aws-sdk-accessanalyzer 1.24.0 → 1.28.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +39 -3
- data/lib/aws-sdk-accessanalyzer/client_api.rb +2 -0
- data/lib/aws-sdk-accessanalyzer/types.rb +24 -7
- data/lib/aws-sdk-accessanalyzer.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3f5600d220a82e6bd8d74947fd71bcf15d5ddbcadeaffe6ebdf2416109ffede4
|
4
|
+
data.tar.gz: b1c42e719e33c5b0067d572846576ade38643d20057359e01fac4a12f871ed18
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2b4570a51900c9e9bc079149a7fb7baa5dad11613cc84109682d8c5ce24930e9a49459dc8a63a64e3d852c698cbbb5a6f1508317dc1faeb444901ee98e9ca72a
|
7
|
+
data.tar.gz: eb5fb2e744a5ebcef1f16269bcf5cb3cdf1142a8d6fc48fbcebfd04dfa5ea8d58d0bfb49bd3084d197e7b497b162403d6b0990b7d617592d77efd4b0fdc7fd61
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,26 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.28.0 (2022-02-03)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
8
|
+
|
9
|
+
1.27.0 (2021-12-21)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
13
|
+
|
14
|
+
1.26.0 (2021-11-30)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Feature - AWS IAM Access Analyzer now supports policy validation for resource policies attached to S3 buckets and access points. You can run additional policy checks by specifying the S3 resource type you want to attach to your resource policy.
|
18
|
+
|
19
|
+
1.25.0 (2021-11-04)
|
20
|
+
------------------
|
21
|
+
|
22
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
23
|
+
|
4
24
|
1.24.0 (2021-10-18)
|
5
25
|
------------------
|
6
26
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.28.0
|
@@ -27,6 +27,8 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
31
|
+
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
30
32
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
31
33
|
require 'aws-sdk-core/plugins/protocols/rest_json.rb'
|
32
34
|
|
@@ -73,6 +75,8 @@ module Aws::AccessAnalyzer
|
|
73
75
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
74
76
|
add_plugin(Aws::Plugins::TransferEncoding)
|
75
77
|
add_plugin(Aws::Plugins::HttpChecksum)
|
78
|
+
add_plugin(Aws::Plugins::DefaultsMode)
|
79
|
+
add_plugin(Aws::Plugins::RecursionDetection)
|
76
80
|
add_plugin(Aws::Plugins::SignatureV4)
|
77
81
|
add_plugin(Aws::Plugins::Protocols::RestJson)
|
78
82
|
|
@@ -119,7 +123,9 @@ module Aws::AccessAnalyzer
|
|
119
123
|
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
120
124
|
# are very aggressive. Construct and pass an instance of
|
121
125
|
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
122
|
-
# enable retries and extended timeouts.
|
126
|
+
# enable retries and extended timeouts. Instance profile credential
|
127
|
+
# fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
|
128
|
+
# to true.
|
123
129
|
#
|
124
130
|
# @option options [required, String] :region
|
125
131
|
# The AWS region to connect to. The configured `:region` is
|
@@ -173,6 +179,10 @@ module Aws::AccessAnalyzer
|
|
173
179
|
# Used only in `standard` and adaptive retry modes. Specifies whether to apply
|
174
180
|
# a clock skew correction and retry requests with skewed client clocks.
|
175
181
|
#
|
182
|
+
# @option options [String] :defaults_mode ("legacy")
|
183
|
+
# See {Aws::DefaultsModeConfiguration} for a list of the
|
184
|
+
# accepted modes and the configuration defaults that are included.
|
185
|
+
#
|
176
186
|
# @option options [Boolean] :disable_host_prefix_injection (false)
|
177
187
|
# Set to true to disable SDK automatically adding host prefix
|
178
188
|
# to default service endpoint when available.
|
@@ -275,6 +285,15 @@ module Aws::AccessAnalyzer
|
|
275
285
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
276
286
|
# requests are made, and retries are disabled.
|
277
287
|
#
|
288
|
+
# @option options [Boolean] :use_dualstack_endpoint
|
289
|
+
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
290
|
+
# will be used if available.
|
291
|
+
#
|
292
|
+
# @option options [Boolean] :use_fips_endpoint
|
293
|
+
# When set to `true`, fips compatible endpoints will be used if available.
|
294
|
+
# When a `fips` region is used, the region is normalized and this config
|
295
|
+
# is set to `true`.
|
296
|
+
#
|
278
297
|
# @option options [Boolean] :validate_params (true)
|
279
298
|
# When `true`, request parameters are validated before
|
280
299
|
# sending the request.
|
@@ -286,7 +305,7 @@ module Aws::AccessAnalyzer
|
|
286
305
|
# seconds to wait when opening a HTTP session before raising a
|
287
306
|
# `Timeout::Error`.
|
288
307
|
#
|
289
|
-
# @option options [
|
308
|
+
# @option options [Float] :http_read_timeout (60) The default
|
290
309
|
# number of seconds to wait for response data. This value can
|
291
310
|
# safely be set per-request on the session.
|
292
311
|
#
|
@@ -302,6 +321,9 @@ module Aws::AccessAnalyzer
|
|
302
321
|
# disables this behaviour. This value can safely be set per
|
303
322
|
# request on the session.
|
304
323
|
#
|
324
|
+
# @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
|
325
|
+
# in seconds.
|
326
|
+
#
|
305
327
|
# @option options [Boolean] :http_wire_trace (false) When `true`,
|
306
328
|
# HTTP debug output will be sent to the `:logger`.
|
307
329
|
#
|
@@ -1731,6 +1753,19 @@ module Aws::AccessAnalyzer
|
|
1731
1753
|
# as identity policy or resource policy or a specific input such as
|
1732
1754
|
# managed policy or Amazon S3 bucket policy.
|
1733
1755
|
#
|
1756
|
+
# @option params [String] :validate_policy_resource_type
|
1757
|
+
# The type of resource to attach to your resource policy. Specify a
|
1758
|
+
# value for the policy validation resource type only if the policy type
|
1759
|
+
# is `RESOURCE_POLICY`. For example, to validate a resource policy to
|
1760
|
+
# attach to an Amazon S3 bucket, you can choose `AWS::S3::Bucket` for
|
1761
|
+
# the policy validation resource type.
|
1762
|
+
#
|
1763
|
+
# For resource types not supported as valid values, IAM Access Analyzer
|
1764
|
+
# runs policy checks that apply to all resource policies. For example,
|
1765
|
+
# to validate a resource policy to attach to a KMS key, do not specify a
|
1766
|
+
# value for the policy validation resource type and IAM Access Analyzer
|
1767
|
+
# will run policy checks that apply to all resource policies.
|
1768
|
+
#
|
1734
1769
|
# @return [Types::ValidatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1735
1770
|
#
|
1736
1771
|
# * {Types::ValidatePolicyResponse#findings #findings} => Array<Types::ValidatePolicyFinding>
|
@@ -1746,6 +1781,7 @@ module Aws::AccessAnalyzer
|
|
1746
1781
|
# next_token: "Token",
|
1747
1782
|
# policy_document: "PolicyDocument", # required
|
1748
1783
|
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
|
1784
|
+
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
|
1749
1785
|
# })
|
1750
1786
|
#
|
1751
1787
|
# @example Response structure
|
@@ -1792,7 +1828,7 @@ module Aws::AccessAnalyzer
|
|
1792
1828
|
params: params,
|
1793
1829
|
config: config)
|
1794
1830
|
context[:gem_name] = 'aws-sdk-accessanalyzer'
|
1795
|
-
context[:gem_version] = '1.
|
1831
|
+
context[:gem_version] = '1.28.0'
|
1796
1832
|
Seahorse::Client::Request.new(handlers, context)
|
1797
1833
|
end
|
1798
1834
|
|
@@ -199,6 +199,7 @@ module Aws::AccessAnalyzer
|
|
199
199
|
ValidatePolicyFindingList = Shapes::ListShape.new(name: 'ValidatePolicyFindingList')
|
200
200
|
ValidatePolicyFindingType = Shapes::StringShape.new(name: 'ValidatePolicyFindingType')
|
201
201
|
ValidatePolicyRequest = Shapes::StructureShape.new(name: 'ValidatePolicyRequest')
|
202
|
+
ValidatePolicyResourceType = Shapes::StringShape.new(name: 'ValidatePolicyResourceType')
|
202
203
|
ValidatePolicyResponse = Shapes::StructureShape.new(name: 'ValidatePolicyResponse')
|
203
204
|
ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
|
204
205
|
ValidationExceptionField = Shapes::StructureShape.new(name: 'ValidationExceptionField')
|
@@ -798,6 +799,7 @@ module Aws::AccessAnalyzer
|
|
798
799
|
ValidatePolicyRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location: "querystring", location_name: "nextToken"))
|
799
800
|
ValidatePolicyRequest.add_member(:policy_document, Shapes::ShapeRef.new(shape: PolicyDocument, required: true, location_name: "policyDocument"))
|
800
801
|
ValidatePolicyRequest.add_member(:policy_type, Shapes::ShapeRef.new(shape: PolicyType, required: true, location_name: "policyType"))
|
802
|
+
ValidatePolicyRequest.add_member(:validate_policy_resource_type, Shapes::ShapeRef.new(shape: ValidatePolicyResourceType, location_name: "validatePolicyResourceType"))
|
801
803
|
ValidatePolicyRequest.struct_class = Types::ValidatePolicyRequest
|
802
804
|
|
803
805
|
ValidatePolicyResponse.add_member(:findings, Shapes::ShapeRef.new(shape: ValidatePolicyFindingList, required: true, location_name: "findings"))
|
@@ -2867,10 +2867,11 @@ module Aws::AccessAnalyzer
|
|
2867
2867
|
# without a policy. To propose deletion of an existing policy, you can
|
2868
2868
|
# specify an empty string. If the proposed configuration is for a new
|
2869
2869
|
# secret and you do not specify the KMS key ID, the access preview uses
|
2870
|
-
# the
|
2871
|
-
# empty string for the KMS key ID, the access preview uses
|
2872
|
-
#
|
2873
|
-
# secret policy limits, see [Quotas
|
2870
|
+
# the Amazon Web Services managed key `aws/secretsmanager`. If you
|
2871
|
+
# specify an empty string for the KMS key ID, the access preview uses
|
2872
|
+
# the Amazon Web Services managed key of the Amazon Web Services
|
2873
|
+
# account. For more information about secret policy limits, see [Quotas
|
2874
|
+
# for Secrets Manager.][2].
|
2874
2875
|
#
|
2875
2876
|
#
|
2876
2877
|
#
|
@@ -2886,8 +2887,7 @@ module Aws::AccessAnalyzer
|
|
2886
2887
|
# }
|
2887
2888
|
#
|
2888
2889
|
# @!attribute [rw] kms_key_id
|
2889
|
-
# The proposed ARN, key ID, or alias of the KMS
|
2890
|
-
# (CMK).
|
2890
|
+
# The proposed ARN, key ID, or alias of the KMS key.
|
2891
2891
|
# @return [String]
|
2892
2892
|
#
|
2893
2893
|
# @!attribute [rw] secret_policy
|
@@ -3467,6 +3467,7 @@ module Aws::AccessAnalyzer
|
|
3467
3467
|
# next_token: "Token",
|
3468
3468
|
# policy_document: "PolicyDocument", # required
|
3469
3469
|
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
|
3470
|
+
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
|
3470
3471
|
# }
|
3471
3472
|
#
|
3472
3473
|
# @!attribute [rw] locale
|
@@ -3499,6 +3500,21 @@ module Aws::AccessAnalyzer
|
|
3499
3500
|
# such as managed policy or Amazon S3 bucket policy.
|
3500
3501
|
# @return [String]
|
3501
3502
|
#
|
3503
|
+
# @!attribute [rw] validate_policy_resource_type
|
3504
|
+
# The type of resource to attach to your resource policy. Specify a
|
3505
|
+
# value for the policy validation resource type only if the policy
|
3506
|
+
# type is `RESOURCE_POLICY`. For example, to validate a resource
|
3507
|
+
# policy to attach to an Amazon S3 bucket, you can choose
|
3508
|
+
# `AWS::S3::Bucket` for the policy validation resource type.
|
3509
|
+
#
|
3510
|
+
# For resource types not supported as valid values, IAM Access
|
3511
|
+
# Analyzer runs policy checks that apply to all resource policies. For
|
3512
|
+
# example, to validate a resource policy to attach to a KMS key, do
|
3513
|
+
# not specify a value for the policy validation resource type and IAM
|
3514
|
+
# Access Analyzer will run policy checks that apply to all resource
|
3515
|
+
# policies.
|
3516
|
+
# @return [String]
|
3517
|
+
#
|
3502
3518
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyRequest AWS API Documentation
|
3503
3519
|
#
|
3504
3520
|
class ValidatePolicyRequest < Struct.new(
|
@@ -3506,7 +3522,8 @@ module Aws::AccessAnalyzer
|
|
3506
3522
|
:max_results,
|
3507
3523
|
:next_token,
|
3508
3524
|
:policy_document,
|
3509
|
-
:policy_type
|
3525
|
+
:policy_type,
|
3526
|
+
:validate_policy_resource_type)
|
3510
3527
|
SENSITIVE = []
|
3511
3528
|
include Aws::Structure
|
3512
3529
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-accessanalyzer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.28.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-02-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.126.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.126.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|