npm - @aws-sdk/client-accessanalyzer - Versions diffs - 3.592.0 → 3.596.0 - Mend

@aws-sdk/client-accessanalyzer 3.592.0 → 3.596.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/README.md +24 -0
package/dist-cjs/index.js +241 -1
package/dist-es/AccessAnalyzer.js +6 -0
package/dist-es/commands/CheckNoPublicAccessCommand.js +25 -0
package/dist-es/commands/GenerateFindingRecommendationCommand.js +24 -0
package/dist-es/commands/GetFindingRecommendationCommand.js +24 -0
package/dist-es/commands/index.js +3 -0
package/dist-es/models/models_0.js +49 -0
package/dist-es/pagination/GetFindingRecommendationPaginator.js +4 -0
package/dist-es/pagination/index.js +1 -0
package/dist-es/protocols/Aws_restJson1.js +111 -0
package/dist-types/AccessAnalyzer.d.ts +21 -0
package/dist-types/AccessAnalyzerClient.d.ts +5 -2
package/dist-types/commands/CheckAccessNotGrantedCommand.d.ts +86 -1
package/dist-types/commands/CheckNoPublicAccessCommand.d.ts +131 -0
package/dist-types/commands/GenerateFindingRecommendationCommand.d.ts +95 -0
package/dist-types/commands/GetFindingRecommendationCommand.d.ts +194 -0
package/dist-types/commands/index.d.ts +3 -0
package/dist-types/models/models_0.d.ts +308 -5
package/dist-types/pagination/GetFindingRecommendationPaginator.d.ts +7 -0
package/dist-types/pagination/index.d.ts +1 -0
package/dist-types/protocols/Aws_restJson1.d.ts +27 -0
package/dist-types/ts3.4/AccessAnalyzer.d.ts +51 -0
package/dist-types/ts3.4/AccessAnalyzerClient.d.ts +18 -0
package/dist-types/ts3.4/commands/CheckNoPublicAccessCommand.d.ts +40 -0
package/dist-types/ts3.4/commands/GenerateFindingRecommendationCommand.d.ts +36 -0
package/dist-types/ts3.4/commands/GetFindingRecommendationCommand.d.ts +40 -0
package/dist-types/ts3.4/commands/index.d.ts +3 -0
package/dist-types/ts3.4/models/models_0.d.ts +110 -1
package/dist-types/ts3.4/pagination/GetFindingRecommendationPaginator.d.ts +11 -0
package/dist-types/ts3.4/pagination/index.d.ts +1 -0
package/dist-types/ts3.4/protocols/Aws_restJson1.d.ts +36 -0
package/package.json +4 -4

package/dist-types/commands/GenerateFindingRecommendationCommand.d.ts ADDED Viewed

@@ -0,0 +1,95 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { AccessAnalyzerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../AccessAnalyzerClient";
+import { GenerateFindingRecommendationRequest } from "../models/models_0";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link GenerateFindingRecommendationCommand}.
+ */
+export interface GenerateFindingRecommendationCommandInput extends GenerateFindingRecommendationRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link GenerateFindingRecommendationCommand}.
+ */
+export interface GenerateFindingRecommendationCommandOutput extends __MetadataBearer {
+}
+declare const GenerateFindingRecommendationCommand_base: {
+    new (input: GenerateFindingRecommendationCommandInput): import("@smithy/smithy-client").CommandImpl<GenerateFindingRecommendationCommandInput, GenerateFindingRecommendationCommandOutput, AccessAnalyzerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (__0_0: GenerateFindingRecommendationCommandInput): import("@smithy/smithy-client").CommandImpl<GenerateFindingRecommendationCommandInput, GenerateFindingRecommendationCommandOutput, AccessAnalyzerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Creates a recommendation for an unused permissions finding.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { AccessAnalyzerClient, GenerateFindingRecommendationCommand } from "@aws-sdk/client-accessanalyzer"; // ES Modules import
+ * // const { AccessAnalyzerClient, GenerateFindingRecommendationCommand } = require("@aws-sdk/client-accessanalyzer"); // CommonJS import
+ * const client = new AccessAnalyzerClient(config);
+ * const input = { // GenerateFindingRecommendationRequest
+ *   analyzerArn: "STRING_VALUE", // required
+ *   id: "STRING_VALUE", // required
+ * };
+ * const command = new GenerateFindingRecommendationCommand(input);
+ * const response = await client.send(command);
+ * // {};
+ *
+ * ```
+ *
+ * @param GenerateFindingRecommendationCommandInput - {@link GenerateFindingRecommendationCommandInput}
+ * @returns {@link GenerateFindingRecommendationCommandOutput}
+ * @see {@link GenerateFindingRecommendationCommandInput} for command's `input` shape.
+ * @see {@link GenerateFindingRecommendationCommandOutput} for command's `response` shape.
+ * @see {@link AccessAnalyzerClientResolvedConfig | config} for AccessAnalyzerClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You do not have sufficient access to perform this action.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>Internal server error.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>Throttling limit exceeded error.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>Validation exception error.</p>
+ *
+ * @throws {@link AccessAnalyzerServiceException}
+ * <p>Base exception class for all service exceptions from AccessAnalyzer service.</p>
+ *
+ * @public
+ * @example Successfully started generating finding recommendation
+ * ```javascript
+ * //
+ * const input = {
+ *   "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ *   "id": "finding-id"
+ * };
+ * const command = new GenerateFindingRecommendationCommand(input);
+ * await client.send(command);
+ * // example id: example-1
+ * ```
+ *
+ * @example Failed field validation for id value
+ * ```javascript
+ * //
+ * const input = {
+ *   "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ *   "id": "!"
+ * };
+ * const command = new GenerateFindingRecommendationCommand(input);
+ * await client.send(command);
+ * // example id: example-2
+ * ```
+ *
+ */
+export declare class GenerateFindingRecommendationCommand extends GenerateFindingRecommendationCommand_base {
+}

package/dist-types/commands/GetFindingRecommendationCommand.d.ts ADDED Viewed

@@ -0,0 +1,194 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { AccessAnalyzerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../AccessAnalyzerClient";
+import { GetFindingRecommendationRequest, GetFindingRecommendationResponse } from "../models/models_0";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link GetFindingRecommendationCommand}.
+ */
+export interface GetFindingRecommendationCommandInput extends GetFindingRecommendationRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link GetFindingRecommendationCommand}.
+ */
+export interface GetFindingRecommendationCommandOutput extends GetFindingRecommendationResponse, __MetadataBearer {
+}
+declare const GetFindingRecommendationCommand_base: {
+    new (input: GetFindingRecommendationCommandInput): import("@smithy/smithy-client").CommandImpl<GetFindingRecommendationCommandInput, GetFindingRecommendationCommandOutput, AccessAnalyzerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (__0_0: GetFindingRecommendationCommandInput): import("@smithy/smithy-client").CommandImpl<GetFindingRecommendationCommandInput, GetFindingRecommendationCommandOutput, AccessAnalyzerClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Retrieves information about a finding recommendation for the specified analyzer.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { AccessAnalyzerClient, GetFindingRecommendationCommand } from "@aws-sdk/client-accessanalyzer"; // ES Modules import
+ * // const { AccessAnalyzerClient, GetFindingRecommendationCommand } = require("@aws-sdk/client-accessanalyzer"); // CommonJS import
+ * const client = new AccessAnalyzerClient(config);
+ * const input = { // GetFindingRecommendationRequest
+ *   analyzerArn: "STRING_VALUE", // required
+ *   id: "STRING_VALUE", // required
+ *   maxResults: Number("int"),
+ *   nextToken: "STRING_VALUE",
+ * };
+ * const command = new GetFindingRecommendationCommand(input);
+ * const response = await client.send(command);
+ * // { // GetFindingRecommendationResponse
+ * //   startedAt: new Date("TIMESTAMP"), // required
+ * //   completedAt: new Date("TIMESTAMP"),
+ * //   nextToken: "STRING_VALUE",
+ * //   error: { // RecommendationError
+ * //     code: "STRING_VALUE", // required
+ * //     message: "STRING_VALUE", // required
+ * //   },
+ * //   resourceArn: "STRING_VALUE", // required
+ * //   recommendedSteps: [ // RecommendedStepList
+ * //     { // RecommendedStep Union: only one key present
+ * //       unusedPermissionsRecommendedStep: { // UnusedPermissionsRecommendedStep
+ * //         policyUpdatedAt: new Date("TIMESTAMP"),
+ * //         recommendedAction: "STRING_VALUE", // required
+ * //         recommendedPolicy: "STRING_VALUE",
+ * //         existingPolicyId: "STRING_VALUE",
+ * //       },
+ * //     },
+ * //   ],
+ * //   recommendationType: "STRING_VALUE", // required
+ * //   status: "STRING_VALUE", // required
+ * // };
+ *
+ * ```
+ *
+ * @param GetFindingRecommendationCommandInput - {@link GetFindingRecommendationCommandInput}
+ * @returns {@link GetFindingRecommendationCommandOutput}
+ * @see {@link GetFindingRecommendationCommandInput} for command's `input` shape.
+ * @see {@link GetFindingRecommendationCommandOutput} for command's `response` shape.
+ * @see {@link AccessAnalyzerClientResolvedConfig | config} for AccessAnalyzerClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You do not have sufficient access to perform this action.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>Internal server error.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The specified resource could not be found.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>Throttling limit exceeded error.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>Validation exception error.</p>
+ *
+ * @throws {@link AccessAnalyzerServiceException}
+ * <p>Base exception class for all service exceptions from AccessAnalyzer service.</p>
+ *
+ * @public
+ * @example Successfully fetched finding recommendation
+ * ```javascript
+ * //
+ * const input = {
+ *   "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ *   "id": "finding-id",
+ *   "maxResults": 3,
+ *   "nextToken": "token"
+ * };
+ * const command = new GetFindingRecommendationCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "completedAt": "2000-01-01T00:00:01Z",
+ *   "recommendationType": "UnusedPermissionRecommendation",
+ *   "recommendedSteps": [
+ *     {
+ *       "unusedPermissionsRecommendedStep": {
+ *         "existingPolicyId": "policy-id",
+ *         "recommendedAction": "DETACH_POLICY"
+ *       }
+ *     },
+ *     {
+ *       "unusedPermissionsRecommendedStep": {
+ *         "existingPolicyId": "policy-id",
+ *         "recommendedAction": "CREATE_POLICY",
+ *         "recommendedPolicy": "policy-content"
+ *       }
+ *     }
+ *   ],
+ *   "resourceArn": "arn:aws:iam::111122223333:role/test",
+ *   "startedAt": "2000-01-01T00:00:00Z",
+ *   "status": "SUCCEEDED"
+ * }
+ * *\/
+ * // example id: example-1
+ * ```
+ *
+ * @example In progress finding recommendation
+ * ```javascript
+ * //
+ * const input = {
+ *   "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ *   "id": "finding-id",
+ *   "maxResults": 3
+ * };
+ * const command = new GetFindingRecommendationCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "recommendationType": "UnusedPermissionRecommendation",
+ *   "resourceArn": "arn:aws:iam::111122223333:role/test",
+ *   "startedAt": "2000-01-01T00:00:00Z",
+ *   "status": "IN_PROGRESS"
+ * }
+ * *\/
+ * // example id: example-2
+ * ```
+ *
+ * @example Failed finding recommendation
+ * ```javascript
+ * //
+ * const input = {
+ *   "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ *   "id": "finding-id",
+ *   "maxResults": 3
+ * };
+ * const command = new GetFindingRecommendationCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "completedAt": "2000-01-01T00:00:01Z",
+ *   "error": {
+ *     "code": "SERVICE_ERROR",
+ *     "message": "Service error. Please try again."
+ *   },
+ *   "recommendationType": "UnusedPermissionRecommendation",
+ *   "resourceArn": "arn:aws:iam::111122223333:role/test",
+ *   "startedAt": "2000-01-01T00:00:00Z",
+ *   "status": "FAILED"
+ * }
+ * *\/
+ * // example id: example-3
+ * ```
+ *
+ * @example Failed field validation for id value
+ * ```javascript
+ * //
+ * const input = {
+ *   "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ *   "id": "!"
+ * };
+ * const command = new GetFindingRecommendationCommand(input);
+ * await client.send(command);
+ * // example id: example-4
+ * ```
+ *
+ */
+export declare class GetFindingRecommendationCommand extends GetFindingRecommendationCommand_base {
+}

package/dist-types/commands/index.d.ts CHANGED Viewed

@@ -2,16 +2,19 @@ export * from "./ApplyArchiveRuleCommand";
 export * from "./CancelPolicyGenerationCommand";
 export * from "./CheckAccessNotGrantedCommand";
 export * from "./CheckNoNewAccessCommand";
+export * from "./CheckNoPublicAccessCommand";
 export * from "./CreateAccessPreviewCommand";
 export * from "./CreateAnalyzerCommand";
 export * from "./CreateArchiveRuleCommand";
 export * from "./DeleteAnalyzerCommand";
 export * from "./DeleteArchiveRuleCommand";
+export * from "./GenerateFindingRecommendationCommand";
 export * from "./GetAccessPreviewCommand";
 export * from "./GetAnalyzedResourceCommand";
 export * from "./GetAnalyzerCommand";
 export * from "./GetArchiveRuleCommand";
 export * from "./GetFindingCommand";
+export * from "./GetFindingRecommendationCommand";
 export * from "./GetFindingV2Command";
 export * from "./GetGeneratedPolicyCommand";
 export * from "./ListAccessPreviewFindingsCommand";

package/dist-types/models/models_0.d.ts CHANGED Viewed

@@ -1,8 +1,8 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
 import { AccessAnalyzerServiceException as __BaseException } from "./AccessAnalyzerServiceException";
 /**
- * <p>Contains information about actions that define permissions to check against a
- *          policy.</p>
+ * <p>Contains information about actions and resources that define permissions to check
+ *          against a policy.</p>
  * @public
  */
 export interface Access {
@@ -11,7 +11,13 @@ export interface Access {
      *          in an IAM policy can be used in the list of actions to check.</p>
      * @public
      */
-    actions: string[] | undefined;
+    actions?: string[];
+    /**
+     * <p>A list of resources for the access permissions. Any strings that can be used as a
+     *          resource in an IAM policy can be used in the list of resources to check.</p>
+     * @public
+     */
+    resources?: string[];
 }
 /**
  * <p>You do not have sufficient access to perform this action.</p>
@@ -206,6 +212,7 @@ export interface ValidationExceptionField {
 export declare const ValidationExceptionReason: {
     readonly CANNOT_PARSE: "cannotParse";
     readonly FIELD_VALIDATION_FAILED: "fieldValidationFailed";
+    readonly NOT_SUPPORTED: "notSupported";
     readonly OTHER: "other";
     readonly UNKNOWN_OPERATION: "unknownOperation";
 };
@@ -720,7 +727,11 @@ export interface CheckAccessNotGrantedRequest {
     policyDocument: string | undefined;
     /**
      * <p>An access object containing the permissions that shouldn't be granted by the specified
-     *          policy.</p>
+     *          policy. If only actions are specified, IAM Access Analyzer checks for access of the actions on
+     *          all resources in the policy. If only resources are specified, then IAM Access Analyzer checks
+     *          which actions have access to the specified resources. If both actions and resources are
+     *          specified, then IAM Access Analyzer checks which of the specified actions have access to the
+     *          specified resources.</p>
      * @public
      */
     access: Access[] | undefined;
@@ -876,6 +887,90 @@ export interface CheckNoNewAccessResponse {
      */
     reasons?: ReasonSummary[];
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const AccessCheckResourceType: {
+    readonly DYNAMODB_STREAM: "AWS::DynamoDB::Stream";
+    readonly DYNAMODB_TABLE: "AWS::DynamoDB::Table";
+    readonly EFS_FILESYSTEM: "AWS::EFS::FileSystem";
+    readonly KINESIS_DATA_STREAM: "AWS::Kinesis::Stream";
+    readonly KINESIS_STREAM_CONSUMER: "AWS::Kinesis::StreamConsumer";
+    readonly KMS_KEY: "AWS::KMS::Key";
+    readonly LAMBDA_FUNCTION: "AWS::Lambda::Function";
+    readonly OPENSEARCHSERVICE_DOMAIN: "AWS::OpenSearchService::Domain";
+    readonly ROLE_TRUST: "AWS::IAM::AssumeRolePolicyDocument";
+    readonly S3EXPRESS_DIRECTORYBUCKET: "AWS::S3Express::DirectoryBucket";
+    readonly S3_ACCESS_POINT: "AWS::S3::AccessPoint";
+    readonly S3_BUCKET: "AWS::S3::Bucket";
+    readonly S3_GLACIER: "AWS::S3::Glacier";
+    readonly S3_OUTPOSTS_ACCESS_POINT: "AWS::S3Outposts::AccessPoint";
+    readonly S3_OUTPOSTS_BUCKET: "AWS::S3Outposts::Bucket";
+    readonly SECRETSMANAGER_SECRET: "AWS::SecretsManager::Secret";
+    readonly SNS_TOPIC: "AWS::SNS::Topic";
+    readonly SQS_QUEUE: "AWS::SQS::Queue";
+};
+/**
+ * @public
+ */
+export type AccessCheckResourceType = (typeof AccessCheckResourceType)[keyof typeof AccessCheckResourceType];
+/**
+ * @public
+ */
+export interface CheckNoPublicAccessRequest {
+    /**
+     * <p>The JSON policy document to evaluate for public access.</p>
+     * @public
+     */
+    policyDocument: string | undefined;
+    /**
+     * <p>The type of resource to evaluate for public access. For example, to check for public
+     *          access to Amazon S3 buckets, you can choose <code>AWS::S3::Bucket</code> for the resource
+     *          type.</p>
+     *          <p>For resource types not supported as valid values, IAM Access Analyzer will return an
+     *          error.</p>
+     * @public
+     */
+    resourceType: AccessCheckResourceType | undefined;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const CheckNoPublicAccessResult: {
+    readonly FAIL: "FAIL";
+    readonly PASS: "PASS";
+};
+/**
+ * @public
+ */
+export type CheckNoPublicAccessResult = (typeof CheckNoPublicAccessResult)[keyof typeof CheckNoPublicAccessResult];
+/**
+ * @public
+ */
+export interface CheckNoPublicAccessResponse {
+    /**
+     * <p>The result of the check for public access to the specified resource type. If the result
+     *          is <code>PASS</code>, the policy doesn't allow public access to the specified resource
+     *          type. If the result is <code>FAIL</code>, the policy might allow public access to the
+     *          specified resource type.</p>
+     * @public
+     */
+    result?: CheckNoPublicAccessResult;
+    /**
+     * <p>The message indicating whether the specified policy allows public access to
+     *          resources.</p>
+     * @public
+     */
+    message?: string;
+    /**
+     * <p>A list of reasons why the specified resource policy grants public access for the
+     *          resource type.</p>
+     * @public
+     */
+    reasons?: ReasonSummary[];
+}
 /**
  * <p>The proposed access control configuration for a DynamoDB stream. You can propose a
  *          configuration for a new DynamoDB stream or an existing DynamoDB stream that you own by specifying
@@ -2075,6 +2170,22 @@ export interface CreateAccessPreviewResponse {
      */
     id: string | undefined;
 }
+/**
+ * @public
+ */
+export interface GenerateFindingRecommendationRequest {
+    /**
+     * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
+     *             the analyzer</a> used to generate the finding recommendation.</p>
+     * @public
+     */
+    analyzerArn: string | undefined;
+    /**
+     * <p>The unique ID for the finding recommendation.</p>
+     * @public
+     */
+    id: string | undefined;
+}
 /**
  * @public
  */
@@ -2442,6 +2553,194 @@ export interface GetFindingResponse {
      */
     finding?: Finding;
 }
+/**
+ * @public
+ */
+export interface GetFindingRecommendationRequest {
+    /**
+     * <p>The <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources">ARN of
+     *             the analyzer</a> used to generate the finding recommendation.</p>
+     * @public
+     */
+    analyzerArn: string | undefined;
+    /**
+     * <p>The unique ID for the finding recommendation.</p>
+     * @public
+     */
+    id: string | undefined;
+    /**
+     * <p>The maximum number of results to return in the response.</p>
+     * @public
+     */
+    maxResults?: number;
+    /**
+     * <p>A token used for pagination of results returned.</p>
+     * @public
+     */
+    nextToken?: string;
+}
+/**
+ * <p>Contains information about the reason that the retrieval of a recommendation for a
+ *          finding failed.</p>
+ * @public
+ */
+export interface RecommendationError {
+    /**
+     * <p>The error code for a failed retrieval of a recommendation for a finding.</p>
+     * @public
+     */
+    code: string | undefined;
+    /**
+     * <p>The error message for a failed retrieval of a recommendation for a finding.</p>
+     * @public
+     */
+    message: string | undefined;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const RecommendationType: {
+    readonly UNUSED_PERMISSION_RECOMMENDATION: "UnusedPermissionRecommendation";
+};
+/**
+ * @public
+ */
+export type RecommendationType = (typeof RecommendationType)[keyof typeof RecommendationType];
+/**
+ * @public
+ * @enum
+ */
+export declare const RecommendedRemediationAction: {
+    readonly CREATE_POLICY: "CREATE_POLICY";
+    readonly DETACH_POLICY: "DETACH_POLICY";
+};
+/**
+ * @public
+ */
+export type RecommendedRemediationAction = (typeof RecommendedRemediationAction)[keyof typeof RecommendedRemediationAction];
+/**
+ * <p>Contains information about the action to take for a policy in an unused permissions
+ *          finding.</p>
+ * @public
+ */
+export interface UnusedPermissionsRecommendedStep {
+    /**
+     * <p>The time at which the existing policy for the unused permissions finding was last
+     *          updated.</p>
+     * @public
+     */
+    policyUpdatedAt?: Date;
+    /**
+     * <p>A recommendation of whether to create or detach a policy for an unused permissions
+     *          finding.</p>
+     * @public
+     */
+    recommendedAction: RecommendedRemediationAction | undefined;
+    /**
+     * <p>If the recommended action for the unused permissions finding is to replace the existing
+     *          policy, the contents of the recommended policy to replace the policy specified in the
+     *             <code>existingPolicyId</code> field.</p>
+     * @public
+     */
+    recommendedPolicy?: string;
+    /**
+     * <p>If the recommended action for the unused permissions finding is to detach a policy, the
+     *          ID of an existing policy to be detached.</p>
+     * @public
+     */
+    existingPolicyId?: string;
+}
+/**
+ * <p>Contains information about a recommended step for an unused access analyzer
+ *          finding.</p>
+ * @public
+ */
+export type RecommendedStep = RecommendedStep.UnusedPermissionsRecommendedStepMember | RecommendedStep.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace RecommendedStep {
+    /**
+     * <p>A recommended step for an unused permissions finding.</p>
+     * @public
+     */
+    interface UnusedPermissionsRecommendedStepMember {
+        unusedPermissionsRecommendedStep: UnusedPermissionsRecommendedStep;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        unusedPermissionsRecommendedStep?: never;
+        $unknown: [string, any];
+    }
+    interface Visitor<T> {
+        unusedPermissionsRecommendedStep: (value: UnusedPermissionsRecommendedStep) => T;
+        _: (name: string, value: any) => T;
+    }
+    const visit: <T>(value: RecommendedStep, visitor: Visitor<T>) => T;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const Status: {
+    readonly FAILED: "FAILED";
+    readonly IN_PROGRESS: "IN_PROGRESS";
+    readonly SUCCEEDED: "SUCCEEDED";
+};
+/**
+ * @public
+ */
+export type Status = (typeof Status)[keyof typeof Status];
+/**
+ * @public
+ */
+export interface GetFindingRecommendationResponse {
+    /**
+     * <p>The time at which the retrieval of the finding recommendation was started.</p>
+     * @public
+     */
+    startedAt: Date | undefined;
+    /**
+     * <p>The time at which the retrieval of the finding recommendation was completed.</p>
+     * @public
+     */
+    completedAt?: Date;
+    /**
+     * <p>A token used for pagination of results returned.</p>
+     * @public
+     */
+    nextToken?: string;
+    /**
+     * <p>Detailed information about the reason that the retrieval of a recommendation for the
+     *          finding failed.</p>
+     * @public
+     */
+    error?: RecommendationError;
+    /**
+     * <p>The ARN of the resource of the finding.</p>
+     * @public
+     */
+    resourceArn: string | undefined;
+    /**
+     * <p>A group of recommended steps for the finding.</p>
+     * @public
+     */
+    recommendedSteps?: RecommendedStep[];
+    /**
+     * <p>The type of recommendation for the finding.</p>
+     * @public
+     */
+    recommendationType: RecommendationType | undefined;
+    /**
+     * <p>The status of the retrieval of the finding recommendation.</p>
+     * @public
+     */
+    status: Status | undefined;
+}
 /**
  * @public
  */
@@ -2587,7 +2886,7 @@ export interface UnusedPermissionDetails {
      */
     serviceNamespace: string | undefined;
     /**
-     * <p>The time at which the permission last accessed.</p>
+     * <p>The time at which the permission was last accessed.</p>
      * @public
      */
     lastAccessed?: Date;
@@ -4202,3 +4501,7 @@ export declare const CheckAccessNotGrantedRequestFilterSensitiveLog: (obj: Check
  * @internal
  */
 export declare const CheckNoNewAccessRequestFilterSensitiveLog: (obj: CheckNoNewAccessRequest) => any;
+/**
+ * @internal
+ */
+export declare const CheckNoPublicAccessRequestFilterSensitiveLog: (obj: CheckNoPublicAccessRequest) => any;

package/dist-types/pagination/GetFindingRecommendationPaginator.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { Paginator } from "@smithy/types";
+import { GetFindingRecommendationCommandInput, GetFindingRecommendationCommandOutput } from "../commands/GetFindingRecommendationCommand";
+import { AccessAnalyzerPaginationConfiguration } from "./Interfaces";
+/**
+ * @public
+ */
+export declare const paginateGetFindingRecommendation: (config: AccessAnalyzerPaginationConfiguration, input: GetFindingRecommendationCommandInput, ...rest: any[]) => Paginator<GetFindingRecommendationCommandOutput>;

package/dist-types/pagination/index.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+export * from "./GetFindingRecommendationPaginator";
 export * from "./GetFindingV2Paginator";
 export * from "./Interfaces";
 export * from "./ListAccessPreviewFindingsPaginator";