aws-sdk-accessanalyzer 1.29.0 → 1.31.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +321 -252
- data/lib/aws-sdk-accessanalyzer/client_api.rb +188 -101
- data/lib/aws-sdk-accessanalyzer/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-accessanalyzer/endpoint_provider.rb +112 -0
- data/lib/aws-sdk-accessanalyzer/endpoints.rb +407 -0
- data/lib/aws-sdk-accessanalyzer/errors.rb +5 -5
- data/lib/aws-sdk-accessanalyzer/plugins/endpoints.rb +124 -0
- data/lib/aws-sdk-accessanalyzer/types.rb +1141 -665
- data/lib/aws-sdk-accessanalyzer.rb +5 -1
- metadata +8 -4
@@ -25,6 +25,10 @@ module Aws::AccessAnalyzer
|
|
25
25
|
|
26
26
|
# Contains information about an access preview.
|
27
27
|
#
|
28
|
+
# @!attribute [rw] id
|
29
|
+
# The unique ID for the access preview.
|
30
|
+
# @return [String]
|
31
|
+
#
|
28
32
|
# @!attribute [rw] analyzer_arn
|
29
33
|
# The ARN of the analyzer used to generate the access preview.
|
30
34
|
# @return [String]
|
@@ -37,10 +41,6 @@ module Aws::AccessAnalyzer
|
|
37
41
|
# The time at which the access preview was created.
|
38
42
|
# @return [Time]
|
39
43
|
#
|
40
|
-
# @!attribute [rw] id
|
41
|
-
# The unique ID for the access preview.
|
42
|
-
# @return [String]
|
43
|
-
#
|
44
44
|
# @!attribute [rw] status
|
45
45
|
# The status of the access preview.
|
46
46
|
#
|
@@ -64,10 +64,10 @@ module Aws::AccessAnalyzer
|
|
64
64
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreview AWS API Documentation
|
65
65
|
#
|
66
66
|
class AccessPreview < Struct.new(
|
67
|
+
:id,
|
67
68
|
:analyzer_arn,
|
68
69
|
:configurations,
|
69
70
|
:created_at,
|
70
|
-
:id,
|
71
71
|
:status,
|
72
72
|
:status_reason)
|
73
73
|
SENSITIVE = []
|
@@ -76,11 +76,55 @@ module Aws::AccessAnalyzer
|
|
76
76
|
|
77
77
|
# An access preview finding generated by the access preview.
|
78
78
|
#
|
79
|
+
# @!attribute [rw] id
|
80
|
+
# The ID of the access preview finding. This ID uniquely identifies
|
81
|
+
# the element in the list of access preview findings and is not
|
82
|
+
# related to the finding ID in Access Analyzer.
|
83
|
+
# @return [String]
|
84
|
+
#
|
85
|
+
# @!attribute [rw] existing_finding_id
|
86
|
+
# The existing ID of the finding in IAM Access Analyzer, provided only
|
87
|
+
# for existing findings.
|
88
|
+
# @return [String]
|
89
|
+
#
|
90
|
+
# @!attribute [rw] existing_finding_status
|
91
|
+
# The existing status of the finding, provided only for existing
|
92
|
+
# findings.
|
93
|
+
# @return [String]
|
94
|
+
#
|
95
|
+
# @!attribute [rw] principal
|
96
|
+
# The external principal that has access to a resource within the zone
|
97
|
+
# of trust.
|
98
|
+
# @return [Hash<String,String>]
|
99
|
+
#
|
79
100
|
# @!attribute [rw] action
|
80
101
|
# The action in the analyzed policy statement that an external
|
81
102
|
# principal has permission to perform.
|
82
103
|
# @return [Array<String>]
|
83
104
|
#
|
105
|
+
# @!attribute [rw] condition
|
106
|
+
# The condition in the analyzed policy statement that resulted in a
|
107
|
+
# finding.
|
108
|
+
# @return [Hash<String,String>]
|
109
|
+
#
|
110
|
+
# @!attribute [rw] resource
|
111
|
+
# The resource that an external principal has access to. This is the
|
112
|
+
# resource associated with the access preview.
|
113
|
+
# @return [String]
|
114
|
+
#
|
115
|
+
# @!attribute [rw] is_public
|
116
|
+
# Indicates whether the policy that generated the finding allows
|
117
|
+
# public access to the resource.
|
118
|
+
# @return [Boolean]
|
119
|
+
#
|
120
|
+
# @!attribute [rw] resource_type
|
121
|
+
# The type of the resource that can be accessed in the finding.
|
122
|
+
# @return [String]
|
123
|
+
#
|
124
|
+
# @!attribute [rw] created_at
|
125
|
+
# The time at which the access preview finding was created.
|
126
|
+
# @return [Time]
|
127
|
+
#
|
84
128
|
# @!attribute [rw] change_type
|
85
129
|
# Provides context on how the access preview finding compares to
|
86
130
|
# existing access identified in IAM Access Analyzer.
|
@@ -99,48 +143,12 @@ module Aws::AccessAnalyzer
|
|
99
143
|
# change.
|
100
144
|
# @return [String]
|
101
145
|
#
|
102
|
-
# @!attribute [rw]
|
103
|
-
# The
|
104
|
-
# finding.
|
105
|
-
#
|
106
|
-
#
|
107
|
-
#
|
108
|
-
# The time at which the access preview finding was created.
|
109
|
-
# @return [Time]
|
110
|
-
#
|
111
|
-
# @!attribute [rw] error
|
112
|
-
# An error.
|
113
|
-
# @return [String]
|
114
|
-
#
|
115
|
-
# @!attribute [rw] existing_finding_id
|
116
|
-
# The existing ID of the finding in IAM Access Analyzer, provided only
|
117
|
-
# for existing findings.
|
118
|
-
# @return [String]
|
119
|
-
#
|
120
|
-
# @!attribute [rw] existing_finding_status
|
121
|
-
# The existing status of the finding, provided only for existing
|
122
|
-
# findings.
|
123
|
-
# @return [String]
|
124
|
-
#
|
125
|
-
# @!attribute [rw] id
|
126
|
-
# The ID of the access preview finding. This ID uniquely identifies
|
127
|
-
# the element in the list of access preview findings and is not
|
128
|
-
# related to the finding ID in Access Analyzer.
|
129
|
-
# @return [String]
|
130
|
-
#
|
131
|
-
# @!attribute [rw] is_public
|
132
|
-
# Indicates whether the policy that generated the finding allows
|
133
|
-
# public access to the resource.
|
134
|
-
# @return [Boolean]
|
135
|
-
#
|
136
|
-
# @!attribute [rw] principal
|
137
|
-
# The external principal that has access to a resource within the zone
|
138
|
-
# of trust.
|
139
|
-
# @return [Hash<String,String>]
|
140
|
-
#
|
141
|
-
# @!attribute [rw] resource
|
142
|
-
# The resource that an external principal has access to. This is the
|
143
|
-
# resource associated with the access preview.
|
146
|
+
# @!attribute [rw] status
|
147
|
+
# The preview status of the finding. This is what the status of the
|
148
|
+
# finding would be after permissions deployment. For example, a
|
149
|
+
# `Changed` finding with preview status `Resolved` and existing status
|
150
|
+
# `Active` indicates the existing `Active` finding would become
|
151
|
+
# `Resolved` as a result of the proposed permissions change.
|
144
152
|
# @return [String]
|
145
153
|
#
|
146
154
|
# @!attribute [rw] resource_owner_account
|
@@ -149,8 +157,8 @@ module Aws::AccessAnalyzer
|
|
149
157
|
# which the resource was created.
|
150
158
|
# @return [String]
|
151
159
|
#
|
152
|
-
# @!attribute [rw]
|
153
|
-
#
|
160
|
+
# @!attribute [rw] error
|
161
|
+
# An error.
|
154
162
|
# @return [String]
|
155
163
|
#
|
156
164
|
# @!attribute [rw] sources
|
@@ -159,32 +167,24 @@ module Aws::AccessAnalyzer
|
|
159
167
|
# bucket findings.
|
160
168
|
# @return [Array<Types::FindingSource>]
|
161
169
|
#
|
162
|
-
# @!attribute [rw] status
|
163
|
-
# The preview status of the finding. This is what the status of the
|
164
|
-
# finding would be after permissions deployment. For example, a
|
165
|
-
# `Changed` finding with preview status `Resolved` and existing status
|
166
|
-
# `Active` indicates the existing `Active` finding would become
|
167
|
-
# `Resolved` as a result of the proposed permissions change.
|
168
|
-
# @return [String]
|
169
|
-
#
|
170
170
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreviewFinding AWS API Documentation
|
171
171
|
#
|
172
172
|
class AccessPreviewFinding < Struct.new(
|
173
|
-
:
|
174
|
-
:change_type,
|
175
|
-
:condition,
|
176
|
-
:created_at,
|
177
|
-
:error,
|
173
|
+
:id,
|
178
174
|
:existing_finding_id,
|
179
175
|
:existing_finding_status,
|
180
|
-
:id,
|
181
|
-
:is_public,
|
182
176
|
:principal,
|
177
|
+
:action,
|
178
|
+
:condition,
|
183
179
|
:resource,
|
184
|
-
:
|
180
|
+
:is_public,
|
185
181
|
:resource_type,
|
186
|
-
:
|
187
|
-
:
|
182
|
+
:created_at,
|
183
|
+
:change_type,
|
184
|
+
:status,
|
185
|
+
:resource_owner_account,
|
186
|
+
:error,
|
187
|
+
:sources)
|
188
188
|
SENSITIVE = []
|
189
189
|
include Aws::Structure
|
190
190
|
end
|
@@ -208,6 +208,10 @@ module Aws::AccessAnalyzer
|
|
208
208
|
|
209
209
|
# Contains a summary of information about an access preview.
|
210
210
|
#
|
211
|
+
# @!attribute [rw] id
|
212
|
+
# The unique ID for the access preview.
|
213
|
+
# @return [String]
|
214
|
+
#
|
211
215
|
# @!attribute [rw] analyzer_arn
|
212
216
|
# The ARN of the analyzer used to generate the access preview.
|
213
217
|
# @return [String]
|
@@ -216,10 +220,6 @@ module Aws::AccessAnalyzer
|
|
216
220
|
# The time at which the access preview was created.
|
217
221
|
# @return [Time]
|
218
222
|
#
|
219
|
-
# @!attribute [rw] id
|
220
|
-
# The unique ID for the access preview.
|
221
|
-
# @return [String]
|
222
|
-
#
|
223
223
|
# @!attribute [rw] status
|
224
224
|
# The status of the access preview.
|
225
225
|
#
|
@@ -242,9 +242,9 @@ module Aws::AccessAnalyzer
|
|
242
242
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AccessPreviewSummary AWS API Documentation
|
243
243
|
#
|
244
244
|
class AccessPreviewSummary < Struct.new(
|
245
|
+
:id,
|
245
246
|
:analyzer_arn,
|
246
247
|
:created_at,
|
247
|
-
:id,
|
248
248
|
:status,
|
249
249
|
:status_reason)
|
250
250
|
SENSITIVE = []
|
@@ -289,39 +289,35 @@ module Aws::AccessAnalyzer
|
|
289
289
|
|
290
290
|
# Contains details about the analyzed resource.
|
291
291
|
#
|
292
|
-
# @!attribute [rw]
|
293
|
-
# The
|
294
|
-
#
|
295
|
-
# @return [Array<String>]
|
292
|
+
# @!attribute [rw] resource_arn
|
293
|
+
# The ARN of the resource that was analyzed.
|
294
|
+
# @return [String]
|
296
295
|
#
|
297
|
-
# @!attribute [rw]
|
298
|
-
# The
|
299
|
-
# @return [
|
296
|
+
# @!attribute [rw] resource_type
|
297
|
+
# The type of the resource that was analyzed.
|
298
|
+
# @return [String]
|
300
299
|
#
|
301
300
|
# @!attribute [rw] created_at
|
302
301
|
# The time at which the finding was created.
|
303
302
|
# @return [Time]
|
304
303
|
#
|
305
|
-
# @!attribute [rw]
|
306
|
-
#
|
307
|
-
# @return [
|
304
|
+
# @!attribute [rw] analyzed_at
|
305
|
+
# The time at which the resource was analyzed.
|
306
|
+
# @return [Time]
|
307
|
+
#
|
308
|
+
# @!attribute [rw] updated_at
|
309
|
+
# The time at which the finding was updated.
|
310
|
+
# @return [Time]
|
308
311
|
#
|
309
312
|
# @!attribute [rw] is_public
|
310
313
|
# Indicates whether the policy that generated the finding grants
|
311
314
|
# public access to the resource.
|
312
315
|
# @return [Boolean]
|
313
316
|
#
|
314
|
-
# @!attribute [rw]
|
315
|
-
# The
|
316
|
-
#
|
317
|
-
#
|
318
|
-
# @!attribute [rw] resource_owner_account
|
319
|
-
# The Amazon Web Services account ID that owns the resource.
|
320
|
-
# @return [String]
|
321
|
-
#
|
322
|
-
# @!attribute [rw] resource_type
|
323
|
-
# The type of the resource that was analyzed.
|
324
|
-
# @return [String]
|
317
|
+
# @!attribute [rw] actions
|
318
|
+
# The actions that an external principal is granted permission to use
|
319
|
+
# by the policy that generated the finding.
|
320
|
+
# @return [Array<String>]
|
325
321
|
#
|
326
322
|
# @!attribute [rw] shared_via
|
327
323
|
# Indicates how the access that generated the finding is granted. This
|
@@ -333,24 +329,28 @@ module Aws::AccessAnalyzer
|
|
333
329
|
# resource.
|
334
330
|
# @return [String]
|
335
331
|
#
|
336
|
-
# @!attribute [rw]
|
337
|
-
# The
|
338
|
-
# @return [
|
332
|
+
# @!attribute [rw] resource_owner_account
|
333
|
+
# The Amazon Web Services account ID that owns the resource.
|
334
|
+
# @return [String]
|
335
|
+
#
|
336
|
+
# @!attribute [rw] error
|
337
|
+
# An error message.
|
338
|
+
# @return [String]
|
339
339
|
#
|
340
340
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalyzedResource AWS API Documentation
|
341
341
|
#
|
342
342
|
class AnalyzedResource < Struct.new(
|
343
|
-
:actions,
|
344
|
-
:analyzed_at,
|
345
|
-
:created_at,
|
346
|
-
:error,
|
347
|
-
:is_public,
|
348
343
|
:resource_arn,
|
349
|
-
:resource_owner_account,
|
350
344
|
:resource_type,
|
345
|
+
:created_at,
|
346
|
+
:analyzed_at,
|
347
|
+
:updated_at,
|
348
|
+
:is_public,
|
349
|
+
:actions,
|
351
350
|
:shared_via,
|
352
351
|
:status,
|
353
|
-
:
|
352
|
+
:resource_owner_account,
|
353
|
+
:error)
|
354
354
|
SENSITIVE = []
|
355
355
|
include Aws::Structure
|
356
356
|
end
|
@@ -385,6 +385,15 @@ module Aws::AccessAnalyzer
|
|
385
385
|
# The ARN of the analyzer.
|
386
386
|
# @return [String]
|
387
387
|
#
|
388
|
+
# @!attribute [rw] name
|
389
|
+
# The name of the analyzer.
|
390
|
+
# @return [String]
|
391
|
+
#
|
392
|
+
# @!attribute [rw] type
|
393
|
+
# The type of analyzer, which corresponds to the zone of trust chosen
|
394
|
+
# for the analyzer.
|
395
|
+
# @return [String]
|
396
|
+
#
|
388
397
|
# @!attribute [rw] created_at
|
389
398
|
# A timestamp for the time at which the analyzer was created.
|
390
399
|
# @return [Time]
|
@@ -397,9 +406,9 @@ module Aws::AccessAnalyzer
|
|
397
406
|
# The time at which the most recently analyzed resource was analyzed.
|
398
407
|
# @return [Time]
|
399
408
|
#
|
400
|
-
# @!attribute [rw]
|
401
|
-
# The
|
402
|
-
# @return [String]
|
409
|
+
# @!attribute [rw] tags
|
410
|
+
# The tags added to the analyzer.
|
411
|
+
# @return [Hash<String,String>]
|
403
412
|
#
|
404
413
|
# @!attribute [rw] status
|
405
414
|
# The status of the analyzer. An `Active` analyzer successfully
|
@@ -420,27 +429,18 @@ module Aws::AccessAnalyzer
|
|
420
429
|
# Web Services organization.
|
421
430
|
# @return [Types::StatusReason]
|
422
431
|
#
|
423
|
-
# @!attribute [rw] tags
|
424
|
-
# The tags added to the analyzer.
|
425
|
-
# @return [Hash<String,String>]
|
426
|
-
#
|
427
|
-
# @!attribute [rw] type
|
428
|
-
# The type of analyzer, which corresponds to the zone of trust chosen
|
429
|
-
# for the analyzer.
|
430
|
-
# @return [String]
|
431
|
-
#
|
432
432
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalyzerSummary AWS API Documentation
|
433
433
|
#
|
434
434
|
class AnalyzerSummary < Struct.new(
|
435
435
|
:arn,
|
436
|
+
:name,
|
437
|
+
:type,
|
436
438
|
:created_at,
|
437
439
|
:last_resource_analyzed,
|
438
440
|
:last_resource_analyzed_at,
|
439
|
-
:name,
|
440
|
-
:status,
|
441
|
-
:status_reason,
|
442
441
|
:tags,
|
443
|
-
:
|
442
|
+
:status,
|
443
|
+
:status_reason)
|
444
444
|
SENSITIVE = []
|
445
445
|
include Aws::Structure
|
446
446
|
end
|
@@ -452,14 +452,18 @@ module Aws::AccessAnalyzer
|
|
452
452
|
#
|
453
453
|
# {
|
454
454
|
# analyzer_arn: "AnalyzerArn", # required
|
455
|
-
# client_token: "String",
|
456
455
|
# rule_name: "Name", # required
|
456
|
+
# client_token: "String",
|
457
457
|
# }
|
458
458
|
#
|
459
459
|
# @!attribute [rw] analyzer_arn
|
460
460
|
# The Amazon resource name (ARN) of the analyzer.
|
461
461
|
# @return [String]
|
462
462
|
#
|
463
|
+
# @!attribute [rw] rule_name
|
464
|
+
# The name of the rule to apply.
|
465
|
+
# @return [String]
|
466
|
+
#
|
463
467
|
# @!attribute [rw] client_token
|
464
468
|
# A client token.
|
465
469
|
#
|
@@ -467,33 +471,29 @@ module Aws::AccessAnalyzer
|
|
467
471
|
# not need to pass this option.
|
468
472
|
# @return [String]
|
469
473
|
#
|
470
|
-
# @!attribute [rw] rule_name
|
471
|
-
# The name of the rule to apply.
|
472
|
-
# @return [String]
|
473
|
-
#
|
474
474
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ApplyArchiveRuleRequest AWS API Documentation
|
475
475
|
#
|
476
476
|
class ApplyArchiveRuleRequest < Struct.new(
|
477
477
|
:analyzer_arn,
|
478
|
-
:
|
479
|
-
:
|
478
|
+
:rule_name,
|
479
|
+
:client_token)
|
480
480
|
SENSITIVE = []
|
481
481
|
include Aws::Structure
|
482
482
|
end
|
483
483
|
|
484
484
|
# Contains information about an archive rule.
|
485
485
|
#
|
486
|
-
# @!attribute [rw]
|
487
|
-
# The
|
488
|
-
# @return [
|
486
|
+
# @!attribute [rw] rule_name
|
487
|
+
# The name of the archive rule.
|
488
|
+
# @return [String]
|
489
489
|
#
|
490
490
|
# @!attribute [rw] filter
|
491
491
|
# A filter used to define the archive rule.
|
492
492
|
# @return [Hash<String,Types::Criterion>]
|
493
493
|
#
|
494
|
-
# @!attribute [rw]
|
495
|
-
# The
|
496
|
-
# @return [
|
494
|
+
# @!attribute [rw] created_at
|
495
|
+
# The time at which the archive rule was created.
|
496
|
+
# @return [Time]
|
497
497
|
#
|
498
498
|
# @!attribute [rw] updated_at
|
499
499
|
# The time at which the archive rule was last updated.
|
@@ -502,9 +502,9 @@ module Aws::AccessAnalyzer
|
|
502
502
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ArchiveRuleSummary AWS API Documentation
|
503
503
|
#
|
504
504
|
class ArchiveRuleSummary < Struct.new(
|
505
|
-
:created_at,
|
506
|
-
:filter,
|
507
505
|
:rule_name,
|
506
|
+
:filter,
|
507
|
+
:created_at,
|
508
508
|
:updated_at)
|
509
509
|
SENSITIVE = []
|
510
510
|
include Aws::Structure
|
@@ -542,59 +542,57 @@ module Aws::AccessAnalyzer
|
|
542
542
|
# data as a hash:
|
543
543
|
#
|
544
544
|
# {
|
545
|
-
# access_role: "RoleArn", # required
|
546
|
-
# end_time: Time.now,
|
547
|
-
# start_time: Time.now, # required
|
548
545
|
# trails: [ # required
|
549
546
|
# {
|
550
|
-
# all_regions: false,
|
551
547
|
# cloud_trail_arn: "CloudTrailArn", # required
|
552
548
|
# regions: ["String"],
|
549
|
+
# all_regions: false,
|
553
550
|
# },
|
554
551
|
# ],
|
552
|
+
# access_role: "RoleArn", # required
|
553
|
+
# start_time: Time.now, # required
|
554
|
+
# end_time: Time.now,
|
555
555
|
# }
|
556
556
|
#
|
557
|
+
# @!attribute [rw] trails
|
558
|
+
# A `Trail` object that contains settings for a trail.
|
559
|
+
# @return [Array<Types::Trail>]
|
560
|
+
#
|
557
561
|
# @!attribute [rw] access_role
|
558
562
|
# The ARN of the service role that IAM Access Analyzer uses to access
|
559
563
|
# your CloudTrail trail and service last accessed information.
|
560
564
|
# @return [String]
|
561
565
|
#
|
562
|
-
# @!attribute [rw] end_time
|
563
|
-
# The end of the time range for which IAM Access Analyzer reviews your
|
564
|
-
# CloudTrail events. Events with a timestamp after this time are not
|
565
|
-
# considered to generate a policy. If this is not included in the
|
566
|
-
# request, the default value is the current time.
|
567
|
-
# @return [Time]
|
568
|
-
#
|
569
566
|
# @!attribute [rw] start_time
|
570
567
|
# The start of the time range for which IAM Access Analyzer reviews
|
571
568
|
# your CloudTrail events. Events with a timestamp before this time are
|
572
569
|
# not considered to generate a policy.
|
573
570
|
# @return [Time]
|
574
571
|
#
|
575
|
-
# @!attribute [rw]
|
576
|
-
#
|
577
|
-
#
|
572
|
+
# @!attribute [rw] end_time
|
573
|
+
# The end of the time range for which IAM Access Analyzer reviews your
|
574
|
+
# CloudTrail events. Events with a timestamp after this time are not
|
575
|
+
# considered to generate a policy. If this is not included in the
|
576
|
+
# request, the default value is the current time.
|
577
|
+
# @return [Time]
|
578
578
|
#
|
579
579
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CloudTrailDetails AWS API Documentation
|
580
580
|
#
|
581
581
|
class CloudTrailDetails < Struct.new(
|
582
|
+
:trails,
|
582
583
|
:access_role,
|
583
|
-
:end_time,
|
584
584
|
:start_time,
|
585
|
-
:
|
585
|
+
:end_time)
|
586
586
|
SENSITIVE = []
|
587
587
|
include Aws::Structure
|
588
588
|
end
|
589
589
|
|
590
590
|
# Contains information about CloudTrail access.
|
591
591
|
#
|
592
|
-
# @!attribute [rw]
|
593
|
-
#
|
594
|
-
#
|
595
|
-
#
|
596
|
-
# request, the default value is the current time.
|
597
|
-
# @return [Time]
|
592
|
+
# @!attribute [rw] trail_properties
|
593
|
+
# A `TrailProperties` object that contains settings for trail
|
594
|
+
# properties.
|
595
|
+
# @return [Array<Types::TrailProperties>]
|
598
596
|
#
|
599
597
|
# @!attribute [rw] start_time
|
600
598
|
# The start of the time range for which IAM Access Analyzer reviews
|
@@ -602,17 +600,19 @@ module Aws::AccessAnalyzer
|
|
602
600
|
# not considered to generate a policy.
|
603
601
|
# @return [Time]
|
604
602
|
#
|
605
|
-
# @!attribute [rw]
|
606
|
-
#
|
607
|
-
#
|
608
|
-
#
|
603
|
+
# @!attribute [rw] end_time
|
604
|
+
# The end of the time range for which IAM Access Analyzer reviews your
|
605
|
+
# CloudTrail events. Events with a timestamp after this time are not
|
606
|
+
# considered to generate a policy. If this is not included in the
|
607
|
+
# request, the default value is the current time.
|
608
|
+
# @return [Time]
|
609
609
|
#
|
610
610
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CloudTrailProperties AWS API Documentation
|
611
611
|
#
|
612
612
|
class CloudTrailProperties < Struct.new(
|
613
|
-
:
|
613
|
+
:trail_properties,
|
614
614
|
:start_time,
|
615
|
-
:
|
615
|
+
:end_time)
|
616
616
|
SENSITIVE = []
|
617
617
|
include Aws::Structure
|
618
618
|
end
|
@@ -625,22 +625,48 @@ module Aws::AccessAnalyzer
|
|
625
625
|
#
|
626
626
|
# @note Configuration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Configuration corresponding to the set member.
|
627
627
|
#
|
628
|
+
# @!attribute [rw] ebs_snapshot
|
629
|
+
# The access control configuration is for an Amazon EBS volume
|
630
|
+
# snapshot.
|
631
|
+
# @return [Types::EbsSnapshotConfiguration]
|
632
|
+
#
|
633
|
+
# @!attribute [rw] ecr_repository
|
634
|
+
# The access control configuration is for an Amazon ECR repository.
|
635
|
+
# @return [Types::EcrRepositoryConfiguration]
|
636
|
+
#
|
628
637
|
# @!attribute [rw] iam_role
|
629
638
|
# The access control configuration is for an IAM role.
|
630
639
|
# @return [Types::IamRoleConfiguration]
|
631
640
|
#
|
641
|
+
# @!attribute [rw] efs_file_system
|
642
|
+
# The access control configuration is for an Amazon EFS file system.
|
643
|
+
# @return [Types::EfsFileSystemConfiguration]
|
644
|
+
#
|
632
645
|
# @!attribute [rw] kms_key
|
633
646
|
# The access control configuration is for a KMS key.
|
634
647
|
# @return [Types::KmsKeyConfiguration]
|
635
648
|
#
|
636
|
-
# @!attribute [rw]
|
637
|
-
# The access control configuration is for an Amazon
|
638
|
-
#
|
649
|
+
# @!attribute [rw] rds_db_cluster_snapshot
|
650
|
+
# The access control configuration is for an Amazon RDS DB cluster
|
651
|
+
# snapshot.
|
652
|
+
# @return [Types::RdsDbClusterSnapshotConfiguration]
|
653
|
+
#
|
654
|
+
# @!attribute [rw] rds_db_snapshot
|
655
|
+
# The access control configuration is for an Amazon RDS DB snapshot.
|
656
|
+
# @return [Types::RdsDbSnapshotConfiguration]
|
639
657
|
#
|
640
658
|
# @!attribute [rw] secrets_manager_secret
|
641
659
|
# The access control configuration is for a Secrets Manager secret.
|
642
660
|
# @return [Types::SecretsManagerSecretConfiguration]
|
643
661
|
#
|
662
|
+
# @!attribute [rw] s3_bucket
|
663
|
+
# The access control configuration is for an Amazon S3 Bucket.
|
664
|
+
# @return [Types::S3BucketConfiguration]
|
665
|
+
#
|
666
|
+
# @!attribute [rw] sns_topic
|
667
|
+
# The access control configuration is for an Amazon SNS topic
|
668
|
+
# @return [Types::SnsTopicConfiguration]
|
669
|
+
#
|
644
670
|
# @!attribute [rw] sqs_queue
|
645
671
|
# The access control configuration is for an Amazon SQS queue.
|
646
672
|
# @return [Types::SqsQueueConfiguration]
|
@@ -648,20 +674,32 @@ module Aws::AccessAnalyzer
|
|
648
674
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Configuration AWS API Documentation
|
649
675
|
#
|
650
676
|
class Configuration < Struct.new(
|
677
|
+
:ebs_snapshot,
|
678
|
+
:ecr_repository,
|
651
679
|
:iam_role,
|
680
|
+
:efs_file_system,
|
652
681
|
:kms_key,
|
653
|
-
:
|
682
|
+
:rds_db_cluster_snapshot,
|
683
|
+
:rds_db_snapshot,
|
654
684
|
:secrets_manager_secret,
|
685
|
+
:s3_bucket,
|
686
|
+
:sns_topic,
|
655
687
|
:sqs_queue,
|
656
688
|
:unknown)
|
657
689
|
SENSITIVE = []
|
658
690
|
include Aws::Structure
|
659
691
|
include Aws::Structure::Union
|
660
692
|
|
693
|
+
class EbsSnapshot < Configuration; end
|
694
|
+
class EcrRepository < Configuration; end
|
661
695
|
class IamRole < Configuration; end
|
696
|
+
class EfsFileSystem < Configuration; end
|
662
697
|
class KmsKey < Configuration; end
|
663
|
-
class
|
698
|
+
class RdsDbClusterSnapshot < Configuration; end
|
699
|
+
class RdsDbSnapshot < Configuration; end
|
664
700
|
class SecretsManagerSecret < Configuration; end
|
701
|
+
class S3Bucket < Configuration; end
|
702
|
+
class SnsTopic < Configuration; end
|
665
703
|
class SqsQueue < Configuration; end
|
666
704
|
class Unknown < Configuration; end
|
667
705
|
end
|
@@ -694,15 +732,31 @@ module Aws::AccessAnalyzer
|
|
694
732
|
#
|
695
733
|
# {
|
696
734
|
# analyzer_arn: "AnalyzerArn", # required
|
697
|
-
# client_token: "String",
|
698
735
|
# configurations: { # required
|
699
736
|
# "ConfigurationsMapKey" => {
|
737
|
+
# ebs_snapshot: {
|
738
|
+
# user_ids: ["EbsUserId"],
|
739
|
+
# groups: ["EbsGroup"],
|
740
|
+
# kms_key_id: "EbsSnapshotDataEncryptionKeyId",
|
741
|
+
# },
|
742
|
+
# ecr_repository: {
|
743
|
+
# repository_policy: "EcrRepositoryPolicy",
|
744
|
+
# },
|
700
745
|
# iam_role: {
|
701
746
|
# trust_policy: "IamTrustPolicy",
|
702
747
|
# },
|
748
|
+
# efs_file_system: {
|
749
|
+
# file_system_policy: "EfsFileSystemPolicy",
|
750
|
+
# },
|
703
751
|
# kms_key: {
|
752
|
+
# key_policies: {
|
753
|
+
# "PolicyName" => "KmsKeyPolicy",
|
754
|
+
# },
|
704
755
|
# grants: [
|
705
756
|
# {
|
757
|
+
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
758
|
+
# grantee_principal: "GranteePrincipal", # required
|
759
|
+
# retiring_principal: "RetiringPrincipal",
|
706
760
|
# constraints: {
|
707
761
|
# encryption_context_equals: {
|
708
762
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
@@ -711,57 +765,71 @@ module Aws::AccessAnalyzer
|
|
711
765
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
712
766
|
# },
|
713
767
|
# },
|
714
|
-
# grantee_principal: "GranteePrincipal", # required
|
715
768
|
# issuing_account: "IssuingAccount", # required
|
716
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
717
|
-
# retiring_principal: "RetiringPrincipal",
|
718
769
|
# },
|
719
770
|
# ],
|
720
|
-
#
|
721
|
-
#
|
771
|
+
# },
|
772
|
+
# rds_db_cluster_snapshot: {
|
773
|
+
# attributes: {
|
774
|
+
# "RdsDbClusterSnapshotAttributeName" => {
|
775
|
+
# account_ids: ["RdsDbClusterSnapshotAccountId"],
|
776
|
+
# },
|
722
777
|
# },
|
778
|
+
# kms_key_id: "RdsDbClusterSnapshotKmsKeyId",
|
723
779
|
# },
|
724
|
-
#
|
725
|
-
#
|
726
|
-
# "
|
727
|
-
#
|
728
|
-
# network_origin: {
|
729
|
-
# internet_configuration: {
|
730
|
-
# },
|
731
|
-
# vpc_configuration: {
|
732
|
-
# vpc_id: "VpcId", # required
|
733
|
-
# },
|
734
|
-
# },
|
735
|
-
# public_access_block: {
|
736
|
-
# ignore_public_acls: false, # required
|
737
|
-
# restrict_public_buckets: false, # required
|
738
|
-
# },
|
780
|
+
# rds_db_snapshot: {
|
781
|
+
# attributes: {
|
782
|
+
# "RdsDbSnapshotAttributeName" => {
|
783
|
+
# account_ids: ["RdsDbSnapshotAccountId"],
|
739
784
|
# },
|
740
785
|
# },
|
786
|
+
# kms_key_id: "RdsDbSnapshotKmsKeyId",
|
787
|
+
# },
|
788
|
+
# secrets_manager_secret: {
|
789
|
+
# kms_key_id: "SecretsManagerSecretKmsId",
|
790
|
+
# secret_policy: "SecretsManagerSecretPolicy",
|
791
|
+
# },
|
792
|
+
# s3_bucket: {
|
793
|
+
# bucket_policy: "S3BucketPolicy",
|
741
794
|
# bucket_acl_grants: [
|
742
795
|
# {
|
796
|
+
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
743
797
|
# grantee: { # required
|
744
798
|
# id: "AclCanonicalId",
|
745
799
|
# uri: "AclUri",
|
746
800
|
# },
|
747
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
748
801
|
# },
|
749
802
|
# ],
|
750
|
-
# bucket_policy: "S3BucketPolicy",
|
751
803
|
# bucket_public_access_block: {
|
752
804
|
# ignore_public_acls: false, # required
|
753
805
|
# restrict_public_buckets: false, # required
|
754
806
|
# },
|
807
|
+
# access_points: {
|
808
|
+
# "AccessPointArn" => {
|
809
|
+
# access_point_policy: "AccessPointPolicy",
|
810
|
+
# public_access_block: {
|
811
|
+
# ignore_public_acls: false, # required
|
812
|
+
# restrict_public_buckets: false, # required
|
813
|
+
# },
|
814
|
+
# network_origin: {
|
815
|
+
# vpc_configuration: {
|
816
|
+
# vpc_id: "VpcId", # required
|
817
|
+
# },
|
818
|
+
# internet_configuration: {
|
819
|
+
# },
|
820
|
+
# },
|
821
|
+
# },
|
822
|
+
# },
|
755
823
|
# },
|
756
|
-
#
|
757
|
-
#
|
758
|
-
# secret_policy: "SecretsManagerSecretPolicy",
|
824
|
+
# sns_topic: {
|
825
|
+
# topic_policy: "SnsTopicPolicy",
|
759
826
|
# },
|
760
827
|
# sqs_queue: {
|
761
828
|
# queue_policy: "SqsQueuePolicy",
|
762
829
|
# },
|
763
830
|
# },
|
764
831
|
# },
|
832
|
+
# client_token: "String",
|
765
833
|
# }
|
766
834
|
#
|
767
835
|
# @!attribute [rw] analyzer_arn
|
@@ -774,13 +842,6 @@ module Aws::AccessAnalyzer
|
|
774
842
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
775
843
|
# @return [String]
|
776
844
|
#
|
777
|
-
# @!attribute [rw] client_token
|
778
|
-
# A client token.
|
779
|
-
#
|
780
|
-
# **A suitable default value is auto-generated.** You should normally
|
781
|
-
# not need to pass this option.
|
782
|
-
# @return [String]
|
783
|
-
#
|
784
845
|
# @!attribute [rw] configurations
|
785
846
|
# Access control configuration for your resource that is used to
|
786
847
|
# generate the access preview. The access preview includes findings
|
@@ -789,12 +850,19 @@ module Aws::AccessAnalyzer
|
|
789
850
|
# element.
|
790
851
|
# @return [Hash<String,Types::Configuration>]
|
791
852
|
#
|
853
|
+
# @!attribute [rw] client_token
|
854
|
+
# A client token.
|
855
|
+
#
|
856
|
+
# **A suitable default value is auto-generated.** You should normally
|
857
|
+
# not need to pass this option.
|
858
|
+
# @return [String]
|
859
|
+
#
|
792
860
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAccessPreviewRequest AWS API Documentation
|
793
861
|
#
|
794
862
|
class CreateAccessPreviewRequest < Struct.new(
|
795
863
|
:analyzer_arn,
|
796
|
-
:
|
797
|
-
:
|
864
|
+
:configurations,
|
865
|
+
:client_token)
|
798
866
|
SENSITIVE = []
|
799
867
|
include Aws::Structure
|
800
868
|
end
|
@@ -818,36 +886,47 @@ module Aws::AccessAnalyzer
|
|
818
886
|
#
|
819
887
|
# {
|
820
888
|
# analyzer_name: "Name", # required
|
889
|
+
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
|
821
890
|
# archive_rules: [
|
822
891
|
# {
|
892
|
+
# rule_name: "Name", # required
|
823
893
|
# filter: { # required
|
824
894
|
# "String" => {
|
825
|
-
# contains: ["String"],
|
826
895
|
# eq: ["String"],
|
827
|
-
# exists: false,
|
828
896
|
# neq: ["String"],
|
897
|
+
# contains: ["String"],
|
898
|
+
# exists: false,
|
829
899
|
# },
|
830
900
|
# },
|
831
|
-
# rule_name: "Name", # required
|
832
901
|
# },
|
833
902
|
# ],
|
834
|
-
# client_token: "String",
|
835
903
|
# tags: {
|
836
904
|
# "String" => "String",
|
837
905
|
# },
|
838
|
-
#
|
906
|
+
# client_token: "String",
|
839
907
|
# }
|
840
908
|
#
|
841
909
|
# @!attribute [rw] analyzer_name
|
842
910
|
# The name of the analyzer to create.
|
843
911
|
# @return [String]
|
844
912
|
#
|
913
|
+
# @!attribute [rw] type
|
914
|
+
# The type of analyzer to create. Only ACCOUNT and ORGANIZATION
|
915
|
+
# analyzers are supported. You can create only one analyzer per
|
916
|
+
# account per Region. You can create up to 5 analyzers per
|
917
|
+
# organization per Region.
|
918
|
+
# @return [String]
|
919
|
+
#
|
845
920
|
# @!attribute [rw] archive_rules
|
846
921
|
# Specifies the archive rules to add for the analyzer. Archive rules
|
847
922
|
# automatically archive findings that meet the criteria you define for
|
848
923
|
# the rule.
|
849
924
|
# @return [Array<Types::InlineArchiveRule>]
|
850
925
|
#
|
926
|
+
# @!attribute [rw] tags
|
927
|
+
# The tags to apply to the analyzer.
|
928
|
+
# @return [Hash<String,String>]
|
929
|
+
#
|
851
930
|
# @!attribute [rw] client_token
|
852
931
|
# A client token.
|
853
932
|
#
|
@@ -855,25 +934,14 @@ module Aws::AccessAnalyzer
|
|
855
934
|
# not need to pass this option.
|
856
935
|
# @return [String]
|
857
936
|
#
|
858
|
-
# @!attribute [rw] tags
|
859
|
-
# The tags to apply to the analyzer.
|
860
|
-
# @return [Hash<String,String>]
|
861
|
-
#
|
862
|
-
# @!attribute [rw] type
|
863
|
-
# The type of analyzer to create. Only ACCOUNT and ORGANIZATION
|
864
|
-
# analyzers are supported. You can create only one analyzer per
|
865
|
-
# account per Region. You can create up to 5 analyzers per
|
866
|
-
# organization per Region.
|
867
|
-
# @return [String]
|
868
|
-
#
|
869
937
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAnalyzerRequest AWS API Documentation
|
870
938
|
#
|
871
939
|
class CreateAnalyzerRequest < Struct.new(
|
872
940
|
:analyzer_name,
|
941
|
+
:type,
|
873
942
|
:archive_rules,
|
874
|
-
:client_token,
|
875
943
|
:tags,
|
876
|
-
:
|
944
|
+
:client_token)
|
877
945
|
SENSITIVE = []
|
878
946
|
include Aws::Structure
|
879
947
|
end
|
@@ -899,44 +967,44 @@ module Aws::AccessAnalyzer
|
|
899
967
|
#
|
900
968
|
# {
|
901
969
|
# analyzer_name: "Name", # required
|
902
|
-
#
|
970
|
+
# rule_name: "Name", # required
|
903
971
|
# filter: { # required
|
904
972
|
# "String" => {
|
905
|
-
# contains: ["String"],
|
906
973
|
# eq: ["String"],
|
907
|
-
# exists: false,
|
908
974
|
# neq: ["String"],
|
975
|
+
# contains: ["String"],
|
976
|
+
# exists: false,
|
909
977
|
# },
|
910
978
|
# },
|
911
|
-
#
|
979
|
+
# client_token: "String",
|
912
980
|
# }
|
913
981
|
#
|
914
982
|
# @!attribute [rw] analyzer_name
|
915
983
|
# The name of the created analyzer.
|
916
984
|
# @return [String]
|
917
985
|
#
|
918
|
-
# @!attribute [rw]
|
919
|
-
#
|
920
|
-
#
|
921
|
-
# **A suitable default value is auto-generated.** You should normally
|
922
|
-
# not need to pass this option.
|
986
|
+
# @!attribute [rw] rule_name
|
987
|
+
# The name of the rule to create.
|
923
988
|
# @return [String]
|
924
989
|
#
|
925
990
|
# @!attribute [rw] filter
|
926
991
|
# The criteria for the rule.
|
927
992
|
# @return [Hash<String,Types::Criterion>]
|
928
993
|
#
|
929
|
-
# @!attribute [rw]
|
930
|
-
#
|
994
|
+
# @!attribute [rw] client_token
|
995
|
+
# A client token.
|
996
|
+
#
|
997
|
+
# **A suitable default value is auto-generated.** You should normally
|
998
|
+
# not need to pass this option.
|
931
999
|
# @return [String]
|
932
1000
|
#
|
933
1001
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateArchiveRuleRequest AWS API Documentation
|
934
1002
|
#
|
935
1003
|
class CreateArchiveRuleRequest < Struct.new(
|
936
1004
|
:analyzer_name,
|
937
|
-
:
|
1005
|
+
:rule_name,
|
938
1006
|
:filter,
|
939
|
-
:
|
1007
|
+
:client_token)
|
940
1008
|
SENSITIVE = []
|
941
1009
|
include Aws::Structure
|
942
1010
|
end
|
@@ -947,19 +1015,24 @@ module Aws::AccessAnalyzer
|
|
947
1015
|
# data as a hash:
|
948
1016
|
#
|
949
1017
|
# {
|
950
|
-
# contains: ["String"],
|
951
1018
|
# eq: ["String"],
|
952
|
-
# exists: false,
|
953
1019
|
# neq: ["String"],
|
1020
|
+
# contains: ["String"],
|
1021
|
+
# exists: false,
|
954
1022
|
# }
|
955
1023
|
#
|
956
|
-
# @!attribute [rw]
|
957
|
-
#
|
1024
|
+
# @!attribute [rw] eq
|
1025
|
+
# An "equals" operator to match for the filter used to create the
|
958
1026
|
# rule.
|
959
1027
|
# @return [Array<String>]
|
960
1028
|
#
|
961
|
-
# @!attribute [rw]
|
962
|
-
#
|
1029
|
+
# @!attribute [rw] neq
|
1030
|
+
# A "not equals" operator to match for the filter used to create the
|
1031
|
+
# rule.
|
1032
|
+
# @return [Array<String>]
|
1033
|
+
#
|
1034
|
+
# @!attribute [rw] contains
|
1035
|
+
# A "contains" operator to match for the filter used to create the
|
963
1036
|
# rule.
|
964
1037
|
# @return [Array<String>]
|
965
1038
|
#
|
@@ -968,18 +1041,13 @@ module Aws::AccessAnalyzer
|
|
968
1041
|
# rule.
|
969
1042
|
# @return [Boolean]
|
970
1043
|
#
|
971
|
-
# @!attribute [rw] neq
|
972
|
-
# A "not equals" operator to match for the filter used to create the
|
973
|
-
# rule.
|
974
|
-
# @return [Array<String>]
|
975
|
-
#
|
976
1044
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Criterion AWS API Documentation
|
977
1045
|
#
|
978
1046
|
class Criterion < Struct.new(
|
979
|
-
:contains,
|
980
1047
|
:eq,
|
981
|
-
:
|
982
|
-
:
|
1048
|
+
:neq,
|
1049
|
+
:contains,
|
1050
|
+
:exists)
|
983
1051
|
SENSITIVE = []
|
984
1052
|
include Aws::Structure
|
985
1053
|
end
|
@@ -1021,8 +1089,8 @@ module Aws::AccessAnalyzer
|
|
1021
1089
|
#
|
1022
1090
|
# {
|
1023
1091
|
# analyzer_name: "Name", # required
|
1024
|
-
# client_token: "String",
|
1025
1092
|
# rule_name: "Name", # required
|
1093
|
+
# client_token: "String",
|
1026
1094
|
# }
|
1027
1095
|
#
|
1028
1096
|
# @!attribute [rw] analyzer_name
|
@@ -1030,6 +1098,10 @@ module Aws::AccessAnalyzer
|
|
1030
1098
|
# delete.
|
1031
1099
|
# @return [String]
|
1032
1100
|
#
|
1101
|
+
# @!attribute [rw] rule_name
|
1102
|
+
# The name of the rule to delete.
|
1103
|
+
# @return [String]
|
1104
|
+
#
|
1033
1105
|
# @!attribute [rw] client_token
|
1034
1106
|
# A client token.
|
1035
1107
|
#
|
@@ -1037,68 +1109,241 @@ module Aws::AccessAnalyzer
|
|
1037
1109
|
# not need to pass this option.
|
1038
1110
|
# @return [String]
|
1039
1111
|
#
|
1040
|
-
# @!attribute [rw] rule_name
|
1041
|
-
# The name of the rule to delete.
|
1042
|
-
# @return [String]
|
1043
|
-
#
|
1044
1112
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/DeleteArchiveRuleRequest AWS API Documentation
|
1045
1113
|
#
|
1046
1114
|
class DeleteArchiveRuleRequest < Struct.new(
|
1047
1115
|
:analyzer_name,
|
1048
|
-
:
|
1049
|
-
:
|
1116
|
+
:rule_name,
|
1117
|
+
:client_token)
|
1050
1118
|
SENSITIVE = []
|
1051
1119
|
include Aws::Structure
|
1052
1120
|
end
|
1053
1121
|
|
1054
|
-
#
|
1122
|
+
# The proposed access control configuration for an Amazon EBS volume
|
1123
|
+
# snapshot. You can propose a configuration for a new Amazon EBS volume
|
1124
|
+
# snapshot or an Amazon EBS volume snapshot that you own by specifying
|
1125
|
+
# the user IDs, groups, and optional KMS encryption key. For more
|
1126
|
+
# information, see [ModifySnapshotAttribute][1].
|
1055
1127
|
#
|
1056
|
-
#
|
1057
|
-
#
|
1058
|
-
#
|
1128
|
+
#
|
1129
|
+
#
|
1130
|
+
# [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html
|
1131
|
+
#
|
1132
|
+
# @note When making an API call, you may pass EbsSnapshotConfiguration
|
1133
|
+
# data as a hash:
|
1134
|
+
#
|
1135
|
+
# {
|
1136
|
+
# user_ids: ["EbsUserId"],
|
1137
|
+
# groups: ["EbsGroup"],
|
1138
|
+
# kms_key_id: "EbsSnapshotDataEncryptionKeyId",
|
1139
|
+
# }
|
1140
|
+
#
|
1141
|
+
# @!attribute [rw] user_ids
|
1142
|
+
# The IDs of the Amazon Web Services accounts that have access to the
|
1143
|
+
# Amazon EBS volume snapshot.
|
1144
|
+
#
|
1145
|
+
# * If the configuration is for an existing Amazon EBS volume snapshot
|
1146
|
+
# and you do not specify the `userIds`, then the access preview uses
|
1147
|
+
# the existing shared `userIds` for the snapshot.
|
1148
|
+
#
|
1149
|
+
# * If the access preview is for a new resource and you do not specify
|
1150
|
+
# the `userIds`, then the access preview considers the snapshot
|
1151
|
+
# without any `userIds`.
|
1152
|
+
#
|
1153
|
+
# * To propose deletion of existing shared `accountIds`, you can
|
1154
|
+
# specify an empty list for `userIds`.
|
1059
1155
|
# @return [Array<String>]
|
1060
1156
|
#
|
1061
|
-
# @!attribute [rw]
|
1062
|
-
# The
|
1063
|
-
#
|
1157
|
+
# @!attribute [rw] groups
|
1158
|
+
# The groups that have access to the Amazon EBS volume snapshot. If
|
1159
|
+
# the value `all` is specified, then the Amazon EBS volume snapshot is
|
1160
|
+
# public.
|
1064
1161
|
#
|
1065
|
-
#
|
1066
|
-
#
|
1067
|
-
#
|
1068
|
-
# @return [Hash<String,String>]
|
1162
|
+
# * If the configuration is for an existing Amazon EBS volume snapshot
|
1163
|
+
# and you do not specify the `groups`, then the access preview uses
|
1164
|
+
# the existing shared `groups` for the snapshot.
|
1069
1165
|
#
|
1070
|
-
#
|
1071
|
-
#
|
1072
|
-
#
|
1166
|
+
# * If the access preview is for a new resource and you do not specify
|
1167
|
+
# the `groups`, then the access preview considers the snapshot
|
1168
|
+
# without any `groups`.
|
1073
1169
|
#
|
1074
|
-
#
|
1075
|
-
#
|
1170
|
+
# * To propose deletion of existing shared `groups`, you can specify
|
1171
|
+
# an empty list for `groups`.
|
1172
|
+
# @return [Array<String>]
|
1173
|
+
#
|
1174
|
+
# @!attribute [rw] kms_key_id
|
1175
|
+
# The KMS key identifier for an encrypted Amazon EBS volume snapshot.
|
1176
|
+
# The KMS key identifier is the key ARN, key ID, alias ARN, or alias
|
1177
|
+
# name for the KMS key.
|
1178
|
+
#
|
1179
|
+
# * If the configuration is for an existing Amazon EBS volume snapshot
|
1180
|
+
# and you do not specify the `kmsKeyId`, or you specify an empty
|
1181
|
+
# string, then the access preview uses the existing `kmsKeyId` of
|
1182
|
+
# the snapshot.
|
1183
|
+
#
|
1184
|
+
# * If the access preview is for a new resource and you do not specify
|
1185
|
+
# the `kmsKeyId`, the access preview considers the snapshot as
|
1186
|
+
# unencrypted.
|
1076
1187
|
# @return [String]
|
1077
1188
|
#
|
1189
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EbsSnapshotConfiguration AWS API Documentation
|
1190
|
+
#
|
1191
|
+
class EbsSnapshotConfiguration < Struct.new(
|
1192
|
+
:user_ids,
|
1193
|
+
:groups,
|
1194
|
+
:kms_key_id)
|
1195
|
+
SENSITIVE = []
|
1196
|
+
include Aws::Structure
|
1197
|
+
end
|
1198
|
+
|
1199
|
+
# The proposed access control configuration for an Amazon ECR
|
1200
|
+
# repository. You can propose a configuration for a new Amazon ECR
|
1201
|
+
# repository or an existing Amazon ECR repository that you own by
|
1202
|
+
# specifying the Amazon ECR policy. For more information, see
|
1203
|
+
# [Repository][1].
|
1204
|
+
#
|
1205
|
+
# * If the configuration is for an existing Amazon ECR repository and
|
1206
|
+
# you do not specify the Amazon ECR policy, then the access preview
|
1207
|
+
# uses the existing Amazon ECR policy for the repository.
|
1208
|
+
#
|
1209
|
+
# * If the access preview is for a new resource and you do not specify
|
1210
|
+
# the policy, then the access preview assumes an Amazon ECR repository
|
1211
|
+
# without a policy.
|
1212
|
+
#
|
1213
|
+
# * To propose deletion of an existing Amazon ECR repository policy, you
|
1214
|
+
# can specify an empty string for the Amazon ECR policy.
|
1215
|
+
#
|
1216
|
+
#
|
1217
|
+
#
|
1218
|
+
# [1]: https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html
|
1219
|
+
#
|
1220
|
+
# @note When making an API call, you may pass EcrRepositoryConfiguration
|
1221
|
+
# data as a hash:
|
1222
|
+
#
|
1223
|
+
# {
|
1224
|
+
# repository_policy: "EcrRepositoryPolicy",
|
1225
|
+
# }
|
1226
|
+
#
|
1227
|
+
# @!attribute [rw] repository_policy
|
1228
|
+
# The JSON repository policy text to apply to the Amazon ECR
|
1229
|
+
# repository. For more information, see [Private repository policy
|
1230
|
+
# examples][1] in the *Amazon ECR User Guide*.
|
1231
|
+
#
|
1232
|
+
#
|
1233
|
+
#
|
1234
|
+
# [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html
|
1235
|
+
# @return [String]
|
1236
|
+
#
|
1237
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EcrRepositoryConfiguration AWS API Documentation
|
1238
|
+
#
|
1239
|
+
class EcrRepositoryConfiguration < Struct.new(
|
1240
|
+
:repository_policy)
|
1241
|
+
SENSITIVE = []
|
1242
|
+
include Aws::Structure
|
1243
|
+
end
|
1244
|
+
|
1245
|
+
# The proposed access control configuration for an Amazon EFS file
|
1246
|
+
# system. You can propose a configuration for a new Amazon EFS file
|
1247
|
+
# system or an existing Amazon EFS file system that you own by
|
1248
|
+
# specifying the Amazon EFS policy. For more information, see [Using
|
1249
|
+
# file systems in Amazon EFS][1].
|
1250
|
+
#
|
1251
|
+
# * If the configuration is for an existing Amazon EFS file system and
|
1252
|
+
# you do not specify the Amazon EFS policy, then the access preview
|
1253
|
+
# uses the existing Amazon EFS policy for the file system.
|
1254
|
+
#
|
1255
|
+
# * If the access preview is for a new resource and you do not specify
|
1256
|
+
# the policy, then the access preview assumes an Amazon EFS file
|
1257
|
+
# system without a policy.
|
1258
|
+
#
|
1259
|
+
# * To propose deletion of an existing Amazon EFS file system policy,
|
1260
|
+
# you can specify an empty string for the Amazon EFS policy.
|
1261
|
+
#
|
1262
|
+
#
|
1263
|
+
#
|
1264
|
+
# [1]: https://docs.aws.amazon.com/efs/latest/ug/using-fs.html
|
1265
|
+
#
|
1266
|
+
# @note When making an API call, you may pass EfsFileSystemConfiguration
|
1267
|
+
# data as a hash:
|
1268
|
+
#
|
1269
|
+
# {
|
1270
|
+
# file_system_policy: "EfsFileSystemPolicy",
|
1271
|
+
# }
|
1272
|
+
#
|
1273
|
+
# @!attribute [rw] file_system_policy
|
1274
|
+
# The JSON policy definition to apply to the Amazon EFS file system.
|
1275
|
+
# For more information on the elements that make up a file system
|
1276
|
+
# policy, see [Amazon EFS Resource-based policies][1].
|
1277
|
+
#
|
1278
|
+
#
|
1279
|
+
#
|
1280
|
+
# [1]: https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies
|
1281
|
+
# @return [String]
|
1282
|
+
#
|
1283
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EfsFileSystemConfiguration AWS API Documentation
|
1284
|
+
#
|
1285
|
+
class EfsFileSystemConfiguration < Struct.new(
|
1286
|
+
:file_system_policy)
|
1287
|
+
SENSITIVE = []
|
1288
|
+
include Aws::Structure
|
1289
|
+
end
|
1290
|
+
|
1291
|
+
# Contains information about a finding.
|
1292
|
+
#
|
1078
1293
|
# @!attribute [rw] id
|
1079
1294
|
# The ID of the finding.
|
1080
1295
|
# @return [String]
|
1081
1296
|
#
|
1082
|
-
# @!attribute [rw] is_public
|
1083
|
-
# Indicates whether the policy that generated the finding allows
|
1084
|
-
# public access to the resource.
|
1085
|
-
# @return [Boolean]
|
1086
|
-
#
|
1087
1297
|
# @!attribute [rw] principal
|
1088
1298
|
# The external principal that access to a resource within the zone of
|
1089
1299
|
# trust.
|
1090
1300
|
# @return [Hash<String,String>]
|
1091
1301
|
#
|
1302
|
+
# @!attribute [rw] action
|
1303
|
+
# The action in the analyzed policy statement that an external
|
1304
|
+
# principal has permission to use.
|
1305
|
+
# @return [Array<String>]
|
1306
|
+
#
|
1092
1307
|
# @!attribute [rw] resource
|
1093
1308
|
# The resource that an external principal has access to.
|
1094
1309
|
# @return [String]
|
1095
1310
|
#
|
1311
|
+
# @!attribute [rw] is_public
|
1312
|
+
# Indicates whether the policy that generated the finding allows
|
1313
|
+
# public access to the resource.
|
1314
|
+
# @return [Boolean]
|
1315
|
+
#
|
1316
|
+
# @!attribute [rw] resource_type
|
1317
|
+
# The type of the resource identified in the finding.
|
1318
|
+
# @return [String]
|
1319
|
+
#
|
1320
|
+
# @!attribute [rw] condition
|
1321
|
+
# The condition in the analyzed policy statement that resulted in a
|
1322
|
+
# finding.
|
1323
|
+
# @return [Hash<String,String>]
|
1324
|
+
#
|
1325
|
+
# @!attribute [rw] created_at
|
1326
|
+
# The time at which the finding was generated.
|
1327
|
+
# @return [Time]
|
1328
|
+
#
|
1329
|
+
# @!attribute [rw] analyzed_at
|
1330
|
+
# The time at which the resource was analyzed.
|
1331
|
+
# @return [Time]
|
1332
|
+
#
|
1333
|
+
# @!attribute [rw] updated_at
|
1334
|
+
# The time at which the finding was updated.
|
1335
|
+
# @return [Time]
|
1336
|
+
#
|
1337
|
+
# @!attribute [rw] status
|
1338
|
+
# The current status of the finding.
|
1339
|
+
# @return [String]
|
1340
|
+
#
|
1096
1341
|
# @!attribute [rw] resource_owner_account
|
1097
1342
|
# The Amazon Web Services account ID that owns the resource.
|
1098
1343
|
# @return [String]
|
1099
1344
|
#
|
1100
|
-
# @!attribute [rw]
|
1101
|
-
#
|
1345
|
+
# @!attribute [rw] error
|
1346
|
+
# An error.
|
1102
1347
|
# @return [String]
|
1103
1348
|
#
|
1104
1349
|
# @!attribute [rw] sources
|
@@ -1107,31 +1352,23 @@ module Aws::AccessAnalyzer
|
|
1107
1352
|
# bucket findings.
|
1108
1353
|
# @return [Array<Types::FindingSource>]
|
1109
1354
|
#
|
1110
|
-
# @!attribute [rw] status
|
1111
|
-
# The current status of the finding.
|
1112
|
-
# @return [String]
|
1113
|
-
#
|
1114
|
-
# @!attribute [rw] updated_at
|
1115
|
-
# The time at which the finding was updated.
|
1116
|
-
# @return [Time]
|
1117
|
-
#
|
1118
1355
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Finding AWS API Documentation
|
1119
1356
|
#
|
1120
1357
|
class Finding < Struct.new(
|
1121
|
-
:action,
|
1122
|
-
:analyzed_at,
|
1123
|
-
:condition,
|
1124
|
-
:created_at,
|
1125
|
-
:error,
|
1126
1358
|
:id,
|
1127
|
-
:is_public,
|
1128
1359
|
:principal,
|
1360
|
+
:action,
|
1129
1361
|
:resource,
|
1130
|
-
:
|
1362
|
+
:is_public,
|
1131
1363
|
:resource_type,
|
1132
|
-
:
|
1364
|
+
:condition,
|
1365
|
+
:created_at,
|
1366
|
+
:analyzed_at,
|
1367
|
+
:updated_at,
|
1133
1368
|
:status,
|
1134
|
-
:
|
1369
|
+
:resource_owner_account,
|
1370
|
+
:error,
|
1371
|
+
:sources)
|
1135
1372
|
SENSITIVE = []
|
1136
1373
|
include Aws::Structure
|
1137
1374
|
end
|
@@ -1140,20 +1377,20 @@ module Aws::AccessAnalyzer
|
|
1140
1377
|
# generated the finding is granted. It is populated for Amazon S3 bucket
|
1141
1378
|
# findings.
|
1142
1379
|
#
|
1380
|
+
# @!attribute [rw] type
|
1381
|
+
# Indicates the type of access that generated the finding.
|
1382
|
+
# @return [String]
|
1383
|
+
#
|
1143
1384
|
# @!attribute [rw] detail
|
1144
1385
|
# Includes details about how the access that generated the finding is
|
1145
1386
|
# granted. This is populated for Amazon S3 bucket findings.
|
1146
1387
|
# @return [Types::FindingSourceDetail]
|
1147
1388
|
#
|
1148
|
-
# @!attribute [rw] type
|
1149
|
-
# Indicates the type of access that generated the finding.
|
1150
|
-
# @return [String]
|
1151
|
-
#
|
1152
1389
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSource AWS API Documentation
|
1153
1390
|
#
|
1154
1391
|
class FindingSource < Struct.new(
|
1155
|
-
:
|
1156
|
-
:
|
1392
|
+
:type,
|
1393
|
+
:detail)
|
1157
1394
|
SENSITIVE = []
|
1158
1395
|
include Aws::Structure
|
1159
1396
|
end
|
@@ -1177,15 +1414,32 @@ module Aws::AccessAnalyzer
|
|
1177
1414
|
|
1178
1415
|
# Contains information about a finding.
|
1179
1416
|
#
|
1417
|
+
# @!attribute [rw] id
|
1418
|
+
# The ID of the finding.
|
1419
|
+
# @return [String]
|
1420
|
+
#
|
1421
|
+
# @!attribute [rw] principal
|
1422
|
+
# The external principal that has access to a resource within the zone
|
1423
|
+
# of trust.
|
1424
|
+
# @return [Hash<String,String>]
|
1425
|
+
#
|
1180
1426
|
# @!attribute [rw] action
|
1181
1427
|
# The action in the analyzed policy statement that an external
|
1182
1428
|
# principal has permission to use.
|
1183
1429
|
# @return [Array<String>]
|
1184
1430
|
#
|
1185
|
-
# @!attribute [rw]
|
1186
|
-
# The
|
1187
|
-
#
|
1188
|
-
#
|
1431
|
+
# @!attribute [rw] resource
|
1432
|
+
# The resource that the external principal has access to.
|
1433
|
+
# @return [String]
|
1434
|
+
#
|
1435
|
+
# @!attribute [rw] is_public
|
1436
|
+
# Indicates whether the finding reports a resource that has a policy
|
1437
|
+
# that allows public access.
|
1438
|
+
# @return [Boolean]
|
1439
|
+
#
|
1440
|
+
# @!attribute [rw] resource_type
|
1441
|
+
# The type of the resource that the external principal has access to.
|
1442
|
+
# @return [String]
|
1189
1443
|
#
|
1190
1444
|
# @!attribute [rw] condition
|
1191
1445
|
# The condition in the analyzed policy statement that resulted in a
|
@@ -1196,34 +1450,25 @@ module Aws::AccessAnalyzer
|
|
1196
1450
|
# The time at which the finding was created.
|
1197
1451
|
# @return [Time]
|
1198
1452
|
#
|
1199
|
-
# @!attribute [rw]
|
1200
|
-
# The
|
1201
|
-
#
|
1202
|
-
#
|
1203
|
-
# @!attribute [rw] id
|
1204
|
-
# The ID of the finding.
|
1205
|
-
# @return [String]
|
1206
|
-
#
|
1207
|
-
# @!attribute [rw] is_public
|
1208
|
-
# Indicates whether the finding reports a resource that has a policy
|
1209
|
-
# that allows public access.
|
1210
|
-
# @return [Boolean]
|
1453
|
+
# @!attribute [rw] analyzed_at
|
1454
|
+
# The time at which the resource-based policy that generated the
|
1455
|
+
# finding was analyzed.
|
1456
|
+
# @return [Time]
|
1211
1457
|
#
|
1212
|
-
# @!attribute [rw]
|
1213
|
-
# The
|
1214
|
-
#
|
1215
|
-
# @return [Hash<String,String>]
|
1458
|
+
# @!attribute [rw] updated_at
|
1459
|
+
# The time at which the finding was most recently updated.
|
1460
|
+
# @return [Time]
|
1216
1461
|
#
|
1217
|
-
# @!attribute [rw]
|
1218
|
-
# The
|
1462
|
+
# @!attribute [rw] status
|
1463
|
+
# The status of the finding.
|
1219
1464
|
# @return [String]
|
1220
1465
|
#
|
1221
1466
|
# @!attribute [rw] resource_owner_account
|
1222
1467
|
# The Amazon Web Services account ID that owns the resource.
|
1223
1468
|
# @return [String]
|
1224
1469
|
#
|
1225
|
-
# @!attribute [rw]
|
1226
|
-
# The
|
1470
|
+
# @!attribute [rw] error
|
1471
|
+
# The error that resulted in an Error finding.
|
1227
1472
|
# @return [String]
|
1228
1473
|
#
|
1229
1474
|
# @!attribute [rw] sources
|
@@ -1232,31 +1477,23 @@ module Aws::AccessAnalyzer
|
|
1232
1477
|
# bucket findings.
|
1233
1478
|
# @return [Array<Types::FindingSource>]
|
1234
1479
|
#
|
1235
|
-
# @!attribute [rw] status
|
1236
|
-
# The status of the finding.
|
1237
|
-
# @return [String]
|
1238
|
-
#
|
1239
|
-
# @!attribute [rw] updated_at
|
1240
|
-
# The time at which the finding was most recently updated.
|
1241
|
-
# @return [Time]
|
1242
|
-
#
|
1243
1480
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSummary AWS API Documentation
|
1244
1481
|
#
|
1245
1482
|
class FindingSummary < Struct.new(
|
1246
|
-
:action,
|
1247
|
-
:analyzed_at,
|
1248
|
-
:condition,
|
1249
|
-
:created_at,
|
1250
|
-
:error,
|
1251
1483
|
:id,
|
1252
|
-
:is_public,
|
1253
1484
|
:principal,
|
1485
|
+
:action,
|
1254
1486
|
:resource,
|
1255
|
-
:
|
1487
|
+
:is_public,
|
1256
1488
|
:resource_type,
|
1257
|
-
:
|
1489
|
+
:condition,
|
1490
|
+
:created_at,
|
1491
|
+
:analyzed_at,
|
1492
|
+
:updated_at,
|
1258
1493
|
:status,
|
1259
|
-
:
|
1494
|
+
:resource_owner_account,
|
1495
|
+
:error,
|
1496
|
+
:sources)
|
1260
1497
|
SENSITIVE = []
|
1261
1498
|
include Aws::Structure
|
1262
1499
|
end
|
@@ -1282,10 +1519,6 @@ module Aws::AccessAnalyzer
|
|
1282
1519
|
|
1283
1520
|
# Contains the generated policy details.
|
1284
1521
|
#
|
1285
|
-
# @!attribute [rw] cloud_trail_properties
|
1286
|
-
# Lists details about the `Trail` used to generated policy.
|
1287
|
-
# @return [Types::CloudTrailProperties]
|
1288
|
-
#
|
1289
1522
|
# @!attribute [rw] is_complete
|
1290
1523
|
# This value is set to `true` if the generated policy contains all
|
1291
1524
|
# possible actions for a service that IAM Access Analyzer identified
|
@@ -1297,18 +1530,27 @@ module Aws::AccessAnalyzer
|
|
1297
1530
|
# generating a policy.
|
1298
1531
|
# @return [String]
|
1299
1532
|
#
|
1533
|
+
# @!attribute [rw] cloud_trail_properties
|
1534
|
+
# Lists details about the `Trail` used to generated policy.
|
1535
|
+
# @return [Types::CloudTrailProperties]
|
1536
|
+
#
|
1300
1537
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicyProperties AWS API Documentation
|
1301
1538
|
#
|
1302
1539
|
class GeneratedPolicyProperties < Struct.new(
|
1303
|
-
:cloud_trail_properties,
|
1304
1540
|
:is_complete,
|
1305
|
-
:principal_arn
|
1541
|
+
:principal_arn,
|
1542
|
+
:cloud_trail_properties)
|
1306
1543
|
SENSITIVE = []
|
1307
1544
|
include Aws::Structure
|
1308
1545
|
end
|
1309
1546
|
|
1310
1547
|
# Contains the text for the generated policy and its details.
|
1311
1548
|
#
|
1549
|
+
# @!attribute [rw] properties
|
1550
|
+
# A `GeneratedPolicyProperties` object that contains properties of the
|
1551
|
+
# generated policy.
|
1552
|
+
# @return [Types::GeneratedPolicyProperties]
|
1553
|
+
#
|
1312
1554
|
# @!attribute [rw] generated_policies
|
1313
1555
|
# The text to use as the content for the new policy. The policy is
|
1314
1556
|
# created using the [CreatePolicy][1] action.
|
@@ -1318,16 +1560,11 @@ module Aws::AccessAnalyzer
|
|
1318
1560
|
# [1]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
|
1319
1561
|
# @return [Array<Types::GeneratedPolicy>]
|
1320
1562
|
#
|
1321
|
-
# @!attribute [rw] properties
|
1322
|
-
# A `GeneratedPolicyProperties` object that contains properties of the
|
1323
|
-
# generated policy.
|
1324
|
-
# @return [Types::GeneratedPolicyProperties]
|
1325
|
-
#
|
1326
1563
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GeneratedPolicyResult AWS API Documentation
|
1327
1564
|
#
|
1328
1565
|
class GeneratedPolicyResult < Struct.new(
|
1329
|
-
:
|
1330
|
-
:
|
1566
|
+
:properties,
|
1567
|
+
:generated_policies)
|
1331
1568
|
SENSITIVE = []
|
1332
1569
|
include Aws::Structure
|
1333
1570
|
end
|
@@ -1545,11 +1782,18 @@ module Aws::AccessAnalyzer
|
|
1545
1782
|
# data as a hash:
|
1546
1783
|
#
|
1547
1784
|
# {
|
1785
|
+
# job_id: "JobId", # required
|
1548
1786
|
# include_resource_placeholders: false,
|
1549
1787
|
# include_service_level_template: false,
|
1550
|
-
# job_id: "JobId", # required
|
1551
1788
|
# }
|
1552
1789
|
#
|
1790
|
+
# @!attribute [rw] job_id
|
1791
|
+
# The `JobId` that is returned by the `StartPolicyGeneration`
|
1792
|
+
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
1793
|
+
# retrieve the generated policies or used with
|
1794
|
+
# `CancelPolicyGeneration` to cancel the policy generation request.
|
1795
|
+
# @return [String]
|
1796
|
+
#
|
1553
1797
|
# @!attribute [rw] include_resource_placeholders
|
1554
1798
|
# The level of detail that you want to generate. You can specify
|
1555
1799
|
# whether to generate policies with placeholders for resource ARNs for
|
@@ -1569,38 +1813,31 @@ module Aws::AccessAnalyzer
|
|
1569
1813
|
# template.
|
1570
1814
|
# @return [Boolean]
|
1571
1815
|
#
|
1572
|
-
# @!attribute [rw] job_id
|
1573
|
-
# The `JobId` that is returned by the `StartPolicyGeneration`
|
1574
|
-
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
1575
|
-
# retrieve the generated policies or used with
|
1576
|
-
# `CancelPolicyGeneration` to cancel the policy generation request.
|
1577
|
-
# @return [String]
|
1578
|
-
#
|
1579
1816
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicyRequest AWS API Documentation
|
1580
1817
|
#
|
1581
1818
|
class GetGeneratedPolicyRequest < Struct.new(
|
1819
|
+
:job_id,
|
1582
1820
|
:include_resource_placeholders,
|
1583
|
-
:include_service_level_template
|
1584
|
-
:job_id)
|
1821
|
+
:include_service_level_template)
|
1585
1822
|
SENSITIVE = []
|
1586
1823
|
include Aws::Structure
|
1587
1824
|
end
|
1588
1825
|
|
1589
|
-
# @!attribute [rw] generated_policy_result
|
1590
|
-
# A `GeneratedPolicyResult` object that contains the generated
|
1591
|
-
# policies and associated details.
|
1592
|
-
# @return [Types::GeneratedPolicyResult]
|
1593
|
-
#
|
1594
1826
|
# @!attribute [rw] job_details
|
1595
1827
|
# A `GeneratedPolicyDetails` object that contains details about the
|
1596
1828
|
# generated policy.
|
1597
1829
|
# @return [Types::JobDetails]
|
1598
1830
|
#
|
1831
|
+
# @!attribute [rw] generated_policy_result
|
1832
|
+
# A `GeneratedPolicyResult` object that contains the generated
|
1833
|
+
# policies and associated details.
|
1834
|
+
# @return [Types::GeneratedPolicyResult]
|
1835
|
+
#
|
1599
1836
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetGeneratedPolicyResponse AWS API Documentation
|
1600
1837
|
#
|
1601
1838
|
class GetGeneratedPolicyResponse < Struct.new(
|
1602
|
-
:
|
1603
|
-
:
|
1839
|
+
:job_details,
|
1840
|
+
:generated_policy_result)
|
1604
1841
|
SENSITIVE = []
|
1605
1842
|
include Aws::Structure
|
1606
1843
|
end
|
@@ -1645,30 +1882,30 @@ module Aws::AccessAnalyzer
|
|
1645
1882
|
# data as a hash:
|
1646
1883
|
#
|
1647
1884
|
# {
|
1885
|
+
# rule_name: "Name", # required
|
1648
1886
|
# filter: { # required
|
1649
1887
|
# "String" => {
|
1650
|
-
# contains: ["String"],
|
1651
1888
|
# eq: ["String"],
|
1652
|
-
# exists: false,
|
1653
1889
|
# neq: ["String"],
|
1890
|
+
# contains: ["String"],
|
1891
|
+
# exists: false,
|
1654
1892
|
# },
|
1655
1893
|
# },
|
1656
|
-
# rule_name: "Name", # required
|
1657
1894
|
# }
|
1658
1895
|
#
|
1659
|
-
# @!attribute [rw] filter
|
1660
|
-
# The condition and values for a criterion.
|
1661
|
-
# @return [Hash<String,Types::Criterion>]
|
1662
|
-
#
|
1663
1896
|
# @!attribute [rw] rule_name
|
1664
1897
|
# The name of the rule.
|
1665
1898
|
# @return [String]
|
1666
1899
|
#
|
1900
|
+
# @!attribute [rw] filter
|
1901
|
+
# The condition and values for a criterion.
|
1902
|
+
# @return [Hash<String,Types::Criterion>]
|
1903
|
+
#
|
1667
1904
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InlineArchiveRule AWS API Documentation
|
1668
1905
|
#
|
1669
1906
|
class InlineArchiveRule < Struct.new(
|
1670
|
-
:
|
1671
|
-
:
|
1907
|
+
:rule_name,
|
1908
|
+
:filter)
|
1672
1909
|
SENSITIVE = []
|
1673
1910
|
include Aws::Structure
|
1674
1911
|
end
|
@@ -1702,14 +1939,6 @@ module Aws::AccessAnalyzer
|
|
1702
1939
|
|
1703
1940
|
# Contains details about the policy generation request.
|
1704
1941
|
#
|
1705
|
-
# @!attribute [rw] completed_on
|
1706
|
-
# A timestamp of when the job was completed.
|
1707
|
-
# @return [Time]
|
1708
|
-
#
|
1709
|
-
# @!attribute [rw] job_error
|
1710
|
-
# The job error for the policy generation request.
|
1711
|
-
# @return [Types::JobError]
|
1712
|
-
#
|
1713
1942
|
# @!attribute [rw] job_id
|
1714
1943
|
# The `JobId` that is returned by the `StartPolicyGeneration`
|
1715
1944
|
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
@@ -1717,22 +1946,30 @@ module Aws::AccessAnalyzer
|
|
1717
1946
|
# `CancelPolicyGeneration` to cancel the policy generation request.
|
1718
1947
|
# @return [String]
|
1719
1948
|
#
|
1949
|
+
# @!attribute [rw] status
|
1950
|
+
# The status of the job request.
|
1951
|
+
# @return [String]
|
1952
|
+
#
|
1720
1953
|
# @!attribute [rw] started_on
|
1721
1954
|
# A timestamp of when the job was started.
|
1722
1955
|
# @return [Time]
|
1723
1956
|
#
|
1724
|
-
# @!attribute [rw]
|
1725
|
-
#
|
1726
|
-
# @return [
|
1957
|
+
# @!attribute [rw] completed_on
|
1958
|
+
# A timestamp of when the job was completed.
|
1959
|
+
# @return [Time]
|
1960
|
+
#
|
1961
|
+
# @!attribute [rw] job_error
|
1962
|
+
# The job error for the policy generation request.
|
1963
|
+
# @return [Types::JobError]
|
1727
1964
|
#
|
1728
1965
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/JobDetails AWS API Documentation
|
1729
1966
|
#
|
1730
1967
|
class JobDetails < Struct.new(
|
1731
|
-
:completed_on,
|
1732
|
-
:job_error,
|
1733
1968
|
:job_id,
|
1969
|
+
:status,
|
1734
1970
|
:started_on,
|
1735
|
-
:
|
1971
|
+
:completed_on,
|
1972
|
+
:job_error)
|
1736
1973
|
SENSITIVE = []
|
1737
1974
|
include Aws::Structure
|
1738
1975
|
end
|
@@ -1768,6 +2005,9 @@ module Aws::AccessAnalyzer
|
|
1768
2005
|
# data as a hash:
|
1769
2006
|
#
|
1770
2007
|
# {
|
2008
|
+
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
2009
|
+
# grantee_principal: "GranteePrincipal", # required
|
2010
|
+
# retiring_principal: "RetiringPrincipal",
|
1771
2011
|
# constraints: {
|
1772
2012
|
# encryption_context_equals: {
|
1773
2013
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
@@ -1776,12 +2016,27 @@ module Aws::AccessAnalyzer
|
|
1776
2016
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1777
2017
|
# },
|
1778
2018
|
# },
|
1779
|
-
# grantee_principal: "GranteePrincipal", # required
|
1780
2019
|
# issuing_account: "IssuingAccount", # required
|
1781
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
1782
|
-
# retiring_principal: "RetiringPrincipal",
|
1783
2020
|
# }
|
1784
2021
|
#
|
2022
|
+
# @!attribute [rw] operations
|
2023
|
+
# A list of operations that the grant permits.
|
2024
|
+
# @return [Array<String>]
|
2025
|
+
#
|
2026
|
+
# @!attribute [rw] grantee_principal
|
2027
|
+
# The principal that is given permission to perform the operations
|
2028
|
+
# that the grant permits.
|
2029
|
+
# @return [String]
|
2030
|
+
#
|
2031
|
+
# @!attribute [rw] retiring_principal
|
2032
|
+
# The principal that is given permission to retire the grant by using
|
2033
|
+
# [RetireGrant][1] operation.
|
2034
|
+
#
|
2035
|
+
#
|
2036
|
+
#
|
2037
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html
|
2038
|
+
# @return [String]
|
2039
|
+
#
|
1785
2040
|
# @!attribute [rw] constraints
|
1786
2041
|
# Use this structure to propose allowing [cryptographic operations][1]
|
1787
2042
|
# in the grant only when the operation request includes the specified
|
@@ -1793,38 +2048,20 @@ module Aws::AccessAnalyzer
|
|
1793
2048
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1794
2049
|
# @return [Types::KmsGrantConstraints]
|
1795
2050
|
#
|
1796
|
-
# @!attribute [rw] grantee_principal
|
1797
|
-
# The principal that is given permission to perform the operations
|
1798
|
-
# that the grant permits.
|
1799
|
-
# @return [String]
|
1800
|
-
#
|
1801
2051
|
# @!attribute [rw] issuing_account
|
1802
2052
|
# The Amazon Web Services account under which the grant was issued.
|
1803
2053
|
# The account is used to propose KMS grants issued by accounts other
|
1804
2054
|
# than the owner of the key.
|
1805
2055
|
# @return [String]
|
1806
2056
|
#
|
1807
|
-
# @!attribute [rw] operations
|
1808
|
-
# A list of operations that the grant permits.
|
1809
|
-
# @return [Array<String>]
|
1810
|
-
#
|
1811
|
-
# @!attribute [rw] retiring_principal
|
1812
|
-
# The principal that is given permission to retire the grant by using
|
1813
|
-
# [RetireGrant][1] operation.
|
1814
|
-
#
|
1815
|
-
#
|
1816
|
-
#
|
1817
|
-
# [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html
|
1818
|
-
# @return [String]
|
1819
|
-
#
|
1820
2057
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/KmsGrantConfiguration AWS API Documentation
|
1821
2058
|
#
|
1822
2059
|
class KmsGrantConfiguration < Struct.new(
|
1823
|
-
:constraints,
|
1824
|
-
:grantee_principal,
|
1825
|
-
:issuing_account,
|
1826
2060
|
:operations,
|
1827
|
-
:
|
2061
|
+
:grantee_principal,
|
2062
|
+
:retiring_principal,
|
2063
|
+
:constraints,
|
2064
|
+
:issuing_account)
|
1828
2065
|
SENSITIVE = []
|
1829
2066
|
include Aws::Structure
|
1830
2067
|
end
|
@@ -1907,8 +2144,14 @@ module Aws::AccessAnalyzer
|
|
1907
2144
|
# data as a hash:
|
1908
2145
|
#
|
1909
2146
|
# {
|
2147
|
+
# key_policies: {
|
2148
|
+
# "PolicyName" => "KmsKeyPolicy",
|
2149
|
+
# },
|
1910
2150
|
# grants: [
|
1911
2151
|
# {
|
2152
|
+
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
2153
|
+
# grantee_principal: "GranteePrincipal", # required
|
2154
|
+
# retiring_principal: "RetiringPrincipal",
|
1912
2155
|
# constraints: {
|
1913
2156
|
# encryption_context_equals: {
|
1914
2157
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
@@ -1917,24 +2160,10 @@ module Aws::AccessAnalyzer
|
|
1917
2160
|
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1918
2161
|
# },
|
1919
2162
|
# },
|
1920
|
-
# grantee_principal: "GranteePrincipal", # required
|
1921
2163
|
# issuing_account: "IssuingAccount", # required
|
1922
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
1923
|
-
# retiring_principal: "RetiringPrincipal",
|
1924
2164
|
# },
|
1925
|
-
# ],
|
1926
|
-
#
|
1927
|
-
# "PolicyName" => "KmsKeyPolicy",
|
1928
|
-
# },
|
1929
|
-
# }
|
1930
|
-
#
|
1931
|
-
# @!attribute [rw] grants
|
1932
|
-
# A list of proposed grant configurations for the KMS key. If the
|
1933
|
-
# proposed grant configuration is for an existing key, the access
|
1934
|
-
# preview uses the proposed list of grant configurations in place of
|
1935
|
-
# the existing grants. Otherwise, the access preview uses the existing
|
1936
|
-
# grants for the key.
|
1937
|
-
# @return [Array<Types::KmsGrantConfiguration>]
|
2165
|
+
# ],
|
2166
|
+
# }
|
1938
2167
|
#
|
1939
2168
|
# @!attribute [rw] key_policies
|
1940
2169
|
# Resource policy configuration for the KMS key. The only valid value
|
@@ -1946,11 +2175,19 @@ module Aws::AccessAnalyzer
|
|
1946
2175
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
|
1947
2176
|
# @return [Hash<String,String>]
|
1948
2177
|
#
|
2178
|
+
# @!attribute [rw] grants
|
2179
|
+
# A list of proposed grant configurations for the KMS key. If the
|
2180
|
+
# proposed grant configuration is for an existing key, the access
|
2181
|
+
# preview uses the proposed list of grant configurations in place of
|
2182
|
+
# the existing grants. Otherwise, the access preview uses the existing
|
2183
|
+
# grants for the key.
|
2184
|
+
# @return [Array<Types::KmsGrantConfiguration>]
|
2185
|
+
#
|
1949
2186
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/KmsKeyConfiguration AWS API Documentation
|
1950
2187
|
#
|
1951
2188
|
class KmsKeyConfiguration < Struct.new(
|
1952
|
-
:
|
1953
|
-
:
|
2189
|
+
:key_policies,
|
2190
|
+
:grants)
|
1954
2191
|
SENSITIVE = []
|
1955
2192
|
include Aws::Structure
|
1956
2193
|
end
|
@@ -1963,14 +2200,14 @@ module Aws::AccessAnalyzer
|
|
1963
2200
|
# analyzer_arn: "AnalyzerArn", # required
|
1964
2201
|
# filter: {
|
1965
2202
|
# "String" => {
|
1966
|
-
# contains: ["String"],
|
1967
2203
|
# eq: ["String"],
|
1968
|
-
# exists: false,
|
1969
2204
|
# neq: ["String"],
|
2205
|
+
# contains: ["String"],
|
2206
|
+
# exists: false,
|
1970
2207
|
# },
|
1971
2208
|
# },
|
1972
|
-
# max_results: 1,
|
1973
2209
|
# next_token: "Token",
|
2210
|
+
# max_results: 1,
|
1974
2211
|
# }
|
1975
2212
|
#
|
1976
2213
|
# @!attribute [rw] access_preview_id
|
@@ -1989,22 +2226,22 @@ module Aws::AccessAnalyzer
|
|
1989
2226
|
# Criteria to filter the returned findings.
|
1990
2227
|
# @return [Hash<String,Types::Criterion>]
|
1991
2228
|
#
|
1992
|
-
# @!attribute [rw] max_results
|
1993
|
-
# The maximum number of results to return in the response.
|
1994
|
-
# @return [Integer]
|
1995
|
-
#
|
1996
2229
|
# @!attribute [rw] next_token
|
1997
2230
|
# A token used for pagination of results returned.
|
1998
2231
|
# @return [String]
|
1999
2232
|
#
|
2233
|
+
# @!attribute [rw] max_results
|
2234
|
+
# The maximum number of results to return in the response.
|
2235
|
+
# @return [Integer]
|
2236
|
+
#
|
2000
2237
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindingsRequest AWS API Documentation
|
2001
2238
|
#
|
2002
2239
|
class ListAccessPreviewFindingsRequest < Struct.new(
|
2003
2240
|
:access_preview_id,
|
2004
2241
|
:analyzer_arn,
|
2005
2242
|
:filter,
|
2006
|
-
:
|
2007
|
-
:
|
2243
|
+
:next_token,
|
2244
|
+
:max_results)
|
2008
2245
|
SENSITIVE = []
|
2009
2246
|
include Aws::Structure
|
2010
2247
|
end
|
@@ -2032,8 +2269,8 @@ module Aws::AccessAnalyzer
|
|
2032
2269
|
#
|
2033
2270
|
# {
|
2034
2271
|
# analyzer_arn: "AnalyzerArn", # required
|
2035
|
-
# max_results: 1,
|
2036
2272
|
# next_token: "Token",
|
2273
|
+
# max_results: 1,
|
2037
2274
|
# }
|
2038
2275
|
#
|
2039
2276
|
# @!attribute [rw] analyzer_arn
|
@@ -2044,20 +2281,20 @@ module Aws::AccessAnalyzer
|
|
2044
2281
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
2045
2282
|
# @return [String]
|
2046
2283
|
#
|
2047
|
-
# @!attribute [rw] max_results
|
2048
|
-
# The maximum number of results to return in the response.
|
2049
|
-
# @return [Integer]
|
2050
|
-
#
|
2051
2284
|
# @!attribute [rw] next_token
|
2052
2285
|
# A token used for pagination of results returned.
|
2053
2286
|
# @return [String]
|
2054
2287
|
#
|
2288
|
+
# @!attribute [rw] max_results
|
2289
|
+
# The maximum number of results to return in the response.
|
2290
|
+
# @return [Integer]
|
2291
|
+
#
|
2055
2292
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewsRequest AWS API Documentation
|
2056
2293
|
#
|
2057
2294
|
class ListAccessPreviewsRequest < Struct.new(
|
2058
2295
|
:analyzer_arn,
|
2059
|
-
:
|
2060
|
-
:
|
2296
|
+
:next_token,
|
2297
|
+
:max_results)
|
2061
2298
|
SENSITIVE = []
|
2062
2299
|
include Aws::Structure
|
2063
2300
|
end
|
@@ -2086,9 +2323,9 @@ module Aws::AccessAnalyzer
|
|
2086
2323
|
#
|
2087
2324
|
# {
|
2088
2325
|
# analyzer_arn: "AnalyzerArn", # required
|
2089
|
-
#
|
2326
|
+
# resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic
|
2090
2327
|
# next_token: "Token",
|
2091
|
-
#
|
2328
|
+
# max_results: 1,
|
2092
2329
|
# }
|
2093
2330
|
#
|
2094
2331
|
# @!attribute [rw] analyzer_arn
|
@@ -2100,25 +2337,25 @@ module Aws::AccessAnalyzer
|
|
2100
2337
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
2101
2338
|
# @return [String]
|
2102
2339
|
#
|
2103
|
-
# @!attribute [rw]
|
2104
|
-
# The
|
2105
|
-
# @return [
|
2340
|
+
# @!attribute [rw] resource_type
|
2341
|
+
# The type of resource.
|
2342
|
+
# @return [String]
|
2106
2343
|
#
|
2107
2344
|
# @!attribute [rw] next_token
|
2108
2345
|
# A token used for pagination of results returned.
|
2109
2346
|
# @return [String]
|
2110
2347
|
#
|
2111
|
-
# @!attribute [rw]
|
2112
|
-
# The
|
2113
|
-
# @return [
|
2348
|
+
# @!attribute [rw] max_results
|
2349
|
+
# The maximum number of results to return in the response.
|
2350
|
+
# @return [Integer]
|
2114
2351
|
#
|
2115
2352
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResourcesRequest AWS API Documentation
|
2116
2353
|
#
|
2117
2354
|
class ListAnalyzedResourcesRequest < Struct.new(
|
2118
2355
|
:analyzer_arn,
|
2119
|
-
:
|
2356
|
+
:resource_type,
|
2120
2357
|
:next_token,
|
2121
|
-
:
|
2358
|
+
:max_results)
|
2122
2359
|
SENSITIVE = []
|
2123
2360
|
include Aws::Structure
|
2124
2361
|
end
|
@@ -2148,19 +2385,19 @@ module Aws::AccessAnalyzer
|
|
2148
2385
|
# data as a hash:
|
2149
2386
|
#
|
2150
2387
|
# {
|
2151
|
-
# max_results: 1,
|
2152
2388
|
# next_token: "Token",
|
2389
|
+
# max_results: 1,
|
2153
2390
|
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
|
2154
2391
|
# }
|
2155
2392
|
#
|
2156
|
-
# @!attribute [rw] max_results
|
2157
|
-
# The maximum number of results to return in the response.
|
2158
|
-
# @return [Integer]
|
2159
|
-
#
|
2160
2393
|
# @!attribute [rw] next_token
|
2161
2394
|
# A token used for pagination of results returned.
|
2162
2395
|
# @return [String]
|
2163
2396
|
#
|
2397
|
+
# @!attribute [rw] max_results
|
2398
|
+
# The maximum number of results to return in the response.
|
2399
|
+
# @return [Integer]
|
2400
|
+
#
|
2164
2401
|
# @!attribute [rw] type
|
2165
2402
|
# The type of analyzer.
|
2166
2403
|
# @return [String]
|
@@ -2168,8 +2405,8 @@ module Aws::AccessAnalyzer
|
|
2168
2405
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzersRequest AWS API Documentation
|
2169
2406
|
#
|
2170
2407
|
class ListAnalyzersRequest < Struct.new(
|
2171
|
-
:max_results,
|
2172
2408
|
:next_token,
|
2409
|
+
:max_results,
|
2173
2410
|
:type)
|
2174
2411
|
SENSITIVE = []
|
2175
2412
|
include Aws::Structure
|
@@ -2201,28 +2438,28 @@ module Aws::AccessAnalyzer
|
|
2201
2438
|
#
|
2202
2439
|
# {
|
2203
2440
|
# analyzer_name: "Name", # required
|
2204
|
-
# max_results: 1,
|
2205
2441
|
# next_token: "Token",
|
2442
|
+
# max_results: 1,
|
2206
2443
|
# }
|
2207
2444
|
#
|
2208
2445
|
# @!attribute [rw] analyzer_name
|
2209
2446
|
# The name of the analyzer to retrieve rules from.
|
2210
2447
|
# @return [String]
|
2211
2448
|
#
|
2212
|
-
# @!attribute [rw] max_results
|
2213
|
-
# The maximum number of results to return in the request.
|
2214
|
-
# @return [Integer]
|
2215
|
-
#
|
2216
2449
|
# @!attribute [rw] next_token
|
2217
2450
|
# A token used for pagination of results returned.
|
2218
2451
|
# @return [String]
|
2219
2452
|
#
|
2453
|
+
# @!attribute [rw] max_results
|
2454
|
+
# The maximum number of results to return in the request.
|
2455
|
+
# @return [Integer]
|
2456
|
+
#
|
2220
2457
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListArchiveRulesRequest AWS API Documentation
|
2221
2458
|
#
|
2222
2459
|
class ListArchiveRulesRequest < Struct.new(
|
2223
2460
|
:analyzer_name,
|
2224
|
-
:
|
2225
|
-
:
|
2461
|
+
:next_token,
|
2462
|
+
:max_results)
|
2226
2463
|
SENSITIVE = []
|
2227
2464
|
include Aws::Structure
|
2228
2465
|
end
|
@@ -2255,18 +2492,18 @@ module Aws::AccessAnalyzer
|
|
2255
2492
|
# analyzer_arn: "AnalyzerArn", # required
|
2256
2493
|
# filter: {
|
2257
2494
|
# "String" => {
|
2258
|
-
# contains: ["String"],
|
2259
2495
|
# eq: ["String"],
|
2260
|
-
# exists: false,
|
2261
2496
|
# neq: ["String"],
|
2497
|
+
# contains: ["String"],
|
2498
|
+
# exists: false,
|
2262
2499
|
# },
|
2263
2500
|
# },
|
2264
|
-
# max_results: 1,
|
2265
|
-
# next_token: "Token",
|
2266
2501
|
# sort: {
|
2267
2502
|
# attribute_name: "String",
|
2268
2503
|
# order_by: "ASC", # accepts ASC, DESC
|
2269
2504
|
# },
|
2505
|
+
# next_token: "Token",
|
2506
|
+
# max_results: 1,
|
2270
2507
|
# }
|
2271
2508
|
#
|
2272
2509
|
# @!attribute [rw] analyzer_arn
|
@@ -2281,26 +2518,26 @@ module Aws::AccessAnalyzer
|
|
2281
2518
|
# A filter to match for the findings to return.
|
2282
2519
|
# @return [Hash<String,Types::Criterion>]
|
2283
2520
|
#
|
2284
|
-
# @!attribute [rw]
|
2285
|
-
# The
|
2286
|
-
# @return [
|
2521
|
+
# @!attribute [rw] sort
|
2522
|
+
# The sort order for the findings returned.
|
2523
|
+
# @return [Types::SortCriteria]
|
2287
2524
|
#
|
2288
2525
|
# @!attribute [rw] next_token
|
2289
2526
|
# A token used for pagination of results returned.
|
2290
2527
|
# @return [String]
|
2291
2528
|
#
|
2292
|
-
# @!attribute [rw]
|
2293
|
-
# The
|
2294
|
-
# @return [
|
2529
|
+
# @!attribute [rw] max_results
|
2530
|
+
# The maximum number of results to return in the response.
|
2531
|
+
# @return [Integer]
|
2295
2532
|
#
|
2296
2533
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindingsRequest AWS API Documentation
|
2297
2534
|
#
|
2298
2535
|
class ListFindingsRequest < Struct.new(
|
2299
2536
|
:analyzer_arn,
|
2300
2537
|
:filter,
|
2301
|
-
:
|
2538
|
+
:sort,
|
2302
2539
|
:next_token,
|
2303
|
-
:
|
2540
|
+
:max_results)
|
2304
2541
|
SENSITIVE = []
|
2305
2542
|
include Aws::Structure
|
2306
2543
|
end
|
@@ -2329,11 +2566,17 @@ module Aws::AccessAnalyzer
|
|
2329
2566
|
# data as a hash:
|
2330
2567
|
#
|
2331
2568
|
# {
|
2569
|
+
# principal_arn: "PrincipalArn",
|
2332
2570
|
# max_results: 1,
|
2333
2571
|
# next_token: "Token",
|
2334
|
-
# principal_arn: "PrincipalArn",
|
2335
2572
|
# }
|
2336
2573
|
#
|
2574
|
+
# @!attribute [rw] principal_arn
|
2575
|
+
# The ARN of the IAM entity (user or role) for which you are
|
2576
|
+
# generating a policy. Use this with `ListGeneratedPolicies` to filter
|
2577
|
+
# the results to only include results for a specific principal.
|
2578
|
+
# @return [String]
|
2579
|
+
#
|
2337
2580
|
# @!attribute [rw] max_results
|
2338
2581
|
# The maximum number of results to return in the response.
|
2339
2582
|
# @return [Integer]
|
@@ -2342,36 +2585,30 @@ module Aws::AccessAnalyzer
|
|
2342
2585
|
# A token used for pagination of results returned.
|
2343
2586
|
# @return [String]
|
2344
2587
|
#
|
2345
|
-
# @!attribute [rw] principal_arn
|
2346
|
-
# The ARN of the IAM entity (user or role) for which you are
|
2347
|
-
# generating a policy. Use this with `ListGeneratedPolicies` to filter
|
2348
|
-
# the results to only include results for a specific principal.
|
2349
|
-
# @return [String]
|
2350
|
-
#
|
2351
2588
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerationsRequest AWS API Documentation
|
2352
2589
|
#
|
2353
2590
|
class ListPolicyGenerationsRequest < Struct.new(
|
2591
|
+
:principal_arn,
|
2354
2592
|
:max_results,
|
2355
|
-
:next_token
|
2356
|
-
:principal_arn)
|
2593
|
+
:next_token)
|
2357
2594
|
SENSITIVE = []
|
2358
2595
|
include Aws::Structure
|
2359
2596
|
end
|
2360
2597
|
|
2361
|
-
# @!attribute [rw] next_token
|
2362
|
-
# A token used for pagination of results returned.
|
2363
|
-
# @return [String]
|
2364
|
-
#
|
2365
2598
|
# @!attribute [rw] policy_generations
|
2366
2599
|
# A `PolicyGeneration` object that contains details about the
|
2367
2600
|
# generated policy.
|
2368
2601
|
# @return [Array<Types::PolicyGeneration>]
|
2369
2602
|
#
|
2603
|
+
# @!attribute [rw] next_token
|
2604
|
+
# A token used for pagination of results returned.
|
2605
|
+
# @return [String]
|
2606
|
+
#
|
2370
2607
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListPolicyGenerationsResponse AWS API Documentation
|
2371
2608
|
#
|
2372
2609
|
class ListPolicyGenerationsResponse < Struct.new(
|
2373
|
-
:
|
2374
|
-
:
|
2610
|
+
:policy_generations,
|
2611
|
+
:next_token)
|
2375
2612
|
SENSITIVE = []
|
2376
2613
|
include Aws::Structure
|
2377
2614
|
end
|
@@ -2447,11 +2684,6 @@ module Aws::AccessAnalyzer
|
|
2447
2684
|
#
|
2448
2685
|
# @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
|
2449
2686
|
#
|
2450
|
-
# @!attribute [rw] internet_configuration
|
2451
|
-
# The configuration for the Amazon S3 access point or multi-region
|
2452
|
-
# access point with an `Internet` origin.
|
2453
|
-
# @return [Types::InternetConfiguration]
|
2454
|
-
#
|
2455
2687
|
# @!attribute [rw] vpc_configuration
|
2456
2688
|
# The proposed virtual private cloud (VPC) configuration for the
|
2457
2689
|
# Amazon S3 access point. VPC configuration does not apply to
|
@@ -2463,18 +2695,23 @@ module Aws::AccessAnalyzer
|
|
2463
2695
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html
|
2464
2696
|
# @return [Types::VpcConfiguration]
|
2465
2697
|
#
|
2698
|
+
# @!attribute [rw] internet_configuration
|
2699
|
+
# The configuration for the Amazon S3 access point or multi-region
|
2700
|
+
# access point with an `Internet` origin.
|
2701
|
+
# @return [Types::InternetConfiguration]
|
2702
|
+
#
|
2466
2703
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/NetworkOriginConfiguration AWS API Documentation
|
2467
2704
|
#
|
2468
2705
|
class NetworkOriginConfiguration < Struct.new(
|
2469
|
-
:internet_configuration,
|
2470
2706
|
:vpc_configuration,
|
2707
|
+
:internet_configuration,
|
2471
2708
|
:unknown)
|
2472
2709
|
SENSITIVE = []
|
2473
2710
|
include Aws::Structure
|
2474
2711
|
include Aws::Structure::Union
|
2475
2712
|
|
2476
|
-
class InternetConfiguration < NetworkOriginConfiguration; end
|
2477
2713
|
class VpcConfiguration < NetworkOriginConfiguration; end
|
2714
|
+
class InternetConfiguration < NetworkOriginConfiguration; end
|
2478
2715
|
class Unknown < NetworkOriginConfiguration; end
|
2479
2716
|
end
|
2480
2717
|
|
@@ -2520,10 +2757,6 @@ module Aws::AccessAnalyzer
|
|
2520
2757
|
|
2521
2758
|
# Contains details about the policy generation status and properties.
|
2522
2759
|
#
|
2523
|
-
# @!attribute [rw] completed_on
|
2524
|
-
# A timestamp of when the policy generation was completed.
|
2525
|
-
# @return [Time]
|
2526
|
-
#
|
2527
2760
|
# @!attribute [rw] job_id
|
2528
2761
|
# The `JobId` that is returned by the `StartPolicyGeneration`
|
2529
2762
|
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
@@ -2536,22 +2769,26 @@ module Aws::AccessAnalyzer
|
|
2536
2769
|
# generating a policy.
|
2537
2770
|
# @return [String]
|
2538
2771
|
#
|
2772
|
+
# @!attribute [rw] status
|
2773
|
+
# The status of the policy generation request.
|
2774
|
+
# @return [String]
|
2775
|
+
#
|
2539
2776
|
# @!attribute [rw] started_on
|
2540
2777
|
# A timestamp of when the policy generation started.
|
2541
2778
|
# @return [Time]
|
2542
2779
|
#
|
2543
|
-
# @!attribute [rw]
|
2544
|
-
#
|
2545
|
-
# @return [
|
2780
|
+
# @!attribute [rw] completed_on
|
2781
|
+
# A timestamp of when the policy generation was completed.
|
2782
|
+
# @return [Time]
|
2546
2783
|
#
|
2547
2784
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/PolicyGeneration AWS API Documentation
|
2548
2785
|
#
|
2549
2786
|
class PolicyGeneration < Struct.new(
|
2550
|
-
:completed_on,
|
2551
2787
|
:job_id,
|
2552
2788
|
:principal_arn,
|
2789
|
+
:status,
|
2553
2790
|
:started_on,
|
2554
|
-
:
|
2791
|
+
:completed_on)
|
2555
2792
|
SENSITIVE = []
|
2556
2793
|
include Aws::Structure
|
2557
2794
|
end
|
@@ -2581,14 +2818,14 @@ module Aws::AccessAnalyzer
|
|
2581
2818
|
|
2582
2819
|
# A position in a policy.
|
2583
2820
|
#
|
2584
|
-
# @!attribute [rw] column
|
2585
|
-
# The column of the position, starting from 0.
|
2586
|
-
# @return [Integer]
|
2587
|
-
#
|
2588
2821
|
# @!attribute [rw] line
|
2589
2822
|
# The line of the position, starting from 1.
|
2590
2823
|
# @return [Integer]
|
2591
2824
|
#
|
2825
|
+
# @!attribute [rw] column
|
2826
|
+
# The column of the position, starting from 0.
|
2827
|
+
# @return [Integer]
|
2828
|
+
#
|
2592
2829
|
# @!attribute [rw] offset
|
2593
2830
|
# The offset within the policy that corresponds to the position,
|
2594
2831
|
# starting from 0.
|
@@ -2597,13 +2834,203 @@ module Aws::AccessAnalyzer
|
|
2597
2834
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Position AWS API Documentation
|
2598
2835
|
#
|
2599
2836
|
class Position < Struct.new(
|
2600
|
-
:column,
|
2601
2837
|
:line,
|
2838
|
+
:column,
|
2602
2839
|
:offset)
|
2603
2840
|
SENSITIVE = []
|
2604
2841
|
include Aws::Structure
|
2605
2842
|
end
|
2606
2843
|
|
2844
|
+
# The values for a manual Amazon RDS DB cluster snapshot attribute.
|
2845
|
+
#
|
2846
|
+
# @note RdsDbClusterSnapshotAttributeValue is a union - when making an API calls you must set exactly one of the members.
|
2847
|
+
#
|
2848
|
+
# @note RdsDbClusterSnapshotAttributeValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of RdsDbClusterSnapshotAttributeValue corresponding to the set member.
|
2849
|
+
#
|
2850
|
+
# @!attribute [rw] account_ids
|
2851
|
+
# The Amazon Web Services account IDs that have access to the manual
|
2852
|
+
# Amazon RDS DB cluster snapshot. If the value `all` is specified,
|
2853
|
+
# then the Amazon RDS DB cluster snapshot is public and can be copied
|
2854
|
+
# or restored by all Amazon Web Services accounts.
|
2855
|
+
#
|
2856
|
+
# * If the configuration is for an existing Amazon RDS DB cluster
|
2857
|
+
# snapshot and you do not specify the `accountIds` in
|
2858
|
+
# `RdsDbClusterSnapshotAttributeValue`, then the access preview uses
|
2859
|
+
# the existing shared `accountIds` for the snapshot.
|
2860
|
+
#
|
2861
|
+
# * If the access preview is for a new resource and you do not specify
|
2862
|
+
# the specify the `accountIds` in
|
2863
|
+
# `RdsDbClusterSnapshotAttributeValue`, then the access preview
|
2864
|
+
# considers the snapshot without any attributes.
|
2865
|
+
#
|
2866
|
+
# * To propose deletion of existing shared `accountIds`, you can
|
2867
|
+
# specify an empty list for `accountIds` in the
|
2868
|
+
# `RdsDbClusterSnapshotAttributeValue`.
|
2869
|
+
# @return [Array<String>]
|
2870
|
+
#
|
2871
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbClusterSnapshotAttributeValue AWS API Documentation
|
2872
|
+
#
|
2873
|
+
class RdsDbClusterSnapshotAttributeValue < Struct.new(
|
2874
|
+
:account_ids,
|
2875
|
+
:unknown)
|
2876
|
+
SENSITIVE = []
|
2877
|
+
include Aws::Structure
|
2878
|
+
include Aws::Structure::Union
|
2879
|
+
|
2880
|
+
class AccountIds < RdsDbClusterSnapshotAttributeValue; end
|
2881
|
+
class Unknown < RdsDbClusterSnapshotAttributeValue; end
|
2882
|
+
end
|
2883
|
+
|
2884
|
+
# The proposed access control configuration for an Amazon RDS DB cluster
|
2885
|
+
# snapshot. You can propose a configuration for a new Amazon RDS DB
|
2886
|
+
# cluster snapshot or an Amazon RDS DB cluster snapshot that you own by
|
2887
|
+
# specifying the `RdsDbClusterSnapshotAttributeValue` and optional KMS
|
2888
|
+
# encryption key. For more information, see
|
2889
|
+
# [ModifyDBClusterSnapshotAttribute][1].
|
2890
|
+
#
|
2891
|
+
#
|
2892
|
+
#
|
2893
|
+
# [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html
|
2894
|
+
#
|
2895
|
+
# @note When making an API call, you may pass RdsDbClusterSnapshotConfiguration
|
2896
|
+
# data as a hash:
|
2897
|
+
#
|
2898
|
+
# {
|
2899
|
+
# attributes: {
|
2900
|
+
# "RdsDbClusterSnapshotAttributeName" => {
|
2901
|
+
# account_ids: ["RdsDbClusterSnapshotAccountId"],
|
2902
|
+
# },
|
2903
|
+
# },
|
2904
|
+
# kms_key_id: "RdsDbClusterSnapshotKmsKeyId",
|
2905
|
+
# }
|
2906
|
+
#
|
2907
|
+
# @!attribute [rw] attributes
|
2908
|
+
# The names and values of manual DB cluster snapshot attributes.
|
2909
|
+
# Manual DB cluster snapshot attributes are used to authorize other
|
2910
|
+
# Amazon Web Services accounts to restore a manual DB cluster
|
2911
|
+
# snapshot. The only valid value for `AttributeName` for the attribute
|
2912
|
+
# map is `restore`
|
2913
|
+
# @return [Hash<String,Types::RdsDbClusterSnapshotAttributeValue>]
|
2914
|
+
#
|
2915
|
+
# @!attribute [rw] kms_key_id
|
2916
|
+
# The KMS key identifier for an encrypted Amazon RDS DB cluster
|
2917
|
+
# snapshot. The KMS key identifier is the key ARN, key ID, alias ARN,
|
2918
|
+
# or alias name for the KMS key.
|
2919
|
+
#
|
2920
|
+
# * If the configuration is for an existing Amazon RDS DB cluster
|
2921
|
+
# snapshot and you do not specify the `kmsKeyId`, or you specify an
|
2922
|
+
# empty string, then the access preview uses the existing `kmsKeyId`
|
2923
|
+
# of the snapshot.
|
2924
|
+
#
|
2925
|
+
# * If the access preview is for a new resource and you do not specify
|
2926
|
+
# the specify the `kmsKeyId`, then the access preview considers the
|
2927
|
+
# snapshot as unencrypted.
|
2928
|
+
# @return [String]
|
2929
|
+
#
|
2930
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbClusterSnapshotConfiguration AWS API Documentation
|
2931
|
+
#
|
2932
|
+
class RdsDbClusterSnapshotConfiguration < Struct.new(
|
2933
|
+
:attributes,
|
2934
|
+
:kms_key_id)
|
2935
|
+
SENSITIVE = []
|
2936
|
+
include Aws::Structure
|
2937
|
+
end
|
2938
|
+
|
2939
|
+
# The name and values of a manual Amazon RDS DB snapshot attribute.
|
2940
|
+
# Manual DB snapshot attributes are used to authorize other Amazon Web
|
2941
|
+
# Services accounts to restore a manual DB snapshot.
|
2942
|
+
#
|
2943
|
+
# @note RdsDbSnapshotAttributeValue is a union - when making an API calls you must set exactly one of the members.
|
2944
|
+
#
|
2945
|
+
# @note RdsDbSnapshotAttributeValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of RdsDbSnapshotAttributeValue corresponding to the set member.
|
2946
|
+
#
|
2947
|
+
# @!attribute [rw] account_ids
|
2948
|
+
# The Amazon Web Services account IDs that have access to the manual
|
2949
|
+
# Amazon RDS DB snapshot. If the value `all` is specified, then the
|
2950
|
+
# Amazon RDS DB snapshot is public and can be copied or restored by
|
2951
|
+
# all Amazon Web Services accounts.
|
2952
|
+
#
|
2953
|
+
# * If the configuration is for an existing Amazon RDS DB snapshot and
|
2954
|
+
# you do not specify the `accountIds` in
|
2955
|
+
# `RdsDbSnapshotAttributeValue`, then the access preview uses the
|
2956
|
+
# existing shared `accountIds` for the snapshot.
|
2957
|
+
#
|
2958
|
+
# * If the access preview is for a new resource and you do not specify
|
2959
|
+
# the specify the `accountIds` in `RdsDbSnapshotAttributeValue`,
|
2960
|
+
# then the access preview considers the snapshot without any
|
2961
|
+
# attributes.
|
2962
|
+
#
|
2963
|
+
# * To propose deletion of an existing shared `accountIds`, you can
|
2964
|
+
# specify an empty list for `accountIds` in the
|
2965
|
+
# `RdsDbSnapshotAttributeValue`.
|
2966
|
+
# @return [Array<String>]
|
2967
|
+
#
|
2968
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbSnapshotAttributeValue AWS API Documentation
|
2969
|
+
#
|
2970
|
+
class RdsDbSnapshotAttributeValue < Struct.new(
|
2971
|
+
:account_ids,
|
2972
|
+
:unknown)
|
2973
|
+
SENSITIVE = []
|
2974
|
+
include Aws::Structure
|
2975
|
+
include Aws::Structure::Union
|
2976
|
+
|
2977
|
+
class AccountIds < RdsDbSnapshotAttributeValue; end
|
2978
|
+
class Unknown < RdsDbSnapshotAttributeValue; end
|
2979
|
+
end
|
2980
|
+
|
2981
|
+
# The proposed access control configuration for an Amazon RDS DB
|
2982
|
+
# snapshot. You can propose a configuration for a new Amazon RDS DB
|
2983
|
+
# snapshot or an Amazon RDS DB snapshot that you own by specifying the
|
2984
|
+
# `RdsDbSnapshotAttributeValue` and optional KMS encryption key. For
|
2985
|
+
# more information, see [ModifyDBSnapshotAttribute][1].
|
2986
|
+
#
|
2987
|
+
#
|
2988
|
+
#
|
2989
|
+
# [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html
|
2990
|
+
#
|
2991
|
+
# @note When making an API call, you may pass RdsDbSnapshotConfiguration
|
2992
|
+
# data as a hash:
|
2993
|
+
#
|
2994
|
+
# {
|
2995
|
+
# attributes: {
|
2996
|
+
# "RdsDbSnapshotAttributeName" => {
|
2997
|
+
# account_ids: ["RdsDbSnapshotAccountId"],
|
2998
|
+
# },
|
2999
|
+
# },
|
3000
|
+
# kms_key_id: "RdsDbSnapshotKmsKeyId",
|
3001
|
+
# }
|
3002
|
+
#
|
3003
|
+
# @!attribute [rw] attributes
|
3004
|
+
# The names and values of manual DB snapshot attributes. Manual DB
|
3005
|
+
# snapshot attributes are used to authorize other Amazon Web Services
|
3006
|
+
# accounts to restore a manual DB snapshot. The only valid value for
|
3007
|
+
# `attributeName` for the attribute map is restore.
|
3008
|
+
# @return [Hash<String,Types::RdsDbSnapshotAttributeValue>]
|
3009
|
+
#
|
3010
|
+
# @!attribute [rw] kms_key_id
|
3011
|
+
# The KMS key identifier for an encrypted Amazon RDS DB snapshot. The
|
3012
|
+
# KMS key identifier is the key ARN, key ID, alias ARN, or alias name
|
3013
|
+
# for the KMS key.
|
3014
|
+
#
|
3015
|
+
# * If the configuration is for an existing Amazon RDS DB snapshot and
|
3016
|
+
# you do not specify the `kmsKeyId`, or you specify an empty string,
|
3017
|
+
# then the access preview uses the existing `kmsKeyId` of the
|
3018
|
+
# snapshot.
|
3019
|
+
#
|
3020
|
+
# * If the access preview is for a new resource and you do not specify
|
3021
|
+
# the specify the `kmsKeyId`, then the access preview considers the
|
3022
|
+
# snapshot as unencrypted.
|
3023
|
+
# @return [String]
|
3024
|
+
#
|
3025
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbSnapshotConfiguration AWS API Documentation
|
3026
|
+
#
|
3027
|
+
class RdsDbSnapshotConfiguration < Struct.new(
|
3028
|
+
:attributes,
|
3029
|
+
:kms_key_id)
|
3030
|
+
SENSITIVE = []
|
3031
|
+
include Aws::Structure
|
3032
|
+
end
|
3033
|
+
|
2607
3034
|
# The specified resource could not be found.
|
2608
3035
|
#
|
2609
3036
|
# @!attribute [rw] message
|
@@ -2640,7 +3067,7 @@ module Aws::AccessAnalyzer
|
|
2640
3067
|
#
|
2641
3068
|
#
|
2642
3069
|
#
|
2643
|
-
# [1]: https://docs.aws.amazon.com/
|
3070
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
|
2644
3071
|
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html
|
2645
3072
|
#
|
2646
3073
|
# @note When making an API call, you may pass S3AccessPointConfiguration
|
@@ -2648,23 +3075,28 @@ module Aws::AccessAnalyzer
|
|
2648
3075
|
#
|
2649
3076
|
# {
|
2650
3077
|
# access_point_policy: "AccessPointPolicy",
|
3078
|
+
# public_access_block: {
|
3079
|
+
# ignore_public_acls: false, # required
|
3080
|
+
# restrict_public_buckets: false, # required
|
3081
|
+
# },
|
2651
3082
|
# network_origin: {
|
2652
|
-
# internet_configuration: {
|
2653
|
-
# },
|
2654
3083
|
# vpc_configuration: {
|
2655
3084
|
# vpc_id: "VpcId", # required
|
2656
3085
|
# },
|
3086
|
+
# internet_configuration: {
|
3087
|
+
# },
|
2657
3088
|
# },
|
2658
|
-
# public_access_block: {
|
2659
|
-
# ignore_public_acls: false, # required
|
2660
|
-
# restrict_public_buckets: false, # required
|
2661
|
-
# },
|
2662
3089
|
# }
|
2663
3090
|
#
|
2664
3091
|
# @!attribute [rw] access_point_policy
|
2665
3092
|
# The access point or multi-region access point policy.
|
2666
3093
|
# @return [String]
|
2667
3094
|
#
|
3095
|
+
# @!attribute [rw] public_access_block
|
3096
|
+
# The proposed `S3PublicAccessBlock` configuration to apply to this
|
3097
|
+
# Amazon S3 access point or multi-region access point.
|
3098
|
+
# @return [Types::S3PublicAccessBlockConfiguration]
|
3099
|
+
#
|
2668
3100
|
# @!attribute [rw] network_origin
|
2669
3101
|
# The proposed `Internet` and `VpcConfiguration` to apply to this
|
2670
3102
|
# Amazon S3 access point. `VpcConfiguration` does not apply to
|
@@ -2675,17 +3107,12 @@ module Aws::AccessAnalyzer
|
|
2675
3107
|
# the exiting network origin.
|
2676
3108
|
# @return [Types::NetworkOriginConfiguration]
|
2677
3109
|
#
|
2678
|
-
# @!attribute [rw] public_access_block
|
2679
|
-
# The proposed `S3PublicAccessBlock` configuration to apply to this
|
2680
|
-
# Amazon S3 access point or multi-region access point.
|
2681
|
-
# @return [Types::S3PublicAccessBlockConfiguration]
|
2682
|
-
#
|
2683
3110
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3AccessPointConfiguration AWS API Documentation
|
2684
3111
|
#
|
2685
3112
|
class S3AccessPointConfiguration < Struct.new(
|
2686
3113
|
:access_point_policy,
|
2687
|
-
:
|
2688
|
-
:
|
3114
|
+
:public_access_block,
|
3115
|
+
:network_origin)
|
2689
3116
|
SENSITIVE = []
|
2690
3117
|
include Aws::Structure
|
2691
3118
|
end
|
@@ -2701,26 +3128,26 @@ module Aws::AccessAnalyzer
|
|
2701
3128
|
# data as a hash:
|
2702
3129
|
#
|
2703
3130
|
# {
|
3131
|
+
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
2704
3132
|
# grantee: { # required
|
2705
3133
|
# id: "AclCanonicalId",
|
2706
3134
|
# uri: "AclUri",
|
2707
3135
|
# },
|
2708
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
2709
3136
|
# }
|
2710
3137
|
#
|
2711
|
-
# @!attribute [rw] grantee
|
2712
|
-
# The grantee to whom you’re assigning access rights.
|
2713
|
-
# @return [Types::AclGrantee]
|
2714
|
-
#
|
2715
3138
|
# @!attribute [rw] permission
|
2716
3139
|
# The permissions being granted.
|
2717
3140
|
# @return [String]
|
2718
3141
|
#
|
3142
|
+
# @!attribute [rw] grantee
|
3143
|
+
# The grantee to whom you’re assigning access rights.
|
3144
|
+
# @return [Types::AclGrantee]
|
3145
|
+
#
|
2719
3146
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3BucketAclGrantConfiguration AWS API Documentation
|
2720
3147
|
#
|
2721
3148
|
class S3BucketAclGrantConfiguration < Struct.new(
|
2722
|
-
:
|
2723
|
-
:
|
3149
|
+
:permission,
|
3150
|
+
:grantee)
|
2724
3151
|
SENSITIVE = []
|
2725
3152
|
include Aws::Structure
|
2726
3153
|
end
|
@@ -2747,43 +3174,41 @@ module Aws::AccessAnalyzer
|
|
2747
3174
|
# data as a hash:
|
2748
3175
|
#
|
2749
3176
|
# {
|
2750
|
-
#
|
2751
|
-
# "AccessPointArn" => {
|
2752
|
-
# access_point_policy: "AccessPointPolicy",
|
2753
|
-
# network_origin: {
|
2754
|
-
# internet_configuration: {
|
2755
|
-
# },
|
2756
|
-
# vpc_configuration: {
|
2757
|
-
# vpc_id: "VpcId", # required
|
2758
|
-
# },
|
2759
|
-
# },
|
2760
|
-
# public_access_block: {
|
2761
|
-
# ignore_public_acls: false, # required
|
2762
|
-
# restrict_public_buckets: false, # required
|
2763
|
-
# },
|
2764
|
-
# },
|
2765
|
-
# },
|
3177
|
+
# bucket_policy: "S3BucketPolicy",
|
2766
3178
|
# bucket_acl_grants: [
|
2767
3179
|
# {
|
3180
|
+
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
2768
3181
|
# grantee: { # required
|
2769
3182
|
# id: "AclCanonicalId",
|
2770
3183
|
# uri: "AclUri",
|
2771
3184
|
# },
|
2772
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
2773
3185
|
# },
|
2774
3186
|
# ],
|
2775
|
-
# bucket_policy: "S3BucketPolicy",
|
2776
3187
|
# bucket_public_access_block: {
|
2777
3188
|
# ignore_public_acls: false, # required
|
2778
3189
|
# restrict_public_buckets: false, # required
|
2779
3190
|
# },
|
3191
|
+
# access_points: {
|
3192
|
+
# "AccessPointArn" => {
|
3193
|
+
# access_point_policy: "AccessPointPolicy",
|
3194
|
+
# public_access_block: {
|
3195
|
+
# ignore_public_acls: false, # required
|
3196
|
+
# restrict_public_buckets: false, # required
|
3197
|
+
# },
|
3198
|
+
# network_origin: {
|
3199
|
+
# vpc_configuration: {
|
3200
|
+
# vpc_id: "VpcId", # required
|
3201
|
+
# },
|
3202
|
+
# internet_configuration: {
|
3203
|
+
# },
|
3204
|
+
# },
|
3205
|
+
# },
|
3206
|
+
# },
|
2780
3207
|
# }
|
2781
3208
|
#
|
2782
|
-
# @!attribute [rw]
|
2783
|
-
# The
|
2784
|
-
#
|
2785
|
-
# per bucket.
|
2786
|
-
# @return [Hash<String,Types::S3AccessPointConfiguration>]
|
3209
|
+
# @!attribute [rw] bucket_policy
|
3210
|
+
# The proposed bucket policy for the Amazon S3 bucket.
|
3211
|
+
# @return [String]
|
2787
3212
|
#
|
2788
3213
|
# @!attribute [rw] bucket_acl_grants
|
2789
3214
|
# The proposed list of ACL grants for the Amazon S3 bucket. You can
|
@@ -2794,22 +3219,24 @@ module Aws::AccessAnalyzer
|
|
2794
3219
|
# the bucket.
|
2795
3220
|
# @return [Array<Types::S3BucketAclGrantConfiguration>]
|
2796
3221
|
#
|
2797
|
-
# @!attribute [rw] bucket_policy
|
2798
|
-
# The proposed bucket policy for the Amazon S3 bucket.
|
2799
|
-
# @return [String]
|
2800
|
-
#
|
2801
3222
|
# @!attribute [rw] bucket_public_access_block
|
2802
3223
|
# The proposed block public access configuration for the Amazon S3
|
2803
3224
|
# bucket.
|
2804
3225
|
# @return [Types::S3PublicAccessBlockConfiguration]
|
2805
3226
|
#
|
3227
|
+
# @!attribute [rw] access_points
|
3228
|
+
# The configuration of Amazon S3 access points or multi-region access
|
3229
|
+
# points for the bucket. You can propose up to 10 new access points
|
3230
|
+
# per bucket.
|
3231
|
+
# @return [Hash<String,Types::S3AccessPointConfiguration>]
|
3232
|
+
#
|
2806
3233
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/S3BucketConfiguration AWS API Documentation
|
2807
3234
|
#
|
2808
3235
|
class S3BucketConfiguration < Struct.new(
|
2809
|
-
:access_points,
|
2810
|
-
:bucket_acl_grants,
|
2811
3236
|
:bucket_policy,
|
2812
|
-
:
|
3237
|
+
:bucket_acl_grants,
|
3238
|
+
:bucket_public_access_block,
|
3239
|
+
:access_points)
|
2813
3240
|
SENSITIVE = []
|
2814
3241
|
include Aws::Structure
|
2815
3242
|
end
|
@@ -2927,6 +3354,47 @@ module Aws::AccessAnalyzer
|
|
2927
3354
|
include Aws::Structure
|
2928
3355
|
end
|
2929
3356
|
|
3357
|
+
# The proposed access control configuration for an Amazon SNS topic. You
|
3358
|
+
# can propose a configuration for a new Amazon SNS topic or an existing
|
3359
|
+
# Amazon SNS topic that you own by specifying the policy. If the
|
3360
|
+
# configuration is for an existing Amazon SNS topic and you do not
|
3361
|
+
# specify the Amazon SNS policy, then the access preview uses the
|
3362
|
+
# existing Amazon SNS policy for the topic. If the access preview is for
|
3363
|
+
# a new resource and you do not specify the policy, then the access
|
3364
|
+
# preview assumes an Amazon SNS topic without a policy. To propose
|
3365
|
+
# deletion of an existing Amazon SNS topic policy, you can specify an
|
3366
|
+
# empty string for the Amazon SNS policy. For more information, see
|
3367
|
+
# [Topic][1].
|
3368
|
+
#
|
3369
|
+
#
|
3370
|
+
#
|
3371
|
+
# [1]: https://docs.aws.amazon.com/sns/latest/api/API_Topic.html
|
3372
|
+
#
|
3373
|
+
# @note When making an API call, you may pass SnsTopicConfiguration
|
3374
|
+
# data as a hash:
|
3375
|
+
#
|
3376
|
+
# {
|
3377
|
+
# topic_policy: "SnsTopicPolicy",
|
3378
|
+
# }
|
3379
|
+
#
|
3380
|
+
# @!attribute [rw] topic_policy
|
3381
|
+
# The JSON policy text that defines who can access an Amazon SNS
|
3382
|
+
# topic. For more information, see [Example cases for Amazon SNS
|
3383
|
+
# access control][1] in the *Amazon SNS Developer Guide*.
|
3384
|
+
#
|
3385
|
+
#
|
3386
|
+
#
|
3387
|
+
# [1]: https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html
|
3388
|
+
# @return [String]
|
3389
|
+
#
|
3390
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/SnsTopicConfiguration AWS API Documentation
|
3391
|
+
#
|
3392
|
+
class SnsTopicConfiguration < Struct.new(
|
3393
|
+
:topic_policy)
|
3394
|
+
SENSITIVE = []
|
3395
|
+
include Aws::Structure
|
3396
|
+
end
|
3397
|
+
|
2930
3398
|
# The criteria used to sort.
|
2931
3399
|
#
|
2932
3400
|
# @note When making an API call, you may pass SortCriteria
|
@@ -2957,19 +3425,19 @@ module Aws::AccessAnalyzer
|
|
2957
3425
|
# A span in a policy. The span consists of a start position (inclusive)
|
2958
3426
|
# and end position (exclusive).
|
2959
3427
|
#
|
2960
|
-
# @!attribute [rw] end
|
2961
|
-
# The end position of the span (exclusive).
|
2962
|
-
# @return [Types::Position]
|
2963
|
-
#
|
2964
3428
|
# @!attribute [rw] start
|
2965
3429
|
# The start position of the span (inclusive).
|
2966
3430
|
# @return [Types::Position]
|
2967
3431
|
#
|
3432
|
+
# @!attribute [rw] end
|
3433
|
+
# The end position of the span (exclusive).
|
3434
|
+
# @return [Types::Position]
|
3435
|
+
#
|
2968
3436
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Span AWS API Documentation
|
2969
3437
|
#
|
2970
3438
|
class Span < Struct.new(
|
2971
|
-
:
|
2972
|
-
:
|
3439
|
+
:start,
|
3440
|
+
:end)
|
2973
3441
|
SENSITIVE = []
|
2974
3442
|
include Aws::Structure
|
2975
3443
|
end
|
@@ -3013,24 +3481,34 @@ module Aws::AccessAnalyzer
|
|
3013
3481
|
# data as a hash:
|
3014
3482
|
#
|
3015
3483
|
# {
|
3016
|
-
#
|
3484
|
+
# policy_generation_details: { # required
|
3485
|
+
# principal_arn: "PrincipalArn", # required
|
3486
|
+
# },
|
3017
3487
|
# cloud_trail_details: {
|
3018
|
-
# access_role: "RoleArn", # required
|
3019
|
-
# end_time: Time.now,
|
3020
|
-
# start_time: Time.now, # required
|
3021
3488
|
# trails: [ # required
|
3022
3489
|
# {
|
3023
|
-
# all_regions: false,
|
3024
3490
|
# cloud_trail_arn: "CloudTrailArn", # required
|
3025
3491
|
# regions: ["String"],
|
3492
|
+
# all_regions: false,
|
3026
3493
|
# },
|
3027
3494
|
# ],
|
3495
|
+
# access_role: "RoleArn", # required
|
3496
|
+
# start_time: Time.now, # required
|
3497
|
+
# end_time: Time.now,
|
3028
3498
|
# },
|
3029
|
-
#
|
3030
|
-
# principal_arn: "PrincipalArn", # required
|
3031
|
-
# },
|
3499
|
+
# client_token: "String",
|
3032
3500
|
# }
|
3033
3501
|
#
|
3502
|
+
# @!attribute [rw] policy_generation_details
|
3503
|
+
# Contains the ARN of the IAM entity (user or role) for which you are
|
3504
|
+
# generating a policy.
|
3505
|
+
# @return [Types::PolicyGenerationDetails]
|
3506
|
+
#
|
3507
|
+
# @!attribute [rw] cloud_trail_details
|
3508
|
+
# A `CloudTrailDetails` object that contains details about a `Trail`
|
3509
|
+
# that you want to analyze to generate policies.
|
3510
|
+
# @return [Types::CloudTrailDetails]
|
3511
|
+
#
|
3034
3512
|
# @!attribute [rw] client_token
|
3035
3513
|
# A unique, case-sensitive identifier that you provide to ensure the
|
3036
3514
|
# idempotency of the request. Idempotency ensures that an API request
|
@@ -3046,22 +3524,12 @@ module Aws::AccessAnalyzer
|
|
3046
3524
|
# not need to pass this option.
|
3047
3525
|
# @return [String]
|
3048
3526
|
#
|
3049
|
-
# @!attribute [rw] cloud_trail_details
|
3050
|
-
# A `CloudTrailDetails` object that contains details about a `Trail`
|
3051
|
-
# that you want to analyze to generate policies.
|
3052
|
-
# @return [Types::CloudTrailDetails]
|
3053
|
-
#
|
3054
|
-
# @!attribute [rw] policy_generation_details
|
3055
|
-
# Contains the ARN of the IAM entity (user or role) for which you are
|
3056
|
-
# generating a policy.
|
3057
|
-
# @return [Types::PolicyGenerationDetails]
|
3058
|
-
#
|
3059
3527
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartPolicyGenerationRequest AWS API Documentation
|
3060
3528
|
#
|
3061
3529
|
class StartPolicyGenerationRequest < Struct.new(
|
3062
|
-
:
|
3530
|
+
:policy_generation_details,
|
3063
3531
|
:cloud_trail_details,
|
3064
|
-
:
|
3532
|
+
:client_token)
|
3065
3533
|
SENSITIVE = []
|
3066
3534
|
include Aws::Structure
|
3067
3535
|
end
|
@@ -3089,6 +3557,7 @@ module Aws::AccessAnalyzer
|
|
3089
3557
|
# {
|
3090
3558
|
# analyzer_arn: "AnalyzerArn", # required
|
3091
3559
|
# resource_arn: "ResourceArn", # required
|
3560
|
+
# resource_owner_account: "String",
|
3092
3561
|
# }
|
3093
3562
|
#
|
3094
3563
|
# @!attribute [rw] analyzer_arn
|
@@ -3104,11 +3573,18 @@ module Aws::AccessAnalyzer
|
|
3104
3573
|
# The ARN of the resource to scan.
|
3105
3574
|
# @return [String]
|
3106
3575
|
#
|
3576
|
+
# @!attribute [rw] resource_owner_account
|
3577
|
+
# The Amazon Web Services account ID that owns the resource. For most
|
3578
|
+
# Amazon Web Services resources, the owning account is the account in
|
3579
|
+
# which the resource was created.
|
3580
|
+
# @return [String]
|
3581
|
+
#
|
3107
3582
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartResourceScanRequest AWS API Documentation
|
3108
3583
|
#
|
3109
3584
|
class StartResourceScanRequest < Struct.new(
|
3110
3585
|
:analyzer_arn,
|
3111
|
-
:resource_arn
|
3586
|
+
:resource_arn,
|
3587
|
+
:resource_owner_account)
|
3112
3588
|
SENSITIVE = []
|
3113
3589
|
include Aws::Structure
|
3114
3590
|
end
|
@@ -3133,19 +3609,19 @@ module Aws::AccessAnalyzer
|
|
3133
3609
|
|
3134
3610
|
# A reference to a substring of a literal string in a JSON document.
|
3135
3611
|
#
|
3136
|
-
# @!attribute [rw] length
|
3137
|
-
# The length of the substring.
|
3138
|
-
# @return [Integer]
|
3139
|
-
#
|
3140
3612
|
# @!attribute [rw] start
|
3141
3613
|
# The start index of the substring, starting from 0.
|
3142
3614
|
# @return [Integer]
|
3143
3615
|
#
|
3616
|
+
# @!attribute [rw] length
|
3617
|
+
# The length of the substring.
|
3618
|
+
# @return [Integer]
|
3619
|
+
#
|
3144
3620
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Substring AWS API Documentation
|
3145
3621
|
#
|
3146
3622
|
class Substring < Struct.new(
|
3147
|
-
:
|
3148
|
-
:
|
3623
|
+
:start,
|
3624
|
+
:length)
|
3149
3625
|
SENSITIVE = []
|
3150
3626
|
include Aws::Structure
|
3151
3627
|
end
|
@@ -3210,17 +3686,11 @@ module Aws::AccessAnalyzer
|
|
3210
3686
|
# data as a hash:
|
3211
3687
|
#
|
3212
3688
|
# {
|
3213
|
-
# all_regions: false,
|
3214
3689
|
# cloud_trail_arn: "CloudTrailArn", # required
|
3215
3690
|
# regions: ["String"],
|
3691
|
+
# all_regions: false,
|
3216
3692
|
# }
|
3217
3693
|
#
|
3218
|
-
# @!attribute [rw] all_regions
|
3219
|
-
# Possible values are `true` or `false`. If set to `true`, IAM Access
|
3220
|
-
# Analyzer retrieves CloudTrail data from all regions to analyze and
|
3221
|
-
# generate a policy.
|
3222
|
-
# @return [Boolean]
|
3223
|
-
#
|
3224
3694
|
# @!attribute [rw] cloud_trail_arn
|
3225
3695
|
# Specifies the ARN of the trail. The format of a trail ARN is
|
3226
3696
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
|
@@ -3231,12 +3701,18 @@ module Aws::AccessAnalyzer
|
|
3231
3701
|
# generate a policy.
|
3232
3702
|
# @return [Array<String>]
|
3233
3703
|
#
|
3704
|
+
# @!attribute [rw] all_regions
|
3705
|
+
# Possible values are `true` or `false`. If set to `true`, IAM Access
|
3706
|
+
# Analyzer retrieves CloudTrail data from all regions to analyze and
|
3707
|
+
# generate a policy.
|
3708
|
+
# @return [Boolean]
|
3709
|
+
#
|
3234
3710
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Trail AWS API Documentation
|
3235
3711
|
#
|
3236
3712
|
class Trail < Struct.new(
|
3237
|
-
:all_regions,
|
3238
3713
|
:cloud_trail_arn,
|
3239
|
-
:regions
|
3714
|
+
:regions,
|
3715
|
+
:all_regions)
|
3240
3716
|
SENSITIVE = []
|
3241
3717
|
include Aws::Structure
|
3242
3718
|
end
|
@@ -3244,12 +3720,6 @@ module Aws::AccessAnalyzer
|
|
3244
3720
|
# Contains details about the CloudTrail trail being analyzed to generate
|
3245
3721
|
# a policy.
|
3246
3722
|
#
|
3247
|
-
# @!attribute [rw] all_regions
|
3248
|
-
# Possible values are `true` or `false`. If set to `true`, IAM Access
|
3249
|
-
# Analyzer retrieves CloudTrail data from all regions to analyze and
|
3250
|
-
# generate a policy.
|
3251
|
-
# @return [Boolean]
|
3252
|
-
#
|
3253
3723
|
# @!attribute [rw] cloud_trail_arn
|
3254
3724
|
# Specifies the ARN of the trail. The format of a trail ARN is
|
3255
3725
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
|
@@ -3260,12 +3730,18 @@ module Aws::AccessAnalyzer
|
|
3260
3730
|
# generate a policy.
|
3261
3731
|
# @return [Array<String>]
|
3262
3732
|
#
|
3733
|
+
# @!attribute [rw] all_regions
|
3734
|
+
# Possible values are `true` or `false`. If set to `true`, IAM Access
|
3735
|
+
# Analyzer retrieves CloudTrail data from all regions to analyze and
|
3736
|
+
# generate a policy.
|
3737
|
+
# @return [Boolean]
|
3738
|
+
#
|
3263
3739
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/TrailProperties AWS API Documentation
|
3264
3740
|
#
|
3265
3741
|
class TrailProperties < Struct.new(
|
3266
|
-
:all_regions,
|
3267
3742
|
:cloud_trail_arn,
|
3268
|
-
:regions
|
3743
|
+
:regions,
|
3744
|
+
:all_regions)
|
3269
3745
|
SENSITIVE = []
|
3270
3746
|
include Aws::Structure
|
3271
3747
|
end
|
@@ -3310,27 +3786,24 @@ module Aws::AccessAnalyzer
|
|
3310
3786
|
#
|
3311
3787
|
# {
|
3312
3788
|
# analyzer_name: "Name", # required
|
3313
|
-
#
|
3789
|
+
# rule_name: "Name", # required
|
3314
3790
|
# filter: { # required
|
3315
3791
|
# "String" => {
|
3316
|
-
# contains: ["String"],
|
3317
3792
|
# eq: ["String"],
|
3318
|
-
# exists: false,
|
3319
3793
|
# neq: ["String"],
|
3794
|
+
# contains: ["String"],
|
3795
|
+
# exists: false,
|
3320
3796
|
# },
|
3321
3797
|
# },
|
3322
|
-
#
|
3798
|
+
# client_token: "String",
|
3323
3799
|
# }
|
3324
3800
|
#
|
3325
3801
|
# @!attribute [rw] analyzer_name
|
3326
3802
|
# The name of the analyzer to update the archive rules for.
|
3327
3803
|
# @return [String]
|
3328
3804
|
#
|
3329
|
-
# @!attribute [rw]
|
3330
|
-
#
|
3331
|
-
#
|
3332
|
-
# **A suitable default value is auto-generated.** You should normally
|
3333
|
-
# not need to pass this option.
|
3805
|
+
# @!attribute [rw] rule_name
|
3806
|
+
# The name of the rule to update.
|
3334
3807
|
# @return [String]
|
3335
3808
|
#
|
3336
3809
|
# @!attribute [rw] filter
|
@@ -3338,17 +3811,20 @@ module Aws::AccessAnalyzer
|
|
3338
3811
|
# filter are updated.
|
3339
3812
|
# @return [Hash<String,Types::Criterion>]
|
3340
3813
|
#
|
3341
|
-
# @!attribute [rw]
|
3342
|
-
#
|
3814
|
+
# @!attribute [rw] client_token
|
3815
|
+
# A client token.
|
3816
|
+
#
|
3817
|
+
# **A suitable default value is auto-generated.** You should normally
|
3818
|
+
# not need to pass this option.
|
3343
3819
|
# @return [String]
|
3344
3820
|
#
|
3345
3821
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateArchiveRuleRequest AWS API Documentation
|
3346
3822
|
#
|
3347
3823
|
class UpdateArchiveRuleRequest < Struct.new(
|
3348
3824
|
:analyzer_name,
|
3349
|
-
:
|
3825
|
+
:rule_name,
|
3350
3826
|
:filter,
|
3351
|
-
:
|
3827
|
+
:client_token)
|
3352
3828
|
SENSITIVE = []
|
3353
3829
|
include Aws::Structure
|
3354
3830
|
end
|
@@ -3360,10 +3836,10 @@ module Aws::AccessAnalyzer
|
|
3360
3836
|
#
|
3361
3837
|
# {
|
3362
3838
|
# analyzer_arn: "AnalyzerArn", # required
|
3363
|
-
#
|
3839
|
+
# status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
|
3364
3840
|
# ids: ["FindingId"],
|
3365
3841
|
# resource_arn: "ResourceArn",
|
3366
|
-
#
|
3842
|
+
# client_token: "String",
|
3367
3843
|
# }
|
3368
3844
|
#
|
3369
3845
|
# @!attribute [rw] analyzer_arn
|
@@ -3374,11 +3850,11 @@ module Aws::AccessAnalyzer
|
|
3374
3850
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
3375
3851
|
# @return [String]
|
3376
3852
|
#
|
3377
|
-
# @!attribute [rw]
|
3378
|
-
#
|
3379
|
-
#
|
3380
|
-
#
|
3381
|
-
#
|
3853
|
+
# @!attribute [rw] status
|
3854
|
+
# The state represents the action to take to update the finding
|
3855
|
+
# Status. Use `ARCHIVE` to change an Active finding to an Archived
|
3856
|
+
# finding. Use `ACTIVE` to change an Archived finding to an Active
|
3857
|
+
# finding.
|
3382
3858
|
# @return [String]
|
3383
3859
|
#
|
3384
3860
|
# @!attribute [rw] ids
|
@@ -3389,21 +3865,21 @@ module Aws::AccessAnalyzer
|
|
3389
3865
|
# The ARN of the resource identified in the finding.
|
3390
3866
|
# @return [String]
|
3391
3867
|
#
|
3392
|
-
# @!attribute [rw]
|
3393
|
-
#
|
3394
|
-
#
|
3395
|
-
#
|
3396
|
-
#
|
3868
|
+
# @!attribute [rw] client_token
|
3869
|
+
# A client token.
|
3870
|
+
#
|
3871
|
+
# **A suitable default value is auto-generated.** You should normally
|
3872
|
+
# not need to pass this option.
|
3397
3873
|
# @return [String]
|
3398
3874
|
#
|
3399
3875
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateFindingsRequest AWS API Documentation
|
3400
3876
|
#
|
3401
3877
|
class UpdateFindingsRequest < Struct.new(
|
3402
3878
|
:analyzer_arn,
|
3403
|
-
:
|
3879
|
+
:status,
|
3404
3880
|
:ids,
|
3405
3881
|
:resource_arn,
|
3406
|
-
:
|
3882
|
+
:client_token)
|
3407
3883
|
SENSITIVE = []
|
3408
3884
|
include Aws::Structure
|
3409
3885
|
end
|
@@ -3467,7 +3943,7 @@ module Aws::AccessAnalyzer
|
|
3467
3943
|
# next_token: "Token",
|
3468
3944
|
# policy_document: "PolicyDocument", # required
|
3469
3945
|
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
|
3470
|
-
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
|
3946
|
+
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
|
3471
3947
|
# }
|
3472
3948
|
#
|
3473
3949
|
# @!attribute [rw] locale
|
@@ -3548,10 +4024,6 @@ module Aws::AccessAnalyzer
|
|
3548
4024
|
|
3549
4025
|
# Validation exception error.
|
3550
4026
|
#
|
3551
|
-
# @!attribute [rw] field_list
|
3552
|
-
# A list of fields that didn't validate.
|
3553
|
-
# @return [Array<Types::ValidationExceptionField>]
|
3554
|
-
#
|
3555
4027
|
# @!attribute [rw] message
|
3556
4028
|
# @return [String]
|
3557
4029
|
#
|
@@ -3559,31 +4031,35 @@ module Aws::AccessAnalyzer
|
|
3559
4031
|
# The reason for the exception.
|
3560
4032
|
# @return [String]
|
3561
4033
|
#
|
4034
|
+
# @!attribute [rw] field_list
|
4035
|
+
# A list of fields that didn't validate.
|
4036
|
+
# @return [Array<Types::ValidationExceptionField>]
|
4037
|
+
#
|
3562
4038
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidationException AWS API Documentation
|
3563
4039
|
#
|
3564
4040
|
class ValidationException < Struct.new(
|
3565
|
-
:field_list,
|
3566
4041
|
:message,
|
3567
|
-
:reason
|
4042
|
+
:reason,
|
4043
|
+
:field_list)
|
3568
4044
|
SENSITIVE = []
|
3569
4045
|
include Aws::Structure
|
3570
4046
|
end
|
3571
4047
|
|
3572
4048
|
# Contains information about a validation exception.
|
3573
4049
|
#
|
3574
|
-
# @!attribute [rw] message
|
3575
|
-
# A message about the validation exception.
|
3576
|
-
# @return [String]
|
3577
|
-
#
|
3578
4050
|
# @!attribute [rw] name
|
3579
4051
|
# The name of the validation exception.
|
3580
4052
|
# @return [String]
|
3581
4053
|
#
|
4054
|
+
# @!attribute [rw] message
|
4055
|
+
# A message about the validation exception.
|
4056
|
+
# @return [String]
|
4057
|
+
#
|
3582
4058
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidationExceptionField AWS API Documentation
|
3583
4059
|
#
|
3584
4060
|
class ValidationExceptionField < Struct.new(
|
3585
|
-
:
|
3586
|
-
:
|
4061
|
+
:name,
|
4062
|
+
:message)
|
3587
4063
|
SENSITIVE = []
|
3588
4064
|
include Aws::Structure
|
3589
4065
|
end
|