@aws-sdk/client-accessanalyzer 3.592.0 → 3.596.0

package/dist-es/models/models_0.js

@@ -87,6 +87,7 @@ export class ThrottlingException extends __BaseException {
 export const ValidationExceptionReason = {
     CANNOT_PARSE: "cannotParse",
     FIELD_VALIDATION_FAILED: "fieldValidationFailed",
+    NOT_SUPPORTED: "notSupported",
     OTHER: "other",
     UNKNOWN_OPERATION: "unknownOperation",
 };
@@ -149,6 +150,30 @@ export const CheckNoNewAccessResult = {
     FAIL: "FAIL",
     PASS: "PASS",
 };
+export const AccessCheckResourceType = {
+    DYNAMODB_STREAM: "AWS::DynamoDB::Stream",
+    DYNAMODB_TABLE: "AWS::DynamoDB::Table",
+    EFS_FILESYSTEM: "AWS::EFS::FileSystem",
+    KINESIS_DATA_STREAM: "AWS::Kinesis::Stream",
+    KINESIS_STREAM_CONSUMER: "AWS::Kinesis::StreamConsumer",
+    KMS_KEY: "AWS::KMS::Key",
+    LAMBDA_FUNCTION: "AWS::Lambda::Function",
+    OPENSEARCHSERVICE_DOMAIN: "AWS::OpenSearchService::Domain",
+    ROLE_TRUST: "AWS::IAM::AssumeRolePolicyDocument",
+    S3EXPRESS_DIRECTORYBUCKET: "AWS::S3Express::DirectoryBucket",
+    S3_ACCESS_POINT: "AWS::S3::AccessPoint",
+    S3_BUCKET: "AWS::S3::Bucket",
+    S3_GLACIER: "AWS::S3::Glacier",
+    S3_OUTPOSTS_ACCESS_POINT: "AWS::S3Outposts::AccessPoint",
+    S3_OUTPOSTS_BUCKET: "AWS::S3Outposts::Bucket",
+    SECRETSMANAGER_SECRET: "AWS::SecretsManager::Secret",
+    SNS_TOPIC: "AWS::SNS::Topic",
+    SQS_QUEUE: "AWS::SQS::Queue",
+};
+export const CheckNoPublicAccessResult = {
+    FAIL: "FAIL",
+    PASS: "PASS",
+};
 export const KmsGrantOperation = {
     CREATE_GRANT: "CreateGrant",
     DECRYPT: "Decrypt",
@@ -251,6 +276,26 @@ export const AccessPreviewStatusReasonCode = {
     INTERNAL_ERROR: "INTERNAL_ERROR",
     INVALID_CONFIGURATION: "INVALID_CONFIGURATION",
 };
+export const RecommendationType = {
+    UNUSED_PERMISSION_RECOMMENDATION: "UnusedPermissionRecommendation",
+};
+export const RecommendedRemediationAction = {
+    CREATE_POLICY: "CREATE_POLICY",
+    DETACH_POLICY: "DETACH_POLICY",
+};
+export var RecommendedStep;
+(function (RecommendedStep) {
+    RecommendedStep.visit = (value, visitor) => {
+        if (value.unusedPermissionsRecommendedStep !== undefined)
+            return visitor.unusedPermissionsRecommendedStep(value.unusedPermissionsRecommendedStep);
+        return visitor._(value.$unknown[0], value.$unknown[1]);
+    };
+})(RecommendedStep || (RecommendedStep = {}));
+export const Status = {
+    FAILED: "FAILED",
+    IN_PROGRESS: "IN_PROGRESS",
+    SUCCEEDED: "SUCCEEDED",
+};
 export var FindingDetails;
 (function (FindingDetails) {
     FindingDetails.visit = (value, visitor) => {
@@ -345,3 +390,7 @@ export const CheckNoNewAccessRequestFilterSensitiveLog = (obj) => ({
     ...(obj.newPolicyDocument && { newPolicyDocument: SENSITIVE_STRING }),
     ...(obj.existingPolicyDocument && { existingPolicyDocument: SENSITIVE_STRING }),
 });
+export const CheckNoPublicAccessRequestFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.policyDocument && { policyDocument: SENSITIVE_STRING }),
+});

package/dist-es/pagination/GetFindingRecommendationPaginator.js

@@ -0,0 +1,4 @@
+import { createPaginator } from "@smithy/core";
+import { AccessAnalyzerClient } from "../AccessAnalyzerClient";
+import { GetFindingRecommendationCommand, } from "../commands/GetFindingRecommendationCommand";
+export const paginateGetFindingRecommendation = createPaginator(AccessAnalyzerClient, GetFindingRecommendationCommand, "nextToken", "nextToken", "maxResults");

package/dist-es/pagination/index.js

@@ -1,3 +1,4 @@
+export * from "./GetFindingRecommendationPaginator";
 export * from "./GetFindingV2Paginator";
 export * from "./Interfaces";
 export * from "./ListAccessPreviewFindingsPaginator";

package/dist-es/protocols/Aws_restJson1.js

@@ -58,6 +58,20 @@ export const se_CheckNoNewAccessCommand = async (input, context) => {
     b.m("POST").h(headers).b(body);
     return b.build();
 };
+export const se_CheckNoPublicAccessCommand = async (input, context) => {
+    const b = rb(input, context);
+    const headers = {
+        "content-type": "application/json",
+    };
+    b.bp("/policy/check-no-public-access");
+    let body;
+    body = JSON.stringify(take(input, {
+        policyDocument: [],
+        resourceType: [],
+    }));
+    b.m("POST").h(headers).b(body);
+    return b.build();
+};
 export const se_CreateAccessPreviewCommand = async (input, context) => {
     const b = rb(input, context);
     const headers = {
@@ -132,6 +146,18 @@ export const se_DeleteArchiveRuleCommand = async (input, context) => {
     b.m("DELETE").h(headers).q(query).b(body);
     return b.build();
 };
+export const se_GenerateFindingRecommendationCommand = async (input, context) => {
+    const b = rb(input, context);
+    const headers = {};
+    b.bp("/recommendation/{id}");
+    b.p("id", () => input.id, "{id}", false);
+    const query = map({
+        [_aA]: [, __expectNonNull(input[_aA], `analyzerArn`)],
+    });
+    let body;
+    b.m("POST").h(headers).q(query).b(body);
+    return b.build();
+};
 export const se_GetAccessPreviewCommand = async (input, context) => {
     const b = rb(input, context);
     const headers = {};
@@ -187,6 +213,20 @@ export const se_GetFindingCommand = async (input, context) => {
     b.m("GET").h(headers).q(query).b(body);
     return b.build();
 };
+export const se_GetFindingRecommendationCommand = async (input, context) => {
+    const b = rb(input, context);
+    const headers = {};
+    b.bp("/recommendation/{id}");
+    b.p("id", () => input.id, "{id}", false);
+    const query = map({
+        [_aA]: [, __expectNonNull(input[_aA], `analyzerArn`)],
+        [_mR]: [() => input.maxResults !== void 0, () => input[_mR].toString()],
+        [_nT]: [, input[_nT]],
+    });
+    let body;
+    b.m("GET").h(headers).q(query).b(body);
+    return b.build();
+};
 export const se_GetFindingV2Command = async (input, context) => {
     const b = rb(input, context);
     const headers = {};
@@ -506,6 +546,22 @@ export const de_CheckNoNewAccessCommand = async (output, context) => {
     Object.assign(contents, doc);
     return contents;
 };
+export const de_CheckNoPublicAccessCommand = async (output, context) => {
+    if (output.statusCode !== 200 && output.statusCode >= 300) {
+        return de_CommandError(output, context);
+    }
+    const contents = map({
+        $metadata: deserializeMetadata(output),
+    });
+    const data = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body");
+    const doc = take(data, {
+        message: __expectString,
+        reasons: _json,
+        result: __expectString,
+    });
+    Object.assign(contents, doc);
+    return contents;
+};
 export const de_CreateAccessPreviewCommand = async (output, context) => {
     if (output.statusCode !== 200 && output.statusCode >= 300) {
         return de_CommandError(output, context);
@@ -564,6 +620,16 @@ export const de_DeleteArchiveRuleCommand = async (output, context) => {
     await collectBody(output.body, context);
     return contents;
 };
+export const de_GenerateFindingRecommendationCommand = async (output, context) => {
+    if (output.statusCode !== 200 && output.statusCode >= 300) {
+        return de_CommandError(output, context);
+    }
+    const contents = map({
+        $metadata: deserializeMetadata(output),
+    });
+    await collectBody(output.body, context);
+    return contents;
+};
 export const de_GetAccessPreviewCommand = async (output, context) => {
     if (output.statusCode !== 200 && output.statusCode >= 300) {
         return de_CommandError(output, context);
@@ -634,6 +700,27 @@ export const de_GetFindingCommand = async (output, context) => {
     Object.assign(contents, doc);
     return contents;
 };
+export const de_GetFindingRecommendationCommand = async (output, context) => {
+    if (output.statusCode !== 200 && output.statusCode >= 300) {
+        return de_CommandError(output, context);
+    }
+    const contents = map({
+        $metadata: deserializeMetadata(output),
+    });
+    const data = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body");
+    const doc = take(data, {
+        completedAt: (_) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)),
+        error: _json,
+        nextToken: __expectString,
+        recommendationType: __expectString,
+        recommendedSteps: (_) => de_RecommendedStepList(_, context),
+        resourceArn: __expectString,
+        startedAt: (_) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)),
+        status: __expectString,
+    });
+    Object.assign(contents, doc);
+    return contents;
+};
 export const de_GetFindingV2Command = async (output, context) => {
     if (output.statusCode !== 200 && output.statusCode >= 300) {
         return de_CommandError(output, context);
@@ -1323,6 +1410,22 @@ const de_PolicyGenerationList = (output, context) => {
     });
     return retVal;
 };
+const de_RecommendedStep = (output, context) => {
+    if (output.unusedPermissionsRecommendedStep != null) {
+        return {
+            unusedPermissionsRecommendedStep: de_UnusedPermissionsRecommendedStep(output.unusedPermissionsRecommendedStep, context),
+        };
+    }
+    return { $unknown: Object.entries(output)[0] };
+};
+const de_RecommendedStepList = (output, context) => {
+    const retVal = (output || [])
+        .filter((e) => e != null)
+        .map((entry) => {
+        return de_RecommendedStep(__expectUnion(entry), context);
+    });
+    return retVal;
+};
 const de_UnusedAction = (output, context) => {
     return take(output, {
         action: __expectString,
@@ -1360,6 +1463,14 @@ const de_UnusedPermissionDetails = (output, context) => {
         serviceNamespace: __expectString,
     });
 };
+const de_UnusedPermissionsRecommendedStep = (output, context) => {
+    return take(output, {
+        existingPolicyId: __expectString,
+        policyUpdatedAt: (_) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)),
+        recommendedAction: __expectString,
+        recommendedPolicy: __expectString,
+    });
+};
 const deserializeMetadata = (output) => ({
     httpStatusCode: output.statusCode,
     requestId: output.headers["x-amzn-requestid"] ?? output.headers["x-amzn-request-id"] ?? output.headers["x-amz-request-id"],

package/dist-types/AccessAnalyzer.d.ts

@@ -4,16 +4,19 @@ import { ApplyArchiveRuleCommandInput, ApplyArchiveRuleCommandOutput } from "./c
 import { CancelPolicyGenerationCommandInput, CancelPolicyGenerationCommandOutput } from "./commands/CancelPolicyGenerationCommand";
 import { CheckAccessNotGrantedCommandInput, CheckAccessNotGrantedCommandOutput } from "./commands/CheckAccessNotGrantedCommand";
 import { CheckNoNewAccessCommandInput, CheckNoNewAccessCommandOutput } from "./commands/CheckNoNewAccessCommand";
+import { CheckNoPublicAccessCommandInput, CheckNoPublicAccessCommandOutput } from "./commands/CheckNoPublicAccessCommand";
 import { CreateAccessPreviewCommandInput, CreateAccessPreviewCommandOutput } from "./commands/CreateAccessPreviewCommand";
 import { CreateAnalyzerCommandInput, CreateAnalyzerCommandOutput } from "./commands/CreateAnalyzerCommand";
 import { CreateArchiveRuleCommandInput, CreateArchiveRuleCommandOutput } from "./commands/CreateArchiveRuleCommand";
 import { DeleteAnalyzerCommandInput, DeleteAnalyzerCommandOutput } from "./commands/DeleteAnalyzerCommand";
 import { DeleteArchiveRuleCommandInput, DeleteArchiveRuleCommandOutput } from "./commands/DeleteArchiveRuleCommand";
+import { GenerateFindingRecommendationCommandInput, GenerateFindingRecommendationCommandOutput } from "./commands/GenerateFindingRecommendationCommand";
 import { GetAccessPreviewCommandInput, GetAccessPreviewCommandOutput } from "./commands/GetAccessPreviewCommand";
 import { GetAnalyzedResourceCommandInput, GetAnalyzedResourceCommandOutput } from "./commands/GetAnalyzedResourceCommand";
 import { GetAnalyzerCommandInput, GetAnalyzerCommandOutput } from "./commands/GetAnalyzerCommand";
 import { GetArchiveRuleCommandInput, GetArchiveRuleCommandOutput } from "./commands/GetArchiveRuleCommand";
 import { GetFindingCommandInput, GetFindingCommandOutput } from "./commands/GetFindingCommand";
+import { GetFindingRecommendationCommandInput, GetFindingRecommendationCommandOutput } from "./commands/GetFindingRecommendationCommand";
 import { GetFindingV2CommandInput, GetFindingV2CommandOutput } from "./commands/GetFindingV2Command";
 import { GetGeneratedPolicyCommandInput, GetGeneratedPolicyCommandOutput } from "./commands/GetGeneratedPolicyCommand";
 import { ListAccessPreviewFindingsCommandInput, ListAccessPreviewFindingsCommandOutput } from "./commands/ListAccessPreviewFindingsCommand";
@@ -57,6 +60,12 @@ export interface AccessAnalyzer {
     checkNoNewAccess(args: CheckNoNewAccessCommandInput, options?: __HttpHandlerOptions): Promise<CheckNoNewAccessCommandOutput>;
     checkNoNewAccess(args: CheckNoNewAccessCommandInput, cb: (err: any, data?: CheckNoNewAccessCommandOutput) => void): void;
     checkNoNewAccess(args: CheckNoNewAccessCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CheckNoNewAccessCommandOutput) => void): void;
+    /**
+     * @see {@link CheckNoPublicAccessCommand}
+     */
+    checkNoPublicAccess(args: CheckNoPublicAccessCommandInput, options?: __HttpHandlerOptions): Promise<CheckNoPublicAccessCommandOutput>;
+    checkNoPublicAccess(args: CheckNoPublicAccessCommandInput, cb: (err: any, data?: CheckNoPublicAccessCommandOutput) => void): void;
+    checkNoPublicAccess(args: CheckNoPublicAccessCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CheckNoPublicAccessCommandOutput) => void): void;
     /**
      * @see {@link CreateAccessPreviewCommand}
      */
@@ -87,6 +96,12 @@ export interface AccessAnalyzer {
     deleteArchiveRule(args: DeleteArchiveRuleCommandInput, options?: __HttpHandlerOptions): Promise<DeleteArchiveRuleCommandOutput>;
     deleteArchiveRule(args: DeleteArchiveRuleCommandInput, cb: (err: any, data?: DeleteArchiveRuleCommandOutput) => void): void;
     deleteArchiveRule(args: DeleteArchiveRuleCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: DeleteArchiveRuleCommandOutput) => void): void;
+    /**
+     * @see {@link GenerateFindingRecommendationCommand}
+     */
+    generateFindingRecommendation(args: GenerateFindingRecommendationCommandInput, options?: __HttpHandlerOptions): Promise<GenerateFindingRecommendationCommandOutput>;
+    generateFindingRecommendation(args: GenerateFindingRecommendationCommandInput, cb: (err: any, data?: GenerateFindingRecommendationCommandOutput) => void): void;
+    generateFindingRecommendation(args: GenerateFindingRecommendationCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GenerateFindingRecommendationCommandOutput) => void): void;
     /**
      * @see {@link GetAccessPreviewCommand}
      */
@@ -117,6 +132,12 @@ export interface AccessAnalyzer {
     getFinding(args: GetFindingCommandInput, options?: __HttpHandlerOptions): Promise<GetFindingCommandOutput>;
     getFinding(args: GetFindingCommandInput, cb: (err: any, data?: GetFindingCommandOutput) => void): void;
     getFinding(args: GetFindingCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetFindingCommandOutput) => void): void;
+    /**
+     * @see {@link GetFindingRecommendationCommand}
+     */
+    getFindingRecommendation(args: GetFindingRecommendationCommandInput, options?: __HttpHandlerOptions): Promise<GetFindingRecommendationCommandOutput>;
+    getFindingRecommendation(args: GetFindingRecommendationCommandInput, cb: (err: any, data?: GetFindingRecommendationCommandOutput) => void): void;
+    getFindingRecommendation(args: GetFindingRecommendationCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetFindingRecommendationCommandOutput) => void): void;
     /**
      * @see {@link GetFindingV2Command}
      */

package/dist-types/AccessAnalyzerClient.d.ts

@@ -11,16 +11,19 @@ import { ApplyArchiveRuleCommandInput, ApplyArchiveRuleCommandOutput } from "./c
 import { CancelPolicyGenerationCommandInput, CancelPolicyGenerationCommandOutput } from "./commands/CancelPolicyGenerationCommand";
 import { CheckAccessNotGrantedCommandInput, CheckAccessNotGrantedCommandOutput } from "./commands/CheckAccessNotGrantedCommand";
 import { CheckNoNewAccessCommandInput, CheckNoNewAccessCommandOutput } from "./commands/CheckNoNewAccessCommand";
+import { CheckNoPublicAccessCommandInput, CheckNoPublicAccessCommandOutput } from "./commands/CheckNoPublicAccessCommand";
 import { CreateAccessPreviewCommandInput, CreateAccessPreviewCommandOutput } from "./commands/CreateAccessPreviewCommand";
 import { CreateAnalyzerCommandInput, CreateAnalyzerCommandOutput } from "./commands/CreateAnalyzerCommand";
 import { CreateArchiveRuleCommandInput, CreateArchiveRuleCommandOutput } from "./commands/CreateArchiveRuleCommand";
 import { DeleteAnalyzerCommandInput, DeleteAnalyzerCommandOutput } from "./commands/DeleteAnalyzerCommand";
 import { DeleteArchiveRuleCommandInput, DeleteArchiveRuleCommandOutput } from "./commands/DeleteArchiveRuleCommand";
+import { GenerateFindingRecommendationCommandInput, GenerateFindingRecommendationCommandOutput } from "./commands/GenerateFindingRecommendationCommand";
 import { GetAccessPreviewCommandInput, GetAccessPreviewCommandOutput } from "./commands/GetAccessPreviewCommand";
 import { GetAnalyzedResourceCommandInput, GetAnalyzedResourceCommandOutput } from "./commands/GetAnalyzedResourceCommand";
 import { GetAnalyzerCommandInput, GetAnalyzerCommandOutput } from "./commands/GetAnalyzerCommand";
 import { GetArchiveRuleCommandInput, GetArchiveRuleCommandOutput } from "./commands/GetArchiveRuleCommand";
 import { GetFindingCommandInput, GetFindingCommandOutput } from "./commands/GetFindingCommand";
+import { GetFindingRecommendationCommandInput, GetFindingRecommendationCommandOutput } from "./commands/GetFindingRecommendationCommand";
 import { GetFindingV2CommandInput, GetFindingV2CommandOutput } from "./commands/GetFindingV2Command";
 import { GetGeneratedPolicyCommandInput, GetGeneratedPolicyCommandOutput } from "./commands/GetGeneratedPolicyCommand";
 import { ListAccessPreviewFindingsCommandInput, ListAccessPreviewFindingsCommandOutput } from "./commands/ListAccessPreviewFindingsCommand";
@@ -45,11 +48,11 @@ export { __Client };
 /**
  * @public
  */
-export type ServiceInputTypes = ApplyArchiveRuleCommandInput | CancelPolicyGenerationCommandInput | CheckAccessNotGrantedCommandInput | CheckNoNewAccessCommandInput | CreateAccessPreviewCommandInput | CreateAnalyzerCommandInput | CreateArchiveRuleCommandInput | DeleteAnalyzerCommandInput | DeleteArchiveRuleCommandInput | GetAccessPreviewCommandInput | GetAnalyzedResourceCommandInput | GetAnalyzerCommandInput | GetArchiveRuleCommandInput | GetFindingCommandInput | GetFindingV2CommandInput | GetGeneratedPolicyCommandInput | ListAccessPreviewFindingsCommandInput | ListAccessPreviewsCommandInput | ListAnalyzedResourcesCommandInput | ListAnalyzersCommandInput | ListArchiveRulesCommandInput | ListFindingsCommandInput | ListFindingsV2CommandInput | ListPolicyGenerationsCommandInput | ListTagsForResourceCommandInput | StartPolicyGenerationCommandInput | StartResourceScanCommandInput | TagResourceCommandInput | UntagResourceCommandInput | UpdateArchiveRuleCommandInput | UpdateFindingsCommandInput | ValidatePolicyCommandInput;
+export type ServiceInputTypes = ApplyArchiveRuleCommandInput | CancelPolicyGenerationCommandInput | CheckAccessNotGrantedCommandInput | CheckNoNewAccessCommandInput | CheckNoPublicAccessCommandInput | CreateAccessPreviewCommandInput | CreateAnalyzerCommandInput | CreateArchiveRuleCommandInput | DeleteAnalyzerCommandInput | DeleteArchiveRuleCommandInput | GenerateFindingRecommendationCommandInput | GetAccessPreviewCommandInput | GetAnalyzedResourceCommandInput | GetAnalyzerCommandInput | GetArchiveRuleCommandInput | GetFindingCommandInput | GetFindingRecommendationCommandInput | GetFindingV2CommandInput | GetGeneratedPolicyCommandInput | ListAccessPreviewFindingsCommandInput | ListAccessPreviewsCommandInput | ListAnalyzedResourcesCommandInput | ListAnalyzersCommandInput | ListArchiveRulesCommandInput | ListFindingsCommandInput | ListFindingsV2CommandInput | ListPolicyGenerationsCommandInput | ListTagsForResourceCommandInput | StartPolicyGenerationCommandInput | StartResourceScanCommandInput | TagResourceCommandInput | UntagResourceCommandInput | UpdateArchiveRuleCommandInput | UpdateFindingsCommandInput | ValidatePolicyCommandInput;
 /**
  * @public
  */
-export type ServiceOutputTypes = ApplyArchiveRuleCommandOutput | CancelPolicyGenerationCommandOutput | CheckAccessNotGrantedCommandOutput | CheckNoNewAccessCommandOutput | CreateAccessPreviewCommandOutput | CreateAnalyzerCommandOutput | CreateArchiveRuleCommandOutput | DeleteAnalyzerCommandOutput | DeleteArchiveRuleCommandOutput | GetAccessPreviewCommandOutput | GetAnalyzedResourceCommandOutput | GetAnalyzerCommandOutput | GetArchiveRuleCommandOutput | GetFindingCommandOutput | GetFindingV2CommandOutput | GetGeneratedPolicyCommandOutput | ListAccessPreviewFindingsCommandOutput | ListAccessPreviewsCommandOutput | ListAnalyzedResourcesCommandOutput | ListAnalyzersCommandOutput | ListArchiveRulesCommandOutput | ListFindingsCommandOutput | ListFindingsV2CommandOutput | ListPolicyGenerationsCommandOutput | ListTagsForResourceCommandOutput | StartPolicyGenerationCommandOutput | StartResourceScanCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput | UpdateArchiveRuleCommandOutput | UpdateFindingsCommandOutput | ValidatePolicyCommandOutput;
+export type ServiceOutputTypes = ApplyArchiveRuleCommandOutput | CancelPolicyGenerationCommandOutput | CheckAccessNotGrantedCommandOutput | CheckNoNewAccessCommandOutput | CheckNoPublicAccessCommandOutput | CreateAccessPreviewCommandOutput | CreateAnalyzerCommandOutput | CreateArchiveRuleCommandOutput | DeleteAnalyzerCommandOutput | DeleteArchiveRuleCommandOutput | GenerateFindingRecommendationCommandOutput | GetAccessPreviewCommandOutput | GetAnalyzedResourceCommandOutput | GetAnalyzerCommandOutput | GetArchiveRuleCommandOutput | GetFindingCommandOutput | GetFindingRecommendationCommandOutput | GetFindingV2CommandOutput | GetGeneratedPolicyCommandOutput | ListAccessPreviewFindingsCommandOutput | ListAccessPreviewsCommandOutput | ListAnalyzedResourcesCommandOutput | ListAnalyzersCommandOutput | ListArchiveRulesCommandOutput | ListFindingsCommandOutput | ListFindingsV2CommandOutput | ListPolicyGenerationsCommandOutput | ListTagsForResourceCommandOutput | StartPolicyGenerationCommandOutput | StartResourceScanCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput | UpdateArchiveRuleCommandOutput | UpdateFindingsCommandOutput | ValidatePolicyCommandOutput;
 /**
  * @public
  */

package/dist-types/commands/CheckAccessNotGrantedCommand.d.ts

@@ -38,7 +38,10 @@ declare const CheckAccessNotGrantedCommand_base: {
  *   policyDocument: "STRING_VALUE", // required
  *   access: [ // AccessList // required
  *     { // Access
- *       actions: [ // ActionsList // required
+ *       actions: [ // ActionsList
+ *         "STRING_VALUE",
+ *       ],
+ *       resources: [ // ResourcesList
  *         "STRING_VALUE",
  *       ],
  *     },
@@ -89,6 +92,88 @@ declare const CheckAccessNotGrantedCommand_base: {
  * <p>Base exception class for all service exceptions from AccessAnalyzer service.</p>
  *
  * @public
+ * @example Passing check. Restrictive identity policy.
+ * ```javascript
+ * //
+ * const input = {
+ *   "access": [
+ *     {
+ *       "actions": [
+ *         "s3:PutObject"
+ *       ]
+ *     }
+ *   ],
+ *   "policyDocument": "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:GetObject\",\"Resource\":\"*\"}]}",
+ *   "policyType": "RESOURCE_POLICY"
+ * };
+ * const command = new CheckAccessNotGrantedCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "message": "The policy document does not grant access to perform the listed actions or resources.",
+ *   "result": "PASS"
+ * }
+ * *\/
+ * // example id: example-1
+ * ```
+ *
+ * @example Passing check. Restrictive S3 Bucket resource policy.
+ * ```javascript
+ * //
+ * const input = {
+ *   "access": [
+ *     {
+ *       "resources": [
+ *         "arn:aws:s3:::sensitive-bucket/*"
+ *       ]
+ *     }
+ *   ],
+ *   "policyDocument": "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::non-sensitive-bucket/*\"}]}",
+ *   "policyType": "RESOURCE_POLICY"
+ * };
+ * const command = new CheckAccessNotGrantedCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "message": "The policy document does not grant access to perform the listed actions or resources.",
+ *   "result": "PASS"
+ * }
+ * *\/
+ * // example id: example-2
+ * ```
+ *
+ * @example Failing check. Permissive S3 Bucket resource policy.
+ * ```javascript
+ * //
+ * const input = {
+ *   "access": [
+ *     {
+ *       "resources": [
+ *         "arn:aws:s3:::my-bucket/*"
+ *       ]
+ *     }
+ *   ],
+ *   "policyDocument": "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::my-bucket/*\"}]}",
+ *   "policyType": "RESOURCE_POLICY"
+ * };
+ * const command = new CheckAccessNotGrantedCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "message": "The policy document grants access to perform one or more of the listed actions or resources.",
+ *   "reasons": [
+ *     {
+ *       "description": "One or more of the listed actions or resources in the statement with sid: AllowJohnDoe.",
+ *       "statementId": "AllowJohnDoe",
+ *       "statementIndex": 0
+ *     }
+ *   ],
+ *   "result": "FAIL"
+ * }
+ * *\/
+ * // example id: example-3
+ * ```
+ *
  */
 export declare class CheckAccessNotGrantedCommand extends CheckAccessNotGrantedCommand_base {
 }

package/dist-types/commands/CheckNoPublicAccessCommand.d.ts

@@ -0,0 +1,131 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { AccessAnalyzerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../AccessAnalyzerClient";
+import { CheckNoPublicAccessRequest, CheckNoPublicAccessResponse } from "../models/models_0";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link CheckNoPublicAccessCommand}.
+ */
+export interface CheckNoPublicAccessCommandInput extends CheckNoPublicAccessRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link CheckNoPublicAccessCommand}.
+ */
+export interface CheckNoPublicAccessCommandOutput extends CheckNoPublicAccessResponse, __MetadataBearer {
+}
+declare const CheckNoPublicAccessCommand_base: {
+    new (input: CheckNoPublicAccessCommandInput): import("@smithy/smithy-client").CommandImpl<CheckNoPublicAccessCommandInput, CheckNoPublicAccessCommandOutput, AccessAnalyzerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (__0_0: CheckNoPublicAccessCommandInput): import("@smithy/smithy-client").CommandImpl<CheckNoPublicAccessCommandInput, CheckNoPublicAccessCommandOutput, AccessAnalyzerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Checks whether a resource policy can grant public access to the specified resource
+ *          type.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { AccessAnalyzerClient, CheckNoPublicAccessCommand } from "@aws-sdk/client-accessanalyzer"; // ES Modules import
+ * // const { AccessAnalyzerClient, CheckNoPublicAccessCommand } = require("@aws-sdk/client-accessanalyzer"); // CommonJS import
+ * const client = new AccessAnalyzerClient(config);
+ * const input = { // CheckNoPublicAccessRequest
+ *   policyDocument: "STRING_VALUE", // required
+ *   resourceType: "STRING_VALUE", // required
+ * };
+ * const command = new CheckNoPublicAccessCommand(input);
+ * const response = await client.send(command);
+ * // { // CheckNoPublicAccessResponse
+ * //   result: "STRING_VALUE",
+ * //   message: "STRING_VALUE",
+ * //   reasons: [ // ReasonSummaryList
+ * //     { // ReasonSummary
+ * //       description: "STRING_VALUE",
+ * //       statementIndex: Number("int"),
+ * //       statementId: "STRING_VALUE",
+ * //     },
+ * //   ],
+ * // };
+ *
+ * ```
+ *
+ * @param CheckNoPublicAccessCommandInput - {@link CheckNoPublicAccessCommandInput}
+ * @returns {@link CheckNoPublicAccessCommandOutput}
+ * @see {@link CheckNoPublicAccessCommandInput} for command's `input` shape.
+ * @see {@link CheckNoPublicAccessCommandOutput} for command's `response` shape.
+ * @see {@link AccessAnalyzerClientResolvedConfig | config} for AccessAnalyzerClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You do not have sufficient access to perform this action.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>Internal server error.</p>
+ *
+ * @throws {@link InvalidParameterException} (client fault)
+ *  <p>The specified parameter is invalid.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>Throttling limit exceeded error.</p>
+ *
+ * @throws {@link UnprocessableEntityException} (client fault)
+ *  <p>The specified entity could not be processed.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>Validation exception error.</p>
+ *
+ * @throws {@link AccessAnalyzerServiceException}
+ * <p>Base exception class for all service exceptions from AccessAnalyzer service.</p>
+ *
+ * @public
+ * @example Passing check. S3 Bucket policy without public access.
+ * ```javascript
+ * //
+ * const input = {
+ *   "policyDocument": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Bob\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::111122223333:user/JohnDoe\"},\"Action\":[\"s3:GetObject\"]}]}",
+ *   "resourceType": "AWS::S3::Bucket"
+ * };
+ * const command = new CheckNoPublicAccessCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "message": "The resource policy does not grant public access for the given resource type.",
+ *   "result": "PASS"
+ * }
+ * *\/
+ * // example id: example-1
+ * ```
+ *
+ * @example Failing check. S3 Bucket policy with public access.
+ * ```javascript
+ * //
+ * const input = {
+ *   "policyDocument": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Bob\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":[\"s3:GetObject\"]}]}",
+ *   "resourceType": "AWS::S3::Bucket"
+ * };
+ * const command = new CheckNoPublicAccessCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "message": "The resource policy grants public access for the given resource type.",
+ *   "reasons": [
+ *     {
+ *       "description": "Public access granted in the following statement with sid: Bob.",
+ *       "statementId": "Bob",
+ *       "statementIndex": 0
+ *     }
+ *   ],
+ *   "result": "FAIL"
+ * }
+ * *\/
+ * // example id: example-2
+ * ```
+ *
+ */
+export declare class CheckNoPublicAccessCommand extends CheckNoPublicAccessCommand_base {
+}