aws-sdk-accessanalyzer 1.43.0 → 1.45.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-accessanalyzer/client.rb +13 -9
  5. data/lib/aws-sdk-accessanalyzer/client_api.rb +7 -0
  6. data/lib/aws-sdk-accessanalyzer/plugins/endpoints.rb +4 -2
  7. data/lib/aws-sdk-accessanalyzer/types.rb +37 -1
  8. data/lib/aws-sdk-accessanalyzer.rb +1 -1
  9. data/sig/client.rbs +606 -0
  10. data/sig/errors.rbs +53 -0
  11. data/sig/resource.rbs +79 -0
  12. data/sig/types.rbs +1043 -0
  13. data/sig/waiters.rbs +13 -0
  14. metadata +13 -8
data/sig/types.rbs ADDED
@@ -0,0 +1,1043 @@
1
+ # WARNING ABOUT GENERATED CODE
2
+ #
3
+ # This file is generated. See the contributing guide for more information:
4
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
5
+ #
6
+ # WARNING ABOUT GENERATED CODE
7
+
8
+ module Aws::AccessAnalyzer
9
+ module Types
10
+
11
+ class Access
12
+ attr_accessor actions: ::Array[::String]
13
+ SENSITIVE: []
14
+ end
15
+
16
+ class AccessDeniedException
17
+ attr_accessor message: ::String
18
+ SENSITIVE: []
19
+ end
20
+
21
+ class AccessPreview
22
+ attr_accessor id: ::String
23
+ attr_accessor analyzer_arn: ::String
24
+ attr_accessor configurations: ::Hash[::String, Types::Configuration]
25
+ attr_accessor created_at: ::Time
26
+ attr_accessor status: ("COMPLETED" | "CREATING" | "FAILED")
27
+ attr_accessor status_reason: Types::AccessPreviewStatusReason
28
+ SENSITIVE: []
29
+ end
30
+
31
+ class AccessPreviewFinding
32
+ attr_accessor id: ::String
33
+ attr_accessor existing_finding_id: ::String
34
+ attr_accessor existing_finding_status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
35
+ attr_accessor principal: ::Hash[::String, ::String]
36
+ attr_accessor action: ::Array[::String]
37
+ attr_accessor condition: ::Hash[::String, ::String]
38
+ attr_accessor resource: ::String
39
+ attr_accessor is_public: bool
40
+ attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
41
+ attr_accessor created_at: ::Time
42
+ attr_accessor change_type: ("CHANGED" | "NEW" | "UNCHANGED")
43
+ attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
44
+ attr_accessor resource_owner_account: ::String
45
+ attr_accessor error: ::String
46
+ attr_accessor sources: ::Array[Types::FindingSource]
47
+ SENSITIVE: []
48
+ end
49
+
50
+ class AccessPreviewStatusReason
51
+ attr_accessor code: ("INTERNAL_ERROR" | "INVALID_CONFIGURATION")
52
+ SENSITIVE: []
53
+ end
54
+
55
+ class AccessPreviewSummary
56
+ attr_accessor id: ::String
57
+ attr_accessor analyzer_arn: ::String
58
+ attr_accessor created_at: ::Time
59
+ attr_accessor status: ("COMPLETED" | "CREATING" | "FAILED")
60
+ attr_accessor status_reason: Types::AccessPreviewStatusReason
61
+ SENSITIVE: []
62
+ end
63
+
64
+ class AclGrantee
65
+ attr_accessor id: ::String
66
+ attr_accessor uri: ::String
67
+ attr_accessor unknown: untyped
68
+ SENSITIVE: []
69
+
70
+ class Id < AclGrantee
71
+ end
72
+ class Uri < AclGrantee
73
+ end
74
+ class Unknown < AclGrantee
75
+ end
76
+ end
77
+
78
+ class AnalyzedResource
79
+ attr_accessor resource_arn: ::String
80
+ attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
81
+ attr_accessor created_at: ::Time
82
+ attr_accessor analyzed_at: ::Time
83
+ attr_accessor updated_at: ::Time
84
+ attr_accessor is_public: bool
85
+ attr_accessor actions: ::Array[::String]
86
+ attr_accessor shared_via: ::Array[::String]
87
+ attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
88
+ attr_accessor resource_owner_account: ::String
89
+ attr_accessor error: ::String
90
+ SENSITIVE: []
91
+ end
92
+
93
+ class AnalyzedResourceSummary
94
+ attr_accessor resource_arn: ::String
95
+ attr_accessor resource_owner_account: ::String
96
+ attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
97
+ SENSITIVE: []
98
+ end
99
+
100
+ class AnalyzerConfiguration
101
+ attr_accessor unused_access: Types::UnusedAccessConfiguration
102
+ attr_accessor unknown: untyped
103
+ SENSITIVE: []
104
+
105
+ class UnusedAccess < AnalyzerConfiguration
106
+ end
107
+ class Unknown < AnalyzerConfiguration
108
+ end
109
+ end
110
+
111
+ class AnalyzerSummary
112
+ attr_accessor arn: ::String
113
+ attr_accessor name: ::String
114
+ attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS")
115
+ attr_accessor created_at: ::Time
116
+ attr_accessor last_resource_analyzed: ::String
117
+ attr_accessor last_resource_analyzed_at: ::Time
118
+ attr_accessor tags: ::Hash[::String, ::String]
119
+ attr_accessor status: ("ACTIVE" | "CREATING" | "DISABLED" | "FAILED")
120
+ attr_accessor status_reason: Types::StatusReason
121
+ attr_accessor configuration: Types::AnalyzerConfiguration
122
+ SENSITIVE: []
123
+ end
124
+
125
+ class ApplyArchiveRuleRequest
126
+ attr_accessor analyzer_arn: ::String
127
+ attr_accessor rule_name: ::String
128
+ attr_accessor client_token: ::String
129
+ SENSITIVE: []
130
+ end
131
+
132
+ class ArchiveRuleSummary
133
+ attr_accessor rule_name: ::String
134
+ attr_accessor filter: ::Hash[::String, Types::Criterion]
135
+ attr_accessor created_at: ::Time
136
+ attr_accessor updated_at: ::Time
137
+ SENSITIVE: []
138
+ end
139
+
140
+ class CancelPolicyGenerationRequest
141
+ attr_accessor job_id: ::String
142
+ SENSITIVE: []
143
+ end
144
+
145
+ class CancelPolicyGenerationResponse < Aws::EmptyStructure
146
+ end
147
+
148
+ class CheckAccessNotGrantedRequest
149
+ attr_accessor policy_document: ::String
150
+ attr_accessor access: ::Array[Types::Access]
151
+ attr_accessor policy_type: ("IDENTITY_POLICY" | "RESOURCE_POLICY")
152
+ SENSITIVE: [:policy_document]
153
+ end
154
+
155
+ class CheckAccessNotGrantedResponse
156
+ attr_accessor result: ("PASS" | "FAIL")
157
+ attr_accessor message: ::String
158
+ attr_accessor reasons: ::Array[Types::ReasonSummary]
159
+ SENSITIVE: []
160
+ end
161
+
162
+ class CheckNoNewAccessRequest
163
+ attr_accessor new_policy_document: ::String
164
+ attr_accessor existing_policy_document: ::String
165
+ attr_accessor policy_type: ("IDENTITY_POLICY" | "RESOURCE_POLICY")
166
+ SENSITIVE: [:new_policy_document, :existing_policy_document]
167
+ end
168
+
169
+ class CheckNoNewAccessResponse
170
+ attr_accessor result: ("PASS" | "FAIL")
171
+ attr_accessor message: ::String
172
+ attr_accessor reasons: ::Array[Types::ReasonSummary]
173
+ SENSITIVE: []
174
+ end
175
+
176
+ class CloudTrailDetails
177
+ attr_accessor trails: ::Array[Types::Trail]
178
+ attr_accessor access_role: ::String
179
+ attr_accessor start_time: ::Time
180
+ attr_accessor end_time: ::Time
181
+ SENSITIVE: []
182
+ end
183
+
184
+ class CloudTrailProperties
185
+ attr_accessor trail_properties: ::Array[Types::TrailProperties]
186
+ attr_accessor start_time: ::Time
187
+ attr_accessor end_time: ::Time
188
+ SENSITIVE: []
189
+ end
190
+
191
+ class Configuration
192
+ attr_accessor ebs_snapshot: Types::EbsSnapshotConfiguration
193
+ attr_accessor ecr_repository: Types::EcrRepositoryConfiguration
194
+ attr_accessor iam_role: Types::IamRoleConfiguration
195
+ attr_accessor efs_file_system: Types::EfsFileSystemConfiguration
196
+ attr_accessor kms_key: Types::KmsKeyConfiguration
197
+ attr_accessor rds_db_cluster_snapshot: Types::RdsDbClusterSnapshotConfiguration
198
+ attr_accessor rds_db_snapshot: Types::RdsDbSnapshotConfiguration
199
+ attr_accessor secrets_manager_secret: Types::SecretsManagerSecretConfiguration
200
+ attr_accessor s3_bucket: Types::S3BucketConfiguration
201
+ attr_accessor sns_topic: Types::SnsTopicConfiguration
202
+ attr_accessor sqs_queue: Types::SqsQueueConfiguration
203
+ attr_accessor s3_express_directory_bucket: Types::S3ExpressDirectoryBucketConfiguration
204
+ attr_accessor unknown: untyped
205
+ SENSITIVE: []
206
+
207
+ class EbsSnapshot < Configuration
208
+ end
209
+ class EcrRepository < Configuration
210
+ end
211
+ class IamRole < Configuration
212
+ end
213
+ class EfsFileSystem < Configuration
214
+ end
215
+ class KmsKey < Configuration
216
+ end
217
+ class RdsDbClusterSnapshot < Configuration
218
+ end
219
+ class RdsDbSnapshot < Configuration
220
+ end
221
+ class SecretsManagerSecret < Configuration
222
+ end
223
+ class S3Bucket < Configuration
224
+ end
225
+ class SnsTopic < Configuration
226
+ end
227
+ class SqsQueue < Configuration
228
+ end
229
+ class S3ExpressDirectoryBucket < Configuration
230
+ end
231
+ class Unknown < Configuration
232
+ end
233
+ end
234
+
235
+ class ConflictException
236
+ attr_accessor message: ::String
237
+ attr_accessor resource_id: ::String
238
+ attr_accessor resource_type: ::String
239
+ SENSITIVE: []
240
+ end
241
+
242
+ class CreateAccessPreviewRequest
243
+ attr_accessor analyzer_arn: ::String
244
+ attr_accessor configurations: ::Hash[::String, Types::Configuration]
245
+ attr_accessor client_token: ::String
246
+ SENSITIVE: []
247
+ end
248
+
249
+ class CreateAccessPreviewResponse
250
+ attr_accessor id: ::String
251
+ SENSITIVE: []
252
+ end
253
+
254
+ class CreateAnalyzerRequest
255
+ attr_accessor analyzer_name: ::String
256
+ attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS")
257
+ attr_accessor archive_rules: ::Array[Types::InlineArchiveRule]
258
+ attr_accessor tags: ::Hash[::String, ::String]
259
+ attr_accessor client_token: ::String
260
+ attr_accessor configuration: Types::AnalyzerConfiguration
261
+ SENSITIVE: []
262
+ end
263
+
264
+ class CreateAnalyzerResponse
265
+ attr_accessor arn: ::String
266
+ SENSITIVE: []
267
+ end
268
+
269
+ class CreateArchiveRuleRequest
270
+ attr_accessor analyzer_name: ::String
271
+ attr_accessor rule_name: ::String
272
+ attr_accessor filter: ::Hash[::String, Types::Criterion]
273
+ attr_accessor client_token: ::String
274
+ SENSITIVE: []
275
+ end
276
+
277
+ class Criterion
278
+ attr_accessor eq: ::Array[::String]
279
+ attr_accessor neq: ::Array[::String]
280
+ attr_accessor contains: ::Array[::String]
281
+ attr_accessor exists: bool
282
+ SENSITIVE: []
283
+ end
284
+
285
+ class DeleteAnalyzerRequest
286
+ attr_accessor analyzer_name: ::String
287
+ attr_accessor client_token: ::String
288
+ SENSITIVE: []
289
+ end
290
+
291
+ class DeleteArchiveRuleRequest
292
+ attr_accessor analyzer_name: ::String
293
+ attr_accessor rule_name: ::String
294
+ attr_accessor client_token: ::String
295
+ SENSITIVE: []
296
+ end
297
+
298
+ class EbsSnapshotConfiguration
299
+ attr_accessor user_ids: ::Array[::String]
300
+ attr_accessor groups: ::Array[::String]
301
+ attr_accessor kms_key_id: ::String
302
+ SENSITIVE: []
303
+ end
304
+
305
+ class EcrRepositoryConfiguration
306
+ attr_accessor repository_policy: ::String
307
+ SENSITIVE: []
308
+ end
309
+
310
+ class EfsFileSystemConfiguration
311
+ attr_accessor file_system_policy: ::String
312
+ SENSITIVE: []
313
+ end
314
+
315
+ class ExternalAccessDetails
316
+ attr_accessor action: ::Array[::String]
317
+ attr_accessor condition: ::Hash[::String, ::String]
318
+ attr_accessor is_public: bool
319
+ attr_accessor principal: ::Hash[::String, ::String]
320
+ attr_accessor sources: ::Array[Types::FindingSource]
321
+ SENSITIVE: []
322
+ end
323
+
324
+ class Finding
325
+ attr_accessor id: ::String
326
+ attr_accessor principal: ::Hash[::String, ::String]
327
+ attr_accessor action: ::Array[::String]
328
+ attr_accessor resource: ::String
329
+ attr_accessor is_public: bool
330
+ attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
331
+ attr_accessor condition: ::Hash[::String, ::String]
332
+ attr_accessor created_at: ::Time
333
+ attr_accessor analyzed_at: ::Time
334
+ attr_accessor updated_at: ::Time
335
+ attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
336
+ attr_accessor resource_owner_account: ::String
337
+ attr_accessor error: ::String
338
+ attr_accessor sources: ::Array[Types::FindingSource]
339
+ SENSITIVE: []
340
+ end
341
+
342
+ class FindingDetails
343
+ attr_accessor external_access_details: Types::ExternalAccessDetails
344
+ attr_accessor unused_permission_details: Types::UnusedPermissionDetails
345
+ attr_accessor unused_iam_user_access_key_details: Types::UnusedIamUserAccessKeyDetails
346
+ attr_accessor unused_iam_role_details: Types::UnusedIamRoleDetails
347
+ attr_accessor unused_iam_user_password_details: Types::UnusedIamUserPasswordDetails
348
+ attr_accessor unknown: untyped
349
+ SENSITIVE: []
350
+
351
+ class ExternalAccessDetails < FindingDetails
352
+ end
353
+ class UnusedPermissionDetails < FindingDetails
354
+ end
355
+ class UnusedIamUserAccessKeyDetails < FindingDetails
356
+ end
357
+ class UnusedIamRoleDetails < FindingDetails
358
+ end
359
+ class UnusedIamUserPasswordDetails < FindingDetails
360
+ end
361
+ class Unknown < FindingDetails
362
+ end
363
+ end
364
+
365
+ class FindingSource
366
+ attr_accessor type: ("POLICY" | "BUCKET_ACL" | "S3_ACCESS_POINT" | "S3_ACCESS_POINT_ACCOUNT")
367
+ attr_accessor detail: Types::FindingSourceDetail
368
+ SENSITIVE: []
369
+ end
370
+
371
+ class FindingSourceDetail
372
+ attr_accessor access_point_arn: ::String
373
+ attr_accessor access_point_account: ::String
374
+ SENSITIVE: []
375
+ end
376
+
377
+ class FindingSummary
378
+ attr_accessor id: ::String
379
+ attr_accessor principal: ::Hash[::String, ::String]
380
+ attr_accessor action: ::Array[::String]
381
+ attr_accessor resource: ::String
382
+ attr_accessor is_public: bool
383
+ attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
384
+ attr_accessor condition: ::Hash[::String, ::String]
385
+ attr_accessor created_at: ::Time
386
+ attr_accessor analyzed_at: ::Time
387
+ attr_accessor updated_at: ::Time
388
+ attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
389
+ attr_accessor resource_owner_account: ::String
390
+ attr_accessor error: ::String
391
+ attr_accessor sources: ::Array[Types::FindingSource]
392
+ SENSITIVE: []
393
+ end
394
+
395
+ class FindingSummaryV2
396
+ attr_accessor analyzed_at: ::Time
397
+ attr_accessor created_at: ::Time
398
+ attr_accessor error: ::String
399
+ attr_accessor id: ::String
400
+ attr_accessor resource: ::String
401
+ attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
402
+ attr_accessor resource_owner_account: ::String
403
+ attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
404
+ attr_accessor updated_at: ::Time
405
+ attr_accessor finding_type: ("ExternalAccess" | "UnusedIAMRole" | "UnusedIAMUserAccessKey" | "UnusedIAMUserPassword" | "UnusedPermission")
406
+ SENSITIVE: []
407
+ end
408
+
409
+ class GeneratedPolicy
410
+ attr_accessor policy: ::String
411
+ SENSITIVE: []
412
+ end
413
+
414
+ class GeneratedPolicyProperties
415
+ attr_accessor is_complete: bool
416
+ attr_accessor principal_arn: ::String
417
+ attr_accessor cloud_trail_properties: Types::CloudTrailProperties
418
+ SENSITIVE: []
419
+ end
420
+
421
+ class GeneratedPolicyResult
422
+ attr_accessor properties: Types::GeneratedPolicyProperties
423
+ attr_accessor generated_policies: ::Array[Types::GeneratedPolicy]
424
+ SENSITIVE: []
425
+ end
426
+
427
+ class GetAccessPreviewRequest
428
+ attr_accessor access_preview_id: ::String
429
+ attr_accessor analyzer_arn: ::String
430
+ SENSITIVE: []
431
+ end
432
+
433
+ class GetAccessPreviewResponse
434
+ attr_accessor access_preview: Types::AccessPreview
435
+ SENSITIVE: []
436
+ end
437
+
438
+ class GetAnalyzedResourceRequest
439
+ attr_accessor analyzer_arn: ::String
440
+ attr_accessor resource_arn: ::String
441
+ SENSITIVE: []
442
+ end
443
+
444
+ class GetAnalyzedResourceResponse
445
+ attr_accessor resource: Types::AnalyzedResource
446
+ SENSITIVE: []
447
+ end
448
+
449
+ class GetAnalyzerRequest
450
+ attr_accessor analyzer_name: ::String
451
+ SENSITIVE: []
452
+ end
453
+
454
+ class GetAnalyzerResponse
455
+ attr_accessor analyzer: Types::AnalyzerSummary
456
+ SENSITIVE: []
457
+ end
458
+
459
+ class GetArchiveRuleRequest
460
+ attr_accessor analyzer_name: ::String
461
+ attr_accessor rule_name: ::String
462
+ SENSITIVE: []
463
+ end
464
+
465
+ class GetArchiveRuleResponse
466
+ attr_accessor archive_rule: Types::ArchiveRuleSummary
467
+ SENSITIVE: []
468
+ end
469
+
470
+ class GetFindingRequest
471
+ attr_accessor analyzer_arn: ::String
472
+ attr_accessor id: ::String
473
+ SENSITIVE: []
474
+ end
475
+
476
+ class GetFindingResponse
477
+ attr_accessor finding: Types::Finding
478
+ SENSITIVE: []
479
+ end
480
+
481
+ class GetFindingV2Request
482
+ attr_accessor analyzer_arn: ::String
483
+ attr_accessor id: ::String
484
+ attr_accessor max_results: ::Integer
485
+ attr_accessor next_token: ::String
486
+ SENSITIVE: []
487
+ end
488
+
489
+ class GetFindingV2Response
490
+ attr_accessor analyzed_at: ::Time
491
+ attr_accessor created_at: ::Time
492
+ attr_accessor error: ::String
493
+ attr_accessor id: ::String
494
+ attr_accessor next_token: ::String
495
+ attr_accessor resource: ::String
496
+ attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
497
+ attr_accessor resource_owner_account: ::String
498
+ attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
499
+ attr_accessor updated_at: ::Time
500
+ attr_accessor finding_details: ::Array[Types::FindingDetails]
501
+ attr_accessor finding_type: ("ExternalAccess" | "UnusedIAMRole" | "UnusedIAMUserAccessKey" | "UnusedIAMUserPassword" | "UnusedPermission")
502
+ SENSITIVE: []
503
+ end
504
+
505
+ class GetGeneratedPolicyRequest
506
+ attr_accessor job_id: ::String
507
+ attr_accessor include_resource_placeholders: bool
508
+ attr_accessor include_service_level_template: bool
509
+ SENSITIVE: []
510
+ end
511
+
512
+ class GetGeneratedPolicyResponse
513
+ attr_accessor job_details: Types::JobDetails
514
+ attr_accessor generated_policy_result: Types::GeneratedPolicyResult
515
+ SENSITIVE: []
516
+ end
517
+
518
+ class IamRoleConfiguration
519
+ attr_accessor trust_policy: ::String
520
+ SENSITIVE: []
521
+ end
522
+
523
+ class InlineArchiveRule
524
+ attr_accessor rule_name: ::String
525
+ attr_accessor filter: ::Hash[::String, Types::Criterion]
526
+ SENSITIVE: []
527
+ end
528
+
529
+ class InternalServerException
530
+ attr_accessor message: ::String
531
+ attr_accessor retry_after_seconds: ::Integer
532
+ SENSITIVE: []
533
+ end
534
+
535
+ class InternetConfiguration < Aws::EmptyStructure
536
+ end
537
+
538
+ class InvalidParameterException
539
+ attr_accessor message: ::String
540
+ SENSITIVE: []
541
+ end
542
+
543
+ class JobDetails
544
+ attr_accessor job_id: ::String
545
+ attr_accessor status: ("IN_PROGRESS" | "SUCCEEDED" | "FAILED" | "CANCELED")
546
+ attr_accessor started_on: ::Time
547
+ attr_accessor completed_on: ::Time
548
+ attr_accessor job_error: Types::JobError
549
+ SENSITIVE: []
550
+ end
551
+
552
+ class JobError
553
+ attr_accessor code: ("AUTHORIZATION_ERROR" | "RESOURCE_NOT_FOUND_ERROR" | "SERVICE_QUOTA_EXCEEDED_ERROR" | "SERVICE_ERROR")
554
+ attr_accessor message: ::String
555
+ SENSITIVE: []
556
+ end
557
+
558
+ class KmsGrantConfiguration
559
+ attr_accessor operations: ::Array[("CreateGrant" | "Decrypt" | "DescribeKey" | "Encrypt" | "GenerateDataKey" | "GenerateDataKeyPair" | "GenerateDataKeyPairWithoutPlaintext" | "GenerateDataKeyWithoutPlaintext" | "GetPublicKey" | "ReEncryptFrom" | "ReEncryptTo" | "RetireGrant" | "Sign" | "Verify")]
560
+ attr_accessor grantee_principal: ::String
561
+ attr_accessor retiring_principal: ::String
562
+ attr_accessor constraints: Types::KmsGrantConstraints
563
+ attr_accessor issuing_account: ::String
564
+ SENSITIVE: []
565
+ end
566
+
567
+ class KmsGrantConstraints
568
+ attr_accessor encryption_context_equals: ::Hash[::String, ::String]
569
+ attr_accessor encryption_context_subset: ::Hash[::String, ::String]
570
+ SENSITIVE: []
571
+ end
572
+
573
+ class KmsKeyConfiguration
574
+ attr_accessor key_policies: ::Hash[::String, ::String]
575
+ attr_accessor grants: ::Array[Types::KmsGrantConfiguration]
576
+ SENSITIVE: []
577
+ end
578
+
579
+ class ListAccessPreviewFindingsRequest
580
+ attr_accessor access_preview_id: ::String
581
+ attr_accessor analyzer_arn: ::String
582
+ attr_accessor filter: ::Hash[::String, Types::Criterion]
583
+ attr_accessor next_token: ::String
584
+ attr_accessor max_results: ::Integer
585
+ SENSITIVE: []
586
+ end
587
+
588
+ class ListAccessPreviewFindingsResponse
589
+ attr_accessor findings: ::Array[Types::AccessPreviewFinding]
590
+ attr_accessor next_token: ::String
591
+ SENSITIVE: []
592
+ end
593
+
594
+ class ListAccessPreviewsRequest
595
+ attr_accessor analyzer_arn: ::String
596
+ attr_accessor next_token: ::String
597
+ attr_accessor max_results: ::Integer
598
+ SENSITIVE: []
599
+ end
600
+
601
+ class ListAccessPreviewsResponse
602
+ attr_accessor access_previews: ::Array[Types::AccessPreviewSummary]
603
+ attr_accessor next_token: ::String
604
+ SENSITIVE: []
605
+ end
606
+
607
+ class ListAnalyzedResourcesRequest
608
+ attr_accessor analyzer_arn: ::String
609
+ attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
610
+ attr_accessor next_token: ::String
611
+ attr_accessor max_results: ::Integer
612
+ SENSITIVE: []
613
+ end
614
+
615
+ class ListAnalyzedResourcesResponse
616
+ attr_accessor analyzed_resources: ::Array[Types::AnalyzedResourceSummary]
617
+ attr_accessor next_token: ::String
618
+ SENSITIVE: []
619
+ end
620
+
621
+ class ListAnalyzersRequest
622
+ attr_accessor next_token: ::String
623
+ attr_accessor max_results: ::Integer
624
+ attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS")
625
+ SENSITIVE: []
626
+ end
627
+
628
+ class ListAnalyzersResponse
629
+ attr_accessor analyzers: ::Array[Types::AnalyzerSummary]
630
+ attr_accessor next_token: ::String
631
+ SENSITIVE: []
632
+ end
633
+
634
+ class ListArchiveRulesRequest
635
+ attr_accessor analyzer_name: ::String
636
+ attr_accessor next_token: ::String
637
+ attr_accessor max_results: ::Integer
638
+ SENSITIVE: []
639
+ end
640
+
641
+ class ListArchiveRulesResponse
642
+ attr_accessor archive_rules: ::Array[Types::ArchiveRuleSummary]
643
+ attr_accessor next_token: ::String
644
+ SENSITIVE: []
645
+ end
646
+
647
+ class ListFindingsRequest
648
+ attr_accessor analyzer_arn: ::String
649
+ attr_accessor filter: ::Hash[::String, Types::Criterion]
650
+ attr_accessor sort: Types::SortCriteria
651
+ attr_accessor next_token: ::String
652
+ attr_accessor max_results: ::Integer
653
+ SENSITIVE: []
654
+ end
655
+
656
+ class ListFindingsResponse
657
+ attr_accessor findings: ::Array[Types::FindingSummary]
658
+ attr_accessor next_token: ::String
659
+ SENSITIVE: []
660
+ end
661
+
662
+ class ListFindingsV2Request
663
+ attr_accessor analyzer_arn: ::String
664
+ attr_accessor filter: ::Hash[::String, Types::Criterion]
665
+ attr_accessor max_results: ::Integer
666
+ attr_accessor next_token: ::String
667
+ attr_accessor sort: Types::SortCriteria
668
+ SENSITIVE: []
669
+ end
670
+
671
+ class ListFindingsV2Response
672
+ attr_accessor findings: ::Array[Types::FindingSummaryV2]
673
+ attr_accessor next_token: ::String
674
+ SENSITIVE: []
675
+ end
676
+
677
+ class ListPolicyGenerationsRequest
678
+ attr_accessor principal_arn: ::String
679
+ attr_accessor max_results: ::Integer
680
+ attr_accessor next_token: ::String
681
+ SENSITIVE: []
682
+ end
683
+
684
+ class ListPolicyGenerationsResponse
685
+ attr_accessor policy_generations: ::Array[Types::PolicyGeneration]
686
+ attr_accessor next_token: ::String
687
+ SENSITIVE: []
688
+ end
689
+
690
+ class ListTagsForResourceRequest
691
+ attr_accessor resource_arn: ::String
692
+ SENSITIVE: []
693
+ end
694
+
695
+ class ListTagsForResourceResponse
696
+ attr_accessor tags: ::Hash[::String, ::String]
697
+ SENSITIVE: []
698
+ end
699
+
700
+ class Location
701
+ attr_accessor path: ::Array[Types::PathElement]
702
+ attr_accessor span: Types::Span
703
+ SENSITIVE: []
704
+ end
705
+
706
+ class NetworkOriginConfiguration
707
+ attr_accessor vpc_configuration: Types::VpcConfiguration
708
+ attr_accessor internet_configuration: Types::InternetConfiguration
709
+ attr_accessor unknown: untyped
710
+ SENSITIVE: []
711
+
712
+ class VpcConfiguration < NetworkOriginConfiguration
713
+ end
714
+ class InternetConfiguration < NetworkOriginConfiguration
715
+ end
716
+ class Unknown < NetworkOriginConfiguration
717
+ end
718
+ end
719
+
720
+ class PathElement
721
+ attr_accessor index: ::Integer
722
+ attr_accessor key: ::String
723
+ attr_accessor substring: Types::Substring
724
+ attr_accessor value: ::String
725
+ attr_accessor unknown: untyped
726
+ SENSITIVE: []
727
+
728
+ class Index < PathElement
729
+ end
730
+ class Key < PathElement
731
+ end
732
+ class Substring < PathElement
733
+ end
734
+ class Value < PathElement
735
+ end
736
+ class Unknown < PathElement
737
+ end
738
+ end
739
+
740
+ class PolicyGeneration
741
+ attr_accessor job_id: ::String
742
+ attr_accessor principal_arn: ::String
743
+ attr_accessor status: ("IN_PROGRESS" | "SUCCEEDED" | "FAILED" | "CANCELED")
744
+ attr_accessor started_on: ::Time
745
+ attr_accessor completed_on: ::Time
746
+ SENSITIVE: []
747
+ end
748
+
749
+ class PolicyGenerationDetails
750
+ attr_accessor principal_arn: ::String
751
+ SENSITIVE: []
752
+ end
753
+
754
+ class Position
755
+ attr_accessor line: ::Integer
756
+ attr_accessor column: ::Integer
757
+ attr_accessor offset: ::Integer
758
+ SENSITIVE: []
759
+ end
760
+
761
+ class RdsDbClusterSnapshotAttributeValue
762
+ attr_accessor account_ids: ::Array[::String]
763
+ attr_accessor unknown: untyped
764
+ SENSITIVE: []
765
+
766
+ class AccountIds < RdsDbClusterSnapshotAttributeValue
767
+ end
768
+ class Unknown < RdsDbClusterSnapshotAttributeValue
769
+ end
770
+ end
771
+
772
+ class RdsDbClusterSnapshotConfiguration
773
+ attr_accessor attributes: ::Hash[::String, Types::RdsDbClusterSnapshotAttributeValue]
774
+ attr_accessor kms_key_id: ::String
775
+ SENSITIVE: []
776
+ end
777
+
778
+ class RdsDbSnapshotAttributeValue
779
+ attr_accessor account_ids: ::Array[::String]
780
+ attr_accessor unknown: untyped
781
+ SENSITIVE: []
782
+
783
+ class AccountIds < RdsDbSnapshotAttributeValue
784
+ end
785
+ class Unknown < RdsDbSnapshotAttributeValue
786
+ end
787
+ end
788
+
789
+ class RdsDbSnapshotConfiguration
790
+ attr_accessor attributes: ::Hash[::String, Types::RdsDbSnapshotAttributeValue]
791
+ attr_accessor kms_key_id: ::String
792
+ SENSITIVE: []
793
+ end
794
+
795
+ class ReasonSummary
796
+ attr_accessor description: ::String
797
+ attr_accessor statement_index: ::Integer
798
+ attr_accessor statement_id: ::String
799
+ SENSITIVE: []
800
+ end
801
+
802
+ class ResourceNotFoundException
803
+ attr_accessor message: ::String
804
+ attr_accessor resource_id: ::String
805
+ attr_accessor resource_type: ::String
806
+ SENSITIVE: []
807
+ end
808
+
809
+ class S3AccessPointConfiguration
810
+ attr_accessor access_point_policy: ::String
811
+ attr_accessor public_access_block: Types::S3PublicAccessBlockConfiguration
812
+ attr_accessor network_origin: Types::NetworkOriginConfiguration
813
+ SENSITIVE: []
814
+ end
815
+
816
+ class S3BucketAclGrantConfiguration
817
+ attr_accessor permission: ("READ" | "WRITE" | "READ_ACP" | "WRITE_ACP" | "FULL_CONTROL")
818
+ attr_accessor grantee: Types::AclGrantee
819
+ SENSITIVE: []
820
+ end
821
+
822
+ class S3BucketConfiguration
823
+ attr_accessor bucket_policy: ::String
824
+ attr_accessor bucket_acl_grants: ::Array[Types::S3BucketAclGrantConfiguration]
825
+ attr_accessor bucket_public_access_block: Types::S3PublicAccessBlockConfiguration
826
+ attr_accessor access_points: ::Hash[::String, Types::S3AccessPointConfiguration]
827
+ SENSITIVE: []
828
+ end
829
+
830
+ class S3ExpressDirectoryBucketConfiguration
831
+ attr_accessor bucket_policy: ::String
832
+ SENSITIVE: []
833
+ end
834
+
835
+ class S3PublicAccessBlockConfiguration
836
+ attr_accessor ignore_public_acls: bool
837
+ attr_accessor restrict_public_buckets: bool
838
+ SENSITIVE: []
839
+ end
840
+
841
+ class SecretsManagerSecretConfiguration
842
+ attr_accessor kms_key_id: ::String
843
+ attr_accessor secret_policy: ::String
844
+ SENSITIVE: []
845
+ end
846
+
847
+ class ServiceQuotaExceededException
848
+ attr_accessor message: ::String
849
+ attr_accessor resource_id: ::String
850
+ attr_accessor resource_type: ::String
851
+ SENSITIVE: []
852
+ end
853
+
854
+ class SnsTopicConfiguration
855
+ attr_accessor topic_policy: ::String
856
+ SENSITIVE: []
857
+ end
858
+
859
+ class SortCriteria
860
+ attr_accessor attribute_name: ::String
861
+ attr_accessor order_by: ("ASC" | "DESC")
862
+ SENSITIVE: []
863
+ end
864
+
865
+ class Span
866
+ attr_accessor start: Types::Position
867
+ attr_accessor end: Types::Position
868
+ SENSITIVE: []
869
+ end
870
+
871
+ class SqsQueueConfiguration
872
+ attr_accessor queue_policy: ::String
873
+ SENSITIVE: []
874
+ end
875
+
876
+ class StartPolicyGenerationRequest
877
+ attr_accessor policy_generation_details: Types::PolicyGenerationDetails
878
+ attr_accessor cloud_trail_details: Types::CloudTrailDetails
879
+ attr_accessor client_token: ::String
880
+ SENSITIVE: []
881
+ end
882
+
883
+ class StartPolicyGenerationResponse
884
+ attr_accessor job_id: ::String
885
+ SENSITIVE: []
886
+ end
887
+
888
+ class StartResourceScanRequest
889
+ attr_accessor analyzer_arn: ::String
890
+ attr_accessor resource_arn: ::String
891
+ attr_accessor resource_owner_account: ::String
892
+ SENSITIVE: []
893
+ end
894
+
895
+ class StatusReason
896
+ attr_accessor code: ("AWS_SERVICE_ACCESS_DISABLED" | "DELEGATED_ADMINISTRATOR_DEREGISTERED" | "ORGANIZATION_DELETED" | "SERVICE_LINKED_ROLE_CREATION_FAILED")
897
+ SENSITIVE: []
898
+ end
899
+
900
+ class Substring
901
+ attr_accessor start: ::Integer
902
+ attr_accessor length: ::Integer
903
+ SENSITIVE: []
904
+ end
905
+
906
+ class TagResourceRequest
907
+ attr_accessor resource_arn: ::String
908
+ attr_accessor tags: ::Hash[::String, ::String]
909
+ SENSITIVE: []
910
+ end
911
+
912
+ class TagResourceResponse < Aws::EmptyStructure
913
+ end
914
+
915
+ class ThrottlingException
916
+ attr_accessor message: ::String
917
+ attr_accessor retry_after_seconds: ::Integer
918
+ SENSITIVE: []
919
+ end
920
+
921
+ class Trail
922
+ attr_accessor cloud_trail_arn: ::String
923
+ attr_accessor regions: ::Array[::String]
924
+ attr_accessor all_regions: bool
925
+ SENSITIVE: []
926
+ end
927
+
928
+ class TrailProperties
929
+ attr_accessor cloud_trail_arn: ::String
930
+ attr_accessor regions: ::Array[::String]
931
+ attr_accessor all_regions: bool
932
+ SENSITIVE: []
933
+ end
934
+
935
+ class UnprocessableEntityException
936
+ attr_accessor message: ::String
937
+ SENSITIVE: []
938
+ end
939
+
940
+ class UntagResourceRequest
941
+ attr_accessor resource_arn: ::String
942
+ attr_accessor tag_keys: ::Array[::String]
943
+ SENSITIVE: []
944
+ end
945
+
946
+ class UntagResourceResponse < Aws::EmptyStructure
947
+ end
948
+
949
+ class UnusedAccessConfiguration
950
+ attr_accessor unused_access_age: ::Integer
951
+ SENSITIVE: []
952
+ end
953
+
954
+ class UnusedAction
955
+ attr_accessor action: ::String
956
+ attr_accessor last_accessed: ::Time
957
+ SENSITIVE: []
958
+ end
959
+
960
+ class UnusedIamRoleDetails
961
+ attr_accessor last_accessed: ::Time
962
+ SENSITIVE: []
963
+ end
964
+
965
+ class UnusedIamUserAccessKeyDetails
966
+ attr_accessor access_key_id: ::String
967
+ attr_accessor last_accessed: ::Time
968
+ SENSITIVE: []
969
+ end
970
+
971
+ class UnusedIamUserPasswordDetails
972
+ attr_accessor last_accessed: ::Time
973
+ SENSITIVE: []
974
+ end
975
+
976
+ class UnusedPermissionDetails
977
+ attr_accessor actions: ::Array[Types::UnusedAction]
978
+ attr_accessor service_namespace: ::String
979
+ attr_accessor last_accessed: ::Time
980
+ SENSITIVE: []
981
+ end
982
+
983
+ class UpdateArchiveRuleRequest
984
+ attr_accessor analyzer_name: ::String
985
+ attr_accessor rule_name: ::String
986
+ attr_accessor filter: ::Hash[::String, Types::Criterion]
987
+ attr_accessor client_token: ::String
988
+ SENSITIVE: []
989
+ end
990
+
991
+ class UpdateFindingsRequest
992
+ attr_accessor analyzer_arn: ::String
993
+ attr_accessor status: ("ACTIVE" | "ARCHIVED")
994
+ attr_accessor ids: ::Array[::String]
995
+ attr_accessor resource_arn: ::String
996
+ attr_accessor client_token: ::String
997
+ SENSITIVE: []
998
+ end
999
+
1000
+ class ValidatePolicyFinding
1001
+ attr_accessor finding_details: ::String
1002
+ attr_accessor finding_type: ("ERROR" | "SECURITY_WARNING" | "SUGGESTION" | "WARNING")
1003
+ attr_accessor issue_code: ::String
1004
+ attr_accessor learn_more_link: ::String
1005
+ attr_accessor locations: ::Array[Types::Location]
1006
+ SENSITIVE: []
1007
+ end
1008
+
1009
+ class ValidatePolicyRequest
1010
+ attr_accessor locale: ("DE" | "EN" | "ES" | "FR" | "IT" | "JA" | "KO" | "PT_BR" | "ZH_CN" | "ZH_TW")
1011
+ attr_accessor max_results: ::Integer
1012
+ attr_accessor next_token: ::String
1013
+ attr_accessor policy_document: ::String
1014
+ attr_accessor policy_type: ("IDENTITY_POLICY" | "RESOURCE_POLICY" | "SERVICE_CONTROL_POLICY")
1015
+ attr_accessor validate_policy_resource_type: ("AWS::S3::Bucket" | "AWS::S3::AccessPoint" | "AWS::S3::MultiRegionAccessPoint" | "AWS::S3ObjectLambda::AccessPoint" | "AWS::IAM::AssumeRolePolicyDocument")
1016
+ SENSITIVE: []
1017
+ end
1018
+
1019
+ class ValidatePolicyResponse
1020
+ attr_accessor findings: ::Array[Types::ValidatePolicyFinding]
1021
+ attr_accessor next_token: ::String
1022
+ SENSITIVE: []
1023
+ end
1024
+
1025
+ class ValidationException
1026
+ attr_accessor message: ::String
1027
+ attr_accessor reason: ("unknownOperation" | "cannotParse" | "fieldValidationFailed" | "other")
1028
+ attr_accessor field_list: ::Array[Types::ValidationExceptionField]
1029
+ SENSITIVE: []
1030
+ end
1031
+
1032
+ class ValidationExceptionField
1033
+ attr_accessor name: ::String
1034
+ attr_accessor message: ::String
1035
+ SENSITIVE: []
1036
+ end
1037
+
1038
+ class VpcConfiguration
1039
+ attr_accessor vpc_id: ::String
1040
+ SENSITIVE: []
1041
+ end
1042
+ end
1043
+ end