aws-sdk-accessanalyzer 1.50.0 → 1.52.0

data/lib/aws-sdk-accessanalyzer/client_api.rb

@@ -17,6 +17,7 @@ module Aws::AccessAnalyzer
     AccessActionsList = Shapes::ListShape.new(name: 'AccessActionsList')
     AccessCheckPolicyDocument = Shapes::StringShape.new(name: 'AccessCheckPolicyDocument')
     AccessCheckPolicyType = Shapes::StringShape.new(name: 'AccessCheckPolicyType')
+    AccessCheckResourceType = Shapes::StringShape.new(name: 'AccessCheckResourceType')
     AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
     AccessPointArn = Shapes::StringShape.new(name: 'AccessPointArn')
     AccessPointPolicy = Shapes::StringShape.new(name: 'AccessPointPolicy')
@@ -30,6 +31,7 @@ module Aws::AccessAnalyzer
     AccessPreviewStatusReasonCode = Shapes::StringShape.new(name: 'AccessPreviewStatusReasonCode')
     AccessPreviewSummary = Shapes::StructureShape.new(name: 'AccessPreviewSummary')
     AccessPreviewsList = Shapes::ListShape.new(name: 'AccessPreviewsList')
+    AccessResourcesList = Shapes::ListShape.new(name: 'AccessResourcesList')
     AclCanonicalId = Shapes::StringShape.new(name: 'AclCanonicalId')
     AclGrantee = Shapes::UnionShape.new(name: 'AclGrantee')
     AclPermission = Shapes::StringShape.new(name: 'AclPermission')
@@ -57,6 +59,9 @@ module Aws::AccessAnalyzer
     CheckNoNewAccessRequest = Shapes::StructureShape.new(name: 'CheckNoNewAccessRequest')
     CheckNoNewAccessResponse = Shapes::StructureShape.new(name: 'CheckNoNewAccessResponse')
     CheckNoNewAccessResult = Shapes::StringShape.new(name: 'CheckNoNewAccessResult')
+    CheckNoPublicAccessRequest = Shapes::StructureShape.new(name: 'CheckNoPublicAccessRequest')
+    CheckNoPublicAccessResponse = Shapes::StructureShape.new(name: 'CheckNoPublicAccessResponse')
+    CheckNoPublicAccessResult = Shapes::StringShape.new(name: 'CheckNoPublicAccessResult')
     CloudTrailArn = Shapes::StringShape.new(name: 'CloudTrailArn')
     CloudTrailDetails = Shapes::StructureShape.new(name: 'CloudTrailDetails')
     CloudTrailProperties = Shapes::StructureShape.new(name: 'CloudTrailProperties')
@@ -106,6 +111,8 @@ module Aws::AccessAnalyzer
     FindingType = Shapes::StringShape.new(name: 'FindingType')
     FindingsList = Shapes::ListShape.new(name: 'FindingsList')
     FindingsListV2 = Shapes::ListShape.new(name: 'FindingsListV2')
+    GenerateFindingRecommendationRequest = Shapes::StructureShape.new(name: 'GenerateFindingRecommendationRequest')
+    GenerateFindingRecommendationRequestIdString = Shapes::StringShape.new(name: 'GenerateFindingRecommendationRequestIdString')
     GeneratedPolicy = Shapes::StructureShape.new(name: 'GeneratedPolicy')
     GeneratedPolicyList = Shapes::ListShape.new(name: 'GeneratedPolicyList')
     GeneratedPolicyProperties = Shapes::StructureShape.new(name: 'GeneratedPolicyProperties')
@@ -118,6 +125,10 @@ module Aws::AccessAnalyzer
     GetAnalyzerResponse = Shapes::StructureShape.new(name: 'GetAnalyzerResponse')
     GetArchiveRuleRequest = Shapes::StructureShape.new(name: 'GetArchiveRuleRequest')
     GetArchiveRuleResponse = Shapes::StructureShape.new(name: 'GetArchiveRuleResponse')
+    GetFindingRecommendationRequest = Shapes::StructureShape.new(name: 'GetFindingRecommendationRequest')
+    GetFindingRecommendationRequestIdString = Shapes::StringShape.new(name: 'GetFindingRecommendationRequestIdString')
+    GetFindingRecommendationRequestMaxResultsInteger = Shapes::IntegerShape.new(name: 'GetFindingRecommendationRequestMaxResultsInteger')
+    GetFindingRecommendationResponse = Shapes::StructureShape.new(name: 'GetFindingRecommendationResponse')
     GetFindingRequest = Shapes::StructureShape.new(name: 'GetFindingRequest')
     GetFindingResponse = Shapes::StructureShape.new(name: 'GetFindingResponse')
     GetFindingV2Request = Shapes::StructureShape.new(name: 'GetFindingV2Request')
@@ -205,7 +216,13 @@ module Aws::AccessAnalyzer
     ReasonCode = Shapes::StringShape.new(name: 'ReasonCode')
     ReasonSummary = Shapes::StructureShape.new(name: 'ReasonSummary')
     ReasonSummaryList = Shapes::ListShape.new(name: 'ReasonSummaryList')
+    RecommendationError = Shapes::StructureShape.new(name: 'RecommendationError')
+    RecommendationType = Shapes::StringShape.new(name: 'RecommendationType')
+    RecommendedRemediationAction = Shapes::StringShape.new(name: 'RecommendedRemediationAction')
+    RecommendedStep = Shapes::UnionShape.new(name: 'RecommendedStep')
+    RecommendedStepList = Shapes::ListShape.new(name: 'RecommendedStepList')
     RegionList = Shapes::ListShape.new(name: 'RegionList')
+    Resource = Shapes::StringShape.new(name: 'Resource')
     ResourceArn = Shapes::StringShape.new(name: 'ResourceArn')
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
     ResourceType = Shapes::StringShape.new(name: 'ResourceType')
@@ -234,6 +251,7 @@ module Aws::AccessAnalyzer
     StartPolicyGenerationRequest = Shapes::StructureShape.new(name: 'StartPolicyGenerationRequest')
     StartPolicyGenerationResponse = Shapes::StructureShape.new(name: 'StartPolicyGenerationResponse')
     StartResourceScanRequest = Shapes::StructureShape.new(name: 'StartResourceScanRequest')
+    Status = Shapes::StringShape.new(name: 'Status')
     StatusReason = Shapes::StructureShape.new(name: 'StatusReason')
     String = Shapes::StringShape.new(name: 'String')
     Substring = Shapes::StructureShape.new(name: 'Substring')
@@ -259,6 +277,7 @@ module Aws::AccessAnalyzer
     UnusedIamUserAccessKeyDetails = Shapes::StructureShape.new(name: 'UnusedIamUserAccessKeyDetails')
     UnusedIamUserPasswordDetails = Shapes::StructureShape.new(name: 'UnusedIamUserPasswordDetails')
     UnusedPermissionDetails = Shapes::StructureShape.new(name: 'UnusedPermissionDetails')
+    UnusedPermissionsRecommendedStep = Shapes::StructureShape.new(name: 'UnusedPermissionsRecommendedStep')
     UpdateArchiveRuleRequest = Shapes::StructureShape.new(name: 'UpdateArchiveRuleRequest')
     UpdateFindingsRequest = Shapes::StructureShape.new(name: 'UpdateFindingsRequest')
     ValidatePolicyFinding = Shapes::StructureShape.new(name: 'ValidatePolicyFinding')
@@ -275,7 +294,8 @@ module Aws::AccessAnalyzer
     VpcConfiguration = Shapes::StructureShape.new(name: 'VpcConfiguration')
     VpcId = Shapes::StringShape.new(name: 'VpcId')
 
-    Access.add_member(:actions, Shapes::ShapeRef.new(shape: AccessActionsList, required: true, location_name: "actions"))
+    Access.add_member(:actions, Shapes::ShapeRef.new(shape: AccessActionsList, location_name: "actions"))
+    Access.add_member(:resources, Shapes::ShapeRef.new(shape: AccessResourcesList, location_name: "resources"))
     Access.struct_class = Types::Access
 
     AccessActionsList.member = Shapes::ShapeRef.new(shape: Action)
@@ -322,6 +342,8 @@ module Aws::AccessAnalyzer
 
     AccessPreviewsList.member = Shapes::ShapeRef.new(shape: AccessPreviewSummary)
 
+    AccessResourcesList.member = Shapes::ShapeRef.new(shape: Resource)
+
     AclGrantee.add_member(:id, Shapes::ShapeRef.new(shape: AclCanonicalId, location_name: "id"))
     AclGrantee.add_member(:uri, Shapes::ShapeRef.new(shape: AclUri, location_name: "uri"))
     AclGrantee.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
@@ -412,6 +434,15 @@ module Aws::AccessAnalyzer
     CheckNoNewAccessResponse.add_member(:reasons, Shapes::ShapeRef.new(shape: ReasonSummaryList, location_name: "reasons"))
     CheckNoNewAccessResponse.struct_class = Types::CheckNoNewAccessResponse
 
+    CheckNoPublicAccessRequest.add_member(:policy_document, Shapes::ShapeRef.new(shape: AccessCheckPolicyDocument, required: true, location_name: "policyDocument"))
+    CheckNoPublicAccessRequest.add_member(:resource_type, Shapes::ShapeRef.new(shape: AccessCheckResourceType, required: true, location_name: "resourceType"))
+    CheckNoPublicAccessRequest.struct_class = Types::CheckNoPublicAccessRequest
+
+    CheckNoPublicAccessResponse.add_member(:result, Shapes::ShapeRef.new(shape: CheckNoPublicAccessResult, location_name: "result"))
+    CheckNoPublicAccessResponse.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
+    CheckNoPublicAccessResponse.add_member(:reasons, Shapes::ShapeRef.new(shape: ReasonSummaryList, location_name: "reasons"))
+    CheckNoPublicAccessResponse.struct_class = Types::CheckNoPublicAccessResponse
+
     CloudTrailDetails.add_member(:trails, Shapes::ShapeRef.new(shape: TrailList, required: true, location_name: "trails"))
     CloudTrailDetails.add_member(:access_role, Shapes::ShapeRef.new(shape: RoleArn, required: true, location_name: "accessRole"))
     CloudTrailDetails.add_member(:start_time, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "startTime"))
@@ -613,6 +644,10 @@ module Aws::AccessAnalyzer
 
     FindingsListV2.member = Shapes::ShapeRef.new(shape: FindingSummaryV2)
 
+    GenerateFindingRecommendationRequest.add_member(:analyzer_arn, Shapes::ShapeRef.new(shape: AnalyzerArn, required: true, location: "querystring", location_name: "analyzerArn"))
+    GenerateFindingRecommendationRequest.add_member(:id, Shapes::ShapeRef.new(shape: GenerateFindingRecommendationRequestIdString, required: true, location: "uri", location_name: "id"))
+    GenerateFindingRecommendationRequest.struct_class = Types::GenerateFindingRecommendationRequest
+
     GeneratedPolicy.add_member(:policy, Shapes::ShapeRef.new(shape: String, required: true, location_name: "policy"))
     GeneratedPolicy.struct_class = Types::GeneratedPolicy
 
@@ -654,6 +689,22 @@ module Aws::AccessAnalyzer
     GetArchiveRuleResponse.add_member(:archive_rule, Shapes::ShapeRef.new(shape: ArchiveRuleSummary, required: true, location_name: "archiveRule"))
     GetArchiveRuleResponse.struct_class = Types::GetArchiveRuleResponse
 
+    GetFindingRecommendationRequest.add_member(:analyzer_arn, Shapes::ShapeRef.new(shape: AnalyzerArn, required: true, location: "querystring", location_name: "analyzerArn"))
+    GetFindingRecommendationRequest.add_member(:id, Shapes::ShapeRef.new(shape: GetFindingRecommendationRequestIdString, required: true, location: "uri", location_name: "id"))
+    GetFindingRecommendationRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: GetFindingRecommendationRequestMaxResultsInteger, location: "querystring", location_name: "maxResults"))
+    GetFindingRecommendationRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location: "querystring", location_name: "nextToken"))
+    GetFindingRecommendationRequest.struct_class = Types::GetFindingRecommendationRequest
+
+    GetFindingRecommendationResponse.add_member(:started_at, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "startedAt"))
+    GetFindingRecommendationResponse.add_member(:completed_at, Shapes::ShapeRef.new(shape: Timestamp, location_name: "completedAt"))
+    GetFindingRecommendationResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location_name: "nextToken"))
+    GetFindingRecommendationResponse.add_member(:error, Shapes::ShapeRef.new(shape: RecommendationError, location_name: "error"))
+    GetFindingRecommendationResponse.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "resourceArn"))
+    GetFindingRecommendationResponse.add_member(:recommended_steps, Shapes::ShapeRef.new(shape: RecommendedStepList, location_name: "recommendedSteps"))
+    GetFindingRecommendationResponse.add_member(:recommendation_type, Shapes::ShapeRef.new(shape: RecommendationType, required: true, location_name: "recommendationType"))
+    GetFindingRecommendationResponse.add_member(:status, Shapes::ShapeRef.new(shape: Status, required: true, location_name: "status"))
+    GetFindingRecommendationResponse.struct_class = Types::GetFindingRecommendationResponse
+
     GetFindingRequest.add_member(:analyzer_arn, Shapes::ShapeRef.new(shape: AnalyzerArn, required: true, location: "querystring", location_name: "analyzerArn"))
     GetFindingRequest.add_member(:id, Shapes::ShapeRef.new(shape: FindingId, required: true, location: "uri", location_name: "id"))
     GetFindingRequest.struct_class = Types::GetFindingRequest
@@ -914,6 +965,18 @@ module Aws::AccessAnalyzer
 
     ReasonSummaryList.member = Shapes::ShapeRef.new(shape: ReasonSummary)
 
+    RecommendationError.add_member(:code, Shapes::ShapeRef.new(shape: String, required: true, location_name: "code"))
+    RecommendationError.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
+    RecommendationError.struct_class = Types::RecommendationError
+
+    RecommendedStep.add_member(:unused_permissions_recommended_step, Shapes::ShapeRef.new(shape: UnusedPermissionsRecommendedStep, location_name: "unusedPermissionsRecommendedStep"))
+    RecommendedStep.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    RecommendedStep.add_member_subclass(:unused_permissions_recommended_step, Types::RecommendedStep::UnusedPermissionsRecommendedStep)
+    RecommendedStep.add_member_subclass(:unknown, Types::RecommendedStep::Unknown)
+    RecommendedStep.struct_class = Types::RecommendedStep
+
+    RecommendedStepList.member = Shapes::ShapeRef.new(shape: RecommendedStep)
+
     RegionList.member = Shapes::ShapeRef.new(shape: String)
 
     ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
@@ -1055,6 +1118,12 @@ module Aws::AccessAnalyzer
     UnusedPermissionDetails.add_member(:last_accessed, Shapes::ShapeRef.new(shape: Timestamp, location_name: "lastAccessed"))
     UnusedPermissionDetails.struct_class = Types::UnusedPermissionDetails
 
+    UnusedPermissionsRecommendedStep.add_member(:policy_updated_at, Shapes::ShapeRef.new(shape: Timestamp, location_name: "policyUpdatedAt"))
+    UnusedPermissionsRecommendedStep.add_member(:recommended_action, Shapes::ShapeRef.new(shape: RecommendedRemediationAction, required: true, location_name: "recommendedAction"))
+    UnusedPermissionsRecommendedStep.add_member(:recommended_policy, Shapes::ShapeRef.new(shape: String, location_name: "recommendedPolicy"))
+    UnusedPermissionsRecommendedStep.add_member(:existing_policy_id, Shapes::ShapeRef.new(shape: String, location_name: "existingPolicyId"))
+    UnusedPermissionsRecommendedStep.struct_class = Types::UnusedPermissionsRecommendedStep
+
     UpdateArchiveRuleRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "analyzerName"))
     UpdateArchiveRuleRequest.add_member(:rule_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "ruleName"))
     UpdateArchiveRuleRequest.add_member(:filter, Shapes::ShapeRef.new(shape: FilterCriteriaMap, required: true, location_name: "filter"))
@@ -1114,8 +1183,8 @@ module Aws::AccessAnalyzer
       api.metadata = {
         "apiVersion" => "2019-11-01",
         "endpointPrefix" => "access-analyzer",
-        "jsonVersion" => "1.1",
         "protocol" => "rest-json",
+        "protocols" => ["rest-json"],
         "serviceFullName" => "Access Analyzer",
         "serviceId" => "AccessAnalyzer",
         "signatureVersion" => "v4",
@@ -1176,6 +1245,20 @@ module Aws::AccessAnalyzer
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
 
+      api.add_operation(:check_no_public_access, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "CheckNoPublicAccess"
+        o.http_method = "POST"
+        o.http_request_uri = "/policy/check-no-public-access"
+        o.input = Shapes::ShapeRef.new(shape: CheckNoPublicAccessRequest)
+        o.output = Shapes::ShapeRef.new(shape: CheckNoPublicAccessResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: UnprocessableEntityException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+      end)
+
       api.add_operation(:create_access_preview, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreateAccessPreview"
         o.http_method = "PUT"
@@ -1246,6 +1329,18 @@ module Aws::AccessAnalyzer
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
 
+      api.add_operation(:generate_finding_recommendation, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GenerateFindingRecommendation"
+        o.http_method = "POST"
+        o.http_request_uri = "/recommendation/{id}"
+        o.input = Shapes::ShapeRef.new(shape: GenerateFindingRecommendationRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+      end)
+
       api.add_operation(:get_access_preview, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetAccessPreview"
         o.http_method = "GET"
@@ -1311,6 +1406,25 @@ module Aws::AccessAnalyzer
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
 
+      api.add_operation(:get_finding_recommendation, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetFindingRecommendation"
+        o.http_method = "GET"
+        o.http_request_uri = "/recommendation/{id}"
+        o.input = Shapes::ShapeRef.new(shape: GetFindingRecommendationRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetFindingRecommendationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
+
       api.add_operation(:get_finding_v2, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetFindingV2"
         o.http_method = "GET"

data/lib/aws-sdk-accessanalyzer/endpoints.rb

@@ -68,6 +68,20 @@ module Aws::AccessAnalyzer
       end
     end
 
+    class CheckNoPublicAccess
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::AccessAnalyzer::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
     class CreateAccessPreview
       def self.build(context)
         unless context.config.regional_endpoint
@@ -138,6 +152,20 @@ module Aws::AccessAnalyzer
       end
     end
 
+    class GenerateFindingRecommendation
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::AccessAnalyzer::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
     class GetAccessPreview
       def self.build(context)
         unless context.config.regional_endpoint
@@ -208,6 +236,20 @@ module Aws::AccessAnalyzer
       end
     end
 
+    class GetFindingRecommendation
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::AccessAnalyzer::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
     class GetFindingV2
       def self.build(context)
         unless context.config.regional_endpoint

data/lib/aws-sdk-accessanalyzer/plugins/endpoints.rb

@@ -66,6 +66,8 @@ module Aws::AccessAnalyzer
             Aws::AccessAnalyzer::Endpoints::CheckAccessNotGranted.build(context)
           when :check_no_new_access
             Aws::AccessAnalyzer::Endpoints::CheckNoNewAccess.build(context)
+          when :check_no_public_access
+            Aws::AccessAnalyzer::Endpoints::CheckNoPublicAccess.build(context)
           when :create_access_preview
             Aws::AccessAnalyzer::Endpoints::CreateAccessPreview.build(context)
           when :create_analyzer
@@ -76,6 +78,8 @@ module Aws::AccessAnalyzer
             Aws::AccessAnalyzer::Endpoints::DeleteAnalyzer.build(context)
           when :delete_archive_rule
             Aws::AccessAnalyzer::Endpoints::DeleteArchiveRule.build(context)
+          when :generate_finding_recommendation
+            Aws::AccessAnalyzer::Endpoints::GenerateFindingRecommendation.build(context)
           when :get_access_preview
             Aws::AccessAnalyzer::Endpoints::GetAccessPreview.build(context)
           when :get_analyzed_resource
@@ -86,6 +90,8 @@ module Aws::AccessAnalyzer
             Aws::AccessAnalyzer::Endpoints::GetArchiveRule.build(context)
           when :get_finding
             Aws::AccessAnalyzer::Endpoints::GetFinding.build(context)
+          when :get_finding_recommendation
+            Aws::AccessAnalyzer::Endpoints::GetFindingRecommendation.build(context)
           when :get_finding_v2
             Aws::AccessAnalyzer::Endpoints::GetFindingV2.build(context)
           when :get_generated_policy

data/lib/aws-sdk-accessanalyzer/types.rb

@@ -10,8 +10,8 @@
 module Aws::AccessAnalyzer
   module Types
 
-    # Contains information about actions that define permissions to check
-    # against a policy.
+    # Contains information about actions and resources that define
+    # permissions to check against a policy.
     #
     # @!attribute [rw] actions
     #   A list of actions for the access permissions. Any strings that can
@@ -19,10 +19,17 @@ module Aws::AccessAnalyzer
     #   actions to check.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] resources
+    #   A list of resources for the access permissions. Any strings that can
+    #   be used as a resource in an IAM policy can be used in the list of
+    #   resources to check.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Access AWS API Documentation
     #
     class Access < Struct.new(
-      :actions)
+      :actions,
+      :resources)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -575,7 +582,13 @@ module Aws::AccessAnalyzer
     #
     # @!attribute [rw] access
     #   An access object containing the permissions that shouldn't be
-    #   granted by the specified policy.
+    #   granted by the specified policy. If only actions are specified, IAM
+    #   Access Analyzer checks for access of the actions on all resources in
+    #   the policy. If only resources are specified, then IAM Access
+    #   Analyzer checks which actions have access to the specified
+    #   resources. If both actions and resources are specified, then IAM
+    #   Access Analyzer checks which of the specified actions have access to
+    #   the specified resources.
     #   @return [Array<Types::Access>]
     #
     # @!attribute [rw] policy_type
@@ -682,6 +695,55 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # @!attribute [rw] policy_document
+    #   The JSON policy document to evaluate for public access.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_type
+    #   The type of resource to evaluate for public access. For example, to
+    #   check for public access to Amazon S3 buckets, you can choose
+    #   `AWS::S3::Bucket` for the resource type.
+    #
+    #   For resource types not supported as valid values, IAM Access
+    #   Analyzer will return an error.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CheckNoPublicAccessRequest AWS API Documentation
+    #
+    class CheckNoPublicAccessRequest < Struct.new(
+      :policy_document,
+      :resource_type)
+      SENSITIVE = [:policy_document]
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] result
+    #   The result of the check for public access to the specified resource
+    #   type. If the result is `PASS`, the policy doesn't allow public
+    #   access to the specified resource type. If the result is `FAIL`, the
+    #   policy might allow public access to the specified resource type.
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   The message indicating whether the specified policy allows public
+    #   access to resources.
+    #   @return [String]
+    #
+    # @!attribute [rw] reasons
+    #   A list of reasons why the specified resource policy grants public
+    #   access for the resource type.
+    #   @return [Array<Types::ReasonSummary>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CheckNoPublicAccessResponse AWS API Documentation
+    #
+    class CheckNoPublicAccessResponse < Struct.new(
+      :result,
+      :message,
+      :reasons)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains information about CloudTrail access.
     #
     # @!attribute [rw] trails
@@ -1687,6 +1749,28 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # @!attribute [rw] analyzer_arn
+    #   The [ARN of the analyzer][1] used to generate the finding
+    #   recommendation.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   The unique ID for the finding recommendation.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GenerateFindingRecommendationRequest AWS API Documentation
+    #
+    class GenerateFindingRecommendationRequest < Struct.new(
+      :analyzer_arn,
+      :id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains the text for the generated policy.
     #
     # @!attribute [rw] policy
@@ -1891,6 +1975,88 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # @!attribute [rw] analyzer_arn
+    #   The [ARN of the analyzer][1] used to generate the finding
+    #   recommendation.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   The unique ID for the finding recommendation.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results to return in the response.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   A token used for pagination of results returned.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFindingRecommendationRequest AWS API Documentation
+    #
+    class GetFindingRecommendationRequest < Struct.new(
+      :analyzer_arn,
+      :id,
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] started_at
+    #   The time at which the retrieval of the finding recommendation was
+    #   started.
+    #   @return [Time]
+    #
+    # @!attribute [rw] completed_at
+    #   The time at which the retrieval of the finding recommendation was
+    #   completed.
+    #   @return [Time]
+    #
+    # @!attribute [rw] next_token
+    #   A token used for pagination of results returned.
+    #   @return [String]
+    #
+    # @!attribute [rw] error
+    #   Detailed information about the reason that the retrieval of a
+    #   recommendation for the finding failed.
+    #   @return [Types::RecommendationError]
+    #
+    # @!attribute [rw] resource_arn
+    #   The ARN of the resource of the finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] recommended_steps
+    #   A group of recommended steps for the finding.
+    #   @return [Array<Types::RecommendedStep>]
+    #
+    # @!attribute [rw] recommendation_type
+    #   The type of recommendation for the finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The status of the retrieval of the finding recommendation.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFindingRecommendationResponse AWS API Documentation
+    #
+    class GetFindingRecommendationResponse < Struct.new(
+      :started_at,
+      :completed_at,
+      :next_token,
+      :error,
+      :resource_arn,
+      :recommended_steps,
+      :recommendation_type,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Retrieves a finding.
     #
     # @!attribute [rw] analyzer_arn
@@ -3167,6 +3333,50 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # Contains information about the reason that the retrieval of a
+    # recommendation for a finding failed.
+    #
+    # @!attribute [rw] code
+    #   The error code for a failed retrieval of a recommendation for a
+    #   finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   The error message for a failed retrieval of a recommendation for a
+    #   finding.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RecommendationError AWS API Documentation
+    #
+    class RecommendationError < Struct.new(
+      :code,
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about a recommended step for an unused access
+    # analyzer finding.
+    #
+    # @note RecommendedStep is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of RecommendedStep corresponding to the set member.
+    #
+    # @!attribute [rw] unused_permissions_recommended_step
+    #   A recommended step for an unused permissions finding.
+    #   @return [Types::UnusedPermissionsRecommendedStep]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/RecommendedStep AWS API Documentation
+    #
+    class RecommendedStep < Struct.new(
+      :unused_permissions_recommended_step,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class UnusedPermissionsRecommendedStep < RecommendedStep; end
+      class Unknown < RecommendedStep; end
+    end
+
     # The specified resource could not be found.
     #
     # @!attribute [rw] message
@@ -3930,7 +4140,7 @@ module Aws::AccessAnalyzer
     #   @return [String]
     #
     # @!attribute [rw] last_accessed
-    #   The time at which the permission last accessed.
+    #   The time at which the permission was last accessed.
     #   @return [Time]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UnusedPermissionDetails AWS API Documentation
@@ -3943,6 +4153,41 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # Contains information about the action to take for a policy in an
+    # unused permissions finding.
+    #
+    # @!attribute [rw] policy_updated_at
+    #   The time at which the existing policy for the unused permissions
+    #   finding was last updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] recommended_action
+    #   A recommendation of whether to create or detach a policy for an
+    #   unused permissions finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] recommended_policy
+    #   If the recommended action for the unused permissions finding is to
+    #   replace the existing policy, the contents of the recommended policy
+    #   to replace the policy specified in the `existingPolicyId` field.
+    #   @return [String]
+    #
+    # @!attribute [rw] existing_policy_id
+    #   If the recommended action for the unused permissions finding is to
+    #   detach a policy, the ID of an existing policy to be detached.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UnusedPermissionsRecommendedStep AWS API Documentation
+    #
+    class UnusedPermissionsRecommendedStep < Struct.new(
+      :policy_updated_at,
+      :recommended_action,
+      :recommended_policy,
+      :existing_policy_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Updates the specified archive rule.
     #
     # @!attribute [rw] analyzer_name

data/lib/aws-sdk-accessanalyzer.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-accessanalyzer/customizations'
 # @!group service
 module Aws::AccessAnalyzer
 
-  GEM_VERSION = '1.50.0'
+  GEM_VERSION = '1.52.0'
 
 end