@aws-sdk/client-accessanalyzer 3.194.0 → 3.196.0

package/dist-types/models/models_0.d.ts

@@ -501,6 +501,127 @@ export interface CancelPolicyGenerationRequest {
 }
 export interface CancelPolicyGenerationResponse {
 }
+/**
+ * <p>The proposed access control configuration for an Amazon EBS volume snapshot. You can propose
+ *          a configuration for a new Amazon EBS volume snapshot or an Amazon EBS volume snapshot that you own by
+ *          specifying the user IDs, groups, and optional KMS encryption key. For more information,
+ *          see <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html">ModifySnapshotAttribute</a>.</p>
+ */
+export interface EbsSnapshotConfiguration {
+    /**
+     * <p>The IDs of the Amazon Web Services accounts that have access to the Amazon EBS volume snapshot.</p>
+     *          <ul>
+     *             <li>
+     *                <p>If the configuration is for an existing Amazon EBS volume snapshot and you do not
+     *                specify the <code>userIds</code>, then the access preview uses the existing shared
+     *                   <code>userIds</code> for the snapshot.</p>
+     *             </li>
+     *             <li>
+     *                <p>If the access preview is for a new resource and you do not specify the
+     *                   <code>userIds</code>, then the access preview considers the snapshot without any
+     *                   <code>userIds</code>.</p>
+     *             </li>
+     *             <li>
+     *                <p>To propose deletion of existing shared <code>accountIds</code>, you can specify an
+     *                empty list for <code>userIds</code>.</p>
+     *             </li>
+     *          </ul>
+     */
+    userIds?: string[];
+    /**
+     * <p>The groups that have access to the Amazon EBS volume snapshot. If the value <code>all</code>
+     *          is specified, then the Amazon EBS volume snapshot is public.</p>
+     *          <ul>
+     *             <li>
+     *                <p>If the configuration is for an existing Amazon EBS volume snapshot and you do not
+     *                specify the <code>groups</code>, then the access preview uses the existing shared
+     *                   <code>groups</code> for the snapshot.</p>
+     *             </li>
+     *             <li>
+     *                <p>If the access preview is for a new resource and you do not specify the
+     *                   <code>groups</code>, then the access preview considers the snapshot without any
+     *                   <code>groups</code>.</p>
+     *             </li>
+     *             <li>
+     *                <p>To propose deletion of existing shared <code>groups</code>, you can specify an
+     *                empty list for <code>groups</code>.</p>
+     *             </li>
+     *          </ul>
+     */
+    groups?: string[];
+    /**
+     * <p>The KMS key identifier for an encrypted Amazon EBS volume snapshot. The KMS key
+     *          identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.</p>
+     *          <ul>
+     *             <li>
+     *                <p>If the configuration is for an existing Amazon EBS volume snapshot and you do not
+     *                specify the <code>kmsKeyId</code>, or you specify an empty string, then the access
+     *                preview uses the existing <code>kmsKeyId</code> of the snapshot.</p>
+     *             </li>
+     *             <li>
+     *                <p>If the access preview is for a new resource and you do not specify the
+     *                   <code>kmsKeyId</code>, the access preview considers the snapshot as
+     *                unencrypted.</p>
+     *             </li>
+     *          </ul>
+     */
+    kmsKeyId?: string;
+}
+/**
+ * <p>The proposed access control configuration for an Amazon ECR repository. You can propose a
+ *          configuration for a new Amazon ECR repository or an existing Amazon ECR repository that you own by
+ *          specifying the Amazon ECR policy. For more information, see <a href="https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html">Repository</a>.</p>
+ *          <ul>
+ *             <li>
+ *                <p>If the configuration is for an existing Amazon ECR repository and you do not specify
+ *                the Amazon ECR policy, then the access preview uses the existing Amazon ECR policy for the
+ *                repository.</p>
+ *             </li>
+ *             <li>
+ *                <p>If the access preview is for a new resource and you do not specify the policy,
+ *                then the access preview assumes an Amazon ECR repository without a policy.</p>
+ *             </li>
+ *             <li>
+ *                <p>To propose deletion of an existing Amazon ECR repository policy, you can specify an
+ *                empty string for the Amazon ECR policy.</p>
+ *             </li>
+ *          </ul>
+ */
+export interface EcrRepositoryConfiguration {
+    /**
+     * <p>The JSON repository policy text to apply to the Amazon ECR repository. For more information,
+     *          see <a href="https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html">Private repository
+     *             policy examples</a> in the <i>Amazon ECR User Guide</i>.</p>
+     */
+    repositoryPolicy?: string;
+}
+/**
+ * <p>The proposed access control configuration for an Amazon EFS file system. You can propose a
+ *          configuration for a new Amazon EFS file system or an existing Amazon EFS file system that you own by
+ *          specifying the Amazon EFS policy. For more information, see <a href="https://docs.aws.amazon.com/efs/latest/ug/using-fs.html">Using file systems in Amazon EFS</a>.</p>
+ *          <ul>
+ *             <li>
+ *                <p>If the configuration is for an existing Amazon EFS file system and you do not specify
+ *                the Amazon EFS policy, then the access preview uses the existing Amazon EFS policy for the file
+ *                system.</p>
+ *             </li>
+ *             <li>
+ *                <p>If the access preview is for a new resource and you do not specify the policy,
+ *                then the access preview assumes an Amazon EFS file system without a policy.</p>
+ *             </li>
+ *             <li>
+ *                <p>To propose deletion of an existing Amazon EFS file system policy, you can specify an
+ *                empty string for the Amazon EFS policy.</p>
+ *             </li>
+ *          </ul>
+ */
+export interface EfsFileSystemConfiguration {
+    /**
+     * <p>The JSON policy definition to apply to the Amazon EFS file system. For more information on
+     *          the elements that make up a file system policy, see <a href="https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies">Amazon EFS Resource-based policies</a>.</p>
+     */
+    fileSystemPolicy?: string;
+}
 /**
  * <p>The proposed access control configuration for an IAM role. You can propose a
  *          configuration for a new IAM role or an existing IAM role that you own by specifying the
@@ -613,6 +734,156 @@ export interface KmsKeyConfiguration {
      */
     grants?: KmsGrantConfiguration[];
 }
+/**
+ * <p>The values for a manual Amazon RDS DB cluster snapshot attribute.</p>
+ */
+export declare type RdsDbClusterSnapshotAttributeValue = RdsDbClusterSnapshotAttributeValue.AccountIdsMember | RdsDbClusterSnapshotAttributeValue.$UnknownMember;
+export declare namespace RdsDbClusterSnapshotAttributeValue {
+    /**
+     * <p>The Amazon Web Services account IDs that have access to the manual Amazon RDS DB cluster snapshot. If the
+     *          value <code>all</code> is specified, then the Amazon RDS DB cluster snapshot is public and can
+     *          be copied or restored by all Amazon Web Services accounts.</p>
+     *          <ul>
+     *             <li>
+     *                <p>If the configuration is for an existing Amazon RDS DB cluster snapshot and you do not
+     *                specify the <code>accountIds</code> in
+     *                   <code>RdsDbClusterSnapshotAttributeValue</code>, then the access preview uses the
+     *                existing shared <code>accountIds</code> for the snapshot.</p>
+     *             </li>
+     *             <li>
+     *                <p>If the access preview is for a new resource and you do not specify the specify the
+     *                   <code>accountIds</code> in <code>RdsDbClusterSnapshotAttributeValue</code>, then
+     *                the access preview considers the snapshot without any attributes.</p>
+     *             </li>
+     *             <li>
+     *                <p>To propose deletion of existing shared <code>accountIds</code>, you can specify an
+     *                empty list for <code>accountIds</code> in the
+     *                   <code>RdsDbClusterSnapshotAttributeValue</code>.</p>
+     *             </li>
+     *          </ul>
+     */
+    interface AccountIdsMember {
+        accountIds: string[];
+        $unknown?: never;
+    }
+    interface $UnknownMember {
+        accountIds?: never;
+        $unknown: [string, any];
+    }
+    interface Visitor<T> {
+        accountIds: (value: string[]) => T;
+        _: (name: string, value: any) => T;
+    }
+    const visit: <T>(value: RdsDbClusterSnapshotAttributeValue, visitor: Visitor<T>) => T;
+}
+/**
+ * <p>The proposed access control configuration for an Amazon RDS DB cluster snapshot. You can
+ *          propose a configuration for a new Amazon RDS DB cluster snapshot or an Amazon RDS DB cluster snapshot
+ *          that you own by specifying the <code>RdsDbClusterSnapshotAttributeValue</code> and optional
+ *          KMS encryption key. For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html">ModifyDBClusterSnapshotAttribute</a>.</p>
+ */
+export interface RdsDbClusterSnapshotConfiguration {
+    /**
+     * <p>The names and values of manual DB cluster snapshot attributes. Manual DB cluster
+     *          snapshot attributes are used to authorize other Amazon Web Services accounts to restore a manual DB
+     *          cluster snapshot. The only valid value for <code>AttributeName</code> for the attribute map
+     *          is <code>restore</code>
+     *          </p>
+     */
+    attributes?: Record<string, RdsDbClusterSnapshotAttributeValue>;
+    /**
+     * <p>The KMS key identifier for an encrypted Amazon RDS DB cluster snapshot. The KMS key
+     *          identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.</p>
+     *          <ul>
+     *             <li>
+     *                <p>If the configuration is for an existing Amazon RDS DB cluster snapshot and you do not
+     *                specify the <code>kmsKeyId</code>, or you specify an empty string, then the access
+     *                preview uses the existing <code>kmsKeyId</code> of the snapshot.</p>
+     *             </li>
+     *             <li>
+     *                <p>If the access preview is for a new resource and you do not specify the specify the
+     *                   <code>kmsKeyId</code>, then the access preview considers the snapshot as
+     *                unencrypted.</p>
+     *             </li>
+     *          </ul>
+     */
+    kmsKeyId?: string;
+}
+/**
+ * <p>The name and values of a manual Amazon RDS DB snapshot attribute. Manual DB snapshot
+ *          attributes are used to authorize other Amazon Web Services accounts to restore a manual DB
+ *          snapshot.</p>
+ */
+export declare type RdsDbSnapshotAttributeValue = RdsDbSnapshotAttributeValue.AccountIdsMember | RdsDbSnapshotAttributeValue.$UnknownMember;
+export declare namespace RdsDbSnapshotAttributeValue {
+    /**
+     * <p>The Amazon Web Services account IDs that have access to the manual Amazon RDS DB snapshot. If the value
+     *             <code>all</code> is specified, then the Amazon RDS DB snapshot is public and can be copied or
+     *          restored by all Amazon Web Services accounts.</p>
+     *          <ul>
+     *             <li>
+     *                <p>If the configuration is for an existing Amazon RDS DB snapshot and you do not specify
+     *                the <code>accountIds</code> in <code>RdsDbSnapshotAttributeValue</code>, then the
+     *                access preview uses the existing shared <code>accountIds</code> for the
+     *                snapshot.</p>
+     *             </li>
+     *             <li>
+     *                <p>If the access preview is for a new resource and you do not specify the specify the
+     *                   <code>accountIds</code> in <code>RdsDbSnapshotAttributeValue</code>, then the
+     *                access preview considers the snapshot without any attributes.</p>
+     *             </li>
+     *             <li>
+     *                <p>To propose deletion of an existing shared <code>accountIds</code>, you can specify
+     *                an empty list for <code>accountIds</code> in the
+     *                   <code>RdsDbSnapshotAttributeValue</code>.</p>
+     *             </li>
+     *          </ul>
+     */
+    interface AccountIdsMember {
+        accountIds: string[];
+        $unknown?: never;
+    }
+    interface $UnknownMember {
+        accountIds?: never;
+        $unknown: [string, any];
+    }
+    interface Visitor<T> {
+        accountIds: (value: string[]) => T;
+        _: (name: string, value: any) => T;
+    }
+    const visit: <T>(value: RdsDbSnapshotAttributeValue, visitor: Visitor<T>) => T;
+}
+/**
+ * <p>The proposed access control configuration for an Amazon RDS DB snapshot. You can propose a
+ *          configuration for a new Amazon RDS DB snapshot or an Amazon RDS DB snapshot that you own by
+ *          specifying the <code>RdsDbSnapshotAttributeValue</code> and optional KMS encryption key.
+ *          For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html">ModifyDBSnapshotAttribute</a>.</p>
+ */
+export interface RdsDbSnapshotConfiguration {
+    /**
+     * <p>The names and values of manual DB snapshot attributes. Manual DB snapshot attributes are
+     *          used to authorize other Amazon Web Services accounts to restore a manual DB snapshot. The only valid
+     *          value for <code>attributeName</code> for the attribute map is restore.</p>
+     */
+    attributes?: Record<string, RdsDbSnapshotAttributeValue>;
+    /**
+     * <p>The KMS key identifier for an encrypted Amazon RDS DB snapshot. The KMS key identifier is
+     *          the key ARN, key ID, alias ARN, or alias name for the KMS key.</p>
+     *          <ul>
+     *             <li>
+     *                <p>If the configuration is for an existing Amazon RDS DB snapshot and you do not specify
+     *                the <code>kmsKeyId</code>, or you specify an empty string, then the access preview
+     *                uses the existing <code>kmsKeyId</code> of the snapshot.</p>
+     *             </li>
+     *             <li>
+     *                <p>If the access preview is for a new resource and you do not specify the specify the
+     *                   <code>kmsKeyId</code>, then the access preview considers the snapshot as
+     *                unencrypted.</p>
+     *             </li>
+     *          </ul>
+     */
+    kmsKeyId?: string;
+}
 /**
  * <p>This configuration sets the network origin for the Amazon S3 access point or multi-region
  *          access point to <code>Internet</code>.</p>
@@ -823,9 +1094,9 @@ export interface S3BucketConfiguration {
  *          deletion of an existing policy, you can specify an empty string. If the proposed
  *          configuration is for a new secret and you do not specify the KMS key ID, the access
  *          preview uses the Amazon Web Services managed key <code>aws/secretsmanager</code>. If you specify an empty
- *          string for the KMS key ID, the access preview uses the Amazon Web Services managed key of the Amazon Web Services
- *          account. For more information about secret policy limits, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html">Quotas for
- *             Secrets Manager.</a>.</p>
+ *          string for the KMS key ID, the access preview uses the Amazon Web Services managed key of the
+ *          Amazon Web Services account. For more information about secret policy limits, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html">Quotas
+ *             for Secrets Manager.</a>.</p>
  */
 export interface SecretsManagerSecretConfiguration {
     /**
@@ -837,6 +1108,24 @@ export interface SecretsManagerSecretConfiguration {
      */
     secretPolicy?: string;
 }
+/**
+ * <p>The proposed access control configuration for an Amazon SNS topic. You can propose a
+ *          configuration for a new Amazon SNS topic or an existing Amazon SNS topic that you own by specifying
+ *          the policy. If the configuration is for an existing Amazon SNS topic and you do not specify the
+ *          Amazon SNS policy, then the access preview uses the existing Amazon SNS policy for the topic. If the
+ *          access preview is for a new resource and you do not specify the policy, then the access
+ *          preview assumes an Amazon SNS topic without a policy. To propose deletion of an existing Amazon SNS
+ *          topic policy, you can specify an empty string for the Amazon SNS policy. For more information,
+ *          see <a href="https://docs.aws.amazon.com/sns/latest/api/API_Topic.html">Topic</a>.</p>
+ */
+export interface SnsTopicConfiguration {
+    /**
+     * <p>The JSON policy text that defines who can access an Amazon SNS topic. For more information,
+     *          see <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html">Example cases for Amazon SNS access control</a> in the <i>Amazon SNS Developer
+     *             Guide</i>.</p>
+     */
+    topicPolicy?: string;
+}
 /**
  * <p>The proposed access control configuration for an Amazon SQS queue. You can propose a
  *          configuration for a new Amazon SQS queue or an existing Amazon SQS queue that you own by specifying
@@ -858,16 +1147,73 @@ export interface SqsQueueConfiguration {
  * <p>Access control configuration structures for your resource. You specify the configuration
  *          as a type-value pair. You can specify only one type of access control configuration.</p>
  */
-export declare type Configuration = Configuration.IamRoleMember | Configuration.KmsKeyMember | Configuration.S3BucketMember | Configuration.SecretsManagerSecretMember | Configuration.SqsQueueMember | Configuration.$UnknownMember;
+export declare type Configuration = Configuration.EbsSnapshotMember | Configuration.EcrRepositoryMember | Configuration.EfsFileSystemMember | Configuration.IamRoleMember | Configuration.KmsKeyMember | Configuration.RdsDbClusterSnapshotMember | Configuration.RdsDbSnapshotMember | Configuration.S3BucketMember | Configuration.SecretsManagerSecretMember | Configuration.SnsTopicMember | Configuration.SqsQueueMember | Configuration.$UnknownMember;
 export declare namespace Configuration {
+    /**
+     * <p>The access control configuration is for an Amazon EBS volume snapshot.</p>
+     */
+    interface EbsSnapshotMember {
+        ebsSnapshot: EbsSnapshotConfiguration;
+        ecrRepository?: never;
+        iamRole?: never;
+        efsFileSystem?: never;
+        kmsKey?: never;
+        rdsDbClusterSnapshot?: never;
+        rdsDbSnapshot?: never;
+        secretsManagerSecret?: never;
+        s3Bucket?: never;
+        snsTopic?: never;
+        sqsQueue?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>The access control configuration is for an Amazon ECR repository.</p>
+     */
+    interface EcrRepositoryMember {
+        ebsSnapshot?: never;
+        ecrRepository: EcrRepositoryConfiguration;
+        iamRole?: never;
+        efsFileSystem?: never;
+        kmsKey?: never;
+        rdsDbClusterSnapshot?: never;
+        rdsDbSnapshot?: never;
+        secretsManagerSecret?: never;
+        s3Bucket?: never;
+        snsTopic?: never;
+        sqsQueue?: never;
+        $unknown?: never;
+    }
     /**
      * <p>The access control configuration is for an IAM role. </p>
      */
     interface IamRoleMember {
+        ebsSnapshot?: never;
+        ecrRepository?: never;
         iamRole: IamRoleConfiguration;
+        efsFileSystem?: never;
+        kmsKey?: never;
+        rdsDbClusterSnapshot?: never;
+        rdsDbSnapshot?: never;
+        secretsManagerSecret?: never;
+        s3Bucket?: never;
+        snsTopic?: never;
+        sqsQueue?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>The access control configuration is for an Amazon EFS file system.</p>
+     */
+    interface EfsFileSystemMember {
+        ebsSnapshot?: never;
+        ecrRepository?: never;
+        iamRole?: never;
+        efsFileSystem: EfsFileSystemConfiguration;
         kmsKey?: never;
+        rdsDbClusterSnapshot?: never;
+        rdsDbSnapshot?: never;
         secretsManagerSecret?: never;
         s3Bucket?: never;
+        snsTopic?: never;
         sqsQueue?: never;
         $unknown?: never;
     }
@@ -875,10 +1221,50 @@ export declare namespace Configuration {
      * <p>The access control configuration is for a KMS key. </p>
      */
     interface KmsKeyMember {
+        ebsSnapshot?: never;
+        ecrRepository?: never;
         iamRole?: never;
+        efsFileSystem?: never;
         kmsKey: KmsKeyConfiguration;
+        rdsDbClusterSnapshot?: never;
+        rdsDbSnapshot?: never;
         secretsManagerSecret?: never;
         s3Bucket?: never;
+        snsTopic?: never;
+        sqsQueue?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>The access control configuration is for an Amazon RDS DB cluster snapshot.</p>
+     */
+    interface RdsDbClusterSnapshotMember {
+        ebsSnapshot?: never;
+        ecrRepository?: never;
+        iamRole?: never;
+        efsFileSystem?: never;
+        kmsKey?: never;
+        rdsDbClusterSnapshot: RdsDbClusterSnapshotConfiguration;
+        rdsDbSnapshot?: never;
+        secretsManagerSecret?: never;
+        s3Bucket?: never;
+        snsTopic?: never;
+        sqsQueue?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>The access control configuration is for an Amazon RDS DB snapshot.</p>
+     */
+    interface RdsDbSnapshotMember {
+        ebsSnapshot?: never;
+        ecrRepository?: never;
+        iamRole?: never;
+        efsFileSystem?: never;
+        kmsKey?: never;
+        rdsDbClusterSnapshot?: never;
+        rdsDbSnapshot: RdsDbSnapshotConfiguration;
+        secretsManagerSecret?: never;
+        s3Bucket?: never;
+        snsTopic?: never;
         sqsQueue?: never;
         $unknown?: never;
     }
@@ -886,10 +1272,16 @@ export declare namespace Configuration {
      * <p>The access control configuration is for a Secrets Manager secret.</p>
      */
     interface SecretsManagerSecretMember {
+        ebsSnapshot?: never;
+        ecrRepository?: never;
         iamRole?: never;
+        efsFileSystem?: never;
         kmsKey?: never;
+        rdsDbClusterSnapshot?: never;
+        rdsDbSnapshot?: never;
         secretsManagerSecret: SecretsManagerSecretConfiguration;
         s3Bucket?: never;
+        snsTopic?: never;
         sqsQueue?: never;
         $unknown?: never;
     }
@@ -897,10 +1289,33 @@ export declare namespace Configuration {
      * <p>The access control configuration is for an Amazon S3 Bucket. </p>
      */
     interface S3BucketMember {
+        ebsSnapshot?: never;
+        ecrRepository?: never;
         iamRole?: never;
+        efsFileSystem?: never;
         kmsKey?: never;
+        rdsDbClusterSnapshot?: never;
+        rdsDbSnapshot?: never;
         secretsManagerSecret?: never;
         s3Bucket: S3BucketConfiguration;
+        snsTopic?: never;
+        sqsQueue?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>The access control configuration is for an Amazon SNS topic</p>
+     */
+    interface SnsTopicMember {
+        ebsSnapshot?: never;
+        ecrRepository?: never;
+        iamRole?: never;
+        efsFileSystem?: never;
+        kmsKey?: never;
+        rdsDbClusterSnapshot?: never;
+        rdsDbSnapshot?: never;
+        secretsManagerSecret?: never;
+        s3Bucket?: never;
+        snsTopic: SnsTopicConfiguration;
         sqsQueue?: never;
         $unknown?: never;
     }
@@ -908,26 +1323,44 @@ export declare namespace Configuration {
      * <p>The access control configuration is for an Amazon SQS queue. </p>
      */
     interface SqsQueueMember {
+        ebsSnapshot?: never;
+        ecrRepository?: never;
         iamRole?: never;
+        efsFileSystem?: never;
         kmsKey?: never;
+        rdsDbClusterSnapshot?: never;
+        rdsDbSnapshot?: never;
         secretsManagerSecret?: never;
         s3Bucket?: never;
+        snsTopic?: never;
         sqsQueue: SqsQueueConfiguration;
         $unknown?: never;
     }
     interface $UnknownMember {
+        ebsSnapshot?: never;
+        ecrRepository?: never;
         iamRole?: never;
+        efsFileSystem?: never;
         kmsKey?: never;
+        rdsDbClusterSnapshot?: never;
+        rdsDbSnapshot?: never;
         secretsManagerSecret?: never;
         s3Bucket?: never;
+        snsTopic?: never;
         sqsQueue?: never;
         $unknown: [string, any];
     }
     interface Visitor<T> {
+        ebsSnapshot: (value: EbsSnapshotConfiguration) => T;
+        ecrRepository: (value: EcrRepositoryConfiguration) => T;
         iamRole: (value: IamRoleConfiguration) => T;
+        efsFileSystem: (value: EfsFileSystemConfiguration) => T;
         kmsKey: (value: KmsKeyConfiguration) => T;
+        rdsDbClusterSnapshot: (value: RdsDbClusterSnapshotConfiguration) => T;
+        rdsDbSnapshot: (value: RdsDbSnapshotConfiguration) => T;
         secretsManagerSecret: (value: SecretsManagerSecretConfiguration) => T;
         s3Bucket: (value: S3BucketConfiguration) => T;
+        snsTopic: (value: SnsTopicConfiguration) => T;
         sqsQueue: (value: SqsQueueConfiguration) => T;
         _: (name: string, value: any) => T;
     }
@@ -1058,7 +1491,7 @@ export interface GetAnalyzedResourceRequest {
      */
     resourceArn: string | undefined;
 }
-export declare type ResourceType = "AWS::IAM::Role" | "AWS::KMS::Key" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::S3::Bucket" | "AWS::SQS::Queue" | "AWS::SecretsManager::Secret";
+export declare type ResourceType = "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::EFS::FileSystem" | "AWS::IAM::Role" | "AWS::KMS::Key" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::RDS::DBClusterSnapshot" | "AWS::RDS::DBSnapshot" | "AWS::S3::Bucket" | "AWS::SNS::Topic" | "AWS::SQS::Queue" | "AWS::SecretsManager::Secret";
 export declare type FindingStatus = "ACTIVE" | "ARCHIVED" | "RESOLVED";
 /**
  * <p>Contains details about the analyzed resource.</p>
@@ -1958,6 +2391,11 @@ export interface StartResourceScanRequest {
      * <p>The ARN of the resource to scan.</p>
      */
     resourceArn: string | undefined;
+    /**
+     * <p>The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning
+     *          account is the account in which the resource was created.</p>
+     */
+    resourceOwnerAccount?: string;
 }
 /**
  * <p>Adds a tag to the specified resource.</p>
@@ -2351,6 +2789,18 @@ export declare const CancelPolicyGenerationRequestFilterSensitiveLog: (obj: Canc
  * @internal
  */
 export declare const CancelPolicyGenerationResponseFilterSensitiveLog: (obj: CancelPolicyGenerationResponse) => any;
+/**
+ * @internal
+ */
+export declare const EbsSnapshotConfigurationFilterSensitiveLog: (obj: EbsSnapshotConfiguration) => any;
+/**
+ * @internal
+ */
+export declare const EcrRepositoryConfigurationFilterSensitiveLog: (obj: EcrRepositoryConfiguration) => any;
+/**
+ * @internal
+ */
+export declare const EfsFileSystemConfigurationFilterSensitiveLog: (obj: EfsFileSystemConfiguration) => any;
 /**
  * @internal
  */
@@ -2367,6 +2817,22 @@ export declare const KmsGrantConfigurationFilterSensitiveLog: (obj: KmsGrantConf
  * @internal
  */
 export declare const KmsKeyConfigurationFilterSensitiveLog: (obj: KmsKeyConfiguration) => any;
+/**
+ * @internal
+ */
+export declare const RdsDbClusterSnapshotAttributeValueFilterSensitiveLog: (obj: RdsDbClusterSnapshotAttributeValue) => any;
+/**
+ * @internal
+ */
+export declare const RdsDbClusterSnapshotConfigurationFilterSensitiveLog: (obj: RdsDbClusterSnapshotConfiguration) => any;
+/**
+ * @internal
+ */
+export declare const RdsDbSnapshotAttributeValueFilterSensitiveLog: (obj: RdsDbSnapshotAttributeValue) => any;
+/**
+ * @internal
+ */
+export declare const RdsDbSnapshotConfigurationFilterSensitiveLog: (obj: RdsDbSnapshotConfiguration) => any;
 /**
  * @internal
  */
@@ -2403,6 +2869,10 @@ export declare const S3BucketConfigurationFilterSensitiveLog: (obj: S3BucketConf
  * @internal
  */
 export declare const SecretsManagerSecretConfigurationFilterSensitiveLog: (obj: SecretsManagerSecretConfiguration) => any;
+/**
+ * @internal
+ */
+export declare const SnsTopicConfigurationFilterSensitiveLog: (obj: SnsTopicConfiguration) => any;
 /**
  * @internal
  */

package/dist-types/runtimeConfig.browser.d.ts

@@ -26,8 +26,10 @@ export declare const getRuntimeConfig: (config: AccessAnalyzerClientConfig) => {
     disableHostPrefix: boolean;
     logger: import("@aws-sdk/types").Logger;
     serviceId: string;
-    regionInfoProvider: import("@aws-sdk/types").RegionInfoProvider;
-    endpoint?: string | import("@aws-sdk/types").Endpoint | import("@aws-sdk/types").Provider<import("@aws-sdk/types").Endpoint> | undefined;
+    endpoint?: ((string | import("@aws-sdk/types").Endpoint | import("@aws-sdk/types").Provider<import("@aws-sdk/types").Endpoint> | import("@aws-sdk/types").EndpointV2 | import("@aws-sdk/types").Provider<import("@aws-sdk/types").EndpointV2>) & (string | import("@aws-sdk/types").Provider<string>)) | undefined;
+    endpointProvider: (endpointParams: import("./endpoint/EndpointParameters").EndpointParameters, context?: {
+        logger?: import("@aws-sdk/types").Logger | undefined;
+    }) => import("@aws-sdk/types").EndpointV2;
     tls?: boolean | undefined;
     retryStrategy?: import("@aws-sdk/types").RetryStrategy | undefined;
     credentials?: import("@aws-sdk/types").Credentials | import("@aws-sdk/types").Provider<import("@aws-sdk/types").Credentials> | undefined;

package/dist-types/runtimeConfig.d.ts

@@ -26,8 +26,10 @@ export declare const getRuntimeConfig: (config: AccessAnalyzerClientConfig) => {
     disableHostPrefix: boolean;
     logger: import("@aws-sdk/types").Logger;
     serviceId: string;
-    regionInfoProvider: import("@aws-sdk/types").RegionInfoProvider;
-    endpoint?: string | import("@aws-sdk/types").Endpoint | import("@aws-sdk/types").Provider<import("@aws-sdk/types").Endpoint> | undefined;
+    endpoint?: ((string | import("@aws-sdk/types").Endpoint | import("@aws-sdk/types").Provider<import("@aws-sdk/types").Endpoint> | import("@aws-sdk/types").EndpointV2 | import("@aws-sdk/types").Provider<import("@aws-sdk/types").EndpointV2>) & (string | import("@aws-sdk/types").Provider<string>)) | undefined;
+    endpointProvider: (endpointParams: import("./endpoint/EndpointParameters").EndpointParameters, context?: {
+        logger?: import("@aws-sdk/types").Logger | undefined;
+    }) => import("@aws-sdk/types").EndpointV2;
     tls?: boolean | undefined;
     retryStrategy?: import("@aws-sdk/types").RetryStrategy | undefined;
     credentials?: import("@aws-sdk/types").Credentials | import("@aws-sdk/types").Provider<import("@aws-sdk/types").Credentials> | undefined;

package/dist-types/runtimeConfig.native.d.ts

@@ -23,10 +23,12 @@ export declare const getRuntimeConfig: (config: AccessAnalyzerClientConfig) => {
     serviceId: string;
     region: string | import("@aws-sdk/types").Provider<any>;
     credentialDefaultProvider: (input: any) => import("@aws-sdk/types").Provider<import("@aws-sdk/types").Credentials>;
-    regionInfoProvider: import("@aws-sdk/types").RegionInfoProvider;
     defaultUserAgentProvider: import("@aws-sdk/types").Provider<import("@aws-sdk/types").UserAgent>;
     defaultsMode: import("@aws-sdk/smithy-client").DefaultsMode | import("@aws-sdk/types").Provider<import("@aws-sdk/smithy-client").DefaultsMode>;
-    endpoint?: string | import("@aws-sdk/types").Endpoint | import("@aws-sdk/types").Provider<import("@aws-sdk/types").Endpoint> | undefined;
+    endpoint?: string | (import("@aws-sdk/types").Provider<import("@aws-sdk/types").Endpoint> & import("@aws-sdk/types").Provider<string>) | (import("@aws-sdk/types").Endpoint & import("@aws-sdk/types").Provider<string>) | (import("@aws-sdk/types").EndpointV2 & import("@aws-sdk/types").Provider<string>) | (import("@aws-sdk/types").Provider<import("@aws-sdk/types").EndpointV2> & import("@aws-sdk/types").Provider<string>) | undefined;
+    endpointProvider: (endpointParams: import("./endpoint/EndpointParameters").EndpointParameters, context?: {
+        logger?: import("@aws-sdk/types").Logger | undefined;
+    }) => import("@aws-sdk/types").EndpointV2;
     tls?: boolean | undefined;
     retryStrategy?: import("@aws-sdk/types").RetryStrategy | undefined;
     credentials?: import("@aws-sdk/types").Credentials | import("@aws-sdk/types").Provider<import("@aws-sdk/types").Credentials> | undefined;