aws-sdk-accessanalyzer 1.22.0 → 1.23.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 00c5a06a9e93cd9d1db1a64e21e8b6af85a48da50721a9eb2e385208a1c17892
4
- data.tar.gz: ceb723710ed8cba1036e4f9423b8b1f248594b6d06e74e8a73b50e9970c7e934
3
+ metadata.gz: 941f06caa057d0cc55cf091f38909e2635dd7766789d97c30ff076a0f60c1bba
4
+ data.tar.gz: d8e65577c97ee2af2a7ae1cda9b6269f035ed14f4be6e7e021c2809734eb088d
5
5
  SHA512:
6
- metadata.gz: c42107cc0570f71afbead42b47b963d54ac6e915d6a7803ef7d688107304c40e38ed78ca8b3df1542aa1cdc59021c5b7408c430e28e7797f465624d40e9847e8
7
- data.tar.gz: f1c855305a7f7c58e43f4d15288bd7a68c4c3582d43df45a139bf5676038d830bcc158ac2a5818ddf469149d50cdd074e8e8738beabb2b285781c1c18a13025e
6
+ metadata.gz: 2ecbd1cb82b6c0dba6871f83fcab240a4c1990d5e90c81919d32aa872e61f69a44a6a6377d95930c1ebe45c19a1ba2365487d772401f095bee20873cd1fb85ba
7
+ data.tar.gz: a2f5e0cd23a0ca5e33b562b6e5f623382f1ccb4b2e5986118dc93f65803252d8041dd9701b830ed6537bb5fc6bc10445fbbaab37427f251b914460bd49d07e2a
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.23.0 (2021-09-02)
5
+ ------------------
6
+
7
+ * Feature - Updates service API, documentation, and paginators to support multi-region access points from Amazon S3.
8
+
4
9
  1.22.0 (2021-09-01)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.22.0
1
+ 1.23.0
@@ -386,8 +386,9 @@ module Aws::AccessAnalyzer
386
386
  req.send_request(options)
387
387
  end
388
388
 
389
- # Creates an access preview that allows you to preview Access Analyzer
390
- # findings for your resource before deploying resource permissions.
389
+ # Creates an access preview that allows you to preview IAM Access
390
+ # Analyzer findings for your resource before deploying resource
391
+ # permissions.
391
392
  #
392
393
  # @option params [required, String] :analyzer_arn
393
394
  # The [ARN of the account analyzer][1] used to generate the access
@@ -573,7 +574,7 @@ module Aws::AccessAnalyzer
573
574
  # when you create the rule.
574
575
  #
575
576
  # To learn about filter keys that you can use to create an archive rule,
576
- # see [Access Analyzer filter keys][1] in the **IAM User Guide**.
577
+ # see [IAM Access Analyzer filter keys][1] in the **IAM User Guide**.
577
578
  #
578
579
  #
579
580
  #
@@ -621,10 +622,10 @@ module Aws::AccessAnalyzer
621
622
  req.send_request(options)
622
623
  end
623
624
 
624
- # Deletes the specified analyzer. When you delete an analyzer, Access
625
- # Analyzer is disabled for the account or organization in the current or
626
- # specific Region. All findings that were generated by the analyzer are
627
- # deleted. You cannot undo this action.
625
+ # Deletes the specified analyzer. When you delete an analyzer, IAM
626
+ # Access Analyzer is disabled for the account or organization in the
627
+ # current or specific Region. All findings that were generated by the
628
+ # analyzer are deleted. You cannot undo this action.
628
629
  #
629
630
  # @option params [required, String] :analyzer_name
630
631
  # The name of the analyzer to delete.
@@ -845,7 +846,7 @@ module Aws::AccessAnalyzer
845
846
  # Retrieves information about an archive rule.
846
847
  #
847
848
  # To learn about filter keys that you can use to create an archive rule,
848
- # see [Access Analyzer filter keys][1] in the **IAM User Guide**.
849
+ # see [IAM Access Analyzer filter keys][1] in the **IAM User Guide**.
849
850
  #
850
851
  #
851
852
  #
@@ -960,8 +961,9 @@ module Aws::AccessAnalyzer
960
961
  # The level of detail that you want to generate. You can specify whether
961
962
  # to generate service-level policies.
962
963
  #
963
- # Access Analyzer uses `iam:servicelastaccessed` to identify services
964
- # that have been used recently to create this service-level template.
964
+ # IAM Access Analyzer uses `iam:servicelastaccessed` to identify
965
+ # services that have been used recently to create this service-level
966
+ # template.
965
967
  #
966
968
  # @option params [required, String] :job_id
967
969
  # The `JobId` that is returned by the `StartPolicyGeneration` operation.
@@ -1297,7 +1299,7 @@ module Aws::AccessAnalyzer
1297
1299
  # Retrieves a list of findings generated by the specified analyzer.
1298
1300
  #
1299
1301
  # To learn about filter keys that you can use to retrieve a list of
1300
- # findings, see [Access Analyzer filter keys][1] in the **IAM User
1302
+ # findings, see [IAM Access Analyzer filter keys][1] in the **IAM User
1301
1303
  # Guide**.
1302
1304
  #
1303
1305
  #
@@ -1470,7 +1472,7 @@ module Aws::AccessAnalyzer
1470
1472
  # and they have no additional effect.
1471
1473
  #
1472
1474
  # If you do not specify a client token, one is automatically generated
1473
- # by the AWS SDK.
1475
+ # by the Amazon Web Services SDK.
1474
1476
  #
1475
1477
  # **A suitable default value is auto-generated.** You should normally
1476
1478
  # not need to pass this option.**
@@ -1720,14 +1722,14 @@ module Aws::AccessAnalyzer
1720
1722
  # The type of policy to validate. Identity policies grant permissions to
1721
1723
  # IAM principals. Identity policies include managed and inline policies
1722
1724
  # for IAM roles, users, and groups. They also include service-control
1723
- # policies (SCPs) that are attached to an AWS organization,
1724
- # organizational unit (OU), or an account.
1725
+ # policies (SCPs) that are attached to an Amazon Web Services
1726
+ # organization, organizational unit (OU), or an account.
1725
1727
  #
1726
- # Resource policies grant permissions on AWS resources. Resource
1727
- # policies include trust policies for IAM roles and bucket policies for
1728
- # S3 buckets. You can provide a generic input such as identity policy or
1729
- # resource policy or a specific input such as managed policy or S3
1730
- # bucket policy.
1728
+ # Resource policies grant permissions on Amazon Web Services resources.
1729
+ # Resource policies include trust policies for IAM roles and bucket
1730
+ # policies for Amazon S3 buckets. You can provide a generic input such
1731
+ # as identity policy or resource policy or a specific input such as
1732
+ # managed policy or Amazon S3 bucket policy.
1731
1733
  #
1732
1734
  # @return [Types::ValidatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1733
1735
  #
@@ -1790,7 +1792,7 @@ module Aws::AccessAnalyzer
1790
1792
  params: params,
1791
1793
  config: config)
1792
1794
  context[:gem_name] = 'aws-sdk-accessanalyzer'
1793
- context[:gem_version] = '1.22.0'
1795
+ context[:gem_version] = '1.23.0'
1794
1796
  Seahorse::Client::Request.new(handlers, context)
1795
1797
  end
1796
1798
 
@@ -83,7 +83,7 @@ module Aws::AccessAnalyzer
83
83
  #
84
84
  # @!attribute [rw] change_type
85
85
  # Provides context on how the access preview finding compares to
86
- # existing access identified in Access Analyzer.
86
+ # existing access identified in IAM Access Analyzer.
87
87
  #
88
88
  # * `New` - The finding is for newly-introduced access.
89
89
  #
@@ -113,8 +113,8 @@ module Aws::AccessAnalyzer
113
113
  # @return [String]
114
114
  #
115
115
  # @!attribute [rw] existing_finding_id
116
- # The existing ID of the finding in Access Analyzer, provided only for
117
- # existing findings.
116
+ # The existing ID of the finding in IAM Access Analyzer, provided only
117
+ # for existing findings.
118
118
  # @return [String]
119
119
  #
120
120
  # @!attribute [rw] existing_finding_status
@@ -144,8 +144,9 @@ module Aws::AccessAnalyzer
144
144
  # @return [String]
145
145
  #
146
146
  # @!attribute [rw] resource_owner_account
147
- # The AWS account ID that owns the resource. For most AWS resources,
148
- # the owning account is the account in which the resource was created.
147
+ # The Amazon Web Services account ID that owns the resource. For most
148
+ # Amazon Web Services resources, the owning account is the account in
149
+ # which the resource was created.
149
150
  # @return [String]
150
151
  #
151
152
  # @!attribute [rw] resource_type
@@ -263,7 +264,8 @@ module Aws::AccessAnalyzer
263
264
  # @note AclGrantee is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of AclGrantee corresponding to the set member.
264
265
  #
265
266
  # @!attribute [rw] id
266
- # The value specified is the canonical user ID of an AWS account.
267
+ # The value specified is the canonical user ID of an Amazon Web
268
+ # Services account.
267
269
  # @return [String]
268
270
  #
269
271
  # @!attribute [rw] uri
@@ -314,7 +316,7 @@ module Aws::AccessAnalyzer
314
316
  # @return [String]
315
317
  #
316
318
  # @!attribute [rw] resource_owner_account
317
- # The AWS account ID that owns the resource.
319
+ # The Amazon Web Services account ID that owns the resource.
318
320
  # @return [String]
319
321
  #
320
322
  # @!attribute [rw] resource_type
@@ -360,7 +362,7 @@ module Aws::AccessAnalyzer
360
362
  # @return [String]
361
363
  #
362
364
  # @!attribute [rw] resource_owner_account
363
- # The AWS account ID that owns the resource.
365
+ # The Amazon Web Services account ID that owns the resource.
364
366
  # @return [String]
365
367
  #
366
368
  # @!attribute [rw] resource_type
@@ -403,10 +405,10 @@ module Aws::AccessAnalyzer
403
405
  # The status of the analyzer. An `Active` analyzer successfully
404
406
  # monitors supported resources and generates new findings. The
405
407
  # analyzer is `Disabled` when a user action, such as removing trusted
406
- # access for AWS IAM Access Analyzer from AWS Organizations, causes
407
- # the analyzer to stop generating new findings. The status is
408
- # `Creating` when the analyzer creation is in progress and `Failed`
409
- # when the analyzer creation has failed.
408
+ # access for Identity and Access Management Access Analyzer from
409
+ # Organizations, causes the analyzer to stop generating new findings.
410
+ # The status is `Creating` when the analyzer creation is in progress
411
+ # and `Failed` when the analyzer creation has failed.
410
412
  # @return [String]
411
413
  #
412
414
  # @!attribute [rw] status_reason
@@ -414,8 +416,8 @@ module Aws::AccessAnalyzer
414
416
  # the analyzer. For example, if the creation for the analyzer fails, a
415
417
  # `Failed` status is returned. For an analyzer with organization as
416
418
  # the type, this failure can be due to an issue with creating the
417
- # service-linked roles required in the member accounts of the AWS
418
- # organization.
419
+ # service-linked roles required in the member accounts of the Amazon
420
+ # Web Services organization.
419
421
  # @return [Types::StatusReason]
420
422
  #
421
423
  # @!attribute [rw] tags
@@ -553,21 +555,21 @@ module Aws::AccessAnalyzer
553
555
  # }
554
556
  #
555
557
  # @!attribute [rw] access_role
556
- # The ARN of the service role that Access Analyzer uses to access your
557
- # CloudTrail trail and service last accessed information.
558
+ # The ARN of the service role that IAM Access Analyzer uses to access
559
+ # your CloudTrail trail and service last accessed information.
558
560
  # @return [String]
559
561
  #
560
562
  # @!attribute [rw] end_time
561
- # The end of the time range for which Access Analyzer reviews your
563
+ # The end of the time range for which IAM Access Analyzer reviews your
562
564
  # CloudTrail events. Events with a timestamp after this time are not
563
565
  # considered to generate a policy. If this is not included in the
564
566
  # request, the default value is the current time.
565
567
  # @return [Time]
566
568
  #
567
569
  # @!attribute [rw] start_time
568
- # The start of the time range for which Access Analyzer reviews your
569
- # CloudTrail events. Events with a timestamp before this time are not
570
- # considered to generate a policy.
570
+ # The start of the time range for which IAM Access Analyzer reviews
571
+ # your CloudTrail events. Events with a timestamp before this time are
572
+ # not considered to generate a policy.
571
573
  # @return [Time]
572
574
  #
573
575
  # @!attribute [rw] trails
@@ -588,16 +590,16 @@ module Aws::AccessAnalyzer
588
590
  # Contains information about CloudTrail access.
589
591
  #
590
592
  # @!attribute [rw] end_time
591
- # The end of the time range for which Access Analyzer reviews your
593
+ # The end of the time range for which IAM Access Analyzer reviews your
592
594
  # CloudTrail events. Events with a timestamp after this time are not
593
595
  # considered to generate a policy. If this is not included in the
594
596
  # request, the default value is the current time.
595
597
  # @return [Time]
596
598
  #
597
599
  # @!attribute [rw] start_time
598
- # The start of the time range for which Access Analyzer reviews your
599
- # CloudTrail events. Events with a timestamp before this time are not
600
- # considered to generate a policy.
600
+ # The start of the time range for which IAM Access Analyzer reviews
601
+ # your CloudTrail events. Events with a timestamp before this time are
602
+ # not considered to generate a policy.
601
603
  # @return [Time]
602
604
  #
603
605
  # @!attribute [rw] trail_properties
@@ -640,7 +642,7 @@ module Aws::AccessAnalyzer
640
642
  # @return [Types::SecretsManagerSecretConfiguration]
641
643
  #
642
644
  # @!attribute [rw] sqs_queue
643
- # The access control configuration is for an SQS queue.
645
+ # The access control configuration is for an Amazon SQS queue.
644
646
  # @return [Types::SqsQueueConfiguration]
645
647
  #
646
648
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Configuration AWS API Documentation
@@ -1092,7 +1094,7 @@ module Aws::AccessAnalyzer
1092
1094
  # @return [String]
1093
1095
  #
1094
1096
  # @!attribute [rw] resource_owner_account
1095
- # The AWS account ID that owns the resource.
1097
+ # The Amazon Web Services account ID that owns the resource.
1096
1098
  # @return [String]
1097
1099
  #
1098
1100
  # @!attribute [rw] resource_type
@@ -1160,7 +1162,9 @@ module Aws::AccessAnalyzer
1160
1162
  # granted. This is populated for Amazon S3 bucket findings.
1161
1163
  #
1162
1164
  # @!attribute [rw] access_point_arn
1163
- # The ARN of the access point that generated the finding.
1165
+ # The ARN of the access point that generated the finding. The ARN
1166
+ # format depends on whether the ARN represents an access point or a
1167
+ # multi-region access point.
1164
1168
  # @return [String]
1165
1169
  #
1166
1170
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSourceDetail AWS API Documentation
@@ -1215,7 +1219,7 @@ module Aws::AccessAnalyzer
1215
1219
  # @return [String]
1216
1220
  #
1217
1221
  # @!attribute [rw] resource_owner_account
1218
- # The AWS account ID that owns the resource.
1222
+ # The Amazon Web Services account ID that owns the resource.
1219
1223
  # @return [String]
1220
1224
  #
1221
1225
  # @!attribute [rw] resource_type
@@ -1284,8 +1288,8 @@ module Aws::AccessAnalyzer
1284
1288
  #
1285
1289
  # @!attribute [rw] is_complete
1286
1290
  # This value is set to `true` if the generated policy contains all
1287
- # possible actions for a service that Access Analyzer identified from
1288
- # the CloudTrail trail that you specified, and `false` otherwise.
1291
+ # possible actions for a service that IAM Access Analyzer identified
1292
+ # from the CloudTrail trail that you specified, and `false` otherwise.
1289
1293
  # @return [Boolean]
1290
1294
  #
1291
1295
  # @!attribute [rw] principal_arn
@@ -1403,8 +1407,8 @@ module Aws::AccessAnalyzer
1403
1407
  # The response to the request.
1404
1408
  #
1405
1409
  # @!attribute [rw] resource
1406
- # An `AnalyzedResource` object that contains information that Access
1407
- # Analyzer found when it analyzed the resource.
1410
+ # An `AnalyzedResource` object that contains information that IAM
1411
+ # Access Analyzer found when it analyzed the resource.
1408
1412
  # @return [Types::AnalyzedResource]
1409
1413
  #
1410
1414
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzedResourceResponse AWS API Documentation
@@ -1560,8 +1564,9 @@ module Aws::AccessAnalyzer
1560
1564
  # The level of detail that you want to generate. You can specify
1561
1565
  # whether to generate service-level policies.
1562
1566
  #
1563
- # Access Analyzer uses `iam:servicelastaccessed` to identify services
1564
- # that have been used recently to create this service-level template.
1567
+ # IAM Access Analyzer uses `iam:servicelastaccessed` to identify
1568
+ # services that have been used recently to create this service-level
1569
+ # template.
1565
1570
  # @return [Boolean]
1566
1571
  #
1567
1572
  # @!attribute [rw] job_id
@@ -1686,8 +1691,8 @@ module Aws::AccessAnalyzer
1686
1691
  include Aws::Structure
1687
1692
  end
1688
1693
 
1689
- # This configuration sets the Amazon S3 access point network origin to
1690
- # `Internet`.
1694
+ # This configuration sets the network origin for the Amazon S3 access
1695
+ # point or multi-region access point to `Internet`.
1691
1696
  #
1692
1697
  # @api private
1693
1698
  #
@@ -1702,7 +1707,7 @@ module Aws::AccessAnalyzer
1702
1707
  # @return [Time]
1703
1708
  #
1704
1709
  # @!attribute [rw] job_error
1705
- # Contains the details about the policy generation error.
1710
+ # The job error for the policy generation request.
1706
1711
  # @return [Types::JobError]
1707
1712
  #
1708
1713
  # @!attribute [rw] job_id
@@ -1794,9 +1799,9 @@ module Aws::AccessAnalyzer
1794
1799
  # @return [String]
1795
1800
  #
1796
1801
  # @!attribute [rw] issuing_account
1797
- # The AWS account under which the grant was issued. The account is
1798
- # used to propose KMS grants issued by accounts other than the owner
1799
- # of the key.
1802
+ # The Amazon Web Services account under which the grant was issued.
1803
+ # The account is used to propose KMS grants issued by accounts other
1804
+ # than the owner of the key.
1800
1805
  # @return [String]
1801
1806
  #
1802
1807
  # @!attribute [rw] operations
@@ -2427,7 +2432,8 @@ module Aws::AccessAnalyzer
2427
2432
  end
2428
2433
 
2429
2434
  # The proposed `InternetConfiguration` or `VpcConfiguration` to apply to
2430
- # the Amazon S3 Access point. You can make the access point accessible
2435
+ # the Amazon S3 access point. `VpcConfiguration` does not apply to
2436
+ # multi-region access points. You can make the access point accessible
2431
2437
  # from the internet, or you can specify that all requests made through
2432
2438
  # that access point must originate from a specific virtual private cloud
2433
2439
  # (VPC). You can specify only one type of network configuration. For
@@ -2442,13 +2448,14 @@ module Aws::AccessAnalyzer
2442
2448
  # @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
2443
2449
  #
2444
2450
  # @!attribute [rw] internet_configuration
2445
- # The configuration for the Amazon S3 access point with an `Internet`
2446
- # origin.
2451
+ # The configuration for the Amazon S3 access point or multi-region
2452
+ # access point with an `Internet` origin.
2447
2453
  # @return [Types::InternetConfiguration]
2448
2454
  #
2449
2455
  # @!attribute [rw] vpc_configuration
2450
2456
  # The proposed virtual private cloud (VPC) configuration for the
2451
- # Amazon S3 access point. For more information, see
2457
+ # Amazon S3 access point. VPC configuration does not apply to
2458
+ # multi-region access points. For more information, see
2452
2459
  # [VpcConfiguration][1].
2453
2460
  #
2454
2461
  #
@@ -2620,9 +2627,10 @@ module Aws::AccessAnalyzer
2620
2627
  include Aws::Structure
2621
2628
  end
2622
2629
 
2623
- # The configuration for an Amazon S3 access point for the bucket. You
2624
- # can propose up to 10 access points per bucket. If the proposed Amazon
2625
- # S3 access point configuration is for an existing bucket, the access
2630
+ # The configuration for an Amazon S3 access point or multi-region access
2631
+ # point for the bucket. You can propose up to 10 access points or
2632
+ # multi-region access points per bucket. If the proposed Amazon S3
2633
+ # access point configuration is for an existing bucket, the access
2626
2634
  # preview uses the proposed access point configuration in place of the
2627
2635
  # existing access points. To propose an access point without a policy,
2628
2636
  # you can provide an empty string as the access point policy. For more
@@ -2654,21 +2662,22 @@ module Aws::AccessAnalyzer
2654
2662
  # }
2655
2663
  #
2656
2664
  # @!attribute [rw] access_point_policy
2657
- # The access point policy.
2665
+ # The access point or multi-region access point policy.
2658
2666
  # @return [String]
2659
2667
  #
2660
2668
  # @!attribute [rw] network_origin
2661
2669
  # The proposed `Internet` and `VpcConfiguration` to apply to this
2662
- # Amazon S3 access point. If the access preview is for a new resource
2663
- # and neither is specified, the access preview uses `Internet` for the
2664
- # network origin. If the access preview is for an existing resource
2665
- # and neither is specified, the access preview uses the exiting
2666
- # network origin.
2670
+ # Amazon S3 access point. `VpcConfiguration` does not apply to
2671
+ # multi-region access points. If the access preview is for a new
2672
+ # resource and neither is specified, the access preview uses
2673
+ # `Internet` for the network origin. If the access preview is for an
2674
+ # existing resource and neither is specified, the access preview uses
2675
+ # the exiting network origin.
2667
2676
  # @return [Types::NetworkOriginConfiguration]
2668
2677
  #
2669
2678
  # @!attribute [rw] public_access_block
2670
2679
  # The proposed `S3PublicAccessBlock` configuration to apply to this
2671
- # Amazon S3 Access Point.
2680
+ # Amazon S3 access point or multi-region access point.
2672
2681
  # @return [Types::S3PublicAccessBlockConfiguration]
2673
2682
  #
2674
2683
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3AccessPointConfiguration AWS API Documentation
@@ -2719,15 +2728,16 @@ module Aws::AccessAnalyzer
2719
2728
  # Proposed access control configuration for an Amazon S3 bucket. You can
2720
2729
  # propose a configuration for a new Amazon S3 bucket or an existing
2721
2730
  # Amazon S3 bucket that you own by specifying the Amazon S3 bucket
2722
- # policy, bucket ACLs, bucket BPA settings, and Amazon S3 access points
2723
- # attached to the bucket. If the configuration is for an existing Amazon
2724
- # S3 bucket and you do not specify the Amazon S3 bucket policy, the
2725
- # access preview uses the existing policy attached to the bucket. If the
2726
- # access preview is for a new resource and you do not specify the Amazon
2727
- # S3 bucket policy, the access preview assumes a bucket without a
2728
- # policy. To propose deletion of an existing bucket policy, you can
2729
- # specify an empty string. For more information about bucket policy
2730
- # limits, see [Bucket Policy Examples][1].
2731
+ # policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and
2732
+ # multi-region access points attached to the bucket. If the
2733
+ # configuration is for an existing Amazon S3 bucket and you do not
2734
+ # specify the Amazon S3 bucket policy, the access preview uses the
2735
+ # existing policy attached to the bucket. If the access preview is for a
2736
+ # new resource and you do not specify the Amazon S3 bucket policy, the
2737
+ # access preview assumes a bucket without a policy. To propose deletion
2738
+ # of an existing bucket policy, you can specify an empty string. For
2739
+ # more information about bucket policy limits, see [Bucket Policy
2740
+ # Examples][1].
2731
2741
  #
2732
2742
  #
2733
2743
  #
@@ -2770,7 +2780,9 @@ module Aws::AccessAnalyzer
2770
2780
  # }
2771
2781
  #
2772
2782
  # @!attribute [rw] access_points
2773
- # The configuration of Amazon S3 access points for the bucket.
2783
+ # The configuration of Amazon S3 access points or multi-region access
2784
+ # points for the bucket. You can propose up to 10 new access points
2785
+ # per bucket.
2774
2786
  # @return [Hash<String,Types::S3AccessPointConfiguration>]
2775
2787
  #
2776
2788
  # @!attribute [rw] bucket_acl_grants
@@ -2807,10 +2819,10 @@ module Aws::AccessAnalyzer
2807
2819
  # bucket and the configuration is not specified, the access preview uses
2808
2820
  # the existing setting. If the proposed configuration is for a new
2809
2821
  # bucket and the configuration is not specified, the access preview uses
2810
- # `false`. If the proposed configuration is for a new access point and
2811
- # the access point BPA configuration is not specified, the access
2812
- # preview uses `true`. For more information, see
2813
- # [PublicAccessBlockConfiguration][1].
2822
+ # `false`. If the proposed configuration is for a new access point or
2823
+ # multi-region access point and the access point BPA configuration is
2824
+ # not specified, the access preview uses `true`. For more information,
2825
+ # see [PublicAccessBlockConfiguration][1].
2814
2826
  #
2815
2827
  #
2816
2828
  #
@@ -2855,10 +2867,10 @@ module Aws::AccessAnalyzer
2855
2867
  # without a policy. To propose deletion of an existing policy, you can
2856
2868
  # specify an empty string. If the proposed configuration is for a new
2857
2869
  # secret and you do not specify the KMS key ID, the access preview uses
2858
- # the default CMK of the AWS account. If you specify an empty string for
2859
- # the KMS key ID, the access preview uses the default CMK of the AWS
2860
- # account. For more information about secret policy limits, see [Quotas
2861
- # for AWS Secrets Manager.][2].
2870
+ # the default CMK of the Amazon Web Services account. If you specify an
2871
+ # empty string for the KMS key ID, the access preview uses the default
2872
+ # CMK of the Amazon Web Services account. For more information about
2873
+ # secret policy limits, see [Quotas for Secrets Manager.][2].
2862
2874
  #
2863
2875
  #
2864
2876
  #
@@ -2874,8 +2886,8 @@ module Aws::AccessAnalyzer
2874
2886
  # }
2875
2887
  #
2876
2888
  # @!attribute [rw] kms_key_id
2877
- # The proposed ARN, key ID, or alias of the AWS KMS customer master
2878
- # key (CMK).
2889
+ # The proposed ARN, key ID, or alias of the KMS customer master key
2890
+ # (CMK).
2879
2891
  # @return [String]
2880
2892
  #
2881
2893
  # @!attribute [rw] secret_policy
@@ -2962,15 +2974,16 @@ module Aws::AccessAnalyzer
2962
2974
  include Aws::Structure
2963
2975
  end
2964
2976
 
2965
- # The proposed access control configuration for an SQS queue. You can
2966
- # propose a configuration for a new SQS queue or an existing SQS queue
2967
- # that you own by specifying the SQS policy. If the configuration is for
2968
- # an existing SQS queue and you do not specify the SQS policy, the
2969
- # access preview uses the existing SQS policy for the queue. If the
2970
- # access preview is for a new resource and you do not specify the
2971
- # policy, the access preview assumes an SQS queue without a policy. To
2972
- # propose deletion of an existing SQS queue policy, you can specify an
2973
- # empty string for the SQS policy. For more information about SQS policy
2977
+ # The proposed access control configuration for an Amazon SQS queue. You
2978
+ # can propose a configuration for a new Amazon SQS queue or an existing
2979
+ # Amazon SQS queue that you own by specifying the Amazon SQS policy. If
2980
+ # the configuration is for an existing Amazon SQS queue and you do not
2981
+ # specify the Amazon SQS policy, the access preview uses the existing
2982
+ # Amazon SQS policy for the queue. If the access preview is for a new
2983
+ # resource and you do not specify the policy, the access preview assumes
2984
+ # an Amazon SQS queue without a policy. To propose deletion of an
2985
+ # existing Amazon SQS queue policy, you can specify an empty string for
2986
+ # the Amazon SQS policy. For more information about Amazon SQS policy
2974
2987
  # limits, see [Quotas related to policies][1].
2975
2988
  #
2976
2989
  #
@@ -2985,7 +2998,7 @@ module Aws::AccessAnalyzer
2985
2998
  # }
2986
2999
  #
2987
3000
  # @!attribute [rw] queue_policy
2988
- # The proposed resource policy for the SQS queue.
3001
+ # The proposed resource policy for the Amazon SQS queue.
2989
3002
  # @return [String]
2990
3003
  #
2991
3004
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/SqsQueueConfiguration AWS API Documentation
@@ -3027,7 +3040,7 @@ module Aws::AccessAnalyzer
3027
3040
  # and they have no additional effect.
3028
3041
  #
3029
3042
  # If you do not specify a client token, one is automatically generated
3030
- # by the AWS SDK.
3043
+ # by the Amazon Web Services SDK.
3031
3044
  #
3032
3045
  # **A suitable default value is auto-generated.** You should normally
3033
3046
  # not need to pass this option.
@@ -3104,7 +3117,7 @@ module Aws::AccessAnalyzer
3104
3117
  # example, if the creation for the analyzer fails, a `Failed` status is
3105
3118
  # returned. For an analyzer with organization as the type, this failure
3106
3119
  # can be due to an issue with creating the service-linked roles required
3107
- # in the member accounts of the AWS organization.
3120
+ # in the member accounts of the Amazon Web Services organization.
3108
3121
  #
3109
3122
  # @!attribute [rw] code
3110
3123
  # The reason code for the current status of the analyzer.
@@ -3203,7 +3216,7 @@ module Aws::AccessAnalyzer
3203
3216
  # }
3204
3217
  #
3205
3218
  # @!attribute [rw] all_regions
3206
- # Possible values are `true` or `false`. If set to `true`, Access
3219
+ # Possible values are `true` or `false`. If set to `true`, IAM Access
3207
3220
  # Analyzer retrieves CloudTrail data from all regions to analyze and
3208
3221
  # generate a policy.
3209
3222
  # @return [Boolean]
@@ -3232,7 +3245,7 @@ module Aws::AccessAnalyzer
3232
3245
  # a policy.
3233
3246
  #
3234
3247
  # @!attribute [rw] all_regions
3235
- # Possible values are `true` or `false`. If set to `true`, Access
3248
+ # Possible values are `true` or `false`. If set to `true`, IAM Access
3236
3249
  # Analyzer retrieves CloudTrail data from all regions to analyze and
3237
3250
  # generate a policy.
3238
3251
  # @return [Boolean]
@@ -3476,14 +3489,14 @@ module Aws::AccessAnalyzer
3476
3489
  # The type of policy to validate. Identity policies grant permissions
3477
3490
  # to IAM principals. Identity policies include managed and inline
3478
3491
  # policies for IAM roles, users, and groups. They also include
3479
- # service-control policies (SCPs) that are attached to an AWS
3480
- # organization, organizational unit (OU), or an account.
3492
+ # service-control policies (SCPs) that are attached to an Amazon Web
3493
+ # Services organization, organizational unit (OU), or an account.
3481
3494
  #
3482
- # Resource policies grant permissions on AWS resources. Resource
3483
- # policies include trust policies for IAM roles and bucket policies
3484
- # for S3 buckets. You can provide a generic input such as identity
3485
- # policy or resource policy or a specific input such as managed policy
3486
- # or S3 bucket policy.
3495
+ # Resource policies grant permissions on Amazon Web Services
3496
+ # resources. Resource policies include trust policies for IAM roles
3497
+ # and bucket policies for Amazon S3 buckets. You can provide a generic
3498
+ # input such as identity policy or resource policy or a specific input
3499
+ # such as managed policy or Amazon S3 bucket policy.
3487
3500
  # @return [String]
3488
3501
  #
3489
3502
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyRequest AWS API Documentation
@@ -3499,8 +3512,8 @@ module Aws::AccessAnalyzer
3499
3512
  end
3500
3513
 
3501
3514
  # @!attribute [rw] findings
3502
- # The list of findings in a policy returned by Access Analyzer based
3503
- # on its suite of policy checks.
3515
+ # The list of findings in a policy returned by IAM Access Analyzer
3516
+ # based on its suite of policy checks.
3504
3517
  # @return [Array<Types::ValidatePolicyFinding>]
3505
3518
  #
3506
3519
  # @!attribute [rw] next_token
@@ -3559,7 +3572,8 @@ module Aws::AccessAnalyzer
3559
3572
  end
3560
3573
 
3561
3574
  # The proposed virtual private cloud (VPC) configuration for the Amazon
3562
- # S3 access point. For more information, see [VpcConfiguration][1].
3575
+ # S3 access point. VPC configuration does not apply to multi-region
3576
+ # access points. For more information, see [VpcConfiguration][1].
3563
3577
  #
3564
3578
  #
3565
3579
  #
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-accessanalyzer/customizations'
48
48
  # @!group service
49
49
  module Aws::AccessAnalyzer
50
50
 
51
- GEM_VERSION = '1.22.0'
51
+ GEM_VERSION = '1.23.0'
52
52
 
53
53
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-accessanalyzer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.22.0
4
+ version: 1.23.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-09-01 00:00:00.000000000 Z
11
+ date: 2021-09-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core