aws-sdk-accessanalyzer 1.23.0 → 1.27.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +37 -3
- data/lib/aws-sdk-accessanalyzer/client_api.rb +2 -0
- data/lib/aws-sdk-accessanalyzer/types.rb +24 -7
- data/lib/aws-sdk-accessanalyzer.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2cefa52b04160a5d1e740202fef9f61957e4fcb9d31dc6547c7786bfd716b639
|
4
|
+
data.tar.gz: a55fa9a24d0ca1b40fd0584673e06b91b7fd702b4097126e25f2a4896ef05706
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dea0ae137ea2b3e8837ea7a713164c432b6242c5147d25d574ed52998c448ff4e1fb9deab5da08d3b1a9e33cd7cf0eb5925b333115d4fd8e90cbf77bb1636d6a
|
7
|
+
data.tar.gz: af9c2cebc57b6f5c24729f515a3f47b495f79e18b70b14dcf0bd1a33fb99291c01f4acf3c48505ad50f7845d1ccc277949a16320c40cd8791a12c469765bc40c
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,26 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.27.0 (2021-12-21)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
8
|
+
|
9
|
+
1.26.0 (2021-11-30)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - AWS IAM Access Analyzer now supports policy validation for resource policies attached to S3 buckets and access points. You can run additional policy checks by specifying the S3 resource type you want to attach to your resource policy.
|
13
|
+
|
14
|
+
1.25.0 (2021-11-04)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
18
|
+
|
19
|
+
1.24.0 (2021-10-18)
|
20
|
+
------------------
|
21
|
+
|
22
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
23
|
+
|
4
24
|
1.23.0 (2021-09-02)
|
5
25
|
------------------
|
6
26
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.27.0
|
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
30
31
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
31
32
|
require 'aws-sdk-core/plugins/protocols/rest_json.rb'
|
32
33
|
|
@@ -73,6 +74,7 @@ module Aws::AccessAnalyzer
|
|
73
74
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
74
75
|
add_plugin(Aws::Plugins::TransferEncoding)
|
75
76
|
add_plugin(Aws::Plugins::HttpChecksum)
|
77
|
+
add_plugin(Aws::Plugins::DefaultsMode)
|
76
78
|
add_plugin(Aws::Plugins::SignatureV4)
|
77
79
|
add_plugin(Aws::Plugins::Protocols::RestJson)
|
78
80
|
|
@@ -119,7 +121,9 @@ module Aws::AccessAnalyzer
|
|
119
121
|
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
120
122
|
# are very aggressive. Construct and pass an instance of
|
121
123
|
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
122
|
-
# enable retries and extended timeouts.
|
124
|
+
# enable retries and extended timeouts. Instance profile credential
|
125
|
+
# fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
126
|
+
# to true.
|
123
127
|
#
|
124
128
|
# @option options [required, String] :region
|
125
129
|
# The AWS region to connect to. The configured `:region` is
|
@@ -173,6 +177,10 @@ module Aws::AccessAnalyzer
|
|
173
177
|
# Used only in `standard` and adaptive retry modes. Specifies whether to apply
|
174
178
|
# a clock skew correction and retry requests with skewed client clocks.
|
175
179
|
#
|
180
|
+
# @option options [String] :defaults_mode ("legacy")
|
181
|
+
# See {Aws::DefaultsModeConfiguration} for a list of the
|
182
|
+
# accepted modes and the configuration defaults that are included.
|
183
|
+
#
|
176
184
|
# @option options [Boolean] :disable_host_prefix_injection (false)
|
177
185
|
# Set to true to disable SDK automatically adding host prefix
|
178
186
|
# to default service endpoint when available.
|
@@ -275,6 +283,15 @@ module Aws::AccessAnalyzer
|
|
275
283
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
276
284
|
# requests are made, and retries are disabled.
|
277
285
|
#
|
286
|
+
# @option options [Boolean] :use_dualstack_endpoint
|
287
|
+
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
288
|
+
# will be used if available.
|
289
|
+
#
|
290
|
+
# @option options [Boolean] :use_fips_endpoint
|
291
|
+
# When set to `true`, fips compatible endpoints will be used if available.
|
292
|
+
# When a `fips` region is used, the region is normalized and this config
|
293
|
+
# is set to `true`.
|
294
|
+
#
|
278
295
|
# @option options [Boolean] :validate_params (true)
|
279
296
|
# When `true`, request parameters are validated before
|
280
297
|
# sending the request.
|
@@ -286,7 +303,7 @@ module Aws::AccessAnalyzer
|
|
286
303
|
# seconds to wait when opening a HTTP session before raising a
|
287
304
|
# `Timeout::Error`.
|
288
305
|
#
|
289
|
-
# @option options [
|
306
|
+
# @option options [Float] :http_read_timeout (60) The default
|
290
307
|
# number of seconds to wait for response data. This value can
|
291
308
|
# safely be set per-request on the session.
|
292
309
|
#
|
@@ -302,6 +319,9 @@ module Aws::AccessAnalyzer
|
|
302
319
|
# disables this behaviour. This value can safely be set per
|
303
320
|
# request on the session.
|
304
321
|
#
|
322
|
+
# @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
|
323
|
+
# in seconds.
|
324
|
+
#
|
305
325
|
# @option options [Boolean] :http_wire_trace (false) When `true`,
|
306
326
|
# HTTP debug output will be sent to the `:logger`.
|
307
327
|
#
|
@@ -1731,6 +1751,19 @@ module Aws::AccessAnalyzer
|
|
1731
1751
|
# as identity policy or resource policy or a specific input such as
|
1732
1752
|
# managed policy or Amazon S3 bucket policy.
|
1733
1753
|
#
|
1754
|
+
# @option params [String] :validate_policy_resource_type
|
1755
|
+
# The type of resource to attach to your resource policy. Specify a
|
1756
|
+
# value for the policy validation resource type only if the policy type
|
1757
|
+
# is `RESOURCE_POLICY`. For example, to validate a resource policy to
|
1758
|
+
# attach to an Amazon S3 bucket, you can choose `AWS::S3::Bucket` for
|
1759
|
+
# the policy validation resource type.
|
1760
|
+
#
|
1761
|
+
# For resource types not supported as valid values, IAM Access Analyzer
|
1762
|
+
# runs policy checks that apply to all resource policies. For example,
|
1763
|
+
# to validate a resource policy to attach to a KMS key, do not specify a
|
1764
|
+
# value for the policy validation resource type and IAM Access Analyzer
|
1765
|
+
# will run policy checks that apply to all resource policies.
|
1766
|
+
#
|
1734
1767
|
# @return [Types::ValidatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1735
1768
|
#
|
1736
1769
|
# * {Types::ValidatePolicyResponse#findings #findings} => Array<Types::ValidatePolicyFinding>
|
@@ -1746,6 +1779,7 @@ module Aws::AccessAnalyzer
|
|
1746
1779
|
# next_token: "Token",
|
1747
1780
|
# policy_document: "PolicyDocument", # required
|
1748
1781
|
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
|
1782
|
+
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
|
1749
1783
|
# })
|
1750
1784
|
#
|
1751
1785
|
# @example Response structure
|
@@ -1792,7 +1826,7 @@ module Aws::AccessAnalyzer
|
|
1792
1826
|
params: params,
|
1793
1827
|
config: config)
|
1794
1828
|
context[:gem_name] = 'aws-sdk-accessanalyzer'
|
1795
|
-
context[:gem_version] = '1.
|
1829
|
+
context[:gem_version] = '1.27.0'
|
1796
1830
|
Seahorse::Client::Request.new(handlers, context)
|
1797
1831
|
end
|
1798
1832
|
|
@@ -199,6 +199,7 @@ module Aws::AccessAnalyzer
|
|
199
199
|
ValidatePolicyFindingList = Shapes::ListShape.new(name: 'ValidatePolicyFindingList')
|
200
200
|
ValidatePolicyFindingType = Shapes::StringShape.new(name: 'ValidatePolicyFindingType')
|
201
201
|
ValidatePolicyRequest = Shapes::StructureShape.new(name: 'ValidatePolicyRequest')
|
202
|
+
ValidatePolicyResourceType = Shapes::StringShape.new(name: 'ValidatePolicyResourceType')
|
202
203
|
ValidatePolicyResponse = Shapes::StructureShape.new(name: 'ValidatePolicyResponse')
|
203
204
|
ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
|
204
205
|
ValidationExceptionField = Shapes::StructureShape.new(name: 'ValidationExceptionField')
|
@@ -798,6 +799,7 @@ module Aws::AccessAnalyzer
|
|
798
799
|
ValidatePolicyRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location: "querystring", location_name: "nextToken"))
|
799
800
|
ValidatePolicyRequest.add_member(:policy_document, Shapes::ShapeRef.new(shape: PolicyDocument, required: true, location_name: "policyDocument"))
|
800
801
|
ValidatePolicyRequest.add_member(:policy_type, Shapes::ShapeRef.new(shape: PolicyType, required: true, location_name: "policyType"))
|
802
|
+
ValidatePolicyRequest.add_member(:validate_policy_resource_type, Shapes::ShapeRef.new(shape: ValidatePolicyResourceType, location_name: "validatePolicyResourceType"))
|
801
803
|
ValidatePolicyRequest.struct_class = Types::ValidatePolicyRequest
|
802
804
|
|
803
805
|
ValidatePolicyResponse.add_member(:findings, Shapes::ShapeRef.new(shape: ValidatePolicyFindingList, required: true, location_name: "findings"))
|
@@ -2867,10 +2867,11 @@ module Aws::AccessAnalyzer
|
|
2867
2867
|
# without a policy. To propose deletion of an existing policy, you can
|
2868
2868
|
# specify an empty string. If the proposed configuration is for a new
|
2869
2869
|
# secret and you do not specify the KMS key ID, the access preview uses
|
2870
|
-
# the
|
2871
|
-
# empty string for the KMS key ID, the access preview uses
|
2872
|
-
#
|
2873
|
-
# secret policy limits, see [Quotas
|
2870
|
+
# the Amazon Web Services managed key `aws/secretsmanager`. If you
|
2871
|
+
# specify an empty string for the KMS key ID, the access preview uses
|
2872
|
+
# the Amazon Web Services managed key of the Amazon Web Services
|
2873
|
+
# account. For more information about secret policy limits, see [Quotas
|
2874
|
+
# for Secrets Manager.][2].
|
2874
2875
|
#
|
2875
2876
|
#
|
2876
2877
|
#
|
@@ -2886,8 +2887,7 @@ module Aws::AccessAnalyzer
|
|
2886
2887
|
# }
|
2887
2888
|
#
|
2888
2889
|
# @!attribute [rw] kms_key_id
|
2889
|
-
# The proposed ARN, key ID, or alias of the KMS
|
2890
|
-
# (CMK).
|
2890
|
+
# The proposed ARN, key ID, or alias of the KMS key.
|
2891
2891
|
# @return [String]
|
2892
2892
|
#
|
2893
2893
|
# @!attribute [rw] secret_policy
|
@@ -3467,6 +3467,7 @@ module Aws::AccessAnalyzer
|
|
3467
3467
|
# next_token: "Token",
|
3468
3468
|
# policy_document: "PolicyDocument", # required
|
3469
3469
|
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
|
3470
|
+
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
|
3470
3471
|
# }
|
3471
3472
|
#
|
3472
3473
|
# @!attribute [rw] locale
|
@@ -3499,6 +3500,21 @@ module Aws::AccessAnalyzer
|
|
3499
3500
|
# such as managed policy or Amazon S3 bucket policy.
|
3500
3501
|
# @return [String]
|
3501
3502
|
#
|
3503
|
+
# @!attribute [rw] validate_policy_resource_type
|
3504
|
+
# The type of resource to attach to your resource policy. Specify a
|
3505
|
+
# value for the policy validation resource type only if the policy
|
3506
|
+
# type is `RESOURCE_POLICY`. For example, to validate a resource
|
3507
|
+
# policy to attach to an Amazon S3 bucket, you can choose
|
3508
|
+
# `AWS::S3::Bucket` for the policy validation resource type.
|
3509
|
+
#
|
3510
|
+
# For resource types not supported as valid values, IAM Access
|
3511
|
+
# Analyzer runs policy checks that apply to all resource policies. For
|
3512
|
+
# example, to validate a resource policy to attach to a KMS key, do
|
3513
|
+
# not specify a value for the policy validation resource type and IAM
|
3514
|
+
# Access Analyzer will run policy checks that apply to all resource
|
3515
|
+
# policies.
|
3516
|
+
# @return [String]
|
3517
|
+
#
|
3502
3518
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyRequest AWS API Documentation
|
3503
3519
|
#
|
3504
3520
|
class ValidatePolicyRequest < Struct.new(
|
@@ -3506,7 +3522,8 @@ module Aws::AccessAnalyzer
|
|
3506
3522
|
:max_results,
|
3507
3523
|
:next_token,
|
3508
3524
|
:policy_document,
|
3509
|
-
:policy_type
|
3525
|
+
:policy_type,
|
3526
|
+
:validate_policy_resource_type)
|
3510
3527
|
SENSITIVE = []
|
3511
3528
|
include Aws::Structure
|
3512
3529
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-accessanalyzer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.27.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-12-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.125.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.125.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|