aws-sdk-accessanalyzer 1.17.0 → 1.18.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 75d4ae2126d3bf122d544503de18a17f871a2666404e235a567985b2f452c7e5
4
- data.tar.gz: 506198bc86380de22d739c6c4e2fdaedcb476f53ff0ec9070d6deb450ea63e4e
3
+ metadata.gz: 29ab0a18e5c2de22ef07a1640e09a6a252a2c3f4f360f84f9203644eb07ee9af
4
+ data.tar.gz: c89e9bbefa4e981c75ddd2d5888763b15900f4edcf8fe48f4c5615cc98245ca6
5
5
  SHA512:
6
- metadata.gz: 0eeb8e2a480ed6556309961100161f87704a2460a0e832d8690419a35281c15ef5eda2c3be2b006c34d99c5c32483c5e66538d500fb518e1e2b2e9b7fce9d5bb
7
- data.tar.gz: 8832de6d01bfbd024ecf0b938ac9b2edd123fe04efced510f7a2016515be463bb60b74cc037a1b7b01951c442ee92a55df795b6e1f024a244d62c658a79b467c
6
+ metadata.gz: 69c525366ecdfa4c6832019200494e1eb4232cda4a5d1a9da77d0b855a2111a38b0de1111a2347f230826c3749ae55fdc27721b17e7909032949ea8994fcd026
7
+ data.tar.gz: 8337deadabd6b7472eb9efe02eff85dc9c207896374c320626043b381b88f52ade18fbc145444781e63773c777fbcdb7d3c34681dc57b214c5333bf598d34725
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.18.0 (2021-03-16)
5
+ ------------------
6
+
7
+ * Feature - This release adds support for the ValidatePolicy API. IAM Access Analyzer is adding over 100 policy checks and actionable recommendations that help you validate your policies during authoring.
8
+
4
9
  1.17.0 (2021-03-10)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.17.0
1
+ 1.18.0
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-accessanalyzer/customizations'
48
48
  # @!group service
49
49
  module Aws::AccessAnalyzer
50
50
 
51
- GEM_VERSION = '1.17.0'
51
+ GEM_VERSION = '1.18.0'
52
52
 
53
53
  end
@@ -547,6 +547,13 @@ module Aws::AccessAnalyzer
547
547
  # automatically archive new findings that meet the criteria you define
548
548
  # when you create the rule.
549
549
  #
550
+ # To learn about filter keys that you can use to create an archive rule,
551
+ # see [Access Analyzer filter keys][1] in the **IAM User Guide**.
552
+ #
553
+ #
554
+ #
555
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
556
+ #
550
557
  # @option params [required, String] :analyzer_name
551
558
  # The name of the created analyzer.
552
559
  #
@@ -1492,6 +1499,84 @@ module Aws::AccessAnalyzer
1492
1499
  req.send_request(options)
1493
1500
  end
1494
1501
 
1502
+ # Requests the validation of a policy and returns a list of findings.
1503
+ # The findings help you identify issues and provide actionable
1504
+ # recommendations to resolve the issue and enable you to author
1505
+ # functional policies that meet security best practices.
1506
+ #
1507
+ # @option params [String] :locale
1508
+ # The locale to use for localizing the findings.
1509
+ #
1510
+ # @option params [Integer] :max_results
1511
+ # The maximum number of results to return in the response.
1512
+ #
1513
+ # @option params [String] :next_token
1514
+ # A token used for pagination of results returned.
1515
+ #
1516
+ # @option params [required, String] :policy_document
1517
+ # The JSON policy document to use as the content for the policy.
1518
+ #
1519
+ # @option params [required, String] :policy_type
1520
+ # The type of policy to validate. Identity policies grant permissions to
1521
+ # IAM principals. Identity policies include managed and inline policies
1522
+ # for IAM roles, users, and groups. They also include service-control
1523
+ # policies (SCPs) that are attached to an AWS organization,
1524
+ # organizational unit (OU), or an account.
1525
+ #
1526
+ # Resource policies grant permissions on AWS resources. Resource
1527
+ # policies include trust policies for IAM roles and bucket policies for
1528
+ # S3 buckets. You can provide a generic input such as identity policy or
1529
+ # resource policy or a specific input such as managed policy or S3
1530
+ # bucket policy.
1531
+ #
1532
+ # @return [Types::ValidatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1533
+ #
1534
+ # * {Types::ValidatePolicyResponse#findings #findings} => Array<Types::ValidatePolicyFinding>
1535
+ # * {Types::ValidatePolicyResponse#next_token #next_token} => String
1536
+ #
1537
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1538
+ #
1539
+ # @example Request syntax with placeholder values
1540
+ #
1541
+ # resp = client.validate_policy({
1542
+ # locale: "DE", # accepts DE, EN, ES, FR, IT, JA, KO, PT_BR, ZH_CN, ZH_TW
1543
+ # max_results: 1,
1544
+ # next_token: "Token",
1545
+ # policy_document: "PolicyDocument", # required
1546
+ # policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
1547
+ # })
1548
+ #
1549
+ # @example Response structure
1550
+ #
1551
+ # resp.findings #=> Array
1552
+ # resp.findings[0].finding_details #=> String
1553
+ # resp.findings[0].finding_type #=> String, one of "ERROR", "SECURITY_WARNING", "SUGGESTION", "WARNING"
1554
+ # resp.findings[0].issue_code #=> String
1555
+ # resp.findings[0].learn_more_link #=> String
1556
+ # resp.findings[0].locations #=> Array
1557
+ # resp.findings[0].locations[0].path #=> Array
1558
+ # resp.findings[0].locations[0].path[0].index #=> Integer
1559
+ # resp.findings[0].locations[0].path[0].key #=> String
1560
+ # resp.findings[0].locations[0].path[0].substring.length #=> Integer
1561
+ # resp.findings[0].locations[0].path[0].substring.start #=> Integer
1562
+ # resp.findings[0].locations[0].path[0].value #=> String
1563
+ # resp.findings[0].locations[0].span.end.column #=> Integer
1564
+ # resp.findings[0].locations[0].span.end.line #=> Integer
1565
+ # resp.findings[0].locations[0].span.end.offset #=> Integer
1566
+ # resp.findings[0].locations[0].span.start.column #=> Integer
1567
+ # resp.findings[0].locations[0].span.start.line #=> Integer
1568
+ # resp.findings[0].locations[0].span.start.offset #=> Integer
1569
+ # resp.next_token #=> String
1570
+ #
1571
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicy AWS API Documentation
1572
+ #
1573
+ # @overload validate_policy(params = {})
1574
+ # @param [Hash] params ({})
1575
+ def validate_policy(params = {}, options = {})
1576
+ req = build_request(:validate_policy, params)
1577
+ req.send_request(options)
1578
+ end
1579
+
1495
1580
  # @!endgroup
1496
1581
 
1497
1582
  # @param params ({})
@@ -1505,7 +1590,7 @@ module Aws::AccessAnalyzer
1505
1590
  params: params,
1506
1591
  config: config)
1507
1592
  context[:gem_name] = 'aws-sdk-accessanalyzer'
1508
- context[:gem_version] = '1.17.0'
1593
+ context[:gem_version] = '1.18.0'
1509
1594
  Seahorse::Client::Request.new(handlers, context)
1510
1595
  end
1511
1596
 
@@ -86,6 +86,7 @@ module Aws::AccessAnalyzer
86
86
  Integer = Shapes::IntegerShape.new(name: 'Integer')
87
87
  InternalServerException = Shapes::StructureShape.new(name: 'InternalServerException')
88
88
  InternetConfiguration = Shapes::StructureShape.new(name: 'InternetConfiguration')
89
+ IssueCode = Shapes::StringShape.new(name: 'IssueCode')
89
90
  IssuingAccount = Shapes::StringShape.new(name: 'IssuingAccount')
90
91
  KmsConstraintsKey = Shapes::StringShape.new(name: 'KmsConstraintsKey')
91
92
  KmsConstraintsMap = Shapes::MapShape.new(name: 'KmsConstraintsMap')
@@ -98,6 +99,7 @@ module Aws::AccessAnalyzer
98
99
  KmsKeyConfiguration = Shapes::StructureShape.new(name: 'KmsKeyConfiguration')
99
100
  KmsKeyPoliciesMap = Shapes::MapShape.new(name: 'KmsKeyPoliciesMap')
100
101
  KmsKeyPolicy = Shapes::StringShape.new(name: 'KmsKeyPolicy')
102
+ LearnMoreLink = Shapes::StringShape.new(name: 'LearnMoreLink')
101
103
  ListAccessPreviewFindingsRequest = Shapes::StructureShape.new(name: 'ListAccessPreviewFindingsRequest')
102
104
  ListAccessPreviewFindingsResponse = Shapes::StructureShape.new(name: 'ListAccessPreviewFindingsResponse')
103
105
  ListAccessPreviewsRequest = Shapes::StructureShape.new(name: 'ListAccessPreviewsRequest')
@@ -112,10 +114,18 @@ module Aws::AccessAnalyzer
112
114
  ListFindingsResponse = Shapes::StructureShape.new(name: 'ListFindingsResponse')
113
115
  ListTagsForResourceRequest = Shapes::StructureShape.new(name: 'ListTagsForResourceRequest')
114
116
  ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
117
+ Locale = Shapes::StringShape.new(name: 'Locale')
118
+ Location = Shapes::StructureShape.new(name: 'Location')
119
+ LocationList = Shapes::ListShape.new(name: 'LocationList')
115
120
  Name = Shapes::StringShape.new(name: 'Name')
116
121
  NetworkOriginConfiguration = Shapes::StructureShape.new(name: 'NetworkOriginConfiguration')
117
122
  OrderBy = Shapes::StringShape.new(name: 'OrderBy')
123
+ PathElement = Shapes::StructureShape.new(name: 'PathElement')
124
+ PathElementList = Shapes::ListShape.new(name: 'PathElementList')
125
+ PolicyDocument = Shapes::StringShape.new(name: 'PolicyDocument')
118
126
  PolicyName = Shapes::StringShape.new(name: 'PolicyName')
127
+ PolicyType = Shapes::StringShape.new(name: 'PolicyType')
128
+ Position = Shapes::StructureShape.new(name: 'Position')
119
129
  PrincipalMap = Shapes::MapShape.new(name: 'PrincipalMap')
120
130
  ReasonCode = Shapes::StringShape.new(name: 'ReasonCode')
121
131
  ResourceArn = Shapes::StringShape.new(name: 'ResourceArn')
@@ -135,11 +145,13 @@ module Aws::AccessAnalyzer
135
145
  ServiceQuotaExceededException = Shapes::StructureShape.new(name: 'ServiceQuotaExceededException')
136
146
  SharedViaList = Shapes::ListShape.new(name: 'SharedViaList')
137
147
  SortCriteria = Shapes::StructureShape.new(name: 'SortCriteria')
148
+ Span = Shapes::StructureShape.new(name: 'Span')
138
149
  SqsQueueConfiguration = Shapes::StructureShape.new(name: 'SqsQueueConfiguration')
139
150
  SqsQueuePolicy = Shapes::StringShape.new(name: 'SqsQueuePolicy')
140
151
  StartResourceScanRequest = Shapes::StructureShape.new(name: 'StartResourceScanRequest')
141
152
  StatusReason = Shapes::StructureShape.new(name: 'StatusReason')
142
153
  String = Shapes::StringShape.new(name: 'String')
154
+ Substring = Shapes::StructureShape.new(name: 'Substring')
143
155
  TagKeys = Shapes::ListShape.new(name: 'TagKeys')
144
156
  TagResourceRequest = Shapes::StructureShape.new(name: 'TagResourceRequest')
145
157
  TagResourceResponse = Shapes::StructureShape.new(name: 'TagResourceResponse')
@@ -152,6 +164,11 @@ module Aws::AccessAnalyzer
152
164
  UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
153
165
  UpdateArchiveRuleRequest = Shapes::StructureShape.new(name: 'UpdateArchiveRuleRequest')
154
166
  UpdateFindingsRequest = Shapes::StructureShape.new(name: 'UpdateFindingsRequest')
167
+ ValidatePolicyFinding = Shapes::StructureShape.new(name: 'ValidatePolicyFinding')
168
+ ValidatePolicyFindingList = Shapes::ListShape.new(name: 'ValidatePolicyFindingList')
169
+ ValidatePolicyFindingType = Shapes::StringShape.new(name: 'ValidatePolicyFindingType')
170
+ ValidatePolicyRequest = Shapes::StructureShape.new(name: 'ValidatePolicyRequest')
171
+ ValidatePolicyResponse = Shapes::StructureShape.new(name: 'ValidatePolicyResponse')
155
172
  ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
156
173
  ValidationExceptionField = Shapes::StructureShape.new(name: 'ValidationExceptionField')
157
174
  ValidationExceptionFieldList = Shapes::ListShape.new(name: 'ValidationExceptionFieldList')
@@ -498,10 +515,29 @@ module Aws::AccessAnalyzer
498
515
  ListTagsForResourceResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagsMap, location_name: "tags"))
499
516
  ListTagsForResourceResponse.struct_class = Types::ListTagsForResourceResponse
500
517
 
518
+ Location.add_member(:path, Shapes::ShapeRef.new(shape: PathElementList, required: true, location_name: "path"))
519
+ Location.add_member(:span, Shapes::ShapeRef.new(shape: Span, required: true, location_name: "span"))
520
+ Location.struct_class = Types::Location
521
+
522
+ LocationList.member = Shapes::ShapeRef.new(shape: Location)
523
+
501
524
  NetworkOriginConfiguration.add_member(:internet_configuration, Shapes::ShapeRef.new(shape: InternetConfiguration, location_name: "internetConfiguration"))
502
525
  NetworkOriginConfiguration.add_member(:vpc_configuration, Shapes::ShapeRef.new(shape: VpcConfiguration, location_name: "vpcConfiguration"))
503
526
  NetworkOriginConfiguration.struct_class = Types::NetworkOriginConfiguration
504
527
 
528
+ PathElement.add_member(:index, Shapes::ShapeRef.new(shape: Integer, location_name: "index"))
529
+ PathElement.add_member(:key, Shapes::ShapeRef.new(shape: String, location_name: "key"))
530
+ PathElement.add_member(:substring, Shapes::ShapeRef.new(shape: Substring, location_name: "substring"))
531
+ PathElement.add_member(:value, Shapes::ShapeRef.new(shape: String, location_name: "value"))
532
+ PathElement.struct_class = Types::PathElement
533
+
534
+ PathElementList.member = Shapes::ShapeRef.new(shape: PathElement)
535
+
536
+ Position.add_member(:column, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "column"))
537
+ Position.add_member(:line, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "line"))
538
+ Position.add_member(:offset, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "offset"))
539
+ Position.struct_class = Types::Position
540
+
505
541
  PrincipalMap.key = Shapes::ShapeRef.new(shape: String)
506
542
  PrincipalMap.value = Shapes::ShapeRef.new(shape: String)
507
543
 
@@ -549,6 +585,10 @@ module Aws::AccessAnalyzer
549
585
  SortCriteria.add_member(:order_by, Shapes::ShapeRef.new(shape: OrderBy, location_name: "orderBy"))
550
586
  SortCriteria.struct_class = Types::SortCriteria
551
587
 
588
+ Span.add_member(:end, Shapes::ShapeRef.new(shape: Position, required: true, location_name: "end"))
589
+ Span.add_member(:start, Shapes::ShapeRef.new(shape: Position, required: true, location_name: "start"))
590
+ Span.struct_class = Types::Span
591
+
552
592
  SqsQueueConfiguration.add_member(:queue_policy, Shapes::ShapeRef.new(shape: SqsQueuePolicy, location_name: "queuePolicy"))
553
593
  SqsQueueConfiguration.struct_class = Types::SqsQueueConfiguration
554
594
 
@@ -559,6 +599,10 @@ module Aws::AccessAnalyzer
559
599
  StatusReason.add_member(:code, Shapes::ShapeRef.new(shape: ReasonCode, required: true, location_name: "code"))
560
600
  StatusReason.struct_class = Types::StatusReason
561
601
 
602
+ Substring.add_member(:length, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "length"))
603
+ Substring.add_member(:start, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "start"))
604
+ Substring.struct_class = Types::Substring
605
+
562
606
  TagKeys.member = Shapes::ShapeRef.new(shape: String)
563
607
 
564
608
  TagResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "resourceArn"))
@@ -593,6 +637,26 @@ module Aws::AccessAnalyzer
593
637
  UpdateFindingsRequest.add_member(:status, Shapes::ShapeRef.new(shape: FindingStatusUpdate, required: true, location_name: "status"))
594
638
  UpdateFindingsRequest.struct_class = Types::UpdateFindingsRequest
595
639
 
640
+ ValidatePolicyFinding.add_member(:finding_details, Shapes::ShapeRef.new(shape: String, required: true, location_name: "findingDetails"))
641
+ ValidatePolicyFinding.add_member(:finding_type, Shapes::ShapeRef.new(shape: ValidatePolicyFindingType, required: true, location_name: "findingType"))
642
+ ValidatePolicyFinding.add_member(:issue_code, Shapes::ShapeRef.new(shape: IssueCode, required: true, location_name: "issueCode"))
643
+ ValidatePolicyFinding.add_member(:learn_more_link, Shapes::ShapeRef.new(shape: LearnMoreLink, required: true, location_name: "learnMoreLink"))
644
+ ValidatePolicyFinding.add_member(:locations, Shapes::ShapeRef.new(shape: LocationList, required: true, location_name: "locations"))
645
+ ValidatePolicyFinding.struct_class = Types::ValidatePolicyFinding
646
+
647
+ ValidatePolicyFindingList.member = Shapes::ShapeRef.new(shape: ValidatePolicyFinding)
648
+
649
+ ValidatePolicyRequest.add_member(:locale, Shapes::ShapeRef.new(shape: Locale, location_name: "locale"))
650
+ ValidatePolicyRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: Integer, location: "querystring", location_name: "maxResults"))
651
+ ValidatePolicyRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location: "querystring", location_name: "nextToken"))
652
+ ValidatePolicyRequest.add_member(:policy_document, Shapes::ShapeRef.new(shape: PolicyDocument, required: true, location_name: "policyDocument"))
653
+ ValidatePolicyRequest.add_member(:policy_type, Shapes::ShapeRef.new(shape: PolicyType, required: true, location_name: "policyType"))
654
+ ValidatePolicyRequest.struct_class = Types::ValidatePolicyRequest
655
+
656
+ ValidatePolicyResponse.add_member(:findings, Shapes::ShapeRef.new(shape: ValidatePolicyFindingList, required: true, location_name: "findings"))
657
+ ValidatePolicyResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location_name: "nextToken"))
658
+ ValidatePolicyResponse.struct_class = Types::ValidatePolicyResponse
659
+
596
660
  ValidationException.add_member(:field_list, Shapes::ShapeRef.new(shape: ValidationExceptionFieldList, location_name: "fieldList"))
597
661
  ValidationException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
598
662
  ValidationException.add_member(:reason, Shapes::ShapeRef.new(shape: ValidationExceptionReason, required: true, location_name: "reason"))
@@ -965,6 +1029,24 @@ module Aws::AccessAnalyzer
965
1029
  o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
966
1030
  o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
967
1031
  end)
1032
+
1033
+ api.add_operation(:validate_policy, Seahorse::Model::Operation.new.tap do |o|
1034
+ o.name = "ValidatePolicy"
1035
+ o.http_method = "POST"
1036
+ o.http_request_uri = "/policy/validation"
1037
+ o.input = Shapes::ShapeRef.new(shape: ValidatePolicyRequest)
1038
+ o.output = Shapes::ShapeRef.new(shape: ValidatePolicyResponse)
1039
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
1040
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
1041
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
1042
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
1043
+ o[:pager] = Aws::Pager.new(
1044
+ limit_key: "max_results",
1045
+ tokens: {
1046
+ "next_token" => "next_token"
1047
+ }
1048
+ )
1049
+ end)
968
1050
  end
969
1051
 
970
1052
  end
@@ -2111,6 +2111,26 @@ module Aws::AccessAnalyzer
2111
2111
  include Aws::Structure
2112
2112
  end
2113
2113
 
2114
+ # A location in a policy that is represented as a path through the JSON
2115
+ # representation and a corresponding span.
2116
+ #
2117
+ # @!attribute [rw] path
2118
+ # A path in a policy, represented as a sequence of path elements.
2119
+ # @return [Array<Types::PathElement>]
2120
+ #
2121
+ # @!attribute [rw] span
2122
+ # A span in a policy.
2123
+ # @return [Types::Span]
2124
+ #
2125
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Location AWS API Documentation
2126
+ #
2127
+ class Location < Struct.new(
2128
+ :path,
2129
+ :span)
2130
+ SENSITIVE = []
2131
+ include Aws::Structure
2132
+ end
2133
+
2114
2134
  # The proposed `InternetConfiguration` or `VpcConfiguration` to apply to
2115
2135
  # the Amazon S3 Access point. You can make the access point accessible
2116
2136
  # from the internet, or you can specify that all requests made through
@@ -2157,6 +2177,61 @@ module Aws::AccessAnalyzer
2157
2177
  include Aws::Structure
2158
2178
  end
2159
2179
 
2180
+ # A single element in a path through the JSON representation of a
2181
+ # policy.
2182
+ #
2183
+ # @!attribute [rw] index
2184
+ # Refers to an index in a JSON array.
2185
+ # @return [Integer]
2186
+ #
2187
+ # @!attribute [rw] key
2188
+ # Refers to a key in a JSON object.
2189
+ # @return [String]
2190
+ #
2191
+ # @!attribute [rw] substring
2192
+ # Refers to a substring of a literal string in a JSON object.
2193
+ # @return [Types::Substring]
2194
+ #
2195
+ # @!attribute [rw] value
2196
+ # Refers to the value associated with a given key in a JSON object.
2197
+ # @return [String]
2198
+ #
2199
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/PathElement AWS API Documentation
2200
+ #
2201
+ class PathElement < Struct.new(
2202
+ :index,
2203
+ :key,
2204
+ :substring,
2205
+ :value)
2206
+ SENSITIVE = []
2207
+ include Aws::Structure
2208
+ end
2209
+
2210
+ # A position in a policy.
2211
+ #
2212
+ # @!attribute [rw] column
2213
+ # The column of the position, starting from 0.
2214
+ # @return [Integer]
2215
+ #
2216
+ # @!attribute [rw] line
2217
+ # The line of the position, starting from 1.
2218
+ # @return [Integer]
2219
+ #
2220
+ # @!attribute [rw] offset
2221
+ # The offset within the policy that corresponds to the position,
2222
+ # starting from 0.
2223
+ # @return [Integer]
2224
+ #
2225
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Position AWS API Documentation
2226
+ #
2227
+ class Position < Struct.new(
2228
+ :column,
2229
+ :line,
2230
+ :offset)
2231
+ SENSITIVE = []
2232
+ include Aws::Structure
2233
+ end
2234
+
2160
2235
  # The specified resource could not be found.
2161
2236
  #
2162
2237
  # @!attribute [rw] message
@@ -2502,6 +2577,26 @@ module Aws::AccessAnalyzer
2502
2577
  include Aws::Structure
2503
2578
  end
2504
2579
 
2580
+ # A span in a policy. The span consists of a start position (inclusive)
2581
+ # and end position (exclusive).
2582
+ #
2583
+ # @!attribute [rw] end
2584
+ # The end position of the span (exclusive).
2585
+ # @return [Types::Position]
2586
+ #
2587
+ # @!attribute [rw] start
2588
+ # The start position of the span (inclusive).
2589
+ # @return [Types::Position]
2590
+ #
2591
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Span AWS API Documentation
2592
+ #
2593
+ class Span < Struct.new(
2594
+ :end,
2595
+ :start)
2596
+ SENSITIVE = []
2597
+ include Aws::Structure
2598
+ end
2599
+
2505
2600
  # The proposed access control configuration for an SQS queue. You can
2506
2601
  # propose a configuration for a new SQS queue or an existing SQS queue
2507
2602
  # that you own by specifying the SQS policy. If the configuration is for
@@ -2586,6 +2681,25 @@ module Aws::AccessAnalyzer
2586
2681
  include Aws::Structure
2587
2682
  end
2588
2683
 
2684
+ # A reference to a substring of a literal string in a JSON document.
2685
+ #
2686
+ # @!attribute [rw] length
2687
+ # The length of the substring.
2688
+ # @return [Integer]
2689
+ #
2690
+ # @!attribute [rw] start
2691
+ # The start index of the substring, starting from 0.
2692
+ # @return [Integer]
2693
+ #
2694
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Substring AWS API Documentation
2695
+ #
2696
+ class Substring < Struct.new(
2697
+ :length,
2698
+ :start)
2699
+ SENSITIVE = []
2700
+ include Aws::Structure
2701
+ end
2702
+
2589
2703
  # Adds a tag to the specified resource.
2590
2704
  #
2591
2705
  # @note When making an API call, you may pass TagResourceRequest
@@ -2777,6 +2891,127 @@ module Aws::AccessAnalyzer
2777
2891
  include Aws::Structure
2778
2892
  end
2779
2893
 
2894
+ # A finding in a policy. Each finding is an actionable recommendation
2895
+ # that can be used to improve the policy.
2896
+ #
2897
+ # @!attribute [rw] finding_details
2898
+ # A localized message that explains the finding and provides guidance
2899
+ # on how to address it.
2900
+ # @return [String]
2901
+ #
2902
+ # @!attribute [rw] finding_type
2903
+ # The impact of the finding.
2904
+ #
2905
+ # Security warnings report when the policy allows access that we
2906
+ # consider overly permissive.
2907
+ #
2908
+ # Errors report when a part of the policy is not functional.
2909
+ #
2910
+ # Warnings report non-security issues when a policy does not conform
2911
+ # to policy writing best practices.
2912
+ #
2913
+ # Suggestions recommend stylistic improvements in the policy that do
2914
+ # not impact access.
2915
+ # @return [String]
2916
+ #
2917
+ # @!attribute [rw] issue_code
2918
+ # The issue code provides an identifier of the issue associated with
2919
+ # this finding.
2920
+ # @return [String]
2921
+ #
2922
+ # @!attribute [rw] learn_more_link
2923
+ # A link to additional documentation about the type of finding.
2924
+ # @return [String]
2925
+ #
2926
+ # @!attribute [rw] locations
2927
+ # The list of locations in the policy document that are related to the
2928
+ # finding. The issue code provides a summary of an issue identified by
2929
+ # the finding.
2930
+ # @return [Array<Types::Location>]
2931
+ #
2932
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyFinding AWS API Documentation
2933
+ #
2934
+ class ValidatePolicyFinding < Struct.new(
2935
+ :finding_details,
2936
+ :finding_type,
2937
+ :issue_code,
2938
+ :learn_more_link,
2939
+ :locations)
2940
+ SENSITIVE = []
2941
+ include Aws::Structure
2942
+ end
2943
+
2944
+ # @note When making an API call, you may pass ValidatePolicyRequest
2945
+ # data as a hash:
2946
+ #
2947
+ # {
2948
+ # locale: "DE", # accepts DE, EN, ES, FR, IT, JA, KO, PT_BR, ZH_CN, ZH_TW
2949
+ # max_results: 1,
2950
+ # next_token: "Token",
2951
+ # policy_document: "PolicyDocument", # required
2952
+ # policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
2953
+ # }
2954
+ #
2955
+ # @!attribute [rw] locale
2956
+ # The locale to use for localizing the findings.
2957
+ # @return [String]
2958
+ #
2959
+ # @!attribute [rw] max_results
2960
+ # The maximum number of results to return in the response.
2961
+ # @return [Integer]
2962
+ #
2963
+ # @!attribute [rw] next_token
2964
+ # A token used for pagination of results returned.
2965
+ # @return [String]
2966
+ #
2967
+ # @!attribute [rw] policy_document
2968
+ # The JSON policy document to use as the content for the policy.
2969
+ # @return [String]
2970
+ #
2971
+ # @!attribute [rw] policy_type
2972
+ # The type of policy to validate. Identity policies grant permissions
2973
+ # to IAM principals. Identity policies include managed and inline
2974
+ # policies for IAM roles, users, and groups. They also include
2975
+ # service-control policies (SCPs) that are attached to an AWS
2976
+ # organization, organizational unit (OU), or an account.
2977
+ #
2978
+ # Resource policies grant permissions on AWS resources. Resource
2979
+ # policies include trust policies for IAM roles and bucket policies
2980
+ # for S3 buckets. You can provide a generic input such as identity
2981
+ # policy or resource policy or a specific input such as managed policy
2982
+ # or S3 bucket policy.
2983
+ # @return [String]
2984
+ #
2985
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyRequest AWS API Documentation
2986
+ #
2987
+ class ValidatePolicyRequest < Struct.new(
2988
+ :locale,
2989
+ :max_results,
2990
+ :next_token,
2991
+ :policy_document,
2992
+ :policy_type)
2993
+ SENSITIVE = []
2994
+ include Aws::Structure
2995
+ end
2996
+
2997
+ # @!attribute [rw] findings
2998
+ # The list of findings in a policy returned by Access Analyzer based
2999
+ # on its suite of policy checks.
3000
+ # @return [Array<Types::ValidatePolicyFinding>]
3001
+ #
3002
+ # @!attribute [rw] next_token
3003
+ # A token used for pagination of results returned.
3004
+ # @return [String]
3005
+ #
3006
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyResponse AWS API Documentation
3007
+ #
3008
+ class ValidatePolicyResponse < Struct.new(
3009
+ :findings,
3010
+ :next_token)
3011
+ SENSITIVE = []
3012
+ include Aws::Structure
3013
+ end
3014
+
2780
3015
  # Validation exception error.
2781
3016
  #
2782
3017
  # @!attribute [rw] field_list
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-accessanalyzer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.17.0
4
+ version: 1.18.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-10 00:00:00.000000000 Z
11
+ date: 2021-03-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core