@aws-sdk/client-accessanalyzer 3.830.0 → 3.831.0

package/README.md

@@ -6,30 +6,7 @@
 
 AWS SDK for JavaScript AccessAnalyzer Client for Node.js, Browser and React Native.
 
-<p>Identity and Access Management Access Analyzer helps you to set, verify, and refine your IAM policies by providing
-a suite of capabilities. Its features include findings for external and unused access,
-basic and custom policy checks for validating policies, and policy generation to generate
-fine-grained policies. To start using IAM Access Analyzer to identify external or unused access,
-you first need to create an analyzer.</p>
-<p>
-<b>External access analyzers</b> help identify potential risks
-of accessing resources by enabling you to identify any resource policies that grant access
-to an external principal. It does this by using logic-based reasoning to analyze
-resource-based policies in your Amazon Web Services environment. An external principal can be another
-Amazon Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an
-anonymous user. You can also use IAM Access Analyzer to preview public and cross-account access
-to your resources before deploying permissions changes.</p>
-<p>
-<b>Unused access analyzers</b> help identify potential
-identity access risks by enabling you to identify unused IAM roles, unused access keys,
-unused console passwords, and IAM principals with unused service and action-level
-permissions.</p>
-<p>Beyond findings, IAM Access Analyzer provides basic and custom policy checks to validate IAM
-policies before deploying permissions changes. You can use policy generation to refine
-permissions by attaching a policy generated using access activity logged in CloudTrail logs. </p>
-<p>This guide describes the IAM Access Analyzer operations that you can call programmatically.
-For general information about IAM Access Analyzer, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html">Identity and Access Management Access Analyzer</a> in the
-<b>IAM User Guide</b>.</p>
+<p>Identity and Access Management Access Analyzer helps you to set, verify, and refine your IAM policies by providing a suite of capabilities. Its features include findings for external and unused access, basic and custom policy checks for validating policies, and policy generation to generate fine-grained policies. To start using IAM Access Analyzer to identify external or unused access, you first need to create an analyzer.</p> <p> <b>External access analyzers</b> help identify potential risks of accessing resources by enabling you to identify any resource policies that grant access to an external principal. It does this by using logic-based reasoning to analyze resource-based policies in your Amazon Web Services environment. An external principal can be another Amazon Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an anonymous user. You can also use IAM Access Analyzer to preview public and cross-account access to your resources before deploying permissions changes.</p> <p> <b>Unused access analyzers</b> help identify potential identity access risks by enabling you to identify unused IAM roles, unused access keys, unused console passwords, and IAM principals with unused service and action-level permissions.</p> <p>Beyond findings, IAM Access Analyzer provides basic and custom policy checks to validate IAM policies before deploying permissions changes. You can use policy generation to refine permissions by attaching a policy generated using access activity logged in CloudTrail logs. </p> <p>This guide describes the IAM Access Analyzer operations that you can call programmatically. For general information about IAM Access Analyzer, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html">Identity and Access Management Access Analyzer</a> in the <b>IAM User Guide</b>.</p>
 
 ## Installing
 

package/dist-cjs/index.js

@@ -64,6 +64,7 @@ __export(index_exports, {
   GetFindingV2Command: () => GetFindingV2Command,
   GetFindingsStatisticsCommand: () => GetFindingsStatisticsCommand,
   GetGeneratedPolicyCommand: () => GetGeneratedPolicyCommand,
+  InternalAccessType: () => InternalAccessType,
   InternalServerException: () => InternalServerException,
   InvalidParameterException: () => InvalidParameterException,
   JobErrorCode: () => JobErrorCode,
@@ -82,6 +83,7 @@ __export(index_exports, {
   NetworkOriginConfiguration: () => NetworkOriginConfiguration,
   PathElement: () => PathElement,
   PolicyType: () => PolicyType,
+  PrincipalType: () => PrincipalType,
   RdsDbClusterSnapshotAttributeValue: () => RdsDbClusterSnapshotAttributeValue,
   RdsDbSnapshotAttributeValue: () => RdsDbSnapshotAttributeValue,
   RecommendationType: () => RecommendationType,
@@ -89,6 +91,7 @@ __export(index_exports, {
   RecommendedStep: () => RecommendedStep,
   ResourceControlPolicyRestriction: () => ResourceControlPolicyRestriction,
   ResourceNotFoundException: () => ResourceNotFoundException,
+  ServiceControlPolicyRestriction: () => ServiceControlPolicyRestriction,
   ServiceQuotaExceededException: () => ServiceQuotaExceededException,
   StartPolicyGenerationCommand: () => StartPolicyGenerationCommand,
   StartResourceScanCommand: () => StartResourceScanCommand,
@@ -493,6 +496,7 @@ var AnalyzerConfiguration;
 ((AnalyzerConfiguration3) => {
   AnalyzerConfiguration3.visit = /* @__PURE__ */ __name((value, visitor) => {
     if (value.unusedAccess !== void 0) return visitor.unusedAccess(value.unusedAccess);
+    if (value.internalAccess !== void 0) return visitor.internalAccess(value.internalAccess);
     return visitor._(value.$unknown[0], value.$unknown[1]);
   }, "visit");
 })(AnalyzerConfiguration || (AnalyzerConfiguration = {}));
@@ -662,6 +666,7 @@ var AccessPreviewStatusReasonCode = {
 };
 var ResourceControlPolicyRestriction = {
   APPLICABLE: "APPLICABLE",
+  APPLIED: "APPLIED",
   FAILED_TO_EVALUATE_RCP: "FAILED_TO_EVALUATE_RCP",
   NOT_APPLICABLE: "NOT_APPLICABLE"
 };
@@ -690,14 +695,31 @@ var FindingsStatistics;
   FindingsStatistics2.visit = /* @__PURE__ */ __name((value, visitor) => {
     if (value.externalAccessFindingsStatistics !== void 0)
       return visitor.externalAccessFindingsStatistics(value.externalAccessFindingsStatistics);
+    if (value.internalAccessFindingsStatistics !== void 0)
+      return visitor.internalAccessFindingsStatistics(value.internalAccessFindingsStatistics);
     if (value.unusedAccessFindingsStatistics !== void 0)
       return visitor.unusedAccessFindingsStatistics(value.unusedAccessFindingsStatistics);
     return visitor._(value.$unknown[0], value.$unknown[1]);
   }, "visit");
 })(FindingsStatistics || (FindingsStatistics = {}));
+var InternalAccessType = {
+  INTRA_ACCOUNT: "INTRA_ACCOUNT",
+  INTRA_ORG: "INTRA_ORG"
+};
+var PrincipalType = {
+  IAM_ROLE: "IAM_ROLE",
+  IAM_USER: "IAM_USER"
+};
+var ServiceControlPolicyRestriction = {
+  APPLICABLE: "APPLICABLE",
+  APPLIED: "APPLIED",
+  FAILED_TO_EVALUATE_SCP: "FAILED_TO_EVALUATE_SCP",
+  NOT_APPLICABLE: "NOT_APPLICABLE"
+};
 var FindingDetails;
 ((FindingDetails3) => {
   FindingDetails3.visit = /* @__PURE__ */ __name((value, visitor) => {
+    if (value.internalAccessDetails !== void 0) return visitor.internalAccessDetails(value.internalAccessDetails);
     if (value.externalAccessDetails !== void 0) return visitor.externalAccessDetails(value.externalAccessDetails);
     if (value.unusedPermissionDetails !== void 0)
       return visitor.unusedPermissionDetails(value.unusedPermissionDetails);
@@ -711,6 +733,7 @@ var FindingDetails;
 })(FindingDetails || (FindingDetails = {}));
 var FindingType = {
   EXTERNAL_ACCESS: "ExternalAccess",
+  INTERNAL_ACCESS: "InternalAccess",
   UNUSED_IAM_ROLE: "UnusedIAMRole",
   UNUSED_IAM_USER_ACCESS_KEY: "UnusedIAMUserAccessKey",
   UNUSED_IAM_USER_PASSWORD: "UnusedIAMUserPassword",
@@ -2164,6 +2187,11 @@ var de_FindingDetails = /* @__PURE__ */ __name((output, context) => {
       externalAccessDetails: (0, import_smithy_client._json)(output.externalAccessDetails)
     };
   }
+  if (output.internalAccessDetails != null) {
+    return {
+      internalAccessDetails: (0, import_smithy_client._json)(output.internalAccessDetails)
+    };
+  }
   if (output.unusedIamRoleDetails != null) {
     return {
       unusedIamRoleDetails: de_UnusedIamRoleDetails(output.unusedIamRoleDetails, context)
@@ -3082,6 +3110,9 @@ var paginateValidatePolicy = (0, import_core.createPaginator)(AccessAnalyzerClie
   RecommendedStep,
   Status,
   FindingsStatistics,
+  InternalAccessType,
+  PrincipalType,
+  ServiceControlPolicyRestriction,
   FindingDetails,
   FindingType,
   JobErrorCode,

package/dist-es/models/models_0.js

@@ -120,6 +120,8 @@ export var AnalyzerConfiguration;
     AnalyzerConfiguration.visit = (value, visitor) => {
         if (value.unusedAccess !== undefined)
             return visitor.unusedAccess(value.unusedAccess);
+        if (value.internalAccess !== undefined)
+            return visitor.internalAccess(value.internalAccess);
         return visitor._(value.$unknown[0], value.$unknown[1]);
     };
 })(AnalyzerConfiguration || (AnalyzerConfiguration = {}));
@@ -296,6 +298,7 @@ export const AccessPreviewStatusReasonCode = {
 };
 export const ResourceControlPolicyRestriction = {
     APPLICABLE: "APPLICABLE",
+    APPLIED: "APPLIED",
     FAILED_TO_EVALUATE_RCP: "FAILED_TO_EVALUATE_RCP",
     NOT_APPLICABLE: "NOT_APPLICABLE",
 };
@@ -324,14 +327,32 @@ export var FindingsStatistics;
     FindingsStatistics.visit = (value, visitor) => {
         if (value.externalAccessFindingsStatistics !== undefined)
             return visitor.externalAccessFindingsStatistics(value.externalAccessFindingsStatistics);
+        if (value.internalAccessFindingsStatistics !== undefined)
+            return visitor.internalAccessFindingsStatistics(value.internalAccessFindingsStatistics);
         if (value.unusedAccessFindingsStatistics !== undefined)
             return visitor.unusedAccessFindingsStatistics(value.unusedAccessFindingsStatistics);
         return visitor._(value.$unknown[0], value.$unknown[1]);
     };
 })(FindingsStatistics || (FindingsStatistics = {}));
+export const InternalAccessType = {
+    INTRA_ACCOUNT: "INTRA_ACCOUNT",
+    INTRA_ORG: "INTRA_ORG",
+};
+export const PrincipalType = {
+    IAM_ROLE: "IAM_ROLE",
+    IAM_USER: "IAM_USER",
+};
+export const ServiceControlPolicyRestriction = {
+    APPLICABLE: "APPLICABLE",
+    APPLIED: "APPLIED",
+    FAILED_TO_EVALUATE_SCP: "FAILED_TO_EVALUATE_SCP",
+    NOT_APPLICABLE: "NOT_APPLICABLE",
+};
 export var FindingDetails;
 (function (FindingDetails) {
     FindingDetails.visit = (value, visitor) => {
+        if (value.internalAccessDetails !== undefined)
+            return visitor.internalAccessDetails(value.internalAccessDetails);
         if (value.externalAccessDetails !== undefined)
             return visitor.externalAccessDetails(value.externalAccessDetails);
         if (value.unusedPermissionDetails !== undefined)
@@ -347,6 +368,7 @@ export var FindingDetails;
 })(FindingDetails || (FindingDetails = {}));
 export const FindingType = {
     EXTERNAL_ACCESS: "ExternalAccess",
+    INTERNAL_ACCESS: "InternalAccess",
     UNUSED_IAM_ROLE: "UnusedIAMRole",
     UNUSED_IAM_USER_ACCESS_KEY: "UnusedIAMUserAccessKey",
     UNUSED_IAM_USER_PASSWORD: "UnusedIAMUserPassword",

package/dist-es/protocols/Aws_restJson1.js

@@ -1348,6 +1348,11 @@ const de_FindingDetails = (output, context) => {
             externalAccessDetails: _json(output.externalAccessDetails),
         };
     }
+    if (output.internalAccessDetails != null) {
+        return {
+            internalAccessDetails: _json(output.internalAccessDetails),
+        };
+    }
     if (output.unusedIamRoleDetails != null) {
         return {
             unusedIamRoleDetails: de_UnusedIamRoleDetails(output.unusedIamRoleDetails, context),

package/dist-types/AccessAnalyzer.d.ts

@@ -264,30 +264,7 @@ export interface AccessAnalyzer {
     validatePolicy(args: ValidatePolicyCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ValidatePolicyCommandOutput) => void): void;
 }
 /**
- * <p>Identity and Access Management Access Analyzer helps you to set, verify, and refine your IAM policies by providing
- *          a suite of capabilities. Its features include findings for external and unused access,
- *          basic and custom policy checks for validating policies, and policy generation to generate
- *          fine-grained policies. To start using IAM Access Analyzer to identify external or unused access,
- *          you first need to create an analyzer.</p>
- *          <p>
- *             <b>External access analyzers</b> help identify potential risks
- *          of accessing resources by enabling you to identify any resource policies that grant access
- *          to an external principal. It does this by using logic-based reasoning to analyze
- *          resource-based policies in your Amazon Web Services environment. An external principal can be another
- *          Amazon Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an
- *          anonymous user. You can also use IAM Access Analyzer to preview public and cross-account access
- *          to your resources before deploying permissions changes.</p>
- *          <p>
- *             <b>Unused access analyzers</b> help identify potential
- *          identity access risks by enabling you to identify unused IAM roles, unused access keys,
- *          unused console passwords, and IAM principals with unused service and action-level
- *          permissions.</p>
- *          <p>Beyond findings, IAM Access Analyzer provides basic and custom policy checks to validate IAM
- *          policies before deploying permissions changes. You can use policy generation to refine
- *          permissions by attaching a policy generated using access activity logged in CloudTrail logs. </p>
- *          <p>This guide describes the IAM Access Analyzer operations that you can call programmatically.
- *          For general information about IAM Access Analyzer, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html">Identity and Access Management Access Analyzer</a> in the
- *             <b>IAM User Guide</b>.</p>
+ * <p>Identity and Access Management Access Analyzer helps you to set, verify, and refine your IAM policies by providing a suite of capabilities. Its features include findings for external and unused access, basic and custom policy checks for validating policies, and policy generation to generate fine-grained policies. To start using IAM Access Analyzer to identify external or unused access, you first need to create an analyzer.</p> <p> <b>External access analyzers</b> help identify potential risks of accessing resources by enabling you to identify any resource policies that grant access to an external principal. It does this by using logic-based reasoning to analyze resource-based policies in your Amazon Web Services environment. An external principal can be another Amazon Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an anonymous user. You can also use IAM Access Analyzer to preview public and cross-account access to your resources before deploying permissions changes.</p> <p> <b>Unused access analyzers</b> help identify potential identity access risks by enabling you to identify unused IAM roles, unused access keys, unused console passwords, and IAM principals with unused service and action-level permissions.</p> <p>Beyond findings, IAM Access Analyzer provides basic and custom policy checks to validate IAM policies before deploying permissions changes. You can use policy generation to refine permissions by attaching a policy generated using access activity logged in CloudTrail logs. </p> <p>This guide describes the IAM Access Analyzer operations that you can call programmatically. For general information about IAM Access Analyzer, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html">Identity and Access Management Access Analyzer</a> in the <b>IAM User Guide</b>.</p>
  * @public
  */
 export declare class AccessAnalyzer extends AccessAnalyzerClient implements AccessAnalyzer {

package/dist-types/AccessAnalyzerClient.d.ts

@@ -206,30 +206,7 @@ export type AccessAnalyzerClientResolvedConfigType = __SmithyResolvedConfigurati
 export interface AccessAnalyzerClientResolvedConfig extends AccessAnalyzerClientResolvedConfigType {
 }
 /**
- * <p>Identity and Access Management Access Analyzer helps you to set, verify, and refine your IAM policies by providing
- *          a suite of capabilities. Its features include findings for external and unused access,
- *          basic and custom policy checks for validating policies, and policy generation to generate
- *          fine-grained policies. To start using IAM Access Analyzer to identify external or unused access,
- *          you first need to create an analyzer.</p>
- *          <p>
- *             <b>External access analyzers</b> help identify potential risks
- *          of accessing resources by enabling you to identify any resource policies that grant access
- *          to an external principal. It does this by using logic-based reasoning to analyze
- *          resource-based policies in your Amazon Web Services environment. An external principal can be another
- *          Amazon Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an
- *          anonymous user. You can also use IAM Access Analyzer to preview public and cross-account access
- *          to your resources before deploying permissions changes.</p>
- *          <p>
- *             <b>Unused access analyzers</b> help identify potential
- *          identity access risks by enabling you to identify unused IAM roles, unused access keys,
- *          unused console passwords, and IAM principals with unused service and action-level
- *          permissions.</p>
- *          <p>Beyond findings, IAM Access Analyzer provides basic and custom policy checks to validate IAM
- *          policies before deploying permissions changes. You can use policy generation to refine
- *          permissions by attaching a policy generated using access activity logged in CloudTrail logs. </p>
- *          <p>This guide describes the IAM Access Analyzer operations that you can call programmatically.
- *          For general information about IAM Access Analyzer, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html">Identity and Access Management Access Analyzer</a> in the
- *             <b>IAM User Guide</b>.</p>
+ * <p>Identity and Access Management Access Analyzer helps you to set, verify, and refine your IAM policies by providing a suite of capabilities. Its features include findings for external and unused access, basic and custom policy checks for validating policies, and policy generation to generate fine-grained policies. To start using IAM Access Analyzer to identify external or unused access, you first need to create an analyzer.</p> <p> <b>External access analyzers</b> help identify potential risks of accessing resources by enabling you to identify any resource policies that grant access to an external principal. It does this by using logic-based reasoning to analyze resource-based policies in your Amazon Web Services environment. An external principal can be another Amazon Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an anonymous user. You can also use IAM Access Analyzer to preview public and cross-account access to your resources before deploying permissions changes.</p> <p> <b>Unused access analyzers</b> help identify potential identity access risks by enabling you to identify unused IAM roles, unused access keys, unused console passwords, and IAM principals with unused service and action-level permissions.</p> <p>Beyond findings, IAM Access Analyzer provides basic and custom policy checks to validate IAM policies before deploying permissions changes. You can use policy generation to refine permissions by attaching a policy generated using access activity logged in CloudTrail logs. </p> <p>This guide describes the IAM Access Analyzer operations that you can call programmatically. For general information about IAM Access Analyzer, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html">Identity and Access Management Access Analyzer</a> in the <b>IAM User Guide</b>.</p>
  * @public
  */
 export declare class AccessAnalyzerClient extends __Client<__HttpHandlerOptions, ServiceInputTypes, ServiceOutputTypes, AccessAnalyzerClientResolvedConfig> {

package/dist-types/commands/ApplyArchiveRuleCommand.d.ts

@@ -27,8 +27,7 @@ declare const ApplyArchiveRuleCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Retroactively applies the archive rule to existing findings that meet the archive rule
- *          criteria.</p>
+ * <p>Retroactively applies the archive rule to existing findings that meet the archive rule criteria.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/CheckNoNewAccessCommand.d.ts

@@ -27,12 +27,7 @@ declare const CheckNoNewAccessCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Checks whether new access is allowed for an updated policy when compared to the existing
- *          policy.</p>
- *          <p>You can find examples for reference policies and learn how to set up and run a custom
- *          policy check for new access in the <a href="https://github.com/aws-samples/iam-access-analyzer-custom-policy-check-samples">IAM Access Analyzer custom policy checks samples</a> repository on GitHub. The reference
- *          policies in this repository are meant to be passed to the
- *             <code>existingPolicyDocument</code> request parameter.</p>
+ * <p>Checks whether new access is allowed for an updated policy when compared to the existing policy.</p> <p>You can find examples for reference policies and learn how to set up and run a custom policy check for new access in the <a href="https://github.com/aws-samples/iam-access-analyzer-custom-policy-check-samples">IAM Access Analyzer custom policy checks samples</a> repository on GitHub. The reference policies in this repository are meant to be passed to the <code>existingPolicyDocument</code> request parameter.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/CheckNoPublicAccessCommand.d.ts

@@ -27,8 +27,7 @@ declare const CheckNoPublicAccessCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Checks whether a resource policy can grant public access to the specified resource
- *          type.</p>
+ * <p>Checks whether a resource policy can grant public access to the specified resource type.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/CreateAccessPreviewCommand.d.ts

@@ -27,8 +27,7 @@ declare const CreateAccessPreviewCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Creates an access preview that allows you to preview IAM Access Analyzer findings for your
- *          resource before deploying resource permissions.</p>
+ * <p>Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/CreateAnalyzerCommand.d.ts

@@ -78,6 +78,23 @@ declare const CreateAnalyzerCommand_base: {
  *         ],
  *       },
  *     },
+ *     internalAccess: { // InternalAccessConfiguration
+ *       analysisRule: { // InternalAccessAnalysisRule
+ *         inclusions: [ // InternalAccessAnalysisRuleCriteriaList
+ *           { // InternalAccessAnalysisRuleCriteria
+ *             accountIds: [
+ *               "STRING_VALUE",
+ *             ],
+ *             resourceTypes: [ // ResourceTypeList
+ *               "STRING_VALUE",
+ *             ],
+ *             resourceArns: [ // ResourceArnsList
+ *               "STRING_VALUE",
+ *             ],
+ *           },
+ *         ],
+ *       },
+ *     },
  *   },
  * };
  * const command = new CreateAnalyzerCommand(input);

package/dist-types/commands/CreateArchiveRuleCommand.d.ts

@@ -27,9 +27,7 @@ declare const CreateArchiveRuleCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Creates an archive rule for the specified analyzer. Archive rules automatically archive
- *          new findings that meet the criteria you define when you create the rule.</p>
- *          <p>To learn about filter keys that you can use to create an archive rule, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html">IAM Access Analyzer filter keys</a> in the <b>IAM User Guide</b>.</p>
+ * <p>Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.</p> <p>To learn about filter keys that you can use to create an archive rule, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html">IAM Access Analyzer filter keys</a> in the <b>IAM User Guide</b>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/DeleteAnalyzerCommand.d.ts

@@ -27,9 +27,7 @@ declare const DeleteAnalyzerCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled
- *          for the account or organization in the current or specific Region. All findings that were
- *          generated by the analyzer are deleted. You cannot undo this action.</p>
+ * <p>Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/GetAnalyzerCommand.d.ts

@@ -72,6 +72,23 @@ declare const GetAnalyzerCommand_base: {
  * //           ],
  * //         },
  * //       },
+ * //       internalAccess: { // InternalAccessConfiguration
+ * //         analysisRule: { // InternalAccessAnalysisRule
+ * //           inclusions: [ // InternalAccessAnalysisRuleCriteriaList
+ * //             { // InternalAccessAnalysisRuleCriteria
+ * //               accountIds: [
+ * //                 "STRING_VALUE",
+ * //               ],
+ * //               resourceTypes: [ // ResourceTypeList
+ * //                 "STRING_VALUE",
+ * //               ],
+ * //               resourceArns: [ // ResourceArnsList
+ * //                 "STRING_VALUE",
+ * //               ],
+ * //             },
+ * //           ],
+ * //         },
+ * //       },
  * //     },
  * //   },
  * // };

package/dist-types/commands/GetArchiveRuleCommand.d.ts

@@ -27,8 +27,7 @@ declare const GetArchiveRuleCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Retrieves information about an archive rule.</p>
- *          <p>To learn about filter keys that you can use to create an archive rule, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html">IAM Access Analyzer filter keys</a> in the <b>IAM User Guide</b>.</p>
+ * <p>Retrieves information about an archive rule.</p> <p>To learn about filter keys that you can use to create an archive rule, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html">IAM Access Analyzer filter keys</a> in the <b>IAM User Guide</b>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/GetFindingCommand.d.ts

@@ -27,10 +27,7 @@ declare const GetFindingCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Retrieves information about the specified finding. GetFinding and GetFindingV2 both use
- *             <code>access-analyzer:GetFinding</code> in the <code>Action</code> element of an IAM
- *          policy statement. You must have permission to perform the
- *             <code>access-analyzer:GetFinding</code> action.</p>
+ * <p>Retrieves information about the specified finding. GetFinding and GetFindingV2 both use <code>access-analyzer:GetFinding</code> in the <code>Action</code> element of an IAM policy statement. You must have permission to perform the <code>access-analyzer:GetFinding</code> action.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/GetFindingV2Command.d.ts

@@ -27,10 +27,7 @@ declare const GetFindingV2Command_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Retrieves information about the specified finding. GetFinding and GetFindingV2 both use
- *             <code>access-analyzer:GetFinding</code> in the <code>Action</code> element of an IAM
- *          policy statement. You must have permission to perform the
- *             <code>access-analyzer:GetFinding</code> action.</p>
+ * <p>Retrieves information about the specified finding. GetFinding and GetFindingV2 both use <code>access-analyzer:GetFinding</code> in the <code>Action</code> element of an IAM policy statement. You must have permission to perform the <code>access-analyzer:GetFinding</code> action.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -58,17 +55,19 @@ declare const GetFindingV2Command_base: {
  * //   updatedAt: new Date("TIMESTAMP"), // required
  * //   findingDetails: [ // FindingDetailsList // required
  * //     { // FindingDetails Union: only one key present
- * //       externalAccessDetails: { // ExternalAccessDetails
+ * //       internalAccessDetails: { // InternalAccessDetails
  * //         action: [ // ActionList
  * //           "STRING_VALUE",
  * //         ],
- * //         condition: { // ConditionKeyMap // required
+ * //         condition: { // ConditionKeyMap
  * //           "<keys>": "STRING_VALUE",
  * //         },
- * //         isPublic: true || false,
  * //         principal: { // PrincipalMap
  * //           "<keys>": "STRING_VALUE",
  * //         },
+ * //         principalOwnerAccount: "STRING_VALUE",
+ * //         accessType: "STRING_VALUE",
+ * //         principalType: "STRING_VALUE",
  * //         sources: [ // FindingSourceList
  * //           { // FindingSource
  * //             type: "STRING_VALUE", // required
@@ -79,6 +78,29 @@ declare const GetFindingV2Command_base: {
  * //           },
  * //         ],
  * //         resourceControlPolicyRestriction: "STRING_VALUE",
+ * //         serviceControlPolicyRestriction: "STRING_VALUE",
+ * //       },
+ * //       externalAccessDetails: { // ExternalAccessDetails
+ * //         action: [
+ * //           "STRING_VALUE",
+ * //         ],
+ * //         condition: { // required
+ * //           "<keys>": "STRING_VALUE",
+ * //         },
+ * //         isPublic: true || false,
+ * //         principal: {
+ * //           "<keys>": "STRING_VALUE",
+ * //         },
+ * //         sources: [
+ * //           {
+ * //             type: "STRING_VALUE", // required
+ * //             detail: {
+ * //               accessPointArn: "STRING_VALUE",
+ * //               accessPointAccount: "STRING_VALUE",
+ * //             },
+ * //           },
+ * //         ],
+ * //         resourceControlPolicyRestriction: "STRING_VALUE",
  * //       },
  * //       unusedPermissionDetails: { // UnusedPermissionDetails
  * //         actions: [ // UnusedActionList

package/dist-types/commands/GetFindingsStatisticsCommand.d.ts

@@ -27,8 +27,7 @@ declare const GetFindingsStatisticsCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Retrieves a list of aggregated finding statistics for an external access or unused
- *          access analyzer.</p>
+ * <p>Retrieves a list of aggregated finding statistics for an external access or unused access analyzer.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -54,6 +53,18 @@ declare const GetFindingsStatisticsCommand_base: {
  * //         totalArchivedFindings: Number("int"),
  * //         totalResolvedFindings: Number("int"),
  * //       },
+ * //       internalAccessFindingsStatistics: { // InternalAccessFindingsStatistics
+ * //         resourceTypeStatistics: { // InternalAccessResourceTypeStatisticsMap
+ * //           "<keys>": { // InternalAccessResourceTypeDetails
+ * //             totalActiveFindings: Number("int"),
+ * //             totalResolvedFindings: Number("int"),
+ * //             totalArchivedFindings: Number("int"),
+ * //           },
+ * //         },
+ * //         totalActiveFindings: Number("int"),
+ * //         totalArchivedFindings: Number("int"),
+ * //         totalResolvedFindings: Number("int"),
+ * //       },
  * //       unusedAccessFindingsStatistics: { // UnusedAccessFindingsStatistics
  * //         unusedAccessTypeStatistics: [ // UnusedAccessTypeStatisticsList
  * //           { // UnusedAccessTypeStatistics

package/dist-types/commands/GetGeneratedPolicyCommand.d.ts

@@ -27,8 +27,7 @@ declare const GetGeneratedPolicyCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Retrieves the policy that was generated using <code>StartPolicyGeneration</code>.
- *       </p>
+ * <p>Retrieves the policy that was generated using <code>StartPolicyGeneration</code>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/ListAccessPreviewFindingsCommand.d.ts

@@ -27,8 +27,7 @@ declare const ListAccessPreviewFindingsCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Retrieves a list of access preview findings generated by the specified access
- *          preview.</p>
+ * <p>Retrieves a list of access preview findings generated by the specified access preview.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/ListAnalyzedResourcesCommand.d.ts

@@ -27,8 +27,7 @@ declare const ListAnalyzedResourcesCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Retrieves a list of resources of the specified type that have been analyzed by the
- *          specified analyzer.</p>
+ * <p>Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/ListAnalyzersCommand.d.ts

@@ -75,6 +75,23 @@ declare const ListAnalyzersCommand_base: {
  * //             ],
  * //           },
  * //         },
+ * //         internalAccess: { // InternalAccessConfiguration
+ * //           analysisRule: { // InternalAccessAnalysisRule
+ * //             inclusions: [ // InternalAccessAnalysisRuleCriteriaList
+ * //               { // InternalAccessAnalysisRuleCriteria
+ * //                 accountIds: [
+ * //                   "STRING_VALUE",
+ * //                 ],
+ * //                 resourceTypes: [ // ResourceTypeList
+ * //                   "STRING_VALUE",
+ * //                 ],
+ * //                 resourceArns: [ // ResourceArnsList
+ * //                   "STRING_VALUE",
+ * //                 ],
+ * //               },
+ * //             ],
+ * //           },
+ * //         },
  * //       },
  * //     },
  * //   ],

package/dist-types/commands/ListFindingsCommand.d.ts

@@ -27,11 +27,7 @@ declare const ListFindingsCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Retrieves a list of findings generated by the specified analyzer. ListFindings and
- *          ListFindingsV2 both use <code>access-analyzer:ListFindings</code> in the
- *             <code>Action</code> element of an IAM policy statement. You must have permission to
- *          perform the <code>access-analyzer:ListFindings</code> action.</p>
- *          <p>To learn about filter keys that you can use to retrieve a list of findings, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html">IAM Access Analyzer filter keys</a> in the <b>IAM User Guide</b>.</p>
+ * <p>Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use <code>access-analyzer:ListFindings</code> in the <code>Action</code> element of an IAM policy statement. You must have permission to perform the <code>access-analyzer:ListFindings</code> action.</p> <p>To learn about filter keys that you can use to retrieve a list of findings, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html">IAM Access Analyzer filter keys</a> in the <b>IAM User Guide</b>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/ListFindingsV2Command.d.ts

@@ -27,11 +27,7 @@ declare const ListFindingsV2Command_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Retrieves a list of findings generated by the specified analyzer. ListFindings and
- *          ListFindingsV2 both use <code>access-analyzer:ListFindings</code> in the
- *             <code>Action</code> element of an IAM policy statement. You must have permission to
- *          perform the <code>access-analyzer:ListFindings</code> action.</p>
- *          <p>To learn about filter keys that you can use to retrieve a list of findings, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html">IAM Access Analyzer filter keys</a> in the <b>IAM User Guide</b>.</p>
+ * <p>Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use <code>access-analyzer:ListFindings</code> in the <code>Action</code> element of an IAM policy statement. You must have permission to perform the <code>access-analyzer:ListFindings</code> action.</p> <p>To learn about filter keys that you can use to retrieve a list of findings, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html">IAM Access Analyzer filter keys</a> in the <b>IAM User Guide</b>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript