aws-sdk-accessanalyzer 1.30.0 → 1.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -259,10 +259,6 @@ module Aws::AccessAnalyzer
259
259
  #
260
260
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html
261
261
  #
262
- # @note AclGrantee is a union - when making an API calls you must set exactly one of the members.
263
- #
264
- # @note AclGrantee is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of AclGrantee corresponding to the set member.
265
- #
266
262
  # @!attribute [rw] id
267
263
  # The value specified is the canonical user ID of an Amazon Web
268
264
  # Services account.
@@ -447,15 +443,6 @@ module Aws::AccessAnalyzer
447
443
 
448
444
  # Retroactively applies an archive rule.
449
445
  #
450
- # @note When making an API call, you may pass ApplyArchiveRuleRequest
451
- # data as a hash:
452
- #
453
- # {
454
- # analyzer_arn: "AnalyzerArn", # required
455
- # rule_name: "Name", # required
456
- # client_token: "String",
457
- # }
458
- #
459
446
  # @!attribute [rw] analyzer_arn
460
447
  # The Amazon resource name (ARN) of the analyzer.
461
448
  # @return [String]
@@ -510,13 +497,6 @@ module Aws::AccessAnalyzer
510
497
  include Aws::Structure
511
498
  end
512
499
 
513
- # @note When making an API call, you may pass CancelPolicyGenerationRequest
514
- # data as a hash:
515
- #
516
- # {
517
- # job_id: "JobId", # required
518
- # }
519
- #
520
500
  # @!attribute [rw] job_id
521
501
  # The `JobId` that is returned by the `StartPolicyGeneration`
522
502
  # operation. The `JobId` can be used with `GetGeneratedPolicy` to
@@ -538,22 +518,6 @@ module Aws::AccessAnalyzer
538
518
 
539
519
  # Contains information about CloudTrail access.
540
520
  #
541
- # @note When making an API call, you may pass CloudTrailDetails
542
- # data as a hash:
543
- #
544
- # {
545
- # trails: [ # required
546
- # {
547
- # cloud_trail_arn: "CloudTrailArn", # required
548
- # regions: ["String"],
549
- # all_regions: false,
550
- # },
551
- # ],
552
- # access_role: "RoleArn", # required
553
- # start_time: Time.now, # required
554
- # end_time: Time.now,
555
- # }
556
- #
557
521
  # @!attribute [rw] trails
558
522
  # A `Trail` object that contains settings for a trail.
559
523
  # @return [Array<Types::Trail>]
@@ -621,18 +585,36 @@ module Aws::AccessAnalyzer
621
585
  # the configuration as a type-value pair. You can specify only one type
622
586
  # of access control configuration.
623
587
  #
624
- # @note Configuration is a union - when making an API calls you must set exactly one of the members.
588
+ # @!attribute [rw] ebs_snapshot
589
+ # The access control configuration is for an Amazon EBS volume
590
+ # snapshot.
591
+ # @return [Types::EbsSnapshotConfiguration]
625
592
  #
626
- # @note Configuration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Configuration corresponding to the set member.
593
+ # @!attribute [rw] ecr_repository
594
+ # The access control configuration is for an Amazon ECR repository.
595
+ # @return [Types::EcrRepositoryConfiguration]
627
596
  #
628
597
  # @!attribute [rw] iam_role
629
598
  # The access control configuration is for an IAM role.
630
599
  # @return [Types::IamRoleConfiguration]
631
600
  #
601
+ # @!attribute [rw] efs_file_system
602
+ # The access control configuration is for an Amazon EFS file system.
603
+ # @return [Types::EfsFileSystemConfiguration]
604
+ #
632
605
  # @!attribute [rw] kms_key
633
606
  # The access control configuration is for a KMS key.
634
607
  # @return [Types::KmsKeyConfiguration]
635
608
  #
609
+ # @!attribute [rw] rds_db_cluster_snapshot
610
+ # The access control configuration is for an Amazon RDS DB cluster
611
+ # snapshot.
612
+ # @return [Types::RdsDbClusterSnapshotConfiguration]
613
+ #
614
+ # @!attribute [rw] rds_db_snapshot
615
+ # The access control configuration is for an Amazon RDS DB snapshot.
616
+ # @return [Types::RdsDbSnapshotConfiguration]
617
+ #
636
618
  # @!attribute [rw] secrets_manager_secret
637
619
  # The access control configuration is for a Secrets Manager secret.
638
620
  # @return [Types::SecretsManagerSecretConfiguration]
@@ -641,6 +623,10 @@ module Aws::AccessAnalyzer
641
623
  # The access control configuration is for an Amazon S3 Bucket.
642
624
  # @return [Types::S3BucketConfiguration]
643
625
  #
626
+ # @!attribute [rw] sns_topic
627
+ # The access control configuration is for an Amazon SNS topic
628
+ # @return [Types::SnsTopicConfiguration]
629
+ #
644
630
  # @!attribute [rw] sqs_queue
645
631
  # The access control configuration is for an Amazon SQS queue.
646
632
  # @return [Types::SqsQueueConfiguration]
@@ -648,20 +634,32 @@ module Aws::AccessAnalyzer
648
634
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Configuration AWS API Documentation
649
635
  #
650
636
  class Configuration < Struct.new(
637
+ :ebs_snapshot,
638
+ :ecr_repository,
651
639
  :iam_role,
640
+ :efs_file_system,
652
641
  :kms_key,
642
+ :rds_db_cluster_snapshot,
643
+ :rds_db_snapshot,
653
644
  :secrets_manager_secret,
654
645
  :s3_bucket,
646
+ :sns_topic,
655
647
  :sqs_queue,
656
648
  :unknown)
657
649
  SENSITIVE = []
658
650
  include Aws::Structure
659
651
  include Aws::Structure::Union
660
652
 
653
+ class EbsSnapshot < Configuration; end
654
+ class EcrRepository < Configuration; end
661
655
  class IamRole < Configuration; end
656
+ class EfsFileSystem < Configuration; end
662
657
  class KmsKey < Configuration; end
658
+ class RdsDbClusterSnapshot < Configuration; end
659
+ class RdsDbSnapshot < Configuration; end
663
660
  class SecretsManagerSecret < Configuration; end
664
661
  class S3Bucket < Configuration; end
662
+ class SnsTopic < Configuration; end
665
663
  class SqsQueue < Configuration; end
666
664
  class Unknown < Configuration; end
667
665
  end
@@ -689,81 +687,6 @@ module Aws::AccessAnalyzer
689
687
  include Aws::Structure
690
688
  end
691
689
 
692
- # @note When making an API call, you may pass CreateAccessPreviewRequest
693
- # data as a hash:
694
- #
695
- # {
696
- # analyzer_arn: "AnalyzerArn", # required
697
- # configurations: { # required
698
- # "ConfigurationsMapKey" => {
699
- # iam_role: {
700
- # trust_policy: "IamTrustPolicy",
701
- # },
702
- # kms_key: {
703
- # key_policies: {
704
- # "PolicyName" => "KmsKeyPolicy",
705
- # },
706
- # grants: [
707
- # {
708
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
709
- # grantee_principal: "GranteePrincipal", # required
710
- # retiring_principal: "RetiringPrincipal",
711
- # constraints: {
712
- # encryption_context_equals: {
713
- # "KmsConstraintsKey" => "KmsConstraintsValue",
714
- # },
715
- # encryption_context_subset: {
716
- # "KmsConstraintsKey" => "KmsConstraintsValue",
717
- # },
718
- # },
719
- # issuing_account: "IssuingAccount", # required
720
- # },
721
- # ],
722
- # },
723
- # secrets_manager_secret: {
724
- # kms_key_id: "SecretsManagerSecretKmsId",
725
- # secret_policy: "SecretsManagerSecretPolicy",
726
- # },
727
- # s3_bucket: {
728
- # bucket_policy: "S3BucketPolicy",
729
- # bucket_acl_grants: [
730
- # {
731
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
732
- # grantee: { # required
733
- # id: "AclCanonicalId",
734
- # uri: "AclUri",
735
- # },
736
- # },
737
- # ],
738
- # bucket_public_access_block: {
739
- # ignore_public_acls: false, # required
740
- # restrict_public_buckets: false, # required
741
- # },
742
- # access_points: {
743
- # "AccessPointArn" => {
744
- # access_point_policy: "AccessPointPolicy",
745
- # public_access_block: {
746
- # ignore_public_acls: false, # required
747
- # restrict_public_buckets: false, # required
748
- # },
749
- # network_origin: {
750
- # vpc_configuration: {
751
- # vpc_id: "VpcId", # required
752
- # },
753
- # internet_configuration: {
754
- # },
755
- # },
756
- # },
757
- # },
758
- # },
759
- # sqs_queue: {
760
- # queue_policy: "SqsQueuePolicy",
761
- # },
762
- # },
763
- # },
764
- # client_token: "String",
765
- # }
766
- #
767
690
  # @!attribute [rw] analyzer_arn
768
691
  # The [ARN of the account analyzer][1] used to generate the access
769
692
  # preview. You can only create an access preview for analyzers with an
@@ -813,31 +736,6 @@ module Aws::AccessAnalyzer
813
736
 
814
737
  # Creates an analyzer.
815
738
  #
816
- # @note When making an API call, you may pass CreateAnalyzerRequest
817
- # data as a hash:
818
- #
819
- # {
820
- # analyzer_name: "Name", # required
821
- # type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
822
- # archive_rules: [
823
- # {
824
- # rule_name: "Name", # required
825
- # filter: { # required
826
- # "String" => {
827
- # eq: ["String"],
828
- # neq: ["String"],
829
- # contains: ["String"],
830
- # exists: false,
831
- # },
832
- # },
833
- # },
834
- # ],
835
- # tags: {
836
- # "String" => "String",
837
- # },
838
- # client_token: "String",
839
- # }
840
- #
841
739
  # @!attribute [rw] analyzer_name
842
740
  # The name of the analyzer to create.
843
741
  # @return [String]
@@ -894,23 +792,6 @@ module Aws::AccessAnalyzer
894
792
 
895
793
  # Creates an archive rule.
896
794
  #
897
- # @note When making an API call, you may pass CreateArchiveRuleRequest
898
- # data as a hash:
899
- #
900
- # {
901
- # analyzer_name: "Name", # required
902
- # rule_name: "Name", # required
903
- # filter: { # required
904
- # "String" => {
905
- # eq: ["String"],
906
- # neq: ["String"],
907
- # contains: ["String"],
908
- # exists: false,
909
- # },
910
- # },
911
- # client_token: "String",
912
- # }
913
- #
914
795
  # @!attribute [rw] analyzer_name
915
796
  # The name of the created analyzer.
916
797
  # @return [String]
@@ -941,17 +822,13 @@ module Aws::AccessAnalyzer
941
822
  include Aws::Structure
942
823
  end
943
824
 
944
- # The criteria to use in the filter that defines the archive rule.
825
+ # The criteria to use in the filter that defines the archive rule. For
826
+ # more information on available filter keys, see [IAM Access Analyzer
827
+ # filter keys][1].
828
+ #
945
829
  #
946
- # @note When making an API call, you may pass Criterion
947
- # data as a hash:
948
830
  #
949
- # {
950
- # eq: ["String"],
951
- # neq: ["String"],
952
- # contains: ["String"],
953
- # exists: false,
954
- # }
831
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
955
832
  #
956
833
  # @!attribute [rw] eq
957
834
  # An "equals" operator to match for the filter used to create the
@@ -986,14 +863,6 @@ module Aws::AccessAnalyzer
986
863
 
987
864
  # Deletes an analyzer.
988
865
  #
989
- # @note When making an API call, you may pass DeleteAnalyzerRequest
990
- # data as a hash:
991
- #
992
- # {
993
- # analyzer_name: "Name", # required
994
- # client_token: "String",
995
- # }
996
- #
997
866
  # @!attribute [rw] analyzer_name
998
867
  # The name of the analyzer to delete.
999
868
  # @return [String]
@@ -1016,15 +885,6 @@ module Aws::AccessAnalyzer
1016
885
 
1017
886
  # Deletes an archive rule.
1018
887
  #
1019
- # @note When making an API call, you may pass DeleteArchiveRuleRequest
1020
- # data as a hash:
1021
- #
1022
- # {
1023
- # analyzer_name: "Name", # required
1024
- # rule_name: "Name", # required
1025
- # client_token: "String",
1026
- # }
1027
- #
1028
888
  # @!attribute [rw] analyzer_name
1029
889
  # The name of the analyzer that associated with the archive rule to
1030
890
  # delete.
@@ -1051,6 +911,152 @@ module Aws::AccessAnalyzer
1051
911
  include Aws::Structure
1052
912
  end
1053
913
 
914
+ # The proposed access control configuration for an Amazon EBS volume
915
+ # snapshot. You can propose a configuration for a new Amazon EBS volume
916
+ # snapshot or an Amazon EBS volume snapshot that you own by specifying
917
+ # the user IDs, groups, and optional KMS encryption key. For more
918
+ # information, see [ModifySnapshotAttribute][1].
919
+ #
920
+ #
921
+ #
922
+ # [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html
923
+ #
924
+ # @!attribute [rw] user_ids
925
+ # The IDs of the Amazon Web Services accounts that have access to the
926
+ # Amazon EBS volume snapshot.
927
+ #
928
+ # * If the configuration is for an existing Amazon EBS volume snapshot
929
+ # and you do not specify the `userIds`, then the access preview uses
930
+ # the existing shared `userIds` for the snapshot.
931
+ #
932
+ # * If the access preview is for a new resource and you do not specify
933
+ # the `userIds`, then the access preview considers the snapshot
934
+ # without any `userIds`.
935
+ #
936
+ # * To propose deletion of existing shared `accountIds`, you can
937
+ # specify an empty list for `userIds`.
938
+ # @return [Array<String>]
939
+ #
940
+ # @!attribute [rw] groups
941
+ # The groups that have access to the Amazon EBS volume snapshot. If
942
+ # the value `all` is specified, then the Amazon EBS volume snapshot is
943
+ # public.
944
+ #
945
+ # * If the configuration is for an existing Amazon EBS volume snapshot
946
+ # and you do not specify the `groups`, then the access preview uses
947
+ # the existing shared `groups` for the snapshot.
948
+ #
949
+ # * If the access preview is for a new resource and you do not specify
950
+ # the `groups`, then the access preview considers the snapshot
951
+ # without any `groups`.
952
+ #
953
+ # * To propose deletion of existing shared `groups`, you can specify
954
+ # an empty list for `groups`.
955
+ # @return [Array<String>]
956
+ #
957
+ # @!attribute [rw] kms_key_id
958
+ # The KMS key identifier for an encrypted Amazon EBS volume snapshot.
959
+ # The KMS key identifier is the key ARN, key ID, alias ARN, or alias
960
+ # name for the KMS key.
961
+ #
962
+ # * If the configuration is for an existing Amazon EBS volume snapshot
963
+ # and you do not specify the `kmsKeyId`, or you specify an empty
964
+ # string, then the access preview uses the existing `kmsKeyId` of
965
+ # the snapshot.
966
+ #
967
+ # * If the access preview is for a new resource and you do not specify
968
+ # the `kmsKeyId`, the access preview considers the snapshot as
969
+ # unencrypted.
970
+ # @return [String]
971
+ #
972
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EbsSnapshotConfiguration AWS API Documentation
973
+ #
974
+ class EbsSnapshotConfiguration < Struct.new(
975
+ :user_ids,
976
+ :groups,
977
+ :kms_key_id)
978
+ SENSITIVE = []
979
+ include Aws::Structure
980
+ end
981
+
982
+ # The proposed access control configuration for an Amazon ECR
983
+ # repository. You can propose a configuration for a new Amazon ECR
984
+ # repository or an existing Amazon ECR repository that you own by
985
+ # specifying the Amazon ECR policy. For more information, see
986
+ # [Repository][1].
987
+ #
988
+ # * If the configuration is for an existing Amazon ECR repository and
989
+ # you do not specify the Amazon ECR policy, then the access preview
990
+ # uses the existing Amazon ECR policy for the repository.
991
+ #
992
+ # * If the access preview is for a new resource and you do not specify
993
+ # the policy, then the access preview assumes an Amazon ECR repository
994
+ # without a policy.
995
+ #
996
+ # * To propose deletion of an existing Amazon ECR repository policy, you
997
+ # can specify an empty string for the Amazon ECR policy.
998
+ #
999
+ #
1000
+ #
1001
+ # [1]: https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html
1002
+ #
1003
+ # @!attribute [rw] repository_policy
1004
+ # The JSON repository policy text to apply to the Amazon ECR
1005
+ # repository. For more information, see [Private repository policy
1006
+ # examples][1] in the *Amazon ECR User Guide*.
1007
+ #
1008
+ #
1009
+ #
1010
+ # [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html
1011
+ # @return [String]
1012
+ #
1013
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EcrRepositoryConfiguration AWS API Documentation
1014
+ #
1015
+ class EcrRepositoryConfiguration < Struct.new(
1016
+ :repository_policy)
1017
+ SENSITIVE = []
1018
+ include Aws::Structure
1019
+ end
1020
+
1021
+ # The proposed access control configuration for an Amazon EFS file
1022
+ # system. You can propose a configuration for a new Amazon EFS file
1023
+ # system or an existing Amazon EFS file system that you own by
1024
+ # specifying the Amazon EFS policy. For more information, see [Using
1025
+ # file systems in Amazon EFS][1].
1026
+ #
1027
+ # * If the configuration is for an existing Amazon EFS file system and
1028
+ # you do not specify the Amazon EFS policy, then the access preview
1029
+ # uses the existing Amazon EFS policy for the file system.
1030
+ #
1031
+ # * If the access preview is for a new resource and you do not specify
1032
+ # the policy, then the access preview assumes an Amazon EFS file
1033
+ # system without a policy.
1034
+ #
1035
+ # * To propose deletion of an existing Amazon EFS file system policy,
1036
+ # you can specify an empty string for the Amazon EFS policy.
1037
+ #
1038
+ #
1039
+ #
1040
+ # [1]: https://docs.aws.amazon.com/efs/latest/ug/using-fs.html
1041
+ #
1042
+ # @!attribute [rw] file_system_policy
1043
+ # The JSON policy definition to apply to the Amazon EFS file system.
1044
+ # For more information on the elements that make up a file system
1045
+ # policy, see [Amazon EFS Resource-based policies][1].
1046
+ #
1047
+ #
1048
+ #
1049
+ # [1]: https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies
1050
+ # @return [String]
1051
+ #
1052
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EfsFileSystemConfiguration AWS API Documentation
1053
+ #
1054
+ class EfsFileSystemConfiguration < Struct.new(
1055
+ :file_system_policy)
1056
+ SENSITIVE = []
1057
+ include Aws::Structure
1058
+ end
1059
+
1054
1060
  # Contains information about a finding.
1055
1061
  #
1056
1062
  # @!attribute [rw] id
@@ -1167,10 +1173,16 @@ module Aws::AccessAnalyzer
1167
1173
  # multi-region access point.
1168
1174
  # @return [String]
1169
1175
  #
1176
+ # @!attribute [rw] access_point_account
1177
+ # The account of the cross-account access point that generated the
1178
+ # finding.
1179
+ # @return [String]
1180
+ #
1170
1181
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSourceDetail AWS API Documentation
1171
1182
  #
1172
1183
  class FindingSourceDetail < Struct.new(
1173
- :access_point_arn)
1184
+ :access_point_arn,
1185
+ :access_point_account)
1174
1186
  SENSITIVE = []
1175
1187
  include Aws::Structure
1176
1188
  end
@@ -1332,14 +1344,6 @@ module Aws::AccessAnalyzer
1332
1344
  include Aws::Structure
1333
1345
  end
1334
1346
 
1335
- # @note When making an API call, you may pass GetAccessPreviewRequest
1336
- # data as a hash:
1337
- #
1338
- # {
1339
- # access_preview_id: "AccessPreviewId", # required
1340
- # analyzer_arn: "AnalyzerArn", # required
1341
- # }
1342
- #
1343
1347
  # @!attribute [rw] access_preview_id
1344
1348
  # The unique ID for the access preview.
1345
1349
  # @return [String]
@@ -1375,14 +1379,6 @@ module Aws::AccessAnalyzer
1375
1379
 
1376
1380
  # Retrieves an analyzed resource.
1377
1381
  #
1378
- # @note When making an API call, you may pass GetAnalyzedResourceRequest
1379
- # data as a hash:
1380
- #
1381
- # {
1382
- # analyzer_arn: "AnalyzerArn", # required
1383
- # resource_arn: "ResourceArn", # required
1384
- # }
1385
- #
1386
1382
  # @!attribute [rw] analyzer_arn
1387
1383
  # The [ARN of the analyzer][1] to retrieve information from.
1388
1384
  #
@@ -1421,13 +1417,6 @@ module Aws::AccessAnalyzer
1421
1417
 
1422
1418
  # Retrieves an analyzer.
1423
1419
  #
1424
- # @note When making an API call, you may pass GetAnalyzerRequest
1425
- # data as a hash:
1426
- #
1427
- # {
1428
- # analyzer_name: "Name", # required
1429
- # }
1430
- #
1431
1420
  # @!attribute [rw] analyzer_name
1432
1421
  # The name of the analyzer retrieved.
1433
1422
  # @return [String]
@@ -1457,14 +1446,6 @@ module Aws::AccessAnalyzer
1457
1446
 
1458
1447
  # Retrieves an archive rule.
1459
1448
  #
1460
- # @note When making an API call, you may pass GetArchiveRuleRequest
1461
- # data as a hash:
1462
- #
1463
- # {
1464
- # analyzer_name: "Name", # required
1465
- # rule_name: "Name", # required
1466
- # }
1467
- #
1468
1449
  # @!attribute [rw] analyzer_name
1469
1450
  # The name of the analyzer to retrieve rules from.
1470
1451
  # @return [String]
@@ -1498,14 +1479,6 @@ module Aws::AccessAnalyzer
1498
1479
 
1499
1480
  # Retrieves a finding.
1500
1481
  #
1501
- # @note When making an API call, you may pass GetFindingRequest
1502
- # data as a hash:
1503
- #
1504
- # {
1505
- # analyzer_arn: "AnalyzerArn", # required
1506
- # id: "FindingId", # required
1507
- # }
1508
- #
1509
1482
  # @!attribute [rw] analyzer_arn
1510
1483
  # The [ARN of the analyzer][1] that generated the finding.
1511
1484
  #
@@ -1541,15 +1514,6 @@ module Aws::AccessAnalyzer
1541
1514
  include Aws::Structure
1542
1515
  end
1543
1516
 
1544
- # @note When making an API call, you may pass GetGeneratedPolicyRequest
1545
- # data as a hash:
1546
- #
1547
- # {
1548
- # job_id: "JobId", # required
1549
- # include_resource_placeholders: false,
1550
- # include_service_level_template: false,
1551
- # }
1552
- #
1553
1517
  # @!attribute [rw] job_id
1554
1518
  # The `JobId` that is returned by the `StartPolicyGeneration`
1555
1519
  # operation. The `JobId` can be used with `GetGeneratedPolicy` to
@@ -1619,13 +1583,6 @@ module Aws::AccessAnalyzer
1619
1583
  #
1620
1584
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
1621
1585
  #
1622
- # @note When making an API call, you may pass IamRoleConfiguration
1623
- # data as a hash:
1624
- #
1625
- # {
1626
- # trust_policy: "IamTrustPolicy",
1627
- # }
1628
- #
1629
1586
  # @!attribute [rw] trust_policy
1630
1587
  # The proposed trust policy for the IAM role.
1631
1588
  # @return [String]
@@ -1641,21 +1598,6 @@ module Aws::AccessAnalyzer
1641
1598
  # An criterion statement in an archive rule. Each archive rule may have
1642
1599
  # multiple criteria.
1643
1600
  #
1644
- # @note When making an API call, you may pass InlineArchiveRule
1645
- # data as a hash:
1646
- #
1647
- # {
1648
- # rule_name: "Name", # required
1649
- # filter: { # required
1650
- # "String" => {
1651
- # eq: ["String"],
1652
- # neq: ["String"],
1653
- # contains: ["String"],
1654
- # exists: false,
1655
- # },
1656
- # },
1657
- # }
1658
- #
1659
1601
  # @!attribute [rw] rule_name
1660
1602
  # The name of the rule.
1661
1603
  # @return [String]
@@ -1694,8 +1636,6 @@ module Aws::AccessAnalyzer
1694
1636
  # This configuration sets the network origin for the Amazon S3 access
1695
1637
  # point or multi-region access point to `Internet`.
1696
1638
  #
1697
- # @api private
1698
- #
1699
1639
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternetConfiguration AWS API Documentation
1700
1640
  #
1701
1641
  class InternetConfiguration < Aws::EmptyStructure; end
@@ -1764,24 +1704,6 @@ module Aws::AccessAnalyzer
1764
1704
  #
1765
1705
  # [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html
1766
1706
  #
1767
- # @note When making an API call, you may pass KmsGrantConfiguration
1768
- # data as a hash:
1769
- #
1770
- # {
1771
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
1772
- # grantee_principal: "GranteePrincipal", # required
1773
- # retiring_principal: "RetiringPrincipal",
1774
- # constraints: {
1775
- # encryption_context_equals: {
1776
- # "KmsConstraintsKey" => "KmsConstraintsValue",
1777
- # },
1778
- # encryption_context_subset: {
1779
- # "KmsConstraintsKey" => "KmsConstraintsValue",
1780
- # },
1781
- # },
1782
- # issuing_account: "IssuingAccount", # required
1783
- # }
1784
- #
1785
1707
  # @!attribute [rw] operations
1786
1708
  # A list of operations that the grant permits.
1787
1709
  # @return [Array<String>]
@@ -1841,18 +1763,6 @@ module Aws::AccessAnalyzer
1841
1763
  # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
1842
1764
  # [3]: https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html
1843
1765
  #
1844
- # @note When making an API call, you may pass KmsGrantConstraints
1845
- # data as a hash:
1846
- #
1847
- # {
1848
- # encryption_context_equals: {
1849
- # "KmsConstraintsKey" => "KmsConstraintsValue",
1850
- # },
1851
- # encryption_context_subset: {
1852
- # "KmsConstraintsKey" => "KmsConstraintsValue",
1853
- # },
1854
- # }
1855
- #
1856
1766
  # @!attribute [rw] encryption_context_equals
1857
1767
  # A list of key-value pairs that must match the encryption context in
1858
1768
  # the [cryptographic operation][1] request. The grant allows the
@@ -1903,31 +1813,6 @@ module Aws::AccessAnalyzer
1903
1813
  # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
1904
1814
  # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html
1905
1815
  #
1906
- # @note When making an API call, you may pass KmsKeyConfiguration
1907
- # data as a hash:
1908
- #
1909
- # {
1910
- # key_policies: {
1911
- # "PolicyName" => "KmsKeyPolicy",
1912
- # },
1913
- # grants: [
1914
- # {
1915
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
1916
- # grantee_principal: "GranteePrincipal", # required
1917
- # retiring_principal: "RetiringPrincipal",
1918
- # constraints: {
1919
- # encryption_context_equals: {
1920
- # "KmsConstraintsKey" => "KmsConstraintsValue",
1921
- # },
1922
- # encryption_context_subset: {
1923
- # "KmsConstraintsKey" => "KmsConstraintsValue",
1924
- # },
1925
- # },
1926
- # issuing_account: "IssuingAccount", # required
1927
- # },
1928
- # ],
1929
- # }
1930
- #
1931
1816
  # @!attribute [rw] key_policies
1932
1817
  # Resource policy configuration for the KMS key. The only valid value
1933
1818
  # for the name of the key policy is `default`. For more information,
@@ -1955,24 +1840,6 @@ module Aws::AccessAnalyzer
1955
1840
  include Aws::Structure
1956
1841
  end
1957
1842
 
1958
- # @note When making an API call, you may pass ListAccessPreviewFindingsRequest
1959
- # data as a hash:
1960
- #
1961
- # {
1962
- # access_preview_id: "AccessPreviewId", # required
1963
- # analyzer_arn: "AnalyzerArn", # required
1964
- # filter: {
1965
- # "String" => {
1966
- # eq: ["String"],
1967
- # neq: ["String"],
1968
- # contains: ["String"],
1969
- # exists: false,
1970
- # },
1971
- # },
1972
- # next_token: "Token",
1973
- # max_results: 1,
1974
- # }
1975
- #
1976
1843
  # @!attribute [rw] access_preview_id
1977
1844
  # The unique ID for the access preview.
1978
1845
  # @return [String]
@@ -2027,15 +1894,6 @@ module Aws::AccessAnalyzer
2027
1894
  include Aws::Structure
2028
1895
  end
2029
1896
 
2030
- # @note When making an API call, you may pass ListAccessPreviewsRequest
2031
- # data as a hash:
2032
- #
2033
- # {
2034
- # analyzer_arn: "AnalyzerArn", # required
2035
- # next_token: "Token",
2036
- # max_results: 1,
2037
- # }
2038
- #
2039
1897
  # @!attribute [rw] analyzer_arn
2040
1898
  # The [ARN of the analyzer][1] used to generate the access preview.
2041
1899
  #
@@ -2081,16 +1939,6 @@ module Aws::AccessAnalyzer
2081
1939
 
2082
1940
  # Retrieves a list of resources that have been analyzed.
2083
1941
  #
2084
- # @note When making an API call, you may pass ListAnalyzedResourcesRequest
2085
- # data as a hash:
2086
- #
2087
- # {
2088
- # analyzer_arn: "AnalyzerArn", # required
2089
- # resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
2090
- # next_token: "Token",
2091
- # max_results: 1,
2092
- # }
2093
- #
2094
1942
  # @!attribute [rw] analyzer_arn
2095
1943
  # The [ARN of the analyzer][1] to retrieve a list of analyzed
2096
1944
  # resources from.
@@ -2144,15 +1992,6 @@ module Aws::AccessAnalyzer
2144
1992
 
2145
1993
  # Retrieves a list of analyzers.
2146
1994
  #
2147
- # @note When making an API call, you may pass ListAnalyzersRequest
2148
- # data as a hash:
2149
- #
2150
- # {
2151
- # next_token: "Token",
2152
- # max_results: 1,
2153
- # type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
2154
- # }
2155
- #
2156
1995
  # @!attribute [rw] next_token
2157
1996
  # A token used for pagination of results returned.
2158
1997
  # @return [String]
@@ -2196,15 +2035,6 @@ module Aws::AccessAnalyzer
2196
2035
 
2197
2036
  # Retrieves a list of archive rules created for the specified analyzer.
2198
2037
  #
2199
- # @note When making an API call, you may pass ListArchiveRulesRequest
2200
- # data as a hash:
2201
- #
2202
- # {
2203
- # analyzer_name: "Name", # required
2204
- # next_token: "Token",
2205
- # max_results: 1,
2206
- # }
2207
- #
2208
2038
  # @!attribute [rw] analyzer_name
2209
2039
  # The name of the analyzer to retrieve rules from.
2210
2040
  # @return [String]
@@ -2248,27 +2078,6 @@ module Aws::AccessAnalyzer
2248
2078
 
2249
2079
  # Retrieves a list of findings generated by the specified analyzer.
2250
2080
  #
2251
- # @note When making an API call, you may pass ListFindingsRequest
2252
- # data as a hash:
2253
- #
2254
- # {
2255
- # analyzer_arn: "AnalyzerArn", # required
2256
- # filter: {
2257
- # "String" => {
2258
- # eq: ["String"],
2259
- # neq: ["String"],
2260
- # contains: ["String"],
2261
- # exists: false,
2262
- # },
2263
- # },
2264
- # sort: {
2265
- # attribute_name: "String",
2266
- # order_by: "ASC", # accepts ASC, DESC
2267
- # },
2268
- # next_token: "Token",
2269
- # max_results: 1,
2270
- # }
2271
- #
2272
2081
  # @!attribute [rw] analyzer_arn
2273
2082
  # The [ARN of the analyzer][1] to retrieve findings from.
2274
2083
  #
@@ -2325,15 +2134,6 @@ module Aws::AccessAnalyzer
2325
2134
  include Aws::Structure
2326
2135
  end
2327
2136
 
2328
- # @note When making an API call, you may pass ListPolicyGenerationsRequest
2329
- # data as a hash:
2330
- #
2331
- # {
2332
- # principal_arn: "PrincipalArn",
2333
- # max_results: 1,
2334
- # next_token: "Token",
2335
- # }
2336
- #
2337
2137
  # @!attribute [rw] principal_arn
2338
2138
  # The ARN of the IAM entity (user or role) for which you are
2339
2139
  # generating a policy. Use this with `ListGeneratedPolicies` to filter
@@ -2378,13 +2178,6 @@ module Aws::AccessAnalyzer
2378
2178
 
2379
2179
  # Retrieves a list of tags applied to the specified resource.
2380
2180
  #
2381
- # @note When making an API call, you may pass ListTagsForResourceRequest
2382
- # data as a hash:
2383
- #
2384
- # {
2385
- # resource_arn: "String", # required
2386
- # }
2387
- #
2388
2181
  # @!attribute [rw] resource_arn
2389
2182
  # The ARN of the resource to retrieve tags from.
2390
2183
  # @return [String]
@@ -2443,10 +2236,6 @@ module Aws::AccessAnalyzer
2443
2236
  #
2444
2237
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
2445
2238
  #
2446
- # @note NetworkOriginConfiguration is a union - when making an API calls you must set exactly one of the members.
2447
- #
2448
- # @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
2449
- #
2450
2239
  # @!attribute [rw] vpc_configuration
2451
2240
  # The proposed virtual private cloud (VPC) configuration for the
2452
2241
  # Amazon S3 access point. VPC configuration does not apply to
@@ -2481,8 +2270,6 @@ module Aws::AccessAnalyzer
2481
2270
  # A single element in a path through the JSON representation of a
2482
2271
  # policy.
2483
2272
  #
2484
- # @note PathElement is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of PathElement corresponding to the set member.
2485
- #
2486
2273
  # @!attribute [rw] index
2487
2274
  # Refers to an index in a JSON array.
2488
2275
  # @return [Integer]
@@ -2559,13 +2346,6 @@ module Aws::AccessAnalyzer
2559
2346
  # Contains the ARN details about the IAM entity for which the policy is
2560
2347
  # generated.
2561
2348
  #
2562
- # @note When making an API call, you may pass PolicyGenerationDetails
2563
- # data as a hash:
2564
- #
2565
- # {
2566
- # principal_arn: "PrincipalArn", # required
2567
- # }
2568
- #
2569
2349
  # @!attribute [rw] principal_arn
2570
2350
  # The ARN of the IAM entity (user or role) for which you are
2571
2351
  # generating a policy.
@@ -2604,6 +2384,164 @@ module Aws::AccessAnalyzer
2604
2384
  include Aws::Structure
2605
2385
  end
2606
2386
 
2387
+ # The values for a manual Amazon RDS DB cluster snapshot attribute.
2388
+ #
2389
+ # @!attribute [rw] account_ids
2390
+ # The Amazon Web Services account IDs that have access to the manual
2391
+ # Amazon RDS DB cluster snapshot. If the value `all` is specified,
2392
+ # then the Amazon RDS DB cluster snapshot is public and can be copied
2393
+ # or restored by all Amazon Web Services accounts.
2394
+ #
2395
+ # * If the configuration is for an existing Amazon RDS DB cluster
2396
+ # snapshot and you do not specify the `accountIds` in
2397
+ # `RdsDbClusterSnapshotAttributeValue`, then the access preview uses
2398
+ # the existing shared `accountIds` for the snapshot.
2399
+ #
2400
+ # * If the access preview is for a new resource and you do not specify
2401
+ # the specify the `accountIds` in
2402
+ # `RdsDbClusterSnapshotAttributeValue`, then the access preview
2403
+ # considers the snapshot without any attributes.
2404
+ #
2405
+ # * To propose deletion of existing shared `accountIds`, you can
2406
+ # specify an empty list for `accountIds` in the
2407
+ # `RdsDbClusterSnapshotAttributeValue`.
2408
+ # @return [Array<String>]
2409
+ #
2410
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbClusterSnapshotAttributeValue AWS API Documentation
2411
+ #
2412
+ class RdsDbClusterSnapshotAttributeValue < Struct.new(
2413
+ :account_ids,
2414
+ :unknown)
2415
+ SENSITIVE = []
2416
+ include Aws::Structure
2417
+ include Aws::Structure::Union
2418
+
2419
+ class AccountIds < RdsDbClusterSnapshotAttributeValue; end
2420
+ class Unknown < RdsDbClusterSnapshotAttributeValue; end
2421
+ end
2422
+
2423
+ # The proposed access control configuration for an Amazon RDS DB cluster
2424
+ # snapshot. You can propose a configuration for a new Amazon RDS DB
2425
+ # cluster snapshot or an Amazon RDS DB cluster snapshot that you own by
2426
+ # specifying the `RdsDbClusterSnapshotAttributeValue` and optional KMS
2427
+ # encryption key. For more information, see
2428
+ # [ModifyDBClusterSnapshotAttribute][1].
2429
+ #
2430
+ #
2431
+ #
2432
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html
2433
+ #
2434
+ # @!attribute [rw] attributes
2435
+ # The names and values of manual DB cluster snapshot attributes.
2436
+ # Manual DB cluster snapshot attributes are used to authorize other
2437
+ # Amazon Web Services accounts to restore a manual DB cluster
2438
+ # snapshot. The only valid value for `AttributeName` for the attribute
2439
+ # map is `restore`
2440
+ # @return [Hash<String,Types::RdsDbClusterSnapshotAttributeValue>]
2441
+ #
2442
+ # @!attribute [rw] kms_key_id
2443
+ # The KMS key identifier for an encrypted Amazon RDS DB cluster
2444
+ # snapshot. The KMS key identifier is the key ARN, key ID, alias ARN,
2445
+ # or alias name for the KMS key.
2446
+ #
2447
+ # * If the configuration is for an existing Amazon RDS DB cluster
2448
+ # snapshot and you do not specify the `kmsKeyId`, or you specify an
2449
+ # empty string, then the access preview uses the existing `kmsKeyId`
2450
+ # of the snapshot.
2451
+ #
2452
+ # * If the access preview is for a new resource and you do not specify
2453
+ # the specify the `kmsKeyId`, then the access preview considers the
2454
+ # snapshot as unencrypted.
2455
+ # @return [String]
2456
+ #
2457
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbClusterSnapshotConfiguration AWS API Documentation
2458
+ #
2459
+ class RdsDbClusterSnapshotConfiguration < Struct.new(
2460
+ :attributes,
2461
+ :kms_key_id)
2462
+ SENSITIVE = []
2463
+ include Aws::Structure
2464
+ end
2465
+
2466
+ # The name and values of a manual Amazon RDS DB snapshot attribute.
2467
+ # Manual DB snapshot attributes are used to authorize other Amazon Web
2468
+ # Services accounts to restore a manual DB snapshot.
2469
+ #
2470
+ # @!attribute [rw] account_ids
2471
+ # The Amazon Web Services account IDs that have access to the manual
2472
+ # Amazon RDS DB snapshot. If the value `all` is specified, then the
2473
+ # Amazon RDS DB snapshot is public and can be copied or restored by
2474
+ # all Amazon Web Services accounts.
2475
+ #
2476
+ # * If the configuration is for an existing Amazon RDS DB snapshot and
2477
+ # you do not specify the `accountIds` in
2478
+ # `RdsDbSnapshotAttributeValue`, then the access preview uses the
2479
+ # existing shared `accountIds` for the snapshot.
2480
+ #
2481
+ # * If the access preview is for a new resource and you do not specify
2482
+ # the specify the `accountIds` in `RdsDbSnapshotAttributeValue`,
2483
+ # then the access preview considers the snapshot without any
2484
+ # attributes.
2485
+ #
2486
+ # * To propose deletion of an existing shared `accountIds`, you can
2487
+ # specify an empty list for `accountIds` in the
2488
+ # `RdsDbSnapshotAttributeValue`.
2489
+ # @return [Array<String>]
2490
+ #
2491
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbSnapshotAttributeValue AWS API Documentation
2492
+ #
2493
+ class RdsDbSnapshotAttributeValue < Struct.new(
2494
+ :account_ids,
2495
+ :unknown)
2496
+ SENSITIVE = []
2497
+ include Aws::Structure
2498
+ include Aws::Structure::Union
2499
+
2500
+ class AccountIds < RdsDbSnapshotAttributeValue; end
2501
+ class Unknown < RdsDbSnapshotAttributeValue; end
2502
+ end
2503
+
2504
+ # The proposed access control configuration for an Amazon RDS DB
2505
+ # snapshot. You can propose a configuration for a new Amazon RDS DB
2506
+ # snapshot or an Amazon RDS DB snapshot that you own by specifying the
2507
+ # `RdsDbSnapshotAttributeValue` and optional KMS encryption key. For
2508
+ # more information, see [ModifyDBSnapshotAttribute][1].
2509
+ #
2510
+ #
2511
+ #
2512
+ # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html
2513
+ #
2514
+ # @!attribute [rw] attributes
2515
+ # The names and values of manual DB snapshot attributes. Manual DB
2516
+ # snapshot attributes are used to authorize other Amazon Web Services
2517
+ # accounts to restore a manual DB snapshot. The only valid value for
2518
+ # `attributeName` for the attribute map is restore.
2519
+ # @return [Hash<String,Types::RdsDbSnapshotAttributeValue>]
2520
+ #
2521
+ # @!attribute [rw] kms_key_id
2522
+ # The KMS key identifier for an encrypted Amazon RDS DB snapshot. The
2523
+ # KMS key identifier is the key ARN, key ID, alias ARN, or alias name
2524
+ # for the KMS key.
2525
+ #
2526
+ # * If the configuration is for an existing Amazon RDS DB snapshot and
2527
+ # you do not specify the `kmsKeyId`, or you specify an empty string,
2528
+ # then the access preview uses the existing `kmsKeyId` of the
2529
+ # snapshot.
2530
+ #
2531
+ # * If the access preview is for a new resource and you do not specify
2532
+ # the specify the `kmsKeyId`, then the access preview considers the
2533
+ # snapshot as unencrypted.
2534
+ # @return [String]
2535
+ #
2536
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbSnapshotConfiguration AWS API Documentation
2537
+ #
2538
+ class RdsDbSnapshotConfiguration < Struct.new(
2539
+ :attributes,
2540
+ :kms_key_id)
2541
+ SENSITIVE = []
2542
+ include Aws::Structure
2543
+ end
2544
+
2607
2545
  # The specified resource could not be found.
2608
2546
  #
2609
2547
  # @!attribute [rw] message
@@ -2643,24 +2581,6 @@ module Aws::AccessAnalyzer
2643
2581
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
2644
2582
  # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html
2645
2583
  #
2646
- # @note When making an API call, you may pass S3AccessPointConfiguration
2647
- # data as a hash:
2648
- #
2649
- # {
2650
- # access_point_policy: "AccessPointPolicy",
2651
- # public_access_block: {
2652
- # ignore_public_acls: false, # required
2653
- # restrict_public_buckets: false, # required
2654
- # },
2655
- # network_origin: {
2656
- # vpc_configuration: {
2657
- # vpc_id: "VpcId", # required
2658
- # },
2659
- # internet_configuration: {
2660
- # },
2661
- # },
2662
- # }
2663
- #
2664
2584
  # @!attribute [rw] access_point_policy
2665
2585
  # The access point or multi-region access point policy.
2666
2586
  # @return [String]
@@ -2697,17 +2617,6 @@ module Aws::AccessAnalyzer
2697
2617
  #
2698
2618
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#setting-acls
2699
2619
  #
2700
- # @note When making an API call, you may pass S3BucketAclGrantConfiguration
2701
- # data as a hash:
2702
- #
2703
- # {
2704
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
2705
- # grantee: { # required
2706
- # id: "AclCanonicalId",
2707
- # uri: "AclUri",
2708
- # },
2709
- # }
2710
- #
2711
2620
  # @!attribute [rw] permission
2712
2621
  # The permissions being granted.
2713
2622
  # @return [String]
@@ -2743,42 +2652,6 @@ module Aws::AccessAnalyzer
2743
2652
  #
2744
2653
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
2745
2654
  #
2746
- # @note When making an API call, you may pass S3BucketConfiguration
2747
- # data as a hash:
2748
- #
2749
- # {
2750
- # bucket_policy: "S3BucketPolicy",
2751
- # bucket_acl_grants: [
2752
- # {
2753
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
2754
- # grantee: { # required
2755
- # id: "AclCanonicalId",
2756
- # uri: "AclUri",
2757
- # },
2758
- # },
2759
- # ],
2760
- # bucket_public_access_block: {
2761
- # ignore_public_acls: false, # required
2762
- # restrict_public_buckets: false, # required
2763
- # },
2764
- # access_points: {
2765
- # "AccessPointArn" => {
2766
- # access_point_policy: "AccessPointPolicy",
2767
- # public_access_block: {
2768
- # ignore_public_acls: false, # required
2769
- # restrict_public_buckets: false, # required
2770
- # },
2771
- # network_origin: {
2772
- # vpc_configuration: {
2773
- # vpc_id: "VpcId", # required
2774
- # },
2775
- # internet_configuration: {
2776
- # },
2777
- # },
2778
- # },
2779
- # },
2780
- # }
2781
- #
2782
2655
  # @!attribute [rw] bucket_policy
2783
2656
  # The proposed bucket policy for the Amazon S3 bucket.
2784
2657
  # @return [String]
@@ -2828,14 +2701,6 @@ module Aws::AccessAnalyzer
2828
2701
  #
2829
2702
  # [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html
2830
2703
  #
2831
- # @note When making an API call, you may pass S3PublicAccessBlockConfiguration
2832
- # data as a hash:
2833
- #
2834
- # {
2835
- # ignore_public_acls: false, # required
2836
- # restrict_public_buckets: false, # required
2837
- # }
2838
- #
2839
2704
  # @!attribute [rw] ignore_public_acls
2840
2705
  # Specifies whether Amazon S3 should ignore public ACLs for this
2841
2706
  # bucket and objects in this bucket.
@@ -2878,14 +2743,6 @@ module Aws::AccessAnalyzer
2878
2743
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html
2879
2744
  # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html
2880
2745
  #
2881
- # @note When making an API call, you may pass SecretsManagerSecretConfiguration
2882
- # data as a hash:
2883
- #
2884
- # {
2885
- # kms_key_id: "SecretsManagerSecretKmsId",
2886
- # secret_policy: "SecretsManagerSecretPolicy",
2887
- # }
2888
- #
2889
2746
  # @!attribute [rw] kms_key_id
2890
2747
  # The proposed ARN, key ID, or alias of the KMS key.
2891
2748
  # @return [String]
@@ -2927,15 +2784,41 @@ module Aws::AccessAnalyzer
2927
2784
  include Aws::Structure
2928
2785
  end
2929
2786
 
2930
- # The criteria used to sort.
2787
+ # The proposed access control configuration for an Amazon SNS topic. You
2788
+ # can propose a configuration for a new Amazon SNS topic or an existing
2789
+ # Amazon SNS topic that you own by specifying the policy. If the
2790
+ # configuration is for an existing Amazon SNS topic and you do not
2791
+ # specify the Amazon SNS policy, then the access preview uses the
2792
+ # existing Amazon SNS policy for the topic. If the access preview is for
2793
+ # a new resource and you do not specify the policy, then the access
2794
+ # preview assumes an Amazon SNS topic without a policy. To propose
2795
+ # deletion of an existing Amazon SNS topic policy, you can specify an
2796
+ # empty string for the Amazon SNS policy. For more information, see
2797
+ # [Topic][1].
2798
+ #
2799
+ #
2800
+ #
2801
+ # [1]: https://docs.aws.amazon.com/sns/latest/api/API_Topic.html
2802
+ #
2803
+ # @!attribute [rw] topic_policy
2804
+ # The JSON policy text that defines who can access an Amazon SNS
2805
+ # topic. For more information, see [Example cases for Amazon SNS
2806
+ # access control][1] in the *Amazon SNS Developer Guide*.
2807
+ #
2931
2808
  #
2932
- # @note When making an API call, you may pass SortCriteria
2933
- # data as a hash:
2934
2809
  #
2935
- # {
2936
- # attribute_name: "String",
2937
- # order_by: "ASC", # accepts ASC, DESC
2938
- # }
2810
+ # [1]: https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html
2811
+ # @return [String]
2812
+ #
2813
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/SnsTopicConfiguration AWS API Documentation
2814
+ #
2815
+ class SnsTopicConfiguration < Struct.new(
2816
+ :topic_policy)
2817
+ SENSITIVE = []
2818
+ include Aws::Structure
2819
+ end
2820
+
2821
+ # The criteria used to sort.
2939
2822
  #
2940
2823
  # @!attribute [rw] attribute_name
2941
2824
  # The name of the attribute to sort on.
@@ -2990,13 +2873,6 @@ module Aws::AccessAnalyzer
2990
2873
  #
2991
2874
  # [1]: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-policies.html
2992
2875
  #
2993
- # @note When making an API call, you may pass SqsQueueConfiguration
2994
- # data as a hash:
2995
- #
2996
- # {
2997
- # queue_policy: "SqsQueuePolicy",
2998
- # }
2999
- #
3000
2876
  # @!attribute [rw] queue_policy
3001
2877
  # The proposed resource policy for the Amazon SQS queue.
3002
2878
  # @return [String]
@@ -3009,28 +2885,6 @@ module Aws::AccessAnalyzer
3009
2885
  include Aws::Structure
3010
2886
  end
3011
2887
 
3012
- # @note When making an API call, you may pass StartPolicyGenerationRequest
3013
- # data as a hash:
3014
- #
3015
- # {
3016
- # policy_generation_details: { # required
3017
- # principal_arn: "PrincipalArn", # required
3018
- # },
3019
- # cloud_trail_details: {
3020
- # trails: [ # required
3021
- # {
3022
- # cloud_trail_arn: "CloudTrailArn", # required
3023
- # regions: ["String"],
3024
- # all_regions: false,
3025
- # },
3026
- # ],
3027
- # access_role: "RoleArn", # required
3028
- # start_time: Time.now, # required
3029
- # end_time: Time.now,
3030
- # },
3031
- # client_token: "String",
3032
- # }
3033
- #
3034
2888
  # @!attribute [rw] policy_generation_details
3035
2889
  # Contains the ARN of the IAM entity (user or role) for which you are
3036
2890
  # generating a policy.
@@ -3083,14 +2937,6 @@ module Aws::AccessAnalyzer
3083
2937
 
3084
2938
  # Starts a scan of the policies applied to the specified resource.
3085
2939
  #
3086
- # @note When making an API call, you may pass StartResourceScanRequest
3087
- # data as a hash:
3088
- #
3089
- # {
3090
- # analyzer_arn: "AnalyzerArn", # required
3091
- # resource_arn: "ResourceArn", # required
3092
- # }
3093
- #
3094
2940
  # @!attribute [rw] analyzer_arn
3095
2941
  # The [ARN of the analyzer][1] to use to scan the policies applied to
3096
2942
  # the specified resource.
@@ -3104,11 +2950,18 @@ module Aws::AccessAnalyzer
3104
2950
  # The ARN of the resource to scan.
3105
2951
  # @return [String]
3106
2952
  #
2953
+ # @!attribute [rw] resource_owner_account
2954
+ # The Amazon Web Services account ID that owns the resource. For most
2955
+ # Amazon Web Services resources, the owning account is the account in
2956
+ # which the resource was created.
2957
+ # @return [String]
2958
+ #
3107
2959
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartResourceScanRequest AWS API Documentation
3108
2960
  #
3109
2961
  class StartResourceScanRequest < Struct.new(
3110
2962
  :analyzer_arn,
3111
- :resource_arn)
2963
+ :resource_arn,
2964
+ :resource_owner_account)
3112
2965
  SENSITIVE = []
3113
2966
  include Aws::Structure
3114
2967
  end
@@ -3152,16 +3005,6 @@ module Aws::AccessAnalyzer
3152
3005
 
3153
3006
  # Adds a tag to the specified resource.
3154
3007
  #
3155
- # @note When making an API call, you may pass TagResourceRequest
3156
- # data as a hash:
3157
- #
3158
- # {
3159
- # resource_arn: "String", # required
3160
- # tags: { # required
3161
- # "String" => "String",
3162
- # },
3163
- # }
3164
- #
3165
3008
  # @!attribute [rw] resource_arn
3166
3009
  # The ARN of the resource to add the tag to.
3167
3010
  # @return [String]
@@ -3206,15 +3049,6 @@ module Aws::AccessAnalyzer
3206
3049
  # Contains details about the CloudTrail trail being analyzed to generate
3207
3050
  # a policy.
3208
3051
  #
3209
- # @note When making an API call, you may pass Trail
3210
- # data as a hash:
3211
- #
3212
- # {
3213
- # cloud_trail_arn: "CloudTrailArn", # required
3214
- # regions: ["String"],
3215
- # all_regions: false,
3216
- # }
3217
- #
3218
3052
  # @!attribute [rw] cloud_trail_arn
3219
3053
  # Specifies the ARN of the trail. The format of a trail ARN is
3220
3054
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
@@ -3272,14 +3106,6 @@ module Aws::AccessAnalyzer
3272
3106
 
3273
3107
  # Removes a tag from the specified resource.
3274
3108
  #
3275
- # @note When making an API call, you may pass UntagResourceRequest
3276
- # data as a hash:
3277
- #
3278
- # {
3279
- # resource_arn: "String", # required
3280
- # tag_keys: ["String"], # required
3281
- # }
3282
- #
3283
3109
  # @!attribute [rw] resource_arn
3284
3110
  # The ARN of the resource to remove the tag from.
3285
3111
  # @return [String]
@@ -3305,23 +3131,6 @@ module Aws::AccessAnalyzer
3305
3131
 
3306
3132
  # Updates the specified archive rule.
3307
3133
  #
3308
- # @note When making an API call, you may pass UpdateArchiveRuleRequest
3309
- # data as a hash:
3310
- #
3311
- # {
3312
- # analyzer_name: "Name", # required
3313
- # rule_name: "Name", # required
3314
- # filter: { # required
3315
- # "String" => {
3316
- # eq: ["String"],
3317
- # neq: ["String"],
3318
- # contains: ["String"],
3319
- # exists: false,
3320
- # },
3321
- # },
3322
- # client_token: "String",
3323
- # }
3324
- #
3325
3134
  # @!attribute [rw] analyzer_name
3326
3135
  # The name of the analyzer to update the archive rules for.
3327
3136
  # @return [String]
@@ -3355,17 +3164,6 @@ module Aws::AccessAnalyzer
3355
3164
 
3356
3165
  # Updates findings with the new values provided in the request.
3357
3166
  #
3358
- # @note When making an API call, you may pass UpdateFindingsRequest
3359
- # data as a hash:
3360
- #
3361
- # {
3362
- # analyzer_arn: "AnalyzerArn", # required
3363
- # status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
3364
- # ids: ["FindingId"],
3365
- # resource_arn: "ResourceArn",
3366
- # client_token: "String",
3367
- # }
3368
- #
3369
3167
  # @!attribute [rw] analyzer_arn
3370
3168
  # The [ARN of the analyzer][1] that generated the findings to update.
3371
3169
  #
@@ -3458,18 +3256,6 @@ module Aws::AccessAnalyzer
3458
3256
  include Aws::Structure
3459
3257
  end
3460
3258
 
3461
- # @note When making an API call, you may pass ValidatePolicyRequest
3462
- # data as a hash:
3463
- #
3464
- # {
3465
- # locale: "DE", # accepts DE, EN, ES, FR, IT, JA, KO, PT_BR, ZH_CN, ZH_TW
3466
- # max_results: 1,
3467
- # next_token: "Token",
3468
- # policy_document: "PolicyDocument", # required
3469
- # policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
3470
- # validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
3471
- # }
3472
- #
3473
3259
  # @!attribute [rw] locale
3474
3260
  # The locale to use for localizing the findings.
3475
3261
  # @return [String]
@@ -3596,13 +3382,6 @@ module Aws::AccessAnalyzer
3596
3382
  #
3597
3383
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html
3598
3384
  #
3599
- # @note When making an API call, you may pass VpcConfiguration
3600
- # data as a hash:
3601
- #
3602
- # {
3603
- # vpc_id: "VpcId", # required
3604
- # }
3605
- #
3606
3385
  # @!attribute [rw] vpc_id
3607
3386
  # If this field is specified, this access point will only allow
3608
3387
  # connections from the specified VPC ID.