aws-sdk-accessanalyzer 1.46.0 → 1.47.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: de74ac7ea07e298ce1f27abd56bbdbb0d453326d41bc6cfc8c99e354d0378084
-  data.tar.gz: 13215496a791944b864713f93a19c5ca28a0a542af8e2c2f9ca63e9f3280c74b
+  metadata.gz: 1363b0ba0d7d73dccaebdfc04876afb44af0a5ccb7acd99d7ce5d769a29bb2d1
+  data.tar.gz: 4d6b90090737f7a155e2fac6dba04ff7fc166c3a4d55a1c392c4819fc011127a
 SHA512:
-  metadata.gz: fca86b1cd0dd7a060690e5ba2839ab1f0601c4896f94982fb65c3d7c38a2e313d7eac81eda643d62a1c119f158acdef584a1fcadc6a50ddf3ff3952aa377097e
-  data.tar.gz: 6647fa0e5b066738ebe9c195853c43b8a6c858f3fcf2feaf69d7aea815439dc63b84b353b1d85ecc467693454f9572a52825aae463895a7c44a5ad1281deef50
+  metadata.gz: 1788586b538671dc7112774da7670a960e2207cd3b9cb8c8fa0fb28c05ff59990a67d7c8d517b53a6343239c568ffda00c5bac053c2312efc646085a0c796f44
+  data.tar.gz: def12bdd8e791b4ca777bd68c27c45d3e42148247b6a693fca28ec61fedc5a6fae16a826c7660632c40b15ef6e4e8c8d19ba3c8041c57024e1518add4693a964

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.47.0 (2024-03-20)
+------------------
+
+* Feature - This release adds support for policy validation and external access findings for DynamoDB tables and streams. IAM Access Analyzer helps you author functional and secure resource-based policies and identify cross-account access. Updated service API, documentation, and paginators.
+
 1.46.0 (2024-03-01)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.46.0
+1.47.0

data/lib/aws-sdk-accessanalyzer/client.rb

@@ -698,6 +698,12 @@ module Aws::AccessAnalyzer
     #         s3_express_directory_bucket: {
     #           bucket_policy: "S3ExpressDirectoryBucketPolicy",
     #         },
+    #         dynamodb_stream: {
+    #           stream_policy: "DynamodbStreamPolicy",
+    #         },
+    #         dynamodb_table: {
+    #           table_policy: "DynamodbTablePolicy",
+    #         },
     #       },
     #     },
     #     client_token: "String",
@@ -986,6 +992,8 @@ module Aws::AccessAnalyzer
     #   resp.access_preview.configurations["ConfigurationsMapKey"].sns_topic.topic_policy #=> String
     #   resp.access_preview.configurations["ConfigurationsMapKey"].sqs_queue.queue_policy #=> String
     #   resp.access_preview.configurations["ConfigurationsMapKey"].s3_express_directory_bucket.bucket_policy #=> String
+    #   resp.access_preview.configurations["ConfigurationsMapKey"].dynamodb_stream.stream_policy #=> String
+    #   resp.access_preview.configurations["ConfigurationsMapKey"].dynamodb_table.table_policy #=> String
     #   resp.access_preview.created_at #=> Time
     #   resp.access_preview.status #=> String, one of "COMPLETED", "CREATING", "FAILED"
     #   resp.access_preview.status_reason.code #=> String, one of "INTERNAL_ERROR", "INVALID_CONFIGURATION"
@@ -1025,7 +1033,7 @@ module Aws::AccessAnalyzer
     # @example Response structure
     #
     #   resp.resource.resource_arn #=> String
-    #   resp.resource.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket"
+    #   resp.resource.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream"
     #   resp.resource.created_at #=> Time
     #   resp.resource.analyzed_at #=> Time
     #   resp.resource.updated_at #=> Time
@@ -1169,7 +1177,7 @@ module Aws::AccessAnalyzer
     #   resp.finding.action[0] #=> String
     #   resp.finding.resource #=> String
     #   resp.finding.is_public #=> Boolean
-    #   resp.finding.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket"
+    #   resp.finding.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream"
     #   resp.finding.condition #=> Hash
     #   resp.finding.condition["String"] #=> String
     #   resp.finding.created_at #=> Time
@@ -1247,7 +1255,7 @@ module Aws::AccessAnalyzer
     #   resp.id #=> String
     #   resp.next_token #=> String
     #   resp.resource #=> String
-    #   resp.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket"
+    #   resp.resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream"
     #   resp.resource_owner_account #=> String
     #   resp.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
     #   resp.updated_at #=> Time
@@ -1410,7 +1418,7 @@ module Aws::AccessAnalyzer
     #   resp.findings[0].condition["String"] #=> String
     #   resp.findings[0].resource #=> String
     #   resp.findings[0].is_public #=> Boolean
-    #   resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket"
+    #   resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream"
     #   resp.findings[0].created_at #=> Time
     #   resp.findings[0].change_type #=> String, one of "CHANGED", "NEW", "UNCHANGED"
     #   resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
@@ -1512,7 +1520,7 @@ module Aws::AccessAnalyzer
     #
     #   resp = client.list_analyzed_resources({
     #     analyzer_arn: "AnalyzerArn", # required
-    #     resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic, AWS::S3Express::DirectoryBucket
+    #     resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic, AWS::S3Express::DirectoryBucket, AWS::DynamoDB::Table, AWS::DynamoDB::Stream
     #     next_token: "Token",
     #     max_results: 1,
     #   })
@@ -1522,7 +1530,7 @@ module Aws::AccessAnalyzer
     #   resp.analyzed_resources #=> Array
     #   resp.analyzed_resources[0].resource_arn #=> String
     #   resp.analyzed_resources[0].resource_owner_account #=> String
-    #   resp.analyzed_resources[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket"
+    #   resp.analyzed_resources[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResources AWS API Documentation
@@ -1706,7 +1714,7 @@ module Aws::AccessAnalyzer
     #   resp.findings[0].action[0] #=> String
     #   resp.findings[0].resource #=> String
     #   resp.findings[0].is_public #=> Boolean
-    #   resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket"
+    #   resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream"
     #   resp.findings[0].condition #=> Hash
     #   resp.findings[0].condition["String"] #=> String
     #   resp.findings[0].created_at #=> Time
@@ -1798,7 +1806,7 @@ module Aws::AccessAnalyzer
     #   resp.findings[0].error #=> String
     #   resp.findings[0].id #=> String
     #   resp.findings[0].resource #=> String
-    #   resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket"
+    #   resp.findings[0].resource_type #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream"
     #   resp.findings[0].resource_owner_account #=> String
     #   resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
     #   resp.findings[0].updated_at #=> Time
@@ -2196,7 +2204,7 @@ module Aws::AccessAnalyzer
     #     next_token: "Token",
     #     policy_document: "PolicyDocument", # required
     #     policy_type: "IDENTITY_POLICY", # required, accepts IDENTITY_POLICY, RESOURCE_POLICY, SERVICE_CONTROL_POLICY
-    #     validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument
+    #     validate_policy_resource_type: "AWS::S3::Bucket", # accepts AWS::S3::Bucket, AWS::S3::AccessPoint, AWS::S3::MultiRegionAccessPoint, AWS::S3ObjectLambda::AccessPoint, AWS::IAM::AssumeRolePolicyDocument, AWS::DynamoDB::Table
     #   })
     #
     # @example Response structure
@@ -2243,7 +2251,7 @@ module Aws::AccessAnalyzer
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-accessanalyzer'
-      context[:gem_version] = '1.46.0'
+      context[:gem_version] = '1.47.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-accessanalyzer/client_api.rb

@@ -73,6 +73,10 @@ module Aws::AccessAnalyzer
     Criterion = Shapes::StructureShape.new(name: 'Criterion')
     DeleteAnalyzerRequest = Shapes::StructureShape.new(name: 'DeleteAnalyzerRequest')
     DeleteArchiveRuleRequest = Shapes::StructureShape.new(name: 'DeleteArchiveRuleRequest')
+    DynamodbStreamConfiguration = Shapes::StructureShape.new(name: 'DynamodbStreamConfiguration')
+    DynamodbStreamPolicy = Shapes::StringShape.new(name: 'DynamodbStreamPolicy')
+    DynamodbTableConfiguration = Shapes::StructureShape.new(name: 'DynamodbTableConfiguration')
+    DynamodbTablePolicy = Shapes::StringShape.new(name: 'DynamodbTablePolicy')
     EbsGroup = Shapes::StringShape.new(name: 'EbsGroup')
     EbsGroupList = Shapes::ListShape.new(name: 'EbsGroupList')
     EbsSnapshotConfiguration = Shapes::StructureShape.new(name: 'EbsSnapshotConfiguration')
@@ -434,6 +438,8 @@ module Aws::AccessAnalyzer
     Configuration.add_member(:sns_topic, Shapes::ShapeRef.new(shape: SnsTopicConfiguration, location_name: "snsTopic"))
     Configuration.add_member(:sqs_queue, Shapes::ShapeRef.new(shape: SqsQueueConfiguration, location_name: "sqsQueue"))
     Configuration.add_member(:s3_express_directory_bucket, Shapes::ShapeRef.new(shape: S3ExpressDirectoryBucketConfiguration, location_name: "s3ExpressDirectoryBucket"))
+    Configuration.add_member(:dynamodb_stream, Shapes::ShapeRef.new(shape: DynamodbStreamConfiguration, location_name: "dynamodbStream"))
+    Configuration.add_member(:dynamodb_table, Shapes::ShapeRef.new(shape: DynamodbTableConfiguration, location_name: "dynamodbTable"))
     Configuration.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
     Configuration.add_member_subclass(:ebs_snapshot, Types::Configuration::EbsSnapshot)
     Configuration.add_member_subclass(:ecr_repository, Types::Configuration::EcrRepository)
@@ -447,6 +453,8 @@ module Aws::AccessAnalyzer
     Configuration.add_member_subclass(:sns_topic, Types::Configuration::SnsTopic)
     Configuration.add_member_subclass(:sqs_queue, Types::Configuration::SqsQueue)
     Configuration.add_member_subclass(:s3_express_directory_bucket, Types::Configuration::S3ExpressDirectoryBucket)
+    Configuration.add_member_subclass(:dynamodb_stream, Types::Configuration::DynamodbStream)
+    Configuration.add_member_subclass(:dynamodb_table, Types::Configuration::DynamodbTable)
     Configuration.add_member_subclass(:unknown, Types::Configuration::Unknown)
     Configuration.struct_class = Types::Configuration
 
@@ -498,6 +506,12 @@ module Aws::AccessAnalyzer
     DeleteArchiveRuleRequest.add_member(:client_token, Shapes::ShapeRef.new(shape: String, location: "querystring", location_name: "clientToken", metadata: {"idempotencyToken"=>true}))
     DeleteArchiveRuleRequest.struct_class = Types::DeleteArchiveRuleRequest
 
+    DynamodbStreamConfiguration.add_member(:stream_policy, Shapes::ShapeRef.new(shape: DynamodbStreamPolicy, location_name: "streamPolicy"))
+    DynamodbStreamConfiguration.struct_class = Types::DynamodbStreamConfiguration
+
+    DynamodbTableConfiguration.add_member(:table_policy, Shapes::ShapeRef.new(shape: DynamodbTablePolicy, location_name: "tablePolicy"))
+    DynamodbTableConfiguration.struct_class = Types::DynamodbTableConfiguration
+
     EbsGroupList.member = Shapes::ShapeRef.new(shape: EbsGroup)
 
     EbsSnapshotConfiguration.add_member(:user_ids, Shapes::ShapeRef.new(shape: EbsUserIdList, location_name: "userIds"))

data/lib/aws-sdk-accessanalyzer/types.rb

@@ -806,6 +806,14 @@ module Aws::AccessAnalyzer
     #   bucket.
     #   @return [Types::S3ExpressDirectoryBucketConfiguration]
     #
+    # @!attribute [rw] dynamodb_stream
+    #   The access control configuration is for a DynamoDB stream.
+    #   @return [Types::DynamodbStreamConfiguration]
+    #
+    # @!attribute [rw] dynamodb_table
+    #   The access control configuration is for a DynamoDB table or index.
+    #   @return [Types::DynamodbTableConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/Configuration AWS API Documentation
     #
     class Configuration < Struct.new(
@@ -821,6 +829,8 @@ module Aws::AccessAnalyzer
       :sns_topic,
       :sqs_queue,
       :s3_express_directory_bucket,
+      :dynamodb_stream,
+      :dynamodb_table,
       :unknown)
       SENSITIVE = []
       include Aws::Structure
@@ -838,6 +848,8 @@ module Aws::AccessAnalyzer
       class SnsTopic < Configuration; end
       class SqsQueue < Configuration; end
       class S3ExpressDirectoryBucket < Configuration; end
+      class DynamodbStream < Configuration; end
+      class DynamodbTable < Configuration; end
       class Unknown < Configuration; end
     end
 
@@ -1097,6 +1109,73 @@ module Aws::AccessAnalyzer
       include Aws::Structure
     end
 
+    # The proposed access control configuration for a DynamoDB stream. You
+    # can propose a configuration for a new DynamoDB stream or an existing
+    # DynamoDB stream that you own by specifying the policy for the DynamoDB
+    # stream. For more information, see [PutResourcePolicy][1].
+    #
+    # * If the configuration is for an existing DynamoDB stream and you do
+    #   not specify the DynamoDB policy, then the access preview uses the
+    #   existing DynamoDB policy for the stream.
+    #
+    # * If the access preview is for a new resource and you do not specify
+    #   the policy, then the access preview assumes a DynamoDB stream
+    #   without a policy.
+    #
+    # * To propose deletion of an existing DynamoDB stream policy, you can
+    #   specify an empty string for the DynamoDB policy.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_PutResourcePolicy.html
+    #
+    # @!attribute [rw] stream_policy
+    #   The proposed resource policy defining who can access or manage the
+    #   DynamoDB stream.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/DynamodbStreamConfiguration AWS API Documentation
+    #
+    class DynamodbStreamConfiguration < Struct.new(
+      :stream_policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The proposed access control configuration for a DynamoDB table or
+    # index. You can propose a configuration for a new DynamoDB table or
+    # index or an existing DynamoDB table or index that you own by
+    # specifying the policy for the DynamoDB table or index. For more
+    # information, see [PutResourcePolicy][1].
+    #
+    # * If the configuration is for an existing DynamoDB table or index and
+    #   you do not specify the DynamoDB policy, then the access preview uses
+    #   the existing DynamoDB policy for the table or index.
+    #
+    # * If the access preview is for a new resource and you do not specify
+    #   the policy, then the access preview assumes a DynamoDB table without
+    #   a policy.
+    #
+    # * To propose deletion of an existing DynamoDB table or index policy,
+    #   you can specify an empty string for the DynamoDB policy.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_PutResourcePolicy.html
+    #
+    # @!attribute [rw] table_policy
+    #   The proposed resource policy defining who can access or manage the
+    #   DynamoDB table.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/DynamodbTableConfiguration AWS API Documentation
+    #
+    class DynamodbTableConfiguration < Struct.new(
+      :table_policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The proposed access control configuration for an Amazon EBS volume
     # snapshot. You can propose a configuration for a new Amazon EBS volume
     # snapshot or an Amazon EBS volume snapshot that you own by specifying

data/lib/aws-sdk-accessanalyzer.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-accessanalyzer/customizations'
 # @!group service
 module Aws::AccessAnalyzer
 
-  GEM_VERSION = '1.46.0'
+  GEM_VERSION = '1.47.0'
 
 end

data/sig/client.rbs

@@ -212,6 +212,12 @@ module Aws
                                        }?,
                                        s3_express_directory_bucket: {
                                          bucket_policy: ::String?
+                                       }?,
+                                       dynamodb_stream: {
+                                         stream_policy: ::String?
+                                       }?,
+                                       dynamodb_table: {
+                                         table_policy: ::String?
                                        }?
                                      }],
                                    ?client_token: ::String
@@ -337,7 +343,7 @@ module Aws
         def id: () -> ::String
         def next_token: () -> ::String
         def resource: () -> ::String
-        def resource_type: () -> ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
+        def resource_type: () -> ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
         def resource_owner_account: () -> ::String
         def status: () -> ("ACTIVE" | "ARCHIVED" | "RESOLVED")
         def updated_at: () -> ::Time
@@ -407,7 +413,7 @@ module Aws
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AccessAnalyzer/Client.html#list_analyzed_resources-instance_method
       def list_analyzed_resources: (
                                      analyzer_arn: ::String,
-                                     ?resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket"),
+                                     ?resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream"),
                                      ?next_token: ::String,
                                      ?max_results: ::Integer
                                    ) -> _ListAnalyzedResourcesResponseSuccess
@@ -597,7 +603,7 @@ module Aws
                              ?next_token: ::String,
                              policy_document: ::String,
                              policy_type: ("IDENTITY_POLICY" | "RESOURCE_POLICY" | "SERVICE_CONTROL_POLICY"),
-                             ?validate_policy_resource_type: ("AWS::S3::Bucket" | "AWS::S3::AccessPoint" | "AWS::S3::MultiRegionAccessPoint" | "AWS::S3ObjectLambda::AccessPoint" | "AWS::IAM::AssumeRolePolicyDocument")
+                             ?validate_policy_resource_type: ("AWS::S3::Bucket" | "AWS::S3::AccessPoint" | "AWS::S3::MultiRegionAccessPoint" | "AWS::S3ObjectLambda::AccessPoint" | "AWS::IAM::AssumeRolePolicyDocument" | "AWS::DynamoDB::Table")
                            ) -> _ValidatePolicyResponseSuccess
                          | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ValidatePolicyResponseSuccess
     end

data/sig/types.rbs

@@ -37,7 +37,7 @@ module Aws::AccessAnalyzer
       attr_accessor condition: ::Hash[::String, ::String]
       attr_accessor resource: ::String
       attr_accessor is_public: bool
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
       attr_accessor created_at: ::Time
       attr_accessor change_type: ("CHANGED" | "NEW" | "UNCHANGED")
       attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
@@ -77,7 +77,7 @@ module Aws::AccessAnalyzer
 
     class AnalyzedResource
       attr_accessor resource_arn: ::String
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
       attr_accessor created_at: ::Time
       attr_accessor analyzed_at: ::Time
       attr_accessor updated_at: ::Time
@@ -93,7 +93,7 @@ module Aws::AccessAnalyzer
     class AnalyzedResourceSummary
       attr_accessor resource_arn: ::String
       attr_accessor resource_owner_account: ::String
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
       SENSITIVE: []
     end
 
@@ -201,6 +201,8 @@ module Aws::AccessAnalyzer
       attr_accessor sns_topic: Types::SnsTopicConfiguration
       attr_accessor sqs_queue: Types::SqsQueueConfiguration
       attr_accessor s3_express_directory_bucket: Types::S3ExpressDirectoryBucketConfiguration
+      attr_accessor dynamodb_stream: Types::DynamodbStreamConfiguration
+      attr_accessor dynamodb_table: Types::DynamodbTableConfiguration
       attr_accessor unknown: untyped
       SENSITIVE: []
 
@@ -228,6 +230,10 @@ module Aws::AccessAnalyzer
       end
       class S3ExpressDirectoryBucket < Configuration
       end
+      class DynamodbStream < Configuration
+      end
+      class DynamodbTable < Configuration
+      end
       class Unknown < Configuration
       end
     end
@@ -295,6 +301,16 @@ module Aws::AccessAnalyzer
       SENSITIVE: []
     end
 
+    class DynamodbStreamConfiguration
+      attr_accessor stream_policy: ::String
+      SENSITIVE: []
+    end
+
+    class DynamodbTableConfiguration
+      attr_accessor table_policy: ::String
+      SENSITIVE: []
+    end
+
     class EbsSnapshotConfiguration
       attr_accessor user_ids: ::Array[::String]
       attr_accessor groups: ::Array[::String]
@@ -327,7 +343,7 @@ module Aws::AccessAnalyzer
       attr_accessor action: ::Array[::String]
       attr_accessor resource: ::String
       attr_accessor is_public: bool
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
       attr_accessor condition: ::Hash[::String, ::String]
       attr_accessor created_at: ::Time
       attr_accessor analyzed_at: ::Time
@@ -380,7 +396,7 @@ module Aws::AccessAnalyzer
       attr_accessor action: ::Array[::String]
       attr_accessor resource: ::String
       attr_accessor is_public: bool
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
       attr_accessor condition: ::Hash[::String, ::String]
       attr_accessor created_at: ::Time
       attr_accessor analyzed_at: ::Time
@@ -398,7 +414,7 @@ module Aws::AccessAnalyzer
       attr_accessor error: ::String
       attr_accessor id: ::String
       attr_accessor resource: ::String
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
       attr_accessor resource_owner_account: ::String
       attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
       attr_accessor updated_at: ::Time
@@ -493,7 +509,7 @@ module Aws::AccessAnalyzer
       attr_accessor id: ::String
       attr_accessor next_token: ::String
       attr_accessor resource: ::String
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
       attr_accessor resource_owner_account: ::String
       attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
       attr_accessor updated_at: ::Time
@@ -606,7 +622,7 @@ module Aws::AccessAnalyzer
 
     class ListAnalyzedResourcesRequest
       attr_accessor analyzer_arn: ::String
-      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket")
+      attr_accessor resource_type: ("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream")
       attr_accessor next_token: ::String
       attr_accessor max_results: ::Integer
       SENSITIVE: []
@@ -1012,7 +1028,7 @@ module Aws::AccessAnalyzer
       attr_accessor next_token: ::String
       attr_accessor policy_document: ::String
       attr_accessor policy_type: ("IDENTITY_POLICY" | "RESOURCE_POLICY" | "SERVICE_CONTROL_POLICY")
-      attr_accessor validate_policy_resource_type: ("AWS::S3::Bucket" | "AWS::S3::AccessPoint" | "AWS::S3::MultiRegionAccessPoint" | "AWS::S3ObjectLambda::AccessPoint" | "AWS::IAM::AssumeRolePolicyDocument")
+      attr_accessor validate_policy_resource_type: ("AWS::S3::Bucket" | "AWS::S3::AccessPoint" | "AWS::S3::MultiRegionAccessPoint" | "AWS::S3ObjectLambda::AccessPoint" | "AWS::IAM::AssumeRolePolicyDocument" | "AWS::DynamoDB::Table")
       SENSITIVE: []
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-accessanalyzer
 version: !ruby/object:Gem::Version
-  version: 1.46.0
+  version: 1.47.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-03-01 00:00:00.000000000 Z
+date: 2024-03-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core