aws-sdk-accessanalyzer 1.21.0 → 1.25.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +31 -20
- data/lib/aws-sdk-accessanalyzer/types.rb +112 -98
- data/lib/aws-sdk-accessanalyzer.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c1f609a49569e581f43729ba536059295d99accec3f3cec802bae646e2dccb78
|
4
|
+
data.tar.gz: 250721619bac6f9546fc706ef9a7acbfd65049189e8f5e5a83ac30ed67934a7a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e1eba15a8f18c067a4ff706c8bdeabeea4521a5de980c5b126f0f85e78ae41a3c6acd439570c73ba025b5ef9083f9cb41f555e4c244f337809423ea099082672
|
7
|
+
data.tar.gz: d2f851355c995c91957e2951501866c2b7a31f01bd4352a51c37411781929dbf94cddf20d7fb1fc5f1677ab5b25e23296a325a84886b7f2137349656981d0682
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,26 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.25.0 (2021-11-04)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
8
|
+
|
9
|
+
1.24.0 (2021-10-18)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
13
|
+
|
14
|
+
1.23.0 (2021-09-02)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Feature - Updates service API, documentation, and paginators to support multi-region access points from Amazon S3.
|
18
|
+
|
19
|
+
1.22.0 (2021-09-01)
|
20
|
+
------------------
|
21
|
+
|
22
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
23
|
+
|
4
24
|
1.21.0 (2021-07-30)
|
5
25
|
------------------
|
6
26
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.25.0
|
@@ -275,6 +275,15 @@ module Aws::AccessAnalyzer
|
|
275
275
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
276
276
|
# requests are made, and retries are disabled.
|
277
277
|
#
|
278
|
+
# @option options [Boolean] :use_dualstack_endpoint
|
279
|
+
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
280
|
+
# will be used if available.
|
281
|
+
#
|
282
|
+
# @option options [Boolean] :use_fips_endpoint
|
283
|
+
# When set to `true`, fips compatible endpoints will be used if available.
|
284
|
+
# When a `fips` region is used, the region is normalized and this config
|
285
|
+
# is set to `true`.
|
286
|
+
#
|
278
287
|
# @option options [Boolean] :validate_params (true)
|
279
288
|
# When `true`, request parameters are validated before
|
280
289
|
# sending the request.
|
@@ -386,8 +395,9 @@ module Aws::AccessAnalyzer
|
|
386
395
|
req.send_request(options)
|
387
396
|
end
|
388
397
|
|
389
|
-
# Creates an access preview that allows you to preview Access
|
390
|
-
# findings for your resource before deploying resource
|
398
|
+
# Creates an access preview that allows you to preview IAM Access
|
399
|
+
# Analyzer findings for your resource before deploying resource
|
400
|
+
# permissions.
|
391
401
|
#
|
392
402
|
# @option params [required, String] :analyzer_arn
|
393
403
|
# The [ARN of the account analyzer][1] used to generate the access
|
@@ -573,7 +583,7 @@ module Aws::AccessAnalyzer
|
|
573
583
|
# when you create the rule.
|
574
584
|
#
|
575
585
|
# To learn about filter keys that you can use to create an archive rule,
|
576
|
-
# see [Access Analyzer filter keys][1] in the **IAM User Guide**.
|
586
|
+
# see [IAM Access Analyzer filter keys][1] in the **IAM User Guide**.
|
577
587
|
#
|
578
588
|
#
|
579
589
|
#
|
@@ -621,10 +631,10 @@ module Aws::AccessAnalyzer
|
|
621
631
|
req.send_request(options)
|
622
632
|
end
|
623
633
|
|
624
|
-
# Deletes the specified analyzer. When you delete an analyzer,
|
625
|
-
# Analyzer is disabled for the account or organization in the
|
626
|
-
# specific Region. All findings that were generated by the
|
627
|
-
# deleted. You cannot undo this action.
|
634
|
+
# Deletes the specified analyzer. When you delete an analyzer, IAM
|
635
|
+
# Access Analyzer is disabled for the account or organization in the
|
636
|
+
# current or specific Region. All findings that were generated by the
|
637
|
+
# analyzer are deleted. You cannot undo this action.
|
628
638
|
#
|
629
639
|
# @option params [required, String] :analyzer_name
|
630
640
|
# The name of the analyzer to delete.
|
@@ -845,7 +855,7 @@ module Aws::AccessAnalyzer
|
|
845
855
|
# Retrieves information about an archive rule.
|
846
856
|
#
|
847
857
|
# To learn about filter keys that you can use to create an archive rule,
|
848
|
-
# see [Access Analyzer filter keys][1] in the **IAM User Guide**.
|
858
|
+
# see [IAM Access Analyzer filter keys][1] in the **IAM User Guide**.
|
849
859
|
#
|
850
860
|
#
|
851
861
|
#
|
@@ -960,8 +970,9 @@ module Aws::AccessAnalyzer
|
|
960
970
|
# The level of detail that you want to generate. You can specify whether
|
961
971
|
# to generate service-level policies.
|
962
972
|
#
|
963
|
-
# Access Analyzer uses `iam:servicelastaccessed` to identify
|
964
|
-
# that have been used recently to create this service-level
|
973
|
+
# IAM Access Analyzer uses `iam:servicelastaccessed` to identify
|
974
|
+
# services that have been used recently to create this service-level
|
975
|
+
# template.
|
965
976
|
#
|
966
977
|
# @option params [required, String] :job_id
|
967
978
|
# The `JobId` that is returned by the `StartPolicyGeneration` operation.
|
@@ -1297,7 +1308,7 @@ module Aws::AccessAnalyzer
|
|
1297
1308
|
# Retrieves a list of findings generated by the specified analyzer.
|
1298
1309
|
#
|
1299
1310
|
# To learn about filter keys that you can use to retrieve a list of
|
1300
|
-
# findings, see [Access Analyzer filter keys][1] in the **IAM User
|
1311
|
+
# findings, see [IAM Access Analyzer filter keys][1] in the **IAM User
|
1301
1312
|
# Guide**.
|
1302
1313
|
#
|
1303
1314
|
#
|
@@ -1470,7 +1481,7 @@ module Aws::AccessAnalyzer
|
|
1470
1481
|
# and they have no additional effect.
|
1471
1482
|
#
|
1472
1483
|
# If you do not specify a client token, one is automatically generated
|
1473
|
-
# by the
|
1484
|
+
# by the Amazon Web Services SDK.
|
1474
1485
|
#
|
1475
1486
|
# **A suitable default value is auto-generated.** You should normally
|
1476
1487
|
# not need to pass this option.**
|
@@ -1720,14 +1731,14 @@ module Aws::AccessAnalyzer
|
|
1720
1731
|
# The type of policy to validate. Identity policies grant permissions to
|
1721
1732
|
# IAM principals. Identity policies include managed and inline policies
|
1722
1733
|
# for IAM roles, users, and groups. They also include service-control
|
1723
|
-
# policies (SCPs) that are attached to an
|
1724
|
-
# organizational unit (OU), or an account.
|
1734
|
+
# policies (SCPs) that are attached to an Amazon Web Services
|
1735
|
+
# organization, organizational unit (OU), or an account.
|
1725
1736
|
#
|
1726
|
-
# Resource policies grant permissions on
|
1727
|
-
# policies include trust policies for IAM roles and bucket
|
1728
|
-
# S3 buckets. You can provide a generic input such
|
1729
|
-
# resource policy or a specific input such as
|
1730
|
-
# bucket policy.
|
1737
|
+
# Resource policies grant permissions on Amazon Web Services resources.
|
1738
|
+
# Resource policies include trust policies for IAM roles and bucket
|
1739
|
+
# policies for Amazon S3 buckets. You can provide a generic input such
|
1740
|
+
# as identity policy or resource policy or a specific input such as
|
1741
|
+
# managed policy or Amazon S3 bucket policy.
|
1731
1742
|
#
|
1732
1743
|
# @return [Types::ValidatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1733
1744
|
#
|
@@ -1790,7 +1801,7 @@ module Aws::AccessAnalyzer
|
|
1790
1801
|
params: params,
|
1791
1802
|
config: config)
|
1792
1803
|
context[:gem_name] = 'aws-sdk-accessanalyzer'
|
1793
|
-
context[:gem_version] = '1.
|
1804
|
+
context[:gem_version] = '1.25.0'
|
1794
1805
|
Seahorse::Client::Request.new(handlers, context)
|
1795
1806
|
end
|
1796
1807
|
|
@@ -83,7 +83,7 @@ module Aws::AccessAnalyzer
|
|
83
83
|
#
|
84
84
|
# @!attribute [rw] change_type
|
85
85
|
# Provides context on how the access preview finding compares to
|
86
|
-
# existing access identified in Access Analyzer.
|
86
|
+
# existing access identified in IAM Access Analyzer.
|
87
87
|
#
|
88
88
|
# * `New` - The finding is for newly-introduced access.
|
89
89
|
#
|
@@ -113,8 +113,8 @@ module Aws::AccessAnalyzer
|
|
113
113
|
# @return [String]
|
114
114
|
#
|
115
115
|
# @!attribute [rw] existing_finding_id
|
116
|
-
# The existing ID of the finding in Access Analyzer, provided only
|
117
|
-
# existing findings.
|
116
|
+
# The existing ID of the finding in IAM Access Analyzer, provided only
|
117
|
+
# for existing findings.
|
118
118
|
# @return [String]
|
119
119
|
#
|
120
120
|
# @!attribute [rw] existing_finding_status
|
@@ -144,8 +144,9 @@ module Aws::AccessAnalyzer
|
|
144
144
|
# @return [String]
|
145
145
|
#
|
146
146
|
# @!attribute [rw] resource_owner_account
|
147
|
-
# The
|
148
|
-
# the owning account is the account in
|
147
|
+
# The Amazon Web Services account ID that owns the resource. For most
|
148
|
+
# Amazon Web Services resources, the owning account is the account in
|
149
|
+
# which the resource was created.
|
149
150
|
# @return [String]
|
150
151
|
#
|
151
152
|
# @!attribute [rw] resource_type
|
@@ -263,7 +264,8 @@ module Aws::AccessAnalyzer
|
|
263
264
|
# @note AclGrantee is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of AclGrantee corresponding to the set member.
|
264
265
|
#
|
265
266
|
# @!attribute [rw] id
|
266
|
-
# The value specified is the canonical user ID of an
|
267
|
+
# The value specified is the canonical user ID of an Amazon Web
|
268
|
+
# Services account.
|
267
269
|
# @return [String]
|
268
270
|
#
|
269
271
|
# @!attribute [rw] uri
|
@@ -314,7 +316,7 @@ module Aws::AccessAnalyzer
|
|
314
316
|
# @return [String]
|
315
317
|
#
|
316
318
|
# @!attribute [rw] resource_owner_account
|
317
|
-
# The
|
319
|
+
# The Amazon Web Services account ID that owns the resource.
|
318
320
|
# @return [String]
|
319
321
|
#
|
320
322
|
# @!attribute [rw] resource_type
|
@@ -360,7 +362,7 @@ module Aws::AccessAnalyzer
|
|
360
362
|
# @return [String]
|
361
363
|
#
|
362
364
|
# @!attribute [rw] resource_owner_account
|
363
|
-
# The
|
365
|
+
# The Amazon Web Services account ID that owns the resource.
|
364
366
|
# @return [String]
|
365
367
|
#
|
366
368
|
# @!attribute [rw] resource_type
|
@@ -403,10 +405,10 @@ module Aws::AccessAnalyzer
|
|
403
405
|
# The status of the analyzer. An `Active` analyzer successfully
|
404
406
|
# monitors supported resources and generates new findings. The
|
405
407
|
# analyzer is `Disabled` when a user action, such as removing trusted
|
406
|
-
# access for
|
407
|
-
# the analyzer to stop generating new findings.
|
408
|
-
# `Creating` when the analyzer creation is in progress
|
409
|
-
# when the analyzer creation has failed.
|
408
|
+
# access for Identity and Access Management Access Analyzer from
|
409
|
+
# Organizations, causes the analyzer to stop generating new findings.
|
410
|
+
# The status is `Creating` when the analyzer creation is in progress
|
411
|
+
# and `Failed` when the analyzer creation has failed.
|
410
412
|
# @return [String]
|
411
413
|
#
|
412
414
|
# @!attribute [rw] status_reason
|
@@ -414,8 +416,8 @@ module Aws::AccessAnalyzer
|
|
414
416
|
# the analyzer. For example, if the creation for the analyzer fails, a
|
415
417
|
# `Failed` status is returned. For an analyzer with organization as
|
416
418
|
# the type, this failure can be due to an issue with creating the
|
417
|
-
# service-linked roles required in the member accounts of the
|
418
|
-
# organization.
|
419
|
+
# service-linked roles required in the member accounts of the Amazon
|
420
|
+
# Web Services organization.
|
419
421
|
# @return [Types::StatusReason]
|
420
422
|
#
|
421
423
|
# @!attribute [rw] tags
|
@@ -553,21 +555,21 @@ module Aws::AccessAnalyzer
|
|
553
555
|
# }
|
554
556
|
#
|
555
557
|
# @!attribute [rw] access_role
|
556
|
-
# The ARN of the service role that Access Analyzer uses to access
|
557
|
-
# CloudTrail trail and service last accessed information.
|
558
|
+
# The ARN of the service role that IAM Access Analyzer uses to access
|
559
|
+
# your CloudTrail trail and service last accessed information.
|
558
560
|
# @return [String]
|
559
561
|
#
|
560
562
|
# @!attribute [rw] end_time
|
561
|
-
# The end of the time range for which Access Analyzer reviews your
|
563
|
+
# The end of the time range for which IAM Access Analyzer reviews your
|
562
564
|
# CloudTrail events. Events with a timestamp after this time are not
|
563
565
|
# considered to generate a policy. If this is not included in the
|
564
566
|
# request, the default value is the current time.
|
565
567
|
# @return [Time]
|
566
568
|
#
|
567
569
|
# @!attribute [rw] start_time
|
568
|
-
# The start of the time range for which Access Analyzer reviews
|
569
|
-
# CloudTrail events. Events with a timestamp before this time are
|
570
|
-
# considered to generate a policy.
|
570
|
+
# The start of the time range for which IAM Access Analyzer reviews
|
571
|
+
# your CloudTrail events. Events with a timestamp before this time are
|
572
|
+
# not considered to generate a policy.
|
571
573
|
# @return [Time]
|
572
574
|
#
|
573
575
|
# @!attribute [rw] trails
|
@@ -588,16 +590,16 @@ module Aws::AccessAnalyzer
|
|
588
590
|
# Contains information about CloudTrail access.
|
589
591
|
#
|
590
592
|
# @!attribute [rw] end_time
|
591
|
-
# The end of the time range for which Access Analyzer reviews your
|
593
|
+
# The end of the time range for which IAM Access Analyzer reviews your
|
592
594
|
# CloudTrail events. Events with a timestamp after this time are not
|
593
595
|
# considered to generate a policy. If this is not included in the
|
594
596
|
# request, the default value is the current time.
|
595
597
|
# @return [Time]
|
596
598
|
#
|
597
599
|
# @!attribute [rw] start_time
|
598
|
-
# The start of the time range for which Access Analyzer reviews
|
599
|
-
# CloudTrail events. Events with a timestamp before this time are
|
600
|
-
# considered to generate a policy.
|
600
|
+
# The start of the time range for which IAM Access Analyzer reviews
|
601
|
+
# your CloudTrail events. Events with a timestamp before this time are
|
602
|
+
# not considered to generate a policy.
|
601
603
|
# @return [Time]
|
602
604
|
#
|
603
605
|
# @!attribute [rw] trail_properties
|
@@ -640,7 +642,7 @@ module Aws::AccessAnalyzer
|
|
640
642
|
# @return [Types::SecretsManagerSecretConfiguration]
|
641
643
|
#
|
642
644
|
# @!attribute [rw] sqs_queue
|
643
|
-
# The access control configuration is for an SQS queue.
|
645
|
+
# The access control configuration is for an Amazon SQS queue.
|
644
646
|
# @return [Types::SqsQueueConfiguration]
|
645
647
|
#
|
646
648
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Configuration AWS API Documentation
|
@@ -1092,7 +1094,7 @@ module Aws::AccessAnalyzer
|
|
1092
1094
|
# @return [String]
|
1093
1095
|
#
|
1094
1096
|
# @!attribute [rw] resource_owner_account
|
1095
|
-
# The
|
1097
|
+
# The Amazon Web Services account ID that owns the resource.
|
1096
1098
|
# @return [String]
|
1097
1099
|
#
|
1098
1100
|
# @!attribute [rw] resource_type
|
@@ -1160,7 +1162,9 @@ module Aws::AccessAnalyzer
|
|
1160
1162
|
# granted. This is populated for Amazon S3 bucket findings.
|
1161
1163
|
#
|
1162
1164
|
# @!attribute [rw] access_point_arn
|
1163
|
-
# The ARN of the access point that generated the finding.
|
1165
|
+
# The ARN of the access point that generated the finding. The ARN
|
1166
|
+
# format depends on whether the ARN represents an access point or a
|
1167
|
+
# multi-region access point.
|
1164
1168
|
# @return [String]
|
1165
1169
|
#
|
1166
1170
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSourceDetail AWS API Documentation
|
@@ -1215,7 +1219,7 @@ module Aws::AccessAnalyzer
|
|
1215
1219
|
# @return [String]
|
1216
1220
|
#
|
1217
1221
|
# @!attribute [rw] resource_owner_account
|
1218
|
-
# The
|
1222
|
+
# The Amazon Web Services account ID that owns the resource.
|
1219
1223
|
# @return [String]
|
1220
1224
|
#
|
1221
1225
|
# @!attribute [rw] resource_type
|
@@ -1284,8 +1288,8 @@ module Aws::AccessAnalyzer
|
|
1284
1288
|
#
|
1285
1289
|
# @!attribute [rw] is_complete
|
1286
1290
|
# This value is set to `true` if the generated policy contains all
|
1287
|
-
# possible actions for a service that Access Analyzer identified
|
1288
|
-
# the CloudTrail trail that you specified, and `false` otherwise.
|
1291
|
+
# possible actions for a service that IAM Access Analyzer identified
|
1292
|
+
# from the CloudTrail trail that you specified, and `false` otherwise.
|
1289
1293
|
# @return [Boolean]
|
1290
1294
|
#
|
1291
1295
|
# @!attribute [rw] principal_arn
|
@@ -1403,8 +1407,8 @@ module Aws::AccessAnalyzer
|
|
1403
1407
|
# The response to the request.
|
1404
1408
|
#
|
1405
1409
|
# @!attribute [rw] resource
|
1406
|
-
# An `AnalyzedResource` object that contains information that
|
1407
|
-
# Analyzer found when it analyzed the resource.
|
1410
|
+
# An `AnalyzedResource` object that contains information that IAM
|
1411
|
+
# Access Analyzer found when it analyzed the resource.
|
1408
1412
|
# @return [Types::AnalyzedResource]
|
1409
1413
|
#
|
1410
1414
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzedResourceResponse AWS API Documentation
|
@@ -1560,8 +1564,9 @@ module Aws::AccessAnalyzer
|
|
1560
1564
|
# The level of detail that you want to generate. You can specify
|
1561
1565
|
# whether to generate service-level policies.
|
1562
1566
|
#
|
1563
|
-
# Access Analyzer uses `iam:servicelastaccessed` to identify
|
1564
|
-
# that have been used recently to create this service-level
|
1567
|
+
# IAM Access Analyzer uses `iam:servicelastaccessed` to identify
|
1568
|
+
# services that have been used recently to create this service-level
|
1569
|
+
# template.
|
1565
1570
|
# @return [Boolean]
|
1566
1571
|
#
|
1567
1572
|
# @!attribute [rw] job_id
|
@@ -1686,8 +1691,8 @@ module Aws::AccessAnalyzer
|
|
1686
1691
|
include Aws::Structure
|
1687
1692
|
end
|
1688
1693
|
|
1689
|
-
# This configuration sets the
|
1690
|
-
# `Internet`.
|
1694
|
+
# This configuration sets the network origin for the Amazon S3 access
|
1695
|
+
# point or multi-region access point to `Internet`.
|
1691
1696
|
#
|
1692
1697
|
# @api private
|
1693
1698
|
#
|
@@ -1702,7 +1707,7 @@ module Aws::AccessAnalyzer
|
|
1702
1707
|
# @return [Time]
|
1703
1708
|
#
|
1704
1709
|
# @!attribute [rw] job_error
|
1705
|
-
#
|
1710
|
+
# The job error for the policy generation request.
|
1706
1711
|
# @return [Types::JobError]
|
1707
1712
|
#
|
1708
1713
|
# @!attribute [rw] job_id
|
@@ -1794,9 +1799,9 @@ module Aws::AccessAnalyzer
|
|
1794
1799
|
# @return [String]
|
1795
1800
|
#
|
1796
1801
|
# @!attribute [rw] issuing_account
|
1797
|
-
# The
|
1798
|
-
# used to propose KMS grants issued by accounts other
|
1799
|
-
# of the key.
|
1802
|
+
# The Amazon Web Services account under which the grant was issued.
|
1803
|
+
# The account is used to propose KMS grants issued by accounts other
|
1804
|
+
# than the owner of the key.
|
1800
1805
|
# @return [String]
|
1801
1806
|
#
|
1802
1807
|
# @!attribute [rw] operations
|
@@ -2427,7 +2432,8 @@ module Aws::AccessAnalyzer
|
|
2427
2432
|
end
|
2428
2433
|
|
2429
2434
|
# The proposed `InternetConfiguration` or `VpcConfiguration` to apply to
|
2430
|
-
# the Amazon S3
|
2435
|
+
# the Amazon S3 access point. `VpcConfiguration` does not apply to
|
2436
|
+
# multi-region access points. You can make the access point accessible
|
2431
2437
|
# from the internet, or you can specify that all requests made through
|
2432
2438
|
# that access point must originate from a specific virtual private cloud
|
2433
2439
|
# (VPC). You can specify only one type of network configuration. For
|
@@ -2442,13 +2448,14 @@ module Aws::AccessAnalyzer
|
|
2442
2448
|
# @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
|
2443
2449
|
#
|
2444
2450
|
# @!attribute [rw] internet_configuration
|
2445
|
-
# The configuration for the Amazon S3 access point
|
2446
|
-
# origin.
|
2451
|
+
# The configuration for the Amazon S3 access point or multi-region
|
2452
|
+
# access point with an `Internet` origin.
|
2447
2453
|
# @return [Types::InternetConfiguration]
|
2448
2454
|
#
|
2449
2455
|
# @!attribute [rw] vpc_configuration
|
2450
2456
|
# The proposed virtual private cloud (VPC) configuration for the
|
2451
|
-
# Amazon S3 access point.
|
2457
|
+
# Amazon S3 access point. VPC configuration does not apply to
|
2458
|
+
# multi-region access points. For more information, see
|
2452
2459
|
# [VpcConfiguration][1].
|
2453
2460
|
#
|
2454
2461
|
#
|
@@ -2620,9 +2627,10 @@ module Aws::AccessAnalyzer
|
|
2620
2627
|
include Aws::Structure
|
2621
2628
|
end
|
2622
2629
|
|
2623
|
-
# The configuration for an Amazon S3 access point
|
2624
|
-
# can propose up to 10 access points
|
2625
|
-
#
|
2630
|
+
# The configuration for an Amazon S3 access point or multi-region access
|
2631
|
+
# point for the bucket. You can propose up to 10 access points or
|
2632
|
+
# multi-region access points per bucket. If the proposed Amazon S3
|
2633
|
+
# access point configuration is for an existing bucket, the access
|
2626
2634
|
# preview uses the proposed access point configuration in place of the
|
2627
2635
|
# existing access points. To propose an access point without a policy,
|
2628
2636
|
# you can provide an empty string as the access point policy. For more
|
@@ -2654,21 +2662,22 @@ module Aws::AccessAnalyzer
|
|
2654
2662
|
# }
|
2655
2663
|
#
|
2656
2664
|
# @!attribute [rw] access_point_policy
|
2657
|
-
# The access point policy.
|
2665
|
+
# The access point or multi-region access point policy.
|
2658
2666
|
# @return [String]
|
2659
2667
|
#
|
2660
2668
|
# @!attribute [rw] network_origin
|
2661
2669
|
# The proposed `Internet` and `VpcConfiguration` to apply to this
|
2662
|
-
# Amazon S3 access point.
|
2663
|
-
#
|
2664
|
-
#
|
2665
|
-
#
|
2666
|
-
#
|
2670
|
+
# Amazon S3 access point. `VpcConfiguration` does not apply to
|
2671
|
+
# multi-region access points. If the access preview is for a new
|
2672
|
+
# resource and neither is specified, the access preview uses
|
2673
|
+
# `Internet` for the network origin. If the access preview is for an
|
2674
|
+
# existing resource and neither is specified, the access preview uses
|
2675
|
+
# the exiting network origin.
|
2667
2676
|
# @return [Types::NetworkOriginConfiguration]
|
2668
2677
|
#
|
2669
2678
|
# @!attribute [rw] public_access_block
|
2670
2679
|
# The proposed `S3PublicAccessBlock` configuration to apply to this
|
2671
|
-
# Amazon S3
|
2680
|
+
# Amazon S3 access point or multi-region access point.
|
2672
2681
|
# @return [Types::S3PublicAccessBlockConfiguration]
|
2673
2682
|
#
|
2674
2683
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3AccessPointConfiguration AWS API Documentation
|
@@ -2719,15 +2728,16 @@ module Aws::AccessAnalyzer
|
|
2719
2728
|
# Proposed access control configuration for an Amazon S3 bucket. You can
|
2720
2729
|
# propose a configuration for a new Amazon S3 bucket or an existing
|
2721
2730
|
# Amazon S3 bucket that you own by specifying the Amazon S3 bucket
|
2722
|
-
# policy, bucket ACLs, bucket BPA settings,
|
2723
|
-
# attached to the bucket. If the
|
2724
|
-
#
|
2725
|
-
#
|
2726
|
-
#
|
2727
|
-
#
|
2728
|
-
#
|
2729
|
-
# specify an empty string. For
|
2730
|
-
# limits, see [Bucket Policy
|
2731
|
+
# policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and
|
2732
|
+
# multi-region access points attached to the bucket. If the
|
2733
|
+
# configuration is for an existing Amazon S3 bucket and you do not
|
2734
|
+
# specify the Amazon S3 bucket policy, the access preview uses the
|
2735
|
+
# existing policy attached to the bucket. If the access preview is for a
|
2736
|
+
# new resource and you do not specify the Amazon S3 bucket policy, the
|
2737
|
+
# access preview assumes a bucket without a policy. To propose deletion
|
2738
|
+
# of an existing bucket policy, you can specify an empty string. For
|
2739
|
+
# more information about bucket policy limits, see [Bucket Policy
|
2740
|
+
# Examples][1].
|
2731
2741
|
#
|
2732
2742
|
#
|
2733
2743
|
#
|
@@ -2770,7 +2780,9 @@ module Aws::AccessAnalyzer
|
|
2770
2780
|
# }
|
2771
2781
|
#
|
2772
2782
|
# @!attribute [rw] access_points
|
2773
|
-
# The configuration of Amazon S3 access points
|
2783
|
+
# The configuration of Amazon S3 access points or multi-region access
|
2784
|
+
# points for the bucket. You can propose up to 10 new access points
|
2785
|
+
# per bucket.
|
2774
2786
|
# @return [Hash<String,Types::S3AccessPointConfiguration>]
|
2775
2787
|
#
|
2776
2788
|
# @!attribute [rw] bucket_acl_grants
|
@@ -2807,10 +2819,10 @@ module Aws::AccessAnalyzer
|
|
2807
2819
|
# bucket and the configuration is not specified, the access preview uses
|
2808
2820
|
# the existing setting. If the proposed configuration is for a new
|
2809
2821
|
# bucket and the configuration is not specified, the access preview uses
|
2810
|
-
# `false`. If the proposed configuration is for a new access point
|
2811
|
-
# the access point BPA configuration is
|
2812
|
-
# preview uses `true`. For more information,
|
2813
|
-
# [PublicAccessBlockConfiguration][1].
|
2822
|
+
# `false`. If the proposed configuration is for a new access point or
|
2823
|
+
# multi-region access point and the access point BPA configuration is
|
2824
|
+
# not specified, the access preview uses `true`. For more information,
|
2825
|
+
# see [PublicAccessBlockConfiguration][1].
|
2814
2826
|
#
|
2815
2827
|
#
|
2816
2828
|
#
|
@@ -2855,10 +2867,10 @@ module Aws::AccessAnalyzer
|
|
2855
2867
|
# without a policy. To propose deletion of an existing policy, you can
|
2856
2868
|
# specify an empty string. If the proposed configuration is for a new
|
2857
2869
|
# secret and you do not specify the KMS key ID, the access preview uses
|
2858
|
-
# the default CMK of the
|
2859
|
-
# the KMS key ID, the access preview uses the default
|
2860
|
-
# account. For more information about
|
2861
|
-
# for
|
2870
|
+
# the default CMK of the Amazon Web Services account. If you specify an
|
2871
|
+
# empty string for the KMS key ID, the access preview uses the default
|
2872
|
+
# CMK of the Amazon Web Services account. For more information about
|
2873
|
+
# secret policy limits, see [Quotas for Secrets Manager.][2].
|
2862
2874
|
#
|
2863
2875
|
#
|
2864
2876
|
#
|
@@ -2874,8 +2886,8 @@ module Aws::AccessAnalyzer
|
|
2874
2886
|
# }
|
2875
2887
|
#
|
2876
2888
|
# @!attribute [rw] kms_key_id
|
2877
|
-
# The proposed ARN, key ID, or alias of the
|
2878
|
-
#
|
2889
|
+
# The proposed ARN, key ID, or alias of the KMS customer master key
|
2890
|
+
# (CMK).
|
2879
2891
|
# @return [String]
|
2880
2892
|
#
|
2881
2893
|
# @!attribute [rw] secret_policy
|
@@ -2962,15 +2974,16 @@ module Aws::AccessAnalyzer
|
|
2962
2974
|
include Aws::Structure
|
2963
2975
|
end
|
2964
2976
|
|
2965
|
-
# The proposed access control configuration for an SQS queue. You
|
2966
|
-
# propose a configuration for a new SQS queue or an existing
|
2967
|
-
# that you own by specifying the SQS policy. If
|
2968
|
-
# an existing SQS queue and you do not
|
2969
|
-
#
|
2970
|
-
#
|
2971
|
-
#
|
2972
|
-
#
|
2973
|
-
#
|
2977
|
+
# The proposed access control configuration for an Amazon SQS queue. You
|
2978
|
+
# can propose a configuration for a new Amazon SQS queue or an existing
|
2979
|
+
# Amazon SQS queue that you own by specifying the Amazon SQS policy. If
|
2980
|
+
# the configuration is for an existing Amazon SQS queue and you do not
|
2981
|
+
# specify the Amazon SQS policy, the access preview uses the existing
|
2982
|
+
# Amazon SQS policy for the queue. If the access preview is for a new
|
2983
|
+
# resource and you do not specify the policy, the access preview assumes
|
2984
|
+
# an Amazon SQS queue without a policy. To propose deletion of an
|
2985
|
+
# existing Amazon SQS queue policy, you can specify an empty string for
|
2986
|
+
# the Amazon SQS policy. For more information about Amazon SQS policy
|
2974
2987
|
# limits, see [Quotas related to policies][1].
|
2975
2988
|
#
|
2976
2989
|
#
|
@@ -2985,7 +2998,7 @@ module Aws::AccessAnalyzer
|
|
2985
2998
|
# }
|
2986
2999
|
#
|
2987
3000
|
# @!attribute [rw] queue_policy
|
2988
|
-
# The proposed resource policy for the SQS queue.
|
3001
|
+
# The proposed resource policy for the Amazon SQS queue.
|
2989
3002
|
# @return [String]
|
2990
3003
|
#
|
2991
3004
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/SqsQueueConfiguration AWS API Documentation
|
@@ -3027,7 +3040,7 @@ module Aws::AccessAnalyzer
|
|
3027
3040
|
# and they have no additional effect.
|
3028
3041
|
#
|
3029
3042
|
# If you do not specify a client token, one is automatically generated
|
3030
|
-
# by the
|
3043
|
+
# by the Amazon Web Services SDK.
|
3031
3044
|
#
|
3032
3045
|
# **A suitable default value is auto-generated.** You should normally
|
3033
3046
|
# not need to pass this option.
|
@@ -3104,7 +3117,7 @@ module Aws::AccessAnalyzer
|
|
3104
3117
|
# example, if the creation for the analyzer fails, a `Failed` status is
|
3105
3118
|
# returned. For an analyzer with organization as the type, this failure
|
3106
3119
|
# can be due to an issue with creating the service-linked roles required
|
3107
|
-
# in the member accounts of the
|
3120
|
+
# in the member accounts of the Amazon Web Services organization.
|
3108
3121
|
#
|
3109
3122
|
# @!attribute [rw] code
|
3110
3123
|
# The reason code for the current status of the analyzer.
|
@@ -3203,7 +3216,7 @@ module Aws::AccessAnalyzer
|
|
3203
3216
|
# }
|
3204
3217
|
#
|
3205
3218
|
# @!attribute [rw] all_regions
|
3206
|
-
# Possible values are `true` or `false`. If set to `true`, Access
|
3219
|
+
# Possible values are `true` or `false`. If set to `true`, IAM Access
|
3207
3220
|
# Analyzer retrieves CloudTrail data from all regions to analyze and
|
3208
3221
|
# generate a policy.
|
3209
3222
|
# @return [Boolean]
|
@@ -3232,7 +3245,7 @@ module Aws::AccessAnalyzer
|
|
3232
3245
|
# a policy.
|
3233
3246
|
#
|
3234
3247
|
# @!attribute [rw] all_regions
|
3235
|
-
# Possible values are `true` or `false`. If set to `true`, Access
|
3248
|
+
# Possible values are `true` or `false`. If set to `true`, IAM Access
|
3236
3249
|
# Analyzer retrieves CloudTrail data from all regions to analyze and
|
3237
3250
|
# generate a policy.
|
3238
3251
|
# @return [Boolean]
|
@@ -3476,14 +3489,14 @@ module Aws::AccessAnalyzer
|
|
3476
3489
|
# The type of policy to validate. Identity policies grant permissions
|
3477
3490
|
# to IAM principals. Identity policies include managed and inline
|
3478
3491
|
# policies for IAM roles, users, and groups. They also include
|
3479
|
-
# service-control policies (SCPs) that are attached to an
|
3480
|
-
# organization, organizational unit (OU), or an account.
|
3492
|
+
# service-control policies (SCPs) that are attached to an Amazon Web
|
3493
|
+
# Services organization, organizational unit (OU), or an account.
|
3481
3494
|
#
|
3482
|
-
# Resource policies grant permissions on
|
3483
|
-
# policies include trust policies for IAM roles
|
3484
|
-
# for S3 buckets. You can provide a generic
|
3485
|
-
# policy or resource policy or a specific input
|
3486
|
-
# or S3 bucket policy.
|
3495
|
+
# Resource policies grant permissions on Amazon Web Services
|
3496
|
+
# resources. Resource policies include trust policies for IAM roles
|
3497
|
+
# and bucket policies for Amazon S3 buckets. You can provide a generic
|
3498
|
+
# input such as identity policy or resource policy or a specific input
|
3499
|
+
# such as managed policy or Amazon S3 bucket policy.
|
3487
3500
|
# @return [String]
|
3488
3501
|
#
|
3489
3502
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyRequest AWS API Documentation
|
@@ -3499,8 +3512,8 @@ module Aws::AccessAnalyzer
|
|
3499
3512
|
end
|
3500
3513
|
|
3501
3514
|
# @!attribute [rw] findings
|
3502
|
-
# The list of findings in a policy returned by Access Analyzer
|
3503
|
-
# on its suite of policy checks.
|
3515
|
+
# The list of findings in a policy returned by IAM Access Analyzer
|
3516
|
+
# based on its suite of policy checks.
|
3504
3517
|
# @return [Array<Types::ValidatePolicyFinding>]
|
3505
3518
|
#
|
3506
3519
|
# @!attribute [rw] next_token
|
@@ -3559,7 +3572,8 @@ module Aws::AccessAnalyzer
|
|
3559
3572
|
end
|
3560
3573
|
|
3561
3574
|
# The proposed virtual private cloud (VPC) configuration for the Amazon
|
3562
|
-
# S3 access point.
|
3575
|
+
# S3 access point. VPC configuration does not apply to multi-region
|
3576
|
+
# access points. For more information, see [VpcConfiguration][1].
|
3563
3577
|
#
|
3564
3578
|
#
|
3565
3579
|
#
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-accessanalyzer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.25.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-11-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.122.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.122.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
@@ -76,7 +76,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
76
76
|
requirements:
|
77
77
|
- - ">="
|
78
78
|
- !ruby/object:Gem::Version
|
79
|
-
version: '
|
79
|
+
version: '2.3'
|
80
80
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
81
81
|
requirements:
|
82
82
|
- - ">="
|