@aws-sdk/client-accessanalyzer 3.595.0 → 3.598.0

package/dist-types/commands/CheckAccessNotGrantedCommand.d.ts

@@ -92,6 +92,88 @@ declare const CheckAccessNotGrantedCommand_base: {
  * <p>Base exception class for all service exceptions from AccessAnalyzer service.</p>
  *
  * @public
+ * @example Passing check. Restrictive identity policy.
+ * ```javascript
+ * //
+ * const input = {
+ *   "access": [
+ *     {
+ *       "actions": [
+ *         "s3:PutObject"
+ *       ]
+ *     }
+ *   ],
+ *   "policyDocument": "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:GetObject\",\"Resource\":\"*\"}]}",
+ *   "policyType": "RESOURCE_POLICY"
+ * };
+ * const command = new CheckAccessNotGrantedCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "message": "The policy document does not grant access to perform the listed actions or resources.",
+ *   "result": "PASS"
+ * }
+ * *\/
+ * // example id: example-1
+ * ```
+ *
+ * @example Passing check. Restrictive S3 Bucket resource policy.
+ * ```javascript
+ * //
+ * const input = {
+ *   "access": [
+ *     {
+ *       "resources": [
+ *         "arn:aws:s3:::sensitive-bucket/*"
+ *       ]
+ *     }
+ *   ],
+ *   "policyDocument": "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::non-sensitive-bucket/*\"}]}",
+ *   "policyType": "RESOURCE_POLICY"
+ * };
+ * const command = new CheckAccessNotGrantedCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "message": "The policy document does not grant access to perform the listed actions or resources.",
+ *   "result": "PASS"
+ * }
+ * *\/
+ * // example id: example-2
+ * ```
+ *
+ * @example Failing check. Permissive S3 Bucket resource policy.
+ * ```javascript
+ * //
+ * const input = {
+ *   "access": [
+ *     {
+ *       "resources": [
+ *         "arn:aws:s3:::my-bucket/*"
+ *       ]
+ *     }
+ *   ],
+ *   "policyDocument": "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::my-bucket/*\"}]}",
+ *   "policyType": "RESOURCE_POLICY"
+ * };
+ * const command = new CheckAccessNotGrantedCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "message": "The policy document grants access to perform one or more of the listed actions or resources.",
+ *   "reasons": [
+ *     {
+ *       "description": "One or more of the listed actions or resources in the statement with sid: AllowJohnDoe.",
+ *       "statementId": "AllowJohnDoe",
+ *       "statementIndex": 0
+ *     }
+ *   ],
+ *   "result": "FAIL"
+ * }
+ * *\/
+ * // example id: example-3
+ * ```
+ *
  */
 export declare class CheckAccessNotGrantedCommand extends CheckAccessNotGrantedCommand_base {
 }

package/dist-types/commands/CheckNoPublicAccessCommand.d.ts

@@ -83,6 +83,49 @@ declare const CheckNoPublicAccessCommand_base: {
  * <p>Base exception class for all service exceptions from AccessAnalyzer service.</p>
  *
  * @public
+ * @example Passing check. S3 Bucket policy without public access.
+ * ```javascript
+ * //
+ * const input = {
+ *   "policyDocument": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Bob\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::111122223333:user/JohnDoe\"},\"Action\":[\"s3:GetObject\"]}]}",
+ *   "resourceType": "AWS::S3::Bucket"
+ * };
+ * const command = new CheckNoPublicAccessCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "message": "The resource policy does not grant public access for the given resource type.",
+ *   "result": "PASS"
+ * }
+ * *\/
+ * // example id: example-1
+ * ```
+ *
+ * @example Failing check. S3 Bucket policy with public access.
+ * ```javascript
+ * //
+ * const input = {
+ *   "policyDocument": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Bob\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":[\"s3:GetObject\"]}]}",
+ *   "resourceType": "AWS::S3::Bucket"
+ * };
+ * const command = new CheckNoPublicAccessCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "message": "The resource policy grants public access for the given resource type.",
+ *   "reasons": [
+ *     {
+ *       "description": "Public access granted in the following statement with sid: Bob.",
+ *       "statementId": "Bob",
+ *       "statementIndex": 0
+ *     }
+ *   ],
+ *   "result": "FAIL"
+ * }
+ * *\/
+ * // example id: example-2
+ * ```
+ *
  */
 export declare class CheckNoPublicAccessCommand extends CheckNoPublicAccessCommand_base {
 }

package/dist-types/commands/GenerateFindingRecommendationCommand.d.ts

@@ -66,6 +66,30 @@ declare const GenerateFindingRecommendationCommand_base: {
  * <p>Base exception class for all service exceptions from AccessAnalyzer service.</p>
  *
  * @public
+ * @example Successfully started generating finding recommendation
+ * ```javascript
+ * //
+ * const input = {
+ *   "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ *   "id": "finding-id"
+ * };
+ * const command = new GenerateFindingRecommendationCommand(input);
+ * await client.send(command);
+ * // example id: example-1
+ * ```
+ *
+ * @example Failed field validation for id value
+ * ```javascript
+ * //
+ * const input = {
+ *   "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ *   "id": "!"
+ * };
+ * const command = new GenerateFindingRecommendationCommand(input);
+ * await client.send(command);
+ * // example id: example-2
+ * ```
+ *
  */
 export declare class GenerateFindingRecommendationCommand extends GenerateFindingRecommendationCommand_base {
 }

package/dist-types/commands/GetFindingRecommendationCommand.d.ts

@@ -92,6 +92,103 @@ declare const GetFindingRecommendationCommand_base: {
  * <p>Base exception class for all service exceptions from AccessAnalyzer service.</p>
  *
  * @public
+ * @example Successfully fetched finding recommendation
+ * ```javascript
+ * //
+ * const input = {
+ *   "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ *   "id": "finding-id",
+ *   "maxResults": 3,
+ *   "nextToken": "token"
+ * };
+ * const command = new GetFindingRecommendationCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "completedAt": "2000-01-01T00:00:01Z",
+ *   "recommendationType": "UnusedPermissionRecommendation",
+ *   "recommendedSteps": [
+ *     {
+ *       "unusedPermissionsRecommendedStep": {
+ *         "existingPolicyId": "policy-id",
+ *         "recommendedAction": "DETACH_POLICY"
+ *       }
+ *     },
+ *     {
+ *       "unusedPermissionsRecommendedStep": {
+ *         "existingPolicyId": "policy-id",
+ *         "recommendedAction": "CREATE_POLICY",
+ *         "recommendedPolicy": "policy-content"
+ *       }
+ *     }
+ *   ],
+ *   "resourceArn": "arn:aws:iam::111122223333:role/test",
+ *   "startedAt": "2000-01-01T00:00:00Z",
+ *   "status": "SUCCEEDED"
+ * }
+ * *\/
+ * // example id: example-1
+ * ```
+ *
+ * @example In progress finding recommendation
+ * ```javascript
+ * //
+ * const input = {
+ *   "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ *   "id": "finding-id",
+ *   "maxResults": 3
+ * };
+ * const command = new GetFindingRecommendationCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "recommendationType": "UnusedPermissionRecommendation",
+ *   "resourceArn": "arn:aws:iam::111122223333:role/test",
+ *   "startedAt": "2000-01-01T00:00:00Z",
+ *   "status": "IN_PROGRESS"
+ * }
+ * *\/
+ * // example id: example-2
+ * ```
+ *
+ * @example Failed finding recommendation
+ * ```javascript
+ * //
+ * const input = {
+ *   "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ *   "id": "finding-id",
+ *   "maxResults": 3
+ * };
+ * const command = new GetFindingRecommendationCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "completedAt": "2000-01-01T00:00:01Z",
+ *   "error": {
+ *     "code": "SERVICE_ERROR",
+ *     "message": "Service error. Please try again."
+ *   },
+ *   "recommendationType": "UnusedPermissionRecommendation",
+ *   "resourceArn": "arn:aws:iam::111122223333:role/test",
+ *   "startedAt": "2000-01-01T00:00:00Z",
+ *   "status": "FAILED"
+ * }
+ * *\/
+ * // example id: example-3
+ * ```
+ *
+ * @example Failed field validation for id value
+ * ```javascript
+ * //
+ * const input = {
+ *   "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ *   "id": "!"
+ * };
+ * const command = new GetFindingRecommendationCommand(input);
+ * await client.send(command);
+ * // example id: example-4
+ * ```
+ *
  */
 export declare class GetFindingRecommendationCommand extends GetFindingRecommendationCommand_base {
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-accessanalyzer",
   "description": "AWS SDK for JavaScript Accessanalyzer Client for Node.js, Browser and React Native",
-  "version": "3.595.0",
+  "version": "3.598.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-accessanalyzer",
@@ -18,45 +18,45 @@
   "module": "./dist-es/index.js",
   "sideEffects": false,
   "dependencies": {
-    "@aws-crypto/sha256-browser": "3.0.0",
-    "@aws-crypto/sha256-js": "3.0.0",
-    "@aws-sdk/client-sso-oidc": "3.592.0",
-    "@aws-sdk/client-sts": "3.592.0",
-    "@aws-sdk/core": "3.592.0",
-    "@aws-sdk/credential-provider-node": "3.592.0",
-    "@aws-sdk/middleware-host-header": "3.577.0",
-    "@aws-sdk/middleware-logger": "3.577.0",
-    "@aws-sdk/middleware-recursion-detection": "3.577.0",
-    "@aws-sdk/middleware-user-agent": "3.587.0",
-    "@aws-sdk/region-config-resolver": "3.587.0",
-    "@aws-sdk/types": "3.577.0",
-    "@aws-sdk/util-endpoints": "3.587.0",
-    "@aws-sdk/util-user-agent-browser": "3.577.0",
-    "@aws-sdk/util-user-agent-node": "3.587.0",
-    "@smithy/config-resolver": "^3.0.1",
-    "@smithy/core": "^2.2.0",
-    "@smithy/fetch-http-handler": "^3.0.1",
-    "@smithy/hash-node": "^3.0.0",
-    "@smithy/invalid-dependency": "^3.0.0",
-    "@smithy/middleware-content-length": "^3.0.0",
-    "@smithy/middleware-endpoint": "^3.0.1",
-    "@smithy/middleware-retry": "^3.0.3",
-    "@smithy/middleware-serde": "^3.0.0",
-    "@smithy/middleware-stack": "^3.0.0",
-    "@smithy/node-config-provider": "^3.1.0",
-    "@smithy/node-http-handler": "^3.0.0",
-    "@smithy/protocol-http": "^4.0.0",
-    "@smithy/smithy-client": "^3.1.1",
-    "@smithy/types": "^3.0.0",
-    "@smithy/url-parser": "^3.0.0",
+    "@aws-crypto/sha256-browser": "5.2.0",
+    "@aws-crypto/sha256-js": "5.2.0",
+    "@aws-sdk/client-sso-oidc": "3.598.0",
+    "@aws-sdk/client-sts": "3.598.0",
+    "@aws-sdk/core": "3.598.0",
+    "@aws-sdk/credential-provider-node": "3.598.0",
+    "@aws-sdk/middleware-host-header": "3.598.0",
+    "@aws-sdk/middleware-logger": "3.598.0",
+    "@aws-sdk/middleware-recursion-detection": "3.598.0",
+    "@aws-sdk/middleware-user-agent": "3.598.0",
+    "@aws-sdk/region-config-resolver": "3.598.0",
+    "@aws-sdk/types": "3.598.0",
+    "@aws-sdk/util-endpoints": "3.598.0",
+    "@aws-sdk/util-user-agent-browser": "3.598.0",
+    "@aws-sdk/util-user-agent-node": "3.598.0",
+    "@smithy/config-resolver": "^3.0.2",
+    "@smithy/core": "^2.2.1",
+    "@smithy/fetch-http-handler": "^3.0.2",
+    "@smithy/hash-node": "^3.0.1",
+    "@smithy/invalid-dependency": "^3.0.1",
+    "@smithy/middleware-content-length": "^3.0.1",
+    "@smithy/middleware-endpoint": "^3.0.2",
+    "@smithy/middleware-retry": "^3.0.4",
+    "@smithy/middleware-serde": "^3.0.1",
+    "@smithy/middleware-stack": "^3.0.1",
+    "@smithy/node-config-provider": "^3.1.1",
+    "@smithy/node-http-handler": "^3.0.1",
+    "@smithy/protocol-http": "^4.0.1",
+    "@smithy/smithy-client": "^3.1.2",
+    "@smithy/types": "^3.1.0",
+    "@smithy/url-parser": "^3.0.1",
     "@smithy/util-base64": "^3.0.0",
     "@smithy/util-body-length-browser": "^3.0.0",
     "@smithy/util-body-length-node": "^3.0.0",
-    "@smithy/util-defaults-mode-browser": "^3.0.3",
-    "@smithy/util-defaults-mode-node": "^3.0.3",
-    "@smithy/util-endpoints": "^2.0.1",
-    "@smithy/util-middleware": "^3.0.0",
-    "@smithy/util-retry": "^3.0.0",
+    "@smithy/util-defaults-mode-browser": "^3.0.4",
+    "@smithy/util-defaults-mode-node": "^3.0.4",
+    "@smithy/util-endpoints": "^2.0.2",
+    "@smithy/util-middleware": "^3.0.1",
+    "@smithy/util-retry": "^3.0.1",
     "@smithy/util-utf8": "^3.0.0",
     "tslib": "^2.6.2",
     "uuid": "^9.0.1"