aws-sdk-accessanalyzer 1.29.0 → 1.30.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +252 -252
- data/lib/aws-sdk-accessanalyzer/client_api.rb +100 -100
- data/lib/aws-sdk-accessanalyzer/errors.rb +5 -5
- data/lib/aws-sdk-accessanalyzer/types.rb +666 -666
- data/lib/aws-sdk-accessanalyzer.rb +1 -1
- metadata +2 -2
@@ -357,23 +357,23 @@ module Aws::AccessAnalyzer
|
|
357
357
|
# @option params [required, String] :analyzer_arn
|
358
358
|
# The Amazon resource name (ARN) of the analyzer.
|
359
359
|
#
|
360
|
+
# @option params [required, String] :rule_name
|
361
|
+
# The name of the rule to apply.
|
362
|
+
#
|
360
363
|
# @option params [String] :client_token
|
361
364
|
# A client token.
|
362
365
|
#
|
363
366
|
# **A suitable default value is auto-generated.** You should normally
|
364
367
|
# not need to pass this option.**
|
365
368
|
#
|
366
|
-
# @option params [required, String] :rule_name
|
367
|
-
# The name of the rule to apply.
|
368
|
-
#
|
369
369
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
370
370
|
#
|
371
371
|
# @example Request syntax with placeholder values
|
372
372
|
#
|
373
373
|
# resp = client.apply_archive_rule({
|
374
374
|
# analyzer_arn: "AnalyzerArn", # required
|
375
|
-
# client_token: "String",
|
376
375
|
# rule_name: "Name", # required
|
376
|
+
# client_token: "String",
|
377
377
|
# })
|
378
378
|
#
|
379
379
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ApplyArchiveRule AWS API Documentation
|
@@ -423,12 +423,6 @@ module Aws::AccessAnalyzer
|
|
423
423
|
#
|
424
424
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
425
425
|
#
|
426
|
-
# @option params [String] :client_token
|
427
|
-
# A client token.
|
428
|
-
#
|
429
|
-
# **A suitable default value is auto-generated.** You should normally
|
430
|
-
# not need to pass this option.**
|
431
|
-
#
|
432
426
|
# @option params [required, Hash<String,Types::Configuration>] :configurations
|
433
427
|
# Access control configuration for your resource that is used to
|
434
428
|
# generate the access preview. The access preview includes findings for
|
@@ -436,6 +430,12 @@ module Aws::AccessAnalyzer
|
|
436
430
|
# control configuration. The configuration must contain exactly one
|
437
431
|
# element.
|
438
432
|
#
|
433
|
+
# @option params [String] :client_token
|
434
|
+
# A client token.
|
435
|
+
#
|
436
|
+
# **A suitable default value is auto-generated.** You should normally
|
437
|
+
# not need to pass this option.**
|
438
|
+
#
|
439
439
|
# @return [Types::CreateAccessPreviewResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
440
440
|
#
|
441
441
|
# * {Types::CreateAccessPreviewResponse#id #id} => String
|
@@ -444,15 +444,20 @@ module Aws::AccessAnalyzer
|
|
444
444
|
#
|
445
445
|
# resp = client.create_access_preview({
|
446
446
|
# analyzer_arn: "AnalyzerArn", # required
|
447
|
-
# client_token: "String",
|
448
447
|
# configurations: { # required
|
449
448
|
# "ConfigurationsMapKey" => {
|
450
449
|
# iam_role: {
|
451
450
|
# trust_policy: "IamTrustPolicy",
|
452
451
|
# },
|
453
452
|
# kms_key: {
|
453
|
+
# key_policies: {
|
454
|
+
# "PolicyName" => "KmsKeyPolicy",
|
455
|
+
# },
|
454
456
|
# grants: [
|
455
457
|
# {
|
458
|
+
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
459
|
+
# grantee_principal: "GranteePrincipal", # required
|
460
|
+
# retiring_principal: "RetiringPrincipal",
|
456
461
|
# constraints: {
|
457
462
|
# encryption_context_equals: {
|
458
463
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
@@ -461,57 +466,52 @@ module Aws::AccessAnalyzer
|
|
461
466
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
462
467
|
# },
|
463
468
|
# },
|
464
|
-
# grantee_principal: "GranteePrincipal", # required
|
465
469
|
# issuing_account: "IssuingAccount", # required
|
466
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
467
|
-
# retiring_principal: "RetiringPrincipal",
|
468
470
|
# },
|
469
471
|
# ],
|
470
|
-
#
|
471
|
-
#
|
472
|
-
#
|
472
|
+
# },
|
473
|
+
# secrets_manager_secret: {
|
474
|
+
# kms_key_id: "SecretsManagerSecretKmsId",
|
475
|
+
# secret_policy: "SecretsManagerSecretPolicy",
|
473
476
|
# },
|
474
477
|
# s3_bucket: {
|
475
|
-
#
|
476
|
-
# "AccessPointArn" => {
|
477
|
-
# access_point_policy: "AccessPointPolicy",
|
478
|
-
# network_origin: {
|
479
|
-
# internet_configuration: {
|
480
|
-
# },
|
481
|
-
# vpc_configuration: {
|
482
|
-
# vpc_id: "VpcId", # required
|
483
|
-
# },
|
484
|
-
# },
|
485
|
-
# public_access_block: {
|
486
|
-
# ignore_public_acls: false, # required
|
487
|
-
# restrict_public_buckets: false, # required
|
488
|
-
# },
|
489
|
-
# },
|
490
|
-
# },
|
478
|
+
# bucket_policy: "S3BucketPolicy",
|
491
479
|
# bucket_acl_grants: [
|
492
480
|
# {
|
481
|
+
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
493
482
|
# grantee: { # required
|
494
483
|
# id: "AclCanonicalId",
|
495
484
|
# uri: "AclUri",
|
496
485
|
# },
|
497
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
498
486
|
# },
|
499
487
|
# ],
|
500
|
-
# bucket_policy: "S3BucketPolicy",
|
501
488
|
# bucket_public_access_block: {
|
502
489
|
# ignore_public_acls: false, # required
|
503
490
|
# restrict_public_buckets: false, # required
|
504
491
|
# },
|
505
|
-
#
|
506
|
-
#
|
507
|
-
#
|
508
|
-
#
|
492
|
+
# access_points: {
|
493
|
+
# "AccessPointArn" => {
|
494
|
+
# access_point_policy: "AccessPointPolicy",
|
495
|
+
# public_access_block: {
|
496
|
+
# ignore_public_acls: false, # required
|
497
|
+
# restrict_public_buckets: false, # required
|
498
|
+
# },
|
499
|
+
# network_origin: {
|
500
|
+
# vpc_configuration: {
|
501
|
+
# vpc_id: "VpcId", # required
|
502
|
+
# },
|
503
|
+
# internet_configuration: {
|
504
|
+
# },
|
505
|
+
# },
|
506
|
+
# },
|
507
|
+
# },
|
509
508
|
# },
|
510
509
|
# sqs_queue: {
|
511
510
|
# queue_policy: "SqsQueuePolicy",
|
512
511
|
# },
|
513
512
|
# },
|
514
513
|
# },
|
514
|
+
# client_token: "String",
|
515
515
|
# })
|
516
516
|
#
|
517
517
|
# @example Response structure
|
@@ -532,26 +532,26 @@ module Aws::AccessAnalyzer
|
|
532
532
|
# @option params [required, String] :analyzer_name
|
533
533
|
# The name of the analyzer to create.
|
534
534
|
#
|
535
|
+
# @option params [required, String] :type
|
536
|
+
# The type of analyzer to create. Only ACCOUNT and ORGANIZATION
|
537
|
+
# analyzers are supported. You can create only one analyzer per account
|
538
|
+
# per Region. You can create up to 5 analyzers per organization per
|
539
|
+
# Region.
|
540
|
+
#
|
535
541
|
# @option params [Array<Types::InlineArchiveRule>] :archive_rules
|
536
542
|
# Specifies the archive rules to add for the analyzer. Archive rules
|
537
543
|
# automatically archive findings that meet the criteria you define for
|
538
544
|
# the rule.
|
539
545
|
#
|
546
|
+
# @option params [Hash<String,String>] :tags
|
547
|
+
# The tags to apply to the analyzer.
|
548
|
+
#
|
540
549
|
# @option params [String] :client_token
|
541
550
|
# A client token.
|
542
551
|
#
|
543
552
|
# **A suitable default value is auto-generated.** You should normally
|
544
553
|
# not need to pass this option.**
|
545
554
|
#
|
546
|
-
# @option params [Hash<String,String>] :tags
|
547
|
-
# The tags to apply to the analyzer.
|
548
|
-
#
|
549
|
-
# @option params [required, String] :type
|
550
|
-
# The type of analyzer to create. Only ACCOUNT and ORGANIZATION
|
551
|
-
# analyzers are supported. You can create only one analyzer per account
|
552
|
-
# per Region. You can create up to 5 analyzers per organization per
|
553
|
-
# Region.
|
554
|
-
#
|
555
555
|
# @return [Types::CreateAnalyzerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
556
556
|
#
|
557
557
|
# * {Types::CreateAnalyzerResponse#arn #arn} => String
|
@@ -560,24 +560,24 @@ module Aws::AccessAnalyzer
|
|
560
560
|
#
|
561
561
|
# resp = client.create_analyzer({
|
562
562
|
# analyzer_name: "Name", # required
|
563
|
+
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
|
563
564
|
# archive_rules: [
|
564
565
|
# {
|
566
|
+
# rule_name: "Name", # required
|
565
567
|
# filter: { # required
|
566
568
|
# "String" => {
|
567
|
-
# contains: ["String"],
|
568
569
|
# eq: ["String"],
|
569
|
-
# exists: false,
|
570
570
|
# neq: ["String"],
|
571
|
+
# contains: ["String"],
|
572
|
+
# exists: false,
|
571
573
|
# },
|
572
574
|
# },
|
573
|
-
# rule_name: "Name", # required
|
574
575
|
# },
|
575
576
|
# ],
|
576
|
-
# client_token: "String",
|
577
577
|
# tags: {
|
578
578
|
# "String" => "String",
|
579
579
|
# },
|
580
|
-
#
|
580
|
+
# client_token: "String",
|
581
581
|
# })
|
582
582
|
#
|
583
583
|
# @example Response structure
|
@@ -607,34 +607,34 @@ module Aws::AccessAnalyzer
|
|
607
607
|
# @option params [required, String] :analyzer_name
|
608
608
|
# The name of the created analyzer.
|
609
609
|
#
|
610
|
+
# @option params [required, String] :rule_name
|
611
|
+
# The name of the rule to create.
|
612
|
+
#
|
613
|
+
# @option params [required, Hash<String,Types::Criterion>] :filter
|
614
|
+
# The criteria for the rule.
|
615
|
+
#
|
610
616
|
# @option params [String] :client_token
|
611
617
|
# A client token.
|
612
618
|
#
|
613
619
|
# **A suitable default value is auto-generated.** You should normally
|
614
620
|
# not need to pass this option.**
|
615
621
|
#
|
616
|
-
# @option params [required, Hash<String,Types::Criterion>] :filter
|
617
|
-
# The criteria for the rule.
|
618
|
-
#
|
619
|
-
# @option params [required, String] :rule_name
|
620
|
-
# The name of the rule to create.
|
621
|
-
#
|
622
622
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
623
623
|
#
|
624
624
|
# @example Request syntax with placeholder values
|
625
625
|
#
|
626
626
|
# resp = client.create_archive_rule({
|
627
627
|
# analyzer_name: "Name", # required
|
628
|
-
#
|
628
|
+
# rule_name: "Name", # required
|
629
629
|
# filter: { # required
|
630
630
|
# "String" => {
|
631
|
-
# contains: ["String"],
|
632
631
|
# eq: ["String"],
|
633
|
-
# exists: false,
|
634
632
|
# neq: ["String"],
|
633
|
+
# contains: ["String"],
|
634
|
+
# exists: false,
|
635
635
|
# },
|
636
636
|
# },
|
637
|
-
#
|
637
|
+
# client_token: "String",
|
638
638
|
# })
|
639
639
|
#
|
640
640
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateArchiveRule AWS API Documentation
|
@@ -684,23 +684,23 @@ module Aws::AccessAnalyzer
|
|
684
684
|
# The name of the analyzer that associated with the archive rule to
|
685
685
|
# delete.
|
686
686
|
#
|
687
|
+
# @option params [required, String] :rule_name
|
688
|
+
# The name of the rule to delete.
|
689
|
+
#
|
687
690
|
# @option params [String] :client_token
|
688
691
|
# A client token.
|
689
692
|
#
|
690
693
|
# **A suitable default value is auto-generated.** You should normally
|
691
694
|
# not need to pass this option.**
|
692
695
|
#
|
693
|
-
# @option params [required, String] :rule_name
|
694
|
-
# The name of the rule to delete.
|
695
|
-
#
|
696
696
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
697
697
|
#
|
698
698
|
# @example Request syntax with placeholder values
|
699
699
|
#
|
700
700
|
# resp = client.delete_archive_rule({
|
701
701
|
# analyzer_name: "Name", # required
|
702
|
-
# client_token: "String",
|
703
702
|
# rule_name: "Name", # required
|
703
|
+
# client_token: "String",
|
704
704
|
# })
|
705
705
|
#
|
706
706
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/DeleteArchiveRule AWS API Documentation
|
@@ -738,38 +738,38 @@ module Aws::AccessAnalyzer
|
|
738
738
|
#
|
739
739
|
# @example Response structure
|
740
740
|
#
|
741
|
+
# resp.access_preview.id #=> String
|
741
742
|
# resp.access_preview.analyzer_arn #=> String
|
742
743
|
# resp.access_preview.configurations #=> Hash
|
743
744
|
# resp.access_preview.configurations["ConfigurationsMapKey"].iam_role.trust_policy #=> String
|
745
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies #=> Hash
|
746
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies["PolicyName"] #=> String
|
744
747
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants #=> Array
|
748
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations #=> Array
|
749
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations[0] #=> String, one of "CreateGrant", "Decrypt", "DescribeKey", "Encrypt", "GenerateDataKey", "GenerateDataKeyPair", "GenerateDataKeyPairWithoutPlaintext", "GenerateDataKeyWithoutPlaintext", "GetPublicKey", "ReEncryptFrom", "ReEncryptTo", "RetireGrant", "Sign", "Verify"
|
750
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].grantee_principal #=> String
|
751
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].retiring_principal #=> String
|
745
752
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_equals #=> Hash
|
746
753
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_equals["KmsConstraintsKey"] #=> String
|
747
754
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_subset #=> Hash
|
748
755
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_subset["KmsConstraintsKey"] #=> String
|
749
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].grantee_principal #=> String
|
750
756
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].issuing_account #=> String
|
751
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
752
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
753
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
754
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies #=> Hash
|
755
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies["PolicyName"] #=> String
|
756
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points #=> Hash
|
757
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].access_point_policy #=> String
|
758
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].network_origin.vpc_configuration.vpc_id #=> String
|
759
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.ignore_public_acls #=> Boolean
|
760
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.restrict_public_buckets #=> Boolean
|
757
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.kms_key_id #=> String
|
758
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.secret_policy #=> String
|
759
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_policy #=> String
|
761
760
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants #=> Array
|
761
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].permission #=> String, one of "READ", "WRITE", "READ_ACP", "WRITE_ACP", "FULL_CONTROL"
|
762
762
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].grantee.id #=> String
|
763
763
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].grantee.uri #=> String
|
764
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].permission #=> String, one of "READ", "WRITE", "READ_ACP", "WRITE_ACP", "FULL_CONTROL"
|
765
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_policy #=> String
|
766
764
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_public_access_block.ignore_public_acls #=> Boolean
|
767
765
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_public_access_block.restrict_public_buckets #=> Boolean
|
768
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
769
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
766
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points #=> Hash
|
767
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].access_point_policy #=> String
|
768
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.ignore_public_acls #=> Boolean
|
769
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.restrict_public_buckets #=> Boolean
|
770
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].network_origin.vpc_configuration.vpc_id #=> String
|
770
771
|
# resp.access_preview.configurations["ConfigurationsMapKey"].sqs_queue.queue_policy #=> String
|
771
772
|
# resp.access_preview.created_at #=> Time
|
772
|
-
# resp.access_preview.id #=> String
|
773
773
|
# resp.access_preview.status #=> String, one of "COMPLETED", "CREATING", "FAILED"
|
774
774
|
# resp.access_preview.status_reason.code #=> String, one of "INTERNAL_ERROR", "INVALID_CONFIGURATION"
|
775
775
|
#
|
@@ -807,19 +807,19 @@ module Aws::AccessAnalyzer
|
|
807
807
|
#
|
808
808
|
# @example Response structure
|
809
809
|
#
|
810
|
-
# resp.resource.actions #=> Array
|
811
|
-
# resp.resource.actions[0] #=> String
|
812
|
-
# resp.resource.analyzed_at #=> Time
|
813
|
-
# resp.resource.created_at #=> Time
|
814
|
-
# resp.resource.error #=> String
|
815
|
-
# resp.resource.is_public #=> Boolean
|
816
810
|
# resp.resource.resource_arn #=> String
|
817
|
-
# resp.resource.resource_owner_account #=> String
|
818
811
|
# resp.resource.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
|
812
|
+
# resp.resource.created_at #=> Time
|
813
|
+
# resp.resource.analyzed_at #=> Time
|
814
|
+
# resp.resource.updated_at #=> Time
|
815
|
+
# resp.resource.is_public #=> Boolean
|
816
|
+
# resp.resource.actions #=> Array
|
817
|
+
# resp.resource.actions[0] #=> String
|
819
818
|
# resp.resource.shared_via #=> Array
|
820
819
|
# resp.resource.shared_via[0] #=> String
|
821
820
|
# resp.resource.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
822
|
-
# resp.resource.
|
821
|
+
# resp.resource.resource_owner_account #=> String
|
822
|
+
# resp.resource.error #=> String
|
823
823
|
#
|
824
824
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzedResource AWS API Documentation
|
825
825
|
#
|
@@ -848,15 +848,15 @@ module Aws::AccessAnalyzer
|
|
848
848
|
# @example Response structure
|
849
849
|
#
|
850
850
|
# resp.analyzer.arn #=> String
|
851
|
+
# resp.analyzer.name #=> String
|
852
|
+
# resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION"
|
851
853
|
# resp.analyzer.created_at #=> Time
|
852
854
|
# resp.analyzer.last_resource_analyzed #=> String
|
853
855
|
# resp.analyzer.last_resource_analyzed_at #=> Time
|
854
|
-
# resp.analyzer.name #=> String
|
855
|
-
# resp.analyzer.status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
856
|
-
# resp.analyzer.status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
857
856
|
# resp.analyzer.tags #=> Hash
|
858
857
|
# resp.analyzer.tags["String"] #=> String
|
859
|
-
# resp.analyzer.
|
858
|
+
# resp.analyzer.status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
859
|
+
# resp.analyzer.status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
860
860
|
#
|
861
861
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzer AWS API Documentation
|
862
862
|
#
|
@@ -895,16 +895,16 @@ module Aws::AccessAnalyzer
|
|
895
895
|
#
|
896
896
|
# @example Response structure
|
897
897
|
#
|
898
|
-
# resp.archive_rule.
|
898
|
+
# resp.archive_rule.rule_name #=> String
|
899
899
|
# resp.archive_rule.filter #=> Hash
|
900
|
-
# resp.archive_rule.filter["String"].contains #=> Array
|
901
|
-
# resp.archive_rule.filter["String"].contains[0] #=> String
|
902
900
|
# resp.archive_rule.filter["String"].eq #=> Array
|
903
901
|
# resp.archive_rule.filter["String"].eq[0] #=> String
|
904
|
-
# resp.archive_rule.filter["String"].exists #=> Boolean
|
905
902
|
# resp.archive_rule.filter["String"].neq #=> Array
|
906
903
|
# resp.archive_rule.filter["String"].neq[0] #=> String
|
907
|
-
# resp.archive_rule.
|
904
|
+
# resp.archive_rule.filter["String"].contains #=> Array
|
905
|
+
# resp.archive_rule.filter["String"].contains[0] #=> String
|
906
|
+
# resp.archive_rule.filter["String"].exists #=> Boolean
|
907
|
+
# resp.archive_rule.created_at #=> Time
|
908
908
|
# resp.archive_rule.updated_at #=> Time
|
909
909
|
#
|
910
910
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetArchiveRule AWS API Documentation
|
@@ -941,25 +941,25 @@ module Aws::AccessAnalyzer
|
|
941
941
|
#
|
942
942
|
# @example Response structure
|
943
943
|
#
|
944
|
+
# resp.finding.id #=> String
|
945
|
+
# resp.finding.principal #=> Hash
|
946
|
+
# resp.finding.principal["String"] #=> String
|
944
947
|
# resp.finding.action #=> Array
|
945
948
|
# resp.finding.action[0] #=> String
|
946
|
-
# resp.finding.
|
949
|
+
# resp.finding.resource #=> String
|
950
|
+
# resp.finding.is_public #=> Boolean
|
951
|
+
# resp.finding.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
|
947
952
|
# resp.finding.condition #=> Hash
|
948
953
|
# resp.finding.condition["String"] #=> String
|
949
954
|
# resp.finding.created_at #=> Time
|
950
|
-
# resp.finding.
|
951
|
-
# resp.finding.
|
952
|
-
# resp.finding.
|
953
|
-
# resp.finding.principal #=> Hash
|
954
|
-
# resp.finding.principal["String"] #=> String
|
955
|
-
# resp.finding.resource #=> String
|
955
|
+
# resp.finding.analyzed_at #=> Time
|
956
|
+
# resp.finding.updated_at #=> Time
|
957
|
+
# resp.finding.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
956
958
|
# resp.finding.resource_owner_account #=> String
|
957
|
-
# resp.finding.
|
959
|
+
# resp.finding.error #=> String
|
958
960
|
# resp.finding.sources #=> Array
|
959
|
-
# resp.finding.sources[0].detail.access_point_arn #=> String
|
960
961
|
# resp.finding.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
|
961
|
-
# resp.finding.
|
962
|
-
# resp.finding.updated_at #=> Time
|
962
|
+
# resp.finding.sources[0].detail.access_point_arn #=> String
|
963
963
|
#
|
964
964
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFinding AWS API Documentation
|
965
965
|
#
|
@@ -972,6 +972,12 @@ module Aws::AccessAnalyzer
|
|
972
972
|
|
973
973
|
# Retrieves the policy that was generated using `StartPolicyGeneration`.
|
974
974
|
#
|
975
|
+
# @option params [required, String] :job_id
|
976
|
+
# The `JobId` that is returned by the `StartPolicyGeneration` operation.
|
977
|
+
# The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
|
978
|
+
# generated policies or used with `CancelPolicyGeneration` to cancel the
|
979
|
+
# policy generation request.
|
980
|
+
#
|
975
981
|
# @option params [Boolean] :include_resource_placeholders
|
976
982
|
# The level of detail that you want to generate. You can specify whether
|
977
983
|
# to generate policies with placeholders for resource ARNs for actions
|
@@ -989,44 +995,38 @@ module Aws::AccessAnalyzer
|
|
989
995
|
# services that have been used recently to create this service-level
|
990
996
|
# template.
|
991
997
|
#
|
992
|
-
# @option params [required, String] :job_id
|
993
|
-
# The `JobId` that is returned by the `StartPolicyGeneration` operation.
|
994
|
-
# The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
|
995
|
-
# generated policies or used with `CancelPolicyGeneration` to cancel the
|
996
|
-
# policy generation request.
|
997
|
-
#
|
998
998
|
# @return [Types::GetGeneratedPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
999
999
|
#
|
1000
|
-
# * {Types::GetGeneratedPolicyResponse#generated_policy_result #generated_policy_result} => Types::GeneratedPolicyResult
|
1001
1000
|
# * {Types::GetGeneratedPolicyResponse#job_details #job_details} => Types::JobDetails
|
1001
|
+
# * {Types::GetGeneratedPolicyResponse#generated_policy_result #generated_policy_result} => Types::GeneratedPolicyResult
|
1002
1002
|
#
|
1003
1003
|
# @example Request syntax with placeholder values
|
1004
1004
|
#
|
1005
1005
|
# resp = client.get_generated_policy({
|
1006
|
+
# job_id: "JobId", # required
|
1006
1007
|
# include_resource_placeholders: false,
|
1007
1008
|
# include_service_level_template: false,
|
1008
|
-
# job_id: "JobId", # required
|
1009
1009
|
# })
|
1010
1010
|
#
|
1011
1011
|
# @example Response structure
|
1012
1012
|
#
|
1013
|
-
# resp.
|
1014
|
-
# resp.
|
1015
|
-
# resp.
|
1016
|
-
# resp.
|
1013
|
+
# resp.job_details.job_id #=> String
|
1014
|
+
# resp.job_details.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
|
1015
|
+
# resp.job_details.started_on #=> Time
|
1016
|
+
# resp.job_details.completed_on #=> Time
|
1017
|
+
# resp.job_details.job_error.code #=> String, one of "AUTHORIZATION_ERROR", "RESOURCE_NOT_FOUND_ERROR", "SERVICE_QUOTA_EXCEEDED_ERROR", "SERVICE_ERROR"
|
1018
|
+
# resp.job_details.job_error.message #=> String
|
1019
|
+
# resp.generated_policy_result.properties.is_complete #=> Boolean
|
1020
|
+
# resp.generated_policy_result.properties.principal_arn #=> String
|
1017
1021
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties #=> Array
|
1018
|
-
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].all_regions #=> Boolean
|
1019
1022
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].cloud_trail_arn #=> String
|
1020
1023
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions #=> Array
|
1021
1024
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions[0] #=> String
|
1022
|
-
# resp.generated_policy_result.properties.
|
1023
|
-
# resp.generated_policy_result.properties.
|
1024
|
-
# resp.
|
1025
|
-
# resp.
|
1026
|
-
# resp.
|
1027
|
-
# resp.job_details.job_id #=> String
|
1028
|
-
# resp.job_details.started_on #=> Time
|
1029
|
-
# resp.job_details.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
|
1025
|
+
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].all_regions #=> Boolean
|
1026
|
+
# resp.generated_policy_result.properties.cloud_trail_properties.start_time #=> Time
|
1027
|
+
# resp.generated_policy_result.properties.cloud_trail_properties.end_time #=> Time
|
1028
|
+
# resp.generated_policy_result.generated_policies #=> Array
|
1029
|
+
# resp.generated_policy_result.generated_policies[0].policy #=> String
|
1030
1030
|
#
|
1031
1031
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicy AWS API Documentation
|
1032
1032
|
#
|
@@ -1053,12 +1053,12 @@ module Aws::AccessAnalyzer
|
|
1053
1053
|
# @option params [Hash<String,Types::Criterion>] :filter
|
1054
1054
|
# Criteria to filter the returned findings.
|
1055
1055
|
#
|
1056
|
-
# @option params [Integer] :max_results
|
1057
|
-
# The maximum number of results to return in the response.
|
1058
|
-
#
|
1059
1056
|
# @option params [String] :next_token
|
1060
1057
|
# A token used for pagination of results returned.
|
1061
1058
|
#
|
1059
|
+
# @option params [Integer] :max_results
|
1060
|
+
# The maximum number of results to return in the response.
|
1061
|
+
#
|
1062
1062
|
# @return [Types::ListAccessPreviewFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1063
1063
|
#
|
1064
1064
|
# * {Types::ListAccessPreviewFindingsResponse#findings #findings} => Array<Types::AccessPreviewFinding>
|
@@ -1073,39 +1073,39 @@ module Aws::AccessAnalyzer
|
|
1073
1073
|
# analyzer_arn: "AnalyzerArn", # required
|
1074
1074
|
# filter: {
|
1075
1075
|
# "String" => {
|
1076
|
-
# contains: ["String"],
|
1077
1076
|
# eq: ["String"],
|
1078
|
-
# exists: false,
|
1079
1077
|
# neq: ["String"],
|
1078
|
+
# contains: ["String"],
|
1079
|
+
# exists: false,
|
1080
1080
|
# },
|
1081
1081
|
# },
|
1082
|
-
# max_results: 1,
|
1083
1082
|
# next_token: "Token",
|
1083
|
+
# max_results: 1,
|
1084
1084
|
# })
|
1085
1085
|
#
|
1086
1086
|
# @example Response structure
|
1087
1087
|
#
|
1088
1088
|
# resp.findings #=> Array
|
1089
|
-
# resp.findings[0].
|
1090
|
-
# resp.findings[0].action[0] #=> String
|
1091
|
-
# resp.findings[0].change_type #=> String, one of "CHANGED", "NEW", "UNCHANGED"
|
1092
|
-
# resp.findings[0].condition #=> Hash
|
1093
|
-
# resp.findings[0].condition["String"] #=> String
|
1094
|
-
# resp.findings[0].created_at #=> Time
|
1095
|
-
# resp.findings[0].error #=> String
|
1089
|
+
# resp.findings[0].id #=> String
|
1096
1090
|
# resp.findings[0].existing_finding_id #=> String
|
1097
1091
|
# resp.findings[0].existing_finding_status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
1098
|
-
# resp.findings[0].id #=> String
|
1099
|
-
# resp.findings[0].is_public #=> Boolean
|
1100
1092
|
# resp.findings[0].principal #=> Hash
|
1101
1093
|
# resp.findings[0].principal["String"] #=> String
|
1094
|
+
# resp.findings[0].action #=> Array
|
1095
|
+
# resp.findings[0].action[0] #=> String
|
1096
|
+
# resp.findings[0].condition #=> Hash
|
1097
|
+
# resp.findings[0].condition["String"] #=> String
|
1102
1098
|
# resp.findings[0].resource #=> String
|
1103
|
-
# resp.findings[0].
|
1099
|
+
# resp.findings[0].is_public #=> Boolean
|
1104
1100
|
# resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
|
1101
|
+
# resp.findings[0].created_at #=> Time
|
1102
|
+
# resp.findings[0].change_type #=> String, one of "CHANGED", "NEW", "UNCHANGED"
|
1103
|
+
# resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
1104
|
+
# resp.findings[0].resource_owner_account #=> String
|
1105
|
+
# resp.findings[0].error #=> String
|
1105
1106
|
# resp.findings[0].sources #=> Array
|
1106
|
-
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
1107
1107
|
# resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
|
1108
|
-
# resp.findings[0].
|
1108
|
+
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
1109
1109
|
# resp.next_token #=> String
|
1110
1110
|
#
|
1111
1111
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindings AWS API Documentation
|
@@ -1126,12 +1126,12 @@ module Aws::AccessAnalyzer
|
|
1126
1126
|
#
|
1127
1127
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1128
1128
|
#
|
1129
|
-
# @option params [Integer] :max_results
|
1130
|
-
# The maximum number of results to return in the response.
|
1131
|
-
#
|
1132
1129
|
# @option params [String] :next_token
|
1133
1130
|
# A token used for pagination of results returned.
|
1134
1131
|
#
|
1132
|
+
# @option params [Integer] :max_results
|
1133
|
+
# The maximum number of results to return in the response.
|
1134
|
+
#
|
1135
1135
|
# @return [Types::ListAccessPreviewsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1136
1136
|
#
|
1137
1137
|
# * {Types::ListAccessPreviewsResponse#access_previews #access_previews} => Array<Types::AccessPreviewSummary>
|
@@ -1143,16 +1143,16 @@ module Aws::AccessAnalyzer
|
|
1143
1143
|
#
|
1144
1144
|
# resp = client.list_access_previews({
|
1145
1145
|
# analyzer_arn: "AnalyzerArn", # required
|
1146
|
-
# max_results: 1,
|
1147
1146
|
# next_token: "Token",
|
1147
|
+
# max_results: 1,
|
1148
1148
|
# })
|
1149
1149
|
#
|
1150
1150
|
# @example Response structure
|
1151
1151
|
#
|
1152
1152
|
# resp.access_previews #=> Array
|
1153
|
+
# resp.access_previews[0].id #=> String
|
1153
1154
|
# resp.access_previews[0].analyzer_arn #=> String
|
1154
1155
|
# resp.access_previews[0].created_at #=> Time
|
1155
|
-
# resp.access_previews[0].id #=> String
|
1156
1156
|
# resp.access_previews[0].status #=> String, one of "COMPLETED", "CREATING", "FAILED"
|
1157
1157
|
# resp.access_previews[0].status_reason.code #=> String, one of "INTERNAL_ERROR", "INVALID_CONFIGURATION"
|
1158
1158
|
# resp.next_token #=> String
|
@@ -1177,14 +1177,14 @@ module Aws::AccessAnalyzer
|
|
1177
1177
|
#
|
1178
1178
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1179
1179
|
#
|
1180
|
-
# @option params [
|
1181
|
-
# The
|
1180
|
+
# @option params [String] :resource_type
|
1181
|
+
# The type of resource.
|
1182
1182
|
#
|
1183
1183
|
# @option params [String] :next_token
|
1184
1184
|
# A token used for pagination of results returned.
|
1185
1185
|
#
|
1186
|
-
# @option params [
|
1187
|
-
# The
|
1186
|
+
# @option params [Integer] :max_results
|
1187
|
+
# The maximum number of results to return in the response.
|
1188
1188
|
#
|
1189
1189
|
# @return [Types::ListAnalyzedResourcesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1190
1190
|
#
|
@@ -1197,9 +1197,9 @@ module Aws::AccessAnalyzer
|
|
1197
1197
|
#
|
1198
1198
|
# resp = client.list_analyzed_resources({
|
1199
1199
|
# analyzer_arn: "AnalyzerArn", # required
|
1200
|
-
# max_results: 1,
|
1201
|
-
# next_token: "Token",
|
1202
1200
|
# resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
|
1201
|
+
# next_token: "Token",
|
1202
|
+
# max_results: 1,
|
1203
1203
|
# })
|
1204
1204
|
#
|
1205
1205
|
# @example Response structure
|
@@ -1221,12 +1221,12 @@ module Aws::AccessAnalyzer
|
|
1221
1221
|
|
1222
1222
|
# Retrieves a list of analyzers.
|
1223
1223
|
#
|
1224
|
-
# @option params [Integer] :max_results
|
1225
|
-
# The maximum number of results to return in the response.
|
1226
|
-
#
|
1227
1224
|
# @option params [String] :next_token
|
1228
1225
|
# A token used for pagination of results returned.
|
1229
1226
|
#
|
1227
|
+
# @option params [Integer] :max_results
|
1228
|
+
# The maximum number of results to return in the response.
|
1229
|
+
#
|
1230
1230
|
# @option params [String] :type
|
1231
1231
|
# The type of analyzer.
|
1232
1232
|
#
|
@@ -1240,8 +1240,8 @@ module Aws::AccessAnalyzer
|
|
1240
1240
|
# @example Request syntax with placeholder values
|
1241
1241
|
#
|
1242
1242
|
# resp = client.list_analyzers({
|
1243
|
-
# max_results: 1,
|
1244
1243
|
# next_token: "Token",
|
1244
|
+
# max_results: 1,
|
1245
1245
|
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
|
1246
1246
|
# })
|
1247
1247
|
#
|
@@ -1249,15 +1249,15 @@ module Aws::AccessAnalyzer
|
|
1249
1249
|
#
|
1250
1250
|
# resp.analyzers #=> Array
|
1251
1251
|
# resp.analyzers[0].arn #=> String
|
1252
|
+
# resp.analyzers[0].name #=> String
|
1253
|
+
# resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION"
|
1252
1254
|
# resp.analyzers[0].created_at #=> Time
|
1253
1255
|
# resp.analyzers[0].last_resource_analyzed #=> String
|
1254
1256
|
# resp.analyzers[0].last_resource_analyzed_at #=> Time
|
1255
|
-
# resp.analyzers[0].name #=> String
|
1256
|
-
# resp.analyzers[0].status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
1257
|
-
# resp.analyzers[0].status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
1258
1257
|
# resp.analyzers[0].tags #=> Hash
|
1259
1258
|
# resp.analyzers[0].tags["String"] #=> String
|
1260
|
-
# resp.analyzers[0].
|
1259
|
+
# resp.analyzers[0].status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
1260
|
+
# resp.analyzers[0].status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
1261
1261
|
# resp.next_token #=> String
|
1262
1262
|
#
|
1263
1263
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers AWS API Documentation
|
@@ -1274,12 +1274,12 @@ module Aws::AccessAnalyzer
|
|
1274
1274
|
# @option params [required, String] :analyzer_name
|
1275
1275
|
# The name of the analyzer to retrieve rules from.
|
1276
1276
|
#
|
1277
|
-
# @option params [Integer] :max_results
|
1278
|
-
# The maximum number of results to return in the request.
|
1279
|
-
#
|
1280
1277
|
# @option params [String] :next_token
|
1281
1278
|
# A token used for pagination of results returned.
|
1282
1279
|
#
|
1280
|
+
# @option params [Integer] :max_results
|
1281
|
+
# The maximum number of results to return in the request.
|
1282
|
+
#
|
1283
1283
|
# @return [Types::ListArchiveRulesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1284
1284
|
#
|
1285
1285
|
# * {Types::ListArchiveRulesResponse#archive_rules #archive_rules} => Array<Types::ArchiveRuleSummary>
|
@@ -1291,23 +1291,23 @@ module Aws::AccessAnalyzer
|
|
1291
1291
|
#
|
1292
1292
|
# resp = client.list_archive_rules({
|
1293
1293
|
# analyzer_name: "Name", # required
|
1294
|
-
# max_results: 1,
|
1295
1294
|
# next_token: "Token",
|
1295
|
+
# max_results: 1,
|
1296
1296
|
# })
|
1297
1297
|
#
|
1298
1298
|
# @example Response structure
|
1299
1299
|
#
|
1300
1300
|
# resp.archive_rules #=> Array
|
1301
|
-
# resp.archive_rules[0].
|
1301
|
+
# resp.archive_rules[0].rule_name #=> String
|
1302
1302
|
# resp.archive_rules[0].filter #=> Hash
|
1303
|
-
# resp.archive_rules[0].filter["String"].contains #=> Array
|
1304
|
-
# resp.archive_rules[0].filter["String"].contains[0] #=> String
|
1305
1303
|
# resp.archive_rules[0].filter["String"].eq #=> Array
|
1306
1304
|
# resp.archive_rules[0].filter["String"].eq[0] #=> String
|
1307
|
-
# resp.archive_rules[0].filter["String"].exists #=> Boolean
|
1308
1305
|
# resp.archive_rules[0].filter["String"].neq #=> Array
|
1309
1306
|
# resp.archive_rules[0].filter["String"].neq[0] #=> String
|
1310
|
-
# resp.archive_rules[0].
|
1307
|
+
# resp.archive_rules[0].filter["String"].contains #=> Array
|
1308
|
+
# resp.archive_rules[0].filter["String"].contains[0] #=> String
|
1309
|
+
# resp.archive_rules[0].filter["String"].exists #=> Boolean
|
1310
|
+
# resp.archive_rules[0].created_at #=> Time
|
1311
1311
|
# resp.archive_rules[0].updated_at #=> Time
|
1312
1312
|
# resp.next_token #=> String
|
1313
1313
|
#
|
@@ -1340,14 +1340,14 @@ module Aws::AccessAnalyzer
|
|
1340
1340
|
# @option params [Hash<String,Types::Criterion>] :filter
|
1341
1341
|
# A filter to match for the findings to return.
|
1342
1342
|
#
|
1343
|
-
# @option params [
|
1344
|
-
# The
|
1343
|
+
# @option params [Types::SortCriteria] :sort
|
1344
|
+
# The sort order for the findings returned.
|
1345
1345
|
#
|
1346
1346
|
# @option params [String] :next_token
|
1347
1347
|
# A token used for pagination of results returned.
|
1348
1348
|
#
|
1349
|
-
# @option params [
|
1350
|
-
# The
|
1349
|
+
# @option params [Integer] :max_results
|
1350
|
+
# The maximum number of results to return in the response.
|
1351
1351
|
#
|
1352
1352
|
# @return [Types::ListFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1353
1353
|
#
|
@@ -1362,42 +1362,42 @@ module Aws::AccessAnalyzer
|
|
1362
1362
|
# analyzer_arn: "AnalyzerArn", # required
|
1363
1363
|
# filter: {
|
1364
1364
|
# "String" => {
|
1365
|
-
# contains: ["String"],
|
1366
1365
|
# eq: ["String"],
|
1367
|
-
# exists: false,
|
1368
1366
|
# neq: ["String"],
|
1367
|
+
# contains: ["String"],
|
1368
|
+
# exists: false,
|
1369
1369
|
# },
|
1370
1370
|
# },
|
1371
|
-
# max_results: 1,
|
1372
|
-
# next_token: "Token",
|
1373
1371
|
# sort: {
|
1374
1372
|
# attribute_name: "String",
|
1375
1373
|
# order_by: "ASC", # accepts ASC, DESC
|
1376
1374
|
# },
|
1375
|
+
# next_token: "Token",
|
1376
|
+
# max_results: 1,
|
1377
1377
|
# })
|
1378
1378
|
#
|
1379
1379
|
# @example Response structure
|
1380
1380
|
#
|
1381
1381
|
# resp.findings #=> Array
|
1382
|
+
# resp.findings[0].id #=> String
|
1383
|
+
# resp.findings[0].principal #=> Hash
|
1384
|
+
# resp.findings[0].principal["String"] #=> String
|
1382
1385
|
# resp.findings[0].action #=> Array
|
1383
1386
|
# resp.findings[0].action[0] #=> String
|
1384
|
-
# resp.findings[0].
|
1387
|
+
# resp.findings[0].resource #=> String
|
1388
|
+
# resp.findings[0].is_public #=> Boolean
|
1389
|
+
# resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
|
1385
1390
|
# resp.findings[0].condition #=> Hash
|
1386
1391
|
# resp.findings[0].condition["String"] #=> String
|
1387
1392
|
# resp.findings[0].created_at #=> Time
|
1388
|
-
# resp.findings[0].
|
1389
|
-
# resp.findings[0].
|
1390
|
-
# resp.findings[0].
|
1391
|
-
# resp.findings[0].principal #=> Hash
|
1392
|
-
# resp.findings[0].principal["String"] #=> String
|
1393
|
-
# resp.findings[0].resource #=> String
|
1393
|
+
# resp.findings[0].analyzed_at #=> Time
|
1394
|
+
# resp.findings[0].updated_at #=> Time
|
1395
|
+
# resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
1394
1396
|
# resp.findings[0].resource_owner_account #=> String
|
1395
|
-
# resp.findings[0].
|
1397
|
+
# resp.findings[0].error #=> String
|
1396
1398
|
# resp.findings[0].sources #=> Array
|
1397
|
-
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
1398
1399
|
# resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
|
1399
|
-
# resp.findings[0].
|
1400
|
-
# resp.findings[0].updated_at #=> Time
|
1400
|
+
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
1401
1401
|
# resp.next_token #=> String
|
1402
1402
|
#
|
1403
1403
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindings AWS API Documentation
|
@@ -1411,41 +1411,41 @@ module Aws::AccessAnalyzer
|
|
1411
1411
|
|
1412
1412
|
# Lists all of the policy generations requested in the last seven days.
|
1413
1413
|
#
|
1414
|
+
# @option params [String] :principal_arn
|
1415
|
+
# The ARN of the IAM entity (user or role) for which you are generating
|
1416
|
+
# a policy. Use this with `ListGeneratedPolicies` to filter the results
|
1417
|
+
# to only include results for a specific principal.
|
1418
|
+
#
|
1414
1419
|
# @option params [Integer] :max_results
|
1415
1420
|
# The maximum number of results to return in the response.
|
1416
1421
|
#
|
1417
1422
|
# @option params [String] :next_token
|
1418
1423
|
# A token used for pagination of results returned.
|
1419
1424
|
#
|
1420
|
-
# @option params [String] :principal_arn
|
1421
|
-
# The ARN of the IAM entity (user or role) for which you are generating
|
1422
|
-
# a policy. Use this with `ListGeneratedPolicies` to filter the results
|
1423
|
-
# to only include results for a specific principal.
|
1424
|
-
#
|
1425
1425
|
# @return [Types::ListPolicyGenerationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1426
1426
|
#
|
1427
|
-
# * {Types::ListPolicyGenerationsResponse#next_token #next_token} => String
|
1428
1427
|
# * {Types::ListPolicyGenerationsResponse#policy_generations #policy_generations} => Array<Types::PolicyGeneration>
|
1428
|
+
# * {Types::ListPolicyGenerationsResponse#next_token #next_token} => String
|
1429
1429
|
#
|
1430
1430
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
1431
1431
|
#
|
1432
1432
|
# @example Request syntax with placeholder values
|
1433
1433
|
#
|
1434
1434
|
# resp = client.list_policy_generations({
|
1435
|
+
# principal_arn: "PrincipalArn",
|
1435
1436
|
# max_results: 1,
|
1436
1437
|
# next_token: "Token",
|
1437
|
-
# principal_arn: "PrincipalArn",
|
1438
1438
|
# })
|
1439
1439
|
#
|
1440
1440
|
# @example Response structure
|
1441
1441
|
#
|
1442
|
-
# resp.next_token #=> String
|
1443
1442
|
# resp.policy_generations #=> Array
|
1444
|
-
# resp.policy_generations[0].completed_on #=> Time
|
1445
1443
|
# resp.policy_generations[0].job_id #=> String
|
1446
1444
|
# resp.policy_generations[0].principal_arn #=> String
|
1447
|
-
# resp.policy_generations[0].started_on #=> Time
|
1448
1445
|
# resp.policy_generations[0].status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
|
1446
|
+
# resp.policy_generations[0].started_on #=> Time
|
1447
|
+
# resp.policy_generations[0].completed_on #=> Time
|
1448
|
+
# resp.next_token #=> String
|
1449
1449
|
#
|
1450
1450
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerations AWS API Documentation
|
1451
1451
|
#
|
@@ -1487,6 +1487,14 @@ module Aws::AccessAnalyzer
|
|
1487
1487
|
|
1488
1488
|
# Starts the policy generation request.
|
1489
1489
|
#
|
1490
|
+
# @option params [required, Types::PolicyGenerationDetails] :policy_generation_details
|
1491
|
+
# Contains the ARN of the IAM entity (user or role) for which you are
|
1492
|
+
# generating a policy.
|
1493
|
+
#
|
1494
|
+
# @option params [Types::CloudTrailDetails] :cloud_trail_details
|
1495
|
+
# A `CloudTrailDetails` object that contains details about a `Trail`
|
1496
|
+
# that you want to analyze to generate policies.
|
1497
|
+
#
|
1490
1498
|
# @option params [String] :client_token
|
1491
1499
|
# A unique, case-sensitive identifier that you provide to ensure the
|
1492
1500
|
# idempotency of the request. Idempotency ensures that an API request
|
@@ -1501,14 +1509,6 @@ module Aws::AccessAnalyzer
|
|
1501
1509
|
# **A suitable default value is auto-generated.** You should normally
|
1502
1510
|
# not need to pass this option.**
|
1503
1511
|
#
|
1504
|
-
# @option params [Types::CloudTrailDetails] :cloud_trail_details
|
1505
|
-
# A `CloudTrailDetails` object that contains details about a `Trail`
|
1506
|
-
# that you want to analyze to generate policies.
|
1507
|
-
#
|
1508
|
-
# @option params [required, Types::PolicyGenerationDetails] :policy_generation_details
|
1509
|
-
# Contains the ARN of the IAM entity (user or role) for which you are
|
1510
|
-
# generating a policy.
|
1511
|
-
#
|
1512
1512
|
# @return [Types::StartPolicyGenerationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1513
1513
|
#
|
1514
1514
|
# * {Types::StartPolicyGenerationResponse#job_id #job_id} => String
|
@@ -1516,22 +1516,22 @@ module Aws::AccessAnalyzer
|
|
1516
1516
|
# @example Request syntax with placeholder values
|
1517
1517
|
#
|
1518
1518
|
# resp = client.start_policy_generation({
|
1519
|
-
#
|
1519
|
+
# policy_generation_details: { # required
|
1520
|
+
# principal_arn: "PrincipalArn", # required
|
1521
|
+
# },
|
1520
1522
|
# cloud_trail_details: {
|
1521
|
-
# access_role: "RoleArn", # required
|
1522
|
-
# end_time: Time.now,
|
1523
|
-
# start_time: Time.now, # required
|
1524
1523
|
# trails: [ # required
|
1525
1524
|
# {
|
1526
|
-
# all_regions: false,
|
1527
1525
|
# cloud_trail_arn: "CloudTrailArn", # required
|
1528
1526
|
# regions: ["String"],
|
1527
|
+
# all_regions: false,
|
1529
1528
|
# },
|
1530
1529
|
# ],
|
1530
|
+
# access_role: "RoleArn", # required
|
1531
|
+
# start_time: Time.now, # required
|
1532
|
+
# end_time: Time.now,
|
1531
1533
|
# },
|
1532
|
-
#
|
1533
|
-
# principal_arn: "PrincipalArn", # required
|
1534
|
-
# },
|
1534
|
+
# client_token: "String",
|
1535
1535
|
# })
|
1536
1536
|
#
|
1537
1537
|
# @example Response structure
|
@@ -1638,18 +1638,18 @@ module Aws::AccessAnalyzer
|
|
1638
1638
|
# @option params [required, String] :analyzer_name
|
1639
1639
|
# The name of the analyzer to update the archive rules for.
|
1640
1640
|
#
|
1641
|
-
# @option params [String] :
|
1642
|
-
#
|
1643
|
-
#
|
1644
|
-
# **A suitable default value is auto-generated.** You should normally
|
1645
|
-
# not need to pass this option.**
|
1641
|
+
# @option params [required, String] :rule_name
|
1642
|
+
# The name of the rule to update.
|
1646
1643
|
#
|
1647
1644
|
# @option params [required, Hash<String,Types::Criterion>] :filter
|
1648
1645
|
# A filter to match for the rules to update. Only rules that match the
|
1649
1646
|
# filter are updated.
|
1650
1647
|
#
|
1651
|
-
# @option params [
|
1652
|
-
#
|
1648
|
+
# @option params [String] :client_token
|
1649
|
+
# A client token.
|
1650
|
+
#
|
1651
|
+
# **A suitable default value is auto-generated.** You should normally
|
1652
|
+
# not need to pass this option.**
|
1653
1653
|
#
|
1654
1654
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1655
1655
|
#
|
@@ -1657,16 +1657,16 @@ module Aws::AccessAnalyzer
|
|
1657
1657
|
#
|
1658
1658
|
# resp = client.update_archive_rule({
|
1659
1659
|
# analyzer_name: "Name", # required
|
1660
|
-
#
|
1660
|
+
# rule_name: "Name", # required
|
1661
1661
|
# filter: { # required
|
1662
1662
|
# "String" => {
|
1663
|
-
# contains: ["String"],
|
1664
1663
|
# eq: ["String"],
|
1665
|
-
# exists: false,
|
1666
1664
|
# neq: ["String"],
|
1665
|
+
# contains: ["String"],
|
1666
|
+
# exists: false,
|
1667
1667
|
# },
|
1668
1668
|
# },
|
1669
|
-
#
|
1669
|
+
# client_token: "String",
|
1670
1670
|
# })
|
1671
1671
|
#
|
1672
1672
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateArchiveRule AWS API Documentation
|
@@ -1687,11 +1687,10 @@ module Aws::AccessAnalyzer
|
|
1687
1687
|
#
|
1688
1688
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1689
1689
|
#
|
1690
|
-
# @option params [String] :
|
1691
|
-
#
|
1692
|
-
#
|
1693
|
-
#
|
1694
|
-
# not need to pass this option.**
|
1690
|
+
# @option params [required, String] :status
|
1691
|
+
# The state represents the action to take to update the finding Status.
|
1692
|
+
# Use `ARCHIVE` to change an Active finding to an Archived finding. Use
|
1693
|
+
# `ACTIVE` to change an Archived finding to an Active finding.
|
1695
1694
|
#
|
1696
1695
|
# @option params [Array<String>] :ids
|
1697
1696
|
# The IDs of the findings to update.
|
@@ -1699,10 +1698,11 @@ module Aws::AccessAnalyzer
|
|
1699
1698
|
# @option params [String] :resource_arn
|
1700
1699
|
# The ARN of the resource identified in the finding.
|
1701
1700
|
#
|
1702
|
-
# @option params [
|
1703
|
-
#
|
1704
|
-
#
|
1705
|
-
#
|
1701
|
+
# @option params [String] :client_token
|
1702
|
+
# A client token.
|
1703
|
+
#
|
1704
|
+
# **A suitable default value is auto-generated.** You should normally
|
1705
|
+
# not need to pass this option.**
|
1706
1706
|
#
|
1707
1707
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1708
1708
|
#
|
@@ -1710,10 +1710,10 @@ module Aws::AccessAnalyzer
|
|
1710
1710
|
#
|
1711
1711
|
# resp = client.update_findings({
|
1712
1712
|
# analyzer_arn: "AnalyzerArn", # required
|
1713
|
-
#
|
1713
|
+
# status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
|
1714
1714
|
# ids: ["FindingId"],
|
1715
1715
|
# resource_arn: "ResourceArn",
|
1716
|
-
#
|
1716
|
+
# client_token: "String",
|
1717
1717
|
# })
|
1718
1718
|
#
|
1719
1719
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateFindings AWS API Documentation
|
@@ -1783,7 +1783,7 @@ module Aws::AccessAnalyzer
|
|
1783
1783
|
# next_token: "Token",
|
1784
1784
|
# policy_document: "PolicyDocument", # required
|
1785
1785
|
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
|
1786
|
-
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
|
1786
|
+
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
|
1787
1787
|
# })
|
1788
1788
|
#
|
1789
1789
|
# @example Response structure
|
@@ -1797,15 +1797,15 @@ module Aws::AccessAnalyzer
|
|
1797
1797
|
# resp.findings[0].locations[0].path #=> Array
|
1798
1798
|
# resp.findings[0].locations[0].path[0].index #=> Integer
|
1799
1799
|
# resp.findings[0].locations[0].path[0].key #=> String
|
1800
|
-
# resp.findings[0].locations[0].path[0].substring.length #=> Integer
|
1801
1800
|
# resp.findings[0].locations[0].path[0].substring.start #=> Integer
|
1801
|
+
# resp.findings[0].locations[0].path[0].substring.length #=> Integer
|
1802
1802
|
# resp.findings[0].locations[0].path[0].value #=> String
|
1803
|
-
# resp.findings[0].locations[0].span.end.column #=> Integer
|
1804
|
-
# resp.findings[0].locations[0].span.end.line #=> Integer
|
1805
|
-
# resp.findings[0].locations[0].span.end.offset #=> Integer
|
1806
|
-
# resp.findings[0].locations[0].span.start.column #=> Integer
|
1807
1803
|
# resp.findings[0].locations[0].span.start.line #=> Integer
|
1804
|
+
# resp.findings[0].locations[0].span.start.column #=> Integer
|
1808
1805
|
# resp.findings[0].locations[0].span.start.offset #=> Integer
|
1806
|
+
# resp.findings[0].locations[0].span.end.line #=> Integer
|
1807
|
+
# resp.findings[0].locations[0].span.end.column #=> Integer
|
1808
|
+
# resp.findings[0].locations[0].span.end.offset #=> Integer
|
1809
1809
|
# resp.next_token #=> String
|
1810
1810
|
#
|
1811
1811
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicy AWS API Documentation
|
@@ -1830,7 +1830,7 @@ module Aws::AccessAnalyzer
|
|
1830
1830
|
params: params,
|
1831
1831
|
config: config)
|
1832
1832
|
context[:gem_name] = 'aws-sdk-accessanalyzer'
|
1833
|
-
context[:gem_version] = '1.
|
1833
|
+
context[:gem_version] = '1.30.0'
|
1834
1834
|
Seahorse::Client::Request.new(handlers, context)
|
1835
1835
|
end
|
1836
1836
|
|