|
23 | 23 | "GetGeneratedPolicy": "<p>Retrieves the policy that was generated using <code>StartPolicyGeneration</code>. </p>", |
24 | 24 | "ListAccessPreviewFindings": "<p>Retrieves a list of access preview findings generated by the specified access preview.</p>", |
25 | 25 | "ListAccessPreviews": "<p>Retrieves a list of access previews for the specified analyzer.</p>", |
26 | | - "ListAnalyzedResources": "<p>Retrieves a list of resources of the specified type that have been analyzed by the specified external access analyzer. This action is not supported for unused access analyzers.</p>", |
| 26 | + "ListAnalyzedResources": "<p>Retrieves a list of resources of the specified type that have been analyzed by the specified analyzer.</p>", |
27 | 27 | "ListAnalyzers": "<p>Retrieves a list of analyzers.</p>", |
28 | 28 | "ListArchiveRules": "<p>Retrieves a list of archive rules created for the specified analyzer.</p>", |
29 | 29 | "ListFindings": "<p>Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use <code>access-analyzer:ListFindings</code> in the <code>Action</code> element of an IAM policy statement. You must have permission to perform the <code>access-analyzer:ListFindings</code> action.</p> <p>To learn about filter keys that you can use to retrieve a list of findings, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html\">IAM Access Analyzer filter keys</a> in the <b>IAM User Guide</b>.</p>", |
|
34 | 34 | "StartResourceScan": "<p>Immediately starts a scan of the policies applied to the specified resource.</p>", |
35 | 35 | "TagResource": "<p>Adds a tag to the specified resource.</p>", |
36 | 36 | "UntagResource": "<p>Removes a tag from the specified resource.</p>", |
| 37 | + "UpdateAnalyzer": "<p>Modifies the configuration of an existing analyzer.</p>", |
37 | 38 | "UpdateArchiveRule": "<p>Updates the criteria and values for the specified archive rule.</p>", |
38 | 39 | "UpdateFindings": "<p>Updates the status for the specified findings.</p>", |
39 | 40 | "ValidatePolicy": "<p>Requests the validation of a policy and returns a list of findings. The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices. </p>" |
|
162 | 163 | "Access$resources": "<p>A list of resources for the access permissions. Any strings that can be used as an Amazon Resource Name (ARN) in an IAM policy can be used in the list of resources to check. You can only use a wildcard in the portion of the ARN that specifies the resource ID.</p>" |
163 | 164 | } |
164 | 165 | }, |
| 166 | + "AccountIdsList": { |
| 167 | + "base": null, |
| 168 | + "refs": { |
| 169 | + "AnalysisRuleCriteria$accountIds": "<p>A list of Amazon Web Services account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers. The list cannot include more than 2,000 account IDs.</p>" |
| 170 | + } |
| 171 | + }, |
165 | 172 | "AclCanonicalId": { |
166 | 173 | "base": null, |
167 | 174 | "refs": { |
|
202 | 209 | "FindingSummary$action": "<p>The action in the analyzed policy statement that an external principal has permission to use.</p>" |
203 | 210 | } |
204 | 211 | }, |
| 212 | + "AnalysisRule": { |
| 213 | + "base": "<p>Contains information about analysis rules for the analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.</p>", |
| 214 | + "refs": { |
| 215 | + "UnusedAccessConfiguration$analysisRule": null |
| 216 | + } |
| 217 | + }, |
| 218 | + "AnalysisRuleCriteria": { |
| 219 | + "base": "<p>The criteria for an analysis rule for an analyzer. The criteria determine which entities will generate findings.</p>", |
| 220 | + "refs": { |
| 221 | + "AnalysisRuleCriteriaList$member": null |
| 222 | + } |
| 223 | + }, |
| 224 | + "AnalysisRuleCriteriaList": { |
| 225 | + "base": null, |
| 226 | + "refs": { |
| 227 | + "AnalysisRule$exclusions": "<p>A list of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings.</p>" |
| 228 | + } |
| 229 | + }, |
205 | 230 | "AnalyzedResource": { |
206 | 231 | "base": "<p>Contains details about the analyzed resource.</p>", |
207 | 232 | "refs": { |
|
245 | 270 | } |
246 | 271 | }, |
247 | 272 | "AnalyzerConfiguration": { |
248 | | - "base": "<p>Contains information about the configuration of an unused access analyzer for an Amazon Web Services organization or account.</p>", |
| 273 | + "base": "<p>Contains information about the configuration of an analyzer for an Amazon Web Services organization or account.</p>", |
249 | 274 | "refs": { |
250 | 275 | "AnalyzerSummary$configuration": "<p>Specifies whether the analyzer is an external access or unused access analyzer.</p>", |
251 | | - "CreateAnalyzerRequest$configuration": "<p>Specifies the configuration of the analyzer. If the analyzer is an unused access analyzer, the specified scope of unused access is used for the configuration. If the analyzer is an external access analyzer, this field is not used.</p>" |
| 276 | + "CreateAnalyzerRequest$configuration": "<p>Specifies the configuration of the analyzer. If the analyzer is an unused access analyzer, the specified scope of unused access is used for the configuration.</p>", |
| 277 | + "UpdateAnalyzerRequest$configuration": null, |
| 278 | + "UpdateAnalyzerResponse$configuration": null |
252 | 279 | } |
253 | 280 | }, |
254 | 281 | "AnalyzerStatus": { |
|
276 | 303 | } |
277 | 304 | }, |
278 | 305 | "ArchiveRuleSummary": { |
279 | | - "base": "<p>Contains information about an archive rule.</p>", |
| 306 | + "base": "<p>Contains information about an archive rule. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.</p>", |
280 | 307 | "refs": { |
281 | 308 | "ArchiveRulesList$member": null, |
282 | 309 | "GetArchiveRuleResponse$archiveRule": null |
|
861 | 888 | "Substring$start": "<p>The start index of the substring, starting from 0.</p>", |
862 | 889 | "Substring$length": "<p>The length of the substring.</p>", |
863 | 890 | "ThrottlingException$retryAfterSeconds": "<p>The seconds to wait to retry.</p>", |
864 | | - "UnusedAccessConfiguration$unusedAccessAge": "<p>The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.</p>", |
| 891 | + "UnusedAccessConfiguration$unusedAccessAge": "<p>The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.</p>", |
865 | 892 | "ValidatePolicyRequest$maxResults": "<p>The maximum number of results to return in the response.</p>" |
866 | 893 | } |
867 | 894 | }, |
|
1132 | 1159 | "GetArchiveRuleRequest$ruleName": "<p>The name of the rule to retrieve.</p>", |
1133 | 1160 | "InlineArchiveRule$ruleName": "<p>The name of the rule.</p>", |
1134 | 1161 | "ListArchiveRulesRequest$analyzerName": "<p>The name of the analyzer to retrieve rules from.</p>", |
| 1162 | + "UpdateAnalyzerRequest$analyzerName": "<p>The name of the analyzer to modify.</p>", |
1135 | 1163 | "UpdateArchiveRuleRequest$analyzerName": "<p>The name of the analyzer to update the archive rules for.</p>", |
1136 | 1164 | "UpdateArchiveRuleRequest$ruleName": "<p>The name of the rule to update.</p>" |
1137 | 1165 | } |
|
1573 | 1601 | "AccessPreviewFinding$resource": "<p>The resource that an external principal has access to. This is the resource associated with the access preview.</p>", |
1574 | 1602 | "AccessPreviewFinding$resourceOwnerAccount": "<p>The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning account is the account in which the resource was created.</p>", |
1575 | 1603 | "AccessPreviewFinding$error": "<p>An error.</p>", |
| 1604 | + "AccountIdsList$member": null, |
1576 | 1605 | "ActionList$member": null, |
1577 | 1606 | "AnalyzedResource$resourceOwnerAccount": "<p>The Amazon Web Services account ID that owns the resource.</p>", |
1578 | 1607 | "AnalyzedResource$error": "<p>An error message.</p>", |
|
1674 | 1703 | "refs": { |
1675 | 1704 | } |
1676 | 1705 | }, |
| 1706 | + "TagsList": { |
| 1707 | + "base": null, |
| 1708 | + "refs": { |
| 1709 | + "AnalysisRuleCriteria$resourceTags": "<p>An array of key-value pairs to match for your resources. You can use the set of Unicode letters, digits, whitespace, <code>_</code>, <code>.</code>, <code>/</code>, <code>=</code>, <code>+</code>, and <code>-</code>.</p> <p>For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with <code>aws:</code>.</p> <p>For the tag value, you can specify a value that is 0 to 256 characters in length. If the specified tag value is 0 characters, the rule is applied to all principals with the specified tag key.</p>" |
| 1710 | + } |
| 1711 | + }, |
1677 | 1712 | "TagsMap": { |
1678 | 1713 | "base": null, |
1679 | 1714 | "refs": { |
1680 | 1715 | "AnalyzerSummary$tags": "<p>The tags added to the analyzer.</p>", |
1681 | | - "CreateAnalyzerRequest$tags": "<p>An array of key-value pairs to apply to the analyzer.</p>", |
| 1716 | + "CreateAnalyzerRequest$tags": "<p>An array of key-value pairs to apply to the analyzer. You can use the set of Unicode letters, digits, whitespace, <code>_</code>, <code>.</code>, <code>/</code>, <code>=</code>, <code>+</code>, and <code>-</code>.</p> <p>For the tag key, you can specify a value that is 1 to 128 characters in length and cannot be prefixed with <code>aws:</code>.</p> <p>For the tag value, you can specify a value that is 0 to 256 characters in length.</p>", |
1682 | 1717 | "ListTagsForResourceResponse$tags": "<p>The tags that are applied to the specified resource.</p>", |
1683 | | - "TagResourceRequest$tags": "<p>The tags to add to the resource.</p>" |
| 1718 | + "TagResourceRequest$tags": "<p>The tags to add to the resource.</p>", |
| 1719 | + "TagsList$member": null |
1684 | 1720 | } |
1685 | 1721 | }, |
1686 | 1722 | "ThrottlingException": { |
|
1808 | 1844 | "UnusedAccessConfiguration": { |
1809 | 1845 | "base": "<p>Contains information about an unused access analyzer.</p>", |
1810 | 1846 | "refs": { |
1811 | | - "AnalyzerConfiguration$unusedAccess": "<p>Specifies the configuration of an unused access analyzer for an Amazon Web Services organization or account. External access analyzers do not support any configuration.</p>" |
| 1847 | + "AnalyzerConfiguration$unusedAccess": "<p>Specifies the configuration of an unused access analyzer for an Amazon Web Services organization or account.</p>" |
1812 | 1848 | } |
1813 | 1849 | }, |
1814 | 1850 | "UnusedAction": { |
|
1853 | 1889 | "RecommendedStep$unusedPermissionsRecommendedStep": "<p>A recommended step for an unused permissions finding.</p>" |
1854 | 1890 | } |
1855 | 1891 | }, |
| 1892 | + "UpdateAnalyzerRequest": { |
| 1893 | + "base": null, |
| 1894 | + "refs": { |
| 1895 | + } |
| 1896 | + }, |
| 1897 | + "UpdateAnalyzerResponse": { |
| 1898 | + "base": null, |
| 1899 | + "refs": { |
| 1900 | + } |
| 1901 | + }, |
1856 | 1902 | "UpdateArchiveRuleRequest": { |
1857 | 1903 | "base": "<p>Updates the specified archive rule.</p>", |
1858 | 1904 | "refs": { |
|
0 commit comments