aws-sdk-accessanalyzer 1.31.0 → 1.32.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -259,10 +259,6 @@ module Aws::AccessAnalyzer
259
259
  #
260
260
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html
261
261
  #
262
- # @note AclGrantee is a union - when making an API calls you must set exactly one of the members.
263
- #
264
- # @note AclGrantee is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of AclGrantee corresponding to the set member.
265
- #
266
262
  # @!attribute [rw] id
267
263
  # The value specified is the canonical user ID of an Amazon Web
268
264
  # Services account.
@@ -447,15 +443,6 @@ module Aws::AccessAnalyzer
447
443
 
448
444
  # Retroactively applies an archive rule.
449
445
  #
450
- # @note When making an API call, you may pass ApplyArchiveRuleRequest
451
- # data as a hash:
452
- #
453
- # {
454
- # analyzer_arn: "AnalyzerArn", # required
455
- # rule_name: "Name", # required
456
- # client_token: "String",
457
- # }
458
- #
459
446
  # @!attribute [rw] analyzer_arn
460
447
  # The Amazon resource name (ARN) of the analyzer.
461
448
  # @return [String]
@@ -510,13 +497,6 @@ module Aws::AccessAnalyzer
510
497
  include Aws::Structure
511
498
  end
512
499
 
513
- # @note When making an API call, you may pass CancelPolicyGenerationRequest
514
- # data as a hash:
515
- #
516
- # {
517
- # job_id: "JobId", # required
518
- # }
519
- #
520
500
  # @!attribute [rw] job_id
521
501
  # The `JobId` that is returned by the `StartPolicyGeneration`
522
502
  # operation. The `JobId` can be used with `GetGeneratedPolicy` to
@@ -538,22 +518,6 @@ module Aws::AccessAnalyzer
538
518
 
539
519
  # Contains information about CloudTrail access.
540
520
  #
541
- # @note When making an API call, you may pass CloudTrailDetails
542
- # data as a hash:
543
- #
544
- # {
545
- # trails: [ # required
546
- # {
547
- # cloud_trail_arn: "CloudTrailArn", # required
548
- # regions: ["String"],
549
- # all_regions: false,
550
- # },
551
- # ],
552
- # access_role: "RoleArn", # required
553
- # start_time: Time.now, # required
554
- # end_time: Time.now,
555
- # }
556
- #
557
521
  # @!attribute [rw] trails
558
522
  # A `Trail` object that contains settings for a trail.
559
523
  # @return [Array<Types::Trail>]
@@ -621,10 +585,6 @@ module Aws::AccessAnalyzer
621
585
  # the configuration as a type-value pair. You can specify only one type
622
586
  # of access control configuration.
623
587
  #
624
- # @note Configuration is a union - when making an API calls you must set exactly one of the members.
625
- #
626
- # @note Configuration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of Configuration corresponding to the set member.
627
- #
628
588
  # @!attribute [rw] ebs_snapshot
629
589
  # The access control configuration is for an Amazon EBS volume
630
590
  # snapshot.
@@ -727,111 +687,6 @@ module Aws::AccessAnalyzer
727
687
  include Aws::Structure
728
688
  end
729
689
 
730
- # @note When making an API call, you may pass CreateAccessPreviewRequest
731
- # data as a hash:
732
- #
733
- # {
734
- # analyzer_arn: "AnalyzerArn", # required
735
- # configurations: { # required
736
- # "ConfigurationsMapKey" => {
737
- # ebs_snapshot: {
738
- # user_ids: ["EbsUserId"],
739
- # groups: ["EbsGroup"],
740
- # kms_key_id: "EbsSnapshotDataEncryptionKeyId",
741
- # },
742
- # ecr_repository: {
743
- # repository_policy: "EcrRepositoryPolicy",
744
- # },
745
- # iam_role: {
746
- # trust_policy: "IamTrustPolicy",
747
- # },
748
- # efs_file_system: {
749
- # file_system_policy: "EfsFileSystemPolicy",
750
- # },
751
- # kms_key: {
752
- # key_policies: {
753
- # "PolicyName" => "KmsKeyPolicy",
754
- # },
755
- # grants: [
756
- # {
757
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
758
- # grantee_principal: "GranteePrincipal", # required
759
- # retiring_principal: "RetiringPrincipal",
760
- # constraints: {
761
- # encryption_context_equals: {
762
- # "KmsConstraintsKey" => "KmsConstraintsValue",
763
- # },
764
- # encryption_context_subset: {
765
- # "KmsConstraintsKey" => "KmsConstraintsValue",
766
- # },
767
- # },
768
- # issuing_account: "IssuingAccount", # required
769
- # },
770
- # ],
771
- # },
772
- # rds_db_cluster_snapshot: {
773
- # attributes: {
774
- # "RdsDbClusterSnapshotAttributeName" => {
775
- # account_ids: ["RdsDbClusterSnapshotAccountId"],
776
- # },
777
- # },
778
- # kms_key_id: "RdsDbClusterSnapshotKmsKeyId",
779
- # },
780
- # rds_db_snapshot: {
781
- # attributes: {
782
- # "RdsDbSnapshotAttributeName" => {
783
- # account_ids: ["RdsDbSnapshotAccountId"],
784
- # },
785
- # },
786
- # kms_key_id: "RdsDbSnapshotKmsKeyId",
787
- # },
788
- # secrets_manager_secret: {
789
- # kms_key_id: "SecretsManagerSecretKmsId",
790
- # secret_policy: "SecretsManagerSecretPolicy",
791
- # },
792
- # s3_bucket: {
793
- # bucket_policy: "S3BucketPolicy",
794
- # bucket_acl_grants: [
795
- # {
796
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
797
- # grantee: { # required
798
- # id: "AclCanonicalId",
799
- # uri: "AclUri",
800
- # },
801
- # },
802
- # ],
803
- # bucket_public_access_block: {
804
- # ignore_public_acls: false, # required
805
- # restrict_public_buckets: false, # required
806
- # },
807
- # access_points: {
808
- # "AccessPointArn" => {
809
- # access_point_policy: "AccessPointPolicy",
810
- # public_access_block: {
811
- # ignore_public_acls: false, # required
812
- # restrict_public_buckets: false, # required
813
- # },
814
- # network_origin: {
815
- # vpc_configuration: {
816
- # vpc_id: "VpcId", # required
817
- # },
818
- # internet_configuration: {
819
- # },
820
- # },
821
- # },
822
- # },
823
- # },
824
- # sns_topic: {
825
- # topic_policy: "SnsTopicPolicy",
826
- # },
827
- # sqs_queue: {
828
- # queue_policy: "SqsQueuePolicy",
829
- # },
830
- # },
831
- # },
832
- # client_token: "String",
833
- # }
834
- #
835
690
  # @!attribute [rw] analyzer_arn
836
691
  # The [ARN of the account analyzer][1] used to generate the access
837
692
  # preview. You can only create an access preview for analyzers with an
@@ -881,31 +736,6 @@ module Aws::AccessAnalyzer
881
736
 
882
737
  # Creates an analyzer.
883
738
  #
884
- # @note When making an API call, you may pass CreateAnalyzerRequest
885
- # data as a hash:
886
- #
887
- # {
888
- # analyzer_name: "Name", # required
889
- # type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
890
- # archive_rules: [
891
- # {
892
- # rule_name: "Name", # required
893
- # filter: { # required
894
- # "String" => {
895
- # eq: ["String"],
896
- # neq: ["String"],
897
- # contains: ["String"],
898
- # exists: false,
899
- # },
900
- # },
901
- # },
902
- # ],
903
- # tags: {
904
- # "String" => "String",
905
- # },
906
- # client_token: "String",
907
- # }
908
- #
909
739
  # @!attribute [rw] analyzer_name
910
740
  # The name of the analyzer to create.
911
741
  # @return [String]
@@ -962,23 +792,6 @@ module Aws::AccessAnalyzer
962
792
 
963
793
  # Creates an archive rule.
964
794
  #
965
- # @note When making an API call, you may pass CreateArchiveRuleRequest
966
- # data as a hash:
967
- #
968
- # {
969
- # analyzer_name: "Name", # required
970
- # rule_name: "Name", # required
971
- # filter: { # required
972
- # "String" => {
973
- # eq: ["String"],
974
- # neq: ["String"],
975
- # contains: ["String"],
976
- # exists: false,
977
- # },
978
- # },
979
- # client_token: "String",
980
- # }
981
- #
982
795
  # @!attribute [rw] analyzer_name
983
796
  # The name of the created analyzer.
984
797
  # @return [String]
@@ -1009,17 +822,13 @@ module Aws::AccessAnalyzer
1009
822
  include Aws::Structure
1010
823
  end
1011
824
 
1012
- # The criteria to use in the filter that defines the archive rule.
825
+ # The criteria to use in the filter that defines the archive rule. For
826
+ # more information on available filter keys, see [IAM Access Analyzer
827
+ # filter keys][1].
828
+ #
1013
829
  #
1014
- # @note When making an API call, you may pass Criterion
1015
- # data as a hash:
1016
830
  #
1017
- # {
1018
- # eq: ["String"],
1019
- # neq: ["String"],
1020
- # contains: ["String"],
1021
- # exists: false,
1022
- # }
831
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
1023
832
  #
1024
833
  # @!attribute [rw] eq
1025
834
  # An "equals" operator to match for the filter used to create the
@@ -1054,14 +863,6 @@ module Aws::AccessAnalyzer
1054
863
 
1055
864
  # Deletes an analyzer.
1056
865
  #
1057
- # @note When making an API call, you may pass DeleteAnalyzerRequest
1058
- # data as a hash:
1059
- #
1060
- # {
1061
- # analyzer_name: "Name", # required
1062
- # client_token: "String",
1063
- # }
1064
- #
1065
866
  # @!attribute [rw] analyzer_name
1066
867
  # The name of the analyzer to delete.
1067
868
  # @return [String]
@@ -1084,15 +885,6 @@ module Aws::AccessAnalyzer
1084
885
 
1085
886
  # Deletes an archive rule.
1086
887
  #
1087
- # @note When making an API call, you may pass DeleteArchiveRuleRequest
1088
- # data as a hash:
1089
- #
1090
- # {
1091
- # analyzer_name: "Name", # required
1092
- # rule_name: "Name", # required
1093
- # client_token: "String",
1094
- # }
1095
- #
1096
888
  # @!attribute [rw] analyzer_name
1097
889
  # The name of the analyzer that associated with the archive rule to
1098
890
  # delete.
@@ -1129,15 +921,6 @@ module Aws::AccessAnalyzer
1129
921
  #
1130
922
  # [1]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html
1131
923
  #
1132
- # @note When making an API call, you may pass EbsSnapshotConfiguration
1133
- # data as a hash:
1134
- #
1135
- # {
1136
- # user_ids: ["EbsUserId"],
1137
- # groups: ["EbsGroup"],
1138
- # kms_key_id: "EbsSnapshotDataEncryptionKeyId",
1139
- # }
1140
- #
1141
924
  # @!attribute [rw] user_ids
1142
925
  # The IDs of the Amazon Web Services accounts that have access to the
1143
926
  # Amazon EBS volume snapshot.
@@ -1217,13 +1000,6 @@ module Aws::AccessAnalyzer
1217
1000
  #
1218
1001
  # [1]: https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html
1219
1002
  #
1220
- # @note When making an API call, you may pass EcrRepositoryConfiguration
1221
- # data as a hash:
1222
- #
1223
- # {
1224
- # repository_policy: "EcrRepositoryPolicy",
1225
- # }
1226
- #
1227
1003
  # @!attribute [rw] repository_policy
1228
1004
  # The JSON repository policy text to apply to the Amazon ECR
1229
1005
  # repository. For more information, see [Private repository policy
@@ -1263,13 +1039,6 @@ module Aws::AccessAnalyzer
1263
1039
  #
1264
1040
  # [1]: https://docs.aws.amazon.com/efs/latest/ug/using-fs.html
1265
1041
  #
1266
- # @note When making an API call, you may pass EfsFileSystemConfiguration
1267
- # data as a hash:
1268
- #
1269
- # {
1270
- # file_system_policy: "EfsFileSystemPolicy",
1271
- # }
1272
- #
1273
1042
  # @!attribute [rw] file_system_policy
1274
1043
  # The JSON policy definition to apply to the Amazon EFS file system.
1275
1044
  # For more information on the elements that make up a file system
@@ -1404,10 +1173,16 @@ module Aws::AccessAnalyzer
1404
1173
  # multi-region access point.
1405
1174
  # @return [String]
1406
1175
  #
1176
+ # @!attribute [rw] access_point_account
1177
+ # The account of the cross-account access point that generated the
1178
+ # finding.
1179
+ # @return [String]
1180
+ #
1407
1181
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSourceDetail AWS API Documentation
1408
1182
  #
1409
1183
  class FindingSourceDetail < Struct.new(
1410
- :access_point_arn)
1184
+ :access_point_arn,
1185
+ :access_point_account)
1411
1186
  SENSITIVE = []
1412
1187
  include Aws::Structure
1413
1188
  end
@@ -1569,14 +1344,6 @@ module Aws::AccessAnalyzer
1569
1344
  include Aws::Structure
1570
1345
  end
1571
1346
 
1572
- # @note When making an API call, you may pass GetAccessPreviewRequest
1573
- # data as a hash:
1574
- #
1575
- # {
1576
- # access_preview_id: "AccessPreviewId", # required
1577
- # analyzer_arn: "AnalyzerArn", # required
1578
- # }
1579
- #
1580
1347
  # @!attribute [rw] access_preview_id
1581
1348
  # The unique ID for the access preview.
1582
1349
  # @return [String]
@@ -1612,14 +1379,6 @@ module Aws::AccessAnalyzer
1612
1379
 
1613
1380
  # Retrieves an analyzed resource.
1614
1381
  #
1615
- # @note When making an API call, you may pass GetAnalyzedResourceRequest
1616
- # data as a hash:
1617
- #
1618
- # {
1619
- # analyzer_arn: "AnalyzerArn", # required
1620
- # resource_arn: "ResourceArn", # required
1621
- # }
1622
- #
1623
1382
  # @!attribute [rw] analyzer_arn
1624
1383
  # The [ARN of the analyzer][1] to retrieve information from.
1625
1384
  #
@@ -1658,13 +1417,6 @@ module Aws::AccessAnalyzer
1658
1417
 
1659
1418
  # Retrieves an analyzer.
1660
1419
  #
1661
- # @note When making an API call, you may pass GetAnalyzerRequest
1662
- # data as a hash:
1663
- #
1664
- # {
1665
- # analyzer_name: "Name", # required
1666
- # }
1667
- #
1668
1420
  # @!attribute [rw] analyzer_name
1669
1421
  # The name of the analyzer retrieved.
1670
1422
  # @return [String]
@@ -1694,14 +1446,6 @@ module Aws::AccessAnalyzer
1694
1446
 
1695
1447
  # Retrieves an archive rule.
1696
1448
  #
1697
- # @note When making an API call, you may pass GetArchiveRuleRequest
1698
- # data as a hash:
1699
- #
1700
- # {
1701
- # analyzer_name: "Name", # required
1702
- # rule_name: "Name", # required
1703
- # }
1704
- #
1705
1449
  # @!attribute [rw] analyzer_name
1706
1450
  # The name of the analyzer to retrieve rules from.
1707
1451
  # @return [String]
@@ -1735,14 +1479,6 @@ module Aws::AccessAnalyzer
1735
1479
 
1736
1480
  # Retrieves a finding.
1737
1481
  #
1738
- # @note When making an API call, you may pass GetFindingRequest
1739
- # data as a hash:
1740
- #
1741
- # {
1742
- # analyzer_arn: "AnalyzerArn", # required
1743
- # id: "FindingId", # required
1744
- # }
1745
- #
1746
1482
  # @!attribute [rw] analyzer_arn
1747
1483
  # The [ARN of the analyzer][1] that generated the finding.
1748
1484
  #
@@ -1778,15 +1514,6 @@ module Aws::AccessAnalyzer
1778
1514
  include Aws::Structure
1779
1515
  end
1780
1516
 
1781
- # @note When making an API call, you may pass GetGeneratedPolicyRequest
1782
- # data as a hash:
1783
- #
1784
- # {
1785
- # job_id: "JobId", # required
1786
- # include_resource_placeholders: false,
1787
- # include_service_level_template: false,
1788
- # }
1789
- #
1790
1517
  # @!attribute [rw] job_id
1791
1518
  # The `JobId` that is returned by the `StartPolicyGeneration`
1792
1519
  # operation. The `JobId` can be used with `GetGeneratedPolicy` to
@@ -1856,13 +1583,6 @@ module Aws::AccessAnalyzer
1856
1583
  #
1857
1584
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html
1858
1585
  #
1859
- # @note When making an API call, you may pass IamRoleConfiguration
1860
- # data as a hash:
1861
- #
1862
- # {
1863
- # trust_policy: "IamTrustPolicy",
1864
- # }
1865
- #
1866
1586
  # @!attribute [rw] trust_policy
1867
1587
  # The proposed trust policy for the IAM role.
1868
1588
  # @return [String]
@@ -1878,21 +1598,6 @@ module Aws::AccessAnalyzer
1878
1598
  # An criterion statement in an archive rule. Each archive rule may have
1879
1599
  # multiple criteria.
1880
1600
  #
1881
- # @note When making an API call, you may pass InlineArchiveRule
1882
- # data as a hash:
1883
- #
1884
- # {
1885
- # rule_name: "Name", # required
1886
- # filter: { # required
1887
- # "String" => {
1888
- # eq: ["String"],
1889
- # neq: ["String"],
1890
- # contains: ["String"],
1891
- # exists: false,
1892
- # },
1893
- # },
1894
- # }
1895
- #
1896
1601
  # @!attribute [rw] rule_name
1897
1602
  # The name of the rule.
1898
1603
  # @return [String]
@@ -1931,8 +1636,6 @@ module Aws::AccessAnalyzer
1931
1636
  # This configuration sets the network origin for the Amazon S3 access
1932
1637
  # point or multi-region access point to `Internet`.
1933
1638
  #
1934
- # @api private
1935
- #
1936
1639
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternetConfiguration AWS API Documentation
1937
1640
  #
1938
1641
  class InternetConfiguration < Aws::EmptyStructure; end
@@ -2001,24 +1704,6 @@ module Aws::AccessAnalyzer
2001
1704
  #
2002
1705
  # [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html
2003
1706
  #
2004
- # @note When making an API call, you may pass KmsGrantConfiguration
2005
- # data as a hash:
2006
- #
2007
- # {
2008
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
2009
- # grantee_principal: "GranteePrincipal", # required
2010
- # retiring_principal: "RetiringPrincipal",
2011
- # constraints: {
2012
- # encryption_context_equals: {
2013
- # "KmsConstraintsKey" => "KmsConstraintsValue",
2014
- # },
2015
- # encryption_context_subset: {
2016
- # "KmsConstraintsKey" => "KmsConstraintsValue",
2017
- # },
2018
- # },
2019
- # issuing_account: "IssuingAccount", # required
2020
- # }
2021
- #
2022
1707
  # @!attribute [rw] operations
2023
1708
  # A list of operations that the grant permits.
2024
1709
  # @return [Array<String>]
@@ -2078,18 +1763,6 @@ module Aws::AccessAnalyzer
2078
1763
  # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
2079
1764
  # [3]: https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html
2080
1765
  #
2081
- # @note When making an API call, you may pass KmsGrantConstraints
2082
- # data as a hash:
2083
- #
2084
- # {
2085
- # encryption_context_equals: {
2086
- # "KmsConstraintsKey" => "KmsConstraintsValue",
2087
- # },
2088
- # encryption_context_subset: {
2089
- # "KmsConstraintsKey" => "KmsConstraintsValue",
2090
- # },
2091
- # }
2092
- #
2093
1766
  # @!attribute [rw] encryption_context_equals
2094
1767
  # A list of key-value pairs that must match the encryption context in
2095
1768
  # the [cryptographic operation][1] request. The grant allows the
@@ -2140,31 +1813,6 @@ module Aws::AccessAnalyzer
2140
1813
  # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
2141
1814
  # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html
2142
1815
  #
2143
- # @note When making an API call, you may pass KmsKeyConfiguration
2144
- # data as a hash:
2145
- #
2146
- # {
2147
- # key_policies: {
2148
- # "PolicyName" => "KmsKeyPolicy",
2149
- # },
2150
- # grants: [
2151
- # {
2152
- # operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
2153
- # grantee_principal: "GranteePrincipal", # required
2154
- # retiring_principal: "RetiringPrincipal",
2155
- # constraints: {
2156
- # encryption_context_equals: {
2157
- # "KmsConstraintsKey" => "KmsConstraintsValue",
2158
- # },
2159
- # encryption_context_subset: {
2160
- # "KmsConstraintsKey" => "KmsConstraintsValue",
2161
- # },
2162
- # },
2163
- # issuing_account: "IssuingAccount", # required
2164
- # },
2165
- # ],
2166
- # }
2167
- #
2168
1816
  # @!attribute [rw] key_policies
2169
1817
  # Resource policy configuration for the KMS key. The only valid value
2170
1818
  # for the name of the key policy is `default`. For more information,
@@ -2192,24 +1840,6 @@ module Aws::AccessAnalyzer
2192
1840
  include Aws::Structure
2193
1841
  end
2194
1842
 
2195
- # @note When making an API call, you may pass ListAccessPreviewFindingsRequest
2196
- # data as a hash:
2197
- #
2198
- # {
2199
- # access_preview_id: "AccessPreviewId", # required
2200
- # analyzer_arn: "AnalyzerArn", # required
2201
- # filter: {
2202
- # "String" => {
2203
- # eq: ["String"],
2204
- # neq: ["String"],
2205
- # contains: ["String"],
2206
- # exists: false,
2207
- # },
2208
- # },
2209
- # next_token: "Token",
2210
- # max_results: 1,
2211
- # }
2212
- #
2213
1843
  # @!attribute [rw] access_preview_id
2214
1844
  # The unique ID for the access preview.
2215
1845
  # @return [String]
@@ -2264,15 +1894,6 @@ module Aws::AccessAnalyzer
2264
1894
  include Aws::Structure
2265
1895
  end
2266
1896
 
2267
- # @note When making an API call, you may pass ListAccessPreviewsRequest
2268
- # data as a hash:
2269
- #
2270
- # {
2271
- # analyzer_arn: "AnalyzerArn", # required
2272
- # next_token: "Token",
2273
- # max_results: 1,
2274
- # }
2275
- #
2276
1897
  # @!attribute [rw] analyzer_arn
2277
1898
  # The [ARN of the analyzer][1] used to generate the access preview.
2278
1899
  #
@@ -2318,16 +1939,6 @@ module Aws::AccessAnalyzer
2318
1939
 
2319
1940
  # Retrieves a list of resources that have been analyzed.
2320
1941
  #
2321
- # @note When making an API call, you may pass ListAnalyzedResourcesRequest
2322
- # data as a hash:
2323
- #
2324
- # {
2325
- # analyzer_arn: "AnalyzerArn", # required
2326
- # resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic
2327
- # next_token: "Token",
2328
- # max_results: 1,
2329
- # }
2330
- #
2331
1942
  # @!attribute [rw] analyzer_arn
2332
1943
  # The [ARN of the analyzer][1] to retrieve a list of analyzed
2333
1944
  # resources from.
@@ -2381,15 +1992,6 @@ module Aws::AccessAnalyzer
2381
1992
 
2382
1993
  # Retrieves a list of analyzers.
2383
1994
  #
2384
- # @note When making an API call, you may pass ListAnalyzersRequest
2385
- # data as a hash:
2386
- #
2387
- # {
2388
- # next_token: "Token",
2389
- # max_results: 1,
2390
- # type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
2391
- # }
2392
- #
2393
1995
  # @!attribute [rw] next_token
2394
1996
  # A token used for pagination of results returned.
2395
1997
  # @return [String]
@@ -2433,15 +2035,6 @@ module Aws::AccessAnalyzer
2433
2035
 
2434
2036
  # Retrieves a list of archive rules created for the specified analyzer.
2435
2037
  #
2436
- # @note When making an API call, you may pass ListArchiveRulesRequest
2437
- # data as a hash:
2438
- #
2439
- # {
2440
- # analyzer_name: "Name", # required
2441
- # next_token: "Token",
2442
- # max_results: 1,
2443
- # }
2444
- #
2445
2038
  # @!attribute [rw] analyzer_name
2446
2039
  # The name of the analyzer to retrieve rules from.
2447
2040
  # @return [String]
@@ -2485,27 +2078,6 @@ module Aws::AccessAnalyzer
2485
2078
 
2486
2079
  # Retrieves a list of findings generated by the specified analyzer.
2487
2080
  #
2488
- # @note When making an API call, you may pass ListFindingsRequest
2489
- # data as a hash:
2490
- #
2491
- # {
2492
- # analyzer_arn: "AnalyzerArn", # required
2493
- # filter: {
2494
- # "String" => {
2495
- # eq: ["String"],
2496
- # neq: ["String"],
2497
- # contains: ["String"],
2498
- # exists: false,
2499
- # },
2500
- # },
2501
- # sort: {
2502
- # attribute_name: "String",
2503
- # order_by: "ASC", # accepts ASC, DESC
2504
- # },
2505
- # next_token: "Token",
2506
- # max_results: 1,
2507
- # }
2508
- #
2509
2081
  # @!attribute [rw] analyzer_arn
2510
2082
  # The [ARN of the analyzer][1] to retrieve findings from.
2511
2083
  #
@@ -2562,15 +2134,6 @@ module Aws::AccessAnalyzer
2562
2134
  include Aws::Structure
2563
2135
  end
2564
2136
 
2565
- # @note When making an API call, you may pass ListPolicyGenerationsRequest
2566
- # data as a hash:
2567
- #
2568
- # {
2569
- # principal_arn: "PrincipalArn",
2570
- # max_results: 1,
2571
- # next_token: "Token",
2572
- # }
2573
- #
2574
2137
  # @!attribute [rw] principal_arn
2575
2138
  # The ARN of the IAM entity (user or role) for which you are
2576
2139
  # generating a policy. Use this with `ListGeneratedPolicies` to filter
@@ -2615,13 +2178,6 @@ module Aws::AccessAnalyzer
2615
2178
 
2616
2179
  # Retrieves a list of tags applied to the specified resource.
2617
2180
  #
2618
- # @note When making an API call, you may pass ListTagsForResourceRequest
2619
- # data as a hash:
2620
- #
2621
- # {
2622
- # resource_arn: "String", # required
2623
- # }
2624
- #
2625
2181
  # @!attribute [rw] resource_arn
2626
2182
  # The ARN of the resource to retrieve tags from.
2627
2183
  # @return [String]
@@ -2680,10 +2236,6 @@ module Aws::AccessAnalyzer
2680
2236
  #
2681
2237
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
2682
2238
  #
2683
- # @note NetworkOriginConfiguration is a union - when making an API calls you must set exactly one of the members.
2684
- #
2685
- # @note NetworkOriginConfiguration is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of NetworkOriginConfiguration corresponding to the set member.
2686
- #
2687
2239
  # @!attribute [rw] vpc_configuration
2688
2240
  # The proposed virtual private cloud (VPC) configuration for the
2689
2241
  # Amazon S3 access point. VPC configuration does not apply to
@@ -2718,8 +2270,6 @@ module Aws::AccessAnalyzer
2718
2270
  # A single element in a path through the JSON representation of a
2719
2271
  # policy.
2720
2272
  #
2721
- # @note PathElement is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of PathElement corresponding to the set member.
2722
- #
2723
2273
  # @!attribute [rw] index
2724
2274
  # Refers to an index in a JSON array.
2725
2275
  # @return [Integer]
@@ -2796,13 +2346,6 @@ module Aws::AccessAnalyzer
2796
2346
  # Contains the ARN details about the IAM entity for which the policy is
2797
2347
  # generated.
2798
2348
  #
2799
- # @note When making an API call, you may pass PolicyGenerationDetails
2800
- # data as a hash:
2801
- #
2802
- # {
2803
- # principal_arn: "PrincipalArn", # required
2804
- # }
2805
- #
2806
2349
  # @!attribute [rw] principal_arn
2807
2350
  # The ARN of the IAM entity (user or role) for which you are
2808
2351
  # generating a policy.
@@ -2843,10 +2386,6 @@ module Aws::AccessAnalyzer
2843
2386
 
2844
2387
  # The values for a manual Amazon RDS DB cluster snapshot attribute.
2845
2388
  #
2846
- # @note RdsDbClusterSnapshotAttributeValue is a union - when making an API calls you must set exactly one of the members.
2847
- #
2848
- # @note RdsDbClusterSnapshotAttributeValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of RdsDbClusterSnapshotAttributeValue corresponding to the set member.
2849
- #
2850
2389
  # @!attribute [rw] account_ids
2851
2390
  # The Amazon Web Services account IDs that have access to the manual
2852
2391
  # Amazon RDS DB cluster snapshot. If the value `all` is specified,
@@ -2892,18 +2431,6 @@ module Aws::AccessAnalyzer
2892
2431
  #
2893
2432
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html
2894
2433
  #
2895
- # @note When making an API call, you may pass RdsDbClusterSnapshotConfiguration
2896
- # data as a hash:
2897
- #
2898
- # {
2899
- # attributes: {
2900
- # "RdsDbClusterSnapshotAttributeName" => {
2901
- # account_ids: ["RdsDbClusterSnapshotAccountId"],
2902
- # },
2903
- # },
2904
- # kms_key_id: "RdsDbClusterSnapshotKmsKeyId",
2905
- # }
2906
- #
2907
2434
  # @!attribute [rw] attributes
2908
2435
  # The names and values of manual DB cluster snapshot attributes.
2909
2436
  # Manual DB cluster snapshot attributes are used to authorize other
@@ -2940,10 +2467,6 @@ module Aws::AccessAnalyzer
2940
2467
  # Manual DB snapshot attributes are used to authorize other Amazon Web
2941
2468
  # Services accounts to restore a manual DB snapshot.
2942
2469
  #
2943
- # @note RdsDbSnapshotAttributeValue is a union - when making an API calls you must set exactly one of the members.
2944
- #
2945
- # @note RdsDbSnapshotAttributeValue is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of RdsDbSnapshotAttributeValue corresponding to the set member.
2946
- #
2947
2470
  # @!attribute [rw] account_ids
2948
2471
  # The Amazon Web Services account IDs that have access to the manual
2949
2472
  # Amazon RDS DB snapshot. If the value `all` is specified, then the
@@ -2988,18 +2511,6 @@ module Aws::AccessAnalyzer
2988
2511
  #
2989
2512
  # [1]: https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html
2990
2513
  #
2991
- # @note When making an API call, you may pass RdsDbSnapshotConfiguration
2992
- # data as a hash:
2993
- #
2994
- # {
2995
- # attributes: {
2996
- # "RdsDbSnapshotAttributeName" => {
2997
- # account_ids: ["RdsDbSnapshotAccountId"],
2998
- # },
2999
- # },
3000
- # kms_key_id: "RdsDbSnapshotKmsKeyId",
3001
- # }
3002
- #
3003
2514
  # @!attribute [rw] attributes
3004
2515
  # The names and values of manual DB snapshot attributes. Manual DB
3005
2516
  # snapshot attributes are used to authorize other Amazon Web Services
@@ -3070,24 +2581,6 @@ module Aws::AccessAnalyzer
3070
2581
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
3071
2582
  # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html
3072
2583
  #
3073
- # @note When making an API call, you may pass S3AccessPointConfiguration
3074
- # data as a hash:
3075
- #
3076
- # {
3077
- # access_point_policy: "AccessPointPolicy",
3078
- # public_access_block: {
3079
- # ignore_public_acls: false, # required
3080
- # restrict_public_buckets: false, # required
3081
- # },
3082
- # network_origin: {
3083
- # vpc_configuration: {
3084
- # vpc_id: "VpcId", # required
3085
- # },
3086
- # internet_configuration: {
3087
- # },
3088
- # },
3089
- # }
3090
- #
3091
2584
  # @!attribute [rw] access_point_policy
3092
2585
  # The access point or multi-region access point policy.
3093
2586
  # @return [String]
@@ -3124,17 +2617,6 @@ module Aws::AccessAnalyzer
3124
2617
  #
3125
2618
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#setting-acls
3126
2619
  #
3127
- # @note When making an API call, you may pass S3BucketAclGrantConfiguration
3128
- # data as a hash:
3129
- #
3130
- # {
3131
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
3132
- # grantee: { # required
3133
- # id: "AclCanonicalId",
3134
- # uri: "AclUri",
3135
- # },
3136
- # }
3137
- #
3138
2620
  # @!attribute [rw] permission
3139
2621
  # The permissions being granted.
3140
2622
  # @return [String]
@@ -3170,42 +2652,6 @@ module Aws::AccessAnalyzer
3170
2652
  #
3171
2653
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
3172
2654
  #
3173
- # @note When making an API call, you may pass S3BucketConfiguration
3174
- # data as a hash:
3175
- #
3176
- # {
3177
- # bucket_policy: "S3BucketPolicy",
3178
- # bucket_acl_grants: [
3179
- # {
3180
- # permission: "READ", # required, accepts READ, WRITE, READ_ACP, WRITE_ACP, FULL_CONTROL
3181
- # grantee: { # required
3182
- # id: "AclCanonicalId",
3183
- # uri: "AclUri",
3184
- # },
3185
- # },
3186
- # ],
3187
- # bucket_public_access_block: {
3188
- # ignore_public_acls: false, # required
3189
- # restrict_public_buckets: false, # required
3190
- # },
3191
- # access_points: {
3192
- # "AccessPointArn" => {
3193
- # access_point_policy: "AccessPointPolicy",
3194
- # public_access_block: {
3195
- # ignore_public_acls: false, # required
3196
- # restrict_public_buckets: false, # required
3197
- # },
3198
- # network_origin: {
3199
- # vpc_configuration: {
3200
- # vpc_id: "VpcId", # required
3201
- # },
3202
- # internet_configuration: {
3203
- # },
3204
- # },
3205
- # },
3206
- # },
3207
- # }
3208
- #
3209
2655
  # @!attribute [rw] bucket_policy
3210
2656
  # The proposed bucket policy for the Amazon S3 bucket.
3211
2657
  # @return [String]
@@ -3255,14 +2701,6 @@ module Aws::AccessAnalyzer
3255
2701
  #
3256
2702
  # [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html
3257
2703
  #
3258
- # @note When making an API call, you may pass S3PublicAccessBlockConfiguration
3259
- # data as a hash:
3260
- #
3261
- # {
3262
- # ignore_public_acls: false, # required
3263
- # restrict_public_buckets: false, # required
3264
- # }
3265
- #
3266
2704
  # @!attribute [rw] ignore_public_acls
3267
2705
  # Specifies whether Amazon S3 should ignore public ACLs for this
3268
2706
  # bucket and objects in this bucket.
@@ -3305,14 +2743,6 @@ module Aws::AccessAnalyzer
3305
2743
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html
3306
2744
  # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html
3307
2745
  #
3308
- # @note When making an API call, you may pass SecretsManagerSecretConfiguration
3309
- # data as a hash:
3310
- #
3311
- # {
3312
- # kms_key_id: "SecretsManagerSecretKmsId",
3313
- # secret_policy: "SecretsManagerSecretPolicy",
3314
- # }
3315
- #
3316
2746
  # @!attribute [rw] kms_key_id
3317
2747
  # The proposed ARN, key ID, or alias of the KMS key.
3318
2748
  # @return [String]
@@ -3370,13 +2800,6 @@ module Aws::AccessAnalyzer
3370
2800
  #
3371
2801
  # [1]: https://docs.aws.amazon.com/sns/latest/api/API_Topic.html
3372
2802
  #
3373
- # @note When making an API call, you may pass SnsTopicConfiguration
3374
- # data as a hash:
3375
- #
3376
- # {
3377
- # topic_policy: "SnsTopicPolicy",
3378
- # }
3379
- #
3380
2803
  # @!attribute [rw] topic_policy
3381
2804
  # The JSON policy text that defines who can access an Amazon SNS
3382
2805
  # topic. For more information, see [Example cases for Amazon SNS
@@ -3397,14 +2820,6 @@ module Aws::AccessAnalyzer
3397
2820
 
3398
2821
  # The criteria used to sort.
3399
2822
  #
3400
- # @note When making an API call, you may pass SortCriteria
3401
- # data as a hash:
3402
- #
3403
- # {
3404
- # attribute_name: "String",
3405
- # order_by: "ASC", # accepts ASC, DESC
3406
- # }
3407
- #
3408
2823
  # @!attribute [rw] attribute_name
3409
2824
  # The name of the attribute to sort on.
3410
2825
  # @return [String]
@@ -3458,13 +2873,6 @@ module Aws::AccessAnalyzer
3458
2873
  #
3459
2874
  # [1]: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-policies.html
3460
2875
  #
3461
- # @note When making an API call, you may pass SqsQueueConfiguration
3462
- # data as a hash:
3463
- #
3464
- # {
3465
- # queue_policy: "SqsQueuePolicy",
3466
- # }
3467
- #
3468
2876
  # @!attribute [rw] queue_policy
3469
2877
  # The proposed resource policy for the Amazon SQS queue.
3470
2878
  # @return [String]
@@ -3477,28 +2885,6 @@ module Aws::AccessAnalyzer
3477
2885
  include Aws::Structure
3478
2886
  end
3479
2887
 
3480
- # @note When making an API call, you may pass StartPolicyGenerationRequest
3481
- # data as a hash:
3482
- #
3483
- # {
3484
- # policy_generation_details: { # required
3485
- # principal_arn: "PrincipalArn", # required
3486
- # },
3487
- # cloud_trail_details: {
3488
- # trails: [ # required
3489
- # {
3490
- # cloud_trail_arn: "CloudTrailArn", # required
3491
- # regions: ["String"],
3492
- # all_regions: false,
3493
- # },
3494
- # ],
3495
- # access_role: "RoleArn", # required
3496
- # start_time: Time.now, # required
3497
- # end_time: Time.now,
3498
- # },
3499
- # client_token: "String",
3500
- # }
3501
- #
3502
2888
  # @!attribute [rw] policy_generation_details
3503
2889
  # Contains the ARN of the IAM entity (user or role) for which you are
3504
2890
  # generating a policy.
@@ -3551,15 +2937,6 @@ module Aws::AccessAnalyzer
3551
2937
 
3552
2938
  # Starts a scan of the policies applied to the specified resource.
3553
2939
  #
3554
- # @note When making an API call, you may pass StartResourceScanRequest
3555
- # data as a hash:
3556
- #
3557
- # {
3558
- # analyzer_arn: "AnalyzerArn", # required
3559
- # resource_arn: "ResourceArn", # required
3560
- # resource_owner_account: "String",
3561
- # }
3562
- #
3563
2940
  # @!attribute [rw] analyzer_arn
3564
2941
  # The [ARN of the analyzer][1] to use to scan the policies applied to
3565
2942
  # the specified resource.
@@ -3628,16 +3005,6 @@ module Aws::AccessAnalyzer
3628
3005
 
3629
3006
  # Adds a tag to the specified resource.
3630
3007
  #
3631
- # @note When making an API call, you may pass TagResourceRequest
3632
- # data as a hash:
3633
- #
3634
- # {
3635
- # resource_arn: "String", # required
3636
- # tags: { # required
3637
- # "String" => "String",
3638
- # },
3639
- # }
3640
- #
3641
3008
  # @!attribute [rw] resource_arn
3642
3009
  # The ARN of the resource to add the tag to.
3643
3010
  # @return [String]
@@ -3682,15 +3049,6 @@ module Aws::AccessAnalyzer
3682
3049
  # Contains details about the CloudTrail trail being analyzed to generate
3683
3050
  # a policy.
3684
3051
  #
3685
- # @note When making an API call, you may pass Trail
3686
- # data as a hash:
3687
- #
3688
- # {
3689
- # cloud_trail_arn: "CloudTrailArn", # required
3690
- # regions: ["String"],
3691
- # all_regions: false,
3692
- # }
3693
- #
3694
3052
  # @!attribute [rw] cloud_trail_arn
3695
3053
  # Specifies the ARN of the trail. The format of a trail ARN is
3696
3054
  # `arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail`.
@@ -3748,14 +3106,6 @@ module Aws::AccessAnalyzer
3748
3106
 
3749
3107
  # Removes a tag from the specified resource.
3750
3108
  #
3751
- # @note When making an API call, you may pass UntagResourceRequest
3752
- # data as a hash:
3753
- #
3754
- # {
3755
- # resource_arn: "String", # required
3756
- # tag_keys: ["String"], # required
3757
- # }
3758
- #
3759
3109
  # @!attribute [rw] resource_arn
3760
3110
  # The ARN of the resource to remove the tag from.
3761
3111
  # @return [String]
@@ -3781,23 +3131,6 @@ module Aws::AccessAnalyzer
3781
3131
 
3782
3132
  # Updates the specified archive rule.
3783
3133
  #
3784
- # @note When making an API call, you may pass UpdateArchiveRuleRequest
3785
- # data as a hash:
3786
- #
3787
- # {
3788
- # analyzer_name: "Name", # required
3789
- # rule_name: "Name", # required
3790
- # filter: { # required
3791
- # "String" => {
3792
- # eq: ["String"],
3793
- # neq: ["String"],
3794
- # contains: ["String"],
3795
- # exists: false,
3796
- # },
3797
- # },
3798
- # client_token: "String",
3799
- # }
3800
- #
3801
3134
  # @!attribute [rw] analyzer_name
3802
3135
  # The name of the analyzer to update the archive rules for.
3803
3136
  # @return [String]
@@ -3831,17 +3164,6 @@ module Aws::AccessAnalyzer
3831
3164
 
3832
3165
  # Updates findings with the new values provided in the request.
3833
3166
  #
3834
- # @note When making an API call, you may pass UpdateFindingsRequest
3835
- # data as a hash:
3836
- #
3837
- # {
3838
- # analyzer_arn: "AnalyzerArn", # required
3839
- # status: "ACTIVE", # required, accepts ACTIVE, ARCHIVED
3840
- # ids: ["FindingId"],
3841
- # resource_arn: "ResourceArn",
3842
- # client_token: "String",
3843
- # }
3844
- #
3845
3167
  # @!attribute [rw] analyzer_arn
3846
3168
  # The [ARN of the analyzer][1] that generated the findings to update.
3847
3169
  #
@@ -3934,18 +3256,6 @@ module Aws::AccessAnalyzer
3934
3256
  include Aws::Structure
3935
3257
  end
3936
3258
 
3937
- # @note When making an API call, you may pass ValidatePolicyRequest
3938
- # data as a hash:
3939
- #
3940
- # {
3941
- # locale: "DE", # accepts DE, EN, ES, FR, IT, JA, KO, PT_BR, ZH_CN, ZH_TW
3942
- # max_results: 1,
3943
- # next_token: "Token",
3944
- # policy_document: "PolicyDocument", # required
3945
- # policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
3946
- # validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
3947
- # }
3948
- #
3949
3259
  # @!attribute [rw] locale
3950
3260
  # The locale to use for localizing the findings.
3951
3261
  # @return [String]
@@ -4072,13 +3382,6 @@ module Aws::AccessAnalyzer
4072
3382
  #
4073
3383
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html
4074
3384
  #
4075
- # @note When making an API call, you may pass VpcConfiguration
4076
- # data as a hash:
4077
- #
4078
- # {
4079
- # vpc_id: "VpcId", # required
4080
- # }
4081
- #
4082
3385
  # @!attribute [rw] vpc_id
4083
3386
  # If this field is specified, this access point will only allow
4084
3387
  # connections from the specified VPC ID.