aws-sdk-accessanalyzer 1.30.0 → 1.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -625,14 +625,36 @@ module Aws::AccessAnalyzer
625
625
  #
626
626
  # @note Configuration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Configuration corresponding to the set member.
627
627
  #
628
+ # @!attribute [rw] ebs_snapshot
629
+ # The access control configuration is for an Amazon EBS volume
630
+ # snapshot.
631
+ # @return [Types::EbsSnapshotConfiguration]
632
+ #
633
+ # @!attribute [rw] ecr_repository
634
+ # The access control configuration is for an Amazon ECR repository.
635
+ # @return [Types::EcrRepositoryConfiguration]
636
+ #
628
637
  # @!attribute [rw] iam_role
629
638
  # The access control configuration is for an IAM role.
630
639
  # @return [Types::IamRoleConfiguration]
631
640
  #
641
+ # @!attribute [rw] efs_file_system
642
+ # The access control configuration is for an Amazon EFS file system.
643
+ # @return [Types::EfsFileSystemConfiguration]
644
+ #
632
645
  # @!attribute [rw] kms_key
633
646
  # The access control configuration is for a KMS key.
634
647
  # @return [Types::KmsKeyConfiguration]
635
648
  #
649
+ # @!attribute [rw] rds_db_cluster_snapshot
650
+ # The access control configuration is for an Amazon RDS DB cluster
651
+ # snapshot.
652
+ # @return [Types::RdsDbClusterSnapshotConfiguration]
653
+ #
654
+ # @!attribute [rw] rds_db_snapshot
655
+ # The access control configuration is for an Amazon RDS DB snapshot.
656
+ # @return [Types::RdsDbSnapshotConfiguration]
657
+ #
636
658
  # @!attribute [rw] secrets_manager_secret
637
659
  # The access control configuration is for a Secrets Manager secret.
638
660
  # @return [Types::SecretsManagerSecretConfiguration]
@@ -641,6 +663,10 @@ module Aws::AccessAnalyzer
641
663
  # The access control configuration is for an Amazon S3 Bucket.
642
664
  # @return [Types::S3BucketConfiguration]
643
665
  #
666
+ # @!attribute [rw] sns_topic
667
+ # The access control configuration is for an Amazon SNS topic
668
+ # @return [Types::SnsTopicConfiguration]
669
+ #
644
670
  # @!attribute [rw] sqs_queue
645
671
  # The access control configuration is for an Amazon SQS queue.
646
672
  # @return [Types::SqsQueueConfiguration]
@@ -648,20 +674,32 @@ module Aws::AccessAnalyzer
648
674
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Configuration AWS API Documentation
649
675
  #
650
676
  class Configuration < Struct.new(
677
+ :ebs_snapshot,
678
+ :ecr_repository,
651
679
  :iam_role,
680
+ :efs_file_system,
652
681
  :kms_key,
682
+ :rds_db_cluster_snapshot,
683
+ :rds_db_snapshot,
653
684
  :secrets_manager_secret,
654
685
  :s3_bucket,
686
+ :sns_topic,
655
687
  :sqs_queue,
656
688
  :unknown)
657
689
  SENSITIVE = []
658
690
  include Aws::Structure
659
691
  include Aws::Structure::Union
660
692
 
693
+ class EbsSnapshot < Configuration; end
694
+ class EcrRepository < Configuration; end
661
695
  class IamRole < Configuration; end
696
+ class EfsFileSystem < Configuration; end
662
697
  class KmsKey < Configuration; end
698
+ class RdsDbClusterSnapshot < Configuration; end
699
+ class RdsDbSnapshot < Configuration; end
663
700
  class SecretsManagerSecret < Configuration; end
664
701
  class S3Bucket < Configuration; end
702
+ class SnsTopic < Configuration; end
665
703
  class SqsQueue < Configuration; end
666
704
  class Unknown < Configuration; end
667
705
  end
@@ -696,9 +734,20 @@ module Aws::AccessAnalyzer
696
734
  # analyzer_arn: "AnalyzerArn", # required
697
735
  # configurations: { # required
698
736
  # "ConfigurationsMapKey" => {
737
+ # ebs_snapshot: {
738
+ # user_ids: ["EbsUserId"],
739
+ # groups: ["EbsGroup"],
740
+ # kms_key_id: "EbsSnapshotDataEncryptionKeyId",
741
+ # },
742
+ # ecr_repository: {
743
+ # repository_policy: "EcrRepositoryPolicy",
744
+ # },
699
745
  # iam_role: {
700
746
  # trust_policy: "IamTrustPolicy",
701
747
  # },
748
+ # efs_file_system: {
749
+ # file_system_policy: "EfsFileSystemPolicy",
750
+ # },
702
751
  # kms_key: {
703
752
  # key_policies: {
704
753
  # "PolicyName" => "KmsKeyPolicy",
@@ -720,6 +769,22 @@ module Aws::AccessAnalyzer
720
769
  # },
721
770
  # ],
722
771
  # },
772
+ # rds_db_cluster_snapshot: {
773
+ # attributes: {
774
+ # "RdsDbClusterSnapshotAttributeName" => {
775
+ # account_ids: ["RdsDbClusterSnapshotAccountId"],
776
+ # },
777
+ # },
778
+ # kms_key_id: "RdsDbClusterSnapshotKmsKeyId",
779
+ # },
780
+ # rds_db_snapshot: {
781
+ # attributes: {
782
+ # "RdsDbSnapshotAttributeName" => {
783
+ # account_ids: ["RdsDbSnapshotAccountId"],
784
+ # },
785
+ # },
786
+ # kms_key_id: "RdsDbSnapshotKmsKeyId",
787
+ # },
723
788
  # secrets_manager_secret: {
724
789
  # kms_key_id: "SecretsManagerSecretKmsId",
725
790
  # secret_policy: "SecretsManagerSecretPolicy",
@@ -756,6 +821,9 @@ module Aws::AccessAnalyzer
756
821
  # },
757
822
  # },
758
823
  # },
824
+ # sns_topic: {
825
+ # topic_policy: "SnsTopicPolicy",
826
+ # },
759
827
  # sqs_queue: {
760
828
  # queue_policy: "SqsQueuePolicy",
761
829
  # },
@@ -1051,6 +1119,175 @@ module Aws::AccessAnalyzer
1051
1119
  include Aws::Structure
1052
1120
  end
1053
1121
 
1122
+ # The proposed access control configuration for an Amazon EBS volume
1123
+ # snapshot. You can propose a configuration for a new Amazon EBS volume
1124
+ # snapshot or an Amazon EBS volume snapshot that you own by specifying
1125
+ # the user IDs, groups, and optional KMS encryption key. For more
1126
+ # information, see [ModifySnapshotAttribute][1].
1127
+ #
1128
+ #
1129
+ #
1130
+ # [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html
1131
+ #
1132
+ # @note When making an API call, you may pass EbsSnapshotConfiguration
1133
+ # data as a hash:
1134
+ #
1135
+ # {
1136
+ # user_ids: ["EbsUserId"],
1137
+ # groups: ["EbsGroup"],
1138
+ # kms_key_id: "EbsSnapshotDataEncryptionKeyId",
1139
+ # }
1140
+ #
1141
+ # @!attribute [rw] user_ids
1142
+ # The IDs of the Amazon Web Services accounts that have access to the
1143
+ # Amazon EBS volume snapshot.
1144
+ #
1145
+ # * If the configuration is for an existing Amazon EBS volume snapshot
1146
+ # and you do not specify the `userIds`, then the access preview uses
1147
+ # the existing shared `userIds` for the snapshot.
1148
+ #
1149
+ # * If the access preview is for a new resource and you do not specify
1150
+ # the `userIds`, then the access preview considers the snapshot
1151
+ # without any `userIds`.
1152
+ #
1153
+ # * To propose deletion of existing shared `accountIds`, you can
1154
+ # specify an empty list for `userIds`.
1155
+ # @return [Array<String>]
1156
+ #
1157
+ # @!attribute [rw] groups
1158
+ # The groups that have access to the Amazon EBS volume snapshot. If
1159
+ # the value `all` is specified, then the Amazon EBS volume snapshot is
1160
+ # public.
1161
+ #
1162
+ # * If the configuration is for an existing Amazon EBS volume snapshot
1163
+ # and you do not specify the `groups`, then the access preview uses
1164
+ # the existing shared `groups` for the snapshot.
1165
+ #
1166
+ # * If the access preview is for a new resource and you do not specify
1167
+ # the `groups`, then the access preview considers the snapshot
1168
+ # without any `groups`.
1169
+ #
1170
+ # * To propose deletion of existing shared `groups`, you can specify
1171
+ # an empty list for `groups`.
1172
+ # @return [Array<String>]
1173
+ #
1174
+ # @!attribute [rw] kms_key_id
1175
+ # The KMS key identifier for an encrypted Amazon EBS volume snapshot.
1176
+ # The KMS key identifier is the key ARN, key ID, alias ARN, or alias
1177
+ # name for the KMS key.
1178
+ #
1179
+ # * If the configuration is for an existing Amazon EBS volume snapshot
1180
+ # and you do not specify the `kmsKeyId`, or you specify an empty
1181
+ # string, then the access preview uses the existing `kmsKeyId` of
1182
+ # the snapshot.
1183
+ #
1184
+ # * If the access preview is for a new resource and you do not specify
1185
+ # the `kmsKeyId`, the access preview considers the snapshot as
1186
+ # unencrypted.
1187
+ # @return [String]
1188
+ #
1189
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EbsSnapshotConfiguration AWS API Documentation
1190
+ #
1191
+ class EbsSnapshotConfiguration < Struct.new(
1192
+ :user_ids,
1193
+ :groups,
1194
+ :kms_key_id)
1195
+ SENSITIVE = []
1196
+ include Aws::Structure
1197
+ end
1198
+
1199
+ # The proposed access control configuration for an Amazon ECR
1200
+ # repository. You can propose a configuration for a new Amazon ECR
1201
+ # repository or an existing Amazon ECR repository that you own by
1202
+ # specifying the Amazon ECR policy. For more information, see
1203
+ # [Repository][1].
1204
+ #
1205
+ # * If the configuration is for an existing Amazon ECR repository and
1206
+ # you do not specify the Amazon ECR policy, then the access preview
1207
+ # uses the existing Amazon ECR policy for the repository.
1208
+ #
1209
+ # * If the access preview is for a new resource and you do not specify
1210
+ # the policy, then the access preview assumes an Amazon ECR repository
1211
+ # without a policy.
1212
+ #
1213
+ # * To propose deletion of an existing Amazon ECR repository policy, you
1214
+ # can specify an empty string for the Amazon ECR policy.
1215
+ #
1216
+ #
1217
+ #
1218
+ # [1]: https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html
1219
+ #
1220
+ # @note When making an API call, you may pass EcrRepositoryConfiguration
1221
+ # data as a hash:
1222
+ #
1223
+ # {
1224
+ # repository_policy: "EcrRepositoryPolicy",
1225
+ # }
1226
+ #
1227
+ # @!attribute [rw] repository_policy
1228
+ # The JSON repository policy text to apply to the Amazon ECR
1229
+ # repository. For more information, see [Private repository policy
1230
+ # examples][1] in the *Amazon ECR User Guide*.
1231
+ #
1232
+ #
1233
+ #
1234
+ # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html
1235
+ # @return [String]
1236
+ #
1237
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EcrRepositoryConfiguration AWS API Documentation
1238
+ #
1239
+ class EcrRepositoryConfiguration < Struct.new(
1240
+ :repository_policy)
1241
+ SENSITIVE = []
1242
+ include Aws::Structure
1243
+ end
1244
+
1245
+ # The proposed access control configuration for an Amazon EFS file
1246
+ # system. You can propose a configuration for a new Amazon EFS file
1247
+ # system or an existing Amazon EFS file system that you own by
1248
+ # specifying the Amazon EFS policy. For more information, see [Using
1249
+ # file systems in Amazon EFS][1].
1250
+ #
1251
+ # * If the configuration is for an existing Amazon EFS file system and
1252
+ # you do not specify the Amazon EFS policy, then the access preview
1253
+ # uses the existing Amazon EFS policy for the file system.
1254
+ #
1255
+ # * If the access preview is for a new resource and you do not specify
1256
+ # the policy, then the access preview assumes an Amazon EFS file
1257
+ # system without a policy.
1258
+ #
1259
+ # * To propose deletion of an existing Amazon EFS file system policy,
1260
+ # you can specify an empty string for the Amazon EFS policy.
1261
+ #
1262
+ #
1263
+ #
1264
+ # [1]: https://docs.aws.amazon.com/efs/latest/ug/using-fs.html
1265
+ #
1266
+ # @note When making an API call, you may pass EfsFileSystemConfiguration
1267
+ # data as a hash:
1268
+ #
1269
+ # {
1270
+ # file_system_policy: "EfsFileSystemPolicy",
1271
+ # }
1272
+ #
1273
+ # @!attribute [rw] file_system_policy
1274
+ # The JSON policy definition to apply to the Amazon EFS file system.
1275
+ # For more information on the elements that make up a file system
1276
+ # policy, see [Amazon EFS Resource-based policies][1].
1277
+ #
1278
+ #
1279
+ #
1280
+ # [1]: https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies
1281
+ # @return [String]
1282
+ #
1283
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EfsFileSystemConfiguration AWS API Documentation
1284
+ #
1285
+ class EfsFileSystemConfiguration < Struct.new(
1286
+ :file_system_policy)
1287
+ SENSITIVE = []
1288
+ include Aws::Structure
1289
+ end
1290
+
1054
1291
  # Contains information about a finding.
1055
1292
  #
1056
1293
  # @!attribute [rw] id
@@ -2086,7 +2323,7 @@ module Aws::AccessAnalyzer
2086
2323
  #
2087
2324
  # {
2088
2325
  # analyzer_arn: "AnalyzerArn", # required
2089
- # resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
2326
+ # resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic
2090
2327
  # next_token: "Token",
2091
2328
  # max_results: 1,
2092
2329
  # }
@@ -2604,6 +2841,196 @@ module Aws::AccessAnalyzer
2604
2841
  include Aws::Structure
2605
2842
  end
2606
2843
 
2844
+ # The values for a manual Amazon RDS DB cluster snapshot attribute.
2845
+ #
2846
+ # @note RdsDbClusterSnapshotAttributeValue is a union - when making an API calls you must set exactly one of the members.
2847
+ #
2848
+ # @note RdsDbClusterSnapshotAttributeValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of RdsDbClusterSnapshotAttributeValue corresponding to the set member.
2849
+ #
2850
+ # @!attribute [rw] account_ids
2851
+ # The Amazon Web Services account IDs that have access to the manual
2852
+ # Amazon RDS DB cluster snapshot. If the value `all` is specified,
2853
+ # then the Amazon RDS DB cluster snapshot is public and can be copied
2854
+ # or restored by all Amazon Web Services accounts.
2855
+ #
2856
+ # * If the configuration is for an existing Amazon RDS DB cluster
2857
+ # snapshot and you do not specify the `accountIds` in
2858
+ # `RdsDbClusterSnapshotAttributeValue`, then the access preview uses
2859
+ # the existing shared `accountIds` for the snapshot.
2860
+ #
2861
+ # * If the access preview is for a new resource and you do not specify
2862
+ # the specify the `accountIds` in
2863
+ # `RdsDbClusterSnapshotAttributeValue`, then the access preview
2864
+ # considers the snapshot without any attributes.
2865
+ #
2866
+ # * To propose deletion of existing shared `accountIds`, you can
2867
+ # specify an empty list for `accountIds` in the
2868
+ # `RdsDbClusterSnapshotAttributeValue`.
2869
+ # @return [Array<String>]
2870
+ #
2871
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbClusterSnapshotAttributeValue AWS API Documentation
2872
+ #
2873
+ class RdsDbClusterSnapshotAttributeValue < Struct.new(
2874
+ :account_ids,
2875
+ :unknown)
2876
+ SENSITIVE = []
2877
+ include Aws::Structure
2878
+ include Aws::Structure::Union
2879
+
2880
+ class AccountIds < RdsDbClusterSnapshotAttributeValue; end
2881
+ class Unknown < RdsDbClusterSnapshotAttributeValue; end
2882
+ end
2883
+
2884
+ # The proposed access control configuration for an Amazon RDS DB cluster
2885
+ # snapshot. You can propose a configuration for a new Amazon RDS DB
2886
+ # cluster snapshot or an Amazon RDS DB cluster snapshot that you own by
2887
+ # specifying the `RdsDbClusterSnapshotAttributeValue` and optional KMS
2888
+ # encryption key. For more information, see
2889
+ # [ModifyDBClusterSnapshotAttribute][1].
2890
+ #
2891
+ #
2892
+ #
2893
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html
2894
+ #
2895
+ # @note When making an API call, you may pass RdsDbClusterSnapshotConfiguration
2896
+ # data as a hash:
2897
+ #
2898
+ # {
2899
+ # attributes: {
2900
+ # "RdsDbClusterSnapshotAttributeName" => {
2901
+ # account_ids: ["RdsDbClusterSnapshotAccountId"],
2902
+ # },
2903
+ # },
2904
+ # kms_key_id: "RdsDbClusterSnapshotKmsKeyId",
2905
+ # }
2906
+ #
2907
+ # @!attribute [rw] attributes
2908
+ # The names and values of manual DB cluster snapshot attributes.
2909
+ # Manual DB cluster snapshot attributes are used to authorize other
2910
+ # Amazon Web Services accounts to restore a manual DB cluster
2911
+ # snapshot. The only valid value for `AttributeName` for the attribute
2912
+ # map is `restore`
2913
+ # @return [Hash<String,Types::RdsDbClusterSnapshotAttributeValue>]
2914
+ #
2915
+ # @!attribute [rw] kms_key_id
2916
+ # The KMS key identifier for an encrypted Amazon RDS DB cluster
2917
+ # snapshot. The KMS key identifier is the key ARN, key ID, alias ARN,
2918
+ # or alias name for the KMS key.
2919
+ #
2920
+ # * If the configuration is for an existing Amazon RDS DB cluster
2921
+ # snapshot and you do not specify the `kmsKeyId`, or you specify an
2922
+ # empty string, then the access preview uses the existing `kmsKeyId`
2923
+ # of the snapshot.
2924
+ #
2925
+ # * If the access preview is for a new resource and you do not specify
2926
+ # the specify the `kmsKeyId`, then the access preview considers the
2927
+ # snapshot as unencrypted.
2928
+ # @return [String]
2929
+ #
2930
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbClusterSnapshotConfiguration AWS API Documentation
2931
+ #
2932
+ class RdsDbClusterSnapshotConfiguration < Struct.new(
2933
+ :attributes,
2934
+ :kms_key_id)
2935
+ SENSITIVE = []
2936
+ include Aws::Structure
2937
+ end
2938
+
2939
+ # The name and values of a manual Amazon RDS DB snapshot attribute.
2940
+ # Manual DB snapshot attributes are used to authorize other Amazon Web
2941
+ # Services accounts to restore a manual DB snapshot.
2942
+ #
2943
+ # @note RdsDbSnapshotAttributeValue is a union - when making an API calls you must set exactly one of the members.
2944
+ #
2945
+ # @note RdsDbSnapshotAttributeValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of RdsDbSnapshotAttributeValue corresponding to the set member.
2946
+ #
2947
+ # @!attribute [rw] account_ids
2948
+ # The Amazon Web Services account IDs that have access to the manual
2949
+ # Amazon RDS DB snapshot. If the value `all` is specified, then the
2950
+ # Amazon RDS DB snapshot is public and can be copied or restored by
2951
+ # all Amazon Web Services accounts.
2952
+ #
2953
+ # * If the configuration is for an existing Amazon RDS DB snapshot and
2954
+ # you do not specify the `accountIds` in
2955
+ # `RdsDbSnapshotAttributeValue`, then the access preview uses the
2956
+ # existing shared `accountIds` for the snapshot.
2957
+ #
2958
+ # * If the access preview is for a new resource and you do not specify
2959
+ # the specify the `accountIds` in `RdsDbSnapshotAttributeValue`,
2960
+ # then the access preview considers the snapshot without any
2961
+ # attributes.
2962
+ #
2963
+ # * To propose deletion of an existing shared `accountIds`, you can
2964
+ # specify an empty list for `accountIds` in the
2965
+ # `RdsDbSnapshotAttributeValue`.
2966
+ # @return [Array<String>]
2967
+ #
2968
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbSnapshotAttributeValue AWS API Documentation
2969
+ #
2970
+ class RdsDbSnapshotAttributeValue < Struct.new(
2971
+ :account_ids,
2972
+ :unknown)
2973
+ SENSITIVE = []
2974
+ include Aws::Structure
2975
+ include Aws::Structure::Union
2976
+
2977
+ class AccountIds < RdsDbSnapshotAttributeValue; end
2978
+ class Unknown < RdsDbSnapshotAttributeValue; end
2979
+ end
2980
+
2981
+ # The proposed access control configuration for an Amazon RDS DB
2982
+ # snapshot. You can propose a configuration for a new Amazon RDS DB
2983
+ # snapshot or an Amazon RDS DB snapshot that you own by specifying the
2984
+ # `RdsDbSnapshotAttributeValue` and optional KMS encryption key. For
2985
+ # more information, see [ModifyDBSnapshotAttribute][1].
2986
+ #
2987
+ #
2988
+ #
2989
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html
2990
+ #
2991
+ # @note When making an API call, you may pass RdsDbSnapshotConfiguration
2992
+ # data as a hash:
2993
+ #
2994
+ # {
2995
+ # attributes: {
2996
+ # "RdsDbSnapshotAttributeName" => {
2997
+ # account_ids: ["RdsDbSnapshotAccountId"],
2998
+ # },
2999
+ # },
3000
+ # kms_key_id: "RdsDbSnapshotKmsKeyId",
3001
+ # }
3002
+ #
3003
+ # @!attribute [rw] attributes
3004
+ # The names and values of manual DB snapshot attributes. Manual DB
3005
+ # snapshot attributes are used to authorize other Amazon Web Services
3006
+ # accounts to restore a manual DB snapshot. The only valid value for
3007
+ # `attributeName` for the attribute map is restore.
3008
+ # @return [Hash<String,Types::RdsDbSnapshotAttributeValue>]
3009
+ #
3010
+ # @!attribute [rw] kms_key_id
3011
+ # The KMS key identifier for an encrypted Amazon RDS DB snapshot. The
3012
+ # KMS key identifier is the key ARN, key ID, alias ARN, or alias name
3013
+ # for the KMS key.
3014
+ #
3015
+ # * If the configuration is for an existing Amazon RDS DB snapshot and
3016
+ # you do not specify the `kmsKeyId`, or you specify an empty string,
3017
+ # then the access preview uses the existing `kmsKeyId` of the
3018
+ # snapshot.
3019
+ #
3020
+ # * If the access preview is for a new resource and you do not specify
3021
+ # the specify the `kmsKeyId`, then the access preview considers the
3022
+ # snapshot as unencrypted.
3023
+ # @return [String]
3024
+ #
3025
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbSnapshotConfiguration AWS API Documentation
3026
+ #
3027
+ class RdsDbSnapshotConfiguration < Struct.new(
3028
+ :attributes,
3029
+ :kms_key_id)
3030
+ SENSITIVE = []
3031
+ include Aws::Structure
3032
+ end
3033
+
2607
3034
  # The specified resource could not be found.
2608
3035
  #
2609
3036
  # @!attribute [rw] message
@@ -2927,6 +3354,47 @@ module Aws::AccessAnalyzer
2927
3354
  include Aws::Structure
2928
3355
  end
2929
3356
 
3357
+ # The proposed access control configuration for an Amazon SNS topic. You
3358
+ # can propose a configuration for a new Amazon SNS topic or an existing
3359
+ # Amazon SNS topic that you own by specifying the policy. If the
3360
+ # configuration is for an existing Amazon SNS topic and you do not
3361
+ # specify the Amazon SNS policy, then the access preview uses the
3362
+ # existing Amazon SNS policy for the topic. If the access preview is for
3363
+ # a new resource and you do not specify the policy, then the access
3364
+ # preview assumes an Amazon SNS topic without a policy. To propose
3365
+ # deletion of an existing Amazon SNS topic policy, you can specify an
3366
+ # empty string for the Amazon SNS policy. For more information, see
3367
+ # [Topic][1].
3368
+ #
3369
+ #
3370
+ #
3371
+ # [1]: https://docs.aws.amazon.com/sns/latest/api/API_Topic.html
3372
+ #
3373
+ # @note When making an API call, you may pass SnsTopicConfiguration
3374
+ # data as a hash:
3375
+ #
3376
+ # {
3377
+ # topic_policy: "SnsTopicPolicy",
3378
+ # }
3379
+ #
3380
+ # @!attribute [rw] topic_policy
3381
+ # The JSON policy text that defines who can access an Amazon SNS
3382
+ # topic. For more information, see [Example cases for Amazon SNS
3383
+ # access control][1] in the *Amazon SNS Developer Guide*.
3384
+ #
3385
+ #
3386
+ #
3387
+ # [1]: https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html
3388
+ # @return [String]
3389
+ #
3390
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/SnsTopicConfiguration AWS API Documentation
3391
+ #
3392
+ class SnsTopicConfiguration < Struct.new(
3393
+ :topic_policy)
3394
+ SENSITIVE = []
3395
+ include Aws::Structure
3396
+ end
3397
+
2930
3398
  # The criteria used to sort.
2931
3399
  #
2932
3400
  # @note When making an API call, you may pass SortCriteria
@@ -3089,6 +3557,7 @@ module Aws::AccessAnalyzer
3089
3557
  # {
3090
3558
  # analyzer_arn: "AnalyzerArn", # required
3091
3559
  # resource_arn: "ResourceArn", # required
3560
+ # resource_owner_account: "String",
3092
3561
  # }
3093
3562
  #
3094
3563
  # @!attribute [rw] analyzer_arn
@@ -3104,11 +3573,18 @@ module Aws::AccessAnalyzer
3104
3573
  # The ARN of the resource to scan.
3105
3574
  # @return [String]
3106
3575
  #
3576
+ # @!attribute [rw] resource_owner_account
3577
+ # The Amazon Web Services account ID that owns the resource. For most
3578
+ # Amazon Web Services resources, the owning account is the account in
3579
+ # which the resource was created.
3580
+ # @return [String]
3581
+ #
3107
3582
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartResourceScanRequest AWS API Documentation
3108
3583
  #
3109
3584
  class StartResourceScanRequest < Struct.new(
3110
3585
  :analyzer_arn,
3111
- :resource_arn)
3586
+ :resource_arn,
3587
+ :resource_owner_account)
3112
3588
  SENSITIVE = []
3113
3589
  include Aws::Structure
3114
3590
  end
@@ -13,9 +13,13 @@ require 'aws-sigv4'
13
13
 
14
14
  require_relative 'aws-sdk-accessanalyzer/types'
15
15
  require_relative 'aws-sdk-accessanalyzer/client_api'
16
+ require_relative 'aws-sdk-accessanalyzer/plugins/endpoints.rb'
16
17
  require_relative 'aws-sdk-accessanalyzer/client'
17
18
  require_relative 'aws-sdk-accessanalyzer/errors'
18
19
  require_relative 'aws-sdk-accessanalyzer/resource'
20
+ require_relative 'aws-sdk-accessanalyzer/endpoint_parameters'
21
+ require_relative 'aws-sdk-accessanalyzer/endpoint_provider'
22
+ require_relative 'aws-sdk-accessanalyzer/endpoints'
19
23
  require_relative 'aws-sdk-accessanalyzer/customizations'
20
24
 
21
25
  # This module provides support for Access Analyzer. This module is available in the
@@ -48,6 +52,6 @@ require_relative 'aws-sdk-accessanalyzer/customizations'
48
52
  # @!group service
49
53
  module Aws::AccessAnalyzer
50
54
 
51
- GEM_VERSION = '1.30.0'
55
+ GEM_VERSION = '1.31.0'
52
56
 
53
57
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-accessanalyzer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.30.0
4
+ version: 1.31.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-10-03 00:00:00.000000000 Z
11
+ date: 2022-10-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: '3'
20
20
  - - ">="
21
21
  - !ruby/object:Gem::Version
22
- version: 3.127.0
22
+ version: 3.165.0
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
29
29
  version: '3'
30
30
  - - ">="
31
31
  - !ruby/object:Gem::Version
32
- version: 3.127.0
32
+ version: 3.165.0
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: aws-sigv4
35
35
  requirement: !ruby/object:Gem::Requirement
@@ -59,7 +59,11 @@ files:
59
59
  - lib/aws-sdk-accessanalyzer/client.rb
60
60
  - lib/aws-sdk-accessanalyzer/client_api.rb
61
61
  - lib/aws-sdk-accessanalyzer/customizations.rb
62
+ - lib/aws-sdk-accessanalyzer/endpoint_parameters.rb
63
+ - lib/aws-sdk-accessanalyzer/endpoint_provider.rb
64
+ - lib/aws-sdk-accessanalyzer/endpoints.rb
62
65
  - lib/aws-sdk-accessanalyzer/errors.rb
66
+ - lib/aws-sdk-accessanalyzer/plugins/endpoints.rb
63
67
  - lib/aws-sdk-accessanalyzer/resource.rb
64
68
  - lib/aws-sdk-accessanalyzer/types.rb
65
69
  homepage: https://github.com/aws/aws-sdk-ruby