aws-sdk-accessanalyzer 1.31.0 → 1.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -259,10 +259,6 @@ module Aws::AccessAnalyzer
259
259
  #
260
260
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html
261
261
  #
262
- # @note AclGrantee is a union - when making an API calls you must set exactly one of the members.
263
- #
264
- # @note AclGrantee is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of AclGrantee corresponding to the set member.
265
- #
266
262
  # @!attribute [rw] id
267
263
  # The value specified is the canonical user ID of an Amazon Web
268
264
  # Services account.
@@ -447,15 +443,6 @@ module Aws::AccessAnalyzer
447
443
 
448
444
  # Retroactively applies an archive rule.
449
445
  #
450
- # @note When making an API call, you may pass ApplyArchiveRuleRequest
451
- # data as a hash:
452
- #
453
- # {
454
- # analyzer_arn: "AnalyzerArn", # required
455
- # rule_name: "Name", # required
456
- # client_token: "String",
457
- # }
458
- #
459
446
  # @!attribute [rw] analyzer_arn
460
447
  # The Amazon resource name (ARN) of the analyzer.
461
448
  # @return [String]
@@ -510,13 +497,6 @@ module Aws::AccessAnalyzer
510
497
  include Aws::Structure
511
498
  end
512
499
 
513
- # @note When making an API call, you may pass CancelPolicyGenerationRequest
514
- # data as a hash:
515
- #
516
- # {
517
- # job_id: "JobId", # required
518
- # }
519
- #
520
500
  # @!attribute [rw] job_id
521
501
  # The `JobId` that is returned by the `StartPolicyGeneration`
522
502
  # operation. The `JobId` can be used with `GetGeneratedPolicy` to
@@ -538,22 +518,6 @@ module Aws::AccessAnalyzer
538
518
 
539
519
  # Contains information about CloudTrail access.
540
520
  #
541
- # @note When making an API call, you may pass CloudTrailDetails
542
- # data as a hash:
543
- #
544
- # {
545
- # trails: [ # required
546
- # {
547
- # cloud_trail_arn: "CloudTrailArn", # required
548
- # regions: ["String"],
549
- # all_regions: false,
550
- # },
551
- # ],
552
- # access_role: "RoleArn", # required
553
- # start_time: Time.now, # required
554
- # end_time: Time.now,
555
- # }
556
- #
557
521
  # @!attribute [rw] trails
558
522
  # A `Trail` object that contains settings for a trail.
559
523
  # @return [Array<Types::Trail>]
@@ -621,10 +585,6 @@ module Aws::AccessAnalyzer
621
585
  # the configuration as a type-value pair. You can specify only one type
622
586
  # of access control configuration.
623
587
  #
624
- # @note Configuration is a union - when making an API calls you must set exactly one of the members.
625
- #
626
- # @note Configuration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Configuration corresponding to the set member.
627
- #
628
588
  # @!attribute [rw] ebs_snapshot
629
589
  # The access control configuration is for an Amazon EBS volume
630
590
  # snapshot.
@@ -727,111 +687,6 @@ module Aws::AccessAnalyzer
727
687
  include Aws::Structure
728
688
  end
729
689
 
730
- # @note When making an API call, you may pass CreateAccessPreviewRequest
731
- # data as a hash:
732
- #
733
- # {
734
- # analyzer_arn: "AnalyzerArn", # required
735
- # configurations: { # required
736
- # "ConfigurationsMapKey" => {
737
- # ebs_snapshot: {
738
- # user_ids: ["EbsUserId"],
739
- # groups: ["EbsGroup"],
740
- # kms_key_id: "EbsSnapshotDataEncryptionKeyId",
741
- # },
742
- # ecr_repository: {
743
- # repository_policy: "EcrRepositoryPolicy",
744
- # },
745
- # iam_role: {
746
- # trust_policy: "IamTrustPolicy",
747
- # },
748
- # efs_file_system: {
749
- # file_system_policy: "EfsFileSystemPolicy",
750
- # },
751
- # kms_key: {
752
- # key_policies: {
753
- # "PolicyName" => "KmsKeyPolicy",
754
- # },
755
- # grants: [
756
- # {
757
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
758
- # grantee_principal: "GranteePrincipal", # required
759
- # retiring_principal: "RetiringPrincipal",
760
- # constraints: {
761
- # encryption_context_equals: {
762
- # "KmsConstraintsKey" => "KmsConstraintsValue",
763
- # },
764
- # encryption_context_subset: {
765
- # "KmsConstraintsKey" => "KmsConstraintsValue",
766
- # },
767
- # },
768
- # issuing_account: "IssuingAccount", # required
769
- # },
770
- # ],
771
- # },
772
- # rds_db_cluster_snapshot: {
773
- # attributes: {
774
- # "RdsDbClusterSnapshotAttributeName" => {
775
- # account_ids: ["RdsDbClusterSnapshotAccountId"],
776
- # },
777
- # },
778
- # kms_key_id: "RdsDbClusterSnapshotKmsKeyId",
779
- # },
780
- # rds_db_snapshot: {
781
- # attributes: {
782
- # "RdsDbSnapshotAttributeName" => {
783
- # account_ids: ["RdsDbSnapshotAccountId"],
784
- # },
785
- # },
786
- # kms_key_id: "RdsDbSnapshotKmsKeyId",
787
- # },
788
- # secrets_manager_secret: {
789
- # kms_key_id: "SecretsManagerSecretKmsId",
790
- # secret_policy: "SecretsManagerSecretPolicy",
791
- # },
792
- # s3_bucket: {
793
- # bucket_policy: "S3BucketPolicy",
794
- # bucket_acl_grants: [
795
- # {
796
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
797
- # grantee: { # required
798
- # id: "AclCanonicalId",
799
- # uri: "AclUri",
800
- # },
801
- # },
802
- # ],
803
- # bucket_public_access_block: {
804
- # ignore_public_acls: false, # required
805
- # restrict_public_buckets: false, # required
806
- # },
807
- # access_points: {
808
- # "AccessPointArn" => {
809
- # access_point_policy: "AccessPointPolicy",
810
- # public_access_block: {
811
- # ignore_public_acls: false, # required
812
- # restrict_public_buckets: false, # required
813
- # },
814
- # network_origin: {
815
- # vpc_configuration: {
816
- # vpc_id: "VpcId", # required
817
- # },
818
- # internet_configuration: {
819
- # },
820
- # },
821
- # },
822
- # },
823
- # },
824
- # sns_topic: {
825
- # topic_policy: "SnsTopicPolicy",
826
- # },
827
- # sqs_queue: {
828
- # queue_policy: "SqsQueuePolicy",
829
- # },
830
- # },
831
- # },
832
- # client_token: "String",
833
- # }
834
- #
835
690
  # @!attribute [rw] analyzer_arn
836
691
  # The [ARN of the account analyzer][1] used to generate the access
837
692
  # preview. You can only create an access preview for analyzers with an
@@ -881,31 +736,6 @@ module Aws::AccessAnalyzer
881
736
 
882
737
  # Creates an analyzer.
883
738
  #
884
- # @note When making an API call, you may pass CreateAnalyzerRequest
885
- # data as a hash:
886
- #
887
- # {
888
- # analyzer_name: "Name", # required
889
- # type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
890
- # archive_rules: [
891
- # {
892
- # rule_name: "Name", # required
893
- # filter: { # required
894
- # "String" => {
895
- # eq: ["String"],
896
- # neq: ["String"],
897
- # contains: ["String"],
898
- # exists: false,
899
- # },
900
- # },
901
- # },
902
- # ],
903
- # tags: {
904
- # "String" => "String",
905
- # },
906
- # client_token: "String",
907
- # }
908
- #
909
739
  # @!attribute [rw] analyzer_name
910
740
  # The name of the analyzer to create.
911
741
  # @return [String]
@@ -962,23 +792,6 @@ module Aws::AccessAnalyzer
962
792
 
963
793
  # Creates an archive rule.
964
794
  #
965
- # @note When making an API call, you may pass CreateArchiveRuleRequest
966
- # data as a hash:
967
- #
968
- # {
969
- # analyzer_name: "Name", # required
970
- # rule_name: "Name", # required
971
- # filter: { # required
972
- # "String" => {
973
- # eq: ["String"],
974
- # neq: ["String"],
975
- # contains: ["String"],
976
- # exists: false,
977
- # },
978
- # },
979
- # client_token: "String",
980
- # }
981
- #
982
795
  # @!attribute [rw] analyzer_name
983
796
  # The name of the created analyzer.
984
797
  # @return [String]
@@ -1009,17 +822,13 @@ module Aws::AccessAnalyzer
1009
822
  include Aws::Structure
1010
823
  end
1011
824
 
1012
- # The criteria to use in the filter that defines the archive rule.
825
+ # The criteria to use in the filter that defines the archive rule. For
826
+ # more information on available filter keys, see [IAM Access Analyzer
827
+ # filter keys][1].
828
+ #
1013
829
  #
1014
- # @note When making an API call, you may pass Criterion
1015
- # data as a hash:
1016
830
  #
1017
- # {
1018
- # eq: ["String"],
1019
- # neq: ["String"],
1020
- # contains: ["String"],
1021
- # exists: false,
1022
- # }
831
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
1023
832
  #
1024
833
  # @!attribute [rw] eq
1025
834
  # An "equals" operator to match for the filter used to create the
@@ -1054,14 +863,6 @@ module Aws::AccessAnalyzer
1054
863
 
1055
864
  # Deletes an analyzer.
1056
865
  #
1057
- # @note When making an API call, you may pass DeleteAnalyzerRequest
1058
- # data as a hash:
1059
- #
1060
- # {
1061
- # analyzer_name: "Name", # required
1062
- # client_token: "String",
1063
- # }
1064
- #
1065
866
  # @!attribute [rw] analyzer_name
1066
867
  # The name of the analyzer to delete.
1067
868
  # @return [String]
@@ -1084,15 +885,6 @@ module Aws::AccessAnalyzer
1084
885
 
1085
886
  # Deletes an archive rule.
1086
887
  #
1087
- # @note When making an API call, you may pass DeleteArchiveRuleRequest
1088
- # data as a hash:
1089
- #
1090
- # {
1091
- # analyzer_name: "Name", # required
1092
- # rule_name: "Name", # required
1093
- # client_token: "String",
1094
- # }
1095
- #
1096
888
  # @!attribute [rw] analyzer_name
1097
889
  # The name of the analyzer that associated with the archive rule to
1098
890
  # delete.
@@ -1129,15 +921,6 @@ module Aws::AccessAnalyzer
1129
921
  #
1130
922
  # [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html
1131
923
  #
1132
- # @note When making an API call, you may pass EbsSnapshotConfiguration
1133
- # data as a hash:
1134
- #
1135
- # {
1136
- # user_ids: ["EbsUserId"],
1137
- # groups: ["EbsGroup"],
1138
- # kms_key_id: "EbsSnapshotDataEncryptionKeyId",
1139
- # }
1140
- #
1141
924
  # @!attribute [rw] user_ids
1142
925
  # The IDs of the Amazon Web Services accounts that have access to the
1143
926
  # Amazon EBS volume snapshot.
@@ -1217,13 +1000,6 @@ module Aws::AccessAnalyzer
1217
1000
  #
1218
1001
  # [1]: https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html
1219
1002
  #
1220
- # @note When making an API call, you may pass EcrRepositoryConfiguration
1221
- # data as a hash:
1222
- #
1223
- # {
1224
- # repository_policy: "EcrRepositoryPolicy",
1225
- # }
1226
- #
1227
1003
  # @!attribute [rw] repository_policy
1228
1004
  # The JSON repository policy text to apply to the Amazon ECR
1229
1005
  # repository. For more information, see [Private repository policy
@@ -1263,13 +1039,6 @@ module Aws::AccessAnalyzer
1263
1039
  #
1264
1040
  # [1]: https://docs.aws.amazon.com/efs/latest/ug/using-fs.html
1265
1041
  #
1266
- # @note When making an API call, you may pass EfsFileSystemConfiguration
1267
- # data as a hash:
1268
- #
1269
- # {
1270
- # file_system_policy: "EfsFileSystemPolicy",
1271
- # }
1272
- #
1273
1042
  # @!attribute [rw] file_system_policy
1274
1043
  # The JSON policy definition to apply to the Amazon EFS file system.
1275
1044
  # For more information on the elements that make up a file system
@@ -1404,10 +1173,16 @@ module Aws::AccessAnalyzer
1404
1173
  # multi-region access point.
1405
1174
  # @return [String]
1406
1175
  #
1176
+ # @!attribute [rw] access_point_account
1177
+ # The account of the cross-account access point that generated the
1178
+ # finding.
1179
+ # @return [String]
1180
+ #
1407
1181
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSourceDetail AWS API Documentation
1408
1182
  #
1409
1183
  class FindingSourceDetail < Struct.new(
1410
- :access_point_arn)
1184
+ :access_point_arn,
1185
+ :access_point_account)
1411
1186
  SENSITIVE = []
1412
1187
  include Aws::Structure
1413
1188
  end
@@ -1569,14 +1344,6 @@ module Aws::AccessAnalyzer
1569
1344
  include Aws::Structure
1570
1345
  end
1571
1346
 
1572
- # @note When making an API call, you may pass GetAccessPreviewRequest
1573
- # data as a hash:
1574
- #
1575
- # {
1576
- # access_preview_id: "AccessPreviewId", # required
1577
- # analyzer_arn: "AnalyzerArn", # required
1578
- # }
1579
- #
1580
1347
  # @!attribute [rw] access_preview_id
1581
1348
  # The unique ID for the access preview.
1582
1349
  # @return [String]
@@ -1612,14 +1379,6 @@ module Aws::AccessAnalyzer
1612
1379
 
1613
1380
  # Retrieves an analyzed resource.
1614
1381
  #
1615
- # @note When making an API call, you may pass GetAnalyzedResourceRequest
1616
- # data as a hash:
1617
- #
1618
- # {
1619
- # analyzer_arn: "AnalyzerArn", # required
1620
- # resource_arn: "ResourceArn", # required
1621
- # }
1622
- #
1623
1382
  # @!attribute [rw] analyzer_arn
1624
1383
  # The [ARN of the analyzer][1] to retrieve information from.
1625
1384
  #
@@ -1658,13 +1417,6 @@ module Aws::AccessAnalyzer
1658
1417
 
1659
1418
  # Retrieves an analyzer.
1660
1419
  #
1661
- # @note When making an API call, you may pass GetAnalyzerRequest
1662
- # data as a hash:
1663
- #
1664
- # {
1665
- # analyzer_name: "Name", # required
1666
- # }
1667
- #
1668
1420
  # @!attribute [rw] analyzer_name
1669
1421
  # The name of the analyzer retrieved.
1670
1422
  # @return [String]
@@ -1694,14 +1446,6 @@ module Aws::AccessAnalyzer
1694
1446
 
1695
1447
  # Retrieves an archive rule.
1696
1448
  #
1697
- # @note When making an API call, you may pass GetArchiveRuleRequest
1698
- # data as a hash:
1699
- #
1700
- # {
1701
- # analyzer_name: "Name", # required
1702
- # rule_name: "Name", # required
1703
- # }
1704
- #
1705
1449
  # @!attribute [rw] analyzer_name
1706
1450
  # The name of the analyzer to retrieve rules from.
1707
1451
  # @return [String]
@@ -1735,14 +1479,6 @@ module Aws::AccessAnalyzer
1735
1479
 
1736
1480
  # Retrieves a finding.
1737
1481
  #
1738
- # @note When making an API call, you may pass GetFindingRequest
1739
- # data as a hash:
1740
- #
1741
- # {
1742
- # analyzer_arn: "AnalyzerArn", # required
1743
- # id: "FindingId", # required
1744
- # }
1745
- #
1746
1482
  # @!attribute [rw] analyzer_arn
1747
1483
  # The [ARN of the analyzer][1] that generated the finding.
1748
1484
  #
@@ -1778,15 +1514,6 @@ module Aws::AccessAnalyzer
1778
1514
  include Aws::Structure
1779
1515
  end
1780
1516
 
1781
- # @note When making an API call, you may pass GetGeneratedPolicyRequest
1782
- # data as a hash:
1783
- #
1784
- # {
1785
- # job_id: "JobId", # required
1786
- # include_resource_placeholders: false,
1787
- # include_service_level_template: false,
1788
- # }
1789
- #
1790
1517
  # @!attribute [rw] job_id
1791
1518
  # The `JobId` that is returned by the `StartPolicyGeneration`
1792
1519
  # operation. The `JobId` can be used with `GetGeneratedPolicy` to
@@ -1856,13 +1583,6 @@ module Aws::AccessAnalyzer
1856
1583
  #
1857
1584
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
1858
1585
  #
1859
- # @note When making an API call, you may pass IamRoleConfiguration
1860
- # data as a hash:
1861
- #
1862
- # {
1863
- # trust_policy: "IamTrustPolicy",
1864
- # }
1865
- #
1866
1586
  # @!attribute [rw] trust_policy
1867
1587
  # The proposed trust policy for the IAM role.
1868
1588
  # @return [String]
@@ -1878,21 +1598,6 @@ module Aws::AccessAnalyzer
1878
1598
  # An criterion statement in an archive rule. Each archive rule may have
1879
1599
  # multiple criteria.
1880
1600
  #
1881
- # @note When making an API call, you may pass InlineArchiveRule
1882
- # data as a hash:
1883
- #
1884
- # {
1885
- # rule_name: "Name", # required
1886
- # filter: { # required
1887
- # "String" => {
1888
- # eq: ["String"],
1889
- # neq: ["String"],
1890
- # contains: ["String"],
1891
- # exists: false,
1892
- # },
1893
- # },
1894
- # }
1895
- #
1896
1601
  # @!attribute [rw] rule_name
1897
1602
  # The name of the rule.
1898
1603
  # @return [String]
@@ -1931,8 +1636,6 @@ module Aws::AccessAnalyzer
1931
1636
  # This configuration sets the network origin for the Amazon S3 access
1932
1637
  # point or multi-region access point to `Internet`.
1933
1638
  #
1934
- # @api private
1935
- #
1936
1639
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternetConfiguration AWS API Documentation
1937
1640
  #
1938
1641
  class InternetConfiguration < Aws::EmptyStructure; end
@@ -2001,24 +1704,6 @@ module Aws::AccessAnalyzer
2001
1704
  #
2002
1705
  # [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html
2003
1706
  #
2004
- # @note When making an API call, you may pass KmsGrantConfiguration
2005
- # data as a hash:
2006
- #
2007
- # {
2008
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
2009
- # grantee_principal: "GranteePrincipal", # required
2010
- # retiring_principal: "RetiringPrincipal",
2011
- # constraints: {
2012
- # encryption_context_equals: {
2013
- # "KmsConstraintsKey" => "KmsConstraintsValue",
2014
- # },
2015
- # encryption_context_subset: {
2016
- # "KmsConstraintsKey" => "KmsConstraintsValue",
2017
- # },
2018
- # },
2019
- # issuing_account: "IssuingAccount", # required
2020
- # }
2021
- #
2022
1707
  # @!attribute [rw] operations
2023
1708
  # A list of operations that the grant permits.
2024
1709
  # @return [Array<String>]
@@ -2078,18 +1763,6 @@ module Aws::AccessAnalyzer
2078
1763
  # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
2079
1764
  # [3]: https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html
2080
1765
  #
2081
- # @note When making an API call, you may pass KmsGrantConstraints
2082
- # data as a hash:
2083
- #
2084
- # {
2085
- # encryption_context_equals: {
2086
- # "KmsConstraintsKey" => "KmsConstraintsValue",
2087
- # },
2088
- # encryption_context_subset: {
2089
- # "KmsConstraintsKey" => "KmsConstraintsValue",
2090
- # },
2091
- # }
2092
- #
2093
1766
  # @!attribute [rw] encryption_context_equals
2094
1767
  # A list of key-value pairs that must match the encryption context in
2095
1768
  # the [cryptographic operation][1] request. The grant allows the
@@ -2140,31 +1813,6 @@ module Aws::AccessAnalyzer
2140
1813
  # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
2141
1814
  # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html
2142
1815
  #
2143
- # @note When making an API call, you may pass KmsKeyConfiguration
2144
- # data as a hash:
2145
- #
2146
- # {
2147
- # key_policies: {
2148
- # "PolicyName" => "KmsKeyPolicy",
2149
- # },
2150
- # grants: [
2151
- # {
2152
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
2153
- # grantee_principal: "GranteePrincipal", # required
2154
- # retiring_principal: "RetiringPrincipal",
2155
- # constraints: {
2156
- # encryption_context_equals: {
2157
- # "KmsConstraintsKey" => "KmsConstraintsValue",
2158
- # },
2159
- # encryption_context_subset: {
2160
- # "KmsConstraintsKey" => "KmsConstraintsValue",
2161
- # },
2162
- # },
2163
- # issuing_account: "IssuingAccount", # required
2164
- # },
2165
- # ],
2166
- # }
2167
- #
2168
1816
  # @!attribute [rw] key_policies
2169
1817
  # Resource policy configuration for the KMS key. The only valid value
2170
1818
  # for the name of the key policy is `default`. For more information,
@@ -2192,24 +1840,6 @@ module Aws::AccessAnalyzer
2192
1840
  include Aws::Structure
2193
1841
  end
2194
1842
 
2195
- # @note When making an API call, you may pass ListAccessPreviewFindingsRequest
2196
- # data as a hash:
2197
- #
2198
- # {
2199
- # access_preview_id: "AccessPreviewId", # required
2200
- # analyzer_arn: "AnalyzerArn", # required
2201
- # filter: {
2202
- # "String" => {
2203
- # eq: ["String"],
2204
- # neq: ["String"],
2205
- # contains: ["String"],
2206
- # exists: false,
2207
- # },
2208
- # },
2209
- # next_token: "Token",
2210
- # max_results: 1,
2211
- # }
2212
- #
2213
1843
  # @!attribute [rw] access_preview_id
2214
1844
  # The unique ID for the access preview.
2215
1845
  # @return [String]
@@ -2264,15 +1894,6 @@ module Aws::AccessAnalyzer
2264
1894
  include Aws::Structure
2265
1895
  end
2266
1896
 
2267
- # @note When making an API call, you may pass ListAccessPreviewsRequest
2268
- # data as a hash:
2269
- #
2270
- # {
2271
- # analyzer_arn: "AnalyzerArn", # required
2272
- # next_token: "Token",
2273
- # max_results: 1,
2274
- # }
2275
- #
2276
1897
  # @!attribute [rw] analyzer_arn
2277
1898
  # The [ARN of the analyzer][1] used to generate the access preview.
2278
1899
  #
@@ -2318,16 +1939,6 @@ module Aws::AccessAnalyzer
2318
1939
 
2319
1940
  # Retrieves a list of resources that have been analyzed.
2320
1941
  #
2321
- # @note When making an API call, you may pass ListAnalyzedResourcesRequest
2322
- # data as a hash:
2323
- #
2324
- # {
2325
- # analyzer_arn: "AnalyzerArn", # required
2326
- # resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic
2327
- # next_token: "Token",
2328
- # max_results: 1,
2329
- # }
2330
- #
2331
1942
  # @!attribute [rw] analyzer_arn
2332
1943
  # The [ARN of the analyzer][1] to retrieve a list of analyzed
2333
1944
  # resources from.
@@ -2381,15 +1992,6 @@ module Aws::AccessAnalyzer
2381
1992
 
2382
1993
  # Retrieves a list of analyzers.
2383
1994
  #
2384
- # @note When making an API call, you may pass ListAnalyzersRequest
2385
- # data as a hash:
2386
- #
2387
- # {
2388
- # next_token: "Token",
2389
- # max_results: 1,
2390
- # type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
2391
- # }
2392
- #
2393
1995
  # @!attribute [rw] next_token
2394
1996
  # A token used for pagination of results returned.
2395
1997
  # @return [String]
@@ -2433,15 +2035,6 @@ module Aws::AccessAnalyzer
2433
2035
 
2434
2036
  # Retrieves a list of archive rules created for the specified analyzer.
2435
2037
  #
2436
- # @note When making an API call, you may pass ListArchiveRulesRequest
2437
- # data as a hash:
2438
- #
2439
- # {
2440
- # analyzer_name: "Name", # required
2441
- # next_token: "Token",
2442
- # max_results: 1,
2443
- # }
2444
- #
2445
2038
  # @!attribute [rw] analyzer_name
2446
2039
  # The name of the analyzer to retrieve rules from.
2447
2040
  # @return [String]
@@ -2485,27 +2078,6 @@ module Aws::AccessAnalyzer
2485
2078
 
2486
2079
  # Retrieves a list of findings generated by the specified analyzer.
2487
2080
  #
2488
- # @note When making an API call, you may pass ListFindingsRequest
2489
- # data as a hash:
2490
- #
2491
- # {
2492
- # analyzer_arn: "AnalyzerArn", # required
2493
- # filter: {
2494
- # "String" => {
2495
- # eq: ["String"],
2496
- # neq: ["String"],
2497
- # contains: ["String"],
2498
- # exists: false,
2499
- # },
2500
- # },
2501
- # sort: {
2502
- # attribute_name: "String",
2503
- # order_by: "ASC", # accepts ASC, DESC
2504
- # },
2505
- # next_token: "Token",
2506
- # max_results: 1,
2507
- # }
2508
- #
2509
2081
  # @!attribute [rw] analyzer_arn
2510
2082
  # The [ARN of the analyzer][1] to retrieve findings from.
2511
2083
  #
@@ -2562,15 +2134,6 @@ module Aws::AccessAnalyzer
2562
2134
  include Aws::Structure
2563
2135
  end
2564
2136
 
2565
- # @note When making an API call, you may pass ListPolicyGenerationsRequest
2566
- # data as a hash:
2567
- #
2568
- # {
2569
- # principal_arn: "PrincipalArn",
2570
- # max_results: 1,
2571
- # next_token: "Token",
2572
- # }
2573
- #
2574
2137
  # @!attribute [rw] principal_arn
2575
2138
  # The ARN of the IAM entity (user or role) for which you are
2576
2139
  # generating a policy. Use this with `ListGeneratedPolicies` to filter
@@ -2615,13 +2178,6 @@ module Aws::AccessAnalyzer
2615
2178
 
2616
2179
  # Retrieves a list of tags applied to the specified resource.
2617
2180
  #
2618
- # @note When making an API call, you may pass ListTagsForResourceRequest
2619
- # data as a hash:
2620
- #
2621
- # {
2622
- # resource_arn: "String", # required
2623
- # }
2624
- #
2625
2181
  # @!attribute [rw] resource_arn
2626
2182
  # The ARN of the resource to retrieve tags from.
2627
2183
  # @return [String]
@@ -2680,10 +2236,6 @@ module Aws::AccessAnalyzer
2680
2236
  #
2681
2237
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
2682
2238
  #
2683
- # @note NetworkOriginConfiguration is a union - when making an API calls you must set exactly one of the members.
2684
- #
2685
- # @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
2686
- #
2687
2239
  # @!attribute [rw] vpc_configuration
2688
2240
  # The proposed virtual private cloud (VPC) configuration for the
2689
2241
  # Amazon S3 access point. VPC configuration does not apply to
@@ -2718,8 +2270,6 @@ module Aws::AccessAnalyzer
2718
2270
  # A single element in a path through the JSON representation of a
2719
2271
  # policy.
2720
2272
  #
2721
- # @note PathElement is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of PathElement corresponding to the set member.
2722
- #
2723
2273
  # @!attribute [rw] index
2724
2274
  # Refers to an index in a JSON array.
2725
2275
  # @return [Integer]
@@ -2796,13 +2346,6 @@ module Aws::AccessAnalyzer
2796
2346
  # Contains the ARN details about the IAM entity for which the policy is
2797
2347
  # generated.
2798
2348
  #
2799
- # @note When making an API call, you may pass PolicyGenerationDetails
2800
- # data as a hash:
2801
- #
2802
- # {
2803
- # principal_arn: "PrincipalArn", # required
2804
- # }
2805
- #
2806
2349
  # @!attribute [rw] principal_arn
2807
2350
  # The ARN of the IAM entity (user or role) for which you are
2808
2351
  # generating a policy.
@@ -2843,10 +2386,6 @@ module Aws::AccessAnalyzer
2843
2386
 
2844
2387
  # The values for a manual Amazon RDS DB cluster snapshot attribute.
2845
2388
  #
2846
- # @note RdsDbClusterSnapshotAttributeValue is a union - when making an API calls you must set exactly one of the members.
2847
- #
2848
- # @note RdsDbClusterSnapshotAttributeValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of RdsDbClusterSnapshotAttributeValue corresponding to the set member.
2849
- #
2850
2389
  # @!attribute [rw] account_ids
2851
2390
  # The Amazon Web Services account IDs that have access to the manual
2852
2391
  # Amazon RDS DB cluster snapshot. If the value `all` is specified,
@@ -2892,18 +2431,6 @@ module Aws::AccessAnalyzer
2892
2431
  #
2893
2432
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html
2894
2433
  #
2895
- # @note When making an API call, you may pass RdsDbClusterSnapshotConfiguration
2896
- # data as a hash:
2897
- #
2898
- # {
2899
- # attributes: {
2900
- # "RdsDbClusterSnapshotAttributeName" => {
2901
- # account_ids: ["RdsDbClusterSnapshotAccountId"],
2902
- # },
2903
- # },
2904
- # kms_key_id: "RdsDbClusterSnapshotKmsKeyId",
2905
- # }
2906
- #
2907
2434
  # @!attribute [rw] attributes
2908
2435
  # The names and values of manual DB cluster snapshot attributes.
2909
2436
  # Manual DB cluster snapshot attributes are used to authorize other
@@ -2940,10 +2467,6 @@ module Aws::AccessAnalyzer
2940
2467
  # Manual DB snapshot attributes are used to authorize other Amazon Web
2941
2468
  # Services accounts to restore a manual DB snapshot.
2942
2469
  #
2943
- # @note RdsDbSnapshotAttributeValue is a union - when making an API calls you must set exactly one of the members.
2944
- #
2945
- # @note RdsDbSnapshotAttributeValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of RdsDbSnapshotAttributeValue corresponding to the set member.
2946
- #
2947
2470
  # @!attribute [rw] account_ids
2948
2471
  # The Amazon Web Services account IDs that have access to the manual
2949
2472
  # Amazon RDS DB snapshot. If the value `all` is specified, then the
@@ -2988,18 +2511,6 @@ module Aws::AccessAnalyzer
2988
2511
  #
2989
2512
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html
2990
2513
  #
2991
- # @note When making an API call, you may pass RdsDbSnapshotConfiguration
2992
- # data as a hash:
2993
- #
2994
- # {
2995
- # attributes: {
2996
- # "RdsDbSnapshotAttributeName" => {
2997
- # account_ids: ["RdsDbSnapshotAccountId"],
2998
- # },
2999
- # },
3000
- # kms_key_id: "RdsDbSnapshotKmsKeyId",
3001
- # }
3002
- #
3003
2514
  # @!attribute [rw] attributes
3004
2515
  # The names and values of manual DB snapshot attributes. Manual DB
3005
2516
  # snapshot attributes are used to authorize other Amazon Web Services
@@ -3070,24 +2581,6 @@ module Aws::AccessAnalyzer
3070
2581
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
3071
2582
  # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html
3072
2583
  #
3073
- # @note When making an API call, you may pass S3AccessPointConfiguration
3074
- # data as a hash:
3075
- #
3076
- # {
3077
- # access_point_policy: "AccessPointPolicy",
3078
- # public_access_block: {
3079
- # ignore_public_acls: false, # required
3080
- # restrict_public_buckets: false, # required
3081
- # },
3082
- # network_origin: {
3083
- # vpc_configuration: {
3084
- # vpc_id: "VpcId", # required
3085
- # },
3086
- # internet_configuration: {
3087
- # },
3088
- # },
3089
- # }
3090
- #
3091
2584
  # @!attribute [rw] access_point_policy
3092
2585
  # The access point or multi-region access point policy.
3093
2586
  # @return [String]
@@ -3124,17 +2617,6 @@ module Aws::AccessAnalyzer
3124
2617
  #
3125
2618
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#setting-acls
3126
2619
  #
3127
- # @note When making an API call, you may pass S3BucketAclGrantConfiguration
3128
- # data as a hash:
3129
- #
3130
- # {
3131
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
3132
- # grantee: { # required
3133
- # id: "AclCanonicalId",
3134
- # uri: "AclUri",
3135
- # },
3136
- # }
3137
- #
3138
2620
  # @!attribute [rw] permission
3139
2621
  # The permissions being granted.
3140
2622
  # @return [String]
@@ -3170,42 +2652,6 @@ module Aws::AccessAnalyzer
3170
2652
  #
3171
2653
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
3172
2654
  #
3173
- # @note When making an API call, you may pass S3BucketConfiguration
3174
- # data as a hash:
3175
- #
3176
- # {
3177
- # bucket_policy: "S3BucketPolicy",
3178
- # bucket_acl_grants: [
3179
- # {
3180
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
3181
- # grantee: { # required
3182
- # id: "AclCanonicalId",
3183
- # uri: "AclUri",
3184
- # },
3185
- # },
3186
- # ],
3187
- # bucket_public_access_block: {
3188
- # ignore_public_acls: false, # required
3189
- # restrict_public_buckets: false, # required
3190
- # },
3191
- # access_points: {
3192
- # "AccessPointArn" => {
3193
- # access_point_policy: "AccessPointPolicy",
3194
- # public_access_block: {
3195
- # ignore_public_acls: false, # required
3196
- # restrict_public_buckets: false, # required
3197
- # },
3198
- # network_origin: {
3199
- # vpc_configuration: {
3200
- # vpc_id: "VpcId", # required
3201
- # },
3202
- # internet_configuration: {
3203
- # },
3204
- # },
3205
- # },
3206
- # },
3207
- # }
3208
- #
3209
2655
  # @!attribute [rw] bucket_policy
3210
2656
  # The proposed bucket policy for the Amazon S3 bucket.
3211
2657
  # @return [String]
@@ -3255,14 +2701,6 @@ module Aws::AccessAnalyzer
3255
2701
  #
3256
2702
  # [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html
3257
2703
  #
3258
- # @note When making an API call, you may pass S3PublicAccessBlockConfiguration
3259
- # data as a hash:
3260
- #
3261
- # {
3262
- # ignore_public_acls: false, # required
3263
- # restrict_public_buckets: false, # required
3264
- # }
3265
- #
3266
2704
  # @!attribute [rw] ignore_public_acls
3267
2705
  # Specifies whether Amazon S3 should ignore public ACLs for this
3268
2706
  # bucket and objects in this bucket.
@@ -3305,14 +2743,6 @@ module Aws::AccessAnalyzer
3305
2743
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html
3306
2744
  # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html
3307
2745
  #
3308
- # @note When making an API call, you may pass SecretsManagerSecretConfiguration
3309
- # data as a hash:
3310
- #
3311
- # {
3312
- # kms_key_id: "SecretsManagerSecretKmsId",
3313
- # secret_policy: "SecretsManagerSecretPolicy",
3314
- # }
3315
- #
3316
2746
  # @!attribute [rw] kms_key_id
3317
2747
  # The proposed ARN, key ID, or alias of the KMS key.
3318
2748
  # @return [String]
@@ -3370,13 +2800,6 @@ module Aws::AccessAnalyzer
3370
2800
  #
3371
2801
  # [1]: https://docs.aws.amazon.com/sns/latest/api/API_Topic.html
3372
2802
  #
3373
- # @note When making an API call, you may pass SnsTopicConfiguration
3374
- # data as a hash:
3375
- #
3376
- # {
3377
- # topic_policy: "SnsTopicPolicy",
3378
- # }
3379
- #
3380
2803
  # @!attribute [rw] topic_policy
3381
2804
  # The JSON policy text that defines who can access an Amazon SNS
3382
2805
  # topic. For more information, see [Example cases for Amazon SNS
@@ -3397,14 +2820,6 @@ module Aws::AccessAnalyzer
3397
2820
 
3398
2821
  # The criteria used to sort.
3399
2822
  #
3400
- # @note When making an API call, you may pass SortCriteria
3401
- # data as a hash:
3402
- #
3403
- # {
3404
- # attribute_name: "String",
3405
- # order_by: "ASC", # accepts ASC, DESC
3406
- # }
3407
- #
3408
2823
  # @!attribute [rw] attribute_name
3409
2824
  # The name of the attribute to sort on.
3410
2825
  # @return [String]
@@ -3458,13 +2873,6 @@ module Aws::AccessAnalyzer
3458
2873
  #
3459
2874
  # [1]: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-policies.html
3460
2875
  #
3461
- # @note When making an API call, you may pass SqsQueueConfiguration
3462
- # data as a hash:
3463
- #
3464
- # {
3465
- # queue_policy: "SqsQueuePolicy",
3466
- # }
3467
- #
3468
2876
  # @!attribute [rw] queue_policy
3469
2877
  # The proposed resource policy for the Amazon SQS queue.
3470
2878
  # @return [String]
@@ -3477,28 +2885,6 @@ module Aws::AccessAnalyzer
3477
2885
  include Aws::Structure
3478
2886
  end
3479
2887
 
3480
- # @note When making an API call, you may pass StartPolicyGenerationRequest
3481
- # data as a hash:
3482
- #
3483
- # {
3484
- # policy_generation_details: { # required
3485
- # principal_arn: "PrincipalArn", # required
3486
- # },
3487
- # cloud_trail_details: {
3488
- # trails: [ # required
3489
- # {
3490
- # cloud_trail_arn: "CloudTrailArn", # required
3491
- # regions: ["String"],
3492
- # all_regions: false,
3493
- # },
3494
- # ],
3495
- # access_role: "RoleArn", # required
3496
- # start_time: Time.now, # required
3497
- # end_time: Time.now,
3498
- # },
3499
- # client_token: "String",
3500
- # }
3501
- #
3502
2888
  # @!attribute [rw] policy_generation_details
3503
2889
  # Contains the ARN of the IAM entity (user or role) for which you are
3504
2890
  # generating a policy.
@@ -3551,15 +2937,6 @@ module Aws::AccessAnalyzer
3551
2937
 
3552
2938
  # Starts a scan of the policies applied to the specified resource.
3553
2939
  #
3554
- # @note When making an API call, you may pass StartResourceScanRequest
3555
- # data as a hash:
3556
- #
3557
- # {
3558
- # analyzer_arn: "AnalyzerArn", # required
3559
- # resource_arn: "ResourceArn", # required
3560
- # resource_owner_account: "String",
3561
- # }
3562
- #
3563
2940
  # @!attribute [rw] analyzer_arn
3564
2941
  # The [ARN of the analyzer][1] to use to scan the policies applied to
3565
2942
  # the specified resource.
@@ -3628,16 +3005,6 @@ module Aws::AccessAnalyzer
3628
3005
 
3629
3006
  # Adds a tag to the specified resource.
3630
3007
  #
3631
- # @note When making an API call, you may pass TagResourceRequest
3632
- # data as a hash:
3633
- #
3634
- # {
3635
- # resource_arn: "String", # required
3636
- # tags: { # required
3637
- # "String" => "String",
3638
- # },
3639
- # }
3640
- #
3641
3008
  # @!attribute [rw] resource_arn
3642
3009
  # The ARN of the resource to add the tag to.
3643
3010
  # @return [String]
@@ -3682,15 +3049,6 @@ module Aws::AccessAnalyzer
3682
3049
  # Contains details about the CloudTrail trail being analyzed to generate
3683
3050
  # a policy.
3684
3051
  #
3685
- # @note When making an API call, you may pass Trail
3686
- # data as a hash:
3687
- #
3688
- # {
3689
- # cloud_trail_arn: "CloudTrailArn", # required
3690
- # regions: ["String"],
3691
- # all_regions: false,
3692
- # }
3693
- #
3694
3052
  # @!attribute [rw] cloud_trail_arn
3695
3053
  # Specifies the ARN of the trail. The format of a trail ARN is
3696
3054
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
@@ -3748,14 +3106,6 @@ module Aws::AccessAnalyzer
3748
3106
 
3749
3107
  # Removes a tag from the specified resource.
3750
3108
  #
3751
- # @note When making an API call, you may pass UntagResourceRequest
3752
- # data as a hash:
3753
- #
3754
- # {
3755
- # resource_arn: "String", # required
3756
- # tag_keys: ["String"], # required
3757
- # }
3758
- #
3759
3109
  # @!attribute [rw] resource_arn
3760
3110
  # The ARN of the resource to remove the tag from.
3761
3111
  # @return [String]
@@ -3781,23 +3131,6 @@ module Aws::AccessAnalyzer
3781
3131
 
3782
3132
  # Updates the specified archive rule.
3783
3133
  #
3784
- # @note When making an API call, you may pass UpdateArchiveRuleRequest
3785
- # data as a hash:
3786
- #
3787
- # {
3788
- # analyzer_name: "Name", # required
3789
- # rule_name: "Name", # required
3790
- # filter: { # required
3791
- # "String" => {
3792
- # eq: ["String"],
3793
- # neq: ["String"],
3794
- # contains: ["String"],
3795
- # exists: false,
3796
- # },
3797
- # },
3798
- # client_token: "String",
3799
- # }
3800
- #
3801
3134
  # @!attribute [rw] analyzer_name
3802
3135
  # The name of the analyzer to update the archive rules for.
3803
3136
  # @return [String]
@@ -3831,17 +3164,6 @@ module Aws::AccessAnalyzer
3831
3164
 
3832
3165
  # Updates findings with the new values provided in the request.
3833
3166
  #
3834
- # @note When making an API call, you may pass UpdateFindingsRequest
3835
- # data as a hash:
3836
- #
3837
- # {
3838
- # analyzer_arn: "AnalyzerArn", # required
3839
- # status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
3840
- # ids: ["FindingId"],
3841
- # resource_arn: "ResourceArn",
3842
- # client_token: "String",
3843
- # }
3844
- #
3845
3167
  # @!attribute [rw] analyzer_arn
3846
3168
  # The [ARN of the analyzer][1] that generated the findings to update.
3847
3169
  #
@@ -3934,18 +3256,6 @@ module Aws::AccessAnalyzer
3934
3256
  include Aws::Structure
3935
3257
  end
3936
3258
 
3937
- # @note When making an API call, you may pass ValidatePolicyRequest
3938
- # data as a hash:
3939
- #
3940
- # {
3941
- # locale: "DE", # accepts DE, EN, ES, FR, IT, JA, KO, PT_BR, ZH_CN, ZH_TW
3942
- # max_results: 1,
3943
- # next_token: "Token",
3944
- # policy_document: "PolicyDocument", # required
3945
- # policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
3946
- # validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
3947
- # }
3948
- #
3949
3259
  # @!attribute [rw] locale
3950
3260
  # The locale to use for localizing the findings.
3951
3261
  # @return [String]
@@ -4072,13 +3382,6 @@ module Aws::AccessAnalyzer
4072
3382
  #
4073
3383
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html
4074
3384
  #
4075
- # @note When making an API call, you may pass VpcConfiguration
4076
- # data as a hash:
4077
- #
4078
- # {
4079
- # vpc_id: "VpcId", # required
4080
- # }
4081
- #
4082
3385
  # @!attribute [rw] vpc_id
4083
3386
  # If this field is specified, this access point will only allow
4084
3387
  # connections from the specified VPC ID.