@aws-sdk/client-accessanalyzer 3.379.1 → 3.385.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist-types/models/models_0.d.ts +339 -0
  2. package/package.json +5 -5
package/dist-types/models/models_0.d.ts CHANGED
@@ -20,10 +20,12 @@ export declare class ConflictException extends __BaseException {
20
20
  readonly name: "ConflictException";
21
21
  readonly $fault: "client";
22
22
  /**
23
+ * @public
23
24
  * <p>The ID of the resource.</p>
24
25
  */
25
26
  resourceId: string | undefined;
26
27
  /**
28
+ * @public
27
29
  * <p>The resource type.</p>
28
30
  */
29
31
  resourceType: string | undefined;
@@ -40,18 +42,22 @@ export declare class ConflictException extends __BaseException {
40
42
  */
41
43
  export interface Criterion {
42
44
  /**
45
+ * @public
43
46
  * <p>An "equals" operator to match for the filter used to create the rule.</p>
44
47
  */
45
48
  eq?: string[];
46
49
  /**
50
+ * @public
47
51
  * <p>A "not equals" operator to match for the filter used to create the rule.</p>
48
52
  */
49
53
  neq?: string[];
50
54
  /**
55
+ * @public
51
56
  * <p>A "contains" operator to match for the filter used to create the rule.</p>
52
57
  */
53
58
  contains?: string[];
54
59
  /**
60
+ * @public
55
61
  * <p>An "exists" operator to match for the filter used to create the rule. </p>
56
62
  */
57
63
  exists?: boolean;
@@ -62,18 +68,22 @@ export interface Criterion {
62
68
  */
63
69
  export interface CreateArchiveRuleRequest {
64
70
  /**
71
+ * @public
65
72
  * <p>The name of the created analyzer.</p>
66
73
  */
67
74
  analyzerName: string | undefined;
68
75
  /**
76
+ * @public
69
77
  * <p>The name of the rule to create.</p>
70
78
  */
71
79
  ruleName: string | undefined;
72
80
  /**
81
+ * @public
73
82
  * <p>The criteria for the rule.</p>
74
83
  */
75
84
  filter: Record<string, Criterion> | undefined;
76
85
  /**
86
+ * @public
77
87
  * <p>A client token.</p>
78
88
  */
79
89
  clientToken?: string;
@@ -87,6 +97,7 @@ export declare class InternalServerException extends __BaseException {
87
97
  readonly $fault: "server";
88
98
  $retryable: {};
89
99
  /**
100
+ * @public
90
101
  * <p>The seconds to wait to retry.</p>
91
102
  */
92
103
  retryAfterSeconds?: number;
@@ -103,10 +114,12 @@ export declare class ResourceNotFoundException extends __BaseException {
103
114
  readonly name: "ResourceNotFoundException";
104
115
  readonly $fault: "client";
105
116
  /**
117
+ * @public
106
118
  * <p>The ID of the resource.</p>
107
119
  */
108
120
  resourceId: string | undefined;
109
121
  /**
122
+ * @public
110
123
  * <p>The type of the resource.</p>
111
124
  */
112
125
  resourceType: string | undefined;
@@ -123,10 +136,12 @@ export declare class ServiceQuotaExceededException extends __BaseException {
123
136
  readonly name: "ServiceQuotaExceededException";
124
137
  readonly $fault: "client";
125
138
  /**
139
+ * @public
126
140
  * <p>The resource ID.</p>
127
141
  */
128
142
  resourceId: string | undefined;
129
143
  /**
144
+ * @public
130
145
  * <p>The resource type.</p>
131
146
  */
132
147
  resourceType: string | undefined;
@@ -146,6 +161,7 @@ export declare class ThrottlingException extends __BaseException {
146
161
  throttling: boolean;
147
162
  };
148
163
  /**
164
+ * @public
149
165
  * <p>The seconds to wait to retry.</p>
150
166
  */
151
167
  retryAfterSeconds?: number;
@@ -160,10 +176,12 @@ export declare class ThrottlingException extends __BaseException {
160
176
  */
161
177
  export interface ValidationExceptionField {
162
178
  /**
179
+ * @public
163
180
  * <p>The name of the validation exception.</p>
164
181
  */
165
182
  name: string | undefined;
166
183
  /**
184
+ * @public
167
185
  * <p>A message about the validation exception.</p>
168
186
  */
169
187
  message: string | undefined;
@@ -190,10 +208,12 @@ export declare class ValidationException extends __BaseException {
190
208
  readonly name: "ValidationException";
191
209
  readonly $fault: "client";
192
210
  /**
211
+ * @public
193
212
  * <p>The reason for the exception.</p>
194
213
  */
195
214
  reason: ValidationExceptionReason | string | undefined;
196
215
  /**
216
+ * @public
197
217
  * <p>A list of fields that didn't validate.</p>
198
218
  */
199
219
  fieldList?: ValidationExceptionField[];
@@ -208,14 +228,17 @@ export declare class ValidationException extends __BaseException {
208
228
  */
209
229
  export interface DeleteArchiveRuleRequest {
210
230
  /**
231
+ * @public
211
232
  * <p>The name of the analyzer that associated with the archive rule to delete.</p>
212
233
  */
213
234
  analyzerName: string | undefined;
214
235
  /**
236
+ * @public
215
237
  * <p>The name of the rule to delete.</p>
216
238
  */
217
239
  ruleName: string | undefined;
218
240
  /**
241
+ * @public
219
242
  * <p>A client token.</p>
220
243
  */
221
244
  clientToken?: string;
@@ -226,10 +249,12 @@ export interface DeleteArchiveRuleRequest {
226
249
  */
227
250
  export interface GetArchiveRuleRequest {
228
251
  /**
252
+ * @public
229
253
  * <p>The name of the analyzer to retrieve rules from.</p>
230
254
  */
231
255
  analyzerName: string | undefined;
232
256
  /**
257
+ * @public
233
258
  * <p>The name of the rule to retrieve.</p>
234
259
  */
235
260
  ruleName: string | undefined;
@@ -240,18 +265,22 @@ export interface GetArchiveRuleRequest {
240
265
  */
241
266
  export interface ArchiveRuleSummary {
242
267
  /**
268
+ * @public
243
269
  * <p>The name of the archive rule.</p>
244
270
  */
245
271
  ruleName: string | undefined;
246
272
  /**
273
+ * @public
247
274
  * <p>A filter used to define the archive rule.</p>
248
275
  */
249
276
  filter: Record<string, Criterion> | undefined;
250
277
  /**
278
+ * @public
251
279
  * <p>The time at which the archive rule was created.</p>
252
280
  */
253
281
  createdAt: Date | undefined;
254
282
  /**
283
+ * @public
255
284
  * <p>The time at which the archive rule was last updated.</p>
256
285
  */
257
286
  updatedAt: Date | undefined;
@@ -262,6 +291,7 @@ export interface ArchiveRuleSummary {
262
291
  */
263
292
  export interface GetArchiveRuleResponse {
264
293
  /**
294
+ * @public
265
295
  * <p>Contains information about an archive rule.</p>
266
296
  */
267
297
  archiveRule: ArchiveRuleSummary | undefined;
@@ -272,14 +302,17 @@ export interface GetArchiveRuleResponse {
272
302
  */
273
303
  export interface ListArchiveRulesRequest {
274
304
  /**
305
+ * @public
275
306
  * <p>The name of the analyzer to retrieve rules from.</p>
276
307
  */
277
308
  analyzerName: string | undefined;
278
309
  /**
310
+ * @public
279
311
  * <p>A token used for pagination of results returned.</p>
280
312
  */
281
313
  nextToken?: string;
282
314
  /**
315
+ * @public
283
316
  * <p>The maximum number of results to return in the request.</p>
284
317
  */
285
318
  maxResults?: number;
@@ -290,10 +323,12 @@ export interface ListArchiveRulesRequest {
290
323
  */
291
324
  export interface ListArchiveRulesResponse {
292
325
  /**
326
+ * @public
293
327
  * <p>A list of archive rules created for the specified analyzer.</p>
294
328
  */
295
329
  archiveRules: ArchiveRuleSummary[] | undefined;
296
330
  /**
331
+ * @public
297
332
  * <p>A token used for pagination of results returned.</p>
298
333
  */
299
334
  nextToken?: string;
@@ -304,19 +339,23 @@ export interface ListArchiveRulesResponse {
304
339
  */
305
340
  export interface UpdateArchiveRuleRequest {
306
341
  /**
342
+ * @public
307
343
  * <p>The name of the analyzer to update the archive rules for.</p>
308
344
  */
309
345
  analyzerName: string | undefined;
310
346
  /**
347
+ * @public
311
348
  * <p>The name of the rule to update.</p>
312
349
  */
313
350
  ruleName: string | undefined;
314
351
  /**
352
+ * @public
315
353
  * <p>A filter to match for the rules to update. Only rules that match the filter are
316
354
  * updated.</p>
317
355
  */
318
356
  filter: Record<string, Criterion> | undefined;
319
357
  /**
358
+ * @public
320
359
  * <p>A client token.</p>
321
360
  */
322
361
  clientToken?: string;
@@ -328,10 +367,12 @@ export interface UpdateArchiveRuleRequest {
328
367
  */
329
368
  export interface InlineArchiveRule {
330
369
  /**
370
+ * @public
331
371
  * <p>The name of the rule.</p>
332
372
  */
333
373
  ruleName: string | undefined;
334
374
  /**
375
+ * @public
335
376
  * <p>The condition and values for a criterion.</p>
336
377
  */
337
378
  filter: Record<string, Criterion> | undefined;
@@ -346,25 +387,30 @@ export type Type = "ACCOUNT" | "ORGANIZATION";
346
387
  */
347
388
  export interface CreateAnalyzerRequest {
348
389
  /**
390
+ * @public
349
391
  * <p>The name of the analyzer to create.</p>
350
392
  */
351
393
  analyzerName: string | undefined;
352
394
  /**
395
+ * @public
353
396
  * <p>The type of analyzer to create. Only ACCOUNT and ORGANIZATION analyzers are supported.
354
397
  * You can create only one analyzer per account per Region. You can create up to 5 analyzers
355
398
  * per organization per Region.</p>
356
399
  */
357
400
  type: Type | string | undefined;
358
401
  /**
402
+ * @public
359
403
  * <p>Specifies the archive rules to add for the analyzer. Archive rules automatically archive
360
404
  * findings that meet the criteria you define for the rule.</p>
361
405
  */
362
406
  archiveRules?: InlineArchiveRule[];
363
407
  /**
408
+ * @public
364
409
  * <p>The tags to apply to the analyzer.</p>
365
410
  */
366
411
  tags?: Record<string, string>;
367
412
  /**
413
+ * @public
368
414
  * <p>A client token.</p>
369
415
  */
370
416
  clientToken?: string;
@@ -375,6 +421,7 @@ export interface CreateAnalyzerRequest {
375
421
  */
376
422
  export interface CreateAnalyzerResponse {
377
423
  /**
424
+ * @public
378
425
  * <p>The ARN of the analyzer that was created by the request.</p>
379
426
  */
380
427
  arn?: string;
@@ -385,10 +432,12 @@ export interface CreateAnalyzerResponse {
385
432
  */
386
433
  export interface DeleteAnalyzerRequest {
387
434
  /**
435
+ * @public
388
436
  * <p>The name of the analyzer to delete.</p>
389
437
  */
390
438
  analyzerName: string | undefined;
391
439
  /**
440
+ * @public
392
441
  * <p>A client token.</p>
393
442
  */
394
443
  clientToken?: string;
@@ -399,6 +448,7 @@ export interface DeleteAnalyzerRequest {
399
448
  */
400
449
  export interface GetAnalyzerRequest {
401
450
  /**
451
+ * @public
402
452
  * <p>The name of the analyzer retrieved.</p>
403
453
  */
404
454
  analyzerName: string | undefined;
@@ -420,6 +470,7 @@ export type ReasonCode = "AWS_SERVICE_ACCESS_DISABLED" | "DELEGATED_ADMINISTRATO
420
470
  */
421
471
  export interface StatusReason {
422
472
  /**
473
+ * @public
423
474
  * <p>The reason code for the current status of the analyzer.</p>
424
475
  */
425
476
  code: ReasonCode | string | undefined;
@@ -430,35 +481,43 @@ export interface StatusReason {
430
481
  */
431
482
  export interface AnalyzerSummary {
432
483
  /**
484
+ * @public
433
485
  * <p>The ARN of the analyzer.</p>
434
486
  */
435
487
  arn: string | undefined;
436
488
  /**
489
+ * @public
437
490
  * <p>The name of the analyzer.</p>
438
491
  */
439
492
  name: string | undefined;
440
493
  /**
494
+ * @public
441
495
  * <p>The type of analyzer, which corresponds to the zone of trust chosen for the
442
496
  * analyzer.</p>
443
497
  */
444
498
  type: Type | string | undefined;
445
499
  /**
500
+ * @public
446
501
  * <p>A timestamp for the time at which the analyzer was created.</p>
447
502
  */
448
503
  createdAt: Date | undefined;
449
504
  /**
505
+ * @public
450
506
  * <p>The resource that was most recently analyzed by the analyzer.</p>
451
507
  */
452
508
  lastResourceAnalyzed?: string;
453
509
  /**
510
+ * @public
454
511
  * <p>The time at which the most recently analyzed resource was analyzed.</p>
455
512
  */
456
513
  lastResourceAnalyzedAt?: Date;
457
514
  /**
515
+ * @public
458
516
  * <p>The tags added to the analyzer.</p>
459
517
  */
460
518
  tags?: Record<string, string>;
461
519
  /**
520
+ * @public
462
521
  * <p>The status of the analyzer. An <code>Active</code> analyzer successfully monitors
463
522
  * supported resources and generates new findings. The analyzer is <code>Disabled</code> when
464
523
  * a user action, such as removing trusted access for Identity and Access Management Access Analyzer from Organizations, causes
@@ -468,6 +527,7 @@ export interface AnalyzerSummary {
468
527
  */
469
528
  status: AnalyzerStatus | string | undefined;
470
529
  /**
530
+ * @public
471
531
  * <p>The <code>statusReason</code> provides more details about the current status of the
472
532
  * analyzer. For example, if the creation for the analyzer fails, a <code>Failed</code> status
473
533
  * is returned. For an analyzer with organization as the type, this failure can be due to an
@@ -482,6 +542,7 @@ export interface AnalyzerSummary {
482
542
  */
483
543
  export interface GetAnalyzerResponse {
484
544
  /**
545
+ * @public
485
546
  * <p>An <code>AnalyzerSummary</code> object that contains information about the
486
547
  * analyzer.</p>
487
548
  */
@@ -493,14 +554,17 @@ export interface GetAnalyzerResponse {
493
554
  */
494
555
  export interface ListAnalyzersRequest {
495
556
  /**
557
+ * @public
496
558
  * <p>A token used for pagination of results returned.</p>
497
559
  */
498
560
  nextToken?: string;
499
561
  /**
562
+ * @public
500
563
  * <p>The maximum number of results to return in the response.</p>
501
564
  */
502
565
  maxResults?: number;
503
566
  /**
567
+ * @public
504
568
  * <p>The type of analyzer.</p>
505
569
  */
506
570
  type?: Type | string;
@@ -511,10 +575,12 @@ export interface ListAnalyzersRequest {
511
575
  */
512
576
  export interface ListAnalyzersResponse {
513
577
  /**
578
+ * @public
514
579
  * <p>The analyzers retrieved.</p>
515
580
  */
516
581
  analyzers: AnalyzerSummary[] | undefined;
517
582
  /**
583
+ * @public
518
584
  * <p>A token used for pagination of results returned.</p>
519
585
  */
520
586
  nextToken?: string;
@@ -525,14 +591,17 @@ export interface ListAnalyzersResponse {
525
591
  */
526
592
  export interface ApplyArchiveRuleRequest {
527
593
  /**
594
+ * @public
528
595
  * <p>The Amazon resource name (ARN) of the analyzer.</p>
529
596
  */
530
597
  analyzerArn: string | undefined;
531
598
  /**
599
+ * @public
532
600
  * <p>The name of the rule to apply.</p>
533
601
  */
534
602
  ruleName: string | undefined;
535
603
  /**
604
+ * @public
536
605
  * <p>A client token.</p>
537
606
  */
538
607
  clientToken?: string;
@@ -542,6 +611,7 @@ export interface ApplyArchiveRuleRequest {
542
611
  */
543
612
  export interface CancelPolicyGenerationRequest {
544
613
  /**
614
+ * @public
545
615
  * <p>The <code>JobId</code> that is returned by the <code>StartPolicyGeneration</code>
546
616
  * operation. The <code>JobId</code> can be used with <code>GetGeneratedPolicy</code> to
547
617
  * retrieve the generated policies or used with <code>CancelPolicyGeneration</code> to cancel
@@ -563,6 +633,7 @@ export interface CancelPolicyGenerationResponse {
563
633
  */
564
634
  export interface EbsSnapshotConfiguration {
565
635
  /**
636
+ * @public
566
637
  * <p>The IDs of the Amazon Web Services accounts that have access to the Amazon EBS volume snapshot.</p>
567
638
  * <ul>
568
639
  * <li>
@@ -583,6 +654,7 @@ export interface EbsSnapshotConfiguration {
583
654
  */
584
655
  userIds?: string[];
585
656
  /**
657
+ * @public
586
658
  * <p>The groups that have access to the Amazon EBS volume snapshot. If the value <code>all</code>
587
659
  * is specified, then the Amazon EBS volume snapshot is public.</p>
588
660
  * <ul>
@@ -604,6 +676,7 @@ export interface EbsSnapshotConfiguration {
604
676
  */
605
677
  groups?: string[];
606
678
  /**
679
+ * @public
607
680
  * <p>The KMS key identifier for an encrypted Amazon EBS volume snapshot. The KMS key
608
681
  * identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.</p>
609
682
  * <ul>
@@ -644,6 +717,7 @@ export interface EbsSnapshotConfiguration {
644
717
  */
645
718
  export interface EcrRepositoryConfiguration {
646
719
  /**
720
+ * @public
647
721
  * <p>The JSON repository policy text to apply to the Amazon ECR repository. For more information,
648
722
  * see <a href="https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html">Private repository
649
723
  * policy examples</a> in the <i>Amazon ECR User Guide</i>.</p>
@@ -673,6 +747,7 @@ export interface EcrRepositoryConfiguration {
673
747
  */
674
748
  export interface EfsFileSystemConfiguration {
675
749
  /**
750
+ * @public
676
751
  * <p>The JSON policy definition to apply to the Amazon EFS file system. For more information on
677
752
  * the elements that make up a file system policy, see <a href="https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies">Amazon EFS Resource-based policies</a>.</p>
678
753
  */
@@ -691,6 +766,7 @@ export interface EfsFileSystemConfiguration {
691
766
  */
692
767
  export interface IamRoleConfiguration {
693
768
  /**
769
+ * @public
694
770
  * <p>The proposed trust policy for the IAM role.</p>
695
771
  */
696
772
  trustPolicy?: string;
@@ -705,6 +781,7 @@ export interface IamRoleConfiguration {
705
781
  */
706
782
  export interface KmsGrantConstraints {
707
783
  /**
784
+ * @public
708
785
  * <p>A list of key-value pairs that must match the encryption context in the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
709
786
  * operation</a> request. The grant allows the operation only when the encryption
710
787
  * context in the request is the same as the encryption context specified in this
@@ -712,6 +789,7 @@ export interface KmsGrantConstraints {
712
789
  */
713
790
  encryptionContextEquals?: Record<string, string>;
714
791
  /**
792
+ * @public
715
793
  * <p>A list of key-value pairs that must be included in the encryption context of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
716
794
  * operation</a> request. The grant allows the cryptographic operation only when the
717
795
  * encryption context in the request includes the key-value pairs specified in this
@@ -749,19 +827,23 @@ export type KmsGrantOperation = (typeof KmsGrantOperation)[keyof typeof KmsGrant
749
827
  */
750
828
  export interface KmsGrantConfiguration {
751
829
  /**
830
+ * @public
752
831
  * <p>A list of operations that the grant permits.</p>
753
832
  */
754
833
  operations: (KmsGrantOperation | string)[] | undefined;
755
834
  /**
835
+ * @public
756
836
  * <p>The principal that is given permission to perform the operations that the grant
757
837
  * permits.</p>
758
838
  */
759
839
  granteePrincipal: string | undefined;
760
840
  /**
841
+ * @public
761
842
  * <p>The principal that is given permission to retire the grant by using <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html">RetireGrant</a> operation.</p>
762
843
  */
763
844
  retiringPrincipal?: string;
764
845
  /**
846
+ * @public
765
847
  * <p>Use this structure to propose allowing <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
766
848
  * operations</a> in the grant only when the operation request includes the specified
767
849
  * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">encryption
@@ -769,6 +851,7 @@ export interface KmsGrantConfiguration {
769
851
  */
770
852
  constraints?: KmsGrantConstraints;
771
853
  /**
854
+ * @public
772
855
  * <p> The Amazon Web Services account under which the grant was issued. The account is used to propose
773
856
  * KMS grants issued by accounts other than the owner of the key.</p>
774
857
  */
@@ -789,12 +872,14 @@ export interface KmsGrantConfiguration {
789
872
  */
790
873
  export interface KmsKeyConfiguration {
791
874
  /**
875
+ * @public
792
876
  * <p>Resource policy configuration for the KMS key. The only valid value for the name of
793
877
  * the key policy is <code>default</code>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default">Default key
794
878
  * policy</a>.</p>
795
879
  */
796
880
  keyPolicies?: Record<string, string>;
797
881
  /**
882
+ * @public
798
883
  * <p>A list of proposed grant configurations for the KMS key. If the proposed grant
799
884
  * configuration is for an existing key, the access preview uses the proposed list of grant
800
885
  * configurations in place of the existing grants. Otherwise, the access preview uses the
@@ -812,6 +897,7 @@ export type RdsDbClusterSnapshotAttributeValue = RdsDbClusterSnapshotAttributeVa
812
897
  */
813
898
  export declare namespace RdsDbClusterSnapshotAttributeValue {
814
899
  /**
900
+ * @public
815
901
  * <p>The Amazon Web Services account IDs that have access to the manual Amazon RDS DB cluster snapshot. If the
816
902
  * value <code>all</code> is specified, then the Amazon RDS DB cluster snapshot is public and can
817
903
  * be copied or restored by all Amazon Web Services accounts.</p>
@@ -838,6 +924,9 @@ export declare namespace RdsDbClusterSnapshotAttributeValue {
838
924
  accountIds: string[];
839
925
  $unknown?: never;
840
926
  }
927
+ /**
928
+ * @public
929
+ */
841
930
  interface $UnknownMember {
842
931
  accountIds?: never;
843
932
  $unknown: [string, any];
@@ -857,6 +946,7 @@ export declare namespace RdsDbClusterSnapshotAttributeValue {
857
946
  */
858
947
  export interface RdsDbClusterSnapshotConfiguration {
859
948
  /**
949
+ * @public
860
950
  * <p>The names and values of manual DB cluster snapshot attributes. Manual DB cluster
861
951
  * snapshot attributes are used to authorize other Amazon Web Services accounts to restore a manual DB
862
952
  * cluster snapshot. The only valid value for <code>AttributeName</code> for the attribute map
@@ -865,6 +955,7 @@ export interface RdsDbClusterSnapshotConfiguration {
865
955
  */
866
956
  attributes?: Record<string, RdsDbClusterSnapshotAttributeValue>;
867
957
  /**
958
+ * @public
868
959
  * <p>The KMS key identifier for an encrypted Amazon RDS DB cluster snapshot. The KMS key
869
960
  * identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.</p>
870
961
  * <ul>
@@ -894,6 +985,7 @@ export type RdsDbSnapshotAttributeValue = RdsDbSnapshotAttributeValue.AccountIds
894
985
  */
895
986
  export declare namespace RdsDbSnapshotAttributeValue {
896
987
  /**
988
+ * @public
897
989
  * <p>The Amazon Web Services account IDs that have access to the manual Amazon RDS DB snapshot. If the value
898
990
  * <code>all</code> is specified, then the Amazon RDS DB snapshot is public and can be copied or
899
991
  * restored by all Amazon Web Services accounts.</p>
@@ -920,6 +1012,9 @@ export declare namespace RdsDbSnapshotAttributeValue {
920
1012
  accountIds: string[];
921
1013
  $unknown?: never;
922
1014
  }
1015
+ /**
1016
+ * @public
1017
+ */
923
1018
  interface $UnknownMember {
924
1019
  accountIds?: never;
925
1020
  $unknown: [string, any];
@@ -939,12 +1034,14 @@ export declare namespace RdsDbSnapshotAttributeValue {
939
1034
  */
940
1035
  export interface RdsDbSnapshotConfiguration {
941
1036
  /**
1037
+ * @public
942
1038
  * <p>The names and values of manual DB snapshot attributes. Manual DB snapshot attributes are
943
1039
  * used to authorize other Amazon Web Services accounts to restore a manual DB snapshot. The only valid
944
1040
  * value for <code>attributeName</code> for the attribute map is restore.</p>
945
1041
  */
946
1042
  attributes?: Record<string, RdsDbSnapshotAttributeValue>;
947
1043
  /**
1044
+ * @public
948
1045
  * <p>The KMS key identifier for an encrypted Amazon RDS DB snapshot. The KMS key identifier is
949
1046
  * the key ARN, key ID, alias ARN, or alias name for the KMS key.</p>
950
1047
  * <ul>
@@ -977,6 +1074,7 @@ export interface InternetConfiguration {
977
1074
  */
978
1075
  export interface VpcConfiguration {
979
1076
  /**
1077
+ * @public
980
1078
  * <p> If this field is specified, this access point will only allow connections from the
981
1079
  * specified VPC ID. </p>
982
1080
  */
@@ -998,6 +1096,7 @@ export type NetworkOriginConfiguration = NetworkOriginConfiguration.InternetConf
998
1096
  */
999
1097
  export declare namespace NetworkOriginConfiguration {
1000
1098
  /**
1099
+ * @public
1001
1100
  * <p>The proposed virtual private cloud (VPC) configuration for the Amazon S3 access point. VPC
1002
1101
  * configuration does not apply to multi-region access points. For more information, see
1003
1102
  * <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html">VpcConfiguration</a>. </p>
@@ -1008,6 +1107,7 @@ export declare namespace NetworkOriginConfiguration {
1008
1107
  $unknown?: never;
1009
1108
  }
1010
1109
  /**
1110
+ * @public
1011
1111
  * <p>The configuration for the Amazon S3 access point or multi-region access point with an
1012
1112
  * <code>Internet</code> origin.</p>
1013
1113
  */
@@ -1016,6 +1116,9 @@ export declare namespace NetworkOriginConfiguration {
1016
1116
  internetConfiguration: InternetConfiguration;
1017
1117
  $unknown?: never;
1018
1118
  }
1119
+ /**
1120
+ * @public
1121
+ */
1019
1122
  interface $UnknownMember {
1020
1123
  vpcConfiguration?: never;
1021
1124
  internetConfiguration?: never;
@@ -1040,11 +1143,13 @@ export declare namespace NetworkOriginConfiguration {
1040
1143
  */
1041
1144
  export interface S3PublicAccessBlockConfiguration {
1042
1145
  /**
1146
+ * @public
1043
1147
  * <p> Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this
1044
1148
  * bucket. </p>
1045
1149
  */
1046
1150
  ignorePublicAcls: boolean | undefined;
1047
1151
  /**
1152
+ * @public
1048
1153
  * <p> Specifies whether Amazon S3 should restrict public bucket policies for this bucket. </p>
1049
1154
  */
1050
1155
  restrictPublicBuckets: boolean | undefined;
@@ -1062,15 +1167,18 @@ export interface S3PublicAccessBlockConfiguration {
1062
1167
  */
1063
1168
  export interface S3AccessPointConfiguration {
1064
1169
  /**
1170
+ * @public
1065
1171
  * <p>The access point or multi-region access point policy.</p>
1066
1172
  */
1067
1173
  accessPointPolicy?: string;
1068
1174
  /**
1175
+ * @public
1069
1176
  * <p>The proposed <code>S3PublicAccessBlock</code> configuration to apply to this Amazon S3 access
1070
1177
  * point or multi-region access point.</p>
1071
1178
  */
1072
1179
  publicAccessBlock?: S3PublicAccessBlockConfiguration;
1073
1180
  /**
1181
+ * @public
1074
1182
  * <p>The proposed <code>Internet</code> and <code>VpcConfiguration</code> to apply to this
1075
1183
  * Amazon S3 access point. <code>VpcConfiguration</code> does not apply to multi-region access
1076
1184
  * points. If the access preview is for a new resource and neither is specified, the access
@@ -1091,6 +1199,7 @@ export type AclGrantee = AclGrantee.IdMember | AclGrantee.UriMember | AclGrantee
1091
1199
  */
1092
1200
  export declare namespace AclGrantee {
1093
1201
  /**
1202
+ * @public
1094
1203
  * <p>The value specified is the canonical user ID of an Amazon Web Services account.</p>
1095
1204
  */
1096
1205
  interface IdMember {
@@ -1099,6 +1208,7 @@ export declare namespace AclGrantee {
1099
1208
  $unknown?: never;
1100
1209
  }
1101
1210
  /**
1211
+ * @public
1102
1212
  * <p>Used for granting permissions to a predefined group.</p>
1103
1213
  */
1104
1214
  interface UriMember {
@@ -1106,6 +1216,9 @@ export declare namespace AclGrantee {
1106
1216
  uri: string;
1107
1217
  $unknown?: never;
1108
1218
  }
1219
+ /**
1220
+ * @public
1221
+ */
1109
1222
  interface $UnknownMember {
1110
1223
  id?: never;
1111
1224
  uri?: never;
@@ -1141,10 +1254,12 @@ export type AclPermission = (typeof AclPermission)[keyof typeof AclPermission];
1141
1254
  */
1142
1255
  export interface S3BucketAclGrantConfiguration {
1143
1256
  /**
1257
+ * @public
1144
1258
  * <p>The permissions being granted.</p>
1145
1259
  */
1146
1260
  permission: AclPermission | string | undefined;
1147
1261
  /**
1262
+ * @public
1148
1263
  * <p>The grantee to whom you’re assigning access rights.</p>
1149
1264
  */
1150
1265
  grantee: AclGrantee | undefined;
@@ -1164,10 +1279,12 @@ export interface S3BucketAclGrantConfiguration {
1164
1279
  */
1165
1280
  export interface S3BucketConfiguration {
1166
1281
  /**
1282
+ * @public
1167
1283
  * <p>The proposed bucket policy for the Amazon S3 bucket.</p>
1168
1284
  */
1169
1285
  bucketPolicy?: string;
1170
1286
  /**
1287
+ * @public
1171
1288
  * <p>The proposed list of ACL grants for the Amazon S3 bucket. You can propose up to 100 ACL
1172
1289
  * grants per bucket. If the proposed grant configuration is for an existing bucket, the
1173
1290
  * access preview uses the proposed list of grant configurations in place of the existing
@@ -1175,10 +1292,12 @@ export interface S3BucketConfiguration {
1175
1292
  */
1176
1293
  bucketAclGrants?: S3BucketAclGrantConfiguration[];
1177
1294
  /**
1295
+ * @public
1178
1296
  * <p>The proposed block public access configuration for the Amazon S3 bucket.</p>
1179
1297
  */
1180
1298
  bucketPublicAccessBlock?: S3PublicAccessBlockConfiguration;
1181
1299
  /**
1300
+ * @public
1182
1301
  * <p>The configuration of Amazon S3 access points or multi-region access points for the bucket.
1183
1302
  * You can propose up to 10 new access points per bucket.</p>
1184
1303
  */
@@ -1201,10 +1320,12 @@ export interface S3BucketConfiguration {
1201
1320
  */
1202
1321
  export interface SecretsManagerSecretConfiguration {
1203
1322
  /**
1323
+ * @public
1204
1324
  * <p>The proposed ARN, key ID, or alias of the KMS key.</p>
1205
1325
  */
1206
1326
  kmsKeyId?: string;
1207
1327
  /**
1328
+ * @public
1208
1329
  * <p>The proposed resource policy defining who can access or manage the secret.</p>
1209
1330
  */
1210
1331
  secretPolicy?: string;
@@ -1222,6 +1343,7 @@ export interface SecretsManagerSecretConfiguration {
1222
1343
  */
1223
1344
  export interface SnsTopicConfiguration {
1224
1345
  /**
1346
+ * @public
1225
1347
  * <p>The JSON policy text that defines who can access an Amazon SNS topic. For more information,
1226
1348
  * see <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html">Example cases for Amazon SNS access control</a> in the <i>Amazon SNS Developer
1227
1349
  * Guide</i>.</p>
@@ -1242,6 +1364,7 @@ export interface SnsTopicConfiguration {
1242
1364
  */
1243
1365
  export interface SqsQueueConfiguration {
1244
1366
  /**
1367
+ * @public
1245
1368
  * <p> The proposed resource policy for the Amazon SQS queue. </p>
1246
1369
  */
1247
1370
  queuePolicy?: string;
@@ -1257,6 +1380,7 @@ export type Configuration = Configuration.EbsSnapshotMember | Configuration.EcrR
1257
1380
  */
1258
1381
  export declare namespace Configuration {
1259
1382
  /**
1383
+ * @public
1260
1384
  * <p>The access control configuration is for an Amazon EBS volume snapshot.</p>
1261
1385
  */
1262
1386
  interface EbsSnapshotMember {
@@ -1274,6 +1398,7 @@ export declare namespace Configuration {
1274
1398
  $unknown?: never;
1275
1399
  }
1276
1400
  /**
1401
+ * @public
1277
1402
  * <p>The access control configuration is for an Amazon ECR repository.</p>
1278
1403
  */
1279
1404
  interface EcrRepositoryMember {
@@ -1291,6 +1416,7 @@ export declare namespace Configuration {
1291
1416
  $unknown?: never;
1292
1417
  }
1293
1418
  /**
1419
+ * @public
1294
1420
  * <p>The access control configuration is for an IAM role. </p>
1295
1421
  */
1296
1422
  interface IamRoleMember {
@@ -1308,6 +1434,7 @@ export declare namespace Configuration {
1308
1434
  $unknown?: never;
1309
1435
  }
1310
1436
  /**
1437
+ * @public
1311
1438
  * <p>The access control configuration is for an Amazon EFS file system.</p>
1312
1439
  */
1313
1440
  interface EfsFileSystemMember {
@@ -1325,6 +1452,7 @@ export declare namespace Configuration {
1325
1452
  $unknown?: never;
1326
1453
  }
1327
1454
  /**
1455
+ * @public
1328
1456
  * <p>The access control configuration is for a KMS key. </p>
1329
1457
  */
1330
1458
  interface KmsKeyMember {
@@ -1342,6 +1470,7 @@ export declare namespace Configuration {
1342
1470
  $unknown?: never;
1343
1471
  }
1344
1472
  /**
1473
+ * @public
1345
1474
  * <p>The access control configuration is for an Amazon RDS DB cluster snapshot.</p>
1346
1475
  */
1347
1476
  interface RdsDbClusterSnapshotMember {
@@ -1359,6 +1488,7 @@ export declare namespace Configuration {
1359
1488
  $unknown?: never;
1360
1489
  }
1361
1490
  /**
1491
+ * @public
1362
1492
  * <p>The access control configuration is for an Amazon RDS DB snapshot.</p>
1363
1493
  */
1364
1494
  interface RdsDbSnapshotMember {
@@ -1376,6 +1506,7 @@ export declare namespace Configuration {
1376
1506
  $unknown?: never;
1377
1507
  }
1378
1508
  /**
1509
+ * @public
1379
1510
  * <p>The access control configuration is for a Secrets Manager secret.</p>
1380
1511
  */
1381
1512
  interface SecretsManagerSecretMember {
@@ -1393,6 +1524,7 @@ export declare namespace Configuration {
1393
1524
  $unknown?: never;
1394
1525
  }
1395
1526
  /**
1527
+ * @public
1396
1528
  * <p>The access control configuration is for an Amazon S3 Bucket. </p>
1397
1529
  */
1398
1530
  interface S3BucketMember {
@@ -1410,6 +1542,7 @@ export declare namespace Configuration {
1410
1542
  $unknown?: never;
1411
1543
  }
1412
1544
  /**
1545
+ * @public
1413
1546
  * <p>The access control configuration is for an Amazon SNS topic</p>
1414
1547
  */
1415
1548
  interface SnsTopicMember {
@@ -1427,6 +1560,7 @@ export declare namespace Configuration {
1427
1560
  $unknown?: never;
1428
1561
  }
1429
1562
  /**
1563
+ * @public
1430
1564
  * <p>The access control configuration is for an Amazon SQS queue. </p>
1431
1565
  */
1432
1566
  interface SqsQueueMember {
@@ -1443,6 +1577,9 @@ export declare namespace Configuration {
1443
1577
  sqsQueue: SqsQueueConfiguration;
1444
1578
  $unknown?: never;
1445
1579
  }
1580
+ /**
1581
+ * @public
1582
+ */
1446
1583
  interface $UnknownMember {
1447
1584
  ebsSnapshot?: never;
1448
1585
  ecrRepository?: never;
@@ -1478,6 +1615,7 @@ export declare namespace Configuration {
1478
1615
  */
1479
1616
  export interface CreateAccessPreviewRequest {
1480
1617
  /**
1618
+ * @public
1481
1619
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
1482
1620
  * the account analyzer</a> used to generate the access preview. You can only create an
1483
1621
  * access preview for analyzers with an <code>Account</code> type and <code>Active</code>
@@ -1485,6 +1623,7 @@ export interface CreateAccessPreviewRequest {
1485
1623
  */
1486
1624
  analyzerArn: string | undefined;
1487
1625
  /**
1626
+ * @public
1488
1627
  * <p>Access control configuration for your resource that is used to generate the access
1489
1628
  * preview. The access preview includes findings for external access allowed to the resource
1490
1629
  * with the proposed access control configuration. The configuration must contain exactly one
@@ -1492,6 +1631,7 @@ export interface CreateAccessPreviewRequest {
1492
1631
  */
1493
1632
  configurations: Record<string, Configuration> | undefined;
1494
1633
  /**
1634
+ * @public
1495
1635
  * <p>A client token.</p>
1496
1636
  */
1497
1637
  clientToken?: string;
@@ -1501,6 +1641,7 @@ export interface CreateAccessPreviewRequest {
1501
1641
  */
1502
1642
  export interface CreateAccessPreviewResponse {
1503
1643
  /**
1644
+ * @public
1504
1645
  * <p>The unique ID for the access preview.</p>
1505
1646
  */
1506
1647
  id: string | undefined;
@@ -1510,10 +1651,12 @@ export interface CreateAccessPreviewResponse {
1510
1651
  */
1511
1652
  export interface GetAccessPreviewRequest {
1512
1653
  /**
1654
+ * @public
1513
1655
  * <p>The unique ID for the access preview.</p>
1514
1656
  */
1515
1657
  accessPreviewId: string | undefined;
1516
1658
  /**
1659
+ * @public
1517
1660
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
1518
1661
  * the analyzer</a> used to generate the access preview.</p>
1519
1662
  */
@@ -1553,6 +1696,7 @@ export type AccessPreviewStatusReasonCode = (typeof AccessPreviewStatusReasonCod
1553
1696
  */
1554
1697
  export interface AccessPreviewStatusReason {
1555
1698
  /**
1699
+ * @public
1556
1700
  * <p>The reason code for the current status of the access preview.</p>
1557
1701
  */
1558
1702
  code: AccessPreviewStatusReasonCode | string | undefined;
@@ -1563,22 +1707,27 @@ export interface AccessPreviewStatusReason {
1563
1707
  */
1564
1708
  export interface AccessPreview {
1565
1709
  /**
1710
+ * @public
1566
1711
  * <p>The unique ID for the access preview.</p>
1567
1712
  */
1568
1713
  id: string | undefined;
1569
1714
  /**
1715
+ * @public
1570
1716
  * <p>The ARN of the analyzer used to generate the access preview.</p>
1571
1717
  */
1572
1718
  analyzerArn: string | undefined;
1573
1719
  /**
1720
+ * @public
1574
1721
  * <p>A map of resource ARNs for the proposed resource configuration.</p>
1575
1722
  */
1576
1723
  configurations: Record<string, Configuration> | undefined;
1577
1724
  /**
1725
+ * @public
1578
1726
  * <p>The time at which the access preview was created.</p>
1579
1727
  */
1580
1728
  createdAt: Date | undefined;
1581
1729
  /**
1730
+ * @public
1582
1731
  * <p>The status of the access preview.</p>
1583
1732
  * <ul>
1584
1733
  * <li>
@@ -1598,6 +1747,7 @@ export interface AccessPreview {
1598
1747
  */
1599
1748
  status: AccessPreviewStatus | string | undefined;
1600
1749
  /**
1750
+ * @public
1601
1751
  * <p>Provides more details about the current status of the access preview.</p>
1602
1752
  * <p>For example, if the creation of the access preview fails, a <code>Failed</code> status
1603
1753
  * is returned. This failure can be due to an internal issue with the analysis or due to an
@@ -1610,6 +1760,7 @@ export interface AccessPreview {
1610
1760
  */
1611
1761
  export interface GetAccessPreviewResponse {
1612
1762
  /**
1763
+ * @public
1613
1764
  * <p>An object that contains information about the access preview.</p>
1614
1765
  */
1615
1766
  accessPreview: AccessPreview | undefined;
@@ -1620,11 +1771,13 @@ export interface GetAccessPreviewResponse {
1620
1771
  */
1621
1772
  export interface GetAnalyzedResourceRequest {
1622
1773
  /**
1774
+ * @public
1623
1775
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
1624
1776
  * the analyzer</a> to retrieve information from.</p>
1625
1777
  */
1626
1778
  analyzerArn: string | undefined;
1627
1779
  /**
1780
+ * @public
1628
1781
  * <p>The ARN of the resource to retrieve information about.</p>
1629
1782
  */
1630
1783
  resourceArn: string | undefined;
@@ -1643,49 +1796,60 @@ export type FindingStatus = "ACTIVE" | "ARCHIVED" | "RESOLVED";
1643
1796
  */
1644
1797
  export interface AnalyzedResource {
1645
1798
  /**
1799
+ * @public
1646
1800
  * <p>The ARN of the resource that was analyzed.</p>
1647
1801
  */
1648
1802
  resourceArn: string | undefined;
1649
1803
  /**
1804
+ * @public
1650
1805
  * <p>The type of the resource that was analyzed.</p>
1651
1806
  */
1652
1807
  resourceType: ResourceType | string | undefined;
1653
1808
  /**
1809
+ * @public
1654
1810
  * <p>The time at which the finding was created.</p>
1655
1811
  */
1656
1812
  createdAt: Date | undefined;
1657
1813
  /**
1814
+ * @public
1658
1815
  * <p>The time at which the resource was analyzed.</p>
1659
1816
  */
1660
1817
  analyzedAt: Date | undefined;
1661
1818
  /**
1819
+ * @public
1662
1820
  * <p>The time at which the finding was updated.</p>
1663
1821
  */
1664
1822
  updatedAt: Date | undefined;
1665
1823
  /**
1824
+ * @public
1666
1825
  * <p>Indicates whether the policy that generated the finding grants public access to the
1667
1826
  * resource.</p>
1668
1827
  */
1669
1828
  isPublic: boolean | undefined;
1670
1829
  /**
1830
+ * @public
1671
1831
  * <p>The actions that an external principal is granted permission to use by the policy that
1672
1832
  * generated the finding.</p>
1673
1833
  */
1674
1834
  actions?: string[];
1675
1835
  /**
1836
+ * @public
1676
1837
  * <p>Indicates how the access that generated the finding is granted. This is populated for
1677
1838
  * Amazon S3 bucket findings.</p>
1678
1839
  */
1679
1840
  sharedVia?: string[];
1680
1841
  /**
1842
+ * @public
1681
1843
  * <p>The current status of the finding generated from the analyzed resource.</p>
1682
1844
  */
1683
1845
  status?: FindingStatus | string;
1684
1846
  /**
1847
+ * @public
1685
1848
  * <p>The Amazon Web Services account ID that owns the resource.</p>
1686
1849
  */
1687
1850
  resourceOwnerAccount: string | undefined;
1688
1851
  /**
1852
+ * @public
1689
1853
  * <p>An error message.</p>
1690
1854
  */
1691
1855
  error?: string;
@@ -1696,6 +1860,7 @@ export interface AnalyzedResource {
1696
1860
  */
1697
1861
  export interface GetAnalyzedResourceResponse {
1698
1862
  /**
1863
+ * @public
1699
1864
  * <p>An <code>AnalyzedResource</code> object that contains information that IAM Access Analyzer
1700
1865
  * found when it analyzed the resource.</p>
1701
1866
  */
@@ -1707,11 +1872,13 @@ export interface GetAnalyzedResourceResponse {
1707
1872
  */
1708
1873
  export interface GetFindingRequest {
1709
1874
  /**
1875
+ * @public
1710
1876
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
1711
1877
  * the analyzer</a> that generated the finding.</p>
1712
1878
  */
1713
1879
  analyzerArn: string | undefined;
1714
1880
  /**
1881
+ * @public
1715
1882
  * <p>The ID of the finding to retrieve.</p>
1716
1883
  */
1717
1884
  id: string | undefined;
@@ -1723,11 +1890,13 @@ export interface GetFindingRequest {
1723
1890
  */
1724
1891
  export interface FindingSourceDetail {
1725
1892
  /**
1893
+ * @public
1726
1894
  * <p>The ARN of the access point that generated the finding. The ARN format depends on
1727
1895
  * whether the ARN represents an access point or a multi-region access point.</p>
1728
1896
  */
1729
1897
  accessPointArn?: string;
1730
1898
  /**
1899
+ * @public
1731
1900
  * <p>The account of the cross-account access point that generated the finding.</p>
1732
1901
  */
1733
1902
  accessPointAccount?: string;
@@ -1743,10 +1912,12 @@ export type FindingSourceType = "BUCKET_ACL" | "POLICY" | "S3_ACCESS_POINT" | "S
1743
1912
  */
1744
1913
  export interface FindingSource {
1745
1914
  /**
1915
+ * @public
1746
1916
  * <p>Indicates the type of access that generated the finding.</p>
1747
1917
  */
1748
1918
  type: FindingSourceType | string | undefined;
1749
1919
  /**
1920
+ * @public
1750
1921
  * <p>Includes details about how the access that generated the finding is granted. This is
1751
1922
  * populated for Amazon S3 bucket findings.</p>
1752
1923
  */
@@ -1758,60 +1929,74 @@ export interface FindingSource {
1758
1929
  */
1759
1930
  export interface Finding {
1760
1931
  /**
1932
+ * @public
1761
1933
  * <p>The ID of the finding.</p>
1762
1934
  */
1763
1935
  id: string | undefined;
1764
1936
  /**
1937
+ * @public
1765
1938
  * <p>The external principal that access to a resource within the zone of trust.</p>
1766
1939
  */
1767
1940
  principal?: Record<string, string>;
1768
1941
  /**
1942
+ * @public
1769
1943
  * <p>The action in the analyzed policy statement that an external principal has permission to
1770
1944
  * use.</p>
1771
1945
  */
1772
1946
  action?: string[];
1773
1947
  /**
1948
+ * @public
1774
1949
  * <p>The resource that an external principal has access to.</p>
1775
1950
  */
1776
1951
  resource?: string;
1777
1952
  /**
1953
+ * @public
1778
1954
  * <p>Indicates whether the policy that generated the finding allows public access to the
1779
1955
  * resource.</p>
1780
1956
  */
1781
1957
  isPublic?: boolean;
1782
1958
  /**
1959
+ * @public
1783
1960
  * <p>The type of the resource identified in the finding.</p>
1784
1961
  */
1785
1962
  resourceType: ResourceType | string | undefined;
1786
1963
  /**
1964
+ * @public
1787
1965
  * <p>The condition in the analyzed policy statement that resulted in a finding.</p>
1788
1966
  */
1789
1967
  condition: Record<string, string> | undefined;
1790
1968
  /**
1969
+ * @public
1791
1970
  * <p>The time at which the finding was generated.</p>
1792
1971
  */
1793
1972
  createdAt: Date | undefined;
1794
1973
  /**
1974
+ * @public
1795
1975
  * <p>The time at which the resource was analyzed.</p>
1796
1976
  */
1797
1977
  analyzedAt: Date | undefined;
1798
1978
  /**
1979
+ * @public
1799
1980
  * <p>The time at which the finding was updated.</p>
1800
1981
  */
1801
1982
  updatedAt: Date | undefined;
1802
1983
  /**
1984
+ * @public
1803
1985
  * <p>The current status of the finding.</p>
1804
1986
  */
1805
1987
  status: FindingStatus | string | undefined;
1806
1988
  /**
1989
+ * @public
1807
1990
  * <p>The Amazon Web Services account ID that owns the resource.</p>
1808
1991
  */
1809
1992
  resourceOwnerAccount: string | undefined;
1810
1993
  /**
1994
+ * @public
1811
1995
  * <p>An error.</p>
1812
1996
  */
1813
1997
  error?: string;
1814
1998
  /**
1999
+ * @public
1815
2000
  * <p>The sources of the finding. This indicates how the access that generated the finding is
1816
2001
  * granted. It is populated for Amazon S3 bucket findings.</p>
1817
2002
  */
@@ -1823,6 +2008,7 @@ export interface Finding {
1823
2008
  */
1824
2009
  export interface GetFindingResponse {
1825
2010
  /**
2011
+ * @public
1826
2012
  * <p>A <code>finding</code> object that contains finding details.</p>
1827
2013
  */
1828
2014
  finding?: Finding;
@@ -1832,6 +2018,7 @@ export interface GetFindingResponse {
1832
2018
  */
1833
2019
  export interface GetGeneratedPolicyRequest {
1834
2020
  /**
2021
+ * @public
1835
2022
  * <p>The <code>JobId</code> that is returned by the <code>StartPolicyGeneration</code>
1836
2023
  * operation. The <code>JobId</code> can be used with <code>GetGeneratedPolicy</code> to
1837
2024
  * retrieve the generated policies or used with <code>CancelPolicyGeneration</code> to cancel
@@ -1839,6 +2026,7 @@ export interface GetGeneratedPolicyRequest {
1839
2026
  */
1840
2027
  jobId: string | undefined;
1841
2028
  /**
2029
+ * @public
1842
2030
  * <p>The level of detail that you want to generate. You can specify whether to generate
1843
2031
  * policies with placeholders for resource ARNs for actions that support resource level
1844
2032
  * granularity in policies.</p>
@@ -1847,6 +2035,7 @@ export interface GetGeneratedPolicyRequest {
1847
2035
  */
1848
2036
  includeResourcePlaceholders?: boolean;
1849
2037
  /**
2038
+ * @public
1850
2039
  * <p>The level of detail that you want to generate. You can specify whether to generate
1851
2040
  * service-level policies. </p>
1852
2041
  * <p>IAM Access Analyzer uses <code>iam:servicelastaccessed</code> to identify services that have
@@ -1860,6 +2049,7 @@ export interface GetGeneratedPolicyRequest {
1860
2049
  */
1861
2050
  export interface GeneratedPolicy {
1862
2051
  /**
2052
+ * @public
1863
2053
  * <p>The text to use as the content for the new policy. The policy is created using the
1864
2054
  * <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html">CreatePolicy</a> action.</p>
1865
2055
  */
@@ -1871,15 +2061,18 @@ export interface GeneratedPolicy {
1871
2061
  */
1872
2062
  export interface TrailProperties {
1873
2063
  /**
2064
+ * @public
1874
2065
  * <p>Specifies the ARN of the trail. The format of a trail ARN is
1875
2066
  * <code>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</code>.</p>
1876
2067
  */
1877
2068
  cloudTrailArn: string | undefined;
1878
2069
  /**
2070
+ * @public
1879
2071
  * <p>A list of regions to get CloudTrail data from and analyze to generate a policy.</p>
1880
2072
  */
1881
2073
  regions?: string[];
1882
2074
  /**
2075
+ * @public
1883
2076
  * <p>Possible values are <code>true</code> or <code>false</code>. If set to
1884
2077
  * <code>true</code>, IAM Access Analyzer retrieves CloudTrail data from all regions to analyze and
1885
2078
  * generate a policy.</p>
@@ -1892,16 +2085,19 @@ export interface TrailProperties {
1892
2085
  */
1893
2086
  export interface CloudTrailProperties {
1894
2087
  /**
2088
+ * @public
1895
2089
  * <p>A <code>TrailProperties</code> object that contains settings for trail
1896
2090
  * properties.</p>
1897
2091
  */
1898
2092
  trailProperties: TrailProperties[] | undefined;
1899
2093
  /**
2094
+ * @public
1900
2095
  * <p>The start of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events
1901
2096
  * with a timestamp before this time are not considered to generate a policy.</p>
1902
2097
  */
1903
2098
  startTime: Date | undefined;
1904
2099
  /**
2100
+ * @public
1905
2101
  * <p>The end of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with
1906
2102
  * a timestamp after this time are not considered to generate a policy. If this is not
1907
2103
  * included in the request, the default value is the current time.</p>
@@ -1914,16 +2110,19 @@ export interface CloudTrailProperties {
1914
2110
  */
1915
2111
  export interface GeneratedPolicyProperties {
1916
2112
  /**
2113
+ * @public
1917
2114
  * <p>This value is set to <code>true</code> if the generated policy contains all possible
1918
2115
  * actions for a service that IAM Access Analyzer identified from the CloudTrail trail that you specified,
1919
2116
  * and <code>false</code> otherwise.</p>
1920
2117
  */
1921
2118
  isComplete?: boolean;
1922
2119
  /**
2120
+ * @public
1923
2121
  * <p>The ARN of the IAM entity (user or role) for which you are generating a policy.</p>
1924
2122
  */
1925
2123
  principalArn: string | undefined;
1926
2124
  /**
2125
+ * @public
1927
2126
  * <p>Lists details about the <code>Trail</code> used to generated policy.</p>
1928
2127
  */
1929
2128
  cloudTrailProperties?: CloudTrailProperties;
@@ -1934,11 +2133,13 @@ export interface GeneratedPolicyProperties {
1934
2133
  */
1935
2134
  export interface GeneratedPolicyResult {
1936
2135
  /**
2136
+ * @public
1937
2137
  * <p>A <code>GeneratedPolicyProperties</code> object that contains properties of the
1938
2138
  * generated policy.</p>
1939
2139
  */
1940
2140
  properties: GeneratedPolicyProperties | undefined;
1941
2141
  /**
2142
+ * @public
1942
2143
  * <p>The text to use as the content for the new policy. The policy is created using the
1943
2144
  * <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html">CreatePolicy</a> action.</p>
1944
2145
  */
@@ -1964,10 +2165,12 @@ export type JobErrorCode = (typeof JobErrorCode)[keyof typeof JobErrorCode];
1964
2165
  */
1965
2166
  export interface JobError {
1966
2167
  /**
2168
+ * @public
1967
2169
  * <p>The job error code.</p>
1968
2170
  */
1969
2171
  code: JobErrorCode | string | undefined;
1970
2172
  /**
2173
+ * @public
1971
2174
  * <p>Specific information about the error. For example, which service quota was exceeded or
1972
2175
  * which resource was not found.</p>
1973
2176
  */
@@ -1993,6 +2196,7 @@ export type JobStatus = (typeof JobStatus)[keyof typeof JobStatus];
1993
2196
  */
1994
2197
  export interface JobDetails {
1995
2198
  /**
2199
+ * @public
1996
2200
  * <p>The <code>JobId</code> that is returned by the <code>StartPolicyGeneration</code>
1997
2201
  * operation. The <code>JobId</code> can be used with <code>GetGeneratedPolicy</code> to
1998
2202
  * retrieve the generated policies or used with <code>CancelPolicyGeneration</code> to cancel
@@ -2000,18 +2204,22 @@ export interface JobDetails {
2000
2204
  */
2001
2205
  jobId: string | undefined;
2002
2206
  /**
2207
+ * @public
2003
2208
  * <p>The status of the job request.</p>
2004
2209
  */
2005
2210
  status: JobStatus | string | undefined;
2006
2211
  /**
2212
+ * @public
2007
2213
  * <p>A timestamp of when the job was started.</p>
2008
2214
  */
2009
2215
  startedOn: Date | undefined;
2010
2216
  /**
2217
+ * @public
2011
2218
  * <p>A timestamp of when the job was completed.</p>
2012
2219
  */
2013
2220
  completedOn?: Date;
2014
2221
  /**
2222
+ * @public
2015
2223
  * <p>The job error for the policy generation request.</p>
2016
2224
  */
2017
2225
  jobError?: JobError;
@@ -2021,11 +2229,13 @@ export interface JobDetails {
2021
2229
  */
2022
2230
  export interface GetGeneratedPolicyResponse {
2023
2231
  /**
2232
+ * @public
2024
2233
  * <p>A <code>GeneratedPolicyDetails</code> object that contains details about the generated
2025
2234
  * policy.</p>
2026
2235
  */
2027
2236
  jobDetails: JobDetails | undefined;
2028
2237
  /**
2238
+ * @public
2029
2239
  * <p>A <code>GeneratedPolicyResult</code> object that contains the generated policies and
2030
2240
  * associated details.</p>
2031
2241
  */
@@ -2036,23 +2246,28 @@ export interface GetGeneratedPolicyResponse {
2036
2246
  */
2037
2247
  export interface ListAccessPreviewFindingsRequest {
2038
2248
  /**
2249
+ * @public
2039
2250
  * <p>The unique ID for the access preview.</p>
2040
2251
  */
2041
2252
  accessPreviewId: string | undefined;
2042
2253
  /**
2254
+ * @public
2043
2255
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
2044
2256
  * the analyzer</a> used to generate the access.</p>
2045
2257
  */
2046
2258
  analyzerArn: string | undefined;
2047
2259
  /**
2260
+ * @public
2048
2261
  * <p>Criteria to filter the returned findings.</p>
2049
2262
  */
2050
2263
  filter?: Record<string, Criterion>;
2051
2264
  /**
2265
+ * @public
2052
2266
  * <p>A token used for pagination of results returned.</p>
2053
2267
  */
2054
2268
  nextToken?: string;
2055
2269
  /**
2270
+ * @public
2056
2271
  * <p>The maximum number of results to return in the response.</p>
2057
2272
  */
2058
2273
  maxResults?: number;
@@ -2076,52 +2291,63 @@ export type FindingChangeType = (typeof FindingChangeType)[keyof typeof FindingC
2076
2291
  */
2077
2292
  export interface AccessPreviewFinding {
2078
2293
  /**
2294
+ * @public
2079
2295
  * <p>The ID of the access preview finding. This ID uniquely identifies the element in the
2080
2296
  * list of access preview findings and is not related to the finding ID in Access
2081
2297
  * Analyzer.</p>
2082
2298
  */
2083
2299
  id: string | undefined;
2084
2300
  /**
2301
+ * @public
2085
2302
  * <p>The existing ID of the finding in IAM Access Analyzer, provided only for existing
2086
2303
  * findings.</p>
2087
2304
  */
2088
2305
  existingFindingId?: string;
2089
2306
  /**
2307
+ * @public
2090
2308
  * <p>The existing status of the finding, provided only for existing findings.</p>
2091
2309
  */
2092
2310
  existingFindingStatus?: FindingStatus | string;
2093
2311
  /**
2312
+ * @public
2094
2313
  * <p>The external principal that has access to a resource within the zone of trust.</p>
2095
2314
  */
2096
2315
  principal?: Record<string, string>;
2097
2316
  /**
2317
+ * @public
2098
2318
  * <p>The action in the analyzed policy statement that an external principal has permission to
2099
2319
  * perform.</p>
2100
2320
  */
2101
2321
  action?: string[];
2102
2322
  /**
2323
+ * @public
2103
2324
  * <p>The condition in the analyzed policy statement that resulted in a finding.</p>
2104
2325
  */
2105
2326
  condition?: Record<string, string>;
2106
2327
  /**
2328
+ * @public
2107
2329
  * <p>The resource that an external principal has access to. This is the resource associated
2108
2330
  * with the access preview.</p>
2109
2331
  */
2110
2332
  resource?: string;
2111
2333
  /**
2334
+ * @public
2112
2335
  * <p>Indicates whether the policy that generated the finding allows public access to the
2113
2336
  * resource.</p>
2114
2337
  */
2115
2338
  isPublic?: boolean;
2116
2339
  /**
2340
+ * @public
2117
2341
  * <p>The type of the resource that can be accessed in the finding.</p>
2118
2342
  */
2119
2343
  resourceType: ResourceType | string | undefined;
2120
2344
  /**
2345
+ * @public
2121
2346
  * <p>The time at which the access preview finding was created.</p>
2122
2347
  */
2123
2348
  createdAt: Date | undefined;
2124
2349
  /**
2350
+ * @public
2125
2351
  * <p>Provides context on how the access preview finding compares to existing access
2126
2352
  * identified in IAM Access Analyzer.</p>
2127
2353
  * <ul>
@@ -2146,6 +2372,7 @@ export interface AccessPreviewFinding {
2146
2372
  */
2147
2373
  changeType: FindingChangeType | string | undefined;
2148
2374
  /**
2375
+ * @public
2149
2376
  * <p>The preview status of the finding. This is what the status of the finding would be after
2150
2377
  * permissions deployment. For example, a <code>Changed</code> finding with preview status
2151
2378
  * <code>Resolved</code> and existing status <code>Active</code> indicates the existing
@@ -2154,15 +2381,18 @@ export interface AccessPreviewFinding {
2154
2381
  */
2155
2382
  status: FindingStatus | string | undefined;
2156
2383
  /**
2384
+ * @public
2157
2385
  * <p>The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning
2158
2386
  * account is the account in which the resource was created.</p>
2159
2387
  */
2160
2388
  resourceOwnerAccount: string | undefined;
2161
2389
  /**
2390
+ * @public
2162
2391
  * <p>An error.</p>
2163
2392
  */
2164
2393
  error?: string;
2165
2394
  /**
2395
+ * @public
2166
2396
  * <p>The sources of the finding. This indicates how the access that generated the finding is
2167
2397
  * granted. It is populated for Amazon S3 bucket findings.</p>
2168
2398
  */
@@ -2173,10 +2403,12 @@ export interface AccessPreviewFinding {
2173
2403
  */
2174
2404
  export interface ListAccessPreviewFindingsResponse {
2175
2405
  /**
2406
+ * @public
2176
2407
  * <p>A list of access preview findings that match the specified filter criteria.</p>
2177
2408
  */
2178
2409
  findings: AccessPreviewFinding[] | undefined;
2179
2410
  /**
2411
+ * @public
2180
2412
  * <p>A token used for pagination of results returned.</p>
2181
2413
  */
2182
2414
  nextToken?: string;
@@ -2186,15 +2418,18 @@ export interface ListAccessPreviewFindingsResponse {
2186
2418
  */
2187
2419
  export interface ListAccessPreviewsRequest {
2188
2420
  /**
2421
+ * @public
2189
2422
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
2190
2423
  * the analyzer</a> used to generate the access preview.</p>
2191
2424
  */
2192
2425
  analyzerArn: string | undefined;
2193
2426
  /**
2427
+ * @public
2194
2428
  * <p>A token used for pagination of results returned.</p>
2195
2429
  */
2196
2430
  nextToken?: string;
2197
2431
  /**
2432
+ * @public
2198
2433
  * <p>The maximum number of results to return in the response.</p>
2199
2434
  */
2200
2435
  maxResults?: number;
@@ -2205,18 +2440,22 @@ export interface ListAccessPreviewsRequest {
2205
2440
  */
2206
2441
  export interface AccessPreviewSummary {
2207
2442
  /**
2443
+ * @public
2208
2444
  * <p>The unique ID for the access preview.</p>
2209
2445
  */
2210
2446
  id: string | undefined;
2211
2447
  /**
2448
+ * @public
2212
2449
  * <p>The ARN of the analyzer used to generate the access preview.</p>
2213
2450
  */
2214
2451
  analyzerArn: string | undefined;
2215
2452
  /**
2453
+ * @public
2216
2454
  * <p>The time at which the access preview was created.</p>
2217
2455
  */
2218
2456
  createdAt: Date | undefined;
2219
2457
  /**
2458
+ * @public
2220
2459
  * <p>The status of the access preview.</p>
2221
2460
  * <ul>
2222
2461
  * <li>
@@ -2236,6 +2475,7 @@ export interface AccessPreviewSummary {
2236
2475
  */
2237
2476
  status: AccessPreviewStatus | string | undefined;
2238
2477
  /**
2478
+ * @public
2239
2479
  * <p>Provides more details about the current status of the access preview. For example, if
2240
2480
  * the creation of the access preview fails, a <code>Failed</code> status is returned. This
2241
2481
  * failure can be due to an internal issue with the analysis or due to an invalid proposed
@@ -2248,10 +2488,12 @@ export interface AccessPreviewSummary {
2248
2488
  */
2249
2489
  export interface ListAccessPreviewsResponse {
2250
2490
  /**
2491
+ * @public
2251
2492
  * <p>A list of access previews retrieved for the analyzer.</p>
2252
2493
  */
2253
2494
  accessPreviews: AccessPreviewSummary[] | undefined;
2254
2495
  /**
2496
+ * @public
2255
2497
  * <p>A token used for pagination of results returned.</p>
2256
2498
  */
2257
2499
  nextToken?: string;
@@ -2262,19 +2504,23 @@ export interface ListAccessPreviewsResponse {
2262
2504
  */
2263
2505
  export interface ListAnalyzedResourcesRequest {
2264
2506
  /**
2507
+ * @public
2265
2508
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
2266
2509
  * the analyzer</a> to retrieve a list of analyzed resources from.</p>
2267
2510
  */
2268
2511
  analyzerArn: string | undefined;
2269
2512
  /**
2513
+ * @public
2270
2514
  * <p>The type of resource.</p>
2271
2515
  */
2272
2516
  resourceType?: ResourceType | string;
2273
2517
  /**
2518
+ * @public
2274
2519
  * <p>A token used for pagination of results returned.</p>
2275
2520
  */
2276
2521
  nextToken?: string;
2277
2522
  /**
2523
+ * @public
2278
2524
  * <p>The maximum number of results to return in the response.</p>
2279
2525
  */
2280
2526
  maxResults?: number;
@@ -2285,14 +2531,17 @@ export interface ListAnalyzedResourcesRequest {
2285
2531
  */
2286
2532
  export interface AnalyzedResourceSummary {
2287
2533
  /**
2534
+ * @public
2288
2535
  * <p>The ARN of the analyzed resource.</p>
2289
2536
  */
2290
2537
  resourceArn: string | undefined;
2291
2538
  /**
2539
+ * @public
2292
2540
  * <p>The Amazon Web Services account ID that owns the resource.</p>
2293
2541
  */
2294
2542
  resourceOwnerAccount: string | undefined;
2295
2543
  /**
2544
+ * @public
2296
2545
  * <p>The type of resource that was analyzed.</p>
2297
2546
  */
2298
2547
  resourceType: ResourceType | string | undefined;
@@ -2303,10 +2552,12 @@ export interface AnalyzedResourceSummary {
2303
2552
  */
2304
2553
  export interface ListAnalyzedResourcesResponse {
2305
2554
  /**
2555
+ * @public
2306
2556
  * <p>A list of resources that were analyzed.</p>
2307
2557
  */
2308
2558
  analyzedResources: AnalyzedResourceSummary[] | undefined;
2309
2559
  /**
2560
+ * @public
2310
2561
  * <p>A token used for pagination of results returned.</p>
2311
2562
  */
2312
2563
  nextToken?: string;
@@ -2321,10 +2572,12 @@ export type OrderBy = "ASC" | "DESC";
2321
2572
  */
2322
2573
  export interface SortCriteria {
2323
2574
  /**
2575
+ * @public
2324
2576
  * <p>The name of the attribute to sort on.</p>
2325
2577
  */
2326
2578
  attributeName?: string;
2327
2579
  /**
2580
+ * @public
2328
2581
  * <p>The sort order, ascending or descending.</p>
2329
2582
  */
2330
2583
  orderBy?: OrderBy | string;
@@ -2335,23 +2588,28 @@ export interface SortCriteria {
2335
2588
  */
2336
2589
  export interface ListFindingsRequest {
2337
2590
  /**
2591
+ * @public
2338
2592
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
2339
2593
  * the analyzer</a> to retrieve findings from.</p>
2340
2594
  */
2341
2595
  analyzerArn: string | undefined;
2342
2596
  /**
2597
+ * @public
2343
2598
  * <p>A filter to match for the findings to return.</p>
2344
2599
  */
2345
2600
  filter?: Record<string, Criterion>;
2346
2601
  /**
2602
+ * @public
2347
2603
  * <p>The sort order for the findings returned.</p>
2348
2604
  */
2349
2605
  sort?: SortCriteria;
2350
2606
  /**
2607
+ * @public
2351
2608
  * <p>A token used for pagination of results returned.</p>
2352
2609
  */
2353
2610
  nextToken?: string;
2354
2611
  /**
2612
+ * @public
2355
2613
  * <p>The maximum number of results to return in the response.</p>
2356
2614
  */
2357
2615
  maxResults?: number;
@@ -2362,61 +2620,75 @@ export interface ListFindingsRequest {
2362
2620
  */
2363
2621
  export interface FindingSummary {
2364
2622
  /**
2623
+ * @public
2365
2624
  * <p>The ID of the finding.</p>
2366
2625
  */
2367
2626
  id: string | undefined;
2368
2627
  /**
2628
+ * @public
2369
2629
  * <p>The external principal that has access to a resource within the zone of trust.</p>
2370
2630
  */
2371
2631
  principal?: Record<string, string>;
2372
2632
  /**
2633
+ * @public
2373
2634
  * <p>The action in the analyzed policy statement that an external principal has permission to
2374
2635
  * use.</p>
2375
2636
  */
2376
2637
  action?: string[];
2377
2638
  /**
2639
+ * @public
2378
2640
  * <p>The resource that the external principal has access to.</p>
2379
2641
  */
2380
2642
  resource?: string;
2381
2643
  /**
2644
+ * @public
2382
2645
  * <p>Indicates whether the finding reports a resource that has a policy that allows public
2383
2646
  * access.</p>
2384
2647
  */
2385
2648
  isPublic?: boolean;
2386
2649
  /**
2650
+ * @public
2387
2651
  * <p>The type of the resource that the external principal has access to.</p>
2388
2652
  */
2389
2653
  resourceType: ResourceType | string | undefined;
2390
2654
  /**
2655
+ * @public
2391
2656
  * <p>The condition in the analyzed policy statement that resulted in a finding.</p>
2392
2657
  */
2393
2658
  condition: Record<string, string> | undefined;
2394
2659
  /**
2660
+ * @public
2395
2661
  * <p>The time at which the finding was created.</p>
2396
2662
  */
2397
2663
  createdAt: Date | undefined;
2398
2664
  /**
2665
+ * @public
2399
2666
  * <p>The time at which the resource-based policy that generated the finding was
2400
2667
  * analyzed.</p>
2401
2668
  */
2402
2669
  analyzedAt: Date | undefined;
2403
2670
  /**
2671
+ * @public
2404
2672
  * <p>The time at which the finding was most recently updated.</p>
2405
2673
  */
2406
2674
  updatedAt: Date | undefined;
2407
2675
  /**
2676
+ * @public
2408
2677
  * <p>The status of the finding.</p>
2409
2678
  */
2410
2679
  status: FindingStatus | string | undefined;
2411
2680
  /**
2681
+ * @public
2412
2682
  * <p>The Amazon Web Services account ID that owns the resource.</p>
2413
2683
  */
2414
2684
  resourceOwnerAccount: string | undefined;
2415
2685
  /**
2686
+ * @public
2416
2687
  * <p>The error that resulted in an Error finding.</p>
2417
2688
  */
2418
2689
  error?: string;
2419
2690
  /**
2691
+ * @public
2420
2692
  * <p>The sources of the finding. This indicates how the access that generated the finding is
2421
2693
  * granted. It is populated for Amazon S3 bucket findings.</p>
2422
2694
  */
@@ -2428,11 +2700,13 @@ export interface FindingSummary {
2428
2700
  */
2429
2701
  export interface ListFindingsResponse {
2430
2702
  /**
2703
+ * @public
2431
2704
  * <p>A list of findings retrieved from the analyzer that match the filter criteria specified,
2432
2705
  * if any.</p>
2433
2706
  */
2434
2707
  findings: FindingSummary[] | undefined;
2435
2708
  /**
2709
+ * @public
2436
2710
  * <p>A token used for pagination of results returned.</p>
2437
2711
  */
2438
2712
  nextToken?: string;
@@ -2442,16 +2716,19 @@ export interface ListFindingsResponse {
2442
2716
  */
2443
2717
  export interface ListPolicyGenerationsRequest {
2444
2718
  /**
2719
+ * @public
2445
2720
  * <p>The ARN of the IAM entity (user or role) for which you are generating a policy. Use
2446
2721
  * this with <code>ListGeneratedPolicies</code> to filter the results to only include results
2447
2722
  * for a specific principal.</p>
2448
2723
  */
2449
2724
  principalArn?: string;
2450
2725
  /**
2726
+ * @public
2451
2727
  * <p>The maximum number of results to return in the response.</p>
2452
2728
  */
2453
2729
  maxResults?: number;
2454
2730
  /**
2731
+ * @public
2455
2732
  * <p>A token used for pagination of results returned.</p>
2456
2733
  */
2457
2734
  nextToken?: string;
@@ -2462,6 +2739,7 @@ export interface ListPolicyGenerationsRequest {
2462
2739
  */
2463
2740
  export interface PolicyGeneration {
2464
2741
  /**
2742
+ * @public
2465
2743
  * <p>The <code>JobId</code> that is returned by the <code>StartPolicyGeneration</code>
2466
2744
  * operation. The <code>JobId</code> can be used with <code>GetGeneratedPolicy</code> to
2467
2745
  * retrieve the generated policies or used with <code>CancelPolicyGeneration</code> to cancel
@@ -2469,18 +2747,22 @@ export interface PolicyGeneration {
2469
2747
  */
2470
2748
  jobId: string | undefined;
2471
2749
  /**
2750
+ * @public
2472
2751
  * <p>The ARN of the IAM entity (user or role) for which you are generating a policy.</p>
2473
2752
  */
2474
2753
  principalArn: string | undefined;
2475
2754
  /**
2755
+ * @public
2476
2756
  * <p>The status of the policy generation request.</p>
2477
2757
  */
2478
2758
  status: JobStatus | string | undefined;
2479
2759
  /**
2760
+ * @public
2480
2761
  * <p>A timestamp of when the policy generation started.</p>
2481
2762
  */
2482
2763
  startedOn: Date | undefined;
2483
2764
  /**
2765
+ * @public
2484
2766
  * <p>A timestamp of when the policy generation was completed.</p>
2485
2767
  */
2486
2768
  completedOn?: Date;
@@ -2490,11 +2772,13 @@ export interface PolicyGeneration {
2490
2772
  */
2491
2773
  export interface ListPolicyGenerationsResponse {
2492
2774
  /**
2775
+ * @public
2493
2776
  * <p>A <code>PolicyGeneration</code> object that contains details about the generated
2494
2777
  * policy.</p>
2495
2778
  */
2496
2779
  policyGenerations: PolicyGeneration[] | undefined;
2497
2780
  /**
2781
+ * @public
2498
2782
  * <p>A token used for pagination of results returned.</p>
2499
2783
  */
2500
2784
  nextToken?: string;
@@ -2505,6 +2789,7 @@ export interface ListPolicyGenerationsResponse {
2505
2789
  */
2506
2790
  export interface ListTagsForResourceRequest {
2507
2791
  /**
2792
+ * @public
2508
2793
  * <p>The ARN of the resource to retrieve tags from.</p>
2509
2794
  */
2510
2795
  resourceArn: string | undefined;
@@ -2515,6 +2800,7 @@ export interface ListTagsForResourceRequest {
2515
2800
  */
2516
2801
  export interface ListTagsForResourceResponse {
2517
2802
  /**
2803
+ * @public
2518
2804
  * <p>The tags that are applied to the specified resource.</p>
2519
2805
  */
2520
2806
  tags?: Record<string, string>;
@@ -2525,15 +2811,18 @@ export interface ListTagsForResourceResponse {
2525
2811
  */
2526
2812
  export interface Trail {
2527
2813
  /**
2814
+ * @public
2528
2815
  * <p>Specifies the ARN of the trail. The format of a trail ARN is
2529
2816
  * <code>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</code>.</p>
2530
2817
  */
2531
2818
  cloudTrailArn: string | undefined;
2532
2819
  /**
2820
+ * @public
2533
2821
  * <p>A list of regions to get CloudTrail data from and analyze to generate a policy.</p>
2534
2822
  */
2535
2823
  regions?: string[];
2536
2824
  /**
2825
+ * @public
2537
2826
  * <p>Possible values are <code>true</code> or <code>false</code>. If set to
2538
2827
  * <code>true</code>, IAM Access Analyzer retrieves CloudTrail data from all regions to analyze and
2539
2828
  * generate a policy.</p>
@@ -2546,20 +2835,24 @@ export interface Trail {
2546
2835
  */
2547
2836
  export interface CloudTrailDetails {
2548
2837
  /**
2838
+ * @public
2549
2839
  * <p>A <code>Trail</code> object that contains settings for a trail.</p>
2550
2840
  */
2551
2841
  trails: Trail[] | undefined;
2552
2842
  /**
2843
+ * @public
2553
2844
  * <p>The ARN of the service role that IAM Access Analyzer uses to access your CloudTrail trail and
2554
2845
  * service last accessed information.</p>
2555
2846
  */
2556
2847
  accessRole: string | undefined;
2557
2848
  /**
2849
+ * @public
2558
2850
  * <p>The start of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events
2559
2851
  * with a timestamp before this time are not considered to generate a policy.</p>
2560
2852
  */
2561
2853
  startTime: Date | undefined;
2562
2854
  /**
2855
+ * @public
2563
2856
  * <p>The end of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with
2564
2857
  * a timestamp after this time are not considered to generate a policy. If this is not
2565
2858
  * included in the request, the default value is the current time.</p>
@@ -2573,6 +2866,7 @@ export interface CloudTrailDetails {
2573
2866
  */
2574
2867
  export interface PolicyGenerationDetails {
2575
2868
  /**
2869
+ * @public
2576
2870
  * <p>The ARN of the IAM entity (user or role) for which you are generating a policy.</p>
2577
2871
  */
2578
2872
  principalArn: string | undefined;
@@ -2582,16 +2876,19 @@ export interface PolicyGenerationDetails {
2582
2876
  */
2583
2877
  export interface StartPolicyGenerationRequest {
2584
2878
  /**
2879
+ * @public
2585
2880
  * <p>Contains the ARN of the IAM entity (user or role) for which you are generating a
2586
2881
  * policy.</p>
2587
2882
  */
2588
2883
  policyGenerationDetails: PolicyGenerationDetails | undefined;
2589
2884
  /**
2885
+ * @public
2590
2886
  * <p>A <code>CloudTrailDetails</code> object that contains details about a <code>Trail</code>
2591
2887
  * that you want to analyze to generate policies.</p>
2592
2888
  */
2593
2889
  cloudTrailDetails?: CloudTrailDetails;
2594
2890
  /**
2891
+ * @public
2595
2892
  * <p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the
2596
2893
  * request. Idempotency ensures that an API request completes only once. With an idempotent
2597
2894
  * request, if the original request completes successfully, the subsequent retries with the
@@ -2607,6 +2904,7 @@ export interface StartPolicyGenerationRequest {
2607
2904
  */
2608
2905
  export interface StartPolicyGenerationResponse {
2609
2906
  /**
2907
+ * @public
2610
2908
  * <p>The <code>JobId</code> that is returned by the <code>StartPolicyGeneration</code>
2611
2909
  * operation. The <code>JobId</code> can be used with <code>GetGeneratedPolicy</code> to
2612
2910
  * retrieve the generated policies or used with <code>CancelPolicyGeneration</code> to cancel
@@ -2620,16 +2918,19 @@ export interface StartPolicyGenerationResponse {
2620
2918
  */
2621
2919
  export interface StartResourceScanRequest {
2622
2920
  /**
2921
+ * @public
2623
2922
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
2624
2923
  * the analyzer</a> to use to scan the policies applied to the specified
2625
2924
  * resource.</p>
2626
2925
  */
2627
2926
  analyzerArn: string | undefined;
2628
2927
  /**
2928
+ * @public
2629
2929
  * <p>The ARN of the resource to scan.</p>
2630
2930
  */
2631
2931
  resourceArn: string | undefined;
2632
2932
  /**
2933
+ * @public
2633
2934
  * <p>The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning
2634
2935
  * account is the account in which the resource was created.</p>
2635
2936
  */
@@ -2641,10 +2942,12 @@ export interface StartResourceScanRequest {
2641
2942
  */
2642
2943
  export interface TagResourceRequest {
2643
2944
  /**
2945
+ * @public
2644
2946
  * <p>The ARN of the resource to add the tag to.</p>
2645
2947
  */
2646
2948
  resourceArn: string | undefined;
2647
2949
  /**
2950
+ * @public
2648
2951
  * <p>The tags to add to the resource.</p>
2649
2952
  */
2650
2953
  tags: Record<string, string> | undefined;
@@ -2661,10 +2964,12 @@ export interface TagResourceResponse {
2661
2964
  */
2662
2965
  export interface UntagResourceRequest {
2663
2966
  /**
2967
+ * @public
2664
2968
  * <p>The ARN of the resource to remove the tag from.</p>
2665
2969
  */
2666
2970
  resourceArn: string | undefined;
2667
2971
  /**
2972
+ * @public
2668
2973
  * <p>The key for the tag to add.</p>
2669
2974
  */
2670
2975
  tagKeys: string[] | undefined;
@@ -2685,25 +2990,30 @@ export type FindingStatusUpdate = "ACTIVE" | "ARCHIVED";
2685
2990
  */
2686
2991
  export interface UpdateFindingsRequest {
2687
2992
  /**
2993
+ * @public
2688
2994
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
2689
2995
  * the analyzer</a> that generated the findings to update.</p>
2690
2996
  */
2691
2997
  analyzerArn: string | undefined;
2692
2998
  /**
2999
+ * @public
2693
3000
  * <p>The state represents the action to take to update the finding Status. Use
2694
3001
  * <code>ARCHIVE</code> to change an Active finding to an Archived finding. Use
2695
3002
  * <code>ACTIVE</code> to change an Archived finding to an Active finding.</p>
2696
3003
  */
2697
3004
  status: FindingStatusUpdate | string | undefined;
2698
3005
  /**
3006
+ * @public
2699
3007
  * <p>The IDs of the findings to update.</p>
2700
3008
  */
2701
3009
  ids?: string[];
2702
3010
  /**
3011
+ * @public
2703
3012
  * <p>The ARN of the resource identified in the finding.</p>
2704
3013
  */
2705
3014
  resourceArn?: string;
2706
3015
  /**
3016
+ * @public
2707
3017
  * <p>A client token.</p>
2708
3018
  */
2709
3019
  clientToken?: string;
@@ -2761,22 +3071,27 @@ export type ValidatePolicyResourceType = (typeof ValidatePolicyResourceType)[key
2761
3071
  */
2762
3072
  export interface ValidatePolicyRequest {
2763
3073
  /**
3074
+ * @public
2764
3075
  * <p>The locale to use for localizing the findings.</p>
2765
3076
  */
2766
3077
  locale?: Locale | string;
2767
3078
  /**
3079
+ * @public
2768
3080
  * <p>The maximum number of results to return in the response.</p>
2769
3081
  */
2770
3082
  maxResults?: number;
2771
3083
  /**
3084
+ * @public
2772
3085
  * <p>A token used for pagination of results returned.</p>
2773
3086
  */
2774
3087
  nextToken?: string;
2775
3088
  /**
3089
+ * @public
2776
3090
  * <p>The JSON policy document to use as the content for the policy.</p>
2777
3091
  */
2778
3092
  policyDocument: string | undefined;
2779
3093
  /**
3094
+ * @public
2780
3095
  * <p>The type of policy to validate. Identity policies grant permissions to IAM principals.
2781
3096
  * Identity policies include managed and inline policies for IAM roles, users, and groups.
2782
3097
  * They also include service-control policies (SCPs) that are attached to an Amazon Web Services
@@ -2788,6 +3103,7 @@ export interface ValidatePolicyRequest {
2788
3103
  */
2789
3104
  policyType: PolicyType | string | undefined;
2790
3105
  /**
3106
+ * @public
2791
3107
  * <p>The type of resource to attach to your resource policy. Specify a value for the policy
2792
3108
  * validation resource type only if the policy type is <code>RESOURCE_POLICY</code>. For
2793
3109
  * example, to validate a resource policy to attach to an Amazon S3 bucket, you can choose
@@ -2819,10 +3135,12 @@ export type ValidatePolicyFindingType = (typeof ValidatePolicyFindingType)[keyof
2819
3135
  */
2820
3136
  export interface Substring {
2821
3137
  /**
3138
+ * @public
2822
3139
  * <p>The start index of the substring, starting from 0.</p>
2823
3140
  */
2824
3141
  start: number | undefined;
2825
3142
  /**
3143
+ * @public
2826
3144
  * <p>The length of the substring.</p>
2827
3145
  */
2828
3146
  length: number | undefined;
@@ -2837,6 +3155,7 @@ export type PathElement = PathElement.IndexMember | PathElement.KeyMember | Path
2837
3155
  */
2838
3156
  export declare namespace PathElement {
2839
3157
  /**
3158
+ * @public
2840
3159
  * <p>Refers to an index in a JSON array.</p>
2841
3160
  */
2842
3161
  interface IndexMember {
@@ -2847,6 +3166,7 @@ export declare namespace PathElement {
2847
3166
  $unknown?: never;
2848
3167
  }
2849
3168
  /**
3169
+ * @public
2850
3170
  * <p>Refers to a key in a JSON object.</p>
2851
3171
  */
2852
3172
  interface KeyMember {
@@ -2857,6 +3177,7 @@ export declare namespace PathElement {
2857
3177
  $unknown?: never;
2858
3178
  }
2859
3179
  /**
3180
+ * @public
2860
3181
  * <p>Refers to a substring of a literal string in a JSON object.</p>
2861
3182
  */
2862
3183
  interface SubstringMember {
@@ -2867,6 +3188,7 @@ export declare namespace PathElement {
2867
3188
  $unknown?: never;
2868
3189
  }
2869
3190
  /**
3191
+ * @public
2870
3192
  * <p>Refers to the value associated with a given key in a JSON object.</p>
2871
3193
  */
2872
3194
  interface ValueMember {
@@ -2876,6 +3198,9 @@ export declare namespace PathElement {
2876
3198
  value: string;
2877
3199
  $unknown?: never;
2878
3200
  }
3201
+ /**
3202
+ * @public
3203
+ */
2879
3204
  interface $UnknownMember {
2880
3205
  index?: never;
2881
3206
  key?: never;
@@ -2898,14 +3223,17 @@ export declare namespace PathElement {
2898
3223
  */
2899
3224
  export interface Position {
2900
3225
  /**
3226
+ * @public
2901
3227
  * <p>The line of the position, starting from 1.</p>
2902
3228
  */
2903
3229
  line: number | undefined;
2904
3230
  /**
3231
+ * @public
2905
3232
  * <p>The column of the position, starting from 0.</p>
2906
3233
  */
2907
3234
  column: number | undefined;
2908
3235
  /**
3236
+ * @public
2909
3237
  * <p>The offset within the policy that corresponds to the position, starting from 0.</p>
2910
3238
  */
2911
3239
  offset: number | undefined;
@@ -2917,10 +3245,12 @@ export interface Position {
2917
3245
  */
2918
3246
  export interface Span {
2919
3247
  /**
3248
+ * @public
2920
3249
  * <p>The start position of the span (inclusive).</p>
2921
3250
  */
2922
3251
  start: Position | undefined;
2923
3252
  /**
3253
+ * @public
2924
3254
  * <p>The end position of the span (exclusive).</p>
2925
3255
  */
2926
3256
  end: Position | undefined;
@@ -2932,10 +3262,12 @@ export interface Span {
2932
3262
  */
2933
3263
  export interface Location {
2934
3264
  /**
3265
+ * @public
2935
3266
  * <p>A path in a policy, represented as a sequence of path elements.</p>
2936
3267
  */
2937
3268
  path: PathElement[] | undefined;
2938
3269
  /**
3270
+ * @public
2939
3271
  * <p>A span in a policy.</p>
2940
3272
  */
2941
3273
  span: Span | undefined;
@@ -2947,11 +3279,13 @@ export interface Location {
2947
3279
  */
2948
3280
  export interface ValidatePolicyFinding {
2949
3281
  /**
3282
+ * @public
2950
3283
  * <p>A localized message that explains the finding and provides guidance on how to address
2951
3284
  * it.</p>
2952
3285
  */
2953
3286
  findingDetails: string | undefined;
2954
3287
  /**
3288
+ * @public
2955
3289
  * <p>The impact of the finding.</p>
2956
3290
  * <p>Security warnings report when the policy allows access that we consider overly
2957
3291
  * permissive.</p>
@@ -2963,14 +3297,17 @@ export interface ValidatePolicyFinding {
2963
3297
  */
2964
3298
  findingType: ValidatePolicyFindingType | string | undefined;
2965
3299
  /**
3300
+ * @public
2966
3301
  * <p>The issue code provides an identifier of the issue associated with this finding.</p>
2967
3302
  */
2968
3303
  issueCode: string | undefined;
2969
3304
  /**
3305
+ * @public
2970
3306
  * <p>A link to additional documentation about the type of finding.</p>
2971
3307
  */
2972
3308
  learnMoreLink: string | undefined;
2973
3309
  /**
3310
+ * @public
2974
3311
  * <p>The list of locations in the policy document that are related to the finding. The issue
2975
3312
  * code provides a summary of an issue identified by the finding.</p>
2976
3313
  */
@@ -2981,11 +3318,13 @@ export interface ValidatePolicyFinding {
2981
3318
  */
2982
3319
  export interface ValidatePolicyResponse {
2983
3320
  /**
3321
+ * @public
2984
3322
  * <p>The list of findings in a policy returned by IAM Access Analyzer based on its suite of policy
2985
3323
  * checks.</p>
2986
3324
  */
2987
3325
  findings: ValidatePolicyFinding[] | undefined;
2988
3326
  /**
3327
+ * @public
2989
3328
  * <p>A token used for pagination of results returned.</p>
2990
3329
  */
2991
3330
  nextToken?: string;