aws-sdk-accessanalyzer 1.89.0 → 1.90.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0e190af346aed3013d987209d715f01a079c06a5f949390d670423a7f56c5d1c
-  data.tar.gz: ddf315cd7f293e9c2d84c88ecf32fa51f74426025a147e6ddfb9bbe581558f37
+  metadata.gz: f4dd901e636b8821c52d8556e734f5669548e39810586dc4680051dd657d7891
+  data.tar.gz: a4d1770d7b2f2b61c88fabb13c9ee68f3da4022867e98113419e7cdd2bde64d3
 SHA512:
-  metadata.gz: 5f62f409b29a8be67504eaa463274dd4b5e66af02b56eb3efbb4184fd566e8ef1381b9969503e2c76f6e62117b237eaf4651cdd1609f5a929ac3fa51072c9b4d
-  data.tar.gz: 4d278475ae461a67543ca89c17cc7ee8be505f138cdaad7fd11c94c727470bf6744db14f24735ba61ff57cb9b447c4d94e06086760705cdfd186b7353ec43506
+  metadata.gz: 454955e5ef827979e0419c495152505ee8cc58f0a3d4ccc227fe7a1170fc1bf69a41ae8ea8d006d25ee7ed2bc475563d93244bcf2c2a10a3b31a551f64162305
+  data.tar.gz: e9ad619bdd1bdca97beee2fbd95ebe7bfc6fb7deb4ba20e44f8cba3f82030bac947f60d89b099f077c47154348cb21e1611f025f4e2f3d3d7d5fd8126872e6ab

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.90.0 (2026-05-18)
+------------------
+
+* Feature - Services manage service-linked analyzers through dedicated APIs - CreateServiceLinkedAnalyzer and DeleteServiceLinkedAnalyzer that separate service-linked specific operations from customer-managed operations. It also shows up in ListAnalyzers and GetAnalyzer responses.
+
 1.89.0 (2026-05-13)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.89.0
+1.90.0

data/lib/aws-sdk-accessanalyzer/client.rb

@@ -1020,7 +1020,7 @@ module Aws::AccessAnalyzer
     # @example Request syntax with placeholder values
     #
     #   resp = client.create_analyzer({
-    #     analyzer_name: "Name", # required
+    #     analyzer_name: "AnalyzerName", # required
     #     type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, ORGANIZATION_UNUSED_ACCESS, ACCOUNT_INTERNAL_ACCESS, ORGANIZATION_INTERNAL_ACCESS
     #     archive_rules: [
     #       {
@@ -1113,7 +1113,7 @@ module Aws::AccessAnalyzer
     # @example Request syntax with placeholder values
     #
     #   resp = client.create_archive_rule({
-    #     analyzer_name: "Name", # required
+    #     analyzer_name: "AnalyzerName", # required
     #     rule_name: "Name", # required
     #     filter: { # required
     #       "String" => {
@@ -1135,6 +1135,99 @@ module Aws::AccessAnalyzer
       req.send_request(options)
     end
 
+    # Creates a service-linked analyzer managed by an Amazon Web Services
+    # service. This operation can only be invoked by authorized Amazon Web
+    # Services services. Direct customer invocation returns
+    # `AccessDeniedException`.
+    #
+    # Service-linked analyzers enable Amazon Web Services services to create
+    # and manage analyzers on behalf of customers. The lifecycle of these
+    # analyzers is managed by the calling service.
+    #
+    # @option params [required, String] :type
+    #   The type of analyzer to create. Valid values are
+    #   `ACCOUNT_UNUSED_ACCESS` and `ORGANIZATION_UNUSED_ACCESS`.
+    #
+    # @option params [Array<Types::InlineArchiveRule>] :archive_rules
+    #   Specifies the archive rules to add for the analyzer. Archive rules
+    #   automatically archive findings that meet the criteria you define for
+    #   the rule.
+    #
+    # @option params [String] :client_token
+    #   A client token.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @option params [Types::AnalyzerConfiguration] :configuration
+    #   Specifies the configuration of the analyzer. The specified scope of
+    #   unused access is used for the configuration.
+    #
+    # @return [Types::CreateServiceLinkedAnalyzerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateServiceLinkedAnalyzerResponse#arn #arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_service_linked_analyzer({
+    #     type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, ORGANIZATION_UNUSED_ACCESS, ACCOUNT_INTERNAL_ACCESS, ORGANIZATION_INTERNAL_ACCESS
+    #     archive_rules: [
+    #       {
+    #         rule_name: "Name", # required
+    #         filter: { # required
+    #           "String" => {
+    #             eq: ["String"],
+    #             neq: ["String"],
+    #             contains: ["String"],
+    #             exists: false,
+    #           },
+    #         },
+    #       },
+    #     ],
+    #     client_token: "String",
+    #     configuration: {
+    #       unused_access: {
+    #         unused_access_age: 1,
+    #         analysis_rule: {
+    #           exclusions: [
+    #             {
+    #               account_ids: ["String"],
+    #               resource_tags: [
+    #                 {
+    #                   "String" => "String",
+    #                 },
+    #               ],
+    #             },
+    #           ],
+    #         },
+    #       },
+    #       internal_access: {
+    #         analysis_rule: {
+    #           inclusions: [
+    #             {
+    #               account_ids: ["String"],
+    #               resource_types: ["AWS::S3::Bucket"], # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic, AWS::S3Express::DirectoryBucket, AWS::DynamoDB::Table, AWS::DynamoDB::Stream, AWS::IAM::User
+    #               resource_arns: ["String"],
+    #             },
+    #           ],
+    #         },
+    #       },
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateServiceLinkedAnalyzer AWS API Documentation
+    #
+    # @overload create_service_linked_analyzer(params = {})
+    # @param [Hash] params ({})
+    def create_service_linked_analyzer(params = {}, options = {})
+      req = build_request(:create_service_linked_analyzer, params)
+      req.send_request(options)
+    end
+
     # Deletes the specified analyzer. When you delete an analyzer, IAM
     # Access Analyzer is disabled for the account or organization in the
     # current or specific Region. All findings that were generated by the
@@ -1154,7 +1247,7 @@ module Aws::AccessAnalyzer
     # @example Request syntax with placeholder values
     #
     #   resp = client.delete_analyzer({
-    #     analyzer_name: "Name", # required
+    #     analyzer_name: "AnalyzerName", # required
     #     client_token: "String",
     #   })
     #
@@ -1187,7 +1280,7 @@ module Aws::AccessAnalyzer
     # @example Request syntax with placeholder values
     #
     #   resp = client.delete_archive_rule({
-    #     analyzer_name: "Name", # required
+    #     analyzer_name: "AnalyzerName", # required
     #     rule_name: "Name", # required
     #     client_token: "String",
     #   })
@@ -1201,6 +1294,43 @@ module Aws::AccessAnalyzer
       req.send_request(options)
     end
 
+    # Deletes a service-linked analyzer. This operation can be invoked by
+    # both authorized Amazon Web Services services and customers.
+    #
+    # When invoked by a customer, IAM Access Analyzer performs a callback to
+    # the managing service to verify whether the analyzer is still in use
+    # and can be deleted. If the service indicates the analyzer is still in
+    # use, the deletion is rejected with `ConflictException`.
+    #
+    # @option params [required, String] :analyzer_name
+    #   The name of the service-linked analyzer to delete. Service-linked
+    #   analyzer names follow the format
+    #   `_AccessAnalyzerFor{ServiceName}-{Id}`.
+    #
+    # @option params [String] :client_token
+    #   A client token.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_service_linked_analyzer({
+    #     analyzer_name: "AnalyzerName", # required
+    #     client_token: "String",
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/DeleteServiceLinkedAnalyzer AWS API Documentation
+    #
+    # @overload delete_service_linked_analyzer(params = {})
+    # @param [Hash] params ({})
+    def delete_service_linked_analyzer(params = {}, options = {})
+      req = build_request(:delete_service_linked_analyzer, params)
+      req.send_request(options)
+    end
+
     # Creates a recommendation for an unused permissions finding.
     #
     # @option params [required, String] :analyzer_arn
@@ -1407,7 +1537,7 @@ module Aws::AccessAnalyzer
     # @example Request syntax with placeholder values
     #
     #   resp = client.get_analyzer({
-    #     analyzer_name: "Name", # required
+    #     analyzer_name: "AnalyzerName", # required
     #   })
     #
     # @example Response structure
@@ -1436,6 +1566,7 @@ module Aws::AccessAnalyzer
     #   resp.analyzer.configuration.internal_access.analysis_rule.inclusions[0].resource_types[0] #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream", "AWS::IAM::User"
     #   resp.analyzer.configuration.internal_access.analysis_rule.inclusions[0].resource_arns #=> Array
     #   resp.analyzer.configuration.internal_access.analysis_rule.inclusions[0].resource_arns[0] #=> String
+    #   resp.analyzer.managed_by #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzer AWS API Documentation
     #
@@ -1468,7 +1599,7 @@ module Aws::AccessAnalyzer
     # @example Request syntax with placeholder values
     #
     #   resp = client.get_archive_rule({
-    #     analyzer_name: "Name", # required
+    #     analyzer_name: "AnalyzerName", # required
     #     rule_name: "Name", # required
     #   })
     #
@@ -2175,6 +2306,7 @@ module Aws::AccessAnalyzer
     #   resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions[0].resource_types[0] #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream", "AWS::IAM::User"
     #   resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions[0].resource_arns #=> Array
     #   resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions[0].resource_arns[0] #=> String
+    #   resp.analyzers[0].managed_by #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers AWS API Documentation
@@ -2207,7 +2339,7 @@ module Aws::AccessAnalyzer
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_archive_rules({
-    #     analyzer_name: "Name", # required
+    #     analyzer_name: "AnalyzerName", # required
     #     next_token: "Token",
     #     max_results: 1,
     #   })
@@ -2675,7 +2807,7 @@ module Aws::AccessAnalyzer
     # @example Request syntax with placeholder values
     #
     #   resp = client.update_analyzer({
-    #     analyzer_name: "Name", # required
+    #     analyzer_name: "AnalyzerName", # required
     #     configuration: {
     #       unused_access: {
     #         unused_access_age: 1,
@@ -2755,7 +2887,7 @@ module Aws::AccessAnalyzer
     # @example Request syntax with placeholder values
     #
     #   resp = client.update_archive_rule({
-    #     analyzer_name: "Name", # required
+    #     analyzer_name: "AnalyzerName", # required
     #     rule_name: "Name", # required
     #     filter: { # required
     #       "String" => {
@@ -2936,7 +3068,7 @@ module Aws::AccessAnalyzer
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-accessanalyzer'
-      context[:gem_version] = '1.89.0'
+      context[:gem_version] = '1.90.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-accessanalyzer/client_api.rb

@@ -49,6 +49,7 @@ module Aws::AccessAnalyzer
     AnalyzedResourcesList = Shapes::ListShape.new(name: 'AnalyzedResourcesList')
     AnalyzerArn = Shapes::StringShape.new(name: 'AnalyzerArn')
     AnalyzerConfiguration = Shapes::UnionShape.new(name: 'AnalyzerConfiguration')
+    AnalyzerName = Shapes::StringShape.new(name: 'AnalyzerName')
     AnalyzerStatus = Shapes::StringShape.new(name: 'AnalyzerStatus')
     AnalyzerSummary = Shapes::StructureShape.new(name: 'AnalyzerSummary')
     AnalyzersList = Shapes::ListShape.new(name: 'AnalyzersList')
@@ -81,9 +82,12 @@ module Aws::AccessAnalyzer
     CreateAnalyzerRequest = Shapes::StructureShape.new(name: 'CreateAnalyzerRequest')
     CreateAnalyzerResponse = Shapes::StructureShape.new(name: 'CreateAnalyzerResponse')
     CreateArchiveRuleRequest = Shapes::StructureShape.new(name: 'CreateArchiveRuleRequest')
+    CreateServiceLinkedAnalyzerRequest = Shapes::StructureShape.new(name: 'CreateServiceLinkedAnalyzerRequest')
+    CreateServiceLinkedAnalyzerResponse = Shapes::StructureShape.new(name: 'CreateServiceLinkedAnalyzerResponse')
     Criterion = Shapes::StructureShape.new(name: 'Criterion')
     DeleteAnalyzerRequest = Shapes::StructureShape.new(name: 'DeleteAnalyzerRequest')
     DeleteArchiveRuleRequest = Shapes::StructureShape.new(name: 'DeleteArchiveRuleRequest')
+    DeleteServiceLinkedAnalyzerRequest = Shapes::StructureShape.new(name: 'DeleteServiceLinkedAnalyzerRequest')
     DynamodbStreamConfiguration = Shapes::StructureShape.new(name: 'DynamodbStreamConfiguration')
     DynamodbStreamPolicy = Shapes::StringShape.new(name: 'DynamodbStreamPolicy')
     DynamodbTableConfiguration = Shapes::StructureShape.new(name: 'DynamodbTableConfiguration')
@@ -435,7 +439,7 @@ module Aws::AccessAnalyzer
     AnalyzerConfiguration.struct_class = Types::AnalyzerConfiguration
 
     AnalyzerSummary.add_member(:arn, Shapes::ShapeRef.new(shape: AnalyzerArn, required: true, location_name: "arn"))
-    AnalyzerSummary.add_member(:name, Shapes::ShapeRef.new(shape: Name, required: true, location_name: "name"))
+    AnalyzerSummary.add_member(:name, Shapes::ShapeRef.new(shape: AnalyzerName, required: true, location_name: "name"))
     AnalyzerSummary.add_member(:type, Shapes::ShapeRef.new(shape: Type, required: true, location_name: "type"))
     AnalyzerSummary.add_member(:created_at, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "createdAt"))
     AnalyzerSummary.add_member(:last_resource_analyzed, Shapes::ShapeRef.new(shape: String, location_name: "lastResourceAnalyzed"))
@@ -444,6 +448,7 @@ module Aws::AccessAnalyzer
     AnalyzerSummary.add_member(:status, Shapes::ShapeRef.new(shape: AnalyzerStatus, required: true, location_name: "status"))
     AnalyzerSummary.add_member(:status_reason, Shapes::ShapeRef.new(shape: StatusReason, location_name: "statusReason"))
     AnalyzerSummary.add_member(:configuration, Shapes::ShapeRef.new(shape: AnalyzerConfiguration, location_name: "configuration"))
+    AnalyzerSummary.add_member(:managed_by, Shapes::ShapeRef.new(shape: String, location_name: "managedBy"))
     AnalyzerSummary.struct_class = Types::AnalyzerSummary
 
     AnalyzersList.member = Shapes::ShapeRef.new(shape: AnalyzerSummary)
@@ -559,7 +564,7 @@ module Aws::AccessAnalyzer
     CreateAccessPreviewResponse.add_member(:id, Shapes::ShapeRef.new(shape: AccessPreviewId, required: true, location_name: "id"))
     CreateAccessPreviewResponse.struct_class = Types::CreateAccessPreviewResponse
 
-    CreateAnalyzerRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: Name, required: true, location_name: "analyzerName"))
+    CreateAnalyzerRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: AnalyzerName, required: true, location_name: "analyzerName"))
     CreateAnalyzerRequest.add_member(:type, Shapes::ShapeRef.new(shape: Type, required: true, location_name: "type"))
     CreateAnalyzerRequest.add_member(:archive_rules, Shapes::ShapeRef.new(shape: InlineArchiveRulesList, location_name: "archiveRules"))
     CreateAnalyzerRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagsMap, location_name: "tags"))
@@ -570,27 +575,40 @@ module Aws::AccessAnalyzer
     CreateAnalyzerResponse.add_member(:arn, Shapes::ShapeRef.new(shape: AnalyzerArn, location_name: "arn"))
     CreateAnalyzerResponse.struct_class = Types::CreateAnalyzerResponse
 
-    CreateArchiveRuleRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "analyzerName"))
+    CreateArchiveRuleRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: AnalyzerName, required: true, location: "uri", location_name: "analyzerName"))
     CreateArchiveRuleRequest.add_member(:rule_name, Shapes::ShapeRef.new(shape: Name, required: true, location_name: "ruleName"))
     CreateArchiveRuleRequest.add_member(:filter, Shapes::ShapeRef.new(shape: FilterCriteriaMap, required: true, location_name: "filter"))
     CreateArchiveRuleRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: String, location_name: "clientToken", metadata: {"idempotencyToken" => true}))
     CreateArchiveRuleRequest.struct_class = Types::CreateArchiveRuleRequest
 
+    CreateServiceLinkedAnalyzerRequest.add_member(:type, Shapes::ShapeRef.new(shape: Type, required: true, location_name: "type"))
+    CreateServiceLinkedAnalyzerRequest.add_member(:archive_rules, Shapes::ShapeRef.new(shape: InlineArchiveRulesList, location_name: "archiveRules"))
+    CreateServiceLinkedAnalyzerRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: String, location_name: "clientToken", metadata: {"idempotencyToken" => true}))
+    CreateServiceLinkedAnalyzerRequest.add_member(:configuration, Shapes::ShapeRef.new(shape: AnalyzerConfiguration, location_name: "configuration"))
+    CreateServiceLinkedAnalyzerRequest.struct_class = Types::CreateServiceLinkedAnalyzerRequest
+
+    CreateServiceLinkedAnalyzerResponse.add_member(:arn, Shapes::ShapeRef.new(shape: AnalyzerArn, location_name: "arn"))
+    CreateServiceLinkedAnalyzerResponse.struct_class = Types::CreateServiceLinkedAnalyzerResponse
+
     Criterion.add_member(:eq, Shapes::ShapeRef.new(shape: ValueList, location_name: "eq"))
     Criterion.add_member(:neq, Shapes::ShapeRef.new(shape: ValueList, location_name: "neq"))
     Criterion.add_member(:contains, Shapes::ShapeRef.new(shape: ValueList, location_name: "contains"))
     Criterion.add_member(:exists, Shapes::ShapeRef.new(shape: Boolean, location_name: "exists"))
     Criterion.struct_class = Types::Criterion
 
-    DeleteAnalyzerRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "analyzerName"))
+    DeleteAnalyzerRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: AnalyzerName, required: true, location: "uri", location_name: "analyzerName"))
     DeleteAnalyzerRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: String, location: "querystring", location_name: "clientToken", metadata: {"idempotencyToken" => true}))
     DeleteAnalyzerRequest.struct_class = Types::DeleteAnalyzerRequest
 
-    DeleteArchiveRuleRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "analyzerName"))
+    DeleteArchiveRuleRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: AnalyzerName, required: true, location: "uri", location_name: "analyzerName"))
     DeleteArchiveRuleRequest.add_member(:rule_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "ruleName"))
     DeleteArchiveRuleRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: String, location: "querystring", location_name: "clientToken", metadata: {"idempotencyToken" => true}))
     DeleteArchiveRuleRequest.struct_class = Types::DeleteArchiveRuleRequest
 
+    DeleteServiceLinkedAnalyzerRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: AnalyzerName, required: true, location: "uri", location_name: "analyzerName"))
+    DeleteServiceLinkedAnalyzerRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: String, location: "querystring", location_name: "clientToken", metadata: {"idempotencyToken" => true}))
+    DeleteServiceLinkedAnalyzerRequest.struct_class = Types::DeleteServiceLinkedAnalyzerRequest
+
     DynamodbStreamConfiguration.add_member(:stream_policy, Shapes::ShapeRef.new(shape: DynamodbStreamPolicy, location_name: "streamPolicy"))
     DynamodbStreamConfiguration.struct_class = Types::DynamodbStreamConfiguration
 
@@ -761,13 +779,13 @@ module Aws::AccessAnalyzer
     GetAnalyzedResourceResponse.add_member(:resource, Shapes::ShapeRef.new(shape: AnalyzedResource, location_name: "resource"))
     GetAnalyzedResourceResponse.struct_class = Types::GetAnalyzedResourceResponse
 
-    GetAnalyzerRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "analyzerName"))
+    GetAnalyzerRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: AnalyzerName, required: true, location: "uri", location_name: "analyzerName"))
     GetAnalyzerRequest.struct_class = Types::GetAnalyzerRequest
 
     GetAnalyzerResponse.add_member(:analyzer, Shapes::ShapeRef.new(shape: AnalyzerSummary, required: true, location_name: "analyzer"))
     GetAnalyzerResponse.struct_class = Types::GetAnalyzerResponse
 
-    GetArchiveRuleRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "analyzerName"))
+    GetArchiveRuleRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: AnalyzerName, required: true, location: "uri", location_name: "analyzerName"))
     GetArchiveRuleRequest.add_member(:rule_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "ruleName"))
     GetArchiveRuleRequest.struct_class = Types::GetArchiveRuleRequest
 
@@ -964,7 +982,7 @@ module Aws::AccessAnalyzer
     ListAnalyzersResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location_name: "nextToken"))
     ListAnalyzersResponse.struct_class = Types::ListAnalyzersResponse
 
-    ListArchiveRulesRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "analyzerName"))
+    ListArchiveRulesRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: AnalyzerName, required: true, location: "uri", location_name: "analyzerName"))
     ListArchiveRulesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location: "querystring", location_name: "nextToken"))
     ListArchiveRulesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: Integer, location: "querystring", location_name: "maxResults"))
     ListArchiveRulesRequest.struct_class = Types::ListArchiveRulesRequest
@@ -1290,14 +1308,14 @@ module Aws::AccessAnalyzer
     UnusedPermissionsRecommendedStep.add_member(:existing_policy_id, Shapes::ShapeRef.new(shape: String, location_name: "existingPolicyId"))
     UnusedPermissionsRecommendedStep.struct_class = Types::UnusedPermissionsRecommendedStep
 
-    UpdateAnalyzerRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "analyzerName"))
+    UpdateAnalyzerRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: AnalyzerName, required: true, location: "uri", location_name: "analyzerName"))
     UpdateAnalyzerRequest.add_member(:configuration, Shapes::ShapeRef.new(shape: AnalyzerConfiguration, location_name: "configuration"))
     UpdateAnalyzerRequest.struct_class = Types::UpdateAnalyzerRequest
 
     UpdateAnalyzerResponse.add_member(:configuration, Shapes::ShapeRef.new(shape: AnalyzerConfiguration, location_name: "configuration"))
     UpdateAnalyzerResponse.struct_class = Types::UpdateAnalyzerResponse
 
-    UpdateArchiveRuleRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "analyzerName"))
+    UpdateArchiveRuleRequest.add_member(:analyzer_name, Shapes::ShapeRef.new(shape: AnalyzerName, required: true, location: "uri", location_name: "analyzerName"))
     UpdateArchiveRuleRequest.add_member(:rule_name, Shapes::ShapeRef.new(shape: Name, required: true, location: "uri", location_name: "ruleName"))
     UpdateArchiveRuleRequest.add_member(:filter, Shapes::ShapeRef.new(shape: FilterCriteriaMap, required: true, location_name: "filter"))
     UpdateArchiveRuleRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: String, location_name: "clientToken", metadata: {"idempotencyToken" => true}))
@@ -1477,6 +1495,20 @@ module Aws::AccessAnalyzer
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
 
+      api.add_operation(:create_service_linked_analyzer, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "CreateServiceLinkedAnalyzer"
+        o.http_method = "PUT"
+        o.http_request_uri = "/service-linked-analyzer"
+        o.input = Shapes::ShapeRef.new(shape: CreateServiceLinkedAnalyzerRequest)
+        o.output = Shapes::ShapeRef.new(shape: CreateServiceLinkedAnalyzerResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceQuotaExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+      end)
+
       api.add_operation(:delete_analyzer, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeleteAnalyzer"
         o.http_method = "DELETE"
@@ -1503,6 +1535,20 @@ module Aws::AccessAnalyzer
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
 
+      api.add_operation(:delete_service_linked_analyzer, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteServiceLinkedAnalyzer"
+        o.http_method = "DELETE"
+        o.http_request_uri = "/service-linked-analyzer/{analyzerName}"
+        o.input = Shapes::ShapeRef.new(shape: DeleteServiceLinkedAnalyzerRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+      end)
+
       api.add_operation(:generate_finding_recommendation, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GenerateFindingRecommendation"
         o.http_method = "POST"

data/lib/aws-sdk-accessanalyzer/types.rb

@@ -563,6 +563,13 @@ module Aws::AccessAnalyzer
     #   [2]: https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_ListAnalyzers.html
     #   @return [Types::AnalyzerConfiguration]
     #
+    # @!attribute [rw] managed_by
+    #   The service principal that manages this analyzer (for example,
+    #   `securityhubv2.amazonaws.com`). This field is only present for
+    #   service-linked analyzers and is not included for customer-managed
+    #   analyzers.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalyzerSummary AWS API Documentation
     #
     class AnalyzerSummary < Struct.new(
@@ -575,7 +582,8 @@ module Aws::AccessAnalyzer
       :tags,
       :status,
       :status_reason,
-      :configuration)
+      :configuration,
+      :managed_by)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1169,6 +1177,59 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # Creates a service-linked analyzer.
+    #
+    # @!attribute [rw] type
+    #   The type of analyzer to create. Valid values are
+    #   `ACCOUNT_UNUSED_ACCESS` and `ORGANIZATION_UNUSED_ACCESS`.
+    #   @return [String]
+    #
+    # @!attribute [rw] archive_rules
+    #   Specifies the archive rules to add for the analyzer. Archive rules
+    #   automatically archive findings that meet the criteria you define for
+    #   the rule.
+    #   @return [Array<Types::InlineArchiveRule>]
+    #
+    # @!attribute [rw] client_token
+    #   A client token.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    # @!attribute [rw] configuration
+    #   Specifies the configuration of the analyzer. The specified scope of
+    #   unused access is used for the configuration.
+    #   @return [Types::AnalyzerConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateServiceLinkedAnalyzerRequest AWS API Documentation
+    #
+    class CreateServiceLinkedAnalyzerRequest < Struct.new(
+      :type,
+      :archive_rules,
+      :client_token,
+      :configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The response to the request to create a service-linked analyzer.
+    #
+    # @!attribute [rw] arn
+    #   The ARN of the service-linked analyzer that was created by the
+    #   request. The analyzer name follows the format
+    #   `_AccessAnalyzerFor{ServiceName}-{Id}` where `Id` is a randomly
+    #   generated identifier.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateServiceLinkedAnalyzerResponse AWS API Documentation
+    #
+    class CreateServiceLinkedAnalyzerResponse < Struct.new(
+      :arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The criteria to use in the filter that defines the archive rule. For
     # more information on available filter keys, see [IAM Access Analyzer
     # filter keys][1].
@@ -1258,6 +1319,30 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # Deletes a service-linked analyzer.
+    #
+    # @!attribute [rw] analyzer_name
+    #   The name of the service-linked analyzer to delete. Service-linked
+    #   analyzer names follow the format
+    #   `_AccessAnalyzerFor{ServiceName}-{Id}`.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_token
+    #   A client token.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/DeleteServiceLinkedAnalyzerRequest AWS API Documentation
+    #
+    class DeleteServiceLinkedAnalyzerRequest < Struct.new(
+      :analyzer_name,
+      :client_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The proposed access control configuration for a DynamoDB stream. You
     # can propose a configuration for a new DynamoDB stream or an existing
     # DynamoDB stream that you own by specifying the policy for the DynamoDB

data/lib/aws-sdk-accessanalyzer.rb

@@ -54,7 +54,7 @@ module Aws::AccessAnalyzer
   autoload :EndpointProvider, 'aws-sdk-accessanalyzer/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-accessanalyzer/endpoints'
 
-  GEM_VERSION = '1.89.0'
+  GEM_VERSION = '1.90.0'
 
 end
 

data/sig/client.rbs

@@ -318,6 +318,54 @@ module Aws
                                ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
                              | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
 
+      interface _CreateServiceLinkedAnalyzerResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::CreateServiceLinkedAnalyzerResponse]
+        def arn: () -> ::String
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AccessAnalyzer/Client.html#create_service_linked_analyzer-instance_method
+      def create_service_linked_analyzer: (
+                                            type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS" | "ACCOUNT_INTERNAL_ACCESS" | "ORGANIZATION_INTERNAL_ACCESS"),
+                                            ?archive_rules: Array[
+                                              {
+                                                rule_name: ::String,
+                                                filter: Hash[::String, {
+                                                    eq: Array[::String]?,
+                                                    neq: Array[::String]?,
+                                                    contains: Array[::String]?,
+                                                    exists: bool?
+                                                  }]
+                                              },
+                                            ],
+                                            ?client_token: ::String,
+                                            ?configuration: {
+                                              unused_access: {
+                                                unused_access_age: ::Integer?,
+                                                analysis_rule: {
+                                                  exclusions: Array[
+                                                    {
+                                                      account_ids: Array[::String]?,
+                                                      resource_tags: Array[
+                                                        Hash[::String, ::String],
+                                                      ]?
+                                                    },
+                                                  ]?
+                                                }?
+                                              }?,
+                                              internal_access: {
+                                                analysis_rule: {
+                                                  inclusions: Array[
+                                                    {
+                                                      account_ids: Array[::String]?,
+                                                      resource_types: Array[("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")]?,
+                                                      resource_arns: Array[::String]?
+                                                    },
+                                                  ]?
+                                                }?
+                                              }?
+                                            }
+                                          ) -> _CreateServiceLinkedAnalyzerResponseSuccess
+                                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreateServiceLinkedAnalyzerResponseSuccess
+
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AccessAnalyzer/Client.html#delete_analyzer-instance_method
       def delete_analyzer: (
                              analyzer_name: ::String,
@@ -333,6 +381,13 @@ module Aws
                                ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
                              | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
 
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AccessAnalyzer/Client.html#delete_service_linked_analyzer-instance_method
+      def delete_service_linked_analyzer: (
+                                            analyzer_name: ::String,
+                                            ?client_token: ::String
+                                          ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
+                                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
+
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AccessAnalyzer/Client.html#generate_finding_recommendation-instance_method
       def generate_finding_recommendation: (
                                              analyzer_arn: ::String,

data/sig/types.rbs

@@ -135,6 +135,7 @@ module Aws::AccessAnalyzer
       attr_accessor status: ("ACTIVE" | "CREATING" | "DISABLED" | "FAILED")
       attr_accessor status_reason: Types::StatusReason
       attr_accessor configuration: Types::AnalyzerConfiguration
+      attr_accessor managed_by: ::String
       SENSITIVE: []
     end
 
@@ -309,6 +310,19 @@ module Aws::AccessAnalyzer
       SENSITIVE: []
     end
 
+    class CreateServiceLinkedAnalyzerRequest
+      attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS" | "ACCOUNT_INTERNAL_ACCESS" | "ORGANIZATION_INTERNAL_ACCESS")
+      attr_accessor archive_rules: ::Array[Types::InlineArchiveRule]
+      attr_accessor client_token: ::String
+      attr_accessor configuration: Types::AnalyzerConfiguration
+      SENSITIVE: []
+    end
+
+    class CreateServiceLinkedAnalyzerResponse
+      attr_accessor arn: ::String
+      SENSITIVE: []
+    end
+
     class Criterion
       attr_accessor eq: ::Array[::String]
       attr_accessor neq: ::Array[::String]
@@ -330,6 +344,12 @@ module Aws::AccessAnalyzer
       SENSITIVE: []
     end
 
+    class DeleteServiceLinkedAnalyzerRequest
+      attr_accessor analyzer_name: ::String
+      attr_accessor client_token: ::String
+      SENSITIVE: []
+    end
+
     class DynamodbStreamConfiguration
       attr_accessor stream_policy: ::String
       SENSITIVE: []

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-accessanalyzer
 version: !ruby/object:Gem::Version
-  version: 1.89.0
+  version: 1.90.0
 platform: ruby
 authors:
 - Amazon Web Services