aws-sdk-accessanalyzer 1.49.0 → 1.51.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +351 -3
- data/lib/aws-sdk-accessanalyzer/client_api.rb +116 -2
- data/lib/aws-sdk-accessanalyzer/endpoints.rb +42 -0
- data/lib/aws-sdk-accessanalyzer/plugins/endpoints.rb +6 -0
- data/lib/aws-sdk-accessanalyzer/types.rb +250 -5
- data/lib/aws-sdk-accessanalyzer.rb +1 -1
- data/sig/client.rbs +41 -1
- data/sig/types.rbs +66 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 85830f512378735be96e8cfa65b9131e5f36414d4b5ab2ba4a7e80cc1536766e
|
4
|
+
data.tar.gz: fd8255a12adec108aa9ff29b3cbe957ed8c7692450062ba521877becb6d33e08
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7c826239d70604d234b73328dc1a2f12b1d4e03cd5516b37cb0a82caf98d25782be56c5a512e7c3b7f576128ceda60867f7d8564069bc684ac3edca7b63a5df1
|
7
|
+
data.tar.gz: 942d85ee53690b607e54de4b656717d3171a8c7c0ef5c80687d9c95eb27857d86495b424a4a1f881ac5d2679f84d18266fd0ea1b07642127424fde95a5066809
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,16 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.51.0 (2024-06-11)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - IAM Access Analyzer now provides policy recommendations to help resolve unused permissions for IAM roles and users. Additionally, IAM Access Analyzer now extends its custom policy checks to detect when IAM policies grant public access or access to critical resources ahead of deployments.
|
8
|
+
|
9
|
+
1.50.0 (2024-06-05)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
13
|
+
|
4
14
|
1.49.0 (2024-05-13)
|
5
15
|
------------------
|
6
16
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.51.0
|
@@ -479,7 +479,12 @@ module Aws::AccessAnalyzer
|
|
479
479
|
#
|
480
480
|
# @option params [required, Array<Types::Access>] :access
|
481
481
|
# An access object containing the permissions that shouldn't be granted
|
482
|
-
# by the specified policy.
|
482
|
+
# by the specified policy. If only actions are specified, IAM Access
|
483
|
+
# Analyzer checks for access of the actions on all resources in the
|
484
|
+
# policy. If only resources are specified, then IAM Access Analyzer
|
485
|
+
# checks which actions have access to the specified resources. If both
|
486
|
+
# actions and resources are specified, then IAM Access Analyzer checks
|
487
|
+
# which of the specified actions have access to the specified resources.
|
483
488
|
#
|
484
489
|
# @option params [required, String] :policy_type
|
485
490
|
# The type of policy. Identity policies grant permissions to IAM
|
@@ -498,13 +503,82 @@ module Aws::AccessAnalyzer
|
|
498
503
|
# * {Types::CheckAccessNotGrantedResponse#message #message} => String
|
499
504
|
# * {Types::CheckAccessNotGrantedResponse#reasons #reasons} => Array<Types::ReasonSummary>
|
500
505
|
#
|
506
|
+
#
|
507
|
+
# @example Example: Passing check. Restrictive identity policy.
|
508
|
+
#
|
509
|
+
# resp = client.check_access_not_granted({
|
510
|
+
# access: [
|
511
|
+
# {
|
512
|
+
# actions: [
|
513
|
+
# "s3:PutObject",
|
514
|
+
# ],
|
515
|
+
# },
|
516
|
+
# ],
|
517
|
+
# policy_document: "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:GetObject\",\"Resource\":\"*\"}]}",
|
518
|
+
# policy_type: "RESOURCE_POLICY",
|
519
|
+
# })
|
520
|
+
#
|
521
|
+
# resp.to_h outputs the following:
|
522
|
+
# {
|
523
|
+
# message: "The policy document does not grant access to perform the listed actions or resources.",
|
524
|
+
# result: "PASS",
|
525
|
+
# }
|
526
|
+
#
|
527
|
+
# @example Example: Passing check. Restrictive S3 Bucket resource policy.
|
528
|
+
#
|
529
|
+
# resp = client.check_access_not_granted({
|
530
|
+
# access: [
|
531
|
+
# {
|
532
|
+
# resources: [
|
533
|
+
# "arn:aws:s3:::sensitive-bucket/*",
|
534
|
+
# ],
|
535
|
+
# },
|
536
|
+
# ],
|
537
|
+
# policy_document: "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::non-sensitive-bucket/*\"}]}",
|
538
|
+
# policy_type: "RESOURCE_POLICY",
|
539
|
+
# })
|
540
|
+
#
|
541
|
+
# resp.to_h outputs the following:
|
542
|
+
# {
|
543
|
+
# message: "The policy document does not grant access to perform the listed actions or resources.",
|
544
|
+
# result: "PASS",
|
545
|
+
# }
|
546
|
+
#
|
547
|
+
# @example Example: Failing check. Permissive S3 Bucket resource policy.
|
548
|
+
#
|
549
|
+
# resp = client.check_access_not_granted({
|
550
|
+
# access: [
|
551
|
+
# {
|
552
|
+
# resources: [
|
553
|
+
# "arn:aws:s3:::my-bucket/*",
|
554
|
+
# ],
|
555
|
+
# },
|
556
|
+
# ],
|
557
|
+
# policy_document: "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::my-bucket/*\"}]}",
|
558
|
+
# policy_type: "RESOURCE_POLICY",
|
559
|
+
# })
|
560
|
+
#
|
561
|
+
# resp.to_h outputs the following:
|
562
|
+
# {
|
563
|
+
# message: "The policy document grants access to perform one or more of the listed actions or resources.",
|
564
|
+
# reasons: [
|
565
|
+
# {
|
566
|
+
# description: "One or more of the listed actions or resources in the statement with sid: AllowJohnDoe.",
|
567
|
+
# statement_id: "AllowJohnDoe",
|
568
|
+
# statement_index: 0,
|
569
|
+
# },
|
570
|
+
# ],
|
571
|
+
# result: "FAIL",
|
572
|
+
# }
|
573
|
+
#
|
501
574
|
# @example Request syntax with placeholder values
|
502
575
|
#
|
503
576
|
# resp = client.check_access_not_granted({
|
504
577
|
# policy_document: "AccessCheckPolicyDocument", # required
|
505
578
|
# access: [ # required
|
506
579
|
# {
|
507
|
-
# actions: ["Action"],
|
580
|
+
# actions: ["Action"],
|
581
|
+
# resources: ["Resource"],
|
508
582
|
# },
|
509
583
|
# ],
|
510
584
|
# policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY
|
@@ -591,6 +665,85 @@ module Aws::AccessAnalyzer
|
|
591
665
|
req.send_request(options)
|
592
666
|
end
|
593
667
|
|
668
|
+
# Checks whether a resource policy can grant public access to the
|
669
|
+
# specified resource type.
|
670
|
+
#
|
671
|
+
# @option params [required, String] :policy_document
|
672
|
+
# The JSON policy document to evaluate for public access.
|
673
|
+
#
|
674
|
+
# @option params [required, String] :resource_type
|
675
|
+
# The type of resource to evaluate for public access. For example, to
|
676
|
+
# check for public access to Amazon S3 buckets, you can choose
|
677
|
+
# `AWS::S3::Bucket` for the resource type.
|
678
|
+
#
|
679
|
+
# For resource types not supported as valid values, IAM Access Analyzer
|
680
|
+
# will return an error.
|
681
|
+
#
|
682
|
+
# @return [Types::CheckNoPublicAccessResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
683
|
+
#
|
684
|
+
# * {Types::CheckNoPublicAccessResponse#result #result} => String
|
685
|
+
# * {Types::CheckNoPublicAccessResponse#message #message} => String
|
686
|
+
# * {Types::CheckNoPublicAccessResponse#reasons #reasons} => Array<Types::ReasonSummary>
|
687
|
+
#
|
688
|
+
#
|
689
|
+
# @example Example: Passing check. S3 Bucket policy without public access.
|
690
|
+
#
|
691
|
+
# resp = client.check_no_public_access({
|
692
|
+
# policy_document: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Bob\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::111122223333:user/JohnDoe\"},\"Action\":[\"s3:GetObject\"]}]}",
|
693
|
+
# resource_type: "AWS::S3::Bucket",
|
694
|
+
# })
|
695
|
+
#
|
696
|
+
# resp.to_h outputs the following:
|
697
|
+
# {
|
698
|
+
# message: "The resource policy does not grant public access for the given resource type.",
|
699
|
+
# result: "PASS",
|
700
|
+
# }
|
701
|
+
#
|
702
|
+
# @example Example: Failing check. S3 Bucket policy with public access.
|
703
|
+
#
|
704
|
+
# resp = client.check_no_public_access({
|
705
|
+
# policy_document: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Bob\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":[\"s3:GetObject\"]}]}",
|
706
|
+
# resource_type: "AWS::S3::Bucket",
|
707
|
+
# })
|
708
|
+
#
|
709
|
+
# resp.to_h outputs the following:
|
710
|
+
# {
|
711
|
+
# message: "The resource policy grants public access for the given resource type.",
|
712
|
+
# reasons: [
|
713
|
+
# {
|
714
|
+
# description: "Public access granted in the following statement with sid: Bob.",
|
715
|
+
# statement_id: "Bob",
|
716
|
+
# statement_index: 0,
|
717
|
+
# },
|
718
|
+
# ],
|
719
|
+
# result: "FAIL",
|
720
|
+
# }
|
721
|
+
#
|
722
|
+
# @example Request syntax with placeholder values
|
723
|
+
#
|
724
|
+
# resp = client.check_no_public_access({
|
725
|
+
# policy_document: "AccessCheckPolicyDocument", # required
|
726
|
+
# resource_type: "AWS::DynamoDB::Table", # required, accepts AWS::DynamoDB::Table, AWS::DynamoDB::Stream, AWS::EFS::FileSystem, AWS::OpenSearchService::Domain, AWS::Kinesis::Stream, AWS::Kinesis::StreamConsumer, AWS::KMS::Key, AWS::Lambda::Function, AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3Express::DirectoryBucket, AWS::S3::Glacier, AWS::S3Outposts::Bucket, AWS::S3Outposts::AccessPoint, AWS::SecretsManager::Secret, AWS::SNS::Topic, AWS::SQS::Queue, AWS::IAM::AssumeRolePolicyDocument
|
727
|
+
# })
|
728
|
+
#
|
729
|
+
# @example Response structure
|
730
|
+
#
|
731
|
+
# resp.result #=> String, one of "PASS", "FAIL"
|
732
|
+
# resp.message #=> String
|
733
|
+
# resp.reasons #=> Array
|
734
|
+
# resp.reasons[0].description #=> String
|
735
|
+
# resp.reasons[0].statement_index #=> Integer
|
736
|
+
# resp.reasons[0].statement_id #=> String
|
737
|
+
#
|
738
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CheckNoPublicAccess AWS API Documentation
|
739
|
+
#
|
740
|
+
# @overload check_no_public_access(params = {})
|
741
|
+
# @param [Hash] params ({})
|
742
|
+
def check_no_public_access(params = {}, options = {})
|
743
|
+
req = build_request(:check_no_public_access, params)
|
744
|
+
req.send_request(options)
|
745
|
+
end
|
746
|
+
|
594
747
|
# Creates an access preview that allows you to preview IAM Access
|
595
748
|
# Analyzer findings for your resource before deploying resource
|
596
749
|
# permissions.
|
@@ -943,6 +1096,56 @@ module Aws::AccessAnalyzer
|
|
943
1096
|
req.send_request(options)
|
944
1097
|
end
|
945
1098
|
|
1099
|
+
# Creates a recommendation for an unused permissions finding.
|
1100
|
+
#
|
1101
|
+
# @option params [required, String] :analyzer_arn
|
1102
|
+
# The [ARN of the analyzer][1] used to generate the finding
|
1103
|
+
# recommendation.
|
1104
|
+
#
|
1105
|
+
#
|
1106
|
+
#
|
1107
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1108
|
+
#
|
1109
|
+
# @option params [required, String] :id
|
1110
|
+
# The unique ID for the finding recommendation.
|
1111
|
+
#
|
1112
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1113
|
+
#
|
1114
|
+
#
|
1115
|
+
# @example Example: Successfully started generating finding recommendation
|
1116
|
+
#
|
1117
|
+
# resp = client.generate_finding_recommendation({
|
1118
|
+
# analyzer_arn: "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
|
1119
|
+
# id: "finding-id",
|
1120
|
+
# })
|
1121
|
+
#
|
1122
|
+
# resp.to_h outputs the following:
|
1123
|
+
# {
|
1124
|
+
# }
|
1125
|
+
#
|
1126
|
+
# @example Example: Failed field validation for id value
|
1127
|
+
#
|
1128
|
+
# resp = client.generate_finding_recommendation({
|
1129
|
+
# analyzer_arn: "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
|
1130
|
+
# id: "!",
|
1131
|
+
# })
|
1132
|
+
#
|
1133
|
+
# @example Request syntax with placeholder values
|
1134
|
+
#
|
1135
|
+
# resp = client.generate_finding_recommendation({
|
1136
|
+
# analyzer_arn: "AnalyzerArn", # required
|
1137
|
+
# id: "GenerateFindingRecommendationRequestIdString", # required
|
1138
|
+
# })
|
1139
|
+
#
|
1140
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GenerateFindingRecommendation AWS API Documentation
|
1141
|
+
#
|
1142
|
+
# @overload generate_finding_recommendation(params = {})
|
1143
|
+
# @param [Hash] params ({})
|
1144
|
+
def generate_finding_recommendation(params = {}, options = {})
|
1145
|
+
req = build_request(:generate_finding_recommendation, params)
|
1146
|
+
req.send_request(options)
|
1147
|
+
end
|
1148
|
+
|
946
1149
|
# Retrieves information about an access preview for the specified
|
947
1150
|
# analyzer.
|
948
1151
|
#
|
@@ -1225,6 +1428,151 @@ module Aws::AccessAnalyzer
|
|
1225
1428
|
req.send_request(options)
|
1226
1429
|
end
|
1227
1430
|
|
1431
|
+
# Retrieves information about a finding recommendation for the specified
|
1432
|
+
# analyzer.
|
1433
|
+
#
|
1434
|
+
# @option params [required, String] :analyzer_arn
|
1435
|
+
# The [ARN of the analyzer][1] used to generate the finding
|
1436
|
+
# recommendation.
|
1437
|
+
#
|
1438
|
+
#
|
1439
|
+
#
|
1440
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1441
|
+
#
|
1442
|
+
# @option params [required, String] :id
|
1443
|
+
# The unique ID for the finding recommendation.
|
1444
|
+
#
|
1445
|
+
# @option params [Integer] :max_results
|
1446
|
+
# The maximum number of results to return in the response.
|
1447
|
+
#
|
1448
|
+
# @option params [String] :next_token
|
1449
|
+
# A token used for pagination of results returned.
|
1450
|
+
#
|
1451
|
+
# @return [Types::GetFindingRecommendationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1452
|
+
#
|
1453
|
+
# * {Types::GetFindingRecommendationResponse#started_at #started_at} => Time
|
1454
|
+
# * {Types::GetFindingRecommendationResponse#completed_at #completed_at} => Time
|
1455
|
+
# * {Types::GetFindingRecommendationResponse#next_token #next_token} => String
|
1456
|
+
# * {Types::GetFindingRecommendationResponse#error #error} => Types::RecommendationError
|
1457
|
+
# * {Types::GetFindingRecommendationResponse#resource_arn #resource_arn} => String
|
1458
|
+
# * {Types::GetFindingRecommendationResponse#recommended_steps #recommended_steps} => Array<Types::RecommendedStep>
|
1459
|
+
# * {Types::GetFindingRecommendationResponse#recommendation_type #recommendation_type} => String
|
1460
|
+
# * {Types::GetFindingRecommendationResponse#status #status} => String
|
1461
|
+
#
|
1462
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
1463
|
+
#
|
1464
|
+
#
|
1465
|
+
# @example Example: Successfully fetched finding recommendation
|
1466
|
+
#
|
1467
|
+
# resp = client.get_finding_recommendation({
|
1468
|
+
# analyzer_arn: "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
|
1469
|
+
# id: "finding-id",
|
1470
|
+
# max_results: 3,
|
1471
|
+
# next_token: "token",
|
1472
|
+
# })
|
1473
|
+
#
|
1474
|
+
# resp.to_h outputs the following:
|
1475
|
+
# {
|
1476
|
+
# completed_at: Time.parse("2000-01-01T00:00:01Z"),
|
1477
|
+
# recommendation_type: "UnusedPermissionRecommendation",
|
1478
|
+
# recommended_steps: [
|
1479
|
+
# {
|
1480
|
+
# unused_permissions_recommended_step: {
|
1481
|
+
# existing_policy_id: "policy-id",
|
1482
|
+
# recommended_action: "DETACH_POLICY",
|
1483
|
+
# },
|
1484
|
+
# },
|
1485
|
+
# {
|
1486
|
+
# unused_permissions_recommended_step: {
|
1487
|
+
# existing_policy_id: "policy-id",
|
1488
|
+
# recommended_action: "CREATE_POLICY",
|
1489
|
+
# recommended_policy: "policy-content",
|
1490
|
+
# },
|
1491
|
+
# },
|
1492
|
+
# ],
|
1493
|
+
# resource_arn: "arn:aws:iam::111122223333:role/test",
|
1494
|
+
# started_at: Time.parse("2000-01-01T00:00:00Z"),
|
1495
|
+
# status: "SUCCEEDED",
|
1496
|
+
# }
|
1497
|
+
#
|
1498
|
+
# @example Example: In progress finding recommendation
|
1499
|
+
#
|
1500
|
+
# resp = client.get_finding_recommendation({
|
1501
|
+
# analyzer_arn: "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
|
1502
|
+
# id: "finding-id",
|
1503
|
+
# max_results: 3,
|
1504
|
+
# })
|
1505
|
+
#
|
1506
|
+
# resp.to_h outputs the following:
|
1507
|
+
# {
|
1508
|
+
# recommendation_type: "UnusedPermissionRecommendation",
|
1509
|
+
# resource_arn: "arn:aws:iam::111122223333:role/test",
|
1510
|
+
# started_at: Time.parse("2000-01-01T00:00:00Z"),
|
1511
|
+
# status: "IN_PROGRESS",
|
1512
|
+
# }
|
1513
|
+
#
|
1514
|
+
# @example Example: Failed finding recommendation
|
1515
|
+
#
|
1516
|
+
# resp = client.get_finding_recommendation({
|
1517
|
+
# analyzer_arn: "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
|
1518
|
+
# id: "finding-id",
|
1519
|
+
# max_results: 3,
|
1520
|
+
# })
|
1521
|
+
#
|
1522
|
+
# resp.to_h outputs the following:
|
1523
|
+
# {
|
1524
|
+
# completed_at: Time.parse("2000-01-01T00:00:01Z"),
|
1525
|
+
# error: {
|
1526
|
+
# code: "SERVICE_ERROR",
|
1527
|
+
# message: "Service error. Please try again.",
|
1528
|
+
# },
|
1529
|
+
# recommendation_type: "UnusedPermissionRecommendation",
|
1530
|
+
# resource_arn: "arn:aws:iam::111122223333:role/test",
|
1531
|
+
# started_at: Time.parse("2000-01-01T00:00:00Z"),
|
1532
|
+
# status: "FAILED",
|
1533
|
+
# }
|
1534
|
+
#
|
1535
|
+
# @example Example: Failed field validation for id value
|
1536
|
+
#
|
1537
|
+
# resp = client.get_finding_recommendation({
|
1538
|
+
# analyzer_arn: "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
|
1539
|
+
# id: "!",
|
1540
|
+
# })
|
1541
|
+
#
|
1542
|
+
# @example Request syntax with placeholder values
|
1543
|
+
#
|
1544
|
+
# resp = client.get_finding_recommendation({
|
1545
|
+
# analyzer_arn: "AnalyzerArn", # required
|
1546
|
+
# id: "GetFindingRecommendationRequestIdString", # required
|
1547
|
+
# max_results: 1,
|
1548
|
+
# next_token: "Token",
|
1549
|
+
# })
|
1550
|
+
#
|
1551
|
+
# @example Response structure
|
1552
|
+
#
|
1553
|
+
# resp.started_at #=> Time
|
1554
|
+
# resp.completed_at #=> Time
|
1555
|
+
# resp.next_token #=> String
|
1556
|
+
# resp.error.code #=> String
|
1557
|
+
# resp.error.message #=> String
|
1558
|
+
# resp.resource_arn #=> String
|
1559
|
+
# resp.recommended_steps #=> Array
|
1560
|
+
# resp.recommended_steps[0].unused_permissions_recommended_step.policy_updated_at #=> Time
|
1561
|
+
# resp.recommended_steps[0].unused_permissions_recommended_step.recommended_action #=> String, one of "CREATE_POLICY", "DETACH_POLICY"
|
1562
|
+
# resp.recommended_steps[0].unused_permissions_recommended_step.recommended_policy #=> String
|
1563
|
+
# resp.recommended_steps[0].unused_permissions_recommended_step.existing_policy_id #=> String
|
1564
|
+
# resp.recommendation_type #=> String, one of "UnusedPermissionRecommendation"
|
1565
|
+
# resp.status #=> String, one of "SUCCEEDED", "FAILED", "IN_PROGRESS"
|
1566
|
+
#
|
1567
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFindingRecommendation AWS API Documentation
|
1568
|
+
#
|
1569
|
+
# @overload get_finding_recommendation(params = {})
|
1570
|
+
# @param [Hash] params ({})
|
1571
|
+
def get_finding_recommendation(params = {}, options = {})
|
1572
|
+
req = build_request(:get_finding_recommendation, params)
|
1573
|
+
req.send_request(options)
|
1574
|
+
end
|
1575
|
+
|
1228
1576
|
# Retrieves information about the specified finding. GetFinding and
|
1229
1577
|
# GetFindingV2 both use `access-analyzer:GetFinding` in the `Action`
|
1230
1578
|
# element of an IAM policy statement. You must have permission to
|
@@ -2276,7 +2624,7 @@ module Aws::AccessAnalyzer
|
|
2276
2624
|
params: params,
|
2277
2625
|
config: config)
|
2278
2626
|
context[:gem_name] = 'aws-sdk-accessanalyzer'
|
2279
|
-
context[:gem_version] = '1.
|
2627
|
+
context[:gem_version] = '1.51.0'
|
2280
2628
|
Seahorse::Client::Request.new(handlers, context)
|
2281
2629
|
end
|
2282
2630
|
|
@@ -17,6 +17,7 @@ module Aws::AccessAnalyzer
|
|
17
17
|
AccessActionsList = Shapes::ListShape.new(name: 'AccessActionsList')
|
18
18
|
AccessCheckPolicyDocument = Shapes::StringShape.new(name: 'AccessCheckPolicyDocument')
|
19
19
|
AccessCheckPolicyType = Shapes::StringShape.new(name: 'AccessCheckPolicyType')
|
20
|
+
AccessCheckResourceType = Shapes::StringShape.new(name: 'AccessCheckResourceType')
|
20
21
|
AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
|
21
22
|
AccessPointArn = Shapes::StringShape.new(name: 'AccessPointArn')
|
22
23
|
AccessPointPolicy = Shapes::StringShape.new(name: 'AccessPointPolicy')
|
@@ -30,6 +31,7 @@ module Aws::AccessAnalyzer
|
|
30
31
|
AccessPreviewStatusReasonCode = Shapes::StringShape.new(name: 'AccessPreviewStatusReasonCode')
|
31
32
|
AccessPreviewSummary = Shapes::StructureShape.new(name: 'AccessPreviewSummary')
|
32
33
|
AccessPreviewsList = Shapes::ListShape.new(name: 'AccessPreviewsList')
|
34
|
+
AccessResourcesList = Shapes::ListShape.new(name: 'AccessResourcesList')
|
33
35
|
AclCanonicalId = Shapes::StringShape.new(name: 'AclCanonicalId')
|
34
36
|
AclGrantee = Shapes::UnionShape.new(name: 'AclGrantee')
|
35
37
|
AclPermission = Shapes::StringShape.new(name: 'AclPermission')
|
@@ -57,6 +59,9 @@ module Aws::AccessAnalyzer
|
|
57
59
|
CheckNoNewAccessRequest = Shapes::StructureShape.new(name: 'CheckNoNewAccessRequest')
|
58
60
|
CheckNoNewAccessResponse = Shapes::StructureShape.new(name: 'CheckNoNewAccessResponse')
|
59
61
|
CheckNoNewAccessResult = Shapes::StringShape.new(name: 'CheckNoNewAccessResult')
|
62
|
+
CheckNoPublicAccessRequest = Shapes::StructureShape.new(name: 'CheckNoPublicAccessRequest')
|
63
|
+
CheckNoPublicAccessResponse = Shapes::StructureShape.new(name: 'CheckNoPublicAccessResponse')
|
64
|
+
CheckNoPublicAccessResult = Shapes::StringShape.new(name: 'CheckNoPublicAccessResult')
|
60
65
|
CloudTrailArn = Shapes::StringShape.new(name: 'CloudTrailArn')
|
61
66
|
CloudTrailDetails = Shapes::StructureShape.new(name: 'CloudTrailDetails')
|
62
67
|
CloudTrailProperties = Shapes::StructureShape.new(name: 'CloudTrailProperties')
|
@@ -106,6 +111,8 @@ module Aws::AccessAnalyzer
|
|
106
111
|
FindingType = Shapes::StringShape.new(name: 'FindingType')
|
107
112
|
FindingsList = Shapes::ListShape.new(name: 'FindingsList')
|
108
113
|
FindingsListV2 = Shapes::ListShape.new(name: 'FindingsListV2')
|
114
|
+
GenerateFindingRecommendationRequest = Shapes::StructureShape.new(name: 'GenerateFindingRecommendationRequest')
|
115
|
+
GenerateFindingRecommendationRequestIdString = Shapes::StringShape.new(name: 'GenerateFindingRecommendationRequestIdString')
|
109
116
|
GeneratedPolicy = Shapes::StructureShape.new(name: 'GeneratedPolicy')
|
110
117
|
GeneratedPolicyList = Shapes::ListShape.new(name: 'GeneratedPolicyList')
|
111
118
|
GeneratedPolicyProperties = Shapes::StructureShape.new(name: 'GeneratedPolicyProperties')
|
@@ -118,6 +125,10 @@ module Aws::AccessAnalyzer
|
|
118
125
|
GetAnalyzerResponse = Shapes::StructureShape.new(name: 'GetAnalyzerResponse')
|
119
126
|
GetArchiveRuleRequest = Shapes::StructureShape.new(name: 'GetArchiveRuleRequest')
|
120
127
|
GetArchiveRuleResponse = Shapes::StructureShape.new(name: 'GetArchiveRuleResponse')
|
128
|
+
GetFindingRecommendationRequest = Shapes::StructureShape.new(name: 'GetFindingRecommendationRequest')
|
129
|
+
GetFindingRecommendationRequestIdString = Shapes::StringShape.new(name: 'GetFindingRecommendationRequestIdString')
|
130
|
+
GetFindingRecommendationRequestMaxResultsInteger = Shapes::IntegerShape.new(name: 'GetFindingRecommendationRequestMaxResultsInteger')
|
131
|
+
GetFindingRecommendationResponse = Shapes::StructureShape.new(name: 'GetFindingRecommendationResponse')
|
121
132
|
GetFindingRequest = Shapes::StructureShape.new(name: 'GetFindingRequest')
|
122
133
|
GetFindingResponse = Shapes::StructureShape.new(name: 'GetFindingResponse')
|
123
134
|
GetFindingV2Request = Shapes::StructureShape.new(name: 'GetFindingV2Request')
|
@@ -205,7 +216,13 @@ module Aws::AccessAnalyzer
|
|
205
216
|
ReasonCode = Shapes::StringShape.new(name: 'ReasonCode')
|
206
217
|
ReasonSummary = Shapes::StructureShape.new(name: 'ReasonSummary')
|
207
218
|
ReasonSummaryList = Shapes::ListShape.new(name: 'ReasonSummaryList')
|
219
|
+
RecommendationError = Shapes::StructureShape.new(name: 'RecommendationError')
|
220
|
+
RecommendationType = Shapes::StringShape.new(name: 'RecommendationType')
|
221
|
+
RecommendedRemediationAction = Shapes::StringShape.new(name: 'RecommendedRemediationAction')
|
222
|
+
RecommendedStep = Shapes::UnionShape.new(name: 'RecommendedStep')
|
223
|
+
RecommendedStepList = Shapes::ListShape.new(name: 'RecommendedStepList')
|
208
224
|
RegionList = Shapes::ListShape.new(name: 'RegionList')
|
225
|
+
Resource = Shapes::StringShape.new(name: 'Resource')
|
209
226
|
ResourceArn = Shapes::StringShape.new(name: 'ResourceArn')
|
210
227
|
ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
|
211
228
|
ResourceType = Shapes::StringShape.new(name: 'ResourceType')
|
@@ -234,6 +251,7 @@ module Aws::AccessAnalyzer
|
|
234
251
|
StartPolicyGenerationRequest = Shapes::StructureShape.new(name: 'StartPolicyGenerationRequest')
|
235
252
|
StartPolicyGenerationResponse = Shapes::StructureShape.new(name: 'StartPolicyGenerationResponse')
|
236
253
|
StartResourceScanRequest = Shapes::StructureShape.new(name: 'StartResourceScanRequest')
|
254
|
+
Status = Shapes::StringShape.new(name: 'Status')
|
237
255
|
StatusReason = Shapes::StructureShape.new(name: 'StatusReason')
|
238
256
|
String = Shapes::StringShape.new(name: 'String')
|
239
257
|
Substring = Shapes::StructureShape.new(name: 'Substring')
|
@@ -259,6 +277,7 @@ module Aws::AccessAnalyzer
|
|
259
277
|
UnusedIamUserAccessKeyDetails = Shapes::StructureShape.new(name: 'UnusedIamUserAccessKeyDetails')
|
260
278
|
UnusedIamUserPasswordDetails = Shapes::StructureShape.new(name: 'UnusedIamUserPasswordDetails')
|
261
279
|
UnusedPermissionDetails = Shapes::StructureShape.new(name: 'UnusedPermissionDetails')
|
280
|
+
UnusedPermissionsRecommendedStep = Shapes::StructureShape.new(name: 'UnusedPermissionsRecommendedStep')
|
262
281
|
UpdateArchiveRuleRequest = Shapes::StructureShape.new(name: 'UpdateArchiveRuleRequest')
|
263
282
|
UpdateFindingsRequest = Shapes::StructureShape.new(name: 'UpdateFindingsRequest')
|
264
283
|
ValidatePolicyFinding = Shapes::StructureShape.new(name: 'ValidatePolicyFinding')
|
@@ -275,7 +294,8 @@ module Aws::AccessAnalyzer
|
|
275
294
|
VpcConfiguration = Shapes::StructureShape.new(name: 'VpcConfiguration')
|
276
295
|
VpcId = Shapes::StringShape.new(name: 'VpcId')
|
277
296
|
|
278
|
-
Access.add_member(:actions, Shapes::ShapeRef.new(shape: AccessActionsList,
|
297
|
+
Access.add_member(:actions, Shapes::ShapeRef.new(shape: AccessActionsList, location_name: "actions"))
|
298
|
+
Access.add_member(:resources, Shapes::ShapeRef.new(shape: AccessResourcesList, location_name: "resources"))
|
279
299
|
Access.struct_class = Types::Access
|
280
300
|
|
281
301
|
AccessActionsList.member = Shapes::ShapeRef.new(shape: Action)
|
@@ -322,6 +342,8 @@ module Aws::AccessAnalyzer
|
|
322
342
|
|
323
343
|
AccessPreviewsList.member = Shapes::ShapeRef.new(shape: AccessPreviewSummary)
|
324
344
|
|
345
|
+
AccessResourcesList.member = Shapes::ShapeRef.new(shape: Resource)
|
346
|
+
|
325
347
|
AclGrantee.add_member(:id, Shapes::ShapeRef.new(shape: AclCanonicalId, location_name: "id"))
|
326
348
|
AclGrantee.add_member(:uri, Shapes::ShapeRef.new(shape: AclUri, location_name: "uri"))
|
327
349
|
AclGrantee.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
|
@@ -412,6 +434,15 @@ module Aws::AccessAnalyzer
|
|
412
434
|
CheckNoNewAccessResponse.add_member(:reasons, Shapes::ShapeRef.new(shape: ReasonSummaryList, location_name: "reasons"))
|
413
435
|
CheckNoNewAccessResponse.struct_class = Types::CheckNoNewAccessResponse
|
414
436
|
|
437
|
+
CheckNoPublicAccessRequest.add_member(:policy_document, Shapes::ShapeRef.new(shape: AccessCheckPolicyDocument, required: true, location_name: "policyDocument"))
|
438
|
+
CheckNoPublicAccessRequest.add_member(:resource_type, Shapes::ShapeRef.new(shape: AccessCheckResourceType, required: true, location_name: "resourceType"))
|
439
|
+
CheckNoPublicAccessRequest.struct_class = Types::CheckNoPublicAccessRequest
|
440
|
+
|
441
|
+
CheckNoPublicAccessResponse.add_member(:result, Shapes::ShapeRef.new(shape: CheckNoPublicAccessResult, location_name: "result"))
|
442
|
+
CheckNoPublicAccessResponse.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
|
443
|
+
CheckNoPublicAccessResponse.add_member(:reasons, Shapes::ShapeRef.new(shape: ReasonSummaryList, location_name: "reasons"))
|
444
|
+
CheckNoPublicAccessResponse.struct_class = Types::CheckNoPublicAccessResponse
|
445
|
+
|
415
446
|
CloudTrailDetails.add_member(:trails, Shapes::ShapeRef.new(shape: TrailList, required: true, location_name: "trails"))
|
416
447
|
CloudTrailDetails.add_member(:access_role, Shapes::ShapeRef.new(shape: RoleArn, required: true, location_name: "accessRole"))
|
417
448
|
CloudTrailDetails.add_member(:start_time, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "startTime"))
|
@@ -613,6 +644,10 @@ module Aws::AccessAnalyzer
|
|
613
644
|
|
614
645
|
FindingsListV2.member = Shapes::ShapeRef.new(shape: FindingSummaryV2)
|
615
646
|
|
647
|
+
GenerateFindingRecommendationRequest.add_member(:analyzer_arn, Shapes::ShapeRef.new(shape: AnalyzerArn, required: true, location: "querystring", location_name: "analyzerArn"))
|
648
|
+
GenerateFindingRecommendationRequest.add_member(:id, Shapes::ShapeRef.new(shape: GenerateFindingRecommendationRequestIdString, required: true, location: "uri", location_name: "id"))
|
649
|
+
GenerateFindingRecommendationRequest.struct_class = Types::GenerateFindingRecommendationRequest
|
650
|
+
|
616
651
|
GeneratedPolicy.add_member(:policy, Shapes::ShapeRef.new(shape: String, required: true, location_name: "policy"))
|
617
652
|
GeneratedPolicy.struct_class = Types::GeneratedPolicy
|
618
653
|
|
@@ -654,6 +689,22 @@ module Aws::AccessAnalyzer
|
|
654
689
|
GetArchiveRuleResponse.add_member(:archive_rule, Shapes::ShapeRef.new(shape: ArchiveRuleSummary, required: true, location_name: "archiveRule"))
|
655
690
|
GetArchiveRuleResponse.struct_class = Types::GetArchiveRuleResponse
|
656
691
|
|
692
|
+
GetFindingRecommendationRequest.add_member(:analyzer_arn, Shapes::ShapeRef.new(shape: AnalyzerArn, required: true, location: "querystring", location_name: "analyzerArn"))
|
693
|
+
GetFindingRecommendationRequest.add_member(:id, Shapes::ShapeRef.new(shape: GetFindingRecommendationRequestIdString, required: true, location: "uri", location_name: "id"))
|
694
|
+
GetFindingRecommendationRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: GetFindingRecommendationRequestMaxResultsInteger, location: "querystring", location_name: "maxResults"))
|
695
|
+
GetFindingRecommendationRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location: "querystring", location_name: "nextToken"))
|
696
|
+
GetFindingRecommendationRequest.struct_class = Types::GetFindingRecommendationRequest
|
697
|
+
|
698
|
+
GetFindingRecommendationResponse.add_member(:started_at, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "startedAt"))
|
699
|
+
GetFindingRecommendationResponse.add_member(:completed_at, Shapes::ShapeRef.new(shape: Timestamp, location_name: "completedAt"))
|
700
|
+
GetFindingRecommendationResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location_name: "nextToken"))
|
701
|
+
GetFindingRecommendationResponse.add_member(:error, Shapes::ShapeRef.new(shape: RecommendationError, location_name: "error"))
|
702
|
+
GetFindingRecommendationResponse.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "resourceArn"))
|
703
|
+
GetFindingRecommendationResponse.add_member(:recommended_steps, Shapes::ShapeRef.new(shape: RecommendedStepList, location_name: "recommendedSteps"))
|
704
|
+
GetFindingRecommendationResponse.add_member(:recommendation_type, Shapes::ShapeRef.new(shape: RecommendationType, required: true, location_name: "recommendationType"))
|
705
|
+
GetFindingRecommendationResponse.add_member(:status, Shapes::ShapeRef.new(shape: Status, required: true, location_name: "status"))
|
706
|
+
GetFindingRecommendationResponse.struct_class = Types::GetFindingRecommendationResponse
|
707
|
+
|
657
708
|
GetFindingRequest.add_member(:analyzer_arn, Shapes::ShapeRef.new(shape: AnalyzerArn, required: true, location: "querystring", location_name: "analyzerArn"))
|
658
709
|
GetFindingRequest.add_member(:id, Shapes::ShapeRef.new(shape: FindingId, required: true, location: "uri", location_name: "id"))
|
659
710
|
GetFindingRequest.struct_class = Types::GetFindingRequest
|
@@ -914,6 +965,18 @@ module Aws::AccessAnalyzer
|
|
914
965
|
|
915
966
|
ReasonSummaryList.member = Shapes::ShapeRef.new(shape: ReasonSummary)
|
916
967
|
|
968
|
+
RecommendationError.add_member(:code, Shapes::ShapeRef.new(shape: String, required: true, location_name: "code"))
|
969
|
+
RecommendationError.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
|
970
|
+
RecommendationError.struct_class = Types::RecommendationError
|
971
|
+
|
972
|
+
RecommendedStep.add_member(:unused_permissions_recommended_step, Shapes::ShapeRef.new(shape: UnusedPermissionsRecommendedStep, location_name: "unusedPermissionsRecommendedStep"))
|
973
|
+
RecommendedStep.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
|
974
|
+
RecommendedStep.add_member_subclass(:unused_permissions_recommended_step, Types::RecommendedStep::UnusedPermissionsRecommendedStep)
|
975
|
+
RecommendedStep.add_member_subclass(:unknown, Types::RecommendedStep::Unknown)
|
976
|
+
RecommendedStep.struct_class = Types::RecommendedStep
|
977
|
+
|
978
|
+
RecommendedStepList.member = Shapes::ShapeRef.new(shape: RecommendedStep)
|
979
|
+
|
917
980
|
RegionList.member = Shapes::ShapeRef.new(shape: String)
|
918
981
|
|
919
982
|
ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
|
@@ -1055,6 +1118,12 @@ module Aws::AccessAnalyzer
|
|
1055
1118
|
UnusedPermissionDetails.add_member(:last_accessed, Shapes::ShapeRef.new(shape: Timestamp, location_name: "lastAccessed"))
|
1056
1119
|
UnusedPermissionDetails.struct_class = Types::UnusedPermissionDetails
|
1057
1120
|
|
1121
|
+
UnusedPermissionsRecommendedStep.add_member(:policy_updated_at, Shapes::ShapeRef.new(shape: Timestamp, location_name: "policyUpdatedAt"))
|
1122
|
+
UnusedPermissionsRecommendedStep.add_member(:recommended_action, Shapes::ShapeRef.new(shape: RecommendedRemediationAction, required: true, location_name: "recommendedAction"))
|
1123
|
+
UnusedPermissionsRecommendedStep.add_member(:recommended_policy, Shapes::ShapeRef.new(shape: String, location_name: "recommendedPolicy"))
|
1124
|
+
UnusedPermissionsRecommendedStep.add_member(:existing_policy_id, Shapes::ShapeRef.new(shape: String, location_name: "existingPolicyId"))
|
1125
|
+
UnusedPermissionsRecommendedStep.struct_class = Types::UnusedPermissionsRecommendedStep
|
1126
|
+
|
1058
1127
|
UpdateArchiveRuleRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "analyzerName"))
|
1059
1128
|
UpdateArchiveRuleRequest.add_member(:rule_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "ruleName"))
|
1060
1129
|
UpdateArchiveRuleRequest.add_member(:filter, Shapes::ShapeRef.new(shape: FilterCriteriaMap, required: true, location_name: "filter"))
|
@@ -1114,8 +1183,8 @@ module Aws::AccessAnalyzer
|
|
1114
1183
|
api.metadata = {
|
1115
1184
|
"apiVersion" => "2019-11-01",
|
1116
1185
|
"endpointPrefix" => "access-analyzer",
|
1117
|
-
"jsonVersion" => "1.1",
|
1118
1186
|
"protocol" => "rest-json",
|
1187
|
+
"protocols" => ["rest-json"],
|
1119
1188
|
"serviceFullName" => "Access Analyzer",
|
1120
1189
|
"serviceId" => "AccessAnalyzer",
|
1121
1190
|
"signatureVersion" => "v4",
|
@@ -1176,6 +1245,20 @@ module Aws::AccessAnalyzer
|
|
1176
1245
|
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
1177
1246
|
end)
|
1178
1247
|
|
1248
|
+
api.add_operation(:check_no_public_access, Seahorse::Model::Operation.new.tap do |o|
|
1249
|
+
o.name = "CheckNoPublicAccess"
|
1250
|
+
o.http_method = "POST"
|
1251
|
+
o.http_request_uri = "/policy/check-no-public-access"
|
1252
|
+
o.input = Shapes::ShapeRef.new(shape: CheckNoPublicAccessRequest)
|
1253
|
+
o.output = Shapes::ShapeRef.new(shape: CheckNoPublicAccessResponse)
|
1254
|
+
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
1255
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
1256
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
|
1257
|
+
o.errors << Shapes::ShapeRef.new(shape: UnprocessableEntityException)
|
1258
|
+
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
1259
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
1260
|
+
end)
|
1261
|
+
|
1179
1262
|
api.add_operation(:create_access_preview, Seahorse::Model::Operation.new.tap do |o|
|
1180
1263
|
o.name = "CreateAccessPreview"
|
1181
1264
|
o.http_method = "PUT"
|
@@ -1246,6 +1329,18 @@ module Aws::AccessAnalyzer
|
|
1246
1329
|
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
1247
1330
|
end)
|
1248
1331
|
|
1332
|
+
api.add_operation(:generate_finding_recommendation, Seahorse::Model::Operation.new.tap do |o|
|
1333
|
+
o.name = "GenerateFindingRecommendation"
|
1334
|
+
o.http_method = "POST"
|
1335
|
+
o.http_request_uri = "/recommendation/{id}"
|
1336
|
+
o.input = Shapes::ShapeRef.new(shape: GenerateFindingRecommendationRequest)
|
1337
|
+
o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
|
1338
|
+
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
1339
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
1340
|
+
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
1341
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
1342
|
+
end)
|
1343
|
+
|
1249
1344
|
api.add_operation(:get_access_preview, Seahorse::Model::Operation.new.tap do |o|
|
1250
1345
|
o.name = "GetAccessPreview"
|
1251
1346
|
o.http_method = "GET"
|
@@ -1311,6 +1406,25 @@ module Aws::AccessAnalyzer
|
|
1311
1406
|
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
1312
1407
|
end)
|
1313
1408
|
|
1409
|
+
api.add_operation(:get_finding_recommendation, Seahorse::Model::Operation.new.tap do |o|
|
1410
|
+
o.name = "GetFindingRecommendation"
|
1411
|
+
o.http_method = "GET"
|
1412
|
+
o.http_request_uri = "/recommendation/{id}"
|
1413
|
+
o.input = Shapes::ShapeRef.new(shape: GetFindingRecommendationRequest)
|
1414
|
+
o.output = Shapes::ShapeRef.new(shape: GetFindingRecommendationResponse)
|
1415
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
1416
|
+
o.errors << Shapes::ShapeRef.new(shape: ValidationException)
|
1417
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
|
1418
|
+
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
1419
|
+
o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
|
1420
|
+
o[:pager] = Aws::Pager.new(
|
1421
|
+
limit_key: "max_results",
|
1422
|
+
tokens: {
|
1423
|
+
"next_token" => "next_token"
|
1424
|
+
}
|
1425
|
+
)
|
1426
|
+
end)
|
1427
|
+
|
1314
1428
|
api.add_operation(:get_finding_v2, Seahorse::Model::Operation.new.tap do |o|
|
1315
1429
|
o.name = "GetFindingV2"
|
1316
1430
|
o.http_method = "GET"
|
@@ -68,6 +68,20 @@ module Aws::AccessAnalyzer
|
|
68
68
|
end
|
69
69
|
end
|
70
70
|
|
71
|
+
class CheckNoPublicAccess
|
72
|
+
def self.build(context)
|
73
|
+
unless context.config.regional_endpoint
|
74
|
+
endpoint = context.config.endpoint.to_s
|
75
|
+
end
|
76
|
+
Aws::AccessAnalyzer::EndpointParameters.new(
|
77
|
+
region: context.config.region,
|
78
|
+
use_dual_stack: context.config.use_dualstack_endpoint,
|
79
|
+
use_fips: context.config.use_fips_endpoint,
|
80
|
+
endpoint: endpoint,
|
81
|
+
)
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
71
85
|
class CreateAccessPreview
|
72
86
|
def self.build(context)
|
73
87
|
unless context.config.regional_endpoint
|
@@ -138,6 +152,20 @@ module Aws::AccessAnalyzer
|
|
138
152
|
end
|
139
153
|
end
|
140
154
|
|
155
|
+
class GenerateFindingRecommendation
|
156
|
+
def self.build(context)
|
157
|
+
unless context.config.regional_endpoint
|
158
|
+
endpoint = context.config.endpoint.to_s
|
159
|
+
end
|
160
|
+
Aws::AccessAnalyzer::EndpointParameters.new(
|
161
|
+
region: context.config.region,
|
162
|
+
use_dual_stack: context.config.use_dualstack_endpoint,
|
163
|
+
use_fips: context.config.use_fips_endpoint,
|
164
|
+
endpoint: endpoint,
|
165
|
+
)
|
166
|
+
end
|
167
|
+
end
|
168
|
+
|
141
169
|
class GetAccessPreview
|
142
170
|
def self.build(context)
|
143
171
|
unless context.config.regional_endpoint
|
@@ -208,6 +236,20 @@ module Aws::AccessAnalyzer
|
|
208
236
|
end
|
209
237
|
end
|
210
238
|
|
239
|
+
class GetFindingRecommendation
|
240
|
+
def self.build(context)
|
241
|
+
unless context.config.regional_endpoint
|
242
|
+
endpoint = context.config.endpoint.to_s
|
243
|
+
end
|
244
|
+
Aws::AccessAnalyzer::EndpointParameters.new(
|
245
|
+
region: context.config.region,
|
246
|
+
use_dual_stack: context.config.use_dualstack_endpoint,
|
247
|
+
use_fips: context.config.use_fips_endpoint,
|
248
|
+
endpoint: endpoint,
|
249
|
+
)
|
250
|
+
end
|
251
|
+
end
|
252
|
+
|
211
253
|
class GetFindingV2
|
212
254
|
def self.build(context)
|
213
255
|
unless context.config.regional_endpoint
|
@@ -66,6 +66,8 @@ module Aws::AccessAnalyzer
|
|
66
66
|
Aws::AccessAnalyzer::Endpoints::CheckAccessNotGranted.build(context)
|
67
67
|
when :check_no_new_access
|
68
68
|
Aws::AccessAnalyzer::Endpoints::CheckNoNewAccess.build(context)
|
69
|
+
when :check_no_public_access
|
70
|
+
Aws::AccessAnalyzer::Endpoints::CheckNoPublicAccess.build(context)
|
69
71
|
when :create_access_preview
|
70
72
|
Aws::AccessAnalyzer::Endpoints::CreateAccessPreview.build(context)
|
71
73
|
when :create_analyzer
|
@@ -76,6 +78,8 @@ module Aws::AccessAnalyzer
|
|
76
78
|
Aws::AccessAnalyzer::Endpoints::DeleteAnalyzer.build(context)
|
77
79
|
when :delete_archive_rule
|
78
80
|
Aws::AccessAnalyzer::Endpoints::DeleteArchiveRule.build(context)
|
81
|
+
when :generate_finding_recommendation
|
82
|
+
Aws::AccessAnalyzer::Endpoints::GenerateFindingRecommendation.build(context)
|
79
83
|
when :get_access_preview
|
80
84
|
Aws::AccessAnalyzer::Endpoints::GetAccessPreview.build(context)
|
81
85
|
when :get_analyzed_resource
|
@@ -86,6 +90,8 @@ module Aws::AccessAnalyzer
|
|
86
90
|
Aws::AccessAnalyzer::Endpoints::GetArchiveRule.build(context)
|
87
91
|
when :get_finding
|
88
92
|
Aws::AccessAnalyzer::Endpoints::GetFinding.build(context)
|
93
|
+
when :get_finding_recommendation
|
94
|
+
Aws::AccessAnalyzer::Endpoints::GetFindingRecommendation.build(context)
|
89
95
|
when :get_finding_v2
|
90
96
|
Aws::AccessAnalyzer::Endpoints::GetFindingV2.build(context)
|
91
97
|
when :get_generated_policy
|
@@ -10,8 +10,8 @@
|
|
10
10
|
module Aws::AccessAnalyzer
|
11
11
|
module Types
|
12
12
|
|
13
|
-
# Contains information about actions that define
|
14
|
-
# against a policy.
|
13
|
+
# Contains information about actions and resources that define
|
14
|
+
# permissions to check against a policy.
|
15
15
|
#
|
16
16
|
# @!attribute [rw] actions
|
17
17
|
# A list of actions for the access permissions. Any strings that can
|
@@ -19,10 +19,17 @@ module Aws::AccessAnalyzer
|
|
19
19
|
# actions to check.
|
20
20
|
# @return [Array<String>]
|
21
21
|
#
|
22
|
+
# @!attribute [rw] resources
|
23
|
+
# A list of resources for the access permissions. Any strings that can
|
24
|
+
# be used as a resource in an IAM policy can be used in the list of
|
25
|
+
# resources to check.
|
26
|
+
# @return [Array<String>]
|
27
|
+
#
|
22
28
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Access AWS API Documentation
|
23
29
|
#
|
24
30
|
class Access < Struct.new(
|
25
|
-
:actions
|
31
|
+
:actions,
|
32
|
+
:resources)
|
26
33
|
SENSITIVE = []
|
27
34
|
include Aws::Structure
|
28
35
|
end
|
@@ -575,7 +582,13 @@ module Aws::AccessAnalyzer
|
|
575
582
|
#
|
576
583
|
# @!attribute [rw] access
|
577
584
|
# An access object containing the permissions that shouldn't be
|
578
|
-
# granted by the specified policy.
|
585
|
+
# granted by the specified policy. If only actions are specified, IAM
|
586
|
+
# Access Analyzer checks for access of the actions on all resources in
|
587
|
+
# the policy. If only resources are specified, then IAM Access
|
588
|
+
# Analyzer checks which actions have access to the specified
|
589
|
+
# resources. If both actions and resources are specified, then IAM
|
590
|
+
# Access Analyzer checks which of the specified actions have access to
|
591
|
+
# the specified resources.
|
579
592
|
# @return [Array<Types::Access>]
|
580
593
|
#
|
581
594
|
# @!attribute [rw] policy_type
|
@@ -682,6 +695,55 @@ module Aws::AccessAnalyzer
|
|
682
695
|
include Aws::Structure
|
683
696
|
end
|
684
697
|
|
698
|
+
# @!attribute [rw] policy_document
|
699
|
+
# The JSON policy document to evaluate for public access.
|
700
|
+
# @return [String]
|
701
|
+
#
|
702
|
+
# @!attribute [rw] resource_type
|
703
|
+
# The type of resource to evaluate for public access. For example, to
|
704
|
+
# check for public access to Amazon S3 buckets, you can choose
|
705
|
+
# `AWS::S3::Bucket` for the resource type.
|
706
|
+
#
|
707
|
+
# For resource types not supported as valid values, IAM Access
|
708
|
+
# Analyzer will return an error.
|
709
|
+
# @return [String]
|
710
|
+
#
|
711
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CheckNoPublicAccessRequest AWS API Documentation
|
712
|
+
#
|
713
|
+
class CheckNoPublicAccessRequest < Struct.new(
|
714
|
+
:policy_document,
|
715
|
+
:resource_type)
|
716
|
+
SENSITIVE = [:policy_document]
|
717
|
+
include Aws::Structure
|
718
|
+
end
|
719
|
+
|
720
|
+
# @!attribute [rw] result
|
721
|
+
# The result of the check for public access to the specified resource
|
722
|
+
# type. If the result is `PASS`, the policy doesn't allow public
|
723
|
+
# access to the specified resource type. If the result is `FAIL`, the
|
724
|
+
# policy might allow public access to the specified resource type.
|
725
|
+
# @return [String]
|
726
|
+
#
|
727
|
+
# @!attribute [rw] message
|
728
|
+
# The message indicating whether the specified policy allows public
|
729
|
+
# access to resources.
|
730
|
+
# @return [String]
|
731
|
+
#
|
732
|
+
# @!attribute [rw] reasons
|
733
|
+
# A list of reasons why the specified resource policy grants public
|
734
|
+
# access for the resource type.
|
735
|
+
# @return [Array<Types::ReasonSummary>]
|
736
|
+
#
|
737
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CheckNoPublicAccessResponse AWS API Documentation
|
738
|
+
#
|
739
|
+
class CheckNoPublicAccessResponse < Struct.new(
|
740
|
+
:result,
|
741
|
+
:message,
|
742
|
+
:reasons)
|
743
|
+
SENSITIVE = []
|
744
|
+
include Aws::Structure
|
745
|
+
end
|
746
|
+
|
685
747
|
# Contains information about CloudTrail access.
|
686
748
|
#
|
687
749
|
# @!attribute [rw] trails
|
@@ -1687,6 +1749,28 @@ module Aws::AccessAnalyzer
|
|
1687
1749
|
include Aws::Structure
|
1688
1750
|
end
|
1689
1751
|
|
1752
|
+
# @!attribute [rw] analyzer_arn
|
1753
|
+
# The [ARN of the analyzer][1] used to generate the finding
|
1754
|
+
# recommendation.
|
1755
|
+
#
|
1756
|
+
#
|
1757
|
+
#
|
1758
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1759
|
+
# @return [String]
|
1760
|
+
#
|
1761
|
+
# @!attribute [rw] id
|
1762
|
+
# The unique ID for the finding recommendation.
|
1763
|
+
# @return [String]
|
1764
|
+
#
|
1765
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GenerateFindingRecommendationRequest AWS API Documentation
|
1766
|
+
#
|
1767
|
+
class GenerateFindingRecommendationRequest < Struct.new(
|
1768
|
+
:analyzer_arn,
|
1769
|
+
:id)
|
1770
|
+
SENSITIVE = []
|
1771
|
+
include Aws::Structure
|
1772
|
+
end
|
1773
|
+
|
1690
1774
|
# Contains the text for the generated policy.
|
1691
1775
|
#
|
1692
1776
|
# @!attribute [rw] policy
|
@@ -1891,6 +1975,88 @@ module Aws::AccessAnalyzer
|
|
1891
1975
|
include Aws::Structure
|
1892
1976
|
end
|
1893
1977
|
|
1978
|
+
# @!attribute [rw] analyzer_arn
|
1979
|
+
# The [ARN of the analyzer][1] used to generate the finding
|
1980
|
+
# recommendation.
|
1981
|
+
#
|
1982
|
+
#
|
1983
|
+
#
|
1984
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
|
1985
|
+
# @return [String]
|
1986
|
+
#
|
1987
|
+
# @!attribute [rw] id
|
1988
|
+
# The unique ID for the finding recommendation.
|
1989
|
+
# @return [String]
|
1990
|
+
#
|
1991
|
+
# @!attribute [rw] max_results
|
1992
|
+
# The maximum number of results to return in the response.
|
1993
|
+
# @return [Integer]
|
1994
|
+
#
|
1995
|
+
# @!attribute [rw] next_token
|
1996
|
+
# A token used for pagination of results returned.
|
1997
|
+
# @return [String]
|
1998
|
+
#
|
1999
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFindingRecommendationRequest AWS API Documentation
|
2000
|
+
#
|
2001
|
+
class GetFindingRecommendationRequest < Struct.new(
|
2002
|
+
:analyzer_arn,
|
2003
|
+
:id,
|
2004
|
+
:max_results,
|
2005
|
+
:next_token)
|
2006
|
+
SENSITIVE = []
|
2007
|
+
include Aws::Structure
|
2008
|
+
end
|
2009
|
+
|
2010
|
+
# @!attribute [rw] started_at
|
2011
|
+
# The time at which the retrieval of the finding recommendation was
|
2012
|
+
# started.
|
2013
|
+
# @return [Time]
|
2014
|
+
#
|
2015
|
+
# @!attribute [rw] completed_at
|
2016
|
+
# The time at which the retrieval of the finding recommendation was
|
2017
|
+
# completed.
|
2018
|
+
# @return [Time]
|
2019
|
+
#
|
2020
|
+
# @!attribute [rw] next_token
|
2021
|
+
# A token used for pagination of results returned.
|
2022
|
+
# @return [String]
|
2023
|
+
#
|
2024
|
+
# @!attribute [rw] error
|
2025
|
+
# Detailed information about the reason that the retrieval of a
|
2026
|
+
# recommendation for the finding failed.
|
2027
|
+
# @return [Types::RecommendationError]
|
2028
|
+
#
|
2029
|
+
# @!attribute [rw] resource_arn
|
2030
|
+
# The ARN of the resource of the finding.
|
2031
|
+
# @return [String]
|
2032
|
+
#
|
2033
|
+
# @!attribute [rw] recommended_steps
|
2034
|
+
# A group of recommended steps for the finding.
|
2035
|
+
# @return [Array<Types::RecommendedStep>]
|
2036
|
+
#
|
2037
|
+
# @!attribute [rw] recommendation_type
|
2038
|
+
# The type of recommendation for the finding.
|
2039
|
+
# @return [String]
|
2040
|
+
#
|
2041
|
+
# @!attribute [rw] status
|
2042
|
+
# The status of the retrieval of the finding recommendation.
|
2043
|
+
# @return [String]
|
2044
|
+
#
|
2045
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFindingRecommendationResponse AWS API Documentation
|
2046
|
+
#
|
2047
|
+
class GetFindingRecommendationResponse < Struct.new(
|
2048
|
+
:started_at,
|
2049
|
+
:completed_at,
|
2050
|
+
:next_token,
|
2051
|
+
:error,
|
2052
|
+
:resource_arn,
|
2053
|
+
:recommended_steps,
|
2054
|
+
:recommendation_type,
|
2055
|
+
:status)
|
2056
|
+
SENSITIVE = []
|
2057
|
+
include Aws::Structure
|
2058
|
+
end
|
2059
|
+
|
1894
2060
|
# Retrieves a finding.
|
1895
2061
|
#
|
1896
2062
|
# @!attribute [rw] analyzer_arn
|
@@ -3167,6 +3333,50 @@ module Aws::AccessAnalyzer
|
|
3167
3333
|
include Aws::Structure
|
3168
3334
|
end
|
3169
3335
|
|
3336
|
+
# Contains information about the reason that the retrieval of a
|
3337
|
+
# recommendation for a finding failed.
|
3338
|
+
#
|
3339
|
+
# @!attribute [rw] code
|
3340
|
+
# The error code for a failed retrieval of a recommendation for a
|
3341
|
+
# finding.
|
3342
|
+
# @return [String]
|
3343
|
+
#
|
3344
|
+
# @!attribute [rw] message
|
3345
|
+
# The error message for a failed retrieval of a recommendation for a
|
3346
|
+
# finding.
|
3347
|
+
# @return [String]
|
3348
|
+
#
|
3349
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RecommendationError AWS API Documentation
|
3350
|
+
#
|
3351
|
+
class RecommendationError < Struct.new(
|
3352
|
+
:code,
|
3353
|
+
:message)
|
3354
|
+
SENSITIVE = []
|
3355
|
+
include Aws::Structure
|
3356
|
+
end
|
3357
|
+
|
3358
|
+
# Contains information about a recommended step for an unused access
|
3359
|
+
# analyzer finding.
|
3360
|
+
#
|
3361
|
+
# @note RecommendedStep is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of RecommendedStep corresponding to the set member.
|
3362
|
+
#
|
3363
|
+
# @!attribute [rw] unused_permissions_recommended_step
|
3364
|
+
# A recommended step for an unused permissions finding.
|
3365
|
+
# @return [Types::UnusedPermissionsRecommendedStep]
|
3366
|
+
#
|
3367
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RecommendedStep AWS API Documentation
|
3368
|
+
#
|
3369
|
+
class RecommendedStep < Struct.new(
|
3370
|
+
:unused_permissions_recommended_step,
|
3371
|
+
:unknown)
|
3372
|
+
SENSITIVE = []
|
3373
|
+
include Aws::Structure
|
3374
|
+
include Aws::Structure::Union
|
3375
|
+
|
3376
|
+
class UnusedPermissionsRecommendedStep < RecommendedStep; end
|
3377
|
+
class Unknown < RecommendedStep; end
|
3378
|
+
end
|
3379
|
+
|
3170
3380
|
# The specified resource could not be found.
|
3171
3381
|
#
|
3172
3382
|
# @!attribute [rw] message
|
@@ -3930,7 +4140,7 @@ module Aws::AccessAnalyzer
|
|
3930
4140
|
# @return [String]
|
3931
4141
|
#
|
3932
4142
|
# @!attribute [rw] last_accessed
|
3933
|
-
# The time at which the permission last accessed.
|
4143
|
+
# The time at which the permission was last accessed.
|
3934
4144
|
# @return [Time]
|
3935
4145
|
#
|
3936
4146
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UnusedPermissionDetails AWS API Documentation
|
@@ -3943,6 +4153,41 @@ module Aws::AccessAnalyzer
|
|
3943
4153
|
include Aws::Structure
|
3944
4154
|
end
|
3945
4155
|
|
4156
|
+
# Contains information about the action to take for a policy in an
|
4157
|
+
# unused permissions finding.
|
4158
|
+
#
|
4159
|
+
# @!attribute [rw] policy_updated_at
|
4160
|
+
# The time at which the existing policy for the unused permissions
|
4161
|
+
# finding was last updated.
|
4162
|
+
# @return [Time]
|
4163
|
+
#
|
4164
|
+
# @!attribute [rw] recommended_action
|
4165
|
+
# A recommendation of whether to create or detach a policy for an
|
4166
|
+
# unused permissions finding.
|
4167
|
+
# @return [String]
|
4168
|
+
#
|
4169
|
+
# @!attribute [rw] recommended_policy
|
4170
|
+
# If the recommended action for the unused permissions finding is to
|
4171
|
+
# replace the existing policy, the contents of the recommended policy
|
4172
|
+
# to replace the policy specified in the `existingPolicyId` field.
|
4173
|
+
# @return [String]
|
4174
|
+
#
|
4175
|
+
# @!attribute [rw] existing_policy_id
|
4176
|
+
# If the recommended action for the unused permissions finding is to
|
4177
|
+
# detach a policy, the ID of an existing policy to be detached.
|
4178
|
+
# @return [String]
|
4179
|
+
#
|
4180
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UnusedPermissionsRecommendedStep AWS API Documentation
|
4181
|
+
#
|
4182
|
+
class UnusedPermissionsRecommendedStep < Struct.new(
|
4183
|
+
:policy_updated_at,
|
4184
|
+
:recommended_action,
|
4185
|
+
:recommended_policy,
|
4186
|
+
:existing_policy_id)
|
4187
|
+
SENSITIVE = []
|
4188
|
+
include Aws::Structure
|
4189
|
+
end
|
4190
|
+
|
3946
4191
|
# Updates the specified archive rule.
|
3947
4192
|
#
|
3948
4193
|
# @!attribute [rw] analyzer_name
|
data/sig/client.rbs
CHANGED
@@ -100,7 +100,8 @@ module Aws
|
|
100
100
|
policy_document: ::String,
|
101
101
|
access: Array[
|
102
102
|
{
|
103
|
-
actions: Array[::String]
|
103
|
+
actions: Array[::String]?,
|
104
|
+
resources: Array[::String]?
|
104
105
|
},
|
105
106
|
],
|
106
107
|
policy_type: ("IDENTITY_POLICY" | "RESOURCE_POLICY")
|
@@ -121,6 +122,19 @@ module Aws
|
|
121
122
|
) -> _CheckNoNewAccessResponseSuccess
|
122
123
|
| (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CheckNoNewAccessResponseSuccess
|
123
124
|
|
125
|
+
interface _CheckNoPublicAccessResponseSuccess
|
126
|
+
include ::Seahorse::Client::_ResponseSuccess[Types::CheckNoPublicAccessResponse]
|
127
|
+
def result: () -> ("PASS" | "FAIL")
|
128
|
+
def message: () -> ::String
|
129
|
+
def reasons: () -> ::Array[Types::ReasonSummary]
|
130
|
+
end
|
131
|
+
# https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AccessAnalyzer/Client.html#check_no_public_access-instance_method
|
132
|
+
def check_no_public_access: (
|
133
|
+
policy_document: ::String,
|
134
|
+
resource_type: ("AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::EFS::FileSystem" | "AWS::OpenSearchService::Domain" | "AWS::Kinesis::Stream" | "AWS::Kinesis::StreamConsumer" | "AWS::KMS::Key" | "AWS::Lambda::Function" | "AWS::S3::Bucket" | "AWS::S3::AccessPoint" | "AWS::S3Express::DirectoryBucket" | "AWS::S3::Glacier" | "AWS::S3Outposts::Bucket" | "AWS::S3Outposts::AccessPoint" | "AWS::SecretsManager::Secret" | "AWS::SNS::Topic" | "AWS::SQS::Queue" | "AWS::IAM::AssumeRolePolicyDocument")
|
135
|
+
) -> _CheckNoPublicAccessResponseSuccess
|
136
|
+
| (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CheckNoPublicAccessResponseSuccess
|
137
|
+
|
124
138
|
interface _CreateAccessPreviewResponseSuccess
|
125
139
|
include ::Seahorse::Client::_ResponseSuccess[Types::CreateAccessPreviewResponse]
|
126
140
|
def id: () -> ::String
|
@@ -282,6 +296,13 @@ module Aws
|
|
282
296
|
) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
|
283
297
|
| (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
|
284
298
|
|
299
|
+
# https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AccessAnalyzer/Client.html#generate_finding_recommendation-instance_method
|
300
|
+
def generate_finding_recommendation: (
|
301
|
+
analyzer_arn: ::String,
|
302
|
+
id: ::String
|
303
|
+
) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
|
304
|
+
| (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
|
305
|
+
|
285
306
|
interface _GetAccessPreviewResponseSuccess
|
286
307
|
include ::Seahorse::Client::_ResponseSuccess[Types::GetAccessPreviewResponse]
|
287
308
|
def access_preview: () -> Types::AccessPreview
|
@@ -336,6 +357,25 @@ module Aws
|
|
336
357
|
) -> _GetFindingResponseSuccess
|
337
358
|
| (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetFindingResponseSuccess
|
338
359
|
|
360
|
+
interface _GetFindingRecommendationResponseSuccess
|
361
|
+
include ::Seahorse::Client::_ResponseSuccess[Types::GetFindingRecommendationResponse]
|
362
|
+
def started_at: () -> ::Time
|
363
|
+
def completed_at: () -> ::Time
|
364
|
+
def next_token: () -> ::String
|
365
|
+
def resource_arn: () -> ::String
|
366
|
+
def recommended_steps: () -> ::Array[Types::RecommendedStep]
|
367
|
+
def recommendation_type: () -> ("UnusedPermissionRecommendation")
|
368
|
+
def status: () -> ("SUCCEEDED" | "FAILED" | "IN_PROGRESS")
|
369
|
+
end
|
370
|
+
# https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AccessAnalyzer/Client.html#get_finding_recommendation-instance_method
|
371
|
+
def get_finding_recommendation: (
|
372
|
+
analyzer_arn: ::String,
|
373
|
+
id: ::String,
|
374
|
+
?max_results: ::Integer,
|
375
|
+
?next_token: ::String
|
376
|
+
) -> _GetFindingRecommendationResponseSuccess
|
377
|
+
| (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetFindingRecommendationResponseSuccess
|
378
|
+
|
339
379
|
interface _GetFindingV2ResponseSuccess
|
340
380
|
include ::Seahorse::Client::_ResponseSuccess[Types::GetFindingV2Response]
|
341
381
|
def analyzed_at: () -> ::Time
|
data/sig/types.rbs
CHANGED
@@ -10,6 +10,7 @@ module Aws::AccessAnalyzer
|
|
10
10
|
|
11
11
|
class Access
|
12
12
|
attr_accessor actions: ::Array[::String]
|
13
|
+
attr_accessor resources: ::Array[::String]
|
13
14
|
SENSITIVE: []
|
14
15
|
end
|
15
16
|
|
@@ -173,6 +174,19 @@ module Aws::AccessAnalyzer
|
|
173
174
|
SENSITIVE: []
|
174
175
|
end
|
175
176
|
|
177
|
+
class CheckNoPublicAccessRequest
|
178
|
+
attr_accessor policy_document: ::String
|
179
|
+
attr_accessor resource_type: ("AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::EFS::FileSystem" | "AWS::OpenSearchService::Domain" | "AWS::Kinesis::Stream" | "AWS::Kinesis::StreamConsumer" | "AWS::KMS::Key" | "AWS::Lambda::Function" | "AWS::S3::Bucket" | "AWS::S3::AccessPoint" | "AWS::S3Express::DirectoryBucket" | "AWS::S3::Glacier" | "AWS::S3Outposts::Bucket" | "AWS::S3Outposts::AccessPoint" | "AWS::SecretsManager::Secret" | "AWS::SNS::Topic" | "AWS::SQS::Queue" | "AWS::IAM::AssumeRolePolicyDocument")
|
180
|
+
SENSITIVE: [:policy_document]
|
181
|
+
end
|
182
|
+
|
183
|
+
class CheckNoPublicAccessResponse
|
184
|
+
attr_accessor result: ("PASS" | "FAIL")
|
185
|
+
attr_accessor message: ::String
|
186
|
+
attr_accessor reasons: ::Array[Types::ReasonSummary]
|
187
|
+
SENSITIVE: []
|
188
|
+
end
|
189
|
+
|
176
190
|
class CloudTrailDetails
|
177
191
|
attr_accessor trails: ::Array[Types::Trail]
|
178
192
|
attr_accessor access_role: ::String
|
@@ -422,6 +436,12 @@ module Aws::AccessAnalyzer
|
|
422
436
|
SENSITIVE: []
|
423
437
|
end
|
424
438
|
|
439
|
+
class GenerateFindingRecommendationRequest
|
440
|
+
attr_accessor analyzer_arn: ::String
|
441
|
+
attr_accessor id: ::String
|
442
|
+
SENSITIVE: []
|
443
|
+
end
|
444
|
+
|
425
445
|
class GeneratedPolicy
|
426
446
|
attr_accessor policy: ::String
|
427
447
|
SENSITIVE: []
|
@@ -483,6 +503,26 @@ module Aws::AccessAnalyzer
|
|
483
503
|
SENSITIVE: []
|
484
504
|
end
|
485
505
|
|
506
|
+
class GetFindingRecommendationRequest
|
507
|
+
attr_accessor analyzer_arn: ::String
|
508
|
+
attr_accessor id: ::String
|
509
|
+
attr_accessor max_results: ::Integer
|
510
|
+
attr_accessor next_token: ::String
|
511
|
+
SENSITIVE: []
|
512
|
+
end
|
513
|
+
|
514
|
+
class GetFindingRecommendationResponse
|
515
|
+
attr_accessor started_at: ::Time
|
516
|
+
attr_accessor completed_at: ::Time
|
517
|
+
attr_accessor next_token: ::String
|
518
|
+
attr_accessor error: Types::RecommendationError
|
519
|
+
attr_accessor resource_arn: ::String
|
520
|
+
attr_accessor recommended_steps: ::Array[Types::RecommendedStep]
|
521
|
+
attr_accessor recommendation_type: ("UnusedPermissionRecommendation")
|
522
|
+
attr_accessor status: ("SUCCEEDED" | "FAILED" | "IN_PROGRESS")
|
523
|
+
SENSITIVE: []
|
524
|
+
end
|
525
|
+
|
486
526
|
class GetFindingRequest
|
487
527
|
attr_accessor analyzer_arn: ::String
|
488
528
|
attr_accessor id: ::String
|
@@ -815,6 +855,23 @@ module Aws::AccessAnalyzer
|
|
815
855
|
SENSITIVE: []
|
816
856
|
end
|
817
857
|
|
858
|
+
class RecommendationError
|
859
|
+
attr_accessor code: ::String
|
860
|
+
attr_accessor message: ::String
|
861
|
+
SENSITIVE: []
|
862
|
+
end
|
863
|
+
|
864
|
+
class RecommendedStep
|
865
|
+
attr_accessor unused_permissions_recommended_step: Types::UnusedPermissionsRecommendedStep
|
866
|
+
attr_accessor unknown: untyped
|
867
|
+
SENSITIVE: []
|
868
|
+
|
869
|
+
class UnusedPermissionsRecommendedStep < RecommendedStep
|
870
|
+
end
|
871
|
+
class Unknown < RecommendedStep
|
872
|
+
end
|
873
|
+
end
|
874
|
+
|
818
875
|
class ResourceNotFoundException
|
819
876
|
attr_accessor message: ::String
|
820
877
|
attr_accessor resource_id: ::String
|
@@ -996,6 +1053,14 @@ module Aws::AccessAnalyzer
|
|
996
1053
|
SENSITIVE: []
|
997
1054
|
end
|
998
1055
|
|
1056
|
+
class UnusedPermissionsRecommendedStep
|
1057
|
+
attr_accessor policy_updated_at: ::Time
|
1058
|
+
attr_accessor recommended_action: ("CREATE_POLICY" | "DETACH_POLICY")
|
1059
|
+
attr_accessor recommended_policy: ::String
|
1060
|
+
attr_accessor existing_policy_id: ::String
|
1061
|
+
SENSITIVE: []
|
1062
|
+
end
|
1063
|
+
|
999
1064
|
class UpdateArchiveRuleRequest
|
1000
1065
|
attr_accessor analyzer_name: ::String
|
1001
1066
|
attr_accessor rule_name: ::String
|
@@ -1040,7 +1105,7 @@ module Aws::AccessAnalyzer
|
|
1040
1105
|
|
1041
1106
|
class ValidationException
|
1042
1107
|
attr_accessor message: ::String
|
1043
|
-
attr_accessor reason: ("unknownOperation" | "cannotParse" | "fieldValidationFailed" | "other")
|
1108
|
+
attr_accessor reason: ("unknownOperation" | "cannotParse" | "fieldValidationFailed" | "other" | "notSupported")
|
1044
1109
|
attr_accessor field_list: ::Array[Types::ValidationExceptionField]
|
1045
1110
|
SENSITIVE: []
|
1046
1111
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-accessanalyzer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.51.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-06-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.197.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.197.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|