@aws-sdk/client-accessanalyzer 3.830.0 → 3.835.0

package/dist-types/ts3.4/endpoint/EndpointParameters.d.ts

@@ -16,7 +16,10 @@ export interface ClientInputEndpointParameters {
     | EndpointV2
     | Provider<EndpointV2>;
 }
-export type ClientResolvedEndpointParameters = ClientInputEndpointParameters & {
+export type ClientResolvedEndpointParameters = Pick<
+  ClientInputEndpointParameters,
+  Exclude<keyof ClientInputEndpointParameters, "endpoint">
+> & {
   defaultSigningName: string;
 };
 export declare const resolveClientEndpointParameters: <T>(

package/dist-types/ts3.4/models/models_0.d.ts

@@ -127,6 +127,35 @@ export interface InlineArchiveRule {
   ruleName: string | undefined;
   filter: Record<string, Criterion> | undefined;
 }
+export type ResourceType =
+  | "AWS::DynamoDB::Stream"
+  | "AWS::DynamoDB::Table"
+  | "AWS::EC2::Snapshot"
+  | "AWS::ECR::Repository"
+  | "AWS::EFS::FileSystem"
+  | "AWS::IAM::Role"
+  | "AWS::IAM::User"
+  | "AWS::KMS::Key"
+  | "AWS::Lambda::Function"
+  | "AWS::Lambda::LayerVersion"
+  | "AWS::RDS::DBClusterSnapshot"
+  | "AWS::RDS::DBSnapshot"
+  | "AWS::S3::Bucket"
+  | "AWS::S3Express::DirectoryBucket"
+  | "AWS::SNS::Topic"
+  | "AWS::SQS::Queue"
+  | "AWS::SecretsManager::Secret";
+export interface InternalAccessAnalysisRuleCriteria {
+  accountIds?: string[] | undefined;
+  resourceTypes?: ResourceType[] | undefined;
+  resourceArns?: string[] | undefined;
+}
+export interface InternalAccessAnalysisRule {
+  inclusions?: InternalAccessAnalysisRuleCriteria[] | undefined;
+}
+export interface InternalAccessConfiguration {
+  analysisRule?: InternalAccessAnalysisRule | undefined;
+}
 export interface AnalysisRuleCriteria {
   accountIds?: string[] | undefined;
   resourceTags?: Record<string, string>[] | undefined;
@@ -139,27 +168,38 @@ export interface UnusedAccessConfiguration {
   analysisRule?: AnalysisRule | undefined;
 }
 export type AnalyzerConfiguration =
+  | AnalyzerConfiguration.InternalAccessMember
   | AnalyzerConfiguration.UnusedAccessMember
   | AnalyzerConfiguration.$UnknownMember;
 export declare namespace AnalyzerConfiguration {
   interface UnusedAccessMember {
     unusedAccess: UnusedAccessConfiguration;
+    internalAccess?: never;
+    $unknown?: never;
+  }
+  interface InternalAccessMember {
+    unusedAccess?: never;
+    internalAccess: InternalAccessConfiguration;
     $unknown?: never;
   }
   interface $UnknownMember {
     unusedAccess?: never;
+    internalAccess?: never;
     $unknown: [string, any];
   }
   interface Visitor<T> {
     unusedAccess: (value: UnusedAccessConfiguration) => T;
+    internalAccess: (value: InternalAccessConfiguration) => T;
     _: (name: string, value: any) => T;
   }
   const visit: <T>(value: AnalyzerConfiguration, visitor: Visitor<T>) => T;
 }
 export type Type =
   | "ACCOUNT"
+  | "ACCOUNT_INTERNAL_ACCESS"
   | "ACCOUNT_UNUSED_ACCESS"
   | "ORGANIZATION"
+  | "ORGANIZATION_INTERNAL_ACCESS"
   | "ORGANIZATION_UNUSED_ACCESS";
 export interface CreateAnalyzerRequest {
   analyzerName: string | undefined;
@@ -879,24 +919,6 @@ export interface GetAnalyzedResourceRequest {
   analyzerArn: string | undefined;
   resourceArn: string | undefined;
 }
-export type ResourceType =
-  | "AWS::DynamoDB::Stream"
-  | "AWS::DynamoDB::Table"
-  | "AWS::EC2::Snapshot"
-  | "AWS::ECR::Repository"
-  | "AWS::EFS::FileSystem"
-  | "AWS::IAM::Role"
-  | "AWS::IAM::User"
-  | "AWS::KMS::Key"
-  | "AWS::Lambda::Function"
-  | "AWS::Lambda::LayerVersion"
-  | "AWS::RDS::DBClusterSnapshot"
-  | "AWS::RDS::DBSnapshot"
-  | "AWS::S3::Bucket"
-  | "AWS::S3Express::DirectoryBucket"
-  | "AWS::SNS::Topic"
-  | "AWS::SQS::Queue"
-  | "AWS::SecretsManager::Secret";
 export type FindingStatus = "ACTIVE" | "ARCHIVED" | "RESOLVED";
 export interface AnalyzedResource {
   resourceArn: string | undefined;
@@ -920,6 +942,7 @@ export interface GetFindingRequest {
 }
 export declare const ResourceControlPolicyRestriction: {
   readonly APPLICABLE: "APPLICABLE";
+  readonly APPLIED: "APPLIED";
   readonly FAILED_TO_EVALUATE_RCP: "FAILED_TO_EVALUATE_RCP";
   readonly NOT_APPLICABLE: "NOT_APPLICABLE";
 };
@@ -1038,6 +1061,19 @@ export interface ExternalAccessFindingsStatistics {
   totalArchivedFindings?: number | undefined;
   totalResolvedFindings?: number | undefined;
 }
+export interface InternalAccessResourceTypeDetails {
+  totalActiveFindings?: number | undefined;
+  totalResolvedFindings?: number | undefined;
+  totalArchivedFindings?: number | undefined;
+}
+export interface InternalAccessFindingsStatistics {
+  resourceTypeStatistics?:
+    | Partial<Record<ResourceType, InternalAccessResourceTypeDetails>>
+    | undefined;
+  totalActiveFindings?: number | undefined;
+  totalArchivedFindings?: number | undefined;
+  totalResolvedFindings?: number | undefined;
+}
 export interface FindingAggregationAccountDetails {
   account?: string | undefined;
   numberOfActiveFindings?: number | undefined;
@@ -1056,21 +1092,31 @@ export interface UnusedAccessFindingsStatistics {
 }
 export type FindingsStatistics =
   | FindingsStatistics.ExternalAccessFindingsStatisticsMember
+  | FindingsStatistics.InternalAccessFindingsStatisticsMember
   | FindingsStatistics.UnusedAccessFindingsStatisticsMember
   | FindingsStatistics.$UnknownMember;
 export declare namespace FindingsStatistics {
   interface ExternalAccessFindingsStatisticsMember {
     externalAccessFindingsStatistics: ExternalAccessFindingsStatistics;
+    internalAccessFindingsStatistics?: never;
+    unusedAccessFindingsStatistics?: never;
+    $unknown?: never;
+  }
+  interface InternalAccessFindingsStatisticsMember {
+    externalAccessFindingsStatistics?: never;
+    internalAccessFindingsStatistics: InternalAccessFindingsStatistics;
     unusedAccessFindingsStatistics?: never;
     $unknown?: never;
   }
   interface UnusedAccessFindingsStatisticsMember {
     externalAccessFindingsStatistics?: never;
+    internalAccessFindingsStatistics?: never;
     unusedAccessFindingsStatistics: UnusedAccessFindingsStatistics;
     $unknown?: never;
   }
   interface $UnknownMember {
     externalAccessFindingsStatistics?: never;
+    internalAccessFindingsStatistics?: never;
     unusedAccessFindingsStatistics?: never;
     $unknown: [string, any];
   }
@@ -1078,6 +1124,9 @@ export declare namespace FindingsStatistics {
     externalAccessFindingsStatistics: (
       value: ExternalAccessFindingsStatistics
     ) => T;
+    internalAccessFindingsStatistics: (
+      value: InternalAccessFindingsStatistics
+    ) => T;
     unusedAccessFindingsStatistics: (
       value: UnusedAccessFindingsStatistics
     ) => T;
@@ -1105,6 +1154,38 @@ export interface ExternalAccessDetails {
     | ResourceControlPolicyRestriction
     | undefined;
 }
+export declare const InternalAccessType: {
+  readonly INTRA_ACCOUNT: "INTRA_ACCOUNT";
+  readonly INTRA_ORG: "INTRA_ORG";
+};
+export type InternalAccessType =
+  (typeof InternalAccessType)[keyof typeof InternalAccessType];
+export declare const PrincipalType: {
+  readonly IAM_ROLE: "IAM_ROLE";
+  readonly IAM_USER: "IAM_USER";
+};
+export type PrincipalType = (typeof PrincipalType)[keyof typeof PrincipalType];
+export declare const ServiceControlPolicyRestriction: {
+  readonly APPLICABLE: "APPLICABLE";
+  readonly APPLIED: "APPLIED";
+  readonly FAILED_TO_EVALUATE_SCP: "FAILED_TO_EVALUATE_SCP";
+  readonly NOT_APPLICABLE: "NOT_APPLICABLE";
+};
+export type ServiceControlPolicyRestriction =
+  (typeof ServiceControlPolicyRestriction)[keyof typeof ServiceControlPolicyRestriction];
+export interface InternalAccessDetails {
+  action?: string[] | undefined;
+  condition?: Record<string, string> | undefined;
+  principal?: Record<string, string> | undefined;
+  principalOwnerAccount?: string | undefined;
+  accessType?: InternalAccessType | undefined;
+  principalType?: PrincipalType | undefined;
+  sources?: FindingSource[] | undefined;
+  resourceControlPolicyRestriction?:
+    | ResourceControlPolicyRestriction
+    | undefined;
+  serviceControlPolicyRestriction?: ServiceControlPolicyRestriction | undefined;
+}
 export interface UnusedIamRoleDetails {
   lastAccessed?: Date | undefined;
 }
@@ -1126,13 +1207,24 @@ export interface UnusedPermissionDetails {
 }
 export type FindingDetails =
   | FindingDetails.ExternalAccessDetailsMember
+  | FindingDetails.InternalAccessDetailsMember
   | FindingDetails.UnusedIamRoleDetailsMember
   | FindingDetails.UnusedIamUserAccessKeyDetailsMember
   | FindingDetails.UnusedIamUserPasswordDetailsMember
   | FindingDetails.UnusedPermissionDetailsMember
   | FindingDetails.$UnknownMember;
 export declare namespace FindingDetails {
+  interface InternalAccessDetailsMember {
+    internalAccessDetails: InternalAccessDetails;
+    externalAccessDetails?: never;
+    unusedPermissionDetails?: never;
+    unusedIamUserAccessKeyDetails?: never;
+    unusedIamRoleDetails?: never;
+    unusedIamUserPasswordDetails?: never;
+    $unknown?: never;
+  }
   interface ExternalAccessDetailsMember {
+    internalAccessDetails?: never;
     externalAccessDetails: ExternalAccessDetails;
     unusedPermissionDetails?: never;
     unusedIamUserAccessKeyDetails?: never;
@@ -1141,6 +1233,7 @@ export declare namespace FindingDetails {
     $unknown?: never;
   }
   interface UnusedPermissionDetailsMember {
+    internalAccessDetails?: never;
     externalAccessDetails?: never;
     unusedPermissionDetails: UnusedPermissionDetails;
     unusedIamUserAccessKeyDetails?: never;
@@ -1149,6 +1242,7 @@ export declare namespace FindingDetails {
     $unknown?: never;
   }
   interface UnusedIamUserAccessKeyDetailsMember {
+    internalAccessDetails?: never;
     externalAccessDetails?: never;
     unusedPermissionDetails?: never;
     unusedIamUserAccessKeyDetails: UnusedIamUserAccessKeyDetails;
@@ -1157,6 +1251,7 @@ export declare namespace FindingDetails {
     $unknown?: never;
   }
   interface UnusedIamRoleDetailsMember {
+    internalAccessDetails?: never;
     externalAccessDetails?: never;
     unusedPermissionDetails?: never;
     unusedIamUserAccessKeyDetails?: never;
@@ -1165,6 +1260,7 @@ export declare namespace FindingDetails {
     $unknown?: never;
   }
   interface UnusedIamUserPasswordDetailsMember {
+    internalAccessDetails?: never;
     externalAccessDetails?: never;
     unusedPermissionDetails?: never;
     unusedIamUserAccessKeyDetails?: never;
@@ -1173,6 +1269,7 @@ export declare namespace FindingDetails {
     $unknown?: never;
   }
   interface $UnknownMember {
+    internalAccessDetails?: never;
     externalAccessDetails?: never;
     unusedPermissionDetails?: never;
     unusedIamUserAccessKeyDetails?: never;
@@ -1181,6 +1278,7 @@ export declare namespace FindingDetails {
     $unknown: [string, any];
   }
   interface Visitor<T> {
+    internalAccessDetails: (value: InternalAccessDetails) => T;
     externalAccessDetails: (value: ExternalAccessDetails) => T;
     unusedPermissionDetails: (value: UnusedPermissionDetails) => T;
     unusedIamUserAccessKeyDetails: (value: UnusedIamUserAccessKeyDetails) => T;
@@ -1192,6 +1290,7 @@ export declare namespace FindingDetails {
 }
 export declare const FindingType: {
   readonly EXTERNAL_ACCESS: "ExternalAccess";
+  readonly INTERNAL_ACCESS: "InternalAccess";
   readonly UNUSED_IAM_ROLE: "UnusedIAMRole";
   readonly UNUSED_IAM_USER_ACCESS_KEY: "UnusedIAMUserAccessKey";
   readonly UNUSED_IAM_USER_PASSWORD: "UnusedIAMUserPassword";

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-accessanalyzer",
   "description": "AWS SDK for JavaScript Accessanalyzer Client for Node.js, Browser and React Native",
-  "version": "3.830.0",
+  "version": "3.835.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-accessanalyzer",
@@ -20,41 +20,41 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/core": "3.826.0",
-    "@aws-sdk/credential-provider-node": "3.830.0",
+    "@aws-sdk/core": "3.835.0",
+    "@aws-sdk/credential-provider-node": "3.835.0",
     "@aws-sdk/middleware-host-header": "3.821.0",
     "@aws-sdk/middleware-logger": "3.821.0",
     "@aws-sdk/middleware-recursion-detection": "3.821.0",
-    "@aws-sdk/middleware-user-agent": "3.828.0",
+    "@aws-sdk/middleware-user-agent": "3.835.0",
     "@aws-sdk/region-config-resolver": "3.821.0",
     "@aws-sdk/types": "3.821.0",
     "@aws-sdk/util-endpoints": "3.828.0",
     "@aws-sdk/util-user-agent-browser": "3.821.0",
-    "@aws-sdk/util-user-agent-node": "3.828.0",
+    "@aws-sdk/util-user-agent-node": "3.835.0",
     "@smithy/config-resolver": "^4.1.4",
     "@smithy/core": "^3.5.3",
     "@smithy/fetch-http-handler": "^5.0.4",
     "@smithy/hash-node": "^4.0.4",
     "@smithy/invalid-dependency": "^4.0.4",
     "@smithy/middleware-content-length": "^4.0.4",
-    "@smithy/middleware-endpoint": "^4.1.11",
-    "@smithy/middleware-retry": "^4.1.12",
+    "@smithy/middleware-endpoint": "^4.1.12",
+    "@smithy/middleware-retry": "^4.1.13",
     "@smithy/middleware-serde": "^4.0.8",
     "@smithy/middleware-stack": "^4.0.4",
     "@smithy/node-config-provider": "^4.1.3",
     "@smithy/node-http-handler": "^4.0.6",
     "@smithy/protocol-http": "^5.1.2",
-    "@smithy/smithy-client": "^4.4.3",
+    "@smithy/smithy-client": "^4.4.4",
     "@smithy/types": "^4.3.1",
     "@smithy/url-parser": "^4.0.4",
     "@smithy/util-base64": "^4.0.0",
     "@smithy/util-body-length-browser": "^4.0.0",
     "@smithy/util-body-length-node": "^4.0.0",
-    "@smithy/util-defaults-mode-browser": "^4.0.19",
-    "@smithy/util-defaults-mode-node": "^4.0.19",
+    "@smithy/util-defaults-mode-browser": "^4.0.20",
+    "@smithy/util-defaults-mode-node": "^4.0.20",
     "@smithy/util-endpoints": "^3.0.6",
     "@smithy/util-middleware": "^4.0.4",
-    "@smithy/util-retry": "^4.0.5",
+    "@smithy/util-retry": "^4.0.6",
     "@smithy/util-utf8": "^4.0.0",
     "@types/uuid": "^9.0.1",
     "tslib": "^2.6.2",