aws-sdk-accessanalyzer 1.10.0 → 1.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dda178cc768b4072bbdea632cd9606b68e23789429441f238298f70c563d365b
-  data.tar.gz: 3d4ac1f9085456d4142c2fa7325572bbbb6d3a9f65b2e722f630a965d6fbb602
+  metadata.gz: 834f3bb04382a9326903cc39f1d847f0ea6453dff9cc6f6a1e79130685b24d7a
+  data.tar.gz: 89c34346ac02f78a18963d887eeec70cacc8edeff6d3fb4579e4532129f45fcd
 SHA512:
-  metadata.gz: e716d2db355f5723e4c741e303a5ca7ba6972ac1283b6a7ac65e6042a8ba323f11db83bc5e231796833c8a8ac95b922d77b2f18bc4136e10cbba6e6bd1fca66f
-  data.tar.gz: c9b2c8a08f0dc54e119038568aa25a605df4f8351354688c96ce83ba01b2d331a622398218ddde7372ccd5c3039f4b74014d3b6518c3d92d9293e6cb149a2bca
+  metadata.gz: a05271f0ad161daa1d54e46d3e515de8202ada85b7ab6c824bd6192dd6080d49e4ed050e7548f8673f9c689d5553af5fde9e4b7b3cb55dbd75750a1435854a25
+  data.tar.gz: 7d0e397b9ba96564d9e7699e0725ff71ed5d5b43ae53a3a8d293819899d2a7134da825df053b703640629cb3f212abc85f087553061df50eb6c2a4d362195ea8

data/lib/aws-sdk-accessanalyzer.rb

@@ -7,6 +7,7 @@
 #
 # WARNING ABOUT GENERATED CODE
 
+
 require 'aws-sdk-core'
 require 'aws-sigv4'
 
@@ -27,7 +28,7 @@ require_relative 'aws-sdk-accessanalyzer/customizations'
 # structure.
 #
 #     access_analyzer = Aws::AccessAnalyzer::Client.new
-#     resp = access_analyzer.create_analyzer(params)
+#     resp = access_analyzer.apply_archive_rule(params)
 #
 # See {Client} for more information.
 #
@@ -47,6 +48,6 @@ require_relative 'aws-sdk-accessanalyzer/customizations'
 # @!group service
 module Aws::AccessAnalyzer
 
-  GEM_VERSION = '1.10.0'
+  GEM_VERSION = '1.15.0'
 
 end

data/lib/aws-sdk-accessanalyzer/client.rb

@@ -327,6 +327,40 @@ module Aws::AccessAnalyzer
 
     # @!group API Operations
 
+    # Retroactively applies the archive rule to existing findings that meet
+    # the archive rule criteria.
+    #
+    # @option params [required, String] :analyzer_arn
+    #   The Amazon resource name (ARN) of the analyzer.
+    #
+    # @option params [String] :client_token
+    #   A client token.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @option params [required, String] :rule_name
+    #   The name of the rule to apply.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.apply_archive_rule({
+    #     analyzer_arn: "AnalyzerArn", # required
+    #     client_token: "String",
+    #     rule_name: "Name", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ApplyArchiveRule AWS API Documentation
+    #
+    # @overload apply_archive_rule(params = {})
+    # @param [Hash] params ({})
+    def apply_archive_rule(params = {}, options = {})
+      req = build_request(:apply_archive_rule, params)
+      req.send_request(options)
+    end
+
     # Creates an analyzer for your account.
     #
     # @option params [required, String] :analyzer_name
@@ -347,8 +381,10 @@ module Aws::AccessAnalyzer
     #   The tags to apply to the analyzer.
     #
     # @option params [required, String] :type
-    #   The type of analyzer to create. Only ACCOUNT analyzers are supported.
-    #   You can create only one analyzer per account per Region.
+    #   The type of analyzer to create. Only ACCOUNT and ORGANIZATION
+    #   analyzers are supported. You can create only one analyzer per account
+    #   per Region. You can create up to 5 analyzers per organization per
+    #   Region.
     #
     # @return [Types::CreateAnalyzerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -392,8 +428,8 @@ module Aws::AccessAnalyzer
     end
 
     # Creates an archive rule for the specified analyzer. Archive rules
-    # automatically archive findings that meet the criteria you define when
-    # you create the rule.
+    # automatically archive new findings that meet the criteria you define
+    # when you create the rule.
     #
     # @option params [required, String] :analyzer_name
     #   The name of the created analyzer.
@@ -438,9 +474,9 @@ module Aws::AccessAnalyzer
     end
 
     # Deletes the specified analyzer. When you delete an analyzer, Access
-    # Analyzer is disabled for the account in the current or specific
-    # Region. All findings that were generated by the analyzer are deleted.
-    # You cannot undo this action.
+    # Analyzer is disabled for the account or organization in the current or
+    # specific Region. All findings that were generated by the analyzer are
+    # deleted. You cannot undo this action.
     #
     # @option params [required, String] :analyzer_name
     #   The name of the analyzer to delete.
@@ -532,7 +568,7 @@ module Aws::AccessAnalyzer
     #   resp.resource.is_public #=> Boolean
     #   resp.resource.resource_arn #=> String
     #   resp.resource.resource_owner_account #=> String
-    #   resp.resource.resource_type #=> String, one of "AWS::IAM::Role", "AWS::KMS::Key", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::S3::Bucket", "AWS::SQS::Queue"
+    #   resp.resource.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
     #   resp.resource.shared_via #=> Array
     #   resp.resource.shared_via[0] #=> String
     #   resp.resource.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
@@ -586,6 +622,13 @@ module Aws::AccessAnalyzer
 
     # Retrieves information about an archive rule.
     #
+    # To learn about filter keys that you can use to create an archive rule,
+    # see [Access Analyzer filter keys][1] in the **IAM User Guide**.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
+    #
     # @option params [required, String] :analyzer_name
     #   The name of the analyzer to retrieve rules from.
     #
@@ -660,10 +703,10 @@ module Aws::AccessAnalyzer
     #   resp.finding.principal["String"] #=> String
     #   resp.finding.resource #=> String
     #   resp.finding.resource_owner_account #=> String
-    #   resp.finding.resource_type #=> String, one of "AWS::IAM::Role", "AWS::KMS::Key", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::S3::Bucket", "AWS::SQS::Queue"
+    #   resp.finding.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
     #   resp.finding.sources #=> Array
     #   resp.finding.sources[0].detail.access_point_arn #=> String
-    #   resp.finding.sources[0].type #=> String, one of "BUCKET_ACL", "POLICY", "S3_ACCESS_POINT"
+    #   resp.finding.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
     #   resp.finding.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
     #   resp.finding.updated_at #=> Time
     #
@@ -704,7 +747,7 @@ module Aws::AccessAnalyzer
     #     analyzer_arn: "AnalyzerArn", # required
     #     max_results: 1,
     #     next_token: "Token",
-    #     resource_type: "AWS::IAM::Role", # accepts AWS::IAM::Role, AWS::KMS::Key, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::S3::Bucket, AWS::SQS::Queue
+    #     resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
     #   })
     #
     # @example Response structure
@@ -712,7 +755,7 @@ module Aws::AccessAnalyzer
     #   resp.analyzed_resources #=> Array
     #   resp.analyzed_resources[0].resource_arn #=> String
     #   resp.analyzed_resources[0].resource_owner_account #=> String
-    #   resp.analyzed_resources[0].resource_type #=> String, one of "AWS::IAM::Role", "AWS::KMS::Key", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::S3::Bucket", "AWS::SQS::Queue"
+    #   resp.analyzed_resources[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResources AWS API Documentation
@@ -827,6 +870,13 @@ module Aws::AccessAnalyzer
 
     # Retrieves a list of findings generated by the specified analyzer.
     #
+    # To learn about filter keys that you can use to create an archive rule,
+    # see [Access Analyzer filter keys][1] in the **IAM User Guide**.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
+    #
     # @option params [required, String] :analyzer_arn
     #   The ARN of the analyzer to retrieve findings from.
     #
@@ -885,10 +935,10 @@ module Aws::AccessAnalyzer
     #   resp.findings[0].principal["String"] #=> String
     #   resp.findings[0].resource #=> String
     #   resp.findings[0].resource_owner_account #=> String
-    #   resp.findings[0].resource_type #=> String, one of "AWS::IAM::Role", "AWS::KMS::Key", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::S3::Bucket", "AWS::SQS::Queue"
+    #   resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
     #   resp.findings[0].sources #=> Array
     #   resp.findings[0].sources[0].detail.access_point_arn #=> String
-    #   resp.findings[0].sources[0].type #=> String, one of "BUCKET_ACL", "POLICY", "S3_ACCESS_POINT"
+    #   resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
     #   resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
     #   resp.findings[0].updated_at #=> Time
     #   resp.next_token #=> String
@@ -1114,7 +1164,7 @@ module Aws::AccessAnalyzer
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-accessanalyzer'
-      context[:gem_version] = '1.10.0'
+      context[:gem_version] = '1.15.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-accessanalyzer/client_api.rb

@@ -22,6 +22,7 @@ module Aws::AccessAnalyzer
     AnalyzerStatus = Shapes::StringShape.new(name: 'AnalyzerStatus')
     AnalyzerSummary = Shapes::StructureShape.new(name: 'AnalyzerSummary')
     AnalyzersList = Shapes::ListShape.new(name: 'AnalyzersList')
+    ApplyArchiveRuleRequest = Shapes::StructureShape.new(name: 'ApplyArchiveRuleRequest')
     ArchiveRuleSummary = Shapes::StructureShape.new(name: 'ArchiveRuleSummary')
     ArchiveRulesList = Shapes::ListShape.new(name: 'ArchiveRulesList')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
@@ -136,6 +137,11 @@ module Aws::AccessAnalyzer
 
     AnalyzersList.member = Shapes::ShapeRef.new(shape: AnalyzerSummary)
 
+    ApplyArchiveRuleRequest.add_member(:analyzer_arn, Shapes::ShapeRef.new(shape: AnalyzerArn, required: true, location_name: "analyzerArn"))
+    ApplyArchiveRuleRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: String, location_name: "clientToken", metadata: {"idempotencyToken"=>true}))
+    ApplyArchiveRuleRequest.add_member(:rule_name, Shapes::ShapeRef.new(shape: Name, required: true, location_name: "ruleName"))
+    ApplyArchiveRuleRequest.struct_class = Types::ApplyArchiveRuleRequest
+
     ArchiveRuleSummary.add_member(:created_at, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "createdAt"))
     ArchiveRuleSummary.add_member(:filter, Shapes::ShapeRef.new(shape: FilterCriteriaMap, required: true, location_name: "filter"))
     ArchiveRuleSummary.add_member(:rule_name, Shapes::ShapeRef.new(shape: Name, required: true, location_name: "ruleName"))
@@ -404,6 +410,19 @@ module Aws::AccessAnalyzer
         "uid" => "accessanalyzer-2019-11-01",
       }
 
+      api.add_operation(:apply_archive_rule, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ApplyArchiveRule"
+        o.http_method = "PUT"
+        o.http_request_uri = "/archive-rule"
+        o.input = Shapes::ShapeRef.new(shape: ApplyArchiveRuleRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+      end)
+
       api.add_operation(:create_analyzer, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreateAnalyzer"
         o.http_method = "PUT"

data/lib/aws-sdk-accessanalyzer/errors.rb

@@ -99,6 +99,10 @@ module Aws::AccessAnalyzer
       def retry_after_seconds
         @data[:retry_after_seconds]
       end
+
+      def retryable?
+        true
+      end
     end
 
     class ResourceNotFoundException < ServiceError
@@ -169,6 +173,14 @@ module Aws::AccessAnalyzer
       def retry_after_seconds
         @data[:retry_after_seconds]
       end
+
+      def retryable?
+        true
+      end
+
+      def throttling?
+        true
+      end
     end
 
     class ValidationException < ServiceError

data/lib/aws-sdk-accessanalyzer/types.rb

@@ -141,10 +141,10 @@ module Aws::AccessAnalyzer
     #   The status of the analyzer. An `Active` analyzer successfully
     #   monitors supported resources and generates new findings. The
     #   analyzer is `Disabled` when a user action, such as removing trusted
-    #   access for IAM Access Analyzer from AWS Organizations, causes the
-    #   analyzer to stop generating new findings. The status is `Creating`
-    #   when the analyzer creation is in progress and `Failed` when the
-    #   analyzer creation has failed.
+    #   access for AWS IAM Access Analyzer from AWS Organizations, causes
+    #   the analyzer to stop generating new findings. The status is
+    #   `Creating` when the analyzer creation is in progress and `Failed`
+    #   when the analyzer creation has failed.
     #   @return [String]
     #
     # @!attribute [rw] status_reason
@@ -181,6 +181,42 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # Retroactively applies an archive rule.
+    #
+    # @note When making an API call, you may pass ApplyArchiveRuleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         analyzer_arn: "AnalyzerArn", # required
+    #         client_token: "String",
+    #         rule_name: "Name", # required
+    #       }
+    #
+    # @!attribute [rw] analyzer_arn
+    #   The Amazon resource name (ARN) of the analyzer.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_token
+    #   A client token.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    # @!attribute [rw] rule_name
+    #   The name of the rule to apply.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ApplyArchiveRuleRequest AWS API Documentation
+    #
+    class ApplyArchiveRuleRequest < Struct.new(
+      :analyzer_arn,
+      :client_token,
+      :rule_name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains information about an archive rule.
     #
     # @!attribute [rw] created_at
@@ -282,8 +318,10 @@ module Aws::AccessAnalyzer
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] type
-    #   The type of analyzer to create. Only ACCOUNT analyzers are
-    #   supported. You can create only one analyzer per account per Region.
+    #   The type of analyzer to create. Only ACCOUNT and ORGANIZATION
+    #   analyzers are supported. You can create only one analyzer per
+    #   account per Region. You can create up to 5 analyzers per
+    #   organization per Region.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAnalyzerRequest AWS API Documentation
@@ -901,7 +939,7 @@ module Aws::AccessAnalyzer
     #         analyzer_arn: "AnalyzerArn", # required
     #         max_results: 1,
     #         next_token: "Token",
-    #         resource_type: "AWS::IAM::Role", # accepts AWS::IAM::Role, AWS::KMS::Key, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::S3::Bucket, AWS::SQS::Queue
+    #         resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
     #       }
     #
     # @!attribute [rw] analyzer_arn

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-accessanalyzer
 version: !ruby/object:Gem::Version
-  version: 1.10.0
+  version: 1.15.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-25 00:00:00.000000000 Z
+date: 2021-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.109.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.109.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement