aws-sdk-accessanalyzer 1.23.0 → 1.27.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 941f06caa057d0cc55cf091f38909e2635dd7766789d97c30ff076a0f60c1bba
-  data.tar.gz: d8e65577c97ee2af2a7ae1cda9b6269f035ed14f4be6e7e021c2809734eb088d
+  metadata.gz: 2cefa52b04160a5d1e740202fef9f61957e4fcb9d31dc6547c7786bfd716b639
+  data.tar.gz: a55fa9a24d0ca1b40fd0584673e06b91b7fd702b4097126e25f2a4896ef05706
 SHA512:
-  metadata.gz: 2ecbd1cb82b6c0dba6871f83fcab240a4c1990d5e90c81919d32aa872e61f69a44a6a6377d95930c1ebe45c19a1ba2365487d772401f095bee20873cd1fb85ba
-  data.tar.gz: a2f5e0cd23a0ca5e33b562b6e5f623382f1ccb4b2e5986118dc93f65803252d8041dd9701b830ed6537bb5fc6bc10445fbbaab37427f251b914460bd49d07e2a
+  metadata.gz: dea0ae137ea2b3e8837ea7a713164c432b6242c5147d25d574ed52998c448ff4e1fb9deab5da08d3b1a9e33cd7cf0eb5925b333115d4fd8e90cbf77bb1636d6a
+  data.tar.gz: af9c2cebc57b6f5c24729f515a3f47b495f79e18b70b14dcf0bd1a33fb99291c01f4acf3c48505ad50f7845d1ccc277949a16320c40cd8791a12c469765bc40c

data/CHANGELOG.md

@@ -1,6 +1,26 @@
 Unreleased Changes
 ------------------
 
+1.27.0 (2021-12-21)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.26.0 (2021-11-30)
+------------------
+
+* Feature - AWS IAM Access Analyzer now supports policy validation for resource policies attached to S3 buckets and access points. You can run additional policy checks by specifying the S3 resource type you want to attach to your resource policy.
+
+1.25.0 (2021-11-04)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.24.0 (2021-10-18)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
 1.23.0 (2021-09-02)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.23.0
+1.27.0

data/lib/aws-sdk-accessanalyzer/client.rb

@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
 require 'aws-sdk-core/plugins/http_checksum.rb'
+require 'aws-sdk-core/plugins/defaults_mode.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
 require 'aws-sdk-core/plugins/protocols/rest_json.rb'
 
@@ -73,6 +74,7 @@ module Aws::AccessAnalyzer
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
     add_plugin(Aws::Plugins::HttpChecksum)
+    add_plugin(Aws::Plugins::DefaultsMode)
     add_plugin(Aws::Plugins::SignatureV4)
     add_plugin(Aws::Plugins::Protocols::RestJson)
 
@@ -119,7 +121,9 @@ module Aws::AccessAnalyzer
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
     #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts.
+    #       enable retries and extended timeouts. Instance profile credential
+    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
+    #       to true.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -173,6 +177,10 @@ module Aws::AccessAnalyzer
     #     Used only in `standard` and adaptive retry modes. Specifies whether to apply
     #     a clock skew correction and retry requests with skewed client clocks.
     #
+    #   @option options [String] :defaults_mode ("legacy")
+    #     See {Aws::DefaultsModeConfiguration} for a list of the
+    #     accepted modes and the configuration defaults that are included.
+    #
     #   @option options [Boolean] :disable_host_prefix_injection (false)
     #     Set to true to disable SDK automatically adding host prefix
     #     to default service endpoint when available.
@@ -275,6 +283,15 @@ module Aws::AccessAnalyzer
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Boolean] :use_dualstack_endpoint
+    #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
+    #     will be used if available.
+    #
+    #   @option options [Boolean] :use_fips_endpoint
+    #     When set to `true`, fips compatible endpoints will be used if available.
+    #     When a `fips` region is used, the region is normalized and this config
+    #     is set to `true`.
+    #
     #   @option options [Boolean] :validate_params (true)
     #     When `true`, request parameters are validated before
     #     sending the request.
@@ -286,7 +303,7 @@ module Aws::AccessAnalyzer
     #     seconds to wait when opening a HTTP session before raising a
     #     `Timeout::Error`.
     #
-    #   @option options [Integer] :http_read_timeout (60) The default
+    #   @option options [Float] :http_read_timeout (60) The default
     #     number of seconds to wait for response data.  This value can
     #     safely be set per-request on the session.
     #
@@ -302,6 +319,9 @@ module Aws::AccessAnalyzer
     #     disables this behaviour.  This value can safely be set per
     #     request on the session.
     #
+    #   @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
+    #     in seconds.
+    #
     #   @option options [Boolean] :http_wire_trace (false) When `true`,
     #     HTTP debug output will be sent to the `:logger`.
     #
@@ -1731,6 +1751,19 @@ module Aws::AccessAnalyzer
     #   as identity policy or resource policy or a specific input such as
     #   managed policy or Amazon S3 bucket policy.
     #
+    # @option params [String] :validate_policy_resource_type
+    #   The type of resource to attach to your resource policy. Specify a
+    #   value for the policy validation resource type only if the policy type
+    #   is `RESOURCE_POLICY`. For example, to validate a resource policy to
+    #   attach to an Amazon S3 bucket, you can choose `AWS::S3::Bucket` for
+    #   the policy validation resource type.
+    #
+    #   For resource types not supported as valid values, IAM Access Analyzer
+    #   runs policy checks that apply to all resource policies. For example,
+    #   to validate a resource policy to attach to a KMS key, do not specify a
+    #   value for the policy validation resource type and IAM Access Analyzer
+    #   will run policy checks that apply to all resource policies.
+    #
     # @return [Types::ValidatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ValidatePolicyResponse#findings #findings} => Array<Types::ValidatePolicyFinding>
@@ -1746,6 +1779,7 @@ module Aws::AccessAnalyzer
     #     next_token: "Token",
     #     policy_document: "PolicyDocument", # required
     #     policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
+    #     validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
     #   })
     #
     # @example Response structure
@@ -1792,7 +1826,7 @@ module Aws::AccessAnalyzer
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-accessanalyzer'
-      context[:gem_version] = '1.23.0'
+      context[:gem_version] = '1.27.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-accessanalyzer/client_api.rb

@@ -199,6 +199,7 @@ module Aws::AccessAnalyzer
     ValidatePolicyFindingList = Shapes::ListShape.new(name: 'ValidatePolicyFindingList')
     ValidatePolicyFindingType = Shapes::StringShape.new(name: 'ValidatePolicyFindingType')
     ValidatePolicyRequest = Shapes::StructureShape.new(name: 'ValidatePolicyRequest')
+    ValidatePolicyResourceType = Shapes::StringShape.new(name: 'ValidatePolicyResourceType')
     ValidatePolicyResponse = Shapes::StructureShape.new(name: 'ValidatePolicyResponse')
     ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
     ValidationExceptionField = Shapes::StructureShape.new(name: 'ValidationExceptionField')
@@ -798,6 +799,7 @@ module Aws::AccessAnalyzer
     ValidatePolicyRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location: "querystring", location_name: "nextToken"))
     ValidatePolicyRequest.add_member(:policy_document, Shapes::ShapeRef.new(shape: PolicyDocument, required: true, location_name: "policyDocument"))
     ValidatePolicyRequest.add_member(:policy_type, Shapes::ShapeRef.new(shape: PolicyType, required: true, location_name: "policyType"))
+    ValidatePolicyRequest.add_member(:validate_policy_resource_type, Shapes::ShapeRef.new(shape: ValidatePolicyResourceType, location_name: "validatePolicyResourceType"))
     ValidatePolicyRequest.struct_class = Types::ValidatePolicyRequest
 
     ValidatePolicyResponse.add_member(:findings, Shapes::ShapeRef.new(shape: ValidatePolicyFindingList, required: true, location_name: "findings"))

data/lib/aws-sdk-accessanalyzer/types.rb

@@ -2867,10 +2867,11 @@ module Aws::AccessAnalyzer
     # without a policy. To propose deletion of an existing policy, you can
     # specify an empty string. If the proposed configuration is for a new
     # secret and you do not specify the KMS key ID, the access preview uses
-    # the default CMK of the Amazon Web Services account. If you specify an
-    # empty string for the KMS key ID, the access preview uses the default
-    # CMK of the Amazon Web Services account. For more information about
-    # secret policy limits, see [Quotas for Secrets Manager.][2].
+    # the Amazon Web Services managed key `aws/secretsmanager`. If you
+    # specify an empty string for the KMS key ID, the access preview uses
+    # the Amazon Web Services managed key of the Amazon Web Services
+    # account. For more information about secret policy limits, see [Quotas
+    # for Secrets Manager.][2].
     #
     #
     #
@@ -2886,8 +2887,7 @@ module Aws::AccessAnalyzer
     #       }
     #
     # @!attribute [rw] kms_key_id
-    #   The proposed ARN, key ID, or alias of the KMS customer master key
-    #   (CMK).
+    #   The proposed ARN, key ID, or alias of the KMS key.
     #   @return [String]
     #
     # @!attribute [rw] secret_policy
@@ -3467,6 +3467,7 @@ module Aws::AccessAnalyzer
     #         next_token: "Token",
     #         policy_document: "PolicyDocument", # required
     #         policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
+    #         validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
     #       }
     #
     # @!attribute [rw] locale
@@ -3499,6 +3500,21 @@ module Aws::AccessAnalyzer
     #   such as managed policy or Amazon S3 bucket policy.
     #   @return [String]
     #
+    # @!attribute [rw] validate_policy_resource_type
+    #   The type of resource to attach to your resource policy. Specify a
+    #   value for the policy validation resource type only if the policy
+    #   type is `RESOURCE_POLICY`. For example, to validate a resource
+    #   policy to attach to an Amazon S3 bucket, you can choose
+    #   `AWS::S3::Bucket` for the policy validation resource type.
+    #
+    #   For resource types not supported as valid values, IAM Access
+    #   Analyzer runs policy checks that apply to all resource policies. For
+    #   example, to validate a resource policy to attach to a KMS key, do
+    #   not specify a value for the policy validation resource type and IAM
+    #   Access Analyzer will run policy checks that apply to all resource
+    #   policies.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyRequest AWS API Documentation
     #
     class ValidatePolicyRequest < Struct.new(
@@ -3506,7 +3522,8 @@ module Aws::AccessAnalyzer
       :max_results,
       :next_token,
       :policy_document,
-      :policy_type)
+      :policy_type,
+      :validate_policy_resource_type)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-accessanalyzer.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-accessanalyzer/customizations'
 # @!group service
 module Aws::AccessAnalyzer
 
-  GEM_VERSION = '1.23.0'
+  GEM_VERSION = '1.27.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-accessanalyzer
 version: !ruby/object:Gem::Version
-  version: 1.23.0
+  version: 1.27.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-09-02 00:00:00.000000000 Z
+date: 2021-12-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.120.0
+        version: 3.125.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.120.0
+        version: 3.125.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement