@aws-sdk/client-accessanalyzer 3.533.0 → 3.538.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist-cjs/index.js +5 -0
- package/dist-es/models/models_0.js +5 -0
- package/dist-types/AccessAnalyzer.d.ts +3 -1
- package/dist-types/AccessAnalyzerClient.d.ts +1 -1
- package/dist-types/commands/ApplyArchiveRuleCommand.d.ts +2 -1
- package/dist-types/commands/CancelPolicyGenerationCommand.d.ts +2 -1
- package/dist-types/commands/CheckAccessNotGrantedCommand.d.ts +2 -1
- package/dist-types/commands/CheckNoNewAccessCommand.d.ts +2 -1
- package/dist-types/commands/CreateAccessPreviewCommand.d.ts +8 -1
- package/dist-types/commands/CreateAnalyzerCommand.d.ts +2 -1
- package/dist-types/commands/CreateArchiveRuleCommand.d.ts +2 -1
- package/dist-types/commands/DeleteAnalyzerCommand.d.ts +2 -1
- package/dist-types/commands/DeleteArchiveRuleCommand.d.ts +2 -1
- package/dist-types/commands/GetAccessPreviewCommand.d.ts +8 -1
- package/dist-types/commands/GetAnalyzedResourceCommand.d.ts +2 -1
- package/dist-types/commands/GetAnalyzerCommand.d.ts +2 -1
- package/dist-types/commands/GetArchiveRuleCommand.d.ts +2 -1
- package/dist-types/commands/GetFindingCommand.d.ts +2 -1
- package/dist-types/commands/GetFindingV2Command.d.ts +2 -1
- package/dist-types/commands/GetGeneratedPolicyCommand.d.ts +2 -1
- package/dist-types/commands/ListAccessPreviewFindingsCommand.d.ts +2 -1
- package/dist-types/commands/ListAccessPreviewsCommand.d.ts +2 -1
- package/dist-types/commands/ListAnalyzedResourcesCommand.d.ts +2 -1
- package/dist-types/commands/ListAnalyzersCommand.d.ts +2 -1
- package/dist-types/commands/ListArchiveRulesCommand.d.ts +2 -1
- package/dist-types/commands/ListFindingsCommand.d.ts +2 -1
- package/dist-types/commands/ListFindingsV2Command.d.ts +2 -1
- package/dist-types/commands/ListPolicyGenerationsCommand.d.ts +2 -1
- package/dist-types/commands/ListTagsForResourceCommand.d.ts +2 -1
- package/dist-types/commands/StartPolicyGenerationCommand.d.ts +2 -1
- package/dist-types/commands/StartResourceScanCommand.d.ts +2 -1
- package/dist-types/commands/TagResourceCommand.d.ts +2 -1
- package/dist-types/commands/UntagResourceCommand.d.ts +2 -1
- package/dist-types/commands/UpdateArchiveRuleCommand.d.ts +2 -1
- package/dist-types/commands/UpdateFindingsCommand.d.ts +2 -1
- package/dist-types/commands/ValidatePolicyCommand.d.ts +2 -1
- package/dist-types/models/models_0.d.ts +634 -507
- package/dist-types/ts3.4/AccessAnalyzer.d.ts +2 -0
- package/dist-types/ts3.4/commands/ApplyArchiveRuleCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/CancelPolicyGenerationCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/CheckAccessNotGrantedCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/CheckNoNewAccessCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/CreateAccessPreviewCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/CreateAnalyzerCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/CreateArchiveRuleCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/DeleteAnalyzerCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/DeleteArchiveRuleCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/GetAccessPreviewCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/GetAnalyzedResourceCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/GetAnalyzerCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/GetArchiveRuleCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/GetFindingCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/GetFindingV2Command.d.ts +9 -0
- package/dist-types/ts3.4/commands/GetGeneratedPolicyCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/ListAccessPreviewFindingsCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/ListAccessPreviewsCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/ListAnalyzedResourcesCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/ListAnalyzersCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/ListArchiveRulesCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/ListFindingsCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/ListFindingsV2Command.d.ts +9 -0
- package/dist-types/ts3.4/commands/ListPolicyGenerationsCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/ListTagsForResourceCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/StartPolicyGenerationCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/StartResourceScanCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/TagResourceCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/UntagResourceCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/UpdateArchiveRuleCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/UpdateFindingsCommand.d.ts +9 -0
- package/dist-types/ts3.4/commands/ValidatePolicyCommand.d.ts +9 -0
- package/dist-types/ts3.4/models/models_0.d.ts +73 -0
- package/package.json +40 -40
|
@@ -1,21 +1,21 @@
|
|
|
1
1
|
import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
|
|
2
2
|
import { AccessAnalyzerServiceException as __BaseException } from "./AccessAnalyzerServiceException";
|
|
3
3
|
/**
|
|
4
|
-
* @public
|
|
5
4
|
* <p>Contains information about actions that define permissions to check against a
|
|
6
5
|
* policy.</p>
|
|
6
|
+
* @public
|
|
7
7
|
*/
|
|
8
8
|
export interface Access {
|
|
9
9
|
/**
|
|
10
|
-
* @public
|
|
11
10
|
* <p>A list of actions for the access permissions. Any strings that can be used as an action
|
|
12
11
|
* in an IAM policy can be used in the list of actions to check.</p>
|
|
12
|
+
* @public
|
|
13
13
|
*/
|
|
14
14
|
actions: string[] | undefined;
|
|
15
15
|
}
|
|
16
16
|
/**
|
|
17
|
-
* @public
|
|
18
17
|
* <p>You do not have sufficient access to perform this action.</p>
|
|
18
|
+
* @public
|
|
19
19
|
*/
|
|
20
20
|
export declare class AccessDeniedException extends __BaseException {
|
|
21
21
|
readonly name: "AccessDeniedException";
|
|
@@ -26,20 +26,20 @@ export declare class AccessDeniedException extends __BaseException {
|
|
|
26
26
|
constructor(opts: __ExceptionOptionType<AccessDeniedException, __BaseException>);
|
|
27
27
|
}
|
|
28
28
|
/**
|
|
29
|
-
* @public
|
|
30
29
|
* <p>A conflict exception error.</p>
|
|
30
|
+
* @public
|
|
31
31
|
*/
|
|
32
32
|
export declare class ConflictException extends __BaseException {
|
|
33
33
|
readonly name: "ConflictException";
|
|
34
34
|
readonly $fault: "client";
|
|
35
35
|
/**
|
|
36
|
-
* @public
|
|
37
36
|
* <p>The ID of the resource.</p>
|
|
37
|
+
* @public
|
|
38
38
|
*/
|
|
39
39
|
resourceId: string | undefined;
|
|
40
40
|
/**
|
|
41
|
-
* @public
|
|
42
41
|
* <p>The resource type.</p>
|
|
42
|
+
* @public
|
|
43
43
|
*/
|
|
44
44
|
resourceType: string | undefined;
|
|
45
45
|
/**
|
|
@@ -48,70 +48,70 @@ export declare class ConflictException extends __BaseException {
|
|
|
48
48
|
constructor(opts: __ExceptionOptionType<ConflictException, __BaseException>);
|
|
49
49
|
}
|
|
50
50
|
/**
|
|
51
|
-
* @public
|
|
52
51
|
* <p>The criteria to use in the filter that defines the archive rule. For more information on
|
|
53
52
|
* available filter keys, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html">IAM Access Analyzer filter
|
|
54
53
|
* keys</a>.</p>
|
|
54
|
+
* @public
|
|
55
55
|
*/
|
|
56
56
|
export interface Criterion {
|
|
57
57
|
/**
|
|
58
|
-
* @public
|
|
59
58
|
* <p>An "equals" operator to match for the filter used to create the rule.</p>
|
|
59
|
+
* @public
|
|
60
60
|
*/
|
|
61
61
|
eq?: string[];
|
|
62
62
|
/**
|
|
63
|
-
* @public
|
|
64
63
|
* <p>A "not equals" operator to match for the filter used to create the rule.</p>
|
|
64
|
+
* @public
|
|
65
65
|
*/
|
|
66
66
|
neq?: string[];
|
|
67
67
|
/**
|
|
68
|
-
* @public
|
|
69
68
|
* <p>A "contains" operator to match for the filter used to create the rule.</p>
|
|
69
|
+
* @public
|
|
70
70
|
*/
|
|
71
71
|
contains?: string[];
|
|
72
72
|
/**
|
|
73
|
-
* @public
|
|
74
73
|
* <p>An "exists" operator to match for the filter used to create the rule. </p>
|
|
74
|
+
* @public
|
|
75
75
|
*/
|
|
76
76
|
exists?: boolean;
|
|
77
77
|
}
|
|
78
78
|
/**
|
|
79
|
-
* @public
|
|
80
79
|
* <p>Creates an archive rule.</p>
|
|
80
|
+
* @public
|
|
81
81
|
*/
|
|
82
82
|
export interface CreateArchiveRuleRequest {
|
|
83
83
|
/**
|
|
84
|
-
* @public
|
|
85
84
|
* <p>The name of the created analyzer.</p>
|
|
85
|
+
* @public
|
|
86
86
|
*/
|
|
87
87
|
analyzerName: string | undefined;
|
|
88
88
|
/**
|
|
89
|
-
* @public
|
|
90
89
|
* <p>The name of the rule to create.</p>
|
|
90
|
+
* @public
|
|
91
91
|
*/
|
|
92
92
|
ruleName: string | undefined;
|
|
93
93
|
/**
|
|
94
|
-
* @public
|
|
95
94
|
* <p>The criteria for the rule.</p>
|
|
95
|
+
* @public
|
|
96
96
|
*/
|
|
97
97
|
filter: Record<string, Criterion> | undefined;
|
|
98
98
|
/**
|
|
99
|
-
* @public
|
|
100
99
|
* <p>A client token.</p>
|
|
100
|
+
* @public
|
|
101
101
|
*/
|
|
102
102
|
clientToken?: string;
|
|
103
103
|
}
|
|
104
104
|
/**
|
|
105
|
-
* @public
|
|
106
105
|
* <p>Internal server error.</p>
|
|
106
|
+
* @public
|
|
107
107
|
*/
|
|
108
108
|
export declare class InternalServerException extends __BaseException {
|
|
109
109
|
readonly name: "InternalServerException";
|
|
110
110
|
readonly $fault: "server";
|
|
111
111
|
$retryable: {};
|
|
112
112
|
/**
|
|
113
|
-
* @public
|
|
114
113
|
* <p>The seconds to wait to retry.</p>
|
|
114
|
+
* @public
|
|
115
115
|
*/
|
|
116
116
|
retryAfterSeconds?: number;
|
|
117
117
|
/**
|
|
@@ -120,20 +120,20 @@ export declare class InternalServerException extends __BaseException {
|
|
|
120
120
|
constructor(opts: __ExceptionOptionType<InternalServerException, __BaseException>);
|
|
121
121
|
}
|
|
122
122
|
/**
|
|
123
|
-
* @public
|
|
124
123
|
* <p>The specified resource could not be found.</p>
|
|
124
|
+
* @public
|
|
125
125
|
*/
|
|
126
126
|
export declare class ResourceNotFoundException extends __BaseException {
|
|
127
127
|
readonly name: "ResourceNotFoundException";
|
|
128
128
|
readonly $fault: "client";
|
|
129
129
|
/**
|
|
130
|
-
* @public
|
|
131
130
|
* <p>The ID of the resource.</p>
|
|
131
|
+
* @public
|
|
132
132
|
*/
|
|
133
133
|
resourceId: string | undefined;
|
|
134
134
|
/**
|
|
135
|
-
* @public
|
|
136
135
|
* <p>The type of the resource.</p>
|
|
136
|
+
* @public
|
|
137
137
|
*/
|
|
138
138
|
resourceType: string | undefined;
|
|
139
139
|
/**
|
|
@@ -142,20 +142,20 @@ export declare class ResourceNotFoundException extends __BaseException {
|
|
|
142
142
|
constructor(opts: __ExceptionOptionType<ResourceNotFoundException, __BaseException>);
|
|
143
143
|
}
|
|
144
144
|
/**
|
|
145
|
-
* @public
|
|
146
145
|
* <p>Service quote met error.</p>
|
|
146
|
+
* @public
|
|
147
147
|
*/
|
|
148
148
|
export declare class ServiceQuotaExceededException extends __BaseException {
|
|
149
149
|
readonly name: "ServiceQuotaExceededException";
|
|
150
150
|
readonly $fault: "client";
|
|
151
151
|
/**
|
|
152
|
-
* @public
|
|
153
152
|
* <p>The resource ID.</p>
|
|
153
|
+
* @public
|
|
154
154
|
*/
|
|
155
155
|
resourceId: string | undefined;
|
|
156
156
|
/**
|
|
157
|
-
* @public
|
|
158
157
|
* <p>The resource type.</p>
|
|
158
|
+
* @public
|
|
159
159
|
*/
|
|
160
160
|
resourceType: string | undefined;
|
|
161
161
|
/**
|
|
@@ -164,8 +164,8 @@ export declare class ServiceQuotaExceededException extends __BaseException {
|
|
|
164
164
|
constructor(opts: __ExceptionOptionType<ServiceQuotaExceededException, __BaseException>);
|
|
165
165
|
}
|
|
166
166
|
/**
|
|
167
|
-
* @public
|
|
168
167
|
* <p>Throttling limit exceeded error.</p>
|
|
168
|
+
* @public
|
|
169
169
|
*/
|
|
170
170
|
export declare class ThrottlingException extends __BaseException {
|
|
171
171
|
readonly name: "ThrottlingException";
|
|
@@ -174,8 +174,8 @@ export declare class ThrottlingException extends __BaseException {
|
|
|
174
174
|
throttling: boolean;
|
|
175
175
|
};
|
|
176
176
|
/**
|
|
177
|
-
* @public
|
|
178
177
|
* <p>The seconds to wait to retry.</p>
|
|
178
|
+
* @public
|
|
179
179
|
*/
|
|
180
180
|
retryAfterSeconds?: number;
|
|
181
181
|
/**
|
|
@@ -184,18 +184,18 @@ export declare class ThrottlingException extends __BaseException {
|
|
|
184
184
|
constructor(opts: __ExceptionOptionType<ThrottlingException, __BaseException>);
|
|
185
185
|
}
|
|
186
186
|
/**
|
|
187
|
-
* @public
|
|
188
187
|
* <p>Contains information about a validation exception.</p>
|
|
188
|
+
* @public
|
|
189
189
|
*/
|
|
190
190
|
export interface ValidationExceptionField {
|
|
191
191
|
/**
|
|
192
|
-
* @public
|
|
193
192
|
* <p>The name of the validation exception.</p>
|
|
193
|
+
* @public
|
|
194
194
|
*/
|
|
195
195
|
name: string | undefined;
|
|
196
196
|
/**
|
|
197
|
-
* @public
|
|
198
197
|
* <p>A message about the validation exception.</p>
|
|
198
|
+
* @public
|
|
199
199
|
*/
|
|
200
200
|
message: string | undefined;
|
|
201
201
|
}
|
|
@@ -214,20 +214,20 @@ export declare const ValidationExceptionReason: {
|
|
|
214
214
|
*/
|
|
215
215
|
export type ValidationExceptionReason = (typeof ValidationExceptionReason)[keyof typeof ValidationExceptionReason];
|
|
216
216
|
/**
|
|
217
|
-
* @public
|
|
218
217
|
* <p>Validation exception error.</p>
|
|
218
|
+
* @public
|
|
219
219
|
*/
|
|
220
220
|
export declare class ValidationException extends __BaseException {
|
|
221
221
|
readonly name: "ValidationException";
|
|
222
222
|
readonly $fault: "client";
|
|
223
223
|
/**
|
|
224
|
-
* @public
|
|
225
224
|
* <p>The reason for the exception.</p>
|
|
225
|
+
* @public
|
|
226
226
|
*/
|
|
227
227
|
reason: ValidationExceptionReason | undefined;
|
|
228
228
|
/**
|
|
229
|
-
* @public
|
|
230
229
|
* <p>A list of fields that didn't validate.</p>
|
|
230
|
+
* @public
|
|
231
231
|
*/
|
|
232
232
|
fieldList?: ValidationExceptionField[];
|
|
233
233
|
/**
|
|
@@ -236,179 +236,179 @@ export declare class ValidationException extends __BaseException {
|
|
|
236
236
|
constructor(opts: __ExceptionOptionType<ValidationException, __BaseException>);
|
|
237
237
|
}
|
|
238
238
|
/**
|
|
239
|
-
* @public
|
|
240
239
|
* <p>Deletes an archive rule.</p>
|
|
240
|
+
* @public
|
|
241
241
|
*/
|
|
242
242
|
export interface DeleteArchiveRuleRequest {
|
|
243
243
|
/**
|
|
244
|
-
* @public
|
|
245
244
|
* <p>The name of the analyzer that associated with the archive rule to delete.</p>
|
|
245
|
+
* @public
|
|
246
246
|
*/
|
|
247
247
|
analyzerName: string | undefined;
|
|
248
248
|
/**
|
|
249
|
-
* @public
|
|
250
249
|
* <p>The name of the rule to delete.</p>
|
|
250
|
+
* @public
|
|
251
251
|
*/
|
|
252
252
|
ruleName: string | undefined;
|
|
253
253
|
/**
|
|
254
|
-
* @public
|
|
255
254
|
* <p>A client token.</p>
|
|
255
|
+
* @public
|
|
256
256
|
*/
|
|
257
257
|
clientToken?: string;
|
|
258
258
|
}
|
|
259
259
|
/**
|
|
260
|
-
* @public
|
|
261
260
|
* <p>Retrieves an archive rule.</p>
|
|
261
|
+
* @public
|
|
262
262
|
*/
|
|
263
263
|
export interface GetArchiveRuleRequest {
|
|
264
264
|
/**
|
|
265
|
-
* @public
|
|
266
265
|
* <p>The name of the analyzer to retrieve rules from.</p>
|
|
266
|
+
* @public
|
|
267
267
|
*/
|
|
268
268
|
analyzerName: string | undefined;
|
|
269
269
|
/**
|
|
270
|
-
* @public
|
|
271
270
|
* <p>The name of the rule to retrieve.</p>
|
|
271
|
+
* @public
|
|
272
272
|
*/
|
|
273
273
|
ruleName: string | undefined;
|
|
274
274
|
}
|
|
275
275
|
/**
|
|
276
|
-
* @public
|
|
277
276
|
* <p>Contains information about an archive rule.</p>
|
|
277
|
+
* @public
|
|
278
278
|
*/
|
|
279
279
|
export interface ArchiveRuleSummary {
|
|
280
280
|
/**
|
|
281
|
-
* @public
|
|
282
281
|
* <p>The name of the archive rule.</p>
|
|
282
|
+
* @public
|
|
283
283
|
*/
|
|
284
284
|
ruleName: string | undefined;
|
|
285
285
|
/**
|
|
286
|
-
* @public
|
|
287
286
|
* <p>A filter used to define the archive rule.</p>
|
|
287
|
+
* @public
|
|
288
288
|
*/
|
|
289
289
|
filter: Record<string, Criterion> | undefined;
|
|
290
290
|
/**
|
|
291
|
-
* @public
|
|
292
291
|
* <p>The time at which the archive rule was created.</p>
|
|
292
|
+
* @public
|
|
293
293
|
*/
|
|
294
294
|
createdAt: Date | undefined;
|
|
295
295
|
/**
|
|
296
|
-
* @public
|
|
297
296
|
* <p>The time at which the archive rule was last updated.</p>
|
|
297
|
+
* @public
|
|
298
298
|
*/
|
|
299
299
|
updatedAt: Date | undefined;
|
|
300
300
|
}
|
|
301
301
|
/**
|
|
302
|
-
* @public
|
|
303
302
|
* <p>The response to the request.</p>
|
|
303
|
+
* @public
|
|
304
304
|
*/
|
|
305
305
|
export interface GetArchiveRuleResponse {
|
|
306
306
|
/**
|
|
307
|
-
* @public
|
|
308
307
|
* <p>Contains information about an archive rule.</p>
|
|
308
|
+
* @public
|
|
309
309
|
*/
|
|
310
310
|
archiveRule: ArchiveRuleSummary | undefined;
|
|
311
311
|
}
|
|
312
312
|
/**
|
|
313
|
-
* @public
|
|
314
313
|
* <p>Retrieves a list of archive rules created for the specified analyzer.</p>
|
|
314
|
+
* @public
|
|
315
315
|
*/
|
|
316
316
|
export interface ListArchiveRulesRequest {
|
|
317
317
|
/**
|
|
318
|
-
* @public
|
|
319
318
|
* <p>The name of the analyzer to retrieve rules from.</p>
|
|
319
|
+
* @public
|
|
320
320
|
*/
|
|
321
321
|
analyzerName: string | undefined;
|
|
322
322
|
/**
|
|
323
|
-
* @public
|
|
324
323
|
* <p>A token used for pagination of results returned.</p>
|
|
324
|
+
* @public
|
|
325
325
|
*/
|
|
326
326
|
nextToken?: string;
|
|
327
327
|
/**
|
|
328
|
-
* @public
|
|
329
328
|
* <p>The maximum number of results to return in the request.</p>
|
|
329
|
+
* @public
|
|
330
330
|
*/
|
|
331
331
|
maxResults?: number;
|
|
332
332
|
}
|
|
333
333
|
/**
|
|
334
|
-
* @public
|
|
335
334
|
* <p>The response to the request.</p>
|
|
335
|
+
* @public
|
|
336
336
|
*/
|
|
337
337
|
export interface ListArchiveRulesResponse {
|
|
338
338
|
/**
|
|
339
|
-
* @public
|
|
340
339
|
* <p>A list of archive rules created for the specified analyzer.</p>
|
|
340
|
+
* @public
|
|
341
341
|
*/
|
|
342
342
|
archiveRules: ArchiveRuleSummary[] | undefined;
|
|
343
343
|
/**
|
|
344
|
-
* @public
|
|
345
344
|
* <p>A token used for pagination of results returned.</p>
|
|
345
|
+
* @public
|
|
346
346
|
*/
|
|
347
347
|
nextToken?: string;
|
|
348
348
|
}
|
|
349
349
|
/**
|
|
350
|
-
* @public
|
|
351
350
|
* <p>Updates the specified archive rule.</p>
|
|
351
|
+
* @public
|
|
352
352
|
*/
|
|
353
353
|
export interface UpdateArchiveRuleRequest {
|
|
354
354
|
/**
|
|
355
|
-
* @public
|
|
356
355
|
* <p>The name of the analyzer to update the archive rules for.</p>
|
|
356
|
+
* @public
|
|
357
357
|
*/
|
|
358
358
|
analyzerName: string | undefined;
|
|
359
359
|
/**
|
|
360
|
-
* @public
|
|
361
360
|
* <p>The name of the rule to update.</p>
|
|
361
|
+
* @public
|
|
362
362
|
*/
|
|
363
363
|
ruleName: string | undefined;
|
|
364
364
|
/**
|
|
365
|
-
* @public
|
|
366
365
|
* <p>A filter to match for the rules to update. Only rules that match the filter are
|
|
367
366
|
* updated.</p>
|
|
367
|
+
* @public
|
|
368
368
|
*/
|
|
369
369
|
filter: Record<string, Criterion> | undefined;
|
|
370
370
|
/**
|
|
371
|
-
* @public
|
|
372
371
|
* <p>A client token.</p>
|
|
372
|
+
* @public
|
|
373
373
|
*/
|
|
374
374
|
clientToken?: string;
|
|
375
375
|
}
|
|
376
376
|
/**
|
|
377
|
-
* @public
|
|
378
377
|
* <p>An criterion statement in an archive rule. Each archive rule may have multiple
|
|
379
378
|
* criteria.</p>
|
|
379
|
+
* @public
|
|
380
380
|
*/
|
|
381
381
|
export interface InlineArchiveRule {
|
|
382
382
|
/**
|
|
383
|
-
* @public
|
|
384
383
|
* <p>The name of the rule.</p>
|
|
384
|
+
* @public
|
|
385
385
|
*/
|
|
386
386
|
ruleName: string | undefined;
|
|
387
387
|
/**
|
|
388
|
-
* @public
|
|
389
388
|
* <p>The condition and values for a criterion.</p>
|
|
389
|
+
* @public
|
|
390
390
|
*/
|
|
391
391
|
filter: Record<string, Criterion> | undefined;
|
|
392
392
|
}
|
|
393
393
|
/**
|
|
394
|
-
* @public
|
|
395
394
|
* <p>Contains information about an unused access analyzer.</p>
|
|
395
|
+
* @public
|
|
396
396
|
*/
|
|
397
397
|
export interface UnusedAccessConfiguration {
|
|
398
398
|
/**
|
|
399
|
-
* @public
|
|
400
399
|
* <p>The specified access age in days for which to generate findings for unused access. For
|
|
401
400
|
* example, if you specify 90 days, the analyzer will generate findings for IAM entities
|
|
402
401
|
* within the accounts of the selected organization for any access that hasn't been used in 90
|
|
403
402
|
* or more days since the analyzer's last scan. You can choose a value between 1 and 180
|
|
404
403
|
* days.</p>
|
|
404
|
+
* @public
|
|
405
405
|
*/
|
|
406
406
|
unusedAccessAge?: number;
|
|
407
407
|
}
|
|
408
408
|
/**
|
|
409
|
-
* @public
|
|
410
409
|
* <p>Contains information about the configuration of an unused access analyzer for an Amazon Web Services
|
|
411
410
|
* organization or account.</p>
|
|
411
|
+
* @public
|
|
412
412
|
*/
|
|
413
413
|
export type AnalyzerConfiguration = AnalyzerConfiguration.UnusedAccessMember | AnalyzerConfiguration.$UnknownMember;
|
|
414
414
|
/**
|
|
@@ -416,9 +416,9 @@ export type AnalyzerConfiguration = AnalyzerConfiguration.UnusedAccessMember | A
|
|
|
416
416
|
*/
|
|
417
417
|
export declare namespace AnalyzerConfiguration {
|
|
418
418
|
/**
|
|
419
|
-
* @public
|
|
420
419
|
* <p>Specifies the configuration of an unused access analyzer for an Amazon Web Services organization or
|
|
421
420
|
* account. External access analyzers do not support any configuration.</p>
|
|
421
|
+
* @public
|
|
422
422
|
*/
|
|
423
423
|
interface UnusedAccessMember {
|
|
424
424
|
unusedAccess: UnusedAccessConfiguration;
|
|
@@ -442,82 +442,82 @@ export declare namespace AnalyzerConfiguration {
|
|
|
442
442
|
*/
|
|
443
443
|
export type Type = "ACCOUNT" | "ACCOUNT_UNUSED_ACCESS" | "ORGANIZATION" | "ORGANIZATION_UNUSED_ACCESS";
|
|
444
444
|
/**
|
|
445
|
-
* @public
|
|
446
445
|
* <p>Creates an analyzer.</p>
|
|
446
|
+
* @public
|
|
447
447
|
*/
|
|
448
448
|
export interface CreateAnalyzerRequest {
|
|
449
449
|
/**
|
|
450
|
-
* @public
|
|
451
450
|
* <p>The name of the analyzer to create.</p>
|
|
451
|
+
* @public
|
|
452
452
|
*/
|
|
453
453
|
analyzerName: string | undefined;
|
|
454
454
|
/**
|
|
455
|
-
* @public
|
|
456
455
|
* <p>The type of analyzer to create. Only <code>ACCOUNT</code>, <code>ORGANIZATION</code>,
|
|
457
|
-
*
|
|
456
|
+
* <code>ACCOUNT_UNUSED_ACCESS</code>, and <code>ORGANIZATION_UNUSED_ACCESS</code>
|
|
458
457
|
* analyzers are supported. You can create only one analyzer per account per Region. You can
|
|
459
458
|
* create up to 5 analyzers per organization per Region.</p>
|
|
459
|
+
* @public
|
|
460
460
|
*/
|
|
461
461
|
type: Type | undefined;
|
|
462
462
|
/**
|
|
463
|
-
* @public
|
|
464
463
|
* <p>Specifies the archive rules to add for the analyzer. Archive rules automatically archive
|
|
465
464
|
* findings that meet the criteria you define for the rule.</p>
|
|
465
|
+
* @public
|
|
466
466
|
*/
|
|
467
467
|
archiveRules?: InlineArchiveRule[];
|
|
468
468
|
/**
|
|
469
|
-
* @public
|
|
470
469
|
* <p>An array of key-value pairs to apply to the analyzer.</p>
|
|
470
|
+
* @public
|
|
471
471
|
*/
|
|
472
472
|
tags?: Record<string, string>;
|
|
473
473
|
/**
|
|
474
|
-
* @public
|
|
475
474
|
* <p>A client token.</p>
|
|
475
|
+
* @public
|
|
476
476
|
*/
|
|
477
477
|
clientToken?: string;
|
|
478
478
|
/**
|
|
479
|
-
* @public
|
|
480
479
|
* <p>Specifies the configuration of the analyzer. If the analyzer is an unused access
|
|
481
480
|
* analyzer, the specified scope of unused access is used for the configuration. If the
|
|
482
481
|
* analyzer is an external access analyzer, this field is not used.</p>
|
|
482
|
+
* @public
|
|
483
483
|
*/
|
|
484
484
|
configuration?: AnalyzerConfiguration;
|
|
485
485
|
}
|
|
486
486
|
/**
|
|
487
|
-
* @public
|
|
488
487
|
* <p>The response to the request to create an analyzer.</p>
|
|
488
|
+
* @public
|
|
489
489
|
*/
|
|
490
490
|
export interface CreateAnalyzerResponse {
|
|
491
491
|
/**
|
|
492
|
-
* @public
|
|
493
492
|
* <p>The ARN of the analyzer that was created by the request.</p>
|
|
493
|
+
* @public
|
|
494
494
|
*/
|
|
495
495
|
arn?: string;
|
|
496
496
|
}
|
|
497
497
|
/**
|
|
498
|
-
* @public
|
|
499
498
|
* <p>Deletes an analyzer.</p>
|
|
499
|
+
* @public
|
|
500
500
|
*/
|
|
501
501
|
export interface DeleteAnalyzerRequest {
|
|
502
502
|
/**
|
|
503
|
-
* @public
|
|
504
503
|
* <p>The name of the analyzer to delete.</p>
|
|
504
|
+
* @public
|
|
505
505
|
*/
|
|
506
506
|
analyzerName: string | undefined;
|
|
507
507
|
/**
|
|
508
|
-
* @public
|
|
509
508
|
* <p>A client token.</p>
|
|
509
|
+
* @public
|
|
510
510
|
*/
|
|
511
511
|
clientToken?: string;
|
|
512
512
|
}
|
|
513
513
|
/**
|
|
514
|
-
* @public
|
|
515
514
|
* <p>Retrieves an analyzer.</p>
|
|
515
|
+
* @public
|
|
516
516
|
*/
|
|
517
517
|
export interface GetAnalyzerRequest {
|
|
518
518
|
/**
|
|
519
|
-
* @public
|
|
520
519
|
* <p>The name of the analyzer retrieved.</p>
|
|
520
|
+
* @public
|
|
521
521
|
*/
|
|
522
522
|
analyzerName: string | undefined;
|
|
523
523
|
}
|
|
@@ -530,152 +530,152 @@ export type AnalyzerStatus = "ACTIVE" | "CREATING" | "DISABLED" | "FAILED";
|
|
|
530
530
|
*/
|
|
531
531
|
export type ReasonCode = "AWS_SERVICE_ACCESS_DISABLED" | "DELEGATED_ADMINISTRATOR_DEREGISTERED" | "ORGANIZATION_DELETED" | "SERVICE_LINKED_ROLE_CREATION_FAILED";
|
|
532
532
|
/**
|
|
533
|
-
* @public
|
|
534
533
|
* <p>Provides more details about the current status of the analyzer. For example, if the
|
|
535
534
|
* creation for the analyzer fails, a <code>Failed</code> status is returned. For an analyzer
|
|
536
535
|
* with organization as the type, this failure can be due to an issue with creating the
|
|
537
536
|
* service-linked roles required in the member accounts of the Amazon Web Services organization.</p>
|
|
537
|
+
* @public
|
|
538
538
|
*/
|
|
539
539
|
export interface StatusReason {
|
|
540
540
|
/**
|
|
541
|
-
* @public
|
|
542
541
|
* <p>The reason code for the current status of the analyzer.</p>
|
|
542
|
+
* @public
|
|
543
543
|
*/
|
|
544
544
|
code: ReasonCode | undefined;
|
|
545
545
|
}
|
|
546
546
|
/**
|
|
547
|
-
* @public
|
|
548
547
|
* <p>Contains information about the analyzer.</p>
|
|
548
|
+
* @public
|
|
549
549
|
*/
|
|
550
550
|
export interface AnalyzerSummary {
|
|
551
551
|
/**
|
|
552
|
-
* @public
|
|
553
552
|
* <p>The ARN of the analyzer.</p>
|
|
553
|
+
* @public
|
|
554
554
|
*/
|
|
555
555
|
arn: string | undefined;
|
|
556
556
|
/**
|
|
557
|
-
* @public
|
|
558
557
|
* <p>The name of the analyzer.</p>
|
|
558
|
+
* @public
|
|
559
559
|
*/
|
|
560
560
|
name: string | undefined;
|
|
561
561
|
/**
|
|
562
|
-
* @public
|
|
563
562
|
* <p>The type of analyzer, which corresponds to the zone of trust chosen for the
|
|
564
563
|
* analyzer.</p>
|
|
564
|
+
* @public
|
|
565
565
|
*/
|
|
566
566
|
type: Type | undefined;
|
|
567
567
|
/**
|
|
568
|
-
* @public
|
|
569
568
|
* <p>A timestamp for the time at which the analyzer was created.</p>
|
|
569
|
+
* @public
|
|
570
570
|
*/
|
|
571
571
|
createdAt: Date | undefined;
|
|
572
572
|
/**
|
|
573
|
-
* @public
|
|
574
573
|
* <p>The resource that was most recently analyzed by the analyzer.</p>
|
|
574
|
+
* @public
|
|
575
575
|
*/
|
|
576
576
|
lastResourceAnalyzed?: string;
|
|
577
577
|
/**
|
|
578
|
-
* @public
|
|
579
578
|
* <p>The time at which the most recently analyzed resource was analyzed.</p>
|
|
579
|
+
* @public
|
|
580
580
|
*/
|
|
581
581
|
lastResourceAnalyzedAt?: Date;
|
|
582
582
|
/**
|
|
583
|
-
* @public
|
|
584
583
|
* <p>The tags added to the analyzer.</p>
|
|
584
|
+
* @public
|
|
585
585
|
*/
|
|
586
586
|
tags?: Record<string, string>;
|
|
587
587
|
/**
|
|
588
|
-
* @public
|
|
589
588
|
* <p>The status of the analyzer. An <code>Active</code> analyzer successfully monitors
|
|
590
589
|
* supported resources and generates new findings. The analyzer is <code>Disabled</code> when
|
|
591
590
|
* a user action, such as removing trusted access for Identity and Access Management Access Analyzer from Organizations, causes
|
|
592
591
|
* the analyzer to stop generating new findings. The status is <code>Creating</code> when the
|
|
593
592
|
* analyzer creation is in progress and <code>Failed</code> when the analyzer creation has
|
|
594
593
|
* failed. </p>
|
|
594
|
+
* @public
|
|
595
595
|
*/
|
|
596
596
|
status: AnalyzerStatus | undefined;
|
|
597
597
|
/**
|
|
598
|
-
* @public
|
|
599
598
|
* <p>The <code>statusReason</code> provides more details about the current status of the
|
|
600
599
|
* analyzer. For example, if the creation for the analyzer fails, a <code>Failed</code> status
|
|
601
600
|
* is returned. For an analyzer with organization as the type, this failure can be due to an
|
|
602
601
|
* issue with creating the service-linked roles required in the member accounts of the Amazon Web Services
|
|
603
602
|
* organization.</p>
|
|
603
|
+
* @public
|
|
604
604
|
*/
|
|
605
605
|
statusReason?: StatusReason;
|
|
606
606
|
/**
|
|
607
|
-
* @public
|
|
608
607
|
* <p>Specifies whether the analyzer is an external access or unused access analyzer.</p>
|
|
608
|
+
* @public
|
|
609
609
|
*/
|
|
610
610
|
configuration?: AnalyzerConfiguration;
|
|
611
611
|
}
|
|
612
612
|
/**
|
|
613
|
-
* @public
|
|
614
613
|
* <p>The response to the request.</p>
|
|
614
|
+
* @public
|
|
615
615
|
*/
|
|
616
616
|
export interface GetAnalyzerResponse {
|
|
617
617
|
/**
|
|
618
|
-
* @public
|
|
619
618
|
* <p>An <code>AnalyzerSummary</code> object that contains information about the
|
|
620
619
|
* analyzer.</p>
|
|
620
|
+
* @public
|
|
621
621
|
*/
|
|
622
622
|
analyzer: AnalyzerSummary | undefined;
|
|
623
623
|
}
|
|
624
624
|
/**
|
|
625
|
-
* @public
|
|
626
625
|
* <p>Retrieves a list of analyzers.</p>
|
|
626
|
+
* @public
|
|
627
627
|
*/
|
|
628
628
|
export interface ListAnalyzersRequest {
|
|
629
629
|
/**
|
|
630
|
-
* @public
|
|
631
630
|
* <p>A token used for pagination of results returned.</p>
|
|
631
|
+
* @public
|
|
632
632
|
*/
|
|
633
633
|
nextToken?: string;
|
|
634
634
|
/**
|
|
635
|
-
* @public
|
|
636
635
|
* <p>The maximum number of results to return in the response.</p>
|
|
636
|
+
* @public
|
|
637
637
|
*/
|
|
638
638
|
maxResults?: number;
|
|
639
639
|
/**
|
|
640
|
-
* @public
|
|
641
640
|
* <p>The type of analyzer.</p>
|
|
641
|
+
* @public
|
|
642
642
|
*/
|
|
643
643
|
type?: Type;
|
|
644
644
|
}
|
|
645
645
|
/**
|
|
646
|
-
* @public
|
|
647
646
|
* <p>The response to the request.</p>
|
|
647
|
+
* @public
|
|
648
648
|
*/
|
|
649
649
|
export interface ListAnalyzersResponse {
|
|
650
650
|
/**
|
|
651
|
-
* @public
|
|
652
651
|
* <p>The analyzers retrieved.</p>
|
|
652
|
+
* @public
|
|
653
653
|
*/
|
|
654
654
|
analyzers: AnalyzerSummary[] | undefined;
|
|
655
655
|
/**
|
|
656
|
-
* @public
|
|
657
656
|
* <p>A token used for pagination of results returned.</p>
|
|
657
|
+
* @public
|
|
658
658
|
*/
|
|
659
659
|
nextToken?: string;
|
|
660
660
|
}
|
|
661
661
|
/**
|
|
662
|
-
* @public
|
|
663
662
|
* <p>Retroactively applies an archive rule.</p>
|
|
663
|
+
* @public
|
|
664
664
|
*/
|
|
665
665
|
export interface ApplyArchiveRuleRequest {
|
|
666
666
|
/**
|
|
667
|
-
* @public
|
|
668
667
|
* <p>The Amazon resource name (ARN) of the analyzer.</p>
|
|
668
|
+
* @public
|
|
669
669
|
*/
|
|
670
670
|
analyzerArn: string | undefined;
|
|
671
671
|
/**
|
|
672
|
-
* @public
|
|
673
672
|
* <p>The name of the rule to apply.</p>
|
|
673
|
+
* @public
|
|
674
674
|
*/
|
|
675
675
|
ruleName: string | undefined;
|
|
676
676
|
/**
|
|
677
|
-
* @public
|
|
678
677
|
* <p>A client token.</p>
|
|
678
|
+
* @public
|
|
679
679
|
*/
|
|
680
680
|
clientToken?: string;
|
|
681
681
|
}
|
|
@@ -684,11 +684,11 @@ export interface ApplyArchiveRuleRequest {
|
|
|
684
684
|
*/
|
|
685
685
|
export interface CancelPolicyGenerationRequest {
|
|
686
686
|
/**
|
|
687
|
-
* @public
|
|
688
687
|
* <p>The <code>JobId</code> that is returned by the <code>StartPolicyGeneration</code>
|
|
689
688
|
* operation. The <code>JobId</code> can be used with <code>GetGeneratedPolicy</code> to
|
|
690
689
|
* retrieve the generated policies or used with <code>CancelPolicyGeneration</code> to cancel
|
|
691
690
|
* the policy generation request.</p>
|
|
691
|
+
* @public
|
|
692
692
|
*/
|
|
693
693
|
jobId: string | undefined;
|
|
694
694
|
}
|
|
@@ -714,45 +714,45 @@ export type AccessCheckPolicyType = (typeof AccessCheckPolicyType)[keyof typeof
|
|
|
714
714
|
*/
|
|
715
715
|
export interface CheckAccessNotGrantedRequest {
|
|
716
716
|
/**
|
|
717
|
-
* @public
|
|
718
717
|
* <p>The JSON policy document to use as the content for the policy.</p>
|
|
718
|
+
* @public
|
|
719
719
|
*/
|
|
720
720
|
policyDocument: string | undefined;
|
|
721
721
|
/**
|
|
722
|
-
* @public
|
|
723
722
|
* <p>An access object containing the permissions that shouldn't be granted by the specified
|
|
724
723
|
* policy.</p>
|
|
724
|
+
* @public
|
|
725
725
|
*/
|
|
726
726
|
access: Access[] | undefined;
|
|
727
727
|
/**
|
|
728
|
-
* @public
|
|
729
728
|
* <p>The type of policy. Identity policies grant permissions to IAM principals. Identity
|
|
730
729
|
* policies include managed and inline policies for IAM roles, users, and groups.</p>
|
|
731
730
|
* <p>Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust
|
|
732
731
|
* policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic
|
|
733
732
|
* input such as identity policy or resource policy or a specific input such as managed policy
|
|
734
733
|
* or Amazon S3 bucket policy.</p>
|
|
734
|
+
* @public
|
|
735
735
|
*/
|
|
736
736
|
policyType: AccessCheckPolicyType | undefined;
|
|
737
737
|
}
|
|
738
738
|
/**
|
|
739
|
-
* @public
|
|
740
739
|
* <p>Contains information about the reasoning why a check for access passed or failed.</p>
|
|
740
|
+
* @public
|
|
741
741
|
*/
|
|
742
742
|
export interface ReasonSummary {
|
|
743
743
|
/**
|
|
744
|
-
* @public
|
|
745
744
|
* <p>A description of the reasoning of a result of checking for access.</p>
|
|
745
|
+
* @public
|
|
746
746
|
*/
|
|
747
747
|
description?: string;
|
|
748
748
|
/**
|
|
749
|
-
* @public
|
|
750
749
|
* <p>The index number of the reason statement.</p>
|
|
750
|
+
* @public
|
|
751
751
|
*/
|
|
752
752
|
statementIndex?: number;
|
|
753
753
|
/**
|
|
754
|
-
* @public
|
|
755
754
|
* <p>The identifier for the reason statement.</p>
|
|
755
|
+
* @public
|
|
756
756
|
*/
|
|
757
757
|
statementId?: string;
|
|
758
758
|
}
|
|
@@ -773,27 +773,27 @@ export type CheckAccessNotGrantedResult = (typeof CheckAccessNotGrantedResult)[k
|
|
|
773
773
|
*/
|
|
774
774
|
export interface CheckAccessNotGrantedResponse {
|
|
775
775
|
/**
|
|
776
|
-
* @public
|
|
777
776
|
* <p>The result of the check for whether the access is allowed. If the result is
|
|
778
777
|
* <code>PASS</code>, the specified policy doesn't allow any of the specified permissions
|
|
779
778
|
* in the access object. If the result is <code>FAIL</code>, the specified policy might allow
|
|
780
779
|
* some or all of the permissions in the access object.</p>
|
|
780
|
+
* @public
|
|
781
781
|
*/
|
|
782
782
|
result?: CheckAccessNotGrantedResult;
|
|
783
783
|
/**
|
|
784
|
-
* @public
|
|
785
784
|
* <p>The message indicating whether the specified access is allowed.</p>
|
|
785
|
+
* @public
|
|
786
786
|
*/
|
|
787
787
|
message?: string;
|
|
788
788
|
/**
|
|
789
|
-
* @public
|
|
790
789
|
* <p>A description of the reasoning of the result.</p>
|
|
790
|
+
* @public
|
|
791
791
|
*/
|
|
792
792
|
reasons?: ReasonSummary[];
|
|
793
793
|
}
|
|
794
794
|
/**
|
|
795
|
-
* @public
|
|
796
795
|
* <p>The specified parameter is invalid.</p>
|
|
796
|
+
* @public
|
|
797
797
|
*/
|
|
798
798
|
export declare class InvalidParameterException extends __BaseException {
|
|
799
799
|
readonly name: "InvalidParameterException";
|
|
@@ -804,8 +804,8 @@ export declare class InvalidParameterException extends __BaseException {
|
|
|
804
804
|
constructor(opts: __ExceptionOptionType<InvalidParameterException, __BaseException>);
|
|
805
805
|
}
|
|
806
806
|
/**
|
|
807
|
-
* @public
|
|
808
807
|
* <p>The specified entity could not be processed.</p>
|
|
808
|
+
* @public
|
|
809
809
|
*/
|
|
810
810
|
export declare class UnprocessableEntityException extends __BaseException {
|
|
811
811
|
readonly name: "UnprocessableEntityException";
|
|
@@ -821,17 +821,16 @@ export declare class UnprocessableEntityException extends __BaseException {
|
|
|
821
821
|
*/
|
|
822
822
|
export interface CheckNoNewAccessRequest {
|
|
823
823
|
/**
|
|
824
|
-
* @public
|
|
825
824
|
* <p>The JSON policy document to use as the content for the updated policy.</p>
|
|
825
|
+
* @public
|
|
826
826
|
*/
|
|
827
827
|
newPolicyDocument: string | undefined;
|
|
828
828
|
/**
|
|
829
|
-
* @public
|
|
830
829
|
* <p>The JSON policy document to use as the content for the existing policy.</p>
|
|
830
|
+
* @public
|
|
831
831
|
*/
|
|
832
832
|
existingPolicyDocument: string | undefined;
|
|
833
833
|
/**
|
|
834
|
-
* @public
|
|
835
834
|
* <p>The type of policy to compare. Identity policies grant permissions to IAM principals.
|
|
836
835
|
* Identity policies include managed and inline policies for IAM roles, users, and
|
|
837
836
|
* groups.</p>
|
|
@@ -839,6 +838,7 @@ export interface CheckNoNewAccessRequest {
|
|
|
839
838
|
* policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic
|
|
840
839
|
* input such as identity policy or resource policy or a specific input such as managed policy
|
|
841
840
|
* or Amazon S3 bucket policy.</p>
|
|
841
|
+
* @public
|
|
842
842
|
*/
|
|
843
843
|
policyType: AccessCheckPolicyType | undefined;
|
|
844
844
|
}
|
|
@@ -859,33 +859,88 @@ export type CheckNoNewAccessResult = (typeof CheckNoNewAccessResult)[keyof typeo
|
|
|
859
859
|
*/
|
|
860
860
|
export interface CheckNoNewAccessResponse {
|
|
861
861
|
/**
|
|
862
|
-
* @public
|
|
863
862
|
* <p>The result of the check for new access. If the result is <code>PASS</code>, no new
|
|
864
863
|
* access is allowed by the updated policy. If the result is <code>FAIL</code>, the updated
|
|
865
864
|
* policy might allow new access.</p>
|
|
865
|
+
* @public
|
|
866
866
|
*/
|
|
867
867
|
result?: CheckNoNewAccessResult;
|
|
868
868
|
/**
|
|
869
|
-
* @public
|
|
870
869
|
* <p>The message indicating whether the updated policy allows new access.</p>
|
|
870
|
+
* @public
|
|
871
871
|
*/
|
|
872
872
|
message?: string;
|
|
873
873
|
/**
|
|
874
|
-
* @public
|
|
875
874
|
* <p>A description of the reasoning of the result.</p>
|
|
875
|
+
* @public
|
|
876
876
|
*/
|
|
877
877
|
reasons?: ReasonSummary[];
|
|
878
878
|
}
|
|
879
879
|
/**
|
|
880
|
+
* <p>The proposed access control configuration for a DynamoDB stream. You can propose a
|
|
881
|
+
* configuration for a new DynamoDB stream or an existing DynamoDB stream that you own by specifying
|
|
882
|
+
* the policy for the DynamoDB stream. For more information, see <a href="https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_PutResourcePolicy.html">PutResourcePolicy</a>.</p>
|
|
883
|
+
* <ul>
|
|
884
|
+
* <li>
|
|
885
|
+
* <p>If the configuration is for an existing DynamoDB stream and you do not specify the
|
|
886
|
+
* DynamoDB policy, then the access preview uses the existing DynamoDB policy for the
|
|
887
|
+
* stream.</p>
|
|
888
|
+
* </li>
|
|
889
|
+
* <li>
|
|
890
|
+
* <p>If the access preview is for a new resource and you do not specify the policy,
|
|
891
|
+
* then the access preview assumes a DynamoDB stream without a policy.</p>
|
|
892
|
+
* </li>
|
|
893
|
+
* <li>
|
|
894
|
+
* <p>To propose deletion of an existing DynamoDB stream policy, you can specify an empty
|
|
895
|
+
* string for the DynamoDB policy.</p>
|
|
896
|
+
* </li>
|
|
897
|
+
* </ul>
|
|
898
|
+
* @public
|
|
899
|
+
*/
|
|
900
|
+
export interface DynamodbStreamConfiguration {
|
|
901
|
+
/**
|
|
902
|
+
* <p>The proposed resource policy defining who can access or manage the DynamoDB stream.</p>
|
|
903
|
+
* @public
|
|
904
|
+
*/
|
|
905
|
+
streamPolicy?: string;
|
|
906
|
+
}
|
|
907
|
+
/**
|
|
908
|
+
* <p>The proposed access control configuration for a DynamoDB table or index. You can propose a
|
|
909
|
+
* configuration for a new DynamoDB table or index or an existing DynamoDB table or index that you
|
|
910
|
+
* own by specifying the policy for the DynamoDB table or index. For more information, see <a href="https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_PutResourcePolicy.html">PutResourcePolicy</a>.</p>
|
|
911
|
+
* <ul>
|
|
912
|
+
* <li>
|
|
913
|
+
* <p>If the configuration is for an existing DynamoDB table or index and you do not
|
|
914
|
+
* specify the DynamoDB policy, then the access preview uses the existing DynamoDB policy for
|
|
915
|
+
* the table or index.</p>
|
|
916
|
+
* </li>
|
|
917
|
+
* <li>
|
|
918
|
+
* <p>If the access preview is for a new resource and you do not specify the policy,
|
|
919
|
+
* then the access preview assumes a DynamoDB table without a policy.</p>
|
|
920
|
+
* </li>
|
|
921
|
+
* <li>
|
|
922
|
+
* <p>To propose deletion of an existing DynamoDB table or index policy, you can specify an
|
|
923
|
+
* empty string for the DynamoDB policy.</p>
|
|
924
|
+
* </li>
|
|
925
|
+
* </ul>
|
|
880
926
|
* @public
|
|
927
|
+
*/
|
|
928
|
+
export interface DynamodbTableConfiguration {
|
|
929
|
+
/**
|
|
930
|
+
* <p>The proposed resource policy defining who can access or manage the DynamoDB table.</p>
|
|
931
|
+
* @public
|
|
932
|
+
*/
|
|
933
|
+
tablePolicy?: string;
|
|
934
|
+
}
|
|
935
|
+
/**
|
|
881
936
|
* <p>The proposed access control configuration for an Amazon EBS volume snapshot. You can propose
|
|
882
937
|
* a configuration for a new Amazon EBS volume snapshot or an Amazon EBS volume snapshot that you own by
|
|
883
938
|
* specifying the user IDs, groups, and optional KMS encryption key. For more information,
|
|
884
939
|
* see <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html">ModifySnapshotAttribute</a>.</p>
|
|
940
|
+
* @public
|
|
885
941
|
*/
|
|
886
942
|
export interface EbsSnapshotConfiguration {
|
|
887
943
|
/**
|
|
888
|
-
* @public
|
|
889
944
|
* <p>The IDs of the Amazon Web Services accounts that have access to the Amazon EBS volume snapshot.</p>
|
|
890
945
|
* <ul>
|
|
891
946
|
* <li>
|
|
@@ -903,10 +958,10 @@ export interface EbsSnapshotConfiguration {
|
|
|
903
958
|
* empty list for <code>userIds</code>.</p>
|
|
904
959
|
* </li>
|
|
905
960
|
* </ul>
|
|
961
|
+
* @public
|
|
906
962
|
*/
|
|
907
963
|
userIds?: string[];
|
|
908
964
|
/**
|
|
909
|
-
* @public
|
|
910
965
|
* <p>The groups that have access to the Amazon EBS volume snapshot. If the value <code>all</code>
|
|
911
966
|
* is specified, then the Amazon EBS volume snapshot is public.</p>
|
|
912
967
|
* <ul>
|
|
@@ -925,10 +980,10 @@ export interface EbsSnapshotConfiguration {
|
|
|
925
980
|
* empty list for <code>groups</code>.</p>
|
|
926
981
|
* </li>
|
|
927
982
|
* </ul>
|
|
983
|
+
* @public
|
|
928
984
|
*/
|
|
929
985
|
groups?: string[];
|
|
930
986
|
/**
|
|
931
|
-
* @public
|
|
932
987
|
* <p>The KMS key identifier for an encrypted Amazon EBS volume snapshot. The KMS key
|
|
933
988
|
* identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.</p>
|
|
934
989
|
* <ul>
|
|
@@ -943,11 +998,11 @@ export interface EbsSnapshotConfiguration {
|
|
|
943
998
|
* unencrypted.</p>
|
|
944
999
|
* </li>
|
|
945
1000
|
* </ul>
|
|
1001
|
+
* @public
|
|
946
1002
|
*/
|
|
947
1003
|
kmsKeyId?: string;
|
|
948
1004
|
}
|
|
949
1005
|
/**
|
|
950
|
-
* @public
|
|
951
1006
|
* <p>The proposed access control configuration for an Amazon ECR repository. You can propose a
|
|
952
1007
|
* configuration for a new Amazon ECR repository or an existing Amazon ECR repository that you own by
|
|
953
1008
|
* specifying the Amazon ECR policy. For more information, see <a href="https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html">Repository</a>.</p>
|
|
@@ -966,18 +1021,18 @@ export interface EbsSnapshotConfiguration {
|
|
|
966
1021
|
* empty string for the Amazon ECR policy.</p>
|
|
967
1022
|
* </li>
|
|
968
1023
|
* </ul>
|
|
1024
|
+
* @public
|
|
969
1025
|
*/
|
|
970
1026
|
export interface EcrRepositoryConfiguration {
|
|
971
1027
|
/**
|
|
972
|
-
* @public
|
|
973
1028
|
* <p>The JSON repository policy text to apply to the Amazon ECR repository. For more information,
|
|
974
1029
|
* see <a href="https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html">Private repository
|
|
975
1030
|
* policy examples</a> in the <i>Amazon ECR User Guide</i>.</p>
|
|
1031
|
+
* @public
|
|
976
1032
|
*/
|
|
977
1033
|
repositoryPolicy?: string;
|
|
978
1034
|
}
|
|
979
1035
|
/**
|
|
980
|
-
* @public
|
|
981
1036
|
* <p>The proposed access control configuration for an Amazon EFS file system. You can propose a
|
|
982
1037
|
* configuration for a new Amazon EFS file system or an existing Amazon EFS file system that you own by
|
|
983
1038
|
* specifying the Amazon EFS policy. For more information, see <a href="https://docs.aws.amazon.com/efs/latest/ug/using-fs.html">Using file systems in Amazon EFS</a>.</p>
|
|
@@ -996,17 +1051,17 @@ export interface EcrRepositoryConfiguration {
|
|
|
996
1051
|
* empty string for the Amazon EFS policy.</p>
|
|
997
1052
|
* </li>
|
|
998
1053
|
* </ul>
|
|
1054
|
+
* @public
|
|
999
1055
|
*/
|
|
1000
1056
|
export interface EfsFileSystemConfiguration {
|
|
1001
1057
|
/**
|
|
1002
|
-
* @public
|
|
1003
1058
|
* <p>The JSON policy definition to apply to the Amazon EFS file system. For more information on
|
|
1004
1059
|
* the elements that make up a file system policy, see <a href="https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies">Amazon EFS Resource-based policies</a>.</p>
|
|
1060
|
+
* @public
|
|
1005
1061
|
*/
|
|
1006
1062
|
fileSystemPolicy?: string;
|
|
1007
1063
|
}
|
|
1008
1064
|
/**
|
|
1009
|
-
* @public
|
|
1010
1065
|
* <p>The proposed access control configuration for an IAM role. You can propose a
|
|
1011
1066
|
* configuration for a new IAM role or an existing IAM role that you own by specifying the
|
|
1012
1067
|
* trust policy. If the configuration is for a new IAM role, you must specify the trust
|
|
@@ -1015,37 +1070,38 @@ export interface EfsFileSystemConfiguration {
|
|
|
1015
1070
|
* The proposed trust policy cannot be an empty string. For more information about role trust
|
|
1016
1071
|
* policy limits, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html">IAM and STS
|
|
1017
1072
|
* quotas</a>.</p>
|
|
1073
|
+
* @public
|
|
1018
1074
|
*/
|
|
1019
1075
|
export interface IamRoleConfiguration {
|
|
1020
1076
|
/**
|
|
1021
|
-
* @public
|
|
1022
1077
|
* <p>The proposed trust policy for the IAM role.</p>
|
|
1078
|
+
* @public
|
|
1023
1079
|
*/
|
|
1024
1080
|
trustPolicy?: string;
|
|
1025
1081
|
}
|
|
1026
1082
|
/**
|
|
1027
|
-
* @public
|
|
1028
1083
|
* <p>Use this structure to propose allowing <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
|
|
1029
1084
|
* operations</a> in the grant only when the operation request includes the specified
|
|
1030
1085
|
* <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">encryption
|
|
1031
1086
|
* context</a>. You can specify only one type of encryption context. An empty map is
|
|
1032
1087
|
* treated as not specified. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html">GrantConstraints</a>.</p>
|
|
1088
|
+
* @public
|
|
1033
1089
|
*/
|
|
1034
1090
|
export interface KmsGrantConstraints {
|
|
1035
1091
|
/**
|
|
1036
|
-
* @public
|
|
1037
1092
|
* <p>A list of key-value pairs that must match the encryption context in the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
|
|
1038
1093
|
* operation</a> request. The grant allows the operation only when the encryption
|
|
1039
1094
|
* context in the request is the same as the encryption context specified in this
|
|
1040
1095
|
* constraint.</p>
|
|
1096
|
+
* @public
|
|
1041
1097
|
*/
|
|
1042
1098
|
encryptionContextEquals?: Record<string, string>;
|
|
1043
1099
|
/**
|
|
1044
|
-
* @public
|
|
1045
1100
|
* <p>A list of key-value pairs that must be included in the encryption context of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
|
|
1046
1101
|
* operation</a> request. The grant allows the cryptographic operation only when the
|
|
1047
1102
|
* encryption context in the request includes the key-value pairs specified in this
|
|
1048
1103
|
* constraint, although it can include additional key-value pairs.</p>
|
|
1104
|
+
* @public
|
|
1049
1105
|
*/
|
|
1050
1106
|
encryptionContextSubset?: Record<string, string>;
|
|
1051
1107
|
}
|
|
@@ -1074,43 +1130,42 @@ export declare const KmsGrantOperation: {
|
|
|
1074
1130
|
*/
|
|
1075
1131
|
export type KmsGrantOperation = (typeof KmsGrantOperation)[keyof typeof KmsGrantOperation];
|
|
1076
1132
|
/**
|
|
1077
|
-
* @public
|
|
1078
1133
|
* <p>A proposed grant configuration for a KMS key. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html">CreateGrant</a>.</p>
|
|
1134
|
+
* @public
|
|
1079
1135
|
*/
|
|
1080
1136
|
export interface KmsGrantConfiguration {
|
|
1081
1137
|
/**
|
|
1082
|
-
* @public
|
|
1083
1138
|
* <p>A list of operations that the grant permits.</p>
|
|
1139
|
+
* @public
|
|
1084
1140
|
*/
|
|
1085
1141
|
operations: KmsGrantOperation[] | undefined;
|
|
1086
1142
|
/**
|
|
1087
|
-
* @public
|
|
1088
1143
|
* <p>The principal that is given permission to perform the operations that the grant
|
|
1089
1144
|
* permits.</p>
|
|
1145
|
+
* @public
|
|
1090
1146
|
*/
|
|
1091
1147
|
granteePrincipal: string | undefined;
|
|
1092
1148
|
/**
|
|
1093
|
-
* @public
|
|
1094
1149
|
* <p>The principal that is given permission to retire the grant by using <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html">RetireGrant</a> operation.</p>
|
|
1150
|
+
* @public
|
|
1095
1151
|
*/
|
|
1096
1152
|
retiringPrincipal?: string;
|
|
1097
1153
|
/**
|
|
1098
|
-
* @public
|
|
1099
1154
|
* <p>Use this structure to propose allowing <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
|
|
1100
1155
|
* operations</a> in the grant only when the operation request includes the specified
|
|
1101
1156
|
* <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">encryption
|
|
1102
1157
|
* context</a>.</p>
|
|
1158
|
+
* @public
|
|
1103
1159
|
*/
|
|
1104
1160
|
constraints?: KmsGrantConstraints;
|
|
1105
1161
|
/**
|
|
1106
|
-
* @public
|
|
1107
1162
|
* <p> The Amazon Web Services account under which the grant was issued. The account is used to propose
|
|
1108
1163
|
* KMS grants issued by accounts other than the owner of the key.</p>
|
|
1164
|
+
* @public
|
|
1109
1165
|
*/
|
|
1110
1166
|
issuingAccount: string | undefined;
|
|
1111
1167
|
}
|
|
1112
1168
|
/**
|
|
1113
|
-
* @public
|
|
1114
1169
|
* <p>Proposed access control configuration for a KMS key. You can propose a configuration
|
|
1115
1170
|
* for a new KMS key or an existing KMS key that you own by specifying the key policy and
|
|
1116
1171
|
* KMS grant configuration. If the configuration is for an existing key and you do not
|
|
@@ -1121,27 +1176,28 @@ export interface KmsGrantConfiguration {
|
|
|
1121
1176
|
* policy</a>. For more information about key policy limits, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html">Resource
|
|
1122
1177
|
* quotas</a>.</p>
|
|
1123
1178
|
* <p/>
|
|
1179
|
+
* @public
|
|
1124
1180
|
*/
|
|
1125
1181
|
export interface KmsKeyConfiguration {
|
|
1126
1182
|
/**
|
|
1127
|
-
* @public
|
|
1128
1183
|
* <p>Resource policy configuration for the KMS key. The only valid value for the name of
|
|
1129
1184
|
* the key policy is <code>default</code>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default">Default key
|
|
1130
1185
|
* policy</a>.</p>
|
|
1186
|
+
* @public
|
|
1131
1187
|
*/
|
|
1132
1188
|
keyPolicies?: Record<string, string>;
|
|
1133
1189
|
/**
|
|
1134
|
-
* @public
|
|
1135
1190
|
* <p>A list of proposed grant configurations for the KMS key. If the proposed grant
|
|
1136
1191
|
* configuration is for an existing key, the access preview uses the proposed list of grant
|
|
1137
1192
|
* configurations in place of the existing grants. Otherwise, the access preview uses the
|
|
1138
1193
|
* existing grants for the key.</p>
|
|
1194
|
+
* @public
|
|
1139
1195
|
*/
|
|
1140
1196
|
grants?: KmsGrantConfiguration[];
|
|
1141
1197
|
}
|
|
1142
1198
|
/**
|
|
1143
|
-
* @public
|
|
1144
1199
|
* <p>The values for a manual Amazon RDS DB cluster snapshot attribute.</p>
|
|
1200
|
+
* @public
|
|
1145
1201
|
*/
|
|
1146
1202
|
export type RdsDbClusterSnapshotAttributeValue = RdsDbClusterSnapshotAttributeValue.AccountIdsMember | RdsDbClusterSnapshotAttributeValue.$UnknownMember;
|
|
1147
1203
|
/**
|
|
@@ -1149,7 +1205,6 @@ export type RdsDbClusterSnapshotAttributeValue = RdsDbClusterSnapshotAttributeVa
|
|
|
1149
1205
|
*/
|
|
1150
1206
|
export declare namespace RdsDbClusterSnapshotAttributeValue {
|
|
1151
1207
|
/**
|
|
1152
|
-
* @public
|
|
1153
1208
|
* <p>The Amazon Web Services account IDs that have access to the manual Amazon RDS DB cluster snapshot. If the
|
|
1154
1209
|
* value <code>all</code> is specified, then the Amazon RDS DB cluster snapshot is public and can
|
|
1155
1210
|
* be copied or restored by all Amazon Web Services accounts.</p>
|
|
@@ -1171,6 +1226,7 @@ export declare namespace RdsDbClusterSnapshotAttributeValue {
|
|
|
1171
1226
|
* <code>RdsDbClusterSnapshotAttributeValue</code>.</p>
|
|
1172
1227
|
* </li>
|
|
1173
1228
|
* </ul>
|
|
1229
|
+
* @public
|
|
1174
1230
|
*/
|
|
1175
1231
|
interface AccountIdsMember {
|
|
1176
1232
|
accountIds: string[];
|
|
@@ -1190,24 +1246,23 @@ export declare namespace RdsDbClusterSnapshotAttributeValue {
|
|
|
1190
1246
|
const visit: <T>(value: RdsDbClusterSnapshotAttributeValue, visitor: Visitor<T>) => T;
|
|
1191
1247
|
}
|
|
1192
1248
|
/**
|
|
1193
|
-
* @public
|
|
1194
1249
|
* <p>The proposed access control configuration for an Amazon RDS DB cluster snapshot. You can
|
|
1195
1250
|
* propose a configuration for a new Amazon RDS DB cluster snapshot or an Amazon RDS DB cluster snapshot
|
|
1196
1251
|
* that you own by specifying the <code>RdsDbClusterSnapshotAttributeValue</code> and optional
|
|
1197
1252
|
* KMS encryption key. For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html">ModifyDBClusterSnapshotAttribute</a>.</p>
|
|
1253
|
+
* @public
|
|
1198
1254
|
*/
|
|
1199
1255
|
export interface RdsDbClusterSnapshotConfiguration {
|
|
1200
1256
|
/**
|
|
1201
|
-
* @public
|
|
1202
1257
|
* <p>The names and values of manual DB cluster snapshot attributes. Manual DB cluster
|
|
1203
1258
|
* snapshot attributes are used to authorize other Amazon Web Services accounts to restore a manual DB
|
|
1204
1259
|
* cluster snapshot. The only valid value for <code>AttributeName</code> for the attribute map
|
|
1205
1260
|
* is <code>restore</code>
|
|
1206
1261
|
* </p>
|
|
1262
|
+
* @public
|
|
1207
1263
|
*/
|
|
1208
1264
|
attributes?: Record<string, RdsDbClusterSnapshotAttributeValue>;
|
|
1209
1265
|
/**
|
|
1210
|
-
* @public
|
|
1211
1266
|
* <p>The KMS key identifier for an encrypted Amazon RDS DB cluster snapshot. The KMS key
|
|
1212
1267
|
* identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.</p>
|
|
1213
1268
|
* <ul>
|
|
@@ -1222,14 +1277,15 @@ export interface RdsDbClusterSnapshotConfiguration {
|
|
|
1222
1277
|
* unencrypted.</p>
|
|
1223
1278
|
* </li>
|
|
1224
1279
|
* </ul>
|
|
1280
|
+
* @public
|
|
1225
1281
|
*/
|
|
1226
1282
|
kmsKeyId?: string;
|
|
1227
1283
|
}
|
|
1228
1284
|
/**
|
|
1229
|
-
* @public
|
|
1230
1285
|
* <p>The name and values of a manual Amazon RDS DB snapshot attribute. Manual DB snapshot
|
|
1231
1286
|
* attributes are used to authorize other Amazon Web Services accounts to restore a manual DB
|
|
1232
1287
|
* snapshot.</p>
|
|
1288
|
+
* @public
|
|
1233
1289
|
*/
|
|
1234
1290
|
export type RdsDbSnapshotAttributeValue = RdsDbSnapshotAttributeValue.AccountIdsMember | RdsDbSnapshotAttributeValue.$UnknownMember;
|
|
1235
1291
|
/**
|
|
@@ -1237,7 +1293,6 @@ export type RdsDbSnapshotAttributeValue = RdsDbSnapshotAttributeValue.AccountIds
|
|
|
1237
1293
|
*/
|
|
1238
1294
|
export declare namespace RdsDbSnapshotAttributeValue {
|
|
1239
1295
|
/**
|
|
1240
|
-
* @public
|
|
1241
1296
|
* <p>The Amazon Web Services account IDs that have access to the manual Amazon RDS DB snapshot. If the value
|
|
1242
1297
|
* <code>all</code> is specified, then the Amazon RDS DB snapshot is public and can be copied or
|
|
1243
1298
|
* restored by all Amazon Web Services accounts.</p>
|
|
@@ -1259,6 +1314,7 @@ export declare namespace RdsDbSnapshotAttributeValue {
|
|
|
1259
1314
|
* <code>RdsDbSnapshotAttributeValue</code>.</p>
|
|
1260
1315
|
* </li>
|
|
1261
1316
|
* </ul>
|
|
1317
|
+
* @public
|
|
1262
1318
|
*/
|
|
1263
1319
|
interface AccountIdsMember {
|
|
1264
1320
|
accountIds: string[];
|
|
@@ -1278,22 +1334,21 @@ export declare namespace RdsDbSnapshotAttributeValue {
|
|
|
1278
1334
|
const visit: <T>(value: RdsDbSnapshotAttributeValue, visitor: Visitor<T>) => T;
|
|
1279
1335
|
}
|
|
1280
1336
|
/**
|
|
1281
|
-
* @public
|
|
1282
1337
|
* <p>The proposed access control configuration for an Amazon RDS DB snapshot. You can propose a
|
|
1283
1338
|
* configuration for a new Amazon RDS DB snapshot or an Amazon RDS DB snapshot that you own by
|
|
1284
1339
|
* specifying the <code>RdsDbSnapshotAttributeValue</code> and optional KMS encryption key.
|
|
1285
1340
|
* For more information, see <a href="https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html">ModifyDBSnapshotAttribute</a>.</p>
|
|
1341
|
+
* @public
|
|
1286
1342
|
*/
|
|
1287
1343
|
export interface RdsDbSnapshotConfiguration {
|
|
1288
1344
|
/**
|
|
1289
|
-
* @public
|
|
1290
1345
|
* <p>The names and values of manual DB snapshot attributes. Manual DB snapshot attributes are
|
|
1291
1346
|
* used to authorize other Amazon Web Services accounts to restore a manual DB snapshot. The only valid
|
|
1292
1347
|
* value for <code>attributeName</code> for the attribute map is restore.</p>
|
|
1348
|
+
* @public
|
|
1293
1349
|
*/
|
|
1294
1350
|
attributes?: Record<string, RdsDbSnapshotAttributeValue>;
|
|
1295
1351
|
/**
|
|
1296
|
-
* @public
|
|
1297
1352
|
* <p>The KMS key identifier for an encrypted Amazon RDS DB snapshot. The KMS key identifier is
|
|
1298
1353
|
* the key ARN, key ID, alias ARN, or alias name for the KMS key.</p>
|
|
1299
1354
|
* <ul>
|
|
@@ -1308,32 +1363,32 @@ export interface RdsDbSnapshotConfiguration {
|
|
|
1308
1363
|
* unencrypted.</p>
|
|
1309
1364
|
* </li>
|
|
1310
1365
|
* </ul>
|
|
1366
|
+
* @public
|
|
1311
1367
|
*/
|
|
1312
1368
|
kmsKeyId?: string;
|
|
1313
1369
|
}
|
|
1314
1370
|
/**
|
|
1315
|
-
* @public
|
|
1316
1371
|
* <p>This configuration sets the network origin for the Amazon S3 access point or multi-region
|
|
1317
1372
|
* access point to <code>Internet</code>.</p>
|
|
1373
|
+
* @public
|
|
1318
1374
|
*/
|
|
1319
1375
|
export interface InternetConfiguration {
|
|
1320
1376
|
}
|
|
1321
1377
|
/**
|
|
1322
|
-
* @public
|
|
1323
1378
|
* <p>The proposed virtual private cloud (VPC) configuration for the Amazon S3 access point. VPC
|
|
1324
1379
|
* configuration does not apply to multi-region access points. For more information, see
|
|
1325
1380
|
* <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html">VpcConfiguration</a>. </p>
|
|
1381
|
+
* @public
|
|
1326
1382
|
*/
|
|
1327
1383
|
export interface VpcConfiguration {
|
|
1328
1384
|
/**
|
|
1329
|
-
* @public
|
|
1330
1385
|
* <p> If this field is specified, this access point will only allow connections from the
|
|
1331
1386
|
* specified VPC ID. </p>
|
|
1387
|
+
* @public
|
|
1332
1388
|
*/
|
|
1333
1389
|
vpcId: string | undefined;
|
|
1334
1390
|
}
|
|
1335
1391
|
/**
|
|
1336
|
-
* @public
|
|
1337
1392
|
* <p>The proposed <code>InternetConfiguration</code> or <code>VpcConfiguration</code> to
|
|
1338
1393
|
* apply to the Amazon S3 access point. <code>VpcConfiguration</code> does not apply to
|
|
1339
1394
|
* multi-region access points. You can make the access point accessible from the internet, or
|
|
@@ -1341,6 +1396,7 @@ export interface VpcConfiguration {
|
|
|
1341
1396
|
* specific virtual private cloud (VPC). You can specify only one type of network
|
|
1342
1397
|
* configuration. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html">Creating access
|
|
1343
1398
|
* points</a>.</p>
|
|
1399
|
+
* @public
|
|
1344
1400
|
*/
|
|
1345
1401
|
export type NetworkOriginConfiguration = NetworkOriginConfiguration.InternetConfigurationMember | NetworkOriginConfiguration.VpcConfigurationMember | NetworkOriginConfiguration.$UnknownMember;
|
|
1346
1402
|
/**
|
|
@@ -1348,10 +1404,10 @@ export type NetworkOriginConfiguration = NetworkOriginConfiguration.InternetConf
|
|
|
1348
1404
|
*/
|
|
1349
1405
|
export declare namespace NetworkOriginConfiguration {
|
|
1350
1406
|
/**
|
|
1351
|
-
* @public
|
|
1352
1407
|
* <p>The proposed virtual private cloud (VPC) configuration for the Amazon S3 access point. VPC
|
|
1353
1408
|
* configuration does not apply to multi-region access points. For more information, see
|
|
1354
1409
|
* <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html">VpcConfiguration</a>. </p>
|
|
1410
|
+
* @public
|
|
1355
1411
|
*/
|
|
1356
1412
|
interface VpcConfigurationMember {
|
|
1357
1413
|
vpcConfiguration: VpcConfiguration;
|
|
@@ -1359,9 +1415,9 @@ export declare namespace NetworkOriginConfiguration {
|
|
|
1359
1415
|
$unknown?: never;
|
|
1360
1416
|
}
|
|
1361
1417
|
/**
|
|
1362
|
-
* @public
|
|
1363
1418
|
* <p>The configuration for the Amazon S3 access point or multi-region access point with an
|
|
1364
1419
|
* <code>Internet</code> origin.</p>
|
|
1420
|
+
* @public
|
|
1365
1421
|
*/
|
|
1366
1422
|
interface InternetConfigurationMember {
|
|
1367
1423
|
vpcConfiguration?: never;
|
|
@@ -1384,7 +1440,6 @@ export declare namespace NetworkOriginConfiguration {
|
|
|
1384
1440
|
const visit: <T>(value: NetworkOriginConfiguration, visitor: Visitor<T>) => T;
|
|
1385
1441
|
}
|
|
1386
1442
|
/**
|
|
1387
|
-
* @public
|
|
1388
1443
|
* <p>The <code>PublicAccessBlock</code> configuration to apply to this Amazon S3 bucket. If the
|
|
1389
1444
|
* proposed configuration is for an existing Amazon S3 bucket and the configuration is not
|
|
1390
1445
|
* specified, the access preview uses the existing setting. If the proposed configuration is
|
|
@@ -1392,22 +1447,22 @@ export declare namespace NetworkOriginConfiguration {
|
|
|
1392
1447
|
* <code>false</code>. If the proposed configuration is for a new access point or
|
|
1393
1448
|
* multi-region access point and the access point BPA configuration is not specified, the
|
|
1394
1449
|
* access preview uses <code>true</code>. For more information, see <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html">PublicAccessBlockConfiguration</a>. </p>
|
|
1450
|
+
* @public
|
|
1395
1451
|
*/
|
|
1396
1452
|
export interface S3PublicAccessBlockConfiguration {
|
|
1397
1453
|
/**
|
|
1398
|
-
* @public
|
|
1399
1454
|
* <p> Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this
|
|
1400
1455
|
* bucket. </p>
|
|
1456
|
+
* @public
|
|
1401
1457
|
*/
|
|
1402
1458
|
ignorePublicAcls: boolean | undefined;
|
|
1403
1459
|
/**
|
|
1404
|
-
* @public
|
|
1405
1460
|
* <p> Specifies whether Amazon S3 should restrict public bucket policies for this bucket. </p>
|
|
1461
|
+
* @public
|
|
1406
1462
|
*/
|
|
1407
1463
|
restrictPublicBuckets: boolean | undefined;
|
|
1408
1464
|
}
|
|
1409
1465
|
/**
|
|
1410
|
-
* @public
|
|
1411
1466
|
* <p>The configuration for an Amazon S3 access point or multi-region access point for the bucket.
|
|
1412
1467
|
* You can propose up to 10 access points or multi-region access points per bucket. If the
|
|
1413
1468
|
* proposed Amazon S3 access point configuration is for an existing bucket, the access preview uses
|
|
@@ -1416,34 +1471,35 @@ export interface S3PublicAccessBlockConfiguration {
|
|
|
1416
1471
|
* policy. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html">Creating access points</a>.
|
|
1417
1472
|
* For more information about access point policy limits, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html">Access points
|
|
1418
1473
|
* restrictions and limitations</a>.</p>
|
|
1474
|
+
* @public
|
|
1419
1475
|
*/
|
|
1420
1476
|
export interface S3AccessPointConfiguration {
|
|
1421
1477
|
/**
|
|
1422
|
-
* @public
|
|
1423
1478
|
* <p>The access point or multi-region access point policy.</p>
|
|
1479
|
+
* @public
|
|
1424
1480
|
*/
|
|
1425
1481
|
accessPointPolicy?: string;
|
|
1426
1482
|
/**
|
|
1427
|
-
* @public
|
|
1428
1483
|
* <p>The proposed <code>S3PublicAccessBlock</code> configuration to apply to this Amazon S3 access
|
|
1429
1484
|
* point or multi-region access point.</p>
|
|
1485
|
+
* @public
|
|
1430
1486
|
*/
|
|
1431
1487
|
publicAccessBlock?: S3PublicAccessBlockConfiguration;
|
|
1432
1488
|
/**
|
|
1433
|
-
* @public
|
|
1434
1489
|
* <p>The proposed <code>Internet</code> and <code>VpcConfiguration</code> to apply to this
|
|
1435
1490
|
* Amazon S3 access point. <code>VpcConfiguration</code> does not apply to multi-region access
|
|
1436
1491
|
* points. If the access preview is for a new resource and neither is specified, the access
|
|
1437
1492
|
* preview uses <code>Internet</code> for the network origin. If the access preview is for an
|
|
1438
1493
|
* existing resource and neither is specified, the access preview uses the exiting network
|
|
1439
1494
|
* origin.</p>
|
|
1495
|
+
* @public
|
|
1440
1496
|
*/
|
|
1441
1497
|
networkOrigin?: NetworkOriginConfiguration;
|
|
1442
1498
|
}
|
|
1443
1499
|
/**
|
|
1444
|
-
* @public
|
|
1445
1500
|
* <p>You specify each grantee as a type-value pair using one of these types. You can specify
|
|
1446
1501
|
* only one type of grantee. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html">PutBucketAcl</a>.</p>
|
|
1502
|
+
* @public
|
|
1447
1503
|
*/
|
|
1448
1504
|
export type AclGrantee = AclGrantee.IdMember | AclGrantee.UriMember | AclGrantee.$UnknownMember;
|
|
1449
1505
|
/**
|
|
@@ -1451,8 +1507,8 @@ export type AclGrantee = AclGrantee.IdMember | AclGrantee.UriMember | AclGrantee
|
|
|
1451
1507
|
*/
|
|
1452
1508
|
export declare namespace AclGrantee {
|
|
1453
1509
|
/**
|
|
1454
|
-
* @public
|
|
1455
1510
|
* <p>The value specified is the canonical user ID of an Amazon Web Services account.</p>
|
|
1511
|
+
* @public
|
|
1456
1512
|
*/
|
|
1457
1513
|
interface IdMember {
|
|
1458
1514
|
id: string;
|
|
@@ -1460,8 +1516,8 @@ export declare namespace AclGrantee {
|
|
|
1460
1516
|
$unknown?: never;
|
|
1461
1517
|
}
|
|
1462
1518
|
/**
|
|
1463
|
-
* @public
|
|
1464
1519
|
* <p>Used for granting permissions to a predefined group.</p>
|
|
1520
|
+
* @public
|
|
1465
1521
|
*/
|
|
1466
1522
|
interface UriMember {
|
|
1467
1523
|
id?: never;
|
|
@@ -1499,25 +1555,24 @@ export declare const AclPermission: {
|
|
|
1499
1555
|
*/
|
|
1500
1556
|
export type AclPermission = (typeof AclPermission)[keyof typeof AclPermission];
|
|
1501
1557
|
/**
|
|
1502
|
-
* @public
|
|
1503
1558
|
* <p>A proposed access control list grant configuration for an Amazon S3 bucket. For more
|
|
1504
1559
|
* information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#setting-acls">How to Specify an
|
|
1505
1560
|
* ACL</a>.</p>
|
|
1561
|
+
* @public
|
|
1506
1562
|
*/
|
|
1507
1563
|
export interface S3BucketAclGrantConfiguration {
|
|
1508
1564
|
/**
|
|
1509
|
-
* @public
|
|
1510
1565
|
* <p>The permissions being granted.</p>
|
|
1566
|
+
* @public
|
|
1511
1567
|
*/
|
|
1512
1568
|
permission: AclPermission | undefined;
|
|
1513
1569
|
/**
|
|
1514
|
-
* @public
|
|
1515
1570
|
* <p>The grantee to whom you’re assigning access rights.</p>
|
|
1571
|
+
* @public
|
|
1516
1572
|
*/
|
|
1517
1573
|
grantee: AclGrantee | undefined;
|
|
1518
1574
|
}
|
|
1519
1575
|
/**
|
|
1520
|
-
* @public
|
|
1521
1576
|
* <p>Proposed access control configuration for an Amazon S3 bucket. You can propose a
|
|
1522
1577
|
* configuration for a new Amazon S3 bucket or an existing Amazon S3 bucket that you own by specifying
|
|
1523
1578
|
* the Amazon S3 bucket policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and
|
|
@@ -1528,35 +1583,35 @@ export interface S3BucketAclGrantConfiguration {
|
|
|
1528
1583
|
* policy. To propose deletion of an existing bucket policy, you can specify an empty string.
|
|
1529
1584
|
* For more information about bucket policy limits, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html">Bucket Policy
|
|
1530
1585
|
* Examples</a>.</p>
|
|
1586
|
+
* @public
|
|
1531
1587
|
*/
|
|
1532
1588
|
export interface S3BucketConfiguration {
|
|
1533
1589
|
/**
|
|
1534
|
-
* @public
|
|
1535
1590
|
* <p>The proposed bucket policy for the Amazon S3 bucket.</p>
|
|
1591
|
+
* @public
|
|
1536
1592
|
*/
|
|
1537
1593
|
bucketPolicy?: string;
|
|
1538
1594
|
/**
|
|
1539
|
-
* @public
|
|
1540
1595
|
* <p>The proposed list of ACL grants for the Amazon S3 bucket. You can propose up to 100 ACL
|
|
1541
1596
|
* grants per bucket. If the proposed grant configuration is for an existing bucket, the
|
|
1542
1597
|
* access preview uses the proposed list of grant configurations in place of the existing
|
|
1543
1598
|
* grants. Otherwise, the access preview uses the existing grants for the bucket.</p>
|
|
1599
|
+
* @public
|
|
1544
1600
|
*/
|
|
1545
1601
|
bucketAclGrants?: S3BucketAclGrantConfiguration[];
|
|
1546
1602
|
/**
|
|
1547
|
-
* @public
|
|
1548
1603
|
* <p>The proposed block public access configuration for the Amazon S3 bucket.</p>
|
|
1604
|
+
* @public
|
|
1549
1605
|
*/
|
|
1550
1606
|
bucketPublicAccessBlock?: S3PublicAccessBlockConfiguration;
|
|
1551
1607
|
/**
|
|
1552
|
-
* @public
|
|
1553
1608
|
* <p>The configuration of Amazon S3 access points or multi-region access points for the bucket.
|
|
1554
1609
|
* You can propose up to 10 new access points per bucket.</p>
|
|
1610
|
+
* @public
|
|
1555
1611
|
*/
|
|
1556
1612
|
accessPoints?: Record<string, S3AccessPointConfiguration>;
|
|
1557
1613
|
}
|
|
1558
1614
|
/**
|
|
1559
|
-
* @public
|
|
1560
1615
|
* <p>Proposed access control configuration for an Amazon S3 directory bucket. You can propose a
|
|
1561
1616
|
* configuration for a new Amazon S3 directory bucket or an existing Amazon S3 directory bucket that you
|
|
1562
1617
|
* own by specifying the Amazon S3 bucket policy. If the configuration is for an existing Amazon S3
|
|
@@ -1566,16 +1621,16 @@ export interface S3BucketConfiguration {
|
|
|
1566
1621
|
* directory bucket without a policy. To propose deletion of an existing bucket policy, you
|
|
1567
1622
|
* can specify an empty string. For more information about Amazon S3 directory bucket policies, see
|
|
1568
1623
|
* <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html">Example directory bucket policies for S3 Express One Zone</a>.</p>
|
|
1624
|
+
* @public
|
|
1569
1625
|
*/
|
|
1570
1626
|
export interface S3ExpressDirectoryBucketConfiguration {
|
|
1571
1627
|
/**
|
|
1572
|
-
* @public
|
|
1573
1628
|
* <p>The proposed bucket policy for the Amazon S3 directory bucket.</p>
|
|
1629
|
+
* @public
|
|
1574
1630
|
*/
|
|
1575
1631
|
bucketPolicy?: string;
|
|
1576
1632
|
}
|
|
1577
1633
|
/**
|
|
1578
|
-
* @public
|
|
1579
1634
|
* <p>The configuration for a Secrets Manager secret. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html">CreateSecret</a>.</p>
|
|
1580
1635
|
* <p>You can propose a configuration for a new secret or an existing secret that you own by
|
|
1581
1636
|
* specifying the secret policy and optional KMS encryption key. If the configuration is for
|
|
@@ -1588,21 +1643,21 @@ export interface S3ExpressDirectoryBucketConfiguration {
|
|
|
1588
1643
|
* string for the KMS key ID, the access preview uses the Amazon Web Services managed key of the
|
|
1589
1644
|
* Amazon Web Services account. For more information about secret policy limits, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html">Quotas
|
|
1590
1645
|
* for Secrets Manager.</a>.</p>
|
|
1646
|
+
* @public
|
|
1591
1647
|
*/
|
|
1592
1648
|
export interface SecretsManagerSecretConfiguration {
|
|
1593
1649
|
/**
|
|
1594
|
-
* @public
|
|
1595
1650
|
* <p>The proposed ARN, key ID, or alias of the KMS key.</p>
|
|
1651
|
+
* @public
|
|
1596
1652
|
*/
|
|
1597
1653
|
kmsKeyId?: string;
|
|
1598
1654
|
/**
|
|
1599
|
-
* @public
|
|
1600
1655
|
* <p>The proposed resource policy defining who can access or manage the secret.</p>
|
|
1656
|
+
* @public
|
|
1601
1657
|
*/
|
|
1602
1658
|
secretPolicy?: string;
|
|
1603
1659
|
}
|
|
1604
1660
|
/**
|
|
1605
|
-
* @public
|
|
1606
1661
|
* <p>The proposed access control configuration for an Amazon SNS topic. You can propose a
|
|
1607
1662
|
* configuration for a new Amazon SNS topic or an existing Amazon SNS topic that you own by specifying
|
|
1608
1663
|
* the policy. If the configuration is for an existing Amazon SNS topic and you do not specify the
|
|
@@ -1611,18 +1666,18 @@ export interface SecretsManagerSecretConfiguration {
|
|
|
1611
1666
|
* preview assumes an Amazon SNS topic without a policy. To propose deletion of an existing Amazon SNS
|
|
1612
1667
|
* topic policy, you can specify an empty string for the Amazon SNS policy. For more information,
|
|
1613
1668
|
* see <a href="https://docs.aws.amazon.com/sns/latest/api/API_Topic.html">Topic</a>.</p>
|
|
1669
|
+
* @public
|
|
1614
1670
|
*/
|
|
1615
1671
|
export interface SnsTopicConfiguration {
|
|
1616
1672
|
/**
|
|
1617
|
-
* @public
|
|
1618
1673
|
* <p>The JSON policy text that defines who can access an Amazon SNS topic. For more information,
|
|
1619
1674
|
* see <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html">Example cases for Amazon SNS access control</a> in the <i>Amazon SNS Developer
|
|
1620
1675
|
* Guide</i>.</p>
|
|
1676
|
+
* @public
|
|
1621
1677
|
*/
|
|
1622
1678
|
topicPolicy?: string;
|
|
1623
1679
|
}
|
|
1624
1680
|
/**
|
|
1625
|
-
* @public
|
|
1626
1681
|
* <p>The proposed access control configuration for an Amazon SQS queue. You can propose a
|
|
1627
1682
|
* configuration for a new Amazon SQS queue or an existing Amazon SQS queue that you own by specifying
|
|
1628
1683
|
* the Amazon SQS policy. If the configuration is for an existing Amazon SQS queue and you do not
|
|
@@ -1632,27 +1687,28 @@ export interface SnsTopicConfiguration {
|
|
|
1632
1687
|
* queue policy, you can specify an empty string for the Amazon SQS policy. For more information
|
|
1633
1688
|
* about Amazon SQS policy limits, see <a href="https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-policies.html">Quotas related
|
|
1634
1689
|
* to policies</a>.</p>
|
|
1690
|
+
* @public
|
|
1635
1691
|
*/
|
|
1636
1692
|
export interface SqsQueueConfiguration {
|
|
1637
1693
|
/**
|
|
1638
|
-
* @public
|
|
1639
1694
|
* <p> The proposed resource policy for the Amazon SQS queue. </p>
|
|
1695
|
+
* @public
|
|
1640
1696
|
*/
|
|
1641
1697
|
queuePolicy?: string;
|
|
1642
1698
|
}
|
|
1643
1699
|
/**
|
|
1644
|
-
* @public
|
|
1645
1700
|
* <p>Access control configuration structures for your resource. You specify the configuration
|
|
1646
1701
|
* as a type-value pair. You can specify only one type of access control configuration.</p>
|
|
1702
|
+
* @public
|
|
1647
1703
|
*/
|
|
1648
|
-
export type Configuration = Configuration.EbsSnapshotMember | Configuration.EcrRepositoryMember | Configuration.EfsFileSystemMember | Configuration.IamRoleMember | Configuration.KmsKeyMember | Configuration.RdsDbClusterSnapshotMember | Configuration.RdsDbSnapshotMember | Configuration.S3BucketMember | Configuration.S3ExpressDirectoryBucketMember | Configuration.SecretsManagerSecretMember | Configuration.SnsTopicMember | Configuration.SqsQueueMember | Configuration.$UnknownMember;
|
|
1704
|
+
export type Configuration = Configuration.DynamodbStreamMember | Configuration.DynamodbTableMember | Configuration.EbsSnapshotMember | Configuration.EcrRepositoryMember | Configuration.EfsFileSystemMember | Configuration.IamRoleMember | Configuration.KmsKeyMember | Configuration.RdsDbClusterSnapshotMember | Configuration.RdsDbSnapshotMember | Configuration.S3BucketMember | Configuration.S3ExpressDirectoryBucketMember | Configuration.SecretsManagerSecretMember | Configuration.SnsTopicMember | Configuration.SqsQueueMember | Configuration.$UnknownMember;
|
|
1649
1705
|
/**
|
|
1650
1706
|
* @public
|
|
1651
1707
|
*/
|
|
1652
1708
|
export declare namespace Configuration {
|
|
1653
1709
|
/**
|
|
1654
|
-
* @public
|
|
1655
1710
|
* <p>The access control configuration is for an Amazon EBS volume snapshot.</p>
|
|
1711
|
+
* @public
|
|
1656
1712
|
*/
|
|
1657
1713
|
interface EbsSnapshotMember {
|
|
1658
1714
|
ebsSnapshot: EbsSnapshotConfiguration;
|
|
@@ -1667,11 +1723,13 @@ export declare namespace Configuration {
|
|
|
1667
1723
|
snsTopic?: never;
|
|
1668
1724
|
sqsQueue?: never;
|
|
1669
1725
|
s3ExpressDirectoryBucket?: never;
|
|
1726
|
+
dynamodbStream?: never;
|
|
1727
|
+
dynamodbTable?: never;
|
|
1670
1728
|
$unknown?: never;
|
|
1671
1729
|
}
|
|
1672
1730
|
/**
|
|
1673
|
-
* @public
|
|
1674
1731
|
* <p>The access control configuration is for an Amazon ECR repository.</p>
|
|
1732
|
+
* @public
|
|
1675
1733
|
*/
|
|
1676
1734
|
interface EcrRepositoryMember {
|
|
1677
1735
|
ebsSnapshot?: never;
|
|
@@ -1686,11 +1744,13 @@ export declare namespace Configuration {
|
|
|
1686
1744
|
snsTopic?: never;
|
|
1687
1745
|
sqsQueue?: never;
|
|
1688
1746
|
s3ExpressDirectoryBucket?: never;
|
|
1747
|
+
dynamodbStream?: never;
|
|
1748
|
+
dynamodbTable?: never;
|
|
1689
1749
|
$unknown?: never;
|
|
1690
1750
|
}
|
|
1691
1751
|
/**
|
|
1692
|
-
* @public
|
|
1693
1752
|
* <p>The access control configuration is for an IAM role. </p>
|
|
1753
|
+
* @public
|
|
1694
1754
|
*/
|
|
1695
1755
|
interface IamRoleMember {
|
|
1696
1756
|
ebsSnapshot?: never;
|
|
@@ -1705,11 +1765,13 @@ export declare namespace Configuration {
|
|
|
1705
1765
|
snsTopic?: never;
|
|
1706
1766
|
sqsQueue?: never;
|
|
1707
1767
|
s3ExpressDirectoryBucket?: never;
|
|
1768
|
+
dynamodbStream?: never;
|
|
1769
|
+
dynamodbTable?: never;
|
|
1708
1770
|
$unknown?: never;
|
|
1709
1771
|
}
|
|
1710
1772
|
/**
|
|
1711
|
-
* @public
|
|
1712
1773
|
* <p>The access control configuration is for an Amazon EFS file system.</p>
|
|
1774
|
+
* @public
|
|
1713
1775
|
*/
|
|
1714
1776
|
interface EfsFileSystemMember {
|
|
1715
1777
|
ebsSnapshot?: never;
|
|
@@ -1724,11 +1786,13 @@ export declare namespace Configuration {
|
|
|
1724
1786
|
snsTopic?: never;
|
|
1725
1787
|
sqsQueue?: never;
|
|
1726
1788
|
s3ExpressDirectoryBucket?: never;
|
|
1789
|
+
dynamodbStream?: never;
|
|
1790
|
+
dynamodbTable?: never;
|
|
1727
1791
|
$unknown?: never;
|
|
1728
1792
|
}
|
|
1729
1793
|
/**
|
|
1730
|
-
* @public
|
|
1731
1794
|
* <p>The access control configuration is for a KMS key. </p>
|
|
1795
|
+
* @public
|
|
1732
1796
|
*/
|
|
1733
1797
|
interface KmsKeyMember {
|
|
1734
1798
|
ebsSnapshot?: never;
|
|
@@ -1743,11 +1807,13 @@ export declare namespace Configuration {
|
|
|
1743
1807
|
snsTopic?: never;
|
|
1744
1808
|
sqsQueue?: never;
|
|
1745
1809
|
s3ExpressDirectoryBucket?: never;
|
|
1810
|
+
dynamodbStream?: never;
|
|
1811
|
+
dynamodbTable?: never;
|
|
1746
1812
|
$unknown?: never;
|
|
1747
1813
|
}
|
|
1748
1814
|
/**
|
|
1749
|
-
* @public
|
|
1750
1815
|
* <p>The access control configuration is for an Amazon RDS DB cluster snapshot.</p>
|
|
1816
|
+
* @public
|
|
1751
1817
|
*/
|
|
1752
1818
|
interface RdsDbClusterSnapshotMember {
|
|
1753
1819
|
ebsSnapshot?: never;
|
|
@@ -1762,11 +1828,13 @@ export declare namespace Configuration {
|
|
|
1762
1828
|
snsTopic?: never;
|
|
1763
1829
|
sqsQueue?: never;
|
|
1764
1830
|
s3ExpressDirectoryBucket?: never;
|
|
1831
|
+
dynamodbStream?: never;
|
|
1832
|
+
dynamodbTable?: never;
|
|
1765
1833
|
$unknown?: never;
|
|
1766
1834
|
}
|
|
1767
1835
|
/**
|
|
1768
|
-
* @public
|
|
1769
1836
|
* <p>The access control configuration is for an Amazon RDS DB snapshot.</p>
|
|
1837
|
+
* @public
|
|
1770
1838
|
*/
|
|
1771
1839
|
interface RdsDbSnapshotMember {
|
|
1772
1840
|
ebsSnapshot?: never;
|
|
@@ -1781,11 +1849,13 @@ export declare namespace Configuration {
|
|
|
1781
1849
|
snsTopic?: never;
|
|
1782
1850
|
sqsQueue?: never;
|
|
1783
1851
|
s3ExpressDirectoryBucket?: never;
|
|
1852
|
+
dynamodbStream?: never;
|
|
1853
|
+
dynamodbTable?: never;
|
|
1784
1854
|
$unknown?: never;
|
|
1785
1855
|
}
|
|
1786
1856
|
/**
|
|
1787
|
-
* @public
|
|
1788
1857
|
* <p>The access control configuration is for a Secrets Manager secret.</p>
|
|
1858
|
+
* @public
|
|
1789
1859
|
*/
|
|
1790
1860
|
interface SecretsManagerSecretMember {
|
|
1791
1861
|
ebsSnapshot?: never;
|
|
@@ -1800,11 +1870,13 @@ export declare namespace Configuration {
|
|
|
1800
1870
|
snsTopic?: never;
|
|
1801
1871
|
sqsQueue?: never;
|
|
1802
1872
|
s3ExpressDirectoryBucket?: never;
|
|
1873
|
+
dynamodbStream?: never;
|
|
1874
|
+
dynamodbTable?: never;
|
|
1803
1875
|
$unknown?: never;
|
|
1804
1876
|
}
|
|
1805
1877
|
/**
|
|
1806
|
-
* @public
|
|
1807
1878
|
* <p>The access control configuration is for an Amazon S3 bucket. </p>
|
|
1879
|
+
* @public
|
|
1808
1880
|
*/
|
|
1809
1881
|
interface S3BucketMember {
|
|
1810
1882
|
ebsSnapshot?: never;
|
|
@@ -1819,11 +1891,13 @@ export declare namespace Configuration {
|
|
|
1819
1891
|
snsTopic?: never;
|
|
1820
1892
|
sqsQueue?: never;
|
|
1821
1893
|
s3ExpressDirectoryBucket?: never;
|
|
1894
|
+
dynamodbStream?: never;
|
|
1895
|
+
dynamodbTable?: never;
|
|
1822
1896
|
$unknown?: never;
|
|
1823
1897
|
}
|
|
1824
1898
|
/**
|
|
1825
|
-
* @public
|
|
1826
1899
|
* <p>The access control configuration is for an Amazon SNS topic</p>
|
|
1900
|
+
* @public
|
|
1827
1901
|
*/
|
|
1828
1902
|
interface SnsTopicMember {
|
|
1829
1903
|
ebsSnapshot?: never;
|
|
@@ -1838,11 +1912,13 @@ export declare namespace Configuration {
|
|
|
1838
1912
|
snsTopic: SnsTopicConfiguration;
|
|
1839
1913
|
sqsQueue?: never;
|
|
1840
1914
|
s3ExpressDirectoryBucket?: never;
|
|
1915
|
+
dynamodbStream?: never;
|
|
1916
|
+
dynamodbTable?: never;
|
|
1841
1917
|
$unknown?: never;
|
|
1842
1918
|
}
|
|
1843
1919
|
/**
|
|
1844
|
-
* @public
|
|
1845
1920
|
* <p>The access control configuration is for an Amazon SQS queue. </p>
|
|
1921
|
+
* @public
|
|
1846
1922
|
*/
|
|
1847
1923
|
interface SqsQueueMember {
|
|
1848
1924
|
ebsSnapshot?: never;
|
|
@@ -1857,11 +1933,13 @@ export declare namespace Configuration {
|
|
|
1857
1933
|
snsTopic?: never;
|
|
1858
1934
|
sqsQueue: SqsQueueConfiguration;
|
|
1859
1935
|
s3ExpressDirectoryBucket?: never;
|
|
1936
|
+
dynamodbStream?: never;
|
|
1937
|
+
dynamodbTable?: never;
|
|
1860
1938
|
$unknown?: never;
|
|
1861
1939
|
}
|
|
1862
1940
|
/**
|
|
1863
|
-
* @public
|
|
1864
1941
|
* <p>The access control configuration is for an Amazon S3 directory bucket.</p>
|
|
1942
|
+
* @public
|
|
1865
1943
|
*/
|
|
1866
1944
|
interface S3ExpressDirectoryBucketMember {
|
|
1867
1945
|
ebsSnapshot?: never;
|
|
@@ -1876,6 +1954,50 @@ export declare namespace Configuration {
|
|
|
1876
1954
|
snsTopic?: never;
|
|
1877
1955
|
sqsQueue?: never;
|
|
1878
1956
|
s3ExpressDirectoryBucket: S3ExpressDirectoryBucketConfiguration;
|
|
1957
|
+
dynamodbStream?: never;
|
|
1958
|
+
dynamodbTable?: never;
|
|
1959
|
+
$unknown?: never;
|
|
1960
|
+
}
|
|
1961
|
+
/**
|
|
1962
|
+
* <p>The access control configuration is for a DynamoDB stream.</p>
|
|
1963
|
+
* @public
|
|
1964
|
+
*/
|
|
1965
|
+
interface DynamodbStreamMember {
|
|
1966
|
+
ebsSnapshot?: never;
|
|
1967
|
+
ecrRepository?: never;
|
|
1968
|
+
iamRole?: never;
|
|
1969
|
+
efsFileSystem?: never;
|
|
1970
|
+
kmsKey?: never;
|
|
1971
|
+
rdsDbClusterSnapshot?: never;
|
|
1972
|
+
rdsDbSnapshot?: never;
|
|
1973
|
+
secretsManagerSecret?: never;
|
|
1974
|
+
s3Bucket?: never;
|
|
1975
|
+
snsTopic?: never;
|
|
1976
|
+
sqsQueue?: never;
|
|
1977
|
+
s3ExpressDirectoryBucket?: never;
|
|
1978
|
+
dynamodbStream: DynamodbStreamConfiguration;
|
|
1979
|
+
dynamodbTable?: never;
|
|
1980
|
+
$unknown?: never;
|
|
1981
|
+
}
|
|
1982
|
+
/**
|
|
1983
|
+
* <p>The access control configuration is for a DynamoDB table or index.</p>
|
|
1984
|
+
* @public
|
|
1985
|
+
*/
|
|
1986
|
+
interface DynamodbTableMember {
|
|
1987
|
+
ebsSnapshot?: never;
|
|
1988
|
+
ecrRepository?: never;
|
|
1989
|
+
iamRole?: never;
|
|
1990
|
+
efsFileSystem?: never;
|
|
1991
|
+
kmsKey?: never;
|
|
1992
|
+
rdsDbClusterSnapshot?: never;
|
|
1993
|
+
rdsDbSnapshot?: never;
|
|
1994
|
+
secretsManagerSecret?: never;
|
|
1995
|
+
s3Bucket?: never;
|
|
1996
|
+
snsTopic?: never;
|
|
1997
|
+
sqsQueue?: never;
|
|
1998
|
+
s3ExpressDirectoryBucket?: never;
|
|
1999
|
+
dynamodbStream?: never;
|
|
2000
|
+
dynamodbTable: DynamodbTableConfiguration;
|
|
1879
2001
|
$unknown?: never;
|
|
1880
2002
|
}
|
|
1881
2003
|
/**
|
|
@@ -1894,6 +2016,8 @@ export declare namespace Configuration {
|
|
|
1894
2016
|
snsTopic?: never;
|
|
1895
2017
|
sqsQueue?: never;
|
|
1896
2018
|
s3ExpressDirectoryBucket?: never;
|
|
2019
|
+
dynamodbStream?: never;
|
|
2020
|
+
dynamodbTable?: never;
|
|
1897
2021
|
$unknown: [string, any];
|
|
1898
2022
|
}
|
|
1899
2023
|
interface Visitor<T> {
|
|
@@ -1909,6 +2033,8 @@ export declare namespace Configuration {
|
|
|
1909
2033
|
snsTopic: (value: SnsTopicConfiguration) => T;
|
|
1910
2034
|
sqsQueue: (value: SqsQueueConfiguration) => T;
|
|
1911
2035
|
s3ExpressDirectoryBucket: (value: S3ExpressDirectoryBucketConfiguration) => T;
|
|
2036
|
+
dynamodbStream: (value: DynamodbStreamConfiguration) => T;
|
|
2037
|
+
dynamodbTable: (value: DynamodbTableConfiguration) => T;
|
|
1912
2038
|
_: (name: string, value: any) => T;
|
|
1913
2039
|
}
|
|
1914
2040
|
const visit: <T>(value: Configuration, visitor: Visitor<T>) => T;
|
|
@@ -1918,24 +2044,24 @@ export declare namespace Configuration {
|
|
|
1918
2044
|
*/
|
|
1919
2045
|
export interface CreateAccessPreviewRequest {
|
|
1920
2046
|
/**
|
|
1921
|
-
* @public
|
|
1922
2047
|
* <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
|
|
1923
2048
|
* the account analyzer</a> used to generate the access preview. You can only create an
|
|
1924
2049
|
* access preview for analyzers with an <code>Account</code> type and <code>Active</code>
|
|
1925
2050
|
* status.</p>
|
|
2051
|
+
* @public
|
|
1926
2052
|
*/
|
|
1927
2053
|
analyzerArn: string | undefined;
|
|
1928
2054
|
/**
|
|
1929
|
-
* @public
|
|
1930
2055
|
* <p>Access control configuration for your resource that is used to generate the access
|
|
1931
2056
|
* preview. The access preview includes findings for external access allowed to the resource
|
|
1932
2057
|
* with the proposed access control configuration. The configuration must contain exactly one
|
|
1933
2058
|
* element.</p>
|
|
2059
|
+
* @public
|
|
1934
2060
|
*/
|
|
1935
2061
|
configurations: Record<string, Configuration> | undefined;
|
|
1936
2062
|
/**
|
|
1937
|
-
* @public
|
|
1938
2063
|
* <p>A client token.</p>
|
|
2064
|
+
* @public
|
|
1939
2065
|
*/
|
|
1940
2066
|
clientToken?: string;
|
|
1941
2067
|
}
|
|
@@ -1944,8 +2070,8 @@ export interface CreateAccessPreviewRequest {
|
|
|
1944
2070
|
*/
|
|
1945
2071
|
export interface CreateAccessPreviewResponse {
|
|
1946
2072
|
/**
|
|
1947
|
-
* @public
|
|
1948
2073
|
* <p>The unique ID for the access preview.</p>
|
|
2074
|
+
* @public
|
|
1949
2075
|
*/
|
|
1950
2076
|
id: string | undefined;
|
|
1951
2077
|
}
|
|
@@ -1954,14 +2080,14 @@ export interface CreateAccessPreviewResponse {
|
|
|
1954
2080
|
*/
|
|
1955
2081
|
export interface GetAccessPreviewRequest {
|
|
1956
2082
|
/**
|
|
1957
|
-
* @public
|
|
1958
2083
|
* <p>The unique ID for the access preview.</p>
|
|
2084
|
+
* @public
|
|
1959
2085
|
*/
|
|
1960
2086
|
accessPreviewId: string | undefined;
|
|
1961
2087
|
/**
|
|
1962
|
-
* @public
|
|
1963
2088
|
* <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
|
|
1964
2089
|
* the analyzer</a> used to generate the access preview.</p>
|
|
2090
|
+
* @public
|
|
1965
2091
|
*/
|
|
1966
2092
|
analyzerArn: string | undefined;
|
|
1967
2093
|
}
|
|
@@ -1991,46 +2117,45 @@ export declare const AccessPreviewStatusReasonCode: {
|
|
|
1991
2117
|
*/
|
|
1992
2118
|
export type AccessPreviewStatusReasonCode = (typeof AccessPreviewStatusReasonCode)[keyof typeof AccessPreviewStatusReasonCode];
|
|
1993
2119
|
/**
|
|
1994
|
-
* @public
|
|
1995
2120
|
* <p>Provides more details about the current status of the access preview. For example, if
|
|
1996
2121
|
* the creation of the access preview fails, a <code>Failed</code> status is returned. This
|
|
1997
2122
|
* failure can be due to an internal issue with the analysis or due to an invalid proposed
|
|
1998
2123
|
* resource configuration.</p>
|
|
2124
|
+
* @public
|
|
1999
2125
|
*/
|
|
2000
2126
|
export interface AccessPreviewStatusReason {
|
|
2001
2127
|
/**
|
|
2002
|
-
* @public
|
|
2003
2128
|
* <p>The reason code for the current status of the access preview.</p>
|
|
2129
|
+
* @public
|
|
2004
2130
|
*/
|
|
2005
2131
|
code: AccessPreviewStatusReasonCode | undefined;
|
|
2006
2132
|
}
|
|
2007
2133
|
/**
|
|
2008
|
-
* @public
|
|
2009
2134
|
* <p>Contains information about an access preview.</p>
|
|
2135
|
+
* @public
|
|
2010
2136
|
*/
|
|
2011
2137
|
export interface AccessPreview {
|
|
2012
2138
|
/**
|
|
2013
|
-
* @public
|
|
2014
2139
|
* <p>The unique ID for the access preview.</p>
|
|
2140
|
+
* @public
|
|
2015
2141
|
*/
|
|
2016
2142
|
id: string | undefined;
|
|
2017
2143
|
/**
|
|
2018
|
-
* @public
|
|
2019
2144
|
* <p>The ARN of the analyzer used to generate the access preview.</p>
|
|
2145
|
+
* @public
|
|
2020
2146
|
*/
|
|
2021
2147
|
analyzerArn: string | undefined;
|
|
2022
2148
|
/**
|
|
2023
|
-
* @public
|
|
2024
2149
|
* <p>A map of resource ARNs for the proposed resource configuration.</p>
|
|
2150
|
+
* @public
|
|
2025
2151
|
*/
|
|
2026
2152
|
configurations: Record<string, Configuration> | undefined;
|
|
2027
2153
|
/**
|
|
2028
|
-
* @public
|
|
2029
2154
|
* <p>The time at which the access preview was created.</p>
|
|
2155
|
+
* @public
|
|
2030
2156
|
*/
|
|
2031
2157
|
createdAt: Date | undefined;
|
|
2032
2158
|
/**
|
|
2033
|
-
* @public
|
|
2034
2159
|
* <p>The status of the access preview.</p>
|
|
2035
2160
|
* <ul>
|
|
2036
2161
|
* <li>
|
|
@@ -2047,14 +2172,15 @@ export interface AccessPreview {
|
|
|
2047
2172
|
* <code>Failed</code> - The access preview creation has failed.</p>
|
|
2048
2173
|
* </li>
|
|
2049
2174
|
* </ul>
|
|
2175
|
+
* @public
|
|
2050
2176
|
*/
|
|
2051
2177
|
status: AccessPreviewStatus | undefined;
|
|
2052
2178
|
/**
|
|
2053
|
-
* @public
|
|
2054
2179
|
* <p>Provides more details about the current status of the access preview.</p>
|
|
2055
2180
|
* <p>For example, if the creation of the access preview fails, a <code>Failed</code> status
|
|
2056
2181
|
* is returned. This failure can be due to an internal issue with the analysis or due to an
|
|
2057
2182
|
* invalid resource configuration.</p>
|
|
2183
|
+
* @public
|
|
2058
2184
|
*/
|
|
2059
2185
|
statusReason?: AccessPreviewStatusReason;
|
|
2060
2186
|
}
|
|
@@ -2063,144 +2189,144 @@ export interface AccessPreview {
|
|
|
2063
2189
|
*/
|
|
2064
2190
|
export interface GetAccessPreviewResponse {
|
|
2065
2191
|
/**
|
|
2066
|
-
* @public
|
|
2067
2192
|
* <p>An object that contains information about the access preview.</p>
|
|
2193
|
+
* @public
|
|
2068
2194
|
*/
|
|
2069
2195
|
accessPreview: AccessPreview | undefined;
|
|
2070
2196
|
}
|
|
2071
2197
|
/**
|
|
2072
|
-
* @public
|
|
2073
2198
|
* <p>Retrieves an analyzed resource.</p>
|
|
2199
|
+
* @public
|
|
2074
2200
|
*/
|
|
2075
2201
|
export interface GetAnalyzedResourceRequest {
|
|
2076
2202
|
/**
|
|
2077
|
-
* @public
|
|
2078
2203
|
* <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
|
|
2079
2204
|
* the analyzer</a> to retrieve information from.</p>
|
|
2205
|
+
* @public
|
|
2080
2206
|
*/
|
|
2081
2207
|
analyzerArn: string | undefined;
|
|
2082
2208
|
/**
|
|
2083
|
-
* @public
|
|
2084
2209
|
* <p>The ARN of the resource to retrieve information about.</p>
|
|
2210
|
+
* @public
|
|
2085
2211
|
*/
|
|
2086
2212
|
resourceArn: string | undefined;
|
|
2087
2213
|
}
|
|
2088
2214
|
/**
|
|
2089
2215
|
* @public
|
|
2090
2216
|
*/
|
|
2091
|
-
export type ResourceType = "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::EFS::FileSystem" | "AWS::IAM::Role" | "AWS::KMS::Key" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::RDS::DBClusterSnapshot" | "AWS::RDS::DBSnapshot" | "AWS::S3::Bucket" | "AWS::S3Express::DirectoryBucket" | "AWS::SNS::Topic" | "AWS::SQS::Queue" | "AWS::SecretsManager::Secret";
|
|
2217
|
+
export type ResourceType = "AWS::DynamoDB::Stream" | "AWS::DynamoDB::Table" | "AWS::EC2::Snapshot" | "AWS::ECR::Repository" | "AWS::EFS::FileSystem" | "AWS::IAM::Role" | "AWS::KMS::Key" | "AWS::Lambda::Function" | "AWS::Lambda::LayerVersion" | "AWS::RDS::DBClusterSnapshot" | "AWS::RDS::DBSnapshot" | "AWS::S3::Bucket" | "AWS::S3Express::DirectoryBucket" | "AWS::SNS::Topic" | "AWS::SQS::Queue" | "AWS::SecretsManager::Secret";
|
|
2092
2218
|
/**
|
|
2093
2219
|
* @public
|
|
2094
2220
|
*/
|
|
2095
2221
|
export type FindingStatus = "ACTIVE" | "ARCHIVED" | "RESOLVED";
|
|
2096
2222
|
/**
|
|
2097
|
-
* @public
|
|
2098
2223
|
* <p>Contains details about the analyzed resource.</p>
|
|
2224
|
+
* @public
|
|
2099
2225
|
*/
|
|
2100
2226
|
export interface AnalyzedResource {
|
|
2101
2227
|
/**
|
|
2102
|
-
* @public
|
|
2103
2228
|
* <p>The ARN of the resource that was analyzed.</p>
|
|
2229
|
+
* @public
|
|
2104
2230
|
*/
|
|
2105
2231
|
resourceArn: string | undefined;
|
|
2106
2232
|
/**
|
|
2107
|
-
* @public
|
|
2108
2233
|
* <p>The type of the resource that was analyzed.</p>
|
|
2234
|
+
* @public
|
|
2109
2235
|
*/
|
|
2110
2236
|
resourceType: ResourceType | undefined;
|
|
2111
2237
|
/**
|
|
2112
|
-
* @public
|
|
2113
2238
|
* <p>The time at which the finding was created.</p>
|
|
2239
|
+
* @public
|
|
2114
2240
|
*/
|
|
2115
2241
|
createdAt: Date | undefined;
|
|
2116
2242
|
/**
|
|
2117
|
-
* @public
|
|
2118
2243
|
* <p>The time at which the resource was analyzed.</p>
|
|
2244
|
+
* @public
|
|
2119
2245
|
*/
|
|
2120
2246
|
analyzedAt: Date | undefined;
|
|
2121
2247
|
/**
|
|
2122
|
-
* @public
|
|
2123
2248
|
* <p>The time at which the finding was updated.</p>
|
|
2249
|
+
* @public
|
|
2124
2250
|
*/
|
|
2125
2251
|
updatedAt: Date | undefined;
|
|
2126
2252
|
/**
|
|
2127
|
-
* @public
|
|
2128
2253
|
* <p>Indicates whether the policy that generated the finding grants public access to the
|
|
2129
2254
|
* resource.</p>
|
|
2255
|
+
* @public
|
|
2130
2256
|
*/
|
|
2131
2257
|
isPublic: boolean | undefined;
|
|
2132
2258
|
/**
|
|
2133
|
-
* @public
|
|
2134
2259
|
* <p>The actions that an external principal is granted permission to use by the policy that
|
|
2135
2260
|
* generated the finding.</p>
|
|
2261
|
+
* @public
|
|
2136
2262
|
*/
|
|
2137
2263
|
actions?: string[];
|
|
2138
2264
|
/**
|
|
2139
|
-
* @public
|
|
2140
2265
|
* <p>Indicates how the access that generated the finding is granted. This is populated for
|
|
2141
2266
|
* Amazon S3 bucket findings.</p>
|
|
2267
|
+
* @public
|
|
2142
2268
|
*/
|
|
2143
2269
|
sharedVia?: string[];
|
|
2144
2270
|
/**
|
|
2145
|
-
* @public
|
|
2146
2271
|
* <p>The current status of the finding generated from the analyzed resource.</p>
|
|
2272
|
+
* @public
|
|
2147
2273
|
*/
|
|
2148
2274
|
status?: FindingStatus;
|
|
2149
2275
|
/**
|
|
2150
|
-
* @public
|
|
2151
2276
|
* <p>The Amazon Web Services account ID that owns the resource.</p>
|
|
2277
|
+
* @public
|
|
2152
2278
|
*/
|
|
2153
2279
|
resourceOwnerAccount: string | undefined;
|
|
2154
2280
|
/**
|
|
2155
|
-
* @public
|
|
2156
2281
|
* <p>An error message.</p>
|
|
2282
|
+
* @public
|
|
2157
2283
|
*/
|
|
2158
2284
|
error?: string;
|
|
2159
2285
|
}
|
|
2160
2286
|
/**
|
|
2161
|
-
* @public
|
|
2162
2287
|
* <p>The response to the request.</p>
|
|
2288
|
+
* @public
|
|
2163
2289
|
*/
|
|
2164
2290
|
export interface GetAnalyzedResourceResponse {
|
|
2165
2291
|
/**
|
|
2166
|
-
* @public
|
|
2167
2292
|
* <p>An <code>AnalyzedResource</code> object that contains information that IAM Access Analyzer
|
|
2168
2293
|
* found when it analyzed the resource.</p>
|
|
2294
|
+
* @public
|
|
2169
2295
|
*/
|
|
2170
2296
|
resource?: AnalyzedResource;
|
|
2171
2297
|
}
|
|
2172
2298
|
/**
|
|
2173
|
-
* @public
|
|
2174
2299
|
* <p>Retrieves a finding.</p>
|
|
2300
|
+
* @public
|
|
2175
2301
|
*/
|
|
2176
2302
|
export interface GetFindingRequest {
|
|
2177
2303
|
/**
|
|
2178
|
-
* @public
|
|
2179
2304
|
* <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
|
|
2180
2305
|
* the analyzer</a> that generated the finding.</p>
|
|
2306
|
+
* @public
|
|
2181
2307
|
*/
|
|
2182
2308
|
analyzerArn: string | undefined;
|
|
2183
2309
|
/**
|
|
2184
|
-
* @public
|
|
2185
2310
|
* <p>The ID of the finding to retrieve.</p>
|
|
2311
|
+
* @public
|
|
2186
2312
|
*/
|
|
2187
2313
|
id: string | undefined;
|
|
2188
2314
|
}
|
|
2189
2315
|
/**
|
|
2190
|
-
* @public
|
|
2191
2316
|
* <p>Includes details about how the access that generated the finding is granted. This is
|
|
2192
2317
|
* populated for Amazon S3 bucket findings.</p>
|
|
2318
|
+
* @public
|
|
2193
2319
|
*/
|
|
2194
2320
|
export interface FindingSourceDetail {
|
|
2195
2321
|
/**
|
|
2196
|
-
* @public
|
|
2197
2322
|
* <p>The ARN of the access point that generated the finding. The ARN format depends on
|
|
2198
2323
|
* whether the ARN represents an access point or a multi-region access point.</p>
|
|
2324
|
+
* @public
|
|
2199
2325
|
*/
|
|
2200
2326
|
accessPointArn?: string;
|
|
2201
2327
|
/**
|
|
2202
|
-
* @public
|
|
2203
2328
|
* <p>The account of the cross-account access point that generated the finding.</p>
|
|
2329
|
+
* @public
|
|
2204
2330
|
*/
|
|
2205
2331
|
accessPointAccount?: string;
|
|
2206
2332
|
}
|
|
@@ -2209,110 +2335,110 @@ export interface FindingSourceDetail {
|
|
|
2209
2335
|
*/
|
|
2210
2336
|
export type FindingSourceType = "BUCKET_ACL" | "POLICY" | "S3_ACCESS_POINT" | "S3_ACCESS_POINT_ACCOUNT";
|
|
2211
2337
|
/**
|
|
2212
|
-
* @public
|
|
2213
2338
|
* <p>The source of the finding. This indicates how the access that generated the finding is
|
|
2214
2339
|
* granted. It is populated for Amazon S3 bucket findings.</p>
|
|
2340
|
+
* @public
|
|
2215
2341
|
*/
|
|
2216
2342
|
export interface FindingSource {
|
|
2217
2343
|
/**
|
|
2218
|
-
* @public
|
|
2219
2344
|
* <p>Indicates the type of access that generated the finding.</p>
|
|
2345
|
+
* @public
|
|
2220
2346
|
*/
|
|
2221
2347
|
type: FindingSourceType | undefined;
|
|
2222
2348
|
/**
|
|
2223
|
-
* @public
|
|
2224
2349
|
* <p>Includes details about how the access that generated the finding is granted. This is
|
|
2225
2350
|
* populated for Amazon S3 bucket findings.</p>
|
|
2351
|
+
* @public
|
|
2226
2352
|
*/
|
|
2227
2353
|
detail?: FindingSourceDetail;
|
|
2228
2354
|
}
|
|
2229
2355
|
/**
|
|
2230
|
-
* @public
|
|
2231
2356
|
* <p>Contains information about a finding.</p>
|
|
2357
|
+
* @public
|
|
2232
2358
|
*/
|
|
2233
2359
|
export interface Finding {
|
|
2234
2360
|
/**
|
|
2235
|
-
* @public
|
|
2236
2361
|
* <p>The ID of the finding.</p>
|
|
2362
|
+
* @public
|
|
2237
2363
|
*/
|
|
2238
2364
|
id: string | undefined;
|
|
2239
2365
|
/**
|
|
2240
|
-
* @public
|
|
2241
2366
|
* <p>The external principal that has access to a resource within the zone of trust.</p>
|
|
2367
|
+
* @public
|
|
2242
2368
|
*/
|
|
2243
2369
|
principal?: Record<string, string>;
|
|
2244
2370
|
/**
|
|
2245
|
-
* @public
|
|
2246
2371
|
* <p>The action in the analyzed policy statement that an external principal has permission to
|
|
2247
2372
|
* use.</p>
|
|
2373
|
+
* @public
|
|
2248
2374
|
*/
|
|
2249
2375
|
action?: string[];
|
|
2250
2376
|
/**
|
|
2251
|
-
* @public
|
|
2252
2377
|
* <p>The resource that an external principal has access to.</p>
|
|
2378
|
+
* @public
|
|
2253
2379
|
*/
|
|
2254
2380
|
resource?: string;
|
|
2255
2381
|
/**
|
|
2256
|
-
* @public
|
|
2257
2382
|
* <p>Indicates whether the policy that generated the finding allows public access to the
|
|
2258
2383
|
* resource.</p>
|
|
2384
|
+
* @public
|
|
2259
2385
|
*/
|
|
2260
2386
|
isPublic?: boolean;
|
|
2261
2387
|
/**
|
|
2262
|
-
* @public
|
|
2263
2388
|
* <p>The type of the resource identified in the finding.</p>
|
|
2389
|
+
* @public
|
|
2264
2390
|
*/
|
|
2265
2391
|
resourceType: ResourceType | undefined;
|
|
2266
2392
|
/**
|
|
2267
|
-
* @public
|
|
2268
2393
|
* <p>The condition in the analyzed policy statement that resulted in a finding.</p>
|
|
2394
|
+
* @public
|
|
2269
2395
|
*/
|
|
2270
2396
|
condition: Record<string, string> | undefined;
|
|
2271
2397
|
/**
|
|
2272
|
-
* @public
|
|
2273
2398
|
* <p>The time at which the finding was generated.</p>
|
|
2399
|
+
* @public
|
|
2274
2400
|
*/
|
|
2275
2401
|
createdAt: Date | undefined;
|
|
2276
2402
|
/**
|
|
2277
|
-
* @public
|
|
2278
2403
|
* <p>The time at which the resource was analyzed.</p>
|
|
2404
|
+
* @public
|
|
2279
2405
|
*/
|
|
2280
2406
|
analyzedAt: Date | undefined;
|
|
2281
2407
|
/**
|
|
2282
|
-
* @public
|
|
2283
2408
|
* <p>The time at which the finding was updated.</p>
|
|
2409
|
+
* @public
|
|
2284
2410
|
*/
|
|
2285
2411
|
updatedAt: Date | undefined;
|
|
2286
2412
|
/**
|
|
2287
|
-
* @public
|
|
2288
2413
|
* <p>The current status of the finding.</p>
|
|
2414
|
+
* @public
|
|
2289
2415
|
*/
|
|
2290
2416
|
status: FindingStatus | undefined;
|
|
2291
2417
|
/**
|
|
2292
|
-
* @public
|
|
2293
2418
|
* <p>The Amazon Web Services account ID that owns the resource.</p>
|
|
2419
|
+
* @public
|
|
2294
2420
|
*/
|
|
2295
2421
|
resourceOwnerAccount: string | undefined;
|
|
2296
2422
|
/**
|
|
2297
|
-
* @public
|
|
2298
2423
|
* <p>An error.</p>
|
|
2424
|
+
* @public
|
|
2299
2425
|
*/
|
|
2300
2426
|
error?: string;
|
|
2301
2427
|
/**
|
|
2302
|
-
* @public
|
|
2303
2428
|
* <p>The sources of the finding. This indicates how the access that generated the finding is
|
|
2304
2429
|
* granted. It is populated for Amazon S3 bucket findings.</p>
|
|
2430
|
+
* @public
|
|
2305
2431
|
*/
|
|
2306
2432
|
sources?: FindingSource[];
|
|
2307
2433
|
}
|
|
2308
2434
|
/**
|
|
2309
|
-
* @public
|
|
2310
2435
|
* <p>The response to the request.</p>
|
|
2436
|
+
* @public
|
|
2311
2437
|
*/
|
|
2312
2438
|
export interface GetFindingResponse {
|
|
2313
2439
|
/**
|
|
2314
|
-
* @public
|
|
2315
2440
|
* <p>A <code>finding</code> object that contains finding details.</p>
|
|
2441
|
+
* @public
|
|
2316
2442
|
*/
|
|
2317
2443
|
finding?: Finding;
|
|
2318
2444
|
}
|
|
@@ -2321,155 +2447,155 @@ export interface GetFindingResponse {
|
|
|
2321
2447
|
*/
|
|
2322
2448
|
export interface GetFindingV2Request {
|
|
2323
2449
|
/**
|
|
2324
|
-
* @public
|
|
2325
2450
|
* <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
|
|
2326
2451
|
* the analyzer</a> that generated the finding.</p>
|
|
2452
|
+
* @public
|
|
2327
2453
|
*/
|
|
2328
2454
|
analyzerArn: string | undefined;
|
|
2329
2455
|
/**
|
|
2330
|
-
* @public
|
|
2331
2456
|
* <p>The ID of the finding to retrieve.</p>
|
|
2457
|
+
* @public
|
|
2332
2458
|
*/
|
|
2333
2459
|
id: string | undefined;
|
|
2334
2460
|
/**
|
|
2335
|
-
* @public
|
|
2336
2461
|
* <p>The maximum number of results to return in the response.</p>
|
|
2462
|
+
* @public
|
|
2337
2463
|
*/
|
|
2338
2464
|
maxResults?: number;
|
|
2339
2465
|
/**
|
|
2340
|
-
* @public
|
|
2341
2466
|
* <p>A token used for pagination of results returned.</p>
|
|
2467
|
+
* @public
|
|
2342
2468
|
*/
|
|
2343
2469
|
nextToken?: string;
|
|
2344
2470
|
}
|
|
2345
2471
|
/**
|
|
2346
|
-
* @public
|
|
2347
2472
|
* <p>Contains information about an external access finding.</p>
|
|
2473
|
+
* @public
|
|
2348
2474
|
*/
|
|
2349
2475
|
export interface ExternalAccessDetails {
|
|
2350
2476
|
/**
|
|
2351
|
-
* @public
|
|
2352
2477
|
* <p>The action in the analyzed policy statement that an external principal has permission to
|
|
2353
2478
|
* use.</p>
|
|
2479
|
+
* @public
|
|
2354
2480
|
*/
|
|
2355
2481
|
action?: string[];
|
|
2356
2482
|
/**
|
|
2357
|
-
* @public
|
|
2358
2483
|
* <p>The condition in the analyzed policy statement that resulted in an external access
|
|
2359
2484
|
* finding.</p>
|
|
2485
|
+
* @public
|
|
2360
2486
|
*/
|
|
2361
2487
|
condition: Record<string, string> | undefined;
|
|
2362
2488
|
/**
|
|
2363
|
-
* @public
|
|
2364
2489
|
* <p>Specifies whether the external access finding is public.</p>
|
|
2490
|
+
* @public
|
|
2365
2491
|
*/
|
|
2366
2492
|
isPublic?: boolean;
|
|
2367
2493
|
/**
|
|
2368
|
-
* @public
|
|
2369
2494
|
* <p>The external principal that has access to a resource within the zone of trust.</p>
|
|
2495
|
+
* @public
|
|
2370
2496
|
*/
|
|
2371
2497
|
principal?: Record<string, string>;
|
|
2372
2498
|
/**
|
|
2373
|
-
* @public
|
|
2374
2499
|
* <p>The sources of the external access finding. This indicates how the access that generated
|
|
2375
2500
|
* the finding is granted. It is populated for Amazon S3 bucket findings.</p>
|
|
2501
|
+
* @public
|
|
2376
2502
|
*/
|
|
2377
2503
|
sources?: FindingSource[];
|
|
2378
2504
|
}
|
|
2379
2505
|
/**
|
|
2380
|
-
* @public
|
|
2381
2506
|
* <p>Contains information about an unused access finding for an IAM role. IAM Access Analyzer
|
|
2382
2507
|
* charges for unused access analysis based on the number of IAM roles and users analyzed
|
|
2383
2508
|
* per month. For more details on pricing, see <a href="https://aws.amazon.com/iam/access-analyzer/pricing">IAM Access Analyzer
|
|
2384
2509
|
* pricing</a>.</p>
|
|
2510
|
+
* @public
|
|
2385
2511
|
*/
|
|
2386
2512
|
export interface UnusedIamRoleDetails {
|
|
2387
2513
|
/**
|
|
2388
|
-
* @public
|
|
2389
2514
|
* <p>The time at which the role was last accessed.</p>
|
|
2515
|
+
* @public
|
|
2390
2516
|
*/
|
|
2391
2517
|
lastAccessed?: Date;
|
|
2392
2518
|
}
|
|
2393
2519
|
/**
|
|
2394
|
-
* @public
|
|
2395
2520
|
* <p>Contains information about an unused access finding for an IAM user access key.
|
|
2396
2521
|
* IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and
|
|
2397
2522
|
* users analyzed per month. For more details on pricing, see <a href="https://aws.amazon.com/iam/access-analyzer/pricing">IAM Access Analyzer
|
|
2398
2523
|
* pricing</a>.</p>
|
|
2524
|
+
* @public
|
|
2399
2525
|
*/
|
|
2400
2526
|
export interface UnusedIamUserAccessKeyDetails {
|
|
2401
2527
|
/**
|
|
2402
|
-
* @public
|
|
2403
2528
|
* <p>The ID of the access key for which the unused access finding was generated.</p>
|
|
2529
|
+
* @public
|
|
2404
2530
|
*/
|
|
2405
2531
|
accessKeyId: string | undefined;
|
|
2406
2532
|
/**
|
|
2407
|
-
* @public
|
|
2408
2533
|
* <p>The time at which the access key was last accessed.</p>
|
|
2534
|
+
* @public
|
|
2409
2535
|
*/
|
|
2410
2536
|
lastAccessed?: Date;
|
|
2411
2537
|
}
|
|
2412
2538
|
/**
|
|
2413
|
-
* @public
|
|
2414
2539
|
* <p>Contains information about an unused access finding for an IAM user password.
|
|
2415
2540
|
* IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and
|
|
2416
2541
|
* users analyzed per month. For more details on pricing, see <a href="https://aws.amazon.com/iam/access-analyzer/pricing">IAM Access Analyzer
|
|
2417
2542
|
* pricing</a>.</p>
|
|
2543
|
+
* @public
|
|
2418
2544
|
*/
|
|
2419
2545
|
export interface UnusedIamUserPasswordDetails {
|
|
2420
2546
|
/**
|
|
2421
|
-
* @public
|
|
2422
2547
|
* <p>The time at which the password was last accessed.</p>
|
|
2548
|
+
* @public
|
|
2423
2549
|
*/
|
|
2424
2550
|
lastAccessed?: Date;
|
|
2425
2551
|
}
|
|
2426
2552
|
/**
|
|
2427
|
-
* @public
|
|
2428
2553
|
* <p>Contains information about an unused access finding for an action. IAM Access Analyzer charges
|
|
2429
2554
|
* for unused access analysis based on the number of IAM roles and users analyzed per month.
|
|
2430
2555
|
* For more details on pricing, see <a href="https://aws.amazon.com/iam/access-analyzer/pricing">IAM Access Analyzer
|
|
2431
2556
|
* pricing</a>.</p>
|
|
2557
|
+
* @public
|
|
2432
2558
|
*/
|
|
2433
2559
|
export interface UnusedAction {
|
|
2434
2560
|
/**
|
|
2435
|
-
* @public
|
|
2436
2561
|
* <p>The action for which the unused access finding was generated.</p>
|
|
2562
|
+
* @public
|
|
2437
2563
|
*/
|
|
2438
2564
|
action: string | undefined;
|
|
2439
2565
|
/**
|
|
2440
|
-
* @public
|
|
2441
2566
|
* <p>The time at which the action was last accessed.</p>
|
|
2567
|
+
* @public
|
|
2442
2568
|
*/
|
|
2443
2569
|
lastAccessed?: Date;
|
|
2444
2570
|
}
|
|
2445
2571
|
/**
|
|
2446
|
-
* @public
|
|
2447
2572
|
* <p>Contains information about an unused access finding for a permission. IAM Access Analyzer
|
|
2448
2573
|
* charges for unused access analysis based on the number of IAM roles and users analyzed
|
|
2449
2574
|
* per month. For more details on pricing, see <a href="https://aws.amazon.com/iam/access-analyzer/pricing">IAM Access Analyzer
|
|
2450
2575
|
* pricing</a>.</p>
|
|
2576
|
+
* @public
|
|
2451
2577
|
*/
|
|
2452
2578
|
export interface UnusedPermissionDetails {
|
|
2453
2579
|
/**
|
|
2454
|
-
* @public
|
|
2455
2580
|
* <p>A list of unused actions for which the unused access finding was generated.</p>
|
|
2581
|
+
* @public
|
|
2456
2582
|
*/
|
|
2457
2583
|
actions?: UnusedAction[];
|
|
2458
2584
|
/**
|
|
2459
|
-
* @public
|
|
2460
2585
|
* <p>The namespace of the Amazon Web Services service that contains the unused actions.</p>
|
|
2586
|
+
* @public
|
|
2461
2587
|
*/
|
|
2462
2588
|
serviceNamespace: string | undefined;
|
|
2463
2589
|
/**
|
|
2464
|
-
* @public
|
|
2465
2590
|
* <p>The time at which the permission last accessed.</p>
|
|
2591
|
+
* @public
|
|
2466
2592
|
*/
|
|
2467
2593
|
lastAccessed?: Date;
|
|
2468
2594
|
}
|
|
2469
2595
|
/**
|
|
2470
|
-
* @public
|
|
2471
2596
|
* <p>Contains information about an external access or unused access finding. Only one
|
|
2472
2597
|
* parameter can be used in a <code>FindingDetails</code> object.</p>
|
|
2598
|
+
* @public
|
|
2473
2599
|
*/
|
|
2474
2600
|
export type FindingDetails = FindingDetails.ExternalAccessDetailsMember | FindingDetails.UnusedIamRoleDetailsMember | FindingDetails.UnusedIamUserAccessKeyDetailsMember | FindingDetails.UnusedIamUserPasswordDetailsMember | FindingDetails.UnusedPermissionDetailsMember | FindingDetails.$UnknownMember;
|
|
2475
2601
|
/**
|
|
@@ -2477,8 +2603,8 @@ export type FindingDetails = FindingDetails.ExternalAccessDetailsMember | Findin
|
|
|
2477
2603
|
*/
|
|
2478
2604
|
export declare namespace FindingDetails {
|
|
2479
2605
|
/**
|
|
2480
|
-
* @public
|
|
2481
2606
|
* <p>The details for an external access analyzer finding.</p>
|
|
2607
|
+
* @public
|
|
2482
2608
|
*/
|
|
2483
2609
|
interface ExternalAccessDetailsMember {
|
|
2484
2610
|
externalAccessDetails: ExternalAccessDetails;
|
|
@@ -2489,9 +2615,9 @@ export declare namespace FindingDetails {
|
|
|
2489
2615
|
$unknown?: never;
|
|
2490
2616
|
}
|
|
2491
2617
|
/**
|
|
2492
|
-
* @public
|
|
2493
2618
|
* <p>The details for an unused access analyzer finding with an unused permission finding
|
|
2494
2619
|
* type.</p>
|
|
2620
|
+
* @public
|
|
2495
2621
|
*/
|
|
2496
2622
|
interface UnusedPermissionDetailsMember {
|
|
2497
2623
|
externalAccessDetails?: never;
|
|
@@ -2502,9 +2628,9 @@ export declare namespace FindingDetails {
|
|
|
2502
2628
|
$unknown?: never;
|
|
2503
2629
|
}
|
|
2504
2630
|
/**
|
|
2505
|
-
* @public
|
|
2506
2631
|
* <p>The details for an unused access analyzer finding with an unused IAM user access key
|
|
2507
2632
|
* finding type.</p>
|
|
2633
|
+
* @public
|
|
2508
2634
|
*/
|
|
2509
2635
|
interface UnusedIamUserAccessKeyDetailsMember {
|
|
2510
2636
|
externalAccessDetails?: never;
|
|
@@ -2515,9 +2641,9 @@ export declare namespace FindingDetails {
|
|
|
2515
2641
|
$unknown?: never;
|
|
2516
2642
|
}
|
|
2517
2643
|
/**
|
|
2518
|
-
* @public
|
|
2519
2644
|
* <p>The details for an unused access analyzer finding with an unused IAM role finding
|
|
2520
2645
|
* type.</p>
|
|
2646
|
+
* @public
|
|
2521
2647
|
*/
|
|
2522
2648
|
interface UnusedIamRoleDetailsMember {
|
|
2523
2649
|
externalAccessDetails?: never;
|
|
@@ -2528,9 +2654,9 @@ export declare namespace FindingDetails {
|
|
|
2528
2654
|
$unknown?: never;
|
|
2529
2655
|
}
|
|
2530
2656
|
/**
|
|
2531
|
-
* @public
|
|
2532
2657
|
* <p>The details for an unused access analyzer finding with an unused IAM user password
|
|
2533
2658
|
* finding type.</p>
|
|
2659
|
+
* @public
|
|
2534
2660
|
*/
|
|
2535
2661
|
interface UnusedIamUserPasswordDetailsMember {
|
|
2536
2662
|
externalAccessDetails?: never;
|
|
@@ -2581,68 +2707,68 @@ export type FindingType = (typeof FindingType)[keyof typeof FindingType];
|
|
|
2581
2707
|
*/
|
|
2582
2708
|
export interface GetFindingV2Response {
|
|
2583
2709
|
/**
|
|
2584
|
-
* @public
|
|
2585
2710
|
* <p>The time at which the resource-based policy or IAM entity that generated the finding
|
|
2586
2711
|
* was analyzed.</p>
|
|
2712
|
+
* @public
|
|
2587
2713
|
*/
|
|
2588
2714
|
analyzedAt: Date | undefined;
|
|
2589
2715
|
/**
|
|
2590
|
-
* @public
|
|
2591
2716
|
* <p>The time at which the finding was created.</p>
|
|
2717
|
+
* @public
|
|
2592
2718
|
*/
|
|
2593
2719
|
createdAt: Date | undefined;
|
|
2594
2720
|
/**
|
|
2595
|
-
* @public
|
|
2596
2721
|
* <p>An error.</p>
|
|
2722
|
+
* @public
|
|
2597
2723
|
*/
|
|
2598
2724
|
error?: string;
|
|
2599
2725
|
/**
|
|
2600
|
-
* @public
|
|
2601
2726
|
* <p>The ID of the finding to retrieve.</p>
|
|
2727
|
+
* @public
|
|
2602
2728
|
*/
|
|
2603
2729
|
id: string | undefined;
|
|
2604
2730
|
/**
|
|
2605
|
-
* @public
|
|
2606
2731
|
* <p>A token used for pagination of results returned.</p>
|
|
2732
|
+
* @public
|
|
2607
2733
|
*/
|
|
2608
2734
|
nextToken?: string;
|
|
2609
2735
|
/**
|
|
2610
|
-
* @public
|
|
2611
2736
|
* <p>The resource that generated the finding.</p>
|
|
2737
|
+
* @public
|
|
2612
2738
|
*/
|
|
2613
2739
|
resource?: string;
|
|
2614
2740
|
/**
|
|
2615
|
-
* @public
|
|
2616
2741
|
* <p>The type of the resource identified in the finding.</p>
|
|
2742
|
+
* @public
|
|
2617
2743
|
*/
|
|
2618
2744
|
resourceType: ResourceType | undefined;
|
|
2619
2745
|
/**
|
|
2620
|
-
* @public
|
|
2621
2746
|
* <p>Tye Amazon Web Services account ID that owns the resource.</p>
|
|
2747
|
+
* @public
|
|
2622
2748
|
*/
|
|
2623
2749
|
resourceOwnerAccount: string | undefined;
|
|
2624
2750
|
/**
|
|
2625
|
-
* @public
|
|
2626
2751
|
* <p>The status of the finding.</p>
|
|
2752
|
+
* @public
|
|
2627
2753
|
*/
|
|
2628
2754
|
status: FindingStatus | undefined;
|
|
2629
2755
|
/**
|
|
2630
|
-
* @public
|
|
2631
2756
|
* <p>The time at which the finding was updated.</p>
|
|
2757
|
+
* @public
|
|
2632
2758
|
*/
|
|
2633
2759
|
updatedAt: Date | undefined;
|
|
2634
2760
|
/**
|
|
2635
|
-
* @public
|
|
2636
2761
|
* <p>A localized message that explains the finding and provides guidance on how to address
|
|
2637
2762
|
* it.</p>
|
|
2763
|
+
* @public
|
|
2638
2764
|
*/
|
|
2639
2765
|
findingDetails: FindingDetails[] | undefined;
|
|
2640
2766
|
/**
|
|
2641
|
-
* @public
|
|
2642
2767
|
* <p>The type of the finding. For external access analyzers, the type is
|
|
2643
2768
|
* <code>ExternalAccess</code>. For unused access analyzers, the type can be
|
|
2644
2769
|
* <code>UnusedIAMRole</code>, <code>UnusedIAMUserAccessKey</code>,
|
|
2645
2770
|
* <code>UnusedIAMUserPassword</code>, or <code>UnusedPermission</code>.</p>
|
|
2771
|
+
* @public
|
|
2646
2772
|
*/
|
|
2647
2773
|
findingType?: FindingType;
|
|
2648
2774
|
}
|
|
@@ -2651,130 +2777,130 @@ export interface GetFindingV2Response {
|
|
|
2651
2777
|
*/
|
|
2652
2778
|
export interface GetGeneratedPolicyRequest {
|
|
2653
2779
|
/**
|
|
2654
|
-
* @public
|
|
2655
2780
|
* <p>The <code>JobId</code> that is returned by the <code>StartPolicyGeneration</code>
|
|
2656
2781
|
* operation. The <code>JobId</code> can be used with <code>GetGeneratedPolicy</code> to
|
|
2657
2782
|
* retrieve the generated policies or used with <code>CancelPolicyGeneration</code> to cancel
|
|
2658
2783
|
* the policy generation request.</p>
|
|
2784
|
+
* @public
|
|
2659
2785
|
*/
|
|
2660
2786
|
jobId: string | undefined;
|
|
2661
2787
|
/**
|
|
2662
|
-
* @public
|
|
2663
2788
|
* <p>The level of detail that you want to generate. You can specify whether to generate
|
|
2664
2789
|
* policies with placeholders for resource ARNs for actions that support resource level
|
|
2665
2790
|
* granularity in policies.</p>
|
|
2666
2791
|
* <p>For example, in the resource section of a policy, you can receive a placeholder such as
|
|
2667
2792
|
* <code>"Resource":"arn:aws:s3:::$\{BucketName\}"</code> instead of <code>"*"</code>.</p>
|
|
2793
|
+
* @public
|
|
2668
2794
|
*/
|
|
2669
2795
|
includeResourcePlaceholders?: boolean;
|
|
2670
2796
|
/**
|
|
2671
|
-
* @public
|
|
2672
2797
|
* <p>The level of detail that you want to generate. You can specify whether to generate
|
|
2673
2798
|
* service-level policies. </p>
|
|
2674
2799
|
* <p>IAM Access Analyzer uses <code>iam:servicelastaccessed</code> to identify services that have
|
|
2675
2800
|
* been used recently to create this service-level template.</p>
|
|
2801
|
+
* @public
|
|
2676
2802
|
*/
|
|
2677
2803
|
includeServiceLevelTemplate?: boolean;
|
|
2678
2804
|
}
|
|
2679
2805
|
/**
|
|
2680
|
-
* @public
|
|
2681
2806
|
* <p>Contains the text for the generated policy.</p>
|
|
2807
|
+
* @public
|
|
2682
2808
|
*/
|
|
2683
2809
|
export interface GeneratedPolicy {
|
|
2684
2810
|
/**
|
|
2685
|
-
* @public
|
|
2686
2811
|
* <p>The text to use as the content for the new policy. The policy is created using the
|
|
2687
2812
|
* <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html">CreatePolicy</a> action.</p>
|
|
2813
|
+
* @public
|
|
2688
2814
|
*/
|
|
2689
2815
|
policy: string | undefined;
|
|
2690
2816
|
}
|
|
2691
2817
|
/**
|
|
2692
|
-
* @public
|
|
2693
2818
|
* <p>Contains details about the CloudTrail trail being analyzed to generate a policy.</p>
|
|
2819
|
+
* @public
|
|
2694
2820
|
*/
|
|
2695
2821
|
export interface TrailProperties {
|
|
2696
2822
|
/**
|
|
2697
|
-
* @public
|
|
2698
2823
|
* <p>Specifies the ARN of the trail. The format of a trail ARN is
|
|
2699
2824
|
* <code>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</code>.</p>
|
|
2825
|
+
* @public
|
|
2700
2826
|
*/
|
|
2701
2827
|
cloudTrailArn: string | undefined;
|
|
2702
2828
|
/**
|
|
2703
|
-
* @public
|
|
2704
2829
|
* <p>A list of regions to get CloudTrail data from and analyze to generate a policy.</p>
|
|
2830
|
+
* @public
|
|
2705
2831
|
*/
|
|
2706
2832
|
regions?: string[];
|
|
2707
2833
|
/**
|
|
2708
|
-
* @public
|
|
2709
2834
|
* <p>Possible values are <code>true</code> or <code>false</code>. If set to
|
|
2710
2835
|
* <code>true</code>, IAM Access Analyzer retrieves CloudTrail data from all regions to analyze and
|
|
2711
2836
|
* generate a policy.</p>
|
|
2837
|
+
* @public
|
|
2712
2838
|
*/
|
|
2713
2839
|
allRegions?: boolean;
|
|
2714
2840
|
}
|
|
2715
2841
|
/**
|
|
2716
|
-
* @public
|
|
2717
2842
|
* <p>Contains information about CloudTrail access.</p>
|
|
2843
|
+
* @public
|
|
2718
2844
|
*/
|
|
2719
2845
|
export interface CloudTrailProperties {
|
|
2720
2846
|
/**
|
|
2721
|
-
* @public
|
|
2722
2847
|
* <p>A <code>TrailProperties</code> object that contains settings for trail
|
|
2723
2848
|
* properties.</p>
|
|
2849
|
+
* @public
|
|
2724
2850
|
*/
|
|
2725
2851
|
trailProperties: TrailProperties[] | undefined;
|
|
2726
2852
|
/**
|
|
2727
|
-
* @public
|
|
2728
2853
|
* <p>The start of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events
|
|
2729
2854
|
* with a timestamp before this time are not considered to generate a policy.</p>
|
|
2855
|
+
* @public
|
|
2730
2856
|
*/
|
|
2731
2857
|
startTime: Date | undefined;
|
|
2732
2858
|
/**
|
|
2733
|
-
* @public
|
|
2734
2859
|
* <p>The end of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with
|
|
2735
2860
|
* a timestamp after this time are not considered to generate a policy. If this is not
|
|
2736
2861
|
* included in the request, the default value is the current time.</p>
|
|
2862
|
+
* @public
|
|
2737
2863
|
*/
|
|
2738
2864
|
endTime: Date | undefined;
|
|
2739
2865
|
}
|
|
2740
2866
|
/**
|
|
2741
|
-
* @public
|
|
2742
2867
|
* <p>Contains the generated policy details.</p>
|
|
2868
|
+
* @public
|
|
2743
2869
|
*/
|
|
2744
2870
|
export interface GeneratedPolicyProperties {
|
|
2745
2871
|
/**
|
|
2746
|
-
* @public
|
|
2747
2872
|
* <p>This value is set to <code>true</code> if the generated policy contains all possible
|
|
2748
2873
|
* actions for a service that IAM Access Analyzer identified from the CloudTrail trail that you specified,
|
|
2749
2874
|
* and <code>false</code> otherwise.</p>
|
|
2875
|
+
* @public
|
|
2750
2876
|
*/
|
|
2751
2877
|
isComplete?: boolean;
|
|
2752
2878
|
/**
|
|
2753
|
-
* @public
|
|
2754
2879
|
* <p>The ARN of the IAM entity (user or role) for which you are generating a policy.</p>
|
|
2880
|
+
* @public
|
|
2755
2881
|
*/
|
|
2756
2882
|
principalArn: string | undefined;
|
|
2757
2883
|
/**
|
|
2758
|
-
* @public
|
|
2759
2884
|
* <p>Lists details about the <code>Trail</code> used to generated policy.</p>
|
|
2885
|
+
* @public
|
|
2760
2886
|
*/
|
|
2761
2887
|
cloudTrailProperties?: CloudTrailProperties;
|
|
2762
2888
|
}
|
|
2763
2889
|
/**
|
|
2764
|
-
* @public
|
|
2765
2890
|
* <p>Contains the text for the generated policy and its details.</p>
|
|
2891
|
+
* @public
|
|
2766
2892
|
*/
|
|
2767
2893
|
export interface GeneratedPolicyResult {
|
|
2768
2894
|
/**
|
|
2769
|
-
* @public
|
|
2770
2895
|
* <p>A <code>GeneratedPolicyProperties</code> object that contains properties of the
|
|
2771
2896
|
* generated policy.</p>
|
|
2897
|
+
* @public
|
|
2772
2898
|
*/
|
|
2773
2899
|
properties: GeneratedPolicyProperties | undefined;
|
|
2774
2900
|
/**
|
|
2775
|
-
* @public
|
|
2776
2901
|
* <p>The text to use as the content for the new policy. The policy is created using the
|
|
2777
2902
|
* <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html">CreatePolicy</a> action.</p>
|
|
2903
|
+
* @public
|
|
2778
2904
|
*/
|
|
2779
2905
|
generatedPolicies?: GeneratedPolicy[];
|
|
2780
2906
|
}
|
|
@@ -2793,19 +2919,19 @@ export declare const JobErrorCode: {
|
|
|
2793
2919
|
*/
|
|
2794
2920
|
export type JobErrorCode = (typeof JobErrorCode)[keyof typeof JobErrorCode];
|
|
2795
2921
|
/**
|
|
2796
|
-
* @public
|
|
2797
2922
|
* <p>Contains the details about the policy generation error.</p>
|
|
2923
|
+
* @public
|
|
2798
2924
|
*/
|
|
2799
2925
|
export interface JobError {
|
|
2800
2926
|
/**
|
|
2801
|
-
* @public
|
|
2802
2927
|
* <p>The job error code.</p>
|
|
2928
|
+
* @public
|
|
2803
2929
|
*/
|
|
2804
2930
|
code: JobErrorCode | undefined;
|
|
2805
2931
|
/**
|
|
2806
|
-
* @public
|
|
2807
2932
|
* <p>Specific information about the error. For example, which service quota was exceeded or
|
|
2808
2933
|
* which resource was not found.</p>
|
|
2934
|
+
* @public
|
|
2809
2935
|
*/
|
|
2810
2936
|
message: string | undefined;
|
|
2811
2937
|
}
|
|
@@ -2824,36 +2950,36 @@ export declare const JobStatus: {
|
|
|
2824
2950
|
*/
|
|
2825
2951
|
export type JobStatus = (typeof JobStatus)[keyof typeof JobStatus];
|
|
2826
2952
|
/**
|
|
2827
|
-
* @public
|
|
2828
2953
|
* <p>Contains details about the policy generation request.</p>
|
|
2954
|
+
* @public
|
|
2829
2955
|
*/
|
|
2830
2956
|
export interface JobDetails {
|
|
2831
2957
|
/**
|
|
2832
|
-
* @public
|
|
2833
2958
|
* <p>The <code>JobId</code> that is returned by the <code>StartPolicyGeneration</code>
|
|
2834
2959
|
* operation. The <code>JobId</code> can be used with <code>GetGeneratedPolicy</code> to
|
|
2835
2960
|
* retrieve the generated policies or used with <code>CancelPolicyGeneration</code> to cancel
|
|
2836
2961
|
* the policy generation request.</p>
|
|
2962
|
+
* @public
|
|
2837
2963
|
*/
|
|
2838
2964
|
jobId: string | undefined;
|
|
2839
2965
|
/**
|
|
2840
|
-
* @public
|
|
2841
2966
|
* <p>The status of the job request.</p>
|
|
2967
|
+
* @public
|
|
2842
2968
|
*/
|
|
2843
2969
|
status: JobStatus | undefined;
|
|
2844
2970
|
/**
|
|
2845
|
-
* @public
|
|
2846
2971
|
* <p>A timestamp of when the job was started.</p>
|
|
2972
|
+
* @public
|
|
2847
2973
|
*/
|
|
2848
2974
|
startedOn: Date | undefined;
|
|
2849
2975
|
/**
|
|
2850
|
-
* @public
|
|
2851
2976
|
* <p>A timestamp of when the job was completed.</p>
|
|
2977
|
+
* @public
|
|
2852
2978
|
*/
|
|
2853
2979
|
completedOn?: Date;
|
|
2854
2980
|
/**
|
|
2855
|
-
* @public
|
|
2856
2981
|
* <p>The job error for the policy generation request.</p>
|
|
2982
|
+
* @public
|
|
2857
2983
|
*/
|
|
2858
2984
|
jobError?: JobError;
|
|
2859
2985
|
}
|
|
@@ -2862,15 +2988,15 @@ export interface JobDetails {
|
|
|
2862
2988
|
*/
|
|
2863
2989
|
export interface GetGeneratedPolicyResponse {
|
|
2864
2990
|
/**
|
|
2865
|
-
* @public
|
|
2866
2991
|
* <p>A <code>GeneratedPolicyDetails</code> object that contains details about the generated
|
|
2867
2992
|
* policy.</p>
|
|
2993
|
+
* @public
|
|
2868
2994
|
*/
|
|
2869
2995
|
jobDetails: JobDetails | undefined;
|
|
2870
2996
|
/**
|
|
2871
|
-
* @public
|
|
2872
2997
|
* <p>A <code>GeneratedPolicyResult</code> object that contains the generated policies and
|
|
2873
2998
|
* associated details.</p>
|
|
2999
|
+
* @public
|
|
2874
3000
|
*/
|
|
2875
3001
|
generatedPolicyResult: GeneratedPolicyResult | undefined;
|
|
2876
3002
|
}
|
|
@@ -2879,29 +3005,29 @@ export interface GetGeneratedPolicyResponse {
|
|
|
2879
3005
|
*/
|
|
2880
3006
|
export interface ListAccessPreviewFindingsRequest {
|
|
2881
3007
|
/**
|
|
2882
|
-
* @public
|
|
2883
3008
|
* <p>The unique ID for the access preview.</p>
|
|
3009
|
+
* @public
|
|
2884
3010
|
*/
|
|
2885
3011
|
accessPreviewId: string | undefined;
|
|
2886
3012
|
/**
|
|
2887
|
-
* @public
|
|
2888
3013
|
* <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
|
|
2889
3014
|
* the analyzer</a> used to generate the access.</p>
|
|
3015
|
+
* @public
|
|
2890
3016
|
*/
|
|
2891
3017
|
analyzerArn: string | undefined;
|
|
2892
3018
|
/**
|
|
2893
|
-
* @public
|
|
2894
3019
|
* <p>Criteria to filter the returned findings.</p>
|
|
3020
|
+
* @public
|
|
2895
3021
|
*/
|
|
2896
3022
|
filter?: Record<string, Criterion>;
|
|
2897
3023
|
/**
|
|
2898
|
-
* @public
|
|
2899
3024
|
* <p>A token used for pagination of results returned.</p>
|
|
3025
|
+
* @public
|
|
2900
3026
|
*/
|
|
2901
3027
|
nextToken?: string;
|
|
2902
3028
|
/**
|
|
2903
|
-
* @public
|
|
2904
3029
|
* <p>The maximum number of results to return in the response.</p>
|
|
3030
|
+
* @public
|
|
2905
3031
|
*/
|
|
2906
3032
|
maxResults?: number;
|
|
2907
3033
|
}
|
|
@@ -2919,68 +3045,67 @@ export declare const FindingChangeType: {
|
|
|
2919
3045
|
*/
|
|
2920
3046
|
export type FindingChangeType = (typeof FindingChangeType)[keyof typeof FindingChangeType];
|
|
2921
3047
|
/**
|
|
2922
|
-
* @public
|
|
2923
3048
|
* <p>An access preview finding generated by the access preview.</p>
|
|
3049
|
+
* @public
|
|
2924
3050
|
*/
|
|
2925
3051
|
export interface AccessPreviewFinding {
|
|
2926
3052
|
/**
|
|
2927
|
-
* @public
|
|
2928
3053
|
* <p>The ID of the access preview finding. This ID uniquely identifies the element in the
|
|
2929
3054
|
* list of access preview findings and is not related to the finding ID in Access
|
|
2930
3055
|
* Analyzer.</p>
|
|
3056
|
+
* @public
|
|
2931
3057
|
*/
|
|
2932
3058
|
id: string | undefined;
|
|
2933
3059
|
/**
|
|
2934
|
-
* @public
|
|
2935
3060
|
* <p>The existing ID of the finding in IAM Access Analyzer, provided only for existing
|
|
2936
3061
|
* findings.</p>
|
|
3062
|
+
* @public
|
|
2937
3063
|
*/
|
|
2938
3064
|
existingFindingId?: string;
|
|
2939
3065
|
/**
|
|
2940
|
-
* @public
|
|
2941
3066
|
* <p>The existing status of the finding, provided only for existing findings.</p>
|
|
3067
|
+
* @public
|
|
2942
3068
|
*/
|
|
2943
3069
|
existingFindingStatus?: FindingStatus;
|
|
2944
3070
|
/**
|
|
2945
|
-
* @public
|
|
2946
3071
|
* <p>The external principal that has access to a resource within the zone of trust.</p>
|
|
3072
|
+
* @public
|
|
2947
3073
|
*/
|
|
2948
3074
|
principal?: Record<string, string>;
|
|
2949
3075
|
/**
|
|
2950
|
-
* @public
|
|
2951
3076
|
* <p>The action in the analyzed policy statement that an external principal has permission to
|
|
2952
3077
|
* perform.</p>
|
|
3078
|
+
* @public
|
|
2953
3079
|
*/
|
|
2954
3080
|
action?: string[];
|
|
2955
3081
|
/**
|
|
2956
|
-
* @public
|
|
2957
3082
|
* <p>The condition in the analyzed policy statement that resulted in a finding.</p>
|
|
3083
|
+
* @public
|
|
2958
3084
|
*/
|
|
2959
3085
|
condition?: Record<string, string>;
|
|
2960
3086
|
/**
|
|
2961
|
-
* @public
|
|
2962
3087
|
* <p>The resource that an external principal has access to. This is the resource associated
|
|
2963
3088
|
* with the access preview.</p>
|
|
3089
|
+
* @public
|
|
2964
3090
|
*/
|
|
2965
3091
|
resource?: string;
|
|
2966
3092
|
/**
|
|
2967
|
-
* @public
|
|
2968
3093
|
* <p>Indicates whether the policy that generated the finding allows public access to the
|
|
2969
3094
|
* resource.</p>
|
|
3095
|
+
* @public
|
|
2970
3096
|
*/
|
|
2971
3097
|
isPublic?: boolean;
|
|
2972
3098
|
/**
|
|
2973
|
-
* @public
|
|
2974
3099
|
* <p>The type of the resource that can be accessed in the finding.</p>
|
|
3100
|
+
* @public
|
|
2975
3101
|
*/
|
|
2976
3102
|
resourceType: ResourceType | undefined;
|
|
2977
3103
|
/**
|
|
2978
|
-
* @public
|
|
2979
3104
|
* <p>The time at which the access preview finding was created.</p>
|
|
3105
|
+
* @public
|
|
2980
3106
|
*/
|
|
2981
3107
|
createdAt: Date | undefined;
|
|
2982
3108
|
/**
|
|
2983
|
-
* @public
|
|
2984
3109
|
* <p>Provides context on how the access preview finding compares to existing access
|
|
2985
3110
|
* identified in IAM Access Analyzer.</p>
|
|
2986
3111
|
* <ul>
|
|
@@ -3002,32 +3127,33 @@ export interface AccessPreviewFinding {
|
|
|
3002
3127
|
* <p>For example, a <code>Changed</code> finding with preview status <code>Resolved</code>
|
|
3003
3128
|
* and existing status <code>Active</code> indicates the existing <code>Active</code> finding
|
|
3004
3129
|
* would become <code>Resolved</code> as a result of the proposed permissions change.</p>
|
|
3130
|
+
* @public
|
|
3005
3131
|
*/
|
|
3006
3132
|
changeType: FindingChangeType | undefined;
|
|
3007
3133
|
/**
|
|
3008
|
-
* @public
|
|
3009
3134
|
* <p>The preview status of the finding. This is what the status of the finding would be after
|
|
3010
3135
|
* permissions deployment. For example, a <code>Changed</code> finding with preview status
|
|
3011
3136
|
* <code>Resolved</code> and existing status <code>Active</code> indicates the existing
|
|
3012
3137
|
* <code>Active</code> finding would become <code>Resolved</code> as a result of the
|
|
3013
3138
|
* proposed permissions change.</p>
|
|
3139
|
+
* @public
|
|
3014
3140
|
*/
|
|
3015
3141
|
status: FindingStatus | undefined;
|
|
3016
3142
|
/**
|
|
3017
|
-
* @public
|
|
3018
3143
|
* <p>The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning
|
|
3019
3144
|
* account is the account in which the resource was created.</p>
|
|
3145
|
+
* @public
|
|
3020
3146
|
*/
|
|
3021
3147
|
resourceOwnerAccount: string | undefined;
|
|
3022
3148
|
/**
|
|
3023
|
-
* @public
|
|
3024
3149
|
* <p>An error.</p>
|
|
3150
|
+
* @public
|
|
3025
3151
|
*/
|
|
3026
3152
|
error?: string;
|
|
3027
3153
|
/**
|
|
3028
|
-
* @public
|
|
3029
3154
|
* <p>The sources of the finding. This indicates how the access that generated the finding is
|
|
3030
3155
|
* granted. It is populated for Amazon S3 bucket findings.</p>
|
|
3156
|
+
* @public
|
|
3031
3157
|
*/
|
|
3032
3158
|
sources?: FindingSource[];
|
|
3033
3159
|
}
|
|
@@ -3036,13 +3162,13 @@ export interface AccessPreviewFinding {
|
|
|
3036
3162
|
*/
|
|
3037
3163
|
export interface ListAccessPreviewFindingsResponse {
|
|
3038
3164
|
/**
|
|
3039
|
-
* @public
|
|
3040
3165
|
* <p>A list of access preview findings that match the specified filter criteria.</p>
|
|
3166
|
+
* @public
|
|
3041
3167
|
*/
|
|
3042
3168
|
findings: AccessPreviewFinding[] | undefined;
|
|
3043
3169
|
/**
|
|
3044
|
-
* @public
|
|
3045
3170
|
* <p>A token used for pagination of results returned.</p>
|
|
3171
|
+
* @public
|
|
3046
3172
|
*/
|
|
3047
3173
|
nextToken?: string;
|
|
3048
3174
|
}
|
|
@@ -3051,44 +3177,43 @@ export interface ListAccessPreviewFindingsResponse {
|
|
|
3051
3177
|
*/
|
|
3052
3178
|
export interface ListAccessPreviewsRequest {
|
|
3053
3179
|
/**
|
|
3054
|
-
* @public
|
|
3055
3180
|
* <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
|
|
3056
3181
|
* the analyzer</a> used to generate the access preview.</p>
|
|
3182
|
+
* @public
|
|
3057
3183
|
*/
|
|
3058
3184
|
analyzerArn: string | undefined;
|
|
3059
3185
|
/**
|
|
3060
|
-
* @public
|
|
3061
3186
|
* <p>A token used for pagination of results returned.</p>
|
|
3187
|
+
* @public
|
|
3062
3188
|
*/
|
|
3063
3189
|
nextToken?: string;
|
|
3064
3190
|
/**
|
|
3065
|
-
* @public
|
|
3066
3191
|
* <p>The maximum number of results to return in the response.</p>
|
|
3192
|
+
* @public
|
|
3067
3193
|
*/
|
|
3068
3194
|
maxResults?: number;
|
|
3069
3195
|
}
|
|
3070
3196
|
/**
|
|
3071
|
-
* @public
|
|
3072
3197
|
* <p>Contains a summary of information about an access preview.</p>
|
|
3198
|
+
* @public
|
|
3073
3199
|
*/
|
|
3074
3200
|
export interface AccessPreviewSummary {
|
|
3075
3201
|
/**
|
|
3076
|
-
* @public
|
|
3077
3202
|
* <p>The unique ID for the access preview.</p>
|
|
3203
|
+
* @public
|
|
3078
3204
|
*/
|
|
3079
3205
|
id: string | undefined;
|
|
3080
3206
|
/**
|
|
3081
|
-
* @public
|
|
3082
3207
|
* <p>The ARN of the analyzer used to generate the access preview.</p>
|
|
3208
|
+
* @public
|
|
3083
3209
|
*/
|
|
3084
3210
|
analyzerArn: string | undefined;
|
|
3085
3211
|
/**
|
|
3086
|
-
* @public
|
|
3087
3212
|
* <p>The time at which the access preview was created.</p>
|
|
3213
|
+
* @public
|
|
3088
3214
|
*/
|
|
3089
3215
|
createdAt: Date | undefined;
|
|
3090
3216
|
/**
|
|
3091
|
-
* @public
|
|
3092
3217
|
* <p>The status of the access preview.</p>
|
|
3093
3218
|
* <ul>
|
|
3094
3219
|
* <li>
|
|
@@ -3105,14 +3230,15 @@ export interface AccessPreviewSummary {
|
|
|
3105
3230
|
* <code>Failed</code> - The access preview creation has failed.</p>
|
|
3106
3231
|
* </li>
|
|
3107
3232
|
* </ul>
|
|
3233
|
+
* @public
|
|
3108
3234
|
*/
|
|
3109
3235
|
status: AccessPreviewStatus | undefined;
|
|
3110
3236
|
/**
|
|
3111
|
-
* @public
|
|
3112
3237
|
* <p>Provides more details about the current status of the access preview. For example, if
|
|
3113
3238
|
* the creation of the access preview fails, a <code>Failed</code> status is returned. This
|
|
3114
3239
|
* failure can be due to an internal issue with the analysis or due to an invalid proposed
|
|
3115
3240
|
* resource configuration.</p>
|
|
3241
|
+
* @public
|
|
3116
3242
|
*/
|
|
3117
3243
|
statusReason?: AccessPreviewStatusReason;
|
|
3118
3244
|
}
|
|
@@ -3121,77 +3247,77 @@ export interface AccessPreviewSummary {
|
|
|
3121
3247
|
*/
|
|
3122
3248
|
export interface ListAccessPreviewsResponse {
|
|
3123
3249
|
/**
|
|
3124
|
-
* @public
|
|
3125
3250
|
* <p>A list of access previews retrieved for the analyzer.</p>
|
|
3251
|
+
* @public
|
|
3126
3252
|
*/
|
|
3127
3253
|
accessPreviews: AccessPreviewSummary[] | undefined;
|
|
3128
3254
|
/**
|
|
3129
|
-
* @public
|
|
3130
3255
|
* <p>A token used for pagination of results returned.</p>
|
|
3256
|
+
* @public
|
|
3131
3257
|
*/
|
|
3132
3258
|
nextToken?: string;
|
|
3133
3259
|
}
|
|
3134
3260
|
/**
|
|
3135
|
-
* @public
|
|
3136
3261
|
* <p>Retrieves a list of resources that have been analyzed.</p>
|
|
3262
|
+
* @public
|
|
3137
3263
|
*/
|
|
3138
3264
|
export interface ListAnalyzedResourcesRequest {
|
|
3139
3265
|
/**
|
|
3140
|
-
* @public
|
|
3141
3266
|
* <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
|
|
3142
3267
|
* the analyzer</a> to retrieve a list of analyzed resources from.</p>
|
|
3268
|
+
* @public
|
|
3143
3269
|
*/
|
|
3144
3270
|
analyzerArn: string | undefined;
|
|
3145
3271
|
/**
|
|
3146
|
-
* @public
|
|
3147
3272
|
* <p>The type of resource.</p>
|
|
3273
|
+
* @public
|
|
3148
3274
|
*/
|
|
3149
3275
|
resourceType?: ResourceType;
|
|
3150
3276
|
/**
|
|
3151
|
-
* @public
|
|
3152
3277
|
* <p>A token used for pagination of results returned.</p>
|
|
3278
|
+
* @public
|
|
3153
3279
|
*/
|
|
3154
3280
|
nextToken?: string;
|
|
3155
3281
|
/**
|
|
3156
|
-
* @public
|
|
3157
3282
|
* <p>The maximum number of results to return in the response.</p>
|
|
3283
|
+
* @public
|
|
3158
3284
|
*/
|
|
3159
3285
|
maxResults?: number;
|
|
3160
3286
|
}
|
|
3161
3287
|
/**
|
|
3162
|
-
* @public
|
|
3163
3288
|
* <p>Contains the ARN of the analyzed resource.</p>
|
|
3289
|
+
* @public
|
|
3164
3290
|
*/
|
|
3165
3291
|
export interface AnalyzedResourceSummary {
|
|
3166
3292
|
/**
|
|
3167
|
-
* @public
|
|
3168
3293
|
* <p>The ARN of the analyzed resource.</p>
|
|
3294
|
+
* @public
|
|
3169
3295
|
*/
|
|
3170
3296
|
resourceArn: string | undefined;
|
|
3171
3297
|
/**
|
|
3172
|
-
* @public
|
|
3173
3298
|
* <p>The Amazon Web Services account ID that owns the resource.</p>
|
|
3299
|
+
* @public
|
|
3174
3300
|
*/
|
|
3175
3301
|
resourceOwnerAccount: string | undefined;
|
|
3176
3302
|
/**
|
|
3177
|
-
* @public
|
|
3178
3303
|
* <p>The type of resource that was analyzed.</p>
|
|
3304
|
+
* @public
|
|
3179
3305
|
*/
|
|
3180
3306
|
resourceType: ResourceType | undefined;
|
|
3181
3307
|
}
|
|
3182
3308
|
/**
|
|
3183
|
-
* @public
|
|
3184
3309
|
* <p>The response to the request.</p>
|
|
3310
|
+
* @public
|
|
3185
3311
|
*/
|
|
3186
3312
|
export interface ListAnalyzedResourcesResponse {
|
|
3187
3313
|
/**
|
|
3188
|
-
* @public
|
|
3189
3314
|
* <p>A list of resources that were analyzed.</p>
|
|
3315
|
+
* @public
|
|
3190
3316
|
*/
|
|
3191
3317
|
analyzedResources: AnalyzedResourceSummary[] | undefined;
|
|
3192
3318
|
/**
|
|
3193
|
-
* @public
|
|
3194
3319
|
* <p>A token used for pagination of results returned.</p>
|
|
3320
|
+
* @public
|
|
3195
3321
|
*/
|
|
3196
3322
|
nextToken?: string;
|
|
3197
3323
|
}
|
|
@@ -3200,147 +3326,147 @@ export interface ListAnalyzedResourcesResponse {
|
|
|
3200
3326
|
*/
|
|
3201
3327
|
export type OrderBy = "ASC" | "DESC";
|
|
3202
3328
|
/**
|
|
3203
|
-
* @public
|
|
3204
3329
|
* <p>The criteria used to sort.</p>
|
|
3330
|
+
* @public
|
|
3205
3331
|
*/
|
|
3206
3332
|
export interface SortCriteria {
|
|
3207
3333
|
/**
|
|
3208
|
-
* @public
|
|
3209
3334
|
* <p>The name of the attribute to sort on.</p>
|
|
3335
|
+
* @public
|
|
3210
3336
|
*/
|
|
3211
3337
|
attributeName?: string;
|
|
3212
3338
|
/**
|
|
3213
|
-
* @public
|
|
3214
3339
|
* <p>The sort order, ascending or descending.</p>
|
|
3340
|
+
* @public
|
|
3215
3341
|
*/
|
|
3216
3342
|
orderBy?: OrderBy;
|
|
3217
3343
|
}
|
|
3218
3344
|
/**
|
|
3219
|
-
* @public
|
|
3220
3345
|
* <p>Retrieves a list of findings generated by the specified analyzer.</p>
|
|
3346
|
+
* @public
|
|
3221
3347
|
*/
|
|
3222
3348
|
export interface ListFindingsRequest {
|
|
3223
3349
|
/**
|
|
3224
|
-
* @public
|
|
3225
3350
|
* <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
|
|
3226
3351
|
* the analyzer</a> to retrieve findings from.</p>
|
|
3352
|
+
* @public
|
|
3227
3353
|
*/
|
|
3228
3354
|
analyzerArn: string | undefined;
|
|
3229
3355
|
/**
|
|
3230
|
-
* @public
|
|
3231
3356
|
* <p>A filter to match for the findings to return.</p>
|
|
3357
|
+
* @public
|
|
3232
3358
|
*/
|
|
3233
3359
|
filter?: Record<string, Criterion>;
|
|
3234
3360
|
/**
|
|
3235
|
-
* @public
|
|
3236
3361
|
* <p>The sort order for the findings returned.</p>
|
|
3362
|
+
* @public
|
|
3237
3363
|
*/
|
|
3238
3364
|
sort?: SortCriteria;
|
|
3239
3365
|
/**
|
|
3240
|
-
* @public
|
|
3241
3366
|
* <p>A token used for pagination of results returned.</p>
|
|
3367
|
+
* @public
|
|
3242
3368
|
*/
|
|
3243
3369
|
nextToken?: string;
|
|
3244
3370
|
/**
|
|
3245
|
-
* @public
|
|
3246
3371
|
* <p>The maximum number of results to return in the response.</p>
|
|
3372
|
+
* @public
|
|
3247
3373
|
*/
|
|
3248
3374
|
maxResults?: number;
|
|
3249
3375
|
}
|
|
3250
3376
|
/**
|
|
3251
|
-
* @public
|
|
3252
3377
|
* <p>Contains information about a finding.</p>
|
|
3378
|
+
* @public
|
|
3253
3379
|
*/
|
|
3254
3380
|
export interface FindingSummary {
|
|
3255
3381
|
/**
|
|
3256
|
-
* @public
|
|
3257
3382
|
* <p>The ID of the finding.</p>
|
|
3383
|
+
* @public
|
|
3258
3384
|
*/
|
|
3259
3385
|
id: string | undefined;
|
|
3260
3386
|
/**
|
|
3261
|
-
* @public
|
|
3262
3387
|
* <p>The external principal that has access to a resource within the zone of trust.</p>
|
|
3388
|
+
* @public
|
|
3263
3389
|
*/
|
|
3264
3390
|
principal?: Record<string, string>;
|
|
3265
3391
|
/**
|
|
3266
|
-
* @public
|
|
3267
3392
|
* <p>The action in the analyzed policy statement that an external principal has permission to
|
|
3268
3393
|
* use.</p>
|
|
3394
|
+
* @public
|
|
3269
3395
|
*/
|
|
3270
3396
|
action?: string[];
|
|
3271
3397
|
/**
|
|
3272
|
-
* @public
|
|
3273
3398
|
* <p>The resource that the external principal has access to.</p>
|
|
3399
|
+
* @public
|
|
3274
3400
|
*/
|
|
3275
3401
|
resource?: string;
|
|
3276
3402
|
/**
|
|
3277
|
-
* @public
|
|
3278
3403
|
* <p>Indicates whether the finding reports a resource that has a policy that allows public
|
|
3279
3404
|
* access.</p>
|
|
3405
|
+
* @public
|
|
3280
3406
|
*/
|
|
3281
3407
|
isPublic?: boolean;
|
|
3282
3408
|
/**
|
|
3283
|
-
* @public
|
|
3284
3409
|
* <p>The type of the resource that the external principal has access to.</p>
|
|
3410
|
+
* @public
|
|
3285
3411
|
*/
|
|
3286
3412
|
resourceType: ResourceType | undefined;
|
|
3287
3413
|
/**
|
|
3288
|
-
* @public
|
|
3289
3414
|
* <p>The condition in the analyzed policy statement that resulted in a finding.</p>
|
|
3415
|
+
* @public
|
|
3290
3416
|
*/
|
|
3291
3417
|
condition: Record<string, string> | undefined;
|
|
3292
3418
|
/**
|
|
3293
|
-
* @public
|
|
3294
3419
|
* <p>The time at which the finding was created.</p>
|
|
3420
|
+
* @public
|
|
3295
3421
|
*/
|
|
3296
3422
|
createdAt: Date | undefined;
|
|
3297
3423
|
/**
|
|
3298
|
-
* @public
|
|
3299
3424
|
* <p>The time at which the resource-based policy that generated the finding was
|
|
3300
3425
|
* analyzed.</p>
|
|
3426
|
+
* @public
|
|
3301
3427
|
*/
|
|
3302
3428
|
analyzedAt: Date | undefined;
|
|
3303
3429
|
/**
|
|
3304
|
-
* @public
|
|
3305
3430
|
* <p>The time at which the finding was most recently updated.</p>
|
|
3431
|
+
* @public
|
|
3306
3432
|
*/
|
|
3307
3433
|
updatedAt: Date | undefined;
|
|
3308
3434
|
/**
|
|
3309
|
-
* @public
|
|
3310
3435
|
* <p>The status of the finding.</p>
|
|
3436
|
+
* @public
|
|
3311
3437
|
*/
|
|
3312
3438
|
status: FindingStatus | undefined;
|
|
3313
3439
|
/**
|
|
3314
|
-
* @public
|
|
3315
3440
|
* <p>The Amazon Web Services account ID that owns the resource.</p>
|
|
3441
|
+
* @public
|
|
3316
3442
|
*/
|
|
3317
3443
|
resourceOwnerAccount: string | undefined;
|
|
3318
3444
|
/**
|
|
3319
|
-
* @public
|
|
3320
3445
|
* <p>The error that resulted in an Error finding.</p>
|
|
3446
|
+
* @public
|
|
3321
3447
|
*/
|
|
3322
3448
|
error?: string;
|
|
3323
3449
|
/**
|
|
3324
|
-
* @public
|
|
3325
3450
|
* <p>The sources of the finding. This indicates how the access that generated the finding is
|
|
3326
3451
|
* granted. It is populated for Amazon S3 bucket findings.</p>
|
|
3452
|
+
* @public
|
|
3327
3453
|
*/
|
|
3328
3454
|
sources?: FindingSource[];
|
|
3329
3455
|
}
|
|
3330
3456
|
/**
|
|
3331
|
-
* @public
|
|
3332
3457
|
* <p>The response to the request.</p>
|
|
3458
|
+
* @public
|
|
3333
3459
|
*/
|
|
3334
3460
|
export interface ListFindingsResponse {
|
|
3335
3461
|
/**
|
|
3336
|
-
* @public
|
|
3337
3462
|
* <p>A list of findings retrieved from the analyzer that match the filter criteria specified,
|
|
3338
3463
|
* if any.</p>
|
|
3464
|
+
* @public
|
|
3339
3465
|
*/
|
|
3340
3466
|
findings: FindingSummary[] | undefined;
|
|
3341
3467
|
/**
|
|
3342
|
-
* @public
|
|
3343
3468
|
* <p>A token used for pagination of results returned.</p>
|
|
3469
|
+
* @public
|
|
3344
3470
|
*/
|
|
3345
3471
|
nextToken?: string;
|
|
3346
3472
|
}
|
|
@@ -3349,86 +3475,86 @@ export interface ListFindingsResponse {
|
|
|
3349
3475
|
*/
|
|
3350
3476
|
export interface ListFindingsV2Request {
|
|
3351
3477
|
/**
|
|
3352
|
-
* @public
|
|
3353
3478
|
* <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
|
|
3354
3479
|
* the analyzer</a> to retrieve findings from.</p>
|
|
3480
|
+
* @public
|
|
3355
3481
|
*/
|
|
3356
3482
|
analyzerArn: string | undefined;
|
|
3357
3483
|
/**
|
|
3358
|
-
* @public
|
|
3359
3484
|
* <p>A filter to match for the findings to return.</p>
|
|
3485
|
+
* @public
|
|
3360
3486
|
*/
|
|
3361
3487
|
filter?: Record<string, Criterion>;
|
|
3362
3488
|
/**
|
|
3363
|
-
* @public
|
|
3364
3489
|
* <p>The maximum number of results to return in the response.</p>
|
|
3490
|
+
* @public
|
|
3365
3491
|
*/
|
|
3366
3492
|
maxResults?: number;
|
|
3367
3493
|
/**
|
|
3368
|
-
* @public
|
|
3369
3494
|
* <p>A token used for pagination of results returned.</p>
|
|
3495
|
+
* @public
|
|
3370
3496
|
*/
|
|
3371
3497
|
nextToken?: string;
|
|
3372
3498
|
/**
|
|
3373
|
-
* @public
|
|
3374
3499
|
* <p>The criteria used to sort.</p>
|
|
3500
|
+
* @public
|
|
3375
3501
|
*/
|
|
3376
3502
|
sort?: SortCriteria;
|
|
3377
3503
|
}
|
|
3378
3504
|
/**
|
|
3379
|
-
* @public
|
|
3380
3505
|
* <p>Contains information about a finding.</p>
|
|
3506
|
+
* @public
|
|
3381
3507
|
*/
|
|
3382
3508
|
export interface FindingSummaryV2 {
|
|
3383
3509
|
/**
|
|
3384
|
-
* @public
|
|
3385
3510
|
* <p>The time at which the resource-based policy or IAM entity that generated the finding
|
|
3386
3511
|
* was analyzed.</p>
|
|
3512
|
+
* @public
|
|
3387
3513
|
*/
|
|
3388
3514
|
analyzedAt: Date | undefined;
|
|
3389
3515
|
/**
|
|
3390
|
-
* @public
|
|
3391
3516
|
* <p>The time at which the finding was created.</p>
|
|
3517
|
+
* @public
|
|
3392
3518
|
*/
|
|
3393
3519
|
createdAt: Date | undefined;
|
|
3394
3520
|
/**
|
|
3395
|
-
* @public
|
|
3396
3521
|
* <p>The error that resulted in an Error finding.</p>
|
|
3522
|
+
* @public
|
|
3397
3523
|
*/
|
|
3398
3524
|
error?: string;
|
|
3399
3525
|
/**
|
|
3400
|
-
* @public
|
|
3401
3526
|
* <p>The ID of the finding.</p>
|
|
3527
|
+
* @public
|
|
3402
3528
|
*/
|
|
3403
3529
|
id: string | undefined;
|
|
3404
3530
|
/**
|
|
3405
|
-
* @public
|
|
3406
3531
|
* <p>The resource that the external principal has access to.</p>
|
|
3532
|
+
* @public
|
|
3407
3533
|
*/
|
|
3408
3534
|
resource?: string;
|
|
3409
3535
|
/**
|
|
3410
|
-
* @public
|
|
3411
3536
|
* <p>The type of the resource that the external principal has access to.</p>
|
|
3537
|
+
* @public
|
|
3412
3538
|
*/
|
|
3413
3539
|
resourceType: ResourceType | undefined;
|
|
3414
3540
|
/**
|
|
3415
|
-
* @public
|
|
3416
3541
|
* <p>The Amazon Web Services account ID that owns the resource.</p>
|
|
3542
|
+
* @public
|
|
3417
3543
|
*/
|
|
3418
3544
|
resourceOwnerAccount: string | undefined;
|
|
3419
3545
|
/**
|
|
3420
|
-
* @public
|
|
3421
3546
|
* <p>The status of the finding.</p>
|
|
3547
|
+
* @public
|
|
3422
3548
|
*/
|
|
3423
3549
|
status: FindingStatus | undefined;
|
|
3424
3550
|
/**
|
|
3425
|
-
* @public
|
|
3426
3551
|
* <p>The time at which the finding was most recently updated.</p>
|
|
3552
|
+
* @public
|
|
3427
3553
|
*/
|
|
3428
3554
|
updatedAt: Date | undefined;
|
|
3429
3555
|
/**
|
|
3430
|
-
* @public
|
|
3431
3556
|
* <p>The type of the external access or unused access finding.</p>
|
|
3557
|
+
* @public
|
|
3432
3558
|
*/
|
|
3433
3559
|
findingType?: FindingType;
|
|
3434
3560
|
}
|
|
@@ -3437,14 +3563,14 @@ export interface FindingSummaryV2 {
|
|
|
3437
3563
|
*/
|
|
3438
3564
|
export interface ListFindingsV2Response {
|
|
3439
3565
|
/**
|
|
3440
|
-
* @public
|
|
3441
3566
|
* <p>A list of findings retrieved from the analyzer that match the filter criteria specified,
|
|
3442
3567
|
* if any.</p>
|
|
3568
|
+
* @public
|
|
3443
3569
|
*/
|
|
3444
3570
|
findings: FindingSummaryV2[] | undefined;
|
|
3445
3571
|
/**
|
|
3446
|
-
* @public
|
|
3447
3572
|
* <p>A token used for pagination of results returned.</p>
|
|
3573
|
+
* @public
|
|
3448
3574
|
*/
|
|
3449
3575
|
nextToken?: string;
|
|
3450
3576
|
}
|
|
@@ -3453,54 +3579,54 @@ export interface ListFindingsV2Response {
|
|
|
3453
3579
|
*/
|
|
3454
3580
|
export interface ListPolicyGenerationsRequest {
|
|
3455
3581
|
/**
|
|
3456
|
-
* @public
|
|
3457
3582
|
* <p>The ARN of the IAM entity (user or role) for which you are generating a policy. Use
|
|
3458
3583
|
* this with <code>ListGeneratedPolicies</code> to filter the results to only include results
|
|
3459
3584
|
* for a specific principal.</p>
|
|
3585
|
+
* @public
|
|
3460
3586
|
*/
|
|
3461
3587
|
principalArn?: string;
|
|
3462
3588
|
/**
|
|
3463
|
-
* @public
|
|
3464
3589
|
* <p>The maximum number of results to return in the response.</p>
|
|
3590
|
+
* @public
|
|
3465
3591
|
*/
|
|
3466
3592
|
maxResults?: number;
|
|
3467
3593
|
/**
|
|
3468
|
-
* @public
|
|
3469
3594
|
* <p>A token used for pagination of results returned.</p>
|
|
3595
|
+
* @public
|
|
3470
3596
|
*/
|
|
3471
3597
|
nextToken?: string;
|
|
3472
3598
|
}
|
|
3473
3599
|
/**
|
|
3474
|
-
* @public
|
|
3475
3600
|
* <p>Contains details about the policy generation status and properties.</p>
|
|
3601
|
+
* @public
|
|
3476
3602
|
*/
|
|
3477
3603
|
export interface PolicyGeneration {
|
|
3478
3604
|
/**
|
|
3479
|
-
* @public
|
|
3480
3605
|
* <p>The <code>JobId</code> that is returned by the <code>StartPolicyGeneration</code>
|
|
3481
3606
|
* operation. The <code>JobId</code> can be used with <code>GetGeneratedPolicy</code> to
|
|
3482
3607
|
* retrieve the generated policies or used with <code>CancelPolicyGeneration</code> to cancel
|
|
3483
3608
|
* the policy generation request.</p>
|
|
3609
|
+
* @public
|
|
3484
3610
|
*/
|
|
3485
3611
|
jobId: string | undefined;
|
|
3486
3612
|
/**
|
|
3487
|
-
* @public
|
|
3488
3613
|
* <p>The ARN of the IAM entity (user or role) for which you are generating a policy.</p>
|
|
3614
|
+
* @public
|
|
3489
3615
|
*/
|
|
3490
3616
|
principalArn: string | undefined;
|
|
3491
3617
|
/**
|
|
3492
|
-
* @public
|
|
3493
3618
|
* <p>The status of the policy generation request.</p>
|
|
3619
|
+
* @public
|
|
3494
3620
|
*/
|
|
3495
3621
|
status: JobStatus | undefined;
|
|
3496
3622
|
/**
|
|
3497
|
-
* @public
|
|
3498
3623
|
* <p>A timestamp of when the policy generation started.</p>
|
|
3624
|
+
* @public
|
|
3499
3625
|
*/
|
|
3500
3626
|
startedOn: Date | undefined;
|
|
3501
3627
|
/**
|
|
3502
|
-
* @public
|
|
3503
3628
|
* <p>A timestamp of when the policy generation was completed.</p>
|
|
3629
|
+
* @public
|
|
3504
3630
|
*/
|
|
3505
3631
|
completedOn?: Date;
|
|
3506
3632
|
}
|
|
@@ -3509,102 +3635,102 @@ export interface PolicyGeneration {
|
|
|
3509
3635
|
*/
|
|
3510
3636
|
export interface ListPolicyGenerationsResponse {
|
|
3511
3637
|
/**
|
|
3512
|
-
* @public
|
|
3513
3638
|
* <p>A <code>PolicyGeneration</code> object that contains details about the generated
|
|
3514
3639
|
* policy.</p>
|
|
3640
|
+
* @public
|
|
3515
3641
|
*/
|
|
3516
3642
|
policyGenerations: PolicyGeneration[] | undefined;
|
|
3517
3643
|
/**
|
|
3518
|
-
* @public
|
|
3519
3644
|
* <p>A token used for pagination of results returned.</p>
|
|
3645
|
+
* @public
|
|
3520
3646
|
*/
|
|
3521
3647
|
nextToken?: string;
|
|
3522
3648
|
}
|
|
3523
3649
|
/**
|
|
3524
|
-
* @public
|
|
3525
3650
|
* <p>Retrieves a list of tags applied to the specified resource.</p>
|
|
3651
|
+
* @public
|
|
3526
3652
|
*/
|
|
3527
3653
|
export interface ListTagsForResourceRequest {
|
|
3528
3654
|
/**
|
|
3529
|
-
* @public
|
|
3530
3655
|
* <p>The ARN of the resource to retrieve tags from.</p>
|
|
3656
|
+
* @public
|
|
3531
3657
|
*/
|
|
3532
3658
|
resourceArn: string | undefined;
|
|
3533
3659
|
}
|
|
3534
3660
|
/**
|
|
3535
|
-
* @public
|
|
3536
3661
|
* <p>The response to the request.</p>
|
|
3662
|
+
* @public
|
|
3537
3663
|
*/
|
|
3538
3664
|
export interface ListTagsForResourceResponse {
|
|
3539
3665
|
/**
|
|
3540
|
-
* @public
|
|
3541
3666
|
* <p>The tags that are applied to the specified resource.</p>
|
|
3667
|
+
* @public
|
|
3542
3668
|
*/
|
|
3543
3669
|
tags?: Record<string, string>;
|
|
3544
3670
|
}
|
|
3545
3671
|
/**
|
|
3546
|
-
* @public
|
|
3547
3672
|
* <p>Contains details about the CloudTrail trail being analyzed to generate a policy.</p>
|
|
3673
|
+
* @public
|
|
3548
3674
|
*/
|
|
3549
3675
|
export interface Trail {
|
|
3550
3676
|
/**
|
|
3551
|
-
* @public
|
|
3552
3677
|
* <p>Specifies the ARN of the trail. The format of a trail ARN is
|
|
3553
3678
|
* <code>arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail</code>.</p>
|
|
3679
|
+
* @public
|
|
3554
3680
|
*/
|
|
3555
3681
|
cloudTrailArn: string | undefined;
|
|
3556
3682
|
/**
|
|
3557
|
-
* @public
|
|
3558
3683
|
* <p>A list of regions to get CloudTrail data from and analyze to generate a policy.</p>
|
|
3684
|
+
* @public
|
|
3559
3685
|
*/
|
|
3560
3686
|
regions?: string[];
|
|
3561
3687
|
/**
|
|
3562
|
-
* @public
|
|
3563
3688
|
* <p>Possible values are <code>true</code> or <code>false</code>. If set to
|
|
3564
3689
|
* <code>true</code>, IAM Access Analyzer retrieves CloudTrail data from all regions to analyze and
|
|
3565
3690
|
* generate a policy.</p>
|
|
3691
|
+
* @public
|
|
3566
3692
|
*/
|
|
3567
3693
|
allRegions?: boolean;
|
|
3568
3694
|
}
|
|
3569
3695
|
/**
|
|
3570
|
-
* @public
|
|
3571
3696
|
* <p>Contains information about CloudTrail access.</p>
|
|
3697
|
+
* @public
|
|
3572
3698
|
*/
|
|
3573
3699
|
export interface CloudTrailDetails {
|
|
3574
3700
|
/**
|
|
3575
|
-
* @public
|
|
3576
3701
|
* <p>A <code>Trail</code> object that contains settings for a trail.</p>
|
|
3702
|
+
* @public
|
|
3577
3703
|
*/
|
|
3578
3704
|
trails: Trail[] | undefined;
|
|
3579
3705
|
/**
|
|
3580
|
-
* @public
|
|
3581
3706
|
* <p>The ARN of the service role that IAM Access Analyzer uses to access your CloudTrail trail and
|
|
3582
3707
|
* service last accessed information.</p>
|
|
3708
|
+
* @public
|
|
3583
3709
|
*/
|
|
3584
3710
|
accessRole: string | undefined;
|
|
3585
3711
|
/**
|
|
3586
|
-
* @public
|
|
3587
3712
|
* <p>The start of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events
|
|
3588
3713
|
* with a timestamp before this time are not considered to generate a policy.</p>
|
|
3714
|
+
* @public
|
|
3589
3715
|
*/
|
|
3590
3716
|
startTime: Date | undefined;
|
|
3591
3717
|
/**
|
|
3592
|
-
* @public
|
|
3593
3718
|
* <p>The end of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with
|
|
3594
3719
|
* a timestamp after this time are not considered to generate a policy. If this is not
|
|
3595
3720
|
* included in the request, the default value is the current time.</p>
|
|
3721
|
+
* @public
|
|
3596
3722
|
*/
|
|
3597
3723
|
endTime?: Date;
|
|
3598
3724
|
}
|
|
3599
3725
|
/**
|
|
3600
|
-
* @public
|
|
3601
3726
|
* <p>Contains the ARN details about the IAM entity for which the policy is
|
|
3602
3727
|
* generated.</p>
|
|
3728
|
+
* @public
|
|
3603
3729
|
*/
|
|
3604
3730
|
export interface PolicyGenerationDetails {
|
|
3605
3731
|
/**
|
|
3606
|
-
* @public
|
|
3607
3732
|
* <p>The ARN of the IAM entity (user or role) for which you are generating a policy.</p>
|
|
3733
|
+
* @public
|
|
3608
3734
|
*/
|
|
3609
3735
|
principalArn: string | undefined;
|
|
3610
3736
|
}
|
|
@@ -3613,19 +3739,18 @@ export interface PolicyGenerationDetails {
|
|
|
3613
3739
|
*/
|
|
3614
3740
|
export interface StartPolicyGenerationRequest {
|
|
3615
3741
|
/**
|
|
3616
|
-
* @public
|
|
3617
3742
|
* <p>Contains the ARN of the IAM entity (user or role) for which you are generating a
|
|
3618
3743
|
* policy.</p>
|
|
3744
|
+
* @public
|
|
3619
3745
|
*/
|
|
3620
3746
|
policyGenerationDetails: PolicyGenerationDetails | undefined;
|
|
3621
3747
|
/**
|
|
3622
|
-
* @public
|
|
3623
3748
|
* <p>A <code>CloudTrailDetails</code> object that contains details about a <code>Trail</code>
|
|
3624
3749
|
* that you want to analyze to generate policies.</p>
|
|
3750
|
+
* @public
|
|
3625
3751
|
*/
|
|
3626
3752
|
cloudTrailDetails?: CloudTrailDetails;
|
|
3627
3753
|
/**
|
|
3628
|
-
* @public
|
|
3629
3754
|
* <p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the
|
|
3630
3755
|
* request. Idempotency ensures that an API request completes only once. With an idempotent
|
|
3631
3756
|
* request, if the original request completes successfully, the subsequent retries with the
|
|
@@ -3633,6 +3758,7 @@ export interface StartPolicyGenerationRequest {
|
|
|
3633
3758
|
* additional effect.</p>
|
|
3634
3759
|
* <p>If you do not specify a client token, one is automatically generated by the Amazon Web Services
|
|
3635
3760
|
* SDK.</p>
|
|
3761
|
+
* @public
|
|
3636
3762
|
*/
|
|
3637
3763
|
clientToken?: string;
|
|
3638
3764
|
}
|
|
@@ -3641,79 +3767,79 @@ export interface StartPolicyGenerationRequest {
|
|
|
3641
3767
|
*/
|
|
3642
3768
|
export interface StartPolicyGenerationResponse {
|
|
3643
3769
|
/**
|
|
3644
|
-
* @public
|
|
3645
3770
|
* <p>The <code>JobId</code> that is returned by the <code>StartPolicyGeneration</code>
|
|
3646
3771
|
* operation. The <code>JobId</code> can be used with <code>GetGeneratedPolicy</code> to
|
|
3647
3772
|
* retrieve the generated policies or used with <code>CancelPolicyGeneration</code> to cancel
|
|
3648
3773
|
* the policy generation request.</p>
|
|
3774
|
+
* @public
|
|
3649
3775
|
*/
|
|
3650
3776
|
jobId: string | undefined;
|
|
3651
3777
|
}
|
|
3652
3778
|
/**
|
|
3653
|
-
* @public
|
|
3654
3779
|
* <p>Starts a scan of the policies applied to the specified resource.</p>
|
|
3780
|
+
* @public
|
|
3655
3781
|
*/
|
|
3656
3782
|
export interface StartResourceScanRequest {
|
|
3657
3783
|
/**
|
|
3658
|
-
* @public
|
|
3659
3784
|
* <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
|
|
3660
3785
|
* the analyzer</a> to use to scan the policies applied to the specified
|
|
3661
3786
|
* resource.</p>
|
|
3787
|
+
* @public
|
|
3662
3788
|
*/
|
|
3663
3789
|
analyzerArn: string | undefined;
|
|
3664
3790
|
/**
|
|
3665
|
-
* @public
|
|
3666
3791
|
* <p>The ARN of the resource to scan.</p>
|
|
3792
|
+
* @public
|
|
3667
3793
|
*/
|
|
3668
3794
|
resourceArn: string | undefined;
|
|
3669
3795
|
/**
|
|
3670
|
-
* @public
|
|
3671
3796
|
* <p>The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning
|
|
3672
3797
|
* account is the account in which the resource was created.</p>
|
|
3798
|
+
* @public
|
|
3673
3799
|
*/
|
|
3674
3800
|
resourceOwnerAccount?: string;
|
|
3675
3801
|
}
|
|
3676
3802
|
/**
|
|
3677
|
-
* @public
|
|
3678
3803
|
* <p>Adds a tag to the specified resource.</p>
|
|
3804
|
+
* @public
|
|
3679
3805
|
*/
|
|
3680
3806
|
export interface TagResourceRequest {
|
|
3681
3807
|
/**
|
|
3682
|
-
* @public
|
|
3683
3808
|
* <p>The ARN of the resource to add the tag to.</p>
|
|
3809
|
+
* @public
|
|
3684
3810
|
*/
|
|
3685
3811
|
resourceArn: string | undefined;
|
|
3686
3812
|
/**
|
|
3687
|
-
* @public
|
|
3688
3813
|
* <p>The tags to add to the resource.</p>
|
|
3814
|
+
* @public
|
|
3689
3815
|
*/
|
|
3690
3816
|
tags: Record<string, string> | undefined;
|
|
3691
3817
|
}
|
|
3692
3818
|
/**
|
|
3693
|
-
* @public
|
|
3694
3819
|
* <p>The response to the request.</p>
|
|
3820
|
+
* @public
|
|
3695
3821
|
*/
|
|
3696
3822
|
export interface TagResourceResponse {
|
|
3697
3823
|
}
|
|
3698
3824
|
/**
|
|
3699
|
-
* @public
|
|
3700
3825
|
* <p>Removes a tag from the specified resource.</p>
|
|
3826
|
+
* @public
|
|
3701
3827
|
*/
|
|
3702
3828
|
export interface UntagResourceRequest {
|
|
3703
3829
|
/**
|
|
3704
|
-
* @public
|
|
3705
3830
|
* <p>The ARN of the resource to remove the tag from.</p>
|
|
3831
|
+
* @public
|
|
3706
3832
|
*/
|
|
3707
3833
|
resourceArn: string | undefined;
|
|
3708
3834
|
/**
|
|
3709
|
-
* @public
|
|
3710
3835
|
* <p>The key for the tag to add.</p>
|
|
3836
|
+
* @public
|
|
3711
3837
|
*/
|
|
3712
3838
|
tagKeys: string[] | undefined;
|
|
3713
3839
|
}
|
|
3714
3840
|
/**
|
|
3715
|
-
* @public
|
|
3716
3841
|
* <p>The response to the request.</p>
|
|
3842
|
+
* @public
|
|
3717
3843
|
*/
|
|
3718
3844
|
export interface UntagResourceResponse {
|
|
3719
3845
|
}
|
|
@@ -3722,36 +3848,36 @@ export interface UntagResourceResponse {
|
|
|
3722
3848
|
*/
|
|
3723
3849
|
export type FindingStatusUpdate = "ACTIVE" | "ARCHIVED";
|
|
3724
3850
|
/**
|
|
3725
|
-
* @public
|
|
3726
3851
|
* <p>Updates findings with the new values provided in the request.</p>
|
|
3852
|
+
* @public
|
|
3727
3853
|
*/
|
|
3728
3854
|
export interface UpdateFindingsRequest {
|
|
3729
3855
|
/**
|
|
3730
|
-
* @public
|
|
3731
3856
|
* <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
|
|
3732
3857
|
* the analyzer</a> that generated the findings to update.</p>
|
|
3858
|
+
* @public
|
|
3733
3859
|
*/
|
|
3734
3860
|
analyzerArn: string | undefined;
|
|
3735
3861
|
/**
|
|
3736
|
-
* @public
|
|
3737
3862
|
* <p>The state represents the action to take to update the finding Status. Use
|
|
3738
3863
|
* <code>ARCHIVE</code> to change an Active finding to an Archived finding. Use
|
|
3739
3864
|
* <code>ACTIVE</code> to change an Archived finding to an Active finding.</p>
|
|
3865
|
+
* @public
|
|
3740
3866
|
*/
|
|
3741
3867
|
status: FindingStatusUpdate | undefined;
|
|
3742
3868
|
/**
|
|
3743
|
-
* @public
|
|
3744
3869
|
* <p>The IDs of the findings to update.</p>
|
|
3870
|
+
* @public
|
|
3745
3871
|
*/
|
|
3746
3872
|
ids?: string[];
|
|
3747
3873
|
/**
|
|
3748
|
-
* @public
|
|
3749
3874
|
* <p>The ARN of the resource identified in the finding.</p>
|
|
3875
|
+
* @public
|
|
3750
3876
|
*/
|
|
3751
3877
|
resourceArn?: string;
|
|
3752
3878
|
/**
|
|
3753
|
-
* @public
|
|
3754
3879
|
* <p>A client token.</p>
|
|
3880
|
+
* @public
|
|
3755
3881
|
*/
|
|
3756
3882
|
clientToken?: string;
|
|
3757
3883
|
}
|
|
@@ -3793,6 +3919,7 @@ export type PolicyType = (typeof PolicyType)[keyof typeof PolicyType];
|
|
|
3793
3919
|
* @enum
|
|
3794
3920
|
*/
|
|
3795
3921
|
export declare const ValidatePolicyResourceType: {
|
|
3922
|
+
readonly DYNAMODB_TABLE: "AWS::DynamoDB::Table";
|
|
3796
3923
|
readonly ROLE_TRUST: "AWS::IAM::AssumeRolePolicyDocument";
|
|
3797
3924
|
readonly S3_ACCESS_POINT: "AWS::S3::AccessPoint";
|
|
3798
3925
|
readonly S3_BUCKET: "AWS::S3::Bucket";
|
|
@@ -3808,27 +3935,26 @@ export type ValidatePolicyResourceType = (typeof ValidatePolicyResourceType)[key
|
|
|
3808
3935
|
*/
|
|
3809
3936
|
export interface ValidatePolicyRequest {
|
|
3810
3937
|
/**
|
|
3811
|
-
* @public
|
|
3812
3938
|
* <p>The locale to use for localizing the findings.</p>
|
|
3939
|
+
* @public
|
|
3813
3940
|
*/
|
|
3814
3941
|
locale?: Locale;
|
|
3815
3942
|
/**
|
|
3816
|
-
* @public
|
|
3817
3943
|
* <p>The maximum number of results to return in the response.</p>
|
|
3944
|
+
* @public
|
|
3818
3945
|
*/
|
|
3819
3946
|
maxResults?: number;
|
|
3820
3947
|
/**
|
|
3821
|
-
* @public
|
|
3822
3948
|
* <p>A token used for pagination of results returned.</p>
|
|
3949
|
+
* @public
|
|
3823
3950
|
*/
|
|
3824
3951
|
nextToken?: string;
|
|
3825
3952
|
/**
|
|
3826
|
-
* @public
|
|
3827
3953
|
* <p>The JSON policy document to use as the content for the policy.</p>
|
|
3954
|
+
* @public
|
|
3828
3955
|
*/
|
|
3829
3956
|
policyDocument: string | undefined;
|
|
3830
3957
|
/**
|
|
3831
|
-
* @public
|
|
3832
3958
|
* <p>The type of policy to validate. Identity policies grant permissions to IAM principals.
|
|
3833
3959
|
* Identity policies include managed and inline policies for IAM roles, users, and
|
|
3834
3960
|
* groups.</p>
|
|
@@ -3838,10 +3964,10 @@ export interface ValidatePolicyRequest {
|
|
|
3838
3964
|
* or Amazon S3 bucket policy. </p>
|
|
3839
3965
|
* <p>Service control policies (SCPs) are a type of organization policy attached to an Amazon Web Services
|
|
3840
3966
|
* organization, organizational unit (OU), or an account.</p>
|
|
3967
|
+
* @public
|
|
3841
3968
|
*/
|
|
3842
3969
|
policyType: PolicyType | undefined;
|
|
3843
3970
|
/**
|
|
3844
|
-
* @public
|
|
3845
3971
|
* <p>The type of resource to attach to your resource policy. Specify a value for the policy
|
|
3846
3972
|
* validation resource type only if the policy type is <code>RESOURCE_POLICY</code>. For
|
|
3847
3973
|
* example, to validate a resource policy to attach to an Amazon S3 bucket, you can choose
|
|
@@ -3850,6 +3976,7 @@ export interface ValidatePolicyRequest {
|
|
|
3850
3976
|
* apply to all resource policies. For example, to validate a resource policy to attach to a
|
|
3851
3977
|
* KMS key, do not specify a value for the policy validation resource type and IAM Access Analyzer
|
|
3852
3978
|
* will run policy checks that apply to all resource policies.</p>
|
|
3979
|
+
* @public
|
|
3853
3980
|
*/
|
|
3854
3981
|
validatePolicyResourceType?: ValidatePolicyResourceType;
|
|
3855
3982
|
}
|
|
@@ -3868,24 +3995,24 @@ export declare const ValidatePolicyFindingType: {
|
|
|
3868
3995
|
*/
|
|
3869
3996
|
export type ValidatePolicyFindingType = (typeof ValidatePolicyFindingType)[keyof typeof ValidatePolicyFindingType];
|
|
3870
3997
|
/**
|
|
3871
|
-
* @public
|
|
3872
3998
|
* <p>A reference to a substring of a literal string in a JSON document.</p>
|
|
3999
|
+
* @public
|
|
3873
4000
|
*/
|
|
3874
4001
|
export interface Substring {
|
|
3875
4002
|
/**
|
|
3876
|
-
* @public
|
|
3877
4003
|
* <p>The start index of the substring, starting from 0.</p>
|
|
4004
|
+
* @public
|
|
3878
4005
|
*/
|
|
3879
4006
|
start: number | undefined;
|
|
3880
4007
|
/**
|
|
3881
|
-
* @public
|
|
3882
4008
|
* <p>The length of the substring.</p>
|
|
4009
|
+
* @public
|
|
3883
4010
|
*/
|
|
3884
4011
|
length: number | undefined;
|
|
3885
4012
|
}
|
|
3886
4013
|
/**
|
|
3887
|
-
* @public
|
|
3888
4014
|
* <p>A single element in a path through the JSON representation of a policy.</p>
|
|
4015
|
+
* @public
|
|
3889
4016
|
*/
|
|
3890
4017
|
export type PathElement = PathElement.IndexMember | PathElement.KeyMember | PathElement.SubstringMember | PathElement.ValueMember | PathElement.$UnknownMember;
|
|
3891
4018
|
/**
|
|
@@ -3893,8 +4020,8 @@ export type PathElement = PathElement.IndexMember | PathElement.KeyMember | Path
|
|
|
3893
4020
|
*/
|
|
3894
4021
|
export declare namespace PathElement {
|
|
3895
4022
|
/**
|
|
3896
|
-
* @public
|
|
3897
4023
|
* <p>Refers to an index in a JSON array.</p>
|
|
4024
|
+
* @public
|
|
3898
4025
|
*/
|
|
3899
4026
|
interface IndexMember {
|
|
3900
4027
|
index: number;
|
|
@@ -3904,8 +4031,8 @@ export declare namespace PathElement {
|
|
|
3904
4031
|
$unknown?: never;
|
|
3905
4032
|
}
|
|
3906
4033
|
/**
|
|
3907
|
-
* @public
|
|
3908
4034
|
* <p>Refers to a key in a JSON object.</p>
|
|
4035
|
+
* @public
|
|
3909
4036
|
*/
|
|
3910
4037
|
interface KeyMember {
|
|
3911
4038
|
index?: never;
|
|
@@ -3915,8 +4042,8 @@ export declare namespace PathElement {
|
|
|
3915
4042
|
$unknown?: never;
|
|
3916
4043
|
}
|
|
3917
4044
|
/**
|
|
3918
|
-
* @public
|
|
3919
4045
|
* <p>Refers to a substring of a literal string in a JSON object.</p>
|
|
4046
|
+
* @public
|
|
3920
4047
|
*/
|
|
3921
4048
|
interface SubstringMember {
|
|
3922
4049
|
index?: never;
|
|
@@ -3926,8 +4053,8 @@ export declare namespace PathElement {
|
|
|
3926
4053
|
$unknown?: never;
|
|
3927
4054
|
}
|
|
3928
4055
|
/**
|
|
3929
|
-
* @public
|
|
3930
4056
|
* <p>Refers to the value associated with a given key in a JSON object.</p>
|
|
4057
|
+
* @public
|
|
3931
4058
|
*/
|
|
3932
4059
|
interface ValueMember {
|
|
3933
4060
|
index?: never;
|
|
@@ -3956,74 +4083,73 @@ export declare namespace PathElement {
|
|
|
3956
4083
|
const visit: <T>(value: PathElement, visitor: Visitor<T>) => T;
|
|
3957
4084
|
}
|
|
3958
4085
|
/**
|
|
3959
|
-
* @public
|
|
3960
4086
|
* <p>A position in a policy.</p>
|
|
4087
|
+
* @public
|
|
3961
4088
|
*/
|
|
3962
4089
|
export interface Position {
|
|
3963
4090
|
/**
|
|
3964
|
-
* @public
|
|
3965
4091
|
* <p>The line of the position, starting from 1.</p>
|
|
4092
|
+
* @public
|
|
3966
4093
|
*/
|
|
3967
4094
|
line: number | undefined;
|
|
3968
4095
|
/**
|
|
3969
|
-
* @public
|
|
3970
4096
|
* <p>The column of the position, starting from 0.</p>
|
|
4097
|
+
* @public
|
|
3971
4098
|
*/
|
|
3972
4099
|
column: number | undefined;
|
|
3973
4100
|
/**
|
|
3974
|
-
* @public
|
|
3975
4101
|
* <p>The offset within the policy that corresponds to the position, starting from 0.</p>
|
|
4102
|
+
* @public
|
|
3976
4103
|
*/
|
|
3977
4104
|
offset: number | undefined;
|
|
3978
4105
|
}
|
|
3979
4106
|
/**
|
|
3980
|
-
* @public
|
|
3981
4107
|
* <p>A span in a policy. The span consists of a start position (inclusive) and end position
|
|
3982
4108
|
* (exclusive).</p>
|
|
4109
|
+
* @public
|
|
3983
4110
|
*/
|
|
3984
4111
|
export interface Span {
|
|
3985
4112
|
/**
|
|
3986
|
-
* @public
|
|
3987
4113
|
* <p>The start position of the span (inclusive).</p>
|
|
4114
|
+
* @public
|
|
3988
4115
|
*/
|
|
3989
4116
|
start: Position | undefined;
|
|
3990
4117
|
/**
|
|
3991
|
-
* @public
|
|
3992
4118
|
* <p>The end position of the span (exclusive).</p>
|
|
4119
|
+
* @public
|
|
3993
4120
|
*/
|
|
3994
4121
|
end: Position | undefined;
|
|
3995
4122
|
}
|
|
3996
4123
|
/**
|
|
3997
|
-
* @public
|
|
3998
4124
|
* <p>A location in a policy that is represented as a path through the JSON representation and
|
|
3999
4125
|
* a corresponding span.</p>
|
|
4126
|
+
* @public
|
|
4000
4127
|
*/
|
|
4001
4128
|
export interface Location {
|
|
4002
4129
|
/**
|
|
4003
|
-
* @public
|
|
4004
4130
|
* <p>A path in a policy, represented as a sequence of path elements.</p>
|
|
4131
|
+
* @public
|
|
4005
4132
|
*/
|
|
4006
4133
|
path: PathElement[] | undefined;
|
|
4007
4134
|
/**
|
|
4008
|
-
* @public
|
|
4009
4135
|
* <p>A span in a policy.</p>
|
|
4136
|
+
* @public
|
|
4010
4137
|
*/
|
|
4011
4138
|
span: Span | undefined;
|
|
4012
4139
|
}
|
|
4013
4140
|
/**
|
|
4014
|
-
* @public
|
|
4015
4141
|
* <p>A finding in a policy. Each finding is an actionable recommendation that can be used to
|
|
4016
4142
|
* improve the policy.</p>
|
|
4143
|
+
* @public
|
|
4017
4144
|
*/
|
|
4018
4145
|
export interface ValidatePolicyFinding {
|
|
4019
4146
|
/**
|
|
4020
|
-
* @public
|
|
4021
4147
|
* <p>A localized message that explains the finding and provides guidance on how to address
|
|
4022
4148
|
* it.</p>
|
|
4149
|
+
* @public
|
|
4023
4150
|
*/
|
|
4024
4151
|
findingDetails: string | undefined;
|
|
4025
4152
|
/**
|
|
4026
|
-
* @public
|
|
4027
4153
|
* <p>The impact of the finding.</p>
|
|
4028
4154
|
* <p>Security warnings report when the policy allows access that we consider overly
|
|
4029
4155
|
* permissive.</p>
|
|
@@ -4032,22 +4158,23 @@ export interface ValidatePolicyFinding {
|
|
|
4032
4158
|
* best practices.</p>
|
|
4033
4159
|
* <p>Suggestions recommend stylistic improvements in the policy that do not impact
|
|
4034
4160
|
* access.</p>
|
|
4161
|
+
* @public
|
|
4035
4162
|
*/
|
|
4036
4163
|
findingType: ValidatePolicyFindingType | undefined;
|
|
4037
4164
|
/**
|
|
4038
|
-
* @public
|
|
4039
4165
|
* <p>The issue code provides an identifier of the issue associated with this finding.</p>
|
|
4166
|
+
* @public
|
|
4040
4167
|
*/
|
|
4041
4168
|
issueCode: string | undefined;
|
|
4042
4169
|
/**
|
|
4043
|
-
* @public
|
|
4044
4170
|
* <p>A link to additional documentation about the type of finding.</p>
|
|
4171
|
+
* @public
|
|
4045
4172
|
*/
|
|
4046
4173
|
learnMoreLink: string | undefined;
|
|
4047
4174
|
/**
|
|
4048
|
-
* @public
|
|
4049
4175
|
* <p>The list of locations in the policy document that are related to the finding. The issue
|
|
4050
4176
|
* code provides a summary of an issue identified by the finding.</p>
|
|
4177
|
+
* @public
|
|
4051
4178
|
*/
|
|
4052
4179
|
locations: Location[] | undefined;
|
|
4053
4180
|
}
|
|
@@ -4056,14 +4183,14 @@ export interface ValidatePolicyFinding {
|
|
|
4056
4183
|
*/
|
|
4057
4184
|
export interface ValidatePolicyResponse {
|
|
4058
4185
|
/**
|
|
4059
|
-
* @public
|
|
4060
4186
|
* <p>The list of findings in a policy returned by IAM Access Analyzer based on its suite of policy
|
|
4061
4187
|
* checks.</p>
|
|
4188
|
+
* @public
|
|
4062
4189
|
*/
|
|
4063
4190
|
findings: ValidatePolicyFinding[] | undefined;
|
|
4064
4191
|
/**
|
|
4065
|
-
* @public
|
|
4066
4192
|
* <p>A token used for pagination of results returned.</p>
|
|
4193
|
+
* @public
|
|
4067
4194
|
*/
|
|
4068
4195
|
nextToken?: string;
|
|
4069
4196
|
}
|