aws-sdk-accessanalyzer 1.31.0 → 1.32.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +7 -4
- data/lib/aws-sdk-accessanalyzer/client_api.rb +2 -1
- data/lib/aws-sdk-accessanalyzer/endpoint_parameters.rb +3 -0
- data/lib/aws-sdk-accessanalyzer/endpoint_provider.rb +77 -77
- data/lib/aws-sdk-accessanalyzer/types.rb +12 -709
- data/lib/aws-sdk-accessanalyzer.rb +1 -1
- metadata +2 -2
@@ -259,10 +259,6 @@ module Aws::AccessAnalyzer
|
|
259
259
|
#
|
260
260
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html
|
261
261
|
#
|
262
|
-
# @note AclGrantee is a union - when making an API calls you must set exactly one of the members.
|
263
|
-
#
|
264
|
-
# @note AclGrantee is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of AclGrantee corresponding to the set member.
|
265
|
-
#
|
266
262
|
# @!attribute [rw] id
|
267
263
|
# The value specified is the canonical user ID of an Amazon Web
|
268
264
|
# Services account.
|
@@ -447,15 +443,6 @@ module Aws::AccessAnalyzer
|
|
447
443
|
|
448
444
|
# Retroactively applies an archive rule.
|
449
445
|
#
|
450
|
-
# @note When making an API call, you may pass ApplyArchiveRuleRequest
|
451
|
-
# data as a hash:
|
452
|
-
#
|
453
|
-
# {
|
454
|
-
# analyzer_arn: "AnalyzerArn", # required
|
455
|
-
# rule_name: "Name", # required
|
456
|
-
# client_token: "String",
|
457
|
-
# }
|
458
|
-
#
|
459
446
|
# @!attribute [rw] analyzer_arn
|
460
447
|
# The Amazon resource name (ARN) of the analyzer.
|
461
448
|
# @return [String]
|
@@ -510,13 +497,6 @@ module Aws::AccessAnalyzer
|
|
510
497
|
include Aws::Structure
|
511
498
|
end
|
512
499
|
|
513
|
-
# @note When making an API call, you may pass CancelPolicyGenerationRequest
|
514
|
-
# data as a hash:
|
515
|
-
#
|
516
|
-
# {
|
517
|
-
# job_id: "JobId", # required
|
518
|
-
# }
|
519
|
-
#
|
520
500
|
# @!attribute [rw] job_id
|
521
501
|
# The `JobId` that is returned by the `StartPolicyGeneration`
|
522
502
|
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
@@ -538,22 +518,6 @@ module Aws::AccessAnalyzer
|
|
538
518
|
|
539
519
|
# Contains information about CloudTrail access.
|
540
520
|
#
|
541
|
-
# @note When making an API call, you may pass CloudTrailDetails
|
542
|
-
# data as a hash:
|
543
|
-
#
|
544
|
-
# {
|
545
|
-
# trails: [ # required
|
546
|
-
# {
|
547
|
-
# cloud_trail_arn: "CloudTrailArn", # required
|
548
|
-
# regions: ["String"],
|
549
|
-
# all_regions: false,
|
550
|
-
# },
|
551
|
-
# ],
|
552
|
-
# access_role: "RoleArn", # required
|
553
|
-
# start_time: Time.now, # required
|
554
|
-
# end_time: Time.now,
|
555
|
-
# }
|
556
|
-
#
|
557
521
|
# @!attribute [rw] trails
|
558
522
|
# A `Trail` object that contains settings for a trail.
|
559
523
|
# @return [Array<Types::Trail>]
|
@@ -621,10 +585,6 @@ module Aws::AccessAnalyzer
|
|
621
585
|
# the configuration as a type-value pair. You can specify only one type
|
622
586
|
# of access control configuration.
|
623
587
|
#
|
624
|
-
# @note Configuration is a union - when making an API calls you must set exactly one of the members.
|
625
|
-
#
|
626
|
-
# @note Configuration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Configuration corresponding to the set member.
|
627
|
-
#
|
628
588
|
# @!attribute [rw] ebs_snapshot
|
629
589
|
# The access control configuration is for an Amazon EBS volume
|
630
590
|
# snapshot.
|
@@ -727,111 +687,6 @@ module Aws::AccessAnalyzer
|
|
727
687
|
include Aws::Structure
|
728
688
|
end
|
729
689
|
|
730
|
-
# @note When making an API call, you may pass CreateAccessPreviewRequest
|
731
|
-
# data as a hash:
|
732
|
-
#
|
733
|
-
# {
|
734
|
-
# analyzer_arn: "AnalyzerArn", # required
|
735
|
-
# configurations: { # required
|
736
|
-
# "ConfigurationsMapKey" => {
|
737
|
-
# ebs_snapshot: {
|
738
|
-
# user_ids: ["EbsUserId"],
|
739
|
-
# groups: ["EbsGroup"],
|
740
|
-
# kms_key_id: "EbsSnapshotDataEncryptionKeyId",
|
741
|
-
# },
|
742
|
-
# ecr_repository: {
|
743
|
-
# repository_policy: "EcrRepositoryPolicy",
|
744
|
-
# },
|
745
|
-
# iam_role: {
|
746
|
-
# trust_policy: "IamTrustPolicy",
|
747
|
-
# },
|
748
|
-
# efs_file_system: {
|
749
|
-
# file_system_policy: "EfsFileSystemPolicy",
|
750
|
-
# },
|
751
|
-
# kms_key: {
|
752
|
-
# key_policies: {
|
753
|
-
# "PolicyName" => "KmsKeyPolicy",
|
754
|
-
# },
|
755
|
-
# grants: [
|
756
|
-
# {
|
757
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
758
|
-
# grantee_principal: "GranteePrincipal", # required
|
759
|
-
# retiring_principal: "RetiringPrincipal",
|
760
|
-
# constraints: {
|
761
|
-
# encryption_context_equals: {
|
762
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
763
|
-
# },
|
764
|
-
# encryption_context_subset: {
|
765
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
766
|
-
# },
|
767
|
-
# },
|
768
|
-
# issuing_account: "IssuingAccount", # required
|
769
|
-
# },
|
770
|
-
# ],
|
771
|
-
# },
|
772
|
-
# rds_db_cluster_snapshot: {
|
773
|
-
# attributes: {
|
774
|
-
# "RdsDbClusterSnapshotAttributeName" => {
|
775
|
-
# account_ids: ["RdsDbClusterSnapshotAccountId"],
|
776
|
-
# },
|
777
|
-
# },
|
778
|
-
# kms_key_id: "RdsDbClusterSnapshotKmsKeyId",
|
779
|
-
# },
|
780
|
-
# rds_db_snapshot: {
|
781
|
-
# attributes: {
|
782
|
-
# "RdsDbSnapshotAttributeName" => {
|
783
|
-
# account_ids: ["RdsDbSnapshotAccountId"],
|
784
|
-
# },
|
785
|
-
# },
|
786
|
-
# kms_key_id: "RdsDbSnapshotKmsKeyId",
|
787
|
-
# },
|
788
|
-
# secrets_manager_secret: {
|
789
|
-
# kms_key_id: "SecretsManagerSecretKmsId",
|
790
|
-
# secret_policy: "SecretsManagerSecretPolicy",
|
791
|
-
# },
|
792
|
-
# s3_bucket: {
|
793
|
-
# bucket_policy: "S3BucketPolicy",
|
794
|
-
# bucket_acl_grants: [
|
795
|
-
# {
|
796
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
797
|
-
# grantee: { # required
|
798
|
-
# id: "AclCanonicalId",
|
799
|
-
# uri: "AclUri",
|
800
|
-
# },
|
801
|
-
# },
|
802
|
-
# ],
|
803
|
-
# bucket_public_access_block: {
|
804
|
-
# ignore_public_acls: false, # required
|
805
|
-
# restrict_public_buckets: false, # required
|
806
|
-
# },
|
807
|
-
# access_points: {
|
808
|
-
# "AccessPointArn" => {
|
809
|
-
# access_point_policy: "AccessPointPolicy",
|
810
|
-
# public_access_block: {
|
811
|
-
# ignore_public_acls: false, # required
|
812
|
-
# restrict_public_buckets: false, # required
|
813
|
-
# },
|
814
|
-
# network_origin: {
|
815
|
-
# vpc_configuration: {
|
816
|
-
# vpc_id: "VpcId", # required
|
817
|
-
# },
|
818
|
-
# internet_configuration: {
|
819
|
-
# },
|
820
|
-
# },
|
821
|
-
# },
|
822
|
-
# },
|
823
|
-
# },
|
824
|
-
# sns_topic: {
|
825
|
-
# topic_policy: "SnsTopicPolicy",
|
826
|
-
# },
|
827
|
-
# sqs_queue: {
|
828
|
-
# queue_policy: "SqsQueuePolicy",
|
829
|
-
# },
|
830
|
-
# },
|
831
|
-
# },
|
832
|
-
# client_token: "String",
|
833
|
-
# }
|
834
|
-
#
|
835
690
|
# @!attribute [rw] analyzer_arn
|
836
691
|
# The [ARN of the account analyzer][1] used to generate the access
|
837
692
|
# preview. You can only create an access preview for analyzers with an
|
@@ -881,31 +736,6 @@ module Aws::AccessAnalyzer
|
|
881
736
|
|
882
737
|
# Creates an analyzer.
|
883
738
|
#
|
884
|
-
# @note When making an API call, you may pass CreateAnalyzerRequest
|
885
|
-
# data as a hash:
|
886
|
-
#
|
887
|
-
# {
|
888
|
-
# analyzer_name: "Name", # required
|
889
|
-
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
|
890
|
-
# archive_rules: [
|
891
|
-
# {
|
892
|
-
# rule_name: "Name", # required
|
893
|
-
# filter: { # required
|
894
|
-
# "String" => {
|
895
|
-
# eq: ["String"],
|
896
|
-
# neq: ["String"],
|
897
|
-
# contains: ["String"],
|
898
|
-
# exists: false,
|
899
|
-
# },
|
900
|
-
# },
|
901
|
-
# },
|
902
|
-
# ],
|
903
|
-
# tags: {
|
904
|
-
# "String" => "String",
|
905
|
-
# },
|
906
|
-
# client_token: "String",
|
907
|
-
# }
|
908
|
-
#
|
909
739
|
# @!attribute [rw] analyzer_name
|
910
740
|
# The name of the analyzer to create.
|
911
741
|
# @return [String]
|
@@ -962,23 +792,6 @@ module Aws::AccessAnalyzer
|
|
962
792
|
|
963
793
|
# Creates an archive rule.
|
964
794
|
#
|
965
|
-
# @note When making an API call, you may pass CreateArchiveRuleRequest
|
966
|
-
# data as a hash:
|
967
|
-
#
|
968
|
-
# {
|
969
|
-
# analyzer_name: "Name", # required
|
970
|
-
# rule_name: "Name", # required
|
971
|
-
# filter: { # required
|
972
|
-
# "String" => {
|
973
|
-
# eq: ["String"],
|
974
|
-
# neq: ["String"],
|
975
|
-
# contains: ["String"],
|
976
|
-
# exists: false,
|
977
|
-
# },
|
978
|
-
# },
|
979
|
-
# client_token: "String",
|
980
|
-
# }
|
981
|
-
#
|
982
795
|
# @!attribute [rw] analyzer_name
|
983
796
|
# The name of the created analyzer.
|
984
797
|
# @return [String]
|
@@ -1009,17 +822,13 @@ module Aws::AccessAnalyzer
|
|
1009
822
|
include Aws::Structure
|
1010
823
|
end
|
1011
824
|
|
1012
|
-
# The criteria to use in the filter that defines the archive rule.
|
825
|
+
# The criteria to use in the filter that defines the archive rule. For
|
826
|
+
# more information on available filter keys, see [IAM Access Analyzer
|
827
|
+
# filter keys][1].
|
828
|
+
#
|
1013
829
|
#
|
1014
|
-
# @note When making an API call, you may pass Criterion
|
1015
|
-
# data as a hash:
|
1016
830
|
#
|
1017
|
-
#
|
1018
|
-
# eq: ["String"],
|
1019
|
-
# neq: ["String"],
|
1020
|
-
# contains: ["String"],
|
1021
|
-
# exists: false,
|
1022
|
-
# }
|
831
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
|
1023
832
|
#
|
1024
833
|
# @!attribute [rw] eq
|
1025
834
|
# An "equals" operator to match for the filter used to create the
|
@@ -1054,14 +863,6 @@ module Aws::AccessAnalyzer
|
|
1054
863
|
|
1055
864
|
# Deletes an analyzer.
|
1056
865
|
#
|
1057
|
-
# @note When making an API call, you may pass DeleteAnalyzerRequest
|
1058
|
-
# data as a hash:
|
1059
|
-
#
|
1060
|
-
# {
|
1061
|
-
# analyzer_name: "Name", # required
|
1062
|
-
# client_token: "String",
|
1063
|
-
# }
|
1064
|
-
#
|
1065
866
|
# @!attribute [rw] analyzer_name
|
1066
867
|
# The name of the analyzer to delete.
|
1067
868
|
# @return [String]
|
@@ -1084,15 +885,6 @@ module Aws::AccessAnalyzer
|
|
1084
885
|
|
1085
886
|
# Deletes an archive rule.
|
1086
887
|
#
|
1087
|
-
# @note When making an API call, you may pass DeleteArchiveRuleRequest
|
1088
|
-
# data as a hash:
|
1089
|
-
#
|
1090
|
-
# {
|
1091
|
-
# analyzer_name: "Name", # required
|
1092
|
-
# rule_name: "Name", # required
|
1093
|
-
# client_token: "String",
|
1094
|
-
# }
|
1095
|
-
#
|
1096
888
|
# @!attribute [rw] analyzer_name
|
1097
889
|
# The name of the analyzer that associated with the archive rule to
|
1098
890
|
# delete.
|
@@ -1129,15 +921,6 @@ module Aws::AccessAnalyzer
|
|
1129
921
|
#
|
1130
922
|
# [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html
|
1131
923
|
#
|
1132
|
-
# @note When making an API call, you may pass EbsSnapshotConfiguration
|
1133
|
-
# data as a hash:
|
1134
|
-
#
|
1135
|
-
# {
|
1136
|
-
# user_ids: ["EbsUserId"],
|
1137
|
-
# groups: ["EbsGroup"],
|
1138
|
-
# kms_key_id: "EbsSnapshotDataEncryptionKeyId",
|
1139
|
-
# }
|
1140
|
-
#
|
1141
924
|
# @!attribute [rw] user_ids
|
1142
925
|
# The IDs of the Amazon Web Services accounts that have access to the
|
1143
926
|
# Amazon EBS volume snapshot.
|
@@ -1217,13 +1000,6 @@ module Aws::AccessAnalyzer
|
|
1217
1000
|
#
|
1218
1001
|
# [1]: https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html
|
1219
1002
|
#
|
1220
|
-
# @note When making an API call, you may pass EcrRepositoryConfiguration
|
1221
|
-
# data as a hash:
|
1222
|
-
#
|
1223
|
-
# {
|
1224
|
-
# repository_policy: "EcrRepositoryPolicy",
|
1225
|
-
# }
|
1226
|
-
#
|
1227
1003
|
# @!attribute [rw] repository_policy
|
1228
1004
|
# The JSON repository policy text to apply to the Amazon ECR
|
1229
1005
|
# repository. For more information, see [Private repository policy
|
@@ -1263,13 +1039,6 @@ module Aws::AccessAnalyzer
|
|
1263
1039
|
#
|
1264
1040
|
# [1]: https://docs.aws.amazon.com/efs/latest/ug/using-fs.html
|
1265
1041
|
#
|
1266
|
-
# @note When making an API call, you may pass EfsFileSystemConfiguration
|
1267
|
-
# data as a hash:
|
1268
|
-
#
|
1269
|
-
# {
|
1270
|
-
# file_system_policy: "EfsFileSystemPolicy",
|
1271
|
-
# }
|
1272
|
-
#
|
1273
1042
|
# @!attribute [rw] file_system_policy
|
1274
1043
|
# The JSON policy definition to apply to the Amazon EFS file system.
|
1275
1044
|
# For more information on the elements that make up a file system
|
@@ -1404,10 +1173,16 @@ module Aws::AccessAnalyzer
|
|
1404
1173
|
# multi-region access point.
|
1405
1174
|
# @return [String]
|
1406
1175
|
#
|
1176
|
+
# @!attribute [rw] access_point_account
|
1177
|
+
# The account of the cross-account access point that generated the
|
1178
|
+
# finding.
|
1179
|
+
# @return [String]
|
1180
|
+
#
|
1407
1181
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSourceDetail AWS API Documentation
|
1408
1182
|
#
|
1409
1183
|
class FindingSourceDetail < Struct.new(
|
1410
|
-
:access_point_arn
|
1184
|
+
:access_point_arn,
|
1185
|
+
:access_point_account)
|
1411
1186
|
SENSITIVE = []
|
1412
1187
|
include Aws::Structure
|
1413
1188
|
end
|
@@ -1569,14 +1344,6 @@ module Aws::AccessAnalyzer
|
|
1569
1344
|
include Aws::Structure
|
1570
1345
|
end
|
1571
1346
|
|
1572
|
-
# @note When making an API call, you may pass GetAccessPreviewRequest
|
1573
|
-
# data as a hash:
|
1574
|
-
#
|
1575
|
-
# {
|
1576
|
-
# access_preview_id: "AccessPreviewId", # required
|
1577
|
-
# analyzer_arn: "AnalyzerArn", # required
|
1578
|
-
# }
|
1579
|
-
#
|
1580
1347
|
# @!attribute [rw] access_preview_id
|
1581
1348
|
# The unique ID for the access preview.
|
1582
1349
|
# @return [String]
|
@@ -1612,14 +1379,6 @@ module Aws::AccessAnalyzer
|
|
1612
1379
|
|
1613
1380
|
# Retrieves an analyzed resource.
|
1614
1381
|
#
|
1615
|
-
# @note When making an API call, you may pass GetAnalyzedResourceRequest
|
1616
|
-
# data as a hash:
|
1617
|
-
#
|
1618
|
-
# {
|
1619
|
-
# analyzer_arn: "AnalyzerArn", # required
|
1620
|
-
# resource_arn: "ResourceArn", # required
|
1621
|
-
# }
|
1622
|
-
#
|
1623
1382
|
# @!attribute [rw] analyzer_arn
|
1624
1383
|
# The [ARN of the analyzer][1] to retrieve information from.
|
1625
1384
|
#
|
@@ -1658,13 +1417,6 @@ module Aws::AccessAnalyzer
|
|
1658
1417
|
|
1659
1418
|
# Retrieves an analyzer.
|
1660
1419
|
#
|
1661
|
-
# @note When making an API call, you may pass GetAnalyzerRequest
|
1662
|
-
# data as a hash:
|
1663
|
-
#
|
1664
|
-
# {
|
1665
|
-
# analyzer_name: "Name", # required
|
1666
|
-
# }
|
1667
|
-
#
|
1668
1420
|
# @!attribute [rw] analyzer_name
|
1669
1421
|
# The name of the analyzer retrieved.
|
1670
1422
|
# @return [String]
|
@@ -1694,14 +1446,6 @@ module Aws::AccessAnalyzer
|
|
1694
1446
|
|
1695
1447
|
# Retrieves an archive rule.
|
1696
1448
|
#
|
1697
|
-
# @note When making an API call, you may pass GetArchiveRuleRequest
|
1698
|
-
# data as a hash:
|
1699
|
-
#
|
1700
|
-
# {
|
1701
|
-
# analyzer_name: "Name", # required
|
1702
|
-
# rule_name: "Name", # required
|
1703
|
-
# }
|
1704
|
-
#
|
1705
1449
|
# @!attribute [rw] analyzer_name
|
1706
1450
|
# The name of the analyzer to retrieve rules from.
|
1707
1451
|
# @return [String]
|
@@ -1735,14 +1479,6 @@ module Aws::AccessAnalyzer
|
|
1735
1479
|
|
1736
1480
|
# Retrieves a finding.
|
1737
1481
|
#
|
1738
|
-
# @note When making an API call, you may pass GetFindingRequest
|
1739
|
-
# data as a hash:
|
1740
|
-
#
|
1741
|
-
# {
|
1742
|
-
# analyzer_arn: "AnalyzerArn", # required
|
1743
|
-
# id: "FindingId", # required
|
1744
|
-
# }
|
1745
|
-
#
|
1746
1482
|
# @!attribute [rw] analyzer_arn
|
1747
1483
|
# The [ARN of the analyzer][1] that generated the finding.
|
1748
1484
|
#
|
@@ -1778,15 +1514,6 @@ module Aws::AccessAnalyzer
|
|
1778
1514
|
include Aws::Structure
|
1779
1515
|
end
|
1780
1516
|
|
1781
|
-
# @note When making an API call, you may pass GetGeneratedPolicyRequest
|
1782
|
-
# data as a hash:
|
1783
|
-
#
|
1784
|
-
# {
|
1785
|
-
# job_id: "JobId", # required
|
1786
|
-
# include_resource_placeholders: false,
|
1787
|
-
# include_service_level_template: false,
|
1788
|
-
# }
|
1789
|
-
#
|
1790
1517
|
# @!attribute [rw] job_id
|
1791
1518
|
# The `JobId` that is returned by the `StartPolicyGeneration`
|
1792
1519
|
# operation. The `JobId` can be used with `GetGeneratedPolicy` to
|
@@ -1856,13 +1583,6 @@ module Aws::AccessAnalyzer
|
|
1856
1583
|
#
|
1857
1584
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
|
1858
1585
|
#
|
1859
|
-
# @note When making an API call, you may pass IamRoleConfiguration
|
1860
|
-
# data as a hash:
|
1861
|
-
#
|
1862
|
-
# {
|
1863
|
-
# trust_policy: "IamTrustPolicy",
|
1864
|
-
# }
|
1865
|
-
#
|
1866
1586
|
# @!attribute [rw] trust_policy
|
1867
1587
|
# The proposed trust policy for the IAM role.
|
1868
1588
|
# @return [String]
|
@@ -1878,21 +1598,6 @@ module Aws::AccessAnalyzer
|
|
1878
1598
|
# An criterion statement in an archive rule. Each archive rule may have
|
1879
1599
|
# multiple criteria.
|
1880
1600
|
#
|
1881
|
-
# @note When making an API call, you may pass InlineArchiveRule
|
1882
|
-
# data as a hash:
|
1883
|
-
#
|
1884
|
-
# {
|
1885
|
-
# rule_name: "Name", # required
|
1886
|
-
# filter: { # required
|
1887
|
-
# "String" => {
|
1888
|
-
# eq: ["String"],
|
1889
|
-
# neq: ["String"],
|
1890
|
-
# contains: ["String"],
|
1891
|
-
# exists: false,
|
1892
|
-
# },
|
1893
|
-
# },
|
1894
|
-
# }
|
1895
|
-
#
|
1896
1601
|
# @!attribute [rw] rule_name
|
1897
1602
|
# The name of the rule.
|
1898
1603
|
# @return [String]
|
@@ -1931,8 +1636,6 @@ module Aws::AccessAnalyzer
|
|
1931
1636
|
# This configuration sets the network origin for the Amazon S3 access
|
1932
1637
|
# point or multi-region access point to `Internet`.
|
1933
1638
|
#
|
1934
|
-
# @api private
|
1935
|
-
#
|
1936
1639
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternetConfiguration AWS API Documentation
|
1937
1640
|
#
|
1938
1641
|
class InternetConfiguration < Aws::EmptyStructure; end
|
@@ -2001,24 +1704,6 @@ module Aws::AccessAnalyzer
|
|
2001
1704
|
#
|
2002
1705
|
# [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html
|
2003
1706
|
#
|
2004
|
-
# @note When making an API call, you may pass KmsGrantConfiguration
|
2005
|
-
# data as a hash:
|
2006
|
-
#
|
2007
|
-
# {
|
2008
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
2009
|
-
# grantee_principal: "GranteePrincipal", # required
|
2010
|
-
# retiring_principal: "RetiringPrincipal",
|
2011
|
-
# constraints: {
|
2012
|
-
# encryption_context_equals: {
|
2013
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
2014
|
-
# },
|
2015
|
-
# encryption_context_subset: {
|
2016
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
2017
|
-
# },
|
2018
|
-
# },
|
2019
|
-
# issuing_account: "IssuingAccount", # required
|
2020
|
-
# }
|
2021
|
-
#
|
2022
1707
|
# @!attribute [rw] operations
|
2023
1708
|
# A list of operations that the grant permits.
|
2024
1709
|
# @return [Array<String>]
|
@@ -2078,18 +1763,6 @@ module Aws::AccessAnalyzer
|
|
2078
1763
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
2079
1764
|
# [3]: https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html
|
2080
1765
|
#
|
2081
|
-
# @note When making an API call, you may pass KmsGrantConstraints
|
2082
|
-
# data as a hash:
|
2083
|
-
#
|
2084
|
-
# {
|
2085
|
-
# encryption_context_equals: {
|
2086
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
2087
|
-
# },
|
2088
|
-
# encryption_context_subset: {
|
2089
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
2090
|
-
# },
|
2091
|
-
# }
|
2092
|
-
#
|
2093
1766
|
# @!attribute [rw] encryption_context_equals
|
2094
1767
|
# A list of key-value pairs that must match the encryption context in
|
2095
1768
|
# the [cryptographic operation][1] request. The grant allows the
|
@@ -2140,31 +1813,6 @@ module Aws::AccessAnalyzer
|
|
2140
1813
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
|
2141
1814
|
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html
|
2142
1815
|
#
|
2143
|
-
# @note When making an API call, you may pass KmsKeyConfiguration
|
2144
|
-
# data as a hash:
|
2145
|
-
#
|
2146
|
-
# {
|
2147
|
-
# key_policies: {
|
2148
|
-
# "PolicyName" => "KmsKeyPolicy",
|
2149
|
-
# },
|
2150
|
-
# grants: [
|
2151
|
-
# {
|
2152
|
-
# operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
|
2153
|
-
# grantee_principal: "GranteePrincipal", # required
|
2154
|
-
# retiring_principal: "RetiringPrincipal",
|
2155
|
-
# constraints: {
|
2156
|
-
# encryption_context_equals: {
|
2157
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
2158
|
-
# },
|
2159
|
-
# encryption_context_subset: {
|
2160
|
-
# "KmsConstraintsKey" => "KmsConstraintsValue",
|
2161
|
-
# },
|
2162
|
-
# },
|
2163
|
-
# issuing_account: "IssuingAccount", # required
|
2164
|
-
# },
|
2165
|
-
# ],
|
2166
|
-
# }
|
2167
|
-
#
|
2168
1816
|
# @!attribute [rw] key_policies
|
2169
1817
|
# Resource policy configuration for the KMS key. The only valid value
|
2170
1818
|
# for the name of the key policy is `default`. For more information,
|
@@ -2192,24 +1840,6 @@ module Aws::AccessAnalyzer
|
|
2192
1840
|
include Aws::Structure
|
2193
1841
|
end
|
2194
1842
|
|
2195
|
-
# @note When making an API call, you may pass ListAccessPreviewFindingsRequest
|
2196
|
-
# data as a hash:
|
2197
|
-
#
|
2198
|
-
# {
|
2199
|
-
# access_preview_id: "AccessPreviewId", # required
|
2200
|
-
# analyzer_arn: "AnalyzerArn", # required
|
2201
|
-
# filter: {
|
2202
|
-
# "String" => {
|
2203
|
-
# eq: ["String"],
|
2204
|
-
# neq: ["String"],
|
2205
|
-
# contains: ["String"],
|
2206
|
-
# exists: false,
|
2207
|
-
# },
|
2208
|
-
# },
|
2209
|
-
# next_token: "Token",
|
2210
|
-
# max_results: 1,
|
2211
|
-
# }
|
2212
|
-
#
|
2213
1843
|
# @!attribute [rw] access_preview_id
|
2214
1844
|
# The unique ID for the access preview.
|
2215
1845
|
# @return [String]
|
@@ -2264,15 +1894,6 @@ module Aws::AccessAnalyzer
|
|
2264
1894
|
include Aws::Structure
|
2265
1895
|
end
|
2266
1896
|
|
2267
|
-
# @note When making an API call, you may pass ListAccessPreviewsRequest
|
2268
|
-
# data as a hash:
|
2269
|
-
#
|
2270
|
-
# {
|
2271
|
-
# analyzer_arn: "AnalyzerArn", # required
|
2272
|
-
# next_token: "Token",
|
2273
|
-
# max_results: 1,
|
2274
|
-
# }
|
2275
|
-
#
|
2276
1897
|
# @!attribute [rw] analyzer_arn
|
2277
1898
|
# The [ARN of the analyzer][1] used to generate the access preview.
|
2278
1899
|
#
|
@@ -2318,16 +1939,6 @@ module Aws::AccessAnalyzer
|
|
2318
1939
|
|
2319
1940
|
# Retrieves a list of resources that have been analyzed.
|
2320
1941
|
#
|
2321
|
-
# @note When making an API call, you may pass ListAnalyzedResourcesRequest
|
2322
|
-
# data as a hash:
|
2323
|
-
#
|
2324
|
-
# {
|
2325
|
-
# analyzer_arn: "AnalyzerArn", # required
|
2326
|
-
# resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic
|
2327
|
-
# next_token: "Token",
|
2328
|
-
# max_results: 1,
|
2329
|
-
# }
|
2330
|
-
#
|
2331
1942
|
# @!attribute [rw] analyzer_arn
|
2332
1943
|
# The [ARN of the analyzer][1] to retrieve a list of analyzed
|
2333
1944
|
# resources from.
|
@@ -2381,15 +1992,6 @@ module Aws::AccessAnalyzer
|
|
2381
1992
|
|
2382
1993
|
# Retrieves a list of analyzers.
|
2383
1994
|
#
|
2384
|
-
# @note When making an API call, you may pass ListAnalyzersRequest
|
2385
|
-
# data as a hash:
|
2386
|
-
#
|
2387
|
-
# {
|
2388
|
-
# next_token: "Token",
|
2389
|
-
# max_results: 1,
|
2390
|
-
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
|
2391
|
-
# }
|
2392
|
-
#
|
2393
1995
|
# @!attribute [rw] next_token
|
2394
1996
|
# A token used for pagination of results returned.
|
2395
1997
|
# @return [String]
|
@@ -2433,15 +2035,6 @@ module Aws::AccessAnalyzer
|
|
2433
2035
|
|
2434
2036
|
# Retrieves a list of archive rules created for the specified analyzer.
|
2435
2037
|
#
|
2436
|
-
# @note When making an API call, you may pass ListArchiveRulesRequest
|
2437
|
-
# data as a hash:
|
2438
|
-
#
|
2439
|
-
# {
|
2440
|
-
# analyzer_name: "Name", # required
|
2441
|
-
# next_token: "Token",
|
2442
|
-
# max_results: 1,
|
2443
|
-
# }
|
2444
|
-
#
|
2445
2038
|
# @!attribute [rw] analyzer_name
|
2446
2039
|
# The name of the analyzer to retrieve rules from.
|
2447
2040
|
# @return [String]
|
@@ -2485,27 +2078,6 @@ module Aws::AccessAnalyzer
|
|
2485
2078
|
|
2486
2079
|
# Retrieves a list of findings generated by the specified analyzer.
|
2487
2080
|
#
|
2488
|
-
# @note When making an API call, you may pass ListFindingsRequest
|
2489
|
-
# data as a hash:
|
2490
|
-
#
|
2491
|
-
# {
|
2492
|
-
# analyzer_arn: "AnalyzerArn", # required
|
2493
|
-
# filter: {
|
2494
|
-
# "String" => {
|
2495
|
-
# eq: ["String"],
|
2496
|
-
# neq: ["String"],
|
2497
|
-
# contains: ["String"],
|
2498
|
-
# exists: false,
|
2499
|
-
# },
|
2500
|
-
# },
|
2501
|
-
# sort: {
|
2502
|
-
# attribute_name: "String",
|
2503
|
-
# order_by: "ASC", # accepts ASC, DESC
|
2504
|
-
# },
|
2505
|
-
# next_token: "Token",
|
2506
|
-
# max_results: 1,
|
2507
|
-
# }
|
2508
|
-
#
|
2509
2081
|
# @!attribute [rw] analyzer_arn
|
2510
2082
|
# The [ARN of the analyzer][1] to retrieve findings from.
|
2511
2083
|
#
|
@@ -2562,15 +2134,6 @@ module Aws::AccessAnalyzer
|
|
2562
2134
|
include Aws::Structure
|
2563
2135
|
end
|
2564
2136
|
|
2565
|
-
# @note When making an API call, you may pass ListPolicyGenerationsRequest
|
2566
|
-
# data as a hash:
|
2567
|
-
#
|
2568
|
-
# {
|
2569
|
-
# principal_arn: "PrincipalArn",
|
2570
|
-
# max_results: 1,
|
2571
|
-
# next_token: "Token",
|
2572
|
-
# }
|
2573
|
-
#
|
2574
2137
|
# @!attribute [rw] principal_arn
|
2575
2138
|
# The ARN of the IAM entity (user or role) for which you are
|
2576
2139
|
# generating a policy. Use this with `ListGeneratedPolicies` to filter
|
@@ -2615,13 +2178,6 @@ module Aws::AccessAnalyzer
|
|
2615
2178
|
|
2616
2179
|
# Retrieves a list of tags applied to the specified resource.
|
2617
2180
|
#
|
2618
|
-
# @note When making an API call, you may pass ListTagsForResourceRequest
|
2619
|
-
# data as a hash:
|
2620
|
-
#
|
2621
|
-
# {
|
2622
|
-
# resource_arn: "String", # required
|
2623
|
-
# }
|
2624
|
-
#
|
2625
2181
|
# @!attribute [rw] resource_arn
|
2626
2182
|
# The ARN of the resource to retrieve tags from.
|
2627
2183
|
# @return [String]
|
@@ -2680,10 +2236,6 @@ module Aws::AccessAnalyzer
|
|
2680
2236
|
#
|
2681
2237
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
|
2682
2238
|
#
|
2683
|
-
# @note NetworkOriginConfiguration is a union - when making an API calls you must set exactly one of the members.
|
2684
|
-
#
|
2685
|
-
# @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
|
2686
|
-
#
|
2687
2239
|
# @!attribute [rw] vpc_configuration
|
2688
2240
|
# The proposed virtual private cloud (VPC) configuration for the
|
2689
2241
|
# Amazon S3 access point. VPC configuration does not apply to
|
@@ -2718,8 +2270,6 @@ module Aws::AccessAnalyzer
|
|
2718
2270
|
# A single element in a path through the JSON representation of a
|
2719
2271
|
# policy.
|
2720
2272
|
#
|
2721
|
-
# @note PathElement is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of PathElement corresponding to the set member.
|
2722
|
-
#
|
2723
2273
|
# @!attribute [rw] index
|
2724
2274
|
# Refers to an index in a JSON array.
|
2725
2275
|
# @return [Integer]
|
@@ -2796,13 +2346,6 @@ module Aws::AccessAnalyzer
|
|
2796
2346
|
# Contains the ARN details about the IAM entity for which the policy is
|
2797
2347
|
# generated.
|
2798
2348
|
#
|
2799
|
-
# @note When making an API call, you may pass PolicyGenerationDetails
|
2800
|
-
# data as a hash:
|
2801
|
-
#
|
2802
|
-
# {
|
2803
|
-
# principal_arn: "PrincipalArn", # required
|
2804
|
-
# }
|
2805
|
-
#
|
2806
2349
|
# @!attribute [rw] principal_arn
|
2807
2350
|
# The ARN of the IAM entity (user or role) for which you are
|
2808
2351
|
# generating a policy.
|
@@ -2843,10 +2386,6 @@ module Aws::AccessAnalyzer
|
|
2843
2386
|
|
2844
2387
|
# The values for a manual Amazon RDS DB cluster snapshot attribute.
|
2845
2388
|
#
|
2846
|
-
# @note RdsDbClusterSnapshotAttributeValue is a union - when making an API calls you must set exactly one of the members.
|
2847
|
-
#
|
2848
|
-
# @note RdsDbClusterSnapshotAttributeValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of RdsDbClusterSnapshotAttributeValue corresponding to the set member.
|
2849
|
-
#
|
2850
2389
|
# @!attribute [rw] account_ids
|
2851
2390
|
# The Amazon Web Services account IDs that have access to the manual
|
2852
2391
|
# Amazon RDS DB cluster snapshot. If the value `all` is specified,
|
@@ -2892,18 +2431,6 @@ module Aws::AccessAnalyzer
|
|
2892
2431
|
#
|
2893
2432
|
# [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html
|
2894
2433
|
#
|
2895
|
-
# @note When making an API call, you may pass RdsDbClusterSnapshotConfiguration
|
2896
|
-
# data as a hash:
|
2897
|
-
#
|
2898
|
-
# {
|
2899
|
-
# attributes: {
|
2900
|
-
# "RdsDbClusterSnapshotAttributeName" => {
|
2901
|
-
# account_ids: ["RdsDbClusterSnapshotAccountId"],
|
2902
|
-
# },
|
2903
|
-
# },
|
2904
|
-
# kms_key_id: "RdsDbClusterSnapshotKmsKeyId",
|
2905
|
-
# }
|
2906
|
-
#
|
2907
2434
|
# @!attribute [rw] attributes
|
2908
2435
|
# The names and values of manual DB cluster snapshot attributes.
|
2909
2436
|
# Manual DB cluster snapshot attributes are used to authorize other
|
@@ -2940,10 +2467,6 @@ module Aws::AccessAnalyzer
|
|
2940
2467
|
# Manual DB snapshot attributes are used to authorize other Amazon Web
|
2941
2468
|
# Services accounts to restore a manual DB snapshot.
|
2942
2469
|
#
|
2943
|
-
# @note RdsDbSnapshotAttributeValue is a union - when making an API calls you must set exactly one of the members.
|
2944
|
-
#
|
2945
|
-
# @note RdsDbSnapshotAttributeValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of RdsDbSnapshotAttributeValue corresponding to the set member.
|
2946
|
-
#
|
2947
2470
|
# @!attribute [rw] account_ids
|
2948
2471
|
# The Amazon Web Services account IDs that have access to the manual
|
2949
2472
|
# Amazon RDS DB snapshot. If the value `all` is specified, then the
|
@@ -2988,18 +2511,6 @@ module Aws::AccessAnalyzer
|
|
2988
2511
|
#
|
2989
2512
|
# [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html
|
2990
2513
|
#
|
2991
|
-
# @note When making an API call, you may pass RdsDbSnapshotConfiguration
|
2992
|
-
# data as a hash:
|
2993
|
-
#
|
2994
|
-
# {
|
2995
|
-
# attributes: {
|
2996
|
-
# "RdsDbSnapshotAttributeName" => {
|
2997
|
-
# account_ids: ["RdsDbSnapshotAccountId"],
|
2998
|
-
# },
|
2999
|
-
# },
|
3000
|
-
# kms_key_id: "RdsDbSnapshotKmsKeyId",
|
3001
|
-
# }
|
3002
|
-
#
|
3003
2514
|
# @!attribute [rw] attributes
|
3004
2515
|
# The names and values of manual DB snapshot attributes. Manual DB
|
3005
2516
|
# snapshot attributes are used to authorize other Amazon Web Services
|
@@ -3070,24 +2581,6 @@ module Aws::AccessAnalyzer
|
|
3070
2581
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
|
3071
2582
|
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html
|
3072
2583
|
#
|
3073
|
-
# @note When making an API call, you may pass S3AccessPointConfiguration
|
3074
|
-
# data as a hash:
|
3075
|
-
#
|
3076
|
-
# {
|
3077
|
-
# access_point_policy: "AccessPointPolicy",
|
3078
|
-
# public_access_block: {
|
3079
|
-
# ignore_public_acls: false, # required
|
3080
|
-
# restrict_public_buckets: false, # required
|
3081
|
-
# },
|
3082
|
-
# network_origin: {
|
3083
|
-
# vpc_configuration: {
|
3084
|
-
# vpc_id: "VpcId", # required
|
3085
|
-
# },
|
3086
|
-
# internet_configuration: {
|
3087
|
-
# },
|
3088
|
-
# },
|
3089
|
-
# }
|
3090
|
-
#
|
3091
2584
|
# @!attribute [rw] access_point_policy
|
3092
2585
|
# The access point or multi-region access point policy.
|
3093
2586
|
# @return [String]
|
@@ -3124,17 +2617,6 @@ module Aws::AccessAnalyzer
|
|
3124
2617
|
#
|
3125
2618
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#setting-acls
|
3126
2619
|
#
|
3127
|
-
# @note When making an API call, you may pass S3BucketAclGrantConfiguration
|
3128
|
-
# data as a hash:
|
3129
|
-
#
|
3130
|
-
# {
|
3131
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
3132
|
-
# grantee: { # required
|
3133
|
-
# id: "AclCanonicalId",
|
3134
|
-
# uri: "AclUri",
|
3135
|
-
# },
|
3136
|
-
# }
|
3137
|
-
#
|
3138
2620
|
# @!attribute [rw] permission
|
3139
2621
|
# The permissions being granted.
|
3140
2622
|
# @return [String]
|
@@ -3170,42 +2652,6 @@ module Aws::AccessAnalyzer
|
|
3170
2652
|
#
|
3171
2653
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
|
3172
2654
|
#
|
3173
|
-
# @note When making an API call, you may pass S3BucketConfiguration
|
3174
|
-
# data as a hash:
|
3175
|
-
#
|
3176
|
-
# {
|
3177
|
-
# bucket_policy: "S3BucketPolicy",
|
3178
|
-
# bucket_acl_grants: [
|
3179
|
-
# {
|
3180
|
-
# permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
|
3181
|
-
# grantee: { # required
|
3182
|
-
# id: "AclCanonicalId",
|
3183
|
-
# uri: "AclUri",
|
3184
|
-
# },
|
3185
|
-
# },
|
3186
|
-
# ],
|
3187
|
-
# bucket_public_access_block: {
|
3188
|
-
# ignore_public_acls: false, # required
|
3189
|
-
# restrict_public_buckets: false, # required
|
3190
|
-
# },
|
3191
|
-
# access_points: {
|
3192
|
-
# "AccessPointArn" => {
|
3193
|
-
# access_point_policy: "AccessPointPolicy",
|
3194
|
-
# public_access_block: {
|
3195
|
-
# ignore_public_acls: false, # required
|
3196
|
-
# restrict_public_buckets: false, # required
|
3197
|
-
# },
|
3198
|
-
# network_origin: {
|
3199
|
-
# vpc_configuration: {
|
3200
|
-
# vpc_id: "VpcId", # required
|
3201
|
-
# },
|
3202
|
-
# internet_configuration: {
|
3203
|
-
# },
|
3204
|
-
# },
|
3205
|
-
# },
|
3206
|
-
# },
|
3207
|
-
# }
|
3208
|
-
#
|
3209
2655
|
# @!attribute [rw] bucket_policy
|
3210
2656
|
# The proposed bucket policy for the Amazon S3 bucket.
|
3211
2657
|
# @return [String]
|
@@ -3255,14 +2701,6 @@ module Aws::AccessAnalyzer
|
|
3255
2701
|
#
|
3256
2702
|
# [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html
|
3257
2703
|
#
|
3258
|
-
# @note When making an API call, you may pass S3PublicAccessBlockConfiguration
|
3259
|
-
# data as a hash:
|
3260
|
-
#
|
3261
|
-
# {
|
3262
|
-
# ignore_public_acls: false, # required
|
3263
|
-
# restrict_public_buckets: false, # required
|
3264
|
-
# }
|
3265
|
-
#
|
3266
2704
|
# @!attribute [rw] ignore_public_acls
|
3267
2705
|
# Specifies whether Amazon S3 should ignore public ACLs for this
|
3268
2706
|
# bucket and objects in this bucket.
|
@@ -3305,14 +2743,6 @@ module Aws::AccessAnalyzer
|
|
3305
2743
|
# [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html
|
3306
2744
|
# [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html
|
3307
2745
|
#
|
3308
|
-
# @note When making an API call, you may pass SecretsManagerSecretConfiguration
|
3309
|
-
# data as a hash:
|
3310
|
-
#
|
3311
|
-
# {
|
3312
|
-
# kms_key_id: "SecretsManagerSecretKmsId",
|
3313
|
-
# secret_policy: "SecretsManagerSecretPolicy",
|
3314
|
-
# }
|
3315
|
-
#
|
3316
2746
|
# @!attribute [rw] kms_key_id
|
3317
2747
|
# The proposed ARN, key ID, or alias of the KMS key.
|
3318
2748
|
# @return [String]
|
@@ -3370,13 +2800,6 @@ module Aws::AccessAnalyzer
|
|
3370
2800
|
#
|
3371
2801
|
# [1]: https://docs.aws.amazon.com/sns/latest/api/API_Topic.html
|
3372
2802
|
#
|
3373
|
-
# @note When making an API call, you may pass SnsTopicConfiguration
|
3374
|
-
# data as a hash:
|
3375
|
-
#
|
3376
|
-
# {
|
3377
|
-
# topic_policy: "SnsTopicPolicy",
|
3378
|
-
# }
|
3379
|
-
#
|
3380
2803
|
# @!attribute [rw] topic_policy
|
3381
2804
|
# The JSON policy text that defines who can access an Amazon SNS
|
3382
2805
|
# topic. For more information, see [Example cases for Amazon SNS
|
@@ -3397,14 +2820,6 @@ module Aws::AccessAnalyzer
|
|
3397
2820
|
|
3398
2821
|
# The criteria used to sort.
|
3399
2822
|
#
|
3400
|
-
# @note When making an API call, you may pass SortCriteria
|
3401
|
-
# data as a hash:
|
3402
|
-
#
|
3403
|
-
# {
|
3404
|
-
# attribute_name: "String",
|
3405
|
-
# order_by: "ASC", # accepts ASC, DESC
|
3406
|
-
# }
|
3407
|
-
#
|
3408
2823
|
# @!attribute [rw] attribute_name
|
3409
2824
|
# The name of the attribute to sort on.
|
3410
2825
|
# @return [String]
|
@@ -3458,13 +2873,6 @@ module Aws::AccessAnalyzer
|
|
3458
2873
|
#
|
3459
2874
|
# [1]: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-policies.html
|
3460
2875
|
#
|
3461
|
-
# @note When making an API call, you may pass SqsQueueConfiguration
|
3462
|
-
# data as a hash:
|
3463
|
-
#
|
3464
|
-
# {
|
3465
|
-
# queue_policy: "SqsQueuePolicy",
|
3466
|
-
# }
|
3467
|
-
#
|
3468
2876
|
# @!attribute [rw] queue_policy
|
3469
2877
|
# The proposed resource policy for the Amazon SQS queue.
|
3470
2878
|
# @return [String]
|
@@ -3477,28 +2885,6 @@ module Aws::AccessAnalyzer
|
|
3477
2885
|
include Aws::Structure
|
3478
2886
|
end
|
3479
2887
|
|
3480
|
-
# @note When making an API call, you may pass StartPolicyGenerationRequest
|
3481
|
-
# data as a hash:
|
3482
|
-
#
|
3483
|
-
# {
|
3484
|
-
# policy_generation_details: { # required
|
3485
|
-
# principal_arn: "PrincipalArn", # required
|
3486
|
-
# },
|
3487
|
-
# cloud_trail_details: {
|
3488
|
-
# trails: [ # required
|
3489
|
-
# {
|
3490
|
-
# cloud_trail_arn: "CloudTrailArn", # required
|
3491
|
-
# regions: ["String"],
|
3492
|
-
# all_regions: false,
|
3493
|
-
# },
|
3494
|
-
# ],
|
3495
|
-
# access_role: "RoleArn", # required
|
3496
|
-
# start_time: Time.now, # required
|
3497
|
-
# end_time: Time.now,
|
3498
|
-
# },
|
3499
|
-
# client_token: "String",
|
3500
|
-
# }
|
3501
|
-
#
|
3502
2888
|
# @!attribute [rw] policy_generation_details
|
3503
2889
|
# Contains the ARN of the IAM entity (user or role) for which you are
|
3504
2890
|
# generating a policy.
|
@@ -3551,15 +2937,6 @@ module Aws::AccessAnalyzer
|
|
3551
2937
|
|
3552
2938
|
# Starts a scan of the policies applied to the specified resource.
|
3553
2939
|
#
|
3554
|
-
# @note When making an API call, you may pass StartResourceScanRequest
|
3555
|
-
# data as a hash:
|
3556
|
-
#
|
3557
|
-
# {
|
3558
|
-
# analyzer_arn: "AnalyzerArn", # required
|
3559
|
-
# resource_arn: "ResourceArn", # required
|
3560
|
-
# resource_owner_account: "String",
|
3561
|
-
# }
|
3562
|
-
#
|
3563
2940
|
# @!attribute [rw] analyzer_arn
|
3564
2941
|
# The [ARN of the analyzer][1] to use to scan the policies applied to
|
3565
2942
|
# the specified resource.
|
@@ -3628,16 +3005,6 @@ module Aws::AccessAnalyzer
|
|
3628
3005
|
|
3629
3006
|
# Adds a tag to the specified resource.
|
3630
3007
|
#
|
3631
|
-
# @note When making an API call, you may pass TagResourceRequest
|
3632
|
-
# data as a hash:
|
3633
|
-
#
|
3634
|
-
# {
|
3635
|
-
# resource_arn: "String", # required
|
3636
|
-
# tags: { # required
|
3637
|
-
# "String" => "String",
|
3638
|
-
# },
|
3639
|
-
# }
|
3640
|
-
#
|
3641
3008
|
# @!attribute [rw] resource_arn
|
3642
3009
|
# The ARN of the resource to add the tag to.
|
3643
3010
|
# @return [String]
|
@@ -3682,15 +3049,6 @@ module Aws::AccessAnalyzer
|
|
3682
3049
|
# Contains details about the CloudTrail trail being analyzed to generate
|
3683
3050
|
# a policy.
|
3684
3051
|
#
|
3685
|
-
# @note When making an API call, you may pass Trail
|
3686
|
-
# data as a hash:
|
3687
|
-
#
|
3688
|
-
# {
|
3689
|
-
# cloud_trail_arn: "CloudTrailArn", # required
|
3690
|
-
# regions: ["String"],
|
3691
|
-
# all_regions: false,
|
3692
|
-
# }
|
3693
|
-
#
|
3694
3052
|
# @!attribute [rw] cloud_trail_arn
|
3695
3053
|
# Specifies the ARN of the trail. The format of a trail ARN is
|
3696
3054
|
# `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
|
@@ -3748,14 +3106,6 @@ module Aws::AccessAnalyzer
|
|
3748
3106
|
|
3749
3107
|
# Removes a tag from the specified resource.
|
3750
3108
|
#
|
3751
|
-
# @note When making an API call, you may pass UntagResourceRequest
|
3752
|
-
# data as a hash:
|
3753
|
-
#
|
3754
|
-
# {
|
3755
|
-
# resource_arn: "String", # required
|
3756
|
-
# tag_keys: ["String"], # required
|
3757
|
-
# }
|
3758
|
-
#
|
3759
3109
|
# @!attribute [rw] resource_arn
|
3760
3110
|
# The ARN of the resource to remove the tag from.
|
3761
3111
|
# @return [String]
|
@@ -3781,23 +3131,6 @@ module Aws::AccessAnalyzer
|
|
3781
3131
|
|
3782
3132
|
# Updates the specified archive rule.
|
3783
3133
|
#
|
3784
|
-
# @note When making an API call, you may pass UpdateArchiveRuleRequest
|
3785
|
-
# data as a hash:
|
3786
|
-
#
|
3787
|
-
# {
|
3788
|
-
# analyzer_name: "Name", # required
|
3789
|
-
# rule_name: "Name", # required
|
3790
|
-
# filter: { # required
|
3791
|
-
# "String" => {
|
3792
|
-
# eq: ["String"],
|
3793
|
-
# neq: ["String"],
|
3794
|
-
# contains: ["String"],
|
3795
|
-
# exists: false,
|
3796
|
-
# },
|
3797
|
-
# },
|
3798
|
-
# client_token: "String",
|
3799
|
-
# }
|
3800
|
-
#
|
3801
3134
|
# @!attribute [rw] analyzer_name
|
3802
3135
|
# The name of the analyzer to update the archive rules for.
|
3803
3136
|
# @return [String]
|
@@ -3831,17 +3164,6 @@ module Aws::AccessAnalyzer
|
|
3831
3164
|
|
3832
3165
|
# Updates findings with the new values provided in the request.
|
3833
3166
|
#
|
3834
|
-
# @note When making an API call, you may pass UpdateFindingsRequest
|
3835
|
-
# data as a hash:
|
3836
|
-
#
|
3837
|
-
# {
|
3838
|
-
# analyzer_arn: "AnalyzerArn", # required
|
3839
|
-
# status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
|
3840
|
-
# ids: ["FindingId"],
|
3841
|
-
# resource_arn: "ResourceArn",
|
3842
|
-
# client_token: "String",
|
3843
|
-
# }
|
3844
|
-
#
|
3845
3167
|
# @!attribute [rw] analyzer_arn
|
3846
3168
|
# The [ARN of the analyzer][1] that generated the findings to update.
|
3847
3169
|
#
|
@@ -3934,18 +3256,6 @@ module Aws::AccessAnalyzer
|
|
3934
3256
|
include Aws::Structure
|
3935
3257
|
end
|
3936
3258
|
|
3937
|
-
# @note When making an API call, you may pass ValidatePolicyRequest
|
3938
|
-
# data as a hash:
|
3939
|
-
#
|
3940
|
-
# {
|
3941
|
-
# locale: "DE", # accepts DE, EN, ES, FR, IT, JA, KO, PT_BR, ZH_CN, ZH_TW
|
3942
|
-
# max_results: 1,
|
3943
|
-
# next_token: "Token",
|
3944
|
-
# policy_document: "PolicyDocument", # required
|
3945
|
-
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
|
3946
|
-
# validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
|
3947
|
-
# }
|
3948
|
-
#
|
3949
3259
|
# @!attribute [rw] locale
|
3950
3260
|
# The locale to use for localizing the findings.
|
3951
3261
|
# @return [String]
|
@@ -4072,13 +3382,6 @@ module Aws::AccessAnalyzer
|
|
4072
3382
|
#
|
4073
3383
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html
|
4074
3384
|
#
|
4075
|
-
# @note When making an API call, you may pass VpcConfiguration
|
4076
|
-
# data as a hash:
|
4077
|
-
#
|
4078
|
-
# {
|
4079
|
-
# vpc_id: "VpcId", # required
|
4080
|
-
# }
|
4081
|
-
#
|
4082
3385
|
# @!attribute [rw] vpc_id
|
4083
3386
|
# If this field is specified, this access point will only allow
|
4084
3387
|
# connections from the specified VPC ID.
|