
+-- 'percentProgress', 'awsRdsDbClusterSnapshotDetails_percentProgress' - Specifies the percentage of the estimated data that has been
+-- transferred.
+--
+-- 'port', 'awsRdsDbClusterSnapshotDetails_port' - The port number on which the DB instances in the DB cluster accept
+-- connections.
+--
+-- 'snapshotCreateTime', 'awsRdsDbClusterSnapshotDetails_snapshotCreateTime' - Indicates when the snapshot was taken.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'snapshotType', 'awsRdsDbClusterSnapshotDetails_snapshotType' - The type of DB cluster snapshot.
+--
+-- 'status', 'awsRdsDbClusterSnapshotDetails_status' - The status of this DB cluster snapshot.
+--
+-- 'storageEncrypted', 'awsRdsDbClusterSnapshotDetails_storageEncrypted' - Whether the DB cluster is encrypted.
+--
+-- 'vpcId', 'awsRdsDbClusterSnapshotDetails_vpcId' - The VPC ID that is associated with the DB cluster snapshot.
+newAwsRdsDbClusterSnapshotDetails ::
+  AwsRdsDbClusterSnapshotDetails
+newAwsRdsDbClusterSnapshotDetails =
+  AwsRdsDbClusterSnapshotDetails'
+    { allocatedStorage =
+        Prelude.Nothing,
+      availabilityZones = Prelude.Nothing,
+      clusterCreateTime = Prelude.Nothing,
+      dbClusterIdentifier = Prelude.Nothing,
+      dbClusterSnapshotIdentifier =
+        Prelude.Nothing,
+      engine = Prelude.Nothing,
+      engineVersion = Prelude.Nothing,
+      iamDatabaseAuthenticationEnabled =
+        Prelude.Nothing,
+      kmsKeyId = Prelude.Nothing,
+      licenseModel = Prelude.Nothing,
+      masterUsername = Prelude.Nothing,
+      percentProgress = Prelude.Nothing,
+      port = Prelude.Nothing,
+      snapshotCreateTime = Prelude.Nothing,
+      snapshotType = Prelude.Nothing,
+      status = Prelude.Nothing,
+      storageEncrypted = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | Specifies the allocated storage size in gibibytes (GiB).
+awsRdsDbClusterSnapshotDetails_allocatedStorage :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbClusterSnapshotDetails_allocatedStorage = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {allocatedStorage} -> allocatedStorage) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {allocatedStorage = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | A list of Availability Zones where instances in the DB cluster can be
+-- created.
+awsRdsDbClusterSnapshotDetails_availabilityZones :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe [Prelude.Text])
+awsRdsDbClusterSnapshotDetails_availabilityZones = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {availabilityZones} -> availabilityZones) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {availabilityZones = a} :: AwsRdsDbClusterSnapshotDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates when the DB cluster was created, in Universal Coordinated Time
+-- (UTC).
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsRdsDbClusterSnapshotDetails_clusterCreateTime :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterSnapshotDetails_clusterCreateTime = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {clusterCreateTime} -> clusterCreateTime) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {clusterCreateTime = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | The DB cluster identifier.
+awsRdsDbClusterSnapshotDetails_dbClusterIdentifier :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterSnapshotDetails_dbClusterIdentifier = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {dbClusterIdentifier} -> dbClusterIdentifier) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {dbClusterIdentifier = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | The identifier of the DB cluster snapshot.
+awsRdsDbClusterSnapshotDetails_dbClusterSnapshotIdentifier :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterSnapshotDetails_dbClusterSnapshotIdentifier = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {dbClusterSnapshotIdentifier} -> dbClusterSnapshotIdentifier) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {dbClusterSnapshotIdentifier = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | The name of the database engine that you want to use for this DB
+-- instance.
+awsRdsDbClusterSnapshotDetails_engine :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterSnapshotDetails_engine = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {engine} -> engine) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {engine = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | The version of the database engine to use.
+awsRdsDbClusterSnapshotDetails_engineVersion :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterSnapshotDetails_engineVersion = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {engineVersion} -> engineVersion) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {engineVersion = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | Whether mapping of IAM accounts to database accounts is enabled.
+awsRdsDbClusterSnapshotDetails_iamDatabaseAuthenticationEnabled :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbClusterSnapshotDetails_iamDatabaseAuthenticationEnabled = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {iamDatabaseAuthenticationEnabled} -> iamDatabaseAuthenticationEnabled) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {iamDatabaseAuthenticationEnabled = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | The ARN of the KMS master key that is used to encrypt the database
+-- instances in the DB cluster.
+awsRdsDbClusterSnapshotDetails_kmsKeyId :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterSnapshotDetails_kmsKeyId = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {kmsKeyId} -> kmsKeyId) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {kmsKeyId = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | The license model information for this DB cluster snapshot.
+awsRdsDbClusterSnapshotDetails_licenseModel :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterSnapshotDetails_licenseModel = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {licenseModel} -> licenseModel) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {licenseModel = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | The name of the master user for the DB cluster.
+awsRdsDbClusterSnapshotDetails_masterUsername :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterSnapshotDetails_masterUsername = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {masterUsername} -> masterUsername) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {masterUsername = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | Specifies the percentage of the estimated data that has been
+-- transferred.
+awsRdsDbClusterSnapshotDetails_percentProgress :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbClusterSnapshotDetails_percentProgress = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {percentProgress} -> percentProgress) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {percentProgress = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | The port number on which the DB instances in the DB cluster accept
+-- connections.
+awsRdsDbClusterSnapshotDetails_port :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbClusterSnapshotDetails_port = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {port} -> port) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {port = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | Indicates when the snapshot was taken.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsRdsDbClusterSnapshotDetails_snapshotCreateTime :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterSnapshotDetails_snapshotCreateTime = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {snapshotCreateTime} -> snapshotCreateTime) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {snapshotCreateTime = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | The type of DB cluster snapshot.
+awsRdsDbClusterSnapshotDetails_snapshotType :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterSnapshotDetails_snapshotType = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {snapshotType} -> snapshotType) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {snapshotType = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | The status of this DB cluster snapshot.
+awsRdsDbClusterSnapshotDetails_status :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterSnapshotDetails_status = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {status} -> status) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {status = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | Whether the DB cluster is encrypted.
+awsRdsDbClusterSnapshotDetails_storageEncrypted :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbClusterSnapshotDetails_storageEncrypted = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {storageEncrypted} -> storageEncrypted) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {storageEncrypted = a} :: AwsRdsDbClusterSnapshotDetails)
+
+-- | The VPC ID that is associated with the DB cluster snapshot.
+awsRdsDbClusterSnapshotDetails_vpcId :: Lens.Lens' AwsRdsDbClusterSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbClusterSnapshotDetails_vpcId = Lens.lens (\AwsRdsDbClusterSnapshotDetails' {vpcId} -> vpcId) (\s@AwsRdsDbClusterSnapshotDetails' {} a -> s {vpcId = a} :: AwsRdsDbClusterSnapshotDetails)
+
+instance Data.FromJSON AwsRdsDbClusterSnapshotDetails where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbClusterSnapshotDetails"
+      ( \x ->
+          AwsRdsDbClusterSnapshotDetails'
+            Prelude.<$> (x Data..:? "AllocatedStorage")
+            Prelude.<*> ( x
+                            Data..:? "AvailabilityZones"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ClusterCreateTime")
+            Prelude.<*> (x Data..:? "DbClusterIdentifier")
+            Prelude.<*> (x Data..:? "DbClusterSnapshotIdentifier")
+            Prelude.<*> (x Data..:? "Engine")
+            Prelude.<*> (x Data..:? "EngineVersion")
+            Prelude.<*> (x Data..:? "IamDatabaseAuthenticationEnabled")
+            Prelude.<*> (x Data..:? "KmsKeyId")
+            Prelude.<*> (x Data..:? "LicenseModel")
+            Prelude.<*> (x Data..:? "MasterUsername")
+            Prelude.<*> (x Data..:? "PercentProgress")
+            Prelude.<*> (x Data..:? "Port")
+            Prelude.<*> (x Data..:? "SnapshotCreateTime")
+            Prelude.<*> (x Data..:? "SnapshotType")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "StorageEncrypted")
+            Prelude.<*> (x Data..:? "VpcId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRdsDbClusterSnapshotDetails
+  where
+  hashWithSalt
+    _salt
+    AwsRdsDbClusterSnapshotDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` allocatedStorage
+        `Prelude.hashWithSalt` availabilityZones
+        `Prelude.hashWithSalt` clusterCreateTime
+        `Prelude.hashWithSalt` dbClusterIdentifier
+        `Prelude.hashWithSalt` dbClusterSnapshotIdentifier
+        `Prelude.hashWithSalt` engine
+        `Prelude.hashWithSalt` engineVersion
+        `Prelude.hashWithSalt` iamDatabaseAuthenticationEnabled
+        `Prelude.hashWithSalt` kmsKeyId
+        `Prelude.hashWithSalt` licenseModel
+        `Prelude.hashWithSalt` masterUsername
+        `Prelude.hashWithSalt` percentProgress
+        `Prelude.hashWithSalt` port
+        `Prelude.hashWithSalt` snapshotCreateTime
+        `Prelude.hashWithSalt` snapshotType
+        `Prelude.hashWithSalt` status
+        `Prelude.hashWithSalt` storageEncrypted
+        `Prelude.hashWithSalt` vpcId
+
+instance
+  Prelude.NFData
+    AwsRdsDbClusterSnapshotDetails
+  where
+  rnf AwsRdsDbClusterSnapshotDetails' {..} =
+    Prelude.rnf allocatedStorage
+      `Prelude.seq` Prelude.rnf availabilityZones
+      `Prelude.seq` Prelude.rnf clusterCreateTime
+      `Prelude.seq` Prelude.rnf dbClusterIdentifier
+      `Prelude.seq` Prelude.rnf dbClusterSnapshotIdentifier
+      `Prelude.seq` Prelude.rnf engine
+      `Prelude.seq` Prelude.rnf engineVersion
+      `Prelude.seq` Prelude.rnf iamDatabaseAuthenticationEnabled
+      `Prelude.seq` Prelude.rnf kmsKeyId
+      `Prelude.seq` Prelude.rnf licenseModel
+      `Prelude.seq` Prelude.rnf masterUsername
+      `Prelude.seq` Prelude.rnf percentProgress
+      `Prelude.seq` Prelude.rnf port
+      `Prelude.seq` Prelude.rnf snapshotCreateTime
+      `Prelude.seq` Prelude.rnf snapshotType
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf storageEncrypted
+      `Prelude.seq` Prelude.rnf vpcId
+
+instance Data.ToJSON AwsRdsDbClusterSnapshotDetails where
+  toJSON AwsRdsDbClusterSnapshotDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AllocatedStorage" Data..=)
+              Prelude.<$> allocatedStorage,
+            ("AvailabilityZones" Data..=)
+              Prelude.<$> availabilityZones,
+            ("ClusterCreateTime" Data..=)
+              Prelude.<$> clusterCreateTime,
+            ("DbClusterIdentifier" Data..=)
+              Prelude.<$> dbClusterIdentifier,
+            ("DbClusterSnapshotIdentifier" Data..=)
+              Prelude.<$> dbClusterSnapshotIdentifier,
+            ("Engine" Data..=) Prelude.<$> engine,
+            ("EngineVersion" Data..=) Prelude.<$> engineVersion,
+            ("IamDatabaseAuthenticationEnabled" Data..=)
+              Prelude.<$> iamDatabaseAuthenticationEnabled,
+            ("KmsKeyId" Data..=) Prelude.<$> kmsKeyId,
+            ("LicenseModel" Data..=) Prelude.<$> licenseModel,
+            ("MasterUsername" Data..=)
+              Prelude.<$> masterUsername,
+            ("PercentProgress" Data..=)
+              Prelude.<$> percentProgress,
+            ("Port" Data..=) Prelude.<$> port,
+            ("SnapshotCreateTime" Data..=)
+              Prelude.<$> snapshotCreateTime,
+            ("SnapshotType" Data..=) Prelude.<$> snapshotType,
+            ("Status" Data..=) Prelude.<$> status,
+            ("StorageEncrypted" Data..=)
+              Prelude.<$> storageEncrypted,
+            ("VpcId" Data..=) Prelude.<$> vpcId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbDomainMembership.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbDomainMembership.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbDomainMembership.hs
@@ -0,0 +1,126 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbDomainMembership
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbDomainMembership where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about an Active Directory domain membership record
+-- associated with the DB instance.
+--
+-- /See:/ 'newAwsRdsDbDomainMembership' smart constructor.
+data AwsRdsDbDomainMembership = AwsRdsDbDomainMembership'
+  { -- | The identifier of the Active Directory domain.
+    domain :: Prelude.Maybe Prelude.Text,
+    -- | The fully qualified domain name of the Active Directory domain.
+    fqdn :: Prelude.Maybe Prelude.Text,
+    -- | The name of the IAM role to use when making API calls to the Directory
+    -- Service.
+    iamRoleName :: Prelude.Maybe Prelude.Text,
+    -- | The status of the Active Directory Domain membership for the DB
+    -- instance.
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbDomainMembership' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'domain', 'awsRdsDbDomainMembership_domain' - The identifier of the Active Directory domain.
+--
+-- 'fqdn', 'awsRdsDbDomainMembership_fqdn' - The fully qualified domain name of the Active Directory domain.
+--
+-- 'iamRoleName', 'awsRdsDbDomainMembership_iamRoleName' - The name of the IAM role to use when making API calls to the Directory
+-- Service.
+--
+-- 'status', 'awsRdsDbDomainMembership_status' - The status of the Active Directory Domain membership for the DB
+-- instance.
+newAwsRdsDbDomainMembership ::
+  AwsRdsDbDomainMembership
+newAwsRdsDbDomainMembership =
+  AwsRdsDbDomainMembership'
+    { domain = Prelude.Nothing,
+      fqdn = Prelude.Nothing,
+      iamRoleName = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The identifier of the Active Directory domain.
+awsRdsDbDomainMembership_domain :: Lens.Lens' AwsRdsDbDomainMembership (Prelude.Maybe Prelude.Text)
+awsRdsDbDomainMembership_domain = Lens.lens (\AwsRdsDbDomainMembership' {domain} -> domain) (\s@AwsRdsDbDomainMembership' {} a -> s {domain = a} :: AwsRdsDbDomainMembership)
+
+-- | The fully qualified domain name of the Active Directory domain.
+awsRdsDbDomainMembership_fqdn :: Lens.Lens' AwsRdsDbDomainMembership (Prelude.Maybe Prelude.Text)
+awsRdsDbDomainMembership_fqdn = Lens.lens (\AwsRdsDbDomainMembership' {fqdn} -> fqdn) (\s@AwsRdsDbDomainMembership' {} a -> s {fqdn = a} :: AwsRdsDbDomainMembership)
+
+-- | The name of the IAM role to use when making API calls to the Directory
+-- Service.
+awsRdsDbDomainMembership_iamRoleName :: Lens.Lens' AwsRdsDbDomainMembership (Prelude.Maybe Prelude.Text)
+awsRdsDbDomainMembership_iamRoleName = Lens.lens (\AwsRdsDbDomainMembership' {iamRoleName} -> iamRoleName) (\s@AwsRdsDbDomainMembership' {} a -> s {iamRoleName = a} :: AwsRdsDbDomainMembership)
+
+-- | The status of the Active Directory Domain membership for the DB
+-- instance.
+awsRdsDbDomainMembership_status :: Lens.Lens' AwsRdsDbDomainMembership (Prelude.Maybe Prelude.Text)
+awsRdsDbDomainMembership_status = Lens.lens (\AwsRdsDbDomainMembership' {status} -> status) (\s@AwsRdsDbDomainMembership' {} a -> s {status = a} :: AwsRdsDbDomainMembership)
+
+instance Data.FromJSON AwsRdsDbDomainMembership where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbDomainMembership"
+      ( \x ->
+          AwsRdsDbDomainMembership'
+            Prelude.<$> (x Data..:? "Domain")
+            Prelude.<*> (x Data..:? "Fqdn")
+            Prelude.<*> (x Data..:? "IamRoleName")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance Prelude.Hashable AwsRdsDbDomainMembership where
+  hashWithSalt _salt AwsRdsDbDomainMembership' {..} =
+    _salt
+      `Prelude.hashWithSalt` domain
+      `Prelude.hashWithSalt` fqdn
+      `Prelude.hashWithSalt` iamRoleName
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData AwsRdsDbDomainMembership where
+  rnf AwsRdsDbDomainMembership' {..} =
+    Prelude.rnf domain
+      `Prelude.seq` Prelude.rnf fqdn
+      `Prelude.seq` Prelude.rnf iamRoleName
+      `Prelude.seq` Prelude.rnf status
+
+instance Data.ToJSON AwsRdsDbDomainMembership where
+  toJSON AwsRdsDbDomainMembership' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Domain" Data..=) Prelude.<$> domain,
+            ("Fqdn" Data..=) Prelude.<$> fqdn,
+            ("IamRoleName" Data..=) Prelude.<$> iamRoleName,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbInstanceAssociatedRole.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbInstanceAssociatedRole.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbInstanceAssociatedRole.hs
@@ -0,0 +1,151 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbInstanceAssociatedRole
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbInstanceAssociatedRole where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An IAM role associated with the DB instance.
+--
+-- /See:/ 'newAwsRdsDbInstanceAssociatedRole' smart constructor.
+data AwsRdsDbInstanceAssociatedRole = AwsRdsDbInstanceAssociatedRole'
+  { -- | The name of the feature associated with the IAM role.
+    featureName :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the IAM role that is associated with the DB instance.
+    roleArn :: Prelude.Maybe Prelude.Text,
+    -- | Describes the state of the association between the IAM role and the DB
+    -- instance. The @Status@ property returns one of the following values:
+    --
+    -- -   @ACTIVE@ - The IAM role ARN is associated with the DB instance and
+    --     can be used to access other Amazon Web Services services on your
+    --     behalf.
+    --
+    -- -   @PENDING@ - The IAM role ARN is being associated with the DB
+    --     instance.
+    --
+    -- -   @INVALID@ - The IAM role ARN is associated with the DB instance. But
+    --     the DB instance is unable to assume the IAM role in order to access
+    --     other Amazon Web Services services on your behalf.
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbInstanceAssociatedRole' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'featureName', 'awsRdsDbInstanceAssociatedRole_featureName' - The name of the feature associated with the IAM role.
+--
+-- 'roleArn', 'awsRdsDbInstanceAssociatedRole_roleArn' - The ARN of the IAM role that is associated with the DB instance.
+--
+-- 'status', 'awsRdsDbInstanceAssociatedRole_status' - Describes the state of the association between the IAM role and the DB
+-- instance. The @Status@ property returns one of the following values:
+--
+-- -   @ACTIVE@ - The IAM role ARN is associated with the DB instance and
+--     can be used to access other Amazon Web Services services on your
+--     behalf.
+--
+-- -   @PENDING@ - The IAM role ARN is being associated with the DB
+--     instance.
+--
+-- -   @INVALID@ - The IAM role ARN is associated with the DB instance. But
+--     the DB instance is unable to assume the IAM role in order to access
+--     other Amazon Web Services services on your behalf.
+newAwsRdsDbInstanceAssociatedRole ::
+  AwsRdsDbInstanceAssociatedRole
+newAwsRdsDbInstanceAssociatedRole =
+  AwsRdsDbInstanceAssociatedRole'
+    { featureName =
+        Prelude.Nothing,
+      roleArn = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The name of the feature associated with the IAM role.
+awsRdsDbInstanceAssociatedRole_featureName :: Lens.Lens' AwsRdsDbInstanceAssociatedRole (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceAssociatedRole_featureName = Lens.lens (\AwsRdsDbInstanceAssociatedRole' {featureName} -> featureName) (\s@AwsRdsDbInstanceAssociatedRole' {} a -> s {featureName = a} :: AwsRdsDbInstanceAssociatedRole)
+
+-- | The ARN of the IAM role that is associated with the DB instance.
+awsRdsDbInstanceAssociatedRole_roleArn :: Lens.Lens' AwsRdsDbInstanceAssociatedRole (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceAssociatedRole_roleArn = Lens.lens (\AwsRdsDbInstanceAssociatedRole' {roleArn} -> roleArn) (\s@AwsRdsDbInstanceAssociatedRole' {} a -> s {roleArn = a} :: AwsRdsDbInstanceAssociatedRole)
+
+-- | Describes the state of the association between the IAM role and the DB
+-- instance. The @Status@ property returns one of the following values:
+--
+-- -   @ACTIVE@ - The IAM role ARN is associated with the DB instance and
+--     can be used to access other Amazon Web Services services on your
+--     behalf.
+--
+-- -   @PENDING@ - The IAM role ARN is being associated with the DB
+--     instance.
+--
+-- -   @INVALID@ - The IAM role ARN is associated with the DB instance. But
+--     the DB instance is unable to assume the IAM role in order to access
+--     other Amazon Web Services services on your behalf.
+awsRdsDbInstanceAssociatedRole_status :: Lens.Lens' AwsRdsDbInstanceAssociatedRole (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceAssociatedRole_status = Lens.lens (\AwsRdsDbInstanceAssociatedRole' {status} -> status) (\s@AwsRdsDbInstanceAssociatedRole' {} a -> s {status = a} :: AwsRdsDbInstanceAssociatedRole)
+
+instance Data.FromJSON AwsRdsDbInstanceAssociatedRole where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbInstanceAssociatedRole"
+      ( \x ->
+          AwsRdsDbInstanceAssociatedRole'
+            Prelude.<$> (x Data..:? "FeatureName")
+            Prelude.<*> (x Data..:? "RoleArn")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRdsDbInstanceAssociatedRole
+  where
+  hashWithSalt
+    _salt
+    AwsRdsDbInstanceAssociatedRole' {..} =
+      _salt
+        `Prelude.hashWithSalt` featureName
+        `Prelude.hashWithSalt` roleArn
+        `Prelude.hashWithSalt` status
+
+instance
+  Prelude.NFData
+    AwsRdsDbInstanceAssociatedRole
+  where
+  rnf AwsRdsDbInstanceAssociatedRole' {..} =
+    Prelude.rnf featureName
+      `Prelude.seq` Prelude.rnf roleArn
+      `Prelude.seq` Prelude.rnf status
+
+instance Data.ToJSON AwsRdsDbInstanceAssociatedRole where
+  toJSON AwsRdsDbInstanceAssociatedRole' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("FeatureName" Data..=) Prelude.<$> featureName,
+            ("RoleArn" Data..=) Prelude.<$> roleArn,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbInstanceDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbInstanceDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbInstanceDetails.hs
@@ -0,0 +1,1162 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbInstanceDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbInstanceDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsRdsDbDomainMembership
+import Amazonka.SecurityHub.Types.AwsRdsDbInstanceAssociatedRole
+import Amazonka.SecurityHub.Types.AwsRdsDbInstanceEndpoint
+import Amazonka.SecurityHub.Types.AwsRdsDbInstanceVpcSecurityGroup
+import Amazonka.SecurityHub.Types.AwsRdsDbOptionGroupMembership
+import Amazonka.SecurityHub.Types.AwsRdsDbParameterGroup
+import Amazonka.SecurityHub.Types.AwsRdsDbPendingModifiedValues
+import Amazonka.SecurityHub.Types.AwsRdsDbProcessorFeature
+import Amazonka.SecurityHub.Types.AwsRdsDbStatusInfo
+import Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroup
+
+-- | Contains the details of an Amazon RDS DB instance.
+--
+-- /See:/ 'newAwsRdsDbInstanceDetails' smart constructor.
+data AwsRdsDbInstanceDetails = AwsRdsDbInstanceDetails'
+  { -- | The amount of storage (in gigabytes) to initially allocate for the DB
+    -- instance.
+    allocatedStorage :: Prelude.Maybe Prelude.Int,
+    -- | The IAM roles associated with the DB instance.
+    associatedRoles :: Prelude.Maybe [AwsRdsDbInstanceAssociatedRole],
+    -- | Indicates whether minor version patches are applied automatically.
+    autoMinorVersionUpgrade :: Prelude.Maybe Prelude.Bool,
+    -- | The Availability Zone where the DB instance will be created.
+    availabilityZone :: Prelude.Maybe Prelude.Text,
+    -- | The number of days for which to retain automated backups.
+    backupRetentionPeriod :: Prelude.Maybe Prelude.Int,
+    -- | The identifier of the CA certificate for this DB instance.
+    cACertificateIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The name of the character set that this DB instance is associated with.
+    characterSetName :: Prelude.Maybe Prelude.Text,
+    -- | Whether to copy resource tags to snapshots of the DB instance.
+    copyTagsToSnapshot :: Prelude.Maybe Prelude.Bool,
+    -- | If the DB instance is a member of a DB cluster, contains the name of the
+    -- DB cluster that the DB instance is a member of.
+    dbClusterIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | Contains the name of the compute and memory capacity class of the DB
+    -- instance.
+    dbInstanceClass :: Prelude.Maybe Prelude.Text,
+    -- | Contains a user-supplied database identifier. This identifier is the
+    -- unique key that identifies a DB instance.
+    dbInstanceIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The meaning of this parameter differs according to the database engine
+    -- you use.
+    --
+    -- __MySQL, MariaDB, SQL Server, PostgreSQL__
+    --
+    -- Contains the name of the initial database of this instance that was
+    -- provided at create time, if one was specified when the DB instance was
+    -- created. This same name is returned for the life of the DB instance.
+    --
+    -- __Oracle__
+    --
+    -- Contains the Oracle System ID (SID) of the created DB instance. Not
+    -- shown when the returned parameters do not apply to an Oracle DB
+    -- instance.
+    dbName :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the port that the DB instance listens on. If the DB instance
+    -- is part of a DB cluster, this can be a different port than the DB
+    -- cluster port.
+    dbInstancePort :: Prelude.Maybe Prelude.Int,
+    -- | The current status of the DB instance.
+    dbInstanceStatus :: Prelude.Maybe Prelude.Text,
+    -- | A list of the DB parameter groups to assign to the DB instance.
+    dbParameterGroups :: Prelude.Maybe [AwsRdsDbParameterGroup],
+    -- | A list of the DB security groups to assign to the DB instance.
+    dbSecurityGroups :: Prelude.Maybe [Prelude.Text],
+    -- | Information about the subnet group that is associated with the DB
+    -- instance.
+    dbSubnetGroup :: Prelude.Maybe AwsRdsDbSubnetGroup,
+    -- | The Amazon Web Services Region-unique, immutable identifier for the DB
+    -- instance. This identifier is found in CloudTrail log entries whenever
+    -- the KMS key for the DB instance is accessed.
+    dbiResourceId :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether the DB instance has deletion protection enabled.
+    --
+    -- When deletion protection is enabled, the database cannot be deleted.
+    deletionProtection :: Prelude.Maybe Prelude.Bool,
+    -- | The Active Directory domain membership records associated with the DB
+    -- instance.
+    domainMemberships :: Prelude.Maybe [AwsRdsDbDomainMembership],
+    -- | A list of log types that this DB instance is configured to export to
+    -- CloudWatch Logs.
+    enabledCloudWatchLogsExports :: Prelude.Maybe [Prelude.Text],
+    -- | Specifies the connection endpoint.
+    endpoint :: Prelude.Maybe AwsRdsDbInstanceEndpoint,
+    -- | Provides the name of the database engine to use for this DB instance.
+    engine :: Prelude.Maybe Prelude.Text,
+    -- | Indicates the database engine version.
+    engineVersion :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the CloudWatch Logs log stream that receives the enhanced
+    -- monitoring metrics data for the DB instance.
+    enhancedMonitoringResourceArn :: Prelude.Maybe Prelude.Text,
+    -- | True if mapping of IAM accounts to database accounts is enabled, and
+    -- otherwise false.
+    --
+    -- IAM database authentication can be enabled for the following database
+    -- engines.
+    --
+    -- -   For MySQL 5.6, minor version 5.6.34 or higher
+    --
+    -- -   For MySQL 5.7, minor version 5.7.16 or higher
+    --
+    -- -   Aurora 5.6 or higher
+    iAMDatabaseAuthenticationEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates when the DB instance was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    instanceCreateTime :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the provisioned IOPS (I\/O operations per second) for this DB
+    -- instance.
+    iops :: Prelude.Maybe Prelude.Int,
+    -- | If @StorageEncrypted@ is true, the KMS key identifier for the encrypted
+    -- DB instance.
+    kmsKeyId :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the latest time to which a database can be restored with
+    -- point-in-time restore.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    latestRestorableTime :: Prelude.Maybe Prelude.Text,
+    -- | License model information for this DB instance.
+    licenseModel :: Prelude.Maybe Prelude.Text,
+    listenerEndpoint :: Prelude.Maybe AwsRdsDbInstanceEndpoint,
+    -- | The master user name of the DB instance.
+    masterUsername :: Prelude.Maybe Prelude.Text,
+    -- | The upper limit to which Amazon RDS can automatically scale the storage
+    -- of the DB instance.
+    maxAllocatedStorage :: Prelude.Maybe Prelude.Int,
+    -- | The interval, in seconds, between points when enhanced monitoring
+    -- metrics are collected for the DB instance.
+    monitoringInterval :: Prelude.Maybe Prelude.Int,
+    -- | The ARN for the IAM role that permits Amazon RDS to send enhanced
+    -- monitoring metrics to CloudWatch Logs.
+    monitoringRoleArn :: Prelude.Maybe Prelude.Text,
+    -- | Whether the DB instance is a multiple Availability Zone deployment.
+    multiAz :: Prelude.Maybe Prelude.Bool,
+    -- | The list of option group memberships for this DB instance.
+    optionGroupMemberships :: Prelude.Maybe [AwsRdsDbOptionGroupMembership],
+    -- | Changes to the DB instance that are currently pending.
+    pendingModifiedValues :: Prelude.Maybe AwsRdsDbPendingModifiedValues,
+    -- | Indicates whether Performance Insights is enabled for the DB instance.
+    performanceInsightsEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | The identifier of the KMS key used to encrypt the Performance Insights
+    -- data.
+    performanceInsightsKmsKeyId :: Prelude.Maybe Prelude.Text,
+    -- | The number of days to retain Performance Insights data.
+    performanceInsightsRetentionPeriod :: Prelude.Maybe Prelude.Int,
+    -- | The range of time each day when automated backups are created, if
+    -- automated backups are enabled.
+    --
+    -- Uses the format @HH:MM-HH:MM@. For example, @04:52-05:22@.
+    preferredBackupWindow :: Prelude.Maybe Prelude.Text,
+    -- | The weekly time range during which system maintenance can occur, in
+    -- Universal Coordinated Time (UTC).
+    --
+    -- Uses the format @\<day>:HH:MM-\<day>:HH:MM@.
+    --
+    -- For the day values, use @mon@|@tue@|@wed@|@thu@|@fri@|@sat@|@sun@.
+    --
+    -- For example, @sun:09:32-sun:10:02@.
+    preferredMaintenanceWindow :: Prelude.Maybe Prelude.Text,
+    -- | The number of CPU cores and the number of threads per core for the DB
+    -- instance class of the DB instance.
+    processorFeatures :: Prelude.Maybe [AwsRdsDbProcessorFeature],
+    -- | The order in which to promote an Aurora replica to the primary instance
+    -- after a failure of the existing primary instance.
+    promotionTier :: Prelude.Maybe Prelude.Int,
+    -- | Specifies the accessibility options for the DB instance.
+    --
+    -- A value of true specifies an Internet-facing instance with a publicly
+    -- resolvable DNS name, which resolves to a public IP address.
+    --
+    -- A value of false specifies an internal instance with a DNS name that
+    -- resolves to a private IP address.
+    publiclyAccessible :: Prelude.Maybe Prelude.Bool,
+    -- | List of identifiers of Aurora DB clusters to which the RDS DB instance
+    -- is replicated as a read replica.
+    readReplicaDBClusterIdentifiers :: Prelude.Maybe [Prelude.Text],
+    -- | List of identifiers of the read replicas associated with this DB
+    -- instance.
+    readReplicaDBInstanceIdentifiers :: Prelude.Maybe [Prelude.Text],
+    -- | If this DB instance is a read replica, contains the identifier of the
+    -- source DB instance.
+    readReplicaSourceDBInstanceIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | For a DB instance with multi-Availability Zone support, the name of the
+    -- secondary Availability Zone.
+    secondaryAvailabilityZone :: Prelude.Maybe Prelude.Text,
+    -- | The status of a read replica. If the instance isn\'t a read replica,
+    -- this is empty.
+    statusInfos :: Prelude.Maybe [AwsRdsDbStatusInfo],
+    -- | Specifies whether the DB instance is encrypted.
+    storageEncrypted :: Prelude.Maybe Prelude.Bool,
+    -- | The storage type for the DB instance.
+    storageType :: Prelude.Maybe Prelude.Text,
+    -- | The ARN from the key store with which the instance is associated for TDE
+    -- encryption.
+    tdeCredentialArn :: Prelude.Maybe Prelude.Text,
+    -- | The time zone of the DB instance.
+    timezone :: Prelude.Maybe Prelude.Text,
+    -- | A list of VPC security groups that the DB instance belongs to.
+    vpcSecurityGroups :: Prelude.Maybe [AwsRdsDbInstanceVpcSecurityGroup]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbInstanceDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allocatedStorage', 'awsRdsDbInstanceDetails_allocatedStorage' - The amount of storage (in gigabytes) to initially allocate for the DB
+-- instance.
+--
+-- 'associatedRoles', 'awsRdsDbInstanceDetails_associatedRoles' - The IAM roles associated with the DB instance.
+--
+-- 'autoMinorVersionUpgrade', 'awsRdsDbInstanceDetails_autoMinorVersionUpgrade' - Indicates whether minor version patches are applied automatically.
+--
+-- 'availabilityZone', 'awsRdsDbInstanceDetails_availabilityZone' - The Availability Zone where the DB instance will be created.
+--
+-- 'backupRetentionPeriod', 'awsRdsDbInstanceDetails_backupRetentionPeriod' - The number of days for which to retain automated backups.
+--
+-- 'cACertificateIdentifier', 'awsRdsDbInstanceDetails_cACertificateIdentifier' - The identifier of the CA certificate for this DB instance.
+--
+-- 'characterSetName', 'awsRdsDbInstanceDetails_characterSetName' - The name of the character set that this DB instance is associated with.
+--
+-- 'copyTagsToSnapshot', 'awsRdsDbInstanceDetails_copyTagsToSnapshot' - Whether to copy resource tags to snapshots of the DB instance.
+--
+-- 'dbClusterIdentifier', 'awsRdsDbInstanceDetails_dbClusterIdentifier' - If the DB instance is a member of a DB cluster, contains the name of the
+-- DB cluster that the DB instance is a member of.
+--
+-- 'dbInstanceClass', 'awsRdsDbInstanceDetails_dbInstanceClass' - Contains the name of the compute and memory capacity class of the DB
+-- instance.
+--
+-- 'dbInstanceIdentifier', 'awsRdsDbInstanceDetails_dbInstanceIdentifier' - Contains a user-supplied database identifier. This identifier is the
+-- unique key that identifies a DB instance.
+--
+-- 'dbName', 'awsRdsDbInstanceDetails_dbName' - The meaning of this parameter differs according to the database engine
+-- you use.
+--
+-- __MySQL, MariaDB, SQL Server, PostgreSQL__
+--
+-- Contains the name of the initial database of this instance that was
+-- provided at create time, if one was specified when the DB instance was
+-- created. This same name is returned for the life of the DB instance.
+--
+-- __Oracle__
+--
+-- Contains the Oracle System ID (SID) of the created DB instance. Not
+-- shown when the returned parameters do not apply to an Oracle DB
+-- instance.
+--
+-- 'dbInstancePort', 'awsRdsDbInstanceDetails_dbInstancePort' - Specifies the port that the DB instance listens on. If the DB instance
+-- is part of a DB cluster, this can be a different port than the DB
+-- cluster port.
+--
+-- 'dbInstanceStatus', 'awsRdsDbInstanceDetails_dbInstanceStatus' - The current status of the DB instance.
+--
+-- 'dbParameterGroups', 'awsRdsDbInstanceDetails_dbParameterGroups' - A list of the DB parameter groups to assign to the DB instance.
+--
+-- 'dbSecurityGroups', 'awsRdsDbInstanceDetails_dbSecurityGroups' - A list of the DB security groups to assign to the DB instance.
+--
+-- 'dbSubnetGroup', 'awsRdsDbInstanceDetails_dbSubnetGroup' - Information about the subnet group that is associated with the DB
+-- instance.
+--
+-- 'dbiResourceId', 'awsRdsDbInstanceDetails_dbiResourceId' - The Amazon Web Services Region-unique, immutable identifier for the DB
+-- instance. This identifier is found in CloudTrail log entries whenever
+-- the KMS key for the DB instance is accessed.
+--
+-- 'deletionProtection', 'awsRdsDbInstanceDetails_deletionProtection' - Indicates whether the DB instance has deletion protection enabled.
+--
+-- When deletion protection is enabled, the database cannot be deleted.
+--
+-- 'domainMemberships', 'awsRdsDbInstanceDetails_domainMemberships' - The Active Directory domain membership records associated with the DB
+-- instance.
+--
+-- 'enabledCloudWatchLogsExports', 'awsRdsDbInstanceDetails_enabledCloudWatchLogsExports' - A list of log types that this DB instance is configured to export to
+-- CloudWatch Logs.
+--
+-- 'endpoint', 'awsRdsDbInstanceDetails_endpoint' - Specifies the connection endpoint.
+--
+-- 'engine', 'awsRdsDbInstanceDetails_engine' - Provides the name of the database engine to use for this DB instance.
+--
+-- 'engineVersion', 'awsRdsDbInstanceDetails_engineVersion' - Indicates the database engine version.
+--
+-- 'enhancedMonitoringResourceArn', 'awsRdsDbInstanceDetails_enhancedMonitoringResourceArn' - The ARN of the CloudWatch Logs log stream that receives the enhanced
+-- monitoring metrics data for the DB instance.
+--
+-- 'iAMDatabaseAuthenticationEnabled', 'awsRdsDbInstanceDetails_iAMDatabaseAuthenticationEnabled' - True if mapping of IAM accounts to database accounts is enabled, and
+-- otherwise false.
+--
+-- IAM database authentication can be enabled for the following database
+-- engines.
+--
+-- -   For MySQL 5.6, minor version 5.6.34 or higher
+--
+-- -   For MySQL 5.7, minor version 5.7.16 or higher
+--
+-- -   Aurora 5.6 or higher
+--
+-- 'instanceCreateTime', 'awsRdsDbInstanceDetails_instanceCreateTime' - Indicates when the DB instance was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'iops', 'awsRdsDbInstanceDetails_iops' - Specifies the provisioned IOPS (I\/O operations per second) for this DB
+-- instance.
+--
+-- 'kmsKeyId', 'awsRdsDbInstanceDetails_kmsKeyId' - If @StorageEncrypted@ is true, the KMS key identifier for the encrypted
+-- DB instance.
+--
+-- 'latestRestorableTime', 'awsRdsDbInstanceDetails_latestRestorableTime' - Specifies the latest time to which a database can be restored with
+-- point-in-time restore.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'licenseModel', 'awsRdsDbInstanceDetails_licenseModel' - License model information for this DB instance.
+--
+-- 'listenerEndpoint', 'awsRdsDbInstanceDetails_listenerEndpoint' - Undocumented member.
+--
+-- 'masterUsername', 'awsRdsDbInstanceDetails_masterUsername' - The master user name of the DB instance.
+--
+-- 'maxAllocatedStorage', 'awsRdsDbInstanceDetails_maxAllocatedStorage' - The upper limit to which Amazon RDS can automatically scale the storage
+-- of the DB instance.
+--
+-- 'monitoringInterval', 'awsRdsDbInstanceDetails_monitoringInterval' - The interval, in seconds, between points when enhanced monitoring
+-- metrics are collected for the DB instance.
+--
+-- 'monitoringRoleArn', 'awsRdsDbInstanceDetails_monitoringRoleArn' - The ARN for the IAM role that permits Amazon RDS to send enhanced
+-- monitoring metrics to CloudWatch Logs.
+--
+-- 'multiAz', 'awsRdsDbInstanceDetails_multiAz' - Whether the DB instance is a multiple Availability Zone deployment.
+--
+-- 'optionGroupMemberships', 'awsRdsDbInstanceDetails_optionGroupMemberships' - The list of option group memberships for this DB instance.
+--
+-- 'pendingModifiedValues', 'awsRdsDbInstanceDetails_pendingModifiedValues' - Changes to the DB instance that are currently pending.
+--
+-- 'performanceInsightsEnabled', 'awsRdsDbInstanceDetails_performanceInsightsEnabled' - Indicates whether Performance Insights is enabled for the DB instance.
+--
+-- 'performanceInsightsKmsKeyId', 'awsRdsDbInstanceDetails_performanceInsightsKmsKeyId' - The identifier of the KMS key used to encrypt the Performance Insights
+-- data.
+--
+-- 'performanceInsightsRetentionPeriod', 'awsRdsDbInstanceDetails_performanceInsightsRetentionPeriod' - The number of days to retain Performance Insights data.
+--
+-- 'preferredBackupWindow', 'awsRdsDbInstanceDetails_preferredBackupWindow' - The range of time each day when automated backups are created, if
+-- automated backups are enabled.
+--
+-- Uses the format @HH:MM-HH:MM@. For example, @04:52-05:22@.
+--
+-- 'preferredMaintenanceWindow', 'awsRdsDbInstanceDetails_preferredMaintenanceWindow' - The weekly time range during which system maintenance can occur, in
+-- Universal Coordinated Time (UTC).
+--
+-- Uses the format @\<day>:HH:MM-\<day>:HH:MM@.
+--
+-- For the day values, use @mon@|@tue@|@wed@|@thu@|@fri@|@sat@|@sun@.
+--
+-- For example, @sun:09:32-sun:10:02@.
+--
+-- 'processorFeatures', 'awsRdsDbInstanceDetails_processorFeatures' - The number of CPU cores and the number of threads per core for the DB
+-- instance class of the DB instance.
+--
+-- 'promotionTier', 'awsRdsDbInstanceDetails_promotionTier' - The order in which to promote an Aurora replica to the primary instance
+-- after a failure of the existing primary instance.
+--
+-- 'publiclyAccessible', 'awsRdsDbInstanceDetails_publiclyAccessible' - Specifies the accessibility options for the DB instance.
+--
+-- A value of true specifies an Internet-facing instance with a publicly
+-- resolvable DNS name, which resolves to a public IP address.
+--
+-- A value of false specifies an internal instance with a DNS name that
+-- resolves to a private IP address.
+--
+-- 'readReplicaDBClusterIdentifiers', 'awsRdsDbInstanceDetails_readReplicaDBClusterIdentifiers' - List of identifiers of Aurora DB clusters to which the RDS DB instance
+-- is replicated as a read replica.
+--
+-- 'readReplicaDBInstanceIdentifiers', 'awsRdsDbInstanceDetails_readReplicaDBInstanceIdentifiers' - List of identifiers of the read replicas associated with this DB
+-- instance.
+--
+-- 'readReplicaSourceDBInstanceIdentifier', 'awsRdsDbInstanceDetails_readReplicaSourceDBInstanceIdentifier' - If this DB instance is a read replica, contains the identifier of the
+-- source DB instance.
+--
+-- 'secondaryAvailabilityZone', 'awsRdsDbInstanceDetails_secondaryAvailabilityZone' - For a DB instance with multi-Availability Zone support, the name of the
+-- secondary Availability Zone.
+--
+-- 'statusInfos', 'awsRdsDbInstanceDetails_statusInfos' - The status of a read replica. If the instance isn\'t a read replica,
+-- this is empty.
+--
+-- 'storageEncrypted', 'awsRdsDbInstanceDetails_storageEncrypted' - Specifies whether the DB instance is encrypted.
+--
+-- 'storageType', 'awsRdsDbInstanceDetails_storageType' - The storage type for the DB instance.
+--
+-- 'tdeCredentialArn', 'awsRdsDbInstanceDetails_tdeCredentialArn' - The ARN from the key store with which the instance is associated for TDE
+-- encryption.
+--
+-- 'timezone', 'awsRdsDbInstanceDetails_timezone' - The time zone of the DB instance.
+--
+-- 'vpcSecurityGroups', 'awsRdsDbInstanceDetails_vpcSecurityGroups' - A list of VPC security groups that the DB instance belongs to.
+newAwsRdsDbInstanceDetails ::
+  AwsRdsDbInstanceDetails
+newAwsRdsDbInstanceDetails =
+  AwsRdsDbInstanceDetails'
+    { allocatedStorage =
+        Prelude.Nothing,
+      associatedRoles = Prelude.Nothing,
+      autoMinorVersionUpgrade = Prelude.Nothing,
+      availabilityZone = Prelude.Nothing,
+      backupRetentionPeriod = Prelude.Nothing,
+      cACertificateIdentifier = Prelude.Nothing,
+      characterSetName = Prelude.Nothing,
+      copyTagsToSnapshot = Prelude.Nothing,
+      dbClusterIdentifier = Prelude.Nothing,
+      dbInstanceClass = Prelude.Nothing,
+      dbInstanceIdentifier = Prelude.Nothing,
+      dbName = Prelude.Nothing,
+      dbInstancePort = Prelude.Nothing,
+      dbInstanceStatus = Prelude.Nothing,
+      dbParameterGroups = Prelude.Nothing,
+      dbSecurityGroups = Prelude.Nothing,
+      dbSubnetGroup = Prelude.Nothing,
+      dbiResourceId = Prelude.Nothing,
+      deletionProtection = Prelude.Nothing,
+      domainMemberships = Prelude.Nothing,
+      enabledCloudWatchLogsExports = Prelude.Nothing,
+      endpoint = Prelude.Nothing,
+      engine = Prelude.Nothing,
+      engineVersion = Prelude.Nothing,
+      enhancedMonitoringResourceArn = Prelude.Nothing,
+      iAMDatabaseAuthenticationEnabled = Prelude.Nothing,
+      instanceCreateTime = Prelude.Nothing,
+      iops = Prelude.Nothing,
+      kmsKeyId = Prelude.Nothing,
+      latestRestorableTime = Prelude.Nothing,
+      licenseModel = Prelude.Nothing,
+      listenerEndpoint = Prelude.Nothing,
+      masterUsername = Prelude.Nothing,
+      maxAllocatedStorage = Prelude.Nothing,
+      monitoringInterval = Prelude.Nothing,
+      monitoringRoleArn = Prelude.Nothing,
+      multiAz = Prelude.Nothing,
+      optionGroupMemberships = Prelude.Nothing,
+      pendingModifiedValues = Prelude.Nothing,
+      performanceInsightsEnabled = Prelude.Nothing,
+      performanceInsightsKmsKeyId = Prelude.Nothing,
+      performanceInsightsRetentionPeriod =
+        Prelude.Nothing,
+      preferredBackupWindow = Prelude.Nothing,
+      preferredMaintenanceWindow = Prelude.Nothing,
+      processorFeatures = Prelude.Nothing,
+      promotionTier = Prelude.Nothing,
+      publiclyAccessible = Prelude.Nothing,
+      readReplicaDBClusterIdentifiers = Prelude.Nothing,
+      readReplicaDBInstanceIdentifiers = Prelude.Nothing,
+      readReplicaSourceDBInstanceIdentifier =
+        Prelude.Nothing,
+      secondaryAvailabilityZone = Prelude.Nothing,
+      statusInfos = Prelude.Nothing,
+      storageEncrypted = Prelude.Nothing,
+      storageType = Prelude.Nothing,
+      tdeCredentialArn = Prelude.Nothing,
+      timezone = Prelude.Nothing,
+      vpcSecurityGroups = Prelude.Nothing
+    }
+
+-- | The amount of storage (in gigabytes) to initially allocate for the DB
+-- instance.
+awsRdsDbInstanceDetails_allocatedStorage :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbInstanceDetails_allocatedStorage = Lens.lens (\AwsRdsDbInstanceDetails' {allocatedStorage} -> allocatedStorage) (\s@AwsRdsDbInstanceDetails' {} a -> s {allocatedStorage = a} :: AwsRdsDbInstanceDetails)
+
+-- | The IAM roles associated with the DB instance.
+awsRdsDbInstanceDetails_associatedRoles :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe [AwsRdsDbInstanceAssociatedRole])
+awsRdsDbInstanceDetails_associatedRoles = Lens.lens (\AwsRdsDbInstanceDetails' {associatedRoles} -> associatedRoles) (\s@AwsRdsDbInstanceDetails' {} a -> s {associatedRoles = a} :: AwsRdsDbInstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates whether minor version patches are applied automatically.
+awsRdsDbInstanceDetails_autoMinorVersionUpgrade :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbInstanceDetails_autoMinorVersionUpgrade = Lens.lens (\AwsRdsDbInstanceDetails' {autoMinorVersionUpgrade} -> autoMinorVersionUpgrade) (\s@AwsRdsDbInstanceDetails' {} a -> s {autoMinorVersionUpgrade = a} :: AwsRdsDbInstanceDetails)
+
+-- | The Availability Zone where the DB instance will be created.
+awsRdsDbInstanceDetails_availabilityZone :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_availabilityZone = Lens.lens (\AwsRdsDbInstanceDetails' {availabilityZone} -> availabilityZone) (\s@AwsRdsDbInstanceDetails' {} a -> s {availabilityZone = a} :: AwsRdsDbInstanceDetails)
+
+-- | The number of days for which to retain automated backups.
+awsRdsDbInstanceDetails_backupRetentionPeriod :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbInstanceDetails_backupRetentionPeriod = Lens.lens (\AwsRdsDbInstanceDetails' {backupRetentionPeriod} -> backupRetentionPeriod) (\s@AwsRdsDbInstanceDetails' {} a -> s {backupRetentionPeriod = a} :: AwsRdsDbInstanceDetails)
+
+-- | The identifier of the CA certificate for this DB instance.
+awsRdsDbInstanceDetails_cACertificateIdentifier :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_cACertificateIdentifier = Lens.lens (\AwsRdsDbInstanceDetails' {cACertificateIdentifier} -> cACertificateIdentifier) (\s@AwsRdsDbInstanceDetails' {} a -> s {cACertificateIdentifier = a} :: AwsRdsDbInstanceDetails)
+
+-- | The name of the character set that this DB instance is associated with.
+awsRdsDbInstanceDetails_characterSetName :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_characterSetName = Lens.lens (\AwsRdsDbInstanceDetails' {characterSetName} -> characterSetName) (\s@AwsRdsDbInstanceDetails' {} a -> s {characterSetName = a} :: AwsRdsDbInstanceDetails)
+
+-- | Whether to copy resource tags to snapshots of the DB instance.
+awsRdsDbInstanceDetails_copyTagsToSnapshot :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbInstanceDetails_copyTagsToSnapshot = Lens.lens (\AwsRdsDbInstanceDetails' {copyTagsToSnapshot} -> copyTagsToSnapshot) (\s@AwsRdsDbInstanceDetails' {} a -> s {copyTagsToSnapshot = a} :: AwsRdsDbInstanceDetails)
+
+-- | If the DB instance is a member of a DB cluster, contains the name of the
+-- DB cluster that the DB instance is a member of.
+awsRdsDbInstanceDetails_dbClusterIdentifier :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_dbClusterIdentifier = Lens.lens (\AwsRdsDbInstanceDetails' {dbClusterIdentifier} -> dbClusterIdentifier) (\s@AwsRdsDbInstanceDetails' {} a -> s {dbClusterIdentifier = a} :: AwsRdsDbInstanceDetails)
+
+-- | Contains the name of the compute and memory capacity class of the DB
+-- instance.
+awsRdsDbInstanceDetails_dbInstanceClass :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_dbInstanceClass = Lens.lens (\AwsRdsDbInstanceDetails' {dbInstanceClass} -> dbInstanceClass) (\s@AwsRdsDbInstanceDetails' {} a -> s {dbInstanceClass = a} :: AwsRdsDbInstanceDetails)
+
+-- | Contains a user-supplied database identifier. This identifier is the
+-- unique key that identifies a DB instance.
+awsRdsDbInstanceDetails_dbInstanceIdentifier :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_dbInstanceIdentifier = Lens.lens (\AwsRdsDbInstanceDetails' {dbInstanceIdentifier} -> dbInstanceIdentifier) (\s@AwsRdsDbInstanceDetails' {} a -> s {dbInstanceIdentifier = a} :: AwsRdsDbInstanceDetails)
+
+-- | The meaning of this parameter differs according to the database engine
+-- you use.
+--
+-- __MySQL, MariaDB, SQL Server, PostgreSQL__
+--
+-- Contains the name of the initial database of this instance that was
+-- provided at create time, if one was specified when the DB instance was
+-- created. This same name is returned for the life of the DB instance.
+--
+-- __Oracle__
+--
+-- Contains the Oracle System ID (SID) of the created DB instance. Not
+-- shown when the returned parameters do not apply to an Oracle DB
+-- instance.
+awsRdsDbInstanceDetails_dbName :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_dbName = Lens.lens (\AwsRdsDbInstanceDetails' {dbName} -> dbName) (\s@AwsRdsDbInstanceDetails' {} a -> s {dbName = a} :: AwsRdsDbInstanceDetails)
+
+-- | Specifies the port that the DB instance listens on. If the DB instance
+-- is part of a DB cluster, this can be a different port than the DB
+-- cluster port.
+awsRdsDbInstanceDetails_dbInstancePort :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbInstanceDetails_dbInstancePort = Lens.lens (\AwsRdsDbInstanceDetails' {dbInstancePort} -> dbInstancePort) (\s@AwsRdsDbInstanceDetails' {} a -> s {dbInstancePort = a} :: AwsRdsDbInstanceDetails)
+
+-- | The current status of the DB instance.
+awsRdsDbInstanceDetails_dbInstanceStatus :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_dbInstanceStatus = Lens.lens (\AwsRdsDbInstanceDetails' {dbInstanceStatus} -> dbInstanceStatus) (\s@AwsRdsDbInstanceDetails' {} a -> s {dbInstanceStatus = a} :: AwsRdsDbInstanceDetails)
+
+-- | A list of the DB parameter groups to assign to the DB instance.
+awsRdsDbInstanceDetails_dbParameterGroups :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe [AwsRdsDbParameterGroup])
+awsRdsDbInstanceDetails_dbParameterGroups = Lens.lens (\AwsRdsDbInstanceDetails' {dbParameterGroups} -> dbParameterGroups) (\s@AwsRdsDbInstanceDetails' {} a -> s {dbParameterGroups = a} :: AwsRdsDbInstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of the DB security groups to assign to the DB instance.
+awsRdsDbInstanceDetails_dbSecurityGroups :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe [Prelude.Text])
+awsRdsDbInstanceDetails_dbSecurityGroups = Lens.lens (\AwsRdsDbInstanceDetails' {dbSecurityGroups} -> dbSecurityGroups) (\s@AwsRdsDbInstanceDetails' {} a -> s {dbSecurityGroups = a} :: AwsRdsDbInstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Information about the subnet group that is associated with the DB
+-- instance.
+awsRdsDbInstanceDetails_dbSubnetGroup :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe AwsRdsDbSubnetGroup)
+awsRdsDbInstanceDetails_dbSubnetGroup = Lens.lens (\AwsRdsDbInstanceDetails' {dbSubnetGroup} -> dbSubnetGroup) (\s@AwsRdsDbInstanceDetails' {} a -> s {dbSubnetGroup = a} :: AwsRdsDbInstanceDetails)
+
+-- | The Amazon Web Services Region-unique, immutable identifier for the DB
+-- instance. This identifier is found in CloudTrail log entries whenever
+-- the KMS key for the DB instance is accessed.
+awsRdsDbInstanceDetails_dbiResourceId :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_dbiResourceId = Lens.lens (\AwsRdsDbInstanceDetails' {dbiResourceId} -> dbiResourceId) (\s@AwsRdsDbInstanceDetails' {} a -> s {dbiResourceId = a} :: AwsRdsDbInstanceDetails)
+
+-- | Indicates whether the DB instance has deletion protection enabled.
+--
+-- When deletion protection is enabled, the database cannot be deleted.
+awsRdsDbInstanceDetails_deletionProtection :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbInstanceDetails_deletionProtection = Lens.lens (\AwsRdsDbInstanceDetails' {deletionProtection} -> deletionProtection) (\s@AwsRdsDbInstanceDetails' {} a -> s {deletionProtection = a} :: AwsRdsDbInstanceDetails)
+
+-- | The Active Directory domain membership records associated with the DB
+-- instance.
+awsRdsDbInstanceDetails_domainMemberships :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe [AwsRdsDbDomainMembership])
+awsRdsDbInstanceDetails_domainMemberships = Lens.lens (\AwsRdsDbInstanceDetails' {domainMemberships} -> domainMemberships) (\s@AwsRdsDbInstanceDetails' {} a -> s {domainMemberships = a} :: AwsRdsDbInstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of log types that this DB instance is configured to export to
+-- CloudWatch Logs.
+awsRdsDbInstanceDetails_enabledCloudWatchLogsExports :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe [Prelude.Text])
+awsRdsDbInstanceDetails_enabledCloudWatchLogsExports = Lens.lens (\AwsRdsDbInstanceDetails' {enabledCloudWatchLogsExports} -> enabledCloudWatchLogsExports) (\s@AwsRdsDbInstanceDetails' {} a -> s {enabledCloudWatchLogsExports = a} :: AwsRdsDbInstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies the connection endpoint.
+awsRdsDbInstanceDetails_endpoint :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe AwsRdsDbInstanceEndpoint)
+awsRdsDbInstanceDetails_endpoint = Lens.lens (\AwsRdsDbInstanceDetails' {endpoint} -> endpoint) (\s@AwsRdsDbInstanceDetails' {} a -> s {endpoint = a} :: AwsRdsDbInstanceDetails)
+
+-- | Provides the name of the database engine to use for this DB instance.
+awsRdsDbInstanceDetails_engine :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_engine = Lens.lens (\AwsRdsDbInstanceDetails' {engine} -> engine) (\s@AwsRdsDbInstanceDetails' {} a -> s {engine = a} :: AwsRdsDbInstanceDetails)
+
+-- | Indicates the database engine version.
+awsRdsDbInstanceDetails_engineVersion :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_engineVersion = Lens.lens (\AwsRdsDbInstanceDetails' {engineVersion} -> engineVersion) (\s@AwsRdsDbInstanceDetails' {} a -> s {engineVersion = a} :: AwsRdsDbInstanceDetails)
+
+-- | The ARN of the CloudWatch Logs log stream that receives the enhanced
+-- monitoring metrics data for the DB instance.
+awsRdsDbInstanceDetails_enhancedMonitoringResourceArn :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_enhancedMonitoringResourceArn = Lens.lens (\AwsRdsDbInstanceDetails' {enhancedMonitoringResourceArn} -> enhancedMonitoringResourceArn) (\s@AwsRdsDbInstanceDetails' {} a -> s {enhancedMonitoringResourceArn = a} :: AwsRdsDbInstanceDetails)
+
+-- | True if mapping of IAM accounts to database accounts is enabled, and
+-- otherwise false.
+--
+-- IAM database authentication can be enabled for the following database
+-- engines.
+--
+-- -   For MySQL 5.6, minor version 5.6.34 or higher
+--
+-- -   For MySQL 5.7, minor version 5.7.16 or higher
+--
+-- -   Aurora 5.6 or higher
+awsRdsDbInstanceDetails_iAMDatabaseAuthenticationEnabled :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbInstanceDetails_iAMDatabaseAuthenticationEnabled = Lens.lens (\AwsRdsDbInstanceDetails' {iAMDatabaseAuthenticationEnabled} -> iAMDatabaseAuthenticationEnabled) (\s@AwsRdsDbInstanceDetails' {} a -> s {iAMDatabaseAuthenticationEnabled = a} :: AwsRdsDbInstanceDetails)
+
+-- | Indicates when the DB instance was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsRdsDbInstanceDetails_instanceCreateTime :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_instanceCreateTime = Lens.lens (\AwsRdsDbInstanceDetails' {instanceCreateTime} -> instanceCreateTime) (\s@AwsRdsDbInstanceDetails' {} a -> s {instanceCreateTime = a} :: AwsRdsDbInstanceDetails)
+
+-- | Specifies the provisioned IOPS (I\/O operations per second) for this DB
+-- instance.
+awsRdsDbInstanceDetails_iops :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbInstanceDetails_iops = Lens.lens (\AwsRdsDbInstanceDetails' {iops} -> iops) (\s@AwsRdsDbInstanceDetails' {} a -> s {iops = a} :: AwsRdsDbInstanceDetails)
+
+-- | If @StorageEncrypted@ is true, the KMS key identifier for the encrypted
+-- DB instance.
+awsRdsDbInstanceDetails_kmsKeyId :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_kmsKeyId = Lens.lens (\AwsRdsDbInstanceDetails' {kmsKeyId} -> kmsKeyId) (\s@AwsRdsDbInstanceDetails' {} a -> s {kmsKeyId = a} :: AwsRdsDbInstanceDetails)
+
+-- | Specifies the latest time to which a database can be restored with
+-- point-in-time restore.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsRdsDbInstanceDetails_latestRestorableTime :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_latestRestorableTime = Lens.lens (\AwsRdsDbInstanceDetails' {latestRestorableTime} -> latestRestorableTime) (\s@AwsRdsDbInstanceDetails' {} a -> s {latestRestorableTime = a} :: AwsRdsDbInstanceDetails)
+
+-- | License model information for this DB instance.
+awsRdsDbInstanceDetails_licenseModel :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_licenseModel = Lens.lens (\AwsRdsDbInstanceDetails' {licenseModel} -> licenseModel) (\s@AwsRdsDbInstanceDetails' {} a -> s {licenseModel = a} :: AwsRdsDbInstanceDetails)
+
+-- | Undocumented member.
+awsRdsDbInstanceDetails_listenerEndpoint :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe AwsRdsDbInstanceEndpoint)
+awsRdsDbInstanceDetails_listenerEndpoint = Lens.lens (\AwsRdsDbInstanceDetails' {listenerEndpoint} -> listenerEndpoint) (\s@AwsRdsDbInstanceDetails' {} a -> s {listenerEndpoint = a} :: AwsRdsDbInstanceDetails)
+
+-- | The master user name of the DB instance.
+awsRdsDbInstanceDetails_masterUsername :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_masterUsername = Lens.lens (\AwsRdsDbInstanceDetails' {masterUsername} -> masterUsername) (\s@AwsRdsDbInstanceDetails' {} a -> s {masterUsername = a} :: AwsRdsDbInstanceDetails)
+
+-- | The upper limit to which Amazon RDS can automatically scale the storage
+-- of the DB instance.
+awsRdsDbInstanceDetails_maxAllocatedStorage :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbInstanceDetails_maxAllocatedStorage = Lens.lens (\AwsRdsDbInstanceDetails' {maxAllocatedStorage} -> maxAllocatedStorage) (\s@AwsRdsDbInstanceDetails' {} a -> s {maxAllocatedStorage = a} :: AwsRdsDbInstanceDetails)
+
+-- | The interval, in seconds, between points when enhanced monitoring
+-- metrics are collected for the DB instance.
+awsRdsDbInstanceDetails_monitoringInterval :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbInstanceDetails_monitoringInterval = Lens.lens (\AwsRdsDbInstanceDetails' {monitoringInterval} -> monitoringInterval) (\s@AwsRdsDbInstanceDetails' {} a -> s {monitoringInterval = a} :: AwsRdsDbInstanceDetails)
+
+-- | The ARN for the IAM role that permits Amazon RDS to send enhanced
+-- monitoring metrics to CloudWatch Logs.
+awsRdsDbInstanceDetails_monitoringRoleArn :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_monitoringRoleArn = Lens.lens (\AwsRdsDbInstanceDetails' {monitoringRoleArn} -> monitoringRoleArn) (\s@AwsRdsDbInstanceDetails' {} a -> s {monitoringRoleArn = a} :: AwsRdsDbInstanceDetails)
+
+-- | Whether the DB instance is a multiple Availability Zone deployment.
+awsRdsDbInstanceDetails_multiAz :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbInstanceDetails_multiAz = Lens.lens (\AwsRdsDbInstanceDetails' {multiAz} -> multiAz) (\s@AwsRdsDbInstanceDetails' {} a -> s {multiAz = a} :: AwsRdsDbInstanceDetails)
+
+-- | The list of option group memberships for this DB instance.
+awsRdsDbInstanceDetails_optionGroupMemberships :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe [AwsRdsDbOptionGroupMembership])
+awsRdsDbInstanceDetails_optionGroupMemberships = Lens.lens (\AwsRdsDbInstanceDetails' {optionGroupMemberships} -> optionGroupMemberships) (\s@AwsRdsDbInstanceDetails' {} a -> s {optionGroupMemberships = a} :: AwsRdsDbInstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Changes to the DB instance that are currently pending.
+awsRdsDbInstanceDetails_pendingModifiedValues :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe AwsRdsDbPendingModifiedValues)
+awsRdsDbInstanceDetails_pendingModifiedValues = Lens.lens (\AwsRdsDbInstanceDetails' {pendingModifiedValues} -> pendingModifiedValues) (\s@AwsRdsDbInstanceDetails' {} a -> s {pendingModifiedValues = a} :: AwsRdsDbInstanceDetails)
+
+-- | Indicates whether Performance Insights is enabled for the DB instance.
+awsRdsDbInstanceDetails_performanceInsightsEnabled :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbInstanceDetails_performanceInsightsEnabled = Lens.lens (\AwsRdsDbInstanceDetails' {performanceInsightsEnabled} -> performanceInsightsEnabled) (\s@AwsRdsDbInstanceDetails' {} a -> s {performanceInsightsEnabled = a} :: AwsRdsDbInstanceDetails)
+
+-- | The identifier of the KMS key used to encrypt the Performance Insights
+-- data.
+awsRdsDbInstanceDetails_performanceInsightsKmsKeyId :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_performanceInsightsKmsKeyId = Lens.lens (\AwsRdsDbInstanceDetails' {performanceInsightsKmsKeyId} -> performanceInsightsKmsKeyId) (\s@AwsRdsDbInstanceDetails' {} a -> s {performanceInsightsKmsKeyId = a} :: AwsRdsDbInstanceDetails)
+
+-- | The number of days to retain Performance Insights data.
+awsRdsDbInstanceDetails_performanceInsightsRetentionPeriod :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbInstanceDetails_performanceInsightsRetentionPeriod = Lens.lens (\AwsRdsDbInstanceDetails' {performanceInsightsRetentionPeriod} -> performanceInsightsRetentionPeriod) (\s@AwsRdsDbInstanceDetails' {} a -> s {performanceInsightsRetentionPeriod = a} :: AwsRdsDbInstanceDetails)
+
+-- | The range of time each day when automated backups are created, if
+-- automated backups are enabled.
+--
+-- Uses the format @HH:MM-HH:MM@. For example, @04:52-05:22@.
+awsRdsDbInstanceDetails_preferredBackupWindow :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_preferredBackupWindow = Lens.lens (\AwsRdsDbInstanceDetails' {preferredBackupWindow} -> preferredBackupWindow) (\s@AwsRdsDbInstanceDetails' {} a -> s {preferredBackupWindow = a} :: AwsRdsDbInstanceDetails)
+
+-- | The weekly time range during which system maintenance can occur, in
+-- Universal Coordinated Time (UTC).
+--
+-- Uses the format @\<day>:HH:MM-\<day>:HH:MM@.
+--
+-- For the day values, use @mon@|@tue@|@wed@|@thu@|@fri@|@sat@|@sun@.
+--
+-- For example, @sun:09:32-sun:10:02@.
+awsRdsDbInstanceDetails_preferredMaintenanceWindow :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_preferredMaintenanceWindow = Lens.lens (\AwsRdsDbInstanceDetails' {preferredMaintenanceWindow} -> preferredMaintenanceWindow) (\s@AwsRdsDbInstanceDetails' {} a -> s {preferredMaintenanceWindow = a} :: AwsRdsDbInstanceDetails)
+
+-- | The number of CPU cores and the number of threads per core for the DB
+-- instance class of the DB instance.
+awsRdsDbInstanceDetails_processorFeatures :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe [AwsRdsDbProcessorFeature])
+awsRdsDbInstanceDetails_processorFeatures = Lens.lens (\AwsRdsDbInstanceDetails' {processorFeatures} -> processorFeatures) (\s@AwsRdsDbInstanceDetails' {} a -> s {processorFeatures = a} :: AwsRdsDbInstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The order in which to promote an Aurora replica to the primary instance
+-- after a failure of the existing primary instance.
+awsRdsDbInstanceDetails_promotionTier :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbInstanceDetails_promotionTier = Lens.lens (\AwsRdsDbInstanceDetails' {promotionTier} -> promotionTier) (\s@AwsRdsDbInstanceDetails' {} a -> s {promotionTier = a} :: AwsRdsDbInstanceDetails)
+
+-- | Specifies the accessibility options for the DB instance.
+--
+-- A value of true specifies an Internet-facing instance with a publicly
+-- resolvable DNS name, which resolves to a public IP address.
+--
+-- A value of false specifies an internal instance with a DNS name that
+-- resolves to a private IP address.
+awsRdsDbInstanceDetails_publiclyAccessible :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbInstanceDetails_publiclyAccessible = Lens.lens (\AwsRdsDbInstanceDetails' {publiclyAccessible} -> publiclyAccessible) (\s@AwsRdsDbInstanceDetails' {} a -> s {publiclyAccessible = a} :: AwsRdsDbInstanceDetails)
+
+-- | List of identifiers of Aurora DB clusters to which the RDS DB instance
+-- is replicated as a read replica.
+awsRdsDbInstanceDetails_readReplicaDBClusterIdentifiers :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe [Prelude.Text])
+awsRdsDbInstanceDetails_readReplicaDBClusterIdentifiers = Lens.lens (\AwsRdsDbInstanceDetails' {readReplicaDBClusterIdentifiers} -> readReplicaDBClusterIdentifiers) (\s@AwsRdsDbInstanceDetails' {} a -> s {readReplicaDBClusterIdentifiers = a} :: AwsRdsDbInstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | List of identifiers of the read replicas associated with this DB
+-- instance.
+awsRdsDbInstanceDetails_readReplicaDBInstanceIdentifiers :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe [Prelude.Text])
+awsRdsDbInstanceDetails_readReplicaDBInstanceIdentifiers = Lens.lens (\AwsRdsDbInstanceDetails' {readReplicaDBInstanceIdentifiers} -> readReplicaDBInstanceIdentifiers) (\s@AwsRdsDbInstanceDetails' {} a -> s {readReplicaDBInstanceIdentifiers = a} :: AwsRdsDbInstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | If this DB instance is a read replica, contains the identifier of the
+-- source DB instance.
+awsRdsDbInstanceDetails_readReplicaSourceDBInstanceIdentifier :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_readReplicaSourceDBInstanceIdentifier = Lens.lens (\AwsRdsDbInstanceDetails' {readReplicaSourceDBInstanceIdentifier} -> readReplicaSourceDBInstanceIdentifier) (\s@AwsRdsDbInstanceDetails' {} a -> s {readReplicaSourceDBInstanceIdentifier = a} :: AwsRdsDbInstanceDetails)
+
+-- | For a DB instance with multi-Availability Zone support, the name of the
+-- secondary Availability Zone.
+awsRdsDbInstanceDetails_secondaryAvailabilityZone :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_secondaryAvailabilityZone = Lens.lens (\AwsRdsDbInstanceDetails' {secondaryAvailabilityZone} -> secondaryAvailabilityZone) (\s@AwsRdsDbInstanceDetails' {} a -> s {secondaryAvailabilityZone = a} :: AwsRdsDbInstanceDetails)
+
+-- | The status of a read replica. If the instance isn\'t a read replica,
+-- this is empty.
+awsRdsDbInstanceDetails_statusInfos :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe [AwsRdsDbStatusInfo])
+awsRdsDbInstanceDetails_statusInfos = Lens.lens (\AwsRdsDbInstanceDetails' {statusInfos} -> statusInfos) (\s@AwsRdsDbInstanceDetails' {} a -> s {statusInfos = a} :: AwsRdsDbInstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies whether the DB instance is encrypted.
+awsRdsDbInstanceDetails_storageEncrypted :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbInstanceDetails_storageEncrypted = Lens.lens (\AwsRdsDbInstanceDetails' {storageEncrypted} -> storageEncrypted) (\s@AwsRdsDbInstanceDetails' {} a -> s {storageEncrypted = a} :: AwsRdsDbInstanceDetails)
+
+-- | The storage type for the DB instance.
+awsRdsDbInstanceDetails_storageType :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_storageType = Lens.lens (\AwsRdsDbInstanceDetails' {storageType} -> storageType) (\s@AwsRdsDbInstanceDetails' {} a -> s {storageType = a} :: AwsRdsDbInstanceDetails)
+
+-- | The ARN from the key store with which the instance is associated for TDE
+-- encryption.
+awsRdsDbInstanceDetails_tdeCredentialArn :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_tdeCredentialArn = Lens.lens (\AwsRdsDbInstanceDetails' {tdeCredentialArn} -> tdeCredentialArn) (\s@AwsRdsDbInstanceDetails' {} a -> s {tdeCredentialArn = a} :: AwsRdsDbInstanceDetails)
+
+-- | The time zone of the DB instance.
+awsRdsDbInstanceDetails_timezone :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceDetails_timezone = Lens.lens (\AwsRdsDbInstanceDetails' {timezone} -> timezone) (\s@AwsRdsDbInstanceDetails' {} a -> s {timezone = a} :: AwsRdsDbInstanceDetails)
+
+-- | A list of VPC security groups that the DB instance belongs to.
+awsRdsDbInstanceDetails_vpcSecurityGroups :: Lens.Lens' AwsRdsDbInstanceDetails (Prelude.Maybe [AwsRdsDbInstanceVpcSecurityGroup])
+awsRdsDbInstanceDetails_vpcSecurityGroups = Lens.lens (\AwsRdsDbInstanceDetails' {vpcSecurityGroups} -> vpcSecurityGroups) (\s@AwsRdsDbInstanceDetails' {} a -> s {vpcSecurityGroups = a} :: AwsRdsDbInstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsRdsDbInstanceDetails where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbInstanceDetails"
+      ( \x ->
+          AwsRdsDbInstanceDetails'
+            Prelude.<$> (x Data..:? "AllocatedStorage")
+            Prelude.<*> ( x
+                            Data..:? "AssociatedRoles"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "AutoMinorVersionUpgrade")
+            Prelude.<*> (x Data..:? "AvailabilityZone")
+            Prelude.<*> (x Data..:? "BackupRetentionPeriod")
+            Prelude.<*> (x Data..:? "CACertificateIdentifier")
+            Prelude.<*> (x Data..:? "CharacterSetName")
+            Prelude.<*> (x Data..:? "CopyTagsToSnapshot")
+            Prelude.<*> (x Data..:? "DBClusterIdentifier")
+            Prelude.<*> (x Data..:? "DBInstanceClass")
+            Prelude.<*> (x Data..:? "DBInstanceIdentifier")
+            Prelude.<*> (x Data..:? "DBName")
+            Prelude.<*> (x Data..:? "DbInstancePort")
+            Prelude.<*> (x Data..:? "DbInstanceStatus")
+            Prelude.<*> ( x
+                            Data..:? "DbParameterGroups"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "DbSecurityGroups"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "DbSubnetGroup")
+            Prelude.<*> (x Data..:? "DbiResourceId")
+            Prelude.<*> (x Data..:? "DeletionProtection")
+            Prelude.<*> ( x
+                            Data..:? "DomainMemberships"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "EnabledCloudWatchLogsExports"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Endpoint")
+            Prelude.<*> (x Data..:? "Engine")
+            Prelude.<*> (x Data..:? "EngineVersion")
+            Prelude.<*> (x Data..:? "EnhancedMonitoringResourceArn")
+            Prelude.<*> (x Data..:? "IAMDatabaseAuthenticationEnabled")
+            Prelude.<*> (x Data..:? "InstanceCreateTime")
+            Prelude.<*> (x Data..:? "Iops")
+            Prelude.<*> (x Data..:? "KmsKeyId")
+            Prelude.<*> (x Data..:? "LatestRestorableTime")
+            Prelude.<*> (x Data..:? "LicenseModel")
+            Prelude.<*> (x Data..:? "ListenerEndpoint")
+            Prelude.<*> (x Data..:? "MasterUsername")
+            Prelude.<*> (x Data..:? "MaxAllocatedStorage")
+            Prelude.<*> (x Data..:? "MonitoringInterval")
+            Prelude.<*> (x Data..:? "MonitoringRoleArn")
+            Prelude.<*> (x Data..:? "MultiAz")
+            Prelude.<*> ( x
+                            Data..:? "OptionGroupMemberships"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "PendingModifiedValues")
+            Prelude.<*> (x Data..:? "PerformanceInsightsEnabled")
+            Prelude.<*> (x Data..:? "PerformanceInsightsKmsKeyId")
+            Prelude.<*> (x Data..:? "PerformanceInsightsRetentionPeriod")
+            Prelude.<*> (x Data..:? "PreferredBackupWindow")
+            Prelude.<*> (x Data..:? "PreferredMaintenanceWindow")
+            Prelude.<*> ( x
+                            Data..:? "ProcessorFeatures"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "PromotionTier")
+            Prelude.<*> (x Data..:? "PubliclyAccessible")
+            Prelude.<*> ( x
+                            Data..:? "ReadReplicaDBClusterIdentifiers"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ReadReplicaDBInstanceIdentifiers"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ReadReplicaSourceDBInstanceIdentifier")
+            Prelude.<*> (x Data..:? "SecondaryAvailabilityZone")
+            Prelude.<*> (x Data..:? "StatusInfos" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "StorageEncrypted")
+            Prelude.<*> (x Data..:? "StorageType")
+            Prelude.<*> (x Data..:? "TdeCredentialArn")
+            Prelude.<*> (x Data..:? "Timezone")
+            Prelude.<*> ( x
+                            Data..:? "VpcSecurityGroups"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable AwsRdsDbInstanceDetails where
+  hashWithSalt _salt AwsRdsDbInstanceDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` allocatedStorage
+      `Prelude.hashWithSalt` associatedRoles
+      `Prelude.hashWithSalt` autoMinorVersionUpgrade
+      `Prelude.hashWithSalt` availabilityZone
+      `Prelude.hashWithSalt` backupRetentionPeriod
+      `Prelude.hashWithSalt` cACertificateIdentifier
+      `Prelude.hashWithSalt` characterSetName
+      `Prelude.hashWithSalt` copyTagsToSnapshot
+      `Prelude.hashWithSalt` dbClusterIdentifier
+      `Prelude.hashWithSalt` dbInstanceClass
+      `Prelude.hashWithSalt` dbInstanceIdentifier
+      `Prelude.hashWithSalt` dbName
+      `Prelude.hashWithSalt` dbInstancePort
+      `Prelude.hashWithSalt` dbInstanceStatus
+      `Prelude.hashWithSalt` dbParameterGroups
+      `Prelude.hashWithSalt` dbSecurityGroups
+      `Prelude.hashWithSalt` dbSubnetGroup
+      `Prelude.hashWithSalt` dbiResourceId
+      `Prelude.hashWithSalt` deletionProtection
+      `Prelude.hashWithSalt` domainMemberships
+      `Prelude.hashWithSalt` enabledCloudWatchLogsExports
+      `Prelude.hashWithSalt` endpoint
+      `Prelude.hashWithSalt` engine
+      `Prelude.hashWithSalt` engineVersion
+      `Prelude.hashWithSalt` enhancedMonitoringResourceArn
+      `Prelude.hashWithSalt` iAMDatabaseAuthenticationEnabled
+      `Prelude.hashWithSalt` instanceCreateTime
+      `Prelude.hashWithSalt` iops
+      `Prelude.hashWithSalt` kmsKeyId
+      `Prelude.hashWithSalt` latestRestorableTime
+      `Prelude.hashWithSalt` licenseModel
+      `Prelude.hashWithSalt` listenerEndpoint
+      `Prelude.hashWithSalt` masterUsername
+      `Prelude.hashWithSalt` maxAllocatedStorage
+      `Prelude.hashWithSalt` monitoringInterval
+      `Prelude.hashWithSalt` monitoringRoleArn
+      `Prelude.hashWithSalt` multiAz
+      `Prelude.hashWithSalt` optionGroupMemberships
+      `Prelude.hashWithSalt` pendingModifiedValues
+      `Prelude.hashWithSalt` performanceInsightsEnabled
+      `Prelude.hashWithSalt` performanceInsightsKmsKeyId
+      `Prelude.hashWithSalt` performanceInsightsRetentionPeriod
+      `Prelude.hashWithSalt` preferredBackupWindow
+      `Prelude.hashWithSalt` preferredMaintenanceWindow
+      `Prelude.hashWithSalt` processorFeatures
+      `Prelude.hashWithSalt` promotionTier
+      `Prelude.hashWithSalt` publiclyAccessible
+      `Prelude.hashWithSalt` readReplicaDBClusterIdentifiers
+      `Prelude.hashWithSalt` readReplicaDBInstanceIdentifiers
+      `Prelude.hashWithSalt` readReplicaSourceDBInstanceIdentifier
+      `Prelude.hashWithSalt` secondaryAvailabilityZone
+      `Prelude.hashWithSalt` statusInfos
+      `Prelude.hashWithSalt` storageEncrypted
+      `Prelude.hashWithSalt` storageType
+      `Prelude.hashWithSalt` tdeCredentialArn
+      `Prelude.hashWithSalt` timezone
+      `Prelude.hashWithSalt` vpcSecurityGroups
+
+instance Prelude.NFData AwsRdsDbInstanceDetails where
+  rnf AwsRdsDbInstanceDetails' {..} =
+    Prelude.rnf allocatedStorage
+      `Prelude.seq` Prelude.rnf associatedRoles
+      `Prelude.seq` Prelude.rnf autoMinorVersionUpgrade
+      `Prelude.seq` Prelude.rnf availabilityZone
+      `Prelude.seq` Prelude.rnf backupRetentionPeriod
+      `Prelude.seq` Prelude.rnf cACertificateIdentifier
+      `Prelude.seq` Prelude.rnf characterSetName
+      `Prelude.seq` Prelude.rnf copyTagsToSnapshot
+      `Prelude.seq` Prelude.rnf dbClusterIdentifier
+      `Prelude.seq` Prelude.rnf dbInstanceClass
+      `Prelude.seq` Prelude.rnf dbInstanceIdentifier
+      `Prelude.seq` Prelude.rnf dbName
+      `Prelude.seq` Prelude.rnf dbInstancePort
+      `Prelude.seq` Prelude.rnf dbInstanceStatus
+      `Prelude.seq` Prelude.rnf dbParameterGroups
+      `Prelude.seq` Prelude.rnf dbSecurityGroups
+      `Prelude.seq` Prelude.rnf dbSubnetGroup
+      `Prelude.seq` Prelude.rnf dbiResourceId
+      `Prelude.seq` Prelude.rnf deletionProtection
+      `Prelude.seq` Prelude.rnf domainMemberships
+      `Prelude.seq` Prelude.rnf
+        enabledCloudWatchLogsExports
+      `Prelude.seq` Prelude.rnf endpoint
+      `Prelude.seq` Prelude.rnf engine
+      `Prelude.seq` Prelude.rnf
+        engineVersion
+      `Prelude.seq` Prelude.rnf
+        enhancedMonitoringResourceArn
+      `Prelude.seq` Prelude.rnf
+        iAMDatabaseAuthenticationEnabled
+      `Prelude.seq` Prelude.rnf
+        instanceCreateTime
+      `Prelude.seq` Prelude.rnf
+        iops
+      `Prelude.seq` Prelude.rnf
+        kmsKeyId
+      `Prelude.seq` Prelude.rnf
+        latestRestorableTime
+      `Prelude.seq` Prelude.rnf
+        licenseModel
+      `Prelude.seq` Prelude.rnf
+        listenerEndpoint
+      `Prelude.seq` Prelude.rnf
+        masterUsername
+      `Prelude.seq` Prelude.rnf
+        maxAllocatedStorage
+      `Prelude.seq` Prelude.rnf
+        monitoringInterval
+      `Prelude.seq` Prelude.rnf
+        monitoringRoleArn
+      `Prelude.seq` Prelude.rnf
+        multiAz
+      `Prelude.seq` Prelude.rnf
+        optionGroupMemberships
+      `Prelude.seq` Prelude.rnf
+        pendingModifiedValues
+      `Prelude.seq` Prelude.rnf
+        performanceInsightsEnabled
+      `Prelude.seq` Prelude.rnf
+        performanceInsightsKmsKeyId
+      `Prelude.seq` Prelude.rnf
+        performanceInsightsRetentionPeriod
+      `Prelude.seq` Prelude.rnf
+        preferredBackupWindow
+      `Prelude.seq` Prelude.rnf
+        preferredMaintenanceWindow
+      `Prelude.seq` Prelude.rnf
+        processorFeatures
+      `Prelude.seq` Prelude.rnf
+        promotionTier
+      `Prelude.seq` Prelude.rnf
+        publiclyAccessible
+      `Prelude.seq` Prelude.rnf
+        readReplicaDBClusterIdentifiers
+      `Prelude.seq` Prelude.rnf
+        readReplicaDBInstanceIdentifiers
+      `Prelude.seq` Prelude.rnf
+        readReplicaSourceDBInstanceIdentifier
+      `Prelude.seq` Prelude.rnf
+        secondaryAvailabilityZone
+      `Prelude.seq` Prelude.rnf
+        statusInfos
+      `Prelude.seq` Prelude.rnf
+        storageEncrypted
+      `Prelude.seq` Prelude.rnf
+        storageType
+      `Prelude.seq` Prelude.rnf
+        tdeCredentialArn
+      `Prelude.seq` Prelude.rnf
+        timezone
+      `Prelude.seq` Prelude.rnf
+        vpcSecurityGroups
+
+instance Data.ToJSON AwsRdsDbInstanceDetails where
+  toJSON AwsRdsDbInstanceDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AllocatedStorage" Data..=)
+              Prelude.<$> allocatedStorage,
+            ("AssociatedRoles" Data..=)
+              Prelude.<$> associatedRoles,
+            ("AutoMinorVersionUpgrade" Data..=)
+              Prelude.<$> autoMinorVersionUpgrade,
+            ("AvailabilityZone" Data..=)
+              Prelude.<$> availabilityZone,
+            ("BackupRetentionPeriod" Data..=)
+              Prelude.<$> backupRetentionPeriod,
+            ("CACertificateIdentifier" Data..=)
+              Prelude.<$> cACertificateIdentifier,
+            ("CharacterSetName" Data..=)
+              Prelude.<$> characterSetName,
+            ("CopyTagsToSnapshot" Data..=)
+              Prelude.<$> copyTagsToSnapshot,
+            ("DBClusterIdentifier" Data..=)
+              Prelude.<$> dbClusterIdentifier,
+            ("DBInstanceClass" Data..=)
+              Prelude.<$> dbInstanceClass,
+            ("DBInstanceIdentifier" Data..=)
+              Prelude.<$> dbInstanceIdentifier,
+            ("DBName" Data..=) Prelude.<$> dbName,
+            ("DbInstancePort" Data..=)
+              Prelude.<$> dbInstancePort,
+            ("DbInstanceStatus" Data..=)
+              Prelude.<$> dbInstanceStatus,
+            ("DbParameterGroups" Data..=)
+              Prelude.<$> dbParameterGroups,
+            ("DbSecurityGroups" Data..=)
+              Prelude.<$> dbSecurityGroups,
+            ("DbSubnetGroup" Data..=) Prelude.<$> dbSubnetGroup,
+            ("DbiResourceId" Data..=) Prelude.<$> dbiResourceId,
+            ("DeletionProtection" Data..=)
+              Prelude.<$> deletionProtection,
+            ("DomainMemberships" Data..=)
+              Prelude.<$> domainMemberships,
+            ("EnabledCloudWatchLogsExports" Data..=)
+              Prelude.<$> enabledCloudWatchLogsExports,
+            ("Endpoint" Data..=) Prelude.<$> endpoint,
+            ("Engine" Data..=) Prelude.<$> engine,
+            ("EngineVersion" Data..=) Prelude.<$> engineVersion,
+            ("EnhancedMonitoringResourceArn" Data..=)
+              Prelude.<$> enhancedMonitoringResourceArn,
+            ("IAMDatabaseAuthenticationEnabled" Data..=)
+              Prelude.<$> iAMDatabaseAuthenticationEnabled,
+            ("InstanceCreateTime" Data..=)
+              Prelude.<$> instanceCreateTime,
+            ("Iops" Data..=) Prelude.<$> iops,
+            ("KmsKeyId" Data..=) Prelude.<$> kmsKeyId,
+            ("LatestRestorableTime" Data..=)
+              Prelude.<$> latestRestorableTime,
+            ("LicenseModel" Data..=) Prelude.<$> licenseModel,
+            ("ListenerEndpoint" Data..=)
+              Prelude.<$> listenerEndpoint,
+            ("MasterUsername" Data..=)
+              Prelude.<$> masterUsername,
+            ("MaxAllocatedStorage" Data..=)
+              Prelude.<$> maxAllocatedStorage,
+            ("MonitoringInterval" Data..=)
+              Prelude.<$> monitoringInterval,
+            ("MonitoringRoleArn" Data..=)
+              Prelude.<$> monitoringRoleArn,
+            ("MultiAz" Data..=) Prelude.<$> multiAz,
+            ("OptionGroupMemberships" Data..=)
+              Prelude.<$> optionGroupMemberships,
+            ("PendingModifiedValues" Data..=)
+              Prelude.<$> pendingModifiedValues,
+            ("PerformanceInsightsEnabled" Data..=)
+              Prelude.<$> performanceInsightsEnabled,
+            ("PerformanceInsightsKmsKeyId" Data..=)
+              Prelude.<$> performanceInsightsKmsKeyId,
+            ("PerformanceInsightsRetentionPeriod" Data..=)
+              Prelude.<$> performanceInsightsRetentionPeriod,
+            ("PreferredBackupWindow" Data..=)
+              Prelude.<$> preferredBackupWindow,
+            ("PreferredMaintenanceWindow" Data..=)
+              Prelude.<$> preferredMaintenanceWindow,
+            ("ProcessorFeatures" Data..=)
+              Prelude.<$> processorFeatures,
+            ("PromotionTier" Data..=) Prelude.<$> promotionTier,
+            ("PubliclyAccessible" Data..=)
+              Prelude.<$> publiclyAccessible,
+            ("ReadReplicaDBClusterIdentifiers" Data..=)
+              Prelude.<$> readReplicaDBClusterIdentifiers,
+            ("ReadReplicaDBInstanceIdentifiers" Data..=)
+              Prelude.<$> readReplicaDBInstanceIdentifiers,
+            ("ReadReplicaSourceDBInstanceIdentifier" Data..=)
+              Prelude.<$> readReplicaSourceDBInstanceIdentifier,
+            ("SecondaryAvailabilityZone" Data..=)
+              Prelude.<$> secondaryAvailabilityZone,
+            ("StatusInfos" Data..=) Prelude.<$> statusInfos,
+            ("StorageEncrypted" Data..=)
+              Prelude.<$> storageEncrypted,
+            ("StorageType" Data..=) Prelude.<$> storageType,
+            ("TdeCredentialArn" Data..=)
+              Prelude.<$> tdeCredentialArn,
+            ("Timezone" Data..=) Prelude.<$> timezone,
+            ("VpcSecurityGroups" Data..=)
+              Prelude.<$> vpcSecurityGroups
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbInstanceEndpoint.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbInstanceEndpoint.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbInstanceEndpoint.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbInstanceEndpoint
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbInstanceEndpoint where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies the connection endpoint.
+--
+-- /See:/ 'newAwsRdsDbInstanceEndpoint' smart constructor.
+data AwsRdsDbInstanceEndpoint = AwsRdsDbInstanceEndpoint'
+  { -- | Specifies the DNS address of the DB instance.
+    address :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the ID that Amazon Route 53 assigns when you create a hosted
+    -- zone.
+    hostedZoneId :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the port that the database engine is listening on.
+    port :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbInstanceEndpoint' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'address', 'awsRdsDbInstanceEndpoint_address' - Specifies the DNS address of the DB instance.
+--
+-- 'hostedZoneId', 'awsRdsDbInstanceEndpoint_hostedZoneId' - Specifies the ID that Amazon Route 53 assigns when you create a hosted
+-- zone.
+--
+-- 'port', 'awsRdsDbInstanceEndpoint_port' - Specifies the port that the database engine is listening on.
+newAwsRdsDbInstanceEndpoint ::
+  AwsRdsDbInstanceEndpoint
+newAwsRdsDbInstanceEndpoint =
+  AwsRdsDbInstanceEndpoint'
+    { address =
+        Prelude.Nothing,
+      hostedZoneId = Prelude.Nothing,
+      port = Prelude.Nothing
+    }
+
+-- | Specifies the DNS address of the DB instance.
+awsRdsDbInstanceEndpoint_address :: Lens.Lens' AwsRdsDbInstanceEndpoint (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceEndpoint_address = Lens.lens (\AwsRdsDbInstanceEndpoint' {address} -> address) (\s@AwsRdsDbInstanceEndpoint' {} a -> s {address = a} :: AwsRdsDbInstanceEndpoint)
+
+-- | Specifies the ID that Amazon Route 53 assigns when you create a hosted
+-- zone.
+awsRdsDbInstanceEndpoint_hostedZoneId :: Lens.Lens' AwsRdsDbInstanceEndpoint (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceEndpoint_hostedZoneId = Lens.lens (\AwsRdsDbInstanceEndpoint' {hostedZoneId} -> hostedZoneId) (\s@AwsRdsDbInstanceEndpoint' {} a -> s {hostedZoneId = a} :: AwsRdsDbInstanceEndpoint)
+
+-- | Specifies the port that the database engine is listening on.
+awsRdsDbInstanceEndpoint_port :: Lens.Lens' AwsRdsDbInstanceEndpoint (Prelude.Maybe Prelude.Int)
+awsRdsDbInstanceEndpoint_port = Lens.lens (\AwsRdsDbInstanceEndpoint' {port} -> port) (\s@AwsRdsDbInstanceEndpoint' {} a -> s {port = a} :: AwsRdsDbInstanceEndpoint)
+
+instance Data.FromJSON AwsRdsDbInstanceEndpoint where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbInstanceEndpoint"
+      ( \x ->
+          AwsRdsDbInstanceEndpoint'
+            Prelude.<$> (x Data..:? "Address")
+            Prelude.<*> (x Data..:? "HostedZoneId")
+            Prelude.<*> (x Data..:? "Port")
+      )
+
+instance Prelude.Hashable AwsRdsDbInstanceEndpoint where
+  hashWithSalt _salt AwsRdsDbInstanceEndpoint' {..} =
+    _salt
+      `Prelude.hashWithSalt` address
+      `Prelude.hashWithSalt` hostedZoneId
+      `Prelude.hashWithSalt` port
+
+instance Prelude.NFData AwsRdsDbInstanceEndpoint where
+  rnf AwsRdsDbInstanceEndpoint' {..} =
+    Prelude.rnf address
+      `Prelude.seq` Prelude.rnf hostedZoneId
+      `Prelude.seq` Prelude.rnf port
+
+instance Data.ToJSON AwsRdsDbInstanceEndpoint where
+  toJSON AwsRdsDbInstanceEndpoint' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Address" Data..=) Prelude.<$> address,
+            ("HostedZoneId" Data..=) Prelude.<$> hostedZoneId,
+            ("Port" Data..=) Prelude.<$> port
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbInstanceVpcSecurityGroup.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbInstanceVpcSecurityGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbInstanceVpcSecurityGroup.hs
@@ -0,0 +1,106 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbInstanceVpcSecurityGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbInstanceVpcSecurityGroup where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A VPC security groups that the DB instance belongs to.
+--
+-- /See:/ 'newAwsRdsDbInstanceVpcSecurityGroup' smart constructor.
+data AwsRdsDbInstanceVpcSecurityGroup = AwsRdsDbInstanceVpcSecurityGroup'
+  { -- | The status of the VPC security group.
+    status :: Prelude.Maybe Prelude.Text,
+    -- | The name of the VPC security group.
+    vpcSecurityGroupId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbInstanceVpcSecurityGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'status', 'awsRdsDbInstanceVpcSecurityGroup_status' - The status of the VPC security group.
+--
+-- 'vpcSecurityGroupId', 'awsRdsDbInstanceVpcSecurityGroup_vpcSecurityGroupId' - The name of the VPC security group.
+newAwsRdsDbInstanceVpcSecurityGroup ::
+  AwsRdsDbInstanceVpcSecurityGroup
+newAwsRdsDbInstanceVpcSecurityGroup =
+  AwsRdsDbInstanceVpcSecurityGroup'
+    { status =
+        Prelude.Nothing,
+      vpcSecurityGroupId = Prelude.Nothing
+    }
+
+-- | The status of the VPC security group.
+awsRdsDbInstanceVpcSecurityGroup_status :: Lens.Lens' AwsRdsDbInstanceVpcSecurityGroup (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceVpcSecurityGroup_status = Lens.lens (\AwsRdsDbInstanceVpcSecurityGroup' {status} -> status) (\s@AwsRdsDbInstanceVpcSecurityGroup' {} a -> s {status = a} :: AwsRdsDbInstanceVpcSecurityGroup)
+
+-- | The name of the VPC security group.
+awsRdsDbInstanceVpcSecurityGroup_vpcSecurityGroupId :: Lens.Lens' AwsRdsDbInstanceVpcSecurityGroup (Prelude.Maybe Prelude.Text)
+awsRdsDbInstanceVpcSecurityGroup_vpcSecurityGroupId = Lens.lens (\AwsRdsDbInstanceVpcSecurityGroup' {vpcSecurityGroupId} -> vpcSecurityGroupId) (\s@AwsRdsDbInstanceVpcSecurityGroup' {} a -> s {vpcSecurityGroupId = a} :: AwsRdsDbInstanceVpcSecurityGroup)
+
+instance
+  Data.FromJSON
+    AwsRdsDbInstanceVpcSecurityGroup
+  where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbInstanceVpcSecurityGroup"
+      ( \x ->
+          AwsRdsDbInstanceVpcSecurityGroup'
+            Prelude.<$> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "VpcSecurityGroupId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRdsDbInstanceVpcSecurityGroup
+  where
+  hashWithSalt
+    _salt
+    AwsRdsDbInstanceVpcSecurityGroup' {..} =
+      _salt
+        `Prelude.hashWithSalt` status
+        `Prelude.hashWithSalt` vpcSecurityGroupId
+
+instance
+  Prelude.NFData
+    AwsRdsDbInstanceVpcSecurityGroup
+  where
+  rnf AwsRdsDbInstanceVpcSecurityGroup' {..} =
+    Prelude.rnf status
+      `Prelude.seq` Prelude.rnf vpcSecurityGroupId
+
+instance Data.ToJSON AwsRdsDbInstanceVpcSecurityGroup where
+  toJSON AwsRdsDbInstanceVpcSecurityGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Status" Data..=) Prelude.<$> status,
+            ("VpcSecurityGroupId" Data..=)
+              Prelude.<$> vpcSecurityGroupId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbOptionGroupMembership.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbOptionGroupMembership.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbOptionGroupMembership.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbOptionGroupMembership
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbOptionGroupMembership where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An option group membership.
+--
+-- /See:/ 'newAwsRdsDbOptionGroupMembership' smart constructor.
+data AwsRdsDbOptionGroupMembership = AwsRdsDbOptionGroupMembership'
+  { -- | The name of the option group.
+    optionGroupName :: Prelude.Maybe Prelude.Text,
+    -- | The status of the option group membership.
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbOptionGroupMembership' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'optionGroupName', 'awsRdsDbOptionGroupMembership_optionGroupName' - The name of the option group.
+--
+-- 'status', 'awsRdsDbOptionGroupMembership_status' - The status of the option group membership.
+newAwsRdsDbOptionGroupMembership ::
+  AwsRdsDbOptionGroupMembership
+newAwsRdsDbOptionGroupMembership =
+  AwsRdsDbOptionGroupMembership'
+    { optionGroupName =
+        Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The name of the option group.
+awsRdsDbOptionGroupMembership_optionGroupName :: Lens.Lens' AwsRdsDbOptionGroupMembership (Prelude.Maybe Prelude.Text)
+awsRdsDbOptionGroupMembership_optionGroupName = Lens.lens (\AwsRdsDbOptionGroupMembership' {optionGroupName} -> optionGroupName) (\s@AwsRdsDbOptionGroupMembership' {} a -> s {optionGroupName = a} :: AwsRdsDbOptionGroupMembership)
+
+-- | The status of the option group membership.
+awsRdsDbOptionGroupMembership_status :: Lens.Lens' AwsRdsDbOptionGroupMembership (Prelude.Maybe Prelude.Text)
+awsRdsDbOptionGroupMembership_status = Lens.lens (\AwsRdsDbOptionGroupMembership' {status} -> status) (\s@AwsRdsDbOptionGroupMembership' {} a -> s {status = a} :: AwsRdsDbOptionGroupMembership)
+
+instance Data.FromJSON AwsRdsDbOptionGroupMembership where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbOptionGroupMembership"
+      ( \x ->
+          AwsRdsDbOptionGroupMembership'
+            Prelude.<$> (x Data..:? "OptionGroupName")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRdsDbOptionGroupMembership
+  where
+  hashWithSalt _salt AwsRdsDbOptionGroupMembership' {..} =
+    _salt
+      `Prelude.hashWithSalt` optionGroupName
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData AwsRdsDbOptionGroupMembership where
+  rnf AwsRdsDbOptionGroupMembership' {..} =
+    Prelude.rnf optionGroupName
+      `Prelude.seq` Prelude.rnf status
+
+instance Data.ToJSON AwsRdsDbOptionGroupMembership where
+  toJSON AwsRdsDbOptionGroupMembership' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("OptionGroupName" Data..=)
+              Prelude.<$> optionGroupName,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbParameterGroup.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbParameterGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbParameterGroup.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbParameterGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbParameterGroup where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about a parameter group for a DB instance.
+--
+-- /See:/ 'newAwsRdsDbParameterGroup' smart constructor.
+data AwsRdsDbParameterGroup = AwsRdsDbParameterGroup'
+  { -- | The name of the parameter group.
+    dbParameterGroupName :: Prelude.Maybe Prelude.Text,
+    -- | The status of parameter updates.
+    parameterApplyStatus :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbParameterGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dbParameterGroupName', 'awsRdsDbParameterGroup_dbParameterGroupName' - The name of the parameter group.
+--
+-- 'parameterApplyStatus', 'awsRdsDbParameterGroup_parameterApplyStatus' - The status of parameter updates.
+newAwsRdsDbParameterGroup ::
+  AwsRdsDbParameterGroup
+newAwsRdsDbParameterGroup =
+  AwsRdsDbParameterGroup'
+    { dbParameterGroupName =
+        Prelude.Nothing,
+      parameterApplyStatus = Prelude.Nothing
+    }
+
+-- | The name of the parameter group.
+awsRdsDbParameterGroup_dbParameterGroupName :: Lens.Lens' AwsRdsDbParameterGroup (Prelude.Maybe Prelude.Text)
+awsRdsDbParameterGroup_dbParameterGroupName = Lens.lens (\AwsRdsDbParameterGroup' {dbParameterGroupName} -> dbParameterGroupName) (\s@AwsRdsDbParameterGroup' {} a -> s {dbParameterGroupName = a} :: AwsRdsDbParameterGroup)
+
+-- | The status of parameter updates.
+awsRdsDbParameterGroup_parameterApplyStatus :: Lens.Lens' AwsRdsDbParameterGroup (Prelude.Maybe Prelude.Text)
+awsRdsDbParameterGroup_parameterApplyStatus = Lens.lens (\AwsRdsDbParameterGroup' {parameterApplyStatus} -> parameterApplyStatus) (\s@AwsRdsDbParameterGroup' {} a -> s {parameterApplyStatus = a} :: AwsRdsDbParameterGroup)
+
+instance Data.FromJSON AwsRdsDbParameterGroup where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbParameterGroup"
+      ( \x ->
+          AwsRdsDbParameterGroup'
+            Prelude.<$> (x Data..:? "DbParameterGroupName")
+            Prelude.<*> (x Data..:? "ParameterApplyStatus")
+      )
+
+instance Prelude.Hashable AwsRdsDbParameterGroup where
+  hashWithSalt _salt AwsRdsDbParameterGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` dbParameterGroupName
+      `Prelude.hashWithSalt` parameterApplyStatus
+
+instance Prelude.NFData AwsRdsDbParameterGroup where
+  rnf AwsRdsDbParameterGroup' {..} =
+    Prelude.rnf dbParameterGroupName
+      `Prelude.seq` Prelude.rnf parameterApplyStatus
+
+instance Data.ToJSON AwsRdsDbParameterGroup where
+  toJSON AwsRdsDbParameterGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DbParameterGroupName" Data..=)
+              Prelude.<$> dbParameterGroupName,
+            ("ParameterApplyStatus" Data..=)
+              Prelude.<$> parameterApplyStatus
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbPendingModifiedValues.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbPendingModifiedValues.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbPendingModifiedValues.hs
@@ -0,0 +1,284 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbPendingModifiedValues
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbPendingModifiedValues where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsRdsDbProcessorFeature
+import Amazonka.SecurityHub.Types.AwsRdsPendingCloudWatchLogsExports
+
+-- | Changes to a DB instance that are currently pending.
+--
+-- /See:/ 'newAwsRdsDbPendingModifiedValues' smart constructor.
+data AwsRdsDbPendingModifiedValues = AwsRdsDbPendingModifiedValues'
+  { -- | The new value of the allocated storage for the DB instance.
+    allocatedStorage :: Prelude.Maybe Prelude.Int,
+    -- | The new backup retention period for the DB instance.
+    backupRetentionPeriod :: Prelude.Maybe Prelude.Int,
+    -- | The new CA certificate identifier for the DB instance.
+    caCertificateIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The new DB instance class for the DB instance.
+    dbInstanceClass :: Prelude.Maybe Prelude.Text,
+    -- | The new DB instance identifier for the DB instance.
+    dbInstanceIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The name of the new subnet group for the DB instance.
+    dbSubnetGroupName :: Prelude.Maybe Prelude.Text,
+    -- | The new engine version for the DB instance.
+    engineVersion :: Prelude.Maybe Prelude.Text,
+    -- | The new provisioned IOPS value for the DB instance.
+    iops :: Prelude.Maybe Prelude.Int,
+    -- | The new license model value for the DB instance.
+    licenseModel :: Prelude.Maybe Prelude.Text,
+    -- | The new master user password for the DB instance.
+    masterUserPassword :: Prelude.Maybe Prelude.Text,
+    -- | Indicates that a single Availability Zone DB instance is changing to a
+    -- multiple Availability Zone deployment.
+    multiAZ :: Prelude.Maybe Prelude.Bool,
+    -- | A list of log types that are being enabled or disabled.
+    pendingCloudWatchLogsExports :: Prelude.Maybe AwsRdsPendingCloudWatchLogsExports,
+    -- | The new port for the DB instance.
+    port :: Prelude.Maybe Prelude.Int,
+    -- | Processor features that are being updated.
+    processorFeatures :: Prelude.Maybe [AwsRdsDbProcessorFeature],
+    -- | The new storage type for the DB instance.
+    storageType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbPendingModifiedValues' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allocatedStorage', 'awsRdsDbPendingModifiedValues_allocatedStorage' - The new value of the allocated storage for the DB instance.
+--
+-- 'backupRetentionPeriod', 'awsRdsDbPendingModifiedValues_backupRetentionPeriod' - The new backup retention period for the DB instance.
+--
+-- 'caCertificateIdentifier', 'awsRdsDbPendingModifiedValues_caCertificateIdentifier' - The new CA certificate identifier for the DB instance.
+--
+-- 'dbInstanceClass', 'awsRdsDbPendingModifiedValues_dbInstanceClass' - The new DB instance class for the DB instance.
+--
+-- 'dbInstanceIdentifier', 'awsRdsDbPendingModifiedValues_dbInstanceIdentifier' - The new DB instance identifier for the DB instance.
+--
+-- 'dbSubnetGroupName', 'awsRdsDbPendingModifiedValues_dbSubnetGroupName' - The name of the new subnet group for the DB instance.
+--
+-- 'engineVersion', 'awsRdsDbPendingModifiedValues_engineVersion' - The new engine version for the DB instance.
+--
+-- 'iops', 'awsRdsDbPendingModifiedValues_iops' - The new provisioned IOPS value for the DB instance.
+--
+-- 'licenseModel', 'awsRdsDbPendingModifiedValues_licenseModel' - The new license model value for the DB instance.
+--
+-- 'masterUserPassword', 'awsRdsDbPendingModifiedValues_masterUserPassword' - The new master user password for the DB instance.
+--
+-- 'multiAZ', 'awsRdsDbPendingModifiedValues_multiAZ' - Indicates that a single Availability Zone DB instance is changing to a
+-- multiple Availability Zone deployment.
+--
+-- 'pendingCloudWatchLogsExports', 'awsRdsDbPendingModifiedValues_pendingCloudWatchLogsExports' - A list of log types that are being enabled or disabled.
+--
+-- 'port', 'awsRdsDbPendingModifiedValues_port' - The new port for the DB instance.
+--
+-- 'processorFeatures', 'awsRdsDbPendingModifiedValues_processorFeatures' - Processor features that are being updated.
+--
+-- 'storageType', 'awsRdsDbPendingModifiedValues_storageType' - The new storage type for the DB instance.
+newAwsRdsDbPendingModifiedValues ::
+  AwsRdsDbPendingModifiedValues
+newAwsRdsDbPendingModifiedValues =
+  AwsRdsDbPendingModifiedValues'
+    { allocatedStorage =
+        Prelude.Nothing,
+      backupRetentionPeriod = Prelude.Nothing,
+      caCertificateIdentifier = Prelude.Nothing,
+      dbInstanceClass = Prelude.Nothing,
+      dbInstanceIdentifier = Prelude.Nothing,
+      dbSubnetGroupName = Prelude.Nothing,
+      engineVersion = Prelude.Nothing,
+      iops = Prelude.Nothing,
+      licenseModel = Prelude.Nothing,
+      masterUserPassword = Prelude.Nothing,
+      multiAZ = Prelude.Nothing,
+      pendingCloudWatchLogsExports =
+        Prelude.Nothing,
+      port = Prelude.Nothing,
+      processorFeatures = Prelude.Nothing,
+      storageType = Prelude.Nothing
+    }
+
+-- | The new value of the allocated storage for the DB instance.
+awsRdsDbPendingModifiedValues_allocatedStorage :: Lens.Lens' AwsRdsDbPendingModifiedValues (Prelude.Maybe Prelude.Int)
+awsRdsDbPendingModifiedValues_allocatedStorage = Lens.lens (\AwsRdsDbPendingModifiedValues' {allocatedStorage} -> allocatedStorage) (\s@AwsRdsDbPendingModifiedValues' {} a -> s {allocatedStorage = a} :: AwsRdsDbPendingModifiedValues)
+
+-- | The new backup retention period for the DB instance.
+awsRdsDbPendingModifiedValues_backupRetentionPeriod :: Lens.Lens' AwsRdsDbPendingModifiedValues (Prelude.Maybe Prelude.Int)
+awsRdsDbPendingModifiedValues_backupRetentionPeriod = Lens.lens (\AwsRdsDbPendingModifiedValues' {backupRetentionPeriod} -> backupRetentionPeriod) (\s@AwsRdsDbPendingModifiedValues' {} a -> s {backupRetentionPeriod = a} :: AwsRdsDbPendingModifiedValues)
+
+-- | The new CA certificate identifier for the DB instance.
+awsRdsDbPendingModifiedValues_caCertificateIdentifier :: Lens.Lens' AwsRdsDbPendingModifiedValues (Prelude.Maybe Prelude.Text)
+awsRdsDbPendingModifiedValues_caCertificateIdentifier = Lens.lens (\AwsRdsDbPendingModifiedValues' {caCertificateIdentifier} -> caCertificateIdentifier) (\s@AwsRdsDbPendingModifiedValues' {} a -> s {caCertificateIdentifier = a} :: AwsRdsDbPendingModifiedValues)
+
+-- | The new DB instance class for the DB instance.
+awsRdsDbPendingModifiedValues_dbInstanceClass :: Lens.Lens' AwsRdsDbPendingModifiedValues (Prelude.Maybe Prelude.Text)
+awsRdsDbPendingModifiedValues_dbInstanceClass = Lens.lens (\AwsRdsDbPendingModifiedValues' {dbInstanceClass} -> dbInstanceClass) (\s@AwsRdsDbPendingModifiedValues' {} a -> s {dbInstanceClass = a} :: AwsRdsDbPendingModifiedValues)
+
+-- | The new DB instance identifier for the DB instance.
+awsRdsDbPendingModifiedValues_dbInstanceIdentifier :: Lens.Lens' AwsRdsDbPendingModifiedValues (Prelude.Maybe Prelude.Text)
+awsRdsDbPendingModifiedValues_dbInstanceIdentifier = Lens.lens (\AwsRdsDbPendingModifiedValues' {dbInstanceIdentifier} -> dbInstanceIdentifier) (\s@AwsRdsDbPendingModifiedValues' {} a -> s {dbInstanceIdentifier = a} :: AwsRdsDbPendingModifiedValues)
+
+-- | The name of the new subnet group for the DB instance.
+awsRdsDbPendingModifiedValues_dbSubnetGroupName :: Lens.Lens' AwsRdsDbPendingModifiedValues (Prelude.Maybe Prelude.Text)
+awsRdsDbPendingModifiedValues_dbSubnetGroupName = Lens.lens (\AwsRdsDbPendingModifiedValues' {dbSubnetGroupName} -> dbSubnetGroupName) (\s@AwsRdsDbPendingModifiedValues' {} a -> s {dbSubnetGroupName = a} :: AwsRdsDbPendingModifiedValues)
+
+-- | The new engine version for the DB instance.
+awsRdsDbPendingModifiedValues_engineVersion :: Lens.Lens' AwsRdsDbPendingModifiedValues (Prelude.Maybe Prelude.Text)
+awsRdsDbPendingModifiedValues_engineVersion = Lens.lens (\AwsRdsDbPendingModifiedValues' {engineVersion} -> engineVersion) (\s@AwsRdsDbPendingModifiedValues' {} a -> s {engineVersion = a} :: AwsRdsDbPendingModifiedValues)
+
+-- | The new provisioned IOPS value for the DB instance.
+awsRdsDbPendingModifiedValues_iops :: Lens.Lens' AwsRdsDbPendingModifiedValues (Prelude.Maybe Prelude.Int)
+awsRdsDbPendingModifiedValues_iops = Lens.lens (\AwsRdsDbPendingModifiedValues' {iops} -> iops) (\s@AwsRdsDbPendingModifiedValues' {} a -> s {iops = a} :: AwsRdsDbPendingModifiedValues)
+
+-- | The new license model value for the DB instance.
+awsRdsDbPendingModifiedValues_licenseModel :: Lens.Lens' AwsRdsDbPendingModifiedValues (Prelude.Maybe Prelude.Text)
+awsRdsDbPendingModifiedValues_licenseModel = Lens.lens (\AwsRdsDbPendingModifiedValues' {licenseModel} -> licenseModel) (\s@AwsRdsDbPendingModifiedValues' {} a -> s {licenseModel = a} :: AwsRdsDbPendingModifiedValues)
+
+-- | The new master user password for the DB instance.
+awsRdsDbPendingModifiedValues_masterUserPassword :: Lens.Lens' AwsRdsDbPendingModifiedValues (Prelude.Maybe Prelude.Text)
+awsRdsDbPendingModifiedValues_masterUserPassword = Lens.lens (\AwsRdsDbPendingModifiedValues' {masterUserPassword} -> masterUserPassword) (\s@AwsRdsDbPendingModifiedValues' {} a -> s {masterUserPassword = a} :: AwsRdsDbPendingModifiedValues)
+
+-- | Indicates that a single Availability Zone DB instance is changing to a
+-- multiple Availability Zone deployment.
+awsRdsDbPendingModifiedValues_multiAZ :: Lens.Lens' AwsRdsDbPendingModifiedValues (Prelude.Maybe Prelude.Bool)
+awsRdsDbPendingModifiedValues_multiAZ = Lens.lens (\AwsRdsDbPendingModifiedValues' {multiAZ} -> multiAZ) (\s@AwsRdsDbPendingModifiedValues' {} a -> s {multiAZ = a} :: AwsRdsDbPendingModifiedValues)
+
+-- | A list of log types that are being enabled or disabled.
+awsRdsDbPendingModifiedValues_pendingCloudWatchLogsExports :: Lens.Lens' AwsRdsDbPendingModifiedValues (Prelude.Maybe AwsRdsPendingCloudWatchLogsExports)
+awsRdsDbPendingModifiedValues_pendingCloudWatchLogsExports = Lens.lens (\AwsRdsDbPendingModifiedValues' {pendingCloudWatchLogsExports} -> pendingCloudWatchLogsExports) (\s@AwsRdsDbPendingModifiedValues' {} a -> s {pendingCloudWatchLogsExports = a} :: AwsRdsDbPendingModifiedValues)
+
+-- | The new port for the DB instance.
+awsRdsDbPendingModifiedValues_port :: Lens.Lens' AwsRdsDbPendingModifiedValues (Prelude.Maybe Prelude.Int)
+awsRdsDbPendingModifiedValues_port = Lens.lens (\AwsRdsDbPendingModifiedValues' {port} -> port) (\s@AwsRdsDbPendingModifiedValues' {} a -> s {port = a} :: AwsRdsDbPendingModifiedValues)
+
+-- | Processor features that are being updated.
+awsRdsDbPendingModifiedValues_processorFeatures :: Lens.Lens' AwsRdsDbPendingModifiedValues (Prelude.Maybe [AwsRdsDbProcessorFeature])
+awsRdsDbPendingModifiedValues_processorFeatures = Lens.lens (\AwsRdsDbPendingModifiedValues' {processorFeatures} -> processorFeatures) (\s@AwsRdsDbPendingModifiedValues' {} a -> s {processorFeatures = a} :: AwsRdsDbPendingModifiedValues) Prelude.. Lens.mapping Lens.coerced
+
+-- | The new storage type for the DB instance.
+awsRdsDbPendingModifiedValues_storageType :: Lens.Lens' AwsRdsDbPendingModifiedValues (Prelude.Maybe Prelude.Text)
+awsRdsDbPendingModifiedValues_storageType = Lens.lens (\AwsRdsDbPendingModifiedValues' {storageType} -> storageType) (\s@AwsRdsDbPendingModifiedValues' {} a -> s {storageType = a} :: AwsRdsDbPendingModifiedValues)
+
+instance Data.FromJSON AwsRdsDbPendingModifiedValues where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbPendingModifiedValues"
+      ( \x ->
+          AwsRdsDbPendingModifiedValues'
+            Prelude.<$> (x Data..:? "AllocatedStorage")
+            Prelude.<*> (x Data..:? "BackupRetentionPeriod")
+            Prelude.<*> (x Data..:? "CaCertificateIdentifier")
+            Prelude.<*> (x Data..:? "DbInstanceClass")
+            Prelude.<*> (x Data..:? "DbInstanceIdentifier")
+            Prelude.<*> (x Data..:? "DbSubnetGroupName")
+            Prelude.<*> (x Data..:? "EngineVersion")
+            Prelude.<*> (x Data..:? "Iops")
+            Prelude.<*> (x Data..:? "LicenseModel")
+            Prelude.<*> (x Data..:? "MasterUserPassword")
+            Prelude.<*> (x Data..:? "MultiAZ")
+            Prelude.<*> (x Data..:? "PendingCloudWatchLogsExports")
+            Prelude.<*> (x Data..:? "Port")
+            Prelude.<*> ( x
+                            Data..:? "ProcessorFeatures"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "StorageType")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRdsDbPendingModifiedValues
+  where
+  hashWithSalt _salt AwsRdsDbPendingModifiedValues' {..} =
+    _salt
+      `Prelude.hashWithSalt` allocatedStorage
+      `Prelude.hashWithSalt` backupRetentionPeriod
+      `Prelude.hashWithSalt` caCertificateIdentifier
+      `Prelude.hashWithSalt` dbInstanceClass
+      `Prelude.hashWithSalt` dbInstanceIdentifier
+      `Prelude.hashWithSalt` dbSubnetGroupName
+      `Prelude.hashWithSalt` engineVersion
+      `Prelude.hashWithSalt` iops
+      `Prelude.hashWithSalt` licenseModel
+      `Prelude.hashWithSalt` masterUserPassword
+      `Prelude.hashWithSalt` multiAZ
+      `Prelude.hashWithSalt` pendingCloudWatchLogsExports
+      `Prelude.hashWithSalt` port
+      `Prelude.hashWithSalt` processorFeatures
+      `Prelude.hashWithSalt` storageType
+
+instance Prelude.NFData AwsRdsDbPendingModifiedValues where
+  rnf AwsRdsDbPendingModifiedValues' {..} =
+    Prelude.rnf allocatedStorage
+      `Prelude.seq` Prelude.rnf backupRetentionPeriod
+      `Prelude.seq` Prelude.rnf caCertificateIdentifier
+      `Prelude.seq` Prelude.rnf dbInstanceClass
+      `Prelude.seq` Prelude.rnf dbInstanceIdentifier
+      `Prelude.seq` Prelude.rnf dbSubnetGroupName
+      `Prelude.seq` Prelude.rnf engineVersion
+      `Prelude.seq` Prelude.rnf iops
+      `Prelude.seq` Prelude.rnf licenseModel
+      `Prelude.seq` Prelude.rnf masterUserPassword
+      `Prelude.seq` Prelude.rnf multiAZ
+      `Prelude.seq` Prelude.rnf pendingCloudWatchLogsExports
+      `Prelude.seq` Prelude.rnf port
+      `Prelude.seq` Prelude.rnf processorFeatures
+      `Prelude.seq` Prelude.rnf storageType
+
+instance Data.ToJSON AwsRdsDbPendingModifiedValues where
+  toJSON AwsRdsDbPendingModifiedValues' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AllocatedStorage" Data..=)
+              Prelude.<$> allocatedStorage,
+            ("BackupRetentionPeriod" Data..=)
+              Prelude.<$> backupRetentionPeriod,
+            ("CaCertificateIdentifier" Data..=)
+              Prelude.<$> caCertificateIdentifier,
+            ("DbInstanceClass" Data..=)
+              Prelude.<$> dbInstanceClass,
+            ("DbInstanceIdentifier" Data..=)
+              Prelude.<$> dbInstanceIdentifier,
+            ("DbSubnetGroupName" Data..=)
+              Prelude.<$> dbSubnetGroupName,
+            ("EngineVersion" Data..=) Prelude.<$> engineVersion,
+            ("Iops" Data..=) Prelude.<$> iops,
+            ("LicenseModel" Data..=) Prelude.<$> licenseModel,
+            ("MasterUserPassword" Data..=)
+              Prelude.<$> masterUserPassword,
+            ("MultiAZ" Data..=) Prelude.<$> multiAZ,
+            ("PendingCloudWatchLogsExports" Data..=)
+              Prelude.<$> pendingCloudWatchLogsExports,
+            ("Port" Data..=) Prelude.<$> port,
+            ("ProcessorFeatures" Data..=)
+              Prelude.<$> processorFeatures,
+            ("StorageType" Data..=) Prelude.<$> storageType
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbProcessorFeature.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbProcessorFeature.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbProcessorFeature.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbProcessorFeature
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbProcessorFeature where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A processor feature.
+--
+-- /See:/ 'newAwsRdsDbProcessorFeature' smart constructor.
+data AwsRdsDbProcessorFeature = AwsRdsDbProcessorFeature'
+  { -- | The name of the processor feature. Valid values are @coreCount@ or
+    -- @threadsPerCore@.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The value of the processor feature.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbProcessorFeature' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'awsRdsDbProcessorFeature_name' - The name of the processor feature. Valid values are @coreCount@ or
+-- @threadsPerCore@.
+--
+-- 'value', 'awsRdsDbProcessorFeature_value' - The value of the processor feature.
+newAwsRdsDbProcessorFeature ::
+  AwsRdsDbProcessorFeature
+newAwsRdsDbProcessorFeature =
+  AwsRdsDbProcessorFeature'
+    { name = Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | The name of the processor feature. Valid values are @coreCount@ or
+-- @threadsPerCore@.
+awsRdsDbProcessorFeature_name :: Lens.Lens' AwsRdsDbProcessorFeature (Prelude.Maybe Prelude.Text)
+awsRdsDbProcessorFeature_name = Lens.lens (\AwsRdsDbProcessorFeature' {name} -> name) (\s@AwsRdsDbProcessorFeature' {} a -> s {name = a} :: AwsRdsDbProcessorFeature)
+
+-- | The value of the processor feature.
+awsRdsDbProcessorFeature_value :: Lens.Lens' AwsRdsDbProcessorFeature (Prelude.Maybe Prelude.Text)
+awsRdsDbProcessorFeature_value = Lens.lens (\AwsRdsDbProcessorFeature' {value} -> value) (\s@AwsRdsDbProcessorFeature' {} a -> s {value = a} :: AwsRdsDbProcessorFeature)
+
+instance Data.FromJSON AwsRdsDbProcessorFeature where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbProcessorFeature"
+      ( \x ->
+          AwsRdsDbProcessorFeature'
+            Prelude.<$> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance Prelude.Hashable AwsRdsDbProcessorFeature where
+  hashWithSalt _salt AwsRdsDbProcessorFeature' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData AwsRdsDbProcessorFeature where
+  rnf AwsRdsDbProcessorFeature' {..} =
+    Prelude.rnf name `Prelude.seq` Prelude.rnf value
+
+instance Data.ToJSON AwsRdsDbProcessorFeature where
+  toJSON AwsRdsDbProcessorFeature' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Name" Data..=) Prelude.<$> name,
+            ("Value" Data..=) Prelude.<$> value
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbSecurityGroupDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbSecurityGroupDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbSecurityGroupDetails.hs
@@ -0,0 +1,174 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupEc2SecurityGroup
+import Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupIpRange
+
+-- | Provides information about an Amazon RDS DB security group.
+--
+-- /See:/ 'newAwsRdsDbSecurityGroupDetails' smart constructor.
+data AwsRdsDbSecurityGroupDetails = AwsRdsDbSecurityGroupDetails'
+  { -- | The ARN for the DB security group.
+    dbSecurityGroupArn :: Prelude.Maybe Prelude.Text,
+    -- | Provides the description of the DB security group.
+    dbSecurityGroupDescription :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the name of the DB security group.
+    dbSecurityGroupName :: Prelude.Maybe Prelude.Text,
+    -- | Contains a list of EC2 security groups.
+    ec2SecurityGroups :: Prelude.Maybe [AwsRdsDbSecurityGroupEc2SecurityGroup],
+    -- | Contains a list of IP ranges.
+    ipRanges :: Prelude.Maybe [AwsRdsDbSecurityGroupIpRange],
+    -- | Provides the Amazon Web Services ID of the owner of a specific DB
+    -- security group.
+    ownerId :: Prelude.Maybe Prelude.Text,
+    -- | Provides VPC ID associated with the DB security group.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbSecurityGroupDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dbSecurityGroupArn', 'awsRdsDbSecurityGroupDetails_dbSecurityGroupArn' - The ARN for the DB security group.
+--
+-- 'dbSecurityGroupDescription', 'awsRdsDbSecurityGroupDetails_dbSecurityGroupDescription' - Provides the description of the DB security group.
+--
+-- 'dbSecurityGroupName', 'awsRdsDbSecurityGroupDetails_dbSecurityGroupName' - Specifies the name of the DB security group.
+--
+-- 'ec2SecurityGroups', 'awsRdsDbSecurityGroupDetails_ec2SecurityGroups' - Contains a list of EC2 security groups.
+--
+-- 'ipRanges', 'awsRdsDbSecurityGroupDetails_ipRanges' - Contains a list of IP ranges.
+--
+-- 'ownerId', 'awsRdsDbSecurityGroupDetails_ownerId' - Provides the Amazon Web Services ID of the owner of a specific DB
+-- security group.
+--
+-- 'vpcId', 'awsRdsDbSecurityGroupDetails_vpcId' - Provides VPC ID associated with the DB security group.
+newAwsRdsDbSecurityGroupDetails ::
+  AwsRdsDbSecurityGroupDetails
+newAwsRdsDbSecurityGroupDetails =
+  AwsRdsDbSecurityGroupDetails'
+    { dbSecurityGroupArn =
+        Prelude.Nothing,
+      dbSecurityGroupDescription = Prelude.Nothing,
+      dbSecurityGroupName = Prelude.Nothing,
+      ec2SecurityGroups = Prelude.Nothing,
+      ipRanges = Prelude.Nothing,
+      ownerId = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | The ARN for the DB security group.
+awsRdsDbSecurityGroupDetails_dbSecurityGroupArn :: Lens.Lens' AwsRdsDbSecurityGroupDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSecurityGroupDetails_dbSecurityGroupArn = Lens.lens (\AwsRdsDbSecurityGroupDetails' {dbSecurityGroupArn} -> dbSecurityGroupArn) (\s@AwsRdsDbSecurityGroupDetails' {} a -> s {dbSecurityGroupArn = a} :: AwsRdsDbSecurityGroupDetails)
+
+-- | Provides the description of the DB security group.
+awsRdsDbSecurityGroupDetails_dbSecurityGroupDescription :: Lens.Lens' AwsRdsDbSecurityGroupDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSecurityGroupDetails_dbSecurityGroupDescription = Lens.lens (\AwsRdsDbSecurityGroupDetails' {dbSecurityGroupDescription} -> dbSecurityGroupDescription) (\s@AwsRdsDbSecurityGroupDetails' {} a -> s {dbSecurityGroupDescription = a} :: AwsRdsDbSecurityGroupDetails)
+
+-- | Specifies the name of the DB security group.
+awsRdsDbSecurityGroupDetails_dbSecurityGroupName :: Lens.Lens' AwsRdsDbSecurityGroupDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSecurityGroupDetails_dbSecurityGroupName = Lens.lens (\AwsRdsDbSecurityGroupDetails' {dbSecurityGroupName} -> dbSecurityGroupName) (\s@AwsRdsDbSecurityGroupDetails' {} a -> s {dbSecurityGroupName = a} :: AwsRdsDbSecurityGroupDetails)
+
+-- | Contains a list of EC2 security groups.
+awsRdsDbSecurityGroupDetails_ec2SecurityGroups :: Lens.Lens' AwsRdsDbSecurityGroupDetails (Prelude.Maybe [AwsRdsDbSecurityGroupEc2SecurityGroup])
+awsRdsDbSecurityGroupDetails_ec2SecurityGroups = Lens.lens (\AwsRdsDbSecurityGroupDetails' {ec2SecurityGroups} -> ec2SecurityGroups) (\s@AwsRdsDbSecurityGroupDetails' {} a -> s {ec2SecurityGroups = a} :: AwsRdsDbSecurityGroupDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Contains a list of IP ranges.
+awsRdsDbSecurityGroupDetails_ipRanges :: Lens.Lens' AwsRdsDbSecurityGroupDetails (Prelude.Maybe [AwsRdsDbSecurityGroupIpRange])
+awsRdsDbSecurityGroupDetails_ipRanges = Lens.lens (\AwsRdsDbSecurityGroupDetails' {ipRanges} -> ipRanges) (\s@AwsRdsDbSecurityGroupDetails' {} a -> s {ipRanges = a} :: AwsRdsDbSecurityGroupDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Provides the Amazon Web Services ID of the owner of a specific DB
+-- security group.
+awsRdsDbSecurityGroupDetails_ownerId :: Lens.Lens' AwsRdsDbSecurityGroupDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSecurityGroupDetails_ownerId = Lens.lens (\AwsRdsDbSecurityGroupDetails' {ownerId} -> ownerId) (\s@AwsRdsDbSecurityGroupDetails' {} a -> s {ownerId = a} :: AwsRdsDbSecurityGroupDetails)
+
+-- | Provides VPC ID associated with the DB security group.
+awsRdsDbSecurityGroupDetails_vpcId :: Lens.Lens' AwsRdsDbSecurityGroupDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSecurityGroupDetails_vpcId = Lens.lens (\AwsRdsDbSecurityGroupDetails' {vpcId} -> vpcId) (\s@AwsRdsDbSecurityGroupDetails' {} a -> s {vpcId = a} :: AwsRdsDbSecurityGroupDetails)
+
+instance Data.FromJSON AwsRdsDbSecurityGroupDetails where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbSecurityGroupDetails"
+      ( \x ->
+          AwsRdsDbSecurityGroupDetails'
+            Prelude.<$> (x Data..:? "DbSecurityGroupArn")
+            Prelude.<*> (x Data..:? "DbSecurityGroupDescription")
+            Prelude.<*> (x Data..:? "DbSecurityGroupName")
+            Prelude.<*> ( x
+                            Data..:? "Ec2SecurityGroups"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "IpRanges" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "OwnerId")
+            Prelude.<*> (x Data..:? "VpcId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRdsDbSecurityGroupDetails
+  where
+  hashWithSalt _salt AwsRdsDbSecurityGroupDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` dbSecurityGroupArn
+      `Prelude.hashWithSalt` dbSecurityGroupDescription
+      `Prelude.hashWithSalt` dbSecurityGroupName
+      `Prelude.hashWithSalt` ec2SecurityGroups
+      `Prelude.hashWithSalt` ipRanges
+      `Prelude.hashWithSalt` ownerId
+      `Prelude.hashWithSalt` vpcId
+
+instance Prelude.NFData AwsRdsDbSecurityGroupDetails where
+  rnf AwsRdsDbSecurityGroupDetails' {..} =
+    Prelude.rnf dbSecurityGroupArn
+      `Prelude.seq` Prelude.rnf dbSecurityGroupDescription
+      `Prelude.seq` Prelude.rnf dbSecurityGroupName
+      `Prelude.seq` Prelude.rnf ec2SecurityGroups
+      `Prelude.seq` Prelude.rnf ipRanges
+      `Prelude.seq` Prelude.rnf ownerId
+      `Prelude.seq` Prelude.rnf vpcId
+
+instance Data.ToJSON AwsRdsDbSecurityGroupDetails where
+  toJSON AwsRdsDbSecurityGroupDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DbSecurityGroupArn" Data..=)
+              Prelude.<$> dbSecurityGroupArn,
+            ("DbSecurityGroupDescription" Data..=)
+              Prelude.<$> dbSecurityGroupDescription,
+            ("DbSecurityGroupName" Data..=)
+              Prelude.<$> dbSecurityGroupName,
+            ("Ec2SecurityGroups" Data..=)
+              Prelude.<$> ec2SecurityGroups,
+            ("IpRanges" Data..=) Prelude.<$> ipRanges,
+            ("OwnerId" Data..=) Prelude.<$> ownerId,
+            ("VpcId" Data..=) Prelude.<$> vpcId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbSecurityGroupEc2SecurityGroup.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbSecurityGroupEc2SecurityGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbSecurityGroupEc2SecurityGroup.hs
@@ -0,0 +1,142 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupEc2SecurityGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupEc2SecurityGroup where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | EC2 security group information for an RDS DB security group.
+--
+-- /See:/ 'newAwsRdsDbSecurityGroupEc2SecurityGroup' smart constructor.
+data AwsRdsDbSecurityGroupEc2SecurityGroup = AwsRdsDbSecurityGroupEc2SecurityGroup'
+  { -- | Specifies the ID for the EC2 security group.
+    ec2SecurityGroupId :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the name of the EC2 security group.
+    ec2SecurityGroupName :: Prelude.Maybe Prelude.Text,
+    -- | Provides the Amazon Web Services ID of the owner of the EC2 security
+    -- group.
+    ec2SecurityGroupOwnerId :: Prelude.Maybe Prelude.Text,
+    -- | Provides the status of the EC2 security group.
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbSecurityGroupEc2SecurityGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ec2SecurityGroupId', 'awsRdsDbSecurityGroupEc2SecurityGroup_ec2SecurityGroupId' - Specifies the ID for the EC2 security group.
+--
+-- 'ec2SecurityGroupName', 'awsRdsDbSecurityGroupEc2SecurityGroup_ec2SecurityGroupName' - Specifies the name of the EC2 security group.
+--
+-- 'ec2SecurityGroupOwnerId', 'awsRdsDbSecurityGroupEc2SecurityGroup_ec2SecurityGroupOwnerId' - Provides the Amazon Web Services ID of the owner of the EC2 security
+-- group.
+--
+-- 'status', 'awsRdsDbSecurityGroupEc2SecurityGroup_status' - Provides the status of the EC2 security group.
+newAwsRdsDbSecurityGroupEc2SecurityGroup ::
+  AwsRdsDbSecurityGroupEc2SecurityGroup
+newAwsRdsDbSecurityGroupEc2SecurityGroup =
+  AwsRdsDbSecurityGroupEc2SecurityGroup'
+    { ec2SecurityGroupId =
+        Prelude.Nothing,
+      ec2SecurityGroupName =
+        Prelude.Nothing,
+      ec2SecurityGroupOwnerId =
+        Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | Specifies the ID for the EC2 security group.
+awsRdsDbSecurityGroupEc2SecurityGroup_ec2SecurityGroupId :: Lens.Lens' AwsRdsDbSecurityGroupEc2SecurityGroup (Prelude.Maybe Prelude.Text)
+awsRdsDbSecurityGroupEc2SecurityGroup_ec2SecurityGroupId = Lens.lens (\AwsRdsDbSecurityGroupEc2SecurityGroup' {ec2SecurityGroupId} -> ec2SecurityGroupId) (\s@AwsRdsDbSecurityGroupEc2SecurityGroup' {} a -> s {ec2SecurityGroupId = a} :: AwsRdsDbSecurityGroupEc2SecurityGroup)
+
+-- | Specifies the name of the EC2 security group.
+awsRdsDbSecurityGroupEc2SecurityGroup_ec2SecurityGroupName :: Lens.Lens' AwsRdsDbSecurityGroupEc2SecurityGroup (Prelude.Maybe Prelude.Text)
+awsRdsDbSecurityGroupEc2SecurityGroup_ec2SecurityGroupName = Lens.lens (\AwsRdsDbSecurityGroupEc2SecurityGroup' {ec2SecurityGroupName} -> ec2SecurityGroupName) (\s@AwsRdsDbSecurityGroupEc2SecurityGroup' {} a -> s {ec2SecurityGroupName = a} :: AwsRdsDbSecurityGroupEc2SecurityGroup)
+
+-- | Provides the Amazon Web Services ID of the owner of the EC2 security
+-- group.
+awsRdsDbSecurityGroupEc2SecurityGroup_ec2SecurityGroupOwnerId :: Lens.Lens' AwsRdsDbSecurityGroupEc2SecurityGroup (Prelude.Maybe Prelude.Text)
+awsRdsDbSecurityGroupEc2SecurityGroup_ec2SecurityGroupOwnerId = Lens.lens (\AwsRdsDbSecurityGroupEc2SecurityGroup' {ec2SecurityGroupOwnerId} -> ec2SecurityGroupOwnerId) (\s@AwsRdsDbSecurityGroupEc2SecurityGroup' {} a -> s {ec2SecurityGroupOwnerId = a} :: AwsRdsDbSecurityGroupEc2SecurityGroup)
+
+-- | Provides the status of the EC2 security group.
+awsRdsDbSecurityGroupEc2SecurityGroup_status :: Lens.Lens' AwsRdsDbSecurityGroupEc2SecurityGroup (Prelude.Maybe Prelude.Text)
+awsRdsDbSecurityGroupEc2SecurityGroup_status = Lens.lens (\AwsRdsDbSecurityGroupEc2SecurityGroup' {status} -> status) (\s@AwsRdsDbSecurityGroupEc2SecurityGroup' {} a -> s {status = a} :: AwsRdsDbSecurityGroupEc2SecurityGroup)
+
+instance
+  Data.FromJSON
+    AwsRdsDbSecurityGroupEc2SecurityGroup
+  where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbSecurityGroupEc2SecurityGroup"
+      ( \x ->
+          AwsRdsDbSecurityGroupEc2SecurityGroup'
+            Prelude.<$> (x Data..:? "Ec2SecurityGroupId")
+            Prelude.<*> (x Data..:? "Ec2SecurityGroupName")
+            Prelude.<*> (x Data..:? "Ec2SecurityGroupOwnerId")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRdsDbSecurityGroupEc2SecurityGroup
+  where
+  hashWithSalt
+    _salt
+    AwsRdsDbSecurityGroupEc2SecurityGroup' {..} =
+      _salt
+        `Prelude.hashWithSalt` ec2SecurityGroupId
+        `Prelude.hashWithSalt` ec2SecurityGroupName
+        `Prelude.hashWithSalt` ec2SecurityGroupOwnerId
+        `Prelude.hashWithSalt` status
+
+instance
+  Prelude.NFData
+    AwsRdsDbSecurityGroupEc2SecurityGroup
+  where
+  rnf AwsRdsDbSecurityGroupEc2SecurityGroup' {..} =
+    Prelude.rnf ec2SecurityGroupId
+      `Prelude.seq` Prelude.rnf ec2SecurityGroupName
+      `Prelude.seq` Prelude.rnf ec2SecurityGroupOwnerId
+      `Prelude.seq` Prelude.rnf status
+
+instance
+  Data.ToJSON
+    AwsRdsDbSecurityGroupEc2SecurityGroup
+  where
+  toJSON AwsRdsDbSecurityGroupEc2SecurityGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Ec2SecurityGroupId" Data..=)
+              Prelude.<$> ec2SecurityGroupId,
+            ("Ec2SecurityGroupName" Data..=)
+              Prelude.<$> ec2SecurityGroupName,
+            ("Ec2SecurityGroupOwnerId" Data..=)
+              Prelude.<$> ec2SecurityGroupOwnerId,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbSecurityGroupIpRange.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbSecurityGroupIpRange.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbSecurityGroupIpRange.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupIpRange
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupIpRange where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | IP range information for an RDS DB security group.
+--
+-- /See:/ 'newAwsRdsDbSecurityGroupIpRange' smart constructor.
+data AwsRdsDbSecurityGroupIpRange = AwsRdsDbSecurityGroupIpRange'
+  { -- | Specifies the IP range.
+    cidrIp :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the status of the IP range.
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbSecurityGroupIpRange' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cidrIp', 'awsRdsDbSecurityGroupIpRange_cidrIp' - Specifies the IP range.
+--
+-- 'status', 'awsRdsDbSecurityGroupIpRange_status' - Specifies the status of the IP range.
+newAwsRdsDbSecurityGroupIpRange ::
+  AwsRdsDbSecurityGroupIpRange
+newAwsRdsDbSecurityGroupIpRange =
+  AwsRdsDbSecurityGroupIpRange'
+    { cidrIp =
+        Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | Specifies the IP range.
+awsRdsDbSecurityGroupIpRange_cidrIp :: Lens.Lens' AwsRdsDbSecurityGroupIpRange (Prelude.Maybe Prelude.Text)
+awsRdsDbSecurityGroupIpRange_cidrIp = Lens.lens (\AwsRdsDbSecurityGroupIpRange' {cidrIp} -> cidrIp) (\s@AwsRdsDbSecurityGroupIpRange' {} a -> s {cidrIp = a} :: AwsRdsDbSecurityGroupIpRange)
+
+-- | Specifies the status of the IP range.
+awsRdsDbSecurityGroupIpRange_status :: Lens.Lens' AwsRdsDbSecurityGroupIpRange (Prelude.Maybe Prelude.Text)
+awsRdsDbSecurityGroupIpRange_status = Lens.lens (\AwsRdsDbSecurityGroupIpRange' {status} -> status) (\s@AwsRdsDbSecurityGroupIpRange' {} a -> s {status = a} :: AwsRdsDbSecurityGroupIpRange)
+
+instance Data.FromJSON AwsRdsDbSecurityGroupIpRange where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbSecurityGroupIpRange"
+      ( \x ->
+          AwsRdsDbSecurityGroupIpRange'
+            Prelude.<$> (x Data..:? "CidrIp")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRdsDbSecurityGroupIpRange
+  where
+  hashWithSalt _salt AwsRdsDbSecurityGroupIpRange' {..} =
+    _salt
+      `Prelude.hashWithSalt` cidrIp
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData AwsRdsDbSecurityGroupIpRange where
+  rnf AwsRdsDbSecurityGroupIpRange' {..} =
+    Prelude.rnf cidrIp `Prelude.seq` Prelude.rnf status
+
+instance Data.ToJSON AwsRdsDbSecurityGroupIpRange where
+  toJSON AwsRdsDbSecurityGroupIpRange' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CidrIp" Data..=) Prelude.<$> cidrIp,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbSnapshotDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbSnapshotDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbSnapshotDetails.hs
@@ -0,0 +1,579 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbSnapshotDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbSnapshotDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsRdsDbProcessorFeature
+
+-- | Provides details about an Amazon RDS DB cluster snapshot.
+--
+-- /See:/ 'newAwsRdsDbSnapshotDetails' smart constructor.
+data AwsRdsDbSnapshotDetails = AwsRdsDbSnapshotDetails'
+  { -- | The amount of storage (in gigabytes) to be initially allocated for the
+    -- database instance.
+    allocatedStorage :: Prelude.Maybe Prelude.Int,
+    -- | Specifies the name of the Availability Zone in which the DB instance was
+    -- located at the time of the DB snapshot.
+    availabilityZone :: Prelude.Maybe Prelude.Text,
+    -- | A name for the DB instance.
+    dbInstanceIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The name or ARN of the DB snapshot that is used to restore the DB
+    -- instance.
+    dbSnapshotIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The identifier for the source DB instance.
+    dbiResourceId :: Prelude.Maybe Prelude.Text,
+    -- | Whether the DB snapshot is encrypted.
+    encrypted :: Prelude.Maybe Prelude.Bool,
+    -- | The name of the database engine to use for this DB instance. Valid
+    -- values are as follows:
+    --
+    -- -   @aurora@
+    --
+    -- -   @aurora-mysql@
+    --
+    -- -   @aurora-postgresql@
+    --
+    -- -   @c@
+    --
+    -- -   @mariadb@
+    --
+    -- -   @mysql@
+    --
+    -- -   @oracle-ee@
+    --
+    -- -   @oracle-se@
+    --
+    -- -   @oracle-se1@
+    --
+    -- -   @oracle-se2@
+    --
+    -- -   @sqlserver-ee@
+    --
+    -- -   @sqlserver-ex@
+    --
+    -- -   @sqlserver-se@
+    --
+    -- -   @sqlserver-web@
+    engine :: Prelude.Maybe Prelude.Text,
+    -- | The version of the database engine.
+    engineVersion :: Prelude.Maybe Prelude.Text,
+    -- | Whether mapping of IAM accounts to database accounts is enabled.
+    iamDatabaseAuthenticationEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | Specifies the time in Coordinated Universal Time (UTC) when the DB
+    -- instance, from which the snapshot was taken, was created.
+    instanceCreateTime :: Prelude.Maybe Prelude.Text,
+    -- | The provisioned IOPS (I\/O operations per second) value of the DB
+    -- instance at the time of the snapshot.
+    iops :: Prelude.Maybe Prelude.Int,
+    -- | If @Encrypted@ is @true@, the KMS key identifier for the encrypted DB
+    -- snapshot.
+    kmsKeyId :: Prelude.Maybe Prelude.Text,
+    -- | License model information for the restored DB instance.
+    licenseModel :: Prelude.Maybe Prelude.Text,
+    -- | The master user name for the DB snapshot.
+    masterUsername :: Prelude.Maybe Prelude.Text,
+    -- | The option group name for the DB snapshot.
+    optionGroupName :: Prelude.Maybe Prelude.Text,
+    -- | The percentage of the estimated data that has been transferred.
+    percentProgress :: Prelude.Maybe Prelude.Int,
+    -- | The port that the database engine was listening on at the time of the
+    -- snapshot.
+    port :: Prelude.Maybe Prelude.Int,
+    -- | The number of CPU cores and the number of threads per core for the DB
+    -- instance class of the DB instance.
+    processorFeatures :: Prelude.Maybe [AwsRdsDbProcessorFeature],
+    -- | When the snapshot was taken in Coordinated Universal Time (UTC).
+    snapshotCreateTime :: Prelude.Maybe Prelude.Text,
+    -- | The type of the DB snapshot.
+    snapshotType :: Prelude.Maybe Prelude.Text,
+    -- | The DB snapshot ARN that the DB snapshot was copied from.
+    sourceDbSnapshotIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Web Services Region that the DB snapshot was created in or
+    -- copied from.
+    sourceRegion :: Prelude.Maybe Prelude.Text,
+    -- | The status of this DB snapshot.
+    status :: Prelude.Maybe Prelude.Text,
+    -- | The storage type associated with the DB snapshot. Valid values are as
+    -- follows:
+    --
+    -- -   @gp2@
+    --
+    -- -   @io1@
+    --
+    -- -   @standard@
+    storageType :: Prelude.Maybe Prelude.Text,
+    -- | The ARN from the key store with which to associate the instance for TDE
+    -- encryption.
+    tdeCredentialArn :: Prelude.Maybe Prelude.Text,
+    -- | The time zone of the DB snapshot.
+    timezone :: Prelude.Maybe Prelude.Text,
+    -- | The VPC ID associated with the DB snapshot.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbSnapshotDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allocatedStorage', 'awsRdsDbSnapshotDetails_allocatedStorage' - The amount of storage (in gigabytes) to be initially allocated for the
+-- database instance.
+--
+-- 'availabilityZone', 'awsRdsDbSnapshotDetails_availabilityZone' - Specifies the name of the Availability Zone in which the DB instance was
+-- located at the time of the DB snapshot.
+--
+-- 'dbInstanceIdentifier', 'awsRdsDbSnapshotDetails_dbInstanceIdentifier' - A name for the DB instance.
+--
+-- 'dbSnapshotIdentifier', 'awsRdsDbSnapshotDetails_dbSnapshotIdentifier' - The name or ARN of the DB snapshot that is used to restore the DB
+-- instance.
+--
+-- 'dbiResourceId', 'awsRdsDbSnapshotDetails_dbiResourceId' - The identifier for the source DB instance.
+--
+-- 'encrypted', 'awsRdsDbSnapshotDetails_encrypted' - Whether the DB snapshot is encrypted.
+--
+-- 'engine', 'awsRdsDbSnapshotDetails_engine' - The name of the database engine to use for this DB instance. Valid
+-- values are as follows:
+--
+-- -   @aurora@
+--
+-- -   @aurora-mysql@
+--
+-- -   @aurora-postgresql@
+--
+-- -   @c@
+--
+-- -   @mariadb@
+--
+-- -   @mysql@
+--
+-- -   @oracle-ee@
+--
+-- -   @oracle-se@
+--
+-- -   @oracle-se1@
+--
+-- -   @oracle-se2@
+--
+-- -   @sqlserver-ee@
+--
+-- -   @sqlserver-ex@
+--
+-- -   @sqlserver-se@
+--
+-- -   @sqlserver-web@
+--
+-- 'engineVersion', 'awsRdsDbSnapshotDetails_engineVersion' - The version of the database engine.
+--
+-- 'iamDatabaseAuthenticationEnabled', 'awsRdsDbSnapshotDetails_iamDatabaseAuthenticationEnabled' - Whether mapping of IAM accounts to database accounts is enabled.
+--
+-- 'instanceCreateTime', 'awsRdsDbSnapshotDetails_instanceCreateTime' - Specifies the time in Coordinated Universal Time (UTC) when the DB
+-- instance, from which the snapshot was taken, was created.
+--
+-- 'iops', 'awsRdsDbSnapshotDetails_iops' - The provisioned IOPS (I\/O operations per second) value of the DB
+-- instance at the time of the snapshot.
+--
+-- 'kmsKeyId', 'awsRdsDbSnapshotDetails_kmsKeyId' - If @Encrypted@ is @true@, the KMS key identifier for the encrypted DB
+-- snapshot.
+--
+-- 'licenseModel', 'awsRdsDbSnapshotDetails_licenseModel' - License model information for the restored DB instance.
+--
+-- 'masterUsername', 'awsRdsDbSnapshotDetails_masterUsername' - The master user name for the DB snapshot.
+--
+-- 'optionGroupName', 'awsRdsDbSnapshotDetails_optionGroupName' - The option group name for the DB snapshot.
+--
+-- 'percentProgress', 'awsRdsDbSnapshotDetails_percentProgress' - The percentage of the estimated data that has been transferred.
+--
+-- 'port', 'awsRdsDbSnapshotDetails_port' - The port that the database engine was listening on at the time of the
+-- snapshot.
+--
+-- 'processorFeatures', 'awsRdsDbSnapshotDetails_processorFeatures' - The number of CPU cores and the number of threads per core for the DB
+-- instance class of the DB instance.
+--
+-- 'snapshotCreateTime', 'awsRdsDbSnapshotDetails_snapshotCreateTime' - When the snapshot was taken in Coordinated Universal Time (UTC).
+--
+-- 'snapshotType', 'awsRdsDbSnapshotDetails_snapshotType' - The type of the DB snapshot.
+--
+-- 'sourceDbSnapshotIdentifier', 'awsRdsDbSnapshotDetails_sourceDbSnapshotIdentifier' - The DB snapshot ARN that the DB snapshot was copied from.
+--
+-- 'sourceRegion', 'awsRdsDbSnapshotDetails_sourceRegion' - The Amazon Web Services Region that the DB snapshot was created in or
+-- copied from.
+--
+-- 'status', 'awsRdsDbSnapshotDetails_status' - The status of this DB snapshot.
+--
+-- 'storageType', 'awsRdsDbSnapshotDetails_storageType' - The storage type associated with the DB snapshot. Valid values are as
+-- follows:
+--
+-- -   @gp2@
+--
+-- -   @io1@
+--
+-- -   @standard@
+--
+-- 'tdeCredentialArn', 'awsRdsDbSnapshotDetails_tdeCredentialArn' - The ARN from the key store with which to associate the instance for TDE
+-- encryption.
+--
+-- 'timezone', 'awsRdsDbSnapshotDetails_timezone' - The time zone of the DB snapshot.
+--
+-- 'vpcId', 'awsRdsDbSnapshotDetails_vpcId' - The VPC ID associated with the DB snapshot.
+newAwsRdsDbSnapshotDetails ::
+  AwsRdsDbSnapshotDetails
+newAwsRdsDbSnapshotDetails =
+  AwsRdsDbSnapshotDetails'
+    { allocatedStorage =
+        Prelude.Nothing,
+      availabilityZone = Prelude.Nothing,
+      dbInstanceIdentifier = Prelude.Nothing,
+      dbSnapshotIdentifier = Prelude.Nothing,
+      dbiResourceId = Prelude.Nothing,
+      encrypted = Prelude.Nothing,
+      engine = Prelude.Nothing,
+      engineVersion = Prelude.Nothing,
+      iamDatabaseAuthenticationEnabled = Prelude.Nothing,
+      instanceCreateTime = Prelude.Nothing,
+      iops = Prelude.Nothing,
+      kmsKeyId = Prelude.Nothing,
+      licenseModel = Prelude.Nothing,
+      masterUsername = Prelude.Nothing,
+      optionGroupName = Prelude.Nothing,
+      percentProgress = Prelude.Nothing,
+      port = Prelude.Nothing,
+      processorFeatures = Prelude.Nothing,
+      snapshotCreateTime = Prelude.Nothing,
+      snapshotType = Prelude.Nothing,
+      sourceDbSnapshotIdentifier = Prelude.Nothing,
+      sourceRegion = Prelude.Nothing,
+      status = Prelude.Nothing,
+      storageType = Prelude.Nothing,
+      tdeCredentialArn = Prelude.Nothing,
+      timezone = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | The amount of storage (in gigabytes) to be initially allocated for the
+-- database instance.
+awsRdsDbSnapshotDetails_allocatedStorage :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbSnapshotDetails_allocatedStorage = Lens.lens (\AwsRdsDbSnapshotDetails' {allocatedStorage} -> allocatedStorage) (\s@AwsRdsDbSnapshotDetails' {} a -> s {allocatedStorage = a} :: AwsRdsDbSnapshotDetails)
+
+-- | Specifies the name of the Availability Zone in which the DB instance was
+-- located at the time of the DB snapshot.
+awsRdsDbSnapshotDetails_availabilityZone :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_availabilityZone = Lens.lens (\AwsRdsDbSnapshotDetails' {availabilityZone} -> availabilityZone) (\s@AwsRdsDbSnapshotDetails' {} a -> s {availabilityZone = a} :: AwsRdsDbSnapshotDetails)
+
+-- | A name for the DB instance.
+awsRdsDbSnapshotDetails_dbInstanceIdentifier :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_dbInstanceIdentifier = Lens.lens (\AwsRdsDbSnapshotDetails' {dbInstanceIdentifier} -> dbInstanceIdentifier) (\s@AwsRdsDbSnapshotDetails' {} a -> s {dbInstanceIdentifier = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The name or ARN of the DB snapshot that is used to restore the DB
+-- instance.
+awsRdsDbSnapshotDetails_dbSnapshotIdentifier :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_dbSnapshotIdentifier = Lens.lens (\AwsRdsDbSnapshotDetails' {dbSnapshotIdentifier} -> dbSnapshotIdentifier) (\s@AwsRdsDbSnapshotDetails' {} a -> s {dbSnapshotIdentifier = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The identifier for the source DB instance.
+awsRdsDbSnapshotDetails_dbiResourceId :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_dbiResourceId = Lens.lens (\AwsRdsDbSnapshotDetails' {dbiResourceId} -> dbiResourceId) (\s@AwsRdsDbSnapshotDetails' {} a -> s {dbiResourceId = a} :: AwsRdsDbSnapshotDetails)
+
+-- | Whether the DB snapshot is encrypted.
+awsRdsDbSnapshotDetails_encrypted :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbSnapshotDetails_encrypted = Lens.lens (\AwsRdsDbSnapshotDetails' {encrypted} -> encrypted) (\s@AwsRdsDbSnapshotDetails' {} a -> s {encrypted = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The name of the database engine to use for this DB instance. Valid
+-- values are as follows:
+--
+-- -   @aurora@
+--
+-- -   @aurora-mysql@
+--
+-- -   @aurora-postgresql@
+--
+-- -   @c@
+--
+-- -   @mariadb@
+--
+-- -   @mysql@
+--
+-- -   @oracle-ee@
+--
+-- -   @oracle-se@
+--
+-- -   @oracle-se1@
+--
+-- -   @oracle-se2@
+--
+-- -   @sqlserver-ee@
+--
+-- -   @sqlserver-ex@
+--
+-- -   @sqlserver-se@
+--
+-- -   @sqlserver-web@
+awsRdsDbSnapshotDetails_engine :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_engine = Lens.lens (\AwsRdsDbSnapshotDetails' {engine} -> engine) (\s@AwsRdsDbSnapshotDetails' {} a -> s {engine = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The version of the database engine.
+awsRdsDbSnapshotDetails_engineVersion :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_engineVersion = Lens.lens (\AwsRdsDbSnapshotDetails' {engineVersion} -> engineVersion) (\s@AwsRdsDbSnapshotDetails' {} a -> s {engineVersion = a} :: AwsRdsDbSnapshotDetails)
+
+-- | Whether mapping of IAM accounts to database accounts is enabled.
+awsRdsDbSnapshotDetails_iamDatabaseAuthenticationEnabled :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Bool)
+awsRdsDbSnapshotDetails_iamDatabaseAuthenticationEnabled = Lens.lens (\AwsRdsDbSnapshotDetails' {iamDatabaseAuthenticationEnabled} -> iamDatabaseAuthenticationEnabled) (\s@AwsRdsDbSnapshotDetails' {} a -> s {iamDatabaseAuthenticationEnabled = a} :: AwsRdsDbSnapshotDetails)
+
+-- | Specifies the time in Coordinated Universal Time (UTC) when the DB
+-- instance, from which the snapshot was taken, was created.
+awsRdsDbSnapshotDetails_instanceCreateTime :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_instanceCreateTime = Lens.lens (\AwsRdsDbSnapshotDetails' {instanceCreateTime} -> instanceCreateTime) (\s@AwsRdsDbSnapshotDetails' {} a -> s {instanceCreateTime = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The provisioned IOPS (I\/O operations per second) value of the DB
+-- instance at the time of the snapshot.
+awsRdsDbSnapshotDetails_iops :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbSnapshotDetails_iops = Lens.lens (\AwsRdsDbSnapshotDetails' {iops} -> iops) (\s@AwsRdsDbSnapshotDetails' {} a -> s {iops = a} :: AwsRdsDbSnapshotDetails)
+
+-- | If @Encrypted@ is @true@, the KMS key identifier for the encrypted DB
+-- snapshot.
+awsRdsDbSnapshotDetails_kmsKeyId :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_kmsKeyId = Lens.lens (\AwsRdsDbSnapshotDetails' {kmsKeyId} -> kmsKeyId) (\s@AwsRdsDbSnapshotDetails' {} a -> s {kmsKeyId = a} :: AwsRdsDbSnapshotDetails)
+
+-- | License model information for the restored DB instance.
+awsRdsDbSnapshotDetails_licenseModel :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_licenseModel = Lens.lens (\AwsRdsDbSnapshotDetails' {licenseModel} -> licenseModel) (\s@AwsRdsDbSnapshotDetails' {} a -> s {licenseModel = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The master user name for the DB snapshot.
+awsRdsDbSnapshotDetails_masterUsername :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_masterUsername = Lens.lens (\AwsRdsDbSnapshotDetails' {masterUsername} -> masterUsername) (\s@AwsRdsDbSnapshotDetails' {} a -> s {masterUsername = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The option group name for the DB snapshot.
+awsRdsDbSnapshotDetails_optionGroupName :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_optionGroupName = Lens.lens (\AwsRdsDbSnapshotDetails' {optionGroupName} -> optionGroupName) (\s@AwsRdsDbSnapshotDetails' {} a -> s {optionGroupName = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The percentage of the estimated data that has been transferred.
+awsRdsDbSnapshotDetails_percentProgress :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbSnapshotDetails_percentProgress = Lens.lens (\AwsRdsDbSnapshotDetails' {percentProgress} -> percentProgress) (\s@AwsRdsDbSnapshotDetails' {} a -> s {percentProgress = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The port that the database engine was listening on at the time of the
+-- snapshot.
+awsRdsDbSnapshotDetails_port :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Int)
+awsRdsDbSnapshotDetails_port = Lens.lens (\AwsRdsDbSnapshotDetails' {port} -> port) (\s@AwsRdsDbSnapshotDetails' {} a -> s {port = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The number of CPU cores and the number of threads per core for the DB
+-- instance class of the DB instance.
+awsRdsDbSnapshotDetails_processorFeatures :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe [AwsRdsDbProcessorFeature])
+awsRdsDbSnapshotDetails_processorFeatures = Lens.lens (\AwsRdsDbSnapshotDetails' {processorFeatures} -> processorFeatures) (\s@AwsRdsDbSnapshotDetails' {} a -> s {processorFeatures = a} :: AwsRdsDbSnapshotDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | When the snapshot was taken in Coordinated Universal Time (UTC).
+awsRdsDbSnapshotDetails_snapshotCreateTime :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_snapshotCreateTime = Lens.lens (\AwsRdsDbSnapshotDetails' {snapshotCreateTime} -> snapshotCreateTime) (\s@AwsRdsDbSnapshotDetails' {} a -> s {snapshotCreateTime = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The type of the DB snapshot.
+awsRdsDbSnapshotDetails_snapshotType :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_snapshotType = Lens.lens (\AwsRdsDbSnapshotDetails' {snapshotType} -> snapshotType) (\s@AwsRdsDbSnapshotDetails' {} a -> s {snapshotType = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The DB snapshot ARN that the DB snapshot was copied from.
+awsRdsDbSnapshotDetails_sourceDbSnapshotIdentifier :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_sourceDbSnapshotIdentifier = Lens.lens (\AwsRdsDbSnapshotDetails' {sourceDbSnapshotIdentifier} -> sourceDbSnapshotIdentifier) (\s@AwsRdsDbSnapshotDetails' {} a -> s {sourceDbSnapshotIdentifier = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The Amazon Web Services Region that the DB snapshot was created in or
+-- copied from.
+awsRdsDbSnapshotDetails_sourceRegion :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_sourceRegion = Lens.lens (\AwsRdsDbSnapshotDetails' {sourceRegion} -> sourceRegion) (\s@AwsRdsDbSnapshotDetails' {} a -> s {sourceRegion = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The status of this DB snapshot.
+awsRdsDbSnapshotDetails_status :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_status = Lens.lens (\AwsRdsDbSnapshotDetails' {status} -> status) (\s@AwsRdsDbSnapshotDetails' {} a -> s {status = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The storage type associated with the DB snapshot. Valid values are as
+-- follows:
+--
+-- -   @gp2@
+--
+-- -   @io1@
+--
+-- -   @standard@
+awsRdsDbSnapshotDetails_storageType :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_storageType = Lens.lens (\AwsRdsDbSnapshotDetails' {storageType} -> storageType) (\s@AwsRdsDbSnapshotDetails' {} a -> s {storageType = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The ARN from the key store with which to associate the instance for TDE
+-- encryption.
+awsRdsDbSnapshotDetails_tdeCredentialArn :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_tdeCredentialArn = Lens.lens (\AwsRdsDbSnapshotDetails' {tdeCredentialArn} -> tdeCredentialArn) (\s@AwsRdsDbSnapshotDetails' {} a -> s {tdeCredentialArn = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The time zone of the DB snapshot.
+awsRdsDbSnapshotDetails_timezone :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_timezone = Lens.lens (\AwsRdsDbSnapshotDetails' {timezone} -> timezone) (\s@AwsRdsDbSnapshotDetails' {} a -> s {timezone = a} :: AwsRdsDbSnapshotDetails)
+
+-- | The VPC ID associated with the DB snapshot.
+awsRdsDbSnapshotDetails_vpcId :: Lens.Lens' AwsRdsDbSnapshotDetails (Prelude.Maybe Prelude.Text)
+awsRdsDbSnapshotDetails_vpcId = Lens.lens (\AwsRdsDbSnapshotDetails' {vpcId} -> vpcId) (\s@AwsRdsDbSnapshotDetails' {} a -> s {vpcId = a} :: AwsRdsDbSnapshotDetails)
+
+instance Data.FromJSON AwsRdsDbSnapshotDetails where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbSnapshotDetails"
+      ( \x ->
+          AwsRdsDbSnapshotDetails'
+            Prelude.<$> (x Data..:? "AllocatedStorage")
+            Prelude.<*> (x Data..:? "AvailabilityZone")
+            Prelude.<*> (x Data..:? "DbInstanceIdentifier")
+            Prelude.<*> (x Data..:? "DbSnapshotIdentifier")
+            Prelude.<*> (x Data..:? "DbiResourceId")
+            Prelude.<*> (x Data..:? "Encrypted")
+            Prelude.<*> (x Data..:? "Engine")
+            Prelude.<*> (x Data..:? "EngineVersion")
+            Prelude.<*> (x Data..:? "IamDatabaseAuthenticationEnabled")
+            Prelude.<*> (x Data..:? "InstanceCreateTime")
+            Prelude.<*> (x Data..:? "Iops")
+            Prelude.<*> (x Data..:? "KmsKeyId")
+            Prelude.<*> (x Data..:? "LicenseModel")
+            Prelude.<*> (x Data..:? "MasterUsername")
+            Prelude.<*> (x Data..:? "OptionGroupName")
+            Prelude.<*> (x Data..:? "PercentProgress")
+            Prelude.<*> (x Data..:? "Port")
+            Prelude.<*> ( x
+                            Data..:? "ProcessorFeatures"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "SnapshotCreateTime")
+            Prelude.<*> (x Data..:? "SnapshotType")
+            Prelude.<*> (x Data..:? "SourceDbSnapshotIdentifier")
+            Prelude.<*> (x Data..:? "SourceRegion")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "StorageType")
+            Prelude.<*> (x Data..:? "TdeCredentialArn")
+            Prelude.<*> (x Data..:? "Timezone")
+            Prelude.<*> (x Data..:? "VpcId")
+      )
+
+instance Prelude.Hashable AwsRdsDbSnapshotDetails where
+  hashWithSalt _salt AwsRdsDbSnapshotDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` allocatedStorage
+      `Prelude.hashWithSalt` availabilityZone
+      `Prelude.hashWithSalt` dbInstanceIdentifier
+      `Prelude.hashWithSalt` dbSnapshotIdentifier
+      `Prelude.hashWithSalt` dbiResourceId
+      `Prelude.hashWithSalt` encrypted
+      `Prelude.hashWithSalt` engine
+      `Prelude.hashWithSalt` engineVersion
+      `Prelude.hashWithSalt` iamDatabaseAuthenticationEnabled
+      `Prelude.hashWithSalt` instanceCreateTime
+      `Prelude.hashWithSalt` iops
+      `Prelude.hashWithSalt` kmsKeyId
+      `Prelude.hashWithSalt` licenseModel
+      `Prelude.hashWithSalt` masterUsername
+      `Prelude.hashWithSalt` optionGroupName
+      `Prelude.hashWithSalt` percentProgress
+      `Prelude.hashWithSalt` port
+      `Prelude.hashWithSalt` processorFeatures
+      `Prelude.hashWithSalt` snapshotCreateTime
+      `Prelude.hashWithSalt` snapshotType
+      `Prelude.hashWithSalt` sourceDbSnapshotIdentifier
+      `Prelude.hashWithSalt` sourceRegion
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` storageType
+      `Prelude.hashWithSalt` tdeCredentialArn
+      `Prelude.hashWithSalt` timezone
+      `Prelude.hashWithSalt` vpcId
+
+instance Prelude.NFData AwsRdsDbSnapshotDetails where
+  rnf AwsRdsDbSnapshotDetails' {..} =
+    Prelude.rnf allocatedStorage
+      `Prelude.seq` Prelude.rnf availabilityZone
+      `Prelude.seq` Prelude.rnf dbInstanceIdentifier
+      `Prelude.seq` Prelude.rnf dbSnapshotIdentifier
+      `Prelude.seq` Prelude.rnf dbiResourceId
+      `Prelude.seq` Prelude.rnf encrypted
+      `Prelude.seq` Prelude.rnf engine
+      `Prelude.seq` Prelude.rnf engineVersion
+      `Prelude.seq` Prelude.rnf iamDatabaseAuthenticationEnabled
+      `Prelude.seq` Prelude.rnf instanceCreateTime
+      `Prelude.seq` Prelude.rnf iops
+      `Prelude.seq` Prelude.rnf kmsKeyId
+      `Prelude.seq` Prelude.rnf licenseModel
+      `Prelude.seq` Prelude.rnf masterUsername
+      `Prelude.seq` Prelude.rnf optionGroupName
+      `Prelude.seq` Prelude.rnf percentProgress
+      `Prelude.seq` Prelude.rnf port
+      `Prelude.seq` Prelude.rnf processorFeatures
+      `Prelude.seq` Prelude.rnf snapshotCreateTime
+      `Prelude.seq` Prelude.rnf snapshotType
+      `Prelude.seq` Prelude.rnf
+        sourceDbSnapshotIdentifier
+      `Prelude.seq` Prelude.rnf sourceRegion
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf
+        storageType
+      `Prelude.seq` Prelude.rnf
+        tdeCredentialArn
+      `Prelude.seq` Prelude.rnf
+        timezone
+      `Prelude.seq` Prelude.rnf
+        vpcId
+
+instance Data.ToJSON AwsRdsDbSnapshotDetails where
+  toJSON AwsRdsDbSnapshotDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AllocatedStorage" Data..=)
+              Prelude.<$> allocatedStorage,
+            ("AvailabilityZone" Data..=)
+              Prelude.<$> availabilityZone,
+            ("DbInstanceIdentifier" Data..=)
+              Prelude.<$> dbInstanceIdentifier,
+            ("DbSnapshotIdentifier" Data..=)
+              Prelude.<$> dbSnapshotIdentifier,
+            ("DbiResourceId" Data..=) Prelude.<$> dbiResourceId,
+            ("Encrypted" Data..=) Prelude.<$> encrypted,
+            ("Engine" Data..=) Prelude.<$> engine,
+            ("EngineVersion" Data..=) Prelude.<$> engineVersion,
+            ("IamDatabaseAuthenticationEnabled" Data..=)
+              Prelude.<$> iamDatabaseAuthenticationEnabled,
+            ("InstanceCreateTime" Data..=)
+              Prelude.<$> instanceCreateTime,
+            ("Iops" Data..=) Prelude.<$> iops,
+            ("KmsKeyId" Data..=) Prelude.<$> kmsKeyId,
+            ("LicenseModel" Data..=) Prelude.<$> licenseModel,
+            ("MasterUsername" Data..=)
+              Prelude.<$> masterUsername,
+            ("OptionGroupName" Data..=)
+              Prelude.<$> optionGroupName,
+            ("PercentProgress" Data..=)
+              Prelude.<$> percentProgress,
+            ("Port" Data..=) Prelude.<$> port,
+            ("ProcessorFeatures" Data..=)
+              Prelude.<$> processorFeatures,
+            ("SnapshotCreateTime" Data..=)
+              Prelude.<$> snapshotCreateTime,
+            ("SnapshotType" Data..=) Prelude.<$> snapshotType,
+            ("SourceDbSnapshotIdentifier" Data..=)
+              Prelude.<$> sourceDbSnapshotIdentifier,
+            ("SourceRegion" Data..=) Prelude.<$> sourceRegion,
+            ("Status" Data..=) Prelude.<$> status,
+            ("StorageType" Data..=) Prelude.<$> storageType,
+            ("TdeCredentialArn" Data..=)
+              Prelude.<$> tdeCredentialArn,
+            ("Timezone" Data..=) Prelude.<$> timezone,
+            ("VpcId" Data..=) Prelude.<$> vpcId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbStatusInfo.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbStatusInfo.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbStatusInfo.hs
@@ -0,0 +1,125 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbStatusInfo
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbStatusInfo where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the status of a read replica.
+--
+-- /See:/ 'newAwsRdsDbStatusInfo' smart constructor.
+data AwsRdsDbStatusInfo = AwsRdsDbStatusInfo'
+  { -- | If the read replica is currently in an error state, provides the error
+    -- details.
+    message :: Prelude.Maybe Prelude.Text,
+    -- | Whether the read replica instance is operating normally.
+    normal :: Prelude.Maybe Prelude.Bool,
+    -- | The status of the read replica instance.
+    status :: Prelude.Maybe Prelude.Text,
+    -- | The type of status. For a read replica, the status type is read
+    -- replication.
+    statusType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbStatusInfo' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'message', 'awsRdsDbStatusInfo_message' - If the read replica is currently in an error state, provides the error
+-- details.
+--
+-- 'normal', 'awsRdsDbStatusInfo_normal' - Whether the read replica instance is operating normally.
+--
+-- 'status', 'awsRdsDbStatusInfo_status' - The status of the read replica instance.
+--
+-- 'statusType', 'awsRdsDbStatusInfo_statusType' - The type of status. For a read replica, the status type is read
+-- replication.
+newAwsRdsDbStatusInfo ::
+  AwsRdsDbStatusInfo
+newAwsRdsDbStatusInfo =
+  AwsRdsDbStatusInfo'
+    { message = Prelude.Nothing,
+      normal = Prelude.Nothing,
+      status = Prelude.Nothing,
+      statusType = Prelude.Nothing
+    }
+
+-- | If the read replica is currently in an error state, provides the error
+-- details.
+awsRdsDbStatusInfo_message :: Lens.Lens' AwsRdsDbStatusInfo (Prelude.Maybe Prelude.Text)
+awsRdsDbStatusInfo_message = Lens.lens (\AwsRdsDbStatusInfo' {message} -> message) (\s@AwsRdsDbStatusInfo' {} a -> s {message = a} :: AwsRdsDbStatusInfo)
+
+-- | Whether the read replica instance is operating normally.
+awsRdsDbStatusInfo_normal :: Lens.Lens' AwsRdsDbStatusInfo (Prelude.Maybe Prelude.Bool)
+awsRdsDbStatusInfo_normal = Lens.lens (\AwsRdsDbStatusInfo' {normal} -> normal) (\s@AwsRdsDbStatusInfo' {} a -> s {normal = a} :: AwsRdsDbStatusInfo)
+
+-- | The status of the read replica instance.
+awsRdsDbStatusInfo_status :: Lens.Lens' AwsRdsDbStatusInfo (Prelude.Maybe Prelude.Text)
+awsRdsDbStatusInfo_status = Lens.lens (\AwsRdsDbStatusInfo' {status} -> status) (\s@AwsRdsDbStatusInfo' {} a -> s {status = a} :: AwsRdsDbStatusInfo)
+
+-- | The type of status. For a read replica, the status type is read
+-- replication.
+awsRdsDbStatusInfo_statusType :: Lens.Lens' AwsRdsDbStatusInfo (Prelude.Maybe Prelude.Text)
+awsRdsDbStatusInfo_statusType = Lens.lens (\AwsRdsDbStatusInfo' {statusType} -> statusType) (\s@AwsRdsDbStatusInfo' {} a -> s {statusType = a} :: AwsRdsDbStatusInfo)
+
+instance Data.FromJSON AwsRdsDbStatusInfo where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbStatusInfo"
+      ( \x ->
+          AwsRdsDbStatusInfo'
+            Prelude.<$> (x Data..:? "Message")
+            Prelude.<*> (x Data..:? "Normal")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "StatusType")
+      )
+
+instance Prelude.Hashable AwsRdsDbStatusInfo where
+  hashWithSalt _salt AwsRdsDbStatusInfo' {..} =
+    _salt
+      `Prelude.hashWithSalt` message
+      `Prelude.hashWithSalt` normal
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` statusType
+
+instance Prelude.NFData AwsRdsDbStatusInfo where
+  rnf AwsRdsDbStatusInfo' {..} =
+    Prelude.rnf message
+      `Prelude.seq` Prelude.rnf normal
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf statusType
+
+instance Data.ToJSON AwsRdsDbStatusInfo where
+  toJSON AwsRdsDbStatusInfo' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Message" Data..=) Prelude.<$> message,
+            ("Normal" Data..=) Prelude.<$> normal,
+            ("Status" Data..=) Prelude.<$> status,
+            ("StatusType" Data..=) Prelude.<$> statusType
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbSubnetGroup.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbSubnetGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbSubnetGroup.hs
@@ -0,0 +1,151 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroup where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroupSubnet
+
+-- | Information about the subnet group for the database instance.
+--
+-- /See:/ 'newAwsRdsDbSubnetGroup' smart constructor.
+data AwsRdsDbSubnetGroup = AwsRdsDbSubnetGroup'
+  { -- | The ARN of the subnet group.
+    dbSubnetGroupArn :: Prelude.Maybe Prelude.Text,
+    -- | The description of the subnet group.
+    dbSubnetGroupDescription :: Prelude.Maybe Prelude.Text,
+    -- | The name of the subnet group.
+    dbSubnetGroupName :: Prelude.Maybe Prelude.Text,
+    -- | The status of the subnet group.
+    subnetGroupStatus :: Prelude.Maybe Prelude.Text,
+    -- | A list of subnets in the subnet group.
+    subnets :: Prelude.Maybe [AwsRdsDbSubnetGroupSubnet],
+    -- | The VPC ID of the subnet group.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbSubnetGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dbSubnetGroupArn', 'awsRdsDbSubnetGroup_dbSubnetGroupArn' - The ARN of the subnet group.
+--
+-- 'dbSubnetGroupDescription', 'awsRdsDbSubnetGroup_dbSubnetGroupDescription' - The description of the subnet group.
+--
+-- 'dbSubnetGroupName', 'awsRdsDbSubnetGroup_dbSubnetGroupName' - The name of the subnet group.
+--
+-- 'subnetGroupStatus', 'awsRdsDbSubnetGroup_subnetGroupStatus' - The status of the subnet group.
+--
+-- 'subnets', 'awsRdsDbSubnetGroup_subnets' - A list of subnets in the subnet group.
+--
+-- 'vpcId', 'awsRdsDbSubnetGroup_vpcId' - The VPC ID of the subnet group.
+newAwsRdsDbSubnetGroup ::
+  AwsRdsDbSubnetGroup
+newAwsRdsDbSubnetGroup =
+  AwsRdsDbSubnetGroup'
+    { dbSubnetGroupArn =
+        Prelude.Nothing,
+      dbSubnetGroupDescription = Prelude.Nothing,
+      dbSubnetGroupName = Prelude.Nothing,
+      subnetGroupStatus = Prelude.Nothing,
+      subnets = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | The ARN of the subnet group.
+awsRdsDbSubnetGroup_dbSubnetGroupArn :: Lens.Lens' AwsRdsDbSubnetGroup (Prelude.Maybe Prelude.Text)
+awsRdsDbSubnetGroup_dbSubnetGroupArn = Lens.lens (\AwsRdsDbSubnetGroup' {dbSubnetGroupArn} -> dbSubnetGroupArn) (\s@AwsRdsDbSubnetGroup' {} a -> s {dbSubnetGroupArn = a} :: AwsRdsDbSubnetGroup)
+
+-- | The description of the subnet group.
+awsRdsDbSubnetGroup_dbSubnetGroupDescription :: Lens.Lens' AwsRdsDbSubnetGroup (Prelude.Maybe Prelude.Text)
+awsRdsDbSubnetGroup_dbSubnetGroupDescription = Lens.lens (\AwsRdsDbSubnetGroup' {dbSubnetGroupDescription} -> dbSubnetGroupDescription) (\s@AwsRdsDbSubnetGroup' {} a -> s {dbSubnetGroupDescription = a} :: AwsRdsDbSubnetGroup)
+
+-- | The name of the subnet group.
+awsRdsDbSubnetGroup_dbSubnetGroupName :: Lens.Lens' AwsRdsDbSubnetGroup (Prelude.Maybe Prelude.Text)
+awsRdsDbSubnetGroup_dbSubnetGroupName = Lens.lens (\AwsRdsDbSubnetGroup' {dbSubnetGroupName} -> dbSubnetGroupName) (\s@AwsRdsDbSubnetGroup' {} a -> s {dbSubnetGroupName = a} :: AwsRdsDbSubnetGroup)
+
+-- | The status of the subnet group.
+awsRdsDbSubnetGroup_subnetGroupStatus :: Lens.Lens' AwsRdsDbSubnetGroup (Prelude.Maybe Prelude.Text)
+awsRdsDbSubnetGroup_subnetGroupStatus = Lens.lens (\AwsRdsDbSubnetGroup' {subnetGroupStatus} -> subnetGroupStatus) (\s@AwsRdsDbSubnetGroup' {} a -> s {subnetGroupStatus = a} :: AwsRdsDbSubnetGroup)
+
+-- | A list of subnets in the subnet group.
+awsRdsDbSubnetGroup_subnets :: Lens.Lens' AwsRdsDbSubnetGroup (Prelude.Maybe [AwsRdsDbSubnetGroupSubnet])
+awsRdsDbSubnetGroup_subnets = Lens.lens (\AwsRdsDbSubnetGroup' {subnets} -> subnets) (\s@AwsRdsDbSubnetGroup' {} a -> s {subnets = a} :: AwsRdsDbSubnetGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | The VPC ID of the subnet group.
+awsRdsDbSubnetGroup_vpcId :: Lens.Lens' AwsRdsDbSubnetGroup (Prelude.Maybe Prelude.Text)
+awsRdsDbSubnetGroup_vpcId = Lens.lens (\AwsRdsDbSubnetGroup' {vpcId} -> vpcId) (\s@AwsRdsDbSubnetGroup' {} a -> s {vpcId = a} :: AwsRdsDbSubnetGroup)
+
+instance Data.FromJSON AwsRdsDbSubnetGroup where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbSubnetGroup"
+      ( \x ->
+          AwsRdsDbSubnetGroup'
+            Prelude.<$> (x Data..:? "DbSubnetGroupArn")
+            Prelude.<*> (x Data..:? "DbSubnetGroupDescription")
+            Prelude.<*> (x Data..:? "DbSubnetGroupName")
+            Prelude.<*> (x Data..:? "SubnetGroupStatus")
+            Prelude.<*> (x Data..:? "Subnets" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "VpcId")
+      )
+
+instance Prelude.Hashable AwsRdsDbSubnetGroup where
+  hashWithSalt _salt AwsRdsDbSubnetGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` dbSubnetGroupArn
+      `Prelude.hashWithSalt` dbSubnetGroupDescription
+      `Prelude.hashWithSalt` dbSubnetGroupName
+      `Prelude.hashWithSalt` subnetGroupStatus
+      `Prelude.hashWithSalt` subnets
+      `Prelude.hashWithSalt` vpcId
+
+instance Prelude.NFData AwsRdsDbSubnetGroup where
+  rnf AwsRdsDbSubnetGroup' {..} =
+    Prelude.rnf dbSubnetGroupArn
+      `Prelude.seq` Prelude.rnf dbSubnetGroupDescription
+      `Prelude.seq` Prelude.rnf dbSubnetGroupName
+      `Prelude.seq` Prelude.rnf subnetGroupStatus
+      `Prelude.seq` Prelude.rnf subnets
+      `Prelude.seq` Prelude.rnf vpcId
+
+instance Data.ToJSON AwsRdsDbSubnetGroup where
+  toJSON AwsRdsDbSubnetGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DbSubnetGroupArn" Data..=)
+              Prelude.<$> dbSubnetGroupArn,
+            ("DbSubnetGroupDescription" Data..=)
+              Prelude.<$> dbSubnetGroupDescription,
+            ("DbSubnetGroupName" Data..=)
+              Prelude.<$> dbSubnetGroupName,
+            ("SubnetGroupStatus" Data..=)
+              Prelude.<$> subnetGroupStatus,
+            ("Subnets" Data..=) Prelude.<$> subnets,
+            ("VpcId" Data..=) Prelude.<$> vpcId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbSubnetGroupSubnet.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbSubnetGroupSubnet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbSubnetGroupSubnet.hs
@@ -0,0 +1,113 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroupSubnet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroupSubnet where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroupSubnetAvailabilityZone
+
+-- | Information about a subnet in a subnet group.
+--
+-- /See:/ 'newAwsRdsDbSubnetGroupSubnet' smart constructor.
+data AwsRdsDbSubnetGroupSubnet = AwsRdsDbSubnetGroupSubnet'
+  { -- | Information about the Availability Zone for a subnet in the subnet
+    -- group.
+    subnetAvailabilityZone :: Prelude.Maybe AwsRdsDbSubnetGroupSubnetAvailabilityZone,
+    -- | The identifier of a subnet in the subnet group.
+    subnetIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The status of a subnet in the subnet group.
+    subnetStatus :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbSubnetGroupSubnet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'subnetAvailabilityZone', 'awsRdsDbSubnetGroupSubnet_subnetAvailabilityZone' - Information about the Availability Zone for a subnet in the subnet
+-- group.
+--
+-- 'subnetIdentifier', 'awsRdsDbSubnetGroupSubnet_subnetIdentifier' - The identifier of a subnet in the subnet group.
+--
+-- 'subnetStatus', 'awsRdsDbSubnetGroupSubnet_subnetStatus' - The status of a subnet in the subnet group.
+newAwsRdsDbSubnetGroupSubnet ::
+  AwsRdsDbSubnetGroupSubnet
+newAwsRdsDbSubnetGroupSubnet =
+  AwsRdsDbSubnetGroupSubnet'
+    { subnetAvailabilityZone =
+        Prelude.Nothing,
+      subnetIdentifier = Prelude.Nothing,
+      subnetStatus = Prelude.Nothing
+    }
+
+-- | Information about the Availability Zone for a subnet in the subnet
+-- group.
+awsRdsDbSubnetGroupSubnet_subnetAvailabilityZone :: Lens.Lens' AwsRdsDbSubnetGroupSubnet (Prelude.Maybe AwsRdsDbSubnetGroupSubnetAvailabilityZone)
+awsRdsDbSubnetGroupSubnet_subnetAvailabilityZone = Lens.lens (\AwsRdsDbSubnetGroupSubnet' {subnetAvailabilityZone} -> subnetAvailabilityZone) (\s@AwsRdsDbSubnetGroupSubnet' {} a -> s {subnetAvailabilityZone = a} :: AwsRdsDbSubnetGroupSubnet)
+
+-- | The identifier of a subnet in the subnet group.
+awsRdsDbSubnetGroupSubnet_subnetIdentifier :: Lens.Lens' AwsRdsDbSubnetGroupSubnet (Prelude.Maybe Prelude.Text)
+awsRdsDbSubnetGroupSubnet_subnetIdentifier = Lens.lens (\AwsRdsDbSubnetGroupSubnet' {subnetIdentifier} -> subnetIdentifier) (\s@AwsRdsDbSubnetGroupSubnet' {} a -> s {subnetIdentifier = a} :: AwsRdsDbSubnetGroupSubnet)
+
+-- | The status of a subnet in the subnet group.
+awsRdsDbSubnetGroupSubnet_subnetStatus :: Lens.Lens' AwsRdsDbSubnetGroupSubnet (Prelude.Maybe Prelude.Text)
+awsRdsDbSubnetGroupSubnet_subnetStatus = Lens.lens (\AwsRdsDbSubnetGroupSubnet' {subnetStatus} -> subnetStatus) (\s@AwsRdsDbSubnetGroupSubnet' {} a -> s {subnetStatus = a} :: AwsRdsDbSubnetGroupSubnet)
+
+instance Data.FromJSON AwsRdsDbSubnetGroupSubnet where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbSubnetGroupSubnet"
+      ( \x ->
+          AwsRdsDbSubnetGroupSubnet'
+            Prelude.<$> (x Data..:? "SubnetAvailabilityZone")
+            Prelude.<*> (x Data..:? "SubnetIdentifier")
+            Prelude.<*> (x Data..:? "SubnetStatus")
+      )
+
+instance Prelude.Hashable AwsRdsDbSubnetGroupSubnet where
+  hashWithSalt _salt AwsRdsDbSubnetGroupSubnet' {..} =
+    _salt
+      `Prelude.hashWithSalt` subnetAvailabilityZone
+      `Prelude.hashWithSalt` subnetIdentifier
+      `Prelude.hashWithSalt` subnetStatus
+
+instance Prelude.NFData AwsRdsDbSubnetGroupSubnet where
+  rnf AwsRdsDbSubnetGroupSubnet' {..} =
+    Prelude.rnf subnetAvailabilityZone
+      `Prelude.seq` Prelude.rnf subnetIdentifier
+      `Prelude.seq` Prelude.rnf subnetStatus
+
+instance Data.ToJSON AwsRdsDbSubnetGroupSubnet where
+  toJSON AwsRdsDbSubnetGroupSubnet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("SubnetAvailabilityZone" Data..=)
+              Prelude.<$> subnetAvailabilityZone,
+            ("SubnetIdentifier" Data..=)
+              Prelude.<$> subnetIdentifier,
+            ("SubnetStatus" Data..=) Prelude.<$> subnetStatus
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsDbSubnetGroupSubnetAvailabilityZone.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsDbSubnetGroupSubnetAvailabilityZone.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsDbSubnetGroupSubnetAvailabilityZone.hs
@@ -0,0 +1,93 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroupSubnetAvailabilityZone
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsDbSubnetGroupSubnetAvailabilityZone where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An Availability Zone for a subnet in a subnet group.
+--
+-- /See:/ 'newAwsRdsDbSubnetGroupSubnetAvailabilityZone' smart constructor.
+data AwsRdsDbSubnetGroupSubnetAvailabilityZone = AwsRdsDbSubnetGroupSubnetAvailabilityZone'
+  { -- | The name of the Availability Zone for a subnet in the subnet group.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsDbSubnetGroupSubnetAvailabilityZone' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'awsRdsDbSubnetGroupSubnetAvailabilityZone_name' - The name of the Availability Zone for a subnet in the subnet group.
+newAwsRdsDbSubnetGroupSubnetAvailabilityZone ::
+  AwsRdsDbSubnetGroupSubnetAvailabilityZone
+newAwsRdsDbSubnetGroupSubnetAvailabilityZone =
+  AwsRdsDbSubnetGroupSubnetAvailabilityZone'
+    { name =
+        Prelude.Nothing
+    }
+
+-- | The name of the Availability Zone for a subnet in the subnet group.
+awsRdsDbSubnetGroupSubnetAvailabilityZone_name :: Lens.Lens' AwsRdsDbSubnetGroupSubnetAvailabilityZone (Prelude.Maybe Prelude.Text)
+awsRdsDbSubnetGroupSubnetAvailabilityZone_name = Lens.lens (\AwsRdsDbSubnetGroupSubnetAvailabilityZone' {name} -> name) (\s@AwsRdsDbSubnetGroupSubnetAvailabilityZone' {} a -> s {name = a} :: AwsRdsDbSubnetGroupSubnetAvailabilityZone)
+
+instance
+  Data.FromJSON
+    AwsRdsDbSubnetGroupSubnetAvailabilityZone
+  where
+  parseJSON =
+    Data.withObject
+      "AwsRdsDbSubnetGroupSubnetAvailabilityZone"
+      ( \x ->
+          AwsRdsDbSubnetGroupSubnetAvailabilityZone'
+            Prelude.<$> (x Data..:? "Name")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRdsDbSubnetGroupSubnetAvailabilityZone
+  where
+  hashWithSalt
+    _salt
+    AwsRdsDbSubnetGroupSubnetAvailabilityZone' {..} =
+      _salt `Prelude.hashWithSalt` name
+
+instance
+  Prelude.NFData
+    AwsRdsDbSubnetGroupSubnetAvailabilityZone
+  where
+  rnf AwsRdsDbSubnetGroupSubnetAvailabilityZone' {..} =
+    Prelude.rnf name
+
+instance
+  Data.ToJSON
+    AwsRdsDbSubnetGroupSubnetAvailabilityZone
+  where
+  toJSON AwsRdsDbSubnetGroupSubnetAvailabilityZone' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Name" Data..=) Prelude.<$> name]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsEventSubscriptionDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsEventSubscriptionDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsEventSubscriptionDetails.hs
@@ -0,0 +1,241 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsEventSubscriptionDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsEventSubscriptionDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about an Amazon RDS event notification subscription. The
+-- subscription allows Amazon RDS to post events to an SNS topic.
+--
+-- /See:/ 'newAwsRdsEventSubscriptionDetails' smart constructor.
+data AwsRdsEventSubscriptionDetails = AwsRdsEventSubscriptionDetails'
+  { -- | The identifier of the account that is associated with the event
+    -- notification subscription.
+    custSubscriptionId :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the event notification subscription.
+    customerAwsId :: Prelude.Maybe Prelude.Text,
+    -- | Whether the event notification subscription is enabled.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | The list of event categories for the event notification subscription.
+    eventCategoriesList :: Prelude.Maybe [Prelude.Text],
+    -- | The ARN of the event notification subscription.
+    eventSubscriptionArn :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the SNS topic to post the event notifications to.
+    snsTopicArn :: Prelude.Maybe Prelude.Text,
+    -- | A list of source identifiers for the event notification subscription.
+    sourceIdsList :: Prelude.Maybe [Prelude.Text],
+    -- | The source type for the event notification subscription.
+    sourceType :: Prelude.Maybe Prelude.Text,
+    -- | The status of the event notification subscription.
+    --
+    -- Valid values: @creating@ | @modifying@ | @deleting@ | @active@ |
+    -- @no-permission@ | @topic-not-exist@
+    status :: Prelude.Maybe Prelude.Text,
+    -- | The datetime when the event notification subscription was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    subscriptionCreationTime :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsEventSubscriptionDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'custSubscriptionId', 'awsRdsEventSubscriptionDetails_custSubscriptionId' - The identifier of the account that is associated with the event
+-- notification subscription.
+--
+-- 'customerAwsId', 'awsRdsEventSubscriptionDetails_customerAwsId' - The identifier of the event notification subscription.
+--
+-- 'enabled', 'awsRdsEventSubscriptionDetails_enabled' - Whether the event notification subscription is enabled.
+--
+-- 'eventCategoriesList', 'awsRdsEventSubscriptionDetails_eventCategoriesList' - The list of event categories for the event notification subscription.
+--
+-- 'eventSubscriptionArn', 'awsRdsEventSubscriptionDetails_eventSubscriptionArn' - The ARN of the event notification subscription.
+--
+-- 'snsTopicArn', 'awsRdsEventSubscriptionDetails_snsTopicArn' - The ARN of the SNS topic to post the event notifications to.
+--
+-- 'sourceIdsList', 'awsRdsEventSubscriptionDetails_sourceIdsList' - A list of source identifiers for the event notification subscription.
+--
+-- 'sourceType', 'awsRdsEventSubscriptionDetails_sourceType' - The source type for the event notification subscription.
+--
+-- 'status', 'awsRdsEventSubscriptionDetails_status' - The status of the event notification subscription.
+--
+-- Valid values: @creating@ | @modifying@ | @deleting@ | @active@ |
+-- @no-permission@ | @topic-not-exist@
+--
+-- 'subscriptionCreationTime', 'awsRdsEventSubscriptionDetails_subscriptionCreationTime' - The datetime when the event notification subscription was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+newAwsRdsEventSubscriptionDetails ::
+  AwsRdsEventSubscriptionDetails
+newAwsRdsEventSubscriptionDetails =
+  AwsRdsEventSubscriptionDetails'
+    { custSubscriptionId =
+        Prelude.Nothing,
+      customerAwsId = Prelude.Nothing,
+      enabled = Prelude.Nothing,
+      eventCategoriesList = Prelude.Nothing,
+      eventSubscriptionArn = Prelude.Nothing,
+      snsTopicArn = Prelude.Nothing,
+      sourceIdsList = Prelude.Nothing,
+      sourceType = Prelude.Nothing,
+      status = Prelude.Nothing,
+      subscriptionCreationTime = Prelude.Nothing
+    }
+
+-- | The identifier of the account that is associated with the event
+-- notification subscription.
+awsRdsEventSubscriptionDetails_custSubscriptionId :: Lens.Lens' AwsRdsEventSubscriptionDetails (Prelude.Maybe Prelude.Text)
+awsRdsEventSubscriptionDetails_custSubscriptionId = Lens.lens (\AwsRdsEventSubscriptionDetails' {custSubscriptionId} -> custSubscriptionId) (\s@AwsRdsEventSubscriptionDetails' {} a -> s {custSubscriptionId = a} :: AwsRdsEventSubscriptionDetails)
+
+-- | The identifier of the event notification subscription.
+awsRdsEventSubscriptionDetails_customerAwsId :: Lens.Lens' AwsRdsEventSubscriptionDetails (Prelude.Maybe Prelude.Text)
+awsRdsEventSubscriptionDetails_customerAwsId = Lens.lens (\AwsRdsEventSubscriptionDetails' {customerAwsId} -> customerAwsId) (\s@AwsRdsEventSubscriptionDetails' {} a -> s {customerAwsId = a} :: AwsRdsEventSubscriptionDetails)
+
+-- | Whether the event notification subscription is enabled.
+awsRdsEventSubscriptionDetails_enabled :: Lens.Lens' AwsRdsEventSubscriptionDetails (Prelude.Maybe Prelude.Bool)
+awsRdsEventSubscriptionDetails_enabled = Lens.lens (\AwsRdsEventSubscriptionDetails' {enabled} -> enabled) (\s@AwsRdsEventSubscriptionDetails' {} a -> s {enabled = a} :: AwsRdsEventSubscriptionDetails)
+
+-- | The list of event categories for the event notification subscription.
+awsRdsEventSubscriptionDetails_eventCategoriesList :: Lens.Lens' AwsRdsEventSubscriptionDetails (Prelude.Maybe [Prelude.Text])
+awsRdsEventSubscriptionDetails_eventCategoriesList = Lens.lens (\AwsRdsEventSubscriptionDetails' {eventCategoriesList} -> eventCategoriesList) (\s@AwsRdsEventSubscriptionDetails' {} a -> s {eventCategoriesList = a} :: AwsRdsEventSubscriptionDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN of the event notification subscription.
+awsRdsEventSubscriptionDetails_eventSubscriptionArn :: Lens.Lens' AwsRdsEventSubscriptionDetails (Prelude.Maybe Prelude.Text)
+awsRdsEventSubscriptionDetails_eventSubscriptionArn = Lens.lens (\AwsRdsEventSubscriptionDetails' {eventSubscriptionArn} -> eventSubscriptionArn) (\s@AwsRdsEventSubscriptionDetails' {} a -> s {eventSubscriptionArn = a} :: AwsRdsEventSubscriptionDetails)
+
+-- | The ARN of the SNS topic to post the event notifications to.
+awsRdsEventSubscriptionDetails_snsTopicArn :: Lens.Lens' AwsRdsEventSubscriptionDetails (Prelude.Maybe Prelude.Text)
+awsRdsEventSubscriptionDetails_snsTopicArn = Lens.lens (\AwsRdsEventSubscriptionDetails' {snsTopicArn} -> snsTopicArn) (\s@AwsRdsEventSubscriptionDetails' {} a -> s {snsTopicArn = a} :: AwsRdsEventSubscriptionDetails)
+
+-- | A list of source identifiers for the event notification subscription.
+awsRdsEventSubscriptionDetails_sourceIdsList :: Lens.Lens' AwsRdsEventSubscriptionDetails (Prelude.Maybe [Prelude.Text])
+awsRdsEventSubscriptionDetails_sourceIdsList = Lens.lens (\AwsRdsEventSubscriptionDetails' {sourceIdsList} -> sourceIdsList) (\s@AwsRdsEventSubscriptionDetails' {} a -> s {sourceIdsList = a} :: AwsRdsEventSubscriptionDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The source type for the event notification subscription.
+awsRdsEventSubscriptionDetails_sourceType :: Lens.Lens' AwsRdsEventSubscriptionDetails (Prelude.Maybe Prelude.Text)
+awsRdsEventSubscriptionDetails_sourceType = Lens.lens (\AwsRdsEventSubscriptionDetails' {sourceType} -> sourceType) (\s@AwsRdsEventSubscriptionDetails' {} a -> s {sourceType = a} :: AwsRdsEventSubscriptionDetails)
+
+-- | The status of the event notification subscription.
+--
+-- Valid values: @creating@ | @modifying@ | @deleting@ | @active@ |
+-- @no-permission@ | @topic-not-exist@
+awsRdsEventSubscriptionDetails_status :: Lens.Lens' AwsRdsEventSubscriptionDetails (Prelude.Maybe Prelude.Text)
+awsRdsEventSubscriptionDetails_status = Lens.lens (\AwsRdsEventSubscriptionDetails' {status} -> status) (\s@AwsRdsEventSubscriptionDetails' {} a -> s {status = a} :: AwsRdsEventSubscriptionDetails)
+
+-- | The datetime when the event notification subscription was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsRdsEventSubscriptionDetails_subscriptionCreationTime :: Lens.Lens' AwsRdsEventSubscriptionDetails (Prelude.Maybe Prelude.Text)
+awsRdsEventSubscriptionDetails_subscriptionCreationTime = Lens.lens (\AwsRdsEventSubscriptionDetails' {subscriptionCreationTime} -> subscriptionCreationTime) (\s@AwsRdsEventSubscriptionDetails' {} a -> s {subscriptionCreationTime = a} :: AwsRdsEventSubscriptionDetails)
+
+instance Data.FromJSON AwsRdsEventSubscriptionDetails where
+  parseJSON =
+    Data.withObject
+      "AwsRdsEventSubscriptionDetails"
+      ( \x ->
+          AwsRdsEventSubscriptionDetails'
+            Prelude.<$> (x Data..:? "CustSubscriptionId")
+            Prelude.<*> (x Data..:? "CustomerAwsId")
+            Prelude.<*> (x Data..:? "Enabled")
+            Prelude.<*> ( x
+                            Data..:? "EventCategoriesList"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "EventSubscriptionArn")
+            Prelude.<*> (x Data..:? "SnsTopicArn")
+            Prelude.<*> (x Data..:? "SourceIdsList" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "SourceType")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "SubscriptionCreationTime")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRdsEventSubscriptionDetails
+  where
+  hashWithSalt
+    _salt
+    AwsRdsEventSubscriptionDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` custSubscriptionId
+        `Prelude.hashWithSalt` customerAwsId
+        `Prelude.hashWithSalt` enabled
+        `Prelude.hashWithSalt` eventCategoriesList
+        `Prelude.hashWithSalt` eventSubscriptionArn
+        `Prelude.hashWithSalt` snsTopicArn
+        `Prelude.hashWithSalt` sourceIdsList
+        `Prelude.hashWithSalt` sourceType
+        `Prelude.hashWithSalt` status
+        `Prelude.hashWithSalt` subscriptionCreationTime
+
+instance
+  Prelude.NFData
+    AwsRdsEventSubscriptionDetails
+  where
+  rnf AwsRdsEventSubscriptionDetails' {..} =
+    Prelude.rnf custSubscriptionId
+      `Prelude.seq` Prelude.rnf customerAwsId
+      `Prelude.seq` Prelude.rnf enabled
+      `Prelude.seq` Prelude.rnf eventCategoriesList
+      `Prelude.seq` Prelude.rnf eventSubscriptionArn
+      `Prelude.seq` Prelude.rnf snsTopicArn
+      `Prelude.seq` Prelude.rnf sourceIdsList
+      `Prelude.seq` Prelude.rnf sourceType
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf subscriptionCreationTime
+
+instance Data.ToJSON AwsRdsEventSubscriptionDetails where
+  toJSON AwsRdsEventSubscriptionDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustSubscriptionId" Data..=)
+              Prelude.<$> custSubscriptionId,
+            ("CustomerAwsId" Data..=) Prelude.<$> customerAwsId,
+            ("Enabled" Data..=) Prelude.<$> enabled,
+            ("EventCategoriesList" Data..=)
+              Prelude.<$> eventCategoriesList,
+            ("EventSubscriptionArn" Data..=)
+              Prelude.<$> eventSubscriptionArn,
+            ("SnsTopicArn" Data..=) Prelude.<$> snsTopicArn,
+            ("SourceIdsList" Data..=) Prelude.<$> sourceIdsList,
+            ("SourceType" Data..=) Prelude.<$> sourceType,
+            ("Status" Data..=) Prelude.<$> status,
+            ("SubscriptionCreationTime" Data..=)
+              Prelude.<$> subscriptionCreationTime
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRdsPendingCloudWatchLogsExports.hs b/gen/Amazonka/SecurityHub/Types/AwsRdsPendingCloudWatchLogsExports.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRdsPendingCloudWatchLogsExports.hs
@@ -0,0 +1,116 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRdsPendingCloudWatchLogsExports
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRdsPendingCloudWatchLogsExports where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Identifies the log types to enable and disable.
+--
+-- /See:/ 'newAwsRdsPendingCloudWatchLogsExports' smart constructor.
+data AwsRdsPendingCloudWatchLogsExports = AwsRdsPendingCloudWatchLogsExports'
+  { -- | A list of log types that are being disabled.
+    logTypesToDisable :: Prelude.Maybe [Prelude.Text],
+    -- | A list of log types that are being enabled.
+    logTypesToEnable :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRdsPendingCloudWatchLogsExports' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'logTypesToDisable', 'awsRdsPendingCloudWatchLogsExports_logTypesToDisable' - A list of log types that are being disabled.
+--
+-- 'logTypesToEnable', 'awsRdsPendingCloudWatchLogsExports_logTypesToEnable' - A list of log types that are being enabled.
+newAwsRdsPendingCloudWatchLogsExports ::
+  AwsRdsPendingCloudWatchLogsExports
+newAwsRdsPendingCloudWatchLogsExports =
+  AwsRdsPendingCloudWatchLogsExports'
+    { logTypesToDisable =
+        Prelude.Nothing,
+      logTypesToEnable = Prelude.Nothing
+    }
+
+-- | A list of log types that are being disabled.
+awsRdsPendingCloudWatchLogsExports_logTypesToDisable :: Lens.Lens' AwsRdsPendingCloudWatchLogsExports (Prelude.Maybe [Prelude.Text])
+awsRdsPendingCloudWatchLogsExports_logTypesToDisable = Lens.lens (\AwsRdsPendingCloudWatchLogsExports' {logTypesToDisable} -> logTypesToDisable) (\s@AwsRdsPendingCloudWatchLogsExports' {} a -> s {logTypesToDisable = a} :: AwsRdsPendingCloudWatchLogsExports) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of log types that are being enabled.
+awsRdsPendingCloudWatchLogsExports_logTypesToEnable :: Lens.Lens' AwsRdsPendingCloudWatchLogsExports (Prelude.Maybe [Prelude.Text])
+awsRdsPendingCloudWatchLogsExports_logTypesToEnable = Lens.lens (\AwsRdsPendingCloudWatchLogsExports' {logTypesToEnable} -> logTypesToEnable) (\s@AwsRdsPendingCloudWatchLogsExports' {} a -> s {logTypesToEnable = a} :: AwsRdsPendingCloudWatchLogsExports) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsRdsPendingCloudWatchLogsExports
+  where
+  parseJSON =
+    Data.withObject
+      "AwsRdsPendingCloudWatchLogsExports"
+      ( \x ->
+          AwsRdsPendingCloudWatchLogsExports'
+            Prelude.<$> ( x
+                            Data..:? "LogTypesToDisable"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "LogTypesToEnable"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance
+  Prelude.Hashable
+    AwsRdsPendingCloudWatchLogsExports
+  where
+  hashWithSalt
+    _salt
+    AwsRdsPendingCloudWatchLogsExports' {..} =
+      _salt
+        `Prelude.hashWithSalt` logTypesToDisable
+        `Prelude.hashWithSalt` logTypesToEnable
+
+instance
+  Prelude.NFData
+    AwsRdsPendingCloudWatchLogsExports
+  where
+  rnf AwsRdsPendingCloudWatchLogsExports' {..} =
+    Prelude.rnf logTypesToDisable
+      `Prelude.seq` Prelude.rnf logTypesToEnable
+
+instance
+  Data.ToJSON
+    AwsRdsPendingCloudWatchLogsExports
+  where
+  toJSON AwsRdsPendingCloudWatchLogsExports' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("LogTypesToDisable" Data..=)
+              Prelude.<$> logTypesToDisable,
+            ("LogTypesToEnable" Data..=)
+              Prelude.<$> logTypesToEnable
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterClusterNode.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterClusterNode.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterClusterNode.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterNode
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterNode where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A node in an Amazon Redshift cluster.
+--
+-- /See:/ 'newAwsRedshiftClusterClusterNode' smart constructor.
+data AwsRedshiftClusterClusterNode = AwsRedshiftClusterClusterNode'
+  { -- | The role of the node. A node might be a leader node or a compute node.
+    nodeRole :: Prelude.Maybe Prelude.Text,
+    -- | The private IP address of the node.
+    privateIpAddress :: Prelude.Maybe Prelude.Text,
+    -- | The public IP address of the node.
+    publicIpAddress :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterClusterNode' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nodeRole', 'awsRedshiftClusterClusterNode_nodeRole' - The role of the node. A node might be a leader node or a compute node.
+--
+-- 'privateIpAddress', 'awsRedshiftClusterClusterNode_privateIpAddress' - The private IP address of the node.
+--
+-- 'publicIpAddress', 'awsRedshiftClusterClusterNode_publicIpAddress' - The public IP address of the node.
+newAwsRedshiftClusterClusterNode ::
+  AwsRedshiftClusterClusterNode
+newAwsRedshiftClusterClusterNode =
+  AwsRedshiftClusterClusterNode'
+    { nodeRole =
+        Prelude.Nothing,
+      privateIpAddress = Prelude.Nothing,
+      publicIpAddress = Prelude.Nothing
+    }
+
+-- | The role of the node. A node might be a leader node or a compute node.
+awsRedshiftClusterClusterNode_nodeRole :: Lens.Lens' AwsRedshiftClusterClusterNode (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterClusterNode_nodeRole = Lens.lens (\AwsRedshiftClusterClusterNode' {nodeRole} -> nodeRole) (\s@AwsRedshiftClusterClusterNode' {} a -> s {nodeRole = a} :: AwsRedshiftClusterClusterNode)
+
+-- | The private IP address of the node.
+awsRedshiftClusterClusterNode_privateIpAddress :: Lens.Lens' AwsRedshiftClusterClusterNode (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterClusterNode_privateIpAddress = Lens.lens (\AwsRedshiftClusterClusterNode' {privateIpAddress} -> privateIpAddress) (\s@AwsRedshiftClusterClusterNode' {} a -> s {privateIpAddress = a} :: AwsRedshiftClusterClusterNode)
+
+-- | The public IP address of the node.
+awsRedshiftClusterClusterNode_publicIpAddress :: Lens.Lens' AwsRedshiftClusterClusterNode (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterClusterNode_publicIpAddress = Lens.lens (\AwsRedshiftClusterClusterNode' {publicIpAddress} -> publicIpAddress) (\s@AwsRedshiftClusterClusterNode' {} a -> s {publicIpAddress = a} :: AwsRedshiftClusterClusterNode)
+
+instance Data.FromJSON AwsRedshiftClusterClusterNode where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterClusterNode"
+      ( \x ->
+          AwsRedshiftClusterClusterNode'
+            Prelude.<$> (x Data..:? "NodeRole")
+            Prelude.<*> (x Data..:? "PrivateIpAddress")
+            Prelude.<*> (x Data..:? "PublicIpAddress")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRedshiftClusterClusterNode
+  where
+  hashWithSalt _salt AwsRedshiftClusterClusterNode' {..} =
+    _salt
+      `Prelude.hashWithSalt` nodeRole
+      `Prelude.hashWithSalt` privateIpAddress
+      `Prelude.hashWithSalt` publicIpAddress
+
+instance Prelude.NFData AwsRedshiftClusterClusterNode where
+  rnf AwsRedshiftClusterClusterNode' {..} =
+    Prelude.rnf nodeRole
+      `Prelude.seq` Prelude.rnf privateIpAddress
+      `Prelude.seq` Prelude.rnf publicIpAddress
+
+instance Data.ToJSON AwsRedshiftClusterClusterNode where
+  toJSON AwsRedshiftClusterClusterNode' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("NodeRole" Data..=) Prelude.<$> nodeRole,
+            ("PrivateIpAddress" Data..=)
+              Prelude.<$> privateIpAddress,
+            ("PublicIpAddress" Data..=)
+              Prelude.<$> publicIpAddress
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterClusterParameterGroup.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterClusterParameterGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterClusterParameterGroup.hs
@@ -0,0 +1,131 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterParameterGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterParameterGroup where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterParameterStatus
+
+-- | A cluster parameter group that is associated with an Amazon Redshift
+-- cluster.
+--
+-- /See:/ 'newAwsRedshiftClusterClusterParameterGroup' smart constructor.
+data AwsRedshiftClusterClusterParameterGroup = AwsRedshiftClusterClusterParameterGroup'
+  { -- | The list of parameter statuses.
+    clusterParameterStatusList :: Prelude.Maybe [AwsRedshiftClusterClusterParameterStatus],
+    -- | The status of updates to the parameters.
+    parameterApplyStatus :: Prelude.Maybe Prelude.Text,
+    -- | The name of the parameter group.
+    parameterGroupName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterClusterParameterGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clusterParameterStatusList', 'awsRedshiftClusterClusterParameterGroup_clusterParameterStatusList' - The list of parameter statuses.
+--
+-- 'parameterApplyStatus', 'awsRedshiftClusterClusterParameterGroup_parameterApplyStatus' - The status of updates to the parameters.
+--
+-- 'parameterGroupName', 'awsRedshiftClusterClusterParameterGroup_parameterGroupName' - The name of the parameter group.
+newAwsRedshiftClusterClusterParameterGroup ::
+  AwsRedshiftClusterClusterParameterGroup
+newAwsRedshiftClusterClusterParameterGroup =
+  AwsRedshiftClusterClusterParameterGroup'
+    { clusterParameterStatusList =
+        Prelude.Nothing,
+      parameterApplyStatus =
+        Prelude.Nothing,
+      parameterGroupName =
+        Prelude.Nothing
+    }
+
+-- | The list of parameter statuses.
+awsRedshiftClusterClusterParameterGroup_clusterParameterStatusList :: Lens.Lens' AwsRedshiftClusterClusterParameterGroup (Prelude.Maybe [AwsRedshiftClusterClusterParameterStatus])
+awsRedshiftClusterClusterParameterGroup_clusterParameterStatusList = Lens.lens (\AwsRedshiftClusterClusterParameterGroup' {clusterParameterStatusList} -> clusterParameterStatusList) (\s@AwsRedshiftClusterClusterParameterGroup' {} a -> s {clusterParameterStatusList = a} :: AwsRedshiftClusterClusterParameterGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | The status of updates to the parameters.
+awsRedshiftClusterClusterParameterGroup_parameterApplyStatus :: Lens.Lens' AwsRedshiftClusterClusterParameterGroup (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterClusterParameterGroup_parameterApplyStatus = Lens.lens (\AwsRedshiftClusterClusterParameterGroup' {parameterApplyStatus} -> parameterApplyStatus) (\s@AwsRedshiftClusterClusterParameterGroup' {} a -> s {parameterApplyStatus = a} :: AwsRedshiftClusterClusterParameterGroup)
+
+-- | The name of the parameter group.
+awsRedshiftClusterClusterParameterGroup_parameterGroupName :: Lens.Lens' AwsRedshiftClusterClusterParameterGroup (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterClusterParameterGroup_parameterGroupName = Lens.lens (\AwsRedshiftClusterClusterParameterGroup' {parameterGroupName} -> parameterGroupName) (\s@AwsRedshiftClusterClusterParameterGroup' {} a -> s {parameterGroupName = a} :: AwsRedshiftClusterClusterParameterGroup)
+
+instance
+  Data.FromJSON
+    AwsRedshiftClusterClusterParameterGroup
+  where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterClusterParameterGroup"
+      ( \x ->
+          AwsRedshiftClusterClusterParameterGroup'
+            Prelude.<$> ( x
+                            Data..:? "ClusterParameterStatusList"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ParameterApplyStatus")
+            Prelude.<*> (x Data..:? "ParameterGroupName")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRedshiftClusterClusterParameterGroup
+  where
+  hashWithSalt
+    _salt
+    AwsRedshiftClusterClusterParameterGroup' {..} =
+      _salt
+        `Prelude.hashWithSalt` clusterParameterStatusList
+        `Prelude.hashWithSalt` parameterApplyStatus
+        `Prelude.hashWithSalt` parameterGroupName
+
+instance
+  Prelude.NFData
+    AwsRedshiftClusterClusterParameterGroup
+  where
+  rnf AwsRedshiftClusterClusterParameterGroup' {..} =
+    Prelude.rnf clusterParameterStatusList
+      `Prelude.seq` Prelude.rnf parameterApplyStatus
+      `Prelude.seq` Prelude.rnf parameterGroupName
+
+instance
+  Data.ToJSON
+    AwsRedshiftClusterClusterParameterGroup
+  where
+  toJSON AwsRedshiftClusterClusterParameterGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ClusterParameterStatusList" Data..=)
+              Prelude.<$> clusterParameterStatusList,
+            ("ParameterApplyStatus" Data..=)
+              Prelude.<$> parameterApplyStatus,
+            ("ParameterGroupName" Data..=)
+              Prelude.<$> parameterGroupName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterClusterParameterStatus.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterClusterParameterStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterClusterParameterStatus.hs
@@ -0,0 +1,143 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterParameterStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterParameterStatus where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The status of a parameter in a cluster parameter group for an Amazon
+-- Redshift cluster.
+--
+-- /See:/ 'newAwsRedshiftClusterClusterParameterStatus' smart constructor.
+data AwsRedshiftClusterClusterParameterStatus = AwsRedshiftClusterClusterParameterStatus'
+  { -- | The error that prevented the parameter from being applied to the
+    -- database.
+    parameterApplyErrorDescription :: Prelude.Maybe Prelude.Text,
+    -- | The status of the parameter. Indicates whether the parameter is in sync
+    -- with the database, waiting for a cluster reboot, or encountered an error
+    -- when it was applied.
+    --
+    -- Valid values: @in-sync@ | @pending-reboot@ | @applying@ |
+    -- @invalid-parameter@ | @apply-deferred@ | @apply-error@ | @unknown-error@
+    parameterApplyStatus :: Prelude.Maybe Prelude.Text,
+    -- | The name of the parameter.
+    parameterName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterClusterParameterStatus' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'parameterApplyErrorDescription', 'awsRedshiftClusterClusterParameterStatus_parameterApplyErrorDescription' - The error that prevented the parameter from being applied to the
+-- database.
+--
+-- 'parameterApplyStatus', 'awsRedshiftClusterClusterParameterStatus_parameterApplyStatus' - The status of the parameter. Indicates whether the parameter is in sync
+-- with the database, waiting for a cluster reboot, or encountered an error
+-- when it was applied.
+--
+-- Valid values: @in-sync@ | @pending-reboot@ | @applying@ |
+-- @invalid-parameter@ | @apply-deferred@ | @apply-error@ | @unknown-error@
+--
+-- 'parameterName', 'awsRedshiftClusterClusterParameterStatus_parameterName' - The name of the parameter.
+newAwsRedshiftClusterClusterParameterStatus ::
+  AwsRedshiftClusterClusterParameterStatus
+newAwsRedshiftClusterClusterParameterStatus =
+  AwsRedshiftClusterClusterParameterStatus'
+    { parameterApplyErrorDescription =
+        Prelude.Nothing,
+      parameterApplyStatus =
+        Prelude.Nothing,
+      parameterName = Prelude.Nothing
+    }
+
+-- | The error that prevented the parameter from being applied to the
+-- database.
+awsRedshiftClusterClusterParameterStatus_parameterApplyErrorDescription :: Lens.Lens' AwsRedshiftClusterClusterParameterStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterClusterParameterStatus_parameterApplyErrorDescription = Lens.lens (\AwsRedshiftClusterClusterParameterStatus' {parameterApplyErrorDescription} -> parameterApplyErrorDescription) (\s@AwsRedshiftClusterClusterParameterStatus' {} a -> s {parameterApplyErrorDescription = a} :: AwsRedshiftClusterClusterParameterStatus)
+
+-- | The status of the parameter. Indicates whether the parameter is in sync
+-- with the database, waiting for a cluster reboot, or encountered an error
+-- when it was applied.
+--
+-- Valid values: @in-sync@ | @pending-reboot@ | @applying@ |
+-- @invalid-parameter@ | @apply-deferred@ | @apply-error@ | @unknown-error@
+awsRedshiftClusterClusterParameterStatus_parameterApplyStatus :: Lens.Lens' AwsRedshiftClusterClusterParameterStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterClusterParameterStatus_parameterApplyStatus = Lens.lens (\AwsRedshiftClusterClusterParameterStatus' {parameterApplyStatus} -> parameterApplyStatus) (\s@AwsRedshiftClusterClusterParameterStatus' {} a -> s {parameterApplyStatus = a} :: AwsRedshiftClusterClusterParameterStatus)
+
+-- | The name of the parameter.
+awsRedshiftClusterClusterParameterStatus_parameterName :: Lens.Lens' AwsRedshiftClusterClusterParameterStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterClusterParameterStatus_parameterName = Lens.lens (\AwsRedshiftClusterClusterParameterStatus' {parameterName} -> parameterName) (\s@AwsRedshiftClusterClusterParameterStatus' {} a -> s {parameterName = a} :: AwsRedshiftClusterClusterParameterStatus)
+
+instance
+  Data.FromJSON
+    AwsRedshiftClusterClusterParameterStatus
+  where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterClusterParameterStatus"
+      ( \x ->
+          AwsRedshiftClusterClusterParameterStatus'
+            Prelude.<$> (x Data..:? "ParameterApplyErrorDescription")
+            Prelude.<*> (x Data..:? "ParameterApplyStatus")
+            Prelude.<*> (x Data..:? "ParameterName")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRedshiftClusterClusterParameterStatus
+  where
+  hashWithSalt
+    _salt
+    AwsRedshiftClusterClusterParameterStatus' {..} =
+      _salt
+        `Prelude.hashWithSalt` parameterApplyErrorDescription
+        `Prelude.hashWithSalt` parameterApplyStatus
+        `Prelude.hashWithSalt` parameterName
+
+instance
+  Prelude.NFData
+    AwsRedshiftClusterClusterParameterStatus
+  where
+  rnf AwsRedshiftClusterClusterParameterStatus' {..} =
+    Prelude.rnf parameterApplyErrorDescription
+      `Prelude.seq` Prelude.rnf parameterApplyStatus
+      `Prelude.seq` Prelude.rnf parameterName
+
+instance
+  Data.ToJSON
+    AwsRedshiftClusterClusterParameterStatus
+  where
+  toJSON AwsRedshiftClusterClusterParameterStatus' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ParameterApplyErrorDescription" Data..=)
+              Prelude.<$> parameterApplyErrorDescription,
+            ("ParameterApplyStatus" Data..=)
+              Prelude.<$> parameterApplyStatus,
+            ("ParameterName" Data..=) Prelude.<$> parameterName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterClusterSecurityGroup.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterClusterSecurityGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterClusterSecurityGroup.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterSecurityGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterSecurityGroup where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A security group that is associated with the cluster.
+--
+-- /See:/ 'newAwsRedshiftClusterClusterSecurityGroup' smart constructor.
+data AwsRedshiftClusterClusterSecurityGroup = AwsRedshiftClusterClusterSecurityGroup'
+  { -- | The name of the cluster security group.
+    clusterSecurityGroupName :: Prelude.Maybe Prelude.Text,
+    -- | The status of the cluster security group.
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterClusterSecurityGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clusterSecurityGroupName', 'awsRedshiftClusterClusterSecurityGroup_clusterSecurityGroupName' - The name of the cluster security group.
+--
+-- 'status', 'awsRedshiftClusterClusterSecurityGroup_status' - The status of the cluster security group.
+newAwsRedshiftClusterClusterSecurityGroup ::
+  AwsRedshiftClusterClusterSecurityGroup
+newAwsRedshiftClusterClusterSecurityGroup =
+  AwsRedshiftClusterClusterSecurityGroup'
+    { clusterSecurityGroupName =
+        Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The name of the cluster security group.
+awsRedshiftClusterClusterSecurityGroup_clusterSecurityGroupName :: Lens.Lens' AwsRedshiftClusterClusterSecurityGroup (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterClusterSecurityGroup_clusterSecurityGroupName = Lens.lens (\AwsRedshiftClusterClusterSecurityGroup' {clusterSecurityGroupName} -> clusterSecurityGroupName) (\s@AwsRedshiftClusterClusterSecurityGroup' {} a -> s {clusterSecurityGroupName = a} :: AwsRedshiftClusterClusterSecurityGroup)
+
+-- | The status of the cluster security group.
+awsRedshiftClusterClusterSecurityGroup_status :: Lens.Lens' AwsRedshiftClusterClusterSecurityGroup (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterClusterSecurityGroup_status = Lens.lens (\AwsRedshiftClusterClusterSecurityGroup' {status} -> status) (\s@AwsRedshiftClusterClusterSecurityGroup' {} a -> s {status = a} :: AwsRedshiftClusterClusterSecurityGroup)
+
+instance
+  Data.FromJSON
+    AwsRedshiftClusterClusterSecurityGroup
+  where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterClusterSecurityGroup"
+      ( \x ->
+          AwsRedshiftClusterClusterSecurityGroup'
+            Prelude.<$> (x Data..:? "ClusterSecurityGroupName")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRedshiftClusterClusterSecurityGroup
+  where
+  hashWithSalt
+    _salt
+    AwsRedshiftClusterClusterSecurityGroup' {..} =
+      _salt
+        `Prelude.hashWithSalt` clusterSecurityGroupName
+        `Prelude.hashWithSalt` status
+
+instance
+  Prelude.NFData
+    AwsRedshiftClusterClusterSecurityGroup
+  where
+  rnf AwsRedshiftClusterClusterSecurityGroup' {..} =
+    Prelude.rnf clusterSecurityGroupName
+      `Prelude.seq` Prelude.rnf status
+
+instance
+  Data.ToJSON
+    AwsRedshiftClusterClusterSecurityGroup
+  where
+  toJSON AwsRedshiftClusterClusterSecurityGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ClusterSecurityGroupName" Data..=)
+              Prelude.<$> clusterSecurityGroupName,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterClusterSnapshotCopyStatus.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterClusterSnapshotCopyStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterClusterSnapshotCopyStatus.hs
@@ -0,0 +1,163 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterSnapshotCopyStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterSnapshotCopyStatus where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about a cross-Region snapshot copy.
+--
+-- /See:/ 'newAwsRedshiftClusterClusterSnapshotCopyStatus' smart constructor.
+data AwsRedshiftClusterClusterSnapshotCopyStatus = AwsRedshiftClusterClusterSnapshotCopyStatus'
+  { -- | The destination Region that snapshots are automatically copied to when
+    -- cross-Region snapshot copy is enabled.
+    destinationRegion :: Prelude.Maybe Prelude.Text,
+    -- | The number of days that manual snapshots are retained in the destination
+    -- region after they are copied from a source region.
+    --
+    -- If the value is @-1@, then the manual snapshot is retained indefinitely.
+    --
+    -- Valid values: Either @-1@ or an integer between 1 and 3,653
+    manualSnapshotRetentionPeriod :: Prelude.Maybe Prelude.Int,
+    -- | The number of days to retain automated snapshots in the destination
+    -- Region after they are copied from a source Region.
+    retentionPeriod :: Prelude.Maybe Prelude.Int,
+    -- | The name of the snapshot copy grant.
+    snapshotCopyGrantName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterClusterSnapshotCopyStatus' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'destinationRegion', 'awsRedshiftClusterClusterSnapshotCopyStatus_destinationRegion' - The destination Region that snapshots are automatically copied to when
+-- cross-Region snapshot copy is enabled.
+--
+-- 'manualSnapshotRetentionPeriod', 'awsRedshiftClusterClusterSnapshotCopyStatus_manualSnapshotRetentionPeriod' - The number of days that manual snapshots are retained in the destination
+-- region after they are copied from a source region.
+--
+-- If the value is @-1@, then the manual snapshot is retained indefinitely.
+--
+-- Valid values: Either @-1@ or an integer between 1 and 3,653
+--
+-- 'retentionPeriod', 'awsRedshiftClusterClusterSnapshotCopyStatus_retentionPeriod' - The number of days to retain automated snapshots in the destination
+-- Region after they are copied from a source Region.
+--
+-- 'snapshotCopyGrantName', 'awsRedshiftClusterClusterSnapshotCopyStatus_snapshotCopyGrantName' - The name of the snapshot copy grant.
+newAwsRedshiftClusterClusterSnapshotCopyStatus ::
+  AwsRedshiftClusterClusterSnapshotCopyStatus
+newAwsRedshiftClusterClusterSnapshotCopyStatus =
+  AwsRedshiftClusterClusterSnapshotCopyStatus'
+    { destinationRegion =
+        Prelude.Nothing,
+      manualSnapshotRetentionPeriod =
+        Prelude.Nothing,
+      retentionPeriod =
+        Prelude.Nothing,
+      snapshotCopyGrantName =
+        Prelude.Nothing
+    }
+
+-- | The destination Region that snapshots are automatically copied to when
+-- cross-Region snapshot copy is enabled.
+awsRedshiftClusterClusterSnapshotCopyStatus_destinationRegion :: Lens.Lens' AwsRedshiftClusterClusterSnapshotCopyStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterClusterSnapshotCopyStatus_destinationRegion = Lens.lens (\AwsRedshiftClusterClusterSnapshotCopyStatus' {destinationRegion} -> destinationRegion) (\s@AwsRedshiftClusterClusterSnapshotCopyStatus' {} a -> s {destinationRegion = a} :: AwsRedshiftClusterClusterSnapshotCopyStatus)
+
+-- | The number of days that manual snapshots are retained in the destination
+-- region after they are copied from a source region.
+--
+-- If the value is @-1@, then the manual snapshot is retained indefinitely.
+--
+-- Valid values: Either @-1@ or an integer between 1 and 3,653
+awsRedshiftClusterClusterSnapshotCopyStatus_manualSnapshotRetentionPeriod :: Lens.Lens' AwsRedshiftClusterClusterSnapshotCopyStatus (Prelude.Maybe Prelude.Int)
+awsRedshiftClusterClusterSnapshotCopyStatus_manualSnapshotRetentionPeriod = Lens.lens (\AwsRedshiftClusterClusterSnapshotCopyStatus' {manualSnapshotRetentionPeriod} -> manualSnapshotRetentionPeriod) (\s@AwsRedshiftClusterClusterSnapshotCopyStatus' {} a -> s {manualSnapshotRetentionPeriod = a} :: AwsRedshiftClusterClusterSnapshotCopyStatus)
+
+-- | The number of days to retain automated snapshots in the destination
+-- Region after they are copied from a source Region.
+awsRedshiftClusterClusterSnapshotCopyStatus_retentionPeriod :: Lens.Lens' AwsRedshiftClusterClusterSnapshotCopyStatus (Prelude.Maybe Prelude.Int)
+awsRedshiftClusterClusterSnapshotCopyStatus_retentionPeriod = Lens.lens (\AwsRedshiftClusterClusterSnapshotCopyStatus' {retentionPeriod} -> retentionPeriod) (\s@AwsRedshiftClusterClusterSnapshotCopyStatus' {} a -> s {retentionPeriod = a} :: AwsRedshiftClusterClusterSnapshotCopyStatus)
+
+-- | The name of the snapshot copy grant.
+awsRedshiftClusterClusterSnapshotCopyStatus_snapshotCopyGrantName :: Lens.Lens' AwsRedshiftClusterClusterSnapshotCopyStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterClusterSnapshotCopyStatus_snapshotCopyGrantName = Lens.lens (\AwsRedshiftClusterClusterSnapshotCopyStatus' {snapshotCopyGrantName} -> snapshotCopyGrantName) (\s@AwsRedshiftClusterClusterSnapshotCopyStatus' {} a -> s {snapshotCopyGrantName = a} :: AwsRedshiftClusterClusterSnapshotCopyStatus)
+
+instance
+  Data.FromJSON
+    AwsRedshiftClusterClusterSnapshotCopyStatus
+  where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterClusterSnapshotCopyStatus"
+      ( \x ->
+          AwsRedshiftClusterClusterSnapshotCopyStatus'
+            Prelude.<$> (x Data..:? "DestinationRegion")
+            Prelude.<*> (x Data..:? "ManualSnapshotRetentionPeriod")
+            Prelude.<*> (x Data..:? "RetentionPeriod")
+            Prelude.<*> (x Data..:? "SnapshotCopyGrantName")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRedshiftClusterClusterSnapshotCopyStatus
+  where
+  hashWithSalt
+    _salt
+    AwsRedshiftClusterClusterSnapshotCopyStatus' {..} =
+      _salt
+        `Prelude.hashWithSalt` destinationRegion
+        `Prelude.hashWithSalt` manualSnapshotRetentionPeriod
+        `Prelude.hashWithSalt` retentionPeriod
+        `Prelude.hashWithSalt` snapshotCopyGrantName
+
+instance
+  Prelude.NFData
+    AwsRedshiftClusterClusterSnapshotCopyStatus
+  where
+  rnf AwsRedshiftClusterClusterSnapshotCopyStatus' {..} =
+    Prelude.rnf destinationRegion
+      `Prelude.seq` Prelude.rnf manualSnapshotRetentionPeriod
+      `Prelude.seq` Prelude.rnf retentionPeriod
+      `Prelude.seq` Prelude.rnf snapshotCopyGrantName
+
+instance
+  Data.ToJSON
+    AwsRedshiftClusterClusterSnapshotCopyStatus
+  where
+  toJSON
+    AwsRedshiftClusterClusterSnapshotCopyStatus' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DestinationRegion" Data..=)
+                Prelude.<$> destinationRegion,
+              ("ManualSnapshotRetentionPeriod" Data..=)
+                Prelude.<$> manualSnapshotRetentionPeriod,
+              ("RetentionPeriod" Data..=)
+                Prelude.<$> retentionPeriod,
+              ("SnapshotCopyGrantName" Data..=)
+                Prelude.<$> snapshotCopyGrantName
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterDeferredMaintenanceWindow.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterDeferredMaintenanceWindow.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterDeferredMaintenanceWindow.hs
@@ -0,0 +1,158 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterDeferredMaintenanceWindow
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterDeferredMaintenanceWindow where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A time windows during which maintenance was deferred for an Amazon
+-- Redshift cluster.
+--
+-- /See:/ 'newAwsRedshiftClusterDeferredMaintenanceWindow' smart constructor.
+data AwsRedshiftClusterDeferredMaintenanceWindow = AwsRedshiftClusterDeferredMaintenanceWindow'
+  { -- | The end of the time window for which maintenance was deferred.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    deferMaintenanceEndTime :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the maintenance window.
+    deferMaintenanceIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The start of the time window for which maintenance was deferred.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    deferMaintenanceStartTime :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterDeferredMaintenanceWindow' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deferMaintenanceEndTime', 'awsRedshiftClusterDeferredMaintenanceWindow_deferMaintenanceEndTime' - The end of the time window for which maintenance was deferred.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'deferMaintenanceIdentifier', 'awsRedshiftClusterDeferredMaintenanceWindow_deferMaintenanceIdentifier' - The identifier of the maintenance window.
+--
+-- 'deferMaintenanceStartTime', 'awsRedshiftClusterDeferredMaintenanceWindow_deferMaintenanceStartTime' - The start of the time window for which maintenance was deferred.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+newAwsRedshiftClusterDeferredMaintenanceWindow ::
+  AwsRedshiftClusterDeferredMaintenanceWindow
+newAwsRedshiftClusterDeferredMaintenanceWindow =
+  AwsRedshiftClusterDeferredMaintenanceWindow'
+    { deferMaintenanceEndTime =
+        Prelude.Nothing,
+      deferMaintenanceIdentifier =
+        Prelude.Nothing,
+      deferMaintenanceStartTime =
+        Prelude.Nothing
+    }
+
+-- | The end of the time window for which maintenance was deferred.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsRedshiftClusterDeferredMaintenanceWindow_deferMaintenanceEndTime :: Lens.Lens' AwsRedshiftClusterDeferredMaintenanceWindow (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDeferredMaintenanceWindow_deferMaintenanceEndTime = Lens.lens (\AwsRedshiftClusterDeferredMaintenanceWindow' {deferMaintenanceEndTime} -> deferMaintenanceEndTime) (\s@AwsRedshiftClusterDeferredMaintenanceWindow' {} a -> s {deferMaintenanceEndTime = a} :: AwsRedshiftClusterDeferredMaintenanceWindow)
+
+-- | The identifier of the maintenance window.
+awsRedshiftClusterDeferredMaintenanceWindow_deferMaintenanceIdentifier :: Lens.Lens' AwsRedshiftClusterDeferredMaintenanceWindow (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDeferredMaintenanceWindow_deferMaintenanceIdentifier = Lens.lens (\AwsRedshiftClusterDeferredMaintenanceWindow' {deferMaintenanceIdentifier} -> deferMaintenanceIdentifier) (\s@AwsRedshiftClusterDeferredMaintenanceWindow' {} a -> s {deferMaintenanceIdentifier = a} :: AwsRedshiftClusterDeferredMaintenanceWindow)
+
+-- | The start of the time window for which maintenance was deferred.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsRedshiftClusterDeferredMaintenanceWindow_deferMaintenanceStartTime :: Lens.Lens' AwsRedshiftClusterDeferredMaintenanceWindow (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDeferredMaintenanceWindow_deferMaintenanceStartTime = Lens.lens (\AwsRedshiftClusterDeferredMaintenanceWindow' {deferMaintenanceStartTime} -> deferMaintenanceStartTime) (\s@AwsRedshiftClusterDeferredMaintenanceWindow' {} a -> s {deferMaintenanceStartTime = a} :: AwsRedshiftClusterDeferredMaintenanceWindow)
+
+instance
+  Data.FromJSON
+    AwsRedshiftClusterDeferredMaintenanceWindow
+  where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterDeferredMaintenanceWindow"
+      ( \x ->
+          AwsRedshiftClusterDeferredMaintenanceWindow'
+            Prelude.<$> (x Data..:? "DeferMaintenanceEndTime")
+            Prelude.<*> (x Data..:? "DeferMaintenanceIdentifier")
+            Prelude.<*> (x Data..:? "DeferMaintenanceStartTime")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRedshiftClusterDeferredMaintenanceWindow
+  where
+  hashWithSalt
+    _salt
+    AwsRedshiftClusterDeferredMaintenanceWindow' {..} =
+      _salt
+        `Prelude.hashWithSalt` deferMaintenanceEndTime
+        `Prelude.hashWithSalt` deferMaintenanceIdentifier
+        `Prelude.hashWithSalt` deferMaintenanceStartTime
+
+instance
+  Prelude.NFData
+    AwsRedshiftClusterDeferredMaintenanceWindow
+  where
+  rnf AwsRedshiftClusterDeferredMaintenanceWindow' {..} =
+    Prelude.rnf deferMaintenanceEndTime
+      `Prelude.seq` Prelude.rnf deferMaintenanceIdentifier
+      `Prelude.seq` Prelude.rnf deferMaintenanceStartTime
+
+instance
+  Data.ToJSON
+    AwsRedshiftClusterDeferredMaintenanceWindow
+  where
+  toJSON
+    AwsRedshiftClusterDeferredMaintenanceWindow' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DeferMaintenanceEndTime" Data..=)
+                Prelude.<$> deferMaintenanceEndTime,
+              ("DeferMaintenanceIdentifier" Data..=)
+                Prelude.<$> deferMaintenanceIdentifier,
+              ("DeferMaintenanceStartTime" Data..=)
+                Prelude.<$> deferMaintenanceStartTime
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterDetails.hs
@@ -0,0 +1,950 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterNode
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterParameterGroup
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterSecurityGroup
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterClusterSnapshotCopyStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterDeferredMaintenanceWindow
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterElasticIpStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterEndpoint
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterHsmStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterIamRole
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterLoggingStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterPendingModifiedValues
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterResizeInfo
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterRestoreStatus
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterVpcSecurityGroup
+
+-- | Details about an Amazon Redshift cluster.
+--
+-- /See:/ 'newAwsRedshiftClusterDetails' smart constructor.
+data AwsRedshiftClusterDetails = AwsRedshiftClusterDetails'
+  { -- | Indicates whether major version upgrades are applied automatically to
+    -- the cluster during the maintenance window.
+    allowVersionUpgrade :: Prelude.Maybe Prelude.Bool,
+    -- | The number of days that automatic cluster snapshots are retained.
+    automatedSnapshotRetentionPeriod :: Prelude.Maybe Prelude.Int,
+    -- | The name of the Availability Zone in which the cluster is located.
+    availabilityZone :: Prelude.Maybe Prelude.Text,
+    -- | The availability status of the cluster for queries. Possible values are
+    -- the following:
+    --
+    -- -   @Available@ - The cluster is available for queries.
+    --
+    -- -   @Unavailable@ - The cluster is not available for queries.
+    --
+    -- -   @Maintenance@ - The cluster is intermittently available for queries
+    --     due to maintenance activities.
+    --
+    -- -   @Modifying@ -The cluster is intermittently available for queries due
+    --     to changes that modify the cluster.
+    --
+    -- -   @Failed@ - The cluster failed and is not available for queries.
+    clusterAvailabilityStatus :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the cluster was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    clusterCreateTime :: Prelude.Maybe Prelude.Text,
+    -- | The unique identifier of the cluster.
+    clusterIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The nodes in the cluster.
+    clusterNodes :: Prelude.Maybe [AwsRedshiftClusterClusterNode],
+    -- | The list of cluster parameter groups that are associated with this
+    -- cluster.
+    clusterParameterGroups :: Prelude.Maybe [AwsRedshiftClusterClusterParameterGroup],
+    -- | The public key for the cluster.
+    clusterPublicKey :: Prelude.Maybe Prelude.Text,
+    -- | The specific revision number of the database in the cluster.
+    clusterRevisionNumber :: Prelude.Maybe Prelude.Text,
+    -- | A list of cluster security groups that are associated with the cluster.
+    clusterSecurityGroups :: Prelude.Maybe [AwsRedshiftClusterClusterSecurityGroup],
+    -- | Information about the destination Region and retention period for the
+    -- cross-Region snapshot copy.
+    clusterSnapshotCopyStatus :: Prelude.Maybe AwsRedshiftClusterClusterSnapshotCopyStatus,
+    -- | The current status of the cluster.
+    --
+    -- Valid values: @available@ | @available, prep-for-resize@ |
+    -- @available, resize-cleanup@ |@ cancelling-resize@ | @creating@ |
+    -- @deleting@ | @final-snapshot@ | @hardware-failure@ | @incompatible-hsm@
+    -- |@ incompatible-network@ | @incompatible-parameters@ |
+    -- @incompatible-restore@ | @modifying@ | @paused@ | @rebooting@ |
+    -- @renaming@ | @resizing@ | @rotating-keys@ | @storage-full@ |
+    -- @updating-hsm@
+    clusterStatus :: Prelude.Maybe Prelude.Text,
+    -- | The name of the subnet group that is associated with the cluster. This
+    -- parameter is valid only when the cluster is in a VPC.
+    clusterSubnetGroupName :: Prelude.Maybe Prelude.Text,
+    -- | The version ID of the Amazon Redshift engine that runs on the cluster.
+    clusterVersion :: Prelude.Maybe Prelude.Text,
+    -- | The name of the initial database that was created when the cluster was
+    -- created.
+    --
+    -- The same name is returned for the life of the cluster.
+    --
+    -- If an initial database is not specified, a database named @devdev@ is
+    -- created by default.
+    dbName :: Prelude.Maybe Prelude.Text,
+    -- | List of time windows during which maintenance was deferred.
+    deferredMaintenanceWindows :: Prelude.Maybe [AwsRedshiftClusterDeferredMaintenanceWindow],
+    -- | Information about the status of the Elastic IP (EIP) address.
+    elasticIpStatus :: Prelude.Maybe AwsRedshiftClusterElasticIpStatus,
+    -- | The number of nodes that you can use the elastic resize method to resize
+    -- the cluster to.
+    elasticResizeNumberOfNodeOptions :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether the data in the cluster is encrypted at rest.
+    encrypted :: Prelude.Maybe Prelude.Bool,
+    -- | The connection endpoint.
+    endpoint :: Prelude.Maybe AwsRedshiftClusterEndpoint,
+    -- | Indicates whether to create the cluster with enhanced VPC routing
+    -- enabled.
+    enhancedVpcRouting :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates when the next snapshot is expected to be taken. The cluster
+    -- must have a valid snapshot schedule and have backups enabled.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    expectedNextSnapshotScheduleTime :: Prelude.Maybe Prelude.Text,
+    -- | The status of the next expected snapshot.
+    --
+    -- Valid values: @OnTrack@ | @Pending@
+    expectedNextSnapshotScheduleTimeStatus :: Prelude.Maybe Prelude.Text,
+    -- | Information about whether the Amazon Redshift cluster finished applying
+    -- any changes to hardware security module (HSM) settings that were
+    -- specified in a modify cluster command.
+    hsmStatus :: Prelude.Maybe AwsRedshiftClusterHsmStatus,
+    -- | A list of IAM roles that the cluster can use to access other Amazon Web
+    -- Services services.
+    iamRoles :: Prelude.Maybe [AwsRedshiftClusterIamRole],
+    -- | The identifier of the KMS encryption key that is used to encrypt data in
+    -- the cluster.
+    kmsKeyId :: Prelude.Maybe Prelude.Text,
+    -- | Information about the logging status of the cluster.
+    loggingStatus :: Prelude.Maybe AwsRedshiftClusterLoggingStatus,
+    -- | The name of the maintenance track for the cluster.
+    maintenanceTrackName :: Prelude.Maybe Prelude.Text,
+    -- | The default number of days to retain a manual snapshot.
+    --
+    -- If the value is @-1@, the snapshot is retained indefinitely.
+    --
+    -- This setting doesn\'t change the retention period of existing snapshots.
+    --
+    -- Valid values: Either @-1@ or an integer between 1 and 3,653
+    manualSnapshotRetentionPeriod :: Prelude.Maybe Prelude.Int,
+    -- | The master user name for the cluster. This name is used to connect to
+    -- the database that is specified in as the value of @DBName@.
+    masterUsername :: Prelude.Maybe Prelude.Text,
+    -- | Indicates the start of the next maintenance window.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    nextMaintenanceWindowStartTime :: Prelude.Maybe Prelude.Text,
+    -- | The node type for the nodes in the cluster.
+    nodeType :: Prelude.Maybe Prelude.Text,
+    -- | The number of compute nodes in the cluster.
+    numberOfNodes :: Prelude.Maybe Prelude.Int,
+    -- | A list of cluster operations that are waiting to start.
+    pendingActions :: Prelude.Maybe [Prelude.Text],
+    -- | A list of changes to the cluster that are currently pending.
+    pendingModifiedValues :: Prelude.Maybe AwsRedshiftClusterPendingModifiedValues,
+    -- | The weekly time range, in Universal Coordinated Time (UTC), during which
+    -- system maintenance can occur.
+    --
+    -- Format: @ @/@\<day>@/@:HH:MM-@/@\<day>@/@:HH:MM@
+    --
+    -- For the day values, use @mon@ | @tue@ | @wed@ | @thu@ | @fri@ | @sat@ |
+    -- @sun@
+    --
+    -- For example, @sun:09:32-sun:10:02@
+    preferredMaintenanceWindow :: Prelude.Maybe Prelude.Text,
+    -- | Whether the cluster can be accessed from a public network.
+    publiclyAccessible :: Prelude.Maybe Prelude.Bool,
+    -- | Information about the resize operation for the cluster.
+    resizeInfo :: Prelude.Maybe AwsRedshiftClusterResizeInfo,
+    -- | Information about the status of a cluster restore action. Only applies
+    -- to a cluster that was created by restoring a snapshot.
+    restoreStatus :: Prelude.Maybe AwsRedshiftClusterRestoreStatus,
+    -- | A unique identifier for the cluster snapshot schedule.
+    snapshotScheduleIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The current state of the cluster snapshot schedule.
+    --
+    -- Valid values: @MODIFYING@ | @ACTIVE@ | @FAILED@
+    snapshotScheduleState :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the VPC that the cluster is in, if the cluster is in a
+    -- VPC.
+    vpcId :: Prelude.Maybe Prelude.Text,
+    -- | The list of VPC security groups that the cluster belongs to, if the
+    -- cluster is in a VPC.
+    vpcSecurityGroups :: Prelude.Maybe [AwsRedshiftClusterVpcSecurityGroup]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allowVersionUpgrade', 'awsRedshiftClusterDetails_allowVersionUpgrade' - Indicates whether major version upgrades are applied automatically to
+-- the cluster during the maintenance window.
+--
+-- 'automatedSnapshotRetentionPeriod', 'awsRedshiftClusterDetails_automatedSnapshotRetentionPeriod' - The number of days that automatic cluster snapshots are retained.
+--
+-- 'availabilityZone', 'awsRedshiftClusterDetails_availabilityZone' - The name of the Availability Zone in which the cluster is located.
+--
+-- 'clusterAvailabilityStatus', 'awsRedshiftClusterDetails_clusterAvailabilityStatus' - The availability status of the cluster for queries. Possible values are
+-- the following:
+--
+-- -   @Available@ - The cluster is available for queries.
+--
+-- -   @Unavailable@ - The cluster is not available for queries.
+--
+-- -   @Maintenance@ - The cluster is intermittently available for queries
+--     due to maintenance activities.
+--
+-- -   @Modifying@ -The cluster is intermittently available for queries due
+--     to changes that modify the cluster.
+--
+-- -   @Failed@ - The cluster failed and is not available for queries.
+--
+-- 'clusterCreateTime', 'awsRedshiftClusterDetails_clusterCreateTime' - Indicates when the cluster was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'clusterIdentifier', 'awsRedshiftClusterDetails_clusterIdentifier' - The unique identifier of the cluster.
+--
+-- 'clusterNodes', 'awsRedshiftClusterDetails_clusterNodes' - The nodes in the cluster.
+--
+-- 'clusterParameterGroups', 'awsRedshiftClusterDetails_clusterParameterGroups' - The list of cluster parameter groups that are associated with this
+-- cluster.
+--
+-- 'clusterPublicKey', 'awsRedshiftClusterDetails_clusterPublicKey' - The public key for the cluster.
+--
+-- 'clusterRevisionNumber', 'awsRedshiftClusterDetails_clusterRevisionNumber' - The specific revision number of the database in the cluster.
+--
+-- 'clusterSecurityGroups', 'awsRedshiftClusterDetails_clusterSecurityGroups' - A list of cluster security groups that are associated with the cluster.
+--
+-- 'clusterSnapshotCopyStatus', 'awsRedshiftClusterDetails_clusterSnapshotCopyStatus' - Information about the destination Region and retention period for the
+-- cross-Region snapshot copy.
+--
+-- 'clusterStatus', 'awsRedshiftClusterDetails_clusterStatus' - The current status of the cluster.
+--
+-- Valid values: @available@ | @available, prep-for-resize@ |
+-- @available, resize-cleanup@ |@ cancelling-resize@ | @creating@ |
+-- @deleting@ | @final-snapshot@ | @hardware-failure@ | @incompatible-hsm@
+-- |@ incompatible-network@ | @incompatible-parameters@ |
+-- @incompatible-restore@ | @modifying@ | @paused@ | @rebooting@ |
+-- @renaming@ | @resizing@ | @rotating-keys@ | @storage-full@ |
+-- @updating-hsm@
+--
+-- 'clusterSubnetGroupName', 'awsRedshiftClusterDetails_clusterSubnetGroupName' - The name of the subnet group that is associated with the cluster. This
+-- parameter is valid only when the cluster is in a VPC.
+--
+-- 'clusterVersion', 'awsRedshiftClusterDetails_clusterVersion' - The version ID of the Amazon Redshift engine that runs on the cluster.
+--
+-- 'dbName', 'awsRedshiftClusterDetails_dbName' - The name of the initial database that was created when the cluster was
+-- created.
+--
+-- The same name is returned for the life of the cluster.
+--
+-- If an initial database is not specified, a database named @devdev@ is
+-- created by default.
+--
+-- 'deferredMaintenanceWindows', 'awsRedshiftClusterDetails_deferredMaintenanceWindows' - List of time windows during which maintenance was deferred.
+--
+-- 'elasticIpStatus', 'awsRedshiftClusterDetails_elasticIpStatus' - Information about the status of the Elastic IP (EIP) address.
+--
+-- 'elasticResizeNumberOfNodeOptions', 'awsRedshiftClusterDetails_elasticResizeNumberOfNodeOptions' - The number of nodes that you can use the elastic resize method to resize
+-- the cluster to.
+--
+-- 'encrypted', 'awsRedshiftClusterDetails_encrypted' - Indicates whether the data in the cluster is encrypted at rest.
+--
+-- 'endpoint', 'awsRedshiftClusterDetails_endpoint' - The connection endpoint.
+--
+-- 'enhancedVpcRouting', 'awsRedshiftClusterDetails_enhancedVpcRouting' - Indicates whether to create the cluster with enhanced VPC routing
+-- enabled.
+--
+-- 'expectedNextSnapshotScheduleTime', 'awsRedshiftClusterDetails_expectedNextSnapshotScheduleTime' - Indicates when the next snapshot is expected to be taken. The cluster
+-- must have a valid snapshot schedule and have backups enabled.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'expectedNextSnapshotScheduleTimeStatus', 'awsRedshiftClusterDetails_expectedNextSnapshotScheduleTimeStatus' - The status of the next expected snapshot.
+--
+-- Valid values: @OnTrack@ | @Pending@
+--
+-- 'hsmStatus', 'awsRedshiftClusterDetails_hsmStatus' - Information about whether the Amazon Redshift cluster finished applying
+-- any changes to hardware security module (HSM) settings that were
+-- specified in a modify cluster command.
+--
+-- 'iamRoles', 'awsRedshiftClusterDetails_iamRoles' - A list of IAM roles that the cluster can use to access other Amazon Web
+-- Services services.
+--
+-- 'kmsKeyId', 'awsRedshiftClusterDetails_kmsKeyId' - The identifier of the KMS encryption key that is used to encrypt data in
+-- the cluster.
+--
+-- 'loggingStatus', 'awsRedshiftClusterDetails_loggingStatus' - Information about the logging status of the cluster.
+--
+-- 'maintenanceTrackName', 'awsRedshiftClusterDetails_maintenanceTrackName' - The name of the maintenance track for the cluster.
+--
+-- 'manualSnapshotRetentionPeriod', 'awsRedshiftClusterDetails_manualSnapshotRetentionPeriod' - The default number of days to retain a manual snapshot.
+--
+-- If the value is @-1@, the snapshot is retained indefinitely.
+--
+-- This setting doesn\'t change the retention period of existing snapshots.
+--
+-- Valid values: Either @-1@ or an integer between 1 and 3,653
+--
+-- 'masterUsername', 'awsRedshiftClusterDetails_masterUsername' - The master user name for the cluster. This name is used to connect to
+-- the database that is specified in as the value of @DBName@.
+--
+-- 'nextMaintenanceWindowStartTime', 'awsRedshiftClusterDetails_nextMaintenanceWindowStartTime' - Indicates the start of the next maintenance window.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'nodeType', 'awsRedshiftClusterDetails_nodeType' - The node type for the nodes in the cluster.
+--
+-- 'numberOfNodes', 'awsRedshiftClusterDetails_numberOfNodes' - The number of compute nodes in the cluster.
+--
+-- 'pendingActions', 'awsRedshiftClusterDetails_pendingActions' - A list of cluster operations that are waiting to start.
+--
+-- 'pendingModifiedValues', 'awsRedshiftClusterDetails_pendingModifiedValues' - A list of changes to the cluster that are currently pending.
+--
+-- 'preferredMaintenanceWindow', 'awsRedshiftClusterDetails_preferredMaintenanceWindow' - The weekly time range, in Universal Coordinated Time (UTC), during which
+-- system maintenance can occur.
+--
+-- Format: @ @/@\<day>@/@:HH:MM-@/@\<day>@/@:HH:MM@
+--
+-- For the day values, use @mon@ | @tue@ | @wed@ | @thu@ | @fri@ | @sat@ |
+-- @sun@
+--
+-- For example, @sun:09:32-sun:10:02@
+--
+-- 'publiclyAccessible', 'awsRedshiftClusterDetails_publiclyAccessible' - Whether the cluster can be accessed from a public network.
+--
+-- 'resizeInfo', 'awsRedshiftClusterDetails_resizeInfo' - Information about the resize operation for the cluster.
+--
+-- 'restoreStatus', 'awsRedshiftClusterDetails_restoreStatus' - Information about the status of a cluster restore action. Only applies
+-- to a cluster that was created by restoring a snapshot.
+--
+-- 'snapshotScheduleIdentifier', 'awsRedshiftClusterDetails_snapshotScheduleIdentifier' - A unique identifier for the cluster snapshot schedule.
+--
+-- 'snapshotScheduleState', 'awsRedshiftClusterDetails_snapshotScheduleState' - The current state of the cluster snapshot schedule.
+--
+-- Valid values: @MODIFYING@ | @ACTIVE@ | @FAILED@
+--
+-- 'vpcId', 'awsRedshiftClusterDetails_vpcId' - The identifier of the VPC that the cluster is in, if the cluster is in a
+-- VPC.
+--
+-- 'vpcSecurityGroups', 'awsRedshiftClusterDetails_vpcSecurityGroups' - The list of VPC security groups that the cluster belongs to, if the
+-- cluster is in a VPC.
+newAwsRedshiftClusterDetails ::
+  AwsRedshiftClusterDetails
+newAwsRedshiftClusterDetails =
+  AwsRedshiftClusterDetails'
+    { allowVersionUpgrade =
+        Prelude.Nothing,
+      automatedSnapshotRetentionPeriod =
+        Prelude.Nothing,
+      availabilityZone = Prelude.Nothing,
+      clusterAvailabilityStatus = Prelude.Nothing,
+      clusterCreateTime = Prelude.Nothing,
+      clusterIdentifier = Prelude.Nothing,
+      clusterNodes = Prelude.Nothing,
+      clusterParameterGroups = Prelude.Nothing,
+      clusterPublicKey = Prelude.Nothing,
+      clusterRevisionNumber = Prelude.Nothing,
+      clusterSecurityGroups = Prelude.Nothing,
+      clusterSnapshotCopyStatus = Prelude.Nothing,
+      clusterStatus = Prelude.Nothing,
+      clusterSubnetGroupName = Prelude.Nothing,
+      clusterVersion = Prelude.Nothing,
+      dbName = Prelude.Nothing,
+      deferredMaintenanceWindows = Prelude.Nothing,
+      elasticIpStatus = Prelude.Nothing,
+      elasticResizeNumberOfNodeOptions =
+        Prelude.Nothing,
+      encrypted = Prelude.Nothing,
+      endpoint = Prelude.Nothing,
+      enhancedVpcRouting = Prelude.Nothing,
+      expectedNextSnapshotScheduleTime =
+        Prelude.Nothing,
+      expectedNextSnapshotScheduleTimeStatus =
+        Prelude.Nothing,
+      hsmStatus = Prelude.Nothing,
+      iamRoles = Prelude.Nothing,
+      kmsKeyId = Prelude.Nothing,
+      loggingStatus = Prelude.Nothing,
+      maintenanceTrackName = Prelude.Nothing,
+      manualSnapshotRetentionPeriod = Prelude.Nothing,
+      masterUsername = Prelude.Nothing,
+      nextMaintenanceWindowStartTime = Prelude.Nothing,
+      nodeType = Prelude.Nothing,
+      numberOfNodes = Prelude.Nothing,
+      pendingActions = Prelude.Nothing,
+      pendingModifiedValues = Prelude.Nothing,
+      preferredMaintenanceWindow = Prelude.Nothing,
+      publiclyAccessible = Prelude.Nothing,
+      resizeInfo = Prelude.Nothing,
+      restoreStatus = Prelude.Nothing,
+      snapshotScheduleIdentifier = Prelude.Nothing,
+      snapshotScheduleState = Prelude.Nothing,
+      vpcId = Prelude.Nothing,
+      vpcSecurityGroups = Prelude.Nothing
+    }
+
+-- | Indicates whether major version upgrades are applied automatically to
+-- the cluster during the maintenance window.
+awsRedshiftClusterDetails_allowVersionUpgrade :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Bool)
+awsRedshiftClusterDetails_allowVersionUpgrade = Lens.lens (\AwsRedshiftClusterDetails' {allowVersionUpgrade} -> allowVersionUpgrade) (\s@AwsRedshiftClusterDetails' {} a -> s {allowVersionUpgrade = a} :: AwsRedshiftClusterDetails)
+
+-- | The number of days that automatic cluster snapshots are retained.
+awsRedshiftClusterDetails_automatedSnapshotRetentionPeriod :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Int)
+awsRedshiftClusterDetails_automatedSnapshotRetentionPeriod = Lens.lens (\AwsRedshiftClusterDetails' {automatedSnapshotRetentionPeriod} -> automatedSnapshotRetentionPeriod) (\s@AwsRedshiftClusterDetails' {} a -> s {automatedSnapshotRetentionPeriod = a} :: AwsRedshiftClusterDetails)
+
+-- | The name of the Availability Zone in which the cluster is located.
+awsRedshiftClusterDetails_availabilityZone :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_availabilityZone = Lens.lens (\AwsRedshiftClusterDetails' {availabilityZone} -> availabilityZone) (\s@AwsRedshiftClusterDetails' {} a -> s {availabilityZone = a} :: AwsRedshiftClusterDetails)
+
+-- | The availability status of the cluster for queries. Possible values are
+-- the following:
+--
+-- -   @Available@ - The cluster is available for queries.
+--
+-- -   @Unavailable@ - The cluster is not available for queries.
+--
+-- -   @Maintenance@ - The cluster is intermittently available for queries
+--     due to maintenance activities.
+--
+-- -   @Modifying@ -The cluster is intermittently available for queries due
+--     to changes that modify the cluster.
+--
+-- -   @Failed@ - The cluster failed and is not available for queries.
+awsRedshiftClusterDetails_clusterAvailabilityStatus :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_clusterAvailabilityStatus = Lens.lens (\AwsRedshiftClusterDetails' {clusterAvailabilityStatus} -> clusterAvailabilityStatus) (\s@AwsRedshiftClusterDetails' {} a -> s {clusterAvailabilityStatus = a} :: AwsRedshiftClusterDetails)
+
+-- | Indicates when the cluster was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsRedshiftClusterDetails_clusterCreateTime :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_clusterCreateTime = Lens.lens (\AwsRedshiftClusterDetails' {clusterCreateTime} -> clusterCreateTime) (\s@AwsRedshiftClusterDetails' {} a -> s {clusterCreateTime = a} :: AwsRedshiftClusterDetails)
+
+-- | The unique identifier of the cluster.
+awsRedshiftClusterDetails_clusterIdentifier :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_clusterIdentifier = Lens.lens (\AwsRedshiftClusterDetails' {clusterIdentifier} -> clusterIdentifier) (\s@AwsRedshiftClusterDetails' {} a -> s {clusterIdentifier = a} :: AwsRedshiftClusterDetails)
+
+-- | The nodes in the cluster.
+awsRedshiftClusterDetails_clusterNodes :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe [AwsRedshiftClusterClusterNode])
+awsRedshiftClusterDetails_clusterNodes = Lens.lens (\AwsRedshiftClusterDetails' {clusterNodes} -> clusterNodes) (\s@AwsRedshiftClusterDetails' {} a -> s {clusterNodes = a} :: AwsRedshiftClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The list of cluster parameter groups that are associated with this
+-- cluster.
+awsRedshiftClusterDetails_clusterParameterGroups :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe [AwsRedshiftClusterClusterParameterGroup])
+awsRedshiftClusterDetails_clusterParameterGroups = Lens.lens (\AwsRedshiftClusterDetails' {clusterParameterGroups} -> clusterParameterGroups) (\s@AwsRedshiftClusterDetails' {} a -> s {clusterParameterGroups = a} :: AwsRedshiftClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The public key for the cluster.
+awsRedshiftClusterDetails_clusterPublicKey :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_clusterPublicKey = Lens.lens (\AwsRedshiftClusterDetails' {clusterPublicKey} -> clusterPublicKey) (\s@AwsRedshiftClusterDetails' {} a -> s {clusterPublicKey = a} :: AwsRedshiftClusterDetails)
+
+-- | The specific revision number of the database in the cluster.
+awsRedshiftClusterDetails_clusterRevisionNumber :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_clusterRevisionNumber = Lens.lens (\AwsRedshiftClusterDetails' {clusterRevisionNumber} -> clusterRevisionNumber) (\s@AwsRedshiftClusterDetails' {} a -> s {clusterRevisionNumber = a} :: AwsRedshiftClusterDetails)
+
+-- | A list of cluster security groups that are associated with the cluster.
+awsRedshiftClusterDetails_clusterSecurityGroups :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe [AwsRedshiftClusterClusterSecurityGroup])
+awsRedshiftClusterDetails_clusterSecurityGroups = Lens.lens (\AwsRedshiftClusterDetails' {clusterSecurityGroups} -> clusterSecurityGroups) (\s@AwsRedshiftClusterDetails' {} a -> s {clusterSecurityGroups = a} :: AwsRedshiftClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Information about the destination Region and retention period for the
+-- cross-Region snapshot copy.
+awsRedshiftClusterDetails_clusterSnapshotCopyStatus :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe AwsRedshiftClusterClusterSnapshotCopyStatus)
+awsRedshiftClusterDetails_clusterSnapshotCopyStatus = Lens.lens (\AwsRedshiftClusterDetails' {clusterSnapshotCopyStatus} -> clusterSnapshotCopyStatus) (\s@AwsRedshiftClusterDetails' {} a -> s {clusterSnapshotCopyStatus = a} :: AwsRedshiftClusterDetails)
+
+-- | The current status of the cluster.
+--
+-- Valid values: @available@ | @available, prep-for-resize@ |
+-- @available, resize-cleanup@ |@ cancelling-resize@ | @creating@ |
+-- @deleting@ | @final-snapshot@ | @hardware-failure@ | @incompatible-hsm@
+-- |@ incompatible-network@ | @incompatible-parameters@ |
+-- @incompatible-restore@ | @modifying@ | @paused@ | @rebooting@ |
+-- @renaming@ | @resizing@ | @rotating-keys@ | @storage-full@ |
+-- @updating-hsm@
+awsRedshiftClusterDetails_clusterStatus :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_clusterStatus = Lens.lens (\AwsRedshiftClusterDetails' {clusterStatus} -> clusterStatus) (\s@AwsRedshiftClusterDetails' {} a -> s {clusterStatus = a} :: AwsRedshiftClusterDetails)
+
+-- | The name of the subnet group that is associated with the cluster. This
+-- parameter is valid only when the cluster is in a VPC.
+awsRedshiftClusterDetails_clusterSubnetGroupName :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_clusterSubnetGroupName = Lens.lens (\AwsRedshiftClusterDetails' {clusterSubnetGroupName} -> clusterSubnetGroupName) (\s@AwsRedshiftClusterDetails' {} a -> s {clusterSubnetGroupName = a} :: AwsRedshiftClusterDetails)
+
+-- | The version ID of the Amazon Redshift engine that runs on the cluster.
+awsRedshiftClusterDetails_clusterVersion :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_clusterVersion = Lens.lens (\AwsRedshiftClusterDetails' {clusterVersion} -> clusterVersion) (\s@AwsRedshiftClusterDetails' {} a -> s {clusterVersion = a} :: AwsRedshiftClusterDetails)
+
+-- | The name of the initial database that was created when the cluster was
+-- created.
+--
+-- The same name is returned for the life of the cluster.
+--
+-- If an initial database is not specified, a database named @devdev@ is
+-- created by default.
+awsRedshiftClusterDetails_dbName :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_dbName = Lens.lens (\AwsRedshiftClusterDetails' {dbName} -> dbName) (\s@AwsRedshiftClusterDetails' {} a -> s {dbName = a} :: AwsRedshiftClusterDetails)
+
+-- | List of time windows during which maintenance was deferred.
+awsRedshiftClusterDetails_deferredMaintenanceWindows :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe [AwsRedshiftClusterDeferredMaintenanceWindow])
+awsRedshiftClusterDetails_deferredMaintenanceWindows = Lens.lens (\AwsRedshiftClusterDetails' {deferredMaintenanceWindows} -> deferredMaintenanceWindows) (\s@AwsRedshiftClusterDetails' {} a -> s {deferredMaintenanceWindows = a} :: AwsRedshiftClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Information about the status of the Elastic IP (EIP) address.
+awsRedshiftClusterDetails_elasticIpStatus :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe AwsRedshiftClusterElasticIpStatus)
+awsRedshiftClusterDetails_elasticIpStatus = Lens.lens (\AwsRedshiftClusterDetails' {elasticIpStatus} -> elasticIpStatus) (\s@AwsRedshiftClusterDetails' {} a -> s {elasticIpStatus = a} :: AwsRedshiftClusterDetails)
+
+-- | The number of nodes that you can use the elastic resize method to resize
+-- the cluster to.
+awsRedshiftClusterDetails_elasticResizeNumberOfNodeOptions :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_elasticResizeNumberOfNodeOptions = Lens.lens (\AwsRedshiftClusterDetails' {elasticResizeNumberOfNodeOptions} -> elasticResizeNumberOfNodeOptions) (\s@AwsRedshiftClusterDetails' {} a -> s {elasticResizeNumberOfNodeOptions = a} :: AwsRedshiftClusterDetails)
+
+-- | Indicates whether the data in the cluster is encrypted at rest.
+awsRedshiftClusterDetails_encrypted :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Bool)
+awsRedshiftClusterDetails_encrypted = Lens.lens (\AwsRedshiftClusterDetails' {encrypted} -> encrypted) (\s@AwsRedshiftClusterDetails' {} a -> s {encrypted = a} :: AwsRedshiftClusterDetails)
+
+-- | The connection endpoint.
+awsRedshiftClusterDetails_endpoint :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe AwsRedshiftClusterEndpoint)
+awsRedshiftClusterDetails_endpoint = Lens.lens (\AwsRedshiftClusterDetails' {endpoint} -> endpoint) (\s@AwsRedshiftClusterDetails' {} a -> s {endpoint = a} :: AwsRedshiftClusterDetails)
+
+-- | Indicates whether to create the cluster with enhanced VPC routing
+-- enabled.
+awsRedshiftClusterDetails_enhancedVpcRouting :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Bool)
+awsRedshiftClusterDetails_enhancedVpcRouting = Lens.lens (\AwsRedshiftClusterDetails' {enhancedVpcRouting} -> enhancedVpcRouting) (\s@AwsRedshiftClusterDetails' {} a -> s {enhancedVpcRouting = a} :: AwsRedshiftClusterDetails)
+
+-- | Indicates when the next snapshot is expected to be taken. The cluster
+-- must have a valid snapshot schedule and have backups enabled.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsRedshiftClusterDetails_expectedNextSnapshotScheduleTime :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_expectedNextSnapshotScheduleTime = Lens.lens (\AwsRedshiftClusterDetails' {expectedNextSnapshotScheduleTime} -> expectedNextSnapshotScheduleTime) (\s@AwsRedshiftClusterDetails' {} a -> s {expectedNextSnapshotScheduleTime = a} :: AwsRedshiftClusterDetails)
+
+-- | The status of the next expected snapshot.
+--
+-- Valid values: @OnTrack@ | @Pending@
+awsRedshiftClusterDetails_expectedNextSnapshotScheduleTimeStatus :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_expectedNextSnapshotScheduleTimeStatus = Lens.lens (\AwsRedshiftClusterDetails' {expectedNextSnapshotScheduleTimeStatus} -> expectedNextSnapshotScheduleTimeStatus) (\s@AwsRedshiftClusterDetails' {} a -> s {expectedNextSnapshotScheduleTimeStatus = a} :: AwsRedshiftClusterDetails)
+
+-- | Information about whether the Amazon Redshift cluster finished applying
+-- any changes to hardware security module (HSM) settings that were
+-- specified in a modify cluster command.
+awsRedshiftClusterDetails_hsmStatus :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe AwsRedshiftClusterHsmStatus)
+awsRedshiftClusterDetails_hsmStatus = Lens.lens (\AwsRedshiftClusterDetails' {hsmStatus} -> hsmStatus) (\s@AwsRedshiftClusterDetails' {} a -> s {hsmStatus = a} :: AwsRedshiftClusterDetails)
+
+-- | A list of IAM roles that the cluster can use to access other Amazon Web
+-- Services services.
+awsRedshiftClusterDetails_iamRoles :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe [AwsRedshiftClusterIamRole])
+awsRedshiftClusterDetails_iamRoles = Lens.lens (\AwsRedshiftClusterDetails' {iamRoles} -> iamRoles) (\s@AwsRedshiftClusterDetails' {} a -> s {iamRoles = a} :: AwsRedshiftClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The identifier of the KMS encryption key that is used to encrypt data in
+-- the cluster.
+awsRedshiftClusterDetails_kmsKeyId :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_kmsKeyId = Lens.lens (\AwsRedshiftClusterDetails' {kmsKeyId} -> kmsKeyId) (\s@AwsRedshiftClusterDetails' {} a -> s {kmsKeyId = a} :: AwsRedshiftClusterDetails)
+
+-- | Information about the logging status of the cluster.
+awsRedshiftClusterDetails_loggingStatus :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe AwsRedshiftClusterLoggingStatus)
+awsRedshiftClusterDetails_loggingStatus = Lens.lens (\AwsRedshiftClusterDetails' {loggingStatus} -> loggingStatus) (\s@AwsRedshiftClusterDetails' {} a -> s {loggingStatus = a} :: AwsRedshiftClusterDetails)
+
+-- | The name of the maintenance track for the cluster.
+awsRedshiftClusterDetails_maintenanceTrackName :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_maintenanceTrackName = Lens.lens (\AwsRedshiftClusterDetails' {maintenanceTrackName} -> maintenanceTrackName) (\s@AwsRedshiftClusterDetails' {} a -> s {maintenanceTrackName = a} :: AwsRedshiftClusterDetails)
+
+-- | The default number of days to retain a manual snapshot.
+--
+-- If the value is @-1@, the snapshot is retained indefinitely.
+--
+-- This setting doesn\'t change the retention period of existing snapshots.
+--
+-- Valid values: Either @-1@ or an integer between 1 and 3,653
+awsRedshiftClusterDetails_manualSnapshotRetentionPeriod :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Int)
+awsRedshiftClusterDetails_manualSnapshotRetentionPeriod = Lens.lens (\AwsRedshiftClusterDetails' {manualSnapshotRetentionPeriod} -> manualSnapshotRetentionPeriod) (\s@AwsRedshiftClusterDetails' {} a -> s {manualSnapshotRetentionPeriod = a} :: AwsRedshiftClusterDetails)
+
+-- | The master user name for the cluster. This name is used to connect to
+-- the database that is specified in as the value of @DBName@.
+awsRedshiftClusterDetails_masterUsername :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_masterUsername = Lens.lens (\AwsRedshiftClusterDetails' {masterUsername} -> masterUsername) (\s@AwsRedshiftClusterDetails' {} a -> s {masterUsername = a} :: AwsRedshiftClusterDetails)
+
+-- | Indicates the start of the next maintenance window.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsRedshiftClusterDetails_nextMaintenanceWindowStartTime :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_nextMaintenanceWindowStartTime = Lens.lens (\AwsRedshiftClusterDetails' {nextMaintenanceWindowStartTime} -> nextMaintenanceWindowStartTime) (\s@AwsRedshiftClusterDetails' {} a -> s {nextMaintenanceWindowStartTime = a} :: AwsRedshiftClusterDetails)
+
+-- | The node type for the nodes in the cluster.
+awsRedshiftClusterDetails_nodeType :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_nodeType = Lens.lens (\AwsRedshiftClusterDetails' {nodeType} -> nodeType) (\s@AwsRedshiftClusterDetails' {} a -> s {nodeType = a} :: AwsRedshiftClusterDetails)
+
+-- | The number of compute nodes in the cluster.
+awsRedshiftClusterDetails_numberOfNodes :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Int)
+awsRedshiftClusterDetails_numberOfNodes = Lens.lens (\AwsRedshiftClusterDetails' {numberOfNodes} -> numberOfNodes) (\s@AwsRedshiftClusterDetails' {} a -> s {numberOfNodes = a} :: AwsRedshiftClusterDetails)
+
+-- | A list of cluster operations that are waiting to start.
+awsRedshiftClusterDetails_pendingActions :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe [Prelude.Text])
+awsRedshiftClusterDetails_pendingActions = Lens.lens (\AwsRedshiftClusterDetails' {pendingActions} -> pendingActions) (\s@AwsRedshiftClusterDetails' {} a -> s {pendingActions = a} :: AwsRedshiftClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of changes to the cluster that are currently pending.
+awsRedshiftClusterDetails_pendingModifiedValues :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe AwsRedshiftClusterPendingModifiedValues)
+awsRedshiftClusterDetails_pendingModifiedValues = Lens.lens (\AwsRedshiftClusterDetails' {pendingModifiedValues} -> pendingModifiedValues) (\s@AwsRedshiftClusterDetails' {} a -> s {pendingModifiedValues = a} :: AwsRedshiftClusterDetails)
+
+-- | The weekly time range, in Universal Coordinated Time (UTC), during which
+-- system maintenance can occur.
+--
+-- Format: @ @/@\<day>@/@:HH:MM-@/@\<day>@/@:HH:MM@
+--
+-- For the day values, use @mon@ | @tue@ | @wed@ | @thu@ | @fri@ | @sat@ |
+-- @sun@
+--
+-- For example, @sun:09:32-sun:10:02@
+awsRedshiftClusterDetails_preferredMaintenanceWindow :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_preferredMaintenanceWindow = Lens.lens (\AwsRedshiftClusterDetails' {preferredMaintenanceWindow} -> preferredMaintenanceWindow) (\s@AwsRedshiftClusterDetails' {} a -> s {preferredMaintenanceWindow = a} :: AwsRedshiftClusterDetails)
+
+-- | Whether the cluster can be accessed from a public network.
+awsRedshiftClusterDetails_publiclyAccessible :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Bool)
+awsRedshiftClusterDetails_publiclyAccessible = Lens.lens (\AwsRedshiftClusterDetails' {publiclyAccessible} -> publiclyAccessible) (\s@AwsRedshiftClusterDetails' {} a -> s {publiclyAccessible = a} :: AwsRedshiftClusterDetails)
+
+-- | Information about the resize operation for the cluster.
+awsRedshiftClusterDetails_resizeInfo :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe AwsRedshiftClusterResizeInfo)
+awsRedshiftClusterDetails_resizeInfo = Lens.lens (\AwsRedshiftClusterDetails' {resizeInfo} -> resizeInfo) (\s@AwsRedshiftClusterDetails' {} a -> s {resizeInfo = a} :: AwsRedshiftClusterDetails)
+
+-- | Information about the status of a cluster restore action. Only applies
+-- to a cluster that was created by restoring a snapshot.
+awsRedshiftClusterDetails_restoreStatus :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe AwsRedshiftClusterRestoreStatus)
+awsRedshiftClusterDetails_restoreStatus = Lens.lens (\AwsRedshiftClusterDetails' {restoreStatus} -> restoreStatus) (\s@AwsRedshiftClusterDetails' {} a -> s {restoreStatus = a} :: AwsRedshiftClusterDetails)
+
+-- | A unique identifier for the cluster snapshot schedule.
+awsRedshiftClusterDetails_snapshotScheduleIdentifier :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_snapshotScheduleIdentifier = Lens.lens (\AwsRedshiftClusterDetails' {snapshotScheduleIdentifier} -> snapshotScheduleIdentifier) (\s@AwsRedshiftClusterDetails' {} a -> s {snapshotScheduleIdentifier = a} :: AwsRedshiftClusterDetails)
+
+-- | The current state of the cluster snapshot schedule.
+--
+-- Valid values: @MODIFYING@ | @ACTIVE@ | @FAILED@
+awsRedshiftClusterDetails_snapshotScheduleState :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_snapshotScheduleState = Lens.lens (\AwsRedshiftClusterDetails' {snapshotScheduleState} -> snapshotScheduleState) (\s@AwsRedshiftClusterDetails' {} a -> s {snapshotScheduleState = a} :: AwsRedshiftClusterDetails)
+
+-- | The identifier of the VPC that the cluster is in, if the cluster is in a
+-- VPC.
+awsRedshiftClusterDetails_vpcId :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterDetails_vpcId = Lens.lens (\AwsRedshiftClusterDetails' {vpcId} -> vpcId) (\s@AwsRedshiftClusterDetails' {} a -> s {vpcId = a} :: AwsRedshiftClusterDetails)
+
+-- | The list of VPC security groups that the cluster belongs to, if the
+-- cluster is in a VPC.
+awsRedshiftClusterDetails_vpcSecurityGroups :: Lens.Lens' AwsRedshiftClusterDetails (Prelude.Maybe [AwsRedshiftClusterVpcSecurityGroup])
+awsRedshiftClusterDetails_vpcSecurityGroups = Lens.lens (\AwsRedshiftClusterDetails' {vpcSecurityGroups} -> vpcSecurityGroups) (\s@AwsRedshiftClusterDetails' {} a -> s {vpcSecurityGroups = a} :: AwsRedshiftClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsRedshiftClusterDetails where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterDetails"
+      ( \x ->
+          AwsRedshiftClusterDetails'
+            Prelude.<$> (x Data..:? "AllowVersionUpgrade")
+            Prelude.<*> (x Data..:? "AutomatedSnapshotRetentionPeriod")
+            Prelude.<*> (x Data..:? "AvailabilityZone")
+            Prelude.<*> (x Data..:? "ClusterAvailabilityStatus")
+            Prelude.<*> (x Data..:? "ClusterCreateTime")
+            Prelude.<*> (x Data..:? "ClusterIdentifier")
+            Prelude.<*> (x Data..:? "ClusterNodes" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "ClusterParameterGroups"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ClusterPublicKey")
+            Prelude.<*> (x Data..:? "ClusterRevisionNumber")
+            Prelude.<*> ( x
+                            Data..:? "ClusterSecurityGroups"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ClusterSnapshotCopyStatus")
+            Prelude.<*> (x Data..:? "ClusterStatus")
+            Prelude.<*> (x Data..:? "ClusterSubnetGroupName")
+            Prelude.<*> (x Data..:? "ClusterVersion")
+            Prelude.<*> (x Data..:? "DBName")
+            Prelude.<*> ( x
+                            Data..:? "DeferredMaintenanceWindows"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ElasticIpStatus")
+            Prelude.<*> (x Data..:? "ElasticResizeNumberOfNodeOptions")
+            Prelude.<*> (x Data..:? "Encrypted")
+            Prelude.<*> (x Data..:? "Endpoint")
+            Prelude.<*> (x Data..:? "EnhancedVpcRouting")
+            Prelude.<*> (x Data..:? "ExpectedNextSnapshotScheduleTime")
+            Prelude.<*> (x Data..:? "ExpectedNextSnapshotScheduleTimeStatus")
+            Prelude.<*> (x Data..:? "HsmStatus")
+            Prelude.<*> (x Data..:? "IamRoles" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "KmsKeyId")
+            Prelude.<*> (x Data..:? "LoggingStatus")
+            Prelude.<*> (x Data..:? "MaintenanceTrackName")
+            Prelude.<*> (x Data..:? "ManualSnapshotRetentionPeriod")
+            Prelude.<*> (x Data..:? "MasterUsername")
+            Prelude.<*> (x Data..:? "NextMaintenanceWindowStartTime")
+            Prelude.<*> (x Data..:? "NodeType")
+            Prelude.<*> (x Data..:? "NumberOfNodes")
+            Prelude.<*> (x Data..:? "PendingActions" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "PendingModifiedValues")
+            Prelude.<*> (x Data..:? "PreferredMaintenanceWindow")
+            Prelude.<*> (x Data..:? "PubliclyAccessible")
+            Prelude.<*> (x Data..:? "ResizeInfo")
+            Prelude.<*> (x Data..:? "RestoreStatus")
+            Prelude.<*> (x Data..:? "SnapshotScheduleIdentifier")
+            Prelude.<*> (x Data..:? "SnapshotScheduleState")
+            Prelude.<*> (x Data..:? "VpcId")
+            Prelude.<*> ( x
+                            Data..:? "VpcSecurityGroups"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable AwsRedshiftClusterDetails where
+  hashWithSalt _salt AwsRedshiftClusterDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` allowVersionUpgrade
+      `Prelude.hashWithSalt` automatedSnapshotRetentionPeriod
+      `Prelude.hashWithSalt` availabilityZone
+      `Prelude.hashWithSalt` clusterAvailabilityStatus
+      `Prelude.hashWithSalt` clusterCreateTime
+      `Prelude.hashWithSalt` clusterIdentifier
+      `Prelude.hashWithSalt` clusterNodes
+      `Prelude.hashWithSalt` clusterParameterGroups
+      `Prelude.hashWithSalt` clusterPublicKey
+      `Prelude.hashWithSalt` clusterRevisionNumber
+      `Prelude.hashWithSalt` clusterSecurityGroups
+      `Prelude.hashWithSalt` clusterSnapshotCopyStatus
+      `Prelude.hashWithSalt` clusterStatus
+      `Prelude.hashWithSalt` clusterSubnetGroupName
+      `Prelude.hashWithSalt` clusterVersion
+      `Prelude.hashWithSalt` dbName
+      `Prelude.hashWithSalt` deferredMaintenanceWindows
+      `Prelude.hashWithSalt` elasticIpStatus
+      `Prelude.hashWithSalt` elasticResizeNumberOfNodeOptions
+      `Prelude.hashWithSalt` encrypted
+      `Prelude.hashWithSalt` endpoint
+      `Prelude.hashWithSalt` enhancedVpcRouting
+      `Prelude.hashWithSalt` expectedNextSnapshotScheduleTime
+      `Prelude.hashWithSalt` expectedNextSnapshotScheduleTimeStatus
+      `Prelude.hashWithSalt` hsmStatus
+      `Prelude.hashWithSalt` iamRoles
+      `Prelude.hashWithSalt` kmsKeyId
+      `Prelude.hashWithSalt` loggingStatus
+      `Prelude.hashWithSalt` maintenanceTrackName
+      `Prelude.hashWithSalt` manualSnapshotRetentionPeriod
+      `Prelude.hashWithSalt` masterUsername
+      `Prelude.hashWithSalt` nextMaintenanceWindowStartTime
+      `Prelude.hashWithSalt` nodeType
+      `Prelude.hashWithSalt` numberOfNodes
+      `Prelude.hashWithSalt` pendingActions
+      `Prelude.hashWithSalt` pendingModifiedValues
+      `Prelude.hashWithSalt` preferredMaintenanceWindow
+      `Prelude.hashWithSalt` publiclyAccessible
+      `Prelude.hashWithSalt` resizeInfo
+      `Prelude.hashWithSalt` restoreStatus
+      `Prelude.hashWithSalt` snapshotScheduleIdentifier
+      `Prelude.hashWithSalt` snapshotScheduleState
+      `Prelude.hashWithSalt` vpcId
+      `Prelude.hashWithSalt` vpcSecurityGroups
+
+instance Prelude.NFData AwsRedshiftClusterDetails where
+  rnf AwsRedshiftClusterDetails' {..} =
+    Prelude.rnf allowVersionUpgrade
+      `Prelude.seq` Prelude.rnf automatedSnapshotRetentionPeriod
+      `Prelude.seq` Prelude.rnf availabilityZone
+      `Prelude.seq` Prelude.rnf clusterAvailabilityStatus
+      `Prelude.seq` Prelude.rnf clusterCreateTime
+      `Prelude.seq` Prelude.rnf clusterIdentifier
+      `Prelude.seq` Prelude.rnf clusterNodes
+      `Prelude.seq` Prelude.rnf clusterParameterGroups
+      `Prelude.seq` Prelude.rnf clusterPublicKey
+      `Prelude.seq` Prelude.rnf clusterRevisionNumber
+      `Prelude.seq` Prelude.rnf clusterSecurityGroups
+      `Prelude.seq` Prelude.rnf clusterSnapshotCopyStatus
+      `Prelude.seq` Prelude.rnf clusterStatus
+      `Prelude.seq` Prelude.rnf clusterSubnetGroupName
+      `Prelude.seq` Prelude.rnf clusterVersion
+      `Prelude.seq` Prelude.rnf dbName
+      `Prelude.seq` Prelude.rnf
+        deferredMaintenanceWindows
+      `Prelude.seq` Prelude.rnf elasticIpStatus
+      `Prelude.seq` Prelude.rnf
+        elasticResizeNumberOfNodeOptions
+      `Prelude.seq` Prelude.rnf encrypted
+      `Prelude.seq` Prelude.rnf endpoint
+      `Prelude.seq` Prelude.rnf
+        enhancedVpcRouting
+      `Prelude.seq` Prelude.rnf
+        expectedNextSnapshotScheduleTime
+      `Prelude.seq` Prelude.rnf
+        expectedNextSnapshotScheduleTimeStatus
+      `Prelude.seq` Prelude.rnf
+        hsmStatus
+      `Prelude.seq` Prelude.rnf
+        iamRoles
+      `Prelude.seq` Prelude.rnf
+        kmsKeyId
+      `Prelude.seq` Prelude.rnf
+        loggingStatus
+      `Prelude.seq` Prelude.rnf
+        maintenanceTrackName
+      `Prelude.seq` Prelude.rnf
+        manualSnapshotRetentionPeriod
+      `Prelude.seq` Prelude.rnf
+        masterUsername
+      `Prelude.seq` Prelude.rnf
+        nextMaintenanceWindowStartTime
+      `Prelude.seq` Prelude.rnf
+        nodeType
+      `Prelude.seq` Prelude.rnf
+        numberOfNodes
+      `Prelude.seq` Prelude.rnf
+        pendingActions
+      `Prelude.seq` Prelude.rnf
+        pendingModifiedValues
+      `Prelude.seq` Prelude.rnf
+        preferredMaintenanceWindow
+      `Prelude.seq` Prelude.rnf
+        publiclyAccessible
+      `Prelude.seq` Prelude.rnf
+        resizeInfo
+      `Prelude.seq` Prelude.rnf
+        restoreStatus
+      `Prelude.seq` Prelude.rnf
+        snapshotScheduleIdentifier
+      `Prelude.seq` Prelude.rnf
+        snapshotScheduleState
+      `Prelude.seq` Prelude.rnf
+        vpcId
+      `Prelude.seq` Prelude.rnf
+        vpcSecurityGroups
+
+instance Data.ToJSON AwsRedshiftClusterDetails where
+  toJSON AwsRedshiftClusterDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AllowVersionUpgrade" Data..=)
+              Prelude.<$> allowVersionUpgrade,
+            ("AutomatedSnapshotRetentionPeriod" Data..=)
+              Prelude.<$> automatedSnapshotRetentionPeriod,
+            ("AvailabilityZone" Data..=)
+              Prelude.<$> availabilityZone,
+            ("ClusterAvailabilityStatus" Data..=)
+              Prelude.<$> clusterAvailabilityStatus,
+            ("ClusterCreateTime" Data..=)
+              Prelude.<$> clusterCreateTime,
+            ("ClusterIdentifier" Data..=)
+              Prelude.<$> clusterIdentifier,
+            ("ClusterNodes" Data..=) Prelude.<$> clusterNodes,
+            ("ClusterParameterGroups" Data..=)
+              Prelude.<$> clusterParameterGroups,
+            ("ClusterPublicKey" Data..=)
+              Prelude.<$> clusterPublicKey,
+            ("ClusterRevisionNumber" Data..=)
+              Prelude.<$> clusterRevisionNumber,
+            ("ClusterSecurityGroups" Data..=)
+              Prelude.<$> clusterSecurityGroups,
+            ("ClusterSnapshotCopyStatus" Data..=)
+              Prelude.<$> clusterSnapshotCopyStatus,
+            ("ClusterStatus" Data..=) Prelude.<$> clusterStatus,
+            ("ClusterSubnetGroupName" Data..=)
+              Prelude.<$> clusterSubnetGroupName,
+            ("ClusterVersion" Data..=)
+              Prelude.<$> clusterVersion,
+            ("DBName" Data..=) Prelude.<$> dbName,
+            ("DeferredMaintenanceWindows" Data..=)
+              Prelude.<$> deferredMaintenanceWindows,
+            ("ElasticIpStatus" Data..=)
+              Prelude.<$> elasticIpStatus,
+            ("ElasticResizeNumberOfNodeOptions" Data..=)
+              Prelude.<$> elasticResizeNumberOfNodeOptions,
+            ("Encrypted" Data..=) Prelude.<$> encrypted,
+            ("Endpoint" Data..=) Prelude.<$> endpoint,
+            ("EnhancedVpcRouting" Data..=)
+              Prelude.<$> enhancedVpcRouting,
+            ("ExpectedNextSnapshotScheduleTime" Data..=)
+              Prelude.<$> expectedNextSnapshotScheduleTime,
+            ("ExpectedNextSnapshotScheduleTimeStatus" Data..=)
+              Prelude.<$> expectedNextSnapshotScheduleTimeStatus,
+            ("HsmStatus" Data..=) Prelude.<$> hsmStatus,
+            ("IamRoles" Data..=) Prelude.<$> iamRoles,
+            ("KmsKeyId" Data..=) Prelude.<$> kmsKeyId,
+            ("LoggingStatus" Data..=) Prelude.<$> loggingStatus,
+            ("MaintenanceTrackName" Data..=)
+              Prelude.<$> maintenanceTrackName,
+            ("ManualSnapshotRetentionPeriod" Data..=)
+              Prelude.<$> manualSnapshotRetentionPeriod,
+            ("MasterUsername" Data..=)
+              Prelude.<$> masterUsername,
+            ("NextMaintenanceWindowStartTime" Data..=)
+              Prelude.<$> nextMaintenanceWindowStartTime,
+            ("NodeType" Data..=) Prelude.<$> nodeType,
+            ("NumberOfNodes" Data..=) Prelude.<$> numberOfNodes,
+            ("PendingActions" Data..=)
+              Prelude.<$> pendingActions,
+            ("PendingModifiedValues" Data..=)
+              Prelude.<$> pendingModifiedValues,
+            ("PreferredMaintenanceWindow" Data..=)
+              Prelude.<$> preferredMaintenanceWindow,
+            ("PubliclyAccessible" Data..=)
+              Prelude.<$> publiclyAccessible,
+            ("ResizeInfo" Data..=) Prelude.<$> resizeInfo,
+            ("RestoreStatus" Data..=) Prelude.<$> restoreStatus,
+            ("SnapshotScheduleIdentifier" Data..=)
+              Prelude.<$> snapshotScheduleIdentifier,
+            ("SnapshotScheduleState" Data..=)
+              Prelude.<$> snapshotScheduleState,
+            ("VpcId" Data..=) Prelude.<$> vpcId,
+            ("VpcSecurityGroups" Data..=)
+              Prelude.<$> vpcSecurityGroups
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterElasticIpStatus.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterElasticIpStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterElasticIpStatus.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterElasticIpStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterElasticIpStatus where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The status of the elastic IP (EIP) address for an Amazon Redshift
+-- cluster.
+--
+-- /See:/ 'newAwsRedshiftClusterElasticIpStatus' smart constructor.
+data AwsRedshiftClusterElasticIpStatus = AwsRedshiftClusterElasticIpStatus'
+  { -- | The elastic IP address for the cluster.
+    elasticIp :: Prelude.Maybe Prelude.Text,
+    -- | The status of the elastic IP address.
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterElasticIpStatus' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'elasticIp', 'awsRedshiftClusterElasticIpStatus_elasticIp' - The elastic IP address for the cluster.
+--
+-- 'status', 'awsRedshiftClusterElasticIpStatus_status' - The status of the elastic IP address.
+newAwsRedshiftClusterElasticIpStatus ::
+  AwsRedshiftClusterElasticIpStatus
+newAwsRedshiftClusterElasticIpStatus =
+  AwsRedshiftClusterElasticIpStatus'
+    { elasticIp =
+        Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The elastic IP address for the cluster.
+awsRedshiftClusterElasticIpStatus_elasticIp :: Lens.Lens' AwsRedshiftClusterElasticIpStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterElasticIpStatus_elasticIp = Lens.lens (\AwsRedshiftClusterElasticIpStatus' {elasticIp} -> elasticIp) (\s@AwsRedshiftClusterElasticIpStatus' {} a -> s {elasticIp = a} :: AwsRedshiftClusterElasticIpStatus)
+
+-- | The status of the elastic IP address.
+awsRedshiftClusterElasticIpStatus_status :: Lens.Lens' AwsRedshiftClusterElasticIpStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterElasticIpStatus_status = Lens.lens (\AwsRedshiftClusterElasticIpStatus' {status} -> status) (\s@AwsRedshiftClusterElasticIpStatus' {} a -> s {status = a} :: AwsRedshiftClusterElasticIpStatus)
+
+instance
+  Data.FromJSON
+    AwsRedshiftClusterElasticIpStatus
+  where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterElasticIpStatus"
+      ( \x ->
+          AwsRedshiftClusterElasticIpStatus'
+            Prelude.<$> (x Data..:? "ElasticIp")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRedshiftClusterElasticIpStatus
+  where
+  hashWithSalt
+    _salt
+    AwsRedshiftClusterElasticIpStatus' {..} =
+      _salt
+        `Prelude.hashWithSalt` elasticIp
+        `Prelude.hashWithSalt` status
+
+instance
+  Prelude.NFData
+    AwsRedshiftClusterElasticIpStatus
+  where
+  rnf AwsRedshiftClusterElasticIpStatus' {..} =
+    Prelude.rnf elasticIp
+      `Prelude.seq` Prelude.rnf status
+
+instance
+  Data.ToJSON
+    AwsRedshiftClusterElasticIpStatus
+  where
+  toJSON AwsRedshiftClusterElasticIpStatus' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ElasticIp" Data..=) Prelude.<$> elasticIp,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterEndpoint.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterEndpoint.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterEndpoint.hs
@@ -0,0 +1,93 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterEndpoint
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterEndpoint where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The connection endpoint for an Amazon Redshift cluster.
+--
+-- /See:/ 'newAwsRedshiftClusterEndpoint' smart constructor.
+data AwsRedshiftClusterEndpoint = AwsRedshiftClusterEndpoint'
+  { -- | The DNS address of the cluster.
+    address :: Prelude.Maybe Prelude.Text,
+    -- | The port that the database engine listens on.
+    port :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterEndpoint' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'address', 'awsRedshiftClusterEndpoint_address' - The DNS address of the cluster.
+--
+-- 'port', 'awsRedshiftClusterEndpoint_port' - The port that the database engine listens on.
+newAwsRedshiftClusterEndpoint ::
+  AwsRedshiftClusterEndpoint
+newAwsRedshiftClusterEndpoint =
+  AwsRedshiftClusterEndpoint'
+    { address =
+        Prelude.Nothing,
+      port = Prelude.Nothing
+    }
+
+-- | The DNS address of the cluster.
+awsRedshiftClusterEndpoint_address :: Lens.Lens' AwsRedshiftClusterEndpoint (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterEndpoint_address = Lens.lens (\AwsRedshiftClusterEndpoint' {address} -> address) (\s@AwsRedshiftClusterEndpoint' {} a -> s {address = a} :: AwsRedshiftClusterEndpoint)
+
+-- | The port that the database engine listens on.
+awsRedshiftClusterEndpoint_port :: Lens.Lens' AwsRedshiftClusterEndpoint (Prelude.Maybe Prelude.Int)
+awsRedshiftClusterEndpoint_port = Lens.lens (\AwsRedshiftClusterEndpoint' {port} -> port) (\s@AwsRedshiftClusterEndpoint' {} a -> s {port = a} :: AwsRedshiftClusterEndpoint)
+
+instance Data.FromJSON AwsRedshiftClusterEndpoint where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterEndpoint"
+      ( \x ->
+          AwsRedshiftClusterEndpoint'
+            Prelude.<$> (x Data..:? "Address")
+            Prelude.<*> (x Data..:? "Port")
+      )
+
+instance Prelude.Hashable AwsRedshiftClusterEndpoint where
+  hashWithSalt _salt AwsRedshiftClusterEndpoint' {..} =
+    _salt
+      `Prelude.hashWithSalt` address
+      `Prelude.hashWithSalt` port
+
+instance Prelude.NFData AwsRedshiftClusterEndpoint where
+  rnf AwsRedshiftClusterEndpoint' {..} =
+    Prelude.rnf address `Prelude.seq` Prelude.rnf port
+
+instance Data.ToJSON AwsRedshiftClusterEndpoint where
+  toJSON AwsRedshiftClusterEndpoint' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Address" Data..=) Prelude.<$> address,
+            ("Port" Data..=) Prelude.<$> port
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterHsmStatus.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterHsmStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterHsmStatus.hs
@@ -0,0 +1,132 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterHsmStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterHsmStatus where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about whether an Amazon Redshift cluster finished applying
+-- any hardware changes to security module (HSM) settings that were
+-- specified in a modify cluster command.
+--
+-- /See:/ 'newAwsRedshiftClusterHsmStatus' smart constructor.
+data AwsRedshiftClusterHsmStatus = AwsRedshiftClusterHsmStatus'
+  { -- | The name of the HSM client certificate that the Amazon Redshift cluster
+    -- uses to retrieve the data encryption keys that are stored in an HSM.
+    hsmClientCertificateIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The name of the HSM configuration that contains the information that the
+    -- Amazon Redshift cluster can use to retrieve and store keys in an HSM.
+    hsmConfigurationIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether the Amazon Redshift cluster has finished applying any
+    -- HSM settings changes specified in a modify cluster command.
+    --
+    -- Type: String
+    --
+    -- Valid values: @active@ | @applying@
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterHsmStatus' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'hsmClientCertificateIdentifier', 'awsRedshiftClusterHsmStatus_hsmClientCertificateIdentifier' - The name of the HSM client certificate that the Amazon Redshift cluster
+-- uses to retrieve the data encryption keys that are stored in an HSM.
+--
+-- 'hsmConfigurationIdentifier', 'awsRedshiftClusterHsmStatus_hsmConfigurationIdentifier' - The name of the HSM configuration that contains the information that the
+-- Amazon Redshift cluster can use to retrieve and store keys in an HSM.
+--
+-- 'status', 'awsRedshiftClusterHsmStatus_status' - Indicates whether the Amazon Redshift cluster has finished applying any
+-- HSM settings changes specified in a modify cluster command.
+--
+-- Type: String
+--
+-- Valid values: @active@ | @applying@
+newAwsRedshiftClusterHsmStatus ::
+  AwsRedshiftClusterHsmStatus
+newAwsRedshiftClusterHsmStatus =
+  AwsRedshiftClusterHsmStatus'
+    { hsmClientCertificateIdentifier =
+        Prelude.Nothing,
+      hsmConfigurationIdentifier = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The name of the HSM client certificate that the Amazon Redshift cluster
+-- uses to retrieve the data encryption keys that are stored in an HSM.
+awsRedshiftClusterHsmStatus_hsmClientCertificateIdentifier :: Lens.Lens' AwsRedshiftClusterHsmStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterHsmStatus_hsmClientCertificateIdentifier = Lens.lens (\AwsRedshiftClusterHsmStatus' {hsmClientCertificateIdentifier} -> hsmClientCertificateIdentifier) (\s@AwsRedshiftClusterHsmStatus' {} a -> s {hsmClientCertificateIdentifier = a} :: AwsRedshiftClusterHsmStatus)
+
+-- | The name of the HSM configuration that contains the information that the
+-- Amazon Redshift cluster can use to retrieve and store keys in an HSM.
+awsRedshiftClusterHsmStatus_hsmConfigurationIdentifier :: Lens.Lens' AwsRedshiftClusterHsmStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterHsmStatus_hsmConfigurationIdentifier = Lens.lens (\AwsRedshiftClusterHsmStatus' {hsmConfigurationIdentifier} -> hsmConfigurationIdentifier) (\s@AwsRedshiftClusterHsmStatus' {} a -> s {hsmConfigurationIdentifier = a} :: AwsRedshiftClusterHsmStatus)
+
+-- | Indicates whether the Amazon Redshift cluster has finished applying any
+-- HSM settings changes specified in a modify cluster command.
+--
+-- Type: String
+--
+-- Valid values: @active@ | @applying@
+awsRedshiftClusterHsmStatus_status :: Lens.Lens' AwsRedshiftClusterHsmStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterHsmStatus_status = Lens.lens (\AwsRedshiftClusterHsmStatus' {status} -> status) (\s@AwsRedshiftClusterHsmStatus' {} a -> s {status = a} :: AwsRedshiftClusterHsmStatus)
+
+instance Data.FromJSON AwsRedshiftClusterHsmStatus where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterHsmStatus"
+      ( \x ->
+          AwsRedshiftClusterHsmStatus'
+            Prelude.<$> (x Data..:? "HsmClientCertificateIdentifier")
+            Prelude.<*> (x Data..:? "HsmConfigurationIdentifier")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance Prelude.Hashable AwsRedshiftClusterHsmStatus where
+  hashWithSalt _salt AwsRedshiftClusterHsmStatus' {..} =
+    _salt
+      `Prelude.hashWithSalt` hsmClientCertificateIdentifier
+      `Prelude.hashWithSalt` hsmConfigurationIdentifier
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData AwsRedshiftClusterHsmStatus where
+  rnf AwsRedshiftClusterHsmStatus' {..} =
+    Prelude.rnf hsmClientCertificateIdentifier
+      `Prelude.seq` Prelude.rnf hsmConfigurationIdentifier
+      `Prelude.seq` Prelude.rnf status
+
+instance Data.ToJSON AwsRedshiftClusterHsmStatus where
+  toJSON AwsRedshiftClusterHsmStatus' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("HsmClientCertificateIdentifier" Data..=)
+              Prelude.<$> hsmClientCertificateIdentifier,
+            ("HsmConfigurationIdentifier" Data..=)
+              Prelude.<$> hsmConfigurationIdentifier,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterIamRole.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterIamRole.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterIamRole.hs
@@ -0,0 +1,101 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterIamRole
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterIamRole where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An IAM role that the cluster can use to access other Amazon Web Services
+-- services.
+--
+-- /See:/ 'newAwsRedshiftClusterIamRole' smart constructor.
+data AwsRedshiftClusterIamRole = AwsRedshiftClusterIamRole'
+  { -- | The status of the IAM role\'s association with the cluster.
+    --
+    -- Valid values: @in-sync@ | @adding@ | @removing@
+    applyStatus :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the IAM role.
+    iamRoleArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterIamRole' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'applyStatus', 'awsRedshiftClusterIamRole_applyStatus' - The status of the IAM role\'s association with the cluster.
+--
+-- Valid values: @in-sync@ | @adding@ | @removing@
+--
+-- 'iamRoleArn', 'awsRedshiftClusterIamRole_iamRoleArn' - The ARN of the IAM role.
+newAwsRedshiftClusterIamRole ::
+  AwsRedshiftClusterIamRole
+newAwsRedshiftClusterIamRole =
+  AwsRedshiftClusterIamRole'
+    { applyStatus =
+        Prelude.Nothing,
+      iamRoleArn = Prelude.Nothing
+    }
+
+-- | The status of the IAM role\'s association with the cluster.
+--
+-- Valid values: @in-sync@ | @adding@ | @removing@
+awsRedshiftClusterIamRole_applyStatus :: Lens.Lens' AwsRedshiftClusterIamRole (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterIamRole_applyStatus = Lens.lens (\AwsRedshiftClusterIamRole' {applyStatus} -> applyStatus) (\s@AwsRedshiftClusterIamRole' {} a -> s {applyStatus = a} :: AwsRedshiftClusterIamRole)
+
+-- | The ARN of the IAM role.
+awsRedshiftClusterIamRole_iamRoleArn :: Lens.Lens' AwsRedshiftClusterIamRole (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterIamRole_iamRoleArn = Lens.lens (\AwsRedshiftClusterIamRole' {iamRoleArn} -> iamRoleArn) (\s@AwsRedshiftClusterIamRole' {} a -> s {iamRoleArn = a} :: AwsRedshiftClusterIamRole)
+
+instance Data.FromJSON AwsRedshiftClusterIamRole where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterIamRole"
+      ( \x ->
+          AwsRedshiftClusterIamRole'
+            Prelude.<$> (x Data..:? "ApplyStatus")
+            Prelude.<*> (x Data..:? "IamRoleArn")
+      )
+
+instance Prelude.Hashable AwsRedshiftClusterIamRole where
+  hashWithSalt _salt AwsRedshiftClusterIamRole' {..} =
+    _salt
+      `Prelude.hashWithSalt` applyStatus
+      `Prelude.hashWithSalt` iamRoleArn
+
+instance Prelude.NFData AwsRedshiftClusterIamRole where
+  rnf AwsRedshiftClusterIamRole' {..} =
+    Prelude.rnf applyStatus
+      `Prelude.seq` Prelude.rnf iamRoleArn
+
+instance Data.ToJSON AwsRedshiftClusterIamRole where
+  toJSON AwsRedshiftClusterIamRole' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ApplyStatus" Data..=) Prelude.<$> applyStatus,
+            ("IamRoleArn" Data..=) Prelude.<$> iamRoleArn
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterLoggingStatus.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterLoggingStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterLoggingStatus.hs
@@ -0,0 +1,192 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterLoggingStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterLoggingStatus where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about the logging status of the cluster.
+--
+-- /See:/ 'newAwsRedshiftClusterLoggingStatus' smart constructor.
+data AwsRedshiftClusterLoggingStatus = AwsRedshiftClusterLoggingStatus'
+  { -- | The name of the S3 bucket where the log files are stored.
+    bucketName :: Prelude.Maybe Prelude.Text,
+    -- | The message indicating that the logs failed to be delivered.
+    lastFailureMessage :: Prelude.Maybe Prelude.Text,
+    -- | The last time when logs failed to be delivered.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    lastFailureTime :: Prelude.Maybe Prelude.Text,
+    -- | The last time that logs were delivered successfully.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    lastSuccessfulDeliveryTime :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether logging is enabled.
+    loggingEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | Provides the prefix applied to the log file names.
+    s3KeyPrefix :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterLoggingStatus' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'bucketName', 'awsRedshiftClusterLoggingStatus_bucketName' - The name of the S3 bucket where the log files are stored.
+--
+-- 'lastFailureMessage', 'awsRedshiftClusterLoggingStatus_lastFailureMessage' - The message indicating that the logs failed to be delivered.
+--
+-- 'lastFailureTime', 'awsRedshiftClusterLoggingStatus_lastFailureTime' - The last time when logs failed to be delivered.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'lastSuccessfulDeliveryTime', 'awsRedshiftClusterLoggingStatus_lastSuccessfulDeliveryTime' - The last time that logs were delivered successfully.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'loggingEnabled', 'awsRedshiftClusterLoggingStatus_loggingEnabled' - Indicates whether logging is enabled.
+--
+-- 's3KeyPrefix', 'awsRedshiftClusterLoggingStatus_s3KeyPrefix' - Provides the prefix applied to the log file names.
+newAwsRedshiftClusterLoggingStatus ::
+  AwsRedshiftClusterLoggingStatus
+newAwsRedshiftClusterLoggingStatus =
+  AwsRedshiftClusterLoggingStatus'
+    { bucketName =
+        Prelude.Nothing,
+      lastFailureMessage = Prelude.Nothing,
+      lastFailureTime = Prelude.Nothing,
+      lastSuccessfulDeliveryTime =
+        Prelude.Nothing,
+      loggingEnabled = Prelude.Nothing,
+      s3KeyPrefix = Prelude.Nothing
+    }
+
+-- | The name of the S3 bucket where the log files are stored.
+awsRedshiftClusterLoggingStatus_bucketName :: Lens.Lens' AwsRedshiftClusterLoggingStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterLoggingStatus_bucketName = Lens.lens (\AwsRedshiftClusterLoggingStatus' {bucketName} -> bucketName) (\s@AwsRedshiftClusterLoggingStatus' {} a -> s {bucketName = a} :: AwsRedshiftClusterLoggingStatus)
+
+-- | The message indicating that the logs failed to be delivered.
+awsRedshiftClusterLoggingStatus_lastFailureMessage :: Lens.Lens' AwsRedshiftClusterLoggingStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterLoggingStatus_lastFailureMessage = Lens.lens (\AwsRedshiftClusterLoggingStatus' {lastFailureMessage} -> lastFailureMessage) (\s@AwsRedshiftClusterLoggingStatus' {} a -> s {lastFailureMessage = a} :: AwsRedshiftClusterLoggingStatus)
+
+-- | The last time when logs failed to be delivered.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsRedshiftClusterLoggingStatus_lastFailureTime :: Lens.Lens' AwsRedshiftClusterLoggingStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterLoggingStatus_lastFailureTime = Lens.lens (\AwsRedshiftClusterLoggingStatus' {lastFailureTime} -> lastFailureTime) (\s@AwsRedshiftClusterLoggingStatus' {} a -> s {lastFailureTime = a} :: AwsRedshiftClusterLoggingStatus)
+
+-- | The last time that logs were delivered successfully.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsRedshiftClusterLoggingStatus_lastSuccessfulDeliveryTime :: Lens.Lens' AwsRedshiftClusterLoggingStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterLoggingStatus_lastSuccessfulDeliveryTime = Lens.lens (\AwsRedshiftClusterLoggingStatus' {lastSuccessfulDeliveryTime} -> lastSuccessfulDeliveryTime) (\s@AwsRedshiftClusterLoggingStatus' {} a -> s {lastSuccessfulDeliveryTime = a} :: AwsRedshiftClusterLoggingStatus)
+
+-- | Indicates whether logging is enabled.
+awsRedshiftClusterLoggingStatus_loggingEnabled :: Lens.Lens' AwsRedshiftClusterLoggingStatus (Prelude.Maybe Prelude.Bool)
+awsRedshiftClusterLoggingStatus_loggingEnabled = Lens.lens (\AwsRedshiftClusterLoggingStatus' {loggingEnabled} -> loggingEnabled) (\s@AwsRedshiftClusterLoggingStatus' {} a -> s {loggingEnabled = a} :: AwsRedshiftClusterLoggingStatus)
+
+-- | Provides the prefix applied to the log file names.
+awsRedshiftClusterLoggingStatus_s3KeyPrefix :: Lens.Lens' AwsRedshiftClusterLoggingStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterLoggingStatus_s3KeyPrefix = Lens.lens (\AwsRedshiftClusterLoggingStatus' {s3KeyPrefix} -> s3KeyPrefix) (\s@AwsRedshiftClusterLoggingStatus' {} a -> s {s3KeyPrefix = a} :: AwsRedshiftClusterLoggingStatus)
+
+instance
+  Data.FromJSON
+    AwsRedshiftClusterLoggingStatus
+  where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterLoggingStatus"
+      ( \x ->
+          AwsRedshiftClusterLoggingStatus'
+            Prelude.<$> (x Data..:? "BucketName")
+            Prelude.<*> (x Data..:? "LastFailureMessage")
+            Prelude.<*> (x Data..:? "LastFailureTime")
+            Prelude.<*> (x Data..:? "LastSuccessfulDeliveryTime")
+            Prelude.<*> (x Data..:? "LoggingEnabled")
+            Prelude.<*> (x Data..:? "S3KeyPrefix")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRedshiftClusterLoggingStatus
+  where
+  hashWithSalt
+    _salt
+    AwsRedshiftClusterLoggingStatus' {..} =
+      _salt
+        `Prelude.hashWithSalt` bucketName
+        `Prelude.hashWithSalt` lastFailureMessage
+        `Prelude.hashWithSalt` lastFailureTime
+        `Prelude.hashWithSalt` lastSuccessfulDeliveryTime
+        `Prelude.hashWithSalt` loggingEnabled
+        `Prelude.hashWithSalt` s3KeyPrefix
+
+instance
+  Prelude.NFData
+    AwsRedshiftClusterLoggingStatus
+  where
+  rnf AwsRedshiftClusterLoggingStatus' {..} =
+    Prelude.rnf bucketName
+      `Prelude.seq` Prelude.rnf lastFailureMessage
+      `Prelude.seq` Prelude.rnf lastFailureTime
+      `Prelude.seq` Prelude.rnf lastSuccessfulDeliveryTime
+      `Prelude.seq` Prelude.rnf loggingEnabled
+      `Prelude.seq` Prelude.rnf s3KeyPrefix
+
+instance Data.ToJSON AwsRedshiftClusterLoggingStatus where
+  toJSON AwsRedshiftClusterLoggingStatus' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("BucketName" Data..=) Prelude.<$> bucketName,
+            ("LastFailureMessage" Data..=)
+              Prelude.<$> lastFailureMessage,
+            ("LastFailureTime" Data..=)
+              Prelude.<$> lastFailureTime,
+            ("LastSuccessfulDeliveryTime" Data..=)
+              Prelude.<$> lastSuccessfulDeliveryTime,
+            ("LoggingEnabled" Data..=)
+              Prelude.<$> loggingEnabled,
+            ("S3KeyPrefix" Data..=) Prelude.<$> s3KeyPrefix
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterPendingModifiedValues.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterPendingModifiedValues.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterPendingModifiedValues.hs
@@ -0,0 +1,253 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterPendingModifiedValues
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterPendingModifiedValues where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Changes to the Amazon Redshift cluster that are currently pending.
+--
+-- /See:/ 'newAwsRedshiftClusterPendingModifiedValues' smart constructor.
+data AwsRedshiftClusterPendingModifiedValues = AwsRedshiftClusterPendingModifiedValues'
+  { -- | The pending or in-progress change to the automated snapshot retention
+    -- period.
+    automatedSnapshotRetentionPeriod :: Prelude.Maybe Prelude.Int,
+    -- | The pending or in-progress change to the identifier for the cluster.
+    clusterIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The pending or in-progress change to the cluster type.
+    clusterType :: Prelude.Maybe Prelude.Text,
+    -- | The pending or in-progress change to the service version.
+    clusterVersion :: Prelude.Maybe Prelude.Text,
+    -- | The encryption type for a cluster.
+    encryptionType :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether to create the cluster with enhanced VPC routing
+    -- enabled.
+    enhancedVpcRouting :: Prelude.Maybe Prelude.Bool,
+    -- | The name of the maintenance track that the cluster changes to during the
+    -- next maintenance window.
+    maintenanceTrackName :: Prelude.Maybe Prelude.Text,
+    -- | The pending or in-progress change to the master user password for the
+    -- cluster.
+    masterUserPassword :: Prelude.Maybe Prelude.Text,
+    -- | The pending or in-progress change to the cluster\'s node type.
+    nodeType :: Prelude.Maybe Prelude.Text,
+    -- | The pending or in-progress change to the number of nodes in the cluster.
+    numberOfNodes :: Prelude.Maybe Prelude.Int,
+    -- | The pending or in-progress change to whether the cluster can be
+    -- connected to from the public network.
+    publiclyAccessible :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterPendingModifiedValues' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'automatedSnapshotRetentionPeriod', 'awsRedshiftClusterPendingModifiedValues_automatedSnapshotRetentionPeriod' - The pending or in-progress change to the automated snapshot retention
+-- period.
+--
+-- 'clusterIdentifier', 'awsRedshiftClusterPendingModifiedValues_clusterIdentifier' - The pending or in-progress change to the identifier for the cluster.
+--
+-- 'clusterType', 'awsRedshiftClusterPendingModifiedValues_clusterType' - The pending or in-progress change to the cluster type.
+--
+-- 'clusterVersion', 'awsRedshiftClusterPendingModifiedValues_clusterVersion' - The pending or in-progress change to the service version.
+--
+-- 'encryptionType', 'awsRedshiftClusterPendingModifiedValues_encryptionType' - The encryption type for a cluster.
+--
+-- 'enhancedVpcRouting', 'awsRedshiftClusterPendingModifiedValues_enhancedVpcRouting' - Indicates whether to create the cluster with enhanced VPC routing
+-- enabled.
+--
+-- 'maintenanceTrackName', 'awsRedshiftClusterPendingModifiedValues_maintenanceTrackName' - The name of the maintenance track that the cluster changes to during the
+-- next maintenance window.
+--
+-- 'masterUserPassword', 'awsRedshiftClusterPendingModifiedValues_masterUserPassword' - The pending or in-progress change to the master user password for the
+-- cluster.
+--
+-- 'nodeType', 'awsRedshiftClusterPendingModifiedValues_nodeType' - The pending or in-progress change to the cluster\'s node type.
+--
+-- 'numberOfNodes', 'awsRedshiftClusterPendingModifiedValues_numberOfNodes' - The pending or in-progress change to the number of nodes in the cluster.
+--
+-- 'publiclyAccessible', 'awsRedshiftClusterPendingModifiedValues_publiclyAccessible' - The pending or in-progress change to whether the cluster can be
+-- connected to from the public network.
+newAwsRedshiftClusterPendingModifiedValues ::
+  AwsRedshiftClusterPendingModifiedValues
+newAwsRedshiftClusterPendingModifiedValues =
+  AwsRedshiftClusterPendingModifiedValues'
+    { automatedSnapshotRetentionPeriod =
+        Prelude.Nothing,
+      clusterIdentifier =
+        Prelude.Nothing,
+      clusterType = Prelude.Nothing,
+      clusterVersion = Prelude.Nothing,
+      encryptionType = Prelude.Nothing,
+      enhancedVpcRouting =
+        Prelude.Nothing,
+      maintenanceTrackName =
+        Prelude.Nothing,
+      masterUserPassword =
+        Prelude.Nothing,
+      nodeType = Prelude.Nothing,
+      numberOfNodes = Prelude.Nothing,
+      publiclyAccessible =
+        Prelude.Nothing
+    }
+
+-- | The pending or in-progress change to the automated snapshot retention
+-- period.
+awsRedshiftClusterPendingModifiedValues_automatedSnapshotRetentionPeriod :: Lens.Lens' AwsRedshiftClusterPendingModifiedValues (Prelude.Maybe Prelude.Int)
+awsRedshiftClusterPendingModifiedValues_automatedSnapshotRetentionPeriod = Lens.lens (\AwsRedshiftClusterPendingModifiedValues' {automatedSnapshotRetentionPeriod} -> automatedSnapshotRetentionPeriod) (\s@AwsRedshiftClusterPendingModifiedValues' {} a -> s {automatedSnapshotRetentionPeriod = a} :: AwsRedshiftClusterPendingModifiedValues)
+
+-- | The pending or in-progress change to the identifier for the cluster.
+awsRedshiftClusterPendingModifiedValues_clusterIdentifier :: Lens.Lens' AwsRedshiftClusterPendingModifiedValues (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterPendingModifiedValues_clusterIdentifier = Lens.lens (\AwsRedshiftClusterPendingModifiedValues' {clusterIdentifier} -> clusterIdentifier) (\s@AwsRedshiftClusterPendingModifiedValues' {} a -> s {clusterIdentifier = a} :: AwsRedshiftClusterPendingModifiedValues)
+
+-- | The pending or in-progress change to the cluster type.
+awsRedshiftClusterPendingModifiedValues_clusterType :: Lens.Lens' AwsRedshiftClusterPendingModifiedValues (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterPendingModifiedValues_clusterType = Lens.lens (\AwsRedshiftClusterPendingModifiedValues' {clusterType} -> clusterType) (\s@AwsRedshiftClusterPendingModifiedValues' {} a -> s {clusterType = a} :: AwsRedshiftClusterPendingModifiedValues)
+
+-- | The pending or in-progress change to the service version.
+awsRedshiftClusterPendingModifiedValues_clusterVersion :: Lens.Lens' AwsRedshiftClusterPendingModifiedValues (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterPendingModifiedValues_clusterVersion = Lens.lens (\AwsRedshiftClusterPendingModifiedValues' {clusterVersion} -> clusterVersion) (\s@AwsRedshiftClusterPendingModifiedValues' {} a -> s {clusterVersion = a} :: AwsRedshiftClusterPendingModifiedValues)
+
+-- | The encryption type for a cluster.
+awsRedshiftClusterPendingModifiedValues_encryptionType :: Lens.Lens' AwsRedshiftClusterPendingModifiedValues (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterPendingModifiedValues_encryptionType = Lens.lens (\AwsRedshiftClusterPendingModifiedValues' {encryptionType} -> encryptionType) (\s@AwsRedshiftClusterPendingModifiedValues' {} a -> s {encryptionType = a} :: AwsRedshiftClusterPendingModifiedValues)
+
+-- | Indicates whether to create the cluster with enhanced VPC routing
+-- enabled.
+awsRedshiftClusterPendingModifiedValues_enhancedVpcRouting :: Lens.Lens' AwsRedshiftClusterPendingModifiedValues (Prelude.Maybe Prelude.Bool)
+awsRedshiftClusterPendingModifiedValues_enhancedVpcRouting = Lens.lens (\AwsRedshiftClusterPendingModifiedValues' {enhancedVpcRouting} -> enhancedVpcRouting) (\s@AwsRedshiftClusterPendingModifiedValues' {} a -> s {enhancedVpcRouting = a} :: AwsRedshiftClusterPendingModifiedValues)
+
+-- | The name of the maintenance track that the cluster changes to during the
+-- next maintenance window.
+awsRedshiftClusterPendingModifiedValues_maintenanceTrackName :: Lens.Lens' AwsRedshiftClusterPendingModifiedValues (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterPendingModifiedValues_maintenanceTrackName = Lens.lens (\AwsRedshiftClusterPendingModifiedValues' {maintenanceTrackName} -> maintenanceTrackName) (\s@AwsRedshiftClusterPendingModifiedValues' {} a -> s {maintenanceTrackName = a} :: AwsRedshiftClusterPendingModifiedValues)
+
+-- | The pending or in-progress change to the master user password for the
+-- cluster.
+awsRedshiftClusterPendingModifiedValues_masterUserPassword :: Lens.Lens' AwsRedshiftClusterPendingModifiedValues (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterPendingModifiedValues_masterUserPassword = Lens.lens (\AwsRedshiftClusterPendingModifiedValues' {masterUserPassword} -> masterUserPassword) (\s@AwsRedshiftClusterPendingModifiedValues' {} a -> s {masterUserPassword = a} :: AwsRedshiftClusterPendingModifiedValues)
+
+-- | The pending or in-progress change to the cluster\'s node type.
+awsRedshiftClusterPendingModifiedValues_nodeType :: Lens.Lens' AwsRedshiftClusterPendingModifiedValues (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterPendingModifiedValues_nodeType = Lens.lens (\AwsRedshiftClusterPendingModifiedValues' {nodeType} -> nodeType) (\s@AwsRedshiftClusterPendingModifiedValues' {} a -> s {nodeType = a} :: AwsRedshiftClusterPendingModifiedValues)
+
+-- | The pending or in-progress change to the number of nodes in the cluster.
+awsRedshiftClusterPendingModifiedValues_numberOfNodes :: Lens.Lens' AwsRedshiftClusterPendingModifiedValues (Prelude.Maybe Prelude.Int)
+awsRedshiftClusterPendingModifiedValues_numberOfNodes = Lens.lens (\AwsRedshiftClusterPendingModifiedValues' {numberOfNodes} -> numberOfNodes) (\s@AwsRedshiftClusterPendingModifiedValues' {} a -> s {numberOfNodes = a} :: AwsRedshiftClusterPendingModifiedValues)
+
+-- | The pending or in-progress change to whether the cluster can be
+-- connected to from the public network.
+awsRedshiftClusterPendingModifiedValues_publiclyAccessible :: Lens.Lens' AwsRedshiftClusterPendingModifiedValues (Prelude.Maybe Prelude.Bool)
+awsRedshiftClusterPendingModifiedValues_publiclyAccessible = Lens.lens (\AwsRedshiftClusterPendingModifiedValues' {publiclyAccessible} -> publiclyAccessible) (\s@AwsRedshiftClusterPendingModifiedValues' {} a -> s {publiclyAccessible = a} :: AwsRedshiftClusterPendingModifiedValues)
+
+instance
+  Data.FromJSON
+    AwsRedshiftClusterPendingModifiedValues
+  where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterPendingModifiedValues"
+      ( \x ->
+          AwsRedshiftClusterPendingModifiedValues'
+            Prelude.<$> (x Data..:? "AutomatedSnapshotRetentionPeriod")
+            Prelude.<*> (x Data..:? "ClusterIdentifier")
+            Prelude.<*> (x Data..:? "ClusterType")
+            Prelude.<*> (x Data..:? "ClusterVersion")
+            Prelude.<*> (x Data..:? "EncryptionType")
+            Prelude.<*> (x Data..:? "EnhancedVpcRouting")
+            Prelude.<*> (x Data..:? "MaintenanceTrackName")
+            Prelude.<*> (x Data..:? "MasterUserPassword")
+            Prelude.<*> (x Data..:? "NodeType")
+            Prelude.<*> (x Data..:? "NumberOfNodes")
+            Prelude.<*> (x Data..:? "PubliclyAccessible")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRedshiftClusterPendingModifiedValues
+  where
+  hashWithSalt
+    _salt
+    AwsRedshiftClusterPendingModifiedValues' {..} =
+      _salt
+        `Prelude.hashWithSalt` automatedSnapshotRetentionPeriod
+        `Prelude.hashWithSalt` clusterIdentifier
+        `Prelude.hashWithSalt` clusterType
+        `Prelude.hashWithSalt` clusterVersion
+        `Prelude.hashWithSalt` encryptionType
+        `Prelude.hashWithSalt` enhancedVpcRouting
+        `Prelude.hashWithSalt` maintenanceTrackName
+        `Prelude.hashWithSalt` masterUserPassword
+        `Prelude.hashWithSalt` nodeType
+        `Prelude.hashWithSalt` numberOfNodes
+        `Prelude.hashWithSalt` publiclyAccessible
+
+instance
+  Prelude.NFData
+    AwsRedshiftClusterPendingModifiedValues
+  where
+  rnf AwsRedshiftClusterPendingModifiedValues' {..} =
+    Prelude.rnf automatedSnapshotRetentionPeriod
+      `Prelude.seq` Prelude.rnf clusterIdentifier
+      `Prelude.seq` Prelude.rnf clusterType
+      `Prelude.seq` Prelude.rnf clusterVersion
+      `Prelude.seq` Prelude.rnf encryptionType
+      `Prelude.seq` Prelude.rnf enhancedVpcRouting
+      `Prelude.seq` Prelude.rnf maintenanceTrackName
+      `Prelude.seq` Prelude.rnf masterUserPassword
+      `Prelude.seq` Prelude.rnf nodeType
+      `Prelude.seq` Prelude.rnf numberOfNodes
+      `Prelude.seq` Prelude.rnf publiclyAccessible
+
+instance
+  Data.ToJSON
+    AwsRedshiftClusterPendingModifiedValues
+  where
+  toJSON AwsRedshiftClusterPendingModifiedValues' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AutomatedSnapshotRetentionPeriod" Data..=)
+              Prelude.<$> automatedSnapshotRetentionPeriod,
+            ("ClusterIdentifier" Data..=)
+              Prelude.<$> clusterIdentifier,
+            ("ClusterType" Data..=) Prelude.<$> clusterType,
+            ("ClusterVersion" Data..=)
+              Prelude.<$> clusterVersion,
+            ("EncryptionType" Data..=)
+              Prelude.<$> encryptionType,
+            ("EnhancedVpcRouting" Data..=)
+              Prelude.<$> enhancedVpcRouting,
+            ("MaintenanceTrackName" Data..=)
+              Prelude.<$> maintenanceTrackName,
+            ("MasterUserPassword" Data..=)
+              Prelude.<$> masterUserPassword,
+            ("NodeType" Data..=) Prelude.<$> nodeType,
+            ("NumberOfNodes" Data..=) Prelude.<$> numberOfNodes,
+            ("PubliclyAccessible" Data..=)
+              Prelude.<$> publiclyAccessible
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterResizeInfo.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterResizeInfo.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterResizeInfo.hs
@@ -0,0 +1,104 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterResizeInfo
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterResizeInfo where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the resize operation for the cluster.
+--
+-- /See:/ 'newAwsRedshiftClusterResizeInfo' smart constructor.
+data AwsRedshiftClusterResizeInfo = AwsRedshiftClusterResizeInfo'
+  { -- | Indicates whether the resize operation can be canceled.
+    allowCancelResize :: Prelude.Maybe Prelude.Bool,
+    -- | The type of resize operation.
+    --
+    -- Valid values: @ClassicResize@
+    resizeType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterResizeInfo' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allowCancelResize', 'awsRedshiftClusterResizeInfo_allowCancelResize' - Indicates whether the resize operation can be canceled.
+--
+-- 'resizeType', 'awsRedshiftClusterResizeInfo_resizeType' - The type of resize operation.
+--
+-- Valid values: @ClassicResize@
+newAwsRedshiftClusterResizeInfo ::
+  AwsRedshiftClusterResizeInfo
+newAwsRedshiftClusterResizeInfo =
+  AwsRedshiftClusterResizeInfo'
+    { allowCancelResize =
+        Prelude.Nothing,
+      resizeType = Prelude.Nothing
+    }
+
+-- | Indicates whether the resize operation can be canceled.
+awsRedshiftClusterResizeInfo_allowCancelResize :: Lens.Lens' AwsRedshiftClusterResizeInfo (Prelude.Maybe Prelude.Bool)
+awsRedshiftClusterResizeInfo_allowCancelResize = Lens.lens (\AwsRedshiftClusterResizeInfo' {allowCancelResize} -> allowCancelResize) (\s@AwsRedshiftClusterResizeInfo' {} a -> s {allowCancelResize = a} :: AwsRedshiftClusterResizeInfo)
+
+-- | The type of resize operation.
+--
+-- Valid values: @ClassicResize@
+awsRedshiftClusterResizeInfo_resizeType :: Lens.Lens' AwsRedshiftClusterResizeInfo (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterResizeInfo_resizeType = Lens.lens (\AwsRedshiftClusterResizeInfo' {resizeType} -> resizeType) (\s@AwsRedshiftClusterResizeInfo' {} a -> s {resizeType = a} :: AwsRedshiftClusterResizeInfo)
+
+instance Data.FromJSON AwsRedshiftClusterResizeInfo where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterResizeInfo"
+      ( \x ->
+          AwsRedshiftClusterResizeInfo'
+            Prelude.<$> (x Data..:? "AllowCancelResize")
+            Prelude.<*> (x Data..:? "ResizeType")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRedshiftClusterResizeInfo
+  where
+  hashWithSalt _salt AwsRedshiftClusterResizeInfo' {..} =
+    _salt
+      `Prelude.hashWithSalt` allowCancelResize
+      `Prelude.hashWithSalt` resizeType
+
+instance Prelude.NFData AwsRedshiftClusterResizeInfo where
+  rnf AwsRedshiftClusterResizeInfo' {..} =
+    Prelude.rnf allowCancelResize
+      `Prelude.seq` Prelude.rnf resizeType
+
+instance Data.ToJSON AwsRedshiftClusterResizeInfo where
+  toJSON AwsRedshiftClusterResizeInfo' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AllowCancelResize" Data..=)
+              Prelude.<$> allowCancelResize,
+            ("ResizeType" Data..=) Prelude.<$> resizeType
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterRestoreStatus.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterRestoreStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterRestoreStatus.hs
@@ -0,0 +1,212 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterRestoreStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterRestoreStatus where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the status of a cluster restore action. It only
+-- applies if the cluster was created by restoring a snapshot.
+--
+-- /See:/ 'newAwsRedshiftClusterRestoreStatus' smart constructor.
+data AwsRedshiftClusterRestoreStatus = AwsRedshiftClusterRestoreStatus'
+  { -- | The number of megabytes per second being transferred from the backup
+    -- storage. Returns the average rate for a completed backup.
+    --
+    -- This field is only updated when you restore to DC2 and DS2 node types.
+    currentRestoreRateInMegaBytesPerSecond :: Prelude.Maybe Prelude.Double,
+    -- | The amount of time an in-progress restore has been running, or the
+    -- amount of time it took a completed restore to finish.
+    --
+    -- This field is only updated when you restore to DC2 and DS2 node types.
+    elapsedTimeInSeconds :: Prelude.Maybe Prelude.Integer,
+    -- | The estimate of the time remaining before the restore is complete.
+    -- Returns 0 for a completed restore.
+    --
+    -- This field is only updated when you restore to DC2 and DS2 node types.
+    estimatedTimeToCompletionInSeconds :: Prelude.Maybe Prelude.Integer,
+    -- | The number of megabytes that were transferred from snapshot storage.
+    --
+    -- This field is only updated when you restore to DC2 and DS2 node types.
+    progressInMegaBytes :: Prelude.Maybe Prelude.Integer,
+    -- | The size of the set of snapshot data that was used to restore the
+    -- cluster.
+    --
+    -- This field is only updated when you restore to DC2 and DS2 node types.
+    snapshotSizeInMegaBytes :: Prelude.Maybe Prelude.Integer,
+    -- | The status of the restore action.
+    --
+    -- Valid values: @starting@ | @restoring@ | @completed@ | @failed@
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterRestoreStatus' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'currentRestoreRateInMegaBytesPerSecond', 'awsRedshiftClusterRestoreStatus_currentRestoreRateInMegaBytesPerSecond' - The number of megabytes per second being transferred from the backup
+-- storage. Returns the average rate for a completed backup.
+--
+-- This field is only updated when you restore to DC2 and DS2 node types.
+--
+-- 'elapsedTimeInSeconds', 'awsRedshiftClusterRestoreStatus_elapsedTimeInSeconds' - The amount of time an in-progress restore has been running, or the
+-- amount of time it took a completed restore to finish.
+--
+-- This field is only updated when you restore to DC2 and DS2 node types.
+--
+-- 'estimatedTimeToCompletionInSeconds', 'awsRedshiftClusterRestoreStatus_estimatedTimeToCompletionInSeconds' - The estimate of the time remaining before the restore is complete.
+-- Returns 0 for a completed restore.
+--
+-- This field is only updated when you restore to DC2 and DS2 node types.
+--
+-- 'progressInMegaBytes', 'awsRedshiftClusterRestoreStatus_progressInMegaBytes' - The number of megabytes that were transferred from snapshot storage.
+--
+-- This field is only updated when you restore to DC2 and DS2 node types.
+--
+-- 'snapshotSizeInMegaBytes', 'awsRedshiftClusterRestoreStatus_snapshotSizeInMegaBytes' - The size of the set of snapshot data that was used to restore the
+-- cluster.
+--
+-- This field is only updated when you restore to DC2 and DS2 node types.
+--
+-- 'status', 'awsRedshiftClusterRestoreStatus_status' - The status of the restore action.
+--
+-- Valid values: @starting@ | @restoring@ | @completed@ | @failed@
+newAwsRedshiftClusterRestoreStatus ::
+  AwsRedshiftClusterRestoreStatus
+newAwsRedshiftClusterRestoreStatus =
+  AwsRedshiftClusterRestoreStatus'
+    { currentRestoreRateInMegaBytesPerSecond =
+        Prelude.Nothing,
+      elapsedTimeInSeconds = Prelude.Nothing,
+      estimatedTimeToCompletionInSeconds =
+        Prelude.Nothing,
+      progressInMegaBytes = Prelude.Nothing,
+      snapshotSizeInMegaBytes = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The number of megabytes per second being transferred from the backup
+-- storage. Returns the average rate for a completed backup.
+--
+-- This field is only updated when you restore to DC2 and DS2 node types.
+awsRedshiftClusterRestoreStatus_currentRestoreRateInMegaBytesPerSecond :: Lens.Lens' AwsRedshiftClusterRestoreStatus (Prelude.Maybe Prelude.Double)
+awsRedshiftClusterRestoreStatus_currentRestoreRateInMegaBytesPerSecond = Lens.lens (\AwsRedshiftClusterRestoreStatus' {currentRestoreRateInMegaBytesPerSecond} -> currentRestoreRateInMegaBytesPerSecond) (\s@AwsRedshiftClusterRestoreStatus' {} a -> s {currentRestoreRateInMegaBytesPerSecond = a} :: AwsRedshiftClusterRestoreStatus)
+
+-- | The amount of time an in-progress restore has been running, or the
+-- amount of time it took a completed restore to finish.
+--
+-- This field is only updated when you restore to DC2 and DS2 node types.
+awsRedshiftClusterRestoreStatus_elapsedTimeInSeconds :: Lens.Lens' AwsRedshiftClusterRestoreStatus (Prelude.Maybe Prelude.Integer)
+awsRedshiftClusterRestoreStatus_elapsedTimeInSeconds = Lens.lens (\AwsRedshiftClusterRestoreStatus' {elapsedTimeInSeconds} -> elapsedTimeInSeconds) (\s@AwsRedshiftClusterRestoreStatus' {} a -> s {elapsedTimeInSeconds = a} :: AwsRedshiftClusterRestoreStatus)
+
+-- | The estimate of the time remaining before the restore is complete.
+-- Returns 0 for a completed restore.
+--
+-- This field is only updated when you restore to DC2 and DS2 node types.
+awsRedshiftClusterRestoreStatus_estimatedTimeToCompletionInSeconds :: Lens.Lens' AwsRedshiftClusterRestoreStatus (Prelude.Maybe Prelude.Integer)
+awsRedshiftClusterRestoreStatus_estimatedTimeToCompletionInSeconds = Lens.lens (\AwsRedshiftClusterRestoreStatus' {estimatedTimeToCompletionInSeconds} -> estimatedTimeToCompletionInSeconds) (\s@AwsRedshiftClusterRestoreStatus' {} a -> s {estimatedTimeToCompletionInSeconds = a} :: AwsRedshiftClusterRestoreStatus)
+
+-- | The number of megabytes that were transferred from snapshot storage.
+--
+-- This field is only updated when you restore to DC2 and DS2 node types.
+awsRedshiftClusterRestoreStatus_progressInMegaBytes :: Lens.Lens' AwsRedshiftClusterRestoreStatus (Prelude.Maybe Prelude.Integer)
+awsRedshiftClusterRestoreStatus_progressInMegaBytes = Lens.lens (\AwsRedshiftClusterRestoreStatus' {progressInMegaBytes} -> progressInMegaBytes) (\s@AwsRedshiftClusterRestoreStatus' {} a -> s {progressInMegaBytes = a} :: AwsRedshiftClusterRestoreStatus)
+
+-- | The size of the set of snapshot data that was used to restore the
+-- cluster.
+--
+-- This field is only updated when you restore to DC2 and DS2 node types.
+awsRedshiftClusterRestoreStatus_snapshotSizeInMegaBytes :: Lens.Lens' AwsRedshiftClusterRestoreStatus (Prelude.Maybe Prelude.Integer)
+awsRedshiftClusterRestoreStatus_snapshotSizeInMegaBytes = Lens.lens (\AwsRedshiftClusterRestoreStatus' {snapshotSizeInMegaBytes} -> snapshotSizeInMegaBytes) (\s@AwsRedshiftClusterRestoreStatus' {} a -> s {snapshotSizeInMegaBytes = a} :: AwsRedshiftClusterRestoreStatus)
+
+-- | The status of the restore action.
+--
+-- Valid values: @starting@ | @restoring@ | @completed@ | @failed@
+awsRedshiftClusterRestoreStatus_status :: Lens.Lens' AwsRedshiftClusterRestoreStatus (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterRestoreStatus_status = Lens.lens (\AwsRedshiftClusterRestoreStatus' {status} -> status) (\s@AwsRedshiftClusterRestoreStatus' {} a -> s {status = a} :: AwsRedshiftClusterRestoreStatus)
+
+instance
+  Data.FromJSON
+    AwsRedshiftClusterRestoreStatus
+  where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterRestoreStatus"
+      ( \x ->
+          AwsRedshiftClusterRestoreStatus'
+            Prelude.<$> (x Data..:? "CurrentRestoreRateInMegaBytesPerSecond")
+            Prelude.<*> (x Data..:? "ElapsedTimeInSeconds")
+            Prelude.<*> (x Data..:? "EstimatedTimeToCompletionInSeconds")
+            Prelude.<*> (x Data..:? "ProgressInMegaBytes")
+            Prelude.<*> (x Data..:? "SnapshotSizeInMegaBytes")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRedshiftClusterRestoreStatus
+  where
+  hashWithSalt
+    _salt
+    AwsRedshiftClusterRestoreStatus' {..} =
+      _salt
+        `Prelude.hashWithSalt` currentRestoreRateInMegaBytesPerSecond
+        `Prelude.hashWithSalt` elapsedTimeInSeconds
+        `Prelude.hashWithSalt` estimatedTimeToCompletionInSeconds
+        `Prelude.hashWithSalt` progressInMegaBytes
+        `Prelude.hashWithSalt` snapshotSizeInMegaBytes
+        `Prelude.hashWithSalt` status
+
+instance
+  Prelude.NFData
+    AwsRedshiftClusterRestoreStatus
+  where
+  rnf AwsRedshiftClusterRestoreStatus' {..} =
+    Prelude.rnf currentRestoreRateInMegaBytesPerSecond
+      `Prelude.seq` Prelude.rnf elapsedTimeInSeconds
+      `Prelude.seq` Prelude.rnf estimatedTimeToCompletionInSeconds
+      `Prelude.seq` Prelude.rnf progressInMegaBytes
+      `Prelude.seq` Prelude.rnf snapshotSizeInMegaBytes
+      `Prelude.seq` Prelude.rnf status
+
+instance Data.ToJSON AwsRedshiftClusterRestoreStatus where
+  toJSON AwsRedshiftClusterRestoreStatus' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CurrentRestoreRateInMegaBytesPerSecond" Data..=)
+              Prelude.<$> currentRestoreRateInMegaBytesPerSecond,
+            ("ElapsedTimeInSeconds" Data..=)
+              Prelude.<$> elapsedTimeInSeconds,
+            ("EstimatedTimeToCompletionInSeconds" Data..=)
+              Prelude.<$> estimatedTimeToCompletionInSeconds,
+            ("ProgressInMegaBytes" Data..=)
+              Prelude.<$> progressInMegaBytes,
+            ("SnapshotSizeInMegaBytes" Data..=)
+              Prelude.<$> snapshotSizeInMegaBytes,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterVpcSecurityGroup.hs b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterVpcSecurityGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsRedshiftClusterVpcSecurityGroup.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsRedshiftClusterVpcSecurityGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsRedshiftClusterVpcSecurityGroup where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A VPC security group that the cluster belongs to, if the cluster is in a
+-- VPC.
+--
+-- /See:/ 'newAwsRedshiftClusterVpcSecurityGroup' smart constructor.
+data AwsRedshiftClusterVpcSecurityGroup = AwsRedshiftClusterVpcSecurityGroup'
+  { -- | The status of the VPC security group.
+    status :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the VPC security group.
+    vpcSecurityGroupId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsRedshiftClusterVpcSecurityGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'status', 'awsRedshiftClusterVpcSecurityGroup_status' - The status of the VPC security group.
+--
+-- 'vpcSecurityGroupId', 'awsRedshiftClusterVpcSecurityGroup_vpcSecurityGroupId' - The identifier of the VPC security group.
+newAwsRedshiftClusterVpcSecurityGroup ::
+  AwsRedshiftClusterVpcSecurityGroup
+newAwsRedshiftClusterVpcSecurityGroup =
+  AwsRedshiftClusterVpcSecurityGroup'
+    { status =
+        Prelude.Nothing,
+      vpcSecurityGroupId = Prelude.Nothing
+    }
+
+-- | The status of the VPC security group.
+awsRedshiftClusterVpcSecurityGroup_status :: Lens.Lens' AwsRedshiftClusterVpcSecurityGroup (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterVpcSecurityGroup_status = Lens.lens (\AwsRedshiftClusterVpcSecurityGroup' {status} -> status) (\s@AwsRedshiftClusterVpcSecurityGroup' {} a -> s {status = a} :: AwsRedshiftClusterVpcSecurityGroup)
+
+-- | The identifier of the VPC security group.
+awsRedshiftClusterVpcSecurityGroup_vpcSecurityGroupId :: Lens.Lens' AwsRedshiftClusterVpcSecurityGroup (Prelude.Maybe Prelude.Text)
+awsRedshiftClusterVpcSecurityGroup_vpcSecurityGroupId = Lens.lens (\AwsRedshiftClusterVpcSecurityGroup' {vpcSecurityGroupId} -> vpcSecurityGroupId) (\s@AwsRedshiftClusterVpcSecurityGroup' {} a -> s {vpcSecurityGroupId = a} :: AwsRedshiftClusterVpcSecurityGroup)
+
+instance
+  Data.FromJSON
+    AwsRedshiftClusterVpcSecurityGroup
+  where
+  parseJSON =
+    Data.withObject
+      "AwsRedshiftClusterVpcSecurityGroup"
+      ( \x ->
+          AwsRedshiftClusterVpcSecurityGroup'
+            Prelude.<$> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "VpcSecurityGroupId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsRedshiftClusterVpcSecurityGroup
+  where
+  hashWithSalt
+    _salt
+    AwsRedshiftClusterVpcSecurityGroup' {..} =
+      _salt
+        `Prelude.hashWithSalt` status
+        `Prelude.hashWithSalt` vpcSecurityGroupId
+
+instance
+  Prelude.NFData
+    AwsRedshiftClusterVpcSecurityGroup
+  where
+  rnf AwsRedshiftClusterVpcSecurityGroup' {..} =
+    Prelude.rnf status
+      `Prelude.seq` Prelude.rnf vpcSecurityGroupId
+
+instance
+  Data.ToJSON
+    AwsRedshiftClusterVpcSecurityGroup
+  where
+  toJSON AwsRedshiftClusterVpcSecurityGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Status" Data..=) Prelude.<$> status,
+            ("VpcSecurityGroupId" Data..=)
+              Prelude.<$> vpcSecurityGroupId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3AccountPublicAccessBlockDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsS3AccountPublicAccessBlockDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3AccountPublicAccessBlockDetails.hs
@@ -0,0 +1,155 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3AccountPublicAccessBlockDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3AccountPublicAccessBlockDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | provides information about the Amazon S3 Public Access Block
+-- configuration for accounts.
+--
+-- /See:/ 'newAwsS3AccountPublicAccessBlockDetails' smart constructor.
+data AwsS3AccountPublicAccessBlockDetails = AwsS3AccountPublicAccessBlockDetails'
+  { -- | Indicates whether to reject calls to update an S3 bucket if the calls
+    -- include a public access control list (ACL).
+    blockPublicAcls :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates whether to reject calls to update the access policy for an S3
+    -- bucket or access point if the policy allows public access.
+    blockPublicPolicy :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates whether Amazon S3 ignores public ACLs that are associated with
+    -- an S3 bucket.
+    ignorePublicAcls :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates whether to restrict access to an access point or S3 bucket
+    -- that has a public policy to only Amazon Web Services service principals
+    -- and authorized users within the S3 bucket owner\'s account.
+    restrictPublicBuckets :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3AccountPublicAccessBlockDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'blockPublicAcls', 'awsS3AccountPublicAccessBlockDetails_blockPublicAcls' - Indicates whether to reject calls to update an S3 bucket if the calls
+-- include a public access control list (ACL).
+--
+-- 'blockPublicPolicy', 'awsS3AccountPublicAccessBlockDetails_blockPublicPolicy' - Indicates whether to reject calls to update the access policy for an S3
+-- bucket or access point if the policy allows public access.
+--
+-- 'ignorePublicAcls', 'awsS3AccountPublicAccessBlockDetails_ignorePublicAcls' - Indicates whether Amazon S3 ignores public ACLs that are associated with
+-- an S3 bucket.
+--
+-- 'restrictPublicBuckets', 'awsS3AccountPublicAccessBlockDetails_restrictPublicBuckets' - Indicates whether to restrict access to an access point or S3 bucket
+-- that has a public policy to only Amazon Web Services service principals
+-- and authorized users within the S3 bucket owner\'s account.
+newAwsS3AccountPublicAccessBlockDetails ::
+  AwsS3AccountPublicAccessBlockDetails
+newAwsS3AccountPublicAccessBlockDetails =
+  AwsS3AccountPublicAccessBlockDetails'
+    { blockPublicAcls =
+        Prelude.Nothing,
+      blockPublicPolicy = Prelude.Nothing,
+      ignorePublicAcls = Prelude.Nothing,
+      restrictPublicBuckets =
+        Prelude.Nothing
+    }
+
+-- | Indicates whether to reject calls to update an S3 bucket if the calls
+-- include a public access control list (ACL).
+awsS3AccountPublicAccessBlockDetails_blockPublicAcls :: Lens.Lens' AwsS3AccountPublicAccessBlockDetails (Prelude.Maybe Prelude.Bool)
+awsS3AccountPublicAccessBlockDetails_blockPublicAcls = Lens.lens (\AwsS3AccountPublicAccessBlockDetails' {blockPublicAcls} -> blockPublicAcls) (\s@AwsS3AccountPublicAccessBlockDetails' {} a -> s {blockPublicAcls = a} :: AwsS3AccountPublicAccessBlockDetails)
+
+-- | Indicates whether to reject calls to update the access policy for an S3
+-- bucket or access point if the policy allows public access.
+awsS3AccountPublicAccessBlockDetails_blockPublicPolicy :: Lens.Lens' AwsS3AccountPublicAccessBlockDetails (Prelude.Maybe Prelude.Bool)
+awsS3AccountPublicAccessBlockDetails_blockPublicPolicy = Lens.lens (\AwsS3AccountPublicAccessBlockDetails' {blockPublicPolicy} -> blockPublicPolicy) (\s@AwsS3AccountPublicAccessBlockDetails' {} a -> s {blockPublicPolicy = a} :: AwsS3AccountPublicAccessBlockDetails)
+
+-- | Indicates whether Amazon S3 ignores public ACLs that are associated with
+-- an S3 bucket.
+awsS3AccountPublicAccessBlockDetails_ignorePublicAcls :: Lens.Lens' AwsS3AccountPublicAccessBlockDetails (Prelude.Maybe Prelude.Bool)
+awsS3AccountPublicAccessBlockDetails_ignorePublicAcls = Lens.lens (\AwsS3AccountPublicAccessBlockDetails' {ignorePublicAcls} -> ignorePublicAcls) (\s@AwsS3AccountPublicAccessBlockDetails' {} a -> s {ignorePublicAcls = a} :: AwsS3AccountPublicAccessBlockDetails)
+
+-- | Indicates whether to restrict access to an access point or S3 bucket
+-- that has a public policy to only Amazon Web Services service principals
+-- and authorized users within the S3 bucket owner\'s account.
+awsS3AccountPublicAccessBlockDetails_restrictPublicBuckets :: Lens.Lens' AwsS3AccountPublicAccessBlockDetails (Prelude.Maybe Prelude.Bool)
+awsS3AccountPublicAccessBlockDetails_restrictPublicBuckets = Lens.lens (\AwsS3AccountPublicAccessBlockDetails' {restrictPublicBuckets} -> restrictPublicBuckets) (\s@AwsS3AccountPublicAccessBlockDetails' {} a -> s {restrictPublicBuckets = a} :: AwsS3AccountPublicAccessBlockDetails)
+
+instance
+  Data.FromJSON
+    AwsS3AccountPublicAccessBlockDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3AccountPublicAccessBlockDetails"
+      ( \x ->
+          AwsS3AccountPublicAccessBlockDetails'
+            Prelude.<$> (x Data..:? "BlockPublicAcls")
+            Prelude.<*> (x Data..:? "BlockPublicPolicy")
+            Prelude.<*> (x Data..:? "IgnorePublicAcls")
+            Prelude.<*> (x Data..:? "RestrictPublicBuckets")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3AccountPublicAccessBlockDetails
+  where
+  hashWithSalt
+    _salt
+    AwsS3AccountPublicAccessBlockDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` blockPublicAcls
+        `Prelude.hashWithSalt` blockPublicPolicy
+        `Prelude.hashWithSalt` ignorePublicAcls
+        `Prelude.hashWithSalt` restrictPublicBuckets
+
+instance
+  Prelude.NFData
+    AwsS3AccountPublicAccessBlockDetails
+  where
+  rnf AwsS3AccountPublicAccessBlockDetails' {..} =
+    Prelude.rnf blockPublicAcls
+      `Prelude.seq` Prelude.rnf blockPublicPolicy
+      `Prelude.seq` Prelude.rnf ignorePublicAcls
+      `Prelude.seq` Prelude.rnf restrictPublicBuckets
+
+instance
+  Data.ToJSON
+    AwsS3AccountPublicAccessBlockDetails
+  where
+  toJSON AwsS3AccountPublicAccessBlockDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("BlockPublicAcls" Data..=)
+              Prelude.<$> blockPublicAcls,
+            ("BlockPublicPolicy" Data..=)
+              Prelude.<$> blockPublicPolicy,
+            ("IgnorePublicAcls" Data..=)
+              Prelude.<$> ignorePublicAcls,
+            ("RestrictPublicBuckets" Data..=)
+              Prelude.<$> restrictPublicBuckets
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationDetails.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesDetails
+
+-- | The lifecycle configuration for the objects in the S3 bucket.
+--
+-- /See:/ 'newAwsS3BucketBucketLifecycleConfigurationDetails' smart constructor.
+data AwsS3BucketBucketLifecycleConfigurationDetails = AwsS3BucketBucketLifecycleConfigurationDetails'
+  { -- | The lifecycle rules.
+    rules :: Prelude.Maybe [AwsS3BucketBucketLifecycleConfigurationRulesDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketBucketLifecycleConfigurationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'rules', 'awsS3BucketBucketLifecycleConfigurationDetails_rules' - The lifecycle rules.
+newAwsS3BucketBucketLifecycleConfigurationDetails ::
+  AwsS3BucketBucketLifecycleConfigurationDetails
+newAwsS3BucketBucketLifecycleConfigurationDetails =
+  AwsS3BucketBucketLifecycleConfigurationDetails'
+    { rules =
+        Prelude.Nothing
+    }
+
+-- | The lifecycle rules.
+awsS3BucketBucketLifecycleConfigurationDetails_rules :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationDetails (Prelude.Maybe [AwsS3BucketBucketLifecycleConfigurationRulesDetails])
+awsS3BucketBucketLifecycleConfigurationDetails_rules = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationDetails' {rules} -> rules) (\s@AwsS3BucketBucketLifecycleConfigurationDetails' {} a -> s {rules = a} :: AwsS3BucketBucketLifecycleConfigurationDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsS3BucketBucketLifecycleConfigurationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketBucketLifecycleConfigurationDetails"
+      ( \x ->
+          AwsS3BucketBucketLifecycleConfigurationDetails'
+            Prelude.<$> (x Data..:? "Rules" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketBucketLifecycleConfigurationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketBucketLifecycleConfigurationDetails' {..} =
+      _salt `Prelude.hashWithSalt` rules
+
+instance
+  Prelude.NFData
+    AwsS3BucketBucketLifecycleConfigurationDetails
+  where
+  rnf
+    AwsS3BucketBucketLifecycleConfigurationDetails' {..} =
+      Prelude.rnf rules
+
+instance
+  Data.ToJSON
+    AwsS3BucketBucketLifecycleConfigurationDetails
+  where
+  toJSON
+    AwsS3BucketBucketLifecycleConfigurationDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Rules" Data..=) Prelude.<$> rules]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails.hs
@@ -0,0 +1,101 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about what Amazon S3 does when a multipart upload is
+-- incomplete.
+--
+-- /See:/ 'newAwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails' smart constructor.
+data AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails = AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails'
+  { -- | The number of days after which Amazon S3 cancels an incomplete multipart
+    -- upload.
+    daysAfterInitiation :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'daysAfterInitiation', 'awsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails_daysAfterInitiation' - The number of days after which Amazon S3 cancels an incomplete multipart
+-- upload.
+newAwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails ::
+  AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails
+newAwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails =
+  AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails'
+    { daysAfterInitiation =
+        Prelude.Nothing
+    }
+
+-- | The number of days after which Amazon S3 cancels an incomplete multipart
+-- upload.
+awsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails_daysAfterInitiation :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails (Prelude.Maybe Prelude.Int)
+awsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails_daysAfterInitiation = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails' {daysAfterInitiation} -> daysAfterInitiation) (\s@AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails' {} a -> s {daysAfterInitiation = a} :: AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails)
+
+instance
+  Data.FromJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails"
+      ( \x ->
+          AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails'
+            Prelude.<$> (x Data..:? "DaysAfterInitiation")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails' {..} =
+      _salt `Prelude.hashWithSalt` daysAfterInitiation
+
+instance
+  Prelude.NFData
+    AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails
+  where
+  rnf
+    AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails' {..} =
+      Prelude.rnf daysAfterInitiation
+
+instance
+  Data.ToJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails
+  where
+  toJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DaysAfterInitiation" Data..=)
+                Prelude.<$> daysAfterInitiation
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesDetails.hs
@@ -0,0 +1,300 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails
+
+-- | Configuration for a lifecycle rule.
+--
+-- /See:/ 'newAwsS3BucketBucketLifecycleConfigurationRulesDetails' smart constructor.
+data AwsS3BucketBucketLifecycleConfigurationRulesDetails = AwsS3BucketBucketLifecycleConfigurationRulesDetails'
+  { -- | How Amazon S3 responds when a multipart upload is incomplete.
+    -- Specifically, provides a number of days before Amazon S3 cancels the
+    -- entire upload.
+    abortIncompleteMultipartUpload :: Prelude.Maybe AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails,
+    -- | The date when objects are moved or deleted.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    expirationDate :: Prelude.Maybe Prelude.Text,
+    -- | The length in days of the lifetime for objects that are subject to the
+    -- rule.
+    expirationInDays :: Prelude.Maybe Prelude.Int,
+    -- | Whether Amazon S3 removes a delete marker that has no noncurrent
+    -- versions. If set to @true@, the delete marker is expired. If set to
+    -- @false@, the policy takes no action.
+    --
+    -- If you provide @ExpiredObjectDeleteMarker@, you cannot provide
+    -- @ExpirationInDays@ or @ExpirationDate@.
+    expiredObjectDeleteMarker :: Prelude.Maybe Prelude.Bool,
+    -- | Identifies the objects that a rule applies to.
+    filter' :: Prelude.Maybe AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails,
+    -- | The unique identifier of the rule.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The number of days that an object is noncurrent before Amazon S3 can
+    -- perform the associated action.
+    noncurrentVersionExpirationInDays :: Prelude.Maybe Prelude.Int,
+    -- | Transition rules that describe when noncurrent objects transition to a
+    -- specified storage class.
+    noncurrentVersionTransitions :: Prelude.Maybe [AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails],
+    -- | A prefix that identifies one or more objects that the rule applies to.
+    prefix :: Prelude.Maybe Prelude.Text,
+    -- | The current status of the rule. Indicates whether the rule is currently
+    -- being applied.
+    status :: Prelude.Maybe Prelude.Text,
+    -- | Transition rules that indicate when objects transition to a specified
+    -- storage class.
+    transitions :: Prelude.Maybe [AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketBucketLifecycleConfigurationRulesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'abortIncompleteMultipartUpload', 'awsS3BucketBucketLifecycleConfigurationRulesDetails_abortIncompleteMultipartUpload' - How Amazon S3 responds when a multipart upload is incomplete.
+-- Specifically, provides a number of days before Amazon S3 cancels the
+-- entire upload.
+--
+-- 'expirationDate', 'awsS3BucketBucketLifecycleConfigurationRulesDetails_expirationDate' - The date when objects are moved or deleted.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'expirationInDays', 'awsS3BucketBucketLifecycleConfigurationRulesDetails_expirationInDays' - The length in days of the lifetime for objects that are subject to the
+-- rule.
+--
+-- 'expiredObjectDeleteMarker', 'awsS3BucketBucketLifecycleConfigurationRulesDetails_expiredObjectDeleteMarker' - Whether Amazon S3 removes a delete marker that has no noncurrent
+-- versions. If set to @true@, the delete marker is expired. If set to
+-- @false@, the policy takes no action.
+--
+-- If you provide @ExpiredObjectDeleteMarker@, you cannot provide
+-- @ExpirationInDays@ or @ExpirationDate@.
+--
+-- 'filter'', 'awsS3BucketBucketLifecycleConfigurationRulesDetails_filter' - Identifies the objects that a rule applies to.
+--
+-- 'id', 'awsS3BucketBucketLifecycleConfigurationRulesDetails_id' - The unique identifier of the rule.
+--
+-- 'noncurrentVersionExpirationInDays', 'awsS3BucketBucketLifecycleConfigurationRulesDetails_noncurrentVersionExpirationInDays' - The number of days that an object is noncurrent before Amazon S3 can
+-- perform the associated action.
+--
+-- 'noncurrentVersionTransitions', 'awsS3BucketBucketLifecycleConfigurationRulesDetails_noncurrentVersionTransitions' - Transition rules that describe when noncurrent objects transition to a
+-- specified storage class.
+--
+-- 'prefix', 'awsS3BucketBucketLifecycleConfigurationRulesDetails_prefix' - A prefix that identifies one or more objects that the rule applies to.
+--
+-- 'status', 'awsS3BucketBucketLifecycleConfigurationRulesDetails_status' - The current status of the rule. Indicates whether the rule is currently
+-- being applied.
+--
+-- 'transitions', 'awsS3BucketBucketLifecycleConfigurationRulesDetails_transitions' - Transition rules that indicate when objects transition to a specified
+-- storage class.
+newAwsS3BucketBucketLifecycleConfigurationRulesDetails ::
+  AwsS3BucketBucketLifecycleConfigurationRulesDetails
+newAwsS3BucketBucketLifecycleConfigurationRulesDetails =
+  AwsS3BucketBucketLifecycleConfigurationRulesDetails'
+    { abortIncompleteMultipartUpload =
+        Prelude.Nothing,
+      expirationDate =
+        Prelude.Nothing,
+      expirationInDays =
+        Prelude.Nothing,
+      expiredObjectDeleteMarker =
+        Prelude.Nothing,
+      filter' =
+        Prelude.Nothing,
+      id = Prelude.Nothing,
+      noncurrentVersionExpirationInDays =
+        Prelude.Nothing,
+      noncurrentVersionTransitions =
+        Prelude.Nothing,
+      prefix =
+        Prelude.Nothing,
+      status =
+        Prelude.Nothing,
+      transitions =
+        Prelude.Nothing
+    }
+
+-- | How Amazon S3 responds when a multipart upload is incomplete.
+-- Specifically, provides a number of days before Amazon S3 cancels the
+-- entire upload.
+awsS3BucketBucketLifecycleConfigurationRulesDetails_abortIncompleteMultipartUpload :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesDetails (Prelude.Maybe AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails)
+awsS3BucketBucketLifecycleConfigurationRulesDetails_abortIncompleteMultipartUpload = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesDetails' {abortIncompleteMultipartUpload} -> abortIncompleteMultipartUpload) (\s@AwsS3BucketBucketLifecycleConfigurationRulesDetails' {} a -> s {abortIncompleteMultipartUpload = a} :: AwsS3BucketBucketLifecycleConfigurationRulesDetails)
+
+-- | The date when objects are moved or deleted.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsS3BucketBucketLifecycleConfigurationRulesDetails_expirationDate :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketLifecycleConfigurationRulesDetails_expirationDate = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesDetails' {expirationDate} -> expirationDate) (\s@AwsS3BucketBucketLifecycleConfigurationRulesDetails' {} a -> s {expirationDate = a} :: AwsS3BucketBucketLifecycleConfigurationRulesDetails)
+
+-- | The length in days of the lifetime for objects that are subject to the
+-- rule.
+awsS3BucketBucketLifecycleConfigurationRulesDetails_expirationInDays :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesDetails (Prelude.Maybe Prelude.Int)
+awsS3BucketBucketLifecycleConfigurationRulesDetails_expirationInDays = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesDetails' {expirationInDays} -> expirationInDays) (\s@AwsS3BucketBucketLifecycleConfigurationRulesDetails' {} a -> s {expirationInDays = a} :: AwsS3BucketBucketLifecycleConfigurationRulesDetails)
+
+-- | Whether Amazon S3 removes a delete marker that has no noncurrent
+-- versions. If set to @true@, the delete marker is expired. If set to
+-- @false@, the policy takes no action.
+--
+-- If you provide @ExpiredObjectDeleteMarker@, you cannot provide
+-- @ExpirationInDays@ or @ExpirationDate@.
+awsS3BucketBucketLifecycleConfigurationRulesDetails_expiredObjectDeleteMarker :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesDetails (Prelude.Maybe Prelude.Bool)
+awsS3BucketBucketLifecycleConfigurationRulesDetails_expiredObjectDeleteMarker = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesDetails' {expiredObjectDeleteMarker} -> expiredObjectDeleteMarker) (\s@AwsS3BucketBucketLifecycleConfigurationRulesDetails' {} a -> s {expiredObjectDeleteMarker = a} :: AwsS3BucketBucketLifecycleConfigurationRulesDetails)
+
+-- | Identifies the objects that a rule applies to.
+awsS3BucketBucketLifecycleConfigurationRulesDetails_filter :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesDetails (Prelude.Maybe AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails)
+awsS3BucketBucketLifecycleConfigurationRulesDetails_filter = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesDetails' {filter'} -> filter') (\s@AwsS3BucketBucketLifecycleConfigurationRulesDetails' {} a -> s {filter' = a} :: AwsS3BucketBucketLifecycleConfigurationRulesDetails)
+
+-- | The unique identifier of the rule.
+awsS3BucketBucketLifecycleConfigurationRulesDetails_id :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketLifecycleConfigurationRulesDetails_id = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesDetails' {id} -> id) (\s@AwsS3BucketBucketLifecycleConfigurationRulesDetails' {} a -> s {id = a} :: AwsS3BucketBucketLifecycleConfigurationRulesDetails)
+
+-- | The number of days that an object is noncurrent before Amazon S3 can
+-- perform the associated action.
+awsS3BucketBucketLifecycleConfigurationRulesDetails_noncurrentVersionExpirationInDays :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesDetails (Prelude.Maybe Prelude.Int)
+awsS3BucketBucketLifecycleConfigurationRulesDetails_noncurrentVersionExpirationInDays = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesDetails' {noncurrentVersionExpirationInDays} -> noncurrentVersionExpirationInDays) (\s@AwsS3BucketBucketLifecycleConfigurationRulesDetails' {} a -> s {noncurrentVersionExpirationInDays = a} :: AwsS3BucketBucketLifecycleConfigurationRulesDetails)
+
+-- | Transition rules that describe when noncurrent objects transition to a
+-- specified storage class.
+awsS3BucketBucketLifecycleConfigurationRulesDetails_noncurrentVersionTransitions :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesDetails (Prelude.Maybe [AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails])
+awsS3BucketBucketLifecycleConfigurationRulesDetails_noncurrentVersionTransitions = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesDetails' {noncurrentVersionTransitions} -> noncurrentVersionTransitions) (\s@AwsS3BucketBucketLifecycleConfigurationRulesDetails' {} a -> s {noncurrentVersionTransitions = a} :: AwsS3BucketBucketLifecycleConfigurationRulesDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A prefix that identifies one or more objects that the rule applies to.
+awsS3BucketBucketLifecycleConfigurationRulesDetails_prefix :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketLifecycleConfigurationRulesDetails_prefix = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesDetails' {prefix} -> prefix) (\s@AwsS3BucketBucketLifecycleConfigurationRulesDetails' {} a -> s {prefix = a} :: AwsS3BucketBucketLifecycleConfigurationRulesDetails)
+
+-- | The current status of the rule. Indicates whether the rule is currently
+-- being applied.
+awsS3BucketBucketLifecycleConfigurationRulesDetails_status :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketLifecycleConfigurationRulesDetails_status = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesDetails' {status} -> status) (\s@AwsS3BucketBucketLifecycleConfigurationRulesDetails' {} a -> s {status = a} :: AwsS3BucketBucketLifecycleConfigurationRulesDetails)
+
+-- | Transition rules that indicate when objects transition to a specified
+-- storage class.
+awsS3BucketBucketLifecycleConfigurationRulesDetails_transitions :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesDetails (Prelude.Maybe [AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails])
+awsS3BucketBucketLifecycleConfigurationRulesDetails_transitions = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesDetails' {transitions} -> transitions) (\s@AwsS3BucketBucketLifecycleConfigurationRulesDetails' {} a -> s {transitions = a} :: AwsS3BucketBucketLifecycleConfigurationRulesDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketBucketLifecycleConfigurationRulesDetails"
+      ( \x ->
+          AwsS3BucketBucketLifecycleConfigurationRulesDetails'
+            Prelude.<$> (x Data..:? "AbortIncompleteMultipartUpload")
+            Prelude.<*> (x Data..:? "ExpirationDate")
+            Prelude.<*> (x Data..:? "ExpirationInDays")
+            Prelude.<*> (x Data..:? "ExpiredObjectDeleteMarker")
+            Prelude.<*> (x Data..:? "Filter")
+            Prelude.<*> (x Data..:? "ID")
+            Prelude.<*> (x Data..:? "NoncurrentVersionExpirationInDays")
+            Prelude.<*> ( x
+                            Data..:? "NoncurrentVersionTransitions"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Prefix")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "Transitions" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketBucketLifecycleConfigurationRulesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketBucketLifecycleConfigurationRulesDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` abortIncompleteMultipartUpload
+        `Prelude.hashWithSalt` expirationDate
+        `Prelude.hashWithSalt` expirationInDays
+        `Prelude.hashWithSalt` expiredObjectDeleteMarker
+        `Prelude.hashWithSalt` filter'
+        `Prelude.hashWithSalt` id
+        `Prelude.hashWithSalt` noncurrentVersionExpirationInDays
+        `Prelude.hashWithSalt` noncurrentVersionTransitions
+        `Prelude.hashWithSalt` prefix
+        `Prelude.hashWithSalt` status
+        `Prelude.hashWithSalt` transitions
+
+instance
+  Prelude.NFData
+    AwsS3BucketBucketLifecycleConfigurationRulesDetails
+  where
+  rnf
+    AwsS3BucketBucketLifecycleConfigurationRulesDetails' {..} =
+      Prelude.rnf abortIncompleteMultipartUpload
+        `Prelude.seq` Prelude.rnf expirationDate
+        `Prelude.seq` Prelude.rnf expirationInDays
+        `Prelude.seq` Prelude.rnf expiredObjectDeleteMarker
+        `Prelude.seq` Prelude.rnf filter'
+        `Prelude.seq` Prelude.rnf id
+        `Prelude.seq` Prelude.rnf noncurrentVersionExpirationInDays
+        `Prelude.seq` Prelude.rnf noncurrentVersionTransitions
+        `Prelude.seq` Prelude.rnf prefix
+        `Prelude.seq` Prelude.rnf status
+        `Prelude.seq` Prelude.rnf transitions
+
+instance
+  Data.ToJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesDetails
+  where
+  toJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AbortIncompleteMultipartUpload" Data..=)
+                Prelude.<$> abortIncompleteMultipartUpload,
+              ("ExpirationDate" Data..=)
+                Prelude.<$> expirationDate,
+              ("ExpirationInDays" Data..=)
+                Prelude.<$> expirationInDays,
+              ("ExpiredObjectDeleteMarker" Data..=)
+                Prelude.<$> expiredObjectDeleteMarker,
+              ("Filter" Data..=) Prelude.<$> filter',
+              ("ID" Data..=) Prelude.<$> id,
+              ("NoncurrentVersionExpirationInDays" Data..=)
+                Prelude.<$> noncurrentVersionExpirationInDays,
+              ("NoncurrentVersionTransitions" Data..=)
+                Prelude.<$> noncurrentVersionTransitions,
+              ("Prefix" Data..=) Prelude.<$> prefix,
+              ("Status" Data..=) Prelude.<$> status,
+              ("Transitions" Data..=) Prelude.<$> transitions
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails
+
+-- | Identifies the objects that a rule applies to.
+--
+-- /See:/ 'newAwsS3BucketBucketLifecycleConfigurationRulesFilterDetails' smart constructor.
+data AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails = AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails'
+  { -- | The configuration for the filter.
+    predicate :: Prelude.Maybe AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'predicate', 'awsS3BucketBucketLifecycleConfigurationRulesFilterDetails_predicate' - The configuration for the filter.
+newAwsS3BucketBucketLifecycleConfigurationRulesFilterDetails ::
+  AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails
+newAwsS3BucketBucketLifecycleConfigurationRulesFilterDetails =
+  AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails'
+    { predicate =
+        Prelude.Nothing
+    }
+
+-- | The configuration for the filter.
+awsS3BucketBucketLifecycleConfigurationRulesFilterDetails_predicate :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails (Prelude.Maybe AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails)
+awsS3BucketBucketLifecycleConfigurationRulesFilterDetails_predicate = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails' {predicate} -> predicate) (\s@AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails' {} a -> s {predicate = a} :: AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails)
+
+instance
+  Data.FromJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails"
+      ( \x ->
+          AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails'
+            Prelude.<$> (x Data..:? "Predicate")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails' {..} =
+      _salt `Prelude.hashWithSalt` predicate
+
+instance
+  Prelude.NFData
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails
+  where
+  rnf
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails' {..} =
+      Prelude.rnf predicate
+
+instance
+  Data.ToJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails
+  where
+  toJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Predicate" Data..=) Prelude.<$> predicate]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails.hs
@@ -0,0 +1,144 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails
+
+-- | The configuration for the filter.
+--
+-- /See:/ 'newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails' smart constructor.
+data AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails = AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails'
+  { -- | The values to use for the filter.
+    operands :: Prelude.Maybe [AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails],
+    -- | A prefix filter.
+    prefix :: Prelude.Maybe Prelude.Text,
+    -- | A tag filter.
+    tag :: Prelude.Maybe AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails,
+    -- | Whether to use @AND@ or @OR@ to join the operands. Valid values are
+    -- @LifecycleAndOperator@ or @LifecycleOrOperator@.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'operands', 'awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_operands' - The values to use for the filter.
+--
+-- 'prefix', 'awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_prefix' - A prefix filter.
+--
+-- 'tag', 'awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_tag' - A tag filter.
+--
+-- 'type'', 'awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_type' - Whether to use @AND@ or @OR@ to join the operands. Valid values are
+-- @LifecycleAndOperator@ or @LifecycleOrOperator@.
+newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails ::
+  AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails
+newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails =
+  AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails'
+    { operands =
+        Prelude.Nothing,
+      prefix =
+        Prelude.Nothing,
+      tag =
+        Prelude.Nothing,
+      type' =
+        Prelude.Nothing
+    }
+
+-- | The values to use for the filter.
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_operands :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails (Prelude.Maybe [AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails])
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_operands = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails' {operands} -> operands) (\s@AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails' {} a -> s {operands = a} :: AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A prefix filter.
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_prefix :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_prefix = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails' {prefix} -> prefix) (\s@AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails' {} a -> s {prefix = a} :: AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails)
+
+-- | A tag filter.
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_tag :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails (Prelude.Maybe AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails)
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_tag = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails' {tag} -> tag) (\s@AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails' {} a -> s {tag = a} :: AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails)
+
+-- | Whether to use @AND@ or @OR@ to join the operands. Valid values are
+-- @LifecycleAndOperator@ or @LifecycleOrOperator@.
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_type :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails_type = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails' {type'} -> type') (\s@AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails' {} a -> s {type' = a} :: AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails)
+
+instance
+  Data.FromJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails"
+      ( \x ->
+          AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails'
+            Prelude.<$> (x Data..:? "Operands" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Prefix")
+            Prelude.<*> (x Data..:? "Tag")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` operands
+        `Prelude.hashWithSalt` prefix
+        `Prelude.hashWithSalt` tag
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails
+  where
+  rnf
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails' {..} =
+      Prelude.rnf operands
+        `Prelude.seq` Prelude.rnf prefix
+        `Prelude.seq` Prelude.rnf tag
+        `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails
+  where
+  toJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Operands" Data..=) Prelude.<$> operands,
+              ("Prefix" Data..=) Prelude.<$> prefix,
+              ("Tag" Data..=) Prelude.<$> tag,
+              ("Type" Data..=) Prelude.<$> type'
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails.hs
@@ -0,0 +1,129 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails
+
+-- | A value to use for the filter.
+--
+-- /See:/ 'newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails' smart constructor.
+data AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails = AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails'
+  { -- | Prefix text for matching objects.
+    prefix :: Prelude.Maybe Prelude.Text,
+    -- | A tag that is assigned to matching objects.
+    tag :: Prelude.Maybe AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails,
+    -- | The type of filter value. Valid values are @LifecyclePrefixPredicate@ or
+    -- @LifecycleTagPredicate@.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'prefix', 'awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails_prefix' - Prefix text for matching objects.
+--
+-- 'tag', 'awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails_tag' - A tag that is assigned to matching objects.
+--
+-- 'type'', 'awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails_type' - The type of filter value. Valid values are @LifecyclePrefixPredicate@ or
+-- @LifecycleTagPredicate@.
+newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails ::
+  AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails
+newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails =
+  AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails'
+    { prefix =
+        Prelude.Nothing,
+      tag =
+        Prelude.Nothing,
+      type' =
+        Prelude.Nothing
+    }
+
+-- | Prefix text for matching objects.
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails_prefix :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails_prefix = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails' {prefix} -> prefix) (\s@AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails' {} a -> s {prefix = a} :: AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails)
+
+-- | A tag that is assigned to matching objects.
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails_tag :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails (Prelude.Maybe AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails)
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails_tag = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails' {tag} -> tag) (\s@AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails' {} a -> s {tag = a} :: AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails)
+
+-- | The type of filter value. Valid values are @LifecyclePrefixPredicate@ or
+-- @LifecycleTagPredicate@.
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails_type :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails_type = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails' {type'} -> type') (\s@AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails' {} a -> s {type' = a} :: AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails)
+
+instance
+  Data.FromJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails"
+      ( \x ->
+          AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails'
+            Prelude.<$> (x Data..:? "Prefix")
+            Prelude.<*> (x Data..:? "Tag")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` prefix
+        `Prelude.hashWithSalt` tag
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails
+  where
+  rnf
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails' {..} =
+      Prelude.rnf prefix
+        `Prelude.seq` Prelude.rnf tag
+        `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails
+  where
+  toJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Prefix" Data..=) Prelude.<$> prefix,
+              ("Tag" Data..=) Prelude.<$> tag,
+              ("Type" Data..=) Prelude.<$> type'
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A tag that is assigned to matching objects.
+--
+-- /See:/ 'newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails' smart constructor.
+data AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails = AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails'
+  { -- | The tag key.
+    key :: Prelude.Maybe Prelude.Text,
+    -- | The tag value.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'key', 'awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails_key' - The tag key.
+--
+-- 'value', 'awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails_value' - The tag value.
+newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails ::
+  AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails
+newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails =
+  AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails'
+    { key =
+        Prelude.Nothing,
+      value =
+        Prelude.Nothing
+    }
+
+-- | The tag key.
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails_key :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails_key = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails' {key} -> key) (\s@AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails' {} a -> s {key = a} :: AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails)
+
+-- | The tag value.
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails_value :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails_value = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails' {value} -> value) (\s@AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails' {} a -> s {value = a} :: AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails)
+
+instance
+  Data.FromJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails"
+      ( \x ->
+          AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails'
+            Prelude.<$> (x Data..:? "Key")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` key
+        `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails
+  where
+  rnf
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails' {..} =
+      Prelude.rnf key `Prelude.seq` Prelude.rnf value
+
+instance
+  Data.ToJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails
+  where
+  toJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Key" Data..=) Prelude.<$> key,
+              ("Value" Data..=) Prelude.<$> value
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A tag filter.
+--
+-- /See:/ 'newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails' smart constructor.
+data AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails = AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails'
+  { -- | The tag key.
+    key :: Prelude.Maybe Prelude.Text,
+    -- | The tag value
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'key', 'awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails_key' - The tag key.
+--
+-- 'value', 'awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails_value' - The tag value
+newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails ::
+  AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails
+newAwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails =
+  AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails'
+    { key =
+        Prelude.Nothing,
+      value =
+        Prelude.Nothing
+    }
+
+-- | The tag key.
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails_key :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails_key = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails' {key} -> key) (\s@AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails' {} a -> s {key = a} :: AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails)
+
+-- | The tag value
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails_value :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails_value = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails' {value} -> value) (\s@AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails' {} a -> s {value = a} :: AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails)
+
+instance
+  Data.FromJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails"
+      ( \x ->
+          AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails'
+            Prelude.<$> (x Data..:? "Key")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` key
+        `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails
+  where
+  rnf
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails' {..} =
+      Prelude.rnf key `Prelude.seq` Prelude.rnf value
+
+instance
+  Data.ToJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails
+  where
+  toJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Key" Data..=) Prelude.<$> key,
+              ("Value" Data..=) Prelude.<$> value
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails.hs
@@ -0,0 +1,118 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A transition rule that describes when noncurrent objects transition to a
+-- specified storage class.
+--
+-- /See:/ 'newAwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails' smart constructor.
+data AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails = AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails'
+  { -- | The number of days that an object is noncurrent before Amazon S3 can
+    -- perform the associated action.
+    days :: Prelude.Maybe Prelude.Int,
+    -- | The class of storage to change the object to after the object is
+    -- noncurrent for the specified number of days.
+    storageClass :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'days', 'awsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails_days' - The number of days that an object is noncurrent before Amazon S3 can
+-- perform the associated action.
+--
+-- 'storageClass', 'awsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails_storageClass' - The class of storage to change the object to after the object is
+-- noncurrent for the specified number of days.
+newAwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails ::
+  AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails
+newAwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails =
+  AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails'
+    { days =
+        Prelude.Nothing,
+      storageClass =
+        Prelude.Nothing
+    }
+
+-- | The number of days that an object is noncurrent before Amazon S3 can
+-- perform the associated action.
+awsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails_days :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails (Prelude.Maybe Prelude.Int)
+awsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails_days = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails' {days} -> days) (\s@AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails' {} a -> s {days = a} :: AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails)
+
+-- | The class of storage to change the object to after the object is
+-- noncurrent for the specified number of days.
+awsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails_storageClass :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails_storageClass = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails' {storageClass} -> storageClass) (\s@AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails' {} a -> s {storageClass = a} :: AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails)
+
+instance
+  Data.FromJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails"
+      ( \x ->
+          AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails'
+            Prelude.<$> (x Data..:? "Days")
+            Prelude.<*> (x Data..:? "StorageClass")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` days
+        `Prelude.hashWithSalt` storageClass
+
+instance
+  Prelude.NFData
+    AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails
+  where
+  rnf
+    AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails' {..} =
+      Prelude.rnf days
+        `Prelude.seq` Prelude.rnf storageClass
+
+instance
+  Data.ToJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails
+  where
+  toJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Days" Data..=) Prelude.<$> days,
+              ("StorageClass" Data..=) Prelude.<$> storageClass
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails.hs
@@ -0,0 +1,179 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A rule for when objects transition to specific storage classes.
+--
+-- /See:/ 'newAwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails' smart constructor.
+data AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails = AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails'
+  { -- | A date on which to transition objects to the specified storage class. If
+    -- you provide @Date@, you cannot provide @Days@.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    date :: Prelude.Maybe Prelude.Text,
+    -- | The number of days after which to transition the object to the specified
+    -- storage class. If you provide @Days@, you cannot provide @Date@.
+    days :: Prelude.Maybe Prelude.Int,
+    -- | The storage class to transition the object to. Valid values are as
+    -- follows:
+    --
+    -- -   @DEEP_ARCHIVE@
+    --
+    -- -   @GLACIER@
+    --
+    -- -   @INTELLIGENT_TIERING@
+    --
+    -- -   @ONEZONE_IA@
+    --
+    -- -   @STANDARD_IA@
+    storageClass :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'date', 'awsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails_date' - A date on which to transition objects to the specified storage class. If
+-- you provide @Date@, you cannot provide @Days@.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'days', 'awsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails_days' - The number of days after which to transition the object to the specified
+-- storage class. If you provide @Days@, you cannot provide @Date@.
+--
+-- 'storageClass', 'awsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails_storageClass' - The storage class to transition the object to. Valid values are as
+-- follows:
+--
+-- -   @DEEP_ARCHIVE@
+--
+-- -   @GLACIER@
+--
+-- -   @INTELLIGENT_TIERING@
+--
+-- -   @ONEZONE_IA@
+--
+-- -   @STANDARD_IA@
+newAwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails ::
+  AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails
+newAwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails =
+  AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails'
+    { date =
+        Prelude.Nothing,
+      days =
+        Prelude.Nothing,
+      storageClass =
+        Prelude.Nothing
+    }
+
+-- | A date on which to transition objects to the specified storage class. If
+-- you provide @Date@, you cannot provide @Days@.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails_date :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails_date = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails' {date} -> date) (\s@AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails' {} a -> s {date = a} :: AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails)
+
+-- | The number of days after which to transition the object to the specified
+-- storage class. If you provide @Days@, you cannot provide @Date@.
+awsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails_days :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails (Prelude.Maybe Prelude.Int)
+awsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails_days = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails' {days} -> days) (\s@AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails' {} a -> s {days = a} :: AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails)
+
+-- | The storage class to transition the object to. Valid values are as
+-- follows:
+--
+-- -   @DEEP_ARCHIVE@
+--
+-- -   @GLACIER@
+--
+-- -   @INTELLIGENT_TIERING@
+--
+-- -   @ONEZONE_IA@
+--
+-- -   @STANDARD_IA@
+awsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails_storageClass :: Lens.Lens' AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails_storageClass = Lens.lens (\AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails' {storageClass} -> storageClass) (\s@AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails' {} a -> s {storageClass = a} :: AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails)
+
+instance
+  Data.FromJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails"
+      ( \x ->
+          AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails'
+            Prelude.<$> (x Data..:? "Date")
+            Prelude.<*> (x Data..:? "Days")
+            Prelude.<*> (x Data..:? "StorageClass")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` date
+        `Prelude.hashWithSalt` days
+        `Prelude.hashWithSalt` storageClass
+
+instance
+  Prelude.NFData
+    AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails
+  where
+  rnf
+    AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails' {..} =
+      Prelude.rnf date
+        `Prelude.seq` Prelude.rnf days
+        `Prelude.seq` Prelude.rnf storageClass
+
+instance
+  Data.ToJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails
+  where
+  toJSON
+    AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Date" Data..=) Prelude.<$> date,
+              ("Days" Data..=) Prelude.<$> days,
+              ("StorageClass" Data..=) Prelude.<$> storageClass
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketVersioningConfiguration.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketVersioningConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketBucketVersioningConfiguration.hs
@@ -0,0 +1,118 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketBucketVersioningConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketBucketVersioningConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes the versioning state of an S3 bucket.
+--
+-- /See:/ 'newAwsS3BucketBucketVersioningConfiguration' smart constructor.
+data AwsS3BucketBucketVersioningConfiguration = AwsS3BucketBucketVersioningConfiguration'
+  { -- | Specifies whether MFA delete is currently enabled in the S3 bucket
+    -- versioning configuration. If the S3 bucket was never configured with MFA
+    -- delete, then this attribute is not included.
+    isMfaDeleteEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | The versioning status of the S3 bucket. Valid values are @Enabled@ or
+    -- @Suspended@.
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketBucketVersioningConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'isMfaDeleteEnabled', 'awsS3BucketBucketVersioningConfiguration_isMfaDeleteEnabled' - Specifies whether MFA delete is currently enabled in the S3 bucket
+-- versioning configuration. If the S3 bucket was never configured with MFA
+-- delete, then this attribute is not included.
+--
+-- 'status', 'awsS3BucketBucketVersioningConfiguration_status' - The versioning status of the S3 bucket. Valid values are @Enabled@ or
+-- @Suspended@.
+newAwsS3BucketBucketVersioningConfiguration ::
+  AwsS3BucketBucketVersioningConfiguration
+newAwsS3BucketBucketVersioningConfiguration =
+  AwsS3BucketBucketVersioningConfiguration'
+    { isMfaDeleteEnabled =
+        Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | Specifies whether MFA delete is currently enabled in the S3 bucket
+-- versioning configuration. If the S3 bucket was never configured with MFA
+-- delete, then this attribute is not included.
+awsS3BucketBucketVersioningConfiguration_isMfaDeleteEnabled :: Lens.Lens' AwsS3BucketBucketVersioningConfiguration (Prelude.Maybe Prelude.Bool)
+awsS3BucketBucketVersioningConfiguration_isMfaDeleteEnabled = Lens.lens (\AwsS3BucketBucketVersioningConfiguration' {isMfaDeleteEnabled} -> isMfaDeleteEnabled) (\s@AwsS3BucketBucketVersioningConfiguration' {} a -> s {isMfaDeleteEnabled = a} :: AwsS3BucketBucketVersioningConfiguration)
+
+-- | The versioning status of the S3 bucket. Valid values are @Enabled@ or
+-- @Suspended@.
+awsS3BucketBucketVersioningConfiguration_status :: Lens.Lens' AwsS3BucketBucketVersioningConfiguration (Prelude.Maybe Prelude.Text)
+awsS3BucketBucketVersioningConfiguration_status = Lens.lens (\AwsS3BucketBucketVersioningConfiguration' {status} -> status) (\s@AwsS3BucketBucketVersioningConfiguration' {} a -> s {status = a} :: AwsS3BucketBucketVersioningConfiguration)
+
+instance
+  Data.FromJSON
+    AwsS3BucketBucketVersioningConfiguration
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketBucketVersioningConfiguration"
+      ( \x ->
+          AwsS3BucketBucketVersioningConfiguration'
+            Prelude.<$> (x Data..:? "IsMfaDeleteEnabled")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketBucketVersioningConfiguration
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketBucketVersioningConfiguration' {..} =
+      _salt
+        `Prelude.hashWithSalt` isMfaDeleteEnabled
+        `Prelude.hashWithSalt` status
+
+instance
+  Prelude.NFData
+    AwsS3BucketBucketVersioningConfiguration
+  where
+  rnf AwsS3BucketBucketVersioningConfiguration' {..} =
+    Prelude.rnf isMfaDeleteEnabled
+      `Prelude.seq` Prelude.rnf status
+
+instance
+  Data.ToJSON
+    AwsS3BucketBucketVersioningConfiguration
+  where
+  toJSON AwsS3BucketBucketVersioningConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("IsMfaDeleteEnabled" Data..=)
+              Prelude.<$> isMfaDeleteEnabled,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketDetails.hs
@@ -0,0 +1,261 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsS3AccountPublicAccessBlockDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketLifecycleConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketBucketVersioningConfiguration
+import Amazonka.SecurityHub.Types.AwsS3BucketLoggingConfiguration
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfiguration
+import Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionConfiguration
+import Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfiguration
+
+-- | The details of an Amazon S3 bucket.
+--
+-- /See:/ 'newAwsS3BucketDetails' smart constructor.
+data AwsS3BucketDetails = AwsS3BucketDetails'
+  { -- | The access control list for the S3 bucket.
+    accessControlList :: Prelude.Maybe Prelude.Text,
+    -- | The lifecycle configuration for objects in the S3 bucket.
+    bucketLifecycleConfiguration :: Prelude.Maybe AwsS3BucketBucketLifecycleConfigurationDetails,
+    -- | The logging configuration for the S3 bucket.
+    bucketLoggingConfiguration :: Prelude.Maybe AwsS3BucketLoggingConfiguration,
+    -- | The notification configuration for the S3 bucket.
+    bucketNotificationConfiguration :: Prelude.Maybe AwsS3BucketNotificationConfiguration,
+    -- | The versioning state of an S3 bucket.
+    bucketVersioningConfiguration :: Prelude.Maybe AwsS3BucketBucketVersioningConfiguration,
+    -- | The website configuration parameters for the S3 bucket.
+    bucketWebsiteConfiguration :: Prelude.Maybe AwsS3BucketWebsiteConfiguration,
+    -- | Indicates when the S3 bucket was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createdAt :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Web Services account identifier of the account that owns the
+    -- S3 bucket.
+    ownerAccountId :: Prelude.Maybe Prelude.Text,
+    -- | The canonical user ID of the owner of the S3 bucket.
+    ownerId :: Prelude.Maybe Prelude.Text,
+    -- | The display name of the owner of the S3 bucket.
+    ownerName :: Prelude.Maybe Prelude.Text,
+    -- | Provides information about the Amazon S3 Public Access Block
+    -- configuration for the S3 bucket.
+    publicAccessBlockConfiguration :: Prelude.Maybe AwsS3AccountPublicAccessBlockDetails,
+    -- | The encryption rules that are applied to the S3 bucket.
+    serverSideEncryptionConfiguration :: Prelude.Maybe AwsS3BucketServerSideEncryptionConfiguration
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessControlList', 'awsS3BucketDetails_accessControlList' - The access control list for the S3 bucket.
+--
+-- 'bucketLifecycleConfiguration', 'awsS3BucketDetails_bucketLifecycleConfiguration' - The lifecycle configuration for objects in the S3 bucket.
+--
+-- 'bucketLoggingConfiguration', 'awsS3BucketDetails_bucketLoggingConfiguration' - The logging configuration for the S3 bucket.
+--
+-- 'bucketNotificationConfiguration', 'awsS3BucketDetails_bucketNotificationConfiguration' - The notification configuration for the S3 bucket.
+--
+-- 'bucketVersioningConfiguration', 'awsS3BucketDetails_bucketVersioningConfiguration' - The versioning state of an S3 bucket.
+--
+-- 'bucketWebsiteConfiguration', 'awsS3BucketDetails_bucketWebsiteConfiguration' - The website configuration parameters for the S3 bucket.
+--
+-- 'createdAt', 'awsS3BucketDetails_createdAt' - Indicates when the S3 bucket was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'ownerAccountId', 'awsS3BucketDetails_ownerAccountId' - The Amazon Web Services account identifier of the account that owns the
+-- S3 bucket.
+--
+-- 'ownerId', 'awsS3BucketDetails_ownerId' - The canonical user ID of the owner of the S3 bucket.
+--
+-- 'ownerName', 'awsS3BucketDetails_ownerName' - The display name of the owner of the S3 bucket.
+--
+-- 'publicAccessBlockConfiguration', 'awsS3BucketDetails_publicAccessBlockConfiguration' - Provides information about the Amazon S3 Public Access Block
+-- configuration for the S3 bucket.
+--
+-- 'serverSideEncryptionConfiguration', 'awsS3BucketDetails_serverSideEncryptionConfiguration' - The encryption rules that are applied to the S3 bucket.
+newAwsS3BucketDetails ::
+  AwsS3BucketDetails
+newAwsS3BucketDetails =
+  AwsS3BucketDetails'
+    { accessControlList =
+        Prelude.Nothing,
+      bucketLifecycleConfiguration = Prelude.Nothing,
+      bucketLoggingConfiguration = Prelude.Nothing,
+      bucketNotificationConfiguration = Prelude.Nothing,
+      bucketVersioningConfiguration = Prelude.Nothing,
+      bucketWebsiteConfiguration = Prelude.Nothing,
+      createdAt = Prelude.Nothing,
+      ownerAccountId = Prelude.Nothing,
+      ownerId = Prelude.Nothing,
+      ownerName = Prelude.Nothing,
+      publicAccessBlockConfiguration = Prelude.Nothing,
+      serverSideEncryptionConfiguration = Prelude.Nothing
+    }
+
+-- | The access control list for the S3 bucket.
+awsS3BucketDetails_accessControlList :: Lens.Lens' AwsS3BucketDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketDetails_accessControlList = Lens.lens (\AwsS3BucketDetails' {accessControlList} -> accessControlList) (\s@AwsS3BucketDetails' {} a -> s {accessControlList = a} :: AwsS3BucketDetails)
+
+-- | The lifecycle configuration for objects in the S3 bucket.
+awsS3BucketDetails_bucketLifecycleConfiguration :: Lens.Lens' AwsS3BucketDetails (Prelude.Maybe AwsS3BucketBucketLifecycleConfigurationDetails)
+awsS3BucketDetails_bucketLifecycleConfiguration = Lens.lens (\AwsS3BucketDetails' {bucketLifecycleConfiguration} -> bucketLifecycleConfiguration) (\s@AwsS3BucketDetails' {} a -> s {bucketLifecycleConfiguration = a} :: AwsS3BucketDetails)
+
+-- | The logging configuration for the S3 bucket.
+awsS3BucketDetails_bucketLoggingConfiguration :: Lens.Lens' AwsS3BucketDetails (Prelude.Maybe AwsS3BucketLoggingConfiguration)
+awsS3BucketDetails_bucketLoggingConfiguration = Lens.lens (\AwsS3BucketDetails' {bucketLoggingConfiguration} -> bucketLoggingConfiguration) (\s@AwsS3BucketDetails' {} a -> s {bucketLoggingConfiguration = a} :: AwsS3BucketDetails)
+
+-- | The notification configuration for the S3 bucket.
+awsS3BucketDetails_bucketNotificationConfiguration :: Lens.Lens' AwsS3BucketDetails (Prelude.Maybe AwsS3BucketNotificationConfiguration)
+awsS3BucketDetails_bucketNotificationConfiguration = Lens.lens (\AwsS3BucketDetails' {bucketNotificationConfiguration} -> bucketNotificationConfiguration) (\s@AwsS3BucketDetails' {} a -> s {bucketNotificationConfiguration = a} :: AwsS3BucketDetails)
+
+-- | The versioning state of an S3 bucket.
+awsS3BucketDetails_bucketVersioningConfiguration :: Lens.Lens' AwsS3BucketDetails (Prelude.Maybe AwsS3BucketBucketVersioningConfiguration)
+awsS3BucketDetails_bucketVersioningConfiguration = Lens.lens (\AwsS3BucketDetails' {bucketVersioningConfiguration} -> bucketVersioningConfiguration) (\s@AwsS3BucketDetails' {} a -> s {bucketVersioningConfiguration = a} :: AwsS3BucketDetails)
+
+-- | The website configuration parameters for the S3 bucket.
+awsS3BucketDetails_bucketWebsiteConfiguration :: Lens.Lens' AwsS3BucketDetails (Prelude.Maybe AwsS3BucketWebsiteConfiguration)
+awsS3BucketDetails_bucketWebsiteConfiguration = Lens.lens (\AwsS3BucketDetails' {bucketWebsiteConfiguration} -> bucketWebsiteConfiguration) (\s@AwsS3BucketDetails' {} a -> s {bucketWebsiteConfiguration = a} :: AwsS3BucketDetails)
+
+-- | Indicates when the S3 bucket was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsS3BucketDetails_createdAt :: Lens.Lens' AwsS3BucketDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketDetails_createdAt = Lens.lens (\AwsS3BucketDetails' {createdAt} -> createdAt) (\s@AwsS3BucketDetails' {} a -> s {createdAt = a} :: AwsS3BucketDetails)
+
+-- | The Amazon Web Services account identifier of the account that owns the
+-- S3 bucket.
+awsS3BucketDetails_ownerAccountId :: Lens.Lens' AwsS3BucketDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketDetails_ownerAccountId = Lens.lens (\AwsS3BucketDetails' {ownerAccountId} -> ownerAccountId) (\s@AwsS3BucketDetails' {} a -> s {ownerAccountId = a} :: AwsS3BucketDetails)
+
+-- | The canonical user ID of the owner of the S3 bucket.
+awsS3BucketDetails_ownerId :: Lens.Lens' AwsS3BucketDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketDetails_ownerId = Lens.lens (\AwsS3BucketDetails' {ownerId} -> ownerId) (\s@AwsS3BucketDetails' {} a -> s {ownerId = a} :: AwsS3BucketDetails)
+
+-- | The display name of the owner of the S3 bucket.
+awsS3BucketDetails_ownerName :: Lens.Lens' AwsS3BucketDetails (Prelude.Maybe Prelude.Text)
+awsS3BucketDetails_ownerName = Lens.lens (\AwsS3BucketDetails' {ownerName} -> ownerName) (\s@AwsS3BucketDetails' {} a -> s {ownerName = a} :: AwsS3BucketDetails)
+
+-- | Provides information about the Amazon S3 Public Access Block
+-- configuration for the S3 bucket.
+awsS3BucketDetails_publicAccessBlockConfiguration :: Lens.Lens' AwsS3BucketDetails (Prelude.Maybe AwsS3AccountPublicAccessBlockDetails)
+awsS3BucketDetails_publicAccessBlockConfiguration = Lens.lens (\AwsS3BucketDetails' {publicAccessBlockConfiguration} -> publicAccessBlockConfiguration) (\s@AwsS3BucketDetails' {} a -> s {publicAccessBlockConfiguration = a} :: AwsS3BucketDetails)
+
+-- | The encryption rules that are applied to the S3 bucket.
+awsS3BucketDetails_serverSideEncryptionConfiguration :: Lens.Lens' AwsS3BucketDetails (Prelude.Maybe AwsS3BucketServerSideEncryptionConfiguration)
+awsS3BucketDetails_serverSideEncryptionConfiguration = Lens.lens (\AwsS3BucketDetails' {serverSideEncryptionConfiguration} -> serverSideEncryptionConfiguration) (\s@AwsS3BucketDetails' {} a -> s {serverSideEncryptionConfiguration = a} :: AwsS3BucketDetails)
+
+instance Data.FromJSON AwsS3BucketDetails where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketDetails"
+      ( \x ->
+          AwsS3BucketDetails'
+            Prelude.<$> (x Data..:? "AccessControlList")
+            Prelude.<*> (x Data..:? "BucketLifecycleConfiguration")
+            Prelude.<*> (x Data..:? "BucketLoggingConfiguration")
+            Prelude.<*> (x Data..:? "BucketNotificationConfiguration")
+            Prelude.<*> (x Data..:? "BucketVersioningConfiguration")
+            Prelude.<*> (x Data..:? "BucketWebsiteConfiguration")
+            Prelude.<*> (x Data..:? "CreatedAt")
+            Prelude.<*> (x Data..:? "OwnerAccountId")
+            Prelude.<*> (x Data..:? "OwnerId")
+            Prelude.<*> (x Data..:? "OwnerName")
+            Prelude.<*> (x Data..:? "PublicAccessBlockConfiguration")
+            Prelude.<*> (x Data..:? "ServerSideEncryptionConfiguration")
+      )
+
+instance Prelude.Hashable AwsS3BucketDetails where
+  hashWithSalt _salt AwsS3BucketDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` accessControlList
+      `Prelude.hashWithSalt` bucketLifecycleConfiguration
+      `Prelude.hashWithSalt` bucketLoggingConfiguration
+      `Prelude.hashWithSalt` bucketNotificationConfiguration
+      `Prelude.hashWithSalt` bucketVersioningConfiguration
+      `Prelude.hashWithSalt` bucketWebsiteConfiguration
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` ownerAccountId
+      `Prelude.hashWithSalt` ownerId
+      `Prelude.hashWithSalt` ownerName
+      `Prelude.hashWithSalt` publicAccessBlockConfiguration
+      `Prelude.hashWithSalt` serverSideEncryptionConfiguration
+
+instance Prelude.NFData AwsS3BucketDetails where
+  rnf AwsS3BucketDetails' {..} =
+    Prelude.rnf accessControlList
+      `Prelude.seq` Prelude.rnf bucketLifecycleConfiguration
+      `Prelude.seq` Prelude.rnf bucketLoggingConfiguration
+      `Prelude.seq` Prelude.rnf bucketNotificationConfiguration
+      `Prelude.seq` Prelude.rnf bucketVersioningConfiguration
+      `Prelude.seq` Prelude.rnf bucketWebsiteConfiguration
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf ownerAccountId
+      `Prelude.seq` Prelude.rnf ownerId
+      `Prelude.seq` Prelude.rnf ownerName
+      `Prelude.seq` Prelude.rnf publicAccessBlockConfiguration
+      `Prelude.seq` Prelude.rnf serverSideEncryptionConfiguration
+
+instance Data.ToJSON AwsS3BucketDetails where
+  toJSON AwsS3BucketDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AccessControlList" Data..=)
+              Prelude.<$> accessControlList,
+            ("BucketLifecycleConfiguration" Data..=)
+              Prelude.<$> bucketLifecycleConfiguration,
+            ("BucketLoggingConfiguration" Data..=)
+              Prelude.<$> bucketLoggingConfiguration,
+            ("BucketNotificationConfiguration" Data..=)
+              Prelude.<$> bucketNotificationConfiguration,
+            ("BucketVersioningConfiguration" Data..=)
+              Prelude.<$> bucketVersioningConfiguration,
+            ("BucketWebsiteConfiguration" Data..=)
+              Prelude.<$> bucketWebsiteConfiguration,
+            ("CreatedAt" Data..=) Prelude.<$> createdAt,
+            ("OwnerAccountId" Data..=)
+              Prelude.<$> ownerAccountId,
+            ("OwnerId" Data..=) Prelude.<$> ownerId,
+            ("OwnerName" Data..=) Prelude.<$> ownerName,
+            ("PublicAccessBlockConfiguration" Data..=)
+              Prelude.<$> publicAccessBlockConfiguration,
+            ("ServerSideEncryptionConfiguration" Data..=)
+              Prelude.<$> serverSideEncryptionConfiguration
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketLoggingConfiguration.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketLoggingConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketLoggingConfiguration.hs
@@ -0,0 +1,106 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketLoggingConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketLoggingConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about logging for the S3 bucket
+--
+-- /See:/ 'newAwsS3BucketLoggingConfiguration' smart constructor.
+data AwsS3BucketLoggingConfiguration = AwsS3BucketLoggingConfiguration'
+  { -- | The name of the S3 bucket where log files for the S3 bucket are stored.
+    destinationBucketName :: Prelude.Maybe Prelude.Text,
+    -- | The prefix added to log files for the S3 bucket.
+    logFilePrefix :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketLoggingConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'destinationBucketName', 'awsS3BucketLoggingConfiguration_destinationBucketName' - The name of the S3 bucket where log files for the S3 bucket are stored.
+--
+-- 'logFilePrefix', 'awsS3BucketLoggingConfiguration_logFilePrefix' - The prefix added to log files for the S3 bucket.
+newAwsS3BucketLoggingConfiguration ::
+  AwsS3BucketLoggingConfiguration
+newAwsS3BucketLoggingConfiguration =
+  AwsS3BucketLoggingConfiguration'
+    { destinationBucketName =
+        Prelude.Nothing,
+      logFilePrefix = Prelude.Nothing
+    }
+
+-- | The name of the S3 bucket where log files for the S3 bucket are stored.
+awsS3BucketLoggingConfiguration_destinationBucketName :: Lens.Lens' AwsS3BucketLoggingConfiguration (Prelude.Maybe Prelude.Text)
+awsS3BucketLoggingConfiguration_destinationBucketName = Lens.lens (\AwsS3BucketLoggingConfiguration' {destinationBucketName} -> destinationBucketName) (\s@AwsS3BucketLoggingConfiguration' {} a -> s {destinationBucketName = a} :: AwsS3BucketLoggingConfiguration)
+
+-- | The prefix added to log files for the S3 bucket.
+awsS3BucketLoggingConfiguration_logFilePrefix :: Lens.Lens' AwsS3BucketLoggingConfiguration (Prelude.Maybe Prelude.Text)
+awsS3BucketLoggingConfiguration_logFilePrefix = Lens.lens (\AwsS3BucketLoggingConfiguration' {logFilePrefix} -> logFilePrefix) (\s@AwsS3BucketLoggingConfiguration' {} a -> s {logFilePrefix = a} :: AwsS3BucketLoggingConfiguration)
+
+instance
+  Data.FromJSON
+    AwsS3BucketLoggingConfiguration
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketLoggingConfiguration"
+      ( \x ->
+          AwsS3BucketLoggingConfiguration'
+            Prelude.<$> (x Data..:? "DestinationBucketName")
+            Prelude.<*> (x Data..:? "LogFilePrefix")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketLoggingConfiguration
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketLoggingConfiguration' {..} =
+      _salt
+        `Prelude.hashWithSalt` destinationBucketName
+        `Prelude.hashWithSalt` logFilePrefix
+
+instance
+  Prelude.NFData
+    AwsS3BucketLoggingConfiguration
+  where
+  rnf AwsS3BucketLoggingConfiguration' {..} =
+    Prelude.rnf destinationBucketName
+      `Prelude.seq` Prelude.rnf logFilePrefix
+
+instance Data.ToJSON AwsS3BucketLoggingConfiguration where
+  toJSON AwsS3BucketLoggingConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DestinationBucketName" Data..=)
+              Prelude.<$> destinationBucketName,
+            ("LogFilePrefix" Data..=) Prelude.<$> logFilePrefix
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfiguration.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfiguration.hs
@@ -0,0 +1,99 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationDetail
+
+-- | The notification configuration for the S3 bucket.
+--
+-- /See:/ 'newAwsS3BucketNotificationConfiguration' smart constructor.
+data AwsS3BucketNotificationConfiguration = AwsS3BucketNotificationConfiguration'
+  { -- | Configurations for S3 bucket notifications.
+    configurations :: Prelude.Maybe [AwsS3BucketNotificationConfigurationDetail]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketNotificationConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'configurations', 'awsS3BucketNotificationConfiguration_configurations' - Configurations for S3 bucket notifications.
+newAwsS3BucketNotificationConfiguration ::
+  AwsS3BucketNotificationConfiguration
+newAwsS3BucketNotificationConfiguration =
+  AwsS3BucketNotificationConfiguration'
+    { configurations =
+        Prelude.Nothing
+    }
+
+-- | Configurations for S3 bucket notifications.
+awsS3BucketNotificationConfiguration_configurations :: Lens.Lens' AwsS3BucketNotificationConfiguration (Prelude.Maybe [AwsS3BucketNotificationConfigurationDetail])
+awsS3BucketNotificationConfiguration_configurations = Lens.lens (\AwsS3BucketNotificationConfiguration' {configurations} -> configurations) (\s@AwsS3BucketNotificationConfiguration' {} a -> s {configurations = a} :: AwsS3BucketNotificationConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsS3BucketNotificationConfiguration
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketNotificationConfiguration"
+      ( \x ->
+          AwsS3BucketNotificationConfiguration'
+            Prelude.<$> ( x
+                            Data..:? "Configurations"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketNotificationConfiguration
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketNotificationConfiguration' {..} =
+      _salt `Prelude.hashWithSalt` configurations
+
+instance
+  Prelude.NFData
+    AwsS3BucketNotificationConfiguration
+  where
+  rnf AwsS3BucketNotificationConfiguration' {..} =
+    Prelude.rnf configurations
+
+instance
+  Data.ToJSON
+    AwsS3BucketNotificationConfiguration
+  where
+  toJSON AwsS3BucketNotificationConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Configurations" Data..=)
+              Prelude.<$> configurations
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfigurationDetail.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfigurationDetail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfigurationDetail.hs
@@ -0,0 +1,163 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationDetail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationDetail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationFilter
+
+-- | Details for an S3 bucket notification configuration.
+--
+-- /See:/ 'newAwsS3BucketNotificationConfigurationDetail' smart constructor.
+data AwsS3BucketNotificationConfigurationDetail = AwsS3BucketNotificationConfigurationDetail'
+  { -- | The ARN of the Lambda function, Amazon SQS queue, or Amazon SNS topic
+    -- that generates the notification.
+    destination :: Prelude.Maybe Prelude.Text,
+    -- | The list of events that trigger a notification.
+    events :: Prelude.Maybe [Prelude.Text],
+    -- | The filters that determine which S3 buckets generate notifications.
+    filter' :: Prelude.Maybe AwsS3BucketNotificationConfigurationFilter,
+    -- | Indicates the type of notification. Notifications can be generated using
+    -- Lambda functions, Amazon SQS queues, or Amazon SNS topics, with
+    -- corresponding valid values as follows:
+    --
+    -- -   @LambdaConfiguration@
+    --
+    -- -   @QueueConfiguration@
+    --
+    -- -   @TopicConfiguration@
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketNotificationConfigurationDetail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'destination', 'awsS3BucketNotificationConfigurationDetail_destination' - The ARN of the Lambda function, Amazon SQS queue, or Amazon SNS topic
+-- that generates the notification.
+--
+-- 'events', 'awsS3BucketNotificationConfigurationDetail_events' - The list of events that trigger a notification.
+--
+-- 'filter'', 'awsS3BucketNotificationConfigurationDetail_filter' - The filters that determine which S3 buckets generate notifications.
+--
+-- 'type'', 'awsS3BucketNotificationConfigurationDetail_type' - Indicates the type of notification. Notifications can be generated using
+-- Lambda functions, Amazon SQS queues, or Amazon SNS topics, with
+-- corresponding valid values as follows:
+--
+-- -   @LambdaConfiguration@
+--
+-- -   @QueueConfiguration@
+--
+-- -   @TopicConfiguration@
+newAwsS3BucketNotificationConfigurationDetail ::
+  AwsS3BucketNotificationConfigurationDetail
+newAwsS3BucketNotificationConfigurationDetail =
+  AwsS3BucketNotificationConfigurationDetail'
+    { destination =
+        Prelude.Nothing,
+      events = Prelude.Nothing,
+      filter' = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The ARN of the Lambda function, Amazon SQS queue, or Amazon SNS topic
+-- that generates the notification.
+awsS3BucketNotificationConfigurationDetail_destination :: Lens.Lens' AwsS3BucketNotificationConfigurationDetail (Prelude.Maybe Prelude.Text)
+awsS3BucketNotificationConfigurationDetail_destination = Lens.lens (\AwsS3BucketNotificationConfigurationDetail' {destination} -> destination) (\s@AwsS3BucketNotificationConfigurationDetail' {} a -> s {destination = a} :: AwsS3BucketNotificationConfigurationDetail)
+
+-- | The list of events that trigger a notification.
+awsS3BucketNotificationConfigurationDetail_events :: Lens.Lens' AwsS3BucketNotificationConfigurationDetail (Prelude.Maybe [Prelude.Text])
+awsS3BucketNotificationConfigurationDetail_events = Lens.lens (\AwsS3BucketNotificationConfigurationDetail' {events} -> events) (\s@AwsS3BucketNotificationConfigurationDetail' {} a -> s {events = a} :: AwsS3BucketNotificationConfigurationDetail) Prelude.. Lens.mapping Lens.coerced
+
+-- | The filters that determine which S3 buckets generate notifications.
+awsS3BucketNotificationConfigurationDetail_filter :: Lens.Lens' AwsS3BucketNotificationConfigurationDetail (Prelude.Maybe AwsS3BucketNotificationConfigurationFilter)
+awsS3BucketNotificationConfigurationDetail_filter = Lens.lens (\AwsS3BucketNotificationConfigurationDetail' {filter'} -> filter') (\s@AwsS3BucketNotificationConfigurationDetail' {} a -> s {filter' = a} :: AwsS3BucketNotificationConfigurationDetail)
+
+-- | Indicates the type of notification. Notifications can be generated using
+-- Lambda functions, Amazon SQS queues, or Amazon SNS topics, with
+-- corresponding valid values as follows:
+--
+-- -   @LambdaConfiguration@
+--
+-- -   @QueueConfiguration@
+--
+-- -   @TopicConfiguration@
+awsS3BucketNotificationConfigurationDetail_type :: Lens.Lens' AwsS3BucketNotificationConfigurationDetail (Prelude.Maybe Prelude.Text)
+awsS3BucketNotificationConfigurationDetail_type = Lens.lens (\AwsS3BucketNotificationConfigurationDetail' {type'} -> type') (\s@AwsS3BucketNotificationConfigurationDetail' {} a -> s {type' = a} :: AwsS3BucketNotificationConfigurationDetail)
+
+instance
+  Data.FromJSON
+    AwsS3BucketNotificationConfigurationDetail
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketNotificationConfigurationDetail"
+      ( \x ->
+          AwsS3BucketNotificationConfigurationDetail'
+            Prelude.<$> (x Data..:? "Destination")
+            Prelude.<*> (x Data..:? "Events" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Filter")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketNotificationConfigurationDetail
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketNotificationConfigurationDetail' {..} =
+      _salt
+        `Prelude.hashWithSalt` destination
+        `Prelude.hashWithSalt` events
+        `Prelude.hashWithSalt` filter'
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsS3BucketNotificationConfigurationDetail
+  where
+  rnf AwsS3BucketNotificationConfigurationDetail' {..} =
+    Prelude.rnf destination
+      `Prelude.seq` Prelude.rnf events
+      `Prelude.seq` Prelude.rnf filter'
+      `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsS3BucketNotificationConfigurationDetail
+  where
+  toJSON
+    AwsS3BucketNotificationConfigurationDetail' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Destination" Data..=) Prelude.<$> destination,
+              ("Events" Data..=) Prelude.<$> events,
+              ("Filter" Data..=) Prelude.<$> filter',
+              ("Type" Data..=) Prelude.<$> type'
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfigurationFilter.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfigurationFilter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfigurationFilter.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationFilter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationFilter where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilter
+
+-- | Filtering information for the notifications. The filtering is based on
+-- Amazon S3 key names.
+--
+-- /See:/ 'newAwsS3BucketNotificationConfigurationFilter' smart constructor.
+data AwsS3BucketNotificationConfigurationFilter = AwsS3BucketNotificationConfigurationFilter'
+  { -- | Details for an Amazon S3 filter.
+    s3KeyFilter :: Prelude.Maybe AwsS3BucketNotificationConfigurationS3KeyFilter
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketNotificationConfigurationFilter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 's3KeyFilter', 'awsS3BucketNotificationConfigurationFilter_s3KeyFilter' - Details for an Amazon S3 filter.
+newAwsS3BucketNotificationConfigurationFilter ::
+  AwsS3BucketNotificationConfigurationFilter
+newAwsS3BucketNotificationConfigurationFilter =
+  AwsS3BucketNotificationConfigurationFilter'
+    { s3KeyFilter =
+        Prelude.Nothing
+    }
+
+-- | Details for an Amazon S3 filter.
+awsS3BucketNotificationConfigurationFilter_s3KeyFilter :: Lens.Lens' AwsS3BucketNotificationConfigurationFilter (Prelude.Maybe AwsS3BucketNotificationConfigurationS3KeyFilter)
+awsS3BucketNotificationConfigurationFilter_s3KeyFilter = Lens.lens (\AwsS3BucketNotificationConfigurationFilter' {s3KeyFilter} -> s3KeyFilter) (\s@AwsS3BucketNotificationConfigurationFilter' {} a -> s {s3KeyFilter = a} :: AwsS3BucketNotificationConfigurationFilter)
+
+instance
+  Data.FromJSON
+    AwsS3BucketNotificationConfigurationFilter
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketNotificationConfigurationFilter"
+      ( \x ->
+          AwsS3BucketNotificationConfigurationFilter'
+            Prelude.<$> (x Data..:? "S3KeyFilter")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketNotificationConfigurationFilter
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketNotificationConfigurationFilter' {..} =
+      _salt `Prelude.hashWithSalt` s3KeyFilter
+
+instance
+  Prelude.NFData
+    AwsS3BucketNotificationConfigurationFilter
+  where
+  rnf AwsS3BucketNotificationConfigurationFilter' {..} =
+    Prelude.rnf s3KeyFilter
+
+instance
+  Data.ToJSON
+    AwsS3BucketNotificationConfigurationFilter
+  where
+  toJSON
+    AwsS3BucketNotificationConfigurationFilter' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("S3KeyFilter" Data..=) Prelude.<$> s3KeyFilter]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfigurationS3KeyFilter.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfigurationS3KeyFilter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfigurationS3KeyFilter.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilter where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilterRule
+
+-- | Details for an Amazon S3 filter.
+--
+-- /See:/ 'newAwsS3BucketNotificationConfigurationS3KeyFilter' smart constructor.
+data AwsS3BucketNotificationConfigurationS3KeyFilter = AwsS3BucketNotificationConfigurationS3KeyFilter'
+  { -- | The filter rules for the filter.
+    filterRules :: Prelude.Maybe [AwsS3BucketNotificationConfigurationS3KeyFilterRule]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketNotificationConfigurationS3KeyFilter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filterRules', 'awsS3BucketNotificationConfigurationS3KeyFilter_filterRules' - The filter rules for the filter.
+newAwsS3BucketNotificationConfigurationS3KeyFilter ::
+  AwsS3BucketNotificationConfigurationS3KeyFilter
+newAwsS3BucketNotificationConfigurationS3KeyFilter =
+  AwsS3BucketNotificationConfigurationS3KeyFilter'
+    { filterRules =
+        Prelude.Nothing
+    }
+
+-- | The filter rules for the filter.
+awsS3BucketNotificationConfigurationS3KeyFilter_filterRules :: Lens.Lens' AwsS3BucketNotificationConfigurationS3KeyFilter (Prelude.Maybe [AwsS3BucketNotificationConfigurationS3KeyFilterRule])
+awsS3BucketNotificationConfigurationS3KeyFilter_filterRules = Lens.lens (\AwsS3BucketNotificationConfigurationS3KeyFilter' {filterRules} -> filterRules) (\s@AwsS3BucketNotificationConfigurationS3KeyFilter' {} a -> s {filterRules = a} :: AwsS3BucketNotificationConfigurationS3KeyFilter) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsS3BucketNotificationConfigurationS3KeyFilter
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketNotificationConfigurationS3KeyFilter"
+      ( \x ->
+          AwsS3BucketNotificationConfigurationS3KeyFilter'
+            Prelude.<$> (x Data..:? "FilterRules" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketNotificationConfigurationS3KeyFilter
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketNotificationConfigurationS3KeyFilter' {..} =
+      _salt `Prelude.hashWithSalt` filterRules
+
+instance
+  Prelude.NFData
+    AwsS3BucketNotificationConfigurationS3KeyFilter
+  where
+  rnf
+    AwsS3BucketNotificationConfigurationS3KeyFilter' {..} =
+      Prelude.rnf filterRules
+
+instance
+  Data.ToJSON
+    AwsS3BucketNotificationConfigurationS3KeyFilter
+  where
+  toJSON
+    AwsS3BucketNotificationConfigurationS3KeyFilter' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("FilterRules" Data..=) Prelude.<$> filterRules]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfigurationS3KeyFilterRule.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfigurationS3KeyFilterRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfigurationS3KeyFilterRule.hs
@@ -0,0 +1,114 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilterRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilterRule where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilterRuleName
+
+-- | Details for a filter rule.
+--
+-- /See:/ 'newAwsS3BucketNotificationConfigurationS3KeyFilterRule' smart constructor.
+data AwsS3BucketNotificationConfigurationS3KeyFilterRule = AwsS3BucketNotificationConfigurationS3KeyFilterRule'
+  { -- | Indicates whether the filter is based on the prefix or suffix of the
+    -- Amazon S3 key.
+    name :: Prelude.Maybe AwsS3BucketNotificationConfigurationS3KeyFilterRuleName,
+    -- | The filter value.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketNotificationConfigurationS3KeyFilterRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'awsS3BucketNotificationConfigurationS3KeyFilterRule_name' - Indicates whether the filter is based on the prefix or suffix of the
+-- Amazon S3 key.
+--
+-- 'value', 'awsS3BucketNotificationConfigurationS3KeyFilterRule_value' - The filter value.
+newAwsS3BucketNotificationConfigurationS3KeyFilterRule ::
+  AwsS3BucketNotificationConfigurationS3KeyFilterRule
+newAwsS3BucketNotificationConfigurationS3KeyFilterRule =
+  AwsS3BucketNotificationConfigurationS3KeyFilterRule'
+    { name =
+        Prelude.Nothing,
+      value =
+        Prelude.Nothing
+    }
+
+-- | Indicates whether the filter is based on the prefix or suffix of the
+-- Amazon S3 key.
+awsS3BucketNotificationConfigurationS3KeyFilterRule_name :: Lens.Lens' AwsS3BucketNotificationConfigurationS3KeyFilterRule (Prelude.Maybe AwsS3BucketNotificationConfigurationS3KeyFilterRuleName)
+awsS3BucketNotificationConfigurationS3KeyFilterRule_name = Lens.lens (\AwsS3BucketNotificationConfigurationS3KeyFilterRule' {name} -> name) (\s@AwsS3BucketNotificationConfigurationS3KeyFilterRule' {} a -> s {name = a} :: AwsS3BucketNotificationConfigurationS3KeyFilterRule)
+
+-- | The filter value.
+awsS3BucketNotificationConfigurationS3KeyFilterRule_value :: Lens.Lens' AwsS3BucketNotificationConfigurationS3KeyFilterRule (Prelude.Maybe Prelude.Text)
+awsS3BucketNotificationConfigurationS3KeyFilterRule_value = Lens.lens (\AwsS3BucketNotificationConfigurationS3KeyFilterRule' {value} -> value) (\s@AwsS3BucketNotificationConfigurationS3KeyFilterRule' {} a -> s {value = a} :: AwsS3BucketNotificationConfigurationS3KeyFilterRule)
+
+instance
+  Data.FromJSON
+    AwsS3BucketNotificationConfigurationS3KeyFilterRule
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketNotificationConfigurationS3KeyFilterRule"
+      ( \x ->
+          AwsS3BucketNotificationConfigurationS3KeyFilterRule'
+            Prelude.<$> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketNotificationConfigurationS3KeyFilterRule
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketNotificationConfigurationS3KeyFilterRule' {..} =
+      _salt
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    AwsS3BucketNotificationConfigurationS3KeyFilterRule
+  where
+  rnf
+    AwsS3BucketNotificationConfigurationS3KeyFilterRule' {..} =
+      Prelude.rnf name `Prelude.seq` Prelude.rnf value
+
+instance
+  Data.ToJSON
+    AwsS3BucketNotificationConfigurationS3KeyFilterRule
+  where
+  toJSON
+    AwsS3BucketNotificationConfigurationS3KeyFilterRule' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Name" Data..=) Prelude.<$> name,
+              ("Value" Data..=) Prelude.<$> value
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfigurationS3KeyFilterRuleName.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfigurationS3KeyFilterRuleName.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketNotificationConfigurationS3KeyFilterRuleName.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilterRuleName
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketNotificationConfigurationS3KeyFilterRuleName
+  ( AwsS3BucketNotificationConfigurationS3KeyFilterRuleName
+      ( ..,
+        AwsS3BucketNotificationConfigurationS3KeyFilterRuleName_Prefix,
+        AwsS3BucketNotificationConfigurationS3KeyFilterRuleName_Suffix
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype AwsS3BucketNotificationConfigurationS3KeyFilterRuleName = AwsS3BucketNotificationConfigurationS3KeyFilterRuleName'
+  { fromAwsS3BucketNotificationConfigurationS3KeyFilterRuleName ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern AwsS3BucketNotificationConfigurationS3KeyFilterRuleName_Prefix :: AwsS3BucketNotificationConfigurationS3KeyFilterRuleName
+pattern AwsS3BucketNotificationConfigurationS3KeyFilterRuleName_Prefix = AwsS3BucketNotificationConfigurationS3KeyFilterRuleName' "Prefix"
+
+pattern AwsS3BucketNotificationConfigurationS3KeyFilterRuleName_Suffix :: AwsS3BucketNotificationConfigurationS3KeyFilterRuleName
+pattern AwsS3BucketNotificationConfigurationS3KeyFilterRuleName_Suffix = AwsS3BucketNotificationConfigurationS3KeyFilterRuleName' "Suffix"
+
+{-# COMPLETE
+  AwsS3BucketNotificationConfigurationS3KeyFilterRuleName_Prefix,
+  AwsS3BucketNotificationConfigurationS3KeyFilterRuleName_Suffix,
+  AwsS3BucketNotificationConfigurationS3KeyFilterRuleName'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketServerSideEncryptionByDefault.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketServerSideEncryptionByDefault.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketServerSideEncryptionByDefault.hs
@@ -0,0 +1,113 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionByDefault
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionByDefault where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies the default server-side encryption to apply to new objects in
+-- the bucket.
+--
+-- /See:/ 'newAwsS3BucketServerSideEncryptionByDefault' smart constructor.
+data AwsS3BucketServerSideEncryptionByDefault = AwsS3BucketServerSideEncryptionByDefault'
+  { -- | KMS key ID to use for the default encryption.
+    kmsMasterKeyID :: Prelude.Maybe Prelude.Text,
+    -- | Server-side encryption algorithm to use for the default encryption.
+    -- Valid values are @aws: kms@ or @AES256@.
+    sSEAlgorithm :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketServerSideEncryptionByDefault' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'kmsMasterKeyID', 'awsS3BucketServerSideEncryptionByDefault_kmsMasterKeyID' - KMS key ID to use for the default encryption.
+--
+-- 'sSEAlgorithm', 'awsS3BucketServerSideEncryptionByDefault_sSEAlgorithm' - Server-side encryption algorithm to use for the default encryption.
+-- Valid values are @aws: kms@ or @AES256@.
+newAwsS3BucketServerSideEncryptionByDefault ::
+  AwsS3BucketServerSideEncryptionByDefault
+newAwsS3BucketServerSideEncryptionByDefault =
+  AwsS3BucketServerSideEncryptionByDefault'
+    { kmsMasterKeyID =
+        Prelude.Nothing,
+      sSEAlgorithm = Prelude.Nothing
+    }
+
+-- | KMS key ID to use for the default encryption.
+awsS3BucketServerSideEncryptionByDefault_kmsMasterKeyID :: Lens.Lens' AwsS3BucketServerSideEncryptionByDefault (Prelude.Maybe Prelude.Text)
+awsS3BucketServerSideEncryptionByDefault_kmsMasterKeyID = Lens.lens (\AwsS3BucketServerSideEncryptionByDefault' {kmsMasterKeyID} -> kmsMasterKeyID) (\s@AwsS3BucketServerSideEncryptionByDefault' {} a -> s {kmsMasterKeyID = a} :: AwsS3BucketServerSideEncryptionByDefault)
+
+-- | Server-side encryption algorithm to use for the default encryption.
+-- Valid values are @aws: kms@ or @AES256@.
+awsS3BucketServerSideEncryptionByDefault_sSEAlgorithm :: Lens.Lens' AwsS3BucketServerSideEncryptionByDefault (Prelude.Maybe Prelude.Text)
+awsS3BucketServerSideEncryptionByDefault_sSEAlgorithm = Lens.lens (\AwsS3BucketServerSideEncryptionByDefault' {sSEAlgorithm} -> sSEAlgorithm) (\s@AwsS3BucketServerSideEncryptionByDefault' {} a -> s {sSEAlgorithm = a} :: AwsS3BucketServerSideEncryptionByDefault)
+
+instance
+  Data.FromJSON
+    AwsS3BucketServerSideEncryptionByDefault
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketServerSideEncryptionByDefault"
+      ( \x ->
+          AwsS3BucketServerSideEncryptionByDefault'
+            Prelude.<$> (x Data..:? "KMSMasterKeyID")
+            Prelude.<*> (x Data..:? "SSEAlgorithm")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketServerSideEncryptionByDefault
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketServerSideEncryptionByDefault' {..} =
+      _salt
+        `Prelude.hashWithSalt` kmsMasterKeyID
+        `Prelude.hashWithSalt` sSEAlgorithm
+
+instance
+  Prelude.NFData
+    AwsS3BucketServerSideEncryptionByDefault
+  where
+  rnf AwsS3BucketServerSideEncryptionByDefault' {..} =
+    Prelude.rnf kmsMasterKeyID
+      `Prelude.seq` Prelude.rnf sSEAlgorithm
+
+instance
+  Data.ToJSON
+    AwsS3BucketServerSideEncryptionByDefault
+  where
+  toJSON AwsS3BucketServerSideEncryptionByDefault' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("KMSMasterKeyID" Data..=)
+              Prelude.<$> kmsMasterKeyID,
+            ("SSEAlgorithm" Data..=) Prelude.<$> sSEAlgorithm
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketServerSideEncryptionConfiguration.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketServerSideEncryptionConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketServerSideEncryptionConfiguration.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionRule
+
+-- | The encryption configuration for the S3 bucket.
+--
+-- /See:/ 'newAwsS3BucketServerSideEncryptionConfiguration' smart constructor.
+data AwsS3BucketServerSideEncryptionConfiguration = AwsS3BucketServerSideEncryptionConfiguration'
+  { -- | The encryption rules that are applied to the S3 bucket.
+    rules :: Prelude.Maybe [AwsS3BucketServerSideEncryptionRule]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketServerSideEncryptionConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'rules', 'awsS3BucketServerSideEncryptionConfiguration_rules' - The encryption rules that are applied to the S3 bucket.
+newAwsS3BucketServerSideEncryptionConfiguration ::
+  AwsS3BucketServerSideEncryptionConfiguration
+newAwsS3BucketServerSideEncryptionConfiguration =
+  AwsS3BucketServerSideEncryptionConfiguration'
+    { rules =
+        Prelude.Nothing
+    }
+
+-- | The encryption rules that are applied to the S3 bucket.
+awsS3BucketServerSideEncryptionConfiguration_rules :: Lens.Lens' AwsS3BucketServerSideEncryptionConfiguration (Prelude.Maybe [AwsS3BucketServerSideEncryptionRule])
+awsS3BucketServerSideEncryptionConfiguration_rules = Lens.lens (\AwsS3BucketServerSideEncryptionConfiguration' {rules} -> rules) (\s@AwsS3BucketServerSideEncryptionConfiguration' {} a -> s {rules = a} :: AwsS3BucketServerSideEncryptionConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsS3BucketServerSideEncryptionConfiguration
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketServerSideEncryptionConfiguration"
+      ( \x ->
+          AwsS3BucketServerSideEncryptionConfiguration'
+            Prelude.<$> (x Data..:? "Rules" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketServerSideEncryptionConfiguration
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketServerSideEncryptionConfiguration' {..} =
+      _salt `Prelude.hashWithSalt` rules
+
+instance
+  Prelude.NFData
+    AwsS3BucketServerSideEncryptionConfiguration
+  where
+  rnf AwsS3BucketServerSideEncryptionConfiguration' {..} =
+    Prelude.rnf rules
+
+instance
+  Data.ToJSON
+    AwsS3BucketServerSideEncryptionConfiguration
+  where
+  toJSON
+    AwsS3BucketServerSideEncryptionConfiguration' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Rules" Data..=) Prelude.<$> rules]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketServerSideEncryptionRule.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketServerSideEncryptionRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketServerSideEncryptionRule.hs
@@ -0,0 +1,103 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionRule where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsS3BucketServerSideEncryptionByDefault
+
+-- | An encryption rule to apply to the S3 bucket.
+--
+-- /See:/ 'newAwsS3BucketServerSideEncryptionRule' smart constructor.
+data AwsS3BucketServerSideEncryptionRule = AwsS3BucketServerSideEncryptionRule'
+  { -- | Specifies the default server-side encryption to apply to new objects in
+    -- the bucket. If a @PUT@ object request doesn\'t specify any server-side
+    -- encryption, this default encryption is applied.
+    applyServerSideEncryptionByDefault :: Prelude.Maybe AwsS3BucketServerSideEncryptionByDefault
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketServerSideEncryptionRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'applyServerSideEncryptionByDefault', 'awsS3BucketServerSideEncryptionRule_applyServerSideEncryptionByDefault' - Specifies the default server-side encryption to apply to new objects in
+-- the bucket. If a @PUT@ object request doesn\'t specify any server-side
+-- encryption, this default encryption is applied.
+newAwsS3BucketServerSideEncryptionRule ::
+  AwsS3BucketServerSideEncryptionRule
+newAwsS3BucketServerSideEncryptionRule =
+  AwsS3BucketServerSideEncryptionRule'
+    { applyServerSideEncryptionByDefault =
+        Prelude.Nothing
+    }
+
+-- | Specifies the default server-side encryption to apply to new objects in
+-- the bucket. If a @PUT@ object request doesn\'t specify any server-side
+-- encryption, this default encryption is applied.
+awsS3BucketServerSideEncryptionRule_applyServerSideEncryptionByDefault :: Lens.Lens' AwsS3BucketServerSideEncryptionRule (Prelude.Maybe AwsS3BucketServerSideEncryptionByDefault)
+awsS3BucketServerSideEncryptionRule_applyServerSideEncryptionByDefault = Lens.lens (\AwsS3BucketServerSideEncryptionRule' {applyServerSideEncryptionByDefault} -> applyServerSideEncryptionByDefault) (\s@AwsS3BucketServerSideEncryptionRule' {} a -> s {applyServerSideEncryptionByDefault = a} :: AwsS3BucketServerSideEncryptionRule)
+
+instance
+  Data.FromJSON
+    AwsS3BucketServerSideEncryptionRule
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketServerSideEncryptionRule"
+      ( \x ->
+          AwsS3BucketServerSideEncryptionRule'
+            Prelude.<$> (x Data..:? "ApplyServerSideEncryptionByDefault")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketServerSideEncryptionRule
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketServerSideEncryptionRule' {..} =
+      _salt
+        `Prelude.hashWithSalt` applyServerSideEncryptionByDefault
+
+instance
+  Prelude.NFData
+    AwsS3BucketServerSideEncryptionRule
+  where
+  rnf AwsS3BucketServerSideEncryptionRule' {..} =
+    Prelude.rnf applyServerSideEncryptionByDefault
+
+instance
+  Data.ToJSON
+    AwsS3BucketServerSideEncryptionRule
+  where
+  toJSON AwsS3BucketServerSideEncryptionRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ApplyServerSideEncryptionByDefault" Data..=)
+              Prelude.<$> applyServerSideEncryptionByDefault
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketWebsiteConfiguration.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketWebsiteConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketWebsiteConfiguration.hs
@@ -0,0 +1,135 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRedirectTo
+import Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRule
+
+-- | Website parameters for the S3 bucket.
+--
+-- /See:/ 'newAwsS3BucketWebsiteConfiguration' smart constructor.
+data AwsS3BucketWebsiteConfiguration = AwsS3BucketWebsiteConfiguration'
+  { -- | The name of the error document for the website.
+    errorDocument :: Prelude.Maybe Prelude.Text,
+    -- | The name of the index document for the website.
+    indexDocumentSuffix :: Prelude.Maybe Prelude.Text,
+    -- | The redirect behavior for requests to the website.
+    redirectAllRequestsTo :: Prelude.Maybe AwsS3BucketWebsiteConfigurationRedirectTo,
+    -- | The rules for applying redirects for requests to the website.
+    routingRules :: Prelude.Maybe [AwsS3BucketWebsiteConfigurationRoutingRule]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketWebsiteConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'errorDocument', 'awsS3BucketWebsiteConfiguration_errorDocument' - The name of the error document for the website.
+--
+-- 'indexDocumentSuffix', 'awsS3BucketWebsiteConfiguration_indexDocumentSuffix' - The name of the index document for the website.
+--
+-- 'redirectAllRequestsTo', 'awsS3BucketWebsiteConfiguration_redirectAllRequestsTo' - The redirect behavior for requests to the website.
+--
+-- 'routingRules', 'awsS3BucketWebsiteConfiguration_routingRules' - The rules for applying redirects for requests to the website.
+newAwsS3BucketWebsiteConfiguration ::
+  AwsS3BucketWebsiteConfiguration
+newAwsS3BucketWebsiteConfiguration =
+  AwsS3BucketWebsiteConfiguration'
+    { errorDocument =
+        Prelude.Nothing,
+      indexDocumentSuffix = Prelude.Nothing,
+      redirectAllRequestsTo = Prelude.Nothing,
+      routingRules = Prelude.Nothing
+    }
+
+-- | The name of the error document for the website.
+awsS3BucketWebsiteConfiguration_errorDocument :: Lens.Lens' AwsS3BucketWebsiteConfiguration (Prelude.Maybe Prelude.Text)
+awsS3BucketWebsiteConfiguration_errorDocument = Lens.lens (\AwsS3BucketWebsiteConfiguration' {errorDocument} -> errorDocument) (\s@AwsS3BucketWebsiteConfiguration' {} a -> s {errorDocument = a} :: AwsS3BucketWebsiteConfiguration)
+
+-- | The name of the index document for the website.
+awsS3BucketWebsiteConfiguration_indexDocumentSuffix :: Lens.Lens' AwsS3BucketWebsiteConfiguration (Prelude.Maybe Prelude.Text)
+awsS3BucketWebsiteConfiguration_indexDocumentSuffix = Lens.lens (\AwsS3BucketWebsiteConfiguration' {indexDocumentSuffix} -> indexDocumentSuffix) (\s@AwsS3BucketWebsiteConfiguration' {} a -> s {indexDocumentSuffix = a} :: AwsS3BucketWebsiteConfiguration)
+
+-- | The redirect behavior for requests to the website.
+awsS3BucketWebsiteConfiguration_redirectAllRequestsTo :: Lens.Lens' AwsS3BucketWebsiteConfiguration (Prelude.Maybe AwsS3BucketWebsiteConfigurationRedirectTo)
+awsS3BucketWebsiteConfiguration_redirectAllRequestsTo = Lens.lens (\AwsS3BucketWebsiteConfiguration' {redirectAllRequestsTo} -> redirectAllRequestsTo) (\s@AwsS3BucketWebsiteConfiguration' {} a -> s {redirectAllRequestsTo = a} :: AwsS3BucketWebsiteConfiguration)
+
+-- | The rules for applying redirects for requests to the website.
+awsS3BucketWebsiteConfiguration_routingRules :: Lens.Lens' AwsS3BucketWebsiteConfiguration (Prelude.Maybe [AwsS3BucketWebsiteConfigurationRoutingRule])
+awsS3BucketWebsiteConfiguration_routingRules = Lens.lens (\AwsS3BucketWebsiteConfiguration' {routingRules} -> routingRules) (\s@AwsS3BucketWebsiteConfiguration' {} a -> s {routingRules = a} :: AwsS3BucketWebsiteConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsS3BucketWebsiteConfiguration
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketWebsiteConfiguration"
+      ( \x ->
+          AwsS3BucketWebsiteConfiguration'
+            Prelude.<$> (x Data..:? "ErrorDocument")
+            Prelude.<*> (x Data..:? "IndexDocumentSuffix")
+            Prelude.<*> (x Data..:? "RedirectAllRequestsTo")
+            Prelude.<*> (x Data..:? "RoutingRules" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketWebsiteConfiguration
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketWebsiteConfiguration' {..} =
+      _salt
+        `Prelude.hashWithSalt` errorDocument
+        `Prelude.hashWithSalt` indexDocumentSuffix
+        `Prelude.hashWithSalt` redirectAllRequestsTo
+        `Prelude.hashWithSalt` routingRules
+
+instance
+  Prelude.NFData
+    AwsS3BucketWebsiteConfiguration
+  where
+  rnf AwsS3BucketWebsiteConfiguration' {..} =
+    Prelude.rnf errorDocument
+      `Prelude.seq` Prelude.rnf indexDocumentSuffix
+      `Prelude.seq` Prelude.rnf redirectAllRequestsTo
+      `Prelude.seq` Prelude.rnf routingRules
+
+instance Data.ToJSON AwsS3BucketWebsiteConfiguration where
+  toJSON AwsS3BucketWebsiteConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ErrorDocument" Data..=) Prelude.<$> errorDocument,
+            ("IndexDocumentSuffix" Data..=)
+              Prelude.<$> indexDocumentSuffix,
+            ("RedirectAllRequestsTo" Data..=)
+              Prelude.<$> redirectAllRequestsTo,
+            ("RoutingRules" Data..=) Prelude.<$> routingRules
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketWebsiteConfigurationRedirectTo.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketWebsiteConfigurationRedirectTo.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketWebsiteConfigurationRedirectTo.hs
@@ -0,0 +1,114 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRedirectTo
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRedirectTo where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The redirect behavior for requests to the website.
+--
+-- /See:/ 'newAwsS3BucketWebsiteConfigurationRedirectTo' smart constructor.
+data AwsS3BucketWebsiteConfigurationRedirectTo = AwsS3BucketWebsiteConfigurationRedirectTo'
+  { -- | The name of the host to redirect requests to.
+    hostname :: Prelude.Maybe Prelude.Text,
+    -- | The protocol to use when redirecting requests. By default, this field
+    -- uses the same protocol as the original request. Valid values are @http@
+    -- or @https@.
+    protocol :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketWebsiteConfigurationRedirectTo' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'hostname', 'awsS3BucketWebsiteConfigurationRedirectTo_hostname' - The name of the host to redirect requests to.
+--
+-- 'protocol', 'awsS3BucketWebsiteConfigurationRedirectTo_protocol' - The protocol to use when redirecting requests. By default, this field
+-- uses the same protocol as the original request. Valid values are @http@
+-- or @https@.
+newAwsS3BucketWebsiteConfigurationRedirectTo ::
+  AwsS3BucketWebsiteConfigurationRedirectTo
+newAwsS3BucketWebsiteConfigurationRedirectTo =
+  AwsS3BucketWebsiteConfigurationRedirectTo'
+    { hostname =
+        Prelude.Nothing,
+      protocol = Prelude.Nothing
+    }
+
+-- | The name of the host to redirect requests to.
+awsS3BucketWebsiteConfigurationRedirectTo_hostname :: Lens.Lens' AwsS3BucketWebsiteConfigurationRedirectTo (Prelude.Maybe Prelude.Text)
+awsS3BucketWebsiteConfigurationRedirectTo_hostname = Lens.lens (\AwsS3BucketWebsiteConfigurationRedirectTo' {hostname} -> hostname) (\s@AwsS3BucketWebsiteConfigurationRedirectTo' {} a -> s {hostname = a} :: AwsS3BucketWebsiteConfigurationRedirectTo)
+
+-- | The protocol to use when redirecting requests. By default, this field
+-- uses the same protocol as the original request. Valid values are @http@
+-- or @https@.
+awsS3BucketWebsiteConfigurationRedirectTo_protocol :: Lens.Lens' AwsS3BucketWebsiteConfigurationRedirectTo (Prelude.Maybe Prelude.Text)
+awsS3BucketWebsiteConfigurationRedirectTo_protocol = Lens.lens (\AwsS3BucketWebsiteConfigurationRedirectTo' {protocol} -> protocol) (\s@AwsS3BucketWebsiteConfigurationRedirectTo' {} a -> s {protocol = a} :: AwsS3BucketWebsiteConfigurationRedirectTo)
+
+instance
+  Data.FromJSON
+    AwsS3BucketWebsiteConfigurationRedirectTo
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketWebsiteConfigurationRedirectTo"
+      ( \x ->
+          AwsS3BucketWebsiteConfigurationRedirectTo'
+            Prelude.<$> (x Data..:? "Hostname")
+            Prelude.<*> (x Data..:? "Protocol")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketWebsiteConfigurationRedirectTo
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketWebsiteConfigurationRedirectTo' {..} =
+      _salt
+        `Prelude.hashWithSalt` hostname
+        `Prelude.hashWithSalt` protocol
+
+instance
+  Prelude.NFData
+    AwsS3BucketWebsiteConfigurationRedirectTo
+  where
+  rnf AwsS3BucketWebsiteConfigurationRedirectTo' {..} =
+    Prelude.rnf hostname
+      `Prelude.seq` Prelude.rnf protocol
+
+instance
+  Data.ToJSON
+    AwsS3BucketWebsiteConfigurationRedirectTo
+  where
+  toJSON AwsS3BucketWebsiteConfigurationRedirectTo' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Hostname" Data..=) Prelude.<$> hostname,
+            ("Protocol" Data..=) Prelude.<$> protocol
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketWebsiteConfigurationRoutingRule.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketWebsiteConfigurationRoutingRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketWebsiteConfigurationRoutingRule.hs
@@ -0,0 +1,117 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRule where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRuleCondition
+import Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRuleRedirect
+
+-- | A rule for redirecting requests to the website.
+--
+-- /See:/ 'newAwsS3BucketWebsiteConfigurationRoutingRule' smart constructor.
+data AwsS3BucketWebsiteConfigurationRoutingRule = AwsS3BucketWebsiteConfigurationRoutingRule'
+  { -- | Provides the condition that must be met in order to apply the routing
+    -- rule.
+    condition :: Prelude.Maybe AwsS3BucketWebsiteConfigurationRoutingRuleCondition,
+    -- | Provides the rules to redirect the request if the condition in
+    -- @Condition@ is met.
+    redirect :: Prelude.Maybe AwsS3BucketWebsiteConfigurationRoutingRuleRedirect
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketWebsiteConfigurationRoutingRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'condition', 'awsS3BucketWebsiteConfigurationRoutingRule_condition' - Provides the condition that must be met in order to apply the routing
+-- rule.
+--
+-- 'redirect', 'awsS3BucketWebsiteConfigurationRoutingRule_redirect' - Provides the rules to redirect the request if the condition in
+-- @Condition@ is met.
+newAwsS3BucketWebsiteConfigurationRoutingRule ::
+  AwsS3BucketWebsiteConfigurationRoutingRule
+newAwsS3BucketWebsiteConfigurationRoutingRule =
+  AwsS3BucketWebsiteConfigurationRoutingRule'
+    { condition =
+        Prelude.Nothing,
+      redirect = Prelude.Nothing
+    }
+
+-- | Provides the condition that must be met in order to apply the routing
+-- rule.
+awsS3BucketWebsiteConfigurationRoutingRule_condition :: Lens.Lens' AwsS3BucketWebsiteConfigurationRoutingRule (Prelude.Maybe AwsS3BucketWebsiteConfigurationRoutingRuleCondition)
+awsS3BucketWebsiteConfigurationRoutingRule_condition = Lens.lens (\AwsS3BucketWebsiteConfigurationRoutingRule' {condition} -> condition) (\s@AwsS3BucketWebsiteConfigurationRoutingRule' {} a -> s {condition = a} :: AwsS3BucketWebsiteConfigurationRoutingRule)
+
+-- | Provides the rules to redirect the request if the condition in
+-- @Condition@ is met.
+awsS3BucketWebsiteConfigurationRoutingRule_redirect :: Lens.Lens' AwsS3BucketWebsiteConfigurationRoutingRule (Prelude.Maybe AwsS3BucketWebsiteConfigurationRoutingRuleRedirect)
+awsS3BucketWebsiteConfigurationRoutingRule_redirect = Lens.lens (\AwsS3BucketWebsiteConfigurationRoutingRule' {redirect} -> redirect) (\s@AwsS3BucketWebsiteConfigurationRoutingRule' {} a -> s {redirect = a} :: AwsS3BucketWebsiteConfigurationRoutingRule)
+
+instance
+  Data.FromJSON
+    AwsS3BucketWebsiteConfigurationRoutingRule
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketWebsiteConfigurationRoutingRule"
+      ( \x ->
+          AwsS3BucketWebsiteConfigurationRoutingRule'
+            Prelude.<$> (x Data..:? "Condition")
+            Prelude.<*> (x Data..:? "Redirect")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketWebsiteConfigurationRoutingRule
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketWebsiteConfigurationRoutingRule' {..} =
+      _salt
+        `Prelude.hashWithSalt` condition
+        `Prelude.hashWithSalt` redirect
+
+instance
+  Prelude.NFData
+    AwsS3BucketWebsiteConfigurationRoutingRule
+  where
+  rnf AwsS3BucketWebsiteConfigurationRoutingRule' {..} =
+    Prelude.rnf condition
+      `Prelude.seq` Prelude.rnf redirect
+
+instance
+  Data.ToJSON
+    AwsS3BucketWebsiteConfigurationRoutingRule
+  where
+  toJSON
+    AwsS3BucketWebsiteConfigurationRoutingRule' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Condition" Data..=) Prelude.<$> condition,
+              ("Redirect" Data..=) Prelude.<$> redirect
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketWebsiteConfigurationRoutingRuleCondition.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketWebsiteConfigurationRoutingRuleCondition.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketWebsiteConfigurationRoutingRuleCondition.hs
@@ -0,0 +1,116 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRuleCondition
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRuleCondition where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The condition that must be met in order to apply the routing rule.
+--
+-- /See:/ 'newAwsS3BucketWebsiteConfigurationRoutingRuleCondition' smart constructor.
+data AwsS3BucketWebsiteConfigurationRoutingRuleCondition = AwsS3BucketWebsiteConfigurationRoutingRuleCondition'
+  { -- | Indicates to redirect the request if the HTTP error code matches this
+    -- value.
+    httpErrorCodeReturnedEquals :: Prelude.Maybe Prelude.Text,
+    -- | Indicates to redirect the request if the key prefix matches this value.
+    keyPrefixEquals :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketWebsiteConfigurationRoutingRuleCondition' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpErrorCodeReturnedEquals', 'awsS3BucketWebsiteConfigurationRoutingRuleCondition_httpErrorCodeReturnedEquals' - Indicates to redirect the request if the HTTP error code matches this
+-- value.
+--
+-- 'keyPrefixEquals', 'awsS3BucketWebsiteConfigurationRoutingRuleCondition_keyPrefixEquals' - Indicates to redirect the request if the key prefix matches this value.
+newAwsS3BucketWebsiteConfigurationRoutingRuleCondition ::
+  AwsS3BucketWebsiteConfigurationRoutingRuleCondition
+newAwsS3BucketWebsiteConfigurationRoutingRuleCondition =
+  AwsS3BucketWebsiteConfigurationRoutingRuleCondition'
+    { httpErrorCodeReturnedEquals =
+        Prelude.Nothing,
+      keyPrefixEquals =
+        Prelude.Nothing
+    }
+
+-- | Indicates to redirect the request if the HTTP error code matches this
+-- value.
+awsS3BucketWebsiteConfigurationRoutingRuleCondition_httpErrorCodeReturnedEquals :: Lens.Lens' AwsS3BucketWebsiteConfigurationRoutingRuleCondition (Prelude.Maybe Prelude.Text)
+awsS3BucketWebsiteConfigurationRoutingRuleCondition_httpErrorCodeReturnedEquals = Lens.lens (\AwsS3BucketWebsiteConfigurationRoutingRuleCondition' {httpErrorCodeReturnedEquals} -> httpErrorCodeReturnedEquals) (\s@AwsS3BucketWebsiteConfigurationRoutingRuleCondition' {} a -> s {httpErrorCodeReturnedEquals = a} :: AwsS3BucketWebsiteConfigurationRoutingRuleCondition)
+
+-- | Indicates to redirect the request if the key prefix matches this value.
+awsS3BucketWebsiteConfigurationRoutingRuleCondition_keyPrefixEquals :: Lens.Lens' AwsS3BucketWebsiteConfigurationRoutingRuleCondition (Prelude.Maybe Prelude.Text)
+awsS3BucketWebsiteConfigurationRoutingRuleCondition_keyPrefixEquals = Lens.lens (\AwsS3BucketWebsiteConfigurationRoutingRuleCondition' {keyPrefixEquals} -> keyPrefixEquals) (\s@AwsS3BucketWebsiteConfigurationRoutingRuleCondition' {} a -> s {keyPrefixEquals = a} :: AwsS3BucketWebsiteConfigurationRoutingRuleCondition)
+
+instance
+  Data.FromJSON
+    AwsS3BucketWebsiteConfigurationRoutingRuleCondition
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketWebsiteConfigurationRoutingRuleCondition"
+      ( \x ->
+          AwsS3BucketWebsiteConfigurationRoutingRuleCondition'
+            Prelude.<$> (x Data..:? "HttpErrorCodeReturnedEquals")
+            Prelude.<*> (x Data..:? "KeyPrefixEquals")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketWebsiteConfigurationRoutingRuleCondition
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketWebsiteConfigurationRoutingRuleCondition' {..} =
+      _salt
+        `Prelude.hashWithSalt` httpErrorCodeReturnedEquals
+        `Prelude.hashWithSalt` keyPrefixEquals
+
+instance
+  Prelude.NFData
+    AwsS3BucketWebsiteConfigurationRoutingRuleCondition
+  where
+  rnf
+    AwsS3BucketWebsiteConfigurationRoutingRuleCondition' {..} =
+      Prelude.rnf httpErrorCodeReturnedEquals
+        `Prelude.seq` Prelude.rnf keyPrefixEquals
+
+instance
+  Data.ToJSON
+    AwsS3BucketWebsiteConfigurationRoutingRuleCondition
+  where
+  toJSON
+    AwsS3BucketWebsiteConfigurationRoutingRuleCondition' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("HttpErrorCodeReturnedEquals" Data..=)
+                Prelude.<$> httpErrorCodeReturnedEquals,
+              ("KeyPrefixEquals" Data..=)
+                Prelude.<$> keyPrefixEquals
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3BucketWebsiteConfigurationRoutingRuleRedirect.hs b/gen/Amazonka/SecurityHub/Types/AwsS3BucketWebsiteConfigurationRoutingRuleRedirect.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3BucketWebsiteConfigurationRoutingRuleRedirect.hs
@@ -0,0 +1,172 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRuleRedirect
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3BucketWebsiteConfigurationRoutingRuleRedirect where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The rules to redirect the request if the condition in @Condition@ is
+-- met.
+--
+-- /See:/ 'newAwsS3BucketWebsiteConfigurationRoutingRuleRedirect' smart constructor.
+data AwsS3BucketWebsiteConfigurationRoutingRuleRedirect = AwsS3BucketWebsiteConfigurationRoutingRuleRedirect'
+  { -- | The host name to use in the redirect request.
+    hostname :: Prelude.Maybe Prelude.Text,
+    -- | The HTTP redirect code to use in the response.
+    httpRedirectCode :: Prelude.Maybe Prelude.Text,
+    -- | The protocol to use to redirect the request. By default, uses the
+    -- protocol from the original request.
+    protocol :: Prelude.Maybe Prelude.Text,
+    -- | The object key prefix to use in the redirect request.
+    --
+    -- Cannot be provided if @ReplaceKeyWith@ is present.
+    replaceKeyPrefixWith :: Prelude.Maybe Prelude.Text,
+    -- | The specific object key to use in the redirect request.
+    --
+    -- Cannot be provided if @ReplaceKeyPrefixWith@ is present.
+    replaceKeyWith :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3BucketWebsiteConfigurationRoutingRuleRedirect' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'hostname', 'awsS3BucketWebsiteConfigurationRoutingRuleRedirect_hostname' - The host name to use in the redirect request.
+--
+-- 'httpRedirectCode', 'awsS3BucketWebsiteConfigurationRoutingRuleRedirect_httpRedirectCode' - The HTTP redirect code to use in the response.
+--
+-- 'protocol', 'awsS3BucketWebsiteConfigurationRoutingRuleRedirect_protocol' - The protocol to use to redirect the request. By default, uses the
+-- protocol from the original request.
+--
+-- 'replaceKeyPrefixWith', 'awsS3BucketWebsiteConfigurationRoutingRuleRedirect_replaceKeyPrefixWith' - The object key prefix to use in the redirect request.
+--
+-- Cannot be provided if @ReplaceKeyWith@ is present.
+--
+-- 'replaceKeyWith', 'awsS3BucketWebsiteConfigurationRoutingRuleRedirect_replaceKeyWith' - The specific object key to use in the redirect request.
+--
+-- Cannot be provided if @ReplaceKeyPrefixWith@ is present.
+newAwsS3BucketWebsiteConfigurationRoutingRuleRedirect ::
+  AwsS3BucketWebsiteConfigurationRoutingRuleRedirect
+newAwsS3BucketWebsiteConfigurationRoutingRuleRedirect =
+  AwsS3BucketWebsiteConfigurationRoutingRuleRedirect'
+    { hostname =
+        Prelude.Nothing,
+      httpRedirectCode =
+        Prelude.Nothing,
+      protocol =
+        Prelude.Nothing,
+      replaceKeyPrefixWith =
+        Prelude.Nothing,
+      replaceKeyWith =
+        Prelude.Nothing
+    }
+
+-- | The host name to use in the redirect request.
+awsS3BucketWebsiteConfigurationRoutingRuleRedirect_hostname :: Lens.Lens' AwsS3BucketWebsiteConfigurationRoutingRuleRedirect (Prelude.Maybe Prelude.Text)
+awsS3BucketWebsiteConfigurationRoutingRuleRedirect_hostname = Lens.lens (\AwsS3BucketWebsiteConfigurationRoutingRuleRedirect' {hostname} -> hostname) (\s@AwsS3BucketWebsiteConfigurationRoutingRuleRedirect' {} a -> s {hostname = a} :: AwsS3BucketWebsiteConfigurationRoutingRuleRedirect)
+
+-- | The HTTP redirect code to use in the response.
+awsS3BucketWebsiteConfigurationRoutingRuleRedirect_httpRedirectCode :: Lens.Lens' AwsS3BucketWebsiteConfigurationRoutingRuleRedirect (Prelude.Maybe Prelude.Text)
+awsS3BucketWebsiteConfigurationRoutingRuleRedirect_httpRedirectCode = Lens.lens (\AwsS3BucketWebsiteConfigurationRoutingRuleRedirect' {httpRedirectCode} -> httpRedirectCode) (\s@AwsS3BucketWebsiteConfigurationRoutingRuleRedirect' {} a -> s {httpRedirectCode = a} :: AwsS3BucketWebsiteConfigurationRoutingRuleRedirect)
+
+-- | The protocol to use to redirect the request. By default, uses the
+-- protocol from the original request.
+awsS3BucketWebsiteConfigurationRoutingRuleRedirect_protocol :: Lens.Lens' AwsS3BucketWebsiteConfigurationRoutingRuleRedirect (Prelude.Maybe Prelude.Text)
+awsS3BucketWebsiteConfigurationRoutingRuleRedirect_protocol = Lens.lens (\AwsS3BucketWebsiteConfigurationRoutingRuleRedirect' {protocol} -> protocol) (\s@AwsS3BucketWebsiteConfigurationRoutingRuleRedirect' {} a -> s {protocol = a} :: AwsS3BucketWebsiteConfigurationRoutingRuleRedirect)
+
+-- | The object key prefix to use in the redirect request.
+--
+-- Cannot be provided if @ReplaceKeyWith@ is present.
+awsS3BucketWebsiteConfigurationRoutingRuleRedirect_replaceKeyPrefixWith :: Lens.Lens' AwsS3BucketWebsiteConfigurationRoutingRuleRedirect (Prelude.Maybe Prelude.Text)
+awsS3BucketWebsiteConfigurationRoutingRuleRedirect_replaceKeyPrefixWith = Lens.lens (\AwsS3BucketWebsiteConfigurationRoutingRuleRedirect' {replaceKeyPrefixWith} -> replaceKeyPrefixWith) (\s@AwsS3BucketWebsiteConfigurationRoutingRuleRedirect' {} a -> s {replaceKeyPrefixWith = a} :: AwsS3BucketWebsiteConfigurationRoutingRuleRedirect)
+
+-- | The specific object key to use in the redirect request.
+--
+-- Cannot be provided if @ReplaceKeyPrefixWith@ is present.
+awsS3BucketWebsiteConfigurationRoutingRuleRedirect_replaceKeyWith :: Lens.Lens' AwsS3BucketWebsiteConfigurationRoutingRuleRedirect (Prelude.Maybe Prelude.Text)
+awsS3BucketWebsiteConfigurationRoutingRuleRedirect_replaceKeyWith = Lens.lens (\AwsS3BucketWebsiteConfigurationRoutingRuleRedirect' {replaceKeyWith} -> replaceKeyWith) (\s@AwsS3BucketWebsiteConfigurationRoutingRuleRedirect' {} a -> s {replaceKeyWith = a} :: AwsS3BucketWebsiteConfigurationRoutingRuleRedirect)
+
+instance
+  Data.FromJSON
+    AwsS3BucketWebsiteConfigurationRoutingRuleRedirect
+  where
+  parseJSON =
+    Data.withObject
+      "AwsS3BucketWebsiteConfigurationRoutingRuleRedirect"
+      ( \x ->
+          AwsS3BucketWebsiteConfigurationRoutingRuleRedirect'
+            Prelude.<$> (x Data..:? "Hostname")
+            Prelude.<*> (x Data..:? "HttpRedirectCode")
+            Prelude.<*> (x Data..:? "Protocol")
+            Prelude.<*> (x Data..:? "ReplaceKeyPrefixWith")
+            Prelude.<*> (x Data..:? "ReplaceKeyWith")
+      )
+
+instance
+  Prelude.Hashable
+    AwsS3BucketWebsiteConfigurationRoutingRuleRedirect
+  where
+  hashWithSalt
+    _salt
+    AwsS3BucketWebsiteConfigurationRoutingRuleRedirect' {..} =
+      _salt
+        `Prelude.hashWithSalt` hostname
+        `Prelude.hashWithSalt` httpRedirectCode
+        `Prelude.hashWithSalt` protocol
+        `Prelude.hashWithSalt` replaceKeyPrefixWith
+        `Prelude.hashWithSalt` replaceKeyWith
+
+instance
+  Prelude.NFData
+    AwsS3BucketWebsiteConfigurationRoutingRuleRedirect
+  where
+  rnf
+    AwsS3BucketWebsiteConfigurationRoutingRuleRedirect' {..} =
+      Prelude.rnf hostname
+        `Prelude.seq` Prelude.rnf httpRedirectCode
+        `Prelude.seq` Prelude.rnf protocol
+        `Prelude.seq` Prelude.rnf replaceKeyPrefixWith
+        `Prelude.seq` Prelude.rnf replaceKeyWith
+
+instance
+  Data.ToJSON
+    AwsS3BucketWebsiteConfigurationRoutingRuleRedirect
+  where
+  toJSON
+    AwsS3BucketWebsiteConfigurationRoutingRuleRedirect' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Hostname" Data..=) Prelude.<$> hostname,
+              ("HttpRedirectCode" Data..=)
+                Prelude.<$> httpRedirectCode,
+              ("Protocol" Data..=) Prelude.<$> protocol,
+              ("ReplaceKeyPrefixWith" Data..=)
+                Prelude.<$> replaceKeyPrefixWith,
+              ("ReplaceKeyWith" Data..=)
+                Prelude.<$> replaceKeyWith
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsS3ObjectDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsS3ObjectDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsS3ObjectDetails.hs
@@ -0,0 +1,173 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsS3ObjectDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsS3ObjectDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about an Amazon S3 object.
+--
+-- /See:/ 'newAwsS3ObjectDetails' smart constructor.
+data AwsS3ObjectDetails = AwsS3ObjectDetails'
+  { -- | A standard MIME type describing the format of the object data.
+    contentType :: Prelude.Maybe Prelude.Text,
+    -- | The opaque identifier assigned by a web server to a specific version of
+    -- a resource found at a URL.
+    eTag :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the object was last modified.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    lastModified :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the KMS symmetric customer managed key that was used
+    -- for the object.
+    sSEKMSKeyId :: Prelude.Maybe Prelude.Text,
+    -- | If the object is stored using server-side encryption, the value of the
+    -- server-side encryption algorithm used when storing this object in Amazon
+    -- S3.
+    serverSideEncryption :: Prelude.Maybe Prelude.Text,
+    -- | The version of the object.
+    versionId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsS3ObjectDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'contentType', 'awsS3ObjectDetails_contentType' - A standard MIME type describing the format of the object data.
+--
+-- 'eTag', 'awsS3ObjectDetails_eTag' - The opaque identifier assigned by a web server to a specific version of
+-- a resource found at a URL.
+--
+-- 'lastModified', 'awsS3ObjectDetails_lastModified' - Indicates when the object was last modified.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'sSEKMSKeyId', 'awsS3ObjectDetails_sSEKMSKeyId' - The identifier of the KMS symmetric customer managed key that was used
+-- for the object.
+--
+-- 'serverSideEncryption', 'awsS3ObjectDetails_serverSideEncryption' - If the object is stored using server-side encryption, the value of the
+-- server-side encryption algorithm used when storing this object in Amazon
+-- S3.
+--
+-- 'versionId', 'awsS3ObjectDetails_versionId' - The version of the object.
+newAwsS3ObjectDetails ::
+  AwsS3ObjectDetails
+newAwsS3ObjectDetails =
+  AwsS3ObjectDetails'
+    { contentType = Prelude.Nothing,
+      eTag = Prelude.Nothing,
+      lastModified = Prelude.Nothing,
+      sSEKMSKeyId = Prelude.Nothing,
+      serverSideEncryption = Prelude.Nothing,
+      versionId = Prelude.Nothing
+    }
+
+-- | A standard MIME type describing the format of the object data.
+awsS3ObjectDetails_contentType :: Lens.Lens' AwsS3ObjectDetails (Prelude.Maybe Prelude.Text)
+awsS3ObjectDetails_contentType = Lens.lens (\AwsS3ObjectDetails' {contentType} -> contentType) (\s@AwsS3ObjectDetails' {} a -> s {contentType = a} :: AwsS3ObjectDetails)
+
+-- | The opaque identifier assigned by a web server to a specific version of
+-- a resource found at a URL.
+awsS3ObjectDetails_eTag :: Lens.Lens' AwsS3ObjectDetails (Prelude.Maybe Prelude.Text)
+awsS3ObjectDetails_eTag = Lens.lens (\AwsS3ObjectDetails' {eTag} -> eTag) (\s@AwsS3ObjectDetails' {} a -> s {eTag = a} :: AwsS3ObjectDetails)
+
+-- | Indicates when the object was last modified.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsS3ObjectDetails_lastModified :: Lens.Lens' AwsS3ObjectDetails (Prelude.Maybe Prelude.Text)
+awsS3ObjectDetails_lastModified = Lens.lens (\AwsS3ObjectDetails' {lastModified} -> lastModified) (\s@AwsS3ObjectDetails' {} a -> s {lastModified = a} :: AwsS3ObjectDetails)
+
+-- | The identifier of the KMS symmetric customer managed key that was used
+-- for the object.
+awsS3ObjectDetails_sSEKMSKeyId :: Lens.Lens' AwsS3ObjectDetails (Prelude.Maybe Prelude.Text)
+awsS3ObjectDetails_sSEKMSKeyId = Lens.lens (\AwsS3ObjectDetails' {sSEKMSKeyId} -> sSEKMSKeyId) (\s@AwsS3ObjectDetails' {} a -> s {sSEKMSKeyId = a} :: AwsS3ObjectDetails)
+
+-- | If the object is stored using server-side encryption, the value of the
+-- server-side encryption algorithm used when storing this object in Amazon
+-- S3.
+awsS3ObjectDetails_serverSideEncryption :: Lens.Lens' AwsS3ObjectDetails (Prelude.Maybe Prelude.Text)
+awsS3ObjectDetails_serverSideEncryption = Lens.lens (\AwsS3ObjectDetails' {serverSideEncryption} -> serverSideEncryption) (\s@AwsS3ObjectDetails' {} a -> s {serverSideEncryption = a} :: AwsS3ObjectDetails)
+
+-- | The version of the object.
+awsS3ObjectDetails_versionId :: Lens.Lens' AwsS3ObjectDetails (Prelude.Maybe Prelude.Text)
+awsS3ObjectDetails_versionId = Lens.lens (\AwsS3ObjectDetails' {versionId} -> versionId) (\s@AwsS3ObjectDetails' {} a -> s {versionId = a} :: AwsS3ObjectDetails)
+
+instance Data.FromJSON AwsS3ObjectDetails where
+  parseJSON =
+    Data.withObject
+      "AwsS3ObjectDetails"
+      ( \x ->
+          AwsS3ObjectDetails'
+            Prelude.<$> (x Data..:? "ContentType")
+            Prelude.<*> (x Data..:? "ETag")
+            Prelude.<*> (x Data..:? "LastModified")
+            Prelude.<*> (x Data..:? "SSEKMSKeyId")
+            Prelude.<*> (x Data..:? "ServerSideEncryption")
+            Prelude.<*> (x Data..:? "VersionId")
+      )
+
+instance Prelude.Hashable AwsS3ObjectDetails where
+  hashWithSalt _salt AwsS3ObjectDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` contentType
+      `Prelude.hashWithSalt` eTag
+      `Prelude.hashWithSalt` lastModified
+      `Prelude.hashWithSalt` sSEKMSKeyId
+      `Prelude.hashWithSalt` serverSideEncryption
+      `Prelude.hashWithSalt` versionId
+
+instance Prelude.NFData AwsS3ObjectDetails where
+  rnf AwsS3ObjectDetails' {..} =
+    Prelude.rnf contentType
+      `Prelude.seq` Prelude.rnf eTag
+      `Prelude.seq` Prelude.rnf lastModified
+      `Prelude.seq` Prelude.rnf sSEKMSKeyId
+      `Prelude.seq` Prelude.rnf serverSideEncryption
+      `Prelude.seq` Prelude.rnf versionId
+
+instance Data.ToJSON AwsS3ObjectDetails where
+  toJSON AwsS3ObjectDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ContentType" Data..=) Prelude.<$> contentType,
+            ("ETag" Data..=) Prelude.<$> eTag,
+            ("LastModified" Data..=) Prelude.<$> lastModified,
+            ("SSEKMSKeyId" Data..=) Prelude.<$> sSEKMSKeyId,
+            ("ServerSideEncryption" Data..=)
+              Prelude.<$> serverSideEncryption,
+            ("VersionId" Data..=) Prelude.<$> versionId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsSageMakerNotebookInstanceDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsSageMakerNotebookInstanceDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsSageMakerNotebookInstanceDetails.hs
@@ -0,0 +1,469 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsSageMakerNotebookInstanceDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsSageMakerNotebookInstanceDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails
+
+-- | Provides details about an Amazon SageMaker notebook instance.
+--
+-- /See:/ 'newAwsSageMakerNotebookInstanceDetails' smart constructor.
+data AwsSageMakerNotebookInstanceDetails = AwsSageMakerNotebookInstanceDetails'
+  { -- | A list of Amazon Elastic Inference instance types to associate with the
+    -- notebook instance. Currently, only one instance type can be associated
+    -- with a notebook instance.
+    acceleratorTypes :: Prelude.Maybe [Prelude.Text],
+    -- | An array of up to three Git repositories associated with the notebook
+    -- instance. These can be either the names of Git repositories stored as
+    -- resources in your account, or the URL of Git repositories in
+    -- <https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html AWS CodeCommit>
+    -- or in any other Git repository. These repositories are cloned at the
+    -- same level as the default repository of your notebook instance. For more
+    -- information, see
+    -- <https://docs.aws.amazon.com/sagemaker/latest/dg/nbi-git-repo.html Associating Git repositories with SageMaker notebook instances>
+    -- in the /Amazon SageMaker Developer Guide/.
+    additionalCodeRepositories :: Prelude.Maybe [Prelude.Text],
+    -- | The Git repository associated with the notebook instance as its default
+    -- code repository. This can be either the name of a Git repository stored
+    -- as a resource in your account, or the URL of a Git repository in
+    -- <https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html AWS CodeCommit>
+    -- or in any other Git repository. When you open a notebook instance, it
+    -- opens in the directory that contains this repository. For more
+    -- information, see
+    -- <https://docs.aws.amazon.com/sagemaker/latest/dg/nbi-git-repo.html Associating Git repositories with SageMaker notebook instances>
+    -- in the /Amazon SageMaker Developer Guide/.
+    defaultCodeRepository :: Prelude.Maybe Prelude.Text,
+    -- | Sets whether SageMaker provides internet access to the notebook
+    -- instance. If you set this to @Disabled@, this notebook instance is able
+    -- to access resources only in your VPC, and is not be able to connect to
+    -- SageMaker training and endpoint services unless you configure a Network
+    -- Address Translation (NAT) Gateway in your VPC.
+    directInternetAccess :: Prelude.Maybe Prelude.Text,
+    -- | If status of the instance is @Failed@, the reason it failed.
+    failureReason :: Prelude.Maybe Prelude.Text,
+    -- | Information on the IMDS configuration of the notebook instance.
+    instanceMetadataServiceConfiguration :: Prelude.Maybe AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails,
+    -- | The type of machine learning (ML) compute instance to launch for the
+    -- notebook instance.
+    instanceType :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of an Key Management Service (KMS) key
+    -- that SageMaker uses to encrypt data on the storage volume attached to
+    -- your notebook instance. The KMS key you provide must be enabled. For
+    -- information, see
+    -- <https://docs.aws.amazon.com/kms/latest/developerguide/enabling-keys.html Enabling and disabling keys>
+    -- in the /Key Management Service Developer Guide/.
+    kmsKeyId :: Prelude.Maybe Prelude.Text,
+    -- | The network interface ID that SageMaker created when the instance was
+    -- created.
+    networkInterfaceId :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of the notebook instance.
+    notebookInstanceArn :: Prelude.Maybe Prelude.Text,
+    -- | The name of a notebook instance lifecycle configuration.
+    notebookInstanceLifecycleConfigName :: Prelude.Maybe Prelude.Text,
+    -- | The name of the new notebook instance.
+    notebookInstanceName :: Prelude.Maybe Prelude.Text,
+    -- | The status of the notebook instance.
+    notebookInstanceStatus :: Prelude.Maybe Prelude.Text,
+    -- | The platform identifier of the notebook instance runtime environment.
+    platformIdentifier :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of the IAM role associated with the
+    -- instance.
+    roleArn :: Prelude.Maybe Prelude.Text,
+    -- | Whether root access is enabled or disabled for users of the notebook
+    -- instance.
+    rootAccess :: Prelude.Maybe Prelude.Text,
+    -- | The VPC security group IDs.
+    securityGroups :: Prelude.Maybe [Prelude.Text],
+    -- | The ID of the VPC subnet to which you have a connectivity from your ML
+    -- compute instance.
+    subnetId :: Prelude.Maybe Prelude.Text,
+    -- | The URL that you use to connect to the Jupyter notebook that is running
+    -- in your notebook instance.
+    url :: Prelude.Maybe Prelude.Text,
+    -- | The size, in GB, of the ML storage volume to attach to the notebook
+    -- instance.
+    volumeSizeInGB :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsSageMakerNotebookInstanceDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'acceleratorTypes', 'awsSageMakerNotebookInstanceDetails_acceleratorTypes' - A list of Amazon Elastic Inference instance types to associate with the
+-- notebook instance. Currently, only one instance type can be associated
+-- with a notebook instance.
+--
+-- 'additionalCodeRepositories', 'awsSageMakerNotebookInstanceDetails_additionalCodeRepositories' - An array of up to three Git repositories associated with the notebook
+-- instance. These can be either the names of Git repositories stored as
+-- resources in your account, or the URL of Git repositories in
+-- <https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html AWS CodeCommit>
+-- or in any other Git repository. These repositories are cloned at the
+-- same level as the default repository of your notebook instance. For more
+-- information, see
+-- <https://docs.aws.amazon.com/sagemaker/latest/dg/nbi-git-repo.html Associating Git repositories with SageMaker notebook instances>
+-- in the /Amazon SageMaker Developer Guide/.
+--
+-- 'defaultCodeRepository', 'awsSageMakerNotebookInstanceDetails_defaultCodeRepository' - The Git repository associated with the notebook instance as its default
+-- code repository. This can be either the name of a Git repository stored
+-- as a resource in your account, or the URL of a Git repository in
+-- <https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html AWS CodeCommit>
+-- or in any other Git repository. When you open a notebook instance, it
+-- opens in the directory that contains this repository. For more
+-- information, see
+-- <https://docs.aws.amazon.com/sagemaker/latest/dg/nbi-git-repo.html Associating Git repositories with SageMaker notebook instances>
+-- in the /Amazon SageMaker Developer Guide/.
+--
+-- 'directInternetAccess', 'awsSageMakerNotebookInstanceDetails_directInternetAccess' - Sets whether SageMaker provides internet access to the notebook
+-- instance. If you set this to @Disabled@, this notebook instance is able
+-- to access resources only in your VPC, and is not be able to connect to
+-- SageMaker training and endpoint services unless you configure a Network
+-- Address Translation (NAT) Gateway in your VPC.
+--
+-- 'failureReason', 'awsSageMakerNotebookInstanceDetails_failureReason' - If status of the instance is @Failed@, the reason it failed.
+--
+-- 'instanceMetadataServiceConfiguration', 'awsSageMakerNotebookInstanceDetails_instanceMetadataServiceConfiguration' - Information on the IMDS configuration of the notebook instance.
+--
+-- 'instanceType', 'awsSageMakerNotebookInstanceDetails_instanceType' - The type of machine learning (ML) compute instance to launch for the
+-- notebook instance.
+--
+-- 'kmsKeyId', 'awsSageMakerNotebookInstanceDetails_kmsKeyId' - The Amazon Resource Name (ARN) of an Key Management Service (KMS) key
+-- that SageMaker uses to encrypt data on the storage volume attached to
+-- your notebook instance. The KMS key you provide must be enabled. For
+-- information, see
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/enabling-keys.html Enabling and disabling keys>
+-- in the /Key Management Service Developer Guide/.
+--
+-- 'networkInterfaceId', 'awsSageMakerNotebookInstanceDetails_networkInterfaceId' - The network interface ID that SageMaker created when the instance was
+-- created.
+--
+-- 'notebookInstanceArn', 'awsSageMakerNotebookInstanceDetails_notebookInstanceArn' - The Amazon Resource Name (ARN) of the notebook instance.
+--
+-- 'notebookInstanceLifecycleConfigName', 'awsSageMakerNotebookInstanceDetails_notebookInstanceLifecycleConfigName' - The name of a notebook instance lifecycle configuration.
+--
+-- 'notebookInstanceName', 'awsSageMakerNotebookInstanceDetails_notebookInstanceName' - The name of the new notebook instance.
+--
+-- 'notebookInstanceStatus', 'awsSageMakerNotebookInstanceDetails_notebookInstanceStatus' - The status of the notebook instance.
+--
+-- 'platformIdentifier', 'awsSageMakerNotebookInstanceDetails_platformIdentifier' - The platform identifier of the notebook instance runtime environment.
+--
+-- 'roleArn', 'awsSageMakerNotebookInstanceDetails_roleArn' - The Amazon Resource Name (ARN) of the IAM role associated with the
+-- instance.
+--
+-- 'rootAccess', 'awsSageMakerNotebookInstanceDetails_rootAccess' - Whether root access is enabled or disabled for users of the notebook
+-- instance.
+--
+-- 'securityGroups', 'awsSageMakerNotebookInstanceDetails_securityGroups' - The VPC security group IDs.
+--
+-- 'subnetId', 'awsSageMakerNotebookInstanceDetails_subnetId' - The ID of the VPC subnet to which you have a connectivity from your ML
+-- compute instance.
+--
+-- 'url', 'awsSageMakerNotebookInstanceDetails_url' - The URL that you use to connect to the Jupyter notebook that is running
+-- in your notebook instance.
+--
+-- 'volumeSizeInGB', 'awsSageMakerNotebookInstanceDetails_volumeSizeInGB' - The size, in GB, of the ML storage volume to attach to the notebook
+-- instance.
+newAwsSageMakerNotebookInstanceDetails ::
+  AwsSageMakerNotebookInstanceDetails
+newAwsSageMakerNotebookInstanceDetails =
+  AwsSageMakerNotebookInstanceDetails'
+    { acceleratorTypes =
+        Prelude.Nothing,
+      additionalCodeRepositories =
+        Prelude.Nothing,
+      defaultCodeRepository =
+        Prelude.Nothing,
+      directInternetAccess = Prelude.Nothing,
+      failureReason = Prelude.Nothing,
+      instanceMetadataServiceConfiguration =
+        Prelude.Nothing,
+      instanceType = Prelude.Nothing,
+      kmsKeyId = Prelude.Nothing,
+      networkInterfaceId = Prelude.Nothing,
+      notebookInstanceArn = Prelude.Nothing,
+      notebookInstanceLifecycleConfigName =
+        Prelude.Nothing,
+      notebookInstanceName = Prelude.Nothing,
+      notebookInstanceStatus =
+        Prelude.Nothing,
+      platformIdentifier = Prelude.Nothing,
+      roleArn = Prelude.Nothing,
+      rootAccess = Prelude.Nothing,
+      securityGroups = Prelude.Nothing,
+      subnetId = Prelude.Nothing,
+      url = Prelude.Nothing,
+      volumeSizeInGB = Prelude.Nothing
+    }
+
+-- | A list of Amazon Elastic Inference instance types to associate with the
+-- notebook instance. Currently, only one instance type can be associated
+-- with a notebook instance.
+awsSageMakerNotebookInstanceDetails_acceleratorTypes :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe [Prelude.Text])
+awsSageMakerNotebookInstanceDetails_acceleratorTypes = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {acceleratorTypes} -> acceleratorTypes) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {acceleratorTypes = a} :: AwsSageMakerNotebookInstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | An array of up to three Git repositories associated with the notebook
+-- instance. These can be either the names of Git repositories stored as
+-- resources in your account, or the URL of Git repositories in
+-- <https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html AWS CodeCommit>
+-- or in any other Git repository. These repositories are cloned at the
+-- same level as the default repository of your notebook instance. For more
+-- information, see
+-- <https://docs.aws.amazon.com/sagemaker/latest/dg/nbi-git-repo.html Associating Git repositories with SageMaker notebook instances>
+-- in the /Amazon SageMaker Developer Guide/.
+awsSageMakerNotebookInstanceDetails_additionalCodeRepositories :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe [Prelude.Text])
+awsSageMakerNotebookInstanceDetails_additionalCodeRepositories = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {additionalCodeRepositories} -> additionalCodeRepositories) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {additionalCodeRepositories = a} :: AwsSageMakerNotebookInstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Git repository associated with the notebook instance as its default
+-- code repository. This can be either the name of a Git repository stored
+-- as a resource in your account, or the URL of a Git repository in
+-- <https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html AWS CodeCommit>
+-- or in any other Git repository. When you open a notebook instance, it
+-- opens in the directory that contains this repository. For more
+-- information, see
+-- <https://docs.aws.amazon.com/sagemaker/latest/dg/nbi-git-repo.html Associating Git repositories with SageMaker notebook instances>
+-- in the /Amazon SageMaker Developer Guide/.
+awsSageMakerNotebookInstanceDetails_defaultCodeRepository :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceDetails_defaultCodeRepository = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {defaultCodeRepository} -> defaultCodeRepository) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {defaultCodeRepository = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | Sets whether SageMaker provides internet access to the notebook
+-- instance. If you set this to @Disabled@, this notebook instance is able
+-- to access resources only in your VPC, and is not be able to connect to
+-- SageMaker training and endpoint services unless you configure a Network
+-- Address Translation (NAT) Gateway in your VPC.
+awsSageMakerNotebookInstanceDetails_directInternetAccess :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceDetails_directInternetAccess = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {directInternetAccess} -> directInternetAccess) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {directInternetAccess = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | If status of the instance is @Failed@, the reason it failed.
+awsSageMakerNotebookInstanceDetails_failureReason :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceDetails_failureReason = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {failureReason} -> failureReason) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {failureReason = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | Information on the IMDS configuration of the notebook instance.
+awsSageMakerNotebookInstanceDetails_instanceMetadataServiceConfiguration :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails)
+awsSageMakerNotebookInstanceDetails_instanceMetadataServiceConfiguration = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {instanceMetadataServiceConfiguration} -> instanceMetadataServiceConfiguration) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {instanceMetadataServiceConfiguration = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | The type of machine learning (ML) compute instance to launch for the
+-- notebook instance.
+awsSageMakerNotebookInstanceDetails_instanceType :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceDetails_instanceType = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {instanceType} -> instanceType) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {instanceType = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | The Amazon Resource Name (ARN) of an Key Management Service (KMS) key
+-- that SageMaker uses to encrypt data on the storage volume attached to
+-- your notebook instance. The KMS key you provide must be enabled. For
+-- information, see
+-- <https://docs.aws.amazon.com/kms/latest/developerguide/enabling-keys.html Enabling and disabling keys>
+-- in the /Key Management Service Developer Guide/.
+awsSageMakerNotebookInstanceDetails_kmsKeyId :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceDetails_kmsKeyId = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {kmsKeyId} -> kmsKeyId) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {kmsKeyId = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | The network interface ID that SageMaker created when the instance was
+-- created.
+awsSageMakerNotebookInstanceDetails_networkInterfaceId :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceDetails_networkInterfaceId = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {networkInterfaceId} -> networkInterfaceId) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {networkInterfaceId = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | The Amazon Resource Name (ARN) of the notebook instance.
+awsSageMakerNotebookInstanceDetails_notebookInstanceArn :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceDetails_notebookInstanceArn = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {notebookInstanceArn} -> notebookInstanceArn) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {notebookInstanceArn = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | The name of a notebook instance lifecycle configuration.
+awsSageMakerNotebookInstanceDetails_notebookInstanceLifecycleConfigName :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceDetails_notebookInstanceLifecycleConfigName = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {notebookInstanceLifecycleConfigName} -> notebookInstanceLifecycleConfigName) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {notebookInstanceLifecycleConfigName = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | The name of the new notebook instance.
+awsSageMakerNotebookInstanceDetails_notebookInstanceName :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceDetails_notebookInstanceName = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {notebookInstanceName} -> notebookInstanceName) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {notebookInstanceName = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | The status of the notebook instance.
+awsSageMakerNotebookInstanceDetails_notebookInstanceStatus :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceDetails_notebookInstanceStatus = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {notebookInstanceStatus} -> notebookInstanceStatus) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {notebookInstanceStatus = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | The platform identifier of the notebook instance runtime environment.
+awsSageMakerNotebookInstanceDetails_platformIdentifier :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceDetails_platformIdentifier = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {platformIdentifier} -> platformIdentifier) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {platformIdentifier = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | The Amazon Resource Name (ARN) of the IAM role associated with the
+-- instance.
+awsSageMakerNotebookInstanceDetails_roleArn :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceDetails_roleArn = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {roleArn} -> roleArn) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {roleArn = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | Whether root access is enabled or disabled for users of the notebook
+-- instance.
+awsSageMakerNotebookInstanceDetails_rootAccess :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceDetails_rootAccess = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {rootAccess} -> rootAccess) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {rootAccess = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | The VPC security group IDs.
+awsSageMakerNotebookInstanceDetails_securityGroups :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe [Prelude.Text])
+awsSageMakerNotebookInstanceDetails_securityGroups = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {securityGroups} -> securityGroups) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {securityGroups = a} :: AwsSageMakerNotebookInstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the VPC subnet to which you have a connectivity from your ML
+-- compute instance.
+awsSageMakerNotebookInstanceDetails_subnetId :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceDetails_subnetId = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {subnetId} -> subnetId) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {subnetId = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | The URL that you use to connect to the Jupyter notebook that is running
+-- in your notebook instance.
+awsSageMakerNotebookInstanceDetails_url :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceDetails_url = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {url} -> url) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {url = a} :: AwsSageMakerNotebookInstanceDetails)
+
+-- | The size, in GB, of the ML storage volume to attach to the notebook
+-- instance.
+awsSageMakerNotebookInstanceDetails_volumeSizeInGB :: Lens.Lens' AwsSageMakerNotebookInstanceDetails (Prelude.Maybe Prelude.Int)
+awsSageMakerNotebookInstanceDetails_volumeSizeInGB = Lens.lens (\AwsSageMakerNotebookInstanceDetails' {volumeSizeInGB} -> volumeSizeInGB) (\s@AwsSageMakerNotebookInstanceDetails' {} a -> s {volumeSizeInGB = a} :: AwsSageMakerNotebookInstanceDetails)
+
+instance
+  Data.FromJSON
+    AwsSageMakerNotebookInstanceDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsSageMakerNotebookInstanceDetails"
+      ( \x ->
+          AwsSageMakerNotebookInstanceDetails'
+            Prelude.<$> ( x
+                            Data..:? "AcceleratorTypes"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "AdditionalCodeRepositories"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "DefaultCodeRepository")
+            Prelude.<*> (x Data..:? "DirectInternetAccess")
+            Prelude.<*> (x Data..:? "FailureReason")
+            Prelude.<*> (x Data..:? "InstanceMetadataServiceConfiguration")
+            Prelude.<*> (x Data..:? "InstanceType")
+            Prelude.<*> (x Data..:? "KmsKeyId")
+            Prelude.<*> (x Data..:? "NetworkInterfaceId")
+            Prelude.<*> (x Data..:? "NotebookInstanceArn")
+            Prelude.<*> (x Data..:? "NotebookInstanceLifecycleConfigName")
+            Prelude.<*> (x Data..:? "NotebookInstanceName")
+            Prelude.<*> (x Data..:? "NotebookInstanceStatus")
+            Prelude.<*> (x Data..:? "PlatformIdentifier")
+            Prelude.<*> (x Data..:? "RoleArn")
+            Prelude.<*> (x Data..:? "RootAccess")
+            Prelude.<*> (x Data..:? "SecurityGroups" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "SubnetId")
+            Prelude.<*> (x Data..:? "Url")
+            Prelude.<*> (x Data..:? "VolumeSizeInGB")
+      )
+
+instance
+  Prelude.Hashable
+    AwsSageMakerNotebookInstanceDetails
+  where
+  hashWithSalt
+    _salt
+    AwsSageMakerNotebookInstanceDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` acceleratorTypes
+        `Prelude.hashWithSalt` additionalCodeRepositories
+        `Prelude.hashWithSalt` defaultCodeRepository
+        `Prelude.hashWithSalt` directInternetAccess
+        `Prelude.hashWithSalt` failureReason
+        `Prelude.hashWithSalt` instanceMetadataServiceConfiguration
+        `Prelude.hashWithSalt` instanceType
+        `Prelude.hashWithSalt` kmsKeyId
+        `Prelude.hashWithSalt` networkInterfaceId
+        `Prelude.hashWithSalt` notebookInstanceArn
+        `Prelude.hashWithSalt` notebookInstanceLifecycleConfigName
+        `Prelude.hashWithSalt` notebookInstanceName
+        `Prelude.hashWithSalt` notebookInstanceStatus
+        `Prelude.hashWithSalt` platformIdentifier
+        `Prelude.hashWithSalt` roleArn
+        `Prelude.hashWithSalt` rootAccess
+        `Prelude.hashWithSalt` securityGroups
+        `Prelude.hashWithSalt` subnetId
+        `Prelude.hashWithSalt` url
+        `Prelude.hashWithSalt` volumeSizeInGB
+
+instance
+  Prelude.NFData
+    AwsSageMakerNotebookInstanceDetails
+  where
+  rnf AwsSageMakerNotebookInstanceDetails' {..} =
+    Prelude.rnf acceleratorTypes
+      `Prelude.seq` Prelude.rnf additionalCodeRepositories
+      `Prelude.seq` Prelude.rnf defaultCodeRepository
+      `Prelude.seq` Prelude.rnf directInternetAccess
+      `Prelude.seq` Prelude.rnf failureReason
+      `Prelude.seq` Prelude.rnf instanceMetadataServiceConfiguration
+      `Prelude.seq` Prelude.rnf instanceType
+      `Prelude.seq` Prelude.rnf kmsKeyId
+      `Prelude.seq` Prelude.rnf networkInterfaceId
+      `Prelude.seq` Prelude.rnf notebookInstanceArn
+      `Prelude.seq` Prelude.rnf notebookInstanceLifecycleConfigName
+      `Prelude.seq` Prelude.rnf notebookInstanceName
+      `Prelude.seq` Prelude.rnf notebookInstanceStatus
+      `Prelude.seq` Prelude.rnf platformIdentifier
+      `Prelude.seq` Prelude.rnf roleArn
+      `Prelude.seq` Prelude.rnf rootAccess
+      `Prelude.seq` Prelude.rnf securityGroups
+      `Prelude.seq` Prelude.rnf subnetId
+      `Prelude.seq` Prelude.rnf url
+      `Prelude.seq` Prelude.rnf volumeSizeInGB
+
+instance
+  Data.ToJSON
+    AwsSageMakerNotebookInstanceDetails
+  where
+  toJSON AwsSageMakerNotebookInstanceDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AcceleratorTypes" Data..=)
+              Prelude.<$> acceleratorTypes,
+            ("AdditionalCodeRepositories" Data..=)
+              Prelude.<$> additionalCodeRepositories,
+            ("DefaultCodeRepository" Data..=)
+              Prelude.<$> defaultCodeRepository,
+            ("DirectInternetAccess" Data..=)
+              Prelude.<$> directInternetAccess,
+            ("FailureReason" Data..=) Prelude.<$> failureReason,
+            ("InstanceMetadataServiceConfiguration" Data..=)
+              Prelude.<$> instanceMetadataServiceConfiguration,
+            ("InstanceType" Data..=) Prelude.<$> instanceType,
+            ("KmsKeyId" Data..=) Prelude.<$> kmsKeyId,
+            ("NetworkInterfaceId" Data..=)
+              Prelude.<$> networkInterfaceId,
+            ("NotebookInstanceArn" Data..=)
+              Prelude.<$> notebookInstanceArn,
+            ("NotebookInstanceLifecycleConfigName" Data..=)
+              Prelude.<$> notebookInstanceLifecycleConfigName,
+            ("NotebookInstanceName" Data..=)
+              Prelude.<$> notebookInstanceName,
+            ("NotebookInstanceStatus" Data..=)
+              Prelude.<$> notebookInstanceStatus,
+            ("PlatformIdentifier" Data..=)
+              Prelude.<$> platformIdentifier,
+            ("RoleArn" Data..=) Prelude.<$> roleArn,
+            ("RootAccess" Data..=) Prelude.<$> rootAccess,
+            ("SecurityGroups" Data..=)
+              Prelude.<$> securityGroups,
+            ("SubnetId" Data..=) Prelude.<$> subnetId,
+            ("Url" Data..=) Prelude.<$> url,
+            ("VolumeSizeInGB" Data..=)
+              Prelude.<$> volumeSizeInGB
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails.hs
@@ -0,0 +1,99 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information on the instance metadata service (IMDS) configuration of the
+-- notebook instance.
+--
+-- /See:/ 'newAwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails' smart constructor.
+data AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails = AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails'
+  { -- | Indicates the minimum IMDS version that the notebook instance supports.
+    minimumInstanceMetadataServiceVersion :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'minimumInstanceMetadataServiceVersion', 'awsSageMakerNotebookInstanceMetadataServiceConfigurationDetails_minimumInstanceMetadataServiceVersion' - Indicates the minimum IMDS version that the notebook instance supports.
+newAwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails ::
+  AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails
+newAwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails =
+  AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails'
+    { minimumInstanceMetadataServiceVersion =
+        Prelude.Nothing
+    }
+
+-- | Indicates the minimum IMDS version that the notebook instance supports.
+awsSageMakerNotebookInstanceMetadataServiceConfigurationDetails_minimumInstanceMetadataServiceVersion :: Lens.Lens' AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails (Prelude.Maybe Prelude.Text)
+awsSageMakerNotebookInstanceMetadataServiceConfigurationDetails_minimumInstanceMetadataServiceVersion = Lens.lens (\AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails' {minimumInstanceMetadataServiceVersion} -> minimumInstanceMetadataServiceVersion) (\s@AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails' {} a -> s {minimumInstanceMetadataServiceVersion = a} :: AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails)
+
+instance
+  Data.FromJSON
+    AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails"
+      ( \x ->
+          AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails'
+            Prelude.<$> (x Data..:? "MinimumInstanceMetadataServiceVersion")
+      )
+
+instance
+  Prelude.Hashable
+    AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails
+  where
+  hashWithSalt
+    _salt
+    AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` minimumInstanceMetadataServiceVersion
+
+instance
+  Prelude.NFData
+    AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails
+  where
+  rnf
+    AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails' {..} =
+      Prelude.rnf minimumInstanceMetadataServiceVersion
+
+instance
+  Data.ToJSON
+    AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails
+  where
+  toJSON
+    AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("MinimumInstanceMetadataServiceVersion" Data..=)
+                Prelude.<$> minimumInstanceMetadataServiceVersion
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsSecretsManagerSecretDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsSecretsManagerSecretDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsSecretsManagerSecretDetails.hs
@@ -0,0 +1,188 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsSecretsManagerSecretDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsSecretsManagerSecretDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsSecretsManagerSecretRotationRules
+
+-- | Details about an Secrets Manager secret.
+--
+-- /See:/ 'newAwsSecretsManagerSecretDetails' smart constructor.
+data AwsSecretsManagerSecretDetails = AwsSecretsManagerSecretDetails'
+  { -- | Whether the secret is deleted.
+    deleted :: Prelude.Maybe Prelude.Bool,
+    -- | The user-provided description of the secret.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The ARN, Key ID, or alias of the KMS key used to encrypt the
+    -- @SecretString@ or @SecretBinary@ values for versions of this secret.
+    kmsKeyId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the secret.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | Whether rotation is enabled.
+    rotationEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | The ARN of the Lambda function that rotates the secret.
+    rotationLambdaArn :: Prelude.Maybe Prelude.Text,
+    -- | Whether the rotation occurred within the specified rotation frequency.
+    rotationOccurredWithinFrequency :: Prelude.Maybe Prelude.Bool,
+    -- | Defines the rotation schedule for the secret.
+    rotationRules :: Prelude.Maybe AwsSecretsManagerSecretRotationRules
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsSecretsManagerSecretDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deleted', 'awsSecretsManagerSecretDetails_deleted' - Whether the secret is deleted.
+--
+-- 'description', 'awsSecretsManagerSecretDetails_description' - The user-provided description of the secret.
+--
+-- 'kmsKeyId', 'awsSecretsManagerSecretDetails_kmsKeyId' - The ARN, Key ID, or alias of the KMS key used to encrypt the
+-- @SecretString@ or @SecretBinary@ values for versions of this secret.
+--
+-- 'name', 'awsSecretsManagerSecretDetails_name' - The name of the secret.
+--
+-- 'rotationEnabled', 'awsSecretsManagerSecretDetails_rotationEnabled' - Whether rotation is enabled.
+--
+-- 'rotationLambdaArn', 'awsSecretsManagerSecretDetails_rotationLambdaArn' - The ARN of the Lambda function that rotates the secret.
+--
+-- 'rotationOccurredWithinFrequency', 'awsSecretsManagerSecretDetails_rotationOccurredWithinFrequency' - Whether the rotation occurred within the specified rotation frequency.
+--
+-- 'rotationRules', 'awsSecretsManagerSecretDetails_rotationRules' - Defines the rotation schedule for the secret.
+newAwsSecretsManagerSecretDetails ::
+  AwsSecretsManagerSecretDetails
+newAwsSecretsManagerSecretDetails =
+  AwsSecretsManagerSecretDetails'
+    { deleted =
+        Prelude.Nothing,
+      description = Prelude.Nothing,
+      kmsKeyId = Prelude.Nothing,
+      name = Prelude.Nothing,
+      rotationEnabled = Prelude.Nothing,
+      rotationLambdaArn = Prelude.Nothing,
+      rotationOccurredWithinFrequency =
+        Prelude.Nothing,
+      rotationRules = Prelude.Nothing
+    }
+
+-- | Whether the secret is deleted.
+awsSecretsManagerSecretDetails_deleted :: Lens.Lens' AwsSecretsManagerSecretDetails (Prelude.Maybe Prelude.Bool)
+awsSecretsManagerSecretDetails_deleted = Lens.lens (\AwsSecretsManagerSecretDetails' {deleted} -> deleted) (\s@AwsSecretsManagerSecretDetails' {} a -> s {deleted = a} :: AwsSecretsManagerSecretDetails)
+
+-- | The user-provided description of the secret.
+awsSecretsManagerSecretDetails_description :: Lens.Lens' AwsSecretsManagerSecretDetails (Prelude.Maybe Prelude.Text)
+awsSecretsManagerSecretDetails_description = Lens.lens (\AwsSecretsManagerSecretDetails' {description} -> description) (\s@AwsSecretsManagerSecretDetails' {} a -> s {description = a} :: AwsSecretsManagerSecretDetails)
+
+-- | The ARN, Key ID, or alias of the KMS key used to encrypt the
+-- @SecretString@ or @SecretBinary@ values for versions of this secret.
+awsSecretsManagerSecretDetails_kmsKeyId :: Lens.Lens' AwsSecretsManagerSecretDetails (Prelude.Maybe Prelude.Text)
+awsSecretsManagerSecretDetails_kmsKeyId = Lens.lens (\AwsSecretsManagerSecretDetails' {kmsKeyId} -> kmsKeyId) (\s@AwsSecretsManagerSecretDetails' {} a -> s {kmsKeyId = a} :: AwsSecretsManagerSecretDetails)
+
+-- | The name of the secret.
+awsSecretsManagerSecretDetails_name :: Lens.Lens' AwsSecretsManagerSecretDetails (Prelude.Maybe Prelude.Text)
+awsSecretsManagerSecretDetails_name = Lens.lens (\AwsSecretsManagerSecretDetails' {name} -> name) (\s@AwsSecretsManagerSecretDetails' {} a -> s {name = a} :: AwsSecretsManagerSecretDetails)
+
+-- | Whether rotation is enabled.
+awsSecretsManagerSecretDetails_rotationEnabled :: Lens.Lens' AwsSecretsManagerSecretDetails (Prelude.Maybe Prelude.Bool)
+awsSecretsManagerSecretDetails_rotationEnabled = Lens.lens (\AwsSecretsManagerSecretDetails' {rotationEnabled} -> rotationEnabled) (\s@AwsSecretsManagerSecretDetails' {} a -> s {rotationEnabled = a} :: AwsSecretsManagerSecretDetails)
+
+-- | The ARN of the Lambda function that rotates the secret.
+awsSecretsManagerSecretDetails_rotationLambdaArn :: Lens.Lens' AwsSecretsManagerSecretDetails (Prelude.Maybe Prelude.Text)
+awsSecretsManagerSecretDetails_rotationLambdaArn = Lens.lens (\AwsSecretsManagerSecretDetails' {rotationLambdaArn} -> rotationLambdaArn) (\s@AwsSecretsManagerSecretDetails' {} a -> s {rotationLambdaArn = a} :: AwsSecretsManagerSecretDetails)
+
+-- | Whether the rotation occurred within the specified rotation frequency.
+awsSecretsManagerSecretDetails_rotationOccurredWithinFrequency :: Lens.Lens' AwsSecretsManagerSecretDetails (Prelude.Maybe Prelude.Bool)
+awsSecretsManagerSecretDetails_rotationOccurredWithinFrequency = Lens.lens (\AwsSecretsManagerSecretDetails' {rotationOccurredWithinFrequency} -> rotationOccurredWithinFrequency) (\s@AwsSecretsManagerSecretDetails' {} a -> s {rotationOccurredWithinFrequency = a} :: AwsSecretsManagerSecretDetails)
+
+-- | Defines the rotation schedule for the secret.
+awsSecretsManagerSecretDetails_rotationRules :: Lens.Lens' AwsSecretsManagerSecretDetails (Prelude.Maybe AwsSecretsManagerSecretRotationRules)
+awsSecretsManagerSecretDetails_rotationRules = Lens.lens (\AwsSecretsManagerSecretDetails' {rotationRules} -> rotationRules) (\s@AwsSecretsManagerSecretDetails' {} a -> s {rotationRules = a} :: AwsSecretsManagerSecretDetails)
+
+instance Data.FromJSON AwsSecretsManagerSecretDetails where
+  parseJSON =
+    Data.withObject
+      "AwsSecretsManagerSecretDetails"
+      ( \x ->
+          AwsSecretsManagerSecretDetails'
+            Prelude.<$> (x Data..:? "Deleted")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "KmsKeyId")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "RotationEnabled")
+            Prelude.<*> (x Data..:? "RotationLambdaArn")
+            Prelude.<*> (x Data..:? "RotationOccurredWithinFrequency")
+            Prelude.<*> (x Data..:? "RotationRules")
+      )
+
+instance
+  Prelude.Hashable
+    AwsSecretsManagerSecretDetails
+  where
+  hashWithSalt
+    _salt
+    AwsSecretsManagerSecretDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` deleted
+        `Prelude.hashWithSalt` description
+        `Prelude.hashWithSalt` kmsKeyId
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` rotationEnabled
+        `Prelude.hashWithSalt` rotationLambdaArn
+        `Prelude.hashWithSalt` rotationOccurredWithinFrequency
+        `Prelude.hashWithSalt` rotationRules
+
+instance
+  Prelude.NFData
+    AwsSecretsManagerSecretDetails
+  where
+  rnf AwsSecretsManagerSecretDetails' {..} =
+    Prelude.rnf deleted
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf kmsKeyId
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf rotationEnabled
+      `Prelude.seq` Prelude.rnf rotationLambdaArn
+      `Prelude.seq` Prelude.rnf rotationOccurredWithinFrequency
+      `Prelude.seq` Prelude.rnf rotationRules
+
+instance Data.ToJSON AwsSecretsManagerSecretDetails where
+  toJSON AwsSecretsManagerSecretDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Deleted" Data..=) Prelude.<$> deleted,
+            ("Description" Data..=) Prelude.<$> description,
+            ("KmsKeyId" Data..=) Prelude.<$> kmsKeyId,
+            ("Name" Data..=) Prelude.<$> name,
+            ("RotationEnabled" Data..=)
+              Prelude.<$> rotationEnabled,
+            ("RotationLambdaArn" Data..=)
+              Prelude.<$> rotationLambdaArn,
+            ("RotationOccurredWithinFrequency" Data..=)
+              Prelude.<$> rotationOccurredWithinFrequency,
+            ("RotationRules" Data..=) Prelude.<$> rotationRules
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsSecretsManagerSecretRotationRules.hs b/gen/Amazonka/SecurityHub/Types/AwsSecretsManagerSecretRotationRules.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsSecretsManagerSecretRotationRules.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsSecretsManagerSecretRotationRules
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsSecretsManagerSecretRotationRules where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Defines the rotation schedule for the secret.
+--
+-- /See:/ 'newAwsSecretsManagerSecretRotationRules' smart constructor.
+data AwsSecretsManagerSecretRotationRules = AwsSecretsManagerSecretRotationRules'
+  { -- | The number of days after the previous rotation to rotate the secret.
+    automaticallyAfterDays :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsSecretsManagerSecretRotationRules' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'automaticallyAfterDays', 'awsSecretsManagerSecretRotationRules_automaticallyAfterDays' - The number of days after the previous rotation to rotate the secret.
+newAwsSecretsManagerSecretRotationRules ::
+  AwsSecretsManagerSecretRotationRules
+newAwsSecretsManagerSecretRotationRules =
+  AwsSecretsManagerSecretRotationRules'
+    { automaticallyAfterDays =
+        Prelude.Nothing
+    }
+
+-- | The number of days after the previous rotation to rotate the secret.
+awsSecretsManagerSecretRotationRules_automaticallyAfterDays :: Lens.Lens' AwsSecretsManagerSecretRotationRules (Prelude.Maybe Prelude.Int)
+awsSecretsManagerSecretRotationRules_automaticallyAfterDays = Lens.lens (\AwsSecretsManagerSecretRotationRules' {automaticallyAfterDays} -> automaticallyAfterDays) (\s@AwsSecretsManagerSecretRotationRules' {} a -> s {automaticallyAfterDays = a} :: AwsSecretsManagerSecretRotationRules)
+
+instance
+  Data.FromJSON
+    AwsSecretsManagerSecretRotationRules
+  where
+  parseJSON =
+    Data.withObject
+      "AwsSecretsManagerSecretRotationRules"
+      ( \x ->
+          AwsSecretsManagerSecretRotationRules'
+            Prelude.<$> (x Data..:? "AutomaticallyAfterDays")
+      )
+
+instance
+  Prelude.Hashable
+    AwsSecretsManagerSecretRotationRules
+  where
+  hashWithSalt
+    _salt
+    AwsSecretsManagerSecretRotationRules' {..} =
+      _salt `Prelude.hashWithSalt` automaticallyAfterDays
+
+instance
+  Prelude.NFData
+    AwsSecretsManagerSecretRotationRules
+  where
+  rnf AwsSecretsManagerSecretRotationRules' {..} =
+    Prelude.rnf automaticallyAfterDays
+
+instance
+  Data.ToJSON
+    AwsSecretsManagerSecretRotationRules
+  where
+  toJSON AwsSecretsManagerSecretRotationRules' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AutomaticallyAfterDays" Data..=)
+              Prelude.<$> automaticallyAfterDays
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsSecurityFinding.hs b/gen/Amazonka/SecurityHub/Types/AwsSecurityFinding.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsSecurityFinding.hs
@@ -0,0 +1,941 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsSecurityFinding
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsSecurityFinding where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.Action
+import Amazonka.SecurityHub.Types.Compliance
+import Amazonka.SecurityHub.Types.FindingProviderFields
+import Amazonka.SecurityHub.Types.Malware
+import Amazonka.SecurityHub.Types.Network
+import Amazonka.SecurityHub.Types.NetworkPathComponent
+import Amazonka.SecurityHub.Types.Note
+import Amazonka.SecurityHub.Types.PatchSummary
+import Amazonka.SecurityHub.Types.ProcessDetails
+import Amazonka.SecurityHub.Types.RecordState
+import Amazonka.SecurityHub.Types.RelatedFinding
+import Amazonka.SecurityHub.Types.Remediation
+import Amazonka.SecurityHub.Types.Resource
+import Amazonka.SecurityHub.Types.Severity
+import Amazonka.SecurityHub.Types.Threat
+import Amazonka.SecurityHub.Types.ThreatIntelIndicator
+import Amazonka.SecurityHub.Types.VerificationState
+import Amazonka.SecurityHub.Types.Vulnerability
+import Amazonka.SecurityHub.Types.Workflow
+import Amazonka.SecurityHub.Types.WorkflowState
+
+-- | Provides a consistent format for Security Hub findings.
+-- @AwsSecurityFinding@ format allows you to share findings between Amazon
+-- Web Services security services and third-party solutions.
+--
+-- A finding is a potential security issue generated either by Amazon Web
+-- Services services or by the integrated third-party solutions and
+-- standards checks.
+--
+-- /See:/ 'newAwsSecurityFinding' smart constructor.
+data AwsSecurityFinding = AwsSecurityFinding'
+  { -- | Provides details about an action that affects or that was taken on a
+    -- resource.
+    action :: Prelude.Maybe Action,
+    -- | The name of the company for the product that generated the finding.
+    --
+    -- Security Hub populates this attribute automatically for each finding.
+    -- You cannot update this attribute with @BatchImportFindings@ or
+    -- @BatchUpdateFindings@. The exception to this is a custom integration.
+    --
+    -- When you use the Security Hub console or API to filter findings by
+    -- company name, you use this attribute.
+    companyName :: Prelude.Maybe Prelude.Text,
+    -- | This data type is exclusive to findings that are generated as the result
+    -- of a check run against a specific rule in a supported security standard,
+    -- such as CIS Amazon Web Services Foundations. Contains security
+    -- standard-related finding details.
+    compliance :: Prelude.Maybe Compliance,
+    -- | A finding\'s confidence. Confidence is defined as the likelihood that a
+    -- finding accurately identifies the behavior or issue that it was intended
+    -- to identify.
+    --
+    -- Confidence is scored on a 0-100 basis using a ratio scale, where 0 means
+    -- zero percent confidence and 100 means 100 percent confidence.
+    confidence :: Prelude.Maybe Prelude.Int,
+    -- | The level of importance assigned to the resources associated with the
+    -- finding.
+    --
+    -- A score of 0 means that the underlying resources have no criticality,
+    -- and a score of 100 is reserved for the most critical resources.
+    criticality :: Prelude.Maybe Prelude.Int,
+    -- | In a @BatchImportFindings@ request, finding providers use
+    -- @FindingProviderFields@ to provide and update their own values for
+    -- confidence, criticality, related findings, severity, and types.
+    findingProviderFields :: Prelude.Maybe FindingProviderFields,
+    -- | Indicates when the security-findings provider first observed the
+    -- potential security issue that a finding captured.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    firstObservedAt :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the security-findings provider most recently observed the
+    -- potential security issue that a finding captured.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    lastObservedAt :: Prelude.Maybe Prelude.Text,
+    -- | A list of malware related to a finding.
+    malware :: Prelude.Maybe [Malware],
+    -- | The details of network-related information about a finding.
+    network :: Prelude.Maybe Network,
+    -- | Provides information about a network path that is relevant to a finding.
+    -- Each entry under @NetworkPath@ represents a component of that path.
+    networkPath :: Prelude.Maybe [NetworkPathComponent],
+    -- | A user-defined note added to a finding.
+    note :: Prelude.Maybe Note,
+    -- | Provides an overview of the patch compliance status for an instance
+    -- against a selected compliance standard.
+    patchSummary :: Prelude.Maybe PatchSummary,
+    -- | The details of process-related information about a finding.
+    process :: Prelude.Maybe ProcessDetails,
+    -- | A data type where security-findings providers can include additional
+    -- solution-specific details that aren\'t part of the defined
+    -- @AwsSecurityFinding@ format.
+    --
+    -- Can contain up to 50 key-value pairs. For each key-value pair, the key
+    -- can contain up to 128 characters, and the value can contain up to 2048
+    -- characters.
+    productFields :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The name of the product that generated the finding.
+    --
+    -- Security Hub populates this attribute automatically for each finding.
+    -- You cannot update this attribute with @BatchImportFindings@ or
+    -- @BatchUpdateFindings@. The exception to this is a custom integration.
+    --
+    -- When you use the Security Hub console or API to filter findings by
+    -- product name, you use this attribute.
+    productName :: Prelude.Maybe Prelude.Text,
+    -- | The record state of a finding.
+    recordState :: Prelude.Maybe RecordState,
+    -- | The Region from which the finding was generated.
+    --
+    -- Security Hub populates this attribute automatically for each finding.
+    -- You cannot update it using @BatchImportFindings@ or
+    -- @BatchUpdateFindings@.
+    region :: Prelude.Maybe Prelude.Text,
+    -- | A list of related findings.
+    relatedFindings :: Prelude.Maybe [RelatedFinding],
+    -- | A data type that describes the remediation options for a finding.
+    remediation :: Prelude.Maybe Remediation,
+    -- | Indicates whether the finding is a sample finding.
+    sample :: Prelude.Maybe Prelude.Bool,
+    -- | A finding\'s severity.
+    severity :: Prelude.Maybe Severity,
+    -- | A URL that links to a page about the current finding in the
+    -- security-findings provider\'s solution.
+    sourceUrl :: Prelude.Maybe Prelude.Text,
+    -- | Threat intelligence details related to a finding.
+    threatIntelIndicators :: Prelude.Maybe [ThreatIntelIndicator],
+    -- | Details about the threat detected in a security finding and the file
+    -- paths that were affected by the threat.
+    threats :: Prelude.Maybe [Threat],
+    -- | One or more finding types in the format of
+    -- @namespace\/category\/classifier@ that classify a finding.
+    --
+    -- Valid namespace values are: Software and Configuration Checks | TTPs |
+    -- Effects | Unusual Behaviors | Sensitive Data Identifications
+    types :: Prelude.Maybe [Prelude.Text],
+    -- | A list of name\/value string pairs associated with the finding. These
+    -- are custom, user-defined fields added to a finding.
+    userDefinedFields :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | Indicates the veracity of a finding.
+    verificationState :: Prelude.Maybe VerificationState,
+    -- | Provides a list of vulnerabilities associated with the findings.
+    vulnerabilities :: Prelude.Maybe [Vulnerability],
+    -- | Provides information about the status of the investigation into a
+    -- finding.
+    workflow :: Prelude.Maybe Workflow,
+    -- | The workflow state of a finding.
+    workflowState :: Prelude.Maybe WorkflowState,
+    -- | The schema version that a finding is formatted for.
+    schemaVersion :: Prelude.Text,
+    -- | The security findings provider-specific identifier for a finding.
+    id :: Prelude.Text,
+    -- | The ARN generated by Security Hub that uniquely identifies a product
+    -- that generates findings. This can be the ARN for a third-party product
+    -- that is integrated with Security Hub, or the ARN for a custom
+    -- integration.
+    productArn :: Prelude.Text,
+    -- | The identifier for the solution-specific component (a discrete unit of
+    -- logic) that generated a finding. In various security-findings
+    -- providers\' solutions, this generator can be called a rule, a check, a
+    -- detector, a plugin, etc.
+    generatorId :: Prelude.Text,
+    -- | The Amazon Web Services account ID that a finding is generated in.
+    awsAccountId :: Prelude.Text,
+    -- | Indicates when the security-findings provider created the potential
+    -- security issue that a finding captured.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    createdAt :: Prelude.Text,
+    -- | Indicates when the security-findings provider last updated the finding
+    -- record.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    updatedAt :: Prelude.Text,
+    -- | A finding\'s title.
+    --
+    -- In this release, @Title@ is a required property.
+    title :: Prelude.Text,
+    -- | A finding\'s description.
+    --
+    -- In this release, @Description@ is a required property.
+    description :: Prelude.Text,
+    -- | A set of resource data types that describe the resources that the
+    -- finding refers to.
+    resources :: [Resource]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsSecurityFinding' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'awsSecurityFinding_action' - Provides details about an action that affects or that was taken on a
+-- resource.
+--
+-- 'companyName', 'awsSecurityFinding_companyName' - The name of the company for the product that generated the finding.
+--
+-- Security Hub populates this attribute automatically for each finding.
+-- You cannot update this attribute with @BatchImportFindings@ or
+-- @BatchUpdateFindings@. The exception to this is a custom integration.
+--
+-- When you use the Security Hub console or API to filter findings by
+-- company name, you use this attribute.
+--
+-- 'compliance', 'awsSecurityFinding_compliance' - This data type is exclusive to findings that are generated as the result
+-- of a check run against a specific rule in a supported security standard,
+-- such as CIS Amazon Web Services Foundations. Contains security
+-- standard-related finding details.
+--
+-- 'confidence', 'awsSecurityFinding_confidence' - A finding\'s confidence. Confidence is defined as the likelihood that a
+-- finding accurately identifies the behavior or issue that it was intended
+-- to identify.
+--
+-- Confidence is scored on a 0-100 basis using a ratio scale, where 0 means
+-- zero percent confidence and 100 means 100 percent confidence.
+--
+-- 'criticality', 'awsSecurityFinding_criticality' - The level of importance assigned to the resources associated with the
+-- finding.
+--
+-- A score of 0 means that the underlying resources have no criticality,
+-- and a score of 100 is reserved for the most critical resources.
+--
+-- 'findingProviderFields', 'awsSecurityFinding_findingProviderFields' - In a @BatchImportFindings@ request, finding providers use
+-- @FindingProviderFields@ to provide and update their own values for
+-- confidence, criticality, related findings, severity, and types.
+--
+-- 'firstObservedAt', 'awsSecurityFinding_firstObservedAt' - Indicates when the security-findings provider first observed the
+-- potential security issue that a finding captured.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'lastObservedAt', 'awsSecurityFinding_lastObservedAt' - Indicates when the security-findings provider most recently observed the
+-- potential security issue that a finding captured.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'malware', 'awsSecurityFinding_malware' - A list of malware related to a finding.
+--
+-- 'network', 'awsSecurityFinding_network' - The details of network-related information about a finding.
+--
+-- 'networkPath', 'awsSecurityFinding_networkPath' - Provides information about a network path that is relevant to a finding.
+-- Each entry under @NetworkPath@ represents a component of that path.
+--
+-- 'note', 'awsSecurityFinding_note' - A user-defined note added to a finding.
+--
+-- 'patchSummary', 'awsSecurityFinding_patchSummary' - Provides an overview of the patch compliance status for an instance
+-- against a selected compliance standard.
+--
+-- 'process', 'awsSecurityFinding_process' - The details of process-related information about a finding.
+--
+-- 'productFields', 'awsSecurityFinding_productFields' - A data type where security-findings providers can include additional
+-- solution-specific details that aren\'t part of the defined
+-- @AwsSecurityFinding@ format.
+--
+-- Can contain up to 50 key-value pairs. For each key-value pair, the key
+-- can contain up to 128 characters, and the value can contain up to 2048
+-- characters.
+--
+-- 'productName', 'awsSecurityFinding_productName' - The name of the product that generated the finding.
+--
+-- Security Hub populates this attribute automatically for each finding.
+-- You cannot update this attribute with @BatchImportFindings@ or
+-- @BatchUpdateFindings@. The exception to this is a custom integration.
+--
+-- When you use the Security Hub console or API to filter findings by
+-- product name, you use this attribute.
+--
+-- 'recordState', 'awsSecurityFinding_recordState' - The record state of a finding.
+--
+-- 'region', 'awsSecurityFinding_region' - The Region from which the finding was generated.
+--
+-- Security Hub populates this attribute automatically for each finding.
+-- You cannot update it using @BatchImportFindings@ or
+-- @BatchUpdateFindings@.
+--
+-- 'relatedFindings', 'awsSecurityFinding_relatedFindings' - A list of related findings.
+--
+-- 'remediation', 'awsSecurityFinding_remediation' - A data type that describes the remediation options for a finding.
+--
+-- 'sample', 'awsSecurityFinding_sample' - Indicates whether the finding is a sample finding.
+--
+-- 'severity', 'awsSecurityFinding_severity' - A finding\'s severity.
+--
+-- 'sourceUrl', 'awsSecurityFinding_sourceUrl' - A URL that links to a page about the current finding in the
+-- security-findings provider\'s solution.
+--
+-- 'threatIntelIndicators', 'awsSecurityFinding_threatIntelIndicators' - Threat intelligence details related to a finding.
+--
+-- 'threats', 'awsSecurityFinding_threats' - Details about the threat detected in a security finding and the file
+-- paths that were affected by the threat.
+--
+-- 'types', 'awsSecurityFinding_types' - One or more finding types in the format of
+-- @namespace\/category\/classifier@ that classify a finding.
+--
+-- Valid namespace values are: Software and Configuration Checks | TTPs |
+-- Effects | Unusual Behaviors | Sensitive Data Identifications
+--
+-- 'userDefinedFields', 'awsSecurityFinding_userDefinedFields' - A list of name\/value string pairs associated with the finding. These
+-- are custom, user-defined fields added to a finding.
+--
+-- 'verificationState', 'awsSecurityFinding_verificationState' - Indicates the veracity of a finding.
+--
+-- 'vulnerabilities', 'awsSecurityFinding_vulnerabilities' - Provides a list of vulnerabilities associated with the findings.
+--
+-- 'workflow', 'awsSecurityFinding_workflow' - Provides information about the status of the investigation into a
+-- finding.
+--
+-- 'workflowState', 'awsSecurityFinding_workflowState' - The workflow state of a finding.
+--
+-- 'schemaVersion', 'awsSecurityFinding_schemaVersion' - The schema version that a finding is formatted for.
+--
+-- 'id', 'awsSecurityFinding_id' - The security findings provider-specific identifier for a finding.
+--
+-- 'productArn', 'awsSecurityFinding_productArn' - The ARN generated by Security Hub that uniquely identifies a product
+-- that generates findings. This can be the ARN for a third-party product
+-- that is integrated with Security Hub, or the ARN for a custom
+-- integration.
+--
+-- 'generatorId', 'awsSecurityFinding_generatorId' - The identifier for the solution-specific component (a discrete unit of
+-- logic) that generated a finding. In various security-findings
+-- providers\' solutions, this generator can be called a rule, a check, a
+-- detector, a plugin, etc.
+--
+-- 'awsAccountId', 'awsSecurityFinding_awsAccountId' - The Amazon Web Services account ID that a finding is generated in.
+--
+-- 'createdAt', 'awsSecurityFinding_createdAt' - Indicates when the security-findings provider created the potential
+-- security issue that a finding captured.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'updatedAt', 'awsSecurityFinding_updatedAt' - Indicates when the security-findings provider last updated the finding
+-- record.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'title', 'awsSecurityFinding_title' - A finding\'s title.
+--
+-- In this release, @Title@ is a required property.
+--
+-- 'description', 'awsSecurityFinding_description' - A finding\'s description.
+--
+-- In this release, @Description@ is a required property.
+--
+-- 'resources', 'awsSecurityFinding_resources' - A set of resource data types that describe the resources that the
+-- finding refers to.
+newAwsSecurityFinding ::
+  -- | 'schemaVersion'
+  Prelude.Text ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'productArn'
+  Prelude.Text ->
+  -- | 'generatorId'
+  Prelude.Text ->
+  -- | 'awsAccountId'
+  Prelude.Text ->
+  -- | 'createdAt'
+  Prelude.Text ->
+  -- | 'updatedAt'
+  Prelude.Text ->
+  -- | 'title'
+  Prelude.Text ->
+  -- | 'description'
+  Prelude.Text ->
+  AwsSecurityFinding
+newAwsSecurityFinding
+  pSchemaVersion_
+  pId_
+  pProductArn_
+  pGeneratorId_
+  pAwsAccountId_
+  pCreatedAt_
+  pUpdatedAt_
+  pTitle_
+  pDescription_ =
+    AwsSecurityFinding'
+      { action = Prelude.Nothing,
+        companyName = Prelude.Nothing,
+        compliance = Prelude.Nothing,
+        confidence = Prelude.Nothing,
+        criticality = Prelude.Nothing,
+        findingProviderFields = Prelude.Nothing,
+        firstObservedAt = Prelude.Nothing,
+        lastObservedAt = Prelude.Nothing,
+        malware = Prelude.Nothing,
+        network = Prelude.Nothing,
+        networkPath = Prelude.Nothing,
+        note = Prelude.Nothing,
+        patchSummary = Prelude.Nothing,
+        process = Prelude.Nothing,
+        productFields = Prelude.Nothing,
+        productName = Prelude.Nothing,
+        recordState = Prelude.Nothing,
+        region = Prelude.Nothing,
+        relatedFindings = Prelude.Nothing,
+        remediation = Prelude.Nothing,
+        sample = Prelude.Nothing,
+        severity = Prelude.Nothing,
+        sourceUrl = Prelude.Nothing,
+        threatIntelIndicators = Prelude.Nothing,
+        threats = Prelude.Nothing,
+        types = Prelude.Nothing,
+        userDefinedFields = Prelude.Nothing,
+        verificationState = Prelude.Nothing,
+        vulnerabilities = Prelude.Nothing,
+        workflow = Prelude.Nothing,
+        workflowState = Prelude.Nothing,
+        schemaVersion = pSchemaVersion_,
+        id = pId_,
+        productArn = pProductArn_,
+        generatorId = pGeneratorId_,
+        awsAccountId = pAwsAccountId_,
+        createdAt = pCreatedAt_,
+        updatedAt = pUpdatedAt_,
+        title = pTitle_,
+        description = pDescription_,
+        resources = Prelude.mempty
+      }
+
+-- | Provides details about an action that affects or that was taken on a
+-- resource.
+awsSecurityFinding_action :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Action)
+awsSecurityFinding_action = Lens.lens (\AwsSecurityFinding' {action} -> action) (\s@AwsSecurityFinding' {} a -> s {action = a} :: AwsSecurityFinding)
+
+-- | The name of the company for the product that generated the finding.
+--
+-- Security Hub populates this attribute automatically for each finding.
+-- You cannot update this attribute with @BatchImportFindings@ or
+-- @BatchUpdateFindings@. The exception to this is a custom integration.
+--
+-- When you use the Security Hub console or API to filter findings by
+-- company name, you use this attribute.
+awsSecurityFinding_companyName :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Prelude.Text)
+awsSecurityFinding_companyName = Lens.lens (\AwsSecurityFinding' {companyName} -> companyName) (\s@AwsSecurityFinding' {} a -> s {companyName = a} :: AwsSecurityFinding)
+
+-- | This data type is exclusive to findings that are generated as the result
+-- of a check run against a specific rule in a supported security standard,
+-- such as CIS Amazon Web Services Foundations. Contains security
+-- standard-related finding details.
+awsSecurityFinding_compliance :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Compliance)
+awsSecurityFinding_compliance = Lens.lens (\AwsSecurityFinding' {compliance} -> compliance) (\s@AwsSecurityFinding' {} a -> s {compliance = a} :: AwsSecurityFinding)
+
+-- | A finding\'s confidence. Confidence is defined as the likelihood that a
+-- finding accurately identifies the behavior or issue that it was intended
+-- to identify.
+--
+-- Confidence is scored on a 0-100 basis using a ratio scale, where 0 means
+-- zero percent confidence and 100 means 100 percent confidence.
+awsSecurityFinding_confidence :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Prelude.Int)
+awsSecurityFinding_confidence = Lens.lens (\AwsSecurityFinding' {confidence} -> confidence) (\s@AwsSecurityFinding' {} a -> s {confidence = a} :: AwsSecurityFinding)
+
+-- | The level of importance assigned to the resources associated with the
+-- finding.
+--
+-- A score of 0 means that the underlying resources have no criticality,
+-- and a score of 100 is reserved for the most critical resources.
+awsSecurityFinding_criticality :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Prelude.Int)
+awsSecurityFinding_criticality = Lens.lens (\AwsSecurityFinding' {criticality} -> criticality) (\s@AwsSecurityFinding' {} a -> s {criticality = a} :: AwsSecurityFinding)
+
+-- | In a @BatchImportFindings@ request, finding providers use
+-- @FindingProviderFields@ to provide and update their own values for
+-- confidence, criticality, related findings, severity, and types.
+awsSecurityFinding_findingProviderFields :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe FindingProviderFields)
+awsSecurityFinding_findingProviderFields = Lens.lens (\AwsSecurityFinding' {findingProviderFields} -> findingProviderFields) (\s@AwsSecurityFinding' {} a -> s {findingProviderFields = a} :: AwsSecurityFinding)
+
+-- | Indicates when the security-findings provider first observed the
+-- potential security issue that a finding captured.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsSecurityFinding_firstObservedAt :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Prelude.Text)
+awsSecurityFinding_firstObservedAt = Lens.lens (\AwsSecurityFinding' {firstObservedAt} -> firstObservedAt) (\s@AwsSecurityFinding' {} a -> s {firstObservedAt = a} :: AwsSecurityFinding)
+
+-- | Indicates when the security-findings provider most recently observed the
+-- potential security issue that a finding captured.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsSecurityFinding_lastObservedAt :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Prelude.Text)
+awsSecurityFinding_lastObservedAt = Lens.lens (\AwsSecurityFinding' {lastObservedAt} -> lastObservedAt) (\s@AwsSecurityFinding' {} a -> s {lastObservedAt = a} :: AwsSecurityFinding)
+
+-- | A list of malware related to a finding.
+awsSecurityFinding_malware :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe [Malware])
+awsSecurityFinding_malware = Lens.lens (\AwsSecurityFinding' {malware} -> malware) (\s@AwsSecurityFinding' {} a -> s {malware = a} :: AwsSecurityFinding) Prelude.. Lens.mapping Lens.coerced
+
+-- | The details of network-related information about a finding.
+awsSecurityFinding_network :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Network)
+awsSecurityFinding_network = Lens.lens (\AwsSecurityFinding' {network} -> network) (\s@AwsSecurityFinding' {} a -> s {network = a} :: AwsSecurityFinding)
+
+-- | Provides information about a network path that is relevant to a finding.
+-- Each entry under @NetworkPath@ represents a component of that path.
+awsSecurityFinding_networkPath :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe [NetworkPathComponent])
+awsSecurityFinding_networkPath = Lens.lens (\AwsSecurityFinding' {networkPath} -> networkPath) (\s@AwsSecurityFinding' {} a -> s {networkPath = a} :: AwsSecurityFinding) Prelude.. Lens.mapping Lens.coerced
+
+-- | A user-defined note added to a finding.
+awsSecurityFinding_note :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Note)
+awsSecurityFinding_note = Lens.lens (\AwsSecurityFinding' {note} -> note) (\s@AwsSecurityFinding' {} a -> s {note = a} :: AwsSecurityFinding)
+
+-- | Provides an overview of the patch compliance status for an instance
+-- against a selected compliance standard.
+awsSecurityFinding_patchSummary :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe PatchSummary)
+awsSecurityFinding_patchSummary = Lens.lens (\AwsSecurityFinding' {patchSummary} -> patchSummary) (\s@AwsSecurityFinding' {} a -> s {patchSummary = a} :: AwsSecurityFinding)
+
+-- | The details of process-related information about a finding.
+awsSecurityFinding_process :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe ProcessDetails)
+awsSecurityFinding_process = Lens.lens (\AwsSecurityFinding' {process} -> process) (\s@AwsSecurityFinding' {} a -> s {process = a} :: AwsSecurityFinding)
+
+-- | A data type where security-findings providers can include additional
+-- solution-specific details that aren\'t part of the defined
+-- @AwsSecurityFinding@ format.
+--
+-- Can contain up to 50 key-value pairs. For each key-value pair, the key
+-- can contain up to 128 characters, and the value can contain up to 2048
+-- characters.
+awsSecurityFinding_productFields :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsSecurityFinding_productFields = Lens.lens (\AwsSecurityFinding' {productFields} -> productFields) (\s@AwsSecurityFinding' {} a -> s {productFields = a} :: AwsSecurityFinding) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the product that generated the finding.
+--
+-- Security Hub populates this attribute automatically for each finding.
+-- You cannot update this attribute with @BatchImportFindings@ or
+-- @BatchUpdateFindings@. The exception to this is a custom integration.
+--
+-- When you use the Security Hub console or API to filter findings by
+-- product name, you use this attribute.
+awsSecurityFinding_productName :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Prelude.Text)
+awsSecurityFinding_productName = Lens.lens (\AwsSecurityFinding' {productName} -> productName) (\s@AwsSecurityFinding' {} a -> s {productName = a} :: AwsSecurityFinding)
+
+-- | The record state of a finding.
+awsSecurityFinding_recordState :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe RecordState)
+awsSecurityFinding_recordState = Lens.lens (\AwsSecurityFinding' {recordState} -> recordState) (\s@AwsSecurityFinding' {} a -> s {recordState = a} :: AwsSecurityFinding)
+
+-- | The Region from which the finding was generated.
+--
+-- Security Hub populates this attribute automatically for each finding.
+-- You cannot update it using @BatchImportFindings@ or
+-- @BatchUpdateFindings@.
+awsSecurityFinding_region :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Prelude.Text)
+awsSecurityFinding_region = Lens.lens (\AwsSecurityFinding' {region} -> region) (\s@AwsSecurityFinding' {} a -> s {region = a} :: AwsSecurityFinding)
+
+-- | A list of related findings.
+awsSecurityFinding_relatedFindings :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe [RelatedFinding])
+awsSecurityFinding_relatedFindings = Lens.lens (\AwsSecurityFinding' {relatedFindings} -> relatedFindings) (\s@AwsSecurityFinding' {} a -> s {relatedFindings = a} :: AwsSecurityFinding) Prelude.. Lens.mapping Lens.coerced
+
+-- | A data type that describes the remediation options for a finding.
+awsSecurityFinding_remediation :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Remediation)
+awsSecurityFinding_remediation = Lens.lens (\AwsSecurityFinding' {remediation} -> remediation) (\s@AwsSecurityFinding' {} a -> s {remediation = a} :: AwsSecurityFinding)
+
+-- | Indicates whether the finding is a sample finding.
+awsSecurityFinding_sample :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Prelude.Bool)
+awsSecurityFinding_sample = Lens.lens (\AwsSecurityFinding' {sample} -> sample) (\s@AwsSecurityFinding' {} a -> s {sample = a} :: AwsSecurityFinding)
+
+-- | A finding\'s severity.
+awsSecurityFinding_severity :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Severity)
+awsSecurityFinding_severity = Lens.lens (\AwsSecurityFinding' {severity} -> severity) (\s@AwsSecurityFinding' {} a -> s {severity = a} :: AwsSecurityFinding)
+
+-- | A URL that links to a page about the current finding in the
+-- security-findings provider\'s solution.
+awsSecurityFinding_sourceUrl :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Prelude.Text)
+awsSecurityFinding_sourceUrl = Lens.lens (\AwsSecurityFinding' {sourceUrl} -> sourceUrl) (\s@AwsSecurityFinding' {} a -> s {sourceUrl = a} :: AwsSecurityFinding)
+
+-- | Threat intelligence details related to a finding.
+awsSecurityFinding_threatIntelIndicators :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe [ThreatIntelIndicator])
+awsSecurityFinding_threatIntelIndicators = Lens.lens (\AwsSecurityFinding' {threatIntelIndicators} -> threatIntelIndicators) (\s@AwsSecurityFinding' {} a -> s {threatIntelIndicators = a} :: AwsSecurityFinding) Prelude.. Lens.mapping Lens.coerced
+
+-- | Details about the threat detected in a security finding and the file
+-- paths that were affected by the threat.
+awsSecurityFinding_threats :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe [Threat])
+awsSecurityFinding_threats = Lens.lens (\AwsSecurityFinding' {threats} -> threats) (\s@AwsSecurityFinding' {} a -> s {threats = a} :: AwsSecurityFinding) Prelude.. Lens.mapping Lens.coerced
+
+-- | One or more finding types in the format of
+-- @namespace\/category\/classifier@ that classify a finding.
+--
+-- Valid namespace values are: Software and Configuration Checks | TTPs |
+-- Effects | Unusual Behaviors | Sensitive Data Identifications
+awsSecurityFinding_types :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe [Prelude.Text])
+awsSecurityFinding_types = Lens.lens (\AwsSecurityFinding' {types} -> types) (\s@AwsSecurityFinding' {} a -> s {types = a} :: AwsSecurityFinding) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of name\/value string pairs associated with the finding. These
+-- are custom, user-defined fields added to a finding.
+awsSecurityFinding_userDefinedFields :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsSecurityFinding_userDefinedFields = Lens.lens (\AwsSecurityFinding' {userDefinedFields} -> userDefinedFields) (\s@AwsSecurityFinding' {} a -> s {userDefinedFields = a} :: AwsSecurityFinding) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates the veracity of a finding.
+awsSecurityFinding_verificationState :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe VerificationState)
+awsSecurityFinding_verificationState = Lens.lens (\AwsSecurityFinding' {verificationState} -> verificationState) (\s@AwsSecurityFinding' {} a -> s {verificationState = a} :: AwsSecurityFinding)
+
+-- | Provides a list of vulnerabilities associated with the findings.
+awsSecurityFinding_vulnerabilities :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe [Vulnerability])
+awsSecurityFinding_vulnerabilities = Lens.lens (\AwsSecurityFinding' {vulnerabilities} -> vulnerabilities) (\s@AwsSecurityFinding' {} a -> s {vulnerabilities = a} :: AwsSecurityFinding) Prelude.. Lens.mapping Lens.coerced
+
+-- | Provides information about the status of the investigation into a
+-- finding.
+awsSecurityFinding_workflow :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe Workflow)
+awsSecurityFinding_workflow = Lens.lens (\AwsSecurityFinding' {workflow} -> workflow) (\s@AwsSecurityFinding' {} a -> s {workflow = a} :: AwsSecurityFinding)
+
+-- | The workflow state of a finding.
+awsSecurityFinding_workflowState :: Lens.Lens' AwsSecurityFinding (Prelude.Maybe WorkflowState)
+awsSecurityFinding_workflowState = Lens.lens (\AwsSecurityFinding' {workflowState} -> workflowState) (\s@AwsSecurityFinding' {} a -> s {workflowState = a} :: AwsSecurityFinding)
+
+-- | The schema version that a finding is formatted for.
+awsSecurityFinding_schemaVersion :: Lens.Lens' AwsSecurityFinding Prelude.Text
+awsSecurityFinding_schemaVersion = Lens.lens (\AwsSecurityFinding' {schemaVersion} -> schemaVersion) (\s@AwsSecurityFinding' {} a -> s {schemaVersion = a} :: AwsSecurityFinding)
+
+-- | The security findings provider-specific identifier for a finding.
+awsSecurityFinding_id :: Lens.Lens' AwsSecurityFinding Prelude.Text
+awsSecurityFinding_id = Lens.lens (\AwsSecurityFinding' {id} -> id) (\s@AwsSecurityFinding' {} a -> s {id = a} :: AwsSecurityFinding)
+
+-- | The ARN generated by Security Hub that uniquely identifies a product
+-- that generates findings. This can be the ARN for a third-party product
+-- that is integrated with Security Hub, or the ARN for a custom
+-- integration.
+awsSecurityFinding_productArn :: Lens.Lens' AwsSecurityFinding Prelude.Text
+awsSecurityFinding_productArn = Lens.lens (\AwsSecurityFinding' {productArn} -> productArn) (\s@AwsSecurityFinding' {} a -> s {productArn = a} :: AwsSecurityFinding)
+
+-- | The identifier for the solution-specific component (a discrete unit of
+-- logic) that generated a finding. In various security-findings
+-- providers\' solutions, this generator can be called a rule, a check, a
+-- detector, a plugin, etc.
+awsSecurityFinding_generatorId :: Lens.Lens' AwsSecurityFinding Prelude.Text
+awsSecurityFinding_generatorId = Lens.lens (\AwsSecurityFinding' {generatorId} -> generatorId) (\s@AwsSecurityFinding' {} a -> s {generatorId = a} :: AwsSecurityFinding)
+
+-- | The Amazon Web Services account ID that a finding is generated in.
+awsSecurityFinding_awsAccountId :: Lens.Lens' AwsSecurityFinding Prelude.Text
+awsSecurityFinding_awsAccountId = Lens.lens (\AwsSecurityFinding' {awsAccountId} -> awsAccountId) (\s@AwsSecurityFinding' {} a -> s {awsAccountId = a} :: AwsSecurityFinding)
+
+-- | Indicates when the security-findings provider created the potential
+-- security issue that a finding captured.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsSecurityFinding_createdAt :: Lens.Lens' AwsSecurityFinding Prelude.Text
+awsSecurityFinding_createdAt = Lens.lens (\AwsSecurityFinding' {createdAt} -> createdAt) (\s@AwsSecurityFinding' {} a -> s {createdAt = a} :: AwsSecurityFinding)
+
+-- | Indicates when the security-findings provider last updated the finding
+-- record.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+awsSecurityFinding_updatedAt :: Lens.Lens' AwsSecurityFinding Prelude.Text
+awsSecurityFinding_updatedAt = Lens.lens (\AwsSecurityFinding' {updatedAt} -> updatedAt) (\s@AwsSecurityFinding' {} a -> s {updatedAt = a} :: AwsSecurityFinding)
+
+-- | A finding\'s title.
+--
+-- In this release, @Title@ is a required property.
+awsSecurityFinding_title :: Lens.Lens' AwsSecurityFinding Prelude.Text
+awsSecurityFinding_title = Lens.lens (\AwsSecurityFinding' {title} -> title) (\s@AwsSecurityFinding' {} a -> s {title = a} :: AwsSecurityFinding)
+
+-- | A finding\'s description.
+--
+-- In this release, @Description@ is a required property.
+awsSecurityFinding_description :: Lens.Lens' AwsSecurityFinding Prelude.Text
+awsSecurityFinding_description = Lens.lens (\AwsSecurityFinding' {description} -> description) (\s@AwsSecurityFinding' {} a -> s {description = a} :: AwsSecurityFinding)
+
+-- | A set of resource data types that describe the resources that the
+-- finding refers to.
+awsSecurityFinding_resources :: Lens.Lens' AwsSecurityFinding [Resource]
+awsSecurityFinding_resources = Lens.lens (\AwsSecurityFinding' {resources} -> resources) (\s@AwsSecurityFinding' {} a -> s {resources = a} :: AwsSecurityFinding) Prelude.. Lens.coerced
+
+instance Data.FromJSON AwsSecurityFinding where
+  parseJSON =
+    Data.withObject
+      "AwsSecurityFinding"
+      ( \x ->
+          AwsSecurityFinding'
+            Prelude.<$> (x Data..:? "Action")
+            Prelude.<*> (x Data..:? "CompanyName")
+            Prelude.<*> (x Data..:? "Compliance")
+            Prelude.<*> (x Data..:? "Confidence")
+            Prelude.<*> (x Data..:? "Criticality")
+            Prelude.<*> (x Data..:? "FindingProviderFields")
+            Prelude.<*> (x Data..:? "FirstObservedAt")
+            Prelude.<*> (x Data..:? "LastObservedAt")
+            Prelude.<*> (x Data..:? "Malware" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Network")
+            Prelude.<*> (x Data..:? "NetworkPath" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Note")
+            Prelude.<*> (x Data..:? "PatchSummary")
+            Prelude.<*> (x Data..:? "Process")
+            Prelude.<*> (x Data..:? "ProductFields" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "ProductName")
+            Prelude.<*> (x Data..:? "RecordState")
+            Prelude.<*> (x Data..:? "Region")
+            Prelude.<*> ( x
+                            Data..:? "RelatedFindings"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Remediation")
+            Prelude.<*> (x Data..:? "Sample")
+            Prelude.<*> (x Data..:? "Severity")
+            Prelude.<*> (x Data..:? "SourceUrl")
+            Prelude.<*> ( x
+                            Data..:? "ThreatIntelIndicators"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Threats" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Types" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "UserDefinedFields"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "VerificationState")
+            Prelude.<*> ( x
+                            Data..:? "Vulnerabilities"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Workflow")
+            Prelude.<*> (x Data..:? "WorkflowState")
+            Prelude.<*> (x Data..: "SchemaVersion")
+            Prelude.<*> (x Data..: "Id")
+            Prelude.<*> (x Data..: "ProductArn")
+            Prelude.<*> (x Data..: "GeneratorId")
+            Prelude.<*> (x Data..: "AwsAccountId")
+            Prelude.<*> (x Data..: "CreatedAt")
+            Prelude.<*> (x Data..: "UpdatedAt")
+            Prelude.<*> (x Data..: "Title")
+            Prelude.<*> (x Data..: "Description")
+            Prelude.<*> (x Data..:? "Resources" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable AwsSecurityFinding where
+  hashWithSalt _salt AwsSecurityFinding' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` companyName
+      `Prelude.hashWithSalt` compliance
+      `Prelude.hashWithSalt` confidence
+      `Prelude.hashWithSalt` criticality
+      `Prelude.hashWithSalt` findingProviderFields
+      `Prelude.hashWithSalt` firstObservedAt
+      `Prelude.hashWithSalt` lastObservedAt
+      `Prelude.hashWithSalt` malware
+      `Prelude.hashWithSalt` network
+      `Prelude.hashWithSalt` networkPath
+      `Prelude.hashWithSalt` note
+      `Prelude.hashWithSalt` patchSummary
+      `Prelude.hashWithSalt` process
+      `Prelude.hashWithSalt` productFields
+      `Prelude.hashWithSalt` productName
+      `Prelude.hashWithSalt` recordState
+      `Prelude.hashWithSalt` region
+      `Prelude.hashWithSalt` relatedFindings
+      `Prelude.hashWithSalt` remediation
+      `Prelude.hashWithSalt` sample
+      `Prelude.hashWithSalt` severity
+      `Prelude.hashWithSalt` sourceUrl
+      `Prelude.hashWithSalt` threatIntelIndicators
+      `Prelude.hashWithSalt` threats
+      `Prelude.hashWithSalt` types
+      `Prelude.hashWithSalt` userDefinedFields
+      `Prelude.hashWithSalt` verificationState
+      `Prelude.hashWithSalt` vulnerabilities
+      `Prelude.hashWithSalt` workflow
+      `Prelude.hashWithSalt` workflowState
+      `Prelude.hashWithSalt` schemaVersion
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` productArn
+      `Prelude.hashWithSalt` generatorId
+      `Prelude.hashWithSalt` awsAccountId
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` updatedAt
+      `Prelude.hashWithSalt` title
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` resources
+
+instance Prelude.NFData AwsSecurityFinding where
+  rnf AwsSecurityFinding' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf companyName
+      `Prelude.seq` Prelude.rnf compliance
+      `Prelude.seq` Prelude.rnf confidence
+      `Prelude.seq` Prelude.rnf criticality
+      `Prelude.seq` Prelude.rnf findingProviderFields
+      `Prelude.seq` Prelude.rnf firstObservedAt
+      `Prelude.seq` Prelude.rnf lastObservedAt
+      `Prelude.seq` Prelude.rnf malware
+      `Prelude.seq` Prelude.rnf network
+      `Prelude.seq` Prelude.rnf networkPath
+      `Prelude.seq` Prelude.rnf note
+      `Prelude.seq` Prelude.rnf patchSummary
+      `Prelude.seq` Prelude.rnf process
+      `Prelude.seq` Prelude.rnf productFields
+      `Prelude.seq` Prelude.rnf productName
+      `Prelude.seq` Prelude.rnf recordState
+      `Prelude.seq` Prelude.rnf region
+      `Prelude.seq` Prelude.rnf relatedFindings
+      `Prelude.seq` Prelude.rnf remediation
+      `Prelude.seq` Prelude.rnf sample
+      `Prelude.seq` Prelude.rnf severity
+      `Prelude.seq` Prelude.rnf sourceUrl
+      `Prelude.seq` Prelude.rnf
+        threatIntelIndicators
+      `Prelude.seq` Prelude.rnf threats
+      `Prelude.seq` Prelude.rnf types
+      `Prelude.seq` Prelude.rnf
+        userDefinedFields
+      `Prelude.seq` Prelude.rnf
+        verificationState
+      `Prelude.seq` Prelude.rnf
+        vulnerabilities
+      `Prelude.seq` Prelude.rnf
+        workflow
+      `Prelude.seq` Prelude.rnf
+        workflowState
+      `Prelude.seq` Prelude.rnf
+        schemaVersion
+      `Prelude.seq` Prelude.rnf
+        id
+      `Prelude.seq` Prelude.rnf
+        productArn
+      `Prelude.seq` Prelude.rnf
+        generatorId
+      `Prelude.seq` Prelude.rnf
+        awsAccountId
+      `Prelude.seq` Prelude.rnf
+        createdAt
+      `Prelude.seq` Prelude.rnf
+        updatedAt
+      `Prelude.seq` Prelude.rnf
+        title
+      `Prelude.seq` Prelude.rnf
+        description
+      `Prelude.seq` Prelude.rnf
+        resources
+
+instance Data.ToJSON AwsSecurityFinding where
+  toJSON AwsSecurityFinding' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Action" Data..=) Prelude.<$> action,
+            ("CompanyName" Data..=) Prelude.<$> companyName,
+            ("Compliance" Data..=) Prelude.<$> compliance,
+            ("Confidence" Data..=) Prelude.<$> confidence,
+            ("Criticality" Data..=) Prelude.<$> criticality,
+            ("FindingProviderFields" Data..=)
+              Prelude.<$> findingProviderFields,
+            ("FirstObservedAt" Data..=)
+              Prelude.<$> firstObservedAt,
+            ("LastObservedAt" Data..=)
+              Prelude.<$> lastObservedAt,
+            ("Malware" Data..=) Prelude.<$> malware,
+            ("Network" Data..=) Prelude.<$> network,
+            ("NetworkPath" Data..=) Prelude.<$> networkPath,
+            ("Note" Data..=) Prelude.<$> note,
+            ("PatchSummary" Data..=) Prelude.<$> patchSummary,
+            ("Process" Data..=) Prelude.<$> process,
+            ("ProductFields" Data..=) Prelude.<$> productFields,
+            ("ProductName" Data..=) Prelude.<$> productName,
+            ("RecordState" Data..=) Prelude.<$> recordState,
+            ("Region" Data..=) Prelude.<$> region,
+            ("RelatedFindings" Data..=)
+              Prelude.<$> relatedFindings,
+            ("Remediation" Data..=) Prelude.<$> remediation,
+            ("Sample" Data..=) Prelude.<$> sample,
+            ("Severity" Data..=) Prelude.<$> severity,
+            ("SourceUrl" Data..=) Prelude.<$> sourceUrl,
+            ("ThreatIntelIndicators" Data..=)
+              Prelude.<$> threatIntelIndicators,
+            ("Threats" Data..=) Prelude.<$> threats,
+            ("Types" Data..=) Prelude.<$> types,
+            ("UserDefinedFields" Data..=)
+              Prelude.<$> userDefinedFields,
+            ("VerificationState" Data..=)
+              Prelude.<$> verificationState,
+            ("Vulnerabilities" Data..=)
+              Prelude.<$> vulnerabilities,
+            ("Workflow" Data..=) Prelude.<$> workflow,
+            ("WorkflowState" Data..=) Prelude.<$> workflowState,
+            Prelude.Just ("SchemaVersion" Data..= schemaVersion),
+            Prelude.Just ("Id" Data..= id),
+            Prelude.Just ("ProductArn" Data..= productArn),
+            Prelude.Just ("GeneratorId" Data..= generatorId),
+            Prelude.Just ("AwsAccountId" Data..= awsAccountId),
+            Prelude.Just ("CreatedAt" Data..= createdAt),
+            Prelude.Just ("UpdatedAt" Data..= updatedAt),
+            Prelude.Just ("Title" Data..= title),
+            Prelude.Just ("Description" Data..= description),
+            Prelude.Just ("Resources" Data..= resources)
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsSecurityFindingFilters.hs b/gen/Amazonka/SecurityHub/Types/AwsSecurityFindingFilters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsSecurityFindingFilters.hs
@@ -0,0 +1,1951 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsSecurityFindingFilters
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsSecurityFindingFilters where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.BooleanFilter
+import Amazonka.SecurityHub.Types.DateFilter
+import Amazonka.SecurityHub.Types.IpFilter
+import Amazonka.SecurityHub.Types.KeywordFilter
+import Amazonka.SecurityHub.Types.MapFilter
+import Amazonka.SecurityHub.Types.NumberFilter
+import Amazonka.SecurityHub.Types.StringFilter
+
+-- | A collection of attributes that are applied to all active Security
+-- Hub-aggregated findings and that result in a subset of findings that are
+-- included in this insight.
+--
+-- You can filter by up to 10 finding attributes. For each attribute, you
+-- can provide up to 20 filter values.
+--
+-- /See:/ 'newAwsSecurityFindingFilters' smart constructor.
+data AwsSecurityFindingFilters = AwsSecurityFindingFilters'
+  { -- | The Amazon Web Services account ID that a finding is generated in.
+    awsAccountId :: Prelude.Maybe [StringFilter],
+    -- | The name of the findings provider (company) that owns the solution
+    -- (product) that generates findings.
+    companyName :: Prelude.Maybe [StringFilter],
+    -- | Exclusive to findings that are generated as the result of a check run
+    -- against a specific rule in a supported standard, such as CIS Amazon Web
+    -- Services Foundations. Contains security standard-related finding
+    -- details.
+    complianceStatus :: Prelude.Maybe [StringFilter],
+    -- | A finding\'s confidence. Confidence is defined as the likelihood that a
+    -- finding accurately identifies the behavior or issue that it was intended
+    -- to identify.
+    --
+    -- Confidence is scored on a 0-100 basis using a ratio scale, where 0 means
+    -- zero percent confidence and 100 means 100 percent confidence.
+    confidence :: Prelude.Maybe [NumberFilter],
+    -- | An ISO8601-formatted timestamp that indicates when the security-findings
+    -- provider captured the potential security issue that a finding captured.
+    createdAt :: Prelude.Maybe [DateFilter],
+    -- | The level of importance assigned to the resources associated with the
+    -- finding.
+    --
+    -- A score of 0 means that the underlying resources have no criticality,
+    -- and a score of 100 is reserved for the most critical resources.
+    criticality :: Prelude.Maybe [NumberFilter],
+    -- | A finding\'s description.
+    description :: Prelude.Maybe [StringFilter],
+    -- | The finding provider value for the finding confidence. Confidence is
+    -- defined as the likelihood that a finding accurately identifies the
+    -- behavior or issue that it was intended to identify.
+    --
+    -- Confidence is scored on a 0-100 basis using a ratio scale, where 0 means
+    -- zero percent confidence and 100 means 100 percent confidence.
+    findingProviderFieldsConfidence :: Prelude.Maybe [NumberFilter],
+    -- | The finding provider value for the level of importance assigned to the
+    -- resources associated with the findings.
+    --
+    -- A score of 0 means that the underlying resources have no criticality,
+    -- and a score of 100 is reserved for the most critical resources.
+    findingProviderFieldsCriticality :: Prelude.Maybe [NumberFilter],
+    -- | The finding identifier of a related finding that is identified by the
+    -- finding provider.
+    findingProviderFieldsRelatedFindingsId :: Prelude.Maybe [StringFilter],
+    -- | The ARN of the solution that generated a related finding that is
+    -- identified by the finding provider.
+    findingProviderFieldsRelatedFindingsProductArn :: Prelude.Maybe [StringFilter],
+    -- | The finding provider value for the severity label.
+    findingProviderFieldsSeverityLabel :: Prelude.Maybe [StringFilter],
+    -- | The finding provider\'s original value for the severity.
+    findingProviderFieldsSeverityOriginal :: Prelude.Maybe [StringFilter],
+    -- | One or more finding types that the finding provider assigned to the
+    -- finding. Uses the format of @namespace\/category\/classifier@ that
+    -- classify a finding.
+    --
+    -- Valid namespace values are: Software and Configuration Checks | TTPs |
+    -- Effects | Unusual Behaviors | Sensitive Data Identifications
+    findingProviderFieldsTypes :: Prelude.Maybe [StringFilter],
+    -- | An ISO8601-formatted timestamp that indicates when the security-findings
+    -- provider first observed the potential security issue that a finding
+    -- captured.
+    firstObservedAt :: Prelude.Maybe [DateFilter],
+    -- | The identifier for the solution-specific component (a discrete unit of
+    -- logic) that generated a finding. In various security-findings
+    -- providers\' solutions, this generator can be called a rule, a check, a
+    -- detector, a plugin, etc.
+    generatorId :: Prelude.Maybe [StringFilter],
+    -- | The security findings provider-specific identifier for a finding.
+    id :: Prelude.Maybe [StringFilter],
+    -- | A keyword for a finding.
+    keyword :: Prelude.Maybe [KeywordFilter],
+    -- | An ISO8601-formatted timestamp that indicates when the security-findings
+    -- provider most recently observed the potential security issue that a
+    -- finding captured.
+    lastObservedAt :: Prelude.Maybe [DateFilter],
+    -- | The name of the malware that was observed.
+    malwareName :: Prelude.Maybe [StringFilter],
+    -- | The filesystem path of the malware that was observed.
+    malwarePath :: Prelude.Maybe [StringFilter],
+    -- | The state of the malware that was observed.
+    malwareState :: Prelude.Maybe [StringFilter],
+    -- | The type of the malware that was observed.
+    malwareType :: Prelude.Maybe [StringFilter],
+    -- | The destination domain of network-related information about a finding.
+    networkDestinationDomain :: Prelude.Maybe [StringFilter],
+    -- | The destination IPv4 address of network-related information about a
+    -- finding.
+    networkDestinationIpV4 :: Prelude.Maybe [IpFilter],
+    -- | The destination IPv6 address of network-related information about a
+    -- finding.
+    networkDestinationIpV6 :: Prelude.Maybe [IpFilter],
+    -- | The destination port of network-related information about a finding.
+    networkDestinationPort :: Prelude.Maybe [NumberFilter],
+    -- | Indicates the direction of network traffic associated with a finding.
+    networkDirection :: Prelude.Maybe [StringFilter],
+    -- | The protocol of network-related information about a finding.
+    networkProtocol :: Prelude.Maybe [StringFilter],
+    -- | The source domain of network-related information about a finding.
+    networkSourceDomain :: Prelude.Maybe [StringFilter],
+    -- | The source IPv4 address of network-related information about a finding.
+    networkSourceIpV4 :: Prelude.Maybe [IpFilter],
+    -- | The source IPv6 address of network-related information about a finding.
+    networkSourceIpV6 :: Prelude.Maybe [IpFilter],
+    -- | The source media access control (MAC) address of network-related
+    -- information about a finding.
+    networkSourceMac :: Prelude.Maybe [StringFilter],
+    -- | The source port of network-related information about a finding.
+    networkSourcePort :: Prelude.Maybe [NumberFilter],
+    -- | The text of a note.
+    noteText :: Prelude.Maybe [StringFilter],
+    -- | The timestamp of when the note was updated.
+    noteUpdatedAt :: Prelude.Maybe [DateFilter],
+    -- | The principal that created a note.
+    noteUpdatedBy :: Prelude.Maybe [StringFilter],
+    -- | The date\/time that the process was launched.
+    processLaunchedAt :: Prelude.Maybe [DateFilter],
+    -- | The name of the process.
+    processName :: Prelude.Maybe [StringFilter],
+    -- | The parent process ID.
+    processParentPid :: Prelude.Maybe [NumberFilter],
+    -- | The path to the process executable.
+    processPath :: Prelude.Maybe [StringFilter],
+    -- | The process ID.
+    processPid :: Prelude.Maybe [NumberFilter],
+    -- | The date\/time that the process was terminated.
+    processTerminatedAt :: Prelude.Maybe [DateFilter],
+    -- | The ARN generated by Security Hub that uniquely identifies a third-party
+    -- company (security findings provider) after this provider\'s product
+    -- (solution that generates findings) is registered with Security Hub.
+    productArn :: Prelude.Maybe [StringFilter],
+    -- | A data type where security-findings providers can include additional
+    -- solution-specific details that aren\'t part of the defined
+    -- @AwsSecurityFinding@ format.
+    productFields :: Prelude.Maybe [MapFilter],
+    -- | The name of the solution (product) that generates findings.
+    productName :: Prelude.Maybe [StringFilter],
+    -- | The recommendation of what to do about the issue described in a finding.
+    recommendationText :: Prelude.Maybe [StringFilter],
+    -- | The updated record state for the finding.
+    recordState :: Prelude.Maybe [StringFilter],
+    -- | The Region from which the finding was generated.
+    region :: Prelude.Maybe [StringFilter],
+    -- | The solution-generated identifier for a related finding.
+    relatedFindingsId :: Prelude.Maybe [StringFilter],
+    -- | The ARN of the solution that generated a related finding.
+    relatedFindingsProductArn :: Prelude.Maybe [StringFilter],
+    -- | The IAM profile ARN of the instance.
+    resourceAwsEc2InstanceIamInstanceProfileArn :: Prelude.Maybe [StringFilter],
+    -- | The Amazon Machine Image (AMI) ID of the instance.
+    resourceAwsEc2InstanceImageId :: Prelude.Maybe [StringFilter],
+    -- | The IPv4 addresses associated with the instance.
+    resourceAwsEc2InstanceIpV4Addresses :: Prelude.Maybe [IpFilter],
+    -- | The IPv6 addresses associated with the instance.
+    resourceAwsEc2InstanceIpV6Addresses :: Prelude.Maybe [IpFilter],
+    -- | The key name associated with the instance.
+    resourceAwsEc2InstanceKeyName :: Prelude.Maybe [StringFilter],
+    -- | The date and time the instance was launched.
+    resourceAwsEc2InstanceLaunchedAt :: Prelude.Maybe [DateFilter],
+    -- | The identifier of the subnet that the instance was launched in.
+    resourceAwsEc2InstanceSubnetId :: Prelude.Maybe [StringFilter],
+    -- | The instance type of the instance.
+    resourceAwsEc2InstanceType :: Prelude.Maybe [StringFilter],
+    -- | The identifier of the VPC that the instance was launched in.
+    resourceAwsEc2InstanceVpcId :: Prelude.Maybe [StringFilter],
+    -- | The creation date\/time of the IAM access key related to a finding.
+    resourceAwsIamAccessKeyCreatedAt :: Prelude.Maybe [DateFilter],
+    -- | The name of the principal that is associated with an IAM access key.
+    resourceAwsIamAccessKeyPrincipalName :: Prelude.Maybe [StringFilter],
+    -- | The status of the IAM access key related to a finding.
+    resourceAwsIamAccessKeyStatus :: Prelude.Maybe [StringFilter],
+    -- | The user associated with the IAM access key related to a finding.
+    resourceAwsIamAccessKeyUserName :: Prelude.Maybe [StringFilter],
+    -- | The name of an IAM user.
+    resourceAwsIamUserUserName :: Prelude.Maybe [StringFilter],
+    -- | The canonical user ID of the owner of the S3 bucket.
+    resourceAwsS3BucketOwnerId :: Prelude.Maybe [StringFilter],
+    -- | The display name of the owner of the S3 bucket.
+    resourceAwsS3BucketOwnerName :: Prelude.Maybe [StringFilter],
+    -- | The identifier of the image related to a finding.
+    resourceContainerImageId :: Prelude.Maybe [StringFilter],
+    -- | The name of the image related to a finding.
+    resourceContainerImageName :: Prelude.Maybe [StringFilter],
+    -- | The date\/time that the container was started.
+    resourceContainerLaunchedAt :: Prelude.Maybe [DateFilter],
+    -- | The name of the container related to a finding.
+    resourceContainerName :: Prelude.Maybe [StringFilter],
+    -- | The details of a resource that doesn\'t have a specific subfield for the
+    -- resource type defined.
+    resourceDetailsOther :: Prelude.Maybe [MapFilter],
+    -- | The canonical identifier for the given resource type.
+    resourceId :: Prelude.Maybe [StringFilter],
+    -- | The canonical Amazon Web Services partition name that the Region is
+    -- assigned to.
+    resourcePartition :: Prelude.Maybe [StringFilter],
+    -- | The canonical Amazon Web Services external Region name where this
+    -- resource is located.
+    resourceRegion :: Prelude.Maybe [StringFilter],
+    -- | A list of Amazon Web Services tags associated with a resource at the
+    -- time the finding was processed.
+    resourceTags :: Prelude.Maybe [MapFilter],
+    -- | Specifies the type of the resource that details are provided for.
+    resourceType :: Prelude.Maybe [StringFilter],
+    -- | Indicates whether or not sample findings are included in the filter
+    -- results.
+    sample :: Prelude.Maybe [BooleanFilter],
+    -- | The label of a finding\'s severity.
+    severityLabel :: Prelude.Maybe [StringFilter],
+    -- | The normalized severity of a finding.
+    severityNormalized :: Prelude.Maybe [NumberFilter],
+    -- | The native severity as defined by the security-findings provider\'s
+    -- solution that generated the finding.
+    severityProduct :: Prelude.Maybe [NumberFilter],
+    -- | A URL that links to a page about the current finding in the
+    -- security-findings provider\'s solution.
+    sourceUrl :: Prelude.Maybe [StringFilter],
+    -- | The category of a threat intelligence indicator.
+    threatIntelIndicatorCategory :: Prelude.Maybe [StringFilter],
+    -- | The date\/time of the last observation of a threat intelligence
+    -- indicator.
+    threatIntelIndicatorLastObservedAt :: Prelude.Maybe [DateFilter],
+    -- | The source of the threat intelligence.
+    threatIntelIndicatorSource :: Prelude.Maybe [StringFilter],
+    -- | The URL for more details from the source of the threat intelligence.
+    threatIntelIndicatorSourceUrl :: Prelude.Maybe [StringFilter],
+    -- | The type of a threat intelligence indicator.
+    threatIntelIndicatorType :: Prelude.Maybe [StringFilter],
+    -- | The value of a threat intelligence indicator.
+    threatIntelIndicatorValue :: Prelude.Maybe [StringFilter],
+    -- | A finding\'s title.
+    title :: Prelude.Maybe [StringFilter],
+    -- | A finding type in the format of @namespace\/category\/classifier@ that
+    -- classifies a finding.
+    type' :: Prelude.Maybe [StringFilter],
+    -- | An ISO8601-formatted timestamp that indicates when the security-findings
+    -- provider last updated the finding record.
+    updatedAt :: Prelude.Maybe [DateFilter],
+    -- | A list of name\/value string pairs associated with the finding. These
+    -- are custom, user-defined fields added to a finding.
+    userDefinedFields :: Prelude.Maybe [MapFilter],
+    -- | The veracity of a finding.
+    verificationState :: Prelude.Maybe [StringFilter],
+    -- | The workflow state of a finding.
+    --
+    -- Note that this field is deprecated. To search for a finding based on its
+    -- workflow status, use @WorkflowStatus@.
+    workflowState :: Prelude.Maybe [StringFilter],
+    -- | The status of the investigation into a finding. Allowed values are the
+    -- following.
+    --
+    -- -   @NEW@ - The initial state of a finding, before it is reviewed.
+    --
+    --     Security Hub also resets the workflow status from @NOTIFIED@ or
+    --     @RESOLVED@ to @NEW@ in the following cases:
+    --
+    --     -   @RecordState@ changes from @ARCHIVED@ to @ACTIVE@.
+    --
+    --     -   @Compliance.Status@ changes from @PASSED@ to either @WARNING@,
+    --         @FAILED@, or @NOT_AVAILABLE@.
+    --
+    -- -   @NOTIFIED@ - Indicates that the resource owner has been notified
+    --     about the security issue. Used when the initial reviewer is not the
+    --     resource owner, and needs intervention from the resource owner.
+    --
+    --     If one of the following occurs, the workflow status is changed
+    --     automatically from @NOTIFIED@ to @NEW@:
+    --
+    --     -   @RecordState@ changes from @ARCHIVED@ to @ACTIVE@.
+    --
+    --     -   @Compliance.Status@ changes from @PASSED@ to @FAILED@,
+    --         @WARNING@, or @NOT_AVAILABLE@.
+    --
+    -- -   @SUPPRESSED@ - Indicates that you reviewed the finding and do not
+    --     believe that any action is needed.
+    --
+    --     The workflow status of a @SUPPRESSED@ finding does not change if
+    --     @RecordState@ changes from @ARCHIVED@ to @ACTIVE@.
+    --
+    -- -   @RESOLVED@ - The finding was reviewed and remediated and is now
+    --     considered resolved.
+    --
+    --     The finding remains @RESOLVED@ unless one of the following occurs:
+    --
+    --     -   @RecordState@ changes from @ARCHIVED@ to @ACTIVE@.
+    --
+    --     -   @Compliance.Status@ changes from @PASSED@ to @FAILED@,
+    --         @WARNING@, or @NOT_AVAILABLE@.
+    --
+    --     In those cases, the workflow status is automatically reset to @NEW@.
+    --
+    --     For findings from controls, if @Compliance.Status@ is @PASSED@, then
+    --     Security Hub automatically sets the workflow status to @RESOLVED@.
+    workflowStatus :: Prelude.Maybe [StringFilter]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsSecurityFindingFilters' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'awsAccountId', 'awsSecurityFindingFilters_awsAccountId' - The Amazon Web Services account ID that a finding is generated in.
+--
+-- 'companyName', 'awsSecurityFindingFilters_companyName' - The name of the findings provider (company) that owns the solution
+-- (product) that generates findings.
+--
+-- 'complianceStatus', 'awsSecurityFindingFilters_complianceStatus' - Exclusive to findings that are generated as the result of a check run
+-- against a specific rule in a supported standard, such as CIS Amazon Web
+-- Services Foundations. Contains security standard-related finding
+-- details.
+--
+-- 'confidence', 'awsSecurityFindingFilters_confidence' - A finding\'s confidence. Confidence is defined as the likelihood that a
+-- finding accurately identifies the behavior or issue that it was intended
+-- to identify.
+--
+-- Confidence is scored on a 0-100 basis using a ratio scale, where 0 means
+-- zero percent confidence and 100 means 100 percent confidence.
+--
+-- 'createdAt', 'awsSecurityFindingFilters_createdAt' - An ISO8601-formatted timestamp that indicates when the security-findings
+-- provider captured the potential security issue that a finding captured.
+--
+-- 'criticality', 'awsSecurityFindingFilters_criticality' - The level of importance assigned to the resources associated with the
+-- finding.
+--
+-- A score of 0 means that the underlying resources have no criticality,
+-- and a score of 100 is reserved for the most critical resources.
+--
+-- 'description', 'awsSecurityFindingFilters_description' - A finding\'s description.
+--
+-- 'findingProviderFieldsConfidence', 'awsSecurityFindingFilters_findingProviderFieldsConfidence' - The finding provider value for the finding confidence. Confidence is
+-- defined as the likelihood that a finding accurately identifies the
+-- behavior or issue that it was intended to identify.
+--
+-- Confidence is scored on a 0-100 basis using a ratio scale, where 0 means
+-- zero percent confidence and 100 means 100 percent confidence.
+--
+-- 'findingProviderFieldsCriticality', 'awsSecurityFindingFilters_findingProviderFieldsCriticality' - The finding provider value for the level of importance assigned to the
+-- resources associated with the findings.
+--
+-- A score of 0 means that the underlying resources have no criticality,
+-- and a score of 100 is reserved for the most critical resources.
+--
+-- 'findingProviderFieldsRelatedFindingsId', 'awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsId' - The finding identifier of a related finding that is identified by the
+-- finding provider.
+--
+-- 'findingProviderFieldsRelatedFindingsProductArn', 'awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsProductArn' - The ARN of the solution that generated a related finding that is
+-- identified by the finding provider.
+--
+-- 'findingProviderFieldsSeverityLabel', 'awsSecurityFindingFilters_findingProviderFieldsSeverityLabel' - The finding provider value for the severity label.
+--
+-- 'findingProviderFieldsSeverityOriginal', 'awsSecurityFindingFilters_findingProviderFieldsSeverityOriginal' - The finding provider\'s original value for the severity.
+--
+-- 'findingProviderFieldsTypes', 'awsSecurityFindingFilters_findingProviderFieldsTypes' - One or more finding types that the finding provider assigned to the
+-- finding. Uses the format of @namespace\/category\/classifier@ that
+-- classify a finding.
+--
+-- Valid namespace values are: Software and Configuration Checks | TTPs |
+-- Effects | Unusual Behaviors | Sensitive Data Identifications
+--
+-- 'firstObservedAt', 'awsSecurityFindingFilters_firstObservedAt' - An ISO8601-formatted timestamp that indicates when the security-findings
+-- provider first observed the potential security issue that a finding
+-- captured.
+--
+-- 'generatorId', 'awsSecurityFindingFilters_generatorId' - The identifier for the solution-specific component (a discrete unit of
+-- logic) that generated a finding. In various security-findings
+-- providers\' solutions, this generator can be called a rule, a check, a
+-- detector, a plugin, etc.
+--
+-- 'id', 'awsSecurityFindingFilters_id' - The security findings provider-specific identifier for a finding.
+--
+-- 'keyword', 'awsSecurityFindingFilters_keyword' - A keyword for a finding.
+--
+-- 'lastObservedAt', 'awsSecurityFindingFilters_lastObservedAt' - An ISO8601-formatted timestamp that indicates when the security-findings
+-- provider most recently observed the potential security issue that a
+-- finding captured.
+--
+-- 'malwareName', 'awsSecurityFindingFilters_malwareName' - The name of the malware that was observed.
+--
+-- 'malwarePath', 'awsSecurityFindingFilters_malwarePath' - The filesystem path of the malware that was observed.
+--
+-- 'malwareState', 'awsSecurityFindingFilters_malwareState' - The state of the malware that was observed.
+--
+-- 'malwareType', 'awsSecurityFindingFilters_malwareType' - The type of the malware that was observed.
+--
+-- 'networkDestinationDomain', 'awsSecurityFindingFilters_networkDestinationDomain' - The destination domain of network-related information about a finding.
+--
+-- 'networkDestinationIpV4', 'awsSecurityFindingFilters_networkDestinationIpV4' - The destination IPv4 address of network-related information about a
+-- finding.
+--
+-- 'networkDestinationIpV6', 'awsSecurityFindingFilters_networkDestinationIpV6' - The destination IPv6 address of network-related information about a
+-- finding.
+--
+-- 'networkDestinationPort', 'awsSecurityFindingFilters_networkDestinationPort' - The destination port of network-related information about a finding.
+--
+-- 'networkDirection', 'awsSecurityFindingFilters_networkDirection' - Indicates the direction of network traffic associated with a finding.
+--
+-- 'networkProtocol', 'awsSecurityFindingFilters_networkProtocol' - The protocol of network-related information about a finding.
+--
+-- 'networkSourceDomain', 'awsSecurityFindingFilters_networkSourceDomain' - The source domain of network-related information about a finding.
+--
+-- 'networkSourceIpV4', 'awsSecurityFindingFilters_networkSourceIpV4' - The source IPv4 address of network-related information about a finding.
+--
+-- 'networkSourceIpV6', 'awsSecurityFindingFilters_networkSourceIpV6' - The source IPv6 address of network-related information about a finding.
+--
+-- 'networkSourceMac', 'awsSecurityFindingFilters_networkSourceMac' - The source media access control (MAC) address of network-related
+-- information about a finding.
+--
+-- 'networkSourcePort', 'awsSecurityFindingFilters_networkSourcePort' - The source port of network-related information about a finding.
+--
+-- 'noteText', 'awsSecurityFindingFilters_noteText' - The text of a note.
+--
+-- 'noteUpdatedAt', 'awsSecurityFindingFilters_noteUpdatedAt' - The timestamp of when the note was updated.
+--
+-- 'noteUpdatedBy', 'awsSecurityFindingFilters_noteUpdatedBy' - The principal that created a note.
+--
+-- 'processLaunchedAt', 'awsSecurityFindingFilters_processLaunchedAt' - The date\/time that the process was launched.
+--
+-- 'processName', 'awsSecurityFindingFilters_processName' - The name of the process.
+--
+-- 'processParentPid', 'awsSecurityFindingFilters_processParentPid' - The parent process ID.
+--
+-- 'processPath', 'awsSecurityFindingFilters_processPath' - The path to the process executable.
+--
+-- 'processPid', 'awsSecurityFindingFilters_processPid' - The process ID.
+--
+-- 'processTerminatedAt', 'awsSecurityFindingFilters_processTerminatedAt' - The date\/time that the process was terminated.
+--
+-- 'productArn', 'awsSecurityFindingFilters_productArn' - The ARN generated by Security Hub that uniquely identifies a third-party
+-- company (security findings provider) after this provider\'s product
+-- (solution that generates findings) is registered with Security Hub.
+--
+-- 'productFields', 'awsSecurityFindingFilters_productFields' - A data type where security-findings providers can include additional
+-- solution-specific details that aren\'t part of the defined
+-- @AwsSecurityFinding@ format.
+--
+-- 'productName', 'awsSecurityFindingFilters_productName' - The name of the solution (product) that generates findings.
+--
+-- 'recommendationText', 'awsSecurityFindingFilters_recommendationText' - The recommendation of what to do about the issue described in a finding.
+--
+-- 'recordState', 'awsSecurityFindingFilters_recordState' - The updated record state for the finding.
+--
+-- 'region', 'awsSecurityFindingFilters_region' - The Region from which the finding was generated.
+--
+-- 'relatedFindingsId', 'awsSecurityFindingFilters_relatedFindingsId' - The solution-generated identifier for a related finding.
+--
+-- 'relatedFindingsProductArn', 'awsSecurityFindingFilters_relatedFindingsProductArn' - The ARN of the solution that generated a related finding.
+--
+-- 'resourceAwsEc2InstanceIamInstanceProfileArn', 'awsSecurityFindingFilters_resourceAwsEc2InstanceIamInstanceProfileArn' - The IAM profile ARN of the instance.
+--
+-- 'resourceAwsEc2InstanceImageId', 'awsSecurityFindingFilters_resourceAwsEc2InstanceImageId' - The Amazon Machine Image (AMI) ID of the instance.
+--
+-- 'resourceAwsEc2InstanceIpV4Addresses', 'awsSecurityFindingFilters_resourceAwsEc2InstanceIpV4Addresses' - The IPv4 addresses associated with the instance.
+--
+-- 'resourceAwsEc2InstanceIpV6Addresses', 'awsSecurityFindingFilters_resourceAwsEc2InstanceIpV6Addresses' - The IPv6 addresses associated with the instance.
+--
+-- 'resourceAwsEc2InstanceKeyName', 'awsSecurityFindingFilters_resourceAwsEc2InstanceKeyName' - The key name associated with the instance.
+--
+-- 'resourceAwsEc2InstanceLaunchedAt', 'awsSecurityFindingFilters_resourceAwsEc2InstanceLaunchedAt' - The date and time the instance was launched.
+--
+-- 'resourceAwsEc2InstanceSubnetId', 'awsSecurityFindingFilters_resourceAwsEc2InstanceSubnetId' - The identifier of the subnet that the instance was launched in.
+--
+-- 'resourceAwsEc2InstanceType', 'awsSecurityFindingFilters_resourceAwsEc2InstanceType' - The instance type of the instance.
+--
+-- 'resourceAwsEc2InstanceVpcId', 'awsSecurityFindingFilters_resourceAwsEc2InstanceVpcId' - The identifier of the VPC that the instance was launched in.
+--
+-- 'resourceAwsIamAccessKeyCreatedAt', 'awsSecurityFindingFilters_resourceAwsIamAccessKeyCreatedAt' - The creation date\/time of the IAM access key related to a finding.
+--
+-- 'resourceAwsIamAccessKeyPrincipalName', 'awsSecurityFindingFilters_resourceAwsIamAccessKeyPrincipalName' - The name of the principal that is associated with an IAM access key.
+--
+-- 'resourceAwsIamAccessKeyStatus', 'awsSecurityFindingFilters_resourceAwsIamAccessKeyStatus' - The status of the IAM access key related to a finding.
+--
+-- 'resourceAwsIamAccessKeyUserName', 'awsSecurityFindingFilters_resourceAwsIamAccessKeyUserName' - The user associated with the IAM access key related to a finding.
+--
+-- 'resourceAwsIamUserUserName', 'awsSecurityFindingFilters_resourceAwsIamUserUserName' - The name of an IAM user.
+--
+-- 'resourceAwsS3BucketOwnerId', 'awsSecurityFindingFilters_resourceAwsS3BucketOwnerId' - The canonical user ID of the owner of the S3 bucket.
+--
+-- 'resourceAwsS3BucketOwnerName', 'awsSecurityFindingFilters_resourceAwsS3BucketOwnerName' - The display name of the owner of the S3 bucket.
+--
+-- 'resourceContainerImageId', 'awsSecurityFindingFilters_resourceContainerImageId' - The identifier of the image related to a finding.
+--
+-- 'resourceContainerImageName', 'awsSecurityFindingFilters_resourceContainerImageName' - The name of the image related to a finding.
+--
+-- 'resourceContainerLaunchedAt', 'awsSecurityFindingFilters_resourceContainerLaunchedAt' - The date\/time that the container was started.
+--
+-- 'resourceContainerName', 'awsSecurityFindingFilters_resourceContainerName' - The name of the container related to a finding.
+--
+-- 'resourceDetailsOther', 'awsSecurityFindingFilters_resourceDetailsOther' - The details of a resource that doesn\'t have a specific subfield for the
+-- resource type defined.
+--
+-- 'resourceId', 'awsSecurityFindingFilters_resourceId' - The canonical identifier for the given resource type.
+--
+-- 'resourcePartition', 'awsSecurityFindingFilters_resourcePartition' - The canonical Amazon Web Services partition name that the Region is
+-- assigned to.
+--
+-- 'resourceRegion', 'awsSecurityFindingFilters_resourceRegion' - The canonical Amazon Web Services external Region name where this
+-- resource is located.
+--
+-- 'resourceTags', 'awsSecurityFindingFilters_resourceTags' - A list of Amazon Web Services tags associated with a resource at the
+-- time the finding was processed.
+--
+-- 'resourceType', 'awsSecurityFindingFilters_resourceType' - Specifies the type of the resource that details are provided for.
+--
+-- 'sample', 'awsSecurityFindingFilters_sample' - Indicates whether or not sample findings are included in the filter
+-- results.
+--
+-- 'severityLabel', 'awsSecurityFindingFilters_severityLabel' - The label of a finding\'s severity.
+--
+-- 'severityNormalized', 'awsSecurityFindingFilters_severityNormalized' - The normalized severity of a finding.
+--
+-- 'severityProduct', 'awsSecurityFindingFilters_severityProduct' - The native severity as defined by the security-findings provider\'s
+-- solution that generated the finding.
+--
+-- 'sourceUrl', 'awsSecurityFindingFilters_sourceUrl' - A URL that links to a page about the current finding in the
+-- security-findings provider\'s solution.
+--
+-- 'threatIntelIndicatorCategory', 'awsSecurityFindingFilters_threatIntelIndicatorCategory' - The category of a threat intelligence indicator.
+--
+-- 'threatIntelIndicatorLastObservedAt', 'awsSecurityFindingFilters_threatIntelIndicatorLastObservedAt' - The date\/time of the last observation of a threat intelligence
+-- indicator.
+--
+-- 'threatIntelIndicatorSource', 'awsSecurityFindingFilters_threatIntelIndicatorSource' - The source of the threat intelligence.
+--
+-- 'threatIntelIndicatorSourceUrl', 'awsSecurityFindingFilters_threatIntelIndicatorSourceUrl' - The URL for more details from the source of the threat intelligence.
+--
+-- 'threatIntelIndicatorType', 'awsSecurityFindingFilters_threatIntelIndicatorType' - The type of a threat intelligence indicator.
+--
+-- 'threatIntelIndicatorValue', 'awsSecurityFindingFilters_threatIntelIndicatorValue' - The value of a threat intelligence indicator.
+--
+-- 'title', 'awsSecurityFindingFilters_title' - A finding\'s title.
+--
+-- 'type'', 'awsSecurityFindingFilters_type' - A finding type in the format of @namespace\/category\/classifier@ that
+-- classifies a finding.
+--
+-- 'updatedAt', 'awsSecurityFindingFilters_updatedAt' - An ISO8601-formatted timestamp that indicates when the security-findings
+-- provider last updated the finding record.
+--
+-- 'userDefinedFields', 'awsSecurityFindingFilters_userDefinedFields' - A list of name\/value string pairs associated with the finding. These
+-- are custom, user-defined fields added to a finding.
+--
+-- 'verificationState', 'awsSecurityFindingFilters_verificationState' - The veracity of a finding.
+--
+-- 'workflowState', 'awsSecurityFindingFilters_workflowState' - The workflow state of a finding.
+--
+-- Note that this field is deprecated. To search for a finding based on its
+-- workflow status, use @WorkflowStatus@.
+--
+-- 'workflowStatus', 'awsSecurityFindingFilters_workflowStatus' - The status of the investigation into a finding. Allowed values are the
+-- following.
+--
+-- -   @NEW@ - The initial state of a finding, before it is reviewed.
+--
+--     Security Hub also resets the workflow status from @NOTIFIED@ or
+--     @RESOLVED@ to @NEW@ in the following cases:
+--
+--     -   @RecordState@ changes from @ARCHIVED@ to @ACTIVE@.
+--
+--     -   @Compliance.Status@ changes from @PASSED@ to either @WARNING@,
+--         @FAILED@, or @NOT_AVAILABLE@.
+--
+-- -   @NOTIFIED@ - Indicates that the resource owner has been notified
+--     about the security issue. Used when the initial reviewer is not the
+--     resource owner, and needs intervention from the resource owner.
+--
+--     If one of the following occurs, the workflow status is changed
+--     automatically from @NOTIFIED@ to @NEW@:
+--
+--     -   @RecordState@ changes from @ARCHIVED@ to @ACTIVE@.
+--
+--     -   @Compliance.Status@ changes from @PASSED@ to @FAILED@,
+--         @WARNING@, or @NOT_AVAILABLE@.
+--
+-- -   @SUPPRESSED@ - Indicates that you reviewed the finding and do not
+--     believe that any action is needed.
+--
+--     The workflow status of a @SUPPRESSED@ finding does not change if
+--     @RecordState@ changes from @ARCHIVED@ to @ACTIVE@.
+--
+-- -   @RESOLVED@ - The finding was reviewed and remediated and is now
+--     considered resolved.
+--
+--     The finding remains @RESOLVED@ unless one of the following occurs:
+--
+--     -   @RecordState@ changes from @ARCHIVED@ to @ACTIVE@.
+--
+--     -   @Compliance.Status@ changes from @PASSED@ to @FAILED@,
+--         @WARNING@, or @NOT_AVAILABLE@.
+--
+--     In those cases, the workflow status is automatically reset to @NEW@.
+--
+--     For findings from controls, if @Compliance.Status@ is @PASSED@, then
+--     Security Hub automatically sets the workflow status to @RESOLVED@.
+newAwsSecurityFindingFilters ::
+  AwsSecurityFindingFilters
+newAwsSecurityFindingFilters =
+  AwsSecurityFindingFilters'
+    { awsAccountId =
+        Prelude.Nothing,
+      companyName = Prelude.Nothing,
+      complianceStatus = Prelude.Nothing,
+      confidence = Prelude.Nothing,
+      createdAt = Prelude.Nothing,
+      criticality = Prelude.Nothing,
+      description = Prelude.Nothing,
+      findingProviderFieldsConfidence =
+        Prelude.Nothing,
+      findingProviderFieldsCriticality =
+        Prelude.Nothing,
+      findingProviderFieldsRelatedFindingsId =
+        Prelude.Nothing,
+      findingProviderFieldsRelatedFindingsProductArn =
+        Prelude.Nothing,
+      findingProviderFieldsSeverityLabel =
+        Prelude.Nothing,
+      findingProviderFieldsSeverityOriginal =
+        Prelude.Nothing,
+      findingProviderFieldsTypes = Prelude.Nothing,
+      firstObservedAt = Prelude.Nothing,
+      generatorId = Prelude.Nothing,
+      id = Prelude.Nothing,
+      keyword = Prelude.Nothing,
+      lastObservedAt = Prelude.Nothing,
+      malwareName = Prelude.Nothing,
+      malwarePath = Prelude.Nothing,
+      malwareState = Prelude.Nothing,
+      malwareType = Prelude.Nothing,
+      networkDestinationDomain = Prelude.Nothing,
+      networkDestinationIpV4 = Prelude.Nothing,
+      networkDestinationIpV6 = Prelude.Nothing,
+      networkDestinationPort = Prelude.Nothing,
+      networkDirection = Prelude.Nothing,
+      networkProtocol = Prelude.Nothing,
+      networkSourceDomain = Prelude.Nothing,
+      networkSourceIpV4 = Prelude.Nothing,
+      networkSourceIpV6 = Prelude.Nothing,
+      networkSourceMac = Prelude.Nothing,
+      networkSourcePort = Prelude.Nothing,
+      noteText = Prelude.Nothing,
+      noteUpdatedAt = Prelude.Nothing,
+      noteUpdatedBy = Prelude.Nothing,
+      processLaunchedAt = Prelude.Nothing,
+      processName = Prelude.Nothing,
+      processParentPid = Prelude.Nothing,
+      processPath = Prelude.Nothing,
+      processPid = Prelude.Nothing,
+      processTerminatedAt = Prelude.Nothing,
+      productArn = Prelude.Nothing,
+      productFields = Prelude.Nothing,
+      productName = Prelude.Nothing,
+      recommendationText = Prelude.Nothing,
+      recordState = Prelude.Nothing,
+      region = Prelude.Nothing,
+      relatedFindingsId = Prelude.Nothing,
+      relatedFindingsProductArn = Prelude.Nothing,
+      resourceAwsEc2InstanceIamInstanceProfileArn =
+        Prelude.Nothing,
+      resourceAwsEc2InstanceImageId = Prelude.Nothing,
+      resourceAwsEc2InstanceIpV4Addresses =
+        Prelude.Nothing,
+      resourceAwsEc2InstanceIpV6Addresses =
+        Prelude.Nothing,
+      resourceAwsEc2InstanceKeyName = Prelude.Nothing,
+      resourceAwsEc2InstanceLaunchedAt =
+        Prelude.Nothing,
+      resourceAwsEc2InstanceSubnetId = Prelude.Nothing,
+      resourceAwsEc2InstanceType = Prelude.Nothing,
+      resourceAwsEc2InstanceVpcId = Prelude.Nothing,
+      resourceAwsIamAccessKeyCreatedAt =
+        Prelude.Nothing,
+      resourceAwsIamAccessKeyPrincipalName =
+        Prelude.Nothing,
+      resourceAwsIamAccessKeyStatus = Prelude.Nothing,
+      resourceAwsIamAccessKeyUserName =
+        Prelude.Nothing,
+      resourceAwsIamUserUserName = Prelude.Nothing,
+      resourceAwsS3BucketOwnerId = Prelude.Nothing,
+      resourceAwsS3BucketOwnerName = Prelude.Nothing,
+      resourceContainerImageId = Prelude.Nothing,
+      resourceContainerImageName = Prelude.Nothing,
+      resourceContainerLaunchedAt = Prelude.Nothing,
+      resourceContainerName = Prelude.Nothing,
+      resourceDetailsOther = Prelude.Nothing,
+      resourceId = Prelude.Nothing,
+      resourcePartition = Prelude.Nothing,
+      resourceRegion = Prelude.Nothing,
+      resourceTags = Prelude.Nothing,
+      resourceType = Prelude.Nothing,
+      sample = Prelude.Nothing,
+      severityLabel = Prelude.Nothing,
+      severityNormalized = Prelude.Nothing,
+      severityProduct = Prelude.Nothing,
+      sourceUrl = Prelude.Nothing,
+      threatIntelIndicatorCategory = Prelude.Nothing,
+      threatIntelIndicatorLastObservedAt =
+        Prelude.Nothing,
+      threatIntelIndicatorSource = Prelude.Nothing,
+      threatIntelIndicatorSourceUrl = Prelude.Nothing,
+      threatIntelIndicatorType = Prelude.Nothing,
+      threatIntelIndicatorValue = Prelude.Nothing,
+      title = Prelude.Nothing,
+      type' = Prelude.Nothing,
+      updatedAt = Prelude.Nothing,
+      userDefinedFields = Prelude.Nothing,
+      verificationState = Prelude.Nothing,
+      workflowState = Prelude.Nothing,
+      workflowStatus = Prelude.Nothing
+    }
+
+-- | The Amazon Web Services account ID that a finding is generated in.
+awsSecurityFindingFilters_awsAccountId :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_awsAccountId = Lens.lens (\AwsSecurityFindingFilters' {awsAccountId} -> awsAccountId) (\s@AwsSecurityFindingFilters' {} a -> s {awsAccountId = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the findings provider (company) that owns the solution
+-- (product) that generates findings.
+awsSecurityFindingFilters_companyName :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_companyName = Lens.lens (\AwsSecurityFindingFilters' {companyName} -> companyName) (\s@AwsSecurityFindingFilters' {} a -> s {companyName = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | Exclusive to findings that are generated as the result of a check run
+-- against a specific rule in a supported standard, such as CIS Amazon Web
+-- Services Foundations. Contains security standard-related finding
+-- details.
+awsSecurityFindingFilters_complianceStatus :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_complianceStatus = Lens.lens (\AwsSecurityFindingFilters' {complianceStatus} -> complianceStatus) (\s@AwsSecurityFindingFilters' {} a -> s {complianceStatus = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | A finding\'s confidence. Confidence is defined as the likelihood that a
+-- finding accurately identifies the behavior or issue that it was intended
+-- to identify.
+--
+-- Confidence is scored on a 0-100 basis using a ratio scale, where 0 means
+-- zero percent confidence and 100 means 100 percent confidence.
+awsSecurityFindingFilters_confidence :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [NumberFilter])
+awsSecurityFindingFilters_confidence = Lens.lens (\AwsSecurityFindingFilters' {confidence} -> confidence) (\s@AwsSecurityFindingFilters' {} a -> s {confidence = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | An ISO8601-formatted timestamp that indicates when the security-findings
+-- provider captured the potential security issue that a finding captured.
+awsSecurityFindingFilters_createdAt :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [DateFilter])
+awsSecurityFindingFilters_createdAt = Lens.lens (\AwsSecurityFindingFilters' {createdAt} -> createdAt) (\s@AwsSecurityFindingFilters' {} a -> s {createdAt = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The level of importance assigned to the resources associated with the
+-- finding.
+--
+-- A score of 0 means that the underlying resources have no criticality,
+-- and a score of 100 is reserved for the most critical resources.
+awsSecurityFindingFilters_criticality :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [NumberFilter])
+awsSecurityFindingFilters_criticality = Lens.lens (\AwsSecurityFindingFilters' {criticality} -> criticality) (\s@AwsSecurityFindingFilters' {} a -> s {criticality = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | A finding\'s description.
+awsSecurityFindingFilters_description :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_description = Lens.lens (\AwsSecurityFindingFilters' {description} -> description) (\s@AwsSecurityFindingFilters' {} a -> s {description = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The finding provider value for the finding confidence. Confidence is
+-- defined as the likelihood that a finding accurately identifies the
+-- behavior or issue that it was intended to identify.
+--
+-- Confidence is scored on a 0-100 basis using a ratio scale, where 0 means
+-- zero percent confidence and 100 means 100 percent confidence.
+awsSecurityFindingFilters_findingProviderFieldsConfidence :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [NumberFilter])
+awsSecurityFindingFilters_findingProviderFieldsConfidence = Lens.lens (\AwsSecurityFindingFilters' {findingProviderFieldsConfidence} -> findingProviderFieldsConfidence) (\s@AwsSecurityFindingFilters' {} a -> s {findingProviderFieldsConfidence = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The finding provider value for the level of importance assigned to the
+-- resources associated with the findings.
+--
+-- A score of 0 means that the underlying resources have no criticality,
+-- and a score of 100 is reserved for the most critical resources.
+awsSecurityFindingFilters_findingProviderFieldsCriticality :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [NumberFilter])
+awsSecurityFindingFilters_findingProviderFieldsCriticality = Lens.lens (\AwsSecurityFindingFilters' {findingProviderFieldsCriticality} -> findingProviderFieldsCriticality) (\s@AwsSecurityFindingFilters' {} a -> s {findingProviderFieldsCriticality = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The finding identifier of a related finding that is identified by the
+-- finding provider.
+awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsId :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsId = Lens.lens (\AwsSecurityFindingFilters' {findingProviderFieldsRelatedFindingsId} -> findingProviderFieldsRelatedFindingsId) (\s@AwsSecurityFindingFilters' {} a -> s {findingProviderFieldsRelatedFindingsId = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN of the solution that generated a related finding that is
+-- identified by the finding provider.
+awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsProductArn :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_findingProviderFieldsRelatedFindingsProductArn = Lens.lens (\AwsSecurityFindingFilters' {findingProviderFieldsRelatedFindingsProductArn} -> findingProviderFieldsRelatedFindingsProductArn) (\s@AwsSecurityFindingFilters' {} a -> s {findingProviderFieldsRelatedFindingsProductArn = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The finding provider value for the severity label.
+awsSecurityFindingFilters_findingProviderFieldsSeverityLabel :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_findingProviderFieldsSeverityLabel = Lens.lens (\AwsSecurityFindingFilters' {findingProviderFieldsSeverityLabel} -> findingProviderFieldsSeverityLabel) (\s@AwsSecurityFindingFilters' {} a -> s {findingProviderFieldsSeverityLabel = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The finding provider\'s original value for the severity.
+awsSecurityFindingFilters_findingProviderFieldsSeverityOriginal :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_findingProviderFieldsSeverityOriginal = Lens.lens (\AwsSecurityFindingFilters' {findingProviderFieldsSeverityOriginal} -> findingProviderFieldsSeverityOriginal) (\s@AwsSecurityFindingFilters' {} a -> s {findingProviderFieldsSeverityOriginal = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | One or more finding types that the finding provider assigned to the
+-- finding. Uses the format of @namespace\/category\/classifier@ that
+-- classify a finding.
+--
+-- Valid namespace values are: Software and Configuration Checks | TTPs |
+-- Effects | Unusual Behaviors | Sensitive Data Identifications
+awsSecurityFindingFilters_findingProviderFieldsTypes :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_findingProviderFieldsTypes = Lens.lens (\AwsSecurityFindingFilters' {findingProviderFieldsTypes} -> findingProviderFieldsTypes) (\s@AwsSecurityFindingFilters' {} a -> s {findingProviderFieldsTypes = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | An ISO8601-formatted timestamp that indicates when the security-findings
+-- provider first observed the potential security issue that a finding
+-- captured.
+awsSecurityFindingFilters_firstObservedAt :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [DateFilter])
+awsSecurityFindingFilters_firstObservedAt = Lens.lens (\AwsSecurityFindingFilters' {firstObservedAt} -> firstObservedAt) (\s@AwsSecurityFindingFilters' {} a -> s {firstObservedAt = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The identifier for the solution-specific component (a discrete unit of
+-- logic) that generated a finding. In various security-findings
+-- providers\' solutions, this generator can be called a rule, a check, a
+-- detector, a plugin, etc.
+awsSecurityFindingFilters_generatorId :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_generatorId = Lens.lens (\AwsSecurityFindingFilters' {generatorId} -> generatorId) (\s@AwsSecurityFindingFilters' {} a -> s {generatorId = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The security findings provider-specific identifier for a finding.
+awsSecurityFindingFilters_id :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_id = Lens.lens (\AwsSecurityFindingFilters' {id} -> id) (\s@AwsSecurityFindingFilters' {} a -> s {id = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | A keyword for a finding.
+awsSecurityFindingFilters_keyword :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [KeywordFilter])
+awsSecurityFindingFilters_keyword = Lens.lens (\AwsSecurityFindingFilters' {keyword} -> keyword) (\s@AwsSecurityFindingFilters' {} a -> s {keyword = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | An ISO8601-formatted timestamp that indicates when the security-findings
+-- provider most recently observed the potential security issue that a
+-- finding captured.
+awsSecurityFindingFilters_lastObservedAt :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [DateFilter])
+awsSecurityFindingFilters_lastObservedAt = Lens.lens (\AwsSecurityFindingFilters' {lastObservedAt} -> lastObservedAt) (\s@AwsSecurityFindingFilters' {} a -> s {lastObservedAt = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the malware that was observed.
+awsSecurityFindingFilters_malwareName :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_malwareName = Lens.lens (\AwsSecurityFindingFilters' {malwareName} -> malwareName) (\s@AwsSecurityFindingFilters' {} a -> s {malwareName = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The filesystem path of the malware that was observed.
+awsSecurityFindingFilters_malwarePath :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_malwarePath = Lens.lens (\AwsSecurityFindingFilters' {malwarePath} -> malwarePath) (\s@AwsSecurityFindingFilters' {} a -> s {malwarePath = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The state of the malware that was observed.
+awsSecurityFindingFilters_malwareState :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_malwareState = Lens.lens (\AwsSecurityFindingFilters' {malwareState} -> malwareState) (\s@AwsSecurityFindingFilters' {} a -> s {malwareState = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The type of the malware that was observed.
+awsSecurityFindingFilters_malwareType :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_malwareType = Lens.lens (\AwsSecurityFindingFilters' {malwareType} -> malwareType) (\s@AwsSecurityFindingFilters' {} a -> s {malwareType = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The destination domain of network-related information about a finding.
+awsSecurityFindingFilters_networkDestinationDomain :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_networkDestinationDomain = Lens.lens (\AwsSecurityFindingFilters' {networkDestinationDomain} -> networkDestinationDomain) (\s@AwsSecurityFindingFilters' {} a -> s {networkDestinationDomain = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The destination IPv4 address of network-related information about a
+-- finding.
+awsSecurityFindingFilters_networkDestinationIpV4 :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [IpFilter])
+awsSecurityFindingFilters_networkDestinationIpV4 = Lens.lens (\AwsSecurityFindingFilters' {networkDestinationIpV4} -> networkDestinationIpV4) (\s@AwsSecurityFindingFilters' {} a -> s {networkDestinationIpV4 = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The destination IPv6 address of network-related information about a
+-- finding.
+awsSecurityFindingFilters_networkDestinationIpV6 :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [IpFilter])
+awsSecurityFindingFilters_networkDestinationIpV6 = Lens.lens (\AwsSecurityFindingFilters' {networkDestinationIpV6} -> networkDestinationIpV6) (\s@AwsSecurityFindingFilters' {} a -> s {networkDestinationIpV6 = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The destination port of network-related information about a finding.
+awsSecurityFindingFilters_networkDestinationPort :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [NumberFilter])
+awsSecurityFindingFilters_networkDestinationPort = Lens.lens (\AwsSecurityFindingFilters' {networkDestinationPort} -> networkDestinationPort) (\s@AwsSecurityFindingFilters' {} a -> s {networkDestinationPort = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates the direction of network traffic associated with a finding.
+awsSecurityFindingFilters_networkDirection :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_networkDirection = Lens.lens (\AwsSecurityFindingFilters' {networkDirection} -> networkDirection) (\s@AwsSecurityFindingFilters' {} a -> s {networkDirection = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The protocol of network-related information about a finding.
+awsSecurityFindingFilters_networkProtocol :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_networkProtocol = Lens.lens (\AwsSecurityFindingFilters' {networkProtocol} -> networkProtocol) (\s@AwsSecurityFindingFilters' {} a -> s {networkProtocol = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The source domain of network-related information about a finding.
+awsSecurityFindingFilters_networkSourceDomain :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_networkSourceDomain = Lens.lens (\AwsSecurityFindingFilters' {networkSourceDomain} -> networkSourceDomain) (\s@AwsSecurityFindingFilters' {} a -> s {networkSourceDomain = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The source IPv4 address of network-related information about a finding.
+awsSecurityFindingFilters_networkSourceIpV4 :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [IpFilter])
+awsSecurityFindingFilters_networkSourceIpV4 = Lens.lens (\AwsSecurityFindingFilters' {networkSourceIpV4} -> networkSourceIpV4) (\s@AwsSecurityFindingFilters' {} a -> s {networkSourceIpV4 = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The source IPv6 address of network-related information about a finding.
+awsSecurityFindingFilters_networkSourceIpV6 :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [IpFilter])
+awsSecurityFindingFilters_networkSourceIpV6 = Lens.lens (\AwsSecurityFindingFilters' {networkSourceIpV6} -> networkSourceIpV6) (\s@AwsSecurityFindingFilters' {} a -> s {networkSourceIpV6 = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The source media access control (MAC) address of network-related
+-- information about a finding.
+awsSecurityFindingFilters_networkSourceMac :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_networkSourceMac = Lens.lens (\AwsSecurityFindingFilters' {networkSourceMac} -> networkSourceMac) (\s@AwsSecurityFindingFilters' {} a -> s {networkSourceMac = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The source port of network-related information about a finding.
+awsSecurityFindingFilters_networkSourcePort :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [NumberFilter])
+awsSecurityFindingFilters_networkSourcePort = Lens.lens (\AwsSecurityFindingFilters' {networkSourcePort} -> networkSourcePort) (\s@AwsSecurityFindingFilters' {} a -> s {networkSourcePort = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The text of a note.
+awsSecurityFindingFilters_noteText :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_noteText = Lens.lens (\AwsSecurityFindingFilters' {noteText} -> noteText) (\s@AwsSecurityFindingFilters' {} a -> s {noteText = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The timestamp of when the note was updated.
+awsSecurityFindingFilters_noteUpdatedAt :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [DateFilter])
+awsSecurityFindingFilters_noteUpdatedAt = Lens.lens (\AwsSecurityFindingFilters' {noteUpdatedAt} -> noteUpdatedAt) (\s@AwsSecurityFindingFilters' {} a -> s {noteUpdatedAt = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The principal that created a note.
+awsSecurityFindingFilters_noteUpdatedBy :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_noteUpdatedBy = Lens.lens (\AwsSecurityFindingFilters' {noteUpdatedBy} -> noteUpdatedBy) (\s@AwsSecurityFindingFilters' {} a -> s {noteUpdatedBy = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The date\/time that the process was launched.
+awsSecurityFindingFilters_processLaunchedAt :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [DateFilter])
+awsSecurityFindingFilters_processLaunchedAt = Lens.lens (\AwsSecurityFindingFilters' {processLaunchedAt} -> processLaunchedAt) (\s@AwsSecurityFindingFilters' {} a -> s {processLaunchedAt = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the process.
+awsSecurityFindingFilters_processName :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_processName = Lens.lens (\AwsSecurityFindingFilters' {processName} -> processName) (\s@AwsSecurityFindingFilters' {} a -> s {processName = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The parent process ID.
+awsSecurityFindingFilters_processParentPid :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [NumberFilter])
+awsSecurityFindingFilters_processParentPid = Lens.lens (\AwsSecurityFindingFilters' {processParentPid} -> processParentPid) (\s@AwsSecurityFindingFilters' {} a -> s {processParentPid = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The path to the process executable.
+awsSecurityFindingFilters_processPath :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_processPath = Lens.lens (\AwsSecurityFindingFilters' {processPath} -> processPath) (\s@AwsSecurityFindingFilters' {} a -> s {processPath = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The process ID.
+awsSecurityFindingFilters_processPid :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [NumberFilter])
+awsSecurityFindingFilters_processPid = Lens.lens (\AwsSecurityFindingFilters' {processPid} -> processPid) (\s@AwsSecurityFindingFilters' {} a -> s {processPid = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The date\/time that the process was terminated.
+awsSecurityFindingFilters_processTerminatedAt :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [DateFilter])
+awsSecurityFindingFilters_processTerminatedAt = Lens.lens (\AwsSecurityFindingFilters' {processTerminatedAt} -> processTerminatedAt) (\s@AwsSecurityFindingFilters' {} a -> s {processTerminatedAt = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN generated by Security Hub that uniquely identifies a third-party
+-- company (security findings provider) after this provider\'s product
+-- (solution that generates findings) is registered with Security Hub.
+awsSecurityFindingFilters_productArn :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_productArn = Lens.lens (\AwsSecurityFindingFilters' {productArn} -> productArn) (\s@AwsSecurityFindingFilters' {} a -> s {productArn = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | A data type where security-findings providers can include additional
+-- solution-specific details that aren\'t part of the defined
+-- @AwsSecurityFinding@ format.
+awsSecurityFindingFilters_productFields :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [MapFilter])
+awsSecurityFindingFilters_productFields = Lens.lens (\AwsSecurityFindingFilters' {productFields} -> productFields) (\s@AwsSecurityFindingFilters' {} a -> s {productFields = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the solution (product) that generates findings.
+awsSecurityFindingFilters_productName :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_productName = Lens.lens (\AwsSecurityFindingFilters' {productName} -> productName) (\s@AwsSecurityFindingFilters' {} a -> s {productName = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The recommendation of what to do about the issue described in a finding.
+awsSecurityFindingFilters_recommendationText :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_recommendationText = Lens.lens (\AwsSecurityFindingFilters' {recommendationText} -> recommendationText) (\s@AwsSecurityFindingFilters' {} a -> s {recommendationText = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The updated record state for the finding.
+awsSecurityFindingFilters_recordState :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_recordState = Lens.lens (\AwsSecurityFindingFilters' {recordState} -> recordState) (\s@AwsSecurityFindingFilters' {} a -> s {recordState = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Region from which the finding was generated.
+awsSecurityFindingFilters_region :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_region = Lens.lens (\AwsSecurityFindingFilters' {region} -> region) (\s@AwsSecurityFindingFilters' {} a -> s {region = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The solution-generated identifier for a related finding.
+awsSecurityFindingFilters_relatedFindingsId :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_relatedFindingsId = Lens.lens (\AwsSecurityFindingFilters' {relatedFindingsId} -> relatedFindingsId) (\s@AwsSecurityFindingFilters' {} a -> s {relatedFindingsId = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN of the solution that generated a related finding.
+awsSecurityFindingFilters_relatedFindingsProductArn :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_relatedFindingsProductArn = Lens.lens (\AwsSecurityFindingFilters' {relatedFindingsProductArn} -> relatedFindingsProductArn) (\s@AwsSecurityFindingFilters' {} a -> s {relatedFindingsProductArn = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The IAM profile ARN of the instance.
+awsSecurityFindingFilters_resourceAwsEc2InstanceIamInstanceProfileArn :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceAwsEc2InstanceIamInstanceProfileArn = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsEc2InstanceIamInstanceProfileArn} -> resourceAwsEc2InstanceIamInstanceProfileArn) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsEc2InstanceIamInstanceProfileArn = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Amazon Machine Image (AMI) ID of the instance.
+awsSecurityFindingFilters_resourceAwsEc2InstanceImageId :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceAwsEc2InstanceImageId = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsEc2InstanceImageId} -> resourceAwsEc2InstanceImageId) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsEc2InstanceImageId = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The IPv4 addresses associated with the instance.
+awsSecurityFindingFilters_resourceAwsEc2InstanceIpV4Addresses :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [IpFilter])
+awsSecurityFindingFilters_resourceAwsEc2InstanceIpV4Addresses = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsEc2InstanceIpV4Addresses} -> resourceAwsEc2InstanceIpV4Addresses) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsEc2InstanceIpV4Addresses = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The IPv6 addresses associated with the instance.
+awsSecurityFindingFilters_resourceAwsEc2InstanceIpV6Addresses :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [IpFilter])
+awsSecurityFindingFilters_resourceAwsEc2InstanceIpV6Addresses = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsEc2InstanceIpV6Addresses} -> resourceAwsEc2InstanceIpV6Addresses) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsEc2InstanceIpV6Addresses = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The key name associated with the instance.
+awsSecurityFindingFilters_resourceAwsEc2InstanceKeyName :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceAwsEc2InstanceKeyName = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsEc2InstanceKeyName} -> resourceAwsEc2InstanceKeyName) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsEc2InstanceKeyName = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The date and time the instance was launched.
+awsSecurityFindingFilters_resourceAwsEc2InstanceLaunchedAt :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [DateFilter])
+awsSecurityFindingFilters_resourceAwsEc2InstanceLaunchedAt = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsEc2InstanceLaunchedAt} -> resourceAwsEc2InstanceLaunchedAt) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsEc2InstanceLaunchedAt = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The identifier of the subnet that the instance was launched in.
+awsSecurityFindingFilters_resourceAwsEc2InstanceSubnetId :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceAwsEc2InstanceSubnetId = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsEc2InstanceSubnetId} -> resourceAwsEc2InstanceSubnetId) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsEc2InstanceSubnetId = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The instance type of the instance.
+awsSecurityFindingFilters_resourceAwsEc2InstanceType :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceAwsEc2InstanceType = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsEc2InstanceType} -> resourceAwsEc2InstanceType) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsEc2InstanceType = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The identifier of the VPC that the instance was launched in.
+awsSecurityFindingFilters_resourceAwsEc2InstanceVpcId :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceAwsEc2InstanceVpcId = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsEc2InstanceVpcId} -> resourceAwsEc2InstanceVpcId) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsEc2InstanceVpcId = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The creation date\/time of the IAM access key related to a finding.
+awsSecurityFindingFilters_resourceAwsIamAccessKeyCreatedAt :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [DateFilter])
+awsSecurityFindingFilters_resourceAwsIamAccessKeyCreatedAt = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsIamAccessKeyCreatedAt} -> resourceAwsIamAccessKeyCreatedAt) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsIamAccessKeyCreatedAt = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the principal that is associated with an IAM access key.
+awsSecurityFindingFilters_resourceAwsIamAccessKeyPrincipalName :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceAwsIamAccessKeyPrincipalName = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsIamAccessKeyPrincipalName} -> resourceAwsIamAccessKeyPrincipalName) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsIamAccessKeyPrincipalName = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The status of the IAM access key related to a finding.
+awsSecurityFindingFilters_resourceAwsIamAccessKeyStatus :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceAwsIamAccessKeyStatus = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsIamAccessKeyStatus} -> resourceAwsIamAccessKeyStatus) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsIamAccessKeyStatus = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The user associated with the IAM access key related to a finding.
+awsSecurityFindingFilters_resourceAwsIamAccessKeyUserName :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceAwsIamAccessKeyUserName = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsIamAccessKeyUserName} -> resourceAwsIamAccessKeyUserName) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsIamAccessKeyUserName = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of an IAM user.
+awsSecurityFindingFilters_resourceAwsIamUserUserName :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceAwsIamUserUserName = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsIamUserUserName} -> resourceAwsIamUserUserName) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsIamUserUserName = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The canonical user ID of the owner of the S3 bucket.
+awsSecurityFindingFilters_resourceAwsS3BucketOwnerId :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceAwsS3BucketOwnerId = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsS3BucketOwnerId} -> resourceAwsS3BucketOwnerId) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsS3BucketOwnerId = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The display name of the owner of the S3 bucket.
+awsSecurityFindingFilters_resourceAwsS3BucketOwnerName :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceAwsS3BucketOwnerName = Lens.lens (\AwsSecurityFindingFilters' {resourceAwsS3BucketOwnerName} -> resourceAwsS3BucketOwnerName) (\s@AwsSecurityFindingFilters' {} a -> s {resourceAwsS3BucketOwnerName = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The identifier of the image related to a finding.
+awsSecurityFindingFilters_resourceContainerImageId :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceContainerImageId = Lens.lens (\AwsSecurityFindingFilters' {resourceContainerImageId} -> resourceContainerImageId) (\s@AwsSecurityFindingFilters' {} a -> s {resourceContainerImageId = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the image related to a finding.
+awsSecurityFindingFilters_resourceContainerImageName :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceContainerImageName = Lens.lens (\AwsSecurityFindingFilters' {resourceContainerImageName} -> resourceContainerImageName) (\s@AwsSecurityFindingFilters' {} a -> s {resourceContainerImageName = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The date\/time that the container was started.
+awsSecurityFindingFilters_resourceContainerLaunchedAt :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [DateFilter])
+awsSecurityFindingFilters_resourceContainerLaunchedAt = Lens.lens (\AwsSecurityFindingFilters' {resourceContainerLaunchedAt} -> resourceContainerLaunchedAt) (\s@AwsSecurityFindingFilters' {} a -> s {resourceContainerLaunchedAt = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the container related to a finding.
+awsSecurityFindingFilters_resourceContainerName :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceContainerName = Lens.lens (\AwsSecurityFindingFilters' {resourceContainerName} -> resourceContainerName) (\s@AwsSecurityFindingFilters' {} a -> s {resourceContainerName = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The details of a resource that doesn\'t have a specific subfield for the
+-- resource type defined.
+awsSecurityFindingFilters_resourceDetailsOther :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [MapFilter])
+awsSecurityFindingFilters_resourceDetailsOther = Lens.lens (\AwsSecurityFindingFilters' {resourceDetailsOther} -> resourceDetailsOther) (\s@AwsSecurityFindingFilters' {} a -> s {resourceDetailsOther = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The canonical identifier for the given resource type.
+awsSecurityFindingFilters_resourceId :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceId = Lens.lens (\AwsSecurityFindingFilters' {resourceId} -> resourceId) (\s@AwsSecurityFindingFilters' {} a -> s {resourceId = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The canonical Amazon Web Services partition name that the Region is
+-- assigned to.
+awsSecurityFindingFilters_resourcePartition :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourcePartition = Lens.lens (\AwsSecurityFindingFilters' {resourcePartition} -> resourcePartition) (\s@AwsSecurityFindingFilters' {} a -> s {resourcePartition = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The canonical Amazon Web Services external Region name where this
+-- resource is located.
+awsSecurityFindingFilters_resourceRegion :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceRegion = Lens.lens (\AwsSecurityFindingFilters' {resourceRegion} -> resourceRegion) (\s@AwsSecurityFindingFilters' {} a -> s {resourceRegion = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of Amazon Web Services tags associated with a resource at the
+-- time the finding was processed.
+awsSecurityFindingFilters_resourceTags :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [MapFilter])
+awsSecurityFindingFilters_resourceTags = Lens.lens (\AwsSecurityFindingFilters' {resourceTags} -> resourceTags) (\s@AwsSecurityFindingFilters' {} a -> s {resourceTags = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies the type of the resource that details are provided for.
+awsSecurityFindingFilters_resourceType :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_resourceType = Lens.lens (\AwsSecurityFindingFilters' {resourceType} -> resourceType) (\s@AwsSecurityFindingFilters' {} a -> s {resourceType = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | Indicates whether or not sample findings are included in the filter
+-- results.
+awsSecurityFindingFilters_sample :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [BooleanFilter])
+awsSecurityFindingFilters_sample = Lens.lens (\AwsSecurityFindingFilters' {sample} -> sample) (\s@AwsSecurityFindingFilters' {} a -> s {sample = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The label of a finding\'s severity.
+awsSecurityFindingFilters_severityLabel :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_severityLabel = Lens.lens (\AwsSecurityFindingFilters' {severityLabel} -> severityLabel) (\s@AwsSecurityFindingFilters' {} a -> s {severityLabel = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The normalized severity of a finding.
+awsSecurityFindingFilters_severityNormalized :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [NumberFilter])
+awsSecurityFindingFilters_severityNormalized = Lens.lens (\AwsSecurityFindingFilters' {severityNormalized} -> severityNormalized) (\s@AwsSecurityFindingFilters' {} a -> s {severityNormalized = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The native severity as defined by the security-findings provider\'s
+-- solution that generated the finding.
+awsSecurityFindingFilters_severityProduct :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [NumberFilter])
+awsSecurityFindingFilters_severityProduct = Lens.lens (\AwsSecurityFindingFilters' {severityProduct} -> severityProduct) (\s@AwsSecurityFindingFilters' {} a -> s {severityProduct = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | A URL that links to a page about the current finding in the
+-- security-findings provider\'s solution.
+awsSecurityFindingFilters_sourceUrl :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_sourceUrl = Lens.lens (\AwsSecurityFindingFilters' {sourceUrl} -> sourceUrl) (\s@AwsSecurityFindingFilters' {} a -> s {sourceUrl = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The category of a threat intelligence indicator.
+awsSecurityFindingFilters_threatIntelIndicatorCategory :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_threatIntelIndicatorCategory = Lens.lens (\AwsSecurityFindingFilters' {threatIntelIndicatorCategory} -> threatIntelIndicatorCategory) (\s@AwsSecurityFindingFilters' {} a -> s {threatIntelIndicatorCategory = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The date\/time of the last observation of a threat intelligence
+-- indicator.
+awsSecurityFindingFilters_threatIntelIndicatorLastObservedAt :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [DateFilter])
+awsSecurityFindingFilters_threatIntelIndicatorLastObservedAt = Lens.lens (\AwsSecurityFindingFilters' {threatIntelIndicatorLastObservedAt} -> threatIntelIndicatorLastObservedAt) (\s@AwsSecurityFindingFilters' {} a -> s {threatIntelIndicatorLastObservedAt = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The source of the threat intelligence.
+awsSecurityFindingFilters_threatIntelIndicatorSource :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_threatIntelIndicatorSource = Lens.lens (\AwsSecurityFindingFilters' {threatIntelIndicatorSource} -> threatIntelIndicatorSource) (\s@AwsSecurityFindingFilters' {} a -> s {threatIntelIndicatorSource = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The URL for more details from the source of the threat intelligence.
+awsSecurityFindingFilters_threatIntelIndicatorSourceUrl :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_threatIntelIndicatorSourceUrl = Lens.lens (\AwsSecurityFindingFilters' {threatIntelIndicatorSourceUrl} -> threatIntelIndicatorSourceUrl) (\s@AwsSecurityFindingFilters' {} a -> s {threatIntelIndicatorSourceUrl = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The type of a threat intelligence indicator.
+awsSecurityFindingFilters_threatIntelIndicatorType :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_threatIntelIndicatorType = Lens.lens (\AwsSecurityFindingFilters' {threatIntelIndicatorType} -> threatIntelIndicatorType) (\s@AwsSecurityFindingFilters' {} a -> s {threatIntelIndicatorType = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The value of a threat intelligence indicator.
+awsSecurityFindingFilters_threatIntelIndicatorValue :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_threatIntelIndicatorValue = Lens.lens (\AwsSecurityFindingFilters' {threatIntelIndicatorValue} -> threatIntelIndicatorValue) (\s@AwsSecurityFindingFilters' {} a -> s {threatIntelIndicatorValue = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | A finding\'s title.
+awsSecurityFindingFilters_title :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_title = Lens.lens (\AwsSecurityFindingFilters' {title} -> title) (\s@AwsSecurityFindingFilters' {} a -> s {title = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | A finding type in the format of @namespace\/category\/classifier@ that
+-- classifies a finding.
+awsSecurityFindingFilters_type :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_type = Lens.lens (\AwsSecurityFindingFilters' {type'} -> type') (\s@AwsSecurityFindingFilters' {} a -> s {type' = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | An ISO8601-formatted timestamp that indicates when the security-findings
+-- provider last updated the finding record.
+awsSecurityFindingFilters_updatedAt :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [DateFilter])
+awsSecurityFindingFilters_updatedAt = Lens.lens (\AwsSecurityFindingFilters' {updatedAt} -> updatedAt) (\s@AwsSecurityFindingFilters' {} a -> s {updatedAt = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of name\/value string pairs associated with the finding. These
+-- are custom, user-defined fields added to a finding.
+awsSecurityFindingFilters_userDefinedFields :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [MapFilter])
+awsSecurityFindingFilters_userDefinedFields = Lens.lens (\AwsSecurityFindingFilters' {userDefinedFields} -> userDefinedFields) (\s@AwsSecurityFindingFilters' {} a -> s {userDefinedFields = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The veracity of a finding.
+awsSecurityFindingFilters_verificationState :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_verificationState = Lens.lens (\AwsSecurityFindingFilters' {verificationState} -> verificationState) (\s@AwsSecurityFindingFilters' {} a -> s {verificationState = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The workflow state of a finding.
+--
+-- Note that this field is deprecated. To search for a finding based on its
+-- workflow status, use @WorkflowStatus@.
+awsSecurityFindingFilters_workflowState :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_workflowState = Lens.lens (\AwsSecurityFindingFilters' {workflowState} -> workflowState) (\s@AwsSecurityFindingFilters' {} a -> s {workflowState = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The status of the investigation into a finding. Allowed values are the
+-- following.
+--
+-- -   @NEW@ - The initial state of a finding, before it is reviewed.
+--
+--     Security Hub also resets the workflow status from @NOTIFIED@ or
+--     @RESOLVED@ to @NEW@ in the following cases:
+--
+--     -   @RecordState@ changes from @ARCHIVED@ to @ACTIVE@.
+--
+--     -   @Compliance.Status@ changes from @PASSED@ to either @WARNING@,
+--         @FAILED@, or @NOT_AVAILABLE@.
+--
+-- -   @NOTIFIED@ - Indicates that the resource owner has been notified
+--     about the security issue. Used when the initial reviewer is not the
+--     resource owner, and needs intervention from the resource owner.
+--
+--     If one of the following occurs, the workflow status is changed
+--     automatically from @NOTIFIED@ to @NEW@:
+--
+--     -   @RecordState@ changes from @ARCHIVED@ to @ACTIVE@.
+--
+--     -   @Compliance.Status@ changes from @PASSED@ to @FAILED@,
+--         @WARNING@, or @NOT_AVAILABLE@.
+--
+-- -   @SUPPRESSED@ - Indicates that you reviewed the finding and do not
+--     believe that any action is needed.
+--
+--     The workflow status of a @SUPPRESSED@ finding does not change if
+--     @RecordState@ changes from @ARCHIVED@ to @ACTIVE@.
+--
+-- -   @RESOLVED@ - The finding was reviewed and remediated and is now
+--     considered resolved.
+--
+--     The finding remains @RESOLVED@ unless one of the following occurs:
+--
+--     -   @RecordState@ changes from @ARCHIVED@ to @ACTIVE@.
+--
+--     -   @Compliance.Status@ changes from @PASSED@ to @FAILED@,
+--         @WARNING@, or @NOT_AVAILABLE@.
+--
+--     In those cases, the workflow status is automatically reset to @NEW@.
+--
+--     For findings from controls, if @Compliance.Status@ is @PASSED@, then
+--     Security Hub automatically sets the workflow status to @RESOLVED@.
+awsSecurityFindingFilters_workflowStatus :: Lens.Lens' AwsSecurityFindingFilters (Prelude.Maybe [StringFilter])
+awsSecurityFindingFilters_workflowStatus = Lens.lens (\AwsSecurityFindingFilters' {workflowStatus} -> workflowStatus) (\s@AwsSecurityFindingFilters' {} a -> s {workflowStatus = a} :: AwsSecurityFindingFilters) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsSecurityFindingFilters where
+  parseJSON =
+    Data.withObject
+      "AwsSecurityFindingFilters"
+      ( \x ->
+          AwsSecurityFindingFilters'
+            Prelude.<$> (x Data..:? "AwsAccountId" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "CompanyName" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "ComplianceStatus"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Confidence" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "CreatedAt" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Criticality" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Description" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "FindingProviderFieldsConfidence"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "FindingProviderFieldsCriticality"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "FindingProviderFieldsRelatedFindingsId"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "FindingProviderFieldsRelatedFindingsProductArn"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "FindingProviderFieldsSeverityLabel"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "FindingProviderFieldsSeverityOriginal"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "FindingProviderFieldsTypes"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "FirstObservedAt"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "GeneratorId" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Id" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Keyword" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "LastObservedAt" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "MalwareName" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "MalwarePath" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "MalwareState" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "MalwareType" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "NetworkDestinationDomain"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "NetworkDestinationIpV4"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "NetworkDestinationIpV6"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "NetworkDestinationPort"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "NetworkDirection"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "NetworkProtocol"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "NetworkSourceDomain"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "NetworkSourceIpV4"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "NetworkSourceIpV6"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "NetworkSourceMac"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "NetworkSourcePort"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "NoteText" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "NoteUpdatedAt" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "NoteUpdatedBy" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "ProcessLaunchedAt"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ProcessName" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "ProcessParentPid"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ProcessPath" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "ProcessPid" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "ProcessTerminatedAt"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ProductArn" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "ProductFields" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "ProductName" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "RecommendationText"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "RecordState" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Region" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "RelatedFindingsId"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "RelatedFindingsProductArn"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsEc2InstanceIamInstanceProfileArn"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsEc2InstanceImageId"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsEc2InstanceIpV4Addresses"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsEc2InstanceIpV6Addresses"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsEc2InstanceKeyName"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsEc2InstanceLaunchedAt"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsEc2InstanceSubnetId"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsEc2InstanceType"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsEc2InstanceVpcId"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsIamAccessKeyCreatedAt"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsIamAccessKeyPrincipalName"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsIamAccessKeyStatus"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsIamAccessKeyUserName"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsIamUserUserName"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsS3BucketOwnerId"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceAwsS3BucketOwnerName"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceContainerImageId"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceContainerImageName"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceContainerLaunchedAt"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceContainerName"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ResourceDetailsOther"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ResourceId" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "ResourcePartition"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ResourceRegion" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "ResourceTags" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "ResourceType" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Sample" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "SeverityLabel" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "SeverityNormalized"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "SeverityProduct"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "SourceUrl" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "ThreatIntelIndicatorCategory"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ThreatIntelIndicatorLastObservedAt"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ThreatIntelIndicatorSource"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ThreatIntelIndicatorSourceUrl"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ThreatIntelIndicatorType"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "ThreatIntelIndicatorValue"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Title" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Type" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "UpdatedAt" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "UserDefinedFields"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "VerificationState"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "WorkflowState" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "WorkflowStatus"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable AwsSecurityFindingFilters where
+  hashWithSalt _salt AwsSecurityFindingFilters' {..} =
+    _salt
+      `Prelude.hashWithSalt` awsAccountId
+      `Prelude.hashWithSalt` companyName
+      `Prelude.hashWithSalt` complianceStatus
+      `Prelude.hashWithSalt` confidence
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` criticality
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` findingProviderFieldsConfidence
+      `Prelude.hashWithSalt` findingProviderFieldsCriticality
+      `Prelude.hashWithSalt` findingProviderFieldsRelatedFindingsId
+      `Prelude.hashWithSalt` findingProviderFieldsRelatedFindingsProductArn
+      `Prelude.hashWithSalt` findingProviderFieldsSeverityLabel
+      `Prelude.hashWithSalt` findingProviderFieldsSeverityOriginal
+      `Prelude.hashWithSalt` findingProviderFieldsTypes
+      `Prelude.hashWithSalt` firstObservedAt
+      `Prelude.hashWithSalt` generatorId
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` keyword
+      `Prelude.hashWithSalt` lastObservedAt
+      `Prelude.hashWithSalt` malwareName
+      `Prelude.hashWithSalt` malwarePath
+      `Prelude.hashWithSalt` malwareState
+      `Prelude.hashWithSalt` malwareType
+      `Prelude.hashWithSalt` networkDestinationDomain
+      `Prelude.hashWithSalt` networkDestinationIpV4
+      `Prelude.hashWithSalt` networkDestinationIpV6
+      `Prelude.hashWithSalt` networkDestinationPort
+      `Prelude.hashWithSalt` networkDirection
+      `Prelude.hashWithSalt` networkProtocol
+      `Prelude.hashWithSalt` networkSourceDomain
+      `Prelude.hashWithSalt` networkSourceIpV4
+      `Prelude.hashWithSalt` networkSourceIpV6
+      `Prelude.hashWithSalt` networkSourceMac
+      `Prelude.hashWithSalt` networkSourcePort
+      `Prelude.hashWithSalt` noteText
+      `Prelude.hashWithSalt` noteUpdatedAt
+      `Prelude.hashWithSalt` noteUpdatedBy
+      `Prelude.hashWithSalt` processLaunchedAt
+      `Prelude.hashWithSalt` processName
+      `Prelude.hashWithSalt` processParentPid
+      `Prelude.hashWithSalt` processPath
+      `Prelude.hashWithSalt` processPid
+      `Prelude.hashWithSalt` processTerminatedAt
+      `Prelude.hashWithSalt` productArn
+      `Prelude.hashWithSalt` productFields
+      `Prelude.hashWithSalt` productName
+      `Prelude.hashWithSalt` recommendationText
+      `Prelude.hashWithSalt` recordState
+      `Prelude.hashWithSalt` region
+      `Prelude.hashWithSalt` relatedFindingsId
+      `Prelude.hashWithSalt` relatedFindingsProductArn
+      `Prelude.hashWithSalt` resourceAwsEc2InstanceIamInstanceProfileArn
+      `Prelude.hashWithSalt` resourceAwsEc2InstanceImageId
+      `Prelude.hashWithSalt` resourceAwsEc2InstanceIpV4Addresses
+      `Prelude.hashWithSalt` resourceAwsEc2InstanceIpV6Addresses
+      `Prelude.hashWithSalt` resourceAwsEc2InstanceKeyName
+      `Prelude.hashWithSalt` resourceAwsEc2InstanceLaunchedAt
+      `Prelude.hashWithSalt` resourceAwsEc2InstanceSubnetId
+      `Prelude.hashWithSalt` resourceAwsEc2InstanceType
+      `Prelude.hashWithSalt` resourceAwsEc2InstanceVpcId
+      `Prelude.hashWithSalt` resourceAwsIamAccessKeyCreatedAt
+      `Prelude.hashWithSalt` resourceAwsIamAccessKeyPrincipalName
+      `Prelude.hashWithSalt` resourceAwsIamAccessKeyStatus
+      `Prelude.hashWithSalt` resourceAwsIamAccessKeyUserName
+      `Prelude.hashWithSalt` resourceAwsIamUserUserName
+      `Prelude.hashWithSalt` resourceAwsS3BucketOwnerId
+      `Prelude.hashWithSalt` resourceAwsS3BucketOwnerName
+      `Prelude.hashWithSalt` resourceContainerImageId
+      `Prelude.hashWithSalt` resourceContainerImageName
+      `Prelude.hashWithSalt` resourceContainerLaunchedAt
+      `Prelude.hashWithSalt` resourceContainerName
+      `Prelude.hashWithSalt` resourceDetailsOther
+      `Prelude.hashWithSalt` resourceId
+      `Prelude.hashWithSalt` resourcePartition
+      `Prelude.hashWithSalt` resourceRegion
+      `Prelude.hashWithSalt` resourceTags
+      `Prelude.hashWithSalt` resourceType
+      `Prelude.hashWithSalt` sample
+      `Prelude.hashWithSalt` severityLabel
+      `Prelude.hashWithSalt` severityNormalized
+      `Prelude.hashWithSalt` severityProduct
+      `Prelude.hashWithSalt` sourceUrl
+      `Prelude.hashWithSalt` threatIntelIndicatorCategory
+      `Prelude.hashWithSalt` threatIntelIndicatorLastObservedAt
+      `Prelude.hashWithSalt` threatIntelIndicatorSource
+      `Prelude.hashWithSalt` threatIntelIndicatorSourceUrl
+      `Prelude.hashWithSalt` threatIntelIndicatorType
+      `Prelude.hashWithSalt` threatIntelIndicatorValue
+      `Prelude.hashWithSalt` title
+      `Prelude.hashWithSalt` type'
+      `Prelude.hashWithSalt` updatedAt
+      `Prelude.hashWithSalt` userDefinedFields
+      `Prelude.hashWithSalt` verificationState
+      `Prelude.hashWithSalt` workflowState
+      `Prelude.hashWithSalt` workflowStatus
+
+instance Prelude.NFData AwsSecurityFindingFilters where
+  rnf AwsSecurityFindingFilters' {..} =
+    Prelude.rnf awsAccountId
+      `Prelude.seq` Prelude.rnf companyName
+      `Prelude.seq` Prelude.rnf complianceStatus
+      `Prelude.seq` Prelude.rnf confidence
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf criticality
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf findingProviderFieldsConfidence
+      `Prelude.seq` Prelude.rnf findingProviderFieldsCriticality
+      `Prelude.seq` Prelude.rnf findingProviderFieldsRelatedFindingsId
+      `Prelude.seq` Prelude.rnf
+        findingProviderFieldsRelatedFindingsProductArn
+      `Prelude.seq` Prelude.rnf findingProviderFieldsSeverityLabel
+      `Prelude.seq` Prelude.rnf
+        findingProviderFieldsSeverityOriginal
+      `Prelude.seq` Prelude.rnf findingProviderFieldsTypes
+      `Prelude.seq` Prelude.rnf firstObservedAt
+      `Prelude.seq` Prelude.rnf generatorId
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf keyword
+      `Prelude.seq` Prelude.rnf lastObservedAt
+      `Prelude.seq` Prelude.rnf malwareName
+      `Prelude.seq` Prelude.rnf malwarePath
+      `Prelude.seq` Prelude.rnf malwareState
+      `Prelude.seq` Prelude.rnf malwareType
+      `Prelude.seq` Prelude.rnf
+        networkDestinationDomain
+      `Prelude.seq` Prelude.rnf
+        networkDestinationIpV4
+      `Prelude.seq` Prelude.rnf
+        networkDestinationIpV6
+      `Prelude.seq` Prelude.rnf
+        networkDestinationPort
+      `Prelude.seq` Prelude.rnf
+        networkDirection
+      `Prelude.seq` Prelude.rnf
+        networkProtocol
+      `Prelude.seq` Prelude.rnf
+        networkSourceDomain
+      `Prelude.seq` Prelude.rnf
+        networkSourceIpV4
+      `Prelude.seq` Prelude.rnf
+        networkSourceIpV6
+      `Prelude.seq` Prelude.rnf
+        networkSourceMac
+      `Prelude.seq` Prelude.rnf
+        networkSourcePort
+      `Prelude.seq` Prelude.rnf
+        noteText
+      `Prelude.seq` Prelude.rnf
+        noteUpdatedAt
+      `Prelude.seq` Prelude.rnf
+        noteUpdatedBy
+      `Prelude.seq` Prelude.rnf
+        processLaunchedAt
+      `Prelude.seq` Prelude.rnf
+        processName
+      `Prelude.seq` Prelude.rnf
+        processParentPid
+      `Prelude.seq` Prelude.rnf
+        processPath
+      `Prelude.seq` Prelude.rnf
+        processPid
+      `Prelude.seq` Prelude.rnf
+        processTerminatedAt
+      `Prelude.seq` Prelude.rnf
+        productArn
+      `Prelude.seq` Prelude.rnf
+        productFields
+      `Prelude.seq` Prelude.rnf
+        productName
+      `Prelude.seq` Prelude.rnf
+        recommendationText
+      `Prelude.seq` Prelude.rnf
+        recordState
+      `Prelude.seq` Prelude.rnf
+        region
+      `Prelude.seq` Prelude.rnf
+        relatedFindingsId
+      `Prelude.seq` Prelude.rnf
+        relatedFindingsProductArn
+      `Prelude.seq` Prelude.rnf
+        resourceAwsEc2InstanceIamInstanceProfileArn
+      `Prelude.seq` Prelude.rnf
+        resourceAwsEc2InstanceImageId
+      `Prelude.seq` Prelude.rnf
+        resourceAwsEc2InstanceIpV4Addresses
+      `Prelude.seq` Prelude.rnf
+        resourceAwsEc2InstanceIpV6Addresses
+      `Prelude.seq` Prelude.rnf
+        resourceAwsEc2InstanceKeyName
+      `Prelude.seq` Prelude.rnf
+        resourceAwsEc2InstanceLaunchedAt
+      `Prelude.seq` Prelude.rnf
+        resourceAwsEc2InstanceSubnetId
+      `Prelude.seq` Prelude.rnf
+        resourceAwsEc2InstanceType
+      `Prelude.seq` Prelude.rnf
+        resourceAwsEc2InstanceVpcId
+      `Prelude.seq` Prelude.rnf
+        resourceAwsIamAccessKeyCreatedAt
+      `Prelude.seq` Prelude.rnf
+        resourceAwsIamAccessKeyPrincipalName
+      `Prelude.seq` Prelude.rnf
+        resourceAwsIamAccessKeyStatus
+      `Prelude.seq` Prelude.rnf
+        resourceAwsIamAccessKeyUserName
+      `Prelude.seq` Prelude.rnf
+        resourceAwsIamUserUserName
+      `Prelude.seq` Prelude.rnf
+        resourceAwsS3BucketOwnerId
+      `Prelude.seq` Prelude.rnf
+        resourceAwsS3BucketOwnerName
+      `Prelude.seq` Prelude.rnf
+        resourceContainerImageId
+      `Prelude.seq` Prelude.rnf
+        resourceContainerImageName
+      `Prelude.seq` Prelude.rnf
+        resourceContainerLaunchedAt
+      `Prelude.seq` Prelude.rnf
+        resourceContainerName
+      `Prelude.seq` Prelude.rnf
+        resourceDetailsOther
+      `Prelude.seq` Prelude.rnf
+        resourceId
+      `Prelude.seq` Prelude.rnf
+        resourcePartition
+      `Prelude.seq` Prelude.rnf
+        resourceRegion
+      `Prelude.seq` Prelude.rnf
+        resourceTags
+      `Prelude.seq` Prelude.rnf
+        resourceType
+      `Prelude.seq` Prelude.rnf
+        sample
+      `Prelude.seq` Prelude.rnf
+        severityLabel
+      `Prelude.seq` Prelude.rnf
+        severityNormalized
+      `Prelude.seq` Prelude.rnf
+        severityProduct
+      `Prelude.seq` Prelude.rnf
+        sourceUrl
+      `Prelude.seq` Prelude.rnf
+        threatIntelIndicatorCategory
+      `Prelude.seq` Prelude.rnf
+        threatIntelIndicatorLastObservedAt
+      `Prelude.seq` Prelude.rnf
+        threatIntelIndicatorSource
+      `Prelude.seq` Prelude.rnf
+        threatIntelIndicatorSourceUrl
+      `Prelude.seq` Prelude.rnf
+        threatIntelIndicatorType
+      `Prelude.seq` Prelude.rnf
+        threatIntelIndicatorValue
+      `Prelude.seq` Prelude.rnf
+        title
+      `Prelude.seq` Prelude.rnf
+        type'
+      `Prelude.seq` Prelude.rnf
+        updatedAt
+      `Prelude.seq` Prelude.rnf
+        userDefinedFields
+      `Prelude.seq` Prelude.rnf
+        verificationState
+      `Prelude.seq` Prelude.rnf
+        workflowState
+      `Prelude.seq` Prelude.rnf
+        workflowStatus
+
+instance Data.ToJSON AwsSecurityFindingFilters where
+  toJSON AwsSecurityFindingFilters' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AwsAccountId" Data..=) Prelude.<$> awsAccountId,
+            ("CompanyName" Data..=) Prelude.<$> companyName,
+            ("ComplianceStatus" Data..=)
+              Prelude.<$> complianceStatus,
+            ("Confidence" Data..=) Prelude.<$> confidence,
+            ("CreatedAt" Data..=) Prelude.<$> createdAt,
+            ("Criticality" Data..=) Prelude.<$> criticality,
+            ("Description" Data..=) Prelude.<$> description,
+            ("FindingProviderFieldsConfidence" Data..=)
+              Prelude.<$> findingProviderFieldsConfidence,
+            ("FindingProviderFieldsCriticality" Data..=)
+              Prelude.<$> findingProviderFieldsCriticality,
+            ("FindingProviderFieldsRelatedFindingsId" Data..=)
+              Prelude.<$> findingProviderFieldsRelatedFindingsId,
+            ( "FindingProviderFieldsRelatedFindingsProductArn"
+                Data..=
+            )
+              Prelude.<$> findingProviderFieldsRelatedFindingsProductArn,
+            ("FindingProviderFieldsSeverityLabel" Data..=)
+              Prelude.<$> findingProviderFieldsSeverityLabel,
+            ("FindingProviderFieldsSeverityOriginal" Data..=)
+              Prelude.<$> findingProviderFieldsSeverityOriginal,
+            ("FindingProviderFieldsTypes" Data..=)
+              Prelude.<$> findingProviderFieldsTypes,
+            ("FirstObservedAt" Data..=)
+              Prelude.<$> firstObservedAt,
+            ("GeneratorId" Data..=) Prelude.<$> generatorId,
+            ("Id" Data..=) Prelude.<$> id,
+            ("Keyword" Data..=) Prelude.<$> keyword,
+            ("LastObservedAt" Data..=)
+              Prelude.<$> lastObservedAt,
+            ("MalwareName" Data..=) Prelude.<$> malwareName,
+            ("MalwarePath" Data..=) Prelude.<$> malwarePath,
+            ("MalwareState" Data..=) Prelude.<$> malwareState,
+            ("MalwareType" Data..=) Prelude.<$> malwareType,
+            ("NetworkDestinationDomain" Data..=)
+              Prelude.<$> networkDestinationDomain,
+            ("NetworkDestinationIpV4" Data..=)
+              Prelude.<$> networkDestinationIpV4,
+            ("NetworkDestinationIpV6" Data..=)
+              Prelude.<$> networkDestinationIpV6,
+            ("NetworkDestinationPort" Data..=)
+              Prelude.<$> networkDestinationPort,
+            ("NetworkDirection" Data..=)
+              Prelude.<$> networkDirection,
+            ("NetworkProtocol" Data..=)
+              Prelude.<$> networkProtocol,
+            ("NetworkSourceDomain" Data..=)
+              Prelude.<$> networkSourceDomain,
+            ("NetworkSourceIpV4" Data..=)
+              Prelude.<$> networkSourceIpV4,
+            ("NetworkSourceIpV6" Data..=)
+              Prelude.<$> networkSourceIpV6,
+            ("NetworkSourceMac" Data..=)
+              Prelude.<$> networkSourceMac,
+            ("NetworkSourcePort" Data..=)
+              Prelude.<$> networkSourcePort,
+            ("NoteText" Data..=) Prelude.<$> noteText,
+            ("NoteUpdatedAt" Data..=) Prelude.<$> noteUpdatedAt,
+            ("NoteUpdatedBy" Data..=) Prelude.<$> noteUpdatedBy,
+            ("ProcessLaunchedAt" Data..=)
+              Prelude.<$> processLaunchedAt,
+            ("ProcessName" Data..=) Prelude.<$> processName,
+            ("ProcessParentPid" Data..=)
+              Prelude.<$> processParentPid,
+            ("ProcessPath" Data..=) Prelude.<$> processPath,
+            ("ProcessPid" Data..=) Prelude.<$> processPid,
+            ("ProcessTerminatedAt" Data..=)
+              Prelude.<$> processTerminatedAt,
+            ("ProductArn" Data..=) Prelude.<$> productArn,
+            ("ProductFields" Data..=) Prelude.<$> productFields,
+            ("ProductName" Data..=) Prelude.<$> productName,
+            ("RecommendationText" Data..=)
+              Prelude.<$> recommendationText,
+            ("RecordState" Data..=) Prelude.<$> recordState,
+            ("Region" Data..=) Prelude.<$> region,
+            ("RelatedFindingsId" Data..=)
+              Prelude.<$> relatedFindingsId,
+            ("RelatedFindingsProductArn" Data..=)
+              Prelude.<$> relatedFindingsProductArn,
+            ( "ResourceAwsEc2InstanceIamInstanceProfileArn"
+                Data..=
+            )
+              Prelude.<$> resourceAwsEc2InstanceIamInstanceProfileArn,
+            ("ResourceAwsEc2InstanceImageId" Data..=)
+              Prelude.<$> resourceAwsEc2InstanceImageId,
+            ("ResourceAwsEc2InstanceIpV4Addresses" Data..=)
+              Prelude.<$> resourceAwsEc2InstanceIpV4Addresses,
+            ("ResourceAwsEc2InstanceIpV6Addresses" Data..=)
+              Prelude.<$> resourceAwsEc2InstanceIpV6Addresses,
+            ("ResourceAwsEc2InstanceKeyName" Data..=)
+              Prelude.<$> resourceAwsEc2InstanceKeyName,
+            ("ResourceAwsEc2InstanceLaunchedAt" Data..=)
+              Prelude.<$> resourceAwsEc2InstanceLaunchedAt,
+            ("ResourceAwsEc2InstanceSubnetId" Data..=)
+              Prelude.<$> resourceAwsEc2InstanceSubnetId,
+            ("ResourceAwsEc2InstanceType" Data..=)
+              Prelude.<$> resourceAwsEc2InstanceType,
+            ("ResourceAwsEc2InstanceVpcId" Data..=)
+              Prelude.<$> resourceAwsEc2InstanceVpcId,
+            ("ResourceAwsIamAccessKeyCreatedAt" Data..=)
+              Prelude.<$> resourceAwsIamAccessKeyCreatedAt,
+            ("ResourceAwsIamAccessKeyPrincipalName" Data..=)
+              Prelude.<$> resourceAwsIamAccessKeyPrincipalName,
+            ("ResourceAwsIamAccessKeyStatus" Data..=)
+              Prelude.<$> resourceAwsIamAccessKeyStatus,
+            ("ResourceAwsIamAccessKeyUserName" Data..=)
+              Prelude.<$> resourceAwsIamAccessKeyUserName,
+            ("ResourceAwsIamUserUserName" Data..=)
+              Prelude.<$> resourceAwsIamUserUserName,
+            ("ResourceAwsS3BucketOwnerId" Data..=)
+              Prelude.<$> resourceAwsS3BucketOwnerId,
+            ("ResourceAwsS3BucketOwnerName" Data..=)
+              Prelude.<$> resourceAwsS3BucketOwnerName,
+            ("ResourceContainerImageId" Data..=)
+              Prelude.<$> resourceContainerImageId,
+            ("ResourceContainerImageName" Data..=)
+              Prelude.<$> resourceContainerImageName,
+            ("ResourceContainerLaunchedAt" Data..=)
+              Prelude.<$> resourceContainerLaunchedAt,
+            ("ResourceContainerName" Data..=)
+              Prelude.<$> resourceContainerName,
+            ("ResourceDetailsOther" Data..=)
+              Prelude.<$> resourceDetailsOther,
+            ("ResourceId" Data..=) Prelude.<$> resourceId,
+            ("ResourcePartition" Data..=)
+              Prelude.<$> resourcePartition,
+            ("ResourceRegion" Data..=)
+              Prelude.<$> resourceRegion,
+            ("ResourceTags" Data..=) Prelude.<$> resourceTags,
+            ("ResourceType" Data..=) Prelude.<$> resourceType,
+            ("Sample" Data..=) Prelude.<$> sample,
+            ("SeverityLabel" Data..=) Prelude.<$> severityLabel,
+            ("SeverityNormalized" Data..=)
+              Prelude.<$> severityNormalized,
+            ("SeverityProduct" Data..=)
+              Prelude.<$> severityProduct,
+            ("SourceUrl" Data..=) Prelude.<$> sourceUrl,
+            ("ThreatIntelIndicatorCategory" Data..=)
+              Prelude.<$> threatIntelIndicatorCategory,
+            ("ThreatIntelIndicatorLastObservedAt" Data..=)
+              Prelude.<$> threatIntelIndicatorLastObservedAt,
+            ("ThreatIntelIndicatorSource" Data..=)
+              Prelude.<$> threatIntelIndicatorSource,
+            ("ThreatIntelIndicatorSourceUrl" Data..=)
+              Prelude.<$> threatIntelIndicatorSourceUrl,
+            ("ThreatIntelIndicatorType" Data..=)
+              Prelude.<$> threatIntelIndicatorType,
+            ("ThreatIntelIndicatorValue" Data..=)
+              Prelude.<$> threatIntelIndicatorValue,
+            ("Title" Data..=) Prelude.<$> title,
+            ("Type" Data..=) Prelude.<$> type',
+            ("UpdatedAt" Data..=) Prelude.<$> updatedAt,
+            ("UserDefinedFields" Data..=)
+              Prelude.<$> userDefinedFields,
+            ("VerificationState" Data..=)
+              Prelude.<$> verificationState,
+            ("WorkflowState" Data..=) Prelude.<$> workflowState,
+            ("WorkflowStatus" Data..=)
+              Prelude.<$> workflowStatus
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsSecurityFindingIdentifier.hs b/gen/Amazonka/SecurityHub/Types/AwsSecurityFindingIdentifier.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsSecurityFindingIdentifier.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsSecurityFindingIdentifier
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsSecurityFindingIdentifier where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Identifies a finding to update using @BatchUpdateFindings@.
+--
+-- /See:/ 'newAwsSecurityFindingIdentifier' smart constructor.
+data AwsSecurityFindingIdentifier = AwsSecurityFindingIdentifier'
+  { -- | The identifier of the finding that was specified by the finding
+    -- provider.
+    id :: Prelude.Text,
+    -- | The ARN generated by Security Hub that uniquely identifies a product
+    -- that generates findings. This can be the ARN for a third-party product
+    -- that is integrated with Security Hub, or the ARN for a custom
+    -- integration.
+    productArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsSecurityFindingIdentifier' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'id', 'awsSecurityFindingIdentifier_id' - The identifier of the finding that was specified by the finding
+-- provider.
+--
+-- 'productArn', 'awsSecurityFindingIdentifier_productArn' - The ARN generated by Security Hub that uniquely identifies a product
+-- that generates findings. This can be the ARN for a third-party product
+-- that is integrated with Security Hub, or the ARN for a custom
+-- integration.
+newAwsSecurityFindingIdentifier ::
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'productArn'
+  Prelude.Text ->
+  AwsSecurityFindingIdentifier
+newAwsSecurityFindingIdentifier pId_ pProductArn_ =
+  AwsSecurityFindingIdentifier'
+    { id = pId_,
+      productArn = pProductArn_
+    }
+
+-- | The identifier of the finding that was specified by the finding
+-- provider.
+awsSecurityFindingIdentifier_id :: Lens.Lens' AwsSecurityFindingIdentifier Prelude.Text
+awsSecurityFindingIdentifier_id = Lens.lens (\AwsSecurityFindingIdentifier' {id} -> id) (\s@AwsSecurityFindingIdentifier' {} a -> s {id = a} :: AwsSecurityFindingIdentifier)
+
+-- | The ARN generated by Security Hub that uniquely identifies a product
+-- that generates findings. This can be the ARN for a third-party product
+-- that is integrated with Security Hub, or the ARN for a custom
+-- integration.
+awsSecurityFindingIdentifier_productArn :: Lens.Lens' AwsSecurityFindingIdentifier Prelude.Text
+awsSecurityFindingIdentifier_productArn = Lens.lens (\AwsSecurityFindingIdentifier' {productArn} -> productArn) (\s@AwsSecurityFindingIdentifier' {} a -> s {productArn = a} :: AwsSecurityFindingIdentifier)
+
+instance Data.FromJSON AwsSecurityFindingIdentifier where
+  parseJSON =
+    Data.withObject
+      "AwsSecurityFindingIdentifier"
+      ( \x ->
+          AwsSecurityFindingIdentifier'
+            Prelude.<$> (x Data..: "Id")
+            Prelude.<*> (x Data..: "ProductArn")
+      )
+
+instance
+  Prelude.Hashable
+    AwsSecurityFindingIdentifier
+  where
+  hashWithSalt _salt AwsSecurityFindingIdentifier' {..} =
+    _salt
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` productArn
+
+instance Prelude.NFData AwsSecurityFindingIdentifier where
+  rnf AwsSecurityFindingIdentifier' {..} =
+    Prelude.rnf id `Prelude.seq` Prelude.rnf productArn
+
+instance Data.ToJSON AwsSecurityFindingIdentifier where
+  toJSON AwsSecurityFindingIdentifier' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Id" Data..= id),
+            Prelude.Just ("ProductArn" Data..= productArn)
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsSnsTopicDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsSnsTopicDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsSnsTopicDetails.hs
@@ -0,0 +1,248 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsSnsTopicDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsSnsTopicDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsSnsTopicSubscription
+
+-- | Provides information about an Amazon SNS topic to which notifications
+-- can be published.
+--
+-- /See:/ 'newAwsSnsTopicDetails' smart constructor.
+data AwsSnsTopicDetails = AwsSnsTopicDetails'
+  { -- | Indicates failed message delivery status for an Amazon SNS topic that is
+    -- subscribed to a platform application endpoint.
+    applicationSuccessFeedbackRoleArn :: Prelude.Maybe Prelude.Text,
+    -- | Indicates failed message delivery status for an Amazon SNS topic that is
+    -- subscribed to an Amazon Kinesis Data Firehose endpoint.
+    firehoseFailureFeedbackRoleArn :: Prelude.Maybe Prelude.Text,
+    -- | Indicates successful message delivery status for an Amazon SNS topic
+    -- that is subscribed to an Amazon Kinesis Data Firehose endpoint.
+    firehoseSuccessFeedbackRoleArn :: Prelude.Maybe Prelude.Text,
+    -- | Indicates failed message delivery status for an Amazon SNS topic that is
+    -- subscribed to an HTTP endpoint.
+    httpFailureFeedbackRoleArn :: Prelude.Maybe Prelude.Text,
+    -- | Indicates successful message delivery status for an Amazon SNS topic
+    -- that is subscribed to an HTTP endpoint.
+    httpSuccessFeedbackRoleArn :: Prelude.Maybe Prelude.Text,
+    -- | The ID of an Amazon Web Services managed key for Amazon SNS or a
+    -- customer managed key.
+    kmsMasterKeyId :: Prelude.Maybe Prelude.Text,
+    -- | The subscription\'s owner.
+    owner :: Prelude.Maybe Prelude.Text,
+    -- | Indicates failed message delivery status for an Amazon SNS topic that is
+    -- subscribed to an Amazon SQS endpoint.
+    sqsFailureFeedbackRoleArn :: Prelude.Maybe Prelude.Text,
+    -- | Indicates successful message delivery status for an Amazon SNS topic
+    -- that is subscribed to an Amazon SQS endpoint.
+    sqsSuccessFeedbackRoleArn :: Prelude.Maybe Prelude.Text,
+    -- | Subscription is an embedded property that describes the subscription
+    -- endpoints of an Amazon SNS topic.
+    subscription :: Prelude.Maybe [AwsSnsTopicSubscription],
+    -- | The name of the Amazon SNS topic.
+    topicName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsSnsTopicDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'applicationSuccessFeedbackRoleArn', 'awsSnsTopicDetails_applicationSuccessFeedbackRoleArn' - Indicates failed message delivery status for an Amazon SNS topic that is
+-- subscribed to a platform application endpoint.
+--
+-- 'firehoseFailureFeedbackRoleArn', 'awsSnsTopicDetails_firehoseFailureFeedbackRoleArn' - Indicates failed message delivery status for an Amazon SNS topic that is
+-- subscribed to an Amazon Kinesis Data Firehose endpoint.
+--
+-- 'firehoseSuccessFeedbackRoleArn', 'awsSnsTopicDetails_firehoseSuccessFeedbackRoleArn' - Indicates successful message delivery status for an Amazon SNS topic
+-- that is subscribed to an Amazon Kinesis Data Firehose endpoint.
+--
+-- 'httpFailureFeedbackRoleArn', 'awsSnsTopicDetails_httpFailureFeedbackRoleArn' - Indicates failed message delivery status for an Amazon SNS topic that is
+-- subscribed to an HTTP endpoint.
+--
+-- 'httpSuccessFeedbackRoleArn', 'awsSnsTopicDetails_httpSuccessFeedbackRoleArn' - Indicates successful message delivery status for an Amazon SNS topic
+-- that is subscribed to an HTTP endpoint.
+--
+-- 'kmsMasterKeyId', 'awsSnsTopicDetails_kmsMasterKeyId' - The ID of an Amazon Web Services managed key for Amazon SNS or a
+-- customer managed key.
+--
+-- 'owner', 'awsSnsTopicDetails_owner' - The subscription\'s owner.
+--
+-- 'sqsFailureFeedbackRoleArn', 'awsSnsTopicDetails_sqsFailureFeedbackRoleArn' - Indicates failed message delivery status for an Amazon SNS topic that is
+-- subscribed to an Amazon SQS endpoint.
+--
+-- 'sqsSuccessFeedbackRoleArn', 'awsSnsTopicDetails_sqsSuccessFeedbackRoleArn' - Indicates successful message delivery status for an Amazon SNS topic
+-- that is subscribed to an Amazon SQS endpoint.
+--
+-- 'subscription', 'awsSnsTopicDetails_subscription' - Subscription is an embedded property that describes the subscription
+-- endpoints of an Amazon SNS topic.
+--
+-- 'topicName', 'awsSnsTopicDetails_topicName' - The name of the Amazon SNS topic.
+newAwsSnsTopicDetails ::
+  AwsSnsTopicDetails
+newAwsSnsTopicDetails =
+  AwsSnsTopicDetails'
+    { applicationSuccessFeedbackRoleArn =
+        Prelude.Nothing,
+      firehoseFailureFeedbackRoleArn = Prelude.Nothing,
+      firehoseSuccessFeedbackRoleArn = Prelude.Nothing,
+      httpFailureFeedbackRoleArn = Prelude.Nothing,
+      httpSuccessFeedbackRoleArn = Prelude.Nothing,
+      kmsMasterKeyId = Prelude.Nothing,
+      owner = Prelude.Nothing,
+      sqsFailureFeedbackRoleArn = Prelude.Nothing,
+      sqsSuccessFeedbackRoleArn = Prelude.Nothing,
+      subscription = Prelude.Nothing,
+      topicName = Prelude.Nothing
+    }
+
+-- | Indicates failed message delivery status for an Amazon SNS topic that is
+-- subscribed to a platform application endpoint.
+awsSnsTopicDetails_applicationSuccessFeedbackRoleArn :: Lens.Lens' AwsSnsTopicDetails (Prelude.Maybe Prelude.Text)
+awsSnsTopicDetails_applicationSuccessFeedbackRoleArn = Lens.lens (\AwsSnsTopicDetails' {applicationSuccessFeedbackRoleArn} -> applicationSuccessFeedbackRoleArn) (\s@AwsSnsTopicDetails' {} a -> s {applicationSuccessFeedbackRoleArn = a} :: AwsSnsTopicDetails)
+
+-- | Indicates failed message delivery status for an Amazon SNS topic that is
+-- subscribed to an Amazon Kinesis Data Firehose endpoint.
+awsSnsTopicDetails_firehoseFailureFeedbackRoleArn :: Lens.Lens' AwsSnsTopicDetails (Prelude.Maybe Prelude.Text)
+awsSnsTopicDetails_firehoseFailureFeedbackRoleArn = Lens.lens (\AwsSnsTopicDetails' {firehoseFailureFeedbackRoleArn} -> firehoseFailureFeedbackRoleArn) (\s@AwsSnsTopicDetails' {} a -> s {firehoseFailureFeedbackRoleArn = a} :: AwsSnsTopicDetails)
+
+-- | Indicates successful message delivery status for an Amazon SNS topic
+-- that is subscribed to an Amazon Kinesis Data Firehose endpoint.
+awsSnsTopicDetails_firehoseSuccessFeedbackRoleArn :: Lens.Lens' AwsSnsTopicDetails (Prelude.Maybe Prelude.Text)
+awsSnsTopicDetails_firehoseSuccessFeedbackRoleArn = Lens.lens (\AwsSnsTopicDetails' {firehoseSuccessFeedbackRoleArn} -> firehoseSuccessFeedbackRoleArn) (\s@AwsSnsTopicDetails' {} a -> s {firehoseSuccessFeedbackRoleArn = a} :: AwsSnsTopicDetails)
+
+-- | Indicates failed message delivery status for an Amazon SNS topic that is
+-- subscribed to an HTTP endpoint.
+awsSnsTopicDetails_httpFailureFeedbackRoleArn :: Lens.Lens' AwsSnsTopicDetails (Prelude.Maybe Prelude.Text)
+awsSnsTopicDetails_httpFailureFeedbackRoleArn = Lens.lens (\AwsSnsTopicDetails' {httpFailureFeedbackRoleArn} -> httpFailureFeedbackRoleArn) (\s@AwsSnsTopicDetails' {} a -> s {httpFailureFeedbackRoleArn = a} :: AwsSnsTopicDetails)
+
+-- | Indicates successful message delivery status for an Amazon SNS topic
+-- that is subscribed to an HTTP endpoint.
+awsSnsTopicDetails_httpSuccessFeedbackRoleArn :: Lens.Lens' AwsSnsTopicDetails (Prelude.Maybe Prelude.Text)
+awsSnsTopicDetails_httpSuccessFeedbackRoleArn = Lens.lens (\AwsSnsTopicDetails' {httpSuccessFeedbackRoleArn} -> httpSuccessFeedbackRoleArn) (\s@AwsSnsTopicDetails' {} a -> s {httpSuccessFeedbackRoleArn = a} :: AwsSnsTopicDetails)
+
+-- | The ID of an Amazon Web Services managed key for Amazon SNS or a
+-- customer managed key.
+awsSnsTopicDetails_kmsMasterKeyId :: Lens.Lens' AwsSnsTopicDetails (Prelude.Maybe Prelude.Text)
+awsSnsTopicDetails_kmsMasterKeyId = Lens.lens (\AwsSnsTopicDetails' {kmsMasterKeyId} -> kmsMasterKeyId) (\s@AwsSnsTopicDetails' {} a -> s {kmsMasterKeyId = a} :: AwsSnsTopicDetails)
+
+-- | The subscription\'s owner.
+awsSnsTopicDetails_owner :: Lens.Lens' AwsSnsTopicDetails (Prelude.Maybe Prelude.Text)
+awsSnsTopicDetails_owner = Lens.lens (\AwsSnsTopicDetails' {owner} -> owner) (\s@AwsSnsTopicDetails' {} a -> s {owner = a} :: AwsSnsTopicDetails)
+
+-- | Indicates failed message delivery status for an Amazon SNS topic that is
+-- subscribed to an Amazon SQS endpoint.
+awsSnsTopicDetails_sqsFailureFeedbackRoleArn :: Lens.Lens' AwsSnsTopicDetails (Prelude.Maybe Prelude.Text)
+awsSnsTopicDetails_sqsFailureFeedbackRoleArn = Lens.lens (\AwsSnsTopicDetails' {sqsFailureFeedbackRoleArn} -> sqsFailureFeedbackRoleArn) (\s@AwsSnsTopicDetails' {} a -> s {sqsFailureFeedbackRoleArn = a} :: AwsSnsTopicDetails)
+
+-- | Indicates successful message delivery status for an Amazon SNS topic
+-- that is subscribed to an Amazon SQS endpoint.
+awsSnsTopicDetails_sqsSuccessFeedbackRoleArn :: Lens.Lens' AwsSnsTopicDetails (Prelude.Maybe Prelude.Text)
+awsSnsTopicDetails_sqsSuccessFeedbackRoleArn = Lens.lens (\AwsSnsTopicDetails' {sqsSuccessFeedbackRoleArn} -> sqsSuccessFeedbackRoleArn) (\s@AwsSnsTopicDetails' {} a -> s {sqsSuccessFeedbackRoleArn = a} :: AwsSnsTopicDetails)
+
+-- | Subscription is an embedded property that describes the subscription
+-- endpoints of an Amazon SNS topic.
+awsSnsTopicDetails_subscription :: Lens.Lens' AwsSnsTopicDetails (Prelude.Maybe [AwsSnsTopicSubscription])
+awsSnsTopicDetails_subscription = Lens.lens (\AwsSnsTopicDetails' {subscription} -> subscription) (\s@AwsSnsTopicDetails' {} a -> s {subscription = a} :: AwsSnsTopicDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the Amazon SNS topic.
+awsSnsTopicDetails_topicName :: Lens.Lens' AwsSnsTopicDetails (Prelude.Maybe Prelude.Text)
+awsSnsTopicDetails_topicName = Lens.lens (\AwsSnsTopicDetails' {topicName} -> topicName) (\s@AwsSnsTopicDetails' {} a -> s {topicName = a} :: AwsSnsTopicDetails)
+
+instance Data.FromJSON AwsSnsTopicDetails where
+  parseJSON =
+    Data.withObject
+      "AwsSnsTopicDetails"
+      ( \x ->
+          AwsSnsTopicDetails'
+            Prelude.<$> (x Data..:? "ApplicationSuccessFeedbackRoleArn")
+            Prelude.<*> (x Data..:? "FirehoseFailureFeedbackRoleArn")
+            Prelude.<*> (x Data..:? "FirehoseSuccessFeedbackRoleArn")
+            Prelude.<*> (x Data..:? "HttpFailureFeedbackRoleArn")
+            Prelude.<*> (x Data..:? "HttpSuccessFeedbackRoleArn")
+            Prelude.<*> (x Data..:? "KmsMasterKeyId")
+            Prelude.<*> (x Data..:? "Owner")
+            Prelude.<*> (x Data..:? "SqsFailureFeedbackRoleArn")
+            Prelude.<*> (x Data..:? "SqsSuccessFeedbackRoleArn")
+            Prelude.<*> (x Data..:? "Subscription" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "TopicName")
+      )
+
+instance Prelude.Hashable AwsSnsTopicDetails where
+  hashWithSalt _salt AwsSnsTopicDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` applicationSuccessFeedbackRoleArn
+      `Prelude.hashWithSalt` firehoseFailureFeedbackRoleArn
+      `Prelude.hashWithSalt` firehoseSuccessFeedbackRoleArn
+      `Prelude.hashWithSalt` httpFailureFeedbackRoleArn
+      `Prelude.hashWithSalt` httpSuccessFeedbackRoleArn
+      `Prelude.hashWithSalt` kmsMasterKeyId
+      `Prelude.hashWithSalt` owner
+      `Prelude.hashWithSalt` sqsFailureFeedbackRoleArn
+      `Prelude.hashWithSalt` sqsSuccessFeedbackRoleArn
+      `Prelude.hashWithSalt` subscription
+      `Prelude.hashWithSalt` topicName
+
+instance Prelude.NFData AwsSnsTopicDetails where
+  rnf AwsSnsTopicDetails' {..} =
+    Prelude.rnf applicationSuccessFeedbackRoleArn
+      `Prelude.seq` Prelude.rnf firehoseFailureFeedbackRoleArn
+      `Prelude.seq` Prelude.rnf firehoseSuccessFeedbackRoleArn
+      `Prelude.seq` Prelude.rnf httpFailureFeedbackRoleArn
+      `Prelude.seq` Prelude.rnf httpSuccessFeedbackRoleArn
+      `Prelude.seq` Prelude.rnf kmsMasterKeyId
+      `Prelude.seq` Prelude.rnf owner
+      `Prelude.seq` Prelude.rnf sqsFailureFeedbackRoleArn
+      `Prelude.seq` Prelude.rnf sqsSuccessFeedbackRoleArn
+      `Prelude.seq` Prelude.rnf subscription
+      `Prelude.seq` Prelude.rnf topicName
+
+instance Data.ToJSON AwsSnsTopicDetails where
+  toJSON AwsSnsTopicDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ApplicationSuccessFeedbackRoleArn" Data..=)
+              Prelude.<$> applicationSuccessFeedbackRoleArn,
+            ("FirehoseFailureFeedbackRoleArn" Data..=)
+              Prelude.<$> firehoseFailureFeedbackRoleArn,
+            ("FirehoseSuccessFeedbackRoleArn" Data..=)
+              Prelude.<$> firehoseSuccessFeedbackRoleArn,
+            ("HttpFailureFeedbackRoleArn" Data..=)
+              Prelude.<$> httpFailureFeedbackRoleArn,
+            ("HttpSuccessFeedbackRoleArn" Data..=)
+              Prelude.<$> httpSuccessFeedbackRoleArn,
+            ("KmsMasterKeyId" Data..=)
+              Prelude.<$> kmsMasterKeyId,
+            ("Owner" Data..=) Prelude.<$> owner,
+            ("SqsFailureFeedbackRoleArn" Data..=)
+              Prelude.<$> sqsFailureFeedbackRoleArn,
+            ("SqsSuccessFeedbackRoleArn" Data..=)
+              Prelude.<$> sqsSuccessFeedbackRoleArn,
+            ("Subscription" Data..=) Prelude.<$> subscription,
+            ("TopicName" Data..=) Prelude.<$> topicName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsSnsTopicSubscription.hs b/gen/Amazonka/SecurityHub/Types/AwsSnsTopicSubscription.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsSnsTopicSubscription.hs
@@ -0,0 +1,94 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsSnsTopicSubscription
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsSnsTopicSubscription where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A wrapper type for the attributes of an Amazon SNS subscription.
+--
+-- /See:/ 'newAwsSnsTopicSubscription' smart constructor.
+data AwsSnsTopicSubscription = AwsSnsTopicSubscription'
+  { -- | The subscription\'s endpoint (format depends on the protocol).
+    endpoint :: Prelude.Maybe Prelude.Text,
+    -- | The subscription\'s protocol.
+    protocol :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsSnsTopicSubscription' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'endpoint', 'awsSnsTopicSubscription_endpoint' - The subscription\'s endpoint (format depends on the protocol).
+--
+-- 'protocol', 'awsSnsTopicSubscription_protocol' - The subscription\'s protocol.
+newAwsSnsTopicSubscription ::
+  AwsSnsTopicSubscription
+newAwsSnsTopicSubscription =
+  AwsSnsTopicSubscription'
+    { endpoint =
+        Prelude.Nothing,
+      protocol = Prelude.Nothing
+    }
+
+-- | The subscription\'s endpoint (format depends on the protocol).
+awsSnsTopicSubscription_endpoint :: Lens.Lens' AwsSnsTopicSubscription (Prelude.Maybe Prelude.Text)
+awsSnsTopicSubscription_endpoint = Lens.lens (\AwsSnsTopicSubscription' {endpoint} -> endpoint) (\s@AwsSnsTopicSubscription' {} a -> s {endpoint = a} :: AwsSnsTopicSubscription)
+
+-- | The subscription\'s protocol.
+awsSnsTopicSubscription_protocol :: Lens.Lens' AwsSnsTopicSubscription (Prelude.Maybe Prelude.Text)
+awsSnsTopicSubscription_protocol = Lens.lens (\AwsSnsTopicSubscription' {protocol} -> protocol) (\s@AwsSnsTopicSubscription' {} a -> s {protocol = a} :: AwsSnsTopicSubscription)
+
+instance Data.FromJSON AwsSnsTopicSubscription where
+  parseJSON =
+    Data.withObject
+      "AwsSnsTopicSubscription"
+      ( \x ->
+          AwsSnsTopicSubscription'
+            Prelude.<$> (x Data..:? "Endpoint")
+            Prelude.<*> (x Data..:? "Protocol")
+      )
+
+instance Prelude.Hashable AwsSnsTopicSubscription where
+  hashWithSalt _salt AwsSnsTopicSubscription' {..} =
+    _salt
+      `Prelude.hashWithSalt` endpoint
+      `Prelude.hashWithSalt` protocol
+
+instance Prelude.NFData AwsSnsTopicSubscription where
+  rnf AwsSnsTopicSubscription' {..} =
+    Prelude.rnf endpoint
+      `Prelude.seq` Prelude.rnf protocol
+
+instance Data.ToJSON AwsSnsTopicSubscription where
+  toJSON AwsSnsTopicSubscription' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Endpoint" Data..=) Prelude.<$> endpoint,
+            ("Protocol" Data..=) Prelude.<$> protocol
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsSqsQueueDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsSqsQueueDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsSqsQueueDetails.hs
@@ -0,0 +1,132 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsSqsQueueDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsSqsQueueDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Data about a queue.
+--
+-- /See:/ 'newAwsSqsQueueDetails' smart constructor.
+data AwsSqsQueueDetails = AwsSqsQueueDetails'
+  { -- | The ARN of the dead-letter queue to which Amazon SQS moves messages
+    -- after the value of @maxReceiveCount@ is exceeded.
+    deadLetterTargetArn :: Prelude.Maybe Prelude.Text,
+    -- | The length of time, in seconds, for which Amazon SQS can reuse a data
+    -- key to encrypt or decrypt messages before calling KMS again.
+    kmsDataKeyReusePeriodSeconds :: Prelude.Maybe Prelude.Int,
+    -- | The ID of an Amazon Web Services managed key for Amazon SQS or a custom
+    -- KMS key.
+    kmsMasterKeyId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the new queue.
+    queueName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsSqsQueueDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deadLetterTargetArn', 'awsSqsQueueDetails_deadLetterTargetArn' - The ARN of the dead-letter queue to which Amazon SQS moves messages
+-- after the value of @maxReceiveCount@ is exceeded.
+--
+-- 'kmsDataKeyReusePeriodSeconds', 'awsSqsQueueDetails_kmsDataKeyReusePeriodSeconds' - The length of time, in seconds, for which Amazon SQS can reuse a data
+-- key to encrypt or decrypt messages before calling KMS again.
+--
+-- 'kmsMasterKeyId', 'awsSqsQueueDetails_kmsMasterKeyId' - The ID of an Amazon Web Services managed key for Amazon SQS or a custom
+-- KMS key.
+--
+-- 'queueName', 'awsSqsQueueDetails_queueName' - The name of the new queue.
+newAwsSqsQueueDetails ::
+  AwsSqsQueueDetails
+newAwsSqsQueueDetails =
+  AwsSqsQueueDetails'
+    { deadLetterTargetArn =
+        Prelude.Nothing,
+      kmsDataKeyReusePeriodSeconds = Prelude.Nothing,
+      kmsMasterKeyId = Prelude.Nothing,
+      queueName = Prelude.Nothing
+    }
+
+-- | The ARN of the dead-letter queue to which Amazon SQS moves messages
+-- after the value of @maxReceiveCount@ is exceeded.
+awsSqsQueueDetails_deadLetterTargetArn :: Lens.Lens' AwsSqsQueueDetails (Prelude.Maybe Prelude.Text)
+awsSqsQueueDetails_deadLetterTargetArn = Lens.lens (\AwsSqsQueueDetails' {deadLetterTargetArn} -> deadLetterTargetArn) (\s@AwsSqsQueueDetails' {} a -> s {deadLetterTargetArn = a} :: AwsSqsQueueDetails)
+
+-- | The length of time, in seconds, for which Amazon SQS can reuse a data
+-- key to encrypt or decrypt messages before calling KMS again.
+awsSqsQueueDetails_kmsDataKeyReusePeriodSeconds :: Lens.Lens' AwsSqsQueueDetails (Prelude.Maybe Prelude.Int)
+awsSqsQueueDetails_kmsDataKeyReusePeriodSeconds = Lens.lens (\AwsSqsQueueDetails' {kmsDataKeyReusePeriodSeconds} -> kmsDataKeyReusePeriodSeconds) (\s@AwsSqsQueueDetails' {} a -> s {kmsDataKeyReusePeriodSeconds = a} :: AwsSqsQueueDetails)
+
+-- | The ID of an Amazon Web Services managed key for Amazon SQS or a custom
+-- KMS key.
+awsSqsQueueDetails_kmsMasterKeyId :: Lens.Lens' AwsSqsQueueDetails (Prelude.Maybe Prelude.Text)
+awsSqsQueueDetails_kmsMasterKeyId = Lens.lens (\AwsSqsQueueDetails' {kmsMasterKeyId} -> kmsMasterKeyId) (\s@AwsSqsQueueDetails' {} a -> s {kmsMasterKeyId = a} :: AwsSqsQueueDetails)
+
+-- | The name of the new queue.
+awsSqsQueueDetails_queueName :: Lens.Lens' AwsSqsQueueDetails (Prelude.Maybe Prelude.Text)
+awsSqsQueueDetails_queueName = Lens.lens (\AwsSqsQueueDetails' {queueName} -> queueName) (\s@AwsSqsQueueDetails' {} a -> s {queueName = a} :: AwsSqsQueueDetails)
+
+instance Data.FromJSON AwsSqsQueueDetails where
+  parseJSON =
+    Data.withObject
+      "AwsSqsQueueDetails"
+      ( \x ->
+          AwsSqsQueueDetails'
+            Prelude.<$> (x Data..:? "DeadLetterTargetArn")
+            Prelude.<*> (x Data..:? "KmsDataKeyReusePeriodSeconds")
+            Prelude.<*> (x Data..:? "KmsMasterKeyId")
+            Prelude.<*> (x Data..:? "QueueName")
+      )
+
+instance Prelude.Hashable AwsSqsQueueDetails where
+  hashWithSalt _salt AwsSqsQueueDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` deadLetterTargetArn
+      `Prelude.hashWithSalt` kmsDataKeyReusePeriodSeconds
+      `Prelude.hashWithSalt` kmsMasterKeyId
+      `Prelude.hashWithSalt` queueName
+
+instance Prelude.NFData AwsSqsQueueDetails where
+  rnf AwsSqsQueueDetails' {..} =
+    Prelude.rnf deadLetterTargetArn
+      `Prelude.seq` Prelude.rnf kmsDataKeyReusePeriodSeconds
+      `Prelude.seq` Prelude.rnf kmsMasterKeyId
+      `Prelude.seq` Prelude.rnf queueName
+
+instance Data.ToJSON AwsSqsQueueDetails where
+  toJSON AwsSqsQueueDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DeadLetterTargetArn" Data..=)
+              Prelude.<$> deadLetterTargetArn,
+            ("KmsDataKeyReusePeriodSeconds" Data..=)
+              Prelude.<$> kmsDataKeyReusePeriodSeconds,
+            ("KmsMasterKeyId" Data..=)
+              Prelude.<$> kmsMasterKeyId,
+            ("QueueName" Data..=) Prelude.<$> queueName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsSsmComplianceSummary.hs b/gen/Amazonka/SecurityHub/Types/AwsSsmComplianceSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsSsmComplianceSummary.hs
@@ -0,0 +1,419 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsSsmComplianceSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsSsmComplianceSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides the details about the compliance status for a patch.
+--
+-- /See:/ 'newAwsSsmComplianceSummary' smart constructor.
+data AwsSsmComplianceSummary = AwsSsmComplianceSummary'
+  { -- | The type of resource for which the compliance was determined. For
+    -- @AwsSsmPatchCompliance@, @ComplianceType@ is @Patch@.
+    complianceType :: Prelude.Maybe Prelude.Text,
+    -- | For the patches that are compliant, the number that have a severity of
+    -- @CRITICAL@.
+    compliantCriticalCount :: Prelude.Maybe Prelude.Int,
+    -- | For the patches that are compliant, the number that have a severity of
+    -- @HIGH@.
+    compliantHighCount :: Prelude.Maybe Prelude.Int,
+    -- | For the patches that are compliant, the number that have a severity of
+    -- @INFORMATIONAL@.
+    compliantInformationalCount :: Prelude.Maybe Prelude.Int,
+    -- | For the patches that are compliant, the number that have a severity of
+    -- @LOW@.
+    compliantLowCount :: Prelude.Maybe Prelude.Int,
+    -- | For the patches that are compliant, the number that have a severity of
+    -- @MEDIUM@.
+    compliantMediumCount :: Prelude.Maybe Prelude.Int,
+    -- | For the patches that are compliant, the number that have a severity of
+    -- @UNSPECIFIED@.
+    compliantUnspecifiedCount :: Prelude.Maybe Prelude.Int,
+    -- | The type of execution that was used determine compliance.
+    executionType :: Prelude.Maybe Prelude.Text,
+    -- | For the patch items that are noncompliant, the number of items that have
+    -- a severity of @CRITICAL@.
+    nonCompliantCriticalCount :: Prelude.Maybe Prelude.Int,
+    -- | For the patches that are noncompliant, the number that have a severity
+    -- of @HIGH@.
+    nonCompliantHighCount :: Prelude.Maybe Prelude.Int,
+    -- | For the patches that are noncompliant, the number that have a severity
+    -- of @INFORMATIONAL@.
+    nonCompliantInformationalCount :: Prelude.Maybe Prelude.Int,
+    -- | For the patches that are noncompliant, the number that have a severity
+    -- of @LOW@.
+    nonCompliantLowCount :: Prelude.Maybe Prelude.Int,
+    -- | For the patches that are noncompliant, the number that have a severity
+    -- of @MEDIUM@.
+    nonCompliantMediumCount :: Prelude.Maybe Prelude.Int,
+    -- | For the patches that are noncompliant, the number that have a severity
+    -- of @UNSPECIFIED@.
+    nonCompliantUnspecifiedCount :: Prelude.Maybe Prelude.Int,
+    -- | The highest severity for the patches. Valid values are as follows:
+    --
+    -- -   @CRITICAL@
+    --
+    -- -   @HIGH@
+    --
+    -- -   @MEDIUM@
+    --
+    -- -   @LOW@
+    --
+    -- -   @INFORMATIONAL@
+    --
+    -- -   @UNSPECIFIED@
+    overallSeverity :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the patch baseline. The patch baseline lists the
+    -- patches that are approved for installation.
+    patchBaselineId :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the patch group for which compliance was determined. A
+    -- patch group uses tags to group EC2 instances that should have the same
+    -- patch compliance.
+    patchGroup :: Prelude.Maybe Prelude.Text,
+    -- | The current patch compliance status. Valid values are as follows:
+    --
+    -- -   @COMPLIANT@
+    --
+    -- -   @NON_COMPLIANT@
+    --
+    -- -   @UNSPECIFIED_DATA@
+    status :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsSsmComplianceSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'complianceType', 'awsSsmComplianceSummary_complianceType' - The type of resource for which the compliance was determined. For
+-- @AwsSsmPatchCompliance@, @ComplianceType@ is @Patch@.
+--
+-- 'compliantCriticalCount', 'awsSsmComplianceSummary_compliantCriticalCount' - For the patches that are compliant, the number that have a severity of
+-- @CRITICAL@.
+--
+-- 'compliantHighCount', 'awsSsmComplianceSummary_compliantHighCount' - For the patches that are compliant, the number that have a severity of
+-- @HIGH@.
+--
+-- 'compliantInformationalCount', 'awsSsmComplianceSummary_compliantInformationalCount' - For the patches that are compliant, the number that have a severity of
+-- @INFORMATIONAL@.
+--
+-- 'compliantLowCount', 'awsSsmComplianceSummary_compliantLowCount' - For the patches that are compliant, the number that have a severity of
+-- @LOW@.
+--
+-- 'compliantMediumCount', 'awsSsmComplianceSummary_compliantMediumCount' - For the patches that are compliant, the number that have a severity of
+-- @MEDIUM@.
+--
+-- 'compliantUnspecifiedCount', 'awsSsmComplianceSummary_compliantUnspecifiedCount' - For the patches that are compliant, the number that have a severity of
+-- @UNSPECIFIED@.
+--
+-- 'executionType', 'awsSsmComplianceSummary_executionType' - The type of execution that was used determine compliance.
+--
+-- 'nonCompliantCriticalCount', 'awsSsmComplianceSummary_nonCompliantCriticalCount' - For the patch items that are noncompliant, the number of items that have
+-- a severity of @CRITICAL@.
+--
+-- 'nonCompliantHighCount', 'awsSsmComplianceSummary_nonCompliantHighCount' - For the patches that are noncompliant, the number that have a severity
+-- of @HIGH@.
+--
+-- 'nonCompliantInformationalCount', 'awsSsmComplianceSummary_nonCompliantInformationalCount' - For the patches that are noncompliant, the number that have a severity
+-- of @INFORMATIONAL@.
+--
+-- 'nonCompliantLowCount', 'awsSsmComplianceSummary_nonCompliantLowCount' - For the patches that are noncompliant, the number that have a severity
+-- of @LOW@.
+--
+-- 'nonCompliantMediumCount', 'awsSsmComplianceSummary_nonCompliantMediumCount' - For the patches that are noncompliant, the number that have a severity
+-- of @MEDIUM@.
+--
+-- 'nonCompliantUnspecifiedCount', 'awsSsmComplianceSummary_nonCompliantUnspecifiedCount' - For the patches that are noncompliant, the number that have a severity
+-- of @UNSPECIFIED@.
+--
+-- 'overallSeverity', 'awsSsmComplianceSummary_overallSeverity' - The highest severity for the patches. Valid values are as follows:
+--
+-- -   @CRITICAL@
+--
+-- -   @HIGH@
+--
+-- -   @MEDIUM@
+--
+-- -   @LOW@
+--
+-- -   @INFORMATIONAL@
+--
+-- -   @UNSPECIFIED@
+--
+-- 'patchBaselineId', 'awsSsmComplianceSummary_patchBaselineId' - The identifier of the patch baseline. The patch baseline lists the
+-- patches that are approved for installation.
+--
+-- 'patchGroup', 'awsSsmComplianceSummary_patchGroup' - The identifier of the patch group for which compliance was determined. A
+-- patch group uses tags to group EC2 instances that should have the same
+-- patch compliance.
+--
+-- 'status', 'awsSsmComplianceSummary_status' - The current patch compliance status. Valid values are as follows:
+--
+-- -   @COMPLIANT@
+--
+-- -   @NON_COMPLIANT@
+--
+-- -   @UNSPECIFIED_DATA@
+newAwsSsmComplianceSummary ::
+  AwsSsmComplianceSummary
+newAwsSsmComplianceSummary =
+  AwsSsmComplianceSummary'
+    { complianceType =
+        Prelude.Nothing,
+      compliantCriticalCount = Prelude.Nothing,
+      compliantHighCount = Prelude.Nothing,
+      compliantInformationalCount = Prelude.Nothing,
+      compliantLowCount = Prelude.Nothing,
+      compliantMediumCount = Prelude.Nothing,
+      compliantUnspecifiedCount = Prelude.Nothing,
+      executionType = Prelude.Nothing,
+      nonCompliantCriticalCount = Prelude.Nothing,
+      nonCompliantHighCount = Prelude.Nothing,
+      nonCompliantInformationalCount = Prelude.Nothing,
+      nonCompliantLowCount = Prelude.Nothing,
+      nonCompliantMediumCount = Prelude.Nothing,
+      nonCompliantUnspecifiedCount = Prelude.Nothing,
+      overallSeverity = Prelude.Nothing,
+      patchBaselineId = Prelude.Nothing,
+      patchGroup = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The type of resource for which the compliance was determined. For
+-- @AwsSsmPatchCompliance@, @ComplianceType@ is @Patch@.
+awsSsmComplianceSummary_complianceType :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Text)
+awsSsmComplianceSummary_complianceType = Lens.lens (\AwsSsmComplianceSummary' {complianceType} -> complianceType) (\s@AwsSsmComplianceSummary' {} a -> s {complianceType = a} :: AwsSsmComplianceSummary)
+
+-- | For the patches that are compliant, the number that have a severity of
+-- @CRITICAL@.
+awsSsmComplianceSummary_compliantCriticalCount :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Int)
+awsSsmComplianceSummary_compliantCriticalCount = Lens.lens (\AwsSsmComplianceSummary' {compliantCriticalCount} -> compliantCriticalCount) (\s@AwsSsmComplianceSummary' {} a -> s {compliantCriticalCount = a} :: AwsSsmComplianceSummary)
+
+-- | For the patches that are compliant, the number that have a severity of
+-- @HIGH@.
+awsSsmComplianceSummary_compliantHighCount :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Int)
+awsSsmComplianceSummary_compliantHighCount = Lens.lens (\AwsSsmComplianceSummary' {compliantHighCount} -> compliantHighCount) (\s@AwsSsmComplianceSummary' {} a -> s {compliantHighCount = a} :: AwsSsmComplianceSummary)
+
+-- | For the patches that are compliant, the number that have a severity of
+-- @INFORMATIONAL@.
+awsSsmComplianceSummary_compliantInformationalCount :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Int)
+awsSsmComplianceSummary_compliantInformationalCount = Lens.lens (\AwsSsmComplianceSummary' {compliantInformationalCount} -> compliantInformationalCount) (\s@AwsSsmComplianceSummary' {} a -> s {compliantInformationalCount = a} :: AwsSsmComplianceSummary)
+
+-- | For the patches that are compliant, the number that have a severity of
+-- @LOW@.
+awsSsmComplianceSummary_compliantLowCount :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Int)
+awsSsmComplianceSummary_compliantLowCount = Lens.lens (\AwsSsmComplianceSummary' {compliantLowCount} -> compliantLowCount) (\s@AwsSsmComplianceSummary' {} a -> s {compliantLowCount = a} :: AwsSsmComplianceSummary)
+
+-- | For the patches that are compliant, the number that have a severity of
+-- @MEDIUM@.
+awsSsmComplianceSummary_compliantMediumCount :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Int)
+awsSsmComplianceSummary_compliantMediumCount = Lens.lens (\AwsSsmComplianceSummary' {compliantMediumCount} -> compliantMediumCount) (\s@AwsSsmComplianceSummary' {} a -> s {compliantMediumCount = a} :: AwsSsmComplianceSummary)
+
+-- | For the patches that are compliant, the number that have a severity of
+-- @UNSPECIFIED@.
+awsSsmComplianceSummary_compliantUnspecifiedCount :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Int)
+awsSsmComplianceSummary_compliantUnspecifiedCount = Lens.lens (\AwsSsmComplianceSummary' {compliantUnspecifiedCount} -> compliantUnspecifiedCount) (\s@AwsSsmComplianceSummary' {} a -> s {compliantUnspecifiedCount = a} :: AwsSsmComplianceSummary)
+
+-- | The type of execution that was used determine compliance.
+awsSsmComplianceSummary_executionType :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Text)
+awsSsmComplianceSummary_executionType = Lens.lens (\AwsSsmComplianceSummary' {executionType} -> executionType) (\s@AwsSsmComplianceSummary' {} a -> s {executionType = a} :: AwsSsmComplianceSummary)
+
+-- | For the patch items that are noncompliant, the number of items that have
+-- a severity of @CRITICAL@.
+awsSsmComplianceSummary_nonCompliantCriticalCount :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Int)
+awsSsmComplianceSummary_nonCompliantCriticalCount = Lens.lens (\AwsSsmComplianceSummary' {nonCompliantCriticalCount} -> nonCompliantCriticalCount) (\s@AwsSsmComplianceSummary' {} a -> s {nonCompliantCriticalCount = a} :: AwsSsmComplianceSummary)
+
+-- | For the patches that are noncompliant, the number that have a severity
+-- of @HIGH@.
+awsSsmComplianceSummary_nonCompliantHighCount :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Int)
+awsSsmComplianceSummary_nonCompliantHighCount = Lens.lens (\AwsSsmComplianceSummary' {nonCompliantHighCount} -> nonCompliantHighCount) (\s@AwsSsmComplianceSummary' {} a -> s {nonCompliantHighCount = a} :: AwsSsmComplianceSummary)
+
+-- | For the patches that are noncompliant, the number that have a severity
+-- of @INFORMATIONAL@.
+awsSsmComplianceSummary_nonCompliantInformationalCount :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Int)
+awsSsmComplianceSummary_nonCompliantInformationalCount = Lens.lens (\AwsSsmComplianceSummary' {nonCompliantInformationalCount} -> nonCompliantInformationalCount) (\s@AwsSsmComplianceSummary' {} a -> s {nonCompliantInformationalCount = a} :: AwsSsmComplianceSummary)
+
+-- | For the patches that are noncompliant, the number that have a severity
+-- of @LOW@.
+awsSsmComplianceSummary_nonCompliantLowCount :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Int)
+awsSsmComplianceSummary_nonCompliantLowCount = Lens.lens (\AwsSsmComplianceSummary' {nonCompliantLowCount} -> nonCompliantLowCount) (\s@AwsSsmComplianceSummary' {} a -> s {nonCompliantLowCount = a} :: AwsSsmComplianceSummary)
+
+-- | For the patches that are noncompliant, the number that have a severity
+-- of @MEDIUM@.
+awsSsmComplianceSummary_nonCompliantMediumCount :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Int)
+awsSsmComplianceSummary_nonCompliantMediumCount = Lens.lens (\AwsSsmComplianceSummary' {nonCompliantMediumCount} -> nonCompliantMediumCount) (\s@AwsSsmComplianceSummary' {} a -> s {nonCompliantMediumCount = a} :: AwsSsmComplianceSummary)
+
+-- | For the patches that are noncompliant, the number that have a severity
+-- of @UNSPECIFIED@.
+awsSsmComplianceSummary_nonCompliantUnspecifiedCount :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Int)
+awsSsmComplianceSummary_nonCompliantUnspecifiedCount = Lens.lens (\AwsSsmComplianceSummary' {nonCompliantUnspecifiedCount} -> nonCompliantUnspecifiedCount) (\s@AwsSsmComplianceSummary' {} a -> s {nonCompliantUnspecifiedCount = a} :: AwsSsmComplianceSummary)
+
+-- | The highest severity for the patches. Valid values are as follows:
+--
+-- -   @CRITICAL@
+--
+-- -   @HIGH@
+--
+-- -   @MEDIUM@
+--
+-- -   @LOW@
+--
+-- -   @INFORMATIONAL@
+--
+-- -   @UNSPECIFIED@
+awsSsmComplianceSummary_overallSeverity :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Text)
+awsSsmComplianceSummary_overallSeverity = Lens.lens (\AwsSsmComplianceSummary' {overallSeverity} -> overallSeverity) (\s@AwsSsmComplianceSummary' {} a -> s {overallSeverity = a} :: AwsSsmComplianceSummary)
+
+-- | The identifier of the patch baseline. The patch baseline lists the
+-- patches that are approved for installation.
+awsSsmComplianceSummary_patchBaselineId :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Text)
+awsSsmComplianceSummary_patchBaselineId = Lens.lens (\AwsSsmComplianceSummary' {patchBaselineId} -> patchBaselineId) (\s@AwsSsmComplianceSummary' {} a -> s {patchBaselineId = a} :: AwsSsmComplianceSummary)
+
+-- | The identifier of the patch group for which compliance was determined. A
+-- patch group uses tags to group EC2 instances that should have the same
+-- patch compliance.
+awsSsmComplianceSummary_patchGroup :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Text)
+awsSsmComplianceSummary_patchGroup = Lens.lens (\AwsSsmComplianceSummary' {patchGroup} -> patchGroup) (\s@AwsSsmComplianceSummary' {} a -> s {patchGroup = a} :: AwsSsmComplianceSummary)
+
+-- | The current patch compliance status. Valid values are as follows:
+--
+-- -   @COMPLIANT@
+--
+-- -   @NON_COMPLIANT@
+--
+-- -   @UNSPECIFIED_DATA@
+awsSsmComplianceSummary_status :: Lens.Lens' AwsSsmComplianceSummary (Prelude.Maybe Prelude.Text)
+awsSsmComplianceSummary_status = Lens.lens (\AwsSsmComplianceSummary' {status} -> status) (\s@AwsSsmComplianceSummary' {} a -> s {status = a} :: AwsSsmComplianceSummary)
+
+instance Data.FromJSON AwsSsmComplianceSummary where
+  parseJSON =
+    Data.withObject
+      "AwsSsmComplianceSummary"
+      ( \x ->
+          AwsSsmComplianceSummary'
+            Prelude.<$> (x Data..:? "ComplianceType")
+            Prelude.<*> (x Data..:? "CompliantCriticalCount")
+            Prelude.<*> (x Data..:? "CompliantHighCount")
+            Prelude.<*> (x Data..:? "CompliantInformationalCount")
+            Prelude.<*> (x Data..:? "CompliantLowCount")
+            Prelude.<*> (x Data..:? "CompliantMediumCount")
+            Prelude.<*> (x Data..:? "CompliantUnspecifiedCount")
+            Prelude.<*> (x Data..:? "ExecutionType")
+            Prelude.<*> (x Data..:? "NonCompliantCriticalCount")
+            Prelude.<*> (x Data..:? "NonCompliantHighCount")
+            Prelude.<*> (x Data..:? "NonCompliantInformationalCount")
+            Prelude.<*> (x Data..:? "NonCompliantLowCount")
+            Prelude.<*> (x Data..:? "NonCompliantMediumCount")
+            Prelude.<*> (x Data..:? "NonCompliantUnspecifiedCount")
+            Prelude.<*> (x Data..:? "OverallSeverity")
+            Prelude.<*> (x Data..:? "PatchBaselineId")
+            Prelude.<*> (x Data..:? "PatchGroup")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance Prelude.Hashable AwsSsmComplianceSummary where
+  hashWithSalt _salt AwsSsmComplianceSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` complianceType
+      `Prelude.hashWithSalt` compliantCriticalCount
+      `Prelude.hashWithSalt` compliantHighCount
+      `Prelude.hashWithSalt` compliantInformationalCount
+      `Prelude.hashWithSalt` compliantLowCount
+      `Prelude.hashWithSalt` compliantMediumCount
+      `Prelude.hashWithSalt` compliantUnspecifiedCount
+      `Prelude.hashWithSalt` executionType
+      `Prelude.hashWithSalt` nonCompliantCriticalCount
+      `Prelude.hashWithSalt` nonCompliantHighCount
+      `Prelude.hashWithSalt` nonCompliantInformationalCount
+      `Prelude.hashWithSalt` nonCompliantLowCount
+      `Prelude.hashWithSalt` nonCompliantMediumCount
+      `Prelude.hashWithSalt` nonCompliantUnspecifiedCount
+      `Prelude.hashWithSalt` overallSeverity
+      `Prelude.hashWithSalt` patchBaselineId
+      `Prelude.hashWithSalt` patchGroup
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData AwsSsmComplianceSummary where
+  rnf AwsSsmComplianceSummary' {..} =
+    Prelude.rnf complianceType
+      `Prelude.seq` Prelude.rnf compliantCriticalCount
+      `Prelude.seq` Prelude.rnf compliantHighCount
+      `Prelude.seq` Prelude.rnf compliantInformationalCount
+      `Prelude.seq` Prelude.rnf compliantLowCount
+      `Prelude.seq` Prelude.rnf compliantMediumCount
+      `Prelude.seq` Prelude.rnf compliantUnspecifiedCount
+      `Prelude.seq` Prelude.rnf executionType
+      `Prelude.seq` Prelude.rnf nonCompliantCriticalCount
+      `Prelude.seq` Prelude.rnf nonCompliantHighCount
+      `Prelude.seq` Prelude.rnf nonCompliantInformationalCount
+      `Prelude.seq` Prelude.rnf nonCompliantLowCount
+      `Prelude.seq` Prelude.rnf nonCompliantMediumCount
+      `Prelude.seq` Prelude.rnf nonCompliantUnspecifiedCount
+      `Prelude.seq` Prelude.rnf overallSeverity
+      `Prelude.seq` Prelude.rnf patchBaselineId
+      `Prelude.seq` Prelude.rnf patchGroup
+      `Prelude.seq` Prelude.rnf status
+
+instance Data.ToJSON AwsSsmComplianceSummary where
+  toJSON AwsSsmComplianceSummary' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ComplianceType" Data..=)
+              Prelude.<$> complianceType,
+            ("CompliantCriticalCount" Data..=)
+              Prelude.<$> compliantCriticalCount,
+            ("CompliantHighCount" Data..=)
+              Prelude.<$> compliantHighCount,
+            ("CompliantInformationalCount" Data..=)
+              Prelude.<$> compliantInformationalCount,
+            ("CompliantLowCount" Data..=)
+              Prelude.<$> compliantLowCount,
+            ("CompliantMediumCount" Data..=)
+              Prelude.<$> compliantMediumCount,
+            ("CompliantUnspecifiedCount" Data..=)
+              Prelude.<$> compliantUnspecifiedCount,
+            ("ExecutionType" Data..=) Prelude.<$> executionType,
+            ("NonCompliantCriticalCount" Data..=)
+              Prelude.<$> nonCompliantCriticalCount,
+            ("NonCompliantHighCount" Data..=)
+              Prelude.<$> nonCompliantHighCount,
+            ("NonCompliantInformationalCount" Data..=)
+              Prelude.<$> nonCompliantInformationalCount,
+            ("NonCompliantLowCount" Data..=)
+              Prelude.<$> nonCompliantLowCount,
+            ("NonCompliantMediumCount" Data..=)
+              Prelude.<$> nonCompliantMediumCount,
+            ("NonCompliantUnspecifiedCount" Data..=)
+              Prelude.<$> nonCompliantUnspecifiedCount,
+            ("OverallSeverity" Data..=)
+              Prelude.<$> overallSeverity,
+            ("PatchBaselineId" Data..=)
+              Prelude.<$> patchBaselineId,
+            ("PatchGroup" Data..=) Prelude.<$> patchGroup,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsSsmPatch.hs b/gen/Amazonka/SecurityHub/Types/AwsSsmPatch.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsSsmPatch.hs
@@ -0,0 +1,78 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsSsmPatch
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsSsmPatch where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsSsmComplianceSummary
+
+-- | Provides details about the compliance for a patch.
+--
+-- /See:/ 'newAwsSsmPatch' smart constructor.
+data AwsSsmPatch = AwsSsmPatch'
+  { -- | The compliance status details for the patch.
+    complianceSummary :: Prelude.Maybe AwsSsmComplianceSummary
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsSsmPatch' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'complianceSummary', 'awsSsmPatch_complianceSummary' - The compliance status details for the patch.
+newAwsSsmPatch ::
+  AwsSsmPatch
+newAwsSsmPatch =
+  AwsSsmPatch' {complianceSummary = Prelude.Nothing}
+
+-- | The compliance status details for the patch.
+awsSsmPatch_complianceSummary :: Lens.Lens' AwsSsmPatch (Prelude.Maybe AwsSsmComplianceSummary)
+awsSsmPatch_complianceSummary = Lens.lens (\AwsSsmPatch' {complianceSummary} -> complianceSummary) (\s@AwsSsmPatch' {} a -> s {complianceSummary = a} :: AwsSsmPatch)
+
+instance Data.FromJSON AwsSsmPatch where
+  parseJSON =
+    Data.withObject
+      "AwsSsmPatch"
+      ( \x ->
+          AwsSsmPatch'
+            Prelude.<$> (x Data..:? "ComplianceSummary")
+      )
+
+instance Prelude.Hashable AwsSsmPatch where
+  hashWithSalt _salt AwsSsmPatch' {..} =
+    _salt `Prelude.hashWithSalt` complianceSummary
+
+instance Prelude.NFData AwsSsmPatch where
+  rnf AwsSsmPatch' {..} = Prelude.rnf complianceSummary
+
+instance Data.ToJSON AwsSsmPatch where
+  toJSON AwsSsmPatch' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ComplianceSummary" Data..=)
+              Prelude.<$> complianceSummary
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsSsmPatchComplianceDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsSsmPatchComplianceDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsSsmPatchComplianceDetails.hs
@@ -0,0 +1,84 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsSsmPatchComplianceDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsSsmPatchComplianceDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsSsmPatch
+
+-- | Provides information about the state of a patch on an instance based on
+-- the patch baseline that was used to patch the instance.
+--
+-- /See:/ 'newAwsSsmPatchComplianceDetails' smart constructor.
+data AwsSsmPatchComplianceDetails = AwsSsmPatchComplianceDetails'
+  { -- | Information about the status of a patch.
+    patch :: Prelude.Maybe AwsSsmPatch
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsSsmPatchComplianceDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'patch', 'awsSsmPatchComplianceDetails_patch' - Information about the status of a patch.
+newAwsSsmPatchComplianceDetails ::
+  AwsSsmPatchComplianceDetails
+newAwsSsmPatchComplianceDetails =
+  AwsSsmPatchComplianceDetails'
+    { patch =
+        Prelude.Nothing
+    }
+
+-- | Information about the status of a patch.
+awsSsmPatchComplianceDetails_patch :: Lens.Lens' AwsSsmPatchComplianceDetails (Prelude.Maybe AwsSsmPatch)
+awsSsmPatchComplianceDetails_patch = Lens.lens (\AwsSsmPatchComplianceDetails' {patch} -> patch) (\s@AwsSsmPatchComplianceDetails' {} a -> s {patch = a} :: AwsSsmPatchComplianceDetails)
+
+instance Data.FromJSON AwsSsmPatchComplianceDetails where
+  parseJSON =
+    Data.withObject
+      "AwsSsmPatchComplianceDetails"
+      ( \x ->
+          AwsSsmPatchComplianceDetails'
+            Prelude.<$> (x Data..:? "Patch")
+      )
+
+instance
+  Prelude.Hashable
+    AwsSsmPatchComplianceDetails
+  where
+  hashWithSalt _salt AwsSsmPatchComplianceDetails' {..} =
+    _salt `Prelude.hashWithSalt` patch
+
+instance Prelude.NFData AwsSsmPatchComplianceDetails where
+  rnf AwsSsmPatchComplianceDetails' {..} =
+    Prelude.rnf patch
+
+instance Data.ToJSON AwsSsmPatchComplianceDetails where
+  toJSON AwsSsmPatchComplianceDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Patch" Data..=) Prelude.<$> patch]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRateBasedRuleDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRateBasedRuleDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRateBasedRuleDetails.hs
@@ -0,0 +1,169 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRateBasedRuleDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRateBasedRuleDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafRateBasedRuleMatchPredicate
+
+-- | Details about a rate-based rule for global resources. A rate-based rule
+-- provides settings to indicate when to allow, block, or count a request.
+-- Rate-based rules include the number of requests that arrive over a
+-- specified period of time.
+--
+-- /See:/ 'newAwsWafRateBasedRuleDetails' smart constructor.
+data AwsWafRateBasedRuleDetails = AwsWafRateBasedRuleDetails'
+  { -- | The predicates to include in the rate-based rule.
+    matchPredicates :: Prelude.Maybe [AwsWafRateBasedRuleMatchPredicate],
+    -- | The name of the metrics for the rate-based rule.
+    metricName :: Prelude.Maybe Prelude.Text,
+    -- | The name of the rate-based rule.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The field that WAF uses to determine whether requests are likely
+    -- arriving from single source and are subject to rate monitoring.
+    rateKey :: Prelude.Maybe Prelude.Text,
+    -- | The maximum number of requests that have an identical value for the
+    -- field specified in @RateKey@ that are allowed within a five-minute
+    -- period. If the number of requests exceeds @RateLimit@ and the other
+    -- predicates specified in the rule are met, WAF triggers the action for
+    -- the rule.
+    rateLimit :: Prelude.Maybe Prelude.Integer,
+    -- | The unique identifier for the rate-based rule.
+    ruleId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRateBasedRuleDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'matchPredicates', 'awsWafRateBasedRuleDetails_matchPredicates' - The predicates to include in the rate-based rule.
+--
+-- 'metricName', 'awsWafRateBasedRuleDetails_metricName' - The name of the metrics for the rate-based rule.
+--
+-- 'name', 'awsWafRateBasedRuleDetails_name' - The name of the rate-based rule.
+--
+-- 'rateKey', 'awsWafRateBasedRuleDetails_rateKey' - The field that WAF uses to determine whether requests are likely
+-- arriving from single source and are subject to rate monitoring.
+--
+-- 'rateLimit', 'awsWafRateBasedRuleDetails_rateLimit' - The maximum number of requests that have an identical value for the
+-- field specified in @RateKey@ that are allowed within a five-minute
+-- period. If the number of requests exceeds @RateLimit@ and the other
+-- predicates specified in the rule are met, WAF triggers the action for
+-- the rule.
+--
+-- 'ruleId', 'awsWafRateBasedRuleDetails_ruleId' - The unique identifier for the rate-based rule.
+newAwsWafRateBasedRuleDetails ::
+  AwsWafRateBasedRuleDetails
+newAwsWafRateBasedRuleDetails =
+  AwsWafRateBasedRuleDetails'
+    { matchPredicates =
+        Prelude.Nothing,
+      metricName = Prelude.Nothing,
+      name = Prelude.Nothing,
+      rateKey = Prelude.Nothing,
+      rateLimit = Prelude.Nothing,
+      ruleId = Prelude.Nothing
+    }
+
+-- | The predicates to include in the rate-based rule.
+awsWafRateBasedRuleDetails_matchPredicates :: Lens.Lens' AwsWafRateBasedRuleDetails (Prelude.Maybe [AwsWafRateBasedRuleMatchPredicate])
+awsWafRateBasedRuleDetails_matchPredicates = Lens.lens (\AwsWafRateBasedRuleDetails' {matchPredicates} -> matchPredicates) (\s@AwsWafRateBasedRuleDetails' {} a -> s {matchPredicates = a} :: AwsWafRateBasedRuleDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the metrics for the rate-based rule.
+awsWafRateBasedRuleDetails_metricName :: Lens.Lens' AwsWafRateBasedRuleDetails (Prelude.Maybe Prelude.Text)
+awsWafRateBasedRuleDetails_metricName = Lens.lens (\AwsWafRateBasedRuleDetails' {metricName} -> metricName) (\s@AwsWafRateBasedRuleDetails' {} a -> s {metricName = a} :: AwsWafRateBasedRuleDetails)
+
+-- | The name of the rate-based rule.
+awsWafRateBasedRuleDetails_name :: Lens.Lens' AwsWafRateBasedRuleDetails (Prelude.Maybe Prelude.Text)
+awsWafRateBasedRuleDetails_name = Lens.lens (\AwsWafRateBasedRuleDetails' {name} -> name) (\s@AwsWafRateBasedRuleDetails' {} a -> s {name = a} :: AwsWafRateBasedRuleDetails)
+
+-- | The field that WAF uses to determine whether requests are likely
+-- arriving from single source and are subject to rate monitoring.
+awsWafRateBasedRuleDetails_rateKey :: Lens.Lens' AwsWafRateBasedRuleDetails (Prelude.Maybe Prelude.Text)
+awsWafRateBasedRuleDetails_rateKey = Lens.lens (\AwsWafRateBasedRuleDetails' {rateKey} -> rateKey) (\s@AwsWafRateBasedRuleDetails' {} a -> s {rateKey = a} :: AwsWafRateBasedRuleDetails)
+
+-- | The maximum number of requests that have an identical value for the
+-- field specified in @RateKey@ that are allowed within a five-minute
+-- period. If the number of requests exceeds @RateLimit@ and the other
+-- predicates specified in the rule are met, WAF triggers the action for
+-- the rule.
+awsWafRateBasedRuleDetails_rateLimit :: Lens.Lens' AwsWafRateBasedRuleDetails (Prelude.Maybe Prelude.Integer)
+awsWafRateBasedRuleDetails_rateLimit = Lens.lens (\AwsWafRateBasedRuleDetails' {rateLimit} -> rateLimit) (\s@AwsWafRateBasedRuleDetails' {} a -> s {rateLimit = a} :: AwsWafRateBasedRuleDetails)
+
+-- | The unique identifier for the rate-based rule.
+awsWafRateBasedRuleDetails_ruleId :: Lens.Lens' AwsWafRateBasedRuleDetails (Prelude.Maybe Prelude.Text)
+awsWafRateBasedRuleDetails_ruleId = Lens.lens (\AwsWafRateBasedRuleDetails' {ruleId} -> ruleId) (\s@AwsWafRateBasedRuleDetails' {} a -> s {ruleId = a} :: AwsWafRateBasedRuleDetails)
+
+instance Data.FromJSON AwsWafRateBasedRuleDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafRateBasedRuleDetails"
+      ( \x ->
+          AwsWafRateBasedRuleDetails'
+            Prelude.<$> ( x
+                            Data..:? "MatchPredicates"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "MetricName")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "RateKey")
+            Prelude.<*> (x Data..:? "RateLimit")
+            Prelude.<*> (x Data..:? "RuleId")
+      )
+
+instance Prelude.Hashable AwsWafRateBasedRuleDetails where
+  hashWithSalt _salt AwsWafRateBasedRuleDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` matchPredicates
+      `Prelude.hashWithSalt` metricName
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` rateKey
+      `Prelude.hashWithSalt` rateLimit
+      `Prelude.hashWithSalt` ruleId
+
+instance Prelude.NFData AwsWafRateBasedRuleDetails where
+  rnf AwsWafRateBasedRuleDetails' {..} =
+    Prelude.rnf matchPredicates
+      `Prelude.seq` Prelude.rnf metricName
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf rateKey
+      `Prelude.seq` Prelude.rnf rateLimit
+      `Prelude.seq` Prelude.rnf ruleId
+
+instance Data.ToJSON AwsWafRateBasedRuleDetails where
+  toJSON AwsWafRateBasedRuleDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MatchPredicates" Data..=)
+              Prelude.<$> matchPredicates,
+            ("MetricName" Data..=) Prelude.<$> metricName,
+            ("Name" Data..=) Prelude.<$> name,
+            ("RateKey" Data..=) Prelude.<$> rateKey,
+            ("RateLimit" Data..=) Prelude.<$> rateLimit,
+            ("RuleId" Data..=) Prelude.<$> ruleId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRateBasedRuleMatchPredicate.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRateBasedRuleMatchPredicate.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRateBasedRuleMatchPredicate.hs
@@ -0,0 +1,176 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRateBasedRuleMatchPredicate
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRateBasedRuleMatchPredicate where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A match predicate. A predicate might look for characteristics such as
+-- specific IP addresses, geographic locations, or sizes.
+--
+-- /See:/ 'newAwsWafRateBasedRuleMatchPredicate' smart constructor.
+data AwsWafRateBasedRuleMatchPredicate = AwsWafRateBasedRuleMatchPredicate'
+  { -- | The unique identifier for the predicate.
+    dataId :: Prelude.Maybe Prelude.Text,
+    -- | If set to @true@, then the rule actions are performed on requests that
+    -- match the predicate settings.
+    --
+    -- If set to @false@, then the rule actions are performed on all requests
+    -- except those that match the predicate settings.
+    negated :: Prelude.Maybe Prelude.Bool,
+    -- | The type of predicate. Valid values are as follows:
+    --
+    -- -   @ByteMatch@
+    --
+    -- -   @GeoMatch@
+    --
+    -- -   @IPMatch@
+    --
+    -- -   @RegexMatch@
+    --
+    -- -   @SizeConstraint@
+    --
+    -- -   @SqlInjectionMatch@
+    --
+    -- -   @XssMatch@
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRateBasedRuleMatchPredicate' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dataId', 'awsWafRateBasedRuleMatchPredicate_dataId' - The unique identifier for the predicate.
+--
+-- 'negated', 'awsWafRateBasedRuleMatchPredicate_negated' - If set to @true@, then the rule actions are performed on requests that
+-- match the predicate settings.
+--
+-- If set to @false@, then the rule actions are performed on all requests
+-- except those that match the predicate settings.
+--
+-- 'type'', 'awsWafRateBasedRuleMatchPredicate_type' - The type of predicate. Valid values are as follows:
+--
+-- -   @ByteMatch@
+--
+-- -   @GeoMatch@
+--
+-- -   @IPMatch@
+--
+-- -   @RegexMatch@
+--
+-- -   @SizeConstraint@
+--
+-- -   @SqlInjectionMatch@
+--
+-- -   @XssMatch@
+newAwsWafRateBasedRuleMatchPredicate ::
+  AwsWafRateBasedRuleMatchPredicate
+newAwsWafRateBasedRuleMatchPredicate =
+  AwsWafRateBasedRuleMatchPredicate'
+    { dataId =
+        Prelude.Nothing,
+      negated = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The unique identifier for the predicate.
+awsWafRateBasedRuleMatchPredicate_dataId :: Lens.Lens' AwsWafRateBasedRuleMatchPredicate (Prelude.Maybe Prelude.Text)
+awsWafRateBasedRuleMatchPredicate_dataId = Lens.lens (\AwsWafRateBasedRuleMatchPredicate' {dataId} -> dataId) (\s@AwsWafRateBasedRuleMatchPredicate' {} a -> s {dataId = a} :: AwsWafRateBasedRuleMatchPredicate)
+
+-- | If set to @true@, then the rule actions are performed on requests that
+-- match the predicate settings.
+--
+-- If set to @false@, then the rule actions are performed on all requests
+-- except those that match the predicate settings.
+awsWafRateBasedRuleMatchPredicate_negated :: Lens.Lens' AwsWafRateBasedRuleMatchPredicate (Prelude.Maybe Prelude.Bool)
+awsWafRateBasedRuleMatchPredicate_negated = Lens.lens (\AwsWafRateBasedRuleMatchPredicate' {negated} -> negated) (\s@AwsWafRateBasedRuleMatchPredicate' {} a -> s {negated = a} :: AwsWafRateBasedRuleMatchPredicate)
+
+-- | The type of predicate. Valid values are as follows:
+--
+-- -   @ByteMatch@
+--
+-- -   @GeoMatch@
+--
+-- -   @IPMatch@
+--
+-- -   @RegexMatch@
+--
+-- -   @SizeConstraint@
+--
+-- -   @SqlInjectionMatch@
+--
+-- -   @XssMatch@
+awsWafRateBasedRuleMatchPredicate_type :: Lens.Lens' AwsWafRateBasedRuleMatchPredicate (Prelude.Maybe Prelude.Text)
+awsWafRateBasedRuleMatchPredicate_type = Lens.lens (\AwsWafRateBasedRuleMatchPredicate' {type'} -> type') (\s@AwsWafRateBasedRuleMatchPredicate' {} a -> s {type' = a} :: AwsWafRateBasedRuleMatchPredicate)
+
+instance
+  Data.FromJSON
+    AwsWafRateBasedRuleMatchPredicate
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafRateBasedRuleMatchPredicate"
+      ( \x ->
+          AwsWafRateBasedRuleMatchPredicate'
+            Prelude.<$> (x Data..:? "DataId")
+            Prelude.<*> (x Data..:? "Negated")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafRateBasedRuleMatchPredicate
+  where
+  hashWithSalt
+    _salt
+    AwsWafRateBasedRuleMatchPredicate' {..} =
+      _salt
+        `Prelude.hashWithSalt` dataId
+        `Prelude.hashWithSalt` negated
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsWafRateBasedRuleMatchPredicate
+  where
+  rnf AwsWafRateBasedRuleMatchPredicate' {..} =
+    Prelude.rnf dataId
+      `Prelude.seq` Prelude.rnf negated
+      `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsWafRateBasedRuleMatchPredicate
+  where
+  toJSON AwsWafRateBasedRuleMatchPredicate' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DataId" Data..=) Prelude.<$> dataId,
+            ("Negated" Data..=) Prelude.<$> negated,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRateBasedRuleDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRateBasedRuleDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRateBasedRuleDetails.hs
@@ -0,0 +1,183 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRegionalRateBasedRuleDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRegionalRateBasedRuleDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafRegionalRateBasedRuleMatchPredicate
+
+-- | contains details about a rate-based rule for Regional resources. A
+-- rate-based rule provides settings to indicate when to allow, block, or
+-- count a request. Rate-based rules include the number of requests that
+-- arrive over a specified period of time.
+--
+-- /See:/ 'newAwsWafRegionalRateBasedRuleDetails' smart constructor.
+data AwsWafRegionalRateBasedRuleDetails = AwsWafRegionalRateBasedRuleDetails'
+  { -- | The predicates to include in the rate-based rule.
+    matchPredicates :: Prelude.Maybe [AwsWafRegionalRateBasedRuleMatchPredicate],
+    -- | The name of the metrics for the rate-based rule.
+    metricName :: Prelude.Maybe Prelude.Text,
+    -- | The name of the rate-based rule.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The field that WAF uses to determine whether requests are likely
+    -- arriving from single source and are subject to rate monitoring.
+    rateKey :: Prelude.Maybe Prelude.Text,
+    -- | The maximum number of requests that have an identical value for the
+    -- field specified in @RateKey@ that are allowed within a five-minute
+    -- period. If the number of requests exceeds @RateLimit@ and the other
+    -- predicates specified in the rule are met, WAF triggers the action for
+    -- the rule.
+    rateLimit :: Prelude.Maybe Prelude.Integer,
+    -- | The unique identifier for the rate-based rule.
+    ruleId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRegionalRateBasedRuleDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'matchPredicates', 'awsWafRegionalRateBasedRuleDetails_matchPredicates' - The predicates to include in the rate-based rule.
+--
+-- 'metricName', 'awsWafRegionalRateBasedRuleDetails_metricName' - The name of the metrics for the rate-based rule.
+--
+-- 'name', 'awsWafRegionalRateBasedRuleDetails_name' - The name of the rate-based rule.
+--
+-- 'rateKey', 'awsWafRegionalRateBasedRuleDetails_rateKey' - The field that WAF uses to determine whether requests are likely
+-- arriving from single source and are subject to rate monitoring.
+--
+-- 'rateLimit', 'awsWafRegionalRateBasedRuleDetails_rateLimit' - The maximum number of requests that have an identical value for the
+-- field specified in @RateKey@ that are allowed within a five-minute
+-- period. If the number of requests exceeds @RateLimit@ and the other
+-- predicates specified in the rule are met, WAF triggers the action for
+-- the rule.
+--
+-- 'ruleId', 'awsWafRegionalRateBasedRuleDetails_ruleId' - The unique identifier for the rate-based rule.
+newAwsWafRegionalRateBasedRuleDetails ::
+  AwsWafRegionalRateBasedRuleDetails
+newAwsWafRegionalRateBasedRuleDetails =
+  AwsWafRegionalRateBasedRuleDetails'
+    { matchPredicates =
+        Prelude.Nothing,
+      metricName = Prelude.Nothing,
+      name = Prelude.Nothing,
+      rateKey = Prelude.Nothing,
+      rateLimit = Prelude.Nothing,
+      ruleId = Prelude.Nothing
+    }
+
+-- | The predicates to include in the rate-based rule.
+awsWafRegionalRateBasedRuleDetails_matchPredicates :: Lens.Lens' AwsWafRegionalRateBasedRuleDetails (Prelude.Maybe [AwsWafRegionalRateBasedRuleMatchPredicate])
+awsWafRegionalRateBasedRuleDetails_matchPredicates = Lens.lens (\AwsWafRegionalRateBasedRuleDetails' {matchPredicates} -> matchPredicates) (\s@AwsWafRegionalRateBasedRuleDetails' {} a -> s {matchPredicates = a} :: AwsWafRegionalRateBasedRuleDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the metrics for the rate-based rule.
+awsWafRegionalRateBasedRuleDetails_metricName :: Lens.Lens' AwsWafRegionalRateBasedRuleDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalRateBasedRuleDetails_metricName = Lens.lens (\AwsWafRegionalRateBasedRuleDetails' {metricName} -> metricName) (\s@AwsWafRegionalRateBasedRuleDetails' {} a -> s {metricName = a} :: AwsWafRegionalRateBasedRuleDetails)
+
+-- | The name of the rate-based rule.
+awsWafRegionalRateBasedRuleDetails_name :: Lens.Lens' AwsWafRegionalRateBasedRuleDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalRateBasedRuleDetails_name = Lens.lens (\AwsWafRegionalRateBasedRuleDetails' {name} -> name) (\s@AwsWafRegionalRateBasedRuleDetails' {} a -> s {name = a} :: AwsWafRegionalRateBasedRuleDetails)
+
+-- | The field that WAF uses to determine whether requests are likely
+-- arriving from single source and are subject to rate monitoring.
+awsWafRegionalRateBasedRuleDetails_rateKey :: Lens.Lens' AwsWafRegionalRateBasedRuleDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalRateBasedRuleDetails_rateKey = Lens.lens (\AwsWafRegionalRateBasedRuleDetails' {rateKey} -> rateKey) (\s@AwsWafRegionalRateBasedRuleDetails' {} a -> s {rateKey = a} :: AwsWafRegionalRateBasedRuleDetails)
+
+-- | The maximum number of requests that have an identical value for the
+-- field specified in @RateKey@ that are allowed within a five-minute
+-- period. If the number of requests exceeds @RateLimit@ and the other
+-- predicates specified in the rule are met, WAF triggers the action for
+-- the rule.
+awsWafRegionalRateBasedRuleDetails_rateLimit :: Lens.Lens' AwsWafRegionalRateBasedRuleDetails (Prelude.Maybe Prelude.Integer)
+awsWafRegionalRateBasedRuleDetails_rateLimit = Lens.lens (\AwsWafRegionalRateBasedRuleDetails' {rateLimit} -> rateLimit) (\s@AwsWafRegionalRateBasedRuleDetails' {} a -> s {rateLimit = a} :: AwsWafRegionalRateBasedRuleDetails)
+
+-- | The unique identifier for the rate-based rule.
+awsWafRegionalRateBasedRuleDetails_ruleId :: Lens.Lens' AwsWafRegionalRateBasedRuleDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalRateBasedRuleDetails_ruleId = Lens.lens (\AwsWafRegionalRateBasedRuleDetails' {ruleId} -> ruleId) (\s@AwsWafRegionalRateBasedRuleDetails' {} a -> s {ruleId = a} :: AwsWafRegionalRateBasedRuleDetails)
+
+instance
+  Data.FromJSON
+    AwsWafRegionalRateBasedRuleDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafRegionalRateBasedRuleDetails"
+      ( \x ->
+          AwsWafRegionalRateBasedRuleDetails'
+            Prelude.<$> ( x
+                            Data..:? "MatchPredicates"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "MetricName")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "RateKey")
+            Prelude.<*> (x Data..:? "RateLimit")
+            Prelude.<*> (x Data..:? "RuleId")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafRegionalRateBasedRuleDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafRegionalRateBasedRuleDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` matchPredicates
+        `Prelude.hashWithSalt` metricName
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` rateKey
+        `Prelude.hashWithSalt` rateLimit
+        `Prelude.hashWithSalt` ruleId
+
+instance
+  Prelude.NFData
+    AwsWafRegionalRateBasedRuleDetails
+  where
+  rnf AwsWafRegionalRateBasedRuleDetails' {..} =
+    Prelude.rnf matchPredicates
+      `Prelude.seq` Prelude.rnf metricName
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf rateKey
+      `Prelude.seq` Prelude.rnf rateLimit
+      `Prelude.seq` Prelude.rnf ruleId
+
+instance
+  Data.ToJSON
+    AwsWafRegionalRateBasedRuleDetails
+  where
+  toJSON AwsWafRegionalRateBasedRuleDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MatchPredicates" Data..=)
+              Prelude.<$> matchPredicates,
+            ("MetricName" Data..=) Prelude.<$> metricName,
+            ("Name" Data..=) Prelude.<$> name,
+            ("RateKey" Data..=) Prelude.<$> rateKey,
+            ("RateLimit" Data..=) Prelude.<$> rateLimit,
+            ("RuleId" Data..=) Prelude.<$> ruleId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRateBasedRuleMatchPredicate.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRateBasedRuleMatchPredicate.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRateBasedRuleMatchPredicate.hs
@@ -0,0 +1,177 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRegionalRateBasedRuleMatchPredicate
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRegionalRateBasedRuleMatchPredicate where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details for a match predicate. A predicate might look for
+-- characteristics such as specific IP addresses, geographic locations, or
+-- sizes.
+--
+-- /See:/ 'newAwsWafRegionalRateBasedRuleMatchPredicate' smart constructor.
+data AwsWafRegionalRateBasedRuleMatchPredicate = AwsWafRegionalRateBasedRuleMatchPredicate'
+  { -- | The unique identifier for the predicate.
+    dataId :: Prelude.Maybe Prelude.Text,
+    -- | If set to @true@, then the rule actions are performed on requests that
+    -- match the predicate settings.
+    --
+    -- If set to @false@, then the rule actions are performed on all requests
+    -- except those that match the predicate settings.
+    negated :: Prelude.Maybe Prelude.Bool,
+    -- | The type of predicate. Valid values are as follows:
+    --
+    -- -   @ByteMatch@
+    --
+    -- -   @GeoMatch@
+    --
+    -- -   @IPMatch@
+    --
+    -- -   @RegexMatch@
+    --
+    -- -   @SizeConstraint@
+    --
+    -- -   @SqlInjectionMatch@
+    --
+    -- -   @XssMatch@
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRegionalRateBasedRuleMatchPredicate' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dataId', 'awsWafRegionalRateBasedRuleMatchPredicate_dataId' - The unique identifier for the predicate.
+--
+-- 'negated', 'awsWafRegionalRateBasedRuleMatchPredicate_negated' - If set to @true@, then the rule actions are performed on requests that
+-- match the predicate settings.
+--
+-- If set to @false@, then the rule actions are performed on all requests
+-- except those that match the predicate settings.
+--
+-- 'type'', 'awsWafRegionalRateBasedRuleMatchPredicate_type' - The type of predicate. Valid values are as follows:
+--
+-- -   @ByteMatch@
+--
+-- -   @GeoMatch@
+--
+-- -   @IPMatch@
+--
+-- -   @RegexMatch@
+--
+-- -   @SizeConstraint@
+--
+-- -   @SqlInjectionMatch@
+--
+-- -   @XssMatch@
+newAwsWafRegionalRateBasedRuleMatchPredicate ::
+  AwsWafRegionalRateBasedRuleMatchPredicate
+newAwsWafRegionalRateBasedRuleMatchPredicate =
+  AwsWafRegionalRateBasedRuleMatchPredicate'
+    { dataId =
+        Prelude.Nothing,
+      negated = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The unique identifier for the predicate.
+awsWafRegionalRateBasedRuleMatchPredicate_dataId :: Lens.Lens' AwsWafRegionalRateBasedRuleMatchPredicate (Prelude.Maybe Prelude.Text)
+awsWafRegionalRateBasedRuleMatchPredicate_dataId = Lens.lens (\AwsWafRegionalRateBasedRuleMatchPredicate' {dataId} -> dataId) (\s@AwsWafRegionalRateBasedRuleMatchPredicate' {} a -> s {dataId = a} :: AwsWafRegionalRateBasedRuleMatchPredicate)
+
+-- | If set to @true@, then the rule actions are performed on requests that
+-- match the predicate settings.
+--
+-- If set to @false@, then the rule actions are performed on all requests
+-- except those that match the predicate settings.
+awsWafRegionalRateBasedRuleMatchPredicate_negated :: Lens.Lens' AwsWafRegionalRateBasedRuleMatchPredicate (Prelude.Maybe Prelude.Bool)
+awsWafRegionalRateBasedRuleMatchPredicate_negated = Lens.lens (\AwsWafRegionalRateBasedRuleMatchPredicate' {negated} -> negated) (\s@AwsWafRegionalRateBasedRuleMatchPredicate' {} a -> s {negated = a} :: AwsWafRegionalRateBasedRuleMatchPredicate)
+
+-- | The type of predicate. Valid values are as follows:
+--
+-- -   @ByteMatch@
+--
+-- -   @GeoMatch@
+--
+-- -   @IPMatch@
+--
+-- -   @RegexMatch@
+--
+-- -   @SizeConstraint@
+--
+-- -   @SqlInjectionMatch@
+--
+-- -   @XssMatch@
+awsWafRegionalRateBasedRuleMatchPredicate_type :: Lens.Lens' AwsWafRegionalRateBasedRuleMatchPredicate (Prelude.Maybe Prelude.Text)
+awsWafRegionalRateBasedRuleMatchPredicate_type = Lens.lens (\AwsWafRegionalRateBasedRuleMatchPredicate' {type'} -> type') (\s@AwsWafRegionalRateBasedRuleMatchPredicate' {} a -> s {type' = a} :: AwsWafRegionalRateBasedRuleMatchPredicate)
+
+instance
+  Data.FromJSON
+    AwsWafRegionalRateBasedRuleMatchPredicate
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafRegionalRateBasedRuleMatchPredicate"
+      ( \x ->
+          AwsWafRegionalRateBasedRuleMatchPredicate'
+            Prelude.<$> (x Data..:? "DataId")
+            Prelude.<*> (x Data..:? "Negated")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafRegionalRateBasedRuleMatchPredicate
+  where
+  hashWithSalt
+    _salt
+    AwsWafRegionalRateBasedRuleMatchPredicate' {..} =
+      _salt
+        `Prelude.hashWithSalt` dataId
+        `Prelude.hashWithSalt` negated
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsWafRegionalRateBasedRuleMatchPredicate
+  where
+  rnf AwsWafRegionalRateBasedRuleMatchPredicate' {..} =
+    Prelude.rnf dataId
+      `Prelude.seq` Prelude.rnf negated
+      `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsWafRegionalRateBasedRuleMatchPredicate
+  where
+  toJSON AwsWafRegionalRateBasedRuleMatchPredicate' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DataId" Data..=) Prelude.<$> dataId,
+            ("Negated" Data..=) Prelude.<$> negated,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRuleDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRuleDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRuleDetails.hs
@@ -0,0 +1,131 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRegionalRuleDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRegionalRuleDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafRegionalRulePredicateListDetails
+
+-- | Provides information about an WAF Regional rule. This rule identifies
+-- the web requests that you want to allow, block, or count.
+--
+-- /See:/ 'newAwsWafRegionalRuleDetails' smart constructor.
+data AwsWafRegionalRuleDetails = AwsWafRegionalRuleDetails'
+  { -- | A name for the metrics for the rule.
+    metricName :: Prelude.Maybe Prelude.Text,
+    -- | A descriptive name for the rule.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the @ByteMatchSet@, @IPSet@, @SqlInjectionMatchSet@,
+    -- @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@, and @SizeConstraintSet@
+    -- objects that you want to add to a rule and, for each object, indicates
+    -- whether you want to negate the settings.
+    predicateList :: Prelude.Maybe [AwsWafRegionalRulePredicateListDetails],
+    -- | The ID of the rule.
+    ruleId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRegionalRuleDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'metricName', 'awsWafRegionalRuleDetails_metricName' - A name for the metrics for the rule.
+--
+-- 'name', 'awsWafRegionalRuleDetails_name' - A descriptive name for the rule.
+--
+-- 'predicateList', 'awsWafRegionalRuleDetails_predicateList' - Specifies the @ByteMatchSet@, @IPSet@, @SqlInjectionMatchSet@,
+-- @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@, and @SizeConstraintSet@
+-- objects that you want to add to a rule and, for each object, indicates
+-- whether you want to negate the settings.
+--
+-- 'ruleId', 'awsWafRegionalRuleDetails_ruleId' - The ID of the rule.
+newAwsWafRegionalRuleDetails ::
+  AwsWafRegionalRuleDetails
+newAwsWafRegionalRuleDetails =
+  AwsWafRegionalRuleDetails'
+    { metricName =
+        Prelude.Nothing,
+      name = Prelude.Nothing,
+      predicateList = Prelude.Nothing,
+      ruleId = Prelude.Nothing
+    }
+
+-- | A name for the metrics for the rule.
+awsWafRegionalRuleDetails_metricName :: Lens.Lens' AwsWafRegionalRuleDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalRuleDetails_metricName = Lens.lens (\AwsWafRegionalRuleDetails' {metricName} -> metricName) (\s@AwsWafRegionalRuleDetails' {} a -> s {metricName = a} :: AwsWafRegionalRuleDetails)
+
+-- | A descriptive name for the rule.
+awsWafRegionalRuleDetails_name :: Lens.Lens' AwsWafRegionalRuleDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalRuleDetails_name = Lens.lens (\AwsWafRegionalRuleDetails' {name} -> name) (\s@AwsWafRegionalRuleDetails' {} a -> s {name = a} :: AwsWafRegionalRuleDetails)
+
+-- | Specifies the @ByteMatchSet@, @IPSet@, @SqlInjectionMatchSet@,
+-- @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@, and @SizeConstraintSet@
+-- objects that you want to add to a rule and, for each object, indicates
+-- whether you want to negate the settings.
+awsWafRegionalRuleDetails_predicateList :: Lens.Lens' AwsWafRegionalRuleDetails (Prelude.Maybe [AwsWafRegionalRulePredicateListDetails])
+awsWafRegionalRuleDetails_predicateList = Lens.lens (\AwsWafRegionalRuleDetails' {predicateList} -> predicateList) (\s@AwsWafRegionalRuleDetails' {} a -> s {predicateList = a} :: AwsWafRegionalRuleDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the rule.
+awsWafRegionalRuleDetails_ruleId :: Lens.Lens' AwsWafRegionalRuleDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalRuleDetails_ruleId = Lens.lens (\AwsWafRegionalRuleDetails' {ruleId} -> ruleId) (\s@AwsWafRegionalRuleDetails' {} a -> s {ruleId = a} :: AwsWafRegionalRuleDetails)
+
+instance Data.FromJSON AwsWafRegionalRuleDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafRegionalRuleDetails"
+      ( \x ->
+          AwsWafRegionalRuleDetails'
+            Prelude.<$> (x Data..:? "MetricName")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "PredicateList" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "RuleId")
+      )
+
+instance Prelude.Hashable AwsWafRegionalRuleDetails where
+  hashWithSalt _salt AwsWafRegionalRuleDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` metricName
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` predicateList
+      `Prelude.hashWithSalt` ruleId
+
+instance Prelude.NFData AwsWafRegionalRuleDetails where
+  rnf AwsWafRegionalRuleDetails' {..} =
+    Prelude.rnf metricName
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf predicateList
+      `Prelude.seq` Prelude.rnf ruleId
+
+instance Data.ToJSON AwsWafRegionalRuleDetails where
+  toJSON AwsWafRegionalRuleDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MetricName" Data..=) Prelude.<$> metricName,
+            ("Name" Data..=) Prelude.<$> name,
+            ("PredicateList" Data..=) Prelude.<$> predicateList,
+            ("RuleId" Data..=) Prelude.<$> ruleId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRuleGroupDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRuleGroupDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRuleGroupDetails.hs
@@ -0,0 +1,133 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupRulesDetails
+
+-- | Provides information about an WAF Regional rule group. The rule group is
+-- a collection of rules for inspecting and controlling web requests.
+--
+-- /See:/ 'newAwsWafRegionalRuleGroupDetails' smart constructor.
+data AwsWafRegionalRuleGroupDetails = AwsWafRegionalRuleGroupDetails'
+  { -- | A name for the metrics for this rule group.
+    metricName :: Prelude.Maybe Prelude.Text,
+    -- | The descriptive name of the rule group.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the rule group.
+    ruleGroupId :: Prelude.Maybe Prelude.Text,
+    -- | Provides information about the rule statements used to identify the web
+    -- requests that you want to allow, block, or count.
+    rules :: Prelude.Maybe [AwsWafRegionalRuleGroupRulesDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRegionalRuleGroupDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'metricName', 'awsWafRegionalRuleGroupDetails_metricName' - A name for the metrics for this rule group.
+--
+-- 'name', 'awsWafRegionalRuleGroupDetails_name' - The descriptive name of the rule group.
+--
+-- 'ruleGroupId', 'awsWafRegionalRuleGroupDetails_ruleGroupId' - The ID of the rule group.
+--
+-- 'rules', 'awsWafRegionalRuleGroupDetails_rules' - Provides information about the rule statements used to identify the web
+-- requests that you want to allow, block, or count.
+newAwsWafRegionalRuleGroupDetails ::
+  AwsWafRegionalRuleGroupDetails
+newAwsWafRegionalRuleGroupDetails =
+  AwsWafRegionalRuleGroupDetails'
+    { metricName =
+        Prelude.Nothing,
+      name = Prelude.Nothing,
+      ruleGroupId = Prelude.Nothing,
+      rules = Prelude.Nothing
+    }
+
+-- | A name for the metrics for this rule group.
+awsWafRegionalRuleGroupDetails_metricName :: Lens.Lens' AwsWafRegionalRuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalRuleGroupDetails_metricName = Lens.lens (\AwsWafRegionalRuleGroupDetails' {metricName} -> metricName) (\s@AwsWafRegionalRuleGroupDetails' {} a -> s {metricName = a} :: AwsWafRegionalRuleGroupDetails)
+
+-- | The descriptive name of the rule group.
+awsWafRegionalRuleGroupDetails_name :: Lens.Lens' AwsWafRegionalRuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalRuleGroupDetails_name = Lens.lens (\AwsWafRegionalRuleGroupDetails' {name} -> name) (\s@AwsWafRegionalRuleGroupDetails' {} a -> s {name = a} :: AwsWafRegionalRuleGroupDetails)
+
+-- | The ID of the rule group.
+awsWafRegionalRuleGroupDetails_ruleGroupId :: Lens.Lens' AwsWafRegionalRuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalRuleGroupDetails_ruleGroupId = Lens.lens (\AwsWafRegionalRuleGroupDetails' {ruleGroupId} -> ruleGroupId) (\s@AwsWafRegionalRuleGroupDetails' {} a -> s {ruleGroupId = a} :: AwsWafRegionalRuleGroupDetails)
+
+-- | Provides information about the rule statements used to identify the web
+-- requests that you want to allow, block, or count.
+awsWafRegionalRuleGroupDetails_rules :: Lens.Lens' AwsWafRegionalRuleGroupDetails (Prelude.Maybe [AwsWafRegionalRuleGroupRulesDetails])
+awsWafRegionalRuleGroupDetails_rules = Lens.lens (\AwsWafRegionalRuleGroupDetails' {rules} -> rules) (\s@AwsWafRegionalRuleGroupDetails' {} a -> s {rules = a} :: AwsWafRegionalRuleGroupDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsWafRegionalRuleGroupDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafRegionalRuleGroupDetails"
+      ( \x ->
+          AwsWafRegionalRuleGroupDetails'
+            Prelude.<$> (x Data..:? "MetricName")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "RuleGroupId")
+            Prelude.<*> (x Data..:? "Rules" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafRegionalRuleGroupDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafRegionalRuleGroupDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` metricName
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` ruleGroupId
+        `Prelude.hashWithSalt` rules
+
+instance
+  Prelude.NFData
+    AwsWafRegionalRuleGroupDetails
+  where
+  rnf AwsWafRegionalRuleGroupDetails' {..} =
+    Prelude.rnf metricName
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf ruleGroupId
+      `Prelude.seq` Prelude.rnf rules
+
+instance Data.ToJSON AwsWafRegionalRuleGroupDetails where
+  toJSON AwsWafRegionalRuleGroupDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MetricName" Data..=) Prelude.<$> metricName,
+            ("Name" Data..=) Prelude.<$> name,
+            ("RuleGroupId" Data..=) Prelude.<$> ruleGroupId,
+            ("Rules" Data..=) Prelude.<$> rules
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRuleGroupRulesActionDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRuleGroupRulesActionDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRuleGroupRulesActionDetails.hs
@@ -0,0 +1,103 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupRulesActionDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupRulesActionDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes the action that WAF should take on a web request when it
+-- matches the criteria defined in the rule.
+--
+-- /See:/ 'newAwsWafRegionalRuleGroupRulesActionDetails' smart constructor.
+data AwsWafRegionalRuleGroupRulesActionDetails = AwsWafRegionalRuleGroupRulesActionDetails'
+  { -- | Specifies the @ByteMatchSet@, @IPSet@, @SqlInjectionMatchSet@,
+    -- @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@, and @SizeConstraintSet@
+    -- objects that you want to add to a rule and, for each object, indicates
+    -- whether you want to negate the settings.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRegionalRuleGroupRulesActionDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'type'', 'awsWafRegionalRuleGroupRulesActionDetails_type' - Specifies the @ByteMatchSet@, @IPSet@, @SqlInjectionMatchSet@,
+-- @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@, and @SizeConstraintSet@
+-- objects that you want to add to a rule and, for each object, indicates
+-- whether you want to negate the settings.
+newAwsWafRegionalRuleGroupRulesActionDetails ::
+  AwsWafRegionalRuleGroupRulesActionDetails
+newAwsWafRegionalRuleGroupRulesActionDetails =
+  AwsWafRegionalRuleGroupRulesActionDetails'
+    { type' =
+        Prelude.Nothing
+    }
+
+-- | Specifies the @ByteMatchSet@, @IPSet@, @SqlInjectionMatchSet@,
+-- @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@, and @SizeConstraintSet@
+-- objects that you want to add to a rule and, for each object, indicates
+-- whether you want to negate the settings.
+awsWafRegionalRuleGroupRulesActionDetails_type :: Lens.Lens' AwsWafRegionalRuleGroupRulesActionDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalRuleGroupRulesActionDetails_type = Lens.lens (\AwsWafRegionalRuleGroupRulesActionDetails' {type'} -> type') (\s@AwsWafRegionalRuleGroupRulesActionDetails' {} a -> s {type' = a} :: AwsWafRegionalRuleGroupRulesActionDetails)
+
+instance
+  Data.FromJSON
+    AwsWafRegionalRuleGroupRulesActionDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafRegionalRuleGroupRulesActionDetails"
+      ( \x ->
+          AwsWafRegionalRuleGroupRulesActionDetails'
+            Prelude.<$> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafRegionalRuleGroupRulesActionDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafRegionalRuleGroupRulesActionDetails' {..} =
+      _salt `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsWafRegionalRuleGroupRulesActionDetails
+  where
+  rnf AwsWafRegionalRuleGroupRulesActionDetails' {..} =
+    Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsWafRegionalRuleGroupRulesActionDetails
+  where
+  toJSON AwsWafRegionalRuleGroupRulesActionDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Type" Data..=) Prelude.<$> type']
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRuleGroupRulesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRuleGroupRulesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRuleGroupRulesDetails.hs
@@ -0,0 +1,141 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupRulesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupRulesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupRulesActionDetails
+
+-- | Provides information about the rules attached to a rule group
+--
+-- /See:/ 'newAwsWafRegionalRuleGroupRulesDetails' smart constructor.
+data AwsWafRegionalRuleGroupRulesDetails = AwsWafRegionalRuleGroupRulesDetails'
+  { -- | The action that WAF should take on a web request when it matches the
+    -- criteria defined in the rule.
+    action :: Prelude.Maybe AwsWafRegionalRuleGroupRulesActionDetails,
+    -- | If you define more than one rule in a web ACL, WAF evaluates each
+    -- request against the rules in order based on the value of @Priority@.
+    priority :: Prelude.Maybe Prelude.Int,
+    -- | The ID for a rule.
+    ruleId :: Prelude.Maybe Prelude.Text,
+    -- | The type of rule in the rule group.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRegionalRuleGroupRulesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'awsWafRegionalRuleGroupRulesDetails_action' - The action that WAF should take on a web request when it matches the
+-- criteria defined in the rule.
+--
+-- 'priority', 'awsWafRegionalRuleGroupRulesDetails_priority' - If you define more than one rule in a web ACL, WAF evaluates each
+-- request against the rules in order based on the value of @Priority@.
+--
+-- 'ruleId', 'awsWafRegionalRuleGroupRulesDetails_ruleId' - The ID for a rule.
+--
+-- 'type'', 'awsWafRegionalRuleGroupRulesDetails_type' - The type of rule in the rule group.
+newAwsWafRegionalRuleGroupRulesDetails ::
+  AwsWafRegionalRuleGroupRulesDetails
+newAwsWafRegionalRuleGroupRulesDetails =
+  AwsWafRegionalRuleGroupRulesDetails'
+    { action =
+        Prelude.Nothing,
+      priority = Prelude.Nothing,
+      ruleId = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The action that WAF should take on a web request when it matches the
+-- criteria defined in the rule.
+awsWafRegionalRuleGroupRulesDetails_action :: Lens.Lens' AwsWafRegionalRuleGroupRulesDetails (Prelude.Maybe AwsWafRegionalRuleGroupRulesActionDetails)
+awsWafRegionalRuleGroupRulesDetails_action = Lens.lens (\AwsWafRegionalRuleGroupRulesDetails' {action} -> action) (\s@AwsWafRegionalRuleGroupRulesDetails' {} a -> s {action = a} :: AwsWafRegionalRuleGroupRulesDetails)
+
+-- | If you define more than one rule in a web ACL, WAF evaluates each
+-- request against the rules in order based on the value of @Priority@.
+awsWafRegionalRuleGroupRulesDetails_priority :: Lens.Lens' AwsWafRegionalRuleGroupRulesDetails (Prelude.Maybe Prelude.Int)
+awsWafRegionalRuleGroupRulesDetails_priority = Lens.lens (\AwsWafRegionalRuleGroupRulesDetails' {priority} -> priority) (\s@AwsWafRegionalRuleGroupRulesDetails' {} a -> s {priority = a} :: AwsWafRegionalRuleGroupRulesDetails)
+
+-- | The ID for a rule.
+awsWafRegionalRuleGroupRulesDetails_ruleId :: Lens.Lens' AwsWafRegionalRuleGroupRulesDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalRuleGroupRulesDetails_ruleId = Lens.lens (\AwsWafRegionalRuleGroupRulesDetails' {ruleId} -> ruleId) (\s@AwsWafRegionalRuleGroupRulesDetails' {} a -> s {ruleId = a} :: AwsWafRegionalRuleGroupRulesDetails)
+
+-- | The type of rule in the rule group.
+awsWafRegionalRuleGroupRulesDetails_type :: Lens.Lens' AwsWafRegionalRuleGroupRulesDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalRuleGroupRulesDetails_type = Lens.lens (\AwsWafRegionalRuleGroupRulesDetails' {type'} -> type') (\s@AwsWafRegionalRuleGroupRulesDetails' {} a -> s {type' = a} :: AwsWafRegionalRuleGroupRulesDetails)
+
+instance
+  Data.FromJSON
+    AwsWafRegionalRuleGroupRulesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafRegionalRuleGroupRulesDetails"
+      ( \x ->
+          AwsWafRegionalRuleGroupRulesDetails'
+            Prelude.<$> (x Data..:? "Action")
+            Prelude.<*> (x Data..:? "Priority")
+            Prelude.<*> (x Data..:? "RuleId")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafRegionalRuleGroupRulesDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafRegionalRuleGroupRulesDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` action
+        `Prelude.hashWithSalt` priority
+        `Prelude.hashWithSalt` ruleId
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsWafRegionalRuleGroupRulesDetails
+  where
+  rnf AwsWafRegionalRuleGroupRulesDetails' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf ruleId
+      `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsWafRegionalRuleGroupRulesDetails
+  where
+  toJSON AwsWafRegionalRuleGroupRulesDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Action" Data..=) Prelude.<$> action,
+            ("Priority" Data..=) Prelude.<$> priority,
+            ("RuleId" Data..=) Prelude.<$> ruleId,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRulePredicateListDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRulePredicateListDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalRulePredicateListDetails.hs
@@ -0,0 +1,133 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRegionalRulePredicateListDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRegionalRulePredicateListDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about the @ByteMatchSet@, @IPSet@,
+-- @SqlInjectionMatchSet@, @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@,
+-- and @SizeConstraintSet@ objects that you want to add to a rule and, for
+-- each object, indicates whether you want to negate the settings.
+--
+-- /See:/ 'newAwsWafRegionalRulePredicateListDetails' smart constructor.
+data AwsWafRegionalRulePredicateListDetails = AwsWafRegionalRulePredicateListDetails'
+  { -- | A unique identifier for a predicate in a rule, such as @ByteMatchSetId@
+    -- or @IPSetId@.
+    dataId :: Prelude.Maybe Prelude.Text,
+    -- | Specifies if you want WAF to allow, block, or count requests based on
+    -- the settings in the @ByteMatchSet@, @IPSet@, @SqlInjectionMatchSet@,
+    -- @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@, or @SizeConstraintSet@.
+    negated :: Prelude.Maybe Prelude.Bool,
+    -- | The type of predicate in a rule, such as @ByteMatch@ or @IPSet@.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRegionalRulePredicateListDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dataId', 'awsWafRegionalRulePredicateListDetails_dataId' - A unique identifier for a predicate in a rule, such as @ByteMatchSetId@
+-- or @IPSetId@.
+--
+-- 'negated', 'awsWafRegionalRulePredicateListDetails_negated' - Specifies if you want WAF to allow, block, or count requests based on
+-- the settings in the @ByteMatchSet@, @IPSet@, @SqlInjectionMatchSet@,
+-- @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@, or @SizeConstraintSet@.
+--
+-- 'type'', 'awsWafRegionalRulePredicateListDetails_type' - The type of predicate in a rule, such as @ByteMatch@ or @IPSet@.
+newAwsWafRegionalRulePredicateListDetails ::
+  AwsWafRegionalRulePredicateListDetails
+newAwsWafRegionalRulePredicateListDetails =
+  AwsWafRegionalRulePredicateListDetails'
+    { dataId =
+        Prelude.Nothing,
+      negated = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | A unique identifier for a predicate in a rule, such as @ByteMatchSetId@
+-- or @IPSetId@.
+awsWafRegionalRulePredicateListDetails_dataId :: Lens.Lens' AwsWafRegionalRulePredicateListDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalRulePredicateListDetails_dataId = Lens.lens (\AwsWafRegionalRulePredicateListDetails' {dataId} -> dataId) (\s@AwsWafRegionalRulePredicateListDetails' {} a -> s {dataId = a} :: AwsWafRegionalRulePredicateListDetails)
+
+-- | Specifies if you want WAF to allow, block, or count requests based on
+-- the settings in the @ByteMatchSet@, @IPSet@, @SqlInjectionMatchSet@,
+-- @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@, or @SizeConstraintSet@.
+awsWafRegionalRulePredicateListDetails_negated :: Lens.Lens' AwsWafRegionalRulePredicateListDetails (Prelude.Maybe Prelude.Bool)
+awsWafRegionalRulePredicateListDetails_negated = Lens.lens (\AwsWafRegionalRulePredicateListDetails' {negated} -> negated) (\s@AwsWafRegionalRulePredicateListDetails' {} a -> s {negated = a} :: AwsWafRegionalRulePredicateListDetails)
+
+-- | The type of predicate in a rule, such as @ByteMatch@ or @IPSet@.
+awsWafRegionalRulePredicateListDetails_type :: Lens.Lens' AwsWafRegionalRulePredicateListDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalRulePredicateListDetails_type = Lens.lens (\AwsWafRegionalRulePredicateListDetails' {type'} -> type') (\s@AwsWafRegionalRulePredicateListDetails' {} a -> s {type' = a} :: AwsWafRegionalRulePredicateListDetails)
+
+instance
+  Data.FromJSON
+    AwsWafRegionalRulePredicateListDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafRegionalRulePredicateListDetails"
+      ( \x ->
+          AwsWafRegionalRulePredicateListDetails'
+            Prelude.<$> (x Data..:? "DataId")
+            Prelude.<*> (x Data..:? "Negated")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafRegionalRulePredicateListDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafRegionalRulePredicateListDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` dataId
+        `Prelude.hashWithSalt` negated
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsWafRegionalRulePredicateListDetails
+  where
+  rnf AwsWafRegionalRulePredicateListDetails' {..} =
+    Prelude.rnf dataId
+      `Prelude.seq` Prelude.rnf negated
+      `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsWafRegionalRulePredicateListDetails
+  where
+  toJSON AwsWafRegionalRulePredicateListDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DataId" Data..=) Prelude.<$> dataId,
+            ("Negated" Data..=) Prelude.<$> negated,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRegionalWebAclDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalWebAclDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalWebAclDetails.hs
@@ -0,0 +1,142 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRegionalWebAclDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRegionalWebAclDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListDetails
+
+-- | Provides information about the web access control list (web ACL). The
+-- web ACL contains the rules that identify the requests that you want to
+-- allow, block, or count.
+--
+-- /See:/ 'newAwsWafRegionalWebAclDetails' smart constructor.
+data AwsWafRegionalWebAclDetails = AwsWafRegionalWebAclDetails'
+  { -- | The action to perform if none of the rules contained in the web ACL
+    -- match.
+    defaultAction :: Prelude.Maybe Prelude.Text,
+    -- | A name for the metrics for this web ACL.
+    metricName :: Prelude.Maybe Prelude.Text,
+    -- | A descriptive name for the web ACL.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | An array that contains the action for each rule in a web ACL, the
+    -- priority of the rule, and the ID of the rule.
+    rulesList :: Prelude.Maybe [AwsWafRegionalWebAclRulesListDetails],
+    -- | The ID of the web ACL.
+    webAclId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRegionalWebAclDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'defaultAction', 'awsWafRegionalWebAclDetails_defaultAction' - The action to perform if none of the rules contained in the web ACL
+-- match.
+--
+-- 'metricName', 'awsWafRegionalWebAclDetails_metricName' - A name for the metrics for this web ACL.
+--
+-- 'name', 'awsWafRegionalWebAclDetails_name' - A descriptive name for the web ACL.
+--
+-- 'rulesList', 'awsWafRegionalWebAclDetails_rulesList' - An array that contains the action for each rule in a web ACL, the
+-- priority of the rule, and the ID of the rule.
+--
+-- 'webAclId', 'awsWafRegionalWebAclDetails_webAclId' - The ID of the web ACL.
+newAwsWafRegionalWebAclDetails ::
+  AwsWafRegionalWebAclDetails
+newAwsWafRegionalWebAclDetails =
+  AwsWafRegionalWebAclDetails'
+    { defaultAction =
+        Prelude.Nothing,
+      metricName = Prelude.Nothing,
+      name = Prelude.Nothing,
+      rulesList = Prelude.Nothing,
+      webAclId = Prelude.Nothing
+    }
+
+-- | The action to perform if none of the rules contained in the web ACL
+-- match.
+awsWafRegionalWebAclDetails_defaultAction :: Lens.Lens' AwsWafRegionalWebAclDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalWebAclDetails_defaultAction = Lens.lens (\AwsWafRegionalWebAclDetails' {defaultAction} -> defaultAction) (\s@AwsWafRegionalWebAclDetails' {} a -> s {defaultAction = a} :: AwsWafRegionalWebAclDetails)
+
+-- | A name for the metrics for this web ACL.
+awsWafRegionalWebAclDetails_metricName :: Lens.Lens' AwsWafRegionalWebAclDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalWebAclDetails_metricName = Lens.lens (\AwsWafRegionalWebAclDetails' {metricName} -> metricName) (\s@AwsWafRegionalWebAclDetails' {} a -> s {metricName = a} :: AwsWafRegionalWebAclDetails)
+
+-- | A descriptive name for the web ACL.
+awsWafRegionalWebAclDetails_name :: Lens.Lens' AwsWafRegionalWebAclDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalWebAclDetails_name = Lens.lens (\AwsWafRegionalWebAclDetails' {name} -> name) (\s@AwsWafRegionalWebAclDetails' {} a -> s {name = a} :: AwsWafRegionalWebAclDetails)
+
+-- | An array that contains the action for each rule in a web ACL, the
+-- priority of the rule, and the ID of the rule.
+awsWafRegionalWebAclDetails_rulesList :: Lens.Lens' AwsWafRegionalWebAclDetails (Prelude.Maybe [AwsWafRegionalWebAclRulesListDetails])
+awsWafRegionalWebAclDetails_rulesList = Lens.lens (\AwsWafRegionalWebAclDetails' {rulesList} -> rulesList) (\s@AwsWafRegionalWebAclDetails' {} a -> s {rulesList = a} :: AwsWafRegionalWebAclDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the web ACL.
+awsWafRegionalWebAclDetails_webAclId :: Lens.Lens' AwsWafRegionalWebAclDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalWebAclDetails_webAclId = Lens.lens (\AwsWafRegionalWebAclDetails' {webAclId} -> webAclId) (\s@AwsWafRegionalWebAclDetails' {} a -> s {webAclId = a} :: AwsWafRegionalWebAclDetails)
+
+instance Data.FromJSON AwsWafRegionalWebAclDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafRegionalWebAclDetails"
+      ( \x ->
+          AwsWafRegionalWebAclDetails'
+            Prelude.<$> (x Data..:? "DefaultAction")
+            Prelude.<*> (x Data..:? "MetricName")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "RulesList" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "WebAclId")
+      )
+
+instance Prelude.Hashable AwsWafRegionalWebAclDetails where
+  hashWithSalt _salt AwsWafRegionalWebAclDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` defaultAction
+      `Prelude.hashWithSalt` metricName
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` rulesList
+      `Prelude.hashWithSalt` webAclId
+
+instance Prelude.NFData AwsWafRegionalWebAclDetails where
+  rnf AwsWafRegionalWebAclDetails' {..} =
+    Prelude.rnf defaultAction
+      `Prelude.seq` Prelude.rnf metricName
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf rulesList
+      `Prelude.seq` Prelude.rnf webAclId
+
+instance Data.ToJSON AwsWafRegionalWebAclDetails where
+  toJSON AwsWafRegionalWebAclDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DefaultAction" Data..=) Prelude.<$> defaultAction,
+            ("MetricName" Data..=) Prelude.<$> metricName,
+            ("Name" Data..=) Prelude.<$> name,
+            ("RulesList" Data..=) Prelude.<$> rulesList,
+            ("WebAclId" Data..=) Prelude.<$> webAclId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRegionalWebAclRulesListActionDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalWebAclRulesListActionDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalWebAclRulesListActionDetails.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListActionDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListActionDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The action that WAF takes when a web request matches all conditions in
+-- the rule, such as allow, block, or count the request.
+--
+-- /See:/ 'newAwsWafRegionalWebAclRulesListActionDetails' smart constructor.
+data AwsWafRegionalWebAclRulesListActionDetails = AwsWafRegionalWebAclRulesListActionDetails'
+  { -- | For actions that are associated with a rule, the action that WAF takes
+    -- when a web request matches all conditions in a rule.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRegionalWebAclRulesListActionDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'type'', 'awsWafRegionalWebAclRulesListActionDetails_type' - For actions that are associated with a rule, the action that WAF takes
+-- when a web request matches all conditions in a rule.
+newAwsWafRegionalWebAclRulesListActionDetails ::
+  AwsWafRegionalWebAclRulesListActionDetails
+newAwsWafRegionalWebAclRulesListActionDetails =
+  AwsWafRegionalWebAclRulesListActionDetails'
+    { type' =
+        Prelude.Nothing
+    }
+
+-- | For actions that are associated with a rule, the action that WAF takes
+-- when a web request matches all conditions in a rule.
+awsWafRegionalWebAclRulesListActionDetails_type :: Lens.Lens' AwsWafRegionalWebAclRulesListActionDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalWebAclRulesListActionDetails_type = Lens.lens (\AwsWafRegionalWebAclRulesListActionDetails' {type'} -> type') (\s@AwsWafRegionalWebAclRulesListActionDetails' {} a -> s {type' = a} :: AwsWafRegionalWebAclRulesListActionDetails)
+
+instance
+  Data.FromJSON
+    AwsWafRegionalWebAclRulesListActionDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafRegionalWebAclRulesListActionDetails"
+      ( \x ->
+          AwsWafRegionalWebAclRulesListActionDetails'
+            Prelude.<$> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafRegionalWebAclRulesListActionDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafRegionalWebAclRulesListActionDetails' {..} =
+      _salt `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsWafRegionalWebAclRulesListActionDetails
+  where
+  rnf AwsWafRegionalWebAclRulesListActionDetails' {..} =
+    Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsWafRegionalWebAclRulesListActionDetails
+  where
+  toJSON
+    AwsWafRegionalWebAclRulesListActionDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Type" Data..=) Prelude.<$> type']
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRegionalWebAclRulesListDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalWebAclRulesListDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalWebAclRulesListDetails.hs
@@ -0,0 +1,158 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListActionDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListOverrideActionDetails
+
+-- | A combination of @ByteMatchSet@, @IPSet@, and\/or @SqlInjectionMatchSet@
+-- objects that identify the web requests that you want to allow, block, or
+-- count.
+--
+-- /See:/ 'newAwsWafRegionalWebAclRulesListDetails' smart constructor.
+data AwsWafRegionalWebAclRulesListDetails = AwsWafRegionalWebAclRulesListDetails'
+  { -- | The action that WAF takes when a web request matches all conditions in
+    -- the rule, such as allow, block, or count the request.
+    action :: Prelude.Maybe AwsWafRegionalWebAclRulesListActionDetails,
+    -- | Overrides the rule evaluation result in the rule group.
+    overrideAction :: Prelude.Maybe AwsWafRegionalWebAclRulesListOverrideActionDetails,
+    -- | The order in which WAF evaluates the rules in a web ACL.
+    priority :: Prelude.Maybe Prelude.Int,
+    -- | The ID of an WAF Regional rule to associate with a web ACL.
+    ruleId :: Prelude.Maybe Prelude.Text,
+    -- | For actions that are associated with a rule, the action that WAF takes
+    -- when a web request matches all conditions in a rule.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRegionalWebAclRulesListDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'awsWafRegionalWebAclRulesListDetails_action' - The action that WAF takes when a web request matches all conditions in
+-- the rule, such as allow, block, or count the request.
+--
+-- 'overrideAction', 'awsWafRegionalWebAclRulesListDetails_overrideAction' - Overrides the rule evaluation result in the rule group.
+--
+-- 'priority', 'awsWafRegionalWebAclRulesListDetails_priority' - The order in which WAF evaluates the rules in a web ACL.
+--
+-- 'ruleId', 'awsWafRegionalWebAclRulesListDetails_ruleId' - The ID of an WAF Regional rule to associate with a web ACL.
+--
+-- 'type'', 'awsWafRegionalWebAclRulesListDetails_type' - For actions that are associated with a rule, the action that WAF takes
+-- when a web request matches all conditions in a rule.
+newAwsWafRegionalWebAclRulesListDetails ::
+  AwsWafRegionalWebAclRulesListDetails
+newAwsWafRegionalWebAclRulesListDetails =
+  AwsWafRegionalWebAclRulesListDetails'
+    { action =
+        Prelude.Nothing,
+      overrideAction = Prelude.Nothing,
+      priority = Prelude.Nothing,
+      ruleId = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The action that WAF takes when a web request matches all conditions in
+-- the rule, such as allow, block, or count the request.
+awsWafRegionalWebAclRulesListDetails_action :: Lens.Lens' AwsWafRegionalWebAclRulesListDetails (Prelude.Maybe AwsWafRegionalWebAclRulesListActionDetails)
+awsWafRegionalWebAclRulesListDetails_action = Lens.lens (\AwsWafRegionalWebAclRulesListDetails' {action} -> action) (\s@AwsWafRegionalWebAclRulesListDetails' {} a -> s {action = a} :: AwsWafRegionalWebAclRulesListDetails)
+
+-- | Overrides the rule evaluation result in the rule group.
+awsWafRegionalWebAclRulesListDetails_overrideAction :: Lens.Lens' AwsWafRegionalWebAclRulesListDetails (Prelude.Maybe AwsWafRegionalWebAclRulesListOverrideActionDetails)
+awsWafRegionalWebAclRulesListDetails_overrideAction = Lens.lens (\AwsWafRegionalWebAclRulesListDetails' {overrideAction} -> overrideAction) (\s@AwsWafRegionalWebAclRulesListDetails' {} a -> s {overrideAction = a} :: AwsWafRegionalWebAclRulesListDetails)
+
+-- | The order in which WAF evaluates the rules in a web ACL.
+awsWafRegionalWebAclRulesListDetails_priority :: Lens.Lens' AwsWafRegionalWebAclRulesListDetails (Prelude.Maybe Prelude.Int)
+awsWafRegionalWebAclRulesListDetails_priority = Lens.lens (\AwsWafRegionalWebAclRulesListDetails' {priority} -> priority) (\s@AwsWafRegionalWebAclRulesListDetails' {} a -> s {priority = a} :: AwsWafRegionalWebAclRulesListDetails)
+
+-- | The ID of an WAF Regional rule to associate with a web ACL.
+awsWafRegionalWebAclRulesListDetails_ruleId :: Lens.Lens' AwsWafRegionalWebAclRulesListDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalWebAclRulesListDetails_ruleId = Lens.lens (\AwsWafRegionalWebAclRulesListDetails' {ruleId} -> ruleId) (\s@AwsWafRegionalWebAclRulesListDetails' {} a -> s {ruleId = a} :: AwsWafRegionalWebAclRulesListDetails)
+
+-- | For actions that are associated with a rule, the action that WAF takes
+-- when a web request matches all conditions in a rule.
+awsWafRegionalWebAclRulesListDetails_type :: Lens.Lens' AwsWafRegionalWebAclRulesListDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalWebAclRulesListDetails_type = Lens.lens (\AwsWafRegionalWebAclRulesListDetails' {type'} -> type') (\s@AwsWafRegionalWebAclRulesListDetails' {} a -> s {type' = a} :: AwsWafRegionalWebAclRulesListDetails)
+
+instance
+  Data.FromJSON
+    AwsWafRegionalWebAclRulesListDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafRegionalWebAclRulesListDetails"
+      ( \x ->
+          AwsWafRegionalWebAclRulesListDetails'
+            Prelude.<$> (x Data..:? "Action")
+            Prelude.<*> (x Data..:? "OverrideAction")
+            Prelude.<*> (x Data..:? "Priority")
+            Prelude.<*> (x Data..:? "RuleId")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafRegionalWebAclRulesListDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafRegionalWebAclRulesListDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` action
+        `Prelude.hashWithSalt` overrideAction
+        `Prelude.hashWithSalt` priority
+        `Prelude.hashWithSalt` ruleId
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsWafRegionalWebAclRulesListDetails
+  where
+  rnf AwsWafRegionalWebAclRulesListDetails' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf overrideAction
+      `Prelude.seq` Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf ruleId
+      `Prelude.seq` Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsWafRegionalWebAclRulesListDetails
+  where
+  toJSON AwsWafRegionalWebAclRulesListDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Action" Data..=) Prelude.<$> action,
+            ("OverrideAction" Data..=)
+              Prelude.<$> overrideAction,
+            ("Priority" Data..=) Prelude.<$> priority,
+            ("RuleId" Data..=) Prelude.<$> ruleId,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRegionalWebAclRulesListOverrideActionDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalWebAclRulesListOverrideActionDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRegionalWebAclRulesListOverrideActionDetails.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListOverrideActionDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRegionalWebAclRulesListOverrideActionDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about the action to use in the place of the action that
+-- results from the rule group evaluation.
+--
+-- /See:/ 'newAwsWafRegionalWebAclRulesListOverrideActionDetails' smart constructor.
+data AwsWafRegionalWebAclRulesListOverrideActionDetails = AwsWafRegionalWebAclRulesListOverrideActionDetails'
+  { -- | Overrides the rule evaluation result in the rule group.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRegionalWebAclRulesListOverrideActionDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'type'', 'awsWafRegionalWebAclRulesListOverrideActionDetails_type' - Overrides the rule evaluation result in the rule group.
+newAwsWafRegionalWebAclRulesListOverrideActionDetails ::
+  AwsWafRegionalWebAclRulesListOverrideActionDetails
+newAwsWafRegionalWebAclRulesListOverrideActionDetails =
+  AwsWafRegionalWebAclRulesListOverrideActionDetails'
+    { type' =
+        Prelude.Nothing
+    }
+
+-- | Overrides the rule evaluation result in the rule group.
+awsWafRegionalWebAclRulesListOverrideActionDetails_type :: Lens.Lens' AwsWafRegionalWebAclRulesListOverrideActionDetails (Prelude.Maybe Prelude.Text)
+awsWafRegionalWebAclRulesListOverrideActionDetails_type = Lens.lens (\AwsWafRegionalWebAclRulesListOverrideActionDetails' {type'} -> type') (\s@AwsWafRegionalWebAclRulesListOverrideActionDetails' {} a -> s {type' = a} :: AwsWafRegionalWebAclRulesListOverrideActionDetails)
+
+instance
+  Data.FromJSON
+    AwsWafRegionalWebAclRulesListOverrideActionDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafRegionalWebAclRulesListOverrideActionDetails"
+      ( \x ->
+          AwsWafRegionalWebAclRulesListOverrideActionDetails'
+            Prelude.<$> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafRegionalWebAclRulesListOverrideActionDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafRegionalWebAclRulesListOverrideActionDetails' {..} =
+      _salt `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsWafRegionalWebAclRulesListOverrideActionDetails
+  where
+  rnf
+    AwsWafRegionalWebAclRulesListOverrideActionDetails' {..} =
+      Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsWafRegionalWebAclRulesListOverrideActionDetails
+  where
+  toJSON
+    AwsWafRegionalWebAclRulesListOverrideActionDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Type" Data..=) Prelude.<$> type']
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRuleDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRuleDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRuleDetails.hs
@@ -0,0 +1,130 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRuleDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRuleDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafRulePredicateListDetails
+
+-- | Provides information about a WAF rule. This rule specifies the web
+-- requests that you want to allow, block, or count.
+--
+-- /See:/ 'newAwsWafRuleDetails' smart constructor.
+data AwsWafRuleDetails = AwsWafRuleDetails'
+  { -- | The name of the metrics for this rule.
+    metricName :: Prelude.Maybe Prelude.Text,
+    -- | A descriptive name for the rule.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the @ByteMatchSet@, @IPSet@, @SqlInjectionMatchSet@,
+    -- @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@, and @SizeConstraintSet@
+    -- objects that you want to add to a rule and, for each object, indicates
+    -- whether you want to negate the settings.
+    predicateList :: Prelude.Maybe [AwsWafRulePredicateListDetails],
+    -- | The ID of the WAF rule.
+    ruleId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRuleDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'metricName', 'awsWafRuleDetails_metricName' - The name of the metrics for this rule.
+--
+-- 'name', 'awsWafRuleDetails_name' - A descriptive name for the rule.
+--
+-- 'predicateList', 'awsWafRuleDetails_predicateList' - Specifies the @ByteMatchSet@, @IPSet@, @SqlInjectionMatchSet@,
+-- @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@, and @SizeConstraintSet@
+-- objects that you want to add to a rule and, for each object, indicates
+-- whether you want to negate the settings.
+--
+-- 'ruleId', 'awsWafRuleDetails_ruleId' - The ID of the WAF rule.
+newAwsWafRuleDetails ::
+  AwsWafRuleDetails
+newAwsWafRuleDetails =
+  AwsWafRuleDetails'
+    { metricName = Prelude.Nothing,
+      name = Prelude.Nothing,
+      predicateList = Prelude.Nothing,
+      ruleId = Prelude.Nothing
+    }
+
+-- | The name of the metrics for this rule.
+awsWafRuleDetails_metricName :: Lens.Lens' AwsWafRuleDetails (Prelude.Maybe Prelude.Text)
+awsWafRuleDetails_metricName = Lens.lens (\AwsWafRuleDetails' {metricName} -> metricName) (\s@AwsWafRuleDetails' {} a -> s {metricName = a} :: AwsWafRuleDetails)
+
+-- | A descriptive name for the rule.
+awsWafRuleDetails_name :: Lens.Lens' AwsWafRuleDetails (Prelude.Maybe Prelude.Text)
+awsWafRuleDetails_name = Lens.lens (\AwsWafRuleDetails' {name} -> name) (\s@AwsWafRuleDetails' {} a -> s {name = a} :: AwsWafRuleDetails)
+
+-- | Specifies the @ByteMatchSet@, @IPSet@, @SqlInjectionMatchSet@,
+-- @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@, and @SizeConstraintSet@
+-- objects that you want to add to a rule and, for each object, indicates
+-- whether you want to negate the settings.
+awsWafRuleDetails_predicateList :: Lens.Lens' AwsWafRuleDetails (Prelude.Maybe [AwsWafRulePredicateListDetails])
+awsWafRuleDetails_predicateList = Lens.lens (\AwsWafRuleDetails' {predicateList} -> predicateList) (\s@AwsWafRuleDetails' {} a -> s {predicateList = a} :: AwsWafRuleDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the WAF rule.
+awsWafRuleDetails_ruleId :: Lens.Lens' AwsWafRuleDetails (Prelude.Maybe Prelude.Text)
+awsWafRuleDetails_ruleId = Lens.lens (\AwsWafRuleDetails' {ruleId} -> ruleId) (\s@AwsWafRuleDetails' {} a -> s {ruleId = a} :: AwsWafRuleDetails)
+
+instance Data.FromJSON AwsWafRuleDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafRuleDetails"
+      ( \x ->
+          AwsWafRuleDetails'
+            Prelude.<$> (x Data..:? "MetricName")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "PredicateList" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "RuleId")
+      )
+
+instance Prelude.Hashable AwsWafRuleDetails where
+  hashWithSalt _salt AwsWafRuleDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` metricName
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` predicateList
+      `Prelude.hashWithSalt` ruleId
+
+instance Prelude.NFData AwsWafRuleDetails where
+  rnf AwsWafRuleDetails' {..} =
+    Prelude.rnf metricName
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf predicateList
+      `Prelude.seq` Prelude.rnf ruleId
+
+instance Data.ToJSON AwsWafRuleDetails where
+  toJSON AwsWafRuleDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MetricName" Data..=) Prelude.<$> metricName,
+            ("Name" Data..=) Prelude.<$> name,
+            ("PredicateList" Data..=) Prelude.<$> predicateList,
+            ("RuleId" Data..=) Prelude.<$> ruleId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRuleGroupDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRuleGroupDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRuleGroupDetails.hs
@@ -0,0 +1,125 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRuleGroupDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRuleGroupDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafRuleGroupRulesDetails
+
+-- | Provides information about an WAF rule group. A rule group is a
+-- collection of rules for inspecting and controlling web requests.
+--
+-- /See:/ 'newAwsWafRuleGroupDetails' smart constructor.
+data AwsWafRuleGroupDetails = AwsWafRuleGroupDetails'
+  { -- | The name of the metrics for this rule group.
+    metricName :: Prelude.Maybe Prelude.Text,
+    -- | The name of the rule group.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the rule group.
+    ruleGroupId :: Prelude.Maybe Prelude.Text,
+    -- | Provides information about the rules attached to the rule group. These
+    -- rules identify the web requests that you want to allow, block, or count.
+    rules :: Prelude.Maybe [AwsWafRuleGroupRulesDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRuleGroupDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'metricName', 'awsWafRuleGroupDetails_metricName' - The name of the metrics for this rule group.
+--
+-- 'name', 'awsWafRuleGroupDetails_name' - The name of the rule group.
+--
+-- 'ruleGroupId', 'awsWafRuleGroupDetails_ruleGroupId' - The ID of the rule group.
+--
+-- 'rules', 'awsWafRuleGroupDetails_rules' - Provides information about the rules attached to the rule group. These
+-- rules identify the web requests that you want to allow, block, or count.
+newAwsWafRuleGroupDetails ::
+  AwsWafRuleGroupDetails
+newAwsWafRuleGroupDetails =
+  AwsWafRuleGroupDetails'
+    { metricName =
+        Prelude.Nothing,
+      name = Prelude.Nothing,
+      ruleGroupId = Prelude.Nothing,
+      rules = Prelude.Nothing
+    }
+
+-- | The name of the metrics for this rule group.
+awsWafRuleGroupDetails_metricName :: Lens.Lens' AwsWafRuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsWafRuleGroupDetails_metricName = Lens.lens (\AwsWafRuleGroupDetails' {metricName} -> metricName) (\s@AwsWafRuleGroupDetails' {} a -> s {metricName = a} :: AwsWafRuleGroupDetails)
+
+-- | The name of the rule group.
+awsWafRuleGroupDetails_name :: Lens.Lens' AwsWafRuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsWafRuleGroupDetails_name = Lens.lens (\AwsWafRuleGroupDetails' {name} -> name) (\s@AwsWafRuleGroupDetails' {} a -> s {name = a} :: AwsWafRuleGroupDetails)
+
+-- | The ID of the rule group.
+awsWafRuleGroupDetails_ruleGroupId :: Lens.Lens' AwsWafRuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsWafRuleGroupDetails_ruleGroupId = Lens.lens (\AwsWafRuleGroupDetails' {ruleGroupId} -> ruleGroupId) (\s@AwsWafRuleGroupDetails' {} a -> s {ruleGroupId = a} :: AwsWafRuleGroupDetails)
+
+-- | Provides information about the rules attached to the rule group. These
+-- rules identify the web requests that you want to allow, block, or count.
+awsWafRuleGroupDetails_rules :: Lens.Lens' AwsWafRuleGroupDetails (Prelude.Maybe [AwsWafRuleGroupRulesDetails])
+awsWafRuleGroupDetails_rules = Lens.lens (\AwsWafRuleGroupDetails' {rules} -> rules) (\s@AwsWafRuleGroupDetails' {} a -> s {rules = a} :: AwsWafRuleGroupDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsWafRuleGroupDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafRuleGroupDetails"
+      ( \x ->
+          AwsWafRuleGroupDetails'
+            Prelude.<$> (x Data..:? "MetricName")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "RuleGroupId")
+            Prelude.<*> (x Data..:? "Rules" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable AwsWafRuleGroupDetails where
+  hashWithSalt _salt AwsWafRuleGroupDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` metricName
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` ruleGroupId
+      `Prelude.hashWithSalt` rules
+
+instance Prelude.NFData AwsWafRuleGroupDetails where
+  rnf AwsWafRuleGroupDetails' {..} =
+    Prelude.rnf metricName
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf ruleGroupId
+      `Prelude.seq` Prelude.rnf rules
+
+instance Data.ToJSON AwsWafRuleGroupDetails where
+  toJSON AwsWafRuleGroupDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MetricName" Data..=) Prelude.<$> metricName,
+            ("Name" Data..=) Prelude.<$> name,
+            ("RuleGroupId" Data..=) Prelude.<$> ruleGroupId,
+            ("Rules" Data..=) Prelude.<$> rules
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRuleGroupRulesActionDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRuleGroupRulesActionDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRuleGroupRulesActionDetails.hs
@@ -0,0 +1,97 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRuleGroupRulesActionDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRuleGroupRulesActionDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about what action WAF should take on a web request
+-- when it matches the criteria defined in the rule.
+--
+-- /See:/ 'newAwsWafRuleGroupRulesActionDetails' smart constructor.
+data AwsWafRuleGroupRulesActionDetails = AwsWafRuleGroupRulesActionDetails'
+  { -- | The action that WAF should take on a web request when it matches the
+    -- rule\'s statement.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRuleGroupRulesActionDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'type'', 'awsWafRuleGroupRulesActionDetails_type' - The action that WAF should take on a web request when it matches the
+-- rule\'s statement.
+newAwsWafRuleGroupRulesActionDetails ::
+  AwsWafRuleGroupRulesActionDetails
+newAwsWafRuleGroupRulesActionDetails =
+  AwsWafRuleGroupRulesActionDetails'
+    { type' =
+        Prelude.Nothing
+    }
+
+-- | The action that WAF should take on a web request when it matches the
+-- rule\'s statement.
+awsWafRuleGroupRulesActionDetails_type :: Lens.Lens' AwsWafRuleGroupRulesActionDetails (Prelude.Maybe Prelude.Text)
+awsWafRuleGroupRulesActionDetails_type = Lens.lens (\AwsWafRuleGroupRulesActionDetails' {type'} -> type') (\s@AwsWafRuleGroupRulesActionDetails' {} a -> s {type' = a} :: AwsWafRuleGroupRulesActionDetails)
+
+instance
+  Data.FromJSON
+    AwsWafRuleGroupRulesActionDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafRuleGroupRulesActionDetails"
+      ( \x ->
+          AwsWafRuleGroupRulesActionDetails'
+            Prelude.<$> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafRuleGroupRulesActionDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafRuleGroupRulesActionDetails' {..} =
+      _salt `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsWafRuleGroupRulesActionDetails
+  where
+  rnf AwsWafRuleGroupRulesActionDetails' {..} =
+    Prelude.rnf type'
+
+instance
+  Data.ToJSON
+    AwsWafRuleGroupRulesActionDetails
+  where
+  toJSON AwsWafRuleGroupRulesActionDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Type" Data..=) Prelude.<$> type']
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRuleGroupRulesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRuleGroupRulesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRuleGroupRulesDetails.hs
@@ -0,0 +1,128 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRuleGroupRulesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRuleGroupRulesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafRuleGroupRulesActionDetails
+
+-- | Provides information about the rules attached to the rule group. These
+-- rules identify the web requests that you want to allow, block, or count.
+--
+-- /See:/ 'newAwsWafRuleGroupRulesDetails' smart constructor.
+data AwsWafRuleGroupRulesDetails = AwsWafRuleGroupRulesDetails'
+  { -- | Provides information about what action WAF should take on a web request
+    -- when it matches the criteria defined in the rule.
+    action :: Prelude.Maybe AwsWafRuleGroupRulesActionDetails,
+    -- | If you define more than one rule in a web ACL, WAF evaluates each
+    -- request against the rules in order based on the value of @Priority@.
+    priority :: Prelude.Maybe Prelude.Int,
+    -- | The rule ID for a rule.
+    ruleId :: Prelude.Maybe Prelude.Text,
+    -- | The type of rule.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRuleGroupRulesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'awsWafRuleGroupRulesDetails_action' - Provides information about what action WAF should take on a web request
+-- when it matches the criteria defined in the rule.
+--
+-- 'priority', 'awsWafRuleGroupRulesDetails_priority' - If you define more than one rule in a web ACL, WAF evaluates each
+-- request against the rules in order based on the value of @Priority@.
+--
+-- 'ruleId', 'awsWafRuleGroupRulesDetails_ruleId' - The rule ID for a rule.
+--
+-- 'type'', 'awsWafRuleGroupRulesDetails_type' - The type of rule.
+newAwsWafRuleGroupRulesDetails ::
+  AwsWafRuleGroupRulesDetails
+newAwsWafRuleGroupRulesDetails =
+  AwsWafRuleGroupRulesDetails'
+    { action =
+        Prelude.Nothing,
+      priority = Prelude.Nothing,
+      ruleId = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | Provides information about what action WAF should take on a web request
+-- when it matches the criteria defined in the rule.
+awsWafRuleGroupRulesDetails_action :: Lens.Lens' AwsWafRuleGroupRulesDetails (Prelude.Maybe AwsWafRuleGroupRulesActionDetails)
+awsWafRuleGroupRulesDetails_action = Lens.lens (\AwsWafRuleGroupRulesDetails' {action} -> action) (\s@AwsWafRuleGroupRulesDetails' {} a -> s {action = a} :: AwsWafRuleGroupRulesDetails)
+
+-- | If you define more than one rule in a web ACL, WAF evaluates each
+-- request against the rules in order based on the value of @Priority@.
+awsWafRuleGroupRulesDetails_priority :: Lens.Lens' AwsWafRuleGroupRulesDetails (Prelude.Maybe Prelude.Int)
+awsWafRuleGroupRulesDetails_priority = Lens.lens (\AwsWafRuleGroupRulesDetails' {priority} -> priority) (\s@AwsWafRuleGroupRulesDetails' {} a -> s {priority = a} :: AwsWafRuleGroupRulesDetails)
+
+-- | The rule ID for a rule.
+awsWafRuleGroupRulesDetails_ruleId :: Lens.Lens' AwsWafRuleGroupRulesDetails (Prelude.Maybe Prelude.Text)
+awsWafRuleGroupRulesDetails_ruleId = Lens.lens (\AwsWafRuleGroupRulesDetails' {ruleId} -> ruleId) (\s@AwsWafRuleGroupRulesDetails' {} a -> s {ruleId = a} :: AwsWafRuleGroupRulesDetails)
+
+-- | The type of rule.
+awsWafRuleGroupRulesDetails_type :: Lens.Lens' AwsWafRuleGroupRulesDetails (Prelude.Maybe Prelude.Text)
+awsWafRuleGroupRulesDetails_type = Lens.lens (\AwsWafRuleGroupRulesDetails' {type'} -> type') (\s@AwsWafRuleGroupRulesDetails' {} a -> s {type' = a} :: AwsWafRuleGroupRulesDetails)
+
+instance Data.FromJSON AwsWafRuleGroupRulesDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafRuleGroupRulesDetails"
+      ( \x ->
+          AwsWafRuleGroupRulesDetails'
+            Prelude.<$> (x Data..:? "Action")
+            Prelude.<*> (x Data..:? "Priority")
+            Prelude.<*> (x Data..:? "RuleId")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance Prelude.Hashable AwsWafRuleGroupRulesDetails where
+  hashWithSalt _salt AwsWafRuleGroupRulesDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` priority
+      `Prelude.hashWithSalt` ruleId
+      `Prelude.hashWithSalt` type'
+
+instance Prelude.NFData AwsWafRuleGroupRulesDetails where
+  rnf AwsWafRuleGroupRulesDetails' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf ruleId
+      `Prelude.seq` Prelude.rnf type'
+
+instance Data.ToJSON AwsWafRuleGroupRulesDetails where
+  toJSON AwsWafRuleGroupRulesDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Action" Data..=) Prelude.<$> action,
+            ("Priority" Data..=) Prelude.<$> priority,
+            ("RuleId" Data..=) Prelude.<$> ruleId,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafRulePredicateListDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafRulePredicateListDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafRulePredicateListDetails.hs
@@ -0,0 +1,127 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafRulePredicateListDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafRulePredicateListDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about the @ByteMatchSet@, @IPSet@,
+-- @SqlInjectionMatchSet@, @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@,
+-- and @SizeConstraintSet@ objects that you want to add to a rule and, for
+-- each object, indicates whether you want to negate the settings.
+--
+-- /See:/ 'newAwsWafRulePredicateListDetails' smart constructor.
+data AwsWafRulePredicateListDetails = AwsWafRulePredicateListDetails'
+  { -- | A unique identifier for a predicate in a rule, such as @ByteMatchSetId@
+    -- or @IPSetId@.
+    dataId :: Prelude.Maybe Prelude.Text,
+    -- | Specifies if you want WAF to allow, block, or count requests based on
+    -- the settings in the @ByteMatchSet@, @IPSet@, @SqlInjectionMatchSet@,
+    -- @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@, or @SizeConstraintSet@.
+    negated :: Prelude.Maybe Prelude.Bool,
+    -- | The type of predicate in a rule, such as @ByteMatch@ or @IPSet@.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafRulePredicateListDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dataId', 'awsWafRulePredicateListDetails_dataId' - A unique identifier for a predicate in a rule, such as @ByteMatchSetId@
+-- or @IPSetId@.
+--
+-- 'negated', 'awsWafRulePredicateListDetails_negated' - Specifies if you want WAF to allow, block, or count requests based on
+-- the settings in the @ByteMatchSet@, @IPSet@, @SqlInjectionMatchSet@,
+-- @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@, or @SizeConstraintSet@.
+--
+-- 'type'', 'awsWafRulePredicateListDetails_type' - The type of predicate in a rule, such as @ByteMatch@ or @IPSet@.
+newAwsWafRulePredicateListDetails ::
+  AwsWafRulePredicateListDetails
+newAwsWafRulePredicateListDetails =
+  AwsWafRulePredicateListDetails'
+    { dataId =
+        Prelude.Nothing,
+      negated = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | A unique identifier for a predicate in a rule, such as @ByteMatchSetId@
+-- or @IPSetId@.
+awsWafRulePredicateListDetails_dataId :: Lens.Lens' AwsWafRulePredicateListDetails (Prelude.Maybe Prelude.Text)
+awsWafRulePredicateListDetails_dataId = Lens.lens (\AwsWafRulePredicateListDetails' {dataId} -> dataId) (\s@AwsWafRulePredicateListDetails' {} a -> s {dataId = a} :: AwsWafRulePredicateListDetails)
+
+-- | Specifies if you want WAF to allow, block, or count requests based on
+-- the settings in the @ByteMatchSet@, @IPSet@, @SqlInjectionMatchSet@,
+-- @XssMatchSet@, @RegexMatchSet@, @GeoMatchSet@, or @SizeConstraintSet@.
+awsWafRulePredicateListDetails_negated :: Lens.Lens' AwsWafRulePredicateListDetails (Prelude.Maybe Prelude.Bool)
+awsWafRulePredicateListDetails_negated = Lens.lens (\AwsWafRulePredicateListDetails' {negated} -> negated) (\s@AwsWafRulePredicateListDetails' {} a -> s {negated = a} :: AwsWafRulePredicateListDetails)
+
+-- | The type of predicate in a rule, such as @ByteMatch@ or @IPSet@.
+awsWafRulePredicateListDetails_type :: Lens.Lens' AwsWafRulePredicateListDetails (Prelude.Maybe Prelude.Text)
+awsWafRulePredicateListDetails_type = Lens.lens (\AwsWafRulePredicateListDetails' {type'} -> type') (\s@AwsWafRulePredicateListDetails' {} a -> s {type' = a} :: AwsWafRulePredicateListDetails)
+
+instance Data.FromJSON AwsWafRulePredicateListDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafRulePredicateListDetails"
+      ( \x ->
+          AwsWafRulePredicateListDetails'
+            Prelude.<$> (x Data..:? "DataId")
+            Prelude.<*> (x Data..:? "Negated")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafRulePredicateListDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafRulePredicateListDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` dataId
+        `Prelude.hashWithSalt` negated
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsWafRulePredicateListDetails
+  where
+  rnf AwsWafRulePredicateListDetails' {..} =
+    Prelude.rnf dataId
+      `Prelude.seq` Prelude.rnf negated
+      `Prelude.seq` Prelude.rnf type'
+
+instance Data.ToJSON AwsWafRulePredicateListDetails where
+  toJSON AwsWafRulePredicateListDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DataId" Data..=) Prelude.<$> dataId,
+            ("Negated" Data..=) Prelude.<$> negated,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafWebAclDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafWebAclDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafWebAclDetails.hs
@@ -0,0 +1,130 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafWebAclDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafWebAclDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafWebAclRule
+
+-- | Provides information about an WAF web access control list (web ACL).
+--
+-- /See:/ 'newAwsWafWebAclDetails' smart constructor.
+data AwsWafWebAclDetails = AwsWafWebAclDetails'
+  { -- | The action to perform if none of the rules contained in the web ACL
+    -- match.
+    defaultAction :: Prelude.Maybe Prelude.Text,
+    -- | A friendly name or description of the web ACL. You can\'t change the
+    -- name of a web ACL after you create it.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | An array that contains the action for each rule in a web ACL, the
+    -- priority of the rule, and the ID of the rule.
+    rules :: Prelude.Maybe [AwsWafWebAclRule],
+    -- | A unique identifier for a web ACL.
+    webAclId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafWebAclDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'defaultAction', 'awsWafWebAclDetails_defaultAction' - The action to perform if none of the rules contained in the web ACL
+-- match.
+--
+-- 'name', 'awsWafWebAclDetails_name' - A friendly name or description of the web ACL. You can\'t change the
+-- name of a web ACL after you create it.
+--
+-- 'rules', 'awsWafWebAclDetails_rules' - An array that contains the action for each rule in a web ACL, the
+-- priority of the rule, and the ID of the rule.
+--
+-- 'webAclId', 'awsWafWebAclDetails_webAclId' - A unique identifier for a web ACL.
+newAwsWafWebAclDetails ::
+  AwsWafWebAclDetails
+newAwsWafWebAclDetails =
+  AwsWafWebAclDetails'
+    { defaultAction =
+        Prelude.Nothing,
+      name = Prelude.Nothing,
+      rules = Prelude.Nothing,
+      webAclId = Prelude.Nothing
+    }
+
+-- | The action to perform if none of the rules contained in the web ACL
+-- match.
+awsWafWebAclDetails_defaultAction :: Lens.Lens' AwsWafWebAclDetails (Prelude.Maybe Prelude.Text)
+awsWafWebAclDetails_defaultAction = Lens.lens (\AwsWafWebAclDetails' {defaultAction} -> defaultAction) (\s@AwsWafWebAclDetails' {} a -> s {defaultAction = a} :: AwsWafWebAclDetails)
+
+-- | A friendly name or description of the web ACL. You can\'t change the
+-- name of a web ACL after you create it.
+awsWafWebAclDetails_name :: Lens.Lens' AwsWafWebAclDetails (Prelude.Maybe Prelude.Text)
+awsWafWebAclDetails_name = Lens.lens (\AwsWafWebAclDetails' {name} -> name) (\s@AwsWafWebAclDetails' {} a -> s {name = a} :: AwsWafWebAclDetails)
+
+-- | An array that contains the action for each rule in a web ACL, the
+-- priority of the rule, and the ID of the rule.
+awsWafWebAclDetails_rules :: Lens.Lens' AwsWafWebAclDetails (Prelude.Maybe [AwsWafWebAclRule])
+awsWafWebAclDetails_rules = Lens.lens (\AwsWafWebAclDetails' {rules} -> rules) (\s@AwsWafWebAclDetails' {} a -> s {rules = a} :: AwsWafWebAclDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A unique identifier for a web ACL.
+awsWafWebAclDetails_webAclId :: Lens.Lens' AwsWafWebAclDetails (Prelude.Maybe Prelude.Text)
+awsWafWebAclDetails_webAclId = Lens.lens (\AwsWafWebAclDetails' {webAclId} -> webAclId) (\s@AwsWafWebAclDetails' {} a -> s {webAclId = a} :: AwsWafWebAclDetails)
+
+instance Data.FromJSON AwsWafWebAclDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafWebAclDetails"
+      ( \x ->
+          AwsWafWebAclDetails'
+            Prelude.<$> (x Data..:? "DefaultAction")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Rules" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "WebAclId")
+      )
+
+instance Prelude.Hashable AwsWafWebAclDetails where
+  hashWithSalt _salt AwsWafWebAclDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` defaultAction
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` rules
+      `Prelude.hashWithSalt` webAclId
+
+instance Prelude.NFData AwsWafWebAclDetails where
+  rnf AwsWafWebAclDetails' {..} =
+    Prelude.rnf defaultAction
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf rules
+      `Prelude.seq` Prelude.rnf webAclId
+
+instance Data.ToJSON AwsWafWebAclDetails where
+  toJSON AwsWafWebAclDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DefaultAction" Data..=) Prelude.<$> defaultAction,
+            ("Name" Data..=) Prelude.<$> name,
+            ("Rules" Data..=) Prelude.<$> rules,
+            ("WebAclId" Data..=) Prelude.<$> webAclId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafWebAclRule.hs b/gen/Amazonka/SecurityHub/Types/AwsWafWebAclRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafWebAclRule.hs
@@ -0,0 +1,218 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafWebAclRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafWebAclRule where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.WafAction
+import Amazonka.SecurityHub.Types.WafExcludedRule
+import Amazonka.SecurityHub.Types.WafOverrideAction
+
+-- | Details for a rule in an WAF web ACL.
+--
+-- /See:/ 'newAwsWafWebAclRule' smart constructor.
+data AwsWafWebAclRule = AwsWafWebAclRule'
+  { -- | Specifies the action that CloudFront or WAF takes when a web request
+    -- matches the conditions in the rule.
+    action :: Prelude.Maybe WafAction,
+    -- | Rules to exclude from a rule group.
+    excludedRules :: Prelude.Maybe [WafExcludedRule],
+    -- | Use the @OverrideAction@ to test your @RuleGroup@.
+    --
+    -- Any rule in a @RuleGroup@ can potentially block a request. If you set
+    -- the @OverrideAction@ to @None@, the @RuleGroup@ blocks a request if any
+    -- individual rule in the @RuleGroup@ matches the request and is configured
+    -- to block that request.
+    --
+    -- However, if you first want to test the @RuleGroup@, set the
+    -- @OverrideAction@ to @Count@. The @RuleGroup@ then overrides any block
+    -- action specified by individual rules contained within the group. Instead
+    -- of blocking matching requests, those requests are counted.
+    --
+    -- @ActivatedRule@|@OverrideAction@ applies only when updating or adding a
+    -- @RuleGroup@ to a web ACL. In this case you do not use @ActivatedRule@
+    -- @Action@. For all other update requests, @ActivatedRule@ @Action@ is
+    -- used instead of @ActivatedRule@ @OverrideAction@.
+    overrideAction :: Prelude.Maybe WafOverrideAction,
+    -- | Specifies the order in which the rules in a web ACL are evaluated. Rules
+    -- with a lower value for @Priority@ are evaluated before rules with a
+    -- higher value. The value must be a unique integer. If you add multiple
+    -- rules to a web ACL, the values do not need to be consecutive.
+    priority :: Prelude.Maybe Prelude.Int,
+    -- | The identifier for a rule.
+    ruleId :: Prelude.Maybe Prelude.Text,
+    -- | The rule type.
+    --
+    -- Valid values: @REGULAR@ | @RATE_BASED@ | @GROUP@
+    --
+    -- The default is @REGULAR@.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafWebAclRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'awsWafWebAclRule_action' - Specifies the action that CloudFront or WAF takes when a web request
+-- matches the conditions in the rule.
+--
+-- 'excludedRules', 'awsWafWebAclRule_excludedRules' - Rules to exclude from a rule group.
+--
+-- 'overrideAction', 'awsWafWebAclRule_overrideAction' - Use the @OverrideAction@ to test your @RuleGroup@.
+--
+-- Any rule in a @RuleGroup@ can potentially block a request. If you set
+-- the @OverrideAction@ to @None@, the @RuleGroup@ blocks a request if any
+-- individual rule in the @RuleGroup@ matches the request and is configured
+-- to block that request.
+--
+-- However, if you first want to test the @RuleGroup@, set the
+-- @OverrideAction@ to @Count@. The @RuleGroup@ then overrides any block
+-- action specified by individual rules contained within the group. Instead
+-- of blocking matching requests, those requests are counted.
+--
+-- @ActivatedRule@|@OverrideAction@ applies only when updating or adding a
+-- @RuleGroup@ to a web ACL. In this case you do not use @ActivatedRule@
+-- @Action@. For all other update requests, @ActivatedRule@ @Action@ is
+-- used instead of @ActivatedRule@ @OverrideAction@.
+--
+-- 'priority', 'awsWafWebAclRule_priority' - Specifies the order in which the rules in a web ACL are evaluated. Rules
+-- with a lower value for @Priority@ are evaluated before rules with a
+-- higher value. The value must be a unique integer. If you add multiple
+-- rules to a web ACL, the values do not need to be consecutive.
+--
+-- 'ruleId', 'awsWafWebAclRule_ruleId' - The identifier for a rule.
+--
+-- 'type'', 'awsWafWebAclRule_type' - The rule type.
+--
+-- Valid values: @REGULAR@ | @RATE_BASED@ | @GROUP@
+--
+-- The default is @REGULAR@.
+newAwsWafWebAclRule ::
+  AwsWafWebAclRule
+newAwsWafWebAclRule =
+  AwsWafWebAclRule'
+    { action = Prelude.Nothing,
+      excludedRules = Prelude.Nothing,
+      overrideAction = Prelude.Nothing,
+      priority = Prelude.Nothing,
+      ruleId = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | Specifies the action that CloudFront or WAF takes when a web request
+-- matches the conditions in the rule.
+awsWafWebAclRule_action :: Lens.Lens' AwsWafWebAclRule (Prelude.Maybe WafAction)
+awsWafWebAclRule_action = Lens.lens (\AwsWafWebAclRule' {action} -> action) (\s@AwsWafWebAclRule' {} a -> s {action = a} :: AwsWafWebAclRule)
+
+-- | Rules to exclude from a rule group.
+awsWafWebAclRule_excludedRules :: Lens.Lens' AwsWafWebAclRule (Prelude.Maybe [WafExcludedRule])
+awsWafWebAclRule_excludedRules = Lens.lens (\AwsWafWebAclRule' {excludedRules} -> excludedRules) (\s@AwsWafWebAclRule' {} a -> s {excludedRules = a} :: AwsWafWebAclRule) Prelude.. Lens.mapping Lens.coerced
+
+-- | Use the @OverrideAction@ to test your @RuleGroup@.
+--
+-- Any rule in a @RuleGroup@ can potentially block a request. If you set
+-- the @OverrideAction@ to @None@, the @RuleGroup@ blocks a request if any
+-- individual rule in the @RuleGroup@ matches the request and is configured
+-- to block that request.
+--
+-- However, if you first want to test the @RuleGroup@, set the
+-- @OverrideAction@ to @Count@. The @RuleGroup@ then overrides any block
+-- action specified by individual rules contained within the group. Instead
+-- of blocking matching requests, those requests are counted.
+--
+-- @ActivatedRule@|@OverrideAction@ applies only when updating or adding a
+-- @RuleGroup@ to a web ACL. In this case you do not use @ActivatedRule@
+-- @Action@. For all other update requests, @ActivatedRule@ @Action@ is
+-- used instead of @ActivatedRule@ @OverrideAction@.
+awsWafWebAclRule_overrideAction :: Lens.Lens' AwsWafWebAclRule (Prelude.Maybe WafOverrideAction)
+awsWafWebAclRule_overrideAction = Lens.lens (\AwsWafWebAclRule' {overrideAction} -> overrideAction) (\s@AwsWafWebAclRule' {} a -> s {overrideAction = a} :: AwsWafWebAclRule)
+
+-- | Specifies the order in which the rules in a web ACL are evaluated. Rules
+-- with a lower value for @Priority@ are evaluated before rules with a
+-- higher value. The value must be a unique integer. If you add multiple
+-- rules to a web ACL, the values do not need to be consecutive.
+awsWafWebAclRule_priority :: Lens.Lens' AwsWafWebAclRule (Prelude.Maybe Prelude.Int)
+awsWafWebAclRule_priority = Lens.lens (\AwsWafWebAclRule' {priority} -> priority) (\s@AwsWafWebAclRule' {} a -> s {priority = a} :: AwsWafWebAclRule)
+
+-- | The identifier for a rule.
+awsWafWebAclRule_ruleId :: Lens.Lens' AwsWafWebAclRule (Prelude.Maybe Prelude.Text)
+awsWafWebAclRule_ruleId = Lens.lens (\AwsWafWebAclRule' {ruleId} -> ruleId) (\s@AwsWafWebAclRule' {} a -> s {ruleId = a} :: AwsWafWebAclRule)
+
+-- | The rule type.
+--
+-- Valid values: @REGULAR@ | @RATE_BASED@ | @GROUP@
+--
+-- The default is @REGULAR@.
+awsWafWebAclRule_type :: Lens.Lens' AwsWafWebAclRule (Prelude.Maybe Prelude.Text)
+awsWafWebAclRule_type = Lens.lens (\AwsWafWebAclRule' {type'} -> type') (\s@AwsWafWebAclRule' {} a -> s {type' = a} :: AwsWafWebAclRule)
+
+instance Data.FromJSON AwsWafWebAclRule where
+  parseJSON =
+    Data.withObject
+      "AwsWafWebAclRule"
+      ( \x ->
+          AwsWafWebAclRule'
+            Prelude.<$> (x Data..:? "Action")
+            Prelude.<*> (x Data..:? "ExcludedRules" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "OverrideAction")
+            Prelude.<*> (x Data..:? "Priority")
+            Prelude.<*> (x Data..:? "RuleId")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance Prelude.Hashable AwsWafWebAclRule where
+  hashWithSalt _salt AwsWafWebAclRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` excludedRules
+      `Prelude.hashWithSalt` overrideAction
+      `Prelude.hashWithSalt` priority
+      `Prelude.hashWithSalt` ruleId
+      `Prelude.hashWithSalt` type'
+
+instance Prelude.NFData AwsWafWebAclRule where
+  rnf AwsWafWebAclRule' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf excludedRules
+      `Prelude.seq` Prelude.rnf overrideAction
+      `Prelude.seq` Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf ruleId
+      `Prelude.seq` Prelude.rnf type'
+
+instance Data.ToJSON AwsWafWebAclRule where
+  toJSON AwsWafWebAclRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Action" Data..=) Prelude.<$> action,
+            ("ExcludedRules" Data..=) Prelude.<$> excludedRules,
+            ("OverrideAction" Data..=)
+              Prelude.<$> overrideAction,
+            ("Priority" Data..=) Prelude.<$> priority,
+            ("RuleId" Data..=) Prelude.<$> ruleId,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafv2ActionAllowDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafv2ActionAllowDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafv2ActionAllowDetails.hs
@@ -0,0 +1,92 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafv2ActionAllowDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafv2ActionAllowDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafv2CustomRequestHandlingDetails
+
+-- | Specifies that WAF should allow the request and optionally defines
+-- additional custom handling for the request.
+--
+-- /See:/ 'newAwsWafv2ActionAllowDetails' smart constructor.
+data AwsWafv2ActionAllowDetails = AwsWafv2ActionAllowDetails'
+  { -- | Defines custom handling for the web request. For information about
+    -- customizing web requests and responses, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+    -- in the /WAF Developer Guide./.
+    customRequestHandling :: Prelude.Maybe AwsWafv2CustomRequestHandlingDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafv2ActionAllowDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customRequestHandling', 'awsWafv2ActionAllowDetails_customRequestHandling' - Defines custom handling for the web request. For information about
+-- customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the /WAF Developer Guide./.
+newAwsWafv2ActionAllowDetails ::
+  AwsWafv2ActionAllowDetails
+newAwsWafv2ActionAllowDetails =
+  AwsWafv2ActionAllowDetails'
+    { customRequestHandling =
+        Prelude.Nothing
+    }
+
+-- | Defines custom handling for the web request. For information about
+-- customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the /WAF Developer Guide./.
+awsWafv2ActionAllowDetails_customRequestHandling :: Lens.Lens' AwsWafv2ActionAllowDetails (Prelude.Maybe AwsWafv2CustomRequestHandlingDetails)
+awsWafv2ActionAllowDetails_customRequestHandling = Lens.lens (\AwsWafv2ActionAllowDetails' {customRequestHandling} -> customRequestHandling) (\s@AwsWafv2ActionAllowDetails' {} a -> s {customRequestHandling = a} :: AwsWafv2ActionAllowDetails)
+
+instance Data.FromJSON AwsWafv2ActionAllowDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafv2ActionAllowDetails"
+      ( \x ->
+          AwsWafv2ActionAllowDetails'
+            Prelude.<$> (x Data..:? "CustomRequestHandling")
+      )
+
+instance Prelude.Hashable AwsWafv2ActionAllowDetails where
+  hashWithSalt _salt AwsWafv2ActionAllowDetails' {..} =
+    _salt `Prelude.hashWithSalt` customRequestHandling
+
+instance Prelude.NFData AwsWafv2ActionAllowDetails where
+  rnf AwsWafv2ActionAllowDetails' {..} =
+    Prelude.rnf customRequestHandling
+
+instance Data.ToJSON AwsWafv2ActionAllowDetails where
+  toJSON AwsWafv2ActionAllowDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustomRequestHandling" Data..=)
+              Prelude.<$> customRequestHandling
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafv2ActionBlockDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafv2ActionBlockDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafv2ActionBlockDetails.hs
@@ -0,0 +1,89 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafv2ActionBlockDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafv2ActionBlockDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafv2CustomResponseDetails
+
+-- | Specifies that WAF should block the request and optionally defines
+-- additional custom handling for the response to the web request.
+--
+-- /See:/ 'newAwsWafv2ActionBlockDetails' smart constructor.
+data AwsWafv2ActionBlockDetails = AwsWafv2ActionBlockDetails'
+  { -- | Defines a custom response for the web request. For information, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+    -- in the /WAF Developer Guide./.
+    customResponse :: Prelude.Maybe AwsWafv2CustomResponseDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafv2ActionBlockDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customResponse', 'awsWafv2ActionBlockDetails_customResponse' - Defines a custom response for the web request. For information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the /WAF Developer Guide./.
+newAwsWafv2ActionBlockDetails ::
+  AwsWafv2ActionBlockDetails
+newAwsWafv2ActionBlockDetails =
+  AwsWafv2ActionBlockDetails'
+    { customResponse =
+        Prelude.Nothing
+    }
+
+-- | Defines a custom response for the web request. For information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the /WAF Developer Guide./.
+awsWafv2ActionBlockDetails_customResponse :: Lens.Lens' AwsWafv2ActionBlockDetails (Prelude.Maybe AwsWafv2CustomResponseDetails)
+awsWafv2ActionBlockDetails_customResponse = Lens.lens (\AwsWafv2ActionBlockDetails' {customResponse} -> customResponse) (\s@AwsWafv2ActionBlockDetails' {} a -> s {customResponse = a} :: AwsWafv2ActionBlockDetails)
+
+instance Data.FromJSON AwsWafv2ActionBlockDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafv2ActionBlockDetails"
+      ( \x ->
+          AwsWafv2ActionBlockDetails'
+            Prelude.<$> (x Data..:? "CustomResponse")
+      )
+
+instance Prelude.Hashable AwsWafv2ActionBlockDetails where
+  hashWithSalt _salt AwsWafv2ActionBlockDetails' {..} =
+    _salt `Prelude.hashWithSalt` customResponse
+
+instance Prelude.NFData AwsWafv2ActionBlockDetails where
+  rnf AwsWafv2ActionBlockDetails' {..} =
+    Prelude.rnf customResponse
+
+instance Data.ToJSON AwsWafv2ActionBlockDetails where
+  toJSON AwsWafv2ActionBlockDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustomResponse" Data..=)
+              Prelude.<$> customResponse
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafv2CustomHttpHeader.hs b/gen/Amazonka/SecurityHub/Types/AwsWafv2CustomHttpHeader.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafv2CustomHttpHeader.hs
@@ -0,0 +1,92 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafv2CustomHttpHeader
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafv2CustomHttpHeader where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A custom header for custom request and response handling.
+--
+-- /See:/ 'newAwsWafv2CustomHttpHeader' smart constructor.
+data AwsWafv2CustomHttpHeader = AwsWafv2CustomHttpHeader'
+  { -- | The name of the custom header.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The value of the custom header.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafv2CustomHttpHeader' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'awsWafv2CustomHttpHeader_name' - The name of the custom header.
+--
+-- 'value', 'awsWafv2CustomHttpHeader_value' - The value of the custom header.
+newAwsWafv2CustomHttpHeader ::
+  AwsWafv2CustomHttpHeader
+newAwsWafv2CustomHttpHeader =
+  AwsWafv2CustomHttpHeader'
+    { name = Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | The name of the custom header.
+awsWafv2CustomHttpHeader_name :: Lens.Lens' AwsWafv2CustomHttpHeader (Prelude.Maybe Prelude.Text)
+awsWafv2CustomHttpHeader_name = Lens.lens (\AwsWafv2CustomHttpHeader' {name} -> name) (\s@AwsWafv2CustomHttpHeader' {} a -> s {name = a} :: AwsWafv2CustomHttpHeader)
+
+-- | The value of the custom header.
+awsWafv2CustomHttpHeader_value :: Lens.Lens' AwsWafv2CustomHttpHeader (Prelude.Maybe Prelude.Text)
+awsWafv2CustomHttpHeader_value = Lens.lens (\AwsWafv2CustomHttpHeader' {value} -> value) (\s@AwsWafv2CustomHttpHeader' {} a -> s {value = a} :: AwsWafv2CustomHttpHeader)
+
+instance Data.FromJSON AwsWafv2CustomHttpHeader where
+  parseJSON =
+    Data.withObject
+      "AwsWafv2CustomHttpHeader"
+      ( \x ->
+          AwsWafv2CustomHttpHeader'
+            Prelude.<$> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance Prelude.Hashable AwsWafv2CustomHttpHeader where
+  hashWithSalt _salt AwsWafv2CustomHttpHeader' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData AwsWafv2CustomHttpHeader where
+  rnf AwsWafv2CustomHttpHeader' {..} =
+    Prelude.rnf name `Prelude.seq` Prelude.rnf value
+
+instance Data.ToJSON AwsWafv2CustomHttpHeader where
+  toJSON AwsWafv2CustomHttpHeader' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Name" Data..=) Prelude.<$> name,
+            ("Value" Data..=) Prelude.<$> value
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafv2CustomRequestHandlingDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafv2CustomRequestHandlingDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafv2CustomRequestHandlingDetails.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafv2CustomRequestHandlingDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafv2CustomRequestHandlingDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafv2CustomHttpHeader
+
+-- | Custom request handling behavior that inserts custom headers into a web
+-- request. WAF uses custom request handling when the rule action doesn\'t
+-- block the request.
+--
+-- /See:/ 'newAwsWafv2CustomRequestHandlingDetails' smart constructor.
+data AwsWafv2CustomRequestHandlingDetails = AwsWafv2CustomRequestHandlingDetails'
+  { -- | The HTTP headers to insert into the request.
+    insertHeaders :: Prelude.Maybe [AwsWafv2CustomHttpHeader]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafv2CustomRequestHandlingDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'insertHeaders', 'awsWafv2CustomRequestHandlingDetails_insertHeaders' - The HTTP headers to insert into the request.
+newAwsWafv2CustomRequestHandlingDetails ::
+  AwsWafv2CustomRequestHandlingDetails
+newAwsWafv2CustomRequestHandlingDetails =
+  AwsWafv2CustomRequestHandlingDetails'
+    { insertHeaders =
+        Prelude.Nothing
+    }
+
+-- | The HTTP headers to insert into the request.
+awsWafv2CustomRequestHandlingDetails_insertHeaders :: Lens.Lens' AwsWafv2CustomRequestHandlingDetails (Prelude.Maybe [AwsWafv2CustomHttpHeader])
+awsWafv2CustomRequestHandlingDetails_insertHeaders = Lens.lens (\AwsWafv2CustomRequestHandlingDetails' {insertHeaders} -> insertHeaders) (\s@AwsWafv2CustomRequestHandlingDetails' {} a -> s {insertHeaders = a} :: AwsWafv2CustomRequestHandlingDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    AwsWafv2CustomRequestHandlingDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafv2CustomRequestHandlingDetails"
+      ( \x ->
+          AwsWafv2CustomRequestHandlingDetails'
+            Prelude.<$> (x Data..:? "InsertHeaders" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafv2CustomRequestHandlingDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafv2CustomRequestHandlingDetails' {..} =
+      _salt `Prelude.hashWithSalt` insertHeaders
+
+instance
+  Prelude.NFData
+    AwsWafv2CustomRequestHandlingDetails
+  where
+  rnf AwsWafv2CustomRequestHandlingDetails' {..} =
+    Prelude.rnf insertHeaders
+
+instance
+  Data.ToJSON
+    AwsWafv2CustomRequestHandlingDetails
+  where
+  toJSON AwsWafv2CustomRequestHandlingDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("InsertHeaders" Data..=)
+              Prelude.<$> insertHeaders
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafv2CustomResponseDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafv2CustomResponseDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafv2CustomResponseDetails.hs
@@ -0,0 +1,133 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafv2CustomResponseDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafv2CustomResponseDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafv2CustomHttpHeader
+
+-- | A custom response to send to the client. You can define a custom
+-- response for rule actions and default web ACL actions that are set to
+-- block.
+--
+-- /See:/ 'newAwsWafv2CustomResponseDetails' smart constructor.
+data AwsWafv2CustomResponseDetails = AwsWafv2CustomResponseDetails'
+  { -- | References the response body that you want WAF to return to the web
+    -- request client. You can define a custom response for a rule action or a
+    -- default web ACL action that is set to block.
+    customResponseBodyKey :: Prelude.Maybe Prelude.Text,
+    -- | The HTTP status code to return to the client. For a list of status codes
+    -- that you can use in your custom responses, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html Supported status codes for custom response>
+    -- in the /WAF Developer Guide./
+    responseCode :: Prelude.Maybe Prelude.Int,
+    -- | The HTTP headers to use in the response.
+    responseHeaders :: Prelude.Maybe [AwsWafv2CustomHttpHeader]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafv2CustomResponseDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customResponseBodyKey', 'awsWafv2CustomResponseDetails_customResponseBodyKey' - References the response body that you want WAF to return to the web
+-- request client. You can define a custom response for a rule action or a
+-- default web ACL action that is set to block.
+--
+-- 'responseCode', 'awsWafv2CustomResponseDetails_responseCode' - The HTTP status code to return to the client. For a list of status codes
+-- that you can use in your custom responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html Supported status codes for custom response>
+-- in the /WAF Developer Guide./
+--
+-- 'responseHeaders', 'awsWafv2CustomResponseDetails_responseHeaders' - The HTTP headers to use in the response.
+newAwsWafv2CustomResponseDetails ::
+  AwsWafv2CustomResponseDetails
+newAwsWafv2CustomResponseDetails =
+  AwsWafv2CustomResponseDetails'
+    { customResponseBodyKey =
+        Prelude.Nothing,
+      responseCode = Prelude.Nothing,
+      responseHeaders = Prelude.Nothing
+    }
+
+-- | References the response body that you want WAF to return to the web
+-- request client. You can define a custom response for a rule action or a
+-- default web ACL action that is set to block.
+awsWafv2CustomResponseDetails_customResponseBodyKey :: Lens.Lens' AwsWafv2CustomResponseDetails (Prelude.Maybe Prelude.Text)
+awsWafv2CustomResponseDetails_customResponseBodyKey = Lens.lens (\AwsWafv2CustomResponseDetails' {customResponseBodyKey} -> customResponseBodyKey) (\s@AwsWafv2CustomResponseDetails' {} a -> s {customResponseBodyKey = a} :: AwsWafv2CustomResponseDetails)
+
+-- | The HTTP status code to return to the client. For a list of status codes
+-- that you can use in your custom responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html Supported status codes for custom response>
+-- in the /WAF Developer Guide./
+awsWafv2CustomResponseDetails_responseCode :: Lens.Lens' AwsWafv2CustomResponseDetails (Prelude.Maybe Prelude.Int)
+awsWafv2CustomResponseDetails_responseCode = Lens.lens (\AwsWafv2CustomResponseDetails' {responseCode} -> responseCode) (\s@AwsWafv2CustomResponseDetails' {} a -> s {responseCode = a} :: AwsWafv2CustomResponseDetails)
+
+-- | The HTTP headers to use in the response.
+awsWafv2CustomResponseDetails_responseHeaders :: Lens.Lens' AwsWafv2CustomResponseDetails (Prelude.Maybe [AwsWafv2CustomHttpHeader])
+awsWafv2CustomResponseDetails_responseHeaders = Lens.lens (\AwsWafv2CustomResponseDetails' {responseHeaders} -> responseHeaders) (\s@AwsWafv2CustomResponseDetails' {} a -> s {responseHeaders = a} :: AwsWafv2CustomResponseDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AwsWafv2CustomResponseDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafv2CustomResponseDetails"
+      ( \x ->
+          AwsWafv2CustomResponseDetails'
+            Prelude.<$> (x Data..:? "CustomResponseBodyKey")
+            Prelude.<*> (x Data..:? "ResponseCode")
+            Prelude.<*> ( x
+                            Data..:? "ResponseHeaders"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafv2CustomResponseDetails
+  where
+  hashWithSalt _salt AwsWafv2CustomResponseDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` customResponseBodyKey
+      `Prelude.hashWithSalt` responseCode
+      `Prelude.hashWithSalt` responseHeaders
+
+instance Prelude.NFData AwsWafv2CustomResponseDetails where
+  rnf AwsWafv2CustomResponseDetails' {..} =
+    Prelude.rnf customResponseBodyKey
+      `Prelude.seq` Prelude.rnf responseCode
+      `Prelude.seq` Prelude.rnf responseHeaders
+
+instance Data.ToJSON AwsWafv2CustomResponseDetails where
+  toJSON AwsWafv2CustomResponseDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustomResponseBodyKey" Data..=)
+              Prelude.<$> customResponseBodyKey,
+            ("ResponseCode" Data..=) Prelude.<$> responseCode,
+            ("ResponseHeaders" Data..=)
+              Prelude.<$> responseHeaders
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafv2RuleGroupDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafv2RuleGroupDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafv2RuleGroupDetails.hs
@@ -0,0 +1,198 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafv2RuleGroupDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafv2RuleGroupDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafv2RulesDetails
+import Amazonka.SecurityHub.Types.AwsWafv2VisibilityConfigDetails
+
+-- | Details about an WAFv2 rule group.
+--
+-- /See:/ 'newAwsWafv2RuleGroupDetails' smart constructor.
+data AwsWafv2RuleGroupDetails = AwsWafv2RuleGroupDetails'
+  { -- | The Amazon Resource Name (ARN) of the entity.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The web ACL capacity units (WCUs) required for this rule group.
+    capacity :: Prelude.Maybe Prelude.Integer,
+    -- | A description of the rule group that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | A unique identifier for the rule group.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The name of the rule group. You cannot change the name of a rule group
+    -- after you create it.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The Rule statements used to identify the web requests that you want to
+    -- allow, block, or count. Each rule includes one top-level statement that
+    -- WAF uses to identify matching web requests, and parameters that govern
+    -- how WAF handles them.
+    rules :: Prelude.Maybe [AwsWafv2RulesDetails],
+    -- | Specifies whether the rule group is for an Amazon CloudFront
+    -- distribution or for a regional application. A regional application can
+    -- be an Application Load Balancer (ALB), an Amazon API Gateway REST API,
+    -- an AppSync GraphQL API, or an Amazon Cognito user pool.
+    scope :: Prelude.Maybe Prelude.Text,
+    -- | Defines and enables Amazon CloudWatch metrics and web request sample
+    -- collection.
+    visibilityConfig :: Prelude.Maybe AwsWafv2VisibilityConfigDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafv2RuleGroupDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'awsWafv2RuleGroupDetails_arn' - The Amazon Resource Name (ARN) of the entity.
+--
+-- 'capacity', 'awsWafv2RuleGroupDetails_capacity' - The web ACL capacity units (WCUs) required for this rule group.
+--
+-- 'description', 'awsWafv2RuleGroupDetails_description' - A description of the rule group that helps with identification.
+--
+-- 'id', 'awsWafv2RuleGroupDetails_id' - A unique identifier for the rule group.
+--
+-- 'name', 'awsWafv2RuleGroupDetails_name' - The name of the rule group. You cannot change the name of a rule group
+-- after you create it.
+--
+-- 'rules', 'awsWafv2RuleGroupDetails_rules' - The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+--
+-- 'scope', 'awsWafv2RuleGroupDetails_scope' - Specifies whether the rule group is for an Amazon CloudFront
+-- distribution or for a regional application. A regional application can
+-- be an Application Load Balancer (ALB), an Amazon API Gateway REST API,
+-- an AppSync GraphQL API, or an Amazon Cognito user pool.
+--
+-- 'visibilityConfig', 'awsWafv2RuleGroupDetails_visibilityConfig' - Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+newAwsWafv2RuleGroupDetails ::
+  AwsWafv2RuleGroupDetails
+newAwsWafv2RuleGroupDetails =
+  AwsWafv2RuleGroupDetails'
+    { arn = Prelude.Nothing,
+      capacity = Prelude.Nothing,
+      description = Prelude.Nothing,
+      id = Prelude.Nothing,
+      name = Prelude.Nothing,
+      rules = Prelude.Nothing,
+      scope = Prelude.Nothing,
+      visibilityConfig = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the entity.
+awsWafv2RuleGroupDetails_arn :: Lens.Lens' AwsWafv2RuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsWafv2RuleGroupDetails_arn = Lens.lens (\AwsWafv2RuleGroupDetails' {arn} -> arn) (\s@AwsWafv2RuleGroupDetails' {} a -> s {arn = a} :: AwsWafv2RuleGroupDetails)
+
+-- | The web ACL capacity units (WCUs) required for this rule group.
+awsWafv2RuleGroupDetails_capacity :: Lens.Lens' AwsWafv2RuleGroupDetails (Prelude.Maybe Prelude.Integer)
+awsWafv2RuleGroupDetails_capacity = Lens.lens (\AwsWafv2RuleGroupDetails' {capacity} -> capacity) (\s@AwsWafv2RuleGroupDetails' {} a -> s {capacity = a} :: AwsWafv2RuleGroupDetails)
+
+-- | A description of the rule group that helps with identification.
+awsWafv2RuleGroupDetails_description :: Lens.Lens' AwsWafv2RuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsWafv2RuleGroupDetails_description = Lens.lens (\AwsWafv2RuleGroupDetails' {description} -> description) (\s@AwsWafv2RuleGroupDetails' {} a -> s {description = a} :: AwsWafv2RuleGroupDetails)
+
+-- | A unique identifier for the rule group.
+awsWafv2RuleGroupDetails_id :: Lens.Lens' AwsWafv2RuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsWafv2RuleGroupDetails_id = Lens.lens (\AwsWafv2RuleGroupDetails' {id} -> id) (\s@AwsWafv2RuleGroupDetails' {} a -> s {id = a} :: AwsWafv2RuleGroupDetails)
+
+-- | The name of the rule group. You cannot change the name of a rule group
+-- after you create it.
+awsWafv2RuleGroupDetails_name :: Lens.Lens' AwsWafv2RuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsWafv2RuleGroupDetails_name = Lens.lens (\AwsWafv2RuleGroupDetails' {name} -> name) (\s@AwsWafv2RuleGroupDetails' {} a -> s {name = a} :: AwsWafv2RuleGroupDetails)
+
+-- | The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+awsWafv2RuleGroupDetails_rules :: Lens.Lens' AwsWafv2RuleGroupDetails (Prelude.Maybe [AwsWafv2RulesDetails])
+awsWafv2RuleGroupDetails_rules = Lens.lens (\AwsWafv2RuleGroupDetails' {rules} -> rules) (\s@AwsWafv2RuleGroupDetails' {} a -> s {rules = a} :: AwsWafv2RuleGroupDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies whether the rule group is for an Amazon CloudFront
+-- distribution or for a regional application. A regional application can
+-- be an Application Load Balancer (ALB), an Amazon API Gateway REST API,
+-- an AppSync GraphQL API, or an Amazon Cognito user pool.
+awsWafv2RuleGroupDetails_scope :: Lens.Lens' AwsWafv2RuleGroupDetails (Prelude.Maybe Prelude.Text)
+awsWafv2RuleGroupDetails_scope = Lens.lens (\AwsWafv2RuleGroupDetails' {scope} -> scope) (\s@AwsWafv2RuleGroupDetails' {} a -> s {scope = a} :: AwsWafv2RuleGroupDetails)
+
+-- | Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+awsWafv2RuleGroupDetails_visibilityConfig :: Lens.Lens' AwsWafv2RuleGroupDetails (Prelude.Maybe AwsWafv2VisibilityConfigDetails)
+awsWafv2RuleGroupDetails_visibilityConfig = Lens.lens (\AwsWafv2RuleGroupDetails' {visibilityConfig} -> visibilityConfig) (\s@AwsWafv2RuleGroupDetails' {} a -> s {visibilityConfig = a} :: AwsWafv2RuleGroupDetails)
+
+instance Data.FromJSON AwsWafv2RuleGroupDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafv2RuleGroupDetails"
+      ( \x ->
+          AwsWafv2RuleGroupDetails'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "Capacity")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Rules" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Scope")
+            Prelude.<*> (x Data..:? "VisibilityConfig")
+      )
+
+instance Prelude.Hashable AwsWafv2RuleGroupDetails where
+  hashWithSalt _salt AwsWafv2RuleGroupDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` capacity
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` rules
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` visibilityConfig
+
+instance Prelude.NFData AwsWafv2RuleGroupDetails where
+  rnf AwsWafv2RuleGroupDetails' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf capacity
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf rules
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf visibilityConfig
+
+instance Data.ToJSON AwsWafv2RuleGroupDetails where
+  toJSON AwsWafv2RuleGroupDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Arn" Data..=) Prelude.<$> arn,
+            ("Capacity" Data..=) Prelude.<$> capacity,
+            ("Description" Data..=) Prelude.<$> description,
+            ("Id" Data..=) Prelude.<$> id,
+            ("Name" Data..=) Prelude.<$> name,
+            ("Rules" Data..=) Prelude.<$> rules,
+            ("Scope" Data..=) Prelude.<$> scope,
+            ("VisibilityConfig" Data..=)
+              Prelude.<$> visibilityConfig
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafv2RulesActionCaptchaDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafv2RulesActionCaptchaDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafv2RulesActionCaptchaDetails.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafv2RulesActionCaptchaDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafv2RulesActionCaptchaDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafv2CustomRequestHandlingDetails
+
+-- | Specifies that WAF should run a CAPTCHA check against the request.
+--
+-- /See:/ 'newAwsWafv2RulesActionCaptchaDetails' smart constructor.
+data AwsWafv2RulesActionCaptchaDetails = AwsWafv2RulesActionCaptchaDetails'
+  { -- | Defines custom handling for the web request, used when the CAPTCHA
+    -- inspection determines that the request\'s token is valid and unexpired.
+    -- For more information, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+    -- in the /WAF Developer Guide./.
+    customRequestHandling :: Prelude.Maybe AwsWafv2CustomRequestHandlingDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafv2RulesActionCaptchaDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customRequestHandling', 'awsWafv2RulesActionCaptchaDetails_customRequestHandling' - Defines custom handling for the web request, used when the CAPTCHA
+-- inspection determines that the request\'s token is valid and unexpired.
+-- For more information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the /WAF Developer Guide./.
+newAwsWafv2RulesActionCaptchaDetails ::
+  AwsWafv2RulesActionCaptchaDetails
+newAwsWafv2RulesActionCaptchaDetails =
+  AwsWafv2RulesActionCaptchaDetails'
+    { customRequestHandling =
+        Prelude.Nothing
+    }
+
+-- | Defines custom handling for the web request, used when the CAPTCHA
+-- inspection determines that the request\'s token is valid and unexpired.
+-- For more information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the /WAF Developer Guide./.
+awsWafv2RulesActionCaptchaDetails_customRequestHandling :: Lens.Lens' AwsWafv2RulesActionCaptchaDetails (Prelude.Maybe AwsWafv2CustomRequestHandlingDetails)
+awsWafv2RulesActionCaptchaDetails_customRequestHandling = Lens.lens (\AwsWafv2RulesActionCaptchaDetails' {customRequestHandling} -> customRequestHandling) (\s@AwsWafv2RulesActionCaptchaDetails' {} a -> s {customRequestHandling = a} :: AwsWafv2RulesActionCaptchaDetails)
+
+instance
+  Data.FromJSON
+    AwsWafv2RulesActionCaptchaDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafv2RulesActionCaptchaDetails"
+      ( \x ->
+          AwsWafv2RulesActionCaptchaDetails'
+            Prelude.<$> (x Data..:? "CustomRequestHandling")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafv2RulesActionCaptchaDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafv2RulesActionCaptchaDetails' {..} =
+      _salt `Prelude.hashWithSalt` customRequestHandling
+
+instance
+  Prelude.NFData
+    AwsWafv2RulesActionCaptchaDetails
+  where
+  rnf AwsWafv2RulesActionCaptchaDetails' {..} =
+    Prelude.rnf customRequestHandling
+
+instance
+  Data.ToJSON
+    AwsWafv2RulesActionCaptchaDetails
+  where
+  toJSON AwsWafv2RulesActionCaptchaDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustomRequestHandling" Data..=)
+              Prelude.<$> customRequestHandling
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafv2RulesActionCountDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafv2RulesActionCountDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafv2RulesActionCountDetails.hs
@@ -0,0 +1,99 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafv2RulesActionCountDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafv2RulesActionCountDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafv2CustomRequestHandlingDetails
+
+-- | Specifies that WAF should count the request.
+--
+-- /See:/ 'newAwsWafv2RulesActionCountDetails' smart constructor.
+data AwsWafv2RulesActionCountDetails = AwsWafv2RulesActionCountDetails'
+  { -- | Defines custom handling for the web request. For more information, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+    -- in the /WAF Developer Guide./.
+    customRequestHandling :: Prelude.Maybe AwsWafv2CustomRequestHandlingDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafv2RulesActionCountDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customRequestHandling', 'awsWafv2RulesActionCountDetails_customRequestHandling' - Defines custom handling for the web request. For more information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the /WAF Developer Guide./.
+newAwsWafv2RulesActionCountDetails ::
+  AwsWafv2RulesActionCountDetails
+newAwsWafv2RulesActionCountDetails =
+  AwsWafv2RulesActionCountDetails'
+    { customRequestHandling =
+        Prelude.Nothing
+    }
+
+-- | Defines custom handling for the web request. For more information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the /WAF Developer Guide./.
+awsWafv2RulesActionCountDetails_customRequestHandling :: Lens.Lens' AwsWafv2RulesActionCountDetails (Prelude.Maybe AwsWafv2CustomRequestHandlingDetails)
+awsWafv2RulesActionCountDetails_customRequestHandling = Lens.lens (\AwsWafv2RulesActionCountDetails' {customRequestHandling} -> customRequestHandling) (\s@AwsWafv2RulesActionCountDetails' {} a -> s {customRequestHandling = a} :: AwsWafv2RulesActionCountDetails)
+
+instance
+  Data.FromJSON
+    AwsWafv2RulesActionCountDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafv2RulesActionCountDetails"
+      ( \x ->
+          AwsWafv2RulesActionCountDetails'
+            Prelude.<$> (x Data..:? "CustomRequestHandling")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafv2RulesActionCountDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafv2RulesActionCountDetails' {..} =
+      _salt `Prelude.hashWithSalt` customRequestHandling
+
+instance
+  Prelude.NFData
+    AwsWafv2RulesActionCountDetails
+  where
+  rnf AwsWafv2RulesActionCountDetails' {..} =
+    Prelude.rnf customRequestHandling
+
+instance Data.ToJSON AwsWafv2RulesActionCountDetails where
+  toJSON AwsWafv2RulesActionCountDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustomRequestHandling" Data..=)
+              Prelude.<$> customRequestHandling
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafv2RulesActionDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafv2RulesActionDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafv2RulesActionDetails.hs
@@ -0,0 +1,129 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafv2RulesActionDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafv2RulesActionDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafv2ActionAllowDetails
+import Amazonka.SecurityHub.Types.AwsWafv2ActionBlockDetails
+import Amazonka.SecurityHub.Types.AwsWafv2RulesActionCaptchaDetails
+import Amazonka.SecurityHub.Types.AwsWafv2RulesActionCountDetails
+
+-- | The action that WAF should take on a web request when it matches a
+-- rule\'s statement. Settings at the web ACL level can override the rule
+-- action setting.
+--
+-- /See:/ 'newAwsWafv2RulesActionDetails' smart constructor.
+data AwsWafv2RulesActionDetails = AwsWafv2RulesActionDetails'
+  { -- | Instructs WAF to allow the web request.
+    allow :: Prelude.Maybe AwsWafv2ActionAllowDetails,
+    -- | Instructs WAF to block the web request.
+    block :: Prelude.Maybe AwsWafv2ActionBlockDetails,
+    -- | Instructs WAF to run a CAPTCHA check against the web request.
+    captcha :: Prelude.Maybe AwsWafv2RulesActionCaptchaDetails,
+    -- | Instructs WAF to count the web request and then continue evaluating the
+    -- request using the remaining rules in the web ACL.
+    count :: Prelude.Maybe AwsWafv2RulesActionCountDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafv2RulesActionDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allow', 'awsWafv2RulesActionDetails_allow' - Instructs WAF to allow the web request.
+--
+-- 'block', 'awsWafv2RulesActionDetails_block' - Instructs WAF to block the web request.
+--
+-- 'captcha', 'awsWafv2RulesActionDetails_captcha' - Instructs WAF to run a CAPTCHA check against the web request.
+--
+-- 'count', 'awsWafv2RulesActionDetails_count' - Instructs WAF to count the web request and then continue evaluating the
+-- request using the remaining rules in the web ACL.
+newAwsWafv2RulesActionDetails ::
+  AwsWafv2RulesActionDetails
+newAwsWafv2RulesActionDetails =
+  AwsWafv2RulesActionDetails'
+    { allow =
+        Prelude.Nothing,
+      block = Prelude.Nothing,
+      captcha = Prelude.Nothing,
+      count = Prelude.Nothing
+    }
+
+-- | Instructs WAF to allow the web request.
+awsWafv2RulesActionDetails_allow :: Lens.Lens' AwsWafv2RulesActionDetails (Prelude.Maybe AwsWafv2ActionAllowDetails)
+awsWafv2RulesActionDetails_allow = Lens.lens (\AwsWafv2RulesActionDetails' {allow} -> allow) (\s@AwsWafv2RulesActionDetails' {} a -> s {allow = a} :: AwsWafv2RulesActionDetails)
+
+-- | Instructs WAF to block the web request.
+awsWafv2RulesActionDetails_block :: Lens.Lens' AwsWafv2RulesActionDetails (Prelude.Maybe AwsWafv2ActionBlockDetails)
+awsWafv2RulesActionDetails_block = Lens.lens (\AwsWafv2RulesActionDetails' {block} -> block) (\s@AwsWafv2RulesActionDetails' {} a -> s {block = a} :: AwsWafv2RulesActionDetails)
+
+-- | Instructs WAF to run a CAPTCHA check against the web request.
+awsWafv2RulesActionDetails_captcha :: Lens.Lens' AwsWafv2RulesActionDetails (Prelude.Maybe AwsWafv2RulesActionCaptchaDetails)
+awsWafv2RulesActionDetails_captcha = Lens.lens (\AwsWafv2RulesActionDetails' {captcha} -> captcha) (\s@AwsWafv2RulesActionDetails' {} a -> s {captcha = a} :: AwsWafv2RulesActionDetails)
+
+-- | Instructs WAF to count the web request and then continue evaluating the
+-- request using the remaining rules in the web ACL.
+awsWafv2RulesActionDetails_count :: Lens.Lens' AwsWafv2RulesActionDetails (Prelude.Maybe AwsWafv2RulesActionCountDetails)
+awsWafv2RulesActionDetails_count = Lens.lens (\AwsWafv2RulesActionDetails' {count} -> count) (\s@AwsWafv2RulesActionDetails' {} a -> s {count = a} :: AwsWafv2RulesActionDetails)
+
+instance Data.FromJSON AwsWafv2RulesActionDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafv2RulesActionDetails"
+      ( \x ->
+          AwsWafv2RulesActionDetails'
+            Prelude.<$> (x Data..:? "Allow")
+            Prelude.<*> (x Data..:? "Block")
+            Prelude.<*> (x Data..:? "Captcha")
+            Prelude.<*> (x Data..:? "Count")
+      )
+
+instance Prelude.Hashable AwsWafv2RulesActionDetails where
+  hashWithSalt _salt AwsWafv2RulesActionDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` allow
+      `Prelude.hashWithSalt` block
+      `Prelude.hashWithSalt` captcha
+      `Prelude.hashWithSalt` count
+
+instance Prelude.NFData AwsWafv2RulesActionDetails where
+  rnf AwsWafv2RulesActionDetails' {..} =
+    Prelude.rnf allow
+      `Prelude.seq` Prelude.rnf block
+      `Prelude.seq` Prelude.rnf captcha
+      `Prelude.seq` Prelude.rnf count
+
+instance Data.ToJSON AwsWafv2RulesActionDetails where
+  toJSON AwsWafv2RulesActionDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Allow" Data..=) Prelude.<$> allow,
+            ("Block" Data..=) Prelude.<$> block,
+            ("Captcha" Data..=) Prelude.<$> captcha,
+            ("Count" Data..=) Prelude.<$> count
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafv2RulesDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafv2RulesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafv2RulesDetails.hs
@@ -0,0 +1,160 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafv2RulesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafv2RulesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafv2RulesActionDetails
+import Amazonka.SecurityHub.Types.AwsWafv2VisibilityConfigDetails
+
+-- | Provides details about rules in a rule group. A rule identifies web
+-- requests that you want to allow, block, or count. Each rule includes one
+-- top-level Statement that AWS WAF uses to identify matching web requests,
+-- and parameters that govern how AWS WAF handles them.
+--
+-- /See:/ 'newAwsWafv2RulesDetails' smart constructor.
+data AwsWafv2RulesDetails = AwsWafv2RulesDetails'
+  { -- | The action that WAF should take on a web request when it matches the
+    -- rule statement. Settings at the web ACL level can override the rule
+    -- action setting.
+    action :: Prelude.Maybe AwsWafv2RulesActionDetails,
+    -- | The name of the rule.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The action to use in the place of the action that results from the rule
+    -- group evaluation.
+    overrideAction :: Prelude.Maybe Prelude.Text,
+    -- | If you define more than one Rule in a WebACL, WAF evaluates each request
+    -- against the Rules in order based on the value of @Priority@. WAF
+    -- processes rules with lower priority first. The priorities don\'t need to
+    -- be consecutive, but they must all be different.
+    priority :: Prelude.Maybe Prelude.Int,
+    -- | Defines and enables Amazon CloudWatch metrics and web request sample
+    -- collection.
+    visibilityConfig :: Prelude.Maybe AwsWafv2VisibilityConfigDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafv2RulesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'awsWafv2RulesDetails_action' - The action that WAF should take on a web request when it matches the
+-- rule statement. Settings at the web ACL level can override the rule
+-- action setting.
+--
+-- 'name', 'awsWafv2RulesDetails_name' - The name of the rule.
+--
+-- 'overrideAction', 'awsWafv2RulesDetails_overrideAction' - The action to use in the place of the action that results from the rule
+-- group evaluation.
+--
+-- 'priority', 'awsWafv2RulesDetails_priority' - If you define more than one Rule in a WebACL, WAF evaluates each request
+-- against the Rules in order based on the value of @Priority@. WAF
+-- processes rules with lower priority first. The priorities don\'t need to
+-- be consecutive, but they must all be different.
+--
+-- 'visibilityConfig', 'awsWafv2RulesDetails_visibilityConfig' - Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+newAwsWafv2RulesDetails ::
+  AwsWafv2RulesDetails
+newAwsWafv2RulesDetails =
+  AwsWafv2RulesDetails'
+    { action = Prelude.Nothing,
+      name = Prelude.Nothing,
+      overrideAction = Prelude.Nothing,
+      priority = Prelude.Nothing,
+      visibilityConfig = Prelude.Nothing
+    }
+
+-- | The action that WAF should take on a web request when it matches the
+-- rule statement. Settings at the web ACL level can override the rule
+-- action setting.
+awsWafv2RulesDetails_action :: Lens.Lens' AwsWafv2RulesDetails (Prelude.Maybe AwsWafv2RulesActionDetails)
+awsWafv2RulesDetails_action = Lens.lens (\AwsWafv2RulesDetails' {action} -> action) (\s@AwsWafv2RulesDetails' {} a -> s {action = a} :: AwsWafv2RulesDetails)
+
+-- | The name of the rule.
+awsWafv2RulesDetails_name :: Lens.Lens' AwsWafv2RulesDetails (Prelude.Maybe Prelude.Text)
+awsWafv2RulesDetails_name = Lens.lens (\AwsWafv2RulesDetails' {name} -> name) (\s@AwsWafv2RulesDetails' {} a -> s {name = a} :: AwsWafv2RulesDetails)
+
+-- | The action to use in the place of the action that results from the rule
+-- group evaluation.
+awsWafv2RulesDetails_overrideAction :: Lens.Lens' AwsWafv2RulesDetails (Prelude.Maybe Prelude.Text)
+awsWafv2RulesDetails_overrideAction = Lens.lens (\AwsWafv2RulesDetails' {overrideAction} -> overrideAction) (\s@AwsWafv2RulesDetails' {} a -> s {overrideAction = a} :: AwsWafv2RulesDetails)
+
+-- | If you define more than one Rule in a WebACL, WAF evaluates each request
+-- against the Rules in order based on the value of @Priority@. WAF
+-- processes rules with lower priority first. The priorities don\'t need to
+-- be consecutive, but they must all be different.
+awsWafv2RulesDetails_priority :: Lens.Lens' AwsWafv2RulesDetails (Prelude.Maybe Prelude.Int)
+awsWafv2RulesDetails_priority = Lens.lens (\AwsWafv2RulesDetails' {priority} -> priority) (\s@AwsWafv2RulesDetails' {} a -> s {priority = a} :: AwsWafv2RulesDetails)
+
+-- | Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+awsWafv2RulesDetails_visibilityConfig :: Lens.Lens' AwsWafv2RulesDetails (Prelude.Maybe AwsWafv2VisibilityConfigDetails)
+awsWafv2RulesDetails_visibilityConfig = Lens.lens (\AwsWafv2RulesDetails' {visibilityConfig} -> visibilityConfig) (\s@AwsWafv2RulesDetails' {} a -> s {visibilityConfig = a} :: AwsWafv2RulesDetails)
+
+instance Data.FromJSON AwsWafv2RulesDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafv2RulesDetails"
+      ( \x ->
+          AwsWafv2RulesDetails'
+            Prelude.<$> (x Data..:? "Action")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "OverrideAction")
+            Prelude.<*> (x Data..:? "Priority")
+            Prelude.<*> (x Data..:? "VisibilityConfig")
+      )
+
+instance Prelude.Hashable AwsWafv2RulesDetails where
+  hashWithSalt _salt AwsWafv2RulesDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` overrideAction
+      `Prelude.hashWithSalt` priority
+      `Prelude.hashWithSalt` visibilityConfig
+
+instance Prelude.NFData AwsWafv2RulesDetails where
+  rnf AwsWafv2RulesDetails' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf overrideAction
+      `Prelude.seq` Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf visibilityConfig
+
+instance Data.ToJSON AwsWafv2RulesDetails where
+  toJSON AwsWafv2RulesDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Action" Data..=) Prelude.<$> action,
+            ("Name" Data..=) Prelude.<$> name,
+            ("OverrideAction" Data..=)
+              Prelude.<$> overrideAction,
+            ("Priority" Data..=) Prelude.<$> priority,
+            ("VisibilityConfig" Data..=)
+              Prelude.<$> visibilityConfig
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafv2VisibilityConfigDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafv2VisibilityConfigDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafv2VisibilityConfigDetails.hs
@@ -0,0 +1,136 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafv2VisibilityConfigDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafv2VisibilityConfigDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+--
+-- /See:/ 'newAwsWafv2VisibilityConfigDetails' smart constructor.
+data AwsWafv2VisibilityConfigDetails = AwsWafv2VisibilityConfigDetails'
+  { -- | A boolean indicating whether the associated resource sends metrics to
+    -- Amazon CloudWatch. For the list of available metrics, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics WAF metrics and dimensions>
+    -- in the /WAF Developer Guide/.
+    cloudWatchMetricsEnabled :: Prelude.Maybe Prelude.Bool,
+    -- | A name of the Amazon CloudWatch metric.
+    metricName :: Prelude.Maybe Prelude.Text,
+    -- | A boolean indicating whether WAF should store a sampling of the web
+    -- requests that match the rules. You can view the sampled requests through
+    -- the WAF console.
+    sampledRequestsEnabled :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafv2VisibilityConfigDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cloudWatchMetricsEnabled', 'awsWafv2VisibilityConfigDetails_cloudWatchMetricsEnabled' - A boolean indicating whether the associated resource sends metrics to
+-- Amazon CloudWatch. For the list of available metrics, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics WAF metrics and dimensions>
+-- in the /WAF Developer Guide/.
+--
+-- 'metricName', 'awsWafv2VisibilityConfigDetails_metricName' - A name of the Amazon CloudWatch metric.
+--
+-- 'sampledRequestsEnabled', 'awsWafv2VisibilityConfigDetails_sampledRequestsEnabled' - A boolean indicating whether WAF should store a sampling of the web
+-- requests that match the rules. You can view the sampled requests through
+-- the WAF console.
+newAwsWafv2VisibilityConfigDetails ::
+  AwsWafv2VisibilityConfigDetails
+newAwsWafv2VisibilityConfigDetails =
+  AwsWafv2VisibilityConfigDetails'
+    { cloudWatchMetricsEnabled =
+        Prelude.Nothing,
+      metricName = Prelude.Nothing,
+      sampledRequestsEnabled = Prelude.Nothing
+    }
+
+-- | A boolean indicating whether the associated resource sends metrics to
+-- Amazon CloudWatch. For the list of available metrics, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics WAF metrics and dimensions>
+-- in the /WAF Developer Guide/.
+awsWafv2VisibilityConfigDetails_cloudWatchMetricsEnabled :: Lens.Lens' AwsWafv2VisibilityConfigDetails (Prelude.Maybe Prelude.Bool)
+awsWafv2VisibilityConfigDetails_cloudWatchMetricsEnabled = Lens.lens (\AwsWafv2VisibilityConfigDetails' {cloudWatchMetricsEnabled} -> cloudWatchMetricsEnabled) (\s@AwsWafv2VisibilityConfigDetails' {} a -> s {cloudWatchMetricsEnabled = a} :: AwsWafv2VisibilityConfigDetails)
+
+-- | A name of the Amazon CloudWatch metric.
+awsWafv2VisibilityConfigDetails_metricName :: Lens.Lens' AwsWafv2VisibilityConfigDetails (Prelude.Maybe Prelude.Text)
+awsWafv2VisibilityConfigDetails_metricName = Lens.lens (\AwsWafv2VisibilityConfigDetails' {metricName} -> metricName) (\s@AwsWafv2VisibilityConfigDetails' {} a -> s {metricName = a} :: AwsWafv2VisibilityConfigDetails)
+
+-- | A boolean indicating whether WAF should store a sampling of the web
+-- requests that match the rules. You can view the sampled requests through
+-- the WAF console.
+awsWafv2VisibilityConfigDetails_sampledRequestsEnabled :: Lens.Lens' AwsWafv2VisibilityConfigDetails (Prelude.Maybe Prelude.Bool)
+awsWafv2VisibilityConfigDetails_sampledRequestsEnabled = Lens.lens (\AwsWafv2VisibilityConfigDetails' {sampledRequestsEnabled} -> sampledRequestsEnabled) (\s@AwsWafv2VisibilityConfigDetails' {} a -> s {sampledRequestsEnabled = a} :: AwsWafv2VisibilityConfigDetails)
+
+instance
+  Data.FromJSON
+    AwsWafv2VisibilityConfigDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafv2VisibilityConfigDetails"
+      ( \x ->
+          AwsWafv2VisibilityConfigDetails'
+            Prelude.<$> (x Data..:? "CloudWatchMetricsEnabled")
+            Prelude.<*> (x Data..:? "MetricName")
+            Prelude.<*> (x Data..:? "SampledRequestsEnabled")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafv2VisibilityConfigDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafv2VisibilityConfigDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` cloudWatchMetricsEnabled
+        `Prelude.hashWithSalt` metricName
+        `Prelude.hashWithSalt` sampledRequestsEnabled
+
+instance
+  Prelude.NFData
+    AwsWafv2VisibilityConfigDetails
+  where
+  rnf AwsWafv2VisibilityConfigDetails' {..} =
+    Prelude.rnf cloudWatchMetricsEnabled
+      `Prelude.seq` Prelude.rnf metricName
+      `Prelude.seq` Prelude.rnf sampledRequestsEnabled
+
+instance Data.ToJSON AwsWafv2VisibilityConfigDetails where
+  toJSON AwsWafv2VisibilityConfigDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CloudWatchMetricsEnabled" Data..=)
+              Prelude.<$> cloudWatchMetricsEnabled,
+            ("MetricName" Data..=) Prelude.<$> metricName,
+            ("SampledRequestsEnabled" Data..=)
+              Prelude.<$> sampledRequestsEnabled
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafv2WebAclActionDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafv2WebAclActionDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafv2WebAclActionDetails.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafv2WebAclActionDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafv2WebAclActionDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafv2ActionAllowDetails
+import Amazonka.SecurityHub.Types.AwsWafv2ActionBlockDetails
+
+-- | Specifies the action that Amazon CloudFront or WAF takes when a web
+-- request matches the conditions in the rule.
+--
+-- /See:/ 'newAwsWafv2WebAclActionDetails' smart constructor.
+data AwsWafv2WebAclActionDetails = AwsWafv2WebAclActionDetails'
+  { -- | Specifies that WAF should allow requests by default.
+    allow :: Prelude.Maybe AwsWafv2ActionAllowDetails,
+    -- | Specifies that WAF should block requests by default.
+    block :: Prelude.Maybe AwsWafv2ActionBlockDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafv2WebAclActionDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allow', 'awsWafv2WebAclActionDetails_allow' - Specifies that WAF should allow requests by default.
+--
+-- 'block', 'awsWafv2WebAclActionDetails_block' - Specifies that WAF should block requests by default.
+newAwsWafv2WebAclActionDetails ::
+  AwsWafv2WebAclActionDetails
+newAwsWafv2WebAclActionDetails =
+  AwsWafv2WebAclActionDetails'
+    { allow =
+        Prelude.Nothing,
+      block = Prelude.Nothing
+    }
+
+-- | Specifies that WAF should allow requests by default.
+awsWafv2WebAclActionDetails_allow :: Lens.Lens' AwsWafv2WebAclActionDetails (Prelude.Maybe AwsWafv2ActionAllowDetails)
+awsWafv2WebAclActionDetails_allow = Lens.lens (\AwsWafv2WebAclActionDetails' {allow} -> allow) (\s@AwsWafv2WebAclActionDetails' {} a -> s {allow = a} :: AwsWafv2WebAclActionDetails)
+
+-- | Specifies that WAF should block requests by default.
+awsWafv2WebAclActionDetails_block :: Lens.Lens' AwsWafv2WebAclActionDetails (Prelude.Maybe AwsWafv2ActionBlockDetails)
+awsWafv2WebAclActionDetails_block = Lens.lens (\AwsWafv2WebAclActionDetails' {block} -> block) (\s@AwsWafv2WebAclActionDetails' {} a -> s {block = a} :: AwsWafv2WebAclActionDetails)
+
+instance Data.FromJSON AwsWafv2WebAclActionDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafv2WebAclActionDetails"
+      ( \x ->
+          AwsWafv2WebAclActionDetails'
+            Prelude.<$> (x Data..:? "Allow")
+            Prelude.<*> (x Data..:? "Block")
+      )
+
+instance Prelude.Hashable AwsWafv2WebAclActionDetails where
+  hashWithSalt _salt AwsWafv2WebAclActionDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` allow
+      `Prelude.hashWithSalt` block
+
+instance Prelude.NFData AwsWafv2WebAclActionDetails where
+  rnf AwsWafv2WebAclActionDetails' {..} =
+    Prelude.rnf allow `Prelude.seq` Prelude.rnf block
+
+instance Data.ToJSON AwsWafv2WebAclActionDetails where
+  toJSON AwsWafv2WebAclActionDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Allow" Data..=) Prelude.<$> allow,
+            ("Block" Data..=) Prelude.<$> block
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafv2WebAclCaptchaConfigDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafv2WebAclCaptchaConfigDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafv2WebAclCaptchaConfigDetails.hs
@@ -0,0 +1,100 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafv2WebAclCaptchaConfigDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafv2WebAclCaptchaConfigDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails
+
+-- | Specifies how WAF should handle CAPTCHA evaluations for rules that
+-- don\'t have their own @CaptchaConfig@ settings.
+--
+-- /See:/ 'newAwsWafv2WebAclCaptchaConfigDetails' smart constructor.
+data AwsWafv2WebAclCaptchaConfigDetails = AwsWafv2WebAclCaptchaConfigDetails'
+  { -- | Determines how long a CAPTCHA timestamp in the token remains valid after
+    -- the client successfully solves a CAPTCHA puzzle.
+    immunityTimeProperty :: Prelude.Maybe AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafv2WebAclCaptchaConfigDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'immunityTimeProperty', 'awsWafv2WebAclCaptchaConfigDetails_immunityTimeProperty' - Determines how long a CAPTCHA timestamp in the token remains valid after
+-- the client successfully solves a CAPTCHA puzzle.
+newAwsWafv2WebAclCaptchaConfigDetails ::
+  AwsWafv2WebAclCaptchaConfigDetails
+newAwsWafv2WebAclCaptchaConfigDetails =
+  AwsWafv2WebAclCaptchaConfigDetails'
+    { immunityTimeProperty =
+        Prelude.Nothing
+    }
+
+-- | Determines how long a CAPTCHA timestamp in the token remains valid after
+-- the client successfully solves a CAPTCHA puzzle.
+awsWafv2WebAclCaptchaConfigDetails_immunityTimeProperty :: Lens.Lens' AwsWafv2WebAclCaptchaConfigDetails (Prelude.Maybe AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails)
+awsWafv2WebAclCaptchaConfigDetails_immunityTimeProperty = Lens.lens (\AwsWafv2WebAclCaptchaConfigDetails' {immunityTimeProperty} -> immunityTimeProperty) (\s@AwsWafv2WebAclCaptchaConfigDetails' {} a -> s {immunityTimeProperty = a} :: AwsWafv2WebAclCaptchaConfigDetails)
+
+instance
+  Data.FromJSON
+    AwsWafv2WebAclCaptchaConfigDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafv2WebAclCaptchaConfigDetails"
+      ( \x ->
+          AwsWafv2WebAclCaptchaConfigDetails'
+            Prelude.<$> (x Data..:? "ImmunityTimeProperty")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafv2WebAclCaptchaConfigDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafv2WebAclCaptchaConfigDetails' {..} =
+      _salt `Prelude.hashWithSalt` immunityTimeProperty
+
+instance
+  Prelude.NFData
+    AwsWafv2WebAclCaptchaConfigDetails
+  where
+  rnf AwsWafv2WebAclCaptchaConfigDetails' {..} =
+    Prelude.rnf immunityTimeProperty
+
+instance
+  Data.ToJSON
+    AwsWafv2WebAclCaptchaConfigDetails
+  where
+  toJSON AwsWafv2WebAclCaptchaConfigDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ImmunityTimeProperty" Data..=)
+              Prelude.<$> immunityTimeProperty
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails.hs
@@ -0,0 +1,100 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Used for CAPTCHA and challenge token settings. Determines how long a
+-- CAPTCHA or challenge timestamp remains valid after WAF updates it for a
+-- successful CAPTCHA or challenge response.
+--
+-- /See:/ 'newAwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails' smart constructor.
+data AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails = AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails'
+  { -- | The amount of time, in seconds, that a CAPTCHA or challenge timestamp is
+    -- considered valid by WAF.
+    immunityTime :: Prelude.Maybe Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'immunityTime', 'awsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails_immunityTime' - The amount of time, in seconds, that a CAPTCHA or challenge timestamp is
+-- considered valid by WAF.
+newAwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails ::
+  AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails
+newAwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails =
+  AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails'
+    { immunityTime =
+        Prelude.Nothing
+    }
+
+-- | The amount of time, in seconds, that a CAPTCHA or challenge timestamp is
+-- considered valid by WAF.
+awsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails_immunityTime :: Lens.Lens' AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails (Prelude.Maybe Prelude.Integer)
+awsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails_immunityTime = Lens.lens (\AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails' {immunityTime} -> immunityTime) (\s@AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails' {} a -> s {immunityTime = a} :: AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails)
+
+instance
+  Data.FromJSON
+    AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails
+  where
+  parseJSON =
+    Data.withObject
+      "AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails"
+      ( \x ->
+          AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails'
+            Prelude.<$> (x Data..:? "ImmunityTime")
+      )
+
+instance
+  Prelude.Hashable
+    AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails
+  where
+  hashWithSalt
+    _salt
+    AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails' {..} =
+      _salt `Prelude.hashWithSalt` immunityTime
+
+instance
+  Prelude.NFData
+    AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails
+  where
+  rnf
+    AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails' {..} =
+      Prelude.rnf immunityTime
+
+instance
+  Data.ToJSON
+    AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails
+  where
+  toJSON
+    AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("ImmunityTime" Data..=) Prelude.<$> immunityTime]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsWafv2WebAclDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsWafv2WebAclDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsWafv2WebAclDetails.hs
@@ -0,0 +1,224 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsWafv2WebAclDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsWafv2WebAclDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsWafv2RulesDetails
+import Amazonka.SecurityHub.Types.AwsWafv2VisibilityConfigDetails
+import Amazonka.SecurityHub.Types.AwsWafv2WebAclActionDetails
+import Amazonka.SecurityHub.Types.AwsWafv2WebAclCaptchaConfigDetails
+
+-- | Details about an WAFv2 web Access Control List (ACL).
+--
+-- /See:/ 'newAwsWafv2WebAclDetails' smart constructor.
+data AwsWafv2WebAclDetails = AwsWafv2WebAclDetails'
+  { -- | The Amazon Resource Name (ARN) of the web ACL that you want to associate
+    -- with the resource.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The web ACL capacity units (WCUs) currently being used by this web ACL.
+    capacity :: Prelude.Maybe Prelude.Integer,
+    -- | Specifies how WAF should handle CAPTCHA evaluations for rules that
+    -- don\'t have their own @CaptchaConfig@ settings.
+    captchaConfig :: Prelude.Maybe AwsWafv2WebAclCaptchaConfigDetails,
+    -- | The action to perform if none of the Rules contained in the web ACL
+    -- match.
+    defaultAction :: Prelude.Maybe AwsWafv2WebAclActionDetails,
+    -- | A description of the web ACL that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | A unique identifier for the web ACL.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether this web ACL is managed by Firewall Manager.
+    managedbyFirewallManager :: Prelude.Maybe Prelude.Bool,
+    -- | The name of the web ACL.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The Rule statements used to identify the web requests that you want to
+    -- allow, block, or count. Each rule includes one top-level statement that
+    -- WAF uses to identify matching web requests, and parameters that govern
+    -- how WAF handles them.
+    rules :: Prelude.Maybe [AwsWafv2RulesDetails],
+    -- | Defines and enables Amazon CloudWatch metrics and web request sample
+    -- collection.
+    visibilityConfig :: Prelude.Maybe AwsWafv2VisibilityConfigDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsWafv2WebAclDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'awsWafv2WebAclDetails_arn' - The Amazon Resource Name (ARN) of the web ACL that you want to associate
+-- with the resource.
+--
+-- 'capacity', 'awsWafv2WebAclDetails_capacity' - The web ACL capacity units (WCUs) currently being used by this web ACL.
+--
+-- 'captchaConfig', 'awsWafv2WebAclDetails_captchaConfig' - Specifies how WAF should handle CAPTCHA evaluations for rules that
+-- don\'t have their own @CaptchaConfig@ settings.
+--
+-- 'defaultAction', 'awsWafv2WebAclDetails_defaultAction' - The action to perform if none of the Rules contained in the web ACL
+-- match.
+--
+-- 'description', 'awsWafv2WebAclDetails_description' - A description of the web ACL that helps with identification.
+--
+-- 'id', 'awsWafv2WebAclDetails_id' - A unique identifier for the web ACL.
+--
+-- 'managedbyFirewallManager', 'awsWafv2WebAclDetails_managedbyFirewallManager' - Indicates whether this web ACL is managed by Firewall Manager.
+--
+-- 'name', 'awsWafv2WebAclDetails_name' - The name of the web ACL.
+--
+-- 'rules', 'awsWafv2WebAclDetails_rules' - The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+--
+-- 'visibilityConfig', 'awsWafv2WebAclDetails_visibilityConfig' - Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+newAwsWafv2WebAclDetails ::
+  AwsWafv2WebAclDetails
+newAwsWafv2WebAclDetails =
+  AwsWafv2WebAclDetails'
+    { arn = Prelude.Nothing,
+      capacity = Prelude.Nothing,
+      captchaConfig = Prelude.Nothing,
+      defaultAction = Prelude.Nothing,
+      description = Prelude.Nothing,
+      id = Prelude.Nothing,
+      managedbyFirewallManager = Prelude.Nothing,
+      name = Prelude.Nothing,
+      rules = Prelude.Nothing,
+      visibilityConfig = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the web ACL that you want to associate
+-- with the resource.
+awsWafv2WebAclDetails_arn :: Lens.Lens' AwsWafv2WebAclDetails (Prelude.Maybe Prelude.Text)
+awsWafv2WebAclDetails_arn = Lens.lens (\AwsWafv2WebAclDetails' {arn} -> arn) (\s@AwsWafv2WebAclDetails' {} a -> s {arn = a} :: AwsWafv2WebAclDetails)
+
+-- | The web ACL capacity units (WCUs) currently being used by this web ACL.
+awsWafv2WebAclDetails_capacity :: Lens.Lens' AwsWafv2WebAclDetails (Prelude.Maybe Prelude.Integer)
+awsWafv2WebAclDetails_capacity = Lens.lens (\AwsWafv2WebAclDetails' {capacity} -> capacity) (\s@AwsWafv2WebAclDetails' {} a -> s {capacity = a} :: AwsWafv2WebAclDetails)
+
+-- | Specifies how WAF should handle CAPTCHA evaluations for rules that
+-- don\'t have their own @CaptchaConfig@ settings.
+awsWafv2WebAclDetails_captchaConfig :: Lens.Lens' AwsWafv2WebAclDetails (Prelude.Maybe AwsWafv2WebAclCaptchaConfigDetails)
+awsWafv2WebAclDetails_captchaConfig = Lens.lens (\AwsWafv2WebAclDetails' {captchaConfig} -> captchaConfig) (\s@AwsWafv2WebAclDetails' {} a -> s {captchaConfig = a} :: AwsWafv2WebAclDetails)
+
+-- | The action to perform if none of the Rules contained in the web ACL
+-- match.
+awsWafv2WebAclDetails_defaultAction :: Lens.Lens' AwsWafv2WebAclDetails (Prelude.Maybe AwsWafv2WebAclActionDetails)
+awsWafv2WebAclDetails_defaultAction = Lens.lens (\AwsWafv2WebAclDetails' {defaultAction} -> defaultAction) (\s@AwsWafv2WebAclDetails' {} a -> s {defaultAction = a} :: AwsWafv2WebAclDetails)
+
+-- | A description of the web ACL that helps with identification.
+awsWafv2WebAclDetails_description :: Lens.Lens' AwsWafv2WebAclDetails (Prelude.Maybe Prelude.Text)
+awsWafv2WebAclDetails_description = Lens.lens (\AwsWafv2WebAclDetails' {description} -> description) (\s@AwsWafv2WebAclDetails' {} a -> s {description = a} :: AwsWafv2WebAclDetails)
+
+-- | A unique identifier for the web ACL.
+awsWafv2WebAclDetails_id :: Lens.Lens' AwsWafv2WebAclDetails (Prelude.Maybe Prelude.Text)
+awsWafv2WebAclDetails_id = Lens.lens (\AwsWafv2WebAclDetails' {id} -> id) (\s@AwsWafv2WebAclDetails' {} a -> s {id = a} :: AwsWafv2WebAclDetails)
+
+-- | Indicates whether this web ACL is managed by Firewall Manager.
+awsWafv2WebAclDetails_managedbyFirewallManager :: Lens.Lens' AwsWafv2WebAclDetails (Prelude.Maybe Prelude.Bool)
+awsWafv2WebAclDetails_managedbyFirewallManager = Lens.lens (\AwsWafv2WebAclDetails' {managedbyFirewallManager} -> managedbyFirewallManager) (\s@AwsWafv2WebAclDetails' {} a -> s {managedbyFirewallManager = a} :: AwsWafv2WebAclDetails)
+
+-- | The name of the web ACL.
+awsWafv2WebAclDetails_name :: Lens.Lens' AwsWafv2WebAclDetails (Prelude.Maybe Prelude.Text)
+awsWafv2WebAclDetails_name = Lens.lens (\AwsWafv2WebAclDetails' {name} -> name) (\s@AwsWafv2WebAclDetails' {} a -> s {name = a} :: AwsWafv2WebAclDetails)
+
+-- | The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+awsWafv2WebAclDetails_rules :: Lens.Lens' AwsWafv2WebAclDetails (Prelude.Maybe [AwsWafv2RulesDetails])
+awsWafv2WebAclDetails_rules = Lens.lens (\AwsWafv2WebAclDetails' {rules} -> rules) (\s@AwsWafv2WebAclDetails' {} a -> s {rules = a} :: AwsWafv2WebAclDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+awsWafv2WebAclDetails_visibilityConfig :: Lens.Lens' AwsWafv2WebAclDetails (Prelude.Maybe AwsWafv2VisibilityConfigDetails)
+awsWafv2WebAclDetails_visibilityConfig = Lens.lens (\AwsWafv2WebAclDetails' {visibilityConfig} -> visibilityConfig) (\s@AwsWafv2WebAclDetails' {} a -> s {visibilityConfig = a} :: AwsWafv2WebAclDetails)
+
+instance Data.FromJSON AwsWafv2WebAclDetails where
+  parseJSON =
+    Data.withObject
+      "AwsWafv2WebAclDetails"
+      ( \x ->
+          AwsWafv2WebAclDetails'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "Capacity")
+            Prelude.<*> (x Data..:? "CaptchaConfig")
+            Prelude.<*> (x Data..:? "DefaultAction")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "ManagedbyFirewallManager")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Rules" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "VisibilityConfig")
+      )
+
+instance Prelude.Hashable AwsWafv2WebAclDetails where
+  hashWithSalt _salt AwsWafv2WebAclDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` capacity
+      `Prelude.hashWithSalt` captchaConfig
+      `Prelude.hashWithSalt` defaultAction
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` managedbyFirewallManager
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` rules
+      `Prelude.hashWithSalt` visibilityConfig
+
+instance Prelude.NFData AwsWafv2WebAclDetails where
+  rnf AwsWafv2WebAclDetails' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf capacity
+      `Prelude.seq` Prelude.rnf captchaConfig
+      `Prelude.seq` Prelude.rnf defaultAction
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf managedbyFirewallManager
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf rules
+      `Prelude.seq` Prelude.rnf visibilityConfig
+
+instance Data.ToJSON AwsWafv2WebAclDetails where
+  toJSON AwsWafv2WebAclDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Arn" Data..=) Prelude.<$> arn,
+            ("Capacity" Data..=) Prelude.<$> capacity,
+            ("CaptchaConfig" Data..=) Prelude.<$> captchaConfig,
+            ("DefaultAction" Data..=) Prelude.<$> defaultAction,
+            ("Description" Data..=) Prelude.<$> description,
+            ("Id" Data..=) Prelude.<$> id,
+            ("ManagedbyFirewallManager" Data..=)
+              Prelude.<$> managedbyFirewallManager,
+            ("Name" Data..=) Prelude.<$> name,
+            ("Rules" Data..=) Prelude.<$> rules,
+            ("VisibilityConfig" Data..=)
+              Prelude.<$> visibilityConfig
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/AwsXrayEncryptionConfigDetails.hs b/gen/Amazonka/SecurityHub/Types/AwsXrayEncryptionConfigDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/AwsXrayEncryptionConfigDetails.hs
@@ -0,0 +1,133 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.AwsXrayEncryptionConfigDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.AwsXrayEncryptionConfigDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the encryption configuration for X-Ray.
+--
+-- /See:/ 'newAwsXrayEncryptionConfigDetails' smart constructor.
+data AwsXrayEncryptionConfigDetails = AwsXrayEncryptionConfigDetails'
+  { -- | The identifier of the KMS key that is used for encryption. Provided if
+    -- @Type@ is @KMS@.
+    keyId :: Prelude.Maybe Prelude.Text,
+    -- | The current status of the encryption configuration. Valid values are
+    -- @ACTIVE@ or @UPDATING@.
+    --
+    -- When @Status@ is equal to @UPDATING@, X-Ray might use both the old and
+    -- new encryption.
+    status :: Prelude.Maybe Prelude.Text,
+    -- | The type of encryption. @KMS@ indicates that the encryption uses KMS
+    -- keys. @NONE@ indicates the default encryption.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsXrayEncryptionConfigDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'keyId', 'awsXrayEncryptionConfigDetails_keyId' - The identifier of the KMS key that is used for encryption. Provided if
+-- @Type@ is @KMS@.
+--
+-- 'status', 'awsXrayEncryptionConfigDetails_status' - The current status of the encryption configuration. Valid values are
+-- @ACTIVE@ or @UPDATING@.
+--
+-- When @Status@ is equal to @UPDATING@, X-Ray might use both the old and
+-- new encryption.
+--
+-- 'type'', 'awsXrayEncryptionConfigDetails_type' - The type of encryption. @KMS@ indicates that the encryption uses KMS
+-- keys. @NONE@ indicates the default encryption.
+newAwsXrayEncryptionConfigDetails ::
+  AwsXrayEncryptionConfigDetails
+newAwsXrayEncryptionConfigDetails =
+  AwsXrayEncryptionConfigDetails'
+    { keyId =
+        Prelude.Nothing,
+      status = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The identifier of the KMS key that is used for encryption. Provided if
+-- @Type@ is @KMS@.
+awsXrayEncryptionConfigDetails_keyId :: Lens.Lens' AwsXrayEncryptionConfigDetails (Prelude.Maybe Prelude.Text)
+awsXrayEncryptionConfigDetails_keyId = Lens.lens (\AwsXrayEncryptionConfigDetails' {keyId} -> keyId) (\s@AwsXrayEncryptionConfigDetails' {} a -> s {keyId = a} :: AwsXrayEncryptionConfigDetails)
+
+-- | The current status of the encryption configuration. Valid values are
+-- @ACTIVE@ or @UPDATING@.
+--
+-- When @Status@ is equal to @UPDATING@, X-Ray might use both the old and
+-- new encryption.
+awsXrayEncryptionConfigDetails_status :: Lens.Lens' AwsXrayEncryptionConfigDetails (Prelude.Maybe Prelude.Text)
+awsXrayEncryptionConfigDetails_status = Lens.lens (\AwsXrayEncryptionConfigDetails' {status} -> status) (\s@AwsXrayEncryptionConfigDetails' {} a -> s {status = a} :: AwsXrayEncryptionConfigDetails)
+
+-- | The type of encryption. @KMS@ indicates that the encryption uses KMS
+-- keys. @NONE@ indicates the default encryption.
+awsXrayEncryptionConfigDetails_type :: Lens.Lens' AwsXrayEncryptionConfigDetails (Prelude.Maybe Prelude.Text)
+awsXrayEncryptionConfigDetails_type = Lens.lens (\AwsXrayEncryptionConfigDetails' {type'} -> type') (\s@AwsXrayEncryptionConfigDetails' {} a -> s {type' = a} :: AwsXrayEncryptionConfigDetails)
+
+instance Data.FromJSON AwsXrayEncryptionConfigDetails where
+  parseJSON =
+    Data.withObject
+      "AwsXrayEncryptionConfigDetails"
+      ( \x ->
+          AwsXrayEncryptionConfigDetails'
+            Prelude.<$> (x Data..:? "KeyId")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance
+  Prelude.Hashable
+    AwsXrayEncryptionConfigDetails
+  where
+  hashWithSalt
+    _salt
+    AwsXrayEncryptionConfigDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` keyId
+        `Prelude.hashWithSalt` status
+        `Prelude.hashWithSalt` type'
+
+instance
+  Prelude.NFData
+    AwsXrayEncryptionConfigDetails
+  where
+  rnf AwsXrayEncryptionConfigDetails' {..} =
+    Prelude.rnf keyId
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf type'
+
+instance Data.ToJSON AwsXrayEncryptionConfigDetails where
+  toJSON AwsXrayEncryptionConfigDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("KeyId" Data..=) Prelude.<$> keyId,
+            ("Status" Data..=) Prelude.<$> status,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/BatchUpdateFindingsUnprocessedFinding.hs b/gen/Amazonka/SecurityHub/Types/BatchUpdateFindingsUnprocessedFinding.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/BatchUpdateFindingsUnprocessedFinding.hs
@@ -0,0 +1,230 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.BatchUpdateFindingsUnprocessedFinding
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.BatchUpdateFindingsUnprocessedFinding where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsSecurityFindingIdentifier
+
+-- | A finding from a @BatchUpdateFindings@ request that Security Hub was
+-- unable to update.
+--
+-- /See:/ 'newBatchUpdateFindingsUnprocessedFinding' smart constructor.
+data BatchUpdateFindingsUnprocessedFinding = BatchUpdateFindingsUnprocessedFinding'
+  { -- | The identifier of the finding that was not updated.
+    findingIdentifier :: AwsSecurityFindingIdentifier,
+    -- | The code associated with the error. Possible values are:
+    --
+    -- -   @ConcurrentUpdateError@ - Another request attempted to update the
+    --     finding while this request was being processed. This error may also
+    --     occur if you call
+    --     <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html BatchUpdateFindings>
+    --     and
+    --     <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html BatchImportFindings>
+    --     at the same time.
+    --
+    -- -   @DuplicatedFindingIdentifier@ - The request included two or more
+    --     findings with the same @FindingIdentifier@.
+    --
+    -- -   @FindingNotFound@ - The @FindingIdentifier@ included in the request
+    --     did not match an existing finding.
+    --
+    -- -   @FindingSizeExceeded@ - The finding size was greater than the
+    --     permissible value of 240 KB.
+    --
+    -- -   @InternalFailure@ - An internal service failure occurred when
+    --     updating the finding.
+    --
+    -- -   @InvalidInput@ - The finding update contained an invalid value that
+    --     did not satisfy the
+    --     <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html Amazon Web Services Security Finding Format>
+    --     syntax.
+    errorCode :: Prelude.Text,
+    -- | The message associated with the error. Possible values are:
+    --
+    -- -   @Concurrent finding updates detected@
+    --
+    -- -   @Finding Identifier is duplicated@
+    --
+    -- -   @Finding Not Found@
+    --
+    -- -   @Finding size exceeded 240 KB@
+    --
+    -- -   @Internal service failure@
+    --
+    -- -   @Invalid Input@
+    errorMessage :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'BatchUpdateFindingsUnprocessedFinding' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'findingIdentifier', 'batchUpdateFindingsUnprocessedFinding_findingIdentifier' - The identifier of the finding that was not updated.
+--
+-- 'errorCode', 'batchUpdateFindingsUnprocessedFinding_errorCode' - The code associated with the error. Possible values are:
+--
+-- -   @ConcurrentUpdateError@ - Another request attempted to update the
+--     finding while this request was being processed. This error may also
+--     occur if you call
+--     <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html BatchUpdateFindings>
+--     and
+--     <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html BatchImportFindings>
+--     at the same time.
+--
+-- -   @DuplicatedFindingIdentifier@ - The request included two or more
+--     findings with the same @FindingIdentifier@.
+--
+-- -   @FindingNotFound@ - The @FindingIdentifier@ included in the request
+--     did not match an existing finding.
+--
+-- -   @FindingSizeExceeded@ - The finding size was greater than the
+--     permissible value of 240 KB.
+--
+-- -   @InternalFailure@ - An internal service failure occurred when
+--     updating the finding.
+--
+-- -   @InvalidInput@ - The finding update contained an invalid value that
+--     did not satisfy the
+--     <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html Amazon Web Services Security Finding Format>
+--     syntax.
+--
+-- 'errorMessage', 'batchUpdateFindingsUnprocessedFinding_errorMessage' - The message associated with the error. Possible values are:
+--
+-- -   @Concurrent finding updates detected@
+--
+-- -   @Finding Identifier is duplicated@
+--
+-- -   @Finding Not Found@
+--
+-- -   @Finding size exceeded 240 KB@
+--
+-- -   @Internal service failure@
+--
+-- -   @Invalid Input@
+newBatchUpdateFindingsUnprocessedFinding ::
+  -- | 'findingIdentifier'
+  AwsSecurityFindingIdentifier ->
+  -- | 'errorCode'
+  Prelude.Text ->
+  -- | 'errorMessage'
+  Prelude.Text ->
+  BatchUpdateFindingsUnprocessedFinding
+newBatchUpdateFindingsUnprocessedFinding
+  pFindingIdentifier_
+  pErrorCode_
+  pErrorMessage_ =
+    BatchUpdateFindingsUnprocessedFinding'
+      { findingIdentifier =
+          pFindingIdentifier_,
+        errorCode = pErrorCode_,
+        errorMessage = pErrorMessage_
+      }
+
+-- | The identifier of the finding that was not updated.
+batchUpdateFindingsUnprocessedFinding_findingIdentifier :: Lens.Lens' BatchUpdateFindingsUnprocessedFinding AwsSecurityFindingIdentifier
+batchUpdateFindingsUnprocessedFinding_findingIdentifier = Lens.lens (\BatchUpdateFindingsUnprocessedFinding' {findingIdentifier} -> findingIdentifier) (\s@BatchUpdateFindingsUnprocessedFinding' {} a -> s {findingIdentifier = a} :: BatchUpdateFindingsUnprocessedFinding)
+
+-- | The code associated with the error. Possible values are:
+--
+-- -   @ConcurrentUpdateError@ - Another request attempted to update the
+--     finding while this request was being processed. This error may also
+--     occur if you call
+--     <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html BatchUpdateFindings>
+--     and
+--     <https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html BatchImportFindings>
+--     at the same time.
+--
+-- -   @DuplicatedFindingIdentifier@ - The request included two or more
+--     findings with the same @FindingIdentifier@.
+--
+-- -   @FindingNotFound@ - The @FindingIdentifier@ included in the request
+--     did not match an existing finding.
+--
+-- -   @FindingSizeExceeded@ - The finding size was greater than the
+--     permissible value of 240 KB.
+--
+-- -   @InternalFailure@ - An internal service failure occurred when
+--     updating the finding.
+--
+-- -   @InvalidInput@ - The finding update contained an invalid value that
+--     did not satisfy the
+--     <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html Amazon Web Services Security Finding Format>
+--     syntax.
+batchUpdateFindingsUnprocessedFinding_errorCode :: Lens.Lens' BatchUpdateFindingsUnprocessedFinding Prelude.Text
+batchUpdateFindingsUnprocessedFinding_errorCode = Lens.lens (\BatchUpdateFindingsUnprocessedFinding' {errorCode} -> errorCode) (\s@BatchUpdateFindingsUnprocessedFinding' {} a -> s {errorCode = a} :: BatchUpdateFindingsUnprocessedFinding)
+
+-- | The message associated with the error. Possible values are:
+--
+-- -   @Concurrent finding updates detected@
+--
+-- -   @Finding Identifier is duplicated@
+--
+-- -   @Finding Not Found@
+--
+-- -   @Finding size exceeded 240 KB@
+--
+-- -   @Internal service failure@
+--
+-- -   @Invalid Input@
+batchUpdateFindingsUnprocessedFinding_errorMessage :: Lens.Lens' BatchUpdateFindingsUnprocessedFinding Prelude.Text
+batchUpdateFindingsUnprocessedFinding_errorMessage = Lens.lens (\BatchUpdateFindingsUnprocessedFinding' {errorMessage} -> errorMessage) (\s@BatchUpdateFindingsUnprocessedFinding' {} a -> s {errorMessage = a} :: BatchUpdateFindingsUnprocessedFinding)
+
+instance
+  Data.FromJSON
+    BatchUpdateFindingsUnprocessedFinding
+  where
+  parseJSON =
+    Data.withObject
+      "BatchUpdateFindingsUnprocessedFinding"
+      ( \x ->
+          BatchUpdateFindingsUnprocessedFinding'
+            Prelude.<$> (x Data..: "FindingIdentifier")
+            Prelude.<*> (x Data..: "ErrorCode")
+            Prelude.<*> (x Data..: "ErrorMessage")
+      )
+
+instance
+  Prelude.Hashable
+    BatchUpdateFindingsUnprocessedFinding
+  where
+  hashWithSalt
+    _salt
+    BatchUpdateFindingsUnprocessedFinding' {..} =
+      _salt
+        `Prelude.hashWithSalt` findingIdentifier
+        `Prelude.hashWithSalt` errorCode
+        `Prelude.hashWithSalt` errorMessage
+
+instance
+  Prelude.NFData
+    BatchUpdateFindingsUnprocessedFinding
+  where
+  rnf BatchUpdateFindingsUnprocessedFinding' {..} =
+    Prelude.rnf findingIdentifier
+      `Prelude.seq` Prelude.rnf errorCode
+      `Prelude.seq` Prelude.rnf errorMessage
diff --git a/gen/Amazonka/SecurityHub/Types/BooleanFilter.hs b/gen/Amazonka/SecurityHub/Types/BooleanFilter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/BooleanFilter.hs
@@ -0,0 +1,74 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.BooleanFilter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.BooleanFilter where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Boolean filter for querying findings.
+--
+-- /See:/ 'newBooleanFilter' smart constructor.
+data BooleanFilter = BooleanFilter'
+  { -- | The value of the boolean.
+    value :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'BooleanFilter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'value', 'booleanFilter_value' - The value of the boolean.
+newBooleanFilter ::
+  BooleanFilter
+newBooleanFilter =
+  BooleanFilter' {value = Prelude.Nothing}
+
+-- | The value of the boolean.
+booleanFilter_value :: Lens.Lens' BooleanFilter (Prelude.Maybe Prelude.Bool)
+booleanFilter_value = Lens.lens (\BooleanFilter' {value} -> value) (\s@BooleanFilter' {} a -> s {value = a} :: BooleanFilter)
+
+instance Data.FromJSON BooleanFilter where
+  parseJSON =
+    Data.withObject
+      "BooleanFilter"
+      ( \x ->
+          BooleanFilter' Prelude.<$> (x Data..:? "Value")
+      )
+
+instance Prelude.Hashable BooleanFilter where
+  hashWithSalt _salt BooleanFilter' {..} =
+    _salt `Prelude.hashWithSalt` value
+
+instance Prelude.NFData BooleanFilter where
+  rnf BooleanFilter' {..} = Prelude.rnf value
+
+instance Data.ToJSON BooleanFilter where
+  toJSON BooleanFilter' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Value" Data..=) Prelude.<$> value]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Cell.hs b/gen/Amazonka/SecurityHub/Types/Cell.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Cell.hs
@@ -0,0 +1,135 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Cell
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Cell where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An occurrence of sensitive data detected in a Microsoft Excel workbook,
+-- comma-separated value (CSV) file, or tab-separated value (TSV) file.
+--
+-- /See:/ 'newCell' smart constructor.
+data Cell = Cell'
+  { -- | For a Microsoft Excel workbook, provides the location of the cell, as an
+    -- absolute cell reference, that contains the data. For example, Sheet2!C5
+    -- for cell C5 on Sheet2.
+    cellReference :: Prelude.Maybe Prelude.Text,
+    -- | The column number of the column that contains the data. For a Microsoft
+    -- Excel workbook, the column number corresponds to the alphabetical column
+    -- identifiers. For example, a value of 1 for Column corresponds to the A
+    -- column in the workbook.
+    column :: Prelude.Maybe Prelude.Integer,
+    -- | The name of the column that contains the data.
+    columnName :: Prelude.Maybe Prelude.Text,
+    -- | The row number of the row that contains the data.
+    row :: Prelude.Maybe Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Cell' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cellReference', 'cell_cellReference' - For a Microsoft Excel workbook, provides the location of the cell, as an
+-- absolute cell reference, that contains the data. For example, Sheet2!C5
+-- for cell C5 on Sheet2.
+--
+-- 'column', 'cell_column' - The column number of the column that contains the data. For a Microsoft
+-- Excel workbook, the column number corresponds to the alphabetical column
+-- identifiers. For example, a value of 1 for Column corresponds to the A
+-- column in the workbook.
+--
+-- 'columnName', 'cell_columnName' - The name of the column that contains the data.
+--
+-- 'row', 'cell_row' - The row number of the row that contains the data.
+newCell ::
+  Cell
+newCell =
+  Cell'
+    { cellReference = Prelude.Nothing,
+      column = Prelude.Nothing,
+      columnName = Prelude.Nothing,
+      row = Prelude.Nothing
+    }
+
+-- | For a Microsoft Excel workbook, provides the location of the cell, as an
+-- absolute cell reference, that contains the data. For example, Sheet2!C5
+-- for cell C5 on Sheet2.
+cell_cellReference :: Lens.Lens' Cell (Prelude.Maybe Prelude.Text)
+cell_cellReference = Lens.lens (\Cell' {cellReference} -> cellReference) (\s@Cell' {} a -> s {cellReference = a} :: Cell)
+
+-- | The column number of the column that contains the data. For a Microsoft
+-- Excel workbook, the column number corresponds to the alphabetical column
+-- identifiers. For example, a value of 1 for Column corresponds to the A
+-- column in the workbook.
+cell_column :: Lens.Lens' Cell (Prelude.Maybe Prelude.Integer)
+cell_column = Lens.lens (\Cell' {column} -> column) (\s@Cell' {} a -> s {column = a} :: Cell)
+
+-- | The name of the column that contains the data.
+cell_columnName :: Lens.Lens' Cell (Prelude.Maybe Prelude.Text)
+cell_columnName = Lens.lens (\Cell' {columnName} -> columnName) (\s@Cell' {} a -> s {columnName = a} :: Cell)
+
+-- | The row number of the row that contains the data.
+cell_row :: Lens.Lens' Cell (Prelude.Maybe Prelude.Integer)
+cell_row = Lens.lens (\Cell' {row} -> row) (\s@Cell' {} a -> s {row = a} :: Cell)
+
+instance Data.FromJSON Cell where
+  parseJSON =
+    Data.withObject
+      "Cell"
+      ( \x ->
+          Cell'
+            Prelude.<$> (x Data..:? "CellReference")
+            Prelude.<*> (x Data..:? "Column")
+            Prelude.<*> (x Data..:? "ColumnName")
+            Prelude.<*> (x Data..:? "Row")
+      )
+
+instance Prelude.Hashable Cell where
+  hashWithSalt _salt Cell' {..} =
+    _salt
+      `Prelude.hashWithSalt` cellReference
+      `Prelude.hashWithSalt` column
+      `Prelude.hashWithSalt` columnName
+      `Prelude.hashWithSalt` row
+
+instance Prelude.NFData Cell where
+  rnf Cell' {..} =
+    Prelude.rnf cellReference
+      `Prelude.seq` Prelude.rnf column
+      `Prelude.seq` Prelude.rnf columnName
+      `Prelude.seq` Prelude.rnf row
+
+instance Data.ToJSON Cell where
+  toJSON Cell' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CellReference" Data..=) Prelude.<$> cellReference,
+            ("Column" Data..=) Prelude.<$> column,
+            ("ColumnName" Data..=) Prelude.<$> columnName,
+            ("Row" Data..=) Prelude.<$> row
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/CidrBlockAssociation.hs b/gen/Amazonka/SecurityHub/Types/CidrBlockAssociation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/CidrBlockAssociation.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.CidrBlockAssociation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.CidrBlockAssociation where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An IPv4 CIDR block association.
+--
+-- /See:/ 'newCidrBlockAssociation' smart constructor.
+data CidrBlockAssociation = CidrBlockAssociation'
+  { -- | The association ID for the IPv4 CIDR block.
+    associationId :: Prelude.Maybe Prelude.Text,
+    -- | The IPv4 CIDR block.
+    cidrBlock :: Prelude.Maybe Prelude.Text,
+    -- | Information about the state of the IPv4 CIDR block.
+    cidrBlockState :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CidrBlockAssociation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'associationId', 'cidrBlockAssociation_associationId' - The association ID for the IPv4 CIDR block.
+--
+-- 'cidrBlock', 'cidrBlockAssociation_cidrBlock' - The IPv4 CIDR block.
+--
+-- 'cidrBlockState', 'cidrBlockAssociation_cidrBlockState' - Information about the state of the IPv4 CIDR block.
+newCidrBlockAssociation ::
+  CidrBlockAssociation
+newCidrBlockAssociation =
+  CidrBlockAssociation'
+    { associationId =
+        Prelude.Nothing,
+      cidrBlock = Prelude.Nothing,
+      cidrBlockState = Prelude.Nothing
+    }
+
+-- | The association ID for the IPv4 CIDR block.
+cidrBlockAssociation_associationId :: Lens.Lens' CidrBlockAssociation (Prelude.Maybe Prelude.Text)
+cidrBlockAssociation_associationId = Lens.lens (\CidrBlockAssociation' {associationId} -> associationId) (\s@CidrBlockAssociation' {} a -> s {associationId = a} :: CidrBlockAssociation)
+
+-- | The IPv4 CIDR block.
+cidrBlockAssociation_cidrBlock :: Lens.Lens' CidrBlockAssociation (Prelude.Maybe Prelude.Text)
+cidrBlockAssociation_cidrBlock = Lens.lens (\CidrBlockAssociation' {cidrBlock} -> cidrBlock) (\s@CidrBlockAssociation' {} a -> s {cidrBlock = a} :: CidrBlockAssociation)
+
+-- | Information about the state of the IPv4 CIDR block.
+cidrBlockAssociation_cidrBlockState :: Lens.Lens' CidrBlockAssociation (Prelude.Maybe Prelude.Text)
+cidrBlockAssociation_cidrBlockState = Lens.lens (\CidrBlockAssociation' {cidrBlockState} -> cidrBlockState) (\s@CidrBlockAssociation' {} a -> s {cidrBlockState = a} :: CidrBlockAssociation)
+
+instance Data.FromJSON CidrBlockAssociation where
+  parseJSON =
+    Data.withObject
+      "CidrBlockAssociation"
+      ( \x ->
+          CidrBlockAssociation'
+            Prelude.<$> (x Data..:? "AssociationId")
+            Prelude.<*> (x Data..:? "CidrBlock")
+            Prelude.<*> (x Data..:? "CidrBlockState")
+      )
+
+instance Prelude.Hashable CidrBlockAssociation where
+  hashWithSalt _salt CidrBlockAssociation' {..} =
+    _salt
+      `Prelude.hashWithSalt` associationId
+      `Prelude.hashWithSalt` cidrBlock
+      `Prelude.hashWithSalt` cidrBlockState
+
+instance Prelude.NFData CidrBlockAssociation where
+  rnf CidrBlockAssociation' {..} =
+    Prelude.rnf associationId
+      `Prelude.seq` Prelude.rnf cidrBlock
+      `Prelude.seq` Prelude.rnf cidrBlockState
+
+instance Data.ToJSON CidrBlockAssociation where
+  toJSON CidrBlockAssociation' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AssociationId" Data..=) Prelude.<$> associationId,
+            ("CidrBlock" Data..=) Prelude.<$> cidrBlock,
+            ("CidrBlockState" Data..=)
+              Prelude.<$> cidrBlockState
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/City.hs b/gen/Amazonka/SecurityHub/Types/City.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/City.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.City
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.City where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about a city.
+--
+-- /See:/ 'newCity' smart constructor.
+data City = City'
+  { -- | The name of the city.
+    cityName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'City' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cityName', 'city_cityName' - The name of the city.
+newCity ::
+  City
+newCity = City' {cityName = Prelude.Nothing}
+
+-- | The name of the city.
+city_cityName :: Lens.Lens' City (Prelude.Maybe Prelude.Text)
+city_cityName = Lens.lens (\City' {cityName} -> cityName) (\s@City' {} a -> s {cityName = a} :: City)
+
+instance Data.FromJSON City where
+  parseJSON =
+    Data.withObject
+      "City"
+      (\x -> City' Prelude.<$> (x Data..:? "CityName"))
+
+instance Prelude.Hashable City where
+  hashWithSalt _salt City' {..} =
+    _salt `Prelude.hashWithSalt` cityName
+
+instance Prelude.NFData City where
+  rnf City' {..} = Prelude.rnf cityName
+
+instance Data.ToJSON City where
+  toJSON City' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("CityName" Data..=) Prelude.<$> cityName]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/ClassificationResult.hs b/gen/Amazonka/SecurityHub/Types/ClassificationResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ClassificationResult.hs
@@ -0,0 +1,164 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ClassificationResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ClassificationResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.ClassificationStatus
+import Amazonka.SecurityHub.Types.CustomDataIdentifiersResult
+import Amazonka.SecurityHub.Types.SensitiveDataResult
+
+-- | Details about the sensitive data that was detected on the resource.
+--
+-- /See:/ 'newClassificationResult' smart constructor.
+data ClassificationResult = ClassificationResult'
+  { -- | Indicates whether there are additional occurrences of sensitive data
+    -- that are not included in the finding. This occurs when the number of
+    -- occurrences exceeds the maximum that can be included.
+    additionalOccurrences :: Prelude.Maybe Prelude.Bool,
+    -- | Provides details about sensitive data that was identified based on
+    -- customer-defined configuration.
+    customDataIdentifiers :: Prelude.Maybe CustomDataIdentifiersResult,
+    -- | The type of content that the finding applies to.
+    mimeType :: Prelude.Maybe Prelude.Text,
+    -- | Provides details about sensitive data that was identified based on
+    -- built-in configuration.
+    sensitiveData :: Prelude.Maybe [SensitiveDataResult],
+    -- | The total size in bytes of the affected data.
+    sizeClassified :: Prelude.Maybe Prelude.Integer,
+    -- | The current status of the sensitive data detection.
+    status :: Prelude.Maybe ClassificationStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ClassificationResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'additionalOccurrences', 'classificationResult_additionalOccurrences' - Indicates whether there are additional occurrences of sensitive data
+-- that are not included in the finding. This occurs when the number of
+-- occurrences exceeds the maximum that can be included.
+--
+-- 'customDataIdentifiers', 'classificationResult_customDataIdentifiers' - Provides details about sensitive data that was identified based on
+-- customer-defined configuration.
+--
+-- 'mimeType', 'classificationResult_mimeType' - The type of content that the finding applies to.
+--
+-- 'sensitiveData', 'classificationResult_sensitiveData' - Provides details about sensitive data that was identified based on
+-- built-in configuration.
+--
+-- 'sizeClassified', 'classificationResult_sizeClassified' - The total size in bytes of the affected data.
+--
+-- 'status', 'classificationResult_status' - The current status of the sensitive data detection.
+newClassificationResult ::
+  ClassificationResult
+newClassificationResult =
+  ClassificationResult'
+    { additionalOccurrences =
+        Prelude.Nothing,
+      customDataIdentifiers = Prelude.Nothing,
+      mimeType = Prelude.Nothing,
+      sensitiveData = Prelude.Nothing,
+      sizeClassified = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | Indicates whether there are additional occurrences of sensitive data
+-- that are not included in the finding. This occurs when the number of
+-- occurrences exceeds the maximum that can be included.
+classificationResult_additionalOccurrences :: Lens.Lens' ClassificationResult (Prelude.Maybe Prelude.Bool)
+classificationResult_additionalOccurrences = Lens.lens (\ClassificationResult' {additionalOccurrences} -> additionalOccurrences) (\s@ClassificationResult' {} a -> s {additionalOccurrences = a} :: ClassificationResult)
+
+-- | Provides details about sensitive data that was identified based on
+-- customer-defined configuration.
+classificationResult_customDataIdentifiers :: Lens.Lens' ClassificationResult (Prelude.Maybe CustomDataIdentifiersResult)
+classificationResult_customDataIdentifiers = Lens.lens (\ClassificationResult' {customDataIdentifiers} -> customDataIdentifiers) (\s@ClassificationResult' {} a -> s {customDataIdentifiers = a} :: ClassificationResult)
+
+-- | The type of content that the finding applies to.
+classificationResult_mimeType :: Lens.Lens' ClassificationResult (Prelude.Maybe Prelude.Text)
+classificationResult_mimeType = Lens.lens (\ClassificationResult' {mimeType} -> mimeType) (\s@ClassificationResult' {} a -> s {mimeType = a} :: ClassificationResult)
+
+-- | Provides details about sensitive data that was identified based on
+-- built-in configuration.
+classificationResult_sensitiveData :: Lens.Lens' ClassificationResult (Prelude.Maybe [SensitiveDataResult])
+classificationResult_sensitiveData = Lens.lens (\ClassificationResult' {sensitiveData} -> sensitiveData) (\s@ClassificationResult' {} a -> s {sensitiveData = a} :: ClassificationResult) Prelude.. Lens.mapping Lens.coerced
+
+-- | The total size in bytes of the affected data.
+classificationResult_sizeClassified :: Lens.Lens' ClassificationResult (Prelude.Maybe Prelude.Integer)
+classificationResult_sizeClassified = Lens.lens (\ClassificationResult' {sizeClassified} -> sizeClassified) (\s@ClassificationResult' {} a -> s {sizeClassified = a} :: ClassificationResult)
+
+-- | The current status of the sensitive data detection.
+classificationResult_status :: Lens.Lens' ClassificationResult (Prelude.Maybe ClassificationStatus)
+classificationResult_status = Lens.lens (\ClassificationResult' {status} -> status) (\s@ClassificationResult' {} a -> s {status = a} :: ClassificationResult)
+
+instance Data.FromJSON ClassificationResult where
+  parseJSON =
+    Data.withObject
+      "ClassificationResult"
+      ( \x ->
+          ClassificationResult'
+            Prelude.<$> (x Data..:? "AdditionalOccurrences")
+            Prelude.<*> (x Data..:? "CustomDataIdentifiers")
+            Prelude.<*> (x Data..:? "MimeType")
+            Prelude.<*> (x Data..:? "SensitiveData" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "SizeClassified")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance Prelude.Hashable ClassificationResult where
+  hashWithSalt _salt ClassificationResult' {..} =
+    _salt
+      `Prelude.hashWithSalt` additionalOccurrences
+      `Prelude.hashWithSalt` customDataIdentifiers
+      `Prelude.hashWithSalt` mimeType
+      `Prelude.hashWithSalt` sensitiveData
+      `Prelude.hashWithSalt` sizeClassified
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData ClassificationResult where
+  rnf ClassificationResult' {..} =
+    Prelude.rnf additionalOccurrences
+      `Prelude.seq` Prelude.rnf customDataIdentifiers
+      `Prelude.seq` Prelude.rnf mimeType
+      `Prelude.seq` Prelude.rnf sensitiveData
+      `Prelude.seq` Prelude.rnf sizeClassified
+      `Prelude.seq` Prelude.rnf status
+
+instance Data.ToJSON ClassificationResult where
+  toJSON ClassificationResult' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AdditionalOccurrences" Data..=)
+              Prelude.<$> additionalOccurrences,
+            ("CustomDataIdentifiers" Data..=)
+              Prelude.<$> customDataIdentifiers,
+            ("MimeType" Data..=) Prelude.<$> mimeType,
+            ("SensitiveData" Data..=) Prelude.<$> sensitiveData,
+            ("SizeClassified" Data..=)
+              Prelude.<$> sizeClassified,
+            ("Status" Data..=) Prelude.<$> status
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/ClassificationStatus.hs b/gen/Amazonka/SecurityHub/Types/ClassificationStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ClassificationStatus.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ClassificationStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ClassificationStatus where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about the current status of the sensitive data
+-- detection.
+--
+-- /See:/ 'newClassificationStatus' smart constructor.
+data ClassificationStatus = ClassificationStatus'
+  { -- | The code that represents the status of the sensitive data detection.
+    code :: Prelude.Maybe Prelude.Text,
+    -- | A longer description of the current status of the sensitive data
+    -- detection.
+    reason :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ClassificationStatus' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'code', 'classificationStatus_code' - The code that represents the status of the sensitive data detection.
+--
+-- 'reason', 'classificationStatus_reason' - A longer description of the current status of the sensitive data
+-- detection.
+newClassificationStatus ::
+  ClassificationStatus
+newClassificationStatus =
+  ClassificationStatus'
+    { code = Prelude.Nothing,
+      reason = Prelude.Nothing
+    }
+
+-- | The code that represents the status of the sensitive data detection.
+classificationStatus_code :: Lens.Lens' ClassificationStatus (Prelude.Maybe Prelude.Text)
+classificationStatus_code = Lens.lens (\ClassificationStatus' {code} -> code) (\s@ClassificationStatus' {} a -> s {code = a} :: ClassificationStatus)
+
+-- | A longer description of the current status of the sensitive data
+-- detection.
+classificationStatus_reason :: Lens.Lens' ClassificationStatus (Prelude.Maybe Prelude.Text)
+classificationStatus_reason = Lens.lens (\ClassificationStatus' {reason} -> reason) (\s@ClassificationStatus' {} a -> s {reason = a} :: ClassificationStatus)
+
+instance Data.FromJSON ClassificationStatus where
+  parseJSON =
+    Data.withObject
+      "ClassificationStatus"
+      ( \x ->
+          ClassificationStatus'
+            Prelude.<$> (x Data..:? "Code")
+            Prelude.<*> (x Data..:? "Reason")
+      )
+
+instance Prelude.Hashable ClassificationStatus where
+  hashWithSalt _salt ClassificationStatus' {..} =
+    _salt
+      `Prelude.hashWithSalt` code
+      `Prelude.hashWithSalt` reason
+
+instance Prelude.NFData ClassificationStatus where
+  rnf ClassificationStatus' {..} =
+    Prelude.rnf code `Prelude.seq` Prelude.rnf reason
+
+instance Data.ToJSON ClassificationStatus where
+  toJSON ClassificationStatus' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Code" Data..=) Prelude.<$> code,
+            ("Reason" Data..=) Prelude.<$> reason
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Compliance.hs b/gen/Amazonka/SecurityHub/Types/Compliance.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Compliance.hs
@@ -0,0 +1,176 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Compliance
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Compliance where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.ComplianceStatus
+import Amazonka.SecurityHub.Types.StatusReason
+
+-- | Contains finding details that are specific to control-based findings.
+-- Only returned for findings generated from controls.
+--
+-- /See:/ 'newCompliance' smart constructor.
+data Compliance = Compliance'
+  { -- | For a control, the industry or regulatory framework requirements that
+    -- are related to the control. The check for that control is aligned with
+    -- these requirements.
+    relatedRequirements :: Prelude.Maybe [Prelude.Text],
+    -- | The result of a standards check.
+    --
+    -- The valid values for @Status@ are as follows.
+    --
+    -- -   -   @PASSED@ - Standards check passed for all evaluated resources.
+    --
+    --     -   @WARNING@ - Some information is missing or this check is not
+    --         supported for your configuration.
+    --
+    --     -   @FAILED@ - Standards check failed for at least one evaluated
+    --         resource.
+    --
+    --     -   @NOT_AVAILABLE@ - Check could not be performed due to a service
+    --         outage, API error, or because the result of the Config
+    --         evaluation was @NOT_APPLICABLE@. If the Config evaluation result
+    --         was @NOT_APPLICABLE@, then after 3 days, Security Hub
+    --         automatically archives the finding.
+    status :: Prelude.Maybe ComplianceStatus,
+    -- | For findings generated from controls, a list of reasons behind the value
+    -- of @Status@. For the list of status reason codes and their meanings, see
+    -- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff Standards-related information in the ASFF>
+    -- in the /Security Hub User Guide/.
+    statusReasons :: Prelude.Maybe [StatusReason]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Compliance' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'relatedRequirements', 'compliance_relatedRequirements' - For a control, the industry or regulatory framework requirements that
+-- are related to the control. The check for that control is aligned with
+-- these requirements.
+--
+-- 'status', 'compliance_status' - The result of a standards check.
+--
+-- The valid values for @Status@ are as follows.
+--
+-- -   -   @PASSED@ - Standards check passed for all evaluated resources.
+--
+--     -   @WARNING@ - Some information is missing or this check is not
+--         supported for your configuration.
+--
+--     -   @FAILED@ - Standards check failed for at least one evaluated
+--         resource.
+--
+--     -   @NOT_AVAILABLE@ - Check could not be performed due to a service
+--         outage, API error, or because the result of the Config
+--         evaluation was @NOT_APPLICABLE@. If the Config evaluation result
+--         was @NOT_APPLICABLE@, then after 3 days, Security Hub
+--         automatically archives the finding.
+--
+-- 'statusReasons', 'compliance_statusReasons' - For findings generated from controls, a list of reasons behind the value
+-- of @Status@. For the list of status reason codes and their meanings, see
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff Standards-related information in the ASFF>
+-- in the /Security Hub User Guide/.
+newCompliance ::
+  Compliance
+newCompliance =
+  Compliance'
+    { relatedRequirements = Prelude.Nothing,
+      status = Prelude.Nothing,
+      statusReasons = Prelude.Nothing
+    }
+
+-- | For a control, the industry or regulatory framework requirements that
+-- are related to the control. The check for that control is aligned with
+-- these requirements.
+compliance_relatedRequirements :: Lens.Lens' Compliance (Prelude.Maybe [Prelude.Text])
+compliance_relatedRequirements = Lens.lens (\Compliance' {relatedRequirements} -> relatedRequirements) (\s@Compliance' {} a -> s {relatedRequirements = a} :: Compliance) Prelude.. Lens.mapping Lens.coerced
+
+-- | The result of a standards check.
+--
+-- The valid values for @Status@ are as follows.
+--
+-- -   -   @PASSED@ - Standards check passed for all evaluated resources.
+--
+--     -   @WARNING@ - Some information is missing or this check is not
+--         supported for your configuration.
+--
+--     -   @FAILED@ - Standards check failed for at least one evaluated
+--         resource.
+--
+--     -   @NOT_AVAILABLE@ - Check could not be performed due to a service
+--         outage, API error, or because the result of the Config
+--         evaluation was @NOT_APPLICABLE@. If the Config evaluation result
+--         was @NOT_APPLICABLE@, then after 3 days, Security Hub
+--         automatically archives the finding.
+compliance_status :: Lens.Lens' Compliance (Prelude.Maybe ComplianceStatus)
+compliance_status = Lens.lens (\Compliance' {status} -> status) (\s@Compliance' {} a -> s {status = a} :: Compliance)
+
+-- | For findings generated from controls, a list of reasons behind the value
+-- of @Status@. For the list of status reason codes and their meanings, see
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff Standards-related information in the ASFF>
+-- in the /Security Hub User Guide/.
+compliance_statusReasons :: Lens.Lens' Compliance (Prelude.Maybe [StatusReason])
+compliance_statusReasons = Lens.lens (\Compliance' {statusReasons} -> statusReasons) (\s@Compliance' {} a -> s {statusReasons = a} :: Compliance) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON Compliance where
+  parseJSON =
+    Data.withObject
+      "Compliance"
+      ( \x ->
+          Compliance'
+            Prelude.<$> ( x
+                            Data..:? "RelatedRequirements"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "StatusReasons" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable Compliance where
+  hashWithSalt _salt Compliance' {..} =
+    _salt
+      `Prelude.hashWithSalt` relatedRequirements
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` statusReasons
+
+instance Prelude.NFData Compliance where
+  rnf Compliance' {..} =
+    Prelude.rnf relatedRequirements
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf statusReasons
+
+instance Data.ToJSON Compliance where
+  toJSON Compliance' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("RelatedRequirements" Data..=)
+              Prelude.<$> relatedRequirements,
+            ("Status" Data..=) Prelude.<$> status,
+            ("StatusReasons" Data..=) Prelude.<$> statusReasons
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/ComplianceStatus.hs b/gen/Amazonka/SecurityHub/Types/ComplianceStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ComplianceStatus.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ComplianceStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ComplianceStatus
+  ( ComplianceStatus
+      ( ..,
+        ComplianceStatus_FAILED,
+        ComplianceStatus_NOT_AVAILABLE,
+        ComplianceStatus_PASSED,
+        ComplianceStatus_WARNING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ComplianceStatus = ComplianceStatus'
+  { fromComplianceStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ComplianceStatus_FAILED :: ComplianceStatus
+pattern ComplianceStatus_FAILED = ComplianceStatus' "FAILED"
+
+pattern ComplianceStatus_NOT_AVAILABLE :: ComplianceStatus
+pattern ComplianceStatus_NOT_AVAILABLE = ComplianceStatus' "NOT_AVAILABLE"
+
+pattern ComplianceStatus_PASSED :: ComplianceStatus
+pattern ComplianceStatus_PASSED = ComplianceStatus' "PASSED"
+
+pattern ComplianceStatus_WARNING :: ComplianceStatus
+pattern ComplianceStatus_WARNING = ComplianceStatus' "WARNING"
+
+{-# COMPLETE
+  ComplianceStatus_FAILED,
+  ComplianceStatus_NOT_AVAILABLE,
+  ComplianceStatus_PASSED,
+  ComplianceStatus_WARNING,
+  ComplianceStatus'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/ContainerDetails.hs b/gen/Amazonka/SecurityHub/Types/ContainerDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ContainerDetails.hs
@@ -0,0 +1,179 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ContainerDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ContainerDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.VolumeMount
+
+-- | Container details related to a finding.
+--
+-- /See:/ 'newContainerDetails' smart constructor.
+data ContainerDetails = ContainerDetails'
+  { -- | The runtime of the container.
+    containerRuntime :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the container image related to a finding.
+    imageId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the container image related to a finding.
+    imageName :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the container started.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    launchedAt :: Prelude.Maybe Prelude.Text,
+    -- | The name of the container related to a finding.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | When this parameter is @true@, the container is given elevated
+    -- privileges on the host container instance (similar to the root user).
+    privileged :: Prelude.Maybe Prelude.Bool,
+    -- | Provides information about the mounting of a volume in a container.
+    volumeMounts :: Prelude.Maybe [VolumeMount]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ContainerDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'containerRuntime', 'containerDetails_containerRuntime' - The runtime of the container.
+--
+-- 'imageId', 'containerDetails_imageId' - The identifier of the container image related to a finding.
+--
+-- 'imageName', 'containerDetails_imageName' - The name of the container image related to a finding.
+--
+-- 'launchedAt', 'containerDetails_launchedAt' - Indicates when the container started.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'name', 'containerDetails_name' - The name of the container related to a finding.
+--
+-- 'privileged', 'containerDetails_privileged' - When this parameter is @true@, the container is given elevated
+-- privileges on the host container instance (similar to the root user).
+--
+-- 'volumeMounts', 'containerDetails_volumeMounts' - Provides information about the mounting of a volume in a container.
+newContainerDetails ::
+  ContainerDetails
+newContainerDetails =
+  ContainerDetails'
+    { containerRuntime =
+        Prelude.Nothing,
+      imageId = Prelude.Nothing,
+      imageName = Prelude.Nothing,
+      launchedAt = Prelude.Nothing,
+      name = Prelude.Nothing,
+      privileged = Prelude.Nothing,
+      volumeMounts = Prelude.Nothing
+    }
+
+-- | The runtime of the container.
+containerDetails_containerRuntime :: Lens.Lens' ContainerDetails (Prelude.Maybe Prelude.Text)
+containerDetails_containerRuntime = Lens.lens (\ContainerDetails' {containerRuntime} -> containerRuntime) (\s@ContainerDetails' {} a -> s {containerRuntime = a} :: ContainerDetails)
+
+-- | The identifier of the container image related to a finding.
+containerDetails_imageId :: Lens.Lens' ContainerDetails (Prelude.Maybe Prelude.Text)
+containerDetails_imageId = Lens.lens (\ContainerDetails' {imageId} -> imageId) (\s@ContainerDetails' {} a -> s {imageId = a} :: ContainerDetails)
+
+-- | The name of the container image related to a finding.
+containerDetails_imageName :: Lens.Lens' ContainerDetails (Prelude.Maybe Prelude.Text)
+containerDetails_imageName = Lens.lens (\ContainerDetails' {imageName} -> imageName) (\s@ContainerDetails' {} a -> s {imageName = a} :: ContainerDetails)
+
+-- | Indicates when the container started.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+containerDetails_launchedAt :: Lens.Lens' ContainerDetails (Prelude.Maybe Prelude.Text)
+containerDetails_launchedAt = Lens.lens (\ContainerDetails' {launchedAt} -> launchedAt) (\s@ContainerDetails' {} a -> s {launchedAt = a} :: ContainerDetails)
+
+-- | The name of the container related to a finding.
+containerDetails_name :: Lens.Lens' ContainerDetails (Prelude.Maybe Prelude.Text)
+containerDetails_name = Lens.lens (\ContainerDetails' {name} -> name) (\s@ContainerDetails' {} a -> s {name = a} :: ContainerDetails)
+
+-- | When this parameter is @true@, the container is given elevated
+-- privileges on the host container instance (similar to the root user).
+containerDetails_privileged :: Lens.Lens' ContainerDetails (Prelude.Maybe Prelude.Bool)
+containerDetails_privileged = Lens.lens (\ContainerDetails' {privileged} -> privileged) (\s@ContainerDetails' {} a -> s {privileged = a} :: ContainerDetails)
+
+-- | Provides information about the mounting of a volume in a container.
+containerDetails_volumeMounts :: Lens.Lens' ContainerDetails (Prelude.Maybe [VolumeMount])
+containerDetails_volumeMounts = Lens.lens (\ContainerDetails' {volumeMounts} -> volumeMounts) (\s@ContainerDetails' {} a -> s {volumeMounts = a} :: ContainerDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON ContainerDetails where
+  parseJSON =
+    Data.withObject
+      "ContainerDetails"
+      ( \x ->
+          ContainerDetails'
+            Prelude.<$> (x Data..:? "ContainerRuntime")
+            Prelude.<*> (x Data..:? "ImageId")
+            Prelude.<*> (x Data..:? "ImageName")
+            Prelude.<*> (x Data..:? "LaunchedAt")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Privileged")
+            Prelude.<*> (x Data..:? "VolumeMounts" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable ContainerDetails where
+  hashWithSalt _salt ContainerDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` containerRuntime
+      `Prelude.hashWithSalt` imageId
+      `Prelude.hashWithSalt` imageName
+      `Prelude.hashWithSalt` launchedAt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` privileged
+      `Prelude.hashWithSalt` volumeMounts
+
+instance Prelude.NFData ContainerDetails where
+  rnf ContainerDetails' {..} =
+    Prelude.rnf containerRuntime
+      `Prelude.seq` Prelude.rnf imageId
+      `Prelude.seq` Prelude.rnf imageName
+      `Prelude.seq` Prelude.rnf launchedAt
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf privileged
+      `Prelude.seq` Prelude.rnf volumeMounts
+
+instance Data.ToJSON ContainerDetails where
+  toJSON ContainerDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ContainerRuntime" Data..=)
+              Prelude.<$> containerRuntime,
+            ("ImageId" Data..=) Prelude.<$> imageId,
+            ("ImageName" Data..=) Prelude.<$> imageName,
+            ("LaunchedAt" Data..=) Prelude.<$> launchedAt,
+            ("Name" Data..=) Prelude.<$> name,
+            ("Privileged" Data..=) Prelude.<$> privileged,
+            ("VolumeMounts" Data..=) Prelude.<$> volumeMounts
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/ControlStatus.hs b/gen/Amazonka/SecurityHub/Types/ControlStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ControlStatus.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ControlStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ControlStatus
+  ( ControlStatus
+      ( ..,
+        ControlStatus_DISABLED,
+        ControlStatus_ENABLED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ControlStatus = ControlStatus'
+  { fromControlStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ControlStatus_DISABLED :: ControlStatus
+pattern ControlStatus_DISABLED = ControlStatus' "DISABLED"
+
+pattern ControlStatus_ENABLED :: ControlStatus
+pattern ControlStatus_ENABLED = ControlStatus' "ENABLED"
+
+{-# COMPLETE
+  ControlStatus_DISABLED,
+  ControlStatus_ENABLED,
+  ControlStatus'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/Country.hs b/gen/Amazonka/SecurityHub/Types/Country.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Country.hs
@@ -0,0 +1,93 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Country
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Country where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about a country.
+--
+-- /See:/ 'newCountry' smart constructor.
+data Country = Country'
+  { -- | The 2-letter ISO 3166 country code for the country.
+    countryCode :: Prelude.Maybe Prelude.Text,
+    -- | The name of the country.
+    countryName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Country' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'countryCode', 'country_countryCode' - The 2-letter ISO 3166 country code for the country.
+--
+-- 'countryName', 'country_countryName' - The name of the country.
+newCountry ::
+  Country
+newCountry =
+  Country'
+    { countryCode = Prelude.Nothing,
+      countryName = Prelude.Nothing
+    }
+
+-- | The 2-letter ISO 3166 country code for the country.
+country_countryCode :: Lens.Lens' Country (Prelude.Maybe Prelude.Text)
+country_countryCode = Lens.lens (\Country' {countryCode} -> countryCode) (\s@Country' {} a -> s {countryCode = a} :: Country)
+
+-- | The name of the country.
+country_countryName :: Lens.Lens' Country (Prelude.Maybe Prelude.Text)
+country_countryName = Lens.lens (\Country' {countryName} -> countryName) (\s@Country' {} a -> s {countryName = a} :: Country)
+
+instance Data.FromJSON Country where
+  parseJSON =
+    Data.withObject
+      "Country"
+      ( \x ->
+          Country'
+            Prelude.<$> (x Data..:? "CountryCode")
+            Prelude.<*> (x Data..:? "CountryName")
+      )
+
+instance Prelude.Hashable Country where
+  hashWithSalt _salt Country' {..} =
+    _salt
+      `Prelude.hashWithSalt` countryCode
+      `Prelude.hashWithSalt` countryName
+
+instance Prelude.NFData Country where
+  rnf Country' {..} =
+    Prelude.rnf countryCode
+      `Prelude.seq` Prelude.rnf countryName
+
+instance Data.ToJSON Country where
+  toJSON Country' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CountryCode" Data..=) Prelude.<$> countryCode,
+            ("CountryName" Data..=) Prelude.<$> countryName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/CustomDataIdentifiersDetections.hs b/gen/Amazonka/SecurityHub/Types/CustomDataIdentifiersDetections.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/CustomDataIdentifiersDetections.hs
@@ -0,0 +1,135 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.CustomDataIdentifiersDetections
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.CustomDataIdentifiersDetections where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.Occurrences
+
+-- | The list of detected instances of sensitive data.
+--
+-- /See:/ 'newCustomDataIdentifiersDetections' smart constructor.
+data CustomDataIdentifiersDetections = CustomDataIdentifiersDetections'
+  { -- | The ARN of the custom identifier that was used to detect the sensitive
+    -- data.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The total number of occurrences of sensitive data that were detected.
+    count :: Prelude.Maybe Prelude.Integer,
+    -- | he name of the custom identifier that detected the sensitive data.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | Details about the sensitive data that was detected.
+    occurrences :: Prelude.Maybe Occurrences
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CustomDataIdentifiersDetections' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'customDataIdentifiersDetections_arn' - The ARN of the custom identifier that was used to detect the sensitive
+-- data.
+--
+-- 'count', 'customDataIdentifiersDetections_count' - The total number of occurrences of sensitive data that were detected.
+--
+-- 'name', 'customDataIdentifiersDetections_name' - he name of the custom identifier that detected the sensitive data.
+--
+-- 'occurrences', 'customDataIdentifiersDetections_occurrences' - Details about the sensitive data that was detected.
+newCustomDataIdentifiersDetections ::
+  CustomDataIdentifiersDetections
+newCustomDataIdentifiersDetections =
+  CustomDataIdentifiersDetections'
+    { arn =
+        Prelude.Nothing,
+      count = Prelude.Nothing,
+      name = Prelude.Nothing,
+      occurrences = Prelude.Nothing
+    }
+
+-- | The ARN of the custom identifier that was used to detect the sensitive
+-- data.
+customDataIdentifiersDetections_arn :: Lens.Lens' CustomDataIdentifiersDetections (Prelude.Maybe Prelude.Text)
+customDataIdentifiersDetections_arn = Lens.lens (\CustomDataIdentifiersDetections' {arn} -> arn) (\s@CustomDataIdentifiersDetections' {} a -> s {arn = a} :: CustomDataIdentifiersDetections)
+
+-- | The total number of occurrences of sensitive data that were detected.
+customDataIdentifiersDetections_count :: Lens.Lens' CustomDataIdentifiersDetections (Prelude.Maybe Prelude.Integer)
+customDataIdentifiersDetections_count = Lens.lens (\CustomDataIdentifiersDetections' {count} -> count) (\s@CustomDataIdentifiersDetections' {} a -> s {count = a} :: CustomDataIdentifiersDetections)
+
+-- | he name of the custom identifier that detected the sensitive data.
+customDataIdentifiersDetections_name :: Lens.Lens' CustomDataIdentifiersDetections (Prelude.Maybe Prelude.Text)
+customDataIdentifiersDetections_name = Lens.lens (\CustomDataIdentifiersDetections' {name} -> name) (\s@CustomDataIdentifiersDetections' {} a -> s {name = a} :: CustomDataIdentifiersDetections)
+
+-- | Details about the sensitive data that was detected.
+customDataIdentifiersDetections_occurrences :: Lens.Lens' CustomDataIdentifiersDetections (Prelude.Maybe Occurrences)
+customDataIdentifiersDetections_occurrences = Lens.lens (\CustomDataIdentifiersDetections' {occurrences} -> occurrences) (\s@CustomDataIdentifiersDetections' {} a -> s {occurrences = a} :: CustomDataIdentifiersDetections)
+
+instance
+  Data.FromJSON
+    CustomDataIdentifiersDetections
+  where
+  parseJSON =
+    Data.withObject
+      "CustomDataIdentifiersDetections"
+      ( \x ->
+          CustomDataIdentifiersDetections'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "Count")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Occurrences")
+      )
+
+instance
+  Prelude.Hashable
+    CustomDataIdentifiersDetections
+  where
+  hashWithSalt
+    _salt
+    CustomDataIdentifiersDetections' {..} =
+      _salt
+        `Prelude.hashWithSalt` arn
+        `Prelude.hashWithSalt` count
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` occurrences
+
+instance
+  Prelude.NFData
+    CustomDataIdentifiersDetections
+  where
+  rnf CustomDataIdentifiersDetections' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf count
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf occurrences
+
+instance Data.ToJSON CustomDataIdentifiersDetections where
+  toJSON CustomDataIdentifiersDetections' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Arn" Data..=) Prelude.<$> arn,
+            ("Count" Data..=) Prelude.<$> count,
+            ("Name" Data..=) Prelude.<$> name,
+            ("Occurrences" Data..=) Prelude.<$> occurrences
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/CustomDataIdentifiersResult.hs b/gen/Amazonka/SecurityHub/Types/CustomDataIdentifiersResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/CustomDataIdentifiersResult.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.CustomDataIdentifiersResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.CustomDataIdentifiersResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.CustomDataIdentifiersDetections
+
+-- | Contains an instance of sensitive data that was detected by a
+-- customer-defined identifier.
+--
+-- /See:/ 'newCustomDataIdentifiersResult' smart constructor.
+data CustomDataIdentifiersResult = CustomDataIdentifiersResult'
+  { -- | The list of detected instances of sensitive data.
+    detections :: Prelude.Maybe [CustomDataIdentifiersDetections],
+    -- | The total number of occurrences of sensitive data.
+    totalCount :: Prelude.Maybe Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CustomDataIdentifiersResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detections', 'customDataIdentifiersResult_detections' - The list of detected instances of sensitive data.
+--
+-- 'totalCount', 'customDataIdentifiersResult_totalCount' - The total number of occurrences of sensitive data.
+newCustomDataIdentifiersResult ::
+  CustomDataIdentifiersResult
+newCustomDataIdentifiersResult =
+  CustomDataIdentifiersResult'
+    { detections =
+        Prelude.Nothing,
+      totalCount = Prelude.Nothing
+    }
+
+-- | The list of detected instances of sensitive data.
+customDataIdentifiersResult_detections :: Lens.Lens' CustomDataIdentifiersResult (Prelude.Maybe [CustomDataIdentifiersDetections])
+customDataIdentifiersResult_detections = Lens.lens (\CustomDataIdentifiersResult' {detections} -> detections) (\s@CustomDataIdentifiersResult' {} a -> s {detections = a} :: CustomDataIdentifiersResult) Prelude.. Lens.mapping Lens.coerced
+
+-- | The total number of occurrences of sensitive data.
+customDataIdentifiersResult_totalCount :: Lens.Lens' CustomDataIdentifiersResult (Prelude.Maybe Prelude.Integer)
+customDataIdentifiersResult_totalCount = Lens.lens (\CustomDataIdentifiersResult' {totalCount} -> totalCount) (\s@CustomDataIdentifiersResult' {} a -> s {totalCount = a} :: CustomDataIdentifiersResult)
+
+instance Data.FromJSON CustomDataIdentifiersResult where
+  parseJSON =
+    Data.withObject
+      "CustomDataIdentifiersResult"
+      ( \x ->
+          CustomDataIdentifiersResult'
+            Prelude.<$> (x Data..:? "Detections" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "TotalCount")
+      )
+
+instance Prelude.Hashable CustomDataIdentifiersResult where
+  hashWithSalt _salt CustomDataIdentifiersResult' {..} =
+    _salt
+      `Prelude.hashWithSalt` detections
+      `Prelude.hashWithSalt` totalCount
+
+instance Prelude.NFData CustomDataIdentifiersResult where
+  rnf CustomDataIdentifiersResult' {..} =
+    Prelude.rnf detections
+      `Prelude.seq` Prelude.rnf totalCount
+
+instance Data.ToJSON CustomDataIdentifiersResult where
+  toJSON CustomDataIdentifiersResult' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Detections" Data..=) Prelude.<$> detections,
+            ("TotalCount" Data..=) Prelude.<$> totalCount
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Cvss.hs b/gen/Amazonka/SecurityHub/Types/Cvss.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Cvss.hs
@@ -0,0 +1,133 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Cvss
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Cvss where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.Adjustment
+
+-- | CVSS scores from the advisory related to the vulnerability.
+--
+-- /See:/ 'newCvss' smart constructor.
+data Cvss = Cvss'
+  { -- | Adjustments to the CVSS metrics.
+    adjustments :: Prelude.Maybe [Adjustment],
+    -- | The base CVSS score.
+    baseScore :: Prelude.Maybe Prelude.Double,
+    -- | The base scoring vector for the CVSS score.
+    baseVector :: Prelude.Maybe Prelude.Text,
+    -- | The origin of the original CVSS score and vector.
+    source :: Prelude.Maybe Prelude.Text,
+    -- | The version of CVSS for the CVSS score.
+    version :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Cvss' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'adjustments', 'cvss_adjustments' - Adjustments to the CVSS metrics.
+--
+-- 'baseScore', 'cvss_baseScore' - The base CVSS score.
+--
+-- 'baseVector', 'cvss_baseVector' - The base scoring vector for the CVSS score.
+--
+-- 'source', 'cvss_source' - The origin of the original CVSS score and vector.
+--
+-- 'version', 'cvss_version' - The version of CVSS for the CVSS score.
+newCvss ::
+  Cvss
+newCvss =
+  Cvss'
+    { adjustments = Prelude.Nothing,
+      baseScore = Prelude.Nothing,
+      baseVector = Prelude.Nothing,
+      source = Prelude.Nothing,
+      version = Prelude.Nothing
+    }
+
+-- | Adjustments to the CVSS metrics.
+cvss_adjustments :: Lens.Lens' Cvss (Prelude.Maybe [Adjustment])
+cvss_adjustments = Lens.lens (\Cvss' {adjustments} -> adjustments) (\s@Cvss' {} a -> s {adjustments = a} :: Cvss) Prelude.. Lens.mapping Lens.coerced
+
+-- | The base CVSS score.
+cvss_baseScore :: Lens.Lens' Cvss (Prelude.Maybe Prelude.Double)
+cvss_baseScore = Lens.lens (\Cvss' {baseScore} -> baseScore) (\s@Cvss' {} a -> s {baseScore = a} :: Cvss)
+
+-- | The base scoring vector for the CVSS score.
+cvss_baseVector :: Lens.Lens' Cvss (Prelude.Maybe Prelude.Text)
+cvss_baseVector = Lens.lens (\Cvss' {baseVector} -> baseVector) (\s@Cvss' {} a -> s {baseVector = a} :: Cvss)
+
+-- | The origin of the original CVSS score and vector.
+cvss_source :: Lens.Lens' Cvss (Prelude.Maybe Prelude.Text)
+cvss_source = Lens.lens (\Cvss' {source} -> source) (\s@Cvss' {} a -> s {source = a} :: Cvss)
+
+-- | The version of CVSS for the CVSS score.
+cvss_version :: Lens.Lens' Cvss (Prelude.Maybe Prelude.Text)
+cvss_version = Lens.lens (\Cvss' {version} -> version) (\s@Cvss' {} a -> s {version = a} :: Cvss)
+
+instance Data.FromJSON Cvss where
+  parseJSON =
+    Data.withObject
+      "Cvss"
+      ( \x ->
+          Cvss'
+            Prelude.<$> (x Data..:? "Adjustments" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "BaseScore")
+            Prelude.<*> (x Data..:? "BaseVector")
+            Prelude.<*> (x Data..:? "Source")
+            Prelude.<*> (x Data..:? "Version")
+      )
+
+instance Prelude.Hashable Cvss where
+  hashWithSalt _salt Cvss' {..} =
+    _salt
+      `Prelude.hashWithSalt` adjustments
+      `Prelude.hashWithSalt` baseScore
+      `Prelude.hashWithSalt` baseVector
+      `Prelude.hashWithSalt` source
+      `Prelude.hashWithSalt` version
+
+instance Prelude.NFData Cvss where
+  rnf Cvss' {..} =
+    Prelude.rnf adjustments
+      `Prelude.seq` Prelude.rnf baseScore
+      `Prelude.seq` Prelude.rnf baseVector
+      `Prelude.seq` Prelude.rnf source
+      `Prelude.seq` Prelude.rnf version
+
+instance Data.ToJSON Cvss where
+  toJSON Cvss' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Adjustments" Data..=) Prelude.<$> adjustments,
+            ("BaseScore" Data..=) Prelude.<$> baseScore,
+            ("BaseVector" Data..=) Prelude.<$> baseVector,
+            ("Source" Data..=) Prelude.<$> source,
+            ("Version" Data..=) Prelude.<$> version
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/DataClassificationDetails.hs b/gen/Amazonka/SecurityHub/Types/DataClassificationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/DataClassificationDetails.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.DataClassificationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.DataClassificationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.ClassificationResult
+
+-- | Provides details about sensitive data that was detected on a resource.
+--
+-- /See:/ 'newDataClassificationDetails' smart constructor.
+data DataClassificationDetails = DataClassificationDetails'
+  { -- | The path to the folder or file that contains the sensitive data.
+    detailedResultsLocation :: Prelude.Maybe Prelude.Text,
+    -- | The details about the sensitive data that was detected on the resource.
+    result :: Prelude.Maybe ClassificationResult
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DataClassificationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detailedResultsLocation', 'dataClassificationDetails_detailedResultsLocation' - The path to the folder or file that contains the sensitive data.
+--
+-- 'result', 'dataClassificationDetails_result' - The details about the sensitive data that was detected on the resource.
+newDataClassificationDetails ::
+  DataClassificationDetails
+newDataClassificationDetails =
+  DataClassificationDetails'
+    { detailedResultsLocation =
+        Prelude.Nothing,
+      result = Prelude.Nothing
+    }
+
+-- | The path to the folder or file that contains the sensitive data.
+dataClassificationDetails_detailedResultsLocation :: Lens.Lens' DataClassificationDetails (Prelude.Maybe Prelude.Text)
+dataClassificationDetails_detailedResultsLocation = Lens.lens (\DataClassificationDetails' {detailedResultsLocation} -> detailedResultsLocation) (\s@DataClassificationDetails' {} a -> s {detailedResultsLocation = a} :: DataClassificationDetails)
+
+-- | The details about the sensitive data that was detected on the resource.
+dataClassificationDetails_result :: Lens.Lens' DataClassificationDetails (Prelude.Maybe ClassificationResult)
+dataClassificationDetails_result = Lens.lens (\DataClassificationDetails' {result} -> result) (\s@DataClassificationDetails' {} a -> s {result = a} :: DataClassificationDetails)
+
+instance Data.FromJSON DataClassificationDetails where
+  parseJSON =
+    Data.withObject
+      "DataClassificationDetails"
+      ( \x ->
+          DataClassificationDetails'
+            Prelude.<$> (x Data..:? "DetailedResultsLocation")
+            Prelude.<*> (x Data..:? "Result")
+      )
+
+instance Prelude.Hashable DataClassificationDetails where
+  hashWithSalt _salt DataClassificationDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` detailedResultsLocation
+      `Prelude.hashWithSalt` result
+
+instance Prelude.NFData DataClassificationDetails where
+  rnf DataClassificationDetails' {..} =
+    Prelude.rnf detailedResultsLocation
+      `Prelude.seq` Prelude.rnf result
+
+instance Data.ToJSON DataClassificationDetails where
+  toJSON DataClassificationDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DetailedResultsLocation" Data..=)
+              Prelude.<$> detailedResultsLocation,
+            ("Result" Data..=) Prelude.<$> result
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/DateFilter.hs b/gen/Amazonka/SecurityHub/Types/DateFilter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/DateFilter.hs
@@ -0,0 +1,107 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.DateFilter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.DateFilter where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.DateRange
+
+-- | A date filter for querying findings.
+--
+-- /See:/ 'newDateFilter' smart constructor.
+data DateFilter = DateFilter'
+  { -- | A date range for the date filter.
+    dateRange :: Prelude.Maybe DateRange,
+    -- | An end date for the date filter.
+    end :: Prelude.Maybe Prelude.Text,
+    -- | A start date for the date filter.
+    start :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DateFilter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dateRange', 'dateFilter_dateRange' - A date range for the date filter.
+--
+-- 'end', 'dateFilter_end' - An end date for the date filter.
+--
+-- 'start', 'dateFilter_start' - A start date for the date filter.
+newDateFilter ::
+  DateFilter
+newDateFilter =
+  DateFilter'
+    { dateRange = Prelude.Nothing,
+      end = Prelude.Nothing,
+      start = Prelude.Nothing
+    }
+
+-- | A date range for the date filter.
+dateFilter_dateRange :: Lens.Lens' DateFilter (Prelude.Maybe DateRange)
+dateFilter_dateRange = Lens.lens (\DateFilter' {dateRange} -> dateRange) (\s@DateFilter' {} a -> s {dateRange = a} :: DateFilter)
+
+-- | An end date for the date filter.
+dateFilter_end :: Lens.Lens' DateFilter (Prelude.Maybe Prelude.Text)
+dateFilter_end = Lens.lens (\DateFilter' {end} -> end) (\s@DateFilter' {} a -> s {end = a} :: DateFilter)
+
+-- | A start date for the date filter.
+dateFilter_start :: Lens.Lens' DateFilter (Prelude.Maybe Prelude.Text)
+dateFilter_start = Lens.lens (\DateFilter' {start} -> start) (\s@DateFilter' {} a -> s {start = a} :: DateFilter)
+
+instance Data.FromJSON DateFilter where
+  parseJSON =
+    Data.withObject
+      "DateFilter"
+      ( \x ->
+          DateFilter'
+            Prelude.<$> (x Data..:? "DateRange")
+            Prelude.<*> (x Data..:? "End")
+            Prelude.<*> (x Data..:? "Start")
+      )
+
+instance Prelude.Hashable DateFilter where
+  hashWithSalt _salt DateFilter' {..} =
+    _salt
+      `Prelude.hashWithSalt` dateRange
+      `Prelude.hashWithSalt` end
+      `Prelude.hashWithSalt` start
+
+instance Prelude.NFData DateFilter where
+  rnf DateFilter' {..} =
+    Prelude.rnf dateRange
+      `Prelude.seq` Prelude.rnf end
+      `Prelude.seq` Prelude.rnf start
+
+instance Data.ToJSON DateFilter where
+  toJSON DateFilter' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DateRange" Data..=) Prelude.<$> dateRange,
+            ("End" Data..=) Prelude.<$> end,
+            ("Start" Data..=) Prelude.<$> start
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/DateRange.hs b/gen/Amazonka/SecurityHub/Types/DateRange.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/DateRange.hs
@@ -0,0 +1,93 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.DateRange
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.DateRange where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.DateRangeUnit
+
+-- | A date range for the date filter.
+--
+-- /See:/ 'newDateRange' smart constructor.
+data DateRange = DateRange'
+  { -- | A date range unit for the date filter.
+    unit :: Prelude.Maybe DateRangeUnit,
+    -- | A date range value for the date filter.
+    value :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DateRange' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'unit', 'dateRange_unit' - A date range unit for the date filter.
+--
+-- 'value', 'dateRange_value' - A date range value for the date filter.
+newDateRange ::
+  DateRange
+newDateRange =
+  DateRange'
+    { unit = Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | A date range unit for the date filter.
+dateRange_unit :: Lens.Lens' DateRange (Prelude.Maybe DateRangeUnit)
+dateRange_unit = Lens.lens (\DateRange' {unit} -> unit) (\s@DateRange' {} a -> s {unit = a} :: DateRange)
+
+-- | A date range value for the date filter.
+dateRange_value :: Lens.Lens' DateRange (Prelude.Maybe Prelude.Int)
+dateRange_value = Lens.lens (\DateRange' {value} -> value) (\s@DateRange' {} a -> s {value = a} :: DateRange)
+
+instance Data.FromJSON DateRange where
+  parseJSON =
+    Data.withObject
+      "DateRange"
+      ( \x ->
+          DateRange'
+            Prelude.<$> (x Data..:? "Unit")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance Prelude.Hashable DateRange where
+  hashWithSalt _salt DateRange' {..} =
+    _salt
+      `Prelude.hashWithSalt` unit
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData DateRange where
+  rnf DateRange' {..} =
+    Prelude.rnf unit `Prelude.seq` Prelude.rnf value
+
+instance Data.ToJSON DateRange where
+  toJSON DateRange' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Unit" Data..=) Prelude.<$> unit,
+            ("Value" Data..=) Prelude.<$> value
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/DateRangeUnit.hs b/gen/Amazonka/SecurityHub/Types/DateRangeUnit.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/DateRangeUnit.hs
@@ -0,0 +1,66 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.DateRangeUnit
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.DateRangeUnit
+  ( DateRangeUnit
+      ( ..,
+        DateRangeUnit_DAYS
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype DateRangeUnit = DateRangeUnit'
+  { fromDateRangeUnit ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern DateRangeUnit_DAYS :: DateRangeUnit
+pattern DateRangeUnit_DAYS = DateRangeUnit' "DAYS"
+
+{-# COMPLETE
+  DateRangeUnit_DAYS,
+  DateRangeUnit'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/DnsRequestAction.hs b/gen/Amazonka/SecurityHub/Types/DnsRequestAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/DnsRequestAction.hs
@@ -0,0 +1,107 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.DnsRequestAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.DnsRequestAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provided if @ActionType@ is @DNS_REQUEST@. It provides details about the
+-- DNS request that was detected.
+--
+-- /See:/ 'newDnsRequestAction' smart constructor.
+data DnsRequestAction = DnsRequestAction'
+  { -- | Indicates whether the DNS request was blocked.
+    blocked :: Prelude.Maybe Prelude.Bool,
+    -- | The DNS domain that is associated with the DNS request.
+    domain :: Prelude.Maybe Prelude.Text,
+    -- | The protocol that was used for the DNS request.
+    protocol :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DnsRequestAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'blocked', 'dnsRequestAction_blocked' - Indicates whether the DNS request was blocked.
+--
+-- 'domain', 'dnsRequestAction_domain' - The DNS domain that is associated with the DNS request.
+--
+-- 'protocol', 'dnsRequestAction_protocol' - The protocol that was used for the DNS request.
+newDnsRequestAction ::
+  DnsRequestAction
+newDnsRequestAction =
+  DnsRequestAction'
+    { blocked = Prelude.Nothing,
+      domain = Prelude.Nothing,
+      protocol = Prelude.Nothing
+    }
+
+-- | Indicates whether the DNS request was blocked.
+dnsRequestAction_blocked :: Lens.Lens' DnsRequestAction (Prelude.Maybe Prelude.Bool)
+dnsRequestAction_blocked = Lens.lens (\DnsRequestAction' {blocked} -> blocked) (\s@DnsRequestAction' {} a -> s {blocked = a} :: DnsRequestAction)
+
+-- | The DNS domain that is associated with the DNS request.
+dnsRequestAction_domain :: Lens.Lens' DnsRequestAction (Prelude.Maybe Prelude.Text)
+dnsRequestAction_domain = Lens.lens (\DnsRequestAction' {domain} -> domain) (\s@DnsRequestAction' {} a -> s {domain = a} :: DnsRequestAction)
+
+-- | The protocol that was used for the DNS request.
+dnsRequestAction_protocol :: Lens.Lens' DnsRequestAction (Prelude.Maybe Prelude.Text)
+dnsRequestAction_protocol = Lens.lens (\DnsRequestAction' {protocol} -> protocol) (\s@DnsRequestAction' {} a -> s {protocol = a} :: DnsRequestAction)
+
+instance Data.FromJSON DnsRequestAction where
+  parseJSON =
+    Data.withObject
+      "DnsRequestAction"
+      ( \x ->
+          DnsRequestAction'
+            Prelude.<$> (x Data..:? "Blocked")
+            Prelude.<*> (x Data..:? "Domain")
+            Prelude.<*> (x Data..:? "Protocol")
+      )
+
+instance Prelude.Hashable DnsRequestAction where
+  hashWithSalt _salt DnsRequestAction' {..} =
+    _salt
+      `Prelude.hashWithSalt` blocked
+      `Prelude.hashWithSalt` domain
+      `Prelude.hashWithSalt` protocol
+
+instance Prelude.NFData DnsRequestAction where
+  rnf DnsRequestAction' {..} =
+    Prelude.rnf blocked
+      `Prelude.seq` Prelude.rnf domain
+      `Prelude.seq` Prelude.rnf protocol
+
+instance Data.ToJSON DnsRequestAction where
+  toJSON DnsRequestAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Blocked" Data..=) Prelude.<$> blocked,
+            ("Domain" Data..=) Prelude.<$> domain,
+            ("Protocol" Data..=) Prelude.<$> protocol
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/FilePaths.hs b/gen/Amazonka/SecurityHub/Types/FilePaths.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/FilePaths.hs
@@ -0,0 +1,126 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.FilePaths
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.FilePaths where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about the file paths that were affected by the
+-- threat.
+--
+-- /See:/ 'newFilePaths' smart constructor.
+data FilePaths = FilePaths'
+  { -- | The name of the infected or suspicious file corresponding to the hash.
+    fileName :: Prelude.Maybe Prelude.Text,
+    -- | Path to the infected or suspicious file on the resource it was detected
+    -- on.
+    filePath :: Prelude.Maybe Prelude.Text,
+    -- | The hash value for the infected or suspicious file.
+    hash :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of the resource on which the threat was
+    -- detected.
+    resourceId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FilePaths' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'fileName', 'filePaths_fileName' - The name of the infected or suspicious file corresponding to the hash.
+--
+-- 'filePath', 'filePaths_filePath' - Path to the infected or suspicious file on the resource it was detected
+-- on.
+--
+-- 'hash', 'filePaths_hash' - The hash value for the infected or suspicious file.
+--
+-- 'resourceId', 'filePaths_resourceId' - The Amazon Resource Name (ARN) of the resource on which the threat was
+-- detected.
+newFilePaths ::
+  FilePaths
+newFilePaths =
+  FilePaths'
+    { fileName = Prelude.Nothing,
+      filePath = Prelude.Nothing,
+      hash = Prelude.Nothing,
+      resourceId = Prelude.Nothing
+    }
+
+-- | The name of the infected or suspicious file corresponding to the hash.
+filePaths_fileName :: Lens.Lens' FilePaths (Prelude.Maybe Prelude.Text)
+filePaths_fileName = Lens.lens (\FilePaths' {fileName} -> fileName) (\s@FilePaths' {} a -> s {fileName = a} :: FilePaths)
+
+-- | Path to the infected or suspicious file on the resource it was detected
+-- on.
+filePaths_filePath :: Lens.Lens' FilePaths (Prelude.Maybe Prelude.Text)
+filePaths_filePath = Lens.lens (\FilePaths' {filePath} -> filePath) (\s@FilePaths' {} a -> s {filePath = a} :: FilePaths)
+
+-- | The hash value for the infected or suspicious file.
+filePaths_hash :: Lens.Lens' FilePaths (Prelude.Maybe Prelude.Text)
+filePaths_hash = Lens.lens (\FilePaths' {hash} -> hash) (\s@FilePaths' {} a -> s {hash = a} :: FilePaths)
+
+-- | The Amazon Resource Name (ARN) of the resource on which the threat was
+-- detected.
+filePaths_resourceId :: Lens.Lens' FilePaths (Prelude.Maybe Prelude.Text)
+filePaths_resourceId = Lens.lens (\FilePaths' {resourceId} -> resourceId) (\s@FilePaths' {} a -> s {resourceId = a} :: FilePaths)
+
+instance Data.FromJSON FilePaths where
+  parseJSON =
+    Data.withObject
+      "FilePaths"
+      ( \x ->
+          FilePaths'
+            Prelude.<$> (x Data..:? "FileName")
+            Prelude.<*> (x Data..:? "FilePath")
+            Prelude.<*> (x Data..:? "Hash")
+            Prelude.<*> (x Data..:? "ResourceId")
+      )
+
+instance Prelude.Hashable FilePaths where
+  hashWithSalt _salt FilePaths' {..} =
+    _salt
+      `Prelude.hashWithSalt` fileName
+      `Prelude.hashWithSalt` filePath
+      `Prelude.hashWithSalt` hash
+      `Prelude.hashWithSalt` resourceId
+
+instance Prelude.NFData FilePaths where
+  rnf FilePaths' {..} =
+    Prelude.rnf fileName
+      `Prelude.seq` Prelude.rnf filePath
+      `Prelude.seq` Prelude.rnf hash
+      `Prelude.seq` Prelude.rnf resourceId
+
+instance Data.ToJSON FilePaths where
+  toJSON FilePaths' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("FileName" Data..=) Prelude.<$> fileName,
+            ("FilePath" Data..=) Prelude.<$> filePath,
+            ("Hash" Data..=) Prelude.<$> hash,
+            ("ResourceId" Data..=) Prelude.<$> resourceId
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/FindingAggregator.hs b/gen/Amazonka/SecurityHub/Types/FindingAggregator.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/FindingAggregator.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.FindingAggregator
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.FindingAggregator where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A finding aggregator. A finding aggregator contains the configuration
+-- for finding aggregation.
+--
+-- /See:/ 'newFindingAggregator' smart constructor.
+data FindingAggregator = FindingAggregator'
+  { -- | The ARN of the finding aggregator. You use the finding aggregator ARN to
+    -- retrieve details for, update, and delete the finding aggregator.
+    findingAggregatorArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FindingAggregator' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'findingAggregatorArn', 'findingAggregator_findingAggregatorArn' - The ARN of the finding aggregator. You use the finding aggregator ARN to
+-- retrieve details for, update, and delete the finding aggregator.
+newFindingAggregator ::
+  FindingAggregator
+newFindingAggregator =
+  FindingAggregator'
+    { findingAggregatorArn =
+        Prelude.Nothing
+    }
+
+-- | The ARN of the finding aggregator. You use the finding aggregator ARN to
+-- retrieve details for, update, and delete the finding aggregator.
+findingAggregator_findingAggregatorArn :: Lens.Lens' FindingAggregator (Prelude.Maybe Prelude.Text)
+findingAggregator_findingAggregatorArn = Lens.lens (\FindingAggregator' {findingAggregatorArn} -> findingAggregatorArn) (\s@FindingAggregator' {} a -> s {findingAggregatorArn = a} :: FindingAggregator)
+
+instance Data.FromJSON FindingAggregator where
+  parseJSON =
+    Data.withObject
+      "FindingAggregator"
+      ( \x ->
+          FindingAggregator'
+            Prelude.<$> (x Data..:? "FindingAggregatorArn")
+      )
+
+instance Prelude.Hashable FindingAggregator where
+  hashWithSalt _salt FindingAggregator' {..} =
+    _salt `Prelude.hashWithSalt` findingAggregatorArn
+
+instance Prelude.NFData FindingAggregator where
+  rnf FindingAggregator' {..} =
+    Prelude.rnf findingAggregatorArn
diff --git a/gen/Amazonka/SecurityHub/Types/FindingProviderFields.hs b/gen/Amazonka/SecurityHub/Types/FindingProviderFields.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/FindingProviderFields.hs
@@ -0,0 +1,180 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.FindingProviderFields
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.FindingProviderFields where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.FindingProviderSeverity
+import Amazonka.SecurityHub.Types.RelatedFinding
+
+-- | In a @BatchImportFindings@ request, finding providers use
+-- @FindingProviderFields@ to provide and update values for confidence,
+-- criticality, related findings, severity, and types.
+--
+-- /See:/ 'newFindingProviderFields' smart constructor.
+data FindingProviderFields = FindingProviderFields'
+  { -- | A finding\'s confidence. Confidence is defined as the likelihood that a
+    -- finding accurately identifies the behavior or issue that it was intended
+    -- to identify.
+    --
+    -- Confidence is scored on a 0-100 basis using a ratio scale, where 0 means
+    -- zero percent confidence and 100 means 100 percent confidence.
+    confidence :: Prelude.Maybe Prelude.Natural,
+    -- | The level of importance assigned to the resources associated with the
+    -- finding.
+    --
+    -- A score of 0 means that the underlying resources have no criticality,
+    -- and a score of 100 is reserved for the most critical resources.
+    criticality :: Prelude.Maybe Prelude.Natural,
+    -- | A list of findings that are related to the current finding.
+    relatedFindings :: Prelude.Maybe [RelatedFinding],
+    -- | The severity of a finding.
+    severity :: Prelude.Maybe FindingProviderSeverity,
+    -- | One or more finding types in the format of
+    -- @namespace\/category\/classifier@ that classify a finding.
+    --
+    -- Valid namespace values are: Software and Configuration Checks | TTPs |
+    -- Effects | Unusual Behaviors | Sensitive Data Identifications
+    types :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FindingProviderFields' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'confidence', 'findingProviderFields_confidence' - A finding\'s confidence. Confidence is defined as the likelihood that a
+-- finding accurately identifies the behavior or issue that it was intended
+-- to identify.
+--
+-- Confidence is scored on a 0-100 basis using a ratio scale, where 0 means
+-- zero percent confidence and 100 means 100 percent confidence.
+--
+-- 'criticality', 'findingProviderFields_criticality' - The level of importance assigned to the resources associated with the
+-- finding.
+--
+-- A score of 0 means that the underlying resources have no criticality,
+-- and a score of 100 is reserved for the most critical resources.
+--
+-- 'relatedFindings', 'findingProviderFields_relatedFindings' - A list of findings that are related to the current finding.
+--
+-- 'severity', 'findingProviderFields_severity' - The severity of a finding.
+--
+-- 'types', 'findingProviderFields_types' - One or more finding types in the format of
+-- @namespace\/category\/classifier@ that classify a finding.
+--
+-- Valid namespace values are: Software and Configuration Checks | TTPs |
+-- Effects | Unusual Behaviors | Sensitive Data Identifications
+newFindingProviderFields ::
+  FindingProviderFields
+newFindingProviderFields =
+  FindingProviderFields'
+    { confidence =
+        Prelude.Nothing,
+      criticality = Prelude.Nothing,
+      relatedFindings = Prelude.Nothing,
+      severity = Prelude.Nothing,
+      types = Prelude.Nothing
+    }
+
+-- | A finding\'s confidence. Confidence is defined as the likelihood that a
+-- finding accurately identifies the behavior or issue that it was intended
+-- to identify.
+--
+-- Confidence is scored on a 0-100 basis using a ratio scale, where 0 means
+-- zero percent confidence and 100 means 100 percent confidence.
+findingProviderFields_confidence :: Lens.Lens' FindingProviderFields (Prelude.Maybe Prelude.Natural)
+findingProviderFields_confidence = Lens.lens (\FindingProviderFields' {confidence} -> confidence) (\s@FindingProviderFields' {} a -> s {confidence = a} :: FindingProviderFields)
+
+-- | The level of importance assigned to the resources associated with the
+-- finding.
+--
+-- A score of 0 means that the underlying resources have no criticality,
+-- and a score of 100 is reserved for the most critical resources.
+findingProviderFields_criticality :: Lens.Lens' FindingProviderFields (Prelude.Maybe Prelude.Natural)
+findingProviderFields_criticality = Lens.lens (\FindingProviderFields' {criticality} -> criticality) (\s@FindingProviderFields' {} a -> s {criticality = a} :: FindingProviderFields)
+
+-- | A list of findings that are related to the current finding.
+findingProviderFields_relatedFindings :: Lens.Lens' FindingProviderFields (Prelude.Maybe [RelatedFinding])
+findingProviderFields_relatedFindings = Lens.lens (\FindingProviderFields' {relatedFindings} -> relatedFindings) (\s@FindingProviderFields' {} a -> s {relatedFindings = a} :: FindingProviderFields) Prelude.. Lens.mapping Lens.coerced
+
+-- | The severity of a finding.
+findingProviderFields_severity :: Lens.Lens' FindingProviderFields (Prelude.Maybe FindingProviderSeverity)
+findingProviderFields_severity = Lens.lens (\FindingProviderFields' {severity} -> severity) (\s@FindingProviderFields' {} a -> s {severity = a} :: FindingProviderFields)
+
+-- | One or more finding types in the format of
+-- @namespace\/category\/classifier@ that classify a finding.
+--
+-- Valid namespace values are: Software and Configuration Checks | TTPs |
+-- Effects | Unusual Behaviors | Sensitive Data Identifications
+findingProviderFields_types :: Lens.Lens' FindingProviderFields (Prelude.Maybe [Prelude.Text])
+findingProviderFields_types = Lens.lens (\FindingProviderFields' {types} -> types) (\s@FindingProviderFields' {} a -> s {types = a} :: FindingProviderFields) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON FindingProviderFields where
+  parseJSON =
+    Data.withObject
+      "FindingProviderFields"
+      ( \x ->
+          FindingProviderFields'
+            Prelude.<$> (x Data..:? "Confidence")
+            Prelude.<*> (x Data..:? "Criticality")
+            Prelude.<*> ( x
+                            Data..:? "RelatedFindings"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Severity")
+            Prelude.<*> (x Data..:? "Types" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable FindingProviderFields where
+  hashWithSalt _salt FindingProviderFields' {..} =
+    _salt
+      `Prelude.hashWithSalt` confidence
+      `Prelude.hashWithSalt` criticality
+      `Prelude.hashWithSalt` relatedFindings
+      `Prelude.hashWithSalt` severity
+      `Prelude.hashWithSalt` types
+
+instance Prelude.NFData FindingProviderFields where
+  rnf FindingProviderFields' {..} =
+    Prelude.rnf confidence
+      `Prelude.seq` Prelude.rnf criticality
+      `Prelude.seq` Prelude.rnf relatedFindings
+      `Prelude.seq` Prelude.rnf severity
+      `Prelude.seq` Prelude.rnf types
+
+instance Data.ToJSON FindingProviderFields where
+  toJSON FindingProviderFields' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Confidence" Data..=) Prelude.<$> confidence,
+            ("Criticality" Data..=) Prelude.<$> criticality,
+            ("RelatedFindings" Data..=)
+              Prelude.<$> relatedFindings,
+            ("Severity" Data..=) Prelude.<$> severity,
+            ("Types" Data..=) Prelude.<$> types
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/FindingProviderSeverity.hs b/gen/Amazonka/SecurityHub/Types/FindingProviderSeverity.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/FindingProviderSeverity.hs
@@ -0,0 +1,94 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.FindingProviderSeverity
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.FindingProviderSeverity where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.SeverityLabel
+
+-- | The severity assigned to the finding by the finding provider.
+--
+-- /See:/ 'newFindingProviderSeverity' smart constructor.
+data FindingProviderSeverity = FindingProviderSeverity'
+  { -- | The severity label assigned to the finding by the finding provider.
+    label :: Prelude.Maybe SeverityLabel,
+    -- | The finding provider\'s original value for the severity.
+    original :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FindingProviderSeverity' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'label', 'findingProviderSeverity_label' - The severity label assigned to the finding by the finding provider.
+--
+-- 'original', 'findingProviderSeverity_original' - The finding provider\'s original value for the severity.
+newFindingProviderSeverity ::
+  FindingProviderSeverity
+newFindingProviderSeverity =
+  FindingProviderSeverity'
+    { label = Prelude.Nothing,
+      original = Prelude.Nothing
+    }
+
+-- | The severity label assigned to the finding by the finding provider.
+findingProviderSeverity_label :: Lens.Lens' FindingProviderSeverity (Prelude.Maybe SeverityLabel)
+findingProviderSeverity_label = Lens.lens (\FindingProviderSeverity' {label} -> label) (\s@FindingProviderSeverity' {} a -> s {label = a} :: FindingProviderSeverity)
+
+-- | The finding provider\'s original value for the severity.
+findingProviderSeverity_original :: Lens.Lens' FindingProviderSeverity (Prelude.Maybe Prelude.Text)
+findingProviderSeverity_original = Lens.lens (\FindingProviderSeverity' {original} -> original) (\s@FindingProviderSeverity' {} a -> s {original = a} :: FindingProviderSeverity)
+
+instance Data.FromJSON FindingProviderSeverity where
+  parseJSON =
+    Data.withObject
+      "FindingProviderSeverity"
+      ( \x ->
+          FindingProviderSeverity'
+            Prelude.<$> (x Data..:? "Label")
+            Prelude.<*> (x Data..:? "Original")
+      )
+
+instance Prelude.Hashable FindingProviderSeverity where
+  hashWithSalt _salt FindingProviderSeverity' {..} =
+    _salt
+      `Prelude.hashWithSalt` label
+      `Prelude.hashWithSalt` original
+
+instance Prelude.NFData FindingProviderSeverity where
+  rnf FindingProviderSeverity' {..} =
+    Prelude.rnf label
+      `Prelude.seq` Prelude.rnf original
+
+instance Data.ToJSON FindingProviderSeverity where
+  toJSON FindingProviderSeverity' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Label" Data..=) Prelude.<$> label,
+            ("Original" Data..=) Prelude.<$> original
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/FirewallPolicyDetails.hs b/gen/Amazonka/SecurityHub/Types/FirewallPolicyDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/FirewallPolicyDetails.hs
@@ -0,0 +1,189 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.FirewallPolicyDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.FirewallPolicyDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.FirewallPolicyStatefulRuleGroupReferencesDetails
+import Amazonka.SecurityHub.Types.FirewallPolicyStatelessCustomActionsDetails
+import Amazonka.SecurityHub.Types.FirewallPolicyStatelessRuleGroupReferencesDetails
+
+-- | Defines the behavior of the firewall.
+--
+-- /See:/ 'newFirewallPolicyDetails' smart constructor.
+data FirewallPolicyDetails = FirewallPolicyDetails'
+  { -- | The stateful rule groups that are used in the firewall policy.
+    statefulRuleGroupReferences :: Prelude.Maybe [FirewallPolicyStatefulRuleGroupReferencesDetails],
+    -- | The custom action definitions that are available to use in the firewall
+    -- policy\'s @StatelessDefaultActions@ setting.
+    statelessCustomActions :: Prelude.Maybe [FirewallPolicyStatelessCustomActionsDetails],
+    -- | The actions to take on a packet if it doesn\'t match any of the
+    -- stateless rules in the policy.
+    --
+    -- You must specify a standard action (@aws:pass@, @aws:drop@,
+    -- @aws:forward_to_sfe@), and can optionally include a custom action from
+    -- @StatelessCustomActions@.
+    statelessDefaultActions :: Prelude.Maybe [Prelude.Text],
+    -- | The actions to take on a fragmented UDP packet if it doesn\'t match any
+    -- of the stateless rules in the policy.
+    --
+    -- You must specify a standard action (@aws:pass@, @aws:drop@,
+    -- @aws:forward_to_sfe@), and can optionally include a custom action from
+    -- @StatelessCustomActions@.
+    statelessFragmentDefaultActions :: Prelude.Maybe [Prelude.Text],
+    -- | The stateless rule groups that are used in the firewall policy.
+    statelessRuleGroupReferences :: Prelude.Maybe [FirewallPolicyStatelessRuleGroupReferencesDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FirewallPolicyDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'statefulRuleGroupReferences', 'firewallPolicyDetails_statefulRuleGroupReferences' - The stateful rule groups that are used in the firewall policy.
+--
+-- 'statelessCustomActions', 'firewallPolicyDetails_statelessCustomActions' - The custom action definitions that are available to use in the firewall
+-- policy\'s @StatelessDefaultActions@ setting.
+--
+-- 'statelessDefaultActions', 'firewallPolicyDetails_statelessDefaultActions' - The actions to take on a packet if it doesn\'t match any of the
+-- stateless rules in the policy.
+--
+-- You must specify a standard action (@aws:pass@, @aws:drop@,
+-- @aws:forward_to_sfe@), and can optionally include a custom action from
+-- @StatelessCustomActions@.
+--
+-- 'statelessFragmentDefaultActions', 'firewallPolicyDetails_statelessFragmentDefaultActions' - The actions to take on a fragmented UDP packet if it doesn\'t match any
+-- of the stateless rules in the policy.
+--
+-- You must specify a standard action (@aws:pass@, @aws:drop@,
+-- @aws:forward_to_sfe@), and can optionally include a custom action from
+-- @StatelessCustomActions@.
+--
+-- 'statelessRuleGroupReferences', 'firewallPolicyDetails_statelessRuleGroupReferences' - The stateless rule groups that are used in the firewall policy.
+newFirewallPolicyDetails ::
+  FirewallPolicyDetails
+newFirewallPolicyDetails =
+  FirewallPolicyDetails'
+    { statefulRuleGroupReferences =
+        Prelude.Nothing,
+      statelessCustomActions = Prelude.Nothing,
+      statelessDefaultActions = Prelude.Nothing,
+      statelessFragmentDefaultActions = Prelude.Nothing,
+      statelessRuleGroupReferences = Prelude.Nothing
+    }
+
+-- | The stateful rule groups that are used in the firewall policy.
+firewallPolicyDetails_statefulRuleGroupReferences :: Lens.Lens' FirewallPolicyDetails (Prelude.Maybe [FirewallPolicyStatefulRuleGroupReferencesDetails])
+firewallPolicyDetails_statefulRuleGroupReferences = Lens.lens (\FirewallPolicyDetails' {statefulRuleGroupReferences} -> statefulRuleGroupReferences) (\s@FirewallPolicyDetails' {} a -> s {statefulRuleGroupReferences = a} :: FirewallPolicyDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The custom action definitions that are available to use in the firewall
+-- policy\'s @StatelessDefaultActions@ setting.
+firewallPolicyDetails_statelessCustomActions :: Lens.Lens' FirewallPolicyDetails (Prelude.Maybe [FirewallPolicyStatelessCustomActionsDetails])
+firewallPolicyDetails_statelessCustomActions = Lens.lens (\FirewallPolicyDetails' {statelessCustomActions} -> statelessCustomActions) (\s@FirewallPolicyDetails' {} a -> s {statelessCustomActions = a} :: FirewallPolicyDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The actions to take on a packet if it doesn\'t match any of the
+-- stateless rules in the policy.
+--
+-- You must specify a standard action (@aws:pass@, @aws:drop@,
+-- @aws:forward_to_sfe@), and can optionally include a custom action from
+-- @StatelessCustomActions@.
+firewallPolicyDetails_statelessDefaultActions :: Lens.Lens' FirewallPolicyDetails (Prelude.Maybe [Prelude.Text])
+firewallPolicyDetails_statelessDefaultActions = Lens.lens (\FirewallPolicyDetails' {statelessDefaultActions} -> statelessDefaultActions) (\s@FirewallPolicyDetails' {} a -> s {statelessDefaultActions = a} :: FirewallPolicyDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The actions to take on a fragmented UDP packet if it doesn\'t match any
+-- of the stateless rules in the policy.
+--
+-- You must specify a standard action (@aws:pass@, @aws:drop@,
+-- @aws:forward_to_sfe@), and can optionally include a custom action from
+-- @StatelessCustomActions@.
+firewallPolicyDetails_statelessFragmentDefaultActions :: Lens.Lens' FirewallPolicyDetails (Prelude.Maybe [Prelude.Text])
+firewallPolicyDetails_statelessFragmentDefaultActions = Lens.lens (\FirewallPolicyDetails' {statelessFragmentDefaultActions} -> statelessFragmentDefaultActions) (\s@FirewallPolicyDetails' {} a -> s {statelessFragmentDefaultActions = a} :: FirewallPolicyDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The stateless rule groups that are used in the firewall policy.
+firewallPolicyDetails_statelessRuleGroupReferences :: Lens.Lens' FirewallPolicyDetails (Prelude.Maybe [FirewallPolicyStatelessRuleGroupReferencesDetails])
+firewallPolicyDetails_statelessRuleGroupReferences = Lens.lens (\FirewallPolicyDetails' {statelessRuleGroupReferences} -> statelessRuleGroupReferences) (\s@FirewallPolicyDetails' {} a -> s {statelessRuleGroupReferences = a} :: FirewallPolicyDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON FirewallPolicyDetails where
+  parseJSON =
+    Data.withObject
+      "FirewallPolicyDetails"
+      ( \x ->
+          FirewallPolicyDetails'
+            Prelude.<$> ( x
+                            Data..:? "StatefulRuleGroupReferences"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "StatelessCustomActions"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "StatelessDefaultActions"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "StatelessFragmentDefaultActions"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "StatelessRuleGroupReferences"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable FirewallPolicyDetails where
+  hashWithSalt _salt FirewallPolicyDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` statefulRuleGroupReferences
+      `Prelude.hashWithSalt` statelessCustomActions
+      `Prelude.hashWithSalt` statelessDefaultActions
+      `Prelude.hashWithSalt` statelessFragmentDefaultActions
+      `Prelude.hashWithSalt` statelessRuleGroupReferences
+
+instance Prelude.NFData FirewallPolicyDetails where
+  rnf FirewallPolicyDetails' {..} =
+    Prelude.rnf statefulRuleGroupReferences
+      `Prelude.seq` Prelude.rnf statelessCustomActions
+      `Prelude.seq` Prelude.rnf statelessDefaultActions
+      `Prelude.seq` Prelude.rnf statelessFragmentDefaultActions
+      `Prelude.seq` Prelude.rnf statelessRuleGroupReferences
+
+instance Data.ToJSON FirewallPolicyDetails where
+  toJSON FirewallPolicyDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("StatefulRuleGroupReferences" Data..=)
+              Prelude.<$> statefulRuleGroupReferences,
+            ("StatelessCustomActions" Data..=)
+              Prelude.<$> statelessCustomActions,
+            ("StatelessDefaultActions" Data..=)
+              Prelude.<$> statelessDefaultActions,
+            ("StatelessFragmentDefaultActions" Data..=)
+              Prelude.<$> statelessFragmentDefaultActions,
+            ("StatelessRuleGroupReferences" Data..=)
+              Prelude.<$> statelessRuleGroupReferences
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/FirewallPolicyStatefulRuleGroupReferencesDetails.hs b/gen/Amazonka/SecurityHub/Types/FirewallPolicyStatefulRuleGroupReferencesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/FirewallPolicyStatefulRuleGroupReferencesDetails.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.FirewallPolicyStatefulRuleGroupReferencesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.FirewallPolicyStatefulRuleGroupReferencesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A stateful rule group that is used by the firewall policy.
+--
+-- /See:/ 'newFirewallPolicyStatefulRuleGroupReferencesDetails' smart constructor.
+data FirewallPolicyStatefulRuleGroupReferencesDetails = FirewallPolicyStatefulRuleGroupReferencesDetails'
+  { -- | The ARN of the stateful rule group.
+    resourceArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FirewallPolicyStatefulRuleGroupReferencesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'firewallPolicyStatefulRuleGroupReferencesDetails_resourceArn' - The ARN of the stateful rule group.
+newFirewallPolicyStatefulRuleGroupReferencesDetails ::
+  FirewallPolicyStatefulRuleGroupReferencesDetails
+newFirewallPolicyStatefulRuleGroupReferencesDetails =
+  FirewallPolicyStatefulRuleGroupReferencesDetails'
+    { resourceArn =
+        Prelude.Nothing
+    }
+
+-- | The ARN of the stateful rule group.
+firewallPolicyStatefulRuleGroupReferencesDetails_resourceArn :: Lens.Lens' FirewallPolicyStatefulRuleGroupReferencesDetails (Prelude.Maybe Prelude.Text)
+firewallPolicyStatefulRuleGroupReferencesDetails_resourceArn = Lens.lens (\FirewallPolicyStatefulRuleGroupReferencesDetails' {resourceArn} -> resourceArn) (\s@FirewallPolicyStatefulRuleGroupReferencesDetails' {} a -> s {resourceArn = a} :: FirewallPolicyStatefulRuleGroupReferencesDetails)
+
+instance
+  Data.FromJSON
+    FirewallPolicyStatefulRuleGroupReferencesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "FirewallPolicyStatefulRuleGroupReferencesDetails"
+      ( \x ->
+          FirewallPolicyStatefulRuleGroupReferencesDetails'
+            Prelude.<$> (x Data..:? "ResourceArn")
+      )
+
+instance
+  Prelude.Hashable
+    FirewallPolicyStatefulRuleGroupReferencesDetails
+  where
+  hashWithSalt
+    _salt
+    FirewallPolicyStatefulRuleGroupReferencesDetails' {..} =
+      _salt `Prelude.hashWithSalt` resourceArn
+
+instance
+  Prelude.NFData
+    FirewallPolicyStatefulRuleGroupReferencesDetails
+  where
+  rnf
+    FirewallPolicyStatefulRuleGroupReferencesDetails' {..} =
+      Prelude.rnf resourceArn
+
+instance
+  Data.ToJSON
+    FirewallPolicyStatefulRuleGroupReferencesDetails
+  where
+  toJSON
+    FirewallPolicyStatefulRuleGroupReferencesDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("ResourceArn" Data..=) Prelude.<$> resourceArn]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/FirewallPolicyStatelessCustomActionsDetails.hs b/gen/Amazonka/SecurityHub/Types/FirewallPolicyStatelessCustomActionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/FirewallPolicyStatelessCustomActionsDetails.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.FirewallPolicyStatelessCustomActionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.FirewallPolicyStatelessCustomActionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.StatelessCustomActionDefinition
+
+-- | A custom action that can be used for stateless packet handling.
+--
+-- /See:/ 'newFirewallPolicyStatelessCustomActionsDetails' smart constructor.
+data FirewallPolicyStatelessCustomActionsDetails = FirewallPolicyStatelessCustomActionsDetails'
+  { -- | The definition of the custom action.
+    actionDefinition :: Prelude.Maybe StatelessCustomActionDefinition,
+    -- | The name of the custom action.
+    actionName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FirewallPolicyStatelessCustomActionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'actionDefinition', 'firewallPolicyStatelessCustomActionsDetails_actionDefinition' - The definition of the custom action.
+--
+-- 'actionName', 'firewallPolicyStatelessCustomActionsDetails_actionName' - The name of the custom action.
+newFirewallPolicyStatelessCustomActionsDetails ::
+  FirewallPolicyStatelessCustomActionsDetails
+newFirewallPolicyStatelessCustomActionsDetails =
+  FirewallPolicyStatelessCustomActionsDetails'
+    { actionDefinition =
+        Prelude.Nothing,
+      actionName = Prelude.Nothing
+    }
+
+-- | The definition of the custom action.
+firewallPolicyStatelessCustomActionsDetails_actionDefinition :: Lens.Lens' FirewallPolicyStatelessCustomActionsDetails (Prelude.Maybe StatelessCustomActionDefinition)
+firewallPolicyStatelessCustomActionsDetails_actionDefinition = Lens.lens (\FirewallPolicyStatelessCustomActionsDetails' {actionDefinition} -> actionDefinition) (\s@FirewallPolicyStatelessCustomActionsDetails' {} a -> s {actionDefinition = a} :: FirewallPolicyStatelessCustomActionsDetails)
+
+-- | The name of the custom action.
+firewallPolicyStatelessCustomActionsDetails_actionName :: Lens.Lens' FirewallPolicyStatelessCustomActionsDetails (Prelude.Maybe Prelude.Text)
+firewallPolicyStatelessCustomActionsDetails_actionName = Lens.lens (\FirewallPolicyStatelessCustomActionsDetails' {actionName} -> actionName) (\s@FirewallPolicyStatelessCustomActionsDetails' {} a -> s {actionName = a} :: FirewallPolicyStatelessCustomActionsDetails)
+
+instance
+  Data.FromJSON
+    FirewallPolicyStatelessCustomActionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "FirewallPolicyStatelessCustomActionsDetails"
+      ( \x ->
+          FirewallPolicyStatelessCustomActionsDetails'
+            Prelude.<$> (x Data..:? "ActionDefinition")
+            Prelude.<*> (x Data..:? "ActionName")
+      )
+
+instance
+  Prelude.Hashable
+    FirewallPolicyStatelessCustomActionsDetails
+  where
+  hashWithSalt
+    _salt
+    FirewallPolicyStatelessCustomActionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` actionDefinition
+        `Prelude.hashWithSalt` actionName
+
+instance
+  Prelude.NFData
+    FirewallPolicyStatelessCustomActionsDetails
+  where
+  rnf FirewallPolicyStatelessCustomActionsDetails' {..} =
+    Prelude.rnf actionDefinition
+      `Prelude.seq` Prelude.rnf actionName
+
+instance
+  Data.ToJSON
+    FirewallPolicyStatelessCustomActionsDetails
+  where
+  toJSON
+    FirewallPolicyStatelessCustomActionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("ActionDefinition" Data..=)
+                Prelude.<$> actionDefinition,
+              ("ActionName" Data..=) Prelude.<$> actionName
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/FirewallPolicyStatelessRuleGroupReferencesDetails.hs b/gen/Amazonka/SecurityHub/Types/FirewallPolicyStatelessRuleGroupReferencesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/FirewallPolicyStatelessRuleGroupReferencesDetails.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.FirewallPolicyStatelessRuleGroupReferencesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.FirewallPolicyStatelessRuleGroupReferencesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A stateless rule group that is used by the firewall policy.
+--
+-- /See:/ 'newFirewallPolicyStatelessRuleGroupReferencesDetails' smart constructor.
+data FirewallPolicyStatelessRuleGroupReferencesDetails = FirewallPolicyStatelessRuleGroupReferencesDetails'
+  { -- | The order in which to run the stateless rule group.
+    priority :: Prelude.Maybe Prelude.Int,
+    -- | The ARN of the stateless rule group.
+    resourceArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FirewallPolicyStatelessRuleGroupReferencesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'priority', 'firewallPolicyStatelessRuleGroupReferencesDetails_priority' - The order in which to run the stateless rule group.
+--
+-- 'resourceArn', 'firewallPolicyStatelessRuleGroupReferencesDetails_resourceArn' - The ARN of the stateless rule group.
+newFirewallPolicyStatelessRuleGroupReferencesDetails ::
+  FirewallPolicyStatelessRuleGroupReferencesDetails
+newFirewallPolicyStatelessRuleGroupReferencesDetails =
+  FirewallPolicyStatelessRuleGroupReferencesDetails'
+    { priority =
+        Prelude.Nothing,
+      resourceArn =
+        Prelude.Nothing
+    }
+
+-- | The order in which to run the stateless rule group.
+firewallPolicyStatelessRuleGroupReferencesDetails_priority :: Lens.Lens' FirewallPolicyStatelessRuleGroupReferencesDetails (Prelude.Maybe Prelude.Int)
+firewallPolicyStatelessRuleGroupReferencesDetails_priority = Lens.lens (\FirewallPolicyStatelessRuleGroupReferencesDetails' {priority} -> priority) (\s@FirewallPolicyStatelessRuleGroupReferencesDetails' {} a -> s {priority = a} :: FirewallPolicyStatelessRuleGroupReferencesDetails)
+
+-- | The ARN of the stateless rule group.
+firewallPolicyStatelessRuleGroupReferencesDetails_resourceArn :: Lens.Lens' FirewallPolicyStatelessRuleGroupReferencesDetails (Prelude.Maybe Prelude.Text)
+firewallPolicyStatelessRuleGroupReferencesDetails_resourceArn = Lens.lens (\FirewallPolicyStatelessRuleGroupReferencesDetails' {resourceArn} -> resourceArn) (\s@FirewallPolicyStatelessRuleGroupReferencesDetails' {} a -> s {resourceArn = a} :: FirewallPolicyStatelessRuleGroupReferencesDetails)
+
+instance
+  Data.FromJSON
+    FirewallPolicyStatelessRuleGroupReferencesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "FirewallPolicyStatelessRuleGroupReferencesDetails"
+      ( \x ->
+          FirewallPolicyStatelessRuleGroupReferencesDetails'
+            Prelude.<$> (x Data..:? "Priority")
+            Prelude.<*> (x Data..:? "ResourceArn")
+      )
+
+instance
+  Prelude.Hashable
+    FirewallPolicyStatelessRuleGroupReferencesDetails
+  where
+  hashWithSalt
+    _salt
+    FirewallPolicyStatelessRuleGroupReferencesDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` priority
+        `Prelude.hashWithSalt` resourceArn
+
+instance
+  Prelude.NFData
+    FirewallPolicyStatelessRuleGroupReferencesDetails
+  where
+  rnf
+    FirewallPolicyStatelessRuleGroupReferencesDetails' {..} =
+      Prelude.rnf priority
+        `Prelude.seq` Prelude.rnf resourceArn
+
+instance
+  Data.ToJSON
+    FirewallPolicyStatelessRuleGroupReferencesDetails
+  where
+  toJSON
+    FirewallPolicyStatelessRuleGroupReferencesDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Priority" Data..=) Prelude.<$> priority,
+              ("ResourceArn" Data..=) Prelude.<$> resourceArn
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/GeoLocation.hs b/gen/Amazonka/SecurityHub/Types/GeoLocation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/GeoLocation.hs
@@ -0,0 +1,92 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.GeoLocation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.GeoLocation where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides the latitude and longitude coordinates of a location.
+--
+-- /See:/ 'newGeoLocation' smart constructor.
+data GeoLocation = GeoLocation'
+  { -- | The latitude of the location.
+    lat :: Prelude.Maybe Prelude.Double,
+    -- | The longitude of the location.
+    lon :: Prelude.Maybe Prelude.Double
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GeoLocation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'lat', 'geoLocation_lat' - The latitude of the location.
+--
+-- 'lon', 'geoLocation_lon' - The longitude of the location.
+newGeoLocation ::
+  GeoLocation
+newGeoLocation =
+  GeoLocation'
+    { lat = Prelude.Nothing,
+      lon = Prelude.Nothing
+    }
+
+-- | The latitude of the location.
+geoLocation_lat :: Lens.Lens' GeoLocation (Prelude.Maybe Prelude.Double)
+geoLocation_lat = Lens.lens (\GeoLocation' {lat} -> lat) (\s@GeoLocation' {} a -> s {lat = a} :: GeoLocation)
+
+-- | The longitude of the location.
+geoLocation_lon :: Lens.Lens' GeoLocation (Prelude.Maybe Prelude.Double)
+geoLocation_lon = Lens.lens (\GeoLocation' {lon} -> lon) (\s@GeoLocation' {} a -> s {lon = a} :: GeoLocation)
+
+instance Data.FromJSON GeoLocation where
+  parseJSON =
+    Data.withObject
+      "GeoLocation"
+      ( \x ->
+          GeoLocation'
+            Prelude.<$> (x Data..:? "Lat")
+            Prelude.<*> (x Data..:? "Lon")
+      )
+
+instance Prelude.Hashable GeoLocation where
+  hashWithSalt _salt GeoLocation' {..} =
+    _salt
+      `Prelude.hashWithSalt` lat
+      `Prelude.hashWithSalt` lon
+
+instance Prelude.NFData GeoLocation where
+  rnf GeoLocation' {..} =
+    Prelude.rnf lat `Prelude.seq` Prelude.rnf lon
+
+instance Data.ToJSON GeoLocation where
+  toJSON GeoLocation' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Lat" Data..=) Prelude.<$> lat,
+            ("Lon" Data..=) Prelude.<$> lon
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/IcmpTypeCode.hs b/gen/Amazonka/SecurityHub/Types/IcmpTypeCode.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/IcmpTypeCode.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.IcmpTypeCode
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.IcmpTypeCode where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An Internet Control Message Protocol (ICMP) type and code.
+--
+-- /See:/ 'newIcmpTypeCode' smart constructor.
+data IcmpTypeCode = IcmpTypeCode'
+  { -- | The ICMP code for which to deny or allow access. To deny or allow all
+    -- codes, use the value @-1@.
+    code :: Prelude.Maybe Prelude.Int,
+    -- | The ICMP type for which to deny or allow access. To deny or allow all
+    -- types, use the value @-1@.
+    type' :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'IcmpTypeCode' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'code', 'icmpTypeCode_code' - The ICMP code for which to deny or allow access. To deny or allow all
+-- codes, use the value @-1@.
+--
+-- 'type'', 'icmpTypeCode_type' - The ICMP type for which to deny or allow access. To deny or allow all
+-- types, use the value @-1@.
+newIcmpTypeCode ::
+  IcmpTypeCode
+newIcmpTypeCode =
+  IcmpTypeCode'
+    { code = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The ICMP code for which to deny or allow access. To deny or allow all
+-- codes, use the value @-1@.
+icmpTypeCode_code :: Lens.Lens' IcmpTypeCode (Prelude.Maybe Prelude.Int)
+icmpTypeCode_code = Lens.lens (\IcmpTypeCode' {code} -> code) (\s@IcmpTypeCode' {} a -> s {code = a} :: IcmpTypeCode)
+
+-- | The ICMP type for which to deny or allow access. To deny or allow all
+-- types, use the value @-1@.
+icmpTypeCode_type :: Lens.Lens' IcmpTypeCode (Prelude.Maybe Prelude.Int)
+icmpTypeCode_type = Lens.lens (\IcmpTypeCode' {type'} -> type') (\s@IcmpTypeCode' {} a -> s {type' = a} :: IcmpTypeCode)
+
+instance Data.FromJSON IcmpTypeCode where
+  parseJSON =
+    Data.withObject
+      "IcmpTypeCode"
+      ( \x ->
+          IcmpTypeCode'
+            Prelude.<$> (x Data..:? "Code")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance Prelude.Hashable IcmpTypeCode where
+  hashWithSalt _salt IcmpTypeCode' {..} =
+    _salt
+      `Prelude.hashWithSalt` code
+      `Prelude.hashWithSalt` type'
+
+instance Prelude.NFData IcmpTypeCode where
+  rnf IcmpTypeCode' {..} =
+    Prelude.rnf code `Prelude.seq` Prelude.rnf type'
+
+instance Data.ToJSON IcmpTypeCode where
+  toJSON IcmpTypeCode' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Code" Data..=) Prelude.<$> code,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/ImportFindingsError.hs b/gen/Amazonka/SecurityHub/Types/ImportFindingsError.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ImportFindingsError.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ImportFindingsError
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ImportFindingsError where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The list of the findings that cannot be imported. For each finding, the
+-- list provides the error.
+--
+-- /See:/ 'newImportFindingsError' smart constructor.
+data ImportFindingsError = ImportFindingsError'
+  { -- | The identifier of the finding that could not be updated.
+    id :: Prelude.Text,
+    -- | The code of the error returned by the @BatchImportFindings@ operation.
+    errorCode :: Prelude.Text,
+    -- | The message of the error returned by the @BatchImportFindings@
+    -- operation.
+    errorMessage :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ImportFindingsError' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'id', 'importFindingsError_id' - The identifier of the finding that could not be updated.
+--
+-- 'errorCode', 'importFindingsError_errorCode' - The code of the error returned by the @BatchImportFindings@ operation.
+--
+-- 'errorMessage', 'importFindingsError_errorMessage' - The message of the error returned by the @BatchImportFindings@
+-- operation.
+newImportFindingsError ::
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'errorCode'
+  Prelude.Text ->
+  -- | 'errorMessage'
+  Prelude.Text ->
+  ImportFindingsError
+newImportFindingsError
+  pId_
+  pErrorCode_
+  pErrorMessage_ =
+    ImportFindingsError'
+      { id = pId_,
+        errorCode = pErrorCode_,
+        errorMessage = pErrorMessage_
+      }
+
+-- | The identifier of the finding that could not be updated.
+importFindingsError_id :: Lens.Lens' ImportFindingsError Prelude.Text
+importFindingsError_id = Lens.lens (\ImportFindingsError' {id} -> id) (\s@ImportFindingsError' {} a -> s {id = a} :: ImportFindingsError)
+
+-- | The code of the error returned by the @BatchImportFindings@ operation.
+importFindingsError_errorCode :: Lens.Lens' ImportFindingsError Prelude.Text
+importFindingsError_errorCode = Lens.lens (\ImportFindingsError' {errorCode} -> errorCode) (\s@ImportFindingsError' {} a -> s {errorCode = a} :: ImportFindingsError)
+
+-- | The message of the error returned by the @BatchImportFindings@
+-- operation.
+importFindingsError_errorMessage :: Lens.Lens' ImportFindingsError Prelude.Text
+importFindingsError_errorMessage = Lens.lens (\ImportFindingsError' {errorMessage} -> errorMessage) (\s@ImportFindingsError' {} a -> s {errorMessage = a} :: ImportFindingsError)
+
+instance Data.FromJSON ImportFindingsError where
+  parseJSON =
+    Data.withObject
+      "ImportFindingsError"
+      ( \x ->
+          ImportFindingsError'
+            Prelude.<$> (x Data..: "Id")
+            Prelude.<*> (x Data..: "ErrorCode")
+            Prelude.<*> (x Data..: "ErrorMessage")
+      )
+
+instance Prelude.Hashable ImportFindingsError where
+  hashWithSalt _salt ImportFindingsError' {..} =
+    _salt
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` errorCode
+      `Prelude.hashWithSalt` errorMessage
+
+instance Prelude.NFData ImportFindingsError where
+  rnf ImportFindingsError' {..} =
+    Prelude.rnf id
+      `Prelude.seq` Prelude.rnf errorCode
+      `Prelude.seq` Prelude.rnf errorMessage
diff --git a/gen/Amazonka/SecurityHub/Types/Insight.hs b/gen/Amazonka/SecurityHub/Types/Insight.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Insight.hs
@@ -0,0 +1,136 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Insight
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Insight where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsSecurityFindingFilters
+
+-- | Contains information about a Security Hub insight.
+--
+-- /See:/ 'newInsight' smart constructor.
+data Insight = Insight'
+  { -- | The ARN of a Security Hub insight.
+    insightArn :: Prelude.Text,
+    -- | The name of a Security Hub insight.
+    name :: Prelude.Text,
+    -- | One or more attributes used to filter the findings included in the
+    -- insight. The insight only includes findings that match the criteria
+    -- defined in the filters.
+    filters :: AwsSecurityFindingFilters,
+    -- | The grouping attribute for the insight\'s findings. Indicates how to
+    -- group the matching findings, and identifies the type of item that the
+    -- insight applies to. For example, if an insight is grouped by resource
+    -- identifier, then the insight produces a list of resource identifiers.
+    groupByAttribute :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Insight' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'insightArn', 'insight_insightArn' - The ARN of a Security Hub insight.
+--
+-- 'name', 'insight_name' - The name of a Security Hub insight.
+--
+-- 'filters', 'insight_filters' - One or more attributes used to filter the findings included in the
+-- insight. The insight only includes findings that match the criteria
+-- defined in the filters.
+--
+-- 'groupByAttribute', 'insight_groupByAttribute' - The grouping attribute for the insight\'s findings. Indicates how to
+-- group the matching findings, and identifies the type of item that the
+-- insight applies to. For example, if an insight is grouped by resource
+-- identifier, then the insight produces a list of resource identifiers.
+newInsight ::
+  -- | 'insightArn'
+  Prelude.Text ->
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'filters'
+  AwsSecurityFindingFilters ->
+  -- | 'groupByAttribute'
+  Prelude.Text ->
+  Insight
+newInsight
+  pInsightArn_
+  pName_
+  pFilters_
+  pGroupByAttribute_ =
+    Insight'
+      { insightArn = pInsightArn_,
+        name = pName_,
+        filters = pFilters_,
+        groupByAttribute = pGroupByAttribute_
+      }
+
+-- | The ARN of a Security Hub insight.
+insight_insightArn :: Lens.Lens' Insight Prelude.Text
+insight_insightArn = Lens.lens (\Insight' {insightArn} -> insightArn) (\s@Insight' {} a -> s {insightArn = a} :: Insight)
+
+-- | The name of a Security Hub insight.
+insight_name :: Lens.Lens' Insight Prelude.Text
+insight_name = Lens.lens (\Insight' {name} -> name) (\s@Insight' {} a -> s {name = a} :: Insight)
+
+-- | One or more attributes used to filter the findings included in the
+-- insight. The insight only includes findings that match the criteria
+-- defined in the filters.
+insight_filters :: Lens.Lens' Insight AwsSecurityFindingFilters
+insight_filters = Lens.lens (\Insight' {filters} -> filters) (\s@Insight' {} a -> s {filters = a} :: Insight)
+
+-- | The grouping attribute for the insight\'s findings. Indicates how to
+-- group the matching findings, and identifies the type of item that the
+-- insight applies to. For example, if an insight is grouped by resource
+-- identifier, then the insight produces a list of resource identifiers.
+insight_groupByAttribute :: Lens.Lens' Insight Prelude.Text
+insight_groupByAttribute = Lens.lens (\Insight' {groupByAttribute} -> groupByAttribute) (\s@Insight' {} a -> s {groupByAttribute = a} :: Insight)
+
+instance Data.FromJSON Insight where
+  parseJSON =
+    Data.withObject
+      "Insight"
+      ( \x ->
+          Insight'
+            Prelude.<$> (x Data..: "InsightArn")
+            Prelude.<*> (x Data..: "Name")
+            Prelude.<*> (x Data..: "Filters")
+            Prelude.<*> (x Data..: "GroupByAttribute")
+      )
+
+instance Prelude.Hashable Insight where
+  hashWithSalt _salt Insight' {..} =
+    _salt
+      `Prelude.hashWithSalt` insightArn
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` filters
+      `Prelude.hashWithSalt` groupByAttribute
+
+instance Prelude.NFData Insight where
+  rnf Insight' {..} =
+    Prelude.rnf insightArn
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf filters
+      `Prelude.seq` Prelude.rnf groupByAttribute
diff --git a/gen/Amazonka/SecurityHub/Types/InsightResultValue.hs b/gen/Amazonka/SecurityHub/Types/InsightResultValue.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/InsightResultValue.hs
@@ -0,0 +1,92 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.InsightResultValue
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.InsightResultValue where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The insight result values returned by the @GetInsightResults@ operation.
+--
+-- /See:/ 'newInsightResultValue' smart constructor.
+data InsightResultValue = InsightResultValue'
+  { -- | The value of the attribute that the findings are grouped by for the
+    -- insight whose results are returned by the @GetInsightResults@ operation.
+    groupByAttributeValue :: Prelude.Text,
+    -- | The number of findings returned for each @GroupByAttributeValue@.
+    count :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'InsightResultValue' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'groupByAttributeValue', 'insightResultValue_groupByAttributeValue' - The value of the attribute that the findings are grouped by for the
+-- insight whose results are returned by the @GetInsightResults@ operation.
+--
+-- 'count', 'insightResultValue_count' - The number of findings returned for each @GroupByAttributeValue@.
+newInsightResultValue ::
+  -- | 'groupByAttributeValue'
+  Prelude.Text ->
+  -- | 'count'
+  Prelude.Int ->
+  InsightResultValue
+newInsightResultValue pGroupByAttributeValue_ pCount_ =
+  InsightResultValue'
+    { groupByAttributeValue =
+        pGroupByAttributeValue_,
+      count = pCount_
+    }
+
+-- | The value of the attribute that the findings are grouped by for the
+-- insight whose results are returned by the @GetInsightResults@ operation.
+insightResultValue_groupByAttributeValue :: Lens.Lens' InsightResultValue Prelude.Text
+insightResultValue_groupByAttributeValue = Lens.lens (\InsightResultValue' {groupByAttributeValue} -> groupByAttributeValue) (\s@InsightResultValue' {} a -> s {groupByAttributeValue = a} :: InsightResultValue)
+
+-- | The number of findings returned for each @GroupByAttributeValue@.
+insightResultValue_count :: Lens.Lens' InsightResultValue Prelude.Int
+insightResultValue_count = Lens.lens (\InsightResultValue' {count} -> count) (\s@InsightResultValue' {} a -> s {count = a} :: InsightResultValue)
+
+instance Data.FromJSON InsightResultValue where
+  parseJSON =
+    Data.withObject
+      "InsightResultValue"
+      ( \x ->
+          InsightResultValue'
+            Prelude.<$> (x Data..: "GroupByAttributeValue")
+            Prelude.<*> (x Data..: "Count")
+      )
+
+instance Prelude.Hashable InsightResultValue where
+  hashWithSalt _salt InsightResultValue' {..} =
+    _salt
+      `Prelude.hashWithSalt` groupByAttributeValue
+      `Prelude.hashWithSalt` count
+
+instance Prelude.NFData InsightResultValue where
+  rnf InsightResultValue' {..} =
+    Prelude.rnf groupByAttributeValue
+      `Prelude.seq` Prelude.rnf count
diff --git a/gen/Amazonka/SecurityHub/Types/InsightResults.hs b/gen/Amazonka/SecurityHub/Types/InsightResults.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/InsightResults.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.InsightResults
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.InsightResults where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.InsightResultValue
+
+-- | The insight results returned by the @GetInsightResults@ operation.
+--
+-- /See:/ 'newInsightResults' smart constructor.
+data InsightResults = InsightResults'
+  { -- | The ARN of the insight whose results are returned by the
+    -- @GetInsightResults@ operation.
+    insightArn :: Prelude.Text,
+    -- | The attribute that the findings are grouped by for the insight whose
+    -- results are returned by the @GetInsightResults@ operation.
+    groupByAttribute :: Prelude.Text,
+    -- | The list of insight result values returned by the @GetInsightResults@
+    -- operation.
+    resultValues :: [InsightResultValue]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'InsightResults' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'insightArn', 'insightResults_insightArn' - The ARN of the insight whose results are returned by the
+-- @GetInsightResults@ operation.
+--
+-- 'groupByAttribute', 'insightResults_groupByAttribute' - The attribute that the findings are grouped by for the insight whose
+-- results are returned by the @GetInsightResults@ operation.
+--
+-- 'resultValues', 'insightResults_resultValues' - The list of insight result values returned by the @GetInsightResults@
+-- operation.
+newInsightResults ::
+  -- | 'insightArn'
+  Prelude.Text ->
+  -- | 'groupByAttribute'
+  Prelude.Text ->
+  InsightResults
+newInsightResults pInsightArn_ pGroupByAttribute_ =
+  InsightResults'
+    { insightArn = pInsightArn_,
+      groupByAttribute = pGroupByAttribute_,
+      resultValues = Prelude.mempty
+    }
+
+-- | The ARN of the insight whose results are returned by the
+-- @GetInsightResults@ operation.
+insightResults_insightArn :: Lens.Lens' InsightResults Prelude.Text
+insightResults_insightArn = Lens.lens (\InsightResults' {insightArn} -> insightArn) (\s@InsightResults' {} a -> s {insightArn = a} :: InsightResults)
+
+-- | The attribute that the findings are grouped by for the insight whose
+-- results are returned by the @GetInsightResults@ operation.
+insightResults_groupByAttribute :: Lens.Lens' InsightResults Prelude.Text
+insightResults_groupByAttribute = Lens.lens (\InsightResults' {groupByAttribute} -> groupByAttribute) (\s@InsightResults' {} a -> s {groupByAttribute = a} :: InsightResults)
+
+-- | The list of insight result values returned by the @GetInsightResults@
+-- operation.
+insightResults_resultValues :: Lens.Lens' InsightResults [InsightResultValue]
+insightResults_resultValues = Lens.lens (\InsightResults' {resultValues} -> resultValues) (\s@InsightResults' {} a -> s {resultValues = a} :: InsightResults) Prelude.. Lens.coerced
+
+instance Data.FromJSON InsightResults where
+  parseJSON =
+    Data.withObject
+      "InsightResults"
+      ( \x ->
+          InsightResults'
+            Prelude.<$> (x Data..: "InsightArn")
+            Prelude.<*> (x Data..: "GroupByAttribute")
+            Prelude.<*> (x Data..:? "ResultValues" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable InsightResults where
+  hashWithSalt _salt InsightResults' {..} =
+    _salt
+      `Prelude.hashWithSalt` insightArn
+      `Prelude.hashWithSalt` groupByAttribute
+      `Prelude.hashWithSalt` resultValues
+
+instance Prelude.NFData InsightResults where
+  rnf InsightResults' {..} =
+    Prelude.rnf insightArn
+      `Prelude.seq` Prelude.rnf groupByAttribute
+      `Prelude.seq` Prelude.rnf resultValues
diff --git a/gen/Amazonka/SecurityHub/Types/IntegrationType.hs b/gen/Amazonka/SecurityHub/Types/IntegrationType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/IntegrationType.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.IntegrationType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.IntegrationType
+  ( IntegrationType
+      ( ..,
+        IntegrationType_RECEIVE_FINDINGS_FROM_SECURITY_HUB,
+        IntegrationType_SEND_FINDINGS_TO_SECURITY_HUB,
+        IntegrationType_UPDATE_FINDINGS_IN_SECURITY_HUB
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype IntegrationType = IntegrationType'
+  { fromIntegrationType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern IntegrationType_RECEIVE_FINDINGS_FROM_SECURITY_HUB :: IntegrationType
+pattern IntegrationType_RECEIVE_FINDINGS_FROM_SECURITY_HUB = IntegrationType' "RECEIVE_FINDINGS_FROM_SECURITY_HUB"
+
+pattern IntegrationType_SEND_FINDINGS_TO_SECURITY_HUB :: IntegrationType
+pattern IntegrationType_SEND_FINDINGS_TO_SECURITY_HUB = IntegrationType' "SEND_FINDINGS_TO_SECURITY_HUB"
+
+pattern IntegrationType_UPDATE_FINDINGS_IN_SECURITY_HUB :: IntegrationType
+pattern IntegrationType_UPDATE_FINDINGS_IN_SECURITY_HUB = IntegrationType' "UPDATE_FINDINGS_IN_SECURITY_HUB"
+
+{-# COMPLETE
+  IntegrationType_RECEIVE_FINDINGS_FROM_SECURITY_HUB,
+  IntegrationType_SEND_FINDINGS_TO_SECURITY_HUB,
+  IntegrationType_UPDATE_FINDINGS_IN_SECURITY_HUB,
+  IntegrationType'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/Invitation.hs b/gen/Amazonka/SecurityHub/Types/Invitation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Invitation.hs
@@ -0,0 +1,114 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Invitation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Invitation where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about an invitation.
+--
+-- /See:/ 'newInvitation' smart constructor.
+data Invitation = Invitation'
+  { -- | The account ID of the Security Hub administrator account that the
+    -- invitation was sent from.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the invitation sent to the member account.
+    invitationId :: Prelude.Maybe Prelude.Text,
+    -- | The timestamp of when the invitation was sent.
+    invitedAt :: Prelude.Maybe Data.ISO8601,
+    -- | The current status of the association between the member and
+    -- administrator accounts.
+    memberStatus :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Invitation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'invitation_accountId' - The account ID of the Security Hub administrator account that the
+-- invitation was sent from.
+--
+-- 'invitationId', 'invitation_invitationId' - The ID of the invitation sent to the member account.
+--
+-- 'invitedAt', 'invitation_invitedAt' - The timestamp of when the invitation was sent.
+--
+-- 'memberStatus', 'invitation_memberStatus' - The current status of the association between the member and
+-- administrator accounts.
+newInvitation ::
+  Invitation
+newInvitation =
+  Invitation'
+    { accountId = Prelude.Nothing,
+      invitationId = Prelude.Nothing,
+      invitedAt = Prelude.Nothing,
+      memberStatus = Prelude.Nothing
+    }
+
+-- | The account ID of the Security Hub administrator account that the
+-- invitation was sent from.
+invitation_accountId :: Lens.Lens' Invitation (Prelude.Maybe Prelude.Text)
+invitation_accountId = Lens.lens (\Invitation' {accountId} -> accountId) (\s@Invitation' {} a -> s {accountId = a} :: Invitation)
+
+-- | The ID of the invitation sent to the member account.
+invitation_invitationId :: Lens.Lens' Invitation (Prelude.Maybe Prelude.Text)
+invitation_invitationId = Lens.lens (\Invitation' {invitationId} -> invitationId) (\s@Invitation' {} a -> s {invitationId = a} :: Invitation)
+
+-- | The timestamp of when the invitation was sent.
+invitation_invitedAt :: Lens.Lens' Invitation (Prelude.Maybe Prelude.UTCTime)
+invitation_invitedAt = Lens.lens (\Invitation' {invitedAt} -> invitedAt) (\s@Invitation' {} a -> s {invitedAt = a} :: Invitation) Prelude.. Lens.mapping Data._Time
+
+-- | The current status of the association between the member and
+-- administrator accounts.
+invitation_memberStatus :: Lens.Lens' Invitation (Prelude.Maybe Prelude.Text)
+invitation_memberStatus = Lens.lens (\Invitation' {memberStatus} -> memberStatus) (\s@Invitation' {} a -> s {memberStatus = a} :: Invitation)
+
+instance Data.FromJSON Invitation where
+  parseJSON =
+    Data.withObject
+      "Invitation"
+      ( \x ->
+          Invitation'
+            Prelude.<$> (x Data..:? "AccountId")
+            Prelude.<*> (x Data..:? "InvitationId")
+            Prelude.<*> (x Data..:? "InvitedAt")
+            Prelude.<*> (x Data..:? "MemberStatus")
+      )
+
+instance Prelude.Hashable Invitation where
+  hashWithSalt _salt Invitation' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` invitationId
+      `Prelude.hashWithSalt` invitedAt
+      `Prelude.hashWithSalt` memberStatus
+
+instance Prelude.NFData Invitation where
+  rnf Invitation' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf invitationId
+      `Prelude.seq` Prelude.rnf invitedAt
+      `Prelude.seq` Prelude.rnf memberStatus
diff --git a/gen/Amazonka/SecurityHub/Types/IpFilter.hs b/gen/Amazonka/SecurityHub/Types/IpFilter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/IpFilter.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.IpFilter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.IpFilter where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The IP filter for querying findings.
+--
+-- /See:/ 'newIpFilter' smart constructor.
+data IpFilter = IpFilter'
+  { -- | A finding\'s CIDR value.
+    cidr :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'IpFilter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cidr', 'ipFilter_cidr' - A finding\'s CIDR value.
+newIpFilter ::
+  IpFilter
+newIpFilter = IpFilter' {cidr = Prelude.Nothing}
+
+-- | A finding\'s CIDR value.
+ipFilter_cidr :: Lens.Lens' IpFilter (Prelude.Maybe Prelude.Text)
+ipFilter_cidr = Lens.lens (\IpFilter' {cidr} -> cidr) (\s@IpFilter' {} a -> s {cidr = a} :: IpFilter)
+
+instance Data.FromJSON IpFilter where
+  parseJSON =
+    Data.withObject
+      "IpFilter"
+      (\x -> IpFilter' Prelude.<$> (x Data..:? "Cidr"))
+
+instance Prelude.Hashable IpFilter where
+  hashWithSalt _salt IpFilter' {..} =
+    _salt `Prelude.hashWithSalt` cidr
+
+instance Prelude.NFData IpFilter where
+  rnf IpFilter' {..} = Prelude.rnf cidr
+
+instance Data.ToJSON IpFilter where
+  toJSON IpFilter' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Cidr" Data..=) Prelude.<$> cidr]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/IpOrganizationDetails.hs b/gen/Amazonka/SecurityHub/Types/IpOrganizationDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/IpOrganizationDetails.hs
@@ -0,0 +1,119 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.IpOrganizationDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.IpOrganizationDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about an internet provider.
+--
+-- /See:/ 'newIpOrganizationDetails' smart constructor.
+data IpOrganizationDetails = IpOrganizationDetails'
+  { -- | The Autonomous System Number (ASN) of the internet provider
+    asn :: Prelude.Maybe Prelude.Int,
+    -- | The name of the organization that registered the ASN.
+    asnOrg :: Prelude.Maybe Prelude.Text,
+    -- | The ISP information for the internet provider.
+    isp :: Prelude.Maybe Prelude.Text,
+    -- | The name of the internet provider.
+    org :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'IpOrganizationDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'asn', 'ipOrganizationDetails_asn' - The Autonomous System Number (ASN) of the internet provider
+--
+-- 'asnOrg', 'ipOrganizationDetails_asnOrg' - The name of the organization that registered the ASN.
+--
+-- 'isp', 'ipOrganizationDetails_isp' - The ISP information for the internet provider.
+--
+-- 'org', 'ipOrganizationDetails_org' - The name of the internet provider.
+newIpOrganizationDetails ::
+  IpOrganizationDetails
+newIpOrganizationDetails =
+  IpOrganizationDetails'
+    { asn = Prelude.Nothing,
+      asnOrg = Prelude.Nothing,
+      isp = Prelude.Nothing,
+      org = Prelude.Nothing
+    }
+
+-- | The Autonomous System Number (ASN) of the internet provider
+ipOrganizationDetails_asn :: Lens.Lens' IpOrganizationDetails (Prelude.Maybe Prelude.Int)
+ipOrganizationDetails_asn = Lens.lens (\IpOrganizationDetails' {asn} -> asn) (\s@IpOrganizationDetails' {} a -> s {asn = a} :: IpOrganizationDetails)
+
+-- | The name of the organization that registered the ASN.
+ipOrganizationDetails_asnOrg :: Lens.Lens' IpOrganizationDetails (Prelude.Maybe Prelude.Text)
+ipOrganizationDetails_asnOrg = Lens.lens (\IpOrganizationDetails' {asnOrg} -> asnOrg) (\s@IpOrganizationDetails' {} a -> s {asnOrg = a} :: IpOrganizationDetails)
+
+-- | The ISP information for the internet provider.
+ipOrganizationDetails_isp :: Lens.Lens' IpOrganizationDetails (Prelude.Maybe Prelude.Text)
+ipOrganizationDetails_isp = Lens.lens (\IpOrganizationDetails' {isp} -> isp) (\s@IpOrganizationDetails' {} a -> s {isp = a} :: IpOrganizationDetails)
+
+-- | The name of the internet provider.
+ipOrganizationDetails_org :: Lens.Lens' IpOrganizationDetails (Prelude.Maybe Prelude.Text)
+ipOrganizationDetails_org = Lens.lens (\IpOrganizationDetails' {org} -> org) (\s@IpOrganizationDetails' {} a -> s {org = a} :: IpOrganizationDetails)
+
+instance Data.FromJSON IpOrganizationDetails where
+  parseJSON =
+    Data.withObject
+      "IpOrganizationDetails"
+      ( \x ->
+          IpOrganizationDetails'
+            Prelude.<$> (x Data..:? "Asn")
+            Prelude.<*> (x Data..:? "AsnOrg")
+            Prelude.<*> (x Data..:? "Isp")
+            Prelude.<*> (x Data..:? "Org")
+      )
+
+instance Prelude.Hashable IpOrganizationDetails where
+  hashWithSalt _salt IpOrganizationDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` asn
+      `Prelude.hashWithSalt` asnOrg
+      `Prelude.hashWithSalt` isp
+      `Prelude.hashWithSalt` org
+
+instance Prelude.NFData IpOrganizationDetails where
+  rnf IpOrganizationDetails' {..} =
+    Prelude.rnf asn
+      `Prelude.seq` Prelude.rnf asnOrg
+      `Prelude.seq` Prelude.rnf isp
+      `Prelude.seq` Prelude.rnf org
+
+instance Data.ToJSON IpOrganizationDetails where
+  toJSON IpOrganizationDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Asn" Data..=) Prelude.<$> asn,
+            ("AsnOrg" Data..=) Prelude.<$> asnOrg,
+            ("Isp" Data..=) Prelude.<$> isp,
+            ("Org" Data..=) Prelude.<$> org
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Ipv6CidrBlockAssociation.hs b/gen/Amazonka/SecurityHub/Types/Ipv6CidrBlockAssociation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Ipv6CidrBlockAssociation.hs
@@ -0,0 +1,147 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Ipv6CidrBlockAssociation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Ipv6CidrBlockAssociation where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An IPV6 CIDR block association.
+--
+-- /See:/ 'newIpv6CidrBlockAssociation' smart constructor.
+data Ipv6CidrBlockAssociation = Ipv6CidrBlockAssociation'
+  { -- | The association ID for the IPv6 CIDR block.
+    associationId :: Prelude.Maybe Prelude.Text,
+    -- | Information about the state of the CIDR block. Valid values are as
+    -- follows:
+    --
+    -- -   @associating@
+    --
+    -- -   @associated@
+    --
+    -- -   @disassociating@
+    --
+    -- -   @disassociated@
+    --
+    -- -   @failed@
+    --
+    -- -   @failing@
+    cidrBlockState :: Prelude.Maybe Prelude.Text,
+    -- | The IPv6 CIDR block.
+    ipv6CidrBlock :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Ipv6CidrBlockAssociation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'associationId', 'ipv6CidrBlockAssociation_associationId' - The association ID for the IPv6 CIDR block.
+--
+-- 'cidrBlockState', 'ipv6CidrBlockAssociation_cidrBlockState' - Information about the state of the CIDR block. Valid values are as
+-- follows:
+--
+-- -   @associating@
+--
+-- -   @associated@
+--
+-- -   @disassociating@
+--
+-- -   @disassociated@
+--
+-- -   @failed@
+--
+-- -   @failing@
+--
+-- 'ipv6CidrBlock', 'ipv6CidrBlockAssociation_ipv6CidrBlock' - The IPv6 CIDR block.
+newIpv6CidrBlockAssociation ::
+  Ipv6CidrBlockAssociation
+newIpv6CidrBlockAssociation =
+  Ipv6CidrBlockAssociation'
+    { associationId =
+        Prelude.Nothing,
+      cidrBlockState = Prelude.Nothing,
+      ipv6CidrBlock = Prelude.Nothing
+    }
+
+-- | The association ID for the IPv6 CIDR block.
+ipv6CidrBlockAssociation_associationId :: Lens.Lens' Ipv6CidrBlockAssociation (Prelude.Maybe Prelude.Text)
+ipv6CidrBlockAssociation_associationId = Lens.lens (\Ipv6CidrBlockAssociation' {associationId} -> associationId) (\s@Ipv6CidrBlockAssociation' {} a -> s {associationId = a} :: Ipv6CidrBlockAssociation)
+
+-- | Information about the state of the CIDR block. Valid values are as
+-- follows:
+--
+-- -   @associating@
+--
+-- -   @associated@
+--
+-- -   @disassociating@
+--
+-- -   @disassociated@
+--
+-- -   @failed@
+--
+-- -   @failing@
+ipv6CidrBlockAssociation_cidrBlockState :: Lens.Lens' Ipv6CidrBlockAssociation (Prelude.Maybe Prelude.Text)
+ipv6CidrBlockAssociation_cidrBlockState = Lens.lens (\Ipv6CidrBlockAssociation' {cidrBlockState} -> cidrBlockState) (\s@Ipv6CidrBlockAssociation' {} a -> s {cidrBlockState = a} :: Ipv6CidrBlockAssociation)
+
+-- | The IPv6 CIDR block.
+ipv6CidrBlockAssociation_ipv6CidrBlock :: Lens.Lens' Ipv6CidrBlockAssociation (Prelude.Maybe Prelude.Text)
+ipv6CidrBlockAssociation_ipv6CidrBlock = Lens.lens (\Ipv6CidrBlockAssociation' {ipv6CidrBlock} -> ipv6CidrBlock) (\s@Ipv6CidrBlockAssociation' {} a -> s {ipv6CidrBlock = a} :: Ipv6CidrBlockAssociation)
+
+instance Data.FromJSON Ipv6CidrBlockAssociation where
+  parseJSON =
+    Data.withObject
+      "Ipv6CidrBlockAssociation"
+      ( \x ->
+          Ipv6CidrBlockAssociation'
+            Prelude.<$> (x Data..:? "AssociationId")
+            Prelude.<*> (x Data..:? "CidrBlockState")
+            Prelude.<*> (x Data..:? "Ipv6CidrBlock")
+      )
+
+instance Prelude.Hashable Ipv6CidrBlockAssociation where
+  hashWithSalt _salt Ipv6CidrBlockAssociation' {..} =
+    _salt
+      `Prelude.hashWithSalt` associationId
+      `Prelude.hashWithSalt` cidrBlockState
+      `Prelude.hashWithSalt` ipv6CidrBlock
+
+instance Prelude.NFData Ipv6CidrBlockAssociation where
+  rnf Ipv6CidrBlockAssociation' {..} =
+    Prelude.rnf associationId
+      `Prelude.seq` Prelude.rnf cidrBlockState
+      `Prelude.seq` Prelude.rnf ipv6CidrBlock
+
+instance Data.ToJSON Ipv6CidrBlockAssociation where
+  toJSON Ipv6CidrBlockAssociation' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AssociationId" Data..=) Prelude.<$> associationId,
+            ("CidrBlockState" Data..=)
+              Prelude.<$> cidrBlockState,
+            ("Ipv6CidrBlock" Data..=) Prelude.<$> ipv6CidrBlock
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/KeywordFilter.hs b/gen/Amazonka/SecurityHub/Types/KeywordFilter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/KeywordFilter.hs
@@ -0,0 +1,74 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.KeywordFilter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.KeywordFilter where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A keyword filter for querying findings.
+--
+-- /See:/ 'newKeywordFilter' smart constructor.
+data KeywordFilter = KeywordFilter'
+  { -- | A value for the keyword.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'KeywordFilter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'value', 'keywordFilter_value' - A value for the keyword.
+newKeywordFilter ::
+  KeywordFilter
+newKeywordFilter =
+  KeywordFilter' {value = Prelude.Nothing}
+
+-- | A value for the keyword.
+keywordFilter_value :: Lens.Lens' KeywordFilter (Prelude.Maybe Prelude.Text)
+keywordFilter_value = Lens.lens (\KeywordFilter' {value} -> value) (\s@KeywordFilter' {} a -> s {value = a} :: KeywordFilter)
+
+instance Data.FromJSON KeywordFilter where
+  parseJSON =
+    Data.withObject
+      "KeywordFilter"
+      ( \x ->
+          KeywordFilter' Prelude.<$> (x Data..:? "Value")
+      )
+
+instance Prelude.Hashable KeywordFilter where
+  hashWithSalt _salt KeywordFilter' {..} =
+    _salt `Prelude.hashWithSalt` value
+
+instance Prelude.NFData KeywordFilter where
+  rnf KeywordFilter' {..} = Prelude.rnf value
+
+instance Data.ToJSON KeywordFilter where
+  toJSON KeywordFilter' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Value" Data..=) Prelude.<$> value]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/LoadBalancerState.hs b/gen/Amazonka/SecurityHub/Types/LoadBalancerState.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/LoadBalancerState.hs
@@ -0,0 +1,107 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.LoadBalancerState
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.LoadBalancerState where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the state of the load balancer.
+--
+-- /See:/ 'newLoadBalancerState' smart constructor.
+data LoadBalancerState = LoadBalancerState'
+  { -- | The state code. The initial state of the load balancer is provisioning.
+    --
+    -- After the load balancer is fully set up and ready to route traffic, its
+    -- state is active.
+    --
+    -- If the load balancer could not be set up, its state is failed.
+    code :: Prelude.Maybe Prelude.Text,
+    -- | A description of the state.
+    reason :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'LoadBalancerState' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'code', 'loadBalancerState_code' - The state code. The initial state of the load balancer is provisioning.
+--
+-- After the load balancer is fully set up and ready to route traffic, its
+-- state is active.
+--
+-- If the load balancer could not be set up, its state is failed.
+--
+-- 'reason', 'loadBalancerState_reason' - A description of the state.
+newLoadBalancerState ::
+  LoadBalancerState
+newLoadBalancerState =
+  LoadBalancerState'
+    { code = Prelude.Nothing,
+      reason = Prelude.Nothing
+    }
+
+-- | The state code. The initial state of the load balancer is provisioning.
+--
+-- After the load balancer is fully set up and ready to route traffic, its
+-- state is active.
+--
+-- If the load balancer could not be set up, its state is failed.
+loadBalancerState_code :: Lens.Lens' LoadBalancerState (Prelude.Maybe Prelude.Text)
+loadBalancerState_code = Lens.lens (\LoadBalancerState' {code} -> code) (\s@LoadBalancerState' {} a -> s {code = a} :: LoadBalancerState)
+
+-- | A description of the state.
+loadBalancerState_reason :: Lens.Lens' LoadBalancerState (Prelude.Maybe Prelude.Text)
+loadBalancerState_reason = Lens.lens (\LoadBalancerState' {reason} -> reason) (\s@LoadBalancerState' {} a -> s {reason = a} :: LoadBalancerState)
+
+instance Data.FromJSON LoadBalancerState where
+  parseJSON =
+    Data.withObject
+      "LoadBalancerState"
+      ( \x ->
+          LoadBalancerState'
+            Prelude.<$> (x Data..:? "Code")
+            Prelude.<*> (x Data..:? "Reason")
+      )
+
+instance Prelude.Hashable LoadBalancerState where
+  hashWithSalt _salt LoadBalancerState' {..} =
+    _salt
+      `Prelude.hashWithSalt` code
+      `Prelude.hashWithSalt` reason
+
+instance Prelude.NFData LoadBalancerState where
+  rnf LoadBalancerState' {..} =
+    Prelude.rnf code `Prelude.seq` Prelude.rnf reason
+
+instance Data.ToJSON LoadBalancerState where
+  toJSON LoadBalancerState' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Code" Data..=) Prelude.<$> code,
+            ("Reason" Data..=) Prelude.<$> reason
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Malware.hs b/gen/Amazonka/SecurityHub/Types/Malware.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Malware.hs
@@ -0,0 +1,123 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Malware
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Malware where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.MalwareState
+import Amazonka.SecurityHub.Types.MalwareType
+
+-- | A list of malware related to a finding.
+--
+-- /See:/ 'newMalware' smart constructor.
+data Malware = Malware'
+  { -- | The file system path of the malware that was observed.
+    path :: Prelude.Maybe Prelude.Text,
+    -- | The state of the malware that was observed.
+    state :: Prelude.Maybe MalwareState,
+    -- | The type of the malware that was observed.
+    type' :: Prelude.Maybe MalwareType,
+    -- | The name of the malware that was observed.
+    name :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Malware' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'path', 'malware_path' - The file system path of the malware that was observed.
+--
+-- 'state', 'malware_state' - The state of the malware that was observed.
+--
+-- 'type'', 'malware_type' - The type of the malware that was observed.
+--
+-- 'name', 'malware_name' - The name of the malware that was observed.
+newMalware ::
+  -- | 'name'
+  Prelude.Text ->
+  Malware
+newMalware pName_ =
+  Malware'
+    { path = Prelude.Nothing,
+      state = Prelude.Nothing,
+      type' = Prelude.Nothing,
+      name = pName_
+    }
+
+-- | The file system path of the malware that was observed.
+malware_path :: Lens.Lens' Malware (Prelude.Maybe Prelude.Text)
+malware_path = Lens.lens (\Malware' {path} -> path) (\s@Malware' {} a -> s {path = a} :: Malware)
+
+-- | The state of the malware that was observed.
+malware_state :: Lens.Lens' Malware (Prelude.Maybe MalwareState)
+malware_state = Lens.lens (\Malware' {state} -> state) (\s@Malware' {} a -> s {state = a} :: Malware)
+
+-- | The type of the malware that was observed.
+malware_type :: Lens.Lens' Malware (Prelude.Maybe MalwareType)
+malware_type = Lens.lens (\Malware' {type'} -> type') (\s@Malware' {} a -> s {type' = a} :: Malware)
+
+-- | The name of the malware that was observed.
+malware_name :: Lens.Lens' Malware Prelude.Text
+malware_name = Lens.lens (\Malware' {name} -> name) (\s@Malware' {} a -> s {name = a} :: Malware)
+
+instance Data.FromJSON Malware where
+  parseJSON =
+    Data.withObject
+      "Malware"
+      ( \x ->
+          Malware'
+            Prelude.<$> (x Data..:? "Path")
+            Prelude.<*> (x Data..:? "State")
+            Prelude.<*> (x Data..:? "Type")
+            Prelude.<*> (x Data..: "Name")
+      )
+
+instance Prelude.Hashable Malware where
+  hashWithSalt _salt Malware' {..} =
+    _salt
+      `Prelude.hashWithSalt` path
+      `Prelude.hashWithSalt` state
+      `Prelude.hashWithSalt` type'
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData Malware where
+  rnf Malware' {..} =
+    Prelude.rnf path
+      `Prelude.seq` Prelude.rnf state
+      `Prelude.seq` Prelude.rnf type'
+      `Prelude.seq` Prelude.rnf name
+
+instance Data.ToJSON Malware where
+  toJSON Malware' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Path" Data..=) Prelude.<$> path,
+            ("State" Data..=) Prelude.<$> state,
+            ("Type" Data..=) Prelude.<$> type',
+            Prelude.Just ("Name" Data..= name)
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/MalwareState.hs b/gen/Amazonka/SecurityHub/Types/MalwareState.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/MalwareState.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.MalwareState
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.MalwareState
+  ( MalwareState
+      ( ..,
+        MalwareState_OBSERVED,
+        MalwareState_REMOVAL_FAILED,
+        MalwareState_REMOVED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype MalwareState = MalwareState'
+  { fromMalwareState ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern MalwareState_OBSERVED :: MalwareState
+pattern MalwareState_OBSERVED = MalwareState' "OBSERVED"
+
+pattern MalwareState_REMOVAL_FAILED :: MalwareState
+pattern MalwareState_REMOVAL_FAILED = MalwareState' "REMOVAL_FAILED"
+
+pattern MalwareState_REMOVED :: MalwareState
+pattern MalwareState_REMOVED = MalwareState' "REMOVED"
+
+{-# COMPLETE
+  MalwareState_OBSERVED,
+  MalwareState_REMOVAL_FAILED,
+  MalwareState_REMOVED,
+  MalwareState'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/MalwareType.hs b/gen/Amazonka/SecurityHub/Types/MalwareType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/MalwareType.hs
@@ -0,0 +1,136 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.MalwareType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.MalwareType
+  ( MalwareType
+      ( ..,
+        MalwareType_ADWARE,
+        MalwareType_BLENDED_THREAT,
+        MalwareType_BOTNET_AGENT,
+        MalwareType_COIN_MINER,
+        MalwareType_EXPLOIT_KIT,
+        MalwareType_KEYLOGGER,
+        MalwareType_MACRO,
+        MalwareType_POTENTIALLY_UNWANTED,
+        MalwareType_RANSOMWARE,
+        MalwareType_REMOTE_ACCESS,
+        MalwareType_ROOTKIT,
+        MalwareType_SPYWARE,
+        MalwareType_TROJAN,
+        MalwareType_VIRUS,
+        MalwareType_WORM
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype MalwareType = MalwareType'
+  { fromMalwareType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern MalwareType_ADWARE :: MalwareType
+pattern MalwareType_ADWARE = MalwareType' "ADWARE"
+
+pattern MalwareType_BLENDED_THREAT :: MalwareType
+pattern MalwareType_BLENDED_THREAT = MalwareType' "BLENDED_THREAT"
+
+pattern MalwareType_BOTNET_AGENT :: MalwareType
+pattern MalwareType_BOTNET_AGENT = MalwareType' "BOTNET_AGENT"
+
+pattern MalwareType_COIN_MINER :: MalwareType
+pattern MalwareType_COIN_MINER = MalwareType' "COIN_MINER"
+
+pattern MalwareType_EXPLOIT_KIT :: MalwareType
+pattern MalwareType_EXPLOIT_KIT = MalwareType' "EXPLOIT_KIT"
+
+pattern MalwareType_KEYLOGGER :: MalwareType
+pattern MalwareType_KEYLOGGER = MalwareType' "KEYLOGGER"
+
+pattern MalwareType_MACRO :: MalwareType
+pattern MalwareType_MACRO = MalwareType' "MACRO"
+
+pattern MalwareType_POTENTIALLY_UNWANTED :: MalwareType
+pattern MalwareType_POTENTIALLY_UNWANTED = MalwareType' "POTENTIALLY_UNWANTED"
+
+pattern MalwareType_RANSOMWARE :: MalwareType
+pattern MalwareType_RANSOMWARE = MalwareType' "RANSOMWARE"
+
+pattern MalwareType_REMOTE_ACCESS :: MalwareType
+pattern MalwareType_REMOTE_ACCESS = MalwareType' "REMOTE_ACCESS"
+
+pattern MalwareType_ROOTKIT :: MalwareType
+pattern MalwareType_ROOTKIT = MalwareType' "ROOTKIT"
+
+pattern MalwareType_SPYWARE :: MalwareType
+pattern MalwareType_SPYWARE = MalwareType' "SPYWARE"
+
+pattern MalwareType_TROJAN :: MalwareType
+pattern MalwareType_TROJAN = MalwareType' "TROJAN"
+
+pattern MalwareType_VIRUS :: MalwareType
+pattern MalwareType_VIRUS = MalwareType' "VIRUS"
+
+pattern MalwareType_WORM :: MalwareType
+pattern MalwareType_WORM = MalwareType' "WORM"
+
+{-# COMPLETE
+  MalwareType_ADWARE,
+  MalwareType_BLENDED_THREAT,
+  MalwareType_BOTNET_AGENT,
+  MalwareType_COIN_MINER,
+  MalwareType_EXPLOIT_KIT,
+  MalwareType_KEYLOGGER,
+  MalwareType_MACRO,
+  MalwareType_POTENTIALLY_UNWANTED,
+  MalwareType_RANSOMWARE,
+  MalwareType_REMOTE_ACCESS,
+  MalwareType_ROOTKIT,
+  MalwareType_SPYWARE,
+  MalwareType_TROJAN,
+  MalwareType_VIRUS,
+  MalwareType_WORM,
+  MalwareType'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/MapFilter.hs b/gen/Amazonka/SecurityHub/Types/MapFilter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/MapFilter.hs
@@ -0,0 +1,183 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.MapFilter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.MapFilter where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.MapFilterComparison
+
+-- | A map filter for querying findings. Each map filter provides the field
+-- to check, the value to look for, and the comparison operator.
+--
+-- /See:/ 'newMapFilter' smart constructor.
+data MapFilter = MapFilter'
+  { -- | The condition to apply to the key value when querying for findings with
+    -- a map filter.
+    --
+    -- To search for values that exactly match the filter value, use @EQUALS@.
+    -- For example, for the @ResourceTags@ field, the filter
+    -- @Department EQUALS Security@ matches findings that have the value
+    -- @Security@ for the tag @Department@.
+    --
+    -- To search for values other than the filter value, use @NOT_EQUALS@. For
+    -- example, for the @ResourceTags@ field, the filter
+    -- @Department NOT_EQUALS Finance@ matches findings that do not have the
+    -- value @Finance@ for the tag @Department@.
+    --
+    -- @EQUALS@ filters on the same field are joined by @OR@. A finding matches
+    -- if it matches any one of those filters.
+    --
+    -- @NOT_EQUALS@ filters on the same field are joined by @AND@. A finding
+    -- matches only if it matches all of those filters.
+    --
+    -- You cannot have both an @EQUALS@ filter and a @NOT_EQUALS@ filter on the
+    -- same field.
+    comparison :: Prelude.Maybe MapFilterComparison,
+    -- | The key of the map filter. For example, for @ResourceTags@, @Key@
+    -- identifies the name of the tag. For @UserDefinedFields@, @Key@ is the
+    -- name of the field.
+    key :: Prelude.Maybe Prelude.Text,
+    -- | The value for the key in the map filter. Filter values are case
+    -- sensitive. For example, one of the values for a tag called @Department@
+    -- might be @Security@. If you provide @security@ as the filter value, then
+    -- there is no match.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'MapFilter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'comparison', 'mapFilter_comparison' - The condition to apply to the key value when querying for findings with
+-- a map filter.
+--
+-- To search for values that exactly match the filter value, use @EQUALS@.
+-- For example, for the @ResourceTags@ field, the filter
+-- @Department EQUALS Security@ matches findings that have the value
+-- @Security@ for the tag @Department@.
+--
+-- To search for values other than the filter value, use @NOT_EQUALS@. For
+-- example, for the @ResourceTags@ field, the filter
+-- @Department NOT_EQUALS Finance@ matches findings that do not have the
+-- value @Finance@ for the tag @Department@.
+--
+-- @EQUALS@ filters on the same field are joined by @OR@. A finding matches
+-- if it matches any one of those filters.
+--
+-- @NOT_EQUALS@ filters on the same field are joined by @AND@. A finding
+-- matches only if it matches all of those filters.
+--
+-- You cannot have both an @EQUALS@ filter and a @NOT_EQUALS@ filter on the
+-- same field.
+--
+-- 'key', 'mapFilter_key' - The key of the map filter. For example, for @ResourceTags@, @Key@
+-- identifies the name of the tag. For @UserDefinedFields@, @Key@ is the
+-- name of the field.
+--
+-- 'value', 'mapFilter_value' - The value for the key in the map filter. Filter values are case
+-- sensitive. For example, one of the values for a tag called @Department@
+-- might be @Security@. If you provide @security@ as the filter value, then
+-- there is no match.
+newMapFilter ::
+  MapFilter
+newMapFilter =
+  MapFilter'
+    { comparison = Prelude.Nothing,
+      key = Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | The condition to apply to the key value when querying for findings with
+-- a map filter.
+--
+-- To search for values that exactly match the filter value, use @EQUALS@.
+-- For example, for the @ResourceTags@ field, the filter
+-- @Department EQUALS Security@ matches findings that have the value
+-- @Security@ for the tag @Department@.
+--
+-- To search for values other than the filter value, use @NOT_EQUALS@. For
+-- example, for the @ResourceTags@ field, the filter
+-- @Department NOT_EQUALS Finance@ matches findings that do not have the
+-- value @Finance@ for the tag @Department@.
+--
+-- @EQUALS@ filters on the same field are joined by @OR@. A finding matches
+-- if it matches any one of those filters.
+--
+-- @NOT_EQUALS@ filters on the same field are joined by @AND@. A finding
+-- matches only if it matches all of those filters.
+--
+-- You cannot have both an @EQUALS@ filter and a @NOT_EQUALS@ filter on the
+-- same field.
+mapFilter_comparison :: Lens.Lens' MapFilter (Prelude.Maybe MapFilterComparison)
+mapFilter_comparison = Lens.lens (\MapFilter' {comparison} -> comparison) (\s@MapFilter' {} a -> s {comparison = a} :: MapFilter)
+
+-- | The key of the map filter. For example, for @ResourceTags@, @Key@
+-- identifies the name of the tag. For @UserDefinedFields@, @Key@ is the
+-- name of the field.
+mapFilter_key :: Lens.Lens' MapFilter (Prelude.Maybe Prelude.Text)
+mapFilter_key = Lens.lens (\MapFilter' {key} -> key) (\s@MapFilter' {} a -> s {key = a} :: MapFilter)
+
+-- | The value for the key in the map filter. Filter values are case
+-- sensitive. For example, one of the values for a tag called @Department@
+-- might be @Security@. If you provide @security@ as the filter value, then
+-- there is no match.
+mapFilter_value :: Lens.Lens' MapFilter (Prelude.Maybe Prelude.Text)
+mapFilter_value = Lens.lens (\MapFilter' {value} -> value) (\s@MapFilter' {} a -> s {value = a} :: MapFilter)
+
+instance Data.FromJSON MapFilter where
+  parseJSON =
+    Data.withObject
+      "MapFilter"
+      ( \x ->
+          MapFilter'
+            Prelude.<$> (x Data..:? "Comparison")
+            Prelude.<*> (x Data..:? "Key")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance Prelude.Hashable MapFilter where
+  hashWithSalt _salt MapFilter' {..} =
+    _salt
+      `Prelude.hashWithSalt` comparison
+      `Prelude.hashWithSalt` key
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData MapFilter where
+  rnf MapFilter' {..} =
+    Prelude.rnf comparison
+      `Prelude.seq` Prelude.rnf key
+      `Prelude.seq` Prelude.rnf value
+
+instance Data.ToJSON MapFilter where
+  toJSON MapFilter' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Comparison" Data..=) Prelude.<$> comparison,
+            ("Key" Data..=) Prelude.<$> key,
+            ("Value" Data..=) Prelude.<$> value
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/MapFilterComparison.hs b/gen/Amazonka/SecurityHub/Types/MapFilterComparison.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/MapFilterComparison.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.MapFilterComparison
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.MapFilterComparison
+  ( MapFilterComparison
+      ( ..,
+        MapFilterComparison_EQUALS,
+        MapFilterComparison_NOT_EQUALS
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype MapFilterComparison = MapFilterComparison'
+  { fromMapFilterComparison ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern MapFilterComparison_EQUALS :: MapFilterComparison
+pattern MapFilterComparison_EQUALS = MapFilterComparison' "EQUALS"
+
+pattern MapFilterComparison_NOT_EQUALS :: MapFilterComparison
+pattern MapFilterComparison_NOT_EQUALS = MapFilterComparison' "NOT_EQUALS"
+
+{-# COMPLETE
+  MapFilterComparison_EQUALS,
+  MapFilterComparison_NOT_EQUALS,
+  MapFilterComparison'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/Member.hs b/gen/Amazonka/SecurityHub/Types/Member.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Member.hs
@@ -0,0 +1,243 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Member
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Member where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The details about a member account.
+--
+-- /See:/ 'newMember' smart constructor.
+data Member = Member'
+  { -- | The Amazon Web Services account ID of the member account.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Web Services account ID of the Security Hub administrator
+    -- account associated with this member account.
+    administratorId :: Prelude.Maybe Prelude.Text,
+    -- | The email address of the member account.
+    email :: Prelude.Maybe Prelude.Text,
+    -- | A timestamp for the date and time when the invitation was sent to the
+    -- member account.
+    invitedAt :: Prelude.Maybe Data.ISO8601,
+    -- | This is replaced by @AdministratorID@.
+    --
+    -- The Amazon Web Services account ID of the Security Hub administrator
+    -- account associated with this member account.
+    masterId :: Prelude.Maybe Prelude.Text,
+    -- | The status of the relationship between the member account and its
+    -- administrator account.
+    --
+    -- The status can have one of the following values:
+    --
+    -- -   @CREATED@ - Indicates that the administrator account added the
+    --     member account, but has not yet invited the member account.
+    --
+    -- -   @INVITED@ - Indicates that the administrator account invited the
+    --     member account. The member account has not yet responded to the
+    --     invitation.
+    --
+    -- -   @ENABLED@ - Indicates that the member account is currently active.
+    --     For manually invited member accounts, indicates that the member
+    --     account accepted the invitation.
+    --
+    -- -   @REMOVED@ - Indicates that the administrator account disassociated
+    --     the member account.
+    --
+    -- -   @RESIGNED@ - Indicates that the member account disassociated
+    --     themselves from the administrator account.
+    --
+    -- -   @DELETED@ - Indicates that the administrator account deleted the
+    --     member account.
+    --
+    -- -   @ACCOUNT_SUSPENDED@ - Indicates that an organization account was
+    --     suspended from Amazon Web Services at the same time that the
+    --     administrator account tried to enable the organization account as a
+    --     member account.
+    memberStatus :: Prelude.Maybe Prelude.Text,
+    -- | The timestamp for the date and time when the member account was updated.
+    updatedAt :: Prelude.Maybe Data.ISO8601
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Member' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'member_accountId' - The Amazon Web Services account ID of the member account.
+--
+-- 'administratorId', 'member_administratorId' - The Amazon Web Services account ID of the Security Hub administrator
+-- account associated with this member account.
+--
+-- 'email', 'member_email' - The email address of the member account.
+--
+-- 'invitedAt', 'member_invitedAt' - A timestamp for the date and time when the invitation was sent to the
+-- member account.
+--
+-- 'masterId', 'member_masterId' - This is replaced by @AdministratorID@.
+--
+-- The Amazon Web Services account ID of the Security Hub administrator
+-- account associated with this member account.
+--
+-- 'memberStatus', 'member_memberStatus' - The status of the relationship between the member account and its
+-- administrator account.
+--
+-- The status can have one of the following values:
+--
+-- -   @CREATED@ - Indicates that the administrator account added the
+--     member account, but has not yet invited the member account.
+--
+-- -   @INVITED@ - Indicates that the administrator account invited the
+--     member account. The member account has not yet responded to the
+--     invitation.
+--
+-- -   @ENABLED@ - Indicates that the member account is currently active.
+--     For manually invited member accounts, indicates that the member
+--     account accepted the invitation.
+--
+-- -   @REMOVED@ - Indicates that the administrator account disassociated
+--     the member account.
+--
+-- -   @RESIGNED@ - Indicates that the member account disassociated
+--     themselves from the administrator account.
+--
+-- -   @DELETED@ - Indicates that the administrator account deleted the
+--     member account.
+--
+-- -   @ACCOUNT_SUSPENDED@ - Indicates that an organization account was
+--     suspended from Amazon Web Services at the same time that the
+--     administrator account tried to enable the organization account as a
+--     member account.
+--
+-- 'updatedAt', 'member_updatedAt' - The timestamp for the date and time when the member account was updated.
+newMember ::
+  Member
+newMember =
+  Member'
+    { accountId = Prelude.Nothing,
+      administratorId = Prelude.Nothing,
+      email = Prelude.Nothing,
+      invitedAt = Prelude.Nothing,
+      masterId = Prelude.Nothing,
+      memberStatus = Prelude.Nothing,
+      updatedAt = Prelude.Nothing
+    }
+
+-- | The Amazon Web Services account ID of the member account.
+member_accountId :: Lens.Lens' Member (Prelude.Maybe Prelude.Text)
+member_accountId = Lens.lens (\Member' {accountId} -> accountId) (\s@Member' {} a -> s {accountId = a} :: Member)
+
+-- | The Amazon Web Services account ID of the Security Hub administrator
+-- account associated with this member account.
+member_administratorId :: Lens.Lens' Member (Prelude.Maybe Prelude.Text)
+member_administratorId = Lens.lens (\Member' {administratorId} -> administratorId) (\s@Member' {} a -> s {administratorId = a} :: Member)
+
+-- | The email address of the member account.
+member_email :: Lens.Lens' Member (Prelude.Maybe Prelude.Text)
+member_email = Lens.lens (\Member' {email} -> email) (\s@Member' {} a -> s {email = a} :: Member)
+
+-- | A timestamp for the date and time when the invitation was sent to the
+-- member account.
+member_invitedAt :: Lens.Lens' Member (Prelude.Maybe Prelude.UTCTime)
+member_invitedAt = Lens.lens (\Member' {invitedAt} -> invitedAt) (\s@Member' {} a -> s {invitedAt = a} :: Member) Prelude.. Lens.mapping Data._Time
+
+-- | This is replaced by @AdministratorID@.
+--
+-- The Amazon Web Services account ID of the Security Hub administrator
+-- account associated with this member account.
+member_masterId :: Lens.Lens' Member (Prelude.Maybe Prelude.Text)
+member_masterId = Lens.lens (\Member' {masterId} -> masterId) (\s@Member' {} a -> s {masterId = a} :: Member)
+
+-- | The status of the relationship between the member account and its
+-- administrator account.
+--
+-- The status can have one of the following values:
+--
+-- -   @CREATED@ - Indicates that the administrator account added the
+--     member account, but has not yet invited the member account.
+--
+-- -   @INVITED@ - Indicates that the administrator account invited the
+--     member account. The member account has not yet responded to the
+--     invitation.
+--
+-- -   @ENABLED@ - Indicates that the member account is currently active.
+--     For manually invited member accounts, indicates that the member
+--     account accepted the invitation.
+--
+-- -   @REMOVED@ - Indicates that the administrator account disassociated
+--     the member account.
+--
+-- -   @RESIGNED@ - Indicates that the member account disassociated
+--     themselves from the administrator account.
+--
+-- -   @DELETED@ - Indicates that the administrator account deleted the
+--     member account.
+--
+-- -   @ACCOUNT_SUSPENDED@ - Indicates that an organization account was
+--     suspended from Amazon Web Services at the same time that the
+--     administrator account tried to enable the organization account as a
+--     member account.
+member_memberStatus :: Lens.Lens' Member (Prelude.Maybe Prelude.Text)
+member_memberStatus = Lens.lens (\Member' {memberStatus} -> memberStatus) (\s@Member' {} a -> s {memberStatus = a} :: Member)
+
+-- | The timestamp for the date and time when the member account was updated.
+member_updatedAt :: Lens.Lens' Member (Prelude.Maybe Prelude.UTCTime)
+member_updatedAt = Lens.lens (\Member' {updatedAt} -> updatedAt) (\s@Member' {} a -> s {updatedAt = a} :: Member) Prelude.. Lens.mapping Data._Time
+
+instance Data.FromJSON Member where
+  parseJSON =
+    Data.withObject
+      "Member"
+      ( \x ->
+          Member'
+            Prelude.<$> (x Data..:? "AccountId")
+            Prelude.<*> (x Data..:? "AdministratorId")
+            Prelude.<*> (x Data..:? "Email")
+            Prelude.<*> (x Data..:? "InvitedAt")
+            Prelude.<*> (x Data..:? "MasterId")
+            Prelude.<*> (x Data..:? "MemberStatus")
+            Prelude.<*> (x Data..:? "UpdatedAt")
+      )
+
+instance Prelude.Hashable Member where
+  hashWithSalt _salt Member' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` administratorId
+      `Prelude.hashWithSalt` email
+      `Prelude.hashWithSalt` invitedAt
+      `Prelude.hashWithSalt` masterId
+      `Prelude.hashWithSalt` memberStatus
+      `Prelude.hashWithSalt` updatedAt
+
+instance Prelude.NFData Member where
+  rnf Member' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf administratorId
+      `Prelude.seq` Prelude.rnf email
+      `Prelude.seq` Prelude.rnf invitedAt
+      `Prelude.seq` Prelude.rnf masterId
+      `Prelude.seq` Prelude.rnf memberStatus
+      `Prelude.seq` Prelude.rnf updatedAt
diff --git a/gen/Amazonka/SecurityHub/Types/Network.hs b/gen/Amazonka/SecurityHub/Types/Network.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Network.hs
@@ -0,0 +1,238 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Network
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Network where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.NetworkDirection
+import Amazonka.SecurityHub.Types.PortRange
+
+-- | The details of network-related information about a finding.
+--
+-- /See:/ 'newNetwork' smart constructor.
+data Network = Network'
+  { -- | The destination domain of network-related information about a finding.
+    destinationDomain :: Prelude.Maybe Prelude.Text,
+    -- | The destination IPv4 address of network-related information about a
+    -- finding.
+    destinationIpV4 :: Prelude.Maybe Prelude.Text,
+    -- | The destination IPv6 address of network-related information about a
+    -- finding.
+    destinationIpV6 :: Prelude.Maybe Prelude.Text,
+    -- | The destination port of network-related information about a finding.
+    destinationPort :: Prelude.Maybe Prelude.Int,
+    -- | The direction of network traffic associated with a finding.
+    direction :: Prelude.Maybe NetworkDirection,
+    -- | The range of open ports that is present on the network.
+    openPortRange :: Prelude.Maybe PortRange,
+    -- | The protocol of network-related information about a finding.
+    protocol :: Prelude.Maybe Prelude.Text,
+    -- | The source domain of network-related information about a finding.
+    sourceDomain :: Prelude.Maybe Prelude.Text,
+    -- | The source IPv4 address of network-related information about a finding.
+    sourceIpV4 :: Prelude.Maybe Prelude.Text,
+    -- | The source IPv6 address of network-related information about a finding.
+    sourceIpV6 :: Prelude.Maybe Prelude.Text,
+    -- | The source media access control (MAC) address of network-related
+    -- information about a finding.
+    sourceMac :: Prelude.Maybe Prelude.Text,
+    -- | The source port of network-related information about a finding.
+    sourcePort :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Network' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'destinationDomain', 'network_destinationDomain' - The destination domain of network-related information about a finding.
+--
+-- 'destinationIpV4', 'network_destinationIpV4' - The destination IPv4 address of network-related information about a
+-- finding.
+--
+-- 'destinationIpV6', 'network_destinationIpV6' - The destination IPv6 address of network-related information about a
+-- finding.
+--
+-- 'destinationPort', 'network_destinationPort' - The destination port of network-related information about a finding.
+--
+-- 'direction', 'network_direction' - The direction of network traffic associated with a finding.
+--
+-- 'openPortRange', 'network_openPortRange' - The range of open ports that is present on the network.
+--
+-- 'protocol', 'network_protocol' - The protocol of network-related information about a finding.
+--
+-- 'sourceDomain', 'network_sourceDomain' - The source domain of network-related information about a finding.
+--
+-- 'sourceIpV4', 'network_sourceIpV4' - The source IPv4 address of network-related information about a finding.
+--
+-- 'sourceIpV6', 'network_sourceIpV6' - The source IPv6 address of network-related information about a finding.
+--
+-- 'sourceMac', 'network_sourceMac' - The source media access control (MAC) address of network-related
+-- information about a finding.
+--
+-- 'sourcePort', 'network_sourcePort' - The source port of network-related information about a finding.
+newNetwork ::
+  Network
+newNetwork =
+  Network'
+    { destinationDomain = Prelude.Nothing,
+      destinationIpV4 = Prelude.Nothing,
+      destinationIpV6 = Prelude.Nothing,
+      destinationPort = Prelude.Nothing,
+      direction = Prelude.Nothing,
+      openPortRange = Prelude.Nothing,
+      protocol = Prelude.Nothing,
+      sourceDomain = Prelude.Nothing,
+      sourceIpV4 = Prelude.Nothing,
+      sourceIpV6 = Prelude.Nothing,
+      sourceMac = Prelude.Nothing,
+      sourcePort = Prelude.Nothing
+    }
+
+-- | The destination domain of network-related information about a finding.
+network_destinationDomain :: Lens.Lens' Network (Prelude.Maybe Prelude.Text)
+network_destinationDomain = Lens.lens (\Network' {destinationDomain} -> destinationDomain) (\s@Network' {} a -> s {destinationDomain = a} :: Network)
+
+-- | The destination IPv4 address of network-related information about a
+-- finding.
+network_destinationIpV4 :: Lens.Lens' Network (Prelude.Maybe Prelude.Text)
+network_destinationIpV4 = Lens.lens (\Network' {destinationIpV4} -> destinationIpV4) (\s@Network' {} a -> s {destinationIpV4 = a} :: Network)
+
+-- | The destination IPv6 address of network-related information about a
+-- finding.
+network_destinationIpV6 :: Lens.Lens' Network (Prelude.Maybe Prelude.Text)
+network_destinationIpV6 = Lens.lens (\Network' {destinationIpV6} -> destinationIpV6) (\s@Network' {} a -> s {destinationIpV6 = a} :: Network)
+
+-- | The destination port of network-related information about a finding.
+network_destinationPort :: Lens.Lens' Network (Prelude.Maybe Prelude.Int)
+network_destinationPort = Lens.lens (\Network' {destinationPort} -> destinationPort) (\s@Network' {} a -> s {destinationPort = a} :: Network)
+
+-- | The direction of network traffic associated with a finding.
+network_direction :: Lens.Lens' Network (Prelude.Maybe NetworkDirection)
+network_direction = Lens.lens (\Network' {direction} -> direction) (\s@Network' {} a -> s {direction = a} :: Network)
+
+-- | The range of open ports that is present on the network.
+network_openPortRange :: Lens.Lens' Network (Prelude.Maybe PortRange)
+network_openPortRange = Lens.lens (\Network' {openPortRange} -> openPortRange) (\s@Network' {} a -> s {openPortRange = a} :: Network)
+
+-- | The protocol of network-related information about a finding.
+network_protocol :: Lens.Lens' Network (Prelude.Maybe Prelude.Text)
+network_protocol = Lens.lens (\Network' {protocol} -> protocol) (\s@Network' {} a -> s {protocol = a} :: Network)
+
+-- | The source domain of network-related information about a finding.
+network_sourceDomain :: Lens.Lens' Network (Prelude.Maybe Prelude.Text)
+network_sourceDomain = Lens.lens (\Network' {sourceDomain} -> sourceDomain) (\s@Network' {} a -> s {sourceDomain = a} :: Network)
+
+-- | The source IPv4 address of network-related information about a finding.
+network_sourceIpV4 :: Lens.Lens' Network (Prelude.Maybe Prelude.Text)
+network_sourceIpV4 = Lens.lens (\Network' {sourceIpV4} -> sourceIpV4) (\s@Network' {} a -> s {sourceIpV4 = a} :: Network)
+
+-- | The source IPv6 address of network-related information about a finding.
+network_sourceIpV6 :: Lens.Lens' Network (Prelude.Maybe Prelude.Text)
+network_sourceIpV6 = Lens.lens (\Network' {sourceIpV6} -> sourceIpV6) (\s@Network' {} a -> s {sourceIpV6 = a} :: Network)
+
+-- | The source media access control (MAC) address of network-related
+-- information about a finding.
+network_sourceMac :: Lens.Lens' Network (Prelude.Maybe Prelude.Text)
+network_sourceMac = Lens.lens (\Network' {sourceMac} -> sourceMac) (\s@Network' {} a -> s {sourceMac = a} :: Network)
+
+-- | The source port of network-related information about a finding.
+network_sourcePort :: Lens.Lens' Network (Prelude.Maybe Prelude.Int)
+network_sourcePort = Lens.lens (\Network' {sourcePort} -> sourcePort) (\s@Network' {} a -> s {sourcePort = a} :: Network)
+
+instance Data.FromJSON Network where
+  parseJSON =
+    Data.withObject
+      "Network"
+      ( \x ->
+          Network'
+            Prelude.<$> (x Data..:? "DestinationDomain")
+            Prelude.<*> (x Data..:? "DestinationIpV4")
+            Prelude.<*> (x Data..:? "DestinationIpV6")
+            Prelude.<*> (x Data..:? "DestinationPort")
+            Prelude.<*> (x Data..:? "Direction")
+            Prelude.<*> (x Data..:? "OpenPortRange")
+            Prelude.<*> (x Data..:? "Protocol")
+            Prelude.<*> (x Data..:? "SourceDomain")
+            Prelude.<*> (x Data..:? "SourceIpV4")
+            Prelude.<*> (x Data..:? "SourceIpV6")
+            Prelude.<*> (x Data..:? "SourceMac")
+            Prelude.<*> (x Data..:? "SourcePort")
+      )
+
+instance Prelude.Hashable Network where
+  hashWithSalt _salt Network' {..} =
+    _salt
+      `Prelude.hashWithSalt` destinationDomain
+      `Prelude.hashWithSalt` destinationIpV4
+      `Prelude.hashWithSalt` destinationIpV6
+      `Prelude.hashWithSalt` destinationPort
+      `Prelude.hashWithSalt` direction
+      `Prelude.hashWithSalt` openPortRange
+      `Prelude.hashWithSalt` protocol
+      `Prelude.hashWithSalt` sourceDomain
+      `Prelude.hashWithSalt` sourceIpV4
+      `Prelude.hashWithSalt` sourceIpV6
+      `Prelude.hashWithSalt` sourceMac
+      `Prelude.hashWithSalt` sourcePort
+
+instance Prelude.NFData Network where
+  rnf Network' {..} =
+    Prelude.rnf destinationDomain
+      `Prelude.seq` Prelude.rnf destinationIpV4
+      `Prelude.seq` Prelude.rnf destinationIpV6
+      `Prelude.seq` Prelude.rnf destinationPort
+      `Prelude.seq` Prelude.rnf direction
+      `Prelude.seq` Prelude.rnf openPortRange
+      `Prelude.seq` Prelude.rnf protocol
+      `Prelude.seq` Prelude.rnf sourceDomain
+      `Prelude.seq` Prelude.rnf sourceIpV4
+      `Prelude.seq` Prelude.rnf sourceIpV6
+      `Prelude.seq` Prelude.rnf sourceMac
+      `Prelude.seq` Prelude.rnf sourcePort
+
+instance Data.ToJSON Network where
+  toJSON Network' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DestinationDomain" Data..=)
+              Prelude.<$> destinationDomain,
+            ("DestinationIpV4" Data..=)
+              Prelude.<$> destinationIpV4,
+            ("DestinationIpV6" Data..=)
+              Prelude.<$> destinationIpV6,
+            ("DestinationPort" Data..=)
+              Prelude.<$> destinationPort,
+            ("Direction" Data..=) Prelude.<$> direction,
+            ("OpenPortRange" Data..=) Prelude.<$> openPortRange,
+            ("Protocol" Data..=) Prelude.<$> protocol,
+            ("SourceDomain" Data..=) Prelude.<$> sourceDomain,
+            ("SourceIpV4" Data..=) Prelude.<$> sourceIpV4,
+            ("SourceIpV6" Data..=) Prelude.<$> sourceIpV6,
+            ("SourceMac" Data..=) Prelude.<$> sourceMac,
+            ("SourcePort" Data..=) Prelude.<$> sourcePort
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/NetworkConnectionAction.hs b/gen/Amazonka/SecurityHub/Types/NetworkConnectionAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/NetworkConnectionAction.hs
@@ -0,0 +1,156 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.NetworkConnectionAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.NetworkConnectionAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.ActionLocalPortDetails
+import Amazonka.SecurityHub.Types.ActionRemoteIpDetails
+import Amazonka.SecurityHub.Types.ActionRemotePortDetails
+
+-- | Provided if @ActionType@ is @NETWORK_CONNECTION@. It provides details
+-- about the attempted network connection that was detected.
+--
+-- /See:/ 'newNetworkConnectionAction' smart constructor.
+data NetworkConnectionAction = NetworkConnectionAction'
+  { -- | Indicates whether the network connection attempt was blocked.
+    blocked :: Prelude.Maybe Prelude.Bool,
+    -- | The direction of the network connection request (@IN@ or @OUT@).
+    connectionDirection :: Prelude.Maybe Prelude.Text,
+    -- | Information about the port on the EC2 instance.
+    localPortDetails :: Prelude.Maybe ActionLocalPortDetails,
+    -- | The protocol used to make the network connection request.
+    protocol :: Prelude.Maybe Prelude.Text,
+    -- | Information about the remote IP address that issued the network
+    -- connection request.
+    remoteIpDetails :: Prelude.Maybe ActionRemoteIpDetails,
+    -- | Information about the port on the remote IP address.
+    remotePortDetails :: Prelude.Maybe ActionRemotePortDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'NetworkConnectionAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'blocked', 'networkConnectionAction_blocked' - Indicates whether the network connection attempt was blocked.
+--
+-- 'connectionDirection', 'networkConnectionAction_connectionDirection' - The direction of the network connection request (@IN@ or @OUT@).
+--
+-- 'localPortDetails', 'networkConnectionAction_localPortDetails' - Information about the port on the EC2 instance.
+--
+-- 'protocol', 'networkConnectionAction_protocol' - The protocol used to make the network connection request.
+--
+-- 'remoteIpDetails', 'networkConnectionAction_remoteIpDetails' - Information about the remote IP address that issued the network
+-- connection request.
+--
+-- 'remotePortDetails', 'networkConnectionAction_remotePortDetails' - Information about the port on the remote IP address.
+newNetworkConnectionAction ::
+  NetworkConnectionAction
+newNetworkConnectionAction =
+  NetworkConnectionAction'
+    { blocked = Prelude.Nothing,
+      connectionDirection = Prelude.Nothing,
+      localPortDetails = Prelude.Nothing,
+      protocol = Prelude.Nothing,
+      remoteIpDetails = Prelude.Nothing,
+      remotePortDetails = Prelude.Nothing
+    }
+
+-- | Indicates whether the network connection attempt was blocked.
+networkConnectionAction_blocked :: Lens.Lens' NetworkConnectionAction (Prelude.Maybe Prelude.Bool)
+networkConnectionAction_blocked = Lens.lens (\NetworkConnectionAction' {blocked} -> blocked) (\s@NetworkConnectionAction' {} a -> s {blocked = a} :: NetworkConnectionAction)
+
+-- | The direction of the network connection request (@IN@ or @OUT@).
+networkConnectionAction_connectionDirection :: Lens.Lens' NetworkConnectionAction (Prelude.Maybe Prelude.Text)
+networkConnectionAction_connectionDirection = Lens.lens (\NetworkConnectionAction' {connectionDirection} -> connectionDirection) (\s@NetworkConnectionAction' {} a -> s {connectionDirection = a} :: NetworkConnectionAction)
+
+-- | Information about the port on the EC2 instance.
+networkConnectionAction_localPortDetails :: Lens.Lens' NetworkConnectionAction (Prelude.Maybe ActionLocalPortDetails)
+networkConnectionAction_localPortDetails = Lens.lens (\NetworkConnectionAction' {localPortDetails} -> localPortDetails) (\s@NetworkConnectionAction' {} a -> s {localPortDetails = a} :: NetworkConnectionAction)
+
+-- | The protocol used to make the network connection request.
+networkConnectionAction_protocol :: Lens.Lens' NetworkConnectionAction (Prelude.Maybe Prelude.Text)
+networkConnectionAction_protocol = Lens.lens (\NetworkConnectionAction' {protocol} -> protocol) (\s@NetworkConnectionAction' {} a -> s {protocol = a} :: NetworkConnectionAction)
+
+-- | Information about the remote IP address that issued the network
+-- connection request.
+networkConnectionAction_remoteIpDetails :: Lens.Lens' NetworkConnectionAction (Prelude.Maybe ActionRemoteIpDetails)
+networkConnectionAction_remoteIpDetails = Lens.lens (\NetworkConnectionAction' {remoteIpDetails} -> remoteIpDetails) (\s@NetworkConnectionAction' {} a -> s {remoteIpDetails = a} :: NetworkConnectionAction)
+
+-- | Information about the port on the remote IP address.
+networkConnectionAction_remotePortDetails :: Lens.Lens' NetworkConnectionAction (Prelude.Maybe ActionRemotePortDetails)
+networkConnectionAction_remotePortDetails = Lens.lens (\NetworkConnectionAction' {remotePortDetails} -> remotePortDetails) (\s@NetworkConnectionAction' {} a -> s {remotePortDetails = a} :: NetworkConnectionAction)
+
+instance Data.FromJSON NetworkConnectionAction where
+  parseJSON =
+    Data.withObject
+      "NetworkConnectionAction"
+      ( \x ->
+          NetworkConnectionAction'
+            Prelude.<$> (x Data..:? "Blocked")
+            Prelude.<*> (x Data..:? "ConnectionDirection")
+            Prelude.<*> (x Data..:? "LocalPortDetails")
+            Prelude.<*> (x Data..:? "Protocol")
+            Prelude.<*> (x Data..:? "RemoteIpDetails")
+            Prelude.<*> (x Data..:? "RemotePortDetails")
+      )
+
+instance Prelude.Hashable NetworkConnectionAction where
+  hashWithSalt _salt NetworkConnectionAction' {..} =
+    _salt
+      `Prelude.hashWithSalt` blocked
+      `Prelude.hashWithSalt` connectionDirection
+      `Prelude.hashWithSalt` localPortDetails
+      `Prelude.hashWithSalt` protocol
+      `Prelude.hashWithSalt` remoteIpDetails
+      `Prelude.hashWithSalt` remotePortDetails
+
+instance Prelude.NFData NetworkConnectionAction where
+  rnf NetworkConnectionAction' {..} =
+    Prelude.rnf blocked
+      `Prelude.seq` Prelude.rnf connectionDirection
+      `Prelude.seq` Prelude.rnf localPortDetails
+      `Prelude.seq` Prelude.rnf protocol
+      `Prelude.seq` Prelude.rnf remoteIpDetails
+      `Prelude.seq` Prelude.rnf remotePortDetails
+
+instance Data.ToJSON NetworkConnectionAction where
+  toJSON NetworkConnectionAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Blocked" Data..=) Prelude.<$> blocked,
+            ("ConnectionDirection" Data..=)
+              Prelude.<$> connectionDirection,
+            ("LocalPortDetails" Data..=)
+              Prelude.<$> localPortDetails,
+            ("Protocol" Data..=) Prelude.<$> protocol,
+            ("RemoteIpDetails" Data..=)
+              Prelude.<$> remoteIpDetails,
+            ("RemotePortDetails" Data..=)
+              Prelude.<$> remotePortDetails
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/NetworkDirection.hs b/gen/Amazonka/SecurityHub/Types/NetworkDirection.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/NetworkDirection.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.NetworkDirection
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.NetworkDirection
+  ( NetworkDirection
+      ( ..,
+        NetworkDirection_IN,
+        NetworkDirection_OUT
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype NetworkDirection = NetworkDirection'
+  { fromNetworkDirection ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern NetworkDirection_IN :: NetworkDirection
+pattern NetworkDirection_IN = NetworkDirection' "IN"
+
+pattern NetworkDirection_OUT :: NetworkDirection
+pattern NetworkDirection_OUT = NetworkDirection' "OUT"
+
+{-# COMPLETE
+  NetworkDirection_IN,
+  NetworkDirection_OUT,
+  NetworkDirection'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/NetworkHeader.hs b/gen/Amazonka/SecurityHub/Types/NetworkHeader.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/NetworkHeader.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.NetworkHeader
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.NetworkHeader where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.NetworkPathComponentDetails
+
+-- | Details about a network path component that occurs before or after the
+-- current component.
+--
+-- /See:/ 'newNetworkHeader' smart constructor.
+data NetworkHeader = NetworkHeader'
+  { -- | Information about the destination of the component.
+    destination :: Prelude.Maybe NetworkPathComponentDetails,
+    -- | The protocol used for the component.
+    protocol :: Prelude.Maybe Prelude.Text,
+    -- | Information about the origin of the component.
+    source :: Prelude.Maybe NetworkPathComponentDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'NetworkHeader' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'destination', 'networkHeader_destination' - Information about the destination of the component.
+--
+-- 'protocol', 'networkHeader_protocol' - The protocol used for the component.
+--
+-- 'source', 'networkHeader_source' - Information about the origin of the component.
+newNetworkHeader ::
+  NetworkHeader
+newNetworkHeader =
+  NetworkHeader'
+    { destination = Prelude.Nothing,
+      protocol = Prelude.Nothing,
+      source = Prelude.Nothing
+    }
+
+-- | Information about the destination of the component.
+networkHeader_destination :: Lens.Lens' NetworkHeader (Prelude.Maybe NetworkPathComponentDetails)
+networkHeader_destination = Lens.lens (\NetworkHeader' {destination} -> destination) (\s@NetworkHeader' {} a -> s {destination = a} :: NetworkHeader)
+
+-- | The protocol used for the component.
+networkHeader_protocol :: Lens.Lens' NetworkHeader (Prelude.Maybe Prelude.Text)
+networkHeader_protocol = Lens.lens (\NetworkHeader' {protocol} -> protocol) (\s@NetworkHeader' {} a -> s {protocol = a} :: NetworkHeader)
+
+-- | Information about the origin of the component.
+networkHeader_source :: Lens.Lens' NetworkHeader (Prelude.Maybe NetworkPathComponentDetails)
+networkHeader_source = Lens.lens (\NetworkHeader' {source} -> source) (\s@NetworkHeader' {} a -> s {source = a} :: NetworkHeader)
+
+instance Data.FromJSON NetworkHeader where
+  parseJSON =
+    Data.withObject
+      "NetworkHeader"
+      ( \x ->
+          NetworkHeader'
+            Prelude.<$> (x Data..:? "Destination")
+            Prelude.<*> (x Data..:? "Protocol")
+            Prelude.<*> (x Data..:? "Source")
+      )
+
+instance Prelude.Hashable NetworkHeader where
+  hashWithSalt _salt NetworkHeader' {..} =
+    _salt
+      `Prelude.hashWithSalt` destination
+      `Prelude.hashWithSalt` protocol
+      `Prelude.hashWithSalt` source
+
+instance Prelude.NFData NetworkHeader where
+  rnf NetworkHeader' {..} =
+    Prelude.rnf destination
+      `Prelude.seq` Prelude.rnf protocol
+      `Prelude.seq` Prelude.rnf source
+
+instance Data.ToJSON NetworkHeader where
+  toJSON NetworkHeader' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Destination" Data..=) Prelude.<$> destination,
+            ("Protocol" Data..=) Prelude.<$> protocol,
+            ("Source" Data..=) Prelude.<$> source
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/NetworkPathComponent.hs b/gen/Amazonka/SecurityHub/Types/NetworkPathComponent.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/NetworkPathComponent.hs
@@ -0,0 +1,127 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.NetworkPathComponent
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.NetworkPathComponent where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.NetworkHeader
+
+-- | Information about a network path component.
+--
+-- /See:/ 'newNetworkPathComponent' smart constructor.
+data NetworkPathComponent = NetworkPathComponent'
+  { -- | The identifier of a component in the network path.
+    componentId :: Prelude.Maybe Prelude.Text,
+    -- | The type of component.
+    componentType :: Prelude.Maybe Prelude.Text,
+    -- | Information about the component that comes after the current component
+    -- in the network path.
+    egress :: Prelude.Maybe NetworkHeader,
+    -- | Information about the component that comes before the current node in
+    -- the network path.
+    ingress :: Prelude.Maybe NetworkHeader
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'NetworkPathComponent' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'componentId', 'networkPathComponent_componentId' - The identifier of a component in the network path.
+--
+-- 'componentType', 'networkPathComponent_componentType' - The type of component.
+--
+-- 'egress', 'networkPathComponent_egress' - Information about the component that comes after the current component
+-- in the network path.
+--
+-- 'ingress', 'networkPathComponent_ingress' - Information about the component that comes before the current node in
+-- the network path.
+newNetworkPathComponent ::
+  NetworkPathComponent
+newNetworkPathComponent =
+  NetworkPathComponent'
+    { componentId =
+        Prelude.Nothing,
+      componentType = Prelude.Nothing,
+      egress = Prelude.Nothing,
+      ingress = Prelude.Nothing
+    }
+
+-- | The identifier of a component in the network path.
+networkPathComponent_componentId :: Lens.Lens' NetworkPathComponent (Prelude.Maybe Prelude.Text)
+networkPathComponent_componentId = Lens.lens (\NetworkPathComponent' {componentId} -> componentId) (\s@NetworkPathComponent' {} a -> s {componentId = a} :: NetworkPathComponent)
+
+-- | The type of component.
+networkPathComponent_componentType :: Lens.Lens' NetworkPathComponent (Prelude.Maybe Prelude.Text)
+networkPathComponent_componentType = Lens.lens (\NetworkPathComponent' {componentType} -> componentType) (\s@NetworkPathComponent' {} a -> s {componentType = a} :: NetworkPathComponent)
+
+-- | Information about the component that comes after the current component
+-- in the network path.
+networkPathComponent_egress :: Lens.Lens' NetworkPathComponent (Prelude.Maybe NetworkHeader)
+networkPathComponent_egress = Lens.lens (\NetworkPathComponent' {egress} -> egress) (\s@NetworkPathComponent' {} a -> s {egress = a} :: NetworkPathComponent)
+
+-- | Information about the component that comes before the current node in
+-- the network path.
+networkPathComponent_ingress :: Lens.Lens' NetworkPathComponent (Prelude.Maybe NetworkHeader)
+networkPathComponent_ingress = Lens.lens (\NetworkPathComponent' {ingress} -> ingress) (\s@NetworkPathComponent' {} a -> s {ingress = a} :: NetworkPathComponent)
+
+instance Data.FromJSON NetworkPathComponent where
+  parseJSON =
+    Data.withObject
+      "NetworkPathComponent"
+      ( \x ->
+          NetworkPathComponent'
+            Prelude.<$> (x Data..:? "ComponentId")
+            Prelude.<*> (x Data..:? "ComponentType")
+            Prelude.<*> (x Data..:? "Egress")
+            Prelude.<*> (x Data..:? "Ingress")
+      )
+
+instance Prelude.Hashable NetworkPathComponent where
+  hashWithSalt _salt NetworkPathComponent' {..} =
+    _salt
+      `Prelude.hashWithSalt` componentId
+      `Prelude.hashWithSalt` componentType
+      `Prelude.hashWithSalt` egress
+      `Prelude.hashWithSalt` ingress
+
+instance Prelude.NFData NetworkPathComponent where
+  rnf NetworkPathComponent' {..} =
+    Prelude.rnf componentId
+      `Prelude.seq` Prelude.rnf componentType
+      `Prelude.seq` Prelude.rnf egress
+      `Prelude.seq` Prelude.rnf ingress
+
+instance Data.ToJSON NetworkPathComponent where
+  toJSON NetworkPathComponent' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ComponentId" Data..=) Prelude.<$> componentId,
+            ("ComponentType" Data..=) Prelude.<$> componentType,
+            ("Egress" Data..=) Prelude.<$> egress,
+            ("Ingress" Data..=) Prelude.<$> ingress
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/NetworkPathComponentDetails.hs b/gen/Amazonka/SecurityHub/Types/NetworkPathComponentDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/NetworkPathComponentDetails.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.NetworkPathComponentDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.NetworkPathComponentDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.PortRange
+
+-- | Information about the destination of the next component in the network
+-- path.
+--
+-- /See:/ 'newNetworkPathComponentDetails' smart constructor.
+data NetworkPathComponentDetails = NetworkPathComponentDetails'
+  { -- | The IP addresses of the destination.
+    address :: Prelude.Maybe [Prelude.Text],
+    -- | A list of port ranges for the destination.
+    portRanges :: Prelude.Maybe [PortRange]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'NetworkPathComponentDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'address', 'networkPathComponentDetails_address' - The IP addresses of the destination.
+--
+-- 'portRanges', 'networkPathComponentDetails_portRanges' - A list of port ranges for the destination.
+newNetworkPathComponentDetails ::
+  NetworkPathComponentDetails
+newNetworkPathComponentDetails =
+  NetworkPathComponentDetails'
+    { address =
+        Prelude.Nothing,
+      portRanges = Prelude.Nothing
+    }
+
+-- | The IP addresses of the destination.
+networkPathComponentDetails_address :: Lens.Lens' NetworkPathComponentDetails (Prelude.Maybe [Prelude.Text])
+networkPathComponentDetails_address = Lens.lens (\NetworkPathComponentDetails' {address} -> address) (\s@NetworkPathComponentDetails' {} a -> s {address = a} :: NetworkPathComponentDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of port ranges for the destination.
+networkPathComponentDetails_portRanges :: Lens.Lens' NetworkPathComponentDetails (Prelude.Maybe [PortRange])
+networkPathComponentDetails_portRanges = Lens.lens (\NetworkPathComponentDetails' {portRanges} -> portRanges) (\s@NetworkPathComponentDetails' {} a -> s {portRanges = a} :: NetworkPathComponentDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON NetworkPathComponentDetails where
+  parseJSON =
+    Data.withObject
+      "NetworkPathComponentDetails"
+      ( \x ->
+          NetworkPathComponentDetails'
+            Prelude.<$> (x Data..:? "Address" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "PortRanges" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable NetworkPathComponentDetails where
+  hashWithSalt _salt NetworkPathComponentDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` address
+      `Prelude.hashWithSalt` portRanges
+
+instance Prelude.NFData NetworkPathComponentDetails where
+  rnf NetworkPathComponentDetails' {..} =
+    Prelude.rnf address
+      `Prelude.seq` Prelude.rnf portRanges
+
+instance Data.ToJSON NetworkPathComponentDetails where
+  toJSON NetworkPathComponentDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Address" Data..=) Prelude.<$> address,
+            ("PortRanges" Data..=) Prelude.<$> portRanges
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Note.hs b/gen/Amazonka/SecurityHub/Types/Note.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Note.hs
@@ -0,0 +1,127 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Note
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Note where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A user-defined note added to a finding.
+--
+-- /See:/ 'newNote' smart constructor.
+data Note = Note'
+  { -- | The text of a note.
+    text :: Prelude.Text,
+    -- | The principal that created a note.
+    updatedBy :: Prelude.Text,
+    -- | The timestamp of when the note was updated.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    updatedAt :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Note' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'text', 'note_text' - The text of a note.
+--
+-- 'updatedBy', 'note_updatedBy' - The principal that created a note.
+--
+-- 'updatedAt', 'note_updatedAt' - The timestamp of when the note was updated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+newNote ::
+  -- | 'text'
+  Prelude.Text ->
+  -- | 'updatedBy'
+  Prelude.Text ->
+  -- | 'updatedAt'
+  Prelude.Text ->
+  Note
+newNote pText_ pUpdatedBy_ pUpdatedAt_ =
+  Note'
+    { text = pText_,
+      updatedBy = pUpdatedBy_,
+      updatedAt = pUpdatedAt_
+    }
+
+-- | The text of a note.
+note_text :: Lens.Lens' Note Prelude.Text
+note_text = Lens.lens (\Note' {text} -> text) (\s@Note' {} a -> s {text = a} :: Note)
+
+-- | The principal that created a note.
+note_updatedBy :: Lens.Lens' Note Prelude.Text
+note_updatedBy = Lens.lens (\Note' {updatedBy} -> updatedBy) (\s@Note' {} a -> s {updatedBy = a} :: Note)
+
+-- | The timestamp of when the note was updated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+note_updatedAt :: Lens.Lens' Note Prelude.Text
+note_updatedAt = Lens.lens (\Note' {updatedAt} -> updatedAt) (\s@Note' {} a -> s {updatedAt = a} :: Note)
+
+instance Data.FromJSON Note where
+  parseJSON =
+    Data.withObject
+      "Note"
+      ( \x ->
+          Note'
+            Prelude.<$> (x Data..: "Text")
+            Prelude.<*> (x Data..: "UpdatedBy")
+            Prelude.<*> (x Data..: "UpdatedAt")
+      )
+
+instance Prelude.Hashable Note where
+  hashWithSalt _salt Note' {..} =
+    _salt
+      `Prelude.hashWithSalt` text
+      `Prelude.hashWithSalt` updatedBy
+      `Prelude.hashWithSalt` updatedAt
+
+instance Prelude.NFData Note where
+  rnf Note' {..} =
+    Prelude.rnf text
+      `Prelude.seq` Prelude.rnf updatedBy
+      `Prelude.seq` Prelude.rnf updatedAt
+
+instance Data.ToJSON Note where
+  toJSON Note' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Text" Data..= text),
+            Prelude.Just ("UpdatedBy" Data..= updatedBy),
+            Prelude.Just ("UpdatedAt" Data..= updatedAt)
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/NoteUpdate.hs b/gen/Amazonka/SecurityHub/Types/NoteUpdate.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/NoteUpdate.hs
@@ -0,0 +1,84 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.NoteUpdate
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.NoteUpdate where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The updated note.
+--
+-- /See:/ 'newNoteUpdate' smart constructor.
+data NoteUpdate = NoteUpdate'
+  { -- | The updated note text.
+    text :: Prelude.Text,
+    -- | The principal that updated the note.
+    updatedBy :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'NoteUpdate' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'text', 'noteUpdate_text' - The updated note text.
+--
+-- 'updatedBy', 'noteUpdate_updatedBy' - The principal that updated the note.
+newNoteUpdate ::
+  -- | 'text'
+  Prelude.Text ->
+  -- | 'updatedBy'
+  Prelude.Text ->
+  NoteUpdate
+newNoteUpdate pText_ pUpdatedBy_ =
+  NoteUpdate' {text = pText_, updatedBy = pUpdatedBy_}
+
+-- | The updated note text.
+noteUpdate_text :: Lens.Lens' NoteUpdate Prelude.Text
+noteUpdate_text = Lens.lens (\NoteUpdate' {text} -> text) (\s@NoteUpdate' {} a -> s {text = a} :: NoteUpdate)
+
+-- | The principal that updated the note.
+noteUpdate_updatedBy :: Lens.Lens' NoteUpdate Prelude.Text
+noteUpdate_updatedBy = Lens.lens (\NoteUpdate' {updatedBy} -> updatedBy) (\s@NoteUpdate' {} a -> s {updatedBy = a} :: NoteUpdate)
+
+instance Prelude.Hashable NoteUpdate where
+  hashWithSalt _salt NoteUpdate' {..} =
+    _salt
+      `Prelude.hashWithSalt` text
+      `Prelude.hashWithSalt` updatedBy
+
+instance Prelude.NFData NoteUpdate where
+  rnf NoteUpdate' {..} =
+    Prelude.rnf text
+      `Prelude.seq` Prelude.rnf updatedBy
+
+instance Data.ToJSON NoteUpdate where
+  toJSON NoteUpdate' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Text" Data..= text),
+            Prelude.Just ("UpdatedBy" Data..= updatedBy)
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/NumberFilter.hs b/gen/Amazonka/SecurityHub/Types/NumberFilter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/NumberFilter.hs
@@ -0,0 +1,115 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.NumberFilter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.NumberFilter where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A number filter for querying findings.
+--
+-- /See:/ 'newNumberFilter' smart constructor.
+data NumberFilter = NumberFilter'
+  { -- | The equal-to condition to be applied to a single field when querying for
+    -- findings.
+    eq :: Prelude.Maybe Prelude.Double,
+    -- | The greater-than-equal condition to be applied to a single field when
+    -- querying for findings.
+    gte :: Prelude.Maybe Prelude.Double,
+    -- | The less-than-equal condition to be applied to a single field when
+    -- querying for findings.
+    lte :: Prelude.Maybe Prelude.Double
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'NumberFilter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'eq', 'numberFilter_eq' - The equal-to condition to be applied to a single field when querying for
+-- findings.
+--
+-- 'gte', 'numberFilter_gte' - The greater-than-equal condition to be applied to a single field when
+-- querying for findings.
+--
+-- 'lte', 'numberFilter_lte' - The less-than-equal condition to be applied to a single field when
+-- querying for findings.
+newNumberFilter ::
+  NumberFilter
+newNumberFilter =
+  NumberFilter'
+    { eq = Prelude.Nothing,
+      gte = Prelude.Nothing,
+      lte = Prelude.Nothing
+    }
+
+-- | The equal-to condition to be applied to a single field when querying for
+-- findings.
+numberFilter_eq :: Lens.Lens' NumberFilter (Prelude.Maybe Prelude.Double)
+numberFilter_eq = Lens.lens (\NumberFilter' {eq} -> eq) (\s@NumberFilter' {} a -> s {eq = a} :: NumberFilter)
+
+-- | The greater-than-equal condition to be applied to a single field when
+-- querying for findings.
+numberFilter_gte :: Lens.Lens' NumberFilter (Prelude.Maybe Prelude.Double)
+numberFilter_gte = Lens.lens (\NumberFilter' {gte} -> gte) (\s@NumberFilter' {} a -> s {gte = a} :: NumberFilter)
+
+-- | The less-than-equal condition to be applied to a single field when
+-- querying for findings.
+numberFilter_lte :: Lens.Lens' NumberFilter (Prelude.Maybe Prelude.Double)
+numberFilter_lte = Lens.lens (\NumberFilter' {lte} -> lte) (\s@NumberFilter' {} a -> s {lte = a} :: NumberFilter)
+
+instance Data.FromJSON NumberFilter where
+  parseJSON =
+    Data.withObject
+      "NumberFilter"
+      ( \x ->
+          NumberFilter'
+            Prelude.<$> (x Data..:? "Eq")
+            Prelude.<*> (x Data..:? "Gte")
+            Prelude.<*> (x Data..:? "Lte")
+      )
+
+instance Prelude.Hashable NumberFilter where
+  hashWithSalt _salt NumberFilter' {..} =
+    _salt
+      `Prelude.hashWithSalt` eq
+      `Prelude.hashWithSalt` gte
+      `Prelude.hashWithSalt` lte
+
+instance Prelude.NFData NumberFilter where
+  rnf NumberFilter' {..} =
+    Prelude.rnf eq
+      `Prelude.seq` Prelude.rnf gte
+      `Prelude.seq` Prelude.rnf lte
+
+instance Data.ToJSON NumberFilter where
+  toJSON NumberFilter' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Eq" Data..=) Prelude.<$> eq,
+            ("Gte" Data..=) Prelude.<$> gte,
+            ("Lte" Data..=) Prelude.<$> lte
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Occurrences.hs b/gen/Amazonka/SecurityHub/Types/Occurrences.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Occurrences.hs
@@ -0,0 +1,151 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Occurrences
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Occurrences where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.Cell
+import Amazonka.SecurityHub.Types.Page
+import Amazonka.SecurityHub.Types.Range
+import Amazonka.SecurityHub.Types.Record
+
+-- | The detected occurrences of sensitive data.
+--
+-- /See:/ 'newOccurrences' smart constructor.
+data Occurrences = Occurrences'
+  { -- | Occurrences of sensitive data detected in Microsoft Excel workbooks,
+    -- comma-separated value (CSV) files, or tab-separated value (TSV) files.
+    cells :: Prelude.Maybe [Cell],
+    -- | Occurrences of sensitive data detected in a non-binary text file or a
+    -- Microsoft Word file. Non-binary text files include files such as HTML,
+    -- XML, JSON, and TXT files.
+    lineRanges :: Prelude.Maybe [Range],
+    -- | Occurrences of sensitive data detected in a binary text file.
+    offsetRanges :: Prelude.Maybe [Range],
+    -- | Occurrences of sensitive data in an Adobe Portable Document Format (PDF)
+    -- file.
+    pages :: Prelude.Maybe [Page],
+    -- | Occurrences of sensitive data in an Apache Avro object container or an
+    -- Apache Parquet file.
+    records :: Prelude.Maybe [Record]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Occurrences' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cells', 'occurrences_cells' - Occurrences of sensitive data detected in Microsoft Excel workbooks,
+-- comma-separated value (CSV) files, or tab-separated value (TSV) files.
+--
+-- 'lineRanges', 'occurrences_lineRanges' - Occurrences of sensitive data detected in a non-binary text file or a
+-- Microsoft Word file. Non-binary text files include files such as HTML,
+-- XML, JSON, and TXT files.
+--
+-- 'offsetRanges', 'occurrences_offsetRanges' - Occurrences of sensitive data detected in a binary text file.
+--
+-- 'pages', 'occurrences_pages' - Occurrences of sensitive data in an Adobe Portable Document Format (PDF)
+-- file.
+--
+-- 'records', 'occurrences_records' - Occurrences of sensitive data in an Apache Avro object container or an
+-- Apache Parquet file.
+newOccurrences ::
+  Occurrences
+newOccurrences =
+  Occurrences'
+    { cells = Prelude.Nothing,
+      lineRanges = Prelude.Nothing,
+      offsetRanges = Prelude.Nothing,
+      pages = Prelude.Nothing,
+      records = Prelude.Nothing
+    }
+
+-- | Occurrences of sensitive data detected in Microsoft Excel workbooks,
+-- comma-separated value (CSV) files, or tab-separated value (TSV) files.
+occurrences_cells :: Lens.Lens' Occurrences (Prelude.Maybe [Cell])
+occurrences_cells = Lens.lens (\Occurrences' {cells} -> cells) (\s@Occurrences' {} a -> s {cells = a} :: Occurrences) Prelude.. Lens.mapping Lens.coerced
+
+-- | Occurrences of sensitive data detected in a non-binary text file or a
+-- Microsoft Word file. Non-binary text files include files such as HTML,
+-- XML, JSON, and TXT files.
+occurrences_lineRanges :: Lens.Lens' Occurrences (Prelude.Maybe [Range])
+occurrences_lineRanges = Lens.lens (\Occurrences' {lineRanges} -> lineRanges) (\s@Occurrences' {} a -> s {lineRanges = a} :: Occurrences) Prelude.. Lens.mapping Lens.coerced
+
+-- | Occurrences of sensitive data detected in a binary text file.
+occurrences_offsetRanges :: Lens.Lens' Occurrences (Prelude.Maybe [Range])
+occurrences_offsetRanges = Lens.lens (\Occurrences' {offsetRanges} -> offsetRanges) (\s@Occurrences' {} a -> s {offsetRanges = a} :: Occurrences) Prelude.. Lens.mapping Lens.coerced
+
+-- | Occurrences of sensitive data in an Adobe Portable Document Format (PDF)
+-- file.
+occurrences_pages :: Lens.Lens' Occurrences (Prelude.Maybe [Page])
+occurrences_pages = Lens.lens (\Occurrences' {pages} -> pages) (\s@Occurrences' {} a -> s {pages = a} :: Occurrences) Prelude.. Lens.mapping Lens.coerced
+
+-- | Occurrences of sensitive data in an Apache Avro object container or an
+-- Apache Parquet file.
+occurrences_records :: Lens.Lens' Occurrences (Prelude.Maybe [Record])
+occurrences_records = Lens.lens (\Occurrences' {records} -> records) (\s@Occurrences' {} a -> s {records = a} :: Occurrences) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON Occurrences where
+  parseJSON =
+    Data.withObject
+      "Occurrences"
+      ( \x ->
+          Occurrences'
+            Prelude.<$> (x Data..:? "Cells" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "LineRanges" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "OffsetRanges" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Pages" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Records" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable Occurrences where
+  hashWithSalt _salt Occurrences' {..} =
+    _salt
+      `Prelude.hashWithSalt` cells
+      `Prelude.hashWithSalt` lineRanges
+      `Prelude.hashWithSalt` offsetRanges
+      `Prelude.hashWithSalt` pages
+      `Prelude.hashWithSalt` records
+
+instance Prelude.NFData Occurrences where
+  rnf Occurrences' {..} =
+    Prelude.rnf cells
+      `Prelude.seq` Prelude.rnf lineRanges
+      `Prelude.seq` Prelude.rnf offsetRanges
+      `Prelude.seq` Prelude.rnf pages
+      `Prelude.seq` Prelude.rnf records
+
+instance Data.ToJSON Occurrences where
+  toJSON Occurrences' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Cells" Data..=) Prelude.<$> cells,
+            ("LineRanges" Data..=) Prelude.<$> lineRanges,
+            ("OffsetRanges" Data..=) Prelude.<$> offsetRanges,
+            ("Pages" Data..=) Prelude.<$> pages,
+            ("Records" Data..=) Prelude.<$> records
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Page.hs b/gen/Amazonka/SecurityHub/Types/Page.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Page.hs
@@ -0,0 +1,114 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Page
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Page where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.Range
+
+-- | An occurrence of sensitive data in an Adobe Portable Document Format
+-- (PDF) file.
+--
+-- /See:/ 'newPage' smart constructor.
+data Page = Page'
+  { -- | An occurrence of sensitive data detected in a non-binary text file or a
+    -- Microsoft Word file. Non-binary text files include files such as HTML,
+    -- XML, JSON, and TXT files.
+    lineRange :: Prelude.Maybe Range,
+    -- | An occurrence of sensitive data detected in a binary text file.
+    offsetRange :: Prelude.Maybe Range,
+    -- | The page number of the page that contains the sensitive data.
+    pageNumber :: Prelude.Maybe Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Page' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'lineRange', 'page_lineRange' - An occurrence of sensitive data detected in a non-binary text file or a
+-- Microsoft Word file. Non-binary text files include files such as HTML,
+-- XML, JSON, and TXT files.
+--
+-- 'offsetRange', 'page_offsetRange' - An occurrence of sensitive data detected in a binary text file.
+--
+-- 'pageNumber', 'page_pageNumber' - The page number of the page that contains the sensitive data.
+newPage ::
+  Page
+newPage =
+  Page'
+    { lineRange = Prelude.Nothing,
+      offsetRange = Prelude.Nothing,
+      pageNumber = Prelude.Nothing
+    }
+
+-- | An occurrence of sensitive data detected in a non-binary text file or a
+-- Microsoft Word file. Non-binary text files include files such as HTML,
+-- XML, JSON, and TXT files.
+page_lineRange :: Lens.Lens' Page (Prelude.Maybe Range)
+page_lineRange = Lens.lens (\Page' {lineRange} -> lineRange) (\s@Page' {} a -> s {lineRange = a} :: Page)
+
+-- | An occurrence of sensitive data detected in a binary text file.
+page_offsetRange :: Lens.Lens' Page (Prelude.Maybe Range)
+page_offsetRange = Lens.lens (\Page' {offsetRange} -> offsetRange) (\s@Page' {} a -> s {offsetRange = a} :: Page)
+
+-- | The page number of the page that contains the sensitive data.
+page_pageNumber :: Lens.Lens' Page (Prelude.Maybe Prelude.Integer)
+page_pageNumber = Lens.lens (\Page' {pageNumber} -> pageNumber) (\s@Page' {} a -> s {pageNumber = a} :: Page)
+
+instance Data.FromJSON Page where
+  parseJSON =
+    Data.withObject
+      "Page"
+      ( \x ->
+          Page'
+            Prelude.<$> (x Data..:? "LineRange")
+            Prelude.<*> (x Data..:? "OffsetRange")
+            Prelude.<*> (x Data..:? "PageNumber")
+      )
+
+instance Prelude.Hashable Page where
+  hashWithSalt _salt Page' {..} =
+    _salt
+      `Prelude.hashWithSalt` lineRange
+      `Prelude.hashWithSalt` offsetRange
+      `Prelude.hashWithSalt` pageNumber
+
+instance Prelude.NFData Page where
+  rnf Page' {..} =
+    Prelude.rnf lineRange
+      `Prelude.seq` Prelude.rnf offsetRange
+      `Prelude.seq` Prelude.rnf pageNumber
+
+instance Data.ToJSON Page where
+  toJSON Page' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("LineRange" Data..=) Prelude.<$> lineRange,
+            ("OffsetRange" Data..=) Prelude.<$> offsetRange,
+            ("PageNumber" Data..=) Prelude.<$> pageNumber
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Partition.hs b/gen/Amazonka/SecurityHub/Types/Partition.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Partition.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Partition
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Partition
+  ( Partition
+      ( ..,
+        Partition_Aws,
+        Partition_Aws_cn,
+        Partition_Aws_us_gov
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype Partition = Partition'
+  { fromPartition ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern Partition_Aws :: Partition
+pattern Partition_Aws = Partition' "aws"
+
+pattern Partition_Aws_cn :: Partition
+pattern Partition_Aws_cn = Partition' "aws-cn"
+
+pattern Partition_Aws_us_gov :: Partition
+pattern Partition_Aws_us_gov = Partition' "aws-us-gov"
+
+{-# COMPLETE
+  Partition_Aws,
+  Partition_Aws_cn,
+  Partition_Aws_us_gov,
+  Partition'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/PatchSummary.hs b/gen/Amazonka/SecurityHub/Types/PatchSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/PatchSummary.hs
@@ -0,0 +1,273 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.PatchSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.PatchSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides an overview of the patch compliance status for an instance
+-- against a selected compliance standard.
+--
+-- /See:/ 'newPatchSummary' smart constructor.
+data PatchSummary = PatchSummary'
+  { -- | The number of patches from the compliance standard that failed to
+    -- install.
+    failedCount :: Prelude.Maybe Prelude.Int,
+    -- | The number of patches from the compliance standard that were installed
+    -- successfully.
+    installedCount :: Prelude.Maybe Prelude.Int,
+    -- | The number of installed patches that are not part of the compliance
+    -- standard.
+    installedOtherCount :: Prelude.Maybe Prelude.Int,
+    -- | The number of patches that were applied, but that require the instance
+    -- to be rebooted in order to be marked as installed.
+    installedPendingReboot :: Prelude.Maybe Prelude.Int,
+    -- | The number of patches that are installed but are also on a list of
+    -- patches that the customer rejected.
+    installedRejectedCount :: Prelude.Maybe Prelude.Int,
+    -- | The number of patches that are part of the compliance standard but are
+    -- not installed. The count includes patches that failed to install.
+    missingCount :: Prelude.Maybe Prelude.Int,
+    -- | The type of patch operation performed. For Patch Manager, the values are
+    -- @SCAN@ and @INSTALL@.
+    operation :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the operation completed.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    operationEndTime :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the operation started.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    operationStartTime :: Prelude.Maybe Prelude.Text,
+    -- | The reboot option specified for the instance.
+    rebootOption :: Prelude.Maybe Prelude.Text,
+    -- | The identifier of the compliance standard that was used to determine the
+    -- patch compliance status.
+    id :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PatchSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'failedCount', 'patchSummary_failedCount' - The number of patches from the compliance standard that failed to
+-- install.
+--
+-- 'installedCount', 'patchSummary_installedCount' - The number of patches from the compliance standard that were installed
+-- successfully.
+--
+-- 'installedOtherCount', 'patchSummary_installedOtherCount' - The number of installed patches that are not part of the compliance
+-- standard.
+--
+-- 'installedPendingReboot', 'patchSummary_installedPendingReboot' - The number of patches that were applied, but that require the instance
+-- to be rebooted in order to be marked as installed.
+--
+-- 'installedRejectedCount', 'patchSummary_installedRejectedCount' - The number of patches that are installed but are also on a list of
+-- patches that the customer rejected.
+--
+-- 'missingCount', 'patchSummary_missingCount' - The number of patches that are part of the compliance standard but are
+-- not installed. The count includes patches that failed to install.
+--
+-- 'operation', 'patchSummary_operation' - The type of patch operation performed. For Patch Manager, the values are
+-- @SCAN@ and @INSTALL@.
+--
+-- 'operationEndTime', 'patchSummary_operationEndTime' - Indicates when the operation completed.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'operationStartTime', 'patchSummary_operationStartTime' - Indicates when the operation started.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'rebootOption', 'patchSummary_rebootOption' - The reboot option specified for the instance.
+--
+-- 'id', 'patchSummary_id' - The identifier of the compliance standard that was used to determine the
+-- patch compliance status.
+newPatchSummary ::
+  -- | 'id'
+  Prelude.Text ->
+  PatchSummary
+newPatchSummary pId_ =
+  PatchSummary'
+    { failedCount = Prelude.Nothing,
+      installedCount = Prelude.Nothing,
+      installedOtherCount = Prelude.Nothing,
+      installedPendingReboot = Prelude.Nothing,
+      installedRejectedCount = Prelude.Nothing,
+      missingCount = Prelude.Nothing,
+      operation = Prelude.Nothing,
+      operationEndTime = Prelude.Nothing,
+      operationStartTime = Prelude.Nothing,
+      rebootOption = Prelude.Nothing,
+      id = pId_
+    }
+
+-- | The number of patches from the compliance standard that failed to
+-- install.
+patchSummary_failedCount :: Lens.Lens' PatchSummary (Prelude.Maybe Prelude.Int)
+patchSummary_failedCount = Lens.lens (\PatchSummary' {failedCount} -> failedCount) (\s@PatchSummary' {} a -> s {failedCount = a} :: PatchSummary)
+
+-- | The number of patches from the compliance standard that were installed
+-- successfully.
+patchSummary_installedCount :: Lens.Lens' PatchSummary (Prelude.Maybe Prelude.Int)
+patchSummary_installedCount = Lens.lens (\PatchSummary' {installedCount} -> installedCount) (\s@PatchSummary' {} a -> s {installedCount = a} :: PatchSummary)
+
+-- | The number of installed patches that are not part of the compliance
+-- standard.
+patchSummary_installedOtherCount :: Lens.Lens' PatchSummary (Prelude.Maybe Prelude.Int)
+patchSummary_installedOtherCount = Lens.lens (\PatchSummary' {installedOtherCount} -> installedOtherCount) (\s@PatchSummary' {} a -> s {installedOtherCount = a} :: PatchSummary)
+
+-- | The number of patches that were applied, but that require the instance
+-- to be rebooted in order to be marked as installed.
+patchSummary_installedPendingReboot :: Lens.Lens' PatchSummary (Prelude.Maybe Prelude.Int)
+patchSummary_installedPendingReboot = Lens.lens (\PatchSummary' {installedPendingReboot} -> installedPendingReboot) (\s@PatchSummary' {} a -> s {installedPendingReboot = a} :: PatchSummary)
+
+-- | The number of patches that are installed but are also on a list of
+-- patches that the customer rejected.
+patchSummary_installedRejectedCount :: Lens.Lens' PatchSummary (Prelude.Maybe Prelude.Int)
+patchSummary_installedRejectedCount = Lens.lens (\PatchSummary' {installedRejectedCount} -> installedRejectedCount) (\s@PatchSummary' {} a -> s {installedRejectedCount = a} :: PatchSummary)
+
+-- | The number of patches that are part of the compliance standard but are
+-- not installed. The count includes patches that failed to install.
+patchSummary_missingCount :: Lens.Lens' PatchSummary (Prelude.Maybe Prelude.Int)
+patchSummary_missingCount = Lens.lens (\PatchSummary' {missingCount} -> missingCount) (\s@PatchSummary' {} a -> s {missingCount = a} :: PatchSummary)
+
+-- | The type of patch operation performed. For Patch Manager, the values are
+-- @SCAN@ and @INSTALL@.
+patchSummary_operation :: Lens.Lens' PatchSummary (Prelude.Maybe Prelude.Text)
+patchSummary_operation = Lens.lens (\PatchSummary' {operation} -> operation) (\s@PatchSummary' {} a -> s {operation = a} :: PatchSummary)
+
+-- | Indicates when the operation completed.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+patchSummary_operationEndTime :: Lens.Lens' PatchSummary (Prelude.Maybe Prelude.Text)
+patchSummary_operationEndTime = Lens.lens (\PatchSummary' {operationEndTime} -> operationEndTime) (\s@PatchSummary' {} a -> s {operationEndTime = a} :: PatchSummary)
+
+-- | Indicates when the operation started.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+patchSummary_operationStartTime :: Lens.Lens' PatchSummary (Prelude.Maybe Prelude.Text)
+patchSummary_operationStartTime = Lens.lens (\PatchSummary' {operationStartTime} -> operationStartTime) (\s@PatchSummary' {} a -> s {operationStartTime = a} :: PatchSummary)
+
+-- | The reboot option specified for the instance.
+patchSummary_rebootOption :: Lens.Lens' PatchSummary (Prelude.Maybe Prelude.Text)
+patchSummary_rebootOption = Lens.lens (\PatchSummary' {rebootOption} -> rebootOption) (\s@PatchSummary' {} a -> s {rebootOption = a} :: PatchSummary)
+
+-- | The identifier of the compliance standard that was used to determine the
+-- patch compliance status.
+patchSummary_id :: Lens.Lens' PatchSummary Prelude.Text
+patchSummary_id = Lens.lens (\PatchSummary' {id} -> id) (\s@PatchSummary' {} a -> s {id = a} :: PatchSummary)
+
+instance Data.FromJSON PatchSummary where
+  parseJSON =
+    Data.withObject
+      "PatchSummary"
+      ( \x ->
+          PatchSummary'
+            Prelude.<$> (x Data..:? "FailedCount")
+            Prelude.<*> (x Data..:? "InstalledCount")
+            Prelude.<*> (x Data..:? "InstalledOtherCount")
+            Prelude.<*> (x Data..:? "InstalledPendingReboot")
+            Prelude.<*> (x Data..:? "InstalledRejectedCount")
+            Prelude.<*> (x Data..:? "MissingCount")
+            Prelude.<*> (x Data..:? "Operation")
+            Prelude.<*> (x Data..:? "OperationEndTime")
+            Prelude.<*> (x Data..:? "OperationStartTime")
+            Prelude.<*> (x Data..:? "RebootOption")
+            Prelude.<*> (x Data..: "Id")
+      )
+
+instance Prelude.Hashable PatchSummary where
+  hashWithSalt _salt PatchSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` failedCount
+      `Prelude.hashWithSalt` installedCount
+      `Prelude.hashWithSalt` installedOtherCount
+      `Prelude.hashWithSalt` installedPendingReboot
+      `Prelude.hashWithSalt` installedRejectedCount
+      `Prelude.hashWithSalt` missingCount
+      `Prelude.hashWithSalt` operation
+      `Prelude.hashWithSalt` operationEndTime
+      `Prelude.hashWithSalt` operationStartTime
+      `Prelude.hashWithSalt` rebootOption
+      `Prelude.hashWithSalt` id
+
+instance Prelude.NFData PatchSummary where
+  rnf PatchSummary' {..} =
+    Prelude.rnf failedCount
+      `Prelude.seq` Prelude.rnf installedCount
+      `Prelude.seq` Prelude.rnf installedOtherCount
+      `Prelude.seq` Prelude.rnf installedPendingReboot
+      `Prelude.seq` Prelude.rnf installedRejectedCount
+      `Prelude.seq` Prelude.rnf missingCount
+      `Prelude.seq` Prelude.rnf operation
+      `Prelude.seq` Prelude.rnf operationEndTime
+      `Prelude.seq` Prelude.rnf operationStartTime
+      `Prelude.seq` Prelude.rnf rebootOption
+      `Prelude.seq` Prelude.rnf id
+
+instance Data.ToJSON PatchSummary where
+  toJSON PatchSummary' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("FailedCount" Data..=) Prelude.<$> failedCount,
+            ("InstalledCount" Data..=)
+              Prelude.<$> installedCount,
+            ("InstalledOtherCount" Data..=)
+              Prelude.<$> installedOtherCount,
+            ("InstalledPendingReboot" Data..=)
+              Prelude.<$> installedPendingReboot,
+            ("InstalledRejectedCount" Data..=)
+              Prelude.<$> installedRejectedCount,
+            ("MissingCount" Data..=) Prelude.<$> missingCount,
+            ("Operation" Data..=) Prelude.<$> operation,
+            ("OperationEndTime" Data..=)
+              Prelude.<$> operationEndTime,
+            ("OperationStartTime" Data..=)
+              Prelude.<$> operationStartTime,
+            ("RebootOption" Data..=) Prelude.<$> rebootOption,
+            Prelude.Just ("Id" Data..= id)
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/PortProbeAction.hs b/gen/Amazonka/SecurityHub/Types/PortProbeAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/PortProbeAction.hs
@@ -0,0 +1,99 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.PortProbeAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.PortProbeAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.PortProbeDetail
+
+-- | Provided if @ActionType@ is @PORT_PROBE@. It provides details about the
+-- attempted port probe that was detected.
+--
+-- /See:/ 'newPortProbeAction' smart constructor.
+data PortProbeAction = PortProbeAction'
+  { -- | Indicates whether the port probe was blocked.
+    blocked :: Prelude.Maybe Prelude.Bool,
+    -- | Information about the ports affected by the port probe.
+    portProbeDetails :: Prelude.Maybe [PortProbeDetail]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PortProbeAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'blocked', 'portProbeAction_blocked' - Indicates whether the port probe was blocked.
+--
+-- 'portProbeDetails', 'portProbeAction_portProbeDetails' - Information about the ports affected by the port probe.
+newPortProbeAction ::
+  PortProbeAction
+newPortProbeAction =
+  PortProbeAction'
+    { blocked = Prelude.Nothing,
+      portProbeDetails = Prelude.Nothing
+    }
+
+-- | Indicates whether the port probe was blocked.
+portProbeAction_blocked :: Lens.Lens' PortProbeAction (Prelude.Maybe Prelude.Bool)
+portProbeAction_blocked = Lens.lens (\PortProbeAction' {blocked} -> blocked) (\s@PortProbeAction' {} a -> s {blocked = a} :: PortProbeAction)
+
+-- | Information about the ports affected by the port probe.
+portProbeAction_portProbeDetails :: Lens.Lens' PortProbeAction (Prelude.Maybe [PortProbeDetail])
+portProbeAction_portProbeDetails = Lens.lens (\PortProbeAction' {portProbeDetails} -> portProbeDetails) (\s@PortProbeAction' {} a -> s {portProbeDetails = a} :: PortProbeAction) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON PortProbeAction where
+  parseJSON =
+    Data.withObject
+      "PortProbeAction"
+      ( \x ->
+          PortProbeAction'
+            Prelude.<$> (x Data..:? "Blocked")
+            Prelude.<*> ( x
+                            Data..:? "PortProbeDetails"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable PortProbeAction where
+  hashWithSalt _salt PortProbeAction' {..} =
+    _salt
+      `Prelude.hashWithSalt` blocked
+      `Prelude.hashWithSalt` portProbeDetails
+
+instance Prelude.NFData PortProbeAction where
+  rnf PortProbeAction' {..} =
+    Prelude.rnf blocked
+      `Prelude.seq` Prelude.rnf portProbeDetails
+
+instance Data.ToJSON PortProbeAction where
+  toJSON PortProbeAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Blocked" Data..=) Prelude.<$> blocked,
+            ("PortProbeDetails" Data..=)
+              Prelude.<$> portProbeDetails
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/PortProbeDetail.hs b/gen/Amazonka/SecurityHub/Types/PortProbeDetail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/PortProbeDetail.hs
@@ -0,0 +1,121 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.PortProbeDetail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.PortProbeDetail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.ActionLocalIpDetails
+import Amazonka.SecurityHub.Types.ActionLocalPortDetails
+import Amazonka.SecurityHub.Types.ActionRemoteIpDetails
+
+-- | A port scan that was part of the port probe. For each scan,
+-- PortProbeDetails provides information about the local IP address and
+-- port that were scanned, and the remote IP address that the scan
+-- originated from.
+--
+-- /See:/ 'newPortProbeDetail' smart constructor.
+data PortProbeDetail = PortProbeDetail'
+  { -- | Provides information about the IP address where the scanned port is
+    -- located.
+    localIpDetails :: Prelude.Maybe ActionLocalIpDetails,
+    -- | Provides information about the port that was scanned.
+    localPortDetails :: Prelude.Maybe ActionLocalPortDetails,
+    -- | Provides information about the remote IP address that performed the
+    -- scan.
+    remoteIpDetails :: Prelude.Maybe ActionRemoteIpDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PortProbeDetail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'localIpDetails', 'portProbeDetail_localIpDetails' - Provides information about the IP address where the scanned port is
+-- located.
+--
+-- 'localPortDetails', 'portProbeDetail_localPortDetails' - Provides information about the port that was scanned.
+--
+-- 'remoteIpDetails', 'portProbeDetail_remoteIpDetails' - Provides information about the remote IP address that performed the
+-- scan.
+newPortProbeDetail ::
+  PortProbeDetail
+newPortProbeDetail =
+  PortProbeDetail'
+    { localIpDetails = Prelude.Nothing,
+      localPortDetails = Prelude.Nothing,
+      remoteIpDetails = Prelude.Nothing
+    }
+
+-- | Provides information about the IP address where the scanned port is
+-- located.
+portProbeDetail_localIpDetails :: Lens.Lens' PortProbeDetail (Prelude.Maybe ActionLocalIpDetails)
+portProbeDetail_localIpDetails = Lens.lens (\PortProbeDetail' {localIpDetails} -> localIpDetails) (\s@PortProbeDetail' {} a -> s {localIpDetails = a} :: PortProbeDetail)
+
+-- | Provides information about the port that was scanned.
+portProbeDetail_localPortDetails :: Lens.Lens' PortProbeDetail (Prelude.Maybe ActionLocalPortDetails)
+portProbeDetail_localPortDetails = Lens.lens (\PortProbeDetail' {localPortDetails} -> localPortDetails) (\s@PortProbeDetail' {} a -> s {localPortDetails = a} :: PortProbeDetail)
+
+-- | Provides information about the remote IP address that performed the
+-- scan.
+portProbeDetail_remoteIpDetails :: Lens.Lens' PortProbeDetail (Prelude.Maybe ActionRemoteIpDetails)
+portProbeDetail_remoteIpDetails = Lens.lens (\PortProbeDetail' {remoteIpDetails} -> remoteIpDetails) (\s@PortProbeDetail' {} a -> s {remoteIpDetails = a} :: PortProbeDetail)
+
+instance Data.FromJSON PortProbeDetail where
+  parseJSON =
+    Data.withObject
+      "PortProbeDetail"
+      ( \x ->
+          PortProbeDetail'
+            Prelude.<$> (x Data..:? "LocalIpDetails")
+            Prelude.<*> (x Data..:? "LocalPortDetails")
+            Prelude.<*> (x Data..:? "RemoteIpDetails")
+      )
+
+instance Prelude.Hashable PortProbeDetail where
+  hashWithSalt _salt PortProbeDetail' {..} =
+    _salt
+      `Prelude.hashWithSalt` localIpDetails
+      `Prelude.hashWithSalt` localPortDetails
+      `Prelude.hashWithSalt` remoteIpDetails
+
+instance Prelude.NFData PortProbeDetail where
+  rnf PortProbeDetail' {..} =
+    Prelude.rnf localIpDetails
+      `Prelude.seq` Prelude.rnf localPortDetails
+      `Prelude.seq` Prelude.rnf remoteIpDetails
+
+instance Data.ToJSON PortProbeDetail where
+  toJSON PortProbeDetail' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("LocalIpDetails" Data..=)
+              Prelude.<$> localIpDetails,
+            ("LocalPortDetails" Data..=)
+              Prelude.<$> localPortDetails,
+            ("RemoteIpDetails" Data..=)
+              Prelude.<$> remoteIpDetails
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/PortRange.hs b/gen/Amazonka/SecurityHub/Types/PortRange.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/PortRange.hs
@@ -0,0 +1,92 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.PortRange
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.PortRange where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A range of ports.
+--
+-- /See:/ 'newPortRange' smart constructor.
+data PortRange = PortRange'
+  { -- | The first port in the port range.
+    begin :: Prelude.Maybe Prelude.Int,
+    -- | The last port in the port range.
+    end :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PortRange' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'begin', 'portRange_begin' - The first port in the port range.
+--
+-- 'end', 'portRange_end' - The last port in the port range.
+newPortRange ::
+  PortRange
+newPortRange =
+  PortRange'
+    { begin = Prelude.Nothing,
+      end = Prelude.Nothing
+    }
+
+-- | The first port in the port range.
+portRange_begin :: Lens.Lens' PortRange (Prelude.Maybe Prelude.Int)
+portRange_begin = Lens.lens (\PortRange' {begin} -> begin) (\s@PortRange' {} a -> s {begin = a} :: PortRange)
+
+-- | The last port in the port range.
+portRange_end :: Lens.Lens' PortRange (Prelude.Maybe Prelude.Int)
+portRange_end = Lens.lens (\PortRange' {end} -> end) (\s@PortRange' {} a -> s {end = a} :: PortRange)
+
+instance Data.FromJSON PortRange where
+  parseJSON =
+    Data.withObject
+      "PortRange"
+      ( \x ->
+          PortRange'
+            Prelude.<$> (x Data..:? "Begin")
+            Prelude.<*> (x Data..:? "End")
+      )
+
+instance Prelude.Hashable PortRange where
+  hashWithSalt _salt PortRange' {..} =
+    _salt
+      `Prelude.hashWithSalt` begin
+      `Prelude.hashWithSalt` end
+
+instance Prelude.NFData PortRange where
+  rnf PortRange' {..} =
+    Prelude.rnf begin `Prelude.seq` Prelude.rnf end
+
+instance Data.ToJSON PortRange where
+  toJSON PortRange' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Begin" Data..=) Prelude.<$> begin,
+            ("End" Data..=) Prelude.<$> end
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/PortRangeFromTo.hs b/gen/Amazonka/SecurityHub/Types/PortRangeFromTo.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/PortRangeFromTo.hs
@@ -0,0 +1,92 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.PortRangeFromTo
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.PortRangeFromTo where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A range of ports.
+--
+-- /See:/ 'newPortRangeFromTo' smart constructor.
+data PortRangeFromTo = PortRangeFromTo'
+  { -- | The first port in the port range.
+    from :: Prelude.Maybe Prelude.Int,
+    -- | The last port in the port range.
+    to :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PortRangeFromTo' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'from', 'portRangeFromTo_from' - The first port in the port range.
+--
+-- 'to', 'portRangeFromTo_to' - The last port in the port range.
+newPortRangeFromTo ::
+  PortRangeFromTo
+newPortRangeFromTo =
+  PortRangeFromTo'
+    { from = Prelude.Nothing,
+      to = Prelude.Nothing
+    }
+
+-- | The first port in the port range.
+portRangeFromTo_from :: Lens.Lens' PortRangeFromTo (Prelude.Maybe Prelude.Int)
+portRangeFromTo_from = Lens.lens (\PortRangeFromTo' {from} -> from) (\s@PortRangeFromTo' {} a -> s {from = a} :: PortRangeFromTo)
+
+-- | The last port in the port range.
+portRangeFromTo_to :: Lens.Lens' PortRangeFromTo (Prelude.Maybe Prelude.Int)
+portRangeFromTo_to = Lens.lens (\PortRangeFromTo' {to} -> to) (\s@PortRangeFromTo' {} a -> s {to = a} :: PortRangeFromTo)
+
+instance Data.FromJSON PortRangeFromTo where
+  parseJSON =
+    Data.withObject
+      "PortRangeFromTo"
+      ( \x ->
+          PortRangeFromTo'
+            Prelude.<$> (x Data..:? "From")
+            Prelude.<*> (x Data..:? "To")
+      )
+
+instance Prelude.Hashable PortRangeFromTo where
+  hashWithSalt _salt PortRangeFromTo' {..} =
+    _salt
+      `Prelude.hashWithSalt` from
+      `Prelude.hashWithSalt` to
+
+instance Prelude.NFData PortRangeFromTo where
+  rnf PortRangeFromTo' {..} =
+    Prelude.rnf from `Prelude.seq` Prelude.rnf to
+
+instance Data.ToJSON PortRangeFromTo where
+  toJSON PortRangeFromTo' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("From" Data..=) Prelude.<$> from,
+            ("To" Data..=) Prelude.<$> to
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/ProcessDetails.hs b/gen/Amazonka/SecurityHub/Types/ProcessDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ProcessDetails.hs
@@ -0,0 +1,175 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ProcessDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ProcessDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The details of process-related information about a finding.
+--
+-- /See:/ 'newProcessDetails' smart constructor.
+data ProcessDetails = ProcessDetails'
+  { -- | Indicates when the process was launched.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    launchedAt :: Prelude.Maybe Prelude.Text,
+    -- | The name of the process.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The parent process ID.
+    parentPid :: Prelude.Maybe Prelude.Int,
+    -- | The path to the process executable.
+    path :: Prelude.Maybe Prelude.Text,
+    -- | The process ID.
+    pid :: Prelude.Maybe Prelude.Int,
+    -- | Indicates when the process was terminated.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    terminatedAt :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ProcessDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'launchedAt', 'processDetails_launchedAt' - Indicates when the process was launched.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'name', 'processDetails_name' - The name of the process.
+--
+-- 'parentPid', 'processDetails_parentPid' - The parent process ID.
+--
+-- 'path', 'processDetails_path' - The path to the process executable.
+--
+-- 'pid', 'processDetails_pid' - The process ID.
+--
+-- 'terminatedAt', 'processDetails_terminatedAt' - Indicates when the process was terminated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+newProcessDetails ::
+  ProcessDetails
+newProcessDetails =
+  ProcessDetails'
+    { launchedAt = Prelude.Nothing,
+      name = Prelude.Nothing,
+      parentPid = Prelude.Nothing,
+      path = Prelude.Nothing,
+      pid = Prelude.Nothing,
+      terminatedAt = Prelude.Nothing
+    }
+
+-- | Indicates when the process was launched.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+processDetails_launchedAt :: Lens.Lens' ProcessDetails (Prelude.Maybe Prelude.Text)
+processDetails_launchedAt = Lens.lens (\ProcessDetails' {launchedAt} -> launchedAt) (\s@ProcessDetails' {} a -> s {launchedAt = a} :: ProcessDetails)
+
+-- | The name of the process.
+processDetails_name :: Lens.Lens' ProcessDetails (Prelude.Maybe Prelude.Text)
+processDetails_name = Lens.lens (\ProcessDetails' {name} -> name) (\s@ProcessDetails' {} a -> s {name = a} :: ProcessDetails)
+
+-- | The parent process ID.
+processDetails_parentPid :: Lens.Lens' ProcessDetails (Prelude.Maybe Prelude.Int)
+processDetails_parentPid = Lens.lens (\ProcessDetails' {parentPid} -> parentPid) (\s@ProcessDetails' {} a -> s {parentPid = a} :: ProcessDetails)
+
+-- | The path to the process executable.
+processDetails_path :: Lens.Lens' ProcessDetails (Prelude.Maybe Prelude.Text)
+processDetails_path = Lens.lens (\ProcessDetails' {path} -> path) (\s@ProcessDetails' {} a -> s {path = a} :: ProcessDetails)
+
+-- | The process ID.
+processDetails_pid :: Lens.Lens' ProcessDetails (Prelude.Maybe Prelude.Int)
+processDetails_pid = Lens.lens (\ProcessDetails' {pid} -> pid) (\s@ProcessDetails' {} a -> s {pid = a} :: ProcessDetails)
+
+-- | Indicates when the process was terminated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+processDetails_terminatedAt :: Lens.Lens' ProcessDetails (Prelude.Maybe Prelude.Text)
+processDetails_terminatedAt = Lens.lens (\ProcessDetails' {terminatedAt} -> terminatedAt) (\s@ProcessDetails' {} a -> s {terminatedAt = a} :: ProcessDetails)
+
+instance Data.FromJSON ProcessDetails where
+  parseJSON =
+    Data.withObject
+      "ProcessDetails"
+      ( \x ->
+          ProcessDetails'
+            Prelude.<$> (x Data..:? "LaunchedAt")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "ParentPid")
+            Prelude.<*> (x Data..:? "Path")
+            Prelude.<*> (x Data..:? "Pid")
+            Prelude.<*> (x Data..:? "TerminatedAt")
+      )
+
+instance Prelude.Hashable ProcessDetails where
+  hashWithSalt _salt ProcessDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` launchedAt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` parentPid
+      `Prelude.hashWithSalt` path
+      `Prelude.hashWithSalt` pid
+      `Prelude.hashWithSalt` terminatedAt
+
+instance Prelude.NFData ProcessDetails where
+  rnf ProcessDetails' {..} =
+    Prelude.rnf launchedAt
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf parentPid
+      `Prelude.seq` Prelude.rnf path
+      `Prelude.seq` Prelude.rnf pid
+      `Prelude.seq` Prelude.rnf terminatedAt
+
+instance Data.ToJSON ProcessDetails where
+  toJSON ProcessDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("LaunchedAt" Data..=) Prelude.<$> launchedAt,
+            ("Name" Data..=) Prelude.<$> name,
+            ("ParentPid" Data..=) Prelude.<$> parentPid,
+            ("Path" Data..=) Prelude.<$> path,
+            ("Pid" Data..=) Prelude.<$> pid,
+            ("TerminatedAt" Data..=) Prelude.<$> terminatedAt
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Product.hs b/gen/Amazonka/SecurityHub/Types/Product.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Product.hs
@@ -0,0 +1,222 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Product
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Product where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.IntegrationType
+
+-- | Contains details about a product.
+--
+-- /See:/ 'newProduct' smart constructor.
+data Product = Product'
+  { -- | The URL to the service or product documentation about the integration
+    -- with Security Hub, including how to activate the integration.
+    activationUrl :: Prelude.Maybe Prelude.Text,
+    -- | The categories assigned to the product.
+    categories :: Prelude.Maybe [Prelude.Text],
+    -- | The name of the company that provides the product.
+    companyName :: Prelude.Maybe Prelude.Text,
+    -- | A description of the product.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The types of integration that the product supports. Available values are
+    -- the following.
+    --
+    -- -   @SEND_FINDINGS_TO_SECURITY_HUB@ - The integration sends findings to
+    --     Security Hub.
+    --
+    -- -   @RECEIVE_FINDINGS_FROM_SECURITY_HUB@ - The integration receives
+    --     findings from Security Hub.
+    --
+    -- -   @UPDATE_FINDINGS_IN_SECURITY_HUB@ - The integration does not send
+    --     new findings to Security Hub, but does make updates to the findings
+    --     that it receives from Security Hub.
+    integrationTypes :: Prelude.Maybe [IntegrationType],
+    -- | For integrations with Amazon Web Services services, the Amazon Web
+    -- Services Console URL from which to activate the service.
+    --
+    -- For integrations with third-party products, the Amazon Web Services
+    -- Marketplace URL from which to subscribe to or purchase the product.
+    marketplaceUrl :: Prelude.Maybe Prelude.Text,
+    -- | The name of the product.
+    productName :: Prelude.Maybe Prelude.Text,
+    -- | The resource policy associated with the product.
+    productSubscriptionResourcePolicy :: Prelude.Maybe Prelude.Text,
+    -- | The ARN assigned to the product.
+    productArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Product' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'activationUrl', 'product_activationUrl' - The URL to the service or product documentation about the integration
+-- with Security Hub, including how to activate the integration.
+--
+-- 'categories', 'product_categories' - The categories assigned to the product.
+--
+-- 'companyName', 'product_companyName' - The name of the company that provides the product.
+--
+-- 'description', 'product_description' - A description of the product.
+--
+-- 'integrationTypes', 'product_integrationTypes' - The types of integration that the product supports. Available values are
+-- the following.
+--
+-- -   @SEND_FINDINGS_TO_SECURITY_HUB@ - The integration sends findings to
+--     Security Hub.
+--
+-- -   @RECEIVE_FINDINGS_FROM_SECURITY_HUB@ - The integration receives
+--     findings from Security Hub.
+--
+-- -   @UPDATE_FINDINGS_IN_SECURITY_HUB@ - The integration does not send
+--     new findings to Security Hub, but does make updates to the findings
+--     that it receives from Security Hub.
+--
+-- 'marketplaceUrl', 'product_marketplaceUrl' - For integrations with Amazon Web Services services, the Amazon Web
+-- Services Console URL from which to activate the service.
+--
+-- For integrations with third-party products, the Amazon Web Services
+-- Marketplace URL from which to subscribe to or purchase the product.
+--
+-- 'productName', 'product_productName' - The name of the product.
+--
+-- 'productSubscriptionResourcePolicy', 'product_productSubscriptionResourcePolicy' - The resource policy associated with the product.
+--
+-- 'productArn', 'product_productArn' - The ARN assigned to the product.
+newProduct ::
+  -- | 'productArn'
+  Prelude.Text ->
+  Product
+newProduct pProductArn_ =
+  Product'
+    { activationUrl = Prelude.Nothing,
+      categories = Prelude.Nothing,
+      companyName = Prelude.Nothing,
+      description = Prelude.Nothing,
+      integrationTypes = Prelude.Nothing,
+      marketplaceUrl = Prelude.Nothing,
+      productName = Prelude.Nothing,
+      productSubscriptionResourcePolicy = Prelude.Nothing,
+      productArn = pProductArn_
+    }
+
+-- | The URL to the service or product documentation about the integration
+-- with Security Hub, including how to activate the integration.
+product_activationUrl :: Lens.Lens' Product (Prelude.Maybe Prelude.Text)
+product_activationUrl = Lens.lens (\Product' {activationUrl} -> activationUrl) (\s@Product' {} a -> s {activationUrl = a} :: Product)
+
+-- | The categories assigned to the product.
+product_categories :: Lens.Lens' Product (Prelude.Maybe [Prelude.Text])
+product_categories = Lens.lens (\Product' {categories} -> categories) (\s@Product' {} a -> s {categories = a} :: Product) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the company that provides the product.
+product_companyName :: Lens.Lens' Product (Prelude.Maybe Prelude.Text)
+product_companyName = Lens.lens (\Product' {companyName} -> companyName) (\s@Product' {} a -> s {companyName = a} :: Product)
+
+-- | A description of the product.
+product_description :: Lens.Lens' Product (Prelude.Maybe Prelude.Text)
+product_description = Lens.lens (\Product' {description} -> description) (\s@Product' {} a -> s {description = a} :: Product)
+
+-- | The types of integration that the product supports. Available values are
+-- the following.
+--
+-- -   @SEND_FINDINGS_TO_SECURITY_HUB@ - The integration sends findings to
+--     Security Hub.
+--
+-- -   @RECEIVE_FINDINGS_FROM_SECURITY_HUB@ - The integration receives
+--     findings from Security Hub.
+--
+-- -   @UPDATE_FINDINGS_IN_SECURITY_HUB@ - The integration does not send
+--     new findings to Security Hub, but does make updates to the findings
+--     that it receives from Security Hub.
+product_integrationTypes :: Lens.Lens' Product (Prelude.Maybe [IntegrationType])
+product_integrationTypes = Lens.lens (\Product' {integrationTypes} -> integrationTypes) (\s@Product' {} a -> s {integrationTypes = a} :: Product) Prelude.. Lens.mapping Lens.coerced
+
+-- | For integrations with Amazon Web Services services, the Amazon Web
+-- Services Console URL from which to activate the service.
+--
+-- For integrations with third-party products, the Amazon Web Services
+-- Marketplace URL from which to subscribe to or purchase the product.
+product_marketplaceUrl :: Lens.Lens' Product (Prelude.Maybe Prelude.Text)
+product_marketplaceUrl = Lens.lens (\Product' {marketplaceUrl} -> marketplaceUrl) (\s@Product' {} a -> s {marketplaceUrl = a} :: Product)
+
+-- | The name of the product.
+product_productName :: Lens.Lens' Product (Prelude.Maybe Prelude.Text)
+product_productName = Lens.lens (\Product' {productName} -> productName) (\s@Product' {} a -> s {productName = a} :: Product)
+
+-- | The resource policy associated with the product.
+product_productSubscriptionResourcePolicy :: Lens.Lens' Product (Prelude.Maybe Prelude.Text)
+product_productSubscriptionResourcePolicy = Lens.lens (\Product' {productSubscriptionResourcePolicy} -> productSubscriptionResourcePolicy) (\s@Product' {} a -> s {productSubscriptionResourcePolicy = a} :: Product)
+
+-- | The ARN assigned to the product.
+product_productArn :: Lens.Lens' Product Prelude.Text
+product_productArn = Lens.lens (\Product' {productArn} -> productArn) (\s@Product' {} a -> s {productArn = a} :: Product)
+
+instance Data.FromJSON Product where
+  parseJSON =
+    Data.withObject
+      "Product"
+      ( \x ->
+          Product'
+            Prelude.<$> (x Data..:? "ActivationUrl")
+            Prelude.<*> (x Data..:? "Categories" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "CompanyName")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> ( x
+                            Data..:? "IntegrationTypes"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "MarketplaceUrl")
+            Prelude.<*> (x Data..:? "ProductName")
+            Prelude.<*> (x Data..:? "ProductSubscriptionResourcePolicy")
+            Prelude.<*> (x Data..: "ProductArn")
+      )
+
+instance Prelude.Hashable Product where
+  hashWithSalt _salt Product' {..} =
+    _salt
+      `Prelude.hashWithSalt` activationUrl
+      `Prelude.hashWithSalt` categories
+      `Prelude.hashWithSalt` companyName
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` integrationTypes
+      `Prelude.hashWithSalt` marketplaceUrl
+      `Prelude.hashWithSalt` productName
+      `Prelude.hashWithSalt` productSubscriptionResourcePolicy
+      `Prelude.hashWithSalt` productArn
+
+instance Prelude.NFData Product where
+  rnf Product' {..} =
+    Prelude.rnf activationUrl
+      `Prelude.seq` Prelude.rnf categories
+      `Prelude.seq` Prelude.rnf companyName
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf integrationTypes
+      `Prelude.seq` Prelude.rnf marketplaceUrl
+      `Prelude.seq` Prelude.rnf productName
+      `Prelude.seq` Prelude.rnf productSubscriptionResourcePolicy
+      `Prelude.seq` Prelude.rnf productArn
diff --git a/gen/Amazonka/SecurityHub/Types/Range.hs b/gen/Amazonka/SecurityHub/Types/Range.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Range.hs
@@ -0,0 +1,115 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Range
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Range where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Identifies where the sensitive data begins and ends.
+--
+-- /See:/ 'newRange' smart constructor.
+data Range = Range'
+  { -- | The number of lines (for a line range) or characters (for an offset
+    -- range) from the beginning of the file to the end of the sensitive data.
+    end :: Prelude.Maybe Prelude.Integer,
+    -- | The number of lines (for a line range) or characters (for an offset
+    -- range) from the beginning of the file to the end of the sensitive data.
+    start :: Prelude.Maybe Prelude.Integer,
+    -- | In the line where the sensitive data starts, the column within the line
+    -- where the sensitive data starts.
+    startColumn :: Prelude.Maybe Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Range' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'end', 'range_end' - The number of lines (for a line range) or characters (for an offset
+-- range) from the beginning of the file to the end of the sensitive data.
+--
+-- 'start', 'range_start' - The number of lines (for a line range) or characters (for an offset
+-- range) from the beginning of the file to the end of the sensitive data.
+--
+-- 'startColumn', 'range_startColumn' - In the line where the sensitive data starts, the column within the line
+-- where the sensitive data starts.
+newRange ::
+  Range
+newRange =
+  Range'
+    { end = Prelude.Nothing,
+      start = Prelude.Nothing,
+      startColumn = Prelude.Nothing
+    }
+
+-- | The number of lines (for a line range) or characters (for an offset
+-- range) from the beginning of the file to the end of the sensitive data.
+range_end :: Lens.Lens' Range (Prelude.Maybe Prelude.Integer)
+range_end = Lens.lens (\Range' {end} -> end) (\s@Range' {} a -> s {end = a} :: Range)
+
+-- | The number of lines (for a line range) or characters (for an offset
+-- range) from the beginning of the file to the end of the sensitive data.
+range_start :: Lens.Lens' Range (Prelude.Maybe Prelude.Integer)
+range_start = Lens.lens (\Range' {start} -> start) (\s@Range' {} a -> s {start = a} :: Range)
+
+-- | In the line where the sensitive data starts, the column within the line
+-- where the sensitive data starts.
+range_startColumn :: Lens.Lens' Range (Prelude.Maybe Prelude.Integer)
+range_startColumn = Lens.lens (\Range' {startColumn} -> startColumn) (\s@Range' {} a -> s {startColumn = a} :: Range)
+
+instance Data.FromJSON Range where
+  parseJSON =
+    Data.withObject
+      "Range"
+      ( \x ->
+          Range'
+            Prelude.<$> (x Data..:? "End")
+            Prelude.<*> (x Data..:? "Start")
+            Prelude.<*> (x Data..:? "StartColumn")
+      )
+
+instance Prelude.Hashable Range where
+  hashWithSalt _salt Range' {..} =
+    _salt
+      `Prelude.hashWithSalt` end
+      `Prelude.hashWithSalt` start
+      `Prelude.hashWithSalt` startColumn
+
+instance Prelude.NFData Range where
+  rnf Range' {..} =
+    Prelude.rnf end
+      `Prelude.seq` Prelude.rnf start
+      `Prelude.seq` Prelude.rnf startColumn
+
+instance Data.ToJSON Range where
+  toJSON Range' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("End" Data..=) Prelude.<$> end,
+            ("Start" Data..=) Prelude.<$> start,
+            ("StartColumn" Data..=) Prelude.<$> startColumn
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Recommendation.hs b/gen/Amazonka/SecurityHub/Types/Recommendation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Recommendation.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Recommendation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Recommendation where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A recommendation on how to remediate the issue identified in a finding.
+--
+-- /See:/ 'newRecommendation' smart constructor.
+data Recommendation = Recommendation'
+  { -- | Describes the recommended steps to take to remediate an issue identified
+    -- in a finding.
+    text :: Prelude.Maybe Prelude.Text,
+    -- | A URL to a page or site that contains information about how to remediate
+    -- a finding.
+    url :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Recommendation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'text', 'recommendation_text' - Describes the recommended steps to take to remediate an issue identified
+-- in a finding.
+--
+-- 'url', 'recommendation_url' - A URL to a page or site that contains information about how to remediate
+-- a finding.
+newRecommendation ::
+  Recommendation
+newRecommendation =
+  Recommendation'
+    { text = Prelude.Nothing,
+      url = Prelude.Nothing
+    }
+
+-- | Describes the recommended steps to take to remediate an issue identified
+-- in a finding.
+recommendation_text :: Lens.Lens' Recommendation (Prelude.Maybe Prelude.Text)
+recommendation_text = Lens.lens (\Recommendation' {text} -> text) (\s@Recommendation' {} a -> s {text = a} :: Recommendation)
+
+-- | A URL to a page or site that contains information about how to remediate
+-- a finding.
+recommendation_url :: Lens.Lens' Recommendation (Prelude.Maybe Prelude.Text)
+recommendation_url = Lens.lens (\Recommendation' {url} -> url) (\s@Recommendation' {} a -> s {url = a} :: Recommendation)
+
+instance Data.FromJSON Recommendation where
+  parseJSON =
+    Data.withObject
+      "Recommendation"
+      ( \x ->
+          Recommendation'
+            Prelude.<$> (x Data..:? "Text")
+            Prelude.<*> (x Data..:? "Url")
+      )
+
+instance Prelude.Hashable Recommendation where
+  hashWithSalt _salt Recommendation' {..} =
+    _salt
+      `Prelude.hashWithSalt` text
+      `Prelude.hashWithSalt` url
+
+instance Prelude.NFData Recommendation where
+  rnf Recommendation' {..} =
+    Prelude.rnf text `Prelude.seq` Prelude.rnf url
+
+instance Data.ToJSON Recommendation where
+  toJSON Recommendation' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Text" Data..=) Prelude.<$> text,
+            ("Url" Data..=) Prelude.<$> url
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Record.hs b/gen/Amazonka/SecurityHub/Types/Record.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Record.hs
@@ -0,0 +1,103 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Record
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Record where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An occurrence of sensitive data in an Apache Avro object container or an
+-- Apache Parquet file.
+--
+-- /See:/ 'newRecord' smart constructor.
+data Record = Record'
+  { -- | The path, as a JSONPath expression, to the field in the record that
+    -- contains the data. If the field name is longer than 20 characters, it is
+    -- truncated. If the path is longer than 250 characters, it is truncated.
+    jsonPath :: Prelude.Maybe Prelude.Text,
+    -- | The record index, starting from 0, for the record that contains the
+    -- data.
+    recordIndex :: Prelude.Maybe Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Record' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'jsonPath', 'record_jsonPath' - The path, as a JSONPath expression, to the field in the record that
+-- contains the data. If the field name is longer than 20 characters, it is
+-- truncated. If the path is longer than 250 characters, it is truncated.
+--
+-- 'recordIndex', 'record_recordIndex' - The record index, starting from 0, for the record that contains the
+-- data.
+newRecord ::
+  Record
+newRecord =
+  Record'
+    { jsonPath = Prelude.Nothing,
+      recordIndex = Prelude.Nothing
+    }
+
+-- | The path, as a JSONPath expression, to the field in the record that
+-- contains the data. If the field name is longer than 20 characters, it is
+-- truncated. If the path is longer than 250 characters, it is truncated.
+record_jsonPath :: Lens.Lens' Record (Prelude.Maybe Prelude.Text)
+record_jsonPath = Lens.lens (\Record' {jsonPath} -> jsonPath) (\s@Record' {} a -> s {jsonPath = a} :: Record)
+
+-- | The record index, starting from 0, for the record that contains the
+-- data.
+record_recordIndex :: Lens.Lens' Record (Prelude.Maybe Prelude.Integer)
+record_recordIndex = Lens.lens (\Record' {recordIndex} -> recordIndex) (\s@Record' {} a -> s {recordIndex = a} :: Record)
+
+instance Data.FromJSON Record where
+  parseJSON =
+    Data.withObject
+      "Record"
+      ( \x ->
+          Record'
+            Prelude.<$> (x Data..:? "JsonPath")
+            Prelude.<*> (x Data..:? "RecordIndex")
+      )
+
+instance Prelude.Hashable Record where
+  hashWithSalt _salt Record' {..} =
+    _salt
+      `Prelude.hashWithSalt` jsonPath
+      `Prelude.hashWithSalt` recordIndex
+
+instance Prelude.NFData Record where
+  rnf Record' {..} =
+    Prelude.rnf jsonPath
+      `Prelude.seq` Prelude.rnf recordIndex
+
+instance Data.ToJSON Record where
+  toJSON Record' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("JsonPath" Data..=) Prelude.<$> jsonPath,
+            ("RecordIndex" Data..=) Prelude.<$> recordIndex
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/RecordState.hs b/gen/Amazonka/SecurityHub/Types/RecordState.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RecordState.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RecordState
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RecordState
+  ( RecordState
+      ( ..,
+        RecordState_ACTIVE,
+        RecordState_ARCHIVED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype RecordState = RecordState'
+  { fromRecordState ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern RecordState_ACTIVE :: RecordState
+pattern RecordState_ACTIVE = RecordState' "ACTIVE"
+
+pattern RecordState_ARCHIVED :: RecordState
+pattern RecordState_ARCHIVED = RecordState' "ARCHIVED"
+
+{-# COMPLETE
+  RecordState_ACTIVE,
+  RecordState_ARCHIVED,
+  RecordState'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/RelatedFinding.hs b/gen/Amazonka/SecurityHub/Types/RelatedFinding.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RelatedFinding.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RelatedFinding
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RelatedFinding where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about a related finding.
+--
+-- /See:/ 'newRelatedFinding' smart constructor.
+data RelatedFinding = RelatedFinding'
+  { -- | The ARN of the product that generated a related finding.
+    productArn :: Prelude.Text,
+    -- | The product-generated identifier for a related finding.
+    id :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RelatedFinding' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'productArn', 'relatedFinding_productArn' - The ARN of the product that generated a related finding.
+--
+-- 'id', 'relatedFinding_id' - The product-generated identifier for a related finding.
+newRelatedFinding ::
+  -- | 'productArn'
+  Prelude.Text ->
+  -- | 'id'
+  Prelude.Text ->
+  RelatedFinding
+newRelatedFinding pProductArn_ pId_ =
+  RelatedFinding'
+    { productArn = pProductArn_,
+      id = pId_
+    }
+
+-- | The ARN of the product that generated a related finding.
+relatedFinding_productArn :: Lens.Lens' RelatedFinding Prelude.Text
+relatedFinding_productArn = Lens.lens (\RelatedFinding' {productArn} -> productArn) (\s@RelatedFinding' {} a -> s {productArn = a} :: RelatedFinding)
+
+-- | The product-generated identifier for a related finding.
+relatedFinding_id :: Lens.Lens' RelatedFinding Prelude.Text
+relatedFinding_id = Lens.lens (\RelatedFinding' {id} -> id) (\s@RelatedFinding' {} a -> s {id = a} :: RelatedFinding)
+
+instance Data.FromJSON RelatedFinding where
+  parseJSON =
+    Data.withObject
+      "RelatedFinding"
+      ( \x ->
+          RelatedFinding'
+            Prelude.<$> (x Data..: "ProductArn")
+            Prelude.<*> (x Data..: "Id")
+      )
+
+instance Prelude.Hashable RelatedFinding where
+  hashWithSalt _salt RelatedFinding' {..} =
+    _salt
+      `Prelude.hashWithSalt` productArn
+      `Prelude.hashWithSalt` id
+
+instance Prelude.NFData RelatedFinding where
+  rnf RelatedFinding' {..} =
+    Prelude.rnf productArn `Prelude.seq` Prelude.rnf id
+
+instance Data.ToJSON RelatedFinding where
+  toJSON RelatedFinding' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ProductArn" Data..= productArn),
+            Prelude.Just ("Id" Data..= id)
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Remediation.hs b/gen/Amazonka/SecurityHub/Types/Remediation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Remediation.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Remediation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Remediation where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.Recommendation
+
+-- | Details about the remediation steps for a finding.
+--
+-- /See:/ 'newRemediation' smart constructor.
+data Remediation = Remediation'
+  { -- | A recommendation on the steps to take to remediate the issue identified
+    -- by a finding.
+    recommendation :: Prelude.Maybe Recommendation
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Remediation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'recommendation', 'remediation_recommendation' - A recommendation on the steps to take to remediate the issue identified
+-- by a finding.
+newRemediation ::
+  Remediation
+newRemediation =
+  Remediation' {recommendation = Prelude.Nothing}
+
+-- | A recommendation on the steps to take to remediate the issue identified
+-- by a finding.
+remediation_recommendation :: Lens.Lens' Remediation (Prelude.Maybe Recommendation)
+remediation_recommendation = Lens.lens (\Remediation' {recommendation} -> recommendation) (\s@Remediation' {} a -> s {recommendation = a} :: Remediation)
+
+instance Data.FromJSON Remediation where
+  parseJSON =
+    Data.withObject
+      "Remediation"
+      ( \x ->
+          Remediation'
+            Prelude.<$> (x Data..:? "Recommendation")
+      )
+
+instance Prelude.Hashable Remediation where
+  hashWithSalt _salt Remediation' {..} =
+    _salt `Prelude.hashWithSalt` recommendation
+
+instance Prelude.NFData Remediation where
+  rnf Remediation' {..} = Prelude.rnf recommendation
+
+instance Data.ToJSON Remediation where
+  toJSON Remediation' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Recommendation" Data..=)
+              Prelude.<$> recommendation
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Resource.hs b/gen/Amazonka/SecurityHub/Types/Resource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Resource.hs
@@ -0,0 +1,209 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Resource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Resource where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.DataClassificationDetails
+import Amazonka.SecurityHub.Types.Partition
+import Amazonka.SecurityHub.Types.ResourceDetails
+
+-- | A resource related to a finding.
+--
+-- /See:/ 'newResource' smart constructor.
+data Resource = Resource'
+  { -- | Contains information about sensitive data that was detected on the
+    -- resource.
+    dataClassification :: Prelude.Maybe DataClassificationDetails,
+    -- | Additional details about the resource related to a finding.
+    details :: Prelude.Maybe ResourceDetails,
+    -- | The canonical Amazon Web Services partition name that the Region is
+    -- assigned to.
+    partition :: Prelude.Maybe Partition,
+    -- | The canonical Amazon Web Services external Region name where this
+    -- resource is located.
+    region :: Prelude.Maybe Prelude.Text,
+    -- | Identifies the role of the resource in the finding. A resource is either
+    -- the actor or target of the finding activity,
+    resourceRole :: Prelude.Maybe Prelude.Text,
+    -- | A list of Amazon Web Services tags associated with a resource at the
+    -- time the finding was processed.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The type of the resource that details are provided for. If possible, set
+    -- @Type@ to one of the supported resource types. For example, if the
+    -- resource is an EC2 instance, then set @Type@ to @AwsEc2Instance@.
+    --
+    -- If the resource does not match any of the provided types, then set
+    -- @Type@ to @Other@.
+    type' :: Prelude.Text,
+    -- | The canonical identifier for the given resource type.
+    id :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Resource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dataClassification', 'resource_dataClassification' - Contains information about sensitive data that was detected on the
+-- resource.
+--
+-- 'details', 'resource_details' - Additional details about the resource related to a finding.
+--
+-- 'partition', 'resource_partition' - The canonical Amazon Web Services partition name that the Region is
+-- assigned to.
+--
+-- 'region', 'resource_region' - The canonical Amazon Web Services external Region name where this
+-- resource is located.
+--
+-- 'resourceRole', 'resource_resourceRole' - Identifies the role of the resource in the finding. A resource is either
+-- the actor or target of the finding activity,
+--
+-- 'tags', 'resource_tags' - A list of Amazon Web Services tags associated with a resource at the
+-- time the finding was processed.
+--
+-- 'type'', 'resource_type' - The type of the resource that details are provided for. If possible, set
+-- @Type@ to one of the supported resource types. For example, if the
+-- resource is an EC2 instance, then set @Type@ to @AwsEc2Instance@.
+--
+-- If the resource does not match any of the provided types, then set
+-- @Type@ to @Other@.
+--
+-- 'id', 'resource_id' - The canonical identifier for the given resource type.
+newResource ::
+  -- | 'type''
+  Prelude.Text ->
+  -- | 'id'
+  Prelude.Text ->
+  Resource
+newResource pType_ pId_ =
+  Resource'
+    { dataClassification = Prelude.Nothing,
+      details = Prelude.Nothing,
+      partition = Prelude.Nothing,
+      region = Prelude.Nothing,
+      resourceRole = Prelude.Nothing,
+      tags = Prelude.Nothing,
+      type' = pType_,
+      id = pId_
+    }
+
+-- | Contains information about sensitive data that was detected on the
+-- resource.
+resource_dataClassification :: Lens.Lens' Resource (Prelude.Maybe DataClassificationDetails)
+resource_dataClassification = Lens.lens (\Resource' {dataClassification} -> dataClassification) (\s@Resource' {} a -> s {dataClassification = a} :: Resource)
+
+-- | Additional details about the resource related to a finding.
+resource_details :: Lens.Lens' Resource (Prelude.Maybe ResourceDetails)
+resource_details = Lens.lens (\Resource' {details} -> details) (\s@Resource' {} a -> s {details = a} :: Resource)
+
+-- | The canonical Amazon Web Services partition name that the Region is
+-- assigned to.
+resource_partition :: Lens.Lens' Resource (Prelude.Maybe Partition)
+resource_partition = Lens.lens (\Resource' {partition} -> partition) (\s@Resource' {} a -> s {partition = a} :: Resource)
+
+-- | The canonical Amazon Web Services external Region name where this
+-- resource is located.
+resource_region :: Lens.Lens' Resource (Prelude.Maybe Prelude.Text)
+resource_region = Lens.lens (\Resource' {region} -> region) (\s@Resource' {} a -> s {region = a} :: Resource)
+
+-- | Identifies the role of the resource in the finding. A resource is either
+-- the actor or target of the finding activity,
+resource_resourceRole :: Lens.Lens' Resource (Prelude.Maybe Prelude.Text)
+resource_resourceRole = Lens.lens (\Resource' {resourceRole} -> resourceRole) (\s@Resource' {} a -> s {resourceRole = a} :: Resource)
+
+-- | A list of Amazon Web Services tags associated with a resource at the
+-- time the finding was processed.
+resource_tags :: Lens.Lens' Resource (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+resource_tags = Lens.lens (\Resource' {tags} -> tags) (\s@Resource' {} a -> s {tags = a} :: Resource) Prelude.. Lens.mapping Lens.coerced
+
+-- | The type of the resource that details are provided for. If possible, set
+-- @Type@ to one of the supported resource types. For example, if the
+-- resource is an EC2 instance, then set @Type@ to @AwsEc2Instance@.
+--
+-- If the resource does not match any of the provided types, then set
+-- @Type@ to @Other@.
+resource_type :: Lens.Lens' Resource Prelude.Text
+resource_type = Lens.lens (\Resource' {type'} -> type') (\s@Resource' {} a -> s {type' = a} :: Resource)
+
+-- | The canonical identifier for the given resource type.
+resource_id :: Lens.Lens' Resource Prelude.Text
+resource_id = Lens.lens (\Resource' {id} -> id) (\s@Resource' {} a -> s {id = a} :: Resource)
+
+instance Data.FromJSON Resource where
+  parseJSON =
+    Data.withObject
+      "Resource"
+      ( \x ->
+          Resource'
+            Prelude.<$> (x Data..:? "DataClassification")
+            Prelude.<*> (x Data..:? "Details")
+            Prelude.<*> (x Data..:? "Partition")
+            Prelude.<*> (x Data..:? "Region")
+            Prelude.<*> (x Data..:? "ResourceRole")
+            Prelude.<*> (x Data..:? "Tags" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "Type")
+            Prelude.<*> (x Data..: "Id")
+      )
+
+instance Prelude.Hashable Resource where
+  hashWithSalt _salt Resource' {..} =
+    _salt
+      `Prelude.hashWithSalt` dataClassification
+      `Prelude.hashWithSalt` details
+      `Prelude.hashWithSalt` partition
+      `Prelude.hashWithSalt` region
+      `Prelude.hashWithSalt` resourceRole
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` type'
+      `Prelude.hashWithSalt` id
+
+instance Prelude.NFData Resource where
+  rnf Resource' {..} =
+    Prelude.rnf dataClassification
+      `Prelude.seq` Prelude.rnf details
+      `Prelude.seq` Prelude.rnf partition
+      `Prelude.seq` Prelude.rnf region
+      `Prelude.seq` Prelude.rnf resourceRole
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf type'
+      `Prelude.seq` Prelude.rnf id
+
+instance Data.ToJSON Resource where
+  toJSON Resource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("DataClassification" Data..=)
+              Prelude.<$> dataClassification,
+            ("Details" Data..=) Prelude.<$> details,
+            ("Partition" Data..=) Prelude.<$> partition,
+            ("Region" Data..=) Prelude.<$> region,
+            ("ResourceRole" Data..=) Prelude.<$> resourceRole,
+            ("Tags" Data..=) Prelude.<$> tags,
+            Prelude.Just ("Type" Data..= type'),
+            Prelude.Just ("Id" Data..= id)
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/ResourceDetails.hs b/gen/Amazonka/SecurityHub/Types/ResourceDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ResourceDetails.hs
@@ -0,0 +1,1432 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ResourceDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ResourceDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.AwsApiGatewayRestApiDetails
+import Amazonka.SecurityHub.Types.AwsApiGatewayStageDetails
+import Amazonka.SecurityHub.Types.AwsApiGatewayV2ApiDetails
+import Amazonka.SecurityHub.Types.AwsApiGatewayV2StageDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingAutoScalingGroupDetails
+import Amazonka.SecurityHub.Types.AwsAutoScalingLaunchConfigurationDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupPlanDetails
+import Amazonka.SecurityHub.Types.AwsBackupBackupVaultDetails
+import Amazonka.SecurityHub.Types.AwsBackupRecoveryPointDetails
+import Amazonka.SecurityHub.Types.AwsCertificateManagerCertificateDetails
+import Amazonka.SecurityHub.Types.AwsCloudFormationStackDetails
+import Amazonka.SecurityHub.Types.AwsCloudFrontDistributionDetails
+import Amazonka.SecurityHub.Types.AwsCloudTrailTrailDetails
+import Amazonka.SecurityHub.Types.AwsCloudWatchAlarmDetails
+import Amazonka.SecurityHub.Types.AwsCodeBuildProjectDetails
+import Amazonka.SecurityHub.Types.AwsDynamoDbTableDetails
+import Amazonka.SecurityHub.Types.AwsEc2EipDetails
+import Amazonka.SecurityHub.Types.AwsEc2InstanceDetails
+import Amazonka.SecurityHub.Types.AwsEc2LaunchTemplateDetails
+import Amazonka.SecurityHub.Types.AwsEc2NetworkAclDetails
+import Amazonka.SecurityHub.Types.AwsEc2NetworkInterfaceDetails
+import Amazonka.SecurityHub.Types.AwsEc2SecurityGroupDetails
+import Amazonka.SecurityHub.Types.AwsEc2SubnetDetails
+import Amazonka.SecurityHub.Types.AwsEc2TransitGatewayDetails
+import Amazonka.SecurityHub.Types.AwsEc2VolumeDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcEndpointServiceDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpcPeeringConnectionDetails
+import Amazonka.SecurityHub.Types.AwsEc2VpnConnectionDetails
+import Amazonka.SecurityHub.Types.AwsEcrContainerImageDetails
+import Amazonka.SecurityHub.Types.AwsEcrRepositoryDetails
+import Amazonka.SecurityHub.Types.AwsEcsClusterDetails
+import Amazonka.SecurityHub.Types.AwsEcsContainerDetails
+import Amazonka.SecurityHub.Types.AwsEcsServiceDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDefinitionDetails
+import Amazonka.SecurityHub.Types.AwsEcsTaskDetails
+import Amazonka.SecurityHub.Types.AwsEfsAccessPointDetails
+import Amazonka.SecurityHub.Types.AwsEksClusterDetails
+import Amazonka.SecurityHub.Types.AwsElasticBeanstalkEnvironmentDetails
+import Amazonka.SecurityHub.Types.AwsElasticsearchDomainDetails
+import Amazonka.SecurityHub.Types.AwsElbLoadBalancerDetails
+import Amazonka.SecurityHub.Types.AwsElbv2LoadBalancerDetails
+import Amazonka.SecurityHub.Types.AwsIamAccessKeyDetails
+import Amazonka.SecurityHub.Types.AwsIamGroupDetails
+import Amazonka.SecurityHub.Types.AwsIamPolicyDetails
+import Amazonka.SecurityHub.Types.AwsIamRoleDetails
+import Amazonka.SecurityHub.Types.AwsIamUserDetails
+import Amazonka.SecurityHub.Types.AwsKinesisStreamDetails
+import Amazonka.SecurityHub.Types.AwsKmsKeyDetails
+import Amazonka.SecurityHub.Types.AwsLambdaFunctionDetails
+import Amazonka.SecurityHub.Types.AwsLambdaLayerVersionDetails
+import Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallDetails
+import Amazonka.SecurityHub.Types.AwsNetworkFirewallFirewallPolicyDetails
+import Amazonka.SecurityHub.Types.AwsNetworkFirewallRuleGroupDetails
+import Amazonka.SecurityHub.Types.AwsOpenSearchServiceDomainDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbClusterDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbClusterSnapshotDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbInstanceDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbSecurityGroupDetails
+import Amazonka.SecurityHub.Types.AwsRdsDbSnapshotDetails
+import Amazonka.SecurityHub.Types.AwsRdsEventSubscriptionDetails
+import Amazonka.SecurityHub.Types.AwsRedshiftClusterDetails
+import Amazonka.SecurityHub.Types.AwsS3AccountPublicAccessBlockDetails
+import Amazonka.SecurityHub.Types.AwsS3BucketDetails
+import Amazonka.SecurityHub.Types.AwsS3ObjectDetails
+import Amazonka.SecurityHub.Types.AwsSageMakerNotebookInstanceDetails
+import Amazonka.SecurityHub.Types.AwsSecretsManagerSecretDetails
+import Amazonka.SecurityHub.Types.AwsSnsTopicDetails
+import Amazonka.SecurityHub.Types.AwsSqsQueueDetails
+import Amazonka.SecurityHub.Types.AwsSsmPatchComplianceDetails
+import Amazonka.SecurityHub.Types.AwsWafRateBasedRuleDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalRateBasedRuleDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalRuleDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalRuleGroupDetails
+import Amazonka.SecurityHub.Types.AwsWafRegionalWebAclDetails
+import Amazonka.SecurityHub.Types.AwsWafRuleDetails
+import Amazonka.SecurityHub.Types.AwsWafRuleGroupDetails
+import Amazonka.SecurityHub.Types.AwsWafWebAclDetails
+import Amazonka.SecurityHub.Types.AwsWafv2RuleGroupDetails
+import Amazonka.SecurityHub.Types.AwsWafv2WebAclDetails
+import Amazonka.SecurityHub.Types.AwsXrayEncryptionConfigDetails
+import Amazonka.SecurityHub.Types.ContainerDetails
+
+-- | Additional details about a resource related to a finding.
+--
+-- To provide the details, use the object that corresponds to the resource
+-- type. For example, if the resource type is @AwsEc2Instance@, then you
+-- use the @AwsEc2Instance@ object to provide the details.
+--
+-- If the type-specific object does not contain all of the fields you want
+-- to populate, then you use the @Other@ object to populate those
+-- additional fields.
+--
+-- You also use the @Other@ object to populate the details when the
+-- selected type does not have a corresponding object.
+--
+-- /See:/ 'newResourceDetails' smart constructor.
+data ResourceDetails = ResourceDetails'
+  { -- | Provides information about a REST API in version 1 of Amazon API
+    -- Gateway.
+    awsApiGatewayRestApi :: Prelude.Maybe AwsApiGatewayRestApiDetails,
+    -- | Provides information about a version 1 Amazon API Gateway stage.
+    awsApiGatewayStage :: Prelude.Maybe AwsApiGatewayStageDetails,
+    -- | Provides information about a version 2 API in Amazon API Gateway.
+    awsApiGatewayV2Api :: Prelude.Maybe AwsApiGatewayV2ApiDetails,
+    -- | Provides information about a version 2 stage for Amazon API Gateway.
+    awsApiGatewayV2Stage :: Prelude.Maybe AwsApiGatewayV2StageDetails,
+    -- | Details for an autoscaling group.
+    awsAutoScalingAutoScalingGroup :: Prelude.Maybe AwsAutoScalingAutoScalingGroupDetails,
+    -- | Provides details about a launch configuration.
+    awsAutoScalingLaunchConfiguration :: Prelude.Maybe AwsAutoScalingLaunchConfigurationDetails,
+    -- | Provides details about an Backup backup plan.
+    awsBackupBackupPlan :: Prelude.Maybe AwsBackupBackupPlanDetails,
+    -- | Provides details about an Backup backup vault.
+    awsBackupBackupVault :: Prelude.Maybe AwsBackupBackupVaultDetails,
+    -- | Provides details about an Backup backup, or recovery point.
+    awsBackupRecoveryPoint :: Prelude.Maybe AwsBackupRecoveryPointDetails,
+    -- | Provides details about an Certificate Manager certificate.
+    awsCertificateManagerCertificate :: Prelude.Maybe AwsCertificateManagerCertificateDetails,
+    -- | Details about an CloudFormation stack. A stack is a collection of Amazon
+    -- Web Services resources that you can manage as a single unit.
+    awsCloudFormationStack :: Prelude.Maybe AwsCloudFormationStackDetails,
+    -- | Details about a CloudFront distribution.
+    awsCloudFrontDistribution :: Prelude.Maybe AwsCloudFrontDistributionDetails,
+    -- | Provides details about a CloudTrail trail.
+    awsCloudTrailTrail :: Prelude.Maybe AwsCloudTrailTrailDetails,
+    -- | Details about an Amazon CloudWatch alarm. An alarm allows you to monitor
+    -- and receive alerts about your Amazon Web Services resources and
+    -- applications across multiple Regions.
+    awsCloudWatchAlarm :: Prelude.Maybe AwsCloudWatchAlarmDetails,
+    -- | Details for an CodeBuild project.
+    awsCodeBuildProject :: Prelude.Maybe AwsCodeBuildProjectDetails,
+    -- | Details about a DynamoDB table.
+    awsDynamoDbTable :: Prelude.Maybe AwsDynamoDbTableDetails,
+    -- | Details about an Elastic IP address.
+    awsEc2Eip :: Prelude.Maybe AwsEc2EipDetails,
+    -- | Details about an EC2 instance related to a finding.
+    awsEc2Instance :: Prelude.Maybe AwsEc2InstanceDetails,
+    awsEc2LaunchTemplate :: Prelude.Maybe AwsEc2LaunchTemplateDetails,
+    -- | Details about an EC2 network access control list (ACL).
+    awsEc2NetworkAcl :: Prelude.Maybe AwsEc2NetworkAclDetails,
+    -- | Details for an EC2 network interface.
+    awsEc2NetworkInterface :: Prelude.Maybe AwsEc2NetworkInterfaceDetails,
+    -- | Details for an EC2 security group.
+    awsEc2SecurityGroup :: Prelude.Maybe AwsEc2SecurityGroupDetails,
+    -- | Details about a subnet in Amazon EC2.
+    awsEc2Subnet :: Prelude.Maybe AwsEc2SubnetDetails,
+    -- | Details about an Amazon EC2 transit gateway that interconnects your
+    -- virtual private clouds (VPC) and on-premises networks.
+    awsEc2TransitGateway :: Prelude.Maybe AwsEc2TransitGatewayDetails,
+    -- | Details for an Amazon EC2 volume.
+    awsEc2Volume :: Prelude.Maybe AwsEc2VolumeDetails,
+    -- | Details for an Amazon EC2 VPC.
+    awsEc2Vpc :: Prelude.Maybe AwsEc2VpcDetails,
+    -- | Details about the service configuration for a VPC endpoint service.
+    awsEc2VpcEndpointService :: Prelude.Maybe AwsEc2VpcEndpointServiceDetails,
+    -- | Details about an Amazon EC2 VPC peering connection. A VPC peering
+    -- connection is a networking connection between two VPCs that enables you
+    -- to route traffic between them privately.
+    awsEc2VpcPeeringConnection :: Prelude.Maybe AwsEc2VpcPeeringConnectionDetails,
+    -- | Details about an Amazon EC2 VPN connection.
+    awsEc2VpnConnection :: Prelude.Maybe AwsEc2VpnConnectionDetails,
+    -- | Information about an Amazon ECR image.
+    awsEcrContainerImage :: Prelude.Maybe AwsEcrContainerImageDetails,
+    -- | Information about an Amazon Elastic Container Registry repository.
+    awsEcrRepository :: Prelude.Maybe AwsEcrRepositoryDetails,
+    -- | Details about an Amazon ECS cluster.
+    awsEcsCluster :: Prelude.Maybe AwsEcsClusterDetails,
+    -- | Provides information about a Docker container that\'s part of a task.
+    awsEcsContainer :: Prelude.Maybe AwsEcsContainerDetails,
+    -- | Details about a service within an ECS cluster.
+    awsEcsService :: Prelude.Maybe AwsEcsServiceDetails,
+    -- | Details about a task in a cluster.
+    awsEcsTask :: Prelude.Maybe AwsEcsTaskDetails,
+    -- | Details about a task definition. A task definition describes the
+    -- container and volume definitions of an Amazon Elastic Container Service
+    -- task.
+    awsEcsTaskDefinition :: Prelude.Maybe AwsEcsTaskDefinitionDetails,
+    -- | Details about an Amazon EFS access point. An access point is an
+    -- application-specific view into an EFS file system that applies an
+    -- operating system user and group, and a file system path, to any file
+    -- system request made through the access point.
+    awsEfsAccessPoint :: Prelude.Maybe AwsEfsAccessPointDetails,
+    -- | Details about an Amazon EKS cluster.
+    awsEksCluster :: Prelude.Maybe AwsEksClusterDetails,
+    -- | Details about an Elastic Beanstalk environment.
+    awsElasticBeanstalkEnvironment :: Prelude.Maybe AwsElasticBeanstalkEnvironmentDetails,
+    -- | Details for an Elasticsearch domain.
+    awsElasticsearchDomain :: Prelude.Maybe AwsElasticsearchDomainDetails,
+    -- | Contains details about a Classic Load Balancer.
+    awsElbLoadBalancer :: Prelude.Maybe AwsElbLoadBalancerDetails,
+    -- | Details about a load balancer.
+    awsElbv2LoadBalancer :: Prelude.Maybe AwsElbv2LoadBalancerDetails,
+    -- | Details about an IAM access key related to a finding.
+    awsIamAccessKey :: Prelude.Maybe AwsIamAccessKeyDetails,
+    -- | Contains details about an IAM group.
+    awsIamGroup :: Prelude.Maybe AwsIamGroupDetails,
+    -- | Details about an IAM permissions policy.
+    awsIamPolicy :: Prelude.Maybe AwsIamPolicyDetails,
+    -- | Details about an IAM role.
+    awsIamRole :: Prelude.Maybe AwsIamRoleDetails,
+    -- | Details about an IAM user.
+    awsIamUser :: Prelude.Maybe AwsIamUserDetails,
+    -- | Details about an Amazon Kinesis data stream.
+    awsKinesisStream :: Prelude.Maybe AwsKinesisStreamDetails,
+    -- | Details about an KMS key.
+    awsKmsKey :: Prelude.Maybe AwsKmsKeyDetails,
+    -- | Details about a Lambda function.
+    awsLambdaFunction :: Prelude.Maybe AwsLambdaFunctionDetails,
+    -- | Details for a Lambda layer version.
+    awsLambdaLayerVersion :: Prelude.Maybe AwsLambdaLayerVersionDetails,
+    -- | Details about an Network Firewall firewall.
+    awsNetworkFirewallFirewall :: Prelude.Maybe AwsNetworkFirewallFirewallDetails,
+    -- | Details about an Network Firewall firewall policy.
+    awsNetworkFirewallFirewallPolicy :: Prelude.Maybe AwsNetworkFirewallFirewallPolicyDetails,
+    -- | Details about an Network Firewall rule group.
+    awsNetworkFirewallRuleGroup :: Prelude.Maybe AwsNetworkFirewallRuleGroupDetails,
+    -- | Details about an Amazon OpenSearch Service domain.
+    awsOpenSearchServiceDomain :: Prelude.Maybe AwsOpenSearchServiceDomainDetails,
+    -- | Details about an Amazon RDS database cluster.
+    awsRdsDbCluster :: Prelude.Maybe AwsRdsDbClusterDetails,
+    -- | Details about an Amazon RDS database cluster snapshot.
+    awsRdsDbClusterSnapshot :: Prelude.Maybe AwsRdsDbClusterSnapshotDetails,
+    -- | Details about an Amazon RDS database instance.
+    awsRdsDbInstance :: Prelude.Maybe AwsRdsDbInstanceDetails,
+    -- | Details about an Amazon RDS DB security group.
+    awsRdsDbSecurityGroup :: Prelude.Maybe AwsRdsDbSecurityGroupDetails,
+    -- | Details about an Amazon RDS database snapshot.
+    awsRdsDbSnapshot :: Prelude.Maybe AwsRdsDbSnapshotDetails,
+    -- | Details about an RDS event notification subscription.
+    awsRdsEventSubscription :: Prelude.Maybe AwsRdsEventSubscriptionDetails,
+    -- | Contains details about an Amazon Redshift cluster.
+    awsRedshiftCluster :: Prelude.Maybe AwsRedshiftClusterDetails,
+    -- | Details about the Amazon S3 Public Access Block configuration for an
+    -- account.
+    awsS3AccountPublicAccessBlock :: Prelude.Maybe AwsS3AccountPublicAccessBlockDetails,
+    -- | Details about an S3 bucket related to a finding.
+    awsS3Bucket :: Prelude.Maybe AwsS3BucketDetails,
+    -- | Details about an S3 object related to a finding.
+    awsS3Object :: Prelude.Maybe AwsS3ObjectDetails,
+    awsSageMakerNotebookInstance :: Prelude.Maybe AwsSageMakerNotebookInstanceDetails,
+    -- | Details about a Secrets Manager secret.
+    awsSecretsManagerSecret :: Prelude.Maybe AwsSecretsManagerSecretDetails,
+    -- | Details about an SNS topic.
+    awsSnsTopic :: Prelude.Maybe AwsSnsTopicDetails,
+    -- | Details about an SQS queue.
+    awsSqsQueue :: Prelude.Maybe AwsSqsQueueDetails,
+    -- | Provides information about the state of a patch on an instance based on
+    -- the patch baseline that was used to patch the instance.
+    awsSsmPatchCompliance :: Prelude.Maybe AwsSsmPatchComplianceDetails,
+    -- | Details about a rate-based rule for global resources.
+    awsWafRateBasedRule :: Prelude.Maybe AwsWafRateBasedRuleDetails,
+    -- | Details about a rate-based rule for Regional resources.
+    awsWafRegionalRateBasedRule :: Prelude.Maybe AwsWafRegionalRateBasedRuleDetails,
+    -- | Details about an WAF rule for Regional resources.
+    awsWafRegionalRule :: Prelude.Maybe AwsWafRegionalRuleDetails,
+    -- | Details about an WAF rule group for Regional resources.
+    awsWafRegionalRuleGroup :: Prelude.Maybe AwsWafRegionalRuleGroupDetails,
+    -- | Details about an WAF web access control list (web ACL) for Regional
+    -- resources.
+    awsWafRegionalWebAcl :: Prelude.Maybe AwsWafRegionalWebAclDetails,
+    -- | Details about an WAF rule for global resources.
+    awsWafRule :: Prelude.Maybe AwsWafRuleDetails,
+    -- | Details about an WAF rule group for global resources.
+    awsWafRuleGroup :: Prelude.Maybe AwsWafRuleGroupDetails,
+    -- | Details for an WAF web ACL.
+    awsWafWebAcl :: Prelude.Maybe AwsWafWebAclDetails,
+    awsWafv2RuleGroup :: Prelude.Maybe AwsWafv2RuleGroupDetails,
+    awsWafv2WebAcl :: Prelude.Maybe AwsWafv2WebAclDetails,
+    -- | Information about the encryption configuration for X-Ray.
+    awsXrayEncryptionConfig :: Prelude.Maybe AwsXrayEncryptionConfigDetails,
+    -- | Details about a container resource related to a finding.
+    container :: Prelude.Maybe ContainerDetails,
+    -- | Details about a resource that are not available in a type-specific
+    -- details object. Use the @Other@ object in the following cases.
+    --
+    -- -   The type-specific object does not contain all of the fields that you
+    --     want to populate. In this case, first use the type-specific object
+    --     to populate those fields. Use the @Other@ object to populate the
+    --     fields that are missing from the type-specific object.
+    --
+    -- -   The resource type does not have a corresponding object. This
+    --     includes resources for which the type is @Other@.
+    other :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ResourceDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'awsApiGatewayRestApi', 'resourceDetails_awsApiGatewayRestApi' - Provides information about a REST API in version 1 of Amazon API
+-- Gateway.
+--
+-- 'awsApiGatewayStage', 'resourceDetails_awsApiGatewayStage' - Provides information about a version 1 Amazon API Gateway stage.
+--
+-- 'awsApiGatewayV2Api', 'resourceDetails_awsApiGatewayV2Api' - Provides information about a version 2 API in Amazon API Gateway.
+--
+-- 'awsApiGatewayV2Stage', 'resourceDetails_awsApiGatewayV2Stage' - Provides information about a version 2 stage for Amazon API Gateway.
+--
+-- 'awsAutoScalingAutoScalingGroup', 'resourceDetails_awsAutoScalingAutoScalingGroup' - Details for an autoscaling group.
+--
+-- 'awsAutoScalingLaunchConfiguration', 'resourceDetails_awsAutoScalingLaunchConfiguration' - Provides details about a launch configuration.
+--
+-- 'awsBackupBackupPlan', 'resourceDetails_awsBackupBackupPlan' - Provides details about an Backup backup plan.
+--
+-- 'awsBackupBackupVault', 'resourceDetails_awsBackupBackupVault' - Provides details about an Backup backup vault.
+--
+-- 'awsBackupRecoveryPoint', 'resourceDetails_awsBackupRecoveryPoint' - Provides details about an Backup backup, or recovery point.
+--
+-- 'awsCertificateManagerCertificate', 'resourceDetails_awsCertificateManagerCertificate' - Provides details about an Certificate Manager certificate.
+--
+-- 'awsCloudFormationStack', 'resourceDetails_awsCloudFormationStack' - Details about an CloudFormation stack. A stack is a collection of Amazon
+-- Web Services resources that you can manage as a single unit.
+--
+-- 'awsCloudFrontDistribution', 'resourceDetails_awsCloudFrontDistribution' - Details about a CloudFront distribution.
+--
+-- 'awsCloudTrailTrail', 'resourceDetails_awsCloudTrailTrail' - Provides details about a CloudTrail trail.
+--
+-- 'awsCloudWatchAlarm', 'resourceDetails_awsCloudWatchAlarm' - Details about an Amazon CloudWatch alarm. An alarm allows you to monitor
+-- and receive alerts about your Amazon Web Services resources and
+-- applications across multiple Regions.
+--
+-- 'awsCodeBuildProject', 'resourceDetails_awsCodeBuildProject' - Details for an CodeBuild project.
+--
+-- 'awsDynamoDbTable', 'resourceDetails_awsDynamoDbTable' - Details about a DynamoDB table.
+--
+-- 'awsEc2Eip', 'resourceDetails_awsEc2Eip' - Details about an Elastic IP address.
+--
+-- 'awsEc2Instance', 'resourceDetails_awsEc2Instance' - Details about an EC2 instance related to a finding.
+--
+-- 'awsEc2LaunchTemplate', 'resourceDetails_awsEc2LaunchTemplate' - Undocumented member.
+--
+-- 'awsEc2NetworkAcl', 'resourceDetails_awsEc2NetworkAcl' - Details about an EC2 network access control list (ACL).
+--
+-- 'awsEc2NetworkInterface', 'resourceDetails_awsEc2NetworkInterface' - Details for an EC2 network interface.
+--
+-- 'awsEc2SecurityGroup', 'resourceDetails_awsEc2SecurityGroup' - Details for an EC2 security group.
+--
+-- 'awsEc2Subnet', 'resourceDetails_awsEc2Subnet' - Details about a subnet in Amazon EC2.
+--
+-- 'awsEc2TransitGateway', 'resourceDetails_awsEc2TransitGateway' - Details about an Amazon EC2 transit gateway that interconnects your
+-- virtual private clouds (VPC) and on-premises networks.
+--
+-- 'awsEc2Volume', 'resourceDetails_awsEc2Volume' - Details for an Amazon EC2 volume.
+--
+-- 'awsEc2Vpc', 'resourceDetails_awsEc2Vpc' - Details for an Amazon EC2 VPC.
+--
+-- 'awsEc2VpcEndpointService', 'resourceDetails_awsEc2VpcEndpointService' - Details about the service configuration for a VPC endpoint service.
+--
+-- 'awsEc2VpcPeeringConnection', 'resourceDetails_awsEc2VpcPeeringConnection' - Details about an Amazon EC2 VPC peering connection. A VPC peering
+-- connection is a networking connection between two VPCs that enables you
+-- to route traffic between them privately.
+--
+-- 'awsEc2VpnConnection', 'resourceDetails_awsEc2VpnConnection' - Details about an Amazon EC2 VPN connection.
+--
+-- 'awsEcrContainerImage', 'resourceDetails_awsEcrContainerImage' - Information about an Amazon ECR image.
+--
+-- 'awsEcrRepository', 'resourceDetails_awsEcrRepository' - Information about an Amazon Elastic Container Registry repository.
+--
+-- 'awsEcsCluster', 'resourceDetails_awsEcsCluster' - Details about an Amazon ECS cluster.
+--
+-- 'awsEcsContainer', 'resourceDetails_awsEcsContainer' - Provides information about a Docker container that\'s part of a task.
+--
+-- 'awsEcsService', 'resourceDetails_awsEcsService' - Details about a service within an ECS cluster.
+--
+-- 'awsEcsTask', 'resourceDetails_awsEcsTask' - Details about a task in a cluster.
+--
+-- 'awsEcsTaskDefinition', 'resourceDetails_awsEcsTaskDefinition' - Details about a task definition. A task definition describes the
+-- container and volume definitions of an Amazon Elastic Container Service
+-- task.
+--
+-- 'awsEfsAccessPoint', 'resourceDetails_awsEfsAccessPoint' - Details about an Amazon EFS access point. An access point is an
+-- application-specific view into an EFS file system that applies an
+-- operating system user and group, and a file system path, to any file
+-- system request made through the access point.
+--
+-- 'awsEksCluster', 'resourceDetails_awsEksCluster' - Details about an Amazon EKS cluster.
+--
+-- 'awsElasticBeanstalkEnvironment', 'resourceDetails_awsElasticBeanstalkEnvironment' - Details about an Elastic Beanstalk environment.
+--
+-- 'awsElasticsearchDomain', 'resourceDetails_awsElasticsearchDomain' - Details for an Elasticsearch domain.
+--
+-- 'awsElbLoadBalancer', 'resourceDetails_awsElbLoadBalancer' - Contains details about a Classic Load Balancer.
+--
+-- 'awsElbv2LoadBalancer', 'resourceDetails_awsElbv2LoadBalancer' - Details about a load balancer.
+--
+-- 'awsIamAccessKey', 'resourceDetails_awsIamAccessKey' - Details about an IAM access key related to a finding.
+--
+-- 'awsIamGroup', 'resourceDetails_awsIamGroup' - Contains details about an IAM group.
+--
+-- 'awsIamPolicy', 'resourceDetails_awsIamPolicy' - Details about an IAM permissions policy.
+--
+-- 'awsIamRole', 'resourceDetails_awsIamRole' - Details about an IAM role.
+--
+-- 'awsIamUser', 'resourceDetails_awsIamUser' - Details about an IAM user.
+--
+-- 'awsKinesisStream', 'resourceDetails_awsKinesisStream' - Details about an Amazon Kinesis data stream.
+--
+-- 'awsKmsKey', 'resourceDetails_awsKmsKey' - Details about an KMS key.
+--
+-- 'awsLambdaFunction', 'resourceDetails_awsLambdaFunction' - Details about a Lambda function.
+--
+-- 'awsLambdaLayerVersion', 'resourceDetails_awsLambdaLayerVersion' - Details for a Lambda layer version.
+--
+-- 'awsNetworkFirewallFirewall', 'resourceDetails_awsNetworkFirewallFirewall' - Details about an Network Firewall firewall.
+--
+-- 'awsNetworkFirewallFirewallPolicy', 'resourceDetails_awsNetworkFirewallFirewallPolicy' - Details about an Network Firewall firewall policy.
+--
+-- 'awsNetworkFirewallRuleGroup', 'resourceDetails_awsNetworkFirewallRuleGroup' - Details about an Network Firewall rule group.
+--
+-- 'awsOpenSearchServiceDomain', 'resourceDetails_awsOpenSearchServiceDomain' - Details about an Amazon OpenSearch Service domain.
+--
+-- 'awsRdsDbCluster', 'resourceDetails_awsRdsDbCluster' - Details about an Amazon RDS database cluster.
+--
+-- 'awsRdsDbClusterSnapshot', 'resourceDetails_awsRdsDbClusterSnapshot' - Details about an Amazon RDS database cluster snapshot.
+--
+-- 'awsRdsDbInstance', 'resourceDetails_awsRdsDbInstance' - Details about an Amazon RDS database instance.
+--
+-- 'awsRdsDbSecurityGroup', 'resourceDetails_awsRdsDbSecurityGroup' - Details about an Amazon RDS DB security group.
+--
+-- 'awsRdsDbSnapshot', 'resourceDetails_awsRdsDbSnapshot' - Details about an Amazon RDS database snapshot.
+--
+-- 'awsRdsEventSubscription', 'resourceDetails_awsRdsEventSubscription' - Details about an RDS event notification subscription.
+--
+-- 'awsRedshiftCluster', 'resourceDetails_awsRedshiftCluster' - Contains details about an Amazon Redshift cluster.
+--
+-- 'awsS3AccountPublicAccessBlock', 'resourceDetails_awsS3AccountPublicAccessBlock' - Details about the Amazon S3 Public Access Block configuration for an
+-- account.
+--
+-- 'awsS3Bucket', 'resourceDetails_awsS3Bucket' - Details about an S3 bucket related to a finding.
+--
+-- 'awsS3Object', 'resourceDetails_awsS3Object' - Details about an S3 object related to a finding.
+--
+-- 'awsSageMakerNotebookInstance', 'resourceDetails_awsSageMakerNotebookInstance' - Undocumented member.
+--
+-- 'awsSecretsManagerSecret', 'resourceDetails_awsSecretsManagerSecret' - Details about a Secrets Manager secret.
+--
+-- 'awsSnsTopic', 'resourceDetails_awsSnsTopic' - Details about an SNS topic.
+--
+-- 'awsSqsQueue', 'resourceDetails_awsSqsQueue' - Details about an SQS queue.
+--
+-- 'awsSsmPatchCompliance', 'resourceDetails_awsSsmPatchCompliance' - Provides information about the state of a patch on an instance based on
+-- the patch baseline that was used to patch the instance.
+--
+-- 'awsWafRateBasedRule', 'resourceDetails_awsWafRateBasedRule' - Details about a rate-based rule for global resources.
+--
+-- 'awsWafRegionalRateBasedRule', 'resourceDetails_awsWafRegionalRateBasedRule' - Details about a rate-based rule for Regional resources.
+--
+-- 'awsWafRegionalRule', 'resourceDetails_awsWafRegionalRule' - Details about an WAF rule for Regional resources.
+--
+-- 'awsWafRegionalRuleGroup', 'resourceDetails_awsWafRegionalRuleGroup' - Details about an WAF rule group for Regional resources.
+--
+-- 'awsWafRegionalWebAcl', 'resourceDetails_awsWafRegionalWebAcl' - Details about an WAF web access control list (web ACL) for Regional
+-- resources.
+--
+-- 'awsWafRule', 'resourceDetails_awsWafRule' - Details about an WAF rule for global resources.
+--
+-- 'awsWafRuleGroup', 'resourceDetails_awsWafRuleGroup' - Details about an WAF rule group for global resources.
+--
+-- 'awsWafWebAcl', 'resourceDetails_awsWafWebAcl' - Details for an WAF web ACL.
+--
+-- 'awsWafv2RuleGroup', 'resourceDetails_awsWafv2RuleGroup' - Undocumented member.
+--
+-- 'awsWafv2WebAcl', 'resourceDetails_awsWafv2WebAcl' - Undocumented member.
+--
+-- 'awsXrayEncryptionConfig', 'resourceDetails_awsXrayEncryptionConfig' - Information about the encryption configuration for X-Ray.
+--
+-- 'container', 'resourceDetails_container' - Details about a container resource related to a finding.
+--
+-- 'other', 'resourceDetails_other' - Details about a resource that are not available in a type-specific
+-- details object. Use the @Other@ object in the following cases.
+--
+-- -   The type-specific object does not contain all of the fields that you
+--     want to populate. In this case, first use the type-specific object
+--     to populate those fields. Use the @Other@ object to populate the
+--     fields that are missing from the type-specific object.
+--
+-- -   The resource type does not have a corresponding object. This
+--     includes resources for which the type is @Other@.
+newResourceDetails ::
+  ResourceDetails
+newResourceDetails =
+  ResourceDetails'
+    { awsApiGatewayRestApi =
+        Prelude.Nothing,
+      awsApiGatewayStage = Prelude.Nothing,
+      awsApiGatewayV2Api = Prelude.Nothing,
+      awsApiGatewayV2Stage = Prelude.Nothing,
+      awsAutoScalingAutoScalingGroup = Prelude.Nothing,
+      awsAutoScalingLaunchConfiguration = Prelude.Nothing,
+      awsBackupBackupPlan = Prelude.Nothing,
+      awsBackupBackupVault = Prelude.Nothing,
+      awsBackupRecoveryPoint = Prelude.Nothing,
+      awsCertificateManagerCertificate = Prelude.Nothing,
+      awsCloudFormationStack = Prelude.Nothing,
+      awsCloudFrontDistribution = Prelude.Nothing,
+      awsCloudTrailTrail = Prelude.Nothing,
+      awsCloudWatchAlarm = Prelude.Nothing,
+      awsCodeBuildProject = Prelude.Nothing,
+      awsDynamoDbTable = Prelude.Nothing,
+      awsEc2Eip = Prelude.Nothing,
+      awsEc2Instance = Prelude.Nothing,
+      awsEc2LaunchTemplate = Prelude.Nothing,
+      awsEc2NetworkAcl = Prelude.Nothing,
+      awsEc2NetworkInterface = Prelude.Nothing,
+      awsEc2SecurityGroup = Prelude.Nothing,
+      awsEc2Subnet = Prelude.Nothing,
+      awsEc2TransitGateway = Prelude.Nothing,
+      awsEc2Volume = Prelude.Nothing,
+      awsEc2Vpc = Prelude.Nothing,
+      awsEc2VpcEndpointService = Prelude.Nothing,
+      awsEc2VpcPeeringConnection = Prelude.Nothing,
+      awsEc2VpnConnection = Prelude.Nothing,
+      awsEcrContainerImage = Prelude.Nothing,
+      awsEcrRepository = Prelude.Nothing,
+      awsEcsCluster = Prelude.Nothing,
+      awsEcsContainer = Prelude.Nothing,
+      awsEcsService = Prelude.Nothing,
+      awsEcsTask = Prelude.Nothing,
+      awsEcsTaskDefinition = Prelude.Nothing,
+      awsEfsAccessPoint = Prelude.Nothing,
+      awsEksCluster = Prelude.Nothing,
+      awsElasticBeanstalkEnvironment = Prelude.Nothing,
+      awsElasticsearchDomain = Prelude.Nothing,
+      awsElbLoadBalancer = Prelude.Nothing,
+      awsElbv2LoadBalancer = Prelude.Nothing,
+      awsIamAccessKey = Prelude.Nothing,
+      awsIamGroup = Prelude.Nothing,
+      awsIamPolicy = Prelude.Nothing,
+      awsIamRole = Prelude.Nothing,
+      awsIamUser = Prelude.Nothing,
+      awsKinesisStream = Prelude.Nothing,
+      awsKmsKey = Prelude.Nothing,
+      awsLambdaFunction = Prelude.Nothing,
+      awsLambdaLayerVersion = Prelude.Nothing,
+      awsNetworkFirewallFirewall = Prelude.Nothing,
+      awsNetworkFirewallFirewallPolicy = Prelude.Nothing,
+      awsNetworkFirewallRuleGroup = Prelude.Nothing,
+      awsOpenSearchServiceDomain = Prelude.Nothing,
+      awsRdsDbCluster = Prelude.Nothing,
+      awsRdsDbClusterSnapshot = Prelude.Nothing,
+      awsRdsDbInstance = Prelude.Nothing,
+      awsRdsDbSecurityGroup = Prelude.Nothing,
+      awsRdsDbSnapshot = Prelude.Nothing,
+      awsRdsEventSubscription = Prelude.Nothing,
+      awsRedshiftCluster = Prelude.Nothing,
+      awsS3AccountPublicAccessBlock = Prelude.Nothing,
+      awsS3Bucket = Prelude.Nothing,
+      awsS3Object = Prelude.Nothing,
+      awsSageMakerNotebookInstance = Prelude.Nothing,
+      awsSecretsManagerSecret = Prelude.Nothing,
+      awsSnsTopic = Prelude.Nothing,
+      awsSqsQueue = Prelude.Nothing,
+      awsSsmPatchCompliance = Prelude.Nothing,
+      awsWafRateBasedRule = Prelude.Nothing,
+      awsWafRegionalRateBasedRule = Prelude.Nothing,
+      awsWafRegionalRule = Prelude.Nothing,
+      awsWafRegionalRuleGroup = Prelude.Nothing,
+      awsWafRegionalWebAcl = Prelude.Nothing,
+      awsWafRule = Prelude.Nothing,
+      awsWafRuleGroup = Prelude.Nothing,
+      awsWafWebAcl = Prelude.Nothing,
+      awsWafv2RuleGroup = Prelude.Nothing,
+      awsWafv2WebAcl = Prelude.Nothing,
+      awsXrayEncryptionConfig = Prelude.Nothing,
+      container = Prelude.Nothing,
+      other = Prelude.Nothing
+    }
+
+-- | Provides information about a REST API in version 1 of Amazon API
+-- Gateway.
+resourceDetails_awsApiGatewayRestApi :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsApiGatewayRestApiDetails)
+resourceDetails_awsApiGatewayRestApi = Lens.lens (\ResourceDetails' {awsApiGatewayRestApi} -> awsApiGatewayRestApi) (\s@ResourceDetails' {} a -> s {awsApiGatewayRestApi = a} :: ResourceDetails)
+
+-- | Provides information about a version 1 Amazon API Gateway stage.
+resourceDetails_awsApiGatewayStage :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsApiGatewayStageDetails)
+resourceDetails_awsApiGatewayStage = Lens.lens (\ResourceDetails' {awsApiGatewayStage} -> awsApiGatewayStage) (\s@ResourceDetails' {} a -> s {awsApiGatewayStage = a} :: ResourceDetails)
+
+-- | Provides information about a version 2 API in Amazon API Gateway.
+resourceDetails_awsApiGatewayV2Api :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsApiGatewayV2ApiDetails)
+resourceDetails_awsApiGatewayV2Api = Lens.lens (\ResourceDetails' {awsApiGatewayV2Api} -> awsApiGatewayV2Api) (\s@ResourceDetails' {} a -> s {awsApiGatewayV2Api = a} :: ResourceDetails)
+
+-- | Provides information about a version 2 stage for Amazon API Gateway.
+resourceDetails_awsApiGatewayV2Stage :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsApiGatewayV2StageDetails)
+resourceDetails_awsApiGatewayV2Stage = Lens.lens (\ResourceDetails' {awsApiGatewayV2Stage} -> awsApiGatewayV2Stage) (\s@ResourceDetails' {} a -> s {awsApiGatewayV2Stage = a} :: ResourceDetails)
+
+-- | Details for an autoscaling group.
+resourceDetails_awsAutoScalingAutoScalingGroup :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsAutoScalingAutoScalingGroupDetails)
+resourceDetails_awsAutoScalingAutoScalingGroup = Lens.lens (\ResourceDetails' {awsAutoScalingAutoScalingGroup} -> awsAutoScalingAutoScalingGroup) (\s@ResourceDetails' {} a -> s {awsAutoScalingAutoScalingGroup = a} :: ResourceDetails)
+
+-- | Provides details about a launch configuration.
+resourceDetails_awsAutoScalingLaunchConfiguration :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsAutoScalingLaunchConfigurationDetails)
+resourceDetails_awsAutoScalingLaunchConfiguration = Lens.lens (\ResourceDetails' {awsAutoScalingLaunchConfiguration} -> awsAutoScalingLaunchConfiguration) (\s@ResourceDetails' {} a -> s {awsAutoScalingLaunchConfiguration = a} :: ResourceDetails)
+
+-- | Provides details about an Backup backup plan.
+resourceDetails_awsBackupBackupPlan :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsBackupBackupPlanDetails)
+resourceDetails_awsBackupBackupPlan = Lens.lens (\ResourceDetails' {awsBackupBackupPlan} -> awsBackupBackupPlan) (\s@ResourceDetails' {} a -> s {awsBackupBackupPlan = a} :: ResourceDetails)
+
+-- | Provides details about an Backup backup vault.
+resourceDetails_awsBackupBackupVault :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsBackupBackupVaultDetails)
+resourceDetails_awsBackupBackupVault = Lens.lens (\ResourceDetails' {awsBackupBackupVault} -> awsBackupBackupVault) (\s@ResourceDetails' {} a -> s {awsBackupBackupVault = a} :: ResourceDetails)
+
+-- | Provides details about an Backup backup, or recovery point.
+resourceDetails_awsBackupRecoveryPoint :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsBackupRecoveryPointDetails)
+resourceDetails_awsBackupRecoveryPoint = Lens.lens (\ResourceDetails' {awsBackupRecoveryPoint} -> awsBackupRecoveryPoint) (\s@ResourceDetails' {} a -> s {awsBackupRecoveryPoint = a} :: ResourceDetails)
+
+-- | Provides details about an Certificate Manager certificate.
+resourceDetails_awsCertificateManagerCertificate :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsCertificateManagerCertificateDetails)
+resourceDetails_awsCertificateManagerCertificate = Lens.lens (\ResourceDetails' {awsCertificateManagerCertificate} -> awsCertificateManagerCertificate) (\s@ResourceDetails' {} a -> s {awsCertificateManagerCertificate = a} :: ResourceDetails)
+
+-- | Details about an CloudFormation stack. A stack is a collection of Amazon
+-- Web Services resources that you can manage as a single unit.
+resourceDetails_awsCloudFormationStack :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsCloudFormationStackDetails)
+resourceDetails_awsCloudFormationStack = Lens.lens (\ResourceDetails' {awsCloudFormationStack} -> awsCloudFormationStack) (\s@ResourceDetails' {} a -> s {awsCloudFormationStack = a} :: ResourceDetails)
+
+-- | Details about a CloudFront distribution.
+resourceDetails_awsCloudFrontDistribution :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsCloudFrontDistributionDetails)
+resourceDetails_awsCloudFrontDistribution = Lens.lens (\ResourceDetails' {awsCloudFrontDistribution} -> awsCloudFrontDistribution) (\s@ResourceDetails' {} a -> s {awsCloudFrontDistribution = a} :: ResourceDetails)
+
+-- | Provides details about a CloudTrail trail.
+resourceDetails_awsCloudTrailTrail :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsCloudTrailTrailDetails)
+resourceDetails_awsCloudTrailTrail = Lens.lens (\ResourceDetails' {awsCloudTrailTrail} -> awsCloudTrailTrail) (\s@ResourceDetails' {} a -> s {awsCloudTrailTrail = a} :: ResourceDetails)
+
+-- | Details about an Amazon CloudWatch alarm. An alarm allows you to monitor
+-- and receive alerts about your Amazon Web Services resources and
+-- applications across multiple Regions.
+resourceDetails_awsCloudWatchAlarm :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsCloudWatchAlarmDetails)
+resourceDetails_awsCloudWatchAlarm = Lens.lens (\ResourceDetails' {awsCloudWatchAlarm} -> awsCloudWatchAlarm) (\s@ResourceDetails' {} a -> s {awsCloudWatchAlarm = a} :: ResourceDetails)
+
+-- | Details for an CodeBuild project.
+resourceDetails_awsCodeBuildProject :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsCodeBuildProjectDetails)
+resourceDetails_awsCodeBuildProject = Lens.lens (\ResourceDetails' {awsCodeBuildProject} -> awsCodeBuildProject) (\s@ResourceDetails' {} a -> s {awsCodeBuildProject = a} :: ResourceDetails)
+
+-- | Details about a DynamoDB table.
+resourceDetails_awsDynamoDbTable :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsDynamoDbTableDetails)
+resourceDetails_awsDynamoDbTable = Lens.lens (\ResourceDetails' {awsDynamoDbTable} -> awsDynamoDbTable) (\s@ResourceDetails' {} a -> s {awsDynamoDbTable = a} :: ResourceDetails)
+
+-- | Details about an Elastic IP address.
+resourceDetails_awsEc2Eip :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEc2EipDetails)
+resourceDetails_awsEc2Eip = Lens.lens (\ResourceDetails' {awsEc2Eip} -> awsEc2Eip) (\s@ResourceDetails' {} a -> s {awsEc2Eip = a} :: ResourceDetails)
+
+-- | Details about an EC2 instance related to a finding.
+resourceDetails_awsEc2Instance :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEc2InstanceDetails)
+resourceDetails_awsEc2Instance = Lens.lens (\ResourceDetails' {awsEc2Instance} -> awsEc2Instance) (\s@ResourceDetails' {} a -> s {awsEc2Instance = a} :: ResourceDetails)
+
+-- | Undocumented member.
+resourceDetails_awsEc2LaunchTemplate :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEc2LaunchTemplateDetails)
+resourceDetails_awsEc2LaunchTemplate = Lens.lens (\ResourceDetails' {awsEc2LaunchTemplate} -> awsEc2LaunchTemplate) (\s@ResourceDetails' {} a -> s {awsEc2LaunchTemplate = a} :: ResourceDetails)
+
+-- | Details about an EC2 network access control list (ACL).
+resourceDetails_awsEc2NetworkAcl :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEc2NetworkAclDetails)
+resourceDetails_awsEc2NetworkAcl = Lens.lens (\ResourceDetails' {awsEc2NetworkAcl} -> awsEc2NetworkAcl) (\s@ResourceDetails' {} a -> s {awsEc2NetworkAcl = a} :: ResourceDetails)
+
+-- | Details for an EC2 network interface.
+resourceDetails_awsEc2NetworkInterface :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEc2NetworkInterfaceDetails)
+resourceDetails_awsEc2NetworkInterface = Lens.lens (\ResourceDetails' {awsEc2NetworkInterface} -> awsEc2NetworkInterface) (\s@ResourceDetails' {} a -> s {awsEc2NetworkInterface = a} :: ResourceDetails)
+
+-- | Details for an EC2 security group.
+resourceDetails_awsEc2SecurityGroup :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEc2SecurityGroupDetails)
+resourceDetails_awsEc2SecurityGroup = Lens.lens (\ResourceDetails' {awsEc2SecurityGroup} -> awsEc2SecurityGroup) (\s@ResourceDetails' {} a -> s {awsEc2SecurityGroup = a} :: ResourceDetails)
+
+-- | Details about a subnet in Amazon EC2.
+resourceDetails_awsEc2Subnet :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEc2SubnetDetails)
+resourceDetails_awsEc2Subnet = Lens.lens (\ResourceDetails' {awsEc2Subnet} -> awsEc2Subnet) (\s@ResourceDetails' {} a -> s {awsEc2Subnet = a} :: ResourceDetails)
+
+-- | Details about an Amazon EC2 transit gateway that interconnects your
+-- virtual private clouds (VPC) and on-premises networks.
+resourceDetails_awsEc2TransitGateway :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEc2TransitGatewayDetails)
+resourceDetails_awsEc2TransitGateway = Lens.lens (\ResourceDetails' {awsEc2TransitGateway} -> awsEc2TransitGateway) (\s@ResourceDetails' {} a -> s {awsEc2TransitGateway = a} :: ResourceDetails)
+
+-- | Details for an Amazon EC2 volume.
+resourceDetails_awsEc2Volume :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEc2VolumeDetails)
+resourceDetails_awsEc2Volume = Lens.lens (\ResourceDetails' {awsEc2Volume} -> awsEc2Volume) (\s@ResourceDetails' {} a -> s {awsEc2Volume = a} :: ResourceDetails)
+
+-- | Details for an Amazon EC2 VPC.
+resourceDetails_awsEc2Vpc :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEc2VpcDetails)
+resourceDetails_awsEc2Vpc = Lens.lens (\ResourceDetails' {awsEc2Vpc} -> awsEc2Vpc) (\s@ResourceDetails' {} a -> s {awsEc2Vpc = a} :: ResourceDetails)
+
+-- | Details about the service configuration for a VPC endpoint service.
+resourceDetails_awsEc2VpcEndpointService :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEc2VpcEndpointServiceDetails)
+resourceDetails_awsEc2VpcEndpointService = Lens.lens (\ResourceDetails' {awsEc2VpcEndpointService} -> awsEc2VpcEndpointService) (\s@ResourceDetails' {} a -> s {awsEc2VpcEndpointService = a} :: ResourceDetails)
+
+-- | Details about an Amazon EC2 VPC peering connection. A VPC peering
+-- connection is a networking connection between two VPCs that enables you
+-- to route traffic between them privately.
+resourceDetails_awsEc2VpcPeeringConnection :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEc2VpcPeeringConnectionDetails)
+resourceDetails_awsEc2VpcPeeringConnection = Lens.lens (\ResourceDetails' {awsEc2VpcPeeringConnection} -> awsEc2VpcPeeringConnection) (\s@ResourceDetails' {} a -> s {awsEc2VpcPeeringConnection = a} :: ResourceDetails)
+
+-- | Details about an Amazon EC2 VPN connection.
+resourceDetails_awsEc2VpnConnection :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEc2VpnConnectionDetails)
+resourceDetails_awsEc2VpnConnection = Lens.lens (\ResourceDetails' {awsEc2VpnConnection} -> awsEc2VpnConnection) (\s@ResourceDetails' {} a -> s {awsEc2VpnConnection = a} :: ResourceDetails)
+
+-- | Information about an Amazon ECR image.
+resourceDetails_awsEcrContainerImage :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEcrContainerImageDetails)
+resourceDetails_awsEcrContainerImage = Lens.lens (\ResourceDetails' {awsEcrContainerImage} -> awsEcrContainerImage) (\s@ResourceDetails' {} a -> s {awsEcrContainerImage = a} :: ResourceDetails)
+
+-- | Information about an Amazon Elastic Container Registry repository.
+resourceDetails_awsEcrRepository :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEcrRepositoryDetails)
+resourceDetails_awsEcrRepository = Lens.lens (\ResourceDetails' {awsEcrRepository} -> awsEcrRepository) (\s@ResourceDetails' {} a -> s {awsEcrRepository = a} :: ResourceDetails)
+
+-- | Details about an Amazon ECS cluster.
+resourceDetails_awsEcsCluster :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEcsClusterDetails)
+resourceDetails_awsEcsCluster = Lens.lens (\ResourceDetails' {awsEcsCluster} -> awsEcsCluster) (\s@ResourceDetails' {} a -> s {awsEcsCluster = a} :: ResourceDetails)
+
+-- | Provides information about a Docker container that\'s part of a task.
+resourceDetails_awsEcsContainer :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEcsContainerDetails)
+resourceDetails_awsEcsContainer = Lens.lens (\ResourceDetails' {awsEcsContainer} -> awsEcsContainer) (\s@ResourceDetails' {} a -> s {awsEcsContainer = a} :: ResourceDetails)
+
+-- | Details about a service within an ECS cluster.
+resourceDetails_awsEcsService :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEcsServiceDetails)
+resourceDetails_awsEcsService = Lens.lens (\ResourceDetails' {awsEcsService} -> awsEcsService) (\s@ResourceDetails' {} a -> s {awsEcsService = a} :: ResourceDetails)
+
+-- | Details about a task in a cluster.
+resourceDetails_awsEcsTask :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEcsTaskDetails)
+resourceDetails_awsEcsTask = Lens.lens (\ResourceDetails' {awsEcsTask} -> awsEcsTask) (\s@ResourceDetails' {} a -> s {awsEcsTask = a} :: ResourceDetails)
+
+-- | Details about a task definition. A task definition describes the
+-- container and volume definitions of an Amazon Elastic Container Service
+-- task.
+resourceDetails_awsEcsTaskDefinition :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEcsTaskDefinitionDetails)
+resourceDetails_awsEcsTaskDefinition = Lens.lens (\ResourceDetails' {awsEcsTaskDefinition} -> awsEcsTaskDefinition) (\s@ResourceDetails' {} a -> s {awsEcsTaskDefinition = a} :: ResourceDetails)
+
+-- | Details about an Amazon EFS access point. An access point is an
+-- application-specific view into an EFS file system that applies an
+-- operating system user and group, and a file system path, to any file
+-- system request made through the access point.
+resourceDetails_awsEfsAccessPoint :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEfsAccessPointDetails)
+resourceDetails_awsEfsAccessPoint = Lens.lens (\ResourceDetails' {awsEfsAccessPoint} -> awsEfsAccessPoint) (\s@ResourceDetails' {} a -> s {awsEfsAccessPoint = a} :: ResourceDetails)
+
+-- | Details about an Amazon EKS cluster.
+resourceDetails_awsEksCluster :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsEksClusterDetails)
+resourceDetails_awsEksCluster = Lens.lens (\ResourceDetails' {awsEksCluster} -> awsEksCluster) (\s@ResourceDetails' {} a -> s {awsEksCluster = a} :: ResourceDetails)
+
+-- | Details about an Elastic Beanstalk environment.
+resourceDetails_awsElasticBeanstalkEnvironment :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsElasticBeanstalkEnvironmentDetails)
+resourceDetails_awsElasticBeanstalkEnvironment = Lens.lens (\ResourceDetails' {awsElasticBeanstalkEnvironment} -> awsElasticBeanstalkEnvironment) (\s@ResourceDetails' {} a -> s {awsElasticBeanstalkEnvironment = a} :: ResourceDetails)
+
+-- | Details for an Elasticsearch domain.
+resourceDetails_awsElasticsearchDomain :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsElasticsearchDomainDetails)
+resourceDetails_awsElasticsearchDomain = Lens.lens (\ResourceDetails' {awsElasticsearchDomain} -> awsElasticsearchDomain) (\s@ResourceDetails' {} a -> s {awsElasticsearchDomain = a} :: ResourceDetails)
+
+-- | Contains details about a Classic Load Balancer.
+resourceDetails_awsElbLoadBalancer :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsElbLoadBalancerDetails)
+resourceDetails_awsElbLoadBalancer = Lens.lens (\ResourceDetails' {awsElbLoadBalancer} -> awsElbLoadBalancer) (\s@ResourceDetails' {} a -> s {awsElbLoadBalancer = a} :: ResourceDetails)
+
+-- | Details about a load balancer.
+resourceDetails_awsElbv2LoadBalancer :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsElbv2LoadBalancerDetails)
+resourceDetails_awsElbv2LoadBalancer = Lens.lens (\ResourceDetails' {awsElbv2LoadBalancer} -> awsElbv2LoadBalancer) (\s@ResourceDetails' {} a -> s {awsElbv2LoadBalancer = a} :: ResourceDetails)
+
+-- | Details about an IAM access key related to a finding.
+resourceDetails_awsIamAccessKey :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsIamAccessKeyDetails)
+resourceDetails_awsIamAccessKey = Lens.lens (\ResourceDetails' {awsIamAccessKey} -> awsIamAccessKey) (\s@ResourceDetails' {} a -> s {awsIamAccessKey = a} :: ResourceDetails)
+
+-- | Contains details about an IAM group.
+resourceDetails_awsIamGroup :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsIamGroupDetails)
+resourceDetails_awsIamGroup = Lens.lens (\ResourceDetails' {awsIamGroup} -> awsIamGroup) (\s@ResourceDetails' {} a -> s {awsIamGroup = a} :: ResourceDetails)
+
+-- | Details about an IAM permissions policy.
+resourceDetails_awsIamPolicy :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsIamPolicyDetails)
+resourceDetails_awsIamPolicy = Lens.lens (\ResourceDetails' {awsIamPolicy} -> awsIamPolicy) (\s@ResourceDetails' {} a -> s {awsIamPolicy = a} :: ResourceDetails)
+
+-- | Details about an IAM role.
+resourceDetails_awsIamRole :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsIamRoleDetails)
+resourceDetails_awsIamRole = Lens.lens (\ResourceDetails' {awsIamRole} -> awsIamRole) (\s@ResourceDetails' {} a -> s {awsIamRole = a} :: ResourceDetails)
+
+-- | Details about an IAM user.
+resourceDetails_awsIamUser :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsIamUserDetails)
+resourceDetails_awsIamUser = Lens.lens (\ResourceDetails' {awsIamUser} -> awsIamUser) (\s@ResourceDetails' {} a -> s {awsIamUser = a} :: ResourceDetails)
+
+-- | Details about an Amazon Kinesis data stream.
+resourceDetails_awsKinesisStream :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsKinesisStreamDetails)
+resourceDetails_awsKinesisStream = Lens.lens (\ResourceDetails' {awsKinesisStream} -> awsKinesisStream) (\s@ResourceDetails' {} a -> s {awsKinesisStream = a} :: ResourceDetails)
+
+-- | Details about an KMS key.
+resourceDetails_awsKmsKey :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsKmsKeyDetails)
+resourceDetails_awsKmsKey = Lens.lens (\ResourceDetails' {awsKmsKey} -> awsKmsKey) (\s@ResourceDetails' {} a -> s {awsKmsKey = a} :: ResourceDetails)
+
+-- | Details about a Lambda function.
+resourceDetails_awsLambdaFunction :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsLambdaFunctionDetails)
+resourceDetails_awsLambdaFunction = Lens.lens (\ResourceDetails' {awsLambdaFunction} -> awsLambdaFunction) (\s@ResourceDetails' {} a -> s {awsLambdaFunction = a} :: ResourceDetails)
+
+-- | Details for a Lambda layer version.
+resourceDetails_awsLambdaLayerVersion :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsLambdaLayerVersionDetails)
+resourceDetails_awsLambdaLayerVersion = Lens.lens (\ResourceDetails' {awsLambdaLayerVersion} -> awsLambdaLayerVersion) (\s@ResourceDetails' {} a -> s {awsLambdaLayerVersion = a} :: ResourceDetails)
+
+-- | Details about an Network Firewall firewall.
+resourceDetails_awsNetworkFirewallFirewall :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsNetworkFirewallFirewallDetails)
+resourceDetails_awsNetworkFirewallFirewall = Lens.lens (\ResourceDetails' {awsNetworkFirewallFirewall} -> awsNetworkFirewallFirewall) (\s@ResourceDetails' {} a -> s {awsNetworkFirewallFirewall = a} :: ResourceDetails)
+
+-- | Details about an Network Firewall firewall policy.
+resourceDetails_awsNetworkFirewallFirewallPolicy :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsNetworkFirewallFirewallPolicyDetails)
+resourceDetails_awsNetworkFirewallFirewallPolicy = Lens.lens (\ResourceDetails' {awsNetworkFirewallFirewallPolicy} -> awsNetworkFirewallFirewallPolicy) (\s@ResourceDetails' {} a -> s {awsNetworkFirewallFirewallPolicy = a} :: ResourceDetails)
+
+-- | Details about an Network Firewall rule group.
+resourceDetails_awsNetworkFirewallRuleGroup :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsNetworkFirewallRuleGroupDetails)
+resourceDetails_awsNetworkFirewallRuleGroup = Lens.lens (\ResourceDetails' {awsNetworkFirewallRuleGroup} -> awsNetworkFirewallRuleGroup) (\s@ResourceDetails' {} a -> s {awsNetworkFirewallRuleGroup = a} :: ResourceDetails)
+
+-- | Details about an Amazon OpenSearch Service domain.
+resourceDetails_awsOpenSearchServiceDomain :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsOpenSearchServiceDomainDetails)
+resourceDetails_awsOpenSearchServiceDomain = Lens.lens (\ResourceDetails' {awsOpenSearchServiceDomain} -> awsOpenSearchServiceDomain) (\s@ResourceDetails' {} a -> s {awsOpenSearchServiceDomain = a} :: ResourceDetails)
+
+-- | Details about an Amazon RDS database cluster.
+resourceDetails_awsRdsDbCluster :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsRdsDbClusterDetails)
+resourceDetails_awsRdsDbCluster = Lens.lens (\ResourceDetails' {awsRdsDbCluster} -> awsRdsDbCluster) (\s@ResourceDetails' {} a -> s {awsRdsDbCluster = a} :: ResourceDetails)
+
+-- | Details about an Amazon RDS database cluster snapshot.
+resourceDetails_awsRdsDbClusterSnapshot :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsRdsDbClusterSnapshotDetails)
+resourceDetails_awsRdsDbClusterSnapshot = Lens.lens (\ResourceDetails' {awsRdsDbClusterSnapshot} -> awsRdsDbClusterSnapshot) (\s@ResourceDetails' {} a -> s {awsRdsDbClusterSnapshot = a} :: ResourceDetails)
+
+-- | Details about an Amazon RDS database instance.
+resourceDetails_awsRdsDbInstance :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsRdsDbInstanceDetails)
+resourceDetails_awsRdsDbInstance = Lens.lens (\ResourceDetails' {awsRdsDbInstance} -> awsRdsDbInstance) (\s@ResourceDetails' {} a -> s {awsRdsDbInstance = a} :: ResourceDetails)
+
+-- | Details about an Amazon RDS DB security group.
+resourceDetails_awsRdsDbSecurityGroup :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsRdsDbSecurityGroupDetails)
+resourceDetails_awsRdsDbSecurityGroup = Lens.lens (\ResourceDetails' {awsRdsDbSecurityGroup} -> awsRdsDbSecurityGroup) (\s@ResourceDetails' {} a -> s {awsRdsDbSecurityGroup = a} :: ResourceDetails)
+
+-- | Details about an Amazon RDS database snapshot.
+resourceDetails_awsRdsDbSnapshot :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsRdsDbSnapshotDetails)
+resourceDetails_awsRdsDbSnapshot = Lens.lens (\ResourceDetails' {awsRdsDbSnapshot} -> awsRdsDbSnapshot) (\s@ResourceDetails' {} a -> s {awsRdsDbSnapshot = a} :: ResourceDetails)
+
+-- | Details about an RDS event notification subscription.
+resourceDetails_awsRdsEventSubscription :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsRdsEventSubscriptionDetails)
+resourceDetails_awsRdsEventSubscription = Lens.lens (\ResourceDetails' {awsRdsEventSubscription} -> awsRdsEventSubscription) (\s@ResourceDetails' {} a -> s {awsRdsEventSubscription = a} :: ResourceDetails)
+
+-- | Contains details about an Amazon Redshift cluster.
+resourceDetails_awsRedshiftCluster :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsRedshiftClusterDetails)
+resourceDetails_awsRedshiftCluster = Lens.lens (\ResourceDetails' {awsRedshiftCluster} -> awsRedshiftCluster) (\s@ResourceDetails' {} a -> s {awsRedshiftCluster = a} :: ResourceDetails)
+
+-- | Details about the Amazon S3 Public Access Block configuration for an
+-- account.
+resourceDetails_awsS3AccountPublicAccessBlock :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsS3AccountPublicAccessBlockDetails)
+resourceDetails_awsS3AccountPublicAccessBlock = Lens.lens (\ResourceDetails' {awsS3AccountPublicAccessBlock} -> awsS3AccountPublicAccessBlock) (\s@ResourceDetails' {} a -> s {awsS3AccountPublicAccessBlock = a} :: ResourceDetails)
+
+-- | Details about an S3 bucket related to a finding.
+resourceDetails_awsS3Bucket :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsS3BucketDetails)
+resourceDetails_awsS3Bucket = Lens.lens (\ResourceDetails' {awsS3Bucket} -> awsS3Bucket) (\s@ResourceDetails' {} a -> s {awsS3Bucket = a} :: ResourceDetails)
+
+-- | Details about an S3 object related to a finding.
+resourceDetails_awsS3Object :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsS3ObjectDetails)
+resourceDetails_awsS3Object = Lens.lens (\ResourceDetails' {awsS3Object} -> awsS3Object) (\s@ResourceDetails' {} a -> s {awsS3Object = a} :: ResourceDetails)
+
+-- | Undocumented member.
+resourceDetails_awsSageMakerNotebookInstance :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsSageMakerNotebookInstanceDetails)
+resourceDetails_awsSageMakerNotebookInstance = Lens.lens (\ResourceDetails' {awsSageMakerNotebookInstance} -> awsSageMakerNotebookInstance) (\s@ResourceDetails' {} a -> s {awsSageMakerNotebookInstance = a} :: ResourceDetails)
+
+-- | Details about a Secrets Manager secret.
+resourceDetails_awsSecretsManagerSecret :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsSecretsManagerSecretDetails)
+resourceDetails_awsSecretsManagerSecret = Lens.lens (\ResourceDetails' {awsSecretsManagerSecret} -> awsSecretsManagerSecret) (\s@ResourceDetails' {} a -> s {awsSecretsManagerSecret = a} :: ResourceDetails)
+
+-- | Details about an SNS topic.
+resourceDetails_awsSnsTopic :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsSnsTopicDetails)
+resourceDetails_awsSnsTopic = Lens.lens (\ResourceDetails' {awsSnsTopic} -> awsSnsTopic) (\s@ResourceDetails' {} a -> s {awsSnsTopic = a} :: ResourceDetails)
+
+-- | Details about an SQS queue.
+resourceDetails_awsSqsQueue :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsSqsQueueDetails)
+resourceDetails_awsSqsQueue = Lens.lens (\ResourceDetails' {awsSqsQueue} -> awsSqsQueue) (\s@ResourceDetails' {} a -> s {awsSqsQueue = a} :: ResourceDetails)
+
+-- | Provides information about the state of a patch on an instance based on
+-- the patch baseline that was used to patch the instance.
+resourceDetails_awsSsmPatchCompliance :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsSsmPatchComplianceDetails)
+resourceDetails_awsSsmPatchCompliance = Lens.lens (\ResourceDetails' {awsSsmPatchCompliance} -> awsSsmPatchCompliance) (\s@ResourceDetails' {} a -> s {awsSsmPatchCompliance = a} :: ResourceDetails)
+
+-- | Details about a rate-based rule for global resources.
+resourceDetails_awsWafRateBasedRule :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsWafRateBasedRuleDetails)
+resourceDetails_awsWafRateBasedRule = Lens.lens (\ResourceDetails' {awsWafRateBasedRule} -> awsWafRateBasedRule) (\s@ResourceDetails' {} a -> s {awsWafRateBasedRule = a} :: ResourceDetails)
+
+-- | Details about a rate-based rule for Regional resources.
+resourceDetails_awsWafRegionalRateBasedRule :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsWafRegionalRateBasedRuleDetails)
+resourceDetails_awsWafRegionalRateBasedRule = Lens.lens (\ResourceDetails' {awsWafRegionalRateBasedRule} -> awsWafRegionalRateBasedRule) (\s@ResourceDetails' {} a -> s {awsWafRegionalRateBasedRule = a} :: ResourceDetails)
+
+-- | Details about an WAF rule for Regional resources.
+resourceDetails_awsWafRegionalRule :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsWafRegionalRuleDetails)
+resourceDetails_awsWafRegionalRule = Lens.lens (\ResourceDetails' {awsWafRegionalRule} -> awsWafRegionalRule) (\s@ResourceDetails' {} a -> s {awsWafRegionalRule = a} :: ResourceDetails)
+
+-- | Details about an WAF rule group for Regional resources.
+resourceDetails_awsWafRegionalRuleGroup :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsWafRegionalRuleGroupDetails)
+resourceDetails_awsWafRegionalRuleGroup = Lens.lens (\ResourceDetails' {awsWafRegionalRuleGroup} -> awsWafRegionalRuleGroup) (\s@ResourceDetails' {} a -> s {awsWafRegionalRuleGroup = a} :: ResourceDetails)
+
+-- | Details about an WAF web access control list (web ACL) for Regional
+-- resources.
+resourceDetails_awsWafRegionalWebAcl :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsWafRegionalWebAclDetails)
+resourceDetails_awsWafRegionalWebAcl = Lens.lens (\ResourceDetails' {awsWafRegionalWebAcl} -> awsWafRegionalWebAcl) (\s@ResourceDetails' {} a -> s {awsWafRegionalWebAcl = a} :: ResourceDetails)
+
+-- | Details about an WAF rule for global resources.
+resourceDetails_awsWafRule :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsWafRuleDetails)
+resourceDetails_awsWafRule = Lens.lens (\ResourceDetails' {awsWafRule} -> awsWafRule) (\s@ResourceDetails' {} a -> s {awsWafRule = a} :: ResourceDetails)
+
+-- | Details about an WAF rule group for global resources.
+resourceDetails_awsWafRuleGroup :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsWafRuleGroupDetails)
+resourceDetails_awsWafRuleGroup = Lens.lens (\ResourceDetails' {awsWafRuleGroup} -> awsWafRuleGroup) (\s@ResourceDetails' {} a -> s {awsWafRuleGroup = a} :: ResourceDetails)
+
+-- | Details for an WAF web ACL.
+resourceDetails_awsWafWebAcl :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsWafWebAclDetails)
+resourceDetails_awsWafWebAcl = Lens.lens (\ResourceDetails' {awsWafWebAcl} -> awsWafWebAcl) (\s@ResourceDetails' {} a -> s {awsWafWebAcl = a} :: ResourceDetails)
+
+-- | Undocumented member.
+resourceDetails_awsWafv2RuleGroup :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsWafv2RuleGroupDetails)
+resourceDetails_awsWafv2RuleGroup = Lens.lens (\ResourceDetails' {awsWafv2RuleGroup} -> awsWafv2RuleGroup) (\s@ResourceDetails' {} a -> s {awsWafv2RuleGroup = a} :: ResourceDetails)
+
+-- | Undocumented member.
+resourceDetails_awsWafv2WebAcl :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsWafv2WebAclDetails)
+resourceDetails_awsWafv2WebAcl = Lens.lens (\ResourceDetails' {awsWafv2WebAcl} -> awsWafv2WebAcl) (\s@ResourceDetails' {} a -> s {awsWafv2WebAcl = a} :: ResourceDetails)
+
+-- | Information about the encryption configuration for X-Ray.
+resourceDetails_awsXrayEncryptionConfig :: Lens.Lens' ResourceDetails (Prelude.Maybe AwsXrayEncryptionConfigDetails)
+resourceDetails_awsXrayEncryptionConfig = Lens.lens (\ResourceDetails' {awsXrayEncryptionConfig} -> awsXrayEncryptionConfig) (\s@ResourceDetails' {} a -> s {awsXrayEncryptionConfig = a} :: ResourceDetails)
+
+-- | Details about a container resource related to a finding.
+resourceDetails_container :: Lens.Lens' ResourceDetails (Prelude.Maybe ContainerDetails)
+resourceDetails_container = Lens.lens (\ResourceDetails' {container} -> container) (\s@ResourceDetails' {} a -> s {container = a} :: ResourceDetails)
+
+-- | Details about a resource that are not available in a type-specific
+-- details object. Use the @Other@ object in the following cases.
+--
+-- -   The type-specific object does not contain all of the fields that you
+--     want to populate. In this case, first use the type-specific object
+--     to populate those fields. Use the @Other@ object to populate the
+--     fields that are missing from the type-specific object.
+--
+-- -   The resource type does not have a corresponding object. This
+--     includes resources for which the type is @Other@.
+resourceDetails_other :: Lens.Lens' ResourceDetails (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+resourceDetails_other = Lens.lens (\ResourceDetails' {other} -> other) (\s@ResourceDetails' {} a -> s {other = a} :: ResourceDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON ResourceDetails where
+  parseJSON =
+    Data.withObject
+      "ResourceDetails"
+      ( \x ->
+          ResourceDetails'
+            Prelude.<$> (x Data..:? "AwsApiGatewayRestApi")
+            Prelude.<*> (x Data..:? "AwsApiGatewayStage")
+            Prelude.<*> (x Data..:? "AwsApiGatewayV2Api")
+            Prelude.<*> (x Data..:? "AwsApiGatewayV2Stage")
+            Prelude.<*> (x Data..:? "AwsAutoScalingAutoScalingGroup")
+            Prelude.<*> (x Data..:? "AwsAutoScalingLaunchConfiguration")
+            Prelude.<*> (x Data..:? "AwsBackupBackupPlan")
+            Prelude.<*> (x Data..:? "AwsBackupBackupVault")
+            Prelude.<*> (x Data..:? "AwsBackupRecoveryPoint")
+            Prelude.<*> (x Data..:? "AwsCertificateManagerCertificate")
+            Prelude.<*> (x Data..:? "AwsCloudFormationStack")
+            Prelude.<*> (x Data..:? "AwsCloudFrontDistribution")
+            Prelude.<*> (x Data..:? "AwsCloudTrailTrail")
+            Prelude.<*> (x Data..:? "AwsCloudWatchAlarm")
+            Prelude.<*> (x Data..:? "AwsCodeBuildProject")
+            Prelude.<*> (x Data..:? "AwsDynamoDbTable")
+            Prelude.<*> (x Data..:? "AwsEc2Eip")
+            Prelude.<*> (x Data..:? "AwsEc2Instance")
+            Prelude.<*> (x Data..:? "AwsEc2LaunchTemplate")
+            Prelude.<*> (x Data..:? "AwsEc2NetworkAcl")
+            Prelude.<*> (x Data..:? "AwsEc2NetworkInterface")
+            Prelude.<*> (x Data..:? "AwsEc2SecurityGroup")
+            Prelude.<*> (x Data..:? "AwsEc2Subnet")
+            Prelude.<*> (x Data..:? "AwsEc2TransitGateway")
+            Prelude.<*> (x Data..:? "AwsEc2Volume")
+            Prelude.<*> (x Data..:? "AwsEc2Vpc")
+            Prelude.<*> (x Data..:? "AwsEc2VpcEndpointService")
+            Prelude.<*> (x Data..:? "AwsEc2VpcPeeringConnection")
+            Prelude.<*> (x Data..:? "AwsEc2VpnConnection")
+            Prelude.<*> (x Data..:? "AwsEcrContainerImage")
+            Prelude.<*> (x Data..:? "AwsEcrRepository")
+            Prelude.<*> (x Data..:? "AwsEcsCluster")
+            Prelude.<*> (x Data..:? "AwsEcsContainer")
+            Prelude.<*> (x Data..:? "AwsEcsService")
+            Prelude.<*> (x Data..:? "AwsEcsTask")
+            Prelude.<*> (x Data..:? "AwsEcsTaskDefinition")
+            Prelude.<*> (x Data..:? "AwsEfsAccessPoint")
+            Prelude.<*> (x Data..:? "AwsEksCluster")
+            Prelude.<*> (x Data..:? "AwsElasticBeanstalkEnvironment")
+            Prelude.<*> (x Data..:? "AwsElasticsearchDomain")
+            Prelude.<*> (x Data..:? "AwsElbLoadBalancer")
+            Prelude.<*> (x Data..:? "AwsElbv2LoadBalancer")
+            Prelude.<*> (x Data..:? "AwsIamAccessKey")
+            Prelude.<*> (x Data..:? "AwsIamGroup")
+            Prelude.<*> (x Data..:? "AwsIamPolicy")
+            Prelude.<*> (x Data..:? "AwsIamRole")
+            Prelude.<*> (x Data..:? "AwsIamUser")
+            Prelude.<*> (x Data..:? "AwsKinesisStream")
+            Prelude.<*> (x Data..:? "AwsKmsKey")
+            Prelude.<*> (x Data..:? "AwsLambdaFunction")
+            Prelude.<*> (x Data..:? "AwsLambdaLayerVersion")
+            Prelude.<*> (x Data..:? "AwsNetworkFirewallFirewall")
+            Prelude.<*> (x Data..:? "AwsNetworkFirewallFirewallPolicy")
+            Prelude.<*> (x Data..:? "AwsNetworkFirewallRuleGroup")
+            Prelude.<*> (x Data..:? "AwsOpenSearchServiceDomain")
+            Prelude.<*> (x Data..:? "AwsRdsDbCluster")
+            Prelude.<*> (x Data..:? "AwsRdsDbClusterSnapshot")
+            Prelude.<*> (x Data..:? "AwsRdsDbInstance")
+            Prelude.<*> (x Data..:? "AwsRdsDbSecurityGroup")
+            Prelude.<*> (x Data..:? "AwsRdsDbSnapshot")
+            Prelude.<*> (x Data..:? "AwsRdsEventSubscription")
+            Prelude.<*> (x Data..:? "AwsRedshiftCluster")
+            Prelude.<*> (x Data..:? "AwsS3AccountPublicAccessBlock")
+            Prelude.<*> (x Data..:? "AwsS3Bucket")
+            Prelude.<*> (x Data..:? "AwsS3Object")
+            Prelude.<*> (x Data..:? "AwsSageMakerNotebookInstance")
+            Prelude.<*> (x Data..:? "AwsSecretsManagerSecret")
+            Prelude.<*> (x Data..:? "AwsSnsTopic")
+            Prelude.<*> (x Data..:? "AwsSqsQueue")
+            Prelude.<*> (x Data..:? "AwsSsmPatchCompliance")
+            Prelude.<*> (x Data..:? "AwsWafRateBasedRule")
+            Prelude.<*> (x Data..:? "AwsWafRegionalRateBasedRule")
+            Prelude.<*> (x Data..:? "AwsWafRegionalRule")
+            Prelude.<*> (x Data..:? "AwsWafRegionalRuleGroup")
+            Prelude.<*> (x Data..:? "AwsWafRegionalWebAcl")
+            Prelude.<*> (x Data..:? "AwsWafRule")
+            Prelude.<*> (x Data..:? "AwsWafRuleGroup")
+            Prelude.<*> (x Data..:? "AwsWafWebAcl")
+            Prelude.<*> (x Data..:? "AwsWafv2RuleGroup")
+            Prelude.<*> (x Data..:? "AwsWafv2WebAcl")
+            Prelude.<*> (x Data..:? "AwsXrayEncryptionConfig")
+            Prelude.<*> (x Data..:? "Container")
+            Prelude.<*> (x Data..:? "Other" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable ResourceDetails where
+  hashWithSalt _salt ResourceDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` awsApiGatewayRestApi
+      `Prelude.hashWithSalt` awsApiGatewayStage
+      `Prelude.hashWithSalt` awsApiGatewayV2Api
+      `Prelude.hashWithSalt` awsApiGatewayV2Stage
+      `Prelude.hashWithSalt` awsAutoScalingAutoScalingGroup
+      `Prelude.hashWithSalt` awsAutoScalingLaunchConfiguration
+      `Prelude.hashWithSalt` awsBackupBackupPlan
+      `Prelude.hashWithSalt` awsBackupBackupVault
+      `Prelude.hashWithSalt` awsBackupRecoveryPoint
+      `Prelude.hashWithSalt` awsCertificateManagerCertificate
+      `Prelude.hashWithSalt` awsCloudFormationStack
+      `Prelude.hashWithSalt` awsCloudFrontDistribution
+      `Prelude.hashWithSalt` awsCloudTrailTrail
+      `Prelude.hashWithSalt` awsCloudWatchAlarm
+      `Prelude.hashWithSalt` awsCodeBuildProject
+      `Prelude.hashWithSalt` awsDynamoDbTable
+      `Prelude.hashWithSalt` awsEc2Eip
+      `Prelude.hashWithSalt` awsEc2Instance
+      `Prelude.hashWithSalt` awsEc2LaunchTemplate
+      `Prelude.hashWithSalt` awsEc2NetworkAcl
+      `Prelude.hashWithSalt` awsEc2NetworkInterface
+      `Prelude.hashWithSalt` awsEc2SecurityGroup
+      `Prelude.hashWithSalt` awsEc2Subnet
+      `Prelude.hashWithSalt` awsEc2TransitGateway
+      `Prelude.hashWithSalt` awsEc2Volume
+      `Prelude.hashWithSalt` awsEc2Vpc
+      `Prelude.hashWithSalt` awsEc2VpcEndpointService
+      `Prelude.hashWithSalt` awsEc2VpcPeeringConnection
+      `Prelude.hashWithSalt` awsEc2VpnConnection
+      `Prelude.hashWithSalt` awsEcrContainerImage
+      `Prelude.hashWithSalt` awsEcrRepository
+      `Prelude.hashWithSalt` awsEcsCluster
+      `Prelude.hashWithSalt` awsEcsContainer
+      `Prelude.hashWithSalt` awsEcsService
+      `Prelude.hashWithSalt` awsEcsTask
+      `Prelude.hashWithSalt` awsEcsTaskDefinition
+      `Prelude.hashWithSalt` awsEfsAccessPoint
+      `Prelude.hashWithSalt` awsEksCluster
+      `Prelude.hashWithSalt` awsElasticBeanstalkEnvironment
+      `Prelude.hashWithSalt` awsElasticsearchDomain
+      `Prelude.hashWithSalt` awsElbLoadBalancer
+      `Prelude.hashWithSalt` awsElbv2LoadBalancer
+      `Prelude.hashWithSalt` awsIamAccessKey
+      `Prelude.hashWithSalt` awsIamGroup
+      `Prelude.hashWithSalt` awsIamPolicy
+      `Prelude.hashWithSalt` awsIamRole
+      `Prelude.hashWithSalt` awsIamUser
+      `Prelude.hashWithSalt` awsKinesisStream
+      `Prelude.hashWithSalt` awsKmsKey
+      `Prelude.hashWithSalt` awsLambdaFunction
+      `Prelude.hashWithSalt` awsLambdaLayerVersion
+      `Prelude.hashWithSalt` awsNetworkFirewallFirewall
+      `Prelude.hashWithSalt` awsNetworkFirewallFirewallPolicy
+      `Prelude.hashWithSalt` awsNetworkFirewallRuleGroup
+      `Prelude.hashWithSalt` awsOpenSearchServiceDomain
+      `Prelude.hashWithSalt` awsRdsDbCluster
+      `Prelude.hashWithSalt` awsRdsDbClusterSnapshot
+      `Prelude.hashWithSalt` awsRdsDbInstance
+      `Prelude.hashWithSalt` awsRdsDbSecurityGroup
+      `Prelude.hashWithSalt` awsRdsDbSnapshot
+      `Prelude.hashWithSalt` awsRdsEventSubscription
+      `Prelude.hashWithSalt` awsRedshiftCluster
+      `Prelude.hashWithSalt` awsS3AccountPublicAccessBlock
+      `Prelude.hashWithSalt` awsS3Bucket
+      `Prelude.hashWithSalt` awsS3Object
+      `Prelude.hashWithSalt` awsSageMakerNotebookInstance
+      `Prelude.hashWithSalt` awsSecretsManagerSecret
+      `Prelude.hashWithSalt` awsSnsTopic
+      `Prelude.hashWithSalt` awsSqsQueue
+      `Prelude.hashWithSalt` awsSsmPatchCompliance
+      `Prelude.hashWithSalt` awsWafRateBasedRule
+      `Prelude.hashWithSalt` awsWafRegionalRateBasedRule
+      `Prelude.hashWithSalt` awsWafRegionalRule
+      `Prelude.hashWithSalt` awsWafRegionalRuleGroup
+      `Prelude.hashWithSalt` awsWafRegionalWebAcl
+      `Prelude.hashWithSalt` awsWafRule
+      `Prelude.hashWithSalt` awsWafRuleGroup
+      `Prelude.hashWithSalt` awsWafWebAcl
+      `Prelude.hashWithSalt` awsWafv2RuleGroup
+      `Prelude.hashWithSalt` awsWafv2WebAcl
+      `Prelude.hashWithSalt` awsXrayEncryptionConfig
+      `Prelude.hashWithSalt` container
+      `Prelude.hashWithSalt` other
+
+instance Prelude.NFData ResourceDetails where
+  rnf ResourceDetails' {..} =
+    Prelude.rnf awsApiGatewayRestApi
+      `Prelude.seq` Prelude.rnf awsApiGatewayStage
+      `Prelude.seq` Prelude.rnf awsApiGatewayV2Api
+      `Prelude.seq` Prelude.rnf awsApiGatewayV2Stage
+      `Prelude.seq` Prelude.rnf awsAutoScalingAutoScalingGroup
+      `Prelude.seq` Prelude.rnf awsAutoScalingLaunchConfiguration
+      `Prelude.seq` Prelude.rnf awsBackupBackupPlan
+      `Prelude.seq` Prelude.rnf awsBackupBackupVault
+      `Prelude.seq` Prelude.rnf awsBackupRecoveryPoint
+      `Prelude.seq` Prelude.rnf awsCertificateManagerCertificate
+      `Prelude.seq` Prelude.rnf awsCloudFormationStack
+      `Prelude.seq` Prelude.rnf awsCloudFrontDistribution
+      `Prelude.seq` Prelude.rnf awsCloudTrailTrail
+      `Prelude.seq` Prelude.rnf awsCloudWatchAlarm
+      `Prelude.seq` Prelude.rnf awsCodeBuildProject
+      `Prelude.seq` Prelude.rnf awsDynamoDbTable
+      `Prelude.seq` Prelude.rnf awsEc2Eip
+      `Prelude.seq` Prelude.rnf awsEc2Instance
+      `Prelude.seq` Prelude.rnf awsEc2LaunchTemplate
+      `Prelude.seq` Prelude.rnf awsEc2NetworkAcl
+      `Prelude.seq` Prelude.rnf
+        awsEc2NetworkInterface
+      `Prelude.seq` Prelude.rnf
+        awsEc2SecurityGroup
+      `Prelude.seq` Prelude.rnf awsEc2Subnet
+      `Prelude.seq` Prelude.rnf
+        awsEc2TransitGateway
+      `Prelude.seq` Prelude.rnf
+        awsEc2Volume
+      `Prelude.seq` Prelude.rnf
+        awsEc2Vpc
+      `Prelude.seq` Prelude.rnf
+        awsEc2VpcEndpointService
+      `Prelude.seq` Prelude.rnf
+        awsEc2VpcPeeringConnection
+      `Prelude.seq` Prelude.rnf
+        awsEc2VpnConnection
+      `Prelude.seq` Prelude.rnf
+        awsEcrContainerImage
+      `Prelude.seq` Prelude.rnf
+        awsEcrRepository
+      `Prelude.seq` Prelude.rnf
+        awsEcsCluster
+      `Prelude.seq` Prelude.rnf
+        awsEcsContainer
+      `Prelude.seq` Prelude.rnf
+        awsEcsService
+      `Prelude.seq` Prelude.rnf
+        awsEcsTask
+      `Prelude.seq` Prelude.rnf
+        awsEcsTaskDefinition
+      `Prelude.seq` Prelude.rnf
+        awsEfsAccessPoint
+      `Prelude.seq` Prelude.rnf
+        awsEksCluster
+      `Prelude.seq` Prelude.rnf
+        awsElasticBeanstalkEnvironment
+      `Prelude.seq` Prelude.rnf
+        awsElasticsearchDomain
+      `Prelude.seq` Prelude.rnf
+        awsElbLoadBalancer
+      `Prelude.seq` Prelude.rnf
+        awsElbv2LoadBalancer
+      `Prelude.seq` Prelude.rnf
+        awsIamAccessKey
+      `Prelude.seq` Prelude.rnf
+        awsIamGroup
+      `Prelude.seq` Prelude.rnf
+        awsIamPolicy
+      `Prelude.seq` Prelude.rnf
+        awsIamRole
+      `Prelude.seq` Prelude.rnf
+        awsIamUser
+      `Prelude.seq` Prelude.rnf
+        awsKinesisStream
+      `Prelude.seq` Prelude.rnf
+        awsKmsKey
+      `Prelude.seq` Prelude.rnf
+        awsLambdaFunction
+      `Prelude.seq` Prelude.rnf
+        awsLambdaLayerVersion
+      `Prelude.seq` Prelude.rnf
+        awsNetworkFirewallFirewall
+      `Prelude.seq` Prelude.rnf
+        awsNetworkFirewallFirewallPolicy
+      `Prelude.seq` Prelude.rnf
+        awsNetworkFirewallRuleGroup
+      `Prelude.seq` Prelude.rnf
+        awsOpenSearchServiceDomain
+      `Prelude.seq` Prelude.rnf
+        awsRdsDbCluster
+      `Prelude.seq` Prelude.rnf
+        awsRdsDbClusterSnapshot
+      `Prelude.seq` Prelude.rnf
+        awsRdsDbInstance
+      `Prelude.seq` Prelude.rnf
+        awsRdsDbSecurityGroup
+      `Prelude.seq` Prelude.rnf
+        awsRdsDbSnapshot
+      `Prelude.seq` Prelude.rnf
+        awsRdsEventSubscription
+      `Prelude.seq` Prelude.rnf
+        awsRedshiftCluster
+      `Prelude.seq` Prelude.rnf
+        awsS3AccountPublicAccessBlock
+      `Prelude.seq` Prelude.rnf
+        awsS3Bucket
+      `Prelude.seq` Prelude.rnf
+        awsS3Object
+      `Prelude.seq` Prelude.rnf
+        awsSageMakerNotebookInstance
+      `Prelude.seq` Prelude.rnf
+        awsSecretsManagerSecret
+      `Prelude.seq` Prelude.rnf
+        awsSnsTopic
+      `Prelude.seq` Prelude.rnf
+        awsSqsQueue
+      `Prelude.seq` Prelude.rnf
+        awsSsmPatchCompliance
+      `Prelude.seq` Prelude.rnf
+        awsWafRateBasedRule
+      `Prelude.seq` Prelude.rnf
+        awsWafRegionalRateBasedRule
+      `Prelude.seq` Prelude.rnf
+        awsWafRegionalRule
+      `Prelude.seq` Prelude.rnf
+        awsWafRegionalRuleGroup
+      `Prelude.seq` Prelude.rnf
+        awsWafRegionalWebAcl
+      `Prelude.seq` Prelude.rnf
+        awsWafRule
+      `Prelude.seq` Prelude.rnf
+        awsWafRuleGroup
+      `Prelude.seq` Prelude.rnf
+        awsWafWebAcl
+      `Prelude.seq` Prelude.rnf
+        awsWafv2RuleGroup
+      `Prelude.seq` Prelude.rnf
+        awsWafv2WebAcl
+      `Prelude.seq` Prelude.rnf
+        awsXrayEncryptionConfig
+      `Prelude.seq` Prelude.rnf
+        container
+      `Prelude.seq` Prelude.rnf
+        other
+
+instance Data.ToJSON ResourceDetails where
+  toJSON ResourceDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AwsApiGatewayRestApi" Data..=)
+              Prelude.<$> awsApiGatewayRestApi,
+            ("AwsApiGatewayStage" Data..=)
+              Prelude.<$> awsApiGatewayStage,
+            ("AwsApiGatewayV2Api" Data..=)
+              Prelude.<$> awsApiGatewayV2Api,
+            ("AwsApiGatewayV2Stage" Data..=)
+              Prelude.<$> awsApiGatewayV2Stage,
+            ("AwsAutoScalingAutoScalingGroup" Data..=)
+              Prelude.<$> awsAutoScalingAutoScalingGroup,
+            ("AwsAutoScalingLaunchConfiguration" Data..=)
+              Prelude.<$> awsAutoScalingLaunchConfiguration,
+            ("AwsBackupBackupPlan" Data..=)
+              Prelude.<$> awsBackupBackupPlan,
+            ("AwsBackupBackupVault" Data..=)
+              Prelude.<$> awsBackupBackupVault,
+            ("AwsBackupRecoveryPoint" Data..=)
+              Prelude.<$> awsBackupRecoveryPoint,
+            ("AwsCertificateManagerCertificate" Data..=)
+              Prelude.<$> awsCertificateManagerCertificate,
+            ("AwsCloudFormationStack" Data..=)
+              Prelude.<$> awsCloudFormationStack,
+            ("AwsCloudFrontDistribution" Data..=)
+              Prelude.<$> awsCloudFrontDistribution,
+            ("AwsCloudTrailTrail" Data..=)
+              Prelude.<$> awsCloudTrailTrail,
+            ("AwsCloudWatchAlarm" Data..=)
+              Prelude.<$> awsCloudWatchAlarm,
+            ("AwsCodeBuildProject" Data..=)
+              Prelude.<$> awsCodeBuildProject,
+            ("AwsDynamoDbTable" Data..=)
+              Prelude.<$> awsDynamoDbTable,
+            ("AwsEc2Eip" Data..=) Prelude.<$> awsEc2Eip,
+            ("AwsEc2Instance" Data..=)
+              Prelude.<$> awsEc2Instance,
+            ("AwsEc2LaunchTemplate" Data..=)
+              Prelude.<$> awsEc2LaunchTemplate,
+            ("AwsEc2NetworkAcl" Data..=)
+              Prelude.<$> awsEc2NetworkAcl,
+            ("AwsEc2NetworkInterface" Data..=)
+              Prelude.<$> awsEc2NetworkInterface,
+            ("AwsEc2SecurityGroup" Data..=)
+              Prelude.<$> awsEc2SecurityGroup,
+            ("AwsEc2Subnet" Data..=) Prelude.<$> awsEc2Subnet,
+            ("AwsEc2TransitGateway" Data..=)
+              Prelude.<$> awsEc2TransitGateway,
+            ("AwsEc2Volume" Data..=) Prelude.<$> awsEc2Volume,
+            ("AwsEc2Vpc" Data..=) Prelude.<$> awsEc2Vpc,
+            ("AwsEc2VpcEndpointService" Data..=)
+              Prelude.<$> awsEc2VpcEndpointService,
+            ("AwsEc2VpcPeeringConnection" Data..=)
+              Prelude.<$> awsEc2VpcPeeringConnection,
+            ("AwsEc2VpnConnection" Data..=)
+              Prelude.<$> awsEc2VpnConnection,
+            ("AwsEcrContainerImage" Data..=)
+              Prelude.<$> awsEcrContainerImage,
+            ("AwsEcrRepository" Data..=)
+              Prelude.<$> awsEcrRepository,
+            ("AwsEcsCluster" Data..=) Prelude.<$> awsEcsCluster,
+            ("AwsEcsContainer" Data..=)
+              Prelude.<$> awsEcsContainer,
+            ("AwsEcsService" Data..=) Prelude.<$> awsEcsService,
+            ("AwsEcsTask" Data..=) Prelude.<$> awsEcsTask,
+            ("AwsEcsTaskDefinition" Data..=)
+              Prelude.<$> awsEcsTaskDefinition,
+            ("AwsEfsAccessPoint" Data..=)
+              Prelude.<$> awsEfsAccessPoint,
+            ("AwsEksCluster" Data..=) Prelude.<$> awsEksCluster,
+            ("AwsElasticBeanstalkEnvironment" Data..=)
+              Prelude.<$> awsElasticBeanstalkEnvironment,
+            ("AwsElasticsearchDomain" Data..=)
+              Prelude.<$> awsElasticsearchDomain,
+            ("AwsElbLoadBalancer" Data..=)
+              Prelude.<$> awsElbLoadBalancer,
+            ("AwsElbv2LoadBalancer" Data..=)
+              Prelude.<$> awsElbv2LoadBalancer,
+            ("AwsIamAccessKey" Data..=)
+              Prelude.<$> awsIamAccessKey,
+            ("AwsIamGroup" Data..=) Prelude.<$> awsIamGroup,
+            ("AwsIamPolicy" Data..=) Prelude.<$> awsIamPolicy,
+            ("AwsIamRole" Data..=) Prelude.<$> awsIamRole,
+            ("AwsIamUser" Data..=) Prelude.<$> awsIamUser,
+            ("AwsKinesisStream" Data..=)
+              Prelude.<$> awsKinesisStream,
+            ("AwsKmsKey" Data..=) Prelude.<$> awsKmsKey,
+            ("AwsLambdaFunction" Data..=)
+              Prelude.<$> awsLambdaFunction,
+            ("AwsLambdaLayerVersion" Data..=)
+              Prelude.<$> awsLambdaLayerVersion,
+            ("AwsNetworkFirewallFirewall" Data..=)
+              Prelude.<$> awsNetworkFirewallFirewall,
+            ("AwsNetworkFirewallFirewallPolicy" Data..=)
+              Prelude.<$> awsNetworkFirewallFirewallPolicy,
+            ("AwsNetworkFirewallRuleGroup" Data..=)
+              Prelude.<$> awsNetworkFirewallRuleGroup,
+            ("AwsOpenSearchServiceDomain" Data..=)
+              Prelude.<$> awsOpenSearchServiceDomain,
+            ("AwsRdsDbCluster" Data..=)
+              Prelude.<$> awsRdsDbCluster,
+            ("AwsRdsDbClusterSnapshot" Data..=)
+              Prelude.<$> awsRdsDbClusterSnapshot,
+            ("AwsRdsDbInstance" Data..=)
+              Prelude.<$> awsRdsDbInstance,
+            ("AwsRdsDbSecurityGroup" Data..=)
+              Prelude.<$> awsRdsDbSecurityGroup,
+            ("AwsRdsDbSnapshot" Data..=)
+              Prelude.<$> awsRdsDbSnapshot,
+            ("AwsRdsEventSubscription" Data..=)
+              Prelude.<$> awsRdsEventSubscription,
+            ("AwsRedshiftCluster" Data..=)
+              Prelude.<$> awsRedshiftCluster,
+            ("AwsS3AccountPublicAccessBlock" Data..=)
+              Prelude.<$> awsS3AccountPublicAccessBlock,
+            ("AwsS3Bucket" Data..=) Prelude.<$> awsS3Bucket,
+            ("AwsS3Object" Data..=) Prelude.<$> awsS3Object,
+            ("AwsSageMakerNotebookInstance" Data..=)
+              Prelude.<$> awsSageMakerNotebookInstance,
+            ("AwsSecretsManagerSecret" Data..=)
+              Prelude.<$> awsSecretsManagerSecret,
+            ("AwsSnsTopic" Data..=) Prelude.<$> awsSnsTopic,
+            ("AwsSqsQueue" Data..=) Prelude.<$> awsSqsQueue,
+            ("AwsSsmPatchCompliance" Data..=)
+              Prelude.<$> awsSsmPatchCompliance,
+            ("AwsWafRateBasedRule" Data..=)
+              Prelude.<$> awsWafRateBasedRule,
+            ("AwsWafRegionalRateBasedRule" Data..=)
+              Prelude.<$> awsWafRegionalRateBasedRule,
+            ("AwsWafRegionalRule" Data..=)
+              Prelude.<$> awsWafRegionalRule,
+            ("AwsWafRegionalRuleGroup" Data..=)
+              Prelude.<$> awsWafRegionalRuleGroup,
+            ("AwsWafRegionalWebAcl" Data..=)
+              Prelude.<$> awsWafRegionalWebAcl,
+            ("AwsWafRule" Data..=) Prelude.<$> awsWafRule,
+            ("AwsWafRuleGroup" Data..=)
+              Prelude.<$> awsWafRuleGroup,
+            ("AwsWafWebAcl" Data..=) Prelude.<$> awsWafWebAcl,
+            ("AwsWafv2RuleGroup" Data..=)
+              Prelude.<$> awsWafv2RuleGroup,
+            ("AwsWafv2WebAcl" Data..=)
+              Prelude.<$> awsWafv2WebAcl,
+            ("AwsXrayEncryptionConfig" Data..=)
+              Prelude.<$> awsXrayEncryptionConfig,
+            ("Container" Data..=) Prelude.<$> container,
+            ("Other" Data..=) Prelude.<$> other
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Result.hs b/gen/Amazonka/SecurityHub/Types/Result.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Result.hs
@@ -0,0 +1,84 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Result
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Result where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about the account that was not processed.
+--
+-- /See:/ 'newResult' smart constructor.
+data Result = Result'
+  { -- | An Amazon Web Services account ID of the account that was not processed.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | The reason that the account was not processed.
+    processingResult :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Result' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'result_accountId' - An Amazon Web Services account ID of the account that was not processed.
+--
+-- 'processingResult', 'result_processingResult' - The reason that the account was not processed.
+newResult ::
+  Result
+newResult =
+  Result'
+    { accountId = Prelude.Nothing,
+      processingResult = Prelude.Nothing
+    }
+
+-- | An Amazon Web Services account ID of the account that was not processed.
+result_accountId :: Lens.Lens' Result (Prelude.Maybe Prelude.Text)
+result_accountId = Lens.lens (\Result' {accountId} -> accountId) (\s@Result' {} a -> s {accountId = a} :: Result)
+
+-- | The reason that the account was not processed.
+result_processingResult :: Lens.Lens' Result (Prelude.Maybe Prelude.Text)
+result_processingResult = Lens.lens (\Result' {processingResult} -> processingResult) (\s@Result' {} a -> s {processingResult = a} :: Result)
+
+instance Data.FromJSON Result where
+  parseJSON =
+    Data.withObject
+      "Result"
+      ( \x ->
+          Result'
+            Prelude.<$> (x Data..:? "AccountId")
+            Prelude.<*> (x Data..:? "ProcessingResult")
+      )
+
+instance Prelude.Hashable Result where
+  hashWithSalt _salt Result' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` processingResult
+
+instance Prelude.NFData Result where
+  rnf Result' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf processingResult
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupDetails.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupDetails.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.RuleGroupSource
+import Amazonka.SecurityHub.Types.RuleGroupVariables
+
+-- | Details about the rule group.
+--
+-- /See:/ 'newRuleGroupDetails' smart constructor.
+data RuleGroupDetails = RuleGroupDetails'
+  { -- | Additional settings to use in the specified rules.
+    ruleVariables :: Prelude.Maybe RuleGroupVariables,
+    -- | The rules and actions for the rule group.
+    --
+    -- For stateful rule groups, can contain @RulesString@, @RulesSourceList@,
+    -- or @StatefulRules@.
+    --
+    -- For stateless rule groups, contains @StatelessRulesAndCustomActions@.
+    rulesSource :: Prelude.Maybe RuleGroupSource
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ruleVariables', 'ruleGroupDetails_ruleVariables' - Additional settings to use in the specified rules.
+--
+-- 'rulesSource', 'ruleGroupDetails_rulesSource' - The rules and actions for the rule group.
+--
+-- For stateful rule groups, can contain @RulesString@, @RulesSourceList@,
+-- or @StatefulRules@.
+--
+-- For stateless rule groups, contains @StatelessRulesAndCustomActions@.
+newRuleGroupDetails ::
+  RuleGroupDetails
+newRuleGroupDetails =
+  RuleGroupDetails'
+    { ruleVariables = Prelude.Nothing,
+      rulesSource = Prelude.Nothing
+    }
+
+-- | Additional settings to use in the specified rules.
+ruleGroupDetails_ruleVariables :: Lens.Lens' RuleGroupDetails (Prelude.Maybe RuleGroupVariables)
+ruleGroupDetails_ruleVariables = Lens.lens (\RuleGroupDetails' {ruleVariables} -> ruleVariables) (\s@RuleGroupDetails' {} a -> s {ruleVariables = a} :: RuleGroupDetails)
+
+-- | The rules and actions for the rule group.
+--
+-- For stateful rule groups, can contain @RulesString@, @RulesSourceList@,
+-- or @StatefulRules@.
+--
+-- For stateless rule groups, contains @StatelessRulesAndCustomActions@.
+ruleGroupDetails_rulesSource :: Lens.Lens' RuleGroupDetails (Prelude.Maybe RuleGroupSource)
+ruleGroupDetails_rulesSource = Lens.lens (\RuleGroupDetails' {rulesSource} -> rulesSource) (\s@RuleGroupDetails' {} a -> s {rulesSource = a} :: RuleGroupDetails)
+
+instance Data.FromJSON RuleGroupDetails where
+  parseJSON =
+    Data.withObject
+      "RuleGroupDetails"
+      ( \x ->
+          RuleGroupDetails'
+            Prelude.<$> (x Data..:? "RuleVariables")
+            Prelude.<*> (x Data..:? "RulesSource")
+      )
+
+instance Prelude.Hashable RuleGroupDetails where
+  hashWithSalt _salt RuleGroupDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` ruleVariables
+      `Prelude.hashWithSalt` rulesSource
+
+instance Prelude.NFData RuleGroupDetails where
+  rnf RuleGroupDetails' {..} =
+    Prelude.rnf ruleVariables
+      `Prelude.seq` Prelude.rnf rulesSource
+
+instance Data.ToJSON RuleGroupDetails where
+  toJSON RuleGroupDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("RuleVariables" Data..=) Prelude.<$> ruleVariables,
+            ("RulesSource" Data..=) Prelude.<$> rulesSource
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupSource.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupSource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupSource.hs
@@ -0,0 +1,130 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupSource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupSource where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.RuleGroupSourceListDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRulesAndCustomActionsDetails
+
+-- | The rules and actions for the rule group.
+--
+-- /See:/ 'newRuleGroupSource' smart constructor.
+data RuleGroupSource = RuleGroupSource'
+  { -- | Stateful inspection criteria for a domain list rule group. A domain list
+    -- rule group determines access by specific protocols to specific domains.
+    rulesSourceList :: Prelude.Maybe RuleGroupSourceListDetails,
+    -- | Stateful inspection criteria, provided in Suricata compatible intrusion
+    -- prevention system (IPS) rules.
+    rulesString :: Prelude.Maybe Prelude.Text,
+    -- | Suricata rule specifications.
+    statefulRules :: Prelude.Maybe [RuleGroupSourceStatefulRulesDetails],
+    -- | The stateless rules and custom actions used by a stateless rule group.
+    statelessRulesAndCustomActions :: Prelude.Maybe RuleGroupSourceStatelessRulesAndCustomActionsDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'rulesSourceList', 'ruleGroupSource_rulesSourceList' - Stateful inspection criteria for a domain list rule group. A domain list
+-- rule group determines access by specific protocols to specific domains.
+--
+-- 'rulesString', 'ruleGroupSource_rulesString' - Stateful inspection criteria, provided in Suricata compatible intrusion
+-- prevention system (IPS) rules.
+--
+-- 'statefulRules', 'ruleGroupSource_statefulRules' - Suricata rule specifications.
+--
+-- 'statelessRulesAndCustomActions', 'ruleGroupSource_statelessRulesAndCustomActions' - The stateless rules and custom actions used by a stateless rule group.
+newRuleGroupSource ::
+  RuleGroupSource
+newRuleGroupSource =
+  RuleGroupSource'
+    { rulesSourceList = Prelude.Nothing,
+      rulesString = Prelude.Nothing,
+      statefulRules = Prelude.Nothing,
+      statelessRulesAndCustomActions = Prelude.Nothing
+    }
+
+-- | Stateful inspection criteria for a domain list rule group. A domain list
+-- rule group determines access by specific protocols to specific domains.
+ruleGroupSource_rulesSourceList :: Lens.Lens' RuleGroupSource (Prelude.Maybe RuleGroupSourceListDetails)
+ruleGroupSource_rulesSourceList = Lens.lens (\RuleGroupSource' {rulesSourceList} -> rulesSourceList) (\s@RuleGroupSource' {} a -> s {rulesSourceList = a} :: RuleGroupSource)
+
+-- | Stateful inspection criteria, provided in Suricata compatible intrusion
+-- prevention system (IPS) rules.
+ruleGroupSource_rulesString :: Lens.Lens' RuleGroupSource (Prelude.Maybe Prelude.Text)
+ruleGroupSource_rulesString = Lens.lens (\RuleGroupSource' {rulesString} -> rulesString) (\s@RuleGroupSource' {} a -> s {rulesString = a} :: RuleGroupSource)
+
+-- | Suricata rule specifications.
+ruleGroupSource_statefulRules :: Lens.Lens' RuleGroupSource (Prelude.Maybe [RuleGroupSourceStatefulRulesDetails])
+ruleGroupSource_statefulRules = Lens.lens (\RuleGroupSource' {statefulRules} -> statefulRules) (\s@RuleGroupSource' {} a -> s {statefulRules = a} :: RuleGroupSource) Prelude.. Lens.mapping Lens.coerced
+
+-- | The stateless rules and custom actions used by a stateless rule group.
+ruleGroupSource_statelessRulesAndCustomActions :: Lens.Lens' RuleGroupSource (Prelude.Maybe RuleGroupSourceStatelessRulesAndCustomActionsDetails)
+ruleGroupSource_statelessRulesAndCustomActions = Lens.lens (\RuleGroupSource' {statelessRulesAndCustomActions} -> statelessRulesAndCustomActions) (\s@RuleGroupSource' {} a -> s {statelessRulesAndCustomActions = a} :: RuleGroupSource)
+
+instance Data.FromJSON RuleGroupSource where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSource"
+      ( \x ->
+          RuleGroupSource'
+            Prelude.<$> (x Data..:? "RulesSourceList")
+            Prelude.<*> (x Data..:? "RulesString")
+            Prelude.<*> (x Data..:? "StatefulRules" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "StatelessRulesAndCustomActions")
+      )
+
+instance Prelude.Hashable RuleGroupSource where
+  hashWithSalt _salt RuleGroupSource' {..} =
+    _salt
+      `Prelude.hashWithSalt` rulesSourceList
+      `Prelude.hashWithSalt` rulesString
+      `Prelude.hashWithSalt` statefulRules
+      `Prelude.hashWithSalt` statelessRulesAndCustomActions
+
+instance Prelude.NFData RuleGroupSource where
+  rnf RuleGroupSource' {..} =
+    Prelude.rnf rulesSourceList
+      `Prelude.seq` Prelude.rnf rulesString
+      `Prelude.seq` Prelude.rnf statefulRules
+      `Prelude.seq` Prelude.rnf statelessRulesAndCustomActions
+
+instance Data.ToJSON RuleGroupSource where
+  toJSON RuleGroupSource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("RulesSourceList" Data..=)
+              Prelude.<$> rulesSourceList,
+            ("RulesString" Data..=) Prelude.<$> rulesString,
+            ("StatefulRules" Data..=) Prelude.<$> statefulRules,
+            ("StatelessRulesAndCustomActions" Data..=)
+              Prelude.<$> statelessRulesAndCustomActions
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupSourceCustomActionsDetails.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceCustomActionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceCustomActionsDetails.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupSourceCustomActionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupSourceCustomActionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.StatelessCustomActionDefinition
+
+-- | A custom action definition. A custom action is an optional, non-standard
+-- action to use for stateless packet handling.
+--
+-- /See:/ 'newRuleGroupSourceCustomActionsDetails' smart constructor.
+data RuleGroupSourceCustomActionsDetails = RuleGroupSourceCustomActionsDetails'
+  { -- | The definition of a custom action.
+    actionDefinition :: Prelude.Maybe StatelessCustomActionDefinition,
+    -- | A descriptive name of the custom action.
+    actionName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSourceCustomActionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'actionDefinition', 'ruleGroupSourceCustomActionsDetails_actionDefinition' - The definition of a custom action.
+--
+-- 'actionName', 'ruleGroupSourceCustomActionsDetails_actionName' - A descriptive name of the custom action.
+newRuleGroupSourceCustomActionsDetails ::
+  RuleGroupSourceCustomActionsDetails
+newRuleGroupSourceCustomActionsDetails =
+  RuleGroupSourceCustomActionsDetails'
+    { actionDefinition =
+        Prelude.Nothing,
+      actionName = Prelude.Nothing
+    }
+
+-- | The definition of a custom action.
+ruleGroupSourceCustomActionsDetails_actionDefinition :: Lens.Lens' RuleGroupSourceCustomActionsDetails (Prelude.Maybe StatelessCustomActionDefinition)
+ruleGroupSourceCustomActionsDetails_actionDefinition = Lens.lens (\RuleGroupSourceCustomActionsDetails' {actionDefinition} -> actionDefinition) (\s@RuleGroupSourceCustomActionsDetails' {} a -> s {actionDefinition = a} :: RuleGroupSourceCustomActionsDetails)
+
+-- | A descriptive name of the custom action.
+ruleGroupSourceCustomActionsDetails_actionName :: Lens.Lens' RuleGroupSourceCustomActionsDetails (Prelude.Maybe Prelude.Text)
+ruleGroupSourceCustomActionsDetails_actionName = Lens.lens (\RuleGroupSourceCustomActionsDetails' {actionName} -> actionName) (\s@RuleGroupSourceCustomActionsDetails' {} a -> s {actionName = a} :: RuleGroupSourceCustomActionsDetails)
+
+instance
+  Data.FromJSON
+    RuleGroupSourceCustomActionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSourceCustomActionsDetails"
+      ( \x ->
+          RuleGroupSourceCustomActionsDetails'
+            Prelude.<$> (x Data..:? "ActionDefinition")
+            Prelude.<*> (x Data..:? "ActionName")
+      )
+
+instance
+  Prelude.Hashable
+    RuleGroupSourceCustomActionsDetails
+  where
+  hashWithSalt
+    _salt
+    RuleGroupSourceCustomActionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` actionDefinition
+        `Prelude.hashWithSalt` actionName
+
+instance
+  Prelude.NFData
+    RuleGroupSourceCustomActionsDetails
+  where
+  rnf RuleGroupSourceCustomActionsDetails' {..} =
+    Prelude.rnf actionDefinition
+      `Prelude.seq` Prelude.rnf actionName
+
+instance
+  Data.ToJSON
+    RuleGroupSourceCustomActionsDetails
+  where
+  toJSON RuleGroupSourceCustomActionsDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ActionDefinition" Data..=)
+              Prelude.<$> actionDefinition,
+            ("ActionName" Data..=) Prelude.<$> actionName
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupSourceListDetails.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceListDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceListDetails.hs
@@ -0,0 +1,120 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupSourceListDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupSourceListDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Stateful inspection criteria for a domain list rule group.
+--
+-- /See:/ 'newRuleGroupSourceListDetails' smart constructor.
+data RuleGroupSourceListDetails = RuleGroupSourceListDetails'
+  { -- | Indicates whether to allow or deny access to the domains listed in
+    -- @Targets@.
+    generatedRulesType :: Prelude.Maybe Prelude.Text,
+    -- | The protocols that you want to inspect. Specify @LS_SNI@ for HTTPS.
+    -- Specify @HTTP_HOST@ for HTTP. You can specify either or both.
+    targetTypes :: Prelude.Maybe [Prelude.Text],
+    -- | The domains that you want to inspect for in your traffic flows. You can
+    -- provide full domain names, or use the \'.\' prefix as a wildcard. For
+    -- example, @.example.com@ matches all domains that end with @example.com@.
+    targets :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSourceListDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'generatedRulesType', 'ruleGroupSourceListDetails_generatedRulesType' - Indicates whether to allow or deny access to the domains listed in
+-- @Targets@.
+--
+-- 'targetTypes', 'ruleGroupSourceListDetails_targetTypes' - The protocols that you want to inspect. Specify @LS_SNI@ for HTTPS.
+-- Specify @HTTP_HOST@ for HTTP. You can specify either or both.
+--
+-- 'targets', 'ruleGroupSourceListDetails_targets' - The domains that you want to inspect for in your traffic flows. You can
+-- provide full domain names, or use the \'.\' prefix as a wildcard. For
+-- example, @.example.com@ matches all domains that end with @example.com@.
+newRuleGroupSourceListDetails ::
+  RuleGroupSourceListDetails
+newRuleGroupSourceListDetails =
+  RuleGroupSourceListDetails'
+    { generatedRulesType =
+        Prelude.Nothing,
+      targetTypes = Prelude.Nothing,
+      targets = Prelude.Nothing
+    }
+
+-- | Indicates whether to allow or deny access to the domains listed in
+-- @Targets@.
+ruleGroupSourceListDetails_generatedRulesType :: Lens.Lens' RuleGroupSourceListDetails (Prelude.Maybe Prelude.Text)
+ruleGroupSourceListDetails_generatedRulesType = Lens.lens (\RuleGroupSourceListDetails' {generatedRulesType} -> generatedRulesType) (\s@RuleGroupSourceListDetails' {} a -> s {generatedRulesType = a} :: RuleGroupSourceListDetails)
+
+-- | The protocols that you want to inspect. Specify @LS_SNI@ for HTTPS.
+-- Specify @HTTP_HOST@ for HTTP. You can specify either or both.
+ruleGroupSourceListDetails_targetTypes :: Lens.Lens' RuleGroupSourceListDetails (Prelude.Maybe [Prelude.Text])
+ruleGroupSourceListDetails_targetTypes = Lens.lens (\RuleGroupSourceListDetails' {targetTypes} -> targetTypes) (\s@RuleGroupSourceListDetails' {} a -> s {targetTypes = a} :: RuleGroupSourceListDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The domains that you want to inspect for in your traffic flows. You can
+-- provide full domain names, or use the \'.\' prefix as a wildcard. For
+-- example, @.example.com@ matches all domains that end with @example.com@.
+ruleGroupSourceListDetails_targets :: Lens.Lens' RuleGroupSourceListDetails (Prelude.Maybe [Prelude.Text])
+ruleGroupSourceListDetails_targets = Lens.lens (\RuleGroupSourceListDetails' {targets} -> targets) (\s@RuleGroupSourceListDetails' {} a -> s {targets = a} :: RuleGroupSourceListDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON RuleGroupSourceListDetails where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSourceListDetails"
+      ( \x ->
+          RuleGroupSourceListDetails'
+            Prelude.<$> (x Data..:? "GeneratedRulesType")
+            Prelude.<*> (x Data..:? "TargetTypes" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Targets" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable RuleGroupSourceListDetails where
+  hashWithSalt _salt RuleGroupSourceListDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` generatedRulesType
+      `Prelude.hashWithSalt` targetTypes
+      `Prelude.hashWithSalt` targets
+
+instance Prelude.NFData RuleGroupSourceListDetails where
+  rnf RuleGroupSourceListDetails' {..} =
+    Prelude.rnf generatedRulesType
+      `Prelude.seq` Prelude.rnf targetTypes
+      `Prelude.seq` Prelude.rnf targets
+
+instance Data.ToJSON RuleGroupSourceListDetails where
+  toJSON RuleGroupSourceListDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("GeneratedRulesType" Data..=)
+              Prelude.<$> generatedRulesType,
+            ("TargetTypes" Data..=) Prelude.<$> targetTypes,
+            ("Targets" Data..=) Prelude.<$> targets
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatefulRulesDetails.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatefulRulesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatefulRulesDetails.hs
@@ -0,0 +1,126 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesHeaderDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesOptionsDetails
+
+-- | A Suricata rule specification.
+--
+-- /See:/ 'newRuleGroupSourceStatefulRulesDetails' smart constructor.
+data RuleGroupSourceStatefulRulesDetails = RuleGroupSourceStatefulRulesDetails'
+  { -- | Defines what Network Firewall should do with the packets in a traffic
+    -- flow when the flow matches the stateful rule criteria.
+    action :: Prelude.Maybe Prelude.Text,
+    -- | The stateful inspection criteria for the rule.
+    header :: Prelude.Maybe RuleGroupSourceStatefulRulesHeaderDetails,
+    -- | Additional options for the rule.
+    ruleOptions :: Prelude.Maybe [RuleGroupSourceStatefulRulesOptionsDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSourceStatefulRulesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'ruleGroupSourceStatefulRulesDetails_action' - Defines what Network Firewall should do with the packets in a traffic
+-- flow when the flow matches the stateful rule criteria.
+--
+-- 'header', 'ruleGroupSourceStatefulRulesDetails_header' - The stateful inspection criteria for the rule.
+--
+-- 'ruleOptions', 'ruleGroupSourceStatefulRulesDetails_ruleOptions' - Additional options for the rule.
+newRuleGroupSourceStatefulRulesDetails ::
+  RuleGroupSourceStatefulRulesDetails
+newRuleGroupSourceStatefulRulesDetails =
+  RuleGroupSourceStatefulRulesDetails'
+    { action =
+        Prelude.Nothing,
+      header = Prelude.Nothing,
+      ruleOptions = Prelude.Nothing
+    }
+
+-- | Defines what Network Firewall should do with the packets in a traffic
+-- flow when the flow matches the stateful rule criteria.
+ruleGroupSourceStatefulRulesDetails_action :: Lens.Lens' RuleGroupSourceStatefulRulesDetails (Prelude.Maybe Prelude.Text)
+ruleGroupSourceStatefulRulesDetails_action = Lens.lens (\RuleGroupSourceStatefulRulesDetails' {action} -> action) (\s@RuleGroupSourceStatefulRulesDetails' {} a -> s {action = a} :: RuleGroupSourceStatefulRulesDetails)
+
+-- | The stateful inspection criteria for the rule.
+ruleGroupSourceStatefulRulesDetails_header :: Lens.Lens' RuleGroupSourceStatefulRulesDetails (Prelude.Maybe RuleGroupSourceStatefulRulesHeaderDetails)
+ruleGroupSourceStatefulRulesDetails_header = Lens.lens (\RuleGroupSourceStatefulRulesDetails' {header} -> header) (\s@RuleGroupSourceStatefulRulesDetails' {} a -> s {header = a} :: RuleGroupSourceStatefulRulesDetails)
+
+-- | Additional options for the rule.
+ruleGroupSourceStatefulRulesDetails_ruleOptions :: Lens.Lens' RuleGroupSourceStatefulRulesDetails (Prelude.Maybe [RuleGroupSourceStatefulRulesOptionsDetails])
+ruleGroupSourceStatefulRulesDetails_ruleOptions = Lens.lens (\RuleGroupSourceStatefulRulesDetails' {ruleOptions} -> ruleOptions) (\s@RuleGroupSourceStatefulRulesDetails' {} a -> s {ruleOptions = a} :: RuleGroupSourceStatefulRulesDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    RuleGroupSourceStatefulRulesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSourceStatefulRulesDetails"
+      ( \x ->
+          RuleGroupSourceStatefulRulesDetails'
+            Prelude.<$> (x Data..:? "Action")
+            Prelude.<*> (x Data..:? "Header")
+            Prelude.<*> (x Data..:? "RuleOptions" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    RuleGroupSourceStatefulRulesDetails
+  where
+  hashWithSalt
+    _salt
+    RuleGroupSourceStatefulRulesDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` action
+        `Prelude.hashWithSalt` header
+        `Prelude.hashWithSalt` ruleOptions
+
+instance
+  Prelude.NFData
+    RuleGroupSourceStatefulRulesDetails
+  where
+  rnf RuleGroupSourceStatefulRulesDetails' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf header
+      `Prelude.seq` Prelude.rnf ruleOptions
+
+instance
+  Data.ToJSON
+    RuleGroupSourceStatefulRulesDetails
+  where
+  toJSON RuleGroupSourceStatefulRulesDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Action" Data..=) Prelude.<$> action,
+            ("Header" Data..=) Prelude.<$> header,
+            ("RuleOptions" Data..=) Prelude.<$> ruleOptions
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatefulRulesHeaderDetails.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatefulRulesHeaderDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatefulRulesHeaderDetails.hs
@@ -0,0 +1,192 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesHeaderDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesHeaderDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The inspection criteria for a stateful rule.
+--
+-- /See:/ 'newRuleGroupSourceStatefulRulesHeaderDetails' smart constructor.
+data RuleGroupSourceStatefulRulesHeaderDetails = RuleGroupSourceStatefulRulesHeaderDetails'
+  { -- | The destination IP address or address range to inspect for, in CIDR
+    -- notation. To match with any address, specify @ANY@.
+    destination :: Prelude.Maybe Prelude.Text,
+    -- | The destination port to inspect for. You can specify an individual port,
+    -- such as @1994@. You also can specify a port range, such as @1990:1994@.
+    -- To match with any port, specify @ANY@.
+    destinationPort :: Prelude.Maybe Prelude.Text,
+    -- | The direction of traffic flow to inspect. If set to @ANY@, the
+    -- inspection matches bidirectional traffic, both from the source to the
+    -- destination and from the destination to the source. If set to @FORWARD@,
+    -- the inspection only matches traffic going from the source to the
+    -- destination.
+    direction :: Prelude.Maybe Prelude.Text,
+    -- | The protocol to inspect for. To inspector for all protocols, use @IP@.
+    protocol :: Prelude.Maybe Prelude.Text,
+    -- | The source IP address or address range to inspect for, in CIDR notation.
+    -- To match with any address, specify @ANY@.
+    source :: Prelude.Maybe Prelude.Text,
+    -- | The source port to inspect for. You can specify an individual port, such
+    -- as @1994@. You also can specify a port range, such as @1990:1994@. To
+    -- match with any port, specify @ANY@.
+    sourcePort :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSourceStatefulRulesHeaderDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'destination', 'ruleGroupSourceStatefulRulesHeaderDetails_destination' - The destination IP address or address range to inspect for, in CIDR
+-- notation. To match with any address, specify @ANY@.
+--
+-- 'destinationPort', 'ruleGroupSourceStatefulRulesHeaderDetails_destinationPort' - The destination port to inspect for. You can specify an individual port,
+-- such as @1994@. You also can specify a port range, such as @1990:1994@.
+-- To match with any port, specify @ANY@.
+--
+-- 'direction', 'ruleGroupSourceStatefulRulesHeaderDetails_direction' - The direction of traffic flow to inspect. If set to @ANY@, the
+-- inspection matches bidirectional traffic, both from the source to the
+-- destination and from the destination to the source. If set to @FORWARD@,
+-- the inspection only matches traffic going from the source to the
+-- destination.
+--
+-- 'protocol', 'ruleGroupSourceStatefulRulesHeaderDetails_protocol' - The protocol to inspect for. To inspector for all protocols, use @IP@.
+--
+-- 'source', 'ruleGroupSourceStatefulRulesHeaderDetails_source' - The source IP address or address range to inspect for, in CIDR notation.
+-- To match with any address, specify @ANY@.
+--
+-- 'sourcePort', 'ruleGroupSourceStatefulRulesHeaderDetails_sourcePort' - The source port to inspect for. You can specify an individual port, such
+-- as @1994@. You also can specify a port range, such as @1990:1994@. To
+-- match with any port, specify @ANY@.
+newRuleGroupSourceStatefulRulesHeaderDetails ::
+  RuleGroupSourceStatefulRulesHeaderDetails
+newRuleGroupSourceStatefulRulesHeaderDetails =
+  RuleGroupSourceStatefulRulesHeaderDetails'
+    { destination =
+        Prelude.Nothing,
+      destinationPort =
+        Prelude.Nothing,
+      direction = Prelude.Nothing,
+      protocol = Prelude.Nothing,
+      source = Prelude.Nothing,
+      sourcePort = Prelude.Nothing
+    }
+
+-- | The destination IP address or address range to inspect for, in CIDR
+-- notation. To match with any address, specify @ANY@.
+ruleGroupSourceStatefulRulesHeaderDetails_destination :: Lens.Lens' RuleGroupSourceStatefulRulesHeaderDetails (Prelude.Maybe Prelude.Text)
+ruleGroupSourceStatefulRulesHeaderDetails_destination = Lens.lens (\RuleGroupSourceStatefulRulesHeaderDetails' {destination} -> destination) (\s@RuleGroupSourceStatefulRulesHeaderDetails' {} a -> s {destination = a} :: RuleGroupSourceStatefulRulesHeaderDetails)
+
+-- | The destination port to inspect for. You can specify an individual port,
+-- such as @1994@. You also can specify a port range, such as @1990:1994@.
+-- To match with any port, specify @ANY@.
+ruleGroupSourceStatefulRulesHeaderDetails_destinationPort :: Lens.Lens' RuleGroupSourceStatefulRulesHeaderDetails (Prelude.Maybe Prelude.Text)
+ruleGroupSourceStatefulRulesHeaderDetails_destinationPort = Lens.lens (\RuleGroupSourceStatefulRulesHeaderDetails' {destinationPort} -> destinationPort) (\s@RuleGroupSourceStatefulRulesHeaderDetails' {} a -> s {destinationPort = a} :: RuleGroupSourceStatefulRulesHeaderDetails)
+
+-- | The direction of traffic flow to inspect. If set to @ANY@, the
+-- inspection matches bidirectional traffic, both from the source to the
+-- destination and from the destination to the source. If set to @FORWARD@,
+-- the inspection only matches traffic going from the source to the
+-- destination.
+ruleGroupSourceStatefulRulesHeaderDetails_direction :: Lens.Lens' RuleGroupSourceStatefulRulesHeaderDetails (Prelude.Maybe Prelude.Text)
+ruleGroupSourceStatefulRulesHeaderDetails_direction = Lens.lens (\RuleGroupSourceStatefulRulesHeaderDetails' {direction} -> direction) (\s@RuleGroupSourceStatefulRulesHeaderDetails' {} a -> s {direction = a} :: RuleGroupSourceStatefulRulesHeaderDetails)
+
+-- | The protocol to inspect for. To inspector for all protocols, use @IP@.
+ruleGroupSourceStatefulRulesHeaderDetails_protocol :: Lens.Lens' RuleGroupSourceStatefulRulesHeaderDetails (Prelude.Maybe Prelude.Text)
+ruleGroupSourceStatefulRulesHeaderDetails_protocol = Lens.lens (\RuleGroupSourceStatefulRulesHeaderDetails' {protocol} -> protocol) (\s@RuleGroupSourceStatefulRulesHeaderDetails' {} a -> s {protocol = a} :: RuleGroupSourceStatefulRulesHeaderDetails)
+
+-- | The source IP address or address range to inspect for, in CIDR notation.
+-- To match with any address, specify @ANY@.
+ruleGroupSourceStatefulRulesHeaderDetails_source :: Lens.Lens' RuleGroupSourceStatefulRulesHeaderDetails (Prelude.Maybe Prelude.Text)
+ruleGroupSourceStatefulRulesHeaderDetails_source = Lens.lens (\RuleGroupSourceStatefulRulesHeaderDetails' {source} -> source) (\s@RuleGroupSourceStatefulRulesHeaderDetails' {} a -> s {source = a} :: RuleGroupSourceStatefulRulesHeaderDetails)
+
+-- | The source port to inspect for. You can specify an individual port, such
+-- as @1994@. You also can specify a port range, such as @1990:1994@. To
+-- match with any port, specify @ANY@.
+ruleGroupSourceStatefulRulesHeaderDetails_sourcePort :: Lens.Lens' RuleGroupSourceStatefulRulesHeaderDetails (Prelude.Maybe Prelude.Text)
+ruleGroupSourceStatefulRulesHeaderDetails_sourcePort = Lens.lens (\RuleGroupSourceStatefulRulesHeaderDetails' {sourcePort} -> sourcePort) (\s@RuleGroupSourceStatefulRulesHeaderDetails' {} a -> s {sourcePort = a} :: RuleGroupSourceStatefulRulesHeaderDetails)
+
+instance
+  Data.FromJSON
+    RuleGroupSourceStatefulRulesHeaderDetails
+  where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSourceStatefulRulesHeaderDetails"
+      ( \x ->
+          RuleGroupSourceStatefulRulesHeaderDetails'
+            Prelude.<$> (x Data..:? "Destination")
+            Prelude.<*> (x Data..:? "DestinationPort")
+            Prelude.<*> (x Data..:? "Direction")
+            Prelude.<*> (x Data..:? "Protocol")
+            Prelude.<*> (x Data..:? "Source")
+            Prelude.<*> (x Data..:? "SourcePort")
+      )
+
+instance
+  Prelude.Hashable
+    RuleGroupSourceStatefulRulesHeaderDetails
+  where
+  hashWithSalt
+    _salt
+    RuleGroupSourceStatefulRulesHeaderDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` destination
+        `Prelude.hashWithSalt` destinationPort
+        `Prelude.hashWithSalt` direction
+        `Prelude.hashWithSalt` protocol
+        `Prelude.hashWithSalt` source
+        `Prelude.hashWithSalt` sourcePort
+
+instance
+  Prelude.NFData
+    RuleGroupSourceStatefulRulesHeaderDetails
+  where
+  rnf RuleGroupSourceStatefulRulesHeaderDetails' {..} =
+    Prelude.rnf destination
+      `Prelude.seq` Prelude.rnf destinationPort
+      `Prelude.seq` Prelude.rnf direction
+      `Prelude.seq` Prelude.rnf protocol
+      `Prelude.seq` Prelude.rnf source
+      `Prelude.seq` Prelude.rnf sourcePort
+
+instance
+  Data.ToJSON
+    RuleGroupSourceStatefulRulesHeaderDetails
+  where
+  toJSON RuleGroupSourceStatefulRulesHeaderDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Destination" Data..=) Prelude.<$> destination,
+            ("DestinationPort" Data..=)
+              Prelude.<$> destinationPort,
+            ("Direction" Data..=) Prelude.<$> direction,
+            ("Protocol" Data..=) Prelude.<$> protocol,
+            ("Source" Data..=) Prelude.<$> source,
+            ("SourcePort" Data..=) Prelude.<$> sourcePort
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatefulRulesOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatefulRulesOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatefulRulesOptionsDetails.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupSourceStatefulRulesOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A rule option for a stateful rule.
+--
+-- /See:/ 'newRuleGroupSourceStatefulRulesOptionsDetails' smart constructor.
+data RuleGroupSourceStatefulRulesOptionsDetails = RuleGroupSourceStatefulRulesOptionsDetails'
+  { -- | A keyword to look for.
+    keyword :: Prelude.Maybe Prelude.Text,
+    -- | A list of settings.
+    settings :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSourceStatefulRulesOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'keyword', 'ruleGroupSourceStatefulRulesOptionsDetails_keyword' - A keyword to look for.
+--
+-- 'settings', 'ruleGroupSourceStatefulRulesOptionsDetails_settings' - A list of settings.
+newRuleGroupSourceStatefulRulesOptionsDetails ::
+  RuleGroupSourceStatefulRulesOptionsDetails
+newRuleGroupSourceStatefulRulesOptionsDetails =
+  RuleGroupSourceStatefulRulesOptionsDetails'
+    { keyword =
+        Prelude.Nothing,
+      settings = Prelude.Nothing
+    }
+
+-- | A keyword to look for.
+ruleGroupSourceStatefulRulesOptionsDetails_keyword :: Lens.Lens' RuleGroupSourceStatefulRulesOptionsDetails (Prelude.Maybe Prelude.Text)
+ruleGroupSourceStatefulRulesOptionsDetails_keyword = Lens.lens (\RuleGroupSourceStatefulRulesOptionsDetails' {keyword} -> keyword) (\s@RuleGroupSourceStatefulRulesOptionsDetails' {} a -> s {keyword = a} :: RuleGroupSourceStatefulRulesOptionsDetails)
+
+-- | A list of settings.
+ruleGroupSourceStatefulRulesOptionsDetails_settings :: Lens.Lens' RuleGroupSourceStatefulRulesOptionsDetails (Prelude.Maybe [Prelude.Text])
+ruleGroupSourceStatefulRulesOptionsDetails_settings = Lens.lens (\RuleGroupSourceStatefulRulesOptionsDetails' {settings} -> settings) (\s@RuleGroupSourceStatefulRulesOptionsDetails' {} a -> s {settings = a} :: RuleGroupSourceStatefulRulesOptionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    RuleGroupSourceStatefulRulesOptionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSourceStatefulRulesOptionsDetails"
+      ( \x ->
+          RuleGroupSourceStatefulRulesOptionsDetails'
+            Prelude.<$> (x Data..:? "Keyword")
+            Prelude.<*> (x Data..:? "Settings" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    RuleGroupSourceStatefulRulesOptionsDetails
+  where
+  hashWithSalt
+    _salt
+    RuleGroupSourceStatefulRulesOptionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` keyword
+        `Prelude.hashWithSalt` settings
+
+instance
+  Prelude.NFData
+    RuleGroupSourceStatefulRulesOptionsDetails
+  where
+  rnf RuleGroupSourceStatefulRulesOptionsDetails' {..} =
+    Prelude.rnf keyword
+      `Prelude.seq` Prelude.rnf settings
+
+instance
+  Data.ToJSON
+    RuleGroupSourceStatefulRulesOptionsDetails
+  where
+  toJSON
+    RuleGroupSourceStatefulRulesOptionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Keyword" Data..=) Prelude.<$> keyword,
+              ("Settings" Data..=) Prelude.<$> settings
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleDefinition.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleDefinition.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleDefinition.hs
@@ -0,0 +1,122 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleDefinition
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleDefinition where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributes
+
+-- | The definition of the stateless rule.
+--
+-- /See:/ 'newRuleGroupSourceStatelessRuleDefinition' smart constructor.
+data RuleGroupSourceStatelessRuleDefinition = RuleGroupSourceStatelessRuleDefinition'
+  { -- | The actions to take on a packet that matches one of the stateless rule
+    -- definition\'s match attributes. You must specify a standard action
+    -- (@aws:pass@, @aws:drop@, or @aws:forward_to_sfe@). You can then add
+    -- custom actions.
+    actions :: Prelude.Maybe [Prelude.Text],
+    -- | The criteria for Network Firewall to use to inspect an individual packet
+    -- in a stateless rule inspection.
+    matchAttributes :: Prelude.Maybe RuleGroupSourceStatelessRuleMatchAttributes
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSourceStatelessRuleDefinition' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'actions', 'ruleGroupSourceStatelessRuleDefinition_actions' - The actions to take on a packet that matches one of the stateless rule
+-- definition\'s match attributes. You must specify a standard action
+-- (@aws:pass@, @aws:drop@, or @aws:forward_to_sfe@). You can then add
+-- custom actions.
+--
+-- 'matchAttributes', 'ruleGroupSourceStatelessRuleDefinition_matchAttributes' - The criteria for Network Firewall to use to inspect an individual packet
+-- in a stateless rule inspection.
+newRuleGroupSourceStatelessRuleDefinition ::
+  RuleGroupSourceStatelessRuleDefinition
+newRuleGroupSourceStatelessRuleDefinition =
+  RuleGroupSourceStatelessRuleDefinition'
+    { actions =
+        Prelude.Nothing,
+      matchAttributes = Prelude.Nothing
+    }
+
+-- | The actions to take on a packet that matches one of the stateless rule
+-- definition\'s match attributes. You must specify a standard action
+-- (@aws:pass@, @aws:drop@, or @aws:forward_to_sfe@). You can then add
+-- custom actions.
+ruleGroupSourceStatelessRuleDefinition_actions :: Lens.Lens' RuleGroupSourceStatelessRuleDefinition (Prelude.Maybe [Prelude.Text])
+ruleGroupSourceStatelessRuleDefinition_actions = Lens.lens (\RuleGroupSourceStatelessRuleDefinition' {actions} -> actions) (\s@RuleGroupSourceStatelessRuleDefinition' {} a -> s {actions = a} :: RuleGroupSourceStatelessRuleDefinition) Prelude.. Lens.mapping Lens.coerced
+
+-- | The criteria for Network Firewall to use to inspect an individual packet
+-- in a stateless rule inspection.
+ruleGroupSourceStatelessRuleDefinition_matchAttributes :: Lens.Lens' RuleGroupSourceStatelessRuleDefinition (Prelude.Maybe RuleGroupSourceStatelessRuleMatchAttributes)
+ruleGroupSourceStatelessRuleDefinition_matchAttributes = Lens.lens (\RuleGroupSourceStatelessRuleDefinition' {matchAttributes} -> matchAttributes) (\s@RuleGroupSourceStatelessRuleDefinition' {} a -> s {matchAttributes = a} :: RuleGroupSourceStatelessRuleDefinition)
+
+instance
+  Data.FromJSON
+    RuleGroupSourceStatelessRuleDefinition
+  where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSourceStatelessRuleDefinition"
+      ( \x ->
+          RuleGroupSourceStatelessRuleDefinition'
+            Prelude.<$> (x Data..:? "Actions" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "MatchAttributes")
+      )
+
+instance
+  Prelude.Hashable
+    RuleGroupSourceStatelessRuleDefinition
+  where
+  hashWithSalt
+    _salt
+    RuleGroupSourceStatelessRuleDefinition' {..} =
+      _salt
+        `Prelude.hashWithSalt` actions
+        `Prelude.hashWithSalt` matchAttributes
+
+instance
+  Prelude.NFData
+    RuleGroupSourceStatelessRuleDefinition
+  where
+  rnf RuleGroupSourceStatelessRuleDefinition' {..} =
+    Prelude.rnf actions
+      `Prelude.seq` Prelude.rnf matchAttributes
+
+instance
+  Data.ToJSON
+    RuleGroupSourceStatelessRuleDefinition
+  where
+  toJSON RuleGroupSourceStatelessRuleDefinition' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Actions" Data..=) Prelude.<$> actions,
+            ("MatchAttributes" Data..=)
+              Prelude.<$> matchAttributes
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributes.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributes.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributes.hs
@@ -0,0 +1,176 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributes
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributes where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesDestinations
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesSources
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
+
+-- | Criteria for the stateless rule.
+--
+-- /See:/ 'newRuleGroupSourceStatelessRuleMatchAttributes' smart constructor.
+data RuleGroupSourceStatelessRuleMatchAttributes = RuleGroupSourceStatelessRuleMatchAttributes'
+  { -- | A list of port ranges to specify the destination ports to inspect for.
+    destinationPorts :: Prelude.Maybe [RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts],
+    -- | The destination IP addresses and address ranges to inspect for, in CIDR
+    -- notation.
+    destinations :: Prelude.Maybe [RuleGroupSourceStatelessRuleMatchAttributesDestinations],
+    -- | The protocols to inspect for.
+    protocols :: Prelude.Maybe [Prelude.Int],
+    -- | A list of port ranges to specify the source ports to inspect for.
+    sourcePorts :: Prelude.Maybe [RuleGroupSourceStatelessRuleMatchAttributesSourcePorts],
+    -- | The source IP addresses and address ranges to inspect for, in CIDR
+    -- notation.
+    sources :: Prelude.Maybe [RuleGroupSourceStatelessRuleMatchAttributesSources],
+    -- | The TCP flags and masks to inspect for.
+    tcpFlags :: Prelude.Maybe [RuleGroupSourceStatelessRuleMatchAttributesTcpFlags]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSourceStatelessRuleMatchAttributes' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'destinationPorts', 'ruleGroupSourceStatelessRuleMatchAttributes_destinationPorts' - A list of port ranges to specify the destination ports to inspect for.
+--
+-- 'destinations', 'ruleGroupSourceStatelessRuleMatchAttributes_destinations' - The destination IP addresses and address ranges to inspect for, in CIDR
+-- notation.
+--
+-- 'protocols', 'ruleGroupSourceStatelessRuleMatchAttributes_protocols' - The protocols to inspect for.
+--
+-- 'sourcePorts', 'ruleGroupSourceStatelessRuleMatchAttributes_sourcePorts' - A list of port ranges to specify the source ports to inspect for.
+--
+-- 'sources', 'ruleGroupSourceStatelessRuleMatchAttributes_sources' - The source IP addresses and address ranges to inspect for, in CIDR
+-- notation.
+--
+-- 'tcpFlags', 'ruleGroupSourceStatelessRuleMatchAttributes_tcpFlags' - The TCP flags and masks to inspect for.
+newRuleGroupSourceStatelessRuleMatchAttributes ::
+  RuleGroupSourceStatelessRuleMatchAttributes
+newRuleGroupSourceStatelessRuleMatchAttributes =
+  RuleGroupSourceStatelessRuleMatchAttributes'
+    { destinationPorts =
+        Prelude.Nothing,
+      destinations = Prelude.Nothing,
+      protocols = Prelude.Nothing,
+      sourcePorts = Prelude.Nothing,
+      sources = Prelude.Nothing,
+      tcpFlags = Prelude.Nothing
+    }
+
+-- | A list of port ranges to specify the destination ports to inspect for.
+ruleGroupSourceStatelessRuleMatchAttributes_destinationPorts :: Lens.Lens' RuleGroupSourceStatelessRuleMatchAttributes (Prelude.Maybe [RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts])
+ruleGroupSourceStatelessRuleMatchAttributes_destinationPorts = Lens.lens (\RuleGroupSourceStatelessRuleMatchAttributes' {destinationPorts} -> destinationPorts) (\s@RuleGroupSourceStatelessRuleMatchAttributes' {} a -> s {destinationPorts = a} :: RuleGroupSourceStatelessRuleMatchAttributes) Prelude.. Lens.mapping Lens.coerced
+
+-- | The destination IP addresses and address ranges to inspect for, in CIDR
+-- notation.
+ruleGroupSourceStatelessRuleMatchAttributes_destinations :: Lens.Lens' RuleGroupSourceStatelessRuleMatchAttributes (Prelude.Maybe [RuleGroupSourceStatelessRuleMatchAttributesDestinations])
+ruleGroupSourceStatelessRuleMatchAttributes_destinations = Lens.lens (\RuleGroupSourceStatelessRuleMatchAttributes' {destinations} -> destinations) (\s@RuleGroupSourceStatelessRuleMatchAttributes' {} a -> s {destinations = a} :: RuleGroupSourceStatelessRuleMatchAttributes) Prelude.. Lens.mapping Lens.coerced
+
+-- | The protocols to inspect for.
+ruleGroupSourceStatelessRuleMatchAttributes_protocols :: Lens.Lens' RuleGroupSourceStatelessRuleMatchAttributes (Prelude.Maybe [Prelude.Int])
+ruleGroupSourceStatelessRuleMatchAttributes_protocols = Lens.lens (\RuleGroupSourceStatelessRuleMatchAttributes' {protocols} -> protocols) (\s@RuleGroupSourceStatelessRuleMatchAttributes' {} a -> s {protocols = a} :: RuleGroupSourceStatelessRuleMatchAttributes) Prelude.. Lens.mapping Lens.coerced
+
+-- | A list of port ranges to specify the source ports to inspect for.
+ruleGroupSourceStatelessRuleMatchAttributes_sourcePorts :: Lens.Lens' RuleGroupSourceStatelessRuleMatchAttributes (Prelude.Maybe [RuleGroupSourceStatelessRuleMatchAttributesSourcePorts])
+ruleGroupSourceStatelessRuleMatchAttributes_sourcePorts = Lens.lens (\RuleGroupSourceStatelessRuleMatchAttributes' {sourcePorts} -> sourcePorts) (\s@RuleGroupSourceStatelessRuleMatchAttributes' {} a -> s {sourcePorts = a} :: RuleGroupSourceStatelessRuleMatchAttributes) Prelude.. Lens.mapping Lens.coerced
+
+-- | The source IP addresses and address ranges to inspect for, in CIDR
+-- notation.
+ruleGroupSourceStatelessRuleMatchAttributes_sources :: Lens.Lens' RuleGroupSourceStatelessRuleMatchAttributes (Prelude.Maybe [RuleGroupSourceStatelessRuleMatchAttributesSources])
+ruleGroupSourceStatelessRuleMatchAttributes_sources = Lens.lens (\RuleGroupSourceStatelessRuleMatchAttributes' {sources} -> sources) (\s@RuleGroupSourceStatelessRuleMatchAttributes' {} a -> s {sources = a} :: RuleGroupSourceStatelessRuleMatchAttributes) Prelude.. Lens.mapping Lens.coerced
+
+-- | The TCP flags and masks to inspect for.
+ruleGroupSourceStatelessRuleMatchAttributes_tcpFlags :: Lens.Lens' RuleGroupSourceStatelessRuleMatchAttributes (Prelude.Maybe [RuleGroupSourceStatelessRuleMatchAttributesTcpFlags])
+ruleGroupSourceStatelessRuleMatchAttributes_tcpFlags = Lens.lens (\RuleGroupSourceStatelessRuleMatchAttributes' {tcpFlags} -> tcpFlags) (\s@RuleGroupSourceStatelessRuleMatchAttributes' {} a -> s {tcpFlags = a} :: RuleGroupSourceStatelessRuleMatchAttributes) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    RuleGroupSourceStatelessRuleMatchAttributes
+  where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSourceStatelessRuleMatchAttributes"
+      ( \x ->
+          RuleGroupSourceStatelessRuleMatchAttributes'
+            Prelude.<$> ( x
+                            Data..:? "DestinationPorts"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Destinations" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Protocols" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "SourcePorts" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Sources" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "TcpFlags" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    RuleGroupSourceStatelessRuleMatchAttributes
+  where
+  hashWithSalt
+    _salt
+    RuleGroupSourceStatelessRuleMatchAttributes' {..} =
+      _salt
+        `Prelude.hashWithSalt` destinationPorts
+        `Prelude.hashWithSalt` destinations
+        `Prelude.hashWithSalt` protocols
+        `Prelude.hashWithSalt` sourcePorts
+        `Prelude.hashWithSalt` sources
+        `Prelude.hashWithSalt` tcpFlags
+
+instance
+  Prelude.NFData
+    RuleGroupSourceStatelessRuleMatchAttributes
+  where
+  rnf RuleGroupSourceStatelessRuleMatchAttributes' {..} =
+    Prelude.rnf destinationPorts
+      `Prelude.seq` Prelude.rnf destinations
+      `Prelude.seq` Prelude.rnf protocols
+      `Prelude.seq` Prelude.rnf sourcePorts
+      `Prelude.seq` Prelude.rnf sources
+      `Prelude.seq` Prelude.rnf tcpFlags
+
+instance
+  Data.ToJSON
+    RuleGroupSourceStatelessRuleMatchAttributes
+  where
+  toJSON
+    RuleGroupSourceStatelessRuleMatchAttributes' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("DestinationPorts" Data..=)
+                Prelude.<$> destinationPorts,
+              ("Destinations" Data..=) Prelude.<$> destinations,
+              ("Protocols" Data..=) Prelude.<$> protocols,
+              ("SourcePorts" Data..=) Prelude.<$> sourcePorts,
+              ("Sources" Data..=) Prelude.<$> sources,
+              ("TcpFlags" Data..=) Prelude.<$> tcpFlags
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A port range to specify the destination ports to inspect for.
+--
+-- /See:/ 'newRuleGroupSourceStatelessRuleMatchAttributesDestinationPorts' smart constructor.
+data RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts = RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts'
+  { -- | The starting port value for the port range.
+    fromPort :: Prelude.Maybe Prelude.Int,
+    -- | The ending port value for the port range.
+    toPort :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'fromPort', 'ruleGroupSourceStatelessRuleMatchAttributesDestinationPorts_fromPort' - The starting port value for the port range.
+--
+-- 'toPort', 'ruleGroupSourceStatelessRuleMatchAttributesDestinationPorts_toPort' - The ending port value for the port range.
+newRuleGroupSourceStatelessRuleMatchAttributesDestinationPorts ::
+  RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
+newRuleGroupSourceStatelessRuleMatchAttributesDestinationPorts =
+  RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts'
+    { fromPort =
+        Prelude.Nothing,
+      toPort =
+        Prelude.Nothing
+    }
+
+-- | The starting port value for the port range.
+ruleGroupSourceStatelessRuleMatchAttributesDestinationPorts_fromPort :: Lens.Lens' RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts (Prelude.Maybe Prelude.Int)
+ruleGroupSourceStatelessRuleMatchAttributesDestinationPorts_fromPort = Lens.lens (\RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts' {fromPort} -> fromPort) (\s@RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts' {} a -> s {fromPort = a} :: RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts)
+
+-- | The ending port value for the port range.
+ruleGroupSourceStatelessRuleMatchAttributesDestinationPorts_toPort :: Lens.Lens' RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts (Prelude.Maybe Prelude.Int)
+ruleGroupSourceStatelessRuleMatchAttributesDestinationPorts_toPort = Lens.lens (\RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts' {toPort} -> toPort) (\s@RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts' {} a -> s {toPort = a} :: RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts)
+
+instance
+  Data.FromJSON
+    RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
+  where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts"
+      ( \x ->
+          RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts'
+            Prelude.<$> (x Data..:? "FromPort")
+            Prelude.<*> (x Data..:? "ToPort")
+      )
+
+instance
+  Prelude.Hashable
+    RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
+  where
+  hashWithSalt
+    _salt
+    RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts' {..} =
+      _salt
+        `Prelude.hashWithSalt` fromPort
+        `Prelude.hashWithSalt` toPort
+
+instance
+  Prelude.NFData
+    RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
+  where
+  rnf
+    RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts' {..} =
+      Prelude.rnf fromPort
+        `Prelude.seq` Prelude.rnf toPort
+
+instance
+  Data.ToJSON
+    RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts
+  where
+  toJSON
+    RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("FromPort" Data..=) Prelude.<$> fromPort,
+              ("ToPort" Data..=) Prelude.<$> toPort
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributesDestinations.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributesDestinations.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributesDestinations.hs
@@ -0,0 +1,97 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesDestinations
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesDestinations where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A destination IP address or range.
+--
+-- /See:/ 'newRuleGroupSourceStatelessRuleMatchAttributesDestinations' smart constructor.
+data RuleGroupSourceStatelessRuleMatchAttributesDestinations = RuleGroupSourceStatelessRuleMatchAttributesDestinations'
+  { -- | An IP address or a block of IP addresses.
+    addressDefinition :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSourceStatelessRuleMatchAttributesDestinations' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'addressDefinition', 'ruleGroupSourceStatelessRuleMatchAttributesDestinations_addressDefinition' - An IP address or a block of IP addresses.
+newRuleGroupSourceStatelessRuleMatchAttributesDestinations ::
+  RuleGroupSourceStatelessRuleMatchAttributesDestinations
+newRuleGroupSourceStatelessRuleMatchAttributesDestinations =
+  RuleGroupSourceStatelessRuleMatchAttributesDestinations'
+    { addressDefinition =
+        Prelude.Nothing
+    }
+
+-- | An IP address or a block of IP addresses.
+ruleGroupSourceStatelessRuleMatchAttributesDestinations_addressDefinition :: Lens.Lens' RuleGroupSourceStatelessRuleMatchAttributesDestinations (Prelude.Maybe Prelude.Text)
+ruleGroupSourceStatelessRuleMatchAttributesDestinations_addressDefinition = Lens.lens (\RuleGroupSourceStatelessRuleMatchAttributesDestinations' {addressDefinition} -> addressDefinition) (\s@RuleGroupSourceStatelessRuleMatchAttributesDestinations' {} a -> s {addressDefinition = a} :: RuleGroupSourceStatelessRuleMatchAttributesDestinations)
+
+instance
+  Data.FromJSON
+    RuleGroupSourceStatelessRuleMatchAttributesDestinations
+  where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSourceStatelessRuleMatchAttributesDestinations"
+      ( \x ->
+          RuleGroupSourceStatelessRuleMatchAttributesDestinations'
+            Prelude.<$> (x Data..:? "AddressDefinition")
+      )
+
+instance
+  Prelude.Hashable
+    RuleGroupSourceStatelessRuleMatchAttributesDestinations
+  where
+  hashWithSalt
+    _salt
+    RuleGroupSourceStatelessRuleMatchAttributesDestinations' {..} =
+      _salt `Prelude.hashWithSalt` addressDefinition
+
+instance
+  Prelude.NFData
+    RuleGroupSourceStatelessRuleMatchAttributesDestinations
+  where
+  rnf
+    RuleGroupSourceStatelessRuleMatchAttributesDestinations' {..} =
+      Prelude.rnf addressDefinition
+
+instance
+  Data.ToJSON
+    RuleGroupSourceStatelessRuleMatchAttributesDestinations
+  where
+  toJSON
+    RuleGroupSourceStatelessRuleMatchAttributesDestinations' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AddressDefinition" Data..=)
+                Prelude.<$> addressDefinition
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributesSourcePorts.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributesSourcePorts.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributesSourcePorts.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesSourcePorts where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A port range to specify the source ports to inspect for.
+--
+-- /See:/ 'newRuleGroupSourceStatelessRuleMatchAttributesSourcePorts' smart constructor.
+data RuleGroupSourceStatelessRuleMatchAttributesSourcePorts = RuleGroupSourceStatelessRuleMatchAttributesSourcePorts'
+  { -- | The starting port value for the port range.
+    fromPort :: Prelude.Maybe Prelude.Int,
+    -- | The ending port value for the port range.
+    toPort :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSourceStatelessRuleMatchAttributesSourcePorts' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'fromPort', 'ruleGroupSourceStatelessRuleMatchAttributesSourcePorts_fromPort' - The starting port value for the port range.
+--
+-- 'toPort', 'ruleGroupSourceStatelessRuleMatchAttributesSourcePorts_toPort' - The ending port value for the port range.
+newRuleGroupSourceStatelessRuleMatchAttributesSourcePorts ::
+  RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
+newRuleGroupSourceStatelessRuleMatchAttributesSourcePorts =
+  RuleGroupSourceStatelessRuleMatchAttributesSourcePorts'
+    { fromPort =
+        Prelude.Nothing,
+      toPort =
+        Prelude.Nothing
+    }
+
+-- | The starting port value for the port range.
+ruleGroupSourceStatelessRuleMatchAttributesSourcePorts_fromPort :: Lens.Lens' RuleGroupSourceStatelessRuleMatchAttributesSourcePorts (Prelude.Maybe Prelude.Int)
+ruleGroupSourceStatelessRuleMatchAttributesSourcePorts_fromPort = Lens.lens (\RuleGroupSourceStatelessRuleMatchAttributesSourcePorts' {fromPort} -> fromPort) (\s@RuleGroupSourceStatelessRuleMatchAttributesSourcePorts' {} a -> s {fromPort = a} :: RuleGroupSourceStatelessRuleMatchAttributesSourcePorts)
+
+-- | The ending port value for the port range.
+ruleGroupSourceStatelessRuleMatchAttributesSourcePorts_toPort :: Lens.Lens' RuleGroupSourceStatelessRuleMatchAttributesSourcePorts (Prelude.Maybe Prelude.Int)
+ruleGroupSourceStatelessRuleMatchAttributesSourcePorts_toPort = Lens.lens (\RuleGroupSourceStatelessRuleMatchAttributesSourcePorts' {toPort} -> toPort) (\s@RuleGroupSourceStatelessRuleMatchAttributesSourcePorts' {} a -> s {toPort = a} :: RuleGroupSourceStatelessRuleMatchAttributesSourcePorts)
+
+instance
+  Data.FromJSON
+    RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
+  where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSourceStatelessRuleMatchAttributesSourcePorts"
+      ( \x ->
+          RuleGroupSourceStatelessRuleMatchAttributesSourcePorts'
+            Prelude.<$> (x Data..:? "FromPort")
+            Prelude.<*> (x Data..:? "ToPort")
+      )
+
+instance
+  Prelude.Hashable
+    RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
+  where
+  hashWithSalt
+    _salt
+    RuleGroupSourceStatelessRuleMatchAttributesSourcePorts' {..} =
+      _salt
+        `Prelude.hashWithSalt` fromPort
+        `Prelude.hashWithSalt` toPort
+
+instance
+  Prelude.NFData
+    RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
+  where
+  rnf
+    RuleGroupSourceStatelessRuleMatchAttributesSourcePorts' {..} =
+      Prelude.rnf fromPort
+        `Prelude.seq` Prelude.rnf toPort
+
+instance
+  Data.ToJSON
+    RuleGroupSourceStatelessRuleMatchAttributesSourcePorts
+  where
+  toJSON
+    RuleGroupSourceStatelessRuleMatchAttributesSourcePorts' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("FromPort" Data..=) Prelude.<$> fromPort,
+              ("ToPort" Data..=) Prelude.<$> toPort
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributesSources.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributesSources.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributesSources.hs
@@ -0,0 +1,97 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesSources
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesSources where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A source IP addresses and address range to inspect for.
+--
+-- /See:/ 'newRuleGroupSourceStatelessRuleMatchAttributesSources' smart constructor.
+data RuleGroupSourceStatelessRuleMatchAttributesSources = RuleGroupSourceStatelessRuleMatchAttributesSources'
+  { -- | An IP address or a block of IP addresses.
+    addressDefinition :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSourceStatelessRuleMatchAttributesSources' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'addressDefinition', 'ruleGroupSourceStatelessRuleMatchAttributesSources_addressDefinition' - An IP address or a block of IP addresses.
+newRuleGroupSourceStatelessRuleMatchAttributesSources ::
+  RuleGroupSourceStatelessRuleMatchAttributesSources
+newRuleGroupSourceStatelessRuleMatchAttributesSources =
+  RuleGroupSourceStatelessRuleMatchAttributesSources'
+    { addressDefinition =
+        Prelude.Nothing
+    }
+
+-- | An IP address or a block of IP addresses.
+ruleGroupSourceStatelessRuleMatchAttributesSources_addressDefinition :: Lens.Lens' RuleGroupSourceStatelessRuleMatchAttributesSources (Prelude.Maybe Prelude.Text)
+ruleGroupSourceStatelessRuleMatchAttributesSources_addressDefinition = Lens.lens (\RuleGroupSourceStatelessRuleMatchAttributesSources' {addressDefinition} -> addressDefinition) (\s@RuleGroupSourceStatelessRuleMatchAttributesSources' {} a -> s {addressDefinition = a} :: RuleGroupSourceStatelessRuleMatchAttributesSources)
+
+instance
+  Data.FromJSON
+    RuleGroupSourceStatelessRuleMatchAttributesSources
+  where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSourceStatelessRuleMatchAttributesSources"
+      ( \x ->
+          RuleGroupSourceStatelessRuleMatchAttributesSources'
+            Prelude.<$> (x Data..:? "AddressDefinition")
+      )
+
+instance
+  Prelude.Hashable
+    RuleGroupSourceStatelessRuleMatchAttributesSources
+  where
+  hashWithSalt
+    _salt
+    RuleGroupSourceStatelessRuleMatchAttributesSources' {..} =
+      _salt `Prelude.hashWithSalt` addressDefinition
+
+instance
+  Prelude.NFData
+    RuleGroupSourceStatelessRuleMatchAttributesSources
+  where
+  rnf
+    RuleGroupSourceStatelessRuleMatchAttributesSources' {..} =
+      Prelude.rnf addressDefinition
+
+instance
+  Data.ToJSON
+    RuleGroupSourceStatelessRuleMatchAttributesSources
+  where
+  toJSON
+    RuleGroupSourceStatelessRuleMatchAttributesSources' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("AddressDefinition" Data..=)
+                Prelude.<$> addressDefinition
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributesTcpFlags.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributesTcpFlags.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRuleMatchAttributesTcpFlags.hs
@@ -0,0 +1,119 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleMatchAttributesTcpFlags where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A set of TCP flags and masks to inspect for.
+--
+-- /See:/ 'newRuleGroupSourceStatelessRuleMatchAttributesTcpFlags' smart constructor.
+data RuleGroupSourceStatelessRuleMatchAttributesTcpFlags = RuleGroupSourceStatelessRuleMatchAttributesTcpFlags'
+  { -- | Defines the flags from the @Masks@ setting that must be set in order for
+    -- the packet to match. Flags that are listed must be set. Flags that are
+    -- not listed must not be set.
+    flags :: Prelude.Maybe [Prelude.Text],
+    -- | The set of flags to consider in the inspection. If not specified, then
+    -- all flags are inspected.
+    masks :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSourceStatelessRuleMatchAttributesTcpFlags' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'flags', 'ruleGroupSourceStatelessRuleMatchAttributesTcpFlags_flags' - Defines the flags from the @Masks@ setting that must be set in order for
+-- the packet to match. Flags that are listed must be set. Flags that are
+-- not listed must not be set.
+--
+-- 'masks', 'ruleGroupSourceStatelessRuleMatchAttributesTcpFlags_masks' - The set of flags to consider in the inspection. If not specified, then
+-- all flags are inspected.
+newRuleGroupSourceStatelessRuleMatchAttributesTcpFlags ::
+  RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
+newRuleGroupSourceStatelessRuleMatchAttributesTcpFlags =
+  RuleGroupSourceStatelessRuleMatchAttributesTcpFlags'
+    { flags =
+        Prelude.Nothing,
+      masks =
+        Prelude.Nothing
+    }
+
+-- | Defines the flags from the @Masks@ setting that must be set in order for
+-- the packet to match. Flags that are listed must be set. Flags that are
+-- not listed must not be set.
+ruleGroupSourceStatelessRuleMatchAttributesTcpFlags_flags :: Lens.Lens' RuleGroupSourceStatelessRuleMatchAttributesTcpFlags (Prelude.Maybe [Prelude.Text])
+ruleGroupSourceStatelessRuleMatchAttributesTcpFlags_flags = Lens.lens (\RuleGroupSourceStatelessRuleMatchAttributesTcpFlags' {flags} -> flags) (\s@RuleGroupSourceStatelessRuleMatchAttributesTcpFlags' {} a -> s {flags = a} :: RuleGroupSourceStatelessRuleMatchAttributesTcpFlags) Prelude.. Lens.mapping Lens.coerced
+
+-- | The set of flags to consider in the inspection. If not specified, then
+-- all flags are inspected.
+ruleGroupSourceStatelessRuleMatchAttributesTcpFlags_masks :: Lens.Lens' RuleGroupSourceStatelessRuleMatchAttributesTcpFlags (Prelude.Maybe [Prelude.Text])
+ruleGroupSourceStatelessRuleMatchAttributesTcpFlags_masks = Lens.lens (\RuleGroupSourceStatelessRuleMatchAttributesTcpFlags' {masks} -> masks) (\s@RuleGroupSourceStatelessRuleMatchAttributesTcpFlags' {} a -> s {masks = a} :: RuleGroupSourceStatelessRuleMatchAttributesTcpFlags) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
+  where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSourceStatelessRuleMatchAttributesTcpFlags"
+      ( \x ->
+          RuleGroupSourceStatelessRuleMatchAttributesTcpFlags'
+            Prelude.<$> (x Data..:? "Flags" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Masks" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
+  where
+  hashWithSalt
+    _salt
+    RuleGroupSourceStatelessRuleMatchAttributesTcpFlags' {..} =
+      _salt
+        `Prelude.hashWithSalt` flags
+        `Prelude.hashWithSalt` masks
+
+instance
+  Prelude.NFData
+    RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
+  where
+  rnf
+    RuleGroupSourceStatelessRuleMatchAttributesTcpFlags' {..} =
+      Prelude.rnf flags `Prelude.seq` Prelude.rnf masks
+
+instance
+  Data.ToJSON
+    RuleGroupSourceStatelessRuleMatchAttributesTcpFlags
+  where
+  toJSON
+    RuleGroupSourceStatelessRuleMatchAttributesTcpFlags' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("Flags" Data..=) Prelude.<$> flags,
+              ("Masks" Data..=) Prelude.<$> masks
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRulesAndCustomActionsDetails.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRulesAndCustomActionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRulesAndCustomActionsDetails.hs
@@ -0,0 +1,117 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRulesAndCustomActionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRulesAndCustomActionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.RuleGroupSourceCustomActionsDetails
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRulesDetails
+
+-- | Stateless rules and custom actions for a stateless rule group.
+--
+-- /See:/ 'newRuleGroupSourceStatelessRulesAndCustomActionsDetails' smart constructor.
+data RuleGroupSourceStatelessRulesAndCustomActionsDetails = RuleGroupSourceStatelessRulesAndCustomActionsDetails'
+  { -- | Custom actions for the rule group.
+    customActions :: Prelude.Maybe [RuleGroupSourceCustomActionsDetails],
+    -- | Stateless rules for the rule group.
+    statelessRules :: Prelude.Maybe [RuleGroupSourceStatelessRulesDetails]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSourceStatelessRulesAndCustomActionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customActions', 'ruleGroupSourceStatelessRulesAndCustomActionsDetails_customActions' - Custom actions for the rule group.
+--
+-- 'statelessRules', 'ruleGroupSourceStatelessRulesAndCustomActionsDetails_statelessRules' - Stateless rules for the rule group.
+newRuleGroupSourceStatelessRulesAndCustomActionsDetails ::
+  RuleGroupSourceStatelessRulesAndCustomActionsDetails
+newRuleGroupSourceStatelessRulesAndCustomActionsDetails =
+  RuleGroupSourceStatelessRulesAndCustomActionsDetails'
+    { customActions =
+        Prelude.Nothing,
+      statelessRules =
+        Prelude.Nothing
+    }
+
+-- | Custom actions for the rule group.
+ruleGroupSourceStatelessRulesAndCustomActionsDetails_customActions :: Lens.Lens' RuleGroupSourceStatelessRulesAndCustomActionsDetails (Prelude.Maybe [RuleGroupSourceCustomActionsDetails])
+ruleGroupSourceStatelessRulesAndCustomActionsDetails_customActions = Lens.lens (\RuleGroupSourceStatelessRulesAndCustomActionsDetails' {customActions} -> customActions) (\s@RuleGroupSourceStatelessRulesAndCustomActionsDetails' {} a -> s {customActions = a} :: RuleGroupSourceStatelessRulesAndCustomActionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Stateless rules for the rule group.
+ruleGroupSourceStatelessRulesAndCustomActionsDetails_statelessRules :: Lens.Lens' RuleGroupSourceStatelessRulesAndCustomActionsDetails (Prelude.Maybe [RuleGroupSourceStatelessRulesDetails])
+ruleGroupSourceStatelessRulesAndCustomActionsDetails_statelessRules = Lens.lens (\RuleGroupSourceStatelessRulesAndCustomActionsDetails' {statelessRules} -> statelessRules) (\s@RuleGroupSourceStatelessRulesAndCustomActionsDetails' {} a -> s {statelessRules = a} :: RuleGroupSourceStatelessRulesAndCustomActionsDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    RuleGroupSourceStatelessRulesAndCustomActionsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSourceStatelessRulesAndCustomActionsDetails"
+      ( \x ->
+          RuleGroupSourceStatelessRulesAndCustomActionsDetails'
+            Prelude.<$> (x Data..:? "CustomActions" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "StatelessRules"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance
+  Prelude.Hashable
+    RuleGroupSourceStatelessRulesAndCustomActionsDetails
+  where
+  hashWithSalt
+    _salt
+    RuleGroupSourceStatelessRulesAndCustomActionsDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` customActions
+        `Prelude.hashWithSalt` statelessRules
+
+instance
+  Prelude.NFData
+    RuleGroupSourceStatelessRulesAndCustomActionsDetails
+  where
+  rnf
+    RuleGroupSourceStatelessRulesAndCustomActionsDetails' {..} =
+      Prelude.rnf customActions
+        `Prelude.seq` Prelude.rnf statelessRules
+
+instance
+  Data.ToJSON
+    RuleGroupSourceStatelessRulesAndCustomActionsDetails
+  where
+  toJSON
+    RuleGroupSourceStatelessRulesAndCustomActionsDetails' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("CustomActions" Data..=) Prelude.<$> customActions,
+              ("StatelessRules" Data..=)
+                Prelude.<$> statelessRules
+            ]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRulesDetails.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRulesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupSourceStatelessRulesDetails.hs
@@ -0,0 +1,113 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRulesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRulesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.RuleGroupSourceStatelessRuleDefinition
+
+-- | A stateless rule in the rule group.
+--
+-- /See:/ 'newRuleGroupSourceStatelessRulesDetails' smart constructor.
+data RuleGroupSourceStatelessRulesDetails = RuleGroupSourceStatelessRulesDetails'
+  { -- | Indicates the order in which to run this rule relative to all of the
+    -- rules in the stateless rule group.
+    priority :: Prelude.Maybe Prelude.Int,
+    -- | Provides the definition of the stateless rule.
+    ruleDefinition :: Prelude.Maybe RuleGroupSourceStatelessRuleDefinition
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSourceStatelessRulesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'priority', 'ruleGroupSourceStatelessRulesDetails_priority' - Indicates the order in which to run this rule relative to all of the
+-- rules in the stateless rule group.
+--
+-- 'ruleDefinition', 'ruleGroupSourceStatelessRulesDetails_ruleDefinition' - Provides the definition of the stateless rule.
+newRuleGroupSourceStatelessRulesDetails ::
+  RuleGroupSourceStatelessRulesDetails
+newRuleGroupSourceStatelessRulesDetails =
+  RuleGroupSourceStatelessRulesDetails'
+    { priority =
+        Prelude.Nothing,
+      ruleDefinition = Prelude.Nothing
+    }
+
+-- | Indicates the order in which to run this rule relative to all of the
+-- rules in the stateless rule group.
+ruleGroupSourceStatelessRulesDetails_priority :: Lens.Lens' RuleGroupSourceStatelessRulesDetails (Prelude.Maybe Prelude.Int)
+ruleGroupSourceStatelessRulesDetails_priority = Lens.lens (\RuleGroupSourceStatelessRulesDetails' {priority} -> priority) (\s@RuleGroupSourceStatelessRulesDetails' {} a -> s {priority = a} :: RuleGroupSourceStatelessRulesDetails)
+
+-- | Provides the definition of the stateless rule.
+ruleGroupSourceStatelessRulesDetails_ruleDefinition :: Lens.Lens' RuleGroupSourceStatelessRulesDetails (Prelude.Maybe RuleGroupSourceStatelessRuleDefinition)
+ruleGroupSourceStatelessRulesDetails_ruleDefinition = Lens.lens (\RuleGroupSourceStatelessRulesDetails' {ruleDefinition} -> ruleDefinition) (\s@RuleGroupSourceStatelessRulesDetails' {} a -> s {ruleDefinition = a} :: RuleGroupSourceStatelessRulesDetails)
+
+instance
+  Data.FromJSON
+    RuleGroupSourceStatelessRulesDetails
+  where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSourceStatelessRulesDetails"
+      ( \x ->
+          RuleGroupSourceStatelessRulesDetails'
+            Prelude.<$> (x Data..:? "Priority")
+            Prelude.<*> (x Data..:? "RuleDefinition")
+      )
+
+instance
+  Prelude.Hashable
+    RuleGroupSourceStatelessRulesDetails
+  where
+  hashWithSalt
+    _salt
+    RuleGroupSourceStatelessRulesDetails' {..} =
+      _salt
+        `Prelude.hashWithSalt` priority
+        `Prelude.hashWithSalt` ruleDefinition
+
+instance
+  Prelude.NFData
+    RuleGroupSourceStatelessRulesDetails
+  where
+  rnf RuleGroupSourceStatelessRulesDetails' {..} =
+    Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf ruleDefinition
+
+instance
+  Data.ToJSON
+    RuleGroupSourceStatelessRulesDetails
+  where
+  toJSON RuleGroupSourceStatelessRulesDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Priority" Data..=) Prelude.<$> priority,
+            ("RuleDefinition" Data..=)
+              Prelude.<$> ruleDefinition
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupVariables.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupVariables.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupVariables.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupVariables
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupVariables where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.RuleGroupVariablesIpSetsDetails
+import Amazonka.SecurityHub.Types.RuleGroupVariablesPortSetsDetails
+
+-- | Additional settings to use in the specified rules.
+--
+-- /See:/ 'newRuleGroupVariables' smart constructor.
+data RuleGroupVariables = RuleGroupVariables'
+  { -- | A list of IP addresses and address ranges, in CIDR notation.
+    ipSets :: Prelude.Maybe RuleGroupVariablesIpSetsDetails,
+    -- | A list of port ranges.
+    portSets :: Prelude.Maybe RuleGroupVariablesPortSetsDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupVariables' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ipSets', 'ruleGroupVariables_ipSets' - A list of IP addresses and address ranges, in CIDR notation.
+--
+-- 'portSets', 'ruleGroupVariables_portSets' - A list of port ranges.
+newRuleGroupVariables ::
+  RuleGroupVariables
+newRuleGroupVariables =
+  RuleGroupVariables'
+    { ipSets = Prelude.Nothing,
+      portSets = Prelude.Nothing
+    }
+
+-- | A list of IP addresses and address ranges, in CIDR notation.
+ruleGroupVariables_ipSets :: Lens.Lens' RuleGroupVariables (Prelude.Maybe RuleGroupVariablesIpSetsDetails)
+ruleGroupVariables_ipSets = Lens.lens (\RuleGroupVariables' {ipSets} -> ipSets) (\s@RuleGroupVariables' {} a -> s {ipSets = a} :: RuleGroupVariables)
+
+-- | A list of port ranges.
+ruleGroupVariables_portSets :: Lens.Lens' RuleGroupVariables (Prelude.Maybe RuleGroupVariablesPortSetsDetails)
+ruleGroupVariables_portSets = Lens.lens (\RuleGroupVariables' {portSets} -> portSets) (\s@RuleGroupVariables' {} a -> s {portSets = a} :: RuleGroupVariables)
+
+instance Data.FromJSON RuleGroupVariables where
+  parseJSON =
+    Data.withObject
+      "RuleGroupVariables"
+      ( \x ->
+          RuleGroupVariables'
+            Prelude.<$> (x Data..:? "IpSets")
+            Prelude.<*> (x Data..:? "PortSets")
+      )
+
+instance Prelude.Hashable RuleGroupVariables where
+  hashWithSalt _salt RuleGroupVariables' {..} =
+    _salt
+      `Prelude.hashWithSalt` ipSets
+      `Prelude.hashWithSalt` portSets
+
+instance Prelude.NFData RuleGroupVariables where
+  rnf RuleGroupVariables' {..} =
+    Prelude.rnf ipSets
+      `Prelude.seq` Prelude.rnf portSets
+
+instance Data.ToJSON RuleGroupVariables where
+  toJSON RuleGroupVariables' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("IpSets" Data..=) Prelude.<$> ipSets,
+            ("PortSets" Data..=) Prelude.<$> portSets
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupVariablesIpSetsDetails.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupVariablesIpSetsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupVariablesIpSetsDetails.hs
@@ -0,0 +1,90 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupVariablesIpSetsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupVariablesIpSetsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A list of IP addresses and address ranges, in CIDR notation.
+--
+-- /See:/ 'newRuleGroupVariablesIpSetsDetails' smart constructor.
+data RuleGroupVariablesIpSetsDetails = RuleGroupVariablesIpSetsDetails'
+  { -- | The list of IP addresses and ranges.
+    definition :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupVariablesIpSetsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'definition', 'ruleGroupVariablesIpSetsDetails_definition' - The list of IP addresses and ranges.
+newRuleGroupVariablesIpSetsDetails ::
+  RuleGroupVariablesIpSetsDetails
+newRuleGroupVariablesIpSetsDetails =
+  RuleGroupVariablesIpSetsDetails'
+    { definition =
+        Prelude.Nothing
+    }
+
+-- | The list of IP addresses and ranges.
+ruleGroupVariablesIpSetsDetails_definition :: Lens.Lens' RuleGroupVariablesIpSetsDetails (Prelude.Maybe [Prelude.Text])
+ruleGroupVariablesIpSetsDetails_definition = Lens.lens (\RuleGroupVariablesIpSetsDetails' {definition} -> definition) (\s@RuleGroupVariablesIpSetsDetails' {} a -> s {definition = a} :: RuleGroupVariablesIpSetsDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    RuleGroupVariablesIpSetsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "RuleGroupVariablesIpSetsDetails"
+      ( \x ->
+          RuleGroupVariablesIpSetsDetails'
+            Prelude.<$> (x Data..:? "Definition" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    RuleGroupVariablesIpSetsDetails
+  where
+  hashWithSalt
+    _salt
+    RuleGroupVariablesIpSetsDetails' {..} =
+      _salt `Prelude.hashWithSalt` definition
+
+instance
+  Prelude.NFData
+    RuleGroupVariablesIpSetsDetails
+  where
+  rnf RuleGroupVariablesIpSetsDetails' {..} =
+    Prelude.rnf definition
+
+instance Data.ToJSON RuleGroupVariablesIpSetsDetails where
+  toJSON RuleGroupVariablesIpSetsDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Definition" Data..=) Prelude.<$> definition]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/RuleGroupVariablesPortSetsDetails.hs b/gen/Amazonka/SecurityHub/Types/RuleGroupVariablesPortSetsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/RuleGroupVariablesPortSetsDetails.hs
@@ -0,0 +1,93 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.RuleGroupVariablesPortSetsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.RuleGroupVariablesPortSetsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A list of port ranges.
+--
+-- /See:/ 'newRuleGroupVariablesPortSetsDetails' smart constructor.
+data RuleGroupVariablesPortSetsDetails = RuleGroupVariablesPortSetsDetails'
+  { -- | The list of port ranges.
+    definition :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupVariablesPortSetsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'definition', 'ruleGroupVariablesPortSetsDetails_definition' - The list of port ranges.
+newRuleGroupVariablesPortSetsDetails ::
+  RuleGroupVariablesPortSetsDetails
+newRuleGroupVariablesPortSetsDetails =
+  RuleGroupVariablesPortSetsDetails'
+    { definition =
+        Prelude.Nothing
+    }
+
+-- | The list of port ranges.
+ruleGroupVariablesPortSetsDetails_definition :: Lens.Lens' RuleGroupVariablesPortSetsDetails (Prelude.Maybe [Prelude.Text])
+ruleGroupVariablesPortSetsDetails_definition = Lens.lens (\RuleGroupVariablesPortSetsDetails' {definition} -> definition) (\s@RuleGroupVariablesPortSetsDetails' {} a -> s {definition = a} :: RuleGroupVariablesPortSetsDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    RuleGroupVariablesPortSetsDetails
+  where
+  parseJSON =
+    Data.withObject
+      "RuleGroupVariablesPortSetsDetails"
+      ( \x ->
+          RuleGroupVariablesPortSetsDetails'
+            Prelude.<$> (x Data..:? "Definition" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    RuleGroupVariablesPortSetsDetails
+  where
+  hashWithSalt
+    _salt
+    RuleGroupVariablesPortSetsDetails' {..} =
+      _salt `Prelude.hashWithSalt` definition
+
+instance
+  Prelude.NFData
+    RuleGroupVariablesPortSetsDetails
+  where
+  rnf RuleGroupVariablesPortSetsDetails' {..} =
+    Prelude.rnf definition
+
+instance
+  Data.ToJSON
+    RuleGroupVariablesPortSetsDetails
+  where
+  toJSON RuleGroupVariablesPortSetsDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Definition" Data..=) Prelude.<$> definition]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/SensitiveDataDetections.hs b/gen/Amazonka/SecurityHub/Types/SensitiveDataDetections.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/SensitiveDataDetections.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.SensitiveDataDetections
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.SensitiveDataDetections where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.Occurrences
+
+-- | The list of detected instances of sensitive data.
+--
+-- /See:/ 'newSensitiveDataDetections' smart constructor.
+data SensitiveDataDetections = SensitiveDataDetections'
+  { -- | The total number of occurrences of sensitive data that were detected.
+    count :: Prelude.Maybe Prelude.Integer,
+    -- | Details about the sensitive data that was detected.
+    occurrences :: Prelude.Maybe Occurrences,
+    -- | The type of sensitive data that was detected. For example, the type
+    -- might indicate that the data is an email address.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SensitiveDataDetections' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'count', 'sensitiveDataDetections_count' - The total number of occurrences of sensitive data that were detected.
+--
+-- 'occurrences', 'sensitiveDataDetections_occurrences' - Details about the sensitive data that was detected.
+--
+-- 'type'', 'sensitiveDataDetections_type' - The type of sensitive data that was detected. For example, the type
+-- might indicate that the data is an email address.
+newSensitiveDataDetections ::
+  SensitiveDataDetections
+newSensitiveDataDetections =
+  SensitiveDataDetections'
+    { count = Prelude.Nothing,
+      occurrences = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The total number of occurrences of sensitive data that were detected.
+sensitiveDataDetections_count :: Lens.Lens' SensitiveDataDetections (Prelude.Maybe Prelude.Integer)
+sensitiveDataDetections_count = Lens.lens (\SensitiveDataDetections' {count} -> count) (\s@SensitiveDataDetections' {} a -> s {count = a} :: SensitiveDataDetections)
+
+-- | Details about the sensitive data that was detected.
+sensitiveDataDetections_occurrences :: Lens.Lens' SensitiveDataDetections (Prelude.Maybe Occurrences)
+sensitiveDataDetections_occurrences = Lens.lens (\SensitiveDataDetections' {occurrences} -> occurrences) (\s@SensitiveDataDetections' {} a -> s {occurrences = a} :: SensitiveDataDetections)
+
+-- | The type of sensitive data that was detected. For example, the type
+-- might indicate that the data is an email address.
+sensitiveDataDetections_type :: Lens.Lens' SensitiveDataDetections (Prelude.Maybe Prelude.Text)
+sensitiveDataDetections_type = Lens.lens (\SensitiveDataDetections' {type'} -> type') (\s@SensitiveDataDetections' {} a -> s {type' = a} :: SensitiveDataDetections)
+
+instance Data.FromJSON SensitiveDataDetections where
+  parseJSON =
+    Data.withObject
+      "SensitiveDataDetections"
+      ( \x ->
+          SensitiveDataDetections'
+            Prelude.<$> (x Data..:? "Count")
+            Prelude.<*> (x Data..:? "Occurrences")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance Prelude.Hashable SensitiveDataDetections where
+  hashWithSalt _salt SensitiveDataDetections' {..} =
+    _salt
+      `Prelude.hashWithSalt` count
+      `Prelude.hashWithSalt` occurrences
+      `Prelude.hashWithSalt` type'
+
+instance Prelude.NFData SensitiveDataDetections where
+  rnf SensitiveDataDetections' {..} =
+    Prelude.rnf count
+      `Prelude.seq` Prelude.rnf occurrences
+      `Prelude.seq` Prelude.rnf type'
+
+instance Data.ToJSON SensitiveDataDetections where
+  toJSON SensitiveDataDetections' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Count" Data..=) Prelude.<$> count,
+            ("Occurrences" Data..=) Prelude.<$> occurrences,
+            ("Type" Data..=) Prelude.<$> type'
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/SensitiveDataResult.hs b/gen/Amazonka/SecurityHub/Types/SensitiveDataResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/SensitiveDataResult.hs
@@ -0,0 +1,114 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.SensitiveDataResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.SensitiveDataResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.SensitiveDataDetections
+
+-- | Contains a detected instance of sensitive data that are based on
+-- built-in identifiers.
+--
+-- /See:/ 'newSensitiveDataResult' smart constructor.
+data SensitiveDataResult = SensitiveDataResult'
+  { -- | The category of sensitive data that was detected. For example, the
+    -- category can indicate that the sensitive data involved credentials,
+    -- financial information, or personal information.
+    category :: Prelude.Maybe Prelude.Text,
+    -- | The list of detected instances of sensitive data.
+    detections :: Prelude.Maybe [SensitiveDataDetections],
+    -- | The total number of occurrences of sensitive data.
+    totalCount :: Prelude.Maybe Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SensitiveDataResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'category', 'sensitiveDataResult_category' - The category of sensitive data that was detected. For example, the
+-- category can indicate that the sensitive data involved credentials,
+-- financial information, or personal information.
+--
+-- 'detections', 'sensitiveDataResult_detections' - The list of detected instances of sensitive data.
+--
+-- 'totalCount', 'sensitiveDataResult_totalCount' - The total number of occurrences of sensitive data.
+newSensitiveDataResult ::
+  SensitiveDataResult
+newSensitiveDataResult =
+  SensitiveDataResult'
+    { category = Prelude.Nothing,
+      detections = Prelude.Nothing,
+      totalCount = Prelude.Nothing
+    }
+
+-- | The category of sensitive data that was detected. For example, the
+-- category can indicate that the sensitive data involved credentials,
+-- financial information, or personal information.
+sensitiveDataResult_category :: Lens.Lens' SensitiveDataResult (Prelude.Maybe Prelude.Text)
+sensitiveDataResult_category = Lens.lens (\SensitiveDataResult' {category} -> category) (\s@SensitiveDataResult' {} a -> s {category = a} :: SensitiveDataResult)
+
+-- | The list of detected instances of sensitive data.
+sensitiveDataResult_detections :: Lens.Lens' SensitiveDataResult (Prelude.Maybe [SensitiveDataDetections])
+sensitiveDataResult_detections = Lens.lens (\SensitiveDataResult' {detections} -> detections) (\s@SensitiveDataResult' {} a -> s {detections = a} :: SensitiveDataResult) Prelude.. Lens.mapping Lens.coerced
+
+-- | The total number of occurrences of sensitive data.
+sensitiveDataResult_totalCount :: Lens.Lens' SensitiveDataResult (Prelude.Maybe Prelude.Integer)
+sensitiveDataResult_totalCount = Lens.lens (\SensitiveDataResult' {totalCount} -> totalCount) (\s@SensitiveDataResult' {} a -> s {totalCount = a} :: SensitiveDataResult)
+
+instance Data.FromJSON SensitiveDataResult where
+  parseJSON =
+    Data.withObject
+      "SensitiveDataResult"
+      ( \x ->
+          SensitiveDataResult'
+            Prelude.<$> (x Data..:? "Category")
+            Prelude.<*> (x Data..:? "Detections" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "TotalCount")
+      )
+
+instance Prelude.Hashable SensitiveDataResult where
+  hashWithSalt _salt SensitiveDataResult' {..} =
+    _salt
+      `Prelude.hashWithSalt` category
+      `Prelude.hashWithSalt` detections
+      `Prelude.hashWithSalt` totalCount
+
+instance Prelude.NFData SensitiveDataResult where
+  rnf SensitiveDataResult' {..} =
+    Prelude.rnf category
+      `Prelude.seq` Prelude.rnf detections
+      `Prelude.seq` Prelude.rnf totalCount
+
+instance Data.ToJSON SensitiveDataResult where
+  toJSON SensitiveDataResult' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Category" Data..=) Prelude.<$> category,
+            ("Detections" Data..=) Prelude.<$> detections,
+            ("TotalCount" Data..=) Prelude.<$> totalCount
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Severity.hs b/gen/Amazonka/SecurityHub/Types/Severity.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Severity.hs
@@ -0,0 +1,255 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Severity
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Severity where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.SeverityLabel
+
+-- | The severity of the finding.
+--
+-- The finding provider can provide the initial severity. The finding
+-- provider can only update the severity if it has not been updated using
+-- @BatchUpdateFindings@.
+--
+-- The finding must have either @Label@ or @Normalized@ populated. If only
+-- one of these attributes is populated, then Security Hub automatically
+-- populates the other one. If neither attribute is populated, then the
+-- finding is invalid. @Label@ is the preferred attribute.
+--
+-- /See:/ 'newSeverity' smart constructor.
+data Severity = Severity'
+  { -- | The severity value of the finding. The allowed values are the following.
+    --
+    -- -   @INFORMATIONAL@ - No issue was found.
+    --
+    -- -   @LOW@ - The issue does not require action on its own.
+    --
+    -- -   @MEDIUM@ - The issue must be addressed but not urgently.
+    --
+    -- -   @HIGH@ - The issue must be addressed as a priority.
+    --
+    -- -   @CRITICAL@ - The issue must be remediated immediately to avoid it
+    --     escalating.
+    --
+    -- If you provide @Normalized@ and do not provide @Label@, then @Label@ is
+    -- set automatically as follows.
+    --
+    -- -   0 - @INFORMATIONAL@
+    --
+    -- -   1–39 - @LOW@
+    --
+    -- -   40–69 - @MEDIUM@
+    --
+    -- -   70–89 - @HIGH@
+    --
+    -- -   90–100 - @CRITICAL@
+    label :: Prelude.Maybe SeverityLabel,
+    -- | Deprecated. The normalized severity of a finding. This attribute is
+    -- being deprecated. Instead of providing @Normalized@, provide @Label@.
+    --
+    -- If you provide @Label@ and do not provide @Normalized@, then
+    -- @Normalized@ is set automatically as follows.
+    --
+    -- -   @INFORMATIONAL@ - 0
+    --
+    -- -   @LOW@ - 1
+    --
+    -- -   @MEDIUM@ - 40
+    --
+    -- -   @HIGH@ - 70
+    --
+    -- -   @CRITICAL@ - 90
+    normalized :: Prelude.Maybe Prelude.Int,
+    -- | The native severity from the finding product that generated the finding.
+    original :: Prelude.Maybe Prelude.Text,
+    -- | Deprecated. This attribute is being deprecated. Instead of providing
+    -- @Product@, provide @Original@.
+    --
+    -- The native severity as defined by the Amazon Web Services service or
+    -- integrated partner product that generated the finding.
+    product :: Prelude.Maybe Prelude.Double
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Severity' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'label', 'severity_label' - The severity value of the finding. The allowed values are the following.
+--
+-- -   @INFORMATIONAL@ - No issue was found.
+--
+-- -   @LOW@ - The issue does not require action on its own.
+--
+-- -   @MEDIUM@ - The issue must be addressed but not urgently.
+--
+-- -   @HIGH@ - The issue must be addressed as a priority.
+--
+-- -   @CRITICAL@ - The issue must be remediated immediately to avoid it
+--     escalating.
+--
+-- If you provide @Normalized@ and do not provide @Label@, then @Label@ is
+-- set automatically as follows.
+--
+-- -   0 - @INFORMATIONAL@
+--
+-- -   1–39 - @LOW@
+--
+-- -   40–69 - @MEDIUM@
+--
+-- -   70–89 - @HIGH@
+--
+-- -   90–100 - @CRITICAL@
+--
+-- 'normalized', 'severity_normalized' - Deprecated. The normalized severity of a finding. This attribute is
+-- being deprecated. Instead of providing @Normalized@, provide @Label@.
+--
+-- If you provide @Label@ and do not provide @Normalized@, then
+-- @Normalized@ is set automatically as follows.
+--
+-- -   @INFORMATIONAL@ - 0
+--
+-- -   @LOW@ - 1
+--
+-- -   @MEDIUM@ - 40
+--
+-- -   @HIGH@ - 70
+--
+-- -   @CRITICAL@ - 90
+--
+-- 'original', 'severity_original' - The native severity from the finding product that generated the finding.
+--
+-- 'product', 'severity_product' - Deprecated. This attribute is being deprecated. Instead of providing
+-- @Product@, provide @Original@.
+--
+-- The native severity as defined by the Amazon Web Services service or
+-- integrated partner product that generated the finding.
+newSeverity ::
+  Severity
+newSeverity =
+  Severity'
+    { label = Prelude.Nothing,
+      normalized = Prelude.Nothing,
+      original = Prelude.Nothing,
+      product = Prelude.Nothing
+    }
+
+-- | The severity value of the finding. The allowed values are the following.
+--
+-- -   @INFORMATIONAL@ - No issue was found.
+--
+-- -   @LOW@ - The issue does not require action on its own.
+--
+-- -   @MEDIUM@ - The issue must be addressed but not urgently.
+--
+-- -   @HIGH@ - The issue must be addressed as a priority.
+--
+-- -   @CRITICAL@ - The issue must be remediated immediately to avoid it
+--     escalating.
+--
+-- If you provide @Normalized@ and do not provide @Label@, then @Label@ is
+-- set automatically as follows.
+--
+-- -   0 - @INFORMATIONAL@
+--
+-- -   1–39 - @LOW@
+--
+-- -   40–69 - @MEDIUM@
+--
+-- -   70–89 - @HIGH@
+--
+-- -   90–100 - @CRITICAL@
+severity_label :: Lens.Lens' Severity (Prelude.Maybe SeverityLabel)
+severity_label = Lens.lens (\Severity' {label} -> label) (\s@Severity' {} a -> s {label = a} :: Severity)
+
+-- | Deprecated. The normalized severity of a finding. This attribute is
+-- being deprecated. Instead of providing @Normalized@, provide @Label@.
+--
+-- If you provide @Label@ and do not provide @Normalized@, then
+-- @Normalized@ is set automatically as follows.
+--
+-- -   @INFORMATIONAL@ - 0
+--
+-- -   @LOW@ - 1
+--
+-- -   @MEDIUM@ - 40
+--
+-- -   @HIGH@ - 70
+--
+-- -   @CRITICAL@ - 90
+severity_normalized :: Lens.Lens' Severity (Prelude.Maybe Prelude.Int)
+severity_normalized = Lens.lens (\Severity' {normalized} -> normalized) (\s@Severity' {} a -> s {normalized = a} :: Severity)
+
+-- | The native severity from the finding product that generated the finding.
+severity_original :: Lens.Lens' Severity (Prelude.Maybe Prelude.Text)
+severity_original = Lens.lens (\Severity' {original} -> original) (\s@Severity' {} a -> s {original = a} :: Severity)
+
+-- | Deprecated. This attribute is being deprecated. Instead of providing
+-- @Product@, provide @Original@.
+--
+-- The native severity as defined by the Amazon Web Services service or
+-- integrated partner product that generated the finding.
+severity_product :: Lens.Lens' Severity (Prelude.Maybe Prelude.Double)
+severity_product = Lens.lens (\Severity' {product} -> product) (\s@Severity' {} a -> s {product = a} :: Severity)
+
+instance Data.FromJSON Severity where
+  parseJSON =
+    Data.withObject
+      "Severity"
+      ( \x ->
+          Severity'
+            Prelude.<$> (x Data..:? "Label")
+            Prelude.<*> (x Data..:? "Normalized")
+            Prelude.<*> (x Data..:? "Original")
+            Prelude.<*> (x Data..:? "Product")
+      )
+
+instance Prelude.Hashable Severity where
+  hashWithSalt _salt Severity' {..} =
+    _salt
+      `Prelude.hashWithSalt` label
+      `Prelude.hashWithSalt` normalized
+      `Prelude.hashWithSalt` original
+      `Prelude.hashWithSalt` product
+
+instance Prelude.NFData Severity where
+  rnf Severity' {..} =
+    Prelude.rnf label
+      `Prelude.seq` Prelude.rnf normalized
+      `Prelude.seq` Prelude.rnf original
+      `Prelude.seq` Prelude.rnf product
+
+instance Data.ToJSON Severity where
+  toJSON Severity' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Label" Data..=) Prelude.<$> label,
+            ("Normalized" Data..=) Prelude.<$> normalized,
+            ("Original" Data..=) Prelude.<$> original,
+            ("Product" Data..=) Prelude.<$> product
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/SeverityLabel.hs b/gen/Amazonka/SecurityHub/Types/SeverityLabel.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/SeverityLabel.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.SeverityLabel
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.SeverityLabel
+  ( SeverityLabel
+      ( ..,
+        SeverityLabel_CRITICAL,
+        SeverityLabel_HIGH,
+        SeverityLabel_INFORMATIONAL,
+        SeverityLabel_LOW,
+        SeverityLabel_MEDIUM
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype SeverityLabel = SeverityLabel'
+  { fromSeverityLabel ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern SeverityLabel_CRITICAL :: SeverityLabel
+pattern SeverityLabel_CRITICAL = SeverityLabel' "CRITICAL"
+
+pattern SeverityLabel_HIGH :: SeverityLabel
+pattern SeverityLabel_HIGH = SeverityLabel' "HIGH"
+
+pattern SeverityLabel_INFORMATIONAL :: SeverityLabel
+pattern SeverityLabel_INFORMATIONAL = SeverityLabel' "INFORMATIONAL"
+
+pattern SeverityLabel_LOW :: SeverityLabel
+pattern SeverityLabel_LOW = SeverityLabel' "LOW"
+
+pattern SeverityLabel_MEDIUM :: SeverityLabel
+pattern SeverityLabel_MEDIUM = SeverityLabel' "MEDIUM"
+
+{-# COMPLETE
+  SeverityLabel_CRITICAL,
+  SeverityLabel_HIGH,
+  SeverityLabel_INFORMATIONAL,
+  SeverityLabel_LOW,
+  SeverityLabel_MEDIUM,
+  SeverityLabel'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/SeverityRating.hs b/gen/Amazonka/SecurityHub/Types/SeverityRating.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/SeverityRating.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.SeverityRating
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.SeverityRating
+  ( SeverityRating
+      ( ..,
+        SeverityRating_CRITICAL,
+        SeverityRating_HIGH,
+        SeverityRating_LOW,
+        SeverityRating_MEDIUM
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype SeverityRating = SeverityRating'
+  { fromSeverityRating ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern SeverityRating_CRITICAL :: SeverityRating
+pattern SeverityRating_CRITICAL = SeverityRating' "CRITICAL"
+
+pattern SeverityRating_HIGH :: SeverityRating
+pattern SeverityRating_HIGH = SeverityRating' "HIGH"
+
+pattern SeverityRating_LOW :: SeverityRating
+pattern SeverityRating_LOW = SeverityRating' "LOW"
+
+pattern SeverityRating_MEDIUM :: SeverityRating
+pattern SeverityRating_MEDIUM = SeverityRating' "MEDIUM"
+
+{-# COMPLETE
+  SeverityRating_CRITICAL,
+  SeverityRating_HIGH,
+  SeverityRating_LOW,
+  SeverityRating_MEDIUM,
+  SeverityRating'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/SeverityUpdate.hs b/gen/Amazonka/SecurityHub/Types/SeverityUpdate.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/SeverityUpdate.hs
@@ -0,0 +1,174 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.SeverityUpdate
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.SeverityUpdate where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.SeverityLabel
+
+-- | Updates to the severity information for a finding.
+--
+-- /See:/ 'newSeverityUpdate' smart constructor.
+data SeverityUpdate = SeverityUpdate'
+  { -- | The severity value of the finding. The allowed values are the following.
+    --
+    -- -   @INFORMATIONAL@ - No issue was found.
+    --
+    -- -   @LOW@ - The issue does not require action on its own.
+    --
+    -- -   @MEDIUM@ - The issue must be addressed but not urgently.
+    --
+    -- -   @HIGH@ - The issue must be addressed as a priority.
+    --
+    -- -   @CRITICAL@ - The issue must be remediated immediately to avoid it
+    --     escalating.
+    label :: Prelude.Maybe SeverityLabel,
+    -- | The normalized severity for the finding. This attribute is to be
+    -- deprecated in favor of @Label@.
+    --
+    -- If you provide @Normalized@ and do not provide @Label@, @Label@ is set
+    -- automatically as follows.
+    --
+    -- -   0 - @INFORMATIONAL@
+    --
+    -- -   1–39 - @LOW@
+    --
+    -- -   40–69 - @MEDIUM@
+    --
+    -- -   70–89 - @HIGH@
+    --
+    -- -   90–100 - @CRITICAL@
+    normalized :: Prelude.Maybe Prelude.Natural,
+    -- | The native severity as defined by the Amazon Web Services service or
+    -- integrated partner product that generated the finding.
+    product :: Prelude.Maybe Prelude.Double
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SeverityUpdate' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'label', 'severityUpdate_label' - The severity value of the finding. The allowed values are the following.
+--
+-- -   @INFORMATIONAL@ - No issue was found.
+--
+-- -   @LOW@ - The issue does not require action on its own.
+--
+-- -   @MEDIUM@ - The issue must be addressed but not urgently.
+--
+-- -   @HIGH@ - The issue must be addressed as a priority.
+--
+-- -   @CRITICAL@ - The issue must be remediated immediately to avoid it
+--     escalating.
+--
+-- 'normalized', 'severityUpdate_normalized' - The normalized severity for the finding. This attribute is to be
+-- deprecated in favor of @Label@.
+--
+-- If you provide @Normalized@ and do not provide @Label@, @Label@ is set
+-- automatically as follows.
+--
+-- -   0 - @INFORMATIONAL@
+--
+-- -   1–39 - @LOW@
+--
+-- -   40–69 - @MEDIUM@
+--
+-- -   70–89 - @HIGH@
+--
+-- -   90–100 - @CRITICAL@
+--
+-- 'product', 'severityUpdate_product' - The native severity as defined by the Amazon Web Services service or
+-- integrated partner product that generated the finding.
+newSeverityUpdate ::
+  SeverityUpdate
+newSeverityUpdate =
+  SeverityUpdate'
+    { label = Prelude.Nothing,
+      normalized = Prelude.Nothing,
+      product = Prelude.Nothing
+    }
+
+-- | The severity value of the finding. The allowed values are the following.
+--
+-- -   @INFORMATIONAL@ - No issue was found.
+--
+-- -   @LOW@ - The issue does not require action on its own.
+--
+-- -   @MEDIUM@ - The issue must be addressed but not urgently.
+--
+-- -   @HIGH@ - The issue must be addressed as a priority.
+--
+-- -   @CRITICAL@ - The issue must be remediated immediately to avoid it
+--     escalating.
+severityUpdate_label :: Lens.Lens' SeverityUpdate (Prelude.Maybe SeverityLabel)
+severityUpdate_label = Lens.lens (\SeverityUpdate' {label} -> label) (\s@SeverityUpdate' {} a -> s {label = a} :: SeverityUpdate)
+
+-- | The normalized severity for the finding. This attribute is to be
+-- deprecated in favor of @Label@.
+--
+-- If you provide @Normalized@ and do not provide @Label@, @Label@ is set
+-- automatically as follows.
+--
+-- -   0 - @INFORMATIONAL@
+--
+-- -   1–39 - @LOW@
+--
+-- -   40–69 - @MEDIUM@
+--
+-- -   70–89 - @HIGH@
+--
+-- -   90–100 - @CRITICAL@
+severityUpdate_normalized :: Lens.Lens' SeverityUpdate (Prelude.Maybe Prelude.Natural)
+severityUpdate_normalized = Lens.lens (\SeverityUpdate' {normalized} -> normalized) (\s@SeverityUpdate' {} a -> s {normalized = a} :: SeverityUpdate)
+
+-- | The native severity as defined by the Amazon Web Services service or
+-- integrated partner product that generated the finding.
+severityUpdate_product :: Lens.Lens' SeverityUpdate (Prelude.Maybe Prelude.Double)
+severityUpdate_product = Lens.lens (\SeverityUpdate' {product} -> product) (\s@SeverityUpdate' {} a -> s {product = a} :: SeverityUpdate)
+
+instance Prelude.Hashable SeverityUpdate where
+  hashWithSalt _salt SeverityUpdate' {..} =
+    _salt
+      `Prelude.hashWithSalt` label
+      `Prelude.hashWithSalt` normalized
+      `Prelude.hashWithSalt` product
+
+instance Prelude.NFData SeverityUpdate where
+  rnf SeverityUpdate' {..} =
+    Prelude.rnf label
+      `Prelude.seq` Prelude.rnf normalized
+      `Prelude.seq` Prelude.rnf product
+
+instance Data.ToJSON SeverityUpdate where
+  toJSON SeverityUpdate' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Label" Data..=) Prelude.<$> label,
+            ("Normalized" Data..=) Prelude.<$> normalized,
+            ("Product" Data..=) Prelude.<$> product
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/SoftwarePackage.hs b/gen/Amazonka/SecurityHub/Types/SoftwarePackage.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/SoftwarePackage.hs
@@ -0,0 +1,220 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.SoftwarePackage
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.SoftwarePackage where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about a software package.
+--
+-- /See:/ 'newSoftwarePackage' smart constructor.
+data SoftwarePackage = SoftwarePackage'
+  { -- | The architecture used for the software package.
+    architecture :: Prelude.Maybe Prelude.Text,
+    -- | The epoch of the software package.
+    epoch :: Prelude.Maybe Prelude.Text,
+    -- | The file system path to the package manager inventory file.
+    filePath :: Prelude.Maybe Prelude.Text,
+    -- | The version of the software package in which the vulnerability has been
+    -- resolved.
+    fixedInVersion :: Prelude.Maybe Prelude.Text,
+    -- | The name of the software package.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The source of the package.
+    packageManager :: Prelude.Maybe Prelude.Text,
+    -- | The release of the software package.
+    release :: Prelude.Maybe Prelude.Text,
+    -- | Describes the actions a customer can take to resolve the vulnerability
+    -- in the software package.
+    remediation :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of the source layer.
+    sourceLayerArn :: Prelude.Maybe Prelude.Text,
+    -- | The source layer hash of the vulnerable package.
+    sourceLayerHash :: Prelude.Maybe Prelude.Text,
+    -- | The version of the software package.
+    version :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SoftwarePackage' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'architecture', 'softwarePackage_architecture' - The architecture used for the software package.
+--
+-- 'epoch', 'softwarePackage_epoch' - The epoch of the software package.
+--
+-- 'filePath', 'softwarePackage_filePath' - The file system path to the package manager inventory file.
+--
+-- 'fixedInVersion', 'softwarePackage_fixedInVersion' - The version of the software package in which the vulnerability has been
+-- resolved.
+--
+-- 'name', 'softwarePackage_name' - The name of the software package.
+--
+-- 'packageManager', 'softwarePackage_packageManager' - The source of the package.
+--
+-- 'release', 'softwarePackage_release' - The release of the software package.
+--
+-- 'remediation', 'softwarePackage_remediation' - Describes the actions a customer can take to resolve the vulnerability
+-- in the software package.
+--
+-- 'sourceLayerArn', 'softwarePackage_sourceLayerArn' - The Amazon Resource Name (ARN) of the source layer.
+--
+-- 'sourceLayerHash', 'softwarePackage_sourceLayerHash' - The source layer hash of the vulnerable package.
+--
+-- 'version', 'softwarePackage_version' - The version of the software package.
+newSoftwarePackage ::
+  SoftwarePackage
+newSoftwarePackage =
+  SoftwarePackage'
+    { architecture = Prelude.Nothing,
+      epoch = Prelude.Nothing,
+      filePath = Prelude.Nothing,
+      fixedInVersion = Prelude.Nothing,
+      name = Prelude.Nothing,
+      packageManager = Prelude.Nothing,
+      release = Prelude.Nothing,
+      remediation = Prelude.Nothing,
+      sourceLayerArn = Prelude.Nothing,
+      sourceLayerHash = Prelude.Nothing,
+      version = Prelude.Nothing
+    }
+
+-- | The architecture used for the software package.
+softwarePackage_architecture :: Lens.Lens' SoftwarePackage (Prelude.Maybe Prelude.Text)
+softwarePackage_architecture = Lens.lens (\SoftwarePackage' {architecture} -> architecture) (\s@SoftwarePackage' {} a -> s {architecture = a} :: SoftwarePackage)
+
+-- | The epoch of the software package.
+softwarePackage_epoch :: Lens.Lens' SoftwarePackage (Prelude.Maybe Prelude.Text)
+softwarePackage_epoch = Lens.lens (\SoftwarePackage' {epoch} -> epoch) (\s@SoftwarePackage' {} a -> s {epoch = a} :: SoftwarePackage)
+
+-- | The file system path to the package manager inventory file.
+softwarePackage_filePath :: Lens.Lens' SoftwarePackage (Prelude.Maybe Prelude.Text)
+softwarePackage_filePath = Lens.lens (\SoftwarePackage' {filePath} -> filePath) (\s@SoftwarePackage' {} a -> s {filePath = a} :: SoftwarePackage)
+
+-- | The version of the software package in which the vulnerability has been
+-- resolved.
+softwarePackage_fixedInVersion :: Lens.Lens' SoftwarePackage (Prelude.Maybe Prelude.Text)
+softwarePackage_fixedInVersion = Lens.lens (\SoftwarePackage' {fixedInVersion} -> fixedInVersion) (\s@SoftwarePackage' {} a -> s {fixedInVersion = a} :: SoftwarePackage)
+
+-- | The name of the software package.
+softwarePackage_name :: Lens.Lens' SoftwarePackage (Prelude.Maybe Prelude.Text)
+softwarePackage_name = Lens.lens (\SoftwarePackage' {name} -> name) (\s@SoftwarePackage' {} a -> s {name = a} :: SoftwarePackage)
+
+-- | The source of the package.
+softwarePackage_packageManager :: Lens.Lens' SoftwarePackage (Prelude.Maybe Prelude.Text)
+softwarePackage_packageManager = Lens.lens (\SoftwarePackage' {packageManager} -> packageManager) (\s@SoftwarePackage' {} a -> s {packageManager = a} :: SoftwarePackage)
+
+-- | The release of the software package.
+softwarePackage_release :: Lens.Lens' SoftwarePackage (Prelude.Maybe Prelude.Text)
+softwarePackage_release = Lens.lens (\SoftwarePackage' {release} -> release) (\s@SoftwarePackage' {} a -> s {release = a} :: SoftwarePackage)
+
+-- | Describes the actions a customer can take to resolve the vulnerability
+-- in the software package.
+softwarePackage_remediation :: Lens.Lens' SoftwarePackage (Prelude.Maybe Prelude.Text)
+softwarePackage_remediation = Lens.lens (\SoftwarePackage' {remediation} -> remediation) (\s@SoftwarePackage' {} a -> s {remediation = a} :: SoftwarePackage)
+
+-- | The Amazon Resource Name (ARN) of the source layer.
+softwarePackage_sourceLayerArn :: Lens.Lens' SoftwarePackage (Prelude.Maybe Prelude.Text)
+softwarePackage_sourceLayerArn = Lens.lens (\SoftwarePackage' {sourceLayerArn} -> sourceLayerArn) (\s@SoftwarePackage' {} a -> s {sourceLayerArn = a} :: SoftwarePackage)
+
+-- | The source layer hash of the vulnerable package.
+softwarePackage_sourceLayerHash :: Lens.Lens' SoftwarePackage (Prelude.Maybe Prelude.Text)
+softwarePackage_sourceLayerHash = Lens.lens (\SoftwarePackage' {sourceLayerHash} -> sourceLayerHash) (\s@SoftwarePackage' {} a -> s {sourceLayerHash = a} :: SoftwarePackage)
+
+-- | The version of the software package.
+softwarePackage_version :: Lens.Lens' SoftwarePackage (Prelude.Maybe Prelude.Text)
+softwarePackage_version = Lens.lens (\SoftwarePackage' {version} -> version) (\s@SoftwarePackage' {} a -> s {version = a} :: SoftwarePackage)
+
+instance Data.FromJSON SoftwarePackage where
+  parseJSON =
+    Data.withObject
+      "SoftwarePackage"
+      ( \x ->
+          SoftwarePackage'
+            Prelude.<$> (x Data..:? "Architecture")
+            Prelude.<*> (x Data..:? "Epoch")
+            Prelude.<*> (x Data..:? "FilePath")
+            Prelude.<*> (x Data..:? "FixedInVersion")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "PackageManager")
+            Prelude.<*> (x Data..:? "Release")
+            Prelude.<*> (x Data..:? "Remediation")
+            Prelude.<*> (x Data..:? "SourceLayerArn")
+            Prelude.<*> (x Data..:? "SourceLayerHash")
+            Prelude.<*> (x Data..:? "Version")
+      )
+
+instance Prelude.Hashable SoftwarePackage where
+  hashWithSalt _salt SoftwarePackage' {..} =
+    _salt
+      `Prelude.hashWithSalt` architecture
+      `Prelude.hashWithSalt` epoch
+      `Prelude.hashWithSalt` filePath
+      `Prelude.hashWithSalt` fixedInVersion
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` packageManager
+      `Prelude.hashWithSalt` release
+      `Prelude.hashWithSalt` remediation
+      `Prelude.hashWithSalt` sourceLayerArn
+      `Prelude.hashWithSalt` sourceLayerHash
+      `Prelude.hashWithSalt` version
+
+instance Prelude.NFData SoftwarePackage where
+  rnf SoftwarePackage' {..} =
+    Prelude.rnf architecture
+      `Prelude.seq` Prelude.rnf epoch
+      `Prelude.seq` Prelude.rnf filePath
+      `Prelude.seq` Prelude.rnf fixedInVersion
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf packageManager
+      `Prelude.seq` Prelude.rnf release
+      `Prelude.seq` Prelude.rnf remediation
+      `Prelude.seq` Prelude.rnf sourceLayerArn
+      `Prelude.seq` Prelude.rnf sourceLayerHash
+      `Prelude.seq` Prelude.rnf version
+
+instance Data.ToJSON SoftwarePackage where
+  toJSON SoftwarePackage' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Architecture" Data..=) Prelude.<$> architecture,
+            ("Epoch" Data..=) Prelude.<$> epoch,
+            ("FilePath" Data..=) Prelude.<$> filePath,
+            ("FixedInVersion" Data..=)
+              Prelude.<$> fixedInVersion,
+            ("Name" Data..=) Prelude.<$> name,
+            ("PackageManager" Data..=)
+              Prelude.<$> packageManager,
+            ("Release" Data..=) Prelude.<$> release,
+            ("Remediation" Data..=) Prelude.<$> remediation,
+            ("SourceLayerArn" Data..=)
+              Prelude.<$> sourceLayerArn,
+            ("SourceLayerHash" Data..=)
+              Prelude.<$> sourceLayerHash,
+            ("Version" Data..=) Prelude.<$> version
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/SortCriterion.hs b/gen/Amazonka/SecurityHub/Types/SortCriterion.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/SortCriterion.hs
@@ -0,0 +1,84 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.SortCriterion
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.SortCriterion where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.SortOrder
+
+-- | A collection of finding attributes used to sort findings.
+--
+-- /See:/ 'newSortCriterion' smart constructor.
+data SortCriterion = SortCriterion'
+  { -- | The finding attribute used to sort findings.
+    field :: Prelude.Maybe Prelude.Text,
+    -- | The order used to sort findings.
+    sortOrder :: Prelude.Maybe SortOrder
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SortCriterion' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'field', 'sortCriterion_field' - The finding attribute used to sort findings.
+--
+-- 'sortOrder', 'sortCriterion_sortOrder' - The order used to sort findings.
+newSortCriterion ::
+  SortCriterion
+newSortCriterion =
+  SortCriterion'
+    { field = Prelude.Nothing,
+      sortOrder = Prelude.Nothing
+    }
+
+-- | The finding attribute used to sort findings.
+sortCriterion_field :: Lens.Lens' SortCriterion (Prelude.Maybe Prelude.Text)
+sortCriterion_field = Lens.lens (\SortCriterion' {field} -> field) (\s@SortCriterion' {} a -> s {field = a} :: SortCriterion)
+
+-- | The order used to sort findings.
+sortCriterion_sortOrder :: Lens.Lens' SortCriterion (Prelude.Maybe SortOrder)
+sortCriterion_sortOrder = Lens.lens (\SortCriterion' {sortOrder} -> sortOrder) (\s@SortCriterion' {} a -> s {sortOrder = a} :: SortCriterion)
+
+instance Prelude.Hashable SortCriterion where
+  hashWithSalt _salt SortCriterion' {..} =
+    _salt
+      `Prelude.hashWithSalt` field
+      `Prelude.hashWithSalt` sortOrder
+
+instance Prelude.NFData SortCriterion where
+  rnf SortCriterion' {..} =
+    Prelude.rnf field
+      `Prelude.seq` Prelude.rnf sortOrder
+
+instance Data.ToJSON SortCriterion where
+  toJSON SortCriterion' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Field" Data..=) Prelude.<$> field,
+            ("SortOrder" Data..=) Prelude.<$> sortOrder
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/SortOrder.hs b/gen/Amazonka/SecurityHub/Types/SortOrder.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/SortOrder.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.SortOrder
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.SortOrder
+  ( SortOrder
+      ( ..,
+        SortOrder_Asc,
+        SortOrder_Desc
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype SortOrder = SortOrder'
+  { fromSortOrder ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern SortOrder_Asc :: SortOrder
+pattern SortOrder_Asc = SortOrder' "asc"
+
+pattern SortOrder_Desc :: SortOrder
+pattern SortOrder_Desc = SortOrder' "desc"
+
+{-# COMPLETE
+  SortOrder_Asc,
+  SortOrder_Desc,
+  SortOrder'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/Standard.hs b/gen/Amazonka/SecurityHub/Types/Standard.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Standard.hs
@@ -0,0 +1,139 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Standard
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Standard where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.StandardsManagedBy
+
+-- | Provides information about a specific security standard.
+--
+-- /See:/ 'newStandard' smart constructor.
+data Standard = Standard'
+  { -- | A description of the standard.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | Whether the standard is enabled by default. When Security Hub is enabled
+    -- from the console, if a standard is enabled by default, the check box for
+    -- that standard is selected by default.
+    --
+    -- When Security Hub is enabled using the @EnableSecurityHub@ API
+    -- operation, the standard is enabled by default unless
+    -- @EnableDefaultStandards@ is set to @false@.
+    enabledByDefault :: Prelude.Maybe Prelude.Bool,
+    -- | The name of the standard.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of a standard.
+    standardsArn :: Prelude.Maybe Prelude.Text,
+    -- | Provides details about the management of a standard.
+    standardsManagedBy :: Prelude.Maybe StandardsManagedBy
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Standard' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'standard_description' - A description of the standard.
+--
+-- 'enabledByDefault', 'standard_enabledByDefault' - Whether the standard is enabled by default. When Security Hub is enabled
+-- from the console, if a standard is enabled by default, the check box for
+-- that standard is selected by default.
+--
+-- When Security Hub is enabled using the @EnableSecurityHub@ API
+-- operation, the standard is enabled by default unless
+-- @EnableDefaultStandards@ is set to @false@.
+--
+-- 'name', 'standard_name' - The name of the standard.
+--
+-- 'standardsArn', 'standard_standardsArn' - The ARN of a standard.
+--
+-- 'standardsManagedBy', 'standard_standardsManagedBy' - Provides details about the management of a standard.
+newStandard ::
+  Standard
+newStandard =
+  Standard'
+    { description = Prelude.Nothing,
+      enabledByDefault = Prelude.Nothing,
+      name = Prelude.Nothing,
+      standardsArn = Prelude.Nothing,
+      standardsManagedBy = Prelude.Nothing
+    }
+
+-- | A description of the standard.
+standard_description :: Lens.Lens' Standard (Prelude.Maybe Prelude.Text)
+standard_description = Lens.lens (\Standard' {description} -> description) (\s@Standard' {} a -> s {description = a} :: Standard)
+
+-- | Whether the standard is enabled by default. When Security Hub is enabled
+-- from the console, if a standard is enabled by default, the check box for
+-- that standard is selected by default.
+--
+-- When Security Hub is enabled using the @EnableSecurityHub@ API
+-- operation, the standard is enabled by default unless
+-- @EnableDefaultStandards@ is set to @false@.
+standard_enabledByDefault :: Lens.Lens' Standard (Prelude.Maybe Prelude.Bool)
+standard_enabledByDefault = Lens.lens (\Standard' {enabledByDefault} -> enabledByDefault) (\s@Standard' {} a -> s {enabledByDefault = a} :: Standard)
+
+-- | The name of the standard.
+standard_name :: Lens.Lens' Standard (Prelude.Maybe Prelude.Text)
+standard_name = Lens.lens (\Standard' {name} -> name) (\s@Standard' {} a -> s {name = a} :: Standard)
+
+-- | The ARN of a standard.
+standard_standardsArn :: Lens.Lens' Standard (Prelude.Maybe Prelude.Text)
+standard_standardsArn = Lens.lens (\Standard' {standardsArn} -> standardsArn) (\s@Standard' {} a -> s {standardsArn = a} :: Standard)
+
+-- | Provides details about the management of a standard.
+standard_standardsManagedBy :: Lens.Lens' Standard (Prelude.Maybe StandardsManagedBy)
+standard_standardsManagedBy = Lens.lens (\Standard' {standardsManagedBy} -> standardsManagedBy) (\s@Standard' {} a -> s {standardsManagedBy = a} :: Standard)
+
+instance Data.FromJSON Standard where
+  parseJSON =
+    Data.withObject
+      "Standard"
+      ( \x ->
+          Standard'
+            Prelude.<$> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "EnabledByDefault")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "StandardsArn")
+            Prelude.<*> (x Data..:? "StandardsManagedBy")
+      )
+
+instance Prelude.Hashable Standard where
+  hashWithSalt _salt Standard' {..} =
+    _salt
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` enabledByDefault
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` standardsArn
+      `Prelude.hashWithSalt` standardsManagedBy
+
+instance Prelude.NFData Standard where
+  rnf Standard' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf enabledByDefault
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf standardsArn
+      `Prelude.seq` Prelude.rnf standardsManagedBy
diff --git a/gen/Amazonka/SecurityHub/Types/StandardsControl.hs b/gen/Amazonka/SecurityHub/Types/StandardsControl.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/StandardsControl.hs
@@ -0,0 +1,212 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.StandardsControl
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.StandardsControl where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.ControlStatus
+import Amazonka.SecurityHub.Types.SeverityRating
+
+-- | Details for an individual security standard control.
+--
+-- /See:/ 'newStandardsControl' smart constructor.
+data StandardsControl = StandardsControl'
+  { -- | The identifier of the security standard control.
+    controlId :: Prelude.Maybe Prelude.Text,
+    -- | The current status of the security standard control. Indicates whether
+    -- the control is enabled or disabled. Security Hub does not check against
+    -- disabled controls.
+    controlStatus :: Prelude.Maybe ControlStatus,
+    -- | The date and time that the status of the security standard control was
+    -- most recently updated.
+    controlStatusUpdatedAt :: Prelude.Maybe Data.ISO8601,
+    -- | The longer description of the security standard control. Provides
+    -- information about what the control is checking for.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The reason provided for the most recent change in status for the
+    -- control.
+    disabledReason :: Prelude.Maybe Prelude.Text,
+    -- | The list of requirements that are related to this control.
+    relatedRequirements :: Prelude.Maybe [Prelude.Text],
+    -- | A link to remediation information for the control in the Security Hub
+    -- user documentation.
+    remediationUrl :: Prelude.Maybe Prelude.Text,
+    -- | The severity of findings generated from this security standard control.
+    --
+    -- The finding severity is based on an assessment of how easy it would be
+    -- to compromise Amazon Web Services resources if the issue is detected.
+    severityRating :: Prelude.Maybe SeverityRating,
+    -- | The ARN of the security standard control.
+    standardsControlArn :: Prelude.Maybe Prelude.Text,
+    -- | The title of the security standard control.
+    title :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StandardsControl' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'controlId', 'standardsControl_controlId' - The identifier of the security standard control.
+--
+-- 'controlStatus', 'standardsControl_controlStatus' - The current status of the security standard control. Indicates whether
+-- the control is enabled or disabled. Security Hub does not check against
+-- disabled controls.
+--
+-- 'controlStatusUpdatedAt', 'standardsControl_controlStatusUpdatedAt' - The date and time that the status of the security standard control was
+-- most recently updated.
+--
+-- 'description', 'standardsControl_description' - The longer description of the security standard control. Provides
+-- information about what the control is checking for.
+--
+-- 'disabledReason', 'standardsControl_disabledReason' - The reason provided for the most recent change in status for the
+-- control.
+--
+-- 'relatedRequirements', 'standardsControl_relatedRequirements' - The list of requirements that are related to this control.
+--
+-- 'remediationUrl', 'standardsControl_remediationUrl' - A link to remediation information for the control in the Security Hub
+-- user documentation.
+--
+-- 'severityRating', 'standardsControl_severityRating' - The severity of findings generated from this security standard control.
+--
+-- The finding severity is based on an assessment of how easy it would be
+-- to compromise Amazon Web Services resources if the issue is detected.
+--
+-- 'standardsControlArn', 'standardsControl_standardsControlArn' - The ARN of the security standard control.
+--
+-- 'title', 'standardsControl_title' - The title of the security standard control.
+newStandardsControl ::
+  StandardsControl
+newStandardsControl =
+  StandardsControl'
+    { controlId = Prelude.Nothing,
+      controlStatus = Prelude.Nothing,
+      controlStatusUpdatedAt = Prelude.Nothing,
+      description = Prelude.Nothing,
+      disabledReason = Prelude.Nothing,
+      relatedRequirements = Prelude.Nothing,
+      remediationUrl = Prelude.Nothing,
+      severityRating = Prelude.Nothing,
+      standardsControlArn = Prelude.Nothing,
+      title = Prelude.Nothing
+    }
+
+-- | The identifier of the security standard control.
+standardsControl_controlId :: Lens.Lens' StandardsControl (Prelude.Maybe Prelude.Text)
+standardsControl_controlId = Lens.lens (\StandardsControl' {controlId} -> controlId) (\s@StandardsControl' {} a -> s {controlId = a} :: StandardsControl)
+
+-- | The current status of the security standard control. Indicates whether
+-- the control is enabled or disabled. Security Hub does not check against
+-- disabled controls.
+standardsControl_controlStatus :: Lens.Lens' StandardsControl (Prelude.Maybe ControlStatus)
+standardsControl_controlStatus = Lens.lens (\StandardsControl' {controlStatus} -> controlStatus) (\s@StandardsControl' {} a -> s {controlStatus = a} :: StandardsControl)
+
+-- | The date and time that the status of the security standard control was
+-- most recently updated.
+standardsControl_controlStatusUpdatedAt :: Lens.Lens' StandardsControl (Prelude.Maybe Prelude.UTCTime)
+standardsControl_controlStatusUpdatedAt = Lens.lens (\StandardsControl' {controlStatusUpdatedAt} -> controlStatusUpdatedAt) (\s@StandardsControl' {} a -> s {controlStatusUpdatedAt = a} :: StandardsControl) Prelude.. Lens.mapping Data._Time
+
+-- | The longer description of the security standard control. Provides
+-- information about what the control is checking for.
+standardsControl_description :: Lens.Lens' StandardsControl (Prelude.Maybe Prelude.Text)
+standardsControl_description = Lens.lens (\StandardsControl' {description} -> description) (\s@StandardsControl' {} a -> s {description = a} :: StandardsControl)
+
+-- | The reason provided for the most recent change in status for the
+-- control.
+standardsControl_disabledReason :: Lens.Lens' StandardsControl (Prelude.Maybe Prelude.Text)
+standardsControl_disabledReason = Lens.lens (\StandardsControl' {disabledReason} -> disabledReason) (\s@StandardsControl' {} a -> s {disabledReason = a} :: StandardsControl)
+
+-- | The list of requirements that are related to this control.
+standardsControl_relatedRequirements :: Lens.Lens' StandardsControl (Prelude.Maybe [Prelude.Text])
+standardsControl_relatedRequirements = Lens.lens (\StandardsControl' {relatedRequirements} -> relatedRequirements) (\s@StandardsControl' {} a -> s {relatedRequirements = a} :: StandardsControl) Prelude.. Lens.mapping Lens.coerced
+
+-- | A link to remediation information for the control in the Security Hub
+-- user documentation.
+standardsControl_remediationUrl :: Lens.Lens' StandardsControl (Prelude.Maybe Prelude.Text)
+standardsControl_remediationUrl = Lens.lens (\StandardsControl' {remediationUrl} -> remediationUrl) (\s@StandardsControl' {} a -> s {remediationUrl = a} :: StandardsControl)
+
+-- | The severity of findings generated from this security standard control.
+--
+-- The finding severity is based on an assessment of how easy it would be
+-- to compromise Amazon Web Services resources if the issue is detected.
+standardsControl_severityRating :: Lens.Lens' StandardsControl (Prelude.Maybe SeverityRating)
+standardsControl_severityRating = Lens.lens (\StandardsControl' {severityRating} -> severityRating) (\s@StandardsControl' {} a -> s {severityRating = a} :: StandardsControl)
+
+-- | The ARN of the security standard control.
+standardsControl_standardsControlArn :: Lens.Lens' StandardsControl (Prelude.Maybe Prelude.Text)
+standardsControl_standardsControlArn = Lens.lens (\StandardsControl' {standardsControlArn} -> standardsControlArn) (\s@StandardsControl' {} a -> s {standardsControlArn = a} :: StandardsControl)
+
+-- | The title of the security standard control.
+standardsControl_title :: Lens.Lens' StandardsControl (Prelude.Maybe Prelude.Text)
+standardsControl_title = Lens.lens (\StandardsControl' {title} -> title) (\s@StandardsControl' {} a -> s {title = a} :: StandardsControl)
+
+instance Data.FromJSON StandardsControl where
+  parseJSON =
+    Data.withObject
+      "StandardsControl"
+      ( \x ->
+          StandardsControl'
+            Prelude.<$> (x Data..:? "ControlId")
+            Prelude.<*> (x Data..:? "ControlStatus")
+            Prelude.<*> (x Data..:? "ControlStatusUpdatedAt")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "DisabledReason")
+            Prelude.<*> ( x
+                            Data..:? "RelatedRequirements"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "RemediationUrl")
+            Prelude.<*> (x Data..:? "SeverityRating")
+            Prelude.<*> (x Data..:? "StandardsControlArn")
+            Prelude.<*> (x Data..:? "Title")
+      )
+
+instance Prelude.Hashable StandardsControl where
+  hashWithSalt _salt StandardsControl' {..} =
+    _salt
+      `Prelude.hashWithSalt` controlId
+      `Prelude.hashWithSalt` controlStatus
+      `Prelude.hashWithSalt` controlStatusUpdatedAt
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` disabledReason
+      `Prelude.hashWithSalt` relatedRequirements
+      `Prelude.hashWithSalt` remediationUrl
+      `Prelude.hashWithSalt` severityRating
+      `Prelude.hashWithSalt` standardsControlArn
+      `Prelude.hashWithSalt` title
+
+instance Prelude.NFData StandardsControl where
+  rnf StandardsControl' {..} =
+    Prelude.rnf controlId
+      `Prelude.seq` Prelude.rnf controlStatus
+      `Prelude.seq` Prelude.rnf controlStatusUpdatedAt
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf disabledReason
+      `Prelude.seq` Prelude.rnf relatedRequirements
+      `Prelude.seq` Prelude.rnf remediationUrl
+      `Prelude.seq` Prelude.rnf severityRating
+      `Prelude.seq` Prelude.rnf standardsControlArn
+      `Prelude.seq` Prelude.rnf title
diff --git a/gen/Amazonka/SecurityHub/Types/StandardsManagedBy.hs b/gen/Amazonka/SecurityHub/Types/StandardsManagedBy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/StandardsManagedBy.hs
@@ -0,0 +1,93 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.StandardsManagedBy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.StandardsManagedBy where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about the management of a security standard.
+--
+-- /See:/ 'newStandardsManagedBy' smart constructor.
+data StandardsManagedBy = StandardsManagedBy'
+  { -- | An identifier for the company that manages a specific security standard.
+    -- For existing standards, the value is equal to @Amazon Web Services@.
+    company :: Prelude.Maybe Prelude.Text,
+    -- | An identifier for the product that manages a specific security standard.
+    -- For existing standards, the value is equal to the Amazon Web Services
+    -- service that manages the standard.
+    product :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StandardsManagedBy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'company', 'standardsManagedBy_company' - An identifier for the company that manages a specific security standard.
+-- For existing standards, the value is equal to @Amazon Web Services@.
+--
+-- 'product', 'standardsManagedBy_product' - An identifier for the product that manages a specific security standard.
+-- For existing standards, the value is equal to the Amazon Web Services
+-- service that manages the standard.
+newStandardsManagedBy ::
+  StandardsManagedBy
+newStandardsManagedBy =
+  StandardsManagedBy'
+    { company = Prelude.Nothing,
+      product = Prelude.Nothing
+    }
+
+-- | An identifier for the company that manages a specific security standard.
+-- For existing standards, the value is equal to @Amazon Web Services@.
+standardsManagedBy_company :: Lens.Lens' StandardsManagedBy (Prelude.Maybe Prelude.Text)
+standardsManagedBy_company = Lens.lens (\StandardsManagedBy' {company} -> company) (\s@StandardsManagedBy' {} a -> s {company = a} :: StandardsManagedBy)
+
+-- | An identifier for the product that manages a specific security standard.
+-- For existing standards, the value is equal to the Amazon Web Services
+-- service that manages the standard.
+standardsManagedBy_product :: Lens.Lens' StandardsManagedBy (Prelude.Maybe Prelude.Text)
+standardsManagedBy_product = Lens.lens (\StandardsManagedBy' {product} -> product) (\s@StandardsManagedBy' {} a -> s {product = a} :: StandardsManagedBy)
+
+instance Data.FromJSON StandardsManagedBy where
+  parseJSON =
+    Data.withObject
+      "StandardsManagedBy"
+      ( \x ->
+          StandardsManagedBy'
+            Prelude.<$> (x Data..:? "Company")
+            Prelude.<*> (x Data..:? "Product")
+      )
+
+instance Prelude.Hashable StandardsManagedBy where
+  hashWithSalt _salt StandardsManagedBy' {..} =
+    _salt
+      `Prelude.hashWithSalt` company
+      `Prelude.hashWithSalt` product
+
+instance Prelude.NFData StandardsManagedBy where
+  rnf StandardsManagedBy' {..} =
+    Prelude.rnf company
+      `Prelude.seq` Prelude.rnf product
diff --git a/gen/Amazonka/SecurityHub/Types/StandardsStatus.hs b/gen/Amazonka/SecurityHub/Types/StandardsStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/StandardsStatus.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.StandardsStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.StandardsStatus
+  ( StandardsStatus
+      ( ..,
+        StandardsStatus_DELETING,
+        StandardsStatus_FAILED,
+        StandardsStatus_INCOMPLETE,
+        StandardsStatus_PENDING,
+        StandardsStatus_READY
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype StandardsStatus = StandardsStatus'
+  { fromStandardsStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern StandardsStatus_DELETING :: StandardsStatus
+pattern StandardsStatus_DELETING = StandardsStatus' "DELETING"
+
+pattern StandardsStatus_FAILED :: StandardsStatus
+pattern StandardsStatus_FAILED = StandardsStatus' "FAILED"
+
+pattern StandardsStatus_INCOMPLETE :: StandardsStatus
+pattern StandardsStatus_INCOMPLETE = StandardsStatus' "INCOMPLETE"
+
+pattern StandardsStatus_PENDING :: StandardsStatus
+pattern StandardsStatus_PENDING = StandardsStatus' "PENDING"
+
+pattern StandardsStatus_READY :: StandardsStatus
+pattern StandardsStatus_READY = StandardsStatus' "READY"
+
+{-# COMPLETE
+  StandardsStatus_DELETING,
+  StandardsStatus_FAILED,
+  StandardsStatus_INCOMPLETE,
+  StandardsStatus_PENDING,
+  StandardsStatus_READY,
+  StandardsStatus'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/StandardsStatusReason.hs b/gen/Amazonka/SecurityHub/Types/StandardsStatusReason.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/StandardsStatusReason.hs
@@ -0,0 +1,78 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.StandardsStatusReason
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.StandardsStatusReason where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.StatusReasonCode
+
+-- | The reason for the current status of a standard subscription.
+--
+-- /See:/ 'newStandardsStatusReason' smart constructor.
+data StandardsStatusReason = StandardsStatusReason'
+  { -- | The reason code that represents the reason for the current status of a
+    -- standard subscription.
+    statusReasonCode :: StatusReasonCode
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StandardsStatusReason' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'statusReasonCode', 'standardsStatusReason_statusReasonCode' - The reason code that represents the reason for the current status of a
+-- standard subscription.
+newStandardsStatusReason ::
+  -- | 'statusReasonCode'
+  StatusReasonCode ->
+  StandardsStatusReason
+newStandardsStatusReason pStatusReasonCode_ =
+  StandardsStatusReason'
+    { statusReasonCode =
+        pStatusReasonCode_
+    }
+
+-- | The reason code that represents the reason for the current status of a
+-- standard subscription.
+standardsStatusReason_statusReasonCode :: Lens.Lens' StandardsStatusReason StatusReasonCode
+standardsStatusReason_statusReasonCode = Lens.lens (\StandardsStatusReason' {statusReasonCode} -> statusReasonCode) (\s@StandardsStatusReason' {} a -> s {statusReasonCode = a} :: StandardsStatusReason)
+
+instance Data.FromJSON StandardsStatusReason where
+  parseJSON =
+    Data.withObject
+      "StandardsStatusReason"
+      ( \x ->
+          StandardsStatusReason'
+            Prelude.<$> (x Data..: "StatusReasonCode")
+      )
+
+instance Prelude.Hashable StandardsStatusReason where
+  hashWithSalt _salt StandardsStatusReason' {..} =
+    _salt `Prelude.hashWithSalt` statusReasonCode
+
+instance Prelude.NFData StandardsStatusReason where
+  rnf StandardsStatusReason' {..} =
+    Prelude.rnf statusReasonCode
diff --git a/gen/Amazonka/SecurityHub/Types/StandardsSubscription.hs b/gen/Amazonka/SecurityHub/Types/StandardsSubscription.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/StandardsSubscription.hs
@@ -0,0 +1,175 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.StandardsSubscription
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.StandardsSubscription where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.StandardsStatus
+import Amazonka.SecurityHub.Types.StandardsStatusReason
+
+-- | A resource that represents your subscription to a supported standard.
+--
+-- /See:/ 'newStandardsSubscription' smart constructor.
+data StandardsSubscription = StandardsSubscription'
+  { -- | The reason for the current status.
+    standardsStatusReason :: Prelude.Maybe StandardsStatusReason,
+    -- | The ARN of a resource that represents your subscription to a supported
+    -- standard.
+    standardsSubscriptionArn :: Prelude.Text,
+    -- | The ARN of a standard.
+    standardsArn :: Prelude.Text,
+    -- | A key-value pair of input for the standard.
+    standardsInput :: Prelude.HashMap Prelude.Text Prelude.Text,
+    -- | The status of the standard subscription.
+    --
+    -- The status values are as follows:
+    --
+    -- -   @PENDING@ - Standard is in the process of being enabled.
+    --
+    -- -   @READY@ - Standard is enabled.
+    --
+    -- -   @INCOMPLETE@ - Standard could not be enabled completely. Some
+    --     controls may not be available.
+    --
+    -- -   @DELETING@ - Standard is in the process of being disabled.
+    --
+    -- -   @FAILED@ - Standard could not be disabled.
+    standardsStatus :: StandardsStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StandardsSubscription' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'standardsStatusReason', 'standardsSubscription_standardsStatusReason' - The reason for the current status.
+--
+-- 'standardsSubscriptionArn', 'standardsSubscription_standardsSubscriptionArn' - The ARN of a resource that represents your subscription to a supported
+-- standard.
+--
+-- 'standardsArn', 'standardsSubscription_standardsArn' - The ARN of a standard.
+--
+-- 'standardsInput', 'standardsSubscription_standardsInput' - A key-value pair of input for the standard.
+--
+-- 'standardsStatus', 'standardsSubscription_standardsStatus' - The status of the standard subscription.
+--
+-- The status values are as follows:
+--
+-- -   @PENDING@ - Standard is in the process of being enabled.
+--
+-- -   @READY@ - Standard is enabled.
+--
+-- -   @INCOMPLETE@ - Standard could not be enabled completely. Some
+--     controls may not be available.
+--
+-- -   @DELETING@ - Standard is in the process of being disabled.
+--
+-- -   @FAILED@ - Standard could not be disabled.
+newStandardsSubscription ::
+  -- | 'standardsSubscriptionArn'
+  Prelude.Text ->
+  -- | 'standardsArn'
+  Prelude.Text ->
+  -- | 'standardsStatus'
+  StandardsStatus ->
+  StandardsSubscription
+newStandardsSubscription
+  pStandardsSubscriptionArn_
+  pStandardsArn_
+  pStandardsStatus_ =
+    StandardsSubscription'
+      { standardsStatusReason =
+          Prelude.Nothing,
+        standardsSubscriptionArn =
+          pStandardsSubscriptionArn_,
+        standardsArn = pStandardsArn_,
+        standardsInput = Prelude.mempty,
+        standardsStatus = pStandardsStatus_
+      }
+
+-- | The reason for the current status.
+standardsSubscription_standardsStatusReason :: Lens.Lens' StandardsSubscription (Prelude.Maybe StandardsStatusReason)
+standardsSubscription_standardsStatusReason = Lens.lens (\StandardsSubscription' {standardsStatusReason} -> standardsStatusReason) (\s@StandardsSubscription' {} a -> s {standardsStatusReason = a} :: StandardsSubscription)
+
+-- | The ARN of a resource that represents your subscription to a supported
+-- standard.
+standardsSubscription_standardsSubscriptionArn :: Lens.Lens' StandardsSubscription Prelude.Text
+standardsSubscription_standardsSubscriptionArn = Lens.lens (\StandardsSubscription' {standardsSubscriptionArn} -> standardsSubscriptionArn) (\s@StandardsSubscription' {} a -> s {standardsSubscriptionArn = a} :: StandardsSubscription)
+
+-- | The ARN of a standard.
+standardsSubscription_standardsArn :: Lens.Lens' StandardsSubscription Prelude.Text
+standardsSubscription_standardsArn = Lens.lens (\StandardsSubscription' {standardsArn} -> standardsArn) (\s@StandardsSubscription' {} a -> s {standardsArn = a} :: StandardsSubscription)
+
+-- | A key-value pair of input for the standard.
+standardsSubscription_standardsInput :: Lens.Lens' StandardsSubscription (Prelude.HashMap Prelude.Text Prelude.Text)
+standardsSubscription_standardsInput = Lens.lens (\StandardsSubscription' {standardsInput} -> standardsInput) (\s@StandardsSubscription' {} a -> s {standardsInput = a} :: StandardsSubscription) Prelude.. Lens.coerced
+
+-- | The status of the standard subscription.
+--
+-- The status values are as follows:
+--
+-- -   @PENDING@ - Standard is in the process of being enabled.
+--
+-- -   @READY@ - Standard is enabled.
+--
+-- -   @INCOMPLETE@ - Standard could not be enabled completely. Some
+--     controls may not be available.
+--
+-- -   @DELETING@ - Standard is in the process of being disabled.
+--
+-- -   @FAILED@ - Standard could not be disabled.
+standardsSubscription_standardsStatus :: Lens.Lens' StandardsSubscription StandardsStatus
+standardsSubscription_standardsStatus = Lens.lens (\StandardsSubscription' {standardsStatus} -> standardsStatus) (\s@StandardsSubscription' {} a -> s {standardsStatus = a} :: StandardsSubscription)
+
+instance Data.FromJSON StandardsSubscription where
+  parseJSON =
+    Data.withObject
+      "StandardsSubscription"
+      ( \x ->
+          StandardsSubscription'
+            Prelude.<$> (x Data..:? "StandardsStatusReason")
+            Prelude.<*> (x Data..: "StandardsSubscriptionArn")
+            Prelude.<*> (x Data..: "StandardsArn")
+            Prelude.<*> (x Data..:? "StandardsInput" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "StandardsStatus")
+      )
+
+instance Prelude.Hashable StandardsSubscription where
+  hashWithSalt _salt StandardsSubscription' {..} =
+    _salt
+      `Prelude.hashWithSalt` standardsStatusReason
+      `Prelude.hashWithSalt` standardsSubscriptionArn
+      `Prelude.hashWithSalt` standardsArn
+      `Prelude.hashWithSalt` standardsInput
+      `Prelude.hashWithSalt` standardsStatus
+
+instance Prelude.NFData StandardsSubscription where
+  rnf StandardsSubscription' {..} =
+    Prelude.rnf standardsStatusReason
+      `Prelude.seq` Prelude.rnf standardsSubscriptionArn
+      `Prelude.seq` Prelude.rnf standardsArn
+      `Prelude.seq` Prelude.rnf standardsInput
+      `Prelude.seq` Prelude.rnf standardsStatus
diff --git a/gen/Amazonka/SecurityHub/Types/StandardsSubscriptionRequest.hs b/gen/Amazonka/SecurityHub/Types/StandardsSubscriptionRequest.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/StandardsSubscriptionRequest.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.StandardsSubscriptionRequest
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.StandardsSubscriptionRequest where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The standard that you want to enable.
+--
+-- /See:/ 'newStandardsSubscriptionRequest' smart constructor.
+data StandardsSubscriptionRequest = StandardsSubscriptionRequest'
+  { -- | A key-value pair of input for the standard.
+    standardsInput :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The ARN of the standard that you want to enable. To view the list of
+    -- available standards and their ARNs, use the @DescribeStandards@
+    -- operation.
+    standardsArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StandardsSubscriptionRequest' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'standardsInput', 'standardsSubscriptionRequest_standardsInput' - A key-value pair of input for the standard.
+--
+-- 'standardsArn', 'standardsSubscriptionRequest_standardsArn' - The ARN of the standard that you want to enable. To view the list of
+-- available standards and their ARNs, use the @DescribeStandards@
+-- operation.
+newStandardsSubscriptionRequest ::
+  -- | 'standardsArn'
+  Prelude.Text ->
+  StandardsSubscriptionRequest
+newStandardsSubscriptionRequest pStandardsArn_ =
+  StandardsSubscriptionRequest'
+    { standardsInput =
+        Prelude.Nothing,
+      standardsArn = pStandardsArn_
+    }
+
+-- | A key-value pair of input for the standard.
+standardsSubscriptionRequest_standardsInput :: Lens.Lens' StandardsSubscriptionRequest (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+standardsSubscriptionRequest_standardsInput = Lens.lens (\StandardsSubscriptionRequest' {standardsInput} -> standardsInput) (\s@StandardsSubscriptionRequest' {} a -> s {standardsInput = a} :: StandardsSubscriptionRequest) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN of the standard that you want to enable. To view the list of
+-- available standards and their ARNs, use the @DescribeStandards@
+-- operation.
+standardsSubscriptionRequest_standardsArn :: Lens.Lens' StandardsSubscriptionRequest Prelude.Text
+standardsSubscriptionRequest_standardsArn = Lens.lens (\StandardsSubscriptionRequest' {standardsArn} -> standardsArn) (\s@StandardsSubscriptionRequest' {} a -> s {standardsArn = a} :: StandardsSubscriptionRequest)
+
+instance
+  Prelude.Hashable
+    StandardsSubscriptionRequest
+  where
+  hashWithSalt _salt StandardsSubscriptionRequest' {..} =
+    _salt
+      `Prelude.hashWithSalt` standardsInput
+      `Prelude.hashWithSalt` standardsArn
+
+instance Prelude.NFData StandardsSubscriptionRequest where
+  rnf StandardsSubscriptionRequest' {..} =
+    Prelude.rnf standardsInput
+      `Prelude.seq` Prelude.rnf standardsArn
+
+instance Data.ToJSON StandardsSubscriptionRequest where
+  toJSON StandardsSubscriptionRequest' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("StandardsInput" Data..=)
+              Prelude.<$> standardsInput,
+            Prelude.Just ("StandardsArn" Data..= standardsArn)
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/StatelessCustomActionDefinition.hs b/gen/Amazonka/SecurityHub/Types/StatelessCustomActionDefinition.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/StatelessCustomActionDefinition.hs
@@ -0,0 +1,94 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.StatelessCustomActionDefinition
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.StatelessCustomActionDefinition where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.StatelessCustomPublishMetricAction
+
+-- | The definition of a custom action that can be used for stateless packet
+-- handling.
+--
+-- /See:/ 'newStatelessCustomActionDefinition' smart constructor.
+data StatelessCustomActionDefinition = StatelessCustomActionDefinition'
+  { -- | Information about metrics to publish to CloudWatch.
+    publishMetricAction :: Prelude.Maybe StatelessCustomPublishMetricAction
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StatelessCustomActionDefinition' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'publishMetricAction', 'statelessCustomActionDefinition_publishMetricAction' - Information about metrics to publish to CloudWatch.
+newStatelessCustomActionDefinition ::
+  StatelessCustomActionDefinition
+newStatelessCustomActionDefinition =
+  StatelessCustomActionDefinition'
+    { publishMetricAction =
+        Prelude.Nothing
+    }
+
+-- | Information about metrics to publish to CloudWatch.
+statelessCustomActionDefinition_publishMetricAction :: Lens.Lens' StatelessCustomActionDefinition (Prelude.Maybe StatelessCustomPublishMetricAction)
+statelessCustomActionDefinition_publishMetricAction = Lens.lens (\StatelessCustomActionDefinition' {publishMetricAction} -> publishMetricAction) (\s@StatelessCustomActionDefinition' {} a -> s {publishMetricAction = a} :: StatelessCustomActionDefinition)
+
+instance
+  Data.FromJSON
+    StatelessCustomActionDefinition
+  where
+  parseJSON =
+    Data.withObject
+      "StatelessCustomActionDefinition"
+      ( \x ->
+          StatelessCustomActionDefinition'
+            Prelude.<$> (x Data..:? "PublishMetricAction")
+      )
+
+instance
+  Prelude.Hashable
+    StatelessCustomActionDefinition
+  where
+  hashWithSalt
+    _salt
+    StatelessCustomActionDefinition' {..} =
+      _salt `Prelude.hashWithSalt` publishMetricAction
+
+instance
+  Prelude.NFData
+    StatelessCustomActionDefinition
+  where
+  rnf StatelessCustomActionDefinition' {..} =
+    Prelude.rnf publishMetricAction
+
+instance Data.ToJSON StatelessCustomActionDefinition where
+  toJSON StatelessCustomActionDefinition' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("PublishMetricAction" Data..=)
+              Prelude.<$> publishMetricAction
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/StatelessCustomPublishMetricAction.hs b/gen/Amazonka/SecurityHub/Types/StatelessCustomPublishMetricAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/StatelessCustomPublishMetricAction.hs
@@ -0,0 +1,94 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.StatelessCustomPublishMetricAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.StatelessCustomPublishMetricAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.StatelessCustomPublishMetricActionDimension
+
+-- | Information about metrics to publish to CloudWatch.
+--
+-- /See:/ 'newStatelessCustomPublishMetricAction' smart constructor.
+data StatelessCustomPublishMetricAction = StatelessCustomPublishMetricAction'
+  { -- | Defines CloudWatch dimension values to publish.
+    dimensions :: Prelude.Maybe [StatelessCustomPublishMetricActionDimension]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StatelessCustomPublishMetricAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dimensions', 'statelessCustomPublishMetricAction_dimensions' - Defines CloudWatch dimension values to publish.
+newStatelessCustomPublishMetricAction ::
+  StatelessCustomPublishMetricAction
+newStatelessCustomPublishMetricAction =
+  StatelessCustomPublishMetricAction'
+    { dimensions =
+        Prelude.Nothing
+    }
+
+-- | Defines CloudWatch dimension values to publish.
+statelessCustomPublishMetricAction_dimensions :: Lens.Lens' StatelessCustomPublishMetricAction (Prelude.Maybe [StatelessCustomPublishMetricActionDimension])
+statelessCustomPublishMetricAction_dimensions = Lens.lens (\StatelessCustomPublishMetricAction' {dimensions} -> dimensions) (\s@StatelessCustomPublishMetricAction' {} a -> s {dimensions = a} :: StatelessCustomPublishMetricAction) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Data.FromJSON
+    StatelessCustomPublishMetricAction
+  where
+  parseJSON =
+    Data.withObject
+      "StatelessCustomPublishMetricAction"
+      ( \x ->
+          StatelessCustomPublishMetricAction'
+            Prelude.<$> (x Data..:? "Dimensions" Data..!= Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    StatelessCustomPublishMetricAction
+  where
+  hashWithSalt
+    _salt
+    StatelessCustomPublishMetricAction' {..} =
+      _salt `Prelude.hashWithSalt` dimensions
+
+instance
+  Prelude.NFData
+    StatelessCustomPublishMetricAction
+  where
+  rnf StatelessCustomPublishMetricAction' {..} =
+    Prelude.rnf dimensions
+
+instance
+  Data.ToJSON
+    StatelessCustomPublishMetricAction
+  where
+  toJSON StatelessCustomPublishMetricAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Dimensions" Data..=) Prelude.<$> dimensions]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/StatelessCustomPublishMetricActionDimension.hs b/gen/Amazonka/SecurityHub/Types/StatelessCustomPublishMetricActionDimension.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/StatelessCustomPublishMetricActionDimension.hs
@@ -0,0 +1,94 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.StatelessCustomPublishMetricActionDimension
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.StatelessCustomPublishMetricActionDimension where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Defines a CloudWatch dimension value to publish.
+--
+-- /See:/ 'newStatelessCustomPublishMetricActionDimension' smart constructor.
+data StatelessCustomPublishMetricActionDimension = StatelessCustomPublishMetricActionDimension'
+  { -- | The value to use for the custom metric dimension.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StatelessCustomPublishMetricActionDimension' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'value', 'statelessCustomPublishMetricActionDimension_value' - The value to use for the custom metric dimension.
+newStatelessCustomPublishMetricActionDimension ::
+  StatelessCustomPublishMetricActionDimension
+newStatelessCustomPublishMetricActionDimension =
+  StatelessCustomPublishMetricActionDimension'
+    { value =
+        Prelude.Nothing
+    }
+
+-- | The value to use for the custom metric dimension.
+statelessCustomPublishMetricActionDimension_value :: Lens.Lens' StatelessCustomPublishMetricActionDimension (Prelude.Maybe Prelude.Text)
+statelessCustomPublishMetricActionDimension_value = Lens.lens (\StatelessCustomPublishMetricActionDimension' {value} -> value) (\s@StatelessCustomPublishMetricActionDimension' {} a -> s {value = a} :: StatelessCustomPublishMetricActionDimension)
+
+instance
+  Data.FromJSON
+    StatelessCustomPublishMetricActionDimension
+  where
+  parseJSON =
+    Data.withObject
+      "StatelessCustomPublishMetricActionDimension"
+      ( \x ->
+          StatelessCustomPublishMetricActionDimension'
+            Prelude.<$> (x Data..:? "Value")
+      )
+
+instance
+  Prelude.Hashable
+    StatelessCustomPublishMetricActionDimension
+  where
+  hashWithSalt
+    _salt
+    StatelessCustomPublishMetricActionDimension' {..} =
+      _salt `Prelude.hashWithSalt` value
+
+instance
+  Prelude.NFData
+    StatelessCustomPublishMetricActionDimension
+  where
+  rnf StatelessCustomPublishMetricActionDimension' {..} =
+    Prelude.rnf value
+
+instance
+  Data.ToJSON
+    StatelessCustomPublishMetricActionDimension
+  where
+  toJSON
+    StatelessCustomPublishMetricActionDimension' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [("Value" Data..=) Prelude.<$> value]
+        )
diff --git a/gen/Amazonka/SecurityHub/Types/StatusReason.hs b/gen/Amazonka/SecurityHub/Types/StatusReason.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/StatusReason.hs
@@ -0,0 +1,104 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.StatusReason
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.StatusReason where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides additional context for the value of @Compliance.Status@.
+--
+-- /See:/ 'newStatusReason' smart constructor.
+data StatusReason = StatusReason'
+  { -- | The corresponding description for the status reason code.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | A code that represents a reason for the control status. For the list of
+    -- status reason codes and their meanings, see
+    -- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff Standards-related information in the ASFF>
+    -- in the /Security Hub User Guide/.
+    reasonCode :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StatusReason' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'statusReason_description' - The corresponding description for the status reason code.
+--
+-- 'reasonCode', 'statusReason_reasonCode' - A code that represents a reason for the control status. For the list of
+-- status reason codes and their meanings, see
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff Standards-related information in the ASFF>
+-- in the /Security Hub User Guide/.
+newStatusReason ::
+  -- | 'reasonCode'
+  Prelude.Text ->
+  StatusReason
+newStatusReason pReasonCode_ =
+  StatusReason'
+    { description = Prelude.Nothing,
+      reasonCode = pReasonCode_
+    }
+
+-- | The corresponding description for the status reason code.
+statusReason_description :: Lens.Lens' StatusReason (Prelude.Maybe Prelude.Text)
+statusReason_description = Lens.lens (\StatusReason' {description} -> description) (\s@StatusReason' {} a -> s {description = a} :: StatusReason)
+
+-- | A code that represents a reason for the control status. For the list of
+-- status reason codes and their meanings, see
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff Standards-related information in the ASFF>
+-- in the /Security Hub User Guide/.
+statusReason_reasonCode :: Lens.Lens' StatusReason Prelude.Text
+statusReason_reasonCode = Lens.lens (\StatusReason' {reasonCode} -> reasonCode) (\s@StatusReason' {} a -> s {reasonCode = a} :: StatusReason)
+
+instance Data.FromJSON StatusReason where
+  parseJSON =
+    Data.withObject
+      "StatusReason"
+      ( \x ->
+          StatusReason'
+            Prelude.<$> (x Data..:? "Description")
+            Prelude.<*> (x Data..: "ReasonCode")
+      )
+
+instance Prelude.Hashable StatusReason where
+  hashWithSalt _salt StatusReason' {..} =
+    _salt
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` reasonCode
+
+instance Prelude.NFData StatusReason where
+  rnf StatusReason' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf reasonCode
+
+instance Data.ToJSON StatusReason where
+  toJSON StatusReason' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Description" Data..=) Prelude.<$> description,
+            Prelude.Just ("ReasonCode" Data..= reasonCode)
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/StatusReasonCode.hs b/gen/Amazonka/SecurityHub/Types/StatusReasonCode.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/StatusReasonCode.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.StatusReasonCode
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.StatusReasonCode
+  ( StatusReasonCode
+      ( ..,
+        StatusReasonCode_INTERNAL_ERROR,
+        StatusReasonCode_NO_AVAILABLE_CONFIGURATION_RECORDER
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype StatusReasonCode = StatusReasonCode'
+  { fromStatusReasonCode ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern StatusReasonCode_INTERNAL_ERROR :: StatusReasonCode
+pattern StatusReasonCode_INTERNAL_ERROR = StatusReasonCode' "INTERNAL_ERROR"
+
+pattern StatusReasonCode_NO_AVAILABLE_CONFIGURATION_RECORDER :: StatusReasonCode
+pattern StatusReasonCode_NO_AVAILABLE_CONFIGURATION_RECORDER = StatusReasonCode' "NO_AVAILABLE_CONFIGURATION_RECORDER"
+
+{-# COMPLETE
+  StatusReasonCode_INTERNAL_ERROR,
+  StatusReasonCode_NO_AVAILABLE_CONFIGURATION_RECORDER,
+  StatusReasonCode'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/StringFilter.hs b/gen/Amazonka/SecurityHub/Types/StringFilter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/StringFilter.hs
@@ -0,0 +1,298 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.StringFilter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.StringFilter where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.StringFilterComparison
+
+-- | A string filter for querying findings.
+--
+-- /See:/ 'newStringFilter' smart constructor.
+data StringFilter = StringFilter'
+  { -- | The condition to apply to a string value when querying for findings. To
+    -- search for values that contain the filter criteria value, use one of the
+    -- following comparison operators:
+    --
+    -- -   To search for values that exactly match the filter value, use
+    --     @EQUALS@.
+    --
+    --     For example, the filter @ResourceType EQUALS AwsEc2SecurityGroup@
+    --     only matches findings that have a resource type of
+    --     @AwsEc2SecurityGroup@.
+    --
+    -- -   To search for values that start with the filter value, use @PREFIX@.
+    --
+    --     For example, the filter @ResourceType PREFIX AwsIam@ matches
+    --     findings that have a resource type that starts with @AwsIam@.
+    --     Findings with a resource type of @AwsIamPolicy@, @AwsIamRole@, or
+    --     @AwsIamUser@ would all match.
+    --
+    -- @EQUALS@ and @PREFIX@ filters on the same field are joined by @OR@. A
+    -- finding matches if it matches any one of those filters.
+    --
+    -- To search for values that do not contain the filter criteria value, use
+    -- one of the following comparison operators:
+    --
+    -- -   To search for values that do not exactly match the filter value, use
+    --     @NOT_EQUALS@.
+    --
+    --     For example, the filter @ResourceType NOT_EQUALS AwsIamPolicy@
+    --     matches findings that have a resource type other than
+    --     @AwsIamPolicy@.
+    --
+    -- -   To search for values that do not start with the filter value, use
+    --     @PREFIX_NOT_EQUALS@.
+    --
+    --     For example, the filter @ResourceType PREFIX_NOT_EQUALS AwsIam@
+    --     matches findings that have a resource type that does not start with
+    --     @AwsIam@. Findings with a resource type of @AwsIamPolicy@,
+    --     @AwsIamRole@, or @AwsIamUser@ would all be excluded from the
+    --     results.
+    --
+    -- @NOT_EQUALS@ and @PREFIX_NOT_EQUALS@ filters on the same field are
+    -- joined by @AND@. A finding matches only if it matches all of those
+    -- filters.
+    --
+    -- For filters on the same field, you cannot provide both an @EQUALS@
+    -- filter and a @NOT_EQUALS@ or @PREFIX_NOT_EQUALS@ filter. Combining
+    -- filters in this way always returns an error, even if the provided filter
+    -- values would return valid results.
+    --
+    -- You can combine @PREFIX@ filters with @NOT_EQUALS@ or
+    -- @PREFIX_NOT_EQUALS@ filters for the same field. Security Hub first
+    -- processes the @PREFIX@ filters, then the @NOT_EQUALS@ or
+    -- @PREFIX_NOT_EQUALS@ filters.
+    --
+    -- For example, for the following filter, Security Hub first identifies
+    -- findings that have resource types that start with either @AwsIAM@ or
+    -- @AwsEc2@. It then excludes findings that have a resource type of
+    -- @AwsIamPolicy@ and findings that have a resource type of
+    -- @AwsEc2NetworkInterface@.
+    --
+    -- -   @ResourceType PREFIX AwsIam@
+    --
+    -- -   @ResourceType PREFIX AwsEc2@
+    --
+    -- -   @ResourceType NOT_EQUALS AwsIamPolicy@
+    --
+    -- -   @ResourceType NOT_EQUALS AwsEc2NetworkInterface@
+    comparison :: Prelude.Maybe StringFilterComparison,
+    -- | The string filter value. Filter values are case sensitive. For example,
+    -- the product name for control-based findings is @Security Hub@. If you
+    -- provide @security hub@ as the filter text, then there is no match.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StringFilter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'comparison', 'stringFilter_comparison' - The condition to apply to a string value when querying for findings. To
+-- search for values that contain the filter criteria value, use one of the
+-- following comparison operators:
+--
+-- -   To search for values that exactly match the filter value, use
+--     @EQUALS@.
+--
+--     For example, the filter @ResourceType EQUALS AwsEc2SecurityGroup@
+--     only matches findings that have a resource type of
+--     @AwsEc2SecurityGroup@.
+--
+-- -   To search for values that start with the filter value, use @PREFIX@.
+--
+--     For example, the filter @ResourceType PREFIX AwsIam@ matches
+--     findings that have a resource type that starts with @AwsIam@.
+--     Findings with a resource type of @AwsIamPolicy@, @AwsIamRole@, or
+--     @AwsIamUser@ would all match.
+--
+-- @EQUALS@ and @PREFIX@ filters on the same field are joined by @OR@. A
+-- finding matches if it matches any one of those filters.
+--
+-- To search for values that do not contain the filter criteria value, use
+-- one of the following comparison operators:
+--
+-- -   To search for values that do not exactly match the filter value, use
+--     @NOT_EQUALS@.
+--
+--     For example, the filter @ResourceType NOT_EQUALS AwsIamPolicy@
+--     matches findings that have a resource type other than
+--     @AwsIamPolicy@.
+--
+-- -   To search for values that do not start with the filter value, use
+--     @PREFIX_NOT_EQUALS@.
+--
+--     For example, the filter @ResourceType PREFIX_NOT_EQUALS AwsIam@
+--     matches findings that have a resource type that does not start with
+--     @AwsIam@. Findings with a resource type of @AwsIamPolicy@,
+--     @AwsIamRole@, or @AwsIamUser@ would all be excluded from the
+--     results.
+--
+-- @NOT_EQUALS@ and @PREFIX_NOT_EQUALS@ filters on the same field are
+-- joined by @AND@. A finding matches only if it matches all of those
+-- filters.
+--
+-- For filters on the same field, you cannot provide both an @EQUALS@
+-- filter and a @NOT_EQUALS@ or @PREFIX_NOT_EQUALS@ filter. Combining
+-- filters in this way always returns an error, even if the provided filter
+-- values would return valid results.
+--
+-- You can combine @PREFIX@ filters with @NOT_EQUALS@ or
+-- @PREFIX_NOT_EQUALS@ filters for the same field. Security Hub first
+-- processes the @PREFIX@ filters, then the @NOT_EQUALS@ or
+-- @PREFIX_NOT_EQUALS@ filters.
+--
+-- For example, for the following filter, Security Hub first identifies
+-- findings that have resource types that start with either @AwsIAM@ or
+-- @AwsEc2@. It then excludes findings that have a resource type of
+-- @AwsIamPolicy@ and findings that have a resource type of
+-- @AwsEc2NetworkInterface@.
+--
+-- -   @ResourceType PREFIX AwsIam@
+--
+-- -   @ResourceType PREFIX AwsEc2@
+--
+-- -   @ResourceType NOT_EQUALS AwsIamPolicy@
+--
+-- -   @ResourceType NOT_EQUALS AwsEc2NetworkInterface@
+--
+-- 'value', 'stringFilter_value' - The string filter value. Filter values are case sensitive. For example,
+-- the product name for control-based findings is @Security Hub@. If you
+-- provide @security hub@ as the filter text, then there is no match.
+newStringFilter ::
+  StringFilter
+newStringFilter =
+  StringFilter'
+    { comparison = Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | The condition to apply to a string value when querying for findings. To
+-- search for values that contain the filter criteria value, use one of the
+-- following comparison operators:
+--
+-- -   To search for values that exactly match the filter value, use
+--     @EQUALS@.
+--
+--     For example, the filter @ResourceType EQUALS AwsEc2SecurityGroup@
+--     only matches findings that have a resource type of
+--     @AwsEc2SecurityGroup@.
+--
+-- -   To search for values that start with the filter value, use @PREFIX@.
+--
+--     For example, the filter @ResourceType PREFIX AwsIam@ matches
+--     findings that have a resource type that starts with @AwsIam@.
+--     Findings with a resource type of @AwsIamPolicy@, @AwsIamRole@, or
+--     @AwsIamUser@ would all match.
+--
+-- @EQUALS@ and @PREFIX@ filters on the same field are joined by @OR@. A
+-- finding matches if it matches any one of those filters.
+--
+-- To search for values that do not contain the filter criteria value, use
+-- one of the following comparison operators:
+--
+-- -   To search for values that do not exactly match the filter value, use
+--     @NOT_EQUALS@.
+--
+--     For example, the filter @ResourceType NOT_EQUALS AwsIamPolicy@
+--     matches findings that have a resource type other than
+--     @AwsIamPolicy@.
+--
+-- -   To search for values that do not start with the filter value, use
+--     @PREFIX_NOT_EQUALS@.
+--
+--     For example, the filter @ResourceType PREFIX_NOT_EQUALS AwsIam@
+--     matches findings that have a resource type that does not start with
+--     @AwsIam@. Findings with a resource type of @AwsIamPolicy@,
+--     @AwsIamRole@, or @AwsIamUser@ would all be excluded from the
+--     results.
+--
+-- @NOT_EQUALS@ and @PREFIX_NOT_EQUALS@ filters on the same field are
+-- joined by @AND@. A finding matches only if it matches all of those
+-- filters.
+--
+-- For filters on the same field, you cannot provide both an @EQUALS@
+-- filter and a @NOT_EQUALS@ or @PREFIX_NOT_EQUALS@ filter. Combining
+-- filters in this way always returns an error, even if the provided filter
+-- values would return valid results.
+--
+-- You can combine @PREFIX@ filters with @NOT_EQUALS@ or
+-- @PREFIX_NOT_EQUALS@ filters for the same field. Security Hub first
+-- processes the @PREFIX@ filters, then the @NOT_EQUALS@ or
+-- @PREFIX_NOT_EQUALS@ filters.
+--
+-- For example, for the following filter, Security Hub first identifies
+-- findings that have resource types that start with either @AwsIAM@ or
+-- @AwsEc2@. It then excludes findings that have a resource type of
+-- @AwsIamPolicy@ and findings that have a resource type of
+-- @AwsEc2NetworkInterface@.
+--
+-- -   @ResourceType PREFIX AwsIam@
+--
+-- -   @ResourceType PREFIX AwsEc2@
+--
+-- -   @ResourceType NOT_EQUALS AwsIamPolicy@
+--
+-- -   @ResourceType NOT_EQUALS AwsEc2NetworkInterface@
+stringFilter_comparison :: Lens.Lens' StringFilter (Prelude.Maybe StringFilterComparison)
+stringFilter_comparison = Lens.lens (\StringFilter' {comparison} -> comparison) (\s@StringFilter' {} a -> s {comparison = a} :: StringFilter)
+
+-- | The string filter value. Filter values are case sensitive. For example,
+-- the product name for control-based findings is @Security Hub@. If you
+-- provide @security hub@ as the filter text, then there is no match.
+stringFilter_value :: Lens.Lens' StringFilter (Prelude.Maybe Prelude.Text)
+stringFilter_value = Lens.lens (\StringFilter' {value} -> value) (\s@StringFilter' {} a -> s {value = a} :: StringFilter)
+
+instance Data.FromJSON StringFilter where
+  parseJSON =
+    Data.withObject
+      "StringFilter"
+      ( \x ->
+          StringFilter'
+            Prelude.<$> (x Data..:? "Comparison")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance Prelude.Hashable StringFilter where
+  hashWithSalt _salt StringFilter' {..} =
+    _salt
+      `Prelude.hashWithSalt` comparison
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData StringFilter where
+  rnf StringFilter' {..} =
+    Prelude.rnf comparison
+      `Prelude.seq` Prelude.rnf value
+
+instance Data.ToJSON StringFilter where
+  toJSON StringFilter' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Comparison" Data..=) Prelude.<$> comparison,
+            ("Value" Data..=) Prelude.<$> value
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/StringFilterComparison.hs b/gen/Amazonka/SecurityHub/Types/StringFilterComparison.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/StringFilterComparison.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.StringFilterComparison
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.StringFilterComparison
+  ( StringFilterComparison
+      ( ..,
+        StringFilterComparison_EQUALS,
+        StringFilterComparison_NOT_EQUALS,
+        StringFilterComparison_PREFIX,
+        StringFilterComparison_PREFIX_NOT_EQUALS
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype StringFilterComparison = StringFilterComparison'
+  { fromStringFilterComparison ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern StringFilterComparison_EQUALS :: StringFilterComparison
+pattern StringFilterComparison_EQUALS = StringFilterComparison' "EQUALS"
+
+pattern StringFilterComparison_NOT_EQUALS :: StringFilterComparison
+pattern StringFilterComparison_NOT_EQUALS = StringFilterComparison' "NOT_EQUALS"
+
+pattern StringFilterComparison_PREFIX :: StringFilterComparison
+pattern StringFilterComparison_PREFIX = StringFilterComparison' "PREFIX"
+
+pattern StringFilterComparison_PREFIX_NOT_EQUALS :: StringFilterComparison
+pattern StringFilterComparison_PREFIX_NOT_EQUALS = StringFilterComparison' "PREFIX_NOT_EQUALS"
+
+{-# COMPLETE
+  StringFilterComparison_EQUALS,
+  StringFilterComparison_NOT_EQUALS,
+  StringFilterComparison_PREFIX,
+  StringFilterComparison_PREFIX_NOT_EQUALS,
+  StringFilterComparison'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/Threat.hs b/gen/Amazonka/SecurityHub/Types/Threat.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Threat.hs
@@ -0,0 +1,124 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Threat
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Threat where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.FilePaths
+
+-- | Provides information about the threat detected in a security finding and
+-- the file paths that were affected by the threat.
+--
+-- /See:/ 'newThreat' smart constructor.
+data Threat = Threat'
+  { -- | Provides information about the file paths that were affected by the
+    -- threat.
+    filePaths :: Prelude.Maybe [FilePaths],
+    -- | This total number of items in which the threat has been detected.
+    itemCount :: Prelude.Maybe Prelude.Int,
+    -- | The name of the threat.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The severity of the threat.
+    severity :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Threat' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filePaths', 'threat_filePaths' - Provides information about the file paths that were affected by the
+-- threat.
+--
+-- 'itemCount', 'threat_itemCount' - This total number of items in which the threat has been detected.
+--
+-- 'name', 'threat_name' - The name of the threat.
+--
+-- 'severity', 'threat_severity' - The severity of the threat.
+newThreat ::
+  Threat
+newThreat =
+  Threat'
+    { filePaths = Prelude.Nothing,
+      itemCount = Prelude.Nothing,
+      name = Prelude.Nothing,
+      severity = Prelude.Nothing
+    }
+
+-- | Provides information about the file paths that were affected by the
+-- threat.
+threat_filePaths :: Lens.Lens' Threat (Prelude.Maybe [FilePaths])
+threat_filePaths = Lens.lens (\Threat' {filePaths} -> filePaths) (\s@Threat' {} a -> s {filePaths = a} :: Threat) Prelude.. Lens.mapping Lens.coerced
+
+-- | This total number of items in which the threat has been detected.
+threat_itemCount :: Lens.Lens' Threat (Prelude.Maybe Prelude.Int)
+threat_itemCount = Lens.lens (\Threat' {itemCount} -> itemCount) (\s@Threat' {} a -> s {itemCount = a} :: Threat)
+
+-- | The name of the threat.
+threat_name :: Lens.Lens' Threat (Prelude.Maybe Prelude.Text)
+threat_name = Lens.lens (\Threat' {name} -> name) (\s@Threat' {} a -> s {name = a} :: Threat)
+
+-- | The severity of the threat.
+threat_severity :: Lens.Lens' Threat (Prelude.Maybe Prelude.Text)
+threat_severity = Lens.lens (\Threat' {severity} -> severity) (\s@Threat' {} a -> s {severity = a} :: Threat)
+
+instance Data.FromJSON Threat where
+  parseJSON =
+    Data.withObject
+      "Threat"
+      ( \x ->
+          Threat'
+            Prelude.<$> (x Data..:? "FilePaths" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "ItemCount")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Severity")
+      )
+
+instance Prelude.Hashable Threat where
+  hashWithSalt _salt Threat' {..} =
+    _salt
+      `Prelude.hashWithSalt` filePaths
+      `Prelude.hashWithSalt` itemCount
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` severity
+
+instance Prelude.NFData Threat where
+  rnf Threat' {..} =
+    Prelude.rnf filePaths
+      `Prelude.seq` Prelude.rnf itemCount
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf severity
+
+instance Data.ToJSON Threat where
+  toJSON Threat' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("FilePaths" Data..=) Prelude.<$> filePaths,
+            ("ItemCount" Data..=) Prelude.<$> itemCount,
+            ("Name" Data..=) Prelude.<$> name,
+            ("Severity" Data..=) Prelude.<$> severity
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/ThreatIntelIndicator.hs b/gen/Amazonka/SecurityHub/Types/ThreatIntelIndicator.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ThreatIntelIndicator.hs
@@ -0,0 +1,169 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ThreatIntelIndicator
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ThreatIntelIndicator where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.ThreatIntelIndicatorCategory
+import Amazonka.SecurityHub.Types.ThreatIntelIndicatorType
+
+-- | Details about the threat intelligence related to a finding.
+--
+-- /See:/ 'newThreatIntelIndicator' smart constructor.
+data ThreatIntelIndicator = ThreatIntelIndicator'
+  { -- | The category of a threat intelligence indicator.
+    category :: Prelude.Maybe ThreatIntelIndicatorCategory,
+    -- | Indicates when the most recent instance of a threat intelligence
+    -- indicator was observed.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    lastObservedAt :: Prelude.Maybe Prelude.Text,
+    -- | The source of the threat intelligence indicator.
+    source :: Prelude.Maybe Prelude.Text,
+    -- | The URL to the page or site where you can get more information about the
+    -- threat intelligence indicator.
+    sourceUrl :: Prelude.Maybe Prelude.Text,
+    -- | The type of threat intelligence indicator.
+    type' :: Prelude.Maybe ThreatIntelIndicatorType,
+    -- | The value of a threat intelligence indicator.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ThreatIntelIndicator' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'category', 'threatIntelIndicator_category' - The category of a threat intelligence indicator.
+--
+-- 'lastObservedAt', 'threatIntelIndicator_lastObservedAt' - Indicates when the most recent instance of a threat intelligence
+-- indicator was observed.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'source', 'threatIntelIndicator_source' - The source of the threat intelligence indicator.
+--
+-- 'sourceUrl', 'threatIntelIndicator_sourceUrl' - The URL to the page or site where you can get more information about the
+-- threat intelligence indicator.
+--
+-- 'type'', 'threatIntelIndicator_type' - The type of threat intelligence indicator.
+--
+-- 'value', 'threatIntelIndicator_value' - The value of a threat intelligence indicator.
+newThreatIntelIndicator ::
+  ThreatIntelIndicator
+newThreatIntelIndicator =
+  ThreatIntelIndicator'
+    { category = Prelude.Nothing,
+      lastObservedAt = Prelude.Nothing,
+      source = Prelude.Nothing,
+      sourceUrl = Prelude.Nothing,
+      type' = Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | The category of a threat intelligence indicator.
+threatIntelIndicator_category :: Lens.Lens' ThreatIntelIndicator (Prelude.Maybe ThreatIntelIndicatorCategory)
+threatIntelIndicator_category = Lens.lens (\ThreatIntelIndicator' {category} -> category) (\s@ThreatIntelIndicator' {} a -> s {category = a} :: ThreatIntelIndicator)
+
+-- | Indicates when the most recent instance of a threat intelligence
+-- indicator was observed.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+threatIntelIndicator_lastObservedAt :: Lens.Lens' ThreatIntelIndicator (Prelude.Maybe Prelude.Text)
+threatIntelIndicator_lastObservedAt = Lens.lens (\ThreatIntelIndicator' {lastObservedAt} -> lastObservedAt) (\s@ThreatIntelIndicator' {} a -> s {lastObservedAt = a} :: ThreatIntelIndicator)
+
+-- | The source of the threat intelligence indicator.
+threatIntelIndicator_source :: Lens.Lens' ThreatIntelIndicator (Prelude.Maybe Prelude.Text)
+threatIntelIndicator_source = Lens.lens (\ThreatIntelIndicator' {source} -> source) (\s@ThreatIntelIndicator' {} a -> s {source = a} :: ThreatIntelIndicator)
+
+-- | The URL to the page or site where you can get more information about the
+-- threat intelligence indicator.
+threatIntelIndicator_sourceUrl :: Lens.Lens' ThreatIntelIndicator (Prelude.Maybe Prelude.Text)
+threatIntelIndicator_sourceUrl = Lens.lens (\ThreatIntelIndicator' {sourceUrl} -> sourceUrl) (\s@ThreatIntelIndicator' {} a -> s {sourceUrl = a} :: ThreatIntelIndicator)
+
+-- | The type of threat intelligence indicator.
+threatIntelIndicator_type :: Lens.Lens' ThreatIntelIndicator (Prelude.Maybe ThreatIntelIndicatorType)
+threatIntelIndicator_type = Lens.lens (\ThreatIntelIndicator' {type'} -> type') (\s@ThreatIntelIndicator' {} a -> s {type' = a} :: ThreatIntelIndicator)
+
+-- | The value of a threat intelligence indicator.
+threatIntelIndicator_value :: Lens.Lens' ThreatIntelIndicator (Prelude.Maybe Prelude.Text)
+threatIntelIndicator_value = Lens.lens (\ThreatIntelIndicator' {value} -> value) (\s@ThreatIntelIndicator' {} a -> s {value = a} :: ThreatIntelIndicator)
+
+instance Data.FromJSON ThreatIntelIndicator where
+  parseJSON =
+    Data.withObject
+      "ThreatIntelIndicator"
+      ( \x ->
+          ThreatIntelIndicator'
+            Prelude.<$> (x Data..:? "Category")
+            Prelude.<*> (x Data..:? "LastObservedAt")
+            Prelude.<*> (x Data..:? "Source")
+            Prelude.<*> (x Data..:? "SourceUrl")
+            Prelude.<*> (x Data..:? "Type")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance Prelude.Hashable ThreatIntelIndicator where
+  hashWithSalt _salt ThreatIntelIndicator' {..} =
+    _salt
+      `Prelude.hashWithSalt` category
+      `Prelude.hashWithSalt` lastObservedAt
+      `Prelude.hashWithSalt` source
+      `Prelude.hashWithSalt` sourceUrl
+      `Prelude.hashWithSalt` type'
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData ThreatIntelIndicator where
+  rnf ThreatIntelIndicator' {..} =
+    Prelude.rnf category
+      `Prelude.seq` Prelude.rnf lastObservedAt
+      `Prelude.seq` Prelude.rnf source
+      `Prelude.seq` Prelude.rnf sourceUrl
+      `Prelude.seq` Prelude.rnf type'
+      `Prelude.seq` Prelude.rnf value
+
+instance Data.ToJSON ThreatIntelIndicator where
+  toJSON ThreatIntelIndicator' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Category" Data..=) Prelude.<$> category,
+            ("LastObservedAt" Data..=)
+              Prelude.<$> lastObservedAt,
+            ("Source" Data..=) Prelude.<$> source,
+            ("SourceUrl" Data..=) Prelude.<$> sourceUrl,
+            ("Type" Data..=) Prelude.<$> type',
+            ("Value" Data..=) Prelude.<$> value
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/ThreatIntelIndicatorCategory.hs b/gen/Amazonka/SecurityHub/Types/ThreatIntelIndicatorCategory.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ThreatIntelIndicatorCategory.hs
@@ -0,0 +1,91 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ThreatIntelIndicatorCategory
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ThreatIntelIndicatorCategory
+  ( ThreatIntelIndicatorCategory
+      ( ..,
+        ThreatIntelIndicatorCategory_BACKDOOR,
+        ThreatIntelIndicatorCategory_CARD_STEALER,
+        ThreatIntelIndicatorCategory_COMMAND_AND_CONTROL,
+        ThreatIntelIndicatorCategory_DROP_SITE,
+        ThreatIntelIndicatorCategory_EXPLOIT_SITE,
+        ThreatIntelIndicatorCategory_KEYLOGGER
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ThreatIntelIndicatorCategory = ThreatIntelIndicatorCategory'
+  { fromThreatIntelIndicatorCategory ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ThreatIntelIndicatorCategory_BACKDOOR :: ThreatIntelIndicatorCategory
+pattern ThreatIntelIndicatorCategory_BACKDOOR = ThreatIntelIndicatorCategory' "BACKDOOR"
+
+pattern ThreatIntelIndicatorCategory_CARD_STEALER :: ThreatIntelIndicatorCategory
+pattern ThreatIntelIndicatorCategory_CARD_STEALER = ThreatIntelIndicatorCategory' "CARD_STEALER"
+
+pattern ThreatIntelIndicatorCategory_COMMAND_AND_CONTROL :: ThreatIntelIndicatorCategory
+pattern ThreatIntelIndicatorCategory_COMMAND_AND_CONTROL = ThreatIntelIndicatorCategory' "COMMAND_AND_CONTROL"
+
+pattern ThreatIntelIndicatorCategory_DROP_SITE :: ThreatIntelIndicatorCategory
+pattern ThreatIntelIndicatorCategory_DROP_SITE = ThreatIntelIndicatorCategory' "DROP_SITE"
+
+pattern ThreatIntelIndicatorCategory_EXPLOIT_SITE :: ThreatIntelIndicatorCategory
+pattern ThreatIntelIndicatorCategory_EXPLOIT_SITE = ThreatIntelIndicatorCategory' "EXPLOIT_SITE"
+
+pattern ThreatIntelIndicatorCategory_KEYLOGGER :: ThreatIntelIndicatorCategory
+pattern ThreatIntelIndicatorCategory_KEYLOGGER = ThreatIntelIndicatorCategory' "KEYLOGGER"
+
+{-# COMPLETE
+  ThreatIntelIndicatorCategory_BACKDOOR,
+  ThreatIntelIndicatorCategory_CARD_STEALER,
+  ThreatIntelIndicatorCategory_COMMAND_AND_CONTROL,
+  ThreatIntelIndicatorCategory_DROP_SITE,
+  ThreatIntelIndicatorCategory_EXPLOIT_SITE,
+  ThreatIntelIndicatorCategory_KEYLOGGER,
+  ThreatIntelIndicatorCategory'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/ThreatIntelIndicatorType.hs b/gen/Amazonka/SecurityHub/Types/ThreatIntelIndicatorType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/ThreatIntelIndicatorType.hs
@@ -0,0 +1,116 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.ThreatIntelIndicatorType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.ThreatIntelIndicatorType
+  ( ThreatIntelIndicatorType
+      ( ..,
+        ThreatIntelIndicatorType_DOMAIN,
+        ThreatIntelIndicatorType_EMAIL_ADDRESS,
+        ThreatIntelIndicatorType_HASH_MD5,
+        ThreatIntelIndicatorType_HASH_SHA1,
+        ThreatIntelIndicatorType_HASH_SHA256,
+        ThreatIntelIndicatorType_HASH_SHA512,
+        ThreatIntelIndicatorType_IPV4_ADDRESS,
+        ThreatIntelIndicatorType_IPV6_ADDRESS,
+        ThreatIntelIndicatorType_MUTEX,
+        ThreatIntelIndicatorType_PROCESS,
+        ThreatIntelIndicatorType_URL
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ThreatIntelIndicatorType = ThreatIntelIndicatorType'
+  { fromThreatIntelIndicatorType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ThreatIntelIndicatorType_DOMAIN :: ThreatIntelIndicatorType
+pattern ThreatIntelIndicatorType_DOMAIN = ThreatIntelIndicatorType' "DOMAIN"
+
+pattern ThreatIntelIndicatorType_EMAIL_ADDRESS :: ThreatIntelIndicatorType
+pattern ThreatIntelIndicatorType_EMAIL_ADDRESS = ThreatIntelIndicatorType' "EMAIL_ADDRESS"
+
+pattern ThreatIntelIndicatorType_HASH_MD5 :: ThreatIntelIndicatorType
+pattern ThreatIntelIndicatorType_HASH_MD5 = ThreatIntelIndicatorType' "HASH_MD5"
+
+pattern ThreatIntelIndicatorType_HASH_SHA1 :: ThreatIntelIndicatorType
+pattern ThreatIntelIndicatorType_HASH_SHA1 = ThreatIntelIndicatorType' "HASH_SHA1"
+
+pattern ThreatIntelIndicatorType_HASH_SHA256 :: ThreatIntelIndicatorType
+pattern ThreatIntelIndicatorType_HASH_SHA256 = ThreatIntelIndicatorType' "HASH_SHA256"
+
+pattern ThreatIntelIndicatorType_HASH_SHA512 :: ThreatIntelIndicatorType
+pattern ThreatIntelIndicatorType_HASH_SHA512 = ThreatIntelIndicatorType' "HASH_SHA512"
+
+pattern ThreatIntelIndicatorType_IPV4_ADDRESS :: ThreatIntelIndicatorType
+pattern ThreatIntelIndicatorType_IPV4_ADDRESS = ThreatIntelIndicatorType' "IPV4_ADDRESS"
+
+pattern ThreatIntelIndicatorType_IPV6_ADDRESS :: ThreatIntelIndicatorType
+pattern ThreatIntelIndicatorType_IPV6_ADDRESS = ThreatIntelIndicatorType' "IPV6_ADDRESS"
+
+pattern ThreatIntelIndicatorType_MUTEX :: ThreatIntelIndicatorType
+pattern ThreatIntelIndicatorType_MUTEX = ThreatIntelIndicatorType' "MUTEX"
+
+pattern ThreatIntelIndicatorType_PROCESS :: ThreatIntelIndicatorType
+pattern ThreatIntelIndicatorType_PROCESS = ThreatIntelIndicatorType' "PROCESS"
+
+pattern ThreatIntelIndicatorType_URL :: ThreatIntelIndicatorType
+pattern ThreatIntelIndicatorType_URL = ThreatIntelIndicatorType' "URL"
+
+{-# COMPLETE
+  ThreatIntelIndicatorType_DOMAIN,
+  ThreatIntelIndicatorType_EMAIL_ADDRESS,
+  ThreatIntelIndicatorType_HASH_MD5,
+  ThreatIntelIndicatorType_HASH_SHA1,
+  ThreatIntelIndicatorType_HASH_SHA256,
+  ThreatIntelIndicatorType_HASH_SHA512,
+  ThreatIntelIndicatorType_IPV4_ADDRESS,
+  ThreatIntelIndicatorType_IPV6_ADDRESS,
+  ThreatIntelIndicatorType_MUTEX,
+  ThreatIntelIndicatorType_PROCESS,
+  ThreatIntelIndicatorType_URL,
+  ThreatIntelIndicatorType'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/VerificationState.hs b/gen/Amazonka/SecurityHub/Types/VerificationState.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/VerificationState.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.VerificationState
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.VerificationState
+  ( VerificationState
+      ( ..,
+        VerificationState_BENIGN_POSITIVE,
+        VerificationState_FALSE_POSITIVE,
+        VerificationState_TRUE_POSITIVE,
+        VerificationState_UNKNOWN
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype VerificationState = VerificationState'
+  { fromVerificationState ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern VerificationState_BENIGN_POSITIVE :: VerificationState
+pattern VerificationState_BENIGN_POSITIVE = VerificationState' "BENIGN_POSITIVE"
+
+pattern VerificationState_FALSE_POSITIVE :: VerificationState
+pattern VerificationState_FALSE_POSITIVE = VerificationState' "FALSE_POSITIVE"
+
+pattern VerificationState_TRUE_POSITIVE :: VerificationState
+pattern VerificationState_TRUE_POSITIVE = VerificationState' "TRUE_POSITIVE"
+
+pattern VerificationState_UNKNOWN :: VerificationState
+pattern VerificationState_UNKNOWN = VerificationState' "UNKNOWN"
+
+{-# COMPLETE
+  VerificationState_BENIGN_POSITIVE,
+  VerificationState_FALSE_POSITIVE,
+  VerificationState_TRUE_POSITIVE,
+  VerificationState_UNKNOWN,
+  VerificationState'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/VolumeMount.hs b/gen/Amazonka/SecurityHub/Types/VolumeMount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/VolumeMount.hs
@@ -0,0 +1,93 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.VolumeMount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.VolumeMount where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes the mounting of a volume in a container.
+--
+-- /See:/ 'newVolumeMount' smart constructor.
+data VolumeMount = VolumeMount'
+  { -- | The path in the container at which the volume should be mounted.
+    mountPath :: Prelude.Maybe Prelude.Text,
+    -- | The name of the volume.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'VolumeMount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'mountPath', 'volumeMount_mountPath' - The path in the container at which the volume should be mounted.
+--
+-- 'name', 'volumeMount_name' - The name of the volume.
+newVolumeMount ::
+  VolumeMount
+newVolumeMount =
+  VolumeMount'
+    { mountPath = Prelude.Nothing,
+      name = Prelude.Nothing
+    }
+
+-- | The path in the container at which the volume should be mounted.
+volumeMount_mountPath :: Lens.Lens' VolumeMount (Prelude.Maybe Prelude.Text)
+volumeMount_mountPath = Lens.lens (\VolumeMount' {mountPath} -> mountPath) (\s@VolumeMount' {} a -> s {mountPath = a} :: VolumeMount)
+
+-- | The name of the volume.
+volumeMount_name :: Lens.Lens' VolumeMount (Prelude.Maybe Prelude.Text)
+volumeMount_name = Lens.lens (\VolumeMount' {name} -> name) (\s@VolumeMount' {} a -> s {name = a} :: VolumeMount)
+
+instance Data.FromJSON VolumeMount where
+  parseJSON =
+    Data.withObject
+      "VolumeMount"
+      ( \x ->
+          VolumeMount'
+            Prelude.<$> (x Data..:? "MountPath")
+            Prelude.<*> (x Data..:? "Name")
+      )
+
+instance Prelude.Hashable VolumeMount where
+  hashWithSalt _salt VolumeMount' {..} =
+    _salt
+      `Prelude.hashWithSalt` mountPath
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData VolumeMount where
+  rnf VolumeMount' {..} =
+    Prelude.rnf mountPath
+      `Prelude.seq` Prelude.rnf name
+
+instance Data.ToJSON VolumeMount where
+  toJSON VolumeMount' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MountPath" Data..=) Prelude.<$> mountPath,
+            ("Name" Data..=) Prelude.<$> name
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/VpcInfoCidrBlockSetDetails.hs b/gen/Amazonka/SecurityHub/Types/VpcInfoCidrBlockSetDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/VpcInfoCidrBlockSetDetails.hs
@@ -0,0 +1,79 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.VpcInfoCidrBlockSetDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.VpcInfoCidrBlockSetDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about the IPv4 CIDR blocks for the VPC.
+--
+-- /See:/ 'newVpcInfoCidrBlockSetDetails' smart constructor.
+data VpcInfoCidrBlockSetDetails = VpcInfoCidrBlockSetDetails'
+  { -- | The IPv4 CIDR block for the VPC.
+    cidrBlock :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'VpcInfoCidrBlockSetDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cidrBlock', 'vpcInfoCidrBlockSetDetails_cidrBlock' - The IPv4 CIDR block for the VPC.
+newVpcInfoCidrBlockSetDetails ::
+  VpcInfoCidrBlockSetDetails
+newVpcInfoCidrBlockSetDetails =
+  VpcInfoCidrBlockSetDetails'
+    { cidrBlock =
+        Prelude.Nothing
+    }
+
+-- | The IPv4 CIDR block for the VPC.
+vpcInfoCidrBlockSetDetails_cidrBlock :: Lens.Lens' VpcInfoCidrBlockSetDetails (Prelude.Maybe Prelude.Text)
+vpcInfoCidrBlockSetDetails_cidrBlock = Lens.lens (\VpcInfoCidrBlockSetDetails' {cidrBlock} -> cidrBlock) (\s@VpcInfoCidrBlockSetDetails' {} a -> s {cidrBlock = a} :: VpcInfoCidrBlockSetDetails)
+
+instance Data.FromJSON VpcInfoCidrBlockSetDetails where
+  parseJSON =
+    Data.withObject
+      "VpcInfoCidrBlockSetDetails"
+      ( \x ->
+          VpcInfoCidrBlockSetDetails'
+            Prelude.<$> (x Data..:? "CidrBlock")
+      )
+
+instance Prelude.Hashable VpcInfoCidrBlockSetDetails where
+  hashWithSalt _salt VpcInfoCidrBlockSetDetails' {..} =
+    _salt `Prelude.hashWithSalt` cidrBlock
+
+instance Prelude.NFData VpcInfoCidrBlockSetDetails where
+  rnf VpcInfoCidrBlockSetDetails' {..} =
+    Prelude.rnf cidrBlock
+
+instance Data.ToJSON VpcInfoCidrBlockSetDetails where
+  toJSON VpcInfoCidrBlockSetDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("CidrBlock" Data..=) Prelude.<$> cidrBlock]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/VpcInfoIpv6CidrBlockSetDetails.hs b/gen/Amazonka/SecurityHub/Types/VpcInfoIpv6CidrBlockSetDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/VpcInfoIpv6CidrBlockSetDetails.hs
@@ -0,0 +1,89 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.VpcInfoIpv6CidrBlockSetDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.VpcInfoIpv6CidrBlockSetDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about the IPv6 CIDR blocks for the VPC.
+--
+-- /See:/ 'newVpcInfoIpv6CidrBlockSetDetails' smart constructor.
+data VpcInfoIpv6CidrBlockSetDetails = VpcInfoIpv6CidrBlockSetDetails'
+  { -- | The IPv6 CIDR block for the VPC.
+    ipv6CidrBlock :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'VpcInfoIpv6CidrBlockSetDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ipv6CidrBlock', 'vpcInfoIpv6CidrBlockSetDetails_ipv6CidrBlock' - The IPv6 CIDR block for the VPC.
+newVpcInfoIpv6CidrBlockSetDetails ::
+  VpcInfoIpv6CidrBlockSetDetails
+newVpcInfoIpv6CidrBlockSetDetails =
+  VpcInfoIpv6CidrBlockSetDetails'
+    { ipv6CidrBlock =
+        Prelude.Nothing
+    }
+
+-- | The IPv6 CIDR block for the VPC.
+vpcInfoIpv6CidrBlockSetDetails_ipv6CidrBlock :: Lens.Lens' VpcInfoIpv6CidrBlockSetDetails (Prelude.Maybe Prelude.Text)
+vpcInfoIpv6CidrBlockSetDetails_ipv6CidrBlock = Lens.lens (\VpcInfoIpv6CidrBlockSetDetails' {ipv6CidrBlock} -> ipv6CidrBlock) (\s@VpcInfoIpv6CidrBlockSetDetails' {} a -> s {ipv6CidrBlock = a} :: VpcInfoIpv6CidrBlockSetDetails)
+
+instance Data.FromJSON VpcInfoIpv6CidrBlockSetDetails where
+  parseJSON =
+    Data.withObject
+      "VpcInfoIpv6CidrBlockSetDetails"
+      ( \x ->
+          VpcInfoIpv6CidrBlockSetDetails'
+            Prelude.<$> (x Data..:? "Ipv6CidrBlock")
+      )
+
+instance
+  Prelude.Hashable
+    VpcInfoIpv6CidrBlockSetDetails
+  where
+  hashWithSalt
+    _salt
+    VpcInfoIpv6CidrBlockSetDetails' {..} =
+      _salt `Prelude.hashWithSalt` ipv6CidrBlock
+
+instance
+  Prelude.NFData
+    VpcInfoIpv6CidrBlockSetDetails
+  where
+  rnf VpcInfoIpv6CidrBlockSetDetails' {..} =
+    Prelude.rnf ipv6CidrBlock
+
+instance Data.ToJSON VpcInfoIpv6CidrBlockSetDetails where
+  toJSON VpcInfoIpv6CidrBlockSetDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Ipv6CidrBlock" Data..=)
+              Prelude.<$> ipv6CidrBlock
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/VpcInfoPeeringOptionsDetails.hs b/gen/Amazonka/SecurityHub/Types/VpcInfoPeeringOptionsDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/VpcInfoPeeringOptionsDetails.hs
@@ -0,0 +1,135 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.VpcInfoPeeringOptionsDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.VpcInfoPeeringOptionsDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about the VPC peering connection options for the
+-- accepter or requester VPC.
+--
+-- /See:/ 'newVpcInfoPeeringOptionsDetails' smart constructor.
+data VpcInfoPeeringOptionsDetails = VpcInfoPeeringOptionsDetails'
+  { -- | Indicates whether a local VPC can resolve public DNS hostnames to
+    -- private IP addresses when queried from instances in a peer VPC.
+    allowDnsResolutionFromRemoteVpc :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates whether a local ClassicLink connection can communicate with
+    -- the peer VPC over the VPC peering connection.
+    allowEgressFromLocalClassicLinkToRemoteVpc :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates whether a local VPC can communicate with a ClassicLink
+    -- connection in the peer VPC over the VPC peering connection.
+    allowEgressFromLocalVpcToRemoteClassicLink :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'VpcInfoPeeringOptionsDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allowDnsResolutionFromRemoteVpc', 'vpcInfoPeeringOptionsDetails_allowDnsResolutionFromRemoteVpc' - Indicates whether a local VPC can resolve public DNS hostnames to
+-- private IP addresses when queried from instances in a peer VPC.
+--
+-- 'allowEgressFromLocalClassicLinkToRemoteVpc', 'vpcInfoPeeringOptionsDetails_allowEgressFromLocalClassicLinkToRemoteVpc' - Indicates whether a local ClassicLink connection can communicate with
+-- the peer VPC over the VPC peering connection.
+--
+-- 'allowEgressFromLocalVpcToRemoteClassicLink', 'vpcInfoPeeringOptionsDetails_allowEgressFromLocalVpcToRemoteClassicLink' - Indicates whether a local VPC can communicate with a ClassicLink
+-- connection in the peer VPC over the VPC peering connection.
+newVpcInfoPeeringOptionsDetails ::
+  VpcInfoPeeringOptionsDetails
+newVpcInfoPeeringOptionsDetails =
+  VpcInfoPeeringOptionsDetails'
+    { allowDnsResolutionFromRemoteVpc =
+        Prelude.Nothing,
+      allowEgressFromLocalClassicLinkToRemoteVpc =
+        Prelude.Nothing,
+      allowEgressFromLocalVpcToRemoteClassicLink =
+        Prelude.Nothing
+    }
+
+-- | Indicates whether a local VPC can resolve public DNS hostnames to
+-- private IP addresses when queried from instances in a peer VPC.
+vpcInfoPeeringOptionsDetails_allowDnsResolutionFromRemoteVpc :: Lens.Lens' VpcInfoPeeringOptionsDetails (Prelude.Maybe Prelude.Bool)
+vpcInfoPeeringOptionsDetails_allowDnsResolutionFromRemoteVpc = Lens.lens (\VpcInfoPeeringOptionsDetails' {allowDnsResolutionFromRemoteVpc} -> allowDnsResolutionFromRemoteVpc) (\s@VpcInfoPeeringOptionsDetails' {} a -> s {allowDnsResolutionFromRemoteVpc = a} :: VpcInfoPeeringOptionsDetails)
+
+-- | Indicates whether a local ClassicLink connection can communicate with
+-- the peer VPC over the VPC peering connection.
+vpcInfoPeeringOptionsDetails_allowEgressFromLocalClassicLinkToRemoteVpc :: Lens.Lens' VpcInfoPeeringOptionsDetails (Prelude.Maybe Prelude.Bool)
+vpcInfoPeeringOptionsDetails_allowEgressFromLocalClassicLinkToRemoteVpc = Lens.lens (\VpcInfoPeeringOptionsDetails' {allowEgressFromLocalClassicLinkToRemoteVpc} -> allowEgressFromLocalClassicLinkToRemoteVpc) (\s@VpcInfoPeeringOptionsDetails' {} a -> s {allowEgressFromLocalClassicLinkToRemoteVpc = a} :: VpcInfoPeeringOptionsDetails)
+
+-- | Indicates whether a local VPC can communicate with a ClassicLink
+-- connection in the peer VPC over the VPC peering connection.
+vpcInfoPeeringOptionsDetails_allowEgressFromLocalVpcToRemoteClassicLink :: Lens.Lens' VpcInfoPeeringOptionsDetails (Prelude.Maybe Prelude.Bool)
+vpcInfoPeeringOptionsDetails_allowEgressFromLocalVpcToRemoteClassicLink = Lens.lens (\VpcInfoPeeringOptionsDetails' {allowEgressFromLocalVpcToRemoteClassicLink} -> allowEgressFromLocalVpcToRemoteClassicLink) (\s@VpcInfoPeeringOptionsDetails' {} a -> s {allowEgressFromLocalVpcToRemoteClassicLink = a} :: VpcInfoPeeringOptionsDetails)
+
+instance Data.FromJSON VpcInfoPeeringOptionsDetails where
+  parseJSON =
+    Data.withObject
+      "VpcInfoPeeringOptionsDetails"
+      ( \x ->
+          VpcInfoPeeringOptionsDetails'
+            Prelude.<$> (x Data..:? "AllowDnsResolutionFromRemoteVpc")
+            Prelude.<*> ( x
+                            Data..:? "AllowEgressFromLocalClassicLinkToRemoteVpc"
+                        )
+            Prelude.<*> ( x
+                            Data..:? "AllowEgressFromLocalVpcToRemoteClassicLink"
+                        )
+      )
+
+instance
+  Prelude.Hashable
+    VpcInfoPeeringOptionsDetails
+  where
+  hashWithSalt _salt VpcInfoPeeringOptionsDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` allowDnsResolutionFromRemoteVpc
+      `Prelude.hashWithSalt` allowEgressFromLocalClassicLinkToRemoteVpc
+      `Prelude.hashWithSalt` allowEgressFromLocalVpcToRemoteClassicLink
+
+instance Prelude.NFData VpcInfoPeeringOptionsDetails where
+  rnf VpcInfoPeeringOptionsDetails' {..} =
+    Prelude.rnf allowDnsResolutionFromRemoteVpc
+      `Prelude.seq` Prelude.rnf
+        allowEgressFromLocalClassicLinkToRemoteVpc
+      `Prelude.seq` Prelude.rnf
+        allowEgressFromLocalVpcToRemoteClassicLink
+
+instance Data.ToJSON VpcInfoPeeringOptionsDetails where
+  toJSON VpcInfoPeeringOptionsDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AllowDnsResolutionFromRemoteVpc" Data..=)
+              Prelude.<$> allowDnsResolutionFromRemoteVpc,
+            ( "AllowEgressFromLocalClassicLinkToRemoteVpc"
+                Data..=
+            )
+              Prelude.<$> allowEgressFromLocalClassicLinkToRemoteVpc,
+            ( "AllowEgressFromLocalVpcToRemoteClassicLink"
+                Data..=
+            )
+              Prelude.<$> allowEgressFromLocalVpcToRemoteClassicLink
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Vulnerability.hs b/gen/Amazonka/SecurityHub/Types/Vulnerability.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Vulnerability.hs
@@ -0,0 +1,211 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Vulnerability
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Vulnerability where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.Cvss
+import Amazonka.SecurityHub.Types.SoftwarePackage
+import Amazonka.SecurityHub.Types.VulnerabilityFixAvailable
+import Amazonka.SecurityHub.Types.VulnerabilityVendor
+
+-- | A vulnerability associated with a finding.
+--
+-- /See:/ 'newVulnerability' smart constructor.
+data Vulnerability = Vulnerability'
+  { -- | CVSS scores from the advisory related to the vulnerability.
+    cvss :: Prelude.Maybe [Cvss],
+    -- | Specifies if all vulnerable packages in a finding have a value for
+    -- @FixedInVersion@ and @Remediation@. This field is evaluated for each
+    -- vulnerability @Id@ based on the number of vulnerable packages that have
+    -- a value for both @FixedInVersion@ and @Remediation@. Valid values are as
+    -- follows:
+    --
+    -- -   @YES@ if all vulnerable packages have a value for both
+    --     @FixedInVersion@ and @Remediation@
+    --
+    -- -   @NO@ if no vulnerable packages have a value for @FixedInVersion@ and
+    --     @Remediation@
+    --
+    -- -   @PARTIAL@ otherwise
+    fixAvailable :: Prelude.Maybe VulnerabilityFixAvailable,
+    -- | A list of URLs that provide additional information about the
+    -- vulnerability.
+    referenceUrls :: Prelude.Maybe [Prelude.Text],
+    -- | List of vulnerabilities that are related to this vulnerability.
+    relatedVulnerabilities :: Prelude.Maybe [Prelude.Text],
+    -- | Information about the vendor that generates the vulnerability report.
+    vendor :: Prelude.Maybe VulnerabilityVendor,
+    -- | List of software packages that have the vulnerability.
+    vulnerablePackages :: Prelude.Maybe [SoftwarePackage],
+    -- | The identifier of the vulnerability.
+    id :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Vulnerability' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cvss', 'vulnerability_cvss' - CVSS scores from the advisory related to the vulnerability.
+--
+-- 'fixAvailable', 'vulnerability_fixAvailable' - Specifies if all vulnerable packages in a finding have a value for
+-- @FixedInVersion@ and @Remediation@. This field is evaluated for each
+-- vulnerability @Id@ based on the number of vulnerable packages that have
+-- a value for both @FixedInVersion@ and @Remediation@. Valid values are as
+-- follows:
+--
+-- -   @YES@ if all vulnerable packages have a value for both
+--     @FixedInVersion@ and @Remediation@
+--
+-- -   @NO@ if no vulnerable packages have a value for @FixedInVersion@ and
+--     @Remediation@
+--
+-- -   @PARTIAL@ otherwise
+--
+-- 'referenceUrls', 'vulnerability_referenceUrls' - A list of URLs that provide additional information about the
+-- vulnerability.
+--
+-- 'relatedVulnerabilities', 'vulnerability_relatedVulnerabilities' - List of vulnerabilities that are related to this vulnerability.
+--
+-- 'vendor', 'vulnerability_vendor' - Information about the vendor that generates the vulnerability report.
+--
+-- 'vulnerablePackages', 'vulnerability_vulnerablePackages' - List of software packages that have the vulnerability.
+--
+-- 'id', 'vulnerability_id' - The identifier of the vulnerability.
+newVulnerability ::
+  -- | 'id'
+  Prelude.Text ->
+  Vulnerability
+newVulnerability pId_ =
+  Vulnerability'
+    { cvss = Prelude.Nothing,
+      fixAvailable = Prelude.Nothing,
+      referenceUrls = Prelude.Nothing,
+      relatedVulnerabilities = Prelude.Nothing,
+      vendor = Prelude.Nothing,
+      vulnerablePackages = Prelude.Nothing,
+      id = pId_
+    }
+
+-- | CVSS scores from the advisory related to the vulnerability.
+vulnerability_cvss :: Lens.Lens' Vulnerability (Prelude.Maybe [Cvss])
+vulnerability_cvss = Lens.lens (\Vulnerability' {cvss} -> cvss) (\s@Vulnerability' {} a -> s {cvss = a} :: Vulnerability) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies if all vulnerable packages in a finding have a value for
+-- @FixedInVersion@ and @Remediation@. This field is evaluated for each
+-- vulnerability @Id@ based on the number of vulnerable packages that have
+-- a value for both @FixedInVersion@ and @Remediation@. Valid values are as
+-- follows:
+--
+-- -   @YES@ if all vulnerable packages have a value for both
+--     @FixedInVersion@ and @Remediation@
+--
+-- -   @NO@ if no vulnerable packages have a value for @FixedInVersion@ and
+--     @Remediation@
+--
+-- -   @PARTIAL@ otherwise
+vulnerability_fixAvailable :: Lens.Lens' Vulnerability (Prelude.Maybe VulnerabilityFixAvailable)
+vulnerability_fixAvailable = Lens.lens (\Vulnerability' {fixAvailable} -> fixAvailable) (\s@Vulnerability' {} a -> s {fixAvailable = a} :: Vulnerability)
+
+-- | A list of URLs that provide additional information about the
+-- vulnerability.
+vulnerability_referenceUrls :: Lens.Lens' Vulnerability (Prelude.Maybe [Prelude.Text])
+vulnerability_referenceUrls = Lens.lens (\Vulnerability' {referenceUrls} -> referenceUrls) (\s@Vulnerability' {} a -> s {referenceUrls = a} :: Vulnerability) Prelude.. Lens.mapping Lens.coerced
+
+-- | List of vulnerabilities that are related to this vulnerability.
+vulnerability_relatedVulnerabilities :: Lens.Lens' Vulnerability (Prelude.Maybe [Prelude.Text])
+vulnerability_relatedVulnerabilities = Lens.lens (\Vulnerability' {relatedVulnerabilities} -> relatedVulnerabilities) (\s@Vulnerability' {} a -> s {relatedVulnerabilities = a} :: Vulnerability) Prelude.. Lens.mapping Lens.coerced
+
+-- | Information about the vendor that generates the vulnerability report.
+vulnerability_vendor :: Lens.Lens' Vulnerability (Prelude.Maybe VulnerabilityVendor)
+vulnerability_vendor = Lens.lens (\Vulnerability' {vendor} -> vendor) (\s@Vulnerability' {} a -> s {vendor = a} :: Vulnerability)
+
+-- | List of software packages that have the vulnerability.
+vulnerability_vulnerablePackages :: Lens.Lens' Vulnerability (Prelude.Maybe [SoftwarePackage])
+vulnerability_vulnerablePackages = Lens.lens (\Vulnerability' {vulnerablePackages} -> vulnerablePackages) (\s@Vulnerability' {} a -> s {vulnerablePackages = a} :: Vulnerability) Prelude.. Lens.mapping Lens.coerced
+
+-- | The identifier of the vulnerability.
+vulnerability_id :: Lens.Lens' Vulnerability Prelude.Text
+vulnerability_id = Lens.lens (\Vulnerability' {id} -> id) (\s@Vulnerability' {} a -> s {id = a} :: Vulnerability)
+
+instance Data.FromJSON Vulnerability where
+  parseJSON =
+    Data.withObject
+      "Vulnerability"
+      ( \x ->
+          Vulnerability'
+            Prelude.<$> (x Data..:? "Cvss" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "FixAvailable")
+            Prelude.<*> (x Data..:? "ReferenceUrls" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "RelatedVulnerabilities"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Vendor")
+            Prelude.<*> ( x
+                            Data..:? "VulnerablePackages"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..: "Id")
+      )
+
+instance Prelude.Hashable Vulnerability where
+  hashWithSalt _salt Vulnerability' {..} =
+    _salt
+      `Prelude.hashWithSalt` cvss
+      `Prelude.hashWithSalt` fixAvailable
+      `Prelude.hashWithSalt` referenceUrls
+      `Prelude.hashWithSalt` relatedVulnerabilities
+      `Prelude.hashWithSalt` vendor
+      `Prelude.hashWithSalt` vulnerablePackages
+      `Prelude.hashWithSalt` id
+
+instance Prelude.NFData Vulnerability where
+  rnf Vulnerability' {..} =
+    Prelude.rnf cvss
+      `Prelude.seq` Prelude.rnf fixAvailable
+      `Prelude.seq` Prelude.rnf referenceUrls
+      `Prelude.seq` Prelude.rnf relatedVulnerabilities
+      `Prelude.seq` Prelude.rnf vendor
+      `Prelude.seq` Prelude.rnf vulnerablePackages
+      `Prelude.seq` Prelude.rnf id
+
+instance Data.ToJSON Vulnerability where
+  toJSON Vulnerability' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Cvss" Data..=) Prelude.<$> cvss,
+            ("FixAvailable" Data..=) Prelude.<$> fixAvailable,
+            ("ReferenceUrls" Data..=) Prelude.<$> referenceUrls,
+            ("RelatedVulnerabilities" Data..=)
+              Prelude.<$> relatedVulnerabilities,
+            ("Vendor" Data..=) Prelude.<$> vendor,
+            ("VulnerablePackages" Data..=)
+              Prelude.<$> vulnerablePackages,
+            Prelude.Just ("Id" Data..= id)
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/VulnerabilityFixAvailable.hs b/gen/Amazonka/SecurityHub/Types/VulnerabilityFixAvailable.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/VulnerabilityFixAvailable.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.VulnerabilityFixAvailable
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.VulnerabilityFixAvailable
+  ( VulnerabilityFixAvailable
+      ( ..,
+        VulnerabilityFixAvailable_NO,
+        VulnerabilityFixAvailable_PARTIAL,
+        VulnerabilityFixAvailable_YES
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype VulnerabilityFixAvailable = VulnerabilityFixAvailable'
+  { fromVulnerabilityFixAvailable ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern VulnerabilityFixAvailable_NO :: VulnerabilityFixAvailable
+pattern VulnerabilityFixAvailable_NO = VulnerabilityFixAvailable' "NO"
+
+pattern VulnerabilityFixAvailable_PARTIAL :: VulnerabilityFixAvailable
+pattern VulnerabilityFixAvailable_PARTIAL = VulnerabilityFixAvailable' "PARTIAL"
+
+pattern VulnerabilityFixAvailable_YES :: VulnerabilityFixAvailable
+pattern VulnerabilityFixAvailable_YES = VulnerabilityFixAvailable' "YES"
+
+{-# COMPLETE
+  VulnerabilityFixAvailable_NO,
+  VulnerabilityFixAvailable_PARTIAL,
+  VulnerabilityFixAvailable_YES,
+  VulnerabilityFixAvailable'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/VulnerabilityVendor.hs b/gen/Amazonka/SecurityHub/Types/VulnerabilityVendor.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/VulnerabilityVendor.hs
@@ -0,0 +1,167 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.VulnerabilityVendor
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.VulnerabilityVendor where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A vendor that generates a vulnerability report.
+--
+-- /See:/ 'newVulnerabilityVendor' smart constructor.
+data VulnerabilityVendor = VulnerabilityVendor'
+  { -- | The URL of the vulnerability advisory.
+    url :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the vulnerability advisory was created.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    vendorCreatedAt :: Prelude.Maybe Prelude.Text,
+    -- | The severity that the vendor assigned to the vulnerability.
+    vendorSeverity :: Prelude.Maybe Prelude.Text,
+    -- | Indicates when the vulnerability advisory was last updated.
+    --
+    -- Uses the @date-time@ format specified in
+    -- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+    -- The value cannot contain spaces. For example,
+    -- @2020-03-22T13:22:13.933Z@.
+    vendorUpdatedAt :: Prelude.Maybe Prelude.Text,
+    -- | The name of the vendor.
+    name :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'VulnerabilityVendor' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'url', 'vulnerabilityVendor_url' - The URL of the vulnerability advisory.
+--
+-- 'vendorCreatedAt', 'vulnerabilityVendor_vendorCreatedAt' - Indicates when the vulnerability advisory was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'vendorSeverity', 'vulnerabilityVendor_vendorSeverity' - The severity that the vendor assigned to the vulnerability.
+--
+-- 'vendorUpdatedAt', 'vulnerabilityVendor_vendorUpdatedAt' - Indicates when the vulnerability advisory was last updated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+--
+-- 'name', 'vulnerabilityVendor_name' - The name of the vendor.
+newVulnerabilityVendor ::
+  -- | 'name'
+  Prelude.Text ->
+  VulnerabilityVendor
+newVulnerabilityVendor pName_ =
+  VulnerabilityVendor'
+    { url = Prelude.Nothing,
+      vendorCreatedAt = Prelude.Nothing,
+      vendorSeverity = Prelude.Nothing,
+      vendorUpdatedAt = Prelude.Nothing,
+      name = pName_
+    }
+
+-- | The URL of the vulnerability advisory.
+vulnerabilityVendor_url :: Lens.Lens' VulnerabilityVendor (Prelude.Maybe Prelude.Text)
+vulnerabilityVendor_url = Lens.lens (\VulnerabilityVendor' {url} -> url) (\s@VulnerabilityVendor' {} a -> s {url = a} :: VulnerabilityVendor)
+
+-- | Indicates when the vulnerability advisory was created.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+vulnerabilityVendor_vendorCreatedAt :: Lens.Lens' VulnerabilityVendor (Prelude.Maybe Prelude.Text)
+vulnerabilityVendor_vendorCreatedAt = Lens.lens (\VulnerabilityVendor' {vendorCreatedAt} -> vendorCreatedAt) (\s@VulnerabilityVendor' {} a -> s {vendorCreatedAt = a} :: VulnerabilityVendor)
+
+-- | The severity that the vendor assigned to the vulnerability.
+vulnerabilityVendor_vendorSeverity :: Lens.Lens' VulnerabilityVendor (Prelude.Maybe Prelude.Text)
+vulnerabilityVendor_vendorSeverity = Lens.lens (\VulnerabilityVendor' {vendorSeverity} -> vendorSeverity) (\s@VulnerabilityVendor' {} a -> s {vendorSeverity = a} :: VulnerabilityVendor)
+
+-- | Indicates when the vulnerability advisory was last updated.
+--
+-- Uses the @date-time@ format specified in
+-- <https://tools.ietf.org/html/rfc3339#section-5.6 RFC 3339 section 5.6, Internet Date\/Time Format>.
+-- The value cannot contain spaces. For example,
+-- @2020-03-22T13:22:13.933Z@.
+vulnerabilityVendor_vendorUpdatedAt :: Lens.Lens' VulnerabilityVendor (Prelude.Maybe Prelude.Text)
+vulnerabilityVendor_vendorUpdatedAt = Lens.lens (\VulnerabilityVendor' {vendorUpdatedAt} -> vendorUpdatedAt) (\s@VulnerabilityVendor' {} a -> s {vendorUpdatedAt = a} :: VulnerabilityVendor)
+
+-- | The name of the vendor.
+vulnerabilityVendor_name :: Lens.Lens' VulnerabilityVendor Prelude.Text
+vulnerabilityVendor_name = Lens.lens (\VulnerabilityVendor' {name} -> name) (\s@VulnerabilityVendor' {} a -> s {name = a} :: VulnerabilityVendor)
+
+instance Data.FromJSON VulnerabilityVendor where
+  parseJSON =
+    Data.withObject
+      "VulnerabilityVendor"
+      ( \x ->
+          VulnerabilityVendor'
+            Prelude.<$> (x Data..:? "Url")
+            Prelude.<*> (x Data..:? "VendorCreatedAt")
+            Prelude.<*> (x Data..:? "VendorSeverity")
+            Prelude.<*> (x Data..:? "VendorUpdatedAt")
+            Prelude.<*> (x Data..: "Name")
+      )
+
+instance Prelude.Hashable VulnerabilityVendor where
+  hashWithSalt _salt VulnerabilityVendor' {..} =
+    _salt
+      `Prelude.hashWithSalt` url
+      `Prelude.hashWithSalt` vendorCreatedAt
+      `Prelude.hashWithSalt` vendorSeverity
+      `Prelude.hashWithSalt` vendorUpdatedAt
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData VulnerabilityVendor where
+  rnf VulnerabilityVendor' {..} =
+    Prelude.rnf url
+      `Prelude.seq` Prelude.rnf vendorCreatedAt
+      `Prelude.seq` Prelude.rnf vendorSeverity
+      `Prelude.seq` Prelude.rnf vendorUpdatedAt
+      `Prelude.seq` Prelude.rnf name
+
+instance Data.ToJSON VulnerabilityVendor where
+  toJSON VulnerabilityVendor' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Url" Data..=) Prelude.<$> url,
+            ("VendorCreatedAt" Data..=)
+              Prelude.<$> vendorCreatedAt,
+            ("VendorSeverity" Data..=)
+              Prelude.<$> vendorSeverity,
+            ("VendorUpdatedAt" Data..=)
+              Prelude.<$> vendorUpdatedAt,
+            Prelude.Just ("Name" Data..= name)
+          ]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/WafAction.hs b/gen/Amazonka/SecurityHub/Types/WafAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/WafAction.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.WafAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.WafAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about the action that CloudFront or WAF takes when a web request
+-- matches the conditions in the rule.
+--
+-- /See:/ 'newWafAction' smart constructor.
+data WafAction = WafAction'
+  { -- | Specifies how you want WAF to respond to requests that match the
+    -- settings in a rule.
+    --
+    -- Valid settings include the following:
+    --
+    -- -   @ALLOW@ - WAF allows requests
+    --
+    -- -   @BLOCK@ - WAF blocks requests
+    --
+    -- -   @COUNT@ - WAF increments a counter of the requests that match all of
+    --     the conditions in the rule. WAF then continues to inspect the web
+    --     request based on the remaining rules in the web ACL. You can\'t
+    --     specify @COUNT@ for the default action for a web ACL.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'WafAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'type'', 'wafAction_type' - Specifies how you want WAF to respond to requests that match the
+-- settings in a rule.
+--
+-- Valid settings include the following:
+--
+-- -   @ALLOW@ - WAF allows requests
+--
+-- -   @BLOCK@ - WAF blocks requests
+--
+-- -   @COUNT@ - WAF increments a counter of the requests that match all of
+--     the conditions in the rule. WAF then continues to inspect the web
+--     request based on the remaining rules in the web ACL. You can\'t
+--     specify @COUNT@ for the default action for a web ACL.
+newWafAction ::
+  WafAction
+newWafAction = WafAction' {type' = Prelude.Nothing}
+
+-- | Specifies how you want WAF to respond to requests that match the
+-- settings in a rule.
+--
+-- Valid settings include the following:
+--
+-- -   @ALLOW@ - WAF allows requests
+--
+-- -   @BLOCK@ - WAF blocks requests
+--
+-- -   @COUNT@ - WAF increments a counter of the requests that match all of
+--     the conditions in the rule. WAF then continues to inspect the web
+--     request based on the remaining rules in the web ACL. You can\'t
+--     specify @COUNT@ for the default action for a web ACL.
+wafAction_type :: Lens.Lens' WafAction (Prelude.Maybe Prelude.Text)
+wafAction_type = Lens.lens (\WafAction' {type'} -> type') (\s@WafAction' {} a -> s {type' = a} :: WafAction)
+
+instance Data.FromJSON WafAction where
+  parseJSON =
+    Data.withObject
+      "WafAction"
+      (\x -> WafAction' Prelude.<$> (x Data..:? "Type"))
+
+instance Prelude.Hashable WafAction where
+  hashWithSalt _salt WafAction' {..} =
+    _salt `Prelude.hashWithSalt` type'
+
+instance Prelude.NFData WafAction where
+  rnf WafAction' {..} = Prelude.rnf type'
+
+instance Data.ToJSON WafAction where
+  toJSON WafAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Type" Data..=) Prelude.<$> type']
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/WafExcludedRule.hs b/gen/Amazonka/SecurityHub/Types/WafExcludedRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/WafExcludedRule.hs
@@ -0,0 +1,74 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.WafExcludedRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.WafExcludedRule where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about a rule to exclude from a rule group.
+--
+-- /See:/ 'newWafExcludedRule' smart constructor.
+data WafExcludedRule = WafExcludedRule'
+  { -- | The unique identifier for the rule to exclude from the rule group.
+    ruleId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'WafExcludedRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ruleId', 'wafExcludedRule_ruleId' - The unique identifier for the rule to exclude from the rule group.
+newWafExcludedRule ::
+  WafExcludedRule
+newWafExcludedRule =
+  WafExcludedRule' {ruleId = Prelude.Nothing}
+
+-- | The unique identifier for the rule to exclude from the rule group.
+wafExcludedRule_ruleId :: Lens.Lens' WafExcludedRule (Prelude.Maybe Prelude.Text)
+wafExcludedRule_ruleId = Lens.lens (\WafExcludedRule' {ruleId} -> ruleId) (\s@WafExcludedRule' {} a -> s {ruleId = a} :: WafExcludedRule)
+
+instance Data.FromJSON WafExcludedRule where
+  parseJSON =
+    Data.withObject
+      "WafExcludedRule"
+      ( \x ->
+          WafExcludedRule' Prelude.<$> (x Data..:? "RuleId")
+      )
+
+instance Prelude.Hashable WafExcludedRule where
+  hashWithSalt _salt WafExcludedRule' {..} =
+    _salt `Prelude.hashWithSalt` ruleId
+
+instance Prelude.NFData WafExcludedRule where
+  rnf WafExcludedRule' {..} = Prelude.rnf ruleId
+
+instance Data.ToJSON WafExcludedRule where
+  toJSON WafExcludedRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("RuleId" Data..=) Prelude.<$> ruleId]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/WafOverrideAction.hs b/gen/Amazonka/SecurityHub/Types/WafOverrideAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/WafOverrideAction.hs
@@ -0,0 +1,83 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.WafOverrideAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.WafOverrideAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about an override action for a rule.
+--
+-- /See:/ 'newWafOverrideAction' smart constructor.
+data WafOverrideAction = WafOverrideAction'
+  { -- | @COUNT@ overrides the action specified by the individual rule within a
+    -- @RuleGroup@ .
+    --
+    -- If set to @NONE@, the rule\'s action takes place.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'WafOverrideAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'type'', 'wafOverrideAction_type' - @COUNT@ overrides the action specified by the individual rule within a
+-- @RuleGroup@ .
+--
+-- If set to @NONE@, the rule\'s action takes place.
+newWafOverrideAction ::
+  WafOverrideAction
+newWafOverrideAction =
+  WafOverrideAction' {type' = Prelude.Nothing}
+
+-- | @COUNT@ overrides the action specified by the individual rule within a
+-- @RuleGroup@ .
+--
+-- If set to @NONE@, the rule\'s action takes place.
+wafOverrideAction_type :: Lens.Lens' WafOverrideAction (Prelude.Maybe Prelude.Text)
+wafOverrideAction_type = Lens.lens (\WafOverrideAction' {type'} -> type') (\s@WafOverrideAction' {} a -> s {type' = a} :: WafOverrideAction)
+
+instance Data.FromJSON WafOverrideAction where
+  parseJSON =
+    Data.withObject
+      "WafOverrideAction"
+      ( \x ->
+          WafOverrideAction' Prelude.<$> (x Data..:? "Type")
+      )
+
+instance Prelude.Hashable WafOverrideAction where
+  hashWithSalt _salt WafOverrideAction' {..} =
+    _salt `Prelude.hashWithSalt` type'
+
+instance Prelude.NFData WafOverrideAction where
+  rnf WafOverrideAction' {..} = Prelude.rnf type'
+
+instance Data.ToJSON WafOverrideAction where
+  toJSON WafOverrideAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Type" Data..=) Prelude.<$> type']
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/Workflow.hs b/gen/Amazonka/SecurityHub/Types/Workflow.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/Workflow.hs
@@ -0,0 +1,148 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.Workflow
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.Workflow where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.WorkflowStatus
+
+-- | Provides information about the status of the investigation into a
+-- finding.
+--
+-- /See:/ 'newWorkflow' smart constructor.
+data Workflow = Workflow'
+  { -- | The status of the investigation into the finding. The workflow status is
+    -- specific to an individual finding. It does not affect the generation of
+    -- new findings. For example, setting the workflow status to @SUPPRESSED@
+    -- or @RESOLVED@ does not prevent a new finding for the same issue.
+    --
+    -- The allowed values are the following.
+    --
+    -- -   @NEW@ - The initial state of a finding, before it is reviewed.
+    --
+    --     Security Hub also resets the workflow status from @NOTIFIED@ or
+    --     @RESOLVED@ to @NEW@ in the following cases:
+    --
+    --     -   @RecordState@ changes from @ARCHIVED@ to @ACTIVE@.
+    --
+    --     -   @ComplianceStatus@ changes from @PASSED@ to either @WARNING@,
+    --         @FAILED@, or @NOT_AVAILABLE@.
+    --
+    -- -   @NOTIFIED@ - Indicates that you notified the resource owner about
+    --     the security issue. Used when the initial reviewer is not the
+    --     resource owner, and needs intervention from the resource owner.
+    --
+    -- -   @SUPPRESSED@ - Indicates that you reviewed the finding and do not
+    --     believe that any action is needed. The finding is no longer updated.
+    --
+    -- -   @RESOLVED@ - The finding was reviewed and remediated and is now
+    --     considered resolved.
+    status :: Prelude.Maybe WorkflowStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Workflow' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'status', 'workflow_status' - The status of the investigation into the finding. The workflow status is
+-- specific to an individual finding. It does not affect the generation of
+-- new findings. For example, setting the workflow status to @SUPPRESSED@
+-- or @RESOLVED@ does not prevent a new finding for the same issue.
+--
+-- The allowed values are the following.
+--
+-- -   @NEW@ - The initial state of a finding, before it is reviewed.
+--
+--     Security Hub also resets the workflow status from @NOTIFIED@ or
+--     @RESOLVED@ to @NEW@ in the following cases:
+--
+--     -   @RecordState@ changes from @ARCHIVED@ to @ACTIVE@.
+--
+--     -   @ComplianceStatus@ changes from @PASSED@ to either @WARNING@,
+--         @FAILED@, or @NOT_AVAILABLE@.
+--
+-- -   @NOTIFIED@ - Indicates that you notified the resource owner about
+--     the security issue. Used when the initial reviewer is not the
+--     resource owner, and needs intervention from the resource owner.
+--
+-- -   @SUPPRESSED@ - Indicates that you reviewed the finding and do not
+--     believe that any action is needed. The finding is no longer updated.
+--
+-- -   @RESOLVED@ - The finding was reviewed and remediated and is now
+--     considered resolved.
+newWorkflow ::
+  Workflow
+newWorkflow = Workflow' {status = Prelude.Nothing}
+
+-- | The status of the investigation into the finding. The workflow status is
+-- specific to an individual finding. It does not affect the generation of
+-- new findings. For example, setting the workflow status to @SUPPRESSED@
+-- or @RESOLVED@ does not prevent a new finding for the same issue.
+--
+-- The allowed values are the following.
+--
+-- -   @NEW@ - The initial state of a finding, before it is reviewed.
+--
+--     Security Hub also resets the workflow status from @NOTIFIED@ or
+--     @RESOLVED@ to @NEW@ in the following cases:
+--
+--     -   @RecordState@ changes from @ARCHIVED@ to @ACTIVE@.
+--
+--     -   @ComplianceStatus@ changes from @PASSED@ to either @WARNING@,
+--         @FAILED@, or @NOT_AVAILABLE@.
+--
+-- -   @NOTIFIED@ - Indicates that you notified the resource owner about
+--     the security issue. Used when the initial reviewer is not the
+--     resource owner, and needs intervention from the resource owner.
+--
+-- -   @SUPPRESSED@ - Indicates that you reviewed the finding and do not
+--     believe that any action is needed. The finding is no longer updated.
+--
+-- -   @RESOLVED@ - The finding was reviewed and remediated and is now
+--     considered resolved.
+workflow_status :: Lens.Lens' Workflow (Prelude.Maybe WorkflowStatus)
+workflow_status = Lens.lens (\Workflow' {status} -> status) (\s@Workflow' {} a -> s {status = a} :: Workflow)
+
+instance Data.FromJSON Workflow where
+  parseJSON =
+    Data.withObject
+      "Workflow"
+      (\x -> Workflow' Prelude.<$> (x Data..:? "Status"))
+
+instance Prelude.Hashable Workflow where
+  hashWithSalt _salt Workflow' {..} =
+    _salt `Prelude.hashWithSalt` status
+
+instance Prelude.NFData Workflow where
+  rnf Workflow' {..} = Prelude.rnf status
+
+instance Data.ToJSON Workflow where
+  toJSON Workflow' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Status" Data..=) Prelude.<$> status]
+      )
diff --git a/gen/Amazonka/SecurityHub/Types/WorkflowState.hs b/gen/Amazonka/SecurityHub/Types/WorkflowState.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/WorkflowState.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.WorkflowState
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.WorkflowState
+  ( WorkflowState
+      ( ..,
+        WorkflowState_ASSIGNED,
+        WorkflowState_DEFERRED,
+        WorkflowState_IN_PROGRESS,
+        WorkflowState_NEW,
+        WorkflowState_RESOLVED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype WorkflowState = WorkflowState'
+  { fromWorkflowState ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern WorkflowState_ASSIGNED :: WorkflowState
+pattern WorkflowState_ASSIGNED = WorkflowState' "ASSIGNED"
+
+pattern WorkflowState_DEFERRED :: WorkflowState
+pattern WorkflowState_DEFERRED = WorkflowState' "DEFERRED"
+
+pattern WorkflowState_IN_PROGRESS :: WorkflowState
+pattern WorkflowState_IN_PROGRESS = WorkflowState' "IN_PROGRESS"
+
+pattern WorkflowState_NEW :: WorkflowState
+pattern WorkflowState_NEW = WorkflowState' "NEW"
+
+pattern WorkflowState_RESOLVED :: WorkflowState
+pattern WorkflowState_RESOLVED = WorkflowState' "RESOLVED"
+
+{-# COMPLETE
+  WorkflowState_ASSIGNED,
+  WorkflowState_DEFERRED,
+  WorkflowState_IN_PROGRESS,
+  WorkflowState_NEW,
+  WorkflowState_RESOLVED,
+  WorkflowState'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/WorkflowStatus.hs b/gen/Amazonka/SecurityHub/Types/WorkflowStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/WorkflowStatus.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.WorkflowStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.WorkflowStatus
+  ( WorkflowStatus
+      ( ..,
+        WorkflowStatus_NEW,
+        WorkflowStatus_NOTIFIED,
+        WorkflowStatus_RESOLVED,
+        WorkflowStatus_SUPPRESSED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype WorkflowStatus = WorkflowStatus'
+  { fromWorkflowStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern WorkflowStatus_NEW :: WorkflowStatus
+pattern WorkflowStatus_NEW = WorkflowStatus' "NEW"
+
+pattern WorkflowStatus_NOTIFIED :: WorkflowStatus
+pattern WorkflowStatus_NOTIFIED = WorkflowStatus' "NOTIFIED"
+
+pattern WorkflowStatus_RESOLVED :: WorkflowStatus
+pattern WorkflowStatus_RESOLVED = WorkflowStatus' "RESOLVED"
+
+pattern WorkflowStatus_SUPPRESSED :: WorkflowStatus
+pattern WorkflowStatus_SUPPRESSED = WorkflowStatus' "SUPPRESSED"
+
+{-# COMPLETE
+  WorkflowStatus_NEW,
+  WorkflowStatus_NOTIFIED,
+  WorkflowStatus_RESOLVED,
+  WorkflowStatus_SUPPRESSED,
+  WorkflowStatus'
+  #-}
diff --git a/gen/Amazonka/SecurityHub/Types/WorkflowUpdate.hs b/gen/Amazonka/SecurityHub/Types/WorkflowUpdate.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Types/WorkflowUpdate.hs
@@ -0,0 +1,142 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Types.WorkflowUpdate
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Types.WorkflowUpdate where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Types.WorkflowStatus
+
+-- | Used to update information about the investigation into the finding.
+--
+-- /See:/ 'newWorkflowUpdate' smart constructor.
+data WorkflowUpdate = WorkflowUpdate'
+  { -- | The status of the investigation into the finding. The workflow status is
+    -- specific to an individual finding. It does not affect the generation of
+    -- new findings. For example, setting the workflow status to @SUPPRESSED@
+    -- or @RESOLVED@ does not prevent a new finding for the same issue.
+    --
+    -- The allowed values are the following.
+    --
+    -- -   @NEW@ - The initial state of a finding, before it is reviewed.
+    --
+    --     Security Hub also resets @WorkFlowStatus@ from @NOTIFIED@ or
+    --     @RESOLVED@ to @NEW@ in the following cases:
+    --
+    --     -   The record state changes from @ARCHIVED@ to @ACTIVE@.
+    --
+    --     -   The compliance status changes from @PASSED@ to either @WARNING@,
+    --         @FAILED@, or @NOT_AVAILABLE@.
+    --
+    -- -   @NOTIFIED@ - Indicates that you notified the resource owner about
+    --     the security issue. Used when the initial reviewer is not the
+    --     resource owner, and needs intervention from the resource owner.
+    --
+    -- -   @RESOLVED@ - The finding was reviewed and remediated and is now
+    --     considered resolved.
+    --
+    -- -   @SUPPRESSED@ - Indicates that you reviewed the finding and do not
+    --     believe that any action is needed. The finding is no longer updated.
+    status :: Prelude.Maybe WorkflowStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'WorkflowUpdate' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'status', 'workflowUpdate_status' - The status of the investigation into the finding. The workflow status is
+-- specific to an individual finding. It does not affect the generation of
+-- new findings. For example, setting the workflow status to @SUPPRESSED@
+-- or @RESOLVED@ does not prevent a new finding for the same issue.
+--
+-- The allowed values are the following.
+--
+-- -   @NEW@ - The initial state of a finding, before it is reviewed.
+--
+--     Security Hub also resets @WorkFlowStatus@ from @NOTIFIED@ or
+--     @RESOLVED@ to @NEW@ in the following cases:
+--
+--     -   The record state changes from @ARCHIVED@ to @ACTIVE@.
+--
+--     -   The compliance status changes from @PASSED@ to either @WARNING@,
+--         @FAILED@, or @NOT_AVAILABLE@.
+--
+-- -   @NOTIFIED@ - Indicates that you notified the resource owner about
+--     the security issue. Used when the initial reviewer is not the
+--     resource owner, and needs intervention from the resource owner.
+--
+-- -   @RESOLVED@ - The finding was reviewed and remediated and is now
+--     considered resolved.
+--
+-- -   @SUPPRESSED@ - Indicates that you reviewed the finding and do not
+--     believe that any action is needed. The finding is no longer updated.
+newWorkflowUpdate ::
+  WorkflowUpdate
+newWorkflowUpdate =
+  WorkflowUpdate' {status = Prelude.Nothing}
+
+-- | The status of the investigation into the finding. The workflow status is
+-- specific to an individual finding. It does not affect the generation of
+-- new findings. For example, setting the workflow status to @SUPPRESSED@
+-- or @RESOLVED@ does not prevent a new finding for the same issue.
+--
+-- The allowed values are the following.
+--
+-- -   @NEW@ - The initial state of a finding, before it is reviewed.
+--
+--     Security Hub also resets @WorkFlowStatus@ from @NOTIFIED@ or
+--     @RESOLVED@ to @NEW@ in the following cases:
+--
+--     -   The record state changes from @ARCHIVED@ to @ACTIVE@.
+--
+--     -   The compliance status changes from @PASSED@ to either @WARNING@,
+--         @FAILED@, or @NOT_AVAILABLE@.
+--
+-- -   @NOTIFIED@ - Indicates that you notified the resource owner about
+--     the security issue. Used when the initial reviewer is not the
+--     resource owner, and needs intervention from the resource owner.
+--
+-- -   @RESOLVED@ - The finding was reviewed and remediated and is now
+--     considered resolved.
+--
+-- -   @SUPPRESSED@ - Indicates that you reviewed the finding and do not
+--     believe that any action is needed. The finding is no longer updated.
+workflowUpdate_status :: Lens.Lens' WorkflowUpdate (Prelude.Maybe WorkflowStatus)
+workflowUpdate_status = Lens.lens (\WorkflowUpdate' {status} -> status) (\s@WorkflowUpdate' {} a -> s {status = a} :: WorkflowUpdate)
+
+instance Prelude.Hashable WorkflowUpdate where
+  hashWithSalt _salt WorkflowUpdate' {..} =
+    _salt `Prelude.hashWithSalt` status
+
+instance Prelude.NFData WorkflowUpdate where
+  rnf WorkflowUpdate' {..} = Prelude.rnf status
+
+instance Data.ToJSON WorkflowUpdate where
+  toJSON WorkflowUpdate' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Status" Data..=) Prelude.<$> status]
+      )
diff --git a/gen/Amazonka/SecurityHub/UntagResource.hs b/gen/Amazonka/SecurityHub/UntagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/UntagResource.hs
@@ -0,0 +1,166 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.UntagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Removes one or more tags from a resource.
+module Amazonka.SecurityHub.UntagResource
+  ( -- * Creating a Request
+    UntagResource (..),
+    newUntagResource,
+
+    -- * Request Lenses
+    untagResource_resourceArn,
+    untagResource_tagKeys,
+
+    -- * Destructuring the Response
+    UntagResourceResponse (..),
+    newUntagResourceResponse,
+
+    -- * Response Lenses
+    untagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newUntagResource' smart constructor.
+data UntagResource = UntagResource'
+  { -- | The ARN of the resource to remove the tags from.
+    resourceArn :: Prelude.Text,
+    -- | The tag keys associated with the tags to remove from the resource. You
+    -- can remove up to 50 tags at a time.
+    tagKeys :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'untagResource_resourceArn' - The ARN of the resource to remove the tags from.
+--
+-- 'tagKeys', 'untagResource_tagKeys' - The tag keys associated with the tags to remove from the resource. You
+-- can remove up to 50 tags at a time.
+newUntagResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  -- | 'tagKeys'
+  Prelude.NonEmpty Prelude.Text ->
+  UntagResource
+newUntagResource pResourceArn_ pTagKeys_ =
+  UntagResource'
+    { resourceArn = pResourceArn_,
+      tagKeys = Lens.coerced Lens.# pTagKeys_
+    }
+
+-- | The ARN of the resource to remove the tags from.
+untagResource_resourceArn :: Lens.Lens' UntagResource Prelude.Text
+untagResource_resourceArn = Lens.lens (\UntagResource' {resourceArn} -> resourceArn) (\s@UntagResource' {} a -> s {resourceArn = a} :: UntagResource)
+
+-- | The tag keys associated with the tags to remove from the resource. You
+-- can remove up to 50 tags at a time.
+untagResource_tagKeys :: Lens.Lens' UntagResource (Prelude.NonEmpty Prelude.Text)
+untagResource_tagKeys = Lens.lens (\UntagResource' {tagKeys} -> tagKeys) (\s@UntagResource' {} a -> s {tagKeys = a} :: UntagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest UntagResource where
+  type
+    AWSResponse UntagResource =
+      UntagResourceResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UntagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UntagResource where
+  hashWithSalt _salt UntagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` tagKeys
+
+instance Prelude.NFData UntagResource where
+  rnf UntagResource' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf tagKeys
+
+instance Data.ToHeaders UntagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath UntagResource where
+  toPath UntagResource' {..} =
+    Prelude.mconcat ["/tags/", Data.toBS resourceArn]
+
+instance Data.ToQuery UntagResource where
+  toQuery UntagResource' {..} =
+    Prelude.mconcat
+      ["tagKeys" Data.=: Data.toQueryList "member" tagKeys]
+
+-- | /See:/ 'newUntagResourceResponse' smart constructor.
+data UntagResourceResponse = UntagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'untagResourceResponse_httpStatus' - The response's http status code.
+newUntagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UntagResourceResponse
+newUntagResourceResponse pHttpStatus_ =
+  UntagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+untagResourceResponse_httpStatus :: Lens.Lens' UntagResourceResponse Prelude.Int
+untagResourceResponse_httpStatus = Lens.lens (\UntagResourceResponse' {httpStatus} -> httpStatus) (\s@UntagResourceResponse' {} a -> s {httpStatus = a} :: UntagResourceResponse)
+
+instance Prelude.NFData UntagResourceResponse where
+  rnf UntagResourceResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/UpdateActionTarget.hs b/gen/Amazonka/SecurityHub/UpdateActionTarget.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/UpdateActionTarget.hs
@@ -0,0 +1,185 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.UpdateActionTarget
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the name and description of a custom action target in Security
+-- Hub.
+module Amazonka.SecurityHub.UpdateActionTarget
+  ( -- * Creating a Request
+    UpdateActionTarget (..),
+    newUpdateActionTarget,
+
+    -- * Request Lenses
+    updateActionTarget_description,
+    updateActionTarget_name,
+    updateActionTarget_actionTargetArn,
+
+    -- * Destructuring the Response
+    UpdateActionTargetResponse (..),
+    newUpdateActionTargetResponse,
+
+    -- * Response Lenses
+    updateActionTargetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newUpdateActionTarget' smart constructor.
+data UpdateActionTarget = UpdateActionTarget'
+  { -- | The updated description for the custom action target.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The updated name of the custom action target.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the custom action target to update.
+    actionTargetArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateActionTarget' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'updateActionTarget_description' - The updated description for the custom action target.
+--
+-- 'name', 'updateActionTarget_name' - The updated name of the custom action target.
+--
+-- 'actionTargetArn', 'updateActionTarget_actionTargetArn' - The ARN of the custom action target to update.
+newUpdateActionTarget ::
+  -- | 'actionTargetArn'
+  Prelude.Text ->
+  UpdateActionTarget
+newUpdateActionTarget pActionTargetArn_ =
+  UpdateActionTarget'
+    { description = Prelude.Nothing,
+      name = Prelude.Nothing,
+      actionTargetArn = pActionTargetArn_
+    }
+
+-- | The updated description for the custom action target.
+updateActionTarget_description :: Lens.Lens' UpdateActionTarget (Prelude.Maybe Prelude.Text)
+updateActionTarget_description = Lens.lens (\UpdateActionTarget' {description} -> description) (\s@UpdateActionTarget' {} a -> s {description = a} :: UpdateActionTarget)
+
+-- | The updated name of the custom action target.
+updateActionTarget_name :: Lens.Lens' UpdateActionTarget (Prelude.Maybe Prelude.Text)
+updateActionTarget_name = Lens.lens (\UpdateActionTarget' {name} -> name) (\s@UpdateActionTarget' {} a -> s {name = a} :: UpdateActionTarget)
+
+-- | The ARN of the custom action target to update.
+updateActionTarget_actionTargetArn :: Lens.Lens' UpdateActionTarget Prelude.Text
+updateActionTarget_actionTargetArn = Lens.lens (\UpdateActionTarget' {actionTargetArn} -> actionTargetArn) (\s@UpdateActionTarget' {} a -> s {actionTargetArn = a} :: UpdateActionTarget)
+
+instance Core.AWSRequest UpdateActionTarget where
+  type
+    AWSResponse UpdateActionTarget =
+      UpdateActionTargetResponse
+  request overrides =
+    Request.patchJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateActionTargetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateActionTarget where
+  hashWithSalt _salt UpdateActionTarget' {..} =
+    _salt
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` actionTargetArn
+
+instance Prelude.NFData UpdateActionTarget where
+  rnf UpdateActionTarget' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf actionTargetArn
+
+instance Data.ToHeaders UpdateActionTarget where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateActionTarget where
+  toJSON UpdateActionTarget' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Description" Data..=) Prelude.<$> description,
+            ("Name" Data..=) Prelude.<$> name
+          ]
+      )
+
+instance Data.ToPath UpdateActionTarget where
+  toPath UpdateActionTarget' {..} =
+    Prelude.mconcat
+      ["/actionTargets/", Data.toBS actionTargetArn]
+
+instance Data.ToQuery UpdateActionTarget where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateActionTargetResponse' smart constructor.
+data UpdateActionTargetResponse = UpdateActionTargetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateActionTargetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateActionTargetResponse_httpStatus' - The response's http status code.
+newUpdateActionTargetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateActionTargetResponse
+newUpdateActionTargetResponse pHttpStatus_ =
+  UpdateActionTargetResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+updateActionTargetResponse_httpStatus :: Lens.Lens' UpdateActionTargetResponse Prelude.Int
+updateActionTargetResponse_httpStatus = Lens.lens (\UpdateActionTargetResponse' {httpStatus} -> httpStatus) (\s@UpdateActionTargetResponse' {} a -> s {httpStatus = a} :: UpdateActionTargetResponse)
+
+instance Prelude.NFData UpdateActionTargetResponse where
+  rnf UpdateActionTargetResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/UpdateFindingAggregator.hs b/gen/Amazonka/SecurityHub/UpdateFindingAggregator.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/UpdateFindingAggregator.hs
@@ -0,0 +1,340 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.UpdateFindingAggregator
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the finding aggregation configuration. Used to update the Region
+-- linking mode and the list of included or excluded Regions. You cannot
+-- use @UpdateFindingAggregator@ to change the aggregation Region.
+--
+-- You must run @UpdateFindingAggregator@ from the current aggregation
+-- Region.
+module Amazonka.SecurityHub.UpdateFindingAggregator
+  ( -- * Creating a Request
+    UpdateFindingAggregator (..),
+    newUpdateFindingAggregator,
+
+    -- * Request Lenses
+    updateFindingAggregator_regions,
+    updateFindingAggregator_findingAggregatorArn,
+    updateFindingAggregator_regionLinkingMode,
+
+    -- * Destructuring the Response
+    UpdateFindingAggregatorResponse (..),
+    newUpdateFindingAggregatorResponse,
+
+    -- * Response Lenses
+    updateFindingAggregatorResponse_findingAggregationRegion,
+    updateFindingAggregatorResponse_findingAggregatorArn,
+    updateFindingAggregatorResponse_regionLinkingMode,
+    updateFindingAggregatorResponse_regions,
+    updateFindingAggregatorResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newUpdateFindingAggregator' smart constructor.
+data UpdateFindingAggregator = UpdateFindingAggregator'
+  { -- | If @RegionLinkingMode@ is @ALL_REGIONS_EXCEPT_SPECIFIED@, then this is a
+    -- space-separated list of Regions that do not aggregate findings to the
+    -- aggregation Region.
+    --
+    -- If @RegionLinkingMode@ is @SPECIFIED_REGIONS@, then this is a
+    -- space-separated list of Regions that do aggregate findings to the
+    -- aggregation Region.
+    regions :: Prelude.Maybe [Prelude.Text],
+    -- | The ARN of the finding aggregator. To obtain the ARN, use
+    -- @ListFindingAggregators@.
+    findingAggregatorArn :: Prelude.Text,
+    -- | Indicates whether to aggregate findings from all of the available
+    -- Regions in the current partition. Also determines whether to
+    -- automatically aggregate findings from new Regions as Security Hub
+    -- supports them and you opt into them.
+    --
+    -- The selected option also determines how to use the Regions provided in
+    -- the Regions list.
+    --
+    -- The options are as follows:
+    --
+    -- -   @ALL_REGIONS@ - Indicates to aggregate findings from all of the
+    --     Regions where Security Hub is enabled. When you choose this option,
+    --     Security Hub also automatically aggregates findings from new Regions
+    --     as Security Hub supports them and you opt into them.
+    --
+    -- -   @ALL_REGIONS_EXCEPT_SPECIFIED@ - Indicates to aggregate findings
+    --     from all of the Regions where Security Hub is enabled, except for
+    --     the Regions listed in the @Regions@ parameter. When you choose this
+    --     option, Security Hub also automatically aggregates findings from new
+    --     Regions as Security Hub supports them and you opt into them.
+    --
+    -- -   @SPECIFIED_REGIONS@ - Indicates to aggregate findings only from the
+    --     Regions listed in the @Regions@ parameter. Security Hub does not
+    --     automatically aggregate findings from new Regions.
+    regionLinkingMode :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFindingAggregator' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'regions', 'updateFindingAggregator_regions' - If @RegionLinkingMode@ is @ALL_REGIONS_EXCEPT_SPECIFIED@, then this is a
+-- space-separated list of Regions that do not aggregate findings to the
+-- aggregation Region.
+--
+-- If @RegionLinkingMode@ is @SPECIFIED_REGIONS@, then this is a
+-- space-separated list of Regions that do aggregate findings to the
+-- aggregation Region.
+--
+-- 'findingAggregatorArn', 'updateFindingAggregator_findingAggregatorArn' - The ARN of the finding aggregator. To obtain the ARN, use
+-- @ListFindingAggregators@.
+--
+-- 'regionLinkingMode', 'updateFindingAggregator_regionLinkingMode' - Indicates whether to aggregate findings from all of the available
+-- Regions in the current partition. Also determines whether to
+-- automatically aggregate findings from new Regions as Security Hub
+-- supports them and you opt into them.
+--
+-- The selected option also determines how to use the Regions provided in
+-- the Regions list.
+--
+-- The options are as follows:
+--
+-- -   @ALL_REGIONS@ - Indicates to aggregate findings from all of the
+--     Regions where Security Hub is enabled. When you choose this option,
+--     Security Hub also automatically aggregates findings from new Regions
+--     as Security Hub supports them and you opt into them.
+--
+-- -   @ALL_REGIONS_EXCEPT_SPECIFIED@ - Indicates to aggregate findings
+--     from all of the Regions where Security Hub is enabled, except for
+--     the Regions listed in the @Regions@ parameter. When you choose this
+--     option, Security Hub also automatically aggregates findings from new
+--     Regions as Security Hub supports them and you opt into them.
+--
+-- -   @SPECIFIED_REGIONS@ - Indicates to aggregate findings only from the
+--     Regions listed in the @Regions@ parameter. Security Hub does not
+--     automatically aggregate findings from new Regions.
+newUpdateFindingAggregator ::
+  -- | 'findingAggregatorArn'
+  Prelude.Text ->
+  -- | 'regionLinkingMode'
+  Prelude.Text ->
+  UpdateFindingAggregator
+newUpdateFindingAggregator
+  pFindingAggregatorArn_
+  pRegionLinkingMode_ =
+    UpdateFindingAggregator'
+      { regions = Prelude.Nothing,
+        findingAggregatorArn = pFindingAggregatorArn_,
+        regionLinkingMode = pRegionLinkingMode_
+      }
+
+-- | If @RegionLinkingMode@ is @ALL_REGIONS_EXCEPT_SPECIFIED@, then this is a
+-- space-separated list of Regions that do not aggregate findings to the
+-- aggregation Region.
+--
+-- If @RegionLinkingMode@ is @SPECIFIED_REGIONS@, then this is a
+-- space-separated list of Regions that do aggregate findings to the
+-- aggregation Region.
+updateFindingAggregator_regions :: Lens.Lens' UpdateFindingAggregator (Prelude.Maybe [Prelude.Text])
+updateFindingAggregator_regions = Lens.lens (\UpdateFindingAggregator' {regions} -> regions) (\s@UpdateFindingAggregator' {} a -> s {regions = a} :: UpdateFindingAggregator) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN of the finding aggregator. To obtain the ARN, use
+-- @ListFindingAggregators@.
+updateFindingAggregator_findingAggregatorArn :: Lens.Lens' UpdateFindingAggregator Prelude.Text
+updateFindingAggregator_findingAggregatorArn = Lens.lens (\UpdateFindingAggregator' {findingAggregatorArn} -> findingAggregatorArn) (\s@UpdateFindingAggregator' {} a -> s {findingAggregatorArn = a} :: UpdateFindingAggregator)
+
+-- | Indicates whether to aggregate findings from all of the available
+-- Regions in the current partition. Also determines whether to
+-- automatically aggregate findings from new Regions as Security Hub
+-- supports them and you opt into them.
+--
+-- The selected option also determines how to use the Regions provided in
+-- the Regions list.
+--
+-- The options are as follows:
+--
+-- -   @ALL_REGIONS@ - Indicates to aggregate findings from all of the
+--     Regions where Security Hub is enabled. When you choose this option,
+--     Security Hub also automatically aggregates findings from new Regions
+--     as Security Hub supports them and you opt into them.
+--
+-- -   @ALL_REGIONS_EXCEPT_SPECIFIED@ - Indicates to aggregate findings
+--     from all of the Regions where Security Hub is enabled, except for
+--     the Regions listed in the @Regions@ parameter. When you choose this
+--     option, Security Hub also automatically aggregates findings from new
+--     Regions as Security Hub supports them and you opt into them.
+--
+-- -   @SPECIFIED_REGIONS@ - Indicates to aggregate findings only from the
+--     Regions listed in the @Regions@ parameter. Security Hub does not
+--     automatically aggregate findings from new Regions.
+updateFindingAggregator_regionLinkingMode :: Lens.Lens' UpdateFindingAggregator Prelude.Text
+updateFindingAggregator_regionLinkingMode = Lens.lens (\UpdateFindingAggregator' {regionLinkingMode} -> regionLinkingMode) (\s@UpdateFindingAggregator' {} a -> s {regionLinkingMode = a} :: UpdateFindingAggregator)
+
+instance Core.AWSRequest UpdateFindingAggregator where
+  type
+    AWSResponse UpdateFindingAggregator =
+      UpdateFindingAggregatorResponse
+  request overrides =
+    Request.patchJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateFindingAggregatorResponse'
+            Prelude.<$> (x Data..?> "FindingAggregationRegion")
+            Prelude.<*> (x Data..?> "FindingAggregatorArn")
+            Prelude.<*> (x Data..?> "RegionLinkingMode")
+            Prelude.<*> (x Data..?> "Regions" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateFindingAggregator where
+  hashWithSalt _salt UpdateFindingAggregator' {..} =
+    _salt
+      `Prelude.hashWithSalt` regions
+      `Prelude.hashWithSalt` findingAggregatorArn
+      `Prelude.hashWithSalt` regionLinkingMode
+
+instance Prelude.NFData UpdateFindingAggregator where
+  rnf UpdateFindingAggregator' {..} =
+    Prelude.rnf regions
+      `Prelude.seq` Prelude.rnf findingAggregatorArn
+      `Prelude.seq` Prelude.rnf regionLinkingMode
+
+instance Data.ToHeaders UpdateFindingAggregator where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateFindingAggregator where
+  toJSON UpdateFindingAggregator' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Regions" Data..=) Prelude.<$> regions,
+            Prelude.Just
+              ( "FindingAggregatorArn"
+                  Data..= findingAggregatorArn
+              ),
+            Prelude.Just
+              ("RegionLinkingMode" Data..= regionLinkingMode)
+          ]
+      )
+
+instance Data.ToPath UpdateFindingAggregator where
+  toPath = Prelude.const "/findingAggregator/update"
+
+instance Data.ToQuery UpdateFindingAggregator where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateFindingAggregatorResponse' smart constructor.
+data UpdateFindingAggregatorResponse = UpdateFindingAggregatorResponse'
+  { -- | The aggregation Region.
+    findingAggregationRegion :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the finding aggregator.
+    findingAggregatorArn :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether to link all Regions, all Regions except for a list of
+    -- excluded Regions, or a list of included Regions.
+    regionLinkingMode :: Prelude.Maybe Prelude.Text,
+    -- | The list of excluded Regions or included Regions.
+    regions :: Prelude.Maybe [Prelude.Text],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFindingAggregatorResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'findingAggregationRegion', 'updateFindingAggregatorResponse_findingAggregationRegion' - The aggregation Region.
+--
+-- 'findingAggregatorArn', 'updateFindingAggregatorResponse_findingAggregatorArn' - The ARN of the finding aggregator.
+--
+-- 'regionLinkingMode', 'updateFindingAggregatorResponse_regionLinkingMode' - Indicates whether to link all Regions, all Regions except for a list of
+-- excluded Regions, or a list of included Regions.
+--
+-- 'regions', 'updateFindingAggregatorResponse_regions' - The list of excluded Regions or included Regions.
+--
+-- 'httpStatus', 'updateFindingAggregatorResponse_httpStatus' - The response's http status code.
+newUpdateFindingAggregatorResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateFindingAggregatorResponse
+newUpdateFindingAggregatorResponse pHttpStatus_ =
+  UpdateFindingAggregatorResponse'
+    { findingAggregationRegion =
+        Prelude.Nothing,
+      findingAggregatorArn = Prelude.Nothing,
+      regionLinkingMode = Prelude.Nothing,
+      regions = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The aggregation Region.
+updateFindingAggregatorResponse_findingAggregationRegion :: Lens.Lens' UpdateFindingAggregatorResponse (Prelude.Maybe Prelude.Text)
+updateFindingAggregatorResponse_findingAggregationRegion = Lens.lens (\UpdateFindingAggregatorResponse' {findingAggregationRegion} -> findingAggregationRegion) (\s@UpdateFindingAggregatorResponse' {} a -> s {findingAggregationRegion = a} :: UpdateFindingAggregatorResponse)
+
+-- | The ARN of the finding aggregator.
+updateFindingAggregatorResponse_findingAggregatorArn :: Lens.Lens' UpdateFindingAggregatorResponse (Prelude.Maybe Prelude.Text)
+updateFindingAggregatorResponse_findingAggregatorArn = Lens.lens (\UpdateFindingAggregatorResponse' {findingAggregatorArn} -> findingAggregatorArn) (\s@UpdateFindingAggregatorResponse' {} a -> s {findingAggregatorArn = a} :: UpdateFindingAggregatorResponse)
+
+-- | Indicates whether to link all Regions, all Regions except for a list of
+-- excluded Regions, or a list of included Regions.
+updateFindingAggregatorResponse_regionLinkingMode :: Lens.Lens' UpdateFindingAggregatorResponse (Prelude.Maybe Prelude.Text)
+updateFindingAggregatorResponse_regionLinkingMode = Lens.lens (\UpdateFindingAggregatorResponse' {regionLinkingMode} -> regionLinkingMode) (\s@UpdateFindingAggregatorResponse' {} a -> s {regionLinkingMode = a} :: UpdateFindingAggregatorResponse)
+
+-- | The list of excluded Regions or included Regions.
+updateFindingAggregatorResponse_regions :: Lens.Lens' UpdateFindingAggregatorResponse (Prelude.Maybe [Prelude.Text])
+updateFindingAggregatorResponse_regions = Lens.lens (\UpdateFindingAggregatorResponse' {regions} -> regions) (\s@UpdateFindingAggregatorResponse' {} a -> s {regions = a} :: UpdateFindingAggregatorResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+updateFindingAggregatorResponse_httpStatus :: Lens.Lens' UpdateFindingAggregatorResponse Prelude.Int
+updateFindingAggregatorResponse_httpStatus = Lens.lens (\UpdateFindingAggregatorResponse' {httpStatus} -> httpStatus) (\s@UpdateFindingAggregatorResponse' {} a -> s {httpStatus = a} :: UpdateFindingAggregatorResponse)
+
+instance
+  Prelude.NFData
+    UpdateFindingAggregatorResponse
+  where
+  rnf UpdateFindingAggregatorResponse' {..} =
+    Prelude.rnf findingAggregationRegion
+      `Prelude.seq` Prelude.rnf findingAggregatorArn
+      `Prelude.seq` Prelude.rnf regionLinkingMode
+      `Prelude.seq` Prelude.rnf regions
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/UpdateFindings.hs b/gen/Amazonka/SecurityHub/UpdateFindings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/UpdateFindings.hs
@@ -0,0 +1,188 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.UpdateFindings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- @UpdateFindings@ is deprecated. Instead of @UpdateFindings@, use
+-- @BatchUpdateFindings@.
+--
+-- Updates the @Note@ and @RecordState@ of the Security Hub-aggregated
+-- findings that the filter attributes specify. Any member account that can
+-- view the finding also sees the update to the finding.
+module Amazonka.SecurityHub.UpdateFindings
+  ( -- * Creating a Request
+    UpdateFindings (..),
+    newUpdateFindings,
+
+    -- * Request Lenses
+    updateFindings_note,
+    updateFindings_recordState,
+    updateFindings_filters,
+
+    -- * Destructuring the Response
+    UpdateFindingsResponse (..),
+    newUpdateFindingsResponse,
+
+    -- * Response Lenses
+    updateFindingsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newUpdateFindings' smart constructor.
+data UpdateFindings = UpdateFindings'
+  { -- | The updated note for the finding.
+    note :: Prelude.Maybe NoteUpdate,
+    -- | The updated record state for the finding.
+    recordState :: Prelude.Maybe RecordState,
+    -- | A collection of attributes that specify which findings you want to
+    -- update.
+    filters :: AwsSecurityFindingFilters
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFindings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'note', 'updateFindings_note' - The updated note for the finding.
+--
+-- 'recordState', 'updateFindings_recordState' - The updated record state for the finding.
+--
+-- 'filters', 'updateFindings_filters' - A collection of attributes that specify which findings you want to
+-- update.
+newUpdateFindings ::
+  -- | 'filters'
+  AwsSecurityFindingFilters ->
+  UpdateFindings
+newUpdateFindings pFilters_ =
+  UpdateFindings'
+    { note = Prelude.Nothing,
+      recordState = Prelude.Nothing,
+      filters = pFilters_
+    }
+
+-- | The updated note for the finding.
+updateFindings_note :: Lens.Lens' UpdateFindings (Prelude.Maybe NoteUpdate)
+updateFindings_note = Lens.lens (\UpdateFindings' {note} -> note) (\s@UpdateFindings' {} a -> s {note = a} :: UpdateFindings)
+
+-- | The updated record state for the finding.
+updateFindings_recordState :: Lens.Lens' UpdateFindings (Prelude.Maybe RecordState)
+updateFindings_recordState = Lens.lens (\UpdateFindings' {recordState} -> recordState) (\s@UpdateFindings' {} a -> s {recordState = a} :: UpdateFindings)
+
+-- | A collection of attributes that specify which findings you want to
+-- update.
+updateFindings_filters :: Lens.Lens' UpdateFindings AwsSecurityFindingFilters
+updateFindings_filters = Lens.lens (\UpdateFindings' {filters} -> filters) (\s@UpdateFindings' {} a -> s {filters = a} :: UpdateFindings)
+
+instance Core.AWSRequest UpdateFindings where
+  type
+    AWSResponse UpdateFindings =
+      UpdateFindingsResponse
+  request overrides =
+    Request.patchJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateFindingsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateFindings where
+  hashWithSalt _salt UpdateFindings' {..} =
+    _salt
+      `Prelude.hashWithSalt` note
+      `Prelude.hashWithSalt` recordState
+      `Prelude.hashWithSalt` filters
+
+instance Prelude.NFData UpdateFindings where
+  rnf UpdateFindings' {..} =
+    Prelude.rnf note
+      `Prelude.seq` Prelude.rnf recordState
+      `Prelude.seq` Prelude.rnf filters
+
+instance Data.ToHeaders UpdateFindings where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateFindings where
+  toJSON UpdateFindings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Note" Data..=) Prelude.<$> note,
+            ("RecordState" Data..=) Prelude.<$> recordState,
+            Prelude.Just ("Filters" Data..= filters)
+          ]
+      )
+
+instance Data.ToPath UpdateFindings where
+  toPath = Prelude.const "/findings"
+
+instance Data.ToQuery UpdateFindings where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateFindingsResponse' smart constructor.
+data UpdateFindingsResponse = UpdateFindingsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFindingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateFindingsResponse_httpStatus' - The response's http status code.
+newUpdateFindingsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateFindingsResponse
+newUpdateFindingsResponse pHttpStatus_ =
+  UpdateFindingsResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+updateFindingsResponse_httpStatus :: Lens.Lens' UpdateFindingsResponse Prelude.Int
+updateFindingsResponse_httpStatus = Lens.lens (\UpdateFindingsResponse' {httpStatus} -> httpStatus) (\s@UpdateFindingsResponse' {} a -> s {httpStatus = a} :: UpdateFindingsResponse)
+
+instance Prelude.NFData UpdateFindingsResponse where
+  rnf UpdateFindingsResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/UpdateInsight.hs b/gen/Amazonka/SecurityHub/UpdateInsight.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/UpdateInsight.hs
@@ -0,0 +1,196 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.UpdateInsight
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the Security Hub insight identified by the specified insight
+-- ARN.
+module Amazonka.SecurityHub.UpdateInsight
+  ( -- * Creating a Request
+    UpdateInsight (..),
+    newUpdateInsight,
+
+    -- * Request Lenses
+    updateInsight_filters,
+    updateInsight_groupByAttribute,
+    updateInsight_name,
+    updateInsight_insightArn,
+
+    -- * Destructuring the Response
+    UpdateInsightResponse (..),
+    newUpdateInsightResponse,
+
+    -- * Response Lenses
+    updateInsightResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newUpdateInsight' smart constructor.
+data UpdateInsight = UpdateInsight'
+  { -- | The updated filters that define this insight.
+    filters :: Prelude.Maybe AwsSecurityFindingFilters,
+    -- | The updated @GroupBy@ attribute that defines this insight.
+    groupByAttribute :: Prelude.Maybe Prelude.Text,
+    -- | The updated name for the insight.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the insight that you want to update.
+    insightArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateInsight' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filters', 'updateInsight_filters' - The updated filters that define this insight.
+--
+-- 'groupByAttribute', 'updateInsight_groupByAttribute' - The updated @GroupBy@ attribute that defines this insight.
+--
+-- 'name', 'updateInsight_name' - The updated name for the insight.
+--
+-- 'insightArn', 'updateInsight_insightArn' - The ARN of the insight that you want to update.
+newUpdateInsight ::
+  -- | 'insightArn'
+  Prelude.Text ->
+  UpdateInsight
+newUpdateInsight pInsightArn_ =
+  UpdateInsight'
+    { filters = Prelude.Nothing,
+      groupByAttribute = Prelude.Nothing,
+      name = Prelude.Nothing,
+      insightArn = pInsightArn_
+    }
+
+-- | The updated filters that define this insight.
+updateInsight_filters :: Lens.Lens' UpdateInsight (Prelude.Maybe AwsSecurityFindingFilters)
+updateInsight_filters = Lens.lens (\UpdateInsight' {filters} -> filters) (\s@UpdateInsight' {} a -> s {filters = a} :: UpdateInsight)
+
+-- | The updated @GroupBy@ attribute that defines this insight.
+updateInsight_groupByAttribute :: Lens.Lens' UpdateInsight (Prelude.Maybe Prelude.Text)
+updateInsight_groupByAttribute = Lens.lens (\UpdateInsight' {groupByAttribute} -> groupByAttribute) (\s@UpdateInsight' {} a -> s {groupByAttribute = a} :: UpdateInsight)
+
+-- | The updated name for the insight.
+updateInsight_name :: Lens.Lens' UpdateInsight (Prelude.Maybe Prelude.Text)
+updateInsight_name = Lens.lens (\UpdateInsight' {name} -> name) (\s@UpdateInsight' {} a -> s {name = a} :: UpdateInsight)
+
+-- | The ARN of the insight that you want to update.
+updateInsight_insightArn :: Lens.Lens' UpdateInsight Prelude.Text
+updateInsight_insightArn = Lens.lens (\UpdateInsight' {insightArn} -> insightArn) (\s@UpdateInsight' {} a -> s {insightArn = a} :: UpdateInsight)
+
+instance Core.AWSRequest UpdateInsight where
+  type
+    AWSResponse UpdateInsight =
+      UpdateInsightResponse
+  request overrides =
+    Request.patchJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateInsightResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateInsight where
+  hashWithSalt _salt UpdateInsight' {..} =
+    _salt
+      `Prelude.hashWithSalt` filters
+      `Prelude.hashWithSalt` groupByAttribute
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` insightArn
+
+instance Prelude.NFData UpdateInsight where
+  rnf UpdateInsight' {..} =
+    Prelude.rnf filters
+      `Prelude.seq` Prelude.rnf groupByAttribute
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf insightArn
+
+instance Data.ToHeaders UpdateInsight where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateInsight where
+  toJSON UpdateInsight' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Filters" Data..=) Prelude.<$> filters,
+            ("GroupByAttribute" Data..=)
+              Prelude.<$> groupByAttribute,
+            ("Name" Data..=) Prelude.<$> name
+          ]
+      )
+
+instance Data.ToPath UpdateInsight where
+  toPath UpdateInsight' {..} =
+    Prelude.mconcat
+      ["/insights/", Data.toBS insightArn]
+
+instance Data.ToQuery UpdateInsight where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateInsightResponse' smart constructor.
+data UpdateInsightResponse = UpdateInsightResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateInsightResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateInsightResponse_httpStatus' - The response's http status code.
+newUpdateInsightResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateInsightResponse
+newUpdateInsightResponse pHttpStatus_ =
+  UpdateInsightResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+updateInsightResponse_httpStatus :: Lens.Lens' UpdateInsightResponse Prelude.Int
+updateInsightResponse_httpStatus = Lens.lens (\UpdateInsightResponse' {httpStatus} -> httpStatus) (\s@UpdateInsightResponse' {} a -> s {httpStatus = a} :: UpdateInsightResponse)
+
+instance Prelude.NFData UpdateInsightResponse where
+  rnf UpdateInsightResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/UpdateOrganizationConfiguration.hs b/gen/Amazonka/SecurityHub/UpdateOrganizationConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/UpdateOrganizationConfiguration.hs
@@ -0,0 +1,236 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.UpdateOrganizationConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Used to update the configuration related to Organizations. Can only be
+-- called from a Security Hub administrator account.
+module Amazonka.SecurityHub.UpdateOrganizationConfiguration
+  ( -- * Creating a Request
+    UpdateOrganizationConfiguration (..),
+    newUpdateOrganizationConfiguration,
+
+    -- * Request Lenses
+    updateOrganizationConfiguration_autoEnableStandards,
+    updateOrganizationConfiguration_autoEnable,
+
+    -- * Destructuring the Response
+    UpdateOrganizationConfigurationResponse (..),
+    newUpdateOrganizationConfigurationResponse,
+
+    -- * Response Lenses
+    updateOrganizationConfigurationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newUpdateOrganizationConfiguration' smart constructor.
+data UpdateOrganizationConfiguration = UpdateOrganizationConfiguration'
+  { -- | Whether to automatically enable Security Hub
+    -- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html default standards>
+    -- for new member accounts in the organization.
+    --
+    -- By default, this parameter is equal to @DEFAULT@, and new member
+    -- accounts are automatically enabled with default Security Hub standards.
+    --
+    -- To opt out of enabling default standards for new member accounts, set
+    -- this parameter equal to @NONE@.
+    autoEnableStandards :: Prelude.Maybe AutoEnableStandards,
+    -- | Whether to automatically enable Security Hub for new accounts in the
+    -- organization.
+    --
+    -- By default, this is @false@, and new accounts are not added
+    -- automatically.
+    --
+    -- To automatically enable Security Hub for new accounts, set this to
+    -- @true@.
+    autoEnable :: Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateOrganizationConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'autoEnableStandards', 'updateOrganizationConfiguration_autoEnableStandards' - Whether to automatically enable Security Hub
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html default standards>
+-- for new member accounts in the organization.
+--
+-- By default, this parameter is equal to @DEFAULT@, and new member
+-- accounts are automatically enabled with default Security Hub standards.
+--
+-- To opt out of enabling default standards for new member accounts, set
+-- this parameter equal to @NONE@.
+--
+-- 'autoEnable', 'updateOrganizationConfiguration_autoEnable' - Whether to automatically enable Security Hub for new accounts in the
+-- organization.
+--
+-- By default, this is @false@, and new accounts are not added
+-- automatically.
+--
+-- To automatically enable Security Hub for new accounts, set this to
+-- @true@.
+newUpdateOrganizationConfiguration ::
+  -- | 'autoEnable'
+  Prelude.Bool ->
+  UpdateOrganizationConfiguration
+newUpdateOrganizationConfiguration pAutoEnable_ =
+  UpdateOrganizationConfiguration'
+    { autoEnableStandards =
+        Prelude.Nothing,
+      autoEnable = pAutoEnable_
+    }
+
+-- | Whether to automatically enable Security Hub
+-- <https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html default standards>
+-- for new member accounts in the organization.
+--
+-- By default, this parameter is equal to @DEFAULT@, and new member
+-- accounts are automatically enabled with default Security Hub standards.
+--
+-- To opt out of enabling default standards for new member accounts, set
+-- this parameter equal to @NONE@.
+updateOrganizationConfiguration_autoEnableStandards :: Lens.Lens' UpdateOrganizationConfiguration (Prelude.Maybe AutoEnableStandards)
+updateOrganizationConfiguration_autoEnableStandards = Lens.lens (\UpdateOrganizationConfiguration' {autoEnableStandards} -> autoEnableStandards) (\s@UpdateOrganizationConfiguration' {} a -> s {autoEnableStandards = a} :: UpdateOrganizationConfiguration)
+
+-- | Whether to automatically enable Security Hub for new accounts in the
+-- organization.
+--
+-- By default, this is @false@, and new accounts are not added
+-- automatically.
+--
+-- To automatically enable Security Hub for new accounts, set this to
+-- @true@.
+updateOrganizationConfiguration_autoEnable :: Lens.Lens' UpdateOrganizationConfiguration Prelude.Bool
+updateOrganizationConfiguration_autoEnable = Lens.lens (\UpdateOrganizationConfiguration' {autoEnable} -> autoEnable) (\s@UpdateOrganizationConfiguration' {} a -> s {autoEnable = a} :: UpdateOrganizationConfiguration)
+
+instance
+  Core.AWSRequest
+    UpdateOrganizationConfiguration
+  where
+  type
+    AWSResponse UpdateOrganizationConfiguration =
+      UpdateOrganizationConfigurationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateOrganizationConfigurationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    UpdateOrganizationConfiguration
+  where
+  hashWithSalt
+    _salt
+    UpdateOrganizationConfiguration' {..} =
+      _salt
+        `Prelude.hashWithSalt` autoEnableStandards
+        `Prelude.hashWithSalt` autoEnable
+
+instance
+  Prelude.NFData
+    UpdateOrganizationConfiguration
+  where
+  rnf UpdateOrganizationConfiguration' {..} =
+    Prelude.rnf autoEnableStandards
+      `Prelude.seq` Prelude.rnf autoEnable
+
+instance
+  Data.ToHeaders
+    UpdateOrganizationConfiguration
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateOrganizationConfiguration where
+  toJSON UpdateOrganizationConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AutoEnableStandards" Data..=)
+              Prelude.<$> autoEnableStandards,
+            Prelude.Just ("AutoEnable" Data..= autoEnable)
+          ]
+      )
+
+instance Data.ToPath UpdateOrganizationConfiguration where
+  toPath = Prelude.const "/organization/configuration"
+
+instance Data.ToQuery UpdateOrganizationConfiguration where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateOrganizationConfigurationResponse' smart constructor.
+data UpdateOrganizationConfigurationResponse = UpdateOrganizationConfigurationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateOrganizationConfigurationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateOrganizationConfigurationResponse_httpStatus' - The response's http status code.
+newUpdateOrganizationConfigurationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateOrganizationConfigurationResponse
+newUpdateOrganizationConfigurationResponse
+  pHttpStatus_ =
+    UpdateOrganizationConfigurationResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+updateOrganizationConfigurationResponse_httpStatus :: Lens.Lens' UpdateOrganizationConfigurationResponse Prelude.Int
+updateOrganizationConfigurationResponse_httpStatus = Lens.lens (\UpdateOrganizationConfigurationResponse' {httpStatus} -> httpStatus) (\s@UpdateOrganizationConfigurationResponse' {} a -> s {httpStatus = a} :: UpdateOrganizationConfigurationResponse)
+
+instance
+  Prelude.NFData
+    UpdateOrganizationConfigurationResponse
+  where
+  rnf UpdateOrganizationConfigurationResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/UpdateSecurityHubConfiguration.hs b/gen/Amazonka/SecurityHub/UpdateSecurityHubConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/UpdateSecurityHubConfiguration.hs
@@ -0,0 +1,189 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.UpdateSecurityHubConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates configuration options for Security Hub.
+module Amazonka.SecurityHub.UpdateSecurityHubConfiguration
+  ( -- * Creating a Request
+    UpdateSecurityHubConfiguration (..),
+    newUpdateSecurityHubConfiguration,
+
+    -- * Request Lenses
+    updateSecurityHubConfiguration_autoEnableControls,
+
+    -- * Destructuring the Response
+    UpdateSecurityHubConfigurationResponse (..),
+    newUpdateSecurityHubConfigurationResponse,
+
+    -- * Response Lenses
+    updateSecurityHubConfigurationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newUpdateSecurityHubConfiguration' smart constructor.
+data UpdateSecurityHubConfiguration = UpdateSecurityHubConfiguration'
+  { -- | Whether to automatically enable new controls when they are added to
+    -- standards that are enabled.
+    --
+    -- By default, this is set to @true@, and new controls are enabled
+    -- automatically. To not automatically enable new controls, set this to
+    -- @false@.
+    autoEnableControls :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateSecurityHubConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'autoEnableControls', 'updateSecurityHubConfiguration_autoEnableControls' - Whether to automatically enable new controls when they are added to
+-- standards that are enabled.
+--
+-- By default, this is set to @true@, and new controls are enabled
+-- automatically. To not automatically enable new controls, set this to
+-- @false@.
+newUpdateSecurityHubConfiguration ::
+  UpdateSecurityHubConfiguration
+newUpdateSecurityHubConfiguration =
+  UpdateSecurityHubConfiguration'
+    { autoEnableControls =
+        Prelude.Nothing
+    }
+
+-- | Whether to automatically enable new controls when they are added to
+-- standards that are enabled.
+--
+-- By default, this is set to @true@, and new controls are enabled
+-- automatically. To not automatically enable new controls, set this to
+-- @false@.
+updateSecurityHubConfiguration_autoEnableControls :: Lens.Lens' UpdateSecurityHubConfiguration (Prelude.Maybe Prelude.Bool)
+updateSecurityHubConfiguration_autoEnableControls = Lens.lens (\UpdateSecurityHubConfiguration' {autoEnableControls} -> autoEnableControls) (\s@UpdateSecurityHubConfiguration' {} a -> s {autoEnableControls = a} :: UpdateSecurityHubConfiguration)
+
+instance
+  Core.AWSRequest
+    UpdateSecurityHubConfiguration
+  where
+  type
+    AWSResponse UpdateSecurityHubConfiguration =
+      UpdateSecurityHubConfigurationResponse
+  request overrides =
+    Request.patchJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateSecurityHubConfigurationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    UpdateSecurityHubConfiguration
+  where
+  hashWithSalt
+    _salt
+    UpdateSecurityHubConfiguration' {..} =
+      _salt `Prelude.hashWithSalt` autoEnableControls
+
+instance
+  Prelude.NFData
+    UpdateSecurityHubConfiguration
+  where
+  rnf UpdateSecurityHubConfiguration' {..} =
+    Prelude.rnf autoEnableControls
+
+instance
+  Data.ToHeaders
+    UpdateSecurityHubConfiguration
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateSecurityHubConfiguration where
+  toJSON UpdateSecurityHubConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AutoEnableControls" Data..=)
+              Prelude.<$> autoEnableControls
+          ]
+      )
+
+instance Data.ToPath UpdateSecurityHubConfiguration where
+  toPath = Prelude.const "/accounts"
+
+instance Data.ToQuery UpdateSecurityHubConfiguration where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateSecurityHubConfigurationResponse' smart constructor.
+data UpdateSecurityHubConfigurationResponse = UpdateSecurityHubConfigurationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateSecurityHubConfigurationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateSecurityHubConfigurationResponse_httpStatus' - The response's http status code.
+newUpdateSecurityHubConfigurationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateSecurityHubConfigurationResponse
+newUpdateSecurityHubConfigurationResponse
+  pHttpStatus_ =
+    UpdateSecurityHubConfigurationResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+updateSecurityHubConfigurationResponse_httpStatus :: Lens.Lens' UpdateSecurityHubConfigurationResponse Prelude.Int
+updateSecurityHubConfigurationResponse_httpStatus = Lens.lens (\UpdateSecurityHubConfigurationResponse' {httpStatus} -> httpStatus) (\s@UpdateSecurityHubConfigurationResponse' {} a -> s {httpStatus = a} :: UpdateSecurityHubConfigurationResponse)
+
+instance
+  Prelude.NFData
+    UpdateSecurityHubConfigurationResponse
+  where
+  rnf UpdateSecurityHubConfigurationResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/UpdateStandardsControl.hs b/gen/Amazonka/SecurityHub/UpdateStandardsControl.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/UpdateStandardsControl.hs
@@ -0,0 +1,195 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.UpdateStandardsControl
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Used to control whether an individual security standard control is
+-- enabled or disabled.
+module Amazonka.SecurityHub.UpdateStandardsControl
+  ( -- * Creating a Request
+    UpdateStandardsControl (..),
+    newUpdateStandardsControl,
+
+    -- * Request Lenses
+    updateStandardsControl_controlStatus,
+    updateStandardsControl_disabledReason,
+    updateStandardsControl_standardsControlArn,
+
+    -- * Destructuring the Response
+    UpdateStandardsControlResponse (..),
+    newUpdateStandardsControlResponse,
+
+    -- * Response Lenses
+    updateStandardsControlResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SecurityHub.Types
+
+-- | /See:/ 'newUpdateStandardsControl' smart constructor.
+data UpdateStandardsControl = UpdateStandardsControl'
+  { -- | The updated status of the security standard control.
+    controlStatus :: Prelude.Maybe ControlStatus,
+    -- | A description of the reason why you are disabling a security standard
+    -- control. If you are disabling a control, then this is required.
+    disabledReason :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the security standard control to enable or disable.
+    standardsControlArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateStandardsControl' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'controlStatus', 'updateStandardsControl_controlStatus' - The updated status of the security standard control.
+--
+-- 'disabledReason', 'updateStandardsControl_disabledReason' - A description of the reason why you are disabling a security standard
+-- control. If you are disabling a control, then this is required.
+--
+-- 'standardsControlArn', 'updateStandardsControl_standardsControlArn' - The ARN of the security standard control to enable or disable.
+newUpdateStandardsControl ::
+  -- | 'standardsControlArn'
+  Prelude.Text ->
+  UpdateStandardsControl
+newUpdateStandardsControl pStandardsControlArn_ =
+  UpdateStandardsControl'
+    { controlStatus =
+        Prelude.Nothing,
+      disabledReason = Prelude.Nothing,
+      standardsControlArn = pStandardsControlArn_
+    }
+
+-- | The updated status of the security standard control.
+updateStandardsControl_controlStatus :: Lens.Lens' UpdateStandardsControl (Prelude.Maybe ControlStatus)
+updateStandardsControl_controlStatus = Lens.lens (\UpdateStandardsControl' {controlStatus} -> controlStatus) (\s@UpdateStandardsControl' {} a -> s {controlStatus = a} :: UpdateStandardsControl)
+
+-- | A description of the reason why you are disabling a security standard
+-- control. If you are disabling a control, then this is required.
+updateStandardsControl_disabledReason :: Lens.Lens' UpdateStandardsControl (Prelude.Maybe Prelude.Text)
+updateStandardsControl_disabledReason = Lens.lens (\UpdateStandardsControl' {disabledReason} -> disabledReason) (\s@UpdateStandardsControl' {} a -> s {disabledReason = a} :: UpdateStandardsControl)
+
+-- | The ARN of the security standard control to enable or disable.
+updateStandardsControl_standardsControlArn :: Lens.Lens' UpdateStandardsControl Prelude.Text
+updateStandardsControl_standardsControlArn = Lens.lens (\UpdateStandardsControl' {standardsControlArn} -> standardsControlArn) (\s@UpdateStandardsControl' {} a -> s {standardsControlArn = a} :: UpdateStandardsControl)
+
+instance Core.AWSRequest UpdateStandardsControl where
+  type
+    AWSResponse UpdateStandardsControl =
+      UpdateStandardsControlResponse
+  request overrides =
+    Request.patchJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateStandardsControlResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateStandardsControl where
+  hashWithSalt _salt UpdateStandardsControl' {..} =
+    _salt
+      `Prelude.hashWithSalt` controlStatus
+      `Prelude.hashWithSalt` disabledReason
+      `Prelude.hashWithSalt` standardsControlArn
+
+instance Prelude.NFData UpdateStandardsControl where
+  rnf UpdateStandardsControl' {..} =
+    Prelude.rnf controlStatus
+      `Prelude.seq` Prelude.rnf disabledReason
+      `Prelude.seq` Prelude.rnf standardsControlArn
+
+instance Data.ToHeaders UpdateStandardsControl where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateStandardsControl where
+  toJSON UpdateStandardsControl' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ControlStatus" Data..=) Prelude.<$> controlStatus,
+            ("DisabledReason" Data..=)
+              Prelude.<$> disabledReason
+          ]
+      )
+
+instance Data.ToPath UpdateStandardsControl where
+  toPath UpdateStandardsControl' {..} =
+    Prelude.mconcat
+      [ "/standards/control/",
+        Data.toBS standardsControlArn
+      ]
+
+instance Data.ToQuery UpdateStandardsControl where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateStandardsControlResponse' smart constructor.
+data UpdateStandardsControlResponse = UpdateStandardsControlResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateStandardsControlResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateStandardsControlResponse_httpStatus' - The response's http status code.
+newUpdateStandardsControlResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateStandardsControlResponse
+newUpdateStandardsControlResponse pHttpStatus_ =
+  UpdateStandardsControlResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+updateStandardsControlResponse_httpStatus :: Lens.Lens' UpdateStandardsControlResponse Prelude.Int
+updateStandardsControlResponse_httpStatus = Lens.lens (\UpdateStandardsControlResponse' {httpStatus} -> httpStatus) (\s@UpdateStandardsControlResponse' {} a -> s {httpStatus = a} :: UpdateStandardsControlResponse)
+
+instance
+  Prelude.NFData
+    UpdateStandardsControlResponse
+  where
+  rnf UpdateStandardsControlResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SecurityHub/Waiters.hs b/gen/Amazonka/SecurityHub/Waiters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SecurityHub/Waiters.hs
@@ -0,0 +1,24 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SecurityHub.Waiters
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SecurityHub.Waiters where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SecurityHub.Lens
+import Amazonka.SecurityHub.Types
diff --git a/src/.gitkeep b/src/.gitkeep
new file mode 100644
--- /dev/null
+++ b/src/.gitkeep
diff --git a/test/Main.hs b/test/Main.hs
new file mode 100644
--- /dev/null
+++ b/test/Main.hs
@@ -0,0 +1,23 @@
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Main
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Main (main) where
+
+import Test.Amazonka.SecurityHub
+import Test.Amazonka.SecurityHub.Internal
+import Test.Tasty
+
+main :: IO ()
+main =
+  defaultMain $
+    testGroup
+      "SecurityHub"
+      [ testGroup "tests" tests,
+        testGroup "fixtures" fixtures
+      ]
diff --git a/test/Test/Amazonka/Gen/SecurityHub.hs b/test/Test/Amazonka/Gen/SecurityHub.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Gen/SecurityHub.hs
@@ -0,0 +1,1098 @@
+{-# OPTIONS_GHC -fno-warn-orphans #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Test.Amazonka.Gen.SecurityHub
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Gen.SecurityHub where
+
+import Amazonka.SecurityHub
+import qualified Data.Proxy as Proxy
+import Test.Amazonka.Fixture
+import Test.Amazonka.Prelude
+import Test.Amazonka.SecurityHub.Internal
+import Test.Tasty
+
+-- Auto-generated: the actual test selection needs to be manually placed into
+-- the top-level so that real test data can be incrementally added.
+--
+-- This commented snippet is what the entire set should look like:
+
+-- fixtures :: TestTree
+-- fixtures =
+--     [ testGroup "request"
+--         [ requestAcceptAdministratorInvitation $
+--             newAcceptAdministratorInvitation
+--
+--         , requestBatchDisableStandards $
+--             newBatchDisableStandards
+--
+--         , requestBatchEnableStandards $
+--             newBatchEnableStandards
+--
+--         , requestBatchImportFindings $
+--             newBatchImportFindings
+--
+--         , requestBatchUpdateFindings $
+--             newBatchUpdateFindings
+--
+--         , requestCreateActionTarget $
+--             newCreateActionTarget
+--
+--         , requestCreateFindingAggregator $
+--             newCreateFindingAggregator
+--
+--         , requestCreateInsight $
+--             newCreateInsight
+--
+--         , requestCreateMembers $
+--             newCreateMembers
+--
+--         , requestDeclineInvitations $
+--             newDeclineInvitations
+--
+--         , requestDeleteActionTarget $
+--             newDeleteActionTarget
+--
+--         , requestDeleteFindingAggregator $
+--             newDeleteFindingAggregator
+--
+--         , requestDeleteInsight $
+--             newDeleteInsight
+--
+--         , requestDeleteInvitations $
+--             newDeleteInvitations
+--
+--         , requestDeleteMembers $
+--             newDeleteMembers
+--
+--         , requestDescribeActionTargets $
+--             newDescribeActionTargets
+--
+--         , requestDescribeHub $
+--             newDescribeHub
+--
+--         , requestDescribeOrganizationConfiguration $
+--             newDescribeOrganizationConfiguration
+--
+--         , requestDescribeProducts $
+--             newDescribeProducts
+--
+--         , requestDescribeStandards $
+--             newDescribeStandards
+--
+--         , requestDescribeStandardsControls $
+--             newDescribeStandardsControls
+--
+--         , requestDisableImportFindingsForProduct $
+--             newDisableImportFindingsForProduct
+--
+--         , requestDisableOrganizationAdminAccount $
+--             newDisableOrganizationAdminAccount
+--
+--         , requestDisableSecurityHub $
+--             newDisableSecurityHub
+--
+--         , requestDisassociateFromAdministratorAccount $
+--             newDisassociateFromAdministratorAccount
+--
+--         , requestDisassociateMembers $
+--             newDisassociateMembers
+--
+--         , requestEnableImportFindingsForProduct $
+--             newEnableImportFindingsForProduct
+--
+--         , requestEnableOrganizationAdminAccount $
+--             newEnableOrganizationAdminAccount
+--
+--         , requestEnableSecurityHub $
+--             newEnableSecurityHub
+--
+--         , requestGetAdministratorAccount $
+--             newGetAdministratorAccount
+--
+--         , requestGetEnabledStandards $
+--             newGetEnabledStandards
+--
+--         , requestGetFindingAggregator $
+--             newGetFindingAggregator
+--
+--         , requestGetFindings $
+--             newGetFindings
+--
+--         , requestGetInsightResults $
+--             newGetInsightResults
+--
+--         , requestGetInsights $
+--             newGetInsights
+--
+--         , requestGetInvitationsCount $
+--             newGetInvitationsCount
+--
+--         , requestGetMembers $
+--             newGetMembers
+--
+--         , requestInviteMembers $
+--             newInviteMembers
+--
+--         , requestListEnabledProductsForImport $
+--             newListEnabledProductsForImport
+--
+--         , requestListFindingAggregators $
+--             newListFindingAggregators
+--
+--         , requestListInvitations $
+--             newListInvitations
+--
+--         , requestListMembers $
+--             newListMembers
+--
+--         , requestListOrganizationAdminAccounts $
+--             newListOrganizationAdminAccounts
+--
+--         , requestListTagsForResource $
+--             newListTagsForResource
+--
+--         , requestTagResource $
+--             newTagResource
+--
+--         , requestUntagResource $
+--             newUntagResource
+--
+--         , requestUpdateActionTarget $
+--             newUpdateActionTarget
+--
+--         , requestUpdateFindingAggregator $
+--             newUpdateFindingAggregator
+--
+--         , requestUpdateFindings $
+--             newUpdateFindings
+--
+--         , requestUpdateInsight $
+--             newUpdateInsight
+--
+--         , requestUpdateOrganizationConfiguration $
+--             newUpdateOrganizationConfiguration
+--
+--         , requestUpdateSecurityHubConfiguration $
+--             newUpdateSecurityHubConfiguration
+--
+--         , requestUpdateStandardsControl $
+--             newUpdateStandardsControl
+--
+--           ]
+
+--     , testGroup "response"
+--         [ responseAcceptAdministratorInvitation $
+--             newAcceptAdministratorInvitationResponse
+--
+--         , responseBatchDisableStandards $
+--             newBatchDisableStandardsResponse
+--
+--         , responseBatchEnableStandards $
+--             newBatchEnableStandardsResponse
+--
+--         , responseBatchImportFindings $
+--             newBatchImportFindingsResponse
+--
+--         , responseBatchUpdateFindings $
+--             newBatchUpdateFindingsResponse
+--
+--         , responseCreateActionTarget $
+--             newCreateActionTargetResponse
+--
+--         , responseCreateFindingAggregator $
+--             newCreateFindingAggregatorResponse
+--
+--         , responseCreateInsight $
+--             newCreateInsightResponse
+--
+--         , responseCreateMembers $
+--             newCreateMembersResponse
+--
+--         , responseDeclineInvitations $
+--             newDeclineInvitationsResponse
+--
+--         , responseDeleteActionTarget $
+--             newDeleteActionTargetResponse
+--
+--         , responseDeleteFindingAggregator $
+--             newDeleteFindingAggregatorResponse
+--
+--         , responseDeleteInsight $
+--             newDeleteInsightResponse
+--
+--         , responseDeleteInvitations $
+--             newDeleteInvitationsResponse
+--
+--         , responseDeleteMembers $
+--             newDeleteMembersResponse
+--
+--         , responseDescribeActionTargets $
+--             newDescribeActionTargetsResponse
+--
+--         , responseDescribeHub $
+--             newDescribeHubResponse
+--
+--         , responseDescribeOrganizationConfiguration $
+--             newDescribeOrganizationConfigurationResponse
+--
+--         , responseDescribeProducts $
+--             newDescribeProductsResponse
+--
+--         , responseDescribeStandards $
+--             newDescribeStandardsResponse
+--
+--         , responseDescribeStandardsControls $
+--             newDescribeStandardsControlsResponse
+--
+--         , responseDisableImportFindingsForProduct $
+--             newDisableImportFindingsForProductResponse
+--
+--         , responseDisableOrganizationAdminAccount $
+--             newDisableOrganizationAdminAccountResponse
+--
+--         , responseDisableSecurityHub $
+--             newDisableSecurityHubResponse
+--
+--         , responseDisassociateFromAdministratorAccount $
+--             newDisassociateFromAdministratorAccountResponse
+--
+--         , responseDisassociateMembers $
+--             newDisassociateMembersResponse
+--
+--         , responseEnableImportFindingsForProduct $
+--             newEnableImportFindingsForProductResponse
+--
+--         , responseEnableOrganizationAdminAccount $
+--             newEnableOrganizationAdminAccountResponse
+--
+--         , responseEnableSecurityHub $
+--             newEnableSecurityHubResponse
+--
+--         , responseGetAdministratorAccount $
+--             newGetAdministratorAccountResponse
+--
+--         , responseGetEnabledStandards $
+--             newGetEnabledStandardsResponse
+--
+--         , responseGetFindingAggregator $
+--             newGetFindingAggregatorResponse
+--
+--         , responseGetFindings $
+--             newGetFindingsResponse
+--
+--         , responseGetInsightResults $
+--             newGetInsightResultsResponse
+--
+--         , responseGetInsights $
+--             newGetInsightsResponse
+--
+--         , responseGetInvitationsCount $
+--             newGetInvitationsCountResponse
+--
+--         , responseGetMembers $
+--             newGetMembersResponse
+--
+--         , responseInviteMembers $
+--             newInviteMembersResponse
+--
+--         , responseListEnabledProductsForImport $
+--             newListEnabledProductsForImportResponse
+--
+--         , responseListFindingAggregators $
+--             newListFindingAggregatorsResponse
+--
+--         , responseListInvitations $
+--             newListInvitationsResponse
+--
+--         , responseListMembers $
+--             newListMembersResponse
+--
+--         , responseListOrganizationAdminAccounts $
+--             newListOrganizationAdminAccountsResponse
+--
+--         , responseListTagsForResource $
+--             newListTagsForResourceResponse
+--
+--         , responseTagResource $
+--             newTagResourceResponse
+--
+--         , responseUntagResource $
+--             newUntagResourceResponse
+--
+--         , responseUpdateActionTarget $
+--             newUpdateActionTargetResponse
+--
+--         , responseUpdateFindingAggregator $
+--             newUpdateFindingAggregatorResponse
+--
+--         , responseUpdateFindings $
+--             newUpdateFindingsResponse
+--
+--         , responseUpdateInsight $
+--             newUpdateInsightResponse
+--
+--         , responseUpdateOrganizationConfiguration $
+--             newUpdateOrganizationConfigurationResponse
+--
+--         , responseUpdateSecurityHubConfiguration $
+--             newUpdateSecurityHubConfigurationResponse
+--
+--         , responseUpdateStandardsControl $
+--             newUpdateStandardsControlResponse
+--
+--           ]
+--     ]
+
+-- Requests
+
+requestAcceptAdministratorInvitation :: AcceptAdministratorInvitation -> TestTree
+requestAcceptAdministratorInvitation =
+  req
+    "AcceptAdministratorInvitation"
+    "fixture/AcceptAdministratorInvitation.yaml"
+
+requestBatchDisableStandards :: BatchDisableStandards -> TestTree
+requestBatchDisableStandards =
+  req
+    "BatchDisableStandards"
+    "fixture/BatchDisableStandards.yaml"
+
+requestBatchEnableStandards :: BatchEnableStandards -> TestTree
+requestBatchEnableStandards =
+  req
+    "BatchEnableStandards"
+    "fixture/BatchEnableStandards.yaml"
+
+requestBatchImportFindings :: BatchImportFindings -> TestTree
+requestBatchImportFindings =
+  req
+    "BatchImportFindings"
+    "fixture/BatchImportFindings.yaml"
+
+requestBatchUpdateFindings :: BatchUpdateFindings -> TestTree
+requestBatchUpdateFindings =
+  req
+    "BatchUpdateFindings"
+    "fixture/BatchUpdateFindings.yaml"
+
+requestCreateActionTarget :: CreateActionTarget -> TestTree
+requestCreateActionTarget =
+  req
+    "CreateActionTarget"
+    "fixture/CreateActionTarget.yaml"
+
+requestCreateFindingAggregator :: CreateFindingAggregator -> TestTree
+requestCreateFindingAggregator =
+  req
+    "CreateFindingAggregator"
+    "fixture/CreateFindingAggregator.yaml"
+
+requestCreateInsight :: CreateInsight -> TestTree
+requestCreateInsight =
+  req
+    "CreateInsight"
+    "fixture/CreateInsight.yaml"
+
+requestCreateMembers :: CreateMembers -> TestTree
+requestCreateMembers =
+  req
+    "CreateMembers"
+    "fixture/CreateMembers.yaml"
+
+requestDeclineInvitations :: DeclineInvitations -> TestTree
+requestDeclineInvitations =
+  req
+    "DeclineInvitations"
+    "fixture/DeclineInvitations.yaml"
+
+requestDeleteActionTarget :: DeleteActionTarget -> TestTree
+requestDeleteActionTarget =
+  req
+    "DeleteActionTarget"
+    "fixture/DeleteActionTarget.yaml"
+
+requestDeleteFindingAggregator :: DeleteFindingAggregator -> TestTree
+requestDeleteFindingAggregator =
+  req
+    "DeleteFindingAggregator"
+    "fixture/DeleteFindingAggregator.yaml"
+
+requestDeleteInsight :: DeleteInsight -> TestTree
+requestDeleteInsight =
+  req
+    "DeleteInsight"
+    "fixture/DeleteInsight.yaml"
+
+requestDeleteInvitations :: DeleteInvitations -> TestTree
+requestDeleteInvitations =
+  req
+    "DeleteInvitations"
+    "fixture/DeleteInvitations.yaml"
+
+requestDeleteMembers :: DeleteMembers -> TestTree
+requestDeleteMembers =
+  req
+    "DeleteMembers"
+    "fixture/DeleteMembers.yaml"
+
+requestDescribeActionTargets :: DescribeActionTargets -> TestTree
+requestDescribeActionTargets =
+  req
+    "DescribeActionTargets"
+    "fixture/DescribeActionTargets.yaml"
+
+requestDescribeHub :: DescribeHub -> TestTree
+requestDescribeHub =
+  req
+    "DescribeHub"
+    "fixture/DescribeHub.yaml"
+
+requestDescribeOrganizationConfiguration :: DescribeOrganizationConfiguration -> TestTree
+requestDescribeOrganizationConfiguration =
+  req
+    "DescribeOrganizationConfiguration"
+    "fixture/DescribeOrganizationConfiguration.yaml"
+
+requestDescribeProducts :: DescribeProducts -> TestTree
+requestDescribeProducts =
+  req
+    "DescribeProducts"
+    "fixture/DescribeProducts.yaml"
+
+requestDescribeStandards :: DescribeStandards -> TestTree
+requestDescribeStandards =
+  req
+    "DescribeStandards"
+    "fixture/DescribeStandards.yaml"
+
+requestDescribeStandardsControls :: DescribeStandardsControls -> TestTree
+requestDescribeStandardsControls =
+  req
+    "DescribeStandardsControls"
+    "fixture/DescribeStandardsControls.yaml"
+
+requestDisableImportFindingsForProduct :: DisableImportFindingsForProduct -> TestTree
+requestDisableImportFindingsForProduct =
+  req
+    "DisableImportFindingsForProduct"
+    "fixture/DisableImportFindingsForProduct.yaml"
+
+requestDisableOrganizationAdminAccount :: DisableOrganizationAdminAccount -> TestTree
+requestDisableOrganizationAdminAccount =
+  req
+    "DisableOrganizationAdminAccount"
+    "fixture/DisableOrganizationAdminAccount.yaml"
+
+requestDisableSecurityHub :: DisableSecurityHub -> TestTree
+requestDisableSecurityHub =
+  req
+    "DisableSecurityHub"
+    "fixture/DisableSecurityHub.yaml"
+
+requestDisassociateFromAdministratorAccount :: DisassociateFromAdministratorAccount -> TestTree
+requestDisassociateFromAdministratorAccount =
+  req
+    "DisassociateFromAdministratorAccount"
+    "fixture/DisassociateFromAdministratorAccount.yaml"
+
+requestDisassociateMembers :: DisassociateMembers -> TestTree
+requestDisassociateMembers =
+  req
+    "DisassociateMembers"
+    "fixture/DisassociateMembers.yaml"
+
+requestEnableImportFindingsForProduct :: EnableImportFindingsForProduct -> TestTree
+requestEnableImportFindingsForProduct =
+  req
+    "EnableImportFindingsForProduct"
+    "fixture/EnableImportFindingsForProduct.yaml"
+
+requestEnableOrganizationAdminAccount :: EnableOrganizationAdminAccount -> TestTree
+requestEnableOrganizationAdminAccount =
+  req
+    "EnableOrganizationAdminAccount"
+    "fixture/EnableOrganizationAdminAccount.yaml"
+
+requestEnableSecurityHub :: EnableSecurityHub -> TestTree
+requestEnableSecurityHub =
+  req
+    "EnableSecurityHub"
+    "fixture/EnableSecurityHub.yaml"
+
+requestGetAdministratorAccount :: GetAdministratorAccount -> TestTree
+requestGetAdministratorAccount =
+  req
+    "GetAdministratorAccount"
+    "fixture/GetAdministratorAccount.yaml"
+
+requestGetEnabledStandards :: GetEnabledStandards -> TestTree
+requestGetEnabledStandards =
+  req
+    "GetEnabledStandards"
+    "fixture/GetEnabledStandards.yaml"
+
+requestGetFindingAggregator :: GetFindingAggregator -> TestTree
+requestGetFindingAggregator =
+  req
+    "GetFindingAggregator"
+    "fixture/GetFindingAggregator.yaml"
+
+requestGetFindings :: GetFindings -> TestTree
+requestGetFindings =
+  req
+    "GetFindings"
+    "fixture/GetFindings.yaml"
+
+requestGetInsightResults :: GetInsightResults -> TestTree
+requestGetInsightResults =
+  req
+    "GetInsightResults"
+    "fixture/GetInsightResults.yaml"
+
+requestGetInsights :: GetInsights -> TestTree
+requestGetInsights =
+  req
+    "GetInsights"
+    "fixture/GetInsights.yaml"
+
+requestGetInvitationsCount :: GetInvitationsCount -> TestTree
+requestGetInvitationsCount =
+  req
+    "GetInvitationsCount"
+    "fixture/GetInvitationsCount.yaml"
+
+requestGetMembers :: GetMembers -> TestTree
+requestGetMembers =
+  req
+    "GetMembers"
+    "fixture/GetMembers.yaml"
+
+requestInviteMembers :: InviteMembers -> TestTree
+requestInviteMembers =
+  req
+    "InviteMembers"
+    "fixture/InviteMembers.yaml"
+
+requestListEnabledProductsForImport :: ListEnabledProductsForImport -> TestTree
+requestListEnabledProductsForImport =
+  req
+    "ListEnabledProductsForImport"
+    "fixture/ListEnabledProductsForImport.yaml"
+
+requestListFindingAggregators :: ListFindingAggregators -> TestTree
+requestListFindingAggregators =
+  req
+    "ListFindingAggregators"
+    "fixture/ListFindingAggregators.yaml"
+
+requestListInvitations :: ListInvitations -> TestTree
+requestListInvitations =
+  req
+    "ListInvitations"
+    "fixture/ListInvitations.yaml"
+
+requestListMembers :: ListMembers -> TestTree
+requestListMembers =
+  req
+    "ListMembers"
+    "fixture/ListMembers.yaml"
+
+requestListOrganizationAdminAccounts :: ListOrganizationAdminAccounts -> TestTree
+requestListOrganizationAdminAccounts =
+  req
+    "ListOrganizationAdminAccounts"
+    "fixture/ListOrganizationAdminAccounts.yaml"
+
+requestListTagsForResource :: ListTagsForResource -> TestTree
+requestListTagsForResource =
+  req
+    "ListTagsForResource"
+    "fixture/ListTagsForResource.yaml"
+
+requestTagResource :: TagResource -> TestTree
+requestTagResource =
+  req
+    "TagResource"
+    "fixture/TagResource.yaml"
+
+requestUntagResource :: UntagResource -> TestTree
+requestUntagResource =
+  req
+    "UntagResource"
+    "fixture/UntagResource.yaml"
+
+requestUpdateActionTarget :: UpdateActionTarget -> TestTree
+requestUpdateActionTarget =
+  req
+    "UpdateActionTarget"
+    "fixture/UpdateActionTarget.yaml"
+
+requestUpdateFindingAggregator :: UpdateFindingAggregator -> TestTree
+requestUpdateFindingAggregator =
+  req
+    "UpdateFindingAggregator"
+    "fixture/UpdateFindingAggregator.yaml"
+
+requestUpdateFindings :: UpdateFindings -> TestTree
+requestUpdateFindings =
+  req
+    "UpdateFindings"
+    "fixture/UpdateFindings.yaml"
+
+requestUpdateInsight :: UpdateInsight -> TestTree
+requestUpdateInsight =
+  req
+    "UpdateInsight"
+    "fixture/UpdateInsight.yaml"
+
+requestUpdateOrganizationConfiguration :: UpdateOrganizationConfiguration -> TestTree
+requestUpdateOrganizationConfiguration =
+  req
+    "UpdateOrganizationConfiguration"
+    "fixture/UpdateOrganizationConfiguration.yaml"
+
+requestUpdateSecurityHubConfiguration :: UpdateSecurityHubConfiguration -> TestTree
+requestUpdateSecurityHubConfiguration =
+  req
+    "UpdateSecurityHubConfiguration"
+    "fixture/UpdateSecurityHubConfiguration.yaml"
+
+requestUpdateStandardsControl :: UpdateStandardsControl -> TestTree
+requestUpdateStandardsControl =
+  req
+    "UpdateStandardsControl"
+    "fixture/UpdateStandardsControl.yaml"
+
+-- Responses
+
+responseAcceptAdministratorInvitation :: AcceptAdministratorInvitationResponse -> TestTree
+responseAcceptAdministratorInvitation =
+  res
+    "AcceptAdministratorInvitationResponse"
+    "fixture/AcceptAdministratorInvitationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy AcceptAdministratorInvitation)
+
+responseBatchDisableStandards :: BatchDisableStandardsResponse -> TestTree
+responseBatchDisableStandards =
+  res
+    "BatchDisableStandardsResponse"
+    "fixture/BatchDisableStandardsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy BatchDisableStandards)
+
+responseBatchEnableStandards :: BatchEnableStandardsResponse -> TestTree
+responseBatchEnableStandards =
+  res
+    "BatchEnableStandardsResponse"
+    "fixture/BatchEnableStandardsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy BatchEnableStandards)
+
+responseBatchImportFindings :: BatchImportFindingsResponse -> TestTree
+responseBatchImportFindings =
+  res
+    "BatchImportFindingsResponse"
+    "fixture/BatchImportFindingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy BatchImportFindings)
+
+responseBatchUpdateFindings :: BatchUpdateFindingsResponse -> TestTree
+responseBatchUpdateFindings =
+  res
+    "BatchUpdateFindingsResponse"
+    "fixture/BatchUpdateFindingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy BatchUpdateFindings)
+
+responseCreateActionTarget :: CreateActionTargetResponse -> TestTree
+responseCreateActionTarget =
+  res
+    "CreateActionTargetResponse"
+    "fixture/CreateActionTargetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateActionTarget)
+
+responseCreateFindingAggregator :: CreateFindingAggregatorResponse -> TestTree
+responseCreateFindingAggregator =
+  res
+    "CreateFindingAggregatorResponse"
+    "fixture/CreateFindingAggregatorResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateFindingAggregator)
+
+responseCreateInsight :: CreateInsightResponse -> TestTree
+responseCreateInsight =
+  res
+    "CreateInsightResponse"
+    "fixture/CreateInsightResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateInsight)
+
+responseCreateMembers :: CreateMembersResponse -> TestTree
+responseCreateMembers =
+  res
+    "CreateMembersResponse"
+    "fixture/CreateMembersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateMembers)
+
+responseDeclineInvitations :: DeclineInvitationsResponse -> TestTree
+responseDeclineInvitations =
+  res
+    "DeclineInvitationsResponse"
+    "fixture/DeclineInvitationsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeclineInvitations)
+
+responseDeleteActionTarget :: DeleteActionTargetResponse -> TestTree
+responseDeleteActionTarget =
+  res
+    "DeleteActionTargetResponse"
+    "fixture/DeleteActionTargetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteActionTarget)
+
+responseDeleteFindingAggregator :: DeleteFindingAggregatorResponse -> TestTree
+responseDeleteFindingAggregator =
+  res
+    "DeleteFindingAggregatorResponse"
+    "fixture/DeleteFindingAggregatorResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteFindingAggregator)
+
+responseDeleteInsight :: DeleteInsightResponse -> TestTree
+responseDeleteInsight =
+  res
+    "DeleteInsightResponse"
+    "fixture/DeleteInsightResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteInsight)
+
+responseDeleteInvitations :: DeleteInvitationsResponse -> TestTree
+responseDeleteInvitations =
+  res
+    "DeleteInvitationsResponse"
+    "fixture/DeleteInvitationsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteInvitations)
+
+responseDeleteMembers :: DeleteMembersResponse -> TestTree
+responseDeleteMembers =
+  res
+    "DeleteMembersResponse"
+    "fixture/DeleteMembersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteMembers)
+
+responseDescribeActionTargets :: DescribeActionTargetsResponse -> TestTree
+responseDescribeActionTargets =
+  res
+    "DescribeActionTargetsResponse"
+    "fixture/DescribeActionTargetsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeActionTargets)
+
+responseDescribeHub :: DescribeHubResponse -> TestTree
+responseDescribeHub =
+  res
+    "DescribeHubResponse"
+    "fixture/DescribeHubResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeHub)
+
+responseDescribeOrganizationConfiguration :: DescribeOrganizationConfigurationResponse -> TestTree
+responseDescribeOrganizationConfiguration =
+  res
+    "DescribeOrganizationConfigurationResponse"
+    "fixture/DescribeOrganizationConfigurationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeOrganizationConfiguration)
+
+responseDescribeProducts :: DescribeProductsResponse -> TestTree
+responseDescribeProducts =
+  res
+    "DescribeProductsResponse"
+    "fixture/DescribeProductsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeProducts)
+
+responseDescribeStandards :: DescribeStandardsResponse -> TestTree
+responseDescribeStandards =
+  res
+    "DescribeStandardsResponse"
+    "fixture/DescribeStandardsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeStandards)
+
+responseDescribeStandardsControls :: DescribeStandardsControlsResponse -> TestTree
+responseDescribeStandardsControls =
+  res
+    "DescribeStandardsControlsResponse"
+    "fixture/DescribeStandardsControlsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeStandardsControls)
+
+responseDisableImportFindingsForProduct :: DisableImportFindingsForProductResponse -> TestTree
+responseDisableImportFindingsForProduct =
+  res
+    "DisableImportFindingsForProductResponse"
+    "fixture/DisableImportFindingsForProductResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisableImportFindingsForProduct)
+
+responseDisableOrganizationAdminAccount :: DisableOrganizationAdminAccountResponse -> TestTree
+responseDisableOrganizationAdminAccount =
+  res
+    "DisableOrganizationAdminAccountResponse"
+    "fixture/DisableOrganizationAdminAccountResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisableOrganizationAdminAccount)
+
+responseDisableSecurityHub :: DisableSecurityHubResponse -> TestTree
+responseDisableSecurityHub =
+  res
+    "DisableSecurityHubResponse"
+    "fixture/DisableSecurityHubResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisableSecurityHub)
+
+responseDisassociateFromAdministratorAccount :: DisassociateFromAdministratorAccountResponse -> TestTree
+responseDisassociateFromAdministratorAccount =
+  res
+    "DisassociateFromAdministratorAccountResponse"
+    "fixture/DisassociateFromAdministratorAccountResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisassociateFromAdministratorAccount)
+
+responseDisassociateMembers :: DisassociateMembersResponse -> TestTree
+responseDisassociateMembers =
+  res
+    "DisassociateMembersResponse"
+    "fixture/DisassociateMembersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisassociateMembers)
+
+responseEnableImportFindingsForProduct :: EnableImportFindingsForProductResponse -> TestTree
+responseEnableImportFindingsForProduct =
+  res
+    "EnableImportFindingsForProductResponse"
+    "fixture/EnableImportFindingsForProductResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy EnableImportFindingsForProduct)
+
+responseEnableOrganizationAdminAccount :: EnableOrganizationAdminAccountResponse -> TestTree
+responseEnableOrganizationAdminAccount =
+  res
+    "EnableOrganizationAdminAccountResponse"
+    "fixture/EnableOrganizationAdminAccountResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy EnableOrganizationAdminAccount)
+
+responseEnableSecurityHub :: EnableSecurityHubResponse -> TestTree
+responseEnableSecurityHub =
+  res
+    "EnableSecurityHubResponse"
+    "fixture/EnableSecurityHubResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy EnableSecurityHub)
+
+responseGetAdministratorAccount :: GetAdministratorAccountResponse -> TestTree
+responseGetAdministratorAccount =
+  res
+    "GetAdministratorAccountResponse"
+    "fixture/GetAdministratorAccountResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetAdministratorAccount)
+
+responseGetEnabledStandards :: GetEnabledStandardsResponse -> TestTree
+responseGetEnabledStandards =
+  res
+    "GetEnabledStandardsResponse"
+    "fixture/GetEnabledStandardsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetEnabledStandards)
+
+responseGetFindingAggregator :: GetFindingAggregatorResponse -> TestTree
+responseGetFindingAggregator =
+  res
+    "GetFindingAggregatorResponse"
+    "fixture/GetFindingAggregatorResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetFindingAggregator)
+
+responseGetFindings :: GetFindingsResponse -> TestTree
+responseGetFindings =
+  res
+    "GetFindingsResponse"
+    "fixture/GetFindingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetFindings)
+
+responseGetInsightResults :: GetInsightResultsResponse -> TestTree
+responseGetInsightResults =
+  res
+    "GetInsightResultsResponse"
+    "fixture/GetInsightResultsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetInsightResults)
+
+responseGetInsights :: GetInsightsResponse -> TestTree
+responseGetInsights =
+  res
+    "GetInsightsResponse"
+    "fixture/GetInsightsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetInsights)
+
+responseGetInvitationsCount :: GetInvitationsCountResponse -> TestTree
+responseGetInvitationsCount =
+  res
+    "GetInvitationsCountResponse"
+    "fixture/GetInvitationsCountResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetInvitationsCount)
+
+responseGetMembers :: GetMembersResponse -> TestTree
+responseGetMembers =
+  res
+    "GetMembersResponse"
+    "fixture/GetMembersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetMembers)
+
+responseInviteMembers :: InviteMembersResponse -> TestTree
+responseInviteMembers =
+  res
+    "InviteMembersResponse"
+    "fixture/InviteMembersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy InviteMembers)
+
+responseListEnabledProductsForImport :: ListEnabledProductsForImportResponse -> TestTree
+responseListEnabledProductsForImport =
+  res
+    "ListEnabledProductsForImportResponse"
+    "fixture/ListEnabledProductsForImportResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListEnabledProductsForImport)
+
+responseListFindingAggregators :: ListFindingAggregatorsResponse -> TestTree
+responseListFindingAggregators =
+  res
+    "ListFindingAggregatorsResponse"
+    "fixture/ListFindingAggregatorsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListFindingAggregators)
+
+responseListInvitations :: ListInvitationsResponse -> TestTree
+responseListInvitations =
+  res
+    "ListInvitationsResponse"
+    "fixture/ListInvitationsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListInvitations)
+
+responseListMembers :: ListMembersResponse -> TestTree
+responseListMembers =
+  res
+    "ListMembersResponse"
+    "fixture/ListMembersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListMembers)
+
+responseListOrganizationAdminAccounts :: ListOrganizationAdminAccountsResponse -> TestTree
+responseListOrganizationAdminAccounts =
+  res
+    "ListOrganizationAdminAccountsResponse"
+    "fixture/ListOrganizationAdminAccountsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListOrganizationAdminAccounts)
+
+responseListTagsForResource :: ListTagsForResourceResponse -> TestTree
+responseListTagsForResource =
+  res
+    "ListTagsForResourceResponse"
+    "fixture/ListTagsForResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListTagsForResource)
+
+responseTagResource :: TagResourceResponse -> TestTree
+responseTagResource =
+  res
+    "TagResourceResponse"
+    "fixture/TagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy TagResource)
+
+responseUntagResource :: UntagResourceResponse -> TestTree
+responseUntagResource =
+  res
+    "UntagResourceResponse"
+    "fixture/UntagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UntagResource)
+
+responseUpdateActionTarget :: UpdateActionTargetResponse -> TestTree
+responseUpdateActionTarget =
+  res
+    "UpdateActionTargetResponse"
+    "fixture/UpdateActionTargetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateActionTarget)
+
+responseUpdateFindingAggregator :: UpdateFindingAggregatorResponse -> TestTree
+responseUpdateFindingAggregator =
+  res
+    "UpdateFindingAggregatorResponse"
+    "fixture/UpdateFindingAggregatorResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateFindingAggregator)
+
+responseUpdateFindings :: UpdateFindingsResponse -> TestTree
+responseUpdateFindings =
+  res
+    "UpdateFindingsResponse"
+    "fixture/UpdateFindingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateFindings)
+
+responseUpdateInsight :: UpdateInsightResponse -> TestTree
+responseUpdateInsight =
+  res
+    "UpdateInsightResponse"
+    "fixture/UpdateInsightResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateInsight)
+
+responseUpdateOrganizationConfiguration :: UpdateOrganizationConfigurationResponse -> TestTree
+responseUpdateOrganizationConfiguration =
+  res
+    "UpdateOrganizationConfigurationResponse"
+    "fixture/UpdateOrganizationConfigurationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateOrganizationConfiguration)
+
+responseUpdateSecurityHubConfiguration :: UpdateSecurityHubConfigurationResponse -> TestTree
+responseUpdateSecurityHubConfiguration =
+  res
+    "UpdateSecurityHubConfigurationResponse"
+    "fixture/UpdateSecurityHubConfigurationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateSecurityHubConfiguration)
+
+responseUpdateStandardsControl :: UpdateStandardsControlResponse -> TestTree
+responseUpdateStandardsControl =
+  res
+    "UpdateStandardsControlResponse"
+    "fixture/UpdateStandardsControlResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateStandardsControl)
diff --git a/test/Test/Amazonka/SecurityHub.hs b/test/Test/Amazonka/SecurityHub.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/SecurityHub.hs
@@ -0,0 +1,20 @@
+-- |
+-- Module      : Test.Amazonka.SecurityHub
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.SecurityHub
+  ( tests,
+    fixtures,
+  )
+where
+
+import Test.Tasty (TestTree)
+
+tests :: [TestTree]
+tests = []
+
+fixtures :: [TestTree]
+fixtures = []
diff --git a/test/Test/Amazonka/SecurityHub/Internal.hs b/test/Test/Amazonka/SecurityHub/Internal.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/SecurityHub/Internal.hs
@@ -0,0 +1,8 @@
+-- |
+-- Module      : Test.Amazonka.SecurityHub.Internal
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.SecurityHub.Internal where
