aws-sdk-accessanalyzer 1.29.0 → 1.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -25,6 +25,10 @@ module Aws::AccessAnalyzer
25
25
 
26
26
  # Contains information about an access preview.
27
27
  #
28
+ # @!attribute [rw] id
29
+ # The unique ID for the access preview.
30
+ # @return [String]
31
+ #
28
32
  # @!attribute [rw] analyzer_arn
29
33
  # The ARN of the analyzer used to generate the access preview.
30
34
  # @return [String]
@@ -37,10 +41,6 @@ module Aws::AccessAnalyzer
37
41
  # The time at which the access preview was created.
38
42
  # @return [Time]
39
43
  #
40
- # @!attribute [rw] id
41
- # The unique ID for the access preview.
42
- # @return [String]
43
- #
44
44
  # @!attribute [rw] status
45
45
  # The status of the access preview.
46
46
  #
@@ -64,10 +64,10 @@ module Aws::AccessAnalyzer
64
64
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreview AWS API Documentation
65
65
  #
66
66
  class AccessPreview < Struct.new(
67
+ :id,
67
68
  :analyzer_arn,
68
69
  :configurations,
69
70
  :created_at,
70
- :id,
71
71
  :status,
72
72
  :status_reason)
73
73
  SENSITIVE = []
@@ -76,11 +76,55 @@ module Aws::AccessAnalyzer
76
76
 
77
77
  # An access preview finding generated by the access preview.
78
78
  #
79
+ # @!attribute [rw] id
80
+ # The ID of the access preview finding. This ID uniquely identifies
81
+ # the element in the list of access preview findings and is not
82
+ # related to the finding ID in Access Analyzer.
83
+ # @return [String]
84
+ #
85
+ # @!attribute [rw] existing_finding_id
86
+ # The existing ID of the finding in IAM Access Analyzer, provided only
87
+ # for existing findings.
88
+ # @return [String]
89
+ #
90
+ # @!attribute [rw] existing_finding_status
91
+ # The existing status of the finding, provided only for existing
92
+ # findings.
93
+ # @return [String]
94
+ #
95
+ # @!attribute [rw] principal
96
+ # The external principal that has access to a resource within the zone
97
+ # of trust.
98
+ # @return [Hash<String,String>]
99
+ #
79
100
  # @!attribute [rw] action
80
101
  # The action in the analyzed policy statement that an external
81
102
  # principal has permission to perform.
82
103
  # @return [Array<String>]
83
104
  #
105
+ # @!attribute [rw] condition
106
+ # The condition in the analyzed policy statement that resulted in a
107
+ # finding.
108
+ # @return [Hash<String,String>]
109
+ #
110
+ # @!attribute [rw] resource
111
+ # The resource that an external principal has access to. This is the
112
+ # resource associated with the access preview.
113
+ # @return [String]
114
+ #
115
+ # @!attribute [rw] is_public
116
+ # Indicates whether the policy that generated the finding allows
117
+ # public access to the resource.
118
+ # @return [Boolean]
119
+ #
120
+ # @!attribute [rw] resource_type
121
+ # The type of the resource that can be accessed in the finding.
122
+ # @return [String]
123
+ #
124
+ # @!attribute [rw] created_at
125
+ # The time at which the access preview finding was created.
126
+ # @return [Time]
127
+ #
84
128
  # @!attribute [rw] change_type
85
129
  # Provides context on how the access preview finding compares to
86
130
  # existing access identified in IAM Access Analyzer.
@@ -99,48 +143,12 @@ module Aws::AccessAnalyzer
99
143
  # change.
100
144
  # @return [String]
101
145
  #
102
- # @!attribute [rw] condition
103
- # The condition in the analyzed policy statement that resulted in a
104
- # finding.
105
- # @return [Hash<String,String>]
106
- #
107
- # @!attribute [rw] created_at
108
- # The time at which the access preview finding was created.
109
- # @return [Time]
110
- #
111
- # @!attribute [rw] error
112
- # An error.
113
- # @return [String]
114
- #
115
- # @!attribute [rw] existing_finding_id
116
- # The existing ID of the finding in IAM Access Analyzer, provided only
117
- # for existing findings.
118
- # @return [String]
119
- #
120
- # @!attribute [rw] existing_finding_status
121
- # The existing status of the finding, provided only for existing
122
- # findings.
123
- # @return [String]
124
- #
125
- # @!attribute [rw] id
126
- # The ID of the access preview finding. This ID uniquely identifies
127
- # the element in the list of access preview findings and is not
128
- # related to the finding ID in Access Analyzer.
129
- # @return [String]
130
- #
131
- # @!attribute [rw] is_public
132
- # Indicates whether the policy that generated the finding allows
133
- # public access to the resource.
134
- # @return [Boolean]
135
- #
136
- # @!attribute [rw] principal
137
- # The external principal that has access to a resource within the zone
138
- # of trust.
139
- # @return [Hash<String,String>]
140
- #
141
- # @!attribute [rw] resource
142
- # The resource that an external principal has access to. This is the
143
- # resource associated with the access preview.
146
+ # @!attribute [rw] status
147
+ # The preview status of the finding. This is what the status of the
148
+ # finding would be after permissions deployment. For example, a
149
+ # `Changed` finding with preview status `Resolved` and existing status
150
+ # `Active` indicates the existing `Active` finding would become
151
+ # `Resolved` as a result of the proposed permissions change.
144
152
  # @return [String]
145
153
  #
146
154
  # @!attribute [rw] resource_owner_account
@@ -149,8 +157,8 @@ module Aws::AccessAnalyzer
149
157
  # which the resource was created.
150
158
  # @return [String]
151
159
  #
152
- # @!attribute [rw] resource_type
153
- # The type of the resource that can be accessed in the finding.
160
+ # @!attribute [rw] error
161
+ # An error.
154
162
  # @return [String]
155
163
  #
156
164
  # @!attribute [rw] sources
@@ -159,32 +167,24 @@ module Aws::AccessAnalyzer
159
167
  # bucket findings.
160
168
  # @return [Array<Types::FindingSource>]
161
169
  #
162
- # @!attribute [rw] status
163
- # The preview status of the finding. This is what the status of the
164
- # finding would be after permissions deployment. For example, a
165
- # `Changed` finding with preview status `Resolved` and existing status
166
- # `Active` indicates the existing `Active` finding would become
167
- # `Resolved` as a result of the proposed permissions change.
168
- # @return [String]
169
- #
170
170
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreviewFinding AWS API Documentation
171
171
  #
172
172
  class AccessPreviewFinding < Struct.new(
173
- :action,
174
- :change_type,
175
- :condition,
176
- :created_at,
177
- :error,
173
+ :id,
178
174
  :existing_finding_id,
179
175
  :existing_finding_status,
180
- :id,
181
- :is_public,
182
176
  :principal,
177
+ :action,
178
+ :condition,
183
179
  :resource,
184
- :resource_owner_account,
180
+ :is_public,
185
181
  :resource_type,
186
- :sources,
187
- :status)
182
+ :created_at,
183
+ :change_type,
184
+ :status,
185
+ :resource_owner_account,
186
+ :error,
187
+ :sources)
188
188
  SENSITIVE = []
189
189
  include Aws::Structure
190
190
  end
@@ -208,6 +208,10 @@ module Aws::AccessAnalyzer
208
208
 
209
209
  # Contains a summary of information about an access preview.
210
210
  #
211
+ # @!attribute [rw] id
212
+ # The unique ID for the access preview.
213
+ # @return [String]
214
+ #
211
215
  # @!attribute [rw] analyzer_arn
212
216
  # The ARN of the analyzer used to generate the access preview.
213
217
  # @return [String]
@@ -216,10 +220,6 @@ module Aws::AccessAnalyzer
216
220
  # The time at which the access preview was created.
217
221
  # @return [Time]
218
222
  #
219
- # @!attribute [rw] id
220
- # The unique ID for the access preview.
221
- # @return [String]
222
- #
223
223
  # @!attribute [rw] status
224
224
  # The status of the access preview.
225
225
  #
@@ -242,9 +242,9 @@ module Aws::AccessAnalyzer
242
242
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreviewSummary AWS API Documentation
243
243
  #
244
244
  class AccessPreviewSummary < Struct.new(
245
+ :id,
245
246
  :analyzer_arn,
246
247
  :created_at,
247
- :id,
248
248
  :status,
249
249
  :status_reason)
250
250
  SENSITIVE = []
@@ -289,39 +289,35 @@ module Aws::AccessAnalyzer
289
289
 
290
290
  # Contains details about the analyzed resource.
291
291
  #
292
- # @!attribute [rw] actions
293
- # The actions that an external principal is granted permission to use
294
- # by the policy that generated the finding.
295
- # @return [Array<String>]
292
+ # @!attribute [rw] resource_arn
293
+ # The ARN of the resource that was analyzed.
294
+ # @return [String]
296
295
  #
297
- # @!attribute [rw] analyzed_at
298
- # The time at which the resource was analyzed.
299
- # @return [Time]
296
+ # @!attribute [rw] resource_type
297
+ # The type of the resource that was analyzed.
298
+ # @return [String]
300
299
  #
301
300
  # @!attribute [rw] created_at
302
301
  # The time at which the finding was created.
303
302
  # @return [Time]
304
303
  #
305
- # @!attribute [rw] error
306
- # An error message.
307
- # @return [String]
304
+ # @!attribute [rw] analyzed_at
305
+ # The time at which the resource was analyzed.
306
+ # @return [Time]
307
+ #
308
+ # @!attribute [rw] updated_at
309
+ # The time at which the finding was updated.
310
+ # @return [Time]
308
311
  #
309
312
  # @!attribute [rw] is_public
310
313
  # Indicates whether the policy that generated the finding grants
311
314
  # public access to the resource.
312
315
  # @return [Boolean]
313
316
  #
314
- # @!attribute [rw] resource_arn
315
- # The ARN of the resource that was analyzed.
316
- # @return [String]
317
- #
318
- # @!attribute [rw] resource_owner_account
319
- # The Amazon Web Services account ID that owns the resource.
320
- # @return [String]
321
- #
322
- # @!attribute [rw] resource_type
323
- # The type of the resource that was analyzed.
324
- # @return [String]
317
+ # @!attribute [rw] actions
318
+ # The actions that an external principal is granted permission to use
319
+ # by the policy that generated the finding.
320
+ # @return [Array<String>]
325
321
  #
326
322
  # @!attribute [rw] shared_via
327
323
  # Indicates how the access that generated the finding is granted. This
@@ -333,24 +329,28 @@ module Aws::AccessAnalyzer
333
329
  # resource.
334
330
  # @return [String]
335
331
  #
336
- # @!attribute [rw] updated_at
337
- # The time at which the finding was updated.
338
- # @return [Time]
332
+ # @!attribute [rw] resource_owner_account
333
+ # The Amazon Web Services account ID that owns the resource.
334
+ # @return [String]
335
+ #
336
+ # @!attribute [rw] error
337
+ # An error message.
338
+ # @return [String]
339
339
  #
340
340
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalyzedResource AWS API Documentation
341
341
  #
342
342
  class AnalyzedResource < Struct.new(
343
- :actions,
344
- :analyzed_at,
345
- :created_at,
346
- :error,
347
- :is_public,
348
343
  :resource_arn,
349
- :resource_owner_account,
350
344
  :resource_type,
345
+ :created_at,
346
+ :analyzed_at,
347
+ :updated_at,
348
+ :is_public,
349
+ :actions,
351
350
  :shared_via,
352
351
  :status,
353
- :updated_at)
352
+ :resource_owner_account,
353
+ :error)
354
354
  SENSITIVE = []
355
355
  include Aws::Structure
356
356
  end
@@ -385,6 +385,15 @@ module Aws::AccessAnalyzer
385
385
  # The ARN of the analyzer.
386
386
  # @return [String]
387
387
  #
388
+ # @!attribute [rw] name
389
+ # The name of the analyzer.
390
+ # @return [String]
391
+ #
392
+ # @!attribute [rw] type
393
+ # The type of analyzer, which corresponds to the zone of trust chosen
394
+ # for the analyzer.
395
+ # @return [String]
396
+ #
388
397
  # @!attribute [rw] created_at
389
398
  # A timestamp for the time at which the analyzer was created.
390
399
  # @return [Time]
@@ -397,9 +406,9 @@ module Aws::AccessAnalyzer
397
406
  # The time at which the most recently analyzed resource was analyzed.
398
407
  # @return [Time]
399
408
  #
400
- # @!attribute [rw] name
401
- # The name of the analyzer.
402
- # @return [String]
409
+ # @!attribute [rw] tags
410
+ # The tags added to the analyzer.
411
+ # @return [Hash<String,String>]
403
412
  #
404
413
  # @!attribute [rw] status
405
414
  # The status of the analyzer. An `Active` analyzer successfully
@@ -420,27 +429,18 @@ module Aws::AccessAnalyzer
420
429
  # Web Services organization.
421
430
  # @return [Types::StatusReason]
422
431
  #
423
- # @!attribute [rw] tags
424
- # The tags added to the analyzer.
425
- # @return [Hash<String,String>]
426
- #
427
- # @!attribute [rw] type
428
- # The type of analyzer, which corresponds to the zone of trust chosen
429
- # for the analyzer.
430
- # @return [String]
431
- #
432
432
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalyzerSummary AWS API Documentation
433
433
  #
434
434
  class AnalyzerSummary < Struct.new(
435
435
  :arn,
436
+ :name,
437
+ :type,
436
438
  :created_at,
437
439
  :last_resource_analyzed,
438
440
  :last_resource_analyzed_at,
439
- :name,
440
- :status,
441
- :status_reason,
442
441
  :tags,
443
- :type)
442
+ :status,
443
+ :status_reason)
444
444
  SENSITIVE = []
445
445
  include Aws::Structure
446
446
  end
@@ -452,14 +452,18 @@ module Aws::AccessAnalyzer
452
452
  #
453
453
  # {
454
454
  # analyzer_arn: "AnalyzerArn", # required
455
- # client_token: "String",
456
455
  # rule_name: "Name", # required
456
+ # client_token: "String",
457
457
  # }
458
458
  #
459
459
  # @!attribute [rw] analyzer_arn
460
460
  # The Amazon resource name (ARN) of the analyzer.
461
461
  # @return [String]
462
462
  #
463
+ # @!attribute [rw] rule_name
464
+ # The name of the rule to apply.
465
+ # @return [String]
466
+ #
463
467
  # @!attribute [rw] client_token
464
468
  # A client token.
465
469
  #
@@ -467,33 +471,29 @@ module Aws::AccessAnalyzer
467
471
  # not need to pass this option.
468
472
  # @return [String]
469
473
  #
470
- # @!attribute [rw] rule_name
471
- # The name of the rule to apply.
472
- # @return [String]
473
- #
474
474
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ApplyArchiveRuleRequest AWS API Documentation
475
475
  #
476
476
  class ApplyArchiveRuleRequest < Struct.new(
477
477
  :analyzer_arn,
478
- :client_token,
479
- :rule_name)
478
+ :rule_name,
479
+ :client_token)
480
480
  SENSITIVE = []
481
481
  include Aws::Structure
482
482
  end
483
483
 
484
484
  # Contains information about an archive rule.
485
485
  #
486
- # @!attribute [rw] created_at
487
- # The time at which the archive rule was created.
488
- # @return [Time]
486
+ # @!attribute [rw] rule_name
487
+ # The name of the archive rule.
488
+ # @return [String]
489
489
  #
490
490
  # @!attribute [rw] filter
491
491
  # A filter used to define the archive rule.
492
492
  # @return [Hash<String,Types::Criterion>]
493
493
  #
494
- # @!attribute [rw] rule_name
495
- # The name of the archive rule.
496
- # @return [String]
494
+ # @!attribute [rw] created_at
495
+ # The time at which the archive rule was created.
496
+ # @return [Time]
497
497
  #
498
498
  # @!attribute [rw] updated_at
499
499
  # The time at which the archive rule was last updated.
@@ -502,9 +502,9 @@ module Aws::AccessAnalyzer
502
502
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ArchiveRuleSummary AWS API Documentation
503
503
  #
504
504
  class ArchiveRuleSummary < Struct.new(
505
- :created_at,
506
- :filter,
507
505
  :rule_name,
506
+ :filter,
507
+ :created_at,
508
508
  :updated_at)
509
509
  SENSITIVE = []
510
510
  include Aws::Structure
@@ -542,59 +542,57 @@ module Aws::AccessAnalyzer
542
542
  # data as a hash:
543
543
  #
544
544
  # {
545
- # access_role: "RoleArn", # required
546
- # end_time: Time.now,
547
- # start_time: Time.now, # required
548
545
  # trails: [ # required
549
546
  # {
550
- # all_regions: false,
551
547
  # cloud_trail_arn: "CloudTrailArn", # required
552
548
  # regions: ["String"],
549
+ # all_regions: false,
553
550
  # },
554
551
  # ],
552
+ # access_role: "RoleArn", # required
553
+ # start_time: Time.now, # required
554
+ # end_time: Time.now,
555
555
  # }
556
556
  #
557
+ # @!attribute [rw] trails
558
+ # A `Trail` object that contains settings for a trail.
559
+ # @return [Array<Types::Trail>]
560
+ #
557
561
  # @!attribute [rw] access_role
558
562
  # The ARN of the service role that IAM Access Analyzer uses to access
559
563
  # your CloudTrail trail and service last accessed information.
560
564
  # @return [String]
561
565
  #
562
- # @!attribute [rw] end_time
563
- # The end of the time range for which IAM Access Analyzer reviews your
564
- # CloudTrail events. Events with a timestamp after this time are not
565
- # considered to generate a policy. If this is not included in the
566
- # request, the default value is the current time.
567
- # @return [Time]
568
- #
569
566
  # @!attribute [rw] start_time
570
567
  # The start of the time range for which IAM Access Analyzer reviews
571
568
  # your CloudTrail events. Events with a timestamp before this time are
572
569
  # not considered to generate a policy.
573
570
  # @return [Time]
574
571
  #
575
- # @!attribute [rw] trails
576
- # A `Trail` object that contains settings for a trail.
577
- # @return [Array<Types::Trail>]
572
+ # @!attribute [rw] end_time
573
+ # The end of the time range for which IAM Access Analyzer reviews your
574
+ # CloudTrail events. Events with a timestamp after this time are not
575
+ # considered to generate a policy. If this is not included in the
576
+ # request, the default value is the current time.
577
+ # @return [Time]
578
578
  #
579
579
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CloudTrailDetails AWS API Documentation
580
580
  #
581
581
  class CloudTrailDetails < Struct.new(
582
+ :trails,
582
583
  :access_role,
583
- :end_time,
584
584
  :start_time,
585
- :trails)
585
+ :end_time)
586
586
  SENSITIVE = []
587
587
  include Aws::Structure
588
588
  end
589
589
 
590
590
  # Contains information about CloudTrail access.
591
591
  #
592
- # @!attribute [rw] end_time
593
- # The end of the time range for which IAM Access Analyzer reviews your
594
- # CloudTrail events. Events with a timestamp after this time are not
595
- # considered to generate a policy. If this is not included in the
596
- # request, the default value is the current time.
597
- # @return [Time]
592
+ # @!attribute [rw] trail_properties
593
+ # A `TrailProperties` object that contains settings for trail
594
+ # properties.
595
+ # @return [Array<Types::TrailProperties>]
598
596
  #
599
597
  # @!attribute [rw] start_time
600
598
  # The start of the time range for which IAM Access Analyzer reviews
@@ -602,17 +600,19 @@ module Aws::AccessAnalyzer
602
600
  # not considered to generate a policy.
603
601
  # @return [Time]
604
602
  #
605
- # @!attribute [rw] trail_properties
606
- # A `TrailProperties` object that contains settings for trail
607
- # properties.
608
- # @return [Array<Types::TrailProperties>]
603
+ # @!attribute [rw] end_time
604
+ # The end of the time range for which IAM Access Analyzer reviews your
605
+ # CloudTrail events. Events with a timestamp after this time are not
606
+ # considered to generate a policy. If this is not included in the
607
+ # request, the default value is the current time.
608
+ # @return [Time]
609
609
  #
610
610
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CloudTrailProperties AWS API Documentation
611
611
  #
612
612
  class CloudTrailProperties < Struct.new(
613
- :end_time,
613
+ :trail_properties,
614
614
  :start_time,
615
- :trail_properties)
615
+ :end_time)
616
616
  SENSITIVE = []
617
617
  include Aws::Structure
618
618
  end
@@ -633,14 +633,14 @@ module Aws::AccessAnalyzer
633
633
  # The access control configuration is for a KMS key.
634
634
  # @return [Types::KmsKeyConfiguration]
635
635
  #
636
- # @!attribute [rw] s3_bucket
637
- # The access control configuration is for an Amazon S3 Bucket.
638
- # @return [Types::S3BucketConfiguration]
639
- #
640
636
  # @!attribute [rw] secrets_manager_secret
641
637
  # The access control configuration is for a Secrets Manager secret.
642
638
  # @return [Types::SecretsManagerSecretConfiguration]
643
639
  #
640
+ # @!attribute [rw] s3_bucket
641
+ # The access control configuration is for an Amazon S3 Bucket.
642
+ # @return [Types::S3BucketConfiguration]
643
+ #
644
644
  # @!attribute [rw] sqs_queue
645
645
  # The access control configuration is for an Amazon SQS queue.
646
646
  # @return [Types::SqsQueueConfiguration]
@@ -650,8 +650,8 @@ module Aws::AccessAnalyzer
650
650
  class Configuration < Struct.new(
651
651
  :iam_role,
652
652
  :kms_key,
653
- :s3_bucket,
654
653
  :secrets_manager_secret,
654
+ :s3_bucket,
655
655
  :sqs_queue,
656
656
  :unknown)
657
657
  SENSITIVE = []
@@ -660,8 +660,8 @@ module Aws::AccessAnalyzer
660
660
 
661
661
  class IamRole < Configuration; end
662
662
  class KmsKey < Configuration; end
663
- class S3Bucket < Configuration; end
664
663
  class SecretsManagerSecret < Configuration; end
664
+ class S3Bucket < Configuration; end
665
665
  class SqsQueue < Configuration; end
666
666
  class Unknown < Configuration; end
667
667
  end
@@ -694,15 +694,20 @@ module Aws::AccessAnalyzer
694
694
  #
695
695
  # {
696
696
  # analyzer_arn: "AnalyzerArn", # required
697
- # client_token: "String",
698
697
  # configurations: { # required
699
698
  # "ConfigurationsMapKey" => {
700
699
  # iam_role: {
701
700
  # trust_policy: "IamTrustPolicy",
702
701
  # },
703
702
  # kms_key: {
703
+ # key_policies: {
704
+ # "PolicyName" => "KmsKeyPolicy",
705
+ # },
704
706
  # grants: [
705
707
  # {
708
+ # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
709
+ # grantee_principal: "GranteePrincipal", # required
710
+ # retiring_principal: "RetiringPrincipal",
706
711
  # constraints: {
707
712
  # encryption_context_equals: {
708
713
  # "KmsConstraintsKey" => "KmsConstraintsValue",
@@ -711,57 +716,52 @@ module Aws::AccessAnalyzer
711
716
  # "KmsConstraintsKey" => "KmsConstraintsValue",
712
717
  # },
713
718
  # },
714
- # grantee_principal: "GranteePrincipal", # required
715
719
  # issuing_account: "IssuingAccount", # required
716
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
717
- # retiring_principal: "RetiringPrincipal",
718
720
  # },
719
721
  # ],
720
- # key_policies: {
721
- # "PolicyName" => "KmsKeyPolicy",
722
- # },
722
+ # },
723
+ # secrets_manager_secret: {
724
+ # kms_key_id: "SecretsManagerSecretKmsId",
725
+ # secret_policy: "SecretsManagerSecretPolicy",
723
726
  # },
724
727
  # s3_bucket: {
725
- # access_points: {
726
- # "AccessPointArn" => {
727
- # access_point_policy: "AccessPointPolicy",
728
- # network_origin: {
729
- # internet_configuration: {
730
- # },
731
- # vpc_configuration: {
732
- # vpc_id: "VpcId", # required
733
- # },
734
- # },
735
- # public_access_block: {
736
- # ignore_public_acls: false, # required
737
- # restrict_public_buckets: false, # required
738
- # },
739
- # },
740
- # },
728
+ # bucket_policy: "S3BucketPolicy",
741
729
  # bucket_acl_grants: [
742
730
  # {
731
+ # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
743
732
  # grantee: { # required
744
733
  # id: "AclCanonicalId",
745
734
  # uri: "AclUri",
746
735
  # },
747
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
748
736
  # },
749
737
  # ],
750
- # bucket_policy: "S3BucketPolicy",
751
738
  # bucket_public_access_block: {
752
739
  # ignore_public_acls: false, # required
753
740
  # restrict_public_buckets: false, # required
754
741
  # },
755
- # },
756
- # secrets_manager_secret: {
757
- # kms_key_id: "SecretsManagerSecretKmsId",
758
- # secret_policy: "SecretsManagerSecretPolicy",
742
+ # access_points: {
743
+ # "AccessPointArn" => {
744
+ # access_point_policy: "AccessPointPolicy",
745
+ # public_access_block: {
746
+ # ignore_public_acls: false, # required
747
+ # restrict_public_buckets: false, # required
748
+ # },
749
+ # network_origin: {
750
+ # vpc_configuration: {
751
+ # vpc_id: "VpcId", # required
752
+ # },
753
+ # internet_configuration: {
754
+ # },
755
+ # },
756
+ # },
757
+ # },
759
758
  # },
760
759
  # sqs_queue: {
761
760
  # queue_policy: "SqsQueuePolicy",
762
761
  # },
763
762
  # },
764
763
  # },
764
+ # client_token: "String",
765
765
  # }
766
766
  #
767
767
  # @!attribute [rw] analyzer_arn
@@ -774,13 +774,6 @@ module Aws::AccessAnalyzer
774
774
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
775
775
  # @return [String]
776
776
  #
777
- # @!attribute [rw] client_token
778
- # A client token.
779
- #
780
- # **A suitable default value is auto-generated.** You should normally
781
- # not need to pass this option.
782
- # @return [String]
783
- #
784
777
  # @!attribute [rw] configurations
785
778
  # Access control configuration for your resource that is used to
786
779
  # generate the access preview. The access preview includes findings
@@ -789,12 +782,19 @@ module Aws::AccessAnalyzer
789
782
  # element.
790
783
  # @return [Hash<String,Types::Configuration>]
791
784
  #
785
+ # @!attribute [rw] client_token
786
+ # A client token.
787
+ #
788
+ # **A suitable default value is auto-generated.** You should normally
789
+ # not need to pass this option.
790
+ # @return [String]
791
+ #
792
792
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAccessPreviewRequest AWS API Documentation
793
793
  #
794
794
  class CreateAccessPreviewRequest < Struct.new(
795
795
  :analyzer_arn,
796
- :client_token,
797
- :configurations)
796
+ :configurations,
797
+ :client_token)
798
798
  SENSITIVE = []
799
799
  include Aws::Structure
800
800
  end
@@ -818,36 +818,47 @@ module Aws::AccessAnalyzer
818
818
  #
819
819
  # {
820
820
  # analyzer_name: "Name", # required
821
+ # type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
821
822
  # archive_rules: [
822
823
  # {
824
+ # rule_name: "Name", # required
823
825
  # filter: { # required
824
826
  # "String" => {
825
- # contains: ["String"],
826
827
  # eq: ["String"],
827
- # exists: false,
828
828
  # neq: ["String"],
829
+ # contains: ["String"],
830
+ # exists: false,
829
831
  # },
830
832
  # },
831
- # rule_name: "Name", # required
832
833
  # },
833
834
  # ],
834
- # client_token: "String",
835
835
  # tags: {
836
836
  # "String" => "String",
837
837
  # },
838
- # type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
838
+ # client_token: "String",
839
839
  # }
840
840
  #
841
841
  # @!attribute [rw] analyzer_name
842
842
  # The name of the analyzer to create.
843
843
  # @return [String]
844
844
  #
845
+ # @!attribute [rw] type
846
+ # The type of analyzer to create. Only ACCOUNT and ORGANIZATION
847
+ # analyzers are supported. You can create only one analyzer per
848
+ # account per Region. You can create up to 5 analyzers per
849
+ # organization per Region.
850
+ # @return [String]
851
+ #
845
852
  # @!attribute [rw] archive_rules
846
853
  # Specifies the archive rules to add for the analyzer. Archive rules
847
854
  # automatically archive findings that meet the criteria you define for
848
855
  # the rule.
849
856
  # @return [Array<Types::InlineArchiveRule>]
850
857
  #
858
+ # @!attribute [rw] tags
859
+ # The tags to apply to the analyzer.
860
+ # @return [Hash<String,String>]
861
+ #
851
862
  # @!attribute [rw] client_token
852
863
  # A client token.
853
864
  #
@@ -855,25 +866,14 @@ module Aws::AccessAnalyzer
855
866
  # not need to pass this option.
856
867
  # @return [String]
857
868
  #
858
- # @!attribute [rw] tags
859
- # The tags to apply to the analyzer.
860
- # @return [Hash<String,String>]
861
- #
862
- # @!attribute [rw] type
863
- # The type of analyzer to create. Only ACCOUNT and ORGANIZATION
864
- # analyzers are supported. You can create only one analyzer per
865
- # account per Region. You can create up to 5 analyzers per
866
- # organization per Region.
867
- # @return [String]
868
- #
869
869
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAnalyzerRequest AWS API Documentation
870
870
  #
871
871
  class CreateAnalyzerRequest < Struct.new(
872
872
  :analyzer_name,
873
+ :type,
873
874
  :archive_rules,
874
- :client_token,
875
875
  :tags,
876
- :type)
876
+ :client_token)
877
877
  SENSITIVE = []
878
878
  include Aws::Structure
879
879
  end
@@ -899,44 +899,44 @@ module Aws::AccessAnalyzer
899
899
  #
900
900
  # {
901
901
  # analyzer_name: "Name", # required
902
- # client_token: "String",
902
+ # rule_name: "Name", # required
903
903
  # filter: { # required
904
904
  # "String" => {
905
- # contains: ["String"],
906
905
  # eq: ["String"],
907
- # exists: false,
908
906
  # neq: ["String"],
907
+ # contains: ["String"],
908
+ # exists: false,
909
909
  # },
910
910
  # },
911
- # rule_name: "Name", # required
911
+ # client_token: "String",
912
912
  # }
913
913
  #
914
914
  # @!attribute [rw] analyzer_name
915
915
  # The name of the created analyzer.
916
916
  # @return [String]
917
917
  #
918
- # @!attribute [rw] client_token
919
- # A client token.
920
- #
921
- # **A suitable default value is auto-generated.** You should normally
922
- # not need to pass this option.
918
+ # @!attribute [rw] rule_name
919
+ # The name of the rule to create.
923
920
  # @return [String]
924
921
  #
925
922
  # @!attribute [rw] filter
926
923
  # The criteria for the rule.
927
924
  # @return [Hash<String,Types::Criterion>]
928
925
  #
929
- # @!attribute [rw] rule_name
930
- # The name of the rule to create.
926
+ # @!attribute [rw] client_token
927
+ # A client token.
928
+ #
929
+ # **A suitable default value is auto-generated.** You should normally
930
+ # not need to pass this option.
931
931
  # @return [String]
932
932
  #
933
933
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateArchiveRuleRequest AWS API Documentation
934
934
  #
935
935
  class CreateArchiveRuleRequest < Struct.new(
936
936
  :analyzer_name,
937
- :client_token,
937
+ :rule_name,
938
938
  :filter,
939
- :rule_name)
939
+ :client_token)
940
940
  SENSITIVE = []
941
941
  include Aws::Structure
942
942
  end
@@ -947,19 +947,24 @@ module Aws::AccessAnalyzer
947
947
  # data as a hash:
948
948
  #
949
949
  # {
950
- # contains: ["String"],
951
950
  # eq: ["String"],
952
- # exists: false,
953
951
  # neq: ["String"],
952
+ # contains: ["String"],
953
+ # exists: false,
954
954
  # }
955
955
  #
956
- # @!attribute [rw] contains
957
- # A "contains" operator to match for the filter used to create the
956
+ # @!attribute [rw] eq
957
+ # An "equals" operator to match for the filter used to create the
958
958
  # rule.
959
959
  # @return [Array<String>]
960
960
  #
961
- # @!attribute [rw] eq
962
- # An "equals" operator to match for the filter used to create the
961
+ # @!attribute [rw] neq
962
+ # A "not equals" operator to match for the filter used to create the
963
+ # rule.
964
+ # @return [Array<String>]
965
+ #
966
+ # @!attribute [rw] contains
967
+ # A "contains" operator to match for the filter used to create the
963
968
  # rule.
964
969
  # @return [Array<String>]
965
970
  #
@@ -968,18 +973,13 @@ module Aws::AccessAnalyzer
968
973
  # rule.
969
974
  # @return [Boolean]
970
975
  #
971
- # @!attribute [rw] neq
972
- # A "not equals" operator to match for the filter used to create the
973
- # rule.
974
- # @return [Array<String>]
975
- #
976
976
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Criterion AWS API Documentation
977
977
  #
978
978
  class Criterion < Struct.new(
979
- :contains,
980
979
  :eq,
981
- :exists,
982
- :neq)
980
+ :neq,
981
+ :contains,
982
+ :exists)
983
983
  SENSITIVE = []
984
984
  include Aws::Structure
985
985
  end
@@ -1021,8 +1021,8 @@ module Aws::AccessAnalyzer
1021
1021
  #
1022
1022
  # {
1023
1023
  # analyzer_name: "Name", # required
1024
- # client_token: "String",
1025
1024
  # rule_name: "Name", # required
1025
+ # client_token: "String",
1026
1026
  # }
1027
1027
  #
1028
1028
  # @!attribute [rw] analyzer_name
@@ -1030,6 +1030,10 @@ module Aws::AccessAnalyzer
1030
1030
  # delete.
1031
1031
  # @return [String]
1032
1032
  #
1033
+ # @!attribute [rw] rule_name
1034
+ # The name of the rule to delete.
1035
+ # @return [String]
1036
+ #
1033
1037
  # @!attribute [rw] client_token
1034
1038
  # A client token.
1035
1039
  #
@@ -1037,30 +1041,44 @@ module Aws::AccessAnalyzer
1037
1041
  # not need to pass this option.
1038
1042
  # @return [String]
1039
1043
  #
1040
- # @!attribute [rw] rule_name
1041
- # The name of the rule to delete.
1042
- # @return [String]
1043
- #
1044
1044
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/DeleteArchiveRuleRequest AWS API Documentation
1045
1045
  #
1046
1046
  class DeleteArchiveRuleRequest < Struct.new(
1047
1047
  :analyzer_name,
1048
- :client_token,
1049
- :rule_name)
1048
+ :rule_name,
1049
+ :client_token)
1050
1050
  SENSITIVE = []
1051
1051
  include Aws::Structure
1052
1052
  end
1053
1053
 
1054
1054
  # Contains information about a finding.
1055
1055
  #
1056
+ # @!attribute [rw] id
1057
+ # The ID of the finding.
1058
+ # @return [String]
1059
+ #
1060
+ # @!attribute [rw] principal
1061
+ # The external principal that access to a resource within the zone of
1062
+ # trust.
1063
+ # @return [Hash<String,String>]
1064
+ #
1056
1065
  # @!attribute [rw] action
1057
1066
  # The action in the analyzed policy statement that an external
1058
1067
  # principal has permission to use.
1059
1068
  # @return [Array<String>]
1060
1069
  #
1061
- # @!attribute [rw] analyzed_at
1062
- # The time at which the resource was analyzed.
1063
- # @return [Time]
1070
+ # @!attribute [rw] resource
1071
+ # The resource that an external principal has access to.
1072
+ # @return [String]
1073
+ #
1074
+ # @!attribute [rw] is_public
1075
+ # Indicates whether the policy that generated the finding allows
1076
+ # public access to the resource.
1077
+ # @return [Boolean]
1078
+ #
1079
+ # @!attribute [rw] resource_type
1080
+ # The type of the resource identified in the finding.
1081
+ # @return [String]
1064
1082
  #
1065
1083
  # @!attribute [rw] condition
1066
1084
  # The condition in the analyzed policy statement that resulted in a
@@ -1071,34 +1089,24 @@ module Aws::AccessAnalyzer
1071
1089
  # The time at which the finding was generated.
1072
1090
  # @return [Time]
1073
1091
  #
1074
- # @!attribute [rw] error
1075
- # An error.
1076
- # @return [String]
1077
- #
1078
- # @!attribute [rw] id
1079
- # The ID of the finding.
1080
- # @return [String]
1081
- #
1082
- # @!attribute [rw] is_public
1083
- # Indicates whether the policy that generated the finding allows
1084
- # public access to the resource.
1085
- # @return [Boolean]
1092
+ # @!attribute [rw] analyzed_at
1093
+ # The time at which the resource was analyzed.
1094
+ # @return [Time]
1086
1095
  #
1087
- # @!attribute [rw] principal
1088
- # The external principal that access to a resource within the zone of
1089
- # trust.
1090
- # @return [Hash<String,String>]
1096
+ # @!attribute [rw] updated_at
1097
+ # The time at which the finding was updated.
1098
+ # @return [Time]
1091
1099
  #
1092
- # @!attribute [rw] resource
1093
- # The resource that an external principal has access to.
1100
+ # @!attribute [rw] status
1101
+ # The current status of the finding.
1094
1102
  # @return [String]
1095
1103
  #
1096
1104
  # @!attribute [rw] resource_owner_account
1097
1105
  # The Amazon Web Services account ID that owns the resource.
1098
1106
  # @return [String]
1099
1107
  #
1100
- # @!attribute [rw] resource_type
1101
- # The type of the resource identified in the finding.
1108
+ # @!attribute [rw] error
1109
+ # An error.
1102
1110
  # @return [String]
1103
1111
  #
1104
1112
  # @!attribute [rw] sources
@@ -1107,31 +1115,23 @@ module Aws::AccessAnalyzer
1107
1115
  # bucket findings.
1108
1116
  # @return [Array<Types::FindingSource>]
1109
1117
  #
1110
- # @!attribute [rw] status
1111
- # The current status of the finding.
1112
- # @return [String]
1113
- #
1114
- # @!attribute [rw] updated_at
1115
- # The time at which the finding was updated.
1116
- # @return [Time]
1117
- #
1118
1118
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Finding AWS API Documentation
1119
1119
  #
1120
1120
  class Finding < Struct.new(
1121
- :action,
1122
- :analyzed_at,
1123
- :condition,
1124
- :created_at,
1125
- :error,
1126
1121
  :id,
1127
- :is_public,
1128
1122
  :principal,
1123
+ :action,
1129
1124
  :resource,
1130
- :resource_owner_account,
1125
+ :is_public,
1131
1126
  :resource_type,
1132
- :sources,
1127
+ :condition,
1128
+ :created_at,
1129
+ :analyzed_at,
1130
+ :updated_at,
1133
1131
  :status,
1134
- :updated_at)
1132
+ :resource_owner_account,
1133
+ :error,
1134
+ :sources)
1135
1135
  SENSITIVE = []
1136
1136
  include Aws::Structure
1137
1137
  end
@@ -1140,20 +1140,20 @@ module Aws::AccessAnalyzer
1140
1140
  # generated the finding is granted. It is populated for Amazon S3 bucket
1141
1141
  # findings.
1142
1142
  #
1143
+ # @!attribute [rw] type
1144
+ # Indicates the type of access that generated the finding.
1145
+ # @return [String]
1146
+ #
1143
1147
  # @!attribute [rw] detail
1144
1148
  # Includes details about how the access that generated the finding is
1145
1149
  # granted. This is populated for Amazon S3 bucket findings.
1146
1150
  # @return [Types::FindingSourceDetail]
1147
1151
  #
1148
- # @!attribute [rw] type
1149
- # Indicates the type of access that generated the finding.
1150
- # @return [String]
1151
- #
1152
1152
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSource AWS API Documentation
1153
1153
  #
1154
1154
  class FindingSource < Struct.new(
1155
- :detail,
1156
- :type)
1155
+ :type,
1156
+ :detail)
1157
1157
  SENSITIVE = []
1158
1158
  include Aws::Structure
1159
1159
  end
@@ -1177,15 +1177,32 @@ module Aws::AccessAnalyzer
1177
1177
 
1178
1178
  # Contains information about a finding.
1179
1179
  #
1180
+ # @!attribute [rw] id
1181
+ # The ID of the finding.
1182
+ # @return [String]
1183
+ #
1184
+ # @!attribute [rw] principal
1185
+ # The external principal that has access to a resource within the zone
1186
+ # of trust.
1187
+ # @return [Hash<String,String>]
1188
+ #
1180
1189
  # @!attribute [rw] action
1181
1190
  # The action in the analyzed policy statement that an external
1182
1191
  # principal has permission to use.
1183
1192
  # @return [Array<String>]
1184
1193
  #
1185
- # @!attribute [rw] analyzed_at
1186
- # The time at which the resource-based policy that generated the
1187
- # finding was analyzed.
1188
- # @return [Time]
1194
+ # @!attribute [rw] resource
1195
+ # The resource that the external principal has access to.
1196
+ # @return [String]
1197
+ #
1198
+ # @!attribute [rw] is_public
1199
+ # Indicates whether the finding reports a resource that has a policy
1200
+ # that allows public access.
1201
+ # @return [Boolean]
1202
+ #
1203
+ # @!attribute [rw] resource_type
1204
+ # The type of the resource that the external principal has access to.
1205
+ # @return [String]
1189
1206
  #
1190
1207
  # @!attribute [rw] condition
1191
1208
  # The condition in the analyzed policy statement that resulted in a
@@ -1196,34 +1213,25 @@ module Aws::AccessAnalyzer
1196
1213
  # The time at which the finding was created.
1197
1214
  # @return [Time]
1198
1215
  #
1199
- # @!attribute [rw] error
1200
- # The error that resulted in an Error finding.
1201
- # @return [String]
1202
- #
1203
- # @!attribute [rw] id
1204
- # The ID of the finding.
1205
- # @return [String]
1206
- #
1207
- # @!attribute [rw] is_public
1208
- # Indicates whether the finding reports a resource that has a policy
1209
- # that allows public access.
1210
- # @return [Boolean]
1216
+ # @!attribute [rw] analyzed_at
1217
+ # The time at which the resource-based policy that generated the
1218
+ # finding was analyzed.
1219
+ # @return [Time]
1211
1220
  #
1212
- # @!attribute [rw] principal
1213
- # The external principal that has access to a resource within the zone
1214
- # of trust.
1215
- # @return [Hash<String,String>]
1221
+ # @!attribute [rw] updated_at
1222
+ # The time at which the finding was most recently updated.
1223
+ # @return [Time]
1216
1224
  #
1217
- # @!attribute [rw] resource
1218
- # The resource that the external principal has access to.
1225
+ # @!attribute [rw] status
1226
+ # The status of the finding.
1219
1227
  # @return [String]
1220
1228
  #
1221
1229
  # @!attribute [rw] resource_owner_account
1222
1230
  # The Amazon Web Services account ID that owns the resource.
1223
1231
  # @return [String]
1224
1232
  #
1225
- # @!attribute [rw] resource_type
1226
- # The type of the resource that the external principal has access to.
1233
+ # @!attribute [rw] error
1234
+ # The error that resulted in an Error finding.
1227
1235
  # @return [String]
1228
1236
  #
1229
1237
  # @!attribute [rw] sources
@@ -1232,31 +1240,23 @@ module Aws::AccessAnalyzer
1232
1240
  # bucket findings.
1233
1241
  # @return [Array<Types::FindingSource>]
1234
1242
  #
1235
- # @!attribute [rw] status
1236
- # The status of the finding.
1237
- # @return [String]
1238
- #
1239
- # @!attribute [rw] updated_at
1240
- # The time at which the finding was most recently updated.
1241
- # @return [Time]
1242
- #
1243
1243
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSummary AWS API Documentation
1244
1244
  #
1245
1245
  class FindingSummary < Struct.new(
1246
- :action,
1247
- :analyzed_at,
1248
- :condition,
1249
- :created_at,
1250
- :error,
1251
1246
  :id,
1252
- :is_public,
1253
1247
  :principal,
1248
+ :action,
1254
1249
  :resource,
1255
- :resource_owner_account,
1250
+ :is_public,
1256
1251
  :resource_type,
1257
- :sources,
1252
+ :condition,
1253
+ :created_at,
1254
+ :analyzed_at,
1255
+ :updated_at,
1258
1256
  :status,
1259
- :updated_at)
1257
+ :resource_owner_account,
1258
+ :error,
1259
+ :sources)
1260
1260
  SENSITIVE = []
1261
1261
  include Aws::Structure
1262
1262
  end
@@ -1282,10 +1282,6 @@ module Aws::AccessAnalyzer
1282
1282
 
1283
1283
  # Contains the generated policy details.
1284
1284
  #
1285
- # @!attribute [rw] cloud_trail_properties
1286
- # Lists details about the `Trail` used to generated policy.
1287
- # @return [Types::CloudTrailProperties]
1288
- #
1289
1285
  # @!attribute [rw] is_complete
1290
1286
  # This value is set to `true` if the generated policy contains all
1291
1287
  # possible actions for a service that IAM Access Analyzer identified
@@ -1297,18 +1293,27 @@ module Aws::AccessAnalyzer
1297
1293
  # generating a policy.
1298
1294
  # @return [String]
1299
1295
  #
1296
+ # @!attribute [rw] cloud_trail_properties
1297
+ # Lists details about the `Trail` used to generated policy.
1298
+ # @return [Types::CloudTrailProperties]
1299
+ #
1300
1300
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicyProperties AWS API Documentation
1301
1301
  #
1302
1302
  class GeneratedPolicyProperties < Struct.new(
1303
- :cloud_trail_properties,
1304
1303
  :is_complete,
1305
- :principal_arn)
1304
+ :principal_arn,
1305
+ :cloud_trail_properties)
1306
1306
  SENSITIVE = []
1307
1307
  include Aws::Structure
1308
1308
  end
1309
1309
 
1310
1310
  # Contains the text for the generated policy and its details.
1311
1311
  #
1312
+ # @!attribute [rw] properties
1313
+ # A `GeneratedPolicyProperties` object that contains properties of the
1314
+ # generated policy.
1315
+ # @return [Types::GeneratedPolicyProperties]
1316
+ #
1312
1317
  # @!attribute [rw] generated_policies
1313
1318
  # The text to use as the content for the new policy. The policy is
1314
1319
  # created using the [CreatePolicy][1] action.
@@ -1318,16 +1323,11 @@ module Aws::AccessAnalyzer
1318
1323
  # [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
1319
1324
  # @return [Array<Types::GeneratedPolicy>]
1320
1325
  #
1321
- # @!attribute [rw] properties
1322
- # A `GeneratedPolicyProperties` object that contains properties of the
1323
- # generated policy.
1324
- # @return [Types::GeneratedPolicyProperties]
1325
- #
1326
1326
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicyResult AWS API Documentation
1327
1327
  #
1328
1328
  class GeneratedPolicyResult < Struct.new(
1329
- :generated_policies,
1330
- :properties)
1329
+ :properties,
1330
+ :generated_policies)
1331
1331
  SENSITIVE = []
1332
1332
  include Aws::Structure
1333
1333
  end
@@ -1545,11 +1545,18 @@ module Aws::AccessAnalyzer
1545
1545
  # data as a hash:
1546
1546
  #
1547
1547
  # {
1548
+ # job_id: "JobId", # required
1548
1549
  # include_resource_placeholders: false,
1549
1550
  # include_service_level_template: false,
1550
- # job_id: "JobId", # required
1551
1551
  # }
1552
1552
  #
1553
+ # @!attribute [rw] job_id
1554
+ # The `JobId` that is returned by the `StartPolicyGeneration`
1555
+ # operation. The `JobId` can be used with `GetGeneratedPolicy` to
1556
+ # retrieve the generated policies or used with
1557
+ # `CancelPolicyGeneration` to cancel the policy generation request.
1558
+ # @return [String]
1559
+ #
1553
1560
  # @!attribute [rw] include_resource_placeholders
1554
1561
  # The level of detail that you want to generate. You can specify
1555
1562
  # whether to generate policies with placeholders for resource ARNs for
@@ -1569,38 +1576,31 @@ module Aws::AccessAnalyzer
1569
1576
  # template.
1570
1577
  # @return [Boolean]
1571
1578
  #
1572
- # @!attribute [rw] job_id
1573
- # The `JobId` that is returned by the `StartPolicyGeneration`
1574
- # operation. The `JobId` can be used with `GetGeneratedPolicy` to
1575
- # retrieve the generated policies or used with
1576
- # `CancelPolicyGeneration` to cancel the policy generation request.
1577
- # @return [String]
1578
- #
1579
1579
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicyRequest AWS API Documentation
1580
1580
  #
1581
1581
  class GetGeneratedPolicyRequest < Struct.new(
1582
+ :job_id,
1582
1583
  :include_resource_placeholders,
1583
- :include_service_level_template,
1584
- :job_id)
1584
+ :include_service_level_template)
1585
1585
  SENSITIVE = []
1586
1586
  include Aws::Structure
1587
1587
  end
1588
1588
 
1589
- # @!attribute [rw] generated_policy_result
1590
- # A `GeneratedPolicyResult` object that contains the generated
1591
- # policies and associated details.
1592
- # @return [Types::GeneratedPolicyResult]
1593
- #
1594
1589
  # @!attribute [rw] job_details
1595
1590
  # A `GeneratedPolicyDetails` object that contains details about the
1596
1591
  # generated policy.
1597
1592
  # @return [Types::JobDetails]
1598
1593
  #
1594
+ # @!attribute [rw] generated_policy_result
1595
+ # A `GeneratedPolicyResult` object that contains the generated
1596
+ # policies and associated details.
1597
+ # @return [Types::GeneratedPolicyResult]
1598
+ #
1599
1599
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicyResponse AWS API Documentation
1600
1600
  #
1601
1601
  class GetGeneratedPolicyResponse < Struct.new(
1602
- :generated_policy_result,
1603
- :job_details)
1602
+ :job_details,
1603
+ :generated_policy_result)
1604
1604
  SENSITIVE = []
1605
1605
  include Aws::Structure
1606
1606
  end
@@ -1645,30 +1645,30 @@ module Aws::AccessAnalyzer
1645
1645
  # data as a hash:
1646
1646
  #
1647
1647
  # {
1648
+ # rule_name: "Name", # required
1648
1649
  # filter: { # required
1649
1650
  # "String" => {
1650
- # contains: ["String"],
1651
1651
  # eq: ["String"],
1652
- # exists: false,
1653
1652
  # neq: ["String"],
1653
+ # contains: ["String"],
1654
+ # exists: false,
1654
1655
  # },
1655
1656
  # },
1656
- # rule_name: "Name", # required
1657
1657
  # }
1658
1658
  #
1659
- # @!attribute [rw] filter
1660
- # The condition and values for a criterion.
1661
- # @return [Hash<String,Types::Criterion>]
1662
- #
1663
1659
  # @!attribute [rw] rule_name
1664
1660
  # The name of the rule.
1665
1661
  # @return [String]
1666
1662
  #
1663
+ # @!attribute [rw] filter
1664
+ # The condition and values for a criterion.
1665
+ # @return [Hash<String,Types::Criterion>]
1666
+ #
1667
1667
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InlineArchiveRule AWS API Documentation
1668
1668
  #
1669
1669
  class InlineArchiveRule < Struct.new(
1670
- :filter,
1671
- :rule_name)
1670
+ :rule_name,
1671
+ :filter)
1672
1672
  SENSITIVE = []
1673
1673
  include Aws::Structure
1674
1674
  end
@@ -1702,14 +1702,6 @@ module Aws::AccessAnalyzer
1702
1702
 
1703
1703
  # Contains details about the policy generation request.
1704
1704
  #
1705
- # @!attribute [rw] completed_on
1706
- # A timestamp of when the job was completed.
1707
- # @return [Time]
1708
- #
1709
- # @!attribute [rw] job_error
1710
- # The job error for the policy generation request.
1711
- # @return [Types::JobError]
1712
- #
1713
1705
  # @!attribute [rw] job_id
1714
1706
  # The `JobId` that is returned by the `StartPolicyGeneration`
1715
1707
  # operation. The `JobId` can be used with `GetGeneratedPolicy` to
@@ -1717,22 +1709,30 @@ module Aws::AccessAnalyzer
1717
1709
  # `CancelPolicyGeneration` to cancel the policy generation request.
1718
1710
  # @return [String]
1719
1711
  #
1712
+ # @!attribute [rw] status
1713
+ # The status of the job request.
1714
+ # @return [String]
1715
+ #
1720
1716
  # @!attribute [rw] started_on
1721
1717
  # A timestamp of when the job was started.
1722
1718
  # @return [Time]
1723
1719
  #
1724
- # @!attribute [rw] status
1725
- # The status of the job request.
1726
- # @return [String]
1720
+ # @!attribute [rw] completed_on
1721
+ # A timestamp of when the job was completed.
1722
+ # @return [Time]
1723
+ #
1724
+ # @!attribute [rw] job_error
1725
+ # The job error for the policy generation request.
1726
+ # @return [Types::JobError]
1727
1727
  #
1728
1728
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/JobDetails AWS API Documentation
1729
1729
  #
1730
1730
  class JobDetails < Struct.new(
1731
- :completed_on,
1732
- :job_error,
1733
1731
  :job_id,
1732
+ :status,
1734
1733
  :started_on,
1735
- :status)
1734
+ :completed_on,
1735
+ :job_error)
1736
1736
  SENSITIVE = []
1737
1737
  include Aws::Structure
1738
1738
  end
@@ -1768,6 +1768,9 @@ module Aws::AccessAnalyzer
1768
1768
  # data as a hash:
1769
1769
  #
1770
1770
  # {
1771
+ # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
1772
+ # grantee_principal: "GranteePrincipal", # required
1773
+ # retiring_principal: "RetiringPrincipal",
1771
1774
  # constraints: {
1772
1775
  # encryption_context_equals: {
1773
1776
  # "KmsConstraintsKey" => "KmsConstraintsValue",
@@ -1776,12 +1779,27 @@ module Aws::AccessAnalyzer
1776
1779
  # "KmsConstraintsKey" => "KmsConstraintsValue",
1777
1780
  # },
1778
1781
  # },
1779
- # grantee_principal: "GranteePrincipal", # required
1780
1782
  # issuing_account: "IssuingAccount", # required
1781
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
1782
- # retiring_principal: "RetiringPrincipal",
1783
1783
  # }
1784
1784
  #
1785
+ # @!attribute [rw] operations
1786
+ # A list of operations that the grant permits.
1787
+ # @return [Array<String>]
1788
+ #
1789
+ # @!attribute [rw] grantee_principal
1790
+ # The principal that is given permission to perform the operations
1791
+ # that the grant permits.
1792
+ # @return [String]
1793
+ #
1794
+ # @!attribute [rw] retiring_principal
1795
+ # The principal that is given permission to retire the grant by using
1796
+ # [RetireGrant][1] operation.
1797
+ #
1798
+ #
1799
+ #
1800
+ # [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html
1801
+ # @return [String]
1802
+ #
1785
1803
  # @!attribute [rw] constraints
1786
1804
  # Use this structure to propose allowing [cryptographic operations][1]
1787
1805
  # in the grant only when the operation request includes the specified
@@ -1793,38 +1811,20 @@ module Aws::AccessAnalyzer
1793
1811
  # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
1794
1812
  # @return [Types::KmsGrantConstraints]
1795
1813
  #
1796
- # @!attribute [rw] grantee_principal
1797
- # The principal that is given permission to perform the operations
1798
- # that the grant permits.
1799
- # @return [String]
1800
- #
1801
1814
  # @!attribute [rw] issuing_account
1802
1815
  # The Amazon Web Services account under which the grant was issued.
1803
1816
  # The account is used to propose KMS grants issued by accounts other
1804
1817
  # than the owner of the key.
1805
1818
  # @return [String]
1806
1819
  #
1807
- # @!attribute [rw] operations
1808
- # A list of operations that the grant permits.
1809
- # @return [Array<String>]
1810
- #
1811
- # @!attribute [rw] retiring_principal
1812
- # The principal that is given permission to retire the grant by using
1813
- # [RetireGrant][1] operation.
1814
- #
1815
- #
1816
- #
1817
- # [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html
1818
- # @return [String]
1819
- #
1820
1820
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/KmsGrantConfiguration AWS API Documentation
1821
1821
  #
1822
1822
  class KmsGrantConfiguration < Struct.new(
1823
- :constraints,
1824
- :grantee_principal,
1825
- :issuing_account,
1826
1823
  :operations,
1827
- :retiring_principal)
1824
+ :grantee_principal,
1825
+ :retiring_principal,
1826
+ :constraints,
1827
+ :issuing_account)
1828
1828
  SENSITIVE = []
1829
1829
  include Aws::Structure
1830
1830
  end
@@ -1907,8 +1907,14 @@ module Aws::AccessAnalyzer
1907
1907
  # data as a hash:
1908
1908
  #
1909
1909
  # {
1910
+ # key_policies: {
1911
+ # "PolicyName" => "KmsKeyPolicy",
1912
+ # },
1910
1913
  # grants: [
1911
1914
  # {
1915
+ # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
1916
+ # grantee_principal: "GranteePrincipal", # required
1917
+ # retiring_principal: "RetiringPrincipal",
1912
1918
  # constraints: {
1913
1919
  # encryption_context_equals: {
1914
1920
  # "KmsConstraintsKey" => "KmsConstraintsValue",
@@ -1917,25 +1923,11 @@ module Aws::AccessAnalyzer
1917
1923
  # "KmsConstraintsKey" => "KmsConstraintsValue",
1918
1924
  # },
1919
1925
  # },
1920
- # grantee_principal: "GranteePrincipal", # required
1921
1926
  # issuing_account: "IssuingAccount", # required
1922
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
1923
- # retiring_principal: "RetiringPrincipal",
1924
1927
  # },
1925
1928
  # ],
1926
- # key_policies: {
1927
- # "PolicyName" => "KmsKeyPolicy",
1928
- # },
1929
1929
  # }
1930
1930
  #
1931
- # @!attribute [rw] grants
1932
- # A list of proposed grant configurations for the KMS key. If the
1933
- # proposed grant configuration is for an existing key, the access
1934
- # preview uses the proposed list of grant configurations in place of
1935
- # the existing grants. Otherwise, the access preview uses the existing
1936
- # grants for the key.
1937
- # @return [Array<Types::KmsGrantConfiguration>]
1938
- #
1939
1931
  # @!attribute [rw] key_policies
1940
1932
  # Resource policy configuration for the KMS key. The only valid value
1941
1933
  # for the name of the key policy is `default`. For more information,
@@ -1946,11 +1938,19 @@ module Aws::AccessAnalyzer
1946
1938
  # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
1947
1939
  # @return [Hash<String,String>]
1948
1940
  #
1941
+ # @!attribute [rw] grants
1942
+ # A list of proposed grant configurations for the KMS key. If the
1943
+ # proposed grant configuration is for an existing key, the access
1944
+ # preview uses the proposed list of grant configurations in place of
1945
+ # the existing grants. Otherwise, the access preview uses the existing
1946
+ # grants for the key.
1947
+ # @return [Array<Types::KmsGrantConfiguration>]
1948
+ #
1949
1949
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/KmsKeyConfiguration AWS API Documentation
1950
1950
  #
1951
1951
  class KmsKeyConfiguration < Struct.new(
1952
- :grants,
1953
- :key_policies)
1952
+ :key_policies,
1953
+ :grants)
1954
1954
  SENSITIVE = []
1955
1955
  include Aws::Structure
1956
1956
  end
@@ -1963,14 +1963,14 @@ module Aws::AccessAnalyzer
1963
1963
  # analyzer_arn: "AnalyzerArn", # required
1964
1964
  # filter: {
1965
1965
  # "String" => {
1966
- # contains: ["String"],
1967
1966
  # eq: ["String"],
1968
- # exists: false,
1969
1967
  # neq: ["String"],
1968
+ # contains: ["String"],
1969
+ # exists: false,
1970
1970
  # },
1971
1971
  # },
1972
- # max_results: 1,
1973
1972
  # next_token: "Token",
1973
+ # max_results: 1,
1974
1974
  # }
1975
1975
  #
1976
1976
  # @!attribute [rw] access_preview_id
@@ -1989,22 +1989,22 @@ module Aws::AccessAnalyzer
1989
1989
  # Criteria to filter the returned findings.
1990
1990
  # @return [Hash<String,Types::Criterion>]
1991
1991
  #
1992
- # @!attribute [rw] max_results
1993
- # The maximum number of results to return in the response.
1994
- # @return [Integer]
1995
- #
1996
1992
  # @!attribute [rw] next_token
1997
1993
  # A token used for pagination of results returned.
1998
1994
  # @return [String]
1999
1995
  #
1996
+ # @!attribute [rw] max_results
1997
+ # The maximum number of results to return in the response.
1998
+ # @return [Integer]
1999
+ #
2000
2000
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindingsRequest AWS API Documentation
2001
2001
  #
2002
2002
  class ListAccessPreviewFindingsRequest < Struct.new(
2003
2003
  :access_preview_id,
2004
2004
  :analyzer_arn,
2005
2005
  :filter,
2006
- :max_results,
2007
- :next_token)
2006
+ :next_token,
2007
+ :max_results)
2008
2008
  SENSITIVE = []
2009
2009
  include Aws::Structure
2010
2010
  end
@@ -2032,8 +2032,8 @@ module Aws::AccessAnalyzer
2032
2032
  #
2033
2033
  # {
2034
2034
  # analyzer_arn: "AnalyzerArn", # required
2035
- # max_results: 1,
2036
2035
  # next_token: "Token",
2036
+ # max_results: 1,
2037
2037
  # }
2038
2038
  #
2039
2039
  # @!attribute [rw] analyzer_arn
@@ -2044,20 +2044,20 @@ module Aws::AccessAnalyzer
2044
2044
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
2045
2045
  # @return [String]
2046
2046
  #
2047
- # @!attribute [rw] max_results
2048
- # The maximum number of results to return in the response.
2049
- # @return [Integer]
2050
- #
2051
2047
  # @!attribute [rw] next_token
2052
2048
  # A token used for pagination of results returned.
2053
2049
  # @return [String]
2054
2050
  #
2051
+ # @!attribute [rw] max_results
2052
+ # The maximum number of results to return in the response.
2053
+ # @return [Integer]
2054
+ #
2055
2055
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewsRequest AWS API Documentation
2056
2056
  #
2057
2057
  class ListAccessPreviewsRequest < Struct.new(
2058
2058
  :analyzer_arn,
2059
- :max_results,
2060
- :next_token)
2059
+ :next_token,
2060
+ :max_results)
2061
2061
  SENSITIVE = []
2062
2062
  include Aws::Structure
2063
2063
  end
@@ -2086,9 +2086,9 @@ module Aws::AccessAnalyzer
2086
2086
  #
2087
2087
  # {
2088
2088
  # analyzer_arn: "AnalyzerArn", # required
2089
- # max_results: 1,
2090
- # next_token: "Token",
2091
2089
  # resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
2090
+ # next_token: "Token",
2091
+ # max_results: 1,
2092
2092
  # }
2093
2093
  #
2094
2094
  # @!attribute [rw] analyzer_arn
@@ -2100,25 +2100,25 @@ module Aws::AccessAnalyzer
2100
2100
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
2101
2101
  # @return [String]
2102
2102
  #
2103
- # @!attribute [rw] max_results
2104
- # The maximum number of results to return in the response.
2105
- # @return [Integer]
2103
+ # @!attribute [rw] resource_type
2104
+ # The type of resource.
2105
+ # @return [String]
2106
2106
  #
2107
2107
  # @!attribute [rw] next_token
2108
2108
  # A token used for pagination of results returned.
2109
2109
  # @return [String]
2110
2110
  #
2111
- # @!attribute [rw] resource_type
2112
- # The type of resource.
2113
- # @return [String]
2111
+ # @!attribute [rw] max_results
2112
+ # The maximum number of results to return in the response.
2113
+ # @return [Integer]
2114
2114
  #
2115
2115
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResourcesRequest AWS API Documentation
2116
2116
  #
2117
2117
  class ListAnalyzedResourcesRequest < Struct.new(
2118
2118
  :analyzer_arn,
2119
- :max_results,
2119
+ :resource_type,
2120
2120
  :next_token,
2121
- :resource_type)
2121
+ :max_results)
2122
2122
  SENSITIVE = []
2123
2123
  include Aws::Structure
2124
2124
  end
@@ -2148,19 +2148,19 @@ module Aws::AccessAnalyzer
2148
2148
  # data as a hash:
2149
2149
  #
2150
2150
  # {
2151
- # max_results: 1,
2152
2151
  # next_token: "Token",
2152
+ # max_results: 1,
2153
2153
  # type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
2154
2154
  # }
2155
2155
  #
2156
- # @!attribute [rw] max_results
2157
- # The maximum number of results to return in the response.
2158
- # @return [Integer]
2159
- #
2160
2156
  # @!attribute [rw] next_token
2161
2157
  # A token used for pagination of results returned.
2162
2158
  # @return [String]
2163
2159
  #
2160
+ # @!attribute [rw] max_results
2161
+ # The maximum number of results to return in the response.
2162
+ # @return [Integer]
2163
+ #
2164
2164
  # @!attribute [rw] type
2165
2165
  # The type of analyzer.
2166
2166
  # @return [String]
@@ -2168,8 +2168,8 @@ module Aws::AccessAnalyzer
2168
2168
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzersRequest AWS API Documentation
2169
2169
  #
2170
2170
  class ListAnalyzersRequest < Struct.new(
2171
- :max_results,
2172
2171
  :next_token,
2172
+ :max_results,
2173
2173
  :type)
2174
2174
  SENSITIVE = []
2175
2175
  include Aws::Structure
@@ -2201,28 +2201,28 @@ module Aws::AccessAnalyzer
2201
2201
  #
2202
2202
  # {
2203
2203
  # analyzer_name: "Name", # required
2204
- # max_results: 1,
2205
2204
  # next_token: "Token",
2205
+ # max_results: 1,
2206
2206
  # }
2207
2207
  #
2208
2208
  # @!attribute [rw] analyzer_name
2209
2209
  # The name of the analyzer to retrieve rules from.
2210
2210
  # @return [String]
2211
2211
  #
2212
- # @!attribute [rw] max_results
2213
- # The maximum number of results to return in the request.
2214
- # @return [Integer]
2215
- #
2216
2212
  # @!attribute [rw] next_token
2217
2213
  # A token used for pagination of results returned.
2218
2214
  # @return [String]
2219
2215
  #
2216
+ # @!attribute [rw] max_results
2217
+ # The maximum number of results to return in the request.
2218
+ # @return [Integer]
2219
+ #
2220
2220
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListArchiveRulesRequest AWS API Documentation
2221
2221
  #
2222
2222
  class ListArchiveRulesRequest < Struct.new(
2223
2223
  :analyzer_name,
2224
- :max_results,
2225
- :next_token)
2224
+ :next_token,
2225
+ :max_results)
2226
2226
  SENSITIVE = []
2227
2227
  include Aws::Structure
2228
2228
  end
@@ -2255,18 +2255,18 @@ module Aws::AccessAnalyzer
2255
2255
  # analyzer_arn: "AnalyzerArn", # required
2256
2256
  # filter: {
2257
2257
  # "String" => {
2258
- # contains: ["String"],
2259
2258
  # eq: ["String"],
2260
- # exists: false,
2261
2259
  # neq: ["String"],
2260
+ # contains: ["String"],
2261
+ # exists: false,
2262
2262
  # },
2263
2263
  # },
2264
- # max_results: 1,
2265
- # next_token: "Token",
2266
2264
  # sort: {
2267
2265
  # attribute_name: "String",
2268
2266
  # order_by: "ASC", # accepts ASC, DESC
2269
2267
  # },
2268
+ # next_token: "Token",
2269
+ # max_results: 1,
2270
2270
  # }
2271
2271
  #
2272
2272
  # @!attribute [rw] analyzer_arn
@@ -2281,26 +2281,26 @@ module Aws::AccessAnalyzer
2281
2281
  # A filter to match for the findings to return.
2282
2282
  # @return [Hash<String,Types::Criterion>]
2283
2283
  #
2284
- # @!attribute [rw] max_results
2285
- # The maximum number of results to return in the response.
2286
- # @return [Integer]
2284
+ # @!attribute [rw] sort
2285
+ # The sort order for the findings returned.
2286
+ # @return [Types::SortCriteria]
2287
2287
  #
2288
2288
  # @!attribute [rw] next_token
2289
2289
  # A token used for pagination of results returned.
2290
2290
  # @return [String]
2291
2291
  #
2292
- # @!attribute [rw] sort
2293
- # The sort order for the findings returned.
2294
- # @return [Types::SortCriteria]
2292
+ # @!attribute [rw] max_results
2293
+ # The maximum number of results to return in the response.
2294
+ # @return [Integer]
2295
2295
  #
2296
2296
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindingsRequest AWS API Documentation
2297
2297
  #
2298
2298
  class ListFindingsRequest < Struct.new(
2299
2299
  :analyzer_arn,
2300
2300
  :filter,
2301
- :max_results,
2301
+ :sort,
2302
2302
  :next_token,
2303
- :sort)
2303
+ :max_results)
2304
2304
  SENSITIVE = []
2305
2305
  include Aws::Structure
2306
2306
  end
@@ -2329,11 +2329,17 @@ module Aws::AccessAnalyzer
2329
2329
  # data as a hash:
2330
2330
  #
2331
2331
  # {
2332
+ # principal_arn: "PrincipalArn",
2332
2333
  # max_results: 1,
2333
2334
  # next_token: "Token",
2334
- # principal_arn: "PrincipalArn",
2335
2335
  # }
2336
2336
  #
2337
+ # @!attribute [rw] principal_arn
2338
+ # The ARN of the IAM entity (user or role) for which you are
2339
+ # generating a policy. Use this with `ListGeneratedPolicies` to filter
2340
+ # the results to only include results for a specific principal.
2341
+ # @return [String]
2342
+ #
2337
2343
  # @!attribute [rw] max_results
2338
2344
  # The maximum number of results to return in the response.
2339
2345
  # @return [Integer]
@@ -2342,36 +2348,30 @@ module Aws::AccessAnalyzer
2342
2348
  # A token used for pagination of results returned.
2343
2349
  # @return [String]
2344
2350
  #
2345
- # @!attribute [rw] principal_arn
2346
- # The ARN of the IAM entity (user or role) for which you are
2347
- # generating a policy. Use this with `ListGeneratedPolicies` to filter
2348
- # the results to only include results for a specific principal.
2349
- # @return [String]
2350
- #
2351
2351
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerationsRequest AWS API Documentation
2352
2352
  #
2353
2353
  class ListPolicyGenerationsRequest < Struct.new(
2354
+ :principal_arn,
2354
2355
  :max_results,
2355
- :next_token,
2356
- :principal_arn)
2356
+ :next_token)
2357
2357
  SENSITIVE = []
2358
2358
  include Aws::Structure
2359
2359
  end
2360
2360
 
2361
- # @!attribute [rw] next_token
2362
- # A token used for pagination of results returned.
2363
- # @return [String]
2364
- #
2365
2361
  # @!attribute [rw] policy_generations
2366
2362
  # A `PolicyGeneration` object that contains details about the
2367
2363
  # generated policy.
2368
2364
  # @return [Array<Types::PolicyGeneration>]
2369
2365
  #
2366
+ # @!attribute [rw] next_token
2367
+ # A token used for pagination of results returned.
2368
+ # @return [String]
2369
+ #
2370
2370
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerationsResponse AWS API Documentation
2371
2371
  #
2372
2372
  class ListPolicyGenerationsResponse < Struct.new(
2373
- :next_token,
2374
- :policy_generations)
2373
+ :policy_generations,
2374
+ :next_token)
2375
2375
  SENSITIVE = []
2376
2376
  include Aws::Structure
2377
2377
  end
@@ -2447,11 +2447,6 @@ module Aws::AccessAnalyzer
2447
2447
  #
2448
2448
  # @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
2449
2449
  #
2450
- # @!attribute [rw] internet_configuration
2451
- # The configuration for the Amazon S3 access point or multi-region
2452
- # access point with an `Internet` origin.
2453
- # @return [Types::InternetConfiguration]
2454
- #
2455
2450
  # @!attribute [rw] vpc_configuration
2456
2451
  # The proposed virtual private cloud (VPC) configuration for the
2457
2452
  # Amazon S3 access point. VPC configuration does not apply to
@@ -2463,18 +2458,23 @@ module Aws::AccessAnalyzer
2463
2458
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html
2464
2459
  # @return [Types::VpcConfiguration]
2465
2460
  #
2461
+ # @!attribute [rw] internet_configuration
2462
+ # The configuration for the Amazon S3 access point or multi-region
2463
+ # access point with an `Internet` origin.
2464
+ # @return [Types::InternetConfiguration]
2465
+ #
2466
2466
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/NetworkOriginConfiguration AWS API Documentation
2467
2467
  #
2468
2468
  class NetworkOriginConfiguration < Struct.new(
2469
- :internet_configuration,
2470
2469
  :vpc_configuration,
2470
+ :internet_configuration,
2471
2471
  :unknown)
2472
2472
  SENSITIVE = []
2473
2473
  include Aws::Structure
2474
2474
  include Aws::Structure::Union
2475
2475
 
2476
- class InternetConfiguration < NetworkOriginConfiguration; end
2477
2476
  class VpcConfiguration < NetworkOriginConfiguration; end
2477
+ class InternetConfiguration < NetworkOriginConfiguration; end
2478
2478
  class Unknown < NetworkOriginConfiguration; end
2479
2479
  end
2480
2480
 
@@ -2520,10 +2520,6 @@ module Aws::AccessAnalyzer
2520
2520
 
2521
2521
  # Contains details about the policy generation status and properties.
2522
2522
  #
2523
- # @!attribute [rw] completed_on
2524
- # A timestamp of when the policy generation was completed.
2525
- # @return [Time]
2526
- #
2527
2523
  # @!attribute [rw] job_id
2528
2524
  # The `JobId` that is returned by the `StartPolicyGeneration`
2529
2525
  # operation. The `JobId` can be used with `GetGeneratedPolicy` to
@@ -2536,22 +2532,26 @@ module Aws::AccessAnalyzer
2536
2532
  # generating a policy.
2537
2533
  # @return [String]
2538
2534
  #
2535
+ # @!attribute [rw] status
2536
+ # The status of the policy generation request.
2537
+ # @return [String]
2538
+ #
2539
2539
  # @!attribute [rw] started_on
2540
2540
  # A timestamp of when the policy generation started.
2541
2541
  # @return [Time]
2542
2542
  #
2543
- # @!attribute [rw] status
2544
- # The status of the policy generation request.
2545
- # @return [String]
2543
+ # @!attribute [rw] completed_on
2544
+ # A timestamp of when the policy generation was completed.
2545
+ # @return [Time]
2546
2546
  #
2547
2547
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/PolicyGeneration AWS API Documentation
2548
2548
  #
2549
2549
  class PolicyGeneration < Struct.new(
2550
- :completed_on,
2551
2550
  :job_id,
2552
2551
  :principal_arn,
2552
+ :status,
2553
2553
  :started_on,
2554
- :status)
2554
+ :completed_on)
2555
2555
  SENSITIVE = []
2556
2556
  include Aws::Structure
2557
2557
  end
@@ -2581,14 +2581,14 @@ module Aws::AccessAnalyzer
2581
2581
 
2582
2582
  # A position in a policy.
2583
2583
  #
2584
- # @!attribute [rw] column
2585
- # The column of the position, starting from 0.
2586
- # @return [Integer]
2587
- #
2588
2584
  # @!attribute [rw] line
2589
2585
  # The line of the position, starting from 1.
2590
2586
  # @return [Integer]
2591
2587
  #
2588
+ # @!attribute [rw] column
2589
+ # The column of the position, starting from 0.
2590
+ # @return [Integer]
2591
+ #
2592
2592
  # @!attribute [rw] offset
2593
2593
  # The offset within the policy that corresponds to the position,
2594
2594
  # starting from 0.
@@ -2597,8 +2597,8 @@ module Aws::AccessAnalyzer
2597
2597
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Position AWS API Documentation
2598
2598
  #
2599
2599
  class Position < Struct.new(
2600
- :column,
2601
2600
  :line,
2601
+ :column,
2602
2602
  :offset)
2603
2603
  SENSITIVE = []
2604
2604
  include Aws::Structure
@@ -2640,7 +2640,7 @@ module Aws::AccessAnalyzer
2640
2640
  #
2641
2641
  #
2642
2642
  #
2643
- # [1]: https://docs.aws.amazon.com/https:/docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
2643
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
2644
2644
  # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html
2645
2645
  #
2646
2646
  # @note When making an API call, you may pass S3AccessPointConfiguration
@@ -2648,16 +2648,16 @@ module Aws::AccessAnalyzer
2648
2648
  #
2649
2649
  # {
2650
2650
  # access_point_policy: "AccessPointPolicy",
2651
+ # public_access_block: {
2652
+ # ignore_public_acls: false, # required
2653
+ # restrict_public_buckets: false, # required
2654
+ # },
2651
2655
  # network_origin: {
2652
- # internet_configuration: {
2653
- # },
2654
2656
  # vpc_configuration: {
2655
2657
  # vpc_id: "VpcId", # required
2656
2658
  # },
2657
- # },
2658
- # public_access_block: {
2659
- # ignore_public_acls: false, # required
2660
- # restrict_public_buckets: false, # required
2659
+ # internet_configuration: {
2660
+ # },
2661
2661
  # },
2662
2662
  # }
2663
2663
  #
@@ -2665,6 +2665,11 @@ module Aws::AccessAnalyzer
2665
2665
  # The access point or multi-region access point policy.
2666
2666
  # @return [String]
2667
2667
  #
2668
+ # @!attribute [rw] public_access_block
2669
+ # The proposed `S3PublicAccessBlock` configuration to apply to this
2670
+ # Amazon S3 access point or multi-region access point.
2671
+ # @return [Types::S3PublicAccessBlockConfiguration]
2672
+ #
2668
2673
  # @!attribute [rw] network_origin
2669
2674
  # The proposed `Internet` and `VpcConfiguration` to apply to this
2670
2675
  # Amazon S3 access point. `VpcConfiguration` does not apply to
@@ -2675,17 +2680,12 @@ module Aws::AccessAnalyzer
2675
2680
  # the exiting network origin.
2676
2681
  # @return [Types::NetworkOriginConfiguration]
2677
2682
  #
2678
- # @!attribute [rw] public_access_block
2679
- # The proposed `S3PublicAccessBlock` configuration to apply to this
2680
- # Amazon S3 access point or multi-region access point.
2681
- # @return [Types::S3PublicAccessBlockConfiguration]
2682
- #
2683
2683
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3AccessPointConfiguration AWS API Documentation
2684
2684
  #
2685
2685
  class S3AccessPointConfiguration < Struct.new(
2686
2686
  :access_point_policy,
2687
- :network_origin,
2688
- :public_access_block)
2687
+ :public_access_block,
2688
+ :network_origin)
2689
2689
  SENSITIVE = []
2690
2690
  include Aws::Structure
2691
2691
  end
@@ -2701,26 +2701,26 @@ module Aws::AccessAnalyzer
2701
2701
  # data as a hash:
2702
2702
  #
2703
2703
  # {
2704
+ # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
2704
2705
  # grantee: { # required
2705
2706
  # id: "AclCanonicalId",
2706
2707
  # uri: "AclUri",
2707
2708
  # },
2708
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
2709
2709
  # }
2710
2710
  #
2711
- # @!attribute [rw] grantee
2712
- # The grantee to whom you’re assigning access rights.
2713
- # @return [Types::AclGrantee]
2714
- #
2715
2711
  # @!attribute [rw] permission
2716
2712
  # The permissions being granted.
2717
2713
  # @return [String]
2718
2714
  #
2715
+ # @!attribute [rw] grantee
2716
+ # The grantee to whom you’re assigning access rights.
2717
+ # @return [Types::AclGrantee]
2718
+ #
2719
2719
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3BucketAclGrantConfiguration AWS API Documentation
2720
2720
  #
2721
2721
  class S3BucketAclGrantConfiguration < Struct.new(
2722
- :grantee,
2723
- :permission)
2722
+ :permission,
2723
+ :grantee)
2724
2724
  SENSITIVE = []
2725
2725
  include Aws::Structure
2726
2726
  end
@@ -2747,43 +2747,41 @@ module Aws::AccessAnalyzer
2747
2747
  # data as a hash:
2748
2748
  #
2749
2749
  # {
2750
- # access_points: {
2751
- # "AccessPointArn" => {
2752
- # access_point_policy: "AccessPointPolicy",
2753
- # network_origin: {
2754
- # internet_configuration: {
2755
- # },
2756
- # vpc_configuration: {
2757
- # vpc_id: "VpcId", # required
2758
- # },
2759
- # },
2760
- # public_access_block: {
2761
- # ignore_public_acls: false, # required
2762
- # restrict_public_buckets: false, # required
2763
- # },
2764
- # },
2765
- # },
2750
+ # bucket_policy: "S3BucketPolicy",
2766
2751
  # bucket_acl_grants: [
2767
2752
  # {
2753
+ # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
2768
2754
  # grantee: { # required
2769
2755
  # id: "AclCanonicalId",
2770
2756
  # uri: "AclUri",
2771
2757
  # },
2772
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
2773
2758
  # },
2774
2759
  # ],
2775
- # bucket_policy: "S3BucketPolicy",
2776
2760
  # bucket_public_access_block: {
2777
2761
  # ignore_public_acls: false, # required
2778
2762
  # restrict_public_buckets: false, # required
2779
2763
  # },
2764
+ # access_points: {
2765
+ # "AccessPointArn" => {
2766
+ # access_point_policy: "AccessPointPolicy",
2767
+ # public_access_block: {
2768
+ # ignore_public_acls: false, # required
2769
+ # restrict_public_buckets: false, # required
2770
+ # },
2771
+ # network_origin: {
2772
+ # vpc_configuration: {
2773
+ # vpc_id: "VpcId", # required
2774
+ # },
2775
+ # internet_configuration: {
2776
+ # },
2777
+ # },
2778
+ # },
2779
+ # },
2780
2780
  # }
2781
2781
  #
2782
- # @!attribute [rw] access_points
2783
- # The configuration of Amazon S3 access points or multi-region access
2784
- # points for the bucket. You can propose up to 10 new access points
2785
- # per bucket.
2786
- # @return [Hash<String,Types::S3AccessPointConfiguration>]
2782
+ # @!attribute [rw] bucket_policy
2783
+ # The proposed bucket policy for the Amazon S3 bucket.
2784
+ # @return [String]
2787
2785
  #
2788
2786
  # @!attribute [rw] bucket_acl_grants
2789
2787
  # The proposed list of ACL grants for the Amazon S3 bucket. You can
@@ -2794,22 +2792,24 @@ module Aws::AccessAnalyzer
2794
2792
  # the bucket.
2795
2793
  # @return [Array<Types::S3BucketAclGrantConfiguration>]
2796
2794
  #
2797
- # @!attribute [rw] bucket_policy
2798
- # The proposed bucket policy for the Amazon S3 bucket.
2799
- # @return [String]
2800
- #
2801
2795
  # @!attribute [rw] bucket_public_access_block
2802
2796
  # The proposed block public access configuration for the Amazon S3
2803
2797
  # bucket.
2804
2798
  # @return [Types::S3PublicAccessBlockConfiguration]
2805
2799
  #
2800
+ # @!attribute [rw] access_points
2801
+ # The configuration of Amazon S3 access points or multi-region access
2802
+ # points for the bucket. You can propose up to 10 new access points
2803
+ # per bucket.
2804
+ # @return [Hash<String,Types::S3AccessPointConfiguration>]
2805
+ #
2806
2806
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3BucketConfiguration AWS API Documentation
2807
2807
  #
2808
2808
  class S3BucketConfiguration < Struct.new(
2809
- :access_points,
2810
- :bucket_acl_grants,
2811
2809
  :bucket_policy,
2812
- :bucket_public_access_block)
2810
+ :bucket_acl_grants,
2811
+ :bucket_public_access_block,
2812
+ :access_points)
2813
2813
  SENSITIVE = []
2814
2814
  include Aws::Structure
2815
2815
  end
@@ -2957,19 +2957,19 @@ module Aws::AccessAnalyzer
2957
2957
  # A span in a policy. The span consists of a start position (inclusive)
2958
2958
  # and end position (exclusive).
2959
2959
  #
2960
- # @!attribute [rw] end
2961
- # The end position of the span (exclusive).
2962
- # @return [Types::Position]
2963
- #
2964
2960
  # @!attribute [rw] start
2965
2961
  # The start position of the span (inclusive).
2966
2962
  # @return [Types::Position]
2967
2963
  #
2964
+ # @!attribute [rw] end
2965
+ # The end position of the span (exclusive).
2966
+ # @return [Types::Position]
2967
+ #
2968
2968
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Span AWS API Documentation
2969
2969
  #
2970
2970
  class Span < Struct.new(
2971
- :end,
2972
- :start)
2971
+ :start,
2972
+ :end)
2973
2973
  SENSITIVE = []
2974
2974
  include Aws::Structure
2975
2975
  end
@@ -3013,24 +3013,34 @@ module Aws::AccessAnalyzer
3013
3013
  # data as a hash:
3014
3014
  #
3015
3015
  # {
3016
- # client_token: "String",
3016
+ # policy_generation_details: { # required
3017
+ # principal_arn: "PrincipalArn", # required
3018
+ # },
3017
3019
  # cloud_trail_details: {
3018
- # access_role: "RoleArn", # required
3019
- # end_time: Time.now,
3020
- # start_time: Time.now, # required
3021
3020
  # trails: [ # required
3022
3021
  # {
3023
- # all_regions: false,
3024
3022
  # cloud_trail_arn: "CloudTrailArn", # required
3025
3023
  # regions: ["String"],
3024
+ # all_regions: false,
3026
3025
  # },
3027
3026
  # ],
3027
+ # access_role: "RoleArn", # required
3028
+ # start_time: Time.now, # required
3029
+ # end_time: Time.now,
3028
3030
  # },
3029
- # policy_generation_details: { # required
3030
- # principal_arn: "PrincipalArn", # required
3031
- # },
3031
+ # client_token: "String",
3032
3032
  # }
3033
3033
  #
3034
+ # @!attribute [rw] policy_generation_details
3035
+ # Contains the ARN of the IAM entity (user or role) for which you are
3036
+ # generating a policy.
3037
+ # @return [Types::PolicyGenerationDetails]
3038
+ #
3039
+ # @!attribute [rw] cloud_trail_details
3040
+ # A `CloudTrailDetails` object that contains details about a `Trail`
3041
+ # that you want to analyze to generate policies.
3042
+ # @return [Types::CloudTrailDetails]
3043
+ #
3034
3044
  # @!attribute [rw] client_token
3035
3045
  # A unique, case-sensitive identifier that you provide to ensure the
3036
3046
  # idempotency of the request. Idempotency ensures that an API request
@@ -3046,22 +3056,12 @@ module Aws::AccessAnalyzer
3046
3056
  # not need to pass this option.
3047
3057
  # @return [String]
3048
3058
  #
3049
- # @!attribute [rw] cloud_trail_details
3050
- # A `CloudTrailDetails` object that contains details about a `Trail`
3051
- # that you want to analyze to generate policies.
3052
- # @return [Types::CloudTrailDetails]
3053
- #
3054
- # @!attribute [rw] policy_generation_details
3055
- # Contains the ARN of the IAM entity (user or role) for which you are
3056
- # generating a policy.
3057
- # @return [Types::PolicyGenerationDetails]
3058
- #
3059
3059
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartPolicyGenerationRequest AWS API Documentation
3060
3060
  #
3061
3061
  class StartPolicyGenerationRequest < Struct.new(
3062
- :client_token,
3062
+ :policy_generation_details,
3063
3063
  :cloud_trail_details,
3064
- :policy_generation_details)
3064
+ :client_token)
3065
3065
  SENSITIVE = []
3066
3066
  include Aws::Structure
3067
3067
  end
@@ -3133,19 +3133,19 @@ module Aws::AccessAnalyzer
3133
3133
 
3134
3134
  # A reference to a substring of a literal string in a JSON document.
3135
3135
  #
3136
- # @!attribute [rw] length
3137
- # The length of the substring.
3138
- # @return [Integer]
3139
- #
3140
3136
  # @!attribute [rw] start
3141
3137
  # The start index of the substring, starting from 0.
3142
3138
  # @return [Integer]
3143
3139
  #
3140
+ # @!attribute [rw] length
3141
+ # The length of the substring.
3142
+ # @return [Integer]
3143
+ #
3144
3144
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Substring AWS API Documentation
3145
3145
  #
3146
3146
  class Substring < Struct.new(
3147
- :length,
3148
- :start)
3147
+ :start,
3148
+ :length)
3149
3149
  SENSITIVE = []
3150
3150
  include Aws::Structure
3151
3151
  end
@@ -3210,17 +3210,11 @@ module Aws::AccessAnalyzer
3210
3210
  # data as a hash:
3211
3211
  #
3212
3212
  # {
3213
- # all_regions: false,
3214
3213
  # cloud_trail_arn: "CloudTrailArn", # required
3215
3214
  # regions: ["String"],
3215
+ # all_regions: false,
3216
3216
  # }
3217
3217
  #
3218
- # @!attribute [rw] all_regions
3219
- # Possible values are `true` or `false`. If set to `true`, IAM Access
3220
- # Analyzer retrieves CloudTrail data from all regions to analyze and
3221
- # generate a policy.
3222
- # @return [Boolean]
3223
- #
3224
3218
  # @!attribute [rw] cloud_trail_arn
3225
3219
  # Specifies the ARN of the trail. The format of a trail ARN is
3226
3220
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
@@ -3231,12 +3225,18 @@ module Aws::AccessAnalyzer
3231
3225
  # generate a policy.
3232
3226
  # @return [Array<String>]
3233
3227
  #
3228
+ # @!attribute [rw] all_regions
3229
+ # Possible values are `true` or `false`. If set to `true`, IAM Access
3230
+ # Analyzer retrieves CloudTrail data from all regions to analyze and
3231
+ # generate a policy.
3232
+ # @return [Boolean]
3233
+ #
3234
3234
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Trail AWS API Documentation
3235
3235
  #
3236
3236
  class Trail < Struct.new(
3237
- :all_regions,
3238
3237
  :cloud_trail_arn,
3239
- :regions)
3238
+ :regions,
3239
+ :all_regions)
3240
3240
  SENSITIVE = []
3241
3241
  include Aws::Structure
3242
3242
  end
@@ -3244,12 +3244,6 @@ module Aws::AccessAnalyzer
3244
3244
  # Contains details about the CloudTrail trail being analyzed to generate
3245
3245
  # a policy.
3246
3246
  #
3247
- # @!attribute [rw] all_regions
3248
- # Possible values are `true` or `false`. If set to `true`, IAM Access
3249
- # Analyzer retrieves CloudTrail data from all regions to analyze and
3250
- # generate a policy.
3251
- # @return [Boolean]
3252
- #
3253
3247
  # @!attribute [rw] cloud_trail_arn
3254
3248
  # Specifies the ARN of the trail. The format of a trail ARN is
3255
3249
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
@@ -3260,12 +3254,18 @@ module Aws::AccessAnalyzer
3260
3254
  # generate a policy.
3261
3255
  # @return [Array<String>]
3262
3256
  #
3257
+ # @!attribute [rw] all_regions
3258
+ # Possible values are `true` or `false`. If set to `true`, IAM Access
3259
+ # Analyzer retrieves CloudTrail data from all regions to analyze and
3260
+ # generate a policy.
3261
+ # @return [Boolean]
3262
+ #
3263
3263
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/TrailProperties AWS API Documentation
3264
3264
  #
3265
3265
  class TrailProperties < Struct.new(
3266
- :all_regions,
3267
3266
  :cloud_trail_arn,
3268
- :regions)
3267
+ :regions,
3268
+ :all_regions)
3269
3269
  SENSITIVE = []
3270
3270
  include Aws::Structure
3271
3271
  end
@@ -3310,27 +3310,24 @@ module Aws::AccessAnalyzer
3310
3310
  #
3311
3311
  # {
3312
3312
  # analyzer_name: "Name", # required
3313
- # client_token: "String",
3313
+ # rule_name: "Name", # required
3314
3314
  # filter: { # required
3315
3315
  # "String" => {
3316
- # contains: ["String"],
3317
3316
  # eq: ["String"],
3318
- # exists: false,
3319
3317
  # neq: ["String"],
3318
+ # contains: ["String"],
3319
+ # exists: false,
3320
3320
  # },
3321
3321
  # },
3322
- # rule_name: "Name", # required
3322
+ # client_token: "String",
3323
3323
  # }
3324
3324
  #
3325
3325
  # @!attribute [rw] analyzer_name
3326
3326
  # The name of the analyzer to update the archive rules for.
3327
3327
  # @return [String]
3328
3328
  #
3329
- # @!attribute [rw] client_token
3330
- # A client token.
3331
- #
3332
- # **A suitable default value is auto-generated.** You should normally
3333
- # not need to pass this option.
3329
+ # @!attribute [rw] rule_name
3330
+ # The name of the rule to update.
3334
3331
  # @return [String]
3335
3332
  #
3336
3333
  # @!attribute [rw] filter
@@ -3338,17 +3335,20 @@ module Aws::AccessAnalyzer
3338
3335
  # filter are updated.
3339
3336
  # @return [Hash<String,Types::Criterion>]
3340
3337
  #
3341
- # @!attribute [rw] rule_name
3342
- # The name of the rule to update.
3338
+ # @!attribute [rw] client_token
3339
+ # A client token.
3340
+ #
3341
+ # **A suitable default value is auto-generated.** You should normally
3342
+ # not need to pass this option.
3343
3343
  # @return [String]
3344
3344
  #
3345
3345
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateArchiveRuleRequest AWS API Documentation
3346
3346
  #
3347
3347
  class UpdateArchiveRuleRequest < Struct.new(
3348
3348
  :analyzer_name,
3349
- :client_token,
3349
+ :rule_name,
3350
3350
  :filter,
3351
- :rule_name)
3351
+ :client_token)
3352
3352
  SENSITIVE = []
3353
3353
  include Aws::Structure
3354
3354
  end
@@ -3360,10 +3360,10 @@ module Aws::AccessAnalyzer
3360
3360
  #
3361
3361
  # {
3362
3362
  # analyzer_arn: "AnalyzerArn", # required
3363
- # client_token: "String",
3363
+ # status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
3364
3364
  # ids: ["FindingId"],
3365
3365
  # resource_arn: "ResourceArn",
3366
- # status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
3366
+ # client_token: "String",
3367
3367
  # }
3368
3368
  #
3369
3369
  # @!attribute [rw] analyzer_arn
@@ -3374,11 +3374,11 @@ module Aws::AccessAnalyzer
3374
3374
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
3375
3375
  # @return [String]
3376
3376
  #
3377
- # @!attribute [rw] client_token
3378
- # A client token.
3379
- #
3380
- # **A suitable default value is auto-generated.** You should normally
3381
- # not need to pass this option.
3377
+ # @!attribute [rw] status
3378
+ # The state represents the action to take to update the finding
3379
+ # Status. Use `ARCHIVE` to change an Active finding to an Archived
3380
+ # finding. Use `ACTIVE` to change an Archived finding to an Active
3381
+ # finding.
3382
3382
  # @return [String]
3383
3383
  #
3384
3384
  # @!attribute [rw] ids
@@ -3389,21 +3389,21 @@ module Aws::AccessAnalyzer
3389
3389
  # The ARN of the resource identified in the finding.
3390
3390
  # @return [String]
3391
3391
  #
3392
- # @!attribute [rw] status
3393
- # The state represents the action to take to update the finding
3394
- # Status. Use `ARCHIVE` to change an Active finding to an Archived
3395
- # finding. Use `ACTIVE` to change an Archived finding to an Active
3396
- # finding.
3392
+ # @!attribute [rw] client_token
3393
+ # A client token.
3394
+ #
3395
+ # **A suitable default value is auto-generated.** You should normally
3396
+ # not need to pass this option.
3397
3397
  # @return [String]
3398
3398
  #
3399
3399
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateFindingsRequest AWS API Documentation
3400
3400
  #
3401
3401
  class UpdateFindingsRequest < Struct.new(
3402
3402
  :analyzer_arn,
3403
- :client_token,
3403
+ :status,
3404
3404
  :ids,
3405
3405
  :resource_arn,
3406
- :status)
3406
+ :client_token)
3407
3407
  SENSITIVE = []
3408
3408
  include Aws::Structure
3409
3409
  end
@@ -3467,7 +3467,7 @@ module Aws::AccessAnalyzer
3467
3467
  # next_token: "Token",
3468
3468
  # policy_document: "PolicyDocument", # required
3469
3469
  # policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
3470
- # validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
3470
+ # validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
3471
3471
  # }
3472
3472
  #
3473
3473
  # @!attribute [rw] locale
@@ -3548,10 +3548,6 @@ module Aws::AccessAnalyzer
3548
3548
 
3549
3549
  # Validation exception error.
3550
3550
  #
3551
- # @!attribute [rw] field_list
3552
- # A list of fields that didn't validate.
3553
- # @return [Array<Types::ValidationExceptionField>]
3554
- #
3555
3551
  # @!attribute [rw] message
3556
3552
  # @return [String]
3557
3553
  #
@@ -3559,31 +3555,35 @@ module Aws::AccessAnalyzer
3559
3555
  # The reason for the exception.
3560
3556
  # @return [String]
3561
3557
  #
3558
+ # @!attribute [rw] field_list
3559
+ # A list of fields that didn't validate.
3560
+ # @return [Array<Types::ValidationExceptionField>]
3561
+ #
3562
3562
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidationException AWS API Documentation
3563
3563
  #
3564
3564
  class ValidationException < Struct.new(
3565
- :field_list,
3566
3565
  :message,
3567
- :reason)
3566
+ :reason,
3567
+ :field_list)
3568
3568
  SENSITIVE = []
3569
3569
  include Aws::Structure
3570
3570
  end
3571
3571
 
3572
3572
  # Contains information about a validation exception.
3573
3573
  #
3574
- # @!attribute [rw] message
3575
- # A message about the validation exception.
3576
- # @return [String]
3577
- #
3578
3574
  # @!attribute [rw] name
3579
3575
  # The name of the validation exception.
3580
3576
  # @return [String]
3581
3577
  #
3578
+ # @!attribute [rw] message
3579
+ # A message about the validation exception.
3580
+ # @return [String]
3581
+ #
3582
3582
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidationExceptionField AWS API Documentation
3583
3583
  #
3584
3584
  class ValidationExceptionField < Struct.new(
3585
- :message,
3586
- :name)
3585
+ :name,
3586
+ :message)
3587
3587
  SENSITIVE = []
3588
3588
  include Aws::Structure
3589
3589
  end