aws-sdk-accessanalyzer 1.31.0 → 1.32.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +7 -4
- data/lib/aws-sdk-accessanalyzer/client_api.rb +2 -1
- data/lib/aws-sdk-accessanalyzer/endpoint_parameters.rb +3 -0
- data/lib/aws-sdk-accessanalyzer/endpoint_provider.rb +77 -77
- data/lib/aws-sdk-accessanalyzer/types.rb +12 -709
- data/lib/aws-sdk-accessanalyzer.rb +1 -1
- metadata +2 -2
@@ -259,10 +259,6 @@ module Aws::AccessAnalyzer
|
|
259
259
|
#
|
260
260
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html
|
261
261
|
#
|
262
|
-
# @note AclGrantee is a union - when making an API calls you must set exactly one of the members.
|
263
|
-
#
|
264
|
-
# @note AclGrantee is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of AclGrantee corresponding to the set member.
|
265
|
-
#
|
266
262
|
# @!attribute [rw] id
|
267
263
|
# The value specified is the canonical user ID of an Amazon Web
|
268
264
|
# Services account.
|
@@ -447,15 +443,6 @@ module Aws::AccessAnalyzer
|
|
447
443
|
|
448
444
|
# Retroactively applies an archive rule.
|
449
445
|
#
|
450
|
-
# @note When making an API call, you may pass ApplyArchiveRuleRequest
|
451
|
-
# data as a hash:
|
452
|
-
#
|
453
|
-
# {
|
454
|
-
# analyzer_arn: "AnalyzerArn", # required
|
455
|
-
# rule_name: "Name", # required
|
456
|
-
# client_token: "String",
|
457
|
-
# }
|
458
|
-
#
|
459
446
|
# @!attribute [rw] analyzer_arn
|
460
447
|
# The Amazon resource name (ARN) of the analyzer.
|
461
448
|
# @return [String]
|
@@ -510,13 +497,6 @@ module Aws::AccessAnalyzer
|
|
510
497
|
include Aws::Structure
|
511
498
|
end
|
512
499
|
|
513
|
-
# @note When making an API call, you may pass CancelPolicyGenerationRequest
|
514
|
-
# data as a hash:
|
515
|
-
#
|
516
|
-
# {
|
517
|
-
# job_id: "JobId", # required
|
518
|
-
# }
|
519
|
-
#
|
520
500
|
# @!attribute [rw] job_id
|
521
501
|
# The `JobId` that is returned by the `StartPolicyGeneration`
|
522
502
|
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
@@ -538,22 +518,6 @@ module Aws::AccessAnalyzer
|
|
538
518
|
|
539
519
|
# Contains information about CloudTrail access.
|
540
520
|
#
|
541
|
-
# @note When making an API call, you may pass CloudTrailDetails
|
542
|
-
# data as a hash:
|
543
|
-
#
|
544
|
-
# {
|
545
|
-
# trails: [ # required
|
546
|
-
# {
|
547
|
-
# cloud_trail_arn: "CloudTrailArn", # required
|
548
|
-
# regions: ["String"],
|
549
|
-
# all_regions: false,
|
550
|
-
# },
|
551
|
-
# ],
|
552
|
-
# access_role: "RoleArn", # required
|
553
|
-
# start_time: Time.now, # required
|
554
|
-
# end_time: Time.now,
|
555
|
-
# }
|
556
|
-
#
|
557
521
|
# @!attribute [rw] trails
|
558
522
|
# A `Trail` object that contains settings for a trail.
|
559
523
|
# @return [Array<Types::Trail>]
|
@@ -621,10 +585,6 @@ module Aws::AccessAnalyzer
|
|
621
585
|
# the configuration as a type-value pair. You can specify only one type
|
622
586
|
# of access control configuration.
|
623
587
|
#
|
624
|
-
# @note Configuration is a union - when making an API calls you must set exactly one of the members.
|
625
|
-
#
|
626
|
-
# @note Configuration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Configuration corresponding to the set member.
|
627
|
-
#
|
628
588
|
# @!attribute [rw] ebs_snapshot
|
629
589
|
# The access control configuration is for an Amazon EBS volume
|
630
590
|
# snapshot.
|
@@ -727,111 +687,6 @@ module Aws::AccessAnalyzer
|
|
727
687
|
include Aws::Structure
|
728
688
|
end
|
729
689
|
|
730
|
-
# @note When making an API call, you may pass CreateAccessPreviewRequest
|
731
|
-
# data as a hash:
|
732
|
-
#
|
733
|
-
# {
|
734
|
-
# analyzer_arn: "AnalyzerArn", # required
|
735
|
-
# configurations: { # required
|
736
|
-
# "ConfigurationsMapKey" => {
|
737
|
-
# ebs_snapshot: {
|
738
|
-
# user_ids: ["EbsUserId"],
|
739
|
-
# groups: ["EbsGroup"],
|
740
|
-
# kms_key_id: "EbsSnapshotDataEncryptionKeyId",
|
741
|
-
# },
|
742
|
-
# ecr_repository: {
|
743
|
-
# repository_policy: "EcrRepositoryPolicy",
|
744
|
-
# },
|
745
|
-
# iam_role: {
|
746
|
-
# trust_policy: "IamTrustPolicy",
|
747
|
-
# },
|
748
|
-
# efs_file_system: {
|
749
|
-
# file_system_policy: "EfsFileSystemPolicy",
|
750
|
-
# },
|
751
|
-
# kms_key: {
|
752
|
-
# key_policies: {
|
753
|
-
# "PolicyName" => "KmsKeyPolicy",
|
754
|
-
# },
|
755
|
-
# grants: [
|
756
|
-
# {
|
757
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
758
|
-
# grantee_principal: "GranteePrincipal", # required
|
759
|
-
# retiring_principal: "RetiringPrincipal",
|
760
|
-
# constraints: {
|
761
|
-
# encryption_context_equals: {
|
762
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
763
|
-
# },
|
764
|
-
# encryption_context_subset: {
|
765
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
766
|
-
# },
|
767
|
-
# },
|
768
|
-
# issuing_account: "IssuingAccount", # required
|
769
|
-
# },
|
770
|
-
# ],
|
771
|
-
# },
|
772
|
-
# rds_db_cluster_snapshot: {
|
773
|
-
# attributes: {
|
774
|
-
# "RdsDbClusterSnapshotAttributeName" => {
|
775
|
-
# account_ids: ["RdsDbClusterSnapshotAccountId"],
|
776
|
-
# },
|
777
|
-
# },
|
778
|
-
# kms_key_id: "RdsDbClusterSnapshotKmsKeyId",
|
779
|
-
# },
|
780
|
-
# rds_db_snapshot: {
|
781
|
-
# attributes: {
|
782
|
-
# "RdsDbSnapshotAttributeName" => {
|
783
|
-
# account_ids: ["RdsDbSnapshotAccountId"],
|
784
|
-
# },
|
785
|
-
# },
|
786
|
-
# kms_key_id: "RdsDbSnapshotKmsKeyId",
|
787
|
-
# },
|
788
|
-
# secrets_manager_secret: {
|
789
|
-
# kms_key_id: "SecretsManagerSecretKmsId",
|
790
|
-
# secret_policy: "SecretsManagerSecretPolicy",
|
791
|
-
# },
|
792
|
-
# s3_bucket: {
|
793
|
-
# bucket_policy: "S3BucketPolicy",
|
794
|
-
# bucket_acl_grants: [
|
795
|
-
# {
|
796
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
797
|
-
# grantee: { # required
|
798
|
-
# id: "AclCanonicalId",
|
799
|
-
# uri: "AclUri",
|
800
|
-
# },
|
801
|
-
# },
|
802
|
-
# ],
|
803
|
-
# bucket_public_access_block: {
|
804
|
-
# ignore_public_acls: false, # required
|
805
|
-
# restrict_public_buckets: false, # required
|
806
|
-
# },
|
807
|
-
# access_points: {
|
808
|
-
# "AccessPointArn" => {
|
809
|
-
# access_point_policy: "AccessPointPolicy",
|
810
|
-
# public_access_block: {
|
811
|
-
# ignore_public_acls: false, # required
|
812
|
-
# restrict_public_buckets: false, # required
|
813
|
-
# },
|
814
|
-
# network_origin: {
|
815
|
-
# vpc_configuration: {
|
816
|
-
# vpc_id: "VpcId", # required
|
817
|
-
# },
|
818
|
-
# internet_configuration: {
|
819
|
-
# },
|
820
|
-
# },
|
821
|
-
# },
|
822
|
-
# },
|
823
|
-
# },
|
824
|
-
# sns_topic: {
|
825
|
-
# topic_policy: "SnsTopicPolicy",
|
826
|
-
# },
|
827
|
-
# sqs_queue: {
|
828
|
-
# queue_policy: "SqsQueuePolicy",
|
829
|
-
# },
|
830
|
-
# },
|
831
|
-
# },
|
832
|
-
# client_token: "String",
|
833
|
-
# }
|
834
|
-
#
|
835
690
|
# @!attribute [rw] analyzer_arn
|
836
691
|
# The [ARN of the account analyzer][1] used to generate the access
|
837
692
|
# preview. You can only create an access preview for analyzers with an
|
@@ -881,31 +736,6 @@ module Aws::AccessAnalyzer
|
|
881
736
|
|
882
737
|
# Creates an analyzer.
|
883
738
|
#
|
884
|
-
# @note When making an API call, you may pass CreateAnalyzerRequest
|
885
|
-
# data as a hash:
|
886
|
-
#
|
887
|
-
# {
|
888
|
-
# analyzer_name: "Name", # required
|
889
|
-
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
|
890
|
-
# archive_rules: [
|
891
|
-
# {
|
892
|
-
# rule_name: "Name", # required
|
893
|
-
# filter: { # required
|
894
|
-
# "String" => {
|
895
|
-
# eq: ["String"],
|
896
|
-
# neq: ["String"],
|
897
|
-
# contains: ["String"],
|
898
|
-
# exists: false,
|
899
|
-
# },
|
900
|
-
# },
|
901
|
-
# },
|
902
|
-
# ],
|
903
|
-
# tags: {
|
904
|
-
# "String" => "String",
|
905
|
-
# },
|
906
|
-
# client_token: "String",
|
907
|
-
# }
|
908
|
-
#
|
909
739
|
# @!attribute [rw] analyzer_name
|
910
740
|
# The name of the analyzer to create.
|
911
741
|
# @return [String]
|
@@ -962,23 +792,6 @@ module Aws::AccessAnalyzer
|
|
962
792
|
|
963
793
|
# Creates an archive rule.
|
964
794
|
#
|
965
|
-
# @note When making an API call, you may pass CreateArchiveRuleRequest
|
966
|
-
# data as a hash:
|
967
|
-
#
|
968
|
-
# {
|
969
|
-
# analyzer_name: "Name", # required
|
970
|
-
# rule_name: "Name", # required
|
971
|
-
# filter: { # required
|
972
|
-
# "String" => {
|
973
|
-
# eq: ["String"],
|
974
|
-
# neq: ["String"],
|
975
|
-
# contains: ["String"],
|
976
|
-
# exists: false,
|
977
|
-
# },
|
978
|
-
# },
|
979
|
-
# client_token: "String",
|
980
|
-
# }
|
981
|
-
#
|
982
795
|
# @!attribute [rw] analyzer_name
|
983
796
|
# The name of the created analyzer.
|
984
797
|
# @return [String]
|
@@ -1009,17 +822,13 @@ module Aws::AccessAnalyzer
|
|
1009
822
|
include Aws::Structure
|
1010
823
|
end
|
1011
824
|
|
1012
|
-
# The criteria to use in the filter that defines the archive rule.
|
825
|
+
# The criteria to use in the filter that defines the archive rule. For
|
826
|
+
# more information on available filter keys, see [IAM Access Analyzer
|
827
|
+
# filter keys][1].
|
828
|
+
#
|
1013
829
|
#
|
1014
|
-
# @note When making an API call, you may pass Criterion
|
1015
|
-
# data as a hash:
|
1016
830
|
#
|
1017
|
-
#
|
1018
|
-
# eq: ["String"],
|
1019
|
-
# neq: ["String"],
|
1020
|
-
# contains: ["String"],
|
1021
|
-
# exists: false,
|
1022
|
-
# }
|
831
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
|
1023
832
|
#
|
1024
833
|
# @!attribute [rw] eq
|
1025
834
|
# An "equals" operator to match for the filter used to create the
|
@@ -1054,14 +863,6 @@ module Aws::AccessAnalyzer
|
|
1054
863
|
|
1055
864
|
# Deletes an analyzer.
|
1056
865
|
#
|
1057
|
-
# @note When making an API call, you may pass DeleteAnalyzerRequest
|
1058
|
-
# data as a hash:
|
1059
|
-
#
|
1060
|
-
# {
|
1061
|
-
# analyzer_name: "Name", # required
|
1062
|
-
# client_token: "String",
|
1063
|
-
# }
|
1064
|
-
#
|
1065
866
|
# @!attribute [rw] analyzer_name
|
1066
867
|
# The name of the analyzer to delete.
|
1067
868
|
# @return [String]
|
@@ -1084,15 +885,6 @@ module Aws::AccessAnalyzer
|
|
1084
885
|
|
1085
886
|
# Deletes an archive rule.
|
1086
887
|
#
|
1087
|
-
# @note When making an API call, you may pass DeleteArchiveRuleRequest
|
1088
|
-
# data as a hash:
|
1089
|
-
#
|
1090
|
-
# {
|
1091
|
-
# analyzer_name: "Name", # required
|
1092
|
-
# rule_name: "Name", # required
|
1093
|
-
# client_token: "String",
|
1094
|
-
# }
|
1095
|
-
#
|
1096
888
|
# @!attribute [rw] analyzer_name
|
1097
889
|
# The name of the analyzer that associated with the archive rule to
|
1098
890
|
# delete.
|
@@ -1129,15 +921,6 @@ module Aws::AccessAnalyzer
|
|
1129
921
|
#
|
1130
922
|
# [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html
|
1131
923
|
#
|
1132
|
-
# @note When making an API call, you may pass EbsSnapshotConfiguration
|
1133
|
-
# data as a hash:
|
1134
|
-
#
|
1135
|
-
# {
|
1136
|
-
# user_ids: ["EbsUserId"],
|
1137
|
-
# groups: ["EbsGroup"],
|
1138
|
-
# kms_key_id: "EbsSnapshotDataEncryptionKeyId",
|
1139
|
-
# }
|
1140
|
-
#
|
1141
924
|
# @!attribute [rw] user_ids
|
1142
925
|
# The IDs of the Amazon Web Services accounts that have access to the
|
1143
926
|
# Amazon EBS volume snapshot.
|
@@ -1217,13 +1000,6 @@ module Aws::AccessAnalyzer
|
|
1217
1000
|
#
|
1218
1001
|
# [1]: https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html
|
1219
1002
|
#
|
1220
|
-
# @note When making an API call, you may pass EcrRepositoryConfiguration
|
1221
|
-
# data as a hash:
|
1222
|
-
#
|
1223
|
-
# {
|
1224
|
-
# repository_policy: "EcrRepositoryPolicy",
|
1225
|
-
# }
|
1226
|
-
#
|
1227
1003
|
# @!attribute [rw] repository_policy
|
1228
1004
|
# The JSON repository policy text to apply to the Amazon ECR
|
1229
1005
|
# repository. For more information, see [Private repository policy
|
@@ -1263,13 +1039,6 @@ module Aws::AccessAnalyzer
|
|
1263
1039
|
#
|
1264
1040
|
# [1]: https://docs.aws.amazon.com/efs/latest/ug/using-fs.html
|
1265
1041
|
#
|
1266
|
-
# @note When making an API call, you may pass EfsFileSystemConfiguration
|
1267
|
-
# data as a hash:
|
1268
|
-
#
|
1269
|
-
# {
|
1270
|
-
# file_system_policy: "EfsFileSystemPolicy",
|
1271
|
-
# }
|
1272
|
-
#
|
1273
1042
|
# @!attribute [rw] file_system_policy
|
1274
1043
|
# The JSON policy definition to apply to the Amazon EFS file system.
|
1275
1044
|
# For more information on the elements that make up a file system
|
@@ -1404,10 +1173,16 @@ module Aws::AccessAnalyzer
|
|
1404
1173
|
# multi-region access point.
|
1405
1174
|
# @return [String]
|
1406
1175
|
#
|
1176
|
+
# @!attribute [rw] access_point_account
|
1177
|
+
# The account of the cross-account access point that generated the
|
1178
|
+
# finding.
|
1179
|
+
# @return [String]
|
1180
|
+
#
|
1407
1181
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSourceDetail AWS API Documentation
|
1408
1182
|
#
|
1409
1183
|
class FindingSourceDetail < Struct.new(
|
1410
|
-
:access_point_arn
|
1184
|
+
:access_point_arn,
|
1185
|
+
:access_point_account)
|
1411
1186
|
SENSITIVE = []
|
1412
1187
|
include Aws::Structure
|
1413
1188
|
end
|
@@ -1569,14 +1344,6 @@ module Aws::AccessAnalyzer
|
|
1569
1344
|
include Aws::Structure
|
1570
1345
|
end
|
1571
1346
|
|
1572
|
-
# @note When making an API call, you may pass GetAccessPreviewRequest
|
1573
|
-
# data as a hash:
|
1574
|
-
#
|
1575
|
-
# {
|
1576
|
-
# access_preview_id: "AccessPreviewId", # required
|
1577
|
-
# analyzer_arn: "AnalyzerArn", # required
|
1578
|
-
# }
|
1579
|
-
#
|
1580
1347
|
# @!attribute [rw] access_preview_id
|
1581
1348
|
# The unique ID for the access preview.
|
1582
1349
|
# @return [String]
|
@@ -1612,14 +1379,6 @@ module Aws::AccessAnalyzer
|
|
1612
1379
|
|
1613
1380
|
# Retrieves an analyzed resource.
|
1614
1381
|
#
|
1615
|
-
# @note When making an API call, you may pass GetAnalyzedResourceRequest
|
1616
|
-
# data as a hash:
|
1617
|
-
#
|
1618
|
-
# {
|
1619
|
-
# analyzer_arn: "AnalyzerArn", # required
|
1620
|
-
# resource_arn: "ResourceArn", # required
|
1621
|
-
# }
|
1622
|
-
#
|
1623
1382
|
# @!attribute [rw] analyzer_arn
|
1624
1383
|
# The [ARN of the analyzer][1] to retrieve information from.
|
1625
1384
|
#
|
@@ -1658,13 +1417,6 @@ module Aws::AccessAnalyzer
|
|
1658
1417
|
|
1659
1418
|
# Retrieves an analyzer.
|
1660
1419
|
#
|
1661
|
-
# @note When making an API call, you may pass GetAnalyzerRequest
|
1662
|
-
# data as a hash:
|
1663
|
-
#
|
1664
|
-
# {
|
1665
|
-
# analyzer_name: "Name", # required
|
1666
|
-
# }
|
1667
|
-
#
|
1668
1420
|
# @!attribute [rw] analyzer_name
|
1669
1421
|
# The name of the analyzer retrieved.
|
1670
1422
|
# @return [String]
|
@@ -1694,14 +1446,6 @@ module Aws::AccessAnalyzer
|
|
1694
1446
|
|
1695
1447
|
# Retrieves an archive rule.
|
1696
1448
|
#
|
1697
|
-
# @note When making an API call, you may pass GetArchiveRuleRequest
|
1698
|
-
# data as a hash:
|
1699
|
-
#
|
1700
|
-
# {
|
1701
|
-
# analyzer_name: "Name", # required
|
1702
|
-
# rule_name: "Name", # required
|
1703
|
-
# }
|
1704
|
-
#
|
1705
1449
|
# @!attribute [rw] analyzer_name
|
1706
1450
|
# The name of the analyzer to retrieve rules from.
|
1707
1451
|
# @return [String]
|
@@ -1735,14 +1479,6 @@ module Aws::AccessAnalyzer
|
|
1735
1479
|
|
1736
1480
|
# Retrieves a finding.
|
1737
1481
|
#
|
1738
|
-
# @note When making an API call, you may pass GetFindingRequest
|
1739
|
-
# data as a hash:
|
1740
|
-
#
|
1741
|
-
# {
|
1742
|
-
# analyzer_arn: "AnalyzerArn", # required
|
1743
|
-
# id: "FindingId", # required
|
1744
|
-
# }
|
1745
|
-
#
|
1746
1482
|
# @!attribute [rw] analyzer_arn
|
1747
1483
|
# The [ARN of the analyzer][1] that generated the finding.
|
1748
1484
|
#
|
@@ -1778,15 +1514,6 @@ module Aws::AccessAnalyzer
|
|
1778
1514
|
include Aws::Structure
|
1779
1515
|
end
|
1780
1516
|
|
1781
|
-
# @note When making an API call, you may pass GetGeneratedPolicyRequest
|
1782
|
-
# data as a hash:
|
1783
|
-
#
|
1784
|
-
# {
|
1785
|
-
# job_id: "JobId", # required
|
1786
|
-
# include_resource_placeholders: false,
|
1787
|
-
# include_service_level_template: false,
|
1788
|
-
# }
|
1789
|
-
#
|
1790
1517
|
# @!attribute [rw] job_id
|
1791
1518
|
# The `JobId` that is returned by the `StartPolicyGeneration`
|
1792
1519
|
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
@@ -1856,13 +1583,6 @@ module Aws::AccessAnalyzer
|
|
1856
1583
|
#
|
1857
1584
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
|
1858
1585
|
#
|
1859
|
-
# @note When making an API call, you may pass IamRoleConfiguration
|
1860
|
-
# data as a hash:
|
1861
|
-
#
|
1862
|
-
# {
|
1863
|
-
# trust_policy: "IamTrustPolicy",
|
1864
|
-
# }
|
1865
|
-
#
|
1866
1586
|
# @!attribute [rw] trust_policy
|
1867
1587
|
# The proposed trust policy for the IAM role.
|
1868
1588
|
# @return [String]
|
@@ -1878,21 +1598,6 @@ module Aws::AccessAnalyzer
|
|
1878
1598
|
# An criterion statement in an archive rule. Each archive rule may have
|
1879
1599
|
# multiple criteria.
|
1880
1600
|
#
|
1881
|
-
# @note When making an API call, you may pass InlineArchiveRule
|
1882
|
-
# data as a hash:
|
1883
|
-
#
|
1884
|
-
# {
|
1885
|
-
# rule_name: "Name", # required
|
1886
|
-
# filter: { # required
|
1887
|
-
# "String" => {
|
1888
|
-
# eq: ["String"],
|
1889
|
-
# neq: ["String"],
|
1890
|
-
# contains: ["String"],
|
1891
|
-
# exists: false,
|
1892
|
-
# },
|
1893
|
-
# },
|
1894
|
-
# }
|
1895
|
-
#
|
1896
1601
|
# @!attribute [rw] rule_name
|
1897
1602
|
# The name of the rule.
|
1898
1603
|
# @return [String]
|
@@ -1931,8 +1636,6 @@ module Aws::AccessAnalyzer
|
|
1931
1636
|
# This configuration sets the network origin for the Amazon S3 access
|
1932
1637
|
# point or multi-region access point to `Internet`.
|
1933
1638
|
#
|
1934
|
-
# @api private
|
1935
|
-
#
|
1936
1639
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternetConfiguration AWS API Documentation
|
1937
1640
|
#
|
1938
1641
|
class InternetConfiguration < Aws::EmptyStructure; end
|
@@ -2001,24 +1704,6 @@ module Aws::AccessAnalyzer
|
|
2001
1704
|
#
|
2002
1705
|
# [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html
|
2003
1706
|
#
|
2004
|
-
# @note When making an API call, you may pass KmsGrantConfiguration
|
2005
|
-
# data as a hash:
|
2006
|
-
#
|
2007
|
-
# {
|
2008
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
2009
|
-
# grantee_principal: "GranteePrincipal", # required
|
2010
|
-
# retiring_principal: "RetiringPrincipal",
|
2011
|
-
# constraints: {
|
2012
|
-
# encryption_context_equals: {
|
2013
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
2014
|
-
# },
|
2015
|
-
# encryption_context_subset: {
|
2016
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
2017
|
-
# },
|
2018
|
-
# },
|
2019
|
-
# issuing_account: "IssuingAccount", # required
|
2020
|
-
# }
|
2021
|
-
#
|
2022
1707
|
# @!attribute [rw] operations
|
2023
1708
|
# A list of operations that the grant permits.
|
2024
1709
|
# @return [Array<String>]
|
@@ -2078,18 +1763,6 @@ module Aws::AccessAnalyzer
|
|
2078
1763
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
2079
1764
|
# [3]: https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html
|
2080
1765
|
#
|
2081
|
-
# @note When making an API call, you may pass KmsGrantConstraints
|
2082
|
-
# data as a hash:
|
2083
|
-
#
|
2084
|
-
# {
|
2085
|
-
# encryption_context_equals: {
|
2086
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
2087
|
-
# },
|
2088
|
-
# encryption_context_subset: {
|
2089
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
2090
|
-
# },
|
2091
|
-
# }
|
2092
|
-
#
|
2093
1766
|
# @!attribute [rw] encryption_context_equals
|
2094
1767
|
# A list of key-value pairs that must match the encryption context in
|
2095
1768
|
# the [cryptographic operation][1] request. The grant allows the
|
@@ -2140,31 +1813,6 @@ module Aws::AccessAnalyzer
|
|
2140
1813
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
|
2141
1814
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html
|
2142
1815
|
#
|
2143
|
-
# @note When making an API call, you may pass KmsKeyConfiguration
|
2144
|
-
# data as a hash:
|
2145
|
-
#
|
2146
|
-
# {
|
2147
|
-
# key_policies: {
|
2148
|
-
# "PolicyName" => "KmsKeyPolicy",
|
2149
|
-
# },
|
2150
|
-
# grants: [
|
2151
|
-
# {
|
2152
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
2153
|
-
# grantee_principal: "GranteePrincipal", # required
|
2154
|
-
# retiring_principal: "RetiringPrincipal",
|
2155
|
-
# constraints: {
|
2156
|
-
# encryption_context_equals: {
|
2157
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
2158
|
-
# },
|
2159
|
-
# encryption_context_subset: {
|
2160
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
2161
|
-
# },
|
2162
|
-
# },
|
2163
|
-
# issuing_account: "IssuingAccount", # required
|
2164
|
-
# },
|
2165
|
-
# ],
|
2166
|
-
# }
|
2167
|
-
#
|
2168
1816
|
# @!attribute [rw] key_policies
|
2169
1817
|
# Resource policy configuration for the KMS key. The only valid value
|
2170
1818
|
# for the name of the key policy is `default`. For more information,
|
@@ -2192,24 +1840,6 @@ module Aws::AccessAnalyzer
|
|
2192
1840
|
include Aws::Structure
|
2193
1841
|
end
|
2194
1842
|
|
2195
|
-
# @note When making an API call, you may pass ListAccessPreviewFindingsRequest
|
2196
|
-
# data as a hash:
|
2197
|
-
#
|
2198
|
-
# {
|
2199
|
-
# access_preview_id: "AccessPreviewId", # required
|
2200
|
-
# analyzer_arn: "AnalyzerArn", # required
|
2201
|
-
# filter: {
|
2202
|
-
# "String" => {
|
2203
|
-
# eq: ["String"],
|
2204
|
-
# neq: ["String"],
|
2205
|
-
# contains: ["String"],
|
2206
|
-
# exists: false,
|
2207
|
-
# },
|
2208
|
-
# },
|
2209
|
-
# next_token: "Token",
|
2210
|
-
# max_results: 1,
|
2211
|
-
# }
|
2212
|
-
#
|
2213
1843
|
# @!attribute [rw] access_preview_id
|
2214
1844
|
# The unique ID for the access preview.
|
2215
1845
|
# @return [String]
|
@@ -2264,15 +1894,6 @@ module Aws::AccessAnalyzer
|
|
2264
1894
|
include Aws::Structure
|
2265
1895
|
end
|
2266
1896
|
|
2267
|
-
# @note When making an API call, you may pass ListAccessPreviewsRequest
|
2268
|
-
# data as a hash:
|
2269
|
-
#
|
2270
|
-
# {
|
2271
|
-
# analyzer_arn: "AnalyzerArn", # required
|
2272
|
-
# next_token: "Token",
|
2273
|
-
# max_results: 1,
|
2274
|
-
# }
|
2275
|
-
#
|
2276
1897
|
# @!attribute [rw] analyzer_arn
|
2277
1898
|
# The [ARN of the analyzer][1] used to generate the access preview.
|
2278
1899
|
#
|
@@ -2318,16 +1939,6 @@ module Aws::AccessAnalyzer
|
|
2318
1939
|
|
2319
1940
|
# Retrieves a list of resources that have been analyzed.
|
2320
1941
|
#
|
2321
|
-
# @note When making an API call, you may pass ListAnalyzedResourcesRequest
|
2322
|
-
# data as a hash:
|
2323
|
-
#
|
2324
|
-
# {
|
2325
|
-
# analyzer_arn: "AnalyzerArn", # required
|
2326
|
-
# resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic
|
2327
|
-
# next_token: "Token",
|
2328
|
-
# max_results: 1,
|
2329
|
-
# }
|
2330
|
-
#
|
2331
1942
|
# @!attribute [rw] analyzer_arn
|
2332
1943
|
# The [ARN of the analyzer][1] to retrieve a list of analyzed
|
2333
1944
|
# resources from.
|
@@ -2381,15 +1992,6 @@ module Aws::AccessAnalyzer
|
|
2381
1992
|
|
2382
1993
|
# Retrieves a list of analyzers.
|
2383
1994
|
#
|
2384
|
-
# @note When making an API call, you may pass ListAnalyzersRequest
|
2385
|
-
# data as a hash:
|
2386
|
-
#
|
2387
|
-
# {
|
2388
|
-
# next_token: "Token",
|
2389
|
-
# max_results: 1,
|
2390
|
-
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
|
2391
|
-
# }
|
2392
|
-
#
|
2393
1995
|
# @!attribute [rw] next_token
|
2394
1996
|
# A token used for pagination of results returned.
|
2395
1997
|
# @return [String]
|
@@ -2433,15 +2035,6 @@ module Aws::AccessAnalyzer
|
|
2433
2035
|
|
2434
2036
|
# Retrieves a list of archive rules created for the specified analyzer.
|
2435
2037
|
#
|
2436
|
-
# @note When making an API call, you may pass ListArchiveRulesRequest
|
2437
|
-
# data as a hash:
|
2438
|
-
#
|
2439
|
-
# {
|
2440
|
-
# analyzer_name: "Name", # required
|
2441
|
-
# next_token: "Token",
|
2442
|
-
# max_results: 1,
|
2443
|
-
# }
|
2444
|
-
#
|
2445
2038
|
# @!attribute [rw] analyzer_name
|
2446
2039
|
# The name of the analyzer to retrieve rules from.
|
2447
2040
|
# @return [String]
|
@@ -2485,27 +2078,6 @@ module Aws::AccessAnalyzer
|
|
2485
2078
|
|
2486
2079
|
# Retrieves a list of findings generated by the specified analyzer.
|
2487
2080
|
#
|
2488
|
-
# @note When making an API call, you may pass ListFindingsRequest
|
2489
|
-
# data as a hash:
|
2490
|
-
#
|
2491
|
-
# {
|
2492
|
-
# analyzer_arn: "AnalyzerArn", # required
|
2493
|
-
# filter: {
|
2494
|
-
# "String" => {
|
2495
|
-
# eq: ["String"],
|
2496
|
-
# neq: ["String"],
|
2497
|
-
# contains: ["String"],
|
2498
|
-
# exists: false,
|
2499
|
-
# },
|
2500
|
-
# },
|
2501
|
-
# sort: {
|
2502
|
-
# attribute_name: "String",
|
2503
|
-
# order_by: "ASC", # accepts ASC, DESC
|
2504
|
-
# },
|
2505
|
-
# next_token: "Token",
|
2506
|
-
# max_results: 1,
|
2507
|
-
# }
|
2508
|
-
#
|
2509
2081
|
# @!attribute [rw] analyzer_arn
|
2510
2082
|
# The [ARN of the analyzer][1] to retrieve findings from.
|
2511
2083
|
#
|
@@ -2562,15 +2134,6 @@ module Aws::AccessAnalyzer
|
|
2562
2134
|
include Aws::Structure
|
2563
2135
|
end
|
2564
2136
|
|
2565
|
-
# @note When making an API call, you may pass ListPolicyGenerationsRequest
|
2566
|
-
# data as a hash:
|
2567
|
-
#
|
2568
|
-
# {
|
2569
|
-
# principal_arn: "PrincipalArn",
|
2570
|
-
# max_results: 1,
|
2571
|
-
# next_token: "Token",
|
2572
|
-
# }
|
2573
|
-
#
|
2574
2137
|
# @!attribute [rw] principal_arn
|
2575
2138
|
# The ARN of the IAM entity (user or role) for which you are
|
2576
2139
|
# generating a policy. Use this with `ListGeneratedPolicies` to filter
|
@@ -2615,13 +2178,6 @@ module Aws::AccessAnalyzer
|
|
2615
2178
|
|
2616
2179
|
# Retrieves a list of tags applied to the specified resource.
|
2617
2180
|
#
|
2618
|
-
# @note When making an API call, you may pass ListTagsForResourceRequest
|
2619
|
-
# data as a hash:
|
2620
|
-
#
|
2621
|
-
# {
|
2622
|
-
# resource_arn: "String", # required
|
2623
|
-
# }
|
2624
|
-
#
|
2625
2181
|
# @!attribute [rw] resource_arn
|
2626
2182
|
# The ARN of the resource to retrieve tags from.
|
2627
2183
|
# @return [String]
|
@@ -2680,10 +2236,6 @@ module Aws::AccessAnalyzer
|
|
2680
2236
|
#
|
2681
2237
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
|
2682
2238
|
#
|
2683
|
-
# @note NetworkOriginConfiguration is a union - when making an API calls you must set exactly one of the members.
|
2684
|
-
#
|
2685
|
-
# @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
|
2686
|
-
#
|
2687
2239
|
# @!attribute [rw] vpc_configuration
|
2688
2240
|
# The proposed virtual private cloud (VPC) configuration for the
|
2689
2241
|
# Amazon S3 access point. VPC configuration does not apply to
|
@@ -2718,8 +2270,6 @@ module Aws::AccessAnalyzer
|
|
2718
2270
|
# A single element in a path through the JSON representation of a
|
2719
2271
|
# policy.
|
2720
2272
|
#
|
2721
|
-
# @note PathElement is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of PathElement corresponding to the set member.
|
2722
|
-
#
|
2723
2273
|
# @!attribute [rw] index
|
2724
2274
|
# Refers to an index in a JSON array.
|
2725
2275
|
# @return [Integer]
|
@@ -2796,13 +2346,6 @@ module Aws::AccessAnalyzer
|
|
2796
2346
|
# Contains the ARN details about the IAM entity for which the policy is
|
2797
2347
|
# generated.
|
2798
2348
|
#
|
2799
|
-
# @note When making an API call, you may pass PolicyGenerationDetails
|
2800
|
-
# data as a hash:
|
2801
|
-
#
|
2802
|
-
# {
|
2803
|
-
# principal_arn: "PrincipalArn", # required
|
2804
|
-
# }
|
2805
|
-
#
|
2806
2349
|
# @!attribute [rw] principal_arn
|
2807
2350
|
# The ARN of the IAM entity (user or role) for which you are
|
2808
2351
|
# generating a policy.
|
@@ -2843,10 +2386,6 @@ module Aws::AccessAnalyzer
|
|
2843
2386
|
|
2844
2387
|
# The values for a manual Amazon RDS DB cluster snapshot attribute.
|
2845
2388
|
#
|
2846
|
-
# @note RdsDbClusterSnapshotAttributeValue is a union - when making an API calls you must set exactly one of the members.
|
2847
|
-
#
|
2848
|
-
# @note RdsDbClusterSnapshotAttributeValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of RdsDbClusterSnapshotAttributeValue corresponding to the set member.
|
2849
|
-
#
|
2850
2389
|
# @!attribute [rw] account_ids
|
2851
2390
|
# The Amazon Web Services account IDs that have access to the manual
|
2852
2391
|
# Amazon RDS DB cluster snapshot. If the value `all` is specified,
|
@@ -2892,18 +2431,6 @@ module Aws::AccessAnalyzer
|
|
2892
2431
|
#
|
2893
2432
|
# [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html
|
2894
2433
|
#
|
2895
|
-
# @note When making an API call, you may pass RdsDbClusterSnapshotConfiguration
|
2896
|
-
# data as a hash:
|
2897
|
-
#
|
2898
|
-
# {
|
2899
|
-
# attributes: {
|
2900
|
-
# "RdsDbClusterSnapshotAttributeName" => {
|
2901
|
-
# account_ids: ["RdsDbClusterSnapshotAccountId"],
|
2902
|
-
# },
|
2903
|
-
# },
|
2904
|
-
# kms_key_id: "RdsDbClusterSnapshotKmsKeyId",
|
2905
|
-
# }
|
2906
|
-
#
|
2907
2434
|
# @!attribute [rw] attributes
|
2908
2435
|
# The names and values of manual DB cluster snapshot attributes.
|
2909
2436
|
# Manual DB cluster snapshot attributes are used to authorize other
|
@@ -2940,10 +2467,6 @@ module Aws::AccessAnalyzer
|
|
2940
2467
|
# Manual DB snapshot attributes are used to authorize other Amazon Web
|
2941
2468
|
# Services accounts to restore a manual DB snapshot.
|
2942
2469
|
#
|
2943
|
-
# @note RdsDbSnapshotAttributeValue is a union - when making an API calls you must set exactly one of the members.
|
2944
|
-
#
|
2945
|
-
# @note RdsDbSnapshotAttributeValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of RdsDbSnapshotAttributeValue corresponding to the set member.
|
2946
|
-
#
|
2947
2470
|
# @!attribute [rw] account_ids
|
2948
2471
|
# The Amazon Web Services account IDs that have access to the manual
|
2949
2472
|
# Amazon RDS DB snapshot. If the value `all` is specified, then the
|
@@ -2988,18 +2511,6 @@ module Aws::AccessAnalyzer
|
|
2988
2511
|
#
|
2989
2512
|
# [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html
|
2990
2513
|
#
|
2991
|
-
# @note When making an API call, you may pass RdsDbSnapshotConfiguration
|
2992
|
-
# data as a hash:
|
2993
|
-
#
|
2994
|
-
# {
|
2995
|
-
# attributes: {
|
2996
|
-
# "RdsDbSnapshotAttributeName" => {
|
2997
|
-
# account_ids: ["RdsDbSnapshotAccountId"],
|
2998
|
-
# },
|
2999
|
-
# },
|
3000
|
-
# kms_key_id: "RdsDbSnapshotKmsKeyId",
|
3001
|
-
# }
|
3002
|
-
#
|
3003
2514
|
# @!attribute [rw] attributes
|
3004
2515
|
# The names and values of manual DB snapshot attributes. Manual DB
|
3005
2516
|
# snapshot attributes are used to authorize other Amazon Web Services
|
@@ -3070,24 +2581,6 @@ module Aws::AccessAnalyzer
|
|
3070
2581
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
|
3071
2582
|
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html
|
3072
2583
|
#
|
3073
|
-
# @note When making an API call, you may pass S3AccessPointConfiguration
|
3074
|
-
# data as a hash:
|
3075
|
-
#
|
3076
|
-
# {
|
3077
|
-
# access_point_policy: "AccessPointPolicy",
|
3078
|
-
# public_access_block: {
|
3079
|
-
# ignore_public_acls: false, # required
|
3080
|
-
# restrict_public_buckets: false, # required
|
3081
|
-
# },
|
3082
|
-
# network_origin: {
|
3083
|
-
# vpc_configuration: {
|
3084
|
-
# vpc_id: "VpcId", # required
|
3085
|
-
# },
|
3086
|
-
# internet_configuration: {
|
3087
|
-
# },
|
3088
|
-
# },
|
3089
|
-
# }
|
3090
|
-
#
|
3091
2584
|
# @!attribute [rw] access_point_policy
|
3092
2585
|
# The access point or multi-region access point policy.
|
3093
2586
|
# @return [String]
|
@@ -3124,17 +2617,6 @@ module Aws::AccessAnalyzer
|
|
3124
2617
|
#
|
3125
2618
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#setting-acls
|
3126
2619
|
#
|
3127
|
-
# @note When making an API call, you may pass S3BucketAclGrantConfiguration
|
3128
|
-
# data as a hash:
|
3129
|
-
#
|
3130
|
-
# {
|
3131
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
3132
|
-
# grantee: { # required
|
3133
|
-
# id: "AclCanonicalId",
|
3134
|
-
# uri: "AclUri",
|
3135
|
-
# },
|
3136
|
-
# }
|
3137
|
-
#
|
3138
2620
|
# @!attribute [rw] permission
|
3139
2621
|
# The permissions being granted.
|
3140
2622
|
# @return [String]
|
@@ -3170,42 +2652,6 @@ module Aws::AccessAnalyzer
|
|
3170
2652
|
#
|
3171
2653
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
|
3172
2654
|
#
|
3173
|
-
# @note When making an API call, you may pass S3BucketConfiguration
|
3174
|
-
# data as a hash:
|
3175
|
-
#
|
3176
|
-
# {
|
3177
|
-
# bucket_policy: "S3BucketPolicy",
|
3178
|
-
# bucket_acl_grants: [
|
3179
|
-
# {
|
3180
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
3181
|
-
# grantee: { # required
|
3182
|
-
# id: "AclCanonicalId",
|
3183
|
-
# uri: "AclUri",
|
3184
|
-
# },
|
3185
|
-
# },
|
3186
|
-
# ],
|
3187
|
-
# bucket_public_access_block: {
|
3188
|
-
# ignore_public_acls: false, # required
|
3189
|
-
# restrict_public_buckets: false, # required
|
3190
|
-
# },
|
3191
|
-
# access_points: {
|
3192
|
-
# "AccessPointArn" => {
|
3193
|
-
# access_point_policy: "AccessPointPolicy",
|
3194
|
-
# public_access_block: {
|
3195
|
-
# ignore_public_acls: false, # required
|
3196
|
-
# restrict_public_buckets: false, # required
|
3197
|
-
# },
|
3198
|
-
# network_origin: {
|
3199
|
-
# vpc_configuration: {
|
3200
|
-
# vpc_id: "VpcId", # required
|
3201
|
-
# },
|
3202
|
-
# internet_configuration: {
|
3203
|
-
# },
|
3204
|
-
# },
|
3205
|
-
# },
|
3206
|
-
# },
|
3207
|
-
# }
|
3208
|
-
#
|
3209
2655
|
# @!attribute [rw] bucket_policy
|
3210
2656
|
# The proposed bucket policy for the Amazon S3 bucket.
|
3211
2657
|
# @return [String]
|
@@ -3255,14 +2701,6 @@ module Aws::AccessAnalyzer
|
|
3255
2701
|
#
|
3256
2702
|
# [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html
|
3257
2703
|
#
|
3258
|
-
# @note When making an API call, you may pass S3PublicAccessBlockConfiguration
|
3259
|
-
# data as a hash:
|
3260
|
-
#
|
3261
|
-
# {
|
3262
|
-
# ignore_public_acls: false, # required
|
3263
|
-
# restrict_public_buckets: false, # required
|
3264
|
-
# }
|
3265
|
-
#
|
3266
2704
|
# @!attribute [rw] ignore_public_acls
|
3267
2705
|
# Specifies whether Amazon S3 should ignore public ACLs for this
|
3268
2706
|
# bucket and objects in this bucket.
|
@@ -3305,14 +2743,6 @@ module Aws::AccessAnalyzer
|
|
3305
2743
|
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html
|
3306
2744
|
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html
|
3307
2745
|
#
|
3308
|
-
# @note When making an API call, you may pass SecretsManagerSecretConfiguration
|
3309
|
-
# data as a hash:
|
3310
|
-
#
|
3311
|
-
# {
|
3312
|
-
# kms_key_id: "SecretsManagerSecretKmsId",
|
3313
|
-
# secret_policy: "SecretsManagerSecretPolicy",
|
3314
|
-
# }
|
3315
|
-
#
|
3316
2746
|
# @!attribute [rw] kms_key_id
|
3317
2747
|
# The proposed ARN, key ID, or alias of the KMS key.
|
3318
2748
|
# @return [String]
|
@@ -3370,13 +2800,6 @@ module Aws::AccessAnalyzer
|
|
3370
2800
|
#
|
3371
2801
|
# [1]: https://docs.aws.amazon.com/sns/latest/api/API_Topic.html
|
3372
2802
|
#
|
3373
|
-
# @note When making an API call, you may pass SnsTopicConfiguration
|
3374
|
-
# data as a hash:
|
3375
|
-
#
|
3376
|
-
# {
|
3377
|
-
# topic_policy: "SnsTopicPolicy",
|
3378
|
-
# }
|
3379
|
-
#
|
3380
2803
|
# @!attribute [rw] topic_policy
|
3381
2804
|
# The JSON policy text that defines who can access an Amazon SNS
|
3382
2805
|
# topic. For more information, see [Example cases for Amazon SNS
|
@@ -3397,14 +2820,6 @@ module Aws::AccessAnalyzer
|
|
3397
2820
|
|
3398
2821
|
# The criteria used to sort.
|
3399
2822
|
#
|
3400
|
-
# @note When making an API call, you may pass SortCriteria
|
3401
|
-
# data as a hash:
|
3402
|
-
#
|
3403
|
-
# {
|
3404
|
-
# attribute_name: "String",
|
3405
|
-
# order_by: "ASC", # accepts ASC, DESC
|
3406
|
-
# }
|
3407
|
-
#
|
3408
2823
|
# @!attribute [rw] attribute_name
|
3409
2824
|
# The name of the attribute to sort on.
|
3410
2825
|
# @return [String]
|
@@ -3458,13 +2873,6 @@ module Aws::AccessAnalyzer
|
|
3458
2873
|
#
|
3459
2874
|
# [1]: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-policies.html
|
3460
2875
|
#
|
3461
|
-
# @note When making an API call, you may pass SqsQueueConfiguration
|
3462
|
-
# data as a hash:
|
3463
|
-
#
|
3464
|
-
# {
|
3465
|
-
# queue_policy: "SqsQueuePolicy",
|
3466
|
-
# }
|
3467
|
-
#
|
3468
2876
|
# @!attribute [rw] queue_policy
|
3469
2877
|
# The proposed resource policy for the Amazon SQS queue.
|
3470
2878
|
# @return [String]
|
@@ -3477,28 +2885,6 @@ module Aws::AccessAnalyzer
|
|
3477
2885
|
include Aws::Structure
|
3478
2886
|
end
|
3479
2887
|
|
3480
|
-
# @note When making an API call, you may pass StartPolicyGenerationRequest
|
3481
|
-
# data as a hash:
|
3482
|
-
#
|
3483
|
-
# {
|
3484
|
-
# policy_generation_details: { # required
|
3485
|
-
# principal_arn: "PrincipalArn", # required
|
3486
|
-
# },
|
3487
|
-
# cloud_trail_details: {
|
3488
|
-
# trails: [ # required
|
3489
|
-
# {
|
3490
|
-
# cloud_trail_arn: "CloudTrailArn", # required
|
3491
|
-
# regions: ["String"],
|
3492
|
-
# all_regions: false,
|
3493
|
-
# },
|
3494
|
-
# ],
|
3495
|
-
# access_role: "RoleArn", # required
|
3496
|
-
# start_time: Time.now, # required
|
3497
|
-
# end_time: Time.now,
|
3498
|
-
# },
|
3499
|
-
# client_token: "String",
|
3500
|
-
# }
|
3501
|
-
#
|
3502
2888
|
# @!attribute [rw] policy_generation_details
|
3503
2889
|
# Contains the ARN of the IAM entity (user or role) for which you are
|
3504
2890
|
# generating a policy.
|
@@ -3551,15 +2937,6 @@ module Aws::AccessAnalyzer
|
|
3551
2937
|
|
3552
2938
|
# Starts a scan of the policies applied to the specified resource.
|
3553
2939
|
#
|
3554
|
-
# @note When making an API call, you may pass StartResourceScanRequest
|
3555
|
-
# data as a hash:
|
3556
|
-
#
|
3557
|
-
# {
|
3558
|
-
# analyzer_arn: "AnalyzerArn", # required
|
3559
|
-
# resource_arn: "ResourceArn", # required
|
3560
|
-
# resource_owner_account: "String",
|
3561
|
-
# }
|
3562
|
-
#
|
3563
2940
|
# @!attribute [rw] analyzer_arn
|
3564
2941
|
# The [ARN of the analyzer][1] to use to scan the policies applied to
|
3565
2942
|
# the specified resource.
|
@@ -3628,16 +3005,6 @@ module Aws::AccessAnalyzer
|
|
3628
3005
|
|
3629
3006
|
# Adds a tag to the specified resource.
|
3630
3007
|
#
|
3631
|
-
# @note When making an API call, you may pass TagResourceRequest
|
3632
|
-
# data as a hash:
|
3633
|
-
#
|
3634
|
-
# {
|
3635
|
-
# resource_arn: "String", # required
|
3636
|
-
# tags: { # required
|
3637
|
-
# "String" => "String",
|
3638
|
-
# },
|
3639
|
-
# }
|
3640
|
-
#
|
3641
3008
|
# @!attribute [rw] resource_arn
|
3642
3009
|
# The ARN of the resource to add the tag to.
|
3643
3010
|
# @return [String]
|
@@ -3682,15 +3049,6 @@ module Aws::AccessAnalyzer
|
|
3682
3049
|
# Contains details about the CloudTrail trail being analyzed to generate
|
3683
3050
|
# a policy.
|
3684
3051
|
#
|
3685
|
-
# @note When making an API call, you may pass Trail
|
3686
|
-
# data as a hash:
|
3687
|
-
#
|
3688
|
-
# {
|
3689
|
-
# cloud_trail_arn: "CloudTrailArn", # required
|
3690
|
-
# regions: ["String"],
|
3691
|
-
# all_regions: false,
|
3692
|
-
# }
|
3693
|
-
#
|
3694
3052
|
# @!attribute [rw] cloud_trail_arn
|
3695
3053
|
# Specifies the ARN of the trail. The format of a trail ARN is
|
3696
3054
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
|
@@ -3748,14 +3106,6 @@ module Aws::AccessAnalyzer
|
|
3748
3106
|
|
3749
3107
|
# Removes a tag from the specified resource.
|
3750
3108
|
#
|
3751
|
-
# @note When making an API call, you may pass UntagResourceRequest
|
3752
|
-
# data as a hash:
|
3753
|
-
#
|
3754
|
-
# {
|
3755
|
-
# resource_arn: "String", # required
|
3756
|
-
# tag_keys: ["String"], # required
|
3757
|
-
# }
|
3758
|
-
#
|
3759
3109
|
# @!attribute [rw] resource_arn
|
3760
3110
|
# The ARN of the resource to remove the tag from.
|
3761
3111
|
# @return [String]
|
@@ -3781,23 +3131,6 @@ module Aws::AccessAnalyzer
|
|
3781
3131
|
|
3782
3132
|
# Updates the specified archive rule.
|
3783
3133
|
#
|
3784
|
-
# @note When making an API call, you may pass UpdateArchiveRuleRequest
|
3785
|
-
# data as a hash:
|
3786
|
-
#
|
3787
|
-
# {
|
3788
|
-
# analyzer_name: "Name", # required
|
3789
|
-
# rule_name: "Name", # required
|
3790
|
-
# filter: { # required
|
3791
|
-
# "String" => {
|
3792
|
-
# eq: ["String"],
|
3793
|
-
# neq: ["String"],
|
3794
|
-
# contains: ["String"],
|
3795
|
-
# exists: false,
|
3796
|
-
# },
|
3797
|
-
# },
|
3798
|
-
# client_token: "String",
|
3799
|
-
# }
|
3800
|
-
#
|
3801
3134
|
# @!attribute [rw] analyzer_name
|
3802
3135
|
# The name of the analyzer to update the archive rules for.
|
3803
3136
|
# @return [String]
|
@@ -3831,17 +3164,6 @@ module Aws::AccessAnalyzer
|
|
3831
3164
|
|
3832
3165
|
# Updates findings with the new values provided in the request.
|
3833
3166
|
#
|
3834
|
-
# @note When making an API call, you may pass UpdateFindingsRequest
|
3835
|
-
# data as a hash:
|
3836
|
-
#
|
3837
|
-
# {
|
3838
|
-
# analyzer_arn: "AnalyzerArn", # required
|
3839
|
-
# status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
|
3840
|
-
# ids: ["FindingId"],
|
3841
|
-
# resource_arn: "ResourceArn",
|
3842
|
-
# client_token: "String",
|
3843
|
-
# }
|
3844
|
-
#
|
3845
3167
|
# @!attribute [rw] analyzer_arn
|
3846
3168
|
# The [ARN of the analyzer][1] that generated the findings to update.
|
3847
3169
|
#
|
@@ -3934,18 +3256,6 @@ module Aws::AccessAnalyzer
|
|
3934
3256
|
include Aws::Structure
|
3935
3257
|
end
|
3936
3258
|
|
3937
|
-
# @note When making an API call, you may pass ValidatePolicyRequest
|
3938
|
-
# data as a hash:
|
3939
|
-
#
|
3940
|
-
# {
|
3941
|
-
# locale: "DE", # accepts DE, EN, ES, FR, IT, JA, KO, PT_BR, ZH_CN, ZH_TW
|
3942
|
-
# max_results: 1,
|
3943
|
-
# next_token: "Token",
|
3944
|
-
# policy_document: "PolicyDocument", # required
|
3945
|
-
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
|
3946
|
-
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
|
3947
|
-
# }
|
3948
|
-
#
|
3949
3259
|
# @!attribute [rw] locale
|
3950
3260
|
# The locale to use for localizing the findings.
|
3951
3261
|
# @return [String]
|
@@ -4072,13 +3382,6 @@ module Aws::AccessAnalyzer
|
|
4072
3382
|
#
|
4073
3383
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html
|
4074
3384
|
#
|
4075
|
-
# @note When making an API call, you may pass VpcConfiguration
|
4076
|
-
# data as a hash:
|
4077
|
-
#
|
4078
|
-
# {
|
4079
|
-
# vpc_id: "VpcId", # required
|
4080
|
-
# }
|
4081
|
-
#
|
4082
3385
|
# @!attribute [rw] vpc_id
|
4083
3386
|
# If this field is specified, this access point will only allow
|
4084
3387
|
# connections from the specified VPC ID.
|