RubyGems - aws-sdk-accessanalyzer - Versions diffs - 1.25.0 → 1.26.0 - Mend

aws-sdk-accessanalyzer 1.25.0 → 1.26.0

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/VERSION +1 -1
data/lib/aws-sdk-accessanalyzer/client.rb +18 -2
data/lib/aws-sdk-accessanalyzer/client_api.rb +2 -0
data/lib/aws-sdk-accessanalyzer/types.rb +24 -7
data/lib/aws-sdk-accessanalyzer.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c1f609a49569e581f43729ba536059295d99accec3f3cec802bae646e2dccb78
-  data.tar.gz: 250721619bac6f9546fc706ef9a7acbfd65049189e8f5e5a83ac30ed67934a7a
+  metadata.gz: 1342cd4f47db2ecf75338f34ad04cc82ff152dac1de6eff3db4b8201cbf1edff
+  data.tar.gz: 12528aefa563f1de3dc8cc9c38b1348bc4fd94a148dfa37ed4eca5cf9dc6343a
 SHA512:
-  metadata.gz: e1eba15a8f18c067a4ff706c8bdeabeea4521a5de980c5b126f0f85e78ae41a3c6acd439570c73ba025b5ef9083f9cb41f555e4c244f337809423ea099082672
-  data.tar.gz: d2f851355c995c91957e2951501866c2b7a31f01bd4352a51c37411781929dbf94cddf20d7fb1fc5f1677ab5b25e23296a325a84886b7f2137349656981d0682
+  metadata.gz: 1ca05166f5530d95105fcfbfc1ff2f9d42ab77e7f6f3c1f55902394c696ae0c2f71af93fa3b3fd54b93d1ea2a8ca9412df5e5cf1ca99988c060b86f067452bdc
+  data.tar.gz: 71739b092dd991d1356836a103f7776d25894ea191cf64d8745ade87db3003ab4859654eb5336a847ff5d67bcac50c5687aaf34a5ddcb56a6e4c9031e3e1b9f9

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
+1.26.0 (2021-11-30)
+------------------
+* Feature - AWS IAM Access Analyzer now supports policy validation for resource policies attached to S3 buckets and access points. You can run additional policy checks by specifying the S3 resource type you want to attach to your resource policy.
 1.25.0 (2021-11-04)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.25.0
1	+ 1.26.0

data/lib/aws-sdk-accessanalyzer/client.rb CHANGED Viewed

@@ -119,7 +119,9 @@ module Aws::AccessAnalyzer
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
     #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts.
+    #       enable retries and extended timeouts. Instance profile credential
+    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
+    #       to true.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -1740,6 +1742,19 @@ module Aws::AccessAnalyzer
     #   as identity policy or resource policy or a specific input such as
     #   managed policy or Amazon S3 bucket policy.
     #
+    # @option params [String] :validate_policy_resource_type
+    #   The type of resource to attach to your resource policy. Specify a
+    #   value for the policy validation resource type only if the policy type
+    #   is `RESOURCE_POLICY`. For example, to validate a resource policy to
+    #   attach to an Amazon S3 bucket, you can choose `AWS::S3::Bucket` for
+    #   the policy validation resource type.
+    #
+    #   For resource types not supported as valid values, IAM Access Analyzer
+    #   runs policy checks that apply to all resource policies. For example,
+    #   to validate a resource policy to attach to a KMS key, do not specify a
+    #   value for the policy validation resource type and IAM Access Analyzer
+    #   will run policy checks that apply to all resource policies.
+    #
     # @return [Types::ValidatePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ValidatePolicyResponse#findings #findings} => Array&lt;Types::ValidatePolicyFinding&gt;
@@ -1755,6 +1770,7 @@ module Aws::AccessAnalyzer
     #     next_token: "Token",
     #     policy_document: "PolicyDocument", # required
     #     policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
+    #     validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
     #   })
     #
     # @example Response structure
@@ -1801,7 +1817,7 @@ module Aws::AccessAnalyzer
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-accessanalyzer'
-      context[:gem_version] = '1.25.0'
+      context[:gem_version] = '1.26.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-accessanalyzer/client_api.rb CHANGED Viewed

@@ -199,6 +199,7 @@ module Aws::AccessAnalyzer
     ValidatePolicyFindingList = Shapes::ListShape.new(name: 'ValidatePolicyFindingList')
     ValidatePolicyFindingType = Shapes::StringShape.new(name: 'ValidatePolicyFindingType')
     ValidatePolicyRequest = Shapes::StructureShape.new(name: 'ValidatePolicyRequest')
+    ValidatePolicyResourceType = Shapes::StringShape.new(name: 'ValidatePolicyResourceType')
     ValidatePolicyResponse = Shapes::StructureShape.new(name: 'ValidatePolicyResponse')
     ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
     ValidationExceptionField = Shapes::StructureShape.new(name: 'ValidationExceptionField')
@@ -798,6 +799,7 @@ module Aws::AccessAnalyzer
     ValidatePolicyRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: Token, location: "querystring", location_name: "nextToken"))
     ValidatePolicyRequest.add_member(:policy_document, Shapes::ShapeRef.new(shape: PolicyDocument, required: true, location_name: "policyDocument"))
     ValidatePolicyRequest.add_member(:policy_type, Shapes::ShapeRef.new(shape: PolicyType, required: true, location_name: "policyType"))
+    ValidatePolicyRequest.add_member(:validate_policy_resource_type, Shapes::ShapeRef.new(shape: ValidatePolicyResourceType, location_name: "validatePolicyResourceType"))
     ValidatePolicyRequest.struct_class = Types::ValidatePolicyRequest
     ValidatePolicyResponse.add_member(:findings, Shapes::ShapeRef.new(shape: ValidatePolicyFindingList, required: true, location_name: "findings"))

data/lib/aws-sdk-accessanalyzer/types.rb CHANGED Viewed

@@ -2867,10 +2867,11 @@ module Aws::AccessAnalyzer
     # without a policy. To propose deletion of an existing policy, you can
     # specify an empty string. If the proposed configuration is for a new
     # secret and you do not specify the KMS key ID, the access preview uses
-    # the default CMK of the Amazon Web Services account. If you specify an
-    # empty string for the KMS key ID, the access preview uses the default
-    # CMK of the Amazon Web Services account. For more information about
-    # secret policy limits, see [Quotas for Secrets Manager.][2].
+    # the Amazon Web Services managed key `aws/secretsmanager`. If you
+    # specify an empty string for the KMS key ID, the access preview uses
+    # the Amazon Web Services managed key of the Amazon Web Services
+    # account. For more information about secret policy limits, see [Quotas
+    # for Secrets Manager.][2].
     #
     #
     #
@@ -2886,8 +2887,7 @@ module Aws::AccessAnalyzer
     #       }
     #
     # @!attribute [rw] kms_key_id
-    #   The proposed ARN, key ID, or alias of the KMS customer master key
-    #   (CMK).
+    #   The proposed ARN, key ID, or alias of the KMS key.
     #   @return [String]
     #
     # @!attribute [rw] secret_policy
@@ -3467,6 +3467,7 @@ module Aws::AccessAnalyzer
     #         next_token: "Token",
     #         policy_document: "PolicyDocument", # required
     #         policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
+    #         validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint
     #       }
     #
     # @!attribute [rw] locale
@@ -3499,6 +3500,21 @@ module Aws::AccessAnalyzer
     #   such as managed policy or Amazon S3 bucket policy.
     #   @return [String]
     #
+    # @!attribute [rw] validate_policy_resource_type
+    #   The type of resource to attach to your resource policy. Specify a
+    #   value for the policy validation resource type only if the policy
+    #   type is `RESOURCE_POLICY`. For example, to validate a resource
+    #   policy to attach to an Amazon S3 bucket, you can choose
+    #   `AWS::S3::Bucket` for the policy validation resource type.
+    #
+    #   For resource types not supported as valid values, IAM Access
+    #   Analyzer runs policy checks that apply to all resource policies. For
+    #   example, to validate a resource policy to attach to a KMS key, do
+    #   not specify a value for the policy validation resource type and IAM
+    #   Access Analyzer will run policy checks that apply to all resource
+    #   policies.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ValidatePolicyRequest AWS API Documentation
     #
     class ValidatePolicyRequest < Struct.new(
@@ -3506,7 +3522,8 @@ module Aws::AccessAnalyzer
       :max_results,
       :next_token,
       :policy_document,
-      :policy_type)
+      :policy_type,
+      :validate_policy_resource_type)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-accessanalyzer.rb CHANGED Viewed

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-accessanalyzer/customizations'
 # @!group service
 module Aws::AccessAnalyzer
-  GEM_VERSION = '1.25.0'
+  GEM_VERSION = '1.26.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-accessanalyzer
 version: !ruby/object:Gem::Version
-  version: 1.25.0
+  version: 1.26.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-11-04 00:00:00.000000000 Z
+date: 2021-11-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core