aws-sdk-accessanalyzer 1.18.0 → 1.19.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 29ab0a18e5c2de22ef07a1640e09a6a252a2c3f4f360f84f9203644eb07ee9af
4
- data.tar.gz: c89e9bbefa4e981c75ddd2d5888763b15900f4edcf8fe48f4c5615cc98245ca6
3
+ metadata.gz: 65e73ab7a1dc9196dbd04862d778b147a7a85a133e5b55e19b239927e8c70317
4
+ data.tar.gz: cf441dbf05279c1d793815de79c8dabe2825f5fea3bcda7a6fe3e4ed5ff2ed22
5
5
  SHA512:
6
- metadata.gz: 69c525366ecdfa4c6832019200494e1eb4232cda4a5d1a9da77d0b855a2111a38b0de1111a2347f230826c3749ae55fdc27721b17e7909032949ea8994fcd026
7
- data.tar.gz: 8337deadabd6b7472eb9efe02eff85dc9c207896374c320626043b381b88f52ade18fbc145444781e63773c777fbcdb7d3c34681dc57b214c5333bf598d34725
6
+ metadata.gz: 5bf9c8d758ae7fabcdc590f220ebf07b903e13ab5039b3d1c73c6a45e252d7024d157f4d2f9b7905a8fc3a578e5e8ea9e04873349017113f7a47a8806f8d8ab0
7
+ data.tar.gz: e9398114a1660d2750d9f1ae41ec96a30bc0ebbe0a14bb69f5700a8577777cbc90ffb49ee0bf4d4f7bf08532e11d1b21f60f6e72d676391d8fc30640bdd8915a
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.19.0 (2021-04-07)
5
+ ------------------
6
+
7
+ * Feature - IAM Access Analyzer now analyzes your CloudTrail events to identify actions and services that have been used by an IAM entity (user or role) and generates an IAM policy that is based on that activity.
8
+
4
9
  1.18.0 (2021-03-16)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.18.0
1
+ 1.19.0
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-accessanalyzer/customizations'
48
48
  # @!group service
49
49
  module Aws::AccessAnalyzer
50
50
 
51
- GEM_VERSION = '1.18.0'
51
+ GEM_VERSION = '1.19.0'
52
52
 
53
53
  end
@@ -361,6 +361,31 @@ module Aws::AccessAnalyzer
361
361
  req.send_request(options)
362
362
  end
363
363
 
364
+ # Cancels the requested policy generation.
365
+ #
366
+ # @option params [required, String] :job_id
367
+ # The `JobId` that is returned by the `StartPolicyGeneration` operation.
368
+ # The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
369
+ # generated policies or used with `CancelPolicyGeneration` to cancel the
370
+ # policy generation request.
371
+ #
372
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
373
+ #
374
+ # @example Request syntax with placeholder values
375
+ #
376
+ # resp = client.cancel_policy_generation({
377
+ # job_id: "JobId", # required
378
+ # })
379
+ #
380
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CancelPolicyGeneration AWS API Documentation
381
+ #
382
+ # @overload cancel_policy_generation(params = {})
383
+ # @param [Hash] params ({})
384
+ def cancel_policy_generation(params = {}, options = {})
385
+ req = build_request(:cancel_policy_generation, params)
386
+ req.send_request(options)
387
+ end
388
+
364
389
  # Creates an access preview that allows you to preview Access Analyzer
365
390
  # findings for your resource before deploying resource permissions.
366
391
  #
@@ -920,6 +945,72 @@ module Aws::AccessAnalyzer
920
945
  req.send_request(options)
921
946
  end
922
947
 
948
+ # Retrieves the policy that was generated using `StartPolicyGeneration`.
949
+ #
950
+ # @option params [Boolean] :include_resource_placeholders
951
+ # The level of detail that you want to generate. You can specify whether
952
+ # to generate policies with placeholders for resource ARNs for actions
953
+ # that support resource level granularity in policies.
954
+ #
955
+ # For example, in the resource section of a policy, you can receive a
956
+ # placeholder such as `"Resource":"arn:aws:s3:::$\{BucketName\}"`
957
+ # instead of `"*"`.
958
+ #
959
+ # @option params [Boolean] :include_service_level_template
960
+ # The level of detail that you want to generate. You can specify whether
961
+ # to generate service-level policies.
962
+ #
963
+ # Access Analyzer uses `iam:servicelastaccessed` to identify services
964
+ # that have been used recently to create this service-level template.
965
+ #
966
+ # @option params [required, String] :job_id
967
+ # The `JobId` that is returned by the `StartPolicyGeneration` operation.
968
+ # The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
969
+ # generated policies or used with `CancelPolicyGeneration` to cancel the
970
+ # policy generation request.
971
+ #
972
+ # @return [Types::GetGeneratedPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
973
+ #
974
+ # * {Types::GetGeneratedPolicyResponse#generated_policy_result #generated_policy_result} => Types::GeneratedPolicyResult
975
+ # * {Types::GetGeneratedPolicyResponse#job_details #job_details} => Types::JobDetails
976
+ #
977
+ # @example Request syntax with placeholder values
978
+ #
979
+ # resp = client.get_generated_policy({
980
+ # include_resource_placeholders: false,
981
+ # include_service_level_template: false,
982
+ # job_id: "JobId", # required
983
+ # })
984
+ #
985
+ # @example Response structure
986
+ #
987
+ # resp.generated_policy_result.generated_policies #=> Array
988
+ # resp.generated_policy_result.generated_policies[0].policy #=> String
989
+ # resp.generated_policy_result.properties.cloud_trail_properties.end_time #=> Time
990
+ # resp.generated_policy_result.properties.cloud_trail_properties.start_time #=> Time
991
+ # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties #=> Array
992
+ # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].all_regions #=> Boolean
993
+ # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].cloud_trail_arn #=> String
994
+ # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions #=> Array
995
+ # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions[0] #=> String
996
+ # resp.generated_policy_result.properties.is_complete #=> Boolean
997
+ # resp.generated_policy_result.properties.principal_arn #=> String
998
+ # resp.job_details.completed_on #=> Time
999
+ # resp.job_details.job_error.code #=> String, one of "AUTHORIZATION_ERROR", "RESOURCE_NOT_FOUND_ERROR", "SERVICE_QUOTA_EXCEEDED_ERROR", "SERVICE_ERROR"
1000
+ # resp.job_details.job_error.message #=> String
1001
+ # resp.job_details.job_id #=> String
1002
+ # resp.job_details.started_on #=> Time
1003
+ # resp.job_details.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
1004
+ #
1005
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicy AWS API Documentation
1006
+ #
1007
+ # @overload get_generated_policy(params = {})
1008
+ # @param [Hash] params ({})
1009
+ def get_generated_policy(params = {}, options = {})
1010
+ req = build_request(:get_generated_policy, params)
1011
+ req.send_request(options)
1012
+ end
1013
+
923
1014
  # Retrieves a list of access preview findings generated by the specified
924
1015
  # access preview.
925
1016
  #
@@ -1292,6 +1383,53 @@ module Aws::AccessAnalyzer
1292
1383
  req.send_request(options)
1293
1384
  end
1294
1385
 
1386
+ # Lists all of the policy generations requested in the last seven days.
1387
+ #
1388
+ # @option params [Integer] :max_results
1389
+ # The maximum number of results to return in the response.
1390
+ #
1391
+ # @option params [String] :next_token
1392
+ # A token used for pagination of results returned.
1393
+ #
1394
+ # @option params [String] :principal_arn
1395
+ # The ARN of the IAM entity (user or role) for which you are generating
1396
+ # a policy. Use this with `ListGeneratedPolicies` to filter the results
1397
+ # to only include results for a specific principal.
1398
+ #
1399
+ # @return [Types::ListPolicyGenerationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1400
+ #
1401
+ # * {Types::ListPolicyGenerationsResponse#next_token #next_token} => String
1402
+ # * {Types::ListPolicyGenerationsResponse#policy_generations #policy_generations} => Array<Types::PolicyGeneration>
1403
+ #
1404
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1405
+ #
1406
+ # @example Request syntax with placeholder values
1407
+ #
1408
+ # resp = client.list_policy_generations({
1409
+ # max_results: 1,
1410
+ # next_token: "Token",
1411
+ # principal_arn: "PrincipalArn",
1412
+ # })
1413
+ #
1414
+ # @example Response structure
1415
+ #
1416
+ # resp.next_token #=> String
1417
+ # resp.policy_generations #=> Array
1418
+ # resp.policy_generations[0].completed_on #=> Time
1419
+ # resp.policy_generations[0].job_id #=> String
1420
+ # resp.policy_generations[0].principal_arn #=> String
1421
+ # resp.policy_generations[0].started_on #=> Time
1422
+ # resp.policy_generations[0].status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
1423
+ #
1424
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerations AWS API Documentation
1425
+ #
1426
+ # @overload list_policy_generations(params = {})
1427
+ # @param [Hash] params ({})
1428
+ def list_policy_generations(params = {}, options = {})
1429
+ req = build_request(:list_policy_generations, params)
1430
+ req.send_request(options)
1431
+ end
1432
+
1295
1433
  # Retrieves a list of tags applied to the specified resource.
1296
1434
  #
1297
1435
  # @option params [required, String] :resource_arn
@@ -1321,6 +1459,68 @@ module Aws::AccessAnalyzer
1321
1459
  req.send_request(options)
1322
1460
  end
1323
1461
 
1462
+ # Starts the policy generation request.
1463
+ #
1464
+ # @option params [String] :client_token
1465
+ # A unique, case-sensitive identifier that you provide to ensure the
1466
+ # idempotency of the request. Idempotency ensures that an API request
1467
+ # completes only once. With an idempotent request, if the original
1468
+ # request completes successfully, the subsequent retries with the same
1469
+ # client token return the result from the original successful request
1470
+ # and they have no additional effect.
1471
+ #
1472
+ # If you do not specify a client token, one is automatically generated
1473
+ # by the AWS SDK.
1474
+ #
1475
+ # **A suitable default value is auto-generated.** You should normally
1476
+ # not need to pass this option.**
1477
+ #
1478
+ # @option params [Types::CloudTrailDetails] :cloud_trail_details
1479
+ # A `CloudTrailDetails` object that contains details about a `Trail`
1480
+ # that you want to analyze to generate policies.
1481
+ #
1482
+ # @option params [required, Types::PolicyGenerationDetails] :policy_generation_details
1483
+ # Contains the ARN of the IAM entity (user or role) for which you are
1484
+ # generating a policy.
1485
+ #
1486
+ # @return [Types::StartPolicyGenerationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1487
+ #
1488
+ # * {Types::StartPolicyGenerationResponse#job_id #job_id} => String
1489
+ #
1490
+ # @example Request syntax with placeholder values
1491
+ #
1492
+ # resp = client.start_policy_generation({
1493
+ # client_token: "String",
1494
+ # cloud_trail_details: {
1495
+ # access_role: "RoleArn", # required
1496
+ # end_time: Time.now,
1497
+ # start_time: Time.now, # required
1498
+ # trails: [ # required
1499
+ # {
1500
+ # all_regions: false,
1501
+ # cloud_trail_arn: "CloudTrailArn", # required
1502
+ # regions: ["String"],
1503
+ # },
1504
+ # ],
1505
+ # },
1506
+ # policy_generation_details: { # required
1507
+ # principal_arn: "PrincipalArn", # required
1508
+ # },
1509
+ # })
1510
+ #
1511
+ # @example Response structure
1512
+ #
1513
+ # resp.job_id #=> String
1514
+ #
1515
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartPolicyGeneration AWS API Documentation
1516
+ #
1517
+ # @overload start_policy_generation(params = {})
1518
+ # @param [Hash] params ({})
1519
+ def start_policy_generation(params = {}, options = {})
1520
+ req = build_request(:start_policy_generation, params)
1521
+ req.send_request(options)
1522
+ end
1523
+
1324
1524
  # Immediately starts a scan of the policies applied to the specified
1325
1525
  # resource.
1326
1526
  #
@@ -1590,7 +1790,7 @@ module Aws::AccessAnalyzer
1590
1790
  params: params,
1591
1791
  config: config)
1592
1792
  context[:gem_name] = 'aws-sdk-accessanalyzer'
1593
- context[:gem_version] = '1.18.0'
1793
+ context[:gem_version] = '1.19.0'
1594
1794
  Seahorse::Client::Request.new(handlers, context)
1595
1795
  end
1596
1796
 
@@ -42,6 +42,11 @@ module Aws::AccessAnalyzer
42
42
  ArchiveRuleSummary = Shapes::StructureShape.new(name: 'ArchiveRuleSummary')
43
43
  ArchiveRulesList = Shapes::ListShape.new(name: 'ArchiveRulesList')
44
44
  Boolean = Shapes::BooleanShape.new(name: 'Boolean')
45
+ CancelPolicyGenerationRequest = Shapes::StructureShape.new(name: 'CancelPolicyGenerationRequest')
46
+ CancelPolicyGenerationResponse = Shapes::StructureShape.new(name: 'CancelPolicyGenerationResponse')
47
+ CloudTrailArn = Shapes::StringShape.new(name: 'CloudTrailArn')
48
+ CloudTrailDetails = Shapes::StructureShape.new(name: 'CloudTrailDetails')
49
+ CloudTrailProperties = Shapes::StructureShape.new(name: 'CloudTrailProperties')
45
50
  ConditionKeyMap = Shapes::MapShape.new(name: 'ConditionKeyMap')
46
51
  Configuration = Shapes::StructureShape.new(name: 'Configuration')
47
52
  ConfigurationsMap = Shapes::MapShape.new(name: 'ConfigurationsMap')
@@ -68,6 +73,10 @@ module Aws::AccessAnalyzer
68
73
  FindingStatusUpdate = Shapes::StringShape.new(name: 'FindingStatusUpdate')
69
74
  FindingSummary = Shapes::StructureShape.new(name: 'FindingSummary')
70
75
  FindingsList = Shapes::ListShape.new(name: 'FindingsList')
76
+ GeneratedPolicy = Shapes::StructureShape.new(name: 'GeneratedPolicy')
77
+ GeneratedPolicyList = Shapes::ListShape.new(name: 'GeneratedPolicyList')
78
+ GeneratedPolicyProperties = Shapes::StructureShape.new(name: 'GeneratedPolicyProperties')
79
+ GeneratedPolicyResult = Shapes::StructureShape.new(name: 'GeneratedPolicyResult')
71
80
  GetAccessPreviewRequest = Shapes::StructureShape.new(name: 'GetAccessPreviewRequest')
72
81
  GetAccessPreviewResponse = Shapes::StructureShape.new(name: 'GetAccessPreviewResponse')
73
82
  GetAnalyzedResourceRequest = Shapes::StructureShape.new(name: 'GetAnalyzedResourceRequest')
@@ -78,6 +87,8 @@ module Aws::AccessAnalyzer
78
87
  GetArchiveRuleResponse = Shapes::StructureShape.new(name: 'GetArchiveRuleResponse')
79
88
  GetFindingRequest = Shapes::StructureShape.new(name: 'GetFindingRequest')
80
89
  GetFindingResponse = Shapes::StructureShape.new(name: 'GetFindingResponse')
90
+ GetGeneratedPolicyRequest = Shapes::StructureShape.new(name: 'GetGeneratedPolicyRequest')
91
+ GetGeneratedPolicyResponse = Shapes::StructureShape.new(name: 'GetGeneratedPolicyResponse')
81
92
  GranteePrincipal = Shapes::StringShape.new(name: 'GranteePrincipal')
82
93
  IamRoleConfiguration = Shapes::StructureShape.new(name: 'IamRoleConfiguration')
83
94
  IamTrustPolicy = Shapes::StringShape.new(name: 'IamTrustPolicy')
@@ -88,6 +99,11 @@ module Aws::AccessAnalyzer
88
99
  InternetConfiguration = Shapes::StructureShape.new(name: 'InternetConfiguration')
89
100
  IssueCode = Shapes::StringShape.new(name: 'IssueCode')
90
101
  IssuingAccount = Shapes::StringShape.new(name: 'IssuingAccount')
102
+ JobDetails = Shapes::StructureShape.new(name: 'JobDetails')
103
+ JobError = Shapes::StructureShape.new(name: 'JobError')
104
+ JobErrorCode = Shapes::StringShape.new(name: 'JobErrorCode')
105
+ JobId = Shapes::StringShape.new(name: 'JobId')
106
+ JobStatus = Shapes::StringShape.new(name: 'JobStatus')
91
107
  KmsConstraintsKey = Shapes::StringShape.new(name: 'KmsConstraintsKey')
92
108
  KmsConstraintsMap = Shapes::MapShape.new(name: 'KmsConstraintsMap')
93
109
  KmsConstraintsValue = Shapes::StringShape.new(name: 'KmsConstraintsValue')
@@ -112,6 +128,9 @@ module Aws::AccessAnalyzer
112
128
  ListArchiveRulesResponse = Shapes::StructureShape.new(name: 'ListArchiveRulesResponse')
113
129
  ListFindingsRequest = Shapes::StructureShape.new(name: 'ListFindingsRequest')
114
130
  ListFindingsResponse = Shapes::StructureShape.new(name: 'ListFindingsResponse')
131
+ ListPolicyGenerationsRequest = Shapes::StructureShape.new(name: 'ListPolicyGenerationsRequest')
132
+ ListPolicyGenerationsRequestMaxResultsInteger = Shapes::IntegerShape.new(name: 'ListPolicyGenerationsRequestMaxResultsInteger')
133
+ ListPolicyGenerationsResponse = Shapes::StructureShape.new(name: 'ListPolicyGenerationsResponse')
115
134
  ListTagsForResourceRequest = Shapes::StructureShape.new(name: 'ListTagsForResourceRequest')
116
135
  ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
117
136
  Locale = Shapes::StringShape.new(name: 'Locale')
@@ -123,15 +142,21 @@ module Aws::AccessAnalyzer
123
142
  PathElement = Shapes::StructureShape.new(name: 'PathElement')
124
143
  PathElementList = Shapes::ListShape.new(name: 'PathElementList')
125
144
  PolicyDocument = Shapes::StringShape.new(name: 'PolicyDocument')
145
+ PolicyGeneration = Shapes::StructureShape.new(name: 'PolicyGeneration')
146
+ PolicyGenerationDetails = Shapes::StructureShape.new(name: 'PolicyGenerationDetails')
147
+ PolicyGenerationList = Shapes::ListShape.new(name: 'PolicyGenerationList')
126
148
  PolicyName = Shapes::StringShape.new(name: 'PolicyName')
127
149
  PolicyType = Shapes::StringShape.new(name: 'PolicyType')
128
150
  Position = Shapes::StructureShape.new(name: 'Position')
151
+ PrincipalArn = Shapes::StringShape.new(name: 'PrincipalArn')
129
152
  PrincipalMap = Shapes::MapShape.new(name: 'PrincipalMap')
130
153
  ReasonCode = Shapes::StringShape.new(name: 'ReasonCode')
154
+ RegionList = Shapes::ListShape.new(name: 'RegionList')
131
155
  ResourceArn = Shapes::StringShape.new(name: 'ResourceArn')
132
156
  ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
133
157
  ResourceType = Shapes::StringShape.new(name: 'ResourceType')
134
158
  RetiringPrincipal = Shapes::StringShape.new(name: 'RetiringPrincipal')
159
+ RoleArn = Shapes::StringShape.new(name: 'RoleArn')
135
160
  S3AccessPointConfiguration = Shapes::StructureShape.new(name: 'S3AccessPointConfiguration')
136
161
  S3AccessPointConfigurationsMap = Shapes::MapShape.new(name: 'S3AccessPointConfigurationsMap')
137
162
  S3BucketAclGrantConfiguration = Shapes::StructureShape.new(name: 'S3BucketAclGrantConfiguration')
@@ -148,6 +173,8 @@ module Aws::AccessAnalyzer
148
173
  Span = Shapes::StructureShape.new(name: 'Span')
149
174
  SqsQueueConfiguration = Shapes::StructureShape.new(name: 'SqsQueueConfiguration')
150
175
  SqsQueuePolicy = Shapes::StringShape.new(name: 'SqsQueuePolicy')
176
+ StartPolicyGenerationRequest = Shapes::StructureShape.new(name: 'StartPolicyGenerationRequest')
177
+ StartPolicyGenerationResponse = Shapes::StructureShape.new(name: 'StartPolicyGenerationResponse')
151
178
  StartResourceScanRequest = Shapes::StructureShape.new(name: 'StartResourceScanRequest')
152
179
  StatusReason = Shapes::StructureShape.new(name: 'StatusReason')
153
180
  String = Shapes::StringShape.new(name: 'String')
@@ -159,6 +186,10 @@ module Aws::AccessAnalyzer
159
186
  ThrottlingException = Shapes::StructureShape.new(name: 'ThrottlingException')
160
187
  Timestamp = Shapes::TimestampShape.new(name: 'Timestamp', timestampFormat: "iso8601")
161
188
  Token = Shapes::StringShape.new(name: 'Token')
189
+ Trail = Shapes::StructureShape.new(name: 'Trail')
190
+ TrailList = Shapes::ListShape.new(name: 'TrailList')
191
+ TrailProperties = Shapes::StructureShape.new(name: 'TrailProperties')
192
+ TrailPropertiesList = Shapes::ListShape.new(name: 'TrailPropertiesList')
162
193
  Type = Shapes::StringShape.new(name: 'Type')
163
194
  UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
164
195
  UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
@@ -271,6 +302,22 @@ module Aws::AccessAnalyzer
271
302
 
272
303
  ArchiveRulesList.member = Shapes::ShapeRef.new(shape: ArchiveRuleSummary)
273
304
 
305
+ CancelPolicyGenerationRequest.add_member(:job_id, Shapes::ShapeRef.new(shape: JobId, required: true, location: "uri", location_name: "jobId"))
306
+ CancelPolicyGenerationRequest.struct_class = Types::CancelPolicyGenerationRequest
307
+
308
+ CancelPolicyGenerationResponse.struct_class = Types::CancelPolicyGenerationResponse
309
+
310
+ CloudTrailDetails.add_member(:access_role, Shapes::ShapeRef.new(shape: RoleArn, required: true, location_name: "accessRole"))
311
+ CloudTrailDetails.add_member(:end_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "endTime"))
312
+ CloudTrailDetails.add_member(:start_time, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "startTime"))
313
+ CloudTrailDetails.add_member(:trails, Shapes::ShapeRef.new(shape: TrailList, required: true, location_name: "trails"))
314
+ CloudTrailDetails.struct_class = Types::CloudTrailDetails
315
+
316
+ CloudTrailProperties.add_member(:end_time, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "endTime"))
317
+ CloudTrailProperties.add_member(:start_time, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "startTime"))
318
+ CloudTrailProperties.add_member(:trail_properties, Shapes::ShapeRef.new(shape: TrailPropertiesList, required: true, location_name: "trailProperties"))
319
+ CloudTrailProperties.struct_class = Types::CloudTrailProperties
320
+
274
321
  ConditionKeyMap.key = Shapes::ShapeRef.new(shape: String)
275
322
  ConditionKeyMap.value = Shapes::ShapeRef.new(shape: String)
276
323
 
@@ -376,6 +423,20 @@ module Aws::AccessAnalyzer
376
423
 
377
424
  FindingsList.member = Shapes::ShapeRef.new(shape: FindingSummary)
378
425
 
426
+ GeneratedPolicy.add_member(:policy, Shapes::ShapeRef.new(shape: String, required: true, location_name: "policy"))
427
+ GeneratedPolicy.struct_class = Types::GeneratedPolicy
428
+
429
+ GeneratedPolicyList.member = Shapes::ShapeRef.new(shape: GeneratedPolicy)
430
+
431
+ GeneratedPolicyProperties.add_member(:cloud_trail_properties, Shapes::ShapeRef.new(shape: CloudTrailProperties, location_name: "cloudTrailProperties"))
432
+ GeneratedPolicyProperties.add_member(:is_complete, Shapes::ShapeRef.new(shape: Boolean, location_name: "isComplete"))
433
+ GeneratedPolicyProperties.add_member(:principal_arn, Shapes::ShapeRef.new(shape: PrincipalArn, required: true, location_name: "principalArn"))
434
+ GeneratedPolicyProperties.struct_class = Types::GeneratedPolicyProperties
435
+
436
+ GeneratedPolicyResult.add_member(:generated_policies, Shapes::ShapeRef.new(shape: GeneratedPolicyList, location_name: "generatedPolicies"))
437
+ GeneratedPolicyResult.add_member(:properties, Shapes::ShapeRef.new(shape: GeneratedPolicyProperties, required: true, location_name: "properties"))
438
+ GeneratedPolicyResult.struct_class = Types::GeneratedPolicyResult
439
+
379
440
  GetAccessPreviewRequest.add_member(:access_preview_id, Shapes::ShapeRef.new(shape: AccessPreviewId, required: true, location: "uri", location_name: "accessPreviewId"))
380
441
  GetAccessPreviewRequest.add_member(:analyzer_arn, Shapes::ShapeRef.new(shape: AnalyzerArn, required: true, location: "querystring", location_name: "analyzerArn"))
381
442
  GetAccessPreviewRequest.struct_class = Types::GetAccessPreviewRequest
@@ -410,6 +471,15 @@ module Aws::AccessAnalyzer
410
471
  GetFindingResponse.add_member(:finding, Shapes::ShapeRef.new(shape: Finding, location_name: "finding"))
411
472
  GetFindingResponse.struct_class = Types::GetFindingResponse
412
473
 
474
+ GetGeneratedPolicyRequest.add_member(:include_resource_placeholders, Shapes::ShapeRef.new(shape: Boolean, location: "querystring", location_name: "includeResourcePlaceholders"))
475
+ GetGeneratedPolicyRequest.add_member(:include_service_level_template, Shapes::ShapeRef.new(shape: Boolean, location: "querystring", location_name: "includeServiceLevelTemplate"))
476
+ GetGeneratedPolicyRequest.add_member(:job_id, Shapes::ShapeRef.new(shape: JobId, required: true, location: "uri", location_name: "jobId"))
477
+ GetGeneratedPolicyRequest.struct_class = Types::GetGeneratedPolicyRequest
478
+
479
+ GetGeneratedPolicyResponse.add_member(:generated_policy_result, Shapes::ShapeRef.new(shape: GeneratedPolicyResult, required: true, location_name: "generatedPolicyResult"))
480
+ GetGeneratedPolicyResponse.add_member(:job_details, Shapes::ShapeRef.new(shape: JobDetails, required: true, location_name: "jobDetails"))
481
+ GetGeneratedPolicyResponse.struct_class = Types::GetGeneratedPolicyResponse
482
+
413
483
  IamRoleConfiguration.add_member(:trust_policy, Shapes::ShapeRef.new(shape: IamTrustPolicy, location_name: "trustPolicy"))
414
484
  IamRoleConfiguration.struct_class = Types::IamRoleConfiguration
415
485
 
@@ -425,6 +495,17 @@ module Aws::AccessAnalyzer
425
495
 
426
496
  InternetConfiguration.struct_class = Types::InternetConfiguration
427
497
 
498
+ JobDetails.add_member(:completed_on, Shapes::ShapeRef.new(shape: Timestamp, location_name: "completedOn"))
499
+ JobDetails.add_member(:job_error, Shapes::ShapeRef.new(shape: JobError, location_name: "jobError"))
500
+ JobDetails.add_member(:job_id, Shapes::ShapeRef.new(shape: JobId, required: true, location_name: "jobId"))
501
+ JobDetails.add_member(:started_on, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "startedOn"))
502
+ JobDetails.add_member(:status, Shapes::ShapeRef.new(shape: JobStatus, required: true, location_name: "status"))
503
+ JobDetails.struct_class = Types::JobDetails
504
+
505
+ JobError.add_member(:code, Shapes::ShapeRef.new(shape: JobErrorCode, required: true, location_name: "code"))
506
+ JobError.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
507
+ JobError.struct_class = Types::JobError
508
+
428
509
  KmsConstraintsMap.key = Shapes::ShapeRef.new(shape: KmsConstraintsKey)
429
510
  KmsConstraintsMap.value = Shapes::ShapeRef.new(shape: KmsConstraintsValue)
430
511
 
@@ -509,6 +590,15 @@ module Aws::AccessAnalyzer
509
590
  ListFindingsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location_name: "nextToken"))
510
591
  ListFindingsResponse.struct_class = Types::ListFindingsResponse
511
592
 
593
+ ListPolicyGenerationsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: ListPolicyGenerationsRequestMaxResultsInteger, location: "querystring", location_name: "maxResults"))
594
+ ListPolicyGenerationsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location: "querystring", location_name: "nextToken"))
595
+ ListPolicyGenerationsRequest.add_member(:principal_arn, Shapes::ShapeRef.new(shape: PrincipalArn, location: "querystring", location_name: "principalArn"))
596
+ ListPolicyGenerationsRequest.struct_class = Types::ListPolicyGenerationsRequest
597
+
598
+ ListPolicyGenerationsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location_name: "nextToken"))
599
+ ListPolicyGenerationsResponse.add_member(:policy_generations, Shapes::ShapeRef.new(shape: PolicyGenerationList, required: true, location_name: "policyGenerations"))
600
+ ListPolicyGenerationsResponse.struct_class = Types::ListPolicyGenerationsResponse
601
+
512
602
  ListTagsForResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "resourceArn"))
513
603
  ListTagsForResourceRequest.struct_class = Types::ListTagsForResourceRequest
514
604
 
@@ -533,6 +623,18 @@ module Aws::AccessAnalyzer
533
623
 
534
624
  PathElementList.member = Shapes::ShapeRef.new(shape: PathElement)
535
625
 
626
+ PolicyGeneration.add_member(:completed_on, Shapes::ShapeRef.new(shape: Timestamp, location_name: "completedOn"))
627
+ PolicyGeneration.add_member(:job_id, Shapes::ShapeRef.new(shape: JobId, required: true, location_name: "jobId"))
628
+ PolicyGeneration.add_member(:principal_arn, Shapes::ShapeRef.new(shape: PrincipalArn, required: true, location_name: "principalArn"))
629
+ PolicyGeneration.add_member(:started_on, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "startedOn"))
630
+ PolicyGeneration.add_member(:status, Shapes::ShapeRef.new(shape: JobStatus, required: true, location_name: "status"))
631
+ PolicyGeneration.struct_class = Types::PolicyGeneration
632
+
633
+ PolicyGenerationDetails.add_member(:principal_arn, Shapes::ShapeRef.new(shape: PrincipalArn, required: true, location_name: "principalArn"))
634
+ PolicyGenerationDetails.struct_class = Types::PolicyGenerationDetails
635
+
636
+ PolicyGenerationList.member = Shapes::ShapeRef.new(shape: PolicyGeneration)
637
+
536
638
  Position.add_member(:column, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "column"))
537
639
  Position.add_member(:line, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "line"))
538
640
  Position.add_member(:offset, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "offset"))
@@ -541,6 +643,8 @@ module Aws::AccessAnalyzer
541
643
  PrincipalMap.key = Shapes::ShapeRef.new(shape: String)
542
644
  PrincipalMap.value = Shapes::ShapeRef.new(shape: String)
543
645
 
646
+ RegionList.member = Shapes::ShapeRef.new(shape: String)
647
+
544
648
  ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
545
649
  ResourceNotFoundException.add_member(:resource_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "resourceId"))
546
650
  ResourceNotFoundException.add_member(:resource_type, Shapes::ShapeRef.new(shape: String, required: true, location_name: "resourceType"))
@@ -592,6 +696,14 @@ module Aws::AccessAnalyzer
592
696
  SqsQueueConfiguration.add_member(:queue_policy, Shapes::ShapeRef.new(shape: SqsQueuePolicy, location_name: "queuePolicy"))
593
697
  SqsQueueConfiguration.struct_class = Types::SqsQueueConfiguration
594
698
 
699
+ StartPolicyGenerationRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: String, location_name: "clientToken", metadata: {"idempotencyToken"=>true}))
700
+ StartPolicyGenerationRequest.add_member(:cloud_trail_details, Shapes::ShapeRef.new(shape: CloudTrailDetails, location_name: "cloudTrailDetails"))
701
+ StartPolicyGenerationRequest.add_member(:policy_generation_details, Shapes::ShapeRef.new(shape: PolicyGenerationDetails, required: true, location_name: "policyGenerationDetails"))
702
+ StartPolicyGenerationRequest.struct_class = Types::StartPolicyGenerationRequest
703
+
704
+ StartPolicyGenerationResponse.add_member(:job_id, Shapes::ShapeRef.new(shape: JobId, required: true, location_name: "jobId"))
705
+ StartPolicyGenerationResponse.struct_class = Types::StartPolicyGenerationResponse
706
+
595
707
  StartResourceScanRequest.add_member(:analyzer_arn, Shapes::ShapeRef.new(shape: AnalyzerArn, required: true, location_name: "analyzerArn"))
596
708
  StartResourceScanRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "resourceArn"))
597
709
  StartResourceScanRequest.struct_class = Types::StartResourceScanRequest
@@ -618,6 +730,20 @@ module Aws::AccessAnalyzer
618
730
  ThrottlingException.add_member(:retry_after_seconds, Shapes::ShapeRef.new(shape: Integer, location: "header", location_name: "Retry-After"))
619
731
  ThrottlingException.struct_class = Types::ThrottlingException
620
732
 
733
+ Trail.add_member(:all_regions, Shapes::ShapeRef.new(shape: Boolean, location_name: "allRegions"))
734
+ Trail.add_member(:cloud_trail_arn, Shapes::ShapeRef.new(shape: CloudTrailArn, required: true, location_name: "cloudTrailArn"))
735
+ Trail.add_member(:regions, Shapes::ShapeRef.new(shape: RegionList, location_name: "regions"))
736
+ Trail.struct_class = Types::Trail
737
+
738
+ TrailList.member = Shapes::ShapeRef.new(shape: Trail)
739
+
740
+ TrailProperties.add_member(:all_regions, Shapes::ShapeRef.new(shape: Boolean, location_name: "allRegions"))
741
+ TrailProperties.add_member(:cloud_trail_arn, Shapes::ShapeRef.new(shape: CloudTrailArn, required: true, location_name: "cloudTrailArn"))
742
+ TrailProperties.add_member(:regions, Shapes::ShapeRef.new(shape: RegionList, location_name: "regions"))
743
+ TrailProperties.struct_class = Types::TrailProperties
744
+
745
+ TrailPropertiesList.member = Shapes::ShapeRef.new(shape: TrailProperties)
746
+
621
747
  UntagResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "resourceArn"))
622
748
  UntagResourceRequest.add_member(:tag_keys, Shapes::ShapeRef.new(shape: TagKeys, required: true, location: "querystring", location_name: "tagKeys"))
623
749
  UntagResourceRequest.struct_class = Types::UntagResourceRequest
@@ -704,6 +830,18 @@ module Aws::AccessAnalyzer
704
830
  o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
705
831
  end)
706
832
 
833
+ api.add_operation(:cancel_policy_generation, Seahorse::Model::Operation.new.tap do |o|
834
+ o.name = "CancelPolicyGeneration"
835
+ o.http_method = "PUT"
836
+ o.http_request_uri = "/policy/generation/{jobId}"
837
+ o.input = Shapes::ShapeRef.new(shape: CancelPolicyGenerationRequest)
838
+ o.output = Shapes::ShapeRef.new(shape: CancelPolicyGenerationResponse)
839
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
840
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
841
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
842
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
843
+ end)
844
+
707
845
  api.add_operation(:create_access_preview, Seahorse::Model::Operation.new.tap do |o|
708
846
  o.name = "CreateAccessPreview"
709
847
  o.http_method = "PUT"
@@ -839,6 +977,18 @@ module Aws::AccessAnalyzer
839
977
  o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
840
978
  end)
841
979
 
980
+ api.add_operation(:get_generated_policy, Seahorse::Model::Operation.new.tap do |o|
981
+ o.name = "GetGeneratedPolicy"
982
+ o.http_method = "GET"
983
+ o.http_request_uri = "/policy/generation/{jobId}"
984
+ o.input = Shapes::ShapeRef.new(shape: GetGeneratedPolicyRequest)
985
+ o.output = Shapes::ShapeRef.new(shape: GetGeneratedPolicyResponse)
986
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
987
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
988
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
989
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
990
+ end)
991
+
842
992
  api.add_operation(:list_access_preview_findings, Seahorse::Model::Operation.new.tap do |o|
843
993
  o.name = "ListAccessPreviewFindings"
844
994
  o.http_method = "POST"
@@ -952,6 +1102,24 @@ module Aws::AccessAnalyzer
952
1102
  )
953
1103
  end)
954
1104
 
1105
+ api.add_operation(:list_policy_generations, Seahorse::Model::Operation.new.tap do |o|
1106
+ o.name = "ListPolicyGenerations"
1107
+ o.http_method = "GET"
1108
+ o.http_request_uri = "/policy/generation"
1109
+ o.input = Shapes::ShapeRef.new(shape: ListPolicyGenerationsRequest)
1110
+ o.output = Shapes::ShapeRef.new(shape: ListPolicyGenerationsResponse)
1111
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
1112
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
1113
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
1114
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
1115
+ o[:pager] = Aws::Pager.new(
1116
+ limit_key: "max_results",
1117
+ tokens: {
1118
+ "next_token" => "next_token"
1119
+ }
1120
+ )
1121
+ end)
1122
+
955
1123
  api.add_operation(:list_tags_for_resource, Seahorse::Model::Operation.new.tap do |o|
956
1124
  o.name = "ListTagsForResource"
957
1125
  o.http_method = "GET"
@@ -965,6 +1133,20 @@ module Aws::AccessAnalyzer
965
1133
  o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
966
1134
  end)
967
1135
 
1136
+ api.add_operation(:start_policy_generation, Seahorse::Model::Operation.new.tap do |o|
1137
+ o.name = "StartPolicyGeneration"
1138
+ o.http_method = "PUT"
1139
+ o.http_request_uri = "/policy/generation"
1140
+ o.input = Shapes::ShapeRef.new(shape: StartPolicyGenerationRequest)
1141
+ o.output = Shapes::ShapeRef.new(shape: StartPolicyGenerationResponse)
1142
+ o.errors << Shapes::ShapeRef.new(shape: ConflictException)
1143
+ o.errors << Shapes::ShapeRef.new(shape: ValidationException)
1144
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
1145
+ o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
1146
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
1147
+ o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
1148
+ end)
1149
+
968
1150
  api.add_operation(:start_resource_scan, Seahorse::Model::Operation.new.tap do |o|
969
1151
  o.name = "StartResourceScan"
970
1152
  o.http_method = "POST"
@@ -506,6 +506,113 @@ module Aws::AccessAnalyzer
506
506
  include Aws::Structure
507
507
  end
508
508
 
509
+ # @note When making an API call, you may pass CancelPolicyGenerationRequest
510
+ # data as a hash:
511
+ #
512
+ # {
513
+ # job_id: "JobId", # required
514
+ # }
515
+ #
516
+ # @!attribute [rw] job_id
517
+ # The `JobId` that is returned by the `StartPolicyGeneration`
518
+ # operation. The `JobId` can be used with `GetGeneratedPolicy` to
519
+ # retrieve the generated policies or used with
520
+ # `CancelPolicyGeneration` to cancel the policy generation request.
521
+ # @return [String]
522
+ #
523
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CancelPolicyGenerationRequest AWS API Documentation
524
+ #
525
+ class CancelPolicyGenerationRequest < Struct.new(
526
+ :job_id)
527
+ SENSITIVE = []
528
+ include Aws::Structure
529
+ end
530
+
531
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CancelPolicyGenerationResponse AWS API Documentation
532
+ #
533
+ class CancelPolicyGenerationResponse < Aws::EmptyStructure; end
534
+
535
+ # Contains information about CloudTrail access.
536
+ #
537
+ # @note When making an API call, you may pass CloudTrailDetails
538
+ # data as a hash:
539
+ #
540
+ # {
541
+ # access_role: "RoleArn", # required
542
+ # end_time: Time.now,
543
+ # start_time: Time.now, # required
544
+ # trails: [ # required
545
+ # {
546
+ # all_regions: false,
547
+ # cloud_trail_arn: "CloudTrailArn", # required
548
+ # regions: ["String"],
549
+ # },
550
+ # ],
551
+ # }
552
+ #
553
+ # @!attribute [rw] access_role
554
+ # The ARN of the service role that Access Analyzer uses to access your
555
+ # CloudTrail trail and service last accessed information.
556
+ # @return [String]
557
+ #
558
+ # @!attribute [rw] end_time
559
+ # The end of the time range for which Access Analyzer reviews your
560
+ # CloudTrail events. Events with a timestamp after this time are not
561
+ # considered to generate a policy. If this is not included in the
562
+ # request, the default value is the current time.
563
+ # @return [Time]
564
+ #
565
+ # @!attribute [rw] start_time
566
+ # The start of the time range for which Access Analyzer reviews your
567
+ # CloudTrail events. Events with a timestamp before this time are not
568
+ # considered to generate a policy.
569
+ # @return [Time]
570
+ #
571
+ # @!attribute [rw] trails
572
+ # A `Trail` object that contains settings for a trail.
573
+ # @return [Array<Types::Trail>]
574
+ #
575
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CloudTrailDetails AWS API Documentation
576
+ #
577
+ class CloudTrailDetails < Struct.new(
578
+ :access_role,
579
+ :end_time,
580
+ :start_time,
581
+ :trails)
582
+ SENSITIVE = []
583
+ include Aws::Structure
584
+ end
585
+
586
+ # Contains information about CloudTrail access.
587
+ #
588
+ # @!attribute [rw] end_time
589
+ # The end of the time range for which Access Analyzer reviews your
590
+ # CloudTrail events. Events with a timestamp after this time are not
591
+ # considered to generate a policy. If this is not included in the
592
+ # request, the default value is the current time.
593
+ # @return [Time]
594
+ #
595
+ # @!attribute [rw] start_time
596
+ # The start of the time range for which Access Analyzer reviews your
597
+ # CloudTrail events. Events with a timestamp before this time are not
598
+ # considered to generate a policy.
599
+ # @return [Time]
600
+ #
601
+ # @!attribute [rw] trail_properties
602
+ # A `TrailProperties` object that contains settings for trail
603
+ # properties.
604
+ # @return [Array<Types::TrailProperties>]
605
+ #
606
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CloudTrailProperties AWS API Documentation
607
+ #
608
+ class CloudTrailProperties < Struct.new(
609
+ :end_time,
610
+ :start_time,
611
+ :trail_properties)
612
+ SENSITIVE = []
613
+ include Aws::Structure
614
+ end
615
+
509
616
  # Access control configuration structures for your resource. You specify
510
617
  # the configuration as a type-value pair. You can specify only one type
511
618
  # of access control configuration.
@@ -1204,6 +1311,77 @@ module Aws::AccessAnalyzer
1204
1311
  include Aws::Structure
1205
1312
  end
1206
1313
 
1314
+ # Contains the text for the generated policy.
1315
+ #
1316
+ # @!attribute [rw] policy
1317
+ # The text to use as the content for the new policy. The policy is
1318
+ # created using the [CreatePolicy][1] action.
1319
+ #
1320
+ #
1321
+ #
1322
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
1323
+ # @return [String]
1324
+ #
1325
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicy AWS API Documentation
1326
+ #
1327
+ class GeneratedPolicy < Struct.new(
1328
+ :policy)
1329
+ SENSITIVE = []
1330
+ include Aws::Structure
1331
+ end
1332
+
1333
+ # Contains the generated policy details.
1334
+ #
1335
+ # @!attribute [rw] cloud_trail_properties
1336
+ # Lists details about the `Trail` used to generated policy.
1337
+ # @return [Types::CloudTrailProperties]
1338
+ #
1339
+ # @!attribute [rw] is_complete
1340
+ # This value is set to `true` if the generated policy contains all
1341
+ # possible actions for a service that Access Analyzer identified from
1342
+ # the CloudTrail trail that you specified, and `false` otherwise.
1343
+ # @return [Boolean]
1344
+ #
1345
+ # @!attribute [rw] principal_arn
1346
+ # The ARN of the IAM entity (user or role) for which you are
1347
+ # generating a policy.
1348
+ # @return [String]
1349
+ #
1350
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicyProperties AWS API Documentation
1351
+ #
1352
+ class GeneratedPolicyProperties < Struct.new(
1353
+ :cloud_trail_properties,
1354
+ :is_complete,
1355
+ :principal_arn)
1356
+ SENSITIVE = []
1357
+ include Aws::Structure
1358
+ end
1359
+
1360
+ # Contains the text for the generated policy and its details.
1361
+ #
1362
+ # @!attribute [rw] generated_policies
1363
+ # The text to use as the content for the new policy. The policy is
1364
+ # created using the [CreatePolicy][1] action.
1365
+ #
1366
+ #
1367
+ #
1368
+ # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
1369
+ # @return [Array<Types::GeneratedPolicy>]
1370
+ #
1371
+ # @!attribute [rw] properties
1372
+ # A `GeneratedPolicyProperties` object that contains properties of the
1373
+ # generated policy.
1374
+ # @return [Types::GeneratedPolicyProperties]
1375
+ #
1376
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicyResult AWS API Documentation
1377
+ #
1378
+ class GeneratedPolicyResult < Struct.new(
1379
+ :generated_policies,
1380
+ :properties)
1381
+ SENSITIVE = []
1382
+ include Aws::Structure
1383
+ end
1384
+
1207
1385
  # @note When making an API call, you may pass GetAccessPreviewRequest
1208
1386
  # data as a hash:
1209
1387
  #
@@ -1413,6 +1591,69 @@ module Aws::AccessAnalyzer
1413
1591
  include Aws::Structure
1414
1592
  end
1415
1593
 
1594
+ # @note When making an API call, you may pass GetGeneratedPolicyRequest
1595
+ # data as a hash:
1596
+ #
1597
+ # {
1598
+ # include_resource_placeholders: false,
1599
+ # include_service_level_template: false,
1600
+ # job_id: "JobId", # required
1601
+ # }
1602
+ #
1603
+ # @!attribute [rw] include_resource_placeholders
1604
+ # The level of detail that you want to generate. You can specify
1605
+ # whether to generate policies with placeholders for resource ARNs for
1606
+ # actions that support resource level granularity in policies.
1607
+ #
1608
+ # For example, in the resource section of a policy, you can receive a
1609
+ # placeholder such as `"Resource":"arn:aws:s3:::$\{BucketName\}"`
1610
+ # instead of `"*"`.
1611
+ # @return [Boolean]
1612
+ #
1613
+ # @!attribute [rw] include_service_level_template
1614
+ # The level of detail that you want to generate. You can specify
1615
+ # whether to generate service-level policies.
1616
+ #
1617
+ # Access Analyzer uses `iam:servicelastaccessed` to identify services
1618
+ # that have been used recently to create this service-level template.
1619
+ # @return [Boolean]
1620
+ #
1621
+ # @!attribute [rw] job_id
1622
+ # The `JobId` that is returned by the `StartPolicyGeneration`
1623
+ # operation. The `JobId` can be used with `GetGeneratedPolicy` to
1624
+ # retrieve the generated policies or used with
1625
+ # `CancelPolicyGeneration` to cancel the policy generation request.
1626
+ # @return [String]
1627
+ #
1628
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicyRequest AWS API Documentation
1629
+ #
1630
+ class GetGeneratedPolicyRequest < Struct.new(
1631
+ :include_resource_placeholders,
1632
+ :include_service_level_template,
1633
+ :job_id)
1634
+ SENSITIVE = []
1635
+ include Aws::Structure
1636
+ end
1637
+
1638
+ # @!attribute [rw] generated_policy_result
1639
+ # A `GeneratedPolicyResult` object that contains the generated
1640
+ # policies and associated details.
1641
+ # @return [Types::GeneratedPolicyResult]
1642
+ #
1643
+ # @!attribute [rw] job_details
1644
+ # A `GeneratedPolicyDetails` object that contains details about the
1645
+ # generated policy.
1646
+ # @return [Types::JobDetails]
1647
+ #
1648
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicyResponse AWS API Documentation
1649
+ #
1650
+ class GetGeneratedPolicyResponse < Struct.new(
1651
+ :generated_policy_result,
1652
+ :job_details)
1653
+ SENSITIVE = []
1654
+ include Aws::Structure
1655
+ end
1656
+
1416
1657
  # The proposed access control configuration for an IAM role. You can
1417
1658
  # propose a configuration for a new IAM role or an existing IAM role
1418
1659
  # that you own by specifying the trust policy. If the configuration is
@@ -1508,6 +1749,63 @@ module Aws::AccessAnalyzer
1508
1749
  #
1509
1750
  class InternetConfiguration < Aws::EmptyStructure; end
1510
1751
 
1752
+ # Contains details about the policy generation request.
1753
+ #
1754
+ # @!attribute [rw] completed_on
1755
+ # A timestamp of when the job was completed.
1756
+ # @return [Time]
1757
+ #
1758
+ # @!attribute [rw] job_error
1759
+ # Contains the details about the policy generation error.
1760
+ # @return [Types::JobError]
1761
+ #
1762
+ # @!attribute [rw] job_id
1763
+ # The `JobId` that is returned by the `StartPolicyGeneration`
1764
+ # operation. The `JobId` can be used with `GetGeneratedPolicy` to
1765
+ # retrieve the generated policies or used with
1766
+ # `CancelPolicyGeneration` to cancel the policy generation request.
1767
+ # @return [String]
1768
+ #
1769
+ # @!attribute [rw] started_on
1770
+ # A timestamp of when the job was started.
1771
+ # @return [Time]
1772
+ #
1773
+ # @!attribute [rw] status
1774
+ # The status of the job request.
1775
+ # @return [String]
1776
+ #
1777
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/JobDetails AWS API Documentation
1778
+ #
1779
+ class JobDetails < Struct.new(
1780
+ :completed_on,
1781
+ :job_error,
1782
+ :job_id,
1783
+ :started_on,
1784
+ :status)
1785
+ SENSITIVE = []
1786
+ include Aws::Structure
1787
+ end
1788
+
1789
+ # Contains the details about the policy generation error.
1790
+ #
1791
+ # @!attribute [rw] code
1792
+ # The job error code.
1793
+ # @return [String]
1794
+ #
1795
+ # @!attribute [rw] message
1796
+ # Specific information about the error. For example, which service
1797
+ # quota was exceeded or which resource was not found.
1798
+ # @return [String]
1799
+ #
1800
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/JobError AWS API Documentation
1801
+ #
1802
+ class JobError < Struct.new(
1803
+ :code,
1804
+ :message)
1805
+ SENSITIVE = []
1806
+ include Aws::Structure
1807
+ end
1808
+
1511
1809
  # A proposed grant configuration for a KMS key. For more information,
1512
1810
  # see [CreateGrant][1].
1513
1811
  #
@@ -2076,6 +2374,57 @@ module Aws::AccessAnalyzer
2076
2374
  include Aws::Structure
2077
2375
  end
2078
2376
 
2377
+ # @note When making an API call, you may pass ListPolicyGenerationsRequest
2378
+ # data as a hash:
2379
+ #
2380
+ # {
2381
+ # max_results: 1,
2382
+ # next_token: "Token",
2383
+ # principal_arn: "PrincipalArn",
2384
+ # }
2385
+ #
2386
+ # @!attribute [rw] max_results
2387
+ # The maximum number of results to return in the response.
2388
+ # @return [Integer]
2389
+ #
2390
+ # @!attribute [rw] next_token
2391
+ # A token used for pagination of results returned.
2392
+ # @return [String]
2393
+ #
2394
+ # @!attribute [rw] principal_arn
2395
+ # The ARN of the IAM entity (user or role) for which you are
2396
+ # generating a policy. Use this with `ListGeneratedPolicies` to filter
2397
+ # the results to only include results for a specific principal.
2398
+ # @return [String]
2399
+ #
2400
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerationsRequest AWS API Documentation
2401
+ #
2402
+ class ListPolicyGenerationsRequest < Struct.new(
2403
+ :max_results,
2404
+ :next_token,
2405
+ :principal_arn)
2406
+ SENSITIVE = []
2407
+ include Aws::Structure
2408
+ end
2409
+
2410
+ # @!attribute [rw] next_token
2411
+ # A token used for pagination of results returned.
2412
+ # @return [String]
2413
+ #
2414
+ # @!attribute [rw] policy_generations
2415
+ # A `PolicyGeneration` object that contains details about the
2416
+ # generated policy.
2417
+ # @return [Array<Types::PolicyGeneration>]
2418
+ #
2419
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerationsResponse AWS API Documentation
2420
+ #
2421
+ class ListPolicyGenerationsResponse < Struct.new(
2422
+ :next_token,
2423
+ :policy_generations)
2424
+ SENSITIVE = []
2425
+ include Aws::Structure
2426
+ end
2427
+
2079
2428
  # Retrieves a list of tags applied to the specified resource.
2080
2429
  #
2081
2430
  # @note When making an API call, you may pass ListTagsForResourceRequest
@@ -2207,6 +2556,67 @@ module Aws::AccessAnalyzer
2207
2556
  include Aws::Structure
2208
2557
  end
2209
2558
 
2559
+ # Contains details about the policy generation status and properties.
2560
+ #
2561
+ # @!attribute [rw] completed_on
2562
+ # A timestamp of when the policy generation was completed.
2563
+ # @return [Time]
2564
+ #
2565
+ # @!attribute [rw] job_id
2566
+ # The `JobId` that is returned by the `StartPolicyGeneration`
2567
+ # operation. The `JobId` can be used with `GetGeneratedPolicy` to
2568
+ # retrieve the generated policies or used with
2569
+ # `CancelPolicyGeneration` to cancel the policy generation request.
2570
+ # @return [String]
2571
+ #
2572
+ # @!attribute [rw] principal_arn
2573
+ # The ARN of the IAM entity (user or role) for which you are
2574
+ # generating a policy.
2575
+ # @return [String]
2576
+ #
2577
+ # @!attribute [rw] started_on
2578
+ # A timestamp of when the policy generation started.
2579
+ # @return [Time]
2580
+ #
2581
+ # @!attribute [rw] status
2582
+ # The status of the policy generation request.
2583
+ # @return [String]
2584
+ #
2585
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/PolicyGeneration AWS API Documentation
2586
+ #
2587
+ class PolicyGeneration < Struct.new(
2588
+ :completed_on,
2589
+ :job_id,
2590
+ :principal_arn,
2591
+ :started_on,
2592
+ :status)
2593
+ SENSITIVE = []
2594
+ include Aws::Structure
2595
+ end
2596
+
2597
+ # Contains the ARN details about the IAM entity for which the policy is
2598
+ # generated.
2599
+ #
2600
+ # @note When making an API call, you may pass PolicyGenerationDetails
2601
+ # data as a hash:
2602
+ #
2603
+ # {
2604
+ # principal_arn: "PrincipalArn", # required
2605
+ # }
2606
+ #
2607
+ # @!attribute [rw] principal_arn
2608
+ # The ARN of the IAM entity (user or role) for which you are
2609
+ # generating a policy.
2610
+ # @return [String]
2611
+ #
2612
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/PolicyGenerationDetails AWS API Documentation
2613
+ #
2614
+ class PolicyGenerationDetails < Struct.new(
2615
+ :principal_arn)
2616
+ SENSITIVE = []
2617
+ include Aws::Structure
2618
+ end
2619
+
2210
2620
  # A position in a policy.
2211
2621
  #
2212
2622
  # @!attribute [rw] column
@@ -2631,6 +3041,78 @@ module Aws::AccessAnalyzer
2631
3041
  include Aws::Structure
2632
3042
  end
2633
3043
 
3044
+ # @note When making an API call, you may pass StartPolicyGenerationRequest
3045
+ # data as a hash:
3046
+ #
3047
+ # {
3048
+ # client_token: "String",
3049
+ # cloud_trail_details: {
3050
+ # access_role: "RoleArn", # required
3051
+ # end_time: Time.now,
3052
+ # start_time: Time.now, # required
3053
+ # trails: [ # required
3054
+ # {
3055
+ # all_regions: false,
3056
+ # cloud_trail_arn: "CloudTrailArn", # required
3057
+ # regions: ["String"],
3058
+ # },
3059
+ # ],
3060
+ # },
3061
+ # policy_generation_details: { # required
3062
+ # principal_arn: "PrincipalArn", # required
3063
+ # },
3064
+ # }
3065
+ #
3066
+ # @!attribute [rw] client_token
3067
+ # A unique, case-sensitive identifier that you provide to ensure the
3068
+ # idempotency of the request. Idempotency ensures that an API request
3069
+ # completes only once. With an idempotent request, if the original
3070
+ # request completes successfully, the subsequent retries with the same
3071
+ # client token return the result from the original successful request
3072
+ # and they have no additional effect.
3073
+ #
3074
+ # If you do not specify a client token, one is automatically generated
3075
+ # by the AWS SDK.
3076
+ #
3077
+ # **A suitable default value is auto-generated.** You should normally
3078
+ # not need to pass this option.
3079
+ # @return [String]
3080
+ #
3081
+ # @!attribute [rw] cloud_trail_details
3082
+ # A `CloudTrailDetails` object that contains details about a `Trail`
3083
+ # that you want to analyze to generate policies.
3084
+ # @return [Types::CloudTrailDetails]
3085
+ #
3086
+ # @!attribute [rw] policy_generation_details
3087
+ # Contains the ARN of the IAM entity (user or role) for which you are
3088
+ # generating a policy.
3089
+ # @return [Types::PolicyGenerationDetails]
3090
+ #
3091
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartPolicyGenerationRequest AWS API Documentation
3092
+ #
3093
+ class StartPolicyGenerationRequest < Struct.new(
3094
+ :client_token,
3095
+ :cloud_trail_details,
3096
+ :policy_generation_details)
3097
+ SENSITIVE = []
3098
+ include Aws::Structure
3099
+ end
3100
+
3101
+ # @!attribute [rw] job_id
3102
+ # The `JobId` that is returned by the `StartPolicyGeneration`
3103
+ # operation. The `JobId` can be used with `GetGeneratedPolicy` to
3104
+ # retrieve the generated policies or used with
3105
+ # `CancelPolicyGeneration` to cancel the policy generation request.
3106
+ # @return [String]
3107
+ #
3108
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartPolicyGenerationResponse AWS API Documentation
3109
+ #
3110
+ class StartPolicyGenerationResponse < Struct.new(
3111
+ :job_id)
3112
+ SENSITIVE = []
3113
+ include Aws::Structure
3114
+ end
3115
+
2634
3116
  # Starts a scan of the policies applied to the specified resource.
2635
3117
  #
2636
3118
  # @note When making an API call, you may pass StartResourceScanRequest
@@ -2753,6 +3235,73 @@ module Aws::AccessAnalyzer
2753
3235
  include Aws::Structure
2754
3236
  end
2755
3237
 
3238
+ # Contains details about the CloudTrail trail being analyzed to generate
3239
+ # a policy.
3240
+ #
3241
+ # @note When making an API call, you may pass Trail
3242
+ # data as a hash:
3243
+ #
3244
+ # {
3245
+ # all_regions: false,
3246
+ # cloud_trail_arn: "CloudTrailArn", # required
3247
+ # regions: ["String"],
3248
+ # }
3249
+ #
3250
+ # @!attribute [rw] all_regions
3251
+ # Possible values are `true` or `false`. If set to `true`, Access
3252
+ # Analyzer retrieves CloudTrail data from all regions to analyze and
3253
+ # generate a policy.
3254
+ # @return [Boolean]
3255
+ #
3256
+ # @!attribute [rw] cloud_trail_arn
3257
+ # Specifies the ARN of the trail. The format of a trail ARN is
3258
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
3259
+ # @return [String]
3260
+ #
3261
+ # @!attribute [rw] regions
3262
+ # A list of regions to get CloudTrail data from and analyze to
3263
+ # generate a policy.
3264
+ # @return [Array<String>]
3265
+ #
3266
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Trail AWS API Documentation
3267
+ #
3268
+ class Trail < Struct.new(
3269
+ :all_regions,
3270
+ :cloud_trail_arn,
3271
+ :regions)
3272
+ SENSITIVE = []
3273
+ include Aws::Structure
3274
+ end
3275
+
3276
+ # Contains details about the CloudTrail trail being analyzed to generate
3277
+ # a policy.
3278
+ #
3279
+ # @!attribute [rw] all_regions
3280
+ # Possible values are `true` or `false`. If set to `true`, Access
3281
+ # Analyzer retrieves CloudTrail data from all regions to analyze and
3282
+ # generate a policy.
3283
+ # @return [Boolean]
3284
+ #
3285
+ # @!attribute [rw] cloud_trail_arn
3286
+ # Specifies the ARN of the trail. The format of a trail ARN is
3287
+ # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
3288
+ # @return [String]
3289
+ #
3290
+ # @!attribute [rw] regions
3291
+ # A list of regions to get CloudTrail data from and analyze to
3292
+ # generate a policy.
3293
+ # @return [Array<String>]
3294
+ #
3295
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/TrailProperties AWS API Documentation
3296
+ #
3297
+ class TrailProperties < Struct.new(
3298
+ :all_regions,
3299
+ :cloud_trail_arn,
3300
+ :regions)
3301
+ SENSITIVE = []
3302
+ include Aws::Structure
3303
+ end
3304
+
2756
3305
  # Removes a tag from the specified resource.
2757
3306
  #
2758
3307
  # @note When making an API call, you may pass UntagResourceRequest
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-accessanalyzer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.18.0
4
+ version: 1.19.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-16 00:00:00.000000000 Z
11
+ date: 2021-04-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -66,8 +66,8 @@ homepage: https://github.com/aws/aws-sdk-ruby
66
66
  licenses:
67
67
  - Apache-2.0
68
68
  metadata:
69
- source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sdk-accessanalyzer
70
- changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sdk-accessanalyzer/CHANGELOG.md
69
+ source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-accessanalyzer
70
+ changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-accessanalyzer/CHANGELOG.md
71
71
  post_install_message:
72
72
  rdoc_options: []
73
73
  require_paths: