aws-sdk-accessanalyzer 1.29.0 → 1.31.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +321 -252
- data/lib/aws-sdk-accessanalyzer/client_api.rb +188 -101
- data/lib/aws-sdk-accessanalyzer/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-accessanalyzer/endpoint_provider.rb +112 -0
- data/lib/aws-sdk-accessanalyzer/endpoints.rb +407 -0
- data/lib/aws-sdk-accessanalyzer/errors.rb +5 -5
- data/lib/aws-sdk-accessanalyzer/plugins/endpoints.rb +124 -0
- data/lib/aws-sdk-accessanalyzer/types.rb +1141 -665
- data/lib/aws-sdk-accessanalyzer.rb +5 -1
- metadata +8 -4
|
@@ -30,7 +30,7 @@ require 'aws-sdk-core/plugins/http_checksum.rb'
|
|
|
30
30
|
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
|
31
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
|
32
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
|
33
|
-
require 'aws-sdk-core/plugins/
|
|
33
|
+
require 'aws-sdk-core/plugins/sign.rb'
|
|
34
34
|
require 'aws-sdk-core/plugins/protocols/rest_json.rb'
|
|
35
35
|
|
|
36
36
|
Aws::Plugins::GlobalConfiguration.add_identifier(:accessanalyzer)
|
|
@@ -79,8 +79,9 @@ module Aws::AccessAnalyzer
|
|
|
79
79
|
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
|
80
80
|
add_plugin(Aws::Plugins::DefaultsMode)
|
|
81
81
|
add_plugin(Aws::Plugins::RecursionDetection)
|
|
82
|
-
add_plugin(Aws::Plugins::
|
|
82
|
+
add_plugin(Aws::Plugins::Sign)
|
|
83
83
|
add_plugin(Aws::Plugins::Protocols::RestJson)
|
|
84
|
+
add_plugin(Aws::AccessAnalyzer::Plugins::Endpoints)
|
|
84
85
|
|
|
85
86
|
# @overload initialize(options)
|
|
86
87
|
# @param [Hash] options
|
|
@@ -287,6 +288,19 @@ module Aws::AccessAnalyzer
|
|
|
287
288
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
|
288
289
|
# requests are made, and retries are disabled.
|
|
289
290
|
#
|
|
291
|
+
# @option options [Aws::TokenProvider] :token_provider
|
|
292
|
+
# A Bearer Token Provider. This can be an instance of any one of the
|
|
293
|
+
# following classes:
|
|
294
|
+
#
|
|
295
|
+
# * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
|
|
296
|
+
# tokens.
|
|
297
|
+
#
|
|
298
|
+
# * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
|
|
299
|
+
# access token generated from `aws login`.
|
|
300
|
+
#
|
|
301
|
+
# When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
|
|
302
|
+
# will be used to search for tokens configured for your profile in shared configuration files.
|
|
303
|
+
#
|
|
290
304
|
# @option options [Boolean] :use_dualstack_endpoint
|
|
291
305
|
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
|
292
306
|
# will be used if available.
|
|
@@ -300,6 +314,9 @@ module Aws::AccessAnalyzer
|
|
|
300
314
|
# When `true`, request parameters are validated before
|
|
301
315
|
# sending the request.
|
|
302
316
|
#
|
|
317
|
+
# @option options [Aws::AccessAnalyzer::EndpointProvider] :endpoint_provider
|
|
318
|
+
# The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::AccessAnalyzer::EndpointParameters`
|
|
319
|
+
#
|
|
303
320
|
# @option options [URI::HTTP,String] :http_proxy A proxy to send
|
|
304
321
|
# requests through. Formatted like 'http://proxy.com:123'.
|
|
305
322
|
#
|
|
@@ -357,23 +374,23 @@ module Aws::AccessAnalyzer
|
|
|
357
374
|
# @option params [required, String] :analyzer_arn
|
|
358
375
|
# The Amazon resource name (ARN) of the analyzer.
|
|
359
376
|
#
|
|
377
|
+
# @option params [required, String] :rule_name
|
|
378
|
+
# The name of the rule to apply.
|
|
379
|
+
#
|
|
360
380
|
# @option params [String] :client_token
|
|
361
381
|
# A client token.
|
|
362
382
|
#
|
|
363
383
|
# **A suitable default value is auto-generated.** You should normally
|
|
364
384
|
# not need to pass this option.**
|
|
365
385
|
#
|
|
366
|
-
# @option params [required, String] :rule_name
|
|
367
|
-
# The name of the rule to apply.
|
|
368
|
-
#
|
|
369
386
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
370
387
|
#
|
|
371
388
|
# @example Request syntax with placeholder values
|
|
372
389
|
#
|
|
373
390
|
# resp = client.apply_archive_rule({
|
|
374
391
|
# analyzer_arn: "AnalyzerArn", # required
|
|
375
|
-
# client_token: "String",
|
|
376
392
|
# rule_name: "Name", # required
|
|
393
|
+
# client_token: "String",
|
|
377
394
|
# })
|
|
378
395
|
#
|
|
379
396
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ApplyArchiveRule AWS API Documentation
|
|
@@ -423,12 +440,6 @@ module Aws::AccessAnalyzer
|
|
|
423
440
|
#
|
|
424
441
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
|
425
442
|
#
|
|
426
|
-
# @option params [String] :client_token
|
|
427
|
-
# A client token.
|
|
428
|
-
#
|
|
429
|
-
# **A suitable default value is auto-generated.** You should normally
|
|
430
|
-
# not need to pass this option.**
|
|
431
|
-
#
|
|
432
443
|
# @option params [required, Hash<String,Types::Configuration>] :configurations
|
|
433
444
|
# Access control configuration for your resource that is used to
|
|
434
445
|
# generate the access preview. The access preview includes findings for
|
|
@@ -436,6 +447,12 @@ module Aws::AccessAnalyzer
|
|
|
436
447
|
# control configuration. The configuration must contain exactly one
|
|
437
448
|
# element.
|
|
438
449
|
#
|
|
450
|
+
# @option params [String] :client_token
|
|
451
|
+
# A client token.
|
|
452
|
+
#
|
|
453
|
+
# **A suitable default value is auto-generated.** You should normally
|
|
454
|
+
# not need to pass this option.**
|
|
455
|
+
#
|
|
439
456
|
# @return [Types::CreateAccessPreviewResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
440
457
|
#
|
|
441
458
|
# * {Types::CreateAccessPreviewResponse#id #id} => String
|
|
@@ -444,15 +461,31 @@ module Aws::AccessAnalyzer
|
|
|
444
461
|
#
|
|
445
462
|
# resp = client.create_access_preview({
|
|
446
463
|
# analyzer_arn: "AnalyzerArn", # required
|
|
447
|
-
# client_token: "String",
|
|
448
464
|
# configurations: { # required
|
|
449
465
|
# "ConfigurationsMapKey" => {
|
|
466
|
+
# ebs_snapshot: {
|
|
467
|
+
# user_ids: ["EbsUserId"],
|
|
468
|
+
# groups: ["EbsGroup"],
|
|
469
|
+
# kms_key_id: "EbsSnapshotDataEncryptionKeyId",
|
|
470
|
+
# },
|
|
471
|
+
# ecr_repository: {
|
|
472
|
+
# repository_policy: "EcrRepositoryPolicy",
|
|
473
|
+
# },
|
|
450
474
|
# iam_role: {
|
|
451
475
|
# trust_policy: "IamTrustPolicy",
|
|
452
476
|
# },
|
|
477
|
+
# efs_file_system: {
|
|
478
|
+
# file_system_policy: "EfsFileSystemPolicy",
|
|
479
|
+
# },
|
|
453
480
|
# kms_key: {
|
|
481
|
+
# key_policies: {
|
|
482
|
+
# "PolicyName" => "KmsKeyPolicy",
|
|
483
|
+
# },
|
|
454
484
|
# grants: [
|
|
455
485
|
# {
|
|
486
|
+
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
|
487
|
+
# grantee_principal: "GranteePrincipal", # required
|
|
488
|
+
# retiring_principal: "RetiringPrincipal",
|
|
456
489
|
# constraints: {
|
|
457
490
|
# encryption_context_equals: {
|
|
458
491
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
|
@@ -461,57 +494,71 @@ module Aws::AccessAnalyzer
|
|
|
461
494
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
|
462
495
|
# },
|
|
463
496
|
# },
|
|
464
|
-
# grantee_principal: "GranteePrincipal", # required
|
|
465
497
|
# issuing_account: "IssuingAccount", # required
|
|
466
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
|
467
|
-
# retiring_principal: "RetiringPrincipal",
|
|
468
498
|
# },
|
|
469
499
|
# ],
|
|
470
|
-
#
|
|
471
|
-
#
|
|
500
|
+
# },
|
|
501
|
+
# rds_db_cluster_snapshot: {
|
|
502
|
+
# attributes: {
|
|
503
|
+
# "RdsDbClusterSnapshotAttributeName" => {
|
|
504
|
+
# account_ids: ["RdsDbClusterSnapshotAccountId"],
|
|
505
|
+
# },
|
|
472
506
|
# },
|
|
507
|
+
# kms_key_id: "RdsDbClusterSnapshotKmsKeyId",
|
|
473
508
|
# },
|
|
474
|
-
#
|
|
475
|
-
#
|
|
476
|
-
# "
|
|
477
|
-
#
|
|
478
|
-
# network_origin: {
|
|
479
|
-
# internet_configuration: {
|
|
480
|
-
# },
|
|
481
|
-
# vpc_configuration: {
|
|
482
|
-
# vpc_id: "VpcId", # required
|
|
483
|
-
# },
|
|
484
|
-
# },
|
|
485
|
-
# public_access_block: {
|
|
486
|
-
# ignore_public_acls: false, # required
|
|
487
|
-
# restrict_public_buckets: false, # required
|
|
488
|
-
# },
|
|
509
|
+
# rds_db_snapshot: {
|
|
510
|
+
# attributes: {
|
|
511
|
+
# "RdsDbSnapshotAttributeName" => {
|
|
512
|
+
# account_ids: ["RdsDbSnapshotAccountId"],
|
|
489
513
|
# },
|
|
490
514
|
# },
|
|
515
|
+
# kms_key_id: "RdsDbSnapshotKmsKeyId",
|
|
516
|
+
# },
|
|
517
|
+
# secrets_manager_secret: {
|
|
518
|
+
# kms_key_id: "SecretsManagerSecretKmsId",
|
|
519
|
+
# secret_policy: "SecretsManagerSecretPolicy",
|
|
520
|
+
# },
|
|
521
|
+
# s3_bucket: {
|
|
522
|
+
# bucket_policy: "S3BucketPolicy",
|
|
491
523
|
# bucket_acl_grants: [
|
|
492
524
|
# {
|
|
525
|
+
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
|
493
526
|
# grantee: { # required
|
|
494
527
|
# id: "AclCanonicalId",
|
|
495
528
|
# uri: "AclUri",
|
|
496
529
|
# },
|
|
497
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
|
498
530
|
# },
|
|
499
531
|
# ],
|
|
500
|
-
# bucket_policy: "S3BucketPolicy",
|
|
501
532
|
# bucket_public_access_block: {
|
|
502
533
|
# ignore_public_acls: false, # required
|
|
503
534
|
# restrict_public_buckets: false, # required
|
|
504
535
|
# },
|
|
536
|
+
# access_points: {
|
|
537
|
+
# "AccessPointArn" => {
|
|
538
|
+
# access_point_policy: "AccessPointPolicy",
|
|
539
|
+
# public_access_block: {
|
|
540
|
+
# ignore_public_acls: false, # required
|
|
541
|
+
# restrict_public_buckets: false, # required
|
|
542
|
+
# },
|
|
543
|
+
# network_origin: {
|
|
544
|
+
# vpc_configuration: {
|
|
545
|
+
# vpc_id: "VpcId", # required
|
|
546
|
+
# },
|
|
547
|
+
# internet_configuration: {
|
|
548
|
+
# },
|
|
549
|
+
# },
|
|
550
|
+
# },
|
|
551
|
+
# },
|
|
505
552
|
# },
|
|
506
|
-
#
|
|
507
|
-
#
|
|
508
|
-
# secret_policy: "SecretsManagerSecretPolicy",
|
|
553
|
+
# sns_topic: {
|
|
554
|
+
# topic_policy: "SnsTopicPolicy",
|
|
509
555
|
# },
|
|
510
556
|
# sqs_queue: {
|
|
511
557
|
# queue_policy: "SqsQueuePolicy",
|
|
512
558
|
# },
|
|
513
559
|
# },
|
|
514
560
|
# },
|
|
561
|
+
# client_token: "String",
|
|
515
562
|
# })
|
|
516
563
|
#
|
|
517
564
|
# @example Response structure
|
|
@@ -532,26 +579,26 @@ module Aws::AccessAnalyzer
|
|
|
532
579
|
# @option params [required, String] :analyzer_name
|
|
533
580
|
# The name of the analyzer to create.
|
|
534
581
|
#
|
|
582
|
+
# @option params [required, String] :type
|
|
583
|
+
# The type of analyzer to create. Only ACCOUNT and ORGANIZATION
|
|
584
|
+
# analyzers are supported. You can create only one analyzer per account
|
|
585
|
+
# per Region. You can create up to 5 analyzers per organization per
|
|
586
|
+
# Region.
|
|
587
|
+
#
|
|
535
588
|
# @option params [Array<Types::InlineArchiveRule>] :archive_rules
|
|
536
589
|
# Specifies the archive rules to add for the analyzer. Archive rules
|
|
537
590
|
# automatically archive findings that meet the criteria you define for
|
|
538
591
|
# the rule.
|
|
539
592
|
#
|
|
593
|
+
# @option params [Hash<String,String>] :tags
|
|
594
|
+
# The tags to apply to the analyzer.
|
|
595
|
+
#
|
|
540
596
|
# @option params [String] :client_token
|
|
541
597
|
# A client token.
|
|
542
598
|
#
|
|
543
599
|
# **A suitable default value is auto-generated.** You should normally
|
|
544
600
|
# not need to pass this option.**
|
|
545
601
|
#
|
|
546
|
-
# @option params [Hash<String,String>] :tags
|
|
547
|
-
# The tags to apply to the analyzer.
|
|
548
|
-
#
|
|
549
|
-
# @option params [required, String] :type
|
|
550
|
-
# The type of analyzer to create. Only ACCOUNT and ORGANIZATION
|
|
551
|
-
# analyzers are supported. You can create only one analyzer per account
|
|
552
|
-
# per Region. You can create up to 5 analyzers per organization per
|
|
553
|
-
# Region.
|
|
554
|
-
#
|
|
555
602
|
# @return [Types::CreateAnalyzerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
556
603
|
#
|
|
557
604
|
# * {Types::CreateAnalyzerResponse#arn #arn} => String
|
|
@@ -560,24 +607,24 @@ module Aws::AccessAnalyzer
|
|
|
560
607
|
#
|
|
561
608
|
# resp = client.create_analyzer({
|
|
562
609
|
# analyzer_name: "Name", # required
|
|
610
|
+
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
|
|
563
611
|
# archive_rules: [
|
|
564
612
|
# {
|
|
613
|
+
# rule_name: "Name", # required
|
|
565
614
|
# filter: { # required
|
|
566
615
|
# "String" => {
|
|
567
|
-
# contains: ["String"],
|
|
568
616
|
# eq: ["String"],
|
|
569
|
-
# exists: false,
|
|
570
617
|
# neq: ["String"],
|
|
618
|
+
# contains: ["String"],
|
|
619
|
+
# exists: false,
|
|
571
620
|
# },
|
|
572
621
|
# },
|
|
573
|
-
# rule_name: "Name", # required
|
|
574
622
|
# },
|
|
575
623
|
# ],
|
|
576
|
-
# client_token: "String",
|
|
577
624
|
# tags: {
|
|
578
625
|
# "String" => "String",
|
|
579
626
|
# },
|
|
580
|
-
#
|
|
627
|
+
# client_token: "String",
|
|
581
628
|
# })
|
|
582
629
|
#
|
|
583
630
|
# @example Response structure
|
|
@@ -607,34 +654,34 @@ module Aws::AccessAnalyzer
|
|
|
607
654
|
# @option params [required, String] :analyzer_name
|
|
608
655
|
# The name of the created analyzer.
|
|
609
656
|
#
|
|
657
|
+
# @option params [required, String] :rule_name
|
|
658
|
+
# The name of the rule to create.
|
|
659
|
+
#
|
|
660
|
+
# @option params [required, Hash<String,Types::Criterion>] :filter
|
|
661
|
+
# The criteria for the rule.
|
|
662
|
+
#
|
|
610
663
|
# @option params [String] :client_token
|
|
611
664
|
# A client token.
|
|
612
665
|
#
|
|
613
666
|
# **A suitable default value is auto-generated.** You should normally
|
|
614
667
|
# not need to pass this option.**
|
|
615
668
|
#
|
|
616
|
-
# @option params [required, Hash<String,Types::Criterion>] :filter
|
|
617
|
-
# The criteria for the rule.
|
|
618
|
-
#
|
|
619
|
-
# @option params [required, String] :rule_name
|
|
620
|
-
# The name of the rule to create.
|
|
621
|
-
#
|
|
622
669
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
623
670
|
#
|
|
624
671
|
# @example Request syntax with placeholder values
|
|
625
672
|
#
|
|
626
673
|
# resp = client.create_archive_rule({
|
|
627
674
|
# analyzer_name: "Name", # required
|
|
628
|
-
#
|
|
675
|
+
# rule_name: "Name", # required
|
|
629
676
|
# filter: { # required
|
|
630
677
|
# "String" => {
|
|
631
|
-
# contains: ["String"],
|
|
632
678
|
# eq: ["String"],
|
|
633
|
-
# exists: false,
|
|
634
679
|
# neq: ["String"],
|
|
680
|
+
# contains: ["String"],
|
|
681
|
+
# exists: false,
|
|
635
682
|
# },
|
|
636
683
|
# },
|
|
637
|
-
#
|
|
684
|
+
# client_token: "String",
|
|
638
685
|
# })
|
|
639
686
|
#
|
|
640
687
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateArchiveRule AWS API Documentation
|
|
@@ -684,23 +731,23 @@ module Aws::AccessAnalyzer
|
|
|
684
731
|
# The name of the analyzer that associated with the archive rule to
|
|
685
732
|
# delete.
|
|
686
733
|
#
|
|
734
|
+
# @option params [required, String] :rule_name
|
|
735
|
+
# The name of the rule to delete.
|
|
736
|
+
#
|
|
687
737
|
# @option params [String] :client_token
|
|
688
738
|
# A client token.
|
|
689
739
|
#
|
|
690
740
|
# **A suitable default value is auto-generated.** You should normally
|
|
691
741
|
# not need to pass this option.**
|
|
692
742
|
#
|
|
693
|
-
# @option params [required, String] :rule_name
|
|
694
|
-
# The name of the rule to delete.
|
|
695
|
-
#
|
|
696
743
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
697
744
|
#
|
|
698
745
|
# @example Request syntax with placeholder values
|
|
699
746
|
#
|
|
700
747
|
# resp = client.delete_archive_rule({
|
|
701
748
|
# analyzer_name: "Name", # required
|
|
702
|
-
# client_token: "String",
|
|
703
749
|
# rule_name: "Name", # required
|
|
750
|
+
# client_token: "String",
|
|
704
751
|
# })
|
|
705
752
|
#
|
|
706
753
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/DeleteArchiveRule AWS API Documentation
|
|
@@ -738,38 +785,54 @@ module Aws::AccessAnalyzer
|
|
|
738
785
|
#
|
|
739
786
|
# @example Response structure
|
|
740
787
|
#
|
|
788
|
+
# resp.access_preview.id #=> String
|
|
741
789
|
# resp.access_preview.analyzer_arn #=> String
|
|
742
790
|
# resp.access_preview.configurations #=> Hash
|
|
791
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].ebs_snapshot.user_ids #=> Array
|
|
792
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].ebs_snapshot.user_ids[0] #=> String
|
|
793
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].ebs_snapshot.groups #=> Array
|
|
794
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].ebs_snapshot.groups[0] #=> String
|
|
795
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].ebs_snapshot.kms_key_id #=> String
|
|
796
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].ecr_repository.repository_policy #=> String
|
|
743
797
|
# resp.access_preview.configurations["ConfigurationsMapKey"].iam_role.trust_policy #=> String
|
|
798
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].efs_file_system.file_system_policy #=> String
|
|
799
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies #=> Hash
|
|
800
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.key_policies["PolicyName"] #=> String
|
|
744
801
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants #=> Array
|
|
802
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations #=> Array
|
|
803
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].operations[0] #=> String, one of "CreateGrant", "Decrypt", "DescribeKey", "Encrypt", "GenerateDataKey", "GenerateDataKeyPair", "GenerateDataKeyPairWithoutPlaintext", "GenerateDataKeyWithoutPlaintext", "GetPublicKey", "ReEncryptFrom", "ReEncryptTo", "RetireGrant", "Sign", "Verify"
|
|
804
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].grantee_principal #=> String
|
|
805
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].retiring_principal #=> String
|
|
745
806
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_equals #=> Hash
|
|
746
807
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_equals["KmsConstraintsKey"] #=> String
|
|
747
808
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_subset #=> Hash
|
|
748
809
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].constraints.encryption_context_subset["KmsConstraintsKey"] #=> String
|
|
749
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].grantee_principal #=> String
|
|
750
810
|
# resp.access_preview.configurations["ConfigurationsMapKey"].kms_key.grants[0].issuing_account #=> String
|
|
751
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
752
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
753
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
754
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
755
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
756
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
757
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
758
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
759
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
760
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
811
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_cluster_snapshot.attributes #=> Hash
|
|
812
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_cluster_snapshot.attributes["RdsDbClusterSnapshotAttributeName"].account_ids #=> Array
|
|
813
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_cluster_snapshot.attributes["RdsDbClusterSnapshotAttributeName"].account_ids[0] #=> String
|
|
814
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_cluster_snapshot.kms_key_id #=> String
|
|
815
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_snapshot.attributes #=> Hash
|
|
816
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_snapshot.attributes["RdsDbSnapshotAttributeName"].account_ids #=> Array
|
|
817
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_snapshot.attributes["RdsDbSnapshotAttributeName"].account_ids[0] #=> String
|
|
818
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].rds_db_snapshot.kms_key_id #=> String
|
|
819
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.kms_key_id #=> String
|
|
820
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].secrets_manager_secret.secret_policy #=> String
|
|
821
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_policy #=> String
|
|
761
822
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants #=> Array
|
|
823
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].permission #=> String, one of "READ", "WRITE", "READ_ACP", "WRITE_ACP", "FULL_CONTROL"
|
|
762
824
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].grantee.id #=> String
|
|
763
825
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].grantee.uri #=> String
|
|
764
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_acl_grants[0].permission #=> String, one of "READ", "WRITE", "READ_ACP", "WRITE_ACP", "FULL_CONTROL"
|
|
765
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_policy #=> String
|
|
766
826
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_public_access_block.ignore_public_acls #=> Boolean
|
|
767
827
|
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.bucket_public_access_block.restrict_public_buckets #=> Boolean
|
|
768
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
769
|
-
# resp.access_preview.configurations["ConfigurationsMapKey"].
|
|
828
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points #=> Hash
|
|
829
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].access_point_policy #=> String
|
|
830
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.ignore_public_acls #=> Boolean
|
|
831
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].public_access_block.restrict_public_buckets #=> Boolean
|
|
832
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].s3_bucket.access_points["AccessPointArn"].network_origin.vpc_configuration.vpc_id #=> String
|
|
833
|
+
# resp.access_preview.configurations["ConfigurationsMapKey"].sns_topic.topic_policy #=> String
|
|
770
834
|
# resp.access_preview.configurations["ConfigurationsMapKey"].sqs_queue.queue_policy #=> String
|
|
771
835
|
# resp.access_preview.created_at #=> Time
|
|
772
|
-
# resp.access_preview.id #=> String
|
|
773
836
|
# resp.access_preview.status #=> String, one of "COMPLETED", "CREATING", "FAILED"
|
|
774
837
|
# resp.access_preview.status_reason.code #=> String, one of "INTERNAL_ERROR", "INVALID_CONFIGURATION"
|
|
775
838
|
#
|
|
@@ -807,19 +870,19 @@ module Aws::AccessAnalyzer
|
|
|
807
870
|
#
|
|
808
871
|
# @example Response structure
|
|
809
872
|
#
|
|
810
|
-
# resp.resource.
|
|
811
|
-
# resp.resource.
|
|
812
|
-
# resp.resource.analyzed_at #=> Time
|
|
873
|
+
# resp.resource.resource_arn #=> String
|
|
874
|
+
# resp.resource.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic"
|
|
813
875
|
# resp.resource.created_at #=> Time
|
|
814
|
-
# resp.resource.
|
|
876
|
+
# resp.resource.analyzed_at #=> Time
|
|
877
|
+
# resp.resource.updated_at #=> Time
|
|
815
878
|
# resp.resource.is_public #=> Boolean
|
|
816
|
-
# resp.resource.
|
|
817
|
-
# resp.resource.
|
|
818
|
-
# resp.resource.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
|
|
879
|
+
# resp.resource.actions #=> Array
|
|
880
|
+
# resp.resource.actions[0] #=> String
|
|
819
881
|
# resp.resource.shared_via #=> Array
|
|
820
882
|
# resp.resource.shared_via[0] #=> String
|
|
821
883
|
# resp.resource.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
|
822
|
-
# resp.resource.
|
|
884
|
+
# resp.resource.resource_owner_account #=> String
|
|
885
|
+
# resp.resource.error #=> String
|
|
823
886
|
#
|
|
824
887
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzedResource AWS API Documentation
|
|
825
888
|
#
|
|
@@ -848,15 +911,15 @@ module Aws::AccessAnalyzer
|
|
|
848
911
|
# @example Response structure
|
|
849
912
|
#
|
|
850
913
|
# resp.analyzer.arn #=> String
|
|
914
|
+
# resp.analyzer.name #=> String
|
|
915
|
+
# resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION"
|
|
851
916
|
# resp.analyzer.created_at #=> Time
|
|
852
917
|
# resp.analyzer.last_resource_analyzed #=> String
|
|
853
918
|
# resp.analyzer.last_resource_analyzed_at #=> Time
|
|
854
|
-
# resp.analyzer.name #=> String
|
|
855
|
-
# resp.analyzer.status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
|
856
|
-
# resp.analyzer.status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
|
857
919
|
# resp.analyzer.tags #=> Hash
|
|
858
920
|
# resp.analyzer.tags["String"] #=> String
|
|
859
|
-
# resp.analyzer.
|
|
921
|
+
# resp.analyzer.status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
|
922
|
+
# resp.analyzer.status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
|
860
923
|
#
|
|
861
924
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzer AWS API Documentation
|
|
862
925
|
#
|
|
@@ -895,16 +958,16 @@ module Aws::AccessAnalyzer
|
|
|
895
958
|
#
|
|
896
959
|
# @example Response structure
|
|
897
960
|
#
|
|
898
|
-
# resp.archive_rule.
|
|
961
|
+
# resp.archive_rule.rule_name #=> String
|
|
899
962
|
# resp.archive_rule.filter #=> Hash
|
|
900
|
-
# resp.archive_rule.filter["String"].contains #=> Array
|
|
901
|
-
# resp.archive_rule.filter["String"].contains[0] #=> String
|
|
902
963
|
# resp.archive_rule.filter["String"].eq #=> Array
|
|
903
964
|
# resp.archive_rule.filter["String"].eq[0] #=> String
|
|
904
|
-
# resp.archive_rule.filter["String"].exists #=> Boolean
|
|
905
965
|
# resp.archive_rule.filter["String"].neq #=> Array
|
|
906
966
|
# resp.archive_rule.filter["String"].neq[0] #=> String
|
|
907
|
-
# resp.archive_rule.
|
|
967
|
+
# resp.archive_rule.filter["String"].contains #=> Array
|
|
968
|
+
# resp.archive_rule.filter["String"].contains[0] #=> String
|
|
969
|
+
# resp.archive_rule.filter["String"].exists #=> Boolean
|
|
970
|
+
# resp.archive_rule.created_at #=> Time
|
|
908
971
|
# resp.archive_rule.updated_at #=> Time
|
|
909
972
|
#
|
|
910
973
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetArchiveRule AWS API Documentation
|
|
@@ -941,25 +1004,25 @@ module Aws::AccessAnalyzer
|
|
|
941
1004
|
#
|
|
942
1005
|
# @example Response structure
|
|
943
1006
|
#
|
|
1007
|
+
# resp.finding.id #=> String
|
|
1008
|
+
# resp.finding.principal #=> Hash
|
|
1009
|
+
# resp.finding.principal["String"] #=> String
|
|
944
1010
|
# resp.finding.action #=> Array
|
|
945
1011
|
# resp.finding.action[0] #=> String
|
|
946
|
-
# resp.finding.
|
|
1012
|
+
# resp.finding.resource #=> String
|
|
1013
|
+
# resp.finding.is_public #=> Boolean
|
|
1014
|
+
# resp.finding.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic"
|
|
947
1015
|
# resp.finding.condition #=> Hash
|
|
948
1016
|
# resp.finding.condition["String"] #=> String
|
|
949
1017
|
# resp.finding.created_at #=> Time
|
|
950
|
-
# resp.finding.
|
|
951
|
-
# resp.finding.
|
|
952
|
-
# resp.finding.
|
|
953
|
-
# resp.finding.principal #=> Hash
|
|
954
|
-
# resp.finding.principal["String"] #=> String
|
|
955
|
-
# resp.finding.resource #=> String
|
|
1018
|
+
# resp.finding.analyzed_at #=> Time
|
|
1019
|
+
# resp.finding.updated_at #=> Time
|
|
1020
|
+
# resp.finding.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
|
956
1021
|
# resp.finding.resource_owner_account #=> String
|
|
957
|
-
# resp.finding.
|
|
1022
|
+
# resp.finding.error #=> String
|
|
958
1023
|
# resp.finding.sources #=> Array
|
|
959
|
-
# resp.finding.sources[0].detail.access_point_arn #=> String
|
|
960
1024
|
# resp.finding.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
|
|
961
|
-
# resp.finding.
|
|
962
|
-
# resp.finding.updated_at #=> Time
|
|
1025
|
+
# resp.finding.sources[0].detail.access_point_arn #=> String
|
|
963
1026
|
#
|
|
964
1027
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFinding AWS API Documentation
|
|
965
1028
|
#
|
|
@@ -972,6 +1035,12 @@ module Aws::AccessAnalyzer
|
|
|
972
1035
|
|
|
973
1036
|
# Retrieves the policy that was generated using `StartPolicyGeneration`.
|
|
974
1037
|
#
|
|
1038
|
+
# @option params [required, String] :job_id
|
|
1039
|
+
# The `JobId` that is returned by the `StartPolicyGeneration` operation.
|
|
1040
|
+
# The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
|
|
1041
|
+
# generated policies or used with `CancelPolicyGeneration` to cancel the
|
|
1042
|
+
# policy generation request.
|
|
1043
|
+
#
|
|
975
1044
|
# @option params [Boolean] :include_resource_placeholders
|
|
976
1045
|
# The level of detail that you want to generate. You can specify whether
|
|
977
1046
|
# to generate policies with placeholders for resource ARNs for actions
|
|
@@ -989,44 +1058,38 @@ module Aws::AccessAnalyzer
|
|
|
989
1058
|
# services that have been used recently to create this service-level
|
|
990
1059
|
# template.
|
|
991
1060
|
#
|
|
992
|
-
# @option params [required, String] :job_id
|
|
993
|
-
# The `JobId` that is returned by the `StartPolicyGeneration` operation.
|
|
994
|
-
# The `JobId` can be used with `GetGeneratedPolicy` to retrieve the
|
|
995
|
-
# generated policies or used with `CancelPolicyGeneration` to cancel the
|
|
996
|
-
# policy generation request.
|
|
997
|
-
#
|
|
998
1061
|
# @return [Types::GetGeneratedPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
999
1062
|
#
|
|
1000
|
-
# * {Types::GetGeneratedPolicyResponse#generated_policy_result #generated_policy_result} => Types::GeneratedPolicyResult
|
|
1001
1063
|
# * {Types::GetGeneratedPolicyResponse#job_details #job_details} => Types::JobDetails
|
|
1064
|
+
# * {Types::GetGeneratedPolicyResponse#generated_policy_result #generated_policy_result} => Types::GeneratedPolicyResult
|
|
1002
1065
|
#
|
|
1003
1066
|
# @example Request syntax with placeholder values
|
|
1004
1067
|
#
|
|
1005
1068
|
# resp = client.get_generated_policy({
|
|
1069
|
+
# job_id: "JobId", # required
|
|
1006
1070
|
# include_resource_placeholders: false,
|
|
1007
1071
|
# include_service_level_template: false,
|
|
1008
|
-
# job_id: "JobId", # required
|
|
1009
1072
|
# })
|
|
1010
1073
|
#
|
|
1011
1074
|
# @example Response structure
|
|
1012
1075
|
#
|
|
1013
|
-
# resp.
|
|
1014
|
-
# resp.
|
|
1015
|
-
# resp.
|
|
1016
|
-
# resp.
|
|
1076
|
+
# resp.job_details.job_id #=> String
|
|
1077
|
+
# resp.job_details.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
|
|
1078
|
+
# resp.job_details.started_on #=> Time
|
|
1079
|
+
# resp.job_details.completed_on #=> Time
|
|
1080
|
+
# resp.job_details.job_error.code #=> String, one of "AUTHORIZATION_ERROR", "RESOURCE_NOT_FOUND_ERROR", "SERVICE_QUOTA_EXCEEDED_ERROR", "SERVICE_ERROR"
|
|
1081
|
+
# resp.job_details.job_error.message #=> String
|
|
1082
|
+
# resp.generated_policy_result.properties.is_complete #=> Boolean
|
|
1083
|
+
# resp.generated_policy_result.properties.principal_arn #=> String
|
|
1017
1084
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties #=> Array
|
|
1018
|
-
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].all_regions #=> Boolean
|
|
1019
1085
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].cloud_trail_arn #=> String
|
|
1020
1086
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions #=> Array
|
|
1021
1087
|
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].regions[0] #=> String
|
|
1022
|
-
# resp.generated_policy_result.properties.
|
|
1023
|
-
# resp.generated_policy_result.properties.
|
|
1024
|
-
# resp.
|
|
1025
|
-
# resp.
|
|
1026
|
-
# resp.
|
|
1027
|
-
# resp.job_details.job_id #=> String
|
|
1028
|
-
# resp.job_details.started_on #=> Time
|
|
1029
|
-
# resp.job_details.status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
|
|
1088
|
+
# resp.generated_policy_result.properties.cloud_trail_properties.trail_properties[0].all_regions #=> Boolean
|
|
1089
|
+
# resp.generated_policy_result.properties.cloud_trail_properties.start_time #=> Time
|
|
1090
|
+
# resp.generated_policy_result.properties.cloud_trail_properties.end_time #=> Time
|
|
1091
|
+
# resp.generated_policy_result.generated_policies #=> Array
|
|
1092
|
+
# resp.generated_policy_result.generated_policies[0].policy #=> String
|
|
1030
1093
|
#
|
|
1031
1094
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicy AWS API Documentation
|
|
1032
1095
|
#
|
|
@@ -1053,12 +1116,12 @@ module Aws::AccessAnalyzer
|
|
|
1053
1116
|
# @option params [Hash<String,Types::Criterion>] :filter
|
|
1054
1117
|
# Criteria to filter the returned findings.
|
|
1055
1118
|
#
|
|
1056
|
-
# @option params [Integer] :max_results
|
|
1057
|
-
# The maximum number of results to return in the response.
|
|
1058
|
-
#
|
|
1059
1119
|
# @option params [String] :next_token
|
|
1060
1120
|
# A token used for pagination of results returned.
|
|
1061
1121
|
#
|
|
1122
|
+
# @option params [Integer] :max_results
|
|
1123
|
+
# The maximum number of results to return in the response.
|
|
1124
|
+
#
|
|
1062
1125
|
# @return [Types::ListAccessPreviewFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1063
1126
|
#
|
|
1064
1127
|
# * {Types::ListAccessPreviewFindingsResponse#findings #findings} => Array<Types::AccessPreviewFinding>
|
|
@@ -1073,39 +1136,39 @@ module Aws::AccessAnalyzer
|
|
|
1073
1136
|
# analyzer_arn: "AnalyzerArn", # required
|
|
1074
1137
|
# filter: {
|
|
1075
1138
|
# "String" => {
|
|
1076
|
-
# contains: ["String"],
|
|
1077
1139
|
# eq: ["String"],
|
|
1078
|
-
# exists: false,
|
|
1079
1140
|
# neq: ["String"],
|
|
1141
|
+
# contains: ["String"],
|
|
1142
|
+
# exists: false,
|
|
1080
1143
|
# },
|
|
1081
1144
|
# },
|
|
1082
|
-
# max_results: 1,
|
|
1083
1145
|
# next_token: "Token",
|
|
1146
|
+
# max_results: 1,
|
|
1084
1147
|
# })
|
|
1085
1148
|
#
|
|
1086
1149
|
# @example Response structure
|
|
1087
1150
|
#
|
|
1088
1151
|
# resp.findings #=> Array
|
|
1089
|
-
# resp.findings[0].
|
|
1090
|
-
# resp.findings[0].action[0] #=> String
|
|
1091
|
-
# resp.findings[0].change_type #=> String, one of "CHANGED", "NEW", "UNCHANGED"
|
|
1092
|
-
# resp.findings[0].condition #=> Hash
|
|
1093
|
-
# resp.findings[0].condition["String"] #=> String
|
|
1094
|
-
# resp.findings[0].created_at #=> Time
|
|
1095
|
-
# resp.findings[0].error #=> String
|
|
1152
|
+
# resp.findings[0].id #=> String
|
|
1096
1153
|
# resp.findings[0].existing_finding_id #=> String
|
|
1097
1154
|
# resp.findings[0].existing_finding_status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
|
1098
|
-
# resp.findings[0].id #=> String
|
|
1099
|
-
# resp.findings[0].is_public #=> Boolean
|
|
1100
1155
|
# resp.findings[0].principal #=> Hash
|
|
1101
1156
|
# resp.findings[0].principal["String"] #=> String
|
|
1157
|
+
# resp.findings[0].action #=> Array
|
|
1158
|
+
# resp.findings[0].action[0] #=> String
|
|
1159
|
+
# resp.findings[0].condition #=> Hash
|
|
1160
|
+
# resp.findings[0].condition["String"] #=> String
|
|
1102
1161
|
# resp.findings[0].resource #=> String
|
|
1162
|
+
# resp.findings[0].is_public #=> Boolean
|
|
1163
|
+
# resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic"
|
|
1164
|
+
# resp.findings[0].created_at #=> Time
|
|
1165
|
+
# resp.findings[0].change_type #=> String, one of "CHANGED", "NEW", "UNCHANGED"
|
|
1166
|
+
# resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
|
1103
1167
|
# resp.findings[0].resource_owner_account #=> String
|
|
1104
|
-
# resp.findings[0].
|
|
1168
|
+
# resp.findings[0].error #=> String
|
|
1105
1169
|
# resp.findings[0].sources #=> Array
|
|
1106
|
-
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
|
1107
1170
|
# resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
|
|
1108
|
-
# resp.findings[0].
|
|
1171
|
+
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
|
1109
1172
|
# resp.next_token #=> String
|
|
1110
1173
|
#
|
|
1111
1174
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindings AWS API Documentation
|
|
@@ -1126,12 +1189,12 @@ module Aws::AccessAnalyzer
|
|
|
1126
1189
|
#
|
|
1127
1190
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
|
1128
1191
|
#
|
|
1129
|
-
# @option params [Integer] :max_results
|
|
1130
|
-
# The maximum number of results to return in the response.
|
|
1131
|
-
#
|
|
1132
1192
|
# @option params [String] :next_token
|
|
1133
1193
|
# A token used for pagination of results returned.
|
|
1134
1194
|
#
|
|
1195
|
+
# @option params [Integer] :max_results
|
|
1196
|
+
# The maximum number of results to return in the response.
|
|
1197
|
+
#
|
|
1135
1198
|
# @return [Types::ListAccessPreviewsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1136
1199
|
#
|
|
1137
1200
|
# * {Types::ListAccessPreviewsResponse#access_previews #access_previews} => Array<Types::AccessPreviewSummary>
|
|
@@ -1143,16 +1206,16 @@ module Aws::AccessAnalyzer
|
|
|
1143
1206
|
#
|
|
1144
1207
|
# resp = client.list_access_previews({
|
|
1145
1208
|
# analyzer_arn: "AnalyzerArn", # required
|
|
1146
|
-
# max_results: 1,
|
|
1147
1209
|
# next_token: "Token",
|
|
1210
|
+
# max_results: 1,
|
|
1148
1211
|
# })
|
|
1149
1212
|
#
|
|
1150
1213
|
# @example Response structure
|
|
1151
1214
|
#
|
|
1152
1215
|
# resp.access_previews #=> Array
|
|
1216
|
+
# resp.access_previews[0].id #=> String
|
|
1153
1217
|
# resp.access_previews[0].analyzer_arn #=> String
|
|
1154
1218
|
# resp.access_previews[0].created_at #=> Time
|
|
1155
|
-
# resp.access_previews[0].id #=> String
|
|
1156
1219
|
# resp.access_previews[0].status #=> String, one of "COMPLETED", "CREATING", "FAILED"
|
|
1157
1220
|
# resp.access_previews[0].status_reason.code #=> String, one of "INTERNAL_ERROR", "INVALID_CONFIGURATION"
|
|
1158
1221
|
# resp.next_token #=> String
|
|
@@ -1177,14 +1240,14 @@ module Aws::AccessAnalyzer
|
|
|
1177
1240
|
#
|
|
1178
1241
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
|
1179
1242
|
#
|
|
1180
|
-
# @option params [
|
|
1181
|
-
# The
|
|
1243
|
+
# @option params [String] :resource_type
|
|
1244
|
+
# The type of resource.
|
|
1182
1245
|
#
|
|
1183
1246
|
# @option params [String] :next_token
|
|
1184
1247
|
# A token used for pagination of results returned.
|
|
1185
1248
|
#
|
|
1186
|
-
# @option params [
|
|
1187
|
-
# The
|
|
1249
|
+
# @option params [Integer] :max_results
|
|
1250
|
+
# The maximum number of results to return in the response.
|
|
1188
1251
|
#
|
|
1189
1252
|
# @return [Types::ListAnalyzedResourcesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1190
1253
|
#
|
|
@@ -1197,9 +1260,9 @@ module Aws::AccessAnalyzer
|
|
|
1197
1260
|
#
|
|
1198
1261
|
# resp = client.list_analyzed_resources({
|
|
1199
1262
|
# analyzer_arn: "AnalyzerArn", # required
|
|
1200
|
-
#
|
|
1263
|
+
# resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic
|
|
1201
1264
|
# next_token: "Token",
|
|
1202
|
-
#
|
|
1265
|
+
# max_results: 1,
|
|
1203
1266
|
# })
|
|
1204
1267
|
#
|
|
1205
1268
|
# @example Response structure
|
|
@@ -1207,7 +1270,7 @@ module Aws::AccessAnalyzer
|
|
|
1207
1270
|
# resp.analyzed_resources #=> Array
|
|
1208
1271
|
# resp.analyzed_resources[0].resource_arn #=> String
|
|
1209
1272
|
# resp.analyzed_resources[0].resource_owner_account #=> String
|
|
1210
|
-
# resp.analyzed_resources[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret"
|
|
1273
|
+
# resp.analyzed_resources[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic"
|
|
1211
1274
|
# resp.next_token #=> String
|
|
1212
1275
|
#
|
|
1213
1276
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResources AWS API Documentation
|
|
@@ -1221,12 +1284,12 @@ module Aws::AccessAnalyzer
|
|
|
1221
1284
|
|
|
1222
1285
|
# Retrieves a list of analyzers.
|
|
1223
1286
|
#
|
|
1224
|
-
# @option params [Integer] :max_results
|
|
1225
|
-
# The maximum number of results to return in the response.
|
|
1226
|
-
#
|
|
1227
1287
|
# @option params [String] :next_token
|
|
1228
1288
|
# A token used for pagination of results returned.
|
|
1229
1289
|
#
|
|
1290
|
+
# @option params [Integer] :max_results
|
|
1291
|
+
# The maximum number of results to return in the response.
|
|
1292
|
+
#
|
|
1230
1293
|
# @option params [String] :type
|
|
1231
1294
|
# The type of analyzer.
|
|
1232
1295
|
#
|
|
@@ -1240,8 +1303,8 @@ module Aws::AccessAnalyzer
|
|
|
1240
1303
|
# @example Request syntax with placeholder values
|
|
1241
1304
|
#
|
|
1242
1305
|
# resp = client.list_analyzers({
|
|
1243
|
-
# max_results: 1,
|
|
1244
1306
|
# next_token: "Token",
|
|
1307
|
+
# max_results: 1,
|
|
1245
1308
|
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
|
|
1246
1309
|
# })
|
|
1247
1310
|
#
|
|
@@ -1249,15 +1312,15 @@ module Aws::AccessAnalyzer
|
|
|
1249
1312
|
#
|
|
1250
1313
|
# resp.analyzers #=> Array
|
|
1251
1314
|
# resp.analyzers[0].arn #=> String
|
|
1315
|
+
# resp.analyzers[0].name #=> String
|
|
1316
|
+
# resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION"
|
|
1252
1317
|
# resp.analyzers[0].created_at #=> Time
|
|
1253
1318
|
# resp.analyzers[0].last_resource_analyzed #=> String
|
|
1254
1319
|
# resp.analyzers[0].last_resource_analyzed_at #=> Time
|
|
1255
|
-
# resp.analyzers[0].name #=> String
|
|
1256
|
-
# resp.analyzers[0].status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
|
1257
|
-
# resp.analyzers[0].status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
|
1258
1320
|
# resp.analyzers[0].tags #=> Hash
|
|
1259
1321
|
# resp.analyzers[0].tags["String"] #=> String
|
|
1260
|
-
# resp.analyzers[0].
|
|
1322
|
+
# resp.analyzers[0].status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
|
1323
|
+
# resp.analyzers[0].status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
|
1261
1324
|
# resp.next_token #=> String
|
|
1262
1325
|
#
|
|
1263
1326
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers AWS API Documentation
|
|
@@ -1274,12 +1337,12 @@ module Aws::AccessAnalyzer
|
|
|
1274
1337
|
# @option params [required, String] :analyzer_name
|
|
1275
1338
|
# The name of the analyzer to retrieve rules from.
|
|
1276
1339
|
#
|
|
1277
|
-
# @option params [Integer] :max_results
|
|
1278
|
-
# The maximum number of results to return in the request.
|
|
1279
|
-
#
|
|
1280
1340
|
# @option params [String] :next_token
|
|
1281
1341
|
# A token used for pagination of results returned.
|
|
1282
1342
|
#
|
|
1343
|
+
# @option params [Integer] :max_results
|
|
1344
|
+
# The maximum number of results to return in the request.
|
|
1345
|
+
#
|
|
1283
1346
|
# @return [Types::ListArchiveRulesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1284
1347
|
#
|
|
1285
1348
|
# * {Types::ListArchiveRulesResponse#archive_rules #archive_rules} => Array<Types::ArchiveRuleSummary>
|
|
@@ -1291,23 +1354,23 @@ module Aws::AccessAnalyzer
|
|
|
1291
1354
|
#
|
|
1292
1355
|
# resp = client.list_archive_rules({
|
|
1293
1356
|
# analyzer_name: "Name", # required
|
|
1294
|
-
# max_results: 1,
|
|
1295
1357
|
# next_token: "Token",
|
|
1358
|
+
# max_results: 1,
|
|
1296
1359
|
# })
|
|
1297
1360
|
#
|
|
1298
1361
|
# @example Response structure
|
|
1299
1362
|
#
|
|
1300
1363
|
# resp.archive_rules #=> Array
|
|
1301
|
-
# resp.archive_rules[0].
|
|
1364
|
+
# resp.archive_rules[0].rule_name #=> String
|
|
1302
1365
|
# resp.archive_rules[0].filter #=> Hash
|
|
1303
|
-
# resp.archive_rules[0].filter["String"].contains #=> Array
|
|
1304
|
-
# resp.archive_rules[0].filter["String"].contains[0] #=> String
|
|
1305
1366
|
# resp.archive_rules[0].filter["String"].eq #=> Array
|
|
1306
1367
|
# resp.archive_rules[0].filter["String"].eq[0] #=> String
|
|
1307
|
-
# resp.archive_rules[0].filter["String"].exists #=> Boolean
|
|
1308
1368
|
# resp.archive_rules[0].filter["String"].neq #=> Array
|
|
1309
1369
|
# resp.archive_rules[0].filter["String"].neq[0] #=> String
|
|
1310
|
-
# resp.archive_rules[0].
|
|
1370
|
+
# resp.archive_rules[0].filter["String"].contains #=> Array
|
|
1371
|
+
# resp.archive_rules[0].filter["String"].contains[0] #=> String
|
|
1372
|
+
# resp.archive_rules[0].filter["String"].exists #=> Boolean
|
|
1373
|
+
# resp.archive_rules[0].created_at #=> Time
|
|
1311
1374
|
# resp.archive_rules[0].updated_at #=> Time
|
|
1312
1375
|
# resp.next_token #=> String
|
|
1313
1376
|
#
|
|
@@ -1340,14 +1403,14 @@ module Aws::AccessAnalyzer
|
|
|
1340
1403
|
# @option params [Hash<String,Types::Criterion>] :filter
|
|
1341
1404
|
# A filter to match for the findings to return.
|
|
1342
1405
|
#
|
|
1343
|
-
# @option params [
|
|
1344
|
-
# The
|
|
1406
|
+
# @option params [Types::SortCriteria] :sort
|
|
1407
|
+
# The sort order for the findings returned.
|
|
1345
1408
|
#
|
|
1346
1409
|
# @option params [String] :next_token
|
|
1347
1410
|
# A token used for pagination of results returned.
|
|
1348
1411
|
#
|
|
1349
|
-
# @option params [
|
|
1350
|
-
# The
|
|
1412
|
+
# @option params [Integer] :max_results
|
|
1413
|
+
# The maximum number of results to return in the response.
|
|
1351
1414
|
#
|
|
1352
1415
|
# @return [Types::ListFindingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1353
1416
|
#
|
|
@@ -1362,42 +1425,42 @@ module Aws::AccessAnalyzer
|
|
|
1362
1425
|
# analyzer_arn: "AnalyzerArn", # required
|
|
1363
1426
|
# filter: {
|
|
1364
1427
|
# "String" => {
|
|
1365
|
-
# contains: ["String"],
|
|
1366
1428
|
# eq: ["String"],
|
|
1367
|
-
# exists: false,
|
|
1368
1429
|
# neq: ["String"],
|
|
1430
|
+
# contains: ["String"],
|
|
1431
|
+
# exists: false,
|
|
1369
1432
|
# },
|
|
1370
1433
|
# },
|
|
1371
|
-
# max_results: 1,
|
|
1372
|
-
# next_token: "Token",
|
|
1373
1434
|
# sort: {
|
|
1374
1435
|
# attribute_name: "String",
|
|
1375
1436
|
# order_by: "ASC", # accepts ASC, DESC
|
|
1376
1437
|
# },
|
|
1438
|
+
# next_token: "Token",
|
|
1439
|
+
# max_results: 1,
|
|
1377
1440
|
# })
|
|
1378
1441
|
#
|
|
1379
1442
|
# @example Response structure
|
|
1380
1443
|
#
|
|
1381
1444
|
# resp.findings #=> Array
|
|
1445
|
+
# resp.findings[0].id #=> String
|
|
1446
|
+
# resp.findings[0].principal #=> Hash
|
|
1447
|
+
# resp.findings[0].principal["String"] #=> String
|
|
1382
1448
|
# resp.findings[0].action #=> Array
|
|
1383
1449
|
# resp.findings[0].action[0] #=> String
|
|
1384
|
-
# resp.findings[0].
|
|
1450
|
+
# resp.findings[0].resource #=> String
|
|
1451
|
+
# resp.findings[0].is_public #=> Boolean
|
|
1452
|
+
# resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic"
|
|
1385
1453
|
# resp.findings[0].condition #=> Hash
|
|
1386
1454
|
# resp.findings[0].condition["String"] #=> String
|
|
1387
1455
|
# resp.findings[0].created_at #=> Time
|
|
1388
|
-
# resp.findings[0].
|
|
1389
|
-
# resp.findings[0].
|
|
1390
|
-
# resp.findings[0].
|
|
1391
|
-
# resp.findings[0].principal #=> Hash
|
|
1392
|
-
# resp.findings[0].principal["String"] #=> String
|
|
1393
|
-
# resp.findings[0].resource #=> String
|
|
1456
|
+
# resp.findings[0].analyzed_at #=> Time
|
|
1457
|
+
# resp.findings[0].updated_at #=> Time
|
|
1458
|
+
# resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
|
1394
1459
|
# resp.findings[0].resource_owner_account #=> String
|
|
1395
|
-
# resp.findings[0].
|
|
1460
|
+
# resp.findings[0].error #=> String
|
|
1396
1461
|
# resp.findings[0].sources #=> Array
|
|
1397
|
-
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
|
1398
1462
|
# resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT"
|
|
1399
|
-
# resp.findings[0].
|
|
1400
|
-
# resp.findings[0].updated_at #=> Time
|
|
1463
|
+
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
|
1401
1464
|
# resp.next_token #=> String
|
|
1402
1465
|
#
|
|
1403
1466
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindings AWS API Documentation
|
|
@@ -1411,41 +1474,41 @@ module Aws::AccessAnalyzer
|
|
|
1411
1474
|
|
|
1412
1475
|
# Lists all of the policy generations requested in the last seven days.
|
|
1413
1476
|
#
|
|
1477
|
+
# @option params [String] :principal_arn
|
|
1478
|
+
# The ARN of the IAM entity (user or role) for which you are generating
|
|
1479
|
+
# a policy. Use this with `ListGeneratedPolicies` to filter the results
|
|
1480
|
+
# to only include results for a specific principal.
|
|
1481
|
+
#
|
|
1414
1482
|
# @option params [Integer] :max_results
|
|
1415
1483
|
# The maximum number of results to return in the response.
|
|
1416
1484
|
#
|
|
1417
1485
|
# @option params [String] :next_token
|
|
1418
1486
|
# A token used for pagination of results returned.
|
|
1419
1487
|
#
|
|
1420
|
-
# @option params [String] :principal_arn
|
|
1421
|
-
# The ARN of the IAM entity (user or role) for which you are generating
|
|
1422
|
-
# a policy. Use this with `ListGeneratedPolicies` to filter the results
|
|
1423
|
-
# to only include results for a specific principal.
|
|
1424
|
-
#
|
|
1425
1488
|
# @return [Types::ListPolicyGenerationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1426
1489
|
#
|
|
1427
|
-
# * {Types::ListPolicyGenerationsResponse#next_token #next_token} => String
|
|
1428
1490
|
# * {Types::ListPolicyGenerationsResponse#policy_generations #policy_generations} => Array<Types::PolicyGeneration>
|
|
1491
|
+
# * {Types::ListPolicyGenerationsResponse#next_token #next_token} => String
|
|
1429
1492
|
#
|
|
1430
1493
|
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
|
1431
1494
|
#
|
|
1432
1495
|
# @example Request syntax with placeholder values
|
|
1433
1496
|
#
|
|
1434
1497
|
# resp = client.list_policy_generations({
|
|
1498
|
+
# principal_arn: "PrincipalArn",
|
|
1435
1499
|
# max_results: 1,
|
|
1436
1500
|
# next_token: "Token",
|
|
1437
|
-
# principal_arn: "PrincipalArn",
|
|
1438
1501
|
# })
|
|
1439
1502
|
#
|
|
1440
1503
|
# @example Response structure
|
|
1441
1504
|
#
|
|
1442
|
-
# resp.next_token #=> String
|
|
1443
1505
|
# resp.policy_generations #=> Array
|
|
1444
|
-
# resp.policy_generations[0].completed_on #=> Time
|
|
1445
1506
|
# resp.policy_generations[0].job_id #=> String
|
|
1446
1507
|
# resp.policy_generations[0].principal_arn #=> String
|
|
1447
|
-
# resp.policy_generations[0].started_on #=> Time
|
|
1448
1508
|
# resp.policy_generations[0].status #=> String, one of "IN_PROGRESS", "SUCCEEDED", "FAILED", "CANCELED"
|
|
1509
|
+
# resp.policy_generations[0].started_on #=> Time
|
|
1510
|
+
# resp.policy_generations[0].completed_on #=> Time
|
|
1511
|
+
# resp.next_token #=> String
|
|
1449
1512
|
#
|
|
1450
1513
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerations AWS API Documentation
|
|
1451
1514
|
#
|
|
@@ -1487,6 +1550,14 @@ module Aws::AccessAnalyzer
|
|
|
1487
1550
|
|
|
1488
1551
|
# Starts the policy generation request.
|
|
1489
1552
|
#
|
|
1553
|
+
# @option params [required, Types::PolicyGenerationDetails] :policy_generation_details
|
|
1554
|
+
# Contains the ARN of the IAM entity (user or role) for which you are
|
|
1555
|
+
# generating a policy.
|
|
1556
|
+
#
|
|
1557
|
+
# @option params [Types::CloudTrailDetails] :cloud_trail_details
|
|
1558
|
+
# A `CloudTrailDetails` object that contains details about a `Trail`
|
|
1559
|
+
# that you want to analyze to generate policies.
|
|
1560
|
+
#
|
|
1490
1561
|
# @option params [String] :client_token
|
|
1491
1562
|
# A unique, case-sensitive identifier that you provide to ensure the
|
|
1492
1563
|
# idempotency of the request. Idempotency ensures that an API request
|
|
@@ -1501,14 +1572,6 @@ module Aws::AccessAnalyzer
|
|
|
1501
1572
|
# **A suitable default value is auto-generated.** You should normally
|
|
1502
1573
|
# not need to pass this option.**
|
|
1503
1574
|
#
|
|
1504
|
-
# @option params [Types::CloudTrailDetails] :cloud_trail_details
|
|
1505
|
-
# A `CloudTrailDetails` object that contains details about a `Trail`
|
|
1506
|
-
# that you want to analyze to generate policies.
|
|
1507
|
-
#
|
|
1508
|
-
# @option params [required, Types::PolicyGenerationDetails] :policy_generation_details
|
|
1509
|
-
# Contains the ARN of the IAM entity (user or role) for which you are
|
|
1510
|
-
# generating a policy.
|
|
1511
|
-
#
|
|
1512
1575
|
# @return [Types::StartPolicyGenerationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1513
1576
|
#
|
|
1514
1577
|
# * {Types::StartPolicyGenerationResponse#job_id #job_id} => String
|
|
@@ -1516,22 +1579,22 @@ module Aws::AccessAnalyzer
|
|
|
1516
1579
|
# @example Request syntax with placeholder values
|
|
1517
1580
|
#
|
|
1518
1581
|
# resp = client.start_policy_generation({
|
|
1519
|
-
#
|
|
1582
|
+
# policy_generation_details: { # required
|
|
1583
|
+
# principal_arn: "PrincipalArn", # required
|
|
1584
|
+
# },
|
|
1520
1585
|
# cloud_trail_details: {
|
|
1521
|
-
# access_role: "RoleArn", # required
|
|
1522
|
-
# end_time: Time.now,
|
|
1523
|
-
# start_time: Time.now, # required
|
|
1524
1586
|
# trails: [ # required
|
|
1525
1587
|
# {
|
|
1526
|
-
# all_regions: false,
|
|
1527
1588
|
# cloud_trail_arn: "CloudTrailArn", # required
|
|
1528
1589
|
# regions: ["String"],
|
|
1590
|
+
# all_regions: false,
|
|
1529
1591
|
# },
|
|
1530
1592
|
# ],
|
|
1593
|
+
# access_role: "RoleArn", # required
|
|
1594
|
+
# start_time: Time.now, # required
|
|
1595
|
+
# end_time: Time.now,
|
|
1531
1596
|
# },
|
|
1532
|
-
#
|
|
1533
|
-
# principal_arn: "PrincipalArn", # required
|
|
1534
|
-
# },
|
|
1597
|
+
# client_token: "String",
|
|
1535
1598
|
# })
|
|
1536
1599
|
#
|
|
1537
1600
|
# @example Response structure
|
|
@@ -1561,6 +1624,11 @@ module Aws::AccessAnalyzer
|
|
|
1561
1624
|
# @option params [required, String] :resource_arn
|
|
1562
1625
|
# The ARN of the resource to scan.
|
|
1563
1626
|
#
|
|
1627
|
+
# @option params [String] :resource_owner_account
|
|
1628
|
+
# The Amazon Web Services account ID that owns the resource. For most
|
|
1629
|
+
# Amazon Web Services resources, the owning account is the account in
|
|
1630
|
+
# which the resource was created.
|
|
1631
|
+
#
|
|
1564
1632
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
1565
1633
|
#
|
|
1566
1634
|
# @example Request syntax with placeholder values
|
|
@@ -1568,6 +1636,7 @@ module Aws::AccessAnalyzer
|
|
|
1568
1636
|
# resp = client.start_resource_scan({
|
|
1569
1637
|
# analyzer_arn: "AnalyzerArn", # required
|
|
1570
1638
|
# resource_arn: "ResourceArn", # required
|
|
1639
|
+
# resource_owner_account: "String",
|
|
1571
1640
|
# })
|
|
1572
1641
|
#
|
|
1573
1642
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartResourceScan AWS API Documentation
|
|
@@ -1638,18 +1707,18 @@ module Aws::AccessAnalyzer
|
|
|
1638
1707
|
# @option params [required, String] :analyzer_name
|
|
1639
1708
|
# The name of the analyzer to update the archive rules for.
|
|
1640
1709
|
#
|
|
1641
|
-
# @option params [String] :
|
|
1642
|
-
#
|
|
1643
|
-
#
|
|
1644
|
-
# **A suitable default value is auto-generated.** You should normally
|
|
1645
|
-
# not need to pass this option.**
|
|
1710
|
+
# @option params [required, String] :rule_name
|
|
1711
|
+
# The name of the rule to update.
|
|
1646
1712
|
#
|
|
1647
1713
|
# @option params [required, Hash<String,Types::Criterion>] :filter
|
|
1648
1714
|
# A filter to match for the rules to update. Only rules that match the
|
|
1649
1715
|
# filter are updated.
|
|
1650
1716
|
#
|
|
1651
|
-
# @option params [
|
|
1652
|
-
#
|
|
1717
|
+
# @option params [String] :client_token
|
|
1718
|
+
# A client token.
|
|
1719
|
+
#
|
|
1720
|
+
# **A suitable default value is auto-generated.** You should normally
|
|
1721
|
+
# not need to pass this option.**
|
|
1653
1722
|
#
|
|
1654
1723
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
1655
1724
|
#
|
|
@@ -1657,16 +1726,16 @@ module Aws::AccessAnalyzer
|
|
|
1657
1726
|
#
|
|
1658
1727
|
# resp = client.update_archive_rule({
|
|
1659
1728
|
# analyzer_name: "Name", # required
|
|
1660
|
-
#
|
|
1729
|
+
# rule_name: "Name", # required
|
|
1661
1730
|
# filter: { # required
|
|
1662
1731
|
# "String" => {
|
|
1663
|
-
# contains: ["String"],
|
|
1664
1732
|
# eq: ["String"],
|
|
1665
|
-
# exists: false,
|
|
1666
1733
|
# neq: ["String"],
|
|
1734
|
+
# contains: ["String"],
|
|
1735
|
+
# exists: false,
|
|
1667
1736
|
# },
|
|
1668
1737
|
# },
|
|
1669
|
-
#
|
|
1738
|
+
# client_token: "String",
|
|
1670
1739
|
# })
|
|
1671
1740
|
#
|
|
1672
1741
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateArchiveRule AWS API Documentation
|
|
@@ -1687,11 +1756,10 @@ module Aws::AccessAnalyzer
|
|
|
1687
1756
|
#
|
|
1688
1757
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
|
1689
1758
|
#
|
|
1690
|
-
# @option params [String] :
|
|
1691
|
-
#
|
|
1692
|
-
#
|
|
1693
|
-
#
|
|
1694
|
-
# not need to pass this option.**
|
|
1759
|
+
# @option params [required, String] :status
|
|
1760
|
+
# The state represents the action to take to update the finding Status.
|
|
1761
|
+
# Use `ARCHIVE` to change an Active finding to an Archived finding. Use
|
|
1762
|
+
# `ACTIVE` to change an Archived finding to an Active finding.
|
|
1695
1763
|
#
|
|
1696
1764
|
# @option params [Array<String>] :ids
|
|
1697
1765
|
# The IDs of the findings to update.
|
|
@@ -1699,10 +1767,11 @@ module Aws::AccessAnalyzer
|
|
|
1699
1767
|
# @option params [String] :resource_arn
|
|
1700
1768
|
# The ARN of the resource identified in the finding.
|
|
1701
1769
|
#
|
|
1702
|
-
# @option params [
|
|
1703
|
-
#
|
|
1704
|
-
#
|
|
1705
|
-
#
|
|
1770
|
+
# @option params [String] :client_token
|
|
1771
|
+
# A client token.
|
|
1772
|
+
#
|
|
1773
|
+
# **A suitable default value is auto-generated.** You should normally
|
|
1774
|
+
# not need to pass this option.**
|
|
1706
1775
|
#
|
|
1707
1776
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
|
1708
1777
|
#
|
|
@@ -1710,10 +1779,10 @@ module Aws::AccessAnalyzer
|
|
|
1710
1779
|
#
|
|
1711
1780
|
# resp = client.update_findings({
|
|
1712
1781
|
# analyzer_arn: "AnalyzerArn", # required
|
|
1713
|
-
#
|
|
1782
|
+
# status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
|
|
1714
1783
|
# ids: ["FindingId"],
|
|
1715
1784
|
# resource_arn: "ResourceArn",
|
|
1716
|
-
#
|
|
1785
|
+
# client_token: "String",
|
|
1717
1786
|
# })
|
|
1718
1787
|
#
|
|
1719
1788
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateFindings AWS API Documentation
|
|
@@ -1783,7 +1852,7 @@ module Aws::AccessAnalyzer
|
|
|
1783
1852
|
# next_token: "Token",
|
|
1784
1853
|
# policy_document: "PolicyDocument", # required
|
|
1785
1854
|
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
|
|
1786
|
-
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
|
|
1855
|
+
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
|
|
1787
1856
|
# })
|
|
1788
1857
|
#
|
|
1789
1858
|
# @example Response structure
|
|
@@ -1797,15 +1866,15 @@ module Aws::AccessAnalyzer
|
|
|
1797
1866
|
# resp.findings[0].locations[0].path #=> Array
|
|
1798
1867
|
# resp.findings[0].locations[0].path[0].index #=> Integer
|
|
1799
1868
|
# resp.findings[0].locations[0].path[0].key #=> String
|
|
1800
|
-
# resp.findings[0].locations[0].path[0].substring.length #=> Integer
|
|
1801
1869
|
# resp.findings[0].locations[0].path[0].substring.start #=> Integer
|
|
1870
|
+
# resp.findings[0].locations[0].path[0].substring.length #=> Integer
|
|
1802
1871
|
# resp.findings[0].locations[0].path[0].value #=> String
|
|
1803
|
-
# resp.findings[0].locations[0].span.end.column #=> Integer
|
|
1804
|
-
# resp.findings[0].locations[0].span.end.line #=> Integer
|
|
1805
|
-
# resp.findings[0].locations[0].span.end.offset #=> Integer
|
|
1806
|
-
# resp.findings[0].locations[0].span.start.column #=> Integer
|
|
1807
1872
|
# resp.findings[0].locations[0].span.start.line #=> Integer
|
|
1873
|
+
# resp.findings[0].locations[0].span.start.column #=> Integer
|
|
1808
1874
|
# resp.findings[0].locations[0].span.start.offset #=> Integer
|
|
1875
|
+
# resp.findings[0].locations[0].span.end.line #=> Integer
|
|
1876
|
+
# resp.findings[0].locations[0].span.end.column #=> Integer
|
|
1877
|
+
# resp.findings[0].locations[0].span.end.offset #=> Integer
|
|
1809
1878
|
# resp.next_token #=> String
|
|
1810
1879
|
#
|
|
1811
1880
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicy AWS API Documentation
|
|
@@ -1830,7 +1899,7 @@ module Aws::AccessAnalyzer
|
|
|
1830
1899
|
params: params,
|
|
1831
1900
|
config: config)
|
|
1832
1901
|
context[:gem_name] = 'aws-sdk-accessanalyzer'
|
|
1833
|
-
context[:gem_version] = '1.
|
|
1902
|
+
context[:gem_version] = '1.31.0'
|
|
1834
1903
|
Seahorse::Client::Request.new(handlers, context)
|
|
1835
1904
|
end
|
|
1836
1905
|
|