@aws-sdk/client-accessanalyzer 3.686.0 → 3.691.0

package/dist-types/models/models_0.d.ts

@@ -11,13 +11,15 @@ export interface Access {
      *          in an IAM policy can be used in the list of actions to check.</p>
      * @public
      */
-    actions?: string[];
+    actions?: string[] | undefined;
     /**
-     * <p>A list of resources for the access permissions. Any strings that can be used as a
-     *          resource in an IAM policy can be used in the list of resources to check.</p>
+     * <p>A list of resources for the access permissions. Any strings that can be used as an
+     *          Amazon Resource Name (ARN) in an IAM policy can be used in the list of resources to
+     *          check. You can only use a wildcard in the portion of the ARN that specifies the resource
+     *          ID.</p>
      * @public
      */
-    resources?: string[];
+    resources?: string[] | undefined;
 }
 /**
  * <p>You do not have sufficient access to perform this action.</p>
@@ -64,22 +66,22 @@ export interface Criterion {
      * <p>An "equals" operator to match for the filter used to create the rule.</p>
      * @public
      */
-    eq?: string[];
+    eq?: string[] | undefined;
     /**
      * <p>A "not equals" operator to match for the filter used to create the rule.</p>
      * @public
      */
-    neq?: string[];
+    neq?: string[] | undefined;
     /**
      * <p>A "contains" operator to match for the filter used to create the rule.</p>
      * @public
      */
-    contains?: string[];
+    contains?: string[] | undefined;
     /**
      * <p>An "exists" operator to match for the filter used to create the rule. </p>
      * @public
      */
-    exists?: boolean;
+    exists?: boolean | undefined;
 }
 /**
  * <p>Creates an archive rule.</p>
@@ -105,7 +107,7 @@ export interface CreateArchiveRuleRequest {
      * <p>A client token.</p>
      * @public
      */
-    clientToken?: string;
+    clientToken?: string | undefined;
 }
 /**
  * <p>Internal server error.</p>
@@ -119,7 +121,7 @@ export declare class InternalServerException extends __BaseException {
      * <p>The seconds to wait to retry.</p>
      * @public
      */
-    retryAfterSeconds?: number;
+    retryAfterSeconds?: number | undefined;
     /**
      * @internal
      */
@@ -183,7 +185,7 @@ export declare class ThrottlingException extends __BaseException {
      * <p>The seconds to wait to retry.</p>
      * @public
      */
-    retryAfterSeconds?: number;
+    retryAfterSeconds?: number | undefined;
     /**
      * @internal
      */
@@ -236,7 +238,7 @@ export declare class ValidationException extends __BaseException {
      * <p>A list of fields that didn't validate.</p>
      * @public
      */
-    fieldList?: ValidationExceptionField[];
+    fieldList?: ValidationExceptionField[] | undefined;
     /**
      * @internal
      */
@@ -261,7 +263,7 @@ export interface DeleteArchiveRuleRequest {
      * <p>A client token.</p>
      * @public
      */
-    clientToken?: string;
+    clientToken?: string | undefined;
 }
 /**
  * <p>Retrieves an archive rule.</p>
@@ -330,12 +332,12 @@ export interface ListArchiveRulesRequest {
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
     /**
      * <p>The maximum number of results to return in the request.</p>
      * @public
      */
-    maxResults?: number;
+    maxResults?: number | undefined;
 }
 /**
  * <p>The response to the request.</p>
@@ -351,7 +353,7 @@ export interface ListArchiveRulesResponse {
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
 }
 /**
  * <p>Updates the specified archive rule.</p>
@@ -378,7 +380,7 @@ export interface UpdateArchiveRuleRequest {
      * <p>A client token.</p>
      * @public
      */
-    clientToken?: string;
+    clientToken?: string | undefined;
 }
 /**
  * <p>An criterion statement in an archive rule. Each archive rule may have multiple
@@ -410,7 +412,7 @@ export interface UnusedAccessConfiguration {
      *          days.</p>
      * @public
      */
-    unusedAccessAge?: number;
+    unusedAccessAge?: number | undefined;
 }
 /**
  * <p>Contains information about the configuration of an unused access analyzer for an Amazon Web Services
@@ -471,24 +473,24 @@ export interface CreateAnalyzerRequest {
      *          findings that meet the criteria you define for the rule.</p>
      * @public
      */
-    archiveRules?: InlineArchiveRule[];
+    archiveRules?: InlineArchiveRule[] | undefined;
     /**
      * <p>An array of key-value pairs to apply to the analyzer.</p>
      * @public
      */
-    tags?: Record<string, string>;
+    tags?: Record<string, string> | undefined;
     /**
      * <p>A client token.</p>
      * @public
      */
-    clientToken?: string;
+    clientToken?: string | undefined;
     /**
      * <p>Specifies the configuration of the analyzer. If the analyzer is an unused access
      *          analyzer, the specified scope of unused access is used for the configuration. If the
      *          analyzer is an external access analyzer, this field is not used.</p>
      * @public
      */
-    configuration?: AnalyzerConfiguration;
+    configuration?: AnalyzerConfiguration | undefined;
 }
 /**
  * <p>The response to the request to create an analyzer.</p>
@@ -499,7 +501,7 @@ export interface CreateAnalyzerResponse {
      * <p>The ARN of the analyzer that was created by the request.</p>
      * @public
      */
-    arn?: string;
+    arn?: string | undefined;
 }
 /**
  * <p>Deletes an analyzer.</p>
@@ -515,7 +517,7 @@ export interface DeleteAnalyzerRequest {
      * <p>A client token.</p>
      * @public
      */
-    clientToken?: string;
+    clientToken?: string | undefined;
 }
 /**
  * <p>Retrieves an analyzer.</p>
@@ -580,17 +582,17 @@ export interface AnalyzerSummary {
      * <p>The resource that was most recently analyzed by the analyzer.</p>
      * @public
      */
-    lastResourceAnalyzed?: string;
+    lastResourceAnalyzed?: string | undefined;
     /**
      * <p>The time at which the most recently analyzed resource was analyzed.</p>
      * @public
      */
-    lastResourceAnalyzedAt?: Date;
+    lastResourceAnalyzedAt?: Date | undefined;
     /**
      * <p>The tags added to the analyzer.</p>
      * @public
      */
-    tags?: Record<string, string>;
+    tags?: Record<string, string> | undefined;
     /**
      * <p>The status of the analyzer. An <code>Active</code> analyzer successfully monitors
      *          supported resources and generates new findings. The analyzer is <code>Disabled</code> when
@@ -609,12 +611,12 @@ export interface AnalyzerSummary {
      *          organization.</p>
      * @public
      */
-    statusReason?: StatusReason;
+    statusReason?: StatusReason | undefined;
     /**
      * <p>Specifies whether the analyzer is an external access or unused access analyzer.</p>
      * @public
      */
-    configuration?: AnalyzerConfiguration;
+    configuration?: AnalyzerConfiguration | undefined;
 }
 /**
  * <p>The response to the request.</p>
@@ -637,17 +639,17 @@ export interface ListAnalyzersRequest {
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
     /**
      * <p>The maximum number of results to return in the response.</p>
      * @public
      */
-    maxResults?: number;
+    maxResults?: number | undefined;
     /**
      * <p>The type of analyzer.</p>
      * @public
      */
-    type?: Type;
+    type?: Type | undefined;
 }
 /**
  * <p>The response to the request.</p>
@@ -663,7 +665,7 @@ export interface ListAnalyzersResponse {
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
 }
 /**
  * <p>Retroactively applies an archive rule.</p>
@@ -684,7 +686,7 @@ export interface ApplyArchiveRuleRequest {
      * <p>A client token.</p>
      * @public
      */
-    clientToken?: string;
+    clientToken?: string | undefined;
 }
 /**
  * @public
@@ -727,11 +729,11 @@ export interface CheckAccessNotGrantedRequest {
     policyDocument: string | undefined;
     /**
      * <p>An access object containing the permissions that shouldn't be granted by the specified
-     *          policy. If only actions are specified, IAM Access Analyzer checks for access of the actions on
-     *          all resources in the policy. If only resources are specified, then IAM Access Analyzer checks
-     *          which actions have access to the specified resources. If both actions and resources are
-     *          specified, then IAM Access Analyzer checks which of the specified actions have access to the
-     *          specified resources.</p>
+     *          policy. If only actions are specified, IAM Access Analyzer checks for access to peform at least
+     *          one of the actions on any resource in the policy. If only resources are specified, then
+     *          IAM Access Analyzer checks for access to perform any action on at least one of the resources. If
+     *          both actions and resources are specified, IAM Access Analyzer checks for access to perform at
+     *          least one of the specified actions on at least one of the specified resources.</p>
      * @public
      */
     access: Access[] | undefined;
@@ -739,9 +741,7 @@ export interface CheckAccessNotGrantedRequest {
      * <p>The type of policy. Identity policies grant permissions to IAM principals. Identity
      *          policies include managed and inline policies for IAM roles, users, and groups.</p>
      *          <p>Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust
-     *          policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic
-     *          input such as identity policy or resource policy or a specific input such as managed policy
-     *          or Amazon S3 bucket policy.</p>
+     *          policies for IAM roles and bucket policies for Amazon S3 buckets.</p>
      * @public
      */
     policyType: AccessCheckPolicyType | undefined;
@@ -755,17 +755,17 @@ export interface ReasonSummary {
      * <p>A description of the reasoning of a result of checking for access.</p>
      * @public
      */
-    description?: string;
+    description?: string | undefined;
     /**
      * <p>The index number of the reason statement.</p>
      * @public
      */
-    statementIndex?: number;
+    statementIndex?: number | undefined;
     /**
      * <p>The identifier for the reason statement.</p>
      * @public
      */
-    statementId?: string;
+    statementId?: string | undefined;
 }
 /**
  * @public
@@ -790,17 +790,17 @@ export interface CheckAccessNotGrantedResponse {
      *          some or all of the permissions in the access object.</p>
      * @public
      */
-    result?: CheckAccessNotGrantedResult;
+    result?: CheckAccessNotGrantedResult | undefined;
     /**
      * <p>The message indicating whether the specified access is allowed.</p>
      * @public
      */
-    message?: string;
+    message?: string | undefined;
     /**
      * <p>A description of the reasoning of the result.</p>
      * @public
      */
-    reasons?: ReasonSummary[];
+    reasons?: ReasonSummary[] | undefined;
 }
 /**
  * <p>The specified parameter is invalid.</p>
@@ -875,17 +875,17 @@ export interface CheckNoNewAccessResponse {
      *          policy might allow new access.</p>
      * @public
      */
-    result?: CheckNoNewAccessResult;
+    result?: CheckNoNewAccessResult | undefined;
     /**
      * <p>The message indicating whether the updated policy allows new access.</p>
      * @public
      */
-    message?: string;
+    message?: string | undefined;
     /**
      * <p>A description of the reasoning of the result.</p>
      * @public
      */
-    reasons?: ReasonSummary[];
+    reasons?: ReasonSummary[] | undefined;
 }
 /**
  * @public
@@ -957,19 +957,19 @@ export interface CheckNoPublicAccessResponse {
      *          specified resource type.</p>
      * @public
      */
-    result?: CheckNoPublicAccessResult;
+    result?: CheckNoPublicAccessResult | undefined;
     /**
      * <p>The message indicating whether the specified policy allows public access to
      *          resources.</p>
      * @public
      */
-    message?: string;
+    message?: string | undefined;
     /**
      * <p>A list of reasons why the specified resource policy grants public access for the
      *          resource type.</p>
      * @public
      */
-    reasons?: ReasonSummary[];
+    reasons?: ReasonSummary[] | undefined;
 }
 /**
  * <p>The proposed access control configuration for a DynamoDB stream. You can propose a
@@ -997,7 +997,7 @@ export interface DynamodbStreamConfiguration {
      * <p>The proposed resource policy defining who can access or manage the DynamoDB stream.</p>
      * @public
      */
-    streamPolicy?: string;
+    streamPolicy?: string | undefined;
 }
 /**
  * <p>The proposed access control configuration for a DynamoDB table or index. You can propose a
@@ -1025,7 +1025,7 @@ export interface DynamodbTableConfiguration {
      * <p>The proposed resource policy defining who can access or manage the DynamoDB table.</p>
      * @public
      */
-    tablePolicy?: string;
+    tablePolicy?: string | undefined;
 }
 /**
  * <p>The proposed access control configuration for an Amazon EBS volume snapshot. You can propose
@@ -1055,7 +1055,7 @@ export interface EbsSnapshotConfiguration {
      *          </ul>
      * @public
      */
-    userIds?: string[];
+    userIds?: string[] | undefined;
     /**
      * <p>The groups that have access to the Amazon EBS volume snapshot. If the value <code>all</code>
      *          is specified, then the Amazon EBS volume snapshot is public.</p>
@@ -1077,7 +1077,7 @@ export interface EbsSnapshotConfiguration {
      *          </ul>
      * @public
      */
-    groups?: string[];
+    groups?: string[] | undefined;
     /**
      * <p>The KMS key identifier for an encrypted Amazon EBS volume snapshot. The KMS key
      *          identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.</p>
@@ -1095,7 +1095,7 @@ export interface EbsSnapshotConfiguration {
      *          </ul>
      * @public
      */
-    kmsKeyId?: string;
+    kmsKeyId?: string | undefined;
 }
 /**
  * <p>The proposed access control configuration for an Amazon ECR repository. You can propose a
@@ -1125,7 +1125,7 @@ export interface EcrRepositoryConfiguration {
      *             policy examples</a> in the <i>Amazon ECR User Guide</i>.</p>
      * @public
      */
-    repositoryPolicy?: string;
+    repositoryPolicy?: string | undefined;
 }
 /**
  * <p>The proposed access control configuration for an Amazon EFS file system. You can propose a
@@ -1154,7 +1154,7 @@ export interface EfsFileSystemConfiguration {
      *          the elements that make up a file system policy, see <a href="https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies">Amazon EFS Resource-based policies</a>.</p>
      * @public
      */
-    fileSystemPolicy?: string;
+    fileSystemPolicy?: string | undefined;
 }
 /**
  * <p>The proposed access control configuration for an IAM role. You can propose a
@@ -1172,7 +1172,7 @@ export interface IamRoleConfiguration {
      * <p>The proposed trust policy for the IAM role.</p>
      * @public
      */
-    trustPolicy?: string;
+    trustPolicy?: string | undefined;
 }
 /**
  * <p>Use this structure to propose allowing <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
@@ -1190,7 +1190,7 @@ export interface KmsGrantConstraints {
      *          constraint.</p>
      * @public
      */
-    encryptionContextEquals?: Record<string, string>;
+    encryptionContextEquals?: Record<string, string> | undefined;
     /**
      * <p>A list of key-value pairs that must be included in the encryption context of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
      *             operation</a> request. The grant allows the cryptographic operation only when the
@@ -1198,7 +1198,7 @@ export interface KmsGrantConstraints {
      *          constraint, although it can include additional key-value pairs.</p>
      * @public
      */
-    encryptionContextSubset?: Record<string, string>;
+    encryptionContextSubset?: Record<string, string> | undefined;
 }
 /**
  * @public
@@ -1244,7 +1244,7 @@ export interface KmsGrantConfiguration {
      * <p>The principal that is given permission to retire the grant by using <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html">RetireGrant</a> operation.</p>
      * @public
      */
-    retiringPrincipal?: string;
+    retiringPrincipal?: string | undefined;
     /**
      * <p>Use this structure to propose allowing <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
      *             operations</a> in the grant only when the operation request includes the specified
@@ -1252,7 +1252,7 @@ export interface KmsGrantConfiguration {
      *          context</a>.</p>
      * @public
      */
-    constraints?: KmsGrantConstraints;
+    constraints?: KmsGrantConstraints | undefined;
     /**
      * <p> The Amazon Web Services account under which the grant was issued. The account is used to propose
      *          KMS grants issued by accounts other than the owner of the key.</p>
@@ -1280,7 +1280,7 @@ export interface KmsKeyConfiguration {
      *             policy</a>.</p>
      * @public
      */
-    keyPolicies?: Record<string, string>;
+    keyPolicies?: Record<string, string> | undefined;
     /**
      * <p>A list of proposed grant configurations for the KMS key. If the proposed grant
      *          configuration is for an existing key, the access preview uses the proposed list of grant
@@ -1288,7 +1288,7 @@ export interface KmsKeyConfiguration {
      *          existing grants for the key.</p>
      * @public
      */
-    grants?: KmsGrantConfiguration[];
+    grants?: KmsGrantConfiguration[] | undefined;
 }
 /**
  * <p>The values for a manual Amazon RDS DB cluster snapshot attribute.</p>
@@ -1356,7 +1356,7 @@ export interface RdsDbClusterSnapshotConfiguration {
      *          </p>
      * @public
      */
-    attributes?: Record<string, RdsDbClusterSnapshotAttributeValue>;
+    attributes?: Record<string, RdsDbClusterSnapshotAttributeValue> | undefined;
     /**
      * <p>The KMS key identifier for an encrypted Amazon RDS DB cluster snapshot. The KMS key
      *          identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.</p>
@@ -1374,7 +1374,7 @@ export interface RdsDbClusterSnapshotConfiguration {
      *          </ul>
      * @public
      */
-    kmsKeyId?: string;
+    kmsKeyId?: string | undefined;
 }
 /**
  * <p>The name and values of a manual Amazon RDS DB snapshot attribute. Manual DB snapshot
@@ -1442,7 +1442,7 @@ export interface RdsDbSnapshotConfiguration {
      *          value for <code>attributeName</code> for the attribute map is restore.</p>
      * @public
      */
-    attributes?: Record<string, RdsDbSnapshotAttributeValue>;
+    attributes?: Record<string, RdsDbSnapshotAttributeValue> | undefined;
     /**
      * <p>The KMS key identifier for an encrypted Amazon RDS DB snapshot. The KMS key identifier is
      *          the key ARN, key ID, alias ARN, or alias name for the KMS key.</p>
@@ -1460,7 +1460,7 @@ export interface RdsDbSnapshotConfiguration {
      *          </ul>
      * @public
      */
-    kmsKeyId?: string;
+    kmsKeyId?: string | undefined;
 }
 /**
  * <p>This configuration sets the network origin for the Amazon S3 access point or multi-region
@@ -1573,13 +1573,13 @@ export interface S3AccessPointConfiguration {
      * <p>The access point or multi-region access point policy.</p>
      * @public
      */
-    accessPointPolicy?: string;
+    accessPointPolicy?: string | undefined;
     /**
      * <p>The proposed <code>S3PublicAccessBlock</code> configuration to apply to this Amazon S3 access
      *          point or multi-region access point.</p>
      * @public
      */
-    publicAccessBlock?: S3PublicAccessBlockConfiguration;
+    publicAccessBlock?: S3PublicAccessBlockConfiguration | undefined;
     /**
      * <p>The proposed <code>Internet</code> and <code>VpcConfiguration</code> to apply to this
      *          Amazon S3 access point. <code>VpcConfiguration</code> does not apply to multi-region access
@@ -1589,7 +1589,7 @@ export interface S3AccessPointConfiguration {
      *          origin.</p>
      * @public
      */
-    networkOrigin?: NetworkOriginConfiguration;
+    networkOrigin?: NetworkOriginConfiguration | undefined;
 }
 /**
  * <p>You specify each grantee as a type-value pair using one of these types. You can specify
@@ -1685,7 +1685,7 @@ export interface S3BucketConfiguration {
      * <p>The proposed bucket policy for the Amazon S3 bucket.</p>
      * @public
      */
-    bucketPolicy?: string;
+    bucketPolicy?: string | undefined;
     /**
      * <p>The proposed list of ACL grants for the Amazon S3 bucket. You can propose up to 100 ACL
      *          grants per bucket. If the proposed grant configuration is for an existing bucket, the
@@ -1693,18 +1693,18 @@ export interface S3BucketConfiguration {
      *          grants. Otherwise, the access preview uses the existing grants for the bucket.</p>
      * @public
      */
-    bucketAclGrants?: S3BucketAclGrantConfiguration[];
+    bucketAclGrants?: S3BucketAclGrantConfiguration[] | undefined;
     /**
      * <p>The proposed block public access configuration for the Amazon S3 bucket.</p>
      * @public
      */
-    bucketPublicAccessBlock?: S3PublicAccessBlockConfiguration;
+    bucketPublicAccessBlock?: S3PublicAccessBlockConfiguration | undefined;
     /**
      * <p>The configuration of Amazon S3 access points or multi-region access points for the bucket.
      *          You can propose up to 10 new access points per bucket.</p>
      * @public
      */
-    accessPoints?: Record<string, S3AccessPointConfiguration>;
+    accessPoints?: Record<string, S3AccessPointConfiguration> | undefined;
 }
 /**
  * <p>Proposed access control configuration for an Amazon S3 directory bucket. You can propose a
@@ -1723,7 +1723,7 @@ export interface S3ExpressDirectoryBucketConfiguration {
      * <p>The proposed bucket policy for the Amazon S3 directory bucket.</p>
      * @public
      */
-    bucketPolicy?: string;
+    bucketPolicy?: string | undefined;
 }
 /**
  * <p>The configuration for a Secrets Manager secret. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html">CreateSecret</a>.</p>
@@ -1745,12 +1745,12 @@ export interface SecretsManagerSecretConfiguration {
      * <p>The proposed ARN, key ID, or alias of the KMS key.</p>
      * @public
      */
-    kmsKeyId?: string;
+    kmsKeyId?: string | undefined;
     /**
      * <p>The proposed resource policy defining who can access or manage the secret.</p>
      * @public
      */
-    secretPolicy?: string;
+    secretPolicy?: string | undefined;
 }
 /**
  * <p>The proposed access control configuration for an Amazon SNS topic. You can propose a
@@ -1770,7 +1770,7 @@ export interface SnsTopicConfiguration {
      *             Guide</i>.</p>
      * @public
      */
-    topicPolicy?: string;
+    topicPolicy?: string | undefined;
 }
 /**
  * <p>The proposed access control configuration for an Amazon SQS queue. You can propose a
@@ -1789,7 +1789,7 @@ export interface SqsQueueConfiguration {
      * <p> The proposed resource policy for the Amazon SQS queue. </p>
      * @public
      */
-    queuePolicy?: string;
+    queuePolicy?: string | undefined;
 }
 /**
  * <p>Access control configuration structures for your resource. You specify the configuration
@@ -2158,7 +2158,7 @@ export interface CreateAccessPreviewRequest {
      * <p>A client token.</p>
      * @public
      */
-    clientToken?: string;
+    clientToken?: string | undefined;
 }
 /**
  * @public
@@ -2293,7 +2293,7 @@ export interface AccessPreview {
      *          invalid resource configuration.</p>
      * @public
      */
-    statusReason?: AccessPreviewStatusReason;
+    statusReason?: AccessPreviewStatusReason | undefined;
 }
 /**
  * @public
@@ -2371,18 +2371,18 @@ export interface AnalyzedResource {
      *          generated the finding.</p>
      * @public
      */
-    actions?: string[];
+    actions?: string[] | undefined;
     /**
      * <p>Indicates how the access that generated the finding is granted. This is populated for
      *          Amazon S3 bucket findings.</p>
      * @public
      */
-    sharedVia?: string[];
+    sharedVia?: string[] | undefined;
     /**
      * <p>The current status of the finding generated from the analyzed resource.</p>
      * @public
      */
-    status?: FindingStatus;
+    status?: FindingStatus | undefined;
     /**
      * <p>The Amazon Web Services account ID that owns the resource.</p>
      * @public
@@ -2392,7 +2392,7 @@ export interface AnalyzedResource {
      * <p>An error message.</p>
      * @public
      */
-    error?: string;
+    error?: string | undefined;
 }
 /**
  * <p>The response to the request.</p>
@@ -2404,7 +2404,7 @@ export interface GetAnalyzedResourceResponse {
      *          found when it analyzed the resource.</p>
      * @public
      */
-    resource?: AnalyzedResource;
+    resource?: AnalyzedResource | undefined;
 }
 /**
  * <p>Retrieves a finding.</p>
@@ -2423,6 +2423,19 @@ export interface GetFindingRequest {
      */
     id: string | undefined;
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const ResourceControlPolicyRestriction: {
+    readonly APPLICABLE: "APPLICABLE";
+    readonly FAILED_TO_EVALUATE_RCP: "FAILED_TO_EVALUATE_RCP";
+    readonly NOT_APPLICABLE: "NOT_APPLICABLE";
+};
+/**
+ * @public
+ */
+export type ResourceControlPolicyRestriction = (typeof ResourceControlPolicyRestriction)[keyof typeof ResourceControlPolicyRestriction];
 /**
  * <p>Includes details about how the access that generated the finding is granted. This is
  *          populated for Amazon S3 bucket findings.</p>
@@ -2434,12 +2447,12 @@ export interface FindingSourceDetail {
      *          whether the ARN represents an access point or a multi-region access point.</p>
      * @public
      */
-    accessPointArn?: string;
+    accessPointArn?: string | undefined;
     /**
      * <p>The account of the cross-account access point that generated the finding.</p>
      * @public
      */
-    accessPointAccount?: string;
+    accessPointAccount?: string | undefined;
 }
 /**
  * @public
@@ -2461,7 +2474,7 @@ export interface FindingSource {
      *          populated for Amazon S3 bucket findings.</p>
      * @public
      */
-    detail?: FindingSourceDetail;
+    detail?: FindingSourceDetail | undefined;
 }
 /**
  * <p>Contains information about a finding.</p>
@@ -2477,24 +2490,24 @@ export interface Finding {
      * <p>The external principal that has access to a resource within the zone of trust.</p>
      * @public
      */
-    principal?: Record<string, string>;
+    principal?: Record<string, string> | undefined;
     /**
      * <p>The action in the analyzed policy statement that an external principal has permission to
      *          use.</p>
      * @public
      */
-    action?: string[];
+    action?: string[] | undefined;
     /**
      * <p>The resource that an external principal has access to.</p>
      * @public
      */
-    resource?: string;
+    resource?: string | undefined;
     /**
      * <p>Indicates whether the policy that generated the finding allows public access to the
      *          resource.</p>
      * @public
      */
-    isPublic?: boolean;
+    isPublic?: boolean | undefined;
     /**
      * <p>The type of the resource identified in the finding.</p>
      * @public
@@ -2534,13 +2547,19 @@ export interface Finding {
      * <p>An error.</p>
      * @public
      */
-    error?: string;
+    error?: string | undefined;
     /**
      * <p>The sources of the finding. This indicates how the access that generated the finding is
      *          granted. It is populated for Amazon S3 bucket findings.</p>
      * @public
      */
-    sources?: FindingSource[];
+    sources?: FindingSource[] | undefined;
+    /**
+     * <p>The type of restriction applied to the finding by the resource owner with an Organizations
+     *          resource control policy (RCP).</p>
+     * @public
+     */
+    resourceControlPolicyRestriction?: ResourceControlPolicyRestriction | undefined;
 }
 /**
  * <p>The response to the request.</p>
@@ -2551,7 +2570,7 @@ export interface GetFindingResponse {
      * <p>A <code>finding</code> object that contains finding details.</p>
      * @public
      */
-    finding?: Finding;
+    finding?: Finding | undefined;
 }
 /**
  * @public
@@ -2572,12 +2591,12 @@ export interface GetFindingRecommendationRequest {
      * <p>The maximum number of results to return in the response.</p>
      * @public
      */
-    maxResults?: number;
+    maxResults?: number | undefined;
     /**
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
 }
 /**
  * <p>Contains information about the reason that the retrieval of a recommendation for a
@@ -2630,7 +2649,7 @@ export interface UnusedPermissionsRecommendedStep {
      *          updated.</p>
      * @public
      */
-    policyUpdatedAt?: Date;
+    policyUpdatedAt?: Date | undefined;
     /**
      * <p>A recommendation of whether to create or detach a policy for an unused permissions
      *          finding.</p>
@@ -2643,13 +2662,13 @@ export interface UnusedPermissionsRecommendedStep {
      *             <code>existingPolicyId</code> field.</p>
      * @public
      */
-    recommendedPolicy?: string;
+    recommendedPolicy?: string | undefined;
     /**
      * <p>If the recommended action for the unused permissions finding is to detach a policy, the
      *          ID of an existing policy to be detached.</p>
      * @public
      */
-    existingPolicyId?: string;
+    existingPolicyId?: string | undefined;
 }
 /**
  * <p>Contains information about a recommended step for an unused access analyzer
@@ -2708,18 +2727,18 @@ export interface GetFindingRecommendationResponse {
      * <p>The time at which the retrieval of the finding recommendation was completed.</p>
      * @public
      */
-    completedAt?: Date;
+    completedAt?: Date | undefined;
     /**
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
     /**
      * <p>Detailed information about the reason that the retrieval of a recommendation for the
      *          finding failed.</p>
      * @public
      */
-    error?: RecommendationError;
+    error?: RecommendationError | undefined;
     /**
      * <p>The ARN of the resource of the finding.</p>
      * @public
@@ -2729,7 +2748,7 @@ export interface GetFindingRecommendationResponse {
      * <p>A group of recommended steps for the finding.</p>
      * @public
      */
-    recommendedSteps?: RecommendedStep[];
+    recommendedSteps?: RecommendedStep[] | undefined;
     /**
      * <p>The type of recommendation for the finding.</p>
      * @public
@@ -2760,12 +2779,12 @@ export interface GetFindingV2Request {
      * <p>The maximum number of results to return in the response.</p>
      * @public
      */
-    maxResults?: number;
+    maxResults?: number | undefined;
     /**
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
 }
 /**
  * <p>Contains information about an external access finding.</p>
@@ -2777,7 +2796,7 @@ export interface ExternalAccessDetails {
      *          use.</p>
      * @public
      */
-    action?: string[];
+    action?: string[] | undefined;
     /**
      * <p>The condition in the analyzed policy statement that resulted in an external access
      *          finding.</p>
@@ -2788,18 +2807,24 @@ export interface ExternalAccessDetails {
      * <p>Specifies whether the external access finding is public.</p>
      * @public
      */
-    isPublic?: boolean;
+    isPublic?: boolean | undefined;
     /**
      * <p>The external principal that has access to a resource within the zone of trust.</p>
      * @public
      */
-    principal?: Record<string, string>;
+    principal?: Record<string, string> | undefined;
     /**
      * <p>The sources of the external access finding. This indicates how the access that generated
      *          the finding is granted. It is populated for Amazon S3 bucket findings.</p>
      * @public
      */
-    sources?: FindingSource[];
+    sources?: FindingSource[] | undefined;
+    /**
+     * <p>The type of restriction applied to the finding by the resource owner with an Organizations
+     *          resource control policy (RCP).</p>
+     * @public
+     */
+    resourceControlPolicyRestriction?: ResourceControlPolicyRestriction | undefined;
 }
 /**
  * <p>Contains information about an unused access finding for an IAM role. IAM Access Analyzer
@@ -2813,7 +2838,7 @@ export interface UnusedIamRoleDetails {
      * <p>The time at which the role was last accessed.</p>
      * @public
      */
-    lastAccessed?: Date;
+    lastAccessed?: Date | undefined;
 }
 /**
  * <p>Contains information about an unused access finding for an IAM user access key.
@@ -2832,7 +2857,7 @@ export interface UnusedIamUserAccessKeyDetails {
      * <p>The time at which the access key was last accessed.</p>
      * @public
      */
-    lastAccessed?: Date;
+    lastAccessed?: Date | undefined;
 }
 /**
  * <p>Contains information about an unused access finding for an IAM user password.
@@ -2846,7 +2871,7 @@ export interface UnusedIamUserPasswordDetails {
      * <p>The time at which the password was last accessed.</p>
      * @public
      */
-    lastAccessed?: Date;
+    lastAccessed?: Date | undefined;
 }
 /**
  * <p>Contains information about an unused access finding for an action. IAM Access Analyzer charges
@@ -2865,7 +2890,7 @@ export interface UnusedAction {
      * <p>The time at which the action was last accessed.</p>
      * @public
      */
-    lastAccessed?: Date;
+    lastAccessed?: Date | undefined;
 }
 /**
  * <p>Contains information about an unused access finding for a permission. IAM Access Analyzer
@@ -2879,7 +2904,7 @@ export interface UnusedPermissionDetails {
      * <p>A list of unused actions for which the unused access finding was generated.</p>
      * @public
      */
-    actions?: UnusedAction[];
+    actions?: UnusedAction[] | undefined;
     /**
      * <p>The namespace of the Amazon Web Services service that contains the unused actions.</p>
      * @public
@@ -2889,7 +2914,7 @@ export interface UnusedPermissionDetails {
      * <p>The time at which the permission was last accessed.</p>
      * @public
      */
-    lastAccessed?: Date;
+    lastAccessed?: Date | undefined;
 }
 /**
  * <p>Contains information about an external access or unused access finding. Only one
@@ -3020,7 +3045,7 @@ export interface GetFindingV2Response {
      * <p>An error.</p>
      * @public
      */
-    error?: string;
+    error?: string | undefined;
     /**
      * <p>The ID of the finding to retrieve.</p>
      * @public
@@ -3030,12 +3055,12 @@ export interface GetFindingV2Response {
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
     /**
      * <p>The resource that generated the finding.</p>
      * @public
      */
-    resource?: string;
+    resource?: string | undefined;
     /**
      * <p>The type of the resource identified in the finding.</p>
      * @public
@@ -3069,7 +3094,7 @@ export interface GetFindingV2Response {
      *             <code>UnusedIAMUserPassword</code>, or <code>UnusedPermission</code>.</p>
      * @public
      */
-    findingType?: FindingType;
+    findingType?: FindingType | undefined;
 }
 /**
  * @public
@@ -3091,7 +3116,7 @@ export interface GetGeneratedPolicyRequest {
      *             <code>"Resource":"arn:aws:s3:::$\{BucketName\}"</code> instead of <code>"*"</code>.</p>
      * @public
      */
-    includeResourcePlaceholders?: boolean;
+    includeResourcePlaceholders?: boolean | undefined;
     /**
      * <p>The level of detail that you want to generate. You can specify whether to generate
      *          service-level policies. </p>
@@ -3099,7 +3124,7 @@ export interface GetGeneratedPolicyRequest {
      *          been used recently to create this service-level template.</p>
      * @public
      */
-    includeServiceLevelTemplate?: boolean;
+    includeServiceLevelTemplate?: boolean | undefined;
 }
 /**
  * <p>Contains the text for the generated policy.</p>
@@ -3128,14 +3153,14 @@ export interface TrailProperties {
      * <p>A list of regions to get CloudTrail data from and analyze to generate a policy.</p>
      * @public
      */
-    regions?: string[];
+    regions?: string[] | undefined;
     /**
      * <p>Possible values are <code>true</code> or <code>false</code>. If set to
      *          <code>true</code>, IAM Access Analyzer retrieves CloudTrail data from all regions to analyze and
      *          generate a policy.</p>
      * @public
      */
-    allRegions?: boolean;
+    allRegions?: boolean | undefined;
 }
 /**
  * <p>Contains information about CloudTrail access.</p>
@@ -3173,7 +3198,7 @@ export interface GeneratedPolicyProperties {
      *          and <code>false</code> otherwise.</p>
      * @public
      */
-    isComplete?: boolean;
+    isComplete?: boolean | undefined;
     /**
      * <p>The ARN of the IAM entity (user or role) for which you are generating a policy.</p>
      * @public
@@ -3183,7 +3208,7 @@ export interface GeneratedPolicyProperties {
      * <p>Lists details about the <code>Trail</code> used to generated policy.</p>
      * @public
      */
-    cloudTrailProperties?: CloudTrailProperties;
+    cloudTrailProperties?: CloudTrailProperties | undefined;
 }
 /**
  * <p>Contains the text for the generated policy and its details.</p>
@@ -3201,7 +3226,7 @@ export interface GeneratedPolicyResult {
      *             <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html">CreatePolicy</a> action.</p>
      * @public
      */
-    generatedPolicies?: GeneratedPolicy[];
+    generatedPolicies?: GeneratedPolicy[] | undefined;
 }
 /**
  * @public
@@ -3275,12 +3300,12 @@ export interface JobDetails {
      * <p>A timestamp of when the job was completed.</p>
      * @public
      */
-    completedOn?: Date;
+    completedOn?: Date | undefined;
     /**
      * <p>The job error for the policy generation request.</p>
      * @public
      */
-    jobError?: JobError;
+    jobError?: JobError | undefined;
 }
 /**
  * @public
@@ -3318,17 +3343,17 @@ export interface ListAccessPreviewFindingsRequest {
      * <p>Criteria to filter the returned findings.</p>
      * @public
      */
-    filter?: Record<string, Criterion>;
+    filter?: Record<string, Criterion> | undefined;
     /**
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
     /**
      * <p>The maximum number of results to return in the response.</p>
      * @public
      */
-    maxResults?: number;
+    maxResults?: number | undefined;
 }
 /**
  * @public
@@ -3360,40 +3385,40 @@ export interface AccessPreviewFinding {
      *          findings.</p>
      * @public
      */
-    existingFindingId?: string;
+    existingFindingId?: string | undefined;
     /**
      * <p>The existing status of the finding, provided only for existing findings.</p>
      * @public
      */
-    existingFindingStatus?: FindingStatus;
+    existingFindingStatus?: FindingStatus | undefined;
     /**
      * <p>The external principal that has access to a resource within the zone of trust.</p>
      * @public
      */
-    principal?: Record<string, string>;
+    principal?: Record<string, string> | undefined;
     /**
      * <p>The action in the analyzed policy statement that an external principal has permission to
      *          perform.</p>
      * @public
      */
-    action?: string[];
+    action?: string[] | undefined;
     /**
      * <p>The condition in the analyzed policy statement that resulted in a finding.</p>
      * @public
      */
-    condition?: Record<string, string>;
+    condition?: Record<string, string> | undefined;
     /**
      * <p>The resource that an external principal has access to. This is the resource associated
      *          with the access preview.</p>
      * @public
      */
-    resource?: string;
+    resource?: string | undefined;
     /**
      * <p>Indicates whether the policy that generated the finding allows public access to the
      *          resource.</p>
      * @public
      */
-    isPublic?: boolean;
+    isPublic?: boolean | undefined;
     /**
      * <p>The type of the resource that can be accessed in the finding.</p>
      * @public
@@ -3448,13 +3473,19 @@ export interface AccessPreviewFinding {
      * <p>An error.</p>
      * @public
      */
-    error?: string;
+    error?: string | undefined;
     /**
      * <p>The sources of the finding. This indicates how the access that generated the finding is
      *          granted. It is populated for Amazon S3 bucket findings.</p>
      * @public
      */
-    sources?: FindingSource[];
+    sources?: FindingSource[] | undefined;
+    /**
+     * <p>The type of restriction applied to the finding by the resource owner with an Organizations
+     *          resource control policy (RCP).</p>
+     * @public
+     */
+    resourceControlPolicyRestriction?: ResourceControlPolicyRestriction | undefined;
 }
 /**
  * @public
@@ -3469,7 +3500,7 @@ export interface ListAccessPreviewFindingsResponse {
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
 }
 /**
  * @public
@@ -3485,12 +3516,12 @@ export interface ListAccessPreviewsRequest {
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
     /**
      * <p>The maximum number of results to return in the response.</p>
      * @public
      */
-    maxResults?: number;
+    maxResults?: number | undefined;
 }
 /**
  * <p>Contains a summary of information about an access preview.</p>
@@ -3539,7 +3570,7 @@ export interface AccessPreviewSummary {
      *          resource configuration.</p>
      * @public
      */
-    statusReason?: AccessPreviewStatusReason;
+    statusReason?: AccessPreviewStatusReason | undefined;
 }
 /**
  * @public
@@ -3554,7 +3585,7 @@ export interface ListAccessPreviewsResponse {
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
 }
 /**
  * <p>Retrieves a list of resources that have been analyzed.</p>
@@ -3571,17 +3602,17 @@ export interface ListAnalyzedResourcesRequest {
      * <p>The type of resource.</p>
      * @public
      */
-    resourceType?: ResourceType;
+    resourceType?: ResourceType | undefined;
     /**
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
     /**
      * <p>The maximum number of results to return in the response.</p>
      * @public
      */
-    maxResults?: number;
+    maxResults?: number | undefined;
 }
 /**
  * <p>Contains the ARN of the analyzed resource.</p>
@@ -3618,7 +3649,7 @@ export interface ListAnalyzedResourcesResponse {
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
 }
 /**
  * @public
@@ -3633,12 +3664,12 @@ export interface SortCriteria {
      * <p>The name of the attribute to sort on.</p>
      * @public
      */
-    attributeName?: string;
+    attributeName?: string | undefined;
     /**
      * <p>The sort order, ascending or descending.</p>
      * @public
      */
-    orderBy?: OrderBy;
+    orderBy?: OrderBy | undefined;
 }
 /**
  * <p>Retrieves a list of findings generated by the specified analyzer.</p>
@@ -3655,22 +3686,22 @@ export interface ListFindingsRequest {
      * <p>A filter to match for the findings to return.</p>
      * @public
      */
-    filter?: Record<string, Criterion>;
+    filter?: Record<string, Criterion> | undefined;
     /**
      * <p>The sort order for the findings returned.</p>
      * @public
      */
-    sort?: SortCriteria;
+    sort?: SortCriteria | undefined;
     /**
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
     /**
      * <p>The maximum number of results to return in the response.</p>
      * @public
      */
-    maxResults?: number;
+    maxResults?: number | undefined;
 }
 /**
  * <p>Contains information about a finding.</p>
@@ -3686,24 +3717,24 @@ export interface FindingSummary {
      * <p>The external principal that has access to a resource within the zone of trust.</p>
      * @public
      */
-    principal?: Record<string, string>;
+    principal?: Record<string, string> | undefined;
     /**
      * <p>The action in the analyzed policy statement that an external principal has permission to
      *          use.</p>
      * @public
      */
-    action?: string[];
+    action?: string[] | undefined;
     /**
      * <p>The resource that the external principal has access to.</p>
      * @public
      */
-    resource?: string;
+    resource?: string | undefined;
     /**
      * <p>Indicates whether the finding reports a resource that has a policy that allows public
      *          access.</p>
      * @public
      */
-    isPublic?: boolean;
+    isPublic?: boolean | undefined;
     /**
      * <p>The type of the resource that the external principal has access to.</p>
      * @public
@@ -3744,13 +3775,19 @@ export interface FindingSummary {
      * <p>The error that resulted in an Error finding.</p>
      * @public
      */
-    error?: string;
+    error?: string | undefined;
     /**
      * <p>The sources of the finding. This indicates how the access that generated the finding is
      *          granted. It is populated for Amazon S3 bucket findings.</p>
      * @public
      */
-    sources?: FindingSource[];
+    sources?: FindingSource[] | undefined;
+    /**
+     * <p>The type of restriction applied to the finding by the resource owner with an Organizations
+     *          resource control policy (RCP).</p>
+     * @public
+     */
+    resourceControlPolicyRestriction?: ResourceControlPolicyRestriction | undefined;
 }
 /**
  * <p>The response to the request.</p>
@@ -3767,7 +3804,7 @@ export interface ListFindingsResponse {
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
 }
 /**
  * @public
@@ -3783,22 +3820,22 @@ export interface ListFindingsV2Request {
      * <p>A filter to match for the findings to return.</p>
      * @public
      */
-    filter?: Record<string, Criterion>;
+    filter?: Record<string, Criterion> | undefined;
     /**
      * <p>The maximum number of results to return in the response.</p>
      * @public
      */
-    maxResults?: number;
+    maxResults?: number | undefined;
     /**
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
     /**
      * <p>The criteria used to sort.</p>
      * @public
      */
-    sort?: SortCriteria;
+    sort?: SortCriteria | undefined;
 }
 /**
  * <p>Contains information about a finding.</p>
@@ -3820,7 +3857,7 @@ export interface FindingSummaryV2 {
      * <p>The error that resulted in an Error finding.</p>
      * @public
      */
-    error?: string;
+    error?: string | undefined;
     /**
      * <p>The ID of the finding.</p>
      * @public
@@ -3830,7 +3867,7 @@ export interface FindingSummaryV2 {
      * <p>The resource that the external principal has access to.</p>
      * @public
      */
-    resource?: string;
+    resource?: string | undefined;
     /**
      * <p>The type of the resource that the external principal has access to.</p>
      * @public
@@ -3855,7 +3892,7 @@ export interface FindingSummaryV2 {
      * <p>The type of the external access or unused access finding.</p>
      * @public
      */
-    findingType?: FindingType;
+    findingType?: FindingType | undefined;
 }
 /**
  * @public
@@ -3871,7 +3908,7 @@ export interface ListFindingsV2Response {
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
 }
 /**
  * @public
@@ -3883,17 +3920,17 @@ export interface ListPolicyGenerationsRequest {
      *          for a specific principal.</p>
      * @public
      */
-    principalArn?: string;
+    principalArn?: string | undefined;
     /**
      * <p>The maximum number of results to return in the response.</p>
      * @public
      */
-    maxResults?: number;
+    maxResults?: number | undefined;
     /**
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
 }
 /**
  * <p>Contains details about the policy generation status and properties.</p>
@@ -3927,7 +3964,7 @@ export interface PolicyGeneration {
      * <p>A timestamp of when the policy generation was completed.</p>
      * @public
      */
-    completedOn?: Date;
+    completedOn?: Date | undefined;
 }
 /**
  * @public
@@ -3943,7 +3980,7 @@ export interface ListPolicyGenerationsResponse {
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
 }
 /**
  * <p>Retrieves a list of tags applied to the specified resource.</p>
@@ -3965,7 +4002,7 @@ export interface ListTagsForResourceResponse {
      * <p>The tags that are applied to the specified resource.</p>
      * @public
      */
-    tags?: Record<string, string>;
+    tags?: Record<string, string> | undefined;
 }
 /**
  * <p>Contains details about the CloudTrail trail being analyzed to generate a policy.</p>
@@ -3982,14 +4019,14 @@ export interface Trail {
      * <p>A list of regions to get CloudTrail data from and analyze to generate a policy.</p>
      * @public
      */
-    regions?: string[];
+    regions?: string[] | undefined;
     /**
      * <p>Possible values are <code>true</code> or <code>false</code>. If set to
      *          <code>true</code>, IAM Access Analyzer retrieves CloudTrail data from all regions to analyze and
      *          generate a policy.</p>
      * @public
      */
-    allRegions?: boolean;
+    allRegions?: boolean | undefined;
 }
 /**
  * <p>Contains information about CloudTrail access.</p>
@@ -4019,7 +4056,7 @@ export interface CloudTrailDetails {
      *          included in the request, the default value is the current time.</p>
      * @public
      */
-    endTime?: Date;
+    endTime?: Date | undefined;
 }
 /**
  * <p>Contains the ARN details about the IAM entity for which the policy is
@@ -4048,7 +4085,7 @@ export interface StartPolicyGenerationRequest {
      *          that you want to analyze to generate policies.</p>
      * @public
      */
-    cloudTrailDetails?: CloudTrailDetails;
+    cloudTrailDetails?: CloudTrailDetails | undefined;
     /**
      * <p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the
      *          request. Idempotency ensures that an API request completes only once. With an idempotent
@@ -4059,7 +4096,7 @@ export interface StartPolicyGenerationRequest {
      *          SDK.</p>
      * @public
      */
-    clientToken?: string;
+    clientToken?: string | undefined;
 }
 /**
  * @public
@@ -4096,7 +4133,7 @@ export interface StartResourceScanRequest {
      *          account is the account in which the resource was created.</p>
      * @public
      */
-    resourceOwnerAccount?: string;
+    resourceOwnerAccount?: string | undefined;
 }
 /**
  * <p>Adds a tag to the specified resource.</p>
@@ -4168,17 +4205,17 @@ export interface UpdateFindingsRequest {
      * <p>The IDs of the findings to update.</p>
      * @public
      */
-    ids?: string[];
+    ids?: string[] | undefined;
     /**
      * <p>The ARN of the resource identified in the finding.</p>
      * @public
      */
-    resourceArn?: string;
+    resourceArn?: string | undefined;
     /**
      * <p>A client token.</p>
      * @public
      */
-    clientToken?: string;
+    clientToken?: string | undefined;
 }
 /**
  * @public
@@ -4206,6 +4243,7 @@ export type Locale = (typeof Locale)[keyof typeof Locale];
  */
 export declare const PolicyType: {
     readonly IDENTITY_POLICY: "IDENTITY_POLICY";
+    readonly RESOURCE_CONTROL_POLICY: "RESOURCE_CONTROL_POLICY";
     readonly RESOURCE_POLICY: "RESOURCE_POLICY";
     readonly SERVICE_CONTROL_POLICY: "SERVICE_CONTROL_POLICY";
 };
@@ -4237,17 +4275,17 @@ export interface ValidatePolicyRequest {
      * <p>The locale to use for localizing the findings.</p>
      * @public
      */
-    locale?: Locale;
+    locale?: Locale | undefined;
     /**
      * <p>The maximum number of results to return in the response.</p>
      * @public
      */
-    maxResults?: number;
+    maxResults?: number | undefined;
     /**
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
     /**
      * <p>The JSON policy document to use as the content for the policy.</p>
      * @public
@@ -4277,7 +4315,7 @@ export interface ValidatePolicyRequest {
      *          will run policy checks that apply to all resource policies.</p>
      * @public
      */
-    validatePolicyResourceType?: ValidatePolicyResourceType;
+    validatePolicyResourceType?: ValidatePolicyResourceType | undefined;
 }
 /**
  * @public
@@ -4491,7 +4529,7 @@ export interface ValidatePolicyResponse {
      * <p>A token used for pagination of results returned.</p>
      * @public
      */
-    nextToken?: string;
+    nextToken?: string | undefined;
 }
 /**
  * @internal