type AccessDeniedException struct {
	Message *string
	// contains filtered or unexported fields
}

type AccessPreview struct {

	// The ARN of the analyzer used to generate the access preview.
	//
	// This member is required.
	AnalyzerArn *string

	// A map of resource ARNs for the proposed resource configuration.
	//
	// This member is required.
	Configurations map[string]Configuration

	// The time at which the access preview was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The unique ID for the access preview.
	//
	// This member is required.
	Id *string

	// The status of the access preview.
	//
	// * Creating - The access preview creation is
	// in progress.
	//
	// * Completed - The access preview is complete. You can preview
	// findings for external access to the resource.
	//
	// * Failed - The access preview
	// creation has failed.
	//
	// This member is required.
	Status AccessPreviewStatus

	// Provides more details about the current status of the access preview. For
	// example, if the creation of the access preview fails, a Failed status is
	// returned. This failure can be due to an internal issue with the analysis or due
	// to an invalid resource configuration.
	StatusReason *AccessPreviewStatusReason
	// contains filtered or unexported fields
}

type AccessPreviewFinding struct {

	// Provides context on how the access preview finding compares to existing access
	// identified in IAM Access Analyzer.
	//
	// * New - The finding is for newly-introduced
	// access.
	//
	// * Unchanged - The preview finding is an existing finding that would
	// remain unchanged.
	//
	// * Changed - The preview finding is an existing finding with a
	// change in status.
	//
	// For example, a Changed finding with preview status Resolved
	// and existing status Active indicates the existing Active finding would become
	// Resolved as a result of the proposed permissions change.
	//
	// This member is required.
	ChangeType FindingChangeType

	// The time at which the access preview finding was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The ID of the access preview finding. This ID uniquely identifies the element in
	// the list of access preview findings and is not related to the finding ID in
	// Access Analyzer.
	//
	// This member is required.
	Id *string

	// The Amazon Web Services account ID that owns the resource. For most Amazon Web
	// Services resources, the owning account is the account in which the resource was
	// created.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource that can be accessed in the finding.
	//
	// This member is required.
	ResourceType ResourceType

	// The preview status of the finding. This is what the status of the finding would
	// be after permissions deployment. For example, a Changed finding with preview
	// status Resolved and existing status Active indicates the existing Active finding
	// would become Resolved as a result of the proposed permissions change.
	//
	// This member is required.
	Status FindingStatus

	// The action in the analyzed policy statement that an external principal has
	// permission to perform.
	Action []string

	// The condition in the analyzed policy statement that resulted in a finding.
	Condition map[string]string

	// An error.
	Error *string

	// The existing ID of the finding in IAM Access Analyzer, provided only for
	// existing findings.
	ExistingFindingId *string

	// The existing status of the finding, provided only for existing findings.
	ExistingFindingStatus FindingStatus

	// Indicates whether the policy that generated the finding allows public access to
	// the resource.
	IsPublic *bool

	// The external principal that has access to a resource within the zone of trust.
	Principal map[string]string

	// The resource that an external principal has access to. This is the resource
	// associated with the access preview.
	Resource *string

	// The sources of the finding. This indicates how the access that generated the
	// finding is granted. It is populated for Amazon S3 bucket findings.
	Sources []FindingSource
	// contains filtered or unexported fields
}

type AccessPreviewStatus string

const (
	AccessPreviewStatusCompleted AccessPreviewStatus = "COMPLETED"
	AccessPreviewStatusCreating  AccessPreviewStatus = "CREATING"
	AccessPreviewStatusFailed    AccessPreviewStatus = "FAILED"
)

type AccessPreviewStatusReason struct {

	// The reason code for the current status of the access preview.
	//
	// This member is required.
	Code AccessPreviewStatusReasonCode
	// contains filtered or unexported fields
}

type AccessPreviewStatusReasonCode string

const (
	AccessPreviewStatusReasonCodeInternalError        AccessPreviewStatusReasonCode = "INTERNAL_ERROR"
	AccessPreviewStatusReasonCodeInvalidConfiguration AccessPreviewStatusReasonCode = "INVALID_CONFIGURATION"
)

type AccessPreviewSummary struct {

	// The ARN of the analyzer used to generate the access preview.
	//
	// This member is required.
	AnalyzerArn *string

	// The time at which the access preview was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The unique ID for the access preview.
	//
	// This member is required.
	Id *string

	// The status of the access preview.
	//
	// * Creating - The access preview creation is
	// in progress.
	//
	// * Completed - The access preview is complete and previews the
	// findings for external access to the resource.
	//
	// * Failed - The access preview
	// creation has failed.
	//
	// This member is required.
	Status AccessPreviewStatus

	// Provides more details about the current status of the access preview. For
	// example, if the creation of the access preview fails, a Failed status is
	// returned. This failure can be due to an internal issue with the analysis or due
	// to an invalid proposed resource configuration.
	StatusReason *AccessPreviewStatusReason
	// contains filtered or unexported fields
}

type AclGrantee interface {
	// contains filtered or unexported methods
}

type AclGranteeMemberId struct {
	Value string
	// contains filtered or unexported fields
}

type AclGranteeMemberUri struct {
	Value string
	// contains filtered or unexported fields
}

type AclPermission string

const (
	AclPermissionRead        AclPermission = "READ"
	AclPermissionWrite       AclPermission = "WRITE"
	AclPermissionReadAcp     AclPermission = "READ_ACP"
	AclPermissionWriteAcp    AclPermission = "WRITE_ACP"
	AclPermissionFullControl AclPermission = "FULL_CONTROL"
)

type AnalyzedResource struct {

	// The time at which the resource was analyzed.
	//
	// This member is required.
	AnalyzedAt *time.Time

	// The time at which the finding was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// Indicates whether the policy that generated the finding grants public access to
	// the resource.
	//
	// This member is required.
	IsPublic *bool

	// The ARN of the resource that was analyzed.
	//
	// This member is required.
	ResourceArn *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource that was analyzed.
	//
	// This member is required.
	ResourceType ResourceType

	// The time at which the finding was updated.
	//
	// This member is required.
	UpdatedAt *time.Time

	// The actions that an external principal is granted permission to use by the
	// policy that generated the finding.
	Actions []string

	// An error message.
	Error *string

	// Indicates how the access that generated the finding is granted. This is
	// populated for Amazon S3 bucket findings.
	SharedVia []string

	// The current status of the finding generated from the analyzed resource.
	Status FindingStatus
	// contains filtered or unexported fields
}

type AnalyzedResourceSummary struct {

	// The ARN of the analyzed resource.
	//
	// This member is required.
	ResourceArn *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of resource that was analyzed.
	//
	// This member is required.
	ResourceType ResourceType
	// contains filtered or unexported fields
}

type AnalyzerStatus string

const (
	AnalyzerStatusActive   AnalyzerStatus = "ACTIVE"
	AnalyzerStatusCreating AnalyzerStatus = "CREATING"
	AnalyzerStatusDisabled AnalyzerStatus = "DISABLED"
	AnalyzerStatusFailed   AnalyzerStatus = "FAILED"
)

type AnalyzerSummary struct {

	// The ARN of the analyzer.
	//
	// This member is required.
	Arn *string

	// A timestamp for the time at which the analyzer was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The name of the analyzer.
	//
	// This member is required.
	Name *string

	// The status of the analyzer. An Active analyzer successfully monitors supported
	// resources and generates new findings. The analyzer is Disabled when a user
	// action, such as removing trusted access for Identity and Access Management
	// Access Analyzer from Organizations, causes the analyzer to stop generating new
	// findings. The status is Creating when the analyzer creation is in progress and
	// Failed when the analyzer creation has failed.
	//
	// This member is required.
	Status AnalyzerStatus

	// The type of analyzer, which corresponds to the zone of trust chosen for the
	// analyzer.
	//
	// This member is required.
	Type Type

	// The resource that was most recently analyzed by the analyzer.
	LastResourceAnalyzed *string

	// The time at which the most recently analyzed resource was analyzed.
	LastResourceAnalyzedAt *time.Time

	// The statusReason provides more details about the current status of the analyzer.
	// For example, if the creation for the analyzer fails, a Failed status is
	// returned. For an analyzer with organization as the type, this failure can be due
	// to an issue with creating the service-linked roles required in the member
	// accounts of the Amazon Web Services organization.
	StatusReason *StatusReason

	// The tags added to the analyzer.
	Tags map[string]string
	// contains filtered or unexported fields
}

type ArchiveRuleSummary struct {

	// The time at which the archive rule was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// A filter used to define the archive rule.
	//
	// This member is required.
	Filter map[string]Criterion

	// The name of the archive rule.
	//
	// This member is required.
	RuleName *string

	// The time at which the archive rule was last updated.
	//
	// This member is required.
	UpdatedAt *time.Time
	// contains filtered or unexported fields
}

type CloudTrailDetails struct {

	// The ARN of the service role that IAM Access Analyzer uses to access your
	// CloudTrail trail and service last accessed information.
	//
	// This member is required.
	AccessRole *string

	// The start of the time range for which IAM Access Analyzer reviews your
	// CloudTrail events. Events with a timestamp before this time are not considered
	// to generate a policy.
	//
	// This member is required.
	StartTime *time.Time

	// A Trail object that contains settings for a trail.
	//
	// This member is required.
	Trails []Trail

	// The end of the time range for which IAM Access Analyzer reviews your CloudTrail
	// events. Events with a timestamp after this time are not considered to generate a
	// policy. If this is not included in the request, the default value is the current
	// time.
	EndTime *time.Time
	// contains filtered or unexported fields
}

type CloudTrailProperties struct {

	// The end of the time range for which IAM Access Analyzer reviews your CloudTrail
	// events. Events with a timestamp after this time are not considered to generate a
	// policy. If this is not included in the request, the default value is the current
	// time.
	//
	// This member is required.
	EndTime *time.Time

	// The start of the time range for which IAM Access Analyzer reviews your
	// CloudTrail events. Events with a timestamp before this time are not considered
	// to generate a policy.
	//
	// This member is required.
	StartTime *time.Time

	// A TrailProperties object that contains settings for trail properties.
	//
	// This member is required.
	TrailProperties []TrailProperties
	// contains filtered or unexported fields
}

type Configuration interface {
	// contains filtered or unexported methods
}

type ConfigurationMemberIamRole struct {
	Value IamRoleConfiguration
	// contains filtered or unexported fields
}

type ConfigurationMemberKmsKey struct {
	Value KmsKeyConfiguration
	// contains filtered or unexported fields
}

type ConfigurationMemberS3Bucket struct {
	Value S3BucketConfiguration
	// contains filtered or unexported fields
}

type ConfigurationMemberSecretsManagerSecret struct {
	Value SecretsManagerSecretConfiguration
	// contains filtered or unexported fields
}

type ConfigurationMemberSqsQueue struct {
	Value SqsQueueConfiguration
	// contains filtered or unexported fields
}

type ConflictException struct {
	Message *string

	ResourceId   *string
	ResourceType *string
	// contains filtered or unexported fields
}

type Criterion struct {

	// A "contains" operator to match for the filter used to create the rule.
	Contains []string

	// An "equals" operator to match for the filter used to create the rule.
	Eq []string

	// An "exists" operator to match for the filter used to create the rule.
	Exists *bool

	// A "not equals" operator to match for the filter used to create the rule.
	Neq []string
	// contains filtered or unexported fields
}

type Finding struct {

	// The time at which the resource was analyzed.
	//
	// This member is required.
	AnalyzedAt *time.Time

	// The condition in the analyzed policy statement that resulted in a finding.
	//
	// This member is required.
	Condition map[string]string

	// The time at which the finding was generated.
	//
	// This member is required.
	CreatedAt *time.Time

	// The ID of the finding.
	//
	// This member is required.
	Id *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource identified in the finding.
	//
	// This member is required.
	ResourceType ResourceType

	// The current status of the finding.
	//
	// This member is required.
	Status FindingStatus

	// The time at which the finding was updated.
	//
	// This member is required.
	UpdatedAt *time.Time

	// The action in the analyzed policy statement that an external principal has
	// permission to use.
	Action []string

	// An error.
	Error *string

	// Indicates whether the policy that generated the finding allows public access to
	// the resource.
	IsPublic *bool

	// The external principal that access to a resource within the zone of trust.
	Principal map[string]string

	// The resource that an external principal has access to.
	Resource *string

	// The sources of the finding. This indicates how the access that generated the
	// finding is granted. It is populated for Amazon S3 bucket findings.
	Sources []FindingSource
	// contains filtered or unexported fields
}

type FindingChangeType string

const (
	FindingChangeTypeChanged   FindingChangeType = "CHANGED"
	FindingChangeTypeNew       FindingChangeType = "NEW"
	FindingChangeTypeUnchanged FindingChangeType = "UNCHANGED"
)

type FindingSource struct {

	// Indicates the type of access that generated the finding.
	//
	// This member is required.
	Type FindingSourceType

	// Includes details about how the access that generated the finding is granted.
	// This is populated for Amazon S3 bucket findings.
	Detail *FindingSourceDetail
	// contains filtered or unexported fields
}

type FindingSourceDetail struct {

	// The ARN of the access point that generated the finding. The ARN format depends
	// on whether the ARN represents an access point or a multi-region access point.
	AccessPointArn *string
	// contains filtered or unexported fields
}

type FindingSourceType string

const (
	FindingSourceTypePolicy        FindingSourceType = "POLICY"
	FindingSourceTypeBucketAcl     FindingSourceType = "BUCKET_ACL"
	FindingSourceTypeS3AccessPoint FindingSourceType = "S3_ACCESS_POINT"
)

type FindingStatus string

const (
	FindingStatusActive   FindingStatus = "ACTIVE"
	FindingStatusArchived FindingStatus = "ARCHIVED"
	FindingStatusResolved FindingStatus = "RESOLVED"
)

type FindingStatusUpdate string

const (
	FindingStatusUpdateActive   FindingStatusUpdate = "ACTIVE"
	FindingStatusUpdateArchived FindingStatusUpdate = "ARCHIVED"
)

type FindingSummary struct {

	// The time at which the resource-based policy that generated the finding was
	// analyzed.
	//
	// This member is required.
	AnalyzedAt *time.Time

	// The condition in the analyzed policy statement that resulted in a finding.
	//
	// This member is required.
	Condition map[string]string

	// The time at which the finding was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The ID of the finding.
	//
	// This member is required.
	Id *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource that the external principal has access to.
	//
	// This member is required.
	ResourceType ResourceType

	// The status of the finding.
	//
	// This member is required.
	Status FindingStatus

	// The time at which the finding was most recently updated.
	//
	// This member is required.
	UpdatedAt *time.Time

	// The action in the analyzed policy statement that an external principal has
	// permission to use.
	Action []string

	// The error that resulted in an Error finding.
	Error *string

	// Indicates whether the finding reports a resource that has a policy that allows
	// public access.
	IsPublic *bool

	// The external principal that has access to a resource within the zone of trust.
	Principal map[string]string

	// The resource that the external principal has access to.
	Resource *string

	// The sources of the finding. This indicates how the access that generated the
	// finding is granted. It is populated for Amazon S3 bucket findings.
	Sources []FindingSource
	// contains filtered or unexported fields
}

type GeneratedPolicy struct {

	// The text to use as the content for the new policy. The policy is created using
	// the CreatePolicy
	// (https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html)
	// action.
	//
	// This member is required.
	Policy *string
	// contains filtered or unexported fields
}

type GeneratedPolicyProperties struct {

	// The ARN of the IAM entity (user or role) for which you are generating a policy.
	//
	// This member is required.
	PrincipalArn *string

	// Lists details about the Trail used to generated policy.
	CloudTrailProperties *CloudTrailProperties

	// This value is set to true if the generated policy contains all possible actions
	// for a service that IAM Access Analyzer identified from the CloudTrail trail that
	// you specified, and false otherwise.
	IsComplete *bool
	// contains filtered or unexported fields
}

type GeneratedPolicyResult struct {

	// A GeneratedPolicyProperties object that contains properties of the generated
	// policy.
	//
	// This member is required.
	Properties *GeneratedPolicyProperties

	// The text to use as the content for the new policy. The policy is created using
	// the CreatePolicy
	// (https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html)
	// action.
	GeneratedPolicies []GeneratedPolicy
	// contains filtered or unexported fields
}

type IamRoleConfiguration struct {

	// The proposed trust policy for the IAM role.
	TrustPolicy *string
	// contains filtered or unexported fields
}

type InlineArchiveRule struct {

	// The condition and values for a criterion.
	//
	// This member is required.
	Filter map[string]Criterion

	// The name of the rule.
	//
	// This member is required.
	RuleName *string
	// contains filtered or unexported fields
}

type InternalServerException struct {
	Message *string

	RetryAfterSeconds *int32
	// contains filtered or unexported fields
}

type InternetConfiguration struct {
	// contains filtered or unexported fields
}

type JobDetails struct {

	// The JobId that is returned by the StartPolicyGeneration operation. The JobId can
	// be used with GetGeneratedPolicy to retrieve the generated policies or used with
	// CancelPolicyGeneration to cancel the policy generation request.
	//
	// This member is required.
	JobId *string

	// A timestamp of when the job was started.
	//
	// This member is required.
	StartedOn *time.Time

	// The status of the job request.
	//
	// This member is required.
	Status JobStatus

	// A timestamp of when the job was completed.
	CompletedOn *time.Time

	// The job error for the policy generation request.
	JobError *JobError
	// contains filtered or unexported fields
}

type JobError struct {

	// The job error code.
	//
	// This member is required.
	Code JobErrorCode

	// Specific information about the error. For example, which service quota was
	// exceeded or which resource was not found.
	//
	// This member is required.
	Message *string
	// contains filtered or unexported fields
}

type JobErrorCode string

const (
	JobErrorCodeAuthorizationError        JobErrorCode = "AUTHORIZATION_ERROR"
	JobErrorCodeResourceNotFoundError     JobErrorCode = "RESOURCE_NOT_FOUND_ERROR"
	JobErrorCodeServiceQuotaExceededError JobErrorCode = "SERVICE_QUOTA_EXCEEDED_ERROR"
	JobErrorCodeServiceError              JobErrorCode = "SERVICE_ERROR"
)

type JobStatus string

const (
	JobStatusInProgress JobStatus = "IN_PROGRESS"
	JobStatusSucceeded  JobStatus = "SUCCEEDED"
	JobStatusFailed     JobStatus = "FAILED"
	JobStatusCanceled   JobStatus = "CANCELED"
)

type KmsGrantConfiguration struct {

	// The principal that is given permission to perform the operations that the grant
	// permits.
	//
	// This member is required.
	GranteePrincipal *string

	// The Amazon Web Services account under which the grant was issued. The account is
	// used to propose KMS grants issued by accounts other than the owner of the key.
	//
	// This member is required.
	IssuingAccount *string

	// A list of operations that the grant permits.
	//
	// This member is required.
	Operations []KmsGrantOperation

	// Use this structure to propose allowing cryptographic operations
	// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations)
	// in the grant only when the operation request includes the specified encryption
	// context
	// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context).
	Constraints *KmsGrantConstraints

	// The principal that is given permission to retire the grant by using RetireGrant
	// (https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html)
	// operation.
	RetiringPrincipal *string
	// contains filtered or unexported fields
}

type KmsGrantConstraints struct {

	// A list of key-value pairs that must match the encryption context in the
	// cryptographic operation
	// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations)
	// request. The grant allows the operation only when the encryption context in the
	// request is the same as the encryption context specified in this constraint.
	EncryptionContextEquals map[string]string

	// A list of key-value pairs that must be included in the encryption context of the
	// cryptographic operation
	// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations)
	// request. The grant allows the cryptographic operation only when the encryption
	// context in the request includes the key-value pairs specified in this
	// constraint, although it can include additional key-value pairs.
	EncryptionContextSubset map[string]string
	// contains filtered or unexported fields
}

type KmsGrantOperation string

const (
	KmsGrantOperationCreateGrant                         KmsGrantOperation = "CreateGrant"
	KmsGrantOperationDecrypt                             KmsGrantOperation = "Decrypt"
	KmsGrantOperationDescribeKey                         KmsGrantOperation = "DescribeKey"
	KmsGrantOperationEncrypt                             KmsGrantOperation = "Encrypt"
	KmsGrantOperationGenerateDataKey                     KmsGrantOperation = "GenerateDataKey"
	KmsGrantOperationGenerateDataKeyPair                 KmsGrantOperation = "GenerateDataKeyPair"
	KmsGrantOperationGenerateDataKeyPairWithoutPlaintext KmsGrantOperation = "GenerateDataKeyPairWithoutPlaintext"
	KmsGrantOperationGenerateDataKeyWithoutPlaintext     KmsGrantOperation = "GenerateDataKeyWithoutPlaintext"
	KmsGrantOperationGetPublicKey                        KmsGrantOperation = "GetPublicKey"
	KmsGrantOperationReencryptFrom                       KmsGrantOperation = "ReEncryptFrom"
	KmsGrantOperationReencryptTo                         KmsGrantOperation = "ReEncryptTo"
	KmsGrantOperationRetireGrant                         KmsGrantOperation = "RetireGrant"
	KmsGrantOperationSign                                KmsGrantOperation = "Sign"
	KmsGrantOperationVerify                              KmsGrantOperation = "Verify"
)

type KmsKeyConfiguration struct {

	// A list of proposed grant configurations for the KMS key. If the proposed grant
	// configuration is for an existing key, the access preview uses the proposed list
	// of grant configurations in place of the existing grants. Otherwise, the access
	// preview uses the existing grants for the key.
	Grants []KmsGrantConfiguration

	// Resource policy configuration for the KMS key. The only valid value for the name
	// of the key policy is default. For more information, see Default key policy
	// (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default).
	KeyPolicies map[string]string
	// contains filtered or unexported fields
}

type Locale string

const (
	LocaleDe   Locale = "DE"
	LocaleEn   Locale = "EN"
	LocaleEs   Locale = "ES"
	LocaleFr   Locale = "FR"
	LocaleIt   Locale = "IT"
	LocaleJa   Locale = "JA"
	LocaleKo   Locale = "KO"
	LocalePtBr Locale = "PT_BR"
	LocaleZhCn Locale = "ZH_CN"
	LocaleZhTw Locale = "ZH_TW"
)

type Location struct {

	// A path in a policy, represented as a sequence of path elements.
	//
	// This member is required.
	Path []PathElement

	// A span in a policy.
	//
	// This member is required.
	Span *Span
	// contains filtered or unexported fields
}

type NetworkOriginConfiguration interface {
	// contains filtered or unexported methods
}

type NetworkOriginConfigurationMemberInternetConfiguration struct {
	Value InternetConfiguration
	// contains filtered or unexported fields
}

type NetworkOriginConfigurationMemberVpcConfiguration struct {
	Value VpcConfiguration
	// contains filtered or unexported fields
}

type OrderBy string

const (
	OrderByAsc  OrderBy = "ASC"
	OrderByDesc OrderBy = "DESC"
)

type PathElement interface {
	// contains filtered or unexported methods
}

type PathElementMemberIndex struct {
	Value int32
	// contains filtered or unexported fields
}

type PathElementMemberKey struct {
	Value string
	// contains filtered or unexported fields
}

type PathElementMemberSubstring struct {
	Value Substring
	// contains filtered or unexported fields
}

type PathElementMemberValue struct {
	Value string
	// contains filtered or unexported fields
}

type PolicyGeneration struct {

	// The JobId that is returned by the StartPolicyGeneration operation. The JobId can
	// be used with GetGeneratedPolicy to retrieve the generated policies or used with
	// CancelPolicyGeneration to cancel the policy generation request.
	//
	// This member is required.
	JobId *string

	// The ARN of the IAM entity (user or role) for which you are generating a policy.
	//
	// This member is required.
	PrincipalArn *string

	// A timestamp of when the policy generation started.
	//
	// This member is required.
	StartedOn *time.Time

	// The status of the policy generation request.
	//
	// This member is required.
	Status JobStatus

	// A timestamp of when the policy generation was completed.
	CompletedOn *time.Time
	// contains filtered or unexported fields
}

type PolicyGenerationDetails struct {

	// The ARN of the IAM entity (user or role) for which you are generating a policy.
	//
	// This member is required.
	PrincipalArn *string
	// contains filtered or unexported fields
}

type PolicyType string

const (
	PolicyTypeIdentityPolicy       PolicyType = "IDENTITY_POLICY"
	PolicyTypeResourcePolicy       PolicyType = "RESOURCE_POLICY"
	PolicyTypeServiceControlPolicy PolicyType = "SERVICE_CONTROL_POLICY"
)

type Position struct {

	// The column of the position, starting from 0.
	//
	// This member is required.
	Column *int32

	// The line of the position, starting from 1.
	//
	// This member is required.
	Line *int32

	// The offset within the policy that corresponds to the position, starting from 0.
	//
	// This member is required.
	Offset *int32
	// contains filtered or unexported fields
}

type ReasonCode string

const (
	ReasonCodeAwsServiceAccessDisabled           ReasonCode = "AWS_SERVICE_ACCESS_DISABLED"
	ReasonCodeDelegatedAdministratorDeregistered ReasonCode = "DELEGATED_ADMINISTRATOR_DEREGISTERED"
	ReasonCodeOrganizationDeleted                ReasonCode = "ORGANIZATION_DELETED"
	ReasonCodeServiceLinkedRoleCreationFailed    ReasonCode = "SERVICE_LINKED_ROLE_CREATION_FAILED"
)

type ResourceNotFoundException struct {
	Message *string

	ResourceId   *string
	ResourceType *string
	// contains filtered or unexported fields
}

type ResourceType string

const (
	ResourceTypeAwsS3Bucket             ResourceType = "AWS::S3::Bucket"
	ResourceTypeAwsIamRole              ResourceType = "AWS::IAM::Role"
	ResourceTypeAwsSqsQueue             ResourceType = "AWS::SQS::Queue"
	ResourceTypeAwsLambdaFunction       ResourceType = "AWS::Lambda::Function"
	ResourceTypeAwsLambdaLayerversion   ResourceType = "AWS::Lambda::LayerVersion"
	ResourceTypeAwsKmsKey               ResourceType = "AWS::KMS::Key"
	ResourceTypeAwsSecretsmanagerSecret ResourceType = "AWS::SecretsManager::Secret"
)

type S3AccessPointConfiguration struct {

	// The access point or multi-region access point policy.
	AccessPointPolicy *string

	// The proposed Internet and VpcConfiguration to apply to this Amazon S3 access
	// point. VpcConfiguration does not apply to multi-region access points. If the
	// access preview is for a new resource and neither is specified, the access
	// preview uses Internet for the network origin. If the access preview is for an
	// existing resource and neither is specified, the access preview uses the exiting
	// network origin.
	NetworkOrigin NetworkOriginConfiguration

	// The proposed S3PublicAccessBlock configuration to apply to this Amazon S3 access
	// point or multi-region access point.
	PublicAccessBlock *S3PublicAccessBlockConfiguration
	// contains filtered or unexported fields
}

type S3BucketAclGrantConfiguration struct {

	// The grantee to whom you’re assigning access rights.
	//
	// This member is required.
	Grantee AclGrantee

	// The permissions being granted.
	//
	// This member is required.
	Permission AclPermission
	// contains filtered or unexported fields
}

type S3BucketConfiguration struct {

	// The configuration of Amazon S3 access points or multi-region access points for
	// the bucket. You can propose up to 10 new access points per bucket.
	AccessPoints map[string]S3AccessPointConfiguration

	// The proposed list of ACL grants for the Amazon S3 bucket. You can propose up to
	// 100 ACL grants per bucket. If the proposed grant configuration is for an
	// existing bucket, the access preview uses the proposed list of grant
	// configurations in place of the existing grants. Otherwise, the access preview
	// uses the existing grants for the bucket.
	BucketAclGrants []S3BucketAclGrantConfiguration

	// The proposed bucket policy for the Amazon S3 bucket.
	BucketPolicy *string

	// The proposed block public access configuration for the Amazon S3 bucket.
	BucketPublicAccessBlock *S3PublicAccessBlockConfiguration
	// contains filtered or unexported fields
}

type S3PublicAccessBlockConfiguration struct {

	// Specifies whether Amazon S3 should ignore public ACLs for this bucket and
	// objects in this bucket.
	//
	// This member is required.
	IgnorePublicAcls *bool

	// Specifies whether Amazon S3 should restrict public bucket policies for this
	// bucket.
	//
	// This member is required.
	RestrictPublicBuckets *bool
	// contains filtered or unexported fields
}

type SecretsManagerSecretConfiguration struct {

	// The proposed ARN, key ID, or alias of the KMS key.
	KmsKeyId *string

	// The proposed resource policy defining who can access or manage the secret.
	SecretPolicy *string
	// contains filtered or unexported fields
}

type ServiceQuotaExceededException struct {
	Message *string

	ResourceId   *string
	ResourceType *string
	// contains filtered or unexported fields
}

type SortCriteria struct {

	// The name of the attribute to sort on.
	AttributeName *string

	// The sort order, ascending or descending.
	OrderBy OrderBy
	// contains filtered or unexported fields
}

type Span struct {

	// The end position of the span (exclusive).
	//
	// This member is required.
	End *Position

	// The start position of the span (inclusive).
	//
	// This member is required.
	Start *Position
	// contains filtered or unexported fields
}

type SqsQueueConfiguration struct {

	// The proposed resource policy for the Amazon SQS queue.
	QueuePolicy *string
	// contains filtered or unexported fields
}

type StatusReason struct {

	// The reason code for the current status of the analyzer.
	//
	// This member is required.
	Code ReasonCode
	// contains filtered or unexported fields
}

type Substring struct {

	// The length of the substring.
	//
	// This member is required.
	Length *int32

	// The start index of the substring, starting from 0.
	//
	// This member is required.
	Start *int32
	// contains filtered or unexported fields
}

type ThrottlingException struct {
	Message *string

	RetryAfterSeconds *int32
	// contains filtered or unexported fields
}

type Trail struct {

	// Specifies the ARN of the trail. The format of a trail ARN is
	// arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail.
	//
	// This member is required.
	CloudTrailArn *string

	// Possible values are true or false. If set to true, IAM Access Analyzer retrieves
	// CloudTrail data from all regions to analyze and generate a policy.
	AllRegions *bool

	// A list of regions to get CloudTrail data from and analyze to generate a policy.
	Regions []string
	// contains filtered or unexported fields
}

type TrailProperties struct {

	// Specifies the ARN of the trail. The format of a trail ARN is
	// arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail.
	//
	// This member is required.
	CloudTrailArn *string

	// Possible values are true or false. If set to true, IAM Access Analyzer retrieves
	// CloudTrail data from all regions to analyze and generate a policy.
	AllRegions *bool

	// A list of regions to get CloudTrail data from and analyze to generate a policy.
	Regions []string
	// contains filtered or unexported fields
}

type Type string

const (
	TypeAccount      Type = "ACCOUNT"
	TypeOrganization Type = "ORGANIZATION"
)

type UnknownUnionMember struct {
	Tag   string
	Value []byte
	// contains filtered or unexported fields
}

type ValidatePolicyFinding struct {

	// A localized message that explains the finding and provides guidance on how to
	// address it.
	//
	// This member is required.
	FindingDetails *string

	// The impact of the finding. Security warnings report when the policy allows
	// access that we consider overly permissive. Errors report when a part of the
	// policy is not functional. Warnings report non-security issues when a policy does
	// not conform to policy writing best practices. Suggestions recommend stylistic
	// improvements in the policy that do not impact access.
	//
	// This member is required.
	FindingType ValidatePolicyFindingType

	// The issue code provides an identifier of the issue associated with this finding.
	//
	// This member is required.
	IssueCode *string

	// A link to additional documentation about the type of finding.
	//
	// This member is required.
	LearnMoreLink *string

	// The list of locations in the policy document that are related to the finding.
	// The issue code provides a summary of an issue identified by the finding.
	//
	// This member is required.
	Locations []Location
	// contains filtered or unexported fields
}

type ValidatePolicyFindingType string

const (
	ValidatePolicyFindingTypeError           ValidatePolicyFindingType = "ERROR"
	ValidatePolicyFindingTypeSecurityWarning ValidatePolicyFindingType = "SECURITY_WARNING"
	ValidatePolicyFindingTypeSuggestion      ValidatePolicyFindingType = "SUGGESTION"
	ValidatePolicyFindingTypeWarning         ValidatePolicyFindingType = "WARNING"
)

type ValidatePolicyResourceType string

const (
	ValidatePolicyResourceTypeS3Bucket                  ValidatePolicyResourceType = "AWS::S3::Bucket"
	ValidatePolicyResourceTypeS3AccessPoint             ValidatePolicyResourceType = "AWS::S3::AccessPoint"
	ValidatePolicyResourceTypeS3MultiRegionAccessPoint  ValidatePolicyResourceType = "AWS::S3::MultiRegionAccessPoint"
	ValidatePolicyResourceTypeS3ObjectLambdaAccessPoint ValidatePolicyResourceType = "AWS::S3ObjectLambda::AccessPoint"
)

type ValidationException struct {
	Message *string

	Reason    ValidationExceptionReason
	FieldList []ValidationExceptionField
	// contains filtered or unexported fields
}

type ValidationExceptionField struct {

	// A message about the validation exception.
	//
	// This member is required.
	Message *string

	// The name of the validation exception.
	//
	// This member is required.
	Name *string
	// contains filtered or unexported fields
}

type ValidationExceptionReason string

const (
	ValidationExceptionReasonUnknownOperation      ValidationExceptionReason = "unknownOperation"
	ValidationExceptionReasonCannotParse           ValidationExceptionReason = "cannotParse"
	ValidationExceptionReasonFieldValidationFailed ValidationExceptionReason = "fieldValidationFailed"
	ValidationExceptionReasonOther                 ValidationExceptionReason = "other"
)

type VpcConfiguration struct {

	// If this field is specified, this access point will only allow connections from
	// the specified VPC ID.
	//
	// This member is required.
	VpcId *string
	// contains filtered or unexported fields
}