aws-sdk-accessanalyzer 1.10.0 → 1.15.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: dda178cc768b4072bbdea632cd9606b68e23789429441f238298f70c563d365b
4
- data.tar.gz: 3d4ac1f9085456d4142c2fa7325572bbbb6d3a9f65b2e722f630a965d6fbb602
3
+ metadata.gz: 834f3bb04382a9326903cc39f1d847f0ea6453dff9cc6f6a1e79130685b24d7a
4
+ data.tar.gz: 89c34346ac02f78a18963d887eeec70cacc8edeff6d3fb4579e4532129f45fcd
5
5
  SHA512:
6
- metadata.gz: e716d2db355f5723e4c741e303a5ca7ba6972ac1283b6a7ac65e6042a8ba323f11db83bc5e231796833c8a8ac95b922d77b2f18bc4136e10cbba6e6bd1fca66f
7
- data.tar.gz: c9b2c8a08f0dc54e119038568aa25a605df4f8351354688c96ce83ba01b2d331a622398218ddde7372ccd5c3039f4b74014d3b6518c3d92d9293e6cb149a2bca
6
+ metadata.gz: a05271f0ad161daa1d54e46d3e515de8202ada85b7ab6c824bd6192dd6080d49e4ed050e7548f8673f9c689d5553af5fde9e4b7b3cb55dbd75750a1435854a25
7
+ data.tar.gz: 7d0e397b9ba96564d9e7699e0725ff71ed5d5b43ae53a3a8d293819899d2a7134da825df053b703640629cb3f212abc85f087553061df50eb6c2a4d362195ea8
@@ -7,6 +7,7 @@
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
10
+
10
11
  require 'aws-sdk-core'
11
12
  require 'aws-sigv4'
12
13
 
@@ -27,7 +28,7 @@ require_relative 'aws-sdk-accessanalyzer/customizations'
27
28
  # structure.
28
29
  #
29
30
  # access_analyzer = Aws::AccessAnalyzer::Client.new
30
- # resp = access_analyzer.create_analyzer(params)
31
+ # resp = access_analyzer.apply_archive_rule(params)
31
32
  #
32
33
  # See {Client} for more information.
33
34
  #
@@ -47,6 +48,6 @@ require_relative 'aws-sdk-accessanalyzer/customizations'
47
48
  # @!group service
48
49
  module Aws::AccessAnalyzer
49
50
 
50
- GEM_VERSION = '1.10.0'
51
+ GEM_VERSION = '1.15.0'
51
52
 
52
53
  end
@@ -327,6 +327,40 @@ module Aws::AccessAnalyzer
327
327
 
328
328
  # @!group API Operations
329
329
 
330
+ # Retroactively applies the archive rule to existing findings that meet
331
+ # the archive rule criteria.
332
+ #
333
+ # @option params [required, String] :analyzer_arn
334
+ # The Amazon resource name (ARN) of the analyzer.
335
+ #
336
+ # @option params [String] :client_token
337
+ # A client token.
338
+ #
339
+ # **A suitable default value is auto-generated.** You should normally
340
+ # not need to pass this option.**
341
+ #
342
+ # @option params [required, String] :rule_name
343
+ # The name of the rule to apply.
344
+ #
345
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
346
+ #
347
+ # @example Request syntax with placeholder values
348
+ #
349
+ # resp = client.apply_archive_rule({
350
+ # analyzer_arn: "AnalyzerArn", # required
351
+ # client_token: "String",
352
+ # rule_name: "Name", # required
353
+ # })
354
+ #
355
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ApplyArchiveRule AWS API Documentation
356
+ #
357
+ # @overload apply_archive_rule(params = {})
358
+ # @param [Hash] params ({})
359
+ def apply_archive_rule(params = {}, options = {})
360
+ req = build_request(:apply_archive_rule, params)
361
+ req.send_request(options)
362
+ end
363
+
330
364
  # Creates an analyzer for your account.
331
365
  #
332
366
  # @option params [required, String] :analyzer_name
@@ -347,8 +381,10 @@ module Aws::AccessAnalyzer
347
381
  # The tags to apply to the analyzer.
348
382
  #
349
383
  # @option params [required, String] :type
350
- # The type of analyzer to create. Only ACCOUNT analyzers are supported.
351
- # You can create only one analyzer per account per Region.
384
+ # The type of analyzer to create. Only ACCOUNT and ORGANIZATION
385
+ # analyzers are supported. You can create only one analyzer per account
386
+ # per Region. You can create up to 5 analyzers per organization per
387
+ # Region.
352
388
  #
353
389
  # @return [Types::CreateAnalyzerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
354
390
  #
@@ -392,8 +428,8 @@ module Aws::AccessAnalyzer
392
428
  end
393
429
 
394
430
  # Creates an archive rule for the specified analyzer. Archive rules
395
- # automatically archive findings that meet the criteria you define when
396
- # you create the rule.
431
+ # automatically archive new findings that meet the criteria you define
432
+ # when you create the rule.
397
433
  #
398
434
  # @option params [required, String] :analyzer_name
399
435
  # The name of the created analyzer.
@@ -438,9 +474,9 @@ module Aws::AccessAnalyzer
438
474
  end
439
475
 
440
476
  # Deletes the specified analyzer. When you delete an analyzer, Access
441
- # Analyzer is disabled for the account in the current or specific
442
- # Region. All findings that were generated by the analyzer are deleted.
443
- # You cannot undo this action.
477
+ # Analyzer is disabled for the account or organization in the current or
478
+ # specific Region. All findings that were generated by the analyzer are
479
+ # deleted. You cannot undo this action.
444
480
  #
445
481
  # @option params [required, String] :analyzer_name
446
482
  # The name of the analyzer to delete.
@@ -532,7 +568,7 @@ module Aws::AccessAnalyzer
532
568
  # resp.resource.is_public #=> Boolean
533
569
  # resp.resource.resource_arn #=> String
534
570
  # resp.resource.resource_owner_account #=> String
535
- # resp.resource.resource_type #=> String, one of "AWS::IAM::Role", "AWS::KMS::Key", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::S3::Bucket", "AWS::SQS::Queue"
571
+ # resp.resource.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
536
572
  # resp.resource.shared_via #=> Array
537
573
  # resp.resource.shared_via[0] #=> String
538
574
  # resp.resource.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
@@ -586,6 +622,13 @@ module Aws::AccessAnalyzer
586
622
 
587
623
  # Retrieves information about an archive rule.
588
624
  #
625
+ # To learn about filter keys that you can use to create an archive rule,
626
+ # see [Access Analyzer filter keys][1] in the **IAM User Guide**.
627
+ #
628
+ #
629
+ #
630
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
631
+ #
589
632
  # @option params [required, String] :analyzer_name
590
633
  # The name of the analyzer to retrieve rules from.
591
634
  #
@@ -660,10 +703,10 @@ module Aws::AccessAnalyzer
660
703
  # resp.finding.principal["String"] #=> String
661
704
  # resp.finding.resource #=> String
662
705
  # resp.finding.resource_owner_account #=> String
663
- # resp.finding.resource_type #=> String, one of "AWS::IAM::Role", "AWS::KMS::Key", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::S3::Bucket", "AWS::SQS::Queue"
706
+ # resp.finding.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
664
707
  # resp.finding.sources #=> Array
665
708
  # resp.finding.sources[0].detail.access_point_arn #=> String
666
- # resp.finding.sources[0].type #=> String, one of "BUCKET_ACL", "POLICY", "S3_ACCESS_POINT"
709
+ # resp.finding.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
667
710
  # resp.finding.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
668
711
  # resp.finding.updated_at #=> Time
669
712
  #
@@ -704,7 +747,7 @@ module Aws::AccessAnalyzer
704
747
  # analyzer_arn: "AnalyzerArn", # required
705
748
  # max_results: 1,
706
749
  # next_token: "Token",
707
- # resource_type: "AWS::IAM::Role", # accepts AWS::IAM::Role, AWS::KMS::Key, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::S3::Bucket, AWS::SQS::Queue
750
+ # resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
708
751
  # })
709
752
  #
710
753
  # @example Response structure
@@ -712,7 +755,7 @@ module Aws::AccessAnalyzer
712
755
  # resp.analyzed_resources #=> Array
713
756
  # resp.analyzed_resources[0].resource_arn #=> String
714
757
  # resp.analyzed_resources[0].resource_owner_account #=> String
715
- # resp.analyzed_resources[0].resource_type #=> String, one of "AWS::IAM::Role", "AWS::KMS::Key", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::S3::Bucket", "AWS::SQS::Queue"
758
+ # resp.analyzed_resources[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
716
759
  # resp.next_token #=> String
717
760
  #
718
761
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResources AWS API Documentation
@@ -827,6 +870,13 @@ module Aws::AccessAnalyzer
827
870
 
828
871
  # Retrieves a list of findings generated by the specified analyzer.
829
872
  #
873
+ # To learn about filter keys that you can use to create an archive rule,
874
+ # see [Access Analyzer filter keys][1] in the **IAM User Guide**.
875
+ #
876
+ #
877
+ #
878
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
879
+ #
830
880
  # @option params [required, String] :analyzer_arn
831
881
  # The ARN of the analyzer to retrieve findings from.
832
882
  #
@@ -885,10 +935,10 @@ module Aws::AccessAnalyzer
885
935
  # resp.findings[0].principal["String"] #=> String
886
936
  # resp.findings[0].resource #=> String
887
937
  # resp.findings[0].resource_owner_account #=> String
888
- # resp.findings[0].resource_type #=> String, one of "AWS::IAM::Role", "AWS::KMS::Key", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::S3::Bucket", "AWS::SQS::Queue"
938
+ # resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
889
939
  # resp.findings[0].sources #=> Array
890
940
  # resp.findings[0].sources[0].detail.access_point_arn #=> String
891
- # resp.findings[0].sources[0].type #=> String, one of "BUCKET_ACL", "POLICY", "S3_ACCESS_POINT"
941
+ # resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
892
942
  # resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
893
943
  # resp.findings[0].updated_at #=> Time
894
944
  # resp.next_token #=> String
@@ -1114,7 +1164,7 @@ module Aws::AccessAnalyzer
1114
1164
  params: params,
1115
1165
  config: config)
1116
1166
  context[:gem_name] = 'aws-sdk-accessanalyzer'
1117
- context[:gem_version] = '1.10.0'
1167
+ context[:gem_version] = '1.15.0'
1118
1168
  Seahorse::Client::Request.new(handlers, context)
1119
1169
  end
1120
1170
 
@@ -22,6 +22,7 @@ module Aws::AccessAnalyzer
22
22
  AnalyzerStatus = Shapes::StringShape.new(name: 'AnalyzerStatus')
23
23
  AnalyzerSummary = Shapes::StructureShape.new(name: 'AnalyzerSummary')
24
24
  AnalyzersList = Shapes::ListShape.new(name: 'AnalyzersList')
25
+ ApplyArchiveRuleRequest = Shapes::StructureShape.new(name: 'ApplyArchiveRuleRequest')
25
26
  ArchiveRuleSummary = Shapes::StructureShape.new(name: 'ArchiveRuleSummary')
26
27
  ArchiveRulesList = Shapes::ListShape.new(name: 'ArchiveRulesList')
27
28
  Boolean = Shapes::BooleanShape.new(name: 'Boolean')
@@ -136,6 +137,11 @@ module Aws::AccessAnalyzer
136
137
 
137
138
  AnalyzersList.member = Shapes::ShapeRef.new(shape: AnalyzerSummary)
138
139
 
140
+ ApplyArchiveRuleRequest.add_member(:analyzer_arn, Shapes::ShapeRef.new(shape: AnalyzerArn, required: true, location_name: "analyzerArn"))
141
+ ApplyArchiveRuleRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: String, location_name: "clientToken", metadata: {"idempotencyToken"=>true}))
142
+ ApplyArchiveRuleRequest.add_member(:rule_name, Shapes::ShapeRef.new(shape: Name, required: true, location_name: "ruleName"))
143
+ ApplyArchiveRuleRequest.struct_class = Types::ApplyArchiveRuleRequest
144
+
139
145
  ArchiveRuleSummary.add_member(:created_at, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "createdAt"))
140
146
  ArchiveRuleSummary.add_member(:filter, Shapes::ShapeRef.new(shape: FilterCriteriaMap, required: true, location_name: "filter"))
141
147
  ArchiveRuleSummary.add_member(:rule_name, Shapes::ShapeRef.new(shape: Name, required: true, location_name: "ruleName"))
@@ -404,6 +410,19 @@ module Aws::AccessAnalyzer
404
410
  "uid" => "accessanalyzer-2019-11-01",
405
411
  }
406
412
 
413
+ api.add_operation(:apply_archive_rule, Seahorse::Model::Operation.new.tap do |o|
414
+ o.name = "ApplyArchiveRule"
415
+ o.http_method = "PUT"
416
+ o.http_request_uri = "/archive-rule"
417
+ o.input = Shapes::ShapeRef.new(shape: ApplyArchiveRuleRequest)
418
+ o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
419
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
420
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
421
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
422
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
423
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
424
+ end)
425
+
407
426
  api.add_operation(:create_analyzer, Seahorse::Model::Operation.new.tap do |o|
408
427
  o.name = "CreateAnalyzer"
409
428
  o.http_method = "PUT"
@@ -99,6 +99,10 @@ module Aws::AccessAnalyzer
99
99
  def retry_after_seconds
100
100
  @data[:retry_after_seconds]
101
101
  end
102
+
103
+ def retryable?
104
+ true
105
+ end
102
106
  end
103
107
 
104
108
  class ResourceNotFoundException < ServiceError
@@ -169,6 +173,14 @@ module Aws::AccessAnalyzer
169
173
  def retry_after_seconds
170
174
  @data[:retry_after_seconds]
171
175
  end
176
+
177
+ def retryable?
178
+ true
179
+ end
180
+
181
+ def throttling?
182
+ true
183
+ end
172
184
  end
173
185
 
174
186
  class ValidationException < ServiceError
@@ -141,10 +141,10 @@ module Aws::AccessAnalyzer
141
141
  # The status of the analyzer. An `Active` analyzer successfully
142
142
  # monitors supported resources and generates new findings. The
143
143
  # analyzer is `Disabled` when a user action, such as removing trusted
144
- # access for IAM Access Analyzer from AWS Organizations, causes the
145
- # analyzer to stop generating new findings. The status is `Creating`
146
- # when the analyzer creation is in progress and `Failed` when the
147
- # analyzer creation has failed.
144
+ # access for AWS IAM Access Analyzer from AWS Organizations, causes
145
+ # the analyzer to stop generating new findings. The status is
146
+ # `Creating` when the analyzer creation is in progress and `Failed`
147
+ # when the analyzer creation has failed.
148
148
  # @return [String]
149
149
  #
150
150
  # @!attribute [rw] status_reason
@@ -181,6 +181,42 @@ module Aws::AccessAnalyzer
181
181
  include Aws::Structure
182
182
  end
183
183
 
184
+ # Retroactively applies an archive rule.
185
+ #
186
+ # @note When making an API call, you may pass ApplyArchiveRuleRequest
187
+ # data as a hash:
188
+ #
189
+ # {
190
+ # analyzer_arn: "AnalyzerArn", # required
191
+ # client_token: "String",
192
+ # rule_name: "Name", # required
193
+ # }
194
+ #
195
+ # @!attribute [rw] analyzer_arn
196
+ # The Amazon resource name (ARN) of the analyzer.
197
+ # @return [String]
198
+ #
199
+ # @!attribute [rw] client_token
200
+ # A client token.
201
+ #
202
+ # **A suitable default value is auto-generated.** You should normally
203
+ # not need to pass this option.
204
+ # @return [String]
205
+ #
206
+ # @!attribute [rw] rule_name
207
+ # The name of the rule to apply.
208
+ # @return [String]
209
+ #
210
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ApplyArchiveRuleRequest AWS API Documentation
211
+ #
212
+ class ApplyArchiveRuleRequest < Struct.new(
213
+ :analyzer_arn,
214
+ :client_token,
215
+ :rule_name)
216
+ SENSITIVE = []
217
+ include Aws::Structure
218
+ end
219
+
184
220
  # Contains information about an archive rule.
185
221
  #
186
222
  # @!attribute [rw] created_at
@@ -282,8 +318,10 @@ module Aws::AccessAnalyzer
282
318
  # @return [Hash<String,String>]
283
319
  #
284
320
  # @!attribute [rw] type
285
- # The type of analyzer to create. Only ACCOUNT analyzers are
286
- # supported. You can create only one analyzer per account per Region.
321
+ # The type of analyzer to create. Only ACCOUNT and ORGANIZATION
322
+ # analyzers are supported. You can create only one analyzer per
323
+ # account per Region. You can create up to 5 analyzers per
324
+ # organization per Region.
287
325
  # @return [String]
288
326
  #
289
327
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAnalyzerRequest AWS API Documentation
@@ -901,7 +939,7 @@ module Aws::AccessAnalyzer
901
939
  # analyzer_arn: "AnalyzerArn", # required
902
940
  # max_results: 1,
903
941
  # next_token: "Token",
904
- # resource_type: "AWS::IAM::Role", # accepts AWS::IAM::Role, AWS::KMS::Key, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::S3::Bucket, AWS::SQS::Queue
942
+ # resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
905
943
  # }
906
944
  #
907
945
  # @!attribute [rw] analyzer_arn
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-accessanalyzer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.10.0
4
+ version: 1.15.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-25 00:00:00.000000000 Z
11
+ date: 2021-01-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: '3'
20
20
  - - ">="
21
21
  - !ruby/object:Gem::Version
22
- version: 3.99.0
22
+ version: 3.109.0
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
29
29
  version: '3'
30
30
  - - ">="
31
31
  - !ruby/object:Gem::Version
32
- version: 3.99.0
32
+ version: 3.109.0
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: aws-sigv4
35
35
  requirement: !ruby/object:Gem::Requirement