aws-sdk-accessanalyzer 1.17.0 → 1.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 75d4ae2126d3bf122d544503de18a17f871a2666404e235a567985b2f452c7e5
-  data.tar.gz: 506198bc86380de22d739c6c4e2fdaedcb476f53ff0ec9070d6deb450ea63e4e
+  metadata.gz: 29ab0a18e5c2de22ef07a1640e09a6a252a2c3f4f360f84f9203644eb07ee9af
+  data.tar.gz: c89e9bbefa4e981c75ddd2d5888763b15900f4edcf8fe48f4c5615cc98245ca6
 SHA512:
-  metadata.gz: 0eeb8e2a480ed6556309961100161f87704a2460a0e832d8690419a35281c15ef5eda2c3be2b006c34d99c5c32483c5e66538d500fb518e1e2b2e9b7fce9d5bb
-  data.tar.gz: 8832de6d01bfbd024ecf0b938ac9b2edd123fe04efced510f7a2016515be463bb60b74cc037a1b7b01951c442ee92a55df795b6e1f024a244d62c658a79b467c
+  metadata.gz: 69c525366ecdfa4c6832019200494e1eb4232cda4a5d1a9da77d0b855a2111a38b0de1111a2347f230826c3749ae55fdc27721b17e7909032949ea8994fcd026
+  data.tar.gz: 8337deadabd6b7472eb9efe02eff85dc9c207896374c320626043b381b88f52ade18fbc145444781e63773c777fbcdb7d3c34681dc57b214c5333bf598d34725

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.18.0 (2021-03-16)
+------------------
+
+* Feature - This release adds support for the ValidatePolicy API. IAM Access Analyzer is adding over 100 policy checks and actionable recommendations that help you validate your policies during authoring.
+
 1.17.0 (2021-03-10)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.17.0
+1.18.0

data/lib/aws-sdk-accessanalyzer.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-accessanalyzer/customizations'
 # @!group service
 module Aws::AccessAnalyzer
 
-  GEM_VERSION = '1.17.0'
+  GEM_VERSION = '1.18.0'
 
 end

data/lib/aws-sdk-accessanalyzer/client.rb

@@ -547,6 +547,13 @@ module Aws::AccessAnalyzer
     # automatically archive new findings that meet the criteria you define
     # when you create the rule.
     #
+    # To learn about filter keys that you can use to create an archive rule,
+    # see [Access Analyzer filter keys][1] in the **IAM User Guide**.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html
+    #
     # @option params [required, String] :analyzer_name
     #   The name of the created analyzer.
     #
@@ -1492,6 +1499,84 @@ module Aws::AccessAnalyzer
       req.send_request(options)
     end
 
+    # Requests the validation of a policy and returns a list of findings.
+    # The findings help you identify issues and provide actionable
+    # recommendations to resolve the issue and enable you to author
+    # functional policies that meet security best practices.
+    #
+    # @option params [String] :locale
+    #   The locale to use for localizing the findings.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return in the response.
+    #
+    # @option params [String] :next_token
+    #   A token used for pagination of results returned.
+    #
+    # @option params [required, String] :policy_document
+    #   The JSON policy document to use as the content for the policy.
+    #
+    # @option params [required, String] :policy_type
+    #   The type of policy to validate. Identity policies grant permissions to
+    #   IAM principals. Identity policies include managed and inline policies
+    #   for IAM roles, users, and groups. They also include service-control
+    #   policies (SCPs) that are attached to an AWS organization,
+    #   organizational unit (OU), or an account.
+    #
+    #   Resource policies grant permissions on AWS resources. Resource
+    #   policies include trust policies for IAM roles and bucket policies for
+    #   S3 buckets. You can provide a generic input such as identity policy or
+    #   resource policy or a specific input such as managed policy or S3
+    #   bucket policy.
+    #
+    # @return [Types::ValidatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ValidatePolicyResponse#findings #findings} => Array<Types::ValidatePolicyFinding>
+    #   * {Types::ValidatePolicyResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.validate_policy({
+    #     locale: "DE", # accepts DE, EN, ES, FR, IT, JA, KO, PT_BR, ZH_CN, ZH_TW
+    #     max_results: 1,
+    #     next_token: "Token",
+    #     policy_document: "PolicyDocument", # required
+    #     policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.findings #=> Array
+    #   resp.findings[0].finding_details #=> String
+    #   resp.findings[0].finding_type #=> String, one of "ERROR", "SECURITY_WARNING", "SUGGESTION", "WARNING"
+    #   resp.findings[0].issue_code #=> String
+    #   resp.findings[0].learn_more_link #=> String
+    #   resp.findings[0].locations #=> Array
+    #   resp.findings[0].locations[0].path #=> Array
+    #   resp.findings[0].locations[0].path[0].index #=> Integer
+    #   resp.findings[0].locations[0].path[0].key #=> String
+    #   resp.findings[0].locations[0].path[0].substring.length #=> Integer
+    #   resp.findings[0].locations[0].path[0].substring.start #=> Integer
+    #   resp.findings[0].locations[0].path[0].value #=> String
+    #   resp.findings[0].locations[0].span.end.column #=> Integer
+    #   resp.findings[0].locations[0].span.end.line #=> Integer
+    #   resp.findings[0].locations[0].span.end.offset #=> Integer
+    #   resp.findings[0].locations[0].span.start.column #=> Integer
+    #   resp.findings[0].locations[0].span.start.line #=> Integer
+    #   resp.findings[0].locations[0].span.start.offset #=> Integer
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicy AWS API Documentation
+    #
+    # @overload validate_policy(params = {})
+    # @param [Hash] params ({})
+    def validate_policy(params = {}, options = {})
+      req = build_request(:validate_policy, params)
+      req.send_request(options)
+    end
+
     # @!endgroup
 
     # @param params ({})
@@ -1505,7 +1590,7 @@ module Aws::AccessAnalyzer
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-accessanalyzer'
-      context[:gem_version] = '1.17.0'
+      context[:gem_version] = '1.18.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-accessanalyzer/client_api.rb

@@ -86,6 +86,7 @@ module Aws::AccessAnalyzer
     Integer = Shapes::IntegerShape.new(name: 'Integer')
     InternalServerException = Shapes::StructureShape.new(name: 'InternalServerException')
     InternetConfiguration = Shapes::StructureShape.new(name: 'InternetConfiguration')
+    IssueCode = Shapes::StringShape.new(name: 'IssueCode')
     IssuingAccount = Shapes::StringShape.new(name: 'IssuingAccount')
     KmsConstraintsKey = Shapes::StringShape.new(name: 'KmsConstraintsKey')
     KmsConstraintsMap = Shapes::MapShape.new(name: 'KmsConstraintsMap')
@@ -98,6 +99,7 @@ module Aws::AccessAnalyzer
     KmsKeyConfiguration = Shapes::StructureShape.new(name: 'KmsKeyConfiguration')
     KmsKeyPoliciesMap = Shapes::MapShape.new(name: 'KmsKeyPoliciesMap')
     KmsKeyPolicy = Shapes::StringShape.new(name: 'KmsKeyPolicy')
+    LearnMoreLink = Shapes::StringShape.new(name: 'LearnMoreLink')
     ListAccessPreviewFindingsRequest = Shapes::StructureShape.new(name: 'ListAccessPreviewFindingsRequest')
     ListAccessPreviewFindingsResponse = Shapes::StructureShape.new(name: 'ListAccessPreviewFindingsResponse')
     ListAccessPreviewsRequest = Shapes::StructureShape.new(name: 'ListAccessPreviewsRequest')
@@ -112,10 +114,18 @@ module Aws::AccessAnalyzer
     ListFindingsResponse = Shapes::StructureShape.new(name: 'ListFindingsResponse')
     ListTagsForResourceRequest = Shapes::StructureShape.new(name: 'ListTagsForResourceRequest')
     ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
+    Locale = Shapes::StringShape.new(name: 'Locale')
+    Location = Shapes::StructureShape.new(name: 'Location')
+    LocationList = Shapes::ListShape.new(name: 'LocationList')
     Name = Shapes::StringShape.new(name: 'Name')
     NetworkOriginConfiguration = Shapes::StructureShape.new(name: 'NetworkOriginConfiguration')
     OrderBy = Shapes::StringShape.new(name: 'OrderBy')
+    PathElement = Shapes::StructureShape.new(name: 'PathElement')
+    PathElementList = Shapes::ListShape.new(name: 'PathElementList')
+    PolicyDocument = Shapes::StringShape.new(name: 'PolicyDocument')
     PolicyName = Shapes::StringShape.new(name: 'PolicyName')
+    PolicyType = Shapes::StringShape.new(name: 'PolicyType')
+    Position = Shapes::StructureShape.new(name: 'Position')
     PrincipalMap = Shapes::MapShape.new(name: 'PrincipalMap')
     ReasonCode = Shapes::StringShape.new(name: 'ReasonCode')
     ResourceArn = Shapes::StringShape.new(name: 'ResourceArn')
@@ -135,11 +145,13 @@ module Aws::AccessAnalyzer
     ServiceQuotaExceededException = Shapes::StructureShape.new(name: 'ServiceQuotaExceededException')
     SharedViaList = Shapes::ListShape.new(name: 'SharedViaList')
     SortCriteria = Shapes::StructureShape.new(name: 'SortCriteria')
+    Span = Shapes::StructureShape.new(name: 'Span')
     SqsQueueConfiguration = Shapes::StructureShape.new(name: 'SqsQueueConfiguration')
     SqsQueuePolicy = Shapes::StringShape.new(name: 'SqsQueuePolicy')
     StartResourceScanRequest = Shapes::StructureShape.new(name: 'StartResourceScanRequest')
     StatusReason = Shapes::StructureShape.new(name: 'StatusReason')
     String = Shapes::StringShape.new(name: 'String')
+    Substring = Shapes::StructureShape.new(name: 'Substring')
     TagKeys = Shapes::ListShape.new(name: 'TagKeys')
     TagResourceRequest = Shapes::StructureShape.new(name: 'TagResourceRequest')
     TagResourceResponse = Shapes::StructureShape.new(name: 'TagResourceResponse')
@@ -152,6 +164,11 @@ module Aws::AccessAnalyzer
     UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
     UpdateArchiveRuleRequest = Shapes::StructureShape.new(name: 'UpdateArchiveRuleRequest')
     UpdateFindingsRequest = Shapes::StructureShape.new(name: 'UpdateFindingsRequest')
+    ValidatePolicyFinding = Shapes::StructureShape.new(name: 'ValidatePolicyFinding')
+    ValidatePolicyFindingList = Shapes::ListShape.new(name: 'ValidatePolicyFindingList')
+    ValidatePolicyFindingType = Shapes::StringShape.new(name: 'ValidatePolicyFindingType')
+    ValidatePolicyRequest = Shapes::StructureShape.new(name: 'ValidatePolicyRequest')
+    ValidatePolicyResponse = Shapes::StructureShape.new(name: 'ValidatePolicyResponse')
     ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
     ValidationExceptionField = Shapes::StructureShape.new(name: 'ValidationExceptionField')
     ValidationExceptionFieldList = Shapes::ListShape.new(name: 'ValidationExceptionFieldList')
@@ -498,10 +515,29 @@ module Aws::AccessAnalyzer
     ListTagsForResourceResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagsMap, location_name: "tags"))
     ListTagsForResourceResponse.struct_class = Types::ListTagsForResourceResponse
 
+    Location.add_member(:path, Shapes::ShapeRef.new(shape: PathElementList, required: true, location_name: "path"))
+    Location.add_member(:span, Shapes::ShapeRef.new(shape: Span, required: true, location_name: "span"))
+    Location.struct_class = Types::Location
+
+    LocationList.member = Shapes::ShapeRef.new(shape: Location)
+
     NetworkOriginConfiguration.add_member(:internet_configuration, Shapes::ShapeRef.new(shape: InternetConfiguration, location_name: "internetConfiguration"))
     NetworkOriginConfiguration.add_member(:vpc_configuration, Shapes::ShapeRef.new(shape: VpcConfiguration, location_name: "vpcConfiguration"))
     NetworkOriginConfiguration.struct_class = Types::NetworkOriginConfiguration
 
+    PathElement.add_member(:index, Shapes::ShapeRef.new(shape: Integer, location_name: "index"))
+    PathElement.add_member(:key, Shapes::ShapeRef.new(shape: String, location_name: "key"))
+    PathElement.add_member(:substring, Shapes::ShapeRef.new(shape: Substring, location_name: "substring"))
+    PathElement.add_member(:value, Shapes::ShapeRef.new(shape: String, location_name: "value"))
+    PathElement.struct_class = Types::PathElement
+
+    PathElementList.member = Shapes::ShapeRef.new(shape: PathElement)
+
+    Position.add_member(:column, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "column"))
+    Position.add_member(:line, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "line"))
+    Position.add_member(:offset, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "offset"))
+    Position.struct_class = Types::Position
+
     PrincipalMap.key = Shapes::ShapeRef.new(shape: String)
     PrincipalMap.value = Shapes::ShapeRef.new(shape: String)
 
@@ -549,6 +585,10 @@ module Aws::AccessAnalyzer
     SortCriteria.add_member(:order_by, Shapes::ShapeRef.new(shape: OrderBy, location_name: "orderBy"))
     SortCriteria.struct_class = Types::SortCriteria
 
+    Span.add_member(:end, Shapes::ShapeRef.new(shape: Position, required: true, location_name: "end"))
+    Span.add_member(:start, Shapes::ShapeRef.new(shape: Position, required: true, location_name: "start"))
+    Span.struct_class = Types::Span
+
     SqsQueueConfiguration.add_member(:queue_policy, Shapes::ShapeRef.new(shape: SqsQueuePolicy, location_name: "queuePolicy"))
     SqsQueueConfiguration.struct_class = Types::SqsQueueConfiguration
 
@@ -559,6 +599,10 @@ module Aws::AccessAnalyzer
     StatusReason.add_member(:code, Shapes::ShapeRef.new(shape: ReasonCode, required: true, location_name: "code"))
     StatusReason.struct_class = Types::StatusReason
 
+    Substring.add_member(:length, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "length"))
+    Substring.add_member(:start, Shapes::ShapeRef.new(shape: Integer, required: true, location_name: "start"))
+    Substring.struct_class = Types::Substring
+
     TagKeys.member = Shapes::ShapeRef.new(shape: String)
 
     TagResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "resourceArn"))
@@ -593,6 +637,26 @@ module Aws::AccessAnalyzer
     UpdateFindingsRequest.add_member(:status, Shapes::ShapeRef.new(shape: FindingStatusUpdate, required: true, location_name: "status"))
     UpdateFindingsRequest.struct_class = Types::UpdateFindingsRequest
 
+    ValidatePolicyFinding.add_member(:finding_details, Shapes::ShapeRef.new(shape: String, required: true, location_name: "findingDetails"))
+    ValidatePolicyFinding.add_member(:finding_type, Shapes::ShapeRef.new(shape: ValidatePolicyFindingType, required: true, location_name: "findingType"))
+    ValidatePolicyFinding.add_member(:issue_code, Shapes::ShapeRef.new(shape: IssueCode, required: true, location_name: "issueCode"))
+    ValidatePolicyFinding.add_member(:learn_more_link, Shapes::ShapeRef.new(shape: LearnMoreLink, required: true, location_name: "learnMoreLink"))
+    ValidatePolicyFinding.add_member(:locations, Shapes::ShapeRef.new(shape: LocationList, required: true, location_name: "locations"))
+    ValidatePolicyFinding.struct_class = Types::ValidatePolicyFinding
+
+    ValidatePolicyFindingList.member = Shapes::ShapeRef.new(shape: ValidatePolicyFinding)
+
+    ValidatePolicyRequest.add_member(:locale, Shapes::ShapeRef.new(shape: Locale, location_name: "locale"))
+    ValidatePolicyRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: Integer, location: "querystring", location_name: "maxResults"))
+    ValidatePolicyRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location: "querystring", location_name: "nextToken"))
+    ValidatePolicyRequest.add_member(:policy_document, Shapes::ShapeRef.new(shape: PolicyDocument, required: true, location_name: "policyDocument"))
+    ValidatePolicyRequest.add_member(:policy_type, Shapes::ShapeRef.new(shape: PolicyType, required: true, location_name: "policyType"))
+    ValidatePolicyRequest.struct_class = Types::ValidatePolicyRequest
+
+    ValidatePolicyResponse.add_member(:findings, Shapes::ShapeRef.new(shape: ValidatePolicyFindingList, required: true, location_name: "findings"))
+    ValidatePolicyResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location_name: "nextToken"))
+    ValidatePolicyResponse.struct_class = Types::ValidatePolicyResponse
+
     ValidationException.add_member(:field_list, Shapes::ShapeRef.new(shape: ValidationExceptionFieldList, location_name: "fieldList"))
     ValidationException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     ValidationException.add_member(:reason, Shapes::ShapeRef.new(shape: ValidationExceptionReason, required: true, location_name: "reason"))
@@ -965,6 +1029,24 @@ module Aws::AccessAnalyzer
         o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
+
+      api.add_operation(:validate_policy, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ValidatePolicy"
+        o.http_method = "POST"
+        o.http_request_uri = "/policy/validation"
+        o.input = Shapes::ShapeRef.new(shape: ValidatePolicyRequest)
+        o.output = Shapes::ShapeRef.new(shape: ValidatePolicyResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
     end
 
   end

data/lib/aws-sdk-accessanalyzer/types.rb

@@ -2111,6 +2111,26 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # A location in a policy that is represented as a path through the JSON
+    # representation and a corresponding span.
+    #
+    # @!attribute [rw] path
+    #   A path in a policy, represented as a sequence of path elements.
+    #   @return [Array<Types::PathElement>]
+    #
+    # @!attribute [rw] span
+    #   A span in a policy.
+    #   @return [Types::Span]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Location AWS API Documentation
+    #
+    class Location < Struct.new(
+      :path,
+      :span)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The proposed `InternetConfiguration` or `VpcConfiguration` to apply to
     # the Amazon S3 Access point. You can make the access point accessible
     # from the internet, or you can specify that all requests made through
@@ -2157,6 +2177,61 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # A single element in a path through the JSON representation of a
+    # policy.
+    #
+    # @!attribute [rw] index
+    #   Refers to an index in a JSON array.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] key
+    #   Refers to a key in a JSON object.
+    #   @return [String]
+    #
+    # @!attribute [rw] substring
+    #   Refers to a substring of a literal string in a JSON object.
+    #   @return [Types::Substring]
+    #
+    # @!attribute [rw] value
+    #   Refers to the value associated with a given key in a JSON object.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/PathElement AWS API Documentation
+    #
+    class PathElement < Struct.new(
+      :index,
+      :key,
+      :substring,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A position in a policy.
+    #
+    # @!attribute [rw] column
+    #   The column of the position, starting from 0.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] line
+    #   The line of the position, starting from 1.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] offset
+    #   The offset within the policy that corresponds to the position,
+    #   starting from 0.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Position AWS API Documentation
+    #
+    class Position < Struct.new(
+      :column,
+      :line,
+      :offset)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The specified resource could not be found.
     #
     # @!attribute [rw] message
@@ -2502,6 +2577,26 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # A span in a policy. The span consists of a start position (inclusive)
+    # and end position (exclusive).
+    #
+    # @!attribute [rw] end
+    #   The end position of the span (exclusive).
+    #   @return [Types::Position]
+    #
+    # @!attribute [rw] start
+    #   The start position of the span (inclusive).
+    #   @return [Types::Position]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Span AWS API Documentation
+    #
+    class Span < Struct.new(
+      :end,
+      :start)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The proposed access control configuration for an SQS queue. You can
     # propose a configuration for a new SQS queue or an existing SQS queue
     # that you own by specifying the SQS policy. If the configuration is for
@@ -2586,6 +2681,25 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # A reference to a substring of a literal string in a JSON document.
+    #
+    # @!attribute [rw] length
+    #   The length of the substring.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] start
+    #   The start index of the substring, starting from 0.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Substring AWS API Documentation
+    #
+    class Substring < Struct.new(
+      :length,
+      :start)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Adds a tag to the specified resource.
     #
     # @note When making an API call, you may pass TagResourceRequest
@@ -2777,6 +2891,127 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # A finding in a policy. Each finding is an actionable recommendation
+    # that can be used to improve the policy.
+    #
+    # @!attribute [rw] finding_details
+    #   A localized message that explains the finding and provides guidance
+    #   on how to address it.
+    #   @return [String]
+    #
+    # @!attribute [rw] finding_type
+    #   The impact of the finding.
+    #
+    #   Security warnings report when the policy allows access that we
+    #   consider overly permissive.
+    #
+    #   Errors report when a part of the policy is not functional.
+    #
+    #   Warnings report non-security issues when a policy does not conform
+    #   to policy writing best practices.
+    #
+    #   Suggestions recommend stylistic improvements in the policy that do
+    #   not impact access.
+    #   @return [String]
+    #
+    # @!attribute [rw] issue_code
+    #   The issue code provides an identifier of the issue associated with
+    #   this finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] learn_more_link
+    #   A link to additional documentation about the type of finding.
+    #   @return [String]
+    #
+    # @!attribute [rw] locations
+    #   The list of locations in the policy document that are related to the
+    #   finding. The issue code provides a summary of an issue identified by
+    #   the finding.
+    #   @return [Array<Types::Location>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyFinding AWS API Documentation
+    #
+    class ValidatePolicyFinding < Struct.new(
+      :finding_details,
+      :finding_type,
+      :issue_code,
+      :learn_more_link,
+      :locations)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass ValidatePolicyRequest
+    #   data as a hash:
+    #
+    #       {
+    #         locale: "DE", # accepts DE, EN, ES, FR, IT, JA, KO, PT_BR, ZH_CN, ZH_TW
+    #         max_results: 1,
+    #         next_token: "Token",
+    #         policy_document: "PolicyDocument", # required
+    #         policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
+    #       }
+    #
+    # @!attribute [rw] locale
+    #   The locale to use for localizing the findings.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results to return in the response.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   A token used for pagination of results returned.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_document
+    #   The JSON policy document to use as the content for the policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_type
+    #   The type of policy to validate. Identity policies grant permissions
+    #   to IAM principals. Identity policies include managed and inline
+    #   policies for IAM roles, users, and groups. They also include
+    #   service-control policies (SCPs) that are attached to an AWS
+    #   organization, organizational unit (OU), or an account.
+    #
+    #   Resource policies grant permissions on AWS resources. Resource
+    #   policies include trust policies for IAM roles and bucket policies
+    #   for S3 buckets. You can provide a generic input such as identity
+    #   policy or resource policy or a specific input such as managed policy
+    #   or S3 bucket policy.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyRequest AWS API Documentation
+    #
+    class ValidatePolicyRequest < Struct.new(
+      :locale,
+      :max_results,
+      :next_token,
+      :policy_document,
+      :policy_type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] findings
+    #   The list of findings in a policy returned by Access Analyzer based
+    #   on its suite of policy checks.
+    #   @return [Array<Types::ValidatePolicyFinding>]
+    #
+    # @!attribute [rw] next_token
+    #   A token used for pagination of results returned.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyResponse AWS API Documentation
+    #
+    class ValidatePolicyResponse < Struct.new(
+      :findings,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Validation exception error.
     #
     # @!attribute [rw] field_list

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-accessanalyzer
 version: !ruby/object:Gem::Version
-  version: 1.17.0
+  version: 1.18.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-10 00:00:00.000000000 Z
+date: 2021-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core