aws-sdk-accessanalyzer 1.29.0 → 1.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -357,23 +357,23 @@ module Aws::AccessAnalyzer
357
357
  # @option params [required, String] :analyzer_arn
358
358
  # The Amazon resource name (ARN) of the analyzer.
359
359
  #
360
+ # @option params [required, String] :rule_name
361
+ # The name of the rule to apply.
362
+ #
360
363
  # @option params [String] :client_token
361
364
  # A client token.
362
365
  #
363
366
  # **A suitable default value is auto-generated.** You should normally
364
367
  # not need to pass this option.**
365
368
  #
366
- # @option params [required, String] :rule_name
367
- # The name of the rule to apply.
368
- #
369
369
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
370
370
  #
371
371
  # @example Request syntax with placeholder values
372
372
  #
373
373
  # resp = client.apply_archive_rule({
374
374
  # analyzer_arn: "AnalyzerArn", # required
375
- # client_token: "String",
376
375
  # rule_name: "Name", # required
376
+ # client_token: "String",
377
377
  # })
378
378
  #
379
379
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ApplyArchiveRule AWS API Documentation
@@ -423,12 +423,6 @@ module Aws::AccessAnalyzer
423
423
  #
424
424
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
425
425
  #
426
- # @option params [String] :client_token
427
- # A client token.
428
- #
429
- # **A suitable default value is auto-generated.** You should normally
430
- # not need to pass this option.**
431
- #
432
426
  # @option params [required, Hash<String,Types::Configuration>] :configurations
433
427
  # Access control configuration for your resource that is used to
434
428
  # generate the access preview. The access preview includes findings for
@@ -436,6 +430,12 @@ module Aws::AccessAnalyzer
436
430
  # control configuration. The configuration must contain exactly one
437
431
  # element.
438
432
  #
433
+ # @option params [String] :client_token
434
+ # A client token.
435
+ #
436
+ # **A suitable default value is auto-generated.** You should normally
437
+ # not need to pass this option.**
438
+ #
439
439
  # @return [Types::CreateAccessPreviewResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
440
440
  #
441
441
  # * {Types::CreateAccessPreviewResponse#id #id} => String
@@ -444,15 +444,20 @@ module Aws::AccessAnalyzer
444
444
  #
445
445
  # resp = client.create_access_preview({
446
446
  # analyzer_arn: "AnalyzerArn", # required
447
- # client_token: "String",
448
447
  # configurations: { # required
449
448
  # "ConfigurationsMapKey" => {
450
449
  # iam_role: {
451
450
  # trust_policy: "IamTrustPolicy",
452
451
  # },
453
452
  # kms_key: {
453
+ # key_policies: {
454
+ # "PolicyName" => "KmsKeyPolicy",
455
+ # },
454
456
  # grants: [
455
457
  # {
458
+ # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
459
+ # grantee_principal: "GranteePrincipal", # required
460
+ # retiring_principal: "RetiringPrincipal",
456
461
  # constraints: {
457
462
  # encryption_context_equals: {
458
463
  # "KmsConstraintsKey" => "KmsConstraintsValue",
@@ -461,57 +466,52 @@ module Aws::AccessAnalyzer
461
466
  # "KmsConstraintsKey" => "KmsConstraintsValue",
462
467
  # },
463
468
  # },
464
- # grantee_principal: "GranteePrincipal", # required
465
469
  # issuing_account: "IssuingAccount", # required
466
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
467
- # retiring_principal: "RetiringPrincipal",
468
470
  # },
469
471
  # ],
470
- # key_policies: {
471
- # "PolicyName" => "KmsKeyPolicy",
472
- # },
472
+ # },
473
+ # secrets_manager_secret: {
474
+ # kms_key_id: "SecretsManagerSecretKmsId",
475
+ # secret_policy: "SecretsManagerSecretPolicy",
473
476
  # },
474
477
  # s3_bucket: {
475
- # access_points: {
476
- # "AccessPointArn" => {
477
- # access_point_policy: "AccessPointPolicy",
478
- # network_origin: {
479
- # internet_configuration: {
480
- # },
481
- # vpc_configuration: {
482
- # vpc_id: "VpcId", # required
483
- # },
484
- # },
485
- # public_access_block: {
486
- # ignore_public_acls: false, # required
487
- # restrict_public_buckets: false, # required
488
- # },
489
- # },
490
- # },
478
+ # bucket_policy: "S3BucketPolicy",
491
479
  # bucket_acl_grants: [
492
480
  # {
481
+ # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
493
482
  # grantee: { # required
494
483
  # id: "AclCanonicalId",
495
484
  # uri: "AclUri",
496
485
  # },
497
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
498
486
  # },
499
487
  # ],
500
- # bucket_policy: "S3BucketPolicy",
501
488
  # bucket_public_access_block: {
502
489
  # ignore_public_acls: false, # required
503
490
  # restrict_public_buckets: false, # required
504
491
  # },
505
- # },
506
- # secrets_manager_secret: {
507
- # kms_key_id: "SecretsManagerSecretKmsId",
508
- # secret_policy: "SecretsManagerSecretPolicy",
492
+ # access_points: {
493
+ # "AccessPointArn" => {
494
+ # access_point_policy: "AccessPointPolicy",
495
+ # public_access_block: {
496
+ # ignore_public_acls: false, # required
497
+ # restrict_public_buckets: false, # required
498
+ # },
499
+ # network_origin: {
500
+ # vpc_configuration: {
501
+ # vpc_id: "VpcId", # required
502
+ # },
503
+ # internet_configuration: {
504
+ # },
505
+ # },
506
+ # },
507
+ # },
509
508
  # },
510
509
  # sqs_queue: {
511
510
  # queue_policy: "SqsQueuePolicy",
512
511
  # },
513
512
  # },
514
513
  # },
514
+ # client_token: "String",
515
515
  # })
516
516
  #
517
517
  # @example Response structure
@@ -532,26 +532,26 @@ module Aws::AccessAnalyzer
532
532
  # @option params [required, String] :analyzer_name
533
533
  # The name of the analyzer to create.
534
534
  #
535
+ # @option params [required, String] :type
536
+ # The type of analyzer to create. Only ACCOUNT and ORGANIZATION
537
+ # analyzers are supported. You can create only one analyzer per account
538
+ # per Region. You can create up to 5 analyzers per organization per
539
+ # Region.
540
+ #
535
541
  # @option params [Array<Types::InlineArchiveRule>] :archive_rules
536
542
  # Specifies the archive rules to add for the analyzer. Archive rules
537
543
  # automatically archive findings that meet the criteria you define for
538
544
  # the rule.
539
545
  #
546
+ # @option params [Hash<String,String>] :tags
547
+ # The tags to apply to the analyzer.
548
+ #
540
549
  # @option params [String] :client_token
541
550
  # A client token.
542
551
  #
543
552
  # **A suitable default value is auto-generated.** You should normally
544
553
  # not need to pass this option.**
545
554
  #
546
- # @option params [Hash<String,String>] :tags
547
- # The tags to apply to the analyzer.
548
- #
549
- # @option params [required, String] :type
550
- # The type of analyzer to create. Only ACCOUNT and ORGANIZATION
551
- # analyzers are supported. You can create only one analyzer per account
552
- # per Region. You can create up to 5 analyzers per organization per
553
- # Region.
554
- #
555
555
  # @return [Types::CreateAnalyzerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
556
556
  #
557
557
  # * {Types::CreateAnalyzerResponse#arn #arn} => String
@@ -560,24 +560,24 @@ module Aws::AccessAnalyzer
560
560
  #
561
561
  # resp = client.create_analyzer({
562
562
  # analyzer_name: "Name", # required
563
+ # type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
563
564
  # archive_rules: [
564
565
  # {
566
+ # rule_name: "Name", # required
565
567
  # filter: { # required
566
568
  # "String" => {
567
- # contains: ["String"],
568
569
  # eq: ["String"],
569
- # exists: false,
570
570
  # neq: ["String"],
571
+ # contains: ["String"],
572
+ # exists: false,
571
573
  # },
572
574
  # },
573
- # rule_name: "Name", # required
574
575
  # },
575
576
  # ],
576
- # client_token: "String",
577
577
  # tags: {
578
578
  # "String" => "String",
579
579
  # },
580
- # type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
580
+ # client_token: "String",
581
581
  # })
582
582
  #
583
583
  # @example Response structure
@@ -607,34 +607,34 @@ module Aws::AccessAnalyzer
607
607
  # @option params [required, String] :analyzer_name
608
608
  # The name of the created analyzer.
609
609
  #
610
+ # @option params [required, String] :rule_name
611
+ # The name of the rule to create.
612
+ #
613
+ # @option params [required, Hash<String,Types::Criterion>] :filter
614
+ # The criteria for the rule.
615
+ #
610
616
  # @option params [String] :client_token
611
617
  # A client token.
612
618
  #
613
619
  # **A suitable default value is auto-generated.** You should normally
614
620
  # not need to pass this option.**
615
621
  #
616
- # @option params [required, Hash<String,Types::Criterion>] :filter
617
- # The criteria for the rule.
618
- #
619
- # @option params [required, String] :rule_name
620
- # The name of the rule to create.
621
- #
622
622
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
623
623
  #
624
624
  # @example Request syntax with placeholder values
625
625
  #
626
626
  # resp = client.create_archive_rule({
627
627
  # analyzer_name: "Name", # required
628
- # client_token: "String",
628
+ # rule_name: "Name", # required
629
629
  # filter: { # required
630
630
  # "String" => {
631
- # contains: ["String"],
632
631
  # eq: ["String"],
633
- # exists: false,
634
632
  # neq: ["String"],
633
+ # contains: ["String"],
634
+ # exists: false,
635
635
  # },
636
636
  # },
637
- # rule_name: "Name", # required
637
+ # client_token: "String",
638
638
  # })
639
639
  #
640
640
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateArchiveRule AWS API Documentation
@@ -684,23 +684,23 @@ module Aws::AccessAnalyzer
684
684
  # The name of the analyzer that associated with the archive rule to
685
685
  # delete.
686
686
  #
687
+ # @option params [required, String] :rule_name
688
+ # The name of the rule to delete.
689
+ #
687
690
  # @option params [String] :client_token
688
691
  # A client token.
689
692
  #
690
693
  # **A suitable default value is auto-generated.** You should normally
691
694
  # not need to pass this option.**
692
695
  #
693
- # @option params [required, String] :rule_name
694
- # The name of the rule to delete.
695
- #
696
696
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
697
697
  #
698
698
  # @example Request syntax with placeholder values
699
699
  #
700
700
  # resp = client.delete_archive_rule({
701
701
  # analyzer_name: "Name", # required
702
- # client_token: "String",
703
702
  # rule_name: "Name", # required
703
+ # client_token: "String",
704
704
  # })
705
705
  #
706
706
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/DeleteArchiveRule AWS API Documentation
@@ -738,38 +738,38 @@ module Aws::AccessAnalyzer
738
738
  #
739
739
  # @example Response structure
740
740
  #
741
+ # resp.access_preview.id #=> String
741
742
  # resp.access_preview.analyzer_arn #=> String
742
743
  # resp.access_preview.configurations #=> Hash
743
744
  # resp.access_preview.configurations["ConfigurationsMapKey"].iam_role.trust_policy #=> String
745
+ # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies #=> Hash
746
+ # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies["PolicyName"] #=> String
744
747
  # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants #=> Array
748
+ # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations #=> Array
749
+ # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations[0] #=> String, one of "CreateGrant", "Decrypt", "DescribeKey", "Encrypt", "GenerateDataKey", "GenerateDataKeyPair", "GenerateDataKeyPairWithoutPlaintext", "GenerateDataKeyWithoutPlaintext", "GetPublicKey", "ReEncryptFrom", "ReEncryptTo", "RetireGrant", "Sign", "Verify"
750
+ # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].grantee_principal #=> String
751
+ # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].retiring_principal #=> String
745
752
  # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_equals #=> Hash
746
753
  # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_equals["KmsConstraintsKey"] #=> String
747
754
  # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_subset #=> Hash
748
755
  # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_subset["KmsConstraintsKey"] #=> String
749
- # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].grantee_principal #=> String
750
756
  # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].issuing_account #=> String
751
- # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations #=> Array
752
- # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations[0] #=> String, one of "CreateGrant", "Decrypt", "DescribeKey", "Encrypt", "GenerateDataKey", "GenerateDataKeyPair", "GenerateDataKeyPairWithoutPlaintext", "GenerateDataKeyWithoutPlaintext", "GetPublicKey", "ReEncryptFrom", "ReEncryptTo", "RetireGrant", "Sign", "Verify"
753
- # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].retiring_principal #=> String
754
- # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies #=> Hash
755
- # resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies["PolicyName"] #=> String
756
- # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points #=> Hash
757
- # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].access_point_policy #=> String
758
- # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].network_origin.vpc_configuration.vpc_id #=> String
759
- # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.ignore_public_acls #=> Boolean
760
- # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.restrict_public_buckets #=> Boolean
757
+ # resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.kms_key_id #=> String
758
+ # resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.secret_policy #=> String
759
+ # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_policy #=> String
761
760
  # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants #=> Array
761
+ # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].permission #=> String, one of "READ", "WRITE", "READ_ACP", "WRITE_ACP", "FULL_CONTROL"
762
762
  # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].grantee.id #=> String
763
763
  # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].grantee.uri #=> String
764
- # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].permission #=> String, one of "READ", "WRITE", "READ_ACP", "WRITE_ACP", "FULL_CONTROL"
765
- # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_policy #=> String
766
764
  # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_public_access_block.ignore_public_acls #=> Boolean
767
765
  # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_public_access_block.restrict_public_buckets #=> Boolean
768
- # resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.kms_key_id #=> String
769
- # resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.secret_policy #=> String
766
+ # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points #=> Hash
767
+ # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].access_point_policy #=> String
768
+ # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.ignore_public_acls #=> Boolean
769
+ # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.restrict_public_buckets #=> Boolean
770
+ # resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].network_origin.vpc_configuration.vpc_id #=> String
770
771
  # resp.access_preview.configurations["ConfigurationsMapKey"].sqs_queue.queue_policy #=> String
771
772
  # resp.access_preview.created_at #=> Time
772
- # resp.access_preview.id #=> String
773
773
  # resp.access_preview.status #=> String, one of "COMPLETED", "CREATING", "FAILED"
774
774
  # resp.access_preview.status_reason.code #=> String, one of "INTERNAL_ERROR", "INVALID_CONFIGURATION"
775
775
  #
@@ -807,19 +807,19 @@ module Aws::AccessAnalyzer
807
807
  #
808
808
  # @example Response structure
809
809
  #
810
- # resp.resource.actions #=> Array
811
- # resp.resource.actions[0] #=> String
812
- # resp.resource.analyzed_at #=> Time
813
- # resp.resource.created_at #=> Time
814
- # resp.resource.error #=> String
815
- # resp.resource.is_public #=> Boolean
816
810
  # resp.resource.resource_arn #=> String
817
- # resp.resource.resource_owner_account #=> String
818
811
  # resp.resource.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
812
+ # resp.resource.created_at #=> Time
813
+ # resp.resource.analyzed_at #=> Time
814
+ # resp.resource.updated_at #=> Time
815
+ # resp.resource.is_public #=> Boolean
816
+ # resp.resource.actions #=> Array
817
+ # resp.resource.actions[0] #=> String
819
818
  # resp.resource.shared_via #=> Array
820
819
  # resp.resource.shared_via[0] #=> String
821
820
  # resp.resource.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
822
- # resp.resource.updated_at #=> Time
821
+ # resp.resource.resource_owner_account #=> String
822
+ # resp.resource.error #=> String
823
823
  #
824
824
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzedResource AWS API Documentation
825
825
  #
@@ -848,15 +848,15 @@ module Aws::AccessAnalyzer
848
848
  # @example Response structure
849
849
  #
850
850
  # resp.analyzer.arn #=> String
851
+ # resp.analyzer.name #=> String
852
+ # resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION"
851
853
  # resp.analyzer.created_at #=> Time
852
854
  # resp.analyzer.last_resource_analyzed #=> String
853
855
  # resp.analyzer.last_resource_analyzed_at #=> Time
854
- # resp.analyzer.name #=> String
855
- # resp.analyzer.status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
856
- # resp.analyzer.status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
857
856
  # resp.analyzer.tags #=> Hash
858
857
  # resp.analyzer.tags["String"] #=> String
859
- # resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION"
858
+ # resp.analyzer.status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
859
+ # resp.analyzer.status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
860
860
  #
861
861
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzer AWS API Documentation
862
862
  #
@@ -895,16 +895,16 @@ module Aws::AccessAnalyzer
895
895
  #
896
896
  # @example Response structure
897
897
  #
898
- # resp.archive_rule.created_at #=> Time
898
+ # resp.archive_rule.rule_name #=> String
899
899
  # resp.archive_rule.filter #=> Hash
900
- # resp.archive_rule.filter["String"].contains #=> Array
901
- # resp.archive_rule.filter["String"].contains[0] #=> String
902
900
  # resp.archive_rule.filter["String"].eq #=> Array
903
901
  # resp.archive_rule.filter["String"].eq[0] #=> String
904
- # resp.archive_rule.filter["String"].exists #=> Boolean
905
902
  # resp.archive_rule.filter["String"].neq #=> Array
906
903
  # resp.archive_rule.filter["String"].neq[0] #=> String
907
- # resp.archive_rule.rule_name #=> String
904
+ # resp.archive_rule.filter["String"].contains #=> Array
905
+ # resp.archive_rule.filter["String"].contains[0] #=> String
906
+ # resp.archive_rule.filter["String"].exists #=> Boolean
907
+ # resp.archive_rule.created_at #=> Time
908
908
  # resp.archive_rule.updated_at #=> Time
909
909
  #
910
910
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetArchiveRule AWS API Documentation
@@ -941,25 +941,25 @@ module Aws::AccessAnalyzer
941
941
  #
942
942
  # @example Response structure
943
943
  #
944
+ # resp.finding.id #=> String
945
+ # resp.finding.principal #=> Hash
946
+ # resp.finding.principal["String"] #=> String
944
947
  # resp.finding.action #=> Array
945
948
  # resp.finding.action[0] #=> String
946
- # resp.finding.analyzed_at #=> Time
949
+ # resp.finding.resource #=> String
950
+ # resp.finding.is_public #=> Boolean
951
+ # resp.finding.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
947
952
  # resp.finding.condition #=> Hash
948
953
  # resp.finding.condition["String"] #=> String
949
954
  # resp.finding.created_at #=> Time
950
- # resp.finding.error #=> String
951
- # resp.finding.id #=> String
952
- # resp.finding.is_public #=> Boolean
953
- # resp.finding.principal #=> Hash
954
- # resp.finding.principal["String"] #=> String
955
- # resp.finding.resource #=> String
955
+ # resp.finding.analyzed_at #=> Time
956
+ # resp.finding.updated_at #=> Time
957
+ # resp.finding.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
956
958
  # resp.finding.resource_owner_account #=> String
957
- # resp.finding.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
959
+ # resp.finding.error #=> String
958
960
  # resp.finding.sources #=> Array
959
- # resp.finding.sources[0].detail.access_point_arn #=> String
960
961
  # resp.finding.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
961
- # resp.finding.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
962
- # resp.finding.updated_at #=> Time
962
+ # resp.finding.sources[0].detail.access_point_arn #=> String
963
963
  #
964
964
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFinding AWS API Documentation
965
965
  #
@@ -972,6 +972,12 @@ module Aws::AccessAnalyzer
972
972
 
973
973
  # Retrieves the policy that was generated using `StartPolicyGeneration`.
974
974
  #
975
+ # @option params [required, String] :job_id
976
+ # The `JobId` that is returned by the `StartPolicyGeneration` operation.
977
+ # The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
978
+ # generated policies or used with `CancelPolicyGeneration` to cancel the
979
+ # policy generation request.
980
+ #
975
981
  # @option params [Boolean] :include_resource_placeholders
976
982
  # The level of detail that you want to generate. You can specify whether
977
983
  # to generate policies with placeholders for resource ARNs for actions
@@ -989,44 +995,38 @@ module Aws::AccessAnalyzer
989
995
  # services that have been used recently to create this service-level
990
996
  # template.
991
997
  #
992
- # @option params [required, String] :job_id
993
- # The `JobId` that is returned by the `StartPolicyGeneration` operation.
994
- # The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
995
- # generated policies or used with `CancelPolicyGeneration` to cancel the
996
- # policy generation request.
997
- #
998
998
  # @return [Types::GetGeneratedPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
999
999
  #
1000
- # * {Types::GetGeneratedPolicyResponse#generated_policy_result #generated_policy_result} => Types::GeneratedPolicyResult
1001
1000
  # * {Types::GetGeneratedPolicyResponse#job_details #job_details} => Types::JobDetails
1001
+ # * {Types::GetGeneratedPolicyResponse#generated_policy_result #generated_policy_result} => Types::GeneratedPolicyResult
1002
1002
  #
1003
1003
  # @example Request syntax with placeholder values
1004
1004
  #
1005
1005
  # resp = client.get_generated_policy({
1006
+ # job_id: "JobId", # required
1006
1007
  # include_resource_placeholders: false,
1007
1008
  # include_service_level_template: false,
1008
- # job_id: "JobId", # required
1009
1009
  # })
1010
1010
  #
1011
1011
  # @example Response structure
1012
1012
  #
1013
- # resp.generated_policy_result.generated_policies #=> Array
1014
- # resp.generated_policy_result.generated_policies[0].policy #=> String
1015
- # resp.generated_policy_result.properties.cloud_trail_properties.end_time #=> Time
1016
- # resp.generated_policy_result.properties.cloud_trail_properties.start_time #=> Time
1013
+ # resp.job_details.job_id #=> String
1014
+ # resp.job_details.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
1015
+ # resp.job_details.started_on #=> Time
1016
+ # resp.job_details.completed_on #=> Time
1017
+ # resp.job_details.job_error.code #=> String, one of "AUTHORIZATION_ERROR", "RESOURCE_NOT_FOUND_ERROR", "SERVICE_QUOTA_EXCEEDED_ERROR", "SERVICE_ERROR"
1018
+ # resp.job_details.job_error.message #=> String
1019
+ # resp.generated_policy_result.properties.is_complete #=> Boolean
1020
+ # resp.generated_policy_result.properties.principal_arn #=> String
1017
1021
  # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties #=> Array
1018
- # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].all_regions #=> Boolean
1019
1022
  # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].cloud_trail_arn #=> String
1020
1023
  # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions #=> Array
1021
1024
  # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions[0] #=> String
1022
- # resp.generated_policy_result.properties.is_complete #=> Boolean
1023
- # resp.generated_policy_result.properties.principal_arn #=> String
1024
- # resp.job_details.completed_on #=> Time
1025
- # resp.job_details.job_error.code #=> String, one of "AUTHORIZATION_ERROR", "RESOURCE_NOT_FOUND_ERROR", "SERVICE_QUOTA_EXCEEDED_ERROR", "SERVICE_ERROR"
1026
- # resp.job_details.job_error.message #=> String
1027
- # resp.job_details.job_id #=> String
1028
- # resp.job_details.started_on #=> Time
1029
- # resp.job_details.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
1025
+ # resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].all_regions #=> Boolean
1026
+ # resp.generated_policy_result.properties.cloud_trail_properties.start_time #=> Time
1027
+ # resp.generated_policy_result.properties.cloud_trail_properties.end_time #=> Time
1028
+ # resp.generated_policy_result.generated_policies #=> Array
1029
+ # resp.generated_policy_result.generated_policies[0].policy #=> String
1030
1030
  #
1031
1031
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicy AWS API Documentation
1032
1032
  #
@@ -1053,12 +1053,12 @@ module Aws::AccessAnalyzer
1053
1053
  # @option params [Hash<String,Types::Criterion>] :filter
1054
1054
  # Criteria to filter the returned findings.
1055
1055
  #
1056
- # @option params [Integer] :max_results
1057
- # The maximum number of results to return in the response.
1058
- #
1059
1056
  # @option params [String] :next_token
1060
1057
  # A token used for pagination of results returned.
1061
1058
  #
1059
+ # @option params [Integer] :max_results
1060
+ # The maximum number of results to return in the response.
1061
+ #
1062
1062
  # @return [Types::ListAccessPreviewFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1063
1063
  #
1064
1064
  # * {Types::ListAccessPreviewFindingsResponse#findings #findings} => Array&lt;Types::AccessPreviewFinding&gt;
@@ -1073,39 +1073,39 @@ module Aws::AccessAnalyzer
1073
1073
  # analyzer_arn: "AnalyzerArn", # required
1074
1074
  # filter: {
1075
1075
  # "String" => {
1076
- # contains: ["String"],
1077
1076
  # eq: ["String"],
1078
- # exists: false,
1079
1077
  # neq: ["String"],
1078
+ # contains: ["String"],
1079
+ # exists: false,
1080
1080
  # },
1081
1081
  # },
1082
- # max_results: 1,
1083
1082
  # next_token: "Token",
1083
+ # max_results: 1,
1084
1084
  # })
1085
1085
  #
1086
1086
  # @example Response structure
1087
1087
  #
1088
1088
  # resp.findings #=> Array
1089
- # resp.findings[0].action #=> Array
1090
- # resp.findings[0].action[0] #=> String
1091
- # resp.findings[0].change_type #=> String, one of "CHANGED", "NEW", "UNCHANGED"
1092
- # resp.findings[0].condition #=> Hash
1093
- # resp.findings[0].condition["String"] #=> String
1094
- # resp.findings[0].created_at #=> Time
1095
- # resp.findings[0].error #=> String
1089
+ # resp.findings[0].id #=> String
1096
1090
  # resp.findings[0].existing_finding_id #=> String
1097
1091
  # resp.findings[0].existing_finding_status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
1098
- # resp.findings[0].id #=> String
1099
- # resp.findings[0].is_public #=> Boolean
1100
1092
  # resp.findings[0].principal #=> Hash
1101
1093
  # resp.findings[0].principal["String"] #=> String
1094
+ # resp.findings[0].action #=> Array
1095
+ # resp.findings[0].action[0] #=> String
1096
+ # resp.findings[0].condition #=> Hash
1097
+ # resp.findings[0].condition["String"] #=> String
1102
1098
  # resp.findings[0].resource #=> String
1103
- # resp.findings[0].resource_owner_account #=> String
1099
+ # resp.findings[0].is_public #=> Boolean
1104
1100
  # resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
1101
+ # resp.findings[0].created_at #=> Time
1102
+ # resp.findings[0].change_type #=> String, one of "CHANGED", "NEW", "UNCHANGED"
1103
+ # resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
1104
+ # resp.findings[0].resource_owner_account #=> String
1105
+ # resp.findings[0].error #=> String
1105
1106
  # resp.findings[0].sources #=> Array
1106
- # resp.findings[0].sources[0].detail.access_point_arn #=> String
1107
1107
  # resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
1108
- # resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
1108
+ # resp.findings[0].sources[0].detail.access_point_arn #=> String
1109
1109
  # resp.next_token #=> String
1110
1110
  #
1111
1111
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindings AWS API Documentation
@@ -1126,12 +1126,12 @@ module Aws::AccessAnalyzer
1126
1126
  #
1127
1127
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
1128
1128
  #
1129
- # @option params [Integer] :max_results
1130
- # The maximum number of results to return in the response.
1131
- #
1132
1129
  # @option params [String] :next_token
1133
1130
  # A token used for pagination of results returned.
1134
1131
  #
1132
+ # @option params [Integer] :max_results
1133
+ # The maximum number of results to return in the response.
1134
+ #
1135
1135
  # @return [Types::ListAccessPreviewsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1136
1136
  #
1137
1137
  # * {Types::ListAccessPreviewsResponse#access_previews #access_previews} => Array&lt;Types::AccessPreviewSummary&gt;
@@ -1143,16 +1143,16 @@ module Aws::AccessAnalyzer
1143
1143
  #
1144
1144
  # resp = client.list_access_previews({
1145
1145
  # analyzer_arn: "AnalyzerArn", # required
1146
- # max_results: 1,
1147
1146
  # next_token: "Token",
1147
+ # max_results: 1,
1148
1148
  # })
1149
1149
  #
1150
1150
  # @example Response structure
1151
1151
  #
1152
1152
  # resp.access_previews #=> Array
1153
+ # resp.access_previews[0].id #=> String
1153
1154
  # resp.access_previews[0].analyzer_arn #=> String
1154
1155
  # resp.access_previews[0].created_at #=> Time
1155
- # resp.access_previews[0].id #=> String
1156
1156
  # resp.access_previews[0].status #=> String, one of "COMPLETED", "CREATING", "FAILED"
1157
1157
  # resp.access_previews[0].status_reason.code #=> String, one of "INTERNAL_ERROR", "INVALID_CONFIGURATION"
1158
1158
  # resp.next_token #=> String
@@ -1177,14 +1177,14 @@ module Aws::AccessAnalyzer
1177
1177
  #
1178
1178
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
1179
1179
  #
1180
- # @option params [Integer] :max_results
1181
- # The maximum number of results to return in the response.
1180
+ # @option params [String] :resource_type
1181
+ # The type of resource.
1182
1182
  #
1183
1183
  # @option params [String] :next_token
1184
1184
  # A token used for pagination of results returned.
1185
1185
  #
1186
- # @option params [String] :resource_type
1187
- # The type of resource.
1186
+ # @option params [Integer] :max_results
1187
+ # The maximum number of results to return in the response.
1188
1188
  #
1189
1189
  # @return [Types::ListAnalyzedResourcesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1190
1190
  #
@@ -1197,9 +1197,9 @@ module Aws::AccessAnalyzer
1197
1197
  #
1198
1198
  # resp = client.list_analyzed_resources({
1199
1199
  # analyzer_arn: "AnalyzerArn", # required
1200
- # max_results: 1,
1201
- # next_token: "Token",
1202
1200
  # resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
1201
+ # next_token: "Token",
1202
+ # max_results: 1,
1203
1203
  # })
1204
1204
  #
1205
1205
  # @example Response structure
@@ -1221,12 +1221,12 @@ module Aws::AccessAnalyzer
1221
1221
 
1222
1222
  # Retrieves a list of analyzers.
1223
1223
  #
1224
- # @option params [Integer] :max_results
1225
- # The maximum number of results to return in the response.
1226
- #
1227
1224
  # @option params [String] :next_token
1228
1225
  # A token used for pagination of results returned.
1229
1226
  #
1227
+ # @option params [Integer] :max_results
1228
+ # The maximum number of results to return in the response.
1229
+ #
1230
1230
  # @option params [String] :type
1231
1231
  # The type of analyzer.
1232
1232
  #
@@ -1240,8 +1240,8 @@ module Aws::AccessAnalyzer
1240
1240
  # @example Request syntax with placeholder values
1241
1241
  #
1242
1242
  # resp = client.list_analyzers({
1243
- # max_results: 1,
1244
1243
  # next_token: "Token",
1244
+ # max_results: 1,
1245
1245
  # type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
1246
1246
  # })
1247
1247
  #
@@ -1249,15 +1249,15 @@ module Aws::AccessAnalyzer
1249
1249
  #
1250
1250
  # resp.analyzers #=> Array
1251
1251
  # resp.analyzers[0].arn #=> String
1252
+ # resp.analyzers[0].name #=> String
1253
+ # resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION"
1252
1254
  # resp.analyzers[0].created_at #=> Time
1253
1255
  # resp.analyzers[0].last_resource_analyzed #=> String
1254
1256
  # resp.analyzers[0].last_resource_analyzed_at #=> Time
1255
- # resp.analyzers[0].name #=> String
1256
- # resp.analyzers[0].status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
1257
- # resp.analyzers[0].status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
1258
1257
  # resp.analyzers[0].tags #=> Hash
1259
1258
  # resp.analyzers[0].tags["String"] #=> String
1260
- # resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION"
1259
+ # resp.analyzers[0].status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
1260
+ # resp.analyzers[0].status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
1261
1261
  # resp.next_token #=> String
1262
1262
  #
1263
1263
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers AWS API Documentation
@@ -1274,12 +1274,12 @@ module Aws::AccessAnalyzer
1274
1274
  # @option params [required, String] :analyzer_name
1275
1275
  # The name of the analyzer to retrieve rules from.
1276
1276
  #
1277
- # @option params [Integer] :max_results
1278
- # The maximum number of results to return in the request.
1279
- #
1280
1277
  # @option params [String] :next_token
1281
1278
  # A token used for pagination of results returned.
1282
1279
  #
1280
+ # @option params [Integer] :max_results
1281
+ # The maximum number of results to return in the request.
1282
+ #
1283
1283
  # @return [Types::ListArchiveRulesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1284
1284
  #
1285
1285
  # * {Types::ListArchiveRulesResponse#archive_rules #archive_rules} => Array&lt;Types::ArchiveRuleSummary&gt;
@@ -1291,23 +1291,23 @@ module Aws::AccessAnalyzer
1291
1291
  #
1292
1292
  # resp = client.list_archive_rules({
1293
1293
  # analyzer_name: "Name", # required
1294
- # max_results: 1,
1295
1294
  # next_token: "Token",
1295
+ # max_results: 1,
1296
1296
  # })
1297
1297
  #
1298
1298
  # @example Response structure
1299
1299
  #
1300
1300
  # resp.archive_rules #=> Array
1301
- # resp.archive_rules[0].created_at #=> Time
1301
+ # resp.archive_rules[0].rule_name #=> String
1302
1302
  # resp.archive_rules[0].filter #=> Hash
1303
- # resp.archive_rules[0].filter["String"].contains #=> Array
1304
- # resp.archive_rules[0].filter["String"].contains[0] #=> String
1305
1303
  # resp.archive_rules[0].filter["String"].eq #=> Array
1306
1304
  # resp.archive_rules[0].filter["String"].eq[0] #=> String
1307
- # resp.archive_rules[0].filter["String"].exists #=> Boolean
1308
1305
  # resp.archive_rules[0].filter["String"].neq #=> Array
1309
1306
  # resp.archive_rules[0].filter["String"].neq[0] #=> String
1310
- # resp.archive_rules[0].rule_name #=> String
1307
+ # resp.archive_rules[0].filter["String"].contains #=> Array
1308
+ # resp.archive_rules[0].filter["String"].contains[0] #=> String
1309
+ # resp.archive_rules[0].filter["String"].exists #=> Boolean
1310
+ # resp.archive_rules[0].created_at #=> Time
1311
1311
  # resp.archive_rules[0].updated_at #=> Time
1312
1312
  # resp.next_token #=> String
1313
1313
  #
@@ -1340,14 +1340,14 @@ module Aws::AccessAnalyzer
1340
1340
  # @option params [Hash<String,Types::Criterion>] :filter
1341
1341
  # A filter to match for the findings to return.
1342
1342
  #
1343
- # @option params [Integer] :max_results
1344
- # The maximum number of results to return in the response.
1343
+ # @option params [Types::SortCriteria] :sort
1344
+ # The sort order for the findings returned.
1345
1345
  #
1346
1346
  # @option params [String] :next_token
1347
1347
  # A token used for pagination of results returned.
1348
1348
  #
1349
- # @option params [Types::SortCriteria] :sort
1350
- # The sort order for the findings returned.
1349
+ # @option params [Integer] :max_results
1350
+ # The maximum number of results to return in the response.
1351
1351
  #
1352
1352
  # @return [Types::ListFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1353
1353
  #
@@ -1362,42 +1362,42 @@ module Aws::AccessAnalyzer
1362
1362
  # analyzer_arn: "AnalyzerArn", # required
1363
1363
  # filter: {
1364
1364
  # "String" => {
1365
- # contains: ["String"],
1366
1365
  # eq: ["String"],
1367
- # exists: false,
1368
1366
  # neq: ["String"],
1367
+ # contains: ["String"],
1368
+ # exists: false,
1369
1369
  # },
1370
1370
  # },
1371
- # max_results: 1,
1372
- # next_token: "Token",
1373
1371
  # sort: {
1374
1372
  # attribute_name: "String",
1375
1373
  # order_by: "ASC", # accepts ASC, DESC
1376
1374
  # },
1375
+ # next_token: "Token",
1376
+ # max_results: 1,
1377
1377
  # })
1378
1378
  #
1379
1379
  # @example Response structure
1380
1380
  #
1381
1381
  # resp.findings #=> Array
1382
+ # resp.findings[0].id #=> String
1383
+ # resp.findings[0].principal #=> Hash
1384
+ # resp.findings[0].principal["String"] #=> String
1382
1385
  # resp.findings[0].action #=> Array
1383
1386
  # resp.findings[0].action[0] #=> String
1384
- # resp.findings[0].analyzed_at #=> Time
1387
+ # resp.findings[0].resource #=> String
1388
+ # resp.findings[0].is_public #=> Boolean
1389
+ # resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
1385
1390
  # resp.findings[0].condition #=> Hash
1386
1391
  # resp.findings[0].condition["String"] #=> String
1387
1392
  # resp.findings[0].created_at #=> Time
1388
- # resp.findings[0].error #=> String
1389
- # resp.findings[0].id #=> String
1390
- # resp.findings[0].is_public #=> Boolean
1391
- # resp.findings[0].principal #=> Hash
1392
- # resp.findings[0].principal["String"] #=> String
1393
- # resp.findings[0].resource #=> String
1393
+ # resp.findings[0].analyzed_at #=> Time
1394
+ # resp.findings[0].updated_at #=> Time
1395
+ # resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
1394
1396
  # resp.findings[0].resource_owner_account #=> String
1395
- # resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
1397
+ # resp.findings[0].error #=> String
1396
1398
  # resp.findings[0].sources #=> Array
1397
- # resp.findings[0].sources[0].detail.access_point_arn #=> String
1398
1399
  # resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
1399
- # resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
1400
- # resp.findings[0].updated_at #=> Time
1400
+ # resp.findings[0].sources[0].detail.access_point_arn #=> String
1401
1401
  # resp.next_token #=> String
1402
1402
  #
1403
1403
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindings AWS API Documentation
@@ -1411,41 +1411,41 @@ module Aws::AccessAnalyzer
1411
1411
 
1412
1412
  # Lists all of the policy generations requested in the last seven days.
1413
1413
  #
1414
+ # @option params [String] :principal_arn
1415
+ # The ARN of the IAM entity (user or role) for which you are generating
1416
+ # a policy. Use this with `ListGeneratedPolicies` to filter the results
1417
+ # to only include results for a specific principal.
1418
+ #
1414
1419
  # @option params [Integer] :max_results
1415
1420
  # The maximum number of results to return in the response.
1416
1421
  #
1417
1422
  # @option params [String] :next_token
1418
1423
  # A token used for pagination of results returned.
1419
1424
  #
1420
- # @option params [String] :principal_arn
1421
- # The ARN of the IAM entity (user or role) for which you are generating
1422
- # a policy. Use this with `ListGeneratedPolicies` to filter the results
1423
- # to only include results for a specific principal.
1424
- #
1425
1425
  # @return [Types::ListPolicyGenerationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1426
1426
  #
1427
- # * {Types::ListPolicyGenerationsResponse#next_token #next_token} => String
1428
1427
  # * {Types::ListPolicyGenerationsResponse#policy_generations #policy_generations} => Array&lt;Types::PolicyGeneration&gt;
1428
+ # * {Types::ListPolicyGenerationsResponse#next_token #next_token} => String
1429
1429
  #
1430
1430
  # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1431
1431
  #
1432
1432
  # @example Request syntax with placeholder values
1433
1433
  #
1434
1434
  # resp = client.list_policy_generations({
1435
+ # principal_arn: "PrincipalArn",
1435
1436
  # max_results: 1,
1436
1437
  # next_token: "Token",
1437
- # principal_arn: "PrincipalArn",
1438
1438
  # })
1439
1439
  #
1440
1440
  # @example Response structure
1441
1441
  #
1442
- # resp.next_token #=> String
1443
1442
  # resp.policy_generations #=> Array
1444
- # resp.policy_generations[0].completed_on #=> Time
1445
1443
  # resp.policy_generations[0].job_id #=> String
1446
1444
  # resp.policy_generations[0].principal_arn #=> String
1447
- # resp.policy_generations[0].started_on #=> Time
1448
1445
  # resp.policy_generations[0].status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
1446
+ # resp.policy_generations[0].started_on #=> Time
1447
+ # resp.policy_generations[0].completed_on #=> Time
1448
+ # resp.next_token #=> String
1449
1449
  #
1450
1450
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerations AWS API Documentation
1451
1451
  #
@@ -1487,6 +1487,14 @@ module Aws::AccessAnalyzer
1487
1487
 
1488
1488
  # Starts the policy generation request.
1489
1489
  #
1490
+ # @option params [required, Types::PolicyGenerationDetails] :policy_generation_details
1491
+ # Contains the ARN of the IAM entity (user or role) for which you are
1492
+ # generating a policy.
1493
+ #
1494
+ # @option params [Types::CloudTrailDetails] :cloud_trail_details
1495
+ # A `CloudTrailDetails` object that contains details about a `Trail`
1496
+ # that you want to analyze to generate policies.
1497
+ #
1490
1498
  # @option params [String] :client_token
1491
1499
  # A unique, case-sensitive identifier that you provide to ensure the
1492
1500
  # idempotency of the request. Idempotency ensures that an API request
@@ -1501,14 +1509,6 @@ module Aws::AccessAnalyzer
1501
1509
  # **A suitable default value is auto-generated.** You should normally
1502
1510
  # not need to pass this option.**
1503
1511
  #
1504
- # @option params [Types::CloudTrailDetails] :cloud_trail_details
1505
- # A `CloudTrailDetails` object that contains details about a `Trail`
1506
- # that you want to analyze to generate policies.
1507
- #
1508
- # @option params [required, Types::PolicyGenerationDetails] :policy_generation_details
1509
- # Contains the ARN of the IAM entity (user or role) for which you are
1510
- # generating a policy.
1511
- #
1512
1512
  # @return [Types::StartPolicyGenerationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1513
1513
  #
1514
1514
  # * {Types::StartPolicyGenerationResponse#job_id #job_id} => String
@@ -1516,22 +1516,22 @@ module Aws::AccessAnalyzer
1516
1516
  # @example Request syntax with placeholder values
1517
1517
  #
1518
1518
  # resp = client.start_policy_generation({
1519
- # client_token: "String",
1519
+ # policy_generation_details: { # required
1520
+ # principal_arn: "PrincipalArn", # required
1521
+ # },
1520
1522
  # cloud_trail_details: {
1521
- # access_role: "RoleArn", # required
1522
- # end_time: Time.now,
1523
- # start_time: Time.now, # required
1524
1523
  # trails: [ # required
1525
1524
  # {
1526
- # all_regions: false,
1527
1525
  # cloud_trail_arn: "CloudTrailArn", # required
1528
1526
  # regions: ["String"],
1527
+ # all_regions: false,
1529
1528
  # },
1530
1529
  # ],
1530
+ # access_role: "RoleArn", # required
1531
+ # start_time: Time.now, # required
1532
+ # end_time: Time.now,
1531
1533
  # },
1532
- # policy_generation_details: { # required
1533
- # principal_arn: "PrincipalArn", # required
1534
- # },
1534
+ # client_token: "String",
1535
1535
  # })
1536
1536
  #
1537
1537
  # @example Response structure
@@ -1638,18 +1638,18 @@ module Aws::AccessAnalyzer
1638
1638
  # @option params [required, String] :analyzer_name
1639
1639
  # The name of the analyzer to update the archive rules for.
1640
1640
  #
1641
- # @option params [String] :client_token
1642
- # A client token.
1643
- #
1644
- # **A suitable default value is auto-generated.** You should normally
1645
- # not need to pass this option.**
1641
+ # @option params [required, String] :rule_name
1642
+ # The name of the rule to update.
1646
1643
  #
1647
1644
  # @option params [required, Hash<String,Types::Criterion>] :filter
1648
1645
  # A filter to match for the rules to update. Only rules that match the
1649
1646
  # filter are updated.
1650
1647
  #
1651
- # @option params [required, String] :rule_name
1652
- # The name of the rule to update.
1648
+ # @option params [String] :client_token
1649
+ # A client token.
1650
+ #
1651
+ # **A suitable default value is auto-generated.** You should normally
1652
+ # not need to pass this option.**
1653
1653
  #
1654
1654
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1655
1655
  #
@@ -1657,16 +1657,16 @@ module Aws::AccessAnalyzer
1657
1657
  #
1658
1658
  # resp = client.update_archive_rule({
1659
1659
  # analyzer_name: "Name", # required
1660
- # client_token: "String",
1660
+ # rule_name: "Name", # required
1661
1661
  # filter: { # required
1662
1662
  # "String" => {
1663
- # contains: ["String"],
1664
1663
  # eq: ["String"],
1665
- # exists: false,
1666
1664
  # neq: ["String"],
1665
+ # contains: ["String"],
1666
+ # exists: false,
1667
1667
  # },
1668
1668
  # },
1669
- # rule_name: "Name", # required
1669
+ # client_token: "String",
1670
1670
  # })
1671
1671
  #
1672
1672
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateArchiveRule AWS API Documentation
@@ -1687,11 +1687,10 @@ module Aws::AccessAnalyzer
1687
1687
  #
1688
1688
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
1689
1689
  #
1690
- # @option params [String] :client_token
1691
- # A client token.
1692
- #
1693
- # **A suitable default value is auto-generated.** You should normally
1694
- # not need to pass this option.**
1690
+ # @option params [required, String] :status
1691
+ # The state represents the action to take to update the finding Status.
1692
+ # Use `ARCHIVE` to change an Active finding to an Archived finding. Use
1693
+ # `ACTIVE` to change an Archived finding to an Active finding.
1695
1694
  #
1696
1695
  # @option params [Array<String>] :ids
1697
1696
  # The IDs of the findings to update.
@@ -1699,10 +1698,11 @@ module Aws::AccessAnalyzer
1699
1698
  # @option params [String] :resource_arn
1700
1699
  # The ARN of the resource identified in the finding.
1701
1700
  #
1702
- # @option params [required, String] :status
1703
- # The state represents the action to take to update the finding Status.
1704
- # Use `ARCHIVE` to change an Active finding to an Archived finding. Use
1705
- # `ACTIVE` to change an Archived finding to an Active finding.
1701
+ # @option params [String] :client_token
1702
+ # A client token.
1703
+ #
1704
+ # **A suitable default value is auto-generated.** You should normally
1705
+ # not need to pass this option.**
1706
1706
  #
1707
1707
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1708
1708
  #
@@ -1710,10 +1710,10 @@ module Aws::AccessAnalyzer
1710
1710
  #
1711
1711
  # resp = client.update_findings({
1712
1712
  # analyzer_arn: "AnalyzerArn", # required
1713
- # client_token: "String",
1713
+ # status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
1714
1714
  # ids: ["FindingId"],
1715
1715
  # resource_arn: "ResourceArn",
1716
- # status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
1716
+ # client_token: "String",
1717
1717
  # })
1718
1718
  #
1719
1719
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateFindings AWS API Documentation
@@ -1783,7 +1783,7 @@ module Aws::AccessAnalyzer
1783
1783
  # next_token: "Token",
1784
1784
  # policy_document: "PolicyDocument", # required
1785
1785
  # policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
1786
- # validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
1786
+ # validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
1787
1787
  # })
1788
1788
  #
1789
1789
  # @example Response structure
@@ -1797,15 +1797,15 @@ module Aws::AccessAnalyzer
1797
1797
  # resp.findings[0].locations[0].path #=> Array
1798
1798
  # resp.findings[0].locations[0].path[0].index #=> Integer
1799
1799
  # resp.findings[0].locations[0].path[0].key #=> String
1800
- # resp.findings[0].locations[0].path[0].substring.length #=> Integer
1801
1800
  # resp.findings[0].locations[0].path[0].substring.start #=> Integer
1801
+ # resp.findings[0].locations[0].path[0].substring.length #=> Integer
1802
1802
  # resp.findings[0].locations[0].path[0].value #=> String
1803
- # resp.findings[0].locations[0].span.end.column #=> Integer
1804
- # resp.findings[0].locations[0].span.end.line #=> Integer
1805
- # resp.findings[0].locations[0].span.end.offset #=> Integer
1806
- # resp.findings[0].locations[0].span.start.column #=> Integer
1807
1803
  # resp.findings[0].locations[0].span.start.line #=> Integer
1804
+ # resp.findings[0].locations[0].span.start.column #=> Integer
1808
1805
  # resp.findings[0].locations[0].span.start.offset #=> Integer
1806
+ # resp.findings[0].locations[0].span.end.line #=> Integer
1807
+ # resp.findings[0].locations[0].span.end.column #=> Integer
1808
+ # resp.findings[0].locations[0].span.end.offset #=> Integer
1809
1809
  # resp.next_token #=> String
1810
1810
  #
1811
1811
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicy AWS API Documentation
@@ -1830,7 +1830,7 @@ module Aws::AccessAnalyzer
1830
1830
  params: params,
1831
1831
  config: config)
1832
1832
  context[:gem_name] = 'aws-sdk-accessanalyzer'
1833
- context[:gem_version] = '1.29.0'
1833
+ context[:gem_version] = '1.30.0'
1834
1834
  Seahorse::Client::Request.new(handlers, context)
1835
1835
  end
1836
1836