aws-sdk-accessanalyzer 1.41.0 → 1.43.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +315 -13
- data/lib/aws-sdk-accessanalyzer/client_api.rb +240 -0
- data/lib/aws-sdk-accessanalyzer/endpoint_provider.rb +2 -2
- data/lib/aws-sdk-accessanalyzer/endpoints.rb +56 -0
- data/lib/aws-sdk-accessanalyzer/errors.rb +36 -0
- data/lib/aws-sdk-accessanalyzer/plugins/endpoints.rb +8 -0
- data/lib/aws-sdk-accessanalyzer/types.rb +687 -12
- data/lib/aws-sdk-accessanalyzer.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d8b47cfae651b3a9b193e49c16aa44cbfcbe875662a38a45fa48fa26e4edd422
|
4
|
+
data.tar.gz: 33c9d5eaadb1afcda0f5d8506a8826c6c58af9d6155a9fb7d88f62cbae0db965
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ce91c46bf6efb30b58534e145ff01ea523d5709e133cefecec11ad5919c4eb532fe5c98391145c29c0658a09a181f5db446c2a6a81607db45d0608f024d2a697
|
7
|
+
data.tar.gz: '095cdb0877a4251d3e359d966da143c59c368f075cf857032a435f23974bb2dac6ac9a2b930b14934685667a366f5d4666d393a8af08fc84186fabc249134c3e'
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,16 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.43.0 (2023-11-27)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - IAM Access Analyzer now continuously monitors IAM roles and users in your AWS account or organization to generate findings for unused access. Additionally, IAM Access Analyzer now provides custom policy checks to validate that IAM policies adhere to your security standards ahead of deployments.
|
8
|
+
|
9
|
+
1.42.0 (2023-11-22)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
13
|
+
|
4
14
|
1.41.0 (2023-09-27)
|
5
15
|
------------------
|
6
16
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.43.0
|
@@ -447,6 +447,125 @@ module Aws::AccessAnalyzer
|
|
447
447
|
req.send_request(options)
|
448
448
|
end
|
449
449
|
|
450
|
+
# Checks whether the specified access isn't allowed by a policy.
|
451
|
+
#
|
452
|
+
# @option params [required, String] :policy_document
|
453
|
+
# The JSON policy document to use as the content for the policy.
|
454
|
+
#
|
455
|
+
# @option params [required, Array<Types::Access>] :access
|
456
|
+
# An access object containing the permissions that shouldn't be granted
|
457
|
+
# by the specified policy.
|
458
|
+
#
|
459
|
+
# @option params [required, String] :policy_type
|
460
|
+
# The type of policy. Identity policies grant permissions to IAM
|
461
|
+
# principals. Identity policies include managed and inline policies for
|
462
|
+
# IAM roles, users, and groups.
|
463
|
+
#
|
464
|
+
# Resource policies grant permissions on Amazon Web Services resources.
|
465
|
+
# Resource policies include trust policies for IAM roles and bucket
|
466
|
+
# policies for Amazon S3 buckets. You can provide a generic input such
|
467
|
+
# as identity policy or resource policy or a specific input such as
|
468
|
+
# managed policy or Amazon S3 bucket policy.
|
469
|
+
#
|
470
|
+
# @return [Types::CheckAccessNotGrantedResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
471
|
+
#
|
472
|
+
# * {Types::CheckAccessNotGrantedResponse#result #result} => String
|
473
|
+
# * {Types::CheckAccessNotGrantedResponse#message #message} => String
|
474
|
+
# * {Types::CheckAccessNotGrantedResponse#reasons #reasons} => Array<Types::ReasonSummary>
|
475
|
+
#
|
476
|
+
# @example Request syntax with placeholder values
|
477
|
+
#
|
478
|
+
# resp = client.check_access_not_granted({
|
479
|
+
# policy_document: "AccessCheckPolicyDocument", # required
|
480
|
+
# access: [ # required
|
481
|
+
# {
|
482
|
+
# actions: ["Action"], # required
|
483
|
+
# },
|
484
|
+
# ],
|
485
|
+
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY
|
486
|
+
# })
|
487
|
+
#
|
488
|
+
# @example Response structure
|
489
|
+
#
|
490
|
+
# resp.result #=> String, one of "PASS", "FAIL"
|
491
|
+
# resp.message #=> String
|
492
|
+
# resp.reasons #=> Array
|
493
|
+
# resp.reasons[0].description #=> String
|
494
|
+
# resp.reasons[0].statement_index #=> Integer
|
495
|
+
# resp.reasons[0].statement_id #=> String
|
496
|
+
#
|
497
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CheckAccessNotGranted AWS API Documentation
|
498
|
+
#
|
499
|
+
# @overload check_access_not_granted(params = {})
|
500
|
+
# @param [Hash] params ({})
|
501
|
+
def check_access_not_granted(params = {}, options = {})
|
502
|
+
req = build_request(:check_access_not_granted, params)
|
503
|
+
req.send_request(options)
|
504
|
+
end
|
505
|
+
|
506
|
+
# Checks whether new access is allowed for an updated policy when
|
507
|
+
# compared to the existing policy.
|
508
|
+
#
|
509
|
+
# You can find examples for reference policies and learn how to set up
|
510
|
+
# and run a custom policy check for new access in the [IAM Access
|
511
|
+
# Analyzer custom policy checks samples][1] repository on GitHub. The
|
512
|
+
# reference policies in this repository are meant to be passed to the
|
513
|
+
# `existingPolicyDocument` request parameter.
|
514
|
+
#
|
515
|
+
#
|
516
|
+
#
|
517
|
+
# [1]: https://github.com/aws-samples/iam-access-analyzer-custom-policy-check-samples
|
518
|
+
#
|
519
|
+
# @option params [required, String] :new_policy_document
|
520
|
+
# The JSON policy document to use as the content for the updated policy.
|
521
|
+
#
|
522
|
+
# @option params [required, String] :existing_policy_document
|
523
|
+
# The JSON policy document to use as the content for the existing
|
524
|
+
# policy.
|
525
|
+
#
|
526
|
+
# @option params [required, String] :policy_type
|
527
|
+
# The type of policy to compare. Identity policies grant permissions to
|
528
|
+
# IAM principals. Identity policies include managed and inline policies
|
529
|
+
# for IAM roles, users, and groups.
|
530
|
+
#
|
531
|
+
# Resource policies grant permissions on Amazon Web Services resources.
|
532
|
+
# Resource policies include trust policies for IAM roles and bucket
|
533
|
+
# policies for Amazon S3 buckets. You can provide a generic input such
|
534
|
+
# as identity policy or resource policy or a specific input such as
|
535
|
+
# managed policy or Amazon S3 bucket policy.
|
536
|
+
#
|
537
|
+
# @return [Types::CheckNoNewAccessResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
538
|
+
#
|
539
|
+
# * {Types::CheckNoNewAccessResponse#result #result} => String
|
540
|
+
# * {Types::CheckNoNewAccessResponse#message #message} => String
|
541
|
+
# * {Types::CheckNoNewAccessResponse#reasons #reasons} => Array<Types::ReasonSummary>
|
542
|
+
#
|
543
|
+
# @example Request syntax with placeholder values
|
544
|
+
#
|
545
|
+
# resp = client.check_no_new_access({
|
546
|
+
# new_policy_document: "AccessCheckPolicyDocument", # required
|
547
|
+
# existing_policy_document: "AccessCheckPolicyDocument", # required
|
548
|
+
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY
|
549
|
+
# })
|
550
|
+
#
|
551
|
+
# @example Response structure
|
552
|
+
#
|
553
|
+
# resp.result #=> String, one of "PASS", "FAIL"
|
554
|
+
# resp.message #=> String
|
555
|
+
# resp.reasons #=> Array
|
556
|
+
# resp.reasons[0].description #=> String
|
557
|
+
# resp.reasons[0].statement_index #=> Integer
|
558
|
+
# resp.reasons[0].statement_id #=> String
|
559
|
+
#
|
560
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CheckNoNewAccess AWS API Documentation
|
561
|
+
#
|
562
|
+
# @overload check_no_new_access(params = {})
|
563
|
+
# @param [Hash] params ({})
|
564
|
+
def check_no_new_access(params = {}, options = {})
|
565
|
+
req = build_request(:check_no_new_access, params)
|
566
|
+
req.send_request(options)
|
567
|
+
end
|
568
|
+
|
450
569
|
# Creates an access preview that allows you to preview IAM Access
|
451
570
|
# Analyzer findings for your resource before deploying resource
|
452
571
|
# permissions.
|
@@ -600,10 +719,10 @@ module Aws::AccessAnalyzer
|
|
600
719
|
# The name of the analyzer to create.
|
601
720
|
#
|
602
721
|
# @option params [required, String] :type
|
603
|
-
# The type of analyzer to create. Only ACCOUNT
|
604
|
-
#
|
605
|
-
#
|
606
|
-
# Region.
|
722
|
+
# The type of analyzer to create. Only `ACCOUNT`, `ORGANIZATION`,
|
723
|
+
# `ACCOUNT_UNUSED_ACCESS`, and `ORGANIZTAION_UNUSED_ACCESS` analyzers
|
724
|
+
# are supported. You can create only one analyzer per account per
|
725
|
+
# Region. You can create up to 5 analyzers per organization per Region.
|
607
726
|
#
|
608
727
|
# @option params [Array<Types::InlineArchiveRule>] :archive_rules
|
609
728
|
# Specifies the archive rules to add for the analyzer. Archive rules
|
@@ -611,7 +730,7 @@ module Aws::AccessAnalyzer
|
|
611
730
|
# the rule.
|
612
731
|
#
|
613
732
|
# @option params [Hash<String,String>] :tags
|
614
|
-
#
|
733
|
+
# An array of key-value pairs to apply to the analyzer.
|
615
734
|
#
|
616
735
|
# @option params [String] :client_token
|
617
736
|
# A client token.
|
@@ -619,6 +738,12 @@ module Aws::AccessAnalyzer
|
|
619
738
|
# **A suitable default value is auto-generated.** You should normally
|
620
739
|
# not need to pass this option.**
|
621
740
|
#
|
741
|
+
# @option params [Types::AnalyzerConfiguration] :configuration
|
742
|
+
# Specifies the configuration of the analyzer. If the analyzer is an
|
743
|
+
# unused access analyzer, the specified scope of unused access is used
|
744
|
+
# for the configuration. If the analyzer is an external access analyzer,
|
745
|
+
# this field is not used.
|
746
|
+
#
|
622
747
|
# @return [Types::CreateAnalyzerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
623
748
|
#
|
624
749
|
# * {Types::CreateAnalyzerResponse#arn #arn} => String
|
@@ -627,7 +752,7 @@ module Aws::AccessAnalyzer
|
|
627
752
|
#
|
628
753
|
# resp = client.create_analyzer({
|
629
754
|
# analyzer_name: "Name", # required
|
630
|
-
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
|
755
|
+
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, ORGANIZATION_UNUSED_ACCESS
|
631
756
|
# archive_rules: [
|
632
757
|
# {
|
633
758
|
# rule_name: "Name", # required
|
@@ -645,6 +770,11 @@ module Aws::AccessAnalyzer
|
|
645
770
|
# "String" => "String",
|
646
771
|
# },
|
647
772
|
# client_token: "String",
|
773
|
+
# configuration: {
|
774
|
+
# unused_access: {
|
775
|
+
# unused_access_age: 1,
|
776
|
+
# },
|
777
|
+
# },
|
648
778
|
# })
|
649
779
|
#
|
650
780
|
# @example Response structure
|
@@ -932,7 +1062,7 @@ module Aws::AccessAnalyzer
|
|
932
1062
|
#
|
933
1063
|
# resp.analyzer.arn #=> String
|
934
1064
|
# resp.analyzer.name #=> String
|
935
|
-
# resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION"
|
1065
|
+
# resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION", "ACCOUNT_UNUSED_ACCESS", "ORGANIZATION_UNUSED_ACCESS"
|
936
1066
|
# resp.analyzer.created_at #=> Time
|
937
1067
|
# resp.analyzer.last_resource_analyzed #=> String
|
938
1068
|
# resp.analyzer.last_resource_analyzed_at #=> Time
|
@@ -940,6 +1070,7 @@ module Aws::AccessAnalyzer
|
|
940
1070
|
# resp.analyzer.tags["String"] #=> String
|
941
1071
|
# resp.analyzer.status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
942
1072
|
# resp.analyzer.status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
1073
|
+
# resp.analyzer.configuration.unused_access.unused_access_age #=> Integer
|
943
1074
|
#
|
944
1075
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzer AWS API Documentation
|
945
1076
|
#
|
@@ -1054,6 +1185,94 @@ module Aws::AccessAnalyzer
|
|
1054
1185
|
req.send_request(options)
|
1055
1186
|
end
|
1056
1187
|
|
1188
|
+
# Retrieves information about the specified finding.
|
1189
|
+
#
|
1190
|
+
# @option params [required, String] :analyzer_arn
|
1191
|
+
# The [ARN of the analyzer][1] that generated the finding.
|
1192
|
+
#
|
1193
|
+
#
|
1194
|
+
#
|
1195
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1196
|
+
#
|
1197
|
+
# @option params [required, String] :id
|
1198
|
+
# The ID of the finding to retrieve.
|
1199
|
+
#
|
1200
|
+
# @option params [Integer] :max_results
|
1201
|
+
# The maximum number of results to return in the response.
|
1202
|
+
#
|
1203
|
+
# @option params [String] :next_token
|
1204
|
+
# A token used for pagination of results returned.
|
1205
|
+
#
|
1206
|
+
# @return [Types::GetFindingV2Response] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1207
|
+
#
|
1208
|
+
# * {Types::GetFindingV2Response#analyzed_at #analyzed_at} => Time
|
1209
|
+
# * {Types::GetFindingV2Response#created_at #created_at} => Time
|
1210
|
+
# * {Types::GetFindingV2Response#error #error} => String
|
1211
|
+
# * {Types::GetFindingV2Response#id #id} => String
|
1212
|
+
# * {Types::GetFindingV2Response#next_token #next_token} => String
|
1213
|
+
# * {Types::GetFindingV2Response#resource #resource} => String
|
1214
|
+
# * {Types::GetFindingV2Response#resource_type #resource_type} => String
|
1215
|
+
# * {Types::GetFindingV2Response#resource_owner_account #resource_owner_account} => String
|
1216
|
+
# * {Types::GetFindingV2Response#status #status} => String
|
1217
|
+
# * {Types::GetFindingV2Response#updated_at #updated_at} => Time
|
1218
|
+
# * {Types::GetFindingV2Response#finding_details #finding_details} => Array<Types::FindingDetails>
|
1219
|
+
# * {Types::GetFindingV2Response#finding_type #finding_type} => String
|
1220
|
+
#
|
1221
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
1222
|
+
#
|
1223
|
+
# @example Request syntax with placeholder values
|
1224
|
+
#
|
1225
|
+
# resp = client.get_finding_v2({
|
1226
|
+
# analyzer_arn: "AnalyzerArn", # required
|
1227
|
+
# id: "FindingId", # required
|
1228
|
+
# max_results: 1,
|
1229
|
+
# next_token: "Token",
|
1230
|
+
# })
|
1231
|
+
#
|
1232
|
+
# @example Response structure
|
1233
|
+
#
|
1234
|
+
# resp.analyzed_at #=> Time
|
1235
|
+
# resp.created_at #=> Time
|
1236
|
+
# resp.error #=> String
|
1237
|
+
# resp.id #=> String
|
1238
|
+
# resp.next_token #=> String
|
1239
|
+
# resp.resource #=> String
|
1240
|
+
# resp.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic"
|
1241
|
+
# resp.resource_owner_account #=> String
|
1242
|
+
# resp.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
1243
|
+
# resp.updated_at #=> Time
|
1244
|
+
# resp.finding_details #=> Array
|
1245
|
+
# resp.finding_details[0].external_access_details.action #=> Array
|
1246
|
+
# resp.finding_details[0].external_access_details.action[0] #=> String
|
1247
|
+
# resp.finding_details[0].external_access_details.condition #=> Hash
|
1248
|
+
# resp.finding_details[0].external_access_details.condition["String"] #=> String
|
1249
|
+
# resp.finding_details[0].external_access_details.is_public #=> Boolean
|
1250
|
+
# resp.finding_details[0].external_access_details.principal #=> Hash
|
1251
|
+
# resp.finding_details[0].external_access_details.principal["String"] #=> String
|
1252
|
+
# resp.finding_details[0].external_access_details.sources #=> Array
|
1253
|
+
# resp.finding_details[0].external_access_details.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT", "S3_ACCESS_POINT_ACCOUNT"
|
1254
|
+
# resp.finding_details[0].external_access_details.sources[0].detail.access_point_arn #=> String
|
1255
|
+
# resp.finding_details[0].external_access_details.sources[0].detail.access_point_account #=> String
|
1256
|
+
# resp.finding_details[0].unused_permission_details.actions #=> Array
|
1257
|
+
# resp.finding_details[0].unused_permission_details.actions[0].action #=> String
|
1258
|
+
# resp.finding_details[0].unused_permission_details.actions[0].last_accessed #=> Time
|
1259
|
+
# resp.finding_details[0].unused_permission_details.service_namespace #=> String
|
1260
|
+
# resp.finding_details[0].unused_permission_details.last_accessed #=> Time
|
1261
|
+
# resp.finding_details[0].unused_iam_user_access_key_details.access_key_id #=> String
|
1262
|
+
# resp.finding_details[0].unused_iam_user_access_key_details.last_accessed #=> Time
|
1263
|
+
# resp.finding_details[0].unused_iam_role_details.last_accessed #=> Time
|
1264
|
+
# resp.finding_details[0].unused_iam_user_password_details.last_accessed #=> Time
|
1265
|
+
# resp.finding_type #=> String, one of "ExternalAccess", "UnusedIAMRole", "UnusedIAMUserAccessKey", "UnusedIAMUserPassword", "UnusedPermission"
|
1266
|
+
#
|
1267
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFindingV2 AWS API Documentation
|
1268
|
+
#
|
1269
|
+
# @overload get_finding_v2(params = {})
|
1270
|
+
# @param [Hash] params ({})
|
1271
|
+
def get_finding_v2(params = {}, options = {})
|
1272
|
+
req = build_request(:get_finding_v2, params)
|
1273
|
+
req.send_request(options)
|
1274
|
+
end
|
1275
|
+
|
1057
1276
|
# Retrieves the policy that was generated using `StartPolicyGeneration`.
|
1058
1277
|
#
|
1059
1278
|
# @option params [required, String] :job_id
|
@@ -1327,7 +1546,7 @@ module Aws::AccessAnalyzer
|
|
1327
1546
|
# resp = client.list_analyzers({
|
1328
1547
|
# next_token: "Token",
|
1329
1548
|
# max_results: 1,
|
1330
|
-
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
|
1549
|
+
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, ORGANIZATION_UNUSED_ACCESS
|
1331
1550
|
# })
|
1332
1551
|
#
|
1333
1552
|
# @example Response structure
|
@@ -1335,7 +1554,7 @@ module Aws::AccessAnalyzer
|
|
1335
1554
|
# resp.analyzers #=> Array
|
1336
1555
|
# resp.analyzers[0].arn #=> String
|
1337
1556
|
# resp.analyzers[0].name #=> String
|
1338
|
-
# resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION"
|
1557
|
+
# resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ACCOUNT_UNUSED_ACCESS", "ORGANIZATION_UNUSED_ACCESS"
|
1339
1558
|
# resp.analyzers[0].created_at #=> Time
|
1340
1559
|
# resp.analyzers[0].last_resource_analyzed #=> String
|
1341
1560
|
# resp.analyzers[0].last_resource_analyzed_at #=> Time
|
@@ -1343,6 +1562,7 @@ module Aws::AccessAnalyzer
|
|
1343
1562
|
# resp.analyzers[0].tags["String"] #=> String
|
1344
1563
|
# resp.analyzers[0].status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
|
1345
1564
|
# resp.analyzers[0].status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
|
1565
|
+
# resp.analyzers[0].configuration.unused_access.unused_access_age #=> Integer
|
1346
1566
|
# resp.next_token #=> String
|
1347
1567
|
#
|
1348
1568
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers AWS API Documentation
|
@@ -1495,6 +1715,86 @@ module Aws::AccessAnalyzer
|
|
1495
1715
|
req.send_request(options)
|
1496
1716
|
end
|
1497
1717
|
|
1718
|
+
# Retrieves a list of findings generated by the specified analyzer.
|
1719
|
+
#
|
1720
|
+
# To learn about filter keys that you can use to retrieve a list of
|
1721
|
+
# findings, see [IAM Access Analyzer filter keys][1] in the **IAM User
|
1722
|
+
# Guide**.
|
1723
|
+
#
|
1724
|
+
#
|
1725
|
+
#
|
1726
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
|
1727
|
+
#
|
1728
|
+
# @option params [required, String] :analyzer_arn
|
1729
|
+
# The [ARN of the analyzer][1] to retrieve findings from.
|
1730
|
+
#
|
1731
|
+
#
|
1732
|
+
#
|
1733
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1734
|
+
#
|
1735
|
+
# @option params [Hash<String,Types::Criterion>] :filter
|
1736
|
+
# A filter to match for the findings to return.
|
1737
|
+
#
|
1738
|
+
# @option params [Integer] :max_results
|
1739
|
+
# The maximum number of results to return in the response.
|
1740
|
+
#
|
1741
|
+
# @option params [String] :next_token
|
1742
|
+
# A token used for pagination of results returned.
|
1743
|
+
#
|
1744
|
+
# @option params [Types::SortCriteria] :sort
|
1745
|
+
# The criteria used to sort.
|
1746
|
+
#
|
1747
|
+
# @return [Types::ListFindingsV2Response] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1748
|
+
#
|
1749
|
+
# * {Types::ListFindingsV2Response#findings #findings} => Array<Types::FindingSummaryV2>
|
1750
|
+
# * {Types::ListFindingsV2Response#next_token #next_token} => String
|
1751
|
+
#
|
1752
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
1753
|
+
#
|
1754
|
+
# @example Request syntax with placeholder values
|
1755
|
+
#
|
1756
|
+
# resp = client.list_findings_v2({
|
1757
|
+
# analyzer_arn: "AnalyzerArn", # required
|
1758
|
+
# filter: {
|
1759
|
+
# "String" => {
|
1760
|
+
# eq: ["String"],
|
1761
|
+
# neq: ["String"],
|
1762
|
+
# contains: ["String"],
|
1763
|
+
# exists: false,
|
1764
|
+
# },
|
1765
|
+
# },
|
1766
|
+
# max_results: 1,
|
1767
|
+
# next_token: "Token",
|
1768
|
+
# sort: {
|
1769
|
+
# attribute_name: "String",
|
1770
|
+
# order_by: "ASC", # accepts ASC, DESC
|
1771
|
+
# },
|
1772
|
+
# })
|
1773
|
+
#
|
1774
|
+
# @example Response structure
|
1775
|
+
#
|
1776
|
+
# resp.findings #=> Array
|
1777
|
+
# resp.findings[0].analyzed_at #=> Time
|
1778
|
+
# resp.findings[0].created_at #=> Time
|
1779
|
+
# resp.findings[0].error #=> String
|
1780
|
+
# resp.findings[0].id #=> String
|
1781
|
+
# resp.findings[0].resource #=> String
|
1782
|
+
# resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic"
|
1783
|
+
# resp.findings[0].resource_owner_account #=> String
|
1784
|
+
# resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
1785
|
+
# resp.findings[0].updated_at #=> Time
|
1786
|
+
# resp.findings[0].finding_type #=> String, one of "ExternalAccess", "UnusedIAMRole", "UnusedIAMUserAccessKey", "UnusedIAMUserPassword", "UnusedPermission"
|
1787
|
+
# resp.next_token #=> String
|
1788
|
+
#
|
1789
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindingsV2 AWS API Documentation
|
1790
|
+
#
|
1791
|
+
# @overload list_findings_v2(params = {})
|
1792
|
+
# @param [Hash] params ({})
|
1793
|
+
def list_findings_v2(params = {}, options = {})
|
1794
|
+
req = build_request(:list_findings_v2, params)
|
1795
|
+
req.send_request(options)
|
1796
|
+
end
|
1797
|
+
|
1498
1798
|
# Lists all of the policy generations requested in the last seven days.
|
1499
1799
|
#
|
1500
1800
|
# @option params [String] :principal_arn
|
@@ -1837,9 +2137,7 @@ module Aws::AccessAnalyzer
|
|
1837
2137
|
# @option params [required, String] :policy_type
|
1838
2138
|
# The type of policy to validate. Identity policies grant permissions to
|
1839
2139
|
# IAM principals. Identity policies include managed and inline policies
|
1840
|
-
# for IAM roles, users, and groups.
|
1841
|
-
# policies (SCPs) that are attached to an Amazon Web Services
|
1842
|
-
# organization, organizational unit (OU), or an account.
|
2140
|
+
# for IAM roles, users, and groups.
|
1843
2141
|
#
|
1844
2142
|
# Resource policies grant permissions on Amazon Web Services resources.
|
1845
2143
|
# Resource policies include trust policies for IAM roles and bucket
|
@@ -1847,6 +2145,10 @@ module Aws::AccessAnalyzer
|
|
1847
2145
|
# as identity policy or resource policy or a specific input such as
|
1848
2146
|
# managed policy or Amazon S3 bucket policy.
|
1849
2147
|
#
|
2148
|
+
# Service control policies (SCPs) are a type of organization policy
|
2149
|
+
# attached to an Amazon Web Services organization, organizational unit
|
2150
|
+
# (OU), or an account.
|
2151
|
+
#
|
1850
2152
|
# @option params [String] :validate_policy_resource_type
|
1851
2153
|
# The type of resource to attach to your resource policy. Specify a
|
1852
2154
|
# value for the policy validation resource type only if the policy type
|
@@ -1922,7 +2224,7 @@ module Aws::AccessAnalyzer
|
|
1922
2224
|
params: params,
|
1923
2225
|
config: config)
|
1924
2226
|
context[:gem_name] = 'aws-sdk-accessanalyzer'
|
1925
|
-
context[:gem_version] = '1.
|
2227
|
+
context[:gem_version] = '1.43.0'
|
1926
2228
|
Seahorse::Client::Request.new(handlers, context)
|
1927
2229
|
end
|
1928
2230
|
|