docs(client-guardduty): Updated descriptions for some APIs.

awstools · awstools · commit 3d1153041aeb · 2023-06-15T18:16:46.000Z
diff --git a/clients/client-guardduty/src/commands/CreateMembersCommand.ts b/clients/client-guardduty/src/commands/CreateMembersCommand.ts
@@ -39,12 +39,18 @@ export interface CreateMembersCommandOutput extends CreateMembersResponse, __Met
  * <p>Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account
  *       IDs. This step is a prerequisite for managing the associated member accounts either by
  *       invitation or through an organization.</p>
- *          <p>When using <code>Create Members</code> as an organizations delegated administrator this
- *       action will enable GuardDuty in the added member accounts, with the exception of the
- *       organization delegated administrator account, which must enable GuardDuty prior to being added
- *       as a member.</p>
- *          <p>If you are adding accounts by invitation, use this action after GuardDuty has bee enabled in
- *       potential member accounts and before using <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html">InviteMembers</a>.</p>
+ *          <p>As a delegated administrator, using <code>CreateMembers</code> will enable GuardDuty in
+ *       the added member accounts, with the exception of the
+ *       organization delegated administrator account. A delegated administrator must enable GuardDuty
+ *       prior to being added as a member.</p>
+ *          <p>If you are adding accounts by invitation, before using <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html">InviteMembers</a>, use
+ *       <code>CreateMembers</code> after GuardDuty has been enabled in potential member accounts.</p>
+ *          <p>If you disassociate a member from a GuardDuty
+ *       delegated administrator, the member account details
+ *       obtained from this API, including the associated email addresses, will be retained.
+ *       This is done so that the delegated administrator can invoke the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html">InviteMembers</a> API without the need to invoke the CreateMembers API again. To
+ *       remove the details associated with a member account, the delegated administrator must invoke the
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html">DeleteMembers</a> API. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
diff --git a/clients/client-guardduty/src/commands/DisassociateFromAdministratorAccountCommand.ts b/clients/client-guardduty/src/commands/DisassociateFromAdministratorAccountCommand.ts
@@ -45,6 +45,12 @@ export interface DisassociateFromAdministratorAccountCommandOutput
 /**
  * @public
  * <p>Disassociates the current GuardDuty member account from its administrator account.</p>
+ *          <p>When you
+ *       disassociate an invited member from a GuardDuty delegated administrator, the member account details
+ *       obtained from the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html">CreateMembers</a> API, including the associated email addresses, are retained. This is
+ *       done so that the delegated administrator can invoke the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html">InviteMembers</a> API without the need to invoke the CreateMembers API again. To
+ *       remove the details associated with a member account, the delegated administrator must invoke the
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html">DeleteMembers</a> API. </p>
  *          <p>With <code>autoEnableOrganizationMembers</code> configuration for your organization set to
  *         <code>ALL</code>, you'll receive an error if you attempt to disable GuardDuty in a member
  *       account.</p>
diff --git a/clients/client-guardduty/src/commands/DisassociateFromMasterAccountCommand.ts b/clients/client-guardduty/src/commands/DisassociateFromMasterAccountCommand.ts
@@ -44,6 +44,12 @@ export interface DisassociateFromMasterAccountCommandOutput
  * @deprecated
  *
  * <p>Disassociates the current GuardDuty member account from its administrator account.</p>
+ *          <p>When you
+ *       disassociate an invited member from a GuardDuty delegated administrator, the member account details
+ *       obtained from the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html">CreateMembers</a> API, including the associated email addresses, are retained. This is
+ *       done so that the delegated administrator can invoke the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html">InviteMembers</a> API without the need to invoke the CreateMembers API again. To
+ *       remove the details associated with a member account, the delegated administrator must invoke the
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html">DeleteMembers</a> API.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
diff --git a/clients/client-guardduty/src/commands/DisassociateMembersCommand.ts b/clients/client-guardduty/src/commands/DisassociateMembersCommand.ts
@@ -36,8 +36,14 @@ export interface DisassociateMembersCommandOutput extends DisassociateMembersRes
 
 /**
  * @public
- * <p>Disassociates GuardDuty member accounts (to the current administrator account) specified
+ * <p>Disassociates GuardDuty member accounts (from the current administrator account) specified
  *       by the account IDs.</p>
+ *          <p>When you
+ *       disassociate an invited member from a GuardDuty delegated administrator, the member account details
+ *       obtained from the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html">CreateMembers</a> API, including the associated email addresses, are retained. This is
+ *       done so that the delegated administrator can invoke the <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html">InviteMembers</a> API without the need to invoke the CreateMembers API again. To
+ *       remove the details associated with a member account, the delegated administrator must invoke the
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html">DeleteMembers</a> API. </p>
  *          <p>With <code>autoEnableOrganizationMembers</code> configuration for your organization set to
  *         <code>ALL</code>, you'll receive an error if you attempt to disassociate a member account
  *       before removing them from your Amazon Web Services organization.</p>
diff --git a/clients/client-guardduty/src/commands/InviteMembersCommand.ts b/clients/client-guardduty/src/commands/InviteMembersCommand.ts
@@ -36,9 +36,24 @@ export interface InviteMembersCommandOutput extends InviteMembersResponse, __Met
 
 /**
  * @public
- * <p>Invites other Amazon Web Services accounts (created as members of the current Amazon Web Services account by
- *       CreateMembers) to enable GuardDuty, and allow the current Amazon Web Services account to view and manage
- *       these accounts' findings on their behalf as the GuardDuty administrator account.</p>
+ * <p>Invites Amazon Web Services accounts to become members of an organization administered by the Amazon Web Services account
+ *       that invokes this API. If you are using Amazon Web Services Organizations to manager your GuardDuty environment, this step is not
+ *       needed. For more information, see <a href="https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html">Managing accounts with Amazon Web Services Organizations</a>.</p>
+ *          <p>To invite Amazon Web Services accounts, the first step is
+ *       to ensure that GuardDuty has been enabled in the potential member accounts. You can now invoke this API
+ *       to add accounts by invitation. The
+ *       invited accounts can either accept or decline the invitation from their GuardDuty accounts. Each invited Amazon Web Services account can
+ *       choose to accept the invitation from only one Amazon Web Services account. For more information, see
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_invitations.html">Managing GuardDuty accounts
+ *       by invitation</a>.</p>
+ *          <p>After the invite has been accepted and you choose to disassociate a member account
+ *       (by using <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DisassociateMembers.html">DisassociateMembers</a>) from your account,
+ *       the details of the member account obtained by invoking <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html">CreateMembers</a>, including the
+ *       associated email addresses, will be retained.
+ *       This is done so that you can invoke InviteMembers without the need to invoke
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html">CreateMembers</a> again. To
+ *       remove the details associated with a member account, you must also invoke
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html">DeleteMembers</a>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
diff --git a/clients/client-guardduty/src/models/models_0.ts b/clients/client-guardduty/src/models/models_0.ts
@@ -572,7 +572,7 @@ export interface AwsApiCallAction {
  */
 export interface DnsRequestAction {
   /**
-   * <p>The domain information for the API request.</p>
+   * <p>The domain information for the DNS query.</p>
    */
   Domain?: string;
 
diff --git a/codegen/sdk-codegen/aws-models/guardduty.json b/codegen/sdk-codegen/aws-models/guardduty.json
@@ -1790,7 +1790,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account\n      IDs. This step is a prerequisite for managing the associated member accounts either by\n      invitation or through an organization.</p>\n         <p>When using <code>Create Members</code> as an organizations delegated administrator this\n      action will enable GuardDuty in the added member accounts, with the exception of the\n      organization delegated administrator account, which must enable GuardDuty prior to being added\n      as a member.</p>\n         <p>If you are adding accounts by invitation, use this action after GuardDuty has bee enabled in\n      potential member accounts and before using <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html\">InviteMembers</a>.</p>",
+        "smithy.api#documentation": "<p>Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account\n      IDs. This step is a prerequisite for managing the associated member accounts either by\n      invitation or through an organization.</p>\n         <p>As a delegated administrator, using <code>CreateMembers</code> will enable GuardDuty in \n      the added member accounts, with the exception of the\n      organization delegated administrator account. A delegated administrator must enable GuardDuty \n      prior to being added as a member.</p>\n         <p>If you are adding accounts by invitation, before using <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html\">InviteMembers</a>, use \n      <code>CreateMembers</code> after GuardDuty has been enabled in potential member accounts.</p>\n         <p>If you disassociate a member from a GuardDuty \n      delegated administrator, the member account details \n      obtained from this API, including the associated email addresses, will be retained. \n      This is done so that the delegated administrator can invoke the <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html\">InviteMembers</a> API without the need to invoke the CreateMembers API again. To \n      remove the details associated with a member account, the delegated administrator must invoke the \n      <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html\">DeleteMembers</a> API. </p>",
         "smithy.api#http": {
           "method": "POST",
           "uri": "/detector/{DetectorId}/member",
@@ -3606,7 +3606,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Disassociates the current GuardDuty member account from its administrator account.</p>\n         <p>With <code>autoEnableOrganizationMembers</code> configuration for your organization set to\n        <code>ALL</code>, you'll receive an error if you attempt to disable GuardDuty in a member\n      account.</p>",
+        "smithy.api#documentation": "<p>Disassociates the current GuardDuty member account from its administrator account.</p>\n         <p>When you \n      disassociate an invited member from a GuardDuty delegated administrator, the member account details \n      obtained from the <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html\">CreateMembers</a> API, including the associated email addresses, are retained. This is \n      done so that the delegated administrator can invoke the <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html\">InviteMembers</a> API without the need to invoke the CreateMembers API again. To \n      remove the details associated with a member account, the delegated administrator must invoke the \n      <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html\">DeleteMembers</a> API. </p>\n         <p>With <code>autoEnableOrganizationMembers</code> configuration for your organization set to\n        <code>ALL</code>, you'll receive an error if you attempt to disable GuardDuty in a member\n      account.</p>",
         "smithy.api#http": {
           "method": "POST",
           "uri": "/detector/{DetectorId}/administrator/disassociate",
@@ -3658,7 +3658,7 @@
         "smithy.api#deprecated": {
           "message": "This operation is deprecated, use DisassociateFromAdministratorAccount instead"
         },
-        "smithy.api#documentation": "<p>Disassociates the current GuardDuty member account from its administrator account.</p>",
+        "smithy.api#documentation": "<p>Disassociates the current GuardDuty member account from its administrator account.</p>\n         <p>When you \n      disassociate an invited member from a GuardDuty delegated administrator, the member account details \n      obtained from the <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html\">CreateMembers</a> API, including the associated email addresses, are retained. This is \n      done so that the delegated administrator can invoke the <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html\">InviteMembers</a> API without the need to invoke the CreateMembers API again. To \n      remove the details associated with a member account, the delegated administrator must invoke the \n      <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html\">DeleteMembers</a> API.</p>",
         "smithy.api#http": {
           "method": "POST",
           "uri": "/detector/{DetectorId}/master/disassociate",
@@ -3713,7 +3713,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Disassociates GuardDuty member accounts (to the current administrator account) specified\n      by the account IDs.</p>\n         <p>With <code>autoEnableOrganizationMembers</code> configuration for your organization set to\n        <code>ALL</code>, you'll receive an error if you attempt to disassociate a member account\n      before removing them from your Amazon Web Services organization.</p>",
+        "smithy.api#documentation": "<p>Disassociates GuardDuty member accounts (from the current administrator account) specified\n      by the account IDs.</p>\n         <p>When you \n      disassociate an invited member from a GuardDuty delegated administrator, the member account details \n      obtained from the <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html\">CreateMembers</a> API, including the associated email addresses, are retained. This is \n      done so that the delegated administrator can invoke the <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html\">InviteMembers</a> API without the need to invoke the CreateMembers API again. To \n      remove the details associated with a member account, the delegated administrator must invoke the \n      <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html\">DeleteMembers</a> API. </p>\n         <p>With <code>autoEnableOrganizationMembers</code> configuration for your organization set to\n        <code>ALL</code>, you'll receive an error if you attempt to disassociate a member account\n      before removing them from your Amazon Web Services organization.</p>",
         "smithy.api#http": {
           "method": "POST",
           "uri": "/detector/{DetectorId}/member/disassociate",
@@ -3768,7 +3768,7 @@
         "Domain": {
           "target": "com.amazonaws.guardduty#String",
           "traits": {
-            "smithy.api#documentation": "<p>The domain information for the API request.</p>",
+            "smithy.api#documentation": "<p>The domain information for the DNS query.</p>",
             "smithy.api#jsonName": "domain"
           }
         },
@@ -7538,7 +7538,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Invites other Amazon Web Services accounts (created as members of the current Amazon Web Services account by\n      CreateMembers) to enable GuardDuty, and allow the current Amazon Web Services account to view and manage\n      these accounts' findings on their behalf as the GuardDuty administrator account.</p>",
+        "smithy.api#documentation": "<p>Invites Amazon Web Services accounts to become members of an organization administered by the Amazon Web Services account \n      that invokes this API. If you are using Amazon Web Services Organizations to manager your GuardDuty environment, this step is not \n      needed. For more information, see <a href=\"https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html\">Managing accounts with Amazon Web Services Organizations</a>.</p>\n         <p>To invite Amazon Web Services accounts, the first step is \n      to ensure that GuardDuty has been enabled in the potential member accounts. You can now invoke this API\n      to add accounts by invitation. The \n      invited accounts can either accept or decline the invitation from their GuardDuty accounts. Each invited Amazon Web Services account can \n      choose to accept the invitation from only one Amazon Web Services account. For more information, see \n      <a href=\"https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_invitations.html\">Managing GuardDuty accounts \n      by invitation</a>.</p>\n         <p>After the invite has been accepted and you choose to disassociate a member account \n      (by using <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DisassociateMembers.html\">DisassociateMembers</a>) from your account, \n      the details of the member account obtained by invoking <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html\">CreateMembers</a>, including the \n      associated email addresses, will be retained. \n      This is done so that you can invoke InviteMembers without the need to invoke \n      <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html\">CreateMembers</a> again. To \n      remove the details associated with a member account, you must also invoke \n      <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteMembers.html\">DeleteMembers</a>. </p>",
         "smithy.api#http": {
           "method": "POST",
           "uri": "/detector/{DetectorId}/member/invite",
