aws-sdk-accessanalyzer 1.19.0 → 1.23.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +22 -20
- data/lib/aws-sdk-accessanalyzer/client_api.rb +25 -4
- data/lib/aws-sdk-accessanalyzer/types.rb +153 -184
- data/lib/aws-sdk-accessanalyzer.rb +1 -1
- metadata +6 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 941f06caa057d0cc55cf091f38909e2635dd7766789d97c30ff076a0f60c1bba
|
4
|
+
data.tar.gz: d8e65577c97ee2af2a7ae1cda9b6269f035ed14f4be6e7e021c2809734eb088d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2ecbd1cb82b6c0dba6871f83fcab240a4c1990d5e90c81919d32aa872e61f69a44a6a6377d95930c1ebe45c19a1ba2365487d772401f095bee20873cd1fb85ba
|
7
|
+
data.tar.gz: a2f5e0cd23a0ca5e33b562b6e5f623382f1ccb4b2e5986118dc93f65803252d8041dd9701b830ed6537bb5fc6bc10445fbbaab37427f251b914460bd49d07e2a
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,26 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.23.0 (2021-09-02)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Updates service API, documentation, and paginators to support multi-region access points from Amazon S3.
|
8
|
+
|
9
|
+
1.22.0 (2021-09-01)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
13
|
+
|
14
|
+
1.21.0 (2021-07-30)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
18
|
+
|
19
|
+
1.20.0 (2021-07-28)
|
20
|
+
------------------
|
21
|
+
|
22
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
23
|
+
|
4
24
|
1.19.0 (2021-04-07)
|
5
25
|
------------------
|
6
26
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.23.0
|
@@ -386,8 +386,9 @@ module Aws::AccessAnalyzer
|
|
386
386
|
req.send_request(options)
|
387
387
|
end
|
388
388
|
|
389
|
-
# Creates an access preview that allows you to preview Access
|
390
|
-
# findings for your resource before deploying resource
|
389
|
+
# Creates an access preview that allows you to preview IAM Access
|
390
|
+
# Analyzer findings for your resource before deploying resource
|
391
|
+
# permissions.
|
391
392
|
#
|
392
393
|
# @option params [required, String] :analyzer_arn
|
393
394
|
# The [ARN of the account analyzer][1] used to generate the access
|
@@ -573,7 +574,7 @@ module Aws::AccessAnalyzer
|
|
573
574
|
# when you create the rule.
|
574
575
|
#
|
575
576
|
# To learn about filter keys that you can use to create an archive rule,
|
576
|
-
# see [Access Analyzer filter keys][1] in the **IAM User Guide**.
|
577
|
+
# see [IAM Access Analyzer filter keys][1] in the **IAM User Guide**.
|
577
578
|
#
|
578
579
|
#
|
579
580
|
#
|
@@ -621,10 +622,10 @@ module Aws::AccessAnalyzer
|
|
621
622
|
req.send_request(options)
|
622
623
|
end
|
623
624
|
|
624
|
-
# Deletes the specified analyzer. When you delete an analyzer,
|
625
|
-
# Analyzer is disabled for the account or organization in the
|
626
|
-
# specific Region. All findings that were generated by the
|
627
|
-
# deleted. You cannot undo this action.
|
625
|
+
# Deletes the specified analyzer. When you delete an analyzer, IAM
|
626
|
+
# Access Analyzer is disabled for the account or organization in the
|
627
|
+
# current or specific Region. All findings that were generated by the
|
628
|
+
# analyzer are deleted. You cannot undo this action.
|
628
629
|
#
|
629
630
|
# @option params [required, String] :analyzer_name
|
630
631
|
# The name of the analyzer to delete.
|
@@ -845,7 +846,7 @@ module Aws::AccessAnalyzer
|
|
845
846
|
# Retrieves information about an archive rule.
|
846
847
|
#
|
847
848
|
# To learn about filter keys that you can use to create an archive rule,
|
848
|
-
# see [Access Analyzer filter keys][1] in the **IAM User Guide**.
|
849
|
+
# see [IAM Access Analyzer filter keys][1] in the **IAM User Guide**.
|
849
850
|
#
|
850
851
|
#
|
851
852
|
#
|
@@ -960,8 +961,9 @@ module Aws::AccessAnalyzer
|
|
960
961
|
# The level of detail that you want to generate. You can specify whether
|
961
962
|
# to generate service-level policies.
|
962
963
|
#
|
963
|
-
# Access Analyzer uses `iam:servicelastaccessed` to identify
|
964
|
-
# that have been used recently to create this service-level
|
964
|
+
# IAM Access Analyzer uses `iam:servicelastaccessed` to identify
|
965
|
+
# services that have been used recently to create this service-level
|
966
|
+
# template.
|
965
967
|
#
|
966
968
|
# @option params [required, String] :job_id
|
967
969
|
# The `JobId` that is returned by the `StartPolicyGeneration` operation.
|
@@ -1297,7 +1299,7 @@ module Aws::AccessAnalyzer
|
|
1297
1299
|
# Retrieves a list of findings generated by the specified analyzer.
|
1298
1300
|
#
|
1299
1301
|
# To learn about filter keys that you can use to retrieve a list of
|
1300
|
-
# findings, see [Access Analyzer filter keys][1] in the **IAM User
|
1302
|
+
# findings, see [IAM Access Analyzer filter keys][1] in the **IAM User
|
1301
1303
|
# Guide**.
|
1302
1304
|
#
|
1303
1305
|
#
|
@@ -1470,7 +1472,7 @@ module Aws::AccessAnalyzer
|
|
1470
1472
|
# and they have no additional effect.
|
1471
1473
|
#
|
1472
1474
|
# If you do not specify a client token, one is automatically generated
|
1473
|
-
# by the
|
1475
|
+
# by the Amazon Web Services SDK.
|
1474
1476
|
#
|
1475
1477
|
# **A suitable default value is auto-generated.** You should normally
|
1476
1478
|
# not need to pass this option.**
|
@@ -1720,14 +1722,14 @@ module Aws::AccessAnalyzer
|
|
1720
1722
|
# The type of policy to validate. Identity policies grant permissions to
|
1721
1723
|
# IAM principals. Identity policies include managed and inline policies
|
1722
1724
|
# for IAM roles, users, and groups. They also include service-control
|
1723
|
-
# policies (SCPs) that are attached to an
|
1724
|
-
# organizational unit (OU), or an account.
|
1725
|
+
# policies (SCPs) that are attached to an Amazon Web Services
|
1726
|
+
# organization, organizational unit (OU), or an account.
|
1725
1727
|
#
|
1726
|
-
# Resource policies grant permissions on
|
1727
|
-
# policies include trust policies for IAM roles and bucket
|
1728
|
-
# S3 buckets. You can provide a generic input such
|
1729
|
-
# resource policy or a specific input such as
|
1730
|
-
# bucket policy.
|
1728
|
+
# Resource policies grant permissions on Amazon Web Services resources.
|
1729
|
+
# Resource policies include trust policies for IAM roles and bucket
|
1730
|
+
# policies for Amazon S3 buckets. You can provide a generic input such
|
1731
|
+
# as identity policy or resource policy or a specific input such as
|
1732
|
+
# managed policy or Amazon S3 bucket policy.
|
1731
1733
|
#
|
1732
1734
|
# @return [Types::ValidatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1733
1735
|
#
|
@@ -1790,7 +1792,7 @@ module Aws::AccessAnalyzer
|
|
1790
1792
|
params: params,
|
1791
1793
|
config: config)
|
1792
1794
|
context[:gem_name] = 'aws-sdk-accessanalyzer'
|
1793
|
-
context[:gem_version] = '1.
|
1795
|
+
context[:gem_version] = '1.23.0'
|
1794
1796
|
Seahorse::Client::Request.new(handlers, context)
|
1795
1797
|
end
|
1796
1798
|
|
@@ -27,7 +27,7 @@ module Aws::AccessAnalyzer
|
|
27
27
|
AccessPreviewSummary = Shapes::StructureShape.new(name: 'AccessPreviewSummary')
|
28
28
|
AccessPreviewsList = Shapes::ListShape.new(name: 'AccessPreviewsList')
|
29
29
|
AclCanonicalId = Shapes::StringShape.new(name: 'AclCanonicalId')
|
30
|
-
AclGrantee = Shapes::
|
30
|
+
AclGrantee = Shapes::UnionShape.new(name: 'AclGrantee')
|
31
31
|
AclPermission = Shapes::StringShape.new(name: 'AclPermission')
|
32
32
|
AclUri = Shapes::StringShape.new(name: 'AclUri')
|
33
33
|
ActionList = Shapes::ListShape.new(name: 'ActionList')
|
@@ -48,7 +48,7 @@ module Aws::AccessAnalyzer
|
|
48
48
|
CloudTrailDetails = Shapes::StructureShape.new(name: 'CloudTrailDetails')
|
49
49
|
CloudTrailProperties = Shapes::StructureShape.new(name: 'CloudTrailProperties')
|
50
50
|
ConditionKeyMap = Shapes::MapShape.new(name: 'ConditionKeyMap')
|
51
|
-
Configuration = Shapes::
|
51
|
+
Configuration = Shapes::UnionShape.new(name: 'Configuration')
|
52
52
|
ConfigurationsMap = Shapes::MapShape.new(name: 'ConfigurationsMap')
|
53
53
|
ConfigurationsMapKey = Shapes::StringShape.new(name: 'ConfigurationsMapKey')
|
54
54
|
ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
|
@@ -137,9 +137,9 @@ module Aws::AccessAnalyzer
|
|
137
137
|
Location = Shapes::StructureShape.new(name: 'Location')
|
138
138
|
LocationList = Shapes::ListShape.new(name: 'LocationList')
|
139
139
|
Name = Shapes::StringShape.new(name: 'Name')
|
140
|
-
NetworkOriginConfiguration = Shapes::
|
140
|
+
NetworkOriginConfiguration = Shapes::UnionShape.new(name: 'NetworkOriginConfiguration')
|
141
141
|
OrderBy = Shapes::StringShape.new(name: 'OrderBy')
|
142
|
-
PathElement = Shapes::
|
142
|
+
PathElement = Shapes::UnionShape.new(name: 'PathElement')
|
143
143
|
PathElementList = Shapes::ListShape.new(name: 'PathElementList')
|
144
144
|
PolicyDocument = Shapes::StringShape.new(name: 'PolicyDocument')
|
145
145
|
PolicyGeneration = Shapes::StructureShape.new(name: 'PolicyGeneration')
|
@@ -252,6 +252,10 @@ module Aws::AccessAnalyzer
|
|
252
252
|
|
253
253
|
AclGrantee.add_member(:id, Shapes::ShapeRef.new(shape: AclCanonicalId, location_name: "id"))
|
254
254
|
AclGrantee.add_member(:uri, Shapes::ShapeRef.new(shape: AclUri, location_name: "uri"))
|
255
|
+
AclGrantee.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
|
256
|
+
AclGrantee.add_member_subclass(:id, Types::AclGrantee::Id)
|
257
|
+
AclGrantee.add_member_subclass(:uri, Types::AclGrantee::Uri)
|
258
|
+
AclGrantee.add_member_subclass(:unknown, Types::AclGrantee::Unknown)
|
255
259
|
AclGrantee.struct_class = Types::AclGrantee
|
256
260
|
|
257
261
|
ActionList.member = Shapes::ShapeRef.new(shape: String)
|
@@ -326,6 +330,13 @@ module Aws::AccessAnalyzer
|
|
326
330
|
Configuration.add_member(:s3_bucket, Shapes::ShapeRef.new(shape: S3BucketConfiguration, location_name: "s3Bucket"))
|
327
331
|
Configuration.add_member(:secrets_manager_secret, Shapes::ShapeRef.new(shape: SecretsManagerSecretConfiguration, location_name: "secretsManagerSecret"))
|
328
332
|
Configuration.add_member(:sqs_queue, Shapes::ShapeRef.new(shape: SqsQueueConfiguration, location_name: "sqsQueue"))
|
333
|
+
Configuration.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
|
334
|
+
Configuration.add_member_subclass(:iam_role, Types::Configuration::IamRole)
|
335
|
+
Configuration.add_member_subclass(:kms_key, Types::Configuration::KmsKey)
|
336
|
+
Configuration.add_member_subclass(:s3_bucket, Types::Configuration::S3Bucket)
|
337
|
+
Configuration.add_member_subclass(:secrets_manager_secret, Types::Configuration::SecretsManagerSecret)
|
338
|
+
Configuration.add_member_subclass(:sqs_queue, Types::Configuration::SqsQueue)
|
339
|
+
Configuration.add_member_subclass(:unknown, Types::Configuration::Unknown)
|
329
340
|
Configuration.struct_class = Types::Configuration
|
330
341
|
|
331
342
|
ConfigurationsMap.key = Shapes::ShapeRef.new(shape: ConfigurationsMapKey)
|
@@ -613,12 +624,22 @@ module Aws::AccessAnalyzer
|
|
613
624
|
|
614
625
|
NetworkOriginConfiguration.add_member(:internet_configuration, Shapes::ShapeRef.new(shape: InternetConfiguration, location_name: "internetConfiguration"))
|
615
626
|
NetworkOriginConfiguration.add_member(:vpc_configuration, Shapes::ShapeRef.new(shape: VpcConfiguration, location_name: "vpcConfiguration"))
|
627
|
+
NetworkOriginConfiguration.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
|
628
|
+
NetworkOriginConfiguration.add_member_subclass(:internet_configuration, Types::NetworkOriginConfiguration::InternetConfiguration)
|
629
|
+
NetworkOriginConfiguration.add_member_subclass(:vpc_configuration, Types::NetworkOriginConfiguration::VpcConfiguration)
|
630
|
+
NetworkOriginConfiguration.add_member_subclass(:unknown, Types::NetworkOriginConfiguration::Unknown)
|
616
631
|
NetworkOriginConfiguration.struct_class = Types::NetworkOriginConfiguration
|
617
632
|
|
618
633
|
PathElement.add_member(:index, Shapes::ShapeRef.new(shape: Integer, location_name: "index"))
|
619
634
|
PathElement.add_member(:key, Shapes::ShapeRef.new(shape: String, location_name: "key"))
|
620
635
|
PathElement.add_member(:substring, Shapes::ShapeRef.new(shape: Substring, location_name: "substring"))
|
621
636
|
PathElement.add_member(:value, Shapes::ShapeRef.new(shape: String, location_name: "value"))
|
637
|
+
PathElement.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
|
638
|
+
PathElement.add_member_subclass(:index, Types::PathElement::Index)
|
639
|
+
PathElement.add_member_subclass(:key, Types::PathElement::Key)
|
640
|
+
PathElement.add_member_subclass(:substring, Types::PathElement::Substring)
|
641
|
+
PathElement.add_member_subclass(:value, Types::PathElement::Value)
|
642
|
+
PathElement.add_member_subclass(:unknown, Types::PathElement::Unknown)
|
622
643
|
PathElement.struct_class = Types::PathElement
|
623
644
|
|
624
645
|
PathElementList.member = Shapes::ShapeRef.new(shape: PathElement)
|
@@ -83,7 +83,7 @@ module Aws::AccessAnalyzer
|
|
83
83
|
#
|
84
84
|
# @!attribute [rw] change_type
|
85
85
|
# Provides context on how the access preview finding compares to
|
86
|
-
# existing access identified in Access Analyzer.
|
86
|
+
# existing access identified in IAM Access Analyzer.
|
87
87
|
#
|
88
88
|
# * `New` - The finding is for newly-introduced access.
|
89
89
|
#
|
@@ -113,8 +113,8 @@ module Aws::AccessAnalyzer
|
|
113
113
|
# @return [String]
|
114
114
|
#
|
115
115
|
# @!attribute [rw] existing_finding_id
|
116
|
-
# The existing ID of the finding in Access Analyzer, provided only
|
117
|
-
# existing findings.
|
116
|
+
# The existing ID of the finding in IAM Access Analyzer, provided only
|
117
|
+
# for existing findings.
|
118
118
|
# @return [String]
|
119
119
|
#
|
120
120
|
# @!attribute [rw] existing_finding_status
|
@@ -144,8 +144,9 @@ module Aws::AccessAnalyzer
|
|
144
144
|
# @return [String]
|
145
145
|
#
|
146
146
|
# @!attribute [rw] resource_owner_account
|
147
|
-
# The
|
148
|
-
# the owning account is the account in
|
147
|
+
# The Amazon Web Services account ID that owns the resource. For most
|
148
|
+
# Amazon Web Services resources, the owning account is the account in
|
149
|
+
# which the resource was created.
|
149
150
|
# @return [String]
|
150
151
|
#
|
151
152
|
# @!attribute [rw] resource_type
|
@@ -258,16 +259,13 @@ module Aws::AccessAnalyzer
|
|
258
259
|
#
|
259
260
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html
|
260
261
|
#
|
261
|
-
# @note
|
262
|
-
# data as a hash:
|
262
|
+
# @note AclGrantee is a union - when making an API calls you must set exactly one of the members.
|
263
263
|
#
|
264
|
-
#
|
265
|
-
# id: "AclCanonicalId",
|
266
|
-
# uri: "AclUri",
|
267
|
-
# }
|
264
|
+
# @note AclGrantee is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of AclGrantee corresponding to the set member.
|
268
265
|
#
|
269
266
|
# @!attribute [rw] id
|
270
|
-
# The value specified is the canonical user ID of an
|
267
|
+
# The value specified is the canonical user ID of an Amazon Web
|
268
|
+
# Services account.
|
271
269
|
# @return [String]
|
272
270
|
#
|
273
271
|
# @!attribute [rw] uri
|
@@ -278,9 +276,15 @@ module Aws::AccessAnalyzer
|
|
278
276
|
#
|
279
277
|
class AclGrantee < Struct.new(
|
280
278
|
:id,
|
281
|
-
:uri
|
279
|
+
:uri,
|
280
|
+
:unknown)
|
282
281
|
SENSITIVE = []
|
283
282
|
include Aws::Structure
|
283
|
+
include Aws::Structure::Union
|
284
|
+
|
285
|
+
class Id < AclGrantee; end
|
286
|
+
class Uri < AclGrantee; end
|
287
|
+
class Unknown < AclGrantee; end
|
284
288
|
end
|
285
289
|
|
286
290
|
# Contains details about the analyzed resource.
|
@@ -312,7 +316,7 @@ module Aws::AccessAnalyzer
|
|
312
316
|
# @return [String]
|
313
317
|
#
|
314
318
|
# @!attribute [rw] resource_owner_account
|
315
|
-
# The
|
319
|
+
# The Amazon Web Services account ID that owns the resource.
|
316
320
|
# @return [String]
|
317
321
|
#
|
318
322
|
# @!attribute [rw] resource_type
|
@@ -358,7 +362,7 @@ module Aws::AccessAnalyzer
|
|
358
362
|
# @return [String]
|
359
363
|
#
|
360
364
|
# @!attribute [rw] resource_owner_account
|
361
|
-
# The
|
365
|
+
# The Amazon Web Services account ID that owns the resource.
|
362
366
|
# @return [String]
|
363
367
|
#
|
364
368
|
# @!attribute [rw] resource_type
|
@@ -401,10 +405,10 @@ module Aws::AccessAnalyzer
|
|
401
405
|
# The status of the analyzer. An `Active` analyzer successfully
|
402
406
|
# monitors supported resources and generates new findings. The
|
403
407
|
# analyzer is `Disabled` when a user action, such as removing trusted
|
404
|
-
# access for
|
405
|
-
# the analyzer to stop generating new findings.
|
406
|
-
# `Creating` when the analyzer creation is in progress
|
407
|
-
# when the analyzer creation has failed.
|
408
|
+
# access for Identity and Access Management Access Analyzer from
|
409
|
+
# Organizations, causes the analyzer to stop generating new findings.
|
410
|
+
# The status is `Creating` when the analyzer creation is in progress
|
411
|
+
# and `Failed` when the analyzer creation has failed.
|
408
412
|
# @return [String]
|
409
413
|
#
|
410
414
|
# @!attribute [rw] status_reason
|
@@ -412,8 +416,8 @@ module Aws::AccessAnalyzer
|
|
412
416
|
# the analyzer. For example, if the creation for the analyzer fails, a
|
413
417
|
# `Failed` status is returned. For an analyzer with organization as
|
414
418
|
# the type, this failure can be due to an issue with creating the
|
415
|
-
# service-linked roles required in the member accounts of the
|
416
|
-
# organization.
|
419
|
+
# service-linked roles required in the member accounts of the Amazon
|
420
|
+
# Web Services organization.
|
417
421
|
# @return [Types::StatusReason]
|
418
422
|
#
|
419
423
|
# @!attribute [rw] tags
|
@@ -551,21 +555,21 @@ module Aws::AccessAnalyzer
|
|
551
555
|
# }
|
552
556
|
#
|
553
557
|
# @!attribute [rw] access_role
|
554
|
-
# The ARN of the service role that Access Analyzer uses to access
|
555
|
-
# CloudTrail trail and service last accessed information.
|
558
|
+
# The ARN of the service role that IAM Access Analyzer uses to access
|
559
|
+
# your CloudTrail trail and service last accessed information.
|
556
560
|
# @return [String]
|
557
561
|
#
|
558
562
|
# @!attribute [rw] end_time
|
559
|
-
# The end of the time range for which Access Analyzer reviews your
|
563
|
+
# The end of the time range for which IAM Access Analyzer reviews your
|
560
564
|
# CloudTrail events. Events with a timestamp after this time are not
|
561
565
|
# considered to generate a policy. If this is not included in the
|
562
566
|
# request, the default value is the current time.
|
563
567
|
# @return [Time]
|
564
568
|
#
|
565
569
|
# @!attribute [rw] start_time
|
566
|
-
# The start of the time range for which Access Analyzer reviews
|
567
|
-
# CloudTrail events. Events with a timestamp before this time are
|
568
|
-
# considered to generate a policy.
|
570
|
+
# The start of the time range for which IAM Access Analyzer reviews
|
571
|
+
# your CloudTrail events. Events with a timestamp before this time are
|
572
|
+
# not considered to generate a policy.
|
569
573
|
# @return [Time]
|
570
574
|
#
|
571
575
|
# @!attribute [rw] trails
|
@@ -586,16 +590,16 @@ module Aws::AccessAnalyzer
|
|
586
590
|
# Contains information about CloudTrail access.
|
587
591
|
#
|
588
592
|
# @!attribute [rw] end_time
|
589
|
-
# The end of the time range for which Access Analyzer reviews your
|
593
|
+
# The end of the time range for which IAM Access Analyzer reviews your
|
590
594
|
# CloudTrail events. Events with a timestamp after this time are not
|
591
595
|
# considered to generate a policy. If this is not included in the
|
592
596
|
# request, the default value is the current time.
|
593
597
|
# @return [Time]
|
594
598
|
#
|
595
599
|
# @!attribute [rw] start_time
|
596
|
-
# The start of the time range for which Access Analyzer reviews
|
597
|
-
# CloudTrail events. Events with a timestamp before this time are
|
598
|
-
# considered to generate a policy.
|
600
|
+
# The start of the time range for which IAM Access Analyzer reviews
|
601
|
+
# your CloudTrail events. Events with a timestamp before this time are
|
602
|
+
# not considered to generate a policy.
|
599
603
|
# @return [Time]
|
600
604
|
#
|
601
605
|
# @!attribute [rw] trail_properties
|
@@ -617,74 +621,9 @@ module Aws::AccessAnalyzer
|
|
617
621
|
# the configuration as a type-value pair. You can specify only one type
|
618
622
|
# of access control configuration.
|
619
623
|
#
|
620
|
-
# @note
|
621
|
-
# data as a hash:
|
624
|
+
# @note Configuration is a union - when making an API calls you must set exactly one of the members.
|
622
625
|
#
|
623
|
-
#
|
624
|
-
# iam_role: {
|
625
|
-
# trust_policy: "IamTrustPolicy",
|
626
|
-
# },
|
627
|
-
# kms_key: {
|
628
|
-
# grants: [
|
629
|
-
# {
|
630
|
-
# constraints: {
|
631
|
-
# encryption_context_equals: {
|
632
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
633
|
-
# },
|
634
|
-
# encryption_context_subset: {
|
635
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
636
|
-
# },
|
637
|
-
# },
|
638
|
-
# grantee_principal: "GranteePrincipal", # required
|
639
|
-
# issuing_account: "IssuingAccount", # required
|
640
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
641
|
-
# retiring_principal: "RetiringPrincipal",
|
642
|
-
# },
|
643
|
-
# ],
|
644
|
-
# key_policies: {
|
645
|
-
# "PolicyName" => "KmsKeyPolicy",
|
646
|
-
# },
|
647
|
-
# },
|
648
|
-
# s3_bucket: {
|
649
|
-
# access_points: {
|
650
|
-
# "AccessPointArn" => {
|
651
|
-
# access_point_policy: "AccessPointPolicy",
|
652
|
-
# network_origin: {
|
653
|
-
# internet_configuration: {
|
654
|
-
# },
|
655
|
-
# vpc_configuration: {
|
656
|
-
# vpc_id: "VpcId", # required
|
657
|
-
# },
|
658
|
-
# },
|
659
|
-
# public_access_block: {
|
660
|
-
# ignore_public_acls: false, # required
|
661
|
-
# restrict_public_buckets: false, # required
|
662
|
-
# },
|
663
|
-
# },
|
664
|
-
# },
|
665
|
-
# bucket_acl_grants: [
|
666
|
-
# {
|
667
|
-
# grantee: { # required
|
668
|
-
# id: "AclCanonicalId",
|
669
|
-
# uri: "AclUri",
|
670
|
-
# },
|
671
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
672
|
-
# },
|
673
|
-
# ],
|
674
|
-
# bucket_policy: "S3BucketPolicy",
|
675
|
-
# bucket_public_access_block: {
|
676
|
-
# ignore_public_acls: false, # required
|
677
|
-
# restrict_public_buckets: false, # required
|
678
|
-
# },
|
679
|
-
# },
|
680
|
-
# secrets_manager_secret: {
|
681
|
-
# kms_key_id: "SecretsManagerSecretKmsId",
|
682
|
-
# secret_policy: "SecretsManagerSecretPolicy",
|
683
|
-
# },
|
684
|
-
# sqs_queue: {
|
685
|
-
# queue_policy: "SqsQueuePolicy",
|
686
|
-
# },
|
687
|
-
# }
|
626
|
+
# @note Configuration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Configuration corresponding to the set member.
|
688
627
|
#
|
689
628
|
# @!attribute [rw] iam_role
|
690
629
|
# The access control configuration is for an IAM role.
|
@@ -703,7 +642,7 @@ module Aws::AccessAnalyzer
|
|
703
642
|
# @return [Types::SecretsManagerSecretConfiguration]
|
704
643
|
#
|
705
644
|
# @!attribute [rw] sqs_queue
|
706
|
-
# The access control configuration is for an SQS queue.
|
645
|
+
# The access control configuration is for an Amazon SQS queue.
|
707
646
|
# @return [Types::SqsQueueConfiguration]
|
708
647
|
#
|
709
648
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Configuration AWS API Documentation
|
@@ -713,9 +652,18 @@ module Aws::AccessAnalyzer
|
|
713
652
|
:kms_key,
|
714
653
|
:s3_bucket,
|
715
654
|
:secrets_manager_secret,
|
716
|
-
:sqs_queue
|
655
|
+
:sqs_queue,
|
656
|
+
:unknown)
|
717
657
|
SENSITIVE = []
|
718
658
|
include Aws::Structure
|
659
|
+
include Aws::Structure::Union
|
660
|
+
|
661
|
+
class IamRole < Configuration; end
|
662
|
+
class KmsKey < Configuration; end
|
663
|
+
class S3Bucket < Configuration; end
|
664
|
+
class SecretsManagerSecret < Configuration; end
|
665
|
+
class SqsQueue < Configuration; end
|
666
|
+
class Unknown < Configuration; end
|
719
667
|
end
|
720
668
|
|
721
669
|
# A conflict exception error.
|
@@ -1146,7 +1094,7 @@ module Aws::AccessAnalyzer
|
|
1146
1094
|
# @return [String]
|
1147
1095
|
#
|
1148
1096
|
# @!attribute [rw] resource_owner_account
|
1149
|
-
# The
|
1097
|
+
# The Amazon Web Services account ID that owns the resource.
|
1150
1098
|
# @return [String]
|
1151
1099
|
#
|
1152
1100
|
# @!attribute [rw] resource_type
|
@@ -1214,7 +1162,9 @@ module Aws::AccessAnalyzer
|
|
1214
1162
|
# granted. This is populated for Amazon S3 bucket findings.
|
1215
1163
|
#
|
1216
1164
|
# @!attribute [rw] access_point_arn
|
1217
|
-
# The ARN of the access point that generated the finding.
|
1165
|
+
# The ARN of the access point that generated the finding. The ARN
|
1166
|
+
# format depends on whether the ARN represents an access point or a
|
1167
|
+
# multi-region access point.
|
1218
1168
|
# @return [String]
|
1219
1169
|
#
|
1220
1170
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSourceDetail AWS API Documentation
|
@@ -1269,7 +1219,7 @@ module Aws::AccessAnalyzer
|
|
1269
1219
|
# @return [String]
|
1270
1220
|
#
|
1271
1221
|
# @!attribute [rw] resource_owner_account
|
1272
|
-
# The
|
1222
|
+
# The Amazon Web Services account ID that owns the resource.
|
1273
1223
|
# @return [String]
|
1274
1224
|
#
|
1275
1225
|
# @!attribute [rw] resource_type
|
@@ -1338,8 +1288,8 @@ module Aws::AccessAnalyzer
|
|
1338
1288
|
#
|
1339
1289
|
# @!attribute [rw] is_complete
|
1340
1290
|
# This value is set to `true` if the generated policy contains all
|
1341
|
-
# possible actions for a service that Access Analyzer identified
|
1342
|
-
# the CloudTrail trail that you specified, and `false` otherwise.
|
1291
|
+
# possible actions for a service that IAM Access Analyzer identified
|
1292
|
+
# from the CloudTrail trail that you specified, and `false` otherwise.
|
1343
1293
|
# @return [Boolean]
|
1344
1294
|
#
|
1345
1295
|
# @!attribute [rw] principal_arn
|
@@ -1457,8 +1407,8 @@ module Aws::AccessAnalyzer
|
|
1457
1407
|
# The response to the request.
|
1458
1408
|
#
|
1459
1409
|
# @!attribute [rw] resource
|
1460
|
-
# An `AnalyzedResource` object that contains information that
|
1461
|
-
# Analyzer found when it analyzed the resource.
|
1410
|
+
# An `AnalyzedResource` object that contains information that IAM
|
1411
|
+
# Access Analyzer found when it analyzed the resource.
|
1462
1412
|
# @return [Types::AnalyzedResource]
|
1463
1413
|
#
|
1464
1414
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzedResourceResponse AWS API Documentation
|
@@ -1614,8 +1564,9 @@ module Aws::AccessAnalyzer
|
|
1614
1564
|
# The level of detail that you want to generate. You can specify
|
1615
1565
|
# whether to generate service-level policies.
|
1616
1566
|
#
|
1617
|
-
# Access Analyzer uses `iam:servicelastaccessed` to identify
|
1618
|
-
# that have been used recently to create this service-level
|
1567
|
+
# IAM Access Analyzer uses `iam:servicelastaccessed` to identify
|
1568
|
+
# services that have been used recently to create this service-level
|
1569
|
+
# template.
|
1619
1570
|
# @return [Boolean]
|
1620
1571
|
#
|
1621
1572
|
# @!attribute [rw] job_id
|
@@ -1740,8 +1691,8 @@ module Aws::AccessAnalyzer
|
|
1740
1691
|
include Aws::Structure
|
1741
1692
|
end
|
1742
1693
|
|
1743
|
-
# This configuration sets the
|
1744
|
-
# `Internet`.
|
1694
|
+
# This configuration sets the network origin for the Amazon S3 access
|
1695
|
+
# point or multi-region access point to `Internet`.
|
1745
1696
|
#
|
1746
1697
|
# @api private
|
1747
1698
|
#
|
@@ -1756,7 +1707,7 @@ module Aws::AccessAnalyzer
|
|
1756
1707
|
# @return [Time]
|
1757
1708
|
#
|
1758
1709
|
# @!attribute [rw] job_error
|
1759
|
-
#
|
1710
|
+
# The job error for the policy generation request.
|
1760
1711
|
# @return [Types::JobError]
|
1761
1712
|
#
|
1762
1713
|
# @!attribute [rw] job_id
|
@@ -1848,9 +1799,9 @@ module Aws::AccessAnalyzer
|
|
1848
1799
|
# @return [String]
|
1849
1800
|
#
|
1850
1801
|
# @!attribute [rw] issuing_account
|
1851
|
-
# The
|
1852
|
-
# used to propose KMS grants issued by accounts other
|
1853
|
-
# of the key.
|
1802
|
+
# The Amazon Web Services account under which the grant was issued.
|
1803
|
+
# The account is used to propose KMS grants issued by accounts other
|
1804
|
+
# than the owner of the key.
|
1854
1805
|
# @return [String]
|
1855
1806
|
#
|
1856
1807
|
# @!attribute [rw] operations
|
@@ -2481,7 +2432,8 @@ module Aws::AccessAnalyzer
|
|
2481
2432
|
end
|
2482
2433
|
|
2483
2434
|
# The proposed `InternetConfiguration` or `VpcConfiguration` to apply to
|
2484
|
-
# the Amazon S3
|
2435
|
+
# the Amazon S3 access point. `VpcConfiguration` does not apply to
|
2436
|
+
# multi-region access points. You can make the access point accessible
|
2485
2437
|
# from the internet, or you can specify that all requests made through
|
2486
2438
|
# that access point must originate from a specific virtual private cloud
|
2487
2439
|
# (VPC). You can specify only one type of network configuration. For
|
@@ -2491,25 +2443,19 @@ module Aws::AccessAnalyzer
|
|
2491
2443
|
#
|
2492
2444
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
|
2493
2445
|
#
|
2494
|
-
# @note
|
2495
|
-
# data as a hash:
|
2446
|
+
# @note NetworkOriginConfiguration is a union - when making an API calls you must set exactly one of the members.
|
2496
2447
|
#
|
2497
|
-
#
|
2498
|
-
# internet_configuration: {
|
2499
|
-
# },
|
2500
|
-
# vpc_configuration: {
|
2501
|
-
# vpc_id: "VpcId", # required
|
2502
|
-
# },
|
2503
|
-
# }
|
2448
|
+
# @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
|
2504
2449
|
#
|
2505
2450
|
# @!attribute [rw] internet_configuration
|
2506
|
-
# The configuration for the Amazon S3 access point
|
2507
|
-
# origin.
|
2451
|
+
# The configuration for the Amazon S3 access point or multi-region
|
2452
|
+
# access point with an `Internet` origin.
|
2508
2453
|
# @return [Types::InternetConfiguration]
|
2509
2454
|
#
|
2510
2455
|
# @!attribute [rw] vpc_configuration
|
2511
2456
|
# The proposed virtual private cloud (VPC) configuration for the
|
2512
|
-
# Amazon S3 access point.
|
2457
|
+
# Amazon S3 access point. VPC configuration does not apply to
|
2458
|
+
# multi-region access points. For more information, see
|
2513
2459
|
# [VpcConfiguration][1].
|
2514
2460
|
#
|
2515
2461
|
#
|
@@ -2521,14 +2467,22 @@ module Aws::AccessAnalyzer
|
|
2521
2467
|
#
|
2522
2468
|
class NetworkOriginConfiguration < Struct.new(
|
2523
2469
|
:internet_configuration,
|
2524
|
-
:vpc_configuration
|
2470
|
+
:vpc_configuration,
|
2471
|
+
:unknown)
|
2525
2472
|
SENSITIVE = []
|
2526
2473
|
include Aws::Structure
|
2474
|
+
include Aws::Structure::Union
|
2475
|
+
|
2476
|
+
class InternetConfiguration < NetworkOriginConfiguration; end
|
2477
|
+
class VpcConfiguration < NetworkOriginConfiguration; end
|
2478
|
+
class Unknown < NetworkOriginConfiguration; end
|
2527
2479
|
end
|
2528
2480
|
|
2529
2481
|
# A single element in a path through the JSON representation of a
|
2530
2482
|
# policy.
|
2531
2483
|
#
|
2484
|
+
# @note PathElement is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of PathElement corresponding to the set member.
|
2485
|
+
#
|
2532
2486
|
# @!attribute [rw] index
|
2533
2487
|
# Refers to an index in a JSON array.
|
2534
2488
|
# @return [Integer]
|
@@ -2551,9 +2505,17 @@ module Aws::AccessAnalyzer
|
|
2551
2505
|
:index,
|
2552
2506
|
:key,
|
2553
2507
|
:substring,
|
2554
|
-
:value
|
2508
|
+
:value,
|
2509
|
+
:unknown)
|
2555
2510
|
SENSITIVE = []
|
2556
2511
|
include Aws::Structure
|
2512
|
+
include Aws::Structure::Union
|
2513
|
+
|
2514
|
+
class Index < PathElement; end
|
2515
|
+
class Key < PathElement; end
|
2516
|
+
class Substring < PathElement; end
|
2517
|
+
class Value < PathElement; end
|
2518
|
+
class Unknown < PathElement; end
|
2557
2519
|
end
|
2558
2520
|
|
2559
2521
|
# Contains details about the policy generation status and properties.
|
@@ -2665,9 +2627,10 @@ module Aws::AccessAnalyzer
|
|
2665
2627
|
include Aws::Structure
|
2666
2628
|
end
|
2667
2629
|
|
2668
|
-
# The configuration for an Amazon S3 access point
|
2669
|
-
# can propose up to 10 access points
|
2670
|
-
#
|
2630
|
+
# The configuration for an Amazon S3 access point or multi-region access
|
2631
|
+
# point for the bucket. You can propose up to 10 access points or
|
2632
|
+
# multi-region access points per bucket. If the proposed Amazon S3
|
2633
|
+
# access point configuration is for an existing bucket, the access
|
2671
2634
|
# preview uses the proposed access point configuration in place of the
|
2672
2635
|
# existing access points. To propose an access point without a policy,
|
2673
2636
|
# you can provide an empty string as the access point policy. For more
|
@@ -2699,21 +2662,22 @@ module Aws::AccessAnalyzer
|
|
2699
2662
|
# }
|
2700
2663
|
#
|
2701
2664
|
# @!attribute [rw] access_point_policy
|
2702
|
-
# The access point policy.
|
2665
|
+
# The access point or multi-region access point policy.
|
2703
2666
|
# @return [String]
|
2704
2667
|
#
|
2705
2668
|
# @!attribute [rw] network_origin
|
2706
2669
|
# The proposed `Internet` and `VpcConfiguration` to apply to this
|
2707
|
-
# Amazon S3 access point.
|
2708
|
-
#
|
2709
|
-
#
|
2710
|
-
#
|
2711
|
-
#
|
2670
|
+
# Amazon S3 access point. `VpcConfiguration` does not apply to
|
2671
|
+
# multi-region access points. If the access preview is for a new
|
2672
|
+
# resource and neither is specified, the access preview uses
|
2673
|
+
# `Internet` for the network origin. If the access preview is for an
|
2674
|
+
# existing resource and neither is specified, the access preview uses
|
2675
|
+
# the exiting network origin.
|
2712
2676
|
# @return [Types::NetworkOriginConfiguration]
|
2713
2677
|
#
|
2714
2678
|
# @!attribute [rw] public_access_block
|
2715
2679
|
# The proposed `S3PublicAccessBlock` configuration to apply to this
|
2716
|
-
# Amazon S3
|
2680
|
+
# Amazon S3 access point or multi-region access point.
|
2717
2681
|
# @return [Types::S3PublicAccessBlockConfiguration]
|
2718
2682
|
#
|
2719
2683
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3AccessPointConfiguration AWS API Documentation
|
@@ -2764,15 +2728,16 @@ module Aws::AccessAnalyzer
|
|
2764
2728
|
# Proposed access control configuration for an Amazon S3 bucket. You can
|
2765
2729
|
# propose a configuration for a new Amazon S3 bucket or an existing
|
2766
2730
|
# Amazon S3 bucket that you own by specifying the Amazon S3 bucket
|
2767
|
-
# policy, bucket ACLs, bucket BPA settings,
|
2768
|
-
# attached to the bucket. If the
|
2769
|
-
#
|
2770
|
-
#
|
2771
|
-
#
|
2772
|
-
#
|
2773
|
-
#
|
2774
|
-
# specify an empty string. For
|
2775
|
-
# limits, see [Bucket Policy
|
2731
|
+
# policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and
|
2732
|
+
# multi-region access points attached to the bucket. If the
|
2733
|
+
# configuration is for an existing Amazon S3 bucket and you do not
|
2734
|
+
# specify the Amazon S3 bucket policy, the access preview uses the
|
2735
|
+
# existing policy attached to the bucket. If the access preview is for a
|
2736
|
+
# new resource and you do not specify the Amazon S3 bucket policy, the
|
2737
|
+
# access preview assumes a bucket without a policy. To propose deletion
|
2738
|
+
# of an existing bucket policy, you can specify an empty string. For
|
2739
|
+
# more information about bucket policy limits, see [Bucket Policy
|
2740
|
+
# Examples][1].
|
2776
2741
|
#
|
2777
2742
|
#
|
2778
2743
|
#
|
@@ -2815,7 +2780,9 @@ module Aws::AccessAnalyzer
|
|
2815
2780
|
# }
|
2816
2781
|
#
|
2817
2782
|
# @!attribute [rw] access_points
|
2818
|
-
# The configuration of Amazon S3 access points
|
2783
|
+
# The configuration of Amazon S3 access points or multi-region access
|
2784
|
+
# points for the bucket. You can propose up to 10 new access points
|
2785
|
+
# per bucket.
|
2819
2786
|
# @return [Hash<String,Types::S3AccessPointConfiguration>]
|
2820
2787
|
#
|
2821
2788
|
# @!attribute [rw] bucket_acl_grants
|
@@ -2852,10 +2819,10 @@ module Aws::AccessAnalyzer
|
|
2852
2819
|
# bucket and the configuration is not specified, the access preview uses
|
2853
2820
|
# the existing setting. If the proposed configuration is for a new
|
2854
2821
|
# bucket and the configuration is not specified, the access preview uses
|
2855
|
-
# `false`. If the proposed configuration is for a new access point
|
2856
|
-
# the access point BPA configuration is
|
2857
|
-
# preview uses `true`. For more information,
|
2858
|
-
# [PublicAccessBlockConfiguration][1].
|
2822
|
+
# `false`. If the proposed configuration is for a new access point or
|
2823
|
+
# multi-region access point and the access point BPA configuration is
|
2824
|
+
# not specified, the access preview uses `true`. For more information,
|
2825
|
+
# see [PublicAccessBlockConfiguration][1].
|
2859
2826
|
#
|
2860
2827
|
#
|
2861
2828
|
#
|
@@ -2900,10 +2867,10 @@ module Aws::AccessAnalyzer
|
|
2900
2867
|
# without a policy. To propose deletion of an existing policy, you can
|
2901
2868
|
# specify an empty string. If the proposed configuration is for a new
|
2902
2869
|
# secret and you do not specify the KMS key ID, the access preview uses
|
2903
|
-
# the default CMK of the
|
2904
|
-
# the KMS key ID, the access preview uses the default
|
2905
|
-
# account. For more information about
|
2906
|
-
# for
|
2870
|
+
# the default CMK of the Amazon Web Services account. If you specify an
|
2871
|
+
# empty string for the KMS key ID, the access preview uses the default
|
2872
|
+
# CMK of the Amazon Web Services account. For more information about
|
2873
|
+
# secret policy limits, see [Quotas for Secrets Manager.][2].
|
2907
2874
|
#
|
2908
2875
|
#
|
2909
2876
|
#
|
@@ -2919,8 +2886,8 @@ module Aws::AccessAnalyzer
|
|
2919
2886
|
# }
|
2920
2887
|
#
|
2921
2888
|
# @!attribute [rw] kms_key_id
|
2922
|
-
# The proposed ARN, key ID, or alias of the
|
2923
|
-
#
|
2889
|
+
# The proposed ARN, key ID, or alias of the KMS customer master key
|
2890
|
+
# (CMK).
|
2924
2891
|
# @return [String]
|
2925
2892
|
#
|
2926
2893
|
# @!attribute [rw] secret_policy
|
@@ -3007,15 +2974,16 @@ module Aws::AccessAnalyzer
|
|
3007
2974
|
include Aws::Structure
|
3008
2975
|
end
|
3009
2976
|
|
3010
|
-
# The proposed access control configuration for an SQS queue. You
|
3011
|
-
# propose a configuration for a new SQS queue or an existing
|
3012
|
-
# that you own by specifying the SQS policy. If
|
3013
|
-
# an existing SQS queue and you do not
|
3014
|
-
#
|
3015
|
-
#
|
3016
|
-
#
|
3017
|
-
#
|
3018
|
-
#
|
2977
|
+
# The proposed access control configuration for an Amazon SQS queue. You
|
2978
|
+
# can propose a configuration for a new Amazon SQS queue or an existing
|
2979
|
+
# Amazon SQS queue that you own by specifying the Amazon SQS policy. If
|
2980
|
+
# the configuration is for an existing Amazon SQS queue and you do not
|
2981
|
+
# specify the Amazon SQS policy, the access preview uses the existing
|
2982
|
+
# Amazon SQS policy for the queue. If the access preview is for a new
|
2983
|
+
# resource and you do not specify the policy, the access preview assumes
|
2984
|
+
# an Amazon SQS queue without a policy. To propose deletion of an
|
2985
|
+
# existing Amazon SQS queue policy, you can specify an empty string for
|
2986
|
+
# the Amazon SQS policy. For more information about Amazon SQS policy
|
3019
2987
|
# limits, see [Quotas related to policies][1].
|
3020
2988
|
#
|
3021
2989
|
#
|
@@ -3030,7 +2998,7 @@ module Aws::AccessAnalyzer
|
|
3030
2998
|
# }
|
3031
2999
|
#
|
3032
3000
|
# @!attribute [rw] queue_policy
|
3033
|
-
# The proposed resource policy for the SQS queue.
|
3001
|
+
# The proposed resource policy for the Amazon SQS queue.
|
3034
3002
|
# @return [String]
|
3035
3003
|
#
|
3036
3004
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/SqsQueueConfiguration AWS API Documentation
|
@@ -3072,7 +3040,7 @@ module Aws::AccessAnalyzer
|
|
3072
3040
|
# and they have no additional effect.
|
3073
3041
|
#
|
3074
3042
|
# If you do not specify a client token, one is automatically generated
|
3075
|
-
# by the
|
3043
|
+
# by the Amazon Web Services SDK.
|
3076
3044
|
#
|
3077
3045
|
# **A suitable default value is auto-generated.** You should normally
|
3078
3046
|
# not need to pass this option.
|
@@ -3149,7 +3117,7 @@ module Aws::AccessAnalyzer
|
|
3149
3117
|
# example, if the creation for the analyzer fails, a `Failed` status is
|
3150
3118
|
# returned. For an analyzer with organization as the type, this failure
|
3151
3119
|
# can be due to an issue with creating the service-linked roles required
|
3152
|
-
# in the member accounts of the
|
3120
|
+
# in the member accounts of the Amazon Web Services organization.
|
3153
3121
|
#
|
3154
3122
|
# @!attribute [rw] code
|
3155
3123
|
# The reason code for the current status of the analyzer.
|
@@ -3248,7 +3216,7 @@ module Aws::AccessAnalyzer
|
|
3248
3216
|
# }
|
3249
3217
|
#
|
3250
3218
|
# @!attribute [rw] all_regions
|
3251
|
-
# Possible values are `true` or `false`. If set to `true`, Access
|
3219
|
+
# Possible values are `true` or `false`. If set to `true`, IAM Access
|
3252
3220
|
# Analyzer retrieves CloudTrail data from all regions to analyze and
|
3253
3221
|
# generate a policy.
|
3254
3222
|
# @return [Boolean]
|
@@ -3277,7 +3245,7 @@ module Aws::AccessAnalyzer
|
|
3277
3245
|
# a policy.
|
3278
3246
|
#
|
3279
3247
|
# @!attribute [rw] all_regions
|
3280
|
-
# Possible values are `true` or `false`. If set to `true`, Access
|
3248
|
+
# Possible values are `true` or `false`. If set to `true`, IAM Access
|
3281
3249
|
# Analyzer retrieves CloudTrail data from all regions to analyze and
|
3282
3250
|
# generate a policy.
|
3283
3251
|
# @return [Boolean]
|
@@ -3521,14 +3489,14 @@ module Aws::AccessAnalyzer
|
|
3521
3489
|
# The type of policy to validate. Identity policies grant permissions
|
3522
3490
|
# to IAM principals. Identity policies include managed and inline
|
3523
3491
|
# policies for IAM roles, users, and groups. They also include
|
3524
|
-
# service-control policies (SCPs) that are attached to an
|
3525
|
-
# organization, organizational unit (OU), or an account.
|
3492
|
+
# service-control policies (SCPs) that are attached to an Amazon Web
|
3493
|
+
# Services organization, organizational unit (OU), or an account.
|
3526
3494
|
#
|
3527
|
-
# Resource policies grant permissions on
|
3528
|
-
# policies include trust policies for IAM roles
|
3529
|
-
# for S3 buckets. You can provide a generic
|
3530
|
-
# policy or resource policy or a specific input
|
3531
|
-
# or S3 bucket policy.
|
3495
|
+
# Resource policies grant permissions on Amazon Web Services
|
3496
|
+
# resources. Resource policies include trust policies for IAM roles
|
3497
|
+
# and bucket policies for Amazon S3 buckets. You can provide a generic
|
3498
|
+
# input such as identity policy or resource policy or a specific input
|
3499
|
+
# such as managed policy or Amazon S3 bucket policy.
|
3532
3500
|
# @return [String]
|
3533
3501
|
#
|
3534
3502
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyRequest AWS API Documentation
|
@@ -3544,8 +3512,8 @@ module Aws::AccessAnalyzer
|
|
3544
3512
|
end
|
3545
3513
|
|
3546
3514
|
# @!attribute [rw] findings
|
3547
|
-
# The list of findings in a policy returned by Access Analyzer
|
3548
|
-
# on its suite of policy checks.
|
3515
|
+
# The list of findings in a policy returned by IAM Access Analyzer
|
3516
|
+
# based on its suite of policy checks.
|
3549
3517
|
# @return [Array<Types::ValidatePolicyFinding>]
|
3550
3518
|
#
|
3551
3519
|
# @!attribute [rw] next_token
|
@@ -3604,7 +3572,8 @@ module Aws::AccessAnalyzer
|
|
3604
3572
|
end
|
3605
3573
|
|
3606
3574
|
# The proposed virtual private cloud (VPC) configuration for the Amazon
|
3607
|
-
# S3 access point.
|
3575
|
+
# S3 access point. VPC configuration does not apply to multi-region
|
3576
|
+
# access points. For more information, see [VpcConfiguration][1].
|
3608
3577
|
#
|
3609
3578
|
#
|
3610
3579
|
#
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-accessanalyzer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.23.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-09-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.120.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.120.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
@@ -76,15 +76,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
76
76
|
requirements:
|
77
77
|
- - ">="
|
78
78
|
- !ruby/object:Gem::Version
|
79
|
-
version: '
|
79
|
+
version: '2.3'
|
80
80
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
81
81
|
requirements:
|
82
82
|
- - ">="
|
83
83
|
- !ruby/object:Gem::Version
|
84
84
|
version: '0'
|
85
85
|
requirements: []
|
86
|
-
|
87
|
-
rubygems_version: 2.7.6.2
|
86
|
+
rubygems_version: 3.1.6
|
88
87
|
signing_key:
|
89
88
|
specification_version: 4
|
90
89
|
summary: AWS SDK for Ruby - Access Analyzer
|