package types

type Access struct {

	// A list of actions for the access permissions. Any strings that can be used as
	// an action in an IAM policy can be used in the list of actions to check.
	Actions []string

	// A list of resources for the access permissions. Any strings that can be used as
	// an Amazon Resource Name (ARN) in an IAM policy can be used in the list of
	// resources to check. You can only use a wildcard in the portion of the ARN that
	// specifies the resource ID.
	Resources []string
	// contains filtered or unexported fields
}

Contains information about actions and resources that define permissions to check against a policy.

func (AccessCheckPolicyType) Values ¶

func (AccessCheckPolicyType) Values() []AccessCheckPolicyType

Values returns all known values for AccessCheckPolicyType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AccessCheckResourceType ¶

type AccessCheckResourceType string

const (
	AccessCheckResourceTypeDynamodbTable            AccessCheckResourceType = "AWS::DynamoDB::Table"
	AccessCheckResourceTypeDynamodbStream           AccessCheckResourceType = "AWS::DynamoDB::Stream"
	AccessCheckResourceTypeEfsFilesystem            AccessCheckResourceType = "AWS::EFS::FileSystem"
	AccessCheckResourceTypeOpensearchserviceDomain  AccessCheckResourceType = "AWS::OpenSearchService::Domain"
	AccessCheckResourceTypeKinesisDataStream        AccessCheckResourceType = "AWS::Kinesis::Stream"
	AccessCheckResourceTypeKinesisStreamConsumer    AccessCheckResourceType = "AWS::Kinesis::StreamConsumer"
	AccessCheckResourceTypeKmsKey                   AccessCheckResourceType = "AWS::KMS::Key"
	AccessCheckResourceTypeLambdaFunction           AccessCheckResourceType = "AWS::Lambda::Function"
	AccessCheckResourceTypeS3Bucket                 AccessCheckResourceType = "AWS::S3::Bucket"
	AccessCheckResourceTypeS3AccessPoint            AccessCheckResourceType = "AWS::S3::AccessPoint"
	AccessCheckResourceTypeS3expressDirectorybucket AccessCheckResourceType = "AWS::S3Express::DirectoryBucket"
	AccessCheckResourceTypeS3Glacier                AccessCheckResourceType = "AWS::S3::Glacier"
	AccessCheckResourceTypeS3OutpostsBucket         AccessCheckResourceType = "AWS::S3Outposts::Bucket"
	AccessCheckResourceTypeS3OutpostsAccessPoint    AccessCheckResourceType = "AWS::S3Outposts::AccessPoint"
	AccessCheckResourceTypeSecretsmanagerSecret     AccessCheckResourceType = "AWS::SecretsManager::Secret"
	AccessCheckResourceTypeSnsTopic                 AccessCheckResourceType = "AWS::SNS::Topic"
	AccessCheckResourceTypeSqsQueue                 AccessCheckResourceType = "AWS::SQS::Queue"
	AccessCheckResourceTypeRoleTrust                AccessCheckResourceType = "AWS::IAM::AssumeRolePolicyDocument"
	AccessCheckResourceTypeS3TableBucket            AccessCheckResourceType = "AWS::S3Tables::TableBucket"
	AccessCheckResourceTypeApiGatewayRestApi        AccessCheckResourceType = "AWS::ApiGateway::RestApi"
	AccessCheckResourceTypeCodeArtifactDomain       AccessCheckResourceType = "AWS::CodeArtifact::Domain"
	AccessCheckResourceTypeBackupVault              AccessCheckResourceType = "AWS::Backup::BackupVault"
	AccessCheckResourceTypeCloudtrailDashboard      AccessCheckResourceType = "AWS::CloudTrail::Dashboard"
	AccessCheckResourceTypeCloudtrailEventDataStore AccessCheckResourceType = "AWS::CloudTrail::EventDataStore"
	AccessCheckResourceTypeS3Table                  AccessCheckResourceType = "AWS::S3Tables::Table"
	AccessCheckResourceTypeS3ExpressAccessPoint     AccessCheckResourceType = "AWS::S3Express::AccessPoint"
)

Enum values for AccessCheckResourceType

func (AccessCheckResourceType) Values ¶

func (AccessCheckResourceType) Values() []AccessCheckResourceType

Values returns all known values for AccessCheckResourceType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AccessDeniedException ¶

type AccessDeniedException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

You do not have sufficient access to perform this action.

func (*AccessDeniedException) Error ¶

func (e *AccessDeniedException) Error() string

func (*AccessDeniedException) ErrorCode ¶

func (e *AccessDeniedException) ErrorCode() string

func (*AccessDeniedException) ErrorFault ¶

func (e *AccessDeniedException) ErrorFault() smithy.ErrorFault

func (*AccessDeniedException) ErrorMessage ¶

func (e *AccessDeniedException) ErrorMessage() string

type AccessPreview ¶

type AccessPreview struct {

	// The ARN of the analyzer used to generate the access preview.
	//
	// This member is required.
	AnalyzerArn *string

	// A map of resource ARNs for the proposed resource configuration.
	//
	// This member is required.
	Configurations map[string]Configuration

	// The time at which the access preview was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The unique ID for the access preview.
	//
	// This member is required.
	Id *string

	// The status of the access preview.
	//
	//   - Creating - The access preview creation is in progress.
	//
	//   - Completed - The access preview is complete. You can preview findings for
	//   external access to the resource.
	//
	//   - Failed - The access preview creation has failed.
	//
	// This member is required.
	Status AccessPreviewStatus

	// Provides more details about the current status of the access preview.
	//
	// For example, if the creation of the access preview fails, a Failed status is
	// returned. This failure can be due to an internal issue with the analysis or due
	// to an invalid resource configuration.
	StatusReason *AccessPreviewStatusReason
	// contains filtered or unexported fields
}

Contains information about an access preview.

type AccessPreviewFinding ¶

type AccessPreviewFinding struct {

	// Provides context on how the access preview finding compares to existing access
	// identified in IAM Access Analyzer.
	//
	//   - New - The finding is for newly-introduced access.
	//
	//   - Unchanged - The preview finding is an existing finding that would remain
	//   unchanged.
	//
	//   - Changed - The preview finding is an existing finding with a change in status.
	//
	// For example, a Changed finding with preview status Resolved and existing status
	// Active indicates the existing Active finding would become Resolved as a result
	// of the proposed permissions change.
	//
	// This member is required.
	ChangeType FindingChangeType

	// The time at which the access preview finding was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The ID of the access preview finding. This ID uniquely identifies the element
	// in the list of access preview findings and is not related to the finding ID in
	// Access Analyzer.
	//
	// This member is required.
	Id *string

	// The Amazon Web Services account ID that owns the resource. For most Amazon Web
	// Services resources, the owning account is the account in which the resource was
	// created.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource that can be accessed in the finding.
	//
	// This member is required.
	ResourceType ResourceType

	// The preview status of the finding. This is what the status of the finding would
	// be after permissions deployment. For example, a Changed finding with preview
	// status Resolved and existing status Active indicates the existing Active
	// finding would become Resolved as a result of the proposed permissions change.
	//
	// This member is required.
	Status FindingStatus

	// The action in the analyzed policy statement that an external principal has
	// permission to perform.
	Action []string

	// The condition in the analyzed policy statement that resulted in a finding.
	Condition map[string]string

	// An error.
	Error *string

	// The existing ID of the finding in IAM Access Analyzer, provided only for
	// existing findings.
	ExistingFindingId *string

	// The existing status of the finding, provided only for existing findings.
	ExistingFindingStatus FindingStatus

	// Indicates whether the policy that generated the finding allows public access to
	// the resource.
	IsPublic *bool

	// The external principal that has access to a resource within the zone of trust.
	Principal map[string]string

	// The resource that an external principal has access to. This is the resource
	// associated with the access preview.
	Resource *string

	// The type of restriction applied to the finding by the resource owner with an
	// Organizations resource control policy (RCP).
	ResourceControlPolicyRestriction ResourceControlPolicyRestriction

	// The sources of the finding. This indicates how the access that generated the
	// finding is granted. It is populated for Amazon S3 bucket findings.
	Sources []FindingSource
	// contains filtered or unexported fields
}

An access preview finding generated by the access preview.

func (AccessPreviewStatus) Values ¶

func (AccessPreviewStatus) Values() []AccessPreviewStatus

Values returns all known values for AccessPreviewStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AccessPreviewStatusReason ¶

type AccessPreviewStatusReason struct {

	// The reason code for the current status of the access preview.
	//
	// This member is required.
	Code AccessPreviewStatusReasonCode
	// contains filtered or unexported fields
}

Provides more details about the current status of the access preview. For example, if the creation of the access preview fails, a Failed status is returned. This failure can be due to an internal issue with the analysis or due to an invalid proposed resource configuration.

type AccessPreviewStatusReasonCode ¶

type AccessPreviewStatusReasonCode string

const (
	AccessPreviewStatusReasonCodeInternalError        AccessPreviewStatusReasonCode = "INTERNAL_ERROR"
	AccessPreviewStatusReasonCodeInvalidConfiguration AccessPreviewStatusReasonCode = "INVALID_CONFIGURATION"
)

Enum values for AccessPreviewStatusReasonCode

func (AccessPreviewStatusReasonCode) Values ¶

func (AccessPreviewStatusReasonCode) Values() []AccessPreviewStatusReasonCode

Values returns all known values for AccessPreviewStatusReasonCode. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AccessPreviewSummary ¶

type AccessPreviewSummary struct {

	// The ARN of the analyzer used to generate the access preview.
	//
	// This member is required.
	AnalyzerArn *string

	// The time at which the access preview was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The unique ID for the access preview.
	//
	// This member is required.
	Id *string

	// The status of the access preview.
	//
	//   - Creating - The access preview creation is in progress.
	//
	//   - Completed - The access preview is complete and previews the findings for
	//   external access to the resource.
	//
	//   - Failed - The access preview creation has failed.
	//
	// This member is required.
	Status AccessPreviewStatus

	// Provides more details about the current status of the access preview. For
	// example, if the creation of the access preview fails, a Failed status is
	// returned. This failure can be due to an internal issue with the analysis or due
	// to an invalid proposed resource configuration.
	StatusReason *AccessPreviewStatusReason
	// contains filtered or unexported fields
}

Contains a summary of information about an access preview.

type AclGrantee ¶

type AclGrantee interface {
	// contains filtered or unexported methods
}

You specify each grantee as a type-value pair using one of these types. You can specify only one type of grantee. For more information, see PutBucketAcl.

The following types satisfy this interface:

AclGranteeMemberId
AclGranteeMemberUri

Example (OutputUsage)¶

Code:play

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.AclGrantee
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.AclGranteeMemberId:
		_ = v.Value // Value is string

	case *types.AclGranteeMemberUri:
		_ = v.Value // Value is string

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type AclGranteeMemberId ¶

type AclGranteeMemberId struct {
	Value string
	// contains filtered or unexported fields
}

The value specified is the canonical user ID of an Amazon Web Services account.

type AclGranteeMemberUri ¶

type AclGranteeMemberUri struct {
	Value string
	// contains filtered or unexported fields
}

Used for granting permissions to a predefined group.

type AclPermission ¶

type AclPermission string

const (
	AclPermissionRead        AclPermission = "READ"
	AclPermissionWrite       AclPermission = "WRITE"
	AclPermissionReadAcp     AclPermission = "READ_ACP"
	AclPermissionWriteAcp    AclPermission = "WRITE_ACP"
	AclPermissionFullControl AclPermission = "FULL_CONTROL"
)

Enum values for AclPermission

func (AclPermission) Values ¶

func (AclPermission) Values() []AclPermission

Values returns all known values for AclPermission. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AnalysisRule ¶

type AnalysisRule struct {

	// A list of rules for the analyzer containing criteria to exclude from analysis.
	// Entities that meet the rule criteria will not generate findings.
	Exclusions []AnalysisRuleCriteria
	// contains filtered or unexported fields
}

Contains information about analysis rules for the analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.

type AnalysisRuleCriteria ¶

type AnalysisRuleCriteria struct {

	// A list of Amazon Web Services account IDs to apply to the analysis rule
	// criteria. The accounts cannot include the organization analyzer owner account.
	// Account IDs can only be applied to the analysis rule criteria for
	// organization-level analyzers. The list cannot include more than 2,000 account
	// IDs.
	AccountIds []string

	// An array of key-value pairs to match for your resources. You can use the set of
	// Unicode letters, digits, whitespace, _ , . , / , = , + , and - .
	//
	// For the tag key, you can specify a value that is 1 to 128 characters in length
	// and cannot be prefixed with aws: .
	//
	// For the tag value, you can specify a value that is 0 to 256 characters in
	// length. If the specified tag value is 0 characters, the rule is applied to all
	// principals with the specified tag key.
	ResourceTags []map[string]string
	// contains filtered or unexported fields
}

The criteria for an analysis rule for an analyzer. The criteria determine which entities will generate findings.

type AnalyzedResource ¶

type AnalyzedResource struct {

	// The time at which the resource was analyzed.
	//
	// This member is required.
	AnalyzedAt *time.Time

	// The time at which the finding was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// Indicates whether the policy that generated the finding grants public access to
	// the resource.
	//
	// This member is required.
	IsPublic *bool

	// The ARN of the resource that was analyzed.
	//
	// This member is required.
	ResourceArn *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource that was analyzed.
	//
	// This member is required.
	ResourceType ResourceType

	// The time at which the finding was updated.
	//
	// This member is required.
	UpdatedAt *time.Time

	// The actions that an external principal is granted permission to use by the
	// policy that generated the finding.
	Actions []string

	// An error message.
	Error *string

	// Indicates how the access that generated the finding is granted. This is
	// populated for Amazon S3 bucket findings.
	SharedVia []string

	// The current status of the finding generated from the analyzed resource.
	Status FindingStatus
	// contains filtered or unexported fields
}

Contains details about the analyzed resource.

type AnalyzedResourceSummary ¶

type AnalyzedResourceSummary struct {

	// The ARN of the analyzed resource.
	//
	// This member is required.
	ResourceArn *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of resource that was analyzed.
	//
	// This member is required.
	ResourceType ResourceType
	// contains filtered or unexported fields
}

Contains the ARN of the analyzed resource.

type AnalyzerConfiguration ¶

type AnalyzerConfiguration interface {
	// contains filtered or unexported methods
}

Contains information about the configuration of an analyzer for an Amazon Web Services organization or account.

The following types satisfy this interface:

AnalyzerConfigurationMemberUnusedAccess

Example (OutputUsage)¶

Code:play

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.AnalyzerConfiguration
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.AnalyzerConfigurationMemberUnusedAccess:
		_ = v.Value // Value is types.UnusedAccessConfiguration

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type AnalyzerConfigurationMemberUnusedAccess ¶

type AnalyzerConfigurationMemberUnusedAccess struct {
	Value UnusedAccessConfiguration
	// contains filtered or unexported fields
}

Specifies the configuration of an unused access analyzer for an Amazon Web Services organization or account.

type AnalyzerStatus ¶

type AnalyzerStatus string

const (
	AnalyzerStatusActive   AnalyzerStatus = "ACTIVE"
	AnalyzerStatusCreating AnalyzerStatus = "CREATING"
	AnalyzerStatusDisabled AnalyzerStatus = "DISABLED"
	AnalyzerStatusFailed   AnalyzerStatus = "FAILED"
)

Enum values for AnalyzerStatus

func (AnalyzerStatus) Values ¶

func (AnalyzerStatus) Values() []AnalyzerStatus

Values returns all known values for AnalyzerStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AnalyzerSummary ¶

type AnalyzerSummary struct {

	// The ARN of the analyzer.
	//
	// This member is required.
	Arn *string

	// A timestamp for the time at which the analyzer was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The name of the analyzer.
	//
	// This member is required.
	Name *string

	// The status of the analyzer. An Active analyzer successfully monitors supported
	// resources and generates new findings. The analyzer is Disabled when a user
	// action, such as removing trusted access for Identity and Access Management
	// Access Analyzer from Organizations, causes the analyzer to stop generating new
	// findings. The status is Creating when the analyzer creation is in progress and
	// Failed when the analyzer creation has failed.
	//
	// This member is required.
	Status AnalyzerStatus

	// The type of analyzer, which corresponds to the zone of trust chosen for the
	// analyzer.
	//
	// This member is required.
	Type Type

	// Specifies whether the analyzer is an external access or unused access analyzer.
	Configuration AnalyzerConfiguration

	// The resource that was most recently analyzed by the analyzer.
	LastResourceAnalyzed *string

	// The time at which the most recently analyzed resource was analyzed.
	LastResourceAnalyzedAt *time.Time

	// The statusReason provides more details about the current status of the
	// analyzer. For example, if the creation for the analyzer fails, a Failed status
	// is returned. For an analyzer with organization as the type, this failure can be
	// due to an issue with creating the service-linked roles required in the member
	// accounts of the Amazon Web Services organization.
	StatusReason *StatusReason

	// The tags added to the analyzer.
	Tags map[string]string
	// contains filtered or unexported fields
}

Contains information about the analyzer.

type ArchiveRuleSummary ¶

type ArchiveRuleSummary struct {

	// The time at which the archive rule was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// A filter used to define the archive rule.
	//
	// This member is required.
	Filter map[string]Criterion

	// The name of the archive rule.
	//
	// This member is required.
	RuleName *string

	// The time at which the archive rule was last updated.
	//
	// This member is required.
	UpdatedAt *time.Time
	// contains filtered or unexported fields
}

Contains information about an archive rule. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.

type CheckAccessNotGrantedResult ¶

type CheckAccessNotGrantedResult string

const (
	CheckAccessNotGrantedResultPass CheckAccessNotGrantedResult = "PASS"
	CheckAccessNotGrantedResultFail CheckAccessNotGrantedResult = "FAIL"
)

Enum values for CheckAccessNotGrantedResult

func (CheckAccessNotGrantedResult) Values ¶

func (CheckAccessNotGrantedResult) Values() []CheckAccessNotGrantedResult

Values returns all known values for CheckAccessNotGrantedResult. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type CheckNoNewAccessResult ¶

type CheckNoNewAccessResult string

const (
	CheckNoNewAccessResultPass CheckNoNewAccessResult = "PASS"
	CheckNoNewAccessResultFail CheckNoNewAccessResult = "FAIL"
)

Enum values for CheckNoNewAccessResult

func (CheckNoNewAccessResult) Values ¶

func (CheckNoNewAccessResult) Values() []CheckNoNewAccessResult

Values returns all known values for CheckNoNewAccessResult. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type CheckNoPublicAccessResult ¶

type CheckNoPublicAccessResult string

const (
	CheckNoPublicAccessResultPass CheckNoPublicAccessResult = "PASS"
	CheckNoPublicAccessResultFail CheckNoPublicAccessResult = "FAIL"
)

Enum values for CheckNoPublicAccessResult

func (CheckNoPublicAccessResult) Values ¶

func (CheckNoPublicAccessResult) Values() []CheckNoPublicAccessResult

Values returns all known values for CheckNoPublicAccessResult. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type CloudTrailDetails ¶

type CloudTrailDetails struct {

	// The ARN of the service role that IAM Access Analyzer uses to access your
	// CloudTrail trail and service last accessed information.
	//
	// This member is required.
	AccessRole *string

	// The start of the time range for which IAM Access Analyzer reviews your
	// CloudTrail events. Events with a timestamp before this time are not considered
	// to generate a policy.
	//
	// This member is required.
	StartTime *time.Time

	// A Trail object that contains settings for a trail.
	//
	// This member is required.
	Trails []Trail

	// The end of the time range for which IAM Access Analyzer reviews your CloudTrail
	// events. Events with a timestamp after this time are not considered to generate a
	// policy. If this is not included in the request, the default value is the current
	// time.
	EndTime *time.Time
	// contains filtered or unexported fields
}

Contains information about CloudTrail access.

type CloudTrailProperties ¶

type CloudTrailProperties struct {

	// The end of the time range for which IAM Access Analyzer reviews your CloudTrail
	// events. Events with a timestamp after this time are not considered to generate a
	// policy. If this is not included in the request, the default value is the current
	// time.
	//
	// This member is required.
	EndTime *time.Time

	// The start of the time range for which IAM Access Analyzer reviews your
	// CloudTrail events. Events with a timestamp before this time are not considered
	// to generate a policy.
	//
	// This member is required.
	StartTime *time.Time

	// A TrailProperties object that contains settings for trail properties.
	//
	// This member is required.
	TrailProperties []TrailProperties
	// contains filtered or unexported fields
}

Contains information about CloudTrail access.

type Configuration ¶

type Configuration interface {
	// contains filtered or unexported methods
}

Access control configuration structures for your resource. You specify the configuration as a type-value pair. You can specify only one type of access control configuration.

The following types satisfy this interface:

ConfigurationMemberDynamodbStream
ConfigurationMemberDynamodbTable
ConfigurationMemberEbsSnapshot
ConfigurationMemberEcrRepository
ConfigurationMemberEfsFileSystem
ConfigurationMemberIamRole
ConfigurationMemberKmsKey
ConfigurationMemberRdsDbClusterSnapshot
ConfigurationMemberRdsDbSnapshot
ConfigurationMemberS3Bucket
ConfigurationMemberS3ExpressDirectoryBucket
ConfigurationMemberSecretsManagerSecret
ConfigurationMemberSnsTopic
ConfigurationMemberSqsQueue

Example (OutputUsage)¶

Code:play

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.Configuration
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.ConfigurationMemberDynamodbStream:
		_ = v.Value // Value is types.DynamodbStreamConfiguration

	case *types.ConfigurationMemberDynamodbTable:
		_ = v.Value // Value is types.DynamodbTableConfiguration

	case *types.ConfigurationMemberEbsSnapshot:
		_ = v.Value // Value is types.EbsSnapshotConfiguration

	case *types.ConfigurationMemberEcrRepository:
		_ = v.Value // Value is types.EcrRepositoryConfiguration

	case *types.ConfigurationMemberEfsFileSystem:
		_ = v.Value // Value is types.EfsFileSystemConfiguration

	case *types.ConfigurationMemberIamRole:
		_ = v.Value // Value is types.IamRoleConfiguration

	case *types.ConfigurationMemberKmsKey:
		_ = v.Value // Value is types.KmsKeyConfiguration

	case *types.ConfigurationMemberRdsDbClusterSnapshot:
		_ = v.Value // Value is types.RdsDbClusterSnapshotConfiguration

	case *types.ConfigurationMemberRdsDbSnapshot:
		_ = v.Value // Value is types.RdsDbSnapshotConfiguration

	case *types.ConfigurationMemberS3Bucket:
		_ = v.Value // Value is types.S3BucketConfiguration

	case *types.ConfigurationMemberS3ExpressDirectoryBucket:
		_ = v.Value // Value is types.S3ExpressDirectoryBucketConfiguration

	case *types.ConfigurationMemberSecretsManagerSecret:
		_ = v.Value // Value is types.SecretsManagerSecretConfiguration

	case *types.ConfigurationMemberSnsTopic:
		_ = v.Value // Value is types.SnsTopicConfiguration

	case *types.ConfigurationMemberSqsQueue:
		_ = v.Value // Value is types.SqsQueueConfiguration

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type ConfigurationMemberDynamodbStream ¶

type ConfigurationMemberDynamodbStream struct {
	Value DynamodbStreamConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for a DynamoDB stream.

type ConfigurationMemberDynamodbTable ¶

type ConfigurationMemberDynamodbTable struct {
	Value DynamodbTableConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for a DynamoDB table or index.

type ConfigurationMemberEbsSnapshot ¶

type ConfigurationMemberEbsSnapshot struct {
	Value EbsSnapshotConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon EBS volume snapshot.

type ConfigurationMemberEcrRepository ¶

type ConfigurationMemberEcrRepository struct {
	Value EcrRepositoryConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon ECR repository.

type ConfigurationMemberEfsFileSystem ¶

type ConfigurationMemberEfsFileSystem struct {
	Value EfsFileSystemConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon EFS file system.

type ConfigurationMemberIamRole ¶

type ConfigurationMemberIamRole struct {
	Value IamRoleConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an IAM role.

type ConfigurationMemberKmsKey ¶

type ConfigurationMemberKmsKey struct {
	Value KmsKeyConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for a KMS key.

type ConfigurationMemberRdsDbClusterSnapshot ¶

type ConfigurationMemberRdsDbClusterSnapshot struct {
	Value RdsDbClusterSnapshotConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon RDS DB cluster snapshot.

type ConfigurationMemberRdsDbSnapshot ¶

type ConfigurationMemberRdsDbSnapshot struct {
	Value RdsDbSnapshotConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon RDS DB snapshot.

type ConfigurationMemberS3Bucket ¶

type ConfigurationMemberS3Bucket struct {
	Value S3BucketConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon S3 bucket.

type ConfigurationMemberS3ExpressDirectoryBucket ¶

type ConfigurationMemberS3ExpressDirectoryBucket struct {
	Value S3ExpressDirectoryBucketConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon S3 directory bucket.

type ConfigurationMemberSecretsManagerSecret ¶

type ConfigurationMemberSecretsManagerSecret struct {
	Value SecretsManagerSecretConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for a Secrets Manager secret.

type ConfigurationMemberSnsTopic ¶

type ConfigurationMemberSnsTopic struct {
	Value SnsTopicConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon SNS topic

type ConfigurationMemberSqsQueue ¶

type ConfigurationMemberSqsQueue struct {
	Value SqsQueueConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon SQS queue.

type ConflictException ¶

type ConflictException struct {
	Message *string

	ErrorCodeOverride *string

	ResourceId   *string
	ResourceType *string
	// contains filtered or unexported fields
}

A conflict exception error.

func (*ConflictException) Error ¶

func (e *ConflictException) Error() string

func (*ConflictException) ErrorCode ¶

func (e *ConflictException) ErrorCode() string

func (*ConflictException) ErrorFault ¶

func (e *ConflictException) ErrorFault() smithy.ErrorFault

func (*ConflictException) ErrorMessage ¶

func (e *ConflictException) ErrorMessage() string

type Criterion ¶

type Criterion struct {

	// A "contains" operator to match for the filter used to create the rule.
	Contains []string

	// An "equals" operator to match for the filter used to create the rule.
	Eq []string

	// An "exists" operator to match for the filter used to create the rule.
	Exists *bool

	// A "not equals" operator to match for the filter used to create the rule.
	Neq []string
	// contains filtered or unexported fields
}

The criteria to use in the filter that defines the archive rule. For more information on available filter keys, see IAM Access Analyzer filter keys.

type DynamodbStreamConfiguration ¶

type DynamodbStreamConfiguration struct {

	// The proposed resource policy defining who can access or manage the DynamoDB
	// stream.
	StreamPolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for a DynamoDB stream. You can propose a configuration for a new DynamoDB stream or an existing DynamoDB stream that you own by specifying the policy for the DynamoDB stream. For more information, see PutResourcePolicy.

If the configuration is for an existing DynamoDB stream and you do not specify the DynamoDB policy, then the access preview uses the existing DynamoDB policy for the stream.
If the access preview is for a new resource and you do not specify the policy, then the access preview assumes a DynamoDB stream without a policy.
To propose deletion of an existing DynamoDB stream policy, you can specify an empty string for the DynamoDB policy.

type DynamodbTableConfiguration ¶

type DynamodbTableConfiguration struct {

	// The proposed resource policy defining who can access or manage the DynamoDB
	// table.
	TablePolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for a DynamoDB table or index. You can propose a configuration for a new DynamoDB table or index or an existing DynamoDB table or index that you own by specifying the policy for the DynamoDB table or index. For more information, see PutResourcePolicy.

If the configuration is for an existing DynamoDB table or index and you do not specify the DynamoDB policy, then the access preview uses the existing DynamoDB policy for the table or index.
If the access preview is for a new resource and you do not specify the policy, then the access preview assumes a DynamoDB table without a policy.
To propose deletion of an existing DynamoDB table or index policy, you can specify an empty string for the DynamoDB policy.

type EbsSnapshotConfiguration ¶

type EbsSnapshotConfiguration struct {

	// The groups that have access to the Amazon EBS volume snapshot. If the value all
	// is specified, then the Amazon EBS volume snapshot is public.
	//
	//   - If the configuration is for an existing Amazon EBS volume snapshot and you
	//   do not specify the groups , then the access preview uses the existing shared
	//   groups for the snapshot.
	//
	//   - If the access preview is for a new resource and you do not specify the
	//   groups , then the access preview considers the snapshot without any groups .
	//
	//   - To propose deletion of existing shared groups , you can specify an empty
	//   list for groups .
	Groups []string

	// The KMS key identifier for an encrypted Amazon EBS volume snapshot. The KMS key
	// identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
	//
	//   - If the configuration is for an existing Amazon EBS volume snapshot and you
	//   do not specify the kmsKeyId , or you specify an empty string, then the access
	//   preview uses the existing kmsKeyId of the snapshot.
	//
	//   - If the access preview is for a new resource and you do not specify the
	//   kmsKeyId , the access preview considers the snapshot as unencrypted.
	KmsKeyId *string

	// The IDs of the Amazon Web Services accounts that have access to the Amazon EBS
	// volume snapshot.
	//
	//   - If the configuration is for an existing Amazon EBS volume snapshot and you
	//   do not specify the userIds , then the access preview uses the existing shared
	//   userIds for the snapshot.
	//
	//   - If the access preview is for a new resource and you do not specify the
	//   userIds , then the access preview considers the snapshot without any userIds .
	//
	//   - To propose deletion of existing shared accountIds , you can specify an empty
	//   list for userIds .
	UserIds []string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon EBS volume snapshot. You can propose a configuration for a new Amazon EBS volume snapshot or an Amazon EBS volume snapshot that you own by specifying the user IDs, groups, and optional KMS encryption key. For more information, see ModifySnapshotAttribute.

type EcrRepositoryConfiguration ¶

type EcrRepositoryConfiguration struct {

	// The JSON repository policy text to apply to the Amazon ECR repository. For more
	// information, see [Private repository policy examples]in the Amazon ECR User Guide.
	//
	// [Private repository policy examples]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html
	RepositoryPolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon ECR repository. You can propose a configuration for a new Amazon ECR repository or an existing Amazon ECR repository that you own by specifying the Amazon ECR policy. For more information, see Repository.

If the configuration is for an existing Amazon ECR repository and you do not specify the Amazon ECR policy, then the access preview uses the existing Amazon ECR policy for the repository.
If the access preview is for a new resource and you do not specify the policy, then the access preview assumes an Amazon ECR repository without a policy.
To propose deletion of an existing Amazon ECR repository policy, you can specify an empty string for the Amazon ECR policy.

type EfsFileSystemConfiguration ¶

type EfsFileSystemConfiguration struct {

	// The JSON policy definition to apply to the Amazon EFS file system. For more
	// information on the elements that make up a file system policy, see [Amazon EFS Resource-based policies].
	//
	// [Amazon EFS Resource-based policies]: https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies
	FileSystemPolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon EFS file system. You can propose a configuration for a new Amazon EFS file system or an existing Amazon EFS file system that you own by specifying the Amazon EFS policy. For more information, see Using file systems in Amazon EFS.

If the configuration is for an existing Amazon EFS file system and you do not specify the Amazon EFS policy, then the access preview uses the existing Amazon EFS policy for the file system.
If the access preview is for a new resource and you do not specify the policy, then the access preview assumes an Amazon EFS file system without a policy.
To propose deletion of an existing Amazon EFS file system policy, you can specify an empty string for the Amazon EFS policy.

type ExternalAccessDetails ¶

type ExternalAccessDetails struct {

	// The condition in the analyzed policy statement that resulted in an external
	// access finding.
	//
	// This member is required.
	Condition map[string]string

	// The action in the analyzed policy statement that an external principal has
	// permission to use.
	Action []string

	// Specifies whether the external access finding is public.
	IsPublic *bool

	// The external principal that has access to a resource within the zone of trust.
	Principal map[string]string

	// The type of restriction applied to the finding by the resource owner with an
	// Organizations resource control policy (RCP).
	ResourceControlPolicyRestriction ResourceControlPolicyRestriction

	// The sources of the external access finding. This indicates how the access that
	// generated the finding is granted. It is populated for Amazon S3 bucket findings.
	Sources []FindingSource
	// contains filtered or unexported fields
}

Contains information about an external access finding.

type ExternalAccessFindingsStatistics ¶

type ExternalAccessFindingsStatistics struct {

	// The total number of active cross-account and public findings for each resource
	// type of the specified external access analyzer.
	ResourceTypeStatistics map[string]ResourceTypeDetails

	// The number of active findings for the specified external access analyzer.
	TotalActiveFindings *int32

	// The number of archived findings for the specified external access analyzer.
	TotalArchivedFindings *int32

	// The number of resolved findings for the specified external access analyzer.
	TotalResolvedFindings *int32
	// contains filtered or unexported fields
}

Provides aggregate statistics about the findings for the specified external access analyzer.

type Finding ¶

type Finding struct {

	// The time at which the resource was analyzed.
	//
	// This member is required.
	AnalyzedAt *time.Time

	// The condition in the analyzed policy statement that resulted in a finding.
	//
	// This member is required.
	Condition map[string]string

	// The time at which the finding was generated.
	//
	// This member is required.
	CreatedAt *time.Time

	// The ID of the finding.
	//
	// This member is required.
	Id *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource identified in the finding.
	//
	// This member is required.
	ResourceType ResourceType

	// The current status of the finding.
	//
	// This member is required.
	Status FindingStatus

	// The time at which the finding was updated.
	//
	// This member is required.
	UpdatedAt *time.Time

	// The action in the analyzed policy statement that an external principal has
	// permission to use.
	Action []string

	// An error.
	Error *string

	// Indicates whether the policy that generated the finding allows public access to
	// the resource.
	IsPublic *bool

	// The external principal that has access to a resource within the zone of trust.
	Principal map[string]string

	// The resource that an external principal has access to.
	Resource *string

	// The type of restriction applied to the finding by the resource owner with an
	// Organizations resource control policy (RCP).
	ResourceControlPolicyRestriction ResourceControlPolicyRestriction

	// The sources of the finding. This indicates how the access that generated the
	// finding is granted. It is populated for Amazon S3 bucket findings.
	Sources []FindingSource
	// contains filtered or unexported fields
}

Contains information about a finding.

type FindingAggregationAccountDetails ¶

type FindingAggregationAccountDetails struct {

	// The ID of the Amazon Web Services account for which unused access finding
	// details are provided.
	Account *string

	// Provides the number of active findings for each type of unused access for the
	// specified Amazon Web Services account.
	Details map[string]int32

	// The number of active unused access findings for the specified Amazon Web
	// Services account.
	NumberOfActiveFindings *int32
	// contains filtered or unexported fields
}

Contains information about the findings for an Amazon Web Services account in an organization unused access analyzer.

type FindingChangeType ¶

type FindingChangeType string

const (
	FindingChangeTypeChanged   FindingChangeType = "CHANGED"
	FindingChangeTypeNew       FindingChangeType = "NEW"
	FindingChangeTypeUnchanged FindingChangeType = "UNCHANGED"
)

Enum values for FindingChangeType

func (FindingChangeType) Values ¶

func (FindingChangeType) Values() []FindingChangeType

Values returns all known values for FindingChangeType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type FindingDetails ¶

type FindingDetails interface {
	// contains filtered or unexported methods
}

Contains information about an external access or unused access finding. Only one parameter can be used in a FindingDetails object.

The following types satisfy this interface:

FindingDetailsMemberExternalAccessDetails
FindingDetailsMemberUnusedIamRoleDetails
FindingDetailsMemberUnusedIamUserAccessKeyDetails
FindingDetailsMemberUnusedIamUserPasswordDetails
FindingDetailsMemberUnusedPermissionDetails

Example (OutputUsage)¶

Code:play

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.FindingDetails
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.FindingDetailsMemberExternalAccessDetails:
		_ = v.Value // Value is types.ExternalAccessDetails

	case *types.FindingDetailsMemberUnusedIamRoleDetails:
		_ = v.Value // Value is types.UnusedIamRoleDetails

	case *types.FindingDetailsMemberUnusedIamUserAccessKeyDetails:
		_ = v.Value // Value is types.UnusedIamUserAccessKeyDetails

	case *types.FindingDetailsMemberUnusedIamUserPasswordDetails:
		_ = v.Value // Value is types.UnusedIamUserPasswordDetails

	case *types.FindingDetailsMemberUnusedPermissionDetails:
		_ = v.Value // Value is types.UnusedPermissionDetails

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type FindingDetailsMemberExternalAccessDetails ¶

type FindingDetailsMemberExternalAccessDetails struct {
	Value ExternalAccessDetails
	// contains filtered or unexported fields
}

The details for an external access analyzer finding.

type FindingDetailsMemberUnusedIamRoleDetails ¶

type FindingDetailsMemberUnusedIamRoleDetails struct {
	Value UnusedIamRoleDetails
	// contains filtered or unexported fields
}

The details for an unused access analyzer finding with an unused IAM role finding type.

type FindingDetailsMemberUnusedIamUserAccessKeyDetails ¶

type FindingDetailsMemberUnusedIamUserAccessKeyDetails struct {
	Value UnusedIamUserAccessKeyDetails
	// contains filtered or unexported fields
}

The details for an unused access analyzer finding with an unused IAM user access key finding type.

type FindingDetailsMemberUnusedIamUserPasswordDetails ¶

type FindingDetailsMemberUnusedIamUserPasswordDetails struct {
	Value UnusedIamUserPasswordDetails
	// contains filtered or unexported fields
}

The details for an unused access analyzer finding with an unused IAM user password finding type.

type FindingDetailsMemberUnusedPermissionDetails ¶

type FindingDetailsMemberUnusedPermissionDetails struct {
	Value UnusedPermissionDetails
	// contains filtered or unexported fields
}

The details for an unused access analyzer finding with an unused permission finding type.

type FindingSource ¶

type FindingSource struct {

	// Indicates the type of access that generated the finding.
	//
	// This member is required.
	Type FindingSourceType

	// Includes details about how the access that generated the finding is granted.
	// This is populated for Amazon S3 bucket findings.
	Detail *FindingSourceDetail
	// contains filtered or unexported fields
}

The source of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.

type FindingSourceDetail ¶

type FindingSourceDetail struct {

	// The account of the cross-account access point that generated the finding.
	AccessPointAccount *string

	// The ARN of the access point that generated the finding. The ARN format depends
	// on whether the ARN represents an access point or a multi-region access point.
	AccessPointArn *string
	// contains filtered or unexported fields
}

Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.

type FindingSourceType ¶

type FindingSourceType string

const (
	FindingSourceTypePolicy               FindingSourceType = "POLICY"
	FindingSourceTypeBucketAcl            FindingSourceType = "BUCKET_ACL"
	FindingSourceTypeS3AccessPoint        FindingSourceType = "S3_ACCESS_POINT"
	FindingSourceTypeS3AccessPointAccount FindingSourceType = "S3_ACCESS_POINT_ACCOUNT"
)

Enum values for FindingSourceType

func (FindingSourceType) Values ¶

func (FindingSourceType) Values() []FindingSourceType

Values returns all known values for FindingSourceType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type FindingStatus ¶

type FindingStatus string

const (
	FindingStatusActive   FindingStatus = "ACTIVE"
	FindingStatusArchived FindingStatus = "ARCHIVED"
	FindingStatusResolved FindingStatus = "RESOLVED"
)

Enum values for FindingStatus

func (FindingStatus) Values ¶

func (FindingStatus) Values() []FindingStatus

Values returns all known values for FindingStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type FindingStatusUpdate ¶

type FindingStatusUpdate string

const (
	FindingStatusUpdateActive   FindingStatusUpdate = "ACTIVE"
	FindingStatusUpdateArchived FindingStatusUpdate = "ARCHIVED"
)

Enum values for FindingStatusUpdate

func (FindingStatusUpdate) Values ¶

func (FindingStatusUpdate) Values() []FindingStatusUpdate

Values returns all known values for FindingStatusUpdate. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type FindingSummary ¶

type FindingSummary struct {

	// The time at which the resource-based policy that generated the finding was
	// analyzed.
	//
	// This member is required.
	AnalyzedAt *time.Time

	// The condition in the analyzed policy statement that resulted in a finding.
	//
	// This member is required.
	Condition map[string]string

	// The time at which the finding was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The ID of the finding.
	//
	// This member is required.
	Id *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource that the external principal has access to.
	//
	// This member is required.
	ResourceType ResourceType

	// The status of the finding.
	//
	// This member is required.
	Status FindingStatus

	// The time at which the finding was most recently updated.
	//
	// This member is required.
	UpdatedAt *time.Time

	// The action in the analyzed policy statement that an external principal has
	// permission to use.
	Action []string

	// The error that resulted in an Error finding.
	Error *string

	// Indicates whether the finding reports a resource that has a policy that allows
	// public access.
	IsPublic *bool

	// The external principal that has access to a resource within the zone of trust.
	Principal map[string]string

	// The resource that the external principal has access to.
	Resource *string

	// The type of restriction applied to the finding by the resource owner with an
	// Organizations resource control policy (RCP).
	ResourceControlPolicyRestriction ResourceControlPolicyRestriction

	// The sources of the finding. This indicates how the access that generated the
	// finding is granted. It is populated for Amazon S3 bucket findings.
	Sources []FindingSource
	// contains filtered or unexported fields
}

Contains information about a finding.

type FindingSummaryV2 ¶

type FindingSummaryV2 struct {

	// The time at which the resource-based policy or IAM entity that generated the
	// finding was analyzed.
	//
	// This member is required.
	AnalyzedAt *time.Time

	// The time at which the finding was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The ID of the finding.
	//
	// This member is required.
	Id *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource that the external principal has access to.
	//
	// This member is required.
	ResourceType ResourceType

	// The status of the finding.
	//
	// This member is required.
	Status FindingStatus

	// The time at which the finding was most recently updated.
	//
	// This member is required.
	UpdatedAt *time.Time

	// The error that resulted in an Error finding.
	Error *string

	// The type of the external access or unused access finding.
	FindingType FindingType

	// The resource that the external principal has access to.
	Resource *string
	// contains filtered or unexported fields
}

Contains information about a finding.

type FindingType ¶

type FindingType string

const (
	FindingTypeExternalAccess         FindingType = "ExternalAccess"
	FindingTypeUnusedIamRole          FindingType = "UnusedIAMRole"
	FindingTypeUnusedIamUserAccessKey FindingType = "UnusedIAMUserAccessKey"
	FindingTypeUnusedIamUserPassword  FindingType = "UnusedIAMUserPassword"
	FindingTypeUnusedPermission       FindingType = "UnusedPermission"
)

Enum values for FindingType

func (FindingType) Values ¶

func (FindingType) Values() []FindingType

Values returns all known values for FindingType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type FindingsStatistics ¶

type FindingsStatistics interface {
	// contains filtered or unexported methods
}

Contains information about the aggregate statistics for an external or unused access analyzer. Only one parameter can be used in a FindingsStatistics object.

The following types satisfy this interface:

FindingsStatisticsMemberExternalAccessFindingsStatistics
FindingsStatisticsMemberUnusedAccessFindingsStatistics

Example (OutputUsage)¶

Code:play

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.FindingsStatistics
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.FindingsStatisticsMemberExternalAccessFindingsStatistics:
		_ = v.Value // Value is types.ExternalAccessFindingsStatistics

	case *types.FindingsStatisticsMemberUnusedAccessFindingsStatistics:
		_ = v.Value // Value is types.UnusedAccessFindingsStatistics

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type FindingsStatisticsMemberExternalAccessFindingsStatistics ¶

type FindingsStatisticsMemberExternalAccessFindingsStatistics struct {
	Value ExternalAccessFindingsStatistics
	// contains filtered or unexported fields
}

The aggregate statistics for an external access analyzer.

type FindingsStatisticsMemberUnusedAccessFindingsStatistics ¶

type FindingsStatisticsMemberUnusedAccessFindingsStatistics struct {
	Value UnusedAccessFindingsStatistics
	// contains filtered or unexported fields
}

The aggregate statistics for an unused access analyzer.

type GeneratedPolicy ¶

type GeneratedPolicy struct {

	// The text to use as the content for the new policy. The policy is created using
	// the [CreatePolicy]action.
	//
	// [CreatePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
	//
	// This member is required.
	Policy *string
	// contains filtered or unexported fields
}

Contains the text for the generated policy.

type GeneratedPolicyProperties ¶

type GeneratedPolicyProperties struct {

	// The ARN of the IAM entity (user or role) for which you are generating a policy.
	//
	// This member is required.
	PrincipalArn *string

	// Lists details about the Trail used to generated policy.
	CloudTrailProperties *CloudTrailProperties

	// This value is set to true if the generated policy contains all possible actions
	// for a service that IAM Access Analyzer identified from the CloudTrail trail that
	// you specified, and false otherwise.
	IsComplete *bool
	// contains filtered or unexported fields
}

Contains the generated policy details.

type GeneratedPolicyResult ¶

type GeneratedPolicyResult struct {

	// A GeneratedPolicyProperties object that contains properties of the generated
	// policy.
	//
	// This member is required.
	Properties *GeneratedPolicyProperties

	// The text to use as the content for the new policy. The policy is created using
	// the [CreatePolicy]action.
	//
	// [CreatePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
	GeneratedPolicies []GeneratedPolicy
	// contains filtered or unexported fields
}

Contains the text for the generated policy and its details.

type IamRoleConfiguration ¶

type IamRoleConfiguration struct {

	// The proposed trust policy for the IAM role.
	TrustPolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an IAM role. You can propose a configuration for a new IAM role or an existing IAM role that you own by specifying the trust policy. If the configuration is for a new IAM role, you must specify the trust policy. If the configuration is for an existing IAM role that you own and you do not propose the trust policy, the access preview uses the existing trust policy for the role. The proposed trust policy cannot be an empty string. For more information about role trust policy limits, see IAM and STS quotas.

type InlineArchiveRule ¶

type InlineArchiveRule struct {

	// The condition and values for a criterion.
	//
	// This member is required.
	Filter map[string]Criterion

	// The name of the rule.
	//
	// This member is required.
	RuleName *string
	// contains filtered or unexported fields
}

An criterion statement in an archive rule. Each archive rule may have multiple criteria.

type InternalServerException ¶

type InternalServerException struct {
	Message *string

	ErrorCodeOverride *string

	RetryAfterSeconds *int32
	// contains filtered or unexported fields
}

Internal server error.

func (*InternalServerException) Error ¶

func (e *InternalServerException) Error() string

func (*InternalServerException) ErrorCode ¶

func (e *InternalServerException) ErrorCode() string

func (*InternalServerException) ErrorFault ¶

func (e *InternalServerException) ErrorFault() smithy.ErrorFault

func (*InternalServerException) ErrorMessage ¶

func (e *InternalServerException) ErrorMessage() string

type InternetConfiguration ¶

type InternetConfiguration struct {
	// contains filtered or unexported fields
}

This configuration sets the network origin for the Amazon S3 access point or multi-region access point to Internet .

type InvalidParameterException ¶

type InvalidParameterException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The specified parameter is invalid.

func (*InvalidParameterException) Error ¶

func (e *InvalidParameterException) Error() string

func (*InvalidParameterException) ErrorCode ¶

func (e *InvalidParameterException) ErrorCode() string

func (*InvalidParameterException) ErrorFault ¶

func (e *InvalidParameterException) ErrorFault() smithy.ErrorFault

func (*InvalidParameterException) ErrorMessage ¶

func (e *InvalidParameterException) ErrorMessage() string

type JobDetails ¶

type JobDetails struct {

	// The JobId that is returned by the StartPolicyGeneration operation. The JobId
	// can be used with GetGeneratedPolicy to retrieve the generated policies or used
	// with CancelPolicyGeneration to cancel the policy generation request.
	//
	// This member is required.
	JobId *string

	// A timestamp of when the job was started.
	//
	// This member is required.
	StartedOn *time.Time

	// The status of the job request.
	//
	// This member is required.
	Status JobStatus

	// A timestamp of when the job was completed.
	CompletedOn *time.Time

	// The job error for the policy generation request.
	JobError *JobError
	// contains filtered or unexported fields
}

Contains details about the policy generation request.

type JobError ¶

type JobError struct {

	// The job error code.
	//
	// This member is required.
	Code JobErrorCode

	// Specific information about the error. For example, which service quota was
	// exceeded or which resource was not found.
	//
	// This member is required.
	Message *string
	// contains filtered or unexported fields
}

Contains the details about the policy generation error.

type JobErrorCode ¶

type JobErrorCode string

const (
	JobErrorCodeAuthorizationError        JobErrorCode = "AUTHORIZATION_ERROR"
	JobErrorCodeResourceNotFoundError     JobErrorCode = "RESOURCE_NOT_FOUND_ERROR"
	JobErrorCodeServiceQuotaExceededError JobErrorCode = "SERVICE_QUOTA_EXCEEDED_ERROR"
	JobErrorCodeServiceError              JobErrorCode = "SERVICE_ERROR"
)

Enum values for JobErrorCode

func (JobErrorCode) Values ¶

func (JobErrorCode) Values() []JobErrorCode

Values returns all known values for JobErrorCode. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type JobStatus ¶

type JobStatus string

const (
	JobStatusInProgress JobStatus = "IN_PROGRESS"
	JobStatusSucceeded  JobStatus = "SUCCEEDED"
	JobStatusFailed     JobStatus = "FAILED"
	JobStatusCanceled   JobStatus = "CANCELED"
)

Enum values for JobStatus

func (JobStatus) Values ¶

func (JobStatus) Values() []JobStatus

Values returns all known values for JobStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type KmsGrantConfiguration ¶

type KmsGrantConfiguration struct {

	// The principal that is given permission to perform the operations that the grant
	// permits.
	//
	// This member is required.
	GranteePrincipal *string

	//  The Amazon Web Services account under which the grant was issued. The account
	// is used to propose KMS grants issued by accounts other than the owner of the
	// key.
	//
	// This member is required.
	IssuingAccount *string

	// A list of operations that the grant permits.
	//
	// This member is required.
	Operations []KmsGrantOperation

	// Use this structure to propose allowing [cryptographic operations] in the grant only when the operation
	// request includes the specified [encryption context].
	//
	// [cryptographic operations]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
	// [encryption context]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
	Constraints *KmsGrantConstraints

	// The principal that is given permission to retire the grant by using [RetireGrant] operation.
	//
	// [RetireGrant]: https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html
	RetiringPrincipal *string
	// contains filtered or unexported fields
}

A proposed grant configuration for a KMS key. For more information, see CreateGrant.

type KmsGrantConstraints ¶

type KmsGrantConstraints struct {

	// A list of key-value pairs that must match the encryption context in the [cryptographic operation]
	// request. The grant allows the operation only when the encryption context in the
	// request is the same as the encryption context specified in this constraint.
	//
	// [cryptographic operation]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
	EncryptionContextEquals map[string]string

	// A list of key-value pairs that must be included in the encryption context of
	// the [cryptographic operation]request. The grant allows the cryptographic operation only when the
	// encryption context in the request includes the key-value pairs specified in this
	// constraint, although it can include additional key-value pairs.
	//
	// [cryptographic operation]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
	EncryptionContextSubset map[string]string
	// contains filtered or unexported fields
}

Use this structure to propose allowing cryptographic operations in the grant only when the operation request includes the specified encryption context. You can specify only one type of encryption context. An empty map is treated as not specified. For more information, see GrantConstraints.

type KmsGrantOperation ¶

type KmsGrantOperation string

const (
	KmsGrantOperationCreateGrant                         KmsGrantOperation = "CreateGrant"
	KmsGrantOperationDecrypt                             KmsGrantOperation = "Decrypt"
	KmsGrantOperationDescribeKey                         KmsGrantOperation = "DescribeKey"
	KmsGrantOperationEncrypt                             KmsGrantOperation = "Encrypt"
	KmsGrantOperationGenerateDataKey                     KmsGrantOperation = "GenerateDataKey"
	KmsGrantOperationGenerateDataKeyPair                 KmsGrantOperation = "GenerateDataKeyPair"
	KmsGrantOperationGenerateDataKeyPairWithoutPlaintext KmsGrantOperation = "GenerateDataKeyPairWithoutPlaintext"
	KmsGrantOperationGenerateDataKeyWithoutPlaintext     KmsGrantOperation = "GenerateDataKeyWithoutPlaintext"
	KmsGrantOperationGetPublicKey                        KmsGrantOperation = "GetPublicKey"
	KmsGrantOperationReencryptFrom                       KmsGrantOperation = "ReEncryptFrom"
	KmsGrantOperationReencryptTo                         KmsGrantOperation = "ReEncryptTo"
	KmsGrantOperationRetireGrant                         KmsGrantOperation = "RetireGrant"
	KmsGrantOperationSign                                KmsGrantOperation = "Sign"
	KmsGrantOperationVerify                              KmsGrantOperation = "Verify"
)

Enum values for KmsGrantOperation

func (KmsGrantOperation) Values ¶

func (KmsGrantOperation) Values() []KmsGrantOperation

Values returns all known values for KmsGrantOperation. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type KmsKeyConfiguration ¶

type KmsKeyConfiguration struct {

	// A list of proposed grant configurations for the KMS key. If the proposed grant
	// configuration is for an existing key, the access preview uses the proposed list
	// of grant configurations in place of the existing grants. Otherwise, the access
	// preview uses the existing grants for the key.
	Grants []KmsGrantConfiguration

	// Resource policy configuration for the KMS key. The only valid value for the
	// name of the key policy is default . For more information, see [Default key policy].
	//
	// [Default key policy]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
	KeyPolicies map[string]string
	// contains filtered or unexported fields
}

Proposed access control configuration for a KMS key. You can propose a configuration for a new KMS key or an existing KMS key that you own by specifying the key policy and KMS grant configuration. If the configuration is for an existing key and you do not specify the key policy, the access preview uses the existing policy for the key. If the access preview is for a new resource and you do not specify the key policy, then the access preview uses the default key policy. The proposed key policy cannot be an empty string. For more information, see Default key policy. For more information about key policy limits, see Resource quotas.

type Locale ¶

type Locale string

const (
	LocaleDe   Locale = "DE"
	LocaleEn   Locale = "EN"
	LocaleEs   Locale = "ES"
	LocaleFr   Locale = "FR"
	LocaleIt   Locale = "IT"
	LocaleJa   Locale = "JA"
	LocaleKo   Locale = "KO"
	LocalePtBr Locale = "PT_BR"
	LocaleZhCn Locale = "ZH_CN"
	LocaleZhTw Locale = "ZH_TW"
)

Enum values for Locale

func (Locale) Values ¶

func (Locale) Values() []Locale

Values returns all known values for Locale. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type Location ¶

type Location struct {

	// A path in a policy, represented as a sequence of path elements.
	//
	// This member is required.
	Path []PathElement

	// A span in a policy.
	//
	// This member is required.
	Span *Span
	// contains filtered or unexported fields
}

A location in a policy that is represented as a path through the JSON representation and a corresponding span.

type NetworkOriginConfiguration ¶

type NetworkOriginConfiguration interface {
	// contains filtered or unexported methods
}

The proposed InternetConfiguration or VpcConfiguration to apply to the Amazon S3 access point. You can make the access point accessible from the internet, or you can specify that all requests made through that access point must originate from a specific virtual private cloud (VPC). You can specify only one type of network configuration. For more information, see Creating access points.

The following types satisfy this interface:

NetworkOriginConfigurationMemberInternetConfiguration
NetworkOriginConfigurationMemberVpcConfiguration

Example (OutputUsage)¶

Code:play

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.NetworkOriginConfiguration
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.NetworkOriginConfigurationMemberInternetConfiguration:
		_ = v.Value // Value is types.InternetConfiguration

	case *types.NetworkOriginConfigurationMemberVpcConfiguration:
		_ = v.Value // Value is types.VpcConfiguration

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type NetworkOriginConfigurationMemberInternetConfiguration ¶

type NetworkOriginConfigurationMemberInternetConfiguration struct {
	Value InternetConfiguration
	// contains filtered or unexported fields
}

The configuration for the Amazon S3 access point or multi-region access point with an Internet origin.

type NetworkOriginConfigurationMemberVpcConfiguration ¶

type NetworkOriginConfigurationMemberVpcConfiguration struct {
	Value VpcConfiguration
	// contains filtered or unexported fields
}

The proposed virtual private cloud (VPC) configuration for the Amazon S3 access point. VPC configuration does not apply to multi-region access points. For more information, see VpcConfiguration.

type OrderBy ¶

type OrderBy string

const (
	OrderByAsc  OrderBy = "ASC"
	OrderByDesc OrderBy = "DESC"
)

Enum values for OrderBy

func (OrderBy) Values ¶

func (OrderBy) Values() []OrderBy

Values returns all known values for OrderBy. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type PathElement ¶

type PathElement interface {
	// contains filtered or unexported methods
}

A single element in a path through the JSON representation of a policy.

The following types satisfy this interface:

PathElementMemberIndex
PathElementMemberKey
PathElementMemberSubstring
PathElementMemberValue

Example (OutputUsage)¶

Code:play

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.PathElement
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.PathElementMemberIndex:
		_ = v.Value // Value is int32

	case *types.PathElementMemberKey:
		_ = v.Value // Value is string

	case *types.PathElementMemberSubstring:
		_ = v.Value // Value is types.Substring

	case *types.PathElementMemberValue:
		_ = v.Value // Value is string

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type PathElementMemberIndex ¶

type PathElementMemberIndex struct {
	Value int32
	// contains filtered or unexported fields
}

Refers to an index in a JSON array.

type PathElementMemberKey ¶

type PathElementMemberKey struct {
	Value string
	// contains filtered or unexported fields
}

Refers to a key in a JSON object.

type PathElementMemberSubstring ¶

type PathElementMemberSubstring struct {
	Value Substring
	// contains filtered or unexported fields
}

Refers to a substring of a literal string in a JSON object.

type PathElementMemberValue ¶

type PathElementMemberValue struct {
	Value string
	// contains filtered or unexported fields
}

Refers to the value associated with a given key in a JSON object.

type PolicyGeneration ¶

type PolicyGeneration struct {

	// The JobId that is returned by the StartPolicyGeneration operation. The JobId
	// can be used with GetGeneratedPolicy to retrieve the generated policies or used
	// with CancelPolicyGeneration to cancel the policy generation request.
	//
	// This member is required.
	JobId *string

	// The ARN of the IAM entity (user or role) for which you are generating a policy.
	//
	// This member is required.
	PrincipalArn *string

	// A timestamp of when the policy generation started.
	//
	// This member is required.
	StartedOn *time.Time

	// The status of the policy generation request.
	//
	// This member is required.
	Status JobStatus

	// A timestamp of when the policy generation was completed.
	CompletedOn *time.Time
	// contains filtered or unexported fields
}

Contains details about the policy generation status and properties.

type PolicyGenerationDetails ¶

type PolicyGenerationDetails struct {

	// The ARN of the IAM entity (user or role) for which you are generating a policy.
	//
	// This member is required.
	PrincipalArn *string
	// contains filtered or unexported fields
}

Contains the ARN details about the IAM entity for which the policy is generated.

type PolicyType ¶

type PolicyType string

const (
	PolicyTypeIdentityPolicy        PolicyType = "IDENTITY_POLICY"
	PolicyTypeResourcePolicy        PolicyType = "RESOURCE_POLICY"
	PolicyTypeServiceControlPolicy  PolicyType = "SERVICE_CONTROL_POLICY"
	PolicyTypeResourceControlPolicy PolicyType = "RESOURCE_CONTROL_POLICY"
)

Enum values for PolicyType

func (PolicyType) Values ¶

func (PolicyType) Values() []PolicyType

Values returns all known values for PolicyType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type Position ¶

type Position struct {

	// The column of the position, starting from 0.
	//
	// This member is required.
	Column *int32

	// The line of the position, starting from 1.
	//
	// This member is required.
	Line *int32

	// The offset within the policy that corresponds to the position, starting from 0.
	//
	// This member is required.
	Offset *int32
	// contains filtered or unexported fields
}

A position in a policy.

type RdsDbClusterSnapshotAttributeValue ¶

type RdsDbClusterSnapshotAttributeValue interface {
	// contains filtered or unexported methods
}

The values for a manual Amazon RDS DB cluster snapshot attribute.

The following types satisfy this interface:

RdsDbClusterSnapshotAttributeValueMemberAccountIds

Example (OutputUsage)¶

Code:play

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.RdsDbClusterSnapshotAttributeValue
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.RdsDbClusterSnapshotAttributeValueMemberAccountIds:
		_ = v.Value // Value is []string

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type RdsDbClusterSnapshotAttributeValueMemberAccountIds ¶

type RdsDbClusterSnapshotAttributeValueMemberAccountIds struct {
	Value []string
	// contains filtered or unexported fields
}

The Amazon Web Services account IDs that have access to the manual Amazon RDS DB cluster snapshot. If the value all is specified, then the Amazon RDS DB cluster snapshot is public and can be copied or restored by all Amazon Web Services accounts.

If the configuration is for an existing Amazon RDS DB cluster snapshot and you do not specify the accountIds in RdsDbClusterSnapshotAttributeValue , then the access preview uses the existing shared accountIds for the snapshot.
If the access preview is for a new resource and you do not specify the specify the accountIds in RdsDbClusterSnapshotAttributeValue , then the access preview considers the snapshot without any attributes.
To propose deletion of existing shared accountIds , you can specify an empty list for accountIds in the RdsDbClusterSnapshotAttributeValue .

type RdsDbClusterSnapshotConfiguration ¶

type RdsDbClusterSnapshotConfiguration struct {

	// The names and values of manual DB cluster snapshot attributes. Manual DB
	// cluster snapshot attributes are used to authorize other Amazon Web Services
	// accounts to restore a manual DB cluster snapshot. The only valid value for
	// AttributeName for the attribute map is restore
	Attributes map[string]RdsDbClusterSnapshotAttributeValue

	// The KMS key identifier for an encrypted Amazon RDS DB cluster snapshot. The KMS
	// key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
	//
	//   - If the configuration is for an existing Amazon RDS DB cluster snapshot and
	//   you do not specify the kmsKeyId , or you specify an empty string, then the
	//   access preview uses the existing kmsKeyId of the snapshot.
	//
	//   - If the access preview is for a new resource and you do not specify the
	//   specify the kmsKeyId , then the access preview considers the snapshot as
	//   unencrypted.
	KmsKeyId *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon RDS DB cluster snapshot. You can propose a configuration for a new Amazon RDS DB cluster snapshot or an Amazon RDS DB cluster snapshot that you own by specifying the RdsDbClusterSnapshotAttributeValue and optional KMS encryption key. For more information, see ModifyDBClusterSnapshotAttribute.

type RdsDbSnapshotAttributeValue ¶

type RdsDbSnapshotAttributeValue interface {
	// contains filtered or unexported methods
}

The name and values of a manual Amazon RDS DB snapshot attribute. Manual DB snapshot attributes are used to authorize other Amazon Web Services accounts to restore a manual DB snapshot.

The following types satisfy this interface:

RdsDbSnapshotAttributeValueMemberAccountIds

Example (OutputUsage)¶

Code:play

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.RdsDbSnapshotAttributeValue
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.RdsDbSnapshotAttributeValueMemberAccountIds:
		_ = v.Value // Value is []string

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type RdsDbSnapshotAttributeValueMemberAccountIds ¶

type RdsDbSnapshotAttributeValueMemberAccountIds struct {
	Value []string
	// contains filtered or unexported fields
}

The Amazon Web Services account IDs that have access to the manual Amazon RDS DB snapshot. If the value all is specified, then the Amazon RDS DB snapshot is public and can be copied or restored by all Amazon Web Services accounts.

If the configuration is for an existing Amazon RDS DB snapshot and you do not specify the accountIds in RdsDbSnapshotAttributeValue , then the access preview uses the existing shared accountIds for the snapshot.
If the access preview is for a new resource and you do not specify the specify the accountIds in RdsDbSnapshotAttributeValue , then the access preview considers the snapshot without any attributes.
To propose deletion of an existing shared accountIds , you can specify an empty list for accountIds in the RdsDbSnapshotAttributeValue .

type RdsDbSnapshotConfiguration ¶

type RdsDbSnapshotConfiguration struct {

	// The names and values of manual DB snapshot attributes. Manual DB snapshot
	// attributes are used to authorize other Amazon Web Services accounts to restore a
	// manual DB snapshot. The only valid value for attributeName for the attribute
	// map is restore.
	Attributes map[string]RdsDbSnapshotAttributeValue

	// The KMS key identifier for an encrypted Amazon RDS DB snapshot. The KMS key
	// identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
	//
	//   - If the configuration is for an existing Amazon RDS DB snapshot and you do
	//   not specify the kmsKeyId , or you specify an empty string, then the access
	//   preview uses the existing kmsKeyId of the snapshot.
	//
	//   - If the access preview is for a new resource and you do not specify the
	//   specify the kmsKeyId , then the access preview considers the snapshot as
	//   unencrypted.
	KmsKeyId *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon RDS DB snapshot. You can propose a configuration for a new Amazon RDS DB snapshot or an Amazon RDS DB snapshot that you own by specifying the RdsDbSnapshotAttributeValue and optional KMS encryption key. For more information, see ModifyDBSnapshotAttribute.

type ReasonCode ¶

type ReasonCode string

const (
	ReasonCodeAwsServiceAccessDisabled           ReasonCode = "AWS_SERVICE_ACCESS_DISABLED"
	ReasonCodeDelegatedAdministratorDeregistered ReasonCode = "DELEGATED_ADMINISTRATOR_DEREGISTERED"
	ReasonCodeOrganizationDeleted                ReasonCode = "ORGANIZATION_DELETED"
	ReasonCodeServiceLinkedRoleCreationFailed    ReasonCode = "SERVICE_LINKED_ROLE_CREATION_FAILED"
)

Enum values for ReasonCode

func (ReasonCode) Values ¶

func (ReasonCode) Values() []ReasonCode

Values returns all known values for ReasonCode. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ReasonSummary ¶

type ReasonSummary struct {

	// A description of the reasoning of a result of checking for access.
	Description *string

	// The identifier for the reason statement.
	StatementId *string

	// The index number of the reason statement.
	StatementIndex *int32
	// contains filtered or unexported fields
}

Contains information about the reasoning why a check for access passed or failed.

type RecommendationError ¶

type RecommendationError struct {

	// The error code for a failed retrieval of a recommendation for a finding.
	//
	// This member is required.
	Code *string

	// The error message for a failed retrieval of a recommendation for a finding.
	//
	// This member is required.
	Message *string
	// contains filtered or unexported fields
}

Contains information about the reason that the retrieval of a recommendation for a finding failed.

type RecommendationType ¶

type RecommendationType string

const (
	RecommendationTypeUnusedPermissionRecommendation RecommendationType = "UnusedPermissionRecommendation"
)

Enum values for RecommendationType

func (RecommendationType) Values ¶

func (RecommendationType) Values() []RecommendationType

Values returns all known values for RecommendationType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type RecommendedRemediationAction ¶

type RecommendedRemediationAction string

const (
	RecommendedRemediationActionCreatePolicy RecommendedRemediationAction = "CREATE_POLICY"
	RecommendedRemediationActionDetachPolicy RecommendedRemediationAction = "DETACH_POLICY"
)

Enum values for RecommendedRemediationAction

func (RecommendedRemediationAction) Values ¶

func (RecommendedRemediationAction) Values() []RecommendedRemediationAction

Values returns all known values for RecommendedRemediationAction. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type RecommendedStep ¶

type RecommendedStep interface {
	// contains filtered or unexported methods
}

Contains information about a recommended step for an unused access analyzer finding.

The following types satisfy this interface:

RecommendedStepMemberUnusedPermissionsRecommendedStep

Example (OutputUsage)¶

Code:play

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.RecommendedStep
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.RecommendedStepMemberUnusedPermissionsRecommendedStep:
		_ = v.Value // Value is types.UnusedPermissionsRecommendedStep

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type RecommendedStepMemberUnusedPermissionsRecommendedStep ¶

type RecommendedStepMemberUnusedPermissionsRecommendedStep struct {
	Value UnusedPermissionsRecommendedStep
	// contains filtered or unexported fields
}

A recommended step for an unused permissions finding.

type ResourceControlPolicyRestriction ¶

type ResourceControlPolicyRestriction string

const (
	ResourceControlPolicyRestrictionApplicable          ResourceControlPolicyRestriction = "APPLICABLE"
	ResourceControlPolicyRestrictionFailedToEvaluateRcp ResourceControlPolicyRestriction = "FAILED_TO_EVALUATE_RCP"
	ResourceControlPolicyRestrictionNotApplicable       ResourceControlPolicyRestriction = "NOT_APPLICABLE"
)

Enum values for ResourceControlPolicyRestriction

func (ResourceControlPolicyRestriction) Values ¶

func (ResourceControlPolicyRestriction) Values() []ResourceControlPolicyRestriction

Values returns all known values for ResourceControlPolicyRestriction. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ResourceNotFoundException ¶

type ResourceNotFoundException struct {
	Message *string

	ErrorCodeOverride *string

	ResourceId   *string
	ResourceType *string
	// contains filtered or unexported fields
}

The specified resource could not be found.

func (*ResourceNotFoundException) Error ¶

func (e *ResourceNotFoundException) Error() string

func (*ResourceNotFoundException) ErrorCode ¶

func (e *ResourceNotFoundException) ErrorCode() string

func (*ResourceNotFoundException) ErrorFault ¶

func (e *ResourceNotFoundException) ErrorFault() smithy.ErrorFault

func (*ResourceNotFoundException) ErrorMessage ¶

func (e *ResourceNotFoundException) ErrorMessage() string

type ResourceType ¶

type ResourceType string

const (
	ResourceTypeAwsS3Bucket                 ResourceType = "AWS::S3::Bucket"
	ResourceTypeAwsIamRole                  ResourceType = "AWS::IAM::Role"
	ResourceTypeAwsSqsQueue                 ResourceType = "AWS::SQS::Queue"
	ResourceTypeAwsLambdaFunction           ResourceType = "AWS::Lambda::Function"
	ResourceTypeAwsLambdaLayerversion       ResourceType = "AWS::Lambda::LayerVersion"
	ResourceTypeAwsKmsKey                   ResourceType = "AWS::KMS::Key"
	ResourceTypeAwsSecretsmanagerSecret     ResourceType = "AWS::SecretsManager::Secret"
	ResourceTypeAwsEfsFilesystem            ResourceType = "AWS::EFS::FileSystem"
	ResourceTypeAwsEc2Snapshot              ResourceType = "AWS::EC2::Snapshot"
	ResourceTypeAwsEcrRepository            ResourceType = "AWS::ECR::Repository"
	ResourceTypeAwsRdsDbsnapshot            ResourceType = "AWS::RDS::DBSnapshot"
	ResourceTypeAwsRdsDbclustersnapshot     ResourceType = "AWS::RDS::DBClusterSnapshot"
	ResourceTypeAwsSnsTopic                 ResourceType = "AWS::SNS::Topic"
	ResourceTypeAwsS3expressDirectorybucket ResourceType = "AWS::S3Express::DirectoryBucket"
	ResourceTypeAwsDynamodbTable            ResourceType = "AWS::DynamoDB::Table"
	ResourceTypeAwsDynamodbStream           ResourceType = "AWS::DynamoDB::Stream"
	ResourceTypeAwsIamUser                  ResourceType = "AWS::IAM::User"
)

Enum values for ResourceType

func (ResourceType) Values ¶

func (ResourceType) Values() []ResourceType

Values returns all known values for ResourceType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ResourceTypeDetails ¶

type ResourceTypeDetails struct {

	// The total number of active cross-account findings for the resource type.
	TotalActiveCrossAccount *int32

	// The total number of active public findings for the resource type.
	TotalActivePublic *int32
	// contains filtered or unexported fields
}

Contains information about the total number of active cross-account and public findings for a resource type of an external access analyzer.

type S3AccessPointConfiguration ¶

type S3AccessPointConfiguration struct {

	// The access point or multi-region access point policy.
	AccessPointPolicy *string

	// The proposed Internet and VpcConfiguration to apply to this Amazon S3 access
	// point. VpcConfiguration does not apply to multi-region access points. If the
	// access preview is for a new resource and neither is specified, the access
	// preview uses Internet for the network origin. If the access preview is for an
	// existing resource and neither is specified, the access preview uses the existing
	// network origin.
	NetworkOrigin NetworkOriginConfiguration

	// The proposed S3PublicAccessBlock configuration to apply to this Amazon S3
	// access point or multi-region access point.
	PublicAccessBlock *S3PublicAccessBlockConfiguration
	// contains filtered or unexported fields
}

The configuration for an Amazon S3 access point or multi-region access point for the bucket. You can propose up to 10 access points or multi-region access points per bucket. If the proposed Amazon S3 access point configuration is for an existing bucket, the access preview uses the proposed access point configuration in place of the existing access points. To propose an access point without a policy, you can provide an empty string as the access point policy. For more information, see Creating access points. For more information about access point policy limits, see Access points restrictions and limitations.

type S3BucketAclGrantConfiguration ¶

type S3BucketAclGrantConfiguration struct {

	// The grantee to whom you’re assigning access rights.
	//
	// This member is required.
	Grantee AclGrantee

	// The permissions being granted.
	//
	// This member is required.
	Permission AclPermission
	// contains filtered or unexported fields
}

A proposed access control list grant configuration for an Amazon S3 bucket. For more information, see How to Specify an ACL.

type S3BucketConfiguration ¶

type S3BucketConfiguration struct {

	// The configuration of Amazon S3 access points or multi-region access points for
	// the bucket. You can propose up to 10 new access points per bucket.
	AccessPoints map[string]S3AccessPointConfiguration

	// The proposed list of ACL grants for the Amazon S3 bucket. You can propose up to
	// 100 ACL grants per bucket. If the proposed grant configuration is for an
	// existing bucket, the access preview uses the proposed list of grant
	// configurations in place of the existing grants. Otherwise, the access preview
	// uses the existing grants for the bucket.
	BucketAclGrants []S3BucketAclGrantConfiguration

	// The proposed bucket policy for the Amazon S3 bucket.
	BucketPolicy *string

	// The proposed block public access configuration for the Amazon S3 bucket.
	BucketPublicAccessBlock *S3PublicAccessBlockConfiguration
	// contains filtered or unexported fields
}

Proposed access control configuration for an Amazon S3 bucket. You can propose a configuration for a new Amazon S3 bucket or an existing Amazon S3 bucket that you own by specifying the Amazon S3 bucket policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and multi-region access points attached to the bucket. If the configuration is for an existing Amazon S3 bucket and you do not specify the Amazon S3 bucket policy, the access preview uses the existing policy attached to the bucket. If the access preview is for a new resource and you do not specify the Amazon S3 bucket policy, the access preview assumes a bucket without a policy. To propose deletion of an existing bucket policy, you can specify an empty string. For more information about bucket policy limits, see Bucket Policy Examples.

type S3ExpressDirectoryAccessPointConfiguration ¶

type S3ExpressDirectoryAccessPointConfiguration struct {

	// The proposed access point policy for an Amazon S3 directory bucket access point.
	AccessPointPolicy *string

	// The proposed InternetConfiguration or VpcConfiguration to apply to the Amazon
	// S3 access point. You can make the access point accessible from the internet, or
	// you can specify that all requests made through that access point must originate
	// from a specific virtual private cloud (VPC). You can specify only one type of
	// network configuration. For more information, see [Creating access points].
	//
	// [Creating access points]: https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html
	NetworkOrigin NetworkOriginConfiguration
	// contains filtered or unexported fields
}

Proposed configuration for an access point attached to an Amazon S3 directory bucket. You can propose up to 10 access points per bucket. If the proposed access point configuration is for an existing Amazon S3 directory bucket, the access preview uses the proposed access point configuration in place of the existing access points. To propose an access point without a policy, you can provide an empty string as the access point policy. For more information about access points for Amazon S3 directory buckets, see Managing access to directory buckets with access pointsin the Amazon Simple Storage Service User Guide.

type S3ExpressDirectoryBucketConfiguration ¶

type S3ExpressDirectoryBucketConfiguration struct {

	// The proposed access points for the Amazon S3 directory bucket.
	AccessPoints map[string]S3ExpressDirectoryAccessPointConfiguration

	// The proposed bucket policy for the Amazon S3 directory bucket.
	BucketPolicy *string
	// contains filtered or unexported fields
}

Proposed access control configuration for an Amazon S3 directory bucket. You can propose a configuration for a new Amazon S3 directory bucket or an existing Amazon S3 directory bucket that you own by specifying the Amazon S3 bucket policy. If the configuration is for an existing Amazon S3 directory bucket and you do not specify the Amazon S3 bucket policy, the access preview uses the existing policy attached to the directory bucket. If the access preview is for a new resource and you do not specify the Amazon S3 bucket policy, the access preview assumes an directory bucket without a policy. To propose deletion of an existing bucket policy, you can specify an empty string. For more information about Amazon S3 directory bucket policies, see Example bucket policies for directory bucketsin the Amazon Simple Storage Service User Guide.

type S3PublicAccessBlockConfiguration ¶

type S3PublicAccessBlockConfiguration struct {

	//  Specifies whether Amazon S3 should ignore public ACLs for this bucket and
	// objects in this bucket.
	//
	// This member is required.
	IgnorePublicAcls *bool

	//  Specifies whether Amazon S3 should restrict public bucket policies for this
	// bucket.
	//
	// This member is required.
	RestrictPublicBuckets *bool
	// contains filtered or unexported fields
}

The PublicAccessBlock configuration to apply to this Amazon S3 bucket. If the proposed configuration is for an existing Amazon S3 bucket and the configuration is not specified, the access preview uses the existing setting. If the proposed configuration is for a new bucket and the configuration is not specified, the access preview uses false . If the proposed configuration is for a new access point or multi-region access point and the access point BPA configuration is not specified, the access preview uses true . For more information, see PublicAccessBlockConfiguration.

type SecretsManagerSecretConfiguration ¶

type SecretsManagerSecretConfiguration struct {

	// The proposed ARN, key ID, or alias of the KMS key.
	KmsKeyId *string

	// The proposed resource policy defining who can access or manage the secret.
	SecretPolicy *string
	// contains filtered or unexported fields
}

The configuration for a Secrets Manager secret. For more information, see CreateSecret.

You can propose a configuration for a new secret or an existing secret that you own by specifying the secret policy and optional KMS encryption key. If the configuration is for an existing secret and you do not specify the secret policy, the access preview uses the existing policy for the secret. If the access preview is for a new resource and you do not specify the policy, the access preview assumes a secret without a policy. To propose deletion of an existing policy, you can specify an empty string. If the proposed configuration is for a new secret and you do not specify the KMS key ID, the access preview uses the Amazon Web Services managed key aws/secretsmanager . If you specify an empty string for the KMS key ID, the access preview uses the Amazon Web Services managed key of the Amazon Web Services account. For more information about secret policy limits, see Quotas for Secrets Manager..

type ServiceQuotaExceededException ¶

type ServiceQuotaExceededException struct {
	Message *string

	ErrorCodeOverride *string

	ResourceId   *string
	ResourceType *string
	// contains filtered or unexported fields
}

Service quote met error.

func (*ServiceQuotaExceededException) Error ¶

func (e *ServiceQuotaExceededException) Error() string

func (*ServiceQuotaExceededException) ErrorCode ¶

func (e *ServiceQuotaExceededException) ErrorCode() string

func (*ServiceQuotaExceededException) ErrorFault ¶

func (e *ServiceQuotaExceededException) ErrorFault() smithy.ErrorFault

func (*ServiceQuotaExceededException) ErrorMessage ¶

func (e *ServiceQuotaExceededException) ErrorMessage() string

type SnsTopicConfiguration ¶

type SnsTopicConfiguration struct {

	// The JSON policy text that defines who can access an Amazon SNS topic. For more
	// information, see [Example cases for Amazon SNS access control]in the Amazon SNS Developer Guide.
	//
	// [Example cases for Amazon SNS access control]: https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html
	TopicPolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon SNS topic. You can propose a configuration for a new Amazon SNS topic or an existing Amazon SNS topic that you own by specifying the policy. If the configuration is for an existing Amazon SNS topic and you do not specify the Amazon SNS policy, then the access preview uses the existing Amazon SNS policy for the topic. If the access preview is for a new resource and you do not specify the policy, then the access preview assumes an Amazon SNS topic without a policy. To propose deletion of an existing Amazon SNS topic policy, you can specify an empty string for the Amazon SNS policy. For more information, see Topic.

type SortCriteria ¶

type SortCriteria struct {

	// The name of the attribute to sort on.
	AttributeName *string

	// The sort order, ascending or descending.
	OrderBy OrderBy
	// contains filtered or unexported fields
}

The criteria used to sort.

type Span ¶

type Span struct {

	// The end position of the span (exclusive).
	//
	// This member is required.
	End *Position

	// The start position of the span (inclusive).
	//
	// This member is required.
	Start *Position
	// contains filtered or unexported fields
}

A span in a policy. The span consists of a start position (inclusive) and end position (exclusive).

type SqsQueueConfiguration ¶

type SqsQueueConfiguration struct {

	//  The proposed resource policy for the Amazon SQS queue.
	QueuePolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon SQS queue. You can propose a configuration for a new Amazon SQS queue or an existing Amazon SQS queue that you own by specifying the Amazon SQS policy. If the configuration is for an existing Amazon SQS queue and you do not specify the Amazon SQS policy, the access preview uses the existing Amazon SQS policy for the queue. If the access preview is for a new resource and you do not specify the policy, the access preview assumes an Amazon SQS queue without a policy. To propose deletion of an existing Amazon SQS queue policy, you can specify an empty string for the Amazon SQS policy. For more information about Amazon SQS policy limits, see Quotas related to policies.

type Status ¶

type Status string

const (
	StatusSucceeded  Status = "SUCCEEDED"
	StatusFailed     Status = "FAILED"
	StatusInProgress Status = "IN_PROGRESS"
)

Enum values for Status

func (Status) Values ¶

func (Status) Values() []Status

Values returns all known values for Status. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type StatusReason ¶

type StatusReason struct {

	// The reason code for the current status of the analyzer.
	//
	// This member is required.
	Code ReasonCode
	// contains filtered or unexported fields
}

Provides more details about the current status of the analyzer. For example, if the creation for the analyzer fails, a Failed status is returned. For an analyzer with organization as the type, this failure can be due to an issue with creating the service-linked roles required in the member accounts of the Amazon Web Services organization.

type Substring ¶

type Substring struct {

	// The length of the substring.
	//
	// This member is required.
	Length *int32

	// The start index of the substring, starting from 0.
	//
	// This member is required.
	Start *int32
	// contains filtered or unexported fields
}

A reference to a substring of a literal string in a JSON document.

type ThrottlingException ¶

type ThrottlingException struct {
	Message *string

	ErrorCodeOverride *string

	RetryAfterSeconds *int32
	// contains filtered or unexported fields
}

Throttling limit exceeded error.

func (*ThrottlingException) Error ¶

func (e *ThrottlingException) Error() string

func (*ThrottlingException) ErrorCode ¶

func (e *ThrottlingException) ErrorCode() string

func (*ThrottlingException) ErrorFault ¶

func (e *ThrottlingException) ErrorFault() smithy.ErrorFault

func (*ThrottlingException) ErrorMessage ¶

func (e *ThrottlingException) ErrorMessage() string

type Trail ¶

type Trail struct {

	// Specifies the ARN of the trail. The format of a trail ARN is
	// arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail .
	//
	// This member is required.
	CloudTrailArn *string

	// Possible values are true or false . If set to true , IAM Access Analyzer
	// retrieves CloudTrail data from all regions to analyze and generate a policy.
	AllRegions *bool

	// A list of regions to get CloudTrail data from and analyze to generate a policy.
	Regions []string
	// contains filtered or unexported fields
}

Contains details about the CloudTrail trail being analyzed to generate a policy.

type TrailProperties ¶

type TrailProperties struct {

	// Specifies the ARN of the trail. The format of a trail ARN is
	// arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail .
	//
	// This member is required.
	CloudTrailArn *string

	// Possible values are true or false . If set to true , IAM Access Analyzer
	// retrieves CloudTrail data from all regions to analyze and generate a policy.
	AllRegions *bool

	// A list of regions to get CloudTrail data from and analyze to generate a policy.
	Regions []string
	// contains filtered or unexported fields
}

Contains details about the CloudTrail trail being analyzed to generate a policy.

type Type ¶

type Type string

const (
	TypeAccount                  Type = "ACCOUNT"
	TypeOrganization             Type = "ORGANIZATION"
	TypeAccountUnusedAccess      Type = "ACCOUNT_UNUSED_ACCESS"
	TypeOrganizationUnusedAccess Type = "ORGANIZATION_UNUSED_ACCESS"
)

Enum values for Type

func (Type) Values ¶

func (Type) Values() []Type

Values returns all known values for Type. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type UnknownUnionMember ¶

type UnknownUnionMember struct {
	Tag   string
	Value []byte
	// contains filtered or unexported fields
}

UnknownUnionMember is returned when a union member is returned over the wire, but has an unknown tag.

type UnprocessableEntityException ¶

type UnprocessableEntityException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The specified entity could not be processed.

func (*UnprocessableEntityException) Error ¶

func (e *UnprocessableEntityException) Error() string

func (*UnprocessableEntityException) ErrorCode ¶

func (e *UnprocessableEntityException) ErrorCode() string

func (*UnprocessableEntityException) ErrorFault ¶

func (e *UnprocessableEntityException) ErrorFault() smithy.ErrorFault

func (*UnprocessableEntityException) ErrorMessage ¶

func (e *UnprocessableEntityException) ErrorMessage() string

type UnusedAccessConfiguration ¶

type UnusedAccessConfiguration struct {

	// Contains information about analysis rules for the analyzer. Analysis rules
	// determine which entities will generate findings based on the criteria you define
	// when you create the rule.
	AnalysisRule *AnalysisRule

	// The specified access age in days for which to generate findings for unused
	// access. For example, if you specify 90 days, the analyzer will generate findings
	// for IAM entities within the accounts of the selected organization for any access
	// that hasn't been used in 90 or more days since the analyzer's last scan. You can
	// choose a value between 1 and 365 days.
	UnusedAccessAge *int32
	// contains filtered or unexported fields
}

Contains information about an unused access analyzer.

type UnusedAccessFindingsStatistics ¶

type UnusedAccessFindingsStatistics struct {

	// A list of one to ten Amazon Web Services accounts that have the most active
	// findings for the unused access analyzer.
	TopAccounts []FindingAggregationAccountDetails

	// The total number of active findings for the unused access analyzer.
	TotalActiveFindings *int32

	// The total number of archived findings for the unused access analyzer.
	TotalArchivedFindings *int32

	// The total number of resolved findings for the unused access analyzer.
	TotalResolvedFindings *int32

	// A list of details about the total number of findings for each type of unused
	// access for the analyzer.
	UnusedAccessTypeStatistics []UnusedAccessTypeStatistics
	// contains filtered or unexported fields
}

Provides aggregate statistics about the findings for the specified unused access analyzer.

type UnusedAccessTypeStatistics ¶

type UnusedAccessTypeStatistics struct {

	// The total number of findings for the specified unused access type.
	Total *int32

	// The type of unused access.
	UnusedAccessType *string
	// contains filtered or unexported fields
}

Contains information about the total number of findings for a type of unused access.

type UnusedAction ¶

type UnusedAction struct {

	// The action for which the unused access finding was generated.
	//
	// This member is required.
	Action *string

	// The time at which the action was last accessed.
	LastAccessed *time.Time
	// contains filtered or unexported fields
}

Contains information about an unused access finding for an action. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing.

type UnusedIamRoleDetails ¶

type UnusedIamRoleDetails struct {

	// The time at which the role was last accessed.
	LastAccessed *time.Time
	// contains filtered or unexported fields
}

Contains information about an unused access finding for an IAM role. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing.

type UnusedIamUserAccessKeyDetails ¶

type UnusedIamUserAccessKeyDetails struct {

	// The ID of the access key for which the unused access finding was generated.
	//
	// This member is required.
	AccessKeyId *string

	// The time at which the access key was last accessed.
	LastAccessed *time.Time
	// contains filtered or unexported fields
}

Contains information about an unused access finding for an IAM user access key. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing.

type UnusedIamUserPasswordDetails ¶

type UnusedIamUserPasswordDetails struct {

	// The time at which the password was last accessed.
	LastAccessed *time.Time
	// contains filtered or unexported fields
}

Contains information about an unused access finding for an IAM user password. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing.

type UnusedPermissionDetails ¶

type UnusedPermissionDetails struct {

	// The namespace of the Amazon Web Services service that contains the unused
	// actions.
	//
	// This member is required.
	ServiceNamespace *string

	// A list of unused actions for which the unused access finding was generated.
	Actions []UnusedAction

	// The time at which the permission was last accessed.
	LastAccessed *time.Time
	// contains filtered or unexported fields
}

Contains information about an unused access finding for a permission. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing.

type UnusedPermissionsRecommendedStep ¶

type UnusedPermissionsRecommendedStep struct {

	// A recommendation of whether to create or detach a policy for an unused
	// permissions finding.
	//
	// This member is required.
	RecommendedAction RecommendedRemediationAction

	// If the recommended action for the unused permissions finding is to detach a
	// policy, the ID of an existing policy to be detached.
	ExistingPolicyId *string

	// The time at which the existing policy for the unused permissions finding was
	// last updated.
	PolicyUpdatedAt *time.Time

	// If the recommended action for the unused permissions finding is to replace the
	// existing policy, the contents of the recommended policy to replace the policy
	// specified in the existingPolicyId field.
	RecommendedPolicy *string
	// contains filtered or unexported fields
}

Contains information about the action to take for a policy in an unused permissions finding.

type ValidatePolicyFinding ¶

type ValidatePolicyFinding struct {

	// A localized message that explains the finding and provides guidance on how to
	// address it.
	//
	// This member is required.
	FindingDetails *string

	// The impact of the finding.
	//
	// Security warnings report when the policy allows access that we consider overly
	// permissive.
	//
	// Errors report when a part of the policy is not functional.
	//
	// Warnings report non-security issues when a policy does not conform to policy
	// writing best practices.
	//
	// Suggestions recommend stylistic improvements in the policy that do not impact
	// access.
	//
	// This member is required.
	FindingType ValidatePolicyFindingType

	// The issue code provides an identifier of the issue associated with this finding.
	//
	// This member is required.
	IssueCode *string

	// A link to additional documentation about the type of finding.
	//
	// This member is required.
	LearnMoreLink *string

	// The list of locations in the policy document that are related to the finding.
	// The issue code provides a summary of an issue identified by the finding.
	//
	// This member is required.
	Locations []Location
	// contains filtered or unexported fields
}

A finding in a policy. Each finding is an actionable recommendation that can be used to improve the policy.

type ValidatePolicyFindingType ¶

type ValidatePolicyFindingType string

const (
	ValidatePolicyFindingTypeError           ValidatePolicyFindingType = "ERROR"
	ValidatePolicyFindingTypeSecurityWarning ValidatePolicyFindingType = "SECURITY_WARNING"
	ValidatePolicyFindingTypeSuggestion      ValidatePolicyFindingType = "SUGGESTION"
	ValidatePolicyFindingTypeWarning         ValidatePolicyFindingType = "WARNING"
)

Enum values for ValidatePolicyFindingType

func (ValidatePolicyFindingType) Values ¶

func (ValidatePolicyFindingType) Values() []ValidatePolicyFindingType

Values returns all known values for ValidatePolicyFindingType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ValidatePolicyResourceType ¶

type ValidatePolicyResourceType string

const (
	ValidatePolicyResourceTypeS3Bucket                  ValidatePolicyResourceType = "AWS::S3::Bucket"
	ValidatePolicyResourceTypeS3AccessPoint             ValidatePolicyResourceType = "AWS::S3::AccessPoint"
	ValidatePolicyResourceTypeS3MultiRegionAccessPoint  ValidatePolicyResourceType = "AWS::S3::MultiRegionAccessPoint"
	ValidatePolicyResourceTypeS3ObjectLambdaAccessPoint ValidatePolicyResourceType = "AWS::S3ObjectLambda::AccessPoint"
	ValidatePolicyResourceTypeRoleTrust                 ValidatePolicyResourceType = "AWS::IAM::AssumeRolePolicyDocument"
	ValidatePolicyResourceTypeDynamodbTable             ValidatePolicyResourceType = "AWS::DynamoDB::Table"
)

Enum values for ValidatePolicyResourceType

func (ValidatePolicyResourceType) Values ¶

func (ValidatePolicyResourceType) Values() []ValidatePolicyResourceType

Values returns all known values for ValidatePolicyResourceType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ValidationException ¶

type ValidationException struct {
	Message *string

	ErrorCodeOverride *string

	Reason    ValidationExceptionReason
	FieldList []ValidationExceptionField
	// contains filtered or unexported fields
}

Validation exception error.

func (*ValidationException) Error ¶

func (e *ValidationException) Error() string

func (*ValidationException) ErrorCode ¶

func (e *ValidationException) ErrorCode() string

func (*ValidationException) ErrorFault ¶

func (e *ValidationException) ErrorFault() smithy.ErrorFault

func (*ValidationException) ErrorMessage ¶

func (e *ValidationException) ErrorMessage() string

type ValidationExceptionField ¶

type ValidationExceptionField struct {

	// A message about the validation exception.
	//
	// This member is required.
	Message *string

	// The name of the validation exception.
	//
	// This member is required.
	Name *string
	// contains filtered or unexported fields
}

Contains information about a validation exception.

type ValidationExceptionReason ¶

type ValidationExceptionReason string

const (
	ValidationExceptionReasonUnknownOperation      ValidationExceptionReason = "unknownOperation"
	ValidationExceptionReasonCannotParse           ValidationExceptionReason = "cannotParse"
	ValidationExceptionReasonFieldValidationFailed ValidationExceptionReason = "fieldValidationFailed"
	ValidationExceptionReasonOther                 ValidationExceptionReason = "other"
	ValidationExceptionReasonNotSupported          ValidationExceptionReason = "notSupported"
)

Enum values for ValidationExceptionReason

func (ValidationExceptionReason) Values ¶

func (ValidationExceptionReason) Values() []ValidationExceptionReason

Values returns all known values for ValidationExceptionReason. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type VpcConfiguration ¶

type VpcConfiguration struct {

	//  If this field is specified, this access point will only allow connections from
	// the specified VPC ID.
	//
	// This member is required.
	VpcId *string
	// contains filtered or unexported fields
}

The proposed virtual private cloud (VPC) configuration for the Amazon S3 access point. VPC configuration does not apply to multi-region access points. For more information, see VpcConfiguration.

Source Files ¶

enums.go errors.go types.go

Version: v1.39.0 (latest)
Published: Apr 17, 2025
Platform: windows/amd64
Imports: 4 packages
Last checked: 3 hours ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples

package types

Index ¶

Examples ¶

Types ¶

type Access ¶

type AccessCheckPolicyType ¶

func (AccessCheckPolicyType) Values ¶

type AccessCheckResourceType ¶

func (AccessCheckResourceType) Values ¶

type AccessDeniedException ¶

func (*AccessDeniedException) Error ¶

func (*AccessDeniedException) ErrorCode ¶

func (*AccessDeniedException) ErrorFault ¶

func (*AccessDeniedException) ErrorMessage ¶

type AccessPreview ¶

type AccessPreviewFinding ¶

type AccessPreviewStatus ¶

func (AccessPreviewStatus) Values ¶

type AccessPreviewStatusReason ¶

type AccessPreviewStatusReasonCode ¶

func (AccessPreviewStatusReasonCode) Values ¶

type AccessPreviewSummary ¶

type AclGrantee ¶

type AclGranteeMemberId ¶

type AclGranteeMemberUri ¶

type AclPermission ¶

func (AclPermission) Values ¶

type AnalysisRule ¶

type AnalysisRuleCriteria ¶

type AnalyzedResource ¶

type AnalyzedResourceSummary ¶

type AnalyzerConfiguration ¶

type AnalyzerConfigurationMemberUnusedAccess ¶

type AnalyzerStatus ¶

func (AnalyzerStatus) Values ¶

type AnalyzerSummary ¶

type ArchiveRuleSummary ¶

type CheckAccessNotGrantedResult ¶

func (CheckAccessNotGrantedResult) Values ¶

type CheckNoNewAccessResult ¶

func (CheckNoNewAccessResult) Values ¶

type CheckNoPublicAccessResult ¶

func (CheckNoPublicAccessResult) Values ¶

type CloudTrailDetails ¶

type CloudTrailProperties ¶

type Configuration ¶

type ConfigurationMemberDynamodbStream ¶

type ConfigurationMemberDynamodbTable ¶

type ConfigurationMemberEbsSnapshot ¶

type ConfigurationMemberEcrRepository ¶

type ConfigurationMemberEfsFileSystem ¶

type ConfigurationMemberIamRole ¶

type ConfigurationMemberKmsKey ¶

type ConfigurationMemberRdsDbClusterSnapshot ¶

type ConfigurationMemberRdsDbSnapshot ¶

type ConfigurationMemberS3Bucket ¶

type ConfigurationMemberS3ExpressDirectoryBucket ¶

type ConfigurationMemberSecretsManagerSecret ¶

type ConfigurationMemberSnsTopic ¶

type ConfigurationMemberSqsQueue ¶

type ConflictException ¶

func (*ConflictException) Error ¶

func (*ConflictException) ErrorCode ¶

func (*ConflictException) ErrorFault ¶

func (*ConflictException) ErrorMessage ¶

type Criterion ¶

type DynamodbStreamConfiguration ¶

type DynamodbTableConfiguration ¶

type EbsSnapshotConfiguration ¶

type EcrRepositoryConfiguration ¶

type EfsFileSystemConfiguration ¶

type ExternalAccessDetails ¶

type ExternalAccessFindingsStatistics ¶

type Finding ¶

type FindingAggregationAccountDetails ¶

type FindingChangeType ¶

func (FindingChangeType) Values ¶

type FindingDetails ¶

type FindingDetailsMemberExternalAccessDetails ¶

type FindingDetailsMemberUnusedIamRoleDetails ¶