aws-sdk-accessanalyzer 1.63.0 → 1.65.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c447bf8de1d6dd1a90d8e44347b1ac0c11b4e4f66631639613f55e7e46befd42
-  data.tar.gz: 9c7ae9c351e0d8259bf12f8af1e344d696a7ed44e77d1cc12e4f3563f7f757bb
+  metadata.gz: c3ff3f6bceaf3418b3e54c4ea0d99ede89cc928cd0893b394e36754282a2192b
+  data.tar.gz: 0b058cdb0c604cd3fbf886753fbb2e0f2b6baaab60841bfca3b8bb20876fdf88
 SHA512:
-  metadata.gz: bb005943fd3fb07e498393000ce199903ad7ee88531bea0b7183686202fc53afcb34c7709263cbd850280cba1e2b25a7f011ea3b3d8274609a93a711ac8f3ffd
-  data.tar.gz: 60b3142ad2acbccdef1908dae580bb99f08c7411aac664e6edb25cb8d38afa2381d04c7e6252bc177adcd288b17fbb4bf4e289e4fc65722525850ae3dc476605
+  metadata.gz: 83e03b02eacead1f8189b7d20f6ba96cea831e6aeb8940e8bffb2054be060f2fa1e764623443793d320f013df2fd20f03580d421b65081759b5db9bdf9adb43d
+  data.tar.gz: 9ae70c95401884fae23af2cac48bf25e7bfc6a59daa12ee7250ed7c7ed880bb237cf09a483125682ee5abd478eb50f45bcdc0e6a945b4dfe8f86acdcb086296c

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.65.0 (2025-01-15)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.64.0 (2024-11-14)
+------------------
+
+* Feature - Expand analyzer configuration capabilities for unused access analyzers. Unused access analyzer configurations now support the ability to exclude accounts and resource tags from analysis providing more granular control over the scope of analysis.
+
 1.63.0 (2024-11-13)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.63.0
+1.65.0

data/lib/aws-sdk-accessanalyzer/client.rb

@@ -257,11 +257,34 @@ module Aws::AccessAnalyzer
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [String] :request_checksum_calculation ("when_supported")
+    #     Determines when a checksum will be calculated for request payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, a checksum will be
+    #       calculated for all request payloads of operations modeled with the
+    #       `httpChecksum` trait where `requestChecksumRequired` is `true` and/or a
+    #       `requestAlgorithmMember` is modeled.
+    #     * `when_required` - When set, a checksum will only be calculated for
+    #       request payloads of operations modeled with the  `httpChecksum` trait where
+    #       `requestChecksumRequired` is `true` or where a `requestAlgorithmMember`
+    #       is modeled and supplied.
+    #
     #   @option options [Integer] :request_min_compression_size_bytes (10240)
     #     The minimum size in bytes that triggers compression for request
     #     bodies. The value must be non-negative integer value between 0
     #     and 10485780 bytes inclusive.
     #
+    #   @option options [String] :response_checksum_validation ("when_supported")
+    #     Determines when checksum validation will be performed on response payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, checksum validation is performed on all
+    #       response payloads of operations modeled with the `httpChecksum` trait where
+    #       `responseAlgorithms` is modeled, except when no modeled checksum algorithms
+    #       are supported.
+    #     * `when_required` - When set, checksum validation is not performed on
+    #       response payloads of operations unless the checksum algorithm is supported and
+    #       the `requestValidationModeMember` member is set to `ENABLED`.
+    #
     #   @option options [Proc] :retry_backoff
     #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
     #     This option is only used in the `legacy` retry mode.
@@ -950,7 +973,15 @@ module Aws::AccessAnalyzer
     #   the rule.
     #
     # @option params [Hash<String,String>] :tags
-    #   An array of key-value pairs to apply to the analyzer.
+    #   An array of key-value pairs to apply to the analyzer. You can use the
+    #   set of Unicode letters, digits, whitespace, `_`, `.`, `/`, `=`, `+`,
+    #   and `-`.
+    #
+    #   For the tag key, you can specify a value that is 1 to 128 characters
+    #   in length and cannot be prefixed with `aws:`.
+    #
+    #   For the tag value, you can specify a value that is 0 to 256 characters
+    #   in length.
     #
     # @option params [String] :client_token
     #   A client token.
@@ -961,8 +992,7 @@ module Aws::AccessAnalyzer
     # @option params [Types::AnalyzerConfiguration] :configuration
     #   Specifies the configuration of the analyzer. If the analyzer is an
     #   unused access analyzer, the specified scope of unused access is used
-    #   for the configuration. If the analyzer is an external access analyzer,
-    #   this field is not used.
+    #   for the configuration.
     #
     # @return [Types::CreateAnalyzerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -993,6 +1023,18 @@ module Aws::AccessAnalyzer
     #     configuration: {
     #       unused_access: {
     #         unused_access_age: 1,
+    #         analysis_rule: {
+    #           exclusions: [
+    #             {
+    #               account_ids: ["String"],
+    #               resource_tags: [
+    #                 {
+    #                   "String" => "String",
+    #                 },
+    #               ],
+    #             },
+    #           ],
+    #         },
     #       },
     #     },
     #   })
@@ -1294,7 +1336,7 @@ module Aws::AccessAnalyzer
     # @example Response structure
     #
     #   resp.resource.resource_arn #=> String
-    #   resp.resource.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream"
+    #   resp.resource.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream", "AWS::IAM::User"
     #   resp.resource.created_at #=> Time
     #   resp.resource.analyzed_at #=> Time
     #   resp.resource.updated_at #=> Time
@@ -1344,6 +1386,12 @@ module Aws::AccessAnalyzer
     #   resp.analyzer.status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
     #   resp.analyzer.status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
     #   resp.analyzer.configuration.unused_access.unused_access_age #=> Integer
+    #   resp.analyzer.configuration.unused_access.analysis_rule.exclusions #=> Array
+    #   resp.analyzer.configuration.unused_access.analysis_rule.exclusions[0].account_ids #=> Array
+    #   resp.analyzer.configuration.unused_access.analysis_rule.exclusions[0].account_ids[0] #=> String
+    #   resp.analyzer.configuration.unused_access.analysis_rule.exclusions[0].resource_tags #=> Array
+    #   resp.analyzer.configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0] #=> Hash
+    #   resp.analyzer.configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0]["String"] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzer AWS API Documentation
     #
@@ -1438,7 +1486,7 @@ module Aws::AccessAnalyzer
     #   resp.finding.action[0] #=> String
     #   resp.finding.resource #=> String
     #   resp.finding.is_public #=> Boolean
-    #   resp.finding.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream"
+    #   resp.finding.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream", "AWS::IAM::User"
     #   resp.finding.condition #=> Hash
     #   resp.finding.condition["String"] #=> String
     #   resp.finding.created_at #=> Time
@@ -1662,7 +1710,7 @@ module Aws::AccessAnalyzer
     #   resp.id #=> String
     #   resp.next_token #=> String
     #   resp.resource #=> String
-    #   resp.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream"
+    #   resp.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream", "AWS::IAM::User"
     #   resp.resource_owner_account #=> String
     #   resp.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
     #   resp.updated_at #=> Time
@@ -1826,7 +1874,7 @@ module Aws::AccessAnalyzer
     #   resp.findings[0].condition["String"] #=> String
     #   resp.findings[0].resource #=> String
     #   resp.findings[0].is_public #=> Boolean
-    #   resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream"
+    #   resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream", "AWS::IAM::User"
     #   resp.findings[0].created_at #=> Time
     #   resp.findings[0].change_type #=> String, one of "CHANGED", "NEW", "UNCHANGED"
     #   resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
@@ -1898,8 +1946,7 @@ module Aws::AccessAnalyzer
     end
 
     # Retrieves a list of resources of the specified type that have been
-    # analyzed by the specified external access analyzer. This action is not
-    # supported for unused access analyzers.
+    # analyzed by the specified analyzer.
     #
     # @option params [required, String] :analyzer_arn
     #   The [ARN of the analyzer][1] to retrieve a list of analyzed resources
@@ -1929,7 +1976,7 @@ module Aws::AccessAnalyzer
     #
     #   resp = client.list_analyzed_resources({
     #     analyzer_arn: "AnalyzerArn", # required
-    #     resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic, AWS::S3Express::DirectoryBucket, AWS::DynamoDB::Table, AWS::DynamoDB::Stream
+    #     resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic, AWS::S3Express::DirectoryBucket, AWS::DynamoDB::Table, AWS::DynamoDB::Stream, AWS::IAM::User
     #     next_token: "Token",
     #     max_results: 1,
     #   })
@@ -1939,7 +1986,7 @@ module Aws::AccessAnalyzer
     #   resp.analyzed_resources #=> Array
     #   resp.analyzed_resources[0].resource_arn #=> String
     #   resp.analyzed_resources[0].resource_owner_account #=> String
-    #   resp.analyzed_resources[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream"
+    #   resp.analyzed_resources[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream", "AWS::IAM::User"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResources AWS API Documentation
@@ -1991,6 +2038,12 @@ module Aws::AccessAnalyzer
     #   resp.analyzers[0].status #=> String, one of "ACTIVE", "CREATING", "DISABLED", "FAILED"
     #   resp.analyzers[0].status_reason.code #=> String, one of "AWS_SERVICE_ACCESS_DISABLED", "DELEGATED_ADMINISTRATOR_DEREGISTERED", "ORGANIZATION_DELETED", "SERVICE_LINKED_ROLE_CREATION_FAILED"
     #   resp.analyzers[0].configuration.unused_access.unused_access_age #=> Integer
+    #   resp.analyzers[0].configuration.unused_access.analysis_rule.exclusions #=> Array
+    #   resp.analyzers[0].configuration.unused_access.analysis_rule.exclusions[0].account_ids #=> Array
+    #   resp.analyzers[0].configuration.unused_access.analysis_rule.exclusions[0].account_ids[0] #=> String
+    #   resp.analyzers[0].configuration.unused_access.analysis_rule.exclusions[0].resource_tags #=> Array
+    #   resp.analyzers[0].configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0] #=> Hash
+    #   resp.analyzers[0].configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0]["String"] #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers AWS API Documentation
@@ -2123,7 +2176,7 @@ module Aws::AccessAnalyzer
     #   resp.findings[0].action[0] #=> String
     #   resp.findings[0].resource #=> String
     #   resp.findings[0].is_public #=> Boolean
-    #   resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream"
+    #   resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream", "AWS::IAM::User"
     #   resp.findings[0].condition #=> Hash
     #   resp.findings[0].condition["String"] #=> String
     #   resp.findings[0].created_at #=> Time
@@ -2216,7 +2269,7 @@ module Aws::AccessAnalyzer
     #   resp.findings[0].error #=> String
     #   resp.findings[0].id #=> String
     #   resp.findings[0].resource #=> String
-    #   resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream"
+    #   resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream", "AWS::IAM::User"
     #   resp.findings[0].resource_owner_account #=> String
     #   resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
     #   resp.findings[0].updated_at #=> Time
@@ -2462,6 +2515,61 @@ module Aws::AccessAnalyzer
       req.send_request(options)
     end
 
+    # Modifies the configuration of an existing analyzer.
+    #
+    # @option params [required, String] :analyzer_name
+    #   The name of the analyzer to modify.
+    #
+    # @option params [Types::AnalyzerConfiguration] :configuration
+    #   Contains information about the configuration of an analyzer for an
+    #   Amazon Web Services organization or account.
+    #
+    # @return [Types::UpdateAnalyzerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateAnalyzerResponse#configuration #configuration} => Types::AnalyzerConfiguration
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_analyzer({
+    #     analyzer_name: "Name", # required
+    #     configuration: {
+    #       unused_access: {
+    #         unused_access_age: 1,
+    #         analysis_rule: {
+    #           exclusions: [
+    #             {
+    #               account_ids: ["String"],
+    #               resource_tags: [
+    #                 {
+    #                   "String" => "String",
+    #                 },
+    #               ],
+    #             },
+    #           ],
+    #         },
+    #       },
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.configuration.unused_access.unused_access_age #=> Integer
+    #   resp.configuration.unused_access.analysis_rule.exclusions #=> Array
+    #   resp.configuration.unused_access.analysis_rule.exclusions[0].account_ids #=> Array
+    #   resp.configuration.unused_access.analysis_rule.exclusions[0].account_ids[0] #=> String
+    #   resp.configuration.unused_access.analysis_rule.exclusions[0].resource_tags #=> Array
+    #   resp.configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0] #=> Hash
+    #   resp.configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0]["String"] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateAnalyzer AWS API Documentation
+    #
+    # @overload update_analyzer(params = {})
+    # @param [Hash] params ({})
+    def update_analyzer(params = {}, options = {})
+      req = build_request(:update_analyzer, params)
+      req.send_request(options)
+    end
+
     # Updates the criteria and values for the specified archive rule.
     #
     # @option params [required, String] :analyzer_name
@@ -2666,7 +2774,7 @@ module Aws::AccessAnalyzer
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-accessanalyzer'
-      context[:gem_version] = '1.63.0'
+      context[:gem_version] = '1.65.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-accessanalyzer/client_api.rb

@@ -33,12 +33,16 @@ module Aws::AccessAnalyzer
     AccessPreviewSummary = Shapes::StructureShape.new(name: 'AccessPreviewSummary')
     AccessPreviewsList = Shapes::ListShape.new(name: 'AccessPreviewsList')
     AccessResourcesList = Shapes::ListShape.new(name: 'AccessResourcesList')
+    AccountIdsList = Shapes::ListShape.new(name: 'AccountIdsList')
     AclCanonicalId = Shapes::StringShape.new(name: 'AclCanonicalId')
     AclGrantee = Shapes::UnionShape.new(name: 'AclGrantee')
     AclPermission = Shapes::StringShape.new(name: 'AclPermission')
     AclUri = Shapes::StringShape.new(name: 'AclUri')
     Action = Shapes::StringShape.new(name: 'Action')
     ActionList = Shapes::ListShape.new(name: 'ActionList')
+    AnalysisRule = Shapes::StructureShape.new(name: 'AnalysisRule')
+    AnalysisRuleCriteria = Shapes::StructureShape.new(name: 'AnalysisRuleCriteria')
+    AnalysisRuleCriteriaList = Shapes::ListShape.new(name: 'AnalysisRuleCriteriaList')
     AnalyzedResource = Shapes::StructureShape.new(name: 'AnalyzedResource')
     AnalyzedResourceSummary = Shapes::StructureShape.new(name: 'AnalyzedResourceSummary')
     AnalyzedResourcesList = Shapes::ListShape.new(name: 'AnalyzedResourcesList')
@@ -260,6 +264,7 @@ module Aws::AccessAnalyzer
     TagKeys = Shapes::ListShape.new(name: 'TagKeys')
     TagResourceRequest = Shapes::StructureShape.new(name: 'TagResourceRequest')
     TagResourceResponse = Shapes::StructureShape.new(name: 'TagResourceResponse')
+    TagsList = Shapes::ListShape.new(name: 'TagsList')
     TagsMap = Shapes::MapShape.new(name: 'TagsMap')
     ThrottlingException = Shapes::StructureShape.new(name: 'ThrottlingException')
     Timestamp = Shapes::TimestampShape.new(name: 'Timestamp', timestampFormat: "iso8601")
@@ -280,6 +285,8 @@ module Aws::AccessAnalyzer
     UnusedIamUserPasswordDetails = Shapes::StructureShape.new(name: 'UnusedIamUserPasswordDetails')
     UnusedPermissionDetails = Shapes::StructureShape.new(name: 'UnusedPermissionDetails')
     UnusedPermissionsRecommendedStep = Shapes::StructureShape.new(name: 'UnusedPermissionsRecommendedStep')
+    UpdateAnalyzerRequest = Shapes::StructureShape.new(name: 'UpdateAnalyzerRequest')
+    UpdateAnalyzerResponse = Shapes::StructureShape.new(name: 'UpdateAnalyzerResponse')
     UpdateArchiveRuleRequest = Shapes::StructureShape.new(name: 'UpdateArchiveRuleRequest')
     UpdateFindingsRequest = Shapes::StructureShape.new(name: 'UpdateFindingsRequest')
     ValidatePolicyFinding = Shapes::StructureShape.new(name: 'ValidatePolicyFinding')
@@ -347,6 +354,8 @@ module Aws::AccessAnalyzer
 
     AccessResourcesList.member = Shapes::ShapeRef.new(shape: Resource)
 
+    AccountIdsList.member = Shapes::ShapeRef.new(shape: String)
+
     AclGrantee.add_member(:id, Shapes::ShapeRef.new(shape: AclCanonicalId, location_name: "id"))
     AclGrantee.add_member(:uri, Shapes::ShapeRef.new(shape: AclUri, location_name: "uri"))
     AclGrantee.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
@@ -357,6 +366,15 @@ module Aws::AccessAnalyzer
 
     ActionList.member = Shapes::ShapeRef.new(shape: String)
 
+    AnalysisRule.add_member(:exclusions, Shapes::ShapeRef.new(shape: AnalysisRuleCriteriaList, location_name: "exclusions"))
+    AnalysisRule.struct_class = Types::AnalysisRule
+
+    AnalysisRuleCriteria.add_member(:account_ids, Shapes::ShapeRef.new(shape: AccountIdsList, location_name: "accountIds"))
+    AnalysisRuleCriteria.add_member(:resource_tags, Shapes::ShapeRef.new(shape: TagsList, location_name: "resourceTags"))
+    AnalysisRuleCriteria.struct_class = Types::AnalysisRuleCriteria
+
+    AnalysisRuleCriteriaList.member = Shapes::ShapeRef.new(shape: AnalysisRuleCriteria)
+
     AnalyzedResource.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "resourceArn"))
     AnalyzedResource.add_member(:resource_type, Shapes::ShapeRef.new(shape: ResourceType, required: true, location_name: "resourceType"))
     AnalyzedResource.add_member(:created_at, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "createdAt"))
@@ -1070,6 +1088,8 @@ module Aws::AccessAnalyzer
 
     TagResourceResponse.struct_class = Types::TagResourceResponse
 
+    TagsList.member = Shapes::ShapeRef.new(shape: TagsMap)
+
     TagsMap.key = Shapes::ShapeRef.new(shape: String)
     TagsMap.value = Shapes::ShapeRef.new(shape: String)
 
@@ -1101,6 +1121,7 @@ module Aws::AccessAnalyzer
     UntagResourceResponse.struct_class = Types::UntagResourceResponse
 
     UnusedAccessConfiguration.add_member(:unused_access_age, Shapes::ShapeRef.new(shape: Integer, location_name: "unusedAccessAge"))
+    UnusedAccessConfiguration.add_member(:analysis_rule, Shapes::ShapeRef.new(shape: AnalysisRule, location_name: "analysisRule"))
     UnusedAccessConfiguration.struct_class = Types::UnusedAccessConfiguration
 
     UnusedAction.add_member(:action, Shapes::ShapeRef.new(shape: String, required: true, location_name: "action"))
@@ -1130,6 +1151,13 @@ module Aws::AccessAnalyzer
     UnusedPermissionsRecommendedStep.add_member(:existing_policy_id, Shapes::ShapeRef.new(shape: String, location_name: "existingPolicyId"))
     UnusedPermissionsRecommendedStep.struct_class = Types::UnusedPermissionsRecommendedStep
 
+    UpdateAnalyzerRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "analyzerName"))
+    UpdateAnalyzerRequest.add_member(:configuration, Shapes::ShapeRef.new(shape: AnalyzerConfiguration, location_name: "configuration"))
+    UpdateAnalyzerRequest.struct_class = Types::UpdateAnalyzerRequest
+
+    UpdateAnalyzerResponse.add_member(:configuration, Shapes::ShapeRef.new(shape: AnalyzerConfiguration, location_name: "configuration"))
+    UpdateAnalyzerResponse.struct_class = Types::UpdateAnalyzerResponse
+
     UpdateArchiveRuleRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "analyzerName"))
     UpdateArchiveRuleRequest.add_member(:rule_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "ruleName"))
     UpdateArchiveRuleRequest.add_member(:filter, Shapes::ShapeRef.new(shape: FilterCriteriaMap, required: true, location_name: "filter"))
@@ -1679,6 +1707,20 @@ module Aws::AccessAnalyzer
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
 
+      api.add_operation(:update_analyzer, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UpdateAnalyzer"
+        o.http_method = "PUT"
+        o.http_request_uri = "/analyzer/{analyzerName}"
+        o.input = Shapes::ShapeRef.new(shape: UpdateAnalyzerRequest)
+        o.output = Shapes::ShapeRef.new(shape: UpdateAnalyzerResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+      end)
+
       api.add_operation(:update_archive_rule, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdateArchiveRule"
         o.http_method = "PUT"

data/lib/aws-sdk-accessanalyzer/types.rb

@@ -318,6 +318,57 @@ module Aws::AccessAnalyzer
       class Unknown < AclGrantee; end
     end
 
+    # Contains information about analysis rules for the analyzer. Analysis
+    # rules determine which entities will generate findings based on the
+    # criteria you define when you create the rule.
+    #
+    # @!attribute [rw] exclusions
+    #   A list of rules for the analyzer containing criteria to exclude from
+    #   analysis. Entities that meet the rule criteria will not generate
+    #   findings.
+    #   @return [Array<Types::AnalysisRuleCriteria>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalysisRule AWS API Documentation
+    #
+    class AnalysisRule < Struct.new(
+      :exclusions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The criteria for an analysis rule for an analyzer. The criteria
+    # determine which entities will generate findings.
+    #
+    # @!attribute [rw] account_ids
+    #   A list of Amazon Web Services account IDs to apply to the analysis
+    #   rule criteria. The accounts cannot include the organization analyzer
+    #   owner account. Account IDs can only be applied to the analysis rule
+    #   criteria for organization-level analyzers. The list cannot include
+    #   more than 2,000 account IDs.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] resource_tags
+    #   An array of key-value pairs to match for your resources. You can use
+    #   the set of Unicode letters, digits, whitespace, `_`, `.`, `/`, `=`,
+    #   `+`, and `-`.
+    #
+    #   For the tag key, you can specify a value that is 1 to 128 characters
+    #   in length and cannot be prefixed with `aws:`.
+    #
+    #   For the tag value, you can specify a value that is 0 to 256
+    #   characters in length. If the specified tag value is 0 characters,
+    #   the rule is applied to all principals with the specified tag key.
+    #   @return [Array<Hash<String,String>>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalysisRuleCriteria AWS API Documentation
+    #
+    class AnalysisRuleCriteria < Struct.new(
+      :account_ids,
+      :resource_tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains details about the analyzed resource.
     #
     # @!attribute [rw] resource_arn
@@ -410,8 +461,8 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # Contains information about the configuration of an unused access
-    # analyzer for an Amazon Web Services organization or account.
+    # Contains information about the configuration of an analyzer for an
+    # Amazon Web Services organization or account.
     #
     # @note AnalyzerConfiguration is a union - when making an API calls you must set exactly one of the members.
     #
@@ -419,8 +470,7 @@ module Aws::AccessAnalyzer
     #
     # @!attribute [rw] unused_access
     #   Specifies the configuration of an unused access analyzer for an
-    #   Amazon Web Services organization or account. External access
-    #   analyzers do not support any configuration.
+    #   Amazon Web Services organization or account.
     #   @return [Types::UnusedAccessConfiguration]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalyzerConfiguration AWS API Documentation
@@ -535,7 +585,9 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
-    # Contains information about an archive rule.
+    # Contains information about an archive rule. Archive rules
+    # automatically archive new findings that meet the criteria you define
+    # when you create the rule.
     #
     # @!attribute [rw] rule_name
     #   The name of the archive rule.
@@ -1012,7 +1064,15 @@ module Aws::AccessAnalyzer
     #   @return [Array<Types::InlineArchiveRule>]
     #
     # @!attribute [rw] tags
-    #   An array of key-value pairs to apply to the analyzer.
+    #   An array of key-value pairs to apply to the analyzer. You can use
+    #   the set of Unicode letters, digits, whitespace, `_`, `.`, `/`, `=`,
+    #   `+`, and `-`.
+    #
+    #   For the tag key, you can specify a value that is 1 to 128 characters
+    #   in length and cannot be prefixed with `aws:`.
+    #
+    #   For the tag value, you can specify a value that is 0 to 256
+    #   characters in length.
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] client_token
@@ -1025,8 +1085,7 @@ module Aws::AccessAnalyzer
     # @!attribute [rw] configuration
     #   Specifies the configuration of the analyzer. If the analyzer is an
     #   unused access analyzer, the specified scope of unused access is used
-    #   for the configuration. If the analyzer is an external access
-    #   analyzer, this field is not used.
+    #   for the configuration.
     #   @return [Types::AnalyzerConfiguration]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAnalyzerRequest AWS API Documentation
@@ -1988,7 +2047,9 @@ module Aws::AccessAnalyzer
     # The response to the request.
     #
     # @!attribute [rw] archive_rule
-    #   Contains information about an archive rule.
+    #   Contains information about an archive rule. Archive rules
+    #   automatically archive new findings that meet the criteria you define
+    #   when you create the rule.
     #   @return [Types::ArchiveRuleSummary]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetArchiveRuleResponse AWS API Documentation
@@ -4038,13 +4099,20 @@ module Aws::AccessAnalyzer
     #   will generate findings for IAM entities within the accounts of the
     #   selected organization for any access that hasn't been used in 90 or
     #   more days since the analyzer's last scan. You can choose a value
-    #   between 1 and 180 days.
+    #   between 1 and 365 days.
     #   @return [Integer]
     #
+    # @!attribute [rw] analysis_rule
+    #   Contains information about analysis rules for the analyzer. Analysis
+    #   rules determine which entities will generate findings based on the
+    #   criteria you define when you create the rule.
+    #   @return [Types::AnalysisRule]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UnusedAccessConfiguration AWS API Documentation
     #
     class UnusedAccessConfiguration < Struct.new(
-      :unused_access_age)
+      :unused_access_age,
+      :analysis_rule)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4212,6 +4280,37 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # @!attribute [rw] analyzer_name
+    #   The name of the analyzer to modify.
+    #   @return [String]
+    #
+    # @!attribute [rw] configuration
+    #   Contains information about the configuration of an analyzer for an
+    #   Amazon Web Services organization or account.
+    #   @return [Types::AnalyzerConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateAnalyzerRequest AWS API Documentation
+    #
+    class UpdateAnalyzerRequest < Struct.new(
+      :analyzer_name,
+      :configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] configuration
+    #   Contains information about the configuration of an analyzer for an
+    #   Amazon Web Services organization or account.
+    #   @return [Types::AnalyzerConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateAnalyzerResponse AWS API Documentation
+    #
+    class UpdateAnalyzerResponse < Struct.new(
+      :configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Updates the specified archive rule.
     #
     # @!attribute [rw] analyzer_name

data/lib/aws-sdk-accessanalyzer.rb

@@ -54,7 +54,7 @@ module Aws::AccessAnalyzer
   autoload :EndpointProvider, 'aws-sdk-accessanalyzer/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-accessanalyzer/endpoints'
 
-  GEM_VERSION = '1.63.0'
+  GEM_VERSION = '1.65.0'
 
 end
 

data/sig/client.rbs

@@ -39,7 +39,9 @@ module Aws
                       ?logger: untyped,
                       ?max_attempts: Integer,
                       ?profile: String,
+                      ?request_checksum_calculation: String,
                       ?request_min_compression_size_bytes: Integer,
+                      ?response_checksum_validation: String,
                       ?retry_backoff: Proc,
                       ?retry_base_delay: Float,
                       ?retry_jitter: (:none | :equal | :full | ^(Integer) -> Integer),
@@ -264,7 +266,17 @@ module Aws
                              ?client_token: ::String,
                              ?configuration: {
                                unused_access: {
-                                 unused_access_age: ::Integer?
+                                 unused_access_age: ::Integer?,
+                                 analysis_rule: {
+                                   exclusions: Array[
+                                     {
+                                       account_ids: Array[::String]?,
+                                       resource_tags: Array[
+                                         Hash[::String, ::String],
+                                       ]?
+                                     },
+                                   ]?
+                                 }?
                                }?
                              }
                            ) -> _CreateAnalyzerResponseSuccess
@@ -386,7 +398,7 @@ module Aws
         def id: () -> ::String
         def next_token: () -> ::String
         def resource: () -> ::String
-        def resource_type: () -> ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
+        def resource_type: () -> ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")
         def resource_owner_account: () -> ::String
         def status: () -> ("ACTIVE" | "ARCHIVED" | "RESOLVED")
         def updated_at: () -> ::Time
@@ -456,7 +468,7 @@ module Aws
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AccessAnalyzer/Client.html#list_analyzed_resources-instance_method
       def list_analyzed_resources: (
                                      analyzer_arn: ::String,
-                                     ?resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream"),
+                                     ?resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User"),
                                      ?next_token: ::String,
                                      ?max_results: ::Integer
                                    ) -> _ListAnalyzedResourcesResponseSuccess
@@ -610,6 +622,31 @@ module Aws
                           ) -> _UntagResourceResponseSuccess
                         | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UntagResourceResponseSuccess
 
+      interface _UpdateAnalyzerResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::UpdateAnalyzerResponse]
+        def configuration: () -> Types::AnalyzerConfiguration
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AccessAnalyzer/Client.html#update_analyzer-instance_method
+      def update_analyzer: (
+                             analyzer_name: ::String,
+                             ?configuration: {
+                               unused_access: {
+                                 unused_access_age: ::Integer?,
+                                 analysis_rule: {
+                                   exclusions: Array[
+                                     {
+                                       account_ids: Array[::String]?,
+                                       resource_tags: Array[
+                                         Hash[::String, ::String],
+                                       ]?
+                                     },
+                                   ]?
+                                 }?
+                               }?
+                             }
+                           ) -> _UpdateAnalyzerResponseSuccess
+                         | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateAnalyzerResponseSuccess
+
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AccessAnalyzer/Client.html#update_archive_rule-instance_method
       def update_archive_rule: (
                                  analyzer_name: ::String,

data/sig/resource.rbs

@@ -39,7 +39,9 @@ module Aws
                         ?logger: untyped,
                         ?max_attempts: Integer,
                         ?profile: String,
+                        ?request_checksum_calculation: String,
                         ?request_min_compression_size_bytes: Integer,
+                        ?response_checksum_validation: String,
                         ?retry_backoff: Proc,
                         ?retry_base_delay: Float,
                         ?retry_jitter: (:none | :equal | :full | ^(Integer) -> Integer),

data/sig/types.rbs

@@ -38,7 +38,7 @@ module Aws::AccessAnalyzer
       attr_accessor condition: ::Hash[::String, ::String]
       attr_accessor resource: ::String
       attr_accessor is_public: bool
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")
       attr_accessor created_at: ::Time
       attr_accessor change_type: ("CHANGED" | "NEW" | "UNCHANGED")
       attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
@@ -77,9 +77,20 @@ module Aws::AccessAnalyzer
       end
     end
 
+    class AnalysisRule
+      attr_accessor exclusions: ::Array[Types::AnalysisRuleCriteria]
+      SENSITIVE: []
+    end
+
+    class AnalysisRuleCriteria
+      attr_accessor account_ids: ::Array[::String]
+      attr_accessor resource_tags: ::Array[::Hash[::String, ::String]]
+      SENSITIVE: []
+    end
+
     class AnalyzedResource
       attr_accessor resource_arn: ::String
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")
       attr_accessor created_at: ::Time
       attr_accessor analyzed_at: ::Time
       attr_accessor updated_at: ::Time
@@ -95,7 +106,7 @@ module Aws::AccessAnalyzer
     class AnalyzedResourceSummary
       attr_accessor resource_arn: ::String
       attr_accessor resource_owner_account: ::String
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")
       SENSITIVE: []
     end
 
@@ -359,7 +370,7 @@ module Aws::AccessAnalyzer
       attr_accessor action: ::Array[::String]
       attr_accessor resource: ::String
       attr_accessor is_public: bool
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")
       attr_accessor condition: ::Hash[::String, ::String]
       attr_accessor created_at: ::Time
       attr_accessor analyzed_at: ::Time
@@ -413,7 +424,7 @@ module Aws::AccessAnalyzer
       attr_accessor action: ::Array[::String]
       attr_accessor resource: ::String
       attr_accessor is_public: bool
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")
       attr_accessor condition: ::Hash[::String, ::String]
       attr_accessor created_at: ::Time
       attr_accessor analyzed_at: ::Time
@@ -432,7 +443,7 @@ module Aws::AccessAnalyzer
       attr_accessor error: ::String
       attr_accessor id: ::String
       attr_accessor resource: ::String
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")
       attr_accessor resource_owner_account: ::String
       attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
       attr_accessor updated_at: ::Time
@@ -553,7 +564,7 @@ module Aws::AccessAnalyzer
       attr_accessor id: ::String
       attr_accessor next_token: ::String
       attr_accessor resource: ::String
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")
       attr_accessor resource_owner_account: ::String
       attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
       attr_accessor updated_at: ::Time
@@ -666,7 +677,7 @@ module Aws::AccessAnalyzer
 
     class ListAnalyzedResourcesRequest
       attr_accessor analyzer_arn: ::String
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")
       attr_accessor next_token: ::String
       attr_accessor max_results: ::Integer
       SENSITIVE: []
@@ -1025,6 +1036,7 @@ module Aws::AccessAnalyzer
 
     class UnusedAccessConfiguration
       attr_accessor unused_access_age: ::Integer
+      attr_accessor analysis_rule: Types::AnalysisRule
       SENSITIVE: []
     end
 
@@ -1065,6 +1077,17 @@ module Aws::AccessAnalyzer
       SENSITIVE: []
     end
 
+    class UpdateAnalyzerRequest
+      attr_accessor analyzer_name: ::String
+      attr_accessor configuration: Types::AnalyzerConfiguration
+      SENSITIVE: []
+    end
+
+    class UpdateAnalyzerResponse
+      attr_accessor configuration: Types::AnalyzerConfiguration
+      SENSITIVE: []
+    end
+
     class UpdateArchiveRuleRequest
       attr_accessor analyzer_name: ::String
       attr_accessor rule_name: ::String

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-accessanalyzer
 version: !ruby/object:Gem::Version
-  version: 1.63.0
+  version: 1.65.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-11-13 00:00:00.000000000 Z
+date: 2025-01-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.210.0
+        version: 3.216.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.210.0
+        version: 3.216.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement