aws-sdk-iam 1.38.0 → 1.39.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8e24f5a93caf9949f9b08b97e587232fa41797f17e00048e638e1333eaba553c
4
- data.tar.gz: 5df7962e93314e21ec1c6a862a899c7e11e5f24a990b65604b07aa715dde4dde
3
+ metadata.gz: '086f8194faa4dda8254d6053c3c2606092a537a46624c9d6e5a159f5506431d5'
4
+ data.tar.gz: 62e40109086cdd1bb34a6cb886329219dc781e248ba791ac83d20a87ef0d8362
5
5
  SHA512:
6
- metadata.gz: d697e388198414a3df5fa143fc3ee925a09422e9ddf4079d8865027c78d8dedc2e48fe966a80e42b48a5fe21d55040c51dd1f787a291899b70faf56f5bd7404b
7
- data.tar.gz: 87bbde85825b00a2beccf8b140282a62a96110cba5894ceb278db9580dacd6ce33f1bc7f625cc8f7d0d0facf3e5bc762d07fa0dee6c1c890670de33463f649fe
6
+ metadata.gz: 70434a577f415496951934e86db86a7653da7b5505d2f45d6532666155c1b2fc768e1eeadae1b9b35b1086c9115364b11c168b0b2d316ae3c06d560450933ba9
7
+ data.tar.gz: 284262a384e6dc7abee1508eb9604b42fe4d649b18e6c27b0b3130da0a78dcbc36307e6bf80597147169acf39dd74c766f6716fc5629a00c91d18754bb540957
@@ -67,6 +67,6 @@ require_relative 'aws-sdk-iam/customizations'
67
67
  # @service
68
68
  module Aws::IAM
69
69
 
70
- GEM_VERSION = '1.38.0'
70
+ GEM_VERSION = '1.39.0'
71
71
 
72
72
  end
@@ -3794,8 +3794,9 @@ module Aws::IAM
3794
3794
  #
3795
3795
  # </note>
3796
3796
  #
3797
- # For more information about service last accessed data, see [Reducing
3798
- # Policy Scope by Viewing User Activity][4] in the *IAM User Guide*.
3797
+ # For more information about service and action last accessed data, see
3798
+ # [Reducing Permissions Using Service Last Accessed Data][4] in the *IAM
3799
+ # User Guide*.
3799
3800
  #
3800
3801
  #
3801
3802
  #
@@ -3809,6 +3810,14 @@ module Aws::IAM
3809
3810
  # used to generate information about when the resource was last used in
3810
3811
  # an attempt to access an AWS service.
3811
3812
  #
3813
+ # @option params [String] :granularity
3814
+ # The level of detail that you want to generate. You can specify whether
3815
+ # you want to generate information about the last attempt to access
3816
+ # services or actions. If you specify service-level granularity, this
3817
+ # operation generates only service data. If you specify action-level
3818
+ # granularity, it generates service and action data. If you don't
3819
+ # include this optional parameter, the operation generates service data.
3820
+ #
3812
3821
  # @return [Types::GenerateServiceLastAccessedDetailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3813
3822
  #
3814
3823
  # * {Types::GenerateServiceLastAccessedDetailsResponse#job_id #job_id} => String
@@ -3831,6 +3840,7 @@ module Aws::IAM
3831
3840
  #
3832
3841
  # resp = client.generate_service_last_accessed_details({
3833
3842
  # arn: "arnType", # required
3843
+ # granularity: "SERVICE_LEVEL", # accepts SERVICE_LEVEL, ACTION_LEVEL
3834
3844
  # })
3835
3845
  #
3836
3846
  # @example Response structure
@@ -5404,9 +5414,19 @@ module Aws::IAM
5404
5414
  #
5405
5415
  # By default, the list is sorted by service namespace.
5406
5416
  #
5417
+ # If you specified `ACTION_LEVEL` granularity when you generated the
5418
+ # report, this operation returns service and action last accessed data.
5419
+ # This includes the most recent access attempt for each tracked action
5420
+ # within a service. Otherwise, this operation returns only service data.
5421
+ #
5422
+ # For more information about service and action last accessed data, see
5423
+ # [Reducing Permissions Using Service Last Accessed Data][2] in the *IAM
5424
+ # User Guide*.
5425
+ #
5407
5426
  #
5408
5427
  #
5409
5428
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics
5429
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html
5410
5430
  #
5411
5431
  # @option params [required, String] :job_id
5412
5432
  # The ID of the request generated by the
@@ -5435,6 +5455,7 @@ module Aws::IAM
5435
5455
  # @return [Types::GetServiceLastAccessedDetailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
5436
5456
  #
5437
5457
  # * {Types::GetServiceLastAccessedDetailsResponse#job_status #job_status} => String
5458
+ # * {Types::GetServiceLastAccessedDetailsResponse#job_type #job_type} => String
5438
5459
  # * {Types::GetServiceLastAccessedDetailsResponse#job_creation_date #job_creation_date} => Time
5439
5460
  # * {Types::GetServiceLastAccessedDetailsResponse#services_last_accessed #services_last_accessed} => Array&lt;Types::ServiceLastAccessed&gt;
5440
5461
  # * {Types::GetServiceLastAccessedDetailsResponse#job_completion_date #job_completion_date} => Time
@@ -5484,13 +5505,20 @@ module Aws::IAM
5484
5505
  # @example Response structure
5485
5506
  #
5486
5507
  # resp.job_status #=> String, one of "IN_PROGRESS", "COMPLETED", "FAILED"
5508
+ # resp.job_type #=> String, one of "SERVICE_LEVEL", "ACTION_LEVEL"
5487
5509
  # resp.job_creation_date #=> Time
5488
5510
  # resp.services_last_accessed #=> Array
5489
5511
  # resp.services_last_accessed[0].service_name #=> String
5490
5512
  # resp.services_last_accessed[0].last_authenticated #=> Time
5491
5513
  # resp.services_last_accessed[0].service_namespace #=> String
5492
5514
  # resp.services_last_accessed[0].last_authenticated_entity #=> String
5515
+ # resp.services_last_accessed[0].last_authenticated_region #=> String
5493
5516
  # resp.services_last_accessed[0].total_authenticated_entities #=> Integer
5517
+ # resp.services_last_accessed[0].tracked_actions_last_accessed #=> Array
5518
+ # resp.services_last_accessed[0].tracked_actions_last_accessed[0].action_name #=> String
5519
+ # resp.services_last_accessed[0].tracked_actions_last_accessed[0].last_accessed_entity #=> String
5520
+ # resp.services_last_accessed[0].tracked_actions_last_accessed[0].last_accessed_time #=> Time
5521
+ # resp.services_last_accessed[0].tracked_actions_last_accessed[0].last_accessed_region #=> String
5494
5522
  # resp.job_completion_date #=> Time
5495
5523
  # resp.is_truncated #=> Boolean
5496
5524
  # resp.marker #=> String
@@ -9577,7 +9605,7 @@ module Aws::IAM
9577
9605
  # operation. An IAM entity can only have one permissions boundary in
9578
9606
  # effect at a time. For example, if a permissions boundary is attached
9579
9607
  # to an entity and you pass in a different permissions boundary policy
9580
- # using this parameter, then the new permission boundary policy is used
9608
+ # using this parameter, then the new permissions boundary policy is used
9581
9609
  # for the simulation. For more information about permissions boundaries,
9582
9610
  # see [Permissions Boundaries for IAM Entities][1] in the *IAM User
9583
9611
  # Guide*. The policy input is specified as a string containing the
@@ -11533,7 +11561,7 @@ module Aws::IAM
11533
11561
  params: params,
11534
11562
  config: config)
11535
11563
  context[:gem_name] = 'aws-sdk-iam'
11536
- context[:gem_version] = '1.38.0'
11564
+ context[:gem_version] = '1.39.0'
11537
11565
  Seahorse::Client::Request.new(handlers, context)
11538
11566
  end
11539
11567
 
@@ -11,6 +11,7 @@ module Aws::IAM
11
11
 
12
12
  include Seahorse::Model
13
13
 
14
+ AccessAdvisorUsageGranularityType = Shapes::StringShape.new(name: 'AccessAdvisorUsageGranularityType')
14
15
  AccessDetail = Shapes::StructureShape.new(name: 'AccessDetail')
15
16
  AccessDetails = Shapes::ListShape.new(name: 'AccessDetails')
16
17
  AccessKey = Shapes::StructureShape.new(name: 'AccessKey')
@@ -320,6 +321,8 @@ module Aws::IAM
320
321
  Tag = Shapes::StructureShape.new(name: 'Tag')
321
322
  TagRoleRequest = Shapes::StructureShape.new(name: 'TagRoleRequest')
322
323
  TagUserRequest = Shapes::StructureShape.new(name: 'TagUserRequest')
324
+ TrackedActionLastAccessed = Shapes::StructureShape.new(name: 'TrackedActionLastAccessed')
325
+ TrackedActionsLastAccessed = Shapes::ListShape.new(name: 'TrackedActionsLastAccessed')
323
326
  UnmodifiableEntityException = Shapes::StructureShape.new(name: 'UnmodifiableEntityException')
324
327
  UnrecognizedPublicKeyEncodingException = Shapes::StructureShape.new(name: 'UnrecognizedPublicKeyEncodingException')
325
328
  UntagRoleRequest = Shapes::StructureShape.new(name: 'UntagRoleRequest')
@@ -833,6 +836,7 @@ module Aws::IAM
833
836
  GenerateOrganizationsAccessReportResponse.struct_class = Types::GenerateOrganizationsAccessReportResponse
834
837
 
835
838
  GenerateServiceLastAccessedDetailsRequest.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "Arn"))
839
+ GenerateServiceLastAccessedDetailsRequest.add_member(:granularity, Shapes::ShapeRef.new(shape: AccessAdvisorUsageGranularityType, location_name: "Granularity"))
836
840
  GenerateServiceLastAccessedDetailsRequest.struct_class = Types::GenerateServiceLastAccessedDetailsRequest
837
841
 
838
842
  GenerateServiceLastAccessedDetailsResponse.add_member(:job_id, Shapes::ShapeRef.new(shape: jobIDType, location_name: "JobId"))
@@ -993,6 +997,7 @@ module Aws::IAM
993
997
  GetServiceLastAccessedDetailsRequest.struct_class = Types::GetServiceLastAccessedDetailsRequest
994
998
 
995
999
  GetServiceLastAccessedDetailsResponse.add_member(:job_status, Shapes::ShapeRef.new(shape: jobStatusType, required: true, location_name: "JobStatus"))
1000
+ GetServiceLastAccessedDetailsResponse.add_member(:job_type, Shapes::ShapeRef.new(shape: AccessAdvisorUsageGranularityType, location_name: "JobType"))
996
1001
  GetServiceLastAccessedDetailsResponse.add_member(:job_creation_date, Shapes::ShapeRef.new(shape: dateType, required: true, location_name: "JobCreationDate"))
997
1002
  GetServiceLastAccessedDetailsResponse.add_member(:services_last_accessed, Shapes::ShapeRef.new(shape: ServicesLastAccessed, required: true, location_name: "ServicesLastAccessed"))
998
1003
  GetServiceLastAccessedDetailsResponse.add_member(:job_completion_date, Shapes::ShapeRef.new(shape: dateType, required: true, location_name: "JobCompletionDate"))
@@ -1626,7 +1631,9 @@ module Aws::IAM
1626
1631
  ServiceLastAccessed.add_member(:last_authenticated, Shapes::ShapeRef.new(shape: dateType, location_name: "LastAuthenticated"))
1627
1632
  ServiceLastAccessed.add_member(:service_namespace, Shapes::ShapeRef.new(shape: serviceNamespaceType, required: true, location_name: "ServiceNamespace"))
1628
1633
  ServiceLastAccessed.add_member(:last_authenticated_entity, Shapes::ShapeRef.new(shape: arnType, location_name: "LastAuthenticatedEntity"))
1634
+ ServiceLastAccessed.add_member(:last_authenticated_region, Shapes::ShapeRef.new(shape: stringType, location_name: "LastAuthenticatedRegion"))
1629
1635
  ServiceLastAccessed.add_member(:total_authenticated_entities, Shapes::ShapeRef.new(shape: integerType, location_name: "TotalAuthenticatedEntities"))
1636
+ ServiceLastAccessed.add_member(:tracked_actions_last_accessed, Shapes::ShapeRef.new(shape: TrackedActionsLastAccessed, location_name: "TrackedActionsLastAccessed"))
1630
1637
  ServiceLastAccessed.struct_class = Types::ServiceLastAccessed
1631
1638
 
1632
1639
  ServiceNotSupportedException.add_member(:message, Shapes::ShapeRef.new(shape: serviceNotSupportedMessage, location_name: "message"))
@@ -1721,6 +1728,14 @@ module Aws::IAM
1721
1728
  TagUserRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, required: true, location_name: "Tags"))
1722
1729
  TagUserRequest.struct_class = Types::TagUserRequest
1723
1730
 
1731
+ TrackedActionLastAccessed.add_member(:action_name, Shapes::ShapeRef.new(shape: stringType, location_name: "ActionName"))
1732
+ TrackedActionLastAccessed.add_member(:last_accessed_entity, Shapes::ShapeRef.new(shape: arnType, location_name: "LastAccessedEntity"))
1733
+ TrackedActionLastAccessed.add_member(:last_accessed_time, Shapes::ShapeRef.new(shape: dateType, location_name: "LastAccessedTime"))
1734
+ TrackedActionLastAccessed.add_member(:last_accessed_region, Shapes::ShapeRef.new(shape: stringType, location_name: "LastAccessedRegion"))
1735
+ TrackedActionLastAccessed.struct_class = Types::TrackedActionLastAccessed
1736
+
1737
+ TrackedActionsLastAccessed.member = Shapes::ShapeRef.new(shape: TrackedActionLastAccessed)
1738
+
1724
1739
  UnmodifiableEntityException.add_member(:message, Shapes::ShapeRef.new(shape: unmodifiableEntityMessage, location_name: "message"))
1725
1740
  UnmodifiableEntityException.struct_class = Types::UnmodifiableEntityException
1726
1741
 
@@ -3005,6 +3005,7 @@ module Aws::IAM
3005
3005
  #
3006
3006
  # {
3007
3007
  # arn: "arnType", # required
3008
+ # granularity: "SERVICE_LEVEL", # accepts SERVICE_LEVEL, ACTION_LEVEL
3008
3009
  # }
3009
3010
  #
3010
3011
  # @!attribute [rw] arn
@@ -3013,10 +3014,21 @@ module Aws::IAM
3013
3014
  # in an attempt to access an AWS service.
3014
3015
  # @return [String]
3015
3016
  #
3017
+ # @!attribute [rw] granularity
3018
+ # The level of detail that you want to generate. You can specify
3019
+ # whether you want to generate information about the last attempt to
3020
+ # access services or actions. If you specify service-level
3021
+ # granularity, this operation generates only service data. If you
3022
+ # specify action-level granularity, it generates service and action
3023
+ # data. If you don't include this optional parameter, the operation
3024
+ # generates service data.
3025
+ # @return [String]
3026
+ #
3016
3027
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GenerateServiceLastAccessedDetailsRequest AWS API Documentation
3017
3028
  #
3018
3029
  class GenerateServiceLastAccessedDetailsRequest < Struct.new(
3019
- :arn)
3030
+ :arn,
3031
+ :granularity)
3020
3032
  include Aws::Structure
3021
3033
  end
3022
3034
 
@@ -4176,6 +4188,12 @@ module Aws::IAM
4176
4188
  # The status of the job.
4177
4189
  # @return [String]
4178
4190
  #
4191
+ # @!attribute [rw] job_type
4192
+ # The type of job. Service jobs return information about when each
4193
+ # service was last accessed. Action jobs also include information
4194
+ # about when tracked actions within the service were last accessed.
4195
+ # @return [String]
4196
+ #
4179
4197
  # @!attribute [rw] job_creation_date
4180
4198
  # The date and time, in [ISO 8601 date-time format][1], when the
4181
4199
  # report job was created.
@@ -4227,6 +4245,7 @@ module Aws::IAM
4227
4245
  #
4228
4246
  class GetServiceLastAccessedDetailsResponse < Struct.new(
4229
4247
  :job_status,
4248
+ :job_type,
4230
4249
  :job_creation_date,
4231
4250
  :services_last_accessed,
4232
4251
  :job_completion_date,
@@ -9118,6 +9137,19 @@ module Aws::IAM
9118
9137
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
9119
9138
  # @return [String]
9120
9139
  #
9140
+ # @!attribute [rw] last_authenticated_region
9141
+ # The Region from which the authenticated entity (user or role) last
9142
+ # attempted to access the service. AWS does not report unauthenticated
9143
+ # requests.
9144
+ #
9145
+ # This field is null if no IAM entities attempted to access the
9146
+ # service within the [reporting period][1].
9147
+ #
9148
+ #
9149
+ #
9150
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
9151
+ # @return [String]
9152
+ #
9121
9153
  # @!attribute [rw] total_authenticated_entities
9122
9154
  # The total number of authenticated principals (root user, IAM users,
9123
9155
  # or IAM roles) that have attempted to access the service.
@@ -9130,6 +9162,21 @@ module Aws::IAM
9130
9162
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
9131
9163
  # @return [Integer]
9132
9164
  #
9165
+ # @!attribute [rw] tracked_actions_last_accessed
9166
+ # An object that contains details about the most recent attempt to
9167
+ # access a tracked action within the service.
9168
+ #
9169
+ # This field is null if there no tracked actions or if the principal
9170
+ # did not use the tracked actions within the [reporting period][1].
9171
+ # This field is also null if the report was generated at the service
9172
+ # level and not the action level. For more information, see the
9173
+ # `Granularity` field in GenerateServiceLastAccessedDetails.
9174
+ #
9175
+ #
9176
+ #
9177
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
9178
+ # @return [Array<Types::TrackedActionLastAccessed>]
9179
+ #
9133
9180
  # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/ServiceLastAccessed AWS API Documentation
9134
9181
  #
9135
9182
  class ServiceLastAccessed < Struct.new(
@@ -9137,7 +9184,9 @@ module Aws::IAM
9137
9184
  :last_authenticated,
9138
9185
  :service_namespace,
9139
9186
  :last_authenticated_entity,
9140
- :total_authenticated_entities)
9187
+ :last_authenticated_region,
9188
+ :total_authenticated_entities,
9189
+ :tracked_actions_last_accessed)
9141
9190
  include Aws::Structure
9142
9191
  end
9143
9192
 
@@ -9716,7 +9765,7 @@ module Aws::IAM
9716
9765
  # this operation. An IAM entity can only have one permissions boundary
9717
9766
  # in effect at a time. For example, if a permissions boundary is
9718
9767
  # attached to an entity and you pass in a different permissions
9719
- # boundary policy using this parameter, then the new permission
9768
+ # boundary policy using this parameter, then the new permissions
9720
9769
  # boundary policy is used for the simulation. For more information
9721
9770
  # about permissions boundaries, see [Permissions Boundaries for IAM
9722
9771
  # Entities][1] in the *IAM User Guide*. The policy input is specified
@@ -10082,6 +10131,66 @@ module Aws::IAM
10082
10131
  include Aws::Structure
10083
10132
  end
10084
10133
 
10134
+ # Contains details about the most recent attempt to access an action
10135
+ # within the service.
10136
+ #
10137
+ # This data type is used as a response element in the
10138
+ # GetServiceLastAccessedDetails operation.
10139
+ #
10140
+ # @!attribute [rw] action_name
10141
+ # The name of the tracked action to which access was attempted.
10142
+ # Tracked actions are actions that report activity to IAM.
10143
+ # @return [String]
10144
+ #
10145
+ # @!attribute [rw] last_accessed_entity
10146
+ # The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS
10147
+ # resources.
10148
+ #
10149
+ # For more information about ARNs, go to [Amazon Resource Names (ARNs)
10150
+ # and AWS Service Namespaces][1] in the *AWS General Reference*.
10151
+ #
10152
+ #
10153
+ #
10154
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
10155
+ # @return [String]
10156
+ #
10157
+ # @!attribute [rw] last_accessed_time
10158
+ # The date and time, in [ISO 8601 date-time format][1], when an
10159
+ # authenticated entity most recently attempted to access the tracked
10160
+ # service. AWS does not report unauthenticated requests.
10161
+ #
10162
+ # This field is null if no IAM entities attempted to access the
10163
+ # service within the [reporting period][2].
10164
+ #
10165
+ #
10166
+ #
10167
+ # [1]: http://www.iso.org/iso/iso8601
10168
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
10169
+ # @return [Time]
10170
+ #
10171
+ # @!attribute [rw] last_accessed_region
10172
+ # The Region from which the authenticated entity (user or role) last
10173
+ # attempted to access the tracked action. AWS does not report
10174
+ # unauthenticated requests.
10175
+ #
10176
+ # This field is null if no IAM entities attempted to access the
10177
+ # service within the [reporting period][1].
10178
+ #
10179
+ #
10180
+ #
10181
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period
10182
+ # @return [String]
10183
+ #
10184
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/TrackedActionLastAccessed AWS API Documentation
10185
+ #
10186
+ class TrackedActionLastAccessed < Struct.new(
10187
+ :action_name,
10188
+ :last_accessed_entity,
10189
+ :last_accessed_time,
10190
+ :last_accessed_region)
10191
+ include Aws::Structure
10192
+ end
10193
+
10085
10194
  # The request was rejected because only the service that depends on the
10086
10195
  # service-linked role can modify or delete the role on your behalf. The
10087
10196
  # error message includes the name of the service that depends on this
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-iam
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.38.0
4
+ version: 1.39.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-28 00:00:00.000000000 Z
11
+ date: 2020-06-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core