aws-sdk-accessanalyzer 1.18.0 → 1.19.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 29ab0a18e5c2de22ef07a1640e09a6a252a2c3f4f360f84f9203644eb07ee9af
-  data.tar.gz: c89e9bbefa4e981c75ddd2d5888763b15900f4edcf8fe48f4c5615cc98245ca6
+  metadata.gz: 65e73ab7a1dc9196dbd04862d778b147a7a85a133e5b55e19b239927e8c70317
+  data.tar.gz: cf441dbf05279c1d793815de79c8dabe2825f5fea3bcda7a6fe3e4ed5ff2ed22
 SHA512:
-  metadata.gz: 69c525366ecdfa4c6832019200494e1eb4232cda4a5d1a9da77d0b855a2111a38b0de1111a2347f230826c3749ae55fdc27721b17e7909032949ea8994fcd026
-  data.tar.gz: 8337deadabd6b7472eb9efe02eff85dc9c207896374c320626043b381b88f52ade18fbc145444781e63773c777fbcdb7d3c34681dc57b214c5333bf598d34725
+  metadata.gz: 5bf9c8d758ae7fabcdc590f220ebf07b903e13ab5039b3d1c73c6a45e252d7024d157f4d2f9b7905a8fc3a578e5e8ea9e04873349017113f7a47a8806f8d8ab0
+  data.tar.gz: e9398114a1660d2750d9f1ae41ec96a30bc0ebbe0a14bb69f5700a8577777cbc90ffb49ee0bf4d4f7bf08532e11d1b21f60f6e72d676391d8fc30640bdd8915a

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.19.0 (2021-04-07)
+------------------
+
+* Feature - IAM Access Analyzer now analyzes your CloudTrail events to identify actions and services that have been used by an IAM entity (user or role) and generates an IAM policy that is based on that activity.
+
 1.18.0 (2021-03-16)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.18.0
+1.19.0

data/lib/aws-sdk-accessanalyzer.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-accessanalyzer/customizations'
 # @!group service
 module Aws::AccessAnalyzer
 
-  GEM_VERSION = '1.18.0'
+  GEM_VERSION = '1.19.0'
 
 end

data/lib/aws-sdk-accessanalyzer/client.rb

@@ -361,6 +361,31 @@ module Aws::AccessAnalyzer
       req.send_request(options)
     end
 
+    # Cancels the requested policy generation.
+    #
+    # @option params [required, String] :job_id
+    #   The `JobId` that is returned by the `StartPolicyGeneration` operation.
+    #   The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
+    #   generated policies or used with `CancelPolicyGeneration` to cancel the
+    #   policy generation request.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.cancel_policy_generation({
+    #     job_id: "JobId", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CancelPolicyGeneration AWS API Documentation
+    #
+    # @overload cancel_policy_generation(params = {})
+    # @param [Hash] params ({})
+    def cancel_policy_generation(params = {}, options = {})
+      req = build_request(:cancel_policy_generation, params)
+      req.send_request(options)
+    end
+
     # Creates an access preview that allows you to preview Access Analyzer
     # findings for your resource before deploying resource permissions.
     #
@@ -920,6 +945,72 @@ module Aws::AccessAnalyzer
       req.send_request(options)
     end
 
+    # Retrieves the policy that was generated using `StartPolicyGeneration`.
+    #
+    # @option params [Boolean] :include_resource_placeholders
+    #   The level of detail that you want to generate. You can specify whether
+    #   to generate policies with placeholders for resource ARNs for actions
+    #   that support resource level granularity in policies.
+    #
+    #   For example, in the resource section of a policy, you can receive a
+    #   placeholder such as `"Resource":"arn:aws:s3:::$\{BucketName\}"`
+    #   instead of `"*"`.
+    #
+    # @option params [Boolean] :include_service_level_template
+    #   The level of detail that you want to generate. You can specify whether
+    #   to generate service-level policies.
+    #
+    #   Access Analyzer uses `iam:servicelastaccessed` to identify services
+    #   that have been used recently to create this service-level template.
+    #
+    # @option params [required, String] :job_id
+    #   The `JobId` that is returned by the `StartPolicyGeneration` operation.
+    #   The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
+    #   generated policies or used with `CancelPolicyGeneration` to cancel the
+    #   policy generation request.
+    #
+    # @return [Types::GetGeneratedPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetGeneratedPolicyResponse#generated_policy_result #generated_policy_result} => Types::GeneratedPolicyResult
+    #   * {Types::GetGeneratedPolicyResponse#job_details #job_details} => Types::JobDetails
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_generated_policy({
+    #     include_resource_placeholders: false,
+    #     include_service_level_template: false,
+    #     job_id: "JobId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.generated_policy_result.generated_policies #=> Array
+    #   resp.generated_policy_result.generated_policies[0].policy #=> String
+    #   resp.generated_policy_result.properties.cloud_trail_properties.end_time #=> Time
+    #   resp.generated_policy_result.properties.cloud_trail_properties.start_time #=> Time
+    #   resp.generated_policy_result.properties.cloud_trail_properties.trail_properties #=> Array
+    #   resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].all_regions #=> Boolean
+    #   resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].cloud_trail_arn #=> String
+    #   resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions #=> Array
+    #   resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions[0] #=> String
+    #   resp.generated_policy_result.properties.is_complete #=> Boolean
+    #   resp.generated_policy_result.properties.principal_arn #=> String
+    #   resp.job_details.completed_on #=> Time
+    #   resp.job_details.job_error.code #=> String, one of "AUTHORIZATION_ERROR", "RESOURCE_NOT_FOUND_ERROR", "SERVICE_QUOTA_EXCEEDED_ERROR", "SERVICE_ERROR"
+    #   resp.job_details.job_error.message #=> String
+    #   resp.job_details.job_id #=> String
+    #   resp.job_details.started_on #=> Time
+    #   resp.job_details.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicy AWS API Documentation
+    #
+    # @overload get_generated_policy(params = {})
+    # @param [Hash] params ({})
+    def get_generated_policy(params = {}, options = {})
+      req = build_request(:get_generated_policy, params)
+      req.send_request(options)
+    end
+
     # Retrieves a list of access preview findings generated by the specified
     # access preview.
     #
@@ -1292,6 +1383,53 @@ module Aws::AccessAnalyzer
       req.send_request(options)
     end
 
+    # Lists all of the policy generations requested in the last seven days.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return in the response.
+    #
+    # @option params [String] :next_token
+    #   A token used for pagination of results returned.
+    #
+    # @option params [String] :principal_arn
+    #   The ARN of the IAM entity (user or role) for which you are generating
+    #   a policy. Use this with `ListGeneratedPolicies` to filter the results
+    #   to only include results for a specific principal.
+    #
+    # @return [Types::ListPolicyGenerationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListPolicyGenerationsResponse#next_token #next_token} => String
+    #   * {Types::ListPolicyGenerationsResponse#policy_generations #policy_generations} => Array<Types::PolicyGeneration>
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_policy_generations({
+    #     max_results: 1,
+    #     next_token: "Token",
+    #     principal_arn: "PrincipalArn",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.policy_generations #=> Array
+    #   resp.policy_generations[0].completed_on #=> Time
+    #   resp.policy_generations[0].job_id #=> String
+    #   resp.policy_generations[0].principal_arn #=> String
+    #   resp.policy_generations[0].started_on #=> Time
+    #   resp.policy_generations[0].status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerations AWS API Documentation
+    #
+    # @overload list_policy_generations(params = {})
+    # @param [Hash] params ({})
+    def list_policy_generations(params = {}, options = {})
+      req = build_request(:list_policy_generations, params)
+      req.send_request(options)
+    end
+
     # Retrieves a list of tags applied to the specified resource.
     #
     # @option params [required, String] :resource_arn
@@ -1321,6 +1459,68 @@ module Aws::AccessAnalyzer
       req.send_request(options)
     end
 
+    # Starts the policy generation request.
+    #
+    # @option params [String] :client_token
+    #   A unique, case-sensitive identifier that you provide to ensure the
+    #   idempotency of the request. Idempotency ensures that an API request
+    #   completes only once. With an idempotent request, if the original
+    #   request completes successfully, the subsequent retries with the same
+    #   client token return the result from the original successful request
+    #   and they have no additional effect.
+    #
+    #   If you do not specify a client token, one is automatically generated
+    #   by the AWS SDK.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @option params [Types::CloudTrailDetails] :cloud_trail_details
+    #   A `CloudTrailDetails` object that contains details about a `Trail`
+    #   that you want to analyze to generate policies.
+    #
+    # @option params [required, Types::PolicyGenerationDetails] :policy_generation_details
+    #   Contains the ARN of the IAM entity (user or role) for which you are
+    #   generating a policy.
+    #
+    # @return [Types::StartPolicyGenerationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::StartPolicyGenerationResponse#job_id #job_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.start_policy_generation({
+    #     client_token: "String",
+    #     cloud_trail_details: {
+    #       access_role: "RoleArn", # required
+    #       end_time: Time.now,
+    #       start_time: Time.now, # required
+    #       trails: [ # required
+    #         {
+    #           all_regions: false,
+    #           cloud_trail_arn: "CloudTrailArn", # required
+    #           regions: ["String"],
+    #         },
+    #       ],
+    #     },
+    #     policy_generation_details: { # required
+    #       principal_arn: "PrincipalArn", # required
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.job_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartPolicyGeneration AWS API Documentation
+    #
+    # @overload start_policy_generation(params = {})
+    # @param [Hash] params ({})
+    def start_policy_generation(params = {}, options = {})
+      req = build_request(:start_policy_generation, params)
+      req.send_request(options)
+    end
+
     # Immediately starts a scan of the policies applied to the specified
     # resource.
     #
@@ -1590,7 +1790,7 @@ module Aws::AccessAnalyzer
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-accessanalyzer'
-      context[:gem_version] = '1.18.0'
+      context[:gem_version] = '1.19.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-accessanalyzer/client_api.rb

@@ -42,6 +42,11 @@ module Aws::AccessAnalyzer
     ArchiveRuleSummary = Shapes::StructureShape.new(name: 'ArchiveRuleSummary')
     ArchiveRulesList = Shapes::ListShape.new(name: 'ArchiveRulesList')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
+    CancelPolicyGenerationRequest = Shapes::StructureShape.new(name: 'CancelPolicyGenerationRequest')
+    CancelPolicyGenerationResponse = Shapes::StructureShape.new(name: 'CancelPolicyGenerationResponse')
+    CloudTrailArn = Shapes::StringShape.new(name: 'CloudTrailArn')
+    CloudTrailDetails = Shapes::StructureShape.new(name: 'CloudTrailDetails')
+    CloudTrailProperties = Shapes::StructureShape.new(name: 'CloudTrailProperties')
     ConditionKeyMap = Shapes::MapShape.new(name: 'ConditionKeyMap')
     Configuration = Shapes::StructureShape.new(name: 'Configuration')
     ConfigurationsMap = Shapes::MapShape.new(name: 'ConfigurationsMap')
@@ -68,6 +73,10 @@ module Aws::AccessAnalyzer
     FindingStatusUpdate = Shapes::StringShape.new(name: 'FindingStatusUpdate')
     FindingSummary = Shapes::StructureShape.new(name: 'FindingSummary')
     FindingsList = Shapes::ListShape.new(name: 'FindingsList')
+    GeneratedPolicy = Shapes::StructureShape.new(name: 'GeneratedPolicy')
+    GeneratedPolicyList = Shapes::ListShape.new(name: 'GeneratedPolicyList')
+    GeneratedPolicyProperties = Shapes::StructureShape.new(name: 'GeneratedPolicyProperties')
+    GeneratedPolicyResult = Shapes::StructureShape.new(name: 'GeneratedPolicyResult')
     GetAccessPreviewRequest = Shapes::StructureShape.new(name: 'GetAccessPreviewRequest')
     GetAccessPreviewResponse = Shapes::StructureShape.new(name: 'GetAccessPreviewResponse')
     GetAnalyzedResourceRequest = Shapes::StructureShape.new(name: 'GetAnalyzedResourceRequest')
@@ -78,6 +87,8 @@ module Aws::AccessAnalyzer
     GetArchiveRuleResponse = Shapes::StructureShape.new(name: 'GetArchiveRuleResponse')
     GetFindingRequest = Shapes::StructureShape.new(name: 'GetFindingRequest')
     GetFindingResponse = Shapes::StructureShape.new(name: 'GetFindingResponse')
+    GetGeneratedPolicyRequest = Shapes::StructureShape.new(name: 'GetGeneratedPolicyRequest')
+    GetGeneratedPolicyResponse = Shapes::StructureShape.new(name: 'GetGeneratedPolicyResponse')
     GranteePrincipal = Shapes::StringShape.new(name: 'GranteePrincipal')
     IamRoleConfiguration = Shapes::StructureShape.new(name: 'IamRoleConfiguration')
     IamTrustPolicy = Shapes::StringShape.new(name: 'IamTrustPolicy')
@@ -88,6 +99,11 @@ module Aws::AccessAnalyzer
     InternetConfiguration = Shapes::StructureShape.new(name: 'InternetConfiguration')
     IssueCode = Shapes::StringShape.new(name: 'IssueCode')
     IssuingAccount = Shapes::StringShape.new(name: 'IssuingAccount')
+    JobDetails = Shapes::StructureShape.new(name: 'JobDetails')
+    JobError = Shapes::StructureShape.new(name: 'JobError')
+    JobErrorCode = Shapes::StringShape.new(name: 'JobErrorCode')
+    JobId = Shapes::StringShape.new(name: 'JobId')
+    JobStatus = Shapes::StringShape.new(name: 'JobStatus')
     KmsConstraintsKey = Shapes::StringShape.new(name: 'KmsConstraintsKey')
     KmsConstraintsMap = Shapes::MapShape.new(name: 'KmsConstraintsMap')
     KmsConstraintsValue = Shapes::StringShape.new(name: 'KmsConstraintsValue')
@@ -112,6 +128,9 @@ module Aws::AccessAnalyzer
     ListArchiveRulesResponse = Shapes::StructureShape.new(name: 'ListArchiveRulesResponse')
     ListFindingsRequest = Shapes::StructureShape.new(name: 'ListFindingsRequest')
     ListFindingsResponse = Shapes::StructureShape.new(name: 'ListFindingsResponse')
+    ListPolicyGenerationsRequest = Shapes::StructureShape.new(name: 'ListPolicyGenerationsRequest')
+    ListPolicyGenerationsRequestMaxResultsInteger = Shapes::IntegerShape.new(name: 'ListPolicyGenerationsRequestMaxResultsInteger')
+    ListPolicyGenerationsResponse = Shapes::StructureShape.new(name: 'ListPolicyGenerationsResponse')
     ListTagsForResourceRequest = Shapes::StructureShape.new(name: 'ListTagsForResourceRequest')
     ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
     Locale = Shapes::StringShape.new(name: 'Locale')
@@ -123,15 +142,21 @@ module Aws::AccessAnalyzer
     PathElement = Shapes::StructureShape.new(name: 'PathElement')
     PathElementList = Shapes::ListShape.new(name: 'PathElementList')
     PolicyDocument = Shapes::StringShape.new(name: 'PolicyDocument')
+    PolicyGeneration = Shapes::StructureShape.new(name: 'PolicyGeneration')
+    PolicyGenerationDetails = Shapes::StructureShape.new(name: 'PolicyGenerationDetails')
+    PolicyGenerationList = Shapes::ListShape.new(name: 'PolicyGenerationList')
     PolicyName = Shapes::StringShape.new(name: 'PolicyName')
     PolicyType = Shapes::StringShape.new(name: 'PolicyType')
     Position = Shapes::StructureShape.new(name: 'Position')
+    PrincipalArn = Shapes::StringShape.new(name: 'PrincipalArn')
     PrincipalMap = Shapes::MapShape.new(name: 'PrincipalMap')
     ReasonCode = Shapes::StringShape.new(name: 'ReasonCode')
+    RegionList = Shapes::ListShape.new(name: 'RegionList')
     ResourceArn = Shapes::StringShape.new(name: 'ResourceArn')
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
     ResourceType = Shapes::StringShape.new(name: 'ResourceType')
     RetiringPrincipal = Shapes::StringShape.new(name: 'RetiringPrincipal')
+    RoleArn = Shapes::StringShape.new(name: 'RoleArn')
     S3AccessPointConfiguration = Shapes::StructureShape.new(name: 'S3AccessPointConfiguration')
     S3AccessPointConfigurationsMap = Shapes::MapShape.new(name: 'S3AccessPointConfigurationsMap')
     S3BucketAclGrantConfiguration = Shapes::StructureShape.new(name: 'S3BucketAclGrantConfiguration')
@@ -148,6 +173,8 @@ module Aws::AccessAnalyzer
     Span = Shapes::StructureShape.new(name: 'Span')
     SqsQueueConfiguration = Shapes::StructureShape.new(name: 'SqsQueueConfiguration')
     SqsQueuePolicy = Shapes::StringShape.new(name: 'SqsQueuePolicy')
+    StartPolicyGenerationRequest = Shapes::StructureShape.new(name: 'StartPolicyGenerationRequest')
+    StartPolicyGenerationResponse = Shapes::StructureShape.new(name: 'StartPolicyGenerationResponse')
     StartResourceScanRequest = Shapes::StructureShape.new(name: 'StartResourceScanRequest')
     StatusReason = Shapes::StructureShape.new(name: 'StatusReason')
     String = Shapes::StringShape.new(name: 'String')
@@ -159,6 +186,10 @@ module Aws::AccessAnalyzer
     ThrottlingException = Shapes::StructureShape.new(name: 'ThrottlingException')
     Timestamp = Shapes::TimestampShape.new(name: 'Timestamp', timestampFormat: "iso8601")
     Token = Shapes::StringShape.new(name: 'Token')
+    Trail = Shapes::StructureShape.new(name: 'Trail')
+    TrailList = Shapes::ListShape.new(name: 'TrailList')
+    TrailProperties = Shapes::StructureShape.new(name: 'TrailProperties')
+    TrailPropertiesList = Shapes::ListShape.new(name: 'TrailPropertiesList')
     Type = Shapes::StringShape.new(name: 'Type')
     UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
     UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
@@ -271,6 +302,22 @@ module Aws::AccessAnalyzer
 
     ArchiveRulesList.member = Shapes::ShapeRef.new(shape: ArchiveRuleSummary)
 
+    CancelPolicyGenerationRequest.add_member(:job_id, Shapes::ShapeRef.new(shape: JobId, required: true, location: "uri", location_name: "jobId"))
+    CancelPolicyGenerationRequest.struct_class = Types::CancelPolicyGenerationRequest
+
+    CancelPolicyGenerationResponse.struct_class = Types::CancelPolicyGenerationResponse
+
+    CloudTrailDetails.add_member(:access_role, Shapes::ShapeRef.new(shape: RoleArn, required: true, location_name: "accessRole"))
+    CloudTrailDetails.add_member(:end_time, Shapes::ShapeRef.new(shape: Timestamp, location_name: "endTime"))
+    CloudTrailDetails.add_member(:start_time, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "startTime"))
+    CloudTrailDetails.add_member(:trails, Shapes::ShapeRef.new(shape: TrailList, required: true, location_name: "trails"))
+    CloudTrailDetails.struct_class = Types::CloudTrailDetails
+
+    CloudTrailProperties.add_member(:end_time, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "endTime"))
+    CloudTrailProperties.add_member(:start_time, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "startTime"))
+    CloudTrailProperties.add_member(:trail_properties, Shapes::ShapeRef.new(shape: TrailPropertiesList, required: true, location_name: "trailProperties"))
+    CloudTrailProperties.struct_class = Types::CloudTrailProperties
+
     ConditionKeyMap.key = Shapes::ShapeRef.new(shape: String)
     ConditionKeyMap.value = Shapes::ShapeRef.new(shape: String)
 
@@ -376,6 +423,20 @@ module Aws::AccessAnalyzer
 
     FindingsList.member = Shapes::ShapeRef.new(shape: FindingSummary)
 
+    GeneratedPolicy.add_member(:policy, Shapes::ShapeRef.new(shape: String, required: true, location_name: "policy"))
+    GeneratedPolicy.struct_class = Types::GeneratedPolicy
+
+    GeneratedPolicyList.member = Shapes::ShapeRef.new(shape: GeneratedPolicy)
+
+    GeneratedPolicyProperties.add_member(:cloud_trail_properties, Shapes::ShapeRef.new(shape: CloudTrailProperties, location_name: "cloudTrailProperties"))
+    GeneratedPolicyProperties.add_member(:is_complete, Shapes::ShapeRef.new(shape: Boolean, location_name: "isComplete"))
+    GeneratedPolicyProperties.add_member(:principal_arn, Shapes::ShapeRef.new(shape: PrincipalArn, required: true, location_name: "principalArn"))
+    GeneratedPolicyProperties.struct_class = Types::GeneratedPolicyProperties
+
+    GeneratedPolicyResult.add_member(:generated_policies, Shapes::ShapeRef.new(shape: GeneratedPolicyList, location_name: "generatedPolicies"))
+    GeneratedPolicyResult.add_member(:properties, Shapes::ShapeRef.new(shape: GeneratedPolicyProperties, required: true, location_name: "properties"))
+    GeneratedPolicyResult.struct_class = Types::GeneratedPolicyResult
+
     GetAccessPreviewRequest.add_member(:access_preview_id, Shapes::ShapeRef.new(shape: AccessPreviewId, required: true, location: "uri", location_name: "accessPreviewId"))
     GetAccessPreviewRequest.add_member(:analyzer_arn, Shapes::ShapeRef.new(shape: AnalyzerArn, required: true, location: "querystring", location_name: "analyzerArn"))
     GetAccessPreviewRequest.struct_class = Types::GetAccessPreviewRequest
@@ -410,6 +471,15 @@ module Aws::AccessAnalyzer
     GetFindingResponse.add_member(:finding, Shapes::ShapeRef.new(shape: Finding, location_name: "finding"))
     GetFindingResponse.struct_class = Types::GetFindingResponse
 
+    GetGeneratedPolicyRequest.add_member(:include_resource_placeholders, Shapes::ShapeRef.new(shape: Boolean, location: "querystring", location_name: "includeResourcePlaceholders"))
+    GetGeneratedPolicyRequest.add_member(:include_service_level_template, Shapes::ShapeRef.new(shape: Boolean, location: "querystring", location_name: "includeServiceLevelTemplate"))
+    GetGeneratedPolicyRequest.add_member(:job_id, Shapes::ShapeRef.new(shape: JobId, required: true, location: "uri", location_name: "jobId"))
+    GetGeneratedPolicyRequest.struct_class = Types::GetGeneratedPolicyRequest
+
+    GetGeneratedPolicyResponse.add_member(:generated_policy_result, Shapes::ShapeRef.new(shape: GeneratedPolicyResult, required: true, location_name: "generatedPolicyResult"))
+    GetGeneratedPolicyResponse.add_member(:job_details, Shapes::ShapeRef.new(shape: JobDetails, required: true, location_name: "jobDetails"))
+    GetGeneratedPolicyResponse.struct_class = Types::GetGeneratedPolicyResponse
+
     IamRoleConfiguration.add_member(:trust_policy, Shapes::ShapeRef.new(shape: IamTrustPolicy, location_name: "trustPolicy"))
     IamRoleConfiguration.struct_class = Types::IamRoleConfiguration
 
@@ -425,6 +495,17 @@ module Aws::AccessAnalyzer
 
     InternetConfiguration.struct_class = Types::InternetConfiguration
 
+    JobDetails.add_member(:completed_on, Shapes::ShapeRef.new(shape: Timestamp, location_name: "completedOn"))
+    JobDetails.add_member(:job_error, Shapes::ShapeRef.new(shape: JobError, location_name: "jobError"))
+    JobDetails.add_member(:job_id, Shapes::ShapeRef.new(shape: JobId, required: true, location_name: "jobId"))
+    JobDetails.add_member(:started_on, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "startedOn"))
+    JobDetails.add_member(:status, Shapes::ShapeRef.new(shape: JobStatus, required: true, location_name: "status"))
+    JobDetails.struct_class = Types::JobDetails
+
+    JobError.add_member(:code, Shapes::ShapeRef.new(shape: JobErrorCode, required: true, location_name: "code"))
+    JobError.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
+    JobError.struct_class = Types::JobError
+
     KmsConstraintsMap.key = Shapes::ShapeRef.new(shape: KmsConstraintsKey)
     KmsConstraintsMap.value = Shapes::ShapeRef.new(shape: KmsConstraintsValue)
 
@@ -509,6 +590,15 @@ module Aws::AccessAnalyzer
     ListFindingsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location_name: "nextToken"))
     ListFindingsResponse.struct_class = Types::ListFindingsResponse
 
+    ListPolicyGenerationsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: ListPolicyGenerationsRequestMaxResultsInteger, location: "querystring", location_name: "maxResults"))
+    ListPolicyGenerationsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location: "querystring", location_name: "nextToken"))
+    ListPolicyGenerationsRequest.add_member(:principal_arn, Shapes::ShapeRef.new(shape: PrincipalArn, location: "querystring", location_name: "principalArn"))
+    ListPolicyGenerationsRequest.struct_class = Types::ListPolicyGenerationsRequest
+
+    ListPolicyGenerationsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location_name: "nextToken"))
+    ListPolicyGenerationsResponse.add_member(:policy_generations, Shapes::ShapeRef.new(shape: PolicyGenerationList, required: true, location_name: "policyGenerations"))
+    ListPolicyGenerationsResponse.struct_class = Types::ListPolicyGenerationsResponse
+
     ListTagsForResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "resourceArn"))
     ListTagsForResourceRequest.struct_class = Types::ListTagsForResourceRequest
 
@@ -533,6 +623,18 @@ module Aws::AccessAnalyzer
 
     PathElementList.member = Shapes::ShapeRef.new(shape: PathElement)
 
+    PolicyGeneration.add_member(:completed_on, Shapes::ShapeRef.new(shape: Timestamp, location_name: "completedOn"))
+    PolicyGeneration.add_member(:job_id, Shapes::ShapeRef.new(shape: JobId, required: true, location_name: "jobId"))
+    PolicyGeneration.add_member(:principal_arn, Shapes::ShapeRef.new(shape: PrincipalArn, required: true, location_name: "principalArn"))
+    PolicyGeneration.add_member(:started_on, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "startedOn"))
+    PolicyGeneration.add_member(:status, Shapes::ShapeRef.new(shape: JobStatus, required: true, location_name: "status"))
+    PolicyGeneration.struct_class = Types::PolicyGeneration
+
+    PolicyGenerationDetails.add_member(:principal_arn, Shapes::ShapeRef.new(shape: PrincipalArn, required: true, location_name: "principalArn"))
+    PolicyGenerationDetails.struct_class = Types::PolicyGenerationDetails
+
+    PolicyGenerationList.member = Shapes::ShapeRef.new(shape: PolicyGeneration)
+
     Position.add_member(:column, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "column"))
     Position.add_member(:line, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "line"))
     Position.add_member(:offset, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "offset"))
@@ -541,6 +643,8 @@ module Aws::AccessAnalyzer
     PrincipalMap.key = Shapes::ShapeRef.new(shape: String)
     PrincipalMap.value = Shapes::ShapeRef.new(shape: String)
 
+    RegionList.member = Shapes::ShapeRef.new(shape: String)
+
     ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     ResourceNotFoundException.add_member(:resource_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "resourceId"))
     ResourceNotFoundException.add_member(:resource_type, Shapes::ShapeRef.new(shape: String, required: true, location_name: "resourceType"))
@@ -592,6 +696,14 @@ module Aws::AccessAnalyzer
     SqsQueueConfiguration.add_member(:queue_policy, Shapes::ShapeRef.new(shape: SqsQueuePolicy, location_name: "queuePolicy"))
     SqsQueueConfiguration.struct_class = Types::SqsQueueConfiguration
 
+    StartPolicyGenerationRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: String, location_name: "clientToken", metadata: {"idempotencyToken"=>true}))
+    StartPolicyGenerationRequest.add_member(:cloud_trail_details, Shapes::ShapeRef.new(shape: CloudTrailDetails, location_name: "cloudTrailDetails"))
+    StartPolicyGenerationRequest.add_member(:policy_generation_details, Shapes::ShapeRef.new(shape: PolicyGenerationDetails, required: true, location_name: "policyGenerationDetails"))
+    StartPolicyGenerationRequest.struct_class = Types::StartPolicyGenerationRequest
+
+    StartPolicyGenerationResponse.add_member(:job_id, Shapes::ShapeRef.new(shape: JobId, required: true, location_name: "jobId"))
+    StartPolicyGenerationResponse.struct_class = Types::StartPolicyGenerationResponse
+
     StartResourceScanRequest.add_member(:analyzer_arn, Shapes::ShapeRef.new(shape: AnalyzerArn, required: true, location_name: "analyzerArn"))
     StartResourceScanRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "resourceArn"))
     StartResourceScanRequest.struct_class = Types::StartResourceScanRequest
@@ -618,6 +730,20 @@ module Aws::AccessAnalyzer
     ThrottlingException.add_member(:retry_after_seconds, Shapes::ShapeRef.new(shape: Integer, location: "header", location_name: "Retry-After"))
     ThrottlingException.struct_class = Types::ThrottlingException
 
+    Trail.add_member(:all_regions, Shapes::ShapeRef.new(shape: Boolean, location_name: "allRegions"))
+    Trail.add_member(:cloud_trail_arn, Shapes::ShapeRef.new(shape: CloudTrailArn, required: true, location_name: "cloudTrailArn"))
+    Trail.add_member(:regions, Shapes::ShapeRef.new(shape: RegionList, location_name: "regions"))
+    Trail.struct_class = Types::Trail
+
+    TrailList.member = Shapes::ShapeRef.new(shape: Trail)
+
+    TrailProperties.add_member(:all_regions, Shapes::ShapeRef.new(shape: Boolean, location_name: "allRegions"))
+    TrailProperties.add_member(:cloud_trail_arn, Shapes::ShapeRef.new(shape: CloudTrailArn, required: true, location_name: "cloudTrailArn"))
+    TrailProperties.add_member(:regions, Shapes::ShapeRef.new(shape: RegionList, location_name: "regions"))
+    TrailProperties.struct_class = Types::TrailProperties
+
+    TrailPropertiesList.member = Shapes::ShapeRef.new(shape: TrailProperties)
+
     UntagResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "resourceArn"))
     UntagResourceRequest.add_member(:tag_keys, Shapes::ShapeRef.new(shape: TagKeys, required: true, location: "querystring", location_name: "tagKeys"))
     UntagResourceRequest.struct_class = Types::UntagResourceRequest
@@ -704,6 +830,18 @@ module Aws::AccessAnalyzer
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
 
+      api.add_operation(:cancel_policy_generation, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "CancelPolicyGeneration"
+        o.http_method = "PUT"
+        o.http_request_uri = "/policy/generation/{jobId}"
+        o.input = Shapes::ShapeRef.new(shape: CancelPolicyGenerationRequest)
+        o.output = Shapes::ShapeRef.new(shape: CancelPolicyGenerationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+      end)
+
       api.add_operation(:create_access_preview, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreateAccessPreview"
         o.http_method = "PUT"
@@ -839,6 +977,18 @@ module Aws::AccessAnalyzer
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
 
+      api.add_operation(:get_generated_policy, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetGeneratedPolicy"
+        o.http_method = "GET"
+        o.http_request_uri = "/policy/generation/{jobId}"
+        o.input = Shapes::ShapeRef.new(shape: GetGeneratedPolicyRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetGeneratedPolicyResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+      end)
+
       api.add_operation(:list_access_preview_findings, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListAccessPreviewFindings"
         o.http_method = "POST"
@@ -952,6 +1102,24 @@ module Aws::AccessAnalyzer
         )
       end)
 
+      api.add_operation(:list_policy_generations, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListPolicyGenerations"
+        o.http_method = "GET"
+        o.http_request_uri = "/policy/generation"
+        o.input = Shapes::ShapeRef.new(shape: ListPolicyGenerationsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListPolicyGenerationsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
+
       api.add_operation(:list_tags_for_resource, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListTagsForResource"
         o.http_method = "GET"
@@ -965,6 +1133,20 @@ module Aws::AccessAnalyzer
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
 
+      api.add_operation(:start_policy_generation, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "StartPolicyGeneration"
+        o.http_method = "PUT"
+        o.http_request_uri = "/policy/generation"
+        o.input = Shapes::ShapeRef.new(shape: StartPolicyGenerationRequest)
+        o.output = Shapes::ShapeRef.new(shape: StartPolicyGenerationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+      end)
+
       api.add_operation(:start_resource_scan, Seahorse::Model::Operation.new.tap do |o|
         o.name = "StartResourceScan"
         o.http_method = "POST"

data/lib/aws-sdk-accessanalyzer/types.rb

@@ -506,6 +506,113 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass CancelPolicyGenerationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         job_id: "JobId", # required
+    #       }
+    #
+    # @!attribute [rw] job_id
+    #   The `JobId` that is returned by the `StartPolicyGeneration`
+    #   operation. The `JobId` can be used with `GetGeneratedPolicy` to
+    #   retrieve the generated policies or used with
+    #   `CancelPolicyGeneration` to cancel the policy generation request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CancelPolicyGenerationRequest AWS API Documentation
+    #
+    class CancelPolicyGenerationRequest < Struct.new(
+      :job_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CancelPolicyGenerationResponse AWS API Documentation
+    #
+    class CancelPolicyGenerationResponse < Aws::EmptyStructure; end
+
+    # Contains information about CloudTrail access.
+    #
+    # @note When making an API call, you may pass CloudTrailDetails
+    #   data as a hash:
+    #
+    #       {
+    #         access_role: "RoleArn", # required
+    #         end_time: Time.now,
+    #         start_time: Time.now, # required
+    #         trails: [ # required
+    #           {
+    #             all_regions: false,
+    #             cloud_trail_arn: "CloudTrailArn", # required
+    #             regions: ["String"],
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] access_role
+    #   The ARN of the service role that Access Analyzer uses to access your
+    #   CloudTrail trail and service last accessed information.
+    #   @return [String]
+    #
+    # @!attribute [rw] end_time
+    #   The end of the time range for which Access Analyzer reviews your
+    #   CloudTrail events. Events with a timestamp after this time are not
+    #   considered to generate a policy. If this is not included in the
+    #   request, the default value is the current time.
+    #   @return [Time]
+    #
+    # @!attribute [rw] start_time
+    #   The start of the time range for which Access Analyzer reviews your
+    #   CloudTrail events. Events with a timestamp before this time are not
+    #   considered to generate a policy.
+    #   @return [Time]
+    #
+    # @!attribute [rw] trails
+    #   A `Trail` object that contains settings for a trail.
+    #   @return [Array<Types::Trail>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CloudTrailDetails AWS API Documentation
+    #
+    class CloudTrailDetails < Struct.new(
+      :access_role,
+      :end_time,
+      :start_time,
+      :trails)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about CloudTrail access.
+    #
+    # @!attribute [rw] end_time
+    #   The end of the time range for which Access Analyzer reviews your
+    #   CloudTrail events. Events with a timestamp after this time are not
+    #   considered to generate a policy. If this is not included in the
+    #   request, the default value is the current time.
+    #   @return [Time]
+    #
+    # @!attribute [rw] start_time
+    #   The start of the time range for which Access Analyzer reviews your
+    #   CloudTrail events. Events with a timestamp before this time are not
+    #   considered to generate a policy.
+    #   @return [Time]
+    #
+    # @!attribute [rw] trail_properties
+    #   A `TrailProperties` object that contains settings for trail
+    #   properties.
+    #   @return [Array<Types::TrailProperties>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CloudTrailProperties AWS API Documentation
+    #
+    class CloudTrailProperties < Struct.new(
+      :end_time,
+      :start_time,
+      :trail_properties)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Access control configuration structures for your resource. You specify
     # the configuration as a type-value pair. You can specify only one type
     # of access control configuration.
@@ -1204,6 +1311,77 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # Contains the text for the generated policy.
+    #
+    # @!attribute [rw] policy
+    #   The text to use as the content for the new policy. The policy is
+    #   created using the [CreatePolicy][1] action.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicy AWS API Documentation
+    #
+    class GeneratedPolicy < Struct.new(
+      :policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains the generated policy details.
+    #
+    # @!attribute [rw] cloud_trail_properties
+    #   Lists details about the `Trail` used to generated policy.
+    #   @return [Types::CloudTrailProperties]
+    #
+    # @!attribute [rw] is_complete
+    #   This value is set to `true` if the generated policy contains all
+    #   possible actions for a service that Access Analyzer identified from
+    #   the CloudTrail trail that you specified, and `false` otherwise.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] principal_arn
+    #   The ARN of the IAM entity (user or role) for which you are
+    #   generating a policy.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicyProperties AWS API Documentation
+    #
+    class GeneratedPolicyProperties < Struct.new(
+      :cloud_trail_properties,
+      :is_complete,
+      :principal_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains the text for the generated policy and its details.
+    #
+    # @!attribute [rw] generated_policies
+    #   The text to use as the content for the new policy. The policy is
+    #   created using the [CreatePolicy][1] action.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
+    #   @return [Array<Types::GeneratedPolicy>]
+    #
+    # @!attribute [rw] properties
+    #   A `GeneratedPolicyProperties` object that contains properties of the
+    #   generated policy.
+    #   @return [Types::GeneratedPolicyProperties]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicyResult AWS API Documentation
+    #
+    class GeneratedPolicyResult < Struct.new(
+      :generated_policies,
+      :properties)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetAccessPreviewRequest
     #   data as a hash:
     #
@@ -1413,6 +1591,69 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetGeneratedPolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         include_resource_placeholders: false,
+    #         include_service_level_template: false,
+    #         job_id: "JobId", # required
+    #       }
+    #
+    # @!attribute [rw] include_resource_placeholders
+    #   The level of detail that you want to generate. You can specify
+    #   whether to generate policies with placeholders for resource ARNs for
+    #   actions that support resource level granularity in policies.
+    #
+    #   For example, in the resource section of a policy, you can receive a
+    #   placeholder such as `"Resource":"arn:aws:s3:::$\{BucketName\}"`
+    #   instead of `"*"`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] include_service_level_template
+    #   The level of detail that you want to generate. You can specify
+    #   whether to generate service-level policies.
+    #
+    #   Access Analyzer uses `iam:servicelastaccessed` to identify services
+    #   that have been used recently to create this service-level template.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] job_id
+    #   The `JobId` that is returned by the `StartPolicyGeneration`
+    #   operation. The `JobId` can be used with `GetGeneratedPolicy` to
+    #   retrieve the generated policies or used with
+    #   `CancelPolicyGeneration` to cancel the policy generation request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicyRequest AWS API Documentation
+    #
+    class GetGeneratedPolicyRequest < Struct.new(
+      :include_resource_placeholders,
+      :include_service_level_template,
+      :job_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] generated_policy_result
+    #   A `GeneratedPolicyResult` object that contains the generated
+    #   policies and associated details.
+    #   @return [Types::GeneratedPolicyResult]
+    #
+    # @!attribute [rw] job_details
+    #   A `GeneratedPolicyDetails` object that contains details about the
+    #   generated policy.
+    #   @return [Types::JobDetails]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicyResponse AWS API Documentation
+    #
+    class GetGeneratedPolicyResponse < Struct.new(
+      :generated_policy_result,
+      :job_details)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The proposed access control configuration for an IAM role. You can
     # propose a configuration for a new IAM role or an existing IAM role
     # that you own by specifying the trust policy. If the configuration is
@@ -1508,6 +1749,63 @@ module Aws::AccessAnalyzer
     #
     class InternetConfiguration < Aws::EmptyStructure; end
 
+    # Contains details about the policy generation request.
+    #
+    # @!attribute [rw] completed_on
+    #   A timestamp of when the job was completed.
+    #   @return [Time]
+    #
+    # @!attribute [rw] job_error
+    #   Contains the details about the policy generation error.
+    #   @return [Types::JobError]
+    #
+    # @!attribute [rw] job_id
+    #   The `JobId` that is returned by the `StartPolicyGeneration`
+    #   operation. The `JobId` can be used with `GetGeneratedPolicy` to
+    #   retrieve the generated policies or used with
+    #   `CancelPolicyGeneration` to cancel the policy generation request.
+    #   @return [String]
+    #
+    # @!attribute [rw] started_on
+    #   A timestamp of when the job was started.
+    #   @return [Time]
+    #
+    # @!attribute [rw] status
+    #   The status of the job request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/JobDetails AWS API Documentation
+    #
+    class JobDetails < Struct.new(
+      :completed_on,
+      :job_error,
+      :job_id,
+      :started_on,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains the details about the policy generation error.
+    #
+    # @!attribute [rw] code
+    #   The job error code.
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   Specific information about the error. For example, which service
+    #   quota was exceeded or which resource was not found.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/JobError AWS API Documentation
+    #
+    class JobError < Struct.new(
+      :code,
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A proposed grant configuration for a KMS key. For more information,
     # see [CreateGrant][1].
     #
@@ -2076,6 +2374,57 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListPolicyGenerationsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         max_results: 1,
+    #         next_token: "Token",
+    #         principal_arn: "PrincipalArn",
+    #       }
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results to return in the response.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   A token used for pagination of results returned.
+    #   @return [String]
+    #
+    # @!attribute [rw] principal_arn
+    #   The ARN of the IAM entity (user or role) for which you are
+    #   generating a policy. Use this with `ListGeneratedPolicies` to filter
+    #   the results to only include results for a specific principal.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerationsRequest AWS API Documentation
+    #
+    class ListPolicyGenerationsRequest < Struct.new(
+      :max_results,
+      :next_token,
+      :principal_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_token
+    #   A token used for pagination of results returned.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_generations
+    #   A `PolicyGeneration` object that contains details about the
+    #   generated policy.
+    #   @return [Array<Types::PolicyGeneration>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerationsResponse AWS API Documentation
+    #
+    class ListPolicyGenerationsResponse < Struct.new(
+      :next_token,
+      :policy_generations)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Retrieves a list of tags applied to the specified resource.
     #
     # @note When making an API call, you may pass ListTagsForResourceRequest
@@ -2207,6 +2556,67 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # Contains details about the policy generation status and properties.
+    #
+    # @!attribute [rw] completed_on
+    #   A timestamp of when the policy generation was completed.
+    #   @return [Time]
+    #
+    # @!attribute [rw] job_id
+    #   The `JobId` that is returned by the `StartPolicyGeneration`
+    #   operation. The `JobId` can be used with `GetGeneratedPolicy` to
+    #   retrieve the generated policies or used with
+    #   `CancelPolicyGeneration` to cancel the policy generation request.
+    #   @return [String]
+    #
+    # @!attribute [rw] principal_arn
+    #   The ARN of the IAM entity (user or role) for which you are
+    #   generating a policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] started_on
+    #   A timestamp of when the policy generation started.
+    #   @return [Time]
+    #
+    # @!attribute [rw] status
+    #   The status of the policy generation request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/PolicyGeneration AWS API Documentation
+    #
+    class PolicyGeneration < Struct.new(
+      :completed_on,
+      :job_id,
+      :principal_arn,
+      :started_on,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains the ARN details about the IAM entity for which the policy is
+    # generated.
+    #
+    # @note When making an API call, you may pass PolicyGenerationDetails
+    #   data as a hash:
+    #
+    #       {
+    #         principal_arn: "PrincipalArn", # required
+    #       }
+    #
+    # @!attribute [rw] principal_arn
+    #   The ARN of the IAM entity (user or role) for which you are
+    #   generating a policy.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/PolicyGenerationDetails AWS API Documentation
+    #
+    class PolicyGenerationDetails < Struct.new(
+      :principal_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A position in a policy.
     #
     # @!attribute [rw] column
@@ -2631,6 +3041,78 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass StartPolicyGenerationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         client_token: "String",
+    #         cloud_trail_details: {
+    #           access_role: "RoleArn", # required
+    #           end_time: Time.now,
+    #           start_time: Time.now, # required
+    #           trails: [ # required
+    #             {
+    #               all_regions: false,
+    #               cloud_trail_arn: "CloudTrailArn", # required
+    #               regions: ["String"],
+    #             },
+    #           ],
+    #         },
+    #         policy_generation_details: { # required
+    #           principal_arn: "PrincipalArn", # required
+    #         },
+    #       }
+    #
+    # @!attribute [rw] client_token
+    #   A unique, case-sensitive identifier that you provide to ensure the
+    #   idempotency of the request. Idempotency ensures that an API request
+    #   completes only once. With an idempotent request, if the original
+    #   request completes successfully, the subsequent retries with the same
+    #   client token return the result from the original successful request
+    #   and they have no additional effect.
+    #
+    #   If you do not specify a client token, one is automatically generated
+    #   by the AWS SDK.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    # @!attribute [rw] cloud_trail_details
+    #   A `CloudTrailDetails` object that contains details about a `Trail`
+    #   that you want to analyze to generate policies.
+    #   @return [Types::CloudTrailDetails]
+    #
+    # @!attribute [rw] policy_generation_details
+    #   Contains the ARN of the IAM entity (user or role) for which you are
+    #   generating a policy.
+    #   @return [Types::PolicyGenerationDetails]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartPolicyGenerationRequest AWS API Documentation
+    #
+    class StartPolicyGenerationRequest < Struct.new(
+      :client_token,
+      :cloud_trail_details,
+      :policy_generation_details)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] job_id
+    #   The `JobId` that is returned by the `StartPolicyGeneration`
+    #   operation. The `JobId` can be used with `GetGeneratedPolicy` to
+    #   retrieve the generated policies or used with
+    #   `CancelPolicyGeneration` to cancel the policy generation request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartPolicyGenerationResponse AWS API Documentation
+    #
+    class StartPolicyGenerationResponse < Struct.new(
+      :job_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Starts a scan of the policies applied to the specified resource.
     #
     # @note When making an API call, you may pass StartResourceScanRequest
@@ -2753,6 +3235,73 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # Contains details about the CloudTrail trail being analyzed to generate
+    # a policy.
+    #
+    # @note When making an API call, you may pass Trail
+    #   data as a hash:
+    #
+    #       {
+    #         all_regions: false,
+    #         cloud_trail_arn: "CloudTrailArn", # required
+    #         regions: ["String"],
+    #       }
+    #
+    # @!attribute [rw] all_regions
+    #   Possible values are `true` or `false`. If set to `true`, Access
+    #   Analyzer retrieves CloudTrail data from all regions to analyze and
+    #   generate a policy.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] cloud_trail_arn
+    #   Specifies the ARN of the trail. The format of a trail ARN is
+    #   `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
+    #   @return [String]
+    #
+    # @!attribute [rw] regions
+    #   A list of regions to get CloudTrail data from and analyze to
+    #   generate a policy.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Trail AWS API Documentation
+    #
+    class Trail < Struct.new(
+      :all_regions,
+      :cloud_trail_arn,
+      :regions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains details about the CloudTrail trail being analyzed to generate
+    # a policy.
+    #
+    # @!attribute [rw] all_regions
+    #   Possible values are `true` or `false`. If set to `true`, Access
+    #   Analyzer retrieves CloudTrail data from all regions to analyze and
+    #   generate a policy.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] cloud_trail_arn
+    #   Specifies the ARN of the trail. The format of a trail ARN is
+    #   `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
+    #   @return [String]
+    #
+    # @!attribute [rw] regions
+    #   A list of regions to get CloudTrail data from and analyze to
+    #   generate a policy.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/TrailProperties AWS API Documentation
+    #
+    class TrailProperties < Struct.new(
+      :all_regions,
+      :cloud_trail_arn,
+      :regions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Removes a tag from the specified resource.
     #
     # @note When making an API call, you may pass UntagResourceRequest

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-accessanalyzer
 version: !ruby/object:Gem::Version
-  version: 1.18.0
+  version: 1.19.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-16 00:00:00.000000000 Z
+date: 2021-04-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -66,8 +66,8 @@ homepage: https://github.com/aws/aws-sdk-ruby
 licenses:
 - Apache-2.0
 metadata:
-  source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sdk-accessanalyzer
-  changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sdk-accessanalyzer/CHANGELOG.md
+  source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-accessanalyzer
+  changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-accessanalyzer/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths: