aws-sdk-accessanalyzer 1.30.0 → 1.32.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +84 -12
- data/lib/aws-sdk-accessanalyzer/client_api.rb +88 -0
- data/lib/aws-sdk-accessanalyzer/endpoint_parameters.rb +69 -0
- data/lib/aws-sdk-accessanalyzer/endpoint_provider.rb +112 -0
- data/lib/aws-sdk-accessanalyzer/endpoints.rb +407 -0
- data/lib/aws-sdk-accessanalyzer/plugins/endpoints.rb +124 -0
- data/lib/aws-sdk-accessanalyzer/types.rb +393 -614
- data/lib/aws-sdk-accessanalyzer.rb +5 -1
- metadata +8 -4
@@ -259,10 +259,6 @@ module Aws::AccessAnalyzer
|
|
259
259
|
#
|
260
260
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html
|
261
261
|
#
|
262
|
-
# @note AclGrantee is a union - when making an API calls you must set exactly one of the members.
|
263
|
-
#
|
264
|
-
# @note AclGrantee is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of AclGrantee corresponding to the set member.
|
265
|
-
#
|
266
262
|
# @!attribute [rw] id
|
267
263
|
# The value specified is the canonical user ID of an Amazon Web
|
268
264
|
# Services account.
|
@@ -447,15 +443,6 @@ module Aws::AccessAnalyzer
|
|
447
443
|
|
448
444
|
# Retroactively applies an archive rule.
|
449
445
|
#
|
450
|
-
# @note When making an API call, you may pass ApplyArchiveRuleRequest
|
451
|
-
# data as a hash:
|
452
|
-
#
|
453
|
-
# {
|
454
|
-
# analyzer_arn: "AnalyzerArn", # required
|
455
|
-
# rule_name: "Name", # required
|
456
|
-
# client_token: "String",
|
457
|
-
# }
|
458
|
-
#
|
459
446
|
# @!attribute [rw] analyzer_arn
|
460
447
|
# The Amazon resource name (ARN) of the analyzer.
|
461
448
|
# @return [String]
|
@@ -510,13 +497,6 @@ module Aws::AccessAnalyzer
|
|
510
497
|
include Aws::Structure
|
511
498
|
end
|
512
499
|
|
513
|
-
# @note When making an API call, you may pass CancelPolicyGenerationRequest
|
514
|
-
# data as a hash:
|
515
|
-
#
|
516
|
-
# {
|
517
|
-
# job_id: "JobId", # required
|
518
|
-
# }
|
519
|
-
#
|
520
500
|
# @!attribute [rw] job_id
|
521
501
|
# The `JobId` that is returned by the `StartPolicyGeneration`
|
522
502
|
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
@@ -538,22 +518,6 @@ module Aws::AccessAnalyzer
|
|
538
518
|
|
539
519
|
# Contains information about CloudTrail access.
|
540
520
|
#
|
541
|
-
# @note When making an API call, you may pass CloudTrailDetails
|
542
|
-
# data as a hash:
|
543
|
-
#
|
544
|
-
# {
|
545
|
-
# trails: [ # required
|
546
|
-
# {
|
547
|
-
# cloud_trail_arn: "CloudTrailArn", # required
|
548
|
-
# regions: ["String"],
|
549
|
-
# all_regions: false,
|
550
|
-
# },
|
551
|
-
# ],
|
552
|
-
# access_role: "RoleArn", # required
|
553
|
-
# start_time: Time.now, # required
|
554
|
-
# end_time: Time.now,
|
555
|
-
# }
|
556
|
-
#
|
557
521
|
# @!attribute [rw] trails
|
558
522
|
# A `Trail` object that contains settings for a trail.
|
559
523
|
# @return [Array<Types::Trail>]
|
@@ -621,18 +585,36 @@ module Aws::AccessAnalyzer
|
|
621
585
|
# the configuration as a type-value pair. You can specify only one type
|
622
586
|
# of access control configuration.
|
623
587
|
#
|
624
|
-
#
|
588
|
+
# @!attribute [rw] ebs_snapshot
|
589
|
+
# The access control configuration is for an Amazon EBS volume
|
590
|
+
# snapshot.
|
591
|
+
# @return [Types::EbsSnapshotConfiguration]
|
625
592
|
#
|
626
|
-
#
|
593
|
+
# @!attribute [rw] ecr_repository
|
594
|
+
# The access control configuration is for an Amazon ECR repository.
|
595
|
+
# @return [Types::EcrRepositoryConfiguration]
|
627
596
|
#
|
628
597
|
# @!attribute [rw] iam_role
|
629
598
|
# The access control configuration is for an IAM role.
|
630
599
|
# @return [Types::IamRoleConfiguration]
|
631
600
|
#
|
601
|
+
# @!attribute [rw] efs_file_system
|
602
|
+
# The access control configuration is for an Amazon EFS file system.
|
603
|
+
# @return [Types::EfsFileSystemConfiguration]
|
604
|
+
#
|
632
605
|
# @!attribute [rw] kms_key
|
633
606
|
# The access control configuration is for a KMS key.
|
634
607
|
# @return [Types::KmsKeyConfiguration]
|
635
608
|
#
|
609
|
+
# @!attribute [rw] rds_db_cluster_snapshot
|
610
|
+
# The access control configuration is for an Amazon RDS DB cluster
|
611
|
+
# snapshot.
|
612
|
+
# @return [Types::RdsDbClusterSnapshotConfiguration]
|
613
|
+
#
|
614
|
+
# @!attribute [rw] rds_db_snapshot
|
615
|
+
# The access control configuration is for an Amazon RDS DB snapshot.
|
616
|
+
# @return [Types::RdsDbSnapshotConfiguration]
|
617
|
+
#
|
636
618
|
# @!attribute [rw] secrets_manager_secret
|
637
619
|
# The access control configuration is for a Secrets Manager secret.
|
638
620
|
# @return [Types::SecretsManagerSecretConfiguration]
|
@@ -641,6 +623,10 @@ module Aws::AccessAnalyzer
|
|
641
623
|
# The access control configuration is for an Amazon S3 Bucket.
|
642
624
|
# @return [Types::S3BucketConfiguration]
|
643
625
|
#
|
626
|
+
# @!attribute [rw] sns_topic
|
627
|
+
# The access control configuration is for an Amazon SNS topic
|
628
|
+
# @return [Types::SnsTopicConfiguration]
|
629
|
+
#
|
644
630
|
# @!attribute [rw] sqs_queue
|
645
631
|
# The access control configuration is for an Amazon SQS queue.
|
646
632
|
# @return [Types::SqsQueueConfiguration]
|
@@ -648,20 +634,32 @@ module Aws::AccessAnalyzer
|
|
648
634
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Configuration AWS API Documentation
|
649
635
|
#
|
650
636
|
class Configuration < Struct.new(
|
637
|
+
:ebs_snapshot,
|
638
|
+
:ecr_repository,
|
651
639
|
:iam_role,
|
640
|
+
:efs_file_system,
|
652
641
|
:kms_key,
|
642
|
+
:rds_db_cluster_snapshot,
|
643
|
+
:rds_db_snapshot,
|
653
644
|
:secrets_manager_secret,
|
654
645
|
:s3_bucket,
|
646
|
+
:sns_topic,
|
655
647
|
:sqs_queue,
|
656
648
|
:unknown)
|
657
649
|
SENSITIVE = []
|
658
650
|
include Aws::Structure
|
659
651
|
include Aws::Structure::Union
|
660
652
|
|
653
|
+
class EbsSnapshot < Configuration; end
|
654
|
+
class EcrRepository < Configuration; end
|
661
655
|
class IamRole < Configuration; end
|
656
|
+
class EfsFileSystem < Configuration; end
|
662
657
|
class KmsKey < Configuration; end
|
658
|
+
class RdsDbClusterSnapshot < Configuration; end
|
659
|
+
class RdsDbSnapshot < Configuration; end
|
663
660
|
class SecretsManagerSecret < Configuration; end
|
664
661
|
class S3Bucket < Configuration; end
|
662
|
+
class SnsTopic < Configuration; end
|
665
663
|
class SqsQueue < Configuration; end
|
666
664
|
class Unknown < Configuration; end
|
667
665
|
end
|
@@ -689,81 +687,6 @@ module Aws::AccessAnalyzer
|
|
689
687
|
include Aws::Structure
|
690
688
|
end
|
691
689
|
|
692
|
-
# @note When making an API call, you may pass CreateAccessPreviewRequest
|
693
|
-
# data as a hash:
|
694
|
-
#
|
695
|
-
# {
|
696
|
-
# analyzer_arn: "AnalyzerArn", # required
|
697
|
-
# configurations: { # required
|
698
|
-
# "ConfigurationsMapKey" => {
|
699
|
-
# iam_role: {
|
700
|
-
# trust_policy: "IamTrustPolicy",
|
701
|
-
# },
|
702
|
-
# kms_key: {
|
703
|
-
# key_policies: {
|
704
|
-
# "PolicyName" => "KmsKeyPolicy",
|
705
|
-
# },
|
706
|
-
# grants: [
|
707
|
-
# {
|
708
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
709
|
-
# grantee_principal: "GranteePrincipal", # required
|
710
|
-
# retiring_principal: "RetiringPrincipal",
|
711
|
-
# constraints: {
|
712
|
-
# encryption_context_equals: {
|
713
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
714
|
-
# },
|
715
|
-
# encryption_context_subset: {
|
716
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
717
|
-
# },
|
718
|
-
# },
|
719
|
-
# issuing_account: "IssuingAccount", # required
|
720
|
-
# },
|
721
|
-
# ],
|
722
|
-
# },
|
723
|
-
# secrets_manager_secret: {
|
724
|
-
# kms_key_id: "SecretsManagerSecretKmsId",
|
725
|
-
# secret_policy: "SecretsManagerSecretPolicy",
|
726
|
-
# },
|
727
|
-
# s3_bucket: {
|
728
|
-
# bucket_policy: "S3BucketPolicy",
|
729
|
-
# bucket_acl_grants: [
|
730
|
-
# {
|
731
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
732
|
-
# grantee: { # required
|
733
|
-
# id: "AclCanonicalId",
|
734
|
-
# uri: "AclUri",
|
735
|
-
# },
|
736
|
-
# },
|
737
|
-
# ],
|
738
|
-
# bucket_public_access_block: {
|
739
|
-
# ignore_public_acls: false, # required
|
740
|
-
# restrict_public_buckets: false, # required
|
741
|
-
# },
|
742
|
-
# access_points: {
|
743
|
-
# "AccessPointArn" => {
|
744
|
-
# access_point_policy: "AccessPointPolicy",
|
745
|
-
# public_access_block: {
|
746
|
-
# ignore_public_acls: false, # required
|
747
|
-
# restrict_public_buckets: false, # required
|
748
|
-
# },
|
749
|
-
# network_origin: {
|
750
|
-
# vpc_configuration: {
|
751
|
-
# vpc_id: "VpcId", # required
|
752
|
-
# },
|
753
|
-
# internet_configuration: {
|
754
|
-
# },
|
755
|
-
# },
|
756
|
-
# },
|
757
|
-
# },
|
758
|
-
# },
|
759
|
-
# sqs_queue: {
|
760
|
-
# queue_policy: "SqsQueuePolicy",
|
761
|
-
# },
|
762
|
-
# },
|
763
|
-
# },
|
764
|
-
# client_token: "String",
|
765
|
-
# }
|
766
|
-
#
|
767
690
|
# @!attribute [rw] analyzer_arn
|
768
691
|
# The [ARN of the account analyzer][1] used to generate the access
|
769
692
|
# preview. You can only create an access preview for analyzers with an
|
@@ -813,31 +736,6 @@ module Aws::AccessAnalyzer
|
|
813
736
|
|
814
737
|
# Creates an analyzer.
|
815
738
|
#
|
816
|
-
# @note When making an API call, you may pass CreateAnalyzerRequest
|
817
|
-
# data as a hash:
|
818
|
-
#
|
819
|
-
# {
|
820
|
-
# analyzer_name: "Name", # required
|
821
|
-
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
|
822
|
-
# archive_rules: [
|
823
|
-
# {
|
824
|
-
# rule_name: "Name", # required
|
825
|
-
# filter: { # required
|
826
|
-
# "String" => {
|
827
|
-
# eq: ["String"],
|
828
|
-
# neq: ["String"],
|
829
|
-
# contains: ["String"],
|
830
|
-
# exists: false,
|
831
|
-
# },
|
832
|
-
# },
|
833
|
-
# },
|
834
|
-
# ],
|
835
|
-
# tags: {
|
836
|
-
# "String" => "String",
|
837
|
-
# },
|
838
|
-
# client_token: "String",
|
839
|
-
# }
|
840
|
-
#
|
841
739
|
# @!attribute [rw] analyzer_name
|
842
740
|
# The name of the analyzer to create.
|
843
741
|
# @return [String]
|
@@ -894,23 +792,6 @@ module Aws::AccessAnalyzer
|
|
894
792
|
|
895
793
|
# Creates an archive rule.
|
896
794
|
#
|
897
|
-
# @note When making an API call, you may pass CreateArchiveRuleRequest
|
898
|
-
# data as a hash:
|
899
|
-
#
|
900
|
-
# {
|
901
|
-
# analyzer_name: "Name", # required
|
902
|
-
# rule_name: "Name", # required
|
903
|
-
# filter: { # required
|
904
|
-
# "String" => {
|
905
|
-
# eq: ["String"],
|
906
|
-
# neq: ["String"],
|
907
|
-
# contains: ["String"],
|
908
|
-
# exists: false,
|
909
|
-
# },
|
910
|
-
# },
|
911
|
-
# client_token: "String",
|
912
|
-
# }
|
913
|
-
#
|
914
795
|
# @!attribute [rw] analyzer_name
|
915
796
|
# The name of the created analyzer.
|
916
797
|
# @return [String]
|
@@ -941,17 +822,13 @@ module Aws::AccessAnalyzer
|
|
941
822
|
include Aws::Structure
|
942
823
|
end
|
943
824
|
|
944
|
-
# The criteria to use in the filter that defines the archive rule.
|
825
|
+
# The criteria to use in the filter that defines the archive rule. For
|
826
|
+
# more information on available filter keys, see [IAM Access Analyzer
|
827
|
+
# filter keys][1].
|
828
|
+
#
|
945
829
|
#
|
946
|
-
# @note When making an API call, you may pass Criterion
|
947
|
-
# data as a hash:
|
948
830
|
#
|
949
|
-
#
|
950
|
-
# eq: ["String"],
|
951
|
-
# neq: ["String"],
|
952
|
-
# contains: ["String"],
|
953
|
-
# exists: false,
|
954
|
-
# }
|
831
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
|
955
832
|
#
|
956
833
|
# @!attribute [rw] eq
|
957
834
|
# An "equals" operator to match for the filter used to create the
|
@@ -986,14 +863,6 @@ module Aws::AccessAnalyzer
|
|
986
863
|
|
987
864
|
# Deletes an analyzer.
|
988
865
|
#
|
989
|
-
# @note When making an API call, you may pass DeleteAnalyzerRequest
|
990
|
-
# data as a hash:
|
991
|
-
#
|
992
|
-
# {
|
993
|
-
# analyzer_name: "Name", # required
|
994
|
-
# client_token: "String",
|
995
|
-
# }
|
996
|
-
#
|
997
866
|
# @!attribute [rw] analyzer_name
|
998
867
|
# The name of the analyzer to delete.
|
999
868
|
# @return [String]
|
@@ -1016,15 +885,6 @@ module Aws::AccessAnalyzer
|
|
1016
885
|
|
1017
886
|
# Deletes an archive rule.
|
1018
887
|
#
|
1019
|
-
# @note When making an API call, you may pass DeleteArchiveRuleRequest
|
1020
|
-
# data as a hash:
|
1021
|
-
#
|
1022
|
-
# {
|
1023
|
-
# analyzer_name: "Name", # required
|
1024
|
-
# rule_name: "Name", # required
|
1025
|
-
# client_token: "String",
|
1026
|
-
# }
|
1027
|
-
#
|
1028
888
|
# @!attribute [rw] analyzer_name
|
1029
889
|
# The name of the analyzer that associated with the archive rule to
|
1030
890
|
# delete.
|
@@ -1051,6 +911,152 @@ module Aws::AccessAnalyzer
|
|
1051
911
|
include Aws::Structure
|
1052
912
|
end
|
1053
913
|
|
914
|
+
# The proposed access control configuration for an Amazon EBS volume
|
915
|
+
# snapshot. You can propose a configuration for a new Amazon EBS volume
|
916
|
+
# snapshot or an Amazon EBS volume snapshot that you own by specifying
|
917
|
+
# the user IDs, groups, and optional KMS encryption key. For more
|
918
|
+
# information, see [ModifySnapshotAttribute][1].
|
919
|
+
#
|
920
|
+
#
|
921
|
+
#
|
922
|
+
# [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html
|
923
|
+
#
|
924
|
+
# @!attribute [rw] user_ids
|
925
|
+
# The IDs of the Amazon Web Services accounts that have access to the
|
926
|
+
# Amazon EBS volume snapshot.
|
927
|
+
#
|
928
|
+
# * If the configuration is for an existing Amazon EBS volume snapshot
|
929
|
+
# and you do not specify the `userIds`, then the access preview uses
|
930
|
+
# the existing shared `userIds` for the snapshot.
|
931
|
+
#
|
932
|
+
# * If the access preview is for a new resource and you do not specify
|
933
|
+
# the `userIds`, then the access preview considers the snapshot
|
934
|
+
# without any `userIds`.
|
935
|
+
#
|
936
|
+
# * To propose deletion of existing shared `accountIds`, you can
|
937
|
+
# specify an empty list for `userIds`.
|
938
|
+
# @return [Array<String>]
|
939
|
+
#
|
940
|
+
# @!attribute [rw] groups
|
941
|
+
# The groups that have access to the Amazon EBS volume snapshot. If
|
942
|
+
# the value `all` is specified, then the Amazon EBS volume snapshot is
|
943
|
+
# public.
|
944
|
+
#
|
945
|
+
# * If the configuration is for an existing Amazon EBS volume snapshot
|
946
|
+
# and you do not specify the `groups`, then the access preview uses
|
947
|
+
# the existing shared `groups` for the snapshot.
|
948
|
+
#
|
949
|
+
# * If the access preview is for a new resource and you do not specify
|
950
|
+
# the `groups`, then the access preview considers the snapshot
|
951
|
+
# without any `groups`.
|
952
|
+
#
|
953
|
+
# * To propose deletion of existing shared `groups`, you can specify
|
954
|
+
# an empty list for `groups`.
|
955
|
+
# @return [Array<String>]
|
956
|
+
#
|
957
|
+
# @!attribute [rw] kms_key_id
|
958
|
+
# The KMS key identifier for an encrypted Amazon EBS volume snapshot.
|
959
|
+
# The KMS key identifier is the key ARN, key ID, alias ARN, or alias
|
960
|
+
# name for the KMS key.
|
961
|
+
#
|
962
|
+
# * If the configuration is for an existing Amazon EBS volume snapshot
|
963
|
+
# and you do not specify the `kmsKeyId`, or you specify an empty
|
964
|
+
# string, then the access preview uses the existing `kmsKeyId` of
|
965
|
+
# the snapshot.
|
966
|
+
#
|
967
|
+
# * If the access preview is for a new resource and you do not specify
|
968
|
+
# the `kmsKeyId`, the access preview considers the snapshot as
|
969
|
+
# unencrypted.
|
970
|
+
# @return [String]
|
971
|
+
#
|
972
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EbsSnapshotConfiguration AWS API Documentation
|
973
|
+
#
|
974
|
+
class EbsSnapshotConfiguration < Struct.new(
|
975
|
+
:user_ids,
|
976
|
+
:groups,
|
977
|
+
:kms_key_id)
|
978
|
+
SENSITIVE = []
|
979
|
+
include Aws::Structure
|
980
|
+
end
|
981
|
+
|
982
|
+
# The proposed access control configuration for an Amazon ECR
|
983
|
+
# repository. You can propose a configuration for a new Amazon ECR
|
984
|
+
# repository or an existing Amazon ECR repository that you own by
|
985
|
+
# specifying the Amazon ECR policy. For more information, see
|
986
|
+
# [Repository][1].
|
987
|
+
#
|
988
|
+
# * If the configuration is for an existing Amazon ECR repository and
|
989
|
+
# you do not specify the Amazon ECR policy, then the access preview
|
990
|
+
# uses the existing Amazon ECR policy for the repository.
|
991
|
+
#
|
992
|
+
# * If the access preview is for a new resource and you do not specify
|
993
|
+
# the policy, then the access preview assumes an Amazon ECR repository
|
994
|
+
# without a policy.
|
995
|
+
#
|
996
|
+
# * To propose deletion of an existing Amazon ECR repository policy, you
|
997
|
+
# can specify an empty string for the Amazon ECR policy.
|
998
|
+
#
|
999
|
+
#
|
1000
|
+
#
|
1001
|
+
# [1]: https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html
|
1002
|
+
#
|
1003
|
+
# @!attribute [rw] repository_policy
|
1004
|
+
# The JSON repository policy text to apply to the Amazon ECR
|
1005
|
+
# repository. For more information, see [Private repository policy
|
1006
|
+
# examples][1] in the *Amazon ECR User Guide*.
|
1007
|
+
#
|
1008
|
+
#
|
1009
|
+
#
|
1010
|
+
# [1]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html
|
1011
|
+
# @return [String]
|
1012
|
+
#
|
1013
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EcrRepositoryConfiguration AWS API Documentation
|
1014
|
+
#
|
1015
|
+
class EcrRepositoryConfiguration < Struct.new(
|
1016
|
+
:repository_policy)
|
1017
|
+
SENSITIVE = []
|
1018
|
+
include Aws::Structure
|
1019
|
+
end
|
1020
|
+
|
1021
|
+
# The proposed access control configuration for an Amazon EFS file
|
1022
|
+
# system. You can propose a configuration for a new Amazon EFS file
|
1023
|
+
# system or an existing Amazon EFS file system that you own by
|
1024
|
+
# specifying the Amazon EFS policy. For more information, see [Using
|
1025
|
+
# file systems in Amazon EFS][1].
|
1026
|
+
#
|
1027
|
+
# * If the configuration is for an existing Amazon EFS file system and
|
1028
|
+
# you do not specify the Amazon EFS policy, then the access preview
|
1029
|
+
# uses the existing Amazon EFS policy for the file system.
|
1030
|
+
#
|
1031
|
+
# * If the access preview is for a new resource and you do not specify
|
1032
|
+
# the policy, then the access preview assumes an Amazon EFS file
|
1033
|
+
# system without a policy.
|
1034
|
+
#
|
1035
|
+
# * To propose deletion of an existing Amazon EFS file system policy,
|
1036
|
+
# you can specify an empty string for the Amazon EFS policy.
|
1037
|
+
#
|
1038
|
+
#
|
1039
|
+
#
|
1040
|
+
# [1]: https://docs.aws.amazon.com/efs/latest/ug/using-fs.html
|
1041
|
+
#
|
1042
|
+
# @!attribute [rw] file_system_policy
|
1043
|
+
# The JSON policy definition to apply to the Amazon EFS file system.
|
1044
|
+
# For more information on the elements that make up a file system
|
1045
|
+
# policy, see [Amazon EFS Resource-based policies][1].
|
1046
|
+
#
|
1047
|
+
#
|
1048
|
+
#
|
1049
|
+
# [1]: https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies
|
1050
|
+
# @return [String]
|
1051
|
+
#
|
1052
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/EfsFileSystemConfiguration AWS API Documentation
|
1053
|
+
#
|
1054
|
+
class EfsFileSystemConfiguration < Struct.new(
|
1055
|
+
:file_system_policy)
|
1056
|
+
SENSITIVE = []
|
1057
|
+
include Aws::Structure
|
1058
|
+
end
|
1059
|
+
|
1054
1060
|
# Contains information about a finding.
|
1055
1061
|
#
|
1056
1062
|
# @!attribute [rw] id
|
@@ -1167,10 +1173,16 @@ module Aws::AccessAnalyzer
|
|
1167
1173
|
# multi-region access point.
|
1168
1174
|
# @return [String]
|
1169
1175
|
#
|
1176
|
+
# @!attribute [rw] access_point_account
|
1177
|
+
# The account of the cross-account access point that generated the
|
1178
|
+
# finding.
|
1179
|
+
# @return [String]
|
1180
|
+
#
|
1170
1181
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSourceDetail AWS API Documentation
|
1171
1182
|
#
|
1172
1183
|
class FindingSourceDetail < Struct.new(
|
1173
|
-
:access_point_arn
|
1184
|
+
:access_point_arn,
|
1185
|
+
:access_point_account)
|
1174
1186
|
SENSITIVE = []
|
1175
1187
|
include Aws::Structure
|
1176
1188
|
end
|
@@ -1332,14 +1344,6 @@ module Aws::AccessAnalyzer
|
|
1332
1344
|
include Aws::Structure
|
1333
1345
|
end
|
1334
1346
|
|
1335
|
-
# @note When making an API call, you may pass GetAccessPreviewRequest
|
1336
|
-
# data as a hash:
|
1337
|
-
#
|
1338
|
-
# {
|
1339
|
-
# access_preview_id: "AccessPreviewId", # required
|
1340
|
-
# analyzer_arn: "AnalyzerArn", # required
|
1341
|
-
# }
|
1342
|
-
#
|
1343
1347
|
# @!attribute [rw] access_preview_id
|
1344
1348
|
# The unique ID for the access preview.
|
1345
1349
|
# @return [String]
|
@@ -1375,14 +1379,6 @@ module Aws::AccessAnalyzer
|
|
1375
1379
|
|
1376
1380
|
# Retrieves an analyzed resource.
|
1377
1381
|
#
|
1378
|
-
# @note When making an API call, you may pass GetAnalyzedResourceRequest
|
1379
|
-
# data as a hash:
|
1380
|
-
#
|
1381
|
-
# {
|
1382
|
-
# analyzer_arn: "AnalyzerArn", # required
|
1383
|
-
# resource_arn: "ResourceArn", # required
|
1384
|
-
# }
|
1385
|
-
#
|
1386
1382
|
# @!attribute [rw] analyzer_arn
|
1387
1383
|
# The [ARN of the analyzer][1] to retrieve information from.
|
1388
1384
|
#
|
@@ -1421,13 +1417,6 @@ module Aws::AccessAnalyzer
|
|
1421
1417
|
|
1422
1418
|
# Retrieves an analyzer.
|
1423
1419
|
#
|
1424
|
-
# @note When making an API call, you may pass GetAnalyzerRequest
|
1425
|
-
# data as a hash:
|
1426
|
-
#
|
1427
|
-
# {
|
1428
|
-
# analyzer_name: "Name", # required
|
1429
|
-
# }
|
1430
|
-
#
|
1431
1420
|
# @!attribute [rw] analyzer_name
|
1432
1421
|
# The name of the analyzer retrieved.
|
1433
1422
|
# @return [String]
|
@@ -1457,14 +1446,6 @@ module Aws::AccessAnalyzer
|
|
1457
1446
|
|
1458
1447
|
# Retrieves an archive rule.
|
1459
1448
|
#
|
1460
|
-
# @note When making an API call, you may pass GetArchiveRuleRequest
|
1461
|
-
# data as a hash:
|
1462
|
-
#
|
1463
|
-
# {
|
1464
|
-
# analyzer_name: "Name", # required
|
1465
|
-
# rule_name: "Name", # required
|
1466
|
-
# }
|
1467
|
-
#
|
1468
1449
|
# @!attribute [rw] analyzer_name
|
1469
1450
|
# The name of the analyzer to retrieve rules from.
|
1470
1451
|
# @return [String]
|
@@ -1498,14 +1479,6 @@ module Aws::AccessAnalyzer
|
|
1498
1479
|
|
1499
1480
|
# Retrieves a finding.
|
1500
1481
|
#
|
1501
|
-
# @note When making an API call, you may pass GetFindingRequest
|
1502
|
-
# data as a hash:
|
1503
|
-
#
|
1504
|
-
# {
|
1505
|
-
# analyzer_arn: "AnalyzerArn", # required
|
1506
|
-
# id: "FindingId", # required
|
1507
|
-
# }
|
1508
|
-
#
|
1509
1482
|
# @!attribute [rw] analyzer_arn
|
1510
1483
|
# The [ARN of the analyzer][1] that generated the finding.
|
1511
1484
|
#
|
@@ -1541,15 +1514,6 @@ module Aws::AccessAnalyzer
|
|
1541
1514
|
include Aws::Structure
|
1542
1515
|
end
|
1543
1516
|
|
1544
|
-
# @note When making an API call, you may pass GetGeneratedPolicyRequest
|
1545
|
-
# data as a hash:
|
1546
|
-
#
|
1547
|
-
# {
|
1548
|
-
# job_id: "JobId", # required
|
1549
|
-
# include_resource_placeholders: false,
|
1550
|
-
# include_service_level_template: false,
|
1551
|
-
# }
|
1552
|
-
#
|
1553
1517
|
# @!attribute [rw] job_id
|
1554
1518
|
# The `JobId` that is returned by the `StartPolicyGeneration`
|
1555
1519
|
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
@@ -1619,13 +1583,6 @@ module Aws::AccessAnalyzer
|
|
1619
1583
|
#
|
1620
1584
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
|
1621
1585
|
#
|
1622
|
-
# @note When making an API call, you may pass IamRoleConfiguration
|
1623
|
-
# data as a hash:
|
1624
|
-
#
|
1625
|
-
# {
|
1626
|
-
# trust_policy: "IamTrustPolicy",
|
1627
|
-
# }
|
1628
|
-
#
|
1629
1586
|
# @!attribute [rw] trust_policy
|
1630
1587
|
# The proposed trust policy for the IAM role.
|
1631
1588
|
# @return [String]
|
@@ -1641,21 +1598,6 @@ module Aws::AccessAnalyzer
|
|
1641
1598
|
# An criterion statement in an archive rule. Each archive rule may have
|
1642
1599
|
# multiple criteria.
|
1643
1600
|
#
|
1644
|
-
# @note When making an API call, you may pass InlineArchiveRule
|
1645
|
-
# data as a hash:
|
1646
|
-
#
|
1647
|
-
# {
|
1648
|
-
# rule_name: "Name", # required
|
1649
|
-
# filter: { # required
|
1650
|
-
# "String" => {
|
1651
|
-
# eq: ["String"],
|
1652
|
-
# neq: ["String"],
|
1653
|
-
# contains: ["String"],
|
1654
|
-
# exists: false,
|
1655
|
-
# },
|
1656
|
-
# },
|
1657
|
-
# }
|
1658
|
-
#
|
1659
1601
|
# @!attribute [rw] rule_name
|
1660
1602
|
# The name of the rule.
|
1661
1603
|
# @return [String]
|
@@ -1694,8 +1636,6 @@ module Aws::AccessAnalyzer
|
|
1694
1636
|
# This configuration sets the network origin for the Amazon S3 access
|
1695
1637
|
# point or multi-region access point to `Internet`.
|
1696
1638
|
#
|
1697
|
-
# @api private
|
1698
|
-
#
|
1699
1639
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternetConfiguration AWS API Documentation
|
1700
1640
|
#
|
1701
1641
|
class InternetConfiguration < Aws::EmptyStructure; end
|
@@ -1764,24 +1704,6 @@ module Aws::AccessAnalyzer
|
|
1764
1704
|
#
|
1765
1705
|
# [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html
|
1766
1706
|
#
|
1767
|
-
# @note When making an API call, you may pass KmsGrantConfiguration
|
1768
|
-
# data as a hash:
|
1769
|
-
#
|
1770
|
-
# {
|
1771
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
1772
|
-
# grantee_principal: "GranteePrincipal", # required
|
1773
|
-
# retiring_principal: "RetiringPrincipal",
|
1774
|
-
# constraints: {
|
1775
|
-
# encryption_context_equals: {
|
1776
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1777
|
-
# },
|
1778
|
-
# encryption_context_subset: {
|
1779
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1780
|
-
# },
|
1781
|
-
# },
|
1782
|
-
# issuing_account: "IssuingAccount", # required
|
1783
|
-
# }
|
1784
|
-
#
|
1785
1707
|
# @!attribute [rw] operations
|
1786
1708
|
# A list of operations that the grant permits.
|
1787
1709
|
# @return [Array<String>]
|
@@ -1841,18 +1763,6 @@ module Aws::AccessAnalyzer
|
|
1841
1763
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1842
1764
|
# [3]: https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html
|
1843
1765
|
#
|
1844
|
-
# @note When making an API call, you may pass KmsGrantConstraints
|
1845
|
-
# data as a hash:
|
1846
|
-
#
|
1847
|
-
# {
|
1848
|
-
# encryption_context_equals: {
|
1849
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1850
|
-
# },
|
1851
|
-
# encryption_context_subset: {
|
1852
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1853
|
-
# },
|
1854
|
-
# }
|
1855
|
-
#
|
1856
1766
|
# @!attribute [rw] encryption_context_equals
|
1857
1767
|
# A list of key-value pairs that must match the encryption context in
|
1858
1768
|
# the [cryptographic operation][1] request. The grant allows the
|
@@ -1903,31 +1813,6 @@ module Aws::AccessAnalyzer
|
|
1903
1813
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
|
1904
1814
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html
|
1905
1815
|
#
|
1906
|
-
# @note When making an API call, you may pass KmsKeyConfiguration
|
1907
|
-
# data as a hash:
|
1908
|
-
#
|
1909
|
-
# {
|
1910
|
-
# key_policies: {
|
1911
|
-
# "PolicyName" => "KmsKeyPolicy",
|
1912
|
-
# },
|
1913
|
-
# grants: [
|
1914
|
-
# {
|
1915
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
1916
|
-
# grantee_principal: "GranteePrincipal", # required
|
1917
|
-
# retiring_principal: "RetiringPrincipal",
|
1918
|
-
# constraints: {
|
1919
|
-
# encryption_context_equals: {
|
1920
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1921
|
-
# },
|
1922
|
-
# encryption_context_subset: {
|
1923
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
1924
|
-
# },
|
1925
|
-
# },
|
1926
|
-
# issuing_account: "IssuingAccount", # required
|
1927
|
-
# },
|
1928
|
-
# ],
|
1929
|
-
# }
|
1930
|
-
#
|
1931
1816
|
# @!attribute [rw] key_policies
|
1932
1817
|
# Resource policy configuration for the KMS key. The only valid value
|
1933
1818
|
# for the name of the key policy is `default`. For more information,
|
@@ -1955,24 +1840,6 @@ module Aws::AccessAnalyzer
|
|
1955
1840
|
include Aws::Structure
|
1956
1841
|
end
|
1957
1842
|
|
1958
|
-
# @note When making an API call, you may pass ListAccessPreviewFindingsRequest
|
1959
|
-
# data as a hash:
|
1960
|
-
#
|
1961
|
-
# {
|
1962
|
-
# access_preview_id: "AccessPreviewId", # required
|
1963
|
-
# analyzer_arn: "AnalyzerArn", # required
|
1964
|
-
# filter: {
|
1965
|
-
# "String" => {
|
1966
|
-
# eq: ["String"],
|
1967
|
-
# neq: ["String"],
|
1968
|
-
# contains: ["String"],
|
1969
|
-
# exists: false,
|
1970
|
-
# },
|
1971
|
-
# },
|
1972
|
-
# next_token: "Token",
|
1973
|
-
# max_results: 1,
|
1974
|
-
# }
|
1975
|
-
#
|
1976
1843
|
# @!attribute [rw] access_preview_id
|
1977
1844
|
# The unique ID for the access preview.
|
1978
1845
|
# @return [String]
|
@@ -2027,15 +1894,6 @@ module Aws::AccessAnalyzer
|
|
2027
1894
|
include Aws::Structure
|
2028
1895
|
end
|
2029
1896
|
|
2030
|
-
# @note When making an API call, you may pass ListAccessPreviewsRequest
|
2031
|
-
# data as a hash:
|
2032
|
-
#
|
2033
|
-
# {
|
2034
|
-
# analyzer_arn: "AnalyzerArn", # required
|
2035
|
-
# next_token: "Token",
|
2036
|
-
# max_results: 1,
|
2037
|
-
# }
|
2038
|
-
#
|
2039
1897
|
# @!attribute [rw] analyzer_arn
|
2040
1898
|
# The [ARN of the analyzer][1] used to generate the access preview.
|
2041
1899
|
#
|
@@ -2081,16 +1939,6 @@ module Aws::AccessAnalyzer
|
|
2081
1939
|
|
2082
1940
|
# Retrieves a list of resources that have been analyzed.
|
2083
1941
|
#
|
2084
|
-
# @note When making an API call, you may pass ListAnalyzedResourcesRequest
|
2085
|
-
# data as a hash:
|
2086
|
-
#
|
2087
|
-
# {
|
2088
|
-
# analyzer_arn: "AnalyzerArn", # required
|
2089
|
-
# resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret
|
2090
|
-
# next_token: "Token",
|
2091
|
-
# max_results: 1,
|
2092
|
-
# }
|
2093
|
-
#
|
2094
1942
|
# @!attribute [rw] analyzer_arn
|
2095
1943
|
# The [ARN of the analyzer][1] to retrieve a list of analyzed
|
2096
1944
|
# resources from.
|
@@ -2144,15 +1992,6 @@ module Aws::AccessAnalyzer
|
|
2144
1992
|
|
2145
1993
|
# Retrieves a list of analyzers.
|
2146
1994
|
#
|
2147
|
-
# @note When making an API call, you may pass ListAnalyzersRequest
|
2148
|
-
# data as a hash:
|
2149
|
-
#
|
2150
|
-
# {
|
2151
|
-
# next_token: "Token",
|
2152
|
-
# max_results: 1,
|
2153
|
-
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
|
2154
|
-
# }
|
2155
|
-
#
|
2156
1995
|
# @!attribute [rw] next_token
|
2157
1996
|
# A token used for pagination of results returned.
|
2158
1997
|
# @return [String]
|
@@ -2196,15 +2035,6 @@ module Aws::AccessAnalyzer
|
|
2196
2035
|
|
2197
2036
|
# Retrieves a list of archive rules created for the specified analyzer.
|
2198
2037
|
#
|
2199
|
-
# @note When making an API call, you may pass ListArchiveRulesRequest
|
2200
|
-
# data as a hash:
|
2201
|
-
#
|
2202
|
-
# {
|
2203
|
-
# analyzer_name: "Name", # required
|
2204
|
-
# next_token: "Token",
|
2205
|
-
# max_results: 1,
|
2206
|
-
# }
|
2207
|
-
#
|
2208
2038
|
# @!attribute [rw] analyzer_name
|
2209
2039
|
# The name of the analyzer to retrieve rules from.
|
2210
2040
|
# @return [String]
|
@@ -2248,27 +2078,6 @@ module Aws::AccessAnalyzer
|
|
2248
2078
|
|
2249
2079
|
# Retrieves a list of findings generated by the specified analyzer.
|
2250
2080
|
#
|
2251
|
-
# @note When making an API call, you may pass ListFindingsRequest
|
2252
|
-
# data as a hash:
|
2253
|
-
#
|
2254
|
-
# {
|
2255
|
-
# analyzer_arn: "AnalyzerArn", # required
|
2256
|
-
# filter: {
|
2257
|
-
# "String" => {
|
2258
|
-
# eq: ["String"],
|
2259
|
-
# neq: ["String"],
|
2260
|
-
# contains: ["String"],
|
2261
|
-
# exists: false,
|
2262
|
-
# },
|
2263
|
-
# },
|
2264
|
-
# sort: {
|
2265
|
-
# attribute_name: "String",
|
2266
|
-
# order_by: "ASC", # accepts ASC, DESC
|
2267
|
-
# },
|
2268
|
-
# next_token: "Token",
|
2269
|
-
# max_results: 1,
|
2270
|
-
# }
|
2271
|
-
#
|
2272
2081
|
# @!attribute [rw] analyzer_arn
|
2273
2082
|
# The [ARN of the analyzer][1] to retrieve findings from.
|
2274
2083
|
#
|
@@ -2325,15 +2134,6 @@ module Aws::AccessAnalyzer
|
|
2325
2134
|
include Aws::Structure
|
2326
2135
|
end
|
2327
2136
|
|
2328
|
-
# @note When making an API call, you may pass ListPolicyGenerationsRequest
|
2329
|
-
# data as a hash:
|
2330
|
-
#
|
2331
|
-
# {
|
2332
|
-
# principal_arn: "PrincipalArn",
|
2333
|
-
# max_results: 1,
|
2334
|
-
# next_token: "Token",
|
2335
|
-
# }
|
2336
|
-
#
|
2337
2137
|
# @!attribute [rw] principal_arn
|
2338
2138
|
# The ARN of the IAM entity (user or role) for which you are
|
2339
2139
|
# generating a policy. Use this with `ListGeneratedPolicies` to filter
|
@@ -2378,13 +2178,6 @@ module Aws::AccessAnalyzer
|
|
2378
2178
|
|
2379
2179
|
# Retrieves a list of tags applied to the specified resource.
|
2380
2180
|
#
|
2381
|
-
# @note When making an API call, you may pass ListTagsForResourceRequest
|
2382
|
-
# data as a hash:
|
2383
|
-
#
|
2384
|
-
# {
|
2385
|
-
# resource_arn: "String", # required
|
2386
|
-
# }
|
2387
|
-
#
|
2388
2181
|
# @!attribute [rw] resource_arn
|
2389
2182
|
# The ARN of the resource to retrieve tags from.
|
2390
2183
|
# @return [String]
|
@@ -2443,10 +2236,6 @@ module Aws::AccessAnalyzer
|
|
2443
2236
|
#
|
2444
2237
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
|
2445
2238
|
#
|
2446
|
-
# @note NetworkOriginConfiguration is a union - when making an API calls you must set exactly one of the members.
|
2447
|
-
#
|
2448
|
-
# @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
|
2449
|
-
#
|
2450
2239
|
# @!attribute [rw] vpc_configuration
|
2451
2240
|
# The proposed virtual private cloud (VPC) configuration for the
|
2452
2241
|
# Amazon S3 access point. VPC configuration does not apply to
|
@@ -2481,8 +2270,6 @@ module Aws::AccessAnalyzer
|
|
2481
2270
|
# A single element in a path through the JSON representation of a
|
2482
2271
|
# policy.
|
2483
2272
|
#
|
2484
|
-
# @note PathElement is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of PathElement corresponding to the set member.
|
2485
|
-
#
|
2486
2273
|
# @!attribute [rw] index
|
2487
2274
|
# Refers to an index in a JSON array.
|
2488
2275
|
# @return [Integer]
|
@@ -2559,13 +2346,6 @@ module Aws::AccessAnalyzer
|
|
2559
2346
|
# Contains the ARN details about the IAM entity for which the policy is
|
2560
2347
|
# generated.
|
2561
2348
|
#
|
2562
|
-
# @note When making an API call, you may pass PolicyGenerationDetails
|
2563
|
-
# data as a hash:
|
2564
|
-
#
|
2565
|
-
# {
|
2566
|
-
# principal_arn: "PrincipalArn", # required
|
2567
|
-
# }
|
2568
|
-
#
|
2569
2349
|
# @!attribute [rw] principal_arn
|
2570
2350
|
# The ARN of the IAM entity (user or role) for which you are
|
2571
2351
|
# generating a policy.
|
@@ -2604,6 +2384,164 @@ module Aws::AccessAnalyzer
|
|
2604
2384
|
include Aws::Structure
|
2605
2385
|
end
|
2606
2386
|
|
2387
|
+
# The values for a manual Amazon RDS DB cluster snapshot attribute.
|
2388
|
+
#
|
2389
|
+
# @!attribute [rw] account_ids
|
2390
|
+
# The Amazon Web Services account IDs that have access to the manual
|
2391
|
+
# Amazon RDS DB cluster snapshot. If the value `all` is specified,
|
2392
|
+
# then the Amazon RDS DB cluster snapshot is public and can be copied
|
2393
|
+
# or restored by all Amazon Web Services accounts.
|
2394
|
+
#
|
2395
|
+
# * If the configuration is for an existing Amazon RDS DB cluster
|
2396
|
+
# snapshot and you do not specify the `accountIds` in
|
2397
|
+
# `RdsDbClusterSnapshotAttributeValue`, then the access preview uses
|
2398
|
+
# the existing shared `accountIds` for the snapshot.
|
2399
|
+
#
|
2400
|
+
# * If the access preview is for a new resource and you do not specify
|
2401
|
+
# the specify the `accountIds` in
|
2402
|
+
# `RdsDbClusterSnapshotAttributeValue`, then the access preview
|
2403
|
+
# considers the snapshot without any attributes.
|
2404
|
+
#
|
2405
|
+
# * To propose deletion of existing shared `accountIds`, you can
|
2406
|
+
# specify an empty list for `accountIds` in the
|
2407
|
+
# `RdsDbClusterSnapshotAttributeValue`.
|
2408
|
+
# @return [Array<String>]
|
2409
|
+
#
|
2410
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbClusterSnapshotAttributeValue AWS API Documentation
|
2411
|
+
#
|
2412
|
+
class RdsDbClusterSnapshotAttributeValue < Struct.new(
|
2413
|
+
:account_ids,
|
2414
|
+
:unknown)
|
2415
|
+
SENSITIVE = []
|
2416
|
+
include Aws::Structure
|
2417
|
+
include Aws::Structure::Union
|
2418
|
+
|
2419
|
+
class AccountIds < RdsDbClusterSnapshotAttributeValue; end
|
2420
|
+
class Unknown < RdsDbClusterSnapshotAttributeValue; end
|
2421
|
+
end
|
2422
|
+
|
2423
|
+
# The proposed access control configuration for an Amazon RDS DB cluster
|
2424
|
+
# snapshot. You can propose a configuration for a new Amazon RDS DB
|
2425
|
+
# cluster snapshot or an Amazon RDS DB cluster snapshot that you own by
|
2426
|
+
# specifying the `RdsDbClusterSnapshotAttributeValue` and optional KMS
|
2427
|
+
# encryption key. For more information, see
|
2428
|
+
# [ModifyDBClusterSnapshotAttribute][1].
|
2429
|
+
#
|
2430
|
+
#
|
2431
|
+
#
|
2432
|
+
# [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html
|
2433
|
+
#
|
2434
|
+
# @!attribute [rw] attributes
|
2435
|
+
# The names and values of manual DB cluster snapshot attributes.
|
2436
|
+
# Manual DB cluster snapshot attributes are used to authorize other
|
2437
|
+
# Amazon Web Services accounts to restore a manual DB cluster
|
2438
|
+
# snapshot. The only valid value for `AttributeName` for the attribute
|
2439
|
+
# map is `restore`
|
2440
|
+
# @return [Hash<String,Types::RdsDbClusterSnapshotAttributeValue>]
|
2441
|
+
#
|
2442
|
+
# @!attribute [rw] kms_key_id
|
2443
|
+
# The KMS key identifier for an encrypted Amazon RDS DB cluster
|
2444
|
+
# snapshot. The KMS key identifier is the key ARN, key ID, alias ARN,
|
2445
|
+
# or alias name for the KMS key.
|
2446
|
+
#
|
2447
|
+
# * If the configuration is for an existing Amazon RDS DB cluster
|
2448
|
+
# snapshot and you do not specify the `kmsKeyId`, or you specify an
|
2449
|
+
# empty string, then the access preview uses the existing `kmsKeyId`
|
2450
|
+
# of the snapshot.
|
2451
|
+
#
|
2452
|
+
# * If the access preview is for a new resource and you do not specify
|
2453
|
+
# the specify the `kmsKeyId`, then the access preview considers the
|
2454
|
+
# snapshot as unencrypted.
|
2455
|
+
# @return [String]
|
2456
|
+
#
|
2457
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbClusterSnapshotConfiguration AWS API Documentation
|
2458
|
+
#
|
2459
|
+
class RdsDbClusterSnapshotConfiguration < Struct.new(
|
2460
|
+
:attributes,
|
2461
|
+
:kms_key_id)
|
2462
|
+
SENSITIVE = []
|
2463
|
+
include Aws::Structure
|
2464
|
+
end
|
2465
|
+
|
2466
|
+
# The name and values of a manual Amazon RDS DB snapshot attribute.
|
2467
|
+
# Manual DB snapshot attributes are used to authorize other Amazon Web
|
2468
|
+
# Services accounts to restore a manual DB snapshot.
|
2469
|
+
#
|
2470
|
+
# @!attribute [rw] account_ids
|
2471
|
+
# The Amazon Web Services account IDs that have access to the manual
|
2472
|
+
# Amazon RDS DB snapshot. If the value `all` is specified, then the
|
2473
|
+
# Amazon RDS DB snapshot is public and can be copied or restored by
|
2474
|
+
# all Amazon Web Services accounts.
|
2475
|
+
#
|
2476
|
+
# * If the configuration is for an existing Amazon RDS DB snapshot and
|
2477
|
+
# you do not specify the `accountIds` in
|
2478
|
+
# `RdsDbSnapshotAttributeValue`, then the access preview uses the
|
2479
|
+
# existing shared `accountIds` for the snapshot.
|
2480
|
+
#
|
2481
|
+
# * If the access preview is for a new resource and you do not specify
|
2482
|
+
# the specify the `accountIds` in `RdsDbSnapshotAttributeValue`,
|
2483
|
+
# then the access preview considers the snapshot without any
|
2484
|
+
# attributes.
|
2485
|
+
#
|
2486
|
+
# * To propose deletion of an existing shared `accountIds`, you can
|
2487
|
+
# specify an empty list for `accountIds` in the
|
2488
|
+
# `RdsDbSnapshotAttributeValue`.
|
2489
|
+
# @return [Array<String>]
|
2490
|
+
#
|
2491
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbSnapshotAttributeValue AWS API Documentation
|
2492
|
+
#
|
2493
|
+
class RdsDbSnapshotAttributeValue < Struct.new(
|
2494
|
+
:account_ids,
|
2495
|
+
:unknown)
|
2496
|
+
SENSITIVE = []
|
2497
|
+
include Aws::Structure
|
2498
|
+
include Aws::Structure::Union
|
2499
|
+
|
2500
|
+
class AccountIds < RdsDbSnapshotAttributeValue; end
|
2501
|
+
class Unknown < RdsDbSnapshotAttributeValue; end
|
2502
|
+
end
|
2503
|
+
|
2504
|
+
# The proposed access control configuration for an Amazon RDS DB
|
2505
|
+
# snapshot. You can propose a configuration for a new Amazon RDS DB
|
2506
|
+
# snapshot or an Amazon RDS DB snapshot that you own by specifying the
|
2507
|
+
# `RdsDbSnapshotAttributeValue` and optional KMS encryption key. For
|
2508
|
+
# more information, see [ModifyDBSnapshotAttribute][1].
|
2509
|
+
#
|
2510
|
+
#
|
2511
|
+
#
|
2512
|
+
# [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html
|
2513
|
+
#
|
2514
|
+
# @!attribute [rw] attributes
|
2515
|
+
# The names and values of manual DB snapshot attributes. Manual DB
|
2516
|
+
# snapshot attributes are used to authorize other Amazon Web Services
|
2517
|
+
# accounts to restore a manual DB snapshot. The only valid value for
|
2518
|
+
# `attributeName` for the attribute map is restore.
|
2519
|
+
# @return [Hash<String,Types::RdsDbSnapshotAttributeValue>]
|
2520
|
+
#
|
2521
|
+
# @!attribute [rw] kms_key_id
|
2522
|
+
# The KMS key identifier for an encrypted Amazon RDS DB snapshot. The
|
2523
|
+
# KMS key identifier is the key ARN, key ID, alias ARN, or alias name
|
2524
|
+
# for the KMS key.
|
2525
|
+
#
|
2526
|
+
# * If the configuration is for an existing Amazon RDS DB snapshot and
|
2527
|
+
# you do not specify the `kmsKeyId`, or you specify an empty string,
|
2528
|
+
# then the access preview uses the existing `kmsKeyId` of the
|
2529
|
+
# snapshot.
|
2530
|
+
#
|
2531
|
+
# * If the access preview is for a new resource and you do not specify
|
2532
|
+
# the specify the `kmsKeyId`, then the access preview considers the
|
2533
|
+
# snapshot as unencrypted.
|
2534
|
+
# @return [String]
|
2535
|
+
#
|
2536
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RdsDbSnapshotConfiguration AWS API Documentation
|
2537
|
+
#
|
2538
|
+
class RdsDbSnapshotConfiguration < Struct.new(
|
2539
|
+
:attributes,
|
2540
|
+
:kms_key_id)
|
2541
|
+
SENSITIVE = []
|
2542
|
+
include Aws::Structure
|
2543
|
+
end
|
2544
|
+
|
2607
2545
|
# The specified resource could not be found.
|
2608
2546
|
#
|
2609
2547
|
# @!attribute [rw] message
|
@@ -2643,24 +2581,6 @@ module Aws::AccessAnalyzer
|
|
2643
2581
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
|
2644
2582
|
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html
|
2645
2583
|
#
|
2646
|
-
# @note When making an API call, you may pass S3AccessPointConfiguration
|
2647
|
-
# data as a hash:
|
2648
|
-
#
|
2649
|
-
# {
|
2650
|
-
# access_point_policy: "AccessPointPolicy",
|
2651
|
-
# public_access_block: {
|
2652
|
-
# ignore_public_acls: false, # required
|
2653
|
-
# restrict_public_buckets: false, # required
|
2654
|
-
# },
|
2655
|
-
# network_origin: {
|
2656
|
-
# vpc_configuration: {
|
2657
|
-
# vpc_id: "VpcId", # required
|
2658
|
-
# },
|
2659
|
-
# internet_configuration: {
|
2660
|
-
# },
|
2661
|
-
# },
|
2662
|
-
# }
|
2663
|
-
#
|
2664
2584
|
# @!attribute [rw] access_point_policy
|
2665
2585
|
# The access point or multi-region access point policy.
|
2666
2586
|
# @return [String]
|
@@ -2697,17 +2617,6 @@ module Aws::AccessAnalyzer
|
|
2697
2617
|
#
|
2698
2618
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#setting-acls
|
2699
2619
|
#
|
2700
|
-
# @note When making an API call, you may pass S3BucketAclGrantConfiguration
|
2701
|
-
# data as a hash:
|
2702
|
-
#
|
2703
|
-
# {
|
2704
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
2705
|
-
# grantee: { # required
|
2706
|
-
# id: "AclCanonicalId",
|
2707
|
-
# uri: "AclUri",
|
2708
|
-
# },
|
2709
|
-
# }
|
2710
|
-
#
|
2711
2620
|
# @!attribute [rw] permission
|
2712
2621
|
# The permissions being granted.
|
2713
2622
|
# @return [String]
|
@@ -2743,42 +2652,6 @@ module Aws::AccessAnalyzer
|
|
2743
2652
|
#
|
2744
2653
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
|
2745
2654
|
#
|
2746
|
-
# @note When making an API call, you may pass S3BucketConfiguration
|
2747
|
-
# data as a hash:
|
2748
|
-
#
|
2749
|
-
# {
|
2750
|
-
# bucket_policy: "S3BucketPolicy",
|
2751
|
-
# bucket_acl_grants: [
|
2752
|
-
# {
|
2753
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
2754
|
-
# grantee: { # required
|
2755
|
-
# id: "AclCanonicalId",
|
2756
|
-
# uri: "AclUri",
|
2757
|
-
# },
|
2758
|
-
# },
|
2759
|
-
# ],
|
2760
|
-
# bucket_public_access_block: {
|
2761
|
-
# ignore_public_acls: false, # required
|
2762
|
-
# restrict_public_buckets: false, # required
|
2763
|
-
# },
|
2764
|
-
# access_points: {
|
2765
|
-
# "AccessPointArn" => {
|
2766
|
-
# access_point_policy: "AccessPointPolicy",
|
2767
|
-
# public_access_block: {
|
2768
|
-
# ignore_public_acls: false, # required
|
2769
|
-
# restrict_public_buckets: false, # required
|
2770
|
-
# },
|
2771
|
-
# network_origin: {
|
2772
|
-
# vpc_configuration: {
|
2773
|
-
# vpc_id: "VpcId", # required
|
2774
|
-
# },
|
2775
|
-
# internet_configuration: {
|
2776
|
-
# },
|
2777
|
-
# },
|
2778
|
-
# },
|
2779
|
-
# },
|
2780
|
-
# }
|
2781
|
-
#
|
2782
2655
|
# @!attribute [rw] bucket_policy
|
2783
2656
|
# The proposed bucket policy for the Amazon S3 bucket.
|
2784
2657
|
# @return [String]
|
@@ -2828,14 +2701,6 @@ module Aws::AccessAnalyzer
|
|
2828
2701
|
#
|
2829
2702
|
# [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html
|
2830
2703
|
#
|
2831
|
-
# @note When making an API call, you may pass S3PublicAccessBlockConfiguration
|
2832
|
-
# data as a hash:
|
2833
|
-
#
|
2834
|
-
# {
|
2835
|
-
# ignore_public_acls: false, # required
|
2836
|
-
# restrict_public_buckets: false, # required
|
2837
|
-
# }
|
2838
|
-
#
|
2839
2704
|
# @!attribute [rw] ignore_public_acls
|
2840
2705
|
# Specifies whether Amazon S3 should ignore public ACLs for this
|
2841
2706
|
# bucket and objects in this bucket.
|
@@ -2878,14 +2743,6 @@ module Aws::AccessAnalyzer
|
|
2878
2743
|
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html
|
2879
2744
|
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html
|
2880
2745
|
#
|
2881
|
-
# @note When making an API call, you may pass SecretsManagerSecretConfiguration
|
2882
|
-
# data as a hash:
|
2883
|
-
#
|
2884
|
-
# {
|
2885
|
-
# kms_key_id: "SecretsManagerSecretKmsId",
|
2886
|
-
# secret_policy: "SecretsManagerSecretPolicy",
|
2887
|
-
# }
|
2888
|
-
#
|
2889
2746
|
# @!attribute [rw] kms_key_id
|
2890
2747
|
# The proposed ARN, key ID, or alias of the KMS key.
|
2891
2748
|
# @return [String]
|
@@ -2927,15 +2784,41 @@ module Aws::AccessAnalyzer
|
|
2927
2784
|
include Aws::Structure
|
2928
2785
|
end
|
2929
2786
|
|
2930
|
-
# The
|
2787
|
+
# The proposed access control configuration for an Amazon SNS topic. You
|
2788
|
+
# can propose a configuration for a new Amazon SNS topic or an existing
|
2789
|
+
# Amazon SNS topic that you own by specifying the policy. If the
|
2790
|
+
# configuration is for an existing Amazon SNS topic and you do not
|
2791
|
+
# specify the Amazon SNS policy, then the access preview uses the
|
2792
|
+
# existing Amazon SNS policy for the topic. If the access preview is for
|
2793
|
+
# a new resource and you do not specify the policy, then the access
|
2794
|
+
# preview assumes an Amazon SNS topic without a policy. To propose
|
2795
|
+
# deletion of an existing Amazon SNS topic policy, you can specify an
|
2796
|
+
# empty string for the Amazon SNS policy. For more information, see
|
2797
|
+
# [Topic][1].
|
2798
|
+
#
|
2799
|
+
#
|
2800
|
+
#
|
2801
|
+
# [1]: https://docs.aws.amazon.com/sns/latest/api/API_Topic.html
|
2802
|
+
#
|
2803
|
+
# @!attribute [rw] topic_policy
|
2804
|
+
# The JSON policy text that defines who can access an Amazon SNS
|
2805
|
+
# topic. For more information, see [Example cases for Amazon SNS
|
2806
|
+
# access control][1] in the *Amazon SNS Developer Guide*.
|
2807
|
+
#
|
2931
2808
|
#
|
2932
|
-
# @note When making an API call, you may pass SortCriteria
|
2933
|
-
# data as a hash:
|
2934
2809
|
#
|
2935
|
-
#
|
2936
|
-
#
|
2937
|
-
#
|
2938
|
-
#
|
2810
|
+
# [1]: https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html
|
2811
|
+
# @return [String]
|
2812
|
+
#
|
2813
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/SnsTopicConfiguration AWS API Documentation
|
2814
|
+
#
|
2815
|
+
class SnsTopicConfiguration < Struct.new(
|
2816
|
+
:topic_policy)
|
2817
|
+
SENSITIVE = []
|
2818
|
+
include Aws::Structure
|
2819
|
+
end
|
2820
|
+
|
2821
|
+
# The criteria used to sort.
|
2939
2822
|
#
|
2940
2823
|
# @!attribute [rw] attribute_name
|
2941
2824
|
# The name of the attribute to sort on.
|
@@ -2990,13 +2873,6 @@ module Aws::AccessAnalyzer
|
|
2990
2873
|
#
|
2991
2874
|
# [1]: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-policies.html
|
2992
2875
|
#
|
2993
|
-
# @note When making an API call, you may pass SqsQueueConfiguration
|
2994
|
-
# data as a hash:
|
2995
|
-
#
|
2996
|
-
# {
|
2997
|
-
# queue_policy: "SqsQueuePolicy",
|
2998
|
-
# }
|
2999
|
-
#
|
3000
2876
|
# @!attribute [rw] queue_policy
|
3001
2877
|
# The proposed resource policy for the Amazon SQS queue.
|
3002
2878
|
# @return [String]
|
@@ -3009,28 +2885,6 @@ module Aws::AccessAnalyzer
|
|
3009
2885
|
include Aws::Structure
|
3010
2886
|
end
|
3011
2887
|
|
3012
|
-
# @note When making an API call, you may pass StartPolicyGenerationRequest
|
3013
|
-
# data as a hash:
|
3014
|
-
#
|
3015
|
-
# {
|
3016
|
-
# policy_generation_details: { # required
|
3017
|
-
# principal_arn: "PrincipalArn", # required
|
3018
|
-
# },
|
3019
|
-
# cloud_trail_details: {
|
3020
|
-
# trails: [ # required
|
3021
|
-
# {
|
3022
|
-
# cloud_trail_arn: "CloudTrailArn", # required
|
3023
|
-
# regions: ["String"],
|
3024
|
-
# all_regions: false,
|
3025
|
-
# },
|
3026
|
-
# ],
|
3027
|
-
# access_role: "RoleArn", # required
|
3028
|
-
# start_time: Time.now, # required
|
3029
|
-
# end_time: Time.now,
|
3030
|
-
# },
|
3031
|
-
# client_token: "String",
|
3032
|
-
# }
|
3033
|
-
#
|
3034
2888
|
# @!attribute [rw] policy_generation_details
|
3035
2889
|
# Contains the ARN of the IAM entity (user or role) for which you are
|
3036
2890
|
# generating a policy.
|
@@ -3083,14 +2937,6 @@ module Aws::AccessAnalyzer
|
|
3083
2937
|
|
3084
2938
|
# Starts a scan of the policies applied to the specified resource.
|
3085
2939
|
#
|
3086
|
-
# @note When making an API call, you may pass StartResourceScanRequest
|
3087
|
-
# data as a hash:
|
3088
|
-
#
|
3089
|
-
# {
|
3090
|
-
# analyzer_arn: "AnalyzerArn", # required
|
3091
|
-
# resource_arn: "ResourceArn", # required
|
3092
|
-
# }
|
3093
|
-
#
|
3094
2940
|
# @!attribute [rw] analyzer_arn
|
3095
2941
|
# The [ARN of the analyzer][1] to use to scan the policies applied to
|
3096
2942
|
# the specified resource.
|
@@ -3104,11 +2950,18 @@ module Aws::AccessAnalyzer
|
|
3104
2950
|
# The ARN of the resource to scan.
|
3105
2951
|
# @return [String]
|
3106
2952
|
#
|
2953
|
+
# @!attribute [rw] resource_owner_account
|
2954
|
+
# The Amazon Web Services account ID that owns the resource. For most
|
2955
|
+
# Amazon Web Services resources, the owning account is the account in
|
2956
|
+
# which the resource was created.
|
2957
|
+
# @return [String]
|
2958
|
+
#
|
3107
2959
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartResourceScanRequest AWS API Documentation
|
3108
2960
|
#
|
3109
2961
|
class StartResourceScanRequest < Struct.new(
|
3110
2962
|
:analyzer_arn,
|
3111
|
-
:resource_arn
|
2963
|
+
:resource_arn,
|
2964
|
+
:resource_owner_account)
|
3112
2965
|
SENSITIVE = []
|
3113
2966
|
include Aws::Structure
|
3114
2967
|
end
|
@@ -3152,16 +3005,6 @@ module Aws::AccessAnalyzer
|
|
3152
3005
|
|
3153
3006
|
# Adds a tag to the specified resource.
|
3154
3007
|
#
|
3155
|
-
# @note When making an API call, you may pass TagResourceRequest
|
3156
|
-
# data as a hash:
|
3157
|
-
#
|
3158
|
-
# {
|
3159
|
-
# resource_arn: "String", # required
|
3160
|
-
# tags: { # required
|
3161
|
-
# "String" => "String",
|
3162
|
-
# },
|
3163
|
-
# }
|
3164
|
-
#
|
3165
3008
|
# @!attribute [rw] resource_arn
|
3166
3009
|
# The ARN of the resource to add the tag to.
|
3167
3010
|
# @return [String]
|
@@ -3206,15 +3049,6 @@ module Aws::AccessAnalyzer
|
|
3206
3049
|
# Contains details about the CloudTrail trail being analyzed to generate
|
3207
3050
|
# a policy.
|
3208
3051
|
#
|
3209
|
-
# @note When making an API call, you may pass Trail
|
3210
|
-
# data as a hash:
|
3211
|
-
#
|
3212
|
-
# {
|
3213
|
-
# cloud_trail_arn: "CloudTrailArn", # required
|
3214
|
-
# regions: ["String"],
|
3215
|
-
# all_regions: false,
|
3216
|
-
# }
|
3217
|
-
#
|
3218
3052
|
# @!attribute [rw] cloud_trail_arn
|
3219
3053
|
# Specifies the ARN of the trail. The format of a trail ARN is
|
3220
3054
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
|
@@ -3272,14 +3106,6 @@ module Aws::AccessAnalyzer
|
|
3272
3106
|
|
3273
3107
|
# Removes a tag from the specified resource.
|
3274
3108
|
#
|
3275
|
-
# @note When making an API call, you may pass UntagResourceRequest
|
3276
|
-
# data as a hash:
|
3277
|
-
#
|
3278
|
-
# {
|
3279
|
-
# resource_arn: "String", # required
|
3280
|
-
# tag_keys: ["String"], # required
|
3281
|
-
# }
|
3282
|
-
#
|
3283
3109
|
# @!attribute [rw] resource_arn
|
3284
3110
|
# The ARN of the resource to remove the tag from.
|
3285
3111
|
# @return [String]
|
@@ -3305,23 +3131,6 @@ module Aws::AccessAnalyzer
|
|
3305
3131
|
|
3306
3132
|
# Updates the specified archive rule.
|
3307
3133
|
#
|
3308
|
-
# @note When making an API call, you may pass UpdateArchiveRuleRequest
|
3309
|
-
# data as a hash:
|
3310
|
-
#
|
3311
|
-
# {
|
3312
|
-
# analyzer_name: "Name", # required
|
3313
|
-
# rule_name: "Name", # required
|
3314
|
-
# filter: { # required
|
3315
|
-
# "String" => {
|
3316
|
-
# eq: ["String"],
|
3317
|
-
# neq: ["String"],
|
3318
|
-
# contains: ["String"],
|
3319
|
-
# exists: false,
|
3320
|
-
# },
|
3321
|
-
# },
|
3322
|
-
# client_token: "String",
|
3323
|
-
# }
|
3324
|
-
#
|
3325
3134
|
# @!attribute [rw] analyzer_name
|
3326
3135
|
# The name of the analyzer to update the archive rules for.
|
3327
3136
|
# @return [String]
|
@@ -3355,17 +3164,6 @@ module Aws::AccessAnalyzer
|
|
3355
3164
|
|
3356
3165
|
# Updates findings with the new values provided in the request.
|
3357
3166
|
#
|
3358
|
-
# @note When making an API call, you may pass UpdateFindingsRequest
|
3359
|
-
# data as a hash:
|
3360
|
-
#
|
3361
|
-
# {
|
3362
|
-
# analyzer_arn: "AnalyzerArn", # required
|
3363
|
-
# status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
|
3364
|
-
# ids: ["FindingId"],
|
3365
|
-
# resource_arn: "ResourceArn",
|
3366
|
-
# client_token: "String",
|
3367
|
-
# }
|
3368
|
-
#
|
3369
3167
|
# @!attribute [rw] analyzer_arn
|
3370
3168
|
# The [ARN of the analyzer][1] that generated the findings to update.
|
3371
3169
|
#
|
@@ -3458,18 +3256,6 @@ module Aws::AccessAnalyzer
|
|
3458
3256
|
include Aws::Structure
|
3459
3257
|
end
|
3460
3258
|
|
3461
|
-
# @note When making an API call, you may pass ValidatePolicyRequest
|
3462
|
-
# data as a hash:
|
3463
|
-
#
|
3464
|
-
# {
|
3465
|
-
# locale: "DE", # accepts DE, EN, ES, FR, IT, JA, KO, PT_BR, ZH_CN, ZH_TW
|
3466
|
-
# max_results: 1,
|
3467
|
-
# next_token: "Token",
|
3468
|
-
# policy_document: "PolicyDocument", # required
|
3469
|
-
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
|
3470
|
-
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
|
3471
|
-
# }
|
3472
|
-
#
|
3473
3259
|
# @!attribute [rw] locale
|
3474
3260
|
# The locale to use for localizing the findings.
|
3475
3261
|
# @return [String]
|
@@ -3596,13 +3382,6 @@ module Aws::AccessAnalyzer
|
|
3596
3382
|
#
|
3597
3383
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html
|
3598
3384
|
#
|
3599
|
-
# @note When making an API call, you may pass VpcConfiguration
|
3600
|
-
# data as a hash:
|
3601
|
-
#
|
3602
|
-
# {
|
3603
|
-
# vpc_id: "VpcId", # required
|
3604
|
-
# }
|
3605
|
-
#
|
3606
3385
|
# @!attribute [rw] vpc_id
|
3607
3386
|
# If this field is specified, this access point will only allow
|
3608
3387
|
# connections from the specified VPC ID.
|