aws-sdk-accessanalyzer 1.28.0 → 1.30.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +254 -252
- data/lib/aws-sdk-accessanalyzer/client_api.rb +100 -100
- data/lib/aws-sdk-accessanalyzer/errors.rb +5 -5
- data/lib/aws-sdk-accessanalyzer/types.rb +666 -666
- data/lib/aws-sdk-accessanalyzer.rb +1 -1
- metadata +4 -4
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
30
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
31
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
32
33
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
@@ -75,6 +76,7 @@ module Aws::AccessAnalyzer
|
|
75
76
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
76
77
|
add_plugin(Aws::Plugins::TransferEncoding)
|
77
78
|
add_plugin(Aws::Plugins::HttpChecksum)
|
79
|
+
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
78
80
|
add_plugin(Aws::Plugins::DefaultsMode)
|
79
81
|
add_plugin(Aws::Plugins::RecursionDetection)
|
80
82
|
add_plugin(Aws::Plugins::SignatureV4)
|
@@ -355,23 +357,23 @@ module Aws::AccessAnalyzer
|
|
355
357
|
# @option params [required, String] :analyzer_arn
|
356
358
|
# The Amazon resource name (ARN) of the analyzer.
|
357
359
|
#
|
360
|
+
# @option params [required, String] :rule_name
|
361
|
+
# The name of the rule to apply.
|
362
|
+
#
|
358
363
|
# @option params [String] :client_token
|
359
364
|
# A client token.
|
360
365
|
#
|
361
366
|
# **A suitable default value is auto-generated.** You should normally
|
362
367
|
# not need to pass this option.**
|
363
368
|
#
|
364
|
-
# @option params [required, String] :rule_name
|
365
|
-
# The name of the rule to apply.
|
366
|
-
#
|
367
369
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
368
370
|
#
|
369
371
|
# @example Request syntax with placeholder values
|
370
372
|
#
|
371
373
|
# resp = client.apply_archive_rule({
|
372
374
|
# analyzer_arn: "AnalyzerArn", # required
|
373
|
-
# client_token: "String",
|
374
375
|
# rule_name: "Name", # required
|
376
|
+
# client_token: "String",
|
375
377
|
# })
|
376
378
|
#
|
377
379
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ApplyArchiveRule AWS API Documentation
|
@@ -421,12 +423,6 @@ module Aws::AccessAnalyzer
|
|
421
423
|
#
|
422
424
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
423
425
|
#
|
424
|
-
# @option params [String] :client_token
|
425
|
-
# A client token.
|
426
|
-
#
|
427
|
-
# **A suitable default value is auto-generated.** You should normally
|
428
|
-
# not need to pass this option.**
|
429
|
-
#
|
430
426
|
# @option params [required, Hash<String,Types::Configuration>] :configurations
|
431
427
|
# Access control configuration for your resource that is used to
|
432
428
|
# generate the access preview. The access preview includes findings for
|
@@ -434,6 +430,12 @@ module Aws::AccessAnalyzer
|
|
434
430
|
# control configuration. The configuration must contain exactly one
|
435
431
|
# element.
|
436
432
|
#
|
433
|
+
# @option params [String] :client_token
|
434
|
+
# A client token.
|
435
|
+
#
|
436
|
+
# **A suitable default value is auto-generated.** You should normally
|
437
|
+
# not need to pass this option.**
|
438
|
+
#
|
437
439
|
# @return [Types::CreateAccessPreviewResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
438
440
|
#
|
439
441
|
# * {Types::CreateAccessPreviewResponse#id #id} => String
|
@@ -442,15 +444,20 @@ module Aws::AccessAnalyzer
|
|
442
444
|
#
|
443
445
|
# resp = client.create_access_preview({
|
444
446
|
# analyzer_arn: "AnalyzerArn", # required
|
445
|
-
# client_token: "String",
|
446
447
|
# configurations: { # required
|
447
448
|
# "ConfigurationsMapKey" => {
|
448
449
|
# iam_role: {
|
449
450
|
# trust_policy: "IamTrustPolicy",
|
450
451
|
# },
|
451
452
|
# kms_key: {
|
453
|
+
# key_policies: {
|
454
|
+
# "PolicyName" => "KmsKeyPolicy",
|
455
|
+
# },
|
452
456
|
# grants: [
|
453
457
|
# {
|
458
|
+
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
459
|
+
# grantee_principal: "GranteePrincipal", # required
|
460
|
+
# retiring_principal: "RetiringPrincipal",
|
454
461
|
# constraints: {
|
455
462
|
# encryption_context_equals: {
|
456
463
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
@@ -459,57 +466,52 @@ module Aws::AccessAnalyzer
|
|
459
466
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
460
467
|
# },
|
461
468
|
# },
|
462
|
-
# grantee_principal: "GranteePrincipal", # required
|
463
469
|
# issuing_account: "IssuingAccount", # required
|
464
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
465
|
-
# retiring_principal: "RetiringPrincipal",
|
466
470
|
# },
|
467
471
|
# ],
|
468
|
-
#
|
469
|
-
#
|
470
|
-
#
|
472
|
+
# },
|
473
|
+
# secrets_manager_secret: {
|
474
|
+
# kms_key_id: "SecretsManagerSecretKmsId",
|
475
|
+
# secret_policy: "SecretsManagerSecretPolicy",
|
471
476
|
# },
|
472
477
|
# s3_bucket: {
|
473
|
-
#
|
474
|
-
# "AccessPointArn" => {
|
475
|
-
# access_point_policy: "AccessPointPolicy",
|
476
|
-
# network_origin: {
|
477
|
-
# internet_configuration: {
|
478
|
-
# },
|
479
|
-
# vpc_configuration: {
|
480
|
-
# vpc_id: "VpcId", # required
|
481
|
-
# },
|
482
|
-
# },
|
483
|
-
# public_access_block: {
|
484
|
-
# ignore_public_acls: false, # required
|
485
|
-
# restrict_public_buckets: false, # required
|
486
|
-
# },
|
487
|
-
# },
|
488
|
-
# },
|
478
|
+
# bucket_policy: "S3BucketPolicy",
|
489
479
|
# bucket_acl_grants: [
|
490
480
|
# {
|
481
|
+
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
491
482
|
# grantee: { # required
|
492
483
|
# id: "AclCanonicalId",
|
493
484
|
# uri: "AclUri",
|
494
485
|
# },
|
495
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
496
486
|
# },
|
497
487
|
# ],
|
498
|
-
# bucket_policy: "S3BucketPolicy",
|
499
488
|
# bucket_public_access_block: {
|
500
489
|
# ignore_public_acls: false, # required
|
501
490
|
# restrict_public_buckets: false, # required
|
502
491
|
# },
|
503
|
-
#
|
504
|
-
#
|
505
|
-
#
|
506
|
-
#
|
492
|
+
# access_points: {
|
493
|
+
# "AccessPointArn" => {
|
494
|
+
# access_point_policy: "AccessPointPolicy",
|
495
|
+
# public_access_block: {
|
496
|
+
# ignore_public_acls: false, # required
|
497
|
+
# restrict_public_buckets: false, # required
|
498
|
+
# },
|
499
|
+
# network_origin: {
|
500
|
+
# vpc_configuration: {
|
501
|
+
# vpc_id: "VpcId", # required
|
502
|
+
# },
|
503
|
+
# internet_configuration: {
|
504
|
+
# },
|
505
|
+
# },
|
506
|
+
# },
|
507
|
+
# },
|
507
508
|
# },
|
508
509
|
# sqs_queue: {
|
509
510
|
# queue_policy: "SqsQueuePolicy",
|
510
511
|
# },
|
511
512
|
# },
|
512
513
|
# },
|
514
|
+
# client_token: "String",
|
513
515
|
# })
|
514
516
|
#
|
515
517
|
# @example Response structure
|
@@ -530,26 +532,26 @@ module Aws::AccessAnalyzer
|
|
530
532
|
# @option params [required, String] :analyzer_name
|
531
533
|
# The name of the analyzer to create.
|
532
534
|
#
|
535
|
+
# @option params [required, String] :type
|
536
|
+
# The type of analyzer to create. Only ACCOUNT and ORGANIZATION
|
537
|
+
# analyzers are supported. You can create only one analyzer per account
|
538
|
+
# per Region. You can create up to 5 analyzers per organization per
|
539
|
+
# Region.
|
540
|
+
#
|
533
541
|
# @option params [Array<Types::InlineArchiveRule>] :archive_rules
|
534
542
|
# Specifies the archive rules to add for the analyzer. Archive rules
|
535
543
|
# automatically archive findings that meet the criteria you define for
|
536
544
|
# the rule.
|
537
545
|
#
|
546
|
+
# @option params [Hash<String,String>] :tags
|
547
|
+
# The tags to apply to the analyzer.
|
548
|
+
#
|
538
549
|
# @option params [String] :client_token
|
539
550
|
# A client token.
|
540
551
|
#
|
541
552
|
# **A suitable default value is auto-generated.** You should normally
|
542
553
|
# not need to pass this option.**
|
543
554
|
#
|
544
|
-
# @option params [Hash<String,String>] :tags
|
545
|
-
# The tags to apply to the analyzer.
|
546
|
-
#
|
547
|
-
# @option params [required, String] :type
|
548
|
-
# The type of analyzer to create. Only ACCOUNT and ORGANIZATION
|
549
|
-
# analyzers are supported. You can create only one analyzer per account
|
550
|
-
# per Region. You can create up to 5 analyzers per organization per
|
551
|
-
# Region.
|
552
|
-
#
|
553
555
|
# @return [Types::CreateAnalyzerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
554
556
|
#
|
555
557
|
# * {Types::CreateAnalyzerResponse#arn #arn} => String
|
@@ -558,24 +560,24 @@ module Aws::AccessAnalyzer
|
|
558
560
|
#
|
559
561
|
# resp = client.create_analyzer({
|
560
562
|
# analyzer_name: "Name", # required
|
563
|
+
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
|
561
564
|
# archive_rules: [
|
562
565
|
# {
|
566
|
+
# rule_name: "Name", # required
|
563
567
|
# filter: { # required
|
564
568
|
# "String" => {
|
565
|
-
# contains: ["String"],
|
566
569
|
# eq: ["String"],
|
567
|
-
# exists: false,
|
568
570
|
# neq: ["String"],
|
571
|
+
# contains: ["String"],
|
572
|
+
# exists: false,
|
569
573
|
# },
|
570
574
|
# },
|
571
|
-
# rule_name: "Name", # required
|
572
575
|
# },
|
573
576
|
# ],
|
574
|
-
# client_token: "String",
|
575
577
|
# tags: {
|
576
578
|
# "String" => "String",
|
577
579
|
# },
|
578
|
-
#
|
580
|
+
# client_token: "String",
|
579
581
|
# })
|
580
582
|
#
|
581
583
|
# @example Response structure
|
@@ -605,34 +607,34 @@ module Aws::AccessAnalyzer
|
|
605
607
|
# @option params [required, String] :analyzer_name
|
606
608
|
# The name of the created analyzer.
|
607
609
|
#
|
610
|
+
# @option params [required, String] :rule_name
|
611
|
+
# The name of the rule to create.
|
612
|
+
#
|
613
|
+
# @option params [required, Hash<String,Types::Criterion>] :filter
|
614
|
+
# The criteria for the rule.
|
615
|
+
#
|
608
616
|
# @option params [String] :client_token
|
609
617
|
# A client token.
|
610
618
|
#
|
611
619
|
# **A suitable default value is auto-generated.** You should normally
|
612
620
|
# not need to pass this option.**
|
613
621
|
#
|
614
|
-
# @option params [required, Hash<String,Types::Criterion>] :filter
|
615
|
-
# The criteria for the rule.
|
616
|
-
#
|
617
|
-
# @option params [required, String] :rule_name
|
618
|
-
# The name of the rule to create.
|
619
|
-
#
|
620
622
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
621
623
|
#
|
622
624
|
# @example Request syntax with placeholder values
|
623
625
|
#
|
624
626
|
# resp = client.create_archive_rule({
|
625
627
|
# analyzer_name: "Name", # required
|
626
|
-
#
|
628
|
+
# rule_name: "Name", # required
|
627
629
|
# filter: { # required
|
628
630
|
# "String" => {
|
629
|
-
# contains: ["String"],
|
630
631
|
# eq: ["String"],
|
631
|
-
# exists: false,
|
632
632
|
# neq: ["String"],
|
633
|
+
# contains: ["String"],
|
634
|
+
# exists: false,
|
633
635
|
# },
|
634
636
|
# },
|
635
|
-
#
|
637
|
+
# client_token: "String",
|
636
638
|
# })
|
637
639
|
#
|
638
640
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateArchiveRule AWS API Documentation
|
@@ -682,23 +684,23 @@ module Aws::AccessAnalyzer
|
|
682
684
|
# The name of the analyzer that associated with the archive rule to
|
683
685
|
# delete.
|
684
686
|
#
|
687
|
+
# @option params [required, String] :rule_name
|
688
|
+
# The name of the rule to delete.
|
689
|
+
#
|
685
690
|
# @option params [String] :client_token
|
686
691
|
# A client token.
|
687
692
|
#
|
688
693
|
# **A suitable default value is auto-generated.** You should normally
|
689
694
|
# not need to pass this option.**
|
690
695
|
#
|
691
|
-
# @option params [required, String] :rule_name
|
692
|
-
# The name of the rule to delete.
|
693
|
-
#
|
694
696
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
695
697
|
#
|
696
698
|
# @example Request syntax with placeholder values
|
697
699
|
#
|
698
700
|
# resp = client.delete_archive_rule({
|
699
701
|
# analyzer_name: "Name", # required
|
700
|
-
# client_token: "String",
|
701
702
|
# rule_name: "Name", # required
|
703
|
+
# client_token: "String",
|
702
704
|
# })
|
703
705
|
#
|
704
706
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/DeleteArchiveRule AWS API Documentation
|
@@ -736,38 +738,38 @@ module Aws::AccessAnalyzer
|
|
736
738
|
#
|
737
739
|
# @example Response structure
|
738
740
|
#
|
741
|
+
# resp.access_preview.id #=> String
|
739
742
|
# resp.access_preview.analyzer_arn #=> String
|
740
743
|
# resp.access_preview.configurations #=> Hash
|
741
744
|
# resp.access_preview.configurations["ConfigurationsMapKey"].iam_role.trust_policy #=> String
|
745
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies #=> Hash
|
746
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies["PolicyName"] #=> String
|
742
747
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants #=> Array
|
748
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations #=> Array
|
749
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations[0] #=> String, one of "CreateGrant", "Decrypt", "DescribeKey", "Encrypt", "GenerateDataKey", "GenerateDataKeyPair", "GenerateDataKeyPairWithoutPlaintext", "GenerateDataKeyWithoutPlaintext", "GetPublicKey", "ReEncryptFrom", "ReEncryptTo", "RetireGrant", "Sign", "Verify"
|
750
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].grantee_principal #=> String
|
751
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].retiring_principal #=> String
|
743
752
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_equals #=> Hash
|
744
753
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_equals["KmsConstraintsKey"] #=> String
|
745
754
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_subset #=> Hash
|
746
755
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_subset["KmsConstraintsKey"] #=> String
|
747
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].grantee_principal #=> String
|
748
756
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].issuing_account #=> String
|
749
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
750
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
751
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
752
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies #=> Hash
|
753
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies["PolicyName"] #=> String
|
754
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points #=> Hash
|
755
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].access_point_policy #=> String
|
756
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].network_origin.vpc_configuration.vpc_id #=> String
|
757
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.ignore_public_acls #=> Boolean
|
758
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.restrict_public_buckets #=> Boolean
|
757
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.kms_key_id #=> String
|
758
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.secret_policy #=> String
|
759
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_policy #=> String
|
759
760
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants #=> Array
|
761
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].permission #=> String, one of "READ", "WRITE", "READ_ACP", "WRITE_ACP", "FULL_CONTROL"
|
760
762
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].grantee.id #=> String
|
761
763
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].grantee.uri #=> String
|
762
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].permission #=> String, one of "READ", "WRITE", "READ_ACP", "WRITE_ACP", "FULL_CONTROL"
|
763
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_policy #=> String
|
764
764
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_public_access_block.ignore_public_acls #=> Boolean
|
765
765
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_public_access_block.restrict_public_buckets #=> Boolean
|
766
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
767
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
766
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points #=> Hash
|
767
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].access_point_policy #=> String
|
768
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.ignore_public_acls #=> Boolean
|
769
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.restrict_public_buckets #=> Boolean
|
770
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].network_origin.vpc_configuration.vpc_id #=> String
|
768
771
|
# resp.access_preview.configurations["ConfigurationsMapKey"].sqs_queue.queue_policy #=> String
|
769
772
|
# resp.access_preview.created_at #=> Time
|
770
|
-
# resp.access_preview.id #=> String
|
771
773
|
# resp.access_preview.status #=> String, one of "COMPLETED", "CREATING", "FAILED"
|
772
774
|
# resp.access_preview.status_reason.code #=> String, one of "INTERNAL_ERROR", "INVALID_CONFIGURATION"
|
773
775
|
#
|
@@ -805,19 +807,19 @@ module Aws::AccessAnalyzer
|
|
805
807
|
#
|
806
808
|
# @example Response structure
|
807
809
|
#
|
808
|
-
# resp.resource.actions #=> Array
|
809
|
-
# resp.resource.actions[0] #=> String
|
810
|
-
# resp.resource.analyzed_at #=> Time
|
811
|
-
# resp.resource.created_at #=> Time
|
812
|
-
# resp.resource.error #=> String
|
813
|
-
# resp.resource.is_public #=> Boolean
|
814
810
|
# resp.resource.resource_arn #=> String
|
815
|
-
# resp.resource.resource_owner_account #=> String
|
816
811
|
# resp.resource.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
|
812
|
+
# resp.resource.created_at #=> Time
|
813
|
+
# resp.resource.analyzed_at #=> Time
|
814
|
+
# resp.resource.updated_at #=> Time
|
815
|
+
# resp.resource.is_public #=> Boolean
|
816
|
+
# resp.resource.actions #=> Array
|
817
|
+
# resp.resource.actions[0] #=> String
|
817
818
|
# resp.resource.shared_via #=> Array
|
818
819
|
# resp.resource.shared_via[0] #=> String
|
819
820
|
# resp.resource.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
820
|
-
# resp.resource.
|
821
|
+
# resp.resource.resource_owner_account #=> String
|
822
|
+
# resp.resource.error #=> String
|
821
823
|
#
|
822
824
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzedResource AWS API Documentation
|
823
825
|
#
|
@@ -846,15 +848,15 @@ module Aws::AccessAnalyzer
|
|
846
848
|
# @example Response structure
|
847
849
|
#
|
848
850
|
# resp.analyzer.arn #=> String
|
851
|
+
# resp.analyzer.name #=> String
|
852
|
+
# resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION"
|
849
853
|
# resp.analyzer.created_at #=> Time
|
850
854
|
# resp.analyzer.last_resource_analyzed #=> String
|
851
855
|
# resp.analyzer.last_resource_analyzed_at #=> Time
|
852
|
-
# resp.analyzer.name #=> String
|
853
|
-
# resp.analyzer.status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
854
|
-
# resp.analyzer.status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
855
856
|
# resp.analyzer.tags #=> Hash
|
856
857
|
# resp.analyzer.tags["String"] #=> String
|
857
|
-
# resp.analyzer.
|
858
|
+
# resp.analyzer.status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
859
|
+
# resp.analyzer.status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
858
860
|
#
|
859
861
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzer AWS API Documentation
|
860
862
|
#
|
@@ -893,16 +895,16 @@ module Aws::AccessAnalyzer
|
|
893
895
|
#
|
894
896
|
# @example Response structure
|
895
897
|
#
|
896
|
-
# resp.archive_rule.
|
898
|
+
# resp.archive_rule.rule_name #=> String
|
897
899
|
# resp.archive_rule.filter #=> Hash
|
898
|
-
# resp.archive_rule.filter["String"].contains #=> Array
|
899
|
-
# resp.archive_rule.filter["String"].contains[0] #=> String
|
900
900
|
# resp.archive_rule.filter["String"].eq #=> Array
|
901
901
|
# resp.archive_rule.filter["String"].eq[0] #=> String
|
902
|
-
# resp.archive_rule.filter["String"].exists #=> Boolean
|
903
902
|
# resp.archive_rule.filter["String"].neq #=> Array
|
904
903
|
# resp.archive_rule.filter["String"].neq[0] #=> String
|
905
|
-
# resp.archive_rule.
|
904
|
+
# resp.archive_rule.filter["String"].contains #=> Array
|
905
|
+
# resp.archive_rule.filter["String"].contains[0] #=> String
|
906
|
+
# resp.archive_rule.filter["String"].exists #=> Boolean
|
907
|
+
# resp.archive_rule.created_at #=> Time
|
906
908
|
# resp.archive_rule.updated_at #=> Time
|
907
909
|
#
|
908
910
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetArchiveRule AWS API Documentation
|
@@ -939,25 +941,25 @@ module Aws::AccessAnalyzer
|
|
939
941
|
#
|
940
942
|
# @example Response structure
|
941
943
|
#
|
944
|
+
# resp.finding.id #=> String
|
945
|
+
# resp.finding.principal #=> Hash
|
946
|
+
# resp.finding.principal["String"] #=> String
|
942
947
|
# resp.finding.action #=> Array
|
943
948
|
# resp.finding.action[0] #=> String
|
944
|
-
# resp.finding.
|
949
|
+
# resp.finding.resource #=> String
|
950
|
+
# resp.finding.is_public #=> Boolean
|
951
|
+
# resp.finding.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
|
945
952
|
# resp.finding.condition #=> Hash
|
946
953
|
# resp.finding.condition["String"] #=> String
|
947
954
|
# resp.finding.created_at #=> Time
|
948
|
-
# resp.finding.
|
949
|
-
# resp.finding.
|
950
|
-
# resp.finding.
|
951
|
-
# resp.finding.principal #=> Hash
|
952
|
-
# resp.finding.principal["String"] #=> String
|
953
|
-
# resp.finding.resource #=> String
|
955
|
+
# resp.finding.analyzed_at #=> Time
|
956
|
+
# resp.finding.updated_at #=> Time
|
957
|
+
# resp.finding.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
954
958
|
# resp.finding.resource_owner_account #=> String
|
955
|
-
# resp.finding.
|
959
|
+
# resp.finding.error #=> String
|
956
960
|
# resp.finding.sources #=> Array
|
957
|
-
# resp.finding.sources[0].detail.access_point_arn #=> String
|
958
961
|
# resp.finding.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
|
959
|
-
# resp.finding.
|
960
|
-
# resp.finding.updated_at #=> Time
|
962
|
+
# resp.finding.sources[0].detail.access_point_arn #=> String
|
961
963
|
#
|
962
964
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFinding AWS API Documentation
|
963
965
|
#
|
@@ -970,6 +972,12 @@ module Aws::AccessAnalyzer
|
|
970
972
|
|
971
973
|
# Retrieves the policy that was generated using `StartPolicyGeneration`.
|
972
974
|
#
|
975
|
+
# @option params [required, String] :job_id
|
976
|
+
# The `JobId` that is returned by the `StartPolicyGeneration` operation.
|
977
|
+
# The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
|
978
|
+
# generated policies or used with `CancelPolicyGeneration` to cancel the
|
979
|
+
# policy generation request.
|
980
|
+
#
|
973
981
|
# @option params [Boolean] :include_resource_placeholders
|
974
982
|
# The level of detail that you want to generate. You can specify whether
|
975
983
|
# to generate policies with placeholders for resource ARNs for actions
|
@@ -987,44 +995,38 @@ module Aws::AccessAnalyzer
|
|
987
995
|
# services that have been used recently to create this service-level
|
988
996
|
# template.
|
989
997
|
#
|
990
|
-
# @option params [required, String] :job_id
|
991
|
-
# The `JobId` that is returned by the `StartPolicyGeneration` operation.
|
992
|
-
# The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
|
993
|
-
# generated policies or used with `CancelPolicyGeneration` to cancel the
|
994
|
-
# policy generation request.
|
995
|
-
#
|
996
998
|
# @return [Types::GetGeneratedPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
997
999
|
#
|
998
|
-
# * {Types::GetGeneratedPolicyResponse#generated_policy_result #generated_policy_result} => Types::GeneratedPolicyResult
|
999
1000
|
# * {Types::GetGeneratedPolicyResponse#job_details #job_details} => Types::JobDetails
|
1001
|
+
# * {Types::GetGeneratedPolicyResponse#generated_policy_result #generated_policy_result} => Types::GeneratedPolicyResult
|
1000
1002
|
#
|
1001
1003
|
# @example Request syntax with placeholder values
|
1002
1004
|
#
|
1003
1005
|
# resp = client.get_generated_policy({
|
1006
|
+
# job_id: "JobId", # required
|
1004
1007
|
# include_resource_placeholders: false,
|
1005
1008
|
# include_service_level_template: false,
|
1006
|
-
# job_id: "JobId", # required
|
1007
1009
|
# })
|
1008
1010
|
#
|
1009
1011
|
# @example Response structure
|
1010
1012
|
#
|
1011
|
-
# resp.
|
1012
|
-
# resp.
|
1013
|
-
# resp.
|
1014
|
-
# resp.
|
1013
|
+
# resp.job_details.job_id #=> String
|
1014
|
+
# resp.job_details.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
|
1015
|
+
# resp.job_details.started_on #=> Time
|
1016
|
+
# resp.job_details.completed_on #=> Time
|
1017
|
+
# resp.job_details.job_error.code #=> String, one of "AUTHORIZATION_ERROR", "RESOURCE_NOT_FOUND_ERROR", "SERVICE_QUOTA_EXCEEDED_ERROR", "SERVICE_ERROR"
|
1018
|
+
# resp.job_details.job_error.message #=> String
|
1019
|
+
# resp.generated_policy_result.properties.is_complete #=> Boolean
|
1020
|
+
# resp.generated_policy_result.properties.principal_arn #=> String
|
1015
1021
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties #=> Array
|
1016
|
-
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].all_regions #=> Boolean
|
1017
1022
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].cloud_trail_arn #=> String
|
1018
1023
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions #=> Array
|
1019
1024
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions[0] #=> String
|
1020
|
-
# resp.generated_policy_result.properties.
|
1021
|
-
# resp.generated_policy_result.properties.
|
1022
|
-
# resp.
|
1023
|
-
# resp.
|
1024
|
-
# resp.
|
1025
|
-
# resp.job_details.job_id #=> String
|
1026
|
-
# resp.job_details.started_on #=> Time
|
1027
|
-
# resp.job_details.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
|
1025
|
+
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].all_regions #=> Boolean
|
1026
|
+
# resp.generated_policy_result.properties.cloud_trail_properties.start_time #=> Time
|
1027
|
+
# resp.generated_policy_result.properties.cloud_trail_properties.end_time #=> Time
|
1028
|
+
# resp.generated_policy_result.generated_policies #=> Array
|
1029
|
+
# resp.generated_policy_result.generated_policies[0].policy #=> String
|
1028
1030
|
#
|
1029
1031
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicy AWS API Documentation
|
1030
1032
|
#
|
@@ -1051,12 +1053,12 @@ module Aws::AccessAnalyzer
|
|
1051
1053
|
# @option params [Hash<String,Types::Criterion>] :filter
|
1052
1054
|
# Criteria to filter the returned findings.
|
1053
1055
|
#
|
1054
|
-
# @option params [Integer] :max_results
|
1055
|
-
# The maximum number of results to return in the response.
|
1056
|
-
#
|
1057
1056
|
# @option params [String] :next_token
|
1058
1057
|
# A token used for pagination of results returned.
|
1059
1058
|
#
|
1059
|
+
# @option params [Integer] :max_results
|
1060
|
+
# The maximum number of results to return in the response.
|
1061
|
+
#
|
1060
1062
|
# @return [Types::ListAccessPreviewFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1061
1063
|
#
|
1062
1064
|
# * {Types::ListAccessPreviewFindingsResponse#findings #findings} => Array<Types::AccessPreviewFinding>
|
@@ -1071,39 +1073,39 @@ module Aws::AccessAnalyzer
|
|
1071
1073
|
# analyzer_arn: "AnalyzerArn", # required
|
1072
1074
|
# filter: {
|
1073
1075
|
# "String" => {
|
1074
|
-
# contains: ["String"],
|
1075
1076
|
# eq: ["String"],
|
1076
|
-
# exists: false,
|
1077
1077
|
# neq: ["String"],
|
1078
|
+
# contains: ["String"],
|
1079
|
+
# exists: false,
|
1078
1080
|
# },
|
1079
1081
|
# },
|
1080
|
-
# max_results: 1,
|
1081
1082
|
# next_token: "Token",
|
1083
|
+
# max_results: 1,
|
1082
1084
|
# })
|
1083
1085
|
#
|
1084
1086
|
# @example Response structure
|
1085
1087
|
#
|
1086
1088
|
# resp.findings #=> Array
|
1087
|
-
# resp.findings[0].
|
1088
|
-
# resp.findings[0].action[0] #=> String
|
1089
|
-
# resp.findings[0].change_type #=> String, one of "CHANGED", "NEW", "UNCHANGED"
|
1090
|
-
# resp.findings[0].condition #=> Hash
|
1091
|
-
# resp.findings[0].condition["String"] #=> String
|
1092
|
-
# resp.findings[0].created_at #=> Time
|
1093
|
-
# resp.findings[0].error #=> String
|
1089
|
+
# resp.findings[0].id #=> String
|
1094
1090
|
# resp.findings[0].existing_finding_id #=> String
|
1095
1091
|
# resp.findings[0].existing_finding_status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
1096
|
-
# resp.findings[0].id #=> String
|
1097
|
-
# resp.findings[0].is_public #=> Boolean
|
1098
1092
|
# resp.findings[0].principal #=> Hash
|
1099
1093
|
# resp.findings[0].principal["String"] #=> String
|
1094
|
+
# resp.findings[0].action #=> Array
|
1095
|
+
# resp.findings[0].action[0] #=> String
|
1096
|
+
# resp.findings[0].condition #=> Hash
|
1097
|
+
# resp.findings[0].condition["String"] #=> String
|
1100
1098
|
# resp.findings[0].resource #=> String
|
1101
|
-
# resp.findings[0].
|
1099
|
+
# resp.findings[0].is_public #=> Boolean
|
1102
1100
|
# resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
|
1101
|
+
# resp.findings[0].created_at #=> Time
|
1102
|
+
# resp.findings[0].change_type #=> String, one of "CHANGED", "NEW", "UNCHANGED"
|
1103
|
+
# resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
1104
|
+
# resp.findings[0].resource_owner_account #=> String
|
1105
|
+
# resp.findings[0].error #=> String
|
1103
1106
|
# resp.findings[0].sources #=> Array
|
1104
|
-
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
1105
1107
|
# resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
|
1106
|
-
# resp.findings[0].
|
1108
|
+
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
1107
1109
|
# resp.next_token #=> String
|
1108
1110
|
#
|
1109
1111
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindings AWS API Documentation
|
@@ -1124,12 +1126,12 @@ module Aws::AccessAnalyzer
|
|
1124
1126
|
#
|
1125
1127
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1126
1128
|
#
|
1127
|
-
# @option params [Integer] :max_results
|
1128
|
-
# The maximum number of results to return in the response.
|
1129
|
-
#
|
1130
1129
|
# @option params [String] :next_token
|
1131
1130
|
# A token used for pagination of results returned.
|
1132
1131
|
#
|
1132
|
+
# @option params [Integer] :max_results
|
1133
|
+
# The maximum number of results to return in the response.
|
1134
|
+
#
|
1133
1135
|
# @return [Types::ListAccessPreviewsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1134
1136
|
#
|
1135
1137
|
# * {Types::ListAccessPreviewsResponse#access_previews #access_previews} => Array<Types::AccessPreviewSummary>
|
@@ -1141,16 +1143,16 @@ module Aws::AccessAnalyzer
|
|
1141
1143
|
#
|
1142
1144
|
# resp = client.list_access_previews({
|
1143
1145
|
# analyzer_arn: "AnalyzerArn", # required
|
1144
|
-
# max_results: 1,
|
1145
1146
|
# next_token: "Token",
|
1147
|
+
# max_results: 1,
|
1146
1148
|
# })
|
1147
1149
|
#
|
1148
1150
|
# @example Response structure
|
1149
1151
|
#
|
1150
1152
|
# resp.access_previews #=> Array
|
1153
|
+
# resp.access_previews[0].id #=> String
|
1151
1154
|
# resp.access_previews[0].analyzer_arn #=> String
|
1152
1155
|
# resp.access_previews[0].created_at #=> Time
|
1153
|
-
# resp.access_previews[0].id #=> String
|
1154
1156
|
# resp.access_previews[0].status #=> String, one of "COMPLETED", "CREATING", "FAILED"
|
1155
1157
|
# resp.access_previews[0].status_reason.code #=> String, one of "INTERNAL_ERROR", "INVALID_CONFIGURATION"
|
1156
1158
|
# resp.next_token #=> String
|
@@ -1175,14 +1177,14 @@ module Aws::AccessAnalyzer
|
|
1175
1177
|
#
|
1176
1178
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1177
1179
|
#
|
1178
|
-
# @option params [
|
1179
|
-
# The
|
1180
|
+
# @option params [String] :resource_type
|
1181
|
+
# The type of resource.
|
1180
1182
|
#
|
1181
1183
|
# @option params [String] :next_token
|
1182
1184
|
# A token used for pagination of results returned.
|
1183
1185
|
#
|
1184
|
-
# @option params [
|
1185
|
-
# The
|
1186
|
+
# @option params [Integer] :max_results
|
1187
|
+
# The maximum number of results to return in the response.
|
1186
1188
|
#
|
1187
1189
|
# @return [Types::ListAnalyzedResourcesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1188
1190
|
#
|
@@ -1195,9 +1197,9 @@ module Aws::AccessAnalyzer
|
|
1195
1197
|
#
|
1196
1198
|
# resp = client.list_analyzed_resources({
|
1197
1199
|
# analyzer_arn: "AnalyzerArn", # required
|
1198
|
-
# max_results: 1,
|
1199
|
-
# next_token: "Token",
|
1200
1200
|
# resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
|
1201
|
+
# next_token: "Token",
|
1202
|
+
# max_results: 1,
|
1201
1203
|
# })
|
1202
1204
|
#
|
1203
1205
|
# @example Response structure
|
@@ -1219,12 +1221,12 @@ module Aws::AccessAnalyzer
|
|
1219
1221
|
|
1220
1222
|
# Retrieves a list of analyzers.
|
1221
1223
|
#
|
1222
|
-
# @option params [Integer] :max_results
|
1223
|
-
# The maximum number of results to return in the response.
|
1224
|
-
#
|
1225
1224
|
# @option params [String] :next_token
|
1226
1225
|
# A token used for pagination of results returned.
|
1227
1226
|
#
|
1227
|
+
# @option params [Integer] :max_results
|
1228
|
+
# The maximum number of results to return in the response.
|
1229
|
+
#
|
1228
1230
|
# @option params [String] :type
|
1229
1231
|
# The type of analyzer.
|
1230
1232
|
#
|
@@ -1238,8 +1240,8 @@ module Aws::AccessAnalyzer
|
|
1238
1240
|
# @example Request syntax with placeholder values
|
1239
1241
|
#
|
1240
1242
|
# resp = client.list_analyzers({
|
1241
|
-
# max_results: 1,
|
1242
1243
|
# next_token: "Token",
|
1244
|
+
# max_results: 1,
|
1243
1245
|
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
|
1244
1246
|
# })
|
1245
1247
|
#
|
@@ -1247,15 +1249,15 @@ module Aws::AccessAnalyzer
|
|
1247
1249
|
#
|
1248
1250
|
# resp.analyzers #=> Array
|
1249
1251
|
# resp.analyzers[0].arn #=> String
|
1252
|
+
# resp.analyzers[0].name #=> String
|
1253
|
+
# resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION"
|
1250
1254
|
# resp.analyzers[0].created_at #=> Time
|
1251
1255
|
# resp.analyzers[0].last_resource_analyzed #=> String
|
1252
1256
|
# resp.analyzers[0].last_resource_analyzed_at #=> Time
|
1253
|
-
# resp.analyzers[0].name #=> String
|
1254
|
-
# resp.analyzers[0].status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
1255
|
-
# resp.analyzers[0].status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
1256
1257
|
# resp.analyzers[0].tags #=> Hash
|
1257
1258
|
# resp.analyzers[0].tags["String"] #=> String
|
1258
|
-
# resp.analyzers[0].
|
1259
|
+
# resp.analyzers[0].status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
1260
|
+
# resp.analyzers[0].status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
1259
1261
|
# resp.next_token #=> String
|
1260
1262
|
#
|
1261
1263
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers AWS API Documentation
|
@@ -1272,12 +1274,12 @@ module Aws::AccessAnalyzer
|
|
1272
1274
|
# @option params [required, String] :analyzer_name
|
1273
1275
|
# The name of the analyzer to retrieve rules from.
|
1274
1276
|
#
|
1275
|
-
# @option params [Integer] :max_results
|
1276
|
-
# The maximum number of results to return in the request.
|
1277
|
-
#
|
1278
1277
|
# @option params [String] :next_token
|
1279
1278
|
# A token used for pagination of results returned.
|
1280
1279
|
#
|
1280
|
+
# @option params [Integer] :max_results
|
1281
|
+
# The maximum number of results to return in the request.
|
1282
|
+
#
|
1281
1283
|
# @return [Types::ListArchiveRulesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1282
1284
|
#
|
1283
1285
|
# * {Types::ListArchiveRulesResponse#archive_rules #archive_rules} => Array<Types::ArchiveRuleSummary>
|
@@ -1289,23 +1291,23 @@ module Aws::AccessAnalyzer
|
|
1289
1291
|
#
|
1290
1292
|
# resp = client.list_archive_rules({
|
1291
1293
|
# analyzer_name: "Name", # required
|
1292
|
-
# max_results: 1,
|
1293
1294
|
# next_token: "Token",
|
1295
|
+
# max_results: 1,
|
1294
1296
|
# })
|
1295
1297
|
#
|
1296
1298
|
# @example Response structure
|
1297
1299
|
#
|
1298
1300
|
# resp.archive_rules #=> Array
|
1299
|
-
# resp.archive_rules[0].
|
1301
|
+
# resp.archive_rules[0].rule_name #=> String
|
1300
1302
|
# resp.archive_rules[0].filter #=> Hash
|
1301
|
-
# resp.archive_rules[0].filter["String"].contains #=> Array
|
1302
|
-
# resp.archive_rules[0].filter["String"].contains[0] #=> String
|
1303
1303
|
# resp.archive_rules[0].filter["String"].eq #=> Array
|
1304
1304
|
# resp.archive_rules[0].filter["String"].eq[0] #=> String
|
1305
|
-
# resp.archive_rules[0].filter["String"].exists #=> Boolean
|
1306
1305
|
# resp.archive_rules[0].filter["String"].neq #=> Array
|
1307
1306
|
# resp.archive_rules[0].filter["String"].neq[0] #=> String
|
1308
|
-
# resp.archive_rules[0].
|
1307
|
+
# resp.archive_rules[0].filter["String"].contains #=> Array
|
1308
|
+
# resp.archive_rules[0].filter["String"].contains[0] #=> String
|
1309
|
+
# resp.archive_rules[0].filter["String"].exists #=> Boolean
|
1310
|
+
# resp.archive_rules[0].created_at #=> Time
|
1309
1311
|
# resp.archive_rules[0].updated_at #=> Time
|
1310
1312
|
# resp.next_token #=> String
|
1311
1313
|
#
|
@@ -1338,14 +1340,14 @@ module Aws::AccessAnalyzer
|
|
1338
1340
|
# @option params [Hash<String,Types::Criterion>] :filter
|
1339
1341
|
# A filter to match for the findings to return.
|
1340
1342
|
#
|
1341
|
-
# @option params [
|
1342
|
-
# The
|
1343
|
+
# @option params [Types::SortCriteria] :sort
|
1344
|
+
# The sort order for the findings returned.
|
1343
1345
|
#
|
1344
1346
|
# @option params [String] :next_token
|
1345
1347
|
# A token used for pagination of results returned.
|
1346
1348
|
#
|
1347
|
-
# @option params [
|
1348
|
-
# The
|
1349
|
+
# @option params [Integer] :max_results
|
1350
|
+
# The maximum number of results to return in the response.
|
1349
1351
|
#
|
1350
1352
|
# @return [Types::ListFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1351
1353
|
#
|
@@ -1360,42 +1362,42 @@ module Aws::AccessAnalyzer
|
|
1360
1362
|
# analyzer_arn: "AnalyzerArn", # required
|
1361
1363
|
# filter: {
|
1362
1364
|
# "String" => {
|
1363
|
-
# contains: ["String"],
|
1364
1365
|
# eq: ["String"],
|
1365
|
-
# exists: false,
|
1366
1366
|
# neq: ["String"],
|
1367
|
+
# contains: ["String"],
|
1368
|
+
# exists: false,
|
1367
1369
|
# },
|
1368
1370
|
# },
|
1369
|
-
# max_results: 1,
|
1370
|
-
# next_token: "Token",
|
1371
1371
|
# sort: {
|
1372
1372
|
# attribute_name: "String",
|
1373
1373
|
# order_by: "ASC", # accepts ASC, DESC
|
1374
1374
|
# },
|
1375
|
+
# next_token: "Token",
|
1376
|
+
# max_results: 1,
|
1375
1377
|
# })
|
1376
1378
|
#
|
1377
1379
|
# @example Response structure
|
1378
1380
|
#
|
1379
1381
|
# resp.findings #=> Array
|
1382
|
+
# resp.findings[0].id #=> String
|
1383
|
+
# resp.findings[0].principal #=> Hash
|
1384
|
+
# resp.findings[0].principal["String"] #=> String
|
1380
1385
|
# resp.findings[0].action #=> Array
|
1381
1386
|
# resp.findings[0].action[0] #=> String
|
1382
|
-
# resp.findings[0].
|
1387
|
+
# resp.findings[0].resource #=> String
|
1388
|
+
# resp.findings[0].is_public #=> Boolean
|
1389
|
+
# resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
|
1383
1390
|
# resp.findings[0].condition #=> Hash
|
1384
1391
|
# resp.findings[0].condition["String"] #=> String
|
1385
1392
|
# resp.findings[0].created_at #=> Time
|
1386
|
-
# resp.findings[0].
|
1387
|
-
# resp.findings[0].
|
1388
|
-
# resp.findings[0].
|
1389
|
-
# resp.findings[0].principal #=> Hash
|
1390
|
-
# resp.findings[0].principal["String"] #=> String
|
1391
|
-
# resp.findings[0].resource #=> String
|
1393
|
+
# resp.findings[0].analyzed_at #=> Time
|
1394
|
+
# resp.findings[0].updated_at #=> Time
|
1395
|
+
# resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
1392
1396
|
# resp.findings[0].resource_owner_account #=> String
|
1393
|
-
# resp.findings[0].
|
1397
|
+
# resp.findings[0].error #=> String
|
1394
1398
|
# resp.findings[0].sources #=> Array
|
1395
|
-
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
1396
1399
|
# resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
|
1397
|
-
# resp.findings[0].
|
1398
|
-
# resp.findings[0].updated_at #=> Time
|
1400
|
+
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
1399
1401
|
# resp.next_token #=> String
|
1400
1402
|
#
|
1401
1403
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindings AWS API Documentation
|
@@ -1409,41 +1411,41 @@ module Aws::AccessAnalyzer
|
|
1409
1411
|
|
1410
1412
|
# Lists all of the policy generations requested in the last seven days.
|
1411
1413
|
#
|
1414
|
+
# @option params [String] :principal_arn
|
1415
|
+
# The ARN of the IAM entity (user or role) for which you are generating
|
1416
|
+
# a policy. Use this with `ListGeneratedPolicies` to filter the results
|
1417
|
+
# to only include results for a specific principal.
|
1418
|
+
#
|
1412
1419
|
# @option params [Integer] :max_results
|
1413
1420
|
# The maximum number of results to return in the response.
|
1414
1421
|
#
|
1415
1422
|
# @option params [String] :next_token
|
1416
1423
|
# A token used for pagination of results returned.
|
1417
1424
|
#
|
1418
|
-
# @option params [String] :principal_arn
|
1419
|
-
# The ARN of the IAM entity (user or role) for which you are generating
|
1420
|
-
# a policy. Use this with `ListGeneratedPolicies` to filter the results
|
1421
|
-
# to only include results for a specific principal.
|
1422
|
-
#
|
1423
1425
|
# @return [Types::ListPolicyGenerationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1424
1426
|
#
|
1425
|
-
# * {Types::ListPolicyGenerationsResponse#next_token #next_token} => String
|
1426
1427
|
# * {Types::ListPolicyGenerationsResponse#policy_generations #policy_generations} => Array<Types::PolicyGeneration>
|
1428
|
+
# * {Types::ListPolicyGenerationsResponse#next_token #next_token} => String
|
1427
1429
|
#
|
1428
1430
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
1429
1431
|
#
|
1430
1432
|
# @example Request syntax with placeholder values
|
1431
1433
|
#
|
1432
1434
|
# resp = client.list_policy_generations({
|
1435
|
+
# principal_arn: "PrincipalArn",
|
1433
1436
|
# max_results: 1,
|
1434
1437
|
# next_token: "Token",
|
1435
|
-
# principal_arn: "PrincipalArn",
|
1436
1438
|
# })
|
1437
1439
|
#
|
1438
1440
|
# @example Response structure
|
1439
1441
|
#
|
1440
|
-
# resp.next_token #=> String
|
1441
1442
|
# resp.policy_generations #=> Array
|
1442
|
-
# resp.policy_generations[0].completed_on #=> Time
|
1443
1443
|
# resp.policy_generations[0].job_id #=> String
|
1444
1444
|
# resp.policy_generations[0].principal_arn #=> String
|
1445
|
-
# resp.policy_generations[0].started_on #=> Time
|
1446
1445
|
# resp.policy_generations[0].status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
|
1446
|
+
# resp.policy_generations[0].started_on #=> Time
|
1447
|
+
# resp.policy_generations[0].completed_on #=> Time
|
1448
|
+
# resp.next_token #=> String
|
1447
1449
|
#
|
1448
1450
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerations AWS API Documentation
|
1449
1451
|
#
|
@@ -1485,6 +1487,14 @@ module Aws::AccessAnalyzer
|
|
1485
1487
|
|
1486
1488
|
# Starts the policy generation request.
|
1487
1489
|
#
|
1490
|
+
# @option params [required, Types::PolicyGenerationDetails] :policy_generation_details
|
1491
|
+
# Contains the ARN of the IAM entity (user or role) for which you are
|
1492
|
+
# generating a policy.
|
1493
|
+
#
|
1494
|
+
# @option params [Types::CloudTrailDetails] :cloud_trail_details
|
1495
|
+
# A `CloudTrailDetails` object that contains details about a `Trail`
|
1496
|
+
# that you want to analyze to generate policies.
|
1497
|
+
#
|
1488
1498
|
# @option params [String] :client_token
|
1489
1499
|
# A unique, case-sensitive identifier that you provide to ensure the
|
1490
1500
|
# idempotency of the request. Idempotency ensures that an API request
|
@@ -1499,14 +1509,6 @@ module Aws::AccessAnalyzer
|
|
1499
1509
|
# **A suitable default value is auto-generated.** You should normally
|
1500
1510
|
# not need to pass this option.**
|
1501
1511
|
#
|
1502
|
-
# @option params [Types::CloudTrailDetails] :cloud_trail_details
|
1503
|
-
# A `CloudTrailDetails` object that contains details about a `Trail`
|
1504
|
-
# that you want to analyze to generate policies.
|
1505
|
-
#
|
1506
|
-
# @option params [required, Types::PolicyGenerationDetails] :policy_generation_details
|
1507
|
-
# Contains the ARN of the IAM entity (user or role) for which you are
|
1508
|
-
# generating a policy.
|
1509
|
-
#
|
1510
1512
|
# @return [Types::StartPolicyGenerationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1511
1513
|
#
|
1512
1514
|
# * {Types::StartPolicyGenerationResponse#job_id #job_id} => String
|
@@ -1514,22 +1516,22 @@ module Aws::AccessAnalyzer
|
|
1514
1516
|
# @example Request syntax with placeholder values
|
1515
1517
|
#
|
1516
1518
|
# resp = client.start_policy_generation({
|
1517
|
-
#
|
1519
|
+
# policy_generation_details: { # required
|
1520
|
+
# principal_arn: "PrincipalArn", # required
|
1521
|
+
# },
|
1518
1522
|
# cloud_trail_details: {
|
1519
|
-
# access_role: "RoleArn", # required
|
1520
|
-
# end_time: Time.now,
|
1521
|
-
# start_time: Time.now, # required
|
1522
1523
|
# trails: [ # required
|
1523
1524
|
# {
|
1524
|
-
# all_regions: false,
|
1525
1525
|
# cloud_trail_arn: "CloudTrailArn", # required
|
1526
1526
|
# regions: ["String"],
|
1527
|
+
# all_regions: false,
|
1527
1528
|
# },
|
1528
1529
|
# ],
|
1530
|
+
# access_role: "RoleArn", # required
|
1531
|
+
# start_time: Time.now, # required
|
1532
|
+
# end_time: Time.now,
|
1529
1533
|
# },
|
1530
|
-
#
|
1531
|
-
# principal_arn: "PrincipalArn", # required
|
1532
|
-
# },
|
1534
|
+
# client_token: "String",
|
1533
1535
|
# })
|
1534
1536
|
#
|
1535
1537
|
# @example Response structure
|
@@ -1636,18 +1638,18 @@ module Aws::AccessAnalyzer
|
|
1636
1638
|
# @option params [required, String] :analyzer_name
|
1637
1639
|
# The name of the analyzer to update the archive rules for.
|
1638
1640
|
#
|
1639
|
-
# @option params [String] :
|
1640
|
-
#
|
1641
|
-
#
|
1642
|
-
# **A suitable default value is auto-generated.** You should normally
|
1643
|
-
# not need to pass this option.**
|
1641
|
+
# @option params [required, String] :rule_name
|
1642
|
+
# The name of the rule to update.
|
1644
1643
|
#
|
1645
1644
|
# @option params [required, Hash<String,Types::Criterion>] :filter
|
1646
1645
|
# A filter to match for the rules to update. Only rules that match the
|
1647
1646
|
# filter are updated.
|
1648
1647
|
#
|
1649
|
-
# @option params [
|
1650
|
-
#
|
1648
|
+
# @option params [String] :client_token
|
1649
|
+
# A client token.
|
1650
|
+
#
|
1651
|
+
# **A suitable default value is auto-generated.** You should normally
|
1652
|
+
# not need to pass this option.**
|
1651
1653
|
#
|
1652
1654
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1653
1655
|
#
|
@@ -1655,16 +1657,16 @@ module Aws::AccessAnalyzer
|
|
1655
1657
|
#
|
1656
1658
|
# resp = client.update_archive_rule({
|
1657
1659
|
# analyzer_name: "Name", # required
|
1658
|
-
#
|
1660
|
+
# rule_name: "Name", # required
|
1659
1661
|
# filter: { # required
|
1660
1662
|
# "String" => {
|
1661
|
-
# contains: ["String"],
|
1662
1663
|
# eq: ["String"],
|
1663
|
-
# exists: false,
|
1664
1664
|
# neq: ["String"],
|
1665
|
+
# contains: ["String"],
|
1666
|
+
# exists: false,
|
1665
1667
|
# },
|
1666
1668
|
# },
|
1667
|
-
#
|
1669
|
+
# client_token: "String",
|
1668
1670
|
# })
|
1669
1671
|
#
|
1670
1672
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateArchiveRule AWS API Documentation
|
@@ -1685,11 +1687,10 @@ module Aws::AccessAnalyzer
|
|
1685
1687
|
#
|
1686
1688
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1687
1689
|
#
|
1688
|
-
# @option params [String] :
|
1689
|
-
#
|
1690
|
-
#
|
1691
|
-
#
|
1692
|
-
# not need to pass this option.**
|
1690
|
+
# @option params [required, String] :status
|
1691
|
+
# The state represents the action to take to update the finding Status.
|
1692
|
+
# Use `ARCHIVE` to change an Active finding to an Archived finding. Use
|
1693
|
+
# `ACTIVE` to change an Archived finding to an Active finding.
|
1693
1694
|
#
|
1694
1695
|
# @option params [Array<String>] :ids
|
1695
1696
|
# The IDs of the findings to update.
|
@@ -1697,10 +1698,11 @@ module Aws::AccessAnalyzer
|
|
1697
1698
|
# @option params [String] :resource_arn
|
1698
1699
|
# The ARN of the resource identified in the finding.
|
1699
1700
|
#
|
1700
|
-
# @option params [
|
1701
|
-
#
|
1702
|
-
#
|
1703
|
-
#
|
1701
|
+
# @option params [String] :client_token
|
1702
|
+
# A client token.
|
1703
|
+
#
|
1704
|
+
# **A suitable default value is auto-generated.** You should normally
|
1705
|
+
# not need to pass this option.**
|
1704
1706
|
#
|
1705
1707
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1706
1708
|
#
|
@@ -1708,10 +1710,10 @@ module Aws::AccessAnalyzer
|
|
1708
1710
|
#
|
1709
1711
|
# resp = client.update_findings({
|
1710
1712
|
# analyzer_arn: "AnalyzerArn", # required
|
1711
|
-
#
|
1713
|
+
# status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
|
1712
1714
|
# ids: ["FindingId"],
|
1713
1715
|
# resource_arn: "ResourceArn",
|
1714
|
-
#
|
1716
|
+
# client_token: "String",
|
1715
1717
|
# })
|
1716
1718
|
#
|
1717
1719
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateFindings AWS API Documentation
|
@@ -1781,7 +1783,7 @@ module Aws::AccessAnalyzer
|
|
1781
1783
|
# next_token: "Token",
|
1782
1784
|
# policy_document: "PolicyDocument", # required
|
1783
1785
|
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
|
1784
|
-
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
|
1786
|
+
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
|
1785
1787
|
# })
|
1786
1788
|
#
|
1787
1789
|
# @example Response structure
|
@@ -1795,15 +1797,15 @@ module Aws::AccessAnalyzer
|
|
1795
1797
|
# resp.findings[0].locations[0].path #=> Array
|
1796
1798
|
# resp.findings[0].locations[0].path[0].index #=> Integer
|
1797
1799
|
# resp.findings[0].locations[0].path[0].key #=> String
|
1798
|
-
# resp.findings[0].locations[0].path[0].substring.length #=> Integer
|
1799
1800
|
# resp.findings[0].locations[0].path[0].substring.start #=> Integer
|
1801
|
+
# resp.findings[0].locations[0].path[0].substring.length #=> Integer
|
1800
1802
|
# resp.findings[0].locations[0].path[0].value #=> String
|
1801
|
-
# resp.findings[0].locations[0].span.end.column #=> Integer
|
1802
|
-
# resp.findings[0].locations[0].span.end.line #=> Integer
|
1803
|
-
# resp.findings[0].locations[0].span.end.offset #=> Integer
|
1804
|
-
# resp.findings[0].locations[0].span.start.column #=> Integer
|
1805
1803
|
# resp.findings[0].locations[0].span.start.line #=> Integer
|
1804
|
+
# resp.findings[0].locations[0].span.start.column #=> Integer
|
1806
1805
|
# resp.findings[0].locations[0].span.start.offset #=> Integer
|
1806
|
+
# resp.findings[0].locations[0].span.end.line #=> Integer
|
1807
|
+
# resp.findings[0].locations[0].span.end.column #=> Integer
|
1808
|
+
# resp.findings[0].locations[0].span.end.offset #=> Integer
|
1807
1809
|
# resp.next_token #=> String
|
1808
1810
|
#
|
1809
1811
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicy AWS API Documentation
|
@@ -1828,7 +1830,7 @@ module Aws::AccessAnalyzer
|
|
1828
1830
|
params: params,
|
1829
1831
|
config: config)
|
1830
1832
|
context[:gem_name] = 'aws-sdk-accessanalyzer'
|
1831
|
-
context[:gem_version] = '1.
|
1833
|
+
context[:gem_version] = '1.30.0'
|
1832
1834
|
Seahorse::Client::Request.new(handlers, context)
|
1833
1835
|
end
|
1834
1836
|
|