aws-sdk-accessanalyzer 1.72.0 → 1.74.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8496cb529c8ba43e7d38e5236ae2c6baf941b2b413db15bec8034bbb0f5fb38d
-  data.tar.gz: c9d0fe1d930f4d9cffc7484d08b85549906dbf1c7fbe9562c12806e97c75f289
+  metadata.gz: 32825ab446ea10a26f008b6ad1cb36cac517b0eb522b21a981bf9e7c43bf353d
+  data.tar.gz: ee45b3fdbb38079a95853f74f25e1a40d5f5fd08016e7f2fe28edda8d09eb8e8
 SHA512:
-  metadata.gz: 15a4fdac2d974667f6f7ceb9d0ed1f0dfd228fd020e6a8f7f7793f3f8ebf7c9f8f60b782d297de8fe095e199251ca5b31a60bbd8cc69740181c2ee61d8dd3639
-  data.tar.gz: 96d033d4d1fce75117fe3d854b1aebfc0794a8cb576a2bd1e3e598d792f876ffcf1b417704d05434900db97d6af5cb5eaa89276bee6689e55fae9079eebecd75
+  metadata.gz: fcd1c59ea539a3ac6a392e88060822da9c37e94693675c220009e8757127185522f61fe0a5117431fdf2073c550880f0a9ac54f18d14a840b640909d8eea3523
+  data.tar.gz: d43027cea8e7fa923be8e0efb8a269ca984bdcae9721971398e0e39826ba0b9716bdc5b2df8b390ad3a204e3ec7df445576350674d92f72680c98162503f31c4

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.74.0 (2025-07-21)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.73.0 (2025-06-17)
+------------------
+
+* Feature - We are launching a new analyzer type, internal access analyzer. The new analyzer will generate internal access findings, which help customers understand who within their AWS organization or AWS Account has access to their critical AWS resources.
+
 1.72.0 (2025-06-02)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.72.0
+1.74.0

data/lib/aws-sdk-accessanalyzer/client.rb

@@ -95,7 +95,7 @@ module Aws::AccessAnalyzer
     #     class name or an instance of a plugin class.
     #
     #   @option options [required, Aws::CredentialProvider] :credentials
-    #     Your AWS credentials. This can be an instance of any one of the
+    #     Your AWS credentials used for authentication. This can be an instance of any one of the
     #     following classes:
     #
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
@@ -128,18 +128,23 @@ module Aws::AccessAnalyzer
     #     locations will be searched for credentials:
     #
     #     * `Aws.config[:credentials]`
+    #
     #     * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
     #       `:account_id` options.
-    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
-    #       ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
+    #
+    #     * `ENV['AWS_ACCESS_KEY_ID']`, `ENV['AWS_SECRET_ACCESS_KEY']`,
+    #       `ENV['AWS_SESSION_TOKEN']`, and `ENV['AWS_ACCOUNT_ID']`.
+    #
     #     * `~/.aws/credentials`
+    #
     #     * `~/.aws/config`
+    #
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
     #       `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
     #       enable retries and extended timeouts. Instance profile credential
-    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
-    #       to true.
+    #       fetching can be disabled by setting `ENV['AWS_EC2_METADATA_DISABLED']`
+    #       to `true`.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -167,6 +172,11 @@ module Aws::AccessAnalyzer
     #     When false, the request will raise a `RetryCapacityNotAvailableError` and will
     #     not retry instead of sleeping.
     #
+    #   @option options [Array<String>] :auth_scheme_preference
+    #     A list of preferred authentication schemes to use when making a request. Supported values are:
+    #     `sigv4`, `sigv4a`, `httpBearerAuth`, and `noAuth`. When set using `ENV['AWS_AUTH_SCHEME_PREFERENCE']` or in
+    #     shared config as `auth_scheme_preference`, the value should be a comma-separated list.
+    #
     #   @option options [Boolean] :client_side_monitoring (false)
     #     When `true`, client-side metrics will be collected for all API requests from
     #     this client.
@@ -253,8 +263,8 @@ module Aws::AccessAnalyzer
     #     4 times. Used in `standard` and `adaptive` retry modes.
     #
     #   @option options [String] :profile ("default")
-    #     Used when loading credentials from the shared credentials file
-    #     at HOME/.aws/credentials.  When not specified, 'default' is used.
+    #     Used when loading credentials from the shared credentials file at `HOME/.aws/credentials`.
+    #     When not specified, 'default' is used.
     #
     #   @option options [String] :request_checksum_calculation ("when_supported")
     #     Determines when a checksum will be calculated for request payloads. Values are:
@@ -367,7 +377,7 @@ module Aws::AccessAnalyzer
     #     `Aws::Telemetry::OTelProvider` for telemetry provider.
     #
     #   @option options [Aws::TokenProvider] :token_provider
-    #     A Bearer Token Provider. This can be an instance of any one of the
+    #     Your Bearer token used for authentication. This can be an instance of any one of the
     #     following classes:
     #
     #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
@@ -973,10 +983,9 @@ module Aws::AccessAnalyzer
     #   The name of the analyzer to create.
     #
     # @option params [required, String] :type
-    #   The type of analyzer to create. Only `ACCOUNT`, `ORGANIZATION`,
-    #   `ACCOUNT_UNUSED_ACCESS`, and `ORGANIZATION_UNUSED_ACCESS` analyzers
-    #   are supported. You can create only one analyzer per account per
-    #   Region. You can create up to 5 analyzers per organization per Region.
+    #   The type of analyzer to create. You can create only one analyzer per
+    #   account per Region. You can create up to 5 analyzers per organization
+    #   per Region.
     #
     # @option params [Array<Types::InlineArchiveRule>] :archive_rules
     #   Specifies the archive rules to add for the analyzer. Archive rules
@@ -1003,7 +1012,9 @@ module Aws::AccessAnalyzer
     # @option params [Types::AnalyzerConfiguration] :configuration
     #   Specifies the configuration of the analyzer. If the analyzer is an
     #   unused access analyzer, the specified scope of unused access is used
-    #   for the configuration.
+    #   for the configuration. If the analyzer is an internal access analyzer,
+    #   the specified internal access analysis rules are used for the
+    #   configuration.
     #
     # @return [Types::CreateAnalyzerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1013,7 +1024,7 @@ module Aws::AccessAnalyzer
     #
     #   resp = client.create_analyzer({
     #     analyzer_name: "Name", # required
-    #     type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, ORGANIZATION_UNUSED_ACCESS
+    #     type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, ORGANIZATION_UNUSED_ACCESS, ACCOUNT_INTERNAL_ACCESS, ORGANIZATION_INTERNAL_ACCESS
     #     archive_rules: [
     #       {
     #         rule_name: "Name", # required
@@ -1047,6 +1058,17 @@ module Aws::AccessAnalyzer
     #           ],
     #         },
     #       },
+    #       internal_access: {
+    #         analysis_rule: {
+    #           inclusions: [
+    #             {
+    #               account_ids: ["String"],
+    #               resource_types: ["AWS::S3::Bucket"], # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic, AWS::S3Express::DirectoryBucket, AWS::DynamoDB::Table, AWS::DynamoDB::Stream, AWS::IAM::User
+    #               resource_arns: ["String"],
+    #             },
+    #           ],
+    #         },
+    #       },
     #     },
     #   })
     #
@@ -1391,7 +1413,7 @@ module Aws::AccessAnalyzer
     #
     #   resp.analyzer.arn #=> String
     #   resp.analyzer.name #=> String
-    #   resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION", "ACCOUNT_UNUSED_ACCESS", "ORGANIZATION_UNUSED_ACCESS"
+    #   resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION", "ACCOUNT_UNUSED_ACCESS", "ORGANIZATION_UNUSED_ACCESS", "ACCOUNT_INTERNAL_ACCESS", "ORGANIZATION_INTERNAL_ACCESS"
     #   resp.analyzer.created_at #=> Time
     #   resp.analyzer.last_resource_analyzed #=> String
     #   resp.analyzer.last_resource_analyzed_at #=> Time
@@ -1406,6 +1428,13 @@ module Aws::AccessAnalyzer
     #   resp.analyzer.configuration.unused_access.analysis_rule.exclusions[0].resource_tags #=> Array
     #   resp.analyzer.configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0] #=> Hash
     #   resp.analyzer.configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0]["String"] #=> String
+    #   resp.analyzer.configuration.internal_access.analysis_rule.inclusions #=> Array
+    #   resp.analyzer.configuration.internal_access.analysis_rule.inclusions[0].account_ids #=> Array
+    #   resp.analyzer.configuration.internal_access.analysis_rule.inclusions[0].account_ids[0] #=> String
+    #   resp.analyzer.configuration.internal_access.analysis_rule.inclusions[0].resource_types #=> Array
+    #   resp.analyzer.configuration.internal_access.analysis_rule.inclusions[0].resource_types[0] #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream", "AWS::IAM::User"
+    #   resp.analyzer.configuration.internal_access.analysis_rule.inclusions[0].resource_arns #=> Array
+    #   resp.analyzer.configuration.internal_access.analysis_rule.inclusions[0].resource_arns[0] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzer AWS API Documentation
     #
@@ -1513,7 +1542,7 @@ module Aws::AccessAnalyzer
     #   resp.finding.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT", "S3_ACCESS_POINT_ACCOUNT"
     #   resp.finding.sources[0].detail.access_point_arn #=> String
     #   resp.finding.sources[0].detail.access_point_account #=> String
-    #   resp.finding.resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE"
+    #   resp.finding.resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE", "APPLIED"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFinding AWS API Documentation
     #
@@ -1729,6 +1758,21 @@ module Aws::AccessAnalyzer
     #   resp.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
     #   resp.updated_at #=> Time
     #   resp.finding_details #=> Array
+    #   resp.finding_details[0].internal_access_details.action #=> Array
+    #   resp.finding_details[0].internal_access_details.action[0] #=> String
+    #   resp.finding_details[0].internal_access_details.condition #=> Hash
+    #   resp.finding_details[0].internal_access_details.condition["String"] #=> String
+    #   resp.finding_details[0].internal_access_details.principal #=> Hash
+    #   resp.finding_details[0].internal_access_details.principal["String"] #=> String
+    #   resp.finding_details[0].internal_access_details.principal_owner_account #=> String
+    #   resp.finding_details[0].internal_access_details.access_type #=> String, one of "INTRA_ACCOUNT", "INTRA_ORG"
+    #   resp.finding_details[0].internal_access_details.principal_type #=> String, one of "IAM_ROLE", "IAM_USER"
+    #   resp.finding_details[0].internal_access_details.sources #=> Array
+    #   resp.finding_details[0].internal_access_details.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT", "S3_ACCESS_POINT_ACCOUNT"
+    #   resp.finding_details[0].internal_access_details.sources[0].detail.access_point_arn #=> String
+    #   resp.finding_details[0].internal_access_details.sources[0].detail.access_point_account #=> String
+    #   resp.finding_details[0].internal_access_details.resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE", "APPLIED"
+    #   resp.finding_details[0].internal_access_details.service_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_SCP", "NOT_APPLICABLE", "APPLIED"
     #   resp.finding_details[0].external_access_details.action #=> Array
     #   resp.finding_details[0].external_access_details.action[0] #=> String
     #   resp.finding_details[0].external_access_details.condition #=> Hash
@@ -1740,7 +1784,7 @@ module Aws::AccessAnalyzer
     #   resp.finding_details[0].external_access_details.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT", "S3_ACCESS_POINT_ACCOUNT"
     #   resp.finding_details[0].external_access_details.sources[0].detail.access_point_arn #=> String
     #   resp.finding_details[0].external_access_details.sources[0].detail.access_point_account #=> String
-    #   resp.finding_details[0].external_access_details.resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE"
+    #   resp.finding_details[0].external_access_details.resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE", "APPLIED"
     #   resp.finding_details[0].unused_permission_details.actions #=> Array
     #   resp.finding_details[0].unused_permission_details.actions[0].action #=> String
     #   resp.finding_details[0].unused_permission_details.actions[0].last_accessed #=> Time
@@ -1750,7 +1794,7 @@ module Aws::AccessAnalyzer
     #   resp.finding_details[0].unused_iam_user_access_key_details.last_accessed #=> Time
     #   resp.finding_details[0].unused_iam_role_details.last_accessed #=> Time
     #   resp.finding_details[0].unused_iam_user_password_details.last_accessed #=> Time
-    #   resp.finding_type #=> String, one of "ExternalAccess", "UnusedIAMRole", "UnusedIAMUserAccessKey", "UnusedIAMUserPassword", "UnusedPermission"
+    #   resp.finding_type #=> String, one of "ExternalAccess", "UnusedIAMRole", "UnusedIAMUserAccessKey", "UnusedIAMUserPassword", "UnusedPermission", "InternalAccess"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFindingV2 AWS API Documentation
     #
@@ -1791,6 +1835,13 @@ module Aws::AccessAnalyzer
     #   resp.findings_statistics[0].external_access_findings_statistics.total_active_findings #=> Integer
     #   resp.findings_statistics[0].external_access_findings_statistics.total_archived_findings #=> Integer
     #   resp.findings_statistics[0].external_access_findings_statistics.total_resolved_findings #=> Integer
+    #   resp.findings_statistics[0].internal_access_findings_statistics.resource_type_statistics #=> Hash
+    #   resp.findings_statistics[0].internal_access_findings_statistics.resource_type_statistics["ResourceType"].total_active_findings #=> Integer
+    #   resp.findings_statistics[0].internal_access_findings_statistics.resource_type_statistics["ResourceType"].total_resolved_findings #=> Integer
+    #   resp.findings_statistics[0].internal_access_findings_statistics.resource_type_statistics["ResourceType"].total_archived_findings #=> Integer
+    #   resp.findings_statistics[0].internal_access_findings_statistics.total_active_findings #=> Integer
+    #   resp.findings_statistics[0].internal_access_findings_statistics.total_archived_findings #=> Integer
+    #   resp.findings_statistics[0].internal_access_findings_statistics.total_resolved_findings #=> Integer
     #   resp.findings_statistics[0].unused_access_findings_statistics.unused_access_type_statistics #=> Array
     #   resp.findings_statistics[0].unused_access_findings_statistics.unused_access_type_statistics[0].unused_access_type #=> String
     #   resp.findings_statistics[0].unused_access_findings_statistics.unused_access_type_statistics[0].total #=> Integer
@@ -1950,7 +2001,7 @@ module Aws::AccessAnalyzer
     #   resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT", "S3_ACCESS_POINT_ACCOUNT"
     #   resp.findings[0].sources[0].detail.access_point_arn #=> String
     #   resp.findings[0].sources[0].detail.access_point_account #=> String
-    #   resp.findings[0].resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE"
+    #   resp.findings[0].resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE", "APPLIED"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindings AWS API Documentation
@@ -2087,7 +2138,7 @@ module Aws::AccessAnalyzer
     #   resp = client.list_analyzers({
     #     next_token: "Token",
     #     max_results: 1,
-    #     type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, ORGANIZATION_UNUSED_ACCESS
+    #     type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, ORGANIZATION_UNUSED_ACCESS, ACCOUNT_INTERNAL_ACCESS, ORGANIZATION_INTERNAL_ACCESS
     #   })
     #
     # @example Response structure
@@ -2095,7 +2146,7 @@ module Aws::AccessAnalyzer
     #   resp.analyzers #=> Array
     #   resp.analyzers[0].arn #=> String
     #   resp.analyzers[0].name #=> String
-    #   resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ACCOUNT_UNUSED_ACCESS", "ORGANIZATION_UNUSED_ACCESS"
+    #   resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ACCOUNT_UNUSED_ACCESS", "ORGANIZATION_UNUSED_ACCESS", "ACCOUNT_INTERNAL_ACCESS", "ORGANIZATION_INTERNAL_ACCESS"
     #   resp.analyzers[0].created_at #=> Time
     #   resp.analyzers[0].last_resource_analyzed #=> String
     #   resp.analyzers[0].last_resource_analyzed_at #=> Time
@@ -2110,6 +2161,13 @@ module Aws::AccessAnalyzer
     #   resp.analyzers[0].configuration.unused_access.analysis_rule.exclusions[0].resource_tags #=> Array
     #   resp.analyzers[0].configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0] #=> Hash
     #   resp.analyzers[0].configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0]["String"] #=> String
+    #   resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions #=> Array
+    #   resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions[0].account_ids #=> Array
+    #   resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions[0].account_ids[0] #=> String
+    #   resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions[0].resource_types #=> Array
+    #   resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions[0].resource_types[0] #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream", "AWS::IAM::User"
+    #   resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions[0].resource_arns #=> Array
+    #   resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions[0].resource_arns[0] #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers AWS API Documentation
@@ -2255,7 +2313,7 @@ module Aws::AccessAnalyzer
     #   resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT", "S3_ACCESS_POINT_ACCOUNT"
     #   resp.findings[0].sources[0].detail.access_point_arn #=> String
     #   resp.findings[0].sources[0].detail.access_point_account #=> String
-    #   resp.findings[0].resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE"
+    #   resp.findings[0].resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE", "APPLIED"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindings AWS API Documentation
@@ -2339,7 +2397,7 @@ module Aws::AccessAnalyzer
     #   resp.findings[0].resource_owner_account #=> String
     #   resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
     #   resp.findings[0].updated_at #=> Time
-    #   resp.findings[0].finding_type #=> String, one of "ExternalAccess", "UnusedIAMRole", "UnusedIAMUserAccessKey", "UnusedIAMUserPassword", "UnusedPermission"
+    #   resp.findings[0].finding_type #=> String, one of "ExternalAccess", "UnusedIAMRole", "UnusedIAMUserAccessKey", "UnusedIAMUserPassword", "UnusedPermission", "InternalAccess"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindingsV2 AWS API Documentation
@@ -2614,6 +2672,17 @@ module Aws::AccessAnalyzer
     #           ],
     #         },
     #       },
+    #       internal_access: {
+    #         analysis_rule: {
+    #           inclusions: [
+    #             {
+    #               account_ids: ["String"],
+    #               resource_types: ["AWS::S3::Bucket"], # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic, AWS::S3Express::DirectoryBucket, AWS::DynamoDB::Table, AWS::DynamoDB::Stream, AWS::IAM::User
+    #               resource_arns: ["String"],
+    #             },
+    #           ],
+    #         },
+    #       },
     #     },
     #   })
     #
@@ -2626,6 +2695,13 @@ module Aws::AccessAnalyzer
     #   resp.configuration.unused_access.analysis_rule.exclusions[0].resource_tags #=> Array
     #   resp.configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0] #=> Hash
     #   resp.configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0]["String"] #=> String
+    #   resp.configuration.internal_access.analysis_rule.inclusions #=> Array
+    #   resp.configuration.internal_access.analysis_rule.inclusions[0].account_ids #=> Array
+    #   resp.configuration.internal_access.analysis_rule.inclusions[0].account_ids[0] #=> String
+    #   resp.configuration.internal_access.analysis_rule.inclusions[0].resource_types #=> Array
+    #   resp.configuration.internal_access.analysis_rule.inclusions[0].resource_types[0] #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream", "AWS::IAM::User"
+    #   resp.configuration.internal_access.analysis_rule.inclusions[0].resource_arns #=> Array
+    #   resp.configuration.internal_access.analysis_rule.inclusions[0].resource_arns[0] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateAnalyzer AWS API Documentation
     #
@@ -2840,7 +2916,7 @@ module Aws::AccessAnalyzer
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-accessanalyzer'
-      context[:gem_version] = '1.72.0'
+      context[:gem_version] = '1.74.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-accessanalyzer/client_api.rb

@@ -154,6 +154,15 @@ module Aws::AccessAnalyzer
     InlineArchiveRule = Shapes::StructureShape.new(name: 'InlineArchiveRule')
     InlineArchiveRulesList = Shapes::ListShape.new(name: 'InlineArchiveRulesList')
     Integer = Shapes::IntegerShape.new(name: 'Integer')
+    InternalAccessAnalysisRule = Shapes::StructureShape.new(name: 'InternalAccessAnalysisRule')
+    InternalAccessAnalysisRuleCriteria = Shapes::StructureShape.new(name: 'InternalAccessAnalysisRuleCriteria')
+    InternalAccessAnalysisRuleCriteriaList = Shapes::ListShape.new(name: 'InternalAccessAnalysisRuleCriteriaList')
+    InternalAccessConfiguration = Shapes::StructureShape.new(name: 'InternalAccessConfiguration')
+    InternalAccessDetails = Shapes::StructureShape.new(name: 'InternalAccessDetails')
+    InternalAccessFindingsStatistics = Shapes::StructureShape.new(name: 'InternalAccessFindingsStatistics')
+    InternalAccessResourceTypeDetails = Shapes::StructureShape.new(name: 'InternalAccessResourceTypeDetails')
+    InternalAccessResourceTypeStatisticsMap = Shapes::MapShape.new(name: 'InternalAccessResourceTypeStatisticsMap')
+    InternalAccessType = Shapes::StringShape.new(name: 'InternalAccessType')
     InternalServerException = Shapes::StructureShape.new(name: 'InternalServerException')
     InternetConfiguration = Shapes::StructureShape.new(name: 'InternetConfiguration')
     InvalidParameterException = Shapes::StructureShape.new(name: 'InvalidParameterException')
@@ -212,6 +221,7 @@ module Aws::AccessAnalyzer
     Position = Shapes::StructureShape.new(name: 'Position')
     PrincipalArn = Shapes::StringShape.new(name: 'PrincipalArn')
     PrincipalMap = Shapes::MapShape.new(name: 'PrincipalMap')
+    PrincipalType = Shapes::StringShape.new(name: 'PrincipalType')
     RdsDbClusterSnapshotAccountId = Shapes::StringShape.new(name: 'RdsDbClusterSnapshotAccountId')
     RdsDbClusterSnapshotAccountIdsList = Shapes::ListShape.new(name: 'RdsDbClusterSnapshotAccountIdsList')
     RdsDbClusterSnapshotAttributeName = Shapes::StringShape.new(name: 'RdsDbClusterSnapshotAttributeName')
@@ -237,10 +247,12 @@ module Aws::AccessAnalyzer
     RegionList = Shapes::ListShape.new(name: 'RegionList')
     Resource = Shapes::StringShape.new(name: 'Resource')
     ResourceArn = Shapes::StringShape.new(name: 'ResourceArn')
+    ResourceArnsList = Shapes::ListShape.new(name: 'ResourceArnsList')
     ResourceControlPolicyRestriction = Shapes::StringShape.new(name: 'ResourceControlPolicyRestriction')
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
     ResourceType = Shapes::StringShape.new(name: 'ResourceType')
     ResourceTypeDetails = Shapes::StructureShape.new(name: 'ResourceTypeDetails')
+    ResourceTypeList = Shapes::ListShape.new(name: 'ResourceTypeList')
     ResourceTypeStatisticsMap = Shapes::MapShape.new(name: 'ResourceTypeStatisticsMap')
     RetiringPrincipal = Shapes::StringShape.new(name: 'RetiringPrincipal')
     RoleArn = Shapes::StringShape.new(name: 'RoleArn')
@@ -259,6 +271,7 @@ module Aws::AccessAnalyzer
     SecretsManagerSecretConfiguration = Shapes::StructureShape.new(name: 'SecretsManagerSecretConfiguration')
     SecretsManagerSecretKmsId = Shapes::StringShape.new(name: 'SecretsManagerSecretKmsId')
     SecretsManagerSecretPolicy = Shapes::StringShape.new(name: 'SecretsManagerSecretPolicy')
+    ServiceControlPolicyRestriction = Shapes::StringShape.new(name: 'ServiceControlPolicyRestriction')
     ServiceQuotaExceededException = Shapes::StructureShape.new(name: 'ServiceQuotaExceededException')
     SharedViaList = Shapes::ListShape.new(name: 'SharedViaList')
     SnsTopicConfiguration = Shapes::StructureShape.new(name: 'SnsTopicConfiguration')
@@ -414,8 +427,10 @@ module Aws::AccessAnalyzer
     AnalyzedResourcesList.member = Shapes::ShapeRef.new(shape: AnalyzedResourceSummary)
 
     AnalyzerConfiguration.add_member(:unused_access, Shapes::ShapeRef.new(shape: UnusedAccessConfiguration, location_name: "unusedAccess"))
+    AnalyzerConfiguration.add_member(:internal_access, Shapes::ShapeRef.new(shape: InternalAccessConfiguration, location_name: "internalAccess"))
     AnalyzerConfiguration.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
     AnalyzerConfiguration.add_member_subclass(:unused_access, Types::AnalyzerConfiguration::UnusedAccess)
+    AnalyzerConfiguration.add_member_subclass(:internal_access, Types::AnalyzerConfiguration::InternalAccess)
     AnalyzerConfiguration.add_member_subclass(:unknown, Types::AnalyzerConfiguration::Unknown)
     AnalyzerConfiguration.struct_class = Types::AnalyzerConfiguration
 
@@ -639,12 +654,14 @@ module Aws::AccessAnalyzer
     FindingAggregationAccountDetailsMap.key = Shapes::ShapeRef.new(shape: String)
     FindingAggregationAccountDetailsMap.value = Shapes::ShapeRef.new(shape: Integer)
 
+    FindingDetails.add_member(:internal_access_details, Shapes::ShapeRef.new(shape: InternalAccessDetails, location_name: "internalAccessDetails"))
     FindingDetails.add_member(:external_access_details, Shapes::ShapeRef.new(shape: ExternalAccessDetails, location_name: "externalAccessDetails"))
     FindingDetails.add_member(:unused_permission_details, Shapes::ShapeRef.new(shape: UnusedPermissionDetails, location_name: "unusedPermissionDetails"))
     FindingDetails.add_member(:unused_iam_user_access_key_details, Shapes::ShapeRef.new(shape: UnusedIamUserAccessKeyDetails, location_name: "unusedIamUserAccessKeyDetails"))
     FindingDetails.add_member(:unused_iam_role_details, Shapes::ShapeRef.new(shape: UnusedIamRoleDetails, location_name: "unusedIamRoleDetails"))
     FindingDetails.add_member(:unused_iam_user_password_details, Shapes::ShapeRef.new(shape: UnusedIamUserPasswordDetails, location_name: "unusedIamUserPasswordDetails"))
     FindingDetails.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    FindingDetails.add_member_subclass(:internal_access_details, Types::FindingDetails::InternalAccessDetails)
     FindingDetails.add_member_subclass(:external_access_details, Types::FindingDetails::ExternalAccessDetails)
     FindingDetails.add_member_subclass(:unused_permission_details, Types::FindingDetails::UnusedPermissionDetails)
     FindingDetails.add_member_subclass(:unused_iam_user_access_key_details, Types::FindingDetails::UnusedIamUserAccessKeyDetails)
@@ -701,9 +718,11 @@ module Aws::AccessAnalyzer
     FindingsListV2.member = Shapes::ShapeRef.new(shape: FindingSummaryV2)
 
     FindingsStatistics.add_member(:external_access_findings_statistics, Shapes::ShapeRef.new(shape: ExternalAccessFindingsStatistics, location_name: "externalAccessFindingsStatistics"))
+    FindingsStatistics.add_member(:internal_access_findings_statistics, Shapes::ShapeRef.new(shape: InternalAccessFindingsStatistics, location_name: "internalAccessFindingsStatistics"))
     FindingsStatistics.add_member(:unused_access_findings_statistics, Shapes::ShapeRef.new(shape: UnusedAccessFindingsStatistics, location_name: "unusedAccessFindingsStatistics"))
     FindingsStatistics.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
     FindingsStatistics.add_member_subclass(:external_access_findings_statistics, Types::FindingsStatistics::ExternalAccessFindingsStatistics)
+    FindingsStatistics.add_member_subclass(:internal_access_findings_statistics, Types::FindingsStatistics::InternalAccessFindingsStatistics)
     FindingsStatistics.add_member_subclass(:unused_access_findings_statistics, Types::FindingsStatistics::UnusedAccessFindingsStatistics)
     FindingsStatistics.add_member_subclass(:unknown, Types::FindingsStatistics::Unknown)
     FindingsStatistics.struct_class = Types::FindingsStatistics
@@ -823,6 +842,44 @@ module Aws::AccessAnalyzer
 
     InlineArchiveRulesList.member = Shapes::ShapeRef.new(shape: InlineArchiveRule)
 
+    InternalAccessAnalysisRule.add_member(:inclusions, Shapes::ShapeRef.new(shape: InternalAccessAnalysisRuleCriteriaList, location_name: "inclusions"))
+    InternalAccessAnalysisRule.struct_class = Types::InternalAccessAnalysisRule
+
+    InternalAccessAnalysisRuleCriteria.add_member(:account_ids, Shapes::ShapeRef.new(shape: AccountIdsList, location_name: "accountIds"))
+    InternalAccessAnalysisRuleCriteria.add_member(:resource_types, Shapes::ShapeRef.new(shape: ResourceTypeList, location_name: "resourceTypes"))
+    InternalAccessAnalysisRuleCriteria.add_member(:resource_arns, Shapes::ShapeRef.new(shape: ResourceArnsList, location_name: "resourceArns"))
+    InternalAccessAnalysisRuleCriteria.struct_class = Types::InternalAccessAnalysisRuleCriteria
+
+    InternalAccessAnalysisRuleCriteriaList.member = Shapes::ShapeRef.new(shape: InternalAccessAnalysisRuleCriteria)
+
+    InternalAccessConfiguration.add_member(:analysis_rule, Shapes::ShapeRef.new(shape: InternalAccessAnalysisRule, location_name: "analysisRule"))
+    InternalAccessConfiguration.struct_class = Types::InternalAccessConfiguration
+
+    InternalAccessDetails.add_member(:action, Shapes::ShapeRef.new(shape: ActionList, location_name: "action"))
+    InternalAccessDetails.add_member(:condition, Shapes::ShapeRef.new(shape: ConditionKeyMap, location_name: "condition"))
+    InternalAccessDetails.add_member(:principal, Shapes::ShapeRef.new(shape: PrincipalMap, location_name: "principal"))
+    InternalAccessDetails.add_member(:principal_owner_account, Shapes::ShapeRef.new(shape: String, location_name: "principalOwnerAccount"))
+    InternalAccessDetails.add_member(:access_type, Shapes::ShapeRef.new(shape: InternalAccessType, location_name: "accessType"))
+    InternalAccessDetails.add_member(:principal_type, Shapes::ShapeRef.new(shape: PrincipalType, location_name: "principalType"))
+    InternalAccessDetails.add_member(:sources, Shapes::ShapeRef.new(shape: FindingSourceList, location_name: "sources"))
+    InternalAccessDetails.add_member(:resource_control_policy_restriction, Shapes::ShapeRef.new(shape: ResourceControlPolicyRestriction, location_name: "resourceControlPolicyRestriction"))
+    InternalAccessDetails.add_member(:service_control_policy_restriction, Shapes::ShapeRef.new(shape: ServiceControlPolicyRestriction, location_name: "serviceControlPolicyRestriction"))
+    InternalAccessDetails.struct_class = Types::InternalAccessDetails
+
+    InternalAccessFindingsStatistics.add_member(:resource_type_statistics, Shapes::ShapeRef.new(shape: InternalAccessResourceTypeStatisticsMap, location_name: "resourceTypeStatistics"))
+    InternalAccessFindingsStatistics.add_member(:total_active_findings, Shapes::ShapeRef.new(shape: Integer, location_name: "totalActiveFindings"))
+    InternalAccessFindingsStatistics.add_member(:total_archived_findings, Shapes::ShapeRef.new(shape: Integer, location_name: "totalArchivedFindings"))
+    InternalAccessFindingsStatistics.add_member(:total_resolved_findings, Shapes::ShapeRef.new(shape: Integer, location_name: "totalResolvedFindings"))
+    InternalAccessFindingsStatistics.struct_class = Types::InternalAccessFindingsStatistics
+
+    InternalAccessResourceTypeDetails.add_member(:total_active_findings, Shapes::ShapeRef.new(shape: Integer, location_name: "totalActiveFindings"))
+    InternalAccessResourceTypeDetails.add_member(:total_resolved_findings, Shapes::ShapeRef.new(shape: Integer, location_name: "totalResolvedFindings"))
+    InternalAccessResourceTypeDetails.add_member(:total_archived_findings, Shapes::ShapeRef.new(shape: Integer, location_name: "totalArchivedFindings"))
+    InternalAccessResourceTypeDetails.struct_class = Types::InternalAccessResourceTypeDetails
+
+    InternalAccessResourceTypeStatisticsMap.key = Shapes::ShapeRef.new(shape: ResourceType)
+    InternalAccessResourceTypeStatisticsMap.value = Shapes::ShapeRef.new(shape: InternalAccessResourceTypeDetails)
+
     InternalServerException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     InternalServerException.add_member(:retry_after_seconds, Shapes::ShapeRef.new(shape: Integer, location: "header", location_name: "Retry-After"))
     InternalServerException.struct_class = Types::InternalServerException
@@ -1052,6 +1109,8 @@ module Aws::AccessAnalyzer
 
     RegionList.member = Shapes::ShapeRef.new(shape: String)
 
+    ResourceArnsList.member = Shapes::ShapeRef.new(shape: String)
+
     ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     ResourceNotFoundException.add_member(:resource_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "resourceId"))
     ResourceNotFoundException.add_member(:resource_type, Shapes::ShapeRef.new(shape: String, required: true, location_name: "resourceType"))
@@ -1061,6 +1120,8 @@ module Aws::AccessAnalyzer
     ResourceTypeDetails.add_member(:total_active_cross_account, Shapes::ShapeRef.new(shape: Integer, location_name: "totalActiveCrossAccount"))
     ResourceTypeDetails.struct_class = Types::ResourceTypeDetails
 
+    ResourceTypeList.member = Shapes::ShapeRef.new(shape: ResourceType)
+
     ResourceTypeStatisticsMap.key = Shapes::ShapeRef.new(shape: ResourceType)
     ResourceTypeStatisticsMap.value = Shapes::ShapeRef.new(shape: ResourceTypeDetails)
 

data/lib/aws-sdk-accessanalyzer/types.rb

@@ -473,16 +473,25 @@ module Aws::AccessAnalyzer
     #   Amazon Web Services organization or account.
     #   @return [Types::UnusedAccessConfiguration]
     #
+    # @!attribute [rw] internal_access
+    #   Specifies the configuration of an internal access analyzer for an
+    #   Amazon Web Services organization or account. This configuration
+    #   determines how the analyzer evaluates access within your Amazon Web
+    #   Services environment.
+    #   @return [Types::InternalAccessConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalyzerConfiguration AWS API Documentation
     #
     class AnalyzerConfiguration < Struct.new(
       :unused_access,
+      :internal_access,
       :unknown)
       SENSITIVE = []
       include Aws::Structure
       include Aws::Structure::Union
 
       class UnusedAccess < AnalyzerConfiguration; end
+      class InternalAccess < AnalyzerConfiguration; end
       class Unknown < AnalyzerConfiguration; end
     end
 
@@ -537,8 +546,8 @@ module Aws::AccessAnalyzer
     #   @return [Types::StatusReason]
     #
     # @!attribute [rw] configuration
-    #   Specifies whether the analyzer is an external access or unused
-    #   access analyzer.
+    #   Specifies if the analyzer is an external access, unused access, or
+    #   internal access analyzer.
     #   @return [Types::AnalyzerConfiguration]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalyzerSummary AWS API Documentation
@@ -1050,11 +1059,9 @@ module Aws::AccessAnalyzer
     #   @return [String]
     #
     # @!attribute [rw] type
-    #   The type of analyzer to create. Only `ACCOUNT`, `ORGANIZATION`,
-    #   `ACCOUNT_UNUSED_ACCESS`, and `ORGANIZATION_UNUSED_ACCESS` analyzers
-    #   are supported. You can create only one analyzer per account per
-    #   Region. You can create up to 5 analyzers per organization per
-    #   Region.
+    #   The type of analyzer to create. You can create only one analyzer per
+    #   account per Region. You can create up to 5 analyzers per
+    #   organization per Region.
     #   @return [String]
     #
     # @!attribute [rw] archive_rules
@@ -1085,7 +1092,9 @@ module Aws::AccessAnalyzer
     # @!attribute [rw] configuration
     #   Specifies the configuration of the analyzer. If the analyzer is an
     #   unused access analyzer, the specified scope of unused access is used
-    #   for the configuration.
+    #   for the configuration. If the analyzer is an internal access
+    #   analyzer, the specified internal access analysis rules are used for
+    #   the configuration.
     #   @return [Types::AnalyzerConfiguration]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAnalyzerRequest AWS API Documentation
@@ -1479,6 +1488,23 @@ module Aws::AccessAnalyzer
     # @!attribute [rw] resource_control_policy_restriction
     #   The type of restriction applied to the finding by the resource owner
     #   with an Organizations resource control policy (RCP).
+    #
+    #   * `APPLICABLE`: There is an RCP present in the organization but IAM
+    #     Access Analyzer does not include it in the evaluation of effective
+    #     permissions. For example, if `s3:DeleteObject` is blocked by the
+    #     RCP and the restriction is `APPLICABLE`, then `s3:DeleteObject`
+    #     would still be included in the list of actions for the finding.
+    #
+    #   * `FAILED_TO_EVALUATE_RCP`: There was an error evaluating the RCP.
+    #
+    #   * `NOT_APPLICABLE`: There was no RCP present in the organization, or
+    #     there was no RCP applicable to the resource. For example, the
+    #     resource being analyzed is an Amazon RDS snapshot and there is an
+    #     RCP in the organization, but the RCP only impacts Amazon S3
+    #     buckets.
+    #
+    #   * `APPLIED`: This restriction is not currently available for
+    #     external access findings.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ExternalAccessDetails AWS API Documentation
@@ -1652,6 +1678,12 @@ module Aws::AccessAnalyzer
     #
     # @note FindingDetails is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of FindingDetails corresponding to the set member.
     #
+    # @!attribute [rw] internal_access_details
+    #   The details for an internal access analyzer finding. This contains
+    #   information about access patterns identified within your Amazon Web
+    #   Services organization or account.
+    #   @return [Types::InternalAccessDetails]
+    #
     # @!attribute [rw] external_access_details
     #   The details for an external access analyzer finding.
     #   @return [Types::ExternalAccessDetails]
@@ -1679,6 +1711,7 @@ module Aws::AccessAnalyzer
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingDetails AWS API Documentation
     #
     class FindingDetails < Struct.new(
+      :internal_access_details,
       :external_access_details,
       :unused_permission_details,
       :unused_iam_user_access_key_details,
@@ -1689,6 +1722,7 @@ module Aws::AccessAnalyzer
       include Aws::Structure
       include Aws::Structure::Union
 
+      class InternalAccessDetails < FindingDetails; end
       class ExternalAccessDetails < FindingDetails; end
       class UnusedPermissionDetails < FindingDetails; end
       class UnusedIamUserAccessKeyDetails < FindingDetails; end
@@ -1874,7 +1908,11 @@ module Aws::AccessAnalyzer
     #   @return [Time]
     #
     # @!attribute [rw] finding_type
-    #   The type of the external access or unused access finding.
+    #   The type of the access finding. For external access analyzers, the
+    #   type is `ExternalAccess`. For unused access analyzers, the type can
+    #   be `UnusedIAMRole`, `UnusedIAMUserAccessKey`,
+    #   `UnusedIAMUserPassword`, or `UnusedPermission`. For internal access
+    #   analyzers, the type is `InternalAccess`.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSummaryV2 AWS API Documentation
@@ -1904,6 +1942,13 @@ module Aws::AccessAnalyzer
     #   The aggregate statistics for an external access analyzer.
     #   @return [Types::ExternalAccessFindingsStatistics]
     #
+    # @!attribute [rw] internal_access_findings_statistics
+    #   The aggregate statistics for an internal access analyzer. This
+    #   includes information about active, archived, and resolved findings
+    #   related to internal access within your Amazon Web Services
+    #   organization or account.
+    #   @return [Types::InternalAccessFindingsStatistics]
+    #
     # @!attribute [rw] unused_access_findings_statistics
     #   The aggregate statistics for an unused access analyzer.
     #   @return [Types::UnusedAccessFindingsStatistics]
@@ -1912,6 +1957,7 @@ module Aws::AccessAnalyzer
     #
     class FindingsStatistics < Struct.new(
       :external_access_findings_statistics,
+      :internal_access_findings_statistics,
       :unused_access_findings_statistics,
       :unknown)
       SENSITIVE = []
@@ -1919,6 +1965,7 @@ module Aws::AccessAnalyzer
       include Aws::Structure::Union
 
       class ExternalAccessFindingsStatistics < FindingsStatistics; end
+      class InternalAccessFindingsStatistics < FindingsStatistics; end
       class UnusedAccessFindingsStatistics < FindingsStatistics; end
       class Unknown < FindingsStatistics; end
     end
@@ -2351,7 +2398,8 @@ module Aws::AccessAnalyzer
     #   The type of the finding. For external access analyzers, the type is
     #   `ExternalAccess`. For unused access analyzers, the type can be
     #   `UnusedIAMRole`, `UnusedIAMUserAccessKey`, `UnusedIAMUserPassword`,
-    #   or `UnusedPermission`.
+    #   or `UnusedPermission`. For internal access analyzers, the type is
+    #   `InternalAccess`.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFindingV2Response AWS API Documentation
@@ -2510,6 +2558,256 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # Contains information about analysis rules for the internal access
+    # analyzer. Analysis rules determine which entities will generate
+    # findings based on the criteria you define when you create the rule.
+    #
+    # @!attribute [rw] inclusions
+    #   A list of rules for the internal access analyzer containing criteria
+    #   to include in analysis. Only resources that meet the rule criteria
+    #   will generate findings.
+    #   @return [Array<Types::InternalAccessAnalysisRuleCriteria>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternalAccessAnalysisRule AWS API Documentation
+    #
+    class InternalAccessAnalysisRule < Struct.new(
+      :inclusions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The criteria for an analysis rule for an internal access analyzer.
+    #
+    # @!attribute [rw] account_ids
+    #   A list of Amazon Web Services account IDs to apply to the internal
+    #   access analysis rule criteria. Account IDs can only be applied to
+    #   the analysis rule criteria for organization-level analyzers.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] resource_types
+    #   A list of resource types to apply to the internal access analysis
+    #   rule criteria. The analyzer will only generate findings for
+    #   resources of these types. These resource types are currently
+    #   supported for internal access analyzers:
+    #
+    #   * `AWS::S3::Bucket`
+    #
+    #   * `AWS::RDS::DBSnapshot`
+    #
+    #   * `AWS::RDS::DBClusterSnapshot`
+    #
+    #   * `AWS::S3Express::DirectoryBucket`
+    #
+    #   * `AWS::DynamoDB::Table`
+    #
+    #   * `AWS::DynamoDB::Stream`
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] resource_arns
+    #   A list of resource ARNs to apply to the internal access analysis
+    #   rule criteria. The analyzer will only generate findings for
+    #   resources that match these ARNs.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternalAccessAnalysisRuleCriteria AWS API Documentation
+    #
+    class InternalAccessAnalysisRuleCriteria < Struct.new(
+      :account_ids,
+      :resource_types,
+      :resource_arns)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies the configuration of an internal access analyzer for an
+    # Amazon Web Services organization or account. This configuration
+    # determines how the analyzer evaluates internal access within your
+    # Amazon Web Services environment.
+    #
+    # @!attribute [rw] analysis_rule
+    #   Contains information about analysis rules for the internal access
+    #   analyzer. These rules determine which resources and access patterns
+    #   will be analyzed.
+    #   @return [Types::InternalAccessAnalysisRule]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternalAccessConfiguration AWS API Documentation
+    #
+    class InternalAccessConfiguration < Struct.new(
+      :analysis_rule)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about an internal access finding. This includes
+    # details about the access that was identified within your Amazon Web
+    # Services organization or account.
+    #
+    # @!attribute [rw] action
+    #   The action in the analyzed policy statement that has internal access
+    #   permission to use.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] condition
+    #   The condition in the analyzed policy statement that resulted in an
+    #   internal access finding.
+    #   @return [Hash<String,String>]
+    #
+    # @!attribute [rw] principal
+    #   The principal that has access to a resource within the internal
+    #   environment.
+    #   @return [Hash<String,String>]
+    #
+    # @!attribute [rw] principal_owner_account
+    #   The Amazon Web Services account ID that owns the principal
+    #   identified in the internal access finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] access_type
+    #   The type of internal access identified in the finding. This
+    #   indicates how the access is granted within your Amazon Web Services
+    #   environment.
+    #   @return [String]
+    #
+    # @!attribute [rw] principal_type
+    #   The type of principal identified in the internal access finding,
+    #   such as IAM role or IAM user.
+    #   @return [String]
+    #
+    # @!attribute [rw] sources
+    #   The sources of the internal access finding. This indicates how the
+    #   access that generated the finding is granted within your Amazon Web
+    #   Services environment.
+    #   @return [Array<Types::FindingSource>]
+    #
+    # @!attribute [rw] resource_control_policy_restriction
+    #   The type of restriction applied to the finding by the resource owner
+    #   with an Organizations resource control policy (RCP).
+    #
+    #   * `APPLICABLE`: There is an RCP present in the organization but IAM
+    #     Access Analyzer does not include it in the evaluation of effective
+    #     permissions. For example, if `s3:DeleteObject` is blocked by the
+    #     RCP and the restriction is `APPLICABLE`, then `s3:DeleteObject`
+    #     would still be included in the list of actions for the finding.
+    #     Only applicable to internal access findings with the account as
+    #     the zone of trust.
+    #
+    #   * `FAILED_TO_EVALUATE_RCP`: There was an error evaluating the RCP.
+    #
+    #   * `NOT_APPLICABLE`: There was no RCP present in the organization.
+    #     For internal access findings with the account as the zone of
+    #     trust, `NOT_APPLICABLE` could also indicate that there was no RCP
+    #     applicable to the resource.
+    #
+    #   * `APPLIED`: An RCP is present in the organization and IAM Access
+    #     Analyzer included it in the evaluation of effective permissions.
+    #     For example, if `s3:DeleteObject` is blocked by the RCP and the
+    #     restriction is `APPLIED`, then `s3:DeleteObject` would not be
+    #     included in the list of actions for the finding. Only applicable
+    #     to internal access findings with the organization as the zone of
+    #     trust.
+    #   @return [String]
+    #
+    # @!attribute [rw] service_control_policy_restriction
+    #   The type of restriction applied to the finding by an Organizations
+    #   service control policy (SCP).
+    #
+    #   * `APPLICABLE`: There is an SCP present in the organization but IAM
+    #     Access Analyzer does not include it in the evaluation of effective
+    #     permissions. Only applicable to internal access findings with the
+    #     account as the zone of trust.
+    #
+    #   * `FAILED_TO_EVALUATE_SCP`: There was an error evaluating the SCP.
+    #
+    #   * `NOT_APPLICABLE`: There was no SCP present in the organization.
+    #     For internal access findings with the account as the zone of
+    #     trust, `NOT_APPLICABLE` could also indicate that there was no SCP
+    #     applicable to the principal.
+    #
+    #   * `APPLIED`: An SCP is present in the organization and IAM Access
+    #     Analyzer included it in the evaluation of effective permissions.
+    #     Only applicable to internal access findings with the organization
+    #     as the zone of trust.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternalAccessDetails AWS API Documentation
+    #
+    class InternalAccessDetails < Struct.new(
+      :action,
+      :condition,
+      :principal,
+      :principal_owner_account,
+      :access_type,
+      :principal_type,
+      :sources,
+      :resource_control_policy_restriction,
+      :service_control_policy_restriction)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Provides aggregate statistics about the findings for the specified
+    # internal access analyzer. This includes counts of active, archived,
+    # and resolved findings.
+    #
+    # @!attribute [rw] resource_type_statistics
+    #   The total number of active findings for each resource type of the
+    #   specified internal access analyzer.
+    #   @return [Hash<String,Types::InternalAccessResourceTypeDetails>]
+    #
+    # @!attribute [rw] total_active_findings
+    #   The number of active findings for the specified internal access
+    #   analyzer.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] total_archived_findings
+    #   The number of archived findings for the specified internal access
+    #   analyzer.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] total_resolved_findings
+    #   The number of resolved findings for the specified internal access
+    #   analyzer.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternalAccessFindingsStatistics AWS API Documentation
+    #
+    class InternalAccessFindingsStatistics < Struct.new(
+      :resource_type_statistics,
+      :total_active_findings,
+      :total_archived_findings,
+      :total_resolved_findings)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about the total number of active, archived, and
+    # resolved findings for a resource type of an internal access analyzer.
+    #
+    # @!attribute [rw] total_active_findings
+    #   The total number of active findings for the resource type in the
+    #   internal access analyzer.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] total_resolved_findings
+    #   The total number of resolved findings for the resource type in the
+    #   internal access analyzer.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] total_archived_findings
+    #   The total number of archived findings for the resource type in the
+    #   internal access analyzer.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternalAccessResourceTypeDetails AWS API Documentation
+    #
+    class InternalAccessResourceTypeDetails < Struct.new(
+      :total_active_findings,
+      :total_resolved_findings,
+      :total_archived_findings)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Internal server error.
     #
     # @!attribute [rw] message

data/lib/aws-sdk-accessanalyzer.rb

@@ -54,7 +54,7 @@ module Aws::AccessAnalyzer
   autoload :EndpointProvider, 'aws-sdk-accessanalyzer/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-accessanalyzer/endpoints'
 
-  GEM_VERSION = '1.72.0'
+  GEM_VERSION = '1.74.0'
 
 end
 

data/sig/client.rbs

@@ -18,6 +18,7 @@ module Aws
                       ?account_id: String,
                       ?active_endpoint_cache: bool,
                       ?adaptive_retry_wait_to_fill: bool,
+                      ?auth_scheme_preference: Array[String],
                       ?client_side_monitoring: bool,
                       ?client_side_monitoring_client_id: String,
                       ?client_side_monitoring_host: String,
@@ -260,7 +261,7 @@ module Aws
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AccessAnalyzer/Client.html#create_analyzer-instance_method
       def create_analyzer: (
                              analyzer_name: ::String,
-                             type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS"),
+                             type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS" | "ACCOUNT_INTERNAL_ACCESS" | "ORGANIZATION_INTERNAL_ACCESS"),
                              ?archive_rules: Array[
                                {
                                  rule_name: ::String,
@@ -287,6 +288,17 @@ module Aws
                                      },
                                    ]?
                                  }?
+                               }?,
+                               internal_access: {
+                                 analysis_rule: {
+                                   inclusions: Array[
+                                     {
+                                       account_ids: Array[::String]?,
+                                       resource_types: Array[("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")]?,
+                                       resource_arns: Array[::String]?
+                                     },
+                                   ]?
+                                 }?
                                }?
                              }
                            ) -> _CreateAnalyzerResponseSuccess
@@ -413,7 +425,7 @@ module Aws
         def status: () -> ("ACTIVE" | "ARCHIVED" | "RESOLVED")
         def updated_at: () -> ::Time
         def finding_details: () -> ::Array[Types::FindingDetails]
-        def finding_type: () -> ("ExternalAccess" | "UnusedIAMRole" | "UnusedIAMUserAccessKey" | "UnusedIAMUserPassword" | "UnusedPermission")
+        def finding_type: () -> ("ExternalAccess" | "UnusedIAMRole" | "UnusedIAMUserAccessKey" | "UnusedIAMUserPassword" | "UnusedPermission" | "InternalAccess")
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AccessAnalyzer/Client.html#get_finding_v2-instance_method
       def get_finding_v2: (
@@ -504,7 +516,7 @@ module Aws
       def list_analyzers: (
                             ?next_token: ::String,
                             ?max_results: ::Integer,
-                            ?type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS")
+                            ?type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS" | "ACCOUNT_INTERNAL_ACCESS" | "ORGANIZATION_INTERNAL_ACCESS")
                           ) -> _ListAnalyzersResponseSuccess
                         | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListAnalyzersResponseSuccess
 
@@ -663,6 +675,17 @@ module Aws
                                      },
                                    ]?
                                  }?
+                               }?,
+                               internal_access: {
+                                 analysis_rule: {
+                                   inclusions: Array[
+                                     {
+                                       account_ids: Array[::String]?,
+                                       resource_types: Array[("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")]?,
+                                       resource_arns: Array[::String]?
+                                     },
+                                   ]?
+                                 }?
                                }?
                              }
                            ) -> _UpdateAnalyzerResponseSuccess

data/sig/resource.rbs

@@ -18,6 +18,7 @@ module Aws
                         ?account_id: String,
                         ?active_endpoint_cache: bool,
                         ?adaptive_retry_wait_to_fill: bool,
+                        ?auth_scheme_preference: Array[String],
                         ?client_side_monitoring: bool,
                         ?client_side_monitoring_client_id: String,
                         ?client_side_monitoring_host: String,

data/sig/types.rbs

@@ -45,7 +45,7 @@ module Aws::AccessAnalyzer
       attr_accessor resource_owner_account: ::String
       attr_accessor error: ::String
       attr_accessor sources: ::Array[Types::FindingSource]
-      attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE")
+      attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE" | "APPLIED")
       SENSITIVE: []
     end
 
@@ -112,11 +112,14 @@ module Aws::AccessAnalyzer
 
     class AnalyzerConfiguration
       attr_accessor unused_access: Types::UnusedAccessConfiguration
+      attr_accessor internal_access: Types::InternalAccessConfiguration
       attr_accessor unknown: untyped
       SENSITIVE: []
 
       class UnusedAccess < AnalyzerConfiguration
       end
+      class InternalAccess < AnalyzerConfiguration
+      end
       class Unknown < AnalyzerConfiguration
       end
     end
@@ -124,7 +127,7 @@ module Aws::AccessAnalyzer
     class AnalyzerSummary
       attr_accessor arn: ::String
       attr_accessor name: ::String
-      attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS")
+      attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS" | "ACCOUNT_INTERNAL_ACCESS" | "ORGANIZATION_INTERNAL_ACCESS")
       attr_accessor created_at: ::Time
       attr_accessor last_resource_analyzed: ::String
       attr_accessor last_resource_analyzed_at: ::Time
@@ -285,7 +288,7 @@ module Aws::AccessAnalyzer
 
     class CreateAnalyzerRequest
       attr_accessor analyzer_name: ::String
-      attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS")
+      attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS" | "ACCOUNT_INTERNAL_ACCESS" | "ORGANIZATION_INTERNAL_ACCESS")
       attr_accessor archive_rules: ::Array[Types::InlineArchiveRule]
       attr_accessor tags: ::Hash[::String, ::String]
       attr_accessor client_token: ::String
@@ -360,7 +363,7 @@ module Aws::AccessAnalyzer
       attr_accessor is_public: bool
       attr_accessor principal: ::Hash[::String, ::String]
       attr_accessor sources: ::Array[Types::FindingSource]
-      attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE")
+      attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE" | "APPLIED")
       SENSITIVE: []
     end
 
@@ -387,7 +390,7 @@ module Aws::AccessAnalyzer
       attr_accessor resource_owner_account: ::String
       attr_accessor error: ::String
       attr_accessor sources: ::Array[Types::FindingSource]
-      attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE")
+      attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE" | "APPLIED")
       SENSITIVE: []
     end
 
@@ -399,6 +402,7 @@ module Aws::AccessAnalyzer
     end
 
     class FindingDetails
+      attr_accessor internal_access_details: Types::InternalAccessDetails
       attr_accessor external_access_details: Types::ExternalAccessDetails
       attr_accessor unused_permission_details: Types::UnusedPermissionDetails
       attr_accessor unused_iam_user_access_key_details: Types::UnusedIamUserAccessKeyDetails
@@ -407,6 +411,8 @@ module Aws::AccessAnalyzer
       attr_accessor unknown: untyped
       SENSITIVE: []
 
+      class InternalAccessDetails < FindingDetails
+      end
       class ExternalAccessDetails < FindingDetails
       end
       class UnusedPermissionDetails < FindingDetails
@@ -448,7 +454,7 @@ module Aws::AccessAnalyzer
       attr_accessor resource_owner_account: ::String
       attr_accessor error: ::String
       attr_accessor sources: ::Array[Types::FindingSource]
-      attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE")
+      attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE" | "APPLIED")
       SENSITIVE: []
     end
 
@@ -462,18 +468,21 @@ module Aws::AccessAnalyzer
       attr_accessor resource_owner_account: ::String
       attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
       attr_accessor updated_at: ::Time
-      attr_accessor finding_type: ("ExternalAccess" | "UnusedIAMRole" | "UnusedIAMUserAccessKey" | "UnusedIAMUserPassword" | "UnusedPermission")
+      attr_accessor finding_type: ("ExternalAccess" | "UnusedIAMRole" | "UnusedIAMUserAccessKey" | "UnusedIAMUserPassword" | "UnusedPermission" | "InternalAccess")
       SENSITIVE: []
     end
 
     class FindingsStatistics
       attr_accessor external_access_findings_statistics: Types::ExternalAccessFindingsStatistics
+      attr_accessor internal_access_findings_statistics: Types::InternalAccessFindingsStatistics
       attr_accessor unused_access_findings_statistics: Types::UnusedAccessFindingsStatistics
       attr_accessor unknown: untyped
       SENSITIVE: []
 
       class ExternalAccessFindingsStatistics < FindingsStatistics
       end
+      class InternalAccessFindingsStatistics < FindingsStatistics
+      end
       class UnusedAccessFindingsStatistics < FindingsStatistics
       end
       class Unknown < FindingsStatistics
@@ -598,7 +607,7 @@ module Aws::AccessAnalyzer
       attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
       attr_accessor updated_at: ::Time
       attr_accessor finding_details: ::Array[Types::FindingDetails]
-      attr_accessor finding_type: ("ExternalAccess" | "UnusedIAMRole" | "UnusedIAMUserAccessKey" | "UnusedIAMUserPassword" | "UnusedPermission")
+      attr_accessor finding_type: ("ExternalAccess" | "UnusedIAMRole" | "UnusedIAMUserAccessKey" | "UnusedIAMUserPassword" | "UnusedPermission" | "InternalAccess")
       SENSITIVE: []
     end
 
@@ -637,6 +646,51 @@ module Aws::AccessAnalyzer
       SENSITIVE: []
     end
 
+    class InternalAccessAnalysisRule
+      attr_accessor inclusions: ::Array[Types::InternalAccessAnalysisRuleCriteria]
+      SENSITIVE: []
+    end
+
+    class InternalAccessAnalysisRuleCriteria
+      attr_accessor account_ids: ::Array[::String]
+      attr_accessor resource_types: ::Array[("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")]
+      attr_accessor resource_arns: ::Array[::String]
+      SENSITIVE: []
+    end
+
+    class InternalAccessConfiguration
+      attr_accessor analysis_rule: Types::InternalAccessAnalysisRule
+      SENSITIVE: []
+    end
+
+    class InternalAccessDetails
+      attr_accessor action: ::Array[::String]
+      attr_accessor condition: ::Hash[::String, ::String]
+      attr_accessor principal: ::Hash[::String, ::String]
+      attr_accessor principal_owner_account: ::String
+      attr_accessor access_type: ("INTRA_ACCOUNT" | "INTRA_ORG")
+      attr_accessor principal_type: ("IAM_ROLE" | "IAM_USER")
+      attr_accessor sources: ::Array[Types::FindingSource]
+      attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE" | "APPLIED")
+      attr_accessor service_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_SCP" | "NOT_APPLICABLE" | "APPLIED")
+      SENSITIVE: []
+    end
+
+    class InternalAccessFindingsStatistics
+      attr_accessor resource_type_statistics: ::Hash[("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User"), Types::InternalAccessResourceTypeDetails]
+      attr_accessor total_active_findings: ::Integer
+      attr_accessor total_archived_findings: ::Integer
+      attr_accessor total_resolved_findings: ::Integer
+      SENSITIVE: []
+    end
+
+    class InternalAccessResourceTypeDetails
+      attr_accessor total_active_findings: ::Integer
+      attr_accessor total_resolved_findings: ::Integer
+      attr_accessor total_archived_findings: ::Integer
+      SENSITIVE: []
+    end
+
     class InternalServerException
       attr_accessor message: ::String
       attr_accessor retry_after_seconds: ::Integer
@@ -732,7 +786,7 @@ module Aws::AccessAnalyzer
     class ListAnalyzersRequest
       attr_accessor next_token: ::String
       attr_accessor max_results: ::Integer
-      attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS")
+      attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS" | "ACCOUNT_INTERNAL_ACCESS" | "ORGANIZATION_INTERNAL_ACCESS")
       SENSITIVE: []
     end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-accessanalyzer
 version: !ruby/object:Gem::Version
-  version: 1.72.0
+  version: 1.74.0
 platform: ruby
 authors:
 - Amazon Web Services
@@ -18,7 +18,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.225.0
+        version: 3.227.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -28,7 +28,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.225.0
+        version: 3.227.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement