aws-sdk-accessanalyzer 1.29.0 → 1.30.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -25,6 +25,10 @@ module Aws::AccessAnalyzer
25
25
 
26
26
  # Contains information about an access preview.
27
27
  #
28
+ # @!attribute [rw] id
29
+ # The unique ID for the access preview.
30
+ # @return [String]
31
+ #
28
32
  # @!attribute [rw] analyzer_arn
29
33
  # The ARN of the analyzer used to generate the access preview.
30
34
  # @return [String]
@@ -37,10 +41,6 @@ module Aws::AccessAnalyzer
37
41
  # The time at which the access preview was created.
38
42
  # @return [Time]
39
43
  #
40
- # @!attribute [rw] id
41
- # The unique ID for the access preview.
42
- # @return [String]
43
- #
44
44
  # @!attribute [rw] status
45
45
  # The status of the access preview.
46
46
  #
@@ -64,10 +64,10 @@ module Aws::AccessAnalyzer
64
64
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreview AWS API Documentation
65
65
  #
66
66
  class AccessPreview < Struct.new(
67
+ :id,
67
68
  :analyzer_arn,
68
69
  :configurations,
69
70
  :created_at,
70
- :id,
71
71
  :status,
72
72
  :status_reason)
73
73
  SENSITIVE = []
@@ -76,11 +76,55 @@ module Aws::AccessAnalyzer
76
76
 
77
77
  # An access preview finding generated by the access preview.
78
78
  #
79
+ # @!attribute [rw] id
80
+ # The ID of the access preview finding. This ID uniquely identifies
81
+ # the element in the list of access preview findings and is not
82
+ # related to the finding ID in Access Analyzer.
83
+ # @return [String]
84
+ #
85
+ # @!attribute [rw] existing_finding_id
86
+ # The existing ID of the finding in IAM Access Analyzer, provided only
87
+ # for existing findings.
88
+ # @return [String]
89
+ #
90
+ # @!attribute [rw] existing_finding_status
91
+ # The existing status of the finding, provided only for existing
92
+ # findings.
93
+ # @return [String]
94
+ #
95
+ # @!attribute [rw] principal
96
+ # The external principal that has access to a resource within the zone
97
+ # of trust.
98
+ # @return [Hash<String,String>]
99
+ #
79
100
  # @!attribute [rw] action
80
101
  # The action in the analyzed policy statement that an external
81
102
  # principal has permission to perform.
82
103
  # @return [Array<String>]
83
104
  #
105
+ # @!attribute [rw] condition
106
+ # The condition in the analyzed policy statement that resulted in a
107
+ # finding.
108
+ # @return [Hash<String,String>]
109
+ #
110
+ # @!attribute [rw] resource
111
+ # The resource that an external principal has access to. This is the
112
+ # resource associated with the access preview.
113
+ # @return [String]
114
+ #
115
+ # @!attribute [rw] is_public
116
+ # Indicates whether the policy that generated the finding allows
117
+ # public access to the resource.
118
+ # @return [Boolean]
119
+ #
120
+ # @!attribute [rw] resource_type
121
+ # The type of the resource that can be accessed in the finding.
122
+ # @return [String]
123
+ #
124
+ # @!attribute [rw] created_at
125
+ # The time at which the access preview finding was created.
126
+ # @return [Time]
127
+ #
84
128
  # @!attribute [rw] change_type
85
129
  # Provides context on how the access preview finding compares to
86
130
  # existing access identified in IAM Access Analyzer.
@@ -99,48 +143,12 @@ module Aws::AccessAnalyzer
99
143
  # change.
100
144
  # @return [String]
101
145
  #
102
- # @!attribute [rw] condition
103
- # The condition in the analyzed policy statement that resulted in a
104
- # finding.
105
- # @return [Hash<String,String>]
106
- #
107
- # @!attribute [rw] created_at
108
- # The time at which the access preview finding was created.
109
- # @return [Time]
110
- #
111
- # @!attribute [rw] error
112
- # An error.
113
- # @return [String]
114
- #
115
- # @!attribute [rw] existing_finding_id
116
- # The existing ID of the finding in IAM Access Analyzer, provided only
117
- # for existing findings.
118
- # @return [String]
119
- #
120
- # @!attribute [rw] existing_finding_status
121
- # The existing status of the finding, provided only for existing
122
- # findings.
123
- # @return [String]
124
- #
125
- # @!attribute [rw] id
126
- # The ID of the access preview finding. This ID uniquely identifies
127
- # the element in the list of access preview findings and is not
128
- # related to the finding ID in Access Analyzer.
129
- # @return [String]
130
- #
131
- # @!attribute [rw] is_public
132
- # Indicates whether the policy that generated the finding allows
133
- # public access to the resource.
134
- # @return [Boolean]
135
- #
136
- # @!attribute [rw] principal
137
- # The external principal that has access to a resource within the zone
138
- # of trust.
139
- # @return [Hash<String,String>]
140
- #
141
- # @!attribute [rw] resource
142
- # The resource that an external principal has access to. This is the
143
- # resource associated with the access preview.
146
+ # @!attribute [rw] status
147
+ # The preview status of the finding. This is what the status of the
148
+ # finding would be after permissions deployment. For example, a
149
+ # `Changed` finding with preview status `Resolved` and existing status
150
+ # `Active` indicates the existing `Active` finding would become
151
+ # `Resolved` as a result of the proposed permissions change.
144
152
  # @return [String]
145
153
  #
146
154
  # @!attribute [rw] resource_owner_account
@@ -149,8 +157,8 @@ module Aws::AccessAnalyzer
149
157
  # which the resource was created.
150
158
  # @return [String]
151
159
  #
152
- # @!attribute [rw] resource_type
153
- # The type of the resource that can be accessed in the finding.
160
+ # @!attribute [rw] error
161
+ # An error.
154
162
  # @return [String]
155
163
  #
156
164
  # @!attribute [rw] sources
@@ -159,32 +167,24 @@ module Aws::AccessAnalyzer
159
167
  # bucket findings.
160
168
  # @return [Array<Types::FindingSource>]
161
169
  #
162
- # @!attribute [rw] status
163
- # The preview status of the finding. This is what the status of the
164
- # finding would be after permissions deployment. For example, a
165
- # `Changed` finding with preview status `Resolved` and existing status
166
- # `Active` indicates the existing `Active` finding would become
167
- # `Resolved` as a result of the proposed permissions change.
168
- # @return [String]
169
- #
170
170
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreviewFinding AWS API Documentation
171
171
  #
172
172
  class AccessPreviewFinding < Struct.new(
173
- :action,
174
- :change_type,
175
- :condition,
176
- :created_at,
177
- :error,
173
+ :id,
178
174
  :existing_finding_id,
179
175
  :existing_finding_status,
180
- :id,
181
- :is_public,
182
176
  :principal,
177
+ :action,
178
+ :condition,
183
179
  :resource,
184
- :resource_owner_account,
180
+ :is_public,
185
181
  :resource_type,
186
- :sources,
187
- :status)
182
+ :created_at,
183
+ :change_type,
184
+ :status,
185
+ :resource_owner_account,
186
+ :error,
187
+ :sources)
188
188
  SENSITIVE = []
189
189
  include Aws::Structure
190
190
  end
@@ -208,6 +208,10 @@ module Aws::AccessAnalyzer
208
208
 
209
209
  # Contains a summary of information about an access preview.
210
210
  #
211
+ # @!attribute [rw] id
212
+ # The unique ID for the access preview.
213
+ # @return [String]
214
+ #
211
215
  # @!attribute [rw] analyzer_arn
212
216
  # The ARN of the analyzer used to generate the access preview.
213
217
  # @return [String]
@@ -216,10 +220,6 @@ module Aws::AccessAnalyzer
216
220
  # The time at which the access preview was created.
217
221
  # @return [Time]
218
222
  #
219
- # @!attribute [rw] id
220
- # The unique ID for the access preview.
221
- # @return [String]
222
- #
223
223
  # @!attribute [rw] status
224
224
  # The status of the access preview.
225
225
  #
@@ -242,9 +242,9 @@ module Aws::AccessAnalyzer
242
242
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreviewSummary AWS API Documentation
243
243
  #
244
244
  class AccessPreviewSummary < Struct.new(
245
+ :id,
245
246
  :analyzer_arn,
246
247
  :created_at,
247
- :id,
248
248
  :status,
249
249
  :status_reason)
250
250
  SENSITIVE = []
@@ -289,39 +289,35 @@ module Aws::AccessAnalyzer
289
289
 
290
290
  # Contains details about the analyzed resource.
291
291
  #
292
- # @!attribute [rw] actions
293
- # The actions that an external principal is granted permission to use
294
- # by the policy that generated the finding.
295
- # @return [Array<String>]
292
+ # @!attribute [rw] resource_arn
293
+ # The ARN of the resource that was analyzed.
294
+ # @return [String]
296
295
  #
297
- # @!attribute [rw] analyzed_at
298
- # The time at which the resource was analyzed.
299
- # @return [Time]
296
+ # @!attribute [rw] resource_type
297
+ # The type of the resource that was analyzed.
298
+ # @return [String]
300
299
  #
301
300
  # @!attribute [rw] created_at
302
301
  # The time at which the finding was created.
303
302
  # @return [Time]
304
303
  #
305
- # @!attribute [rw] error
306
- # An error message.
307
- # @return [String]
304
+ # @!attribute [rw] analyzed_at
305
+ # The time at which the resource was analyzed.
306
+ # @return [Time]
307
+ #
308
+ # @!attribute [rw] updated_at
309
+ # The time at which the finding was updated.
310
+ # @return [Time]
308
311
  #
309
312
  # @!attribute [rw] is_public
310
313
  # Indicates whether the policy that generated the finding grants
311
314
  # public access to the resource.
312
315
  # @return [Boolean]
313
316
  #
314
- # @!attribute [rw] resource_arn
315
- # The ARN of the resource that was analyzed.
316
- # @return [String]
317
- #
318
- # @!attribute [rw] resource_owner_account
319
- # The Amazon Web Services account ID that owns the resource.
320
- # @return [String]
321
- #
322
- # @!attribute [rw] resource_type
323
- # The type of the resource that was analyzed.
324
- # @return [String]
317
+ # @!attribute [rw] actions
318
+ # The actions that an external principal is granted permission to use
319
+ # by the policy that generated the finding.
320
+ # @return [Array<String>]
325
321
  #
326
322
  # @!attribute [rw] shared_via
327
323
  # Indicates how the access that generated the finding is granted. This
@@ -333,24 +329,28 @@ module Aws::AccessAnalyzer
333
329
  # resource.
334
330
  # @return [String]
335
331
  #
336
- # @!attribute [rw] updated_at
337
- # The time at which the finding was updated.
338
- # @return [Time]
332
+ # @!attribute [rw] resource_owner_account
333
+ # The Amazon Web Services account ID that owns the resource.
334
+ # @return [String]
335
+ #
336
+ # @!attribute [rw] error
337
+ # An error message.
338
+ # @return [String]
339
339
  #
340
340
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalyzedResource AWS API Documentation
341
341
  #
342
342
  class AnalyzedResource < Struct.new(
343
- :actions,
344
- :analyzed_at,
345
- :created_at,
346
- :error,
347
- :is_public,
348
343
  :resource_arn,
349
- :resource_owner_account,
350
344
  :resource_type,
345
+ :created_at,
346
+ :analyzed_at,
347
+ :updated_at,
348
+ :is_public,
349
+ :actions,
351
350
  :shared_via,
352
351
  :status,
353
- :updated_at)
352
+ :resource_owner_account,
353
+ :error)
354
354
  SENSITIVE = []
355
355
  include Aws::Structure
356
356
  end
@@ -385,6 +385,15 @@ module Aws::AccessAnalyzer
385
385
  # The ARN of the analyzer.
386
386
  # @return [String]
387
387
  #
388
+ # @!attribute [rw] name
389
+ # The name of the analyzer.
390
+ # @return [String]
391
+ #
392
+ # @!attribute [rw] type
393
+ # The type of analyzer, which corresponds to the zone of trust chosen
394
+ # for the analyzer.
395
+ # @return [String]
396
+ #
388
397
  # @!attribute [rw] created_at
389
398
  # A timestamp for the time at which the analyzer was created.
390
399
  # @return [Time]
@@ -397,9 +406,9 @@ module Aws::AccessAnalyzer
397
406
  # The time at which the most recently analyzed resource was analyzed.
398
407
  # @return [Time]
399
408
  #
400
- # @!attribute [rw] name
401
- # The name of the analyzer.
402
- # @return [String]
409
+ # @!attribute [rw] tags
410
+ # The tags added to the analyzer.
411
+ # @return [Hash<String,String>]
403
412
  #
404
413
  # @!attribute [rw] status
405
414
  # The status of the analyzer. An `Active` analyzer successfully
@@ -420,27 +429,18 @@ module Aws::AccessAnalyzer
420
429
  # Web Services organization.
421
430
  # @return [Types::StatusReason]
422
431
  #
423
- # @!attribute [rw] tags
424
- # The tags added to the analyzer.
425
- # @return [Hash<String,String>]
426
- #
427
- # @!attribute [rw] type
428
- # The type of analyzer, which corresponds to the zone of trust chosen
429
- # for the analyzer.
430
- # @return [String]
431
- #
432
432
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalyzerSummary AWS API Documentation
433
433
  #
434
434
  class AnalyzerSummary < Struct.new(
435
435
  :arn,
436
+ :name,
437
+ :type,
436
438
  :created_at,
437
439
  :last_resource_analyzed,
438
440
  :last_resource_analyzed_at,
439
- :name,
440
- :status,
441
- :status_reason,
442
441
  :tags,
443
- :type)
442
+ :status,
443
+ :status_reason)
444
444
  SENSITIVE = []
445
445
  include Aws::Structure
446
446
  end
@@ -452,14 +452,18 @@ module Aws::AccessAnalyzer
452
452
  #
453
453
  # {
454
454
  # analyzer_arn: "AnalyzerArn", # required
455
- # client_token: "String",
456
455
  # rule_name: "Name", # required
456
+ # client_token: "String",
457
457
  # }
458
458
  #
459
459
  # @!attribute [rw] analyzer_arn
460
460
  # The Amazon resource name (ARN) of the analyzer.
461
461
  # @return [String]
462
462
  #
463
+ # @!attribute [rw] rule_name
464
+ # The name of the rule to apply.
465
+ # @return [String]
466
+ #
463
467
  # @!attribute [rw] client_token
464
468
  # A client token.
465
469
  #
@@ -467,33 +471,29 @@ module Aws::AccessAnalyzer
467
471
  # not need to pass this option.
468
472
  # @return [String]
469
473
  #
470
- # @!attribute [rw] rule_name
471
- # The name of the rule to apply.
472
- # @return [String]
473
- #
474
474
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ApplyArchiveRuleRequest AWS API Documentation
475
475
  #
476
476
  class ApplyArchiveRuleRequest < Struct.new(
477
477
  :analyzer_arn,
478
- :client_token,
479
- :rule_name)
478
+ :rule_name,
479
+ :client_token)
480
480
  SENSITIVE = []
481
481
  include Aws::Structure
482
482
  end
483
483
 
484
484
  # Contains information about an archive rule.
485
485
  #
486
- # @!attribute [rw] created_at
487
- # The time at which the archive rule was created.
488
- # @return [Time]
486
+ # @!attribute [rw] rule_name
487
+ # The name of the archive rule.
488
+ # @return [String]
489
489
  #
490
490
  # @!attribute [rw] filter
491
491
  # A filter used to define the archive rule.
492
492
  # @return [Hash<String,Types::Criterion>]
493
493
  #
494
- # @!attribute [rw] rule_name
495
- # The name of the archive rule.
496
- # @return [String]
494
+ # @!attribute [rw] created_at
495
+ # The time at which the archive rule was created.
496
+ # @return [Time]
497
497
  #
498
498
  # @!attribute [rw] updated_at
499
499
  # The time at which the archive rule was last updated.
@@ -502,9 +502,9 @@ module Aws::AccessAnalyzer
502
502
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ArchiveRuleSummary AWS API Documentation
503
503
  #
504
504
  class ArchiveRuleSummary < Struct.new(
505
- :created_at,
506
- :filter,
507
505
  :rule_name,
506
+ :filter,
507
+ :created_at,
508
508
  :updated_at)
509
509
  SENSITIVE = []
510
510
  include Aws::Structure
@@ -542,59 +542,57 @@ module Aws::AccessAnalyzer
542
542
  # data as a hash:
543
543
  #
544
544
  # {
545
- # access_role: "RoleArn", # required
546
- # end_time: Time.now,
547
- # start_time: Time.now, # required
548
545
  # trails: [ # required
549
546
  # {
550
- # all_regions: false,
551
547
  # cloud_trail_arn: "CloudTrailArn", # required
552
548
  # regions: ["String"],
549
+ # all_regions: false,
553
550
  # },
554
551
  # ],
552
+ # access_role: "RoleArn", # required
553
+ # start_time: Time.now, # required
554
+ # end_time: Time.now,
555
555
  # }
556
556
  #
557
+ # @!attribute [rw] trails
558
+ # A `Trail` object that contains settings for a trail.
559
+ # @return [Array<Types::Trail>]
560
+ #
557
561
  # @!attribute [rw] access_role
558
562
  # The ARN of the service role that IAM Access Analyzer uses to access
559
563
  # your CloudTrail trail and service last accessed information.
560
564
  # @return [String]
561
565
  #
562
- # @!attribute [rw] end_time
563
- # The end of the time range for which IAM Access Analyzer reviews your
564
- # CloudTrail events. Events with a timestamp after this time are not
565
- # considered to generate a policy. If this is not included in the
566
- # request, the default value is the current time.
567
- # @return [Time]
568
- #
569
566
  # @!attribute [rw] start_time
570
567
  # The start of the time range for which IAM Access Analyzer reviews
571
568
  # your CloudTrail events. Events with a timestamp before this time are
572
569
  # not considered to generate a policy.
573
570
  # @return [Time]
574
571
  #
575
- # @!attribute [rw] trails
576
- # A `Trail` object that contains settings for a trail.
577
- # @return [Array<Types::Trail>]
572
+ # @!attribute [rw] end_time
573
+ # The end of the time range for which IAM Access Analyzer reviews your
574
+ # CloudTrail events. Events with a timestamp after this time are not
575
+ # considered to generate a policy. If this is not included in the
576
+ # request, the default value is the current time.
577
+ # @return [Time]
578
578
  #
579
579
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CloudTrailDetails AWS API Documentation
580
580
  #
581
581
  class CloudTrailDetails < Struct.new(
582
+ :trails,
582
583
  :access_role,
583
- :end_time,
584
584
  :start_time,
585
- :trails)
585
+ :end_time)
586
586
  SENSITIVE = []
587
587
  include Aws::Structure
588
588
  end
589
589
 
590
590
  # Contains information about CloudTrail access.
591
591
  #
592
- # @!attribute [rw] end_time
593
- # The end of the time range for which IAM Access Analyzer reviews your
594
- # CloudTrail events. Events with a timestamp after this time are not
595
- # considered to generate a policy. If this is not included in the
596
- # request, the default value is the current time.
597
- # @return [Time]
592
+ # @!attribute [rw] trail_properties
593
+ # A `TrailProperties` object that contains settings for trail
594
+ # properties.
595
+ # @return [Array<Types::TrailProperties>]
598
596
  #
599
597
  # @!attribute [rw] start_time
600
598
  # The start of the time range for which IAM Access Analyzer reviews
@@ -602,17 +600,19 @@ module Aws::AccessAnalyzer
602
600
  # not considered to generate a policy.
603
601
  # @return [Time]
604
602
  #
605
- # @!attribute [rw] trail_properties
606
- # A `TrailProperties` object that contains settings for trail
607
- # properties.
608
- # @return [Array<Types::TrailProperties>]
603
+ # @!attribute [rw] end_time
604
+ # The end of the time range for which IAM Access Analyzer reviews your
605
+ # CloudTrail events. Events with a timestamp after this time are not
606
+ # considered to generate a policy. If this is not included in the
607
+ # request, the default value is the current time.
608
+ # @return [Time]
609
609
  #
610
610
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CloudTrailProperties AWS API Documentation
611
611
  #
612
612
  class CloudTrailProperties < Struct.new(
613
- :end_time,
613
+ :trail_properties,
614
614
  :start_time,
615
- :trail_properties)
615
+ :end_time)
616
616
  SENSITIVE = []
617
617
  include Aws::Structure
618
618
  end
@@ -633,14 +633,14 @@ module Aws::AccessAnalyzer
633
633
  # The access control configuration is for a KMS key.
634
634
  # @return [Types::KmsKeyConfiguration]
635
635
  #
636
- # @!attribute [rw] s3_bucket
637
- # The access control configuration is for an Amazon S3 Bucket.
638
- # @return [Types::S3BucketConfiguration]
639
- #
640
636
  # @!attribute [rw] secrets_manager_secret
641
637
  # The access control configuration is for a Secrets Manager secret.
642
638
  # @return [Types::SecretsManagerSecretConfiguration]
643
639
  #
640
+ # @!attribute [rw] s3_bucket
641
+ # The access control configuration is for an Amazon S3 Bucket.
642
+ # @return [Types::S3BucketConfiguration]
643
+ #
644
644
  # @!attribute [rw] sqs_queue
645
645
  # The access control configuration is for an Amazon SQS queue.
646
646
  # @return [Types::SqsQueueConfiguration]
@@ -650,8 +650,8 @@ module Aws::AccessAnalyzer
650
650
  class Configuration < Struct.new(
651
651
  :iam_role,
652
652
  :kms_key,
653
- :s3_bucket,
654
653
  :secrets_manager_secret,
654
+ :s3_bucket,
655
655
  :sqs_queue,
656
656
  :unknown)
657
657
  SENSITIVE = []
@@ -660,8 +660,8 @@ module Aws::AccessAnalyzer
660
660
 
661
661
  class IamRole < Configuration; end
662
662
  class KmsKey < Configuration; end
663
- class S3Bucket < Configuration; end
664
663
  class SecretsManagerSecret < Configuration; end
664
+ class S3Bucket < Configuration; end
665
665
  class SqsQueue < Configuration; end
666
666
  class Unknown < Configuration; end
667
667
  end
@@ -694,15 +694,20 @@ module Aws::AccessAnalyzer
694
694
  #
695
695
  # {
696
696
  # analyzer_arn: "AnalyzerArn", # required
697
- # client_token: "String",
698
697
  # configurations: { # required
699
698
  # "ConfigurationsMapKey" => {
700
699
  # iam_role: {
701
700
  # trust_policy: "IamTrustPolicy",
702
701
  # },
703
702
  # kms_key: {
703
+ # key_policies: {
704
+ # "PolicyName" => "KmsKeyPolicy",
705
+ # },
704
706
  # grants: [
705
707
  # {
708
+ # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
709
+ # grantee_principal: "GranteePrincipal", # required
710
+ # retiring_principal: "RetiringPrincipal",
706
711
  # constraints: {
707
712
  # encryption_context_equals: {
708
713
  # "KmsConstraintsKey" => "KmsConstraintsValue",
@@ -711,57 +716,52 @@ module Aws::AccessAnalyzer
711
716
  # "KmsConstraintsKey" => "KmsConstraintsValue",
712
717
  # },
713
718
  # },
714
- # grantee_principal: "GranteePrincipal", # required
715
719
  # issuing_account: "IssuingAccount", # required
716
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
717
- # retiring_principal: "RetiringPrincipal",
718
720
  # },
719
721
  # ],
720
- # key_policies: {
721
- # "PolicyName" => "KmsKeyPolicy",
722
- # },
722
+ # },
723
+ # secrets_manager_secret: {
724
+ # kms_key_id: "SecretsManagerSecretKmsId",
725
+ # secret_policy: "SecretsManagerSecretPolicy",
723
726
  # },
724
727
  # s3_bucket: {
725
- # access_points: {
726
- # "AccessPointArn" => {
727
- # access_point_policy: "AccessPointPolicy",
728
- # network_origin: {
729
- # internet_configuration: {
730
- # },
731
- # vpc_configuration: {
732
- # vpc_id: "VpcId", # required
733
- # },
734
- # },
735
- # public_access_block: {
736
- # ignore_public_acls: false, # required
737
- # restrict_public_buckets: false, # required
738
- # },
739
- # },
740
- # },
728
+ # bucket_policy: "S3BucketPolicy",
741
729
  # bucket_acl_grants: [
742
730
  # {
731
+ # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
743
732
  # grantee: { # required
744
733
  # id: "AclCanonicalId",
745
734
  # uri: "AclUri",
746
735
  # },
747
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
748
736
  # },
749
737
  # ],
750
- # bucket_policy: "S3BucketPolicy",
751
738
  # bucket_public_access_block: {
752
739
  # ignore_public_acls: false, # required
753
740
  # restrict_public_buckets: false, # required
754
741
  # },
755
- # },
756
- # secrets_manager_secret: {
757
- # kms_key_id: "SecretsManagerSecretKmsId",
758
- # secret_policy: "SecretsManagerSecretPolicy",
742
+ # access_points: {
743
+ # "AccessPointArn" => {
744
+ # access_point_policy: "AccessPointPolicy",
745
+ # public_access_block: {
746
+ # ignore_public_acls: false, # required
747
+ # restrict_public_buckets: false, # required
748
+ # },
749
+ # network_origin: {
750
+ # vpc_configuration: {
751
+ # vpc_id: "VpcId", # required
752
+ # },
753
+ # internet_configuration: {
754
+ # },
755
+ # },
756
+ # },
757
+ # },
759
758
  # },
760
759
  # sqs_queue: {
761
760
  # queue_policy: "SqsQueuePolicy",
762
761
  # },
763
762
  # },
764
763
  # },
764
+ # client_token: "String",
765
765
  # }
766
766
  #
767
767
  # @!attribute [rw] analyzer_arn
@@ -774,13 +774,6 @@ module Aws::AccessAnalyzer
774
774
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
775
775
  # @return [String]
776
776
  #
777
- # @!attribute [rw] client_token
778
- # A client token.
779
- #
780
- # **A suitable default value is auto-generated.** You should normally
781
- # not need to pass this option.
782
- # @return [String]
783
- #
784
777
  # @!attribute [rw] configurations
785
778
  # Access control configuration for your resource that is used to
786
779
  # generate the access preview. The access preview includes findings
@@ -789,12 +782,19 @@ module Aws::AccessAnalyzer
789
782
  # element.
790
783
  # @return [Hash<String,Types::Configuration>]
791
784
  #
785
+ # @!attribute [rw] client_token
786
+ # A client token.
787
+ #
788
+ # **A suitable default value is auto-generated.** You should normally
789
+ # not need to pass this option.
790
+ # @return [String]
791
+ #
792
792
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAccessPreviewRequest AWS API Documentation
793
793
  #
794
794
  class CreateAccessPreviewRequest < Struct.new(
795
795
  :analyzer_arn,
796
- :client_token,
797
- :configurations)
796
+ :configurations,
797
+ :client_token)
798
798
  SENSITIVE = []
799
799
  include Aws::Structure
800
800
  end
@@ -818,36 +818,47 @@ module Aws::AccessAnalyzer
818
818
  #
819
819
  # {
820
820
  # analyzer_name: "Name", # required
821
+ # type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
821
822
  # archive_rules: [
822
823
  # {
824
+ # rule_name: "Name", # required
823
825
  # filter: { # required
824
826
  # "String" => {
825
- # contains: ["String"],
826
827
  # eq: ["String"],
827
- # exists: false,
828
828
  # neq: ["String"],
829
+ # contains: ["String"],
830
+ # exists: false,
829
831
  # },
830
832
  # },
831
- # rule_name: "Name", # required
832
833
  # },
833
834
  # ],
834
- # client_token: "String",
835
835
  # tags: {
836
836
  # "String" => "String",
837
837
  # },
838
- # type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
838
+ # client_token: "String",
839
839
  # }
840
840
  #
841
841
  # @!attribute [rw] analyzer_name
842
842
  # The name of the analyzer to create.
843
843
  # @return [String]
844
844
  #
845
+ # @!attribute [rw] type
846
+ # The type of analyzer to create. Only ACCOUNT and ORGANIZATION
847
+ # analyzers are supported. You can create only one analyzer per
848
+ # account per Region. You can create up to 5 analyzers per
849
+ # organization per Region.
850
+ # @return [String]
851
+ #
845
852
  # @!attribute [rw] archive_rules
846
853
  # Specifies the archive rules to add for the analyzer. Archive rules
847
854
  # automatically archive findings that meet the criteria you define for
848
855
  # the rule.
849
856
  # @return [Array<Types::InlineArchiveRule>]
850
857
  #
858
+ # @!attribute [rw] tags
859
+ # The tags to apply to the analyzer.
860
+ # @return [Hash<String,String>]
861
+ #
851
862
  # @!attribute [rw] client_token
852
863
  # A client token.
853
864
  #
@@ -855,25 +866,14 @@ module Aws::AccessAnalyzer
855
866
  # not need to pass this option.
856
867
  # @return [String]
857
868
  #
858
- # @!attribute [rw] tags
859
- # The tags to apply to the analyzer.
860
- # @return [Hash<String,String>]
861
- #
862
- # @!attribute [rw] type
863
- # The type of analyzer to create. Only ACCOUNT and ORGANIZATION
864
- # analyzers are supported. You can create only one analyzer per
865
- # account per Region. You can create up to 5 analyzers per
866
- # organization per Region.
867
- # @return [String]
868
- #
869
869
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAnalyzerRequest AWS API Documentation
870
870
  #
871
871
  class CreateAnalyzerRequest < Struct.new(
872
872
  :analyzer_name,
873
+ :type,
873
874
  :archive_rules,
874
- :client_token,
875
875
  :tags,
876
- :type)
876
+ :client_token)
877
877
  SENSITIVE = []
878
878
  include Aws::Structure
879
879
  end
@@ -899,44 +899,44 @@ module Aws::AccessAnalyzer
899
899
  #
900
900
  # {
901
901
  # analyzer_name: "Name", # required
902
- # client_token: "String",
902
+ # rule_name: "Name", # required
903
903
  # filter: { # required
904
904
  # "String" => {
905
- # contains: ["String"],
906
905
  # eq: ["String"],
907
- # exists: false,
908
906
  # neq: ["String"],
907
+ # contains: ["String"],
908
+ # exists: false,
909
909
  # },
910
910
  # },
911
- # rule_name: "Name", # required
911
+ # client_token: "String",
912
912
  # }
913
913
  #
914
914
  # @!attribute [rw] analyzer_name
915
915
  # The name of the created analyzer.
916
916
  # @return [String]
917
917
  #
918
- # @!attribute [rw] client_token
919
- # A client token.
920
- #
921
- # **A suitable default value is auto-generated.** You should normally
922
- # not need to pass this option.
918
+ # @!attribute [rw] rule_name
919
+ # The name of the rule to create.
923
920
  # @return [String]
924
921
  #
925
922
  # @!attribute [rw] filter
926
923
  # The criteria for the rule.
927
924
  # @return [Hash<String,Types::Criterion>]
928
925
  #
929
- # @!attribute [rw] rule_name
930
- # The name of the rule to create.
926
+ # @!attribute [rw] client_token
927
+ # A client token.
928
+ #
929
+ # **A suitable default value is auto-generated.** You should normally
930
+ # not need to pass this option.
931
931
  # @return [String]
932
932
  #
933
933
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateArchiveRuleRequest AWS API Documentation
934
934
  #
935
935
  class CreateArchiveRuleRequest < Struct.new(
936
936
  :analyzer_name,
937
- :client_token,
937
+ :rule_name,
938
938
  :filter,
939
- :rule_name)
939
+ :client_token)
940
940
  SENSITIVE = []
941
941
  include Aws::Structure
942
942
  end
@@ -947,19 +947,24 @@ module Aws::AccessAnalyzer
947
947
  # data as a hash:
948
948
  #
949
949
  # {
950
- # contains: ["String"],
951
950
  # eq: ["String"],
952
- # exists: false,
953
951
  # neq: ["String"],
952
+ # contains: ["String"],
953
+ # exists: false,
954
954
  # }
955
955
  #
956
- # @!attribute [rw] contains
957
- # A "contains" operator to match for the filter used to create the
956
+ # @!attribute [rw] eq
957
+ # An "equals" operator to match for the filter used to create the
958
958
  # rule.
959
959
  # @return [Array<String>]
960
960
  #
961
- # @!attribute [rw] eq
962
- # An "equals" operator to match for the filter used to create the
961
+ # @!attribute [rw] neq
962
+ # A "not equals" operator to match for the filter used to create the
963
+ # rule.
964
+ # @return [Array<String>]
965
+ #
966
+ # @!attribute [rw] contains
967
+ # A "contains" operator to match for the filter used to create the
963
968
  # rule.
964
969
  # @return [Array<String>]
965
970
  #
@@ -968,18 +973,13 @@ module Aws::AccessAnalyzer
968
973
  # rule.
969
974
  # @return [Boolean]
970
975
  #
971
- # @!attribute [rw] neq
972
- # A "not equals" operator to match for the filter used to create the
973
- # rule.
974
- # @return [Array<String>]
975
- #
976
976
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Criterion AWS API Documentation
977
977
  #
978
978
  class Criterion < Struct.new(
979
- :contains,
980
979
  :eq,
981
- :exists,
982
- :neq)
980
+ :neq,
981
+ :contains,
982
+ :exists)
983
983
  SENSITIVE = []
984
984
  include Aws::Structure
985
985
  end
@@ -1021,8 +1021,8 @@ module Aws::AccessAnalyzer
1021
1021
  #
1022
1022
  # {
1023
1023
  # analyzer_name: "Name", # required
1024
- # client_token: "String",
1025
1024
  # rule_name: "Name", # required
1025
+ # client_token: "String",
1026
1026
  # }
1027
1027
  #
1028
1028
  # @!attribute [rw] analyzer_name
@@ -1030,6 +1030,10 @@ module Aws::AccessAnalyzer
1030
1030
  # delete.
1031
1031
  # @return [String]
1032
1032
  #
1033
+ # @!attribute [rw] rule_name
1034
+ # The name of the rule to delete.
1035
+ # @return [String]
1036
+ #
1033
1037
  # @!attribute [rw] client_token
1034
1038
  # A client token.
1035
1039
  #
@@ -1037,30 +1041,44 @@ module Aws::AccessAnalyzer
1037
1041
  # not need to pass this option.
1038
1042
  # @return [String]
1039
1043
  #
1040
- # @!attribute [rw] rule_name
1041
- # The name of the rule to delete.
1042
- # @return [String]
1043
- #
1044
1044
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/DeleteArchiveRuleRequest AWS API Documentation
1045
1045
  #
1046
1046
  class DeleteArchiveRuleRequest < Struct.new(
1047
1047
  :analyzer_name,
1048
- :client_token,
1049
- :rule_name)
1048
+ :rule_name,
1049
+ :client_token)
1050
1050
  SENSITIVE = []
1051
1051
  include Aws::Structure
1052
1052
  end
1053
1053
 
1054
1054
  # Contains information about a finding.
1055
1055
  #
1056
+ # @!attribute [rw] id
1057
+ # The ID of the finding.
1058
+ # @return [String]
1059
+ #
1060
+ # @!attribute [rw] principal
1061
+ # The external principal that access to a resource within the zone of
1062
+ # trust.
1063
+ # @return [Hash<String,String>]
1064
+ #
1056
1065
  # @!attribute [rw] action
1057
1066
  # The action in the analyzed policy statement that an external
1058
1067
  # principal has permission to use.
1059
1068
  # @return [Array<String>]
1060
1069
  #
1061
- # @!attribute [rw] analyzed_at
1062
- # The time at which the resource was analyzed.
1063
- # @return [Time]
1070
+ # @!attribute [rw] resource
1071
+ # The resource that an external principal has access to.
1072
+ # @return [String]
1073
+ #
1074
+ # @!attribute [rw] is_public
1075
+ # Indicates whether the policy that generated the finding allows
1076
+ # public access to the resource.
1077
+ # @return [Boolean]
1078
+ #
1079
+ # @!attribute [rw] resource_type
1080
+ # The type of the resource identified in the finding.
1081
+ # @return [String]
1064
1082
  #
1065
1083
  # @!attribute [rw] condition
1066
1084
  # The condition in the analyzed policy statement that resulted in a
@@ -1071,34 +1089,24 @@ module Aws::AccessAnalyzer
1071
1089
  # The time at which the finding was generated.
1072
1090
  # @return [Time]
1073
1091
  #
1074
- # @!attribute [rw] error
1075
- # An error.
1076
- # @return [String]
1077
- #
1078
- # @!attribute [rw] id
1079
- # The ID of the finding.
1080
- # @return [String]
1081
- #
1082
- # @!attribute [rw] is_public
1083
- # Indicates whether the policy that generated the finding allows
1084
- # public access to the resource.
1085
- # @return [Boolean]
1092
+ # @!attribute [rw] analyzed_at
1093
+ # The time at which the resource was analyzed.
1094
+ # @return [Time]
1086
1095
  #
1087
- # @!attribute [rw] principal
1088
- # The external principal that access to a resource within the zone of
1089
- # trust.
1090
- # @return [Hash<String,String>]
1096
+ # @!attribute [rw] updated_at
1097
+ # The time at which the finding was updated.
1098
+ # @return [Time]
1091
1099
  #
1092
- # @!attribute [rw] resource
1093
- # The resource that an external principal has access to.
1100
+ # @!attribute [rw] status
1101
+ # The current status of the finding.
1094
1102
  # @return [String]
1095
1103
  #
1096
1104
  # @!attribute [rw] resource_owner_account
1097
1105
  # The Amazon Web Services account ID that owns the resource.
1098
1106
  # @return [String]
1099
1107
  #
1100
- # @!attribute [rw] resource_type
1101
- # The type of the resource identified in the finding.
1108
+ # @!attribute [rw] error
1109
+ # An error.
1102
1110
  # @return [String]
1103
1111
  #
1104
1112
  # @!attribute [rw] sources
@@ -1107,31 +1115,23 @@ module Aws::AccessAnalyzer
1107
1115
  # bucket findings.
1108
1116
  # @return [Array<Types::FindingSource>]
1109
1117
  #
1110
- # @!attribute [rw] status
1111
- # The current status of the finding.
1112
- # @return [String]
1113
- #
1114
- # @!attribute [rw] updated_at
1115
- # The time at which the finding was updated.
1116
- # @return [Time]
1117
- #
1118
1118
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Finding AWS API Documentation
1119
1119
  #
1120
1120
  class Finding < Struct.new(
1121
- :action,
1122
- :analyzed_at,
1123
- :condition,
1124
- :created_at,
1125
- :error,
1126
1121
  :id,
1127
- :is_public,
1128
1122
  :principal,
1123
+ :action,
1129
1124
  :resource,
1130
- :resource_owner_account,
1125
+ :is_public,
1131
1126
  :resource_type,
1132
- :sources,
1127
+ :condition,
1128
+ :created_at,
1129
+ :analyzed_at,
1130
+ :updated_at,
1133
1131
  :status,
1134
- :updated_at)
1132
+ :resource_owner_account,
1133
+ :error,
1134
+ :sources)
1135
1135
  SENSITIVE = []
1136
1136
  include Aws::Structure
1137
1137
  end
@@ -1140,20 +1140,20 @@ module Aws::AccessAnalyzer
1140
1140
  # generated the finding is granted. It is populated for Amazon S3 bucket
1141
1141
  # findings.
1142
1142
  #
1143
+ # @!attribute [rw] type
1144
+ # Indicates the type of access that generated the finding.
1145
+ # @return [String]
1146
+ #
1143
1147
  # @!attribute [rw] detail
1144
1148
  # Includes details about how the access that generated the finding is
1145
1149
  # granted. This is populated for Amazon S3 bucket findings.
1146
1150
  # @return [Types::FindingSourceDetail]
1147
1151
  #
1148
- # @!attribute [rw] type
1149
- # Indicates the type of access that generated the finding.
1150
- # @return [String]
1151
- #
1152
1152
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSource AWS API Documentation
1153
1153
  #
1154
1154
  class FindingSource < Struct.new(
1155
- :detail,
1156
- :type)
1155
+ :type,
1156
+ :detail)
1157
1157
  SENSITIVE = []
1158
1158
  include Aws::Structure
1159
1159
  end
@@ -1177,15 +1177,32 @@ module Aws::AccessAnalyzer
1177
1177
 
1178
1178
  # Contains information about a finding.
1179
1179
  #
1180
+ # @!attribute [rw] id
1181
+ # The ID of the finding.
1182
+ # @return [String]
1183
+ #
1184
+ # @!attribute [rw] principal
1185
+ # The external principal that has access to a resource within the zone
1186
+ # of trust.
1187
+ # @return [Hash<String,String>]
1188
+ #
1180
1189
  # @!attribute [rw] action
1181
1190
  # The action in the analyzed policy statement that an external
1182
1191
  # principal has permission to use.
1183
1192
  # @return [Array<String>]
1184
1193
  #
1185
- # @!attribute [rw] analyzed_at
1186
- # The time at which the resource-based policy that generated the
1187
- # finding was analyzed.
1188
- # @return [Time]
1194
+ # @!attribute [rw] resource
1195
+ # The resource that the external principal has access to.
1196
+ # @return [String]
1197
+ #
1198
+ # @!attribute [rw] is_public
1199
+ # Indicates whether the finding reports a resource that has a policy
1200
+ # that allows public access.
1201
+ # @return [Boolean]
1202
+ #
1203
+ # @!attribute [rw] resource_type
1204
+ # The type of the resource that the external principal has access to.
1205
+ # @return [String]
1189
1206
  #
1190
1207
  # @!attribute [rw] condition
1191
1208
  # The condition in the analyzed policy statement that resulted in a
@@ -1196,34 +1213,25 @@ module Aws::AccessAnalyzer
1196
1213
  # The time at which the finding was created.
1197
1214
  # @return [Time]
1198
1215
  #
1199
- # @!attribute [rw] error
1200
- # The error that resulted in an Error finding.
1201
- # @return [String]
1202
- #
1203
- # @!attribute [rw] id
1204
- # The ID of the finding.
1205
- # @return [String]
1206
- #
1207
- # @!attribute [rw] is_public
1208
- # Indicates whether the finding reports a resource that has a policy
1209
- # that allows public access.
1210
- # @return [Boolean]
1216
+ # @!attribute [rw] analyzed_at
1217
+ # The time at which the resource-based policy that generated the
1218
+ # finding was analyzed.
1219
+ # @return [Time]
1211
1220
  #
1212
- # @!attribute [rw] principal
1213
- # The external principal that has access to a resource within the zone
1214
- # of trust.
1215
- # @return [Hash<String,String>]
1221
+ # @!attribute [rw] updated_at
1222
+ # The time at which the finding was most recently updated.
1223
+ # @return [Time]
1216
1224
  #
1217
- # @!attribute [rw] resource
1218
- # The resource that the external principal has access to.
1225
+ # @!attribute [rw] status
1226
+ # The status of the finding.
1219
1227
  # @return [String]
1220
1228
  #
1221
1229
  # @!attribute [rw] resource_owner_account
1222
1230
  # The Amazon Web Services account ID that owns the resource.
1223
1231
  # @return [String]
1224
1232
  #
1225
- # @!attribute [rw] resource_type
1226
- # The type of the resource that the external principal has access to.
1233
+ # @!attribute [rw] error
1234
+ # The error that resulted in an Error finding.
1227
1235
  # @return [String]
1228
1236
  #
1229
1237
  # @!attribute [rw] sources
@@ -1232,31 +1240,23 @@ module Aws::AccessAnalyzer
1232
1240
  # bucket findings.
1233
1241
  # @return [Array<Types::FindingSource>]
1234
1242
  #
1235
- # @!attribute [rw] status
1236
- # The status of the finding.
1237
- # @return [String]
1238
- #
1239
- # @!attribute [rw] updated_at
1240
- # The time at which the finding was most recently updated.
1241
- # @return [Time]
1242
- #
1243
1243
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSummary AWS API Documentation
1244
1244
  #
1245
1245
  class FindingSummary < Struct.new(
1246
- :action,
1247
- :analyzed_at,
1248
- :condition,
1249
- :created_at,
1250
- :error,
1251
1246
  :id,
1252
- :is_public,
1253
1247
  :principal,
1248
+ :action,
1254
1249
  :resource,
1255
- :resource_owner_account,
1250
+ :is_public,
1256
1251
  :resource_type,
1257
- :sources,
1252
+ :condition,
1253
+ :created_at,
1254
+ :analyzed_at,
1255
+ :updated_at,
1258
1256
  :status,
1259
- :updated_at)
1257
+ :resource_owner_account,
1258
+ :error,
1259
+ :sources)
1260
1260
  SENSITIVE = []
1261
1261
  include Aws::Structure
1262
1262
  end
@@ -1282,10 +1282,6 @@ module Aws::AccessAnalyzer
1282
1282
 
1283
1283
  # Contains the generated policy details.
1284
1284
  #
1285
- # @!attribute [rw] cloud_trail_properties
1286
- # Lists details about the `Trail` used to generated policy.
1287
- # @return [Types::CloudTrailProperties]
1288
- #
1289
1285
  # @!attribute [rw] is_complete
1290
1286
  # This value is set to `true` if the generated policy contains all
1291
1287
  # possible actions for a service that IAM Access Analyzer identified
@@ -1297,18 +1293,27 @@ module Aws::AccessAnalyzer
1297
1293
  # generating a policy.
1298
1294
  # @return [String]
1299
1295
  #
1296
+ # @!attribute [rw] cloud_trail_properties
1297
+ # Lists details about the `Trail` used to generated policy.
1298
+ # @return [Types::CloudTrailProperties]
1299
+ #
1300
1300
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicyProperties AWS API Documentation
1301
1301
  #
1302
1302
  class GeneratedPolicyProperties < Struct.new(
1303
- :cloud_trail_properties,
1304
1303
  :is_complete,
1305
- :principal_arn)
1304
+ :principal_arn,
1305
+ :cloud_trail_properties)
1306
1306
  SENSITIVE = []
1307
1307
  include Aws::Structure
1308
1308
  end
1309
1309
 
1310
1310
  # Contains the text for the generated policy and its details.
1311
1311
  #
1312
+ # @!attribute [rw] properties
1313
+ # A `GeneratedPolicyProperties` object that contains properties of the
1314
+ # generated policy.
1315
+ # @return [Types::GeneratedPolicyProperties]
1316
+ #
1312
1317
  # @!attribute [rw] generated_policies
1313
1318
  # The text to use as the content for the new policy. The policy is
1314
1319
  # created using the [CreatePolicy][1] action.
@@ -1318,16 +1323,11 @@ module Aws::AccessAnalyzer
1318
1323
  # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
1319
1324
  # @return [Array<Types::GeneratedPolicy>]
1320
1325
  #
1321
- # @!attribute [rw] properties
1322
- # A `GeneratedPolicyProperties` object that contains properties of the
1323
- # generated policy.
1324
- # @return [Types::GeneratedPolicyProperties]
1325
- #
1326
1326
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicyResult AWS API Documentation
1327
1327
  #
1328
1328
  class GeneratedPolicyResult < Struct.new(
1329
- :generated_policies,
1330
- :properties)
1329
+ :properties,
1330
+ :generated_policies)
1331
1331
  SENSITIVE = []
1332
1332
  include Aws::Structure
1333
1333
  end
@@ -1545,11 +1545,18 @@ module Aws::AccessAnalyzer
1545
1545
  # data as a hash:
1546
1546
  #
1547
1547
  # {
1548
+ # job_id: "JobId", # required
1548
1549
  # include_resource_placeholders: false,
1549
1550
  # include_service_level_template: false,
1550
- # job_id: "JobId", # required
1551
1551
  # }
1552
1552
  #
1553
+ # @!attribute [rw] job_id
1554
+ # The `JobId` that is returned by the `StartPolicyGeneration`
1555
+ # operation. The `JobId` can be used with `GetGeneratedPolicy` to
1556
+ # retrieve the generated policies or used with
1557
+ # `CancelPolicyGeneration` to cancel the policy generation request.
1558
+ # @return [String]
1559
+ #
1553
1560
  # @!attribute [rw] include_resource_placeholders
1554
1561
  # The level of detail that you want to generate. You can specify
1555
1562
  # whether to generate policies with placeholders for resource ARNs for
@@ -1569,38 +1576,31 @@ module Aws::AccessAnalyzer
1569
1576
  # template.
1570
1577
  # @return [Boolean]
1571
1578
  #
1572
- # @!attribute [rw] job_id
1573
- # The `JobId` that is returned by the `StartPolicyGeneration`
1574
- # operation. The `JobId` can be used with `GetGeneratedPolicy` to
1575
- # retrieve the generated policies or used with
1576
- # `CancelPolicyGeneration` to cancel the policy generation request.
1577
- # @return [String]
1578
- #
1579
1579
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicyRequest AWS API Documentation
1580
1580
  #
1581
1581
  class GetGeneratedPolicyRequest < Struct.new(
1582
+ :job_id,
1582
1583
  :include_resource_placeholders,
1583
- :include_service_level_template,
1584
- :job_id)
1584
+ :include_service_level_template)
1585
1585
  SENSITIVE = []
1586
1586
  include Aws::Structure
1587
1587
  end
1588
1588
 
1589
- # @!attribute [rw] generated_policy_result
1590
- # A `GeneratedPolicyResult` object that contains the generated
1591
- # policies and associated details.
1592
- # @return [Types::GeneratedPolicyResult]
1593
- #
1594
1589
  # @!attribute [rw] job_details
1595
1590
  # A `GeneratedPolicyDetails` object that contains details about the
1596
1591
  # generated policy.
1597
1592
  # @return [Types::JobDetails]
1598
1593
  #
1594
+ # @!attribute [rw] generated_policy_result
1595
+ # A `GeneratedPolicyResult` object that contains the generated
1596
+ # policies and associated details.
1597
+ # @return [Types::GeneratedPolicyResult]
1598
+ #
1599
1599
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicyResponse AWS API Documentation
1600
1600
  #
1601
1601
  class GetGeneratedPolicyResponse < Struct.new(
1602
- :generated_policy_result,
1603
- :job_details)
1602
+ :job_details,
1603
+ :generated_policy_result)
1604
1604
  SENSITIVE = []
1605
1605
  include Aws::Structure
1606
1606
  end
@@ -1645,30 +1645,30 @@ module Aws::AccessAnalyzer
1645
1645
  # data as a hash:
1646
1646
  #
1647
1647
  # {
1648
+ # rule_name: "Name", # required
1648
1649
  # filter: { # required
1649
1650
  # "String" => {
1650
- # contains: ["String"],
1651
1651
  # eq: ["String"],
1652
- # exists: false,
1653
1652
  # neq: ["String"],
1653
+ # contains: ["String"],
1654
+ # exists: false,
1654
1655
  # },
1655
1656
  # },
1656
- # rule_name: "Name", # required
1657
1657
  # }
1658
1658
  #
1659
- # @!attribute [rw] filter
1660
- # The condition and values for a criterion.
1661
- # @return [Hash<String,Types::Criterion>]
1662
- #
1663
1659
  # @!attribute [rw] rule_name
1664
1660
  # The name of the rule.
1665
1661
  # @return [String]
1666
1662
  #
1663
+ # @!attribute [rw] filter
1664
+ # The condition and values for a criterion.
1665
+ # @return [Hash<String,Types::Criterion>]
1666
+ #
1667
1667
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InlineArchiveRule AWS API Documentation
1668
1668
  #
1669
1669
  class InlineArchiveRule < Struct.new(
1670
- :filter,
1671
- :rule_name)
1670
+ :rule_name,
1671
+ :filter)
1672
1672
  SENSITIVE = []
1673
1673
  include Aws::Structure
1674
1674
  end
@@ -1702,14 +1702,6 @@ module Aws::AccessAnalyzer
1702
1702
 
1703
1703
  # Contains details about the policy generation request.
1704
1704
  #
1705
- # @!attribute [rw] completed_on
1706
- # A timestamp of when the job was completed.
1707
- # @return [Time]
1708
- #
1709
- # @!attribute [rw] job_error
1710
- # The job error for the policy generation request.
1711
- # @return [Types::JobError]
1712
- #
1713
1705
  # @!attribute [rw] job_id
1714
1706
  # The `JobId` that is returned by the `StartPolicyGeneration`
1715
1707
  # operation. The `JobId` can be used with `GetGeneratedPolicy` to
@@ -1717,22 +1709,30 @@ module Aws::AccessAnalyzer
1717
1709
  # `CancelPolicyGeneration` to cancel the policy generation request.
1718
1710
  # @return [String]
1719
1711
  #
1712
+ # @!attribute [rw] status
1713
+ # The status of the job request.
1714
+ # @return [String]
1715
+ #
1720
1716
  # @!attribute [rw] started_on
1721
1717
  # A timestamp of when the job was started.
1722
1718
  # @return [Time]
1723
1719
  #
1724
- # @!attribute [rw] status
1725
- # The status of the job request.
1726
- # @return [String]
1720
+ # @!attribute [rw] completed_on
1721
+ # A timestamp of when the job was completed.
1722
+ # @return [Time]
1723
+ #
1724
+ # @!attribute [rw] job_error
1725
+ # The job error for the policy generation request.
1726
+ # @return [Types::JobError]
1727
1727
  #
1728
1728
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/JobDetails AWS API Documentation
1729
1729
  #
1730
1730
  class JobDetails < Struct.new(
1731
- :completed_on,
1732
- :job_error,
1733
1731
  :job_id,
1732
+ :status,
1734
1733
  :started_on,
1735
- :status)
1734
+ :completed_on,
1735
+ :job_error)
1736
1736
  SENSITIVE = []
1737
1737
  include Aws::Structure
1738
1738
  end
@@ -1768,6 +1768,9 @@ module Aws::AccessAnalyzer
1768
1768
  # data as a hash:
1769
1769
  #
1770
1770
  # {
1771
+ # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
1772
+ # grantee_principal: "GranteePrincipal", # required
1773
+ # retiring_principal: "RetiringPrincipal",
1771
1774
  # constraints: {
1772
1775
  # encryption_context_equals: {
1773
1776
  # "KmsConstraintsKey" => "KmsConstraintsValue",
@@ -1776,12 +1779,27 @@ module Aws::AccessAnalyzer
1776
1779
  # "KmsConstraintsKey" => "KmsConstraintsValue",
1777
1780
  # },
1778
1781
  # },
1779
- # grantee_principal: "GranteePrincipal", # required
1780
1782
  # issuing_account: "IssuingAccount", # required
1781
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
1782
- # retiring_principal: "RetiringPrincipal",
1783
1783
  # }
1784
1784
  #
1785
+ # @!attribute [rw] operations
1786
+ # A list of operations that the grant permits.
1787
+ # @return [Array<String>]
1788
+ #
1789
+ # @!attribute [rw] grantee_principal
1790
+ # The principal that is given permission to perform the operations
1791
+ # that the grant permits.
1792
+ # @return [String]
1793
+ #
1794
+ # @!attribute [rw] retiring_principal
1795
+ # The principal that is given permission to retire the grant by using
1796
+ # [RetireGrant][1] operation.
1797
+ #
1798
+ #
1799
+ #
1800
+ # [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html
1801
+ # @return [String]
1802
+ #
1785
1803
  # @!attribute [rw] constraints
1786
1804
  # Use this structure to propose allowing [cryptographic operations][1]
1787
1805
  # in the grant only when the operation request includes the specified
@@ -1793,38 +1811,20 @@ module Aws::AccessAnalyzer
1793
1811
  # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
1794
1812
  # @return [Types::KmsGrantConstraints]
1795
1813
  #
1796
- # @!attribute [rw] grantee_principal
1797
- # The principal that is given permission to perform the operations
1798
- # that the grant permits.
1799
- # @return [String]
1800
- #
1801
1814
  # @!attribute [rw] issuing_account
1802
1815
  # The Amazon Web Services account under which the grant was issued.
1803
1816
  # The account is used to propose KMS grants issued by accounts other
1804
1817
  # than the owner of the key.
1805
1818
  # @return [String]
1806
1819
  #
1807
- # @!attribute [rw] operations
1808
- # A list of operations that the grant permits.
1809
- # @return [Array<String>]
1810
- #
1811
- # @!attribute [rw] retiring_principal
1812
- # The principal that is given permission to retire the grant by using
1813
- # [RetireGrant][1] operation.
1814
- #
1815
- #
1816
- #
1817
- # [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html
1818
- # @return [String]
1819
- #
1820
1820
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/KmsGrantConfiguration AWS API Documentation
1821
1821
  #
1822
1822
  class KmsGrantConfiguration < Struct.new(
1823
- :constraints,
1824
- :grantee_principal,
1825
- :issuing_account,
1826
1823
  :operations,
1827
- :retiring_principal)
1824
+ :grantee_principal,
1825
+ :retiring_principal,
1826
+ :constraints,
1827
+ :issuing_account)
1828
1828
  SENSITIVE = []
1829
1829
  include Aws::Structure
1830
1830
  end
@@ -1907,8 +1907,14 @@ module Aws::AccessAnalyzer
1907
1907
  # data as a hash:
1908
1908
  #
1909
1909
  # {
1910
+ # key_policies: {
1911
+ # "PolicyName" => "KmsKeyPolicy",
1912
+ # },
1910
1913
  # grants: [
1911
1914
  # {
1915
+ # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
1916
+ # grantee_principal: "GranteePrincipal", # required
1917
+ # retiring_principal: "RetiringPrincipal",
1912
1918
  # constraints: {
1913
1919
  # encryption_context_equals: {
1914
1920
  # "KmsConstraintsKey" => "KmsConstraintsValue",
@@ -1917,25 +1923,11 @@ module Aws::AccessAnalyzer
1917
1923
  # "KmsConstraintsKey" => "KmsConstraintsValue",
1918
1924
  # },
1919
1925
  # },
1920
- # grantee_principal: "GranteePrincipal", # required
1921
1926
  # issuing_account: "IssuingAccount", # required
1922
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
1923
- # retiring_principal: "RetiringPrincipal",
1924
1927
  # },
1925
1928
  # ],
1926
- # key_policies: {
1927
- # "PolicyName" => "KmsKeyPolicy",
1928
- # },
1929
1929
  # }
1930
1930
  #
1931
- # @!attribute [rw] grants
1932
- # A list of proposed grant configurations for the KMS key. If the
1933
- # proposed grant configuration is for an existing key, the access
1934
- # preview uses the proposed list of grant configurations in place of
1935
- # the existing grants. Otherwise, the access preview uses the existing
1936
- # grants for the key.
1937
- # @return [Array<Types::KmsGrantConfiguration>]
1938
- #
1939
1931
  # @!attribute [rw] key_policies
1940
1932
  # Resource policy configuration for the KMS key. The only valid value
1941
1933
  # for the name of the key policy is `default`. For more information,
@@ -1946,11 +1938,19 @@ module Aws::AccessAnalyzer
1946
1938
  # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
1947
1939
  # @return [Hash<String,String>]
1948
1940
  #
1941
+ # @!attribute [rw] grants
1942
+ # A list of proposed grant configurations for the KMS key. If the
1943
+ # proposed grant configuration is for an existing key, the access
1944
+ # preview uses the proposed list of grant configurations in place of
1945
+ # the existing grants. Otherwise, the access preview uses the existing
1946
+ # grants for the key.
1947
+ # @return [Array<Types::KmsGrantConfiguration>]
1948
+ #
1949
1949
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/KmsKeyConfiguration AWS API Documentation
1950
1950
  #
1951
1951
  class KmsKeyConfiguration < Struct.new(
1952
- :grants,
1953
- :key_policies)
1952
+ :key_policies,
1953
+ :grants)
1954
1954
  SENSITIVE = []
1955
1955
  include Aws::Structure
1956
1956
  end
@@ -1963,14 +1963,14 @@ module Aws::AccessAnalyzer
1963
1963
  # analyzer_arn: "AnalyzerArn", # required
1964
1964
  # filter: {
1965
1965
  # "String" => {
1966
- # contains: ["String"],
1967
1966
  # eq: ["String"],
1968
- # exists: false,
1969
1967
  # neq: ["String"],
1968
+ # contains: ["String"],
1969
+ # exists: false,
1970
1970
  # },
1971
1971
  # },
1972
- # max_results: 1,
1973
1972
  # next_token: "Token",
1973
+ # max_results: 1,
1974
1974
  # }
1975
1975
  #
1976
1976
  # @!attribute [rw] access_preview_id
@@ -1989,22 +1989,22 @@ module Aws::AccessAnalyzer
1989
1989
  # Criteria to filter the returned findings.
1990
1990
  # @return [Hash<String,Types::Criterion>]
1991
1991
  #
1992
- # @!attribute [rw] max_results
1993
- # The maximum number of results to return in the response.
1994
- # @return [Integer]
1995
- #
1996
1992
  # @!attribute [rw] next_token
1997
1993
  # A token used for pagination of results returned.
1998
1994
  # @return [String]
1999
1995
  #
1996
+ # @!attribute [rw] max_results
1997
+ # The maximum number of results to return in the response.
1998
+ # @return [Integer]
1999
+ #
2000
2000
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindingsRequest AWS API Documentation
2001
2001
  #
2002
2002
  class ListAccessPreviewFindingsRequest < Struct.new(
2003
2003
  :access_preview_id,
2004
2004
  :analyzer_arn,
2005
2005
  :filter,
2006
- :max_results,
2007
- :next_token)
2006
+ :next_token,
2007
+ :max_results)
2008
2008
  SENSITIVE = []
2009
2009
  include Aws::Structure
2010
2010
  end
@@ -2032,8 +2032,8 @@ module Aws::AccessAnalyzer
2032
2032
  #
2033
2033
  # {
2034
2034
  # analyzer_arn: "AnalyzerArn", # required
2035
- # max_results: 1,
2036
2035
  # next_token: "Token",
2036
+ # max_results: 1,
2037
2037
  # }
2038
2038
  #
2039
2039
  # @!attribute [rw] analyzer_arn
@@ -2044,20 +2044,20 @@ module Aws::AccessAnalyzer
2044
2044
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
2045
2045
  # @return [String]
2046
2046
  #
2047
- # @!attribute [rw] max_results
2048
- # The maximum number of results to return in the response.
2049
- # @return [Integer]
2050
- #
2051
2047
  # @!attribute [rw] next_token
2052
2048
  # A token used for pagination of results returned.
2053
2049
  # @return [String]
2054
2050
  #
2051
+ # @!attribute [rw] max_results
2052
+ # The maximum number of results to return in the response.
2053
+ # @return [Integer]
2054
+ #
2055
2055
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewsRequest AWS API Documentation
2056
2056
  #
2057
2057
  class ListAccessPreviewsRequest < Struct.new(
2058
2058
  :analyzer_arn,
2059
- :max_results,
2060
- :next_token)
2059
+ :next_token,
2060
+ :max_results)
2061
2061
  SENSITIVE = []
2062
2062
  include Aws::Structure
2063
2063
  end
@@ -2086,9 +2086,9 @@ module Aws::AccessAnalyzer
2086
2086
  #
2087
2087
  # {
2088
2088
  # analyzer_arn: "AnalyzerArn", # required
2089
- # max_results: 1,
2090
- # next_token: "Token",
2091
2089
  # resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
2090
+ # next_token: "Token",
2091
+ # max_results: 1,
2092
2092
  # }
2093
2093
  #
2094
2094
  # @!attribute [rw] analyzer_arn
@@ -2100,25 +2100,25 @@ module Aws::AccessAnalyzer
2100
2100
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
2101
2101
  # @return [String]
2102
2102
  #
2103
- # @!attribute [rw] max_results
2104
- # The maximum number of results to return in the response.
2105
- # @return [Integer]
2103
+ # @!attribute [rw] resource_type
2104
+ # The type of resource.
2105
+ # @return [String]
2106
2106
  #
2107
2107
  # @!attribute [rw] next_token
2108
2108
  # A token used for pagination of results returned.
2109
2109
  # @return [String]
2110
2110
  #
2111
- # @!attribute [rw] resource_type
2112
- # The type of resource.
2113
- # @return [String]
2111
+ # @!attribute [rw] max_results
2112
+ # The maximum number of results to return in the response.
2113
+ # @return [Integer]
2114
2114
  #
2115
2115
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResourcesRequest AWS API Documentation
2116
2116
  #
2117
2117
  class ListAnalyzedResourcesRequest < Struct.new(
2118
2118
  :analyzer_arn,
2119
- :max_results,
2119
+ :resource_type,
2120
2120
  :next_token,
2121
- :resource_type)
2121
+ :max_results)
2122
2122
  SENSITIVE = []
2123
2123
  include Aws::Structure
2124
2124
  end
@@ -2148,19 +2148,19 @@ module Aws::AccessAnalyzer
2148
2148
  # data as a hash:
2149
2149
  #
2150
2150
  # {
2151
- # max_results: 1,
2152
2151
  # next_token: "Token",
2152
+ # max_results: 1,
2153
2153
  # type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
2154
2154
  # }
2155
2155
  #
2156
- # @!attribute [rw] max_results
2157
- # The maximum number of results to return in the response.
2158
- # @return [Integer]
2159
- #
2160
2156
  # @!attribute [rw] next_token
2161
2157
  # A token used for pagination of results returned.
2162
2158
  # @return [String]
2163
2159
  #
2160
+ # @!attribute [rw] max_results
2161
+ # The maximum number of results to return in the response.
2162
+ # @return [Integer]
2163
+ #
2164
2164
  # @!attribute [rw] type
2165
2165
  # The type of analyzer.
2166
2166
  # @return [String]
@@ -2168,8 +2168,8 @@ module Aws::AccessAnalyzer
2168
2168
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzersRequest AWS API Documentation
2169
2169
  #
2170
2170
  class ListAnalyzersRequest < Struct.new(
2171
- :max_results,
2172
2171
  :next_token,
2172
+ :max_results,
2173
2173
  :type)
2174
2174
  SENSITIVE = []
2175
2175
  include Aws::Structure
@@ -2201,28 +2201,28 @@ module Aws::AccessAnalyzer
2201
2201
  #
2202
2202
  # {
2203
2203
  # analyzer_name: "Name", # required
2204
- # max_results: 1,
2205
2204
  # next_token: "Token",
2205
+ # max_results: 1,
2206
2206
  # }
2207
2207
  #
2208
2208
  # @!attribute [rw] analyzer_name
2209
2209
  # The name of the analyzer to retrieve rules from.
2210
2210
  # @return [String]
2211
2211
  #
2212
- # @!attribute [rw] max_results
2213
- # The maximum number of results to return in the request.
2214
- # @return [Integer]
2215
- #
2216
2212
  # @!attribute [rw] next_token
2217
2213
  # A token used for pagination of results returned.
2218
2214
  # @return [String]
2219
2215
  #
2216
+ # @!attribute [rw] max_results
2217
+ # The maximum number of results to return in the request.
2218
+ # @return [Integer]
2219
+ #
2220
2220
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListArchiveRulesRequest AWS API Documentation
2221
2221
  #
2222
2222
  class ListArchiveRulesRequest < Struct.new(
2223
2223
  :analyzer_name,
2224
- :max_results,
2225
- :next_token)
2224
+ :next_token,
2225
+ :max_results)
2226
2226
  SENSITIVE = []
2227
2227
  include Aws::Structure
2228
2228
  end
@@ -2255,18 +2255,18 @@ module Aws::AccessAnalyzer
2255
2255
  # analyzer_arn: "AnalyzerArn", # required
2256
2256
  # filter: {
2257
2257
  # "String" => {
2258
- # contains: ["String"],
2259
2258
  # eq: ["String"],
2260
- # exists: false,
2261
2259
  # neq: ["String"],
2260
+ # contains: ["String"],
2261
+ # exists: false,
2262
2262
  # },
2263
2263
  # },
2264
- # max_results: 1,
2265
- # next_token: "Token",
2266
2264
  # sort: {
2267
2265
  # attribute_name: "String",
2268
2266
  # order_by: "ASC", # accepts ASC, DESC
2269
2267
  # },
2268
+ # next_token: "Token",
2269
+ # max_results: 1,
2270
2270
  # }
2271
2271
  #
2272
2272
  # @!attribute [rw] analyzer_arn
@@ -2281,26 +2281,26 @@ module Aws::AccessAnalyzer
2281
2281
  # A filter to match for the findings to return.
2282
2282
  # @return [Hash<String,Types::Criterion>]
2283
2283
  #
2284
- # @!attribute [rw] max_results
2285
- # The maximum number of results to return in the response.
2286
- # @return [Integer]
2284
+ # @!attribute [rw] sort
2285
+ # The sort order for the findings returned.
2286
+ # @return [Types::SortCriteria]
2287
2287
  #
2288
2288
  # @!attribute [rw] next_token
2289
2289
  # A token used for pagination of results returned.
2290
2290
  # @return [String]
2291
2291
  #
2292
- # @!attribute [rw] sort
2293
- # The sort order for the findings returned.
2294
- # @return [Types::SortCriteria]
2292
+ # @!attribute [rw] max_results
2293
+ # The maximum number of results to return in the response.
2294
+ # @return [Integer]
2295
2295
  #
2296
2296
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindingsRequest AWS API Documentation
2297
2297
  #
2298
2298
  class ListFindingsRequest < Struct.new(
2299
2299
  :analyzer_arn,
2300
2300
  :filter,
2301
- :max_results,
2301
+ :sort,
2302
2302
  :next_token,
2303
- :sort)
2303
+ :max_results)
2304
2304
  SENSITIVE = []
2305
2305
  include Aws::Structure
2306
2306
  end
@@ -2329,11 +2329,17 @@ module Aws::AccessAnalyzer
2329
2329
  # data as a hash:
2330
2330
  #
2331
2331
  # {
2332
+ # principal_arn: "PrincipalArn",
2332
2333
  # max_results: 1,
2333
2334
  # next_token: "Token",
2334
- # principal_arn: "PrincipalArn",
2335
2335
  # }
2336
2336
  #
2337
+ # @!attribute [rw] principal_arn
2338
+ # The ARN of the IAM entity (user or role) for which you are
2339
+ # generating a policy. Use this with `ListGeneratedPolicies` to filter
2340
+ # the results to only include results for a specific principal.
2341
+ # @return [String]
2342
+ #
2337
2343
  # @!attribute [rw] max_results
2338
2344
  # The maximum number of results to return in the response.
2339
2345
  # @return [Integer]
@@ -2342,36 +2348,30 @@ module Aws::AccessAnalyzer
2342
2348
  # A token used for pagination of results returned.
2343
2349
  # @return [String]
2344
2350
  #
2345
- # @!attribute [rw] principal_arn
2346
- # The ARN of the IAM entity (user or role) for which you are
2347
- # generating a policy. Use this with `ListGeneratedPolicies` to filter
2348
- # the results to only include results for a specific principal.
2349
- # @return [String]
2350
- #
2351
2351
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerationsRequest AWS API Documentation
2352
2352
  #
2353
2353
  class ListPolicyGenerationsRequest < Struct.new(
2354
+ :principal_arn,
2354
2355
  :max_results,
2355
- :next_token,
2356
- :principal_arn)
2356
+ :next_token)
2357
2357
  SENSITIVE = []
2358
2358
  include Aws::Structure
2359
2359
  end
2360
2360
 
2361
- # @!attribute [rw] next_token
2362
- # A token used for pagination of results returned.
2363
- # @return [String]
2364
- #
2365
2361
  # @!attribute [rw] policy_generations
2366
2362
  # A `PolicyGeneration` object that contains details about the
2367
2363
  # generated policy.
2368
2364
  # @return [Array<Types::PolicyGeneration>]
2369
2365
  #
2366
+ # @!attribute [rw] next_token
2367
+ # A token used for pagination of results returned.
2368
+ # @return [String]
2369
+ #
2370
2370
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerationsResponse AWS API Documentation
2371
2371
  #
2372
2372
  class ListPolicyGenerationsResponse < Struct.new(
2373
- :next_token,
2374
- :policy_generations)
2373
+ :policy_generations,
2374
+ :next_token)
2375
2375
  SENSITIVE = []
2376
2376
  include Aws::Structure
2377
2377
  end
@@ -2447,11 +2447,6 @@ module Aws::AccessAnalyzer
2447
2447
  #
2448
2448
  # @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
2449
2449
  #
2450
- # @!attribute [rw] internet_configuration
2451
- # The configuration for the Amazon S3 access point or multi-region
2452
- # access point with an `Internet` origin.
2453
- # @return [Types::InternetConfiguration]
2454
- #
2455
2450
  # @!attribute [rw] vpc_configuration
2456
2451
  # The proposed virtual private cloud (VPC) configuration for the
2457
2452
  # Amazon S3 access point. VPC configuration does not apply to
@@ -2463,18 +2458,23 @@ module Aws::AccessAnalyzer
2463
2458
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html
2464
2459
  # @return [Types::VpcConfiguration]
2465
2460
  #
2461
+ # @!attribute [rw] internet_configuration
2462
+ # The configuration for the Amazon S3 access point or multi-region
2463
+ # access point with an `Internet` origin.
2464
+ # @return [Types::InternetConfiguration]
2465
+ #
2466
2466
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/NetworkOriginConfiguration AWS API Documentation
2467
2467
  #
2468
2468
  class NetworkOriginConfiguration < Struct.new(
2469
- :internet_configuration,
2470
2469
  :vpc_configuration,
2470
+ :internet_configuration,
2471
2471
  :unknown)
2472
2472
  SENSITIVE = []
2473
2473
  include Aws::Structure
2474
2474
  include Aws::Structure::Union
2475
2475
 
2476
- class InternetConfiguration < NetworkOriginConfiguration; end
2477
2476
  class VpcConfiguration < NetworkOriginConfiguration; end
2477
+ class InternetConfiguration < NetworkOriginConfiguration; end
2478
2478
  class Unknown < NetworkOriginConfiguration; end
2479
2479
  end
2480
2480
 
@@ -2520,10 +2520,6 @@ module Aws::AccessAnalyzer
2520
2520
 
2521
2521
  # Contains details about the policy generation status and properties.
2522
2522
  #
2523
- # @!attribute [rw] completed_on
2524
- # A timestamp of when the policy generation was completed.
2525
- # @return [Time]
2526
- #
2527
2523
  # @!attribute [rw] job_id
2528
2524
  # The `JobId` that is returned by the `StartPolicyGeneration`
2529
2525
  # operation. The `JobId` can be used with `GetGeneratedPolicy` to
@@ -2536,22 +2532,26 @@ module Aws::AccessAnalyzer
2536
2532
  # generating a policy.
2537
2533
  # @return [String]
2538
2534
  #
2535
+ # @!attribute [rw] status
2536
+ # The status of the policy generation request.
2537
+ # @return [String]
2538
+ #
2539
2539
  # @!attribute [rw] started_on
2540
2540
  # A timestamp of when the policy generation started.
2541
2541
  # @return [Time]
2542
2542
  #
2543
- # @!attribute [rw] status
2544
- # The status of the policy generation request.
2545
- # @return [String]
2543
+ # @!attribute [rw] completed_on
2544
+ # A timestamp of when the policy generation was completed.
2545
+ # @return [Time]
2546
2546
  #
2547
2547
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/PolicyGeneration AWS API Documentation
2548
2548
  #
2549
2549
  class PolicyGeneration < Struct.new(
2550
- :completed_on,
2551
2550
  :job_id,
2552
2551
  :principal_arn,
2552
+ :status,
2553
2553
  :started_on,
2554
- :status)
2554
+ :completed_on)
2555
2555
  SENSITIVE = []
2556
2556
  include Aws::Structure
2557
2557
  end
@@ -2581,14 +2581,14 @@ module Aws::AccessAnalyzer
2581
2581
 
2582
2582
  # A position in a policy.
2583
2583
  #
2584
- # @!attribute [rw] column
2585
- # The column of the position, starting from 0.
2586
- # @return [Integer]
2587
- #
2588
2584
  # @!attribute [rw] line
2589
2585
  # The line of the position, starting from 1.
2590
2586
  # @return [Integer]
2591
2587
  #
2588
+ # @!attribute [rw] column
2589
+ # The column of the position, starting from 0.
2590
+ # @return [Integer]
2591
+ #
2592
2592
  # @!attribute [rw] offset
2593
2593
  # The offset within the policy that corresponds to the position,
2594
2594
  # starting from 0.
@@ -2597,8 +2597,8 @@ module Aws::AccessAnalyzer
2597
2597
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Position AWS API Documentation
2598
2598
  #
2599
2599
  class Position < Struct.new(
2600
- :column,
2601
2600
  :line,
2601
+ :column,
2602
2602
  :offset)
2603
2603
  SENSITIVE = []
2604
2604
  include Aws::Structure
@@ -2640,7 +2640,7 @@ module Aws::AccessAnalyzer
2640
2640
  #
2641
2641
  #
2642
2642
  #
2643
- # [1]: https://docs.aws.amazon.com/https:/docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
2643
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
2644
2644
  # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html
2645
2645
  #
2646
2646
  # @note When making an API call, you may pass S3AccessPointConfiguration
@@ -2648,16 +2648,16 @@ module Aws::AccessAnalyzer
2648
2648
  #
2649
2649
  # {
2650
2650
  # access_point_policy: "AccessPointPolicy",
2651
+ # public_access_block: {
2652
+ # ignore_public_acls: false, # required
2653
+ # restrict_public_buckets: false, # required
2654
+ # },
2651
2655
  # network_origin: {
2652
- # internet_configuration: {
2653
- # },
2654
2656
  # vpc_configuration: {
2655
2657
  # vpc_id: "VpcId", # required
2656
2658
  # },
2657
- # },
2658
- # public_access_block: {
2659
- # ignore_public_acls: false, # required
2660
- # restrict_public_buckets: false, # required
2659
+ # internet_configuration: {
2660
+ # },
2661
2661
  # },
2662
2662
  # }
2663
2663
  #
@@ -2665,6 +2665,11 @@ module Aws::AccessAnalyzer
2665
2665
  # The access point or multi-region access point policy.
2666
2666
  # @return [String]
2667
2667
  #
2668
+ # @!attribute [rw] public_access_block
2669
+ # The proposed `S3PublicAccessBlock` configuration to apply to this
2670
+ # Amazon S3 access point or multi-region access point.
2671
+ # @return [Types::S3PublicAccessBlockConfiguration]
2672
+ #
2668
2673
  # @!attribute [rw] network_origin
2669
2674
  # The proposed `Internet` and `VpcConfiguration` to apply to this
2670
2675
  # Amazon S3 access point. `VpcConfiguration` does not apply to
@@ -2675,17 +2680,12 @@ module Aws::AccessAnalyzer
2675
2680
  # the exiting network origin.
2676
2681
  # @return [Types::NetworkOriginConfiguration]
2677
2682
  #
2678
- # @!attribute [rw] public_access_block
2679
- # The proposed `S3PublicAccessBlock` configuration to apply to this
2680
- # Amazon S3 access point or multi-region access point.
2681
- # @return [Types::S3PublicAccessBlockConfiguration]
2682
- #
2683
2683
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3AccessPointConfiguration AWS API Documentation
2684
2684
  #
2685
2685
  class S3AccessPointConfiguration < Struct.new(
2686
2686
  :access_point_policy,
2687
- :network_origin,
2688
- :public_access_block)
2687
+ :public_access_block,
2688
+ :network_origin)
2689
2689
  SENSITIVE = []
2690
2690
  include Aws::Structure
2691
2691
  end
@@ -2701,26 +2701,26 @@ module Aws::AccessAnalyzer
2701
2701
  # data as a hash:
2702
2702
  #
2703
2703
  # {
2704
+ # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
2704
2705
  # grantee: { # required
2705
2706
  # id: "AclCanonicalId",
2706
2707
  # uri: "AclUri",
2707
2708
  # },
2708
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
2709
2709
  # }
2710
2710
  #
2711
- # @!attribute [rw] grantee
2712
- # The grantee to whom you’re assigning access rights.
2713
- # @return [Types::AclGrantee]
2714
- #
2715
2711
  # @!attribute [rw] permission
2716
2712
  # The permissions being granted.
2717
2713
  # @return [String]
2718
2714
  #
2715
+ # @!attribute [rw] grantee
2716
+ # The grantee to whom you’re assigning access rights.
2717
+ # @return [Types::AclGrantee]
2718
+ #
2719
2719
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3BucketAclGrantConfiguration AWS API Documentation
2720
2720
  #
2721
2721
  class S3BucketAclGrantConfiguration < Struct.new(
2722
- :grantee,
2723
- :permission)
2722
+ :permission,
2723
+ :grantee)
2724
2724
  SENSITIVE = []
2725
2725
  include Aws::Structure
2726
2726
  end
@@ -2747,43 +2747,41 @@ module Aws::AccessAnalyzer
2747
2747
  # data as a hash:
2748
2748
  #
2749
2749
  # {
2750
- # access_points: {
2751
- # "AccessPointArn" => {
2752
- # access_point_policy: "AccessPointPolicy",
2753
- # network_origin: {
2754
- # internet_configuration: {
2755
- # },
2756
- # vpc_configuration: {
2757
- # vpc_id: "VpcId", # required
2758
- # },
2759
- # },
2760
- # public_access_block: {
2761
- # ignore_public_acls: false, # required
2762
- # restrict_public_buckets: false, # required
2763
- # },
2764
- # },
2765
- # },
2750
+ # bucket_policy: "S3BucketPolicy",
2766
2751
  # bucket_acl_grants: [
2767
2752
  # {
2753
+ # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
2768
2754
  # grantee: { # required
2769
2755
  # id: "AclCanonicalId",
2770
2756
  # uri: "AclUri",
2771
2757
  # },
2772
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
2773
2758
  # },
2774
2759
  # ],
2775
- # bucket_policy: "S3BucketPolicy",
2776
2760
  # bucket_public_access_block: {
2777
2761
  # ignore_public_acls: false, # required
2778
2762
  # restrict_public_buckets: false, # required
2779
2763
  # },
2764
+ # access_points: {
2765
+ # "AccessPointArn" => {
2766
+ # access_point_policy: "AccessPointPolicy",
2767
+ # public_access_block: {
2768
+ # ignore_public_acls: false, # required
2769
+ # restrict_public_buckets: false, # required
2770
+ # },
2771
+ # network_origin: {
2772
+ # vpc_configuration: {
2773
+ # vpc_id: "VpcId", # required
2774
+ # },
2775
+ # internet_configuration: {
2776
+ # },
2777
+ # },
2778
+ # },
2779
+ # },
2780
2780
  # }
2781
2781
  #
2782
- # @!attribute [rw] access_points
2783
- # The configuration of Amazon S3 access points or multi-region access
2784
- # points for the bucket. You can propose up to 10 new access points
2785
- # per bucket.
2786
- # @return [Hash<String,Types::S3AccessPointConfiguration>]
2782
+ # @!attribute [rw] bucket_policy
2783
+ # The proposed bucket policy for the Amazon S3 bucket.
2784
+ # @return [String]
2787
2785
  #
2788
2786
  # @!attribute [rw] bucket_acl_grants
2789
2787
  # The proposed list of ACL grants for the Amazon S3 bucket. You can
@@ -2794,22 +2792,24 @@ module Aws::AccessAnalyzer
2794
2792
  # the bucket.
2795
2793
  # @return [Array<Types::S3BucketAclGrantConfiguration>]
2796
2794
  #
2797
- # @!attribute [rw] bucket_policy
2798
- # The proposed bucket policy for the Amazon S3 bucket.
2799
- # @return [String]
2800
- #
2801
2795
  # @!attribute [rw] bucket_public_access_block
2802
2796
  # The proposed block public access configuration for the Amazon S3
2803
2797
  # bucket.
2804
2798
  # @return [Types::S3PublicAccessBlockConfiguration]
2805
2799
  #
2800
+ # @!attribute [rw] access_points
2801
+ # The configuration of Amazon S3 access points or multi-region access
2802
+ # points for the bucket. You can propose up to 10 new access points
2803
+ # per bucket.
2804
+ # @return [Hash<String,Types::S3AccessPointConfiguration>]
2805
+ #
2806
2806
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3BucketConfiguration AWS API Documentation
2807
2807
  #
2808
2808
  class S3BucketConfiguration < Struct.new(
2809
- :access_points,
2810
- :bucket_acl_grants,
2811
2809
  :bucket_policy,
2812
- :bucket_public_access_block)
2810
+ :bucket_acl_grants,
2811
+ :bucket_public_access_block,
2812
+ :access_points)
2813
2813
  SENSITIVE = []
2814
2814
  include Aws::Structure
2815
2815
  end
@@ -2957,19 +2957,19 @@ module Aws::AccessAnalyzer
2957
2957
  # A span in a policy. The span consists of a start position (inclusive)
2958
2958
  # and end position (exclusive).
2959
2959
  #
2960
- # @!attribute [rw] end
2961
- # The end position of the span (exclusive).
2962
- # @return [Types::Position]
2963
- #
2964
2960
  # @!attribute [rw] start
2965
2961
  # The start position of the span (inclusive).
2966
2962
  # @return [Types::Position]
2967
2963
  #
2964
+ # @!attribute [rw] end
2965
+ # The end position of the span (exclusive).
2966
+ # @return [Types::Position]
2967
+ #
2968
2968
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Span AWS API Documentation
2969
2969
  #
2970
2970
  class Span < Struct.new(
2971
- :end,
2972
- :start)
2971
+ :start,
2972
+ :end)
2973
2973
  SENSITIVE = []
2974
2974
  include Aws::Structure
2975
2975
  end
@@ -3013,24 +3013,34 @@ module Aws::AccessAnalyzer
3013
3013
  # data as a hash:
3014
3014
  #
3015
3015
  # {
3016
- # client_token: "String",
3016
+ # policy_generation_details: { # required
3017
+ # principal_arn: "PrincipalArn", # required
3018
+ # },
3017
3019
  # cloud_trail_details: {
3018
- # access_role: "RoleArn", # required
3019
- # end_time: Time.now,
3020
- # start_time: Time.now, # required
3021
3020
  # trails: [ # required
3022
3021
  # {
3023
- # all_regions: false,
3024
3022
  # cloud_trail_arn: "CloudTrailArn", # required
3025
3023
  # regions: ["String"],
3024
+ # all_regions: false,
3026
3025
  # },
3027
3026
  # ],
3027
+ # access_role: "RoleArn", # required
3028
+ # start_time: Time.now, # required
3029
+ # end_time: Time.now,
3028
3030
  # },
3029
- # policy_generation_details: { # required
3030
- # principal_arn: "PrincipalArn", # required
3031
- # },
3031
+ # client_token: "String",
3032
3032
  # }
3033
3033
  #
3034
+ # @!attribute [rw] policy_generation_details
3035
+ # Contains the ARN of the IAM entity (user or role) for which you are
3036
+ # generating a policy.
3037
+ # @return [Types::PolicyGenerationDetails]
3038
+ #
3039
+ # @!attribute [rw] cloud_trail_details
3040
+ # A `CloudTrailDetails` object that contains details about a `Trail`
3041
+ # that you want to analyze to generate policies.
3042
+ # @return [Types::CloudTrailDetails]
3043
+ #
3034
3044
  # @!attribute [rw] client_token
3035
3045
  # A unique, case-sensitive identifier that you provide to ensure the
3036
3046
  # idempotency of the request. Idempotency ensures that an API request
@@ -3046,22 +3056,12 @@ module Aws::AccessAnalyzer
3046
3056
  # not need to pass this option.
3047
3057
  # @return [String]
3048
3058
  #
3049
- # @!attribute [rw] cloud_trail_details
3050
- # A `CloudTrailDetails` object that contains details about a `Trail`
3051
- # that you want to analyze to generate policies.
3052
- # @return [Types::CloudTrailDetails]
3053
- #
3054
- # @!attribute [rw] policy_generation_details
3055
- # Contains the ARN of the IAM entity (user or role) for which you are
3056
- # generating a policy.
3057
- # @return [Types::PolicyGenerationDetails]
3058
- #
3059
3059
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartPolicyGenerationRequest AWS API Documentation
3060
3060
  #
3061
3061
  class StartPolicyGenerationRequest < Struct.new(
3062
- :client_token,
3062
+ :policy_generation_details,
3063
3063
  :cloud_trail_details,
3064
- :policy_generation_details)
3064
+ :client_token)
3065
3065
  SENSITIVE = []
3066
3066
  include Aws::Structure
3067
3067
  end
@@ -3133,19 +3133,19 @@ module Aws::AccessAnalyzer
3133
3133
 
3134
3134
  # A reference to a substring of a literal string in a JSON document.
3135
3135
  #
3136
- # @!attribute [rw] length
3137
- # The length of the substring.
3138
- # @return [Integer]
3139
- #
3140
3136
  # @!attribute [rw] start
3141
3137
  # The start index of the substring, starting from 0.
3142
3138
  # @return [Integer]
3143
3139
  #
3140
+ # @!attribute [rw] length
3141
+ # The length of the substring.
3142
+ # @return [Integer]
3143
+ #
3144
3144
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Substring AWS API Documentation
3145
3145
  #
3146
3146
  class Substring < Struct.new(
3147
- :length,
3148
- :start)
3147
+ :start,
3148
+ :length)
3149
3149
  SENSITIVE = []
3150
3150
  include Aws::Structure
3151
3151
  end
@@ -3210,17 +3210,11 @@ module Aws::AccessAnalyzer
3210
3210
  # data as a hash:
3211
3211
  #
3212
3212
  # {
3213
- # all_regions: false,
3214
3213
  # cloud_trail_arn: "CloudTrailArn", # required
3215
3214
  # regions: ["String"],
3215
+ # all_regions: false,
3216
3216
  # }
3217
3217
  #
3218
- # @!attribute [rw] all_regions
3219
- # Possible values are `true` or `false`. If set to `true`, IAM Access
3220
- # Analyzer retrieves CloudTrail data from all regions to analyze and
3221
- # generate a policy.
3222
- # @return [Boolean]
3223
- #
3224
3218
  # @!attribute [rw] cloud_trail_arn
3225
3219
  # Specifies the ARN of the trail. The format of a trail ARN is
3226
3220
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
@@ -3231,12 +3225,18 @@ module Aws::AccessAnalyzer
3231
3225
  # generate a policy.
3232
3226
  # @return [Array<String>]
3233
3227
  #
3228
+ # @!attribute [rw] all_regions
3229
+ # Possible values are `true` or `false`. If set to `true`, IAM Access
3230
+ # Analyzer retrieves CloudTrail data from all regions to analyze and
3231
+ # generate a policy.
3232
+ # @return [Boolean]
3233
+ #
3234
3234
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Trail AWS API Documentation
3235
3235
  #
3236
3236
  class Trail < Struct.new(
3237
- :all_regions,
3238
3237
  :cloud_trail_arn,
3239
- :regions)
3238
+ :regions,
3239
+ :all_regions)
3240
3240
  SENSITIVE = []
3241
3241
  include Aws::Structure
3242
3242
  end
@@ -3244,12 +3244,6 @@ module Aws::AccessAnalyzer
3244
3244
  # Contains details about the CloudTrail trail being analyzed to generate
3245
3245
  # a policy.
3246
3246
  #
3247
- # @!attribute [rw] all_regions
3248
- # Possible values are `true` or `false`. If set to `true`, IAM Access
3249
- # Analyzer retrieves CloudTrail data from all regions to analyze and
3250
- # generate a policy.
3251
- # @return [Boolean]
3252
- #
3253
3247
  # @!attribute [rw] cloud_trail_arn
3254
3248
  # Specifies the ARN of the trail. The format of a trail ARN is
3255
3249
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
@@ -3260,12 +3254,18 @@ module Aws::AccessAnalyzer
3260
3254
  # generate a policy.
3261
3255
  # @return [Array<String>]
3262
3256
  #
3257
+ # @!attribute [rw] all_regions
3258
+ # Possible values are `true` or `false`. If set to `true`, IAM Access
3259
+ # Analyzer retrieves CloudTrail data from all regions to analyze and
3260
+ # generate a policy.
3261
+ # @return [Boolean]
3262
+ #
3263
3263
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/TrailProperties AWS API Documentation
3264
3264
  #
3265
3265
  class TrailProperties < Struct.new(
3266
- :all_regions,
3267
3266
  :cloud_trail_arn,
3268
- :regions)
3267
+ :regions,
3268
+ :all_regions)
3269
3269
  SENSITIVE = []
3270
3270
  include Aws::Structure
3271
3271
  end
@@ -3310,27 +3310,24 @@ module Aws::AccessAnalyzer
3310
3310
  #
3311
3311
  # {
3312
3312
  # analyzer_name: "Name", # required
3313
- # client_token: "String",
3313
+ # rule_name: "Name", # required
3314
3314
  # filter: { # required
3315
3315
  # "String" => {
3316
- # contains: ["String"],
3317
3316
  # eq: ["String"],
3318
- # exists: false,
3319
3317
  # neq: ["String"],
3318
+ # contains: ["String"],
3319
+ # exists: false,
3320
3320
  # },
3321
3321
  # },
3322
- # rule_name: "Name", # required
3322
+ # client_token: "String",
3323
3323
  # }
3324
3324
  #
3325
3325
  # @!attribute [rw] analyzer_name
3326
3326
  # The name of the analyzer to update the archive rules for.
3327
3327
  # @return [String]
3328
3328
  #
3329
- # @!attribute [rw] client_token
3330
- # A client token.
3331
- #
3332
- # **A suitable default value is auto-generated.** You should normally
3333
- # not need to pass this option.
3329
+ # @!attribute [rw] rule_name
3330
+ # The name of the rule to update.
3334
3331
  # @return [String]
3335
3332
  #
3336
3333
  # @!attribute [rw] filter
@@ -3338,17 +3335,20 @@ module Aws::AccessAnalyzer
3338
3335
  # filter are updated.
3339
3336
  # @return [Hash<String,Types::Criterion>]
3340
3337
  #
3341
- # @!attribute [rw] rule_name
3342
- # The name of the rule to update.
3338
+ # @!attribute [rw] client_token
3339
+ # A client token.
3340
+ #
3341
+ # **A suitable default value is auto-generated.** You should normally
3342
+ # not need to pass this option.
3343
3343
  # @return [String]
3344
3344
  #
3345
3345
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateArchiveRuleRequest AWS API Documentation
3346
3346
  #
3347
3347
  class UpdateArchiveRuleRequest < Struct.new(
3348
3348
  :analyzer_name,
3349
- :client_token,
3349
+ :rule_name,
3350
3350
  :filter,
3351
- :rule_name)
3351
+ :client_token)
3352
3352
  SENSITIVE = []
3353
3353
  include Aws::Structure
3354
3354
  end
@@ -3360,10 +3360,10 @@ module Aws::AccessAnalyzer
3360
3360
  #
3361
3361
  # {
3362
3362
  # analyzer_arn: "AnalyzerArn", # required
3363
- # client_token: "String",
3363
+ # status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
3364
3364
  # ids: ["FindingId"],
3365
3365
  # resource_arn: "ResourceArn",
3366
- # status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
3366
+ # client_token: "String",
3367
3367
  # }
3368
3368
  #
3369
3369
  # @!attribute [rw] analyzer_arn
@@ -3374,11 +3374,11 @@ module Aws::AccessAnalyzer
3374
3374
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
3375
3375
  # @return [String]
3376
3376
  #
3377
- # @!attribute [rw] client_token
3378
- # A client token.
3379
- #
3380
- # **A suitable default value is auto-generated.** You should normally
3381
- # not need to pass this option.
3377
+ # @!attribute [rw] status
3378
+ # The state represents the action to take to update the finding
3379
+ # Status. Use `ARCHIVE` to change an Active finding to an Archived
3380
+ # finding. Use `ACTIVE` to change an Archived finding to an Active
3381
+ # finding.
3382
3382
  # @return [String]
3383
3383
  #
3384
3384
  # @!attribute [rw] ids
@@ -3389,21 +3389,21 @@ module Aws::AccessAnalyzer
3389
3389
  # The ARN of the resource identified in the finding.
3390
3390
  # @return [String]
3391
3391
  #
3392
- # @!attribute [rw] status
3393
- # The state represents the action to take to update the finding
3394
- # Status. Use `ARCHIVE` to change an Active finding to an Archived
3395
- # finding. Use `ACTIVE` to change an Archived finding to an Active
3396
- # finding.
3392
+ # @!attribute [rw] client_token
3393
+ # A client token.
3394
+ #
3395
+ # **A suitable default value is auto-generated.** You should normally
3396
+ # not need to pass this option.
3397
3397
  # @return [String]
3398
3398
  #
3399
3399
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateFindingsRequest AWS API Documentation
3400
3400
  #
3401
3401
  class UpdateFindingsRequest < Struct.new(
3402
3402
  :analyzer_arn,
3403
- :client_token,
3403
+ :status,
3404
3404
  :ids,
3405
3405
  :resource_arn,
3406
- :status)
3406
+ :client_token)
3407
3407
  SENSITIVE = []
3408
3408
  include Aws::Structure
3409
3409
  end
@@ -3467,7 +3467,7 @@ module Aws::AccessAnalyzer
3467
3467
  # next_token: "Token",
3468
3468
  # policy_document: "PolicyDocument", # required
3469
3469
  # policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
3470
- # validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
3470
+ # validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
3471
3471
  # }
3472
3472
  #
3473
3473
  # @!attribute [rw] locale
@@ -3548,10 +3548,6 @@ module Aws::AccessAnalyzer
3548
3548
 
3549
3549
  # Validation exception error.
3550
3550
  #
3551
- # @!attribute [rw] field_list
3552
- # A list of fields that didn't validate.
3553
- # @return [Array<Types::ValidationExceptionField>]
3554
- #
3555
3551
  # @!attribute [rw] message
3556
3552
  # @return [String]
3557
3553
  #
@@ -3559,31 +3555,35 @@ module Aws::AccessAnalyzer
3559
3555
  # The reason for the exception.
3560
3556
  # @return [String]
3561
3557
  #
3558
+ # @!attribute [rw] field_list
3559
+ # A list of fields that didn't validate.
3560
+ # @return [Array<Types::ValidationExceptionField>]
3561
+ #
3562
3562
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidationException AWS API Documentation
3563
3563
  #
3564
3564
  class ValidationException < Struct.new(
3565
- :field_list,
3566
3565
  :message,
3567
- :reason)
3566
+ :reason,
3567
+ :field_list)
3568
3568
  SENSITIVE = []
3569
3569
  include Aws::Structure
3570
3570
  end
3571
3571
 
3572
3572
  # Contains information about a validation exception.
3573
3573
  #
3574
- # @!attribute [rw] message
3575
- # A message about the validation exception.
3576
- # @return [String]
3577
- #
3578
3574
  # @!attribute [rw] name
3579
3575
  # The name of the validation exception.
3580
3576
  # @return [String]
3581
3577
  #
3578
+ # @!attribute [rw] message
3579
+ # A message about the validation exception.
3580
+ # @return [String]
3581
+ #
3582
3582
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidationExceptionField AWS API Documentation
3583
3583
  #
3584
3584
  class ValidationExceptionField < Struct.new(
3585
- :message,
3586
- :name)
3585
+ :name,
3586
+ :message)
3587
3587
  SENSITIVE = []
3588
3588
  include Aws::Structure
3589
3589
  end