|
3 | 3 | "shapes": { |
4 | 4 | "com.amazonaws.accessanalyzer#AccessAnalyzer": { |
5 | 5 | "type": "service", |
| 6 | + "traits": { |
| 7 | + "aws.api#service": { |
| 8 | + "sdkId": "AccessAnalyzer", |
| 9 | + "arnNamespace": "access-analyzer", |
| 10 | + "cloudFormationName": "AccessAnalyzer", |
| 11 | + "cloudTrailEventSource": "access-analyzer.amazonaws.com", |
| 12 | + "endpointPrefix": "access-analyzer" |
| 13 | + }, |
| 14 | + "aws.auth#sigv4": { |
| 15 | + "name": "access-analyzer" |
| 16 | + }, |
| 17 | + "aws.protocols#restJson1": {}, |
| 18 | + "smithy.api#cors": {}, |
| 19 | + "smithy.api#documentation": "<p>Identity and Access Management Access Analyzer helps identify potential resource-access risks by enabling you to\n identify any policies that grant access to an external principal. It does this by using\n logic-based reasoning to analyze resource-based policies in your Amazon Web Services environment. An\n external principal can be another Amazon Web Services account, a root user, an IAM user or role, a\n federated user, an Amazon Web Services service, or an anonymous user. You can also use IAM Access Analyzer to\n preview and validate public and cross-account access to your resources before deploying\n permissions changes. This guide describes the Identity and Access Management Access Analyzer operations that you can\n call programmatically. For general information about IAM Access Analyzer, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html\">Identity and Access Management Access Analyzer</a> in the <b>IAM User Guide</b>.</p>\n <p>To start using IAM Access Analyzer, you first need to create an analyzer.</p>", |
| 20 | + "smithy.api#paginated": { |
| 21 | + "inputToken": "nextToken", |
| 22 | + "outputToken": "nextToken", |
| 23 | + "pageSize": "maxResults" |
| 24 | + }, |
| 25 | + "smithy.api#title": "Access Analyzer" |
| 26 | + }, |
6 | 27 | "version": "2019-11-01", |
7 | 28 | "operations": [ |
8 | 29 | { |
|
67 | 88 | { |
68 | 89 | "target": "com.amazonaws.accessanalyzer#Analyzer" |
69 | 90 | } |
70 | | - ], |
71 | | - "traits": { |
72 | | - "aws.api#service": { |
73 | | - "sdkId": "AccessAnalyzer", |
74 | | - "arnNamespace": "access-analyzer", |
75 | | - "cloudFormationName": "AccessAnalyzer", |
76 | | - "cloudTrailEventSource": "access-analyzer.amazonaws.com", |
77 | | - "endpointPrefix": "access-analyzer" |
78 | | - }, |
79 | | - "aws.auth#sigv4": { |
80 | | - "name": "access-analyzer" |
81 | | - }, |
82 | | - "aws.protocols#restJson1": {}, |
83 | | - "smithy.api#cors": {}, |
84 | | - "smithy.api#documentation": "<p>Identity and Access Management Access Analyzer helps identify potential resource-access risks by enabling you to\n identify any policies that grant access to an external principal. It does this by using\n logic-based reasoning to analyze resource-based policies in your Amazon Web Services environment. An\n external principal can be another Amazon Web Services account, a root user, an IAM user or role, a\n federated user, an Amazon Web Services service, or an anonymous user. You can also use IAM Access Analyzer to\n preview and validate public and cross-account access to your resources before deploying\n permissions changes. This guide describes the Identity and Access Management Access Analyzer operations that you can\n call programmatically. For general information about IAM Access Analyzer, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html\">Identity and Access Management Access Analyzer</a> in the <b>IAM User Guide</b>.</p>\n <p>To start using IAM Access Analyzer, you first need to create an analyzer.</p>", |
85 | | - "smithy.api#paginated": { |
86 | | - "inputToken": "nextToken", |
87 | | - "outputToken": "nextToken", |
88 | | - "pageSize": "maxResults" |
89 | | - }, |
90 | | - "smithy.api#title": "Access Analyzer" |
91 | | - } |
| 91 | + ] |
92 | 92 | }, |
93 | 93 | "com.amazonaws.accessanalyzer#AccessDeniedException": { |
94 | 94 | "type": "structure", |
|
3863 | 3863 | "kmsKeyId": { |
3864 | 3864 | "target": "com.amazonaws.accessanalyzer#SecretsManagerSecretKmsId", |
3865 | 3865 | "traits": { |
3866 | | - "smithy.api#documentation": "<p>The proposed ARN, key ID, or alias of the KMS customer master key (CMK).</p>" |
| 3866 | + "smithy.api#documentation": "<p>The proposed ARN, key ID, or alias of the KMS key.</p>" |
3867 | 3867 | } |
3868 | 3868 | }, |
3869 | 3869 | "secretPolicy": { |
|
3874 | 3874 | } |
3875 | 3875 | }, |
3876 | 3876 | "traits": { |
3877 | | - "smithy.api#documentation": "<p>The configuration for a Secrets Manager secret. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html\">CreateSecret</a>.</p>\n <p>You can propose a configuration for a new secret or an existing secret that you own by\n specifying the secret policy and optional KMS encryption key. If the configuration is for\n an existing secret and you do not specify the secret policy, the access preview uses the\n existing policy for the secret. If the access preview is for a new resource and you do not\n specify the policy, the access preview assumes a secret without a policy. To propose\n deletion of an existing policy, you can specify an empty string. If the proposed\n configuration is for a new secret and you do not specify the KMS key ID, the access\n preview uses the default CMK of the Amazon Web Services account. If you specify an empty string for the\n KMS key ID, the access preview uses the default CMK of the Amazon Web Services account. For more\n information about secret policy limits, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html\">Quotas for\n Secrets Manager.</a>.</p>" |
| 3877 | + "smithy.api#documentation": "<p>The configuration for a Secrets Manager secret. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html\">CreateSecret</a>.</p>\n <p>You can propose a configuration for a new secret or an existing secret that you own by\n specifying the secret policy and optional KMS encryption key. If the configuration is for\n an existing secret and you do not specify the secret policy, the access preview uses the\n existing policy for the secret. If the access preview is for a new resource and you do not\n specify the policy, the access preview assumes a secret without a policy. To propose\n deletion of an existing policy, you can specify an empty string. If the proposed\n configuration is for a new secret and you do not specify the KMS key ID, the access\n preview uses the Amazon Web Services managed key <code>aws/secretsmanager</code>. If you specify an empty\n string for the KMS key ID, the access preview uses the Amazon Web Services managed key of the Amazon Web Services\n account. For more information about secret policy limits, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html\">Quotas for\n Secrets Manager.</a>.</p>" |
3878 | 3878 | } |
3879 | 3879 | }, |
3880 | 3880 | "com.amazonaws.accessanalyzer#SecretsManagerSecretKmsId": { |
|
4691 | 4691 | "smithy.api#documentation": "<p>The type of policy to validate. Identity policies grant permissions to IAM principals.\n Identity policies include managed and inline policies for IAM roles, users, and groups.\n They also include service-control policies (SCPs) that are attached to an Amazon Web Services\n organization, organizational unit (OU), or an account.</p>\n <p>Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust\n policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic\n input such as identity policy or resource policy or a specific input such as managed policy\n or Amazon S3 bucket policy. </p>", |
4692 | 4692 | "smithy.api#required": {} |
4693 | 4693 | } |
| 4694 | + }, |
| 4695 | + "validatePolicyResourceType": { |
| 4696 | + "target": "com.amazonaws.accessanalyzer#ValidatePolicyResourceType", |
| 4697 | + "traits": { |
| 4698 | + "smithy.api#documentation": "<p>The type of resource to attach to your resource policy. Specify a value for the policy\n validation resource type only if the policy type is <code>RESOURCE_POLICY</code>. For\n example, to validate a resource policy to attach to an Amazon S3 bucket, you can choose\n <code>AWS::S3::Bucket</code> for the policy validation resource type.</p>\n <p>For resource types not supported as valid values, IAM Access Analyzer runs policy checks that\n apply to all resource policies. For example, to validate a resource policy to attach to a\n KMS key, do not specify a value for the policy validation resource type and IAM Access Analyzer\n will run policy checks that apply to all resource policies.</p>" |
| 4699 | + } |
4694 | 4700 | } |
4695 | 4701 | } |
4696 | 4702 | }, |
| 4703 | + "com.amazonaws.accessanalyzer#ValidatePolicyResourceType": { |
| 4704 | + "type": "string", |
| 4705 | + "traits": { |
| 4706 | + "smithy.api#enum": [ |
| 4707 | + { |
| 4708 | + "value": "AWS::S3::Bucket", |
| 4709 | + "name": "S3_BUCKET" |
| 4710 | + }, |
| 4711 | + { |
| 4712 | + "value": "AWS::S3::AccessPoint", |
| 4713 | + "name": "S3_ACCESS_POINT" |
| 4714 | + }, |
| 4715 | + { |
| 4716 | + "value": "AWS::S3::MultiRegionAccessPoint", |
| 4717 | + "name": "S3_MULTI_REGION_ACCESS_POINT" |
| 4718 | + }, |
| 4719 | + { |
| 4720 | + "value": "AWS::S3ObjectLambda::AccessPoint", |
| 4721 | + "name": "S3_OBJECT_LAMBDA_ACCESS_POINT" |
| 4722 | + } |
| 4723 | + ] |
| 4724 | + } |
| 4725 | + }, |
4697 | 4726 | "com.amazonaws.accessanalyzer#ValidatePolicyResponse": { |
4698 | 4727 | "type": "structure", |
4699 | 4728 | "members": { |
|
0 commit comments