aws-sdk-accessanalyzer 1.30.0 → 1.32.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +84 -12
- data/lib/aws-sdk-accessanalyzer/client_api.rb +88 -0
- data/lib/aws-sdk-accessanalyzer/endpoint_parameters.rb +69 -0
- data/lib/aws-sdk-accessanalyzer/endpoint_provider.rb +112 -0
- data/lib/aws-sdk-accessanalyzer/endpoints.rb +407 -0
- data/lib/aws-sdk-accessanalyzer/plugins/endpoints.rb +124 -0
- data/lib/aws-sdk-accessanalyzer/types.rb +393 -614
- data/lib/aws-sdk-accessanalyzer.rb +5 -1
- metadata +8 -4
@@ -259,10 +259,6 @@ module Aws::AccessAnalyzer
|
|
259
259
|
#
|
260
260
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html
|
261
261
|
#
|
262
|
-
# @note AclGrantee is a union - when making an API calls you must set exactly one of the members.
|
263
|
-
#
|
264
|
-
# @note AclGrantee is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of AclGrantee corresponding to the set member.
|
265
|
-
#
|
266
262
|
# @!attribute [rw] id
|
267
263
|
# The value specified is the canonical user ID of an Amazon Web
|
268
264
|
# Services account.
|
@@ -447,15 +443,6 @@ module Aws::AccessAnalyzer
|
|
447
443
|
|
448
444
|
# Retroactively applies an archive rule.
|
449
445
|
#
|
450
|
-
# @note When making an API call, you may pass ApplyArchiveRuleRequest
|
451
|
-
# data as a hash:
|
452
|
-
#
|
453
|
-
# {
|
454
|
-
# analyzer_arn: "AnalyzerArn", # required
|
455
|
-
# rule_name: "Name", # required
|
456
|
-
# client_token: "String",
|
457
|
-
# }
|
458
|
-
#
|
459
446
|
# @!attribute [rw] analyzer_arn
|
460
447
|
# The Amazon resource name (ARN) of the analyzer.
|
461
448
|
# @return [String]
|
@@ -510,13 +497,6 @@ module Aws::AccessAnalyzer
|
|
510
497
|
include Aws::Structure
|
511
498
|
end
|
512
499
|
|
513
|
-
# @note When making an API call, you may pass CancelPolicyGenerationRequest
|
514
|
-
# data as a hash:
|
515
|
-
#
|
516
|
-
# {
|
517
|
-
# job_id: "JobId", # required
|
518
|
-
# }
|
519
|
-
#
|
520
500
|
# @!attribute [rw] job_id
|
521
501
|
# The `JobId` that is returned by the `StartPolicyGeneration`
|
522
502
|
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
@@ -538,22 +518,6 @@ module Aws::AccessAnalyzer
|
|
538
518
|
|
539
519
|
# Contains information about CloudTrail access.
|
540
520
|
#
|
541
|
-
# @note When making an API call, you may pass CloudTrailDetails
|
542
|
-
# data as a hash:
|
543
|
-
#
|
544
|
-
# {
|
545
|
-
# trails: [ # required
|
546
|
-
# {
|
547
|
-
# cloud_trail_arn: "CloudTrailArn", # required
|
548
|
-
# regions: ["String"],
|
549
|
-
# all_regions: false,
|
550
|
-
# },
|
551
|
-
# ],
|
552
|
-
# access_role: "RoleArn", # required
|
553
|
-
# start_time: Time.now, # required
|
554
|
-
# end_time: Time.now,
|
555
|
-
# }
|
556
|
-
#
|
557
521
|
# @!attribute [rw] trails
|
558
522
|
# A `Trail` object that contains settings for a trail.
|
559
523
|
# @return [Array<Types::Trail>]
|
@@ -621,18 +585,36 @@ module Aws::AccessAnalyzer
|
|
621
585
|
# the configuration as a type-value pair. You can specify only one type
|
622
586
|
# of access control configuration.
|
623
587
|
#
|
624
|
-
#
|
588
|
+
# @!attribute [rw] ebs_snapshot
|
589
|
+
# The access control configuration is for an Amazon EBS volume
|
590
|
+
# snapshot.
|
591
|
+
# @return [Types::EbsSnapshotConfiguration]
|
625
592
|
#
|
626
|
-
#
|
593
|
+
# @!attribute [rw] ecr_repository
|
594
|
+
# The access control configuration is for an Amazon ECR repository.
|
595
|
+
# @return [Types::EcrRepositoryConfiguration]
|
627
596
|
#
|
628
597
|
# @!attribute [rw] iam_role
|
629
598
|
# The access control configuration is for an IAM role.
|
630
599
|
# @return [Types::IamRoleConfiguration]
|
631
600
|
#
|
601
|
+
# @!attribute [rw] efs_file_system
|
602
|
+
# The access control configuration is for an Amazon EFS file system.
|
603
|
+
# @return [Types::EfsFileSystemConfiguration]
|
604
|
+
#
|
632
605
|
# @!attribute [rw] kms_key
|
633
606
|
# The access control configuration is for a KMS key.
|
634
607
|
# @return [Types::KmsKeyConfiguration]
|
635
608
|
#
|
609
|
+
# @!attribute [rw] rds_db_cluster_snapshot
|
610
|
+
# The access control configuration is for an Amazon RDS DB cluster
|
611
|
+
# snapshot.
|
612
|
+
# @return [Types::RdsDbClusterSnapshotConfiguration]
|
613
|
+
#
|
614
|
+
# @!attribute [rw] rds_db_snapshot
|
615
|
+
# The access control configuration is for an Amazon RDS DB snapshot.
|
616
|
+
# @return [Types::RdsDbSnapshotConfiguration]
|
617
|
+
#
|
636
618
|
# @!attribute [rw] secrets_manager_secret
|
637
619
|
# The access control configuration is for a Secrets Manager secret.
|
638
620
|
# @return [Types::SecretsManagerSecretConfiguration]
|
@@ -641,6 +623,10 @@ module Aws::AccessAnalyzer
|
|
641
623
|
# The access control configuration is for an Amazon S3 Bucket.
|
642
624
|
# @return [Types::S3BucketConfiguration]
|
643
625
|
#
|
626
|
+
# @!attribute [rw] sns_topic
|
627
|
+
# The access control configuration is for an Amazon SNS topic
|
628
|
+
# @return [Types::SnsTopicConfiguration]
|
629
|
+
#
|
644
630
|
# @!attribute [rw] sqs_queue
|
645
631
|
# The access control configuration is for an Amazon SQS queue.
|
646
632
|
# @return [Types::SqsQueueConfiguration]
|
@@ -648,20 +634,32 @@ module Aws::AccessAnalyzer
|
|
648
634
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Configuration AWS API Documentation
|
649
635
|
#
|
650
636
|
class Configuration < Struct.new(
|
637
|
+
:ebs_snapshot,
|
638
|
+
:ecr_repository,
|
651
639
|
:iam_role,
|
640
|
+
:efs_file_system,
|
652
641
|
:kms_key,
|
642
|
+
:rds_db_cluster_snapshot,
|
643
|
+
:rds_db_snapshot,
|
653
644
|
:secrets_manager_secret,
|
654
645
|
:s3_bucket,
|
646
|
+
:sns_topic,
|
655
647
|
:sqs_queue,
|
656
648
|
:unknown)
|
657
649
|
SENSITIVE = []
|
658
650
|
include Aws::Structure
|
659
651
|
include Aws::Structure::Union
|
660
652
|
|
653
|
+
class EbsSnapshot < Configuration; end
|
654
|
+
class EcrRepository < Configuration; end
|
661
655
|
class IamRole < Configuration; end
|
656
|
+
class EfsFileSystem < Configuration; end
|
662
657
|
class KmsKey < Configuration; end
|
658
|
+
class RdsDbClusterSnapshot < Configuration; end
|
659
|
+
class RdsDbSnapshot < Configuration; end
|
663
660
|
class SecretsManagerSecret < Configuration; end
|
664
661
|
class S3Bucket < Configuration; end
|
662
|
+
class SnsTopic < Configuration; end
|
665
663
|
class SqsQueue < Configuration; end
|
666
664
|
class Unknown < Configuration; end
|
667
665
|
end
|
@@ -689,81 +687,6 @@ module Aws::AccessAnalyzer
|
|
689
687
|
include Aws::Structure
|
690
688
|
end
|
691
689
|
|
692
|
-
# @note When making an API call, you may pass CreateAccessPreviewRequest
|
693
|
-
# data as a hash:
|
694
|
-
#
|
695
|
-
# {
|
696
|
-
# analyzer_arn: "AnalyzerArn", # required
|
697
|
-
# configurations: { # required
|
698
|
-
# "ConfigurationsMapKey" => {
|
699
|
-
# iam_role: {
|
700
|
-
# trust_policy: "IamTrustPolicy",
|
701
|
-
# },
|
702
|
-
# kms_key: {
|
703
|
-
# key_policies: {
|
704
|
-
# "PolicyName" => "KmsKeyPolicy",
|
705
|
-
# },
|
706
|
-
# grants: [
|
707
|
-
# {
|
708
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
709
|
-
# grantee_principal: "GranteePrincipal", # required
|
710
|
-
# retiring_principal: "RetiringPrincipal",
|
711
|
-
# constraints: {
|
712
|
-
# encryption_context_equals: {
|
713
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
714
|
-
# },
|
715
|
-
# encryption_context_subset: {
|
716
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
717
|
-
# },
|
718
|
-
# },
|
719
|
-
# issuing_account: "IssuingAccount", # required
|
720
|
-
# },
|
721
|
-
# ],
|
722
|
-
# },
|
723
|
-
# secrets_manager_secret: {
|
724
|
-
# kms_key_id: "SecretsManagerSecretKmsId",
|
725
|
-
# secret_policy: "SecretsManagerSecretPolicy",
|
726
|
-
# },
|
727
|
-
# s3_bucket: {
|
728
|
-
# bucket_policy: "S3BucketPolicy",
|
729
|
-
# bucket_acl_grants: [
|
730
|
-
# {
|
731
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
732
|
-
# grantee: { # required
|
733
|
-
# id: "AclCanonicalId",
|
734
|
-
# uri: "AclUri",
|
735
|
-
# },
|
736
|
-
# },
|
737
|
-
# ],
|
738
|
-
# bucket_public_access_block: {
|
739
|
-
# ignore_public_acls: false, # required
|
740
|
-
# restrict_public_buckets: false, # required
|
741
|
-
# },
|
742
|
-
# access_points: {
|
743
|
-
# "AccessPointArn" => {
|
744
|
-
# access_point_policy: "AccessPointPolicy",
|
745
|
-
# public_access_block: {
|
746
|
-
# ignore_public_acls: false, # required
|
747
|
-
# restrict_public_buckets: false, # required
|
748
|
-
# },
|
749
|
-
# network_origin: {
|
750
|
-
# vpc_configuration: {
|
751
|
-
# vpc_id: "VpcId", # required
|
752
|
-
# },
|
753
|
-
# internet_configuration: {
|
754
|
-
# },
|
755
|
-
# },
|
756
|
-
# },
|
757
|
-
# },
|
758
|
-
# },
|
759
|
-
# sqs_queue: {
|
760
|
-
# queue_policy: "SqsQueuePolicy",
|
761
|
-
# },
|
762
|
-
# },
|
763
|
-
# },
|
764
|
-
# client_token: "String",
|
765
|
-
# }
|
766
|
-
#
|
767
690
|
# @!attribute [rw] analyzer_arn
|
768
691
|
# The [ARN of the account analyzer][1] used to generate the access
|
769
692
|
# preview. You can only create an access preview for analyzers with an
|
@@ -813,31 +736,6 @@ module Aws::AccessAnalyzer
|
|
813
736
|
|
814
737
|
# Creates an analyzer.
|
815
738
|
#
|
816
|
-
# @note When making an API call, you may pass CreateAnalyzerRequest
|
817
|
-
# data as a hash:
|
818
|
-
#
|
819
|
-
# {
|
820
|
-
# analyzer_name: "Name", # required
|
821
|
-
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
|
822
|
-
# archive_rules: [
|
823
|
-
# {
|
824
|
-
# rule_name: "Name", # required
|
825
|
-
# filter: { # required
|
826
|
-
# "String" => {
|
827
|
-
# eq: ["String"],
|
828
|
-
# neq: ["String"],
|
829
|
-
# contains: ["String"],
|
830
|
-
# exists: false,
|
831
|
-
# },
|
832
|
-
# },
|
833
|
-
# },
|
834
|
-
# ],
|
835
|
-
# tags: {
|
836
|
-
# "String" => "String",
|
837
|
-
# },
|
838
|
-
# client_token: "String",
|
839
|
-
# }
|
840
|
-
#
|
841
739
|
# @!attribute [rw] analyzer_name
|
842
740
|
# The name of the analyzer to create.
|
843
741
|
# @return [String]
|
@@ -894,23 +792,6 @@ module Aws::AccessAnalyzer
|
|
894
792
|
|
895
793
|
# Creates an archive rule.
|
896
794
|
#
|
897
|
-
# @note When making an API call, you may pass CreateArchiveRuleRequest
|
898
|
-
# data as a hash:
|
899
|
-
#
|
900
|
-
# {
|
901
|
-
# analyzer_name: "Name", # required
|
902
|
-
# rule_name: "Name", # required
|
903
|
-
# filter: { # required
|
904
|
-
# "String" => {
|
905
|
-
# eq: ["String"],
|
906
|
-
# neq: ["String"],
|
907
|
-
# contains: ["String"],
|
908
|
-
# exists: false,
|
909
|
-
# },
|
910
|
-
# },
|
911
|
-
# client_token: "String",
|
912
|
-
# }
|
913
|
-
#
|
914
795
|
# @!attribute [rw] analyzer_name
|
915
796
|
# The name of the created analyzer.
|
916
797
|
# @return [String]
|
@@ -941,17 +822,13 @@ module Aws::AccessAnalyzer
|
|
941
822
|
include Aws::Structure
|
942
823
|
end
|
943
824
|
|
944
|
-
# The criteria to use in the filter that defines the archive rule.
|
825
|
+
# The criteria to use in the filter that defines the archive rule. For
|
826
|
+
# more information on available filter keys, see [IAM Access Analyzer
|
827
|
+
# filter keys][1].
|
828
|
+
#
|
945
829
|
#
|
946
|
-
# @note When making an API call, you may pass Criterion
|
947
|
-
# data as a hash:
|
948
830
|
#
|
949
|
-
#
|
950
|
-
# eq: ["String"],
|
951
|
-
# neq: ["String"],
|
952
|
-
# contains: ["String"],
|
953
|
-
# exists: false,
|
954
|
-
# }
|
831
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
|
955
832
|
#
|
956
833
|
# @!attribute [rw] eq
|
957
834
|
# An "equals" operator to match for the filter used to create the
|
@@ -986,14 +863,6 @@ module Aws::AccessAnalyzer
|
|
986
863
|
|
987
864
|
# Deletes an analyzer.
|
988
865
|
#
|
989
|
-
# @note When making an API call, you may pass DeleteAnalyzerRequest
|
990
|
-
# data as a hash:
|
991
|
-
#
|
992
|
-
# {
|
993
|
-
# analyzer_name: "Name", # required
|
994
|
-
# client_token: "String",
|
995
|
-
# }
|
996
|
-
#
|
997
866
|
# @!attribute [rw] analyzer_name
|
998
867
|
# The name of the analyzer to delete.
|
999
868
|
# @return [String]
|
@@ -1016,15 +885,6 @@ module Aws::AccessAnalyzer
|
|
1016
885
|
|
1017
886
|
# Deletes an archive rule.
|
1018
887
|
#
|
1019
|
-
# @note When making an API call, you may pass DeleteArchiveRuleRequest
|
1020
|
-
# data as a hash:
|
1021
|
-
#
|
1022
|
-
# {
|
1023
|
-
# analyzer_name: "Name", # required
|
1024
|
-
# rule_name: "Name", # required
|
1025
|
-
# client_token: "String",
|
1026
|
-
# }
|
1027
|
-
#
|
1028
888
|
# @!attribute [rw] analyzer_name
|
1029
889
|
# The name of the analyzer that associated with the archive rule to
|
1030
890
|
# delete.
|
@@ -1051,6 +911,152 @@ module Aws::AccessAnalyzer
|
|
1051
911
|
include Aws::Structure
|
1052
912
|
end
|
1053
913
|
|
914
|
+
# The proposed access control configuration for an Amazon EBS volume
|
915
|
+
# snapshot. You can propose a configuration for a new Amazon EBS volume
|
916
|
+
# snapshot or an Amazon EBS volume snapshot that you own by specifying
|
917
|
+
# the user IDs, groups, and optional KMS encryption key. For more
|
918
|
+
# information, see [ModifySnapshotAttribute][1].
|
919
|
+
#
|
920
|
+
#
|
921
|
+
#
|
922
|
+
# [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html
|
923
|
+
#
|
924
|
+
# @!attribute [rw] user_ids
|
925
|
+
# The IDs of the Amazon Web Services accounts that have access to the
|
926
|
+
# Amazon EBS volume snapshot.
|
927
|
+
#
|
928
|
+
# * If the configuration is for an existing Amazon EBS volume snapshot
|
929
|
+
# and you do not specify the `userIds`, then the access preview uses
|
930
|
+
# the existing shared `userIds` for the snapshot.
|
931
|
+
#
|
932
|
+
# * If the access preview is for a new resource and you do not specify
|
933
|
+
# the `userIds`, then the access preview considers the snapshot
|
934
|
+
# without any `userIds`.
|
935
|
+
#
|
936
|
+
# * To propose deletion of existing shared `accountIds`, you can
|
937
|
+
# specify an empty list for `userIds`.
|
938
|
+
# @return [Array<String>]
|
939
|
+
#
|
940
|
+
# @!attribute [rw] groups
|
941
|
+
# The groups that have access to the Amazon EBS volume snapshot. If
|
942
|
+
# the value `all` is specified, then the Amazon EBS volume snapshot is
|
943
|
+
# public.
|
944
|
+
#
|
945
|
+
# * If the configuration is for an existing Amazon EBS volume snapshot
|
946
|
+
# and you do not specify the `groups`, then the access preview uses
|
947
|
+
# the existing shared `groups` for the snapshot.
|
948
|
+
#
|
949
|
+
# * If the access preview is for a new resource and you do not specify
|
950
|
+
# the `groups`, then the access preview considers the snapshot
|
951
|
+
# without any `groups`.
|
952
|
+
#
|
953
|
+
# * To propose deletion of existing shared `groups`, you can specify
|
954
|
+
# an empty list for `groups`.
|
955
|
+
# @return [Array<String>]
|
956
|
+
#
|
957
|
+
# @!attribute [rw] kms_key_id
|
958
|
+
# The KMS key identifier for an encrypted Amazon EBS volume snapshot.
|
959
|
+
# The KMS key identifier is the key ARN, key ID, alias ARN, or alias
|
960
|
+
# name for the KMS key.
|
961
|
+
#
|
962
|
+
# * If the configuration is for an existing Amazon EBS volume snapshot
|
963
|
+
# and you do not specify the `kmsKeyId`, or you specify an empty
|
964
|
+
# string, then the access preview uses the existing `kmsKeyId` of
|
965
|
+
# the snapshot.
|
966
|
+
#
|
967
|
+
# * If the access preview is for a new resource and you do not specify
|
968
|
+
# the `kmsKeyId`, the access preview considers the snapshot as
|
969
|
+
# unencrypted.
|
970
|
+
# @return [String]
|
971
|
+
#
|
972
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EbsSnapshotConfiguration AWS API Documentation
|
973
|
+
#
|
974
|
+
class EbsSnapshotConfiguration < Struct.new(
|
975
|
+
:user_ids,
|
976
|
+
:groups,
|
977
|
+
:kms_key_id)
|
978
|
+
SENSITIVE = []
|
979
|
+
include Aws::Structure
|
980
|
+
end
|
981
|
+
|
982
|
+
# The proposed access control configuration for an Amazon ECR
|
983
|
+
# repository. You can propose a configuration for a new Amazon ECR
|
984
|
+
# repository or an existing Amazon ECR repository that you own by
|
985
|
+
# specifying the Amazon ECR policy. For more information, see
|
986
|
+
# [Repository][1].
|
987
|
+
#
|
988
|
+
# * If the configuration is for an existing Amazon ECR repository and
|
989
|
+
# you do not specify the Amazon ECR policy, then the access preview
|
990
|
+
# uses the existing Amazon ECR policy for the repository.
|
991
|
+
#
|
992
|
+
# * If the access preview is for a new resource and you do not specify
|
993
|
+
# the policy, then the access preview assumes an Amazon ECR repository
|
994
|
+
# without a policy.
|
995
|
+
#
|
996
|
+
# * To propose deletion of an existing Amazon ECR repository policy, you
|
997
|
+
# can specify an empty string for the Amazon ECR policy.
|
998
|
+
#
|
999
|
+
#
|
1000
|
+
#
|
1001
|
+
# [1]: https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html
|
1002
|
+
#
|
1003
|
+
# @!attribute [rw] repository_policy
|
1004
|
+
# The JSON repository policy text to apply to the Amazon ECR
|
1005
|
+
# repository. For more information, see [Private repository policy
|
1006
|
+
# examples][1] in the *Amazon ECR User Guide*.
|
1007
|
+
#
|
1008
|
+
#
|
1009
|
+
#
|
1010
|
+
# [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html
|
1011
|
+
# @return [String]
|
1012
|
+
#
|
1013
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EcrRepositoryConfiguration AWS API Documentation
|
1014
|
+
#
|
1015
|
+
class EcrRepositoryConfiguration < Struct.new(
|
1016
|
+
:repository_policy)
|
1017
|
+
SENSITIVE = []
|
1018
|
+
include Aws::Structure
|
1019
|
+
end
|
1020
|
+
|
1021
|
+
# The proposed access control configuration for an Amazon EFS file
|
1022
|
+
# system. You can propose a configuration for a new Amazon EFS file
|
1023
|
+
# system or an existing Amazon EFS file system that you own by
|
1024
|
+
# specifying the Amazon EFS policy. For more information, see [Using
|
1025
|
+
# file systems in Amazon EFS][1].
|
1026
|
+
#
|
1027
|
+
# * If the configuration is for an existing Amazon EFS file system and
|
1028
|
+
# you do not specify the Amazon EFS policy, then the access preview
|
1029
|
+
# uses the existing Amazon EFS policy for the file system.
|
1030
|
+
#
|
1031
|
+
# * If the access preview is for a new resource and you do not specify
|
1032
|
+
# the policy, then the access preview assumes an Amazon EFS file
|
1033
|
+
# system without a policy.
|
1034
|
+
#
|
1035
|
+
# * To propose deletion of an existing Amazon EFS file system policy,
|
1036
|
+
# you can specify an empty string for the Amazon EFS policy.
|
1037
|
+
#
|
1038
|
+
#
|
1039
|
+
#
|
1040
|
+
# [1]: https://docs.aws.amazon.com/efs/latest/ug/using-fs.html
|
1041
|
+
#
|
1042
|
+
# @!attribute [rw] file_system_policy
|
1043
|
+
# The JSON policy definition to apply to the Amazon EFS file system.
|
1044
|
+
# For more information on the elements that make up a file system
|
1045
|
+
# policy, see [Amazon EFS Resource-based policies][1].
|
1046
|
+
#
|
1047
|
+
#
|
1048
|
+
#
|
1049
|
+
# [1]: https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies
|
1050
|
+
# @return [String]
|
1051
|
+
#
|
1052
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EfsFileSystemConfiguration AWS API Documentation
|
1053
|
+
#
|
1054
|
+
class EfsFileSystemConfiguration < Struct.new(
|
1055
|
+
:file_system_policy)
|
1056
|
+
SENSITIVE = []
|
1057
|
+
include Aws::Structure
|
1058
|
+
end
|
1059
|
+
|
1054
1060
|
# Contains information about a finding.
|
1055
1061
|
#
|
1056
1062
|
# @!attribute [rw] id
|
@@ -1167,10 +1173,16 @@ module Aws::AccessAnalyzer
|
|
1167
1173
|
# multi-region access point.
|
1168
1174
|
# @return [String]
|
1169
1175
|
#
|
1176
|
+
# @!attribute [rw] access_point_account
|
1177
|
+
# The account of the cross-account access point that generated the
|
1178
|
+
# finding.
|
1179
|
+
# @return [String]
|
1180
|
+
#
|
1170
1181
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSourceDetail AWS API Documentation
|
1171
1182
|
#
|
1172
1183
|
class FindingSourceDetail < Struct.new(
|
1173
|
-
:access_point_arn
|
1184
|
+
:access_point_arn,
|
1185
|
+
:access_point_account)
|
1174
1186
|
SENSITIVE = []
|
1175
1187
|
include Aws::Structure
|
1176
1188
|
end
|
@@ -1332,14 +1344,6 @@ module Aws::AccessAnalyzer
|
|
1332
1344
|
include Aws::Structure
|
1333
1345
|
end
|
1334
1346
|
|
1335
|
-
# @note When making an API call, you may pass GetAccessPreviewRequest
|
1336
|
-
# data as a hash:
|
1337
|
-
#
|
1338
|
-
# {
|
1339
|
-
# access_preview_id: "AccessPreviewId", # required
|
1340
|
-
# analyzer_arn: "AnalyzerArn", # required
|
1341
|
-
# }
|
1342
|
-
#
|
1343
1347
|
# @!attribute [rw] access_preview_id
|
1344
1348
|
# The unique ID for the access preview.
|
1345
1349
|
# @return [String]
|
@@ -1375,14 +1379,6 @@ module Aws::AccessAnalyzer
|
|
1375
1379
|
|
1376
1380
|
# Retrieves an analyzed resource.
|
1377
1381
|
#
|
1378
|
-
# @note When making an API call, you may pass GetAnalyzedResourceRequest
|
1379
|
-
# data as a hash:
|
1380
|
-
#
|
1381
|
-
# {
|
1382
|
-
# analyzer_arn: "AnalyzerArn", # required
|
1383
|
-
# resource_arn: "ResourceArn", # required
|
1384
|
-
# }
|
1385
|
-
#
|
1386
1382
|
# @!attribute [rw] analyzer_arn
|
1387
1383
|
# The [ARN of the analyzer][1] to retrieve information from.
|
1388
1384
|
#
|
@@ -1421,13 +1417,6 @@ module Aws::AccessAnalyzer
|
|
1421
1417
|
|
1422
1418
|
# Retrieves an analyzer.
|
1423
1419
|
#
|
1424
|
-
# @note When making an API call, you may pass GetAnalyzerRequest
|
1425
|
-
# data as a hash:
|
1426
|
-
#
|
1427
|
-
# {
|
1428
|
-
# analyzer_name: "Name", # required
|
1429
|
-
# }
|
1430
|
-
#
|
1431
1420
|
# @!attribute [rw] analyzer_name
|
1432
1421
|
# The name of the analyzer retrieved.
|
1433
1422
|
# @return [String]
|
@@ -1457,14 +1446,6 @@ module Aws::AccessAnalyzer
|
|
1457
1446
|
|
1458
1447
|
# Retrieves an archive rule.
|
1459
1448
|
#
|
1460
|
-
# @note When making an API call, you may pass GetArchiveRuleRequest
|
1461
|
-
# data as a hash:
|
1462
|
-
#
|
1463
|
-
# {
|
1464
|
-
# analyzer_name: "Name", # required
|
1465
|
-
# rule_name: "Name", # required
|
1466
|
-
# }
|
1467
|
-
#
|
1468
1449
|
# @!attribute [rw] analyzer_name
|
1469
1450
|
# The name of the analyzer to retrieve rules from.
|
1470
1451
|
# @return [String]
|
@@ -1498,14 +1479,6 @@ module Aws::AccessAnalyzer
|
|
1498
1479
|
|
1499
1480
|
# Retrieves a finding.
|
1500
1481
|
#
|
1501
|
-
# @note When making an API call, you may pass GetFindingRequest
|
1502
|
-
# data as a hash:
|
1503
|
-
#
|
1504
|
-
# {
|
1505
|
-
# analyzer_arn: "AnalyzerArn", # required
|
1506
|
-
# id: "FindingId", # required
|
1507
|
-
# }
|
1508
|
-
#
|
1509
1482
|
# @!attribute [rw] analyzer_arn
|
1510
1483
|
# The [ARN of the analyzer][1] that generated the finding.
|
1511
1484
|
#
|
@@ -1541,15 +1514,6 @@ module Aws::AccessAnalyzer
|
|
1541
1514
|
include Aws::Structure
|
1542
1515
|
end
|
1543
1516
|
|
1544
|
-
# @note When making an API call, you may pass GetGeneratedPolicyRequest
|
1545
|
-
# data as a hash:
|
1546
|
-
#
|
1547
|
-
# {
|
1548
|
-
# job_id: "JobId", # required
|
1549
|
-
# include_resource_placeholders: false,
|
1550
|
-
# include_service_level_template: false,
|
1551
|
-
# }
|
1552
|
-
#
|
1553
1517
|
# @!attribute [rw] job_id
|
1554
1518
|
# The `JobId` that is returned by the `StartPolicyGeneration`
|
1555
1519
|
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
@@ -1619,13 +1583,6 @@ module Aws::AccessAnalyzer
|
|
1619
1583
|
#
|
1620
1584
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
|
1621
1585
|
#
|
1622
|
-
# @note When making an API call, you may pass IamRoleConfiguration
|
1623
|
-
# data as a hash:
|
1624
|
-
#
|
1625
|
-
# {
|
1626
|
-
# trust_policy: "IamTrustPolicy",
|
1627
|
-
# }
|
1628
|
-
#
|
1629
1586
|
# @!attribute [rw] trust_policy
|
1630
1587
|
# The proposed trust policy for the IAM role.
|
1631
1588
|
# @return [String]
|
@@ -1641,21 +1598,6 @@ module Aws::AccessAnalyzer
|
|
1641
1598
|
# An criterion statement in an archive rule. Each archive rule may have
|
1642
1599
|
# multiple criteria.
|
1643
1600
|
#
|
1644
|
-
# @note When making an API call, you may pass InlineArchiveRule
|
1645
|
-
# data as a hash:
|
1646
|
-
#
|
1647
|
-
# {
|
1648
|
-
# rule_name: "Name", # required
|
1649
|
-
# filter: { # required
|
1650
|
-
# "String" => {
|
1651
|
-
# eq: ["String"],
|
1652
|
-
# neq: ["String"],
|
1653
|
-
# contains: ["String"],
|
1654
|
-
# exists: false,
|
1655
|
-
# },
|
1656
|
-
# },
|
1657
|
-
# }
|
1658
|
-
#
|
1659
1601
|
# @!attribute [rw] rule_name
|
1660
1602
|
# The name of the rule.
|
1661
1603
|
# @return [String]
|
@@ -1694,8 +1636,6 @@ module Aws::AccessAnalyzer
|
|
1694
1636
|
# This configuration sets the network origin for the Amazon S3 access
|
1695
1637
|
# point or multi-region access point to `Internet`.
|
1696
1638
|
#
|
1697
|
-
# @api private
|
1698
|
-
#
|
1699
1639
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternetConfiguration AWS API Documentation
|
1700
1640
|
#
|
1701
1641
|
class InternetConfiguration < Aws::EmptyStructure; end
|
@@ -1764,24 +1704,6 @@ module Aws::AccessAnalyzer
|
|
1764
1704
|
#
|
1765
1705
|
# [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html
|
1766
1706
|
#
|
1767
|
-
# @note When making an API call, you may pass KmsGrantConfiguration
|
1768
|
-
# data as a hash:
|
1769
|
-
#
|
1770
|
-
# {
|
1771
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
1772
|
-
# grantee_principal: "GranteePrincipal", # required
|
1773
|
-
# retiring_principal: "RetiringPrincipal",
|
1774
|
-
# constraints: {
|
1775
|
-
# encryption_context_equals: {
|
1776
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1777
|
-
# },
|
1778
|
-
# encryption_context_subset: {
|
1779
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1780
|
-
# },
|
1781
|
-
# },
|
1782
|
-
# issuing_account: "IssuingAccount", # required
|
1783
|
-
# }
|
1784
|
-
#
|
1785
1707
|
# @!attribute [rw] operations
|
1786
1708
|
# A list of operations that the grant permits.
|
1787
1709
|
# @return [Array<String>]
|
@@ -1841,18 +1763,6 @@ module Aws::AccessAnalyzer
|
|
1841
1763
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1842
1764
|
# [3]: https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html
|
1843
1765
|
#
|
1844
|
-
# @note When making an API call, you may pass KmsGrantConstraints
|
1845
|
-
# data as a hash:
|
1846
|
-
#
|
1847
|
-
# {
|
1848
|
-
# encryption_context_equals: {
|
1849
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1850
|
-
# },
|
1851
|
-
# encryption_context_subset: {
|
1852
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1853
|
-
# },
|
1854
|
-
# }
|
1855
|
-
#
|
1856
1766
|
# @!attribute [rw] encryption_context_equals
|
1857
1767
|
# A list of key-value pairs that must match the encryption context in
|
1858
1768
|
# the [cryptographic operation][1] request. The grant allows the
|
@@ -1903,31 +1813,6 @@ module Aws::AccessAnalyzer
|
|
1903
1813
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
|
1904
1814
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html
|
1905
1815
|
#
|
1906
|
-
# @note When making an API call, you may pass KmsKeyConfiguration
|
1907
|
-
# data as a hash:
|
1908
|
-
#
|
1909
|
-
# {
|
1910
|
-
# key_policies: {
|
1911
|
-
# "PolicyName" => "KmsKeyPolicy",
|
1912
|
-
# },
|
1913
|
-
# grants: [
|
1914
|
-
# {
|
1915
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
1916
|
-
# grantee_principal: "GranteePrincipal", # required
|
1917
|
-
# retiring_principal: "RetiringPrincipal",
|
1918
|
-
# constraints: {
|
1919
|
-
# encryption_context_equals: {
|
1920
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1921
|
-
# },
|
1922
|
-
# encryption_context_subset: {
|
1923
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1924
|
-
# },
|
1925
|
-
# },
|
1926
|
-
# issuing_account: "IssuingAccount", # required
|
1927
|
-
# },
|
1928
|
-
# ],
|
1929
|
-
# }
|
1930
|
-
#
|
1931
1816
|
# @!attribute [rw] key_policies
|
1932
1817
|
# Resource policy configuration for the KMS key. The only valid value
|
1933
1818
|
# for the name of the key policy is `default`. For more information,
|
@@ -1955,24 +1840,6 @@ module Aws::AccessAnalyzer
|
|
1955
1840
|
include Aws::Structure
|
1956
1841
|
end
|
1957
1842
|
|
1958
|
-
# @note When making an API call, you may pass ListAccessPreviewFindingsRequest
|
1959
|
-
# data as a hash:
|
1960
|
-
#
|
1961
|
-
# {
|
1962
|
-
# access_preview_id: "AccessPreviewId", # required
|
1963
|
-
# analyzer_arn: "AnalyzerArn", # required
|
1964
|
-
# filter: {
|
1965
|
-
# "String" => {
|
1966
|
-
# eq: ["String"],
|
1967
|
-
# neq: ["String"],
|
1968
|
-
# contains: ["String"],
|
1969
|
-
# exists: false,
|
1970
|
-
# },
|
1971
|
-
# },
|
1972
|
-
# next_token: "Token",
|
1973
|
-
# max_results: 1,
|
1974
|
-
# }
|
1975
|
-
#
|
1976
1843
|
# @!attribute [rw] access_preview_id
|
1977
1844
|
# The unique ID for the access preview.
|
1978
1845
|
# @return [String]
|
@@ -2027,15 +1894,6 @@ module Aws::AccessAnalyzer
|
|
2027
1894
|
include Aws::Structure
|
2028
1895
|
end
|
2029
1896
|
|
2030
|
-
# @note When making an API call, you may pass ListAccessPreviewsRequest
|
2031
|
-
# data as a hash:
|
2032
|
-
#
|
2033
|
-
# {
|
2034
|
-
# analyzer_arn: "AnalyzerArn", # required
|
2035
|
-
# next_token: "Token",
|
2036
|
-
# max_results: 1,
|
2037
|
-
# }
|
2038
|
-
#
|
2039
1897
|
# @!attribute [rw] analyzer_arn
|
2040
1898
|
# The [ARN of the analyzer][1] used to generate the access preview.
|
2041
1899
|
#
|
@@ -2081,16 +1939,6 @@ module Aws::AccessAnalyzer
|
|
2081
1939
|
|
2082
1940
|
# Retrieves a list of resources that have been analyzed.
|
2083
1941
|
#
|
2084
|
-
# @note When making an API call, you may pass ListAnalyzedResourcesRequest
|
2085
|
-
# data as a hash:
|
2086
|
-
#
|
2087
|
-
# {
|
2088
|
-
# analyzer_arn: "AnalyzerArn", # required
|
2089
|
-
# resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
|
2090
|
-
# next_token: "Token",
|
2091
|
-
# max_results: 1,
|
2092
|
-
# }
|
2093
|
-
#
|
2094
1942
|
# @!attribute [rw] analyzer_arn
|
2095
1943
|
# The [ARN of the analyzer][1] to retrieve a list of analyzed
|
2096
1944
|
# resources from.
|
@@ -2144,15 +1992,6 @@ module Aws::AccessAnalyzer
|
|
2144
1992
|
|
2145
1993
|
# Retrieves a list of analyzers.
|
2146
1994
|
#
|
2147
|
-
# @note When making an API call, you may pass ListAnalyzersRequest
|
2148
|
-
# data as a hash:
|
2149
|
-
#
|
2150
|
-
# {
|
2151
|
-
# next_token: "Token",
|
2152
|
-
# max_results: 1,
|
2153
|
-
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
|
2154
|
-
# }
|
2155
|
-
#
|
2156
1995
|
# @!attribute [rw] next_token
|
2157
1996
|
# A token used for pagination of results returned.
|
2158
1997
|
# @return [String]
|
@@ -2196,15 +2035,6 @@ module Aws::AccessAnalyzer
|
|
2196
2035
|
|
2197
2036
|
# Retrieves a list of archive rules created for the specified analyzer.
|
2198
2037
|
#
|
2199
|
-
# @note When making an API call, you may pass ListArchiveRulesRequest
|
2200
|
-
# data as a hash:
|
2201
|
-
#
|
2202
|
-
# {
|
2203
|
-
# analyzer_name: "Name", # required
|
2204
|
-
# next_token: "Token",
|
2205
|
-
# max_results: 1,
|
2206
|
-
# }
|
2207
|
-
#
|
2208
2038
|
# @!attribute [rw] analyzer_name
|
2209
2039
|
# The name of the analyzer to retrieve rules from.
|
2210
2040
|
# @return [String]
|
@@ -2248,27 +2078,6 @@ module Aws::AccessAnalyzer
|
|
2248
2078
|
|
2249
2079
|
# Retrieves a list of findings generated by the specified analyzer.
|
2250
2080
|
#
|
2251
|
-
# @note When making an API call, you may pass ListFindingsRequest
|
2252
|
-
# data as a hash:
|
2253
|
-
#
|
2254
|
-
# {
|
2255
|
-
# analyzer_arn: "AnalyzerArn", # required
|
2256
|
-
# filter: {
|
2257
|
-
# "String" => {
|
2258
|
-
# eq: ["String"],
|
2259
|
-
# neq: ["String"],
|
2260
|
-
# contains: ["String"],
|
2261
|
-
# exists: false,
|
2262
|
-
# },
|
2263
|
-
# },
|
2264
|
-
# sort: {
|
2265
|
-
# attribute_name: "String",
|
2266
|
-
# order_by: "ASC", # accepts ASC, DESC
|
2267
|
-
# },
|
2268
|
-
# next_token: "Token",
|
2269
|
-
# max_results: 1,
|
2270
|
-
# }
|
2271
|
-
#
|
2272
2081
|
# @!attribute [rw] analyzer_arn
|
2273
2082
|
# The [ARN of the analyzer][1] to retrieve findings from.
|
2274
2083
|
#
|
@@ -2325,15 +2134,6 @@ module Aws::AccessAnalyzer
|
|
2325
2134
|
include Aws::Structure
|
2326
2135
|
end
|
2327
2136
|
|
2328
|
-
# @note When making an API call, you may pass ListPolicyGenerationsRequest
|
2329
|
-
# data as a hash:
|
2330
|
-
#
|
2331
|
-
# {
|
2332
|
-
# principal_arn: "PrincipalArn",
|
2333
|
-
# max_results: 1,
|
2334
|
-
# next_token: "Token",
|
2335
|
-
# }
|
2336
|
-
#
|
2337
2137
|
# @!attribute [rw] principal_arn
|
2338
2138
|
# The ARN of the IAM entity (user or role) for which you are
|
2339
2139
|
# generating a policy. Use this with `ListGeneratedPolicies` to filter
|
@@ -2378,13 +2178,6 @@ module Aws::AccessAnalyzer
|
|
2378
2178
|
|
2379
2179
|
# Retrieves a list of tags applied to the specified resource.
|
2380
2180
|
#
|
2381
|
-
# @note When making an API call, you may pass ListTagsForResourceRequest
|
2382
|
-
# data as a hash:
|
2383
|
-
#
|
2384
|
-
# {
|
2385
|
-
# resource_arn: "String", # required
|
2386
|
-
# }
|
2387
|
-
#
|
2388
2181
|
# @!attribute [rw] resource_arn
|
2389
2182
|
# The ARN of the resource to retrieve tags from.
|
2390
2183
|
# @return [String]
|
@@ -2443,10 +2236,6 @@ module Aws::AccessAnalyzer
|
|
2443
2236
|
#
|
2444
2237
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
|
2445
2238
|
#
|
2446
|
-
# @note NetworkOriginConfiguration is a union - when making an API calls you must set exactly one of the members.
|
2447
|
-
#
|
2448
|
-
# @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
|
2449
|
-
#
|
2450
2239
|
# @!attribute [rw] vpc_configuration
|
2451
2240
|
# The proposed virtual private cloud (VPC) configuration for the
|
2452
2241
|
# Amazon S3 access point. VPC configuration does not apply to
|
@@ -2481,8 +2270,6 @@ module Aws::AccessAnalyzer
|
|
2481
2270
|
# A single element in a path through the JSON representation of a
|
2482
2271
|
# policy.
|
2483
2272
|
#
|
2484
|
-
# @note PathElement is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of PathElement corresponding to the set member.
|
2485
|
-
#
|
2486
2273
|
# @!attribute [rw] index
|
2487
2274
|
# Refers to an index in a JSON array.
|
2488
2275
|
# @return [Integer]
|
@@ -2559,13 +2346,6 @@ module Aws::AccessAnalyzer
|
|
2559
2346
|
# Contains the ARN details about the IAM entity for which the policy is
|
2560
2347
|
# generated.
|
2561
2348
|
#
|
2562
|
-
# @note When making an API call, you may pass PolicyGenerationDetails
|
2563
|
-
# data as a hash:
|
2564
|
-
#
|
2565
|
-
# {
|
2566
|
-
# principal_arn: "PrincipalArn", # required
|
2567
|
-
# }
|
2568
|
-
#
|
2569
2349
|
# @!attribute [rw] principal_arn
|
2570
2350
|
# The ARN of the IAM entity (user or role) for which you are
|
2571
2351
|
# generating a policy.
|
@@ -2604,6 +2384,164 @@ module Aws::AccessAnalyzer
|
|
2604
2384
|
include Aws::Structure
|
2605
2385
|
end
|
2606
2386
|
|
2387
|
+
# The values for a manual Amazon RDS DB cluster snapshot attribute.
|
2388
|
+
#
|
2389
|
+
# @!attribute [rw] account_ids
|
2390
|
+
# The Amazon Web Services account IDs that have access to the manual
|
2391
|
+
# Amazon RDS DB cluster snapshot. If the value `all` is specified,
|
2392
|
+
# then the Amazon RDS DB cluster snapshot is public and can be copied
|
2393
|
+
# or restored by all Amazon Web Services accounts.
|
2394
|
+
#
|
2395
|
+
# * If the configuration is for an existing Amazon RDS DB cluster
|
2396
|
+
# snapshot and you do not specify the `accountIds` in
|
2397
|
+
# `RdsDbClusterSnapshotAttributeValue`, then the access preview uses
|
2398
|
+
# the existing shared `accountIds` for the snapshot.
|
2399
|
+
#
|
2400
|
+
# * If the access preview is for a new resource and you do not specify
|
2401
|
+
# the specify the `accountIds` in
|
2402
|
+
# `RdsDbClusterSnapshotAttributeValue`, then the access preview
|
2403
|
+
# considers the snapshot without any attributes.
|
2404
|
+
#
|
2405
|
+
# * To propose deletion of existing shared `accountIds`, you can
|
2406
|
+
# specify an empty list for `accountIds` in the
|
2407
|
+
# `RdsDbClusterSnapshotAttributeValue`.
|
2408
|
+
# @return [Array<String>]
|
2409
|
+
#
|
2410
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbClusterSnapshotAttributeValue AWS API Documentation
|
2411
|
+
#
|
2412
|
+
class RdsDbClusterSnapshotAttributeValue < Struct.new(
|
2413
|
+
:account_ids,
|
2414
|
+
:unknown)
|
2415
|
+
SENSITIVE = []
|
2416
|
+
include Aws::Structure
|
2417
|
+
include Aws::Structure::Union
|
2418
|
+
|
2419
|
+
class AccountIds < RdsDbClusterSnapshotAttributeValue; end
|
2420
|
+
class Unknown < RdsDbClusterSnapshotAttributeValue; end
|
2421
|
+
end
|
2422
|
+
|
2423
|
+
# The proposed access control configuration for an Amazon RDS DB cluster
|
2424
|
+
# snapshot. You can propose a configuration for a new Amazon RDS DB
|
2425
|
+
# cluster snapshot or an Amazon RDS DB cluster snapshot that you own by
|
2426
|
+
# specifying the `RdsDbClusterSnapshotAttributeValue` and optional KMS
|
2427
|
+
# encryption key. For more information, see
|
2428
|
+
# [ModifyDBClusterSnapshotAttribute][1].
|
2429
|
+
#
|
2430
|
+
#
|
2431
|
+
#
|
2432
|
+
# [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html
|
2433
|
+
#
|
2434
|
+
# @!attribute [rw] attributes
|
2435
|
+
# The names and values of manual DB cluster snapshot attributes.
|
2436
|
+
# Manual DB cluster snapshot attributes are used to authorize other
|
2437
|
+
# Amazon Web Services accounts to restore a manual DB cluster
|
2438
|
+
# snapshot. The only valid value for `AttributeName` for the attribute
|
2439
|
+
# map is `restore`
|
2440
|
+
# @return [Hash<String,Types::RdsDbClusterSnapshotAttributeValue>]
|
2441
|
+
#
|
2442
|
+
# @!attribute [rw] kms_key_id
|
2443
|
+
# The KMS key identifier for an encrypted Amazon RDS DB cluster
|
2444
|
+
# snapshot. The KMS key identifier is the key ARN, key ID, alias ARN,
|
2445
|
+
# or alias name for the KMS key.
|
2446
|
+
#
|
2447
|
+
# * If the configuration is for an existing Amazon RDS DB cluster
|
2448
|
+
# snapshot and you do not specify the `kmsKeyId`, or you specify an
|
2449
|
+
# empty string, then the access preview uses the existing `kmsKeyId`
|
2450
|
+
# of the snapshot.
|
2451
|
+
#
|
2452
|
+
# * If the access preview is for a new resource and you do not specify
|
2453
|
+
# the specify the `kmsKeyId`, then the access preview considers the
|
2454
|
+
# snapshot as unencrypted.
|
2455
|
+
# @return [String]
|
2456
|
+
#
|
2457
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbClusterSnapshotConfiguration AWS API Documentation
|
2458
|
+
#
|
2459
|
+
class RdsDbClusterSnapshotConfiguration < Struct.new(
|
2460
|
+
:attributes,
|
2461
|
+
:kms_key_id)
|
2462
|
+
SENSITIVE = []
|
2463
|
+
include Aws::Structure
|
2464
|
+
end
|
2465
|
+
|
2466
|
+
# The name and values of a manual Amazon RDS DB snapshot attribute.
|
2467
|
+
# Manual DB snapshot attributes are used to authorize other Amazon Web
|
2468
|
+
# Services accounts to restore a manual DB snapshot.
|
2469
|
+
#
|
2470
|
+
# @!attribute [rw] account_ids
|
2471
|
+
# The Amazon Web Services account IDs that have access to the manual
|
2472
|
+
# Amazon RDS DB snapshot. If the value `all` is specified, then the
|
2473
|
+
# Amazon RDS DB snapshot is public and can be copied or restored by
|
2474
|
+
# all Amazon Web Services accounts.
|
2475
|
+
#
|
2476
|
+
# * If the configuration is for an existing Amazon RDS DB snapshot and
|
2477
|
+
# you do not specify the `accountIds` in
|
2478
|
+
# `RdsDbSnapshotAttributeValue`, then the access preview uses the
|
2479
|
+
# existing shared `accountIds` for the snapshot.
|
2480
|
+
#
|
2481
|
+
# * If the access preview is for a new resource and you do not specify
|
2482
|
+
# the specify the `accountIds` in `RdsDbSnapshotAttributeValue`,
|
2483
|
+
# then the access preview considers the snapshot without any
|
2484
|
+
# attributes.
|
2485
|
+
#
|
2486
|
+
# * To propose deletion of an existing shared `accountIds`, you can
|
2487
|
+
# specify an empty list for `accountIds` in the
|
2488
|
+
# `RdsDbSnapshotAttributeValue`.
|
2489
|
+
# @return [Array<String>]
|
2490
|
+
#
|
2491
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbSnapshotAttributeValue AWS API Documentation
|
2492
|
+
#
|
2493
|
+
class RdsDbSnapshotAttributeValue < Struct.new(
|
2494
|
+
:account_ids,
|
2495
|
+
:unknown)
|
2496
|
+
SENSITIVE = []
|
2497
|
+
include Aws::Structure
|
2498
|
+
include Aws::Structure::Union
|
2499
|
+
|
2500
|
+
class AccountIds < RdsDbSnapshotAttributeValue; end
|
2501
|
+
class Unknown < RdsDbSnapshotAttributeValue; end
|
2502
|
+
end
|
2503
|
+
|
2504
|
+
# The proposed access control configuration for an Amazon RDS DB
|
2505
|
+
# snapshot. You can propose a configuration for a new Amazon RDS DB
|
2506
|
+
# snapshot or an Amazon RDS DB snapshot that you own by specifying the
|
2507
|
+
# `RdsDbSnapshotAttributeValue` and optional KMS encryption key. For
|
2508
|
+
# more information, see [ModifyDBSnapshotAttribute][1].
|
2509
|
+
#
|
2510
|
+
#
|
2511
|
+
#
|
2512
|
+
# [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html
|
2513
|
+
#
|
2514
|
+
# @!attribute [rw] attributes
|
2515
|
+
# The names and values of manual DB snapshot attributes. Manual DB
|
2516
|
+
# snapshot attributes are used to authorize other Amazon Web Services
|
2517
|
+
# accounts to restore a manual DB snapshot. The only valid value for
|
2518
|
+
# `attributeName` for the attribute map is restore.
|
2519
|
+
# @return [Hash<String,Types::RdsDbSnapshotAttributeValue>]
|
2520
|
+
#
|
2521
|
+
# @!attribute [rw] kms_key_id
|
2522
|
+
# The KMS key identifier for an encrypted Amazon RDS DB snapshot. The
|
2523
|
+
# KMS key identifier is the key ARN, key ID, alias ARN, or alias name
|
2524
|
+
# for the KMS key.
|
2525
|
+
#
|
2526
|
+
# * If the configuration is for an existing Amazon RDS DB snapshot and
|
2527
|
+
# you do not specify the `kmsKeyId`, or you specify an empty string,
|
2528
|
+
# then the access preview uses the existing `kmsKeyId` of the
|
2529
|
+
# snapshot.
|
2530
|
+
#
|
2531
|
+
# * If the access preview is for a new resource and you do not specify
|
2532
|
+
# the specify the `kmsKeyId`, then the access preview considers the
|
2533
|
+
# snapshot as unencrypted.
|
2534
|
+
# @return [String]
|
2535
|
+
#
|
2536
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbSnapshotConfiguration AWS API Documentation
|
2537
|
+
#
|
2538
|
+
class RdsDbSnapshotConfiguration < Struct.new(
|
2539
|
+
:attributes,
|
2540
|
+
:kms_key_id)
|
2541
|
+
SENSITIVE = []
|
2542
|
+
include Aws::Structure
|
2543
|
+
end
|
2544
|
+
|
2607
2545
|
# The specified resource could not be found.
|
2608
2546
|
#
|
2609
2547
|
# @!attribute [rw] message
|
@@ -2643,24 +2581,6 @@ module Aws::AccessAnalyzer
|
|
2643
2581
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
|
2644
2582
|
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html
|
2645
2583
|
#
|
2646
|
-
# @note When making an API call, you may pass S3AccessPointConfiguration
|
2647
|
-
# data as a hash:
|
2648
|
-
#
|
2649
|
-
# {
|
2650
|
-
# access_point_policy: "AccessPointPolicy",
|
2651
|
-
# public_access_block: {
|
2652
|
-
# ignore_public_acls: false, # required
|
2653
|
-
# restrict_public_buckets: false, # required
|
2654
|
-
# },
|
2655
|
-
# network_origin: {
|
2656
|
-
# vpc_configuration: {
|
2657
|
-
# vpc_id: "VpcId", # required
|
2658
|
-
# },
|
2659
|
-
# internet_configuration: {
|
2660
|
-
# },
|
2661
|
-
# },
|
2662
|
-
# }
|
2663
|
-
#
|
2664
2584
|
# @!attribute [rw] access_point_policy
|
2665
2585
|
# The access point or multi-region access point policy.
|
2666
2586
|
# @return [String]
|
@@ -2697,17 +2617,6 @@ module Aws::AccessAnalyzer
|
|
2697
2617
|
#
|
2698
2618
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#setting-acls
|
2699
2619
|
#
|
2700
|
-
# @note When making an API call, you may pass S3BucketAclGrantConfiguration
|
2701
|
-
# data as a hash:
|
2702
|
-
#
|
2703
|
-
# {
|
2704
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
2705
|
-
# grantee: { # required
|
2706
|
-
# id: "AclCanonicalId",
|
2707
|
-
# uri: "AclUri",
|
2708
|
-
# },
|
2709
|
-
# }
|
2710
|
-
#
|
2711
2620
|
# @!attribute [rw] permission
|
2712
2621
|
# The permissions being granted.
|
2713
2622
|
# @return [String]
|
@@ -2743,42 +2652,6 @@ module Aws::AccessAnalyzer
|
|
2743
2652
|
#
|
2744
2653
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
|
2745
2654
|
#
|
2746
|
-
# @note When making an API call, you may pass S3BucketConfiguration
|
2747
|
-
# data as a hash:
|
2748
|
-
#
|
2749
|
-
# {
|
2750
|
-
# bucket_policy: "S3BucketPolicy",
|
2751
|
-
# bucket_acl_grants: [
|
2752
|
-
# {
|
2753
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
2754
|
-
# grantee: { # required
|
2755
|
-
# id: "AclCanonicalId",
|
2756
|
-
# uri: "AclUri",
|
2757
|
-
# },
|
2758
|
-
# },
|
2759
|
-
# ],
|
2760
|
-
# bucket_public_access_block: {
|
2761
|
-
# ignore_public_acls: false, # required
|
2762
|
-
# restrict_public_buckets: false, # required
|
2763
|
-
# },
|
2764
|
-
# access_points: {
|
2765
|
-
# "AccessPointArn" => {
|
2766
|
-
# access_point_policy: "AccessPointPolicy",
|
2767
|
-
# public_access_block: {
|
2768
|
-
# ignore_public_acls: false, # required
|
2769
|
-
# restrict_public_buckets: false, # required
|
2770
|
-
# },
|
2771
|
-
# network_origin: {
|
2772
|
-
# vpc_configuration: {
|
2773
|
-
# vpc_id: "VpcId", # required
|
2774
|
-
# },
|
2775
|
-
# internet_configuration: {
|
2776
|
-
# },
|
2777
|
-
# },
|
2778
|
-
# },
|
2779
|
-
# },
|
2780
|
-
# }
|
2781
|
-
#
|
2782
2655
|
# @!attribute [rw] bucket_policy
|
2783
2656
|
# The proposed bucket policy for the Amazon S3 bucket.
|
2784
2657
|
# @return [String]
|
@@ -2828,14 +2701,6 @@ module Aws::AccessAnalyzer
|
|
2828
2701
|
#
|
2829
2702
|
# [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html
|
2830
2703
|
#
|
2831
|
-
# @note When making an API call, you may pass S3PublicAccessBlockConfiguration
|
2832
|
-
# data as a hash:
|
2833
|
-
#
|
2834
|
-
# {
|
2835
|
-
# ignore_public_acls: false, # required
|
2836
|
-
# restrict_public_buckets: false, # required
|
2837
|
-
# }
|
2838
|
-
#
|
2839
2704
|
# @!attribute [rw] ignore_public_acls
|
2840
2705
|
# Specifies whether Amazon S3 should ignore public ACLs for this
|
2841
2706
|
# bucket and objects in this bucket.
|
@@ -2878,14 +2743,6 @@ module Aws::AccessAnalyzer
|
|
2878
2743
|
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html
|
2879
2744
|
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html
|
2880
2745
|
#
|
2881
|
-
# @note When making an API call, you may pass SecretsManagerSecretConfiguration
|
2882
|
-
# data as a hash:
|
2883
|
-
#
|
2884
|
-
# {
|
2885
|
-
# kms_key_id: "SecretsManagerSecretKmsId",
|
2886
|
-
# secret_policy: "SecretsManagerSecretPolicy",
|
2887
|
-
# }
|
2888
|
-
#
|
2889
2746
|
# @!attribute [rw] kms_key_id
|
2890
2747
|
# The proposed ARN, key ID, or alias of the KMS key.
|
2891
2748
|
# @return [String]
|
@@ -2927,15 +2784,41 @@ module Aws::AccessAnalyzer
|
|
2927
2784
|
include Aws::Structure
|
2928
2785
|
end
|
2929
2786
|
|
2930
|
-
# The
|
2787
|
+
# The proposed access control configuration for an Amazon SNS topic. You
|
2788
|
+
# can propose a configuration for a new Amazon SNS topic or an existing
|
2789
|
+
# Amazon SNS topic that you own by specifying the policy. If the
|
2790
|
+
# configuration is for an existing Amazon SNS topic and you do not
|
2791
|
+
# specify the Amazon SNS policy, then the access preview uses the
|
2792
|
+
# existing Amazon SNS policy for the topic. If the access preview is for
|
2793
|
+
# a new resource and you do not specify the policy, then the access
|
2794
|
+
# preview assumes an Amazon SNS topic without a policy. To propose
|
2795
|
+
# deletion of an existing Amazon SNS topic policy, you can specify an
|
2796
|
+
# empty string for the Amazon SNS policy. For more information, see
|
2797
|
+
# [Topic][1].
|
2798
|
+
#
|
2799
|
+
#
|
2800
|
+
#
|
2801
|
+
# [1]: https://docs.aws.amazon.com/sns/latest/api/API_Topic.html
|
2802
|
+
#
|
2803
|
+
# @!attribute [rw] topic_policy
|
2804
|
+
# The JSON policy text that defines who can access an Amazon SNS
|
2805
|
+
# topic. For more information, see [Example cases for Amazon SNS
|
2806
|
+
# access control][1] in the *Amazon SNS Developer Guide*.
|
2807
|
+
#
|
2931
2808
|
#
|
2932
|
-
# @note When making an API call, you may pass SortCriteria
|
2933
|
-
# data as a hash:
|
2934
2809
|
#
|
2935
|
-
#
|
2936
|
-
#
|
2937
|
-
#
|
2938
|
-
#
|
2810
|
+
# [1]: https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html
|
2811
|
+
# @return [String]
|
2812
|
+
#
|
2813
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/SnsTopicConfiguration AWS API Documentation
|
2814
|
+
#
|
2815
|
+
class SnsTopicConfiguration < Struct.new(
|
2816
|
+
:topic_policy)
|
2817
|
+
SENSITIVE = []
|
2818
|
+
include Aws::Structure
|
2819
|
+
end
|
2820
|
+
|
2821
|
+
# The criteria used to sort.
|
2939
2822
|
#
|
2940
2823
|
# @!attribute [rw] attribute_name
|
2941
2824
|
# The name of the attribute to sort on.
|
@@ -2990,13 +2873,6 @@ module Aws::AccessAnalyzer
|
|
2990
2873
|
#
|
2991
2874
|
# [1]: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-policies.html
|
2992
2875
|
#
|
2993
|
-
# @note When making an API call, you may pass SqsQueueConfiguration
|
2994
|
-
# data as a hash:
|
2995
|
-
#
|
2996
|
-
# {
|
2997
|
-
# queue_policy: "SqsQueuePolicy",
|
2998
|
-
# }
|
2999
|
-
#
|
3000
2876
|
# @!attribute [rw] queue_policy
|
3001
2877
|
# The proposed resource policy for the Amazon SQS queue.
|
3002
2878
|
# @return [String]
|
@@ -3009,28 +2885,6 @@ module Aws::AccessAnalyzer
|
|
3009
2885
|
include Aws::Structure
|
3010
2886
|
end
|
3011
2887
|
|
3012
|
-
# @note When making an API call, you may pass StartPolicyGenerationRequest
|
3013
|
-
# data as a hash:
|
3014
|
-
#
|
3015
|
-
# {
|
3016
|
-
# policy_generation_details: { # required
|
3017
|
-
# principal_arn: "PrincipalArn", # required
|
3018
|
-
# },
|
3019
|
-
# cloud_trail_details: {
|
3020
|
-
# trails: [ # required
|
3021
|
-
# {
|
3022
|
-
# cloud_trail_arn: "CloudTrailArn", # required
|
3023
|
-
# regions: ["String"],
|
3024
|
-
# all_regions: false,
|
3025
|
-
# },
|
3026
|
-
# ],
|
3027
|
-
# access_role: "RoleArn", # required
|
3028
|
-
# start_time: Time.now, # required
|
3029
|
-
# end_time: Time.now,
|
3030
|
-
# },
|
3031
|
-
# client_token: "String",
|
3032
|
-
# }
|
3033
|
-
#
|
3034
2888
|
# @!attribute [rw] policy_generation_details
|
3035
2889
|
# Contains the ARN of the IAM entity (user or role) for which you are
|
3036
2890
|
# generating a policy.
|
@@ -3083,14 +2937,6 @@ module Aws::AccessAnalyzer
|
|
3083
2937
|
|
3084
2938
|
# Starts a scan of the policies applied to the specified resource.
|
3085
2939
|
#
|
3086
|
-
# @note When making an API call, you may pass StartResourceScanRequest
|
3087
|
-
# data as a hash:
|
3088
|
-
#
|
3089
|
-
# {
|
3090
|
-
# analyzer_arn: "AnalyzerArn", # required
|
3091
|
-
# resource_arn: "ResourceArn", # required
|
3092
|
-
# }
|
3093
|
-
#
|
3094
2940
|
# @!attribute [rw] analyzer_arn
|
3095
2941
|
# The [ARN of the analyzer][1] to use to scan the policies applied to
|
3096
2942
|
# the specified resource.
|
@@ -3104,11 +2950,18 @@ module Aws::AccessAnalyzer
|
|
3104
2950
|
# The ARN of the resource to scan.
|
3105
2951
|
# @return [String]
|
3106
2952
|
#
|
2953
|
+
# @!attribute [rw] resource_owner_account
|
2954
|
+
# The Amazon Web Services account ID that owns the resource. For most
|
2955
|
+
# Amazon Web Services resources, the owning account is the account in
|
2956
|
+
# which the resource was created.
|
2957
|
+
# @return [String]
|
2958
|
+
#
|
3107
2959
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartResourceScanRequest AWS API Documentation
|
3108
2960
|
#
|
3109
2961
|
class StartResourceScanRequest < Struct.new(
|
3110
2962
|
:analyzer_arn,
|
3111
|
-
:resource_arn
|
2963
|
+
:resource_arn,
|
2964
|
+
:resource_owner_account)
|
3112
2965
|
SENSITIVE = []
|
3113
2966
|
include Aws::Structure
|
3114
2967
|
end
|
@@ -3152,16 +3005,6 @@ module Aws::AccessAnalyzer
|
|
3152
3005
|
|
3153
3006
|
# Adds a tag to the specified resource.
|
3154
3007
|
#
|
3155
|
-
# @note When making an API call, you may pass TagResourceRequest
|
3156
|
-
# data as a hash:
|
3157
|
-
#
|
3158
|
-
# {
|
3159
|
-
# resource_arn: "String", # required
|
3160
|
-
# tags: { # required
|
3161
|
-
# "String" => "String",
|
3162
|
-
# },
|
3163
|
-
# }
|
3164
|
-
#
|
3165
3008
|
# @!attribute [rw] resource_arn
|
3166
3009
|
# The ARN of the resource to add the tag to.
|
3167
3010
|
# @return [String]
|
@@ -3206,15 +3049,6 @@ module Aws::AccessAnalyzer
|
|
3206
3049
|
# Contains details about the CloudTrail trail being analyzed to generate
|
3207
3050
|
# a policy.
|
3208
3051
|
#
|
3209
|
-
# @note When making an API call, you may pass Trail
|
3210
|
-
# data as a hash:
|
3211
|
-
#
|
3212
|
-
# {
|
3213
|
-
# cloud_trail_arn: "CloudTrailArn", # required
|
3214
|
-
# regions: ["String"],
|
3215
|
-
# all_regions: false,
|
3216
|
-
# }
|
3217
|
-
#
|
3218
3052
|
# @!attribute [rw] cloud_trail_arn
|
3219
3053
|
# Specifies the ARN of the trail. The format of a trail ARN is
|
3220
3054
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
|
@@ -3272,14 +3106,6 @@ module Aws::AccessAnalyzer
|
|
3272
3106
|
|
3273
3107
|
# Removes a tag from the specified resource.
|
3274
3108
|
#
|
3275
|
-
# @note When making an API call, you may pass UntagResourceRequest
|
3276
|
-
# data as a hash:
|
3277
|
-
#
|
3278
|
-
# {
|
3279
|
-
# resource_arn: "String", # required
|
3280
|
-
# tag_keys: ["String"], # required
|
3281
|
-
# }
|
3282
|
-
#
|
3283
3109
|
# @!attribute [rw] resource_arn
|
3284
3110
|
# The ARN of the resource to remove the tag from.
|
3285
3111
|
# @return [String]
|
@@ -3305,23 +3131,6 @@ module Aws::AccessAnalyzer
|
|
3305
3131
|
|
3306
3132
|
# Updates the specified archive rule.
|
3307
3133
|
#
|
3308
|
-
# @note When making an API call, you may pass UpdateArchiveRuleRequest
|
3309
|
-
# data as a hash:
|
3310
|
-
#
|
3311
|
-
# {
|
3312
|
-
# analyzer_name: "Name", # required
|
3313
|
-
# rule_name: "Name", # required
|
3314
|
-
# filter: { # required
|
3315
|
-
# "String" => {
|
3316
|
-
# eq: ["String"],
|
3317
|
-
# neq: ["String"],
|
3318
|
-
# contains: ["String"],
|
3319
|
-
# exists: false,
|
3320
|
-
# },
|
3321
|
-
# },
|
3322
|
-
# client_token: "String",
|
3323
|
-
# }
|
3324
|
-
#
|
3325
3134
|
# @!attribute [rw] analyzer_name
|
3326
3135
|
# The name of the analyzer to update the archive rules for.
|
3327
3136
|
# @return [String]
|
@@ -3355,17 +3164,6 @@ module Aws::AccessAnalyzer
|
|
3355
3164
|
|
3356
3165
|
# Updates findings with the new values provided in the request.
|
3357
3166
|
#
|
3358
|
-
# @note When making an API call, you may pass UpdateFindingsRequest
|
3359
|
-
# data as a hash:
|
3360
|
-
#
|
3361
|
-
# {
|
3362
|
-
# analyzer_arn: "AnalyzerArn", # required
|
3363
|
-
# status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
|
3364
|
-
# ids: ["FindingId"],
|
3365
|
-
# resource_arn: "ResourceArn",
|
3366
|
-
# client_token: "String",
|
3367
|
-
# }
|
3368
|
-
#
|
3369
3167
|
# @!attribute [rw] analyzer_arn
|
3370
3168
|
# The [ARN of the analyzer][1] that generated the findings to update.
|
3371
3169
|
#
|
@@ -3458,18 +3256,6 @@ module Aws::AccessAnalyzer
|
|
3458
3256
|
include Aws::Structure
|
3459
3257
|
end
|
3460
3258
|
|
3461
|
-
# @note When making an API call, you may pass ValidatePolicyRequest
|
3462
|
-
# data as a hash:
|
3463
|
-
#
|
3464
|
-
# {
|
3465
|
-
# locale: "DE", # accepts DE, EN, ES, FR, IT, JA, KO, PT_BR, ZH_CN, ZH_TW
|
3466
|
-
# max_results: 1,
|
3467
|
-
# next_token: "Token",
|
3468
|
-
# policy_document: "PolicyDocument", # required
|
3469
|
-
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
|
3470
|
-
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
|
3471
|
-
# }
|
3472
|
-
#
|
3473
3259
|
# @!attribute [rw] locale
|
3474
3260
|
# The locale to use for localizing the findings.
|
3475
3261
|
# @return [String]
|
@@ -3596,13 +3382,6 @@ module Aws::AccessAnalyzer
|
|
3596
3382
|
#
|
3597
3383
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html
|
3598
3384
|
#
|
3599
|
-
# @note When making an API call, you may pass VpcConfiguration
|
3600
|
-
# data as a hash:
|
3601
|
-
#
|
3602
|
-
# {
|
3603
|
-
# vpc_id: "VpcId", # required
|
3604
|
-
# }
|
3605
|
-
#
|
3606
3385
|
# @!attribute [rw] vpc_id
|
3607
3386
|
# If this field is specified, this access point will only allow
|
3608
3387
|
# connections from the specified VPC ID.
|