aws-sdk-accessanalyzer 1.29.0 → 1.30.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +252 -252
- data/lib/aws-sdk-accessanalyzer/client_api.rb +100 -100
- data/lib/aws-sdk-accessanalyzer/errors.rb +5 -5
- data/lib/aws-sdk-accessanalyzer/types.rb +666 -666
- data/lib/aws-sdk-accessanalyzer.rb +1 -1
- metadata +2 -2
@@ -25,6 +25,10 @@ module Aws::AccessAnalyzer
|
|
25
25
|
|
26
26
|
# Contains information about an access preview.
|
27
27
|
#
|
28
|
+
# @!attribute [rw] id
|
29
|
+
# The unique ID for the access preview.
|
30
|
+
# @return [String]
|
31
|
+
#
|
28
32
|
# @!attribute [rw] analyzer_arn
|
29
33
|
# The ARN of the analyzer used to generate the access preview.
|
30
34
|
# @return [String]
|
@@ -37,10 +41,6 @@ module Aws::AccessAnalyzer
|
|
37
41
|
# The time at which the access preview was created.
|
38
42
|
# @return [Time]
|
39
43
|
#
|
40
|
-
# @!attribute [rw] id
|
41
|
-
# The unique ID for the access preview.
|
42
|
-
# @return [String]
|
43
|
-
#
|
44
44
|
# @!attribute [rw] status
|
45
45
|
# The status of the access preview.
|
46
46
|
#
|
@@ -64,10 +64,10 @@ module Aws::AccessAnalyzer
|
|
64
64
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreview AWS API Documentation
|
65
65
|
#
|
66
66
|
class AccessPreview < Struct.new(
|
67
|
+
:id,
|
67
68
|
:analyzer_arn,
|
68
69
|
:configurations,
|
69
70
|
:created_at,
|
70
|
-
:id,
|
71
71
|
:status,
|
72
72
|
:status_reason)
|
73
73
|
SENSITIVE = []
|
@@ -76,11 +76,55 @@ module Aws::AccessAnalyzer
|
|
76
76
|
|
77
77
|
# An access preview finding generated by the access preview.
|
78
78
|
#
|
79
|
+
# @!attribute [rw] id
|
80
|
+
# The ID of the access preview finding. This ID uniquely identifies
|
81
|
+
# the element in the list of access preview findings and is not
|
82
|
+
# related to the finding ID in Access Analyzer.
|
83
|
+
# @return [String]
|
84
|
+
#
|
85
|
+
# @!attribute [rw] existing_finding_id
|
86
|
+
# The existing ID of the finding in IAM Access Analyzer, provided only
|
87
|
+
# for existing findings.
|
88
|
+
# @return [String]
|
89
|
+
#
|
90
|
+
# @!attribute [rw] existing_finding_status
|
91
|
+
# The existing status of the finding, provided only for existing
|
92
|
+
# findings.
|
93
|
+
# @return [String]
|
94
|
+
#
|
95
|
+
# @!attribute [rw] principal
|
96
|
+
# The external principal that has access to a resource within the zone
|
97
|
+
# of trust.
|
98
|
+
# @return [Hash<String,String>]
|
99
|
+
#
|
79
100
|
# @!attribute [rw] action
|
80
101
|
# The action in the analyzed policy statement that an external
|
81
102
|
# principal has permission to perform.
|
82
103
|
# @return [Array<String>]
|
83
104
|
#
|
105
|
+
# @!attribute [rw] condition
|
106
|
+
# The condition in the analyzed policy statement that resulted in a
|
107
|
+
# finding.
|
108
|
+
# @return [Hash<String,String>]
|
109
|
+
#
|
110
|
+
# @!attribute [rw] resource
|
111
|
+
# The resource that an external principal has access to. This is the
|
112
|
+
# resource associated with the access preview.
|
113
|
+
# @return [String]
|
114
|
+
#
|
115
|
+
# @!attribute [rw] is_public
|
116
|
+
# Indicates whether the policy that generated the finding allows
|
117
|
+
# public access to the resource.
|
118
|
+
# @return [Boolean]
|
119
|
+
#
|
120
|
+
# @!attribute [rw] resource_type
|
121
|
+
# The type of the resource that can be accessed in the finding.
|
122
|
+
# @return [String]
|
123
|
+
#
|
124
|
+
# @!attribute [rw] created_at
|
125
|
+
# The time at which the access preview finding was created.
|
126
|
+
# @return [Time]
|
127
|
+
#
|
84
128
|
# @!attribute [rw] change_type
|
85
129
|
# Provides context on how the access preview finding compares to
|
86
130
|
# existing access identified in IAM Access Analyzer.
|
@@ -99,48 +143,12 @@ module Aws::AccessAnalyzer
|
|
99
143
|
# change.
|
100
144
|
# @return [String]
|
101
145
|
#
|
102
|
-
# @!attribute [rw]
|
103
|
-
# The
|
104
|
-
# finding.
|
105
|
-
#
|
106
|
-
#
|
107
|
-
#
|
108
|
-
# The time at which the access preview finding was created.
|
109
|
-
# @return [Time]
|
110
|
-
#
|
111
|
-
# @!attribute [rw] error
|
112
|
-
# An error.
|
113
|
-
# @return [String]
|
114
|
-
#
|
115
|
-
# @!attribute [rw] existing_finding_id
|
116
|
-
# The existing ID of the finding in IAM Access Analyzer, provided only
|
117
|
-
# for existing findings.
|
118
|
-
# @return [String]
|
119
|
-
#
|
120
|
-
# @!attribute [rw] existing_finding_status
|
121
|
-
# The existing status of the finding, provided only for existing
|
122
|
-
# findings.
|
123
|
-
# @return [String]
|
124
|
-
#
|
125
|
-
# @!attribute [rw] id
|
126
|
-
# The ID of the access preview finding. This ID uniquely identifies
|
127
|
-
# the element in the list of access preview findings and is not
|
128
|
-
# related to the finding ID in Access Analyzer.
|
129
|
-
# @return [String]
|
130
|
-
#
|
131
|
-
# @!attribute [rw] is_public
|
132
|
-
# Indicates whether the policy that generated the finding allows
|
133
|
-
# public access to the resource.
|
134
|
-
# @return [Boolean]
|
135
|
-
#
|
136
|
-
# @!attribute [rw] principal
|
137
|
-
# The external principal that has access to a resource within the zone
|
138
|
-
# of trust.
|
139
|
-
# @return [Hash<String,String>]
|
140
|
-
#
|
141
|
-
# @!attribute [rw] resource
|
142
|
-
# The resource that an external principal has access to. This is the
|
143
|
-
# resource associated with the access preview.
|
146
|
+
# @!attribute [rw] status
|
147
|
+
# The preview status of the finding. This is what the status of the
|
148
|
+
# finding would be after permissions deployment. For example, a
|
149
|
+
# `Changed` finding with preview status `Resolved` and existing status
|
150
|
+
# `Active` indicates the existing `Active` finding would become
|
151
|
+
# `Resolved` as a result of the proposed permissions change.
|
144
152
|
# @return [String]
|
145
153
|
#
|
146
154
|
# @!attribute [rw] resource_owner_account
|
@@ -149,8 +157,8 @@ module Aws::AccessAnalyzer
|
|
149
157
|
# which the resource was created.
|
150
158
|
# @return [String]
|
151
159
|
#
|
152
|
-
# @!attribute [rw]
|
153
|
-
#
|
160
|
+
# @!attribute [rw] error
|
161
|
+
# An error.
|
154
162
|
# @return [String]
|
155
163
|
#
|
156
164
|
# @!attribute [rw] sources
|
@@ -159,32 +167,24 @@ module Aws::AccessAnalyzer
|
|
159
167
|
# bucket findings.
|
160
168
|
# @return [Array<Types::FindingSource>]
|
161
169
|
#
|
162
|
-
# @!attribute [rw] status
|
163
|
-
# The preview status of the finding. This is what the status of the
|
164
|
-
# finding would be after permissions deployment. For example, a
|
165
|
-
# `Changed` finding with preview status `Resolved` and existing status
|
166
|
-
# `Active` indicates the existing `Active` finding would become
|
167
|
-
# `Resolved` as a result of the proposed permissions change.
|
168
|
-
# @return [String]
|
169
|
-
#
|
170
170
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreviewFinding AWS API Documentation
|
171
171
|
#
|
172
172
|
class AccessPreviewFinding < Struct.new(
|
173
|
-
:
|
174
|
-
:change_type,
|
175
|
-
:condition,
|
176
|
-
:created_at,
|
177
|
-
:error,
|
173
|
+
:id,
|
178
174
|
:existing_finding_id,
|
179
175
|
:existing_finding_status,
|
180
|
-
:id,
|
181
|
-
:is_public,
|
182
176
|
:principal,
|
177
|
+
:action,
|
178
|
+
:condition,
|
183
179
|
:resource,
|
184
|
-
:
|
180
|
+
:is_public,
|
185
181
|
:resource_type,
|
186
|
-
:
|
187
|
-
:
|
182
|
+
:created_at,
|
183
|
+
:change_type,
|
184
|
+
:status,
|
185
|
+
:resource_owner_account,
|
186
|
+
:error,
|
187
|
+
:sources)
|
188
188
|
SENSITIVE = []
|
189
189
|
include Aws::Structure
|
190
190
|
end
|
@@ -208,6 +208,10 @@ module Aws::AccessAnalyzer
|
|
208
208
|
|
209
209
|
# Contains a summary of information about an access preview.
|
210
210
|
#
|
211
|
+
# @!attribute [rw] id
|
212
|
+
# The unique ID for the access preview.
|
213
|
+
# @return [String]
|
214
|
+
#
|
211
215
|
# @!attribute [rw] analyzer_arn
|
212
216
|
# The ARN of the analyzer used to generate the access preview.
|
213
217
|
# @return [String]
|
@@ -216,10 +220,6 @@ module Aws::AccessAnalyzer
|
|
216
220
|
# The time at which the access preview was created.
|
217
221
|
# @return [Time]
|
218
222
|
#
|
219
|
-
# @!attribute [rw] id
|
220
|
-
# The unique ID for the access preview.
|
221
|
-
# @return [String]
|
222
|
-
#
|
223
223
|
# @!attribute [rw] status
|
224
224
|
# The status of the access preview.
|
225
225
|
#
|
@@ -242,9 +242,9 @@ module Aws::AccessAnalyzer
|
|
242
242
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreviewSummary AWS API Documentation
|
243
243
|
#
|
244
244
|
class AccessPreviewSummary < Struct.new(
|
245
|
+
:id,
|
245
246
|
:analyzer_arn,
|
246
247
|
:created_at,
|
247
|
-
:id,
|
248
248
|
:status,
|
249
249
|
:status_reason)
|
250
250
|
SENSITIVE = []
|
@@ -289,39 +289,35 @@ module Aws::AccessAnalyzer
|
|
289
289
|
|
290
290
|
# Contains details about the analyzed resource.
|
291
291
|
#
|
292
|
-
# @!attribute [rw]
|
293
|
-
# The
|
294
|
-
#
|
295
|
-
# @return [Array<String>]
|
292
|
+
# @!attribute [rw] resource_arn
|
293
|
+
# The ARN of the resource that was analyzed.
|
294
|
+
# @return [String]
|
296
295
|
#
|
297
|
-
# @!attribute [rw]
|
298
|
-
# The
|
299
|
-
# @return [
|
296
|
+
# @!attribute [rw] resource_type
|
297
|
+
# The type of the resource that was analyzed.
|
298
|
+
# @return [String]
|
300
299
|
#
|
301
300
|
# @!attribute [rw] created_at
|
302
301
|
# The time at which the finding was created.
|
303
302
|
# @return [Time]
|
304
303
|
#
|
305
|
-
# @!attribute [rw]
|
306
|
-
#
|
307
|
-
# @return [
|
304
|
+
# @!attribute [rw] analyzed_at
|
305
|
+
# The time at which the resource was analyzed.
|
306
|
+
# @return [Time]
|
307
|
+
#
|
308
|
+
# @!attribute [rw] updated_at
|
309
|
+
# The time at which the finding was updated.
|
310
|
+
# @return [Time]
|
308
311
|
#
|
309
312
|
# @!attribute [rw] is_public
|
310
313
|
# Indicates whether the policy that generated the finding grants
|
311
314
|
# public access to the resource.
|
312
315
|
# @return [Boolean]
|
313
316
|
#
|
314
|
-
# @!attribute [rw]
|
315
|
-
# The
|
316
|
-
#
|
317
|
-
#
|
318
|
-
# @!attribute [rw] resource_owner_account
|
319
|
-
# The Amazon Web Services account ID that owns the resource.
|
320
|
-
# @return [String]
|
321
|
-
#
|
322
|
-
# @!attribute [rw] resource_type
|
323
|
-
# The type of the resource that was analyzed.
|
324
|
-
# @return [String]
|
317
|
+
# @!attribute [rw] actions
|
318
|
+
# The actions that an external principal is granted permission to use
|
319
|
+
# by the policy that generated the finding.
|
320
|
+
# @return [Array<String>]
|
325
321
|
#
|
326
322
|
# @!attribute [rw] shared_via
|
327
323
|
# Indicates how the access that generated the finding is granted. This
|
@@ -333,24 +329,28 @@ module Aws::AccessAnalyzer
|
|
333
329
|
# resource.
|
334
330
|
# @return [String]
|
335
331
|
#
|
336
|
-
# @!attribute [rw]
|
337
|
-
# The
|
338
|
-
# @return [
|
332
|
+
# @!attribute [rw] resource_owner_account
|
333
|
+
# The Amazon Web Services account ID that owns the resource.
|
334
|
+
# @return [String]
|
335
|
+
#
|
336
|
+
# @!attribute [rw] error
|
337
|
+
# An error message.
|
338
|
+
# @return [String]
|
339
339
|
#
|
340
340
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalyzedResource AWS API Documentation
|
341
341
|
#
|
342
342
|
class AnalyzedResource < Struct.new(
|
343
|
-
:actions,
|
344
|
-
:analyzed_at,
|
345
|
-
:created_at,
|
346
|
-
:error,
|
347
|
-
:is_public,
|
348
343
|
:resource_arn,
|
349
|
-
:resource_owner_account,
|
350
344
|
:resource_type,
|
345
|
+
:created_at,
|
346
|
+
:analyzed_at,
|
347
|
+
:updated_at,
|
348
|
+
:is_public,
|
349
|
+
:actions,
|
351
350
|
:shared_via,
|
352
351
|
:status,
|
353
|
-
:
|
352
|
+
:resource_owner_account,
|
353
|
+
:error)
|
354
354
|
SENSITIVE = []
|
355
355
|
include Aws::Structure
|
356
356
|
end
|
@@ -385,6 +385,15 @@ module Aws::AccessAnalyzer
|
|
385
385
|
# The ARN of the analyzer.
|
386
386
|
# @return [String]
|
387
387
|
#
|
388
|
+
# @!attribute [rw] name
|
389
|
+
# The name of the analyzer.
|
390
|
+
# @return [String]
|
391
|
+
#
|
392
|
+
# @!attribute [rw] type
|
393
|
+
# The type of analyzer, which corresponds to the zone of trust chosen
|
394
|
+
# for the analyzer.
|
395
|
+
# @return [String]
|
396
|
+
#
|
388
397
|
# @!attribute [rw] created_at
|
389
398
|
# A timestamp for the time at which the analyzer was created.
|
390
399
|
# @return [Time]
|
@@ -397,9 +406,9 @@ module Aws::AccessAnalyzer
|
|
397
406
|
# The time at which the most recently analyzed resource was analyzed.
|
398
407
|
# @return [Time]
|
399
408
|
#
|
400
|
-
# @!attribute [rw]
|
401
|
-
# The
|
402
|
-
# @return [String]
|
409
|
+
# @!attribute [rw] tags
|
410
|
+
# The tags added to the analyzer.
|
411
|
+
# @return [Hash<String,String>]
|
403
412
|
#
|
404
413
|
# @!attribute [rw] status
|
405
414
|
# The status of the analyzer. An `Active` analyzer successfully
|
@@ -420,27 +429,18 @@ module Aws::AccessAnalyzer
|
|
420
429
|
# Web Services organization.
|
421
430
|
# @return [Types::StatusReason]
|
422
431
|
#
|
423
|
-
# @!attribute [rw] tags
|
424
|
-
# The tags added to the analyzer.
|
425
|
-
# @return [Hash<String,String>]
|
426
|
-
#
|
427
|
-
# @!attribute [rw] type
|
428
|
-
# The type of analyzer, which corresponds to the zone of trust chosen
|
429
|
-
# for the analyzer.
|
430
|
-
# @return [String]
|
431
|
-
#
|
432
432
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalyzerSummary AWS API Documentation
|
433
433
|
#
|
434
434
|
class AnalyzerSummary < Struct.new(
|
435
435
|
:arn,
|
436
|
+
:name,
|
437
|
+
:type,
|
436
438
|
:created_at,
|
437
439
|
:last_resource_analyzed,
|
438
440
|
:last_resource_analyzed_at,
|
439
|
-
:name,
|
440
|
-
:status,
|
441
|
-
:status_reason,
|
442
441
|
:tags,
|
443
|
-
:
|
442
|
+
:status,
|
443
|
+
:status_reason)
|
444
444
|
SENSITIVE = []
|
445
445
|
include Aws::Structure
|
446
446
|
end
|
@@ -452,14 +452,18 @@ module Aws::AccessAnalyzer
|
|
452
452
|
#
|
453
453
|
# {
|
454
454
|
# analyzer_arn: "AnalyzerArn", # required
|
455
|
-
# client_token: "String",
|
456
455
|
# rule_name: "Name", # required
|
456
|
+
# client_token: "String",
|
457
457
|
# }
|
458
458
|
#
|
459
459
|
# @!attribute [rw] analyzer_arn
|
460
460
|
# The Amazon resource name (ARN) of the analyzer.
|
461
461
|
# @return [String]
|
462
462
|
#
|
463
|
+
# @!attribute [rw] rule_name
|
464
|
+
# The name of the rule to apply.
|
465
|
+
# @return [String]
|
466
|
+
#
|
463
467
|
# @!attribute [rw] client_token
|
464
468
|
# A client token.
|
465
469
|
#
|
@@ -467,33 +471,29 @@ module Aws::AccessAnalyzer
|
|
467
471
|
# not need to pass this option.
|
468
472
|
# @return [String]
|
469
473
|
#
|
470
|
-
# @!attribute [rw] rule_name
|
471
|
-
# The name of the rule to apply.
|
472
|
-
# @return [String]
|
473
|
-
#
|
474
474
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ApplyArchiveRuleRequest AWS API Documentation
|
475
475
|
#
|
476
476
|
class ApplyArchiveRuleRequest < Struct.new(
|
477
477
|
:analyzer_arn,
|
478
|
-
:
|
479
|
-
:
|
478
|
+
:rule_name,
|
479
|
+
:client_token)
|
480
480
|
SENSITIVE = []
|
481
481
|
include Aws::Structure
|
482
482
|
end
|
483
483
|
|
484
484
|
# Contains information about an archive rule.
|
485
485
|
#
|
486
|
-
# @!attribute [rw]
|
487
|
-
# The
|
488
|
-
# @return [
|
486
|
+
# @!attribute [rw] rule_name
|
487
|
+
# The name of the archive rule.
|
488
|
+
# @return [String]
|
489
489
|
#
|
490
490
|
# @!attribute [rw] filter
|
491
491
|
# A filter used to define the archive rule.
|
492
492
|
# @return [Hash<String,Types::Criterion>]
|
493
493
|
#
|
494
|
-
# @!attribute [rw]
|
495
|
-
# The
|
496
|
-
# @return [
|
494
|
+
# @!attribute [rw] created_at
|
495
|
+
# The time at which the archive rule was created.
|
496
|
+
# @return [Time]
|
497
497
|
#
|
498
498
|
# @!attribute [rw] updated_at
|
499
499
|
# The time at which the archive rule was last updated.
|
@@ -502,9 +502,9 @@ module Aws::AccessAnalyzer
|
|
502
502
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ArchiveRuleSummary AWS API Documentation
|
503
503
|
#
|
504
504
|
class ArchiveRuleSummary < Struct.new(
|
505
|
-
:created_at,
|
506
|
-
:filter,
|
507
505
|
:rule_name,
|
506
|
+
:filter,
|
507
|
+
:created_at,
|
508
508
|
:updated_at)
|
509
509
|
SENSITIVE = []
|
510
510
|
include Aws::Structure
|
@@ -542,59 +542,57 @@ module Aws::AccessAnalyzer
|
|
542
542
|
# data as a hash:
|
543
543
|
#
|
544
544
|
# {
|
545
|
-
# access_role: "RoleArn", # required
|
546
|
-
# end_time: Time.now,
|
547
|
-
# start_time: Time.now, # required
|
548
545
|
# trails: [ # required
|
549
546
|
# {
|
550
|
-
# all_regions: false,
|
551
547
|
# cloud_trail_arn: "CloudTrailArn", # required
|
552
548
|
# regions: ["String"],
|
549
|
+
# all_regions: false,
|
553
550
|
# },
|
554
551
|
# ],
|
552
|
+
# access_role: "RoleArn", # required
|
553
|
+
# start_time: Time.now, # required
|
554
|
+
# end_time: Time.now,
|
555
555
|
# }
|
556
556
|
#
|
557
|
+
# @!attribute [rw] trails
|
558
|
+
# A `Trail` object that contains settings for a trail.
|
559
|
+
# @return [Array<Types::Trail>]
|
560
|
+
#
|
557
561
|
# @!attribute [rw] access_role
|
558
562
|
# The ARN of the service role that IAM Access Analyzer uses to access
|
559
563
|
# your CloudTrail trail and service last accessed information.
|
560
564
|
# @return [String]
|
561
565
|
#
|
562
|
-
# @!attribute [rw] end_time
|
563
|
-
# The end of the time range for which IAM Access Analyzer reviews your
|
564
|
-
# CloudTrail events. Events with a timestamp after this time are not
|
565
|
-
# considered to generate a policy. If this is not included in the
|
566
|
-
# request, the default value is the current time.
|
567
|
-
# @return [Time]
|
568
|
-
#
|
569
566
|
# @!attribute [rw] start_time
|
570
567
|
# The start of the time range for which IAM Access Analyzer reviews
|
571
568
|
# your CloudTrail events. Events with a timestamp before this time are
|
572
569
|
# not considered to generate a policy.
|
573
570
|
# @return [Time]
|
574
571
|
#
|
575
|
-
# @!attribute [rw]
|
576
|
-
#
|
577
|
-
#
|
572
|
+
# @!attribute [rw] end_time
|
573
|
+
# The end of the time range for which IAM Access Analyzer reviews your
|
574
|
+
# CloudTrail events. Events with a timestamp after this time are not
|
575
|
+
# considered to generate a policy. If this is not included in the
|
576
|
+
# request, the default value is the current time.
|
577
|
+
# @return [Time]
|
578
578
|
#
|
579
579
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CloudTrailDetails AWS API Documentation
|
580
580
|
#
|
581
581
|
class CloudTrailDetails < Struct.new(
|
582
|
+
:trails,
|
582
583
|
:access_role,
|
583
|
-
:end_time,
|
584
584
|
:start_time,
|
585
|
-
:
|
585
|
+
:end_time)
|
586
586
|
SENSITIVE = []
|
587
587
|
include Aws::Structure
|
588
588
|
end
|
589
589
|
|
590
590
|
# Contains information about CloudTrail access.
|
591
591
|
#
|
592
|
-
# @!attribute [rw]
|
593
|
-
#
|
594
|
-
#
|
595
|
-
#
|
596
|
-
# request, the default value is the current time.
|
597
|
-
# @return [Time]
|
592
|
+
# @!attribute [rw] trail_properties
|
593
|
+
# A `TrailProperties` object that contains settings for trail
|
594
|
+
# properties.
|
595
|
+
# @return [Array<Types::TrailProperties>]
|
598
596
|
#
|
599
597
|
# @!attribute [rw] start_time
|
600
598
|
# The start of the time range for which IAM Access Analyzer reviews
|
@@ -602,17 +600,19 @@ module Aws::AccessAnalyzer
|
|
602
600
|
# not considered to generate a policy.
|
603
601
|
# @return [Time]
|
604
602
|
#
|
605
|
-
# @!attribute [rw]
|
606
|
-
#
|
607
|
-
#
|
608
|
-
#
|
603
|
+
# @!attribute [rw] end_time
|
604
|
+
# The end of the time range for which IAM Access Analyzer reviews your
|
605
|
+
# CloudTrail events. Events with a timestamp after this time are not
|
606
|
+
# considered to generate a policy. If this is not included in the
|
607
|
+
# request, the default value is the current time.
|
608
|
+
# @return [Time]
|
609
609
|
#
|
610
610
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CloudTrailProperties AWS API Documentation
|
611
611
|
#
|
612
612
|
class CloudTrailProperties < Struct.new(
|
613
|
-
:
|
613
|
+
:trail_properties,
|
614
614
|
:start_time,
|
615
|
-
:
|
615
|
+
:end_time)
|
616
616
|
SENSITIVE = []
|
617
617
|
include Aws::Structure
|
618
618
|
end
|
@@ -633,14 +633,14 @@ module Aws::AccessAnalyzer
|
|
633
633
|
# The access control configuration is for a KMS key.
|
634
634
|
# @return [Types::KmsKeyConfiguration]
|
635
635
|
#
|
636
|
-
# @!attribute [rw] s3_bucket
|
637
|
-
# The access control configuration is for an Amazon S3 Bucket.
|
638
|
-
# @return [Types::S3BucketConfiguration]
|
639
|
-
#
|
640
636
|
# @!attribute [rw] secrets_manager_secret
|
641
637
|
# The access control configuration is for a Secrets Manager secret.
|
642
638
|
# @return [Types::SecretsManagerSecretConfiguration]
|
643
639
|
#
|
640
|
+
# @!attribute [rw] s3_bucket
|
641
|
+
# The access control configuration is for an Amazon S3 Bucket.
|
642
|
+
# @return [Types::S3BucketConfiguration]
|
643
|
+
#
|
644
644
|
# @!attribute [rw] sqs_queue
|
645
645
|
# The access control configuration is for an Amazon SQS queue.
|
646
646
|
# @return [Types::SqsQueueConfiguration]
|
@@ -650,8 +650,8 @@ module Aws::AccessAnalyzer
|
|
650
650
|
class Configuration < Struct.new(
|
651
651
|
:iam_role,
|
652
652
|
:kms_key,
|
653
|
-
:s3_bucket,
|
654
653
|
:secrets_manager_secret,
|
654
|
+
:s3_bucket,
|
655
655
|
:sqs_queue,
|
656
656
|
:unknown)
|
657
657
|
SENSITIVE = []
|
@@ -660,8 +660,8 @@ module Aws::AccessAnalyzer
|
|
660
660
|
|
661
661
|
class IamRole < Configuration; end
|
662
662
|
class KmsKey < Configuration; end
|
663
|
-
class S3Bucket < Configuration; end
|
664
663
|
class SecretsManagerSecret < Configuration; end
|
664
|
+
class S3Bucket < Configuration; end
|
665
665
|
class SqsQueue < Configuration; end
|
666
666
|
class Unknown < Configuration; end
|
667
667
|
end
|
@@ -694,15 +694,20 @@ module Aws::AccessAnalyzer
|
|
694
694
|
#
|
695
695
|
# {
|
696
696
|
# analyzer_arn: "AnalyzerArn", # required
|
697
|
-
# client_token: "String",
|
698
697
|
# configurations: { # required
|
699
698
|
# "ConfigurationsMapKey" => {
|
700
699
|
# iam_role: {
|
701
700
|
# trust_policy: "IamTrustPolicy",
|
702
701
|
# },
|
703
702
|
# kms_key: {
|
703
|
+
# key_policies: {
|
704
|
+
# "PolicyName" => "KmsKeyPolicy",
|
705
|
+
# },
|
704
706
|
# grants: [
|
705
707
|
# {
|
708
|
+
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
709
|
+
# grantee_principal: "GranteePrincipal", # required
|
710
|
+
# retiring_principal: "RetiringPrincipal",
|
706
711
|
# constraints: {
|
707
712
|
# encryption_context_equals: {
|
708
713
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
@@ -711,57 +716,52 @@ module Aws::AccessAnalyzer
|
|
711
716
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
712
717
|
# },
|
713
718
|
# },
|
714
|
-
# grantee_principal: "GranteePrincipal", # required
|
715
719
|
# issuing_account: "IssuingAccount", # required
|
716
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
717
|
-
# retiring_principal: "RetiringPrincipal",
|
718
720
|
# },
|
719
721
|
# ],
|
720
|
-
#
|
721
|
-
#
|
722
|
-
#
|
722
|
+
# },
|
723
|
+
# secrets_manager_secret: {
|
724
|
+
# kms_key_id: "SecretsManagerSecretKmsId",
|
725
|
+
# secret_policy: "SecretsManagerSecretPolicy",
|
723
726
|
# },
|
724
727
|
# s3_bucket: {
|
725
|
-
#
|
726
|
-
# "AccessPointArn" => {
|
727
|
-
# access_point_policy: "AccessPointPolicy",
|
728
|
-
# network_origin: {
|
729
|
-
# internet_configuration: {
|
730
|
-
# },
|
731
|
-
# vpc_configuration: {
|
732
|
-
# vpc_id: "VpcId", # required
|
733
|
-
# },
|
734
|
-
# },
|
735
|
-
# public_access_block: {
|
736
|
-
# ignore_public_acls: false, # required
|
737
|
-
# restrict_public_buckets: false, # required
|
738
|
-
# },
|
739
|
-
# },
|
740
|
-
# },
|
728
|
+
# bucket_policy: "S3BucketPolicy",
|
741
729
|
# bucket_acl_grants: [
|
742
730
|
# {
|
731
|
+
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
743
732
|
# grantee: { # required
|
744
733
|
# id: "AclCanonicalId",
|
745
734
|
# uri: "AclUri",
|
746
735
|
# },
|
747
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
748
736
|
# },
|
749
737
|
# ],
|
750
|
-
# bucket_policy: "S3BucketPolicy",
|
751
738
|
# bucket_public_access_block: {
|
752
739
|
# ignore_public_acls: false, # required
|
753
740
|
# restrict_public_buckets: false, # required
|
754
741
|
# },
|
755
|
-
#
|
756
|
-
#
|
757
|
-
#
|
758
|
-
#
|
742
|
+
# access_points: {
|
743
|
+
# "AccessPointArn" => {
|
744
|
+
# access_point_policy: "AccessPointPolicy",
|
745
|
+
# public_access_block: {
|
746
|
+
# ignore_public_acls: false, # required
|
747
|
+
# restrict_public_buckets: false, # required
|
748
|
+
# },
|
749
|
+
# network_origin: {
|
750
|
+
# vpc_configuration: {
|
751
|
+
# vpc_id: "VpcId", # required
|
752
|
+
# },
|
753
|
+
# internet_configuration: {
|
754
|
+
# },
|
755
|
+
# },
|
756
|
+
# },
|
757
|
+
# },
|
759
758
|
# },
|
760
759
|
# sqs_queue: {
|
761
760
|
# queue_policy: "SqsQueuePolicy",
|
762
761
|
# },
|
763
762
|
# },
|
764
763
|
# },
|
764
|
+
# client_token: "String",
|
765
765
|
# }
|
766
766
|
#
|
767
767
|
# @!attribute [rw] analyzer_arn
|
@@ -774,13 +774,6 @@ module Aws::AccessAnalyzer
|
|
774
774
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
775
775
|
# @return [String]
|
776
776
|
#
|
777
|
-
# @!attribute [rw] client_token
|
778
|
-
# A client token.
|
779
|
-
#
|
780
|
-
# **A suitable default value is auto-generated.** You should normally
|
781
|
-
# not need to pass this option.
|
782
|
-
# @return [String]
|
783
|
-
#
|
784
777
|
# @!attribute [rw] configurations
|
785
778
|
# Access control configuration for your resource that is used to
|
786
779
|
# generate the access preview. The access preview includes findings
|
@@ -789,12 +782,19 @@ module Aws::AccessAnalyzer
|
|
789
782
|
# element.
|
790
783
|
# @return [Hash<String,Types::Configuration>]
|
791
784
|
#
|
785
|
+
# @!attribute [rw] client_token
|
786
|
+
# A client token.
|
787
|
+
#
|
788
|
+
# **A suitable default value is auto-generated.** You should normally
|
789
|
+
# not need to pass this option.
|
790
|
+
# @return [String]
|
791
|
+
#
|
792
792
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAccessPreviewRequest AWS API Documentation
|
793
793
|
#
|
794
794
|
class CreateAccessPreviewRequest < Struct.new(
|
795
795
|
:analyzer_arn,
|
796
|
-
:
|
797
|
-
:
|
796
|
+
:configurations,
|
797
|
+
:client_token)
|
798
798
|
SENSITIVE = []
|
799
799
|
include Aws::Structure
|
800
800
|
end
|
@@ -818,36 +818,47 @@ module Aws::AccessAnalyzer
|
|
818
818
|
#
|
819
819
|
# {
|
820
820
|
# analyzer_name: "Name", # required
|
821
|
+
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
|
821
822
|
# archive_rules: [
|
822
823
|
# {
|
824
|
+
# rule_name: "Name", # required
|
823
825
|
# filter: { # required
|
824
826
|
# "String" => {
|
825
|
-
# contains: ["String"],
|
826
827
|
# eq: ["String"],
|
827
|
-
# exists: false,
|
828
828
|
# neq: ["String"],
|
829
|
+
# contains: ["String"],
|
830
|
+
# exists: false,
|
829
831
|
# },
|
830
832
|
# },
|
831
|
-
# rule_name: "Name", # required
|
832
833
|
# },
|
833
834
|
# ],
|
834
|
-
# client_token: "String",
|
835
835
|
# tags: {
|
836
836
|
# "String" => "String",
|
837
837
|
# },
|
838
|
-
#
|
838
|
+
# client_token: "String",
|
839
839
|
# }
|
840
840
|
#
|
841
841
|
# @!attribute [rw] analyzer_name
|
842
842
|
# The name of the analyzer to create.
|
843
843
|
# @return [String]
|
844
844
|
#
|
845
|
+
# @!attribute [rw] type
|
846
|
+
# The type of analyzer to create. Only ACCOUNT and ORGANIZATION
|
847
|
+
# analyzers are supported. You can create only one analyzer per
|
848
|
+
# account per Region. You can create up to 5 analyzers per
|
849
|
+
# organization per Region.
|
850
|
+
# @return [String]
|
851
|
+
#
|
845
852
|
# @!attribute [rw] archive_rules
|
846
853
|
# Specifies the archive rules to add for the analyzer. Archive rules
|
847
854
|
# automatically archive findings that meet the criteria you define for
|
848
855
|
# the rule.
|
849
856
|
# @return [Array<Types::InlineArchiveRule>]
|
850
857
|
#
|
858
|
+
# @!attribute [rw] tags
|
859
|
+
# The tags to apply to the analyzer.
|
860
|
+
# @return [Hash<String,String>]
|
861
|
+
#
|
851
862
|
# @!attribute [rw] client_token
|
852
863
|
# A client token.
|
853
864
|
#
|
@@ -855,25 +866,14 @@ module Aws::AccessAnalyzer
|
|
855
866
|
# not need to pass this option.
|
856
867
|
# @return [String]
|
857
868
|
#
|
858
|
-
# @!attribute [rw] tags
|
859
|
-
# The tags to apply to the analyzer.
|
860
|
-
# @return [Hash<String,String>]
|
861
|
-
#
|
862
|
-
# @!attribute [rw] type
|
863
|
-
# The type of analyzer to create. Only ACCOUNT and ORGANIZATION
|
864
|
-
# analyzers are supported. You can create only one analyzer per
|
865
|
-
# account per Region. You can create up to 5 analyzers per
|
866
|
-
# organization per Region.
|
867
|
-
# @return [String]
|
868
|
-
#
|
869
869
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAnalyzerRequest AWS API Documentation
|
870
870
|
#
|
871
871
|
class CreateAnalyzerRequest < Struct.new(
|
872
872
|
:analyzer_name,
|
873
|
+
:type,
|
873
874
|
:archive_rules,
|
874
|
-
:client_token,
|
875
875
|
:tags,
|
876
|
-
:
|
876
|
+
:client_token)
|
877
877
|
SENSITIVE = []
|
878
878
|
include Aws::Structure
|
879
879
|
end
|
@@ -899,44 +899,44 @@ module Aws::AccessAnalyzer
|
|
899
899
|
#
|
900
900
|
# {
|
901
901
|
# analyzer_name: "Name", # required
|
902
|
-
#
|
902
|
+
# rule_name: "Name", # required
|
903
903
|
# filter: { # required
|
904
904
|
# "String" => {
|
905
|
-
# contains: ["String"],
|
906
905
|
# eq: ["String"],
|
907
|
-
# exists: false,
|
908
906
|
# neq: ["String"],
|
907
|
+
# contains: ["String"],
|
908
|
+
# exists: false,
|
909
909
|
# },
|
910
910
|
# },
|
911
|
-
#
|
911
|
+
# client_token: "String",
|
912
912
|
# }
|
913
913
|
#
|
914
914
|
# @!attribute [rw] analyzer_name
|
915
915
|
# The name of the created analyzer.
|
916
916
|
# @return [String]
|
917
917
|
#
|
918
|
-
# @!attribute [rw]
|
919
|
-
#
|
920
|
-
#
|
921
|
-
# **A suitable default value is auto-generated.** You should normally
|
922
|
-
# not need to pass this option.
|
918
|
+
# @!attribute [rw] rule_name
|
919
|
+
# The name of the rule to create.
|
923
920
|
# @return [String]
|
924
921
|
#
|
925
922
|
# @!attribute [rw] filter
|
926
923
|
# The criteria for the rule.
|
927
924
|
# @return [Hash<String,Types::Criterion>]
|
928
925
|
#
|
929
|
-
# @!attribute [rw]
|
930
|
-
#
|
926
|
+
# @!attribute [rw] client_token
|
927
|
+
# A client token.
|
928
|
+
#
|
929
|
+
# **A suitable default value is auto-generated.** You should normally
|
930
|
+
# not need to pass this option.
|
931
931
|
# @return [String]
|
932
932
|
#
|
933
933
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateArchiveRuleRequest AWS API Documentation
|
934
934
|
#
|
935
935
|
class CreateArchiveRuleRequest < Struct.new(
|
936
936
|
:analyzer_name,
|
937
|
-
:
|
937
|
+
:rule_name,
|
938
938
|
:filter,
|
939
|
-
:
|
939
|
+
:client_token)
|
940
940
|
SENSITIVE = []
|
941
941
|
include Aws::Structure
|
942
942
|
end
|
@@ -947,19 +947,24 @@ module Aws::AccessAnalyzer
|
|
947
947
|
# data as a hash:
|
948
948
|
#
|
949
949
|
# {
|
950
|
-
# contains: ["String"],
|
951
950
|
# eq: ["String"],
|
952
|
-
# exists: false,
|
953
951
|
# neq: ["String"],
|
952
|
+
# contains: ["String"],
|
953
|
+
# exists: false,
|
954
954
|
# }
|
955
955
|
#
|
956
|
-
# @!attribute [rw]
|
957
|
-
#
|
956
|
+
# @!attribute [rw] eq
|
957
|
+
# An "equals" operator to match for the filter used to create the
|
958
958
|
# rule.
|
959
959
|
# @return [Array<String>]
|
960
960
|
#
|
961
|
-
# @!attribute [rw]
|
962
|
-
#
|
961
|
+
# @!attribute [rw] neq
|
962
|
+
# A "not equals" operator to match for the filter used to create the
|
963
|
+
# rule.
|
964
|
+
# @return [Array<String>]
|
965
|
+
#
|
966
|
+
# @!attribute [rw] contains
|
967
|
+
# A "contains" operator to match for the filter used to create the
|
963
968
|
# rule.
|
964
969
|
# @return [Array<String>]
|
965
970
|
#
|
@@ -968,18 +973,13 @@ module Aws::AccessAnalyzer
|
|
968
973
|
# rule.
|
969
974
|
# @return [Boolean]
|
970
975
|
#
|
971
|
-
# @!attribute [rw] neq
|
972
|
-
# A "not equals" operator to match for the filter used to create the
|
973
|
-
# rule.
|
974
|
-
# @return [Array<String>]
|
975
|
-
#
|
976
976
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Criterion AWS API Documentation
|
977
977
|
#
|
978
978
|
class Criterion < Struct.new(
|
979
|
-
:contains,
|
980
979
|
:eq,
|
981
|
-
:
|
982
|
-
:
|
980
|
+
:neq,
|
981
|
+
:contains,
|
982
|
+
:exists)
|
983
983
|
SENSITIVE = []
|
984
984
|
include Aws::Structure
|
985
985
|
end
|
@@ -1021,8 +1021,8 @@ module Aws::AccessAnalyzer
|
|
1021
1021
|
#
|
1022
1022
|
# {
|
1023
1023
|
# analyzer_name: "Name", # required
|
1024
|
-
# client_token: "String",
|
1025
1024
|
# rule_name: "Name", # required
|
1025
|
+
# client_token: "String",
|
1026
1026
|
# }
|
1027
1027
|
#
|
1028
1028
|
# @!attribute [rw] analyzer_name
|
@@ -1030,6 +1030,10 @@ module Aws::AccessAnalyzer
|
|
1030
1030
|
# delete.
|
1031
1031
|
# @return [String]
|
1032
1032
|
#
|
1033
|
+
# @!attribute [rw] rule_name
|
1034
|
+
# The name of the rule to delete.
|
1035
|
+
# @return [String]
|
1036
|
+
#
|
1033
1037
|
# @!attribute [rw] client_token
|
1034
1038
|
# A client token.
|
1035
1039
|
#
|
@@ -1037,30 +1041,44 @@ module Aws::AccessAnalyzer
|
|
1037
1041
|
# not need to pass this option.
|
1038
1042
|
# @return [String]
|
1039
1043
|
#
|
1040
|
-
# @!attribute [rw] rule_name
|
1041
|
-
# The name of the rule to delete.
|
1042
|
-
# @return [String]
|
1043
|
-
#
|
1044
1044
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/DeleteArchiveRuleRequest AWS API Documentation
|
1045
1045
|
#
|
1046
1046
|
class DeleteArchiveRuleRequest < Struct.new(
|
1047
1047
|
:analyzer_name,
|
1048
|
-
:
|
1049
|
-
:
|
1048
|
+
:rule_name,
|
1049
|
+
:client_token)
|
1050
1050
|
SENSITIVE = []
|
1051
1051
|
include Aws::Structure
|
1052
1052
|
end
|
1053
1053
|
|
1054
1054
|
# Contains information about a finding.
|
1055
1055
|
#
|
1056
|
+
# @!attribute [rw] id
|
1057
|
+
# The ID of the finding.
|
1058
|
+
# @return [String]
|
1059
|
+
#
|
1060
|
+
# @!attribute [rw] principal
|
1061
|
+
# The external principal that access to a resource within the zone of
|
1062
|
+
# trust.
|
1063
|
+
# @return [Hash<String,String>]
|
1064
|
+
#
|
1056
1065
|
# @!attribute [rw] action
|
1057
1066
|
# The action in the analyzed policy statement that an external
|
1058
1067
|
# principal has permission to use.
|
1059
1068
|
# @return [Array<String>]
|
1060
1069
|
#
|
1061
|
-
# @!attribute [rw]
|
1062
|
-
# The
|
1063
|
-
# @return [
|
1070
|
+
# @!attribute [rw] resource
|
1071
|
+
# The resource that an external principal has access to.
|
1072
|
+
# @return [String]
|
1073
|
+
#
|
1074
|
+
# @!attribute [rw] is_public
|
1075
|
+
# Indicates whether the policy that generated the finding allows
|
1076
|
+
# public access to the resource.
|
1077
|
+
# @return [Boolean]
|
1078
|
+
#
|
1079
|
+
# @!attribute [rw] resource_type
|
1080
|
+
# The type of the resource identified in the finding.
|
1081
|
+
# @return [String]
|
1064
1082
|
#
|
1065
1083
|
# @!attribute [rw] condition
|
1066
1084
|
# The condition in the analyzed policy statement that resulted in a
|
@@ -1071,34 +1089,24 @@ module Aws::AccessAnalyzer
|
|
1071
1089
|
# The time at which the finding was generated.
|
1072
1090
|
# @return [Time]
|
1073
1091
|
#
|
1074
|
-
# @!attribute [rw]
|
1075
|
-
#
|
1076
|
-
# @return [
|
1077
|
-
#
|
1078
|
-
# @!attribute [rw] id
|
1079
|
-
# The ID of the finding.
|
1080
|
-
# @return [String]
|
1081
|
-
#
|
1082
|
-
# @!attribute [rw] is_public
|
1083
|
-
# Indicates whether the policy that generated the finding allows
|
1084
|
-
# public access to the resource.
|
1085
|
-
# @return [Boolean]
|
1092
|
+
# @!attribute [rw] analyzed_at
|
1093
|
+
# The time at which the resource was analyzed.
|
1094
|
+
# @return [Time]
|
1086
1095
|
#
|
1087
|
-
# @!attribute [rw]
|
1088
|
-
# The
|
1089
|
-
#
|
1090
|
-
# @return [Hash<String,String>]
|
1096
|
+
# @!attribute [rw] updated_at
|
1097
|
+
# The time at which the finding was updated.
|
1098
|
+
# @return [Time]
|
1091
1099
|
#
|
1092
|
-
# @!attribute [rw]
|
1093
|
-
# The
|
1100
|
+
# @!attribute [rw] status
|
1101
|
+
# The current status of the finding.
|
1094
1102
|
# @return [String]
|
1095
1103
|
#
|
1096
1104
|
# @!attribute [rw] resource_owner_account
|
1097
1105
|
# The Amazon Web Services account ID that owns the resource.
|
1098
1106
|
# @return [String]
|
1099
1107
|
#
|
1100
|
-
# @!attribute [rw]
|
1101
|
-
#
|
1108
|
+
# @!attribute [rw] error
|
1109
|
+
# An error.
|
1102
1110
|
# @return [String]
|
1103
1111
|
#
|
1104
1112
|
# @!attribute [rw] sources
|
@@ -1107,31 +1115,23 @@ module Aws::AccessAnalyzer
|
|
1107
1115
|
# bucket findings.
|
1108
1116
|
# @return [Array<Types::FindingSource>]
|
1109
1117
|
#
|
1110
|
-
# @!attribute [rw] status
|
1111
|
-
# The current status of the finding.
|
1112
|
-
# @return [String]
|
1113
|
-
#
|
1114
|
-
# @!attribute [rw] updated_at
|
1115
|
-
# The time at which the finding was updated.
|
1116
|
-
# @return [Time]
|
1117
|
-
#
|
1118
1118
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Finding AWS API Documentation
|
1119
1119
|
#
|
1120
1120
|
class Finding < Struct.new(
|
1121
|
-
:action,
|
1122
|
-
:analyzed_at,
|
1123
|
-
:condition,
|
1124
|
-
:created_at,
|
1125
|
-
:error,
|
1126
1121
|
:id,
|
1127
|
-
:is_public,
|
1128
1122
|
:principal,
|
1123
|
+
:action,
|
1129
1124
|
:resource,
|
1130
|
-
:
|
1125
|
+
:is_public,
|
1131
1126
|
:resource_type,
|
1132
|
-
:
|
1127
|
+
:condition,
|
1128
|
+
:created_at,
|
1129
|
+
:analyzed_at,
|
1130
|
+
:updated_at,
|
1133
1131
|
:status,
|
1134
|
-
:
|
1132
|
+
:resource_owner_account,
|
1133
|
+
:error,
|
1134
|
+
:sources)
|
1135
1135
|
SENSITIVE = []
|
1136
1136
|
include Aws::Structure
|
1137
1137
|
end
|
@@ -1140,20 +1140,20 @@ module Aws::AccessAnalyzer
|
|
1140
1140
|
# generated the finding is granted. It is populated for Amazon S3 bucket
|
1141
1141
|
# findings.
|
1142
1142
|
#
|
1143
|
+
# @!attribute [rw] type
|
1144
|
+
# Indicates the type of access that generated the finding.
|
1145
|
+
# @return [String]
|
1146
|
+
#
|
1143
1147
|
# @!attribute [rw] detail
|
1144
1148
|
# Includes details about how the access that generated the finding is
|
1145
1149
|
# granted. This is populated for Amazon S3 bucket findings.
|
1146
1150
|
# @return [Types::FindingSourceDetail]
|
1147
1151
|
#
|
1148
|
-
# @!attribute [rw] type
|
1149
|
-
# Indicates the type of access that generated the finding.
|
1150
|
-
# @return [String]
|
1151
|
-
#
|
1152
1152
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSource AWS API Documentation
|
1153
1153
|
#
|
1154
1154
|
class FindingSource < Struct.new(
|
1155
|
-
:
|
1156
|
-
:
|
1155
|
+
:type,
|
1156
|
+
:detail)
|
1157
1157
|
SENSITIVE = []
|
1158
1158
|
include Aws::Structure
|
1159
1159
|
end
|
@@ -1177,15 +1177,32 @@ module Aws::AccessAnalyzer
|
|
1177
1177
|
|
1178
1178
|
# Contains information about a finding.
|
1179
1179
|
#
|
1180
|
+
# @!attribute [rw] id
|
1181
|
+
# The ID of the finding.
|
1182
|
+
# @return [String]
|
1183
|
+
#
|
1184
|
+
# @!attribute [rw] principal
|
1185
|
+
# The external principal that has access to a resource within the zone
|
1186
|
+
# of trust.
|
1187
|
+
# @return [Hash<String,String>]
|
1188
|
+
#
|
1180
1189
|
# @!attribute [rw] action
|
1181
1190
|
# The action in the analyzed policy statement that an external
|
1182
1191
|
# principal has permission to use.
|
1183
1192
|
# @return [Array<String>]
|
1184
1193
|
#
|
1185
|
-
# @!attribute [rw]
|
1186
|
-
# The
|
1187
|
-
#
|
1188
|
-
#
|
1194
|
+
# @!attribute [rw] resource
|
1195
|
+
# The resource that the external principal has access to.
|
1196
|
+
# @return [String]
|
1197
|
+
#
|
1198
|
+
# @!attribute [rw] is_public
|
1199
|
+
# Indicates whether the finding reports a resource that has a policy
|
1200
|
+
# that allows public access.
|
1201
|
+
# @return [Boolean]
|
1202
|
+
#
|
1203
|
+
# @!attribute [rw] resource_type
|
1204
|
+
# The type of the resource that the external principal has access to.
|
1205
|
+
# @return [String]
|
1189
1206
|
#
|
1190
1207
|
# @!attribute [rw] condition
|
1191
1208
|
# The condition in the analyzed policy statement that resulted in a
|
@@ -1196,34 +1213,25 @@ module Aws::AccessAnalyzer
|
|
1196
1213
|
# The time at which the finding was created.
|
1197
1214
|
# @return [Time]
|
1198
1215
|
#
|
1199
|
-
# @!attribute [rw]
|
1200
|
-
# The
|
1201
|
-
#
|
1202
|
-
#
|
1203
|
-
# @!attribute [rw] id
|
1204
|
-
# The ID of the finding.
|
1205
|
-
# @return [String]
|
1206
|
-
#
|
1207
|
-
# @!attribute [rw] is_public
|
1208
|
-
# Indicates whether the finding reports a resource that has a policy
|
1209
|
-
# that allows public access.
|
1210
|
-
# @return [Boolean]
|
1216
|
+
# @!attribute [rw] analyzed_at
|
1217
|
+
# The time at which the resource-based policy that generated the
|
1218
|
+
# finding was analyzed.
|
1219
|
+
# @return [Time]
|
1211
1220
|
#
|
1212
|
-
# @!attribute [rw]
|
1213
|
-
# The
|
1214
|
-
#
|
1215
|
-
# @return [Hash<String,String>]
|
1221
|
+
# @!attribute [rw] updated_at
|
1222
|
+
# The time at which the finding was most recently updated.
|
1223
|
+
# @return [Time]
|
1216
1224
|
#
|
1217
|
-
# @!attribute [rw]
|
1218
|
-
# The
|
1225
|
+
# @!attribute [rw] status
|
1226
|
+
# The status of the finding.
|
1219
1227
|
# @return [String]
|
1220
1228
|
#
|
1221
1229
|
# @!attribute [rw] resource_owner_account
|
1222
1230
|
# The Amazon Web Services account ID that owns the resource.
|
1223
1231
|
# @return [String]
|
1224
1232
|
#
|
1225
|
-
# @!attribute [rw]
|
1226
|
-
# The
|
1233
|
+
# @!attribute [rw] error
|
1234
|
+
# The error that resulted in an Error finding.
|
1227
1235
|
# @return [String]
|
1228
1236
|
#
|
1229
1237
|
# @!attribute [rw] sources
|
@@ -1232,31 +1240,23 @@ module Aws::AccessAnalyzer
|
|
1232
1240
|
# bucket findings.
|
1233
1241
|
# @return [Array<Types::FindingSource>]
|
1234
1242
|
#
|
1235
|
-
# @!attribute [rw] status
|
1236
|
-
# The status of the finding.
|
1237
|
-
# @return [String]
|
1238
|
-
#
|
1239
|
-
# @!attribute [rw] updated_at
|
1240
|
-
# The time at which the finding was most recently updated.
|
1241
|
-
# @return [Time]
|
1242
|
-
#
|
1243
1243
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSummary AWS API Documentation
|
1244
1244
|
#
|
1245
1245
|
class FindingSummary < Struct.new(
|
1246
|
-
:action,
|
1247
|
-
:analyzed_at,
|
1248
|
-
:condition,
|
1249
|
-
:created_at,
|
1250
|
-
:error,
|
1251
1246
|
:id,
|
1252
|
-
:is_public,
|
1253
1247
|
:principal,
|
1248
|
+
:action,
|
1254
1249
|
:resource,
|
1255
|
-
:
|
1250
|
+
:is_public,
|
1256
1251
|
:resource_type,
|
1257
|
-
:
|
1252
|
+
:condition,
|
1253
|
+
:created_at,
|
1254
|
+
:analyzed_at,
|
1255
|
+
:updated_at,
|
1258
1256
|
:status,
|
1259
|
-
:
|
1257
|
+
:resource_owner_account,
|
1258
|
+
:error,
|
1259
|
+
:sources)
|
1260
1260
|
SENSITIVE = []
|
1261
1261
|
include Aws::Structure
|
1262
1262
|
end
|
@@ -1282,10 +1282,6 @@ module Aws::AccessAnalyzer
|
|
1282
1282
|
|
1283
1283
|
# Contains the generated policy details.
|
1284
1284
|
#
|
1285
|
-
# @!attribute [rw] cloud_trail_properties
|
1286
|
-
# Lists details about the `Trail` used to generated policy.
|
1287
|
-
# @return [Types::CloudTrailProperties]
|
1288
|
-
#
|
1289
1285
|
# @!attribute [rw] is_complete
|
1290
1286
|
# This value is set to `true` if the generated policy contains all
|
1291
1287
|
# possible actions for a service that IAM Access Analyzer identified
|
@@ -1297,18 +1293,27 @@ module Aws::AccessAnalyzer
|
|
1297
1293
|
# generating a policy.
|
1298
1294
|
# @return [String]
|
1299
1295
|
#
|
1296
|
+
# @!attribute [rw] cloud_trail_properties
|
1297
|
+
# Lists details about the `Trail` used to generated policy.
|
1298
|
+
# @return [Types::CloudTrailProperties]
|
1299
|
+
#
|
1300
1300
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicyProperties AWS API Documentation
|
1301
1301
|
#
|
1302
1302
|
class GeneratedPolicyProperties < Struct.new(
|
1303
|
-
:cloud_trail_properties,
|
1304
1303
|
:is_complete,
|
1305
|
-
:principal_arn
|
1304
|
+
:principal_arn,
|
1305
|
+
:cloud_trail_properties)
|
1306
1306
|
SENSITIVE = []
|
1307
1307
|
include Aws::Structure
|
1308
1308
|
end
|
1309
1309
|
|
1310
1310
|
# Contains the text for the generated policy and its details.
|
1311
1311
|
#
|
1312
|
+
# @!attribute [rw] properties
|
1313
|
+
# A `GeneratedPolicyProperties` object that contains properties of the
|
1314
|
+
# generated policy.
|
1315
|
+
# @return [Types::GeneratedPolicyProperties]
|
1316
|
+
#
|
1312
1317
|
# @!attribute [rw] generated_policies
|
1313
1318
|
# The text to use as the content for the new policy. The policy is
|
1314
1319
|
# created using the [CreatePolicy][1] action.
|
@@ -1318,16 +1323,11 @@ module Aws::AccessAnalyzer
|
|
1318
1323
|
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
|
1319
1324
|
# @return [Array<Types::GeneratedPolicy>]
|
1320
1325
|
#
|
1321
|
-
# @!attribute [rw] properties
|
1322
|
-
# A `GeneratedPolicyProperties` object that contains properties of the
|
1323
|
-
# generated policy.
|
1324
|
-
# @return [Types::GeneratedPolicyProperties]
|
1325
|
-
#
|
1326
1326
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicyResult AWS API Documentation
|
1327
1327
|
#
|
1328
1328
|
class GeneratedPolicyResult < Struct.new(
|
1329
|
-
:
|
1330
|
-
:
|
1329
|
+
:properties,
|
1330
|
+
:generated_policies)
|
1331
1331
|
SENSITIVE = []
|
1332
1332
|
include Aws::Structure
|
1333
1333
|
end
|
@@ -1545,11 +1545,18 @@ module Aws::AccessAnalyzer
|
|
1545
1545
|
# data as a hash:
|
1546
1546
|
#
|
1547
1547
|
# {
|
1548
|
+
# job_id: "JobId", # required
|
1548
1549
|
# include_resource_placeholders: false,
|
1549
1550
|
# include_service_level_template: false,
|
1550
|
-
# job_id: "JobId", # required
|
1551
1551
|
# }
|
1552
1552
|
#
|
1553
|
+
# @!attribute [rw] job_id
|
1554
|
+
# The `JobId` that is returned by the `StartPolicyGeneration`
|
1555
|
+
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
1556
|
+
# retrieve the generated policies or used with
|
1557
|
+
# `CancelPolicyGeneration` to cancel the policy generation request.
|
1558
|
+
# @return [String]
|
1559
|
+
#
|
1553
1560
|
# @!attribute [rw] include_resource_placeholders
|
1554
1561
|
# The level of detail that you want to generate. You can specify
|
1555
1562
|
# whether to generate policies with placeholders for resource ARNs for
|
@@ -1569,38 +1576,31 @@ module Aws::AccessAnalyzer
|
|
1569
1576
|
# template.
|
1570
1577
|
# @return [Boolean]
|
1571
1578
|
#
|
1572
|
-
# @!attribute [rw] job_id
|
1573
|
-
# The `JobId` that is returned by the `StartPolicyGeneration`
|
1574
|
-
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
1575
|
-
# retrieve the generated policies or used with
|
1576
|
-
# `CancelPolicyGeneration` to cancel the policy generation request.
|
1577
|
-
# @return [String]
|
1578
|
-
#
|
1579
1579
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicyRequest AWS API Documentation
|
1580
1580
|
#
|
1581
1581
|
class GetGeneratedPolicyRequest < Struct.new(
|
1582
|
+
:job_id,
|
1582
1583
|
:include_resource_placeholders,
|
1583
|
-
:include_service_level_template
|
1584
|
-
:job_id)
|
1584
|
+
:include_service_level_template)
|
1585
1585
|
SENSITIVE = []
|
1586
1586
|
include Aws::Structure
|
1587
1587
|
end
|
1588
1588
|
|
1589
|
-
# @!attribute [rw] generated_policy_result
|
1590
|
-
# A `GeneratedPolicyResult` object that contains the generated
|
1591
|
-
# policies and associated details.
|
1592
|
-
# @return [Types::GeneratedPolicyResult]
|
1593
|
-
#
|
1594
1589
|
# @!attribute [rw] job_details
|
1595
1590
|
# A `GeneratedPolicyDetails` object that contains details about the
|
1596
1591
|
# generated policy.
|
1597
1592
|
# @return [Types::JobDetails]
|
1598
1593
|
#
|
1594
|
+
# @!attribute [rw] generated_policy_result
|
1595
|
+
# A `GeneratedPolicyResult` object that contains the generated
|
1596
|
+
# policies and associated details.
|
1597
|
+
# @return [Types::GeneratedPolicyResult]
|
1598
|
+
#
|
1599
1599
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicyResponse AWS API Documentation
|
1600
1600
|
#
|
1601
1601
|
class GetGeneratedPolicyResponse < Struct.new(
|
1602
|
-
:
|
1603
|
-
:
|
1602
|
+
:job_details,
|
1603
|
+
:generated_policy_result)
|
1604
1604
|
SENSITIVE = []
|
1605
1605
|
include Aws::Structure
|
1606
1606
|
end
|
@@ -1645,30 +1645,30 @@ module Aws::AccessAnalyzer
|
|
1645
1645
|
# data as a hash:
|
1646
1646
|
#
|
1647
1647
|
# {
|
1648
|
+
# rule_name: "Name", # required
|
1648
1649
|
# filter: { # required
|
1649
1650
|
# "String" => {
|
1650
|
-
# contains: ["String"],
|
1651
1651
|
# eq: ["String"],
|
1652
|
-
# exists: false,
|
1653
1652
|
# neq: ["String"],
|
1653
|
+
# contains: ["String"],
|
1654
|
+
# exists: false,
|
1654
1655
|
# },
|
1655
1656
|
# },
|
1656
|
-
# rule_name: "Name", # required
|
1657
1657
|
# }
|
1658
1658
|
#
|
1659
|
-
# @!attribute [rw] filter
|
1660
|
-
# The condition and values for a criterion.
|
1661
|
-
# @return [Hash<String,Types::Criterion>]
|
1662
|
-
#
|
1663
1659
|
# @!attribute [rw] rule_name
|
1664
1660
|
# The name of the rule.
|
1665
1661
|
# @return [String]
|
1666
1662
|
#
|
1663
|
+
# @!attribute [rw] filter
|
1664
|
+
# The condition and values for a criterion.
|
1665
|
+
# @return [Hash<String,Types::Criterion>]
|
1666
|
+
#
|
1667
1667
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InlineArchiveRule AWS API Documentation
|
1668
1668
|
#
|
1669
1669
|
class InlineArchiveRule < Struct.new(
|
1670
|
-
:
|
1671
|
-
:
|
1670
|
+
:rule_name,
|
1671
|
+
:filter)
|
1672
1672
|
SENSITIVE = []
|
1673
1673
|
include Aws::Structure
|
1674
1674
|
end
|
@@ -1702,14 +1702,6 @@ module Aws::AccessAnalyzer
|
|
1702
1702
|
|
1703
1703
|
# Contains details about the policy generation request.
|
1704
1704
|
#
|
1705
|
-
# @!attribute [rw] completed_on
|
1706
|
-
# A timestamp of when the job was completed.
|
1707
|
-
# @return [Time]
|
1708
|
-
#
|
1709
|
-
# @!attribute [rw] job_error
|
1710
|
-
# The job error for the policy generation request.
|
1711
|
-
# @return [Types::JobError]
|
1712
|
-
#
|
1713
1705
|
# @!attribute [rw] job_id
|
1714
1706
|
# The `JobId` that is returned by the `StartPolicyGeneration`
|
1715
1707
|
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
@@ -1717,22 +1709,30 @@ module Aws::AccessAnalyzer
|
|
1717
1709
|
# `CancelPolicyGeneration` to cancel the policy generation request.
|
1718
1710
|
# @return [String]
|
1719
1711
|
#
|
1712
|
+
# @!attribute [rw] status
|
1713
|
+
# The status of the job request.
|
1714
|
+
# @return [String]
|
1715
|
+
#
|
1720
1716
|
# @!attribute [rw] started_on
|
1721
1717
|
# A timestamp of when the job was started.
|
1722
1718
|
# @return [Time]
|
1723
1719
|
#
|
1724
|
-
# @!attribute [rw]
|
1725
|
-
#
|
1726
|
-
# @return [
|
1720
|
+
# @!attribute [rw] completed_on
|
1721
|
+
# A timestamp of when the job was completed.
|
1722
|
+
# @return [Time]
|
1723
|
+
#
|
1724
|
+
# @!attribute [rw] job_error
|
1725
|
+
# The job error for the policy generation request.
|
1726
|
+
# @return [Types::JobError]
|
1727
1727
|
#
|
1728
1728
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/JobDetails AWS API Documentation
|
1729
1729
|
#
|
1730
1730
|
class JobDetails < Struct.new(
|
1731
|
-
:completed_on,
|
1732
|
-
:job_error,
|
1733
1731
|
:job_id,
|
1732
|
+
:status,
|
1734
1733
|
:started_on,
|
1735
|
-
:
|
1734
|
+
:completed_on,
|
1735
|
+
:job_error)
|
1736
1736
|
SENSITIVE = []
|
1737
1737
|
include Aws::Structure
|
1738
1738
|
end
|
@@ -1768,6 +1768,9 @@ module Aws::AccessAnalyzer
|
|
1768
1768
|
# data as a hash:
|
1769
1769
|
#
|
1770
1770
|
# {
|
1771
|
+
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
1772
|
+
# grantee_principal: "GranteePrincipal", # required
|
1773
|
+
# retiring_principal: "RetiringPrincipal",
|
1771
1774
|
# constraints: {
|
1772
1775
|
# encryption_context_equals: {
|
1773
1776
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
@@ -1776,12 +1779,27 @@ module Aws::AccessAnalyzer
|
|
1776
1779
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1777
1780
|
# },
|
1778
1781
|
# },
|
1779
|
-
# grantee_principal: "GranteePrincipal", # required
|
1780
1782
|
# issuing_account: "IssuingAccount", # required
|
1781
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
1782
|
-
# retiring_principal: "RetiringPrincipal",
|
1783
1783
|
# }
|
1784
1784
|
#
|
1785
|
+
# @!attribute [rw] operations
|
1786
|
+
# A list of operations that the grant permits.
|
1787
|
+
# @return [Array<String>]
|
1788
|
+
#
|
1789
|
+
# @!attribute [rw] grantee_principal
|
1790
|
+
# The principal that is given permission to perform the operations
|
1791
|
+
# that the grant permits.
|
1792
|
+
# @return [String]
|
1793
|
+
#
|
1794
|
+
# @!attribute [rw] retiring_principal
|
1795
|
+
# The principal that is given permission to retire the grant by using
|
1796
|
+
# [RetireGrant][1] operation.
|
1797
|
+
#
|
1798
|
+
#
|
1799
|
+
#
|
1800
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html
|
1801
|
+
# @return [String]
|
1802
|
+
#
|
1785
1803
|
# @!attribute [rw] constraints
|
1786
1804
|
# Use this structure to propose allowing [cryptographic operations][1]
|
1787
1805
|
# in the grant only when the operation request includes the specified
|
@@ -1793,38 +1811,20 @@ module Aws::AccessAnalyzer
|
|
1793
1811
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1794
1812
|
# @return [Types::KmsGrantConstraints]
|
1795
1813
|
#
|
1796
|
-
# @!attribute [rw] grantee_principal
|
1797
|
-
# The principal that is given permission to perform the operations
|
1798
|
-
# that the grant permits.
|
1799
|
-
# @return [String]
|
1800
|
-
#
|
1801
1814
|
# @!attribute [rw] issuing_account
|
1802
1815
|
# The Amazon Web Services account under which the grant was issued.
|
1803
1816
|
# The account is used to propose KMS grants issued by accounts other
|
1804
1817
|
# than the owner of the key.
|
1805
1818
|
# @return [String]
|
1806
1819
|
#
|
1807
|
-
# @!attribute [rw] operations
|
1808
|
-
# A list of operations that the grant permits.
|
1809
|
-
# @return [Array<String>]
|
1810
|
-
#
|
1811
|
-
# @!attribute [rw] retiring_principal
|
1812
|
-
# The principal that is given permission to retire the grant by using
|
1813
|
-
# [RetireGrant][1] operation.
|
1814
|
-
#
|
1815
|
-
#
|
1816
|
-
#
|
1817
|
-
# [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html
|
1818
|
-
# @return [String]
|
1819
|
-
#
|
1820
1820
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/KmsGrantConfiguration AWS API Documentation
|
1821
1821
|
#
|
1822
1822
|
class KmsGrantConfiguration < Struct.new(
|
1823
|
-
:constraints,
|
1824
|
-
:grantee_principal,
|
1825
|
-
:issuing_account,
|
1826
1823
|
:operations,
|
1827
|
-
:
|
1824
|
+
:grantee_principal,
|
1825
|
+
:retiring_principal,
|
1826
|
+
:constraints,
|
1827
|
+
:issuing_account)
|
1828
1828
|
SENSITIVE = []
|
1829
1829
|
include Aws::Structure
|
1830
1830
|
end
|
@@ -1907,8 +1907,14 @@ module Aws::AccessAnalyzer
|
|
1907
1907
|
# data as a hash:
|
1908
1908
|
#
|
1909
1909
|
# {
|
1910
|
+
# key_policies: {
|
1911
|
+
# "PolicyName" => "KmsKeyPolicy",
|
1912
|
+
# },
|
1910
1913
|
# grants: [
|
1911
1914
|
# {
|
1915
|
+
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
1916
|
+
# grantee_principal: "GranteePrincipal", # required
|
1917
|
+
# retiring_principal: "RetiringPrincipal",
|
1912
1918
|
# constraints: {
|
1913
1919
|
# encryption_context_equals: {
|
1914
1920
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
@@ -1917,25 +1923,11 @@ module Aws::AccessAnalyzer
|
|
1917
1923
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1918
1924
|
# },
|
1919
1925
|
# },
|
1920
|
-
# grantee_principal: "GranteePrincipal", # required
|
1921
1926
|
# issuing_account: "IssuingAccount", # required
|
1922
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
1923
|
-
# retiring_principal: "RetiringPrincipal",
|
1924
1927
|
# },
|
1925
1928
|
# ],
|
1926
|
-
# key_policies: {
|
1927
|
-
# "PolicyName" => "KmsKeyPolicy",
|
1928
|
-
# },
|
1929
1929
|
# }
|
1930
1930
|
#
|
1931
|
-
# @!attribute [rw] grants
|
1932
|
-
# A list of proposed grant configurations for the KMS key. If the
|
1933
|
-
# proposed grant configuration is for an existing key, the access
|
1934
|
-
# preview uses the proposed list of grant configurations in place of
|
1935
|
-
# the existing grants. Otherwise, the access preview uses the existing
|
1936
|
-
# grants for the key.
|
1937
|
-
# @return [Array<Types::KmsGrantConfiguration>]
|
1938
|
-
#
|
1939
1931
|
# @!attribute [rw] key_policies
|
1940
1932
|
# Resource policy configuration for the KMS key. The only valid value
|
1941
1933
|
# for the name of the key policy is `default`. For more information,
|
@@ -1946,11 +1938,19 @@ module Aws::AccessAnalyzer
|
|
1946
1938
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
|
1947
1939
|
# @return [Hash<String,String>]
|
1948
1940
|
#
|
1941
|
+
# @!attribute [rw] grants
|
1942
|
+
# A list of proposed grant configurations for the KMS key. If the
|
1943
|
+
# proposed grant configuration is for an existing key, the access
|
1944
|
+
# preview uses the proposed list of grant configurations in place of
|
1945
|
+
# the existing grants. Otherwise, the access preview uses the existing
|
1946
|
+
# grants for the key.
|
1947
|
+
# @return [Array<Types::KmsGrantConfiguration>]
|
1948
|
+
#
|
1949
1949
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/KmsKeyConfiguration AWS API Documentation
|
1950
1950
|
#
|
1951
1951
|
class KmsKeyConfiguration < Struct.new(
|
1952
|
-
:
|
1953
|
-
:
|
1952
|
+
:key_policies,
|
1953
|
+
:grants)
|
1954
1954
|
SENSITIVE = []
|
1955
1955
|
include Aws::Structure
|
1956
1956
|
end
|
@@ -1963,14 +1963,14 @@ module Aws::AccessAnalyzer
|
|
1963
1963
|
# analyzer_arn: "AnalyzerArn", # required
|
1964
1964
|
# filter: {
|
1965
1965
|
# "String" => {
|
1966
|
-
# contains: ["String"],
|
1967
1966
|
# eq: ["String"],
|
1968
|
-
# exists: false,
|
1969
1967
|
# neq: ["String"],
|
1968
|
+
# contains: ["String"],
|
1969
|
+
# exists: false,
|
1970
1970
|
# },
|
1971
1971
|
# },
|
1972
|
-
# max_results: 1,
|
1973
1972
|
# next_token: "Token",
|
1973
|
+
# max_results: 1,
|
1974
1974
|
# }
|
1975
1975
|
#
|
1976
1976
|
# @!attribute [rw] access_preview_id
|
@@ -1989,22 +1989,22 @@ module Aws::AccessAnalyzer
|
|
1989
1989
|
# Criteria to filter the returned findings.
|
1990
1990
|
# @return [Hash<String,Types::Criterion>]
|
1991
1991
|
#
|
1992
|
-
# @!attribute [rw] max_results
|
1993
|
-
# The maximum number of results to return in the response.
|
1994
|
-
# @return [Integer]
|
1995
|
-
#
|
1996
1992
|
# @!attribute [rw] next_token
|
1997
1993
|
# A token used for pagination of results returned.
|
1998
1994
|
# @return [String]
|
1999
1995
|
#
|
1996
|
+
# @!attribute [rw] max_results
|
1997
|
+
# The maximum number of results to return in the response.
|
1998
|
+
# @return [Integer]
|
1999
|
+
#
|
2000
2000
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindingsRequest AWS API Documentation
|
2001
2001
|
#
|
2002
2002
|
class ListAccessPreviewFindingsRequest < Struct.new(
|
2003
2003
|
:access_preview_id,
|
2004
2004
|
:analyzer_arn,
|
2005
2005
|
:filter,
|
2006
|
-
:
|
2007
|
-
:
|
2006
|
+
:next_token,
|
2007
|
+
:max_results)
|
2008
2008
|
SENSITIVE = []
|
2009
2009
|
include Aws::Structure
|
2010
2010
|
end
|
@@ -2032,8 +2032,8 @@ module Aws::AccessAnalyzer
|
|
2032
2032
|
#
|
2033
2033
|
# {
|
2034
2034
|
# analyzer_arn: "AnalyzerArn", # required
|
2035
|
-
# max_results: 1,
|
2036
2035
|
# next_token: "Token",
|
2036
|
+
# max_results: 1,
|
2037
2037
|
# }
|
2038
2038
|
#
|
2039
2039
|
# @!attribute [rw] analyzer_arn
|
@@ -2044,20 +2044,20 @@ module Aws::AccessAnalyzer
|
|
2044
2044
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
2045
2045
|
# @return [String]
|
2046
2046
|
#
|
2047
|
-
# @!attribute [rw] max_results
|
2048
|
-
# The maximum number of results to return in the response.
|
2049
|
-
# @return [Integer]
|
2050
|
-
#
|
2051
2047
|
# @!attribute [rw] next_token
|
2052
2048
|
# A token used for pagination of results returned.
|
2053
2049
|
# @return [String]
|
2054
2050
|
#
|
2051
|
+
# @!attribute [rw] max_results
|
2052
|
+
# The maximum number of results to return in the response.
|
2053
|
+
# @return [Integer]
|
2054
|
+
#
|
2055
2055
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewsRequest AWS API Documentation
|
2056
2056
|
#
|
2057
2057
|
class ListAccessPreviewsRequest < Struct.new(
|
2058
2058
|
:analyzer_arn,
|
2059
|
-
:
|
2060
|
-
:
|
2059
|
+
:next_token,
|
2060
|
+
:max_results)
|
2061
2061
|
SENSITIVE = []
|
2062
2062
|
include Aws::Structure
|
2063
2063
|
end
|
@@ -2086,9 +2086,9 @@ module Aws::AccessAnalyzer
|
|
2086
2086
|
#
|
2087
2087
|
# {
|
2088
2088
|
# analyzer_arn: "AnalyzerArn", # required
|
2089
|
-
# max_results: 1,
|
2090
|
-
# next_token: "Token",
|
2091
2089
|
# resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
|
2090
|
+
# next_token: "Token",
|
2091
|
+
# max_results: 1,
|
2092
2092
|
# }
|
2093
2093
|
#
|
2094
2094
|
# @!attribute [rw] analyzer_arn
|
@@ -2100,25 +2100,25 @@ module Aws::AccessAnalyzer
|
|
2100
2100
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
2101
2101
|
# @return [String]
|
2102
2102
|
#
|
2103
|
-
# @!attribute [rw]
|
2104
|
-
# The
|
2105
|
-
# @return [
|
2103
|
+
# @!attribute [rw] resource_type
|
2104
|
+
# The type of resource.
|
2105
|
+
# @return [String]
|
2106
2106
|
#
|
2107
2107
|
# @!attribute [rw] next_token
|
2108
2108
|
# A token used for pagination of results returned.
|
2109
2109
|
# @return [String]
|
2110
2110
|
#
|
2111
|
-
# @!attribute [rw]
|
2112
|
-
# The
|
2113
|
-
# @return [
|
2111
|
+
# @!attribute [rw] max_results
|
2112
|
+
# The maximum number of results to return in the response.
|
2113
|
+
# @return [Integer]
|
2114
2114
|
#
|
2115
2115
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResourcesRequest AWS API Documentation
|
2116
2116
|
#
|
2117
2117
|
class ListAnalyzedResourcesRequest < Struct.new(
|
2118
2118
|
:analyzer_arn,
|
2119
|
-
:
|
2119
|
+
:resource_type,
|
2120
2120
|
:next_token,
|
2121
|
-
:
|
2121
|
+
:max_results)
|
2122
2122
|
SENSITIVE = []
|
2123
2123
|
include Aws::Structure
|
2124
2124
|
end
|
@@ -2148,19 +2148,19 @@ module Aws::AccessAnalyzer
|
|
2148
2148
|
# data as a hash:
|
2149
2149
|
#
|
2150
2150
|
# {
|
2151
|
-
# max_results: 1,
|
2152
2151
|
# next_token: "Token",
|
2152
|
+
# max_results: 1,
|
2153
2153
|
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
|
2154
2154
|
# }
|
2155
2155
|
#
|
2156
|
-
# @!attribute [rw] max_results
|
2157
|
-
# The maximum number of results to return in the response.
|
2158
|
-
# @return [Integer]
|
2159
|
-
#
|
2160
2156
|
# @!attribute [rw] next_token
|
2161
2157
|
# A token used for pagination of results returned.
|
2162
2158
|
# @return [String]
|
2163
2159
|
#
|
2160
|
+
# @!attribute [rw] max_results
|
2161
|
+
# The maximum number of results to return in the response.
|
2162
|
+
# @return [Integer]
|
2163
|
+
#
|
2164
2164
|
# @!attribute [rw] type
|
2165
2165
|
# The type of analyzer.
|
2166
2166
|
# @return [String]
|
@@ -2168,8 +2168,8 @@ module Aws::AccessAnalyzer
|
|
2168
2168
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzersRequest AWS API Documentation
|
2169
2169
|
#
|
2170
2170
|
class ListAnalyzersRequest < Struct.new(
|
2171
|
-
:max_results,
|
2172
2171
|
:next_token,
|
2172
|
+
:max_results,
|
2173
2173
|
:type)
|
2174
2174
|
SENSITIVE = []
|
2175
2175
|
include Aws::Structure
|
@@ -2201,28 +2201,28 @@ module Aws::AccessAnalyzer
|
|
2201
2201
|
#
|
2202
2202
|
# {
|
2203
2203
|
# analyzer_name: "Name", # required
|
2204
|
-
# max_results: 1,
|
2205
2204
|
# next_token: "Token",
|
2205
|
+
# max_results: 1,
|
2206
2206
|
# }
|
2207
2207
|
#
|
2208
2208
|
# @!attribute [rw] analyzer_name
|
2209
2209
|
# The name of the analyzer to retrieve rules from.
|
2210
2210
|
# @return [String]
|
2211
2211
|
#
|
2212
|
-
# @!attribute [rw] max_results
|
2213
|
-
# The maximum number of results to return in the request.
|
2214
|
-
# @return [Integer]
|
2215
|
-
#
|
2216
2212
|
# @!attribute [rw] next_token
|
2217
2213
|
# A token used for pagination of results returned.
|
2218
2214
|
# @return [String]
|
2219
2215
|
#
|
2216
|
+
# @!attribute [rw] max_results
|
2217
|
+
# The maximum number of results to return in the request.
|
2218
|
+
# @return [Integer]
|
2219
|
+
#
|
2220
2220
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListArchiveRulesRequest AWS API Documentation
|
2221
2221
|
#
|
2222
2222
|
class ListArchiveRulesRequest < Struct.new(
|
2223
2223
|
:analyzer_name,
|
2224
|
-
:
|
2225
|
-
:
|
2224
|
+
:next_token,
|
2225
|
+
:max_results)
|
2226
2226
|
SENSITIVE = []
|
2227
2227
|
include Aws::Structure
|
2228
2228
|
end
|
@@ -2255,18 +2255,18 @@ module Aws::AccessAnalyzer
|
|
2255
2255
|
# analyzer_arn: "AnalyzerArn", # required
|
2256
2256
|
# filter: {
|
2257
2257
|
# "String" => {
|
2258
|
-
# contains: ["String"],
|
2259
2258
|
# eq: ["String"],
|
2260
|
-
# exists: false,
|
2261
2259
|
# neq: ["String"],
|
2260
|
+
# contains: ["String"],
|
2261
|
+
# exists: false,
|
2262
2262
|
# },
|
2263
2263
|
# },
|
2264
|
-
# max_results: 1,
|
2265
|
-
# next_token: "Token",
|
2266
2264
|
# sort: {
|
2267
2265
|
# attribute_name: "String",
|
2268
2266
|
# order_by: "ASC", # accepts ASC, DESC
|
2269
2267
|
# },
|
2268
|
+
# next_token: "Token",
|
2269
|
+
# max_results: 1,
|
2270
2270
|
# }
|
2271
2271
|
#
|
2272
2272
|
# @!attribute [rw] analyzer_arn
|
@@ -2281,26 +2281,26 @@ module Aws::AccessAnalyzer
|
|
2281
2281
|
# A filter to match for the findings to return.
|
2282
2282
|
# @return [Hash<String,Types::Criterion>]
|
2283
2283
|
#
|
2284
|
-
# @!attribute [rw]
|
2285
|
-
# The
|
2286
|
-
# @return [
|
2284
|
+
# @!attribute [rw] sort
|
2285
|
+
# The sort order for the findings returned.
|
2286
|
+
# @return [Types::SortCriteria]
|
2287
2287
|
#
|
2288
2288
|
# @!attribute [rw] next_token
|
2289
2289
|
# A token used for pagination of results returned.
|
2290
2290
|
# @return [String]
|
2291
2291
|
#
|
2292
|
-
# @!attribute [rw]
|
2293
|
-
# The
|
2294
|
-
# @return [
|
2292
|
+
# @!attribute [rw] max_results
|
2293
|
+
# The maximum number of results to return in the response.
|
2294
|
+
# @return [Integer]
|
2295
2295
|
#
|
2296
2296
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindingsRequest AWS API Documentation
|
2297
2297
|
#
|
2298
2298
|
class ListFindingsRequest < Struct.new(
|
2299
2299
|
:analyzer_arn,
|
2300
2300
|
:filter,
|
2301
|
-
:
|
2301
|
+
:sort,
|
2302
2302
|
:next_token,
|
2303
|
-
:
|
2303
|
+
:max_results)
|
2304
2304
|
SENSITIVE = []
|
2305
2305
|
include Aws::Structure
|
2306
2306
|
end
|
@@ -2329,11 +2329,17 @@ module Aws::AccessAnalyzer
|
|
2329
2329
|
# data as a hash:
|
2330
2330
|
#
|
2331
2331
|
# {
|
2332
|
+
# principal_arn: "PrincipalArn",
|
2332
2333
|
# max_results: 1,
|
2333
2334
|
# next_token: "Token",
|
2334
|
-
# principal_arn: "PrincipalArn",
|
2335
2335
|
# }
|
2336
2336
|
#
|
2337
|
+
# @!attribute [rw] principal_arn
|
2338
|
+
# The ARN of the IAM entity (user or role) for which you are
|
2339
|
+
# generating a policy. Use this with `ListGeneratedPolicies` to filter
|
2340
|
+
# the results to only include results for a specific principal.
|
2341
|
+
# @return [String]
|
2342
|
+
#
|
2337
2343
|
# @!attribute [rw] max_results
|
2338
2344
|
# The maximum number of results to return in the response.
|
2339
2345
|
# @return [Integer]
|
@@ -2342,36 +2348,30 @@ module Aws::AccessAnalyzer
|
|
2342
2348
|
# A token used for pagination of results returned.
|
2343
2349
|
# @return [String]
|
2344
2350
|
#
|
2345
|
-
# @!attribute [rw] principal_arn
|
2346
|
-
# The ARN of the IAM entity (user or role) for which you are
|
2347
|
-
# generating a policy. Use this with `ListGeneratedPolicies` to filter
|
2348
|
-
# the results to only include results for a specific principal.
|
2349
|
-
# @return [String]
|
2350
|
-
#
|
2351
2351
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerationsRequest AWS API Documentation
|
2352
2352
|
#
|
2353
2353
|
class ListPolicyGenerationsRequest < Struct.new(
|
2354
|
+
:principal_arn,
|
2354
2355
|
:max_results,
|
2355
|
-
:next_token
|
2356
|
-
:principal_arn)
|
2356
|
+
:next_token)
|
2357
2357
|
SENSITIVE = []
|
2358
2358
|
include Aws::Structure
|
2359
2359
|
end
|
2360
2360
|
|
2361
|
-
# @!attribute [rw] next_token
|
2362
|
-
# A token used for pagination of results returned.
|
2363
|
-
# @return [String]
|
2364
|
-
#
|
2365
2361
|
# @!attribute [rw] policy_generations
|
2366
2362
|
# A `PolicyGeneration` object that contains details about the
|
2367
2363
|
# generated policy.
|
2368
2364
|
# @return [Array<Types::PolicyGeneration>]
|
2369
2365
|
#
|
2366
|
+
# @!attribute [rw] next_token
|
2367
|
+
# A token used for pagination of results returned.
|
2368
|
+
# @return [String]
|
2369
|
+
#
|
2370
2370
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerationsResponse AWS API Documentation
|
2371
2371
|
#
|
2372
2372
|
class ListPolicyGenerationsResponse < Struct.new(
|
2373
|
-
:
|
2374
|
-
:
|
2373
|
+
:policy_generations,
|
2374
|
+
:next_token)
|
2375
2375
|
SENSITIVE = []
|
2376
2376
|
include Aws::Structure
|
2377
2377
|
end
|
@@ -2447,11 +2447,6 @@ module Aws::AccessAnalyzer
|
|
2447
2447
|
#
|
2448
2448
|
# @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
|
2449
2449
|
#
|
2450
|
-
# @!attribute [rw] internet_configuration
|
2451
|
-
# The configuration for the Amazon S3 access point or multi-region
|
2452
|
-
# access point with an `Internet` origin.
|
2453
|
-
# @return [Types::InternetConfiguration]
|
2454
|
-
#
|
2455
2450
|
# @!attribute [rw] vpc_configuration
|
2456
2451
|
# The proposed virtual private cloud (VPC) configuration for the
|
2457
2452
|
# Amazon S3 access point. VPC configuration does not apply to
|
@@ -2463,18 +2458,23 @@ module Aws::AccessAnalyzer
|
|
2463
2458
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html
|
2464
2459
|
# @return [Types::VpcConfiguration]
|
2465
2460
|
#
|
2461
|
+
# @!attribute [rw] internet_configuration
|
2462
|
+
# The configuration for the Amazon S3 access point or multi-region
|
2463
|
+
# access point with an `Internet` origin.
|
2464
|
+
# @return [Types::InternetConfiguration]
|
2465
|
+
#
|
2466
2466
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/NetworkOriginConfiguration AWS API Documentation
|
2467
2467
|
#
|
2468
2468
|
class NetworkOriginConfiguration < Struct.new(
|
2469
|
-
:internet_configuration,
|
2470
2469
|
:vpc_configuration,
|
2470
|
+
:internet_configuration,
|
2471
2471
|
:unknown)
|
2472
2472
|
SENSITIVE = []
|
2473
2473
|
include Aws::Structure
|
2474
2474
|
include Aws::Structure::Union
|
2475
2475
|
|
2476
|
-
class InternetConfiguration < NetworkOriginConfiguration; end
|
2477
2476
|
class VpcConfiguration < NetworkOriginConfiguration; end
|
2477
|
+
class InternetConfiguration < NetworkOriginConfiguration; end
|
2478
2478
|
class Unknown < NetworkOriginConfiguration; end
|
2479
2479
|
end
|
2480
2480
|
|
@@ -2520,10 +2520,6 @@ module Aws::AccessAnalyzer
|
|
2520
2520
|
|
2521
2521
|
# Contains details about the policy generation status and properties.
|
2522
2522
|
#
|
2523
|
-
# @!attribute [rw] completed_on
|
2524
|
-
# A timestamp of when the policy generation was completed.
|
2525
|
-
# @return [Time]
|
2526
|
-
#
|
2527
2523
|
# @!attribute [rw] job_id
|
2528
2524
|
# The `JobId` that is returned by the `StartPolicyGeneration`
|
2529
2525
|
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
@@ -2536,22 +2532,26 @@ module Aws::AccessAnalyzer
|
|
2536
2532
|
# generating a policy.
|
2537
2533
|
# @return [String]
|
2538
2534
|
#
|
2535
|
+
# @!attribute [rw] status
|
2536
|
+
# The status of the policy generation request.
|
2537
|
+
# @return [String]
|
2538
|
+
#
|
2539
2539
|
# @!attribute [rw] started_on
|
2540
2540
|
# A timestamp of when the policy generation started.
|
2541
2541
|
# @return [Time]
|
2542
2542
|
#
|
2543
|
-
# @!attribute [rw]
|
2544
|
-
#
|
2545
|
-
# @return [
|
2543
|
+
# @!attribute [rw] completed_on
|
2544
|
+
# A timestamp of when the policy generation was completed.
|
2545
|
+
# @return [Time]
|
2546
2546
|
#
|
2547
2547
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/PolicyGeneration AWS API Documentation
|
2548
2548
|
#
|
2549
2549
|
class PolicyGeneration < Struct.new(
|
2550
|
-
:completed_on,
|
2551
2550
|
:job_id,
|
2552
2551
|
:principal_arn,
|
2552
|
+
:status,
|
2553
2553
|
:started_on,
|
2554
|
-
:
|
2554
|
+
:completed_on)
|
2555
2555
|
SENSITIVE = []
|
2556
2556
|
include Aws::Structure
|
2557
2557
|
end
|
@@ -2581,14 +2581,14 @@ module Aws::AccessAnalyzer
|
|
2581
2581
|
|
2582
2582
|
# A position in a policy.
|
2583
2583
|
#
|
2584
|
-
# @!attribute [rw] column
|
2585
|
-
# The column of the position, starting from 0.
|
2586
|
-
# @return [Integer]
|
2587
|
-
#
|
2588
2584
|
# @!attribute [rw] line
|
2589
2585
|
# The line of the position, starting from 1.
|
2590
2586
|
# @return [Integer]
|
2591
2587
|
#
|
2588
|
+
# @!attribute [rw] column
|
2589
|
+
# The column of the position, starting from 0.
|
2590
|
+
# @return [Integer]
|
2591
|
+
#
|
2592
2592
|
# @!attribute [rw] offset
|
2593
2593
|
# The offset within the policy that corresponds to the position,
|
2594
2594
|
# starting from 0.
|
@@ -2597,8 +2597,8 @@ module Aws::AccessAnalyzer
|
|
2597
2597
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Position AWS API Documentation
|
2598
2598
|
#
|
2599
2599
|
class Position < Struct.new(
|
2600
|
-
:column,
|
2601
2600
|
:line,
|
2601
|
+
:column,
|
2602
2602
|
:offset)
|
2603
2603
|
SENSITIVE = []
|
2604
2604
|
include Aws::Structure
|
@@ -2640,7 +2640,7 @@ module Aws::AccessAnalyzer
|
|
2640
2640
|
#
|
2641
2641
|
#
|
2642
2642
|
#
|
2643
|
-
# [1]: https://docs.aws.amazon.com/
|
2643
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
|
2644
2644
|
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html
|
2645
2645
|
#
|
2646
2646
|
# @note When making an API call, you may pass S3AccessPointConfiguration
|
@@ -2648,16 +2648,16 @@ module Aws::AccessAnalyzer
|
|
2648
2648
|
#
|
2649
2649
|
# {
|
2650
2650
|
# access_point_policy: "AccessPointPolicy",
|
2651
|
+
# public_access_block: {
|
2652
|
+
# ignore_public_acls: false, # required
|
2653
|
+
# restrict_public_buckets: false, # required
|
2654
|
+
# },
|
2651
2655
|
# network_origin: {
|
2652
|
-
# internet_configuration: {
|
2653
|
-
# },
|
2654
2656
|
# vpc_configuration: {
|
2655
2657
|
# vpc_id: "VpcId", # required
|
2656
2658
|
# },
|
2657
|
-
#
|
2658
|
-
#
|
2659
|
-
# ignore_public_acls: false, # required
|
2660
|
-
# restrict_public_buckets: false, # required
|
2659
|
+
# internet_configuration: {
|
2660
|
+
# },
|
2661
2661
|
# },
|
2662
2662
|
# }
|
2663
2663
|
#
|
@@ -2665,6 +2665,11 @@ module Aws::AccessAnalyzer
|
|
2665
2665
|
# The access point or multi-region access point policy.
|
2666
2666
|
# @return [String]
|
2667
2667
|
#
|
2668
|
+
# @!attribute [rw] public_access_block
|
2669
|
+
# The proposed `S3PublicAccessBlock` configuration to apply to this
|
2670
|
+
# Amazon S3 access point or multi-region access point.
|
2671
|
+
# @return [Types::S3PublicAccessBlockConfiguration]
|
2672
|
+
#
|
2668
2673
|
# @!attribute [rw] network_origin
|
2669
2674
|
# The proposed `Internet` and `VpcConfiguration` to apply to this
|
2670
2675
|
# Amazon S3 access point. `VpcConfiguration` does not apply to
|
@@ -2675,17 +2680,12 @@ module Aws::AccessAnalyzer
|
|
2675
2680
|
# the exiting network origin.
|
2676
2681
|
# @return [Types::NetworkOriginConfiguration]
|
2677
2682
|
#
|
2678
|
-
# @!attribute [rw] public_access_block
|
2679
|
-
# The proposed `S3PublicAccessBlock` configuration to apply to this
|
2680
|
-
# Amazon S3 access point or multi-region access point.
|
2681
|
-
# @return [Types::S3PublicAccessBlockConfiguration]
|
2682
|
-
#
|
2683
2683
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3AccessPointConfiguration AWS API Documentation
|
2684
2684
|
#
|
2685
2685
|
class S3AccessPointConfiguration < Struct.new(
|
2686
2686
|
:access_point_policy,
|
2687
|
-
:
|
2688
|
-
:
|
2687
|
+
:public_access_block,
|
2688
|
+
:network_origin)
|
2689
2689
|
SENSITIVE = []
|
2690
2690
|
include Aws::Structure
|
2691
2691
|
end
|
@@ -2701,26 +2701,26 @@ module Aws::AccessAnalyzer
|
|
2701
2701
|
# data as a hash:
|
2702
2702
|
#
|
2703
2703
|
# {
|
2704
|
+
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
2704
2705
|
# grantee: { # required
|
2705
2706
|
# id: "AclCanonicalId",
|
2706
2707
|
# uri: "AclUri",
|
2707
2708
|
# },
|
2708
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
2709
2709
|
# }
|
2710
2710
|
#
|
2711
|
-
# @!attribute [rw] grantee
|
2712
|
-
# The grantee to whom you’re assigning access rights.
|
2713
|
-
# @return [Types::AclGrantee]
|
2714
|
-
#
|
2715
2711
|
# @!attribute [rw] permission
|
2716
2712
|
# The permissions being granted.
|
2717
2713
|
# @return [String]
|
2718
2714
|
#
|
2715
|
+
# @!attribute [rw] grantee
|
2716
|
+
# The grantee to whom you’re assigning access rights.
|
2717
|
+
# @return [Types::AclGrantee]
|
2718
|
+
#
|
2719
2719
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3BucketAclGrantConfiguration AWS API Documentation
|
2720
2720
|
#
|
2721
2721
|
class S3BucketAclGrantConfiguration < Struct.new(
|
2722
|
-
:
|
2723
|
-
:
|
2722
|
+
:permission,
|
2723
|
+
:grantee)
|
2724
2724
|
SENSITIVE = []
|
2725
2725
|
include Aws::Structure
|
2726
2726
|
end
|
@@ -2747,43 +2747,41 @@ module Aws::AccessAnalyzer
|
|
2747
2747
|
# data as a hash:
|
2748
2748
|
#
|
2749
2749
|
# {
|
2750
|
-
#
|
2751
|
-
# "AccessPointArn" => {
|
2752
|
-
# access_point_policy: "AccessPointPolicy",
|
2753
|
-
# network_origin: {
|
2754
|
-
# internet_configuration: {
|
2755
|
-
# },
|
2756
|
-
# vpc_configuration: {
|
2757
|
-
# vpc_id: "VpcId", # required
|
2758
|
-
# },
|
2759
|
-
# },
|
2760
|
-
# public_access_block: {
|
2761
|
-
# ignore_public_acls: false, # required
|
2762
|
-
# restrict_public_buckets: false, # required
|
2763
|
-
# },
|
2764
|
-
# },
|
2765
|
-
# },
|
2750
|
+
# bucket_policy: "S3BucketPolicy",
|
2766
2751
|
# bucket_acl_grants: [
|
2767
2752
|
# {
|
2753
|
+
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
2768
2754
|
# grantee: { # required
|
2769
2755
|
# id: "AclCanonicalId",
|
2770
2756
|
# uri: "AclUri",
|
2771
2757
|
# },
|
2772
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
2773
2758
|
# },
|
2774
2759
|
# ],
|
2775
|
-
# bucket_policy: "S3BucketPolicy",
|
2776
2760
|
# bucket_public_access_block: {
|
2777
2761
|
# ignore_public_acls: false, # required
|
2778
2762
|
# restrict_public_buckets: false, # required
|
2779
2763
|
# },
|
2764
|
+
# access_points: {
|
2765
|
+
# "AccessPointArn" => {
|
2766
|
+
# access_point_policy: "AccessPointPolicy",
|
2767
|
+
# public_access_block: {
|
2768
|
+
# ignore_public_acls: false, # required
|
2769
|
+
# restrict_public_buckets: false, # required
|
2770
|
+
# },
|
2771
|
+
# network_origin: {
|
2772
|
+
# vpc_configuration: {
|
2773
|
+
# vpc_id: "VpcId", # required
|
2774
|
+
# },
|
2775
|
+
# internet_configuration: {
|
2776
|
+
# },
|
2777
|
+
# },
|
2778
|
+
# },
|
2779
|
+
# },
|
2780
2780
|
# }
|
2781
2781
|
#
|
2782
|
-
# @!attribute [rw]
|
2783
|
-
# The
|
2784
|
-
#
|
2785
|
-
# per bucket.
|
2786
|
-
# @return [Hash<String,Types::S3AccessPointConfiguration>]
|
2782
|
+
# @!attribute [rw] bucket_policy
|
2783
|
+
# The proposed bucket policy for the Amazon S3 bucket.
|
2784
|
+
# @return [String]
|
2787
2785
|
#
|
2788
2786
|
# @!attribute [rw] bucket_acl_grants
|
2789
2787
|
# The proposed list of ACL grants for the Amazon S3 bucket. You can
|
@@ -2794,22 +2792,24 @@ module Aws::AccessAnalyzer
|
|
2794
2792
|
# the bucket.
|
2795
2793
|
# @return [Array<Types::S3BucketAclGrantConfiguration>]
|
2796
2794
|
#
|
2797
|
-
# @!attribute [rw] bucket_policy
|
2798
|
-
# The proposed bucket policy for the Amazon S3 bucket.
|
2799
|
-
# @return [String]
|
2800
|
-
#
|
2801
2795
|
# @!attribute [rw] bucket_public_access_block
|
2802
2796
|
# The proposed block public access configuration for the Amazon S3
|
2803
2797
|
# bucket.
|
2804
2798
|
# @return [Types::S3PublicAccessBlockConfiguration]
|
2805
2799
|
#
|
2800
|
+
# @!attribute [rw] access_points
|
2801
|
+
# The configuration of Amazon S3 access points or multi-region access
|
2802
|
+
# points for the bucket. You can propose up to 10 new access points
|
2803
|
+
# per bucket.
|
2804
|
+
# @return [Hash<String,Types::S3AccessPointConfiguration>]
|
2805
|
+
#
|
2806
2806
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3BucketConfiguration AWS API Documentation
|
2807
2807
|
#
|
2808
2808
|
class S3BucketConfiguration < Struct.new(
|
2809
|
-
:access_points,
|
2810
|
-
:bucket_acl_grants,
|
2811
2809
|
:bucket_policy,
|
2812
|
-
:
|
2810
|
+
:bucket_acl_grants,
|
2811
|
+
:bucket_public_access_block,
|
2812
|
+
:access_points)
|
2813
2813
|
SENSITIVE = []
|
2814
2814
|
include Aws::Structure
|
2815
2815
|
end
|
@@ -2957,19 +2957,19 @@ module Aws::AccessAnalyzer
|
|
2957
2957
|
# A span in a policy. The span consists of a start position (inclusive)
|
2958
2958
|
# and end position (exclusive).
|
2959
2959
|
#
|
2960
|
-
# @!attribute [rw] end
|
2961
|
-
# The end position of the span (exclusive).
|
2962
|
-
# @return [Types::Position]
|
2963
|
-
#
|
2964
2960
|
# @!attribute [rw] start
|
2965
2961
|
# The start position of the span (inclusive).
|
2966
2962
|
# @return [Types::Position]
|
2967
2963
|
#
|
2964
|
+
# @!attribute [rw] end
|
2965
|
+
# The end position of the span (exclusive).
|
2966
|
+
# @return [Types::Position]
|
2967
|
+
#
|
2968
2968
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Span AWS API Documentation
|
2969
2969
|
#
|
2970
2970
|
class Span < Struct.new(
|
2971
|
-
:
|
2972
|
-
:
|
2971
|
+
:start,
|
2972
|
+
:end)
|
2973
2973
|
SENSITIVE = []
|
2974
2974
|
include Aws::Structure
|
2975
2975
|
end
|
@@ -3013,24 +3013,34 @@ module Aws::AccessAnalyzer
|
|
3013
3013
|
# data as a hash:
|
3014
3014
|
#
|
3015
3015
|
# {
|
3016
|
-
#
|
3016
|
+
# policy_generation_details: { # required
|
3017
|
+
# principal_arn: "PrincipalArn", # required
|
3018
|
+
# },
|
3017
3019
|
# cloud_trail_details: {
|
3018
|
-
# access_role: "RoleArn", # required
|
3019
|
-
# end_time: Time.now,
|
3020
|
-
# start_time: Time.now, # required
|
3021
3020
|
# trails: [ # required
|
3022
3021
|
# {
|
3023
|
-
# all_regions: false,
|
3024
3022
|
# cloud_trail_arn: "CloudTrailArn", # required
|
3025
3023
|
# regions: ["String"],
|
3024
|
+
# all_regions: false,
|
3026
3025
|
# },
|
3027
3026
|
# ],
|
3027
|
+
# access_role: "RoleArn", # required
|
3028
|
+
# start_time: Time.now, # required
|
3029
|
+
# end_time: Time.now,
|
3028
3030
|
# },
|
3029
|
-
#
|
3030
|
-
# principal_arn: "PrincipalArn", # required
|
3031
|
-
# },
|
3031
|
+
# client_token: "String",
|
3032
3032
|
# }
|
3033
3033
|
#
|
3034
|
+
# @!attribute [rw] policy_generation_details
|
3035
|
+
# Contains the ARN of the IAM entity (user or role) for which you are
|
3036
|
+
# generating a policy.
|
3037
|
+
# @return [Types::PolicyGenerationDetails]
|
3038
|
+
#
|
3039
|
+
# @!attribute [rw] cloud_trail_details
|
3040
|
+
# A `CloudTrailDetails` object that contains details about a `Trail`
|
3041
|
+
# that you want to analyze to generate policies.
|
3042
|
+
# @return [Types::CloudTrailDetails]
|
3043
|
+
#
|
3034
3044
|
# @!attribute [rw] client_token
|
3035
3045
|
# A unique, case-sensitive identifier that you provide to ensure the
|
3036
3046
|
# idempotency of the request. Idempotency ensures that an API request
|
@@ -3046,22 +3056,12 @@ module Aws::AccessAnalyzer
|
|
3046
3056
|
# not need to pass this option.
|
3047
3057
|
# @return [String]
|
3048
3058
|
#
|
3049
|
-
# @!attribute [rw] cloud_trail_details
|
3050
|
-
# A `CloudTrailDetails` object that contains details about a `Trail`
|
3051
|
-
# that you want to analyze to generate policies.
|
3052
|
-
# @return [Types::CloudTrailDetails]
|
3053
|
-
#
|
3054
|
-
# @!attribute [rw] policy_generation_details
|
3055
|
-
# Contains the ARN of the IAM entity (user or role) for which you are
|
3056
|
-
# generating a policy.
|
3057
|
-
# @return [Types::PolicyGenerationDetails]
|
3058
|
-
#
|
3059
3059
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartPolicyGenerationRequest AWS API Documentation
|
3060
3060
|
#
|
3061
3061
|
class StartPolicyGenerationRequest < Struct.new(
|
3062
|
-
:
|
3062
|
+
:policy_generation_details,
|
3063
3063
|
:cloud_trail_details,
|
3064
|
-
:
|
3064
|
+
:client_token)
|
3065
3065
|
SENSITIVE = []
|
3066
3066
|
include Aws::Structure
|
3067
3067
|
end
|
@@ -3133,19 +3133,19 @@ module Aws::AccessAnalyzer
|
|
3133
3133
|
|
3134
3134
|
# A reference to a substring of a literal string in a JSON document.
|
3135
3135
|
#
|
3136
|
-
# @!attribute [rw] length
|
3137
|
-
# The length of the substring.
|
3138
|
-
# @return [Integer]
|
3139
|
-
#
|
3140
3136
|
# @!attribute [rw] start
|
3141
3137
|
# The start index of the substring, starting from 0.
|
3142
3138
|
# @return [Integer]
|
3143
3139
|
#
|
3140
|
+
# @!attribute [rw] length
|
3141
|
+
# The length of the substring.
|
3142
|
+
# @return [Integer]
|
3143
|
+
#
|
3144
3144
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Substring AWS API Documentation
|
3145
3145
|
#
|
3146
3146
|
class Substring < Struct.new(
|
3147
|
-
:
|
3148
|
-
:
|
3147
|
+
:start,
|
3148
|
+
:length)
|
3149
3149
|
SENSITIVE = []
|
3150
3150
|
include Aws::Structure
|
3151
3151
|
end
|
@@ -3210,17 +3210,11 @@ module Aws::AccessAnalyzer
|
|
3210
3210
|
# data as a hash:
|
3211
3211
|
#
|
3212
3212
|
# {
|
3213
|
-
# all_regions: false,
|
3214
3213
|
# cloud_trail_arn: "CloudTrailArn", # required
|
3215
3214
|
# regions: ["String"],
|
3215
|
+
# all_regions: false,
|
3216
3216
|
# }
|
3217
3217
|
#
|
3218
|
-
# @!attribute [rw] all_regions
|
3219
|
-
# Possible values are `true` or `false`. If set to `true`, IAM Access
|
3220
|
-
# Analyzer retrieves CloudTrail data from all regions to analyze and
|
3221
|
-
# generate a policy.
|
3222
|
-
# @return [Boolean]
|
3223
|
-
#
|
3224
3218
|
# @!attribute [rw] cloud_trail_arn
|
3225
3219
|
# Specifies the ARN of the trail. The format of a trail ARN is
|
3226
3220
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
|
@@ -3231,12 +3225,18 @@ module Aws::AccessAnalyzer
|
|
3231
3225
|
# generate a policy.
|
3232
3226
|
# @return [Array<String>]
|
3233
3227
|
#
|
3228
|
+
# @!attribute [rw] all_regions
|
3229
|
+
# Possible values are `true` or `false`. If set to `true`, IAM Access
|
3230
|
+
# Analyzer retrieves CloudTrail data from all regions to analyze and
|
3231
|
+
# generate a policy.
|
3232
|
+
# @return [Boolean]
|
3233
|
+
#
|
3234
3234
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Trail AWS API Documentation
|
3235
3235
|
#
|
3236
3236
|
class Trail < Struct.new(
|
3237
|
-
:all_regions,
|
3238
3237
|
:cloud_trail_arn,
|
3239
|
-
:regions
|
3238
|
+
:regions,
|
3239
|
+
:all_regions)
|
3240
3240
|
SENSITIVE = []
|
3241
3241
|
include Aws::Structure
|
3242
3242
|
end
|
@@ -3244,12 +3244,6 @@ module Aws::AccessAnalyzer
|
|
3244
3244
|
# Contains details about the CloudTrail trail being analyzed to generate
|
3245
3245
|
# a policy.
|
3246
3246
|
#
|
3247
|
-
# @!attribute [rw] all_regions
|
3248
|
-
# Possible values are `true` or `false`. If set to `true`, IAM Access
|
3249
|
-
# Analyzer retrieves CloudTrail data from all regions to analyze and
|
3250
|
-
# generate a policy.
|
3251
|
-
# @return [Boolean]
|
3252
|
-
#
|
3253
3247
|
# @!attribute [rw] cloud_trail_arn
|
3254
3248
|
# Specifies the ARN of the trail. The format of a trail ARN is
|
3255
3249
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
|
@@ -3260,12 +3254,18 @@ module Aws::AccessAnalyzer
|
|
3260
3254
|
# generate a policy.
|
3261
3255
|
# @return [Array<String>]
|
3262
3256
|
#
|
3257
|
+
# @!attribute [rw] all_regions
|
3258
|
+
# Possible values are `true` or `false`. If set to `true`, IAM Access
|
3259
|
+
# Analyzer retrieves CloudTrail data from all regions to analyze and
|
3260
|
+
# generate a policy.
|
3261
|
+
# @return [Boolean]
|
3262
|
+
#
|
3263
3263
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/TrailProperties AWS API Documentation
|
3264
3264
|
#
|
3265
3265
|
class TrailProperties < Struct.new(
|
3266
|
-
:all_regions,
|
3267
3266
|
:cloud_trail_arn,
|
3268
|
-
:regions
|
3267
|
+
:regions,
|
3268
|
+
:all_regions)
|
3269
3269
|
SENSITIVE = []
|
3270
3270
|
include Aws::Structure
|
3271
3271
|
end
|
@@ -3310,27 +3310,24 @@ module Aws::AccessAnalyzer
|
|
3310
3310
|
#
|
3311
3311
|
# {
|
3312
3312
|
# analyzer_name: "Name", # required
|
3313
|
-
#
|
3313
|
+
# rule_name: "Name", # required
|
3314
3314
|
# filter: { # required
|
3315
3315
|
# "String" => {
|
3316
|
-
# contains: ["String"],
|
3317
3316
|
# eq: ["String"],
|
3318
|
-
# exists: false,
|
3319
3317
|
# neq: ["String"],
|
3318
|
+
# contains: ["String"],
|
3319
|
+
# exists: false,
|
3320
3320
|
# },
|
3321
3321
|
# },
|
3322
|
-
#
|
3322
|
+
# client_token: "String",
|
3323
3323
|
# }
|
3324
3324
|
#
|
3325
3325
|
# @!attribute [rw] analyzer_name
|
3326
3326
|
# The name of the analyzer to update the archive rules for.
|
3327
3327
|
# @return [String]
|
3328
3328
|
#
|
3329
|
-
# @!attribute [rw]
|
3330
|
-
#
|
3331
|
-
#
|
3332
|
-
# **A suitable default value is auto-generated.** You should normally
|
3333
|
-
# not need to pass this option.
|
3329
|
+
# @!attribute [rw] rule_name
|
3330
|
+
# The name of the rule to update.
|
3334
3331
|
# @return [String]
|
3335
3332
|
#
|
3336
3333
|
# @!attribute [rw] filter
|
@@ -3338,17 +3335,20 @@ module Aws::AccessAnalyzer
|
|
3338
3335
|
# filter are updated.
|
3339
3336
|
# @return [Hash<String,Types::Criterion>]
|
3340
3337
|
#
|
3341
|
-
# @!attribute [rw]
|
3342
|
-
#
|
3338
|
+
# @!attribute [rw] client_token
|
3339
|
+
# A client token.
|
3340
|
+
#
|
3341
|
+
# **A suitable default value is auto-generated.** You should normally
|
3342
|
+
# not need to pass this option.
|
3343
3343
|
# @return [String]
|
3344
3344
|
#
|
3345
3345
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateArchiveRuleRequest AWS API Documentation
|
3346
3346
|
#
|
3347
3347
|
class UpdateArchiveRuleRequest < Struct.new(
|
3348
3348
|
:analyzer_name,
|
3349
|
-
:
|
3349
|
+
:rule_name,
|
3350
3350
|
:filter,
|
3351
|
-
:
|
3351
|
+
:client_token)
|
3352
3352
|
SENSITIVE = []
|
3353
3353
|
include Aws::Structure
|
3354
3354
|
end
|
@@ -3360,10 +3360,10 @@ module Aws::AccessAnalyzer
|
|
3360
3360
|
#
|
3361
3361
|
# {
|
3362
3362
|
# analyzer_arn: "AnalyzerArn", # required
|
3363
|
-
#
|
3363
|
+
# status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
|
3364
3364
|
# ids: ["FindingId"],
|
3365
3365
|
# resource_arn: "ResourceArn",
|
3366
|
-
#
|
3366
|
+
# client_token: "String",
|
3367
3367
|
# }
|
3368
3368
|
#
|
3369
3369
|
# @!attribute [rw] analyzer_arn
|
@@ -3374,11 +3374,11 @@ module Aws::AccessAnalyzer
|
|
3374
3374
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
3375
3375
|
# @return [String]
|
3376
3376
|
#
|
3377
|
-
# @!attribute [rw]
|
3378
|
-
#
|
3379
|
-
#
|
3380
|
-
#
|
3381
|
-
#
|
3377
|
+
# @!attribute [rw] status
|
3378
|
+
# The state represents the action to take to update the finding
|
3379
|
+
# Status. Use `ARCHIVE` to change an Active finding to an Archived
|
3380
|
+
# finding. Use `ACTIVE` to change an Archived finding to an Active
|
3381
|
+
# finding.
|
3382
3382
|
# @return [String]
|
3383
3383
|
#
|
3384
3384
|
# @!attribute [rw] ids
|
@@ -3389,21 +3389,21 @@ module Aws::AccessAnalyzer
|
|
3389
3389
|
# The ARN of the resource identified in the finding.
|
3390
3390
|
# @return [String]
|
3391
3391
|
#
|
3392
|
-
# @!attribute [rw]
|
3393
|
-
#
|
3394
|
-
#
|
3395
|
-
#
|
3396
|
-
#
|
3392
|
+
# @!attribute [rw] client_token
|
3393
|
+
# A client token.
|
3394
|
+
#
|
3395
|
+
# **A suitable default value is auto-generated.** You should normally
|
3396
|
+
# not need to pass this option.
|
3397
3397
|
# @return [String]
|
3398
3398
|
#
|
3399
3399
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateFindingsRequest AWS API Documentation
|
3400
3400
|
#
|
3401
3401
|
class UpdateFindingsRequest < Struct.new(
|
3402
3402
|
:analyzer_arn,
|
3403
|
-
:
|
3403
|
+
:status,
|
3404
3404
|
:ids,
|
3405
3405
|
:resource_arn,
|
3406
|
-
:
|
3406
|
+
:client_token)
|
3407
3407
|
SENSITIVE = []
|
3408
3408
|
include Aws::Structure
|
3409
3409
|
end
|
@@ -3467,7 +3467,7 @@ module Aws::AccessAnalyzer
|
|
3467
3467
|
# next_token: "Token",
|
3468
3468
|
# policy_document: "PolicyDocument", # required
|
3469
3469
|
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
|
3470
|
-
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
|
3470
|
+
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
|
3471
3471
|
# }
|
3472
3472
|
#
|
3473
3473
|
# @!attribute [rw] locale
|
@@ -3548,10 +3548,6 @@ module Aws::AccessAnalyzer
|
|
3548
3548
|
|
3549
3549
|
# Validation exception error.
|
3550
3550
|
#
|
3551
|
-
# @!attribute [rw] field_list
|
3552
|
-
# A list of fields that didn't validate.
|
3553
|
-
# @return [Array<Types::ValidationExceptionField>]
|
3554
|
-
#
|
3555
3551
|
# @!attribute [rw] message
|
3556
3552
|
# @return [String]
|
3557
3553
|
#
|
@@ -3559,31 +3555,35 @@ module Aws::AccessAnalyzer
|
|
3559
3555
|
# The reason for the exception.
|
3560
3556
|
# @return [String]
|
3561
3557
|
#
|
3558
|
+
# @!attribute [rw] field_list
|
3559
|
+
# A list of fields that didn't validate.
|
3560
|
+
# @return [Array<Types::ValidationExceptionField>]
|
3561
|
+
#
|
3562
3562
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidationException AWS API Documentation
|
3563
3563
|
#
|
3564
3564
|
class ValidationException < Struct.new(
|
3565
|
-
:field_list,
|
3566
3565
|
:message,
|
3567
|
-
:reason
|
3566
|
+
:reason,
|
3567
|
+
:field_list)
|
3568
3568
|
SENSITIVE = []
|
3569
3569
|
include Aws::Structure
|
3570
3570
|
end
|
3571
3571
|
|
3572
3572
|
# Contains information about a validation exception.
|
3573
3573
|
#
|
3574
|
-
# @!attribute [rw] message
|
3575
|
-
# A message about the validation exception.
|
3576
|
-
# @return [String]
|
3577
|
-
#
|
3578
3574
|
# @!attribute [rw] name
|
3579
3575
|
# The name of the validation exception.
|
3580
3576
|
# @return [String]
|
3581
3577
|
#
|
3578
|
+
# @!attribute [rw] message
|
3579
|
+
# A message about the validation exception.
|
3580
|
+
# @return [String]
|
3581
|
+
#
|
3582
3582
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidationExceptionField AWS API Documentation
|
3583
3583
|
#
|
3584
3584
|
class ValidationExceptionField < Struct.new(
|
3585
|
-
:
|
3586
|
-
:
|
3585
|
+
:name,
|
3586
|
+
:message)
|
3587
3587
|
SENSITIVE = []
|
3588
3588
|
include Aws::Structure
|
3589
3589
|
end
|