aws-sdk-accessanalyzer 1.72.0 → 1.73.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-accessanalyzer/client.rb +82 -16
- data/lib/aws-sdk-accessanalyzer/client_api.rb +61 -0
- data/lib/aws-sdk-accessanalyzer/types.rb +308 -10
- data/lib/aws-sdk-accessanalyzer.rb +1 -1
- data/sig/client.rbs +25 -3
- data/sig/types.rbs +63 -9
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4749894252c5e6696af5bd9ecc0a0f4f63cec4a02c6f1a85aeb08420796c3db4
|
|
4
|
+
data.tar.gz: 94815e70a7b5c38762e2073f86a2fd60e573a9bbf4e9cd1a833d5331d7a26d70
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 61bfef697b1a55dea9460053128d32fa6b4a14f25c5f9af1923d580ea634df505eb0115f18beb4dd76ceb0a324d8a39a4b98c3d0e9cf2e6351c0170e5242de8c
|
|
7
|
+
data.tar.gz: 2cdc4b40f07da68d0a009722f66afd8e8473ae4fdb45b762eae79195021816491468a9e134929ec8992de7a3fd4196d06428a18c45787e2248b495e3c510b241
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,11 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
1.73.0 (2025-06-17)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Feature - We are launching a new analyzer type, internal access analyzer. The new analyzer will generate internal access findings, which help customers understand who within their AWS organization or AWS Account has access to their critical AWS resources.
|
|
8
|
+
|
|
4
9
|
1.72.0 (2025-06-02)
|
|
5
10
|
------------------
|
|
6
11
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.73.0
|
|
@@ -973,10 +973,9 @@ module Aws::AccessAnalyzer
|
|
|
973
973
|
# The name of the analyzer to create.
|
|
974
974
|
#
|
|
975
975
|
# @option params [required, String] :type
|
|
976
|
-
# The type of analyzer to create.
|
|
977
|
-
#
|
|
978
|
-
#
|
|
979
|
-
# Region. You can create up to 5 analyzers per organization per Region.
|
|
976
|
+
# The type of analyzer to create. You can create only one analyzer per
|
|
977
|
+
# account per Region. You can create up to 5 analyzers per organization
|
|
978
|
+
# per Region.
|
|
980
979
|
#
|
|
981
980
|
# @option params [Array<Types::InlineArchiveRule>] :archive_rules
|
|
982
981
|
# Specifies the archive rules to add for the analyzer. Archive rules
|
|
@@ -1003,7 +1002,9 @@ module Aws::AccessAnalyzer
|
|
|
1003
1002
|
# @option params [Types::AnalyzerConfiguration] :configuration
|
|
1004
1003
|
# Specifies the configuration of the analyzer. If the analyzer is an
|
|
1005
1004
|
# unused access analyzer, the specified scope of unused access is used
|
|
1006
|
-
# for the configuration.
|
|
1005
|
+
# for the configuration. If the analyzer is an internal access analyzer,
|
|
1006
|
+
# the specified internal access analysis rules are used for the
|
|
1007
|
+
# configuration.
|
|
1007
1008
|
#
|
|
1008
1009
|
# @return [Types::CreateAnalyzerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1009
1010
|
#
|
|
@@ -1013,7 +1014,7 @@ module Aws::AccessAnalyzer
|
|
|
1013
1014
|
#
|
|
1014
1015
|
# resp = client.create_analyzer({
|
|
1015
1016
|
# analyzer_name: "Name", # required
|
|
1016
|
-
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, ORGANIZATION_UNUSED_ACCESS
|
|
1017
|
+
# type: "ACCOUNT", # required, accepts ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, ORGANIZATION_UNUSED_ACCESS, ACCOUNT_INTERNAL_ACCESS, ORGANIZATION_INTERNAL_ACCESS
|
|
1017
1018
|
# archive_rules: [
|
|
1018
1019
|
# {
|
|
1019
1020
|
# rule_name: "Name", # required
|
|
@@ -1047,6 +1048,17 @@ module Aws::AccessAnalyzer
|
|
|
1047
1048
|
# ],
|
|
1048
1049
|
# },
|
|
1049
1050
|
# },
|
|
1051
|
+
# internal_access: {
|
|
1052
|
+
# analysis_rule: {
|
|
1053
|
+
# inclusions: [
|
|
1054
|
+
# {
|
|
1055
|
+
# account_ids: ["String"],
|
|
1056
|
+
# resource_types: ["AWS::S3::Bucket"], # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic, AWS::S3Express::DirectoryBucket, AWS::DynamoDB::Table, AWS::DynamoDB::Stream, AWS::IAM::User
|
|
1057
|
+
# resource_arns: ["String"],
|
|
1058
|
+
# },
|
|
1059
|
+
# ],
|
|
1060
|
+
# },
|
|
1061
|
+
# },
|
|
1050
1062
|
# },
|
|
1051
1063
|
# })
|
|
1052
1064
|
#
|
|
@@ -1391,7 +1403,7 @@ module Aws::AccessAnalyzer
|
|
|
1391
1403
|
#
|
|
1392
1404
|
# resp.analyzer.arn #=> String
|
|
1393
1405
|
# resp.analyzer.name #=> String
|
|
1394
|
-
# resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION", "ACCOUNT_UNUSED_ACCESS", "ORGANIZATION_UNUSED_ACCESS"
|
|
1406
|
+
# resp.analyzer.type #=> String, one of "ACCOUNT", "ORGANIZATION", "ACCOUNT_UNUSED_ACCESS", "ORGANIZATION_UNUSED_ACCESS", "ACCOUNT_INTERNAL_ACCESS", "ORGANIZATION_INTERNAL_ACCESS"
|
|
1395
1407
|
# resp.analyzer.created_at #=> Time
|
|
1396
1408
|
# resp.analyzer.last_resource_analyzed #=> String
|
|
1397
1409
|
# resp.analyzer.last_resource_analyzed_at #=> Time
|
|
@@ -1406,6 +1418,13 @@ module Aws::AccessAnalyzer
|
|
|
1406
1418
|
# resp.analyzer.configuration.unused_access.analysis_rule.exclusions[0].resource_tags #=> Array
|
|
1407
1419
|
# resp.analyzer.configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0] #=> Hash
|
|
1408
1420
|
# resp.analyzer.configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0]["String"] #=> String
|
|
1421
|
+
# resp.analyzer.configuration.internal_access.analysis_rule.inclusions #=> Array
|
|
1422
|
+
# resp.analyzer.configuration.internal_access.analysis_rule.inclusions[0].account_ids #=> Array
|
|
1423
|
+
# resp.analyzer.configuration.internal_access.analysis_rule.inclusions[0].account_ids[0] #=> String
|
|
1424
|
+
# resp.analyzer.configuration.internal_access.analysis_rule.inclusions[0].resource_types #=> Array
|
|
1425
|
+
# resp.analyzer.configuration.internal_access.analysis_rule.inclusions[0].resource_types[0] #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream", "AWS::IAM::User"
|
|
1426
|
+
# resp.analyzer.configuration.internal_access.analysis_rule.inclusions[0].resource_arns #=> Array
|
|
1427
|
+
# resp.analyzer.configuration.internal_access.analysis_rule.inclusions[0].resource_arns[0] #=> String
|
|
1409
1428
|
#
|
|
1410
1429
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzer AWS API Documentation
|
|
1411
1430
|
#
|
|
@@ -1513,7 +1532,7 @@ module Aws::AccessAnalyzer
|
|
|
1513
1532
|
# resp.finding.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT", "S3_ACCESS_POINT_ACCOUNT"
|
|
1514
1533
|
# resp.finding.sources[0].detail.access_point_arn #=> String
|
|
1515
1534
|
# resp.finding.sources[0].detail.access_point_account #=> String
|
|
1516
|
-
# resp.finding.resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE"
|
|
1535
|
+
# resp.finding.resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE", "APPLIED"
|
|
1517
1536
|
#
|
|
1518
1537
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFinding AWS API Documentation
|
|
1519
1538
|
#
|
|
@@ -1729,6 +1748,21 @@ module Aws::AccessAnalyzer
|
|
|
1729
1748
|
# resp.status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
|
1730
1749
|
# resp.updated_at #=> Time
|
|
1731
1750
|
# resp.finding_details #=> Array
|
|
1751
|
+
# resp.finding_details[0].internal_access_details.action #=> Array
|
|
1752
|
+
# resp.finding_details[0].internal_access_details.action[0] #=> String
|
|
1753
|
+
# resp.finding_details[0].internal_access_details.condition #=> Hash
|
|
1754
|
+
# resp.finding_details[0].internal_access_details.condition["String"] #=> String
|
|
1755
|
+
# resp.finding_details[0].internal_access_details.principal #=> Hash
|
|
1756
|
+
# resp.finding_details[0].internal_access_details.principal["String"] #=> String
|
|
1757
|
+
# resp.finding_details[0].internal_access_details.principal_owner_account #=> String
|
|
1758
|
+
# resp.finding_details[0].internal_access_details.access_type #=> String, one of "INTRA_ACCOUNT", "INTRA_ORG"
|
|
1759
|
+
# resp.finding_details[0].internal_access_details.principal_type #=> String, one of "IAM_ROLE", "IAM_USER"
|
|
1760
|
+
# resp.finding_details[0].internal_access_details.sources #=> Array
|
|
1761
|
+
# resp.finding_details[0].internal_access_details.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT", "S3_ACCESS_POINT_ACCOUNT"
|
|
1762
|
+
# resp.finding_details[0].internal_access_details.sources[0].detail.access_point_arn #=> String
|
|
1763
|
+
# resp.finding_details[0].internal_access_details.sources[0].detail.access_point_account #=> String
|
|
1764
|
+
# resp.finding_details[0].internal_access_details.resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE", "APPLIED"
|
|
1765
|
+
# resp.finding_details[0].internal_access_details.service_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_SCP", "NOT_APPLICABLE", "APPLIED"
|
|
1732
1766
|
# resp.finding_details[0].external_access_details.action #=> Array
|
|
1733
1767
|
# resp.finding_details[0].external_access_details.action[0] #=> String
|
|
1734
1768
|
# resp.finding_details[0].external_access_details.condition #=> Hash
|
|
@@ -1740,7 +1774,7 @@ module Aws::AccessAnalyzer
|
|
|
1740
1774
|
# resp.finding_details[0].external_access_details.sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT", "S3_ACCESS_POINT_ACCOUNT"
|
|
1741
1775
|
# resp.finding_details[0].external_access_details.sources[0].detail.access_point_arn #=> String
|
|
1742
1776
|
# resp.finding_details[0].external_access_details.sources[0].detail.access_point_account #=> String
|
|
1743
|
-
# resp.finding_details[0].external_access_details.resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE"
|
|
1777
|
+
# resp.finding_details[0].external_access_details.resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE", "APPLIED"
|
|
1744
1778
|
# resp.finding_details[0].unused_permission_details.actions #=> Array
|
|
1745
1779
|
# resp.finding_details[0].unused_permission_details.actions[0].action #=> String
|
|
1746
1780
|
# resp.finding_details[0].unused_permission_details.actions[0].last_accessed #=> Time
|
|
@@ -1750,7 +1784,7 @@ module Aws::AccessAnalyzer
|
|
|
1750
1784
|
# resp.finding_details[0].unused_iam_user_access_key_details.last_accessed #=> Time
|
|
1751
1785
|
# resp.finding_details[0].unused_iam_role_details.last_accessed #=> Time
|
|
1752
1786
|
# resp.finding_details[0].unused_iam_user_password_details.last_accessed #=> Time
|
|
1753
|
-
# resp.finding_type #=> String, one of "ExternalAccess", "UnusedIAMRole", "UnusedIAMUserAccessKey", "UnusedIAMUserPassword", "UnusedPermission"
|
|
1787
|
+
# resp.finding_type #=> String, one of "ExternalAccess", "UnusedIAMRole", "UnusedIAMUserAccessKey", "UnusedIAMUserPassword", "UnusedPermission", "InternalAccess"
|
|
1754
1788
|
#
|
|
1755
1789
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFindingV2 AWS API Documentation
|
|
1756
1790
|
#
|
|
@@ -1791,6 +1825,13 @@ module Aws::AccessAnalyzer
|
|
|
1791
1825
|
# resp.findings_statistics[0].external_access_findings_statistics.total_active_findings #=> Integer
|
|
1792
1826
|
# resp.findings_statistics[0].external_access_findings_statistics.total_archived_findings #=> Integer
|
|
1793
1827
|
# resp.findings_statistics[0].external_access_findings_statistics.total_resolved_findings #=> Integer
|
|
1828
|
+
# resp.findings_statistics[0].internal_access_findings_statistics.resource_type_statistics #=> Hash
|
|
1829
|
+
# resp.findings_statistics[0].internal_access_findings_statistics.resource_type_statistics["ResourceType"].total_active_findings #=> Integer
|
|
1830
|
+
# resp.findings_statistics[0].internal_access_findings_statistics.resource_type_statistics["ResourceType"].total_resolved_findings #=> Integer
|
|
1831
|
+
# resp.findings_statistics[0].internal_access_findings_statistics.resource_type_statistics["ResourceType"].total_archived_findings #=> Integer
|
|
1832
|
+
# resp.findings_statistics[0].internal_access_findings_statistics.total_active_findings #=> Integer
|
|
1833
|
+
# resp.findings_statistics[0].internal_access_findings_statistics.total_archived_findings #=> Integer
|
|
1834
|
+
# resp.findings_statistics[0].internal_access_findings_statistics.total_resolved_findings #=> Integer
|
|
1794
1835
|
# resp.findings_statistics[0].unused_access_findings_statistics.unused_access_type_statistics #=> Array
|
|
1795
1836
|
# resp.findings_statistics[0].unused_access_findings_statistics.unused_access_type_statistics[0].unused_access_type #=> String
|
|
1796
1837
|
# resp.findings_statistics[0].unused_access_findings_statistics.unused_access_type_statistics[0].total #=> Integer
|
|
@@ -1950,7 +1991,7 @@ module Aws::AccessAnalyzer
|
|
|
1950
1991
|
# resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT", "S3_ACCESS_POINT_ACCOUNT"
|
|
1951
1992
|
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
|
1952
1993
|
# resp.findings[0].sources[0].detail.access_point_account #=> String
|
|
1953
|
-
# resp.findings[0].resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE"
|
|
1994
|
+
# resp.findings[0].resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE", "APPLIED"
|
|
1954
1995
|
# resp.next_token #=> String
|
|
1955
1996
|
#
|
|
1956
1997
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindings AWS API Documentation
|
|
@@ -2087,7 +2128,7 @@ module Aws::AccessAnalyzer
|
|
|
2087
2128
|
# resp = client.list_analyzers({
|
|
2088
2129
|
# next_token: "Token",
|
|
2089
2130
|
# max_results: 1,
|
|
2090
|
-
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, ORGANIZATION_UNUSED_ACCESS
|
|
2131
|
+
# type: "ACCOUNT", # accepts ACCOUNT, ORGANIZATION, ACCOUNT_UNUSED_ACCESS, ORGANIZATION_UNUSED_ACCESS, ACCOUNT_INTERNAL_ACCESS, ORGANIZATION_INTERNAL_ACCESS
|
|
2091
2132
|
# })
|
|
2092
2133
|
#
|
|
2093
2134
|
# @example Response structure
|
|
@@ -2095,7 +2136,7 @@ module Aws::AccessAnalyzer
|
|
|
2095
2136
|
# resp.analyzers #=> Array
|
|
2096
2137
|
# resp.analyzers[0].arn #=> String
|
|
2097
2138
|
# resp.analyzers[0].name #=> String
|
|
2098
|
-
# resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ACCOUNT_UNUSED_ACCESS", "ORGANIZATION_UNUSED_ACCESS"
|
|
2139
|
+
# resp.analyzers[0].type #=> String, one of "ACCOUNT", "ORGANIZATION", "ACCOUNT_UNUSED_ACCESS", "ORGANIZATION_UNUSED_ACCESS", "ACCOUNT_INTERNAL_ACCESS", "ORGANIZATION_INTERNAL_ACCESS"
|
|
2099
2140
|
# resp.analyzers[0].created_at #=> Time
|
|
2100
2141
|
# resp.analyzers[0].last_resource_analyzed #=> String
|
|
2101
2142
|
# resp.analyzers[0].last_resource_analyzed_at #=> Time
|
|
@@ -2110,6 +2151,13 @@ module Aws::AccessAnalyzer
|
|
|
2110
2151
|
# resp.analyzers[0].configuration.unused_access.analysis_rule.exclusions[0].resource_tags #=> Array
|
|
2111
2152
|
# resp.analyzers[0].configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0] #=> Hash
|
|
2112
2153
|
# resp.analyzers[0].configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0]["String"] #=> String
|
|
2154
|
+
# resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions #=> Array
|
|
2155
|
+
# resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions[0].account_ids #=> Array
|
|
2156
|
+
# resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions[0].account_ids[0] #=> String
|
|
2157
|
+
# resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions[0].resource_types #=> Array
|
|
2158
|
+
# resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions[0].resource_types[0] #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream", "AWS::IAM::User"
|
|
2159
|
+
# resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions[0].resource_arns #=> Array
|
|
2160
|
+
# resp.analyzers[0].configuration.internal_access.analysis_rule.inclusions[0].resource_arns[0] #=> String
|
|
2113
2161
|
# resp.next_token #=> String
|
|
2114
2162
|
#
|
|
2115
2163
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers AWS API Documentation
|
|
@@ -2255,7 +2303,7 @@ module Aws::AccessAnalyzer
|
|
|
2255
2303
|
# resp.findings[0].sources[0].type #=> String, one of "POLICY", "BUCKET_ACL", "S3_ACCESS_POINT", "S3_ACCESS_POINT_ACCOUNT"
|
|
2256
2304
|
# resp.findings[0].sources[0].detail.access_point_arn #=> String
|
|
2257
2305
|
# resp.findings[0].sources[0].detail.access_point_account #=> String
|
|
2258
|
-
# resp.findings[0].resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE"
|
|
2306
|
+
# resp.findings[0].resource_control_policy_restriction #=> String, one of "APPLICABLE", "FAILED_TO_EVALUATE_RCP", "NOT_APPLICABLE", "APPLIED"
|
|
2259
2307
|
# resp.next_token #=> String
|
|
2260
2308
|
#
|
|
2261
2309
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindings AWS API Documentation
|
|
@@ -2339,7 +2387,7 @@ module Aws::AccessAnalyzer
|
|
|
2339
2387
|
# resp.findings[0].resource_owner_account #=> String
|
|
2340
2388
|
# resp.findings[0].status #=> String, one of "ACTIVE", "ARCHIVED", "RESOLVED"
|
|
2341
2389
|
# resp.findings[0].updated_at #=> Time
|
|
2342
|
-
# resp.findings[0].finding_type #=> String, one of "ExternalAccess", "UnusedIAMRole", "UnusedIAMUserAccessKey", "UnusedIAMUserPassword", "UnusedPermission"
|
|
2390
|
+
# resp.findings[0].finding_type #=> String, one of "ExternalAccess", "UnusedIAMRole", "UnusedIAMUserAccessKey", "UnusedIAMUserPassword", "UnusedPermission", "InternalAccess"
|
|
2343
2391
|
# resp.next_token #=> String
|
|
2344
2392
|
#
|
|
2345
2393
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindingsV2 AWS API Documentation
|
|
@@ -2614,6 +2662,17 @@ module Aws::AccessAnalyzer
|
|
|
2614
2662
|
# ],
|
|
2615
2663
|
# },
|
|
2616
2664
|
# },
|
|
2665
|
+
# internal_access: {
|
|
2666
|
+
# analysis_rule: {
|
|
2667
|
+
# inclusions: [
|
|
2668
|
+
# {
|
|
2669
|
+
# account_ids: ["String"],
|
|
2670
|
+
# resource_types: ["AWS::S3::Bucket"], # accepts AWS::S3::Bucket, AWS::IAM::Role, AWS::SQS::Queue, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::KMS::Key, AWS::SecretsManager::Secret, AWS::EFS::FileSystem, AWS::EC2::Snapshot, AWS::ECR::Repository, AWS::RDS::DBSnapshot, AWS::RDS::DBClusterSnapshot, AWS::SNS::Topic, AWS::S3Express::DirectoryBucket, AWS::DynamoDB::Table, AWS::DynamoDB::Stream, AWS::IAM::User
|
|
2671
|
+
# resource_arns: ["String"],
|
|
2672
|
+
# },
|
|
2673
|
+
# ],
|
|
2674
|
+
# },
|
|
2675
|
+
# },
|
|
2617
2676
|
# },
|
|
2618
2677
|
# })
|
|
2619
2678
|
#
|
|
@@ -2626,6 +2685,13 @@ module Aws::AccessAnalyzer
|
|
|
2626
2685
|
# resp.configuration.unused_access.analysis_rule.exclusions[0].resource_tags #=> Array
|
|
2627
2686
|
# resp.configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0] #=> Hash
|
|
2628
2687
|
# resp.configuration.unused_access.analysis_rule.exclusions[0].resource_tags[0]["String"] #=> String
|
|
2688
|
+
# resp.configuration.internal_access.analysis_rule.inclusions #=> Array
|
|
2689
|
+
# resp.configuration.internal_access.analysis_rule.inclusions[0].account_ids #=> Array
|
|
2690
|
+
# resp.configuration.internal_access.analysis_rule.inclusions[0].account_ids[0] #=> String
|
|
2691
|
+
# resp.configuration.internal_access.analysis_rule.inclusions[0].resource_types #=> Array
|
|
2692
|
+
# resp.configuration.internal_access.analysis_rule.inclusions[0].resource_types[0] #=> String, one of "AWS::S3::Bucket", "AWS::IAM::Role", "AWS::SQS::Queue", "AWS::Lambda::Function", "AWS::Lambda::LayerVersion", "AWS::KMS::Key", "AWS::SecretsManager::Secret", "AWS::EFS::FileSystem", "AWS::EC2::Snapshot", "AWS::ECR::Repository", "AWS::RDS::DBSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::SNS::Topic", "AWS::S3Express::DirectoryBucket", "AWS::DynamoDB::Table", "AWS::DynamoDB::Stream", "AWS::IAM::User"
|
|
2693
|
+
# resp.configuration.internal_access.analysis_rule.inclusions[0].resource_arns #=> Array
|
|
2694
|
+
# resp.configuration.internal_access.analysis_rule.inclusions[0].resource_arns[0] #=> String
|
|
2629
2695
|
#
|
|
2630
2696
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateAnalyzer AWS API Documentation
|
|
2631
2697
|
#
|
|
@@ -2840,7 +2906,7 @@ module Aws::AccessAnalyzer
|
|
|
2840
2906
|
tracer: tracer
|
|
2841
2907
|
)
|
|
2842
2908
|
context[:gem_name] = 'aws-sdk-accessanalyzer'
|
|
2843
|
-
context[:gem_version] = '1.
|
|
2909
|
+
context[:gem_version] = '1.73.0'
|
|
2844
2910
|
Seahorse::Client::Request.new(handlers, context)
|
|
2845
2911
|
end
|
|
2846
2912
|
|
|
@@ -154,6 +154,15 @@ module Aws::AccessAnalyzer
|
|
|
154
154
|
InlineArchiveRule = Shapes::StructureShape.new(name: 'InlineArchiveRule')
|
|
155
155
|
InlineArchiveRulesList = Shapes::ListShape.new(name: 'InlineArchiveRulesList')
|
|
156
156
|
Integer = Shapes::IntegerShape.new(name: 'Integer')
|
|
157
|
+
InternalAccessAnalysisRule = Shapes::StructureShape.new(name: 'InternalAccessAnalysisRule')
|
|
158
|
+
InternalAccessAnalysisRuleCriteria = Shapes::StructureShape.new(name: 'InternalAccessAnalysisRuleCriteria')
|
|
159
|
+
InternalAccessAnalysisRuleCriteriaList = Shapes::ListShape.new(name: 'InternalAccessAnalysisRuleCriteriaList')
|
|
160
|
+
InternalAccessConfiguration = Shapes::StructureShape.new(name: 'InternalAccessConfiguration')
|
|
161
|
+
InternalAccessDetails = Shapes::StructureShape.new(name: 'InternalAccessDetails')
|
|
162
|
+
InternalAccessFindingsStatistics = Shapes::StructureShape.new(name: 'InternalAccessFindingsStatistics')
|
|
163
|
+
InternalAccessResourceTypeDetails = Shapes::StructureShape.new(name: 'InternalAccessResourceTypeDetails')
|
|
164
|
+
InternalAccessResourceTypeStatisticsMap = Shapes::MapShape.new(name: 'InternalAccessResourceTypeStatisticsMap')
|
|
165
|
+
InternalAccessType = Shapes::StringShape.new(name: 'InternalAccessType')
|
|
157
166
|
InternalServerException = Shapes::StructureShape.new(name: 'InternalServerException')
|
|
158
167
|
InternetConfiguration = Shapes::StructureShape.new(name: 'InternetConfiguration')
|
|
159
168
|
InvalidParameterException = Shapes::StructureShape.new(name: 'InvalidParameterException')
|
|
@@ -212,6 +221,7 @@ module Aws::AccessAnalyzer
|
|
|
212
221
|
Position = Shapes::StructureShape.new(name: 'Position')
|
|
213
222
|
PrincipalArn = Shapes::StringShape.new(name: 'PrincipalArn')
|
|
214
223
|
PrincipalMap = Shapes::MapShape.new(name: 'PrincipalMap')
|
|
224
|
+
PrincipalType = Shapes::StringShape.new(name: 'PrincipalType')
|
|
215
225
|
RdsDbClusterSnapshotAccountId = Shapes::StringShape.new(name: 'RdsDbClusterSnapshotAccountId')
|
|
216
226
|
RdsDbClusterSnapshotAccountIdsList = Shapes::ListShape.new(name: 'RdsDbClusterSnapshotAccountIdsList')
|
|
217
227
|
RdsDbClusterSnapshotAttributeName = Shapes::StringShape.new(name: 'RdsDbClusterSnapshotAttributeName')
|
|
@@ -237,10 +247,12 @@ module Aws::AccessAnalyzer
|
|
|
237
247
|
RegionList = Shapes::ListShape.new(name: 'RegionList')
|
|
238
248
|
Resource = Shapes::StringShape.new(name: 'Resource')
|
|
239
249
|
ResourceArn = Shapes::StringShape.new(name: 'ResourceArn')
|
|
250
|
+
ResourceArnsList = Shapes::ListShape.new(name: 'ResourceArnsList')
|
|
240
251
|
ResourceControlPolicyRestriction = Shapes::StringShape.new(name: 'ResourceControlPolicyRestriction')
|
|
241
252
|
ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
|
|
242
253
|
ResourceType = Shapes::StringShape.new(name: 'ResourceType')
|
|
243
254
|
ResourceTypeDetails = Shapes::StructureShape.new(name: 'ResourceTypeDetails')
|
|
255
|
+
ResourceTypeList = Shapes::ListShape.new(name: 'ResourceTypeList')
|
|
244
256
|
ResourceTypeStatisticsMap = Shapes::MapShape.new(name: 'ResourceTypeStatisticsMap')
|
|
245
257
|
RetiringPrincipal = Shapes::StringShape.new(name: 'RetiringPrincipal')
|
|
246
258
|
RoleArn = Shapes::StringShape.new(name: 'RoleArn')
|
|
@@ -259,6 +271,7 @@ module Aws::AccessAnalyzer
|
|
|
259
271
|
SecretsManagerSecretConfiguration = Shapes::StructureShape.new(name: 'SecretsManagerSecretConfiguration')
|
|
260
272
|
SecretsManagerSecretKmsId = Shapes::StringShape.new(name: 'SecretsManagerSecretKmsId')
|
|
261
273
|
SecretsManagerSecretPolicy = Shapes::StringShape.new(name: 'SecretsManagerSecretPolicy')
|
|
274
|
+
ServiceControlPolicyRestriction = Shapes::StringShape.new(name: 'ServiceControlPolicyRestriction')
|
|
262
275
|
ServiceQuotaExceededException = Shapes::StructureShape.new(name: 'ServiceQuotaExceededException')
|
|
263
276
|
SharedViaList = Shapes::ListShape.new(name: 'SharedViaList')
|
|
264
277
|
SnsTopicConfiguration = Shapes::StructureShape.new(name: 'SnsTopicConfiguration')
|
|
@@ -414,8 +427,10 @@ module Aws::AccessAnalyzer
|
|
|
414
427
|
AnalyzedResourcesList.member = Shapes::ShapeRef.new(shape: AnalyzedResourceSummary)
|
|
415
428
|
|
|
416
429
|
AnalyzerConfiguration.add_member(:unused_access, Shapes::ShapeRef.new(shape: UnusedAccessConfiguration, location_name: "unusedAccess"))
|
|
430
|
+
AnalyzerConfiguration.add_member(:internal_access, Shapes::ShapeRef.new(shape: InternalAccessConfiguration, location_name: "internalAccess"))
|
|
417
431
|
AnalyzerConfiguration.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
|
|
418
432
|
AnalyzerConfiguration.add_member_subclass(:unused_access, Types::AnalyzerConfiguration::UnusedAccess)
|
|
433
|
+
AnalyzerConfiguration.add_member_subclass(:internal_access, Types::AnalyzerConfiguration::InternalAccess)
|
|
419
434
|
AnalyzerConfiguration.add_member_subclass(:unknown, Types::AnalyzerConfiguration::Unknown)
|
|
420
435
|
AnalyzerConfiguration.struct_class = Types::AnalyzerConfiguration
|
|
421
436
|
|
|
@@ -639,12 +654,14 @@ module Aws::AccessAnalyzer
|
|
|
639
654
|
FindingAggregationAccountDetailsMap.key = Shapes::ShapeRef.new(shape: String)
|
|
640
655
|
FindingAggregationAccountDetailsMap.value = Shapes::ShapeRef.new(shape: Integer)
|
|
641
656
|
|
|
657
|
+
FindingDetails.add_member(:internal_access_details, Shapes::ShapeRef.new(shape: InternalAccessDetails, location_name: "internalAccessDetails"))
|
|
642
658
|
FindingDetails.add_member(:external_access_details, Shapes::ShapeRef.new(shape: ExternalAccessDetails, location_name: "externalAccessDetails"))
|
|
643
659
|
FindingDetails.add_member(:unused_permission_details, Shapes::ShapeRef.new(shape: UnusedPermissionDetails, location_name: "unusedPermissionDetails"))
|
|
644
660
|
FindingDetails.add_member(:unused_iam_user_access_key_details, Shapes::ShapeRef.new(shape: UnusedIamUserAccessKeyDetails, location_name: "unusedIamUserAccessKeyDetails"))
|
|
645
661
|
FindingDetails.add_member(:unused_iam_role_details, Shapes::ShapeRef.new(shape: UnusedIamRoleDetails, location_name: "unusedIamRoleDetails"))
|
|
646
662
|
FindingDetails.add_member(:unused_iam_user_password_details, Shapes::ShapeRef.new(shape: UnusedIamUserPasswordDetails, location_name: "unusedIamUserPasswordDetails"))
|
|
647
663
|
FindingDetails.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
|
|
664
|
+
FindingDetails.add_member_subclass(:internal_access_details, Types::FindingDetails::InternalAccessDetails)
|
|
648
665
|
FindingDetails.add_member_subclass(:external_access_details, Types::FindingDetails::ExternalAccessDetails)
|
|
649
666
|
FindingDetails.add_member_subclass(:unused_permission_details, Types::FindingDetails::UnusedPermissionDetails)
|
|
650
667
|
FindingDetails.add_member_subclass(:unused_iam_user_access_key_details, Types::FindingDetails::UnusedIamUserAccessKeyDetails)
|
|
@@ -701,9 +718,11 @@ module Aws::AccessAnalyzer
|
|
|
701
718
|
FindingsListV2.member = Shapes::ShapeRef.new(shape: FindingSummaryV2)
|
|
702
719
|
|
|
703
720
|
FindingsStatistics.add_member(:external_access_findings_statistics, Shapes::ShapeRef.new(shape: ExternalAccessFindingsStatistics, location_name: "externalAccessFindingsStatistics"))
|
|
721
|
+
FindingsStatistics.add_member(:internal_access_findings_statistics, Shapes::ShapeRef.new(shape: InternalAccessFindingsStatistics, location_name: "internalAccessFindingsStatistics"))
|
|
704
722
|
FindingsStatistics.add_member(:unused_access_findings_statistics, Shapes::ShapeRef.new(shape: UnusedAccessFindingsStatistics, location_name: "unusedAccessFindingsStatistics"))
|
|
705
723
|
FindingsStatistics.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
|
|
706
724
|
FindingsStatistics.add_member_subclass(:external_access_findings_statistics, Types::FindingsStatistics::ExternalAccessFindingsStatistics)
|
|
725
|
+
FindingsStatistics.add_member_subclass(:internal_access_findings_statistics, Types::FindingsStatistics::InternalAccessFindingsStatistics)
|
|
707
726
|
FindingsStatistics.add_member_subclass(:unused_access_findings_statistics, Types::FindingsStatistics::UnusedAccessFindingsStatistics)
|
|
708
727
|
FindingsStatistics.add_member_subclass(:unknown, Types::FindingsStatistics::Unknown)
|
|
709
728
|
FindingsStatistics.struct_class = Types::FindingsStatistics
|
|
@@ -823,6 +842,44 @@ module Aws::AccessAnalyzer
|
|
|
823
842
|
|
|
824
843
|
InlineArchiveRulesList.member = Shapes::ShapeRef.new(shape: InlineArchiveRule)
|
|
825
844
|
|
|
845
|
+
InternalAccessAnalysisRule.add_member(:inclusions, Shapes::ShapeRef.new(shape: InternalAccessAnalysisRuleCriteriaList, location_name: "inclusions"))
|
|
846
|
+
InternalAccessAnalysisRule.struct_class = Types::InternalAccessAnalysisRule
|
|
847
|
+
|
|
848
|
+
InternalAccessAnalysisRuleCriteria.add_member(:account_ids, Shapes::ShapeRef.new(shape: AccountIdsList, location_name: "accountIds"))
|
|
849
|
+
InternalAccessAnalysisRuleCriteria.add_member(:resource_types, Shapes::ShapeRef.new(shape: ResourceTypeList, location_name: "resourceTypes"))
|
|
850
|
+
InternalAccessAnalysisRuleCriteria.add_member(:resource_arns, Shapes::ShapeRef.new(shape: ResourceArnsList, location_name: "resourceArns"))
|
|
851
|
+
InternalAccessAnalysisRuleCriteria.struct_class = Types::InternalAccessAnalysisRuleCriteria
|
|
852
|
+
|
|
853
|
+
InternalAccessAnalysisRuleCriteriaList.member = Shapes::ShapeRef.new(shape: InternalAccessAnalysisRuleCriteria)
|
|
854
|
+
|
|
855
|
+
InternalAccessConfiguration.add_member(:analysis_rule, Shapes::ShapeRef.new(shape: InternalAccessAnalysisRule, location_name: "analysisRule"))
|
|
856
|
+
InternalAccessConfiguration.struct_class = Types::InternalAccessConfiguration
|
|
857
|
+
|
|
858
|
+
InternalAccessDetails.add_member(:action, Shapes::ShapeRef.new(shape: ActionList, location_name: "action"))
|
|
859
|
+
InternalAccessDetails.add_member(:condition, Shapes::ShapeRef.new(shape: ConditionKeyMap, location_name: "condition"))
|
|
860
|
+
InternalAccessDetails.add_member(:principal, Shapes::ShapeRef.new(shape: PrincipalMap, location_name: "principal"))
|
|
861
|
+
InternalAccessDetails.add_member(:principal_owner_account, Shapes::ShapeRef.new(shape: String, location_name: "principalOwnerAccount"))
|
|
862
|
+
InternalAccessDetails.add_member(:access_type, Shapes::ShapeRef.new(shape: InternalAccessType, location_name: "accessType"))
|
|
863
|
+
InternalAccessDetails.add_member(:principal_type, Shapes::ShapeRef.new(shape: PrincipalType, location_name: "principalType"))
|
|
864
|
+
InternalAccessDetails.add_member(:sources, Shapes::ShapeRef.new(shape: FindingSourceList, location_name: "sources"))
|
|
865
|
+
InternalAccessDetails.add_member(:resource_control_policy_restriction, Shapes::ShapeRef.new(shape: ResourceControlPolicyRestriction, location_name: "resourceControlPolicyRestriction"))
|
|
866
|
+
InternalAccessDetails.add_member(:service_control_policy_restriction, Shapes::ShapeRef.new(shape: ServiceControlPolicyRestriction, location_name: "serviceControlPolicyRestriction"))
|
|
867
|
+
InternalAccessDetails.struct_class = Types::InternalAccessDetails
|
|
868
|
+
|
|
869
|
+
InternalAccessFindingsStatistics.add_member(:resource_type_statistics, Shapes::ShapeRef.new(shape: InternalAccessResourceTypeStatisticsMap, location_name: "resourceTypeStatistics"))
|
|
870
|
+
InternalAccessFindingsStatistics.add_member(:total_active_findings, Shapes::ShapeRef.new(shape: Integer, location_name: "totalActiveFindings"))
|
|
871
|
+
InternalAccessFindingsStatistics.add_member(:total_archived_findings, Shapes::ShapeRef.new(shape: Integer, location_name: "totalArchivedFindings"))
|
|
872
|
+
InternalAccessFindingsStatistics.add_member(:total_resolved_findings, Shapes::ShapeRef.new(shape: Integer, location_name: "totalResolvedFindings"))
|
|
873
|
+
InternalAccessFindingsStatistics.struct_class = Types::InternalAccessFindingsStatistics
|
|
874
|
+
|
|
875
|
+
InternalAccessResourceTypeDetails.add_member(:total_active_findings, Shapes::ShapeRef.new(shape: Integer, location_name: "totalActiveFindings"))
|
|
876
|
+
InternalAccessResourceTypeDetails.add_member(:total_resolved_findings, Shapes::ShapeRef.new(shape: Integer, location_name: "totalResolvedFindings"))
|
|
877
|
+
InternalAccessResourceTypeDetails.add_member(:total_archived_findings, Shapes::ShapeRef.new(shape: Integer, location_name: "totalArchivedFindings"))
|
|
878
|
+
InternalAccessResourceTypeDetails.struct_class = Types::InternalAccessResourceTypeDetails
|
|
879
|
+
|
|
880
|
+
InternalAccessResourceTypeStatisticsMap.key = Shapes::ShapeRef.new(shape: ResourceType)
|
|
881
|
+
InternalAccessResourceTypeStatisticsMap.value = Shapes::ShapeRef.new(shape: InternalAccessResourceTypeDetails)
|
|
882
|
+
|
|
826
883
|
InternalServerException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
|
|
827
884
|
InternalServerException.add_member(:retry_after_seconds, Shapes::ShapeRef.new(shape: Integer, location: "header", location_name: "Retry-After"))
|
|
828
885
|
InternalServerException.struct_class = Types::InternalServerException
|
|
@@ -1052,6 +1109,8 @@ module Aws::AccessAnalyzer
|
|
|
1052
1109
|
|
|
1053
1110
|
RegionList.member = Shapes::ShapeRef.new(shape: String)
|
|
1054
1111
|
|
|
1112
|
+
ResourceArnsList.member = Shapes::ShapeRef.new(shape: String)
|
|
1113
|
+
|
|
1055
1114
|
ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
|
|
1056
1115
|
ResourceNotFoundException.add_member(:resource_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "resourceId"))
|
|
1057
1116
|
ResourceNotFoundException.add_member(:resource_type, Shapes::ShapeRef.new(shape: String, required: true, location_name: "resourceType"))
|
|
@@ -1061,6 +1120,8 @@ module Aws::AccessAnalyzer
|
|
|
1061
1120
|
ResourceTypeDetails.add_member(:total_active_cross_account, Shapes::ShapeRef.new(shape: Integer, location_name: "totalActiveCrossAccount"))
|
|
1062
1121
|
ResourceTypeDetails.struct_class = Types::ResourceTypeDetails
|
|
1063
1122
|
|
|
1123
|
+
ResourceTypeList.member = Shapes::ShapeRef.new(shape: ResourceType)
|
|
1124
|
+
|
|
1064
1125
|
ResourceTypeStatisticsMap.key = Shapes::ShapeRef.new(shape: ResourceType)
|
|
1065
1126
|
ResourceTypeStatisticsMap.value = Shapes::ShapeRef.new(shape: ResourceTypeDetails)
|
|
1066
1127
|
|
|
@@ -473,16 +473,25 @@ module Aws::AccessAnalyzer
|
|
|
473
473
|
# Amazon Web Services organization or account.
|
|
474
474
|
# @return [Types::UnusedAccessConfiguration]
|
|
475
475
|
#
|
|
476
|
+
# @!attribute [rw] internal_access
|
|
477
|
+
# Specifies the configuration of an internal access analyzer for an
|
|
478
|
+
# Amazon Web Services organization or account. This configuration
|
|
479
|
+
# determines how the analyzer evaluates access within your Amazon Web
|
|
480
|
+
# Services environment.
|
|
481
|
+
# @return [Types::InternalAccessConfiguration]
|
|
482
|
+
#
|
|
476
483
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalyzerConfiguration AWS API Documentation
|
|
477
484
|
#
|
|
478
485
|
class AnalyzerConfiguration < Struct.new(
|
|
479
486
|
:unused_access,
|
|
487
|
+
:internal_access,
|
|
480
488
|
:unknown)
|
|
481
489
|
SENSITIVE = []
|
|
482
490
|
include Aws::Structure
|
|
483
491
|
include Aws::Structure::Union
|
|
484
492
|
|
|
485
493
|
class UnusedAccess < AnalyzerConfiguration; end
|
|
494
|
+
class InternalAccess < AnalyzerConfiguration; end
|
|
486
495
|
class Unknown < AnalyzerConfiguration; end
|
|
487
496
|
end
|
|
488
497
|
|
|
@@ -537,8 +546,8 @@ module Aws::AccessAnalyzer
|
|
|
537
546
|
# @return [Types::StatusReason]
|
|
538
547
|
#
|
|
539
548
|
# @!attribute [rw] configuration
|
|
540
|
-
# Specifies
|
|
541
|
-
# access analyzer.
|
|
549
|
+
# Specifies if the analyzer is an external access, unused access, or
|
|
550
|
+
# internal access analyzer.
|
|
542
551
|
# @return [Types::AnalyzerConfiguration]
|
|
543
552
|
#
|
|
544
553
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/AnalyzerSummary AWS API Documentation
|
|
@@ -1050,11 +1059,9 @@ module Aws::AccessAnalyzer
|
|
|
1050
1059
|
# @return [String]
|
|
1051
1060
|
#
|
|
1052
1061
|
# @!attribute [rw] type
|
|
1053
|
-
# The type of analyzer to create.
|
|
1054
|
-
#
|
|
1055
|
-
#
|
|
1056
|
-
# Region. You can create up to 5 analyzers per organization per
|
|
1057
|
-
# Region.
|
|
1062
|
+
# The type of analyzer to create. You can create only one analyzer per
|
|
1063
|
+
# account per Region. You can create up to 5 analyzers per
|
|
1064
|
+
# organization per Region.
|
|
1058
1065
|
# @return [String]
|
|
1059
1066
|
#
|
|
1060
1067
|
# @!attribute [rw] archive_rules
|
|
@@ -1085,7 +1092,9 @@ module Aws::AccessAnalyzer
|
|
|
1085
1092
|
# @!attribute [rw] configuration
|
|
1086
1093
|
# Specifies the configuration of the analyzer. If the analyzer is an
|
|
1087
1094
|
# unused access analyzer, the specified scope of unused access is used
|
|
1088
|
-
# for the configuration.
|
|
1095
|
+
# for the configuration. If the analyzer is an internal access
|
|
1096
|
+
# analyzer, the specified internal access analysis rules are used for
|
|
1097
|
+
# the configuration.
|
|
1089
1098
|
# @return [Types::AnalyzerConfiguration]
|
|
1090
1099
|
#
|
|
1091
1100
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAnalyzerRequest AWS API Documentation
|
|
@@ -1479,6 +1488,23 @@ module Aws::AccessAnalyzer
|
|
|
1479
1488
|
# @!attribute [rw] resource_control_policy_restriction
|
|
1480
1489
|
# The type of restriction applied to the finding by the resource owner
|
|
1481
1490
|
# with an Organizations resource control policy (RCP).
|
|
1491
|
+
#
|
|
1492
|
+
# * `APPLICABLE`: There is an RCP present in the organization but IAM
|
|
1493
|
+
# Access Analyzer does not include it in the evaluation of effective
|
|
1494
|
+
# permissions. For example, if `s3:DeleteObject` is blocked by the
|
|
1495
|
+
# RCP and the restriction is `APPLICABLE`, then `s3:DeleteObject`
|
|
1496
|
+
# would still be included in the list of actions for the finding.
|
|
1497
|
+
#
|
|
1498
|
+
# * `FAILED_TO_EVALUATE_RCP`: There was an error evaluating the RCP.
|
|
1499
|
+
#
|
|
1500
|
+
# * `NOT_APPLICABLE`: There was no RCP present in the organization, or
|
|
1501
|
+
# there was no RCP applicable to the resource. For example, the
|
|
1502
|
+
# resource being analyzed is an Amazon RDS snapshot and there is an
|
|
1503
|
+
# RCP in the organization, but the RCP only impacts Amazon S3
|
|
1504
|
+
# buckets.
|
|
1505
|
+
#
|
|
1506
|
+
# * `APPLIED`: This restriction is not currently available for
|
|
1507
|
+
# external access findings.
|
|
1482
1508
|
# @return [String]
|
|
1483
1509
|
#
|
|
1484
1510
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ExternalAccessDetails AWS API Documentation
|
|
@@ -1652,6 +1678,12 @@ module Aws::AccessAnalyzer
|
|
|
1652
1678
|
#
|
|
1653
1679
|
# @note FindingDetails is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of FindingDetails corresponding to the set member.
|
|
1654
1680
|
#
|
|
1681
|
+
# @!attribute [rw] internal_access_details
|
|
1682
|
+
# The details for an internal access analyzer finding. This contains
|
|
1683
|
+
# information about access patterns identified within your Amazon Web
|
|
1684
|
+
# Services organization or account.
|
|
1685
|
+
# @return [Types::InternalAccessDetails]
|
|
1686
|
+
#
|
|
1655
1687
|
# @!attribute [rw] external_access_details
|
|
1656
1688
|
# The details for an external access analyzer finding.
|
|
1657
1689
|
# @return [Types::ExternalAccessDetails]
|
|
@@ -1679,6 +1711,7 @@ module Aws::AccessAnalyzer
|
|
|
1679
1711
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingDetails AWS API Documentation
|
|
1680
1712
|
#
|
|
1681
1713
|
class FindingDetails < Struct.new(
|
|
1714
|
+
:internal_access_details,
|
|
1682
1715
|
:external_access_details,
|
|
1683
1716
|
:unused_permission_details,
|
|
1684
1717
|
:unused_iam_user_access_key_details,
|
|
@@ -1689,6 +1722,7 @@ module Aws::AccessAnalyzer
|
|
|
1689
1722
|
include Aws::Structure
|
|
1690
1723
|
include Aws::Structure::Union
|
|
1691
1724
|
|
|
1725
|
+
class InternalAccessDetails < FindingDetails; end
|
|
1692
1726
|
class ExternalAccessDetails < FindingDetails; end
|
|
1693
1727
|
class UnusedPermissionDetails < FindingDetails; end
|
|
1694
1728
|
class UnusedIamUserAccessKeyDetails < FindingDetails; end
|
|
@@ -1874,7 +1908,11 @@ module Aws::AccessAnalyzer
|
|
|
1874
1908
|
# @return [Time]
|
|
1875
1909
|
#
|
|
1876
1910
|
# @!attribute [rw] finding_type
|
|
1877
|
-
# The type of the
|
|
1911
|
+
# The type of the access finding. For external access analyzers, the
|
|
1912
|
+
# type is `ExternalAccess`. For unused access analyzers, the type can
|
|
1913
|
+
# be `UnusedIAMRole`, `UnusedIAMUserAccessKey`,
|
|
1914
|
+
# `UnusedIAMUserPassword`, or `UnusedPermission`. For internal access
|
|
1915
|
+
# analyzers, the type is `InternalAccess`.
|
|
1878
1916
|
# @return [String]
|
|
1879
1917
|
#
|
|
1880
1918
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/FindingSummaryV2 AWS API Documentation
|
|
@@ -1904,6 +1942,13 @@ module Aws::AccessAnalyzer
|
|
|
1904
1942
|
# The aggregate statistics for an external access analyzer.
|
|
1905
1943
|
# @return [Types::ExternalAccessFindingsStatistics]
|
|
1906
1944
|
#
|
|
1945
|
+
# @!attribute [rw] internal_access_findings_statistics
|
|
1946
|
+
# The aggregate statistics for an internal access analyzer. This
|
|
1947
|
+
# includes information about active, archived, and resolved findings
|
|
1948
|
+
# related to internal access within your Amazon Web Services
|
|
1949
|
+
# organization or account.
|
|
1950
|
+
# @return [Types::InternalAccessFindingsStatistics]
|
|
1951
|
+
#
|
|
1907
1952
|
# @!attribute [rw] unused_access_findings_statistics
|
|
1908
1953
|
# The aggregate statistics for an unused access analyzer.
|
|
1909
1954
|
# @return [Types::UnusedAccessFindingsStatistics]
|
|
@@ -1912,6 +1957,7 @@ module Aws::AccessAnalyzer
|
|
|
1912
1957
|
#
|
|
1913
1958
|
class FindingsStatistics < Struct.new(
|
|
1914
1959
|
:external_access_findings_statistics,
|
|
1960
|
+
:internal_access_findings_statistics,
|
|
1915
1961
|
:unused_access_findings_statistics,
|
|
1916
1962
|
:unknown)
|
|
1917
1963
|
SENSITIVE = []
|
|
@@ -1919,6 +1965,7 @@ module Aws::AccessAnalyzer
|
|
|
1919
1965
|
include Aws::Structure::Union
|
|
1920
1966
|
|
|
1921
1967
|
class ExternalAccessFindingsStatistics < FindingsStatistics; end
|
|
1968
|
+
class InternalAccessFindingsStatistics < FindingsStatistics; end
|
|
1922
1969
|
class UnusedAccessFindingsStatistics < FindingsStatistics; end
|
|
1923
1970
|
class Unknown < FindingsStatistics; end
|
|
1924
1971
|
end
|
|
@@ -2351,7 +2398,8 @@ module Aws::AccessAnalyzer
|
|
|
2351
2398
|
# The type of the finding. For external access analyzers, the type is
|
|
2352
2399
|
# `ExternalAccess`. For unused access analyzers, the type can be
|
|
2353
2400
|
# `UnusedIAMRole`, `UnusedIAMUserAccessKey`, `UnusedIAMUserPassword`,
|
|
2354
|
-
# or `UnusedPermission`.
|
|
2401
|
+
# or `UnusedPermission`. For internal access analyzers, the type is
|
|
2402
|
+
# `InternalAccess`.
|
|
2355
2403
|
# @return [String]
|
|
2356
2404
|
#
|
|
2357
2405
|
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFindingV2Response AWS API Documentation
|
|
@@ -2510,6 +2558,256 @@ module Aws::AccessAnalyzer
|
|
|
2510
2558
|
include Aws::Structure
|
|
2511
2559
|
end
|
|
2512
2560
|
|
|
2561
|
+
# Contains information about analysis rules for the internal access
|
|
2562
|
+
# analyzer. Analysis rules determine which entities will generate
|
|
2563
|
+
# findings based on the criteria you define when you create the rule.
|
|
2564
|
+
#
|
|
2565
|
+
# @!attribute [rw] inclusions
|
|
2566
|
+
# A list of rules for the internal access analyzer containing criteria
|
|
2567
|
+
# to include in analysis. Only resources that meet the rule criteria
|
|
2568
|
+
# will generate findings.
|
|
2569
|
+
# @return [Array<Types::InternalAccessAnalysisRuleCriteria>]
|
|
2570
|
+
#
|
|
2571
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternalAccessAnalysisRule AWS API Documentation
|
|
2572
|
+
#
|
|
2573
|
+
class InternalAccessAnalysisRule < Struct.new(
|
|
2574
|
+
:inclusions)
|
|
2575
|
+
SENSITIVE = []
|
|
2576
|
+
include Aws::Structure
|
|
2577
|
+
end
|
|
2578
|
+
|
|
2579
|
+
# The criteria for an analysis rule for an internal access analyzer.
|
|
2580
|
+
#
|
|
2581
|
+
# @!attribute [rw] account_ids
|
|
2582
|
+
# A list of Amazon Web Services account IDs to apply to the internal
|
|
2583
|
+
# access analysis rule criteria. Account IDs can only be applied to
|
|
2584
|
+
# the analysis rule criteria for organization-level analyzers.
|
|
2585
|
+
# @return [Array<String>]
|
|
2586
|
+
#
|
|
2587
|
+
# @!attribute [rw] resource_types
|
|
2588
|
+
# A list of resource types to apply to the internal access analysis
|
|
2589
|
+
# rule criteria. The analyzer will only generate findings for
|
|
2590
|
+
# resources of these types. These resource types are currently
|
|
2591
|
+
# supported for internal access analyzers:
|
|
2592
|
+
#
|
|
2593
|
+
# * `AWS::S3::Bucket`
|
|
2594
|
+
#
|
|
2595
|
+
# * `AWS::RDS::DBSnapshot`
|
|
2596
|
+
#
|
|
2597
|
+
# * `AWS::RDS::DBClusterSnapshot`
|
|
2598
|
+
#
|
|
2599
|
+
# * `AWS::S3Express::DirectoryBucket`
|
|
2600
|
+
#
|
|
2601
|
+
# * `AWS::DynamoDB::Table`
|
|
2602
|
+
#
|
|
2603
|
+
# * `AWS::DynamoDB::Stream`
|
|
2604
|
+
# @return [Array<String>]
|
|
2605
|
+
#
|
|
2606
|
+
# @!attribute [rw] resource_arns
|
|
2607
|
+
# A list of resource ARNs to apply to the internal access analysis
|
|
2608
|
+
# rule criteria. The analyzer will only generate findings for
|
|
2609
|
+
# resources that match these ARNs.
|
|
2610
|
+
# @return [Array<String>]
|
|
2611
|
+
#
|
|
2612
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternalAccessAnalysisRuleCriteria AWS API Documentation
|
|
2613
|
+
#
|
|
2614
|
+
class InternalAccessAnalysisRuleCriteria < Struct.new(
|
|
2615
|
+
:account_ids,
|
|
2616
|
+
:resource_types,
|
|
2617
|
+
:resource_arns)
|
|
2618
|
+
SENSITIVE = []
|
|
2619
|
+
include Aws::Structure
|
|
2620
|
+
end
|
|
2621
|
+
|
|
2622
|
+
# Specifies the configuration of an internal access analyzer for an
|
|
2623
|
+
# Amazon Web Services organization or account. This configuration
|
|
2624
|
+
# determines how the analyzer evaluates internal access within your
|
|
2625
|
+
# Amazon Web Services environment.
|
|
2626
|
+
#
|
|
2627
|
+
# @!attribute [rw] analysis_rule
|
|
2628
|
+
# Contains information about analysis rules for the internal access
|
|
2629
|
+
# analyzer. These rules determine which resources and access patterns
|
|
2630
|
+
# will be analyzed.
|
|
2631
|
+
# @return [Types::InternalAccessAnalysisRule]
|
|
2632
|
+
#
|
|
2633
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternalAccessConfiguration AWS API Documentation
|
|
2634
|
+
#
|
|
2635
|
+
class InternalAccessConfiguration < Struct.new(
|
|
2636
|
+
:analysis_rule)
|
|
2637
|
+
SENSITIVE = []
|
|
2638
|
+
include Aws::Structure
|
|
2639
|
+
end
|
|
2640
|
+
|
|
2641
|
+
# Contains information about an internal access finding. This includes
|
|
2642
|
+
# details about the access that was identified within your Amazon Web
|
|
2643
|
+
# Services organization or account.
|
|
2644
|
+
#
|
|
2645
|
+
# @!attribute [rw] action
|
|
2646
|
+
# The action in the analyzed policy statement that has internal access
|
|
2647
|
+
# permission to use.
|
|
2648
|
+
# @return [Array<String>]
|
|
2649
|
+
#
|
|
2650
|
+
# @!attribute [rw] condition
|
|
2651
|
+
# The condition in the analyzed policy statement that resulted in an
|
|
2652
|
+
# internal access finding.
|
|
2653
|
+
# @return [Hash<String,String>]
|
|
2654
|
+
#
|
|
2655
|
+
# @!attribute [rw] principal
|
|
2656
|
+
# The principal that has access to a resource within the internal
|
|
2657
|
+
# environment.
|
|
2658
|
+
# @return [Hash<String,String>]
|
|
2659
|
+
#
|
|
2660
|
+
# @!attribute [rw] principal_owner_account
|
|
2661
|
+
# The Amazon Web Services account ID that owns the principal
|
|
2662
|
+
# identified in the internal access finding.
|
|
2663
|
+
# @return [String]
|
|
2664
|
+
#
|
|
2665
|
+
# @!attribute [rw] access_type
|
|
2666
|
+
# The type of internal access identified in the finding. This
|
|
2667
|
+
# indicates how the access is granted within your Amazon Web Services
|
|
2668
|
+
# environment.
|
|
2669
|
+
# @return [String]
|
|
2670
|
+
#
|
|
2671
|
+
# @!attribute [rw] principal_type
|
|
2672
|
+
# The type of principal identified in the internal access finding,
|
|
2673
|
+
# such as IAM role or IAM user.
|
|
2674
|
+
# @return [String]
|
|
2675
|
+
#
|
|
2676
|
+
# @!attribute [rw] sources
|
|
2677
|
+
# The sources of the internal access finding. This indicates how the
|
|
2678
|
+
# access that generated the finding is granted within your Amazon Web
|
|
2679
|
+
# Services environment.
|
|
2680
|
+
# @return [Array<Types::FindingSource>]
|
|
2681
|
+
#
|
|
2682
|
+
# @!attribute [rw] resource_control_policy_restriction
|
|
2683
|
+
# The type of restriction applied to the finding by the resource owner
|
|
2684
|
+
# with an Organizations resource control policy (RCP).
|
|
2685
|
+
#
|
|
2686
|
+
# * `APPLICABLE`: There is an RCP present in the organization but IAM
|
|
2687
|
+
# Access Analyzer does not include it in the evaluation of effective
|
|
2688
|
+
# permissions. For example, if `s3:DeleteObject` is blocked by the
|
|
2689
|
+
# RCP and the restriction is `APPLICABLE`, then `s3:DeleteObject`
|
|
2690
|
+
# would still be included in the list of actions for the finding.
|
|
2691
|
+
# Only applicable to internal access findings with the account as
|
|
2692
|
+
# the zone of trust.
|
|
2693
|
+
#
|
|
2694
|
+
# * `FAILED_TO_EVALUATE_RCP`: There was an error evaluating the RCP.
|
|
2695
|
+
#
|
|
2696
|
+
# * `NOT_APPLICABLE`: There was no RCP present in the organization.
|
|
2697
|
+
# For internal access findings with the account as the zone of
|
|
2698
|
+
# trust, `NOT_APPLICABLE` could also indicate that there was no RCP
|
|
2699
|
+
# applicable to the resource.
|
|
2700
|
+
#
|
|
2701
|
+
# * `APPLIED`: An RCP is present in the organization and IAM Access
|
|
2702
|
+
# Analyzer included it in the evaluation of effective permissions.
|
|
2703
|
+
# For example, if `s3:DeleteObject` is blocked by the RCP and the
|
|
2704
|
+
# restriction is `APPLIED`, then `s3:DeleteObject` would not be
|
|
2705
|
+
# included in the list of actions for the finding. Only applicable
|
|
2706
|
+
# to internal access findings with the organization as the zone of
|
|
2707
|
+
# trust.
|
|
2708
|
+
# @return [String]
|
|
2709
|
+
#
|
|
2710
|
+
# @!attribute [rw] service_control_policy_restriction
|
|
2711
|
+
# The type of restriction applied to the finding by an Organizations
|
|
2712
|
+
# service control policy (SCP).
|
|
2713
|
+
#
|
|
2714
|
+
# * `APPLICABLE`: There is an SCP present in the organization but IAM
|
|
2715
|
+
# Access Analyzer does not include it in the evaluation of effective
|
|
2716
|
+
# permissions. Only applicable to internal access findings with the
|
|
2717
|
+
# account as the zone of trust.
|
|
2718
|
+
#
|
|
2719
|
+
# * `FAILED_TO_EVALUATE_SCP`: There was an error evaluating the SCP.
|
|
2720
|
+
#
|
|
2721
|
+
# * `NOT_APPLICABLE`: There was no SCP present in the organization.
|
|
2722
|
+
# For internal access findings with the account as the zone of
|
|
2723
|
+
# trust, `NOT_APPLICABLE` could also indicate that there was no SCP
|
|
2724
|
+
# applicable to the principal.
|
|
2725
|
+
#
|
|
2726
|
+
# * `APPLIED`: An SCP is present in the organization and IAM Access
|
|
2727
|
+
# Analyzer included it in the evaluation of effective permissions.
|
|
2728
|
+
# Only applicable to internal access findings with the organization
|
|
2729
|
+
# as the zone of trust.
|
|
2730
|
+
# @return [String]
|
|
2731
|
+
#
|
|
2732
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternalAccessDetails AWS API Documentation
|
|
2733
|
+
#
|
|
2734
|
+
class InternalAccessDetails < Struct.new(
|
|
2735
|
+
:action,
|
|
2736
|
+
:condition,
|
|
2737
|
+
:principal,
|
|
2738
|
+
:principal_owner_account,
|
|
2739
|
+
:access_type,
|
|
2740
|
+
:principal_type,
|
|
2741
|
+
:sources,
|
|
2742
|
+
:resource_control_policy_restriction,
|
|
2743
|
+
:service_control_policy_restriction)
|
|
2744
|
+
SENSITIVE = []
|
|
2745
|
+
include Aws::Structure
|
|
2746
|
+
end
|
|
2747
|
+
|
|
2748
|
+
# Provides aggregate statistics about the findings for the specified
|
|
2749
|
+
# internal access analyzer. This includes counts of active, archived,
|
|
2750
|
+
# and resolved findings.
|
|
2751
|
+
#
|
|
2752
|
+
# @!attribute [rw] resource_type_statistics
|
|
2753
|
+
# The total number of active findings for each resource type of the
|
|
2754
|
+
# specified internal access analyzer.
|
|
2755
|
+
# @return [Hash<String,Types::InternalAccessResourceTypeDetails>]
|
|
2756
|
+
#
|
|
2757
|
+
# @!attribute [rw] total_active_findings
|
|
2758
|
+
# The number of active findings for the specified internal access
|
|
2759
|
+
# analyzer.
|
|
2760
|
+
# @return [Integer]
|
|
2761
|
+
#
|
|
2762
|
+
# @!attribute [rw] total_archived_findings
|
|
2763
|
+
# The number of archived findings for the specified internal access
|
|
2764
|
+
# analyzer.
|
|
2765
|
+
# @return [Integer]
|
|
2766
|
+
#
|
|
2767
|
+
# @!attribute [rw] total_resolved_findings
|
|
2768
|
+
# The number of resolved findings for the specified internal access
|
|
2769
|
+
# analyzer.
|
|
2770
|
+
# @return [Integer]
|
|
2771
|
+
#
|
|
2772
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternalAccessFindingsStatistics AWS API Documentation
|
|
2773
|
+
#
|
|
2774
|
+
class InternalAccessFindingsStatistics < Struct.new(
|
|
2775
|
+
:resource_type_statistics,
|
|
2776
|
+
:total_active_findings,
|
|
2777
|
+
:total_archived_findings,
|
|
2778
|
+
:total_resolved_findings)
|
|
2779
|
+
SENSITIVE = []
|
|
2780
|
+
include Aws::Structure
|
|
2781
|
+
end
|
|
2782
|
+
|
|
2783
|
+
# Contains information about the total number of active, archived, and
|
|
2784
|
+
# resolved findings for a resource type of an internal access analyzer.
|
|
2785
|
+
#
|
|
2786
|
+
# @!attribute [rw] total_active_findings
|
|
2787
|
+
# The total number of active findings for the resource type in the
|
|
2788
|
+
# internal access analyzer.
|
|
2789
|
+
# @return [Integer]
|
|
2790
|
+
#
|
|
2791
|
+
# @!attribute [rw] total_resolved_findings
|
|
2792
|
+
# The total number of resolved findings for the resource type in the
|
|
2793
|
+
# internal access analyzer.
|
|
2794
|
+
# @return [Integer]
|
|
2795
|
+
#
|
|
2796
|
+
# @!attribute [rw] total_archived_findings
|
|
2797
|
+
# The total number of archived findings for the resource type in the
|
|
2798
|
+
# internal access analyzer.
|
|
2799
|
+
# @return [Integer]
|
|
2800
|
+
#
|
|
2801
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/InternalAccessResourceTypeDetails AWS API Documentation
|
|
2802
|
+
#
|
|
2803
|
+
class InternalAccessResourceTypeDetails < Struct.new(
|
|
2804
|
+
:total_active_findings,
|
|
2805
|
+
:total_resolved_findings,
|
|
2806
|
+
:total_archived_findings)
|
|
2807
|
+
SENSITIVE = []
|
|
2808
|
+
include Aws::Structure
|
|
2809
|
+
end
|
|
2810
|
+
|
|
2513
2811
|
# Internal server error.
|
|
2514
2812
|
#
|
|
2515
2813
|
# @!attribute [rw] message
|
data/sig/client.rbs
CHANGED
|
@@ -260,7 +260,7 @@ module Aws
|
|
|
260
260
|
# https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AccessAnalyzer/Client.html#create_analyzer-instance_method
|
|
261
261
|
def create_analyzer: (
|
|
262
262
|
analyzer_name: ::String,
|
|
263
|
-
type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS"),
|
|
263
|
+
type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS" | "ACCOUNT_INTERNAL_ACCESS" | "ORGANIZATION_INTERNAL_ACCESS"),
|
|
264
264
|
?archive_rules: Array[
|
|
265
265
|
{
|
|
266
266
|
rule_name: ::String,
|
|
@@ -287,6 +287,17 @@ module Aws
|
|
|
287
287
|
},
|
|
288
288
|
]?
|
|
289
289
|
}?
|
|
290
|
+
}?,
|
|
291
|
+
internal_access: {
|
|
292
|
+
analysis_rule: {
|
|
293
|
+
inclusions: Array[
|
|
294
|
+
{
|
|
295
|
+
account_ids: Array[::String]?,
|
|
296
|
+
resource_types: Array[("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")]?,
|
|
297
|
+
resource_arns: Array[::String]?
|
|
298
|
+
},
|
|
299
|
+
]?
|
|
300
|
+
}?
|
|
290
301
|
}?
|
|
291
302
|
}
|
|
292
303
|
) -> _CreateAnalyzerResponseSuccess
|
|
@@ -413,7 +424,7 @@ module Aws
|
|
|
413
424
|
def status: () -> ("ACTIVE" | "ARCHIVED" | "RESOLVED")
|
|
414
425
|
def updated_at: () -> ::Time
|
|
415
426
|
def finding_details: () -> ::Array[Types::FindingDetails]
|
|
416
|
-
def finding_type: () -> ("ExternalAccess" | "UnusedIAMRole" | "UnusedIAMUserAccessKey" | "UnusedIAMUserPassword" | "UnusedPermission")
|
|
427
|
+
def finding_type: () -> ("ExternalAccess" | "UnusedIAMRole" | "UnusedIAMUserAccessKey" | "UnusedIAMUserPassword" | "UnusedPermission" | "InternalAccess")
|
|
417
428
|
end
|
|
418
429
|
# https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/AccessAnalyzer/Client.html#get_finding_v2-instance_method
|
|
419
430
|
def get_finding_v2: (
|
|
@@ -504,7 +515,7 @@ module Aws
|
|
|
504
515
|
def list_analyzers: (
|
|
505
516
|
?next_token: ::String,
|
|
506
517
|
?max_results: ::Integer,
|
|
507
|
-
?type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS")
|
|
518
|
+
?type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS" | "ACCOUNT_INTERNAL_ACCESS" | "ORGANIZATION_INTERNAL_ACCESS")
|
|
508
519
|
) -> _ListAnalyzersResponseSuccess
|
|
509
520
|
| (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListAnalyzersResponseSuccess
|
|
510
521
|
|
|
@@ -663,6 +674,17 @@ module Aws
|
|
|
663
674
|
},
|
|
664
675
|
]?
|
|
665
676
|
}?
|
|
677
|
+
}?,
|
|
678
|
+
internal_access: {
|
|
679
|
+
analysis_rule: {
|
|
680
|
+
inclusions: Array[
|
|
681
|
+
{
|
|
682
|
+
account_ids: Array[::String]?,
|
|
683
|
+
resource_types: Array[("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")]?,
|
|
684
|
+
resource_arns: Array[::String]?
|
|
685
|
+
},
|
|
686
|
+
]?
|
|
687
|
+
}?
|
|
666
688
|
}?
|
|
667
689
|
}
|
|
668
690
|
) -> _UpdateAnalyzerResponseSuccess
|
data/sig/types.rbs
CHANGED
|
@@ -45,7 +45,7 @@ module Aws::AccessAnalyzer
|
|
|
45
45
|
attr_accessor resource_owner_account: ::String
|
|
46
46
|
attr_accessor error: ::String
|
|
47
47
|
attr_accessor sources: ::Array[Types::FindingSource]
|
|
48
|
-
attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE")
|
|
48
|
+
attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE" | "APPLIED")
|
|
49
49
|
SENSITIVE: []
|
|
50
50
|
end
|
|
51
51
|
|
|
@@ -112,11 +112,14 @@ module Aws::AccessAnalyzer
|
|
|
112
112
|
|
|
113
113
|
class AnalyzerConfiguration
|
|
114
114
|
attr_accessor unused_access: Types::UnusedAccessConfiguration
|
|
115
|
+
attr_accessor internal_access: Types::InternalAccessConfiguration
|
|
115
116
|
attr_accessor unknown: untyped
|
|
116
117
|
SENSITIVE: []
|
|
117
118
|
|
|
118
119
|
class UnusedAccess < AnalyzerConfiguration
|
|
119
120
|
end
|
|
121
|
+
class InternalAccess < AnalyzerConfiguration
|
|
122
|
+
end
|
|
120
123
|
class Unknown < AnalyzerConfiguration
|
|
121
124
|
end
|
|
122
125
|
end
|
|
@@ -124,7 +127,7 @@ module Aws::AccessAnalyzer
|
|
|
124
127
|
class AnalyzerSummary
|
|
125
128
|
attr_accessor arn: ::String
|
|
126
129
|
attr_accessor name: ::String
|
|
127
|
-
attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS")
|
|
130
|
+
attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS" | "ACCOUNT_INTERNAL_ACCESS" | "ORGANIZATION_INTERNAL_ACCESS")
|
|
128
131
|
attr_accessor created_at: ::Time
|
|
129
132
|
attr_accessor last_resource_analyzed: ::String
|
|
130
133
|
attr_accessor last_resource_analyzed_at: ::Time
|
|
@@ -285,7 +288,7 @@ module Aws::AccessAnalyzer
|
|
|
285
288
|
|
|
286
289
|
class CreateAnalyzerRequest
|
|
287
290
|
attr_accessor analyzer_name: ::String
|
|
288
|
-
attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS")
|
|
291
|
+
attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS" | "ACCOUNT_INTERNAL_ACCESS" | "ORGANIZATION_INTERNAL_ACCESS")
|
|
289
292
|
attr_accessor archive_rules: ::Array[Types::InlineArchiveRule]
|
|
290
293
|
attr_accessor tags: ::Hash[::String, ::String]
|
|
291
294
|
attr_accessor client_token: ::String
|
|
@@ -360,7 +363,7 @@ module Aws::AccessAnalyzer
|
|
|
360
363
|
attr_accessor is_public: bool
|
|
361
364
|
attr_accessor principal: ::Hash[::String, ::String]
|
|
362
365
|
attr_accessor sources: ::Array[Types::FindingSource]
|
|
363
|
-
attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE")
|
|
366
|
+
attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE" | "APPLIED")
|
|
364
367
|
SENSITIVE: []
|
|
365
368
|
end
|
|
366
369
|
|
|
@@ -387,7 +390,7 @@ module Aws::AccessAnalyzer
|
|
|
387
390
|
attr_accessor resource_owner_account: ::String
|
|
388
391
|
attr_accessor error: ::String
|
|
389
392
|
attr_accessor sources: ::Array[Types::FindingSource]
|
|
390
|
-
attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE")
|
|
393
|
+
attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE" | "APPLIED")
|
|
391
394
|
SENSITIVE: []
|
|
392
395
|
end
|
|
393
396
|
|
|
@@ -399,6 +402,7 @@ module Aws::AccessAnalyzer
|
|
|
399
402
|
end
|
|
400
403
|
|
|
401
404
|
class FindingDetails
|
|
405
|
+
attr_accessor internal_access_details: Types::InternalAccessDetails
|
|
402
406
|
attr_accessor external_access_details: Types::ExternalAccessDetails
|
|
403
407
|
attr_accessor unused_permission_details: Types::UnusedPermissionDetails
|
|
404
408
|
attr_accessor unused_iam_user_access_key_details: Types::UnusedIamUserAccessKeyDetails
|
|
@@ -407,6 +411,8 @@ module Aws::AccessAnalyzer
|
|
|
407
411
|
attr_accessor unknown: untyped
|
|
408
412
|
SENSITIVE: []
|
|
409
413
|
|
|
414
|
+
class InternalAccessDetails < FindingDetails
|
|
415
|
+
end
|
|
410
416
|
class ExternalAccessDetails < FindingDetails
|
|
411
417
|
end
|
|
412
418
|
class UnusedPermissionDetails < FindingDetails
|
|
@@ -448,7 +454,7 @@ module Aws::AccessAnalyzer
|
|
|
448
454
|
attr_accessor resource_owner_account: ::String
|
|
449
455
|
attr_accessor error: ::String
|
|
450
456
|
attr_accessor sources: ::Array[Types::FindingSource]
|
|
451
|
-
attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE")
|
|
457
|
+
attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE" | "APPLIED")
|
|
452
458
|
SENSITIVE: []
|
|
453
459
|
end
|
|
454
460
|
|
|
@@ -462,18 +468,21 @@ module Aws::AccessAnalyzer
|
|
|
462
468
|
attr_accessor resource_owner_account: ::String
|
|
463
469
|
attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
|
|
464
470
|
attr_accessor updated_at: ::Time
|
|
465
|
-
attr_accessor finding_type: ("ExternalAccess" | "UnusedIAMRole" | "UnusedIAMUserAccessKey" | "UnusedIAMUserPassword" | "UnusedPermission")
|
|
471
|
+
attr_accessor finding_type: ("ExternalAccess" | "UnusedIAMRole" | "UnusedIAMUserAccessKey" | "UnusedIAMUserPassword" | "UnusedPermission" | "InternalAccess")
|
|
466
472
|
SENSITIVE: []
|
|
467
473
|
end
|
|
468
474
|
|
|
469
475
|
class FindingsStatistics
|
|
470
476
|
attr_accessor external_access_findings_statistics: Types::ExternalAccessFindingsStatistics
|
|
477
|
+
attr_accessor internal_access_findings_statistics: Types::InternalAccessFindingsStatistics
|
|
471
478
|
attr_accessor unused_access_findings_statistics: Types::UnusedAccessFindingsStatistics
|
|
472
479
|
attr_accessor unknown: untyped
|
|
473
480
|
SENSITIVE: []
|
|
474
481
|
|
|
475
482
|
class ExternalAccessFindingsStatistics < FindingsStatistics
|
|
476
483
|
end
|
|
484
|
+
class InternalAccessFindingsStatistics < FindingsStatistics
|
|
485
|
+
end
|
|
477
486
|
class UnusedAccessFindingsStatistics < FindingsStatistics
|
|
478
487
|
end
|
|
479
488
|
class Unknown < FindingsStatistics
|
|
@@ -598,7 +607,7 @@ module Aws::AccessAnalyzer
|
|
|
598
607
|
attr_accessor status: ("ACTIVE" | "ARCHIVED" | "RESOLVED")
|
|
599
608
|
attr_accessor updated_at: ::Time
|
|
600
609
|
attr_accessor finding_details: ::Array[Types::FindingDetails]
|
|
601
|
-
attr_accessor finding_type: ("ExternalAccess" | "UnusedIAMRole" | "UnusedIAMUserAccessKey" | "UnusedIAMUserPassword" | "UnusedPermission")
|
|
610
|
+
attr_accessor finding_type: ("ExternalAccess" | "UnusedIAMRole" | "UnusedIAMUserAccessKey" | "UnusedIAMUserPassword" | "UnusedPermission" | "InternalAccess")
|
|
602
611
|
SENSITIVE: []
|
|
603
612
|
end
|
|
604
613
|
|
|
@@ -637,6 +646,51 @@ module Aws::AccessAnalyzer
|
|
|
637
646
|
SENSITIVE: []
|
|
638
647
|
end
|
|
639
648
|
|
|
649
|
+
class InternalAccessAnalysisRule
|
|
650
|
+
attr_accessor inclusions: ::Array[Types::InternalAccessAnalysisRuleCriteria]
|
|
651
|
+
SENSITIVE: []
|
|
652
|
+
end
|
|
653
|
+
|
|
654
|
+
class InternalAccessAnalysisRuleCriteria
|
|
655
|
+
attr_accessor account_ids: ::Array[::String]
|
|
656
|
+
attr_accessor resource_types: ::Array[("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User")]
|
|
657
|
+
attr_accessor resource_arns: ::Array[::String]
|
|
658
|
+
SENSITIVE: []
|
|
659
|
+
end
|
|
660
|
+
|
|
661
|
+
class InternalAccessConfiguration
|
|
662
|
+
attr_accessor analysis_rule: Types::InternalAccessAnalysisRule
|
|
663
|
+
SENSITIVE: []
|
|
664
|
+
end
|
|
665
|
+
|
|
666
|
+
class InternalAccessDetails
|
|
667
|
+
attr_accessor action: ::Array[::String]
|
|
668
|
+
attr_accessor condition: ::Hash[::String, ::String]
|
|
669
|
+
attr_accessor principal: ::Hash[::String, ::String]
|
|
670
|
+
attr_accessor principal_owner_account: ::String
|
|
671
|
+
attr_accessor access_type: ("INTRA_ACCOUNT" | "INTRA_ORG")
|
|
672
|
+
attr_accessor principal_type: ("IAM_ROLE" | "IAM_USER")
|
|
673
|
+
attr_accessor sources: ::Array[Types::FindingSource]
|
|
674
|
+
attr_accessor resource_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_RCP" | "NOT_APPLICABLE" | "APPLIED")
|
|
675
|
+
attr_accessor service_control_policy_restriction: ("APPLICABLE" | "FAILED_TO_EVALUATE_SCP" | "NOT_APPLICABLE" | "APPLIED")
|
|
676
|
+
SENSITIVE: []
|
|
677
|
+
end
|
|
678
|
+
|
|
679
|
+
class InternalAccessFindingsStatistics
|
|
680
|
+
attr_accessor resource_type_statistics: ::Hash[("AWS::S3::Bucket" | "AWS::IAM::Role" | "AWS::SQS::Queue" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::KMS::Key" | "AWS::SecretsManager::Secret" | "AWS::EFS::FileSystem" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::RDS::DBSnapshot" | "AWS::RDS::DBClusterSnapshot" | "AWS::SNS::Topic" | "AWS::S3Express::DirectoryBucket" | "AWS::DynamoDB::Table" | "AWS::DynamoDB::Stream" | "AWS::IAM::User"), Types::InternalAccessResourceTypeDetails]
|
|
681
|
+
attr_accessor total_active_findings: ::Integer
|
|
682
|
+
attr_accessor total_archived_findings: ::Integer
|
|
683
|
+
attr_accessor total_resolved_findings: ::Integer
|
|
684
|
+
SENSITIVE: []
|
|
685
|
+
end
|
|
686
|
+
|
|
687
|
+
class InternalAccessResourceTypeDetails
|
|
688
|
+
attr_accessor total_active_findings: ::Integer
|
|
689
|
+
attr_accessor total_resolved_findings: ::Integer
|
|
690
|
+
attr_accessor total_archived_findings: ::Integer
|
|
691
|
+
SENSITIVE: []
|
|
692
|
+
end
|
|
693
|
+
|
|
640
694
|
class InternalServerException
|
|
641
695
|
attr_accessor message: ::String
|
|
642
696
|
attr_accessor retry_after_seconds: ::Integer
|
|
@@ -732,7 +786,7 @@ module Aws::AccessAnalyzer
|
|
|
732
786
|
class ListAnalyzersRequest
|
|
733
787
|
attr_accessor next_token: ::String
|
|
734
788
|
attr_accessor max_results: ::Integer
|
|
735
|
-
attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS")
|
|
789
|
+
attr_accessor type: ("ACCOUNT" | "ORGANIZATION" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION_UNUSED_ACCESS" | "ACCOUNT_INTERNAL_ACCESS" | "ORGANIZATION_INTERNAL_ACCESS")
|
|
736
790
|
SENSITIVE: []
|
|
737
791
|
end
|
|
738
792
|
|