aws-sdk-accessanalyzer 1.19.0 → 1.23.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 65e73ab7a1dc9196dbd04862d778b147a7a85a133e5b55e19b239927e8c70317
-  data.tar.gz: cf441dbf05279c1d793815de79c8dabe2825f5fea3bcda7a6fe3e4ed5ff2ed22
+  metadata.gz: 941f06caa057d0cc55cf091f38909e2635dd7766789d97c30ff076a0f60c1bba
+  data.tar.gz: d8e65577c97ee2af2a7ae1cda9b6269f035ed14f4be6e7e021c2809734eb088d
 SHA512:
-  metadata.gz: 5bf9c8d758ae7fabcdc590f220ebf07b903e13ab5039b3d1c73c6a45e252d7024d157f4d2f9b7905a8fc3a578e5e8ea9e04873349017113f7a47a8806f8d8ab0
-  data.tar.gz: e9398114a1660d2750d9f1ae41ec96a30bc0ebbe0a14bb69f5700a8577777cbc90ffb49ee0bf4d4f7bf08532e11d1b21f60f6e72d676391d8fc30640bdd8915a
+  metadata.gz: 2ecbd1cb82b6c0dba6871f83fcab240a4c1990d5e90c81919d32aa872e61f69a44a6a6377d95930c1ebe45c19a1ba2365487d772401f095bee20873cd1fb85ba
+  data.tar.gz: a2f5e0cd23a0ca5e33b562b6e5f623382f1ccb4b2e5986118dc93f65803252d8041dd9701b830ed6537bb5fc6bc10445fbbaab37427f251b914460bd49d07e2a

data/CHANGELOG.md

@@ -1,6 +1,26 @@
 Unreleased Changes
 ------------------
 
+1.23.0 (2021-09-02)
+------------------
+
+* Feature - Updates service API, documentation, and paginators to support multi-region access points from Amazon S3.
+
+1.22.0 (2021-09-01)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.21.0 (2021-07-30)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.20.0 (2021-07-28)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
 1.19.0 (2021-04-07)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.19.0
+1.23.0

data/lib/aws-sdk-accessanalyzer/client.rb

@@ -386,8 +386,9 @@ module Aws::AccessAnalyzer
       req.send_request(options)
     end
 
-    # Creates an access preview that allows you to preview Access Analyzer
-    # findings for your resource before deploying resource permissions.
+    # Creates an access preview that allows you to preview IAM Access
+    # Analyzer findings for your resource before deploying resource
+    # permissions.
     #
     # @option params [required, String] :analyzer_arn
     #   The [ARN of the account analyzer][1] used to generate the access
@@ -573,7 +574,7 @@ module Aws::AccessAnalyzer
     # when you create the rule.
     #
     # To learn about filter keys that you can use to create an archive rule,
-    # see [Access Analyzer filter keys][1] in the **IAM User Guide**.
+    # see [IAM Access Analyzer filter keys][1] in the **IAM User Guide**.
     #
     #
     #
@@ -621,10 +622,10 @@ module Aws::AccessAnalyzer
       req.send_request(options)
     end
 
-    # Deletes the specified analyzer. When you delete an analyzer, Access
-    # Analyzer is disabled for the account or organization in the current or
-    # specific Region. All findings that were generated by the analyzer are
-    # deleted. You cannot undo this action.
+    # Deletes the specified analyzer. When you delete an analyzer, IAM
+    # Access Analyzer is disabled for the account or organization in the
+    # current or specific Region. All findings that were generated by the
+    # analyzer are deleted. You cannot undo this action.
     #
     # @option params [required, String] :analyzer_name
     #   The name of the analyzer to delete.
@@ -845,7 +846,7 @@ module Aws::AccessAnalyzer
     # Retrieves information about an archive rule.
     #
     # To learn about filter keys that you can use to create an archive rule,
-    # see [Access Analyzer filter keys][1] in the **IAM User Guide**.
+    # see [IAM Access Analyzer filter keys][1] in the **IAM User Guide**.
     #
     #
     #
@@ -960,8 +961,9 @@ module Aws::AccessAnalyzer
     #   The level of detail that you want to generate. You can specify whether
     #   to generate service-level policies.
     #
-    #   Access Analyzer uses `iam:servicelastaccessed` to identify services
-    #   that have been used recently to create this service-level template.
+    #   IAM Access Analyzer uses `iam:servicelastaccessed` to identify
+    #   services that have been used recently to create this service-level
+    #   template.
     #
     # @option params [required, String] :job_id
     #   The `JobId` that is returned by the `StartPolicyGeneration` operation.
@@ -1297,7 +1299,7 @@ module Aws::AccessAnalyzer
     # Retrieves a list of findings generated by the specified analyzer.
     #
     # To learn about filter keys that you can use to retrieve a list of
-    # findings, see [Access Analyzer filter keys][1] in the **IAM User
+    # findings, see [IAM Access Analyzer filter keys][1] in the **IAM User
     # Guide**.
     #
     #
@@ -1470,7 +1472,7 @@ module Aws::AccessAnalyzer
     #   and they have no additional effect.
     #
     #   If you do not specify a client token, one is automatically generated
-    #   by the AWS SDK.
+    #   by the Amazon Web Services SDK.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.**
@@ -1720,14 +1722,14 @@ module Aws::AccessAnalyzer
     #   The type of policy to validate. Identity policies grant permissions to
     #   IAM principals. Identity policies include managed and inline policies
     #   for IAM roles, users, and groups. They also include service-control
-    #   policies (SCPs) that are attached to an AWS organization,
-    #   organizational unit (OU), or an account.
+    #   policies (SCPs) that are attached to an Amazon Web Services
+    #   organization, organizational unit (OU), or an account.
     #
-    #   Resource policies grant permissions on AWS resources. Resource
-    #   policies include trust policies for IAM roles and bucket policies for
-    #   S3 buckets. You can provide a generic input such as identity policy or
-    #   resource policy or a specific input such as managed policy or S3
-    #   bucket policy.
+    #   Resource policies grant permissions on Amazon Web Services resources.
+    #   Resource policies include trust policies for IAM roles and bucket
+    #   policies for Amazon S3 buckets. You can provide a generic input such
+    #   as identity policy or resource policy or a specific input such as
+    #   managed policy or Amazon S3 bucket policy.
     #
     # @return [Types::ValidatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1790,7 +1792,7 @@ module Aws::AccessAnalyzer
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-accessanalyzer'
-      context[:gem_version] = '1.19.0'
+      context[:gem_version] = '1.23.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-accessanalyzer/client_api.rb

@@ -27,7 +27,7 @@ module Aws::AccessAnalyzer
     AccessPreviewSummary = Shapes::StructureShape.new(name: 'AccessPreviewSummary')
     AccessPreviewsList = Shapes::ListShape.new(name: 'AccessPreviewsList')
     AclCanonicalId = Shapes::StringShape.new(name: 'AclCanonicalId')
-    AclGrantee = Shapes::StructureShape.new(name: 'AclGrantee')
+    AclGrantee = Shapes::UnionShape.new(name: 'AclGrantee')
     AclPermission = Shapes::StringShape.new(name: 'AclPermission')
     AclUri = Shapes::StringShape.new(name: 'AclUri')
     ActionList = Shapes::ListShape.new(name: 'ActionList')
@@ -48,7 +48,7 @@ module Aws::AccessAnalyzer
     CloudTrailDetails = Shapes::StructureShape.new(name: 'CloudTrailDetails')
     CloudTrailProperties = Shapes::StructureShape.new(name: 'CloudTrailProperties')
     ConditionKeyMap = Shapes::MapShape.new(name: 'ConditionKeyMap')
-    Configuration = Shapes::StructureShape.new(name: 'Configuration')
+    Configuration = Shapes::UnionShape.new(name: 'Configuration')
     ConfigurationsMap = Shapes::MapShape.new(name: 'ConfigurationsMap')
     ConfigurationsMapKey = Shapes::StringShape.new(name: 'ConfigurationsMapKey')
     ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
@@ -137,9 +137,9 @@ module Aws::AccessAnalyzer
     Location = Shapes::StructureShape.new(name: 'Location')
     LocationList = Shapes::ListShape.new(name: 'LocationList')
     Name = Shapes::StringShape.new(name: 'Name')
-    NetworkOriginConfiguration = Shapes::StructureShape.new(name: 'NetworkOriginConfiguration')
+    NetworkOriginConfiguration = Shapes::UnionShape.new(name: 'NetworkOriginConfiguration')
     OrderBy = Shapes::StringShape.new(name: 'OrderBy')
-    PathElement = Shapes::StructureShape.new(name: 'PathElement')
+    PathElement = Shapes::UnionShape.new(name: 'PathElement')
     PathElementList = Shapes::ListShape.new(name: 'PathElementList')
     PolicyDocument = Shapes::StringShape.new(name: 'PolicyDocument')
     PolicyGeneration = Shapes::StructureShape.new(name: 'PolicyGeneration')
@@ -252,6 +252,10 @@ module Aws::AccessAnalyzer
 
     AclGrantee.add_member(:id, Shapes::ShapeRef.new(shape: AclCanonicalId, location_name: "id"))
     AclGrantee.add_member(:uri, Shapes::ShapeRef.new(shape: AclUri, location_name: "uri"))
+    AclGrantee.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    AclGrantee.add_member_subclass(:id, Types::AclGrantee::Id)
+    AclGrantee.add_member_subclass(:uri, Types::AclGrantee::Uri)
+    AclGrantee.add_member_subclass(:unknown, Types::AclGrantee::Unknown)
     AclGrantee.struct_class = Types::AclGrantee
 
     ActionList.member = Shapes::ShapeRef.new(shape: String)
@@ -326,6 +330,13 @@ module Aws::AccessAnalyzer
     Configuration.add_member(:s3_bucket, Shapes::ShapeRef.new(shape: S3BucketConfiguration, location_name: "s3Bucket"))
     Configuration.add_member(:secrets_manager_secret, Shapes::ShapeRef.new(shape: SecretsManagerSecretConfiguration, location_name: "secretsManagerSecret"))
     Configuration.add_member(:sqs_queue, Shapes::ShapeRef.new(shape: SqsQueueConfiguration, location_name: "sqsQueue"))
+    Configuration.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    Configuration.add_member_subclass(:iam_role, Types::Configuration::IamRole)
+    Configuration.add_member_subclass(:kms_key, Types::Configuration::KmsKey)
+    Configuration.add_member_subclass(:s3_bucket, Types::Configuration::S3Bucket)
+    Configuration.add_member_subclass(:secrets_manager_secret, Types::Configuration::SecretsManagerSecret)
+    Configuration.add_member_subclass(:sqs_queue, Types::Configuration::SqsQueue)
+    Configuration.add_member_subclass(:unknown, Types::Configuration::Unknown)
     Configuration.struct_class = Types::Configuration
 
     ConfigurationsMap.key = Shapes::ShapeRef.new(shape: ConfigurationsMapKey)
@@ -613,12 +624,22 @@ module Aws::AccessAnalyzer
 
     NetworkOriginConfiguration.add_member(:internet_configuration, Shapes::ShapeRef.new(shape: InternetConfiguration, location_name: "internetConfiguration"))
     NetworkOriginConfiguration.add_member(:vpc_configuration, Shapes::ShapeRef.new(shape: VpcConfiguration, location_name: "vpcConfiguration"))
+    NetworkOriginConfiguration.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    NetworkOriginConfiguration.add_member_subclass(:internet_configuration, Types::NetworkOriginConfiguration::InternetConfiguration)
+    NetworkOriginConfiguration.add_member_subclass(:vpc_configuration, Types::NetworkOriginConfiguration::VpcConfiguration)
+    NetworkOriginConfiguration.add_member_subclass(:unknown, Types::NetworkOriginConfiguration::Unknown)
     NetworkOriginConfiguration.struct_class = Types::NetworkOriginConfiguration
 
     PathElement.add_member(:index, Shapes::ShapeRef.new(shape: Integer, location_name: "index"))
     PathElement.add_member(:key, Shapes::ShapeRef.new(shape: String, location_name: "key"))
     PathElement.add_member(:substring, Shapes::ShapeRef.new(shape: Substring, location_name: "substring"))
     PathElement.add_member(:value, Shapes::ShapeRef.new(shape: String, location_name: "value"))
+    PathElement.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    PathElement.add_member_subclass(:index, Types::PathElement::Index)
+    PathElement.add_member_subclass(:key, Types::PathElement::Key)
+    PathElement.add_member_subclass(:substring, Types::PathElement::Substring)
+    PathElement.add_member_subclass(:value, Types::PathElement::Value)
+    PathElement.add_member_subclass(:unknown, Types::PathElement::Unknown)
     PathElement.struct_class = Types::PathElement
 
     PathElementList.member = Shapes::ShapeRef.new(shape: PathElement)

data/lib/aws-sdk-accessanalyzer/types.rb

@@ -83,7 +83,7 @@ module Aws::AccessAnalyzer
     #
     # @!attribute [rw] change_type
     #   Provides context on how the access preview finding compares to
-    #   existing access identified in Access Analyzer.
+    #   existing access identified in IAM Access Analyzer.
     #
     #   * `New` - The finding is for newly-introduced access.
     #
@@ -113,8 +113,8 @@ module Aws::AccessAnalyzer
     #   @return [String]
     #
     # @!attribute [rw] existing_finding_id
-    #   The existing ID of the finding in Access Analyzer, provided only for
-    #   existing findings.
+    #   The existing ID of the finding in IAM Access Analyzer, provided only
+    #   for existing findings.
     #   @return [String]
     #
     # @!attribute [rw] existing_finding_status
@@ -144,8 +144,9 @@ module Aws::AccessAnalyzer
     #   @return [String]
     #
     # @!attribute [rw] resource_owner_account
-    #   The AWS account ID that owns the resource. For most AWS resources,
-    #   the owning account is the account in which the resource was created.
+    #   The Amazon Web Services account ID that owns the resource. For most
+    #   Amazon Web Services resources, the owning account is the account in
+    #   which the resource was created.
     #   @return [String]
     #
     # @!attribute [rw] resource_type
@@ -258,16 +259,13 @@ module Aws::AccessAnalyzer
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html
     #
-    # @note When making an API call, you may pass AclGrantee
-    #   data as a hash:
+    # @note AclGrantee is a union - when making an API calls you must set exactly one of the members.
     #
-    #       {
-    #         id: "AclCanonicalId",
-    #         uri: "AclUri",
-    #       }
+    # @note AclGrantee is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of AclGrantee corresponding to the set member.
     #
     # @!attribute [rw] id
-    #   The value specified is the canonical user ID of an AWS account.
+    #   The value specified is the canonical user ID of an Amazon Web
+    #   Services account.
     #   @return [String]
     #
     # @!attribute [rw] uri
@@ -278,9 +276,15 @@ module Aws::AccessAnalyzer
     #
     class AclGrantee < Struct.new(
       :id,
-      :uri)
+      :uri,
+      :unknown)
       SENSITIVE = []
       include Aws::Structure
+      include Aws::Structure::Union
+
+      class Id < AclGrantee; end
+      class Uri < AclGrantee; end
+      class Unknown < AclGrantee; end
     end
 
     # Contains details about the analyzed resource.
@@ -312,7 +316,7 @@ module Aws::AccessAnalyzer
     #   @return [String]
     #
     # @!attribute [rw] resource_owner_account
-    #   The AWS account ID that owns the resource.
+    #   The Amazon Web Services account ID that owns the resource.
     #   @return [String]
     #
     # @!attribute [rw] resource_type
@@ -358,7 +362,7 @@ module Aws::AccessAnalyzer
     #   @return [String]
     #
     # @!attribute [rw] resource_owner_account
-    #   The AWS account ID that owns the resource.
+    #   The Amazon Web Services account ID that owns the resource.
     #   @return [String]
     #
     # @!attribute [rw] resource_type
@@ -401,10 +405,10 @@ module Aws::AccessAnalyzer
     #   The status of the analyzer. An `Active` analyzer successfully
     #   monitors supported resources and generates new findings. The
     #   analyzer is `Disabled` when a user action, such as removing trusted
-    #   access for AWS IAM Access Analyzer from AWS Organizations, causes
-    #   the analyzer to stop generating new findings. The status is
-    #   `Creating` when the analyzer creation is in progress and `Failed`
-    #   when the analyzer creation has failed.
+    #   access for Identity and Access Management Access Analyzer from
+    #   Organizations, causes the analyzer to stop generating new findings.
+    #   The status is `Creating` when the analyzer creation is in progress
+    #   and `Failed` when the analyzer creation has failed.
     #   @return [String]
     #
     # @!attribute [rw] status_reason
@@ -412,8 +416,8 @@ module Aws::AccessAnalyzer
     #   the analyzer. For example, if the creation for the analyzer fails, a
     #   `Failed` status is returned. For an analyzer with organization as
     #   the type, this failure can be due to an issue with creating the
-    #   service-linked roles required in the member accounts of the AWS
-    #   organization.
+    #   service-linked roles required in the member accounts of the Amazon
+    #   Web Services organization.
     #   @return [Types::StatusReason]
     #
     # @!attribute [rw] tags
@@ -551,21 +555,21 @@ module Aws::AccessAnalyzer
     #       }
     #
     # @!attribute [rw] access_role
-    #   The ARN of the service role that Access Analyzer uses to access your
-    #   CloudTrail trail and service last accessed information.
+    #   The ARN of the service role that IAM Access Analyzer uses to access
+    #   your CloudTrail trail and service last accessed information.
     #   @return [String]
     #
     # @!attribute [rw] end_time
-    #   The end of the time range for which Access Analyzer reviews your
+    #   The end of the time range for which IAM Access Analyzer reviews your
     #   CloudTrail events. Events with a timestamp after this time are not
     #   considered to generate a policy. If this is not included in the
     #   request, the default value is the current time.
     #   @return [Time]
     #
     # @!attribute [rw] start_time
-    #   The start of the time range for which Access Analyzer reviews your
-    #   CloudTrail events. Events with a timestamp before this time are not
-    #   considered to generate a policy.
+    #   The start of the time range for which IAM Access Analyzer reviews
+    #   your CloudTrail events. Events with a timestamp before this time are
+    #   not considered to generate a policy.
     #   @return [Time]
     #
     # @!attribute [rw] trails
@@ -586,16 +590,16 @@ module Aws::AccessAnalyzer
     # Contains information about CloudTrail access.
     #
     # @!attribute [rw] end_time
-    #   The end of the time range for which Access Analyzer reviews your
+    #   The end of the time range for which IAM Access Analyzer reviews your
     #   CloudTrail events. Events with a timestamp after this time are not
     #   considered to generate a policy. If this is not included in the
     #   request, the default value is the current time.
     #   @return [Time]
     #
     # @!attribute [rw] start_time
-    #   The start of the time range for which Access Analyzer reviews your
-    #   CloudTrail events. Events with a timestamp before this time are not
-    #   considered to generate a policy.
+    #   The start of the time range for which IAM Access Analyzer reviews
+    #   your CloudTrail events. Events with a timestamp before this time are
+    #   not considered to generate a policy.
     #   @return [Time]
     #
     # @!attribute [rw] trail_properties
@@ -617,74 +621,9 @@ module Aws::AccessAnalyzer
     # the configuration as a type-value pair. You can specify only one type
     # of access control configuration.
     #
-    # @note When making an API call, you may pass Configuration
-    #   data as a hash:
+    # @note Configuration is a union - when making an API calls you must set exactly one of the members.
     #
-    #       {
-    #         iam_role: {
-    #           trust_policy: "IamTrustPolicy",
-    #         },
-    #         kms_key: {
-    #           grants: [
-    #             {
-    #               constraints: {
-    #                 encryption_context_equals: {
-    #                   "KmsConstraintsKey" => "KmsConstraintsValue",
-    #                 },
-    #                 encryption_context_subset: {
-    #                   "KmsConstraintsKey" => "KmsConstraintsValue",
-    #                 },
-    #               },
-    #               grantee_principal: "GranteePrincipal", # required
-    #               issuing_account: "IssuingAccount", # required
-    #               operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
-    #               retiring_principal: "RetiringPrincipal",
-    #             },
-    #           ],
-    #           key_policies: {
-    #             "PolicyName" => "KmsKeyPolicy",
-    #           },
-    #         },
-    #         s3_bucket: {
-    #           access_points: {
-    #             "AccessPointArn" => {
-    #               access_point_policy: "AccessPointPolicy",
-    #               network_origin: {
-    #                 internet_configuration: {
-    #                 },
-    #                 vpc_configuration: {
-    #                   vpc_id: "VpcId", # required
-    #                 },
-    #               },
-    #               public_access_block: {
-    #                 ignore_public_acls: false, # required
-    #                 restrict_public_buckets: false, # required
-    #               },
-    #             },
-    #           },
-    #           bucket_acl_grants: [
-    #             {
-    #               grantee: { # required
-    #                 id: "AclCanonicalId",
-    #                 uri: "AclUri",
-    #               },
-    #               permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
-    #             },
-    #           ],
-    #           bucket_policy: "S3BucketPolicy",
-    #           bucket_public_access_block: {
-    #             ignore_public_acls: false, # required
-    #             restrict_public_buckets: false, # required
-    #           },
-    #         },
-    #         secrets_manager_secret: {
-    #           kms_key_id: "SecretsManagerSecretKmsId",
-    #           secret_policy: "SecretsManagerSecretPolicy",
-    #         },
-    #         sqs_queue: {
-    #           queue_policy: "SqsQueuePolicy",
-    #         },
-    #       }
+    # @note Configuration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Configuration corresponding to the set member.
     #
     # @!attribute [rw] iam_role
     #   The access control configuration is for an IAM role.
@@ -703,7 +642,7 @@ module Aws::AccessAnalyzer
     #   @return [Types::SecretsManagerSecretConfiguration]
     #
     # @!attribute [rw] sqs_queue
-    #   The access control configuration is for an SQS queue.
+    #   The access control configuration is for an Amazon SQS queue.
     #   @return [Types::SqsQueueConfiguration]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Configuration AWS API Documentation
@@ -713,9 +652,18 @@ module Aws::AccessAnalyzer
       :kms_key,
       :s3_bucket,
       :secrets_manager_secret,
-      :sqs_queue)
+      :sqs_queue,
+      :unknown)
       SENSITIVE = []
       include Aws::Structure
+      include Aws::Structure::Union
+
+      class IamRole < Configuration; end
+      class KmsKey < Configuration; end
+      class S3Bucket < Configuration; end
+      class SecretsManagerSecret < Configuration; end
+      class SqsQueue < Configuration; end
+      class Unknown < Configuration; end
     end
 
     # A conflict exception error.
@@ -1146,7 +1094,7 @@ module Aws::AccessAnalyzer
     #   @return [String]
     #
     # @!attribute [rw] resource_owner_account
-    #   The AWS account ID that owns the resource.
+    #   The Amazon Web Services account ID that owns the resource.
     #   @return [String]
     #
     # @!attribute [rw] resource_type
@@ -1214,7 +1162,9 @@ module Aws::AccessAnalyzer
     # granted. This is populated for Amazon S3 bucket findings.
     #
     # @!attribute [rw] access_point_arn
-    #   The ARN of the access point that generated the finding.
+    #   The ARN of the access point that generated the finding. The ARN
+    #   format depends on whether the ARN represents an access point or a
+    #   multi-region access point.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSourceDetail AWS API Documentation
@@ -1269,7 +1219,7 @@ module Aws::AccessAnalyzer
     #   @return [String]
     #
     # @!attribute [rw] resource_owner_account
-    #   The AWS account ID that owns the resource.
+    #   The Amazon Web Services account ID that owns the resource.
     #   @return [String]
     #
     # @!attribute [rw] resource_type
@@ -1338,8 +1288,8 @@ module Aws::AccessAnalyzer
     #
     # @!attribute [rw] is_complete
     #   This value is set to `true` if the generated policy contains all
-    #   possible actions for a service that Access Analyzer identified from
-    #   the CloudTrail trail that you specified, and `false` otherwise.
+    #   possible actions for a service that IAM Access Analyzer identified
+    #   from the CloudTrail trail that you specified, and `false` otherwise.
     #   @return [Boolean]
     #
     # @!attribute [rw] principal_arn
@@ -1457,8 +1407,8 @@ module Aws::AccessAnalyzer
     # The response to the request.
     #
     # @!attribute [rw] resource
-    #   An `AnalyzedResource` object that contains information that Access
-    #   Analyzer found when it analyzed the resource.
+    #   An `AnalyzedResource` object that contains information that IAM
+    #   Access Analyzer found when it analyzed the resource.
     #   @return [Types::AnalyzedResource]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzedResourceResponse AWS API Documentation
@@ -1614,8 +1564,9 @@ module Aws::AccessAnalyzer
     #   The level of detail that you want to generate. You can specify
     #   whether to generate service-level policies.
     #
-    #   Access Analyzer uses `iam:servicelastaccessed` to identify services
-    #   that have been used recently to create this service-level template.
+    #   IAM Access Analyzer uses `iam:servicelastaccessed` to identify
+    #   services that have been used recently to create this service-level
+    #   template.
     #   @return [Boolean]
     #
     # @!attribute [rw] job_id
@@ -1740,8 +1691,8 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # This configuration sets the Amazon S3 access point network origin to
-    # `Internet`.
+    # This configuration sets the network origin for the Amazon S3 access
+    # point or multi-region access point to `Internet`.
     #
     # @api private
     #
@@ -1756,7 +1707,7 @@ module Aws::AccessAnalyzer
     #   @return [Time]
     #
     # @!attribute [rw] job_error
-    #   Contains the details about the policy generation error.
+    #   The job error for the policy generation request.
     #   @return [Types::JobError]
     #
     # @!attribute [rw] job_id
@@ -1848,9 +1799,9 @@ module Aws::AccessAnalyzer
     #   @return [String]
     #
     # @!attribute [rw] issuing_account
-    #   The AWS account under which the grant was issued. The account is
-    #   used to propose KMS grants issued by accounts other than the owner
-    #   of the key.
+    #   The Amazon Web Services account under which the grant was issued.
+    #   The account is used to propose KMS grants issued by accounts other
+    #   than the owner of the key.
     #   @return [String]
     #
     # @!attribute [rw] operations
@@ -2481,7 +2432,8 @@ module Aws::AccessAnalyzer
     end
 
     # The proposed `InternetConfiguration` or `VpcConfiguration` to apply to
-    # the Amazon S3 Access point. You can make the access point accessible
+    # the Amazon S3 access point. `VpcConfiguration` does not apply to
+    # multi-region access points. You can make the access point accessible
     # from the internet, or you can specify that all requests made through
     # that access point must originate from a specific virtual private cloud
     # (VPC). You can specify only one type of network configuration. For
@@ -2491,25 +2443,19 @@ module Aws::AccessAnalyzer
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
     #
-    # @note When making an API call, you may pass NetworkOriginConfiguration
-    #   data as a hash:
+    # @note NetworkOriginConfiguration is a union - when making an API calls you must set exactly one of the members.
     #
-    #       {
-    #         internet_configuration: {
-    #         },
-    #         vpc_configuration: {
-    #           vpc_id: "VpcId", # required
-    #         },
-    #       }
+    # @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
     #
     # @!attribute [rw] internet_configuration
-    #   The configuration for the Amazon S3 access point with an `Internet`
-    #   origin.
+    #   The configuration for the Amazon S3 access point or multi-region
+    #   access point with an `Internet` origin.
     #   @return [Types::InternetConfiguration]
     #
     # @!attribute [rw] vpc_configuration
     #   The proposed virtual private cloud (VPC) configuration for the
-    #   Amazon S3 access point. For more information, see
+    #   Amazon S3 access point. VPC configuration does not apply to
+    #   multi-region access points. For more information, see
     #   [VpcConfiguration][1].
     #
     #
@@ -2521,14 +2467,22 @@ module Aws::AccessAnalyzer
     #
     class NetworkOriginConfiguration < Struct.new(
       :internet_configuration,
-      :vpc_configuration)
+      :vpc_configuration,
+      :unknown)
       SENSITIVE = []
       include Aws::Structure
+      include Aws::Structure::Union
+
+      class InternetConfiguration < NetworkOriginConfiguration; end
+      class VpcConfiguration < NetworkOriginConfiguration; end
+      class Unknown < NetworkOriginConfiguration; end
     end
 
     # A single element in a path through the JSON representation of a
     # policy.
     #
+    # @note PathElement is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of PathElement corresponding to the set member.
+    #
     # @!attribute [rw] index
     #   Refers to an index in a JSON array.
     #   @return [Integer]
@@ -2551,9 +2505,17 @@ module Aws::AccessAnalyzer
       :index,
       :key,
       :substring,
-      :value)
+      :value,
+      :unknown)
       SENSITIVE = []
       include Aws::Structure
+      include Aws::Structure::Union
+
+      class Index < PathElement; end
+      class Key < PathElement; end
+      class Substring < PathElement; end
+      class Value < PathElement; end
+      class Unknown < PathElement; end
     end
 
     # Contains details about the policy generation status and properties.
@@ -2665,9 +2627,10 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # The configuration for an Amazon S3 access point for the bucket. You
-    # can propose up to 10 access points per bucket. If the proposed Amazon
-    # S3 access point configuration is for an existing bucket, the access
+    # The configuration for an Amazon S3 access point or multi-region access
+    # point for the bucket. You can propose up to 10 access points or
+    # multi-region access points per bucket. If the proposed Amazon S3
+    # access point configuration is for an existing bucket, the access
     # preview uses the proposed access point configuration in place of the
     # existing access points. To propose an access point without a policy,
     # you can provide an empty string as the access point policy. For more
@@ -2699,21 +2662,22 @@ module Aws::AccessAnalyzer
     #       }
     #
     # @!attribute [rw] access_point_policy
-    #   The access point policy.
+    #   The access point or multi-region access point policy.
     #   @return [String]
     #
     # @!attribute [rw] network_origin
     #   The proposed `Internet` and `VpcConfiguration` to apply to this
-    #   Amazon S3 access point. If the access preview is for a new resource
-    #   and neither is specified, the access preview uses `Internet` for the
-    #   network origin. If the access preview is for an existing resource
-    #   and neither is specified, the access preview uses the exiting
-    #   network origin.
+    #   Amazon S3 access point. `VpcConfiguration` does not apply to
+    #   multi-region access points. If the access preview is for a new
+    #   resource and neither is specified, the access preview uses
+    #   `Internet` for the network origin. If the access preview is for an
+    #   existing resource and neither is specified, the access preview uses
+    #   the exiting network origin.
     #   @return [Types::NetworkOriginConfiguration]
     #
     # @!attribute [rw] public_access_block
     #   The proposed `S3PublicAccessBlock` configuration to apply to this
-    #   Amazon S3 Access Point.
+    #   Amazon S3 access point or multi-region access point.
     #   @return [Types::S3PublicAccessBlockConfiguration]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3AccessPointConfiguration AWS API Documentation
@@ -2764,15 +2728,16 @@ module Aws::AccessAnalyzer
     # Proposed access control configuration for an Amazon S3 bucket. You can
     # propose a configuration for a new Amazon S3 bucket or an existing
     # Amazon S3 bucket that you own by specifying the Amazon S3 bucket
-    # policy, bucket ACLs, bucket BPA settings, and Amazon S3 access points
-    # attached to the bucket. If the configuration is for an existing Amazon
-    # S3 bucket and you do not specify the Amazon S3 bucket policy, the
-    # access preview uses the existing policy attached to the bucket. If the
-    # access preview is for a new resource and you do not specify the Amazon
-    # S3 bucket policy, the access preview assumes a bucket without a
-    # policy. To propose deletion of an existing bucket policy, you can
-    # specify an empty string. For more information about bucket policy
-    # limits, see [Bucket Policy Examples][1].
+    # policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and
+    # multi-region access points attached to the bucket. If the
+    # configuration is for an existing Amazon S3 bucket and you do not
+    # specify the Amazon S3 bucket policy, the access preview uses the
+    # existing policy attached to the bucket. If the access preview is for a
+    # new resource and you do not specify the Amazon S3 bucket policy, the
+    # access preview assumes a bucket without a policy. To propose deletion
+    # of an existing bucket policy, you can specify an empty string. For
+    # more information about bucket policy limits, see [Bucket Policy
+    # Examples][1].
     #
     #
     #
@@ -2815,7 +2780,9 @@ module Aws::AccessAnalyzer
     #       }
     #
     # @!attribute [rw] access_points
-    #   The configuration of Amazon S3 access points for the bucket.
+    #   The configuration of Amazon S3 access points or multi-region access
+    #   points for the bucket. You can propose up to 10 new access points
+    #   per bucket.
     #   @return [Hash<String,Types::S3AccessPointConfiguration>]
     #
     # @!attribute [rw] bucket_acl_grants
@@ -2852,10 +2819,10 @@ module Aws::AccessAnalyzer
     # bucket and the configuration is not specified, the access preview uses
     # the existing setting. If the proposed configuration is for a new
     # bucket and the configuration is not specified, the access preview uses
-    # `false`. If the proposed configuration is for a new access point and
-    # the access point BPA configuration is not specified, the access
-    # preview uses `true`. For more information, see
-    # [PublicAccessBlockConfiguration][1].
+    # `false`. If the proposed configuration is for a new access point or
+    # multi-region access point and the access point BPA configuration is
+    # not specified, the access preview uses `true`. For more information,
+    # see [PublicAccessBlockConfiguration][1].
     #
     #
     #
@@ -2900,10 +2867,10 @@ module Aws::AccessAnalyzer
     # without a policy. To propose deletion of an existing policy, you can
     # specify an empty string. If the proposed configuration is for a new
     # secret and you do not specify the KMS key ID, the access preview uses
-    # the default CMK of the AWS account. If you specify an empty string for
-    # the KMS key ID, the access preview uses the default CMK of the AWS
-    # account. For more information about secret policy limits, see [Quotas
-    # for AWS Secrets Manager.][2].
+    # the default CMK of the Amazon Web Services account. If you specify an
+    # empty string for the KMS key ID, the access preview uses the default
+    # CMK of the Amazon Web Services account. For more information about
+    # secret policy limits, see [Quotas for Secrets Manager.][2].
     #
     #
     #
@@ -2919,8 +2886,8 @@ module Aws::AccessAnalyzer
     #       }
     #
     # @!attribute [rw] kms_key_id
-    #   The proposed ARN, key ID, or alias of the AWS KMS customer master
-    #   key (CMK).
+    #   The proposed ARN, key ID, or alias of the KMS customer master key
+    #   (CMK).
     #   @return [String]
     #
     # @!attribute [rw] secret_policy
@@ -3007,15 +2974,16 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # The proposed access control configuration for an SQS queue. You can
-    # propose a configuration for a new SQS queue or an existing SQS queue
-    # that you own by specifying the SQS policy. If the configuration is for
-    # an existing SQS queue and you do not specify the SQS policy, the
-    # access preview uses the existing SQS policy for the queue. If the
-    # access preview is for a new resource and you do not specify the
-    # policy, the access preview assumes an SQS queue without a policy. To
-    # propose deletion of an existing SQS queue policy, you can specify an
-    # empty string for the SQS policy. For more information about SQS policy
+    # The proposed access control configuration for an Amazon SQS queue. You
+    # can propose a configuration for a new Amazon SQS queue or an existing
+    # Amazon SQS queue that you own by specifying the Amazon SQS policy. If
+    # the configuration is for an existing Amazon SQS queue and you do not
+    # specify the Amazon SQS policy, the access preview uses the existing
+    # Amazon SQS policy for the queue. If the access preview is for a new
+    # resource and you do not specify the policy, the access preview assumes
+    # an Amazon SQS queue without a policy. To propose deletion of an
+    # existing Amazon SQS queue policy, you can specify an empty string for
+    # the Amazon SQS policy. For more information about Amazon SQS policy
     # limits, see [Quotas related to policies][1].
     #
     #
@@ -3030,7 +2998,7 @@ module Aws::AccessAnalyzer
     #       }
     #
     # @!attribute [rw] queue_policy
-    #   The proposed resource policy for the SQS queue.
+    #   The proposed resource policy for the Amazon SQS queue.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/SqsQueueConfiguration AWS API Documentation
@@ -3072,7 +3040,7 @@ module Aws::AccessAnalyzer
     #   and they have no additional effect.
     #
     #   If you do not specify a client token, one is automatically generated
-    #   by the AWS SDK.
+    #   by the Amazon Web Services SDK.
     #
     #   **A suitable default value is auto-generated.** You should normally
     #   not need to pass this option.
@@ -3149,7 +3117,7 @@ module Aws::AccessAnalyzer
     # example, if the creation for the analyzer fails, a `Failed` status is
     # returned. For an analyzer with organization as the type, this failure
     # can be due to an issue with creating the service-linked roles required
-    # in the member accounts of the AWS organization.
+    # in the member accounts of the Amazon Web Services organization.
     #
     # @!attribute [rw] code
     #   The reason code for the current status of the analyzer.
@@ -3248,7 +3216,7 @@ module Aws::AccessAnalyzer
     #       }
     #
     # @!attribute [rw] all_regions
-    #   Possible values are `true` or `false`. If set to `true`, Access
+    #   Possible values are `true` or `false`. If set to `true`, IAM Access
     #   Analyzer retrieves CloudTrail data from all regions to analyze and
     #   generate a policy.
     #   @return [Boolean]
@@ -3277,7 +3245,7 @@ module Aws::AccessAnalyzer
     # a policy.
     #
     # @!attribute [rw] all_regions
-    #   Possible values are `true` or `false`. If set to `true`, Access
+    #   Possible values are `true` or `false`. If set to `true`, IAM Access
     #   Analyzer retrieves CloudTrail data from all regions to analyze and
     #   generate a policy.
     #   @return [Boolean]
@@ -3521,14 +3489,14 @@ module Aws::AccessAnalyzer
     #   The type of policy to validate. Identity policies grant permissions
     #   to IAM principals. Identity policies include managed and inline
     #   policies for IAM roles, users, and groups. They also include
-    #   service-control policies (SCPs) that are attached to an AWS
-    #   organization, organizational unit (OU), or an account.
+    #   service-control policies (SCPs) that are attached to an Amazon Web
+    #   Services organization, organizational unit (OU), or an account.
     #
-    #   Resource policies grant permissions on AWS resources. Resource
-    #   policies include trust policies for IAM roles and bucket policies
-    #   for S3 buckets. You can provide a generic input such as identity
-    #   policy or resource policy or a specific input such as managed policy
-    #   or S3 bucket policy.
+    #   Resource policies grant permissions on Amazon Web Services
+    #   resources. Resource policies include trust policies for IAM roles
+    #   and bucket policies for Amazon S3 buckets. You can provide a generic
+    #   input such as identity policy or resource policy or a specific input
+    #   such as managed policy or Amazon S3 bucket policy.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyRequest AWS API Documentation
@@ -3544,8 +3512,8 @@ module Aws::AccessAnalyzer
     end
 
     # @!attribute [rw] findings
-    #   The list of findings in a policy returned by Access Analyzer based
-    #   on its suite of policy checks.
+    #   The list of findings in a policy returned by IAM Access Analyzer
+    #   based on its suite of policy checks.
     #   @return [Array<Types::ValidatePolicyFinding>]
     #
     # @!attribute [rw] next_token
@@ -3604,7 +3572,8 @@ module Aws::AccessAnalyzer
     end
 
     # The proposed virtual private cloud (VPC) configuration for the Amazon
-    # S3 access point. For more information, see [VpcConfiguration][1].
+    # S3 access point. VPC configuration does not apply to multi-region
+    # access points. For more information, see [VpcConfiguration][1].
     #
     #
     #

data/lib/aws-sdk-accessanalyzer.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-accessanalyzer/customizations'
 # @!group service
 module Aws::AccessAnalyzer
 
-  GEM_VERSION = '1.19.0'
+  GEM_VERSION = '1.23.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-accessanalyzer
 version: !ruby/object:Gem::Version
-  version: 1.19.0
+  version: 1.23.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-07 00:00:00.000000000 Z
+date: 2021-09-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.112.0
+        version: 3.120.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.112.0
+        version: 3.120.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement
@@ -76,15 +76,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6.2
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: AWS SDK for Ruby - Access Analyzer