@aws-sdk/client-accessanalyzer 3.529.1 → 3.535.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (77) hide show
  1. package/dist-types/AccessAnalyzer.d.ts +3 -1
  2. package/dist-types/AccessAnalyzerClient.d.ts +1 -1
  3. package/dist-types/commands/ApplyArchiveRuleCommand.d.ts +2 -1
  4. package/dist-types/commands/CancelPolicyGenerationCommand.d.ts +2 -1
  5. package/dist-types/commands/CheckAccessNotGrantedCommand.d.ts +2 -1
  6. package/dist-types/commands/CheckNoNewAccessCommand.d.ts +2 -1
  7. package/dist-types/commands/CreateAccessPreviewCommand.d.ts +2 -1
  8. package/dist-types/commands/CreateAnalyzerCommand.d.ts +2 -1
  9. package/dist-types/commands/CreateArchiveRuleCommand.d.ts +2 -1
  10. package/dist-types/commands/DeleteAnalyzerCommand.d.ts +2 -1
  11. package/dist-types/commands/DeleteArchiveRuleCommand.d.ts +2 -1
  12. package/dist-types/commands/GetAccessPreviewCommand.d.ts +2 -1
  13. package/dist-types/commands/GetAnalyzedResourceCommand.d.ts +2 -1
  14. package/dist-types/commands/GetAnalyzerCommand.d.ts +2 -1
  15. package/dist-types/commands/GetArchiveRuleCommand.d.ts +2 -1
  16. package/dist-types/commands/GetFindingCommand.d.ts +2 -1
  17. package/dist-types/commands/GetFindingV2Command.d.ts +2 -1
  18. package/dist-types/commands/GetGeneratedPolicyCommand.d.ts +2 -1
  19. package/dist-types/commands/ListAccessPreviewFindingsCommand.d.ts +2 -1
  20. package/dist-types/commands/ListAccessPreviewsCommand.d.ts +2 -1
  21. package/dist-types/commands/ListAnalyzedResourcesCommand.d.ts +2 -1
  22. package/dist-types/commands/ListAnalyzersCommand.d.ts +2 -1
  23. package/dist-types/commands/ListArchiveRulesCommand.d.ts +2 -1
  24. package/dist-types/commands/ListFindingsCommand.d.ts +2 -1
  25. package/dist-types/commands/ListFindingsV2Command.d.ts +2 -1
  26. package/dist-types/commands/ListPolicyGenerationsCommand.d.ts +2 -1
  27. package/dist-types/commands/ListTagsForResourceCommand.d.ts +2 -1
  28. package/dist-types/commands/StartPolicyGenerationCommand.d.ts +2 -1
  29. package/dist-types/commands/StartResourceScanCommand.d.ts +2 -1
  30. package/dist-types/commands/TagResourceCommand.d.ts +2 -1
  31. package/dist-types/commands/UntagResourceCommand.d.ts +2 -1
  32. package/dist-types/commands/UpdateArchiveRuleCommand.d.ts +2 -1
  33. package/dist-types/commands/UpdateFindingsCommand.d.ts +2 -1
  34. package/dist-types/commands/ValidatePolicyCommand.d.ts +2 -1
  35. package/dist-types/models/models_0.d.ts +505 -505
  36. package/dist-types/runtimeConfig.browser.d.ts +2 -2
  37. package/dist-types/runtimeConfig.d.ts +2 -2
  38. package/dist-types/runtimeConfig.native.d.ts +2 -2
  39. package/dist-types/runtimeConfig.shared.d.ts +2 -2
  40. package/dist-types/ts3.4/AccessAnalyzer.d.ts +2 -0
  41. package/dist-types/ts3.4/commands/ApplyArchiveRuleCommand.d.ts +9 -0
  42. package/dist-types/ts3.4/commands/CancelPolicyGenerationCommand.d.ts +9 -0
  43. package/dist-types/ts3.4/commands/CheckAccessNotGrantedCommand.d.ts +9 -0
  44. package/dist-types/ts3.4/commands/CheckNoNewAccessCommand.d.ts +9 -0
  45. package/dist-types/ts3.4/commands/CreateAccessPreviewCommand.d.ts +9 -0
  46. package/dist-types/ts3.4/commands/CreateAnalyzerCommand.d.ts +9 -0
  47. package/dist-types/ts3.4/commands/CreateArchiveRuleCommand.d.ts +9 -0
  48. package/dist-types/ts3.4/commands/DeleteAnalyzerCommand.d.ts +9 -0
  49. package/dist-types/ts3.4/commands/DeleteArchiveRuleCommand.d.ts +9 -0
  50. package/dist-types/ts3.4/commands/GetAccessPreviewCommand.d.ts +9 -0
  51. package/dist-types/ts3.4/commands/GetAnalyzedResourceCommand.d.ts +9 -0
  52. package/dist-types/ts3.4/commands/GetAnalyzerCommand.d.ts +9 -0
  53. package/dist-types/ts3.4/commands/GetArchiveRuleCommand.d.ts +9 -0
  54. package/dist-types/ts3.4/commands/GetFindingCommand.d.ts +9 -0
  55. package/dist-types/ts3.4/commands/GetFindingV2Command.d.ts +9 -0
  56. package/dist-types/ts3.4/commands/GetGeneratedPolicyCommand.d.ts +9 -0
  57. package/dist-types/ts3.4/commands/ListAccessPreviewFindingsCommand.d.ts +9 -0
  58. package/dist-types/ts3.4/commands/ListAccessPreviewsCommand.d.ts +9 -0
  59. package/dist-types/ts3.4/commands/ListAnalyzedResourcesCommand.d.ts +9 -0
  60. package/dist-types/ts3.4/commands/ListAnalyzersCommand.d.ts +9 -0
  61. package/dist-types/ts3.4/commands/ListArchiveRulesCommand.d.ts +9 -0
  62. package/dist-types/ts3.4/commands/ListFindingsCommand.d.ts +9 -0
  63. package/dist-types/ts3.4/commands/ListFindingsV2Command.d.ts +9 -0
  64. package/dist-types/ts3.4/commands/ListPolicyGenerationsCommand.d.ts +9 -0
  65. package/dist-types/ts3.4/commands/ListTagsForResourceCommand.d.ts +9 -0
  66. package/dist-types/ts3.4/commands/StartPolicyGenerationCommand.d.ts +9 -0
  67. package/dist-types/ts3.4/commands/StartResourceScanCommand.d.ts +9 -0
  68. package/dist-types/ts3.4/commands/TagResourceCommand.d.ts +9 -0
  69. package/dist-types/ts3.4/commands/UntagResourceCommand.d.ts +9 -0
  70. package/dist-types/ts3.4/commands/UpdateArchiveRuleCommand.d.ts +9 -0
  71. package/dist-types/ts3.4/commands/UpdateFindingsCommand.d.ts +9 -0
  72. package/dist-types/ts3.4/commands/ValidatePolicyCommand.d.ts +9 -0
  73. package/dist-types/ts3.4/runtimeConfig.browser.d.ts +2 -2
  74. package/dist-types/ts3.4/runtimeConfig.d.ts +2 -2
  75. package/dist-types/ts3.4/runtimeConfig.native.d.ts +2 -2
  76. package/dist-types/ts3.4/runtimeConfig.shared.d.ts +2 -2
  77. package/package.json +40 -40
package/dist-types/models/models_0.d.ts CHANGED
@@ -1,21 +1,21 @@
1
1
  import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
2
2
  import { AccessAnalyzerServiceException as __BaseException } from "./AccessAnalyzerServiceException";
3
3
  /**
4
- * @public
5
4
  * <p>Contains information about actions that define permissions to check against a
6
5
  * policy.</p>
6
+ * @public
7
7
  */
8
8
  export interface Access {
9
9
  /**
10
- * @public
11
10
  * <p>A list of actions for the access permissions. Any strings that can be used as an action
12
11
  * in an IAM policy can be used in the list of actions to check.</p>
12
+ * @public
13
13
  */
14
14
  actions: string[] | undefined;
15
15
  }
16
16
  /**
17
- * @public
18
17
  * <p>You do not have sufficient access to perform this action.</p>
18
+ * @public
19
19
  */
20
20
  export declare class AccessDeniedException extends __BaseException {
21
21
  readonly name: "AccessDeniedException";
@@ -26,20 +26,20 @@ export declare class AccessDeniedException extends __BaseException {
26
26
  constructor(opts: __ExceptionOptionType<AccessDeniedException, __BaseException>);
27
27
  }
28
28
  /**
29
- * @public
30
29
  * <p>A conflict exception error.</p>
30
+ * @public
31
31
  */
32
32
  export declare class ConflictException extends __BaseException {
33
33
  readonly name: "ConflictException";
34
34
  readonly $fault: "client";
35
35
  /**
36
- * @public
37
36
  * <p>The ID of the resource.</p>
37
+ * @public
38
38
  */
39
39
  resourceId: string | undefined;
40
40
  /**
41
- * @public
42
41
  * <p>The resource type.</p>
42
+ * @public
43
43
  */
44
44
  resourceType: string | undefined;
45
45
  /**
@@ -48,70 +48,70 @@ export declare class ConflictException extends __BaseException {
48
48
  constructor(opts: __ExceptionOptionType<ConflictException, __BaseException>);
49
49
  }
50
50
  /**
51
- * @public
52
51
  * <p>The criteria to use in the filter that defines the archive rule. For more information on
53
52
  * available filter keys, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html">IAM Access Analyzer filter
54
53
  * keys</a>.</p>
54
+ * @public
55
55
  */
56
56
  export interface Criterion {
57
57
  /**
58
- * @public
59
58
  * <p>An "equals" operator to match for the filter used to create the rule.</p>
59
+ * @public
60
60
  */
61
61
  eq?: string[];
62
62
  /**
63
- * @public
64
63
  * <p>A "not equals" operator to match for the filter used to create the rule.</p>
64
+ * @public
65
65
  */
66
66
  neq?: string[];
67
67
  /**
68
- * @public
69
68
  * <p>A "contains" operator to match for the filter used to create the rule.</p>
69
+ * @public
70
70
  */
71
71
  contains?: string[];
72
72
  /**
73
- * @public
74
73
  * <p>An "exists" operator to match for the filter used to create the rule. </p>
74
+ * @public
75
75
  */
76
76
  exists?: boolean;
77
77
  }
78
78
  /**
79
- * @public
80
79
  * <p>Creates an archive rule.</p>
80
+ * @public
81
81
  */
82
82
  export interface CreateArchiveRuleRequest {
83
83
  /**
84
- * @public
85
84
  * <p>The name of the created analyzer.</p>
85
+ * @public
86
86
  */
87
87
  analyzerName: string | undefined;
88
88
  /**
89
- * @public
90
89
  * <p>The name of the rule to create.</p>
90
+ * @public
91
91
  */
92
92
  ruleName: string | undefined;
93
93
  /**
94
- * @public
95
94
  * <p>The criteria for the rule.</p>
95
+ * @public
96
96
  */
97
97
  filter: Record<string, Criterion> | undefined;
98
98
  /**
99
- * @public
100
99
  * <p>A client token.</p>
100
+ * @public
101
101
  */
102
102
  clientToken?: string;
103
103
  }
104
104
  /**
105
- * @public
106
105
  * <p>Internal server error.</p>
106
+ * @public
107
107
  */
108
108
  export declare class InternalServerException extends __BaseException {
109
109
  readonly name: "InternalServerException";
110
110
  readonly $fault: "server";
111
111
  $retryable: {};
112
112
  /**
113
- * @public
114
113
  * <p>The seconds to wait to retry.</p>
114
+ * @public
115
115
  */
116
116
  retryAfterSeconds?: number;
117
117
  /**
@@ -120,20 +120,20 @@ export declare class InternalServerException extends __BaseException {
120
120
  constructor(opts: __ExceptionOptionType<InternalServerException, __BaseException>);
121
121
  }
122
122
  /**
123
- * @public
124
123
  * <p>The specified resource could not be found.</p>
124
+ * @public
125
125
  */
126
126
  export declare class ResourceNotFoundException extends __BaseException {
127
127
  readonly name: "ResourceNotFoundException";
128
128
  readonly $fault: "client";
129
129
  /**
130
- * @public
131
130
  * <p>The ID of the resource.</p>
131
+ * @public
132
132
  */
133
133
  resourceId: string | undefined;
134
134
  /**
135
- * @public
136
135
  * <p>The type of the resource.</p>
136
+ * @public
137
137
  */
138
138
  resourceType: string | undefined;
139
139
  /**
@@ -142,20 +142,20 @@ export declare class ResourceNotFoundException extends __BaseException {
142
142
  constructor(opts: __ExceptionOptionType<ResourceNotFoundException, __BaseException>);
143
143
  }
144
144
  /**
145
- * @public
146
145
  * <p>Service quote met error.</p>
146
+ * @public
147
147
  */
148
148
  export declare class ServiceQuotaExceededException extends __BaseException {
149
149
  readonly name: "ServiceQuotaExceededException";
150
150
  readonly $fault: "client";
151
151
  /**
152
- * @public
153
152
  * <p>The resource ID.</p>
153
+ * @public
154
154
  */
155
155
  resourceId: string | undefined;
156
156
  /**
157
- * @public
158
157
  * <p>The resource type.</p>
158
+ * @public
159
159
  */
160
160
  resourceType: string | undefined;
161
161
  /**
@@ -164,8 +164,8 @@ export declare class ServiceQuotaExceededException extends __BaseException {
164
164
  constructor(opts: __ExceptionOptionType<ServiceQuotaExceededException, __BaseException>);
165
165
  }
166
166
  /**
167
- * @public
168
167
  * <p>Throttling limit exceeded error.</p>
168
+ * @public
169
169
  */
170
170
  export declare class ThrottlingException extends __BaseException {
171
171
  readonly name: "ThrottlingException";
@@ -174,8 +174,8 @@ export declare class ThrottlingException extends __BaseException {
174
174
  throttling: boolean;
175
175
  };
176
176
  /**
177
- * @public
178
177
  * <p>The seconds to wait to retry.</p>
178
+ * @public
179
179
  */
180
180
  retryAfterSeconds?: number;
181
181
  /**
@@ -184,18 +184,18 @@ export declare class ThrottlingException extends __BaseException {
184
184
  constructor(opts: __ExceptionOptionType<ThrottlingException, __BaseException>);
185
185
  }
186
186
  /**
187
- * @public
188
187
  * <p>Contains information about a validation exception.</p>
188
+ * @public
189
189
  */
190
190
  export interface ValidationExceptionField {
191
191
  /**
192
- * @public
193
192
  * <p>The name of the validation exception.</p>
193
+ * @public
194
194
  */
195
195
  name: string | undefined;
196
196
  /**
197
- * @public
198
197
  * <p>A message about the validation exception.</p>
198
+ * @public
199
199
  */
200
200
  message: string | undefined;
201
201
  }
@@ -214,20 +214,20 @@ export declare const ValidationExceptionReason: {
214
214
  */
215
215
  export type ValidationExceptionReason = (typeof ValidationExceptionReason)[keyof typeof ValidationExceptionReason];
216
216
  /**
217
- * @public
218
217
  * <p>Validation exception error.</p>
218
+ * @public
219
219
  */
220
220
  export declare class ValidationException extends __BaseException {
221
221
  readonly name: "ValidationException";
222
222
  readonly $fault: "client";
223
223
  /**
224
- * @public
225
224
  * <p>The reason for the exception.</p>
225
+ * @public
226
226
  */
227
227
  reason: ValidationExceptionReason | undefined;
228
228
  /**
229
- * @public
230
229
  * <p>A list of fields that didn't validate.</p>
230
+ * @public
231
231
  */
232
232
  fieldList?: ValidationExceptionField[];
233
233
  /**
@@ -236,179 +236,179 @@ export declare class ValidationException extends __BaseException {
236
236
  constructor(opts: __ExceptionOptionType<ValidationException, __BaseException>);
237
237
  }
238
238
  /**
239
- * @public
240
239
  * <p>Deletes an archive rule.</p>
240
+ * @public
241
241
  */
242
242
  export interface DeleteArchiveRuleRequest {
243
243
  /**
244
- * @public
245
244
  * <p>The name of the analyzer that associated with the archive rule to delete.</p>
245
+ * @public
246
246
  */
247
247
  analyzerName: string | undefined;
248
248
  /**
249
- * @public
250
249
  * <p>The name of the rule to delete.</p>
250
+ * @public
251
251
  */
252
252
  ruleName: string | undefined;
253
253
  /**
254
- * @public
255
254
  * <p>A client token.</p>
255
+ * @public
256
256
  */
257
257
  clientToken?: string;
258
258
  }
259
259
  /**
260
- * @public
261
260
  * <p>Retrieves an archive rule.</p>
261
+ * @public
262
262
  */
263
263
  export interface GetArchiveRuleRequest {
264
264
  /**
265
- * @public
266
265
  * <p>The name of the analyzer to retrieve rules from.</p>
266
+ * @public
267
267
  */
268
268
  analyzerName: string | undefined;
269
269
  /**
270
- * @public
271
270
  * <p>The name of the rule to retrieve.</p>
271
+ * @public
272
272
  */
273
273
  ruleName: string | undefined;
274
274
  }
275
275
  /**
276
- * @public
277
276
  * <p>Contains information about an archive rule.</p>
277
+ * @public
278
278
  */
279
279
  export interface ArchiveRuleSummary {
280
280
  /**
281
- * @public
282
281
  * <p>The name of the archive rule.</p>
282
+ * @public
283
283
  */
284
284
  ruleName: string | undefined;
285
285
  /**
286
- * @public
287
286
  * <p>A filter used to define the archive rule.</p>
287
+ * @public
288
288
  */
289
289
  filter: Record<string, Criterion> | undefined;
290
290
  /**
291
- * @public
292
291
  * <p>The time at which the archive rule was created.</p>
292
+ * @public
293
293
  */
294
294
  createdAt: Date | undefined;
295
295
  /**
296
- * @public
297
296
  * <p>The time at which the archive rule was last updated.</p>
297
+ * @public
298
298
  */
299
299
  updatedAt: Date | undefined;
300
300
  }
301
301
  /**
302
- * @public
303
302
  * <p>The response to the request.</p>
303
+ * @public
304
304
  */
305
305
  export interface GetArchiveRuleResponse {
306
306
  /**
307
- * @public
308
307
  * <p>Contains information about an archive rule.</p>
308
+ * @public
309
309
  */
310
310
  archiveRule: ArchiveRuleSummary | undefined;
311
311
  }
312
312
  /**
313
- * @public
314
313
  * <p>Retrieves a list of archive rules created for the specified analyzer.</p>
314
+ * @public
315
315
  */
316
316
  export interface ListArchiveRulesRequest {
317
317
  /**
318
- * @public
319
318
  * <p>The name of the analyzer to retrieve rules from.</p>
319
+ * @public
320
320
  */
321
321
  analyzerName: string | undefined;
322
322
  /**
323
- * @public
324
323
  * <p>A token used for pagination of results returned.</p>
324
+ * @public
325
325
  */
326
326
  nextToken?: string;
327
327
  /**
328
- * @public
329
328
  * <p>The maximum number of results to return in the request.</p>
329
+ * @public
330
330
  */
331
331
  maxResults?: number;
332
332
  }
333
333
  /**
334
- * @public
335
334
  * <p>The response to the request.</p>
335
+ * @public
336
336
  */
337
337
  export interface ListArchiveRulesResponse {
338
338
  /**
339
- * @public
340
339
  * <p>A list of archive rules created for the specified analyzer.</p>
340
+ * @public
341
341
  */
342
342
  archiveRules: ArchiveRuleSummary[] | undefined;
343
343
  /**
344
- * @public
345
344
  * <p>A token used for pagination of results returned.</p>
345
+ * @public
346
346
  */
347
347
  nextToken?: string;
348
348
  }
349
349
  /**
350
- * @public
351
350
  * <p>Updates the specified archive rule.</p>
351
+ * @public
352
352
  */
353
353
  export interface UpdateArchiveRuleRequest {
354
354
  /**
355
- * @public
356
355
  * <p>The name of the analyzer to update the archive rules for.</p>
356
+ * @public
357
357
  */
358
358
  analyzerName: string | undefined;
359
359
  /**
360
- * @public
361
360
  * <p>The name of the rule to update.</p>
361
+ * @public
362
362
  */
363
363
  ruleName: string | undefined;
364
364
  /**
365
- * @public
366
365
  * <p>A filter to match for the rules to update. Only rules that match the filter are
367
366
  * updated.</p>
367
+ * @public
368
368
  */
369
369
  filter: Record<string, Criterion> | undefined;
370
370
  /**
371
- * @public
372
371
  * <p>A client token.</p>
372
+ * @public
373
373
  */
374
374
  clientToken?: string;
375
375
  }
376
376
  /**
377
- * @public
378
377
  * <p>An criterion statement in an archive rule. Each archive rule may have multiple
379
378
  * criteria.</p>
379
+ * @public
380
380
  */
381
381
  export interface InlineArchiveRule {
382
382
  /**
383
- * @public
384
383
  * <p>The name of the rule.</p>
384
+ * @public
385
385
  */
386
386
  ruleName: string | undefined;
387
387
  /**
388
- * @public
389
388
  * <p>The condition and values for a criterion.</p>
389
+ * @public
390
390
  */
391
391
  filter: Record<string, Criterion> | undefined;
392
392
  }
393
393
  /**
394
- * @public
395
394
  * <p>Contains information about an unused access analyzer.</p>
395
+ * @public
396
396
  */
397
397
  export interface UnusedAccessConfiguration {
398
398
  /**
399
- * @public
400
399
  * <p>The specified access age in days for which to generate findings for unused access. For
401
400
  * example, if you specify 90 days, the analyzer will generate findings for IAM entities
402
401
  * within the accounts of the selected organization for any access that hasn't been used in 90
403
402
  * or more days since the analyzer's last scan. You can choose a value between 1 and 180
404
403
  * days.</p>
404
+ * @public
405
405
  */
406
406
  unusedAccessAge?: number;
407
407
  }
408
408
  /**
409
- * @public
410
409
  * <p>Contains information about the configuration of an unused access analyzer for an Amazon Web Services
411
410
  * organization or account.</p>
411
+ * @public
412
412
  */
413
413
  export type AnalyzerConfiguration = AnalyzerConfiguration.UnusedAccessMember | AnalyzerConfiguration.$UnknownMember;
414
414
  /**
@@ -416,9 +416,9 @@ export type AnalyzerConfiguration = AnalyzerConfiguration.UnusedAccessMember | A
416
416
  */
417
417
  export declare namespace AnalyzerConfiguration {
418
418
  /**
419
- * @public
420
419
  * <p>Specifies the configuration of an unused access analyzer for an Amazon Web Services organization or
421
420
  * account. External access analyzers do not support any configuration.</p>
421
+ * @public
422
422
  */
423
423
  interface UnusedAccessMember {
424
424
  unusedAccess: UnusedAccessConfiguration;
@@ -442,82 +442,82 @@ export declare namespace AnalyzerConfiguration {
442
442
  */
443
443
  export type Type = "ACCOUNT" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION" | "ORGANIZATION_UNUSED_ACCESS";
444
444
  /**
445
- * @public
446
445
  * <p>Creates an analyzer.</p>
446
+ * @public
447
447
  */
448
448
  export interface CreateAnalyzerRequest {
449
449
  /**
450
- * @public
451
450
  * <p>The name of the analyzer to create.</p>
451
+ * @public
452
452
  */
453
453
  analyzerName: string | undefined;
454
454
  /**
455
- * @public
456
455
  * <p>The type of analyzer to create. Only <code>ACCOUNT</code>, <code>ORGANIZATION</code>,
457
456
  * <code>ACCOUNT_UNUSED_ACCESS</code>, and <code>ORGANIZATION_UNUSED_ACCESS</code>
458
457
  * analyzers are supported. You can create only one analyzer per account per Region. You can
459
458
  * create up to 5 analyzers per organization per Region.</p>
459
+ * @public
460
460
  */
461
461
  type: Type | undefined;
462
462
  /**
463
- * @public
464
463
  * <p>Specifies the archive rules to add for the analyzer. Archive rules automatically archive
465
464
  * findings that meet the criteria you define for the rule.</p>
465
+ * @public
466
466
  */
467
467
  archiveRules?: InlineArchiveRule[];
468
468
  /**
469
- * @public
470
469
  * <p>An array of key-value pairs to apply to the analyzer.</p>
470
+ * @public
471
471
  */
472
472
  tags?: Record<string, string>;
473
473
  /**
474
- * @public
475
474
  * <p>A client token.</p>
475
+ * @public
476
476
  */
477
477
  clientToken?: string;
478
478
  /**
479
- * @public
480
479
  * <p>Specifies the configuration of the analyzer. If the analyzer is an unused access
481
480
  * analyzer, the specified scope of unused access is used for the configuration. If the
482
481
  * analyzer is an external access analyzer, this field is not used.</p>
482
+ * @public
483
483
  */
484
484
  configuration?: AnalyzerConfiguration;
485
485
  }
486
486
  /**
487
- * @public
488
487
  * <p>The response to the request to create an analyzer.</p>
488
+ * @public
489
489
  */
490
490
  export interface CreateAnalyzerResponse {
491
491
  /**
492
- * @public
493
492
  * <p>The ARN of the analyzer that was created by the request.</p>
493
+ * @public
494
494
  */
495
495
  arn?: string;
496
496
  }
497
497
  /**
498
- * @public
499
498
  * <p>Deletes an analyzer.</p>
499
+ * @public
500
500
  */
501
501
  export interface DeleteAnalyzerRequest {
502
502
  /**
503
- * @public
504
503
  * <p>The name of the analyzer to delete.</p>
504
+ * @public
505
505
  */
506
506
  analyzerName: string | undefined;
507
507
  /**
508
- * @public
509
508
  * <p>A client token.</p>
509
+ * @public
510
510
  */
511
511
  clientToken?: string;
512
512
  }
513
513
  /**
514
- * @public
515
514
  * <p>Retrieves an analyzer.</p>
515
+ * @public
516
516
  */
517
517
  export interface GetAnalyzerRequest {
518
518
  /**
519
- * @public
520
519
  * <p>The name of the analyzer retrieved.</p>
520
+ * @public
521
521
  */
522
522
  analyzerName: string | undefined;
523
523
  }
@@ -530,152 +530,152 @@ export type AnalyzerStatus = "ACTIVE" | "CREATING" | "DISABLED" | "FAILED";
530
530
  */
531
531
  export type ReasonCode = "AWS_SERVICE_ACCESS_DISABLED" | "DELEGATED_ADMINISTRATOR_DEREGISTERED" | "ORGANIZATION_DELETED" | "SERVICE_LINKED_ROLE_CREATION_FAILED";
532
532
  /**
533
- * @public
534
533
  * <p>Provides more details about the current status of the analyzer. For example, if the
535
534
  * creation for the analyzer fails, a <code>Failed</code> status is returned. For an analyzer
536
535
  * with organization as the type, this failure can be due to an issue with creating the
537
536
  * service-linked roles required in the member accounts of the Amazon Web Services organization.</p>
537
+ * @public
538
538
  */
539
539
  export interface StatusReason {
540
540
  /**
541
- * @public
542
541
  * <p>The reason code for the current status of the analyzer.</p>
542
+ * @public
543
543
  */
544
544
  code: ReasonCode | undefined;
545
545
  }
546
546
  /**
547
- * @public
548
547
  * <p>Contains information about the analyzer.</p>
548
+ * @public
549
549
  */
550
550
  export interface AnalyzerSummary {
551
551
  /**
552
- * @public
553
552
  * <p>The ARN of the analyzer.</p>
553
+ * @public
554
554
  */
555
555
  arn: string | undefined;
556
556
  /**
557
- * @public
558
557
  * <p>The name of the analyzer.</p>
558
+ * @public
559
559
  */
560
560
  name: string | undefined;
561
561
  /**
562
- * @public
563
562
  * <p>The type of analyzer, which corresponds to the zone of trust chosen for the
564
563
  * analyzer.</p>
564
+ * @public
565
565
  */
566
566
  type: Type | undefined;
567
567
  /**
568
- * @public
569
568
  * <p>A timestamp for the time at which the analyzer was created.</p>
569
+ * @public
570
570
  */
571
571
  createdAt: Date | undefined;
572
572
  /**
573
- * @public
574
573
  * <p>The resource that was most recently analyzed by the analyzer.</p>
574
+ * @public
575
575
  */
576
576
  lastResourceAnalyzed?: string;
577
577
  /**
578
- * @public
579
578
  * <p>The time at which the most recently analyzed resource was analyzed.</p>
579
+ * @public
580
580
  */
581
581
  lastResourceAnalyzedAt?: Date;
582
582
  /**
583
- * @public
584
583
  * <p>The tags added to the analyzer.</p>
584
+ * @public
585
585
  */
586
586
  tags?: Record<string, string>;
587
587
  /**
588
- * @public
589
588
  * <p>The status of the analyzer. An <code>Active</code> analyzer successfully monitors
590
589
  * supported resources and generates new findings. The analyzer is <code>Disabled</code> when
591
590
  * a user action, such as removing trusted access for Identity and Access Management Access Analyzer from Organizations, causes
592
591
  * the analyzer to stop generating new findings. The status is <code>Creating</code> when the
593
592
  * analyzer creation is in progress and <code>Failed</code> when the analyzer creation has
594
593
  * failed. </p>
594
+ * @public
595
595
  */
596
596
  status: AnalyzerStatus | undefined;
597
597
  /**
598
- * @public
599
598
  * <p>The <code>statusReason</code> provides more details about the current status of the
600
599
  * analyzer. For example, if the creation for the analyzer fails, a <code>Failed</code> status
601
600
  * is returned. For an analyzer with organization as the type, this failure can be due to an
602
601
  * issue with creating the service-linked roles required in the member accounts of the Amazon Web Services
603
602
  * organization.</p>
603
+ * @public
604
604
  */
605
605
  statusReason?: StatusReason;
606
606
  /**
607
- * @public
608
607
  * <p>Specifies whether the analyzer is an external access or unused access analyzer.</p>
608
+ * @public
609
609
  */
610
610
  configuration?: AnalyzerConfiguration;
611
611
  }
612
612
  /**
613
- * @public
614
613
  * <p>The response to the request.</p>
614
+ * @public
615
615
  */
616
616
  export interface GetAnalyzerResponse {
617
617
  /**
618
- * @public
619
618
  * <p>An <code>AnalyzerSummary</code> object that contains information about the
620
619
  * analyzer.</p>
620
+ * @public
621
621
  */
622
622
  analyzer: AnalyzerSummary | undefined;
623
623
  }
624
624
  /**
625
- * @public
626
625
  * <p>Retrieves a list of analyzers.</p>
626
+ * @public
627
627
  */
628
628
  export interface ListAnalyzersRequest {
629
629
  /**
630
- * @public
631
630
  * <p>A token used for pagination of results returned.</p>
631
+ * @public
632
632
  */
633
633
  nextToken?: string;
634
634
  /**
635
- * @public
636
635
  * <p>The maximum number of results to return in the response.</p>
636
+ * @public
637
637
  */
638
638
  maxResults?: number;
639
639
  /**
640
- * @public
641
640
  * <p>The type of analyzer.</p>
641
+ * @public
642
642
  */
643
643
  type?: Type;
644
644
  }
645
645
  /**
646
- * @public
647
646
  * <p>The response to the request.</p>
647
+ * @public
648
648
  */
649
649
  export interface ListAnalyzersResponse {
650
650
  /**
651
- * @public
652
651
  * <p>The analyzers retrieved.</p>
652
+ * @public
653
653
  */
654
654
  analyzers: AnalyzerSummary[] | undefined;
655
655
  /**
656
- * @public
657
656
  * <p>A token used for pagination of results returned.</p>
657
+ * @public
658
658
  */
659
659
  nextToken?: string;
660
660
  }
661
661
  /**
662
- * @public
663
662
  * <p>Retroactively applies an archive rule.</p>
663
+ * @public
664
664
  */
665
665
  export interface ApplyArchiveRuleRequest {
666
666
  /**
667
- * @public
668
667
  * <p>The Amazon resource name (ARN) of the analyzer.</p>
668
+ * @public
669
669
  */
670
670
  analyzerArn: string | undefined;
671
671
  /**
672
- * @public
673
672
  * <p>The name of the rule to apply.</p>
673
+ * @public
674
674
  */
675
675
  ruleName: string | undefined;
676
676
  /**
677
- * @public
678
677
  * <p>A client token.</p>
678
+ * @public
679
679
  */
680
680
  clientToken?: string;
681
681
  }
@@ -684,11 +684,11 @@ export interface ApplyArchiveRuleRequest {
684
684
  */
685
685
  export interface CancelPolicyGenerationRequest {
686
686
  /**
687
- * @public
688
687
  * <p>The <code>JobId</code> that is returned by the <code>StartPolicyGeneration</code>
689
688
  * operation. The <code>JobId</code> can be used with <code>GetGeneratedPolicy</code> to
690
689
  * retrieve the generated policies or used with <code>CancelPolicyGeneration</code> to cancel
691
690
  * the policy generation request.</p>
691
+ * @public
692
692
  */
693
693
  jobId: string | undefined;
694
694
  }
@@ -714,45 +714,45 @@ export type AccessCheckPolicyType = (typeof AccessCheckPolicyType)[keyof typeof
714
714
  */
715
715
  export interface CheckAccessNotGrantedRequest {
716
716
  /**
717
- * @public
718
717
  * <p>The JSON policy document to use as the content for the policy.</p>
718
+ * @public
719
719
  */
720
720
  policyDocument: string | undefined;
721
721
  /**
722
- * @public
723
722
  * <p>An access object containing the permissions that shouldn't be granted by the specified
724
723
  * policy.</p>
724
+ * @public
725
725
  */
726
726
  access: Access[] | undefined;
727
727
  /**
728
- * @public
729
728
  * <p>The type of policy. Identity policies grant permissions to IAM principals. Identity
730
729
  * policies include managed and inline policies for IAM roles, users, and groups.</p>
731
730
  * <p>Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust
732
731
  * policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic
733
732
  * input such as identity policy or resource policy or a specific input such as managed policy
734
733
  * or Amazon S3 bucket policy.</p>
734
+ * @public
735
735
  */
736
736
  policyType: AccessCheckPolicyType | undefined;
737
737
  }
738
738
  /**
739
- * @public
740
739
  * <p>Contains information about the reasoning why a check for access passed or failed.</p>
740
+ * @public
741
741
  */
742
742
  export interface ReasonSummary {
743
743
  /**
744
- * @public
745
744
  * <p>A description of the reasoning of a result of checking for access.</p>
745
+ * @public
746
746
  */
747
747
  description?: string;
748
748
  /**
749
- * @public
750
749
  * <p>The index number of the reason statement.</p>
750
+ * @public
751
751
  */
752
752
  statementIndex?: number;
753
753
  /**
754
- * @public
755
754
  * <p>The identifier for the reason statement.</p>
755
+ * @public
756
756
  */
757
757
  statementId?: string;
758
758
  }
@@ -773,27 +773,27 @@ export type CheckAccessNotGrantedResult = (typeof CheckAccessNotGrantedResult)[k
773
773
  */
774
774
  export interface CheckAccessNotGrantedResponse {
775
775
  /**
776
- * @public
777
776
  * <p>The result of the check for whether the access is allowed. If the result is
778
777
  * <code>PASS</code>, the specified policy doesn't allow any of the specified permissions
779
778
  * in the access object. If the result is <code>FAIL</code>, the specified policy might allow
780
779
  * some or all of the permissions in the access object.</p>
780
+ * @public
781
781
  */
782
782
  result?: CheckAccessNotGrantedResult;
783
783
  /**
784
- * @public
785
784
  * <p>The message indicating whether the specified access is allowed.</p>
785
+ * @public
786
786
  */
787
787
  message?: string;
788
788
  /**
789
- * @public
790
789
  * <p>A description of the reasoning of the result.</p>
790
+ * @public
791
791
  */
792
792
  reasons?: ReasonSummary[];
793
793
  }
794
794
  /**
795
- * @public
796
795
  * <p>The specified parameter is invalid.</p>
796
+ * @public
797
797
  */
798
798
  export declare class InvalidParameterException extends __BaseException {
799
799
  readonly name: "InvalidParameterException";
@@ -804,8 +804,8 @@ export declare class InvalidParameterException extends __BaseException {
804
804
  constructor(opts: __ExceptionOptionType<InvalidParameterException, __BaseException>);
805
805
  }
806
806
  /**
807
- * @public
808
807
  * <p>The specified entity could not be processed.</p>
808
+ * @public
809
809
  */
810
810
  export declare class UnprocessableEntityException extends __BaseException {
811
811
  readonly name: "UnprocessableEntityException";
@@ -821,17 +821,16 @@ export declare class UnprocessableEntityException extends __BaseException {
821
821
  */
822
822
  export interface CheckNoNewAccessRequest {
823
823
  /**
824
- * @public
825
824
  * <p>The JSON policy document to use as the content for the updated policy.</p>
825
+ * @public
826
826
  */
827
827
  newPolicyDocument: string | undefined;
828
828
  /**
829
- * @public
830
829
  * <p>The JSON policy document to use as the content for the existing policy.</p>
830
+ * @public
831
831
  */
832
832
  existingPolicyDocument: string | undefined;
833
833
  /**
834
- * @public
835
834
  * <p>The type of policy to compare. Identity policies grant permissions to IAM principals.
836
835
  * Identity policies include managed and inline policies for IAM roles, users, and
837
836
  * groups.</p>
@@ -839,6 +838,7 @@ export interface CheckNoNewAccessRequest {
839
838
  * policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic
840
839
  * input such as identity policy or resource policy or a specific input such as managed policy
841
840
  * or Amazon S3 bucket policy.</p>
841
+ * @public
842
842
  */
843
843
  policyType: AccessCheckPolicyType | undefined;
844
844
  }
@@ -859,33 +859,32 @@ export type CheckNoNewAccessResult = (typeof CheckNoNewAccessResult)[keyof typeo
859
859
  */
860
860
  export interface CheckNoNewAccessResponse {
861
861
  /**
862
- * @public
863
862
  * <p>The result of the check for new access. If the result is <code>PASS</code>, no new
864
863
  * access is allowed by the updated policy. If the result is <code>FAIL</code>, the updated
865
864
  * policy might allow new access.</p>
865
+ * @public
866
866
  */
867
867
  result?: CheckNoNewAccessResult;
868
868
  /**
869
- * @public
870
869
  * <p>The message indicating whether the updated policy allows new access.</p>
870
+ * @public
871
871
  */
872
872
  message?: string;
873
873
  /**
874
- * @public
875
874
  * <p>A description of the reasoning of the result.</p>
875
+ * @public
876
876
  */
877
877
  reasons?: ReasonSummary[];
878
878
  }
879
879
  /**
880
- * @public
881
880
  * <p>The proposed access control configuration for an Amazon EBS volume snapshot. You can propose
882
881
  * a configuration for a new Amazon EBS volume snapshot or an Amazon EBS volume snapshot that you own by
883
882
  * specifying the user IDs, groups, and optional KMS encryption key. For more information,
884
883
  * see <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html">ModifySnapshotAttribute</a>.</p>
884
+ * @public
885
885
  */
886
886
  export interface EbsSnapshotConfiguration {
887
887
  /**
888
- * @public
889
888
  * <p>The IDs of the Amazon Web Services accounts that have access to the Amazon EBS volume snapshot.</p>
890
889
  * <ul>
891
890
  * <li>
@@ -903,10 +902,10 @@ export interface EbsSnapshotConfiguration {
903
902
  * empty list for <code>userIds</code>.</p>
904
903
  * </li>
905
904
  * </ul>
905
+ * @public
906
906
  */
907
907
  userIds?: string[];
908
908
  /**
909
- * @public
910
909
  * <p>The groups that have access to the Amazon EBS volume snapshot. If the value <code>all</code>
911
910
  * is specified, then the Amazon EBS volume snapshot is public.</p>
912
911
  * <ul>
@@ -925,10 +924,10 @@ export interface EbsSnapshotConfiguration {
925
924
  * empty list for <code>groups</code>.</p>
926
925
  * </li>
927
926
  * </ul>
927
+ * @public
928
928
  */
929
929
  groups?: string[];
930
930
  /**
931
- * @public
932
931
  * <p>The KMS key identifier for an encrypted Amazon EBS volume snapshot. The KMS key
933
932
  * identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.</p>
934
933
  * <ul>
@@ -943,11 +942,11 @@ export interface EbsSnapshotConfiguration {
943
942
  * unencrypted.</p>
944
943
  * </li>
945
944
  * </ul>
945
+ * @public
946
946
  */
947
947
  kmsKeyId?: string;
948
948
  }
949
949
  /**
950
- * @public
951
950
  * <p>The proposed access control configuration for an Amazon ECR repository. You can propose a
952
951
  * configuration for a new Amazon ECR repository or an existing Amazon ECR repository that you own by
953
952
  * specifying the Amazon ECR policy. For more information, see <a href="https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html">Repository</a>.</p>
@@ -966,18 +965,18 @@ export interface EbsSnapshotConfiguration {
966
965
  * empty string for the Amazon ECR policy.</p>
967
966
  * </li>
968
967
  * </ul>
968
+ * @public
969
969
  */
970
970
  export interface EcrRepositoryConfiguration {
971
971
  /**
972
- * @public
973
972
  * <p>The JSON repository policy text to apply to the Amazon ECR repository. For more information,
974
973
  * see <a href="https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html">Private repository
975
974
  * policy examples</a> in the <i>Amazon ECR User Guide</i>.</p>
975
+ * @public
976
976
  */
977
977
  repositoryPolicy?: string;
978
978
  }
979
979
  /**
980
- * @public
981
980
  * <p>The proposed access control configuration for an Amazon EFS file system. You can propose a
982
981
  * configuration for a new Amazon EFS file system or an existing Amazon EFS file system that you own by
983
982
  * specifying the Amazon EFS policy. For more information, see <a href="https://docs.aws.amazon.com/efs/latest/ug/using-fs.html">Using file systems in Amazon EFS</a>.</p>
@@ -996,17 +995,17 @@ export interface EcrRepositoryConfiguration {
996
995
  * empty string for the Amazon EFS policy.</p>
997
996
  * </li>
998
997
  * </ul>
998
+ * @public
999
999
  */
1000
1000
  export interface EfsFileSystemConfiguration {
1001
1001
  /**
1002
- * @public
1003
1002
  * <p>The JSON policy definition to apply to the Amazon EFS file system. For more information on
1004
1003
  * the elements that make up a file system policy, see <a href="https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies">Amazon EFS Resource-based policies</a>.</p>
1004
+ * @public
1005
1005
  */
1006
1006
  fileSystemPolicy?: string;
1007
1007
  }
1008
1008
  /**
1009
- * @public
1010
1009
  * <p>The proposed access control configuration for an IAM role. You can propose a
1011
1010
  * configuration for a new IAM role or an existing IAM role that you own by specifying the
1012
1011
  * trust policy. If the configuration is for a new IAM role, you must specify the trust
@@ -1015,37 +1014,38 @@ export interface EfsFileSystemConfiguration {
1015
1014
  * The proposed trust policy cannot be an empty string. For more information about role trust
1016
1015
  * policy limits, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html">IAM and STS
1017
1016
  * quotas</a>.</p>
1017
+ * @public
1018
1018
  */
1019
1019
  export interface IamRoleConfiguration {
1020
1020
  /**
1021
- * @public
1022
1021
  * <p>The proposed trust policy for the IAM role.</p>
1022
+ * @public
1023
1023
  */
1024
1024
  trustPolicy?: string;
1025
1025
  }
1026
1026
  /**
1027
- * @public
1028
1027
  * <p>Use this structure to propose allowing <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
1029
1028
  * operations</a> in the grant only when the operation request includes the specified
1030
1029
  * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">encryption
1031
1030
  * context</a>. You can specify only one type of encryption context. An empty map is
1032
1031
  * treated as not specified. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html">GrantConstraints</a>.</p>
1032
+ * @public
1033
1033
  */
1034
1034
  export interface KmsGrantConstraints {
1035
1035
  /**
1036
- * @public
1037
1036
  * <p>A list of key-value pairs that must match the encryption context in the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
1038
1037
  * operation</a> request. The grant allows the operation only when the encryption
1039
1038
  * context in the request is the same as the encryption context specified in this
1040
1039
  * constraint.</p>
1040
+ * @public
1041
1041
  */
1042
1042
  encryptionContextEquals?: Record<string, string>;
1043
1043
  /**
1044
- * @public
1045
1044
  * <p>A list of key-value pairs that must be included in the encryption context of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
1046
1045
  * operation</a> request. The grant allows the cryptographic operation only when the
1047
1046
  * encryption context in the request includes the key-value pairs specified in this
1048
1047
  * constraint, although it can include additional key-value pairs.</p>
1048
+ * @public
1049
1049
  */
1050
1050
  encryptionContextSubset?: Record<string, string>;
1051
1051
  }
@@ -1074,43 +1074,42 @@ export declare const KmsGrantOperation: {
1074
1074
  */
1075
1075
  export type KmsGrantOperation = (typeof KmsGrantOperation)[keyof typeof KmsGrantOperation];
1076
1076
  /**
1077
- * @public
1078
1077
  * <p>A proposed grant configuration for a KMS key. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html">CreateGrant</a>.</p>
1078
+ * @public
1079
1079
  */
1080
1080
  export interface KmsGrantConfiguration {
1081
1081
  /**
1082
- * @public
1083
1082
  * <p>A list of operations that the grant permits.</p>
1083
+ * @public
1084
1084
  */
1085
1085
  operations: KmsGrantOperation[] | undefined;
1086
1086
  /**
1087
- * @public
1088
1087
  * <p>The principal that is given permission to perform the operations that the grant
1089
1088
  * permits.</p>
1089
+ * @public
1090
1090
  */
1091
1091
  granteePrincipal: string | undefined;
1092
1092
  /**
1093
- * @public
1094
1093
  * <p>The principal that is given permission to retire the grant by using <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html">RetireGrant</a> operation.</p>
1094
+ * @public
1095
1095
  */
1096
1096
  retiringPrincipal?: string;
1097
1097
  /**
1098
- * @public
1099
1098
  * <p>Use this structure to propose allowing <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
1100
1099
  * operations</a> in the grant only when the operation request includes the specified
1101
1100
  * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">encryption
1102
1101
  * context</a>.</p>
1102
+ * @public
1103
1103
  */
1104
1104
  constraints?: KmsGrantConstraints;
1105
1105
  /**
1106
- * @public
1107
1106
  * <p> The Amazon Web Services account under which the grant was issued. The account is used to propose
1108
1107
  * KMS grants issued by accounts other than the owner of the key.</p>
1108
+ * @public
1109
1109
  */
1110
1110
  issuingAccount: string | undefined;
1111
1111
  }
1112
1112
  /**
1113
- * @public
1114
1113
  * <p>Proposed access control configuration for a KMS key. You can propose a configuration
1115
1114
  * for a new KMS key or an existing KMS key that you own by specifying the key policy and
1116
1115
  * KMS grant configuration. If the configuration is for an existing key and you do not
@@ -1121,27 +1120,28 @@ export interface KmsGrantConfiguration {
1121
1120
  * policy</a>. For more information about key policy limits, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html">Resource
1122
1121
  * quotas</a>.</p>
1123
1122
  * <p/>
1123
+ * @public
1124
1124
  */
1125
1125
  export interface KmsKeyConfiguration {
1126
1126
  /**
1127
- * @public
1128
1127
  * <p>Resource policy configuration for the KMS key. The only valid value for the name of
1129
1128
  * the key policy is <code>default</code>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default">Default key
1130
1129
  * policy</a>.</p>
1130
+ * @public
1131
1131
  */
1132
1132
  keyPolicies?: Record<string, string>;
1133
1133
  /**
1134
- * @public
1135
1134
  * <p>A list of proposed grant configurations for the KMS key. If the proposed grant
1136
1135
  * configuration is for an existing key, the access preview uses the proposed list of grant
1137
1136
  * configurations in place of the existing grants. Otherwise, the access preview uses the
1138
1137
  * existing grants for the key.</p>
1138
+ * @public
1139
1139
  */
1140
1140
  grants?: KmsGrantConfiguration[];
1141
1141
  }
1142
1142
  /**
1143
- * @public
1144
1143
  * <p>The values for a manual Amazon RDS DB cluster snapshot attribute.</p>
1144
+ * @public
1145
1145
  */
1146
1146
  export type RdsDbClusterSnapshotAttributeValue = RdsDbClusterSnapshotAttributeValue.AccountIdsMember | RdsDbClusterSnapshotAttributeValue.$UnknownMember;
1147
1147
  /**
@@ -1149,7 +1149,6 @@ export type RdsDbClusterSnapshotAttributeValue = RdsDbClusterSnapshotAttributeVa
1149
1149
  */
1150
1150
  export declare namespace RdsDbClusterSnapshotAttributeValue {
1151
1151
  /**
1152
- * @public
1153
1152
  * <p>The Amazon Web Services account IDs that have access to the manual Amazon RDS DB cluster snapshot. If the
1154
1153
  * value <code>all</code> is specified, then the Amazon RDS DB cluster snapshot is public and can
1155
1154
  * be copied or restored by all Amazon Web Services accounts.</p>
@@ -1171,6 +1170,7 @@ export declare namespace RdsDbClusterSnapshotAttributeValue {
1171
1170
  * <code>RdsDbClusterSnapshotAttributeValue</code>.</p>
1172
1171
  * </li>
1173
1172
  * </ul>
1173
+ * @public
1174
1174
  */
1175
1175
  interface AccountIdsMember {
1176
1176
  accountIds: string[];
@@ -1190,24 +1190,23 @@ export declare namespace RdsDbClusterSnapshotAttributeValue {
1190
1190
  const visit: <T>(value: RdsDbClusterSnapshotAttributeValue, visitor: Visitor<T>) => T;
1191
1191
  }
1192
1192
  /**
1193
- * @public
1194
1193
  * <p>The proposed access control configuration for an Amazon RDS DB cluster snapshot. You can
1195
1194
  * propose a configuration for a new Amazon RDS DB cluster snapshot or an Amazon RDS DB cluster snapshot
1196
1195
  * that you own by specifying the <code>RdsDbClusterSnapshotAttributeValue</code> and optional
1197
1196
  * KMS encryption key. For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html">ModifyDBClusterSnapshotAttribute</a>.</p>
1197
+ * @public
1198
1198
  */
1199
1199
  export interface RdsDbClusterSnapshotConfiguration {
1200
1200
  /**
1201
- * @public
1202
1201
  * <p>The names and values of manual DB cluster snapshot attributes. Manual DB cluster
1203
1202
  * snapshot attributes are used to authorize other Amazon Web Services accounts to restore a manual DB
1204
1203
  * cluster snapshot. The only valid value for <code>AttributeName</code> for the attribute map
1205
1204
  * is <code>restore</code>
1206
1205
  * </p>
1206
+ * @public
1207
1207
  */
1208
1208
  attributes?: Record<string, RdsDbClusterSnapshotAttributeValue>;
1209
1209
  /**
1210
- * @public
1211
1210
  * <p>The KMS key identifier for an encrypted Amazon RDS DB cluster snapshot. The KMS key
1212
1211
  * identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.</p>
1213
1212
  * <ul>
@@ -1222,14 +1221,15 @@ export interface RdsDbClusterSnapshotConfiguration {
1222
1221
  * unencrypted.</p>
1223
1222
  * </li>
1224
1223
  * </ul>
1224
+ * @public
1225
1225
  */
1226
1226
  kmsKeyId?: string;
1227
1227
  }
1228
1228
  /**
1229
- * @public
1230
1229
  * <p>The name and values of a manual Amazon RDS DB snapshot attribute. Manual DB snapshot
1231
1230
  * attributes are used to authorize other Amazon Web Services accounts to restore a manual DB
1232
1231
  * snapshot.</p>
1232
+ * @public
1233
1233
  */
1234
1234
  export type RdsDbSnapshotAttributeValue = RdsDbSnapshotAttributeValue.AccountIdsMember | RdsDbSnapshotAttributeValue.$UnknownMember;
1235
1235
  /**
@@ -1237,7 +1237,6 @@ export type RdsDbSnapshotAttributeValue = RdsDbSnapshotAttributeValue.AccountIds
1237
1237
  */
1238
1238
  export declare namespace RdsDbSnapshotAttributeValue {
1239
1239
  /**
1240
- * @public
1241
1240
  * <p>The Amazon Web Services account IDs that have access to the manual Amazon RDS DB snapshot. If the value
1242
1241
  * <code>all</code> is specified, then the Amazon RDS DB snapshot is public and can be copied or
1243
1242
  * restored by all Amazon Web Services accounts.</p>
@@ -1259,6 +1258,7 @@ export declare namespace RdsDbSnapshotAttributeValue {
1259
1258
  * <code>RdsDbSnapshotAttributeValue</code>.</p>
1260
1259
  * </li>
1261
1260
  * </ul>
1261
+ * @public
1262
1262
  */
1263
1263
  interface AccountIdsMember {
1264
1264
  accountIds: string[];
@@ -1278,22 +1278,21 @@ export declare namespace RdsDbSnapshotAttributeValue {
1278
1278
  const visit: <T>(value: RdsDbSnapshotAttributeValue, visitor: Visitor<T>) => T;
1279
1279
  }
1280
1280
  /**
1281
- * @public
1282
1281
  * <p>The proposed access control configuration for an Amazon RDS DB snapshot. You can propose a
1283
1282
  * configuration for a new Amazon RDS DB snapshot or an Amazon RDS DB snapshot that you own by
1284
1283
  * specifying the <code>RdsDbSnapshotAttributeValue</code> and optional KMS encryption key.
1285
1284
  * For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html">ModifyDBSnapshotAttribute</a>.</p>
1285
+ * @public
1286
1286
  */
1287
1287
  export interface RdsDbSnapshotConfiguration {
1288
1288
  /**
1289
- * @public
1290
1289
  * <p>The names and values of manual DB snapshot attributes. Manual DB snapshot attributes are
1291
1290
  * used to authorize other Amazon Web Services accounts to restore a manual DB snapshot. The only valid
1292
1291
  * value for <code>attributeName</code> for the attribute map is restore.</p>
1292
+ * @public
1293
1293
  */
1294
1294
  attributes?: Record<string, RdsDbSnapshotAttributeValue>;
1295
1295
  /**
1296
- * @public
1297
1296
  * <p>The KMS key identifier for an encrypted Amazon RDS DB snapshot. The KMS key identifier is
1298
1297
  * the key ARN, key ID, alias ARN, or alias name for the KMS key.</p>
1299
1298
  * <ul>
@@ -1308,32 +1307,32 @@ export interface RdsDbSnapshotConfiguration {
1308
1307
  * unencrypted.</p>
1309
1308
  * </li>
1310
1309
  * </ul>
1310
+ * @public
1311
1311
  */
1312
1312
  kmsKeyId?: string;
1313
1313
  }
1314
1314
  /**
1315
- * @public
1316
1315
  * <p>This configuration sets the network origin for the Amazon S3 access point or multi-region
1317
1316
  * access point to <code>Internet</code>.</p>
1317
+ * @public
1318
1318
  */
1319
1319
  export interface InternetConfiguration {
1320
1320
  }
1321
1321
  /**
1322
- * @public
1323
1322
  * <p>The proposed virtual private cloud (VPC) configuration for the Amazon S3 access point. VPC
1324
1323
  * configuration does not apply to multi-region access points. For more information, see
1325
1324
  * <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html">VpcConfiguration</a>. </p>
1325
+ * @public
1326
1326
  */
1327
1327
  export interface VpcConfiguration {
1328
1328
  /**
1329
- * @public
1330
1329
  * <p> If this field is specified, this access point will only allow connections from the
1331
1330
  * specified VPC ID. </p>
1331
+ * @public
1332
1332
  */
1333
1333
  vpcId: string | undefined;
1334
1334
  }
1335
1335
  /**
1336
- * @public
1337
1336
  * <p>The proposed <code>InternetConfiguration</code> or <code>VpcConfiguration</code> to
1338
1337
  * apply to the Amazon S3 access point. <code>VpcConfiguration</code> does not apply to
1339
1338
  * multi-region access points. You can make the access point accessible from the internet, or
@@ -1341,6 +1340,7 @@ export interface VpcConfiguration {
1341
1340
  * specific virtual private cloud (VPC). You can specify only one type of network
1342
1341
  * configuration. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html">Creating access
1343
1342
  * points</a>.</p>
1343
+ * @public
1344
1344
  */
1345
1345
  export type NetworkOriginConfiguration = NetworkOriginConfiguration.InternetConfigurationMember | NetworkOriginConfiguration.VpcConfigurationMember | NetworkOriginConfiguration.$UnknownMember;
1346
1346
  /**
@@ -1348,10 +1348,10 @@ export type NetworkOriginConfiguration = NetworkOriginConfiguration.InternetConf
1348
1348
  */
1349
1349
  export declare namespace NetworkOriginConfiguration {
1350
1350
  /**
1351
- * @public
1352
1351
  * <p>The proposed virtual private cloud (VPC) configuration for the Amazon S3 access point. VPC
1353
1352
  * configuration does not apply to multi-region access points. For more information, see
1354
1353
  * <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html">VpcConfiguration</a>. </p>
1354
+ * @public
1355
1355
  */
1356
1356
  interface VpcConfigurationMember {
1357
1357
  vpcConfiguration: VpcConfiguration;
@@ -1359,9 +1359,9 @@ export declare namespace NetworkOriginConfiguration {
1359
1359
  $unknown?: never;
1360
1360
  }
1361
1361
  /**
1362
- * @public
1363
1362
  * <p>The configuration for the Amazon S3 access point or multi-region access point with an
1364
1363
  * <code>Internet</code> origin.</p>
1364
+ * @public
1365
1365
  */
1366
1366
  interface InternetConfigurationMember {
1367
1367
  vpcConfiguration?: never;
@@ -1384,7 +1384,6 @@ export declare namespace NetworkOriginConfiguration {
1384
1384
  const visit: <T>(value: NetworkOriginConfiguration, visitor: Visitor<T>) => T;
1385
1385
  }
1386
1386
  /**
1387
- * @public
1388
1387
  * <p>The <code>PublicAccessBlock</code> configuration to apply to this Amazon S3 bucket. If the
1389
1388
  * proposed configuration is for an existing Amazon S3 bucket and the configuration is not
1390
1389
  * specified, the access preview uses the existing setting. If the proposed configuration is
@@ -1392,22 +1391,22 @@ export declare namespace NetworkOriginConfiguration {
1392
1391
  * <code>false</code>. If the proposed configuration is for a new access point or
1393
1392
  * multi-region access point and the access point BPA configuration is not specified, the
1394
1393
  * access preview uses <code>true</code>. For more information, see <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html">PublicAccessBlockConfiguration</a>. </p>
1394
+ * @public
1395
1395
  */
1396
1396
  export interface S3PublicAccessBlockConfiguration {
1397
1397
  /**
1398
- * @public
1399
1398
  * <p> Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this
1400
1399
  * bucket. </p>
1400
+ * @public
1401
1401
  */
1402
1402
  ignorePublicAcls: boolean | undefined;
1403
1403
  /**
1404
- * @public
1405
1404
  * <p> Specifies whether Amazon S3 should restrict public bucket policies for this bucket. </p>
1405
+ * @public
1406
1406
  */
1407
1407
  restrictPublicBuckets: boolean | undefined;
1408
1408
  }
1409
1409
  /**
1410
- * @public
1411
1410
  * <p>The configuration for an Amazon S3 access point or multi-region access point for the bucket.
1412
1411
  * You can propose up to 10 access points or multi-region access points per bucket. If the
1413
1412
  * proposed Amazon S3 access point configuration is for an existing bucket, the access preview uses
@@ -1416,34 +1415,35 @@ export interface S3PublicAccessBlockConfiguration {
1416
1415
  * policy. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html">Creating access points</a>.
1417
1416
  * For more information about access point policy limits, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html">Access points
1418
1417
  * restrictions and limitations</a>.</p>
1418
+ * @public
1419
1419
  */
1420
1420
  export interface S3AccessPointConfiguration {
1421
1421
  /**
1422
- * @public
1423
1422
  * <p>The access point or multi-region access point policy.</p>
1423
+ * @public
1424
1424
  */
1425
1425
  accessPointPolicy?: string;
1426
1426
  /**
1427
- * @public
1428
1427
  * <p>The proposed <code>S3PublicAccessBlock</code> configuration to apply to this Amazon S3 access
1429
1428
  * point or multi-region access point.</p>
1429
+ * @public
1430
1430
  */
1431
1431
  publicAccessBlock?: S3PublicAccessBlockConfiguration;
1432
1432
  /**
1433
- * @public
1434
1433
  * <p>The proposed <code>Internet</code> and <code>VpcConfiguration</code> to apply to this
1435
1434
  * Amazon S3 access point. <code>VpcConfiguration</code> does not apply to multi-region access
1436
1435
  * points. If the access preview is for a new resource and neither is specified, the access
1437
1436
  * preview uses <code>Internet</code> for the network origin. If the access preview is for an
1438
1437
  * existing resource and neither is specified, the access preview uses the exiting network
1439
1438
  * origin.</p>
1439
+ * @public
1440
1440
  */
1441
1441
  networkOrigin?: NetworkOriginConfiguration;
1442
1442
  }
1443
1443
  /**
1444
- * @public
1445
1444
  * <p>You specify each grantee as a type-value pair using one of these types. You can specify
1446
1445
  * only one type of grantee. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html">PutBucketAcl</a>.</p>
1446
+ * @public
1447
1447
  */
1448
1448
  export type AclGrantee = AclGrantee.IdMember | AclGrantee.UriMember | AclGrantee.$UnknownMember;
1449
1449
  /**
@@ -1451,8 +1451,8 @@ export type AclGrantee = AclGrantee.IdMember | AclGrantee.UriMember | AclGrantee
1451
1451
  */
1452
1452
  export declare namespace AclGrantee {
1453
1453
  /**
1454
- * @public
1455
1454
  * <p>The value specified is the canonical user ID of an Amazon Web Services account.</p>
1455
+ * @public
1456
1456
  */
1457
1457
  interface IdMember {
1458
1458
  id: string;
@@ -1460,8 +1460,8 @@ export declare namespace AclGrantee {
1460
1460
  $unknown?: never;
1461
1461
  }
1462
1462
  /**
1463
- * @public
1464
1463
  * <p>Used for granting permissions to a predefined group.</p>
1464
+ * @public
1465
1465
  */
1466
1466
  interface UriMember {
1467
1467
  id?: never;
@@ -1499,25 +1499,24 @@ export declare const AclPermission: {
1499
1499
  */
1500
1500
  export type AclPermission = (typeof AclPermission)[keyof typeof AclPermission];
1501
1501
  /**
1502
- * @public
1503
1502
  * <p>A proposed access control list grant configuration for an Amazon S3 bucket. For more
1504
1503
  * information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#setting-acls">How to Specify an
1505
1504
  * ACL</a>.</p>
1505
+ * @public
1506
1506
  */
1507
1507
  export interface S3BucketAclGrantConfiguration {
1508
1508
  /**
1509
- * @public
1510
1509
  * <p>The permissions being granted.</p>
1510
+ * @public
1511
1511
  */
1512
1512
  permission: AclPermission | undefined;
1513
1513
  /**
1514
- * @public
1515
1514
  * <p>The grantee to whom you’re assigning access rights.</p>
1515
+ * @public
1516
1516
  */
1517
1517
  grantee: AclGrantee | undefined;
1518
1518
  }
1519
1519
  /**
1520
- * @public
1521
1520
  * <p>Proposed access control configuration for an Amazon S3 bucket. You can propose a
1522
1521
  * configuration for a new Amazon S3 bucket or an existing Amazon S3 bucket that you own by specifying
1523
1522
  * the Amazon S3 bucket policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and
@@ -1528,35 +1527,35 @@ export interface S3BucketAclGrantConfiguration {
1528
1527
  * policy. To propose deletion of an existing bucket policy, you can specify an empty string.
1529
1528
  * For more information about bucket policy limits, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html">Bucket Policy
1530
1529
  * Examples</a>.</p>
1530
+ * @public
1531
1531
  */
1532
1532
  export interface S3BucketConfiguration {
1533
1533
  /**
1534
- * @public
1535
1534
  * <p>The proposed bucket policy for the Amazon S3 bucket.</p>
1535
+ * @public
1536
1536
  */
1537
1537
  bucketPolicy?: string;
1538
1538
  /**
1539
- * @public
1540
1539
  * <p>The proposed list of ACL grants for the Amazon S3 bucket. You can propose up to 100 ACL
1541
1540
  * grants per bucket. If the proposed grant configuration is for an existing bucket, the
1542
1541
  * access preview uses the proposed list of grant configurations in place of the existing
1543
1542
  * grants. Otherwise, the access preview uses the existing grants for the bucket.</p>
1543
+ * @public
1544
1544
  */
1545
1545
  bucketAclGrants?: S3BucketAclGrantConfiguration[];
1546
1546
  /**
1547
- * @public
1548
1547
  * <p>The proposed block public access configuration for the Amazon S3 bucket.</p>
1548
+ * @public
1549
1549
  */
1550
1550
  bucketPublicAccessBlock?: S3PublicAccessBlockConfiguration;
1551
1551
  /**
1552
- * @public
1553
1552
  * <p>The configuration of Amazon S3 access points or multi-region access points for the bucket.
1554
1553
  * You can propose up to 10 new access points per bucket.</p>
1554
+ * @public
1555
1555
  */
1556
1556
  accessPoints?: Record<string, S3AccessPointConfiguration>;
1557
1557
  }
1558
1558
  /**
1559
- * @public
1560
1559
  * <p>Proposed access control configuration for an Amazon S3 directory bucket. You can propose a
1561
1560
  * configuration for a new Amazon S3 directory bucket or an existing Amazon S3 directory bucket that you
1562
1561
  * own by specifying the Amazon S3 bucket policy. If the configuration is for an existing Amazon S3
@@ -1566,16 +1565,16 @@ export interface S3BucketConfiguration {
1566
1565
  * directory bucket without a policy. To propose deletion of an existing bucket policy, you
1567
1566
  * can specify an empty string. For more information about Amazon S3 directory bucket policies, see
1568
1567
  * <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html">Example directory bucket policies for S3 Express One Zone</a>.</p>
1568
+ * @public
1569
1569
  */
1570
1570
  export interface S3ExpressDirectoryBucketConfiguration {
1571
1571
  /**
1572
- * @public
1573
1572
  * <p>The proposed bucket policy for the Amazon S3 directory bucket.</p>
1573
+ * @public
1574
1574
  */
1575
1575
  bucketPolicy?: string;
1576
1576
  }
1577
1577
  /**
1578
- * @public
1579
1578
  * <p>The configuration for a Secrets Manager secret. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html">CreateSecret</a>.</p>
1580
1579
  * <p>You can propose a configuration for a new secret or an existing secret that you own by
1581
1580
  * specifying the secret policy and optional KMS encryption key. If the configuration is for
@@ -1588,21 +1587,21 @@ export interface S3ExpressDirectoryBucketConfiguration {
1588
1587
  * string for the KMS key ID, the access preview uses the Amazon Web Services managed key of the
1589
1588
  * Amazon Web Services account. For more information about secret policy limits, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html">Quotas
1590
1589
  * for Secrets Manager.</a>.</p>
1590
+ * @public
1591
1591
  */
1592
1592
  export interface SecretsManagerSecretConfiguration {
1593
1593
  /**
1594
- * @public
1595
1594
  * <p>The proposed ARN, key ID, or alias of the KMS key.</p>
1595
+ * @public
1596
1596
  */
1597
1597
  kmsKeyId?: string;
1598
1598
  /**
1599
- * @public
1600
1599
  * <p>The proposed resource policy defining who can access or manage the secret.</p>
1600
+ * @public
1601
1601
  */
1602
1602
  secretPolicy?: string;
1603
1603
  }
1604
1604
  /**
1605
- * @public
1606
1605
  * <p>The proposed access control configuration for an Amazon SNS topic. You can propose a
1607
1606
  * configuration for a new Amazon SNS topic or an existing Amazon SNS topic that you own by specifying
1608
1607
  * the policy. If the configuration is for an existing Amazon SNS topic and you do not specify the
@@ -1611,18 +1610,18 @@ export interface SecretsManagerSecretConfiguration {
1611
1610
  * preview assumes an Amazon SNS topic without a policy. To propose deletion of an existing Amazon SNS
1612
1611
  * topic policy, you can specify an empty string for the Amazon SNS policy. For more information,
1613
1612
  * see <a href="https://docs.aws.amazon.com/sns/latest/api/API_Topic.html">Topic</a>.</p>
1613
+ * @public
1614
1614
  */
1615
1615
  export interface SnsTopicConfiguration {
1616
1616
  /**
1617
- * @public
1618
1617
  * <p>The JSON policy text that defines who can access an Amazon SNS topic. For more information,
1619
1618
  * see <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html">Example cases for Amazon SNS access control</a> in the <i>Amazon SNS Developer
1620
1619
  * Guide</i>.</p>
1620
+ * @public
1621
1621
  */
1622
1622
  topicPolicy?: string;
1623
1623
  }
1624
1624
  /**
1625
- * @public
1626
1625
  * <p>The proposed access control configuration for an Amazon SQS queue. You can propose a
1627
1626
  * configuration for a new Amazon SQS queue or an existing Amazon SQS queue that you own by specifying
1628
1627
  * the Amazon SQS policy. If the configuration is for an existing Amazon SQS queue and you do not
@@ -1632,18 +1631,19 @@ export interface SnsTopicConfiguration {
1632
1631
  * queue policy, you can specify an empty string for the Amazon SQS policy. For more information
1633
1632
  * about Amazon SQS policy limits, see <a href="https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-policies.html">Quotas related
1634
1633
  * to policies</a>.</p>
1634
+ * @public
1635
1635
  */
1636
1636
  export interface SqsQueueConfiguration {
1637
1637
  /**
1638
- * @public
1639
1638
  * <p> The proposed resource policy for the Amazon SQS queue. </p>
1639
+ * @public
1640
1640
  */
1641
1641
  queuePolicy?: string;
1642
1642
  }
1643
1643
  /**
1644
- * @public
1645
1644
  * <p>Access control configuration structures for your resource. You specify the configuration
1646
1645
  * as a type-value pair. You can specify only one type of access control configuration.</p>
1646
+ * @public
1647
1647
  */
1648
1648
  export type Configuration = Configuration.EbsSnapshotMember | Configuration.EcrRepositoryMember | Configuration.EfsFileSystemMember | Configuration.IamRoleMember | Configuration.KmsKeyMember | Configuration.RdsDbClusterSnapshotMember | Configuration.RdsDbSnapshotMember | Configuration.S3BucketMember | Configuration.S3ExpressDirectoryBucketMember | Configuration.SecretsManagerSecretMember | Configuration.SnsTopicMember | Configuration.SqsQueueMember | Configuration.$UnknownMember;
1649
1649
  /**
@@ -1651,8 +1651,8 @@ export type Configuration = Configuration.EbsSnapshotMember | Configuration.EcrR
1651
1651
  */
1652
1652
  export declare namespace Configuration {
1653
1653
  /**
1654
- * @public
1655
1654
  * <p>The access control configuration is for an Amazon EBS volume snapshot.</p>
1655
+ * @public
1656
1656
  */
1657
1657
  interface EbsSnapshotMember {
1658
1658
  ebsSnapshot: EbsSnapshotConfiguration;
@@ -1670,8 +1670,8 @@ export declare namespace Configuration {
1670
1670
  $unknown?: never;
1671
1671
  }
1672
1672
  /**
1673
- * @public
1674
1673
  * <p>The access control configuration is for an Amazon ECR repository.</p>
1674
+ * @public
1675
1675
  */
1676
1676
  interface EcrRepositoryMember {
1677
1677
  ebsSnapshot?: never;
@@ -1689,8 +1689,8 @@ export declare namespace Configuration {
1689
1689
  $unknown?: never;
1690
1690
  }
1691
1691
  /**
1692
- * @public
1693
1692
  * <p>The access control configuration is for an IAM role. </p>
1693
+ * @public
1694
1694
  */
1695
1695
  interface IamRoleMember {
1696
1696
  ebsSnapshot?: never;
@@ -1708,8 +1708,8 @@ export declare namespace Configuration {
1708
1708
  $unknown?: never;
1709
1709
  }
1710
1710
  /**
1711
- * @public
1712
1711
  * <p>The access control configuration is for an Amazon EFS file system.</p>
1712
+ * @public
1713
1713
  */
1714
1714
  interface EfsFileSystemMember {
1715
1715
  ebsSnapshot?: never;
@@ -1727,8 +1727,8 @@ export declare namespace Configuration {
1727
1727
  $unknown?: never;
1728
1728
  }
1729
1729
  /**
1730
- * @public
1731
1730
  * <p>The access control configuration is for a KMS key. </p>
1731
+ * @public
1732
1732
  */
1733
1733
  interface KmsKeyMember {
1734
1734
  ebsSnapshot?: never;
@@ -1746,8 +1746,8 @@ export declare namespace Configuration {
1746
1746
  $unknown?: never;
1747
1747
  }
1748
1748
  /**
1749
- * @public
1750
1749
  * <p>The access control configuration is for an Amazon RDS DB cluster snapshot.</p>
1750
+ * @public
1751
1751
  */
1752
1752
  interface RdsDbClusterSnapshotMember {
1753
1753
  ebsSnapshot?: never;
@@ -1765,8 +1765,8 @@ export declare namespace Configuration {
1765
1765
  $unknown?: never;
1766
1766
  }
1767
1767
  /**
1768
- * @public
1769
1768
  * <p>The access control configuration is for an Amazon RDS DB snapshot.</p>
1769
+ * @public
1770
1770
  */
1771
1771
  interface RdsDbSnapshotMember {
1772
1772
  ebsSnapshot?: never;
@@ -1784,8 +1784,8 @@ export declare namespace Configuration {
1784
1784
  $unknown?: never;
1785
1785
  }
1786
1786
  /**
1787
- * @public
1788
1787
  * <p>The access control configuration is for a Secrets Manager secret.</p>
1788
+ * @public
1789
1789
  */
1790
1790
  interface SecretsManagerSecretMember {
1791
1791
  ebsSnapshot?: never;
@@ -1803,8 +1803,8 @@ export declare namespace Configuration {
1803
1803
  $unknown?: never;
1804
1804
  }
1805
1805
  /**
1806
- * @public
1807
1806
  * <p>The access control configuration is for an Amazon S3 bucket. </p>
1807
+ * @public
1808
1808
  */
1809
1809
  interface S3BucketMember {
1810
1810
  ebsSnapshot?: never;
@@ -1822,8 +1822,8 @@ export declare namespace Configuration {
1822
1822
  $unknown?: never;
1823
1823
  }
1824
1824
  /**
1825
- * @public
1826
1825
  * <p>The access control configuration is for an Amazon SNS topic</p>
1826
+ * @public
1827
1827
  */
1828
1828
  interface SnsTopicMember {
1829
1829
  ebsSnapshot?: never;
@@ -1841,8 +1841,8 @@ export declare namespace Configuration {
1841
1841
  $unknown?: never;
1842
1842
  }
1843
1843
  /**
1844
- * @public
1845
1844
  * <p>The access control configuration is for an Amazon SQS queue. </p>
1845
+ * @public
1846
1846
  */
1847
1847
  interface SqsQueueMember {
1848
1848
  ebsSnapshot?: never;
@@ -1860,8 +1860,8 @@ export declare namespace Configuration {
1860
1860
  $unknown?: never;
1861
1861
  }
1862
1862
  /**
1863
- * @public
1864
1863
  * <p>The access control configuration is for an Amazon S3 directory bucket.</p>
1864
+ * @public
1865
1865
  */
1866
1866
  interface S3ExpressDirectoryBucketMember {
1867
1867
  ebsSnapshot?: never;
@@ -1918,24 +1918,24 @@ export declare namespace Configuration {
1918
1918
  */
1919
1919
  export interface CreateAccessPreviewRequest {
1920
1920
  /**
1921
- * @public
1922
1921
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
1923
1922
  * the account analyzer</a> used to generate the access preview. You can only create an
1924
1923
  * access preview for analyzers with an <code>Account</code> type and <code>Active</code>
1925
1924
  * status.</p>
1925
+ * @public
1926
1926
  */
1927
1927
  analyzerArn: string | undefined;
1928
1928
  /**
1929
- * @public
1930
1929
  * <p>Access control configuration for your resource that is used to generate the access
1931
1930
  * preview. The access preview includes findings for external access allowed to the resource
1932
1931
  * with the proposed access control configuration. The configuration must contain exactly one
1933
1932
  * element.</p>
1933
+ * @public
1934
1934
  */
1935
1935
  configurations: Record<string, Configuration> | undefined;
1936
1936
  /**
1937
- * @public
1938
1937
  * <p>A client token.</p>
1938
+ * @public
1939
1939
  */
1940
1940
  clientToken?: string;
1941
1941
  }
@@ -1944,8 +1944,8 @@ export interface CreateAccessPreviewRequest {
1944
1944
  */
1945
1945
  export interface CreateAccessPreviewResponse {
1946
1946
  /**
1947
- * @public
1948
1947
  * <p>The unique ID for the access preview.</p>
1948
+ * @public
1949
1949
  */
1950
1950
  id: string | undefined;
1951
1951
  }
@@ -1954,14 +1954,14 @@ export interface CreateAccessPreviewResponse {
1954
1954
  */
1955
1955
  export interface GetAccessPreviewRequest {
1956
1956
  /**
1957
- * @public
1958
1957
  * <p>The unique ID for the access preview.</p>
1958
+ * @public
1959
1959
  */
1960
1960
  accessPreviewId: string | undefined;
1961
1961
  /**
1962
- * @public
1963
1962
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
1964
1963
  * the analyzer</a> used to generate the access preview.</p>
1964
+ * @public
1965
1965
  */
1966
1966
  analyzerArn: string | undefined;
1967
1967
  }
@@ -1991,46 +1991,45 @@ export declare const AccessPreviewStatusReasonCode: {
1991
1991
  */
1992
1992
  export type AccessPreviewStatusReasonCode = (typeof AccessPreviewStatusReasonCode)[keyof typeof AccessPreviewStatusReasonCode];
1993
1993
  /**
1994
- * @public
1995
1994
  * <p>Provides more details about the current status of the access preview. For example, if
1996
1995
  * the creation of the access preview fails, a <code>Failed</code> status is returned. This
1997
1996
  * failure can be due to an internal issue with the analysis or due to an invalid proposed
1998
1997
  * resource configuration.</p>
1998
+ * @public
1999
1999
  */
2000
2000
  export interface AccessPreviewStatusReason {
2001
2001
  /**
2002
- * @public
2003
2002
  * <p>The reason code for the current status of the access preview.</p>
2003
+ * @public
2004
2004
  */
2005
2005
  code: AccessPreviewStatusReasonCode | undefined;
2006
2006
  }
2007
2007
  /**
2008
- * @public
2009
2008
  * <p>Contains information about an access preview.</p>
2009
+ * @public
2010
2010
  */
2011
2011
  export interface AccessPreview {
2012
2012
  /**
2013
- * @public
2014
2013
  * <p>The unique ID for the access preview.</p>
2014
+ * @public
2015
2015
  */
2016
2016
  id: string | undefined;
2017
2017
  /**
2018
- * @public
2019
2018
  * <p>The ARN of the analyzer used to generate the access preview.</p>
2019
+ * @public
2020
2020
  */
2021
2021
  analyzerArn: string | undefined;
2022
2022
  /**
2023
- * @public
2024
2023
  * <p>A map of resource ARNs for the proposed resource configuration.</p>
2024
+ * @public
2025
2025
  */
2026
2026
  configurations: Record<string, Configuration> | undefined;
2027
2027
  /**
2028
- * @public
2029
2028
  * <p>The time at which the access preview was created.</p>
2029
+ * @public
2030
2030
  */
2031
2031
  createdAt: Date | undefined;
2032
2032
  /**
2033
- * @public
2034
2033
  * <p>The status of the access preview.</p>
2035
2034
  * <ul>
2036
2035
  * <li>
@@ -2047,14 +2046,15 @@ export interface AccessPreview {
2047
2046
  * <code>Failed</code> - The access preview creation has failed.</p>
2048
2047
  * </li>
2049
2048
  * </ul>
2049
+ * @public
2050
2050
  */
2051
2051
  status: AccessPreviewStatus | undefined;
2052
2052
  /**
2053
- * @public
2054
2053
  * <p>Provides more details about the current status of the access preview.</p>
2055
2054
  * <p>For example, if the creation of the access preview fails, a <code>Failed</code> status
2056
2055
  * is returned. This failure can be due to an internal issue with the analysis or due to an
2057
2056
  * invalid resource configuration.</p>
2057
+ * @public
2058
2058
  */
2059
2059
  statusReason?: AccessPreviewStatusReason;
2060
2060
  }
@@ -2063,25 +2063,25 @@ export interface AccessPreview {
2063
2063
  */
2064
2064
  export interface GetAccessPreviewResponse {
2065
2065
  /**
2066
- * @public
2067
2066
  * <p>An object that contains information about the access preview.</p>
2067
+ * @public
2068
2068
  */
2069
2069
  accessPreview: AccessPreview | undefined;
2070
2070
  }
2071
2071
  /**
2072
- * @public
2073
2072
  * <p>Retrieves an analyzed resource.</p>
2073
+ * @public
2074
2074
  */
2075
2075
  export interface GetAnalyzedResourceRequest {
2076
2076
  /**
2077
- * @public
2078
2077
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
2079
2078
  * the analyzer</a> to retrieve information from.</p>
2079
+ * @public
2080
2080
  */
2081
2081
  analyzerArn: string | undefined;
2082
2082
  /**
2083
- * @public
2084
2083
  * <p>The ARN of the resource to retrieve information about.</p>
2084
+ * @public
2085
2085
  */
2086
2086
  resourceArn: string | undefined;
2087
2087
  }
@@ -2094,113 +2094,113 @@ export type ResourceType = "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS:
2094
2094
  */
2095
2095
  export type FindingStatus = "ACTIVE" | "ARCHIVED" | "RESOLVED";
2096
2096
  /**
2097
- * @public
2098
2097
  * <p>Contains details about the analyzed resource.</p>
2098
+ * @public
2099
2099
  */
2100
2100
  export interface AnalyzedResource {
2101
2101
  /**
2102
- * @public
2103
2102
  * <p>The ARN of the resource that was analyzed.</p>
2103
+ * @public
2104
2104
  */
2105
2105
  resourceArn: string | undefined;
2106
2106
  /**
2107
- * @public
2108
2107
  * <p>The type of the resource that was analyzed.</p>
2108
+ * @public
2109
2109
  */
2110
2110
  resourceType: ResourceType | undefined;
2111
2111
  /**
2112
- * @public
2113
2112
  * <p>The time at which the finding was created.</p>
2113
+ * @public
2114
2114
  */
2115
2115
  createdAt: Date | undefined;
2116
2116
  /**
2117
- * @public
2118
2117
  * <p>The time at which the resource was analyzed.</p>
2118
+ * @public
2119
2119
  */
2120
2120
  analyzedAt: Date | undefined;
2121
2121
  /**
2122
- * @public
2123
2122
  * <p>The time at which the finding was updated.</p>
2123
+ * @public
2124
2124
  */
2125
2125
  updatedAt: Date | undefined;
2126
2126
  /**
2127
- * @public
2128
2127
  * <p>Indicates whether the policy that generated the finding grants public access to the
2129
2128
  * resource.</p>
2129
+ * @public
2130
2130
  */
2131
2131
  isPublic: boolean | undefined;
2132
2132
  /**
2133
- * @public
2134
2133
  * <p>The actions that an external principal is granted permission to use by the policy that
2135
2134
  * generated the finding.</p>
2135
+ * @public
2136
2136
  */
2137
2137
  actions?: string[];
2138
2138
  /**
2139
- * @public
2140
2139
  * <p>Indicates how the access that generated the finding is granted. This is populated for
2141
2140
  * Amazon S3 bucket findings.</p>
2141
+ * @public
2142
2142
  */
2143
2143
  sharedVia?: string[];
2144
2144
  /**
2145
- * @public
2146
2145
  * <p>The current status of the finding generated from the analyzed resource.</p>
2146
+ * @public
2147
2147
  */
2148
2148
  status?: FindingStatus;
2149
2149
  /**
2150
- * @public
2151
2150
  * <p>The Amazon Web Services account ID that owns the resource.</p>
2151
+ * @public
2152
2152
  */
2153
2153
  resourceOwnerAccount: string | undefined;
2154
2154
  /**
2155
- * @public
2156
2155
  * <p>An error message.</p>
2156
+ * @public
2157
2157
  */
2158
2158
  error?: string;
2159
2159
  }
2160
2160
  /**
2161
- * @public
2162
2161
  * <p>The response to the request.</p>
2162
+ * @public
2163
2163
  */
2164
2164
  export interface GetAnalyzedResourceResponse {
2165
2165
  /**
2166
- * @public
2167
2166
  * <p>An <code>AnalyzedResource</code> object that contains information that IAM Access Analyzer
2168
2167
  * found when it analyzed the resource.</p>
2168
+ * @public
2169
2169
  */
2170
2170
  resource?: AnalyzedResource;
2171
2171
  }
2172
2172
  /**
2173
- * @public
2174
2173
  * <p>Retrieves a finding.</p>
2174
+ * @public
2175
2175
  */
2176
2176
  export interface GetFindingRequest {
2177
2177
  /**
2178
- * @public
2179
2178
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
2180
2179
  * the analyzer</a> that generated the finding.</p>
2180
+ * @public
2181
2181
  */
2182
2182
  analyzerArn: string | undefined;
2183
2183
  /**
2184
- * @public
2185
2184
  * <p>The ID of the finding to retrieve.</p>
2185
+ * @public
2186
2186
  */
2187
2187
  id: string | undefined;
2188
2188
  }
2189
2189
  /**
2190
- * @public
2191
2190
  * <p>Includes details about how the access that generated the finding is granted. This is
2192
2191
  * populated for Amazon S3 bucket findings.</p>
2192
+ * @public
2193
2193
  */
2194
2194
  export interface FindingSourceDetail {
2195
2195
  /**
2196
- * @public
2197
2196
  * <p>The ARN of the access point that generated the finding. The ARN format depends on
2198
2197
  * whether the ARN represents an access point or a multi-region access point.</p>
2198
+ * @public
2199
2199
  */
2200
2200
  accessPointArn?: string;
2201
2201
  /**
2202
- * @public
2203
2202
  * <p>The account of the cross-account access point that generated the finding.</p>
2203
+ * @public
2204
2204
  */
2205
2205
  accessPointAccount?: string;
2206
2206
  }
@@ -2209,110 +2209,110 @@ export interface FindingSourceDetail {
2209
2209
  */
2210
2210
  export type FindingSourceType = "BUCKET_ACL" | "POLICY" | "S3_ACCESS_POINT" | "S3_ACCESS_POINT_ACCOUNT";
2211
2211
  /**
2212
- * @public
2213
2212
  * <p>The source of the finding. This indicates how the access that generated the finding is
2214
2213
  * granted. It is populated for Amazon S3 bucket findings.</p>
2214
+ * @public
2215
2215
  */
2216
2216
  export interface FindingSource {
2217
2217
  /**
2218
- * @public
2219
2218
  * <p>Indicates the type of access that generated the finding.</p>
2219
+ * @public
2220
2220
  */
2221
2221
  type: FindingSourceType | undefined;
2222
2222
  /**
2223
- * @public
2224
2223
  * <p>Includes details about how the access that generated the finding is granted. This is
2225
2224
  * populated for Amazon S3 bucket findings.</p>
2225
+ * @public
2226
2226
  */
2227
2227
  detail?: FindingSourceDetail;
2228
2228
  }
2229
2229
  /**
2230
- * @public
2231
2230
  * <p>Contains information about a finding.</p>
2231
+ * @public
2232
2232
  */
2233
2233
  export interface Finding {
2234
2234
  /**
2235
- * @public
2236
2235
  * <p>The ID of the finding.</p>
2236
+ * @public
2237
2237
  */
2238
2238
  id: string | undefined;
2239
2239
  /**
2240
- * @public
2241
2240
  * <p>The external principal that has access to a resource within the zone of trust.</p>
2241
+ * @public
2242
2242
  */
2243
2243
  principal?: Record<string, string>;
2244
2244
  /**
2245
- * @public
2246
2245
  * <p>The action in the analyzed policy statement that an external principal has permission to
2247
2246
  * use.</p>
2247
+ * @public
2248
2248
  */
2249
2249
  action?: string[];
2250
2250
  /**
2251
- * @public
2252
2251
  * <p>The resource that an external principal has access to.</p>
2252
+ * @public
2253
2253
  */
2254
2254
  resource?: string;
2255
2255
  /**
2256
- * @public
2257
2256
  * <p>Indicates whether the policy that generated the finding allows public access to the
2258
2257
  * resource.</p>
2258
+ * @public
2259
2259
  */
2260
2260
  isPublic?: boolean;
2261
2261
  /**
2262
- * @public
2263
2262
  * <p>The type of the resource identified in the finding.</p>
2263
+ * @public
2264
2264
  */
2265
2265
  resourceType: ResourceType | undefined;
2266
2266
  /**
2267
- * @public
2268
2267
  * <p>The condition in the analyzed policy statement that resulted in a finding.</p>
2268
+ * @public
2269
2269
  */
2270
2270
  condition: Record<string, string> | undefined;
2271
2271
  /**
2272
- * @public
2273
2272
  * <p>The time at which the finding was generated.</p>
2273
+ * @public
2274
2274
  */
2275
2275
  createdAt: Date | undefined;
2276
2276
  /**
2277
- * @public
2278
2277
  * <p>The time at which the resource was analyzed.</p>
2278
+ * @public
2279
2279
  */
2280
2280
  analyzedAt: Date | undefined;
2281
2281
  /**
2282
- * @public
2283
2282
  * <p>The time at which the finding was updated.</p>
2283
+ * @public
2284
2284
  */
2285
2285
  updatedAt: Date | undefined;
2286
2286
  /**
2287
- * @public
2288
2287
  * <p>The current status of the finding.</p>
2288
+ * @public
2289
2289
  */
2290
2290
  status: FindingStatus | undefined;
2291
2291
  /**
2292
- * @public
2293
2292
  * <p>The Amazon Web Services account ID that owns the resource.</p>
2293
+ * @public
2294
2294
  */
2295
2295
  resourceOwnerAccount: string | undefined;
2296
2296
  /**
2297
- * @public
2298
2297
  * <p>An error.</p>
2298
+ * @public
2299
2299
  */
2300
2300
  error?: string;
2301
2301
  /**
2302
- * @public
2303
2302
  * <p>The sources of the finding. This indicates how the access that generated the finding is
2304
2303
  * granted. It is populated for Amazon S3 bucket findings.</p>
2304
+ * @public
2305
2305
  */
2306
2306
  sources?: FindingSource[];
2307
2307
  }
2308
2308
  /**
2309
- * @public
2310
2309
  * <p>The response to the request.</p>
2310
+ * @public
2311
2311
  */
2312
2312
  export interface GetFindingResponse {
2313
2313
  /**
2314
- * @public
2315
2314
  * <p>A <code>finding</code> object that contains finding details.</p>
2315
+ * @public
2316
2316
  */
2317
2317
  finding?: Finding;
2318
2318
  }
@@ -2321,155 +2321,155 @@ export interface GetFindingResponse {
2321
2321
  */
2322
2322
  export interface GetFindingV2Request {
2323
2323
  /**
2324
- * @public
2325
2324
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
2326
2325
  * the analyzer</a> that generated the finding.</p>
2326
+ * @public
2327
2327
  */
2328
2328
  analyzerArn: string | undefined;
2329
2329
  /**
2330
- * @public
2331
2330
  * <p>The ID of the finding to retrieve.</p>
2331
+ * @public
2332
2332
  */
2333
2333
  id: string | undefined;
2334
2334
  /**
2335
- * @public
2336
2335
  * <p>The maximum number of results to return in the response.</p>
2336
+ * @public
2337
2337
  */
2338
2338
  maxResults?: number;
2339
2339
  /**
2340
- * @public
2341
2340
  * <p>A token used for pagination of results returned.</p>
2341
+ * @public
2342
2342
  */
2343
2343
  nextToken?: string;
2344
2344
  }
2345
2345
  /**
2346
- * @public
2347
2346
  * <p>Contains information about an external access finding.</p>
2347
+ * @public
2348
2348
  */
2349
2349
  export interface ExternalAccessDetails {
2350
2350
  /**
2351
- * @public
2352
2351
  * <p>The action in the analyzed policy statement that an external principal has permission to
2353
2352
  * use.</p>
2353
+ * @public
2354
2354
  */
2355
2355
  action?: string[];
2356
2356
  /**
2357
- * @public
2358
2357
  * <p>The condition in the analyzed policy statement that resulted in an external access
2359
2358
  * finding.</p>
2359
+ * @public
2360
2360
  */
2361
2361
  condition: Record<string, string> | undefined;
2362
2362
  /**
2363
- * @public
2364
2363
  * <p>Specifies whether the external access finding is public.</p>
2364
+ * @public
2365
2365
  */
2366
2366
  isPublic?: boolean;
2367
2367
  /**
2368
- * @public
2369
2368
  * <p>The external principal that has access to a resource within the zone of trust.</p>
2369
+ * @public
2370
2370
  */
2371
2371
  principal?: Record<string, string>;
2372
2372
  /**
2373
- * @public
2374
2373
  * <p>The sources of the external access finding. This indicates how the access that generated
2375
2374
  * the finding is granted. It is populated for Amazon S3 bucket findings.</p>
2375
+ * @public
2376
2376
  */
2377
2377
  sources?: FindingSource[];
2378
2378
  }
2379
2379
  /**
2380
- * @public
2381
2380
  * <p>Contains information about an unused access finding for an IAM role. IAM Access Analyzer
2382
2381
  * charges for unused access analysis based on the number of IAM roles and users analyzed
2383
2382
  * per month. For more details on pricing, see <a href="https://aws.amazon.com/iam/access-analyzer/pricing">IAM Access Analyzer
2384
2383
  * pricing</a>.</p>
2384
+ * @public
2385
2385
  */
2386
2386
  export interface UnusedIamRoleDetails {
2387
2387
  /**
2388
- * @public
2389
2388
  * <p>The time at which the role was last accessed.</p>
2389
+ * @public
2390
2390
  */
2391
2391
  lastAccessed?: Date;
2392
2392
  }
2393
2393
  /**
2394
- * @public
2395
2394
  * <p>Contains information about an unused access finding for an IAM user access key.
2396
2395
  * IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and
2397
2396
  * users analyzed per month. For more details on pricing, see <a href="https://aws.amazon.com/iam/access-analyzer/pricing">IAM Access Analyzer
2398
2397
  * pricing</a>.</p>
2398
+ * @public
2399
2399
  */
2400
2400
  export interface UnusedIamUserAccessKeyDetails {
2401
2401
  /**
2402
- * @public
2403
2402
  * <p>The ID of the access key for which the unused access finding was generated.</p>
2403
+ * @public
2404
2404
  */
2405
2405
  accessKeyId: string | undefined;
2406
2406
  /**
2407
- * @public
2408
2407
  * <p>The time at which the access key was last accessed.</p>
2408
+ * @public
2409
2409
  */
2410
2410
  lastAccessed?: Date;
2411
2411
  }
2412
2412
  /**
2413
- * @public
2414
2413
  * <p>Contains information about an unused access finding for an IAM user password.
2415
2414
  * IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and
2416
2415
  * users analyzed per month. For more details on pricing, see <a href="https://aws.amazon.com/iam/access-analyzer/pricing">IAM Access Analyzer
2417
2416
  * pricing</a>.</p>
2417
+ * @public
2418
2418
  */
2419
2419
  export interface UnusedIamUserPasswordDetails {
2420
2420
  /**
2421
- * @public
2422
2421
  * <p>The time at which the password was last accessed.</p>
2422
+ * @public
2423
2423
  */
2424
2424
  lastAccessed?: Date;
2425
2425
  }
2426
2426
  /**
2427
- * @public
2428
2427
  * <p>Contains information about an unused access finding for an action. IAM Access Analyzer charges
2429
2428
  * for unused access analysis based on the number of IAM roles and users analyzed per month.
2430
2429
  * For more details on pricing, see <a href="https://aws.amazon.com/iam/access-analyzer/pricing">IAM Access Analyzer
2431
2430
  * pricing</a>.</p>
2431
+ * @public
2432
2432
  */
2433
2433
  export interface UnusedAction {
2434
2434
  /**
2435
- * @public
2436
2435
  * <p>The action for which the unused access finding was generated.</p>
2436
+ * @public
2437
2437
  */
2438
2438
  action: string | undefined;
2439
2439
  /**
2440
- * @public
2441
2440
  * <p>The time at which the action was last accessed.</p>
2441
+ * @public
2442
2442
  */
2443
2443
  lastAccessed?: Date;
2444
2444
  }
2445
2445
  /**
2446
- * @public
2447
2446
  * <p>Contains information about an unused access finding for a permission. IAM Access Analyzer
2448
2447
  * charges for unused access analysis based on the number of IAM roles and users analyzed
2449
2448
  * per month. For more details on pricing, see <a href="https://aws.amazon.com/iam/access-analyzer/pricing">IAM Access Analyzer
2450
2449
  * pricing</a>.</p>
2450
+ * @public
2451
2451
  */
2452
2452
  export interface UnusedPermissionDetails {
2453
2453
  /**
2454
- * @public
2455
2454
  * <p>A list of unused actions for which the unused access finding was generated.</p>
2455
+ * @public
2456
2456
  */
2457
2457
  actions?: UnusedAction[];
2458
2458
  /**
2459
- * @public
2460
2459
  * <p>The namespace of the Amazon Web Services service that contains the unused actions.</p>
2460
+ * @public
2461
2461
  */
2462
2462
  serviceNamespace: string | undefined;
2463
2463
  /**
2464
- * @public
2465
2464
  * <p>The time at which the permission last accessed.</p>
2465
+ * @public
2466
2466
  */
2467
2467
  lastAccessed?: Date;
2468
2468
  }
2469
2469
  /**
2470
- * @public
2471
2470
  * <p>Contains information about an external access or unused access finding. Only one
2472
2471
  * parameter can be used in a <code>FindingDetails</code> object.</p>
2472
+ * @public
2473
2473
  */
2474
2474
  export type FindingDetails = FindingDetails.ExternalAccessDetailsMember | FindingDetails.UnusedIamRoleDetailsMember | FindingDetails.UnusedIamUserAccessKeyDetailsMember | FindingDetails.UnusedIamUserPasswordDetailsMember | FindingDetails.UnusedPermissionDetailsMember | FindingDetails.$UnknownMember;
2475
2475
  /**
@@ -2477,8 +2477,8 @@ export type FindingDetails = FindingDetails.ExternalAccessDetailsMember | Findin
2477
2477
  */
2478
2478
  export declare namespace FindingDetails {
2479
2479
  /**
2480
- * @public
2481
2480
  * <p>The details for an external access analyzer finding.</p>
2481
+ * @public
2482
2482
  */
2483
2483
  interface ExternalAccessDetailsMember {
2484
2484
  externalAccessDetails: ExternalAccessDetails;
@@ -2489,9 +2489,9 @@ export declare namespace FindingDetails {
2489
2489
  $unknown?: never;
2490
2490
  }
2491
2491
  /**
2492
- * @public
2493
2492
  * <p>The details for an unused access analyzer finding with an unused permission finding
2494
2493
  * type.</p>
2494
+ * @public
2495
2495
  */
2496
2496
  interface UnusedPermissionDetailsMember {
2497
2497
  externalAccessDetails?: never;
@@ -2502,9 +2502,9 @@ export declare namespace FindingDetails {
2502
2502
  $unknown?: never;
2503
2503
  }
2504
2504
  /**
2505
- * @public
2506
2505
  * <p>The details for an unused access analyzer finding with an unused IAM user access key
2507
2506
  * finding type.</p>
2507
+ * @public
2508
2508
  */
2509
2509
  interface UnusedIamUserAccessKeyDetailsMember {
2510
2510
  externalAccessDetails?: never;
@@ -2515,9 +2515,9 @@ export declare namespace FindingDetails {
2515
2515
  $unknown?: never;
2516
2516
  }
2517
2517
  /**
2518
- * @public
2519
2518
  * <p>The details for an unused access analyzer finding with an unused IAM role finding
2520
2519
  * type.</p>
2520
+ * @public
2521
2521
  */
2522
2522
  interface UnusedIamRoleDetailsMember {
2523
2523
  externalAccessDetails?: never;
@@ -2528,9 +2528,9 @@ export declare namespace FindingDetails {
2528
2528
  $unknown?: never;
2529
2529
  }
2530
2530
  /**
2531
- * @public
2532
2531
  * <p>The details for an unused access analyzer finding with an unused IAM user password
2533
2532
  * finding type.</p>
2533
+ * @public
2534
2534
  */
2535
2535
  interface UnusedIamUserPasswordDetailsMember {
2536
2536
  externalAccessDetails?: never;
@@ -2581,68 +2581,68 @@ export type FindingType = (typeof FindingType)[keyof typeof FindingType];
2581
2581
  */
2582
2582
  export interface GetFindingV2Response {
2583
2583
  /**
2584
- * @public
2585
2584
  * <p>The time at which the resource-based policy or IAM entity that generated the finding
2586
2585
  * was analyzed.</p>
2586
+ * @public
2587
2587
  */
2588
2588
  analyzedAt: Date | undefined;
2589
2589
  /**
2590
- * @public
2591
2590
  * <p>The time at which the finding was created.</p>
2591
+ * @public
2592
2592
  */
2593
2593
  createdAt: Date | undefined;
2594
2594
  /**
2595
- * @public
2596
2595
  * <p>An error.</p>
2596
+ * @public
2597
2597
  */
2598
2598
  error?: string;
2599
2599
  /**
2600
- * @public
2601
2600
  * <p>The ID of the finding to retrieve.</p>
2601
+ * @public
2602
2602
  */
2603
2603
  id: string | undefined;
2604
2604
  /**
2605
- * @public
2606
2605
  * <p>A token used for pagination of results returned.</p>
2606
+ * @public
2607
2607
  */
2608
2608
  nextToken?: string;
2609
2609
  /**
2610
- * @public
2611
2610
  * <p>The resource that generated the finding.</p>
2611
+ * @public
2612
2612
  */
2613
2613
  resource?: string;
2614
2614
  /**
2615
- * @public
2616
2615
  * <p>The type of the resource identified in the finding.</p>
2616
+ * @public
2617
2617
  */
2618
2618
  resourceType: ResourceType | undefined;
2619
2619
  /**
2620
- * @public
2621
2620
  * <p>Tye Amazon Web Services account ID that owns the resource.</p>
2621
+ * @public
2622
2622
  */
2623
2623
  resourceOwnerAccount: string | undefined;
2624
2624
  /**
2625
- * @public
2626
2625
  * <p>The status of the finding.</p>
2626
+ * @public
2627
2627
  */
2628
2628
  status: FindingStatus | undefined;
2629
2629
  /**
2630
- * @public
2631
2630
  * <p>The time at which the finding was updated.</p>
2631
+ * @public
2632
2632
  */
2633
2633
  updatedAt: Date | undefined;
2634
2634
  /**
2635
- * @public
2636
2635
  * <p>A localized message that explains the finding and provides guidance on how to address
2637
2636
  * it.</p>
2637
+ * @public
2638
2638
  */
2639
2639
  findingDetails: FindingDetails[] | undefined;
2640
2640
  /**
2641
- * @public
2642
2641
  * <p>The type of the finding. For external access analyzers, the type is
2643
2642
  * <code>ExternalAccess</code>. For unused access analyzers, the type can be
2644
2643
  * <code>UnusedIAMRole</code>, <code>UnusedIAMUserAccessKey</code>,
2645
2644
  * <code>UnusedIAMUserPassword</code>, or <code>UnusedPermission</code>.</p>
2645
+ * @public
2646
2646
  */
2647
2647
  findingType?: FindingType;
2648
2648
  }
@@ -2651,130 +2651,130 @@ export interface GetFindingV2Response {
2651
2651
  */
2652
2652
  export interface GetGeneratedPolicyRequest {
2653
2653
  /**
2654
- * @public
2655
2654
  * <p>The <code>JobId</code> that is returned by the <code>StartPolicyGeneration</code>
2656
2655
  * operation. The <code>JobId</code> can be used with <code>GetGeneratedPolicy</code> to
2657
2656
  * retrieve the generated policies or used with <code>CancelPolicyGeneration</code> to cancel
2658
2657
  * the policy generation request.</p>
2658
+ * @public
2659
2659
  */
2660
2660
  jobId: string | undefined;
2661
2661
  /**
2662
- * @public
2663
2662
  * <p>The level of detail that you want to generate. You can specify whether to generate
2664
2663
  * policies with placeholders for resource ARNs for actions that support resource level
2665
2664
  * granularity in policies.</p>
2666
2665
  * <p>For example, in the resource section of a policy, you can receive a placeholder such as
2667
2666
  * <code>"Resource":"arn:aws:s3:::$\{BucketName\}"</code> instead of <code>"*"</code>.</p>
2667
+ * @public
2668
2668
  */
2669
2669
  includeResourcePlaceholders?: boolean;
2670
2670
  /**
2671
- * @public
2672
2671
  * <p>The level of detail that you want to generate. You can specify whether to generate
2673
2672
  * service-level policies. </p>
2674
2673
  * <p>IAM Access Analyzer uses <code>iam:servicelastaccessed</code> to identify services that have
2675
2674
  * been used recently to create this service-level template.</p>
2675
+ * @public
2676
2676
  */
2677
2677
  includeServiceLevelTemplate?: boolean;
2678
2678
  }
2679
2679
  /**
2680
- * @public
2681
2680
  * <p>Contains the text for the generated policy.</p>
2681
+ * @public
2682
2682
  */
2683
2683
  export interface GeneratedPolicy {
2684
2684
  /**
2685
- * @public
2686
2685
  * <p>The text to use as the content for the new policy. The policy is created using the
2687
2686
  * <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html">CreatePolicy</a> action.</p>
2687
+ * @public
2688
2688
  */
2689
2689
  policy: string | undefined;
2690
2690
  }
2691
2691
  /**
2692
- * @public
2693
2692
  * <p>Contains details about the CloudTrail trail being analyzed to generate a policy.</p>
2693
+ * @public
2694
2694
  */
2695
2695
  export interface TrailProperties {
2696
2696
  /**
2697
- * @public
2698
2697
  * <p>Specifies the ARN of the trail. The format of a trail ARN is
2699
2698
  * <code>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</code>.</p>
2699
+ * @public
2700
2700
  */
2701
2701
  cloudTrailArn: string | undefined;
2702
2702
  /**
2703
- * @public
2704
2703
  * <p>A list of regions to get CloudTrail data from and analyze to generate a policy.</p>
2704
+ * @public
2705
2705
  */
2706
2706
  regions?: string[];
2707
2707
  /**
2708
- * @public
2709
2708
  * <p>Possible values are <code>true</code> or <code>false</code>. If set to
2710
2709
  * <code>true</code>, IAM Access Analyzer retrieves CloudTrail data from all regions to analyze and
2711
2710
  * generate a policy.</p>
2711
+ * @public
2712
2712
  */
2713
2713
  allRegions?: boolean;
2714
2714
  }
2715
2715
  /**
2716
- * @public
2717
2716
  * <p>Contains information about CloudTrail access.</p>
2717
+ * @public
2718
2718
  */
2719
2719
  export interface CloudTrailProperties {
2720
2720
  /**
2721
- * @public
2722
2721
  * <p>A <code>TrailProperties</code> object that contains settings for trail
2723
2722
  * properties.</p>
2723
+ * @public
2724
2724
  */
2725
2725
  trailProperties: TrailProperties[] | undefined;
2726
2726
  /**
2727
- * @public
2728
2727
  * <p>The start of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events
2729
2728
  * with a timestamp before this time are not considered to generate a policy.</p>
2729
+ * @public
2730
2730
  */
2731
2731
  startTime: Date | undefined;
2732
2732
  /**
2733
- * @public
2734
2733
  * <p>The end of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with
2735
2734
  * a timestamp after this time are not considered to generate a policy. If this is not
2736
2735
  * included in the request, the default value is the current time.</p>
2736
+ * @public
2737
2737
  */
2738
2738
  endTime: Date | undefined;
2739
2739
  }
2740
2740
  /**
2741
- * @public
2742
2741
  * <p>Contains the generated policy details.</p>
2742
+ * @public
2743
2743
  */
2744
2744
  export interface GeneratedPolicyProperties {
2745
2745
  /**
2746
- * @public
2747
2746
  * <p>This value is set to <code>true</code> if the generated policy contains all possible
2748
2747
  * actions for a service that IAM Access Analyzer identified from the CloudTrail trail that you specified,
2749
2748
  * and <code>false</code> otherwise.</p>
2749
+ * @public
2750
2750
  */
2751
2751
  isComplete?: boolean;
2752
2752
  /**
2753
- * @public
2754
2753
  * <p>The ARN of the IAM entity (user or role) for which you are generating a policy.</p>
2754
+ * @public
2755
2755
  */
2756
2756
  principalArn: string | undefined;
2757
2757
  /**
2758
- * @public
2759
2758
  * <p>Lists details about the <code>Trail</code> used to generated policy.</p>
2759
+ * @public
2760
2760
  */
2761
2761
  cloudTrailProperties?: CloudTrailProperties;
2762
2762
  }
2763
2763
  /**
2764
- * @public
2765
2764
  * <p>Contains the text for the generated policy and its details.</p>
2765
+ * @public
2766
2766
  */
2767
2767
  export interface GeneratedPolicyResult {
2768
2768
  /**
2769
- * @public
2770
2769
  * <p>A <code>GeneratedPolicyProperties</code> object that contains properties of the
2771
2770
  * generated policy.</p>
2771
+ * @public
2772
2772
  */
2773
2773
  properties: GeneratedPolicyProperties | undefined;
2774
2774
  /**
2775
- * @public
2776
2775
  * <p>The text to use as the content for the new policy. The policy is created using the
2777
2776
  * <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html">CreatePolicy</a> action.</p>
2777
+ * @public
2778
2778
  */
2779
2779
  generatedPolicies?: GeneratedPolicy[];
2780
2780
  }
@@ -2793,19 +2793,19 @@ export declare const JobErrorCode: {
2793
2793
  */
2794
2794
  export type JobErrorCode = (typeof JobErrorCode)[keyof typeof JobErrorCode];
2795
2795
  /**
2796
- * @public
2797
2796
  * <p>Contains the details about the policy generation error.</p>
2797
+ * @public
2798
2798
  */
2799
2799
  export interface JobError {
2800
2800
  /**
2801
- * @public
2802
2801
  * <p>The job error code.</p>
2802
+ * @public
2803
2803
  */
2804
2804
  code: JobErrorCode | undefined;
2805
2805
  /**
2806
- * @public
2807
2806
  * <p>Specific information about the error. For example, which service quota was exceeded or
2808
2807
  * which resource was not found.</p>
2808
+ * @public
2809
2809
  */
2810
2810
  message: string | undefined;
2811
2811
  }
@@ -2824,36 +2824,36 @@ export declare const JobStatus: {
2824
2824
  */
2825
2825
  export type JobStatus = (typeof JobStatus)[keyof typeof JobStatus];
2826
2826
  /**
2827
- * @public
2828
2827
  * <p>Contains details about the policy generation request.</p>
2828
+ * @public
2829
2829
  */
2830
2830
  export interface JobDetails {
2831
2831
  /**
2832
- * @public
2833
2832
  * <p>The <code>JobId</code> that is returned by the <code>StartPolicyGeneration</code>
2834
2833
  * operation. The <code>JobId</code> can be used with <code>GetGeneratedPolicy</code> to
2835
2834
  * retrieve the generated policies or used with <code>CancelPolicyGeneration</code> to cancel
2836
2835
  * the policy generation request.</p>
2836
+ * @public
2837
2837
  */
2838
2838
  jobId: string | undefined;
2839
2839
  /**
2840
- * @public
2841
2840
  * <p>The status of the job request.</p>
2841
+ * @public
2842
2842
  */
2843
2843
  status: JobStatus | undefined;
2844
2844
  /**
2845
- * @public
2846
2845
  * <p>A timestamp of when the job was started.</p>
2846
+ * @public
2847
2847
  */
2848
2848
  startedOn: Date | undefined;
2849
2849
  /**
2850
- * @public
2851
2850
  * <p>A timestamp of when the job was completed.</p>
2851
+ * @public
2852
2852
  */
2853
2853
  completedOn?: Date;
2854
2854
  /**
2855
- * @public
2856
2855
  * <p>The job error for the policy generation request.</p>
2856
+ * @public
2857
2857
  */
2858
2858
  jobError?: JobError;
2859
2859
  }
@@ -2862,15 +2862,15 @@ export interface JobDetails {
2862
2862
  */
2863
2863
  export interface GetGeneratedPolicyResponse {
2864
2864
  /**
2865
- * @public
2866
2865
  * <p>A <code>GeneratedPolicyDetails</code> object that contains details about the generated
2867
2866
  * policy.</p>
2867
+ * @public
2868
2868
  */
2869
2869
  jobDetails: JobDetails | undefined;
2870
2870
  /**
2871
- * @public
2872
2871
  * <p>A <code>GeneratedPolicyResult</code> object that contains the generated policies and
2873
2872
  * associated details.</p>
2873
+ * @public
2874
2874
  */
2875
2875
  generatedPolicyResult: GeneratedPolicyResult | undefined;
2876
2876
  }
@@ -2879,29 +2879,29 @@ export interface GetGeneratedPolicyResponse {
2879
2879
  */
2880
2880
  export interface ListAccessPreviewFindingsRequest {
2881
2881
  /**
2882
- * @public
2883
2882
  * <p>The unique ID for the access preview.</p>
2883
+ * @public
2884
2884
  */
2885
2885
  accessPreviewId: string | undefined;
2886
2886
  /**
2887
- * @public
2888
2887
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
2889
2888
  * the analyzer</a> used to generate the access.</p>
2889
+ * @public
2890
2890
  */
2891
2891
  analyzerArn: string | undefined;
2892
2892
  /**
2893
- * @public
2894
2893
  * <p>Criteria to filter the returned findings.</p>
2894
+ * @public
2895
2895
  */
2896
2896
  filter?: Record<string, Criterion>;
2897
2897
  /**
2898
- * @public
2899
2898
  * <p>A token used for pagination of results returned.</p>
2899
+ * @public
2900
2900
  */
2901
2901
  nextToken?: string;
2902
2902
  /**
2903
- * @public
2904
2903
  * <p>The maximum number of results to return in the response.</p>
2904
+ * @public
2905
2905
  */
2906
2906
  maxResults?: number;
2907
2907
  }
@@ -2919,68 +2919,67 @@ export declare const FindingChangeType: {
2919
2919
  */
2920
2920
  export type FindingChangeType = (typeof FindingChangeType)[keyof typeof FindingChangeType];
2921
2921
  /**
2922
- * @public
2923
2922
  * <p>An access preview finding generated by the access preview.</p>
2923
+ * @public
2924
2924
  */
2925
2925
  export interface AccessPreviewFinding {
2926
2926
  /**
2927
- * @public
2928
2927
  * <p>The ID of the access preview finding. This ID uniquely identifies the element in the
2929
2928
  * list of access preview findings and is not related to the finding ID in Access
2930
2929
  * Analyzer.</p>
2930
+ * @public
2931
2931
  */
2932
2932
  id: string | undefined;
2933
2933
  /**
2934
- * @public
2935
2934
  * <p>The existing ID of the finding in IAM Access Analyzer, provided only for existing
2936
2935
  * findings.</p>
2936
+ * @public
2937
2937
  */
2938
2938
  existingFindingId?: string;
2939
2939
  /**
2940
- * @public
2941
2940
  * <p>The existing status of the finding, provided only for existing findings.</p>
2941
+ * @public
2942
2942
  */
2943
2943
  existingFindingStatus?: FindingStatus;
2944
2944
  /**
2945
- * @public
2946
2945
  * <p>The external principal that has access to a resource within the zone of trust.</p>
2946
+ * @public
2947
2947
  */
2948
2948
  principal?: Record<string, string>;
2949
2949
  /**
2950
- * @public
2951
2950
  * <p>The action in the analyzed policy statement that an external principal has permission to
2952
2951
  * perform.</p>
2952
+ * @public
2953
2953
  */
2954
2954
  action?: string[];
2955
2955
  /**
2956
- * @public
2957
2956
  * <p>The condition in the analyzed policy statement that resulted in a finding.</p>
2957
+ * @public
2958
2958
  */
2959
2959
  condition?: Record<string, string>;
2960
2960
  /**
2961
- * @public
2962
2961
  * <p>The resource that an external principal has access to. This is the resource associated
2963
2962
  * with the access preview.</p>
2963
+ * @public
2964
2964
  */
2965
2965
  resource?: string;
2966
2966
  /**
2967
- * @public
2968
2967
  * <p>Indicates whether the policy that generated the finding allows public access to the
2969
2968
  * resource.</p>
2969
+ * @public
2970
2970
  */
2971
2971
  isPublic?: boolean;
2972
2972
  /**
2973
- * @public
2974
2973
  * <p>The type of the resource that can be accessed in the finding.</p>
2974
+ * @public
2975
2975
  */
2976
2976
  resourceType: ResourceType | undefined;
2977
2977
  /**
2978
- * @public
2979
2978
  * <p>The time at which the access preview finding was created.</p>
2979
+ * @public
2980
2980
  */
2981
2981
  createdAt: Date | undefined;
2982
2982
  /**
2983
- * @public
2984
2983
  * <p>Provides context on how the access preview finding compares to existing access
2985
2984
  * identified in IAM Access Analyzer.</p>
2986
2985
  * <ul>
@@ -3002,32 +3001,33 @@ export interface AccessPreviewFinding {
3002
3001
  * <p>For example, a <code>Changed</code> finding with preview status <code>Resolved</code>
3003
3002
  * and existing status <code>Active</code> indicates the existing <code>Active</code> finding
3004
3003
  * would become <code>Resolved</code> as a result of the proposed permissions change.</p>
3004
+ * @public
3005
3005
  */
3006
3006
  changeType: FindingChangeType | undefined;
3007
3007
  /**
3008
- * @public
3009
3008
  * <p>The preview status of the finding. This is what the status of the finding would be after
3010
3009
  * permissions deployment. For example, a <code>Changed</code> finding with preview status
3011
3010
  * <code>Resolved</code> and existing status <code>Active</code> indicates the existing
3012
3011
  * <code>Active</code> finding would become <code>Resolved</code> as a result of the
3013
3012
  * proposed permissions change.</p>
3013
+ * @public
3014
3014
  */
3015
3015
  status: FindingStatus | undefined;
3016
3016
  /**
3017
- * @public
3018
3017
  * <p>The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning
3019
3018
  * account is the account in which the resource was created.</p>
3019
+ * @public
3020
3020
  */
3021
3021
  resourceOwnerAccount: string | undefined;
3022
3022
  /**
3023
- * @public
3024
3023
  * <p>An error.</p>
3024
+ * @public
3025
3025
  */
3026
3026
  error?: string;
3027
3027
  /**
3028
- * @public
3029
3028
  * <p>The sources of the finding. This indicates how the access that generated the finding is
3030
3029
  * granted. It is populated for Amazon S3 bucket findings.</p>
3030
+ * @public
3031
3031
  */
3032
3032
  sources?: FindingSource[];
3033
3033
  }
@@ -3036,13 +3036,13 @@ export interface AccessPreviewFinding {
3036
3036
  */
3037
3037
  export interface ListAccessPreviewFindingsResponse {
3038
3038
  /**
3039
- * @public
3040
3039
  * <p>A list of access preview findings that match the specified filter criteria.</p>
3040
+ * @public
3041
3041
  */
3042
3042
  findings: AccessPreviewFinding[] | undefined;
3043
3043
  /**
3044
- * @public
3045
3044
  * <p>A token used for pagination of results returned.</p>
3045
+ * @public
3046
3046
  */
3047
3047
  nextToken?: string;
3048
3048
  }
@@ -3051,44 +3051,43 @@ export interface ListAccessPreviewFindingsResponse {
3051
3051
  */
3052
3052
  export interface ListAccessPreviewsRequest {
3053
3053
  /**
3054
- * @public
3055
3054
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
3056
3055
  * the analyzer</a> used to generate the access preview.</p>
3056
+ * @public
3057
3057
  */
3058
3058
  analyzerArn: string | undefined;
3059
3059
  /**
3060
- * @public
3061
3060
  * <p>A token used for pagination of results returned.</p>
3061
+ * @public
3062
3062
  */
3063
3063
  nextToken?: string;
3064
3064
  /**
3065
- * @public
3066
3065
  * <p>The maximum number of results to return in the response.</p>
3066
+ * @public
3067
3067
  */
3068
3068
  maxResults?: number;
3069
3069
  }
3070
3070
  /**
3071
- * @public
3072
3071
  * <p>Contains a summary of information about an access preview.</p>
3072
+ * @public
3073
3073
  */
3074
3074
  export interface AccessPreviewSummary {
3075
3075
  /**
3076
- * @public
3077
3076
  * <p>The unique ID for the access preview.</p>
3077
+ * @public
3078
3078
  */
3079
3079
  id: string | undefined;
3080
3080
  /**
3081
- * @public
3082
3081
  * <p>The ARN of the analyzer used to generate the access preview.</p>
3082
+ * @public
3083
3083
  */
3084
3084
  analyzerArn: string | undefined;
3085
3085
  /**
3086
- * @public
3087
3086
  * <p>The time at which the access preview was created.</p>
3087
+ * @public
3088
3088
  */
3089
3089
  createdAt: Date | undefined;
3090
3090
  /**
3091
- * @public
3092
3091
  * <p>The status of the access preview.</p>
3093
3092
  * <ul>
3094
3093
  * <li>
@@ -3105,14 +3104,15 @@ export interface AccessPreviewSummary {
3105
3104
  * <code>Failed</code> - The access preview creation has failed.</p>
3106
3105
  * </li>
3107
3106
  * </ul>
3107
+ * @public
3108
3108
  */
3109
3109
  status: AccessPreviewStatus | undefined;
3110
3110
  /**
3111
- * @public
3112
3111
  * <p>Provides more details about the current status of the access preview. For example, if
3113
3112
  * the creation of the access preview fails, a <code>Failed</code> status is returned. This
3114
3113
  * failure can be due to an internal issue with the analysis or due to an invalid proposed
3115
3114
  * resource configuration.</p>
3115
+ * @public
3116
3116
  */
3117
3117
  statusReason?: AccessPreviewStatusReason;
3118
3118
  }
@@ -3121,77 +3121,77 @@ export interface AccessPreviewSummary {
3121
3121
  */
3122
3122
  export interface ListAccessPreviewsResponse {
3123
3123
  /**
3124
- * @public
3125
3124
  * <p>A list of access previews retrieved for the analyzer.</p>
3125
+ * @public
3126
3126
  */
3127
3127
  accessPreviews: AccessPreviewSummary[] | undefined;
3128
3128
  /**
3129
- * @public
3130
3129
  * <p>A token used for pagination of results returned.</p>
3130
+ * @public
3131
3131
  */
3132
3132
  nextToken?: string;
3133
3133
  }
3134
3134
  /**
3135
- * @public
3136
3135
  * <p>Retrieves a list of resources that have been analyzed.</p>
3136
+ * @public
3137
3137
  */
3138
3138
  export interface ListAnalyzedResourcesRequest {
3139
3139
  /**
3140
- * @public
3141
3140
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
3142
3141
  * the analyzer</a> to retrieve a list of analyzed resources from.</p>
3142
+ * @public
3143
3143
  */
3144
3144
  analyzerArn: string | undefined;
3145
3145
  /**
3146
- * @public
3147
3146
  * <p>The type of resource.</p>
3147
+ * @public
3148
3148
  */
3149
3149
  resourceType?: ResourceType;
3150
3150
  /**
3151
- * @public
3152
3151
  * <p>A token used for pagination of results returned.</p>
3152
+ * @public
3153
3153
  */
3154
3154
  nextToken?: string;
3155
3155
  /**
3156
- * @public
3157
3156
  * <p>The maximum number of results to return in the response.</p>
3157
+ * @public
3158
3158
  */
3159
3159
  maxResults?: number;
3160
3160
  }
3161
3161
  /**
3162
- * @public
3163
3162
  * <p>Contains the ARN of the analyzed resource.</p>
3163
+ * @public
3164
3164
  */
3165
3165
  export interface AnalyzedResourceSummary {
3166
3166
  /**
3167
- * @public
3168
3167
  * <p>The ARN of the analyzed resource.</p>
3168
+ * @public
3169
3169
  */
3170
3170
  resourceArn: string | undefined;
3171
3171
  /**
3172
- * @public
3173
3172
  * <p>The Amazon Web Services account ID that owns the resource.</p>
3173
+ * @public
3174
3174
  */
3175
3175
  resourceOwnerAccount: string | undefined;
3176
3176
  /**
3177
- * @public
3178
3177
  * <p>The type of resource that was analyzed.</p>
3178
+ * @public
3179
3179
  */
3180
3180
  resourceType: ResourceType | undefined;
3181
3181
  }
3182
3182
  /**
3183
- * @public
3184
3183
  * <p>The response to the request.</p>
3184
+ * @public
3185
3185
  */
3186
3186
  export interface ListAnalyzedResourcesResponse {
3187
3187
  /**
3188
- * @public
3189
3188
  * <p>A list of resources that were analyzed.</p>
3189
+ * @public
3190
3190
  */
3191
3191
  analyzedResources: AnalyzedResourceSummary[] | undefined;
3192
3192
  /**
3193
- * @public
3194
3193
  * <p>A token used for pagination of results returned.</p>
3194
+ * @public
3195
3195
  */
3196
3196
  nextToken?: string;
3197
3197
  }
@@ -3200,147 +3200,147 @@ export interface ListAnalyzedResourcesResponse {
3200
3200
  */
3201
3201
  export type OrderBy = "ASC" | "DESC";
3202
3202
  /**
3203
- * @public
3204
3203
  * <p>The criteria used to sort.</p>
3204
+ * @public
3205
3205
  */
3206
3206
  export interface SortCriteria {
3207
3207
  /**
3208
- * @public
3209
3208
  * <p>The name of the attribute to sort on.</p>
3209
+ * @public
3210
3210
  */
3211
3211
  attributeName?: string;
3212
3212
  /**
3213
- * @public
3214
3213
  * <p>The sort order, ascending or descending.</p>
3214
+ * @public
3215
3215
  */
3216
3216
  orderBy?: OrderBy;
3217
3217
  }
3218
3218
  /**
3219
- * @public
3220
3219
  * <p>Retrieves a list of findings generated by the specified analyzer.</p>
3220
+ * @public
3221
3221
  */
3222
3222
  export interface ListFindingsRequest {
3223
3223
  /**
3224
- * @public
3225
3224
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
3226
3225
  * the analyzer</a> to retrieve findings from.</p>
3226
+ * @public
3227
3227
  */
3228
3228
  analyzerArn: string | undefined;
3229
3229
  /**
3230
- * @public
3231
3230
  * <p>A filter to match for the findings to return.</p>
3231
+ * @public
3232
3232
  */
3233
3233
  filter?: Record<string, Criterion>;
3234
3234
  /**
3235
- * @public
3236
3235
  * <p>The sort order for the findings returned.</p>
3236
+ * @public
3237
3237
  */
3238
3238
  sort?: SortCriteria;
3239
3239
  /**
3240
- * @public
3241
3240
  * <p>A token used for pagination of results returned.</p>
3241
+ * @public
3242
3242
  */
3243
3243
  nextToken?: string;
3244
3244
  /**
3245
- * @public
3246
3245
  * <p>The maximum number of results to return in the response.</p>
3246
+ * @public
3247
3247
  */
3248
3248
  maxResults?: number;
3249
3249
  }
3250
3250
  /**
3251
- * @public
3252
3251
  * <p>Contains information about a finding.</p>
3252
+ * @public
3253
3253
  */
3254
3254
  export interface FindingSummary {
3255
3255
  /**
3256
- * @public
3257
3256
  * <p>The ID of the finding.</p>
3257
+ * @public
3258
3258
  */
3259
3259
  id: string | undefined;
3260
3260
  /**
3261
- * @public
3262
3261
  * <p>The external principal that has access to a resource within the zone of trust.</p>
3262
+ * @public
3263
3263
  */
3264
3264
  principal?: Record<string, string>;
3265
3265
  /**
3266
- * @public
3267
3266
  * <p>The action in the analyzed policy statement that an external principal has permission to
3268
3267
  * use.</p>
3268
+ * @public
3269
3269
  */
3270
3270
  action?: string[];
3271
3271
  /**
3272
- * @public
3273
3272
  * <p>The resource that the external principal has access to.</p>
3273
+ * @public
3274
3274
  */
3275
3275
  resource?: string;
3276
3276
  /**
3277
- * @public
3278
3277
  * <p>Indicates whether the finding reports a resource that has a policy that allows public
3279
3278
  * access.</p>
3279
+ * @public
3280
3280
  */
3281
3281
  isPublic?: boolean;
3282
3282
  /**
3283
- * @public
3284
3283
  * <p>The type of the resource that the external principal has access to.</p>
3284
+ * @public
3285
3285
  */
3286
3286
  resourceType: ResourceType | undefined;
3287
3287
  /**
3288
- * @public
3289
3288
  * <p>The condition in the analyzed policy statement that resulted in a finding.</p>
3289
+ * @public
3290
3290
  */
3291
3291
  condition: Record<string, string> | undefined;
3292
3292
  /**
3293
- * @public
3294
3293
  * <p>The time at which the finding was created.</p>
3294
+ * @public
3295
3295
  */
3296
3296
  createdAt: Date | undefined;
3297
3297
  /**
3298
- * @public
3299
3298
  * <p>The time at which the resource-based policy that generated the finding was
3300
3299
  * analyzed.</p>
3300
+ * @public
3301
3301
  */
3302
3302
  analyzedAt: Date | undefined;
3303
3303
  /**
3304
- * @public
3305
3304
  * <p>The time at which the finding was most recently updated.</p>
3305
+ * @public
3306
3306
  */
3307
3307
  updatedAt: Date | undefined;
3308
3308
  /**
3309
- * @public
3310
3309
  * <p>The status of the finding.</p>
3310
+ * @public
3311
3311
  */
3312
3312
  status: FindingStatus | undefined;
3313
3313
  /**
3314
- * @public
3315
3314
  * <p>The Amazon Web Services account ID that owns the resource.</p>
3315
+ * @public
3316
3316
  */
3317
3317
  resourceOwnerAccount: string | undefined;
3318
3318
  /**
3319
- * @public
3320
3319
  * <p>The error that resulted in an Error finding.</p>
3320
+ * @public
3321
3321
  */
3322
3322
  error?: string;
3323
3323
  /**
3324
- * @public
3325
3324
  * <p>The sources of the finding. This indicates how the access that generated the finding is
3326
3325
  * granted. It is populated for Amazon S3 bucket findings.</p>
3326
+ * @public
3327
3327
  */
3328
3328
  sources?: FindingSource[];
3329
3329
  }
3330
3330
  /**
3331
- * @public
3332
3331
  * <p>The response to the request.</p>
3332
+ * @public
3333
3333
  */
3334
3334
  export interface ListFindingsResponse {
3335
3335
  /**
3336
- * @public
3337
3336
  * <p>A list of findings retrieved from the analyzer that match the filter criteria specified,
3338
3337
  * if any.</p>
3338
+ * @public
3339
3339
  */
3340
3340
  findings: FindingSummary[] | undefined;
3341
3341
  /**
3342
- * @public
3343
3342
  * <p>A token used for pagination of results returned.</p>
3343
+ * @public
3344
3344
  */
3345
3345
  nextToken?: string;
3346
3346
  }
@@ -3349,86 +3349,86 @@ export interface ListFindingsResponse {
3349
3349
  */
3350
3350
  export interface ListFindingsV2Request {
3351
3351
  /**
3352
- * @public
3353
3352
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
3354
3353
  * the analyzer</a> to retrieve findings from.</p>
3354
+ * @public
3355
3355
  */
3356
3356
  analyzerArn: string | undefined;
3357
3357
  /**
3358
- * @public
3359
3358
  * <p>A filter to match for the findings to return.</p>
3359
+ * @public
3360
3360
  */
3361
3361
  filter?: Record<string, Criterion>;
3362
3362
  /**
3363
- * @public
3364
3363
  * <p>The maximum number of results to return in the response.</p>
3364
+ * @public
3365
3365
  */
3366
3366
  maxResults?: number;
3367
3367
  /**
3368
- * @public
3369
3368
  * <p>A token used for pagination of results returned.</p>
3369
+ * @public
3370
3370
  */
3371
3371
  nextToken?: string;
3372
3372
  /**
3373
- * @public
3374
3373
  * <p>The criteria used to sort.</p>
3374
+ * @public
3375
3375
  */
3376
3376
  sort?: SortCriteria;
3377
3377
  }
3378
3378
  /**
3379
- * @public
3380
3379
  * <p>Contains information about a finding.</p>
3380
+ * @public
3381
3381
  */
3382
3382
  export interface FindingSummaryV2 {
3383
3383
  /**
3384
- * @public
3385
3384
  * <p>The time at which the resource-based policy or IAM entity that generated the finding
3386
3385
  * was analyzed.</p>
3386
+ * @public
3387
3387
  */
3388
3388
  analyzedAt: Date | undefined;
3389
3389
  /**
3390
- * @public
3391
3390
  * <p>The time at which the finding was created.</p>
3391
+ * @public
3392
3392
  */
3393
3393
  createdAt: Date | undefined;
3394
3394
  /**
3395
- * @public
3396
3395
  * <p>The error that resulted in an Error finding.</p>
3396
+ * @public
3397
3397
  */
3398
3398
  error?: string;
3399
3399
  /**
3400
- * @public
3401
3400
  * <p>The ID of the finding.</p>
3401
+ * @public
3402
3402
  */
3403
3403
  id: string | undefined;
3404
3404
  /**
3405
- * @public
3406
3405
  * <p>The resource that the external principal has access to.</p>
3406
+ * @public
3407
3407
  */
3408
3408
  resource?: string;
3409
3409
  /**
3410
- * @public
3411
3410
  * <p>The type of the resource that the external principal has access to.</p>
3411
+ * @public
3412
3412
  */
3413
3413
  resourceType: ResourceType | undefined;
3414
3414
  /**
3415
- * @public
3416
3415
  * <p>The Amazon Web Services account ID that owns the resource.</p>
3416
+ * @public
3417
3417
  */
3418
3418
  resourceOwnerAccount: string | undefined;
3419
3419
  /**
3420
- * @public
3421
3420
  * <p>The status of the finding.</p>
3421
+ * @public
3422
3422
  */
3423
3423
  status: FindingStatus | undefined;
3424
3424
  /**
3425
- * @public
3426
3425
  * <p>The time at which the finding was most recently updated.</p>
3426
+ * @public
3427
3427
  */
3428
3428
  updatedAt: Date | undefined;
3429
3429
  /**
3430
- * @public
3431
3430
  * <p>The type of the external access or unused access finding.</p>
3431
+ * @public
3432
3432
  */
3433
3433
  findingType?: FindingType;
3434
3434
  }
@@ -3437,14 +3437,14 @@ export interface FindingSummaryV2 {
3437
3437
  */
3438
3438
  export interface ListFindingsV2Response {
3439
3439
  /**
3440
- * @public
3441
3440
  * <p>A list of findings retrieved from the analyzer that match the filter criteria specified,
3442
3441
  * if any.</p>
3442
+ * @public
3443
3443
  */
3444
3444
  findings: FindingSummaryV2[] | undefined;
3445
3445
  /**
3446
- * @public
3447
3446
  * <p>A token used for pagination of results returned.</p>
3447
+ * @public
3448
3448
  */
3449
3449
  nextToken?: string;
3450
3450
  }
@@ -3453,54 +3453,54 @@ export interface ListFindingsV2Response {
3453
3453
  */
3454
3454
  export interface ListPolicyGenerationsRequest {
3455
3455
  /**
3456
- * @public
3457
3456
  * <p>The ARN of the IAM entity (user or role) for which you are generating a policy. Use
3458
3457
  * this with <code>ListGeneratedPolicies</code> to filter the results to only include results
3459
3458
  * for a specific principal.</p>
3459
+ * @public
3460
3460
  */
3461
3461
  principalArn?: string;
3462
3462
  /**
3463
- * @public
3464
3463
  * <p>The maximum number of results to return in the response.</p>
3464
+ * @public
3465
3465
  */
3466
3466
  maxResults?: number;
3467
3467
  /**
3468
- * @public
3469
3468
  * <p>A token used for pagination of results returned.</p>
3469
+ * @public
3470
3470
  */
3471
3471
  nextToken?: string;
3472
3472
  }
3473
3473
  /**
3474
- * @public
3475
3474
  * <p>Contains details about the policy generation status and properties.</p>
3475
+ * @public
3476
3476
  */
3477
3477
  export interface PolicyGeneration {
3478
3478
  /**
3479
- * @public
3480
3479
  * <p>The <code>JobId</code> that is returned by the <code>StartPolicyGeneration</code>
3481
3480
  * operation. The <code>JobId</code> can be used with <code>GetGeneratedPolicy</code> to
3482
3481
  * retrieve the generated policies or used with <code>CancelPolicyGeneration</code> to cancel
3483
3482
  * the policy generation request.</p>
3483
+ * @public
3484
3484
  */
3485
3485
  jobId: string | undefined;
3486
3486
  /**
3487
- * @public
3488
3487
  * <p>The ARN of the IAM entity (user or role) for which you are generating a policy.</p>
3488
+ * @public
3489
3489
  */
3490
3490
  principalArn: string | undefined;
3491
3491
  /**
3492
- * @public
3493
3492
  * <p>The status of the policy generation request.</p>
3493
+ * @public
3494
3494
  */
3495
3495
  status: JobStatus | undefined;
3496
3496
  /**
3497
- * @public
3498
3497
  * <p>A timestamp of when the policy generation started.</p>
3498
+ * @public
3499
3499
  */
3500
3500
  startedOn: Date | undefined;
3501
3501
  /**
3502
- * @public
3503
3502
  * <p>A timestamp of when the policy generation was completed.</p>
3503
+ * @public
3504
3504
  */
3505
3505
  completedOn?: Date;
3506
3506
  }
@@ -3509,102 +3509,102 @@ export interface PolicyGeneration {
3509
3509
  */
3510
3510
  export interface ListPolicyGenerationsResponse {
3511
3511
  /**
3512
- * @public
3513
3512
  * <p>A <code>PolicyGeneration</code> object that contains details about the generated
3514
3513
  * policy.</p>
3514
+ * @public
3515
3515
  */
3516
3516
  policyGenerations: PolicyGeneration[] | undefined;
3517
3517
  /**
3518
- * @public
3519
3518
  * <p>A token used for pagination of results returned.</p>
3519
+ * @public
3520
3520
  */
3521
3521
  nextToken?: string;
3522
3522
  }
3523
3523
  /**
3524
- * @public
3525
3524
  * <p>Retrieves a list of tags applied to the specified resource.</p>
3525
+ * @public
3526
3526
  */
3527
3527
  export interface ListTagsForResourceRequest {
3528
3528
  /**
3529
- * @public
3530
3529
  * <p>The ARN of the resource to retrieve tags from.</p>
3530
+ * @public
3531
3531
  */
3532
3532
  resourceArn: string | undefined;
3533
3533
  }
3534
3534
  /**
3535
- * @public
3536
3535
  * <p>The response to the request.</p>
3536
+ * @public
3537
3537
  */
3538
3538
  export interface ListTagsForResourceResponse {
3539
3539
  /**
3540
- * @public
3541
3540
  * <p>The tags that are applied to the specified resource.</p>
3541
+ * @public
3542
3542
  */
3543
3543
  tags?: Record<string, string>;
3544
3544
  }
3545
3545
  /**
3546
- * @public
3547
3546
  * <p>Contains details about the CloudTrail trail being analyzed to generate a policy.</p>
3547
+ * @public
3548
3548
  */
3549
3549
  export interface Trail {
3550
3550
  /**
3551
- * @public
3552
3551
  * <p>Specifies the ARN of the trail. The format of a trail ARN is
3553
3552
  * <code>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</code>.</p>
3553
+ * @public
3554
3554
  */
3555
3555
  cloudTrailArn: string | undefined;
3556
3556
  /**
3557
- * @public
3558
3557
  * <p>A list of regions to get CloudTrail data from and analyze to generate a policy.</p>
3558
+ * @public
3559
3559
  */
3560
3560
  regions?: string[];
3561
3561
  /**
3562
- * @public
3563
3562
  * <p>Possible values are <code>true</code> or <code>false</code>. If set to
3564
3563
  * <code>true</code>, IAM Access Analyzer retrieves CloudTrail data from all regions to analyze and
3565
3564
  * generate a policy.</p>
3565
+ * @public
3566
3566
  */
3567
3567
  allRegions?: boolean;
3568
3568
  }
3569
3569
  /**
3570
- * @public
3571
3570
  * <p>Contains information about CloudTrail access.</p>
3571
+ * @public
3572
3572
  */
3573
3573
  export interface CloudTrailDetails {
3574
3574
  /**
3575
- * @public
3576
3575
  * <p>A <code>Trail</code> object that contains settings for a trail.</p>
3576
+ * @public
3577
3577
  */
3578
3578
  trails: Trail[] | undefined;
3579
3579
  /**
3580
- * @public
3581
3580
  * <p>The ARN of the service role that IAM Access Analyzer uses to access your CloudTrail trail and
3582
3581
  * service last accessed information.</p>
3582
+ * @public
3583
3583
  */
3584
3584
  accessRole: string | undefined;
3585
3585
  /**
3586
- * @public
3587
3586
  * <p>The start of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events
3588
3587
  * with a timestamp before this time are not considered to generate a policy.</p>
3588
+ * @public
3589
3589
  */
3590
3590
  startTime: Date | undefined;
3591
3591
  /**
3592
- * @public
3593
3592
  * <p>The end of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with
3594
3593
  * a timestamp after this time are not considered to generate a policy. If this is not
3595
3594
  * included in the request, the default value is the current time.</p>
3595
+ * @public
3596
3596
  */
3597
3597
  endTime?: Date;
3598
3598
  }
3599
3599
  /**
3600
- * @public
3601
3600
  * <p>Contains the ARN details about the IAM entity for which the policy is
3602
3601
  * generated.</p>
3602
+ * @public
3603
3603
  */
3604
3604
  export interface PolicyGenerationDetails {
3605
3605
  /**
3606
- * @public
3607
3606
  * <p>The ARN of the IAM entity (user or role) for which you are generating a policy.</p>
3607
+ * @public
3608
3608
  */
3609
3609
  principalArn: string | undefined;
3610
3610
  }
@@ -3613,19 +3613,18 @@ export interface PolicyGenerationDetails {
3613
3613
  */
3614
3614
  export interface StartPolicyGenerationRequest {
3615
3615
  /**
3616
- * @public
3617
3616
  * <p>Contains the ARN of the IAM entity (user or role) for which you are generating a
3618
3617
  * policy.</p>
3618
+ * @public
3619
3619
  */
3620
3620
  policyGenerationDetails: PolicyGenerationDetails | undefined;
3621
3621
  /**
3622
- * @public
3623
3622
  * <p>A <code>CloudTrailDetails</code> object that contains details about a <code>Trail</code>
3624
3623
  * that you want to analyze to generate policies.</p>
3624
+ * @public
3625
3625
  */
3626
3626
  cloudTrailDetails?: CloudTrailDetails;
3627
3627
  /**
3628
- * @public
3629
3628
  * <p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the
3630
3629
  * request. Idempotency ensures that an API request completes only once. With an idempotent
3631
3630
  * request, if the original request completes successfully, the subsequent retries with the
@@ -3633,6 +3632,7 @@ export interface StartPolicyGenerationRequest {
3633
3632
  * additional effect.</p>
3634
3633
  * <p>If you do not specify a client token, one is automatically generated by the Amazon Web Services
3635
3634
  * SDK.</p>
3635
+ * @public
3636
3636
  */
3637
3637
  clientToken?: string;
3638
3638
  }
@@ -3641,79 +3641,79 @@ export interface StartPolicyGenerationRequest {
3641
3641
  */
3642
3642
  export interface StartPolicyGenerationResponse {
3643
3643
  /**
3644
- * @public
3645
3644
  * <p>The <code>JobId</code> that is returned by the <code>StartPolicyGeneration</code>
3646
3645
  * operation. The <code>JobId</code> can be used with <code>GetGeneratedPolicy</code> to
3647
3646
  * retrieve the generated policies or used with <code>CancelPolicyGeneration</code> to cancel
3648
3647
  * the policy generation request.</p>
3648
+ * @public
3649
3649
  */
3650
3650
  jobId: string | undefined;
3651
3651
  }
3652
3652
  /**
3653
- * @public
3654
3653
  * <p>Starts a scan of the policies applied to the specified resource.</p>
3654
+ * @public
3655
3655
  */
3656
3656
  export interface StartResourceScanRequest {
3657
3657
  /**
3658
- * @public
3659
3658
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
3660
3659
  * the analyzer</a> to use to scan the policies applied to the specified
3661
3660
  * resource.</p>
3661
+ * @public
3662
3662
  */
3663
3663
  analyzerArn: string | undefined;
3664
3664
  /**
3665
- * @public
3666
3665
  * <p>The ARN of the resource to scan.</p>
3666
+ * @public
3667
3667
  */
3668
3668
  resourceArn: string | undefined;
3669
3669
  /**
3670
- * @public
3671
3670
  * <p>The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning
3672
3671
  * account is the account in which the resource was created.</p>
3672
+ * @public
3673
3673
  */
3674
3674
  resourceOwnerAccount?: string;
3675
3675
  }
3676
3676
  /**
3677
- * @public
3678
3677
  * <p>Adds a tag to the specified resource.</p>
3678
+ * @public
3679
3679
  */
3680
3680
  export interface TagResourceRequest {
3681
3681
  /**
3682
- * @public
3683
3682
  * <p>The ARN of the resource to add the tag to.</p>
3683
+ * @public
3684
3684
  */
3685
3685
  resourceArn: string | undefined;
3686
3686
  /**
3687
- * @public
3688
3687
  * <p>The tags to add to the resource.</p>
3688
+ * @public
3689
3689
  */
3690
3690
  tags: Record<string, string> | undefined;
3691
3691
  }
3692
3692
  /**
3693
- * @public
3694
3693
  * <p>The response to the request.</p>
3694
+ * @public
3695
3695
  */
3696
3696
  export interface TagResourceResponse {
3697
3697
  }
3698
3698
  /**
3699
- * @public
3700
3699
  * <p>Removes a tag from the specified resource.</p>
3700
+ * @public
3701
3701
  */
3702
3702
  export interface UntagResourceRequest {
3703
3703
  /**
3704
- * @public
3705
3704
  * <p>The ARN of the resource to remove the tag from.</p>
3705
+ * @public
3706
3706
  */
3707
3707
  resourceArn: string | undefined;
3708
3708
  /**
3709
- * @public
3710
3709
  * <p>The key for the tag to add.</p>
3710
+ * @public
3711
3711
  */
3712
3712
  tagKeys: string[] | undefined;
3713
3713
  }
3714
3714
  /**
3715
- * @public
3716
3715
  * <p>The response to the request.</p>
3716
+ * @public
3717
3717
  */
3718
3718
  export interface UntagResourceResponse {
3719
3719
  }
@@ -3722,36 +3722,36 @@ export interface UntagResourceResponse {
3722
3722
  */
3723
3723
  export type FindingStatusUpdate = "ACTIVE" | "ARCHIVED";
3724
3724
  /**
3725
- * @public
3726
3725
  * <p>Updates findings with the new values provided in the request.</p>
3726
+ * @public
3727
3727
  */
3728
3728
  export interface UpdateFindingsRequest {
3729
3729
  /**
3730
- * @public
3731
3730
  * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
3732
3731
  * the analyzer</a> that generated the findings to update.</p>
3732
+ * @public
3733
3733
  */
3734
3734
  analyzerArn: string | undefined;
3735
3735
  /**
3736
- * @public
3737
3736
  * <p>The state represents the action to take to update the finding Status. Use
3738
3737
  * <code>ARCHIVE</code> to change an Active finding to an Archived finding. Use
3739
3738
  * <code>ACTIVE</code> to change an Archived finding to an Active finding.</p>
3739
+ * @public
3740
3740
  */
3741
3741
  status: FindingStatusUpdate | undefined;
3742
3742
  /**
3743
- * @public
3744
3743
  * <p>The IDs of the findings to update.</p>
3744
+ * @public
3745
3745
  */
3746
3746
  ids?: string[];
3747
3747
  /**
3748
- * @public
3749
3748
  * <p>The ARN of the resource identified in the finding.</p>
3749
+ * @public
3750
3750
  */
3751
3751
  resourceArn?: string;
3752
3752
  /**
3753
- * @public
3754
3753
  * <p>A client token.</p>
3754
+ * @public
3755
3755
  */
3756
3756
  clientToken?: string;
3757
3757
  }
@@ -3808,27 +3808,26 @@ export type ValidatePolicyResourceType = (typeof ValidatePolicyResourceType)[key
3808
3808
  */
3809
3809
  export interface ValidatePolicyRequest {
3810
3810
  /**
3811
- * @public
3812
3811
  * <p>The locale to use for localizing the findings.</p>
3812
+ * @public
3813
3813
  */
3814
3814
  locale?: Locale;
3815
3815
  /**
3816
- * @public
3817
3816
  * <p>The maximum number of results to return in the response.</p>
3817
+ * @public
3818
3818
  */
3819
3819
  maxResults?: number;
3820
3820
  /**
3821
- * @public
3822
3821
  * <p>A token used for pagination of results returned.</p>
3822
+ * @public
3823
3823
  */
3824
3824
  nextToken?: string;
3825
3825
  /**
3826
- * @public
3827
3826
  * <p>The JSON policy document to use as the content for the policy.</p>
3827
+ * @public
3828
3828
  */
3829
3829
  policyDocument: string | undefined;
3830
3830
  /**
3831
- * @public
3832
3831
  * <p>The type of policy to validate. Identity policies grant permissions to IAM principals.
3833
3832
  * Identity policies include managed and inline policies for IAM roles, users, and
3834
3833
  * groups.</p>
@@ -3838,10 +3837,10 @@ export interface ValidatePolicyRequest {
3838
3837
  * or Amazon S3 bucket policy. </p>
3839
3838
  * <p>Service control policies (SCPs) are a type of organization policy attached to an Amazon Web Services
3840
3839
  * organization, organizational unit (OU), or an account.</p>
3840
+ * @public
3841
3841
  */
3842
3842
  policyType: PolicyType | undefined;
3843
3843
  /**
3844
- * @public
3845
3844
  * <p>The type of resource to attach to your resource policy. Specify a value for the policy
3846
3845
  * validation resource type only if the policy type is <code>RESOURCE_POLICY</code>. For
3847
3846
  * example, to validate a resource policy to attach to an Amazon S3 bucket, you can choose
@@ -3850,6 +3849,7 @@ export interface ValidatePolicyRequest {
3850
3849
  * apply to all resource policies. For example, to validate a resource policy to attach to a
3851
3850
  * KMS key, do not specify a value for the policy validation resource type and IAM Access Analyzer
3852
3851
  * will run policy checks that apply to all resource policies.</p>
3852
+ * @public
3853
3853
  */
3854
3854
  validatePolicyResourceType?: ValidatePolicyResourceType;
3855
3855
  }
@@ -3868,24 +3868,24 @@ export declare const ValidatePolicyFindingType: {
3868
3868
  */
3869
3869
  export type ValidatePolicyFindingType = (typeof ValidatePolicyFindingType)[keyof typeof ValidatePolicyFindingType];
3870
3870
  /**
3871
- * @public
3872
3871
  * <p>A reference to a substring of a literal string in a JSON document.</p>
3872
+ * @public
3873
3873
  */
3874
3874
  export interface Substring {
3875
3875
  /**
3876
- * @public
3877
3876
  * <p>The start index of the substring, starting from 0.</p>
3877
+ * @public
3878
3878
  */
3879
3879
  start: number | undefined;
3880
3880
  /**
3881
- * @public
3882
3881
  * <p>The length of the substring.</p>
3882
+ * @public
3883
3883
  */
3884
3884
  length: number | undefined;
3885
3885
  }
3886
3886
  /**
3887
- * @public
3888
3887
  * <p>A single element in a path through the JSON representation of a policy.</p>
3888
+ * @public
3889
3889
  */
3890
3890
  export type PathElement = PathElement.IndexMember | PathElement.KeyMember | PathElement.SubstringMember | PathElement.ValueMember | PathElement.$UnknownMember;
3891
3891
  /**
@@ -3893,8 +3893,8 @@ export type PathElement = PathElement.IndexMember | PathElement.KeyMember | Path
3893
3893
  */
3894
3894
  export declare namespace PathElement {
3895
3895
  /**
3896
- * @public
3897
3896
  * <p>Refers to an index in a JSON array.</p>
3897
+ * @public
3898
3898
  */
3899
3899
  interface IndexMember {
3900
3900
  index: number;
@@ -3904,8 +3904,8 @@ export declare namespace PathElement {
3904
3904
  $unknown?: never;
3905
3905
  }
3906
3906
  /**
3907
- * @public
3908
3907
  * <p>Refers to a key in a JSON object.</p>
3908
+ * @public
3909
3909
  */
3910
3910
  interface KeyMember {
3911
3911
  index?: never;
@@ -3915,8 +3915,8 @@ export declare namespace PathElement {
3915
3915
  $unknown?: never;
3916
3916
  }
3917
3917
  /**
3918
- * @public
3919
3918
  * <p>Refers to a substring of a literal string in a JSON object.</p>
3919
+ * @public
3920
3920
  */
3921
3921
  interface SubstringMember {
3922
3922
  index?: never;
@@ -3926,8 +3926,8 @@ export declare namespace PathElement {
3926
3926
  $unknown?: never;
3927
3927
  }
3928
3928
  /**
3929
- * @public
3930
3929
  * <p>Refers to the value associated with a given key in a JSON object.</p>
3930
+ * @public
3931
3931
  */
3932
3932
  interface ValueMember {
3933
3933
  index?: never;
@@ -3956,74 +3956,73 @@ export declare namespace PathElement {
3956
3956
  const visit: <T>(value: PathElement, visitor: Visitor<T>) => T;
3957
3957
  }
3958
3958
  /**
3959
- * @public
3960
3959
  * <p>A position in a policy.</p>
3960
+ * @public
3961
3961
  */
3962
3962
  export interface Position {
3963
3963
  /**
3964
- * @public
3965
3964
  * <p>The line of the position, starting from 1.</p>
3965
+ * @public
3966
3966
  */
3967
3967
  line: number | undefined;
3968
3968
  /**
3969
- * @public
3970
3969
  * <p>The column of the position, starting from 0.</p>
3970
+ * @public
3971
3971
  */
3972
3972
  column: number | undefined;
3973
3973
  /**
3974
- * @public
3975
3974
  * <p>The offset within the policy that corresponds to the position, starting from 0.</p>
3975
+ * @public
3976
3976
  */
3977
3977
  offset: number | undefined;
3978
3978
  }
3979
3979
  /**
3980
- * @public
3981
3980
  * <p>A span in a policy. The span consists of a start position (inclusive) and end position
3982
3981
  * (exclusive).</p>
3982
+ * @public
3983
3983
  */
3984
3984
  export interface Span {
3985
3985
  /**
3986
- * @public
3987
3986
  * <p>The start position of the span (inclusive).</p>
3987
+ * @public
3988
3988
  */
3989
3989
  start: Position | undefined;
3990
3990
  /**
3991
- * @public
3992
3991
  * <p>The end position of the span (exclusive).</p>
3992
+ * @public
3993
3993
  */
3994
3994
  end: Position | undefined;
3995
3995
  }
3996
3996
  /**
3997
- * @public
3998
3997
  * <p>A location in a policy that is represented as a path through the JSON representation and
3999
3998
  * a corresponding span.</p>
3999
+ * @public
4000
4000
  */
4001
4001
  export interface Location {
4002
4002
  /**
4003
- * @public
4004
4003
  * <p>A path in a policy, represented as a sequence of path elements.</p>
4004
+ * @public
4005
4005
  */
4006
4006
  path: PathElement[] | undefined;
4007
4007
  /**
4008
- * @public
4009
4008
  * <p>A span in a policy.</p>
4009
+ * @public
4010
4010
  */
4011
4011
  span: Span | undefined;
4012
4012
  }
4013
4013
  /**
4014
- * @public
4015
4014
  * <p>A finding in a policy. Each finding is an actionable recommendation that can be used to
4016
4015
  * improve the policy.</p>
4016
+ * @public
4017
4017
  */
4018
4018
  export interface ValidatePolicyFinding {
4019
4019
  /**
4020
- * @public
4021
4020
  * <p>A localized message that explains the finding and provides guidance on how to address
4022
4021
  * it.</p>
4022
+ * @public
4023
4023
  */
4024
4024
  findingDetails: string | undefined;
4025
4025
  /**
4026
- * @public
4027
4026
  * <p>The impact of the finding.</p>
4028
4027
  * <p>Security warnings report when the policy allows access that we consider overly
4029
4028
  * permissive.</p>
@@ -4032,22 +4031,23 @@ export interface ValidatePolicyFinding {
4032
4031
  * best practices.</p>
4033
4032
  * <p>Suggestions recommend stylistic improvements in the policy that do not impact
4034
4033
  * access.</p>
4034
+ * @public
4035
4035
  */
4036
4036
  findingType: ValidatePolicyFindingType | undefined;
4037
4037
  /**
4038
- * @public
4039
4038
  * <p>The issue code provides an identifier of the issue associated with this finding.</p>
4039
+ * @public
4040
4040
  */
4041
4041
  issueCode: string | undefined;
4042
4042
  /**
4043
- * @public
4044
4043
  * <p>A link to additional documentation about the type of finding.</p>
4044
+ * @public
4045
4045
  */
4046
4046
  learnMoreLink: string | undefined;
4047
4047
  /**
4048
- * @public
4049
4048
  * <p>The list of locations in the policy document that are related to the finding. The issue
4050
4049
  * code provides a summary of an issue identified by the finding.</p>
4050
+ * @public
4051
4051
  */
4052
4052
  locations: Location[] | undefined;
4053
4053
  }
@@ -4056,14 +4056,14 @@ export interface ValidatePolicyFinding {
4056
4056
  */
4057
4057
  export interface ValidatePolicyResponse {
4058
4058
  /**
4059
- * @public
4060
4059
  * <p>The list of findings in a policy returned by IAM Access Analyzer based on its suite of policy
4061
4060
  * checks.</p>
4061
+ * @public
4062
4062
  */
4063
4063
  findings: ValidatePolicyFinding[] | undefined;
4064
4064
  /**
4065
- * @public
4066
4065
  * <p>A token used for pagination of results returned.</p>
4066
+ * @public
4067
4067
  */
4068
4068
  nextToken?: string;
4069
4069
  }