aws-sdk-accessanalyzer 1.42.0 → 1.43.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2f30d95b90e8ef9014b96c9869ab1d511cb8b6c487d46f780fef7dc34bb3e50f
4
- data.tar.gz: 89dc3309457d4f7407d590cd169c2ba26f9c8229806206186a12d5fd1d33dfff
3
+ metadata.gz: d8b47cfae651b3a9b193e49c16aa44cbfcbe875662a38a45fa48fa26e4edd422
4
+ data.tar.gz: 33c9d5eaadb1afcda0f5d8506a8826c6c58af9d6155a9fb7d88f62cbae0db965
5
5
  SHA512:
6
- metadata.gz: 5d9489449a3a8e2c7c749afeaa32d68d593f56e062a546d800d79d4fdf3b230e8d4a7bb4e697364e03853e4ef43850e34960214e184001e03e043cbde81f76ce
7
- data.tar.gz: 57d08e9cdd7048653e9ce1f1a3c1bec1bcf95dd72d727e5251721897a8a2a73e660c58019d12af1239f860095bfa70c8adcda828a79f3811c1dadba12c25d14b
6
+ metadata.gz: ce91c46bf6efb30b58534e145ff01ea523d5709e133cefecec11ad5919c4eb532fe5c98391145c29c0658a09a181f5db446c2a6a81607db45d0608f024d2a697
7
+ data.tar.gz: '095cdb0877a4251d3e359d966da143c59c368f075cf857032a435f23974bb2dac6ac9a2b930b14934685667a366f5d4666d393a8af08fc84186fabc249134c3e'
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.43.0 (2023-11-27)
5
+ ------------------
6
+
7
+ * Feature - IAM Access Analyzer now continuously monitors IAM roles and users in your AWS account or organization to generate findings for unused access. Additionally, IAM Access Analyzer now provides custom policy checks to validate that IAM policies adhere to your security standards ahead of deployments.
8
+
4
9
  1.42.0 (2023-11-22)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.42.0
1
+ 1.43.0
@@ -447,6 +447,125 @@ module Aws::AccessAnalyzer
447
447
  req.send_request(options)
448
448
  end
449
449
 
450
+ # Checks whether the specified access isn't allowed by a policy.
451
+ #
452
+ # @option params [required, String] :policy_document
453
+ # The JSON policy document to use as the content for the policy.
454
+ #
455
+ # @option params [required, Array<Types::Access>] :access
456
+ # An access object containing the permissions that shouldn't be granted
457
+ # by the specified policy.
458
+ #
459
+ # @option params [required, String] :policy_type
460
+ # The type of policy. Identity policies grant permissions to IAM
461
+ # principals. Identity policies include managed and inline policies for
462
+ # IAM roles, users, and groups.
463
+ #
464
+ # Resource policies grant permissions on Amazon Web Services resources.
465
+ # Resource policies include trust policies for IAM roles and bucket
466
+ # policies for Amazon S3 buckets. You can provide a generic input such
467
+ # as identity policy or resource policy or a specific input such as
468
+ # managed policy or Amazon S3 bucket policy.
469
+ #
470
+ # @return [Types::CheckAccessNotGrantedResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
471
+ #
472
+ # * {Types::CheckAccessNotGrantedResponse#result #result} => String
473
+ # * {Types::CheckAccessNotGrantedResponse#message #message} => String
474
+ # * {Types::CheckAccessNotGrantedResponse#reasons #reasons} => Array&lt;Types::ReasonSummary&gt;
475
+ #
476
+ # @example Request syntax with placeholder values
477
+ #
478
+ # resp = client.check_access_not_granted({
479
+ # policy_document: "AccessCheckPolicyDocument", # required
480
+ # access: [ # required
481
+ # {
482
+ # actions: ["Action"], # required
483
+ # },
484
+ # ],
485
+ # policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY
486
+ # })
487
+ #
488
+ # @example Response structure
489
+ #
490
+ # resp.result #=> String, one of "PASS", "FAIL"
491
+ # resp.message #=> String
492
+ # resp.reasons #=> Array
493
+ # resp.reasons[0].description #=> String
494
+ # resp.reasons[0].statement_index #=> Integer
495
+ # resp.reasons[0].statement_id #=> String
496
+ #
497
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CheckAccessNotGranted AWS API Documentation
498
+ #
499
+ # @overload check_access_not_granted(params = {})
500
+ # @param [Hash] params ({})
501
+ def check_access_not_granted(params = {}, options = {})
502
+ req = build_request(:check_access_not_granted, params)
503
+ req.send_request(options)
504
+ end
505
+
506
+ # Checks whether new access is allowed for an updated policy when
507
+ # compared to the existing policy.
508
+ #
509
+ # You can find examples for reference policies and learn how to set up
510
+ # and run a custom policy check for new access in the [IAM Access
511
+ # Analyzer custom policy checks samples][1] repository on GitHub. The
512
+ # reference policies in this repository are meant to be passed to the
513
+ # `existingPolicyDocument` request parameter.
514
+ #
515
+ #
516
+ #
517
+ # [1]: https://github.com/aws-samples/iam-access-analyzer-custom-policy-check-samples
518
+ #
519
+ # @option params [required, String] :new_policy_document
520
+ # The JSON policy document to use as the content for the updated policy.
521
+ #
522
+ # @option params [required, String] :existing_policy_document
523
+ # The JSON policy document to use as the content for the existing
524
+ # policy.
525
+ #
526
+ # @option params [required, String] :policy_type
527
+ # The type of policy to compare. Identity policies grant permissions to
528
+ # IAM principals. Identity policies include managed and inline policies
529
+ # for IAM roles, users, and groups.
530
+ #
531
+ # Resource policies grant permissions on Amazon Web Services resources.
532
+ # Resource policies include trust policies for IAM roles and bucket
533
+ # policies for Amazon S3 buckets. You can provide a generic input such
534
+ # as identity policy or resource policy or a specific input such as
535
+ # managed policy or Amazon S3 bucket policy.
536
+ #
537
+ # @return [Types::CheckNoNewAccessResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
538
+ #
539
+ # * {Types::CheckNoNewAccessResponse#result #result} => String
540
+ # * {Types::CheckNoNewAccessResponse#message #message} => String
541
+ # * {Types::CheckNoNewAccessResponse#reasons #reasons} => Array&lt;Types::ReasonSummary&gt;
542
+ #
543
+ # @example Request syntax with placeholder values
544
+ #
545
+ # resp = client.check_no_new_access({
546
+ # new_policy_document: "AccessCheckPolicyDocument", # required
547
+ # existing_policy_document: "AccessCheckPolicyDocument", # required
548
+ # policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY
549
+ # })
550
+ #
551
+ # @example Response structure
552
+ #
553
+ # resp.result #=> String, one of "PASS", "FAIL"
554
+ # resp.message #=> String
555
+ # resp.reasons #=> Array
556
+ # resp.reasons[0].description #=> String
557
+ # resp.reasons[0].statement_index #=> Integer
558
+ # resp.reasons[0].statement_id #=> String
559
+ #
560
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CheckNoNewAccess AWS API Documentation
561
+ #
562
+ # @overload check_no_new_access(params = {})
563
+ # @param [Hash] params ({})
564
+ def check_no_new_access(params = {}, options = {})
565
+ req = build_request(:check_no_new_access, params)
566
+ req.send_request(options)
567
+ end
568
+
450
569
  # Creates an access preview that allows you to preview IAM Access
451
570
  # Analyzer findings for your resource before deploying resource
452
571
  # permissions.
@@ -600,10 +719,10 @@ module Aws::AccessAnalyzer
600
719
  # The name of the analyzer to create.
601
720
  #
602
721
  # @option params [required, String] :type
603
- # The type of analyzer to create. Only ACCOUNT and ORGANIZATION
604
- # analyzers are supported. You can create only one analyzer per account
605
- # per Region. You can create up to 5 analyzers per organization per
606
- # Region.
722
+ # The type of analyzer to create. Only `ACCOUNT`, `ORGANIZATION`,
723
+ # `ACCOUNT_UNUSED_ACCESS`, and `ORGANIZTAION_UNUSED_ACCESS` analyzers
724
+ # are supported. You can create only one analyzer per account per
725
+ # Region. You can create up to 5 analyzers per organization per Region.
607
726
  #
608
727
  # @option params [Array<Types::InlineArchiveRule>] :archive_rules
609
728
  # Specifies the archive rules to add for the analyzer. Archive rules
@@ -611,7 +730,7 @@ module Aws::AccessAnalyzer
611
730
  # the rule.
612
731
  #
613
732
  # @option params [Hash<String,String>] :tags
614
- # The tags to apply to the analyzer.
733
+ # An array of key-value pairs to apply to the analyzer.
615
734
  #
616
735
  # @option params [String] :client_token
617
736
  # A client token.
@@ -619,6 +738,12 @@ module Aws::AccessAnalyzer
619
738
  # **A suitable default value is auto-generated.** You should normally
620
739
  # not need to pass this option.**
621
740
  #
741
+ # @option params [Types::AnalyzerConfiguration] :configuration
742
+ # Specifies the configuration of the analyzer. If the analyzer is an
743
+ # unused access analyzer, the specified scope of unused access is used
744
+ # for the configuration. If the analyzer is an external access analyzer,
745
+ # this field is not used.
746
+ #
622
747
  # @return [Types::CreateAnalyzerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
623
748
  #
624
749
  # * {Types::CreateAnalyzerResponse#arn #arn} => String
@@ -627,7 +752,7 @@ module Aws::AccessAnalyzer
627
752
  #
628
753
  # resp = client.create_analyzer({
629
754
  # analyzer_name: "Name", # required
630
- # type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION
755
+ # type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, ORGANIZATION_UNUSED_ACCESS
631
756
  # archive_rules: [
632
757
  # {
633
758
  # rule_name: "Name", # required
@@ -645,6 +770,11 @@ module Aws::AccessAnalyzer
645
770
  # "String" => "String",
646
771
  # },
647
772
  # client_token: "String",
773
+ # configuration: {
774
+ # unused_access: {
775
+ # unused_access_age: 1,
776
+ # },
777
+ # },
648
778
  # })
649
779
  #
650
780
  # @example Response structure
@@ -932,7 +1062,7 @@ module Aws::AccessAnalyzer
932
1062
  #
933
1063
  # resp.analyzer.arn #=> String
934
1064
  # resp.analyzer.name #=> String
935
- # resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION"
1065
+ # resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION", "ACCOUNT_UNUSED_ACCESS", "ORGANIZATION_UNUSED_ACCESS"
936
1066
  # resp.analyzer.created_at #=> Time
937
1067
  # resp.analyzer.last_resource_analyzed #=> String
938
1068
  # resp.analyzer.last_resource_analyzed_at #=> Time
@@ -940,6 +1070,7 @@ module Aws::AccessAnalyzer
940
1070
  # resp.analyzer.tags["String"] #=> String
941
1071
  # resp.analyzer.status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
942
1072
  # resp.analyzer.status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
1073
+ # resp.analyzer.configuration.unused_access.unused_access_age #=> Integer
943
1074
  #
944
1075
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzer AWS API Documentation
945
1076
  #
@@ -1054,6 +1185,94 @@ module Aws::AccessAnalyzer
1054
1185
  req.send_request(options)
1055
1186
  end
1056
1187
 
1188
+ # Retrieves information about the specified finding.
1189
+ #
1190
+ # @option params [required, String] :analyzer_arn
1191
+ # The [ARN of the analyzer][1] that generated the finding.
1192
+ #
1193
+ #
1194
+ #
1195
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
1196
+ #
1197
+ # @option params [required, String] :id
1198
+ # The ID of the finding to retrieve.
1199
+ #
1200
+ # @option params [Integer] :max_results
1201
+ # The maximum number of results to return in the response.
1202
+ #
1203
+ # @option params [String] :next_token
1204
+ # A token used for pagination of results returned.
1205
+ #
1206
+ # @return [Types::GetFindingV2Response] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1207
+ #
1208
+ # * {Types::GetFindingV2Response#analyzed_at #analyzed_at} => Time
1209
+ # * {Types::GetFindingV2Response#created_at #created_at} => Time
1210
+ # * {Types::GetFindingV2Response#error #error} => String
1211
+ # * {Types::GetFindingV2Response#id #id} => String
1212
+ # * {Types::GetFindingV2Response#next_token #next_token} => String
1213
+ # * {Types::GetFindingV2Response#resource #resource} => String
1214
+ # * {Types::GetFindingV2Response#resource_type #resource_type} => String
1215
+ # * {Types::GetFindingV2Response#resource_owner_account #resource_owner_account} => String
1216
+ # * {Types::GetFindingV2Response#status #status} => String
1217
+ # * {Types::GetFindingV2Response#updated_at #updated_at} => Time
1218
+ # * {Types::GetFindingV2Response#finding_details #finding_details} => Array&lt;Types::FindingDetails&gt;
1219
+ # * {Types::GetFindingV2Response#finding_type #finding_type} => String
1220
+ #
1221
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1222
+ #
1223
+ # @example Request syntax with placeholder values
1224
+ #
1225
+ # resp = client.get_finding_v2({
1226
+ # analyzer_arn: "AnalyzerArn", # required
1227
+ # id: "FindingId", # required
1228
+ # max_results: 1,
1229
+ # next_token: "Token",
1230
+ # })
1231
+ #
1232
+ # @example Response structure
1233
+ #
1234
+ # resp.analyzed_at #=> Time
1235
+ # resp.created_at #=> Time
1236
+ # resp.error #=> String
1237
+ # resp.id #=> String
1238
+ # resp.next_token #=> String
1239
+ # resp.resource #=> String
1240
+ # resp.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic"
1241
+ # resp.resource_owner_account #=> String
1242
+ # resp.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
1243
+ # resp.updated_at #=> Time
1244
+ # resp.finding_details #=> Array
1245
+ # resp.finding_details[0].external_access_details.action #=> Array
1246
+ # resp.finding_details[0].external_access_details.action[0] #=> String
1247
+ # resp.finding_details[0].external_access_details.condition #=> Hash
1248
+ # resp.finding_details[0].external_access_details.condition["String"] #=> String
1249
+ # resp.finding_details[0].external_access_details.is_public #=> Boolean
1250
+ # resp.finding_details[0].external_access_details.principal #=> Hash
1251
+ # resp.finding_details[0].external_access_details.principal["String"] #=> String
1252
+ # resp.finding_details[0].external_access_details.sources #=> Array
1253
+ # resp.finding_details[0].external_access_details.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT", "S3_ACCESS_POINT_ACCOUNT"
1254
+ # resp.finding_details[0].external_access_details.sources[0].detail.access_point_arn #=> String
1255
+ # resp.finding_details[0].external_access_details.sources[0].detail.access_point_account #=> String
1256
+ # resp.finding_details[0].unused_permission_details.actions #=> Array
1257
+ # resp.finding_details[0].unused_permission_details.actions[0].action #=> String
1258
+ # resp.finding_details[0].unused_permission_details.actions[0].last_accessed #=> Time
1259
+ # resp.finding_details[0].unused_permission_details.service_namespace #=> String
1260
+ # resp.finding_details[0].unused_permission_details.last_accessed #=> Time
1261
+ # resp.finding_details[0].unused_iam_user_access_key_details.access_key_id #=> String
1262
+ # resp.finding_details[0].unused_iam_user_access_key_details.last_accessed #=> Time
1263
+ # resp.finding_details[0].unused_iam_role_details.last_accessed #=> Time
1264
+ # resp.finding_details[0].unused_iam_user_password_details.last_accessed #=> Time
1265
+ # resp.finding_type #=> String, one of "ExternalAccess", "UnusedIAMRole", "UnusedIAMUserAccessKey", "UnusedIAMUserPassword", "UnusedPermission"
1266
+ #
1267
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFindingV2 AWS API Documentation
1268
+ #
1269
+ # @overload get_finding_v2(params = {})
1270
+ # @param [Hash] params ({})
1271
+ def get_finding_v2(params = {}, options = {})
1272
+ req = build_request(:get_finding_v2, params)
1273
+ req.send_request(options)
1274
+ end
1275
+
1057
1276
  # Retrieves the policy that was generated using `StartPolicyGeneration`.
1058
1277
  #
1059
1278
  # @option params [required, String] :job_id
@@ -1327,7 +1546,7 @@ module Aws::AccessAnalyzer
1327
1546
  # resp = client.list_analyzers({
1328
1547
  # next_token: "Token",
1329
1548
  # max_results: 1,
1330
- # type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION
1549
+ # type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, ORGANIZATION_UNUSED_ACCESS
1331
1550
  # })
1332
1551
  #
1333
1552
  # @example Response structure
@@ -1335,7 +1554,7 @@ module Aws::AccessAnalyzer
1335
1554
  # resp.analyzers #=> Array
1336
1555
  # resp.analyzers[0].arn #=> String
1337
1556
  # resp.analyzers[0].name #=> String
1338
- # resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION"
1557
+ # resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ACCOUNT_UNUSED_ACCESS", "ORGANIZATION_UNUSED_ACCESS"
1339
1558
  # resp.analyzers[0].created_at #=> Time
1340
1559
  # resp.analyzers[0].last_resource_analyzed #=> String
1341
1560
  # resp.analyzers[0].last_resource_analyzed_at #=> Time
@@ -1343,6 +1562,7 @@ module Aws::AccessAnalyzer
1343
1562
  # resp.analyzers[0].tags["String"] #=> String
1344
1563
  # resp.analyzers[0].status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
1345
1564
  # resp.analyzers[0].status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
1565
+ # resp.analyzers[0].configuration.unused_access.unused_access_age #=> Integer
1346
1566
  # resp.next_token #=> String
1347
1567
  #
1348
1568
  # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers AWS API Documentation
@@ -1495,6 +1715,86 @@ module Aws::AccessAnalyzer
1495
1715
  req.send_request(options)
1496
1716
  end
1497
1717
 
1718
+ # Retrieves a list of findings generated by the specified analyzer.
1719
+ #
1720
+ # To learn about filter keys that you can use to retrieve a list of
1721
+ # findings, see [IAM Access Analyzer filter keys][1] in the **IAM User
1722
+ # Guide**.
1723
+ #
1724
+ #
1725
+ #
1726
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
1727
+ #
1728
+ # @option params [required, String] :analyzer_arn
1729
+ # The [ARN of the analyzer][1] to retrieve findings from.
1730
+ #
1731
+ #
1732
+ #
1733
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
1734
+ #
1735
+ # @option params [Hash<String,Types::Criterion>] :filter
1736
+ # A filter to match for the findings to return.
1737
+ #
1738
+ # @option params [Integer] :max_results
1739
+ # The maximum number of results to return in the response.
1740
+ #
1741
+ # @option params [String] :next_token
1742
+ # A token used for pagination of results returned.
1743
+ #
1744
+ # @option params [Types::SortCriteria] :sort
1745
+ # The criteria used to sort.
1746
+ #
1747
+ # @return [Types::ListFindingsV2Response] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1748
+ #
1749
+ # * {Types::ListFindingsV2Response#findings #findings} => Array&lt;Types::FindingSummaryV2&gt;
1750
+ # * {Types::ListFindingsV2Response#next_token #next_token} => String
1751
+ #
1752
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1753
+ #
1754
+ # @example Request syntax with placeholder values
1755
+ #
1756
+ # resp = client.list_findings_v2({
1757
+ # analyzer_arn: "AnalyzerArn", # required
1758
+ # filter: {
1759
+ # "String" => {
1760
+ # eq: ["String"],
1761
+ # neq: ["String"],
1762
+ # contains: ["String"],
1763
+ # exists: false,
1764
+ # },
1765
+ # },
1766
+ # max_results: 1,
1767
+ # next_token: "Token",
1768
+ # sort: {
1769
+ # attribute_name: "String",
1770
+ # order_by: "ASC", # accepts ASC, DESC
1771
+ # },
1772
+ # })
1773
+ #
1774
+ # @example Response structure
1775
+ #
1776
+ # resp.findings #=> Array
1777
+ # resp.findings[0].analyzed_at #=> Time
1778
+ # resp.findings[0].created_at #=> Time
1779
+ # resp.findings[0].error #=> String
1780
+ # resp.findings[0].id #=> String
1781
+ # resp.findings[0].resource #=> String
1782
+ # resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic"
1783
+ # resp.findings[0].resource_owner_account #=> String
1784
+ # resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
1785
+ # resp.findings[0].updated_at #=> Time
1786
+ # resp.findings[0].finding_type #=> String, one of "ExternalAccess", "UnusedIAMRole", "UnusedIAMUserAccessKey", "UnusedIAMUserPassword", "UnusedPermission"
1787
+ # resp.next_token #=> String
1788
+ #
1789
+ # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindingsV2 AWS API Documentation
1790
+ #
1791
+ # @overload list_findings_v2(params = {})
1792
+ # @param [Hash] params ({})
1793
+ def list_findings_v2(params = {}, options = {})
1794
+ req = build_request(:list_findings_v2, params)
1795
+ req.send_request(options)
1796
+ end
1797
+
1498
1798
  # Lists all of the policy generations requested in the last seven days.
1499
1799
  #
1500
1800
  # @option params [String] :principal_arn
@@ -1837,9 +2137,7 @@ module Aws::AccessAnalyzer
1837
2137
  # @option params [required, String] :policy_type
1838
2138
  # The type of policy to validate. Identity policies grant permissions to
1839
2139
  # IAM principals. Identity policies include managed and inline policies
1840
- # for IAM roles, users, and groups. They also include service-control
1841
- # policies (SCPs) that are attached to an Amazon Web Services
1842
- # organization, organizational unit (OU), or an account.
2140
+ # for IAM roles, users, and groups.
1843
2141
  #
1844
2142
  # Resource policies grant permissions on Amazon Web Services resources.
1845
2143
  # Resource policies include trust policies for IAM roles and bucket
@@ -1847,6 +2145,10 @@ module Aws::AccessAnalyzer
1847
2145
  # as identity policy or resource policy or a specific input such as
1848
2146
  # managed policy or Amazon S3 bucket policy.
1849
2147
  #
2148
+ # Service control policies (SCPs) are a type of organization policy
2149
+ # attached to an Amazon Web Services organization, organizational unit
2150
+ # (OU), or an account.
2151
+ #
1850
2152
  # @option params [String] :validate_policy_resource_type
1851
2153
  # The type of resource to attach to your resource policy. Specify a
1852
2154
  # value for the policy validation resource type only if the policy type
@@ -1922,7 +2224,7 @@ module Aws::AccessAnalyzer
1922
2224
  params: params,
1923
2225
  config: config)
1924
2226
  context[:gem_name] = 'aws-sdk-accessanalyzer'
1925
- context[:gem_version] = '1.42.0'
2227
+ context[:gem_version] = '1.43.0'
1926
2228
  Seahorse::Client::Request.new(handlers, context)
1927
2229
  end
1928
2230