aws-sdk-macie2 1.61.0 → 1.62.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 275c9cc60db17257285bb8268a35364c5a7f18bf1527c6176e7b333e7daecab1
-  data.tar.gz: c91081046566a6d33a50eb06cfb30f0cf0e85805e82c35b69f3f0178241ec1cc
+  metadata.gz: 0a334305c82ec04a177ce329a1bec42f25eba3959170a07ab03d401144631372
+  data.tar.gz: 65f500c1f0cf2a3159f4698711c4e78d6c1db12f6358f355527c65cef30719bb
 SHA512:
-  metadata.gz: a0ab9bd29e6f9587df10c330cdd87892d7ebcba246d177a649b5acf995b3ebb5c5b15caaceda1dba78f302ef62e2b3a5df679b906bd97a4db12cc73464dca007
-  data.tar.gz: 9a190ec6137b16974c77a352767fca134e4cbcd0e4b2e41523b7715a5128995757b2fd64857a6df67355eab8b6b0a5826243c3b57d76ed455c8d240f148144d8
+  metadata.gz: '0590156ad925a8bf515aee4989639b21049af2bc6c048c27b9833e0ea7cd08de8e463de2a25223bb4aa3e84e0edfae5ea0baf701188157ed63574e05b88f84e0'
+  data.tar.gz: efabc8d88f99b03f82181211e9065494e6770404cdb6ee63b816815af40169df4613d7c39e03e1c7b964fecdb454519ca0ed22ff689b11ba095e5799da0f32b6

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.62.0 (2023-11-16)
+------------------
+
+* Feature - This release adds support for configuring Macie to assume an IAM role when retrieving sample occurrences of sensitive data reported by findings.
+
 1.61.0 (2023-09-27)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.61.0
+1.62.0

data/lib/aws-sdk-macie2/client.rb

@@ -2294,11 +2294,15 @@ module Aws::Macie2
     # @return [Types::GetRevealConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetRevealConfigurationResponse#configuration #configuration} => Types::RevealConfiguration
+    #   * {Types::GetRevealConfigurationResponse#retrieval_configuration #retrieval_configuration} => Types::RetrievalConfiguration
     #
     # @example Response structure
     #
     #   resp.configuration.kms_key_id #=> String
     #   resp.configuration.status #=> String, one of "ENABLED", "DISABLED"
+    #   resp.retrieval_configuration.external_id #=> String
+    #   resp.retrieval_configuration.retrieval_mode #=> String, one of "CALLER_CREDENTIALS", "ASSUME_ROLE"
+    #   resp.retrieval_configuration.role_name #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetRevealConfiguration AWS API Documentation
     #
@@ -2367,7 +2371,7 @@ module Aws::Macie2
     #
     #   resp.code #=> String, one of "AVAILABLE", "UNAVAILABLE"
     #   resp.reasons #=> Array
-    #   resp.reasons[0] #=> String, one of "OBJECT_EXCEEDS_SIZE_QUOTA", "UNSUPPORTED_OBJECT_TYPE", "UNSUPPORTED_FINDING_TYPE", "INVALID_CLASSIFICATION_RESULT", "OBJECT_UNAVAILABLE"
+    #   resp.reasons[0] #=> String, one of "OBJECT_EXCEEDS_SIZE_QUOTA", "UNSUPPORTED_OBJECT_TYPE", "UNSUPPORTED_FINDING_TYPE", "INVALID_CLASSIFICATION_RESULT", "OBJECT_UNAVAILABLE", "ACCOUNT_NOT_IN_ORGANIZATION", "MISSING_GET_MEMBER_PERMISSION", "ROLE_TOO_PERMISSIVE", "MEMBER_ROLE_TOO_PERMISSIVE", "INVALID_RESULT_SIGNATURE", "RESULT_NOT_SIGNED"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetSensitiveDataOccurrencesAvailability AWS API Documentation
     #
@@ -3758,16 +3762,30 @@ module Aws::Macie2
     # occurrences of sensitive data reported by findings.
     #
     # @option params [required, Types::RevealConfiguration] :configuration
-    #   Specifies the configuration settings for retrieving occurrences of
-    #   sensitive data reported by findings, and the status of the
-    #   configuration for an Amazon Macie account. When you enable the
-    #   configuration for the first time, your request must specify an Key
-    #   Management Service (KMS) key. Otherwise, an error occurs. Macie uses
-    #   the specified key to encrypt the sensitive data that you retrieve.
+    #   Specifies the status of the Amazon Macie configuration for retrieving
+    #   occurrences of sensitive data reported by findings, and the Key
+    #   Management Service (KMS) key to use to encrypt sensitive data that's
+    #   retrieved. When you enable the configuration for the first time, your
+    #   request must specify an KMS key. Otherwise, an error occurs.
+    #
+    # @option params [Types::UpdateRetrievalConfiguration] :retrieval_configuration
+    #   Specifies the access method and settings to use when retrieving
+    #   occurrences of sensitive data reported by findings. If your request
+    #   specifies an Identity and Access Management (IAM) role to assume when
+    #   retrieving the sensitive data, Amazon Macie verifies that the role
+    #   exists and the attached policies are configured correctly. If there's
+    #   an issue, Macie returns an error. For information about addressing the
+    #   issue, see [Retrieving sensitive data samples with findings][1] in the
+    #   *Amazon Macie User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/macie/latest/user/findings-retrieve-sd.html
     #
     # @return [Types::UpdateRevealConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateRevealConfigurationResponse#configuration #configuration} => Types::RevealConfiguration
+    #   * {Types::UpdateRevealConfigurationResponse#retrieval_configuration #retrieval_configuration} => Types::RetrievalConfiguration
     #
     # @example Request syntax with placeholder values
     #
@@ -3776,12 +3794,19 @@ module Aws::Macie2
     #       kms_key_id: "__stringMin1Max2048",
     #       status: "ENABLED", # required, accepts ENABLED, DISABLED
     #     },
+    #     retrieval_configuration: {
+    #       retrieval_mode: "CALLER_CREDENTIALS", # required, accepts CALLER_CREDENTIALS, ASSUME_ROLE
+    #       role_name: "__stringMin1Max64PatternW",
+    #     },
     #   })
     #
     # @example Response structure
     #
     #   resp.configuration.kms_key_id #=> String
     #   resp.configuration.status #=> String, one of "ENABLED", "DISABLED"
+    #   resp.retrieval_configuration.external_id #=> String
+    #   resp.retrieval_configuration.retrieval_mode #=> String, one of "CALLER_CREDENTIALS", "ASSUME_ROLE"
+    #   resp.retrieval_configuration.role_name #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateRevealConfiguration AWS API Documentation
     #
@@ -3862,7 +3887,7 @@ module Aws::Macie2
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-macie2'
-      context[:gem_version] = '1.61.0'
+      context[:gem_version] = '1.62.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-macie2/client_api.rb

@@ -275,6 +275,8 @@ module Aws::Macie2
     ResourceProfileArtifact = Shapes::StructureShape.new(name: 'ResourceProfileArtifact')
     ResourceStatistics = Shapes::StructureShape.new(name: 'ResourceStatistics')
     ResourcesAffected = Shapes::StructureShape.new(name: 'ResourcesAffected')
+    RetrievalConfiguration = Shapes::StructureShape.new(name: 'RetrievalConfiguration')
+    RetrievalMode = Shapes::StringShape.new(name: 'RetrievalMode')
     RevealConfiguration = Shapes::StructureShape.new(name: 'RevealConfiguration')
     RevealRequestStatus = Shapes::StringShape.new(name: 'RevealRequestStatus')
     RevealStatus = Shapes::StringShape.new(name: 'RevealStatus')
@@ -373,6 +375,7 @@ module Aws::Macie2
     UpdateResourceProfileDetectionsResponse = Shapes::StructureShape.new(name: 'UpdateResourceProfileDetectionsResponse')
     UpdateResourceProfileRequest = Shapes::StructureShape.new(name: 'UpdateResourceProfileRequest')
     UpdateResourceProfileResponse = Shapes::StructureShape.new(name: 'UpdateResourceProfileResponse')
+    UpdateRetrievalConfiguration = Shapes::StructureShape.new(name: 'UpdateRetrievalConfiguration')
     UpdateRevealConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateRevealConfigurationRequest')
     UpdateRevealConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateRevealConfigurationResponse')
     UpdateSensitivityInspectionTemplateRequest = Shapes::StructureShape.new(name: 'UpdateSensitivityInspectionTemplateRequest')
@@ -439,6 +442,7 @@ module Aws::Macie2
     __stringMin1Max128Pattern = Shapes::StringShape.new(name: '__stringMin1Max128Pattern')
     __stringMin1Max2048 = Shapes::StringShape.new(name: '__stringMin1Max2048')
     __stringMin1Max512PatternSS = Shapes::StringShape.new(name: '__stringMin1Max512PatternSS')
+    __stringMin1Max64PatternW = Shapes::StringShape.new(name: '__stringMin1Max64PatternW')
     __stringMin22Max22PatternAZ0922 = Shapes::StringShape.new(name: '__stringMin22Max22PatternAZ0922')
     __stringMin3Max255PatternAZaZ093255 = Shapes::StringShape.new(name: '__stringMin3Max255PatternAZaZ093255')
     __stringMin71Max89PatternArnAwsAwsCnAwsUsGovMacie2AZ19920D12AllowListAZ0922 = Shapes::StringShape.new(name: '__stringMin71Max89PatternArnAwsAwsCnAwsUsGovMacie2AZ19920D12AllowListAZ0922')
@@ -1115,6 +1119,7 @@ module Aws::Macie2
     GetRevealConfigurationRequest.struct_class = Types::GetRevealConfigurationRequest
 
     GetRevealConfigurationResponse.add_member(:configuration, Shapes::ShapeRef.new(shape: RevealConfiguration, location_name: "configuration"))
+    GetRevealConfigurationResponse.add_member(:retrieval_configuration, Shapes::ShapeRef.new(shape: RetrievalConfiguration, location_name: "retrievalConfiguration"))
     GetRevealConfigurationResponse.struct_class = Types::GetRevealConfigurationResponse
 
     GetSensitiveDataOccurrencesAvailabilityRequest.add_member(:finding_id, Shapes::ShapeRef.new(shape: __string, required: true, location: "uri", location_name: "findingId"))
@@ -1491,6 +1496,11 @@ module Aws::Macie2
     ResourcesAffected.add_member(:s3_object, Shapes::ShapeRef.new(shape: S3Object, location_name: "s3Object"))
     ResourcesAffected.struct_class = Types::ResourcesAffected
 
+    RetrievalConfiguration.add_member(:external_id, Shapes::ShapeRef.new(shape: __string, location_name: "externalId"))
+    RetrievalConfiguration.add_member(:retrieval_mode, Shapes::ShapeRef.new(shape: RetrievalMode, required: true, location_name: "retrievalMode"))
+    RetrievalConfiguration.add_member(:role_name, Shapes::ShapeRef.new(shape: __stringMin1Max64PatternW, location_name: "roleName"))
+    RetrievalConfiguration.struct_class = Types::RetrievalConfiguration
+
     RevealConfiguration.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: __stringMin1Max2048, location_name: "kmsKeyId"))
     RevealConfiguration.add_member(:status, Shapes::ShapeRef.new(shape: RevealStatus, required: true, location_name: "status"))
     RevealConfiguration.struct_class = Types::RevealConfiguration
@@ -1814,10 +1824,16 @@ module Aws::Macie2
 
     UpdateResourceProfileResponse.struct_class = Types::UpdateResourceProfileResponse
 
+    UpdateRetrievalConfiguration.add_member(:retrieval_mode, Shapes::ShapeRef.new(shape: RetrievalMode, required: true, location_name: "retrievalMode"))
+    UpdateRetrievalConfiguration.add_member(:role_name, Shapes::ShapeRef.new(shape: __stringMin1Max64PatternW, location_name: "roleName"))
+    UpdateRetrievalConfiguration.struct_class = Types::UpdateRetrievalConfiguration
+
     UpdateRevealConfigurationRequest.add_member(:configuration, Shapes::ShapeRef.new(shape: RevealConfiguration, required: true, location_name: "configuration"))
+    UpdateRevealConfigurationRequest.add_member(:retrieval_configuration, Shapes::ShapeRef.new(shape: UpdateRetrievalConfiguration, location_name: "retrievalConfiguration"))
     UpdateRevealConfigurationRequest.struct_class = Types::UpdateRevealConfigurationRequest
 
     UpdateRevealConfigurationResponse.add_member(:configuration, Shapes::ShapeRef.new(shape: RevealConfiguration, location_name: "configuration"))
+    UpdateRevealConfigurationResponse.add_member(:retrieval_configuration, Shapes::ShapeRef.new(shape: RetrievalConfiguration, location_name: "retrievalConfiguration"))
     UpdateRevealConfigurationResponse.struct_class = Types::UpdateRevealConfigurationResponse
 
     UpdateSensitivityInspectionTemplateRequest.add_member(:description, Shapes::ShapeRef.new(shape: __string, location_name: "description"))

data/lib/aws-sdk-macie2/endpoint_provider.rb

@@ -32,7 +32,7 @@ module Aws::Macie2
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+            if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
               return Aws::Endpoints::Endpoint.new(url: "https://macie2-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"

data/lib/aws-sdk-macie2/types.rb

@@ -3248,18 +3248,24 @@ module Aws::Macie2
     # the configuration for an Amazon Macie account.
     #
     # @!attribute [rw] configuration
-    #   Specifies the configuration settings for retrieving occurrences of
-    #   sensitive data reported by findings, and the status of the
-    #   configuration for an Amazon Macie account. When you enable the
-    #   configuration for the first time, your request must specify an Key
-    #   Management Service (KMS) key. Otherwise, an error occurs. Macie uses
-    #   the specified key to encrypt the sensitive data that you retrieve.
+    #   Specifies the status of the Amazon Macie configuration for
+    #   retrieving occurrences of sensitive data reported by findings, and
+    #   the Key Management Service (KMS) key to use to encrypt sensitive
+    #   data that's retrieved. When you enable the configuration for the
+    #   first time, your request must specify an KMS key. Otherwise, an
+    #   error occurs.
     #   @return [Types::RevealConfiguration]
     #
+    # @!attribute [rw] retrieval_configuration
+    #   Provides information about the access method and settings that are
+    #   used to retrieve occurrences of sensitive data reported by findings.
+    #   @return [Types::RetrievalConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/GetRevealConfigurationResponse AWS API Documentation
     #
     class GetRevealConfigurationResponse < Struct.new(
-      :configuration)
+      :configuration,
+      :retrieval_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5071,12 +5077,35 @@ module Aws::Macie2
       include Aws::Structure
     end
 
-    # Specifies the configuration settings for retrieving occurrences of
-    # sensitive data reported by findings, and the status of the
-    # configuration for an Amazon Macie account. When you enable the
-    # configuration for the first time, your request must specify an Key
-    # Management Service (KMS) key. Otherwise, an error occurs. Macie uses
-    # the specified key to encrypt the sensitive data that you retrieve.
+    # Provides information about the access method and settings that are
+    # used to retrieve occurrences of sensitive data reported by findings.
+    #
+    # @!attribute [rw] external_id
+    #   @return [String]
+    #
+    # @!attribute [rw] retrieval_mode
+    #   The access method to use when retrieving occurrences of sensitive
+    #   data reported by findings. Valid values are:
+    #   @return [String]
+    #
+    # @!attribute [rw] role_name
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/RetrievalConfiguration AWS API Documentation
+    #
+    class RetrievalConfiguration < Struct.new(
+      :external_id,
+      :retrieval_mode,
+      :role_name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies the status of the Amazon Macie configuration for retrieving
+    # occurrences of sensitive data reported by findings, and the Key
+    # Management Service (KMS) key to use to encrypt sensitive data that's
+    # retrieved. When you enable the configuration for the first time, your
+    # request must specify an KMS key. Otherwise, an error occurs.
     #
     # @!attribute [rw] kms_key_id
     #   @return [String]
@@ -6615,23 +6644,75 @@ module Aws::Macie2
     #
     class UpdateResourceProfileResponse < Aws::EmptyStructure; end
 
-    # Specifies the configuration settings for retrieving occurrences of
+    # Specifies the access method and settings to use when retrieving
+    # occurrences of sensitive data reported by findings. If your request
+    # specifies an Identity and Access Management (IAM) role to assume when
+    # retrieving the sensitive data, Amazon Macie verifies that the role
+    # exists and the attached policies are configured correctly. If there's
+    # an issue, Macie returns an error. For information about addressing the
+    # issue, see [Retrieving sensitive data samples with findings][1] in the
+    # *Amazon Macie User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/macie/latest/user/findings-retrieve-sd.html
+    #
+    # @!attribute [rw] retrieval_mode
+    #   The access method to use when retrieving occurrences of sensitive
+    #   data reported by findings. Valid values are:
+    #   @return [String]
+    #
+    # @!attribute [rw] role_name
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateRetrievalConfiguration AWS API Documentation
+    #
+    class UpdateRetrievalConfiguration < Struct.new(
+      :retrieval_mode,
+      :role_name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies configuration settings for retrieving occurrences of
     # sensitive data reported by findings, and the status of the
-    # configuration for an Amazon Macie account.
+    # configuration for an Amazon Macie account. If you don't specify
+    # retrievalConfiguration values for an existing configuration, Macie
+    # sets the access method to CALLER\_CREDENTIALS. If your current access
+    # method is ASSUME\_ROLE, Macie also deletes the external ID and role
+    # name currently specified for the configuration. To keep these settings
+    # for an existing configuration, specify the current
+    # retrievalConfiguration values in your request.
     #
     # @!attribute [rw] configuration
-    #   Specifies the configuration settings for retrieving occurrences of
-    #   sensitive data reported by findings, and the status of the
-    #   configuration for an Amazon Macie account. When you enable the
-    #   configuration for the first time, your request must specify an Key
-    #   Management Service (KMS) key. Otherwise, an error occurs. Macie uses
-    #   the specified key to encrypt the sensitive data that you retrieve.
+    #   Specifies the status of the Amazon Macie configuration for
+    #   retrieving occurrences of sensitive data reported by findings, and
+    #   the Key Management Service (KMS) key to use to encrypt sensitive
+    #   data that's retrieved. When you enable the configuration for the
+    #   first time, your request must specify an KMS key. Otherwise, an
+    #   error occurs.
     #   @return [Types::RevealConfiguration]
     #
+    # @!attribute [rw] retrieval_configuration
+    #   Specifies the access method and settings to use when retrieving
+    #   occurrences of sensitive data reported by findings. If your request
+    #   specifies an Identity and Access Management (IAM) role to assume
+    #   when retrieving the sensitive data, Amazon Macie verifies that the
+    #   role exists and the attached policies are configured correctly. If
+    #   there's an issue, Macie returns an error. For information about
+    #   addressing the issue, see [Retrieving sensitive data samples with
+    #   findings][1] in the *Amazon Macie User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/macie/latest/user/findings-retrieve-sd.html
+    #   @return [Types::UpdateRetrievalConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateRevealConfigurationRequest AWS API Documentation
     #
     class UpdateRevealConfigurationRequest < Struct.new(
-      :configuration)
+      :configuration,
+      :retrieval_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6641,18 +6722,24 @@ module Aws::Macie2
     # status of the configuration for an Amazon Macie account.
     #
     # @!attribute [rw] configuration
-    #   Specifies the configuration settings for retrieving occurrences of
-    #   sensitive data reported by findings, and the status of the
-    #   configuration for an Amazon Macie account. When you enable the
-    #   configuration for the first time, your request must specify an Key
-    #   Management Service (KMS) key. Otherwise, an error occurs. Macie uses
-    #   the specified key to encrypt the sensitive data that you retrieve.
+    #   Specifies the status of the Amazon Macie configuration for
+    #   retrieving occurrences of sensitive data reported by findings, and
+    #   the Key Management Service (KMS) key to use to encrypt sensitive
+    #   data that's retrieved. When you enable the configuration for the
+    #   first time, your request must specify an KMS key. Otherwise, an
+    #   error occurs.
     #   @return [Types::RevealConfiguration]
     #
+    # @!attribute [rw] retrieval_configuration
+    #   Provides information about the access method and settings that are
+    #   used to retrieve occurrences of sensitive data reported by findings.
+    #   @return [Types::RetrievalConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/macie2-2020-01-01/UpdateRevealConfigurationResponse AWS API Documentation
     #
     class UpdateRevealConfigurationResponse < Struct.new(
-      :configuration)
+      :configuration,
+      :retrieval_configuration)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-macie2.rb

@@ -53,6 +53,6 @@ require_relative 'aws-sdk-macie2/customizations'
 # @!group service
 module Aws::Macie2
 
-  GEM_VERSION = '1.61.0'
+  GEM_VERSION = '1.62.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-macie2
 version: !ruby/object:Gem::Version
-  version: 1.61.0
+  version: 1.62.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-09-27 00:00:00.000000000 Z
+date: 2023-11-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core