aws-sdk-accessanalyzer 1.30.0 → 1.32.0

data/lib/aws-sdk-accessanalyzer/types.rb

@@ -259,10 +259,6 @@ module Aws::AccessAnalyzer
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html
     #
-    # @note AclGrantee is a union - when making an API calls you must set exactly one of the members.
-    #
-    # @note AclGrantee is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of AclGrantee corresponding to the set member.
-    #
     # @!attribute [rw] id
     #   The value specified is the canonical user ID of an Amazon Web
     #   Services account.
@@ -447,15 +443,6 @@ module Aws::AccessAnalyzer
 
     # Retroactively applies an archive rule.
     #
-    # @note When making an API call, you may pass ApplyArchiveRuleRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_arn: "AnalyzerArn", # required
-    #         rule_name: "Name", # required
-    #         client_token: "String",
-    #       }
-    #
     # @!attribute [rw] analyzer_arn
     #   The Amazon resource name (ARN) of the analyzer.
     #   @return [String]
@@ -510,13 +497,6 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass CancelPolicyGenerationRequest
-    #   data as a hash:
-    #
-    #       {
-    #         job_id: "JobId", # required
-    #       }
-    #
     # @!attribute [rw] job_id
     #   The `JobId` that is returned by the `StartPolicyGeneration`
     #   operation. The `JobId` can be used with `GetGeneratedPolicy` to
@@ -538,22 +518,6 @@ module Aws::AccessAnalyzer
 
     # Contains information about CloudTrail access.
     #
-    # @note When making an API call, you may pass CloudTrailDetails
-    #   data as a hash:
-    #
-    #       {
-    #         trails: [ # required
-    #           {
-    #             cloud_trail_arn: "CloudTrailArn", # required
-    #             regions: ["String"],
-    #             all_regions: false,
-    #           },
-    #         ],
-    #         access_role: "RoleArn", # required
-    #         start_time: Time.now, # required
-    #         end_time: Time.now,
-    #       }
-    #
     # @!attribute [rw] trails
     #   A `Trail` object that contains settings for a trail.
     #   @return [Array<Types::Trail>]
@@ -621,18 +585,36 @@ module Aws::AccessAnalyzer
     # the configuration as a type-value pair. You can specify only one type
     # of access control configuration.
     #
-    # @note Configuration is a union - when making an API calls you must set exactly one of the members.
+    # @!attribute [rw] ebs_snapshot
+    #   The access control configuration is for an Amazon EBS volume
+    #   snapshot.
+    #   @return [Types::EbsSnapshotConfiguration]
     #
-    # @note Configuration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Configuration corresponding to the set member.
+    # @!attribute [rw] ecr_repository
+    #   The access control configuration is for an Amazon ECR repository.
+    #   @return [Types::EcrRepositoryConfiguration]
     #
     # @!attribute [rw] iam_role
     #   The access control configuration is for an IAM role.
     #   @return [Types::IamRoleConfiguration]
     #
+    # @!attribute [rw] efs_file_system
+    #   The access control configuration is for an Amazon EFS file system.
+    #   @return [Types::EfsFileSystemConfiguration]
+    #
     # @!attribute [rw] kms_key
     #   The access control configuration is for a KMS key.
     #   @return [Types::KmsKeyConfiguration]
     #
+    # @!attribute [rw] rds_db_cluster_snapshot
+    #   The access control configuration is for an Amazon RDS DB cluster
+    #   snapshot.
+    #   @return [Types::RdsDbClusterSnapshotConfiguration]
+    #
+    # @!attribute [rw] rds_db_snapshot
+    #   The access control configuration is for an Amazon RDS DB snapshot.
+    #   @return [Types::RdsDbSnapshotConfiguration]
+    #
     # @!attribute [rw] secrets_manager_secret
     #   The access control configuration is for a Secrets Manager secret.
     #   @return [Types::SecretsManagerSecretConfiguration]
@@ -641,6 +623,10 @@ module Aws::AccessAnalyzer
     #   The access control configuration is for an Amazon S3 Bucket.
     #   @return [Types::S3BucketConfiguration]
     #
+    # @!attribute [rw] sns_topic
+    #   The access control configuration is for an Amazon SNS topic
+    #   @return [Types::SnsTopicConfiguration]
+    #
     # @!attribute [rw] sqs_queue
     #   The access control configuration is for an Amazon SQS queue.
     #   @return [Types::SqsQueueConfiguration]
@@ -648,20 +634,32 @@ module Aws::AccessAnalyzer
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Configuration AWS API Documentation
     #
     class Configuration < Struct.new(
+      :ebs_snapshot,
+      :ecr_repository,
       :iam_role,
+      :efs_file_system,
       :kms_key,
+      :rds_db_cluster_snapshot,
+      :rds_db_snapshot,
       :secrets_manager_secret,
       :s3_bucket,
+      :sns_topic,
       :sqs_queue,
       :unknown)
       SENSITIVE = []
       include Aws::Structure
       include Aws::Structure::Union
 
+      class EbsSnapshot < Configuration; end
+      class EcrRepository < Configuration; end
       class IamRole < Configuration; end
+      class EfsFileSystem < Configuration; end
       class KmsKey < Configuration; end
+      class RdsDbClusterSnapshot < Configuration; end
+      class RdsDbSnapshot < Configuration; end
       class SecretsManagerSecret < Configuration; end
       class S3Bucket < Configuration; end
+      class SnsTopic < Configuration; end
       class SqsQueue < Configuration; end
       class Unknown < Configuration; end
     end
@@ -689,81 +687,6 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass CreateAccessPreviewRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_arn: "AnalyzerArn", # required
-    #         configurations: { # required
-    #           "ConfigurationsMapKey" => {
-    #             iam_role: {
-    #               trust_policy: "IamTrustPolicy",
-    #             },
-    #             kms_key: {
-    #               key_policies: {
-    #                 "PolicyName" => "KmsKeyPolicy",
-    #               },
-    #               grants: [
-    #                 {
-    #                   operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
-    #                   grantee_principal: "GranteePrincipal", # required
-    #                   retiring_principal: "RetiringPrincipal",
-    #                   constraints: {
-    #                     encryption_context_equals: {
-    #                       "KmsConstraintsKey" => "KmsConstraintsValue",
-    #                     },
-    #                     encryption_context_subset: {
-    #                       "KmsConstraintsKey" => "KmsConstraintsValue",
-    #                     },
-    #                   },
-    #                   issuing_account: "IssuingAccount", # required
-    #                 },
-    #               ],
-    #             },
-    #             secrets_manager_secret: {
-    #               kms_key_id: "SecretsManagerSecretKmsId",
-    #               secret_policy: "SecretsManagerSecretPolicy",
-    #             },
-    #             s3_bucket: {
-    #               bucket_policy: "S3BucketPolicy",
-    #               bucket_acl_grants: [
-    #                 {
-    #                   permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
-    #                   grantee: { # required
-    #                     id: "AclCanonicalId",
-    #                     uri: "AclUri",
-    #                   },
-    #                 },
-    #               ],
-    #               bucket_public_access_block: {
-    #                 ignore_public_acls: false, # required
-    #                 restrict_public_buckets: false, # required
-    #               },
-    #               access_points: {
-    #                 "AccessPointArn" => {
-    #                   access_point_policy: "AccessPointPolicy",
-    #                   public_access_block: {
-    #                     ignore_public_acls: false, # required
-    #                     restrict_public_buckets: false, # required
-    #                   },
-    #                   network_origin: {
-    #                     vpc_configuration: {
-    #                       vpc_id: "VpcId", # required
-    #                     },
-    #                     internet_configuration: {
-    #                     },
-    #                   },
-    #                 },
-    #               },
-    #             },
-    #             sqs_queue: {
-    #               queue_policy: "SqsQueuePolicy",
-    #             },
-    #           },
-    #         },
-    #         client_token: "String",
-    #       }
-    #
     # @!attribute [rw] analyzer_arn
     #   The [ARN of the account analyzer][1] used to generate the access
     #   preview. You can only create an access preview for analyzers with an
@@ -813,31 +736,6 @@ module Aws::AccessAnalyzer
 
     # Creates an analyzer.
     #
-    # @note When making an API call, you may pass CreateAnalyzerRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_name: "Name", # required
-    #         type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
-    #         archive_rules: [
-    #           {
-    #             rule_name: "Name", # required
-    #             filter: { # required
-    #               "String" => {
-    #                 eq: ["String"],
-    #                 neq: ["String"],
-    #                 contains: ["String"],
-    #                 exists: false,
-    #               },
-    #             },
-    #           },
-    #         ],
-    #         tags: {
-    #           "String" => "String",
-    #         },
-    #         client_token: "String",
-    #       }
-    #
     # @!attribute [rw] analyzer_name
     #   The name of the analyzer to create.
     #   @return [String]
@@ -894,23 +792,6 @@ module Aws::AccessAnalyzer
 
     # Creates an archive rule.
     #
-    # @note When making an API call, you may pass CreateArchiveRuleRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_name: "Name", # required
-    #         rule_name: "Name", # required
-    #         filter: { # required
-    #           "String" => {
-    #             eq: ["String"],
-    #             neq: ["String"],
-    #             contains: ["String"],
-    #             exists: false,
-    #           },
-    #         },
-    #         client_token: "String",
-    #       }
-    #
     # @!attribute [rw] analyzer_name
     #   The name of the created analyzer.
     #   @return [String]
@@ -941,17 +822,13 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # The criteria to use in the filter that defines the archive rule.
+    # The criteria to use in the filter that defines the archive rule. For
+    # more information on available filter keys, see [IAM Access Analyzer
+    # filter keys][1].
+    #
     #
-    # @note When making an API call, you may pass Criterion
-    #   data as a hash:
     #
-    #       {
-    #         eq: ["String"],
-    #         neq: ["String"],
-    #         contains: ["String"],
-    #         exists: false,
-    #       }
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
     #
     # @!attribute [rw] eq
     #   An "equals" operator to match for the filter used to create the
@@ -986,14 +863,6 @@ module Aws::AccessAnalyzer
 
     # Deletes an analyzer.
     #
-    # @note When making an API call, you may pass DeleteAnalyzerRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_name: "Name", # required
-    #         client_token: "String",
-    #       }
-    #
     # @!attribute [rw] analyzer_name
     #   The name of the analyzer to delete.
     #   @return [String]
@@ -1016,15 +885,6 @@ module Aws::AccessAnalyzer
 
     # Deletes an archive rule.
     #
-    # @note When making an API call, you may pass DeleteArchiveRuleRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_name: "Name", # required
-    #         rule_name: "Name", # required
-    #         client_token: "String",
-    #       }
-    #
     # @!attribute [rw] analyzer_name
     #   The name of the analyzer that associated with the archive rule to
     #   delete.
@@ -1051,6 +911,152 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # The proposed access control configuration for an Amazon EBS volume
+    # snapshot. You can propose a configuration for a new Amazon EBS volume
+    # snapshot or an Amazon EBS volume snapshot that you own by specifying
+    # the user IDs, groups, and optional KMS encryption key. For more
+    # information, see [ModifySnapshotAttribute][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html
+    #
+    # @!attribute [rw] user_ids
+    #   The IDs of the Amazon Web Services accounts that have access to the
+    #   Amazon EBS volume snapshot.
+    #
+    #   * If the configuration is for an existing Amazon EBS volume snapshot
+    #     and you do not specify the `userIds`, then the access preview uses
+    #     the existing shared `userIds` for the snapshot.
+    #
+    #   * If the access preview is for a new resource and you do not specify
+    #     the `userIds`, then the access preview considers the snapshot
+    #     without any `userIds`.
+    #
+    #   * To propose deletion of existing shared `accountIds`, you can
+    #     specify an empty list for `userIds`.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] groups
+    #   The groups that have access to the Amazon EBS volume snapshot. If
+    #   the value `all` is specified, then the Amazon EBS volume snapshot is
+    #   public.
+    #
+    #   * If the configuration is for an existing Amazon EBS volume snapshot
+    #     and you do not specify the `groups`, then the access preview uses
+    #     the existing shared `groups` for the snapshot.
+    #
+    #   * If the access preview is for a new resource and you do not specify
+    #     the `groups`, then the access preview considers the snapshot
+    #     without any `groups`.
+    #
+    #   * To propose deletion of existing shared `groups`, you can specify
+    #     an empty list for `groups`.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] kms_key_id
+    #   The KMS key identifier for an encrypted Amazon EBS volume snapshot.
+    #   The KMS key identifier is the key ARN, key ID, alias ARN, or alias
+    #   name for the KMS key.
+    #
+    #   * If the configuration is for an existing Amazon EBS volume snapshot
+    #     and you do not specify the `kmsKeyId`, or you specify an empty
+    #     string, then the access preview uses the existing `kmsKeyId` of
+    #     the snapshot.
+    #
+    #   * If the access preview is for a new resource and you do not specify
+    #     the `kmsKeyId`, the access preview considers the snapshot as
+    #     unencrypted.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EbsSnapshotConfiguration AWS API Documentation
+    #
+    class EbsSnapshotConfiguration < Struct.new(
+      :user_ids,
+      :groups,
+      :kms_key_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The proposed access control configuration for an Amazon ECR
+    # repository. You can propose a configuration for a new Amazon ECR
+    # repository or an existing Amazon ECR repository that you own by
+    # specifying the Amazon ECR policy. For more information, see
+    # [Repository][1].
+    #
+    # * If the configuration is for an existing Amazon ECR repository and
+    #   you do not specify the Amazon ECR policy, then the access preview
+    #   uses the existing Amazon ECR policy for the repository.
+    #
+    # * If the access preview is for a new resource and you do not specify
+    #   the policy, then the access preview assumes an Amazon ECR repository
+    #   without a policy.
+    #
+    # * To propose deletion of an existing Amazon ECR repository policy, you
+    #   can specify an empty string for the Amazon ECR policy.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html
+    #
+    # @!attribute [rw] repository_policy
+    #   The JSON repository policy text to apply to the Amazon ECR
+    #   repository. For more information, see [Private repository policy
+    #   examples][1] in the *Amazon ECR User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EcrRepositoryConfiguration AWS API Documentation
+    #
+    class EcrRepositoryConfiguration < Struct.new(
+      :repository_policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The proposed access control configuration for an Amazon EFS file
+    # system. You can propose a configuration for a new Amazon EFS file
+    # system or an existing Amazon EFS file system that you own by
+    # specifying the Amazon EFS policy. For more information, see [Using
+    # file systems in Amazon EFS][1].
+    #
+    # * If the configuration is for an existing Amazon EFS file system and
+    #   you do not specify the Amazon EFS policy, then the access preview
+    #   uses the existing Amazon EFS policy for the file system.
+    #
+    # * If the access preview is for a new resource and you do not specify
+    #   the policy, then the access preview assumes an Amazon EFS file
+    #   system without a policy.
+    #
+    # * To propose deletion of an existing Amazon EFS file system policy,
+    #   you can specify an empty string for the Amazon EFS policy.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/efs/latest/ug/using-fs.html
+    #
+    # @!attribute [rw] file_system_policy
+    #   The JSON policy definition to apply to the Amazon EFS file system.
+    #   For more information on the elements that make up a file system
+    #   policy, see [Amazon EFS Resource-based policies][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EfsFileSystemConfiguration AWS API Documentation
+    #
+    class EfsFileSystemConfiguration < Struct.new(
+      :file_system_policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains information about a finding.
     #
     # @!attribute [rw] id
@@ -1167,10 +1173,16 @@ module Aws::AccessAnalyzer
     #   multi-region access point.
     #   @return [String]
     #
+    # @!attribute [rw] access_point_account
+    #   The account of the cross-account access point that generated the
+    #   finding.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSourceDetail AWS API Documentation
     #
     class FindingSourceDetail < Struct.new(
-      :access_point_arn)
+      :access_point_arn,
+      :access_point_account)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1332,14 +1344,6 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetAccessPreviewRequest
-    #   data as a hash:
-    #
-    #       {
-    #         access_preview_id: "AccessPreviewId", # required
-    #         analyzer_arn: "AnalyzerArn", # required
-    #       }
-    #
     # @!attribute [rw] access_preview_id
     #   The unique ID for the access preview.
     #   @return [String]
@@ -1375,14 +1379,6 @@ module Aws::AccessAnalyzer
 
     # Retrieves an analyzed resource.
     #
-    # @note When making an API call, you may pass GetAnalyzedResourceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_arn: "AnalyzerArn", # required
-    #         resource_arn: "ResourceArn", # required
-    #       }
-    #
     # @!attribute [rw] analyzer_arn
     #   The [ARN of the analyzer][1] to retrieve information from.
     #
@@ -1421,13 +1417,6 @@ module Aws::AccessAnalyzer
 
     # Retrieves an analyzer.
     #
-    # @note When making an API call, you may pass GetAnalyzerRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_name: "Name", # required
-    #       }
-    #
     # @!attribute [rw] analyzer_name
     #   The name of the analyzer retrieved.
     #   @return [String]
@@ -1457,14 +1446,6 @@ module Aws::AccessAnalyzer
 
     # Retrieves an archive rule.
     #
-    # @note When making an API call, you may pass GetArchiveRuleRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_name: "Name", # required
-    #         rule_name: "Name", # required
-    #       }
-    #
     # @!attribute [rw] analyzer_name
     #   The name of the analyzer to retrieve rules from.
     #   @return [String]
@@ -1498,14 +1479,6 @@ module Aws::AccessAnalyzer
 
     # Retrieves a finding.
     #
-    # @note When making an API call, you may pass GetFindingRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_arn: "AnalyzerArn", # required
-    #         id: "FindingId", # required
-    #       }
-    #
     # @!attribute [rw] analyzer_arn
     #   The [ARN of the analyzer][1] that generated the finding.
     #
@@ -1541,15 +1514,6 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetGeneratedPolicyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         job_id: "JobId", # required
-    #         include_resource_placeholders: false,
-    #         include_service_level_template: false,
-    #       }
-    #
     # @!attribute [rw] job_id
     #   The `JobId` that is returned by the `StartPolicyGeneration`
     #   operation. The `JobId` can be used with `GetGeneratedPolicy` to
@@ -1619,13 +1583,6 @@ module Aws::AccessAnalyzer
     #
     # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
     #
-    # @note When making an API call, you may pass IamRoleConfiguration
-    #   data as a hash:
-    #
-    #       {
-    #         trust_policy: "IamTrustPolicy",
-    #       }
-    #
     # @!attribute [rw] trust_policy
     #   The proposed trust policy for the IAM role.
     #   @return [String]
@@ -1641,21 +1598,6 @@ module Aws::AccessAnalyzer
     # An criterion statement in an archive rule. Each archive rule may have
     # multiple criteria.
     #
-    # @note When making an API call, you may pass InlineArchiveRule
-    #   data as a hash:
-    #
-    #       {
-    #         rule_name: "Name", # required
-    #         filter: { # required
-    #           "String" => {
-    #             eq: ["String"],
-    #             neq: ["String"],
-    #             contains: ["String"],
-    #             exists: false,
-    #           },
-    #         },
-    #       }
-    #
     # @!attribute [rw] rule_name
     #   The name of the rule.
     #   @return [String]
@@ -1694,8 +1636,6 @@ module Aws::AccessAnalyzer
     # This configuration sets the network origin for the Amazon S3 access
     # point or multi-region access point to `Internet`.
     #
-    # @api private
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternetConfiguration AWS API Documentation
     #
     class InternetConfiguration < Aws::EmptyStructure; end
@@ -1764,24 +1704,6 @@ module Aws::AccessAnalyzer
     #
     # [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html
     #
-    # @note When making an API call, you may pass KmsGrantConfiguration
-    #   data as a hash:
-    #
-    #       {
-    #         operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
-    #         grantee_principal: "GranteePrincipal", # required
-    #         retiring_principal: "RetiringPrincipal",
-    #         constraints: {
-    #           encryption_context_equals: {
-    #             "KmsConstraintsKey" => "KmsConstraintsValue",
-    #           },
-    #           encryption_context_subset: {
-    #             "KmsConstraintsKey" => "KmsConstraintsValue",
-    #           },
-    #         },
-    #         issuing_account: "IssuingAccount", # required
-    #       }
-    #
     # @!attribute [rw] operations
     #   A list of operations that the grant permits.
     #   @return [Array<String>]
@@ -1841,18 +1763,6 @@ module Aws::AccessAnalyzer
     # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
     # [3]: https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html
     #
-    # @note When making an API call, you may pass KmsGrantConstraints
-    #   data as a hash:
-    #
-    #       {
-    #         encryption_context_equals: {
-    #           "KmsConstraintsKey" => "KmsConstraintsValue",
-    #         },
-    #         encryption_context_subset: {
-    #           "KmsConstraintsKey" => "KmsConstraintsValue",
-    #         },
-    #       }
-    #
     # @!attribute [rw] encryption_context_equals
     #   A list of key-value pairs that must match the encryption context in
     #   the [cryptographic operation][1] request. The grant allows the
@@ -1903,31 +1813,6 @@ module Aws::AccessAnalyzer
     # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
     # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html
     #
-    # @note When making an API call, you may pass KmsKeyConfiguration
-    #   data as a hash:
-    #
-    #       {
-    #         key_policies: {
-    #           "PolicyName" => "KmsKeyPolicy",
-    #         },
-    #         grants: [
-    #           {
-    #             operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
-    #             grantee_principal: "GranteePrincipal", # required
-    #             retiring_principal: "RetiringPrincipal",
-    #             constraints: {
-    #               encryption_context_equals: {
-    #                 "KmsConstraintsKey" => "KmsConstraintsValue",
-    #               },
-    #               encryption_context_subset: {
-    #                 "KmsConstraintsKey" => "KmsConstraintsValue",
-    #               },
-    #             },
-    #             issuing_account: "IssuingAccount", # required
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] key_policies
     #   Resource policy configuration for the KMS key. The only valid value
     #   for the name of the key policy is `default`. For more information,
@@ -1955,24 +1840,6 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListAccessPreviewFindingsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         access_preview_id: "AccessPreviewId", # required
-    #         analyzer_arn: "AnalyzerArn", # required
-    #         filter: {
-    #           "String" => {
-    #             eq: ["String"],
-    #             neq: ["String"],
-    #             contains: ["String"],
-    #             exists: false,
-    #           },
-    #         },
-    #         next_token: "Token",
-    #         max_results: 1,
-    #       }
-    #
     # @!attribute [rw] access_preview_id
     #   The unique ID for the access preview.
     #   @return [String]
@@ -2027,15 +1894,6 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListAccessPreviewsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_arn: "AnalyzerArn", # required
-    #         next_token: "Token",
-    #         max_results: 1,
-    #       }
-    #
     # @!attribute [rw] analyzer_arn
     #   The [ARN of the analyzer][1] used to generate the access preview.
     #
@@ -2081,16 +1939,6 @@ module Aws::AccessAnalyzer
 
     # Retrieves a list of resources that have been analyzed.
     #
-    # @note When making an API call, you may pass ListAnalyzedResourcesRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_arn: "AnalyzerArn", # required
-    #         resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
-    #         next_token: "Token",
-    #         max_results: 1,
-    #       }
-    #
     # @!attribute [rw] analyzer_arn
     #   The [ARN of the analyzer][1] to retrieve a list of analyzed
     #   resources from.
@@ -2144,15 +1992,6 @@ module Aws::AccessAnalyzer
 
     # Retrieves a list of analyzers.
     #
-    # @note When making an API call, you may pass ListAnalyzersRequest
-    #   data as a hash:
-    #
-    #       {
-    #         next_token: "Token",
-    #         max_results: 1,
-    #         type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
-    #       }
-    #
     # @!attribute [rw] next_token
     #   A token used for pagination of results returned.
     #   @return [String]
@@ -2196,15 +2035,6 @@ module Aws::AccessAnalyzer
 
     # Retrieves a list of archive rules created for the specified analyzer.
     #
-    # @note When making an API call, you may pass ListArchiveRulesRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_name: "Name", # required
-    #         next_token: "Token",
-    #         max_results: 1,
-    #       }
-    #
     # @!attribute [rw] analyzer_name
     #   The name of the analyzer to retrieve rules from.
     #   @return [String]
@@ -2248,27 +2078,6 @@ module Aws::AccessAnalyzer
 
     # Retrieves a list of findings generated by the specified analyzer.
     #
-    # @note When making an API call, you may pass ListFindingsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_arn: "AnalyzerArn", # required
-    #         filter: {
-    #           "String" => {
-    #             eq: ["String"],
-    #             neq: ["String"],
-    #             contains: ["String"],
-    #             exists: false,
-    #           },
-    #         },
-    #         sort: {
-    #           attribute_name: "String",
-    #           order_by: "ASC", # accepts ASC, DESC
-    #         },
-    #         next_token: "Token",
-    #         max_results: 1,
-    #       }
-    #
     # @!attribute [rw] analyzer_arn
     #   The [ARN of the analyzer][1] to retrieve findings from.
     #
@@ -2325,15 +2134,6 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListPolicyGenerationsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         principal_arn: "PrincipalArn",
-    #         max_results: 1,
-    #         next_token: "Token",
-    #       }
-    #
     # @!attribute [rw] principal_arn
     #   The ARN of the IAM entity (user or role) for which you are
     #   generating a policy. Use this with `ListGeneratedPolicies` to filter
@@ -2378,13 +2178,6 @@ module Aws::AccessAnalyzer
 
     # Retrieves a list of tags applied to the specified resource.
     #
-    # @note When making an API call, you may pass ListTagsForResourceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         resource_arn: "String", # required
-    #       }
-    #
     # @!attribute [rw] resource_arn
     #   The ARN of the resource to retrieve tags from.
     #   @return [String]
@@ -2443,10 +2236,6 @@ module Aws::AccessAnalyzer
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
     #
-    # @note NetworkOriginConfiguration is a union - when making an API calls you must set exactly one of the members.
-    #
-    # @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
-    #
     # @!attribute [rw] vpc_configuration
     #   The proposed virtual private cloud (VPC) configuration for the
     #   Amazon S3 access point. VPC configuration does not apply to
@@ -2481,8 +2270,6 @@ module Aws::AccessAnalyzer
     # A single element in a path through the JSON representation of a
     # policy.
     #
-    # @note PathElement is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of PathElement corresponding to the set member.
-    #
     # @!attribute [rw] index
     #   Refers to an index in a JSON array.
     #   @return [Integer]
@@ -2559,13 +2346,6 @@ module Aws::AccessAnalyzer
     # Contains the ARN details about the IAM entity for which the policy is
     # generated.
     #
-    # @note When making an API call, you may pass PolicyGenerationDetails
-    #   data as a hash:
-    #
-    #       {
-    #         principal_arn: "PrincipalArn", # required
-    #       }
-    #
     # @!attribute [rw] principal_arn
     #   The ARN of the IAM entity (user or role) for which you are
     #   generating a policy.
@@ -2604,6 +2384,164 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # The values for a manual Amazon RDS DB cluster snapshot attribute.
+    #
+    # @!attribute [rw] account_ids
+    #   The Amazon Web Services account IDs that have access to the manual
+    #   Amazon RDS DB cluster snapshot. If the value `all` is specified,
+    #   then the Amazon RDS DB cluster snapshot is public and can be copied
+    #   or restored by all Amazon Web Services accounts.
+    #
+    #   * If the configuration is for an existing Amazon RDS DB cluster
+    #     snapshot and you do not specify the `accountIds` in
+    #     `RdsDbClusterSnapshotAttributeValue`, then the access preview uses
+    #     the existing shared `accountIds` for the snapshot.
+    #
+    #   * If the access preview is for a new resource and you do not specify
+    #     the specify the `accountIds` in
+    #     `RdsDbClusterSnapshotAttributeValue`, then the access preview
+    #     considers the snapshot without any attributes.
+    #
+    #   * To propose deletion of existing shared `accountIds`, you can
+    #     specify an empty list for `accountIds` in the
+    #     `RdsDbClusterSnapshotAttributeValue`.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbClusterSnapshotAttributeValue AWS API Documentation
+    #
+    class RdsDbClusterSnapshotAttributeValue < Struct.new(
+      :account_ids,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class AccountIds < RdsDbClusterSnapshotAttributeValue; end
+      class Unknown < RdsDbClusterSnapshotAttributeValue; end
+    end
+
+    # The proposed access control configuration for an Amazon RDS DB cluster
+    # snapshot. You can propose a configuration for a new Amazon RDS DB
+    # cluster snapshot or an Amazon RDS DB cluster snapshot that you own by
+    # specifying the `RdsDbClusterSnapshotAttributeValue` and optional KMS
+    # encryption key. For more information, see
+    # [ModifyDBClusterSnapshotAttribute][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html
+    #
+    # @!attribute [rw] attributes
+    #   The names and values of manual DB cluster snapshot attributes.
+    #   Manual DB cluster snapshot attributes are used to authorize other
+    #   Amazon Web Services accounts to restore a manual DB cluster
+    #   snapshot. The only valid value for `AttributeName` for the attribute
+    #   map is `restore`
+    #   @return [Hash<String,Types::RdsDbClusterSnapshotAttributeValue>]
+    #
+    # @!attribute [rw] kms_key_id
+    #   The KMS key identifier for an encrypted Amazon RDS DB cluster
+    #   snapshot. The KMS key identifier is the key ARN, key ID, alias ARN,
+    #   or alias name for the KMS key.
+    #
+    #   * If the configuration is for an existing Amazon RDS DB cluster
+    #     snapshot and you do not specify the `kmsKeyId`, or you specify an
+    #     empty string, then the access preview uses the existing `kmsKeyId`
+    #     of the snapshot.
+    #
+    #   * If the access preview is for a new resource and you do not specify
+    #     the specify the `kmsKeyId`, then the access preview considers the
+    #     snapshot as unencrypted.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbClusterSnapshotConfiguration AWS API Documentation
+    #
+    class RdsDbClusterSnapshotConfiguration < Struct.new(
+      :attributes,
+      :kms_key_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The name and values of a manual Amazon RDS DB snapshot attribute.
+    # Manual DB snapshot attributes are used to authorize other Amazon Web
+    # Services accounts to restore a manual DB snapshot.
+    #
+    # @!attribute [rw] account_ids
+    #   The Amazon Web Services account IDs that have access to the manual
+    #   Amazon RDS DB snapshot. If the value `all` is specified, then the
+    #   Amazon RDS DB snapshot is public and can be copied or restored by
+    #   all Amazon Web Services accounts.
+    #
+    #   * If the configuration is for an existing Amazon RDS DB snapshot and
+    #     you do not specify the `accountIds` in
+    #     `RdsDbSnapshotAttributeValue`, then the access preview uses the
+    #     existing shared `accountIds` for the snapshot.
+    #
+    #   * If the access preview is for a new resource and you do not specify
+    #     the specify the `accountIds` in `RdsDbSnapshotAttributeValue`,
+    #     then the access preview considers the snapshot without any
+    #     attributes.
+    #
+    #   * To propose deletion of an existing shared `accountIds`, you can
+    #     specify an empty list for `accountIds` in the
+    #     `RdsDbSnapshotAttributeValue`.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbSnapshotAttributeValue AWS API Documentation
+    #
+    class RdsDbSnapshotAttributeValue < Struct.new(
+      :account_ids,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class AccountIds < RdsDbSnapshotAttributeValue; end
+      class Unknown < RdsDbSnapshotAttributeValue; end
+    end
+
+    # The proposed access control configuration for an Amazon RDS DB
+    # snapshot. You can propose a configuration for a new Amazon RDS DB
+    # snapshot or an Amazon RDS DB snapshot that you own by specifying the
+    # `RdsDbSnapshotAttributeValue` and optional KMS encryption key. For
+    # more information, see [ModifyDBSnapshotAttribute][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html
+    #
+    # @!attribute [rw] attributes
+    #   The names and values of manual DB snapshot attributes. Manual DB
+    #   snapshot attributes are used to authorize other Amazon Web Services
+    #   accounts to restore a manual DB snapshot. The only valid value for
+    #   `attributeName` for the attribute map is restore.
+    #   @return [Hash<String,Types::RdsDbSnapshotAttributeValue>]
+    #
+    # @!attribute [rw] kms_key_id
+    #   The KMS key identifier for an encrypted Amazon RDS DB snapshot. The
+    #   KMS key identifier is the key ARN, key ID, alias ARN, or alias name
+    #   for the KMS key.
+    #
+    #   * If the configuration is for an existing Amazon RDS DB snapshot and
+    #     you do not specify the `kmsKeyId`, or you specify an empty string,
+    #     then the access preview uses the existing `kmsKeyId` of the
+    #     snapshot.
+    #
+    #   * If the access preview is for a new resource and you do not specify
+    #     the specify the `kmsKeyId`, then the access preview considers the
+    #     snapshot as unencrypted.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbSnapshotConfiguration AWS API Documentation
+    #
+    class RdsDbSnapshotConfiguration < Struct.new(
+      :attributes,
+      :kms_key_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The specified resource could not be found.
     #
     # @!attribute [rw] message
@@ -2643,24 +2581,6 @@ module Aws::AccessAnalyzer
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
     # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html
     #
-    # @note When making an API call, you may pass S3AccessPointConfiguration
-    #   data as a hash:
-    #
-    #       {
-    #         access_point_policy: "AccessPointPolicy",
-    #         public_access_block: {
-    #           ignore_public_acls: false, # required
-    #           restrict_public_buckets: false, # required
-    #         },
-    #         network_origin: {
-    #           vpc_configuration: {
-    #             vpc_id: "VpcId", # required
-    #           },
-    #           internet_configuration: {
-    #           },
-    #         },
-    #       }
-    #
     # @!attribute [rw] access_point_policy
     #   The access point or multi-region access point policy.
     #   @return [String]
@@ -2697,17 +2617,6 @@ module Aws::AccessAnalyzer
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#setting-acls
     #
-    # @note When making an API call, you may pass S3BucketAclGrantConfiguration
-    #   data as a hash:
-    #
-    #       {
-    #         permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
-    #         grantee: { # required
-    #           id: "AclCanonicalId",
-    #           uri: "AclUri",
-    #         },
-    #       }
-    #
     # @!attribute [rw] permission
     #   The permissions being granted.
     #   @return [String]
@@ -2743,42 +2652,6 @@ module Aws::AccessAnalyzer
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
     #
-    # @note When making an API call, you may pass S3BucketConfiguration
-    #   data as a hash:
-    #
-    #       {
-    #         bucket_policy: "S3BucketPolicy",
-    #         bucket_acl_grants: [
-    #           {
-    #             permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
-    #             grantee: { # required
-    #               id: "AclCanonicalId",
-    #               uri: "AclUri",
-    #             },
-    #           },
-    #         ],
-    #         bucket_public_access_block: {
-    #           ignore_public_acls: false, # required
-    #           restrict_public_buckets: false, # required
-    #         },
-    #         access_points: {
-    #           "AccessPointArn" => {
-    #             access_point_policy: "AccessPointPolicy",
-    #             public_access_block: {
-    #               ignore_public_acls: false, # required
-    #               restrict_public_buckets: false, # required
-    #             },
-    #             network_origin: {
-    #               vpc_configuration: {
-    #                 vpc_id: "VpcId", # required
-    #               },
-    #               internet_configuration: {
-    #               },
-    #             },
-    #           },
-    #         },
-    #       }
-    #
     # @!attribute [rw] bucket_policy
     #   The proposed bucket policy for the Amazon S3 bucket.
     #   @return [String]
@@ -2828,14 +2701,6 @@ module Aws::AccessAnalyzer
     #
     # [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html
     #
-    # @note When making an API call, you may pass S3PublicAccessBlockConfiguration
-    #   data as a hash:
-    #
-    #       {
-    #         ignore_public_acls: false, # required
-    #         restrict_public_buckets: false, # required
-    #       }
-    #
     # @!attribute [rw] ignore_public_acls
     #   Specifies whether Amazon S3 should ignore public ACLs for this
     #   bucket and objects in this bucket.
@@ -2878,14 +2743,6 @@ module Aws::AccessAnalyzer
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html
     # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html
     #
-    # @note When making an API call, you may pass SecretsManagerSecretConfiguration
-    #   data as a hash:
-    #
-    #       {
-    #         kms_key_id: "SecretsManagerSecretKmsId",
-    #         secret_policy: "SecretsManagerSecretPolicy",
-    #       }
-    #
     # @!attribute [rw] kms_key_id
     #   The proposed ARN, key ID, or alias of the KMS key.
     #   @return [String]
@@ -2927,15 +2784,41 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # The criteria used to sort.
+    # The proposed access control configuration for an Amazon SNS topic. You
+    # can propose a configuration for a new Amazon SNS topic or an existing
+    # Amazon SNS topic that you own by specifying the policy. If the
+    # configuration is for an existing Amazon SNS topic and you do not
+    # specify the Amazon SNS policy, then the access preview uses the
+    # existing Amazon SNS policy for the topic. If the access preview is for
+    # a new resource and you do not specify the policy, then the access
+    # preview assumes an Amazon SNS topic without a policy. To propose
+    # deletion of an existing Amazon SNS topic policy, you can specify an
+    # empty string for the Amazon SNS policy. For more information, see
+    # [Topic][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/sns/latest/api/API_Topic.html
+    #
+    # @!attribute [rw] topic_policy
+    #   The JSON policy text that defines who can access an Amazon SNS
+    #   topic. For more information, see [Example cases for Amazon SNS
+    #   access control][1] in the *Amazon SNS Developer Guide*.
+    #
     #
-    # @note When making an API call, you may pass SortCriteria
-    #   data as a hash:
     #
-    #       {
-    #         attribute_name: "String",
-    #         order_by: "ASC", # accepts ASC, DESC
-    #       }
+    #   [1]: https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/SnsTopicConfiguration AWS API Documentation
+    #
+    class SnsTopicConfiguration < Struct.new(
+      :topic_policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The criteria used to sort.
     #
     # @!attribute [rw] attribute_name
     #   The name of the attribute to sort on.
@@ -2990,13 +2873,6 @@ module Aws::AccessAnalyzer
     #
     # [1]: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-policies.html
     #
-    # @note When making an API call, you may pass SqsQueueConfiguration
-    #   data as a hash:
-    #
-    #       {
-    #         queue_policy: "SqsQueuePolicy",
-    #       }
-    #
     # @!attribute [rw] queue_policy
     #   The proposed resource policy for the Amazon SQS queue.
     #   @return [String]
@@ -3009,28 +2885,6 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass StartPolicyGenerationRequest
-    #   data as a hash:
-    #
-    #       {
-    #         policy_generation_details: { # required
-    #           principal_arn: "PrincipalArn", # required
-    #         },
-    #         cloud_trail_details: {
-    #           trails: [ # required
-    #             {
-    #               cloud_trail_arn: "CloudTrailArn", # required
-    #               regions: ["String"],
-    #               all_regions: false,
-    #             },
-    #           ],
-    #           access_role: "RoleArn", # required
-    #           start_time: Time.now, # required
-    #           end_time: Time.now,
-    #         },
-    #         client_token: "String",
-    #       }
-    #
     # @!attribute [rw] policy_generation_details
     #   Contains the ARN of the IAM entity (user or role) for which you are
     #   generating a policy.
@@ -3083,14 +2937,6 @@ module Aws::AccessAnalyzer
 
     # Starts a scan of the policies applied to the specified resource.
     #
-    # @note When making an API call, you may pass StartResourceScanRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_arn: "AnalyzerArn", # required
-    #         resource_arn: "ResourceArn", # required
-    #       }
-    #
     # @!attribute [rw] analyzer_arn
     #   The [ARN of the analyzer][1] to use to scan the policies applied to
     #   the specified resource.
@@ -3104,11 +2950,18 @@ module Aws::AccessAnalyzer
     #   The ARN of the resource to scan.
     #   @return [String]
     #
+    # @!attribute [rw] resource_owner_account
+    #   The Amazon Web Services account ID that owns the resource. For most
+    #   Amazon Web Services resources, the owning account is the account in
+    #   which the resource was created.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartResourceScanRequest AWS API Documentation
     #
     class StartResourceScanRequest < Struct.new(
       :analyzer_arn,
-      :resource_arn)
+      :resource_arn,
+      :resource_owner_account)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3152,16 +3005,6 @@ module Aws::AccessAnalyzer
 
     # Adds a tag to the specified resource.
     #
-    # @note When making an API call, you may pass TagResourceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         resource_arn: "String", # required
-    #         tags: { # required
-    #           "String" => "String",
-    #         },
-    #       }
-    #
     # @!attribute [rw] resource_arn
     #   The ARN of the resource to add the tag to.
     #   @return [String]
@@ -3206,15 +3049,6 @@ module Aws::AccessAnalyzer
     # Contains details about the CloudTrail trail being analyzed to generate
     # a policy.
     #
-    # @note When making an API call, you may pass Trail
-    #   data as a hash:
-    #
-    #       {
-    #         cloud_trail_arn: "CloudTrailArn", # required
-    #         regions: ["String"],
-    #         all_regions: false,
-    #       }
-    #
     # @!attribute [rw] cloud_trail_arn
     #   Specifies the ARN of the trail. The format of a trail ARN is
     #   `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
@@ -3272,14 +3106,6 @@ module Aws::AccessAnalyzer
 
     # Removes a tag from the specified resource.
     #
-    # @note When making an API call, you may pass UntagResourceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         resource_arn: "String", # required
-    #         tag_keys: ["String"], # required
-    #       }
-    #
     # @!attribute [rw] resource_arn
     #   The ARN of the resource to remove the tag from.
     #   @return [String]
@@ -3305,23 +3131,6 @@ module Aws::AccessAnalyzer
 
     # Updates the specified archive rule.
     #
-    # @note When making an API call, you may pass UpdateArchiveRuleRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_name: "Name", # required
-    #         rule_name: "Name", # required
-    #         filter: { # required
-    #           "String" => {
-    #             eq: ["String"],
-    #             neq: ["String"],
-    #             contains: ["String"],
-    #             exists: false,
-    #           },
-    #         },
-    #         client_token: "String",
-    #       }
-    #
     # @!attribute [rw] analyzer_name
     #   The name of the analyzer to update the archive rules for.
     #   @return [String]
@@ -3355,17 +3164,6 @@ module Aws::AccessAnalyzer
 
     # Updates findings with the new values provided in the request.
     #
-    # @note When making an API call, you may pass UpdateFindingsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         analyzer_arn: "AnalyzerArn", # required
-    #         status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
-    #         ids: ["FindingId"],
-    #         resource_arn: "ResourceArn",
-    #         client_token: "String",
-    #       }
-    #
     # @!attribute [rw] analyzer_arn
     #   The [ARN of the analyzer][1] that generated the findings to update.
     #
@@ -3458,18 +3256,6 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ValidatePolicyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         locale: "DE", # accepts DE, EN, ES, FR, IT, JA, KO, PT_BR, ZH_CN, ZH_TW
-    #         max_results: 1,
-    #         next_token: "Token",
-    #         policy_document: "PolicyDocument", # required
-    #         policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
-    #         validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
-    #       }
-    #
     # @!attribute [rw] locale
     #   The locale to use for localizing the findings.
     #   @return [String]
@@ -3596,13 +3382,6 @@ module Aws::AccessAnalyzer
     #
     # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html
     #
-    # @note When making an API call, you may pass VpcConfiguration
-    #   data as a hash:
-    #
-    #       {
-    #         vpc_id: "VpcId", # required
-    #       }
-    #
     # @!attribute [rw] vpc_id
     #   If this field is specified, this access point will only allow
     #   connections from the specified VPC ID.