aws-sdk-accessanalyzer 1.29.0 → 1.30.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -357,23 +357,23 @@ module Aws::AccessAnalyzer
357
357
  # @option params [required, String] :analyzer_arn
358
358
  # The Amazon resource name (ARN) of the analyzer.
359
359
  #
360
+ # @option params [required, String] :rule_name
361
+ # The name of the rule to apply.
362
+ #
360
363
  # @option params [String] :client_token
361
364
  # A client token.
362
365
  #
363
366
  # **A suitable default value is auto-generated.** You should normally
364
367
  # not need to pass this option.**
365
368
  #
366
- # @option params [required, String] :rule_name
367
- # The name of the rule to apply.
368
- #
369
369
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
370
370
  #
371
371
  # @example Request syntax with placeholder values
372
372
  #
373
373
  # resp = client.apply_archive_rule({
374
374
  # analyzer_arn: "AnalyzerArn", # required
375
- # client_token: "String",
376
375
  # rule_name: "Name", # required
376
+ # client_token: "String",
377
377
  # })
378
378
  #
379
379
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ApplyArchiveRule AWS API Documentation
@@ -423,12 +423,6 @@ module Aws::AccessAnalyzer
423
423
  #
424
424
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
425
425
  #
426
- # @option params [String] :client_token
427
- # A client token.
428
- #
429
- # **A suitable default value is auto-generated.** You should normally
430
- # not need to pass this option.**
431
- #
432
426
  # @option params [required, Hash<String,Types::Configuration>] :configurations
433
427
  # Access control configuration for your resource that is used to
434
428
  # generate the access preview. The access preview includes findings for
@@ -436,6 +430,12 @@ module Aws::AccessAnalyzer
436
430
  # control configuration. The configuration must contain exactly one
437
431
  # element.
438
432
  #
433
+ # @option params [String] :client_token
434
+ # A client token.
435
+ #
436
+ # **A suitable default value is auto-generated.** You should normally
437
+ # not need to pass this option.**
438
+ #
439
439
  # @return [Types::CreateAccessPreviewResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
440
440
  #
441
441
  # * {Types::CreateAccessPreviewResponse#id #id} => String
@@ -444,15 +444,20 @@ module Aws::AccessAnalyzer
444
444
  #
445
445
  # resp = client.create_access_preview({
446
446
  # analyzer_arn: "AnalyzerArn", # required
447
- # client_token: "String",
448
447
  # configurations: { # required
449
448
  # "ConfigurationsMapKey" => {
450
449
  # iam_role: {
451
450
  # trust_policy: "IamTrustPolicy",
452
451
  # },
453
452
  # kms_key: {
453
+ # key_policies: {
454
+ # "PolicyName" => "KmsKeyPolicy",
455
+ # },
454
456
  # grants: [
455
457
  # {
458
+ # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
459
+ # grantee_principal: "GranteePrincipal", # required
460
+ # retiring_principal: "RetiringPrincipal",
456
461
  # constraints: {
457
462
  # encryption_context_equals: {
458
463
  # "KmsConstraintsKey" => "KmsConstraintsValue",
@@ -461,57 +466,52 @@ module Aws::AccessAnalyzer
461
466
  # "KmsConstraintsKey" => "KmsConstraintsValue",
462
467
  # },
463
468
  # },
464
- # grantee_principal: "GranteePrincipal", # required
465
469
  # issuing_account: "IssuingAccount", # required
466
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
467
- # retiring_principal: "RetiringPrincipal",
468
470
  # },
469
471
  # ],
470
- # key_policies: {
471
- # "PolicyName" => "KmsKeyPolicy",
472
- # },
472
+ # },
473
+ # secrets_manager_secret: {
474
+ # kms_key_id: "SecretsManagerSecretKmsId",
475
+ # secret_policy: "SecretsManagerSecretPolicy",
473
476
  # },
474
477
  # s3_bucket: {
475
- # access_points: {
476
- # "AccessPointArn" => {
477
- # access_point_policy: "AccessPointPolicy",
478
- # network_origin: {
479
- # internet_configuration: {
480
- # },
481
- # vpc_configuration: {
482
- # vpc_id: "VpcId", # required
483
- # },
484
- # },
485
- # public_access_block: {
486
- # ignore_public_acls: false, # required
487
- # restrict_public_buckets: false, # required
488
- # },
489
- # },
490
- # },
478
+ # bucket_policy: "S3BucketPolicy",
491
479
  # bucket_acl_grants: [
492
480
  # {
481
+ # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
493
482
  # grantee: { # required
494
483
  # id: "AclCanonicalId",
495
484
  # uri: "AclUri",
496
485
  # },
497
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
498
486
  # },
499
487
  # ],
500
- # bucket_policy: "S3BucketPolicy",
501
488
  # bucket_public_access_block: {
502
489
  # ignore_public_acls: false, # required
503
490
  # restrict_public_buckets: false, # required
504
491
  # },
505
- # },
506
- # secrets_manager_secret: {
507
- # kms_key_id: "SecretsManagerSecretKmsId",
508
- # secret_policy: "SecretsManagerSecretPolicy",
492
+ # access_points: {
493
+ # "AccessPointArn" => {
494
+ # access_point_policy: "AccessPointPolicy",
495
+ # public_access_block: {
496
+ # ignore_public_acls: false, # required
497
+ # restrict_public_buckets: false, # required
498
+ # },
499
+ # network_origin: {
500
+ # vpc_configuration: {
501
+ # vpc_id: "VpcId", # required
502
+ # },
503
+ # internet_configuration: {
504
+ # },
505
+ # },
506
+ # },
507
+ # },
509
508
  # },
510
509
  # sqs_queue: {
511
510
  # queue_policy: "SqsQueuePolicy",
512
511
  # },
513
512
  # },
514
513
  # },
514
+ # client_token: "String",
515
515
  # })
516
516
  #
517
517
  # @example Response structure
@@ -532,26 +532,26 @@ module Aws::AccessAnalyzer
532
532
  # @option params [required, String] :analyzer_name
533
533
  # The name of the analyzer to create.
534
534
  #
535
+ # @option params [required, String] :type
536
+ # The type of analyzer to create. Only ACCOUNT and ORGANIZATION
537
+ # analyzers are supported. You can create only one analyzer per account
538
+ # per Region. You can create up to 5 analyzers per organization per
539
+ # Region.
540
+ #
535
541
  # @option params [Array<Types::InlineArchiveRule>] :archive_rules
536
542
  # Specifies the archive rules to add for the analyzer. Archive rules
537
543
  # automatically archive findings that meet the criteria you define for
538
544
  # the rule.
539
545
  #
546
+ # @option params [Hash<String,String>] :tags
547
+ # The tags to apply to the analyzer.
548
+ #
540
549
  # @option params [String] :client_token
541
550
  # A client token.
542
551
  #
543
552
  # **A suitable default value is auto-generated.** You should normally
544
553
  # not need to pass this option.**
545
554
  #
546
- # @option params [Hash<String,String>] :tags
547
- # The tags to apply to the analyzer.
548
- #
549
- # @option params [required, String] :type
550
- # The type of analyzer to create. Only ACCOUNT and ORGANIZATION
551
- # analyzers are supported. You can create only one analyzer per account
552
- # per Region. You can create up to 5 analyzers per organization per
553
- # Region.
554
- #
555
555
  # @return [Types::CreateAnalyzerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
556
556
  #
557
557
  # * {Types::CreateAnalyzerResponse#arn #arn} => String
@@ -560,24 +560,24 @@ module Aws::AccessAnalyzer
560
560
  #
561
561
  # resp = client.create_analyzer({
562
562
  # analyzer_name: "Name", # required
563
+ # type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
563
564
  # archive_rules: [
564
565
  # {
566
+ # rule_name: "Name", # required
565
567
  # filter: { # required
566
568
  # "String" => {
567
- # contains: ["String"],
568
569
  # eq: ["String"],
569
- # exists: false,
570
570
  # neq: ["String"],
571
+ # contains: ["String"],
572
+ # exists: false,
571
573
  # },
572
574
  # },
573
- # rule_name: "Name", # required
574
575
  # },
575
576
  # ],
576
- # client_token: "String",
577
577
  # tags: {
578
578
  # "String" => "String",
579
579
  # },
580
- # type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
580
+ # client_token: "String",
581
581
  # })
582
582
  #
583
583
  # @example Response structure
@@ -607,34 +607,34 @@ module Aws::AccessAnalyzer
607
607
  # @option params [required, String] :analyzer_name
608
608
  # The name of the created analyzer.
609
609
  #
610
+ # @option params [required, String] :rule_name
611
+ # The name of the rule to create.
612
+ #
613
+ # @option params [required, Hash<String,Types::Criterion>] :filter
614
+ # The criteria for the rule.
615
+ #
610
616
  # @option params [String] :client_token
611
617
  # A client token.
612
618
  #
613
619
  # **A suitable default value is auto-generated.** You should normally
614
620
  # not need to pass this option.**
615
621
  #
616
- # @option params [required, Hash<String,Types::Criterion>] :filter
617
- # The criteria for the rule.
618
- #
619
- # @option params [required, String] :rule_name
620
- # The name of the rule to create.
621
- #
622
622
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
623
623
  #
624
624
  # @example Request syntax with placeholder values
625
625
  #
626
626
  # resp = client.create_archive_rule({
627
627
  # analyzer_name: "Name", # required
628
- # client_token: "String",
628
+ # rule_name: "Name", # required
629
629
  # filter: { # required
630
630
  # "String" => {
631
- # contains: ["String"],
632
631
  # eq: ["String"],
633
- # exists: false,
634
632
  # neq: ["String"],
633
+ # contains: ["String"],
634
+ # exists: false,
635
635
  # },
636
636
  # },
637
- # rule_name: "Name", # required
637
+ # client_token: "String",
638
638
  # })
639
639
  #
640
640
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateArchiveRule AWS API Documentation
@@ -684,23 +684,23 @@ module Aws::AccessAnalyzer
684
684
  # The name of the analyzer that associated with the archive rule to
685
685
  # delete.
686
686
  #
687
+ # @option params [required, String] :rule_name
688
+ # The name of the rule to delete.
689
+ #
687
690
  # @option params [String] :client_token
688
691
  # A client token.
689
692
  #
690
693
  # **A suitable default value is auto-generated.** You should normally
691
694
  # not need to pass this option.**
692
695
  #
693
- # @option params [required, String] :rule_name
694
- # The name of the rule to delete.
695
- #
696
696
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
697
697
  #
698
698
  # @example Request syntax with placeholder values
699
699
  #
700
700
  # resp = client.delete_archive_rule({
701
701
  # analyzer_name: "Name", # required
702
- # client_token: "String",
703
702
  # rule_name: "Name", # required
703
+ # client_token: "String",
704
704
  # })
705
705
  #
706
706
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/DeleteArchiveRule AWS API Documentation
@@ -738,38 +738,38 @@ module Aws::AccessAnalyzer
738
738
  #
739
739
  # @example Response structure
740
740
  #
741
+ # resp.access_preview.id #=> String
741
742
  # resp.access_preview.analyzer_arn #=> String
742
743
  # resp.access_preview.configurations #=> Hash
743
744
  # resp.access_preview.configurations["ConfigurationsMapKey"].iam_role.trust_policy #=> String
745
+ # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies #=> Hash
746
+ # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies["PolicyName"] #=> String
744
747
  # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants #=> Array
748
+ # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations #=> Array
749
+ # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations[0] #=> String, one of "CreateGrant", "Decrypt", "DescribeKey", "Encrypt", "GenerateDataKey", "GenerateDataKeyPair", "GenerateDataKeyPairWithoutPlaintext", "GenerateDataKeyWithoutPlaintext", "GetPublicKey", "ReEncryptFrom", "ReEncryptTo", "RetireGrant", "Sign", "Verify"
750
+ # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].grantee_principal #=> String
751
+ # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].retiring_principal #=> String
745
752
  # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_equals #=> Hash
746
753
  # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_equals["KmsConstraintsKey"] #=> String
747
754
  # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_subset #=> Hash
748
755
  # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_subset["KmsConstraintsKey"] #=> String
749
- # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].grantee_principal #=> String
750
756
  # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].issuing_account #=> String
751
- # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations #=> Array
752
- # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations[0] #=> String, one of "CreateGrant", "Decrypt", "DescribeKey", "Encrypt", "GenerateDataKey", "GenerateDataKeyPair", "GenerateDataKeyPairWithoutPlaintext", "GenerateDataKeyWithoutPlaintext", "GetPublicKey", "ReEncryptFrom", "ReEncryptTo", "RetireGrant", "Sign", "Verify"
753
- # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].retiring_principal #=> String
754
- # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies #=> Hash
755
- # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies["PolicyName"] #=> String
756
- # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points #=> Hash
757
- # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].access_point_policy #=> String
758
- # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].network_origin.vpc_configuration.vpc_id #=> String
759
- # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.ignore_public_acls #=> Boolean
760
- # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.restrict_public_buckets #=> Boolean
757
+ # resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.kms_key_id #=> String
758
+ # resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.secret_policy #=> String
759
+ # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_policy #=> String
761
760
  # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants #=> Array
761
+ # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].permission #=> String, one of "READ", "WRITE", "READ_ACP", "WRITE_ACP", "FULL_CONTROL"
762
762
  # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].grantee.id #=> String
763
763
  # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].grantee.uri #=> String
764
- # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].permission #=> String, one of "READ", "WRITE", "READ_ACP", "WRITE_ACP", "FULL_CONTROL"
765
- # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_policy #=> String
766
764
  # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_public_access_block.ignore_public_acls #=> Boolean
767
765
  # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_public_access_block.restrict_public_buckets #=> Boolean
768
- # resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.kms_key_id #=> String
769
- # resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.secret_policy #=> String
766
+ # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points #=> Hash
767
+ # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].access_point_policy #=> String
768
+ # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.ignore_public_acls #=> Boolean
769
+ # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.restrict_public_buckets #=> Boolean
770
+ # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].network_origin.vpc_configuration.vpc_id #=> String
770
771
  # resp.access_preview.configurations["ConfigurationsMapKey"].sqs_queue.queue_policy #=> String
771
772
  # resp.access_preview.created_at #=> Time
772
- # resp.access_preview.id #=> String
773
773
  # resp.access_preview.status #=> String, one of "COMPLETED", "CREATING", "FAILED"
774
774
  # resp.access_preview.status_reason.code #=> String, one of "INTERNAL_ERROR", "INVALID_CONFIGURATION"
775
775
  #
@@ -807,19 +807,19 @@ module Aws::AccessAnalyzer
807
807
  #
808
808
  # @example Response structure
809
809
  #
810
- # resp.resource.actions #=> Array
811
- # resp.resource.actions[0] #=> String
812
- # resp.resource.analyzed_at #=> Time
813
- # resp.resource.created_at #=> Time
814
- # resp.resource.error #=> String
815
- # resp.resource.is_public #=> Boolean
816
810
  # resp.resource.resource_arn #=> String
817
- # resp.resource.resource_owner_account #=> String
818
811
  # resp.resource.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
812
+ # resp.resource.created_at #=> Time
813
+ # resp.resource.analyzed_at #=> Time
814
+ # resp.resource.updated_at #=> Time
815
+ # resp.resource.is_public #=> Boolean
816
+ # resp.resource.actions #=> Array
817
+ # resp.resource.actions[0] #=> String
819
818
  # resp.resource.shared_via #=> Array
820
819
  # resp.resource.shared_via[0] #=> String
821
820
  # resp.resource.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
822
- # resp.resource.updated_at #=> Time
821
+ # resp.resource.resource_owner_account #=> String
822
+ # resp.resource.error #=> String
823
823
  #
824
824
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzedResource AWS API Documentation
825
825
  #
@@ -848,15 +848,15 @@ module Aws::AccessAnalyzer
848
848
  # @example Response structure
849
849
  #
850
850
  # resp.analyzer.arn #=> String
851
+ # resp.analyzer.name #=> String
852
+ # resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION"
851
853
  # resp.analyzer.created_at #=> Time
852
854
  # resp.analyzer.last_resource_analyzed #=> String
853
855
  # resp.analyzer.last_resource_analyzed_at #=> Time
854
- # resp.analyzer.name #=> String
855
- # resp.analyzer.status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
856
- # resp.analyzer.status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
857
856
  # resp.analyzer.tags #=> Hash
858
857
  # resp.analyzer.tags["String"] #=> String
859
- # resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION"
858
+ # resp.analyzer.status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
859
+ # resp.analyzer.status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
860
860
  #
861
861
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzer AWS API Documentation
862
862
  #
@@ -895,16 +895,16 @@ module Aws::AccessAnalyzer
895
895
  #
896
896
  # @example Response structure
897
897
  #
898
- # resp.archive_rule.created_at #=> Time
898
+ # resp.archive_rule.rule_name #=> String
899
899
  # resp.archive_rule.filter #=> Hash
900
- # resp.archive_rule.filter["String"].contains #=> Array
901
- # resp.archive_rule.filter["String"].contains[0] #=> String
902
900
  # resp.archive_rule.filter["String"].eq #=> Array
903
901
  # resp.archive_rule.filter["String"].eq[0] #=> String
904
- # resp.archive_rule.filter["String"].exists #=> Boolean
905
902
  # resp.archive_rule.filter["String"].neq #=> Array
906
903
  # resp.archive_rule.filter["String"].neq[0] #=> String
907
- # resp.archive_rule.rule_name #=> String
904
+ # resp.archive_rule.filter["String"].contains #=> Array
905
+ # resp.archive_rule.filter["String"].contains[0] #=> String
906
+ # resp.archive_rule.filter["String"].exists #=> Boolean
907
+ # resp.archive_rule.created_at #=> Time
908
908
  # resp.archive_rule.updated_at #=> Time
909
909
  #
910
910
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetArchiveRule AWS API Documentation
@@ -941,25 +941,25 @@ module Aws::AccessAnalyzer
941
941
  #
942
942
  # @example Response structure
943
943
  #
944
+ # resp.finding.id #=> String
945
+ # resp.finding.principal #=> Hash
946
+ # resp.finding.principal["String"] #=> String
944
947
  # resp.finding.action #=> Array
945
948
  # resp.finding.action[0] #=> String
946
- # resp.finding.analyzed_at #=> Time
949
+ # resp.finding.resource #=> String
950
+ # resp.finding.is_public #=> Boolean
951
+ # resp.finding.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
947
952
  # resp.finding.condition #=> Hash
948
953
  # resp.finding.condition["String"] #=> String
949
954
  # resp.finding.created_at #=> Time
950
- # resp.finding.error #=> String
951
- # resp.finding.id #=> String
952
- # resp.finding.is_public #=> Boolean
953
- # resp.finding.principal #=> Hash
954
- # resp.finding.principal["String"] #=> String
955
- # resp.finding.resource #=> String
955
+ # resp.finding.analyzed_at #=> Time
956
+ # resp.finding.updated_at #=> Time
957
+ # resp.finding.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
956
958
  # resp.finding.resource_owner_account #=> String
957
- # resp.finding.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
959
+ # resp.finding.error #=> String
958
960
  # resp.finding.sources #=> Array
959
- # resp.finding.sources[0].detail.access_point_arn #=> String
960
961
  # resp.finding.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
961
- # resp.finding.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
962
- # resp.finding.updated_at #=> Time
962
+ # resp.finding.sources[0].detail.access_point_arn #=> String
963
963
  #
964
964
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFinding AWS API Documentation
965
965
  #
@@ -972,6 +972,12 @@ module Aws::AccessAnalyzer
972
972
 
973
973
  # Retrieves the policy that was generated using `StartPolicyGeneration`.
974
974
  #
975
+ # @option params [required, String] :job_id
976
+ # The `JobId` that is returned by the `StartPolicyGeneration` operation.
977
+ # The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
978
+ # generated policies or used with `CancelPolicyGeneration` to cancel the
979
+ # policy generation request.
980
+ #
975
981
  # @option params [Boolean] :include_resource_placeholders
976
982
  # The level of detail that you want to generate. You can specify whether
977
983
  # to generate policies with placeholders for resource ARNs for actions
@@ -989,44 +995,38 @@ module Aws::AccessAnalyzer
989
995
  # services that have been used recently to create this service-level
990
996
  # template.
991
997
  #
992
- # @option params [required, String] :job_id
993
- # The `JobId` that is returned by the `StartPolicyGeneration` operation.
994
- # The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
995
- # generated policies or used with `CancelPolicyGeneration` to cancel the
996
- # policy generation request.
997
- #
998
998
  # @return [Types::GetGeneratedPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
999
999
  #
1000
- # * {Types::GetGeneratedPolicyResponse#generated_policy_result #generated_policy_result} => Types::GeneratedPolicyResult
1001
1000
  # * {Types::GetGeneratedPolicyResponse#job_details #job_details} => Types::JobDetails
1001
+ # * {Types::GetGeneratedPolicyResponse#generated_policy_result #generated_policy_result} => Types::GeneratedPolicyResult
1002
1002
  #
1003
1003
  # @example Request syntax with placeholder values
1004
1004
  #
1005
1005
  # resp = client.get_generated_policy({
1006
+ # job_id: "JobId", # required
1006
1007
  # include_resource_placeholders: false,
1007
1008
  # include_service_level_template: false,
1008
- # job_id: "JobId", # required
1009
1009
  # })
1010
1010
  #
1011
1011
  # @example Response structure
1012
1012
  #
1013
- # resp.generated_policy_result.generated_policies #=> Array
1014
- # resp.generated_policy_result.generated_policies[0].policy #=> String
1015
- # resp.generated_policy_result.properties.cloud_trail_properties.end_time #=> Time
1016
- # resp.generated_policy_result.properties.cloud_trail_properties.start_time #=> Time
1013
+ # resp.job_details.job_id #=> String
1014
+ # resp.job_details.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
1015
+ # resp.job_details.started_on #=> Time
1016
+ # resp.job_details.completed_on #=> Time
1017
+ # resp.job_details.job_error.code #=> String, one of "AUTHORIZATION_ERROR", "RESOURCE_NOT_FOUND_ERROR", "SERVICE_QUOTA_EXCEEDED_ERROR", "SERVICE_ERROR"
1018
+ # resp.job_details.job_error.message #=> String
1019
+ # resp.generated_policy_result.properties.is_complete #=> Boolean
1020
+ # resp.generated_policy_result.properties.principal_arn #=> String
1017
1021
  # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties #=> Array
1018
- # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].all_regions #=> Boolean
1019
1022
  # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].cloud_trail_arn #=> String
1020
1023
  # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions #=> Array
1021
1024
  # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions[0] #=> String
1022
- # resp.generated_policy_result.properties.is_complete #=> Boolean
1023
- # resp.generated_policy_result.properties.principal_arn #=> String
1024
- # resp.job_details.completed_on #=> Time
1025
- # resp.job_details.job_error.code #=> String, one of "AUTHORIZATION_ERROR", "RESOURCE_NOT_FOUND_ERROR", "SERVICE_QUOTA_EXCEEDED_ERROR", "SERVICE_ERROR"
1026
- # resp.job_details.job_error.message #=> String
1027
- # resp.job_details.job_id #=> String
1028
- # resp.job_details.started_on #=> Time
1029
- # resp.job_details.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
1025
+ # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].all_regions #=> Boolean
1026
+ # resp.generated_policy_result.properties.cloud_trail_properties.start_time #=> Time
1027
+ # resp.generated_policy_result.properties.cloud_trail_properties.end_time #=> Time
1028
+ # resp.generated_policy_result.generated_policies #=> Array
1029
+ # resp.generated_policy_result.generated_policies[0].policy #=> String
1030
1030
  #
1031
1031
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicy AWS API Documentation
1032
1032
  #
@@ -1053,12 +1053,12 @@ module Aws::AccessAnalyzer
1053
1053
  # @option params [Hash<String,Types::Criterion>] :filter
1054
1054
  # Criteria to filter the returned findings.
1055
1055
  #
1056
- # @option params [Integer] :max_results
1057
- # The maximum number of results to return in the response.
1058
- #
1059
1056
  # @option params [String] :next_token
1060
1057
  # A token used for pagination of results returned.
1061
1058
  #
1059
+ # @option params [Integer] :max_results
1060
+ # The maximum number of results to return in the response.
1061
+ #
1062
1062
  # @return [Types::ListAccessPreviewFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1063
1063
  #
1064
1064
  # * {Types::ListAccessPreviewFindingsResponse#findings #findings} => Array&lt;Types::AccessPreviewFinding&gt;
@@ -1073,39 +1073,39 @@ module Aws::AccessAnalyzer
1073
1073
  # analyzer_arn: "AnalyzerArn", # required
1074
1074
  # filter: {
1075
1075
  # "String" => {
1076
- # contains: ["String"],
1077
1076
  # eq: ["String"],
1078
- # exists: false,
1079
1077
  # neq: ["String"],
1078
+ # contains: ["String"],
1079
+ # exists: false,
1080
1080
  # },
1081
1081
  # },
1082
- # max_results: 1,
1083
1082
  # next_token: "Token",
1083
+ # max_results: 1,
1084
1084
  # })
1085
1085
  #
1086
1086
  # @example Response structure
1087
1087
  #
1088
1088
  # resp.findings #=> Array
1089
- # resp.findings[0].action #=> Array
1090
- # resp.findings[0].action[0] #=> String
1091
- # resp.findings[0].change_type #=> String, one of "CHANGED", "NEW", "UNCHANGED"
1092
- # resp.findings[0].condition #=> Hash
1093
- # resp.findings[0].condition["String"] #=> String
1094
- # resp.findings[0].created_at #=> Time
1095
- # resp.findings[0].error #=> String
1089
+ # resp.findings[0].id #=> String
1096
1090
  # resp.findings[0].existing_finding_id #=> String
1097
1091
  # resp.findings[0].existing_finding_status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
1098
- # resp.findings[0].id #=> String
1099
- # resp.findings[0].is_public #=> Boolean
1100
1092
  # resp.findings[0].principal #=> Hash
1101
1093
  # resp.findings[0].principal["String"] #=> String
1094
+ # resp.findings[0].action #=> Array
1095
+ # resp.findings[0].action[0] #=> String
1096
+ # resp.findings[0].condition #=> Hash
1097
+ # resp.findings[0].condition["String"] #=> String
1102
1098
  # resp.findings[0].resource #=> String
1103
- # resp.findings[0].resource_owner_account #=> String
1099
+ # resp.findings[0].is_public #=> Boolean
1104
1100
  # resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
1101
+ # resp.findings[0].created_at #=> Time
1102
+ # resp.findings[0].change_type #=> String, one of "CHANGED", "NEW", "UNCHANGED"
1103
+ # resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
1104
+ # resp.findings[0].resource_owner_account #=> String
1105
+ # resp.findings[0].error #=> String
1105
1106
  # resp.findings[0].sources #=> Array
1106
- # resp.findings[0].sources[0].detail.access_point_arn #=> String
1107
1107
  # resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
1108
- # resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
1108
+ # resp.findings[0].sources[0].detail.access_point_arn #=> String
1109
1109
  # resp.next_token #=> String
1110
1110
  #
1111
1111
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindings AWS API Documentation
@@ -1126,12 +1126,12 @@ module Aws::AccessAnalyzer
1126
1126
  #
1127
1127
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
1128
1128
  #
1129
- # @option params [Integer] :max_results
1130
- # The maximum number of results to return in the response.
1131
- #
1132
1129
  # @option params [String] :next_token
1133
1130
  # A token used for pagination of results returned.
1134
1131
  #
1132
+ # @option params [Integer] :max_results
1133
+ # The maximum number of results to return in the response.
1134
+ #
1135
1135
  # @return [Types::ListAccessPreviewsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1136
1136
  #
1137
1137
  # * {Types::ListAccessPreviewsResponse#access_previews #access_previews} => Array&lt;Types::AccessPreviewSummary&gt;
@@ -1143,16 +1143,16 @@ module Aws::AccessAnalyzer
1143
1143
  #
1144
1144
  # resp = client.list_access_previews({
1145
1145
  # analyzer_arn: "AnalyzerArn", # required
1146
- # max_results: 1,
1147
1146
  # next_token: "Token",
1147
+ # max_results: 1,
1148
1148
  # })
1149
1149
  #
1150
1150
  # @example Response structure
1151
1151
  #
1152
1152
  # resp.access_previews #=> Array
1153
+ # resp.access_previews[0].id #=> String
1153
1154
  # resp.access_previews[0].analyzer_arn #=> String
1154
1155
  # resp.access_previews[0].created_at #=> Time
1155
- # resp.access_previews[0].id #=> String
1156
1156
  # resp.access_previews[0].status #=> String, one of "COMPLETED", "CREATING", "FAILED"
1157
1157
  # resp.access_previews[0].status_reason.code #=> String, one of "INTERNAL_ERROR", "INVALID_CONFIGURATION"
1158
1158
  # resp.next_token #=> String
@@ -1177,14 +1177,14 @@ module Aws::AccessAnalyzer
1177
1177
  #
1178
1178
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
1179
1179
  #
1180
- # @option params [Integer] :max_results
1181
- # The maximum number of results to return in the response.
1180
+ # @option params [String] :resource_type
1181
+ # The type of resource.
1182
1182
  #
1183
1183
  # @option params [String] :next_token
1184
1184
  # A token used for pagination of results returned.
1185
1185
  #
1186
- # @option params [String] :resource_type
1187
- # The type of resource.
1186
+ # @option params [Integer] :max_results
1187
+ # The maximum number of results to return in the response.
1188
1188
  #
1189
1189
  # @return [Types::ListAnalyzedResourcesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1190
1190
  #
@@ -1197,9 +1197,9 @@ module Aws::AccessAnalyzer
1197
1197
  #
1198
1198
  # resp = client.list_analyzed_resources({
1199
1199
  # analyzer_arn: "AnalyzerArn", # required
1200
- # max_results: 1,
1201
- # next_token: "Token",
1202
1200
  # resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
1201
+ # next_token: "Token",
1202
+ # max_results: 1,
1203
1203
  # })
1204
1204
  #
1205
1205
  # @example Response structure
@@ -1221,12 +1221,12 @@ module Aws::AccessAnalyzer
1221
1221
 
1222
1222
  # Retrieves a list of analyzers.
1223
1223
  #
1224
- # @option params [Integer] :max_results
1225
- # The maximum number of results to return in the response.
1226
- #
1227
1224
  # @option params [String] :next_token
1228
1225
  # A token used for pagination of results returned.
1229
1226
  #
1227
+ # @option params [Integer] :max_results
1228
+ # The maximum number of results to return in the response.
1229
+ #
1230
1230
  # @option params [String] :type
1231
1231
  # The type of analyzer.
1232
1232
  #
@@ -1240,8 +1240,8 @@ module Aws::AccessAnalyzer
1240
1240
  # @example Request syntax with placeholder values
1241
1241
  #
1242
1242
  # resp = client.list_analyzers({
1243
- # max_results: 1,
1244
1243
  # next_token: "Token",
1244
+ # max_results: 1,
1245
1245
  # type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
1246
1246
  # })
1247
1247
  #
@@ -1249,15 +1249,15 @@ module Aws::AccessAnalyzer
1249
1249
  #
1250
1250
  # resp.analyzers #=> Array
1251
1251
  # resp.analyzers[0].arn #=> String
1252
+ # resp.analyzers[0].name #=> String
1253
+ # resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION"
1252
1254
  # resp.analyzers[0].created_at #=> Time
1253
1255
  # resp.analyzers[0].last_resource_analyzed #=> String
1254
1256
  # resp.analyzers[0].last_resource_analyzed_at #=> Time
1255
- # resp.analyzers[0].name #=> String
1256
- # resp.analyzers[0].status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
1257
- # resp.analyzers[0].status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
1258
1257
  # resp.analyzers[0].tags #=> Hash
1259
1258
  # resp.analyzers[0].tags["String"] #=> String
1260
- # resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION"
1259
+ # resp.analyzers[0].status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
1260
+ # resp.analyzers[0].status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
1261
1261
  # resp.next_token #=> String
1262
1262
  #
1263
1263
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers AWS API Documentation
@@ -1274,12 +1274,12 @@ module Aws::AccessAnalyzer
1274
1274
  # @option params [required, String] :analyzer_name
1275
1275
  # The name of the analyzer to retrieve rules from.
1276
1276
  #
1277
- # @option params [Integer] :max_results
1278
- # The maximum number of results to return in the request.
1279
- #
1280
1277
  # @option params [String] :next_token
1281
1278
  # A token used for pagination of results returned.
1282
1279
  #
1280
+ # @option params [Integer] :max_results
1281
+ # The maximum number of results to return in the request.
1282
+ #
1283
1283
  # @return [Types::ListArchiveRulesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1284
1284
  #
1285
1285
  # * {Types::ListArchiveRulesResponse#archive_rules #archive_rules} => Array&lt;Types::ArchiveRuleSummary&gt;
@@ -1291,23 +1291,23 @@ module Aws::AccessAnalyzer
1291
1291
  #
1292
1292
  # resp = client.list_archive_rules({
1293
1293
  # analyzer_name: "Name", # required
1294
- # max_results: 1,
1295
1294
  # next_token: "Token",
1295
+ # max_results: 1,
1296
1296
  # })
1297
1297
  #
1298
1298
  # @example Response structure
1299
1299
  #
1300
1300
  # resp.archive_rules #=> Array
1301
- # resp.archive_rules[0].created_at #=> Time
1301
+ # resp.archive_rules[0].rule_name #=> String
1302
1302
  # resp.archive_rules[0].filter #=> Hash
1303
- # resp.archive_rules[0].filter["String"].contains #=> Array
1304
- # resp.archive_rules[0].filter["String"].contains[0] #=> String
1305
1303
  # resp.archive_rules[0].filter["String"].eq #=> Array
1306
1304
  # resp.archive_rules[0].filter["String"].eq[0] #=> String
1307
- # resp.archive_rules[0].filter["String"].exists #=> Boolean
1308
1305
  # resp.archive_rules[0].filter["String"].neq #=> Array
1309
1306
  # resp.archive_rules[0].filter["String"].neq[0] #=> String
1310
- # resp.archive_rules[0].rule_name #=> String
1307
+ # resp.archive_rules[0].filter["String"].contains #=> Array
1308
+ # resp.archive_rules[0].filter["String"].contains[0] #=> String
1309
+ # resp.archive_rules[0].filter["String"].exists #=> Boolean
1310
+ # resp.archive_rules[0].created_at #=> Time
1311
1311
  # resp.archive_rules[0].updated_at #=> Time
1312
1312
  # resp.next_token #=> String
1313
1313
  #
@@ -1340,14 +1340,14 @@ module Aws::AccessAnalyzer
1340
1340
  # @option params [Hash<String,Types::Criterion>] :filter
1341
1341
  # A filter to match for the findings to return.
1342
1342
  #
1343
- # @option params [Integer] :max_results
1344
- # The maximum number of results to return in the response.
1343
+ # @option params [Types::SortCriteria] :sort
1344
+ # The sort order for the findings returned.
1345
1345
  #
1346
1346
  # @option params [String] :next_token
1347
1347
  # A token used for pagination of results returned.
1348
1348
  #
1349
- # @option params [Types::SortCriteria] :sort
1350
- # The sort order for the findings returned.
1349
+ # @option params [Integer] :max_results
1350
+ # The maximum number of results to return in the response.
1351
1351
  #
1352
1352
  # @return [Types::ListFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1353
1353
  #
@@ -1362,42 +1362,42 @@ module Aws::AccessAnalyzer
1362
1362
  # analyzer_arn: "AnalyzerArn", # required
1363
1363
  # filter: {
1364
1364
  # "String" => {
1365
- # contains: ["String"],
1366
1365
  # eq: ["String"],
1367
- # exists: false,
1368
1366
  # neq: ["String"],
1367
+ # contains: ["String"],
1368
+ # exists: false,
1369
1369
  # },
1370
1370
  # },
1371
- # max_results: 1,
1372
- # next_token: "Token",
1373
1371
  # sort: {
1374
1372
  # attribute_name: "String",
1375
1373
  # order_by: "ASC", # accepts ASC, DESC
1376
1374
  # },
1375
+ # next_token: "Token",
1376
+ # max_results: 1,
1377
1377
  # })
1378
1378
  #
1379
1379
  # @example Response structure
1380
1380
  #
1381
1381
  # resp.findings #=> Array
1382
+ # resp.findings[0].id #=> String
1383
+ # resp.findings[0].principal #=> Hash
1384
+ # resp.findings[0].principal["String"] #=> String
1382
1385
  # resp.findings[0].action #=> Array
1383
1386
  # resp.findings[0].action[0] #=> String
1384
- # resp.findings[0].analyzed_at #=> Time
1387
+ # resp.findings[0].resource #=> String
1388
+ # resp.findings[0].is_public #=> Boolean
1389
+ # resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
1385
1390
  # resp.findings[0].condition #=> Hash
1386
1391
  # resp.findings[0].condition["String"] #=> String
1387
1392
  # resp.findings[0].created_at #=> Time
1388
- # resp.findings[0].error #=> String
1389
- # resp.findings[0].id #=> String
1390
- # resp.findings[0].is_public #=> Boolean
1391
- # resp.findings[0].principal #=> Hash
1392
- # resp.findings[0].principal["String"] #=> String
1393
- # resp.findings[0].resource #=> String
1393
+ # resp.findings[0].analyzed_at #=> Time
1394
+ # resp.findings[0].updated_at #=> Time
1395
+ # resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
1394
1396
  # resp.findings[0].resource_owner_account #=> String
1395
- # resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
1397
+ # resp.findings[0].error #=> String
1396
1398
  # resp.findings[0].sources #=> Array
1397
- # resp.findings[0].sources[0].detail.access_point_arn #=> String
1398
1399
  # resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
1399
- # resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
1400
- # resp.findings[0].updated_at #=> Time
1400
+ # resp.findings[0].sources[0].detail.access_point_arn #=> String
1401
1401
  # resp.next_token #=> String
1402
1402
  #
1403
1403
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindings AWS API Documentation
@@ -1411,41 +1411,41 @@ module Aws::AccessAnalyzer
1411
1411
 
1412
1412
  # Lists all of the policy generations requested in the last seven days.
1413
1413
  #
1414
+ # @option params [String] :principal_arn
1415
+ # The ARN of the IAM entity (user or role) for which you are generating
1416
+ # a policy. Use this with `ListGeneratedPolicies` to filter the results
1417
+ # to only include results for a specific principal.
1418
+ #
1414
1419
  # @option params [Integer] :max_results
1415
1420
  # The maximum number of results to return in the response.
1416
1421
  #
1417
1422
  # @option params [String] :next_token
1418
1423
  # A token used for pagination of results returned.
1419
1424
  #
1420
- # @option params [String] :principal_arn
1421
- # The ARN of the IAM entity (user or role) for which you are generating
1422
- # a policy. Use this with `ListGeneratedPolicies` to filter the results
1423
- # to only include results for a specific principal.
1424
- #
1425
1425
  # @return [Types::ListPolicyGenerationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1426
1426
  #
1427
- # * {Types::ListPolicyGenerationsResponse#next_token #next_token} => String
1428
1427
  # * {Types::ListPolicyGenerationsResponse#policy_generations #policy_generations} => Array&lt;Types::PolicyGeneration&gt;
1428
+ # * {Types::ListPolicyGenerationsResponse#next_token #next_token} => String
1429
1429
  #
1430
1430
  # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1431
1431
  #
1432
1432
  # @example Request syntax with placeholder values
1433
1433
  #
1434
1434
  # resp = client.list_policy_generations({
1435
+ # principal_arn: "PrincipalArn",
1435
1436
  # max_results: 1,
1436
1437
  # next_token: "Token",
1437
- # principal_arn: "PrincipalArn",
1438
1438
  # })
1439
1439
  #
1440
1440
  # @example Response structure
1441
1441
  #
1442
- # resp.next_token #=> String
1443
1442
  # resp.policy_generations #=> Array
1444
- # resp.policy_generations[0].completed_on #=> Time
1445
1443
  # resp.policy_generations[0].job_id #=> String
1446
1444
  # resp.policy_generations[0].principal_arn #=> String
1447
- # resp.policy_generations[0].started_on #=> Time
1448
1445
  # resp.policy_generations[0].status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
1446
+ # resp.policy_generations[0].started_on #=> Time
1447
+ # resp.policy_generations[0].completed_on #=> Time
1448
+ # resp.next_token #=> String
1449
1449
  #
1450
1450
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerations AWS API Documentation
1451
1451
  #
@@ -1487,6 +1487,14 @@ module Aws::AccessAnalyzer
1487
1487
 
1488
1488
  # Starts the policy generation request.
1489
1489
  #
1490
+ # @option params [required, Types::PolicyGenerationDetails] :policy_generation_details
1491
+ # Contains the ARN of the IAM entity (user or role) for which you are
1492
+ # generating a policy.
1493
+ #
1494
+ # @option params [Types::CloudTrailDetails] :cloud_trail_details
1495
+ # A `CloudTrailDetails` object that contains details about a `Trail`
1496
+ # that you want to analyze to generate policies.
1497
+ #
1490
1498
  # @option params [String] :client_token
1491
1499
  # A unique, case-sensitive identifier that you provide to ensure the
1492
1500
  # idempotency of the request. Idempotency ensures that an API request
@@ -1501,14 +1509,6 @@ module Aws::AccessAnalyzer
1501
1509
  # **A suitable default value is auto-generated.** You should normally
1502
1510
  # not need to pass this option.**
1503
1511
  #
1504
- # @option params [Types::CloudTrailDetails] :cloud_trail_details
1505
- # A `CloudTrailDetails` object that contains details about a `Trail`
1506
- # that you want to analyze to generate policies.
1507
- #
1508
- # @option params [required, Types::PolicyGenerationDetails] :policy_generation_details
1509
- # Contains the ARN of the IAM entity (user or role) for which you are
1510
- # generating a policy.
1511
- #
1512
1512
  # @return [Types::StartPolicyGenerationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1513
1513
  #
1514
1514
  # * {Types::StartPolicyGenerationResponse#job_id #job_id} => String
@@ -1516,22 +1516,22 @@ module Aws::AccessAnalyzer
1516
1516
  # @example Request syntax with placeholder values
1517
1517
  #
1518
1518
  # resp = client.start_policy_generation({
1519
- # client_token: "String",
1519
+ # policy_generation_details: { # required
1520
+ # principal_arn: "PrincipalArn", # required
1521
+ # },
1520
1522
  # cloud_trail_details: {
1521
- # access_role: "RoleArn", # required
1522
- # end_time: Time.now,
1523
- # start_time: Time.now, # required
1524
1523
  # trails: [ # required
1525
1524
  # {
1526
- # all_regions: false,
1527
1525
  # cloud_trail_arn: "CloudTrailArn", # required
1528
1526
  # regions: ["String"],
1527
+ # all_regions: false,
1529
1528
  # },
1530
1529
  # ],
1530
+ # access_role: "RoleArn", # required
1531
+ # start_time: Time.now, # required
1532
+ # end_time: Time.now,
1531
1533
  # },
1532
- # policy_generation_details: { # required
1533
- # principal_arn: "PrincipalArn", # required
1534
- # },
1534
+ # client_token: "String",
1535
1535
  # })
1536
1536
  #
1537
1537
  # @example Response structure
@@ -1638,18 +1638,18 @@ module Aws::AccessAnalyzer
1638
1638
  # @option params [required, String] :analyzer_name
1639
1639
  # The name of the analyzer to update the archive rules for.
1640
1640
  #
1641
- # @option params [String] :client_token
1642
- # A client token.
1643
- #
1644
- # **A suitable default value is auto-generated.** You should normally
1645
- # not need to pass this option.**
1641
+ # @option params [required, String] :rule_name
1642
+ # The name of the rule to update.
1646
1643
  #
1647
1644
  # @option params [required, Hash<String,Types::Criterion>] :filter
1648
1645
  # A filter to match for the rules to update. Only rules that match the
1649
1646
  # filter are updated.
1650
1647
  #
1651
- # @option params [required, String] :rule_name
1652
- # The name of the rule to update.
1648
+ # @option params [String] :client_token
1649
+ # A client token.
1650
+ #
1651
+ # **A suitable default value is auto-generated.** You should normally
1652
+ # not need to pass this option.**
1653
1653
  #
1654
1654
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1655
1655
  #
@@ -1657,16 +1657,16 @@ module Aws::AccessAnalyzer
1657
1657
  #
1658
1658
  # resp = client.update_archive_rule({
1659
1659
  # analyzer_name: "Name", # required
1660
- # client_token: "String",
1660
+ # rule_name: "Name", # required
1661
1661
  # filter: { # required
1662
1662
  # "String" => {
1663
- # contains: ["String"],
1664
1663
  # eq: ["String"],
1665
- # exists: false,
1666
1664
  # neq: ["String"],
1665
+ # contains: ["String"],
1666
+ # exists: false,
1667
1667
  # },
1668
1668
  # },
1669
- # rule_name: "Name", # required
1669
+ # client_token: "String",
1670
1670
  # })
1671
1671
  #
1672
1672
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateArchiveRule AWS API Documentation
@@ -1687,11 +1687,10 @@ module Aws::AccessAnalyzer
1687
1687
  #
1688
1688
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
1689
1689
  #
1690
- # @option params [String] :client_token
1691
- # A client token.
1692
- #
1693
- # **A suitable default value is auto-generated.** You should normally
1694
- # not need to pass this option.**
1690
+ # @option params [required, String] :status
1691
+ # The state represents the action to take to update the finding Status.
1692
+ # Use `ARCHIVE` to change an Active finding to an Archived finding. Use
1693
+ # `ACTIVE` to change an Archived finding to an Active finding.
1695
1694
  #
1696
1695
  # @option params [Array<String>] :ids
1697
1696
  # The IDs of the findings to update.
@@ -1699,10 +1698,11 @@ module Aws::AccessAnalyzer
1699
1698
  # @option params [String] :resource_arn
1700
1699
  # The ARN of the resource identified in the finding.
1701
1700
  #
1702
- # @option params [required, String] :status
1703
- # The state represents the action to take to update the finding Status.
1704
- # Use `ARCHIVE` to change an Active finding to an Archived finding. Use
1705
- # `ACTIVE` to change an Archived finding to an Active finding.
1701
+ # @option params [String] :client_token
1702
+ # A client token.
1703
+ #
1704
+ # **A suitable default value is auto-generated.** You should normally
1705
+ # not need to pass this option.**
1706
1706
  #
1707
1707
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1708
1708
  #
@@ -1710,10 +1710,10 @@ module Aws::AccessAnalyzer
1710
1710
  #
1711
1711
  # resp = client.update_findings({
1712
1712
  # analyzer_arn: "AnalyzerArn", # required
1713
- # client_token: "String",
1713
+ # status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
1714
1714
  # ids: ["FindingId"],
1715
1715
  # resource_arn: "ResourceArn",
1716
- # status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
1716
+ # client_token: "String",
1717
1717
  # })
1718
1718
  #
1719
1719
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateFindings AWS API Documentation
@@ -1783,7 +1783,7 @@ module Aws::AccessAnalyzer
1783
1783
  # next_token: "Token",
1784
1784
  # policy_document: "PolicyDocument", # required
1785
1785
  # policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
1786
- # validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
1786
+ # validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
1787
1787
  # })
1788
1788
  #
1789
1789
  # @example Response structure
@@ -1797,15 +1797,15 @@ module Aws::AccessAnalyzer
1797
1797
  # resp.findings[0].locations[0].path #=> Array
1798
1798
  # resp.findings[0].locations[0].path[0].index #=> Integer
1799
1799
  # resp.findings[0].locations[0].path[0].key #=> String
1800
- # resp.findings[0].locations[0].path[0].substring.length #=> Integer
1801
1800
  # resp.findings[0].locations[0].path[0].substring.start #=> Integer
1801
+ # resp.findings[0].locations[0].path[0].substring.length #=> Integer
1802
1802
  # resp.findings[0].locations[0].path[0].value #=> String
1803
- # resp.findings[0].locations[0].span.end.column #=> Integer
1804
- # resp.findings[0].locations[0].span.end.line #=> Integer
1805
- # resp.findings[0].locations[0].span.end.offset #=> Integer
1806
- # resp.findings[0].locations[0].span.start.column #=> Integer
1807
1803
  # resp.findings[0].locations[0].span.start.line #=> Integer
1804
+ # resp.findings[0].locations[0].span.start.column #=> Integer
1808
1805
  # resp.findings[0].locations[0].span.start.offset #=> Integer
1806
+ # resp.findings[0].locations[0].span.end.line #=> Integer
1807
+ # resp.findings[0].locations[0].span.end.column #=> Integer
1808
+ # resp.findings[0].locations[0].span.end.offset #=> Integer
1809
1809
  # resp.next_token #=> String
1810
1810
  #
1811
1811
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicy AWS API Documentation
@@ -1830,7 +1830,7 @@ module Aws::AccessAnalyzer
1830
1830
  params: params,
1831
1831
  config: config)
1832
1832
  context[:gem_name] = 'aws-sdk-accessanalyzer'
1833
- context[:gem_version] = '1.29.0'
1833
+ context[:gem_version] = '1.30.0'
1834
1834
  Seahorse::Client::Request.new(handlers, context)
1835
1835
  end
1836
1836