aws-sdk-accessanalyzer 1.29.0 → 1.31.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +321 -252
- data/lib/aws-sdk-accessanalyzer/client_api.rb +188 -101
- data/lib/aws-sdk-accessanalyzer/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-accessanalyzer/endpoint_provider.rb +112 -0
- data/lib/aws-sdk-accessanalyzer/endpoints.rb +407 -0
- data/lib/aws-sdk-accessanalyzer/errors.rb +5 -5
- data/lib/aws-sdk-accessanalyzer/plugins/endpoints.rb +124 -0
- data/lib/aws-sdk-accessanalyzer/types.rb +1141 -665
- data/lib/aws-sdk-accessanalyzer.rb +5 -1
- metadata +8 -4
|
@@ -30,7 +30,7 @@ require 'aws-sdk-core/plugins/http_checksum.rb'
|
|
|
30
30
|
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
|
31
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
|
32
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
|
33
|
-
require 'aws-sdk-core/plugins/
|
|
33
|
+
require 'aws-sdk-core/plugins/sign.rb'
|
|
34
34
|
require 'aws-sdk-core/plugins/protocols/rest_json.rb'
|
|
35
35
|
|
|
36
36
|
Aws::Plugins::GlobalConfiguration.add_identifier(:accessanalyzer)
|
|
@@ -79,8 +79,9 @@ module Aws::AccessAnalyzer
|
|
|
79
79
|
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
|
80
80
|
add_plugin(Aws::Plugins::DefaultsMode)
|
|
81
81
|
add_plugin(Aws::Plugins::RecursionDetection)
|
|
82
|
-
add_plugin(Aws::Plugins::
|
|
82
|
+
add_plugin(Aws::Plugins::Sign)
|
|
83
83
|
add_plugin(Aws::Plugins::Protocols::RestJson)
|
|
84
|
+
add_plugin(Aws::AccessAnalyzer::Plugins::Endpoints)
|
|
84
85
|
|
|
85
86
|
# @overload initialize(options)
|
|
86
87
|
# @param [Hash] options
|
|
@@ -287,6 +288,19 @@ module Aws::AccessAnalyzer
|
|
|
287
288
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
|
288
289
|
# requests are made, and retries are disabled.
|
|
289
290
|
#
|
|
291
|
+
# @option options [Aws::TokenProvider] :token_provider
|
|
292
|
+
# A Bearer Token Provider. This can be an instance of any one of the
|
|
293
|
+
# following classes:
|
|
294
|
+
#
|
|
295
|
+
# * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
|
|
296
|
+
# tokens.
|
|
297
|
+
#
|
|
298
|
+
# * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
|
|
299
|
+
# access token generated from `aws login`.
|
|
300
|
+
#
|
|
301
|
+
# When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
|
|
302
|
+
# will be used to search for tokens configured for your profile in shared configuration files.
|
|
303
|
+
#
|
|
290
304
|
# @option options [Boolean] :use_dualstack_endpoint
|
|
291
305
|
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
|
292
306
|
# will be used if available.
|
|
@@ -300,6 +314,9 @@ module Aws::AccessAnalyzer
|
|
|
300
314
|
# When `true`, request parameters are validated before
|
|
301
315
|
# sending the request.
|
|
302
316
|
#
|
|
317
|
+
# @option options [Aws::AccessAnalyzer::EndpointProvider] :endpoint_provider
|
|
318
|
+
# The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::AccessAnalyzer::EndpointParameters`
|
|
319
|
+
#
|
|
303
320
|
# @option options [URI::HTTP,String] :http_proxy A proxy to send
|
|
304
321
|
# requests through. Formatted like 'http://proxy.com:123'.
|
|
305
322
|
#
|
|
@@ -357,23 +374,23 @@ module Aws::AccessAnalyzer
|
|
|
357
374
|
# @option params [required, String] :analyzer_arn
|
|
358
375
|
# The Amazon resource name (ARN) of the analyzer.
|
|
359
376
|
#
|
|
377
|
+
# @option params [required, String] :rule_name
|
|
378
|
+
# The name of the rule to apply.
|
|
379
|
+
#
|
|
360
380
|
# @option params [String] :client_token
|
|
361
381
|
# A client token.
|
|
362
382
|
#
|
|
363
383
|
# **A suitable default value is auto-generated.** You should normally
|
|
364
384
|
# not need to pass this option.**
|
|
365
385
|
#
|
|
366
|
-
# @option params [required, String] :rule_name
|
|
367
|
-
# The name of the rule to apply.
|
|
368
|
-
#
|
|
369
386
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
370
387
|
#
|
|
371
388
|
# @example Request syntax with placeholder values
|
|
372
389
|
#
|
|
373
390
|
# resp = client.apply_archive_rule({
|
|
374
391
|
# analyzer_arn: "AnalyzerArn", # required
|
|
375
|
-
# client_token: "String",
|
|
376
392
|
# rule_name: "Name", # required
|
|
393
|
+
# client_token: "String",
|
|
377
394
|
# })
|
|
378
395
|
#
|
|
379
396
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ApplyArchiveRule AWS API Documentation
|
|
@@ -423,12 +440,6 @@ module Aws::AccessAnalyzer
|
|
|
423
440
|
#
|
|
424
441
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
|
425
442
|
#
|
|
426
|
-
# @option params [String] :client_token
|
|
427
|
-
# A client token.
|
|
428
|
-
#
|
|
429
|
-
# **A suitable default value is auto-generated.** You should normally
|
|
430
|
-
# not need to pass this option.**
|
|
431
|
-
#
|
|
432
443
|
# @option params [required, Hash<String,Types::Configuration>] :configurations
|
|
433
444
|
# Access control configuration for your resource that is used to
|
|
434
445
|
# generate the access preview. The access preview includes findings for
|
|
@@ -436,6 +447,12 @@ module Aws::AccessAnalyzer
|
|
|
436
447
|
# control configuration. The configuration must contain exactly one
|
|
437
448
|
# element.
|
|
438
449
|
#
|
|
450
|
+
# @option params [String] :client_token
|
|
451
|
+
# A client token.
|
|
452
|
+
#
|
|
453
|
+
# **A suitable default value is auto-generated.** You should normally
|
|
454
|
+
# not need to pass this option.**
|
|
455
|
+
#
|
|
439
456
|
# @return [Types::CreateAccessPreviewResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
440
457
|
#
|
|
441
458
|
# * {Types::CreateAccessPreviewResponse#id #id} => String
|
|
@@ -444,15 +461,31 @@ module Aws::AccessAnalyzer
|
|
|
444
461
|
#
|
|
445
462
|
# resp = client.create_access_preview({
|
|
446
463
|
# analyzer_arn: "AnalyzerArn", # required
|
|
447
|
-
# client_token: "String",
|
|
448
464
|
# configurations: { # required
|
|
449
465
|
# "ConfigurationsMapKey" => {
|
|
466
|
+
# ebs_snapshot: {
|
|
467
|
+
# user_ids: ["EbsUserId"],
|
|
468
|
+
# groups: ["EbsGroup"],
|
|
469
|
+
# kms_key_id: "EbsSnapshotDataEncryptionKeyId",
|
|
470
|
+
# },
|
|
471
|
+
# ecr_repository: {
|
|
472
|
+
# repository_policy: "EcrRepositoryPolicy",
|
|
473
|
+
# },
|
|
450
474
|
# iam_role: {
|
|
451
475
|
# trust_policy: "IamTrustPolicy",
|
|
452
476
|
# },
|
|
477
|
+
# efs_file_system: {
|
|
478
|
+
# file_system_policy: "EfsFileSystemPolicy",
|
|
479
|
+
# },
|
|
453
480
|
# kms_key: {
|
|
481
|
+
# key_policies: {
|
|
482
|
+
# "PolicyName" => "KmsKeyPolicy",
|
|
483
|
+
# },
|
|
454
484
|
# grants: [
|
|
455
485
|
# {
|
|
486
|
+
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
|
487
|
+
# grantee_principal: "GranteePrincipal", # required
|
|
488
|
+
# retiring_principal: "RetiringPrincipal",
|
|
456
489
|
# constraints: {
|
|
457
490
|
# encryption_context_equals: {
|
|
458
491
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
|
@@ -461,57 +494,71 @@ module Aws::AccessAnalyzer
|
|
|
461
494
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
|
462
495
|
# },
|
|
463
496
|
# },
|
|
464
|
-
# grantee_principal: "GranteePrincipal", # required
|
|
465
497
|
# issuing_account: "IssuingAccount", # required
|
|
466
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
|
467
|
-
# retiring_principal: "RetiringPrincipal",
|
|
468
498
|
# },
|
|
469
499
|
# ],
|
|
470
|
-
#
|
|
471
|
-
#
|
|
500
|
+
# },
|
|
501
|
+
# rds_db_cluster_snapshot: {
|
|
502
|
+
# attributes: {
|
|
503
|
+
# "RdsDbClusterSnapshotAttributeName" => {
|
|
504
|
+
# account_ids: ["RdsDbClusterSnapshotAccountId"],
|
|
505
|
+
# },
|
|
472
506
|
# },
|
|
507
|
+
# kms_key_id: "RdsDbClusterSnapshotKmsKeyId",
|
|
473
508
|
# },
|
|
474
|
-
#
|
|
475
|
-
#
|
|
476
|
-
# "
|
|
477
|
-
#
|
|
478
|
-
# network_origin: {
|
|
479
|
-
# internet_configuration: {
|
|
480
|
-
# },
|
|
481
|
-
# vpc_configuration: {
|
|
482
|
-
# vpc_id: "VpcId", # required
|
|
483
|
-
# },
|
|
484
|
-
# },
|
|
485
|
-
# public_access_block: {
|
|
486
|
-
# ignore_public_acls: false, # required
|
|
487
|
-
# restrict_public_buckets: false, # required
|
|
488
|
-
# },
|
|
509
|
+
# rds_db_snapshot: {
|
|
510
|
+
# attributes: {
|
|
511
|
+
# "RdsDbSnapshotAttributeName" => {
|
|
512
|
+
# account_ids: ["RdsDbSnapshotAccountId"],
|
|
489
513
|
# },
|
|
490
514
|
# },
|
|
515
|
+
# kms_key_id: "RdsDbSnapshotKmsKeyId",
|
|
516
|
+
# },
|
|
517
|
+
# secrets_manager_secret: {
|
|
518
|
+
# kms_key_id: "SecretsManagerSecretKmsId",
|
|
519
|
+
# secret_policy: "SecretsManagerSecretPolicy",
|
|
520
|
+
# },
|
|
521
|
+
# s3_bucket: {
|
|
522
|
+
# bucket_policy: "S3BucketPolicy",
|
|
491
523
|
# bucket_acl_grants: [
|
|
492
524
|
# {
|
|
525
|
+
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
|
493
526
|
# grantee: { # required
|
|
494
527
|
# id: "AclCanonicalId",
|
|
495
528
|
# uri: "AclUri",
|
|
496
529
|
# },
|
|
497
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
|
498
530
|
# },
|
|
499
531
|
# ],
|
|
500
|
-
# bucket_policy: "S3BucketPolicy",
|
|
501
532
|
# bucket_public_access_block: {
|
|
502
533
|
# ignore_public_acls: false, # required
|
|
503
534
|
# restrict_public_buckets: false, # required
|
|
504
535
|
# },
|
|
536
|
+
# access_points: {
|
|
537
|
+
# "AccessPointArn" => {
|
|
538
|
+
# access_point_policy: "AccessPointPolicy",
|
|
539
|
+
# public_access_block: {
|
|
540
|
+
# ignore_public_acls: false, # required
|
|
541
|
+
# restrict_public_buckets: false, # required
|
|
542
|
+
# },
|
|
543
|
+
# network_origin: {
|
|
544
|
+
# vpc_configuration: {
|
|
545
|
+
# vpc_id: "VpcId", # required
|
|
546
|
+
# },
|
|
547
|
+
# internet_configuration: {
|
|
548
|
+
# },
|
|
549
|
+
# },
|
|
550
|
+
# },
|
|
551
|
+
# },
|
|
505
552
|
# },
|
|
506
|
-
#
|
|
507
|
-
#
|
|
508
|
-
# secret_policy: "SecretsManagerSecretPolicy",
|
|
553
|
+
# sns_topic: {
|
|
554
|
+
# topic_policy: "SnsTopicPolicy",
|
|
509
555
|
# },
|
|
510
556
|
# sqs_queue: {
|
|
511
557
|
# queue_policy: "SqsQueuePolicy",
|
|
512
558
|
# },
|
|
513
559
|
# },
|
|
514
560
|
# },
|
|
561
|
+
# client_token: "String",
|
|
515
562
|
# })
|
|
516
563
|
#
|
|
517
564
|
# @example Response structure
|
|
@@ -532,26 +579,26 @@ module Aws::AccessAnalyzer
|
|
|
532
579
|
# @option params [required, String] :analyzer_name
|
|
533
580
|
# The name of the analyzer to create.
|
|
534
581
|
#
|
|
582
|
+
# @option params [required, String] :type
|
|
583
|
+
# The type of analyzer to create. Only ACCOUNT and ORGANIZATION
|
|
584
|
+
# analyzers are supported. You can create only one analyzer per account
|
|
585
|
+
# per Region. You can create up to 5 analyzers per organization per
|
|
586
|
+
# Region.
|
|
587
|
+
#
|
|
535
588
|
# @option params [Array<Types::InlineArchiveRule>] :archive_rules
|
|
536
589
|
# Specifies the archive rules to add for the analyzer. Archive rules
|
|
537
590
|
# automatically archive findings that meet the criteria you define for
|
|
538
591
|
# the rule.
|
|
539
592
|
#
|
|
593
|
+
# @option params [Hash<String,String>] :tags
|
|
594
|
+
# The tags to apply to the analyzer.
|
|
595
|
+
#
|
|
540
596
|
# @option params [String] :client_token
|
|
541
597
|
# A client token.
|
|
542
598
|
#
|
|
543
599
|
# **A suitable default value is auto-generated.** You should normally
|
|
544
600
|
# not need to pass this option.**
|
|
545
601
|
#
|
|
546
|
-
# @option params [Hash<String,String>] :tags
|
|
547
|
-
# The tags to apply to the analyzer.
|
|
548
|
-
#
|
|
549
|
-
# @option params [required, String] :type
|
|
550
|
-
# The type of analyzer to create. Only ACCOUNT and ORGANIZATION
|
|
551
|
-
# analyzers are supported. You can create only one analyzer per account
|
|
552
|
-
# per Region. You can create up to 5 analyzers per organization per
|
|
553
|
-
# Region.
|
|
554
|
-
#
|
|
555
602
|
# @return [Types::CreateAnalyzerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
556
603
|
#
|
|
557
604
|
# * {Types::CreateAnalyzerResponse#arn #arn} => String
|
|
@@ -560,24 +607,24 @@ module Aws::AccessAnalyzer
|
|
|
560
607
|
#
|
|
561
608
|
# resp = client.create_analyzer({
|
|
562
609
|
# analyzer_name: "Name", # required
|
|
610
|
+
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
|
|
563
611
|
# archive_rules: [
|
|
564
612
|
# {
|
|
613
|
+
# rule_name: "Name", # required
|
|
565
614
|
# filter: { # required
|
|
566
615
|
# "String" => {
|
|
567
|
-
# contains: ["String"],
|
|
568
616
|
# eq: ["String"],
|
|
569
|
-
# exists: false,
|
|
570
617
|
# neq: ["String"],
|
|
618
|
+
# contains: ["String"],
|
|
619
|
+
# exists: false,
|
|
571
620
|
# },
|
|
572
621
|
# },
|
|
573
|
-
# rule_name: "Name", # required
|
|
574
622
|
# },
|
|
575
623
|
# ],
|
|
576
|
-
# client_token: "String",
|
|
577
624
|
# tags: {
|
|
578
625
|
# "String" => "String",
|
|
579
626
|
# },
|
|
580
|
-
#
|
|
627
|
+
# client_token: "String",
|
|
581
628
|
# })
|
|
582
629
|
#
|
|
583
630
|
# @example Response structure
|
|
@@ -607,34 +654,34 @@ module Aws::AccessAnalyzer
|
|
|
607
654
|
# @option params [required, String] :analyzer_name
|
|
608
655
|
# The name of the created analyzer.
|
|
609
656
|
#
|
|
657
|
+
# @option params [required, String] :rule_name
|
|
658
|
+
# The name of the rule to create.
|
|
659
|
+
#
|
|
660
|
+
# @option params [required, Hash<String,Types::Criterion>] :filter
|
|
661
|
+
# The criteria for the rule.
|
|
662
|
+
#
|
|
610
663
|
# @option params [String] :client_token
|
|
611
664
|
# A client token.
|
|
612
665
|
#
|
|
613
666
|
# **A suitable default value is auto-generated.** You should normally
|
|
614
667
|
# not need to pass this option.**
|
|
615
668
|
#
|
|
616
|
-
# @option params [required, Hash<String,Types::Criterion>] :filter
|
|
617
|
-
# The criteria for the rule.
|
|
618
|
-
#
|
|
619
|
-
# @option params [required, String] :rule_name
|
|
620
|
-
# The name of the rule to create.
|
|
621
|
-
#
|
|
622
669
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
623
670
|
#
|
|
624
671
|
# @example Request syntax with placeholder values
|
|
625
672
|
#
|
|
626
673
|
# resp = client.create_archive_rule({
|
|
627
674
|
# analyzer_name: "Name", # required
|
|
628
|
-
#
|
|
675
|
+
# rule_name: "Name", # required
|
|
629
676
|
# filter: { # required
|
|
630
677
|
# "String" => {
|
|
631
|
-
# contains: ["String"],
|
|
632
678
|
# eq: ["String"],
|
|
633
|
-
# exists: false,
|
|
634
679
|
# neq: ["String"],
|
|
680
|
+
# contains: ["String"],
|
|
681
|
+
# exists: false,
|
|
635
682
|
# },
|
|
636
683
|
# },
|
|
637
|
-
#
|
|
684
|
+
# client_token: "String",
|
|
638
685
|
# })
|
|
639
686
|
#
|
|
640
687
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateArchiveRule AWS API Documentation
|
|
@@ -684,23 +731,23 @@ module Aws::AccessAnalyzer
|
|
|
684
731
|
# The name of the analyzer that associated with the archive rule to
|
|
685
732
|
# delete.
|
|
686
733
|
#
|
|
734
|
+
# @option params [required, String] :rule_name
|
|
735
|
+
# The name of the rule to delete.
|
|
736
|
+
#
|
|
687
737
|
# @option params [String] :client_token
|
|
688
738
|
# A client token.
|
|
689
739
|
#
|
|
690
740
|
# **A suitable default value is auto-generated.** You should normally
|
|
691
741
|
# not need to pass this option.**
|
|
692
742
|
#
|
|
693
|
-
# @option params [required, String] :rule_name
|
|
694
|
-
# The name of the rule to delete.
|
|
695
|
-
#
|
|
696
743
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
697
744
|
#
|
|
698
745
|
# @example Request syntax with placeholder values
|
|
699
746
|
#
|
|
700
747
|
# resp = client.delete_archive_rule({
|
|
701
748
|
# analyzer_name: "Name", # required
|
|
702
|
-
# client_token: "String",
|
|
703
749
|
# rule_name: "Name", # required
|
|
750
|
+
# client_token: "String",
|
|
704
751
|
# })
|
|
705
752
|
#
|
|
706
753
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/DeleteArchiveRule AWS API Documentation
|
|
@@ -738,38 +785,54 @@ module Aws::AccessAnalyzer
|
|
|
738
785
|
#
|
|
739
786
|
# @example Response structure
|
|
740
787
|
#
|
|
788
|
+
# resp.access_preview.id #=> String
|
|
741
789
|
# resp.access_preview.analyzer_arn #=> String
|
|
742
790
|
# resp.access_preview.configurations #=> Hash
|
|
791
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].ebs_snapshot.user_ids #=> Array
|
|
792
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].ebs_snapshot.user_ids[0] #=> String
|
|
793
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].ebs_snapshot.groups #=> Array
|
|
794
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].ebs_snapshot.groups[0] #=> String
|
|
795
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].ebs_snapshot.kms_key_id #=> String
|
|
796
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].ecr_repository.repository_policy #=> String
|
|
743
797
|
# resp.access_preview.configurations["ConfigurationsMapKey"].iam_role.trust_policy #=> String
|
|
798
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].efs_file_system.file_system_policy #=> String
|
|
799
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies #=> Hash
|
|
800
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies["PolicyName"] #=> String
|
|
744
801
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants #=> Array
|
|
802
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations #=> Array
|
|
803
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations[0] #=> String, one of "CreateGrant", "Decrypt", "DescribeKey", "Encrypt", "GenerateDataKey", "GenerateDataKeyPair", "GenerateDataKeyPairWithoutPlaintext", "GenerateDataKeyWithoutPlaintext", "GetPublicKey", "ReEncryptFrom", "ReEncryptTo", "RetireGrant", "Sign", "Verify"
|
|
804
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].grantee_principal #=> String
|
|
805
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].retiring_principal #=> String
|
|
745
806
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_equals #=> Hash
|
|
746
807
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_equals["KmsConstraintsKey"] #=> String
|
|
747
808
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_subset #=> Hash
|
|
748
809
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_subset["KmsConstraintsKey"] #=> String
|
|
749
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].grantee_principal #=> String
|
|
750
810
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].issuing_account #=> String
|
|
751
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
752
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
753
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
754
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
755
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
756
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
757
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
758
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
759
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
760
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
811
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_cluster_snapshot.attributes #=> Hash
|
|
812
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_cluster_snapshot.attributes["RdsDbClusterSnapshotAttributeName"].account_ids #=> Array
|
|
813
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_cluster_snapshot.attributes["RdsDbClusterSnapshotAttributeName"].account_ids[0] #=> String
|
|
814
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_cluster_snapshot.kms_key_id #=> String
|
|
815
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_snapshot.attributes #=> Hash
|
|
816
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_snapshot.attributes["RdsDbSnapshotAttributeName"].account_ids #=> Array
|
|
817
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_snapshot.attributes["RdsDbSnapshotAttributeName"].account_ids[0] #=> String
|
|
818
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_snapshot.kms_key_id #=> String
|
|
819
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.kms_key_id #=> String
|
|
820
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.secret_policy #=> String
|
|
821
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_policy #=> String
|
|
761
822
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants #=> Array
|
|
823
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].permission #=> String, one of "READ", "WRITE", "READ_ACP", "WRITE_ACP", "FULL_CONTROL"
|
|
762
824
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].grantee.id #=> String
|
|
763
825
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].grantee.uri #=> String
|
|
764
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].permission #=> String, one of "READ", "WRITE", "READ_ACP", "WRITE_ACP", "FULL_CONTROL"
|
|
765
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_policy #=> String
|
|
766
826
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_public_access_block.ignore_public_acls #=> Boolean
|
|
767
827
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_public_access_block.restrict_public_buckets #=> Boolean
|
|
768
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
769
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
828
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points #=> Hash
|
|
829
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].access_point_policy #=> String
|
|
830
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.ignore_public_acls #=> Boolean
|
|
831
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.restrict_public_buckets #=> Boolean
|
|
832
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].network_origin.vpc_configuration.vpc_id #=> String
|
|
833
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].sns_topic.topic_policy #=> String
|
|
770
834
|
# resp.access_preview.configurations["ConfigurationsMapKey"].sqs_queue.queue_policy #=> String
|
|
771
835
|
# resp.access_preview.created_at #=> Time
|
|
772
|
-
# resp.access_preview.id #=> String
|
|
773
836
|
# resp.access_preview.status #=> String, one of "COMPLETED", "CREATING", "FAILED"
|
|
774
837
|
# resp.access_preview.status_reason.code #=> String, one of "INTERNAL_ERROR", "INVALID_CONFIGURATION"
|
|
775
838
|
#
|
|
@@ -807,19 +870,19 @@ module Aws::AccessAnalyzer
|
|
|
807
870
|
#
|
|
808
871
|
# @example Response structure
|
|
809
872
|
#
|
|
810
|
-
# resp.resource.
|
|
811
|
-
# resp.resource.
|
|
812
|
-
# resp.resource.analyzed_at #=> Time
|
|
873
|
+
# resp.resource.resource_arn #=> String
|
|
874
|
+
# resp.resource.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic"
|
|
813
875
|
# resp.resource.created_at #=> Time
|
|
814
|
-
# resp.resource.
|
|
876
|
+
# resp.resource.analyzed_at #=> Time
|
|
877
|
+
# resp.resource.updated_at #=> Time
|
|
815
878
|
# resp.resource.is_public #=> Boolean
|
|
816
|
-
# resp.resource.
|
|
817
|
-
# resp.resource.
|
|
818
|
-
# resp.resource.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
|
|
879
|
+
# resp.resource.actions #=> Array
|
|
880
|
+
# resp.resource.actions[0] #=> String
|
|
819
881
|
# resp.resource.shared_via #=> Array
|
|
820
882
|
# resp.resource.shared_via[0] #=> String
|
|
821
883
|
# resp.resource.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
|
822
|
-
# resp.resource.
|
|
884
|
+
# resp.resource.resource_owner_account #=> String
|
|
885
|
+
# resp.resource.error #=> String
|
|
823
886
|
#
|
|
824
887
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzedResource AWS API Documentation
|
|
825
888
|
#
|
|
@@ -848,15 +911,15 @@ module Aws::AccessAnalyzer
|
|
|
848
911
|
# @example Response structure
|
|
849
912
|
#
|
|
850
913
|
# resp.analyzer.arn #=> String
|
|
914
|
+
# resp.analyzer.name #=> String
|
|
915
|
+
# resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION"
|
|
851
916
|
# resp.analyzer.created_at #=> Time
|
|
852
917
|
# resp.analyzer.last_resource_analyzed #=> String
|
|
853
918
|
# resp.analyzer.last_resource_analyzed_at #=> Time
|
|
854
|
-
# resp.analyzer.name #=> String
|
|
855
|
-
# resp.analyzer.status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
|
856
|
-
# resp.analyzer.status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
|
857
919
|
# resp.analyzer.tags #=> Hash
|
|
858
920
|
# resp.analyzer.tags["String"] #=> String
|
|
859
|
-
# resp.analyzer.
|
|
921
|
+
# resp.analyzer.status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
|
922
|
+
# resp.analyzer.status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
|
860
923
|
#
|
|
861
924
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzer AWS API Documentation
|
|
862
925
|
#
|
|
@@ -895,16 +958,16 @@ module Aws::AccessAnalyzer
|
|
|
895
958
|
#
|
|
896
959
|
# @example Response structure
|
|
897
960
|
#
|
|
898
|
-
# resp.archive_rule.
|
|
961
|
+
# resp.archive_rule.rule_name #=> String
|
|
899
962
|
# resp.archive_rule.filter #=> Hash
|
|
900
|
-
# resp.archive_rule.filter["String"].contains #=> Array
|
|
901
|
-
# resp.archive_rule.filter["String"].contains[0] #=> String
|
|
902
963
|
# resp.archive_rule.filter["String"].eq #=> Array
|
|
903
964
|
# resp.archive_rule.filter["String"].eq[0] #=> String
|
|
904
|
-
# resp.archive_rule.filter["String"].exists #=> Boolean
|
|
905
965
|
# resp.archive_rule.filter["String"].neq #=> Array
|
|
906
966
|
# resp.archive_rule.filter["String"].neq[0] #=> String
|
|
907
|
-
# resp.archive_rule.
|
|
967
|
+
# resp.archive_rule.filter["String"].contains #=> Array
|
|
968
|
+
# resp.archive_rule.filter["String"].contains[0] #=> String
|
|
969
|
+
# resp.archive_rule.filter["String"].exists #=> Boolean
|
|
970
|
+
# resp.archive_rule.created_at #=> Time
|
|
908
971
|
# resp.archive_rule.updated_at #=> Time
|
|
909
972
|
#
|
|
910
973
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetArchiveRule AWS API Documentation
|
|
@@ -941,25 +1004,25 @@ module Aws::AccessAnalyzer
|
|
|
941
1004
|
#
|
|
942
1005
|
# @example Response structure
|
|
943
1006
|
#
|
|
1007
|
+
# resp.finding.id #=> String
|
|
1008
|
+
# resp.finding.principal #=> Hash
|
|
1009
|
+
# resp.finding.principal["String"] #=> String
|
|
944
1010
|
# resp.finding.action #=> Array
|
|
945
1011
|
# resp.finding.action[0] #=> String
|
|
946
|
-
# resp.finding.
|
|
1012
|
+
# resp.finding.resource #=> String
|
|
1013
|
+
# resp.finding.is_public #=> Boolean
|
|
1014
|
+
# resp.finding.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic"
|
|
947
1015
|
# resp.finding.condition #=> Hash
|
|
948
1016
|
# resp.finding.condition["String"] #=> String
|
|
949
1017
|
# resp.finding.created_at #=> Time
|
|
950
|
-
# resp.finding.
|
|
951
|
-
# resp.finding.
|
|
952
|
-
# resp.finding.
|
|
953
|
-
# resp.finding.principal #=> Hash
|
|
954
|
-
# resp.finding.principal["String"] #=> String
|
|
955
|
-
# resp.finding.resource #=> String
|
|
1018
|
+
# resp.finding.analyzed_at #=> Time
|
|
1019
|
+
# resp.finding.updated_at #=> Time
|
|
1020
|
+
# resp.finding.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
|
956
1021
|
# resp.finding.resource_owner_account #=> String
|
|
957
|
-
# resp.finding.
|
|
1022
|
+
# resp.finding.error #=> String
|
|
958
1023
|
# resp.finding.sources #=> Array
|
|
959
|
-
# resp.finding.sources[0].detail.access_point_arn #=> String
|
|
960
1024
|
# resp.finding.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
|
|
961
|
-
# resp.finding.
|
|
962
|
-
# resp.finding.updated_at #=> Time
|
|
1025
|
+
# resp.finding.sources[0].detail.access_point_arn #=> String
|
|
963
1026
|
#
|
|
964
1027
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFinding AWS API Documentation
|
|
965
1028
|
#
|
|
@@ -972,6 +1035,12 @@ module Aws::AccessAnalyzer
|
|
|
972
1035
|
|
|
973
1036
|
# Retrieves the policy that was generated using `StartPolicyGeneration`.
|
|
974
1037
|
#
|
|
1038
|
+
# @option params [required, String] :job_id
|
|
1039
|
+
# The `JobId` that is returned by the `StartPolicyGeneration` operation.
|
|
1040
|
+
# The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
|
|
1041
|
+
# generated policies or used with `CancelPolicyGeneration` to cancel the
|
|
1042
|
+
# policy generation request.
|
|
1043
|
+
#
|
|
975
1044
|
# @option params [Boolean] :include_resource_placeholders
|
|
976
1045
|
# The level of detail that you want to generate. You can specify whether
|
|
977
1046
|
# to generate policies with placeholders for resource ARNs for actions
|
|
@@ -989,44 +1058,38 @@ module Aws::AccessAnalyzer
|
|
|
989
1058
|
# services that have been used recently to create this service-level
|
|
990
1059
|
# template.
|
|
991
1060
|
#
|
|
992
|
-
# @option params [required, String] :job_id
|
|
993
|
-
# The `JobId` that is returned by the `StartPolicyGeneration` operation.
|
|
994
|
-
# The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
|
|
995
|
-
# generated policies or used with `CancelPolicyGeneration` to cancel the
|
|
996
|
-
# policy generation request.
|
|
997
|
-
#
|
|
998
1061
|
# @return [Types::GetGeneratedPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
999
1062
|
#
|
|
1000
|
-
# * {Types::GetGeneratedPolicyResponse#generated_policy_result #generated_policy_result} => Types::GeneratedPolicyResult
|
|
1001
1063
|
# * {Types::GetGeneratedPolicyResponse#job_details #job_details} => Types::JobDetails
|
|
1064
|
+
# * {Types::GetGeneratedPolicyResponse#generated_policy_result #generated_policy_result} => Types::GeneratedPolicyResult
|
|
1002
1065
|
#
|
|
1003
1066
|
# @example Request syntax with placeholder values
|
|
1004
1067
|
#
|
|
1005
1068
|
# resp = client.get_generated_policy({
|
|
1069
|
+
# job_id: "JobId", # required
|
|
1006
1070
|
# include_resource_placeholders: false,
|
|
1007
1071
|
# include_service_level_template: false,
|
|
1008
|
-
# job_id: "JobId", # required
|
|
1009
1072
|
# })
|
|
1010
1073
|
#
|
|
1011
1074
|
# @example Response structure
|
|
1012
1075
|
#
|
|
1013
|
-
# resp.
|
|
1014
|
-
# resp.
|
|
1015
|
-
# resp.
|
|
1016
|
-
# resp.
|
|
1076
|
+
# resp.job_details.job_id #=> String
|
|
1077
|
+
# resp.job_details.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
|
|
1078
|
+
# resp.job_details.started_on #=> Time
|
|
1079
|
+
# resp.job_details.completed_on #=> Time
|
|
1080
|
+
# resp.job_details.job_error.code #=> String, one of "AUTHORIZATION_ERROR", "RESOURCE_NOT_FOUND_ERROR", "SERVICE_QUOTA_EXCEEDED_ERROR", "SERVICE_ERROR"
|
|
1081
|
+
# resp.job_details.job_error.message #=> String
|
|
1082
|
+
# resp.generated_policy_result.properties.is_complete #=> Boolean
|
|
1083
|
+
# resp.generated_policy_result.properties.principal_arn #=> String
|
|
1017
1084
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties #=> Array
|
|
1018
|
-
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].all_regions #=> Boolean
|
|
1019
1085
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].cloud_trail_arn #=> String
|
|
1020
1086
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions #=> Array
|
|
1021
1087
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions[0] #=> String
|
|
1022
|
-
# resp.generated_policy_result.properties.
|
|
1023
|
-
# resp.generated_policy_result.properties.
|
|
1024
|
-
# resp.
|
|
1025
|
-
# resp.
|
|
1026
|
-
# resp.
|
|
1027
|
-
# resp.job_details.job_id #=> String
|
|
1028
|
-
# resp.job_details.started_on #=> Time
|
|
1029
|
-
# resp.job_details.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
|
|
1088
|
+
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].all_regions #=> Boolean
|
|
1089
|
+
# resp.generated_policy_result.properties.cloud_trail_properties.start_time #=> Time
|
|
1090
|
+
# resp.generated_policy_result.properties.cloud_trail_properties.end_time #=> Time
|
|
1091
|
+
# resp.generated_policy_result.generated_policies #=> Array
|
|
1092
|
+
# resp.generated_policy_result.generated_policies[0].policy #=> String
|
|
1030
1093
|
#
|
|
1031
1094
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicy AWS API Documentation
|
|
1032
1095
|
#
|
|
@@ -1053,12 +1116,12 @@ module Aws::AccessAnalyzer
|
|
|
1053
1116
|
# @option params [Hash<String,Types::Criterion>] :filter
|
|
1054
1117
|
# Criteria to filter the returned findings.
|
|
1055
1118
|
#
|
|
1056
|
-
# @option params [Integer] :max_results
|
|
1057
|
-
# The maximum number of results to return in the response.
|
|
1058
|
-
#
|
|
1059
1119
|
# @option params [String] :next_token
|
|
1060
1120
|
# A token used for pagination of results returned.
|
|
1061
1121
|
#
|
|
1122
|
+
# @option params [Integer] :max_results
|
|
1123
|
+
# The maximum number of results to return in the response.
|
|
1124
|
+
#
|
|
1062
1125
|
# @return [Types::ListAccessPreviewFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1063
1126
|
#
|
|
1064
1127
|
# * {Types::ListAccessPreviewFindingsResponse#findings #findings} => Array<Types::AccessPreviewFinding>
|
|
@@ -1073,39 +1136,39 @@ module Aws::AccessAnalyzer
|
|
|
1073
1136
|
# analyzer_arn: "AnalyzerArn", # required
|
|
1074
1137
|
# filter: {
|
|
1075
1138
|
# "String" => {
|
|
1076
|
-
# contains: ["String"],
|
|
1077
1139
|
# eq: ["String"],
|
|
1078
|
-
# exists: false,
|
|
1079
1140
|
# neq: ["String"],
|
|
1141
|
+
# contains: ["String"],
|
|
1142
|
+
# exists: false,
|
|
1080
1143
|
# },
|
|
1081
1144
|
# },
|
|
1082
|
-
# max_results: 1,
|
|
1083
1145
|
# next_token: "Token",
|
|
1146
|
+
# max_results: 1,
|
|
1084
1147
|
# })
|
|
1085
1148
|
#
|
|
1086
1149
|
# @example Response structure
|
|
1087
1150
|
#
|
|
1088
1151
|
# resp.findings #=> Array
|
|
1089
|
-
# resp.findings[0].
|
|
1090
|
-
# resp.findings[0].action[0] #=> String
|
|
1091
|
-
# resp.findings[0].change_type #=> String, one of "CHANGED", "NEW", "UNCHANGED"
|
|
1092
|
-
# resp.findings[0].condition #=> Hash
|
|
1093
|
-
# resp.findings[0].condition["String"] #=> String
|
|
1094
|
-
# resp.findings[0].created_at #=> Time
|
|
1095
|
-
# resp.findings[0].error #=> String
|
|
1152
|
+
# resp.findings[0].id #=> String
|
|
1096
1153
|
# resp.findings[0].existing_finding_id #=> String
|
|
1097
1154
|
# resp.findings[0].existing_finding_status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
|
1098
|
-
# resp.findings[0].id #=> String
|
|
1099
|
-
# resp.findings[0].is_public #=> Boolean
|
|
1100
1155
|
# resp.findings[0].principal #=> Hash
|
|
1101
1156
|
# resp.findings[0].principal["String"] #=> String
|
|
1157
|
+
# resp.findings[0].action #=> Array
|
|
1158
|
+
# resp.findings[0].action[0] #=> String
|
|
1159
|
+
# resp.findings[0].condition #=> Hash
|
|
1160
|
+
# resp.findings[0].condition["String"] #=> String
|
|
1102
1161
|
# resp.findings[0].resource #=> String
|
|
1162
|
+
# resp.findings[0].is_public #=> Boolean
|
|
1163
|
+
# resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic"
|
|
1164
|
+
# resp.findings[0].created_at #=> Time
|
|
1165
|
+
# resp.findings[0].change_type #=> String, one of "CHANGED", "NEW", "UNCHANGED"
|
|
1166
|
+
# resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
|
1103
1167
|
# resp.findings[0].resource_owner_account #=> String
|
|
1104
|
-
# resp.findings[0].
|
|
1168
|
+
# resp.findings[0].error #=> String
|
|
1105
1169
|
# resp.findings[0].sources #=> Array
|
|
1106
|
-
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
|
1107
1170
|
# resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
|
|
1108
|
-
# resp.findings[0].
|
|
1171
|
+
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
|
1109
1172
|
# resp.next_token #=> String
|
|
1110
1173
|
#
|
|
1111
1174
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindings AWS API Documentation
|
|
@@ -1126,12 +1189,12 @@ module Aws::AccessAnalyzer
|
|
|
1126
1189
|
#
|
|
1127
1190
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
|
1128
1191
|
#
|
|
1129
|
-
# @option params [Integer] :max_results
|
|
1130
|
-
# The maximum number of results to return in the response.
|
|
1131
|
-
#
|
|
1132
1192
|
# @option params [String] :next_token
|
|
1133
1193
|
# A token used for pagination of results returned.
|
|
1134
1194
|
#
|
|
1195
|
+
# @option params [Integer] :max_results
|
|
1196
|
+
# The maximum number of results to return in the response.
|
|
1197
|
+
#
|
|
1135
1198
|
# @return [Types::ListAccessPreviewsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1136
1199
|
#
|
|
1137
1200
|
# * {Types::ListAccessPreviewsResponse#access_previews #access_previews} => Array<Types::AccessPreviewSummary>
|
|
@@ -1143,16 +1206,16 @@ module Aws::AccessAnalyzer
|
|
|
1143
1206
|
#
|
|
1144
1207
|
# resp = client.list_access_previews({
|
|
1145
1208
|
# analyzer_arn: "AnalyzerArn", # required
|
|
1146
|
-
# max_results: 1,
|
|
1147
1209
|
# next_token: "Token",
|
|
1210
|
+
# max_results: 1,
|
|
1148
1211
|
# })
|
|
1149
1212
|
#
|
|
1150
1213
|
# @example Response structure
|
|
1151
1214
|
#
|
|
1152
1215
|
# resp.access_previews #=> Array
|
|
1216
|
+
# resp.access_previews[0].id #=> String
|
|
1153
1217
|
# resp.access_previews[0].analyzer_arn #=> String
|
|
1154
1218
|
# resp.access_previews[0].created_at #=> Time
|
|
1155
|
-
# resp.access_previews[0].id #=> String
|
|
1156
1219
|
# resp.access_previews[0].status #=> String, one of "COMPLETED", "CREATING", "FAILED"
|
|
1157
1220
|
# resp.access_previews[0].status_reason.code #=> String, one of "INTERNAL_ERROR", "INVALID_CONFIGURATION"
|
|
1158
1221
|
# resp.next_token #=> String
|
|
@@ -1177,14 +1240,14 @@ module Aws::AccessAnalyzer
|
|
|
1177
1240
|
#
|
|
1178
1241
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
|
1179
1242
|
#
|
|
1180
|
-
# @option params [
|
|
1181
|
-
# The
|
|
1243
|
+
# @option params [String] :resource_type
|
|
1244
|
+
# The type of resource.
|
|
1182
1245
|
#
|
|
1183
1246
|
# @option params [String] :next_token
|
|
1184
1247
|
# A token used for pagination of results returned.
|
|
1185
1248
|
#
|
|
1186
|
-
# @option params [
|
|
1187
|
-
# The
|
|
1249
|
+
# @option params [Integer] :max_results
|
|
1250
|
+
# The maximum number of results to return in the response.
|
|
1188
1251
|
#
|
|
1189
1252
|
# @return [Types::ListAnalyzedResourcesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1190
1253
|
#
|
|
@@ -1197,9 +1260,9 @@ module Aws::AccessAnalyzer
|
|
|
1197
1260
|
#
|
|
1198
1261
|
# resp = client.list_analyzed_resources({
|
|
1199
1262
|
# analyzer_arn: "AnalyzerArn", # required
|
|
1200
|
-
#
|
|
1263
|
+
# resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic
|
|
1201
1264
|
# next_token: "Token",
|
|
1202
|
-
#
|
|
1265
|
+
# max_results: 1,
|
|
1203
1266
|
# })
|
|
1204
1267
|
#
|
|
1205
1268
|
# @example Response structure
|
|
@@ -1207,7 +1270,7 @@ module Aws::AccessAnalyzer
|
|
|
1207
1270
|
# resp.analyzed_resources #=> Array
|
|
1208
1271
|
# resp.analyzed_resources[0].resource_arn #=> String
|
|
1209
1272
|
# resp.analyzed_resources[0].resource_owner_account #=> String
|
|
1210
|
-
# resp.analyzed_resources[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
|
|
1273
|
+
# resp.analyzed_resources[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic"
|
|
1211
1274
|
# resp.next_token #=> String
|
|
1212
1275
|
#
|
|
1213
1276
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResources AWS API Documentation
|
|
@@ -1221,12 +1284,12 @@ module Aws::AccessAnalyzer
|
|
|
1221
1284
|
|
|
1222
1285
|
# Retrieves a list of analyzers.
|
|
1223
1286
|
#
|
|
1224
|
-
# @option params [Integer] :max_results
|
|
1225
|
-
# The maximum number of results to return in the response.
|
|
1226
|
-
#
|
|
1227
1287
|
# @option params [String] :next_token
|
|
1228
1288
|
# A token used for pagination of results returned.
|
|
1229
1289
|
#
|
|
1290
|
+
# @option params [Integer] :max_results
|
|
1291
|
+
# The maximum number of results to return in the response.
|
|
1292
|
+
#
|
|
1230
1293
|
# @option params [String] :type
|
|
1231
1294
|
# The type of analyzer.
|
|
1232
1295
|
#
|
|
@@ -1240,8 +1303,8 @@ module Aws::AccessAnalyzer
|
|
|
1240
1303
|
# @example Request syntax with placeholder values
|
|
1241
1304
|
#
|
|
1242
1305
|
# resp = client.list_analyzers({
|
|
1243
|
-
# max_results: 1,
|
|
1244
1306
|
# next_token: "Token",
|
|
1307
|
+
# max_results: 1,
|
|
1245
1308
|
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
|
|
1246
1309
|
# })
|
|
1247
1310
|
#
|
|
@@ -1249,15 +1312,15 @@ module Aws::AccessAnalyzer
|
|
|
1249
1312
|
#
|
|
1250
1313
|
# resp.analyzers #=> Array
|
|
1251
1314
|
# resp.analyzers[0].arn #=> String
|
|
1315
|
+
# resp.analyzers[0].name #=> String
|
|
1316
|
+
# resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION"
|
|
1252
1317
|
# resp.analyzers[0].created_at #=> Time
|
|
1253
1318
|
# resp.analyzers[0].last_resource_analyzed #=> String
|
|
1254
1319
|
# resp.analyzers[0].last_resource_analyzed_at #=> Time
|
|
1255
|
-
# resp.analyzers[0].name #=> String
|
|
1256
|
-
# resp.analyzers[0].status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
|
1257
|
-
# resp.analyzers[0].status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
|
1258
1320
|
# resp.analyzers[0].tags #=> Hash
|
|
1259
1321
|
# resp.analyzers[0].tags["String"] #=> String
|
|
1260
|
-
# resp.analyzers[0].
|
|
1322
|
+
# resp.analyzers[0].status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
|
1323
|
+
# resp.analyzers[0].status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
|
1261
1324
|
# resp.next_token #=> String
|
|
1262
1325
|
#
|
|
1263
1326
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers AWS API Documentation
|
|
@@ -1274,12 +1337,12 @@ module Aws::AccessAnalyzer
|
|
|
1274
1337
|
# @option params [required, String] :analyzer_name
|
|
1275
1338
|
# The name of the analyzer to retrieve rules from.
|
|
1276
1339
|
#
|
|
1277
|
-
# @option params [Integer] :max_results
|
|
1278
|
-
# The maximum number of results to return in the request.
|
|
1279
|
-
#
|
|
1280
1340
|
# @option params [String] :next_token
|
|
1281
1341
|
# A token used for pagination of results returned.
|
|
1282
1342
|
#
|
|
1343
|
+
# @option params [Integer] :max_results
|
|
1344
|
+
# The maximum number of results to return in the request.
|
|
1345
|
+
#
|
|
1283
1346
|
# @return [Types::ListArchiveRulesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1284
1347
|
#
|
|
1285
1348
|
# * {Types::ListArchiveRulesResponse#archive_rules #archive_rules} => Array<Types::ArchiveRuleSummary>
|
|
@@ -1291,23 +1354,23 @@ module Aws::AccessAnalyzer
|
|
|
1291
1354
|
#
|
|
1292
1355
|
# resp = client.list_archive_rules({
|
|
1293
1356
|
# analyzer_name: "Name", # required
|
|
1294
|
-
# max_results: 1,
|
|
1295
1357
|
# next_token: "Token",
|
|
1358
|
+
# max_results: 1,
|
|
1296
1359
|
# })
|
|
1297
1360
|
#
|
|
1298
1361
|
# @example Response structure
|
|
1299
1362
|
#
|
|
1300
1363
|
# resp.archive_rules #=> Array
|
|
1301
|
-
# resp.archive_rules[0].
|
|
1364
|
+
# resp.archive_rules[0].rule_name #=> String
|
|
1302
1365
|
# resp.archive_rules[0].filter #=> Hash
|
|
1303
|
-
# resp.archive_rules[0].filter["String"].contains #=> Array
|
|
1304
|
-
# resp.archive_rules[0].filter["String"].contains[0] #=> String
|
|
1305
1366
|
# resp.archive_rules[0].filter["String"].eq #=> Array
|
|
1306
1367
|
# resp.archive_rules[0].filter["String"].eq[0] #=> String
|
|
1307
|
-
# resp.archive_rules[0].filter["String"].exists #=> Boolean
|
|
1308
1368
|
# resp.archive_rules[0].filter["String"].neq #=> Array
|
|
1309
1369
|
# resp.archive_rules[0].filter["String"].neq[0] #=> String
|
|
1310
|
-
# resp.archive_rules[0].
|
|
1370
|
+
# resp.archive_rules[0].filter["String"].contains #=> Array
|
|
1371
|
+
# resp.archive_rules[0].filter["String"].contains[0] #=> String
|
|
1372
|
+
# resp.archive_rules[0].filter["String"].exists #=> Boolean
|
|
1373
|
+
# resp.archive_rules[0].created_at #=> Time
|
|
1311
1374
|
# resp.archive_rules[0].updated_at #=> Time
|
|
1312
1375
|
# resp.next_token #=> String
|
|
1313
1376
|
#
|
|
@@ -1340,14 +1403,14 @@ module Aws::AccessAnalyzer
|
|
|
1340
1403
|
# @option params [Hash<String,Types::Criterion>] :filter
|
|
1341
1404
|
# A filter to match for the findings to return.
|
|
1342
1405
|
#
|
|
1343
|
-
# @option params [
|
|
1344
|
-
# The
|
|
1406
|
+
# @option params [Types::SortCriteria] :sort
|
|
1407
|
+
# The sort order for the findings returned.
|
|
1345
1408
|
#
|
|
1346
1409
|
# @option params [String] :next_token
|
|
1347
1410
|
# A token used for pagination of results returned.
|
|
1348
1411
|
#
|
|
1349
|
-
# @option params [
|
|
1350
|
-
# The
|
|
1412
|
+
# @option params [Integer] :max_results
|
|
1413
|
+
# The maximum number of results to return in the response.
|
|
1351
1414
|
#
|
|
1352
1415
|
# @return [Types::ListFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1353
1416
|
#
|
|
@@ -1362,42 +1425,42 @@ module Aws::AccessAnalyzer
|
|
|
1362
1425
|
# analyzer_arn: "AnalyzerArn", # required
|
|
1363
1426
|
# filter: {
|
|
1364
1427
|
# "String" => {
|
|
1365
|
-
# contains: ["String"],
|
|
1366
1428
|
# eq: ["String"],
|
|
1367
|
-
# exists: false,
|
|
1368
1429
|
# neq: ["String"],
|
|
1430
|
+
# contains: ["String"],
|
|
1431
|
+
# exists: false,
|
|
1369
1432
|
# },
|
|
1370
1433
|
# },
|
|
1371
|
-
# max_results: 1,
|
|
1372
|
-
# next_token: "Token",
|
|
1373
1434
|
# sort: {
|
|
1374
1435
|
# attribute_name: "String",
|
|
1375
1436
|
# order_by: "ASC", # accepts ASC, DESC
|
|
1376
1437
|
# },
|
|
1438
|
+
# next_token: "Token",
|
|
1439
|
+
# max_results: 1,
|
|
1377
1440
|
# })
|
|
1378
1441
|
#
|
|
1379
1442
|
# @example Response structure
|
|
1380
1443
|
#
|
|
1381
1444
|
# resp.findings #=> Array
|
|
1445
|
+
# resp.findings[0].id #=> String
|
|
1446
|
+
# resp.findings[0].principal #=> Hash
|
|
1447
|
+
# resp.findings[0].principal["String"] #=> String
|
|
1382
1448
|
# resp.findings[0].action #=> Array
|
|
1383
1449
|
# resp.findings[0].action[0] #=> String
|
|
1384
|
-
# resp.findings[0].
|
|
1450
|
+
# resp.findings[0].resource #=> String
|
|
1451
|
+
# resp.findings[0].is_public #=> Boolean
|
|
1452
|
+
# resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic"
|
|
1385
1453
|
# resp.findings[0].condition #=> Hash
|
|
1386
1454
|
# resp.findings[0].condition["String"] #=> String
|
|
1387
1455
|
# resp.findings[0].created_at #=> Time
|
|
1388
|
-
# resp.findings[0].
|
|
1389
|
-
# resp.findings[0].
|
|
1390
|
-
# resp.findings[0].
|
|
1391
|
-
# resp.findings[0].principal #=> Hash
|
|
1392
|
-
# resp.findings[0].principal["String"] #=> String
|
|
1393
|
-
# resp.findings[0].resource #=> String
|
|
1456
|
+
# resp.findings[0].analyzed_at #=> Time
|
|
1457
|
+
# resp.findings[0].updated_at #=> Time
|
|
1458
|
+
# resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
|
1394
1459
|
# resp.findings[0].resource_owner_account #=> String
|
|
1395
|
-
# resp.findings[0].
|
|
1460
|
+
# resp.findings[0].error #=> String
|
|
1396
1461
|
# resp.findings[0].sources #=> Array
|
|
1397
|
-
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
|
1398
1462
|
# resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
|
|
1399
|
-
# resp.findings[0].
|
|
1400
|
-
# resp.findings[0].updated_at #=> Time
|
|
1463
|
+
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
|
1401
1464
|
# resp.next_token #=> String
|
|
1402
1465
|
#
|
|
1403
1466
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindings AWS API Documentation
|
|
@@ -1411,41 +1474,41 @@ module Aws::AccessAnalyzer
|
|
|
1411
1474
|
|
|
1412
1475
|
# Lists all of the policy generations requested in the last seven days.
|
|
1413
1476
|
#
|
|
1477
|
+
# @option params [String] :principal_arn
|
|
1478
|
+
# The ARN of the IAM entity (user or role) for which you are generating
|
|
1479
|
+
# a policy. Use this with `ListGeneratedPolicies` to filter the results
|
|
1480
|
+
# to only include results for a specific principal.
|
|
1481
|
+
#
|
|
1414
1482
|
# @option params [Integer] :max_results
|
|
1415
1483
|
# The maximum number of results to return in the response.
|
|
1416
1484
|
#
|
|
1417
1485
|
# @option params [String] :next_token
|
|
1418
1486
|
# A token used for pagination of results returned.
|
|
1419
1487
|
#
|
|
1420
|
-
# @option params [String] :principal_arn
|
|
1421
|
-
# The ARN of the IAM entity (user or role) for which you are generating
|
|
1422
|
-
# a policy. Use this with `ListGeneratedPolicies` to filter the results
|
|
1423
|
-
# to only include results for a specific principal.
|
|
1424
|
-
#
|
|
1425
1488
|
# @return [Types::ListPolicyGenerationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1426
1489
|
#
|
|
1427
|
-
# * {Types::ListPolicyGenerationsResponse#next_token #next_token} => String
|
|
1428
1490
|
# * {Types::ListPolicyGenerationsResponse#policy_generations #policy_generations} => Array<Types::PolicyGeneration>
|
|
1491
|
+
# * {Types::ListPolicyGenerationsResponse#next_token #next_token} => String
|
|
1429
1492
|
#
|
|
1430
1493
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
|
1431
1494
|
#
|
|
1432
1495
|
# @example Request syntax with placeholder values
|
|
1433
1496
|
#
|
|
1434
1497
|
# resp = client.list_policy_generations({
|
|
1498
|
+
# principal_arn: "PrincipalArn",
|
|
1435
1499
|
# max_results: 1,
|
|
1436
1500
|
# next_token: "Token",
|
|
1437
|
-
# principal_arn: "PrincipalArn",
|
|
1438
1501
|
# })
|
|
1439
1502
|
#
|
|
1440
1503
|
# @example Response structure
|
|
1441
1504
|
#
|
|
1442
|
-
# resp.next_token #=> String
|
|
1443
1505
|
# resp.policy_generations #=> Array
|
|
1444
|
-
# resp.policy_generations[0].completed_on #=> Time
|
|
1445
1506
|
# resp.policy_generations[0].job_id #=> String
|
|
1446
1507
|
# resp.policy_generations[0].principal_arn #=> String
|
|
1447
|
-
# resp.policy_generations[0].started_on #=> Time
|
|
1448
1508
|
# resp.policy_generations[0].status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
|
|
1509
|
+
# resp.policy_generations[0].started_on #=> Time
|
|
1510
|
+
# resp.policy_generations[0].completed_on #=> Time
|
|
1511
|
+
# resp.next_token #=> String
|
|
1449
1512
|
#
|
|
1450
1513
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerations AWS API Documentation
|
|
1451
1514
|
#
|
|
@@ -1487,6 +1550,14 @@ module Aws::AccessAnalyzer
|
|
|
1487
1550
|
|
|
1488
1551
|
# Starts the policy generation request.
|
|
1489
1552
|
#
|
|
1553
|
+
# @option params [required, Types::PolicyGenerationDetails] :policy_generation_details
|
|
1554
|
+
# Contains the ARN of the IAM entity (user or role) for which you are
|
|
1555
|
+
# generating a policy.
|
|
1556
|
+
#
|
|
1557
|
+
# @option params [Types::CloudTrailDetails] :cloud_trail_details
|
|
1558
|
+
# A `CloudTrailDetails` object that contains details about a `Trail`
|
|
1559
|
+
# that you want to analyze to generate policies.
|
|
1560
|
+
#
|
|
1490
1561
|
# @option params [String] :client_token
|
|
1491
1562
|
# A unique, case-sensitive identifier that you provide to ensure the
|
|
1492
1563
|
# idempotency of the request. Idempotency ensures that an API request
|
|
@@ -1501,14 +1572,6 @@ module Aws::AccessAnalyzer
|
|
|
1501
1572
|
# **A suitable default value is auto-generated.** You should normally
|
|
1502
1573
|
# not need to pass this option.**
|
|
1503
1574
|
#
|
|
1504
|
-
# @option params [Types::CloudTrailDetails] :cloud_trail_details
|
|
1505
|
-
# A `CloudTrailDetails` object that contains details about a `Trail`
|
|
1506
|
-
# that you want to analyze to generate policies.
|
|
1507
|
-
#
|
|
1508
|
-
# @option params [required, Types::PolicyGenerationDetails] :policy_generation_details
|
|
1509
|
-
# Contains the ARN of the IAM entity (user or role) for which you are
|
|
1510
|
-
# generating a policy.
|
|
1511
|
-
#
|
|
1512
1575
|
# @return [Types::StartPolicyGenerationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1513
1576
|
#
|
|
1514
1577
|
# * {Types::StartPolicyGenerationResponse#job_id #job_id} => String
|
|
@@ -1516,22 +1579,22 @@ module Aws::AccessAnalyzer
|
|
|
1516
1579
|
# @example Request syntax with placeholder values
|
|
1517
1580
|
#
|
|
1518
1581
|
# resp = client.start_policy_generation({
|
|
1519
|
-
#
|
|
1582
|
+
# policy_generation_details: { # required
|
|
1583
|
+
# principal_arn: "PrincipalArn", # required
|
|
1584
|
+
# },
|
|
1520
1585
|
# cloud_trail_details: {
|
|
1521
|
-
# access_role: "RoleArn", # required
|
|
1522
|
-
# end_time: Time.now,
|
|
1523
|
-
# start_time: Time.now, # required
|
|
1524
1586
|
# trails: [ # required
|
|
1525
1587
|
# {
|
|
1526
|
-
# all_regions: false,
|
|
1527
1588
|
# cloud_trail_arn: "CloudTrailArn", # required
|
|
1528
1589
|
# regions: ["String"],
|
|
1590
|
+
# all_regions: false,
|
|
1529
1591
|
# },
|
|
1530
1592
|
# ],
|
|
1593
|
+
# access_role: "RoleArn", # required
|
|
1594
|
+
# start_time: Time.now, # required
|
|
1595
|
+
# end_time: Time.now,
|
|
1531
1596
|
# },
|
|
1532
|
-
#
|
|
1533
|
-
# principal_arn: "PrincipalArn", # required
|
|
1534
|
-
# },
|
|
1597
|
+
# client_token: "String",
|
|
1535
1598
|
# })
|
|
1536
1599
|
#
|
|
1537
1600
|
# @example Response structure
|
|
@@ -1561,6 +1624,11 @@ module Aws::AccessAnalyzer
|
|
|
1561
1624
|
# @option params [required, String] :resource_arn
|
|
1562
1625
|
# The ARN of the resource to scan.
|
|
1563
1626
|
#
|
|
1627
|
+
# @option params [String] :resource_owner_account
|
|
1628
|
+
# The Amazon Web Services account ID that owns the resource. For most
|
|
1629
|
+
# Amazon Web Services resources, the owning account is the account in
|
|
1630
|
+
# which the resource was created.
|
|
1631
|
+
#
|
|
1564
1632
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
1565
1633
|
#
|
|
1566
1634
|
# @example Request syntax with placeholder values
|
|
@@ -1568,6 +1636,7 @@ module Aws::AccessAnalyzer
|
|
|
1568
1636
|
# resp = client.start_resource_scan({
|
|
1569
1637
|
# analyzer_arn: "AnalyzerArn", # required
|
|
1570
1638
|
# resource_arn: "ResourceArn", # required
|
|
1639
|
+
# resource_owner_account: "String",
|
|
1571
1640
|
# })
|
|
1572
1641
|
#
|
|
1573
1642
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartResourceScan AWS API Documentation
|
|
@@ -1638,18 +1707,18 @@ module Aws::AccessAnalyzer
|
|
|
1638
1707
|
# @option params [required, String] :analyzer_name
|
|
1639
1708
|
# The name of the analyzer to update the archive rules for.
|
|
1640
1709
|
#
|
|
1641
|
-
# @option params [String] :
|
|
1642
|
-
#
|
|
1643
|
-
#
|
|
1644
|
-
# **A suitable default value is auto-generated.** You should normally
|
|
1645
|
-
# not need to pass this option.**
|
|
1710
|
+
# @option params [required, String] :rule_name
|
|
1711
|
+
# The name of the rule to update.
|
|
1646
1712
|
#
|
|
1647
1713
|
# @option params [required, Hash<String,Types::Criterion>] :filter
|
|
1648
1714
|
# A filter to match for the rules to update. Only rules that match the
|
|
1649
1715
|
# filter are updated.
|
|
1650
1716
|
#
|
|
1651
|
-
# @option params [
|
|
1652
|
-
#
|
|
1717
|
+
# @option params [String] :client_token
|
|
1718
|
+
# A client token.
|
|
1719
|
+
#
|
|
1720
|
+
# **A suitable default value is auto-generated.** You should normally
|
|
1721
|
+
# not need to pass this option.**
|
|
1653
1722
|
#
|
|
1654
1723
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
1655
1724
|
#
|
|
@@ -1657,16 +1726,16 @@ module Aws::AccessAnalyzer
|
|
|
1657
1726
|
#
|
|
1658
1727
|
# resp = client.update_archive_rule({
|
|
1659
1728
|
# analyzer_name: "Name", # required
|
|
1660
|
-
#
|
|
1729
|
+
# rule_name: "Name", # required
|
|
1661
1730
|
# filter: { # required
|
|
1662
1731
|
# "String" => {
|
|
1663
|
-
# contains: ["String"],
|
|
1664
1732
|
# eq: ["String"],
|
|
1665
|
-
# exists: false,
|
|
1666
1733
|
# neq: ["String"],
|
|
1734
|
+
# contains: ["String"],
|
|
1735
|
+
# exists: false,
|
|
1667
1736
|
# },
|
|
1668
1737
|
# },
|
|
1669
|
-
#
|
|
1738
|
+
# client_token: "String",
|
|
1670
1739
|
# })
|
|
1671
1740
|
#
|
|
1672
1741
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateArchiveRule AWS API Documentation
|
|
@@ -1687,11 +1756,10 @@ module Aws::AccessAnalyzer
|
|
|
1687
1756
|
#
|
|
1688
1757
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
|
1689
1758
|
#
|
|
1690
|
-
# @option params [String] :
|
|
1691
|
-
#
|
|
1692
|
-
#
|
|
1693
|
-
#
|
|
1694
|
-
# not need to pass this option.**
|
|
1759
|
+
# @option params [required, String] :status
|
|
1760
|
+
# The state represents the action to take to update the finding Status.
|
|
1761
|
+
# Use `ARCHIVE` to change an Active finding to an Archived finding. Use
|
|
1762
|
+
# `ACTIVE` to change an Archived finding to an Active finding.
|
|
1695
1763
|
#
|
|
1696
1764
|
# @option params [Array<String>] :ids
|
|
1697
1765
|
# The IDs of the findings to update.
|
|
@@ -1699,10 +1767,11 @@ module Aws::AccessAnalyzer
|
|
|
1699
1767
|
# @option params [String] :resource_arn
|
|
1700
1768
|
# The ARN of the resource identified in the finding.
|
|
1701
1769
|
#
|
|
1702
|
-
# @option params [
|
|
1703
|
-
#
|
|
1704
|
-
#
|
|
1705
|
-
#
|
|
1770
|
+
# @option params [String] :client_token
|
|
1771
|
+
# A client token.
|
|
1772
|
+
#
|
|
1773
|
+
# **A suitable default value is auto-generated.** You should normally
|
|
1774
|
+
# not need to pass this option.**
|
|
1706
1775
|
#
|
|
1707
1776
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
1708
1777
|
#
|
|
@@ -1710,10 +1779,10 @@ module Aws::AccessAnalyzer
|
|
|
1710
1779
|
#
|
|
1711
1780
|
# resp = client.update_findings({
|
|
1712
1781
|
# analyzer_arn: "AnalyzerArn", # required
|
|
1713
|
-
#
|
|
1782
|
+
# status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
|
|
1714
1783
|
# ids: ["FindingId"],
|
|
1715
1784
|
# resource_arn: "ResourceArn",
|
|
1716
|
-
#
|
|
1785
|
+
# client_token: "String",
|
|
1717
1786
|
# })
|
|
1718
1787
|
#
|
|
1719
1788
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateFindings AWS API Documentation
|
|
@@ -1783,7 +1852,7 @@ module Aws::AccessAnalyzer
|
|
|
1783
1852
|
# next_token: "Token",
|
|
1784
1853
|
# policy_document: "PolicyDocument", # required
|
|
1785
1854
|
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
|
|
1786
|
-
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
|
|
1855
|
+
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
|
|
1787
1856
|
# })
|
|
1788
1857
|
#
|
|
1789
1858
|
# @example Response structure
|
|
@@ -1797,15 +1866,15 @@ module Aws::AccessAnalyzer
|
|
|
1797
1866
|
# resp.findings[0].locations[0].path #=> Array
|
|
1798
1867
|
# resp.findings[0].locations[0].path[0].index #=> Integer
|
|
1799
1868
|
# resp.findings[0].locations[0].path[0].key #=> String
|
|
1800
|
-
# resp.findings[0].locations[0].path[0].substring.length #=> Integer
|
|
1801
1869
|
# resp.findings[0].locations[0].path[0].substring.start #=> Integer
|
|
1870
|
+
# resp.findings[0].locations[0].path[0].substring.length #=> Integer
|
|
1802
1871
|
# resp.findings[0].locations[0].path[0].value #=> String
|
|
1803
|
-
# resp.findings[0].locations[0].span.end.column #=> Integer
|
|
1804
|
-
# resp.findings[0].locations[0].span.end.line #=> Integer
|
|
1805
|
-
# resp.findings[0].locations[0].span.end.offset #=> Integer
|
|
1806
|
-
# resp.findings[0].locations[0].span.start.column #=> Integer
|
|
1807
1872
|
# resp.findings[0].locations[0].span.start.line #=> Integer
|
|
1873
|
+
# resp.findings[0].locations[0].span.start.column #=> Integer
|
|
1808
1874
|
# resp.findings[0].locations[0].span.start.offset #=> Integer
|
|
1875
|
+
# resp.findings[0].locations[0].span.end.line #=> Integer
|
|
1876
|
+
# resp.findings[0].locations[0].span.end.column #=> Integer
|
|
1877
|
+
# resp.findings[0].locations[0].span.end.offset #=> Integer
|
|
1809
1878
|
# resp.next_token #=> String
|
|
1810
1879
|
#
|
|
1811
1880
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicy AWS API Documentation
|
|
@@ -1830,7 +1899,7 @@ module Aws::AccessAnalyzer
|
|
|
1830
1899
|
params: params,
|
|
1831
1900
|
config: config)
|
|
1832
1901
|
context[:gem_name] = 'aws-sdk-accessanalyzer'
|
|
1833
|
-
context[:gem_version] = '1.
|
|
1902
|
+
context[:gem_version] = '1.31.0'
|
|
1834
1903
|
Seahorse::Client::Request.new(handlers, context)
|
|
1835
1904
|
end
|
|
1836
1905
|
|