aws-sdk-iam 1.38.0 → 1.39.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8e24f5a93caf9949f9b08b97e587232fa41797f17e00048e638e1333eaba553c
-  data.tar.gz: 5df7962e93314e21ec1c6a862a899c7e11e5f24a990b65604b07aa715dde4dde
+  metadata.gz: '086f8194faa4dda8254d6053c3c2606092a537a46624c9d6e5a159f5506431d5'
+  data.tar.gz: 62e40109086cdd1bb34a6cb886329219dc781e248ba791ac83d20a87ef0d8362
 SHA512:
-  metadata.gz: d697e388198414a3df5fa143fc3ee925a09422e9ddf4079d8865027c78d8dedc2e48fe966a80e42b48a5fe21d55040c51dd1f787a291899b70faf56f5bd7404b
-  data.tar.gz: 87bbde85825b00a2beccf8b140282a62a96110cba5894ceb278db9580dacd6ce33f1bc7f625cc8f7d0d0facf3e5bc762d07fa0dee6c1c890670de33463f649fe
+  metadata.gz: 70434a577f415496951934e86db86a7653da7b5505d2f45d6532666155c1b2fc768e1eeadae1b9b35b1086c9115364b11c168b0b2d316ae3c06d560450933ba9
+  data.tar.gz: 284262a384e6dc7abee1508eb9604b42fe4d649b18e6c27b0b3130da0a78dcbc36307e6bf80597147169acf39dd74c766f6716fc5629a00c91d18754bb540957

data/lib/aws-sdk-iam.rb

@@ -67,6 +67,6 @@ require_relative 'aws-sdk-iam/customizations'
 # @service
 module Aws::IAM
 
-  GEM_VERSION = '1.38.0'
+  GEM_VERSION = '1.39.0'
 
 end

data/lib/aws-sdk-iam/client.rb

@@ -3794,8 +3794,9 @@ module Aws::IAM
     #
     #  </note>
     #
-    # For more information about service last accessed data, see [Reducing
-    # Policy Scope by Viewing User Activity][4] in the *IAM User Guide*.
+    # For more information about service and action last accessed data, see
+    # [Reducing Permissions Using Service Last Accessed Data][4] in the *IAM
+    # User Guide*.
     #
     #
     #
@@ -3809,6 +3810,14 @@ module Aws::IAM
     #   used to generate information about when the resource was last used in
     #   an attempt to access an AWS service.
     #
+    # @option params [String] :granularity
+    #   The level of detail that you want to generate. You can specify whether
+    #   you want to generate information about the last attempt to access
+    #   services or actions. If you specify service-level granularity, this
+    #   operation generates only service data. If you specify action-level
+    #   granularity, it generates service and action data. If you don't
+    #   include this optional parameter, the operation generates service data.
+    #
     # @return [Types::GenerateServiceLastAccessedDetailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GenerateServiceLastAccessedDetailsResponse#job_id #job_id} => String
@@ -3831,6 +3840,7 @@ module Aws::IAM
     #
     #   resp = client.generate_service_last_accessed_details({
     #     arn: "arnType", # required
+    #     granularity: "SERVICE_LEVEL", # accepts SERVICE_LEVEL, ACTION_LEVEL
     #   })
     #
     # @example Response structure
@@ -5404,9 +5414,19 @@ module Aws::IAM
     #
     # By default, the list is sorted by service namespace.
     #
+    # If you specified `ACTION_LEVEL` granularity when you generated the
+    # report, this operation returns service and action last accessed data.
+    # This includes the most recent access attempt for each tracked action
+    # within a service. Otherwise, this operation returns only service data.
+    #
+    # For more information about service and action last accessed data, see
+    # [Reducing Permissions Using Service Last Accessed Data][2] in the *IAM
+    # User Guide*.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
+    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
     #
     # @option params [required, String] :job_id
     #   The ID of the request generated by the
@@ -5435,6 +5455,7 @@ module Aws::IAM
     # @return [Types::GetServiceLastAccessedDetailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetServiceLastAccessedDetailsResponse#job_status #job_status} => String
+    #   * {Types::GetServiceLastAccessedDetailsResponse#job_type #job_type} => String
     #   * {Types::GetServiceLastAccessedDetailsResponse#job_creation_date #job_creation_date} => Time
     #   * {Types::GetServiceLastAccessedDetailsResponse#services_last_accessed #services_last_accessed} => Array&lt;Types::ServiceLastAccessed&gt;
     #   * {Types::GetServiceLastAccessedDetailsResponse#job_completion_date #job_completion_date} => Time
@@ -5484,13 +5505,20 @@ module Aws::IAM
     # @example Response structure
     #
     #   resp.job_status #=> String, one of "IN_PROGRESS", "COMPLETED", "FAILED"
+    #   resp.job_type #=> String, one of "SERVICE_LEVEL", "ACTION_LEVEL"
     #   resp.job_creation_date #=> Time
     #   resp.services_last_accessed #=> Array
     #   resp.services_last_accessed[0].service_name #=> String
     #   resp.services_last_accessed[0].last_authenticated #=> Time
     #   resp.services_last_accessed[0].service_namespace #=> String
     #   resp.services_last_accessed[0].last_authenticated_entity #=> String
+    #   resp.services_last_accessed[0].last_authenticated_region #=> String
     #   resp.services_last_accessed[0].total_authenticated_entities #=> Integer
+    #   resp.services_last_accessed[0].tracked_actions_last_accessed #=> Array
+    #   resp.services_last_accessed[0].tracked_actions_last_accessed[0].action_name #=> String
+    #   resp.services_last_accessed[0].tracked_actions_last_accessed[0].last_accessed_entity #=> String
+    #   resp.services_last_accessed[0].tracked_actions_last_accessed[0].last_accessed_time #=> Time
+    #   resp.services_last_accessed[0].tracked_actions_last_accessed[0].last_accessed_region #=> String
     #   resp.job_completion_date #=> Time
     #   resp.is_truncated #=> Boolean
     #   resp.marker #=> String
@@ -9577,7 +9605,7 @@ module Aws::IAM
     #   operation. An IAM entity can only have one permissions boundary in
     #   effect at a time. For example, if a permissions boundary is attached
     #   to an entity and you pass in a different permissions boundary policy
-    #   using this parameter, then the new permission boundary policy is used
+    #   using this parameter, then the new permissions boundary policy is used
     #   for the simulation. For more information about permissions boundaries,
     #   see [Permissions Boundaries for IAM Entities][1] in the *IAM User
     #   Guide*. The policy input is specified as a string containing the
@@ -11533,7 +11561,7 @@ module Aws::IAM
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iam'
-      context[:gem_version] = '1.38.0'
+      context[:gem_version] = '1.39.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-iam/client_api.rb

@@ -11,6 +11,7 @@ module Aws::IAM
 
     include Seahorse::Model
 
+    AccessAdvisorUsageGranularityType = Shapes::StringShape.new(name: 'AccessAdvisorUsageGranularityType')
     AccessDetail = Shapes::StructureShape.new(name: 'AccessDetail')
     AccessDetails = Shapes::ListShape.new(name: 'AccessDetails')
     AccessKey = Shapes::StructureShape.new(name: 'AccessKey')
@@ -320,6 +321,8 @@ module Aws::IAM
     Tag = Shapes::StructureShape.new(name: 'Tag')
     TagRoleRequest = Shapes::StructureShape.new(name: 'TagRoleRequest')
     TagUserRequest = Shapes::StructureShape.new(name: 'TagUserRequest')
+    TrackedActionLastAccessed = Shapes::StructureShape.new(name: 'TrackedActionLastAccessed')
+    TrackedActionsLastAccessed = Shapes::ListShape.new(name: 'TrackedActionsLastAccessed')
     UnmodifiableEntityException = Shapes::StructureShape.new(name: 'UnmodifiableEntityException')
     UnrecognizedPublicKeyEncodingException = Shapes::StructureShape.new(name: 'UnrecognizedPublicKeyEncodingException')
     UntagRoleRequest = Shapes::StructureShape.new(name: 'UntagRoleRequest')
@@ -833,6 +836,7 @@ module Aws::IAM
     GenerateOrganizationsAccessReportResponse.struct_class = Types::GenerateOrganizationsAccessReportResponse
 
     GenerateServiceLastAccessedDetailsRequest.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "Arn"))
+    GenerateServiceLastAccessedDetailsRequest.add_member(:granularity, Shapes::ShapeRef.new(shape: AccessAdvisorUsageGranularityType, location_name: "Granularity"))
     GenerateServiceLastAccessedDetailsRequest.struct_class = Types::GenerateServiceLastAccessedDetailsRequest
 
     GenerateServiceLastAccessedDetailsResponse.add_member(:job_id, Shapes::ShapeRef.new(shape: jobIDType, location_name: "JobId"))
@@ -993,6 +997,7 @@ module Aws::IAM
     GetServiceLastAccessedDetailsRequest.struct_class = Types::GetServiceLastAccessedDetailsRequest
 
     GetServiceLastAccessedDetailsResponse.add_member(:job_status, Shapes::ShapeRef.new(shape: jobStatusType, required: true, location_name: "JobStatus"))
+    GetServiceLastAccessedDetailsResponse.add_member(:job_type, Shapes::ShapeRef.new(shape: AccessAdvisorUsageGranularityType, location_name: "JobType"))
     GetServiceLastAccessedDetailsResponse.add_member(:job_creation_date, Shapes::ShapeRef.new(shape: dateType, required: true, location_name: "JobCreationDate"))
     GetServiceLastAccessedDetailsResponse.add_member(:services_last_accessed, Shapes::ShapeRef.new(shape: ServicesLastAccessed, required: true, location_name: "ServicesLastAccessed"))
     GetServiceLastAccessedDetailsResponse.add_member(:job_completion_date, Shapes::ShapeRef.new(shape: dateType, required: true, location_name: "JobCompletionDate"))
@@ -1626,7 +1631,9 @@ module Aws::IAM
     ServiceLastAccessed.add_member(:last_authenticated, Shapes::ShapeRef.new(shape: dateType, location_name: "LastAuthenticated"))
     ServiceLastAccessed.add_member(:service_namespace, Shapes::ShapeRef.new(shape: serviceNamespaceType, required: true, location_name: "ServiceNamespace"))
     ServiceLastAccessed.add_member(:last_authenticated_entity, Shapes::ShapeRef.new(shape: arnType, location_name: "LastAuthenticatedEntity"))
+    ServiceLastAccessed.add_member(:last_authenticated_region, Shapes::ShapeRef.new(shape: stringType, location_name: "LastAuthenticatedRegion"))
     ServiceLastAccessed.add_member(:total_authenticated_entities, Shapes::ShapeRef.new(shape: integerType, location_name: "TotalAuthenticatedEntities"))
+    ServiceLastAccessed.add_member(:tracked_actions_last_accessed, Shapes::ShapeRef.new(shape: TrackedActionsLastAccessed, location_name: "TrackedActionsLastAccessed"))
     ServiceLastAccessed.struct_class = Types::ServiceLastAccessed
 
     ServiceNotSupportedException.add_member(:message, Shapes::ShapeRef.new(shape: serviceNotSupportedMessage, location_name: "message"))
@@ -1721,6 +1728,14 @@ module Aws::IAM
     TagUserRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, required: true, location_name: "Tags"))
     TagUserRequest.struct_class = Types::TagUserRequest
 
+    TrackedActionLastAccessed.add_member(:action_name, Shapes::ShapeRef.new(shape: stringType, location_name: "ActionName"))
+    TrackedActionLastAccessed.add_member(:last_accessed_entity, Shapes::ShapeRef.new(shape: arnType, location_name: "LastAccessedEntity"))
+    TrackedActionLastAccessed.add_member(:last_accessed_time, Shapes::ShapeRef.new(shape: dateType, location_name: "LastAccessedTime"))
+    TrackedActionLastAccessed.add_member(:last_accessed_region, Shapes::ShapeRef.new(shape: stringType, location_name: "LastAccessedRegion"))
+    TrackedActionLastAccessed.struct_class = Types::TrackedActionLastAccessed
+
+    TrackedActionsLastAccessed.member = Shapes::ShapeRef.new(shape: TrackedActionLastAccessed)
+
     UnmodifiableEntityException.add_member(:message, Shapes::ShapeRef.new(shape: unmodifiableEntityMessage, location_name: "message"))
     UnmodifiableEntityException.struct_class = Types::UnmodifiableEntityException
 

data/lib/aws-sdk-iam/types.rb

@@ -3005,6 +3005,7 @@ module Aws::IAM
     #
     #       {
     #         arn: "arnType", # required
+    #         granularity: "SERVICE_LEVEL", # accepts SERVICE_LEVEL, ACTION_LEVEL
     #       }
     #
     # @!attribute [rw] arn
@@ -3013,10 +3014,21 @@ module Aws::IAM
     #   in an attempt to access an AWS service.
     #   @return [String]
     #
+    # @!attribute [rw] granularity
+    #   The level of detail that you want to generate. You can specify
+    #   whether you want to generate information about the last attempt to
+    #   access services or actions. If you specify service-level
+    #   granularity, this operation generates only service data. If you
+    #   specify action-level granularity, it generates service and action
+    #   data. If you don't include this optional parameter, the operation
+    #   generates service data.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateServiceLastAccessedDetailsRequest AWS API Documentation
     #
     class GenerateServiceLastAccessedDetailsRequest < Struct.new(
-      :arn)
+      :arn,
+      :granularity)
       include Aws::Structure
     end
 
@@ -4176,6 +4188,12 @@ module Aws::IAM
     #   The status of the job.
     #   @return [String]
     #
+    # @!attribute [rw] job_type
+    #   The type of job. Service jobs return information about when each
+    #   service was last accessed. Action jobs also include information
+    #   about when tracked actions within the service were last accessed.
+    #   @return [String]
+    #
     # @!attribute [rw] job_creation_date
     #   The date and time, in [ISO 8601 date-time format][1], when the
     #   report job was created.
@@ -4227,6 +4245,7 @@ module Aws::IAM
     #
     class GetServiceLastAccessedDetailsResponse < Struct.new(
       :job_status,
+      :job_type,
       :job_creation_date,
       :services_last_accessed,
       :job_completion_date,
@@ -9118,6 +9137,19 @@ module Aws::IAM
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
     #   @return [String]
     #
+    # @!attribute [rw] last_authenticated_region
+    #   The Region from which the authenticated entity (user or role) last
+    #   attempted to access the service. AWS does not report unauthenticated
+    #   requests.
+    #
+    #   This field is null if no IAM entities attempted to access the
+    #   service within the [reporting period][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
+    #   @return [String]
+    #
     # @!attribute [rw] total_authenticated_entities
     #   The total number of authenticated principals (root user, IAM users,
     #   or IAM roles) that have attempted to access the service.
@@ -9130,6 +9162,21 @@ module Aws::IAM
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
     #   @return [Integer]
     #
+    # @!attribute [rw] tracked_actions_last_accessed
+    #   An object that contains details about the most recent attempt to
+    #   access a tracked action within the service.
+    #
+    #   This field is null if there no tracked actions or if the principal
+    #   did not use the tracked actions within the [reporting period][1].
+    #   This field is also null if the report was generated at the service
+    #   level and not the action level. For more information, see the
+    #   `Granularity` field in GenerateServiceLastAccessedDetails.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
+    #   @return [Array<Types::TrackedActionLastAccessed>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ServiceLastAccessed AWS API Documentation
     #
     class ServiceLastAccessed < Struct.new(
@@ -9137,7 +9184,9 @@ module Aws::IAM
       :last_authenticated,
       :service_namespace,
       :last_authenticated_entity,
-      :total_authenticated_entities)
+      :last_authenticated_region,
+      :total_authenticated_entities,
+      :tracked_actions_last_accessed)
       include Aws::Structure
     end
 
@@ -9716,7 +9765,7 @@ module Aws::IAM
     #   this operation. An IAM entity can only have one permissions boundary
     #   in effect at a time. For example, if a permissions boundary is
     #   attached to an entity and you pass in a different permissions
-    #   boundary policy using this parameter, then the new permission
+    #   boundary policy using this parameter, then the new permissions
     #   boundary policy is used for the simulation. For more information
     #   about permissions boundaries, see [Permissions Boundaries for IAM
     #   Entities][1] in the *IAM User Guide*. The policy input is specified
@@ -10082,6 +10131,66 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # Contains details about the most recent attempt to access an action
+    # within the service.
+    #
+    # This data type is used as a response element in the
+    # GetServiceLastAccessedDetails operation.
+    #
+    # @!attribute [rw] action_name
+    #   The name of the tracked action to which access was attempted.
+    #   Tracked actions are actions that report activity to IAM.
+    #   @return [String]
+    #
+    # @!attribute [rw] last_accessed_entity
+    #   The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS
+    #   resources.
+    #
+    #   For more information about ARNs, go to [Amazon Resource Names (ARNs)
+    #   and AWS Service Namespaces][1] in the *AWS General Reference*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   @return [String]
+    #
+    # @!attribute [rw] last_accessed_time
+    #   The date and time, in [ISO 8601 date-time format][1], when an
+    #   authenticated entity most recently attempted to access the tracked
+    #   service. AWS does not report unauthenticated requests.
+    #
+    #   This field is null if no IAM entities attempted to access the
+    #   service within the [reporting period][2].
+    #
+    #
+    #
+    #   [1]: http://www.iso.org/iso/iso8601
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_accessed_region
+    #   The Region from which the authenticated entity (user or role) last
+    #   attempted to access the tracked action. AWS does not report
+    #   unauthenticated requests.
+    #
+    #   This field is null if no IAM entities attempted to access the
+    #   service within the [reporting period][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TrackedActionLastAccessed AWS API Documentation
+    #
+    class TrackedActionLastAccessed < Struct.new(
+      :action_name,
+      :last_accessed_entity,
+      :last_accessed_time,
+      :last_accessed_region)
+      include Aws::Structure
+    end
+
     # The request was rejected because only the service that depends on the
     # service-linked role can modify or delete the role on your behalf. The
     # error message includes the name of the service that depends on this

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-iam
 version: !ruby/object:Gem::Version
-  version: 1.38.0
+  version: 1.39.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-28 00:00:00.000000000 Z
+date: 2020-06-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core