aws-sdk-accessanalyzer 1.14.0 → 1.19.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +114 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-accessanalyzer.rb +2 -2
- data/lib/aws-sdk-accessanalyzer/client.rb +649 -21
- data/lib/aws-sdk-accessanalyzer/client_api.rb +549 -1
- data/lib/aws-sdk-accessanalyzer/errors.rb +1 -1
- data/lib/aws-sdk-accessanalyzer/resource.rb +1 -1
- data/lib/aws-sdk-accessanalyzer/types.rb +2334 -253
- metadata +10 -7
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -23,6 +23,266 @@ module Aws::AccessAnalyzer
|
|
23
23
|
include Aws::Structure
|
24
24
|
end
|
25
25
|
|
26
|
+
# Contains information about an access preview.
|
27
|
+
#
|
28
|
+
# @!attribute [rw] analyzer_arn
|
29
|
+
# The ARN of the analyzer used to generate the access preview.
|
30
|
+
# @return [String]
|
31
|
+
#
|
32
|
+
# @!attribute [rw] configurations
|
33
|
+
# A map of resource ARNs for the proposed resource configuration.
|
34
|
+
# @return [Hash<String,Types::Configuration>]
|
35
|
+
#
|
36
|
+
# @!attribute [rw] created_at
|
37
|
+
# The time at which the access preview was created.
|
38
|
+
# @return [Time]
|
39
|
+
#
|
40
|
+
# @!attribute [rw] id
|
41
|
+
# The unique ID for the access preview.
|
42
|
+
# @return [String]
|
43
|
+
#
|
44
|
+
# @!attribute [rw] status
|
45
|
+
# The status of the access preview.
|
46
|
+
#
|
47
|
+
# * `Creating` - The access preview creation is in progress.
|
48
|
+
#
|
49
|
+
# * `Completed` - The access preview is complete. You can preview
|
50
|
+
# findings for external access to the resource.
|
51
|
+
#
|
52
|
+
# * `Failed` - The access preview creation has failed.
|
53
|
+
# @return [String]
|
54
|
+
#
|
55
|
+
# @!attribute [rw] status_reason
|
56
|
+
# Provides more details about the current status of the access
|
57
|
+
# preview.
|
58
|
+
#
|
59
|
+
# For example, if the creation of the access preview fails, a `Failed`
|
60
|
+
# status is returned. This failure can be due to an internal issue
|
61
|
+
# with the analysis or due to an invalid resource configuration.
|
62
|
+
# @return [Types::AccessPreviewStatusReason]
|
63
|
+
#
|
64
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreview AWS API Documentation
|
65
|
+
#
|
66
|
+
class AccessPreview < Struct.new(
|
67
|
+
:analyzer_arn,
|
68
|
+
:configurations,
|
69
|
+
:created_at,
|
70
|
+
:id,
|
71
|
+
:status,
|
72
|
+
:status_reason)
|
73
|
+
SENSITIVE = []
|
74
|
+
include Aws::Structure
|
75
|
+
end
|
76
|
+
|
77
|
+
# An access preview finding generated by the access preview.
|
78
|
+
#
|
79
|
+
# @!attribute [rw] action
|
80
|
+
# The action in the analyzed policy statement that an external
|
81
|
+
# principal has permission to perform.
|
82
|
+
# @return [Array<String>]
|
83
|
+
#
|
84
|
+
# @!attribute [rw] change_type
|
85
|
+
# Provides context on how the access preview finding compares to
|
86
|
+
# existing access identified in Access Analyzer.
|
87
|
+
#
|
88
|
+
# * `New` - The finding is for newly-introduced access.
|
89
|
+
#
|
90
|
+
# * `Unchanged` - The preview finding is an existing finding that
|
91
|
+
# would remain unchanged.
|
92
|
+
#
|
93
|
+
# * `Changed` - The preview finding is an existing finding with a
|
94
|
+
# change in status.
|
95
|
+
#
|
96
|
+
# For example, a `Changed` finding with preview status `Resolved` and
|
97
|
+
# existing status `Active` indicates the existing `Active` finding
|
98
|
+
# would become `Resolved` as a result of the proposed permissions
|
99
|
+
# change.
|
100
|
+
# @return [String]
|
101
|
+
#
|
102
|
+
# @!attribute [rw] condition
|
103
|
+
# The condition in the analyzed policy statement that resulted in a
|
104
|
+
# finding.
|
105
|
+
# @return [Hash<String,String>]
|
106
|
+
#
|
107
|
+
# @!attribute [rw] created_at
|
108
|
+
# The time at which the access preview finding was created.
|
109
|
+
# @return [Time]
|
110
|
+
#
|
111
|
+
# @!attribute [rw] error
|
112
|
+
# An error.
|
113
|
+
# @return [String]
|
114
|
+
#
|
115
|
+
# @!attribute [rw] existing_finding_id
|
116
|
+
# The existing ID of the finding in Access Analyzer, provided only for
|
117
|
+
# existing findings.
|
118
|
+
# @return [String]
|
119
|
+
#
|
120
|
+
# @!attribute [rw] existing_finding_status
|
121
|
+
# The existing status of the finding, provided only for existing
|
122
|
+
# findings.
|
123
|
+
# @return [String]
|
124
|
+
#
|
125
|
+
# @!attribute [rw] id
|
126
|
+
# The ID of the access preview finding. This ID uniquely identifies
|
127
|
+
# the element in the list of access preview findings and is not
|
128
|
+
# related to the finding ID in Access Analyzer.
|
129
|
+
# @return [String]
|
130
|
+
#
|
131
|
+
# @!attribute [rw] is_public
|
132
|
+
# Indicates whether the policy that generated the finding allows
|
133
|
+
# public access to the resource.
|
134
|
+
# @return [Boolean]
|
135
|
+
#
|
136
|
+
# @!attribute [rw] principal
|
137
|
+
# The external principal that has access to a resource within the zone
|
138
|
+
# of trust.
|
139
|
+
# @return [Hash<String,String>]
|
140
|
+
#
|
141
|
+
# @!attribute [rw] resource
|
142
|
+
# The resource that an external principal has access to. This is the
|
143
|
+
# resource associated with the access preview.
|
144
|
+
# @return [String]
|
145
|
+
#
|
146
|
+
# @!attribute [rw] resource_owner_account
|
147
|
+
# The AWS account ID that owns the resource. For most AWS resources,
|
148
|
+
# the owning account is the account in which the resource was created.
|
149
|
+
# @return [String]
|
150
|
+
#
|
151
|
+
# @!attribute [rw] resource_type
|
152
|
+
# The type of the resource that can be accessed in the finding.
|
153
|
+
# @return [String]
|
154
|
+
#
|
155
|
+
# @!attribute [rw] sources
|
156
|
+
# The sources of the finding. This indicates how the access that
|
157
|
+
# generated the finding is granted. It is populated for Amazon S3
|
158
|
+
# bucket findings.
|
159
|
+
# @return [Array<Types::FindingSource>]
|
160
|
+
#
|
161
|
+
# @!attribute [rw] status
|
162
|
+
# The preview status of the finding. This is what the status of the
|
163
|
+
# finding would be after permissions deployment. For example, a
|
164
|
+
# `Changed` finding with preview status `Resolved` and existing status
|
165
|
+
# `Active` indicates the existing `Active` finding would become
|
166
|
+
# `Resolved` as a result of the proposed permissions change.
|
167
|
+
# @return [String]
|
168
|
+
#
|
169
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreviewFinding AWS API Documentation
|
170
|
+
#
|
171
|
+
class AccessPreviewFinding < Struct.new(
|
172
|
+
:action,
|
173
|
+
:change_type,
|
174
|
+
:condition,
|
175
|
+
:created_at,
|
176
|
+
:error,
|
177
|
+
:existing_finding_id,
|
178
|
+
:existing_finding_status,
|
179
|
+
:id,
|
180
|
+
:is_public,
|
181
|
+
:principal,
|
182
|
+
:resource,
|
183
|
+
:resource_owner_account,
|
184
|
+
:resource_type,
|
185
|
+
:sources,
|
186
|
+
:status)
|
187
|
+
SENSITIVE = []
|
188
|
+
include Aws::Structure
|
189
|
+
end
|
190
|
+
|
191
|
+
# Provides more details about the current status of the access preview.
|
192
|
+
# For example, if the creation of the access preview fails, a `Failed`
|
193
|
+
# status is returned. This failure can be due to an internal issue with
|
194
|
+
# the analysis or due to an invalid proposed resource configuration.
|
195
|
+
#
|
196
|
+
# @!attribute [rw] code
|
197
|
+
# The reason code for the current status of the access preview.
|
198
|
+
# @return [String]
|
199
|
+
#
|
200
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreviewStatusReason AWS API Documentation
|
201
|
+
#
|
202
|
+
class AccessPreviewStatusReason < Struct.new(
|
203
|
+
:code)
|
204
|
+
SENSITIVE = []
|
205
|
+
include Aws::Structure
|
206
|
+
end
|
207
|
+
|
208
|
+
# Contains a summary of information about an access preview.
|
209
|
+
#
|
210
|
+
# @!attribute [rw] analyzer_arn
|
211
|
+
# The ARN of the analyzer used to generate the access preview.
|
212
|
+
# @return [String]
|
213
|
+
#
|
214
|
+
# @!attribute [rw] created_at
|
215
|
+
# The time at which the access preview was created.
|
216
|
+
# @return [Time]
|
217
|
+
#
|
218
|
+
# @!attribute [rw] id
|
219
|
+
# The unique ID for the access preview.
|
220
|
+
# @return [String]
|
221
|
+
#
|
222
|
+
# @!attribute [rw] status
|
223
|
+
# The status of the access preview.
|
224
|
+
#
|
225
|
+
# * `Creating` - The access preview creation is in progress.
|
226
|
+
#
|
227
|
+
# * `Completed` - The access preview is complete and previews the
|
228
|
+
# findings for external access to the resource.
|
229
|
+
#
|
230
|
+
# * `Failed` - The access preview creation has failed.
|
231
|
+
# @return [String]
|
232
|
+
#
|
233
|
+
# @!attribute [rw] status_reason
|
234
|
+
# Provides more details about the current status of the access
|
235
|
+
# preview. For example, if the creation of the access preview fails, a
|
236
|
+
# `Failed` status is returned. This failure can be due to an internal
|
237
|
+
# issue with the analysis or due to an invalid proposed resource
|
238
|
+
# configuration.
|
239
|
+
# @return [Types::AccessPreviewStatusReason]
|
240
|
+
#
|
241
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreviewSummary AWS API Documentation
|
242
|
+
#
|
243
|
+
class AccessPreviewSummary < Struct.new(
|
244
|
+
:analyzer_arn,
|
245
|
+
:created_at,
|
246
|
+
:id,
|
247
|
+
:status,
|
248
|
+
:status_reason)
|
249
|
+
SENSITIVE = []
|
250
|
+
include Aws::Structure
|
251
|
+
end
|
252
|
+
|
253
|
+
# You specify each grantee as a type-value pair using one of these
|
254
|
+
# types. You can specify only one type of grantee. For more information,
|
255
|
+
# see [PutBucketAcl][1].
|
256
|
+
#
|
257
|
+
#
|
258
|
+
#
|
259
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html
|
260
|
+
#
|
261
|
+
# @note When making an API call, you may pass AclGrantee
|
262
|
+
# data as a hash:
|
263
|
+
#
|
264
|
+
# {
|
265
|
+
# id: "AclCanonicalId",
|
266
|
+
# uri: "AclUri",
|
267
|
+
# }
|
268
|
+
#
|
269
|
+
# @!attribute [rw] id
|
270
|
+
# The value specified is the canonical user ID of an AWS account.
|
271
|
+
# @return [String]
|
272
|
+
#
|
273
|
+
# @!attribute [rw] uri
|
274
|
+
# Used for granting permissions to a predefined group.
|
275
|
+
# @return [String]
|
276
|
+
#
|
277
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AclGrantee AWS API Documentation
|
278
|
+
#
|
279
|
+
class AclGrantee < Struct.new(
|
280
|
+
:id,
|
281
|
+
:uri)
|
282
|
+
SENSITIVE = []
|
283
|
+
include Aws::Structure
|
284
|
+
end
|
285
|
+
|
26
286
|
# Contains details about the analyzed resource.
|
27
287
|
#
|
28
288
|
# @!attribute [rw] actions
|
@@ -141,16 +401,16 @@ module Aws::AccessAnalyzer
|
|
141
401
|
# The status of the analyzer. An `Active` analyzer successfully
|
142
402
|
# monitors supported resources and generates new findings. The
|
143
403
|
# analyzer is `Disabled` when a user action, such as removing trusted
|
144
|
-
# access for IAM Access Analyzer from AWS Organizations, causes
|
145
|
-
# analyzer to stop generating new findings. The status is
|
146
|
-
# when the analyzer creation is in progress and `Failed`
|
147
|
-
# analyzer creation has failed.
|
404
|
+
# access for AWS IAM Access Analyzer from AWS Organizations, causes
|
405
|
+
# the analyzer to stop generating new findings. The status is
|
406
|
+
# `Creating` when the analyzer creation is in progress and `Failed`
|
407
|
+
# when the analyzer creation has failed.
|
148
408
|
# @return [String]
|
149
409
|
#
|
150
410
|
# @!attribute [rw] status_reason
|
151
411
|
# The `statusReason` provides more details about the current status of
|
152
412
|
# the analyzer. For example, if the creation for the analyzer fails, a
|
153
|
-
# `Failed` status is
|
413
|
+
# `Failed` status is returned. For an analyzer with organization as
|
154
414
|
# the type, this failure can be due to an issue with creating the
|
155
415
|
# service-linked roles required in the member accounts of the AWS
|
156
416
|
# organization.
|
@@ -246,130 +506,466 @@ module Aws::AccessAnalyzer
|
|
246
506
|
include Aws::Structure
|
247
507
|
end
|
248
508
|
|
249
|
-
#
|
250
|
-
#
|
251
|
-
# @!attribute [rw] message
|
252
|
-
# @return [String]
|
509
|
+
# @note When making an API call, you may pass CancelPolicyGenerationRequest
|
510
|
+
# data as a hash:
|
253
511
|
#
|
254
|
-
#
|
255
|
-
#
|
256
|
-
#
|
512
|
+
# {
|
513
|
+
# job_id: "JobId", # required
|
514
|
+
# }
|
257
515
|
#
|
258
|
-
# @!attribute [rw]
|
259
|
-
# The
|
516
|
+
# @!attribute [rw] job_id
|
517
|
+
# The `JobId` that is returned by the `StartPolicyGeneration`
|
518
|
+
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
519
|
+
# retrieve the generated policies or used with
|
520
|
+
# `CancelPolicyGeneration` to cancel the policy generation request.
|
260
521
|
# @return [String]
|
261
522
|
#
|
262
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/
|
523
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CancelPolicyGenerationRequest AWS API Documentation
|
263
524
|
#
|
264
|
-
class
|
265
|
-
:
|
266
|
-
:resource_id,
|
267
|
-
:resource_type)
|
525
|
+
class CancelPolicyGenerationRequest < Struct.new(
|
526
|
+
:job_id)
|
268
527
|
SENSITIVE = []
|
269
528
|
include Aws::Structure
|
270
529
|
end
|
271
530
|
|
272
|
-
#
|
531
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CancelPolicyGenerationResponse AWS API Documentation
|
273
532
|
#
|
274
|
-
|
533
|
+
class CancelPolicyGenerationResponse < Aws::EmptyStructure; end
|
534
|
+
|
535
|
+
# Contains information about CloudTrail access.
|
536
|
+
#
|
537
|
+
# @note When making an API call, you may pass CloudTrailDetails
|
275
538
|
# data as a hash:
|
276
539
|
#
|
277
540
|
# {
|
278
|
-
#
|
279
|
-
#
|
541
|
+
# access_role: "RoleArn", # required
|
542
|
+
# end_time: Time.now,
|
543
|
+
# start_time: Time.now, # required
|
544
|
+
# trails: [ # required
|
280
545
|
# {
|
281
|
-
#
|
282
|
-
#
|
283
|
-
#
|
284
|
-
# eq: ["String"],
|
285
|
-
# exists: false,
|
286
|
-
# neq: ["String"],
|
287
|
-
# },
|
288
|
-
# },
|
289
|
-
# rule_name: "Name", # required
|
546
|
+
# all_regions: false,
|
547
|
+
# cloud_trail_arn: "CloudTrailArn", # required
|
548
|
+
# regions: ["String"],
|
290
549
|
# },
|
291
550
|
# ],
|
292
|
-
# client_token: "String",
|
293
|
-
# tags: {
|
294
|
-
# "String" => "String",
|
295
|
-
# },
|
296
|
-
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
|
297
551
|
# }
|
298
552
|
#
|
299
|
-
# @!attribute [rw]
|
300
|
-
# The
|
553
|
+
# @!attribute [rw] access_role
|
554
|
+
# The ARN of the service role that Access Analyzer uses to access your
|
555
|
+
# CloudTrail trail and service last accessed information.
|
301
556
|
# @return [String]
|
302
557
|
#
|
303
|
-
# @!attribute [rw]
|
304
|
-
#
|
305
|
-
#
|
306
|
-
#
|
307
|
-
#
|
308
|
-
#
|
309
|
-
# @!attribute [rw] client_token
|
310
|
-
# A client token.
|
311
|
-
#
|
312
|
-
# **A suitable default value is auto-generated.** You should normally
|
313
|
-
# not need to pass this option.
|
314
|
-
# @return [String]
|
558
|
+
# @!attribute [rw] end_time
|
559
|
+
# The end of the time range for which Access Analyzer reviews your
|
560
|
+
# CloudTrail events. Events with a timestamp after this time are not
|
561
|
+
# considered to generate a policy. If this is not included in the
|
562
|
+
# request, the default value is the current time.
|
563
|
+
# @return [Time]
|
315
564
|
#
|
316
|
-
# @!attribute [rw]
|
317
|
-
# The
|
318
|
-
#
|
565
|
+
# @!attribute [rw] start_time
|
566
|
+
# The start of the time range for which Access Analyzer reviews your
|
567
|
+
# CloudTrail events. Events with a timestamp before this time are not
|
568
|
+
# considered to generate a policy.
|
569
|
+
# @return [Time]
|
319
570
|
#
|
320
|
-
# @!attribute [rw]
|
321
|
-
#
|
322
|
-
#
|
323
|
-
# @return [String]
|
571
|
+
# @!attribute [rw] trails
|
572
|
+
# A `Trail` object that contains settings for a trail.
|
573
|
+
# @return [Array<Types::Trail>]
|
324
574
|
#
|
325
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/
|
575
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CloudTrailDetails AWS API Documentation
|
326
576
|
#
|
327
|
-
class
|
328
|
-
:
|
329
|
-
:
|
330
|
-
:
|
331
|
-
:
|
332
|
-
:type)
|
577
|
+
class CloudTrailDetails < Struct.new(
|
578
|
+
:access_role,
|
579
|
+
:end_time,
|
580
|
+
:start_time,
|
581
|
+
:trails)
|
333
582
|
SENSITIVE = []
|
334
583
|
include Aws::Structure
|
335
584
|
end
|
336
585
|
|
337
|
-
#
|
586
|
+
# Contains information about CloudTrail access.
|
338
587
|
#
|
339
|
-
# @!attribute [rw]
|
340
|
-
# The
|
341
|
-
#
|
588
|
+
# @!attribute [rw] end_time
|
589
|
+
# The end of the time range for which Access Analyzer reviews your
|
590
|
+
# CloudTrail events. Events with a timestamp after this time are not
|
591
|
+
# considered to generate a policy. If this is not included in the
|
592
|
+
# request, the default value is the current time.
|
593
|
+
# @return [Time]
|
342
594
|
#
|
343
|
-
#
|
595
|
+
# @!attribute [rw] start_time
|
596
|
+
# The start of the time range for which Access Analyzer reviews your
|
597
|
+
# CloudTrail events. Events with a timestamp before this time are not
|
598
|
+
# considered to generate a policy.
|
599
|
+
# @return [Time]
|
344
600
|
#
|
345
|
-
|
346
|
-
|
601
|
+
# @!attribute [rw] trail_properties
|
602
|
+
# A `TrailProperties` object that contains settings for trail
|
603
|
+
# properties.
|
604
|
+
# @return [Array<Types::TrailProperties>]
|
605
|
+
#
|
606
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CloudTrailProperties AWS API Documentation
|
607
|
+
#
|
608
|
+
class CloudTrailProperties < Struct.new(
|
609
|
+
:end_time,
|
610
|
+
:start_time,
|
611
|
+
:trail_properties)
|
347
612
|
SENSITIVE = []
|
348
613
|
include Aws::Structure
|
349
614
|
end
|
350
615
|
|
351
|
-
#
|
616
|
+
# Access control configuration structures for your resource. You specify
|
617
|
+
# the configuration as a type-value pair. You can specify only one type
|
618
|
+
# of access control configuration.
|
352
619
|
#
|
353
|
-
# @note When making an API call, you may pass
|
620
|
+
# @note When making an API call, you may pass Configuration
|
354
621
|
# data as a hash:
|
355
622
|
#
|
356
623
|
# {
|
357
|
-
#
|
358
|
-
#
|
359
|
-
#
|
360
|
-
#
|
361
|
-
#
|
362
|
-
#
|
363
|
-
#
|
364
|
-
#
|
624
|
+
# iam_role: {
|
625
|
+
# trust_policy: "IamTrustPolicy",
|
626
|
+
# },
|
627
|
+
# kms_key: {
|
628
|
+
# grants: [
|
629
|
+
# {
|
630
|
+
# constraints: {
|
631
|
+
# encryption_context_equals: {
|
632
|
+
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
633
|
+
# },
|
634
|
+
# encryption_context_subset: {
|
635
|
+
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
636
|
+
# },
|
637
|
+
# },
|
638
|
+
# grantee_principal: "GranteePrincipal", # required
|
639
|
+
# issuing_account: "IssuingAccount", # required
|
640
|
+
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
641
|
+
# retiring_principal: "RetiringPrincipal",
|
642
|
+
# },
|
643
|
+
# ],
|
644
|
+
# key_policies: {
|
645
|
+
# "PolicyName" => "KmsKeyPolicy",
|
365
646
|
# },
|
366
647
|
# },
|
367
|
-
#
|
368
|
-
#
|
369
|
-
#
|
370
|
-
#
|
371
|
-
#
|
372
|
-
#
|
648
|
+
# s3_bucket: {
|
649
|
+
# access_points: {
|
650
|
+
# "AccessPointArn" => {
|
651
|
+
# access_point_policy: "AccessPointPolicy",
|
652
|
+
# network_origin: {
|
653
|
+
# internet_configuration: {
|
654
|
+
# },
|
655
|
+
# vpc_configuration: {
|
656
|
+
# vpc_id: "VpcId", # required
|
657
|
+
# },
|
658
|
+
# },
|
659
|
+
# public_access_block: {
|
660
|
+
# ignore_public_acls: false, # required
|
661
|
+
# restrict_public_buckets: false, # required
|
662
|
+
# },
|
663
|
+
# },
|
664
|
+
# },
|
665
|
+
# bucket_acl_grants: [
|
666
|
+
# {
|
667
|
+
# grantee: { # required
|
668
|
+
# id: "AclCanonicalId",
|
669
|
+
# uri: "AclUri",
|
670
|
+
# },
|
671
|
+
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
672
|
+
# },
|
673
|
+
# ],
|
674
|
+
# bucket_policy: "S3BucketPolicy",
|
675
|
+
# bucket_public_access_block: {
|
676
|
+
# ignore_public_acls: false, # required
|
677
|
+
# restrict_public_buckets: false, # required
|
678
|
+
# },
|
679
|
+
# },
|
680
|
+
# secrets_manager_secret: {
|
681
|
+
# kms_key_id: "SecretsManagerSecretKmsId",
|
682
|
+
# secret_policy: "SecretsManagerSecretPolicy",
|
683
|
+
# },
|
684
|
+
# sqs_queue: {
|
685
|
+
# queue_policy: "SqsQueuePolicy",
|
686
|
+
# },
|
687
|
+
# }
|
688
|
+
#
|
689
|
+
# @!attribute [rw] iam_role
|
690
|
+
# The access control configuration is for an IAM role.
|
691
|
+
# @return [Types::IamRoleConfiguration]
|
692
|
+
#
|
693
|
+
# @!attribute [rw] kms_key
|
694
|
+
# The access control configuration is for a KMS key.
|
695
|
+
# @return [Types::KmsKeyConfiguration]
|
696
|
+
#
|
697
|
+
# @!attribute [rw] s3_bucket
|
698
|
+
# The access control configuration is for an Amazon S3 Bucket.
|
699
|
+
# @return [Types::S3BucketConfiguration]
|
700
|
+
#
|
701
|
+
# @!attribute [rw] secrets_manager_secret
|
702
|
+
# The access control configuration is for a Secrets Manager secret.
|
703
|
+
# @return [Types::SecretsManagerSecretConfiguration]
|
704
|
+
#
|
705
|
+
# @!attribute [rw] sqs_queue
|
706
|
+
# The access control configuration is for an SQS queue.
|
707
|
+
# @return [Types::SqsQueueConfiguration]
|
708
|
+
#
|
709
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Configuration AWS API Documentation
|
710
|
+
#
|
711
|
+
class Configuration < Struct.new(
|
712
|
+
:iam_role,
|
713
|
+
:kms_key,
|
714
|
+
:s3_bucket,
|
715
|
+
:secrets_manager_secret,
|
716
|
+
:sqs_queue)
|
717
|
+
SENSITIVE = []
|
718
|
+
include Aws::Structure
|
719
|
+
end
|
720
|
+
|
721
|
+
# A conflict exception error.
|
722
|
+
#
|
723
|
+
# @!attribute [rw] message
|
724
|
+
# @return [String]
|
725
|
+
#
|
726
|
+
# @!attribute [rw] resource_id
|
727
|
+
# The ID of the resource.
|
728
|
+
# @return [String]
|
729
|
+
#
|
730
|
+
# @!attribute [rw] resource_type
|
731
|
+
# The resource type.
|
732
|
+
# @return [String]
|
733
|
+
#
|
734
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ConflictException AWS API Documentation
|
735
|
+
#
|
736
|
+
class ConflictException < Struct.new(
|
737
|
+
:message,
|
738
|
+
:resource_id,
|
739
|
+
:resource_type)
|
740
|
+
SENSITIVE = []
|
741
|
+
include Aws::Structure
|
742
|
+
end
|
743
|
+
|
744
|
+
# @note When making an API call, you may pass CreateAccessPreviewRequest
|
745
|
+
# data as a hash:
|
746
|
+
#
|
747
|
+
# {
|
748
|
+
# analyzer_arn: "AnalyzerArn", # required
|
749
|
+
# client_token: "String",
|
750
|
+
# configurations: { # required
|
751
|
+
# "ConfigurationsMapKey" => {
|
752
|
+
# iam_role: {
|
753
|
+
# trust_policy: "IamTrustPolicy",
|
754
|
+
# },
|
755
|
+
# kms_key: {
|
756
|
+
# grants: [
|
757
|
+
# {
|
758
|
+
# constraints: {
|
759
|
+
# encryption_context_equals: {
|
760
|
+
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
761
|
+
# },
|
762
|
+
# encryption_context_subset: {
|
763
|
+
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
764
|
+
# },
|
765
|
+
# },
|
766
|
+
# grantee_principal: "GranteePrincipal", # required
|
767
|
+
# issuing_account: "IssuingAccount", # required
|
768
|
+
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
769
|
+
# retiring_principal: "RetiringPrincipal",
|
770
|
+
# },
|
771
|
+
# ],
|
772
|
+
# key_policies: {
|
773
|
+
# "PolicyName" => "KmsKeyPolicy",
|
774
|
+
# },
|
775
|
+
# },
|
776
|
+
# s3_bucket: {
|
777
|
+
# access_points: {
|
778
|
+
# "AccessPointArn" => {
|
779
|
+
# access_point_policy: "AccessPointPolicy",
|
780
|
+
# network_origin: {
|
781
|
+
# internet_configuration: {
|
782
|
+
# },
|
783
|
+
# vpc_configuration: {
|
784
|
+
# vpc_id: "VpcId", # required
|
785
|
+
# },
|
786
|
+
# },
|
787
|
+
# public_access_block: {
|
788
|
+
# ignore_public_acls: false, # required
|
789
|
+
# restrict_public_buckets: false, # required
|
790
|
+
# },
|
791
|
+
# },
|
792
|
+
# },
|
793
|
+
# bucket_acl_grants: [
|
794
|
+
# {
|
795
|
+
# grantee: { # required
|
796
|
+
# id: "AclCanonicalId",
|
797
|
+
# uri: "AclUri",
|
798
|
+
# },
|
799
|
+
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
800
|
+
# },
|
801
|
+
# ],
|
802
|
+
# bucket_policy: "S3BucketPolicy",
|
803
|
+
# bucket_public_access_block: {
|
804
|
+
# ignore_public_acls: false, # required
|
805
|
+
# restrict_public_buckets: false, # required
|
806
|
+
# },
|
807
|
+
# },
|
808
|
+
# secrets_manager_secret: {
|
809
|
+
# kms_key_id: "SecretsManagerSecretKmsId",
|
810
|
+
# secret_policy: "SecretsManagerSecretPolicy",
|
811
|
+
# },
|
812
|
+
# sqs_queue: {
|
813
|
+
# queue_policy: "SqsQueuePolicy",
|
814
|
+
# },
|
815
|
+
# },
|
816
|
+
# },
|
817
|
+
# }
|
818
|
+
#
|
819
|
+
# @!attribute [rw] analyzer_arn
|
820
|
+
# The [ARN of the account analyzer][1] used to generate the access
|
821
|
+
# preview. You can only create an access preview for analyzers with an
|
822
|
+
# `Account` type and `Active` status.
|
823
|
+
#
|
824
|
+
#
|
825
|
+
#
|
826
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
827
|
+
# @return [String]
|
828
|
+
#
|
829
|
+
# @!attribute [rw] client_token
|
830
|
+
# A client token.
|
831
|
+
#
|
832
|
+
# **A suitable default value is auto-generated.** You should normally
|
833
|
+
# not need to pass this option.
|
834
|
+
# @return [String]
|
835
|
+
#
|
836
|
+
# @!attribute [rw] configurations
|
837
|
+
# Access control configuration for your resource that is used to
|
838
|
+
# generate the access preview. The access preview includes findings
|
839
|
+
# for external access allowed to the resource with the proposed access
|
840
|
+
# control configuration. The configuration must contain exactly one
|
841
|
+
# element.
|
842
|
+
# @return [Hash<String,Types::Configuration>]
|
843
|
+
#
|
844
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAccessPreviewRequest AWS API Documentation
|
845
|
+
#
|
846
|
+
class CreateAccessPreviewRequest < Struct.new(
|
847
|
+
:analyzer_arn,
|
848
|
+
:client_token,
|
849
|
+
:configurations)
|
850
|
+
SENSITIVE = []
|
851
|
+
include Aws::Structure
|
852
|
+
end
|
853
|
+
|
854
|
+
# @!attribute [rw] id
|
855
|
+
# The unique ID for the access preview.
|
856
|
+
# @return [String]
|
857
|
+
#
|
858
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAccessPreviewResponse AWS API Documentation
|
859
|
+
#
|
860
|
+
class CreateAccessPreviewResponse < Struct.new(
|
861
|
+
:id)
|
862
|
+
SENSITIVE = []
|
863
|
+
include Aws::Structure
|
864
|
+
end
|
865
|
+
|
866
|
+
# Creates an analyzer.
|
867
|
+
#
|
868
|
+
# @note When making an API call, you may pass CreateAnalyzerRequest
|
869
|
+
# data as a hash:
|
870
|
+
#
|
871
|
+
# {
|
872
|
+
# analyzer_name: "Name", # required
|
873
|
+
# archive_rules: [
|
874
|
+
# {
|
875
|
+
# filter: { # required
|
876
|
+
# "String" => {
|
877
|
+
# contains: ["String"],
|
878
|
+
# eq: ["String"],
|
879
|
+
# exists: false,
|
880
|
+
# neq: ["String"],
|
881
|
+
# },
|
882
|
+
# },
|
883
|
+
# rule_name: "Name", # required
|
884
|
+
# },
|
885
|
+
# ],
|
886
|
+
# client_token: "String",
|
887
|
+
# tags: {
|
888
|
+
# "String" => "String",
|
889
|
+
# },
|
890
|
+
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
|
891
|
+
# }
|
892
|
+
#
|
893
|
+
# @!attribute [rw] analyzer_name
|
894
|
+
# The name of the analyzer to create.
|
895
|
+
# @return [String]
|
896
|
+
#
|
897
|
+
# @!attribute [rw] archive_rules
|
898
|
+
# Specifies the archive rules to add for the analyzer. Archive rules
|
899
|
+
# automatically archive findings that meet the criteria you define for
|
900
|
+
# the rule.
|
901
|
+
# @return [Array<Types::InlineArchiveRule>]
|
902
|
+
#
|
903
|
+
# @!attribute [rw] client_token
|
904
|
+
# A client token.
|
905
|
+
#
|
906
|
+
# **A suitable default value is auto-generated.** You should normally
|
907
|
+
# not need to pass this option.
|
908
|
+
# @return [String]
|
909
|
+
#
|
910
|
+
# @!attribute [rw] tags
|
911
|
+
# The tags to apply to the analyzer.
|
912
|
+
# @return [Hash<String,String>]
|
913
|
+
#
|
914
|
+
# @!attribute [rw] type
|
915
|
+
# The type of analyzer to create. Only ACCOUNT and ORGANIZATION
|
916
|
+
# analyzers are supported. You can create only one analyzer per
|
917
|
+
# account per Region. You can create up to 5 analyzers per
|
918
|
+
# organization per Region.
|
919
|
+
# @return [String]
|
920
|
+
#
|
921
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAnalyzerRequest AWS API Documentation
|
922
|
+
#
|
923
|
+
class CreateAnalyzerRequest < Struct.new(
|
924
|
+
:analyzer_name,
|
925
|
+
:archive_rules,
|
926
|
+
:client_token,
|
927
|
+
:tags,
|
928
|
+
:type)
|
929
|
+
SENSITIVE = []
|
930
|
+
include Aws::Structure
|
931
|
+
end
|
932
|
+
|
933
|
+
# The response to the request to create an analyzer.
|
934
|
+
#
|
935
|
+
# @!attribute [rw] arn
|
936
|
+
# The ARN of the analyzer that was created by the request.
|
937
|
+
# @return [String]
|
938
|
+
#
|
939
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAnalyzerResponse AWS API Documentation
|
940
|
+
#
|
941
|
+
class CreateAnalyzerResponse < Struct.new(
|
942
|
+
:arn)
|
943
|
+
SENSITIVE = []
|
944
|
+
include Aws::Structure
|
945
|
+
end
|
946
|
+
|
947
|
+
# Creates an archive rule.
|
948
|
+
#
|
949
|
+
# @note When making an API call, you may pass CreateArchiveRuleRequest
|
950
|
+
# data as a hash:
|
951
|
+
#
|
952
|
+
# {
|
953
|
+
# analyzer_name: "Name", # required
|
954
|
+
# client_token: "String",
|
955
|
+
# filter: { # required
|
956
|
+
# "String" => {
|
957
|
+
# contains: ["String"],
|
958
|
+
# eq: ["String"],
|
959
|
+
# exists: false,
|
960
|
+
# neq: ["String"],
|
961
|
+
# },
|
962
|
+
# },
|
963
|
+
# rule_name: "Name", # required
|
964
|
+
# }
|
965
|
+
#
|
966
|
+
# @!attribute [rw] analyzer_name
|
967
|
+
# The name of the created analyzer.
|
968
|
+
# @return [String]
|
373
969
|
#
|
374
970
|
# @!attribute [rw] client_token
|
375
971
|
# A client token.
|
@@ -554,7 +1150,7 @@ module Aws::AccessAnalyzer
|
|
554
1150
|
# @return [String]
|
555
1151
|
#
|
556
1152
|
# @!attribute [rw] resource_type
|
557
|
-
# The type of the resource
|
1153
|
+
# The type of the resource identified in the finding.
|
558
1154
|
# @return [String]
|
559
1155
|
#
|
560
1156
|
# @!attribute [rw] sources
|
@@ -715,6 +1311,118 @@ module Aws::AccessAnalyzer
|
|
715
1311
|
include Aws::Structure
|
716
1312
|
end
|
717
1313
|
|
1314
|
+
# Contains the text for the generated policy.
|
1315
|
+
#
|
1316
|
+
# @!attribute [rw] policy
|
1317
|
+
# The text to use as the content for the new policy. The policy is
|
1318
|
+
# created using the [CreatePolicy][1] action.
|
1319
|
+
#
|
1320
|
+
#
|
1321
|
+
#
|
1322
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
|
1323
|
+
# @return [String]
|
1324
|
+
#
|
1325
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicy AWS API Documentation
|
1326
|
+
#
|
1327
|
+
class GeneratedPolicy < Struct.new(
|
1328
|
+
:policy)
|
1329
|
+
SENSITIVE = []
|
1330
|
+
include Aws::Structure
|
1331
|
+
end
|
1332
|
+
|
1333
|
+
# Contains the generated policy details.
|
1334
|
+
#
|
1335
|
+
# @!attribute [rw] cloud_trail_properties
|
1336
|
+
# Lists details about the `Trail` used to generated policy.
|
1337
|
+
# @return [Types::CloudTrailProperties]
|
1338
|
+
#
|
1339
|
+
# @!attribute [rw] is_complete
|
1340
|
+
# This value is set to `true` if the generated policy contains all
|
1341
|
+
# possible actions for a service that Access Analyzer identified from
|
1342
|
+
# the CloudTrail trail that you specified, and `false` otherwise.
|
1343
|
+
# @return [Boolean]
|
1344
|
+
#
|
1345
|
+
# @!attribute [rw] principal_arn
|
1346
|
+
# The ARN of the IAM entity (user or role) for which you are
|
1347
|
+
# generating a policy.
|
1348
|
+
# @return [String]
|
1349
|
+
#
|
1350
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicyProperties AWS API Documentation
|
1351
|
+
#
|
1352
|
+
class GeneratedPolicyProperties < Struct.new(
|
1353
|
+
:cloud_trail_properties,
|
1354
|
+
:is_complete,
|
1355
|
+
:principal_arn)
|
1356
|
+
SENSITIVE = []
|
1357
|
+
include Aws::Structure
|
1358
|
+
end
|
1359
|
+
|
1360
|
+
# Contains the text for the generated policy and its details.
|
1361
|
+
#
|
1362
|
+
# @!attribute [rw] generated_policies
|
1363
|
+
# The text to use as the content for the new policy. The policy is
|
1364
|
+
# created using the [CreatePolicy][1] action.
|
1365
|
+
#
|
1366
|
+
#
|
1367
|
+
#
|
1368
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
|
1369
|
+
# @return [Array<Types::GeneratedPolicy>]
|
1370
|
+
#
|
1371
|
+
# @!attribute [rw] properties
|
1372
|
+
# A `GeneratedPolicyProperties` object that contains properties of the
|
1373
|
+
# generated policy.
|
1374
|
+
# @return [Types::GeneratedPolicyProperties]
|
1375
|
+
#
|
1376
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicyResult AWS API Documentation
|
1377
|
+
#
|
1378
|
+
class GeneratedPolicyResult < Struct.new(
|
1379
|
+
:generated_policies,
|
1380
|
+
:properties)
|
1381
|
+
SENSITIVE = []
|
1382
|
+
include Aws::Structure
|
1383
|
+
end
|
1384
|
+
|
1385
|
+
# @note When making an API call, you may pass GetAccessPreviewRequest
|
1386
|
+
# data as a hash:
|
1387
|
+
#
|
1388
|
+
# {
|
1389
|
+
# access_preview_id: "AccessPreviewId", # required
|
1390
|
+
# analyzer_arn: "AnalyzerArn", # required
|
1391
|
+
# }
|
1392
|
+
#
|
1393
|
+
# @!attribute [rw] access_preview_id
|
1394
|
+
# The unique ID for the access preview.
|
1395
|
+
# @return [String]
|
1396
|
+
#
|
1397
|
+
# @!attribute [rw] analyzer_arn
|
1398
|
+
# The [ARN of the analyzer][1] used to generate the access preview.
|
1399
|
+
#
|
1400
|
+
#
|
1401
|
+
#
|
1402
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1403
|
+
# @return [String]
|
1404
|
+
#
|
1405
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAccessPreviewRequest AWS API Documentation
|
1406
|
+
#
|
1407
|
+
class GetAccessPreviewRequest < Struct.new(
|
1408
|
+
:access_preview_id,
|
1409
|
+
:analyzer_arn)
|
1410
|
+
SENSITIVE = []
|
1411
|
+
include Aws::Structure
|
1412
|
+
end
|
1413
|
+
|
1414
|
+
# @!attribute [rw] access_preview
|
1415
|
+
# An object that contains information about the access preview.
|
1416
|
+
# @return [Types::AccessPreview]
|
1417
|
+
#
|
1418
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAccessPreviewResponse AWS API Documentation
|
1419
|
+
#
|
1420
|
+
class GetAccessPreviewResponse < Struct.new(
|
1421
|
+
:access_preview)
|
1422
|
+
SENSITIVE = []
|
1423
|
+
include Aws::Structure
|
1424
|
+
end
|
1425
|
+
|
718
1426
|
# Retrieves an analyzed resource.
|
719
1427
|
#
|
720
1428
|
# @note When making an API call, you may pass GetAnalyzedResourceRequest
|
@@ -726,7 +1434,11 @@ module Aws::AccessAnalyzer
|
|
726
1434
|
# }
|
727
1435
|
#
|
728
1436
|
# @!attribute [rw] analyzer_arn
|
729
|
-
# The ARN of the analyzer to retrieve information from.
|
1437
|
+
# The [ARN of the analyzer][1] to retrieve information from.
|
1438
|
+
#
|
1439
|
+
#
|
1440
|
+
#
|
1441
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
730
1442
|
# @return [String]
|
731
1443
|
#
|
732
1444
|
# @!attribute [rw] resource_arn
|
@@ -745,7 +1457,7 @@ module Aws::AccessAnalyzer
|
|
745
1457
|
# The response to the request.
|
746
1458
|
#
|
747
1459
|
# @!attribute [rw] resource
|
748
|
-
# An `
|
1460
|
+
# An `AnalyzedResource` object that contains information that Access
|
749
1461
|
# Analyzer found when it analyzed the resource.
|
750
1462
|
# @return [Types::AnalyzedResource]
|
751
1463
|
#
|
@@ -845,7 +1557,11 @@ module Aws::AccessAnalyzer
|
|
845
1557
|
# }
|
846
1558
|
#
|
847
1559
|
# @!attribute [rw] analyzer_arn
|
848
|
-
# The ARN of the analyzer that generated the finding.
|
1560
|
+
# The [ARN of the analyzer][1] that generated the finding.
|
1561
|
+
#
|
1562
|
+
#
|
1563
|
+
#
|
1564
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
849
1565
|
# @return [String]
|
850
1566
|
#
|
851
1567
|
# @!attribute [rw] id
|
@@ -875,7 +1591,103 @@ module Aws::AccessAnalyzer
|
|
875
1591
|
include Aws::Structure
|
876
1592
|
end
|
877
1593
|
|
878
|
-
#
|
1594
|
+
# @note When making an API call, you may pass GetGeneratedPolicyRequest
|
1595
|
+
# data as a hash:
|
1596
|
+
#
|
1597
|
+
# {
|
1598
|
+
# include_resource_placeholders: false,
|
1599
|
+
# include_service_level_template: false,
|
1600
|
+
# job_id: "JobId", # required
|
1601
|
+
# }
|
1602
|
+
#
|
1603
|
+
# @!attribute [rw] include_resource_placeholders
|
1604
|
+
# The level of detail that you want to generate. You can specify
|
1605
|
+
# whether to generate policies with placeholders for resource ARNs for
|
1606
|
+
# actions that support resource level granularity in policies.
|
1607
|
+
#
|
1608
|
+
# For example, in the resource section of a policy, you can receive a
|
1609
|
+
# placeholder such as `"Resource":"arn:aws:s3:::$\{BucketName\}"`
|
1610
|
+
# instead of `"*"`.
|
1611
|
+
# @return [Boolean]
|
1612
|
+
#
|
1613
|
+
# @!attribute [rw] include_service_level_template
|
1614
|
+
# The level of detail that you want to generate. You can specify
|
1615
|
+
# whether to generate service-level policies.
|
1616
|
+
#
|
1617
|
+
# Access Analyzer uses `iam:servicelastaccessed` to identify services
|
1618
|
+
# that have been used recently to create this service-level template.
|
1619
|
+
# @return [Boolean]
|
1620
|
+
#
|
1621
|
+
# @!attribute [rw] job_id
|
1622
|
+
# The `JobId` that is returned by the `StartPolicyGeneration`
|
1623
|
+
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
1624
|
+
# retrieve the generated policies or used with
|
1625
|
+
# `CancelPolicyGeneration` to cancel the policy generation request.
|
1626
|
+
# @return [String]
|
1627
|
+
#
|
1628
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicyRequest AWS API Documentation
|
1629
|
+
#
|
1630
|
+
class GetGeneratedPolicyRequest < Struct.new(
|
1631
|
+
:include_resource_placeholders,
|
1632
|
+
:include_service_level_template,
|
1633
|
+
:job_id)
|
1634
|
+
SENSITIVE = []
|
1635
|
+
include Aws::Structure
|
1636
|
+
end
|
1637
|
+
|
1638
|
+
# @!attribute [rw] generated_policy_result
|
1639
|
+
# A `GeneratedPolicyResult` object that contains the generated
|
1640
|
+
# policies and associated details.
|
1641
|
+
# @return [Types::GeneratedPolicyResult]
|
1642
|
+
#
|
1643
|
+
# @!attribute [rw] job_details
|
1644
|
+
# A `GeneratedPolicyDetails` object that contains details about the
|
1645
|
+
# generated policy.
|
1646
|
+
# @return [Types::JobDetails]
|
1647
|
+
#
|
1648
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicyResponse AWS API Documentation
|
1649
|
+
#
|
1650
|
+
class GetGeneratedPolicyResponse < Struct.new(
|
1651
|
+
:generated_policy_result,
|
1652
|
+
:job_details)
|
1653
|
+
SENSITIVE = []
|
1654
|
+
include Aws::Structure
|
1655
|
+
end
|
1656
|
+
|
1657
|
+
# The proposed access control configuration for an IAM role. You can
|
1658
|
+
# propose a configuration for a new IAM role or an existing IAM role
|
1659
|
+
# that you own by specifying the trust policy. If the configuration is
|
1660
|
+
# for a new IAM role, you must specify the trust policy. If the
|
1661
|
+
# configuration is for an existing IAM role that you own and you do not
|
1662
|
+
# propose the trust policy, the access preview uses the existing trust
|
1663
|
+
# policy for the role. The proposed trust policy cannot be an empty
|
1664
|
+
# string. For more information about role trust policy limits, see [IAM
|
1665
|
+
# and STS quotas][1].
|
1666
|
+
#
|
1667
|
+
#
|
1668
|
+
#
|
1669
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
|
1670
|
+
#
|
1671
|
+
# @note When making an API call, you may pass IamRoleConfiguration
|
1672
|
+
# data as a hash:
|
1673
|
+
#
|
1674
|
+
# {
|
1675
|
+
# trust_policy: "IamTrustPolicy",
|
1676
|
+
# }
|
1677
|
+
#
|
1678
|
+
# @!attribute [rw] trust_policy
|
1679
|
+
# The proposed trust policy for the IAM role.
|
1680
|
+
# @return [String]
|
1681
|
+
#
|
1682
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/IamRoleConfiguration AWS API Documentation
|
1683
|
+
#
|
1684
|
+
class IamRoleConfiguration < Struct.new(
|
1685
|
+
:trust_policy)
|
1686
|
+
SENSITIVE = []
|
1687
|
+
include Aws::Structure
|
1688
|
+
end
|
1689
|
+
|
1690
|
+
# An criterion statement in an archive rule. Each archive rule may have
|
879
1691
|
# multiple criteria.
|
880
1692
|
#
|
881
1693
|
# @note When making an API call, you may pass InlineArchiveRule
|
@@ -928,76 +1740,304 @@ module Aws::AccessAnalyzer
|
|
928
1740
|
include Aws::Structure
|
929
1741
|
end
|
930
1742
|
|
931
|
-
#
|
1743
|
+
# This configuration sets the Amazon S3 access point network origin to
|
1744
|
+
# `Internet`.
|
932
1745
|
#
|
933
|
-
# @
|
1746
|
+
# @api private
|
1747
|
+
#
|
1748
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternetConfiguration AWS API Documentation
|
1749
|
+
#
|
1750
|
+
class InternetConfiguration < Aws::EmptyStructure; end
|
1751
|
+
|
1752
|
+
# Contains details about the policy generation request.
|
1753
|
+
#
|
1754
|
+
# @!attribute [rw] completed_on
|
1755
|
+
# A timestamp of when the job was completed.
|
1756
|
+
# @return [Time]
|
1757
|
+
#
|
1758
|
+
# @!attribute [rw] job_error
|
1759
|
+
# Contains the details about the policy generation error.
|
1760
|
+
# @return [Types::JobError]
|
1761
|
+
#
|
1762
|
+
# @!attribute [rw] job_id
|
1763
|
+
# The `JobId` that is returned by the `StartPolicyGeneration`
|
1764
|
+
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
1765
|
+
# retrieve the generated policies or used with
|
1766
|
+
# `CancelPolicyGeneration` to cancel the policy generation request.
|
1767
|
+
# @return [String]
|
1768
|
+
#
|
1769
|
+
# @!attribute [rw] started_on
|
1770
|
+
# A timestamp of when the job was started.
|
1771
|
+
# @return [Time]
|
1772
|
+
#
|
1773
|
+
# @!attribute [rw] status
|
1774
|
+
# The status of the job request.
|
1775
|
+
# @return [String]
|
1776
|
+
#
|
1777
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/JobDetails AWS API Documentation
|
1778
|
+
#
|
1779
|
+
class JobDetails < Struct.new(
|
1780
|
+
:completed_on,
|
1781
|
+
:job_error,
|
1782
|
+
:job_id,
|
1783
|
+
:started_on,
|
1784
|
+
:status)
|
1785
|
+
SENSITIVE = []
|
1786
|
+
include Aws::Structure
|
1787
|
+
end
|
1788
|
+
|
1789
|
+
# Contains the details about the policy generation error.
|
1790
|
+
#
|
1791
|
+
# @!attribute [rw] code
|
1792
|
+
# The job error code.
|
1793
|
+
# @return [String]
|
1794
|
+
#
|
1795
|
+
# @!attribute [rw] message
|
1796
|
+
# Specific information about the error. For example, which service
|
1797
|
+
# quota was exceeded or which resource was not found.
|
1798
|
+
# @return [String]
|
1799
|
+
#
|
1800
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/JobError AWS API Documentation
|
1801
|
+
#
|
1802
|
+
class JobError < Struct.new(
|
1803
|
+
:code,
|
1804
|
+
:message)
|
1805
|
+
SENSITIVE = []
|
1806
|
+
include Aws::Structure
|
1807
|
+
end
|
1808
|
+
|
1809
|
+
# A proposed grant configuration for a KMS key. For more information,
|
1810
|
+
# see [CreateGrant][1].
|
1811
|
+
#
|
1812
|
+
#
|
1813
|
+
#
|
1814
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html
|
1815
|
+
#
|
1816
|
+
# @note When making an API call, you may pass KmsGrantConfiguration
|
934
1817
|
# data as a hash:
|
935
1818
|
#
|
936
1819
|
# {
|
937
|
-
#
|
938
|
-
#
|
939
|
-
#
|
940
|
-
#
|
1820
|
+
# constraints: {
|
1821
|
+
# encryption_context_equals: {
|
1822
|
+
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1823
|
+
# },
|
1824
|
+
# encryption_context_subset: {
|
1825
|
+
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1826
|
+
# },
|
1827
|
+
# },
|
1828
|
+
# grantee_principal: "GranteePrincipal", # required
|
1829
|
+
# issuing_account: "IssuingAccount", # required
|
1830
|
+
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
1831
|
+
# retiring_principal: "RetiringPrincipal",
|
941
1832
|
# }
|
942
1833
|
#
|
943
|
-
# @!attribute [rw]
|
944
|
-
#
|
945
|
-
#
|
946
|
-
#
|
1834
|
+
# @!attribute [rw] constraints
|
1835
|
+
# Use this structure to propose allowing [cryptographic operations][1]
|
1836
|
+
# in the grant only when the operation request includes the specified
|
1837
|
+
# [encryption context][2].
|
947
1838
|
#
|
948
|
-
# @!attribute [rw] max_results
|
949
|
-
# The maximum number of results to return in the response.
|
950
|
-
# @return [Integer]
|
951
1839
|
#
|
952
|
-
#
|
953
|
-
#
|
1840
|
+
#
|
1841
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
1842
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1843
|
+
# @return [Types::KmsGrantConstraints]
|
1844
|
+
#
|
1845
|
+
# @!attribute [rw] grantee_principal
|
1846
|
+
# The principal that is given permission to perform the operations
|
1847
|
+
# that the grant permits.
|
954
1848
|
# @return [String]
|
955
1849
|
#
|
956
|
-
# @!attribute [rw]
|
957
|
-
# The
|
1850
|
+
# @!attribute [rw] issuing_account
|
1851
|
+
# The AWS account under which the grant was issued. The account is
|
1852
|
+
# used to propose KMS grants issued by accounts other than the owner
|
1853
|
+
# of the key.
|
958
1854
|
# @return [String]
|
959
1855
|
#
|
960
|
-
#
|
1856
|
+
# @!attribute [rw] operations
|
1857
|
+
# A list of operations that the grant permits.
|
1858
|
+
# @return [Array<String>]
|
961
1859
|
#
|
962
|
-
|
963
|
-
|
964
|
-
|
965
|
-
|
966
|
-
|
1860
|
+
# @!attribute [rw] retiring_principal
|
1861
|
+
# The principal that is given permission to retire the grant by using
|
1862
|
+
# [RetireGrant][1] operation.
|
1863
|
+
#
|
1864
|
+
#
|
1865
|
+
#
|
1866
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html
|
1867
|
+
# @return [String]
|
1868
|
+
#
|
1869
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/KmsGrantConfiguration AWS API Documentation
|
1870
|
+
#
|
1871
|
+
class KmsGrantConfiguration < Struct.new(
|
1872
|
+
:constraints,
|
1873
|
+
:grantee_principal,
|
1874
|
+
:issuing_account,
|
1875
|
+
:operations,
|
1876
|
+
:retiring_principal)
|
967
1877
|
SENSITIVE = []
|
968
1878
|
include Aws::Structure
|
969
1879
|
end
|
970
1880
|
|
971
|
-
#
|
1881
|
+
# Use this structure to propose allowing [cryptographic operations][1]
|
1882
|
+
# in the grant only when the operation request includes the specified
|
1883
|
+
# [encryption context][2]. You can specify only one type of encryption
|
1884
|
+
# context. An empty map is treated as not specified. For more
|
1885
|
+
# information, see [GrantConstraints][3].
|
972
1886
|
#
|
973
|
-
# @!attribute [rw] analyzed_resources
|
974
|
-
# A list of resources that were analyzed.
|
975
|
-
# @return [Array<Types::AnalyzedResourceSummary>]
|
976
1887
|
#
|
977
|
-
# @!attribute [rw] next_token
|
978
|
-
# A token used for pagination of results returned.
|
979
|
-
# @return [String]
|
980
1888
|
#
|
981
|
-
#
|
1889
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
1890
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1891
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html
|
982
1892
|
#
|
983
|
-
|
984
|
-
|
985
|
-
|
1893
|
+
# @note When making an API call, you may pass KmsGrantConstraints
|
1894
|
+
# data as a hash:
|
1895
|
+
#
|
1896
|
+
# {
|
1897
|
+
# encryption_context_equals: {
|
1898
|
+
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1899
|
+
# },
|
1900
|
+
# encryption_context_subset: {
|
1901
|
+
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1902
|
+
# },
|
1903
|
+
# }
|
1904
|
+
#
|
1905
|
+
# @!attribute [rw] encryption_context_equals
|
1906
|
+
# A list of key-value pairs that must match the encryption context in
|
1907
|
+
# the [cryptographic operation][1] request. The grant allows the
|
1908
|
+
# operation only when the encryption context in the request is the
|
1909
|
+
# same as the encryption context specified in this constraint.
|
1910
|
+
#
|
1911
|
+
#
|
1912
|
+
#
|
1913
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
1914
|
+
# @return [Hash<String,String>]
|
1915
|
+
#
|
1916
|
+
# @!attribute [rw] encryption_context_subset
|
1917
|
+
# A list of key-value pairs that must be included in the encryption
|
1918
|
+
# context of the [cryptographic operation][1] request. The grant
|
1919
|
+
# allows the cryptographic operation only when the encryption context
|
1920
|
+
# in the request includes the key-value pairs specified in this
|
1921
|
+
# constraint, although it can include additional key-value pairs.
|
1922
|
+
#
|
1923
|
+
#
|
1924
|
+
#
|
1925
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
1926
|
+
# @return [Hash<String,String>]
|
1927
|
+
#
|
1928
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/KmsGrantConstraints AWS API Documentation
|
1929
|
+
#
|
1930
|
+
class KmsGrantConstraints < Struct.new(
|
1931
|
+
:encryption_context_equals,
|
1932
|
+
:encryption_context_subset)
|
986
1933
|
SENSITIVE = []
|
987
1934
|
include Aws::Structure
|
988
1935
|
end
|
989
1936
|
|
990
|
-
#
|
1937
|
+
# Proposed access control configuration for a KMS key. You can propose a
|
1938
|
+
# configuration for a new KMS key or an existing KMS key that you own by
|
1939
|
+
# specifying the key policy and KMS grant configuration. If the
|
1940
|
+
# configuration is for an existing key and you do not specify the key
|
1941
|
+
# policy, the access preview uses the existing policy for the key. If
|
1942
|
+
# the access preview is for a new resource and you do not specify the
|
1943
|
+
# key policy, then the access preview uses the default key policy. The
|
1944
|
+
# proposed key policy cannot be an empty string. For more information,
|
1945
|
+
# see [Default key policy][1]. For more information about key policy
|
1946
|
+
# limits, see [Resource quotas][2].
|
991
1947
|
#
|
992
|
-
#
|
1948
|
+
#
|
1949
|
+
#
|
1950
|
+
#
|
1951
|
+
#
|
1952
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
|
1953
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html
|
1954
|
+
#
|
1955
|
+
# @note When making an API call, you may pass KmsKeyConfiguration
|
1956
|
+
# data as a hash:
|
1957
|
+
#
|
1958
|
+
# {
|
1959
|
+
# grants: [
|
1960
|
+
# {
|
1961
|
+
# constraints: {
|
1962
|
+
# encryption_context_equals: {
|
1963
|
+
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1964
|
+
# },
|
1965
|
+
# encryption_context_subset: {
|
1966
|
+
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1967
|
+
# },
|
1968
|
+
# },
|
1969
|
+
# grantee_principal: "GranteePrincipal", # required
|
1970
|
+
# issuing_account: "IssuingAccount", # required
|
1971
|
+
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
1972
|
+
# retiring_principal: "RetiringPrincipal",
|
1973
|
+
# },
|
1974
|
+
# ],
|
1975
|
+
# key_policies: {
|
1976
|
+
# "PolicyName" => "KmsKeyPolicy",
|
1977
|
+
# },
|
1978
|
+
# }
|
1979
|
+
#
|
1980
|
+
# @!attribute [rw] grants
|
1981
|
+
# A list of proposed grant configurations for the KMS key. If the
|
1982
|
+
# proposed grant configuration is for an existing key, the access
|
1983
|
+
# preview uses the proposed list of grant configurations in place of
|
1984
|
+
# the existing grants. Otherwise, the access preview uses the existing
|
1985
|
+
# grants for the key.
|
1986
|
+
# @return [Array<Types::KmsGrantConfiguration>]
|
1987
|
+
#
|
1988
|
+
# @!attribute [rw] key_policies
|
1989
|
+
# Resource policy configuration for the KMS key. The only valid value
|
1990
|
+
# for the name of the key policy is `default`. For more information,
|
1991
|
+
# see [Default key policy][1].
|
1992
|
+
#
|
1993
|
+
#
|
1994
|
+
#
|
1995
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
|
1996
|
+
# @return [Hash<String,String>]
|
1997
|
+
#
|
1998
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/KmsKeyConfiguration AWS API Documentation
|
1999
|
+
#
|
2000
|
+
class KmsKeyConfiguration < Struct.new(
|
2001
|
+
:grants,
|
2002
|
+
:key_policies)
|
2003
|
+
SENSITIVE = []
|
2004
|
+
include Aws::Structure
|
2005
|
+
end
|
2006
|
+
|
2007
|
+
# @note When making an API call, you may pass ListAccessPreviewFindingsRequest
|
993
2008
|
# data as a hash:
|
994
2009
|
#
|
995
2010
|
# {
|
2011
|
+
# access_preview_id: "AccessPreviewId", # required
|
2012
|
+
# analyzer_arn: "AnalyzerArn", # required
|
2013
|
+
# filter: {
|
2014
|
+
# "String" => {
|
2015
|
+
# contains: ["String"],
|
2016
|
+
# eq: ["String"],
|
2017
|
+
# exists: false,
|
2018
|
+
# neq: ["String"],
|
2019
|
+
# },
|
2020
|
+
# },
|
996
2021
|
# max_results: 1,
|
997
2022
|
# next_token: "Token",
|
998
|
-
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
|
999
2023
|
# }
|
1000
2024
|
#
|
2025
|
+
# @!attribute [rw] access_preview_id
|
2026
|
+
# The unique ID for the access preview.
|
2027
|
+
# @return [String]
|
2028
|
+
#
|
2029
|
+
# @!attribute [rw] analyzer_arn
|
2030
|
+
# The [ARN of the analyzer][1] used to generate the access.
|
2031
|
+
#
|
2032
|
+
#
|
2033
|
+
#
|
2034
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
2035
|
+
# @return [String]
|
2036
|
+
#
|
2037
|
+
# @!attribute [rw] filter
|
2038
|
+
# Criteria to filter the returned findings.
|
2039
|
+
# @return [Hash<String,Types::Criterion>]
|
2040
|
+
#
|
1001
2041
|
# @!attribute [rw] max_results
|
1002
2042
|
# The maximum number of results to return in the response.
|
1003
2043
|
# @return [Integer]
|
@@ -1006,220 +2046,893 @@ module Aws::AccessAnalyzer
|
|
1006
2046
|
# A token used for pagination of results returned.
|
1007
2047
|
# @return [String]
|
1008
2048
|
#
|
1009
|
-
#
|
1010
|
-
# The type of analyzer.
|
1011
|
-
# @return [String]
|
1012
|
-
#
|
1013
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzersRequest AWS API Documentation
|
2049
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindingsRequest AWS API Documentation
|
1014
2050
|
#
|
1015
|
-
class
|
2051
|
+
class ListAccessPreviewFindingsRequest < Struct.new(
|
2052
|
+
:access_preview_id,
|
2053
|
+
:analyzer_arn,
|
2054
|
+
:filter,
|
1016
2055
|
:max_results,
|
1017
|
-
:next_token
|
1018
|
-
:type)
|
2056
|
+
:next_token)
|
1019
2057
|
SENSITIVE = []
|
1020
2058
|
include Aws::Structure
|
1021
2059
|
end
|
1022
2060
|
|
1023
|
-
#
|
1024
|
-
#
|
1025
|
-
#
|
1026
|
-
#
|
1027
|
-
# @return [Array<Types::AnalyzerSummary>]
|
2061
|
+
# @!attribute [rw] findings
|
2062
|
+
# A list of access preview findings that match the specified filter
|
2063
|
+
# criteria.
|
2064
|
+
# @return [Array<Types::AccessPreviewFinding>]
|
1028
2065
|
#
|
1029
2066
|
# @!attribute [rw] next_token
|
1030
2067
|
# A token used for pagination of results returned.
|
1031
2068
|
# @return [String]
|
1032
2069
|
#
|
1033
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/
|
2070
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindingsResponse AWS API Documentation
|
1034
2071
|
#
|
1035
|
-
class
|
1036
|
-
:
|
2072
|
+
class ListAccessPreviewFindingsResponse < Struct.new(
|
2073
|
+
:findings,
|
1037
2074
|
:next_token)
|
1038
2075
|
SENSITIVE = []
|
1039
2076
|
include Aws::Structure
|
1040
2077
|
end
|
1041
2078
|
|
1042
|
-
#
|
1043
|
-
#
|
1044
|
-
# @note When making an API call, you may pass ListArchiveRulesRequest
|
2079
|
+
# @note When making an API call, you may pass ListAccessPreviewsRequest
|
1045
2080
|
# data as a hash:
|
1046
2081
|
#
|
1047
2082
|
# {
|
1048
|
-
#
|
2083
|
+
# analyzer_arn: "AnalyzerArn", # required
|
1049
2084
|
# max_results: 1,
|
1050
2085
|
# next_token: "Token",
|
1051
2086
|
# }
|
1052
2087
|
#
|
1053
|
-
# @!attribute [rw]
|
1054
|
-
# The
|
2088
|
+
# @!attribute [rw] analyzer_arn
|
2089
|
+
# The [ARN of the analyzer][1] used to generate the access preview.
|
2090
|
+
#
|
2091
|
+
#
|
2092
|
+
#
|
2093
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1055
2094
|
# @return [String]
|
1056
2095
|
#
|
1057
2096
|
# @!attribute [rw] max_results
|
1058
|
-
# The maximum number of results to return in the
|
2097
|
+
# The maximum number of results to return in the response.
|
1059
2098
|
# @return [Integer]
|
1060
2099
|
#
|
1061
2100
|
# @!attribute [rw] next_token
|
1062
2101
|
# A token used for pagination of results returned.
|
1063
2102
|
# @return [String]
|
1064
2103
|
#
|
1065
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/
|
2104
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewsRequest AWS API Documentation
|
1066
2105
|
#
|
1067
|
-
class
|
1068
|
-
:
|
2106
|
+
class ListAccessPreviewsRequest < Struct.new(
|
2107
|
+
:analyzer_arn,
|
1069
2108
|
:max_results,
|
1070
2109
|
:next_token)
|
1071
2110
|
SENSITIVE = []
|
1072
2111
|
include Aws::Structure
|
1073
2112
|
end
|
1074
2113
|
|
1075
|
-
#
|
1076
|
-
#
|
1077
|
-
#
|
1078
|
-
# A list of archive rules created for the specified analyzer.
|
1079
|
-
# @return [Array<Types::ArchiveRuleSummary>]
|
2114
|
+
# @!attribute [rw] access_previews
|
2115
|
+
# A list of access previews retrieved for the analyzer.
|
2116
|
+
# @return [Array<Types::AccessPreviewSummary>]
|
1080
2117
|
#
|
1081
2118
|
# @!attribute [rw] next_token
|
1082
2119
|
# A token used for pagination of results returned.
|
1083
2120
|
# @return [String]
|
1084
2121
|
#
|
1085
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/
|
2122
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewsResponse AWS API Documentation
|
1086
2123
|
#
|
1087
|
-
class
|
1088
|
-
:
|
2124
|
+
class ListAccessPreviewsResponse < Struct.new(
|
2125
|
+
:access_previews,
|
1089
2126
|
:next_token)
|
1090
2127
|
SENSITIVE = []
|
1091
2128
|
include Aws::Structure
|
1092
2129
|
end
|
1093
2130
|
|
1094
|
-
# Retrieves a list of
|
2131
|
+
# Retrieves a list of resources that have been analyzed.
|
1095
2132
|
#
|
1096
|
-
# @note When making an API call, you may pass
|
2133
|
+
# @note When making an API call, you may pass ListAnalyzedResourcesRequest
|
1097
2134
|
# data as a hash:
|
1098
2135
|
#
|
1099
2136
|
# {
|
1100
2137
|
# analyzer_arn: "AnalyzerArn", # required
|
1101
|
-
# filter: {
|
1102
|
-
# "String" => {
|
1103
|
-
# contains: ["String"],
|
1104
|
-
# eq: ["String"],
|
1105
|
-
# exists: false,
|
1106
|
-
# neq: ["String"],
|
1107
|
-
# },
|
1108
|
-
# },
|
1109
2138
|
# max_results: 1,
|
1110
2139
|
# next_token: "Token",
|
1111
|
-
#
|
1112
|
-
#
|
1113
|
-
#
|
2140
|
+
# resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
|
2141
|
+
# }
|
2142
|
+
#
|
2143
|
+
# @!attribute [rw] analyzer_arn
|
2144
|
+
# The [ARN of the analyzer][1] to retrieve a list of analyzed
|
2145
|
+
# resources from.
|
2146
|
+
#
|
2147
|
+
#
|
2148
|
+
#
|
2149
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
2150
|
+
# @return [String]
|
2151
|
+
#
|
2152
|
+
# @!attribute [rw] max_results
|
2153
|
+
# The maximum number of results to return in the response.
|
2154
|
+
# @return [Integer]
|
2155
|
+
#
|
2156
|
+
# @!attribute [rw] next_token
|
2157
|
+
# A token used for pagination of results returned.
|
2158
|
+
# @return [String]
|
2159
|
+
#
|
2160
|
+
# @!attribute [rw] resource_type
|
2161
|
+
# The type of resource.
|
2162
|
+
# @return [String]
|
2163
|
+
#
|
2164
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResourcesRequest AWS API Documentation
|
2165
|
+
#
|
2166
|
+
class ListAnalyzedResourcesRequest < Struct.new(
|
2167
|
+
:analyzer_arn,
|
2168
|
+
:max_results,
|
2169
|
+
:next_token,
|
2170
|
+
:resource_type)
|
2171
|
+
SENSITIVE = []
|
2172
|
+
include Aws::Structure
|
2173
|
+
end
|
2174
|
+
|
2175
|
+
# The response to the request.
|
2176
|
+
#
|
2177
|
+
# @!attribute [rw] analyzed_resources
|
2178
|
+
# A list of resources that were analyzed.
|
2179
|
+
# @return [Array<Types::AnalyzedResourceSummary>]
|
2180
|
+
#
|
2181
|
+
# @!attribute [rw] next_token
|
2182
|
+
# A token used for pagination of results returned.
|
2183
|
+
# @return [String]
|
2184
|
+
#
|
2185
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResourcesResponse AWS API Documentation
|
2186
|
+
#
|
2187
|
+
class ListAnalyzedResourcesResponse < Struct.new(
|
2188
|
+
:analyzed_resources,
|
2189
|
+
:next_token)
|
2190
|
+
SENSITIVE = []
|
2191
|
+
include Aws::Structure
|
2192
|
+
end
|
2193
|
+
|
2194
|
+
# Retrieves a list of analyzers.
|
2195
|
+
#
|
2196
|
+
# @note When making an API call, you may pass ListAnalyzersRequest
|
2197
|
+
# data as a hash:
|
2198
|
+
#
|
2199
|
+
# {
|
2200
|
+
# max_results: 1,
|
2201
|
+
# next_token: "Token",
|
2202
|
+
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
|
2203
|
+
# }
|
2204
|
+
#
|
2205
|
+
# @!attribute [rw] max_results
|
2206
|
+
# The maximum number of results to return in the response.
|
2207
|
+
# @return [Integer]
|
2208
|
+
#
|
2209
|
+
# @!attribute [rw] next_token
|
2210
|
+
# A token used for pagination of results returned.
|
2211
|
+
# @return [String]
|
2212
|
+
#
|
2213
|
+
# @!attribute [rw] type
|
2214
|
+
# The type of analyzer.
|
2215
|
+
# @return [String]
|
2216
|
+
#
|
2217
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzersRequest AWS API Documentation
|
2218
|
+
#
|
2219
|
+
class ListAnalyzersRequest < Struct.new(
|
2220
|
+
:max_results,
|
2221
|
+
:next_token,
|
2222
|
+
:type)
|
2223
|
+
SENSITIVE = []
|
2224
|
+
include Aws::Structure
|
2225
|
+
end
|
2226
|
+
|
2227
|
+
# The response to the request.
|
2228
|
+
#
|
2229
|
+
# @!attribute [rw] analyzers
|
2230
|
+
# The analyzers retrieved.
|
2231
|
+
# @return [Array<Types::AnalyzerSummary>]
|
2232
|
+
#
|
2233
|
+
# @!attribute [rw] next_token
|
2234
|
+
# A token used for pagination of results returned.
|
2235
|
+
# @return [String]
|
2236
|
+
#
|
2237
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzersResponse AWS API Documentation
|
2238
|
+
#
|
2239
|
+
class ListAnalyzersResponse < Struct.new(
|
2240
|
+
:analyzers,
|
2241
|
+
:next_token)
|
2242
|
+
SENSITIVE = []
|
2243
|
+
include Aws::Structure
|
2244
|
+
end
|
2245
|
+
|
2246
|
+
# Retrieves a list of archive rules created for the specified analyzer.
|
2247
|
+
#
|
2248
|
+
# @note When making an API call, you may pass ListArchiveRulesRequest
|
2249
|
+
# data as a hash:
|
2250
|
+
#
|
2251
|
+
# {
|
2252
|
+
# analyzer_name: "Name", # required
|
2253
|
+
# max_results: 1,
|
2254
|
+
# next_token: "Token",
|
2255
|
+
# }
|
2256
|
+
#
|
2257
|
+
# @!attribute [rw] analyzer_name
|
2258
|
+
# The name of the analyzer to retrieve rules from.
|
2259
|
+
# @return [String]
|
2260
|
+
#
|
2261
|
+
# @!attribute [rw] max_results
|
2262
|
+
# The maximum number of results to return in the request.
|
2263
|
+
# @return [Integer]
|
2264
|
+
#
|
2265
|
+
# @!attribute [rw] next_token
|
2266
|
+
# A token used for pagination of results returned.
|
2267
|
+
# @return [String]
|
2268
|
+
#
|
2269
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListArchiveRulesRequest AWS API Documentation
|
2270
|
+
#
|
2271
|
+
class ListArchiveRulesRequest < Struct.new(
|
2272
|
+
:analyzer_name,
|
2273
|
+
:max_results,
|
2274
|
+
:next_token)
|
2275
|
+
SENSITIVE = []
|
2276
|
+
include Aws::Structure
|
2277
|
+
end
|
2278
|
+
|
2279
|
+
# The response to the request.
|
2280
|
+
#
|
2281
|
+
# @!attribute [rw] archive_rules
|
2282
|
+
# A list of archive rules created for the specified analyzer.
|
2283
|
+
# @return [Array<Types::ArchiveRuleSummary>]
|
2284
|
+
#
|
2285
|
+
# @!attribute [rw] next_token
|
2286
|
+
# A token used for pagination of results returned.
|
2287
|
+
# @return [String]
|
2288
|
+
#
|
2289
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListArchiveRulesResponse AWS API Documentation
|
2290
|
+
#
|
2291
|
+
class ListArchiveRulesResponse < Struct.new(
|
2292
|
+
:archive_rules,
|
2293
|
+
:next_token)
|
2294
|
+
SENSITIVE = []
|
2295
|
+
include Aws::Structure
|
2296
|
+
end
|
2297
|
+
|
2298
|
+
# Retrieves a list of findings generated by the specified analyzer.
|
2299
|
+
#
|
2300
|
+
# @note When making an API call, you may pass ListFindingsRequest
|
2301
|
+
# data as a hash:
|
2302
|
+
#
|
2303
|
+
# {
|
2304
|
+
# analyzer_arn: "AnalyzerArn", # required
|
2305
|
+
# filter: {
|
2306
|
+
# "String" => {
|
2307
|
+
# contains: ["String"],
|
2308
|
+
# eq: ["String"],
|
2309
|
+
# exists: false,
|
2310
|
+
# neq: ["String"],
|
2311
|
+
# },
|
2312
|
+
# },
|
2313
|
+
# max_results: 1,
|
2314
|
+
# next_token: "Token",
|
2315
|
+
# sort: {
|
2316
|
+
# attribute_name: "String",
|
2317
|
+
# order_by: "ASC", # accepts ASC, DESC
|
2318
|
+
# },
|
2319
|
+
# }
|
2320
|
+
#
|
2321
|
+
# @!attribute [rw] analyzer_arn
|
2322
|
+
# The [ARN of the analyzer][1] to retrieve findings from.
|
2323
|
+
#
|
2324
|
+
#
|
2325
|
+
#
|
2326
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
2327
|
+
# @return [String]
|
2328
|
+
#
|
2329
|
+
# @!attribute [rw] filter
|
2330
|
+
# A filter to match for the findings to return.
|
2331
|
+
# @return [Hash<String,Types::Criterion>]
|
2332
|
+
#
|
2333
|
+
# @!attribute [rw] max_results
|
2334
|
+
# The maximum number of results to return in the response.
|
2335
|
+
# @return [Integer]
|
2336
|
+
#
|
2337
|
+
# @!attribute [rw] next_token
|
2338
|
+
# A token used for pagination of results returned.
|
2339
|
+
# @return [String]
|
2340
|
+
#
|
2341
|
+
# @!attribute [rw] sort
|
2342
|
+
# The sort order for the findings returned.
|
2343
|
+
# @return [Types::SortCriteria]
|
2344
|
+
#
|
2345
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindingsRequest AWS API Documentation
|
2346
|
+
#
|
2347
|
+
class ListFindingsRequest < Struct.new(
|
2348
|
+
:analyzer_arn,
|
2349
|
+
:filter,
|
2350
|
+
:max_results,
|
2351
|
+
:next_token,
|
2352
|
+
:sort)
|
2353
|
+
SENSITIVE = []
|
2354
|
+
include Aws::Structure
|
2355
|
+
end
|
2356
|
+
|
2357
|
+
# The response to the request.
|
2358
|
+
#
|
2359
|
+
# @!attribute [rw] findings
|
2360
|
+
# A list of findings retrieved from the analyzer that match the filter
|
2361
|
+
# criteria specified, if any.
|
2362
|
+
# @return [Array<Types::FindingSummary>]
|
2363
|
+
#
|
2364
|
+
# @!attribute [rw] next_token
|
2365
|
+
# A token used for pagination of results returned.
|
2366
|
+
# @return [String]
|
2367
|
+
#
|
2368
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindingsResponse AWS API Documentation
|
2369
|
+
#
|
2370
|
+
class ListFindingsResponse < Struct.new(
|
2371
|
+
:findings,
|
2372
|
+
:next_token)
|
2373
|
+
SENSITIVE = []
|
2374
|
+
include Aws::Structure
|
2375
|
+
end
|
2376
|
+
|
2377
|
+
# @note When making an API call, you may pass ListPolicyGenerationsRequest
|
2378
|
+
# data as a hash:
|
2379
|
+
#
|
2380
|
+
# {
|
2381
|
+
# max_results: 1,
|
2382
|
+
# next_token: "Token",
|
2383
|
+
# principal_arn: "PrincipalArn",
|
2384
|
+
# }
|
2385
|
+
#
|
2386
|
+
# @!attribute [rw] max_results
|
2387
|
+
# The maximum number of results to return in the response.
|
2388
|
+
# @return [Integer]
|
2389
|
+
#
|
2390
|
+
# @!attribute [rw] next_token
|
2391
|
+
# A token used for pagination of results returned.
|
2392
|
+
# @return [String]
|
2393
|
+
#
|
2394
|
+
# @!attribute [rw] principal_arn
|
2395
|
+
# The ARN of the IAM entity (user or role) for which you are
|
2396
|
+
# generating a policy. Use this with `ListGeneratedPolicies` to filter
|
2397
|
+
# the results to only include results for a specific principal.
|
2398
|
+
# @return [String]
|
2399
|
+
#
|
2400
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerationsRequest AWS API Documentation
|
2401
|
+
#
|
2402
|
+
class ListPolicyGenerationsRequest < Struct.new(
|
2403
|
+
:max_results,
|
2404
|
+
:next_token,
|
2405
|
+
:principal_arn)
|
2406
|
+
SENSITIVE = []
|
2407
|
+
include Aws::Structure
|
2408
|
+
end
|
2409
|
+
|
2410
|
+
# @!attribute [rw] next_token
|
2411
|
+
# A token used for pagination of results returned.
|
2412
|
+
# @return [String]
|
2413
|
+
#
|
2414
|
+
# @!attribute [rw] policy_generations
|
2415
|
+
# A `PolicyGeneration` object that contains details about the
|
2416
|
+
# generated policy.
|
2417
|
+
# @return [Array<Types::PolicyGeneration>]
|
2418
|
+
#
|
2419
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerationsResponse AWS API Documentation
|
2420
|
+
#
|
2421
|
+
class ListPolicyGenerationsResponse < Struct.new(
|
2422
|
+
:next_token,
|
2423
|
+
:policy_generations)
|
2424
|
+
SENSITIVE = []
|
2425
|
+
include Aws::Structure
|
2426
|
+
end
|
2427
|
+
|
2428
|
+
# Retrieves a list of tags applied to the specified resource.
|
2429
|
+
#
|
2430
|
+
# @note When making an API call, you may pass ListTagsForResourceRequest
|
2431
|
+
# data as a hash:
|
2432
|
+
#
|
2433
|
+
# {
|
2434
|
+
# resource_arn: "String", # required
|
2435
|
+
# }
|
2436
|
+
#
|
2437
|
+
# @!attribute [rw] resource_arn
|
2438
|
+
# The ARN of the resource to retrieve tags from.
|
2439
|
+
# @return [String]
|
2440
|
+
#
|
2441
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListTagsForResourceRequest AWS API Documentation
|
2442
|
+
#
|
2443
|
+
class ListTagsForResourceRequest < Struct.new(
|
2444
|
+
:resource_arn)
|
2445
|
+
SENSITIVE = []
|
2446
|
+
include Aws::Structure
|
2447
|
+
end
|
2448
|
+
|
2449
|
+
# The response to the request.
|
2450
|
+
#
|
2451
|
+
# @!attribute [rw] tags
|
2452
|
+
# The tags that are applied to the specified resource.
|
2453
|
+
# @return [Hash<String,String>]
|
2454
|
+
#
|
2455
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListTagsForResourceResponse AWS API Documentation
|
2456
|
+
#
|
2457
|
+
class ListTagsForResourceResponse < Struct.new(
|
2458
|
+
:tags)
|
2459
|
+
SENSITIVE = []
|
2460
|
+
include Aws::Structure
|
2461
|
+
end
|
2462
|
+
|
2463
|
+
# A location in a policy that is represented as a path through the JSON
|
2464
|
+
# representation and a corresponding span.
|
2465
|
+
#
|
2466
|
+
# @!attribute [rw] path
|
2467
|
+
# A path in a policy, represented as a sequence of path elements.
|
2468
|
+
# @return [Array<Types::PathElement>]
|
2469
|
+
#
|
2470
|
+
# @!attribute [rw] span
|
2471
|
+
# A span in a policy.
|
2472
|
+
# @return [Types::Span]
|
2473
|
+
#
|
2474
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Location AWS API Documentation
|
2475
|
+
#
|
2476
|
+
class Location < Struct.new(
|
2477
|
+
:path,
|
2478
|
+
:span)
|
2479
|
+
SENSITIVE = []
|
2480
|
+
include Aws::Structure
|
2481
|
+
end
|
2482
|
+
|
2483
|
+
# The proposed `InternetConfiguration` or `VpcConfiguration` to apply to
|
2484
|
+
# the Amazon S3 Access point. You can make the access point accessible
|
2485
|
+
# from the internet, or you can specify that all requests made through
|
2486
|
+
# that access point must originate from a specific virtual private cloud
|
2487
|
+
# (VPC). You can specify only one type of network configuration. For
|
2488
|
+
# more information, see [Creating access points][1].
|
2489
|
+
#
|
2490
|
+
#
|
2491
|
+
#
|
2492
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
|
2493
|
+
#
|
2494
|
+
# @note When making an API call, you may pass NetworkOriginConfiguration
|
2495
|
+
# data as a hash:
|
2496
|
+
#
|
2497
|
+
# {
|
2498
|
+
# internet_configuration: {
|
2499
|
+
# },
|
2500
|
+
# vpc_configuration: {
|
2501
|
+
# vpc_id: "VpcId", # required
|
2502
|
+
# },
|
2503
|
+
# }
|
2504
|
+
#
|
2505
|
+
# @!attribute [rw] internet_configuration
|
2506
|
+
# The configuration for the Amazon S3 access point with an `Internet`
|
2507
|
+
# origin.
|
2508
|
+
# @return [Types::InternetConfiguration]
|
2509
|
+
#
|
2510
|
+
# @!attribute [rw] vpc_configuration
|
2511
|
+
# The proposed virtual private cloud (VPC) configuration for the
|
2512
|
+
# Amazon S3 access point. For more information, see
|
2513
|
+
# [VpcConfiguration][1].
|
2514
|
+
#
|
2515
|
+
#
|
2516
|
+
#
|
2517
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html
|
2518
|
+
# @return [Types::VpcConfiguration]
|
2519
|
+
#
|
2520
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/NetworkOriginConfiguration AWS API Documentation
|
2521
|
+
#
|
2522
|
+
class NetworkOriginConfiguration < Struct.new(
|
2523
|
+
:internet_configuration,
|
2524
|
+
:vpc_configuration)
|
2525
|
+
SENSITIVE = []
|
2526
|
+
include Aws::Structure
|
2527
|
+
end
|
2528
|
+
|
2529
|
+
# A single element in a path through the JSON representation of a
|
2530
|
+
# policy.
|
2531
|
+
#
|
2532
|
+
# @!attribute [rw] index
|
2533
|
+
# Refers to an index in a JSON array.
|
2534
|
+
# @return [Integer]
|
2535
|
+
#
|
2536
|
+
# @!attribute [rw] key
|
2537
|
+
# Refers to a key in a JSON object.
|
2538
|
+
# @return [String]
|
2539
|
+
#
|
2540
|
+
# @!attribute [rw] substring
|
2541
|
+
# Refers to a substring of a literal string in a JSON object.
|
2542
|
+
# @return [Types::Substring]
|
2543
|
+
#
|
2544
|
+
# @!attribute [rw] value
|
2545
|
+
# Refers to the value associated with a given key in a JSON object.
|
2546
|
+
# @return [String]
|
2547
|
+
#
|
2548
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/PathElement AWS API Documentation
|
2549
|
+
#
|
2550
|
+
class PathElement < Struct.new(
|
2551
|
+
:index,
|
2552
|
+
:key,
|
2553
|
+
:substring,
|
2554
|
+
:value)
|
2555
|
+
SENSITIVE = []
|
2556
|
+
include Aws::Structure
|
2557
|
+
end
|
2558
|
+
|
2559
|
+
# Contains details about the policy generation status and properties.
|
2560
|
+
#
|
2561
|
+
# @!attribute [rw] completed_on
|
2562
|
+
# A timestamp of when the policy generation was completed.
|
2563
|
+
# @return [Time]
|
2564
|
+
#
|
2565
|
+
# @!attribute [rw] job_id
|
2566
|
+
# The `JobId` that is returned by the `StartPolicyGeneration`
|
2567
|
+
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
2568
|
+
# retrieve the generated policies or used with
|
2569
|
+
# `CancelPolicyGeneration` to cancel the policy generation request.
|
2570
|
+
# @return [String]
|
2571
|
+
#
|
2572
|
+
# @!attribute [rw] principal_arn
|
2573
|
+
# The ARN of the IAM entity (user or role) for which you are
|
2574
|
+
# generating a policy.
|
2575
|
+
# @return [String]
|
2576
|
+
#
|
2577
|
+
# @!attribute [rw] started_on
|
2578
|
+
# A timestamp of when the policy generation started.
|
2579
|
+
# @return [Time]
|
2580
|
+
#
|
2581
|
+
# @!attribute [rw] status
|
2582
|
+
# The status of the policy generation request.
|
2583
|
+
# @return [String]
|
2584
|
+
#
|
2585
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/PolicyGeneration AWS API Documentation
|
2586
|
+
#
|
2587
|
+
class PolicyGeneration < Struct.new(
|
2588
|
+
:completed_on,
|
2589
|
+
:job_id,
|
2590
|
+
:principal_arn,
|
2591
|
+
:started_on,
|
2592
|
+
:status)
|
2593
|
+
SENSITIVE = []
|
2594
|
+
include Aws::Structure
|
2595
|
+
end
|
2596
|
+
|
2597
|
+
# Contains the ARN details about the IAM entity for which the policy is
|
2598
|
+
# generated.
|
2599
|
+
#
|
2600
|
+
# @note When making an API call, you may pass PolicyGenerationDetails
|
2601
|
+
# data as a hash:
|
2602
|
+
#
|
2603
|
+
# {
|
2604
|
+
# principal_arn: "PrincipalArn", # required
|
2605
|
+
# }
|
2606
|
+
#
|
2607
|
+
# @!attribute [rw] principal_arn
|
2608
|
+
# The ARN of the IAM entity (user or role) for which you are
|
2609
|
+
# generating a policy.
|
2610
|
+
# @return [String]
|
2611
|
+
#
|
2612
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/PolicyGenerationDetails AWS API Documentation
|
2613
|
+
#
|
2614
|
+
class PolicyGenerationDetails < Struct.new(
|
2615
|
+
:principal_arn)
|
2616
|
+
SENSITIVE = []
|
2617
|
+
include Aws::Structure
|
2618
|
+
end
|
2619
|
+
|
2620
|
+
# A position in a policy.
|
2621
|
+
#
|
2622
|
+
# @!attribute [rw] column
|
2623
|
+
# The column of the position, starting from 0.
|
2624
|
+
# @return [Integer]
|
2625
|
+
#
|
2626
|
+
# @!attribute [rw] line
|
2627
|
+
# The line of the position, starting from 1.
|
2628
|
+
# @return [Integer]
|
2629
|
+
#
|
2630
|
+
# @!attribute [rw] offset
|
2631
|
+
# The offset within the policy that corresponds to the position,
|
2632
|
+
# starting from 0.
|
2633
|
+
# @return [Integer]
|
2634
|
+
#
|
2635
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Position AWS API Documentation
|
2636
|
+
#
|
2637
|
+
class Position < Struct.new(
|
2638
|
+
:column,
|
2639
|
+
:line,
|
2640
|
+
:offset)
|
2641
|
+
SENSITIVE = []
|
2642
|
+
include Aws::Structure
|
2643
|
+
end
|
2644
|
+
|
2645
|
+
# The specified resource could not be found.
|
2646
|
+
#
|
2647
|
+
# @!attribute [rw] message
|
2648
|
+
# @return [String]
|
2649
|
+
#
|
2650
|
+
# @!attribute [rw] resource_id
|
2651
|
+
# The ID of the resource.
|
2652
|
+
# @return [String]
|
2653
|
+
#
|
2654
|
+
# @!attribute [rw] resource_type
|
2655
|
+
# The type of the resource.
|
2656
|
+
# @return [String]
|
2657
|
+
#
|
2658
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ResourceNotFoundException AWS API Documentation
|
2659
|
+
#
|
2660
|
+
class ResourceNotFoundException < Struct.new(
|
2661
|
+
:message,
|
2662
|
+
:resource_id,
|
2663
|
+
:resource_type)
|
2664
|
+
SENSITIVE = []
|
2665
|
+
include Aws::Structure
|
2666
|
+
end
|
2667
|
+
|
2668
|
+
# The configuration for an Amazon S3 access point for the bucket. You
|
2669
|
+
# can propose up to 10 access points per bucket. If the proposed Amazon
|
2670
|
+
# S3 access point configuration is for an existing bucket, the access
|
2671
|
+
# preview uses the proposed access point configuration in place of the
|
2672
|
+
# existing access points. To propose an access point without a policy,
|
2673
|
+
# you can provide an empty string as the access point policy. For more
|
2674
|
+
# information, see [Creating access points][1]. For more information
|
2675
|
+
# about access point policy limits, see [Access points restrictions and
|
2676
|
+
# limitations][2].
|
2677
|
+
#
|
2678
|
+
#
|
2679
|
+
#
|
2680
|
+
# [1]: https://docs.aws.amazon.com/https:/docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
|
2681
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html
|
2682
|
+
#
|
2683
|
+
# @note When making an API call, you may pass S3AccessPointConfiguration
|
2684
|
+
# data as a hash:
|
2685
|
+
#
|
2686
|
+
# {
|
2687
|
+
# access_point_policy: "AccessPointPolicy",
|
2688
|
+
# network_origin: {
|
2689
|
+
# internet_configuration: {
|
2690
|
+
# },
|
2691
|
+
# vpc_configuration: {
|
2692
|
+
# vpc_id: "VpcId", # required
|
2693
|
+
# },
|
2694
|
+
# },
|
2695
|
+
# public_access_block: {
|
2696
|
+
# ignore_public_acls: false, # required
|
2697
|
+
# restrict_public_buckets: false, # required
|
2698
|
+
# },
|
2699
|
+
# }
|
2700
|
+
#
|
2701
|
+
# @!attribute [rw] access_point_policy
|
2702
|
+
# The access point policy.
|
2703
|
+
# @return [String]
|
2704
|
+
#
|
2705
|
+
# @!attribute [rw] network_origin
|
2706
|
+
# The proposed `Internet` and `VpcConfiguration` to apply to this
|
2707
|
+
# Amazon S3 access point. If the access preview is for a new resource
|
2708
|
+
# and neither is specified, the access preview uses `Internet` for the
|
2709
|
+
# network origin. If the access preview is for an existing resource
|
2710
|
+
# and neither is specified, the access preview uses the exiting
|
2711
|
+
# network origin.
|
2712
|
+
# @return [Types::NetworkOriginConfiguration]
|
2713
|
+
#
|
2714
|
+
# @!attribute [rw] public_access_block
|
2715
|
+
# The proposed `S3PublicAccessBlock` configuration to apply to this
|
2716
|
+
# Amazon S3 Access Point.
|
2717
|
+
# @return [Types::S3PublicAccessBlockConfiguration]
|
2718
|
+
#
|
2719
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3AccessPointConfiguration AWS API Documentation
|
2720
|
+
#
|
2721
|
+
class S3AccessPointConfiguration < Struct.new(
|
2722
|
+
:access_point_policy,
|
2723
|
+
:network_origin,
|
2724
|
+
:public_access_block)
|
2725
|
+
SENSITIVE = []
|
2726
|
+
include Aws::Structure
|
2727
|
+
end
|
2728
|
+
|
2729
|
+
# A proposed access control list grant configuration for an Amazon S3
|
2730
|
+
# bucket. For more information, see [How to Specify an ACL][1].
|
2731
|
+
#
|
2732
|
+
#
|
2733
|
+
#
|
2734
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#setting-acls
|
2735
|
+
#
|
2736
|
+
# @note When making an API call, you may pass S3BucketAclGrantConfiguration
|
2737
|
+
# data as a hash:
|
2738
|
+
#
|
2739
|
+
# {
|
2740
|
+
# grantee: { # required
|
2741
|
+
# id: "AclCanonicalId",
|
2742
|
+
# uri: "AclUri",
|
2743
|
+
# },
|
2744
|
+
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
2745
|
+
# }
|
2746
|
+
#
|
2747
|
+
# @!attribute [rw] grantee
|
2748
|
+
# The grantee to whom you’re assigning access rights.
|
2749
|
+
# @return [Types::AclGrantee]
|
2750
|
+
#
|
2751
|
+
# @!attribute [rw] permission
|
2752
|
+
# The permissions being granted.
|
2753
|
+
# @return [String]
|
2754
|
+
#
|
2755
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3BucketAclGrantConfiguration AWS API Documentation
|
2756
|
+
#
|
2757
|
+
class S3BucketAclGrantConfiguration < Struct.new(
|
2758
|
+
:grantee,
|
2759
|
+
:permission)
|
2760
|
+
SENSITIVE = []
|
2761
|
+
include Aws::Structure
|
2762
|
+
end
|
2763
|
+
|
2764
|
+
# Proposed access control configuration for an Amazon S3 bucket. You can
|
2765
|
+
# propose a configuration for a new Amazon S3 bucket or an existing
|
2766
|
+
# Amazon S3 bucket that you own by specifying the Amazon S3 bucket
|
2767
|
+
# policy, bucket ACLs, bucket BPA settings, and Amazon S3 access points
|
2768
|
+
# attached to the bucket. If the configuration is for an existing Amazon
|
2769
|
+
# S3 bucket and you do not specify the Amazon S3 bucket policy, the
|
2770
|
+
# access preview uses the existing policy attached to the bucket. If the
|
2771
|
+
# access preview is for a new resource and you do not specify the Amazon
|
2772
|
+
# S3 bucket policy, the access preview assumes a bucket without a
|
2773
|
+
# policy. To propose deletion of an existing bucket policy, you can
|
2774
|
+
# specify an empty string. For more information about bucket policy
|
2775
|
+
# limits, see [Bucket Policy Examples][1].
|
2776
|
+
#
|
2777
|
+
#
|
2778
|
+
#
|
2779
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
|
2780
|
+
#
|
2781
|
+
# @note When making an API call, you may pass S3BucketConfiguration
|
2782
|
+
# data as a hash:
|
2783
|
+
#
|
2784
|
+
# {
|
2785
|
+
# access_points: {
|
2786
|
+
# "AccessPointArn" => {
|
2787
|
+
# access_point_policy: "AccessPointPolicy",
|
2788
|
+
# network_origin: {
|
2789
|
+
# internet_configuration: {
|
2790
|
+
# },
|
2791
|
+
# vpc_configuration: {
|
2792
|
+
# vpc_id: "VpcId", # required
|
2793
|
+
# },
|
2794
|
+
# },
|
2795
|
+
# public_access_block: {
|
2796
|
+
# ignore_public_acls: false, # required
|
2797
|
+
# restrict_public_buckets: false, # required
|
2798
|
+
# },
|
2799
|
+
# },
|
2800
|
+
# },
|
2801
|
+
# bucket_acl_grants: [
|
2802
|
+
# {
|
2803
|
+
# grantee: { # required
|
2804
|
+
# id: "AclCanonicalId",
|
2805
|
+
# uri: "AclUri",
|
2806
|
+
# },
|
2807
|
+
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
2808
|
+
# },
|
2809
|
+
# ],
|
2810
|
+
# bucket_policy: "S3BucketPolicy",
|
2811
|
+
# bucket_public_access_block: {
|
2812
|
+
# ignore_public_acls: false, # required
|
2813
|
+
# restrict_public_buckets: false, # required
|
1114
2814
|
# },
|
1115
2815
|
# }
|
1116
2816
|
#
|
1117
|
-
# @!attribute [rw]
|
1118
|
-
# The
|
1119
|
-
# @return [String]
|
1120
|
-
#
|
1121
|
-
# @!attribute [rw] filter
|
1122
|
-
# A filter to match for the findings to return.
|
1123
|
-
# @return [Hash<String,Types::Criterion>]
|
2817
|
+
# @!attribute [rw] access_points
|
2818
|
+
# The configuration of Amazon S3 access points for the bucket.
|
2819
|
+
# @return [Hash<String,Types::S3AccessPointConfiguration>]
|
1124
2820
|
#
|
1125
|
-
# @!attribute [rw]
|
1126
|
-
# The
|
1127
|
-
#
|
2821
|
+
# @!attribute [rw] bucket_acl_grants
|
2822
|
+
# The proposed list of ACL grants for the Amazon S3 bucket. You can
|
2823
|
+
# propose up to 100 ACL grants per bucket. If the proposed grant
|
2824
|
+
# configuration is for an existing bucket, the access preview uses the
|
2825
|
+
# proposed list of grant configurations in place of the existing
|
2826
|
+
# grants. Otherwise, the access preview uses the existing grants for
|
2827
|
+
# the bucket.
|
2828
|
+
# @return [Array<Types::S3BucketAclGrantConfiguration>]
|
1128
2829
|
#
|
1129
|
-
# @!attribute [rw]
|
1130
|
-
#
|
2830
|
+
# @!attribute [rw] bucket_policy
|
2831
|
+
# The proposed bucket policy for the Amazon S3 bucket.
|
1131
2832
|
# @return [String]
|
1132
2833
|
#
|
1133
|
-
# @!attribute [rw]
|
1134
|
-
# The
|
1135
|
-
#
|
2834
|
+
# @!attribute [rw] bucket_public_access_block
|
2835
|
+
# The proposed block public access configuration for the Amazon S3
|
2836
|
+
# bucket.
|
2837
|
+
# @return [Types::S3PublicAccessBlockConfiguration]
|
1136
2838
|
#
|
1137
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/
|
2839
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3BucketConfiguration AWS API Documentation
|
1138
2840
|
#
|
1139
|
-
class
|
1140
|
-
:
|
1141
|
-
:
|
1142
|
-
:
|
1143
|
-
:
|
1144
|
-
:sort)
|
2841
|
+
class S3BucketConfiguration < Struct.new(
|
2842
|
+
:access_points,
|
2843
|
+
:bucket_acl_grants,
|
2844
|
+
:bucket_policy,
|
2845
|
+
:bucket_public_access_block)
|
1145
2846
|
SENSITIVE = []
|
1146
2847
|
include Aws::Structure
|
1147
2848
|
end
|
1148
2849
|
|
1149
|
-
# The
|
1150
|
-
#
|
1151
|
-
#
|
1152
|
-
#
|
1153
|
-
#
|
1154
|
-
#
|
2850
|
+
# The `PublicAccessBlock` configuration to apply to this Amazon S3
|
2851
|
+
# bucket. If the proposed configuration is for an existing Amazon S3
|
2852
|
+
# bucket and the configuration is not specified, the access preview uses
|
2853
|
+
# the existing setting. If the proposed configuration is for a new
|
2854
|
+
# bucket and the configuration is not specified, the access preview uses
|
2855
|
+
# `false`. If the proposed configuration is for a new access point and
|
2856
|
+
# the access point BPA configuration is not specified, the access
|
2857
|
+
# preview uses `true`. For more information, see
|
2858
|
+
# [PublicAccessBlockConfiguration][1].
|
1155
2859
|
#
|
1156
|
-
# @!attribute [rw] next_token
|
1157
|
-
# A token used for pagination of results returned.
|
1158
|
-
# @return [String]
|
1159
2860
|
#
|
1160
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindingsResponse AWS API Documentation
|
1161
2861
|
#
|
1162
|
-
|
1163
|
-
:findings,
|
1164
|
-
:next_token)
|
1165
|
-
SENSITIVE = []
|
1166
|
-
include Aws::Structure
|
1167
|
-
end
|
1168
|
-
|
1169
|
-
# Retrieves a list of tags applied to the specified resource.
|
2862
|
+
# [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html
|
1170
2863
|
#
|
1171
|
-
# @note When making an API call, you may pass
|
2864
|
+
# @note When making an API call, you may pass S3PublicAccessBlockConfiguration
|
1172
2865
|
# data as a hash:
|
1173
2866
|
#
|
1174
2867
|
# {
|
1175
|
-
#
|
2868
|
+
# ignore_public_acls: false, # required
|
2869
|
+
# restrict_public_buckets: false, # required
|
1176
2870
|
# }
|
1177
2871
|
#
|
1178
|
-
# @!attribute [rw]
|
1179
|
-
#
|
1180
|
-
#
|
2872
|
+
# @!attribute [rw] ignore_public_acls
|
2873
|
+
# Specifies whether Amazon S3 should ignore public ACLs for this
|
2874
|
+
# bucket and objects in this bucket.
|
2875
|
+
# @return [Boolean]
|
1181
2876
|
#
|
1182
|
-
#
|
2877
|
+
# @!attribute [rw] restrict_public_buckets
|
2878
|
+
# Specifies whether Amazon S3 should restrict public bucket policies
|
2879
|
+
# for this bucket.
|
2880
|
+
# @return [Boolean]
|
1183
2881
|
#
|
1184
|
-
|
1185
|
-
|
2882
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3PublicAccessBlockConfiguration AWS API Documentation
|
2883
|
+
#
|
2884
|
+
class S3PublicAccessBlockConfiguration < Struct.new(
|
2885
|
+
:ignore_public_acls,
|
2886
|
+
:restrict_public_buckets)
|
1186
2887
|
SENSITIVE = []
|
1187
2888
|
include Aws::Structure
|
1188
2889
|
end
|
1189
2890
|
|
1190
|
-
# The
|
2891
|
+
# The configuration for a Secrets Manager secret. For more information,
|
2892
|
+
# see [CreateSecret][1].
|
1191
2893
|
#
|
1192
|
-
#
|
1193
|
-
#
|
1194
|
-
#
|
2894
|
+
# You can propose a configuration for a new secret or an existing secret
|
2895
|
+
# that you own by specifying the secret policy and optional KMS
|
2896
|
+
# encryption key. If the configuration is for an existing secret and you
|
2897
|
+
# do not specify the secret policy, the access preview uses the existing
|
2898
|
+
# policy for the secret. If the access preview is for a new resource and
|
2899
|
+
# you do not specify the policy, the access preview assumes a secret
|
2900
|
+
# without a policy. To propose deletion of an existing policy, you can
|
2901
|
+
# specify an empty string. If the proposed configuration is for a new
|
2902
|
+
# secret and you do not specify the KMS key ID, the access preview uses
|
2903
|
+
# the default CMK of the AWS account. If you specify an empty string for
|
2904
|
+
# the KMS key ID, the access preview uses the default CMK of the AWS
|
2905
|
+
# account. For more information about secret policy limits, see [Quotas
|
2906
|
+
# for AWS Secrets Manager.][2].
|
1195
2907
|
#
|
1196
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListTagsForResourceResponse AWS API Documentation
|
1197
2908
|
#
|
1198
|
-
class ListTagsForResourceResponse < Struct.new(
|
1199
|
-
:tags)
|
1200
|
-
SENSITIVE = []
|
1201
|
-
include Aws::Structure
|
1202
|
-
end
|
1203
|
-
|
1204
|
-
# The specified resource could not be found.
|
1205
2909
|
#
|
1206
|
-
#
|
1207
|
-
#
|
2910
|
+
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html
|
2911
|
+
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html
|
1208
2912
|
#
|
1209
|
-
#
|
1210
|
-
#
|
2913
|
+
# @note When making an API call, you may pass SecretsManagerSecretConfiguration
|
2914
|
+
# data as a hash:
|
2915
|
+
#
|
2916
|
+
# {
|
2917
|
+
# kms_key_id: "SecretsManagerSecretKmsId",
|
2918
|
+
# secret_policy: "SecretsManagerSecretPolicy",
|
2919
|
+
# }
|
2920
|
+
#
|
2921
|
+
# @!attribute [rw] kms_key_id
|
2922
|
+
# The proposed ARN, key ID, or alias of the AWS KMS customer master
|
2923
|
+
# key (CMK).
|
1211
2924
|
# @return [String]
|
1212
2925
|
#
|
1213
|
-
# @!attribute [rw]
|
1214
|
-
# The
|
2926
|
+
# @!attribute [rw] secret_policy
|
2927
|
+
# The proposed resource policy defining who can access or manage the
|
2928
|
+
# secret.
|
1215
2929
|
# @return [String]
|
1216
2930
|
#
|
1217
|
-
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/
|
2931
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/SecretsManagerSecretConfiguration AWS API Documentation
|
1218
2932
|
#
|
1219
|
-
class
|
1220
|
-
:
|
1221
|
-
:
|
1222
|
-
:resource_type)
|
2933
|
+
class SecretsManagerSecretConfiguration < Struct.new(
|
2934
|
+
:kms_key_id,
|
2935
|
+
:secret_policy)
|
1223
2936
|
SENSITIVE = []
|
1224
2937
|
include Aws::Structure
|
1225
2938
|
end
|
@@ -1274,6 +2987,132 @@ module Aws::AccessAnalyzer
|
|
1274
2987
|
include Aws::Structure
|
1275
2988
|
end
|
1276
2989
|
|
2990
|
+
# A span in a policy. The span consists of a start position (inclusive)
|
2991
|
+
# and end position (exclusive).
|
2992
|
+
#
|
2993
|
+
# @!attribute [rw] end
|
2994
|
+
# The end position of the span (exclusive).
|
2995
|
+
# @return [Types::Position]
|
2996
|
+
#
|
2997
|
+
# @!attribute [rw] start
|
2998
|
+
# The start position of the span (inclusive).
|
2999
|
+
# @return [Types::Position]
|
3000
|
+
#
|
3001
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Span AWS API Documentation
|
3002
|
+
#
|
3003
|
+
class Span < Struct.new(
|
3004
|
+
:end,
|
3005
|
+
:start)
|
3006
|
+
SENSITIVE = []
|
3007
|
+
include Aws::Structure
|
3008
|
+
end
|
3009
|
+
|
3010
|
+
# The proposed access control configuration for an SQS queue. You can
|
3011
|
+
# propose a configuration for a new SQS queue or an existing SQS queue
|
3012
|
+
# that you own by specifying the SQS policy. If the configuration is for
|
3013
|
+
# an existing SQS queue and you do not specify the SQS policy, the
|
3014
|
+
# access preview uses the existing SQS policy for the queue. If the
|
3015
|
+
# access preview is for a new resource and you do not specify the
|
3016
|
+
# policy, the access preview assumes an SQS queue without a policy. To
|
3017
|
+
# propose deletion of an existing SQS queue policy, you can specify an
|
3018
|
+
# empty string for the SQS policy. For more information about SQS policy
|
3019
|
+
# limits, see [Quotas related to policies][1].
|
3020
|
+
#
|
3021
|
+
#
|
3022
|
+
#
|
3023
|
+
# [1]: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-policies.html
|
3024
|
+
#
|
3025
|
+
# @note When making an API call, you may pass SqsQueueConfiguration
|
3026
|
+
# data as a hash:
|
3027
|
+
#
|
3028
|
+
# {
|
3029
|
+
# queue_policy: "SqsQueuePolicy",
|
3030
|
+
# }
|
3031
|
+
#
|
3032
|
+
# @!attribute [rw] queue_policy
|
3033
|
+
# The proposed resource policy for the SQS queue.
|
3034
|
+
# @return [String]
|
3035
|
+
#
|
3036
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/SqsQueueConfiguration AWS API Documentation
|
3037
|
+
#
|
3038
|
+
class SqsQueueConfiguration < Struct.new(
|
3039
|
+
:queue_policy)
|
3040
|
+
SENSITIVE = []
|
3041
|
+
include Aws::Structure
|
3042
|
+
end
|
3043
|
+
|
3044
|
+
# @note When making an API call, you may pass StartPolicyGenerationRequest
|
3045
|
+
# data as a hash:
|
3046
|
+
#
|
3047
|
+
# {
|
3048
|
+
# client_token: "String",
|
3049
|
+
# cloud_trail_details: {
|
3050
|
+
# access_role: "RoleArn", # required
|
3051
|
+
# end_time: Time.now,
|
3052
|
+
# start_time: Time.now, # required
|
3053
|
+
# trails: [ # required
|
3054
|
+
# {
|
3055
|
+
# all_regions: false,
|
3056
|
+
# cloud_trail_arn: "CloudTrailArn", # required
|
3057
|
+
# regions: ["String"],
|
3058
|
+
# },
|
3059
|
+
# ],
|
3060
|
+
# },
|
3061
|
+
# policy_generation_details: { # required
|
3062
|
+
# principal_arn: "PrincipalArn", # required
|
3063
|
+
# },
|
3064
|
+
# }
|
3065
|
+
#
|
3066
|
+
# @!attribute [rw] client_token
|
3067
|
+
# A unique, case-sensitive identifier that you provide to ensure the
|
3068
|
+
# idempotency of the request. Idempotency ensures that an API request
|
3069
|
+
# completes only once. With an idempotent request, if the original
|
3070
|
+
# request completes successfully, the subsequent retries with the same
|
3071
|
+
# client token return the result from the original successful request
|
3072
|
+
# and they have no additional effect.
|
3073
|
+
#
|
3074
|
+
# If you do not specify a client token, one is automatically generated
|
3075
|
+
# by the AWS SDK.
|
3076
|
+
#
|
3077
|
+
# **A suitable default value is auto-generated.** You should normally
|
3078
|
+
# not need to pass this option.
|
3079
|
+
# @return [String]
|
3080
|
+
#
|
3081
|
+
# @!attribute [rw] cloud_trail_details
|
3082
|
+
# A `CloudTrailDetails` object that contains details about a `Trail`
|
3083
|
+
# that you want to analyze to generate policies.
|
3084
|
+
# @return [Types::CloudTrailDetails]
|
3085
|
+
#
|
3086
|
+
# @!attribute [rw] policy_generation_details
|
3087
|
+
# Contains the ARN of the IAM entity (user or role) for which you are
|
3088
|
+
# generating a policy.
|
3089
|
+
# @return [Types::PolicyGenerationDetails]
|
3090
|
+
#
|
3091
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartPolicyGenerationRequest AWS API Documentation
|
3092
|
+
#
|
3093
|
+
class StartPolicyGenerationRequest < Struct.new(
|
3094
|
+
:client_token,
|
3095
|
+
:cloud_trail_details,
|
3096
|
+
:policy_generation_details)
|
3097
|
+
SENSITIVE = []
|
3098
|
+
include Aws::Structure
|
3099
|
+
end
|
3100
|
+
|
3101
|
+
# @!attribute [rw] job_id
|
3102
|
+
# The `JobId` that is returned by the `StartPolicyGeneration`
|
3103
|
+
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
3104
|
+
# retrieve the generated policies or used with
|
3105
|
+
# `CancelPolicyGeneration` to cancel the policy generation request.
|
3106
|
+
# @return [String]
|
3107
|
+
#
|
3108
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartPolicyGenerationResponse AWS API Documentation
|
3109
|
+
#
|
3110
|
+
class StartPolicyGenerationResponse < Struct.new(
|
3111
|
+
:job_id)
|
3112
|
+
SENSITIVE = []
|
3113
|
+
include Aws::Structure
|
3114
|
+
end
|
3115
|
+
|
1277
3116
|
# Starts a scan of the policies applied to the specified resource.
|
1278
3117
|
#
|
1279
3118
|
# @note When making an API call, you may pass StartResourceScanRequest
|
@@ -1285,8 +3124,12 @@ module Aws::AccessAnalyzer
|
|
1285
3124
|
# }
|
1286
3125
|
#
|
1287
3126
|
# @!attribute [rw] analyzer_arn
|
1288
|
-
# The ARN of the analyzer to use to scan the policies applied to
|
1289
|
-
# specified resource.
|
3127
|
+
# The [ARN of the analyzer][1] to use to scan the policies applied to
|
3128
|
+
# the specified resource.
|
3129
|
+
#
|
3130
|
+
#
|
3131
|
+
#
|
3132
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1290
3133
|
# @return [String]
|
1291
3134
|
#
|
1292
3135
|
# @!attribute [rw] resource_arn
|
@@ -1304,7 +3147,7 @@ module Aws::AccessAnalyzer
|
|
1304
3147
|
|
1305
3148
|
# Provides more details about the current status of the analyzer. For
|
1306
3149
|
# example, if the creation for the analyzer fails, a `Failed` status is
|
1307
|
-
#
|
3150
|
+
# returned. For an analyzer with organization as the type, this failure
|
1308
3151
|
# can be due to an issue with creating the service-linked roles required
|
1309
3152
|
# in the member accounts of the AWS organization.
|
1310
3153
|
#
|
@@ -1320,6 +3163,25 @@ module Aws::AccessAnalyzer
|
|
1320
3163
|
include Aws::Structure
|
1321
3164
|
end
|
1322
3165
|
|
3166
|
+
# A reference to a substring of a literal string in a JSON document.
|
3167
|
+
#
|
3168
|
+
# @!attribute [rw] length
|
3169
|
+
# The length of the substring.
|
3170
|
+
# @return [Integer]
|
3171
|
+
#
|
3172
|
+
# @!attribute [rw] start
|
3173
|
+
# The start index of the substring, starting from 0.
|
3174
|
+
# @return [Integer]
|
3175
|
+
#
|
3176
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Substring AWS API Documentation
|
3177
|
+
#
|
3178
|
+
class Substring < Struct.new(
|
3179
|
+
:length,
|
3180
|
+
:start)
|
3181
|
+
SENSITIVE = []
|
3182
|
+
include Aws::Structure
|
3183
|
+
end
|
3184
|
+
|
1323
3185
|
# Adds a tag to the specified resource.
|
1324
3186
|
#
|
1325
3187
|
# @note When making an API call, you may pass TagResourceRequest
|
@@ -1373,6 +3235,73 @@ module Aws::AccessAnalyzer
|
|
1373
3235
|
include Aws::Structure
|
1374
3236
|
end
|
1375
3237
|
|
3238
|
+
# Contains details about the CloudTrail trail being analyzed to generate
|
3239
|
+
# a policy.
|
3240
|
+
#
|
3241
|
+
# @note When making an API call, you may pass Trail
|
3242
|
+
# data as a hash:
|
3243
|
+
#
|
3244
|
+
# {
|
3245
|
+
# all_regions: false,
|
3246
|
+
# cloud_trail_arn: "CloudTrailArn", # required
|
3247
|
+
# regions: ["String"],
|
3248
|
+
# }
|
3249
|
+
#
|
3250
|
+
# @!attribute [rw] all_regions
|
3251
|
+
# Possible values are `true` or `false`. If set to `true`, Access
|
3252
|
+
# Analyzer retrieves CloudTrail data from all regions to analyze and
|
3253
|
+
# generate a policy.
|
3254
|
+
# @return [Boolean]
|
3255
|
+
#
|
3256
|
+
# @!attribute [rw] cloud_trail_arn
|
3257
|
+
# Specifies the ARN of the trail. The format of a trail ARN is
|
3258
|
+
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
|
3259
|
+
# @return [String]
|
3260
|
+
#
|
3261
|
+
# @!attribute [rw] regions
|
3262
|
+
# A list of regions to get CloudTrail data from and analyze to
|
3263
|
+
# generate a policy.
|
3264
|
+
# @return [Array<String>]
|
3265
|
+
#
|
3266
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Trail AWS API Documentation
|
3267
|
+
#
|
3268
|
+
class Trail < Struct.new(
|
3269
|
+
:all_regions,
|
3270
|
+
:cloud_trail_arn,
|
3271
|
+
:regions)
|
3272
|
+
SENSITIVE = []
|
3273
|
+
include Aws::Structure
|
3274
|
+
end
|
3275
|
+
|
3276
|
+
# Contains details about the CloudTrail trail being analyzed to generate
|
3277
|
+
# a policy.
|
3278
|
+
#
|
3279
|
+
# @!attribute [rw] all_regions
|
3280
|
+
# Possible values are `true` or `false`. If set to `true`, Access
|
3281
|
+
# Analyzer retrieves CloudTrail data from all regions to analyze and
|
3282
|
+
# generate a policy.
|
3283
|
+
# @return [Boolean]
|
3284
|
+
#
|
3285
|
+
# @!attribute [rw] cloud_trail_arn
|
3286
|
+
# Specifies the ARN of the trail. The format of a trail ARN is
|
3287
|
+
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
|
3288
|
+
# @return [String]
|
3289
|
+
#
|
3290
|
+
# @!attribute [rw] regions
|
3291
|
+
# A list of regions to get CloudTrail data from and analyze to
|
3292
|
+
# generate a policy.
|
3293
|
+
# @return [Array<String>]
|
3294
|
+
#
|
3295
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/TrailProperties AWS API Documentation
|
3296
|
+
#
|
3297
|
+
class TrailProperties < Struct.new(
|
3298
|
+
:all_regions,
|
3299
|
+
:cloud_trail_arn,
|
3300
|
+
:regions)
|
3301
|
+
SENSITIVE = []
|
3302
|
+
include Aws::Structure
|
3303
|
+
end
|
3304
|
+
|
1376
3305
|
# Removes a tag from the specified resource.
|
1377
3306
|
#
|
1378
3307
|
# @note When making an API call, you may pass UntagResourceRequest
|
@@ -1470,7 +3399,11 @@ module Aws::AccessAnalyzer
|
|
1470
3399
|
# }
|
1471
3400
|
#
|
1472
3401
|
# @!attribute [rw] analyzer_arn
|
1473
|
-
# The ARN of the analyzer that generated the findings to update.
|
3402
|
+
# The [ARN of the analyzer][1] that generated the findings to update.
|
3403
|
+
#
|
3404
|
+
#
|
3405
|
+
#
|
3406
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1474
3407
|
# @return [String]
|
1475
3408
|
#
|
1476
3409
|
# @!attribute [rw] client_token
|
@@ -1507,6 +3440,127 @@ module Aws::AccessAnalyzer
|
|
1507
3440
|
include Aws::Structure
|
1508
3441
|
end
|
1509
3442
|
|
3443
|
+
# A finding in a policy. Each finding is an actionable recommendation
|
3444
|
+
# that can be used to improve the policy.
|
3445
|
+
#
|
3446
|
+
# @!attribute [rw] finding_details
|
3447
|
+
# A localized message that explains the finding and provides guidance
|
3448
|
+
# on how to address it.
|
3449
|
+
# @return [String]
|
3450
|
+
#
|
3451
|
+
# @!attribute [rw] finding_type
|
3452
|
+
# The impact of the finding.
|
3453
|
+
#
|
3454
|
+
# Security warnings report when the policy allows access that we
|
3455
|
+
# consider overly permissive.
|
3456
|
+
#
|
3457
|
+
# Errors report when a part of the policy is not functional.
|
3458
|
+
#
|
3459
|
+
# Warnings report non-security issues when a policy does not conform
|
3460
|
+
# to policy writing best practices.
|
3461
|
+
#
|
3462
|
+
# Suggestions recommend stylistic improvements in the policy that do
|
3463
|
+
# not impact access.
|
3464
|
+
# @return [String]
|
3465
|
+
#
|
3466
|
+
# @!attribute [rw] issue_code
|
3467
|
+
# The issue code provides an identifier of the issue associated with
|
3468
|
+
# this finding.
|
3469
|
+
# @return [String]
|
3470
|
+
#
|
3471
|
+
# @!attribute [rw] learn_more_link
|
3472
|
+
# A link to additional documentation about the type of finding.
|
3473
|
+
# @return [String]
|
3474
|
+
#
|
3475
|
+
# @!attribute [rw] locations
|
3476
|
+
# The list of locations in the policy document that are related to the
|
3477
|
+
# finding. The issue code provides a summary of an issue identified by
|
3478
|
+
# the finding.
|
3479
|
+
# @return [Array<Types::Location>]
|
3480
|
+
#
|
3481
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyFinding AWS API Documentation
|
3482
|
+
#
|
3483
|
+
class ValidatePolicyFinding < Struct.new(
|
3484
|
+
:finding_details,
|
3485
|
+
:finding_type,
|
3486
|
+
:issue_code,
|
3487
|
+
:learn_more_link,
|
3488
|
+
:locations)
|
3489
|
+
SENSITIVE = []
|
3490
|
+
include Aws::Structure
|
3491
|
+
end
|
3492
|
+
|
3493
|
+
# @note When making an API call, you may pass ValidatePolicyRequest
|
3494
|
+
# data as a hash:
|
3495
|
+
#
|
3496
|
+
# {
|
3497
|
+
# locale: "DE", # accepts DE, EN, ES, FR, IT, JA, KO, PT_BR, ZH_CN, ZH_TW
|
3498
|
+
# max_results: 1,
|
3499
|
+
# next_token: "Token",
|
3500
|
+
# policy_document: "PolicyDocument", # required
|
3501
|
+
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
|
3502
|
+
# }
|
3503
|
+
#
|
3504
|
+
# @!attribute [rw] locale
|
3505
|
+
# The locale to use for localizing the findings.
|
3506
|
+
# @return [String]
|
3507
|
+
#
|
3508
|
+
# @!attribute [rw] max_results
|
3509
|
+
# The maximum number of results to return in the response.
|
3510
|
+
# @return [Integer]
|
3511
|
+
#
|
3512
|
+
# @!attribute [rw] next_token
|
3513
|
+
# A token used for pagination of results returned.
|
3514
|
+
# @return [String]
|
3515
|
+
#
|
3516
|
+
# @!attribute [rw] policy_document
|
3517
|
+
# The JSON policy document to use as the content for the policy.
|
3518
|
+
# @return [String]
|
3519
|
+
#
|
3520
|
+
# @!attribute [rw] policy_type
|
3521
|
+
# The type of policy to validate. Identity policies grant permissions
|
3522
|
+
# to IAM principals. Identity policies include managed and inline
|
3523
|
+
# policies for IAM roles, users, and groups. They also include
|
3524
|
+
# service-control policies (SCPs) that are attached to an AWS
|
3525
|
+
# organization, organizational unit (OU), or an account.
|
3526
|
+
#
|
3527
|
+
# Resource policies grant permissions on AWS resources. Resource
|
3528
|
+
# policies include trust policies for IAM roles and bucket policies
|
3529
|
+
# for S3 buckets. You can provide a generic input such as identity
|
3530
|
+
# policy or resource policy or a specific input such as managed policy
|
3531
|
+
# or S3 bucket policy.
|
3532
|
+
# @return [String]
|
3533
|
+
#
|
3534
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyRequest AWS API Documentation
|
3535
|
+
#
|
3536
|
+
class ValidatePolicyRequest < Struct.new(
|
3537
|
+
:locale,
|
3538
|
+
:max_results,
|
3539
|
+
:next_token,
|
3540
|
+
:policy_document,
|
3541
|
+
:policy_type)
|
3542
|
+
SENSITIVE = []
|
3543
|
+
include Aws::Structure
|
3544
|
+
end
|
3545
|
+
|
3546
|
+
# @!attribute [rw] findings
|
3547
|
+
# The list of findings in a policy returned by Access Analyzer based
|
3548
|
+
# on its suite of policy checks.
|
3549
|
+
# @return [Array<Types::ValidatePolicyFinding>]
|
3550
|
+
#
|
3551
|
+
# @!attribute [rw] next_token
|
3552
|
+
# A token used for pagination of results returned.
|
3553
|
+
# @return [String]
|
3554
|
+
#
|
3555
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyResponse AWS API Documentation
|
3556
|
+
#
|
3557
|
+
class ValidatePolicyResponse < Struct.new(
|
3558
|
+
:findings,
|
3559
|
+
:next_token)
|
3560
|
+
SENSITIVE = []
|
3561
|
+
include Aws::Structure
|
3562
|
+
end
|
3563
|
+
|
1510
3564
|
# Validation exception error.
|
1511
3565
|
#
|
1512
3566
|
# @!attribute [rw] field_list
|
@@ -1549,5 +3603,32 @@ module Aws::AccessAnalyzer
|
|
1549
3603
|
include Aws::Structure
|
1550
3604
|
end
|
1551
3605
|
|
3606
|
+
# The proposed virtual private cloud (VPC) configuration for the Amazon
|
3607
|
+
# S3 access point. For more information, see [VpcConfiguration][1].
|
3608
|
+
#
|
3609
|
+
#
|
3610
|
+
#
|
3611
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html
|
3612
|
+
#
|
3613
|
+
# @note When making an API call, you may pass VpcConfiguration
|
3614
|
+
# data as a hash:
|
3615
|
+
#
|
3616
|
+
# {
|
3617
|
+
# vpc_id: "VpcId", # required
|
3618
|
+
# }
|
3619
|
+
#
|
3620
|
+
# @!attribute [rw] vpc_id
|
3621
|
+
# If this field is specified, this access point will only allow
|
3622
|
+
# connections from the specified VPC ID.
|
3623
|
+
# @return [String]
|
3624
|
+
#
|
3625
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/VpcConfiguration AWS API Documentation
|
3626
|
+
#
|
3627
|
+
class VpcConfiguration < Struct.new(
|
3628
|
+
:vpc_id)
|
3629
|
+
SENSITIVE = []
|
3630
|
+
include Aws::Structure
|
3631
|
+
end
|
3632
|
+
|
1552
3633
|
end
|
1553
3634
|
end
|