accessanalyzer

package module
v1.29.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 29, 2024 License: Apache-2.0 Imports: 42 Imported by: 32

Documentation

Overview

Package accessanalyzer provides the API client, operations, and parameter types for Access Analyzer.

Identity and Access Management Access Analyzer helps you to set, verify, and refine your IAM policies by providing a suite of capabilities. Its features include findings for external and unused access, basic and custom policy checks for validating policies, and policy generation to generate fine-grained policies. To start using IAM Access Analyzer to identify external or unused access, you first need to create an analyzer. External access analyzers help identify potential risks of accessing resources by enabling you to identify any resource policies that grant access to an external principal. It does this by using logic-based reasoning to analyze resource-based policies in your Amazon Web Services environment. An external principal can be another Amazon Web Services account, a root user, an IAM user or role, a federated user, an Amazon Web Services service, or an anonymous user. You can also use IAM Access Analyzer to preview public and cross-account access to your resources before deploying permissions changes. Unused access analyzers help identify potential identity access risks by enabling you to identify unused IAM roles, unused access keys, unused console passwords, and IAM principals with unused service and action-level permissions. Beyond findings, IAM Access Analyzer provides basic and custom policy checks to validate IAM policies before deploying permissions changes. You can use policy generation to refine permissions by attaching a policy generated using access activity logged in CloudTrail logs. This guide describes the IAM Access Analyzer operations that you can call programmatically. For general information about IAM Access Analyzer, see Identity and Access Management Access Analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html) in the IAM User Guide.

Index

Constants

View Source 
const ServiceAPIVersion = "2019-11-01"
View Source 
const ServiceID = "AccessAnalyzer"

Variables

This section is empty.

Functions

func NewDefaultEndpointResolver 

func NewDefaultEndpointResolver() *internalendpoints.Resolver

NewDefaultEndpointResolver constructs a new service endpoint resolver

func WithAPIOptions added in v1.0.0 

func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options)

WithAPIOptions returns a functional option for setting the Client's APIOptions option.

func WithEndpointResolver deprecated 

func WithEndpointResolver(v EndpointResolver) func(*Options)

Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for this field will likely prevent you from using any endpoint-related service features released after the introduction of EndpointResolverV2 and BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom endpoint, set the client option BaseEndpoint instead.

func WithEndpointResolverV2 added in v1.20.0 

func WithEndpointResolverV2(v EndpointResolverV2) func(*Options)

WithEndpointResolverV2 returns a functional option for setting the Client's EndpointResolverV2 option.

func WithSigV4SigningName added in v1.23.2 

func WithSigV4SigningName(name string) func(*Options)

WithSigV4SigningName applies an override to the authentication workflow to use the given signing name for SigV4-authenticated operations.

This is an advanced setting. The value here is FINAL, taking precedence over the resolved signing name from both auth scheme resolution and endpoint resolution.

func WithSigV4SigningRegion added in v1.23.2 

func WithSigV4SigningRegion(region string) func(*Options)

WithSigV4SigningRegion applies an override to the authentication workflow to use the given signing region for SigV4-authenticated operations.

This is an advanced setting. The value here is FINAL, taking precedence over the resolved signing region from both auth scheme resolution and endpoint resolution.

Types

type ApplyArchiveRuleInput added in v1.2.0 

type ApplyArchiveRuleInput struct {

	// The Amazon resource name (ARN) of the analyzer.
	//
	// This member is required.
	AnalyzerArn *string

	// The name of the rule to apply.
	//
	// This member is required.
	RuleName *string

	// A client token.
	ClientToken *string
	// contains filtered or unexported fields
}

Retroactively applies an archive rule.

type ApplyArchiveRuleOutput added in v1.2.0 

type ApplyArchiveRuleOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AuthResolverParameters added in v1.23.2 

type AuthResolverParameters struct {
	// The name of the operation being invoked.
	Operation string

	// The region in which the operation is being invoked.
	Region string
}

AuthResolverParameters contains the set of inputs necessary for auth scheme resolution.

type AuthSchemeResolver added in v1.23.2 

type AuthSchemeResolver interface {
	ResolveAuthSchemes(context.Context, *AuthResolverParameters) ([]*smithyauth.Option, error)
}

AuthSchemeResolver returns a set of possible authentication options for an operation.

type CancelPolicyGenerationInput added in v1.3.0 

type CancelPolicyGenerationInput struct {

	// The JobId that is returned by the StartPolicyGeneration operation. The JobId
	// can be used with GetGeneratedPolicy to retrieve the generated policies or used
	// with CancelPolicyGeneration to cancel the policy generation request.
	//
	// This member is required.
	JobId *string
	// contains filtered or unexported fields
}

type CancelPolicyGenerationOutput added in v1.3.0 

type CancelPolicyGenerationOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CheckAccessNotGrantedInput added in v1.24.0 

type CheckAccessNotGrantedInput struct {

	// An access object containing the permissions that shouldn't be granted by the
	// specified policy.
	//
	// This member is required.
	Access []types.Access

	// The JSON policy document to use as the content for the policy.
	//
	// This member is required.
	PolicyDocument *string

	// The type of policy. Identity policies grant permissions to IAM principals.
	// Identity policies include managed and inline policies for IAM roles, users, and
	// groups. Resource policies grant permissions on Amazon Web Services resources.
	// Resource policies include trust policies for IAM roles and bucket policies for
	// Amazon S3 buckets. You can provide a generic input such as identity policy or
	// resource policy or a specific input such as managed policy or Amazon S3 bucket
	// policy.
	//
	// This member is required.
	PolicyType types.AccessCheckPolicyType
	// contains filtered or unexported fields
}

type CheckAccessNotGrantedOutput added in v1.24.0 

type CheckAccessNotGrantedOutput struct {

	// The message indicating whether the specified access is allowed.
	Message *string

	// A description of the reasoning of the result.
	Reasons []types.ReasonSummary

	// The result of the check for whether the access is allowed. If the result is PASS
	// , the specified policy doesn't allow any of the specified permissions in the
	// access object. If the result is FAIL , the specified policy might allow some or
	// all of the permissions in the access object.
	Result types.CheckAccessNotGrantedResult

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CheckNoNewAccessInput added in v1.24.0 

type CheckNoNewAccessInput struct {

	// The JSON policy document to use as the content for the existing policy.
	//
	// This member is required.
	ExistingPolicyDocument *string

	// The JSON policy document to use as the content for the updated policy.
	//
	// This member is required.
	NewPolicyDocument *string

	// The type of policy to compare. Identity policies grant permissions to IAM
	// principals. Identity policies include managed and inline policies for IAM roles,
	// users, and groups. Resource policies grant permissions on Amazon Web Services
	// resources. Resource policies include trust policies for IAM roles and bucket
	// policies for Amazon S3 buckets. You can provide a generic input such as identity
	// policy or resource policy or a specific input such as managed policy or Amazon
	// S3 bucket policy.
	//
	// This member is required.
	PolicyType types.AccessCheckPolicyType
	// contains filtered or unexported fields
}

type CheckNoNewAccessOutput added in v1.24.0 

type CheckNoNewAccessOutput struct {

	// The message indicating whether the updated policy allows new access.
	Message *string

	// A description of the reasoning of the result.
	Reasons []types.ReasonSummary

	// The result of the check for new access. If the result is PASS , no new access is
	// allowed by the updated policy. If the result is FAIL , the updated policy might
	// allow new access.
	Result types.CheckNoNewAccessResult

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client provides the API client to make operations call for Access Analyzer.

func New 

func New(options Options, optFns ...func(*Options)) *Client

New returns an initialized Client based on the functional options. Provide additional functional options to further configure the behavior of the client, such as changing the client's endpoint or adding custom middleware behavior.

func NewFromConfig 

func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client

NewFromConfig returns a new client from the provided config.

func (*Client) ApplyArchiveRule added in v1.2.0 

func (c *Client) ApplyArchiveRule(ctx context.Context, params *ApplyArchiveRuleInput, optFns ...func(*Options)) (*ApplyArchiveRuleOutput, error)

Retroactively applies the archive rule to existing findings that meet the archive rule criteria.

func (*Client) CancelPolicyGeneration added in v1.3.0 

func (c *Client) CancelPolicyGeneration(ctx context.Context, params *CancelPolicyGenerationInput, optFns ...func(*Options)) (*CancelPolicyGenerationOutput, error)

Cancels the requested policy generation.

func (*Client) CheckAccessNotGranted added in v1.24.0 

func (c *Client) CheckAccessNotGranted(ctx context.Context, params *CheckAccessNotGrantedInput, optFns ...func(*Options)) (*CheckAccessNotGrantedOutput, error)

Checks whether the specified access isn't allowed by a policy.

func (*Client) CheckNoNewAccess added in v1.24.0 

func (c *Client) CheckNoNewAccess(ctx context.Context, params *CheckNoNewAccessInput, optFns ...func(*Options)) (*CheckNoNewAccessOutput, error)

Checks whether new access is allowed for an updated policy when compared to the existing policy. You can find examples for reference policies and learn how to set up and run a custom policy check for new access in the IAM Access Analyzer custom policy checks samples (https://github.com/aws-samples/iam-access-analyzer-custom-policy-check-samples) repository on GitHub. The reference policies in this repository are meant to be passed to the existingPolicyDocument request parameter.

func (*Client) CreateAccessPreview added in v1.2.0 

func (c *Client) CreateAccessPreview(ctx context.Context, params *CreateAccessPreviewInput, optFns ...func(*Options)) (*CreateAccessPreviewOutput, error)

Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.

func (*Client) CreateAnalyzer 

func (c *Client) CreateAnalyzer(ctx context.Context, params *CreateAnalyzerInput, optFns ...func(*Options)) (*CreateAnalyzerOutput, error)

Creates an analyzer for your account.

func (*Client) CreateArchiveRule 

func (c *Client) CreateArchiveRule(ctx context.Context, params *CreateArchiveRuleInput, optFns ...func(*Options)) (*CreateArchiveRuleOutput, error)

Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule. To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html) in the IAM User Guide.

func (*Client) DeleteAnalyzer 

func (c *Client) DeleteAnalyzer(ctx context.Context, params *DeleteAnalyzerInput, optFns ...func(*Options)) (*DeleteAnalyzerOutput, error)

Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.

func (*Client) DeleteArchiveRule 

func (c *Client) DeleteArchiveRule(ctx context.Context, params *DeleteArchiveRuleInput, optFns ...func(*Options)) (*DeleteArchiveRuleOutput, error)

Deletes the specified archive rule.

func (*Client) GetAccessPreview added in v1.2.0 

func (c *Client) GetAccessPreview(ctx context.Context, params *GetAccessPreviewInput, optFns ...func(*Options)) (*GetAccessPreviewOutput, error)

Retrieves information about an access preview for the specified analyzer.

func (*Client) GetAnalyzedResource 

func (c *Client) GetAnalyzedResource(ctx context.Context, params *GetAnalyzedResourceInput, optFns ...func(*Options)) (*GetAnalyzedResourceOutput, error)

Retrieves information about a resource that was analyzed.

func (*Client) GetAnalyzer 

func (c *Client) GetAnalyzer(ctx context.Context, params *GetAnalyzerInput, optFns ...func(*Options)) (*GetAnalyzerOutput, error)

Retrieves information about the specified analyzer.

func (*Client) GetArchiveRule 

func (c *Client) GetArchiveRule(ctx context.Context, params *GetArchiveRuleInput, optFns ...func(*Options)) (*GetArchiveRuleOutput, error)

Retrieves information about an archive rule. To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html) in the IAM User Guide.

func (*Client) GetFinding 

func (c *Client) GetFinding(ctx context.Context, params *GetFindingInput, optFns ...func(*Options)) (*GetFindingOutput, error)

Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.

func (*Client) GetFindingV2 added in v1.24.0 

func (c *Client) GetFindingV2(ctx context.Context, params *GetFindingV2Input, optFns ...func(*Options)) (*GetFindingV2Output, error)

Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.

func (*Client) GetGeneratedPolicy added in v1.3.0 

func (c *Client) GetGeneratedPolicy(ctx context.Context, params *GetGeneratedPolicyInput, optFns ...func(*Options)) (*GetGeneratedPolicyOutput, error)

Retrieves the policy that was generated using StartPolicyGeneration .

func (*Client) ListAccessPreviewFindings added in v1.2.0 

func (c *Client) ListAccessPreviewFindings(ctx context.Context, params *ListAccessPreviewFindingsInput, optFns ...func(*Options)) (*ListAccessPreviewFindingsOutput, error)

Retrieves a list of access preview findings generated by the specified access preview.

func (*Client) ListAccessPreviews added in v1.2.0 

func (c *Client) ListAccessPreviews(ctx context.Context, params *ListAccessPreviewsInput, optFns ...func(*Options)) (*ListAccessPreviewsOutput, error)

Retrieves a list of access previews for the specified analyzer.

func (*Client) ListAnalyzedResources 

func (c *Client) ListAnalyzedResources(ctx context.Context, params *ListAnalyzedResourcesInput, optFns ...func(*Options)) (*ListAnalyzedResourcesOutput, error)

Retrieves a list of resources of the specified type that have been analyzed by the specified external access analyzer. This action is not supported for unused access analyzers.

func (*Client) ListAnalyzers 

func (c *Client) ListAnalyzers(ctx context.Context, params *ListAnalyzersInput, optFns ...func(*Options)) (*ListAnalyzersOutput, error)

Retrieves a list of analyzers.

func (*Client) ListArchiveRules 

func (c *Client) ListArchiveRules(ctx context.Context, params *ListArchiveRulesInput, optFns ...func(*Options)) (*ListArchiveRulesOutput, error)

Retrieves a list of archive rules created for the specified analyzer.

func (*Client) ListFindings 

func (c *Client) ListFindings(ctx context.Context, params *ListFindingsInput, optFns ...func(*Options)) (*ListFindingsOutput, error)

Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use access-analyzer:ListFindings in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:ListFindings action. To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html) in the IAM User Guide.

func (*Client) ListFindingsV2 added in v1.24.0 

func (c *Client) ListFindingsV2(ctx context.Context, params *ListFindingsV2Input, optFns ...func(*Options)) (*ListFindingsV2Output, error)

Retrieves a list of findings generated by the specified analyzer. ListFindings and ListFindingsV2 both use access-analyzer:ListFindings in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:ListFindings action. To learn about filter keys that you can use to retrieve a list of findings, see IAM Access Analyzer filter keys (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html) in the IAM User Guide.

func (*Client) ListPolicyGenerations added in v1.3.0 

func (c *Client) ListPolicyGenerations(ctx context.Context, params *ListPolicyGenerationsInput, optFns ...func(*Options)) (*ListPolicyGenerationsOutput, error)

Lists all of the policy generations requested in the last seven days.

func (*Client) ListTagsForResource 

func (c *Client) ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error)

Retrieves a list of tags applied to the specified resource.

func (*Client) Options added in v1.26.0 

func (c *Client) Options() Options

Options returns a copy of the client configuration.

Callers SHOULD NOT perform mutations on any inner structures within client config. Config overrides should instead be made on a per-operation basis through functional options.

func (*Client) StartPolicyGeneration added in v1.3.0 

func (c *Client) StartPolicyGeneration(ctx context.Context, params *StartPolicyGenerationInput, optFns ...func(*Options)) (*StartPolicyGenerationOutput, error)

Starts the policy generation request.

func (*Client) StartResourceScan 

func (c *Client) StartResourceScan(ctx context.Context, params *StartResourceScanInput, optFns ...func(*Options)) (*StartResourceScanOutput, error)

Immediately starts a scan of the policies applied to the specified resource.

func (*Client) TagResource 

func (c *Client) TagResource(ctx context.Context, params *TagResourceInput, optFns ...func(*Options)) (*TagResourceOutput, error)

Adds a tag to the specified resource.

func (*Client) UntagResource 

func (c *Client) UntagResource(ctx context.Context, params *UntagResourceInput, optFns ...func(*Options)) (*UntagResourceOutput, error)

Removes a tag from the specified resource.

func (*Client) UpdateArchiveRule 

func (c *Client) UpdateArchiveRule(ctx context.Context, params *UpdateArchiveRuleInput, optFns ...func(*Options)) (*UpdateArchiveRuleOutput, error)

Updates the criteria and values for the specified archive rule.

func (*Client) UpdateFindings 

func (c *Client) UpdateFindings(ctx context.Context, params *UpdateFindingsInput, optFns ...func(*Options)) (*UpdateFindingsOutput, error)

Updates the status for the specified findings.

func (*Client) ValidatePolicy added in v1.2.0 

func (c *Client) ValidatePolicy(ctx context.Context, params *ValidatePolicyInput, optFns ...func(*Options)) (*ValidatePolicyOutput, error)

Requests the validation of a policy and returns a list of findings. The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices.

type CreateAccessPreviewInput added in v1.2.0 

type CreateAccessPreviewInput struct {

	// The ARN of the account analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources)
	// used to generate the access preview. You can only create an access preview for
	// analyzers with an Account type and Active status.
	//
	// This member is required.
	AnalyzerArn *string

	// Access control configuration for your resource that is used to generate the
	// access preview. The access preview includes findings for external access allowed
	// to the resource with the proposed access control configuration. The
	// configuration must contain exactly one element.
	//
	// This member is required.
	Configurations map[string]types.Configuration

	// A client token.
	ClientToken *string
	// contains filtered or unexported fields
}

type CreateAccessPreviewOutput added in v1.2.0 

type CreateAccessPreviewOutput struct {

	// The unique ID for the access preview.
	//
	// This member is required.
	Id *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type CreateAnalyzerInput 

type CreateAnalyzerInput struct {

	// The name of the analyzer to create.
	//
	// This member is required.
	AnalyzerName *string

	// The type of analyzer to create. Only ACCOUNT , ORGANIZATION ,
	// ACCOUNT_UNUSED_ACCESS , and ORGANIZATION_UNUSED_ACCESS analyzers are supported.
	// You can create only one analyzer per account per Region. You can create up to 5
	// analyzers per organization per Region.
	//
	// This member is required.
	Type types.Type

	// Specifies the archive rules to add for the analyzer. Archive rules
	// automatically archive findings that meet the criteria you define for the rule.
	ArchiveRules []types.InlineArchiveRule

	// A client token.
	ClientToken *string

	// Specifies the configuration of the analyzer. If the analyzer is an unused
	// access analyzer, the specified scope of unused access is used for the
	// configuration. If the analyzer is an external access analyzer, this field is not
	// used.
	Configuration types.AnalyzerConfiguration

	// An array of key-value pairs to apply to the analyzer.
	Tags map[string]string
	// contains filtered or unexported fields
}

Creates an analyzer.

type CreateAnalyzerOutput 

type CreateAnalyzerOutput struct {

	// The ARN of the analyzer that was created by the request.
	Arn *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

The response to the request to create an analyzer.

type CreateArchiveRuleInput 

type CreateArchiveRuleInput struct {

	// The name of the created analyzer.
	//
	// This member is required.
	AnalyzerName *string

	// The criteria for the rule.
	//
	// This member is required.
	Filter map[string]types.Criterion

	// The name of the rule to create.
	//
	// This member is required.
	RuleName *string

	// A client token.
	ClientToken *string
	// contains filtered or unexported fields
}

Creates an archive rule.

type CreateArchiveRuleOutput 

type CreateArchiveRuleOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteAnalyzerInput 

type DeleteAnalyzerInput struct {

	// The name of the analyzer to delete.
	//
	// This member is required.
	AnalyzerName *string

	// A client token.
	ClientToken *string
	// contains filtered or unexported fields
}

Deletes an analyzer.

type DeleteAnalyzerOutput 

type DeleteAnalyzerOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DeleteArchiveRuleInput 

type DeleteArchiveRuleInput struct {

	// The name of the analyzer that associated with the archive rule to delete.
	//
	// This member is required.
	AnalyzerName *string

	// The name of the rule to delete.
	//
	// This member is required.
	RuleName *string

	// A client token.
	ClientToken *string
	// contains filtered or unexported fields
}

Deletes an archive rule.

type DeleteArchiveRuleOutput 

type DeleteArchiveRuleOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type EndpointParameters added in v1.20.0 

type EndpointParameters struct {
	// The AWS region used to dispatch the request.
	//
	// Parameter is
	// required.
	//
	// AWS::Region
	Region *string

	// When true, use the dual-stack endpoint. If the configured endpoint does not
	// support dual-stack, dispatching the request MAY return an error.
	//
	// Defaults to
	// false if no value is provided.
	//
	// AWS::UseDualStack
	UseDualStack *bool

	// When true, send this request to the FIPS-compliant regional endpoint. If the
	// configured endpoint does not have a FIPS compliant endpoint, dispatching the
	// request will return an error.
	//
	// Defaults to false if no value is
	// provided.
	//
	// AWS::UseFIPS
	UseFIPS *bool

	// Override the endpoint used to send this request
	//
	// Parameter is
	// required.
	//
	// SDK::Endpoint
	Endpoint *string
}

EndpointParameters provides the parameters that influence how endpoints are resolved.

func (EndpointParameters) ValidateRequired added in v1.20.0 

func (p EndpointParameters) ValidateRequired() error

ValidateRequired validates required parameters are set.

func (EndpointParameters) WithDefaults added in v1.20.0 

func (p EndpointParameters) WithDefaults() EndpointParameters

WithDefaults returns a shallow copy of EndpointParameterswith default values applied to members where applicable.

type EndpointResolver 

type EndpointResolver interface {
	ResolveEndpoint(region string, options EndpointResolverOptions) (aws.Endpoint, error)
}

EndpointResolver interface for resolving service endpoints.

func EndpointResolverFromURL added in v1.1.0 

func EndpointResolverFromURL(url string, optFns ...func(*aws.Endpoint)) EndpointResolver

EndpointResolverFromURL returns an EndpointResolver configured using the provided endpoint url. By default, the resolved endpoint resolver uses the client region as signing region, and the endpoint source is set to EndpointSourceCustom.You can provide functional options to configure endpoint values for the resolved endpoint.

type EndpointResolverFunc 

type EndpointResolverFunc func(region string, options EndpointResolverOptions) (aws.Endpoint, error)

EndpointResolverFunc is a helper utility that wraps a function so it satisfies the EndpointResolver interface. This is useful when you want to add additional endpoint resolving logic, or stub out specific endpoints with custom values.

func (EndpointResolverFunc) ResolveEndpoint 

func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error)

type EndpointResolverOptions added in v0.29.0 

type EndpointResolverOptions = internalendpoints.Options

EndpointResolverOptions is the service endpoint resolver options

type EndpointResolverV2 added in v1.20.0 

type EndpointResolverV2 interface {
	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
	// returning the endpoint if found. Otherwise an error is returned.
	ResolveEndpoint(ctx context.Context, params EndpointParameters) (
		smithyendpoints.Endpoint, error,
	)
}

EndpointResolverV2 provides the interface for resolving service endpoints.

func NewDefaultEndpointResolverV2 added in v1.20.0 

func NewDefaultEndpointResolverV2() EndpointResolverV2

type GetAccessPreviewInput added in v1.2.0 

type GetAccessPreviewInput struct {

	// The unique ID for the access preview.
	//
	// This member is required.
	AccessPreviewId *string

	// The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources)
	// used to generate the access preview.
	//
	// This member is required.
	AnalyzerArn *string
	// contains filtered or unexported fields
}

type GetAccessPreviewOutput added in v1.2.0 

type GetAccessPreviewOutput struct {

	// An object that contains information about the access preview.
	//
	// This member is required.
	AccessPreview *types.AccessPreview

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetAnalyzedResourceInput 

type GetAnalyzedResourceInput struct {

	// The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources)
	// to retrieve information from.
	//
	// This member is required.
	AnalyzerArn *string

	// The ARN of the resource to retrieve information about.
	//
	// This member is required.
	ResourceArn *string
	// contains filtered or unexported fields
}

Retrieves an analyzed resource.

type GetAnalyzedResourceOutput 

type GetAnalyzedResourceOutput struct {

	// An AnalyzedResource object that contains information that IAM Access Analyzer
	// found when it analyzed the resource.
	Resource *types.AnalyzedResource

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

The response to the request.

type GetAnalyzerInput 

type GetAnalyzerInput struct {

	// The name of the analyzer retrieved.
	//
	// This member is required.
	AnalyzerName *string
	// contains filtered or unexported fields
}

Retrieves an analyzer.

type GetAnalyzerOutput 

type GetAnalyzerOutput struct {

	// An AnalyzerSummary object that contains information about the analyzer.
	//
	// This member is required.
	Analyzer *types.AnalyzerSummary

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

The response to the request.

type GetArchiveRuleInput 

type GetArchiveRuleInput struct {

	// The name of the analyzer to retrieve rules from.
	//
	// This member is required.
	AnalyzerName *string

	// The name of the rule to retrieve.
	//
	// This member is required.
	RuleName *string
	// contains filtered or unexported fields
}

Retrieves an archive rule.

type GetArchiveRuleOutput 

type GetArchiveRuleOutput struct {

	// Contains information about an archive rule.
	//
	// This member is required.
	ArchiveRule *types.ArchiveRuleSummary

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

The response to the request.

type GetFindingInput 

type GetFindingInput struct {

	// The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources)
	// that generated the finding.
	//
	// This member is required.
	AnalyzerArn *string

	// The ID of the finding to retrieve.
	//
	// This member is required.
	Id *string
	// contains filtered or unexported fields
}

Retrieves a finding.

type GetFindingOutput 

type GetFindingOutput struct {

	// A finding object that contains finding details.
	Finding *types.Finding

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

The response to the request.

type GetFindingV2APIClient added in v1.24.0 

type GetFindingV2APIClient interface {
	GetFindingV2(context.Context, *GetFindingV2Input, ...func(*Options)) (*GetFindingV2Output, error)
}

GetFindingV2APIClient is a client that implements the GetFindingV2 operation.

type GetFindingV2Input added in v1.24.0 

type GetFindingV2Input struct {

	// The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources)
	// that generated the finding.
	//
	// This member is required.
	AnalyzerArn *string

	// The ID of the finding to retrieve.
	//
	// This member is required.
	Id *string

	// The maximum number of results to return in the response.
	MaxResults *int32

	// A token used for pagination of results returned.
	NextToken *string
	// contains filtered or unexported fields
}

type GetFindingV2Output added in v1.24.0 

type GetFindingV2Output struct {

	// The time at which the resource-based policy or IAM entity that generated the
	// finding was analyzed.
	//
	// This member is required.
	AnalyzedAt *time.Time

	// The time at which the finding was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// A localized message that explains the finding and provides guidance on how to
	// address it.
	//
	// This member is required.
	FindingDetails []types.FindingDetails

	// The ID of the finding to retrieve.
	//
	// This member is required.
	Id *string

	// Tye Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource identified in the finding.
	//
	// This member is required.
	ResourceType types.ResourceType

	// The status of the finding.
	//
	// This member is required.
	Status types.FindingStatus

	// The time at which the finding was updated.
	//
	// This member is required.
	UpdatedAt *time.Time

	// An error.
	Error *string

	// The type of the finding. For external access analyzers, the type is
	// ExternalAccess . For unused access analyzers, the type can be UnusedIAMRole ,
	// UnusedIAMUserAccessKey , UnusedIAMUserPassword , or UnusedPermission .
	FindingType types.FindingType

	// A token used for pagination of results returned.
	NextToken *string

	// The resource that generated the finding.
	Resource *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetFindingV2Paginator added in v1.24.0 

type GetFindingV2Paginator struct {
	// contains filtered or unexported fields
}

GetFindingV2Paginator is a paginator for GetFindingV2

func NewGetFindingV2Paginator added in v1.24.0 

func NewGetFindingV2Paginator(client GetFindingV2APIClient, params *GetFindingV2Input, optFns ...func(*GetFindingV2PaginatorOptions)) *GetFindingV2Paginator

NewGetFindingV2Paginator returns a new GetFindingV2Paginator

func (*GetFindingV2Paginator) HasMorePages added in v1.24.0 

func (p *GetFindingV2Paginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*GetFindingV2Paginator) NextPage added in v1.24.0 

func (p *GetFindingV2Paginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*GetFindingV2Output, error)

NextPage retrieves the next GetFindingV2 page.

type GetFindingV2PaginatorOptions added in v1.24.0 

type GetFindingV2PaginatorOptions struct {
	// The maximum number of results to return in the response.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

GetFindingV2PaginatorOptions is the paginator options for GetFindingV2

type GetGeneratedPolicyInput added in v1.3.0 

type GetGeneratedPolicyInput struct {

	// The JobId that is returned by the StartPolicyGeneration operation. The JobId
	// can be used with GetGeneratedPolicy to retrieve the generated policies or used
	// with CancelPolicyGeneration to cancel the policy generation request.
	//
	// This member is required.
	JobId *string

	// The level of detail that you want to generate. You can specify whether to
	// generate policies with placeholders for resource ARNs for actions that support
	// resource level granularity in policies. For example, in the resource section of
	// a policy, you can receive a placeholder such as
	// "Resource":"arn:aws:s3:::${BucketName}" instead of "*" .
	IncludeResourcePlaceholders *bool

	// The level of detail that you want to generate. You can specify whether to
	// generate service-level policies. IAM Access Analyzer uses
	// iam:servicelastaccessed to identify services that have been used recently to
	// create this service-level template.
	IncludeServiceLevelTemplate *bool
	// contains filtered or unexported fields
}

type GetGeneratedPolicyOutput added in v1.3.0 

type GetGeneratedPolicyOutput struct {

	// A GeneratedPolicyResult object that contains the generated policies and
	// associated details.
	//
	// This member is required.
	GeneratedPolicyResult *types.GeneratedPolicyResult

	// A GeneratedPolicyDetails object that contains details about the generated
	// policy.
	//
	// This member is required.
	JobDetails *types.JobDetails

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type HTTPClient 

type HTTPClient interface {
	Do(*http.Request) (*http.Response, error)
}

type HTTPSignerV4 

type HTTPSignerV4 interface {
	SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
}

type IdempotencyTokenProvider 

type IdempotencyTokenProvider interface {
	GetIdempotencyToken() (string, error)
}

IdempotencyTokenProvider interface for providing idempotency token

type ListAccessPreviewFindingsAPIClient added in v1.2.0 

type ListAccessPreviewFindingsAPIClient interface {
	ListAccessPreviewFindings(context.Context, *ListAccessPreviewFindingsInput, ...func(*Options)) (*ListAccessPreviewFindingsOutput, error)
}

ListAccessPreviewFindingsAPIClient is a client that implements the ListAccessPreviewFindings operation.

type ListAccessPreviewFindingsInput added in v1.2.0 

type ListAccessPreviewFindingsInput struct {

	// The unique ID for the access preview.
	//
	// This member is required.
	AccessPreviewId *string

	// The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources)
	// used to generate the access.
	//
	// This member is required.
	AnalyzerArn *string

	// Criteria to filter the returned findings.
	Filter map[string]types.Criterion

	// The maximum number of results to return in the response.
	MaxResults *int32

	// A token used for pagination of results returned.
	NextToken *string
	// contains filtered or unexported fields
}

type ListAccessPreviewFindingsOutput added in v1.2.0 

type ListAccessPreviewFindingsOutput struct {

	// A list of access preview findings that match the specified filter criteria.
	//
	// This member is required.
	Findings []types.AccessPreviewFinding

	// A token used for pagination of results returned.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListAccessPreviewFindingsPaginator added in v1.2.0 

type ListAccessPreviewFindingsPaginator struct {
	// contains filtered or unexported fields
}

ListAccessPreviewFindingsPaginator is a paginator for ListAccessPreviewFindings

func NewListAccessPreviewFindingsPaginator added in v1.2.0 

func NewListAccessPreviewFindingsPaginator(client ListAccessPreviewFindingsAPIClient, params *ListAccessPreviewFindingsInput, optFns ...func(*ListAccessPreviewFindingsPaginatorOptions)) *ListAccessPreviewFindingsPaginator

NewListAccessPreviewFindingsPaginator returns a new ListAccessPreviewFindingsPaginator

func (*ListAccessPreviewFindingsPaginator) HasMorePages added in v1.2.0 

func (p *ListAccessPreviewFindingsPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListAccessPreviewFindingsPaginator) NextPage added in v1.2.0 

func (p *ListAccessPreviewFindingsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListAccessPreviewFindingsOutput, error)

NextPage retrieves the next ListAccessPreviewFindings page.

type ListAccessPreviewFindingsPaginatorOptions added in v1.2.0 

type ListAccessPreviewFindingsPaginatorOptions struct {
	// The maximum number of results to return in the response.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListAccessPreviewFindingsPaginatorOptions is the paginator options for ListAccessPreviewFindings

type ListAccessPreviewsAPIClient added in v1.2.0 

type ListAccessPreviewsAPIClient interface {
	ListAccessPreviews(context.Context, *ListAccessPreviewsInput, ...func(*Options)) (*ListAccessPreviewsOutput, error)
}

ListAccessPreviewsAPIClient is a client that implements the ListAccessPreviews operation.

type ListAccessPreviewsInput added in v1.2.0 

type ListAccessPreviewsInput struct {

	// The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources)
	// used to generate the access preview.
	//
	// This member is required.
	AnalyzerArn *string

	// The maximum number of results to return in the response.
	MaxResults *int32

	// A token used for pagination of results returned.
	NextToken *string
	// contains filtered or unexported fields
}

type ListAccessPreviewsOutput added in v1.2.0 

type ListAccessPreviewsOutput struct {

	// A list of access previews retrieved for the analyzer.
	//
	// This member is required.
	AccessPreviews []types.AccessPreviewSummary

	// A token used for pagination of results returned.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListAccessPreviewsPaginator added in v1.2.0 

type ListAccessPreviewsPaginator struct {
	// contains filtered or unexported fields
}

ListAccessPreviewsPaginator is a paginator for ListAccessPreviews

func NewListAccessPreviewsPaginator added in v1.2.0 

func NewListAccessPreviewsPaginator(client ListAccessPreviewsAPIClient, params *ListAccessPreviewsInput, optFns ...func(*ListAccessPreviewsPaginatorOptions)) *ListAccessPreviewsPaginator

NewListAccessPreviewsPaginator returns a new ListAccessPreviewsPaginator

func (*ListAccessPreviewsPaginator) HasMorePages added in v1.2.0 

func (p *ListAccessPreviewsPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListAccessPreviewsPaginator) NextPage added in v1.2.0 

func (p *ListAccessPreviewsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListAccessPreviewsOutput, error)

NextPage retrieves the next ListAccessPreviews page.

type ListAccessPreviewsPaginatorOptions added in v1.2.0 

type ListAccessPreviewsPaginatorOptions struct {
	// The maximum number of results to return in the response.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListAccessPreviewsPaginatorOptions is the paginator options for ListAccessPreviews

type ListAnalyzedResourcesAPIClient added in v0.30.0 

type ListAnalyzedResourcesAPIClient interface {
	ListAnalyzedResources(context.Context, *ListAnalyzedResourcesInput, ...func(*Options)) (*ListAnalyzedResourcesOutput, error)
}

ListAnalyzedResourcesAPIClient is a client that implements the ListAnalyzedResources operation.

type ListAnalyzedResourcesInput 

type ListAnalyzedResourcesInput struct {

	// The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources)
	// to retrieve a list of analyzed resources from.
	//
	// This member is required.
	AnalyzerArn *string

	// The maximum number of results to return in the response.
	MaxResults *int32

	// A token used for pagination of results returned.
	NextToken *string

	// The type of resource.
	ResourceType types.ResourceType
	// contains filtered or unexported fields
}

Retrieves a list of resources that have been analyzed.

type ListAnalyzedResourcesOutput 

type ListAnalyzedResourcesOutput struct {

	// A list of resources that were analyzed.
	//
	// This member is required.
	AnalyzedResources []types.AnalyzedResourceSummary

	// A token used for pagination of results returned.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

The response to the request.

type ListAnalyzedResourcesPaginator added in v0.30.0 

type ListAnalyzedResourcesPaginator struct {
	// contains filtered or unexported fields
}

ListAnalyzedResourcesPaginator is a paginator for ListAnalyzedResources

func NewListAnalyzedResourcesPaginator added in v0.30.0 

func NewListAnalyzedResourcesPaginator(client ListAnalyzedResourcesAPIClient, params *ListAnalyzedResourcesInput, optFns ...func(*ListAnalyzedResourcesPaginatorOptions)) *ListAnalyzedResourcesPaginator

NewListAnalyzedResourcesPaginator returns a new ListAnalyzedResourcesPaginator

func (*ListAnalyzedResourcesPaginator) HasMorePages added in v0.30.0 

func (p *ListAnalyzedResourcesPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListAnalyzedResourcesPaginator) NextPage added in v0.30.0 

func (p *ListAnalyzedResourcesPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListAnalyzedResourcesOutput, error)

NextPage retrieves the next ListAnalyzedResources page.

type ListAnalyzedResourcesPaginatorOptions added in v0.30.0 

type ListAnalyzedResourcesPaginatorOptions struct {
	// The maximum number of results to return in the response.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListAnalyzedResourcesPaginatorOptions is the paginator options for ListAnalyzedResources

type ListAnalyzersAPIClient added in v0.30.0 

type ListAnalyzersAPIClient interface {
	ListAnalyzers(context.Context, *ListAnalyzersInput, ...func(*Options)) (*ListAnalyzersOutput, error)
}

ListAnalyzersAPIClient is a client that implements the ListAnalyzers operation.

type ListAnalyzersInput 

type ListAnalyzersInput struct {

	// The maximum number of results to return in the response.
	MaxResults *int32

	// A token used for pagination of results returned.
	NextToken *string

	// The type of analyzer.
	Type types.Type
	// contains filtered or unexported fields
}

Retrieves a list of analyzers.

type ListAnalyzersOutput 

type ListAnalyzersOutput struct {

	// The analyzers retrieved.
	//
	// This member is required.
	Analyzers []types.AnalyzerSummary

	// A token used for pagination of results returned.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

The response to the request.

type ListAnalyzersPaginator added in v0.30.0 

type ListAnalyzersPaginator struct {
	// contains filtered or unexported fields
}

ListAnalyzersPaginator is a paginator for ListAnalyzers

func NewListAnalyzersPaginator added in v0.30.0 

func NewListAnalyzersPaginator(client ListAnalyzersAPIClient, params *ListAnalyzersInput, optFns ...func(*ListAnalyzersPaginatorOptions)) *ListAnalyzersPaginator

NewListAnalyzersPaginator returns a new ListAnalyzersPaginator

func (*ListAnalyzersPaginator) HasMorePages added in v0.30.0 

func (p *ListAnalyzersPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListAnalyzersPaginator) NextPage added in v0.30.0 

func (p *ListAnalyzersPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListAnalyzersOutput, error)

NextPage retrieves the next ListAnalyzers page.

type ListAnalyzersPaginatorOptions added in v0.30.0 

type ListAnalyzersPaginatorOptions struct {
	// The maximum number of results to return in the response.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListAnalyzersPaginatorOptions is the paginator options for ListAnalyzers

type ListArchiveRulesAPIClient added in v0.30.0 

type ListArchiveRulesAPIClient interface {
	ListArchiveRules(context.Context, *ListArchiveRulesInput, ...func(*Options)) (*ListArchiveRulesOutput, error)
}

ListArchiveRulesAPIClient is a client that implements the ListArchiveRules operation.

type ListArchiveRulesInput 

type ListArchiveRulesInput struct {

	// The name of the analyzer to retrieve rules from.
	//
	// This member is required.
	AnalyzerName *string

	// The maximum number of results to return in the request.
	MaxResults *int32

	// A token used for pagination of results returned.
	NextToken *string
	// contains filtered or unexported fields
}

Retrieves a list of archive rules created for the specified analyzer.

type ListArchiveRulesOutput 

type ListArchiveRulesOutput struct {

	// A list of archive rules created for the specified analyzer.
	//
	// This member is required.
	ArchiveRules []types.ArchiveRuleSummary

	// A token used for pagination of results returned.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

The response to the request.

type ListArchiveRulesPaginator added in v0.30.0 

type ListArchiveRulesPaginator struct {
	// contains filtered or unexported fields
}

ListArchiveRulesPaginator is a paginator for ListArchiveRules

func NewListArchiveRulesPaginator added in v0.30.0 

func NewListArchiveRulesPaginator(client ListArchiveRulesAPIClient, params *ListArchiveRulesInput, optFns ...func(*ListArchiveRulesPaginatorOptions)) *ListArchiveRulesPaginator

NewListArchiveRulesPaginator returns a new ListArchiveRulesPaginator

func (*ListArchiveRulesPaginator) HasMorePages added in v0.30.0 

func (p *ListArchiveRulesPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListArchiveRulesPaginator) NextPage added in v0.30.0 

func (p *ListArchiveRulesPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListArchiveRulesOutput, error)

NextPage retrieves the next ListArchiveRules page.

type ListArchiveRulesPaginatorOptions added in v0.30.0 

type ListArchiveRulesPaginatorOptions struct {
	// The maximum number of results to return in the request.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListArchiveRulesPaginatorOptions is the paginator options for ListArchiveRules

type ListFindingsAPIClient added in v0.30.0 

type ListFindingsAPIClient interface {
	ListFindings(context.Context, *ListFindingsInput, ...func(*Options)) (*ListFindingsOutput, error)
}

ListFindingsAPIClient is a client that implements the ListFindings operation.

type ListFindingsInput 

type ListFindingsInput struct {

	// The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources)
	// to retrieve findings from.
	//
	// This member is required.
	AnalyzerArn *string

	// A filter to match for the findings to return.
	Filter map[string]types.Criterion

	// The maximum number of results to return in the response.
	MaxResults *int32

	// A token used for pagination of results returned.
	NextToken *string

	// The sort order for the findings returned.
	Sort *types.SortCriteria
	// contains filtered or unexported fields
}

Retrieves a list of findings generated by the specified analyzer.

type ListFindingsOutput 

type ListFindingsOutput struct {

	// A list of findings retrieved from the analyzer that match the filter criteria
	// specified, if any.
	//
	// This member is required.
	Findings []types.FindingSummary

	// A token used for pagination of results returned.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

The response to the request.

type ListFindingsPaginator added in v0.30.0 

type ListFindingsPaginator struct {
	// contains filtered or unexported fields
}

ListFindingsPaginator is a paginator for ListFindings

func NewListFindingsPaginator added in v0.30.0 

func NewListFindingsPaginator(client ListFindingsAPIClient, params *ListFindingsInput, optFns ...func(*ListFindingsPaginatorOptions)) *ListFindingsPaginator

NewListFindingsPaginator returns a new ListFindingsPaginator

func (*ListFindingsPaginator) HasMorePages added in v0.30.0 

func (p *ListFindingsPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListFindingsPaginator) NextPage added in v0.30.0 

func (p *ListFindingsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListFindingsOutput, error)

NextPage retrieves the next ListFindings page.

type ListFindingsPaginatorOptions added in v0.30.0 

type ListFindingsPaginatorOptions struct {
	// The maximum number of results to return in the response.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListFindingsPaginatorOptions is the paginator options for ListFindings

type ListFindingsV2APIClient added in v1.24.0 

type ListFindingsV2APIClient interface {
	ListFindingsV2(context.Context, *ListFindingsV2Input, ...func(*Options)) (*ListFindingsV2Output, error)
}

ListFindingsV2APIClient is a client that implements the ListFindingsV2 operation.

type ListFindingsV2Input added in v1.24.0 

type ListFindingsV2Input struct {

	// The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources)
	// to retrieve findings from.
	//
	// This member is required.
	AnalyzerArn *string

	// A filter to match for the findings to return.
	Filter map[string]types.Criterion

	// The maximum number of results to return in the response.
	MaxResults *int32

	// A token used for pagination of results returned.
	NextToken *string

	// The criteria used to sort.
	Sort *types.SortCriteria
	// contains filtered or unexported fields
}

type ListFindingsV2Output added in v1.24.0 

type ListFindingsV2Output struct {

	// A list of findings retrieved from the analyzer that match the filter criteria
	// specified, if any.
	//
	// This member is required.
	Findings []types.FindingSummaryV2

	// A token used for pagination of results returned.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListFindingsV2Paginator added in v1.24.0 

type ListFindingsV2Paginator struct {
	// contains filtered or unexported fields
}

ListFindingsV2Paginator is a paginator for ListFindingsV2

func NewListFindingsV2Paginator added in v1.24.0 

func NewListFindingsV2Paginator(client ListFindingsV2APIClient, params *ListFindingsV2Input, optFns ...func(*ListFindingsV2PaginatorOptions)) *ListFindingsV2Paginator

NewListFindingsV2Paginator returns a new ListFindingsV2Paginator

func (*ListFindingsV2Paginator) HasMorePages added in v1.24.0 

func (p *ListFindingsV2Paginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListFindingsV2Paginator) NextPage added in v1.24.0 

func (p *ListFindingsV2Paginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListFindingsV2Output, error)

NextPage retrieves the next ListFindingsV2 page.

type ListFindingsV2PaginatorOptions added in v1.24.0 

type ListFindingsV2PaginatorOptions struct {
	// The maximum number of results to return in the response.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListFindingsV2PaginatorOptions is the paginator options for ListFindingsV2

type ListPolicyGenerationsAPIClient added in v1.3.0 

type ListPolicyGenerationsAPIClient interface {
	ListPolicyGenerations(context.Context, *ListPolicyGenerationsInput, ...func(*Options)) (*ListPolicyGenerationsOutput, error)
}

ListPolicyGenerationsAPIClient is a client that implements the ListPolicyGenerations operation.

type ListPolicyGenerationsInput added in v1.3.0 

type ListPolicyGenerationsInput struct {

	// The maximum number of results to return in the response.
	MaxResults *int32

	// A token used for pagination of results returned.
	NextToken *string

	// The ARN of the IAM entity (user or role) for which you are generating a policy.
	// Use this with ListGeneratedPolicies to filter the results to only include
	// results for a specific principal.
	PrincipalArn *string
	// contains filtered or unexported fields
}

type ListPolicyGenerationsOutput added in v1.3.0 

type ListPolicyGenerationsOutput struct {

	// A PolicyGeneration object that contains details about the generated policy.
	//
	// This member is required.
	PolicyGenerations []types.PolicyGeneration

	// A token used for pagination of results returned.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListPolicyGenerationsPaginator added in v1.3.0 

type ListPolicyGenerationsPaginator struct {
	// contains filtered or unexported fields
}

ListPolicyGenerationsPaginator is a paginator for ListPolicyGenerations

func NewListPolicyGenerationsPaginator added in v1.3.0 

func NewListPolicyGenerationsPaginator(client ListPolicyGenerationsAPIClient, params *ListPolicyGenerationsInput, optFns ...func(*ListPolicyGenerationsPaginatorOptions)) *ListPolicyGenerationsPaginator

NewListPolicyGenerationsPaginator returns a new ListPolicyGenerationsPaginator

func (*ListPolicyGenerationsPaginator) HasMorePages added in v1.3.0 

func (p *ListPolicyGenerationsPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListPolicyGenerationsPaginator) NextPage added in v1.3.0 

func (p *ListPolicyGenerationsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListPolicyGenerationsOutput, error)

NextPage retrieves the next ListPolicyGenerations page.

type ListPolicyGenerationsPaginatorOptions added in v1.3.0 

type ListPolicyGenerationsPaginatorOptions struct {
	// The maximum number of results to return in the response.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListPolicyGenerationsPaginatorOptions is the paginator options for ListPolicyGenerations

type ListTagsForResourceInput 

type ListTagsForResourceInput struct {

	// The ARN of the resource to retrieve tags from.
	//
	// This member is required.
	ResourceArn *string
	// contains filtered or unexported fields
}

Retrieves a list of tags applied to the specified resource.

type ListTagsForResourceOutput 

type ListTagsForResourceOutput struct {

	// The tags that are applied to the specified resource.
	Tags map[string]string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

The response to the request.

type Options 

type Options struct {
	// Set of options to modify how an operation is invoked. These apply to all
	// operations invoked for this client. Use functional options on operation call to
	// modify this list for per operation behavior.
	APIOptions []func(*middleware.Stack) error

	// The optional application specific identifier appended to the User-Agent header.
	AppID string

	// This endpoint will be given as input to an EndpointResolverV2. It is used for
	// providing a custom base endpoint that is subject to modifications by the
	// processing EndpointResolverV2.
	BaseEndpoint *string

	// Configures the events that will be sent to the configured logger.
	ClientLogMode aws.ClientLogMode

	// The credentials object to use when signing requests.
	Credentials aws.CredentialsProvider

	// The configuration DefaultsMode that the SDK should use when constructing the
	// clients initial default settings.
	DefaultsMode aws.DefaultsMode

	// The endpoint options to be used when attempting to resolve an endpoint.
	EndpointOptions EndpointResolverOptions

	// The service endpoint resolver.
	//
	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
	// value for this field will likely prevent you from using any endpoint-related
	// service features released after the introduction of EndpointResolverV2 and
	// BaseEndpoint. To migrate an EndpointResolver implementation that uses a custom
	// endpoint, set the client option BaseEndpoint instead.
	EndpointResolver EndpointResolver

	// Resolves the endpoint used for a particular service operation. This should be
	// used over the deprecated EndpointResolver.
	EndpointResolverV2 EndpointResolverV2

	// Signature Version 4 (SigV4) Signer
	HTTPSignerV4 HTTPSignerV4

	// Provides idempotency tokens values that will be automatically populated into
	// idempotent API operations.
	IdempotencyTokenProvider IdempotencyTokenProvider

	// The logger writer interface to write logging messages to.
	Logger logging.Logger

	// The region to send requests to. (Required)
	Region string

	// RetryMaxAttempts specifies the maximum number attempts an API client will call
	// an operation that fails with a retryable error. A value of 0 is ignored, and
	// will not be used to configure the API client created default retryer, or modify
	// per operation call's retry max attempts. If specified in an operation call's
	// functional options with a value that is different than the constructed client's
	// Options, the Client's Retryer will be wrapped to use the operation's specific
	// RetryMaxAttempts value.
	RetryMaxAttempts int

	// RetryMode specifies the retry mode the API client will be created with, if
	// Retryer option is not also specified. When creating a new API Clients this
	// member will only be used if the Retryer Options member is nil. This value will
	// be ignored if Retryer is not nil. Currently does not support per operation call
	// overrides, may in the future.
	RetryMode aws.RetryMode

	// Retryer guides how HTTP requests should be retried in case of recoverable
	// failures. When nil the API client will use a default retryer. The kind of
	// default retry created by the API client can be changed with the RetryMode
	// option.
	Retryer aws.Retryer

	// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
	// should not populate this structure programmatically, or rely on the values here
	// within your applications.
	RuntimeEnvironment aws.RuntimeEnvironment

	// The HTTP client to invoke API calls with. Defaults to client's default HTTP
	// implementation if nil.
	HTTPClient HTTPClient

	// The auth scheme resolver which determines how to authenticate for each
	// operation.
	AuthSchemeResolver AuthSchemeResolver

	// The list of auth schemes supported by the client.
	AuthSchemes []smithyhttp.AuthScheme
	// contains filtered or unexported fields
}

func (Options) Copy 

func (o Options) Copy() Options

Copy creates a clone where the APIOptions list is deep copied.

func (Options) GetIdentityResolver added in v1.23.2 

func (o Options) GetIdentityResolver(schemeID string) smithyauth.IdentityResolver

type ResolveEndpoint 

type ResolveEndpoint struct {
	Resolver EndpointResolver
	Options  EndpointResolverOptions
}

func (*ResolveEndpoint) HandleSerialize 

func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) (
	out middleware.SerializeOutput, metadata middleware.Metadata, err error,
)

func (*ResolveEndpoint) ID 

func (*ResolveEndpoint) ID() string

type StartPolicyGenerationInput added in v1.3.0 

type StartPolicyGenerationInput struct {

	// Contains the ARN of the IAM entity (user or role) for which you are generating
	// a policy.
	//
	// This member is required.
	PolicyGenerationDetails *types.PolicyGenerationDetails

	// A unique, case-sensitive identifier that you provide to ensure the idempotency
	// of the request. Idempotency ensures that an API request completes only once.
	// With an idempotent request, if the original request completes successfully, the
	// subsequent retries with the same client token return the result from the
	// original successful request and they have no additional effect. If you do not
	// specify a client token, one is automatically generated by the Amazon Web
	// Services SDK.
	ClientToken *string

	// A CloudTrailDetails object that contains details about a Trail that you want to
	// analyze to generate policies.
	CloudTrailDetails *types.CloudTrailDetails
	// contains filtered or unexported fields
}

type StartPolicyGenerationOutput added in v1.3.0 

type StartPolicyGenerationOutput struct {

	// The JobId that is returned by the StartPolicyGeneration operation. The JobId
	// can be used with GetGeneratedPolicy to retrieve the generated policies or used
	// with CancelPolicyGeneration to cancel the policy generation request.
	//
	// This member is required.
	JobId *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type StartResourceScanInput 

type StartResourceScanInput struct {

	// The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources)
	// to use to scan the policies applied to the specified resource.
	//
	// This member is required.
	AnalyzerArn *string

	// The ARN of the resource to scan.
	//
	// This member is required.
	ResourceArn *string

	// The Amazon Web Services account ID that owns the resource. For most Amazon Web
	// Services resources, the owning account is the account in which the resource was
	// created.
	ResourceOwnerAccount *string
	// contains filtered or unexported fields
}

Starts a scan of the policies applied to the specified resource.

type StartResourceScanOutput 

type StartResourceScanOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type TagResourceInput 

type TagResourceInput struct {

	// The ARN of the resource to add the tag to.
	//
	// This member is required.
	ResourceArn *string

	// The tags to add to the resource.
	//
	// This member is required.
	Tags map[string]string
	// contains filtered or unexported fields
}

Adds a tag to the specified resource.

type TagResourceOutput 

type TagResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

The response to the request.

type UntagResourceInput 

type UntagResourceInput struct {

	// The ARN of the resource to remove the tag from.
	//
	// This member is required.
	ResourceArn *string

	// The key for the tag to add.
	//
	// This member is required.
	TagKeys []string
	// contains filtered or unexported fields
}

Removes a tag from the specified resource.

type UntagResourceOutput 

type UntagResourceOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

The response to the request.

type UpdateArchiveRuleInput 

type UpdateArchiveRuleInput struct {

	// The name of the analyzer to update the archive rules for.
	//
	// This member is required.
	AnalyzerName *string

	// A filter to match for the rules to update. Only rules that match the filter are
	// updated.
	//
	// This member is required.
	Filter map[string]types.Criterion

	// The name of the rule to update.
	//
	// This member is required.
	RuleName *string

	// A client token.
	ClientToken *string
	// contains filtered or unexported fields
}

Updates the specified archive rule.

type UpdateArchiveRuleOutput 

type UpdateArchiveRuleOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type UpdateFindingsInput 

type UpdateFindingsInput struct {

	// The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources)
	// that generated the findings to update.
	//
	// This member is required.
	AnalyzerArn *string

	// The state represents the action to take to update the finding Status. Use
	// ARCHIVE to change an Active finding to an Archived finding. Use ACTIVE to
	// change an Archived finding to an Active finding.
	//
	// This member is required.
	Status types.FindingStatusUpdate

	// A client token.
	ClientToken *string

	// The IDs of the findings to update.
	Ids []string

	// The ARN of the resource identified in the finding.
	ResourceArn *string
	// contains filtered or unexported fields
}

Updates findings with the new values provided in the request.

type UpdateFindingsOutput 

type UpdateFindingsOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ValidatePolicyAPIClient added in v1.2.0 

type ValidatePolicyAPIClient interface {
	ValidatePolicy(context.Context, *ValidatePolicyInput, ...func(*Options)) (*ValidatePolicyOutput, error)
}

ValidatePolicyAPIClient is a client that implements the ValidatePolicy operation.

type ValidatePolicyInput added in v1.2.0 

type ValidatePolicyInput struct {

	// The JSON policy document to use as the content for the policy.
	//
	// This member is required.
	PolicyDocument *string

	// The type of policy to validate. Identity policies grant permissions to IAM
	// principals. Identity policies include managed and inline policies for IAM roles,
	// users, and groups. Resource policies grant permissions on Amazon Web Services
	// resources. Resource policies include trust policies for IAM roles and bucket
	// policies for Amazon S3 buckets. You can provide a generic input such as identity
	// policy or resource policy or a specific input such as managed policy or Amazon
	// S3 bucket policy. Service control policies (SCPs) are a type of organization
	// policy attached to an Amazon Web Services organization, organizational unit
	// (OU), or an account.
	//
	// This member is required.
	PolicyType types.PolicyType

	// The locale to use for localizing the findings.
	Locale types.Locale

	// The maximum number of results to return in the response.
	MaxResults *int32

	// A token used for pagination of results returned.
	NextToken *string

	// The type of resource to attach to your resource policy. Specify a value for the
	// policy validation resource type only if the policy type is RESOURCE_POLICY . For
	// example, to validate a resource policy to attach to an Amazon S3 bucket, you can
	// choose AWS::S3::Bucket for the policy validation resource type. For resource
	// types not supported as valid values, IAM Access Analyzer runs policy checks that
	// apply to all resource policies. For example, to validate a resource policy to
	// attach to a KMS key, do not specify a value for the policy validation resource
	// type and IAM Access Analyzer will run policy checks that apply to all resource
	// policies.
	ValidatePolicyResourceType types.ValidatePolicyResourceType
	// contains filtered or unexported fields
}

type ValidatePolicyOutput added in v1.2.0 

type ValidatePolicyOutput struct {

	// The list of findings in a policy returned by IAM Access Analyzer based on its
	// suite of policy checks.
	//
	// This member is required.
	Findings []types.ValidatePolicyFinding

	// A token used for pagination of results returned.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ValidatePolicyPaginator added in v1.2.0 

type ValidatePolicyPaginator struct {
	// contains filtered or unexported fields
}

ValidatePolicyPaginator is a paginator for ValidatePolicy

func NewValidatePolicyPaginator added in v1.2.0 

func NewValidatePolicyPaginator(client ValidatePolicyAPIClient, params *ValidatePolicyInput, optFns ...func(*ValidatePolicyPaginatorOptions)) *ValidatePolicyPaginator

NewValidatePolicyPaginator returns a new ValidatePolicyPaginator

func (*ValidatePolicyPaginator) HasMorePages added in v1.2.0 

func (p *ValidatePolicyPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ValidatePolicyPaginator) NextPage added in v1.2.0 

func (p *ValidatePolicyPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ValidatePolicyOutput, error)

NextPage retrieves the next ValidatePolicy page.

type ValidatePolicyPaginatorOptions added in v1.2.0 

type ValidatePolicyPaginatorOptions struct {
	// The maximum number of results to return in the response.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ValidatePolicyPaginatorOptions is the paginator options for ValidatePolicy

Source Files

View all Source files

Directories

Path Synopsis
internal
endpoints

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.