AWS IAM Access Analyzer helps identify potential resource-access risks by enabling you to identify any policies that grant access to an external principal. It does this by using logic-based reasoning to analyze resource-based policies in your AWS environment. An external principal can be another AWS account, a root user, an IAM user or role, a federated user, an AWS service, or an anonymous user. This guide describes the AWS IAM Access Analyzer operations that you can call programmatically. For general information about Access Analyzer, see AWS IAM Access Analyzer in the IAM User Guide.
To start using Access Analyzer, you first need to create an analyzer.
", + "service": "AWS IAM Access Analyzer helps identify potential resource-access risks by enabling you to identify any policies that grant access to an external principal. It does this by using logic-based reasoning to analyze resource-based policies in your AWS environment. An external principal can be another AWS account, a root user, an IAM user or role, a federated user, an AWS service, or an anonymous user. You can also use Access Analyzer to preview and validate public and cross-account access to your resources before deploying permissions changes. This guide describes the AWS IAM Access Analyzer operations that you can call programmatically. For general information about Access Analyzer, see AWS IAM Access Analyzer in the IAM User Guide.
To start using Access Analyzer, you first need to create an analyzer.
", "operations": { "ApplyArchiveRule": "Retroactively applies the archive rule to existing findings that meet the archive rule criteria.
", + "CreateAccessPreview": "Creates an access preview that allows you to preview Access Analyzer findings for your resource before deploying resource permissions.
", "CreateAnalyzer": "Creates an analyzer for your account.
", "CreateArchiveRule": "Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.
", "DeleteAnalyzer": "Deletes the specified analyzer. When you delete an analyzer, Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.
", "DeleteArchiveRule": "Deletes the specified archive rule.
", + "GetAccessPreview": "Retrieves information about an access preview for the specified analyzer.
", "GetAnalyzedResource": "Retrieves information about a resource that was analyzed.
", "GetAnalyzer": "Retrieves information about the specified analyzer.
", "GetArchiveRule": "Retrieves information about an archive rule.
To learn about filter keys that you can use to create an archive rule, see Access Analyzer filter keys in the IAM User Guide.
", "GetFinding": "Retrieves information about the specified finding.
", + "ListAccessPreviewFindings": "Retrieves a list of access preview findings generated by the specified access preview.
", + "ListAccessPreviews": "Retrieves a list of access previews for the specified analyzer.
", "ListAnalyzedResources": "Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer..
", "ListAnalyzers": "Retrieves a list of analyzers.
", "ListArchiveRules": "Retrieves a list of archive rules created for the specified analyzer.
", - "ListFindings": "Retrieves a list of findings generated by the specified analyzer.
To learn about filter keys that you can use to create an archive rule, see Access Analyzer filter keys in the IAM User Guide.
", + "ListFindings": "Retrieves a list of findings generated by the specified analyzer.
To learn about filter keys that you can use to retrieve a list of findings, see Access Analyzer filter keys in the IAM User Guide.
", "ListTagsForResource": "Retrieves a list of tags applied to the specified resource.
", "StartResourceScan": "Immediately starts a scan of the policies applied to the specified resource.
", "TagResource": "Adds a tag to the specified resource.
", @@ -28,9 +32,112 @@ "refs": { } }, + "AccessPointArn": { + "base": null, + "refs": { + "S3AccessPointConfigurationsMap$key": null + } + }, + "AccessPointPolicy": { + "base": null, + "refs": { + "S3AccessPointConfiguration$accessPointPolicy": "The access point policy.
" + } + }, + "AccessPreview": { + "base": "Contains information about an access preview.
", + "refs": { + "GetAccessPreviewResponse$accessPreview": "An object that contains information about the access preview.
" + } + }, + "AccessPreviewFinding": { + "base": "An access preview finding generated by the access preview.
", + "refs": { + "AccessPreviewFindingsList$member": null + } + }, + "AccessPreviewFindingId": { + "base": null, + "refs": { + "AccessPreviewFinding$id": "The ID of the access preview finding. This ID uniquely identifies the element in the list of access preview findings and is not related to the finding ID in Access Analyzer.
" + } + }, + "AccessPreviewFindingsList": { + "base": null, + "refs": { + "ListAccessPreviewFindingsResponse$findings": "A list of access preview findings that match the specified filter criteria.
" + } + }, + "AccessPreviewId": { + "base": null, + "refs": { + "AccessPreview$id": "The unique ID for the access preview.
", + "AccessPreviewSummary$id": "The unique ID for the access preview.
", + "CreateAccessPreviewResponse$id": "The unique ID for the access preview.
", + "GetAccessPreviewRequest$accessPreviewId": "The unique ID for the access preview.
", + "ListAccessPreviewFindingsRequest$accessPreviewId": "The unique ID for the access preview.
" + } + }, + "AccessPreviewStatus": { + "base": null, + "refs": { + "AccessPreview$status": "The status of the access preview.
Creating - The access preview creation is in progress.
Completed - The access preview is complete. You can preview findings for external access to the resource.
Failed - The access preview creation has failed.
The status of the access preview.
Creating - The access preview creation is in progress.
Completed - The access preview is complete and previews the findings for external access to the resource.
Failed - The access preview creation has failed.
Provides more details about the current status of the access preview. For example, if the creation of the access preview fails, a Failed status is returned. This failure can be due to an internal issue with the analysis or due to an invalid proposed resource configuration.
Provides more details about the current status of the access preview.
For example, if the creation of the access preview fails, a Failed status is returned. This failure can be due to an internal issue with the analysis or due to an invalid resource configuration.
The reason code for the current status of the access preview.
" + } + }, + "AccessPreviewSummary": { + "base": "Contains a summary of information about an access preview.
", + "refs": { + "AccessPreviewsList$member": null + } + }, + "AccessPreviewsList": { + "base": null, + "refs": { + "ListAccessPreviewsResponse$accessPreviews": "A list of access previews retrieved for the analyzer.
" + } + }, + "AclCanonicalId": { + "base": null, + "refs": { + "AclGrantee$id": "The value specified is the canonical user ID of an AWS account.
" + } + }, + "AclGrantee": { + "base": "You specify each grantee as a type-value pair using one of these types. You can specify only one type of grantee. For more information, see PutBucketAcl.
", + "refs": { + "S3BucketAclGrantConfiguration$grantee": "The grantee to whom you’re assigning access rights.
" + } + }, + "AclPermission": { + "base": null, + "refs": { + "S3BucketAclGrantConfiguration$permission": "The permissions being granted.
" + } + }, + "AclUri": { + "base": null, + "refs": { + "AclGrantee$uri": "Used for granting permissions to a predefined group.
" + } + }, "ActionList": { "base": null, "refs": { + "AccessPreviewFinding$action": "The action in the analyzed policy statement that an external principal has permission to perform.
", "AnalyzedResource$actions": "The actions that an external principal is granted permission to use by the policy that generated the finding.
", "Finding$action": "The action in the analyzed policy statement that an external principal has permission to use.
", "FindingSummary$action": "The action in the analyzed policy statement that an external principal has permission to use.
" @@ -39,7 +146,7 @@ "AnalyzedResource": { "base": "Contains details about the analyzed resource.
", "refs": { - "GetAnalyzedResourceResponse$resource": "An AnalyedResource object that contains information that Access Analyzer found when it analyzed the resource.
An AnalyzedResource object that contains information that Access Analyzer found when it analyzed the resource.
The ARN of the analyzer used to generate the access preview.
", + "AccessPreviewSummary$analyzerArn": "The ARN of the analyzer used to generate the access preview.
", "AnalyzerSummary$arn": "The ARN of the analyzer.
", "ApplyArchiveRuleRequest$analyzerArn": "The Amazon resource name (ARN) of the analyzer.
", + "CreateAccessPreviewRequest$analyzerArn": "The ARN of the account analyzer used to generate the access preview. You can only create an access preview for analyzers with an Account type and Active status.
The ARN of the analyzer that was created by the request.
", - "GetAnalyzedResourceRequest$analyzerArn": "The ARN of the analyzer to retrieve information from.
", - "GetFindingRequest$analyzerArn": "The ARN of the analyzer that generated the finding.
", - "ListAnalyzedResourcesRequest$analyzerArn": "The ARN of the analyzer to retrieve a list of analyzed resources from.
", - "ListFindingsRequest$analyzerArn": "The ARN of the analyzer to retrieve findings from.
", - "StartResourceScanRequest$analyzerArn": "The ARN of the analyzer to use to scan the policies applied to the specified resource.
", - "UpdateFindingsRequest$analyzerArn": "The ARN of the analyzer that generated the findings to update.
" + "GetAccessPreviewRequest$analyzerArn": "The ARN of the analyzer used to generate the access preview.
", + "GetAnalyzedResourceRequest$analyzerArn": "The ARN of the analyzer to retrieve information from.
", + "GetFindingRequest$analyzerArn": "The ARN of the analyzer that generated the finding.
", + "ListAccessPreviewFindingsRequest$analyzerArn": "The ARN of the analyzer used to generate the access.
", + "ListAccessPreviewsRequest$analyzerArn": "The ARN of the analyzer used to generate the access preview.
", + "ListAnalyzedResourcesRequest$analyzerArn": "The ARN of the analyzer to retrieve a list of analyzed resources from.
", + "ListFindingsRequest$analyzerArn": "The ARN of the analyzer to retrieve findings from.
", + "StartResourceScanRequest$analyzerArn": "The ARN of the analyzer to use to scan the policies applied to the specified resource.
", + "UpdateFindingsRequest$analyzerArn": "The ARN of the analyzer that generated the findings to update.
" } }, "AnalyzerStatus": { @@ -108,24 +221,57 @@ "Boolean": { "base": null, "refs": { + "AccessPreviewFinding$isPublic": "Indicates whether the policy that generated the finding allows public access to the resource.
", "AnalyzedResource$isPublic": "Indicates whether the policy that generated the finding grants public access to the resource.
", "Criterion$exists": "An \"exists\" operator to match for the filter used to create the rule.
", "Finding$isPublic": "Indicates whether the policy that generated the finding allows public access to the resource.
", - "FindingSummary$isPublic": "Indicates whether the finding reports a resource that has a policy that allows public access.
" + "FindingSummary$isPublic": "Indicates whether the finding reports a resource that has a policy that allows public access.
", + "S3PublicAccessBlockConfiguration$ignorePublicAcls": "Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket.
", + "S3PublicAccessBlockConfiguration$restrictPublicBuckets": "Specifies whether Amazon S3 should restrict public bucket policies for this bucket.
" } }, "ConditionKeyMap": { "base": null, "refs": { + "AccessPreviewFinding$condition": "The condition in the analyzed policy statement that resulted in a finding.
", "Finding$condition": "The condition in the analyzed policy statement that resulted in a finding.
", "FindingSummary$condition": "The condition in the analyzed policy statement that resulted in a finding.
" } }, + "Configuration": { + "base": "Access control configuration structures for your resource. You specify the configuration as a type-value pair. You can specify only one type of access control configuration.
", + "refs": { + "ConfigurationsMap$value": null + } + }, + "ConfigurationsMap": { + "base": null, + "refs": { + "AccessPreview$configurations": "A map of resource ARNs for the proposed resource configuration.
", + "CreateAccessPreviewRequest$configurations": "Access control configuration for your resource that is used to generate the access preview. The access preview includes findings for external access allowed to the resource with the proposed access control configuration. The configuration must contain exactly one element.
" + } + }, + "ConfigurationsMapKey": { + "base": null, + "refs": { + "ConfigurationsMap$key": null + } + }, "ConflictException": { "base": "A conflict exception error.
", "refs": { } }, + "CreateAccessPreviewRequest": { + "base": null, + "refs": { + } + }, + "CreateAccessPreviewResponse": { + "base": null, + "refs": { + } + }, "CreateAnalyzerRequest": { "base": "Creates an analyzer.
", "refs": { @@ -163,6 +309,7 @@ "ArchiveRuleSummary$filter": "A filter used to define the archive rule.
", "CreateArchiveRuleRequest$filter": "The criteria for the rule.
", "InlineArchiveRule$filter": "The condition and values for a criterion.
", + "ListAccessPreviewFindingsRequest$filter": "Criteria to filter the returned findings.
", "ListFindingsRequest$filter": "A filter to match for the findings to return.
", "UpdateArchiveRuleRequest$filter": "A filter to match for the rules to update. Only rules that match the filter are updated.
" } @@ -173,9 +320,16 @@ "GetFindingResponse$finding": "A finding object that contains finding details.
Provides context on how the access preview finding compares to existing access identified in Access Analyzer.
New - The finding is for newly-introduced access.
Unchanged - The preview finding is an existing finding that would remain unchanged.
Changed - The preview finding is an existing finding with a change in status.
For example, a Changed finding with preview status Resolved and existing status Active indicates the existing Active finding would become Resolved as a result of the proposed permissions change.
The existing ID of the finding in Access Analyzer, provided only for existing findings.
", "Finding$id": "The ID of the finding.
", "FindingIdList$member": null, "FindingSummary$id": "The ID of the finding.
", @@ -203,6 +357,7 @@ "FindingSourceList": { "base": null, "refs": { + "AccessPreviewFinding$sources": "The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
", "Finding$sources": "The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
", "FindingSummary$sources": "The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
" } @@ -216,6 +371,8 @@ "FindingStatus": { "base": null, "refs": { + "AccessPreviewFinding$existingFindingStatus": "The existing status of the finding, provided only for existing findings.
", + "AccessPreviewFinding$status": "The preview status of the finding. This is what the status of the finding would be after permissions deployment. For example, a Changed finding with preview status Resolved and existing status Active indicates the existing Active finding would become Resolved as a result of the proposed permissions change.
The current status of the finding generated from the analyzed resource.
", "Finding$status": "The current status of the finding.
", "FindingSummary$status": "The status of the finding.
" @@ -239,6 +396,16 @@ "ListFindingsResponse$findings": "A list of findings retrieved from the analyzer that match the filter criteria specified, if any.
" } }, + "GetAccessPreviewRequest": { + "base": null, + "refs": { + } + }, + "GetAccessPreviewResponse": { + "base": null, + "refs": { + } + }, "GetAnalyzedResourceRequest": { "base": "Retrieves an analyzed resource.
", "refs": { @@ -279,6 +446,24 @@ "refs": { } }, + "GranteePrincipal": { + "base": null, + "refs": { + "KmsGrantConfiguration$granteePrincipal": "The principal that is given permission to perform the operations that the grant permits.
" + } + }, + "IamRoleConfiguration": { + "base": "The proposed access control configuration for an IAM role. You can propose a configuration for a new IAM role or an existing IAM role that you own by specifying the trust policy. If the configuration is for a new IAM role, you must specify the trust policy. If the configuration is for an existing IAM role that you own and you do not propose the trust policy, the access preview uses the existing trust policy for the role. The proposed trust policy cannot be an empty string. For more information about role trust policy limits, see IAM and STS quotas.
", + "refs": { + "Configuration$iamRole": "The access control configuration is for an IAM role.
" + } + }, + "IamTrustPolicy": { + "base": null, + "refs": { + "IamRoleConfiguration$trustPolicy": "The proposed trust policy for the IAM role.
" + } + }, "InlineArchiveRule": { "base": "An criterion statement in an archive rule. Each archive rule may have multiple criteria.
", "refs": { @@ -295,6 +480,8 @@ "base": null, "refs": { "InternalServerException$retryAfterSeconds": "The seconds to wait to retry.
", + "ListAccessPreviewFindingsRequest$maxResults": "The maximum number of results to return in the response.
", + "ListAccessPreviewsRequest$maxResults": "The maximum number of results to return in the response.
", "ListAnalyzedResourcesRequest$maxResults": "The maximum number of results to return in the response.
", "ListAnalyzersRequest$maxResults": "The maximum number of results to return in the response.
", "ListArchiveRulesRequest$maxResults": "The maximum number of results to return in the request.
", @@ -307,6 +494,105 @@ "refs": { } }, + "InternetConfiguration": { + "base": "This configuration sets the Amazon S3 access point network origin to Internet.
The configuration for the Amazon S3 access point with an Internet origin.
The AWS account under which the grant was issued. The account is used to propose KMS grants issued by accounts other than the owner of the key.
" + } + }, + "KmsConstraintsKey": { + "base": null, + "refs": { + "KmsConstraintsMap$key": null + } + }, + "KmsConstraintsMap": { + "base": null, + "refs": { + "KmsGrantConstraints$encryptionContextEquals": "A list of key-value pairs that must match the encryption context in the cryptographic operation request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.
", + "KmsGrantConstraints$encryptionContextSubset": "A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.
" + } + }, + "KmsConstraintsValue": { + "base": null, + "refs": { + "KmsConstraintsMap$value": null + } + }, + "KmsGrantConfiguration": { + "base": "A proposed grant configuration for a KMS key. For more information, see CreateGrant.
", + "refs": { + "KmsGrantConfigurationsList$member": null + } + }, + "KmsGrantConfigurationsList": { + "base": null, + "refs": { + "KmsKeyConfiguration$grants": "A list of proposed grant configurations for the KMS key. If the proposed grant configuration is for an existing key, the access preview uses the proposed list of grant configurations in place of the existing grants. Otherwise, the access preview uses the existing grants for the key.
" + } + }, + "KmsGrantConstraints": { + "base": "Use this structure to propose allowing cryptographic operations in the grant only when the operation request includes the specified encryption context. You can specify only one type of encryption context. An empty map is treated as not specified. For more information, see GrantConstraints.
", + "refs": { + "KmsGrantConfiguration$constraints": "Use this structure to propose allowing cryptographic operations in the grant only when the operation request includes the specified encryption context.
" + } + }, + "KmsGrantOperation": { + "base": null, + "refs": { + "KmsGrantOperationsList$member": null + } + }, + "KmsGrantOperationsList": { + "base": null, + "refs": { + "KmsGrantConfiguration$operations": "A list of operations that the grant permits.
" + } + }, + "KmsKeyConfiguration": { + "base": "Proposed access control configuration for a KMS key. You can propose a configuration for a new KMS key or an existing KMS key that you own by specifying the key policy and KMS grant configuration. If the configuration is for an existing key and you do not specify the key policy, the access preview uses the existing policy for the key. If the access preview is for a new resource and you do not specify the key policy, then the access preview uses the default key policy. The proposed key policy cannot be an empty string. For more information, see Default key policy. For more information about key policy limits, see Resource quotas.
", + "refs": { + "Configuration$kmsKey": "The access control configuration is for a KMS key.
" + } + }, + "KmsKeyPoliciesMap": { + "base": null, + "refs": { + "KmsKeyConfiguration$keyPolicies": "Resource policy configuration for the KMS key. The only valid value for the name of the key policy is default. For more information, see Default key policy.
Retrieves a list of resources that have been analyzed.
", "refs": { @@ -378,15 +664,28 @@ "UpdateArchiveRuleRequest$ruleName": "The name of the rule to update.
" } }, + "NetworkOriginConfiguration": { + "base": "The proposed InternetConfiguration or VpcConfiguration to apply to the Amazon S3 Access point. You can make the access point accessible from the internet, or you can specify that all requests made through that access point must originate from a specific virtual private cloud (VPC). You can specify only one type of network configuration. For more information, see Creating access points.
The proposed Internet and VpcConfiguration to apply to this Amazon S3 access point. If the access preview is for a new resource and neither is specified, the access preview uses Internet for the network origin. If the access preview is for an existing resource and neither is specified, the access preview uses the exiting network origin.
The sort order, ascending or descending.
" } }, + "PolicyName": { + "base": null, + "refs": { + "KmsKeyPoliciesMap$key": null + } + }, "PrincipalMap": { "base": null, "refs": { + "AccessPreviewFinding$principal": "The external principal that has access to a resource within the zone of trust.
", "Finding$principal": "The external principal that access to a resource within the zone of trust.
", "FindingSummary$principal": "The external principal that has access to a resource within the zone of trust.
" } @@ -415,13 +714,81 @@ "ResourceType": { "base": null, "refs": { + "AccessPreviewFinding$resourceType": "The type of the resource that can be accessed in the finding.
", "AnalyzedResource$resourceType": "The type of the resource that was analyzed.
", "AnalyzedResourceSummary$resourceType": "The type of resource that was analyzed.
", - "Finding$resourceType": "The type of the resource reported in the finding.
", + "Finding$resourceType": "The type of the resource identified in the finding.
", "FindingSummary$resourceType": "The type of the resource that the external principal has access to.
", "ListAnalyzedResourcesRequest$resourceType": "The type of resource.
" } }, + "RetiringPrincipal": { + "base": null, + "refs": { + "KmsGrantConfiguration$retiringPrincipal": "The principal that is given permission to retire the grant by using RetireGrant operation.
" + } + }, + "S3AccessPointConfiguration": { + "base": "The configuration for an Amazon S3 access point for the bucket. You can propose up to 10 access points per bucket. If the proposed Amazon S3 access point configuration is for an existing bucket, the access preview uses the proposed access point configuration in place of the existing access points. To propose an access point without a policy, you can provide an empty string as the access point policy. For more information, see Creating access points. For more information about access point policy limits, see Access points restrictions and limitations.
", + "refs": { + "S3AccessPointConfigurationsMap$value": null + } + }, + "S3AccessPointConfigurationsMap": { + "base": null, + "refs": { + "S3BucketConfiguration$accessPoints": "The configuration of Amazon S3 access points for the bucket.
" + } + }, + "S3BucketAclGrantConfiguration": { + "base": "A proposed access control list grant configuration for an Amazon S3 bucket. For more information, see How to Specify an ACL.
", + "refs": { + "S3BucketAclGrantConfigurationsList$member": null + } + }, + "S3BucketAclGrantConfigurationsList": { + "base": null, + "refs": { + "S3BucketConfiguration$bucketAclGrants": "The proposed list of ACL grants for the Amazon S3 bucket. You can propose up to 100 ACL grants per bucket. If the proposed grant configuration is for an existing bucket, the access preview uses the proposed list of grant configurations in place of the existing grants. Otherwise, the access preview uses the existing grants for the bucket.
" + } + }, + "S3BucketConfiguration": { + "base": "Proposed access control configuration for an Amazon S3 bucket. You can propose a configuration for a new Amazon S3 bucket or an existing Amazon S3 bucket that you own by specifying the Amazon S3 bucket policy, bucket ACLs, bucket BPA settings, and Amazon S3 access points attached to the bucket. If the configuration is for an existing Amazon S3 bucket and you do not specify the Amazon S3 bucket policy, the access preview uses the existing policy attached to the bucket. If the access preview is for a new resource and you do not specify the Amazon S3 bucket policy, the access preview assumes a bucket without a policy. To propose deletion of an existing bucket policy, you can specify an empty string. For more information about bucket policy limits, see Bucket Policy Examples.
", + "refs": { + "Configuration$s3Bucket": "The access control configuration is for an Amazon S3 Bucket.
" + } + }, + "S3BucketPolicy": { + "base": null, + "refs": { + "S3BucketConfiguration$bucketPolicy": "The proposed bucket policy for the Amazon S3 bucket.
" + } + }, + "S3PublicAccessBlockConfiguration": { + "base": "The PublicAccessBlock configuration to apply to this Amazon S3 bucket. If the proposed configuration is for an existing Amazon S3 bucket and the configuration is not specified, the access preview uses the existing setting. If the proposed configuration is for a new bucket and the configuration is not specified, the access preview uses false. If the proposed configuration is for a new access point and the access point BPA configuration is not specified, the access preview uses true. For more information, see PublicAccessBlockConfiguration.
The proposed S3PublicAccessBlock configuration to apply to this Amazon S3 Access Point.
The proposed block public access configuration for the Amazon S3 bucket.
" + } + }, + "SecretsManagerSecretConfiguration": { + "base": "The configuration for a Secrets Manager secret. For more information, see CreateSecret.
You can propose a configuration for a new secret or an existing secret that you own by specifying the secret policy and optional KMS encryption key. If the configuration is for an existing secret and you do not specify the secret policy, the access preview uses the existing policy for the secret. If the access preview is for a new resource and you do not specify the policy, the access preview assumes a secret without a policy. To propose deletion of an existing policy, you can specify an empty string. If the proposed configuration is for a new secret and you do not specify the KMS key ID, the access preview uses the default CMK of the AWS account. If you specify an empty string for the KMS key ID, the access preview uses the default CMK of the AWS account. For more information about secret policy limits, see Quotas for AWS Secrets Manager..
", + "refs": { + "Configuration$secretsManagerSecret": "The access control configuration is for a Secrets Manager secret.
" + } + }, + "SecretsManagerSecretKmsId": { + "base": null, + "refs": { + "SecretsManagerSecretConfiguration$kmsKeyId": "The proposed ARN, key ID, or alias of the AWS KMS customer master key (CMK).
" + } + }, + "SecretsManagerSecretPolicy": { + "base": null, + "refs": { + "SecretsManagerSecretConfiguration$secretPolicy": "The proposed resource policy defining who can access or manage the secret.
" + } + }, "ServiceQuotaExceededException": { "base": "Service quote met error.
", "refs": { @@ -439,21 +806,36 @@ "ListFindingsRequest$sort": "The sort order for the findings returned.
" } }, + "SqsQueueConfiguration": { + "base": "The proposed access control configuration for an SQS queue. You can propose a configuration for a new SQS queue or an existing SQS queue that you own by specifying the SQS policy. If the configuration is for an existing SQS queue and you do not specify the SQS policy, the access preview uses the existing SQS policy for the queue. If the access preview is for a new resource and you do not specify the policy, the access preview assumes an SQS queue without a policy. To propose deletion of an existing SQS queue policy, you can specify an empty string for the SQS policy. For more information about SQS policy limits, see Quotas related to policies.
", + "refs": { + "Configuration$sqsQueue": "The access control configuration is for an SQS queue.
" + } + }, + "SqsQueuePolicy": { + "base": null, + "refs": { + "SqsQueueConfiguration$queuePolicy": "The proposed resource policy for the SQS queue.
" + } + }, "StartResourceScanRequest": { "base": "Starts a scan of the policies applied to the specified resource.
", "refs": { } }, "StatusReason": { - "base": "Provides more details about the current status of the analyzer. For example, if the creation for the analyzer fails, a Failed status is displayed. For an analyzer with organization as the type, this failure can be due to an issue with creating the service-linked roles required in the member accounts of the AWS organization.
Provides more details about the current status of the analyzer. For example, if the creation for the analyzer fails, a Failed status is returned. For an analyzer with organization as the type, this failure can be due to an issue with creating the service-linked roles required in the member accounts of the AWS organization.
The statusReason provides more details about the current status of the analyzer. For example, if the creation for the analyzer fails, a Failed status is displayed. For an analyzer with organization as the type, this failure can be due to an issue with creating the service-linked roles required in the member accounts of the AWS organization.
The statusReason provides more details about the current status of the analyzer. For example, if the creation for the analyzer fails, a Failed status is returned. For an analyzer with organization as the type, this failure can be due to an issue with creating the service-linked roles required in the member accounts of the AWS organization.
An error.
", + "AccessPreviewFinding$resource": "The resource that an external principal has access to. This is the resource associated with the access preview.
", + "AccessPreviewFinding$resourceOwnerAccount": "The AWS account ID that owns the resource. For most AWS resources, the owning account is the account in which the resource was created.
", "ActionList$member": null, "AnalyzedResource$error": "An error message.
", "AnalyzedResource$resourceOwnerAccount": "The AWS account ID that owns the resource.
", @@ -465,6 +847,7 @@ "ConflictException$message": null, "ConflictException$resourceId": "The ID of the resource.
", "ConflictException$resourceType": "The resource type.
", + "CreateAccessPreviewRequest$clientToken": "A client token.
", "CreateAnalyzerRequest$clientToken": "A client token.
", "CreateArchiveRuleRequest$clientToken": "A client token.
", "DeleteAnalyzerRequest$clientToken": "A client token.
", @@ -536,6 +919,9 @@ "Timestamp": { "base": null, "refs": { + "AccessPreview$createdAt": "The time at which the access preview was created.
", + "AccessPreviewFinding$createdAt": "The time at which the access preview finding was created.
", + "AccessPreviewSummary$createdAt": "The time at which the access preview was created.
", "AnalyzedResource$analyzedAt": "The time at which the resource was analyzed.
", "AnalyzedResource$createdAt": "The time at which the finding was created.
", "AnalyzedResource$updatedAt": "The time at which the finding was updated.
", @@ -554,6 +940,10 @@ "Token": { "base": null, "refs": { + "ListAccessPreviewFindingsRequest$nextToken": "A token used for pagination of results returned.
", + "ListAccessPreviewFindingsResponse$nextToken": "A token used for pagination of results returned.
", + "ListAccessPreviewsRequest$nextToken": "A token used for pagination of results returned.
", + "ListAccessPreviewsResponse$nextToken": "A token used for pagination of results returned.
", "ListAnalyzedResourcesRequest$nextToken": "A token used for pagination of results returned.
", "ListAnalyzedResourcesResponse$nextToken": "A token used for pagination of results returned.
", "ListAnalyzersRequest$nextToken": "A token used for pagination of results returned.
", @@ -622,6 +1012,18 @@ "Criterion$eq": "An \"equals\" operator to match for the filter used to create the rule.
", "Criterion$neq": "A \"not equals\" operator to match for the filter used to create the rule.
" } + }, + "VpcConfiguration": { + "base": "The proposed virtual private cloud (VPC) configuration for the Amazon S3 access point. For more information, see VpcConfiguration.
", + "refs": { + "NetworkOriginConfiguration$vpcConfiguration": null + } + }, + "VpcId": { + "base": null, + "refs": { + "VpcConfiguration$vpcId": "If this field is specified, this access point will only allow connections from the specified VPC ID.
" + } } } } diff --git a/models/apis/accessanalyzer/2019-11-01/paginators-1.json b/models/apis/accessanalyzer/2019-11-01/paginators-1.json index 64553f7bdf1..02c0458a08a 100644 --- a/models/apis/accessanalyzer/2019-11-01/paginators-1.json +++ b/models/apis/accessanalyzer/2019-11-01/paginators-1.json @@ -1,5 +1,17 @@ { "pagination": { + "ListAccessPreviewFindings": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "findings" + }, + "ListAccessPreviews": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "accessPreviews" + }, "ListAnalyzedResources": { "input_token": "nextToken", "output_token": "nextToken", diff --git a/models/apis/backup/2018-11-15/api-2.json b/models/apis/backup/2018-11-15/api-2.json index eb91d4e1469..53585316c94 100644 --- a/models/apis/backup/2018-11-15/api-2.json +++ b/models/apis/backup/2018-11-15/api-2.json @@ -148,6 +148,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, + {"shape":"InvalidResourceStateException"}, {"shape":"ServiceUnavailableException"}, {"shape":"InvalidRequestException"} ], @@ -211,6 +212,7 @@ "input":{"shape":"DescribeGlobalSettingsInput"}, "output":{"shape":"DescribeGlobalSettingsOutput"}, "errors":[ + {"shape":"InvalidRequestException"}, {"shape":"ServiceUnavailableException"} ] }, @@ -275,6 +277,22 @@ ], "idempotent":true }, + "DisassociateRecoveryPoint":{ + "name":"DisassociateRecoveryPoint", + "http":{ + "method":"POST", + "requestUri":"/backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn}/disassociate" + }, + "input":{"shape":"DisassociateRecoveryPointInput"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"MissingParameterValueException"}, + {"shape":"InvalidResourceStateException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"InvalidRequestException"} + ] + }, "ExportBackupPlanTemplate":{ "name":"ExportBackupPlanTemplate", "http":{ @@ -657,7 +675,8 @@ {"shape":"InvalidParameterValueException"}, {"shape":"MissingParameterValueException"}, {"shape":"ServiceUnavailableException"}, - {"shape":"LimitExceededException"} + {"shape":"LimitExceededException"}, + {"shape":"InvalidRequestException"} ], "idempotent":true }, @@ -940,7 +959,8 @@ "Lifecycle":{"shape":"Lifecycle"}, "RecoveryPointTags":{"shape":"Tags"}, "RuleId":{"shape":"string"}, - "CopyActions":{"shape":"CopyActions"} + "CopyActions":{"shape":"CopyActions"}, + "EnableContinuousBackup":{"shape":"Boolean"} } }, "BackupRuleInput":{ @@ -957,7 +977,8 @@ "CompletionWindowMinutes":{"shape":"WindowMinutes"}, "Lifecycle":{"shape":"Lifecycle"}, "RecoveryPointTags":{"shape":"Tags"}, - "CopyActions":{"shape":"CopyActions"} + "CopyActions":{"shape":"CopyActions"}, + "EnableContinuousBackup":{"shape":"Boolean"} } }, "BackupRuleName":{ @@ -1475,6 +1496,25 @@ "ResourceType":{"shape":"ResourceType"} } }, + "DisassociateRecoveryPointInput":{ + "type":"structure", + "required":[ + "BackupVaultName", + "RecoveryPointArn" + ], + "members":{ + "BackupVaultName":{ + "shape":"BackupVaultName", + "location":"uri", + "locationName":"backupVaultName" + }, + "RecoveryPointArn":{ + "shape":"ARN", + "location":"uri", + "locationName":"recoveryPointArn" + } + } + }, "ExportBackupPlanTemplateInput":{ "type":"structure", "required":["BackupPlanId"], @@ -1682,6 +1722,16 @@ }, "exception":true }, + "InvalidResourceStateException":{ + "type":"structure", + "members":{ + "Code":{"shape":"string"}, + "Message":{"shape":"string"}, + "Type":{"shape":"string"}, + "Context":{"shape":"string"} + }, + "exception":true + }, "IsEnabled":{"type":"boolean"}, "Lifecycle":{ "type":"structure", diff --git a/models/apis/backup/2018-11-15/docs-2.json b/models/apis/backup/2018-11-15/docs-2.json index c27dd0b1b85..56c7dc3d6a9 100644 --- a/models/apis/backup/2018-11-15/docs-2.json +++ b/models/apis/backup/2018-11-15/docs-2.json @@ -10,7 +10,7 @@ "DeleteBackupVault": "Deletes the backup vault identified by its name. A vault can be deleted only if it is empty.
", "DeleteBackupVaultAccessPolicy": "Deletes the policy document that manages permissions on a backup vault.
", "DeleteBackupVaultNotifications": "Deletes event notifications for the specified backup vault.
", - "DeleteRecoveryPoint": "Deletes the recovery point specified by a recovery point ID.
", + "DeleteRecoveryPoint": "Deletes the recovery point specified by a recovery point ID.
If the recovery point ID belongs to a continuous backup, calling this endpoint deletes the existing continuous backup and stops future continuous backup.
", "DescribeBackupJob": "Returns backup job details for the specified BackupJobId.
Returns metadata about a backup vault specified by its name.
", "DescribeCopyJob": "Returns metadata associated with creating a copy of a resource.
", @@ -19,8 +19,9 @@ "DescribeRecoveryPoint": "Returns metadata associated with a recovery point, including ID, status, encryption, and lifecycle.
", "DescribeRegionSettings": "Returns the current service opt-in settings for the Region. If service-opt-in is enabled for a service, AWS Backup tries to protect that service's resources in this Region, when the resource is included in an on-demand backup or scheduled backup plan. Otherwise, AWS Backup does not try to protect that service's resources in this Region, AWS Backup does not try to protect that service's resources in this Region.
", "DescribeRestoreJob": "Returns metadata associated with a restore job that is specified by a job ID.
", + "DisassociateRecoveryPoint": "Deletes the specified continuous backup recovery point from AWS Backup and releases control of that continuous backup to the source service, such as Amazon RDS. The source service will continue to create and retain continuous backups using the lifecycle that you specified in your original backup plan.
Does not support snapshot backup recovery points.
", "ExportBackupPlanTemplate": "Returns the backup plan that is specified by the plan ID as a backup template.
", - "GetBackupPlan": "Returns BackupPlan details for the specified BackupPlanId. Returns the body of a backup plan in JSON format, in addition to plan metadata.
Returns BackupPlan details for the specified BackupPlanId. The details are the body of a backup plan in JSON format, in addition to plan metadata.
Returns a valid JSON document specifying a backup plan or an error.
", "GetBackupPlanFromTemplate": "Returns the template specified by its templateId as a backup plan.
Returns selection metadata and a document in JSON format that specifies a list of resources that are associated with a backup plan.
", @@ -28,7 +29,7 @@ "GetBackupVaultNotifications": "Returns event notifications for the specified backup vault.
", "GetRecoveryPointRestoreMetadata": "Returns a set of metadata key-value pairs that were used to create the backup.
", "GetSupportedResourceTypes": "Returns the AWS resource types supported by AWS Backup.
", - "ListBackupJobs": "Returns a list of existing backup jobs for an authenticated account.
", + "ListBackupJobs": "Returns a list of existing backup jobs for an authenticated account for the last 30 days. For a longer period of time, consider using these monitoring tools.
", "ListBackupPlanTemplates": "Returns metadata of your saved backup plan templates, including the template ID, name, and the creation and deletion dates.
", "ListBackupPlanVersions": "Returns version metadata of your backup plans, including Amazon Resource Names (ARNs), backup plan IDs, creation and deletion dates, plan names, and version IDs.
", "ListBackupPlans": "Returns a list of existing backup plans for an authenticated account. The list is populated only if the advanced option is set for the backup plan. The list contains information such as Amazon Resource Names (ARNs), plan IDs, creation and deletion dates, version IDs, plan names, and creator request IDs.
", @@ -43,14 +44,14 @@ "PutBackupVaultAccessPolicy": "Sets a resource-based policy that is used to manage access permissions on the target backup vault. Requires a backup vault name and an access policy document in JSON format.
", "PutBackupVaultNotifications": "Turns on notifications on a backup vault for the specified topic and events.
", "StartBackupJob": "Starts an on-demand backup job for the specified resource.
", - "StartCopyJob": "Starts a job to create a one-time copy of the specified resource.
", - "StartRestoreJob": "Recovers the saved resource identified by an Amazon Resource Name (ARN).
", + "StartCopyJob": "Starts a job to create a one-time copy of the specified resource.
Does not support continuous backups.
", + "StartRestoreJob": "Recovers the saved resource identified by an Amazon Resource Name (ARN).
", "StopBackupJob": "Attempts to cancel a job to create a one-time backup of a resource.
", "TagResource": "Assigns a set of key-value pairs to a recovery point, backup plan, or backup vault identified by an Amazon Resource Name (ARN).
", "UntagResource": "Removes a set of key-value pairs from a recovery point, backup plan, or backup vault identified by an Amazon Resource Name (ARN)
", "UpdateBackupPlan": "Updates an existing backup plan identified by its backupPlanId with the input document in JSON format. The new version is uniquely identified by a VersionId.
Updates the current global settings for the AWS account. Use the DescribeGlobalSettings API to determine the current settings.
Sets the transition lifecycle of a recovery point.
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. AWS Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “expire after days” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only Amazon EFS file system backups can be transitioned to cold storage.
", + "UpdateRecoveryPointLifecycle": "Sets the transition lifecycle of a recovery point.
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. AWS Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “expire after days” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only Amazon EFS file system backups can be transitioned to cold storage.
Does not support continuous backups.
", "UpdateRegionSettings": "Updates the current service opt-in settings for the Region. If service-opt-in is enabled for a service, AWS Backup tries to protect that service's resources in this Region, when the resource is included in an on-demand backup or scheduled backup plan. Otherwise, AWS Backup does not try to protect that service's resources in this Region. Use the DescribeRegionSettings API to determine the resource types that are supported.
The server-side encryption key used to protect your backups; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab.
An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
An Amazon Resource Name (ARN) that uniquely identifies a resource whose recovery point is being restored. The format of the ARN depends on the resource type of the backed-up resource.
", + "DisassociateRecoveryPointInput$RecoveryPointArn": "An Amazon Resource Name (ARN) that uniquely identifies an AWS Backup recovery point. Required.
", "GetBackupPlanOutput$BackupPlanArn": "An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50.
An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the AWS Region where they are created. They consist of lowercase letters, numbers, and hyphens.
", "DescribeRecoveryPointInput$BackupVaultName": "The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the AWS Region where they are created. They consist of lowercase letters, numbers, and hyphens.
", "DescribeRecoveryPointOutput$BackupVaultName": "The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.
", + "DisassociateRecoveryPointInput$BackupVaultName": "The unique name of an AWS Backup vault. Required.
", "GetBackupVaultAccessPolicyInput$BackupVaultName": "The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the AWS Region where they are created. They consist of lowercase letters, numbers, and hyphens.
", "GetBackupVaultAccessPolicyOutput$BackupVaultName": "The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.
", "GetBackupVaultNotificationsInput$BackupVaultName": "The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the AWS Region where they are created. They consist of lowercase letters, numbers, and hyphens.
", @@ -373,6 +376,8 @@ "Boolean": { "base": null, "refs": { + "BackupRule$EnableContinuousBackup": "Specifies whether AWS Backup creates continuous backups. True causes AWS Backup to create continuous backups capable of point-in-time restore (PITR). False (or not specified) causes AWS Backup to create snapshot backups.
", + "BackupRuleInput$EnableContinuousBackup": "Specifies whether AWS Backup creates continuous backups. True causes AWS Backup to create continuous backups capable of point-in-time restore (PITR). False (or not specified) causes AWS Backup to create snapshot backups.
", "ListBackupPlansInput$IncludeDeleted": "A Boolean value with a default value of FALSE that returns deleted backup plans when set to TRUE.
AWS Backup is already performing an action on this recovery point. It can't perform the action you requested until the first action finishes. Try again later.
", + "refs": { + } + }, "IsEnabled": { "base": null, "refs": { @@ -1027,7 +1042,7 @@ "refs": { "AdvancedBackupSetting$ResourceType": "Specifies an object containing resource type and backup options. The only supported resource type is Amazon EC2 instances with Windows VSS. For an CloudFormation example, see the sample CloudFormation template to enable Windows VSS in the AWS Backup User Guide.
Valid values: EC2.
The type of AWS resource to be backed up; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database. For VSS Windows backups, the only supported resource type is Amazon EC2.
", - "CopyJob$ResourceType": "The type of AWS resource to be copied; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
", + "CopyJob$ResourceType": "The type of AWS resource to be copied; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
", "DescribeBackupJobOutput$ResourceType": "The type of AWS resource to be backed up; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
", "DescribeProtectedResourceOutput$ResourceType": "The type of AWS resource saved as a recovery point; for example, an EBS volume or an Amazon RDS database.
", "DescribeRecoveryPointOutput$ResourceType": "The type of AWS resource to save as a recovery point; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
", @@ -1161,7 +1176,7 @@ "CreateBackupVaultInput$BackupVaultTags": "Metadata that you can assign to help organize the resources that you create. Each tag is a key-value pair.
", "ListTagsOutput$Tags": "To help organize your resources, you can assign your own metadata to the resources you create. Each tag is a key-value pair.
", "StartBackupJobInput$RecoveryPointTags": "To help organize your resources, you can assign your own metadata to the resources that you create. Each tag is a key-value pair.
", - "TagResourceInput$Tags": "Key-value pairs that are used to help organize your resources. You can assign your own metadata to the resources you create.
" + "TagResourceInput$Tags": "Key-value pairs that are used to help organize your resources. You can assign your own metadata to the resources you create.
" } }, "UntagResourceInput": { @@ -1301,6 +1316,10 @@ "InvalidRequestException$Message": null, "InvalidRequestException$Type": "", "InvalidRequestException$Context": "", + "InvalidResourceStateException$Code": null, + "InvalidResourceStateException$Message": null, + "InvalidResourceStateException$Type": "", + "InvalidResourceStateException$Context": "", "LimitExceededException$Code": null, "LimitExceededException$Message": null, "LimitExceededException$Type": "", diff --git a/models/apis/s3/2006-03-01/api-2.json b/models/apis/s3/2006-03-01/api-2.json index 4592af96b9c..e432d78086c 100644 --- a/models/apis/s3/2006-03-01/api-2.json +++ b/models/apis/s3/2006-03-01/api-2.json @@ -1263,6 +1263,7 @@ "AllowedOrigins" ], "members":{ + "ID":{"shape":"ID"}, "AllowedHeaders":{ "shape":"AllowedHeaders", "locationName":"AllowedHeader" diff --git a/models/apis/s3/2006-03-01/docs-2.json b/models/apis/s3/2006-03-01/docs-2.json index ce03e3f4bf8..ca1d508c8f6 100644 --- a/models/apis/s3/2006-03-01/docs-2.json +++ b/models/apis/s3/2006-03-01/docs-2.json @@ -1772,6 +1772,7 @@ "ID": { "base": null, "refs": { + "CORSRule$ID": "Unique identifier for the rule. The value cannot be longer than 255 characters.
", "Grantee$ID": "The canonical user ID of the grantee.
", "Initiator$ID": "If the principal is an AWS account, it provides the Canonical User ID. If the principal is an IAM User, it provides a user ARN value.
", "LifecycleRule$ID": "Unique identifier for the rule. The value cannot be longer than 255 characters.
", diff --git a/models/apis/s3/2006-03-01/examples-1.json b/models/apis/s3/2006-03-01/examples-1.json index 176209dfaee..1ae1025faa6 100644 --- a/models/apis/s3/2006-03-01/examples-1.json +++ b/models/apis/s3/2006-03-01/examples-1.json @@ -257,8 +257,10 @@ "DeleteObject": [ { "input": { - "Bucket": "ExampleBucket", - "Key": "HappyFace.jpg" + "Bucket": "examplebucket", + "Key": "objectkey.jpg" + }, + "output": { }, "comments": { "input": { @@ -266,16 +268,14 @@ "output": { } }, - "description": "The following example deletes an object from a non-versioned bucket.", - "id": "to-delete-an-object-from-a-non-versioned-bucket-1481588533089", - "title": "To delete an object (from a non-versioned bucket)" + "description": "The following example deletes an object from an S3 bucket.", + "id": "to-delete-an-object-1472850136595", + "title": "To delete an object" }, { "input": { - "Bucket": "examplebucket", - "Key": "objectkey.jpg" - }, - "output": { + "Bucket": "ExampleBucket", + "Key": "HappyFace.jpg" }, "comments": { "input": { @@ -283,9 +283,9 @@ "output": { } }, - "description": "The following example deletes an object from an S3 bucket.", - "id": "to-delete-an-object-1472850136595", - "title": "To delete an object" + "description": "The following example deletes an object from a non-versioned bucket.", + "id": "to-delete-an-object-from-a-non-versioned-bucket-1481588533089", + "title": "To delete an object (from a non-versioned bucket)" } ], "DeleteObjectTagging": [ @@ -334,12 +334,10 @@ "Delete": { "Objects": [ { - "Key": "HappyFace.jpg", - "VersionId": "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b" + "Key": "objectkey1" }, { - "Key": "HappyFace.jpg", - "VersionId": "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd" + "Key": "objectkey2" } ], "Quiet": false @@ -348,12 +346,14 @@ "output": { "Deleted": [ { - "Key": "HappyFace.jpg", - "VersionId": "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd" + "DeleteMarker": "true", + "DeleteMarkerVersionId": "A._w1z6EFiCF5uhtQMDal9JDkID9tQ7F", + "Key": "objectkey1" }, { - "Key": "HappyFace.jpg", - "VersionId": "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b" + "DeleteMarker": "true", + "DeleteMarkerVersionId": "iOd_ORxhkKe_e8G8_oSGxt2PjsCZKlkt", + "Key": "objectkey2" } ] }, @@ -363,9 +363,9 @@ "output": { } }, - "description": "The following example deletes objects from a bucket. The request specifies object versions. S3 deletes specific object versions and returns the key and versions of deleted objects in the response.", - "id": "to-delete-multiple-object-versions-from-a-versioned-bucket-1483147087737", - "title": "To delete multiple object versions from a versioned bucket" + "description": "The following example deletes objects from a bucket. The bucket is versioned, and the request does not specify the object version to delete. In this case, all versions remain in the bucket and S3 adds a delete marker.", + "id": "to-delete-multiple-objects-from-a-versioned-bucket-1483146248805", + "title": "To delete multiple objects from a versioned bucket" }, { "input": { @@ -373,10 +373,12 @@ "Delete": { "Objects": [ { - "Key": "objectkey1" + "Key": "HappyFace.jpg", + "VersionId": "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b" }, { - "Key": "objectkey2" + "Key": "HappyFace.jpg", + "VersionId": "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd" } ], "Quiet": false @@ -385,14 +387,12 @@ "output": { "Deleted": [ { - "DeleteMarker": "true", - "DeleteMarkerVersionId": "A._w1z6EFiCF5uhtQMDal9JDkID9tQ7F", - "Key": "objectkey1" + "Key": "HappyFace.jpg", + "VersionId": "yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd" }, { - "DeleteMarker": "true", - "DeleteMarkerVersionId": "iOd_ORxhkKe_e8G8_oSGxt2PjsCZKlkt", - "Key": "objectkey2" + "Key": "HappyFace.jpg", + "VersionId": "2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b" } ] }, @@ -402,9 +402,9 @@ "output": { } }, - "description": "The following example deletes objects from a bucket. The bucket is versioned, and the request does not specify the object version to delete. In this case, all versions remain in the bucket and S3 adds a delete marker.", - "id": "to-delete-multiple-objects-from-a-versioned-bucket-1483146248805", - "title": "To delete multiple objects from a versioned bucket" + "description": "The following example deletes objects from a bucket. The request specifies object versions. S3 deletes specific object versions and returns the key and versions of deleted objects in the response.", + "id": "to-delete-multiple-object-versions-from-a-versioned-bucket-1483147087737", + "title": "To delete multiple object versions from a versioned bucket" } ], "GetBucketCors": [ @@ -728,17 +728,18 @@ { "input": { "Bucket": "examplebucket", - "Key": "HappyFace.jpg" + "Key": "SampleFile.txt", + "Range": "bytes=0-9" }, "output": { "AcceptRanges": "bytes", - "ContentLength": "3191", - "ContentType": "image/jpeg", - "ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"", - "LastModified": "Thu, 15 Dec 2016 01:19:41 GMT", + "ContentLength": "10", + "ContentRange": "bytes 0-9/43", + "ContentType": "text/plain", + "ETag": "\"0d94420ffd0bc68cd3d152506b97a9cc\"", + "LastModified": "Thu, 09 Oct 2014 22:57:28 GMT", "Metadata": { }, - "TagCount": 2, "VersionId": "null" }, "comments": { @@ -747,25 +748,24 @@ "output": { } }, - "description": "The following example retrieves an object for an S3 bucket.", - "id": "to-retrieve-an-object-1481827837012", - "title": "To retrieve an object" + "description": "The following example retrieves an object for an S3 bucket. The request specifies the range header to retrieve a specific byte range.", + "id": "to-retrieve-a-byte-range-of-an-object--1481832674603", + "title": "To retrieve a byte range of an object " }, { "input": { "Bucket": "examplebucket", - "Key": "SampleFile.txt", - "Range": "bytes=0-9" + "Key": "HappyFace.jpg" }, "output": { "AcceptRanges": "bytes", - "ContentLength": "10", - "ContentRange": "bytes 0-9/43", - "ContentType": "text/plain", - "ETag": "\"0d94420ffd0bc68cd3d152506b97a9cc\"", - "LastModified": "Thu, 09 Oct 2014 22:57:28 GMT", + "ContentLength": "3191", + "ContentType": "image/jpeg", + "ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"", + "LastModified": "Thu, 15 Dec 2016 01:19:41 GMT", "Metadata": { }, + "TagCount": 2, "VersionId": "null" }, "comments": { @@ -774,9 +774,9 @@ "output": { } }, - "description": "The following example retrieves an object for an S3 bucket. The request specifies the range header to retrieve a specific byte range.", - "id": "to-retrieve-a-byte-range-of-an-object--1481832674603", - "title": "To retrieve a byte range of an object " + "description": "The following example retrieves an object for an S3 bucket.", + "id": "to-retrieve-an-object-1481827837012", + "title": "To retrieve an object" } ], "GetObjectAcl": [ @@ -989,37 +989,47 @@ "ListMultipartUploads": [ { "input": { - "Bucket": "examplebucket" + "Bucket": "examplebucket", + "KeyMarker": "nextkeyfrompreviousresponse", + "MaxUploads": "2", + "UploadIdMarker": "valuefrompreviousresponse" }, "output": { + "Bucket": "acl1", + "IsTruncated": true, + "KeyMarker": "", + "MaxUploads": "2", + "NextKeyMarker": "someobjectkey", + "NextUploadIdMarker": "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--", + "UploadIdMarker": "", "Uploads": [ { "Initiated": "2014-05-01T05:40:58.000Z", "Initiator": { - "DisplayName": "display-name", + "DisplayName": "ownder-display-name", "ID": "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc" }, "Key": "JavaFile", "Owner": { - "DisplayName": "display-name", - "ID": "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc" + "DisplayName": "mohanataws", + "ID": "852b113e7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc" }, "StorageClass": "STANDARD", - "UploadId": "examplelUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--" + "UploadId": "gZ30jIqlUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--" }, { "Initiated": "2014-05-01T05:41:27.000Z", "Initiator": { - "DisplayName": "display-name", + "DisplayName": "ownder-display-name", "ID": "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc" }, "Key": "JavaFile", "Owner": { - "DisplayName": "display-name", + "DisplayName": "ownder-display-name", "ID": "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc" }, "StorageClass": "STANDARD", - "UploadId": "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--" + "UploadId": "b7tZSqIlo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--" } ] }, @@ -1029,53 +1039,43 @@ "output": { } }, - "description": "The following example lists in-progress multipart uploads on a specific bucket.", - "id": "to-list-in-progress-multipart-uploads-on-a-bucket-1481852775260", - "title": "To list in-progress multipart uploads on a bucket" + "description": "The following example specifies the upload-id-marker and key-marker from previous truncated response to retrieve next setup of multipart uploads.", + "id": "list-next-set-of-multipart-uploads-when-previous-result-is-truncated-1482428106748", + "title": "List next set of multipart uploads when previous result is truncated" }, { "input": { - "Bucket": "examplebucket", - "KeyMarker": "nextkeyfrompreviousresponse", - "MaxUploads": "2", - "UploadIdMarker": "valuefrompreviousresponse" + "Bucket": "examplebucket" }, "output": { - "Bucket": "acl1", - "IsTruncated": true, - "KeyMarker": "", - "MaxUploads": "2", - "NextKeyMarker": "someobjectkey", - "NextUploadIdMarker": "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--", - "UploadIdMarker": "", "Uploads": [ { "Initiated": "2014-05-01T05:40:58.000Z", "Initiator": { - "DisplayName": "ownder-display-name", + "DisplayName": "display-name", "ID": "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc" }, "Key": "JavaFile", "Owner": { - "DisplayName": "mohanataws", - "ID": "852b113e7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc" + "DisplayName": "display-name", + "ID": "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc" }, "StorageClass": "STANDARD", - "UploadId": "gZ30jIqlUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--" + "UploadId": "examplelUa.CInXklLQtSMJITdUnoZ1Y5GACB5UckOtspm5zbDMCkPF_qkfZzMiFZ6dksmcnqxJyIBvQMG9X9Q--" }, { "Initiated": "2014-05-01T05:41:27.000Z", "Initiator": { - "DisplayName": "ownder-display-name", + "DisplayName": "display-name", "ID": "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc" }, "Key": "JavaFile", "Owner": { - "DisplayName": "ownder-display-name", + "DisplayName": "display-name", "ID": "examplee7a2f25102679df27bb0ae12b3f85be6f290b936c4393484be31bebcc" }, "StorageClass": "STANDARD", - "UploadId": "b7tZSqIlo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--" + "UploadId": "examplelo91lv1iwvWpvCiJWugw2xXLPAD7Z8cJyX9.WiIRgNrdG6Ldsn.9FtS63TCl1Uf5faTB.1U5Ckcbmdw--" } ] }, @@ -1085,9 +1085,9 @@ "output": { } }, - "description": "The following example specifies the upload-id-marker and key-marker from previous truncated response to retrieve next setup of multipart uploads.", - "id": "list-next-set-of-multipart-uploads-when-previous-result-is-truncated-1482428106748", - "title": "List next set of multipart uploads when previous result is truncated" + "description": "The following example lists in-progress multipart uploads on a specific bucket.", + "id": "to-list-in-progress-multipart-uploads-on-a-bucket-1481852775260", + "title": "To list in-progress multipart uploads on a bucket" } ], "ListObjectVersions": [ @@ -1567,13 +1567,14 @@ "PutObject": [ { "input": { - "Body": "HappyFace.jpg", + "Body": "c:\\HappyFace.jpg", "Bucket": "examplebucket", - "Key": "HappyFace.jpg" + "Key": "HappyFace.jpg", + "Tagging": "key1=value1&key2=value2" }, "output": { "ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"", - "VersionId": "tpf3zF08nBplQK1XLOefGskR7mGDwcDk" + "VersionId": "psM2sYY4.o1501dSx8wMvnkOzSBB.V4a" }, "comments": { "input": { @@ -1581,22 +1582,20 @@ "output": { } }, - "description": "The following example uploads an object to a versioning-enabled bucket. The source file is specified using Windows file syntax. S3 returns VersionId of the newly created object.", - "id": "to-upload-an-object-1481760101010", - "title": "To upload an object" + "description": "The following example uploads an object. The request specifies optional object tags. The bucket is versioned, therefore S3 returns version ID of the newly created object.", + "id": "to-upload-an-object-and-specify-optional-tags-1481762310955", + "title": "To upload an object and specify optional tags" }, { "input": { + "ACL": "authenticated-read", "Body": "filetoupload", "Bucket": "examplebucket", - "Key": "exampleobject", - "ServerSideEncryption": "AES256", - "Tagging": "key1=value1&key2=value2" + "Key": "exampleobject" }, "output": { "ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"", - "ServerSideEncryption": "AES256", - "VersionId": "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt" + "VersionId": "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr" }, "comments": { "input": { @@ -1604,22 +1603,19 @@ "output": { } }, - "description": "The following example uploads and object. The request specifies the optional server-side encryption option. The request also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.", - "id": "to-upload-an-object-and-specify-server-side-encryption-and-object-tags-1483398331831", - "title": "To upload an object and specify server-side encryption and object tags" + "description": "The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.", + "id": "to-upload-an-object-and-specify-canned-acl-1483397779571", + "title": "To upload an object and specify canned ACL." }, { "input": { - "Body": "HappyFace.jpg", + "Body": "filetoupload", "Bucket": "examplebucket", - "Key": "HappyFace.jpg", - "ServerSideEncryption": "AES256", - "StorageClass": "STANDARD_IA" + "Key": "objectkey" }, "output": { "ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"", - "ServerSideEncryption": "AES256", - "VersionId": "CG612hodqujkf8FaaNfp8U..FIhLROcp" + "VersionId": "Bvq0EDKxOcXLJXNo_Lkz37eM3R4pfzyQ" }, "comments": { "input": { @@ -1627,19 +1623,22 @@ "output": { } }, - "description": "The following example uploads an object. The request specifies optional request headers to directs S3 to use specific storage class and use server-side encryption.", - "id": "to-upload-an-object-(specify-optional-headers)", - "title": "To upload an object (specify optional headers)" + "description": "The following example creates an object. If the bucket is versioning enabled, S3 returns version ID in response.", + "id": "to-create-an-object-1483147613675", + "title": "To create an object." }, { "input": { "Body": "filetoupload", "Bucket": "examplebucket", - "Key": "objectkey" + "Key": "exampleobject", + "ServerSideEncryption": "AES256", + "Tagging": "key1=value1&key2=value2" }, "output": { "ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"", - "VersionId": "Bvq0EDKxOcXLJXNo_Lkz37eM3R4pfzyQ" + "ServerSideEncryption": "AES256", + "VersionId": "Ri.vC6qVlA4dEnjgRV4ZHsHoFIjqEMNt" }, "comments": { "input": { @@ -1647,20 +1646,23 @@ "output": { } }, - "description": "The following example creates an object. If the bucket is versioning enabled, S3 returns version ID in response.", - "id": "to-create-an-object-1483147613675", - "title": "To create an object." + "description": "The following example uploads and object. The request specifies the optional server-side encryption option. The request also specifies optional object tags. If the bucket is versioning enabled, S3 returns version ID in response.", + "id": "to-upload-an-object-and-specify-server-side-encryption-and-object-tags-1483398331831", + "title": "To upload an object and specify server-side encryption and object tags" }, { "input": { - "ACL": "authenticated-read", "Body": "filetoupload", "Bucket": "examplebucket", - "Key": "exampleobject" + "Key": "exampleobject", + "Metadata": { + "metadata1": "value1", + "metadata2": "value2" + } }, "output": { "ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"", - "VersionId": "Kirh.unyZwjQ69YxcQLA8z4F5j3kJJKr" + "VersionId": "pSKidl4pHBiNwukdbcPXAIs.sshFFOc0" }, "comments": { "input": { @@ -1668,20 +1670,19 @@ "output": { } }, - "description": "The following example uploads and object. The request specifies optional canned ACL (access control list) to all READ access to authenticated users. If the bucket is versioning enabled, S3 returns version ID in response.", - "id": "to-upload-an-object-and-specify-canned-acl-1483397779571", - "title": "To upload an object and specify canned ACL." + "description": "The following example creates an object. The request also specifies optional metadata. If the bucket is versioning enabled, S3 returns version ID in response.", + "id": "to-upload-object-and-specify-user-defined-metadata-1483396974757", + "title": "To upload object and specify user-defined metadata" }, { "input": { - "Body": "c:\\HappyFace.jpg", + "Body": "HappyFace.jpg", "Bucket": "examplebucket", - "Key": "HappyFace.jpg", - "Tagging": "key1=value1&key2=value2" + "Key": "HappyFace.jpg" }, "output": { "ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"", - "VersionId": "psM2sYY4.o1501dSx8wMvnkOzSBB.V4a" + "VersionId": "tpf3zF08nBplQK1XLOefGskR7mGDwcDk" }, "comments": { "input": { @@ -1689,23 +1690,22 @@ "output": { } }, - "description": "The following example uploads an object. The request specifies optional object tags. The bucket is versioned, therefore S3 returns version ID of the newly created object.", - "id": "to-upload-an-object-and-specify-optional-tags-1481762310955", - "title": "To upload an object and specify optional tags" + "description": "The following example uploads an object to a versioning-enabled bucket. The source file is specified using Windows file syntax. S3 returns VersionId of the newly created object.", + "id": "to-upload-an-object-1481760101010", + "title": "To upload an object" }, { "input": { - "Body": "filetoupload", + "Body": "HappyFace.jpg", "Bucket": "examplebucket", - "Key": "exampleobject", - "Metadata": { - "metadata1": "value1", - "metadata2": "value2" - } + "Key": "HappyFace.jpg", + "ServerSideEncryption": "AES256", + "StorageClass": "STANDARD_IA" }, "output": { "ETag": "\"6805f2cfc46c0f04559748bb039d69ae\"", - "VersionId": "pSKidl4pHBiNwukdbcPXAIs.sshFFOc0" + "ServerSideEncryption": "AES256", + "VersionId": "CG612hodqujkf8FaaNfp8U..FIhLROcp" }, "comments": { "input": { @@ -1713,9 +1713,9 @@ "output": { } }, - "description": "The following example creates an object. The request also specifies optional metadata. If the bucket is versioning enabled, S3 returns version ID in response.", - "id": "to-upload-object-and-specify-user-defined-metadata-1483396974757", - "title": "To upload object and specify user-defined metadata" + "description": "The following example uploads an object. The request specifies optional request headers to directs S3 to use specific storage class and use server-side encryption.", + "id": "to-upload-an-object-(specify-optional-headers)", + "title": "To upload an object (specify optional headers)" } ], "PutObjectAcl": [ diff --git a/models/apis/ssm/2014-11-06/api-2.json b/models/apis/ssm/2014-11-06/api-2.json index 8f2bcbdc326..6de1a147047 100644 --- a/models/apis/ssm/2014-11-06/api-2.json +++ b/models/apis/ssm/2014-11-06/api-2.json @@ -3334,7 +3334,8 @@ "required":["ResourceId"], "members":{ "ResourceId":{"shape":"OpsMetadataResourceId"}, - "Metadata":{"shape":"MetadataMap"} + "Metadata":{"shape":"MetadataMap"}, + "Tags":{"shape":"TagList"} } }, "CreateOpsMetadataResult":{ @@ -8884,7 +8885,8 @@ "MaintenanceWindow", "Parameter", "PatchBaseline", - "OpsItem" + "OpsItem", + "OpsMetadata" ] }, "ResponseCode":{"type":"integer"}, diff --git a/models/apis/ssm/2014-11-06/docs-2.json b/models/apis/ssm/2014-11-06/docs-2.json index 092f0f2766b..e318fb91181 100644 --- a/models/apis/ssm/2014-11-06/docs-2.json +++ b/models/apis/ssm/2014-11-06/docs-2.json @@ -1077,8 +1077,8 @@ "base": null, "refs": { "CommandPlugin$Name": "The name of the plugin. Must be one of the following: aws:updateAgent, aws:domainjoin, aws:applications, aws:runPowerShellScript, aws:psmodule, aws:cloudWatch, aws:runShellScript, or aws:updateSSMAgent.
", - "GetCommandInvocationRequest$PluginName": "(Optional) The name of the plugin for which you want detailed results. If the document contains only one plugin, the name can be omitted and the details will be returned.
Plugin names are also referred to as step names in Systems Manager documents.
", - "GetCommandInvocationResult$PluginName": "The name of the plugin for which you want detailed results. For example, aws:RunShellScript is a plugin.
" + "GetCommandInvocationRequest$PluginName": "The name of the plugin for which you want detailed results. If the document contains only one plugin, you can omit the name and details for that plugin are returned. If the document contains more than one plugin, you must specify the name of the plugin for which you want to view details.
Plugin names are also referred to as step names in Systems Manager documents. For example, aws:RunShellScript is a plugin.
The name of the plugin, or step name, for which details are reported. For example, aws:RunShellScript is a plugin.
An S3 bucket where you want to store the results of this request.
", + "base": "An S3 bucket where you want to store the results of this request.
For the minimal permissions required to enable Amazon S3 output for an association, see Creating associations in the Systems Manager User Guide.
", "refs": { "AssociationDescription$OutputLocation": "An S3 bucket where you want to store the output details of the request.
", "AssociationVersionInfo$OutputLocation": "The location in Amazon S3 specified for the association when the association version was created.
", @@ -6570,9 +6570,9 @@ "ResourceId": { "base": null, "refs": { - "AddTagsToResourceRequest$ResourceId": "The resource ID you want to tag.
Use the ID of the resource. Here are some examples:
ManagedInstance: mi-012345abcde
MaintenanceWindow: mw-012345abcde
PatchBaseline: pb-012345abcde
For the Document and Parameter values, use the name of the resource.
The ManagedInstance type for this API action is only for on-premises managed instances. You must specify the name of the managed instance in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f.
The resource ID you want to tag.
Use the ID of the resource. Here are some examples:
ManagedInstance: mi-012345abcde
MaintenanceWindow: mw-012345abcde
PatchBaseline: pb-012345abcde
OpsMetadata object: ResourceID for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically, ResourceID is created from the strings that come after the word opsmetadata in the ARN. For example, an OpsMetadata object with an ARN of arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager has a ResourceID of either aws/ssm/MyGroup/appmanager or /aws/ssm/MyGroup/appmanager.
For the Document and Parameter values, use the name of the resource.
The ManagedInstance type for this API action is only for on-premises managed instances. You must specify the name of the managed instance in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f.
The resource ID for which you want to see a list of tags.
", - "RemoveTagsFromResourceRequest$ResourceId": "The ID of the resource from which you want to remove tags. For example:
ManagedInstance: mi-012345abcde
MaintenanceWindow: mw-012345abcde
PatchBaseline: pb-012345abcde
For the Document and Parameter values, use the name of the resource.
The ManagedInstance type for this API action is only for on-premises managed instances. Specify the name of the managed instance in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f.
The ID of the resource from which you want to remove tags. For example:
ManagedInstance: mi-012345abcde
MaintenanceWindow: mw-012345abcde
PatchBaseline: pb-012345abcde
OpsMetadata object: ResourceID for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically, ResourceID is created from the strings that come after the word opsmetadata in the ARN. For example, an OpsMetadata object with an ARN of arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager has a ResourceID of either aws/ssm/MyGroup/appmanager or /aws/ssm/MyGroup/appmanager.
For the Document and Parameter values, use the name of the resource.
The ManagedInstance type for this API action is only for on-premises managed instances. Specify the name of the managed instance in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f.
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an SSM document to identify the types of targets or the environment where it will run. In this case, you could specify the following key name/value pairs:
Key=OS,Value=Windows
Key=Environment,Value=Production
To add tags to an existing SSM document, use the AddTagsToResource action.
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a maintenance window to identify the type of tasks it will run, the types of targets, and the environment it will run in. In this case, you could specify the following key name/value pairs:
Key=TaskType,Value=AgentUpdate
Key=OS,Value=Windows
Key=Environment,Value=Production
To add tags to an existing maintenance window, use the AddTagsToResource action.
Optional metadata that you assign to a resource. You can restrict access to OpsItems by using an inline IAM policy that specifies tags. For more information, see Getting started with OpsCenter in the AWS Systems Manager User Guide.
Tags use a key-value pair. For example:
Key=Department,Value=Finance
To add tags to an existing OpsItem, use the AddTagsToResource action.
Optional metadata that you assign to a resource. You can specify a maximum of five tags for an OpsMetadata object. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an OpsMetadata object to identify an environment or target AWS Region. In this case, you could specify the following key-value pairs:
Key=Environment,Value=Production
Key=Region,Value=us-east-2
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to. In this case, you could specify the following key name/value pairs:
Key=PatchSeverity,Value=Critical
Key=OS,Value=Windows
To add tags to an existing patch baseline, use the AddTagsToResource action.
The tags, or metadata, that have been applied to the document.
", "DocumentIdentifier$Tags": "The tags, or metadata, that have been applied to the document.
", diff --git a/service/accessanalyzer/accessanalyzeriface/interface.go b/service/accessanalyzer/accessanalyzeriface/interface.go index 31c8582c4ac..cd80d7239a4 100644 --- a/service/accessanalyzer/accessanalyzeriface/interface.go +++ b/service/accessanalyzer/accessanalyzeriface/interface.go @@ -64,6 +64,10 @@ type AccessAnalyzerAPI interface { ApplyArchiveRuleWithContext(aws.Context, *accessanalyzer.ApplyArchiveRuleInput, ...request.Option) (*accessanalyzer.ApplyArchiveRuleOutput, error) ApplyArchiveRuleRequest(*accessanalyzer.ApplyArchiveRuleInput) (*request.Request, *accessanalyzer.ApplyArchiveRuleOutput) + CreateAccessPreview(*accessanalyzer.CreateAccessPreviewInput) (*accessanalyzer.CreateAccessPreviewOutput, error) + CreateAccessPreviewWithContext(aws.Context, *accessanalyzer.CreateAccessPreviewInput, ...request.Option) (*accessanalyzer.CreateAccessPreviewOutput, error) + CreateAccessPreviewRequest(*accessanalyzer.CreateAccessPreviewInput) (*request.Request, *accessanalyzer.CreateAccessPreviewOutput) + CreateAnalyzer(*accessanalyzer.CreateAnalyzerInput) (*accessanalyzer.CreateAnalyzerOutput, error) CreateAnalyzerWithContext(aws.Context, *accessanalyzer.CreateAnalyzerInput, ...request.Option) (*accessanalyzer.CreateAnalyzerOutput, error) CreateAnalyzerRequest(*accessanalyzer.CreateAnalyzerInput) (*request.Request, *accessanalyzer.CreateAnalyzerOutput) @@ -80,6 +84,10 @@ type AccessAnalyzerAPI interface { DeleteArchiveRuleWithContext(aws.Context, *accessanalyzer.DeleteArchiveRuleInput, ...request.Option) (*accessanalyzer.DeleteArchiveRuleOutput, error) DeleteArchiveRuleRequest(*accessanalyzer.DeleteArchiveRuleInput) (*request.Request, *accessanalyzer.DeleteArchiveRuleOutput) + GetAccessPreview(*accessanalyzer.GetAccessPreviewInput) (*accessanalyzer.GetAccessPreviewOutput, error) + GetAccessPreviewWithContext(aws.Context, *accessanalyzer.GetAccessPreviewInput, ...request.Option) (*accessanalyzer.GetAccessPreviewOutput, error) + GetAccessPreviewRequest(*accessanalyzer.GetAccessPreviewInput) (*request.Request, *accessanalyzer.GetAccessPreviewOutput) + GetAnalyzedResource(*accessanalyzer.GetAnalyzedResourceInput) (*accessanalyzer.GetAnalyzedResourceOutput, error) GetAnalyzedResourceWithContext(aws.Context, *accessanalyzer.GetAnalyzedResourceInput, ...request.Option) (*accessanalyzer.GetAnalyzedResourceOutput, error) GetAnalyzedResourceRequest(*accessanalyzer.GetAnalyzedResourceInput) (*request.Request, *accessanalyzer.GetAnalyzedResourceOutput) @@ -96,6 +104,20 @@ type AccessAnalyzerAPI interface { GetFindingWithContext(aws.Context, *accessanalyzer.GetFindingInput, ...request.Option) (*accessanalyzer.GetFindingOutput, error) GetFindingRequest(*accessanalyzer.GetFindingInput) (*request.Request, *accessanalyzer.GetFindingOutput) + ListAccessPreviewFindings(*accessanalyzer.ListAccessPreviewFindingsInput) (*accessanalyzer.ListAccessPreviewFindingsOutput, error) + ListAccessPreviewFindingsWithContext(aws.Context, *accessanalyzer.ListAccessPreviewFindingsInput, ...request.Option) (*accessanalyzer.ListAccessPreviewFindingsOutput, error) + ListAccessPreviewFindingsRequest(*accessanalyzer.ListAccessPreviewFindingsInput) (*request.Request, *accessanalyzer.ListAccessPreviewFindingsOutput) + + ListAccessPreviewFindingsPages(*accessanalyzer.ListAccessPreviewFindingsInput, func(*accessanalyzer.ListAccessPreviewFindingsOutput, bool) bool) error + ListAccessPreviewFindingsPagesWithContext(aws.Context, *accessanalyzer.ListAccessPreviewFindingsInput, func(*accessanalyzer.ListAccessPreviewFindingsOutput, bool) bool, ...request.Option) error + + ListAccessPreviews(*accessanalyzer.ListAccessPreviewsInput) (*accessanalyzer.ListAccessPreviewsOutput, error) + ListAccessPreviewsWithContext(aws.Context, *accessanalyzer.ListAccessPreviewsInput, ...request.Option) (*accessanalyzer.ListAccessPreviewsOutput, error) + ListAccessPreviewsRequest(*accessanalyzer.ListAccessPreviewsInput) (*request.Request, *accessanalyzer.ListAccessPreviewsOutput) + + ListAccessPreviewsPages(*accessanalyzer.ListAccessPreviewsInput, func(*accessanalyzer.ListAccessPreviewsOutput, bool) bool) error + ListAccessPreviewsPagesWithContext(aws.Context, *accessanalyzer.ListAccessPreviewsInput, func(*accessanalyzer.ListAccessPreviewsOutput, bool) bool, ...request.Option) error + ListAnalyzedResources(*accessanalyzer.ListAnalyzedResourcesInput) (*accessanalyzer.ListAnalyzedResourcesOutput, error) ListAnalyzedResourcesWithContext(aws.Context, *accessanalyzer.ListAnalyzedResourcesInput, ...request.Option) (*accessanalyzer.ListAnalyzedResourcesOutput, error) ListAnalyzedResourcesRequest(*accessanalyzer.ListAnalyzedResourcesInput) (*request.Request, *accessanalyzer.ListAnalyzedResourcesOutput) diff --git a/service/accessanalyzer/api.go b/service/accessanalyzer/api.go index d72e051998d..621b8770a3d 100644 --- a/service/accessanalyzer/api.go +++ b/service/accessanalyzer/api.go @@ -106,6 +106,104 @@ func (c *AccessAnalyzer) ApplyArchiveRuleWithContext(ctx aws.Context, input *App return out, req.Send() } +const opCreateAccessPreview = "CreateAccessPreview" + +// CreateAccessPreviewRequest generates a "aws/request.Request" representing the +// client's request for the CreateAccessPreview operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateAccessPreview for more information on using the CreateAccessPreview +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateAccessPreviewRequest method. +// req, resp := client.CreateAccessPreviewRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAccessPreview +func (c *AccessAnalyzer) CreateAccessPreviewRequest(input *CreateAccessPreviewInput) (req *request.Request, output *CreateAccessPreviewOutput) { + op := &request.Operation{ + Name: opCreateAccessPreview, + HTTPMethod: "PUT", + HTTPPath: "/access-preview", + } + + if input == nil { + input = &CreateAccessPreviewInput{} + } + + output = &CreateAccessPreviewOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateAccessPreview API operation for Access Analyzer. +// +// Creates an access preview that allows you to preview Access Analyzer findings +// for your resource before deploying resource permissions. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Access Analyzer's +// API operation CreateAccessPreview for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The specified resource could not be found. +// +// * ConflictException +// A conflict exception error. +// +// * ValidationException +// Validation exception error. +// +// * InternalServerException +// Internal server error. +// +// * ServiceQuotaExceededException +// Service quote met error. +// +// * ThrottlingException +// Throttling limit exceeded error. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CreateAccessPreview +func (c *AccessAnalyzer) CreateAccessPreview(input *CreateAccessPreviewInput) (*CreateAccessPreviewOutput, error) { + req, out := c.CreateAccessPreviewRequest(input) + return out, req.Send() +} + +// CreateAccessPreviewWithContext is the same as CreateAccessPreview with the addition of +// the ability to pass a context and additional request options. +// +// See CreateAccessPreview for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AccessAnalyzer) CreateAccessPreviewWithContext(ctx aws.Context, input *CreateAccessPreviewInput, opts ...request.Option) (*CreateAccessPreviewOutput, error) { + req, out := c.CreateAccessPreviewRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateAnalyzer = "CreateAnalyzer" // CreateAnalyzerRequest generates a "aws/request.Request" representing the @@ -487,6 +585,97 @@ func (c *AccessAnalyzer) DeleteArchiveRuleWithContext(ctx aws.Context, input *De return out, req.Send() } +const opGetAccessPreview = "GetAccessPreview" + +// GetAccessPreviewRequest generates a "aws/request.Request" representing the +// client's request for the GetAccessPreview operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetAccessPreview for more information on using the GetAccessPreview +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetAccessPreviewRequest method. +// req, resp := client.GetAccessPreviewRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAccessPreview +func (c *AccessAnalyzer) GetAccessPreviewRequest(input *GetAccessPreviewInput) (req *request.Request, output *GetAccessPreviewOutput) { + op := &request.Operation{ + Name: opGetAccessPreview, + HTTPMethod: "GET", + HTTPPath: "/access-preview/{accessPreviewId}", + } + + if input == nil { + input = &GetAccessPreviewInput{} + } + + output = &GetAccessPreviewOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetAccessPreview API operation for Access Analyzer. +// +// Retrieves information about an access preview for the specified analyzer. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Access Analyzer's +// API operation GetAccessPreview for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The specified resource could not be found. +// +// * ValidationException +// Validation exception error. +// +// * InternalServerException +// Internal server error. +// +// * ThrottlingException +// Throttling limit exceeded error. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAccessPreview +func (c *AccessAnalyzer) GetAccessPreview(input *GetAccessPreviewInput) (*GetAccessPreviewOutput, error) { + req, out := c.GetAccessPreviewRequest(input) + return out, req.Send() +} + +// GetAccessPreviewWithContext is the same as GetAccessPreview with the addition of +// the ability to pass a context and additional request options. +// +// See GetAccessPreview for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AccessAnalyzer) GetAccessPreviewWithContext(ctx aws.Context, input *GetAccessPreviewInput, opts ...request.Option) (*GetAccessPreviewOutput, error) { + req, out := c.GetAccessPreviewRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetAnalyzedResource = "GetAnalyzedResource" // GetAnalyzedResourceRequest generates a "aws/request.Request" representing the @@ -855,37 +1044,37 @@ func (c *AccessAnalyzer) GetFindingWithContext(ctx aws.Context, input *GetFindin return out, req.Send() } -const opListAnalyzedResources = "ListAnalyzedResources" +const opListAccessPreviewFindings = "ListAccessPreviewFindings" -// ListAnalyzedResourcesRequest generates a "aws/request.Request" representing the -// client's request for the ListAnalyzedResources operation. The "output" return +// ListAccessPreviewFindingsRequest generates a "aws/request.Request" representing the +// client's request for the ListAccessPreviewFindings operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ListAnalyzedResources for more information on using the ListAnalyzedResources +// See ListAccessPreviewFindings for more information on using the ListAccessPreviewFindings // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // -// // Example sending a request using the ListAnalyzedResourcesRequest method. -// req, resp := client.ListAnalyzedResourcesRequest(params) +// // Example sending a request using the ListAccessPreviewFindingsRequest method. +// req, resp := client.ListAccessPreviewFindingsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResources -func (c *AccessAnalyzer) ListAnalyzedResourcesRequest(input *ListAnalyzedResourcesInput) (req *request.Request, output *ListAnalyzedResourcesOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindings +func (c *AccessAnalyzer) ListAccessPreviewFindingsRequest(input *ListAccessPreviewFindingsInput) (req *request.Request, output *ListAccessPreviewFindingsOutput) { op := &request.Operation{ - Name: opListAnalyzedResources, + Name: opListAccessPreviewFindings, HTTPMethod: "POST", - HTTPPath: "/analyzed-resource", + HTTPPath: "/access-preview/{accessPreviewId}", Paginator: &request.Paginator{ InputTokens: []string{"nextToken"}, OutputTokens: []string{"nextToken"}, @@ -895,30 +1084,33 @@ func (c *AccessAnalyzer) ListAnalyzedResourcesRequest(input *ListAnalyzedResourc } if input == nil { - input = &ListAnalyzedResourcesInput{} + input = &ListAccessPreviewFindingsInput{} } - output = &ListAnalyzedResourcesOutput{} + output = &ListAccessPreviewFindingsOutput{} req = c.newRequest(op, input, output) return } -// ListAnalyzedResources API operation for Access Analyzer. +// ListAccessPreviewFindings API operation for Access Analyzer. // -// Retrieves a list of resources of the specified type that have been analyzed -// by the specified analyzer.. +// Retrieves a list of access preview findings generated by the specified access +// preview. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Access Analyzer's -// API operation ListAnalyzedResources for usage and error information. +// API operation ListAccessPreviewFindings for usage and error information. // // Returned Error Types: // * ResourceNotFoundException // The specified resource could not be found. // +// * ConflictException +// A conflict exception error. +// // * ValidationException // Validation exception error. // @@ -931,65 +1123,65 @@ func (c *AccessAnalyzer) ListAnalyzedResourcesRequest(input *ListAnalyzedResourc // * AccessDeniedException // You do not have sufficient access to perform this action. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResources -func (c *AccessAnalyzer) ListAnalyzedResources(input *ListAnalyzedResourcesInput) (*ListAnalyzedResourcesOutput, error) { - req, out := c.ListAnalyzedResourcesRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviewFindings +func (c *AccessAnalyzer) ListAccessPreviewFindings(input *ListAccessPreviewFindingsInput) (*ListAccessPreviewFindingsOutput, error) { + req, out := c.ListAccessPreviewFindingsRequest(input) return out, req.Send() } -// ListAnalyzedResourcesWithContext is the same as ListAnalyzedResources with the addition of +// ListAccessPreviewFindingsWithContext is the same as ListAccessPreviewFindings with the addition of // the ability to pass a context and additional request options. // -// See ListAnalyzedResources for details on how to use this API operation. +// See ListAccessPreviewFindings for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *AccessAnalyzer) ListAnalyzedResourcesWithContext(ctx aws.Context, input *ListAnalyzedResourcesInput, opts ...request.Option) (*ListAnalyzedResourcesOutput, error) { - req, out := c.ListAnalyzedResourcesRequest(input) +func (c *AccessAnalyzer) ListAccessPreviewFindingsWithContext(ctx aws.Context, input *ListAccessPreviewFindingsInput, opts ...request.Option) (*ListAccessPreviewFindingsOutput, error) { + req, out := c.ListAccessPreviewFindingsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// ListAnalyzedResourcesPages iterates over the pages of a ListAnalyzedResources operation, +// ListAccessPreviewFindingsPages iterates over the pages of a ListAccessPreviewFindings operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // -// See ListAnalyzedResources method for more information on how to use this operation. +// See ListAccessPreviewFindings method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListAnalyzedResources operation. +// // Example iterating over at most 3 pages of a ListAccessPreviewFindings operation. // pageNum := 0 -// err := client.ListAnalyzedResourcesPages(params, -// func(page *accessanalyzer.ListAnalyzedResourcesOutput, lastPage bool) bool { +// err := client.ListAccessPreviewFindingsPages(params, +// func(page *accessanalyzer.ListAccessPreviewFindingsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 // }) // -func (c *AccessAnalyzer) ListAnalyzedResourcesPages(input *ListAnalyzedResourcesInput, fn func(*ListAnalyzedResourcesOutput, bool) bool) error { - return c.ListAnalyzedResourcesPagesWithContext(aws.BackgroundContext(), input, fn) +func (c *AccessAnalyzer) ListAccessPreviewFindingsPages(input *ListAccessPreviewFindingsInput, fn func(*ListAccessPreviewFindingsOutput, bool) bool) error { + return c.ListAccessPreviewFindingsPagesWithContext(aws.BackgroundContext(), input, fn) } -// ListAnalyzedResourcesPagesWithContext same as ListAnalyzedResourcesPages except +// ListAccessPreviewFindingsPagesWithContext same as ListAccessPreviewFindingsPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *AccessAnalyzer) ListAnalyzedResourcesPagesWithContext(ctx aws.Context, input *ListAnalyzedResourcesInput, fn func(*ListAnalyzedResourcesOutput, bool) bool, opts ...request.Option) error { +func (c *AccessAnalyzer) ListAccessPreviewFindingsPagesWithContext(ctx aws.Context, input *ListAccessPreviewFindingsInput, fn func(*ListAccessPreviewFindingsOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { - var inCpy *ListAnalyzedResourcesInput + var inCpy *ListAccessPreviewFindingsInput if input != nil { tmp := *input inCpy = &tmp } - req, _ := c.ListAnalyzedResourcesRequest(inCpy) + req, _ := c.ListAccessPreviewFindingsRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil @@ -997,7 +1189,7 @@ func (c *AccessAnalyzer) ListAnalyzedResourcesPagesWithContext(ctx aws.Context, } for p.Next() { - if !fn(p.Page().(*ListAnalyzedResourcesOutput), !p.HasNextPage()) { + if !fn(p.Page().(*ListAccessPreviewFindingsOutput), !p.HasNextPage()) { break } } @@ -1005,37 +1197,37 @@ func (c *AccessAnalyzer) ListAnalyzedResourcesPagesWithContext(ctx aws.Context, return p.Err() } -const opListAnalyzers = "ListAnalyzers" +const opListAccessPreviews = "ListAccessPreviews" -// ListAnalyzersRequest generates a "aws/request.Request" representing the -// client's request for the ListAnalyzers operation. The "output" return +// ListAccessPreviewsRequest generates a "aws/request.Request" representing the +// client's request for the ListAccessPreviews operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ListAnalyzers for more information on using the ListAnalyzers +// See ListAccessPreviews for more information on using the ListAccessPreviews // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // -// // Example sending a request using the ListAnalyzersRequest method. -// req, resp := client.ListAnalyzersRequest(params) +// // Example sending a request using the ListAccessPreviewsRequest method. +// req, resp := client.ListAccessPreviewsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers -func (c *AccessAnalyzer) ListAnalyzersRequest(input *ListAnalyzersInput) (req *request.Request, output *ListAnalyzersOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviews +func (c *AccessAnalyzer) ListAccessPreviewsRequest(input *ListAccessPreviewsInput) (req *request.Request, output *ListAccessPreviewsOutput) { op := &request.Operation{ - Name: opListAnalyzers, + Name: opListAccessPreviews, HTTPMethod: "GET", - HTTPPath: "/analyzer", + HTTPPath: "/access-preview", Paginator: &request.Paginator{ InputTokens: []string{"nextToken"}, OutputTokens: []string{"nextToken"}, @@ -1045,26 +1237,29 @@ func (c *AccessAnalyzer) ListAnalyzersRequest(input *ListAnalyzersInput) (req *r } if input == nil { - input = &ListAnalyzersInput{} + input = &ListAccessPreviewsInput{} } - output = &ListAnalyzersOutput{} + output = &ListAccessPreviewsOutput{} req = c.newRequest(op, input, output) return } -// ListAnalyzers API operation for Access Analyzer. +// ListAccessPreviews API operation for Access Analyzer. // -// Retrieves a list of analyzers. +// Retrieves a list of access previews for the specified analyzer. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Access Analyzer's -// API operation ListAnalyzers for usage and error information. +// API operation ListAccessPreviews for usage and error information. // // Returned Error Types: +// * ResourceNotFoundException +// The specified resource could not be found. +// // * ValidationException // Validation exception error. // @@ -1077,65 +1272,65 @@ func (c *AccessAnalyzer) ListAnalyzersRequest(input *ListAnalyzersInput) (req *r // * AccessDeniedException // You do not have sufficient access to perform this action. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers -func (c *AccessAnalyzer) ListAnalyzers(input *ListAnalyzersInput) (*ListAnalyzersOutput, error) { - req, out := c.ListAnalyzersRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAccessPreviews +func (c *AccessAnalyzer) ListAccessPreviews(input *ListAccessPreviewsInput) (*ListAccessPreviewsOutput, error) { + req, out := c.ListAccessPreviewsRequest(input) return out, req.Send() } -// ListAnalyzersWithContext is the same as ListAnalyzers with the addition of +// ListAccessPreviewsWithContext is the same as ListAccessPreviews with the addition of // the ability to pass a context and additional request options. // -// See ListAnalyzers for details on how to use this API operation. +// See ListAccessPreviews for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *AccessAnalyzer) ListAnalyzersWithContext(ctx aws.Context, input *ListAnalyzersInput, opts ...request.Option) (*ListAnalyzersOutput, error) { - req, out := c.ListAnalyzersRequest(input) +func (c *AccessAnalyzer) ListAccessPreviewsWithContext(ctx aws.Context, input *ListAccessPreviewsInput, opts ...request.Option) (*ListAccessPreviewsOutput, error) { + req, out := c.ListAccessPreviewsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// ListAnalyzersPages iterates over the pages of a ListAnalyzers operation, +// ListAccessPreviewsPages iterates over the pages of a ListAccessPreviews operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // -// See ListAnalyzers method for more information on how to use this operation. +// See ListAccessPreviews method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListAnalyzers operation. +// // Example iterating over at most 3 pages of a ListAccessPreviews operation. // pageNum := 0 -// err := client.ListAnalyzersPages(params, -// func(page *accessanalyzer.ListAnalyzersOutput, lastPage bool) bool { +// err := client.ListAccessPreviewsPages(params, +// func(page *accessanalyzer.ListAccessPreviewsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 // }) // -func (c *AccessAnalyzer) ListAnalyzersPages(input *ListAnalyzersInput, fn func(*ListAnalyzersOutput, bool) bool) error { - return c.ListAnalyzersPagesWithContext(aws.BackgroundContext(), input, fn) +func (c *AccessAnalyzer) ListAccessPreviewsPages(input *ListAccessPreviewsInput, fn func(*ListAccessPreviewsOutput, bool) bool) error { + return c.ListAccessPreviewsPagesWithContext(aws.BackgroundContext(), input, fn) } -// ListAnalyzersPagesWithContext same as ListAnalyzersPages except +// ListAccessPreviewsPagesWithContext same as ListAccessPreviewsPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *AccessAnalyzer) ListAnalyzersPagesWithContext(ctx aws.Context, input *ListAnalyzersInput, fn func(*ListAnalyzersOutput, bool) bool, opts ...request.Option) error { +func (c *AccessAnalyzer) ListAccessPreviewsPagesWithContext(ctx aws.Context, input *ListAccessPreviewsInput, fn func(*ListAccessPreviewsOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { - var inCpy *ListAnalyzersInput + var inCpy *ListAccessPreviewsInput if input != nil { tmp := *input inCpy = &tmp } - req, _ := c.ListAnalyzersRequest(inCpy) + req, _ := c.ListAccessPreviewsRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil @@ -1143,7 +1338,7 @@ func (c *AccessAnalyzer) ListAnalyzersPagesWithContext(ctx aws.Context, input *L } for p.Next() { - if !fn(p.Page().(*ListAnalyzersOutput), !p.HasNextPage()) { + if !fn(p.Page().(*ListAccessPreviewsOutput), !p.HasNextPage()) { break } } @@ -1151,37 +1346,37 @@ func (c *AccessAnalyzer) ListAnalyzersPagesWithContext(ctx aws.Context, input *L return p.Err() } -const opListArchiveRules = "ListArchiveRules" +const opListAnalyzedResources = "ListAnalyzedResources" -// ListArchiveRulesRequest generates a "aws/request.Request" representing the -// client's request for the ListArchiveRules operation. The "output" return +// ListAnalyzedResourcesRequest generates a "aws/request.Request" representing the +// client's request for the ListAnalyzedResources operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ListArchiveRules for more information on using the ListArchiveRules +// See ListAnalyzedResources for more information on using the ListAnalyzedResources // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // -// // Example sending a request using the ListArchiveRulesRequest method. -// req, resp := client.ListArchiveRulesRequest(params) +// // Example sending a request using the ListAnalyzedResourcesRequest method. +// req, resp := client.ListAnalyzedResourcesRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListArchiveRules -func (c *AccessAnalyzer) ListArchiveRulesRequest(input *ListArchiveRulesInput) (req *request.Request, output *ListArchiveRulesOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResources +func (c *AccessAnalyzer) ListAnalyzedResourcesRequest(input *ListAnalyzedResourcesInput) (req *request.Request, output *ListAnalyzedResourcesOutput) { op := &request.Operation{ - Name: opListArchiveRules, - HTTPMethod: "GET", - HTTPPath: "/analyzer/{analyzerName}/archive-rule", + Name: opListAnalyzedResources, + HTTPMethod: "POST", + HTTPPath: "/analyzed-resource", Paginator: &request.Paginator{ InputTokens: []string{"nextToken"}, OutputTokens: []string{"nextToken"}, @@ -1191,26 +1386,30 @@ func (c *AccessAnalyzer) ListArchiveRulesRequest(input *ListArchiveRulesInput) ( } if input == nil { - input = &ListArchiveRulesInput{} + input = &ListAnalyzedResourcesInput{} } - output = &ListArchiveRulesOutput{} + output = &ListAnalyzedResourcesOutput{} req = c.newRequest(op, input, output) return } -// ListArchiveRules API operation for Access Analyzer. +// ListAnalyzedResources API operation for Access Analyzer. // -// Retrieves a list of archive rules created for the specified analyzer. +// Retrieves a list of resources of the specified type that have been analyzed +// by the specified analyzer.. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Access Analyzer's -// API operation ListArchiveRules for usage and error information. +// API operation ListAnalyzedResources for usage and error information. // // Returned Error Types: +// * ResourceNotFoundException +// The specified resource could not be found. +// // * ValidationException // Validation exception error. // @@ -1223,65 +1422,65 @@ func (c *AccessAnalyzer) ListArchiveRulesRequest(input *ListArchiveRulesInput) ( // * AccessDeniedException // You do not have sufficient access to perform this action. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListArchiveRules -func (c *AccessAnalyzer) ListArchiveRules(input *ListArchiveRulesInput) (*ListArchiveRulesOutput, error) { - req, out := c.ListArchiveRulesRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzedResources +func (c *AccessAnalyzer) ListAnalyzedResources(input *ListAnalyzedResourcesInput) (*ListAnalyzedResourcesOutput, error) { + req, out := c.ListAnalyzedResourcesRequest(input) return out, req.Send() } -// ListArchiveRulesWithContext is the same as ListArchiveRules with the addition of +// ListAnalyzedResourcesWithContext is the same as ListAnalyzedResources with the addition of // the ability to pass a context and additional request options. // -// See ListArchiveRules for details on how to use this API operation. +// See ListAnalyzedResources for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *AccessAnalyzer) ListArchiveRulesWithContext(ctx aws.Context, input *ListArchiveRulesInput, opts ...request.Option) (*ListArchiveRulesOutput, error) { - req, out := c.ListArchiveRulesRequest(input) +func (c *AccessAnalyzer) ListAnalyzedResourcesWithContext(ctx aws.Context, input *ListAnalyzedResourcesInput, opts ...request.Option) (*ListAnalyzedResourcesOutput, error) { + req, out := c.ListAnalyzedResourcesRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// ListArchiveRulesPages iterates over the pages of a ListArchiveRules operation, +// ListAnalyzedResourcesPages iterates over the pages of a ListAnalyzedResources operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // -// See ListArchiveRules method for more information on how to use this operation. +// See ListAnalyzedResources method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListArchiveRules operation. +// // Example iterating over at most 3 pages of a ListAnalyzedResources operation. // pageNum := 0 -// err := client.ListArchiveRulesPages(params, -// func(page *accessanalyzer.ListArchiveRulesOutput, lastPage bool) bool { +// err := client.ListAnalyzedResourcesPages(params, +// func(page *accessanalyzer.ListAnalyzedResourcesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 // }) // -func (c *AccessAnalyzer) ListArchiveRulesPages(input *ListArchiveRulesInput, fn func(*ListArchiveRulesOutput, bool) bool) error { - return c.ListArchiveRulesPagesWithContext(aws.BackgroundContext(), input, fn) +func (c *AccessAnalyzer) ListAnalyzedResourcesPages(input *ListAnalyzedResourcesInput, fn func(*ListAnalyzedResourcesOutput, bool) bool) error { + return c.ListAnalyzedResourcesPagesWithContext(aws.BackgroundContext(), input, fn) } -// ListArchiveRulesPagesWithContext same as ListArchiveRulesPages except +// ListAnalyzedResourcesPagesWithContext same as ListAnalyzedResourcesPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *AccessAnalyzer) ListArchiveRulesPagesWithContext(ctx aws.Context, input *ListArchiveRulesInput, fn func(*ListArchiveRulesOutput, bool) bool, opts ...request.Option) error { +func (c *AccessAnalyzer) ListAnalyzedResourcesPagesWithContext(ctx aws.Context, input *ListAnalyzedResourcesInput, fn func(*ListAnalyzedResourcesOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { - var inCpy *ListArchiveRulesInput + var inCpy *ListAnalyzedResourcesInput if input != nil { tmp := *input inCpy = &tmp } - req, _ := c.ListArchiveRulesRequest(inCpy) + req, _ := c.ListAnalyzedResourcesRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil @@ -1289,7 +1488,7 @@ func (c *AccessAnalyzer) ListArchiveRulesPagesWithContext(ctx aws.Context, input } for p.Next() { - if !fn(p.Page().(*ListArchiveRulesOutput), !p.HasNextPage()) { + if !fn(p.Page().(*ListAnalyzedResourcesOutput), !p.HasNextPage()) { break } } @@ -1297,37 +1496,37 @@ func (c *AccessAnalyzer) ListArchiveRulesPagesWithContext(ctx aws.Context, input return p.Err() } -const opListFindings = "ListFindings" +const opListAnalyzers = "ListAnalyzers" -// ListFindingsRequest generates a "aws/request.Request" representing the -// client's request for the ListFindings operation. The "output" return +// ListAnalyzersRequest generates a "aws/request.Request" representing the +// client's request for the ListAnalyzers operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ListFindings for more information on using the ListFindings +// See ListAnalyzers for more information on using the ListAnalyzers // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // -// // Example sending a request using the ListFindingsRequest method. -// req, resp := client.ListFindingsRequest(params) +// // Example sending a request using the ListAnalyzersRequest method. +// req, resp := client.ListAnalyzersRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindings -func (c *AccessAnalyzer) ListFindingsRequest(input *ListFindingsInput) (req *request.Request, output *ListFindingsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers +func (c *AccessAnalyzer) ListAnalyzersRequest(input *ListAnalyzersInput) (req *request.Request, output *ListAnalyzersOutput) { op := &request.Operation{ - Name: opListFindings, - HTTPMethod: "POST", - HTTPPath: "/finding", + Name: opListAnalyzers, + HTTPMethod: "GET", + HTTPPath: "/analyzer", Paginator: &request.Paginator{ InputTokens: []string{"nextToken"}, OutputTokens: []string{"nextToken"}, @@ -1337,33 +1536,26 @@ func (c *AccessAnalyzer) ListFindingsRequest(input *ListFindingsInput) (req *req } if input == nil { - input = &ListFindingsInput{} + input = &ListAnalyzersInput{} } - output = &ListFindingsOutput{} + output = &ListAnalyzersOutput{} req = c.newRequest(op, input, output) return } -// ListFindings API operation for Access Analyzer. -// -// Retrieves a list of findings generated by the specified analyzer. +// ListAnalyzers API operation for Access Analyzer. // -// To learn about filter keys that you can use to create an archive rule, see -// Access Analyzer filter keys (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html) -// in the IAM User Guide. +// Retrieves a list of analyzers. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Access Analyzer's -// API operation ListFindings for usage and error information. +// API operation ListAnalyzers for usage and error information. // // Returned Error Types: -// * ResourceNotFoundException -// The specified resource could not be found. -// // * ValidationException // Validation exception error. // @@ -1376,65 +1568,65 @@ func (c *AccessAnalyzer) ListFindingsRequest(input *ListFindingsInput) (req *req // * AccessDeniedException // You do not have sufficient access to perform this action. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindings -func (c *AccessAnalyzer) ListFindings(input *ListFindingsInput) (*ListFindingsOutput, error) { - req, out := c.ListFindingsRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListAnalyzers +func (c *AccessAnalyzer) ListAnalyzers(input *ListAnalyzersInput) (*ListAnalyzersOutput, error) { + req, out := c.ListAnalyzersRequest(input) return out, req.Send() } -// ListFindingsWithContext is the same as ListFindings with the addition of +// ListAnalyzersWithContext is the same as ListAnalyzers with the addition of // the ability to pass a context and additional request options. // -// See ListFindings for details on how to use this API operation. +// See ListAnalyzers for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *AccessAnalyzer) ListFindingsWithContext(ctx aws.Context, input *ListFindingsInput, opts ...request.Option) (*ListFindingsOutput, error) { - req, out := c.ListFindingsRequest(input) +func (c *AccessAnalyzer) ListAnalyzersWithContext(ctx aws.Context, input *ListAnalyzersInput, opts ...request.Option) (*ListAnalyzersOutput, error) { + req, out := c.ListAnalyzersRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// ListFindingsPages iterates over the pages of a ListFindings operation, +// ListAnalyzersPages iterates over the pages of a ListAnalyzers operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // -// See ListFindings method for more information on how to use this operation. +// See ListAnalyzers method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListFindings operation. +// // Example iterating over at most 3 pages of a ListAnalyzers operation. // pageNum := 0 -// err := client.ListFindingsPages(params, -// func(page *accessanalyzer.ListFindingsOutput, lastPage bool) bool { +// err := client.ListAnalyzersPages(params, +// func(page *accessanalyzer.ListAnalyzersOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 // }) // -func (c *AccessAnalyzer) ListFindingsPages(input *ListFindingsInput, fn func(*ListFindingsOutput, bool) bool) error { - return c.ListFindingsPagesWithContext(aws.BackgroundContext(), input, fn) +func (c *AccessAnalyzer) ListAnalyzersPages(input *ListAnalyzersInput, fn func(*ListAnalyzersOutput, bool) bool) error { + return c.ListAnalyzersPagesWithContext(aws.BackgroundContext(), input, fn) } -// ListFindingsPagesWithContext same as ListFindingsPages except +// ListAnalyzersPagesWithContext same as ListAnalyzersPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *AccessAnalyzer) ListFindingsPagesWithContext(ctx aws.Context, input *ListFindingsInput, fn func(*ListFindingsOutput, bool) bool, opts ...request.Option) error { +func (c *AccessAnalyzer) ListAnalyzersPagesWithContext(ctx aws.Context, input *ListAnalyzersInput, fn func(*ListAnalyzersOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { - var inCpy *ListFindingsInput + var inCpy *ListAnalyzersInput if input != nil { tmp := *input inCpy = &tmp } - req, _ := c.ListFindingsRequest(inCpy) + req, _ := c.ListAnalyzersRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil @@ -1442,7 +1634,7 @@ func (c *AccessAnalyzer) ListFindingsPagesWithContext(ctx aws.Context, input *Li } for p.Next() { - if !fn(p.Page().(*ListFindingsOutput), !p.HasNextPage()) { + if !fn(p.Page().(*ListAnalyzersOutput), !p.HasNextPage()) { break } } @@ -1450,63 +1642,66 @@ func (c *AccessAnalyzer) ListFindingsPagesWithContext(ctx aws.Context, input *Li return p.Err() } -const opListTagsForResource = "ListTagsForResource" +const opListArchiveRules = "ListArchiveRules" -// ListTagsForResourceRequest generates a "aws/request.Request" representing the -// client's request for the ListTagsForResource operation. The "output" return +// ListArchiveRulesRequest generates a "aws/request.Request" representing the +// client's request for the ListArchiveRules operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ListTagsForResource for more information on using the ListTagsForResource +// See ListArchiveRules for more information on using the ListArchiveRules // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // -// // Example sending a request using the ListTagsForResourceRequest method. -// req, resp := client.ListTagsForResourceRequest(params) +// // Example sending a request using the ListArchiveRulesRequest method. +// req, resp := client.ListArchiveRulesRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListTagsForResource -func (c *AccessAnalyzer) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListArchiveRules +func (c *AccessAnalyzer) ListArchiveRulesRequest(input *ListArchiveRulesInput) (req *request.Request, output *ListArchiveRulesOutput) { op := &request.Operation{ - Name: opListTagsForResource, + Name: opListArchiveRules, HTTPMethod: "GET", - HTTPPath: "/tags/{resourceArn}", + HTTPPath: "/analyzer/{analyzerName}/archive-rule", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "maxResults", + TruncationToken: "", + }, } if input == nil { - input = &ListTagsForResourceInput{} + input = &ListArchiveRulesInput{} } - output = &ListTagsForResourceOutput{} + output = &ListArchiveRulesOutput{} req = c.newRequest(op, input, output) return } -// ListTagsForResource API operation for Access Analyzer. +// ListArchiveRules API operation for Access Analyzer. // -// Retrieves a list of tags applied to the specified resource. +// Retrieves a list of archive rules created for the specified analyzer. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Access Analyzer's -// API operation ListTagsForResource for usage and error information. +// API operation ListArchiveRules for usage and error information. // // Returned Error Types: -// * ResourceNotFoundException -// The specified resource could not be found. -// // * ValidationException // Validation exception error. // @@ -1519,74 +1714,370 @@ func (c *AccessAnalyzer) ListTagsForResourceRequest(input *ListTagsForResourceIn // * AccessDeniedException // You do not have sufficient access to perform this action. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListTagsForResource -func (c *AccessAnalyzer) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) { - req, out := c.ListTagsForResourceRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListArchiveRules +func (c *AccessAnalyzer) ListArchiveRules(input *ListArchiveRulesInput) (*ListArchiveRulesOutput, error) { + req, out := c.ListArchiveRulesRequest(input) return out, req.Send() } -// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of +// ListArchiveRulesWithContext is the same as ListArchiveRules with the addition of // the ability to pass a context and additional request options. // -// See ListTagsForResource for details on how to use this API operation. +// See ListArchiveRules for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *AccessAnalyzer) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) { - req, out := c.ListTagsForResourceRequest(input) +func (c *AccessAnalyzer) ListArchiveRulesWithContext(ctx aws.Context, input *ListArchiveRulesInput, opts ...request.Option) (*ListArchiveRulesOutput, error) { + req, out := c.ListArchiveRulesRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -const opStartResourceScan = "StartResourceScan" +// ListArchiveRulesPages iterates over the pages of a ListArchiveRules operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListArchiveRules method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListArchiveRules operation. +// pageNum := 0 +// err := client.ListArchiveRulesPages(params, +// func(page *accessanalyzer.ListArchiveRulesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *AccessAnalyzer) ListArchiveRulesPages(input *ListArchiveRulesInput, fn func(*ListArchiveRulesOutput, bool) bool) error { + return c.ListArchiveRulesPagesWithContext(aws.BackgroundContext(), input, fn) +} -// StartResourceScanRequest generates a "aws/request.Request" representing the -// client's request for the StartResourceScan operation. The "output" return +// ListArchiveRulesPagesWithContext same as ListArchiveRulesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AccessAnalyzer) ListArchiveRulesPagesWithContext(ctx aws.Context, input *ListArchiveRulesInput, fn func(*ListArchiveRulesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListArchiveRulesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListArchiveRulesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListArchiveRulesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListFindings = "ListFindings" + +// ListFindingsRequest generates a "aws/request.Request" representing the +// client's request for the ListFindings operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See StartResourceScan for more information on using the StartResourceScan +// See ListFindings for more information on using the ListFindings // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // -// // Example sending a request using the StartResourceScanRequest method. -// req, resp := client.StartResourceScanRequest(params) +// // Example sending a request using the ListFindingsRequest method. +// req, resp := client.ListFindingsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartResourceScan -func (c *AccessAnalyzer) StartResourceScanRequest(input *StartResourceScanInput) (req *request.Request, output *StartResourceScanOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindings +func (c *AccessAnalyzer) ListFindingsRequest(input *ListFindingsInput) (req *request.Request, output *ListFindingsOutput) { op := &request.Operation{ - Name: opStartResourceScan, + Name: opListFindings, HTTPMethod: "POST", - HTTPPath: "/resource/scan", + HTTPPath: "/finding", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "maxResults", + TruncationToken: "", + }, } if input == nil { - input = &StartResourceScanInput{} + input = &ListFindingsInput{} } - output = &StartResourceScanOutput{} + output = &ListFindingsOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } -// StartResourceScan API operation for Access Analyzer. +// ListFindings API operation for Access Analyzer. // -// Immediately starts a scan of the policies applied to the specified resource. +// Retrieves a list of findings generated by the specified analyzer. +// +// To learn about filter keys that you can use to retrieve a list of findings, +// see Access Analyzer filter keys (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html) +// in the IAM User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Access Analyzer's +// API operation ListFindings for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The specified resource could not be found. +// +// * ValidationException +// Validation exception error. +// +// * InternalServerException +// Internal server error. +// +// * ThrottlingException +// Throttling limit exceeded error. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindings +func (c *AccessAnalyzer) ListFindings(input *ListFindingsInput) (*ListFindingsOutput, error) { + req, out := c.ListFindingsRequest(input) + return out, req.Send() +} + +// ListFindingsWithContext is the same as ListFindings with the addition of +// the ability to pass a context and additional request options. +// +// See ListFindings for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AccessAnalyzer) ListFindingsWithContext(ctx aws.Context, input *ListFindingsInput, opts ...request.Option) (*ListFindingsOutput, error) { + req, out := c.ListFindingsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListFindingsPages iterates over the pages of a ListFindings operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListFindings method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListFindings operation. +// pageNum := 0 +// err := client.ListFindingsPages(params, +// func(page *accessanalyzer.ListFindingsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *AccessAnalyzer) ListFindingsPages(input *ListFindingsInput, fn func(*ListFindingsOutput, bool) bool) error { + return c.ListFindingsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListFindingsPagesWithContext same as ListFindingsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AccessAnalyzer) ListFindingsPagesWithContext(ctx aws.Context, input *ListFindingsInput, fn func(*ListFindingsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListFindingsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListFindingsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListFindingsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListTagsForResource = "ListTagsForResource" + +// ListTagsForResourceRequest generates a "aws/request.Request" representing the +// client's request for the ListTagsForResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListTagsForResource for more information on using the ListTagsForResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ListTagsForResourceRequest method. +// req, resp := client.ListTagsForResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListTagsForResource +func (c *AccessAnalyzer) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) { + op := &request.Operation{ + Name: opListTagsForResource, + HTTPMethod: "GET", + HTTPPath: "/tags/{resourceArn}", + } + + if input == nil { + input = &ListTagsForResourceInput{} + } + + output = &ListTagsForResourceOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListTagsForResource API operation for Access Analyzer. +// +// Retrieves a list of tags applied to the specified resource. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Access Analyzer's +// API operation ListTagsForResource for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The specified resource could not be found. +// +// * ValidationException +// Validation exception error. +// +// * InternalServerException +// Internal server error. +// +// * ThrottlingException +// Throttling limit exceeded error. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListTagsForResource +func (c *AccessAnalyzer) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) { + req, out := c.ListTagsForResourceRequest(input) + return out, req.Send() +} + +// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of +// the ability to pass a context and additional request options. +// +// See ListTagsForResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *AccessAnalyzer) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) { + req, out := c.ListTagsForResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opStartResourceScan = "StartResourceScan" + +// StartResourceScanRequest generates a "aws/request.Request" representing the +// client's request for the StartResourceScan operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StartResourceScan for more information on using the StartResourceScan +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the StartResourceScanRequest method. +// req, resp := client.StartResourceScanRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartResourceScan +func (c *AccessAnalyzer) StartResourceScanRequest(input *StartResourceScanInput) (req *request.Request, output *StartResourceScanOutput) { + op := &request.Operation{ + Name: opStartResourceScan, + HTTPMethod: "POST", + HTTPPath: "/resource/scan", + } + + if input == nil { + input = &StartResourceScanInput{} + } + + output = &StartResourceScanOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// StartResourceScan API operation for Access Analyzer. +// +// Immediately starts a scan of the policies applied to the specified resource. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2057,290 +2548,709 @@ func (s *AccessDeniedException) RequestID() string { return s.RespMetadata.RequestID } -// Contains details about the analyzed resource. -type AnalyzedResource struct { +// Contains information about an access preview. +type AccessPreview struct { _ struct{} `type:"structure"` - // The actions that an external principal is granted permission to use by the - // policy that generated the finding. - Actions []*string `locationName:"actions" type:"list"` + // The ARN of the analyzer used to generate the access preview. + // + // AnalyzerArn is a required field + AnalyzerArn *string `locationName:"analyzerArn" type:"string" required:"true"` - // The time at which the resource was analyzed. + // A map of resource ARNs for the proposed resource configuration. // - // AnalyzedAt is a required field - AnalyzedAt *time.Time `locationName:"analyzedAt" type:"timestamp" timestampFormat:"iso8601" required:"true"` + // Configurations is a required field + Configurations map[string]*Configuration `locationName:"configurations" type:"map" required:"true"` - // The time at which the finding was created. + // The time at which the access preview was created. // // CreatedAt is a required field CreatedAt *time.Time `locationName:"createdAt" type:"timestamp" timestampFormat:"iso8601" required:"true"` - // An error message. - Error *string `locationName:"error" type:"string"` - - // Indicates whether the policy that generated the finding grants public access - // to the resource. + // The unique ID for the access preview. // - // IsPublic is a required field - IsPublic *bool `locationName:"isPublic" type:"boolean" required:"true"` + // Id is a required field + Id *string `locationName:"id" type:"string" required:"true"` - // The ARN of the resource that was analyzed. + // The status of the access preview. // - // ResourceArn is a required field - ResourceArn *string `locationName:"resourceArn" type:"string" required:"true"` + // * Creating - The access preview creation is in progress. + // + // * Completed - The access preview is complete. You can preview findings + // for external access to the resource. + // + // * Failed - The access preview creation has failed. + // + // Status is a required field + Status *string `locationName:"status" type:"string" required:"true" enum:"AccessPreviewStatus"` - // The AWS account ID that owns the resource. + // Provides more details about the current status of the access preview. + // + // For example, if the creation of the access preview fails, a Failed status + // is returned. This failure can be due to an internal issue with the analysis + // or due to an invalid resource configuration. + StatusReason *AccessPreviewStatusReason `locationName:"statusReason" type:"structure"` +} + +// String returns the string representation +func (s AccessPreview) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AccessPreview) GoString() string { + return s.String() +} + +// SetAnalyzerArn sets the AnalyzerArn field's value. +func (s *AccessPreview) SetAnalyzerArn(v string) *AccessPreview { + s.AnalyzerArn = &v + return s +} + +// SetConfigurations sets the Configurations field's value. +func (s *AccessPreview) SetConfigurations(v map[string]*Configuration) *AccessPreview { + s.Configurations = v + return s +} + +// SetCreatedAt sets the CreatedAt field's value. +func (s *AccessPreview) SetCreatedAt(v time.Time) *AccessPreview { + s.CreatedAt = &v + return s +} + +// SetId sets the Id field's value. +func (s *AccessPreview) SetId(v string) *AccessPreview { + s.Id = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *AccessPreview) SetStatus(v string) *AccessPreview { + s.Status = &v + return s +} + +// SetStatusReason sets the StatusReason field's value. +func (s *AccessPreview) SetStatusReason(v *AccessPreviewStatusReason) *AccessPreview { + s.StatusReason = v + return s +} + +// An access preview finding generated by the access preview. +type AccessPreviewFinding struct { + _ struct{} `type:"structure"` + + // The action in the analyzed policy statement that an external principal has + // permission to perform. + Action []*string `locationName:"action" type:"list"` + + // Provides context on how the access preview finding compares to existing access + // identified in Access Analyzer. + // + // * New - The finding is for newly-introduced access. + // + // * Unchanged - The preview finding is an existing finding that would remain + // unchanged. + // + // * Changed - The preview finding is an existing finding with a change in + // status. + // + // For example, a Changed finding with preview status Resolved and existing + // status Active indicates the existing Active finding would become Resolved + // as a result of the proposed permissions change. + // + // ChangeType is a required field + ChangeType *string `locationName:"changeType" type:"string" required:"true" enum:"FindingChangeType"` + + // The condition in the analyzed policy statement that resulted in a finding. + Condition map[string]*string `locationName:"condition" type:"map"` + + // The time at which the access preview finding was created. + // + // CreatedAt is a required field + CreatedAt *time.Time `locationName:"createdAt" type:"timestamp" timestampFormat:"iso8601" required:"true"` + + // An error. + Error *string `locationName:"error" type:"string"` + + // The existing ID of the finding in Access Analyzer, provided only for existing + // findings. + ExistingFindingId *string `locationName:"existingFindingId" type:"string"` + + // The existing status of the finding, provided only for existing findings. + ExistingFindingStatus *string `locationName:"existingFindingStatus" type:"string" enum:"FindingStatus"` + + // The ID of the access preview finding. This ID uniquely identifies the element + // in the list of access preview findings and is not related to the finding + // ID in Access Analyzer. + // + // Id is a required field + Id *string `locationName:"id" type:"string" required:"true"` + + // Indicates whether the policy that generated the finding allows public access + // to the resource. + IsPublic *bool `locationName:"isPublic" type:"boolean"` + + // The external principal that has access to a resource within the zone of trust. + Principal map[string]*string `locationName:"principal" type:"map"` + + // The resource that an external principal has access to. This is the resource + // associated with the access preview. + Resource *string `locationName:"resource" type:"string"` + + // The AWS account ID that owns the resource. For most AWS resources, the owning + // account is the account in which the resource was created. // // ResourceOwnerAccount is a required field ResourceOwnerAccount *string `locationName:"resourceOwnerAccount" type:"string" required:"true"` - // The type of the resource that was analyzed. + // The type of the resource that can be accessed in the finding. // // ResourceType is a required field ResourceType *string `locationName:"resourceType" type:"string" required:"true" enum:"ResourceType"` - // Indicates how the access that generated the finding is granted. This is populated - // for Amazon S3 bucket findings. - SharedVia []*string `locationName:"sharedVia" type:"list"` - - // The current status of the finding generated from the analyzed resource. - Status *string `locationName:"status" type:"string" enum:"FindingStatus"` + // The sources of the finding. This indicates how the access that generated + // the finding is granted. It is populated for Amazon S3 bucket findings. + Sources []*FindingSource `locationName:"sources" type:"list"` - // The time at which the finding was updated. + // The preview status of the finding. This is what the status of the finding + // would be after permissions deployment. For example, a Changed finding with + // preview status Resolved and existing status Active indicates the existing + // Active finding would become Resolved as a result of the proposed permissions + // change. // - // UpdatedAt is a required field - UpdatedAt *time.Time `locationName:"updatedAt" type:"timestamp" timestampFormat:"iso8601" required:"true"` + // Status is a required field + Status *string `locationName:"status" type:"string" required:"true" enum:"FindingStatus"` } // String returns the string representation -func (s AnalyzedResource) String() string { +func (s AccessPreviewFinding) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s AnalyzedResource) GoString() string { +func (s AccessPreviewFinding) GoString() string { return s.String() } -// SetActions sets the Actions field's value. -func (s *AnalyzedResource) SetActions(v []*string) *AnalyzedResource { - s.Actions = v +// SetAction sets the Action field's value. +func (s *AccessPreviewFinding) SetAction(v []*string) *AccessPreviewFinding { + s.Action = v return s } -// SetAnalyzedAt sets the AnalyzedAt field's value. -func (s *AnalyzedResource) SetAnalyzedAt(v time.Time) *AnalyzedResource { - s.AnalyzedAt = &v +// SetChangeType sets the ChangeType field's value. +func (s *AccessPreviewFinding) SetChangeType(v string) *AccessPreviewFinding { + s.ChangeType = &v + return s +} + +// SetCondition sets the Condition field's value. +func (s *AccessPreviewFinding) SetCondition(v map[string]*string) *AccessPreviewFinding { + s.Condition = v return s } // SetCreatedAt sets the CreatedAt field's value. -func (s *AnalyzedResource) SetCreatedAt(v time.Time) *AnalyzedResource { +func (s *AccessPreviewFinding) SetCreatedAt(v time.Time) *AccessPreviewFinding { s.CreatedAt = &v return s } // SetError sets the Error field's value. -func (s *AnalyzedResource) SetError(v string) *AnalyzedResource { +func (s *AccessPreviewFinding) SetError(v string) *AccessPreviewFinding { s.Error = &v return s } +// SetExistingFindingId sets the ExistingFindingId field's value. +func (s *AccessPreviewFinding) SetExistingFindingId(v string) *AccessPreviewFinding { + s.ExistingFindingId = &v + return s +} + +// SetExistingFindingStatus sets the ExistingFindingStatus field's value. +func (s *AccessPreviewFinding) SetExistingFindingStatus(v string) *AccessPreviewFinding { + s.ExistingFindingStatus = &v + return s +} + +// SetId sets the Id field's value. +func (s *AccessPreviewFinding) SetId(v string) *AccessPreviewFinding { + s.Id = &v + return s +} + // SetIsPublic sets the IsPublic field's value. -func (s *AnalyzedResource) SetIsPublic(v bool) *AnalyzedResource { +func (s *AccessPreviewFinding) SetIsPublic(v bool) *AccessPreviewFinding { s.IsPublic = &v return s } -// SetResourceArn sets the ResourceArn field's value. -func (s *AnalyzedResource) SetResourceArn(v string) *AnalyzedResource { - s.ResourceArn = &v +// SetPrincipal sets the Principal field's value. +func (s *AccessPreviewFinding) SetPrincipal(v map[string]*string) *AccessPreviewFinding { + s.Principal = v + return s +} + +// SetResource sets the Resource field's value. +func (s *AccessPreviewFinding) SetResource(v string) *AccessPreviewFinding { + s.Resource = &v return s } // SetResourceOwnerAccount sets the ResourceOwnerAccount field's value. -func (s *AnalyzedResource) SetResourceOwnerAccount(v string) *AnalyzedResource { +func (s *AccessPreviewFinding) SetResourceOwnerAccount(v string) *AccessPreviewFinding { s.ResourceOwnerAccount = &v return s } // SetResourceType sets the ResourceType field's value. -func (s *AnalyzedResource) SetResourceType(v string) *AnalyzedResource { +func (s *AccessPreviewFinding) SetResourceType(v string) *AccessPreviewFinding { s.ResourceType = &v return s } -// SetSharedVia sets the SharedVia field's value. -func (s *AnalyzedResource) SetSharedVia(v []*string) *AnalyzedResource { - s.SharedVia = v +// SetSources sets the Sources field's value. +func (s *AccessPreviewFinding) SetSources(v []*FindingSource) *AccessPreviewFinding { + s.Sources = v return s } // SetStatus sets the Status field's value. -func (s *AnalyzedResource) SetStatus(v string) *AnalyzedResource { +func (s *AccessPreviewFinding) SetStatus(v string) *AccessPreviewFinding { s.Status = &v return s } -// SetUpdatedAt sets the UpdatedAt field's value. -func (s *AnalyzedResource) SetUpdatedAt(v time.Time) *AnalyzedResource { - s.UpdatedAt = &v - return s -} - -// Contains the ARN of the analyzed resource. -type AnalyzedResourceSummary struct { +// Provides more details about the current status of the access preview. For +// example, if the creation of the access preview fails, a Failed status is +// returned. This failure can be due to an internal issue with the analysis +// or due to an invalid proposed resource configuration. +type AccessPreviewStatusReason struct { _ struct{} `type:"structure"` - // The ARN of the analyzed resource. - // - // ResourceArn is a required field - ResourceArn *string `locationName:"resourceArn" type:"string" required:"true"` - - // The AWS account ID that owns the resource. - // - // ResourceOwnerAccount is a required field - ResourceOwnerAccount *string `locationName:"resourceOwnerAccount" type:"string" required:"true"` - - // The type of resource that was analyzed. + // The reason code for the current status of the access preview. // - // ResourceType is a required field - ResourceType *string `locationName:"resourceType" type:"string" required:"true" enum:"ResourceType"` + // Code is a required field + Code *string `locationName:"code" type:"string" required:"true" enum:"AccessPreviewStatusReasonCode"` } // String returns the string representation -func (s AnalyzedResourceSummary) String() string { +func (s AccessPreviewStatusReason) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s AnalyzedResourceSummary) GoString() string { +func (s AccessPreviewStatusReason) GoString() string { return s.String() } -// SetResourceArn sets the ResourceArn field's value. -func (s *AnalyzedResourceSummary) SetResourceArn(v string) *AnalyzedResourceSummary { - s.ResourceArn = &v - return s -} - -// SetResourceOwnerAccount sets the ResourceOwnerAccount field's value. -func (s *AnalyzedResourceSummary) SetResourceOwnerAccount(v string) *AnalyzedResourceSummary { - s.ResourceOwnerAccount = &v - return s -} - -// SetResourceType sets the ResourceType field's value. -func (s *AnalyzedResourceSummary) SetResourceType(v string) *AnalyzedResourceSummary { - s.ResourceType = &v +// SetCode sets the Code field's value. +func (s *AccessPreviewStatusReason) SetCode(v string) *AccessPreviewStatusReason { + s.Code = &v return s } -// Contains information about the analyzer. -type AnalyzerSummary struct { +// Contains a summary of information about an access preview. +type AccessPreviewSummary struct { _ struct{} `type:"structure"` - // The ARN of the analyzer. + // The ARN of the analyzer used to generate the access preview. // - // Arn is a required field - Arn *string `locationName:"arn" type:"string" required:"true"` + // AnalyzerArn is a required field + AnalyzerArn *string `locationName:"analyzerArn" type:"string" required:"true"` - // A timestamp for the time at which the analyzer was created. + // The time at which the access preview was created. // // CreatedAt is a required field CreatedAt *time.Time `locationName:"createdAt" type:"timestamp" timestampFormat:"iso8601" required:"true"` - // The resource that was most recently analyzed by the analyzer. - LastResourceAnalyzed *string `locationName:"lastResourceAnalyzed" type:"string"` - - // The time at which the most recently analyzed resource was analyzed. - LastResourceAnalyzedAt *time.Time `locationName:"lastResourceAnalyzedAt" type:"timestamp" timestampFormat:"iso8601"` - - // The name of the analyzer. + // The unique ID for the access preview. // - // Name is a required field - Name *string `locationName:"name" min:"1" type:"string" required:"true"` + // Id is a required field + Id *string `locationName:"id" type:"string" required:"true"` - // The status of the analyzer. An Active analyzer successfully monitors supported - // resources and generates new findings. The analyzer is Disabled when a user - // action, such as removing trusted access for AWS IAM Access Analyzer from - // AWS Organizations, causes the analyzer to stop generating new findings. The - // status is Creating when the analyzer creation is in progress and Failed when - // the analyzer creation has failed. + // The status of the access preview. + // + // * Creating - The access preview creation is in progress. + // + // * Completed - The access preview is complete and previews the findings + // for external access to the resource. + // + // * Failed - The access preview creation has failed. // // Status is a required field - Status *string `locationName:"status" type:"string" required:"true" enum:"AnalyzerStatus"` - - // The statusReason provides more details about the current status of the analyzer. - // For example, if the creation for the analyzer fails, a Failed status is displayed. - // For an analyzer with organization as the type, this failure can be due to - // an issue with creating the service-linked roles required in the member accounts - // of the AWS organization. - StatusReason *StatusReason `locationName:"statusReason" type:"structure"` + Status *string `locationName:"status" type:"string" required:"true" enum:"AccessPreviewStatus"` - // The tags added to the analyzer. - Tags map[string]*string `locationName:"tags" type:"map"` - - // The type of analyzer, which corresponds to the zone of trust chosen for the - // analyzer. - // - // Type is a required field - Type *string `locationName:"type" type:"string" required:"true" enum:"Type"` + // Provides more details about the current status of the access preview. For + // example, if the creation of the access preview fails, a Failed status is + // returned. This failure can be due to an internal issue with the analysis + // or due to an invalid proposed resource configuration. + StatusReason *AccessPreviewStatusReason `locationName:"statusReason" type:"structure"` } // String returns the string representation -func (s AnalyzerSummary) String() string { +func (s AccessPreviewSummary) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s AnalyzerSummary) GoString() string { +func (s AccessPreviewSummary) GoString() string { return s.String() } -// SetArn sets the Arn field's value. -func (s *AnalyzerSummary) SetArn(v string) *AnalyzerSummary { - s.Arn = &v +// SetAnalyzerArn sets the AnalyzerArn field's value. +func (s *AccessPreviewSummary) SetAnalyzerArn(v string) *AccessPreviewSummary { + s.AnalyzerArn = &v return s } // SetCreatedAt sets the CreatedAt field's value. -func (s *AnalyzerSummary) SetCreatedAt(v time.Time) *AnalyzerSummary { +func (s *AccessPreviewSummary) SetCreatedAt(v time.Time) *AccessPreviewSummary { s.CreatedAt = &v return s } -// SetLastResourceAnalyzed sets the LastResourceAnalyzed field's value. -func (s *AnalyzerSummary) SetLastResourceAnalyzed(v string) *AnalyzerSummary { - s.LastResourceAnalyzed = &v - return s -} - -// SetLastResourceAnalyzedAt sets the LastResourceAnalyzedAt field's value. -func (s *AnalyzerSummary) SetLastResourceAnalyzedAt(v time.Time) *AnalyzerSummary { - s.LastResourceAnalyzedAt = &v - return s -} - -// SetName sets the Name field's value. -func (s *AnalyzerSummary) SetName(v string) *AnalyzerSummary { - s.Name = &v +// SetId sets the Id field's value. +func (s *AccessPreviewSummary) SetId(v string) *AccessPreviewSummary { + s.Id = &v return s } // SetStatus sets the Status field's value. -func (s *AnalyzerSummary) SetStatus(v string) *AnalyzerSummary { +func (s *AccessPreviewSummary) SetStatus(v string) *AccessPreviewSummary { s.Status = &v return s } // SetStatusReason sets the StatusReason field's value. -func (s *AnalyzerSummary) SetStatusReason(v *StatusReason) *AnalyzerSummary { +func (s *AccessPreviewSummary) SetStatusReason(v *AccessPreviewStatusReason) *AccessPreviewSummary { s.StatusReason = v return s } -// SetTags sets the Tags field's value. +// You specify each grantee as a type-value pair using one of these types. You +// can specify only one type of grantee. For more information, see PutBucketAcl +// (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html). +type AclGrantee struct { + _ struct{} `type:"structure"` + + // The value specified is the canonical user ID of an AWS account. + Id *string `locationName:"id" type:"string"` + + // Used for granting permissions to a predefined group. + Uri *string `locationName:"uri" type:"string"` +} + +// String returns the string representation +func (s AclGrantee) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AclGrantee) GoString() string { + return s.String() +} + +// SetId sets the Id field's value. +func (s *AclGrantee) SetId(v string) *AclGrantee { + s.Id = &v + return s +} + +// SetUri sets the Uri field's value. +func (s *AclGrantee) SetUri(v string) *AclGrantee { + s.Uri = &v + return s +} + +// Contains details about the analyzed resource. +type AnalyzedResource struct { + _ struct{} `type:"structure"` + + // The actions that an external principal is granted permission to use by the + // policy that generated the finding. + Actions []*string `locationName:"actions" type:"list"` + + // The time at which the resource was analyzed. + // + // AnalyzedAt is a required field + AnalyzedAt *time.Time `locationName:"analyzedAt" type:"timestamp" timestampFormat:"iso8601" required:"true"` + + // The time at which the finding was created. + // + // CreatedAt is a required field + CreatedAt *time.Time `locationName:"createdAt" type:"timestamp" timestampFormat:"iso8601" required:"true"` + + // An error message. + Error *string `locationName:"error" type:"string"` + + // Indicates whether the policy that generated the finding grants public access + // to the resource. + // + // IsPublic is a required field + IsPublic *bool `locationName:"isPublic" type:"boolean" required:"true"` + + // The ARN of the resource that was analyzed. + // + // ResourceArn is a required field + ResourceArn *string `locationName:"resourceArn" type:"string" required:"true"` + + // The AWS account ID that owns the resource. + // + // ResourceOwnerAccount is a required field + ResourceOwnerAccount *string `locationName:"resourceOwnerAccount" type:"string" required:"true"` + + // The type of the resource that was analyzed. + // + // ResourceType is a required field + ResourceType *string `locationName:"resourceType" type:"string" required:"true" enum:"ResourceType"` + + // Indicates how the access that generated the finding is granted. This is populated + // for Amazon S3 bucket findings. + SharedVia []*string `locationName:"sharedVia" type:"list"` + + // The current status of the finding generated from the analyzed resource. + Status *string `locationName:"status" type:"string" enum:"FindingStatus"` + + // The time at which the finding was updated. + // + // UpdatedAt is a required field + UpdatedAt *time.Time `locationName:"updatedAt" type:"timestamp" timestampFormat:"iso8601" required:"true"` +} + +// String returns the string representation +func (s AnalyzedResource) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AnalyzedResource) GoString() string { + return s.String() +} + +// SetActions sets the Actions field's value. +func (s *AnalyzedResource) SetActions(v []*string) *AnalyzedResource { + s.Actions = v + return s +} + +// SetAnalyzedAt sets the AnalyzedAt field's value. +func (s *AnalyzedResource) SetAnalyzedAt(v time.Time) *AnalyzedResource { + s.AnalyzedAt = &v + return s +} + +// SetCreatedAt sets the CreatedAt field's value. +func (s *AnalyzedResource) SetCreatedAt(v time.Time) *AnalyzedResource { + s.CreatedAt = &v + return s +} + +// SetError sets the Error field's value. +func (s *AnalyzedResource) SetError(v string) *AnalyzedResource { + s.Error = &v + return s +} + +// SetIsPublic sets the IsPublic field's value. +func (s *AnalyzedResource) SetIsPublic(v bool) *AnalyzedResource { + s.IsPublic = &v + return s +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *AnalyzedResource) SetResourceArn(v string) *AnalyzedResource { + s.ResourceArn = &v + return s +} + +// SetResourceOwnerAccount sets the ResourceOwnerAccount field's value. +func (s *AnalyzedResource) SetResourceOwnerAccount(v string) *AnalyzedResource { + s.ResourceOwnerAccount = &v + return s +} + +// SetResourceType sets the ResourceType field's value. +func (s *AnalyzedResource) SetResourceType(v string) *AnalyzedResource { + s.ResourceType = &v + return s +} + +// SetSharedVia sets the SharedVia field's value. +func (s *AnalyzedResource) SetSharedVia(v []*string) *AnalyzedResource { + s.SharedVia = v + return s +} + +// SetStatus sets the Status field's value. +func (s *AnalyzedResource) SetStatus(v string) *AnalyzedResource { + s.Status = &v + return s +} + +// SetUpdatedAt sets the UpdatedAt field's value. +func (s *AnalyzedResource) SetUpdatedAt(v time.Time) *AnalyzedResource { + s.UpdatedAt = &v + return s +} + +// Contains the ARN of the analyzed resource. +type AnalyzedResourceSummary struct { + _ struct{} `type:"structure"` + + // The ARN of the analyzed resource. + // + // ResourceArn is a required field + ResourceArn *string `locationName:"resourceArn" type:"string" required:"true"` + + // The AWS account ID that owns the resource. + // + // ResourceOwnerAccount is a required field + ResourceOwnerAccount *string `locationName:"resourceOwnerAccount" type:"string" required:"true"` + + // The type of resource that was analyzed. + // + // ResourceType is a required field + ResourceType *string `locationName:"resourceType" type:"string" required:"true" enum:"ResourceType"` +} + +// String returns the string representation +func (s AnalyzedResourceSummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AnalyzedResourceSummary) GoString() string { + return s.String() +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *AnalyzedResourceSummary) SetResourceArn(v string) *AnalyzedResourceSummary { + s.ResourceArn = &v + return s +} + +// SetResourceOwnerAccount sets the ResourceOwnerAccount field's value. +func (s *AnalyzedResourceSummary) SetResourceOwnerAccount(v string) *AnalyzedResourceSummary { + s.ResourceOwnerAccount = &v + return s +} + +// SetResourceType sets the ResourceType field's value. +func (s *AnalyzedResourceSummary) SetResourceType(v string) *AnalyzedResourceSummary { + s.ResourceType = &v + return s +} + +// Contains information about the analyzer. +type AnalyzerSummary struct { + _ struct{} `type:"structure"` + + // The ARN of the analyzer. + // + // Arn is a required field + Arn *string `locationName:"arn" type:"string" required:"true"` + + // A timestamp for the time at which the analyzer was created. + // + // CreatedAt is a required field + CreatedAt *time.Time `locationName:"createdAt" type:"timestamp" timestampFormat:"iso8601" required:"true"` + + // The resource that was most recently analyzed by the analyzer. + LastResourceAnalyzed *string `locationName:"lastResourceAnalyzed" type:"string"` + + // The time at which the most recently analyzed resource was analyzed. + LastResourceAnalyzedAt *time.Time `locationName:"lastResourceAnalyzedAt" type:"timestamp" timestampFormat:"iso8601"` + + // The name of the analyzer. + // + // Name is a required field + Name *string `locationName:"name" min:"1" type:"string" required:"true"` + + // The status of the analyzer. An Active analyzer successfully monitors supported + // resources and generates new findings. The analyzer is Disabled when a user + // action, such as removing trusted access for AWS IAM Access Analyzer from + // AWS Organizations, causes the analyzer to stop generating new findings. The + // status is Creating when the analyzer creation is in progress and Failed when + // the analyzer creation has failed. + // + // Status is a required field + Status *string `locationName:"status" type:"string" required:"true" enum:"AnalyzerStatus"` + + // The statusReason provides more details about the current status of the analyzer. + // For example, if the creation for the analyzer fails, a Failed status is returned. + // For an analyzer with organization as the type, this failure can be due to + // an issue with creating the service-linked roles required in the member accounts + // of the AWS organization. + StatusReason *StatusReason `locationName:"statusReason" type:"structure"` + + // The tags added to the analyzer. + Tags map[string]*string `locationName:"tags" type:"map"` + + // The type of analyzer, which corresponds to the zone of trust chosen for the + // analyzer. + // + // Type is a required field + Type *string `locationName:"type" type:"string" required:"true" enum:"Type"` +} + +// String returns the string representation +func (s AnalyzerSummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AnalyzerSummary) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *AnalyzerSummary) SetArn(v string) *AnalyzerSummary { + s.Arn = &v + return s +} + +// SetCreatedAt sets the CreatedAt field's value. +func (s *AnalyzerSummary) SetCreatedAt(v time.Time) *AnalyzerSummary { + s.CreatedAt = &v + return s +} + +// SetLastResourceAnalyzed sets the LastResourceAnalyzed field's value. +func (s *AnalyzerSummary) SetLastResourceAnalyzed(v string) *AnalyzerSummary { + s.LastResourceAnalyzed = &v + return s +} + +// SetLastResourceAnalyzedAt sets the LastResourceAnalyzedAt field's value. +func (s *AnalyzerSummary) SetLastResourceAnalyzedAt(v time.Time) *AnalyzerSummary { + s.LastResourceAnalyzedAt = &v + return s +} + +// SetName sets the Name field's value. +func (s *AnalyzerSummary) SetName(v string) *AnalyzerSummary { + s.Name = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *AnalyzerSummary) SetStatus(v string) *AnalyzerSummary { + s.Status = &v + return s +} + +// SetStatusReason sets the StatusReason field's value. +func (s *AnalyzerSummary) SetStatusReason(v *StatusReason) *AnalyzerSummary { + s.StatusReason = v + return s +} + +// SetTags sets the Tags field's value. func (s *AnalyzerSummary) SetTags(v map[string]*string) *AnalyzerSummary { s.Tags = v return s @@ -2490,6 +3400,88 @@ func (s *ArchiveRuleSummary) SetUpdatedAt(v time.Time) *ArchiveRuleSummary { return s } +// Access control configuration structures for your resource. You specify the +// configuration as a type-value pair. You can specify only one type of access +// control configuration. +type Configuration struct { + _ struct{} `type:"structure"` + + // The access control configuration is for an IAM role. + IamRole *IamRoleConfiguration `locationName:"iamRole" type:"structure"` + + // The access control configuration is for a KMS key. + KmsKey *KmsKeyConfiguration `locationName:"kmsKey" type:"structure"` + + // The access control configuration is for an Amazon S3 Bucket. + S3Bucket *S3BucketConfiguration `locationName:"s3Bucket" type:"structure"` + + // The access control configuration is for a Secrets Manager secret. + SecretsManagerSecret *SecretsManagerSecretConfiguration `locationName:"secretsManagerSecret" type:"structure"` + + // The access control configuration is for an SQS queue. + SqsQueue *SqsQueueConfiguration `locationName:"sqsQueue" type:"structure"` +} + +// String returns the string representation +func (s Configuration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Configuration) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Configuration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Configuration"} + if s.KmsKey != nil { + if err := s.KmsKey.Validate(); err != nil { + invalidParams.AddNested("KmsKey", err.(request.ErrInvalidParams)) + } + } + if s.S3Bucket != nil { + if err := s.S3Bucket.Validate(); err != nil { + invalidParams.AddNested("S3Bucket", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetIamRole sets the IamRole field's value. +func (s *Configuration) SetIamRole(v *IamRoleConfiguration) *Configuration { + s.IamRole = v + return s +} + +// SetKmsKey sets the KmsKey field's value. +func (s *Configuration) SetKmsKey(v *KmsKeyConfiguration) *Configuration { + s.KmsKey = v + return s +} + +// SetS3Bucket sets the S3Bucket field's value. +func (s *Configuration) SetS3Bucket(v *S3BucketConfiguration) *Configuration { + s.S3Bucket = v + return s +} + +// SetSecretsManagerSecret sets the SecretsManagerSecret field's value. +func (s *Configuration) SetSecretsManagerSecret(v *SecretsManagerSecretConfiguration) *Configuration { + s.SecretsManagerSecret = v + return s +} + +// SetSqsQueue sets the SqsQueue field's value. +func (s *Configuration) SetSqsQueue(v *SqsQueueConfiguration) *Configuration { + s.SqsQueue = v + return s +} + // A conflict exception error. type ConflictException struct { _ struct{} `type:"structure"` @@ -2524,36 +3516,137 @@ func newErrorConflictException(v protocol.ResponseMetadata) error { } } -// Code returns the exception type name. -func (s *ConflictException) Code() string { - return "ConflictException" +// Code returns the exception type name. +func (s *ConflictException) Code() string { + return "ConflictException" +} + +// Message returns the exception's message. +func (s *ConflictException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ConflictException) OrigErr() error { + return nil +} + +func (s *ConflictException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ConflictException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ConflictException) RequestID() string { + return s.RespMetadata.RequestID +} + +type CreateAccessPreviewInput struct { + _ struct{} `type:"structure"` + + // The ARN of the account analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources) + // used to generate the access preview. You can only create an access preview + // for analyzers with an Account type and Active status. + // + // AnalyzerArn is a required field + AnalyzerArn *string `locationName:"analyzerArn" type:"string" required:"true"` + + // A client token. + ClientToken *string `locationName:"clientToken" type:"string" idempotencyToken:"true"` + + // Access control configuration for your resource that is used to generate the + // access preview. The access preview includes findings for external access + // allowed to the resource with the proposed access control configuration. The + // configuration must contain exactly one element. + // + // Configurations is a required field + Configurations map[string]*Configuration `locationName:"configurations" type:"map" required:"true"` +} + +// String returns the string representation +func (s CreateAccessPreviewInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateAccessPreviewInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateAccessPreviewInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateAccessPreviewInput"} + if s.AnalyzerArn == nil { + invalidParams.Add(request.NewErrParamRequired("AnalyzerArn")) + } + if s.Configurations == nil { + invalidParams.Add(request.NewErrParamRequired("Configurations")) + } + if s.Configurations != nil { + for i, v := range s.Configurations { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Configurations", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAnalyzerArn sets the AnalyzerArn field's value. +func (s *CreateAccessPreviewInput) SetAnalyzerArn(v string) *CreateAccessPreviewInput { + s.AnalyzerArn = &v + return s +} + +// SetClientToken sets the ClientToken field's value. +func (s *CreateAccessPreviewInput) SetClientToken(v string) *CreateAccessPreviewInput { + s.ClientToken = &v + return s +} + +// SetConfigurations sets the Configurations field's value. +func (s *CreateAccessPreviewInput) SetConfigurations(v map[string]*Configuration) *CreateAccessPreviewInput { + s.Configurations = v + return s } -// Message returns the exception's message. -func (s *ConflictException) Message() string { - if s.Message_ != nil { - return *s.Message_ - } - return "" -} +type CreateAccessPreviewOutput struct { + _ struct{} `type:"structure"` -// OrigErr always returns nil, satisfies awserr.Error interface. -func (s *ConflictException) OrigErr() error { - return nil + // The unique ID for the access preview. + // + // Id is a required field + Id *string `locationName:"id" type:"string" required:"true"` } -func (s *ConflictException) Error() string { - return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +// String returns the string representation +func (s CreateAccessPreviewOutput) String() string { + return awsutil.Prettify(s) } -// Status code returns the HTTP status code for the request's response error. -func (s *ConflictException) StatusCode() int { - return s.RespMetadata.StatusCode +// GoString returns the string representation +func (s CreateAccessPreviewOutput) GoString() string { + return s.String() } -// RequestID returns the service's response RequestID for request. -func (s *ConflictException) RequestID() string { - return s.RespMetadata.RequestID +// SetId sets the Id field's value. +func (s *CreateAccessPreviewOutput) SetId(v string) *CreateAccessPreviewOutput { + s.Id = &v + return s } // Creates an analyzer. @@ -3045,7 +4138,7 @@ type Finding struct { // ResourceOwnerAccount is a required field ResourceOwnerAccount *string `locationName:"resourceOwnerAccount" type:"string" required:"true"` - // The type of the resource reported in the finding. + // The type of the resource identified in the finding. // // ResourceType is a required field ResourceType *string `locationName:"resourceType" type:"string" required:"true" enum:"ResourceType"` @@ -3130,291 +4223,608 @@ func (s *Finding) SetResource(v string) *Finding { } // SetResourceOwnerAccount sets the ResourceOwnerAccount field's value. -func (s *Finding) SetResourceOwnerAccount(v string) *Finding { +func (s *Finding) SetResourceOwnerAccount(v string) *Finding { + s.ResourceOwnerAccount = &v + return s +} + +// SetResourceType sets the ResourceType field's value. +func (s *Finding) SetResourceType(v string) *Finding { + s.ResourceType = &v + return s +} + +// SetSources sets the Sources field's value. +func (s *Finding) SetSources(v []*FindingSource) *Finding { + s.Sources = v + return s +} + +// SetStatus sets the Status field's value. +func (s *Finding) SetStatus(v string) *Finding { + s.Status = &v + return s +} + +// SetUpdatedAt sets the UpdatedAt field's value. +func (s *Finding) SetUpdatedAt(v time.Time) *Finding { + s.UpdatedAt = &v + return s +} + +// The source of the finding. This indicates how the access that generated the +// finding is granted. It is populated for Amazon S3 bucket findings. +type FindingSource struct { + _ struct{} `type:"structure"` + + // Includes details about how the access that generated the finding is granted. + // This is populated for Amazon S3 bucket findings. + Detail *FindingSourceDetail `locationName:"detail" type:"structure"` + + // Indicates the type of access that generated the finding. + // + // Type is a required field + Type *string `locationName:"type" type:"string" required:"true" enum:"FindingSourceType"` +} + +// String returns the string representation +func (s FindingSource) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s FindingSource) GoString() string { + return s.String() +} + +// SetDetail sets the Detail field's value. +func (s *FindingSource) SetDetail(v *FindingSourceDetail) *FindingSource { + s.Detail = v + return s +} + +// SetType sets the Type field's value. +func (s *FindingSource) SetType(v string) *FindingSource { + s.Type = &v + return s +} + +// Includes details about how the access that generated the finding is granted. +// This is populated for Amazon S3 bucket findings. +type FindingSourceDetail struct { + _ struct{} `type:"structure"` + + // The ARN of the access point that generated the finding. + AccessPointArn *string `locationName:"accessPointArn" type:"string"` +} + +// String returns the string representation +func (s FindingSourceDetail) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s FindingSourceDetail) GoString() string { + return s.String() +} + +// SetAccessPointArn sets the AccessPointArn field's value. +func (s *FindingSourceDetail) SetAccessPointArn(v string) *FindingSourceDetail { + s.AccessPointArn = &v + return s +} + +// Contains information about a finding. +type FindingSummary struct { + _ struct{} `type:"structure"` + + // The action in the analyzed policy statement that an external principal has + // permission to use. + Action []*string `locationName:"action" type:"list"` + + // The time at which the resource-based policy that generated the finding was + // analyzed. + // + // AnalyzedAt is a required field + AnalyzedAt *time.Time `locationName:"analyzedAt" type:"timestamp" timestampFormat:"iso8601" required:"true"` + + // The condition in the analyzed policy statement that resulted in a finding. + // + // Condition is a required field + Condition map[string]*string `locationName:"condition" type:"map" required:"true"` + + // The time at which the finding was created. + // + // CreatedAt is a required field + CreatedAt *time.Time `locationName:"createdAt" type:"timestamp" timestampFormat:"iso8601" required:"true"` + + // The error that resulted in an Error finding. + Error *string `locationName:"error" type:"string"` + + // The ID of the finding. + // + // Id is a required field + Id *string `locationName:"id" type:"string" required:"true"` + + // Indicates whether the finding reports a resource that has a policy that allows + // public access. + IsPublic *bool `locationName:"isPublic" type:"boolean"` + + // The external principal that has access to a resource within the zone of trust. + Principal map[string]*string `locationName:"principal" type:"map"` + + // The resource that the external principal has access to. + Resource *string `locationName:"resource" type:"string"` + + // The AWS account ID that owns the resource. + // + // ResourceOwnerAccount is a required field + ResourceOwnerAccount *string `locationName:"resourceOwnerAccount" type:"string" required:"true"` + + // The type of the resource that the external principal has access to. + // + // ResourceType is a required field + ResourceType *string `locationName:"resourceType" type:"string" required:"true" enum:"ResourceType"` + + // The sources of the finding. This indicates how the access that generated + // the finding is granted. It is populated for Amazon S3 bucket findings. + Sources []*FindingSource `locationName:"sources" type:"list"` + + // The status of the finding. + // + // Status is a required field + Status *string `locationName:"status" type:"string" required:"true" enum:"FindingStatus"` + + // The time at which the finding was most recently updated. + // + // UpdatedAt is a required field + UpdatedAt *time.Time `locationName:"updatedAt" type:"timestamp" timestampFormat:"iso8601" required:"true"` +} + +// String returns the string representation +func (s FindingSummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s FindingSummary) GoString() string { + return s.String() +} + +// SetAction sets the Action field's value. +func (s *FindingSummary) SetAction(v []*string) *FindingSummary { + s.Action = v + return s +} + +// SetAnalyzedAt sets the AnalyzedAt field's value. +func (s *FindingSummary) SetAnalyzedAt(v time.Time) *FindingSummary { + s.AnalyzedAt = &v + return s +} + +// SetCondition sets the Condition field's value. +func (s *FindingSummary) SetCondition(v map[string]*string) *FindingSummary { + s.Condition = v + return s +} + +// SetCreatedAt sets the CreatedAt field's value. +func (s *FindingSummary) SetCreatedAt(v time.Time) *FindingSummary { + s.CreatedAt = &v + return s +} + +// SetError sets the Error field's value. +func (s *FindingSummary) SetError(v string) *FindingSummary { + s.Error = &v + return s +} + +// SetId sets the Id field's value. +func (s *FindingSummary) SetId(v string) *FindingSummary { + s.Id = &v + return s +} + +// SetIsPublic sets the IsPublic field's value. +func (s *FindingSummary) SetIsPublic(v bool) *FindingSummary { + s.IsPublic = &v + return s +} + +// SetPrincipal sets the Principal field's value. +func (s *FindingSummary) SetPrincipal(v map[string]*string) *FindingSummary { + s.Principal = v + return s +} + +// SetResource sets the Resource field's value. +func (s *FindingSummary) SetResource(v string) *FindingSummary { + s.Resource = &v + return s +} + +// SetResourceOwnerAccount sets the ResourceOwnerAccount field's value. +func (s *FindingSummary) SetResourceOwnerAccount(v string) *FindingSummary { s.ResourceOwnerAccount = &v return s } // SetResourceType sets the ResourceType field's value. -func (s *Finding) SetResourceType(v string) *Finding { +func (s *FindingSummary) SetResourceType(v string) *FindingSummary { s.ResourceType = &v return s } // SetSources sets the Sources field's value. -func (s *Finding) SetSources(v []*FindingSource) *Finding { +func (s *FindingSummary) SetSources(v []*FindingSource) *FindingSummary { s.Sources = v return s } // SetStatus sets the Status field's value. -func (s *Finding) SetStatus(v string) *Finding { +func (s *FindingSummary) SetStatus(v string) *FindingSummary { s.Status = &v return s } // SetUpdatedAt sets the UpdatedAt field's value. -func (s *Finding) SetUpdatedAt(v time.Time) *Finding { +func (s *FindingSummary) SetUpdatedAt(v time.Time) *FindingSummary { s.UpdatedAt = &v return s } -// The source of the finding. This indicates how the access that generated the -// finding is granted. It is populated for Amazon S3 bucket findings. -type FindingSource struct { +type GetAccessPreviewInput struct { _ struct{} `type:"structure"` - // Includes details about how the access that generated the finding is granted. - // This is populated for Amazon S3 bucket findings. - Detail *FindingSourceDetail `locationName:"detail" type:"structure"` + // The unique ID for the access preview. + // + // AccessPreviewId is a required field + AccessPreviewId *string `location:"uri" locationName:"accessPreviewId" type:"string" required:"true"` - // Indicates the type of access that generated the finding. + // The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources) + // used to generate the access preview. // - // Type is a required field - Type *string `locationName:"type" type:"string" required:"true" enum:"FindingSourceType"` + // AnalyzerArn is a required field + AnalyzerArn *string `location:"querystring" locationName:"analyzerArn" type:"string" required:"true"` } // String returns the string representation -func (s FindingSource) String() string { +func (s GetAccessPreviewInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s FindingSource) GoString() string { +func (s GetAccessPreviewInput) GoString() string { return s.String() } -// SetDetail sets the Detail field's value. -func (s *FindingSource) SetDetail(v *FindingSourceDetail) *FindingSource { - s.Detail = v +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetAccessPreviewInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetAccessPreviewInput"} + if s.AccessPreviewId == nil { + invalidParams.Add(request.NewErrParamRequired("AccessPreviewId")) + } + if s.AccessPreviewId != nil && len(*s.AccessPreviewId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AccessPreviewId", 1)) + } + if s.AnalyzerArn == nil { + invalidParams.Add(request.NewErrParamRequired("AnalyzerArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccessPreviewId sets the AccessPreviewId field's value. +func (s *GetAccessPreviewInput) SetAccessPreviewId(v string) *GetAccessPreviewInput { + s.AccessPreviewId = &v return s } -// SetType sets the Type field's value. -func (s *FindingSource) SetType(v string) *FindingSource { - s.Type = &v +// SetAnalyzerArn sets the AnalyzerArn field's value. +func (s *GetAccessPreviewInput) SetAnalyzerArn(v string) *GetAccessPreviewInput { + s.AnalyzerArn = &v return s } -// Includes details about how the access that generated the finding is granted. -// This is populated for Amazon S3 bucket findings. -type FindingSourceDetail struct { +type GetAccessPreviewOutput struct { _ struct{} `type:"structure"` - // The ARN of the access point that generated the finding. - AccessPointArn *string `locationName:"accessPointArn" type:"string"` + // An object that contains information about the access preview. + // + // AccessPreview is a required field + AccessPreview *AccessPreview `locationName:"accessPreview" type:"structure" required:"true"` } // String returns the string representation -func (s FindingSourceDetail) String() string { +func (s GetAccessPreviewOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s FindingSourceDetail) GoString() string { +func (s GetAccessPreviewOutput) GoString() string { return s.String() } -// SetAccessPointArn sets the AccessPointArn field's value. -func (s *FindingSourceDetail) SetAccessPointArn(v string) *FindingSourceDetail { - s.AccessPointArn = &v +// SetAccessPreview sets the AccessPreview field's value. +func (s *GetAccessPreviewOutput) SetAccessPreview(v *AccessPreview) *GetAccessPreviewOutput { + s.AccessPreview = v return s } -// Contains information about a finding. -type FindingSummary struct { +// Retrieves an analyzed resource. +type GetAnalyzedResourceInput struct { _ struct{} `type:"structure"` - // The action in the analyzed policy statement that an external principal has - // permission to use. - Action []*string `locationName:"action" type:"list"` - - // The time at which the resource-based policy that generated the finding was - // analyzed. + // The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources) + // to retrieve information from. // - // AnalyzedAt is a required field - AnalyzedAt *time.Time `locationName:"analyzedAt" type:"timestamp" timestampFormat:"iso8601" required:"true"` + // AnalyzerArn is a required field + AnalyzerArn *string `location:"querystring" locationName:"analyzerArn" type:"string" required:"true"` - // The condition in the analyzed policy statement that resulted in a finding. + // The ARN of the resource to retrieve information about. // - // Condition is a required field - Condition map[string]*string `locationName:"condition" type:"map" required:"true"` + // ResourceArn is a required field + ResourceArn *string `location:"querystring" locationName:"resourceArn" type:"string" required:"true"` +} - // The time at which the finding was created. - // - // CreatedAt is a required field - CreatedAt *time.Time `locationName:"createdAt" type:"timestamp" timestampFormat:"iso8601" required:"true"` +// String returns the string representation +func (s GetAnalyzedResourceInput) String() string { + return awsutil.Prettify(s) +} - // The error that resulted in an Error finding. - Error *string `locationName:"error" type:"string"` +// GoString returns the string representation +func (s GetAnalyzedResourceInput) GoString() string { + return s.String() +} - // The ID of the finding. - // - // Id is a required field - Id *string `locationName:"id" type:"string" required:"true"` +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetAnalyzedResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetAnalyzedResourceInput"} + if s.AnalyzerArn == nil { + invalidParams.Add(request.NewErrParamRequired("AnalyzerArn")) + } + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } - // Indicates whether the finding reports a resource that has a policy that allows - // public access. - IsPublic *bool `locationName:"isPublic" type:"boolean"` + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} - // The external principal that has access to a resource within the zone of trust. - Principal map[string]*string `locationName:"principal" type:"map"` +// SetAnalyzerArn sets the AnalyzerArn field's value. +func (s *GetAnalyzedResourceInput) SetAnalyzerArn(v string) *GetAnalyzedResourceInput { + s.AnalyzerArn = &v + return s +} - // The resource that the external principal has access to. - Resource *string `locationName:"resource" type:"string"` +// SetResourceArn sets the ResourceArn field's value. +func (s *GetAnalyzedResourceInput) SetResourceArn(v string) *GetAnalyzedResourceInput { + s.ResourceArn = &v + return s +} - // The AWS account ID that owns the resource. - // - // ResourceOwnerAccount is a required field - ResourceOwnerAccount *string `locationName:"resourceOwnerAccount" type:"string" required:"true"` +// The response to the request. +type GetAnalyzedResourceOutput struct { + _ struct{} `type:"structure"` - // The type of the resource that the external principal has access to. - // - // ResourceType is a required field - ResourceType *string `locationName:"resourceType" type:"string" required:"true" enum:"ResourceType"` + // An AnalyzedResource object that contains information that Access Analyzer + // found when it analyzed the resource. + Resource *AnalyzedResource `locationName:"resource" type:"structure"` +} - // The sources of the finding. This indicates how the access that generated - // the finding is granted. It is populated for Amazon S3 bucket findings. - Sources []*FindingSource `locationName:"sources" type:"list"` +// String returns the string representation +func (s GetAnalyzedResourceOutput) String() string { + return awsutil.Prettify(s) +} - // The status of the finding. - // - // Status is a required field - Status *string `locationName:"status" type:"string" required:"true" enum:"FindingStatus"` +// GoString returns the string representation +func (s GetAnalyzedResourceOutput) GoString() string { + return s.String() +} - // The time at which the finding was most recently updated. +// SetResource sets the Resource field's value. +func (s *GetAnalyzedResourceOutput) SetResource(v *AnalyzedResource) *GetAnalyzedResourceOutput { + s.Resource = v + return s +} + +// Retrieves an analyzer. +type GetAnalyzerInput struct { + _ struct{} `type:"structure"` + + // The name of the analyzer retrieved. // - // UpdatedAt is a required field - UpdatedAt *time.Time `locationName:"updatedAt" type:"timestamp" timestampFormat:"iso8601" required:"true"` + // AnalyzerName is a required field + AnalyzerName *string `location:"uri" locationName:"analyzerName" min:"1" type:"string" required:"true"` } // String returns the string representation -func (s FindingSummary) String() string { +func (s GetAnalyzerInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s FindingSummary) GoString() string { +func (s GetAnalyzerInput) GoString() string { return s.String() } -// SetAction sets the Action field's value. -func (s *FindingSummary) SetAction(v []*string) *FindingSummary { - s.Action = v - return s +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetAnalyzerInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetAnalyzerInput"} + if s.AnalyzerName == nil { + invalidParams.Add(request.NewErrParamRequired("AnalyzerName")) + } + if s.AnalyzerName != nil && len(*s.AnalyzerName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AnalyzerName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetAnalyzedAt sets the AnalyzedAt field's value. -func (s *FindingSummary) SetAnalyzedAt(v time.Time) *FindingSummary { - s.AnalyzedAt = &v +// SetAnalyzerName sets the AnalyzerName field's value. +func (s *GetAnalyzerInput) SetAnalyzerName(v string) *GetAnalyzerInput { + s.AnalyzerName = &v return s } -// SetCondition sets the Condition field's value. -func (s *FindingSummary) SetCondition(v map[string]*string) *FindingSummary { - s.Condition = v - return s +// The response to the request. +type GetAnalyzerOutput struct { + _ struct{} `type:"structure"` + + // An AnalyzerSummary object that contains information about the analyzer. + // + // Analyzer is a required field + Analyzer *AnalyzerSummary `locationName:"analyzer" type:"structure" required:"true"` } -// SetCreatedAt sets the CreatedAt field's value. -func (s *FindingSummary) SetCreatedAt(v time.Time) *FindingSummary { - s.CreatedAt = &v - return s +// String returns the string representation +func (s GetAnalyzerOutput) String() string { + return awsutil.Prettify(s) } -// SetError sets the Error field's value. -func (s *FindingSummary) SetError(v string) *FindingSummary { - s.Error = &v - return s +// GoString returns the string representation +func (s GetAnalyzerOutput) GoString() string { + return s.String() } -// SetId sets the Id field's value. -func (s *FindingSummary) SetId(v string) *FindingSummary { - s.Id = &v +// SetAnalyzer sets the Analyzer field's value. +func (s *GetAnalyzerOutput) SetAnalyzer(v *AnalyzerSummary) *GetAnalyzerOutput { + s.Analyzer = v return s } -// SetIsPublic sets the IsPublic field's value. -func (s *FindingSummary) SetIsPublic(v bool) *FindingSummary { - s.IsPublic = &v - return s -} +// Retrieves an archive rule. +type GetArchiveRuleInput struct { + _ struct{} `type:"structure"` + + // The name of the analyzer to retrieve rules from. + // + // AnalyzerName is a required field + AnalyzerName *string `location:"uri" locationName:"analyzerName" min:"1" type:"string" required:"true"` + + // The name of the rule to retrieve. + // + // RuleName is a required field + RuleName *string `location:"uri" locationName:"ruleName" min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetArchiveRuleInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetArchiveRuleInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetArchiveRuleInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetArchiveRuleInput"} + if s.AnalyzerName == nil { + invalidParams.Add(request.NewErrParamRequired("AnalyzerName")) + } + if s.AnalyzerName != nil && len(*s.AnalyzerName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AnalyzerName", 1)) + } + if s.RuleName == nil { + invalidParams.Add(request.NewErrParamRequired("RuleName")) + } + if s.RuleName != nil && len(*s.RuleName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("RuleName", 1)) + } -// SetPrincipal sets the Principal field's value. -func (s *FindingSummary) SetPrincipal(v map[string]*string) *FindingSummary { - s.Principal = v - return s + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetResource sets the Resource field's value. -func (s *FindingSummary) SetResource(v string) *FindingSummary { - s.Resource = &v +// SetAnalyzerName sets the AnalyzerName field's value. +func (s *GetArchiveRuleInput) SetAnalyzerName(v string) *GetArchiveRuleInput { + s.AnalyzerName = &v return s } -// SetResourceOwnerAccount sets the ResourceOwnerAccount field's value. -func (s *FindingSummary) SetResourceOwnerAccount(v string) *FindingSummary { - s.ResourceOwnerAccount = &v +// SetRuleName sets the RuleName field's value. +func (s *GetArchiveRuleInput) SetRuleName(v string) *GetArchiveRuleInput { + s.RuleName = &v return s } -// SetResourceType sets the ResourceType field's value. -func (s *FindingSummary) SetResourceType(v string) *FindingSummary { - s.ResourceType = &v - return s +// The response to the request. +type GetArchiveRuleOutput struct { + _ struct{} `type:"structure"` + + // Contains information about an archive rule. + // + // ArchiveRule is a required field + ArchiveRule *ArchiveRuleSummary `locationName:"archiveRule" type:"structure" required:"true"` } -// SetSources sets the Sources field's value. -func (s *FindingSummary) SetSources(v []*FindingSource) *FindingSummary { - s.Sources = v - return s +// String returns the string representation +func (s GetArchiveRuleOutput) String() string { + return awsutil.Prettify(s) } -// SetStatus sets the Status field's value. -func (s *FindingSummary) SetStatus(v string) *FindingSummary { - s.Status = &v - return s +// GoString returns the string representation +func (s GetArchiveRuleOutput) GoString() string { + return s.String() } -// SetUpdatedAt sets the UpdatedAt field's value. -func (s *FindingSummary) SetUpdatedAt(v time.Time) *FindingSummary { - s.UpdatedAt = &v +// SetArchiveRule sets the ArchiveRule field's value. +func (s *GetArchiveRuleOutput) SetArchiveRule(v *ArchiveRuleSummary) *GetArchiveRuleOutput { + s.ArchiveRule = v return s } -// Retrieves an analyzed resource. -type GetAnalyzedResourceInput struct { +// Retrieves a finding. +type GetFindingInput struct { _ struct{} `type:"structure"` - // The ARN of the analyzer to retrieve information from. + // The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources) + // that generated the finding. // // AnalyzerArn is a required field AnalyzerArn *string `location:"querystring" locationName:"analyzerArn" type:"string" required:"true"` - // The ARN of the resource to retrieve information about. + // The ID of the finding to retrieve. // - // ResourceArn is a required field - ResourceArn *string `location:"querystring" locationName:"resourceArn" type:"string" required:"true"` + // Id is a required field + Id *string `location:"uri" locationName:"id" type:"string" required:"true"` } // String returns the string representation -func (s GetAnalyzedResourceInput) String() string { +func (s GetFindingInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s GetAnalyzedResourceInput) GoString() string { +func (s GetFindingInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *GetAnalyzedResourceInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "GetAnalyzedResourceInput"} +func (s *GetFindingInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetFindingInput"} if s.AnalyzerArn == nil { invalidParams.Add(request.NewErrParamRequired("AnalyzerArn")) } - if s.ResourceArn == nil { - invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + if s.Id == nil { + invalidParams.Add(request.NewErrParamRequired("Id")) + } + if s.Id != nil && len(*s.Id) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Id", 1)) } if invalidParams.Len() > 0 { @@ -3424,70 +4834,119 @@ func (s *GetAnalyzedResourceInput) Validate() error { } // SetAnalyzerArn sets the AnalyzerArn field's value. -func (s *GetAnalyzedResourceInput) SetAnalyzerArn(v string) *GetAnalyzedResourceInput { +func (s *GetFindingInput) SetAnalyzerArn(v string) *GetFindingInput { s.AnalyzerArn = &v return s } -// SetResourceArn sets the ResourceArn field's value. -func (s *GetAnalyzedResourceInput) SetResourceArn(v string) *GetAnalyzedResourceInput { - s.ResourceArn = &v +// SetId sets the Id field's value. +func (s *GetFindingInput) SetId(v string) *GetFindingInput { + s.Id = &v return s } // The response to the request. -type GetAnalyzedResourceOutput struct { +type GetFindingOutput struct { _ struct{} `type:"structure"` - // An AnalyedResource object that contains information that Access Analyzer - // found when it analyzed the resource. - Resource *AnalyzedResource `locationName:"resource" type:"structure"` + // A finding object that contains finding details. + Finding *Finding `locationName:"finding" type:"structure"` } // String returns the string representation -func (s GetAnalyzedResourceOutput) String() string { +func (s GetFindingOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s GetAnalyzedResourceOutput) GoString() string { +func (s GetFindingOutput) GoString() string { return s.String() } -// SetResource sets the Resource field's value. -func (s *GetAnalyzedResourceOutput) SetResource(v *AnalyzedResource) *GetAnalyzedResourceOutput { - s.Resource = v +// SetFinding sets the Finding field's value. +func (s *GetFindingOutput) SetFinding(v *Finding) *GetFindingOutput { + s.Finding = v return s } -// Retrieves an analyzer. -type GetAnalyzerInput struct { +// The proposed access control configuration for an IAM role. You can propose +// a configuration for a new IAM role or an existing IAM role that you own by +// specifying the trust policy. If the configuration is for a new IAM role, +// you must specify the trust policy. If the configuration is for an existing +// IAM role that you own and you do not propose the trust policy, the access +// preview uses the existing trust policy for the role. The proposed trust policy +// cannot be an empty string. For more information about role trust policy limits, +// see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html). +type IamRoleConfiguration struct { _ struct{} `type:"structure"` - // The name of the analyzer retrieved. + // The proposed trust policy for the IAM role. + TrustPolicy *string `locationName:"trustPolicy" type:"string"` +} + +// String returns the string representation +func (s IamRoleConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s IamRoleConfiguration) GoString() string { + return s.String() +} + +// SetTrustPolicy sets the TrustPolicy field's value. +func (s *IamRoleConfiguration) SetTrustPolicy(v string) *IamRoleConfiguration { + s.TrustPolicy = &v + return s +} + +// An criterion statement in an archive rule. Each archive rule may have multiple +// criteria. +type InlineArchiveRule struct { + _ struct{} `type:"structure"` + + // The condition and values for a criterion. // - // AnalyzerName is a required field - AnalyzerName *string `location:"uri" locationName:"analyzerName" min:"1" type:"string" required:"true"` + // Filter is a required field + Filter map[string]*Criterion `locationName:"filter" type:"map" required:"true"` + + // The name of the rule. + // + // RuleName is a required field + RuleName *string `locationName:"ruleName" min:"1" type:"string" required:"true"` } // String returns the string representation -func (s GetAnalyzerInput) String() string { +func (s InlineArchiveRule) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s GetAnalyzerInput) GoString() string { +func (s InlineArchiveRule) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *GetAnalyzerInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "GetAnalyzerInput"} - if s.AnalyzerName == nil { - invalidParams.Add(request.NewErrParamRequired("AnalyzerName")) +func (s *InlineArchiveRule) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "InlineArchiveRule"} + if s.Filter == nil { + invalidParams.Add(request.NewErrParamRequired("Filter")) } - if s.AnalyzerName != nil && len(*s.AnalyzerName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("AnalyzerName", 1)) + if s.RuleName == nil { + invalidParams.Add(request.NewErrParamRequired("RuleName")) + } + if s.RuleName != nil && len(*s.RuleName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("RuleName", 1)) + } + if s.Filter != nil { + for i, v := range s.Filter { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Filter", i), err.(request.ErrInvalidParams)) + } + } } if invalidParams.Len() > 0 { @@ -3496,77 +4955,146 @@ func (s *GetAnalyzerInput) Validate() error { return nil } -// SetAnalyzerName sets the AnalyzerName field's value. -func (s *GetAnalyzerInput) SetAnalyzerName(v string) *GetAnalyzerInput { - s.AnalyzerName = &v +// SetFilter sets the Filter field's value. +func (s *InlineArchiveRule) SetFilter(v map[string]*Criterion) *InlineArchiveRule { + s.Filter = v return s } -// The response to the request. -type GetAnalyzerOutput struct { - _ struct{} `type:"structure"` +// SetRuleName sets the RuleName field's value. +func (s *InlineArchiveRule) SetRuleName(v string) *InlineArchiveRule { + s.RuleName = &v + return s +} - // An AnalyzerSummary object that contains information about the analyzer. - // - // Analyzer is a required field - Analyzer *AnalyzerSummary `locationName:"analyzer" type:"structure" required:"true"` +// Internal server error. +type InternalServerException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` + + // The seconds to wait to retry. + RetryAfterSeconds *int64 `location:"header" locationName:"Retry-After" type:"integer"` +} + +// String returns the string representation +func (s InternalServerException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InternalServerException) GoString() string { + return s.String() +} + +func newErrorInternalServerException(v protocol.ResponseMetadata) error { + return &InternalServerException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InternalServerException) Code() string { + return "InternalServerException" +} + +// Message returns the exception's message. +func (s *InternalServerException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InternalServerException) OrigErr() error { + return nil +} + +func (s *InternalServerException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InternalServerException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InternalServerException) RequestID() string { + return s.RespMetadata.RequestID +} + +// This configuration sets the Amazon S3 access point network origin to Internet. +type InternetConfiguration struct { + _ struct{} `type:"structure"` } // String returns the string representation -func (s GetAnalyzerOutput) String() string { +func (s InternetConfiguration) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s GetAnalyzerOutput) GoString() string { +func (s InternetConfiguration) GoString() string { return s.String() } -// SetAnalyzer sets the Analyzer field's value. -func (s *GetAnalyzerOutput) SetAnalyzer(v *AnalyzerSummary) *GetAnalyzerOutput { - s.Analyzer = v - return s -} - -// Retrieves an archive rule. -type GetArchiveRuleInput struct { +// A proposed grant configuration for a KMS key. For more information, see CreateGrant +// (https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html). +type KmsGrantConfiguration struct { _ struct{} `type:"structure"` - // The name of the analyzer to retrieve rules from. + // Use this structure to propose allowing cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) + // in the grant only when the operation request includes the specified encryption + // context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). + Constraints *KmsGrantConstraints `locationName:"constraints" type:"structure"` + + // The principal that is given permission to perform the operations that the + // grant permits. // - // AnalyzerName is a required field - AnalyzerName *string `location:"uri" locationName:"analyzerName" min:"1" type:"string" required:"true"` + // GranteePrincipal is a required field + GranteePrincipal *string `locationName:"granteePrincipal" type:"string" required:"true"` - // The name of the rule to retrieve. + // The AWS account under which the grant was issued. The account is used to + // propose KMS grants issued by accounts other than the owner of the key. // - // RuleName is a required field - RuleName *string `location:"uri" locationName:"ruleName" min:"1" type:"string" required:"true"` + // IssuingAccount is a required field + IssuingAccount *string `locationName:"issuingAccount" type:"string" required:"true"` + + // A list of operations that the grant permits. + // + // Operations is a required field + Operations []*string `locationName:"operations" type:"list" required:"true"` + + // The principal that is given permission to retire the grant by using RetireGrant + // (https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) + // operation. + RetiringPrincipal *string `locationName:"retiringPrincipal" type:"string"` } // String returns the string representation -func (s GetArchiveRuleInput) String() string { +func (s KmsGrantConfiguration) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s GetArchiveRuleInput) GoString() string { +func (s KmsGrantConfiguration) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *GetArchiveRuleInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "GetArchiveRuleInput"} - if s.AnalyzerName == nil { - invalidParams.Add(request.NewErrParamRequired("AnalyzerName")) - } - if s.AnalyzerName != nil && len(*s.AnalyzerName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("AnalyzerName", 1)) +func (s *KmsGrantConfiguration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "KmsGrantConfiguration"} + if s.GranteePrincipal == nil { + invalidParams.Add(request.NewErrParamRequired("GranteePrincipal")) } - if s.RuleName == nil { - invalidParams.Add(request.NewErrParamRequired("RuleName")) + if s.IssuingAccount == nil { + invalidParams.Add(request.NewErrParamRequired("IssuingAccount")) } - if s.RuleName != nil && len(*s.RuleName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("RuleName", 1)) + if s.Operations == nil { + invalidParams.Add(request.NewErrParamRequired("Operations")) } if invalidParams.Len() > 0 { @@ -3575,80 +5103,126 @@ func (s *GetArchiveRuleInput) Validate() error { return nil } -// SetAnalyzerName sets the AnalyzerName field's value. -func (s *GetArchiveRuleInput) SetAnalyzerName(v string) *GetArchiveRuleInput { - s.AnalyzerName = &v +// SetConstraints sets the Constraints field's value. +func (s *KmsGrantConfiguration) SetConstraints(v *KmsGrantConstraints) *KmsGrantConfiguration { + s.Constraints = v return s } -// SetRuleName sets the RuleName field's value. -func (s *GetArchiveRuleInput) SetRuleName(v string) *GetArchiveRuleInput { - s.RuleName = &v +// SetGranteePrincipal sets the GranteePrincipal field's value. +func (s *KmsGrantConfiguration) SetGranteePrincipal(v string) *KmsGrantConfiguration { + s.GranteePrincipal = &v return s } -// The response to the request. -type GetArchiveRuleOutput struct { +// SetIssuingAccount sets the IssuingAccount field's value. +func (s *KmsGrantConfiguration) SetIssuingAccount(v string) *KmsGrantConfiguration { + s.IssuingAccount = &v + return s +} + +// SetOperations sets the Operations field's value. +func (s *KmsGrantConfiguration) SetOperations(v []*string) *KmsGrantConfiguration { + s.Operations = v + return s +} + +// SetRetiringPrincipal sets the RetiringPrincipal field's value. +func (s *KmsGrantConfiguration) SetRetiringPrincipal(v string) *KmsGrantConfiguration { + s.RetiringPrincipal = &v + return s +} + +// Use this structure to propose allowing cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) +// in the grant only when the operation request includes the specified encryption +// context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). +// You can specify only one type of encryption context. An empty map is treated +// as not specified. For more information, see GrantConstraints (https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html). +type KmsGrantConstraints struct { _ struct{} `type:"structure"` - // Contains information about an archive rule. - // - // ArchiveRule is a required field - ArchiveRule *ArchiveRuleSummary `locationName:"archiveRule" type:"structure" required:"true"` + // A list of key-value pairs that must match the encryption context in the cryptographic + // operation (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) + // request. The grant allows the operation only when the encryption context + // in the request is the same as the encryption context specified in this constraint. + EncryptionContextEquals map[string]*string `locationName:"encryptionContextEquals" type:"map"` + + // A list of key-value pairs that must be included in the encryption context + // of the cryptographic operation (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) + // request. The grant allows the cryptographic operation only when the encryption + // context in the request includes the key-value pairs specified in this constraint, + // although it can include additional key-value pairs. + EncryptionContextSubset map[string]*string `locationName:"encryptionContextSubset" type:"map"` } // String returns the string representation -func (s GetArchiveRuleOutput) String() string { +func (s KmsGrantConstraints) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s GetArchiveRuleOutput) GoString() string { +func (s KmsGrantConstraints) GoString() string { return s.String() } -// SetArchiveRule sets the ArchiveRule field's value. -func (s *GetArchiveRuleOutput) SetArchiveRule(v *ArchiveRuleSummary) *GetArchiveRuleOutput { - s.ArchiveRule = v +// SetEncryptionContextEquals sets the EncryptionContextEquals field's value. +func (s *KmsGrantConstraints) SetEncryptionContextEquals(v map[string]*string) *KmsGrantConstraints { + s.EncryptionContextEquals = v return s } -// Retrieves a finding. -type GetFindingInput struct { +// SetEncryptionContextSubset sets the EncryptionContextSubset field's value. +func (s *KmsGrantConstraints) SetEncryptionContextSubset(v map[string]*string) *KmsGrantConstraints { + s.EncryptionContextSubset = v + return s +} + +// Proposed access control configuration for a KMS key. You can propose a configuration +// for a new KMS key or an existing KMS key that you own by specifying the key +// policy and KMS grant configuration. If the configuration is for an existing +// key and you do not specify the key policy, the access preview uses the existing +// policy for the key. If the access preview is for a new resource and you do +// not specify the key policy, then the access preview uses the default key +// policy. The proposed key policy cannot be an empty string. For more information, +// see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default). +// For more information about key policy limits, see Resource quotas (https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html). +type KmsKeyConfiguration struct { _ struct{} `type:"structure"` - // The ARN of the analyzer that generated the finding. - // - // AnalyzerArn is a required field - AnalyzerArn *string `location:"querystring" locationName:"analyzerArn" type:"string" required:"true"` + // A list of proposed grant configurations for the KMS key. If the proposed + // grant configuration is for an existing key, the access preview uses the proposed + // list of grant configurations in place of the existing grants. Otherwise, + // the access preview uses the existing grants for the key. + Grants []*KmsGrantConfiguration `locationName:"grants" type:"list"` - // The ID of the finding to retrieve. - // - // Id is a required field - Id *string `location:"uri" locationName:"id" type:"string" required:"true"` + // Resource policy configuration for the KMS key. The only valid value for the + // name of the key policy is default. For more information, see Default key + // policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default). + KeyPolicies map[string]*string `locationName:"keyPolicies" type:"map"` } // String returns the string representation -func (s GetFindingInput) String() string { +func (s KmsKeyConfiguration) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s GetFindingInput) GoString() string { +func (s KmsKeyConfiguration) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *GetFindingInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "GetFindingInput"} - if s.AnalyzerArn == nil { - invalidParams.Add(request.NewErrParamRequired("AnalyzerArn")) - } - if s.Id == nil { - invalidParams.Add(request.NewErrParamRequired("Id")) - } - if s.Id != nil && len(*s.Id) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Id", 1)) +func (s *KmsKeyConfiguration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "KmsKeyConfiguration"} + if s.Grants != nil { + for i, v := range s.Grants { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Grants", i), err.(request.ErrInvalidParams)) + } + } } if invalidParams.Len() > 0 { @@ -3657,79 +5231,63 @@ func (s *GetFindingInput) Validate() error { return nil } -// SetAnalyzerArn sets the AnalyzerArn field's value. -func (s *GetFindingInput) SetAnalyzerArn(v string) *GetFindingInput { - s.AnalyzerArn = &v +// SetGrants sets the Grants field's value. +func (s *KmsKeyConfiguration) SetGrants(v []*KmsGrantConfiguration) *KmsKeyConfiguration { + s.Grants = v return s } -// SetId sets the Id field's value. -func (s *GetFindingInput) SetId(v string) *GetFindingInput { - s.Id = &v +// SetKeyPolicies sets the KeyPolicies field's value. +func (s *KmsKeyConfiguration) SetKeyPolicies(v map[string]*string) *KmsKeyConfiguration { + s.KeyPolicies = v return s } -// The response to the request. -type GetFindingOutput struct { +type ListAccessPreviewFindingsInput struct { _ struct{} `type:"structure"` - // A finding object that contains finding details. - Finding *Finding `locationName:"finding" type:"structure"` -} - -// String returns the string representation -func (s GetFindingOutput) String() string { - return awsutil.Prettify(s) -} - -// GoString returns the string representation -func (s GetFindingOutput) GoString() string { - return s.String() -} + // The unique ID for the access preview. + // + // AccessPreviewId is a required field + AccessPreviewId *string `location:"uri" locationName:"accessPreviewId" type:"string" required:"true"` -// SetFinding sets the Finding field's value. -func (s *GetFindingOutput) SetFinding(v *Finding) *GetFindingOutput { - s.Finding = v - return s -} + // The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources) + // used to generate the access. + // + // AnalyzerArn is a required field + AnalyzerArn *string `locationName:"analyzerArn" type:"string" required:"true"` -// An criterion statement in an archive rule. Each archive rule may have multiple -// criteria. -type InlineArchiveRule struct { - _ struct{} `type:"structure"` + // Criteria to filter the returned findings. + Filter map[string]*Criterion `locationName:"filter" type:"map"` - // The condition and values for a criterion. - // - // Filter is a required field - Filter map[string]*Criterion `locationName:"filter" type:"map" required:"true"` + // The maximum number of results to return in the response. + MaxResults *int64 `locationName:"maxResults" type:"integer"` - // The name of the rule. - // - // RuleName is a required field - RuleName *string `locationName:"ruleName" min:"1" type:"string" required:"true"` + // A token used for pagination of results returned. + NextToken *string `locationName:"nextToken" type:"string"` } // String returns the string representation -func (s InlineArchiveRule) String() string { +func (s ListAccessPreviewFindingsInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s InlineArchiveRule) GoString() string { +func (s ListAccessPreviewFindingsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *InlineArchiveRule) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "InlineArchiveRule"} - if s.Filter == nil { - invalidParams.Add(request.NewErrParamRequired("Filter")) +func (s *ListAccessPreviewFindingsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListAccessPreviewFindingsInput"} + if s.AccessPreviewId == nil { + invalidParams.Add(request.NewErrParamRequired("AccessPreviewId")) } - if s.RuleName == nil { - invalidParams.Add(request.NewErrParamRequired("RuleName")) + if s.AccessPreviewId != nil && len(*s.AccessPreviewId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AccessPreviewId", 1)) } - if s.RuleName != nil && len(*s.RuleName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("RuleName", 1)) + if s.AnalyzerArn == nil { + invalidParams.Add(request.NewErrParamRequired("AnalyzerArn")) } if s.Filter != nil { for i, v := range s.Filter { @@ -3748,82 +5306,167 @@ func (s *InlineArchiveRule) Validate() error { return nil } +// SetAccessPreviewId sets the AccessPreviewId field's value. +func (s *ListAccessPreviewFindingsInput) SetAccessPreviewId(v string) *ListAccessPreviewFindingsInput { + s.AccessPreviewId = &v + return s +} + +// SetAnalyzerArn sets the AnalyzerArn field's value. +func (s *ListAccessPreviewFindingsInput) SetAnalyzerArn(v string) *ListAccessPreviewFindingsInput { + s.AnalyzerArn = &v + return s +} + // SetFilter sets the Filter field's value. -func (s *InlineArchiveRule) SetFilter(v map[string]*Criterion) *InlineArchiveRule { +func (s *ListAccessPreviewFindingsInput) SetFilter(v map[string]*Criterion) *ListAccessPreviewFindingsInput { s.Filter = v return s } -// SetRuleName sets the RuleName field's value. -func (s *InlineArchiveRule) SetRuleName(v string) *InlineArchiveRule { - s.RuleName = &v +// SetMaxResults sets the MaxResults field's value. +func (s *ListAccessPreviewFindingsInput) SetMaxResults(v int64) *ListAccessPreviewFindingsInput { + s.MaxResults = &v return s } -// Internal server error. -type InternalServerException struct { - _ struct{} `type:"structure"` - RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` +// SetNextToken sets the NextToken field's value. +func (s *ListAccessPreviewFindingsInput) SetNextToken(v string) *ListAccessPreviewFindingsInput { + s.NextToken = &v + return s +} - Message_ *string `locationName:"message" type:"string"` +type ListAccessPreviewFindingsOutput struct { + _ struct{} `type:"structure"` - // The seconds to wait to retry. - RetryAfterSeconds *int64 `location:"header" locationName:"Retry-After" type:"integer"` + // A list of access preview findings that match the specified filter criteria. + // + // Findings is a required field + Findings []*AccessPreviewFinding `locationName:"findings" type:"list" required:"true"` + + // A token used for pagination of results returned. + NextToken *string `locationName:"nextToken" type:"string"` } // String returns the string representation -func (s InternalServerException) String() string { +func (s ListAccessPreviewFindingsOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s InternalServerException) GoString() string { +func (s ListAccessPreviewFindingsOutput) GoString() string { return s.String() } -func newErrorInternalServerException(v protocol.ResponseMetadata) error { - return &InternalServerException{ - RespMetadata: v, - } +// SetFindings sets the Findings field's value. +func (s *ListAccessPreviewFindingsOutput) SetFindings(v []*AccessPreviewFinding) *ListAccessPreviewFindingsOutput { + s.Findings = v + return s } -// Code returns the exception type name. -func (s *InternalServerException) Code() string { - return "InternalServerException" +// SetNextToken sets the NextToken field's value. +func (s *ListAccessPreviewFindingsOutput) SetNextToken(v string) *ListAccessPreviewFindingsOutput { + s.NextToken = &v + return s } -// Message returns the exception's message. -func (s *InternalServerException) Message() string { - if s.Message_ != nil { - return *s.Message_ - } - return "" +type ListAccessPreviewsInput struct { + _ struct{} `type:"structure"` + + // The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources) + // used to generate the access preview. + // + // AnalyzerArn is a required field + AnalyzerArn *string `location:"querystring" locationName:"analyzerArn" type:"string" required:"true"` + + // The maximum number of results to return in the response. + MaxResults *int64 `location:"querystring" locationName:"maxResults" type:"integer"` + + // A token used for pagination of results returned. + NextToken *string `location:"querystring" locationName:"nextToken" type:"string"` } -// OrigErr always returns nil, satisfies awserr.Error interface. -func (s *InternalServerException) OrigErr() error { +// String returns the string representation +func (s ListAccessPreviewsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListAccessPreviewsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListAccessPreviewsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListAccessPreviewsInput"} + if s.AnalyzerArn == nil { + invalidParams.Add(request.NewErrParamRequired("AnalyzerArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } return nil } -func (s *InternalServerException) Error() string { - return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +// SetAnalyzerArn sets the AnalyzerArn field's value. +func (s *ListAccessPreviewsInput) SetAnalyzerArn(v string) *ListAccessPreviewsInput { + s.AnalyzerArn = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListAccessPreviewsInput) SetMaxResults(v int64) *ListAccessPreviewsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAccessPreviewsInput) SetNextToken(v string) *ListAccessPreviewsInput { + s.NextToken = &v + return s +} + +type ListAccessPreviewsOutput struct { + _ struct{} `type:"structure"` + + // A list of access previews retrieved for the analyzer. + // + // AccessPreviews is a required field + AccessPreviews []*AccessPreviewSummary `locationName:"accessPreviews" type:"list" required:"true"` + + // A token used for pagination of results returned. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s ListAccessPreviewsOutput) String() string { + return awsutil.Prettify(s) } -// Status code returns the HTTP status code for the request's response error. -func (s *InternalServerException) StatusCode() int { - return s.RespMetadata.StatusCode +// GoString returns the string representation +func (s ListAccessPreviewsOutput) GoString() string { + return s.String() } -// RequestID returns the service's response RequestID for request. -func (s *InternalServerException) RequestID() string { - return s.RespMetadata.RequestID +// SetAccessPreviews sets the AccessPreviews field's value. +func (s *ListAccessPreviewsOutput) SetAccessPreviews(v []*AccessPreviewSummary) *ListAccessPreviewsOutput { + s.AccessPreviews = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListAccessPreviewsOutput) SetNextToken(v string) *ListAccessPreviewsOutput { + s.NextToken = &v + return s } // Retrieves a list of resources that have been analyzed. type ListAnalyzedResourcesInput struct { _ struct{} `type:"structure"` - // The ARN of the analyzer to retrieve a list of analyzed resources from. + // The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources) + // to retrieve a list of analyzed resources from. // // AnalyzerArn is a required field AnalyzerArn *string `locationName:"analyzerArn" type:"string" required:"true"` @@ -4096,7 +5739,8 @@ func (s *ListArchiveRulesOutput) SetNextToken(v string) *ListArchiveRulesOutput type ListFindingsInput struct { _ struct{} `type:"structure"` - // The ARN of the analyzer to retrieve findings from. + // The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources) + // to retrieve findings from. // // AnalyzerArn is a required field AnalyzerArn *string `locationName:"analyzerArn" type:"string" required:"true"` @@ -4153,94 +5797,448 @@ func (s *ListFindingsInput) SetAnalyzerArn(v string) *ListFindingsInput { return s } -// SetFilter sets the Filter field's value. -func (s *ListFindingsInput) SetFilter(v map[string]*Criterion) *ListFindingsInput { - s.Filter = v - return s +// SetFilter sets the Filter field's value. +func (s *ListFindingsInput) SetFilter(v map[string]*Criterion) *ListFindingsInput { + s.Filter = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListFindingsInput) SetMaxResults(v int64) *ListFindingsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListFindingsInput) SetNextToken(v string) *ListFindingsInput { + s.NextToken = &v + return s +} + +// SetSort sets the Sort field's value. +func (s *ListFindingsInput) SetSort(v *SortCriteria) *ListFindingsInput { + s.Sort = v + return s +} + +// The response to the request. +type ListFindingsOutput struct { + _ struct{} `type:"structure"` + + // A list of findings retrieved from the analyzer that match the filter criteria + // specified, if any. + // + // Findings is a required field + Findings []*FindingSummary `locationName:"findings" type:"list" required:"true"` + + // A token used for pagination of results returned. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation +func (s ListFindingsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListFindingsOutput) GoString() string { + return s.String() +} + +// SetFindings sets the Findings field's value. +func (s *ListFindingsOutput) SetFindings(v []*FindingSummary) *ListFindingsOutput { + s.Findings = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListFindingsOutput) SetNextToken(v string) *ListFindingsOutput { + s.NextToken = &v + return s +} + +// Retrieves a list of tags applied to the specified resource. +type ListTagsForResourceInput struct { + _ struct{} `type:"structure"` + + // The ARN of the resource to retrieve tags from. + // + // ResourceArn is a required field + ResourceArn *string `location:"uri" locationName:"resourceArn" type:"string" required:"true"` +} + +// String returns the string representation +func (s ListTagsForResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListTagsForResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListTagsForResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.ResourceArn != nil && len(*s.ResourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *ListTagsForResourceInput) SetResourceArn(v string) *ListTagsForResourceInput { + s.ResourceArn = &v + return s +} + +// The response to the request. +type ListTagsForResourceOutput struct { + _ struct{} `type:"structure"` + + // The tags that are applied to the specified resource. + Tags map[string]*string `locationName:"tags" type:"map"` +} + +// String returns the string representation +func (s ListTagsForResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListTagsForResourceOutput) GoString() string { + return s.String() +} + +// SetTags sets the Tags field's value. +func (s *ListTagsForResourceOutput) SetTags(v map[string]*string) *ListTagsForResourceOutput { + s.Tags = v + return s +} + +// The proposed InternetConfiguration or VpcConfiguration to apply to the Amazon +// S3 Access point. You can make the access point accessible from the internet, +// or you can specify that all requests made through that access point must +// originate from a specific virtual private cloud (VPC). You can specify only +// one type of network configuration. For more information, see Creating access +// points (https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html). +type NetworkOriginConfiguration struct { + _ struct{} `type:"structure"` + + // The configuration for the Amazon S3 access point with an Internet origin. + InternetConfiguration *InternetConfiguration `locationName:"internetConfiguration" type:"structure"` + + // The proposed virtual private cloud (VPC) configuration for the Amazon S3 + // access point. For more information, see VpcConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html). + VpcConfiguration *VpcConfiguration `locationName:"vpcConfiguration" type:"structure"` +} + +// String returns the string representation +func (s NetworkOriginConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s NetworkOriginConfiguration) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *NetworkOriginConfiguration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "NetworkOriginConfiguration"} + if s.VpcConfiguration != nil { + if err := s.VpcConfiguration.Validate(); err != nil { + invalidParams.AddNested("VpcConfiguration", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetInternetConfiguration sets the InternetConfiguration field's value. +func (s *NetworkOriginConfiguration) SetInternetConfiguration(v *InternetConfiguration) *NetworkOriginConfiguration { + s.InternetConfiguration = v + return s +} + +// SetVpcConfiguration sets the VpcConfiguration field's value. +func (s *NetworkOriginConfiguration) SetVpcConfiguration(v *VpcConfiguration) *NetworkOriginConfiguration { + s.VpcConfiguration = v + return s +} + +// The specified resource could not be found. +type ResourceNotFoundException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` + + // The ID of the resource. + // + // ResourceId is a required field + ResourceId *string `locationName:"resourceId" type:"string" required:"true"` + + // The type of the resource. + // + // ResourceType is a required field + ResourceType *string `locationName:"resourceType" type:"string" required:"true"` +} + +// String returns the string representation +func (s ResourceNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ResourceNotFoundException) GoString() string { + return s.String() +} + +func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { + return &ResourceNotFoundException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ResourceNotFoundException) Code() string { + return "ResourceNotFoundException" +} + +// Message returns the exception's message. +func (s *ResourceNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ResourceNotFoundException) OrigErr() error { + return nil +} + +func (s *ResourceNotFoundException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ResourceNotFoundException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ResourceNotFoundException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The configuration for an Amazon S3 access point for the bucket. You can propose +// up to 10 access points per bucket. If the proposed Amazon S3 access point +// configuration is for an existing bucket, the access preview uses the proposed +// access point configuration in place of the existing access points. To propose +// an access point without a policy, you can provide an empty string as the +// access point policy. For more information, see Creating access points (https://docs.aws.amazon.com/https:/docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html). +// For more information about access point policy limits, see Access points +// restrictions and limitations (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html). +type S3AccessPointConfiguration struct { + _ struct{} `type:"structure"` + + // The access point policy. + AccessPointPolicy *string `locationName:"accessPointPolicy" type:"string"` + + // The proposed Internet and VpcConfiguration to apply to this Amazon S3 access + // point. If the access preview is for a new resource and neither is specified, + // the access preview uses Internet for the network origin. If the access preview + // is for an existing resource and neither is specified, the access preview + // uses the exiting network origin. + NetworkOrigin *NetworkOriginConfiguration `locationName:"networkOrigin" type:"structure"` + + // The proposed S3PublicAccessBlock configuration to apply to this Amazon S3 + // Access Point. + PublicAccessBlock *S3PublicAccessBlockConfiguration `locationName:"publicAccessBlock" type:"structure"` +} + +// String returns the string representation +func (s S3AccessPointConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s S3AccessPointConfiguration) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *S3AccessPointConfiguration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "S3AccessPointConfiguration"} + if s.NetworkOrigin != nil { + if err := s.NetworkOrigin.Validate(); err != nil { + invalidParams.AddNested("NetworkOrigin", err.(request.ErrInvalidParams)) + } + } + if s.PublicAccessBlock != nil { + if err := s.PublicAccessBlock.Validate(); err != nil { + invalidParams.AddNested("PublicAccessBlock", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetMaxResults sets the MaxResults field's value. -func (s *ListFindingsInput) SetMaxResults(v int64) *ListFindingsInput { - s.MaxResults = &v +// SetAccessPointPolicy sets the AccessPointPolicy field's value. +func (s *S3AccessPointConfiguration) SetAccessPointPolicy(v string) *S3AccessPointConfiguration { + s.AccessPointPolicy = &v return s } -// SetNextToken sets the NextToken field's value. -func (s *ListFindingsInput) SetNextToken(v string) *ListFindingsInput { - s.NextToken = &v +// SetNetworkOrigin sets the NetworkOrigin field's value. +func (s *S3AccessPointConfiguration) SetNetworkOrigin(v *NetworkOriginConfiguration) *S3AccessPointConfiguration { + s.NetworkOrigin = v return s } -// SetSort sets the Sort field's value. -func (s *ListFindingsInput) SetSort(v *SortCriteria) *ListFindingsInput { - s.Sort = v +// SetPublicAccessBlock sets the PublicAccessBlock field's value. +func (s *S3AccessPointConfiguration) SetPublicAccessBlock(v *S3PublicAccessBlockConfiguration) *S3AccessPointConfiguration { + s.PublicAccessBlock = v return s } -// The response to the request. -type ListFindingsOutput struct { +// A proposed access control list grant configuration for an Amazon S3 bucket. +// For more information, see How to Specify an ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#setting-acls). +type S3BucketAclGrantConfiguration struct { _ struct{} `type:"structure"` - // A list of findings retrieved from the analyzer that match the filter criteria - // specified, if any. + // The grantee to whom you’re assigning access rights. // - // Findings is a required field - Findings []*FindingSummary `locationName:"findings" type:"list" required:"true"` + // Grantee is a required field + Grantee *AclGrantee `locationName:"grantee" type:"structure" required:"true"` - // A token used for pagination of results returned. - NextToken *string `locationName:"nextToken" type:"string"` + // The permissions being granted. + // + // Permission is a required field + Permission *string `locationName:"permission" type:"string" required:"true" enum:"AclPermission"` } // String returns the string representation -func (s ListFindingsOutput) String() string { +func (s S3BucketAclGrantConfiguration) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s ListFindingsOutput) GoString() string { +func (s S3BucketAclGrantConfiguration) GoString() string { return s.String() } -// SetFindings sets the Findings field's value. -func (s *ListFindingsOutput) SetFindings(v []*FindingSummary) *ListFindingsOutput { - s.Findings = v +// Validate inspects the fields of the type to determine if they are valid. +func (s *S3BucketAclGrantConfiguration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "S3BucketAclGrantConfiguration"} + if s.Grantee == nil { + invalidParams.Add(request.NewErrParamRequired("Grantee")) + } + if s.Permission == nil { + invalidParams.Add(request.NewErrParamRequired("Permission")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetGrantee sets the Grantee field's value. +func (s *S3BucketAclGrantConfiguration) SetGrantee(v *AclGrantee) *S3BucketAclGrantConfiguration { + s.Grantee = v return s } -// SetNextToken sets the NextToken field's value. -func (s *ListFindingsOutput) SetNextToken(v string) *ListFindingsOutput { - s.NextToken = &v +// SetPermission sets the Permission field's value. +func (s *S3BucketAclGrantConfiguration) SetPermission(v string) *S3BucketAclGrantConfiguration { + s.Permission = &v return s } -// Retrieves a list of tags applied to the specified resource. -type ListTagsForResourceInput struct { +// Proposed access control configuration for an Amazon S3 bucket. You can propose +// a configuration for a new Amazon S3 bucket or an existing Amazon S3 bucket +// that you own by specifying the Amazon S3 bucket policy, bucket ACLs, bucket +// BPA settings, and Amazon S3 access points attached to the bucket. If the +// configuration is for an existing Amazon S3 bucket and you do not specify +// the Amazon S3 bucket policy, the access preview uses the existing policy +// attached to the bucket. If the access preview is for a new resource and you +// do not specify the Amazon S3 bucket policy, the access preview assumes a +// bucket without a policy. To propose deletion of an existing bucket policy, +// you can specify an empty string. For more information about bucket policy +// limits, see Bucket Policy Examples (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html). +type S3BucketConfiguration struct { _ struct{} `type:"structure"` - // The ARN of the resource to retrieve tags from. - // - // ResourceArn is a required field - ResourceArn *string `location:"uri" locationName:"resourceArn" type:"string" required:"true"` + // The configuration of Amazon S3 access points for the bucket. + AccessPoints map[string]*S3AccessPointConfiguration `locationName:"accessPoints" type:"map"` + + // The proposed list of ACL grants for the Amazon S3 bucket. You can propose + // up to 100 ACL grants per bucket. If the proposed grant configuration is for + // an existing bucket, the access preview uses the proposed list of grant configurations + // in place of the existing grants. Otherwise, the access preview uses the existing + // grants for the bucket. + BucketAclGrants []*S3BucketAclGrantConfiguration `locationName:"bucketAclGrants" type:"list"` + + // The proposed bucket policy for the Amazon S3 bucket. + BucketPolicy *string `locationName:"bucketPolicy" type:"string"` + + // The proposed block public access configuration for the Amazon S3 bucket. + BucketPublicAccessBlock *S3PublicAccessBlockConfiguration `locationName:"bucketPublicAccessBlock" type:"structure"` } // String returns the string representation -func (s ListTagsForResourceInput) String() string { +func (s S3BucketConfiguration) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s ListTagsForResourceInput) GoString() string { +func (s S3BucketConfiguration) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *ListTagsForResourceInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"} - if s.ResourceArn == nil { - invalidParams.Add(request.NewErrParamRequired("ResourceArn")) +func (s *S3BucketConfiguration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "S3BucketConfiguration"} + if s.AccessPoints != nil { + for i, v := range s.AccessPoints { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "AccessPoints", i), err.(request.ErrInvalidParams)) + } + } } - if s.ResourceArn != nil && len(*s.ResourceArn) < 1 { - invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1)) + if s.BucketAclGrants != nil { + for i, v := range s.BucketAclGrants { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "BucketAclGrants", i), err.(request.ErrInvalidParams)) + } + } + } + if s.BucketPublicAccessBlock != nil { + if err := s.BucketPublicAccessBlock.Validate(); err != nil { + invalidParams.AddNested("BucketPublicAccessBlock", err.(request.ErrInvalidParams)) + } } if invalidParams.Len() > 0 { @@ -4249,100 +6247,137 @@ func (s *ListTagsForResourceInput) Validate() error { return nil } -// SetResourceArn sets the ResourceArn field's value. -func (s *ListTagsForResourceInput) SetResourceArn(v string) *ListTagsForResourceInput { - s.ResourceArn = &v +// SetAccessPoints sets the AccessPoints field's value. +func (s *S3BucketConfiguration) SetAccessPoints(v map[string]*S3AccessPointConfiguration) *S3BucketConfiguration { + s.AccessPoints = v return s } -// The response to the request. -type ListTagsForResourceOutput struct { - _ struct{} `type:"structure"` - - // The tags that are applied to the specified resource. - Tags map[string]*string `locationName:"tags" type:"map"` -} - -// String returns the string representation -func (s ListTagsForResourceOutput) String() string { - return awsutil.Prettify(s) +// SetBucketAclGrants sets the BucketAclGrants field's value. +func (s *S3BucketConfiguration) SetBucketAclGrants(v []*S3BucketAclGrantConfiguration) *S3BucketConfiguration { + s.BucketAclGrants = v + return s } -// GoString returns the string representation -func (s ListTagsForResourceOutput) GoString() string { - return s.String() +// SetBucketPolicy sets the BucketPolicy field's value. +func (s *S3BucketConfiguration) SetBucketPolicy(v string) *S3BucketConfiguration { + s.BucketPolicy = &v + return s } -// SetTags sets the Tags field's value. -func (s *ListTagsForResourceOutput) SetTags(v map[string]*string) *ListTagsForResourceOutput { - s.Tags = v +// SetBucketPublicAccessBlock sets the BucketPublicAccessBlock field's value. +func (s *S3BucketConfiguration) SetBucketPublicAccessBlock(v *S3PublicAccessBlockConfiguration) *S3BucketConfiguration { + s.BucketPublicAccessBlock = v return s } -// The specified resource could not be found. -type ResourceNotFoundException struct { - _ struct{} `type:"structure"` - RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` - - Message_ *string `locationName:"message" type:"string"` +// The PublicAccessBlock configuration to apply to this Amazon S3 bucket. If +// the proposed configuration is for an existing Amazon S3 bucket and the configuration +// is not specified, the access preview uses the existing setting. If the proposed +// configuration is for a new bucket and the configuration is not specified, +// the access preview uses false. If the proposed configuration is for a new +// access point and the access point BPA configuration is not specified, the +// access preview uses true. For more information, see PublicAccessBlockConfiguration +// (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html). +type S3PublicAccessBlockConfiguration struct { + _ struct{} `type:"structure"` - // The ID of the resource. + // Specifies whether Amazon S3 should ignore public ACLs for this bucket and + // objects in this bucket. // - // ResourceId is a required field - ResourceId *string `locationName:"resourceId" type:"string" required:"true"` + // IgnorePublicAcls is a required field + IgnorePublicAcls *bool `locationName:"ignorePublicAcls" type:"boolean" required:"true"` - // The type of the resource. + // Specifies whether Amazon S3 should restrict public bucket policies for this + // bucket. // - // ResourceType is a required field - ResourceType *string `locationName:"resourceType" type:"string" required:"true"` + // RestrictPublicBuckets is a required field + RestrictPublicBuckets *bool `locationName:"restrictPublicBuckets" type:"boolean" required:"true"` } // String returns the string representation -func (s ResourceNotFoundException) String() string { +func (s S3PublicAccessBlockConfiguration) String() string { return awsutil.Prettify(s) } // GoString returns the string representation -func (s ResourceNotFoundException) GoString() string { +func (s S3PublicAccessBlockConfiguration) GoString() string { return s.String() } -func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { - return &ResourceNotFoundException{ - RespMetadata: v, +// Validate inspects the fields of the type to determine if they are valid. +func (s *S3PublicAccessBlockConfiguration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "S3PublicAccessBlockConfiguration"} + if s.IgnorePublicAcls == nil { + invalidParams.Add(request.NewErrParamRequired("IgnorePublicAcls")) + } + if s.RestrictPublicBuckets == nil { + invalidParams.Add(request.NewErrParamRequired("RestrictPublicBuckets")) } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// Code returns the exception type name. -func (s *ResourceNotFoundException) Code() string { - return "ResourceNotFoundException" +// SetIgnorePublicAcls sets the IgnorePublicAcls field's value. +func (s *S3PublicAccessBlockConfiguration) SetIgnorePublicAcls(v bool) *S3PublicAccessBlockConfiguration { + s.IgnorePublicAcls = &v + return s } -// Message returns the exception's message. -func (s *ResourceNotFoundException) Message() string { - if s.Message_ != nil { - return *s.Message_ - } - return "" +// SetRestrictPublicBuckets sets the RestrictPublicBuckets field's value. +func (s *S3PublicAccessBlockConfiguration) SetRestrictPublicBuckets(v bool) *S3PublicAccessBlockConfiguration { + s.RestrictPublicBuckets = &v + return s } -// OrigErr always returns nil, satisfies awserr.Error interface. -func (s *ResourceNotFoundException) OrigErr() error { - return nil +// The configuration for a Secrets Manager secret. For more information, see +// CreateSecret (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html). +// +// You can propose a configuration for a new secret or an existing secret that +// you own by specifying the secret policy and optional KMS encryption key. +// If the configuration is for an existing secret and you do not specify the +// secret policy, the access preview uses the existing policy for the secret. +// If the access preview is for a new resource and you do not specify the policy, +// the access preview assumes a secret without a policy. To propose deletion +// of an existing policy, you can specify an empty string. If the proposed configuration +// is for a new secret and you do not specify the KMS key ID, the access preview +// uses the default CMK of the AWS account. If you specify an empty string for +// the KMS key ID, the access preview uses the default CMK of the AWS account. +// For more information about secret policy limits, see Quotas for AWS Secrets +// Manager. (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html). +type SecretsManagerSecretConfiguration struct { + _ struct{} `type:"structure"` + + // The proposed ARN, key ID, or alias of the AWS KMS customer master key (CMK). + KmsKeyId *string `locationName:"kmsKeyId" type:"string"` + + // The proposed resource policy defining who can access or manage the secret. + SecretPolicy *string `locationName:"secretPolicy" type:"string"` } -func (s *ResourceNotFoundException) Error() string { - return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +// String returns the string representation +func (s SecretsManagerSecretConfiguration) String() string { + return awsutil.Prettify(s) } -// Status code returns the HTTP status code for the request's response error. -func (s *ResourceNotFoundException) StatusCode() int { - return s.RespMetadata.StatusCode +// GoString returns the string representation +func (s SecretsManagerSecretConfiguration) GoString() string { + return s.String() } -// RequestID returns the service's response RequestID for request. -func (s *ResourceNotFoundException) RequestID() string { - return s.RespMetadata.RequestID +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *SecretsManagerSecretConfiguration) SetKmsKeyId(v string) *SecretsManagerSecretConfiguration { + s.KmsKeyId = &v + return s +} + +// SetSecretPolicy sets the SecretPolicy field's value. +func (s *SecretsManagerSecretConfiguration) SetSecretPolicy(v string) *SecretsManagerSecretConfiguration { + s.SecretPolicy = &v + return s } // Service quote met error. @@ -4444,12 +6479,44 @@ func (s *SortCriteria) SetOrderBy(v string) *SortCriteria { return s } +// The proposed access control configuration for an SQS queue. You can propose +// a configuration for a new SQS queue or an existing SQS queue that you own +// by specifying the SQS policy. If the configuration is for an existing SQS +// queue and you do not specify the SQS policy, the access preview uses the +// existing SQS policy for the queue. If the access preview is for a new resource +// and you do not specify the policy, the access preview assumes an SQS queue +// without a policy. To propose deletion of an existing SQS queue policy, you +// can specify an empty string for the SQS policy. For more information about +// SQS policy limits, see Quotas related to policies (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-policies.html). +type SqsQueueConfiguration struct { + _ struct{} `type:"structure"` + + // The proposed resource policy for the SQS queue. + QueuePolicy *string `locationName:"queuePolicy" type:"string"` +} + +// String returns the string representation +func (s SqsQueueConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SqsQueueConfiguration) GoString() string { + return s.String() +} + +// SetQueuePolicy sets the QueuePolicy field's value. +func (s *SqsQueueConfiguration) SetQueuePolicy(v string) *SqsQueueConfiguration { + s.QueuePolicy = &v + return s +} + // Starts a scan of the policies applied to the specified resource. type StartResourceScanInput struct { _ struct{} `type:"structure"` - // The ARN of the analyzer to use to scan the policies applied to the specified - // resource. + // The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources) + // to use to scan the policies applied to the specified resource. // // AnalyzerArn is a required field AnalyzerArn *string `locationName:"analyzerArn" type:"string" required:"true"` @@ -4513,7 +6580,7 @@ func (s StartResourceScanOutput) GoString() string { } // Provides more details about the current status of the analyzer. For example, -// if the creation for the analyzer fails, a Failed status is displayed. For +// if the creation for the analyzer fails, a Failed status is returned. For // an analyzer with organization as the type, this failure can be due to an // issue with creating the service-linked roles required in the member accounts // of the AWS organization. @@ -4854,7 +6921,8 @@ func (s UpdateArchiveRuleOutput) GoString() string { type UpdateFindingsInput struct { _ struct{} `type:"structure"` - // The ARN of the analyzer that generated the findings to update. + // The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources) + // that generated the findings to update. // // AnalyzerArn is a required field AnalyzerArn *string `locationName:"analyzerArn" type:"string" required:"true"` @@ -5047,6 +7115,111 @@ func (s *ValidationExceptionField) SetName(v string) *ValidationExceptionField { return s } +// The proposed virtual private cloud (VPC) configuration for the Amazon S3 +// access point. For more information, see VpcConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html). +type VpcConfiguration struct { + _ struct{} `type:"structure"` + + // If this field is specified, this access point will only allow connections + // from the specified VPC ID. + // + // VpcId is a required field + VpcId *string `locationName:"vpcId" type:"string" required:"true"` +} + +// String returns the string representation +func (s VpcConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s VpcConfiguration) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VpcConfiguration) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VpcConfiguration"} + if s.VpcId == nil { + invalidParams.Add(request.NewErrParamRequired("VpcId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetVpcId sets the VpcId field's value. +func (s *VpcConfiguration) SetVpcId(v string) *VpcConfiguration { + s.VpcId = &v + return s +} + +const ( + // AccessPreviewStatusCompleted is a AccessPreviewStatus enum value + AccessPreviewStatusCompleted = "COMPLETED" + + // AccessPreviewStatusCreating is a AccessPreviewStatus enum value + AccessPreviewStatusCreating = "CREATING" + + // AccessPreviewStatusFailed is a AccessPreviewStatus enum value + AccessPreviewStatusFailed = "FAILED" +) + +// AccessPreviewStatus_Values returns all elements of the AccessPreviewStatus enum +func AccessPreviewStatus_Values() []string { + return []string{ + AccessPreviewStatusCompleted, + AccessPreviewStatusCreating, + AccessPreviewStatusFailed, + } +} + +const ( + // AccessPreviewStatusReasonCodeInternalError is a AccessPreviewStatusReasonCode enum value + AccessPreviewStatusReasonCodeInternalError = "INTERNAL_ERROR" + + // AccessPreviewStatusReasonCodeInvalidConfiguration is a AccessPreviewStatusReasonCode enum value + AccessPreviewStatusReasonCodeInvalidConfiguration = "INVALID_CONFIGURATION" +) + +// AccessPreviewStatusReasonCode_Values returns all elements of the AccessPreviewStatusReasonCode enum +func AccessPreviewStatusReasonCode_Values() []string { + return []string{ + AccessPreviewStatusReasonCodeInternalError, + AccessPreviewStatusReasonCodeInvalidConfiguration, + } +} + +const ( + // AclPermissionRead is a AclPermission enum value + AclPermissionRead = "READ" + + // AclPermissionWrite is a AclPermission enum value + AclPermissionWrite = "WRITE" + + // AclPermissionReadAcp is a AclPermission enum value + AclPermissionReadAcp = "READ_ACP" + + // AclPermissionWriteAcp is a AclPermission enum value + AclPermissionWriteAcp = "WRITE_ACP" + + // AclPermissionFullControl is a AclPermission enum value + AclPermissionFullControl = "FULL_CONTROL" +) + +// AclPermission_Values returns all elements of the AclPermission enum +func AclPermission_Values() []string { + return []string{ + AclPermissionRead, + AclPermissionWrite, + AclPermissionReadAcp, + AclPermissionWriteAcp, + AclPermissionFullControl, + } +} + const ( // AnalyzerStatusActive is a AnalyzerStatus enum value AnalyzerStatusActive = "ACTIVE" @@ -5071,6 +7244,26 @@ func AnalyzerStatus_Values() []string { } } +const ( + // FindingChangeTypeChanged is a FindingChangeType enum value + FindingChangeTypeChanged = "CHANGED" + + // FindingChangeTypeNew is a FindingChangeType enum value + FindingChangeTypeNew = "NEW" + + // FindingChangeTypeUnchanged is a FindingChangeType enum value + FindingChangeTypeUnchanged = "UNCHANGED" +) + +// FindingChangeType_Values returns all elements of the FindingChangeType enum +func FindingChangeType_Values() []string { + return []string{ + FindingChangeTypeChanged, + FindingChangeTypeNew, + FindingChangeTypeUnchanged, + } +} + const ( // FindingSourceTypePolicy is a FindingSourceType enum value FindingSourceTypePolicy = "POLICY" @@ -5127,6 +7320,70 @@ func FindingStatusUpdate_Values() []string { } } +const ( + // KmsGrantOperationCreateGrant is a KmsGrantOperation enum value + KmsGrantOperationCreateGrant = "CreateGrant" + + // KmsGrantOperationDecrypt is a KmsGrantOperation enum value + KmsGrantOperationDecrypt = "Decrypt" + + // KmsGrantOperationDescribeKey is a KmsGrantOperation enum value + KmsGrantOperationDescribeKey = "DescribeKey" + + // KmsGrantOperationEncrypt is a KmsGrantOperation enum value + KmsGrantOperationEncrypt = "Encrypt" + + // KmsGrantOperationGenerateDataKey is a KmsGrantOperation enum value + KmsGrantOperationGenerateDataKey = "GenerateDataKey" + + // KmsGrantOperationGenerateDataKeyPair is a KmsGrantOperation enum value + KmsGrantOperationGenerateDataKeyPair = "GenerateDataKeyPair" + + // KmsGrantOperationGenerateDataKeyPairWithoutPlaintext is a KmsGrantOperation enum value + KmsGrantOperationGenerateDataKeyPairWithoutPlaintext = "GenerateDataKeyPairWithoutPlaintext" + + // KmsGrantOperationGenerateDataKeyWithoutPlaintext is a KmsGrantOperation enum value + KmsGrantOperationGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext" + + // KmsGrantOperationGetPublicKey is a KmsGrantOperation enum value + KmsGrantOperationGetPublicKey = "GetPublicKey" + + // KmsGrantOperationReEncryptFrom is a KmsGrantOperation enum value + KmsGrantOperationReEncryptFrom = "ReEncryptFrom" + + // KmsGrantOperationReEncryptTo is a KmsGrantOperation enum value + KmsGrantOperationReEncryptTo = "ReEncryptTo" + + // KmsGrantOperationRetireGrant is a KmsGrantOperation enum value + KmsGrantOperationRetireGrant = "RetireGrant" + + // KmsGrantOperationSign is a KmsGrantOperation enum value + KmsGrantOperationSign = "Sign" + + // KmsGrantOperationVerify is a KmsGrantOperation enum value + KmsGrantOperationVerify = "Verify" +) + +// KmsGrantOperation_Values returns all elements of the KmsGrantOperation enum +func KmsGrantOperation_Values() []string { + return []string{ + KmsGrantOperationCreateGrant, + KmsGrantOperationDecrypt, + KmsGrantOperationDescribeKey, + KmsGrantOperationEncrypt, + KmsGrantOperationGenerateDataKey, + KmsGrantOperationGenerateDataKeyPair, + KmsGrantOperationGenerateDataKeyPairWithoutPlaintext, + KmsGrantOperationGenerateDataKeyWithoutPlaintext, + KmsGrantOperationGetPublicKey, + KmsGrantOperationReEncryptFrom, + KmsGrantOperationReEncryptTo, + KmsGrantOperationRetireGrant, + KmsGrantOperationSign, + KmsGrantOperationVerify, + } +} + const ( // OrderByAsc is a OrderBy enum value OrderByAsc = "ASC" diff --git a/service/accessanalyzer/doc.go b/service/accessanalyzer/doc.go index 4be565e4b9d..fc31a492d56 100644 --- a/service/accessanalyzer/doc.go +++ b/service/accessanalyzer/doc.go @@ -8,9 +8,11 @@ // It does this by using logic-based reasoning to analyze resource-based policies // in your AWS environment. An external principal can be another AWS account, // a root user, an IAM user or role, a federated user, an AWS service, or an -// anonymous user. This guide describes the AWS IAM Access Analyzer operations -// that you can call programmatically. For general information about Access -// Analyzer, see AWS IAM Access Analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html) +// anonymous user. You can also use Access Analyzer to preview and validate +// public and cross-account access to your resources before deploying permissions +// changes. This guide describes the AWS IAM Access Analyzer operations that +// you can call programmatically. For general information about Access Analyzer, +// see AWS IAM Access Analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html) // in the IAM User Guide. // // To start using Access Analyzer, you first need to create an analyzer. diff --git a/service/backup/api.go b/service/backup/api.go index 31a3daa01da..168939866d3 100644 --- a/service/backup/api.go +++ b/service/backup/api.go @@ -831,6 +831,9 @@ func (c *Backup) DeleteRecoveryPointRequest(input *DeleteRecoveryPointInput) (re // // Deletes the recovery point specified by a recovery point ID. // +// If the recovery point ID belongs to a continuous backup, calling this endpoint +// deletes the existing continuous backup and stops future continuous backup. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -849,6 +852,11 @@ func (c *Backup) DeleteRecoveryPointRequest(input *DeleteRecoveryPointInput) (re // * MissingParameterValueException // Indicates that a required parameter is missing. // +// * InvalidResourceStateException +// AWS Backup is already performing an action on this recovery point. It can't +// perform the action you requested until the first action finishes. Try again +// later. +// // * ServiceUnavailableException // The request failed due to a temporary failure of the server. // @@ -1204,6 +1212,10 @@ func (c *Backup) DescribeGlobalSettingsRequest(input *DescribeGlobalSettingsInpu // API operation DescribeGlobalSettings for usage and error information. // // Returned Error Types: +// * InvalidRequestException +// Indicates that something is wrong with the input to the request. For example, +// a parameter is of the wrong type. +// // * ServiceUnavailableException // The request failed due to a temporary failure of the server. // @@ -1588,6 +1600,110 @@ func (c *Backup) DescribeRestoreJobWithContext(ctx aws.Context, input *DescribeR return out, req.Send() } +const opDisassociateRecoveryPoint = "DisassociateRecoveryPoint" + +// DisassociateRecoveryPointRequest generates a "aws/request.Request" representing the +// client's request for the DisassociateRecoveryPoint operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisassociateRecoveryPoint for more information on using the DisassociateRecoveryPoint +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DisassociateRecoveryPointRequest method. +// req, resp := client.DisassociateRecoveryPointRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/DisassociateRecoveryPoint +func (c *Backup) DisassociateRecoveryPointRequest(input *DisassociateRecoveryPointInput) (req *request.Request, output *DisassociateRecoveryPointOutput) { + op := &request.Operation{ + Name: opDisassociateRecoveryPoint, + HTTPMethod: "POST", + HTTPPath: "/backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn}/disassociate", + } + + if input == nil { + input = &DisassociateRecoveryPointInput{} + } + + output = &DisassociateRecoveryPointOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DisassociateRecoveryPoint API operation for AWS Backup. +// +// Deletes the specified continuous backup recovery point from AWS Backup and +// releases control of that continuous backup to the source service, such as +// Amazon RDS. The source service will continue to create and retain continuous +// backups using the lifecycle that you specified in your original backup plan. +// +// Does not support snapshot backup recovery points. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Backup's +// API operation DisassociateRecoveryPoint for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// A resource that is required for the action doesn't exist. +// +// * InvalidParameterValueException +// Indicates that something is wrong with a parameter's value. For example, +// the value is out of range. +// +// * MissingParameterValueException +// Indicates that a required parameter is missing. +// +// * InvalidResourceStateException +// AWS Backup is already performing an action on this recovery point. It can't +// perform the action you requested until the first action finishes. Try again +// later. +// +// * ServiceUnavailableException +// The request failed due to a temporary failure of the server. +// +// * InvalidRequestException +// Indicates that something is wrong with the input to the request. For example, +// a parameter is of the wrong type. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/DisassociateRecoveryPoint +func (c *Backup) DisassociateRecoveryPoint(input *DisassociateRecoveryPointInput) (*DisassociateRecoveryPointOutput, error) { + req, out := c.DisassociateRecoveryPointRequest(input) + return out, req.Send() +} + +// DisassociateRecoveryPointWithContext is the same as DisassociateRecoveryPoint with the addition of +// the ability to pass a context and additional request options. +// +// See DisassociateRecoveryPoint for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Backup) DisassociateRecoveryPointWithContext(ctx aws.Context, input *DisassociateRecoveryPointInput, opts ...request.Option) (*DisassociateRecoveryPointOutput, error) { + req, out := c.DisassociateRecoveryPointRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opExportBackupPlanTemplate = "ExportBackupPlanTemplate" // ExportBackupPlanTemplateRequest generates a "aws/request.Request" representing the @@ -1721,8 +1837,8 @@ func (c *Backup) GetBackupPlanRequest(input *GetBackupPlanInput) (req *request.R // GetBackupPlan API operation for AWS Backup. // -// Returns BackupPlan details for the specified BackupPlanId. Returns the body -// of a backup plan in JSON format, in addition to plan metadata. +// Returns BackupPlan details for the specified BackupPlanId. The details are +// the body of a backup plan in JSON format, in addition to plan metadata. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2437,7 +2553,9 @@ func (c *Backup) ListBackupJobsRequest(input *ListBackupJobsInput) (req *request // ListBackupJobs API operation for AWS Backup. // -// Returns a list of existing backup jobs for an authenticated account. +// Returns a list of existing backup jobs for an authenticated account for the +// last 30 days. For a longer period of time, consider using these monitoring +// tools (https://docs.aws.amazon.com/aws-backup/latest/devguide/monitoring.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4475,6 +4593,8 @@ func (c *Backup) StartCopyJobRequest(input *StartCopyJobInput) (req *request.Req // // Starts a job to create a one-time copy of the specified resource. // +// Does not support continuous backups. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4500,6 +4620,10 @@ func (c *Backup) StartCopyJobRequest(input *StartCopyJobInput) (req *request.Req // A limit in the request has been exceeded; for example, a maximum number of // items allowed in a request. // +// * InvalidRequestException +// Indicates that something is wrong with the input to the request. For example, +// a parameter is of the wrong type. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/StartCopyJob func (c *Backup) StartCopyJob(input *StartCopyJobInput) (*StartCopyJobOutput, error) { req, out := c.StartCopyJobRequest(input) @@ -5131,6 +5255,8 @@ func (c *Backup) UpdateRecoveryPointLifecycleRequest(input *UpdateRecoveryPointL // // Only Amazon EFS file system backups can be transitioned to cold storage. // +// Does not support continuous backups. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7664,6 +7790,79 @@ func (s *DescribeRestoreJobOutput) SetStatusMessage(v string) *DescribeRestoreJo return s } +type DisassociateRecoveryPointInput struct { + _ struct{} `type:"structure"` + + // The unique name of an AWS Backup vault. Required. + // + // BackupVaultName is a required field + BackupVaultName *string `location:"uri" locationName:"backupVaultName" type:"string" required:"true"` + + // An Amazon Resource Name (ARN) that uniquely identifies an AWS Backup recovery + // point. Required. + // + // RecoveryPointArn is a required field + RecoveryPointArn *string `location:"uri" locationName:"recoveryPointArn" type:"string" required:"true"` +} + +// String returns the string representation +func (s DisassociateRecoveryPointInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisassociateRecoveryPointInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisassociateRecoveryPointInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisassociateRecoveryPointInput"} + if s.BackupVaultName == nil { + invalidParams.Add(request.NewErrParamRequired("BackupVaultName")) + } + if s.BackupVaultName != nil && len(*s.BackupVaultName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("BackupVaultName", 1)) + } + if s.RecoveryPointArn == nil { + invalidParams.Add(request.NewErrParamRequired("RecoveryPointArn")) + } + if s.RecoveryPointArn != nil && len(*s.RecoveryPointArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("RecoveryPointArn", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetBackupVaultName sets the BackupVaultName field's value. +func (s *DisassociateRecoveryPointInput) SetBackupVaultName(v string) *DisassociateRecoveryPointInput { + s.BackupVaultName = &v + return s +} + +// SetRecoveryPointArn sets the RecoveryPointArn field's value. +func (s *DisassociateRecoveryPointInput) SetRecoveryPointArn(v string) *DisassociateRecoveryPointInput { + s.RecoveryPointArn = &v + return s +} + +type DisassociateRecoveryPointOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DisassociateRecoveryPointOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisassociateRecoveryPointOutput) GoString() string { + return s.String() +} + type ExportBackupPlanTemplateInput struct { _ struct{} `type:"structure"` @@ -8613,6 +8812,70 @@ func (s *InvalidRequestException) RequestID() string { return s.RespMetadata.RequestID } +// AWS Backup is already performing an action on this recovery point. It can't +// perform the action you requested until the first action finishes. Try again +// later. +type InvalidResourceStateException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Code_ *string `locationName:"Code" type:"string"` + + Context *string `type:"string"` + + Message_ *string `locationName:"Message" type:"string"` + + Type *string `type:"string"` +} + +// String returns the string representation +func (s InvalidResourceStateException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidResourceStateException) GoString() string { + return s.String() +} + +func newErrorInvalidResourceStateException(v protocol.ResponseMetadata) error { + return &InvalidResourceStateException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidResourceStateException) Code() string { + return "InvalidResourceStateException" +} + +// Message returns the exception's message. +func (s *InvalidResourceStateException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidResourceStateException) OrigErr() error { + return nil +} + +func (s *InvalidResourceStateException) Error() string { + return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidResourceStateException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidResourceStateException) RequestID() string { + return s.RespMetadata.RequestID +} + // Contains detailed information about a backup job. type Job struct { _ struct{} `type:"structure"` @@ -11397,6 +11660,11 @@ type Rule struct { // An array of CopyAction objects, which contains the details of the copy operation. CopyActions []*CopyAction `type:"list"` + // Specifies whether AWS Backup creates continuous backups. True causes AWS + // Backup to create continuous backups capable of point-in-time restore (PITR). + // False (or not specified) causes AWS Backup to create snapshot backups. + EnableContinuousBackup *bool `type:"boolean"` + // The lifecycle defines when a protected resource is transitioned to cold storage // and when it expires. AWS Backup transitions and expires backups automatically // according to the lifecycle that you define. @@ -11466,6 +11734,12 @@ func (s *Rule) SetCopyActions(v []*CopyAction) *Rule { return s } +// SetEnableContinuousBackup sets the EnableContinuousBackup field's value. +func (s *Rule) SetEnableContinuousBackup(v bool) *Rule { + s.EnableContinuousBackup = &v + return s +} + // SetLifecycle sets the Lifecycle field's value. func (s *Rule) SetLifecycle(v *Lifecycle) *Rule { s.Lifecycle = v @@ -11519,6 +11793,11 @@ type RuleInput struct { // An array of CopyAction objects, which contains the details of the copy operation. CopyActions []*CopyAction `type:"list"` + // Specifies whether AWS Backup creates continuous backups. True causes AWS + // Backup to create continuous backups capable of point-in-time restore (PITR). + // False (or not specified) causes AWS Backup to create snapshot backups. + EnableContinuousBackup *bool `type:"boolean"` + // The lifecycle defines when a protected resource is transitioned to cold storage // and when it expires. AWS Backup will transition and expire backups automatically // according to the lifecycle that you define. @@ -11605,6 +11884,12 @@ func (s *RuleInput) SetCopyActions(v []*CopyAction) *RuleInput { return s } +// SetEnableContinuousBackup sets the EnableContinuousBackup field's value. +func (s *RuleInput) SetEnableContinuousBackup(v bool) *RuleInput { + s.EnableContinuousBackup = &v + return s +} + // SetLifecycle sets the Lifecycle field's value. func (s *RuleInput) SetLifecycle(v *Lifecycle) *RuleInput { s.Lifecycle = v diff --git a/service/backup/backupiface/interface.go b/service/backup/backupiface/interface.go index 68c978b0587..3d26d354207 100644 --- a/service/backup/backupiface/interface.go +++ b/service/backup/backupiface/interface.go @@ -128,6 +128,10 @@ type BackupAPI interface { DescribeRestoreJobWithContext(aws.Context, *backup.DescribeRestoreJobInput, ...request.Option) (*backup.DescribeRestoreJobOutput, error) DescribeRestoreJobRequest(*backup.DescribeRestoreJobInput) (*request.Request, *backup.DescribeRestoreJobOutput) + DisassociateRecoveryPoint(*backup.DisassociateRecoveryPointInput) (*backup.DisassociateRecoveryPointOutput, error) + DisassociateRecoveryPointWithContext(aws.Context, *backup.DisassociateRecoveryPointInput, ...request.Option) (*backup.DisassociateRecoveryPointOutput, error) + DisassociateRecoveryPointRequest(*backup.DisassociateRecoveryPointInput) (*request.Request, *backup.DisassociateRecoveryPointOutput) + ExportBackupPlanTemplate(*backup.ExportBackupPlanTemplateInput) (*backup.ExportBackupPlanTemplateOutput, error) ExportBackupPlanTemplateWithContext(aws.Context, *backup.ExportBackupPlanTemplateInput, ...request.Option) (*backup.ExportBackupPlanTemplateOutput, error) ExportBackupPlanTemplateRequest(*backup.ExportBackupPlanTemplateInput) (*request.Request, *backup.ExportBackupPlanTemplateOutput) diff --git a/service/backup/errors.go b/service/backup/errors.go index b0c5ec8a5ff..8a4eeb34e5e 100644 --- a/service/backup/errors.go +++ b/service/backup/errors.go @@ -35,6 +35,14 @@ const ( // a parameter is of the wrong type. ErrCodeInvalidRequestException = "InvalidRequestException" + // ErrCodeInvalidResourceStateException for service response error code + // "InvalidResourceStateException". + // + // AWS Backup is already performing an action on this recovery point. It can't + // perform the action you requested until the first action finishes. Try again + // later. + ErrCodeInvalidResourceStateException = "InvalidResourceStateException" + // ErrCodeLimitExceededException for service response error code // "LimitExceededException". // @@ -66,6 +74,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "DependencyFailureException": newErrorDependencyFailureException, "InvalidParameterValueException": newErrorInvalidParameterValueException, "InvalidRequestException": newErrorInvalidRequestException, + "InvalidResourceStateException": newErrorInvalidResourceStateException, "LimitExceededException": newErrorLimitExceededException, "MissingParameterValueException": newErrorMissingParameterValueException, "ResourceNotFoundException": newErrorResourceNotFoundException, diff --git a/service/s3/api.go b/service/s3/api.go index 8182416c3e9..07bf5d5f443 100644 --- a/service/s3/api.go +++ b/service/s3/api.go @@ -11690,6 +11690,9 @@ type CORSRule struct { // object). ExposeHeaders []*string `locationName:"ExposeHeader" type:"list" flattened:"true"` + // Unique identifier for the rule. The value cannot be longer than 255 characters. + ID *string `type:"string"` + // The time in seconds that your browser is to cache the preflight response // for the specified resource. MaxAgeSeconds *int64 `type:"integer"` @@ -11745,6 +11748,12 @@ func (s *CORSRule) SetExposeHeaders(v []*string) *CORSRule { return s } +// SetID sets the ID field's value. +func (s *CORSRule) SetID(v string) *CORSRule { + s.ID = &v + return s +} + // SetMaxAgeSeconds sets the MaxAgeSeconds field's value. func (s *CORSRule) SetMaxAgeSeconds(v int64) *CORSRule { s.MaxAgeSeconds = &v diff --git a/service/s3/examples_test.go b/service/s3/examples_test.go index 2b2cebeafe7..368e295e382 100644 --- a/service/s3/examples_test.go +++ b/service/s3/examples_test.go @@ -411,14 +411,14 @@ func ExampleS3_DeleteBucketWebsite_shared00() { fmt.Println(result) } -// To delete an object (from a non-versioned bucket) +// To delete an object // -// The following example deletes an object from a non-versioned bucket. +// The following example deletes an object from an S3 bucket. func ExampleS3_DeleteObject_shared00() { svc := s3.New(session.New()) input := &s3.DeleteObjectInput{ - Bucket: aws.String("ExampleBucket"), - Key: aws.String("HappyFace.jpg"), + Bucket: aws.String("examplebucket"), + Key: aws.String("objectkey.jpg"), } result, err := svc.DeleteObject(input) @@ -439,14 +439,14 @@ func ExampleS3_DeleteObject_shared00() { fmt.Println(result) } -// To delete an object +// To delete an object (from a non-versioned bucket) // -// The following example deletes an object from an S3 bucket. +// The following example deletes an object from a non-versioned bucket. func ExampleS3_DeleteObject_shared01() { svc := s3.New(session.New()) input := &s3.DeleteObjectInput{ - Bucket: aws.String("examplebucket"), - Key: aws.String("objectkey.jpg"), + Bucket: aws.String("ExampleBucket"), + Key: aws.String("HappyFace.jpg"), } result, err := svc.DeleteObject(input) @@ -527,11 +527,11 @@ func ExampleS3_DeleteObjectTagging_shared01() { fmt.Println(result) } -// To delete multiple object versions from a versioned bucket +// To delete multiple objects from a versioned bucket // -// The following example deletes objects from a bucket. The request specifies object -// versions. S3 deletes specific object versions and returns the key and versions of -// deleted objects in the response. +// The following example deletes objects from a bucket. The bucket is versioned, and +// the request does not specify the object version to delete. In this case, all versions +// remain in the bucket and S3 adds a delete marker. func ExampleS3_DeleteObjects_shared00() { svc := s3.New(session.New()) input := &s3.DeleteObjectsInput{ @@ -539,12 +539,10 @@ func ExampleS3_DeleteObjects_shared00() { Delete: &s3.Delete{ Objects: []*s3.ObjectIdentifier{ { - Key: aws.String("HappyFace.jpg"), - VersionId: aws.String("2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b"), + Key: aws.String("objectkey1"), }, { - Key: aws.String("HappyFace.jpg"), - VersionId: aws.String("yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd"), + Key: aws.String("objectkey2"), }, }, Quiet: aws.Bool(false), @@ -569,11 +567,11 @@ func ExampleS3_DeleteObjects_shared00() { fmt.Println(result) } -// To delete multiple objects from a versioned bucket +// To delete multiple object versions from a versioned bucket // -// The following example deletes objects from a bucket. The bucket is versioned, and -// the request does not specify the object version to delete. In this case, all versions -// remain in the bucket and S3 adds a delete marker. +// The following example deletes objects from a bucket. The request specifies object +// versions. S3 deletes specific object versions and returns the key and versions of +// deleted objects in the response. func ExampleS3_DeleteObjects_shared01() { svc := s3.New(session.New()) input := &s3.DeleteObjectsInput{ @@ -581,10 +579,12 @@ func ExampleS3_DeleteObjects_shared01() { Delete: &s3.Delete{ Objects: []*s3.ObjectIdentifier{ { - Key: aws.String("objectkey1"), + Key: aws.String("HappyFace.jpg"), + VersionId: aws.String("2LWg7lQLnY41.maGB5Z6SWW.dcq0vx7b"), }, { - Key: aws.String("objectkey2"), + Key: aws.String("HappyFace.jpg"), + VersionId: aws.String("yoz3HB.ZhCS_tKVEmIOr7qYyyAaZSKVd"), }, }, Quiet: aws.Bool(false), @@ -934,14 +934,16 @@ func ExampleS3_GetBucketWebsite_shared00() { fmt.Println(result) } -// To retrieve an object +// To retrieve a byte range of an object // -// The following example retrieves an object for an S3 bucket. +// The following example retrieves an object for an S3 bucket. The request specifies +// the range header to retrieve a specific byte range. func ExampleS3_GetObject_shared00() { svc := s3.New(session.New()) input := &s3.GetObjectInput{ Bucket: aws.String("examplebucket"), - Key: aws.String("HappyFace.jpg"), + Key: aws.String("SampleFile.txt"), + Range: aws.String("bytes=0-9"), } result, err := svc.GetObject(input) @@ -966,16 +968,14 @@ func ExampleS3_GetObject_shared00() { fmt.Println(result) } -// To retrieve a byte range of an object +// To retrieve an object // -// The following example retrieves an object for an S3 bucket. The request specifies -// the range header to retrieve a specific byte range. +// The following example retrieves an object for an S3 bucket. func ExampleS3_GetObject_shared01() { svc := s3.New(session.New()) input := &s3.GetObjectInput{ Bucket: aws.String("examplebucket"), - Key: aws.String("SampleFile.txt"), - Range: aws.String("bytes=0-9"), + Key: aws.String("HappyFace.jpg"), } result, err := svc.GetObject(input) @@ -1201,13 +1201,17 @@ func ExampleS3_ListBuckets_shared00() { fmt.Println(result) } -// To list in-progress multipart uploads on a bucket +// List next set of multipart uploads when previous result is truncated // -// The following example lists in-progress multipart uploads on a specific bucket. +// The following example specifies the upload-id-marker and key-marker from previous +// truncated response to retrieve next setup of multipart uploads. func ExampleS3_ListMultipartUploads_shared00() { svc := s3.New(session.New()) input := &s3.ListMultipartUploadsInput{ - Bucket: aws.String("examplebucket"), + Bucket: aws.String("examplebucket"), + KeyMarker: aws.String("nextkeyfrompreviousresponse"), + MaxUploads: aws.Int64(2), + UploadIdMarker: aws.String("valuefrompreviousresponse"), } result, err := svc.ListMultipartUploads(input) @@ -1228,17 +1232,13 @@ func ExampleS3_ListMultipartUploads_shared00() { fmt.Println(result) } -// List next set of multipart uploads when previous result is truncated +// To list in-progress multipart uploads on a bucket // -// The following example specifies the upload-id-marker and key-marker from previous -// truncated response to retrieve next setup of multipart uploads. +// The following example lists in-progress multipart uploads on a specific bucket. func ExampleS3_ListMultipartUploads_shared01() { svc := s3.New(session.New()) input := &s3.ListMultipartUploadsInput{ - Bucket: aws.String("examplebucket"), - KeyMarker: aws.String("nextkeyfrompreviousresponse"), - MaxUploads: aws.Int64(2), - UploadIdMarker: aws.String("valuefrompreviousresponse"), + Bucket: aws.String("examplebucket"), } result, err := svc.ListMultipartUploads(input) @@ -1808,17 +1808,17 @@ func ExampleS3_PutBucketWebsite_shared00() { fmt.Println(result) } -// To upload an object +// To upload an object and specify optional tags // -// The following example uploads an object to a versioning-enabled bucket. The source -// file is specified using Windows file syntax. S3 returns VersionId of the newly created -// object. +// The following example uploads an object. The request specifies optional object tags. +// The bucket is versioned, therefore S3 returns version ID of the newly created object. func ExampleS3_PutObject_shared00() { svc := s3.New(session.New()) input := &s3.PutObjectInput{ - Body: aws.ReadSeekCloser(strings.NewReader("HappyFace.jpg")), - Bucket: aws.String("examplebucket"), - Key: aws.String("HappyFace.jpg"), + Body: aws.ReadSeekCloser(strings.NewReader("c:\\HappyFace.jpg")), + Bucket: aws.String("examplebucket"), + Key: aws.String("HappyFace.jpg"), + Tagging: aws.String("key1=value1&key2=value2"), } result, err := svc.PutObject(input) @@ -1839,19 +1839,18 @@ func ExampleS3_PutObject_shared00() { fmt.Println(result) } -// To upload an object and specify server-side encryption and object tags +// To upload an object and specify canned ACL. // -// The following example uploads and object. The request specifies the optional server-side -// encryption option. The request also specifies optional object tags. If the bucket -// is versioning enabled, S3 returns version ID in response. +// The following example uploads and object. The request specifies optional canned ACL +// (access control list) to all READ access to authenticated users. If the bucket is +// versioning enabled, S3 returns version ID in response. func ExampleS3_PutObject_shared01() { svc := s3.New(session.New()) input := &s3.PutObjectInput{ - Body: aws.ReadSeekCloser(strings.NewReader("filetoupload")), - Bucket: aws.String("examplebucket"), - Key: aws.String("exampleobject"), - ServerSideEncryption: aws.String("AES256"), - Tagging: aws.String("key1=value1&key2=value2"), + ACL: aws.String("authenticated-read"), + Body: aws.ReadSeekCloser(strings.NewReader("filetoupload")), + Bucket: aws.String("examplebucket"), + Key: aws.String("exampleobject"), } result, err := svc.PutObject(input) @@ -1872,18 +1871,16 @@ func ExampleS3_PutObject_shared01() { fmt.Println(result) } -// To upload an object (specify optional headers) +// To create an object. // -// The following example uploads an object. The request specifies optional request headers -// to directs S3 to use specific storage class and use server-side encryption. +// The following example creates an object. If the bucket is versioning enabled, S3 +// returns version ID in response. func ExampleS3_PutObject_shared02() { svc := s3.New(session.New()) input := &s3.PutObjectInput{ - Body: aws.ReadSeekCloser(strings.NewReader("HappyFace.jpg")), - Bucket: aws.String("examplebucket"), - Key: aws.String("HappyFace.jpg"), - ServerSideEncryption: aws.String("AES256"), - StorageClass: aws.String("STANDARD_IA"), + Body: aws.ReadSeekCloser(strings.NewReader("filetoupload")), + Bucket: aws.String("examplebucket"), + Key: aws.String("objectkey"), } result, err := svc.PutObject(input) @@ -1904,16 +1901,19 @@ func ExampleS3_PutObject_shared02() { fmt.Println(result) } -// To create an object. +// To upload an object and specify server-side encryption and object tags // -// The following example creates an object. If the bucket is versioning enabled, S3 -// returns version ID in response. +// The following example uploads and object. The request specifies the optional server-side +// encryption option. The request also specifies optional object tags. If the bucket +// is versioning enabled, S3 returns version ID in response. func ExampleS3_PutObject_shared03() { svc := s3.New(session.New()) input := &s3.PutObjectInput{ - Body: aws.ReadSeekCloser(strings.NewReader("filetoupload")), - Bucket: aws.String("examplebucket"), - Key: aws.String("objectkey"), + Body: aws.ReadSeekCloser(strings.NewReader("filetoupload")), + Bucket: aws.String("examplebucket"), + Key: aws.String("exampleobject"), + ServerSideEncryption: aws.String("AES256"), + Tagging: aws.String("key1=value1&key2=value2"), } result, err := svc.PutObject(input) @@ -1934,18 +1934,20 @@ func ExampleS3_PutObject_shared03() { fmt.Println(result) } -// To upload an object and specify canned ACL. +// To upload object and specify user-defined metadata // -// The following example uploads and object. The request specifies optional canned ACL -// (access control list) to all READ access to authenticated users. If the bucket is -// versioning enabled, S3 returns version ID in response. +// The following example creates an object. The request also specifies optional metadata. +// If the bucket is versioning enabled, S3 returns version ID in response. func ExampleS3_PutObject_shared04() { svc := s3.New(session.New()) input := &s3.PutObjectInput{ - ACL: aws.String("authenticated-read"), Body: aws.ReadSeekCloser(strings.NewReader("filetoupload")), Bucket: aws.String("examplebucket"), Key: aws.String("exampleobject"), + Metadata: map[string]*string{ + "metadata1": aws.String("value1"), + "metadata2": aws.String("value2"), + }, } result, err := svc.PutObject(input) @@ -1966,17 +1968,17 @@ func ExampleS3_PutObject_shared04() { fmt.Println(result) } -// To upload an object and specify optional tags +// To upload an object // -// The following example uploads an object. The request specifies optional object tags. -// The bucket is versioned, therefore S3 returns version ID of the newly created object. +// The following example uploads an object to a versioning-enabled bucket. The source +// file is specified using Windows file syntax. S3 returns VersionId of the newly created +// object. func ExampleS3_PutObject_shared05() { svc := s3.New(session.New()) input := &s3.PutObjectInput{ - Body: aws.ReadSeekCloser(strings.NewReader("c:\\HappyFace.jpg")), - Bucket: aws.String("examplebucket"), - Key: aws.String("HappyFace.jpg"), - Tagging: aws.String("key1=value1&key2=value2"), + Body: aws.ReadSeekCloser(strings.NewReader("HappyFace.jpg")), + Bucket: aws.String("examplebucket"), + Key: aws.String("HappyFace.jpg"), } result, err := svc.PutObject(input) @@ -1997,20 +1999,18 @@ func ExampleS3_PutObject_shared05() { fmt.Println(result) } -// To upload object and specify user-defined metadata +// To upload an object (specify optional headers) // -// The following example creates an object. The request also specifies optional metadata. -// If the bucket is versioning enabled, S3 returns version ID in response. +// The following example uploads an object. The request specifies optional request headers +// to directs S3 to use specific storage class and use server-side encryption. func ExampleS3_PutObject_shared06() { svc := s3.New(session.New()) input := &s3.PutObjectInput{ - Body: aws.ReadSeekCloser(strings.NewReader("filetoupload")), - Bucket: aws.String("examplebucket"), - Key: aws.String("exampleobject"), - Metadata: map[string]*string{ - "metadata1": aws.String("value1"), - "metadata2": aws.String("value2"), - }, + Body: aws.ReadSeekCloser(strings.NewReader("HappyFace.jpg")), + Bucket: aws.String("examplebucket"), + Key: aws.String("HappyFace.jpg"), + ServerSideEncryption: aws.String("AES256"), + StorageClass: aws.String("STANDARD_IA"), } result, err := svc.PutObject(input) diff --git a/service/ssm/api.go b/service/ssm/api.go index 14df3063a5f..34f5a49e68b 100644 --- a/service/ssm/api.go +++ b/service/ssm/api.go @@ -15209,6 +15209,12 @@ type AddTagsToResourceInput struct { // // PatchBaseline: pb-012345abcde // + // OpsMetadata object: ResourceID for tagging is created from the Amazon Resource + // Name (ARN) for the object. Specifically, ResourceID is created from the strings + // that come after the word opsmetadata in the ARN. For example, an OpsMetadata + // object with an ARN of arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager + // has a ResourceID of either aws/ssm/MyGroup/appmanager or /aws/ssm/MyGroup/appmanager. + // // For the Document and Parameter values, use the name of the resource. // // The ManagedInstance type for this API action is only for on-premises managed @@ -20990,6 +20996,18 @@ type CreateOpsMetadataInput struct { // // ResourceId is a required field ResourceId *string `min:"1" type:"string" required:"true"` + + // Optional metadata that you assign to a resource. You can specify a maximum + // of five tags for an OpsMetadata object. Tags enable you to categorize a resource + // in different ways, such as by purpose, owner, or environment. For example, + // you might want to tag an OpsMetadata object to identify an environment or + // target AWS Region. In this case, you could specify the following key-value + // pairs: + // + // * Key=Environment,Value=Production + // + // * Key=Region,Value=us-east-2 + Tags []*Tag `type:"list"` } // String returns the string representation @@ -21024,6 +21042,16 @@ func (s *CreateOpsMetadataInput) Validate() error { } } } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -21043,6 +21071,12 @@ func (s *CreateOpsMetadataInput) SetResourceId(v string) *CreateOpsMetadataInput return s } +// SetTags sets the Tags field's value. +func (s *CreateOpsMetadataInput) SetTags(v []*Tag) *CreateOpsMetadataInput { + s.Tags = v + return s +} + type CreateOpsMetadataOutput struct { _ struct{} `type:"structure"` @@ -28014,11 +28048,13 @@ type GetCommandInvocationInput struct { // InstanceId is a required field InstanceId *string `type:"string" required:"true"` - // (Optional) The name of the plugin for which you want detailed results. If - // the document contains only one plugin, the name can be omitted and the details - // will be returned. + // The name of the plugin for which you want detailed results. If the document + // contains only one plugin, you can omit the name and details for that plugin + // are returned. If the document contains more than one plugin, you must specify + // the name of the plugin for which you want to view details. // // Plugin names are also referred to as step names in Systems Manager documents. + // For example, aws:RunShellScript is a plugin. PluginName *string `min:"4" type:"string"` } @@ -28116,8 +28152,8 @@ type GetCommandInvocationOutput struct { // configured for Systems Manager. InstanceId *string `type:"string"` - // The name of the plugin for which you want detailed results. For example, - // aws:RunShellScript is a plugin. + // The name of the plugin, or step name, for which details are reported. For + // example, aws:RunShellScript is a plugin. PluginName *string `min:"4" type:"string"` // The error level response code for the plugin script. If the response code @@ -31373,6 +31409,10 @@ func (s *InstanceAssociation) SetInstanceId(v string) *InstanceAssociation { } // An S3 bucket where you want to store the results of this request. +// +// For the minimal permissions required to enable Amazon S3 output for an association, +// see Creating associations (https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-state-assoc.html) +// in the Systems Manager User Guide. type InstanceAssociationOutputLocation struct { _ struct{} `type:"structure"` @@ -44173,6 +44213,12 @@ type RemoveTagsFromResourceInput struct { // // PatchBaseline: pb-012345abcde // + // OpsMetadata object: ResourceID for tagging is created from the Amazon Resource + // Name (ARN) for the object. Specifically, ResourceID is created from the strings + // that come after the word opsmetadata in the ARN. For example, an OpsMetadata + // object with an ARN of arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager + // has a ResourceID of either aws/ssm/MyGroup/appmanager or /aws/ssm/MyGroup/appmanager. + // // For the Document and Parameter values, use the name of the resource. // // The ManagedInstance type for this API action is only for on-premises managed @@ -53205,6 +53251,9 @@ const ( // ResourceTypeForTaggingOpsItem is a ResourceTypeForTagging enum value ResourceTypeForTaggingOpsItem = "OpsItem" + + // ResourceTypeForTaggingOpsMetadata is a ResourceTypeForTagging enum value + ResourceTypeForTaggingOpsMetadata = "OpsMetadata" ) // ResourceTypeForTagging_Values returns all elements of the ResourceTypeForTagging enum @@ -53216,6 +53265,7 @@ func ResourceTypeForTagging_Values() []string { ResourceTypeForTaggingParameter, ResourceTypeForTaggingPatchBaseline, ResourceTypeForTaggingOpsItem, + ResourceTypeForTaggingOpsMetadata, } }