package types

import "github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"

Index

Examples

Types

type AccessDeniedException 

type AccessDeniedException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

You do not have sufficient access to perform this action.

func (*AccessDeniedException) Error 

func (e *AccessDeniedException) Error() string

func (*AccessDeniedException) ErrorCode 

func (e *AccessDeniedException) ErrorCode() string

func (*AccessDeniedException) ErrorFault 

func (e *AccessDeniedException) ErrorFault() smithy.ErrorFault

func (*AccessDeniedException) ErrorMessage 

func (e *AccessDeniedException) ErrorMessage() string

type AccessPreview 

type AccessPreview struct {

	// The ARN of the analyzer used to generate the access preview.
	//
	// This member is required.
	AnalyzerArn *string

	// A map of resource ARNs for the proposed resource configuration.
	//
	// This member is required.
	Configurations map[string]Configuration

	// The time at which the access preview was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The unique ID for the access preview.
	//
	// This member is required.
	Id *string

	// The status of the access preview.
	//   - Creating - The access preview creation is in progress.
	//   - Completed - The access preview is complete. You can preview findings for
	//   external access to the resource.
	//   - Failed - The access preview creation has failed.
	//
	// This member is required.
	Status AccessPreviewStatus

	// Provides more details about the current status of the access preview. For
	// example, if the creation of the access preview fails, a Failed status is
	// returned. This failure can be due to an internal issue with the analysis or due
	// to an invalid resource configuration.
	StatusReason *AccessPreviewStatusReason
	// contains filtered or unexported fields
}

Contains information about an access preview.

type AccessPreviewFinding 

type AccessPreviewFinding struct {

	// Provides context on how the access preview finding compares to existing access
	// identified in IAM Access Analyzer.
	//   - New - The finding is for newly-introduced access.
	//   - Unchanged - The preview finding is an existing finding that would remain
	//   unchanged.
	//   - Changed - The preview finding is an existing finding with a change in
	//   status.
	// For example, a Changed finding with preview status Resolved and existing status
	// Active indicates the existing Active finding would become Resolved as a result
	// of the proposed permissions change.
	//
	// This member is required.
	ChangeType FindingChangeType

	// The time at which the access preview finding was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The ID of the access preview finding. This ID uniquely identifies the element
	// in the list of access preview findings and is not related to the finding ID in
	// Access Analyzer.
	//
	// This member is required.
	Id *string

	// The Amazon Web Services account ID that owns the resource. For most Amazon Web
	// Services resources, the owning account is the account in which the resource was
	// created.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource that can be accessed in the finding.
	//
	// This member is required.
	ResourceType ResourceType

	// The preview status of the finding. This is what the status of the finding would
	// be after permissions deployment. For example, a Changed finding with preview
	// status Resolved and existing status Active indicates the existing Active
	// finding would become Resolved as a result of the proposed permissions change.
	//
	// This member is required.
	Status FindingStatus

	// The action in the analyzed policy statement that an external principal has
	// permission to perform.
	Action []string

	// The condition in the analyzed policy statement that resulted in a finding.
	Condition map[string]string

	// An error.
	Error *string

	// The existing ID of the finding in IAM Access Analyzer, provided only for
	// existing findings.
	ExistingFindingId *string

	// The existing status of the finding, provided only for existing findings.
	ExistingFindingStatus FindingStatus

	// Indicates whether the policy that generated the finding allows public access to
	// the resource.
	IsPublic *bool

	// The external principal that has access to a resource within the zone of trust.
	Principal map[string]string

	// The resource that an external principal has access to. This is the resource
	// associated with the access preview.
	Resource *string

	// The sources of the finding. This indicates how the access that generated the
	// finding is granted. It is populated for Amazon S3 bucket findings.
	Sources []FindingSource
	// contains filtered or unexported fields
}

An access preview finding generated by the access preview.

type AccessPreviewStatus 

type AccessPreviewStatus string
const (
	AccessPreviewStatusCompleted AccessPreviewStatus = "COMPLETED"
	AccessPreviewStatusCreating  AccessPreviewStatus = "CREATING"
	AccessPreviewStatusFailed    AccessPreviewStatus = "FAILED"
)

Enum values for AccessPreviewStatus

func (AccessPreviewStatus) Values 

func (AccessPreviewStatus) Values() []AccessPreviewStatus

Values returns all known values for AccessPreviewStatus. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type AccessPreviewStatusReason 

type AccessPreviewStatusReason struct {

	// The reason code for the current status of the access preview.
	//
	// This member is required.
	Code AccessPreviewStatusReasonCode
	// contains filtered or unexported fields
}

Provides more details about the current status of the access preview. For example, if the creation of the access preview fails, a Failed status is returned. This failure can be due to an internal issue with the analysis or due to an invalid proposed resource configuration.

type AccessPreviewStatusReasonCode 

type AccessPreviewStatusReasonCode string
const (
	AccessPreviewStatusReasonCodeInternalError        AccessPreviewStatusReasonCode = "INTERNAL_ERROR"
	AccessPreviewStatusReasonCodeInvalidConfiguration AccessPreviewStatusReasonCode = "INVALID_CONFIGURATION"
)

Enum values for AccessPreviewStatusReasonCode

func (AccessPreviewStatusReasonCode) Values 

func (AccessPreviewStatusReasonCode) Values() []AccessPreviewStatusReasonCode

Values returns all known values for AccessPreviewStatusReasonCode. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type AccessPreviewSummary 

type AccessPreviewSummary struct {

	// The ARN of the analyzer used to generate the access preview.
	//
	// This member is required.
	AnalyzerArn *string

	// The time at which the access preview was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The unique ID for the access preview.
	//
	// This member is required.
	Id *string

	// The status of the access preview.
	//   - Creating - The access preview creation is in progress.
	//   - Completed - The access preview is complete and previews the findings for
	//   external access to the resource.
	//   - Failed - The access preview creation has failed.
	//
	// This member is required.
	Status AccessPreviewStatus

	// Provides more details about the current status of the access preview. For
	// example, if the creation of the access preview fails, a Failed status is
	// returned. This failure can be due to an internal issue with the analysis or due
	// to an invalid proposed resource configuration.
	StatusReason *AccessPreviewStatusReason
	// contains filtered or unexported fields
}

Contains a summary of information about an access preview.

type AclGrantee 

type AclGrantee interface {
	// contains filtered or unexported methods
}

You specify each grantee as a type-value pair using one of these types. You can specify only one type of grantee. For more information, see PutBucketAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html) .

The following types satisfy this interface: 

AclGranteeMemberId
AclGranteeMemberUri
Example (OutputUsage)

Code:play  

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.AclGrantee
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.AclGranteeMemberId:
		_ = v.Value // Value is string

	case *types.AclGranteeMemberUri:
		_ = v.Value // Value is string

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type AclGranteeMemberId 

type AclGranteeMemberId struct {
	Value string
	// contains filtered or unexported fields
}

The value specified is the canonical user ID of an Amazon Web Services account.

type AclGranteeMemberUri 

type AclGranteeMemberUri struct {
	Value string
	// contains filtered or unexported fields
}

Used for granting permissions to a predefined group.

type AclPermission 

type AclPermission string
const (
	AclPermissionRead        AclPermission = "READ"
	AclPermissionWrite       AclPermission = "WRITE"
	AclPermissionReadAcp     AclPermission = "READ_ACP"
	AclPermissionWriteAcp    AclPermission = "WRITE_ACP"
	AclPermissionFullControl AclPermission = "FULL_CONTROL"
)

Enum values for AclPermission

func (AclPermission) Values 

func (AclPermission) Values() []AclPermission

Values returns all known values for AclPermission. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type AnalyzedResource 

type AnalyzedResource struct {

	// The time at which the resource was analyzed.
	//
	// This member is required.
	AnalyzedAt *time.Time

	// The time at which the finding was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// Indicates whether the policy that generated the finding grants public access to
	// the resource.
	//
	// This member is required.
	IsPublic *bool

	// The ARN of the resource that was analyzed.
	//
	// This member is required.
	ResourceArn *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource that was analyzed.
	//
	// This member is required.
	ResourceType ResourceType

	// The time at which the finding was updated.
	//
	// This member is required.
	UpdatedAt *time.Time

	// The actions that an external principal is granted permission to use by the
	// policy that generated the finding.
	Actions []string

	// An error message.
	Error *string

	// Indicates how the access that generated the finding is granted. This is
	// populated for Amazon S3 bucket findings.
	SharedVia []string

	// The current status of the finding generated from the analyzed resource.
	Status FindingStatus
	// contains filtered or unexported fields
}

Contains details about the analyzed resource.

type AnalyzedResourceSummary 

type AnalyzedResourceSummary struct {

	// The ARN of the analyzed resource.
	//
	// This member is required.
	ResourceArn *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of resource that was analyzed.
	//
	// This member is required.
	ResourceType ResourceType
	// contains filtered or unexported fields
}

Contains the ARN of the analyzed resource.

type AnalyzerStatus 

type AnalyzerStatus string
const (
	AnalyzerStatusActive   AnalyzerStatus = "ACTIVE"
	AnalyzerStatusCreating AnalyzerStatus = "CREATING"
	AnalyzerStatusDisabled AnalyzerStatus = "DISABLED"
	AnalyzerStatusFailed   AnalyzerStatus = "FAILED"
)

Enum values for AnalyzerStatus

func (AnalyzerStatus) Values 

func (AnalyzerStatus) Values() []AnalyzerStatus

Values returns all known values for AnalyzerStatus. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type AnalyzerSummary 

type AnalyzerSummary struct {

	// The ARN of the analyzer.
	//
	// This member is required.
	Arn *string

	// A timestamp for the time at which the analyzer was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The name of the analyzer.
	//
	// This member is required.
	Name *string

	// The status of the analyzer. An Active analyzer successfully monitors supported
	// resources and generates new findings. The analyzer is Disabled when a user
	// action, such as removing trusted access for Identity and Access Management
	// Access Analyzer from Organizations, causes the analyzer to stop generating new
	// findings. The status is Creating when the analyzer creation is in progress and
	// Failed when the analyzer creation has failed.
	//
	// This member is required.
	Status AnalyzerStatus

	// The type of analyzer, which corresponds to the zone of trust chosen for the
	// analyzer.
	//
	// This member is required.
	Type Type

	// The resource that was most recently analyzed by the analyzer.
	LastResourceAnalyzed *string

	// The time at which the most recently analyzed resource was analyzed.
	LastResourceAnalyzedAt *time.Time

	// The statusReason provides more details about the current status of the
	// analyzer. For example, if the creation for the analyzer fails, a Failed status
	// is returned. For an analyzer with organization as the type, this failure can be
	// due to an issue with creating the service-linked roles required in the member
	// accounts of the Amazon Web Services organization.
	StatusReason *StatusReason

	// The tags added to the analyzer.
	Tags map[string]string
	// contains filtered or unexported fields
}

Contains information about the analyzer.

type ArchiveRuleSummary 

type ArchiveRuleSummary struct {

	// The time at which the archive rule was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// A filter used to define the archive rule.
	//
	// This member is required.
	Filter map[string]Criterion

	// The name of the archive rule.
	//
	// This member is required.
	RuleName *string

	// The time at which the archive rule was last updated.
	//
	// This member is required.
	UpdatedAt *time.Time
	// contains filtered or unexported fields
}

Contains information about an archive rule.

type CloudTrailDetails 

type CloudTrailDetails struct {

	// The ARN of the service role that IAM Access Analyzer uses to access your
	// CloudTrail trail and service last accessed information.
	//
	// This member is required.
	AccessRole *string

	// The start of the time range for which IAM Access Analyzer reviews your
	// CloudTrail events. Events with a timestamp before this time are not considered
	// to generate a policy.
	//
	// This member is required.
	StartTime *time.Time

	// A Trail object that contains settings for a trail.
	//
	// This member is required.
	Trails []Trail

	// The end of the time range for which IAM Access Analyzer reviews your CloudTrail
	// events. Events with a timestamp after this time are not considered to generate a
	// policy. If this is not included in the request, the default value is the current
	// time.
	EndTime *time.Time
	// contains filtered or unexported fields
}

Contains information about CloudTrail access.

type CloudTrailProperties 

type CloudTrailProperties struct {

	// The end of the time range for which IAM Access Analyzer reviews your CloudTrail
	// events. Events with a timestamp after this time are not considered to generate a
	// policy. If this is not included in the request, the default value is the current
	// time.
	//
	// This member is required.
	EndTime *time.Time

	// The start of the time range for which IAM Access Analyzer reviews your
	// CloudTrail events. Events with a timestamp before this time are not considered
	// to generate a policy.
	//
	// This member is required.
	StartTime *time.Time

	// A TrailProperties object that contains settings for trail properties.
	//
	// This member is required.
	TrailProperties []TrailProperties
	// contains filtered or unexported fields
}

Contains information about CloudTrail access.

type Configuration 

type Configuration interface {
	// contains filtered or unexported methods
}

Access control configuration structures for your resource. You specify the configuration as a type-value pair. You can specify only one type of access control configuration.

The following types satisfy this interface: 

ConfigurationMemberEbsSnapshot
ConfigurationMemberEcrRepository
ConfigurationMemberEfsFileSystem
ConfigurationMemberIamRole
ConfigurationMemberKmsKey
ConfigurationMemberRdsDbClusterSnapshot
ConfigurationMemberRdsDbSnapshot
ConfigurationMemberS3Bucket
ConfigurationMemberSecretsManagerSecret
ConfigurationMemberSnsTopic
ConfigurationMemberSqsQueue
Example (OutputUsage)

Code:play  

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.Configuration
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.ConfigurationMemberEbsSnapshot:
		_ = v.Value // Value is types.EbsSnapshotConfiguration

	case *types.ConfigurationMemberEcrRepository:
		_ = v.Value // Value is types.EcrRepositoryConfiguration

	case *types.ConfigurationMemberEfsFileSystem:
		_ = v.Value // Value is types.EfsFileSystemConfiguration

	case *types.ConfigurationMemberIamRole:
		_ = v.Value // Value is types.IamRoleConfiguration

	case *types.ConfigurationMemberKmsKey:
		_ = v.Value // Value is types.KmsKeyConfiguration

	case *types.ConfigurationMemberRdsDbClusterSnapshot:
		_ = v.Value // Value is types.RdsDbClusterSnapshotConfiguration

	case *types.ConfigurationMemberRdsDbSnapshot:
		_ = v.Value // Value is types.RdsDbSnapshotConfiguration

	case *types.ConfigurationMemberS3Bucket:
		_ = v.Value // Value is types.S3BucketConfiguration

	case *types.ConfigurationMemberSecretsManagerSecret:
		_ = v.Value // Value is types.SecretsManagerSecretConfiguration

	case *types.ConfigurationMemberSnsTopic:
		_ = v.Value // Value is types.SnsTopicConfiguration

	case *types.ConfigurationMemberSqsQueue:
		_ = v.Value // Value is types.SqsQueueConfiguration

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type ConfigurationMemberEbsSnapshot 

type ConfigurationMemberEbsSnapshot struct {
	Value EbsSnapshotConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon EBS volume snapshot.

type ConfigurationMemberEcrRepository 

type ConfigurationMemberEcrRepository struct {
	Value EcrRepositoryConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon ECR repository.

type ConfigurationMemberEfsFileSystem 

type ConfigurationMemberEfsFileSystem struct {
	Value EfsFileSystemConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon EFS file system.

type ConfigurationMemberIamRole 

type ConfigurationMemberIamRole struct {
	Value IamRoleConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an IAM role.

type ConfigurationMemberKmsKey 

type ConfigurationMemberKmsKey struct {
	Value KmsKeyConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for a KMS key.

type ConfigurationMemberRdsDbClusterSnapshot 

type ConfigurationMemberRdsDbClusterSnapshot struct {
	Value RdsDbClusterSnapshotConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon RDS DB cluster snapshot.

type ConfigurationMemberRdsDbSnapshot 

type ConfigurationMemberRdsDbSnapshot struct {
	Value RdsDbSnapshotConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon RDS DB snapshot.

type ConfigurationMemberS3Bucket 

type ConfigurationMemberS3Bucket struct {
	Value S3BucketConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon S3 Bucket.

type ConfigurationMemberSecretsManagerSecret 

type ConfigurationMemberSecretsManagerSecret struct {
	Value SecretsManagerSecretConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for a Secrets Manager secret.

type ConfigurationMemberSnsTopic 

type ConfigurationMemberSnsTopic struct {
	Value SnsTopicConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon SNS topic

type ConfigurationMemberSqsQueue 

type ConfigurationMemberSqsQueue struct {
	Value SqsQueueConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon SQS queue.

type ConflictException 

type ConflictException struct {
	Message *string

	ErrorCodeOverride *string

	ResourceId   *string
	ResourceType *string
	// contains filtered or unexported fields
}

A conflict exception error.

func (*ConflictException) Error 

func (e *ConflictException) Error() string

func (*ConflictException) ErrorCode 

func (e *ConflictException) ErrorCode() string

func (*ConflictException) ErrorFault 

func (e *ConflictException) ErrorFault() smithy.ErrorFault

func (*ConflictException) ErrorMessage 

func (e *ConflictException) ErrorMessage() string

type Criterion 

type Criterion struct {

	// A "contains" operator to match for the filter used to create the rule.
	Contains []string

	// An "equals" operator to match for the filter used to create the rule.
	Eq []string

	// An "exists" operator to match for the filter used to create the rule.
	Exists *bool

	// A "not equals" operator to match for the filter used to create the rule.
	Neq []string
	// contains filtered or unexported fields
}

The criteria to use in the filter that defines the archive rule. For more information on available filter keys, see IAM Access Analyzer filter keys (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html) .

type EbsSnapshotConfiguration 

type EbsSnapshotConfiguration struct {

	// The groups that have access to the Amazon EBS volume snapshot. If the value all
	// is specified, then the Amazon EBS volume snapshot is public.
	//   - If the configuration is for an existing Amazon EBS volume snapshot and you
	//   do not specify the groups , then the access preview uses the existing shared
	//   groups for the snapshot.
	//   - If the access preview is for a new resource and you do not specify the
	//   groups , then the access preview considers the snapshot without any groups .
	//   - To propose deletion of existing shared groups , you can specify an empty
	//   list for groups .
	Groups []string

	// The KMS key identifier for an encrypted Amazon EBS volume snapshot. The KMS key
	// identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
	//   - If the configuration is for an existing Amazon EBS volume snapshot and you
	//   do not specify the kmsKeyId , or you specify an empty string, then the access
	//   preview uses the existing kmsKeyId of the snapshot.
	//   - If the access preview is for a new resource and you do not specify the
	//   kmsKeyId , the access preview considers the snapshot as unencrypted.
	KmsKeyId *string

	// The IDs of the Amazon Web Services accounts that have access to the Amazon EBS
	// volume snapshot.
	//   - If the configuration is for an existing Amazon EBS volume snapshot and you
	//   do not specify the userIds , then the access preview uses the existing shared
	//   userIds for the snapshot.
	//   - If the access preview is for a new resource and you do not specify the
	//   userIds , then the access preview considers the snapshot without any userIds .
	//   - To propose deletion of existing shared accountIds , you can specify an empty
	//   list for userIds .
	UserIds []string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon EBS volume snapshot. You can propose a configuration for a new Amazon EBS volume snapshot or an Amazon EBS volume snapshot that you own by specifying the user IDs, groups, and optional KMS encryption key. For more information, see ModifySnapshotAttribute (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html) .

type EcrRepositoryConfiguration 

type EcrRepositoryConfiguration struct {

	// The JSON repository policy text to apply to the Amazon ECR repository. For more
	// information, see Private repository policy examples (https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html)
	// in the Amazon ECR User Guide.
	RepositoryPolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon ECR repository. You can propose a configuration for a new Amazon ECR repository or an existing Amazon ECR repository that you own by specifying the Amazon ECR policy. For more information, see Repository (https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html) .

type EfsFileSystemConfiguration 

type EfsFileSystemConfiguration struct {

	// The JSON policy definition to apply to the Amazon EFS file system. For more
	// information on the elements that make up a file system policy, see Amazon EFS
	// Resource-based policies (https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies)
	// .
	FileSystemPolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon EFS file system. You can propose a configuration for a new Amazon EFS file system or an existing Amazon EFS file system that you own by specifying the Amazon EFS policy. For more information, see Using file systems in Amazon EFS (https://docs.aws.amazon.com/efs/latest/ug/using-fs.html) .

type Finding 

type Finding struct {

	// The time at which the resource was analyzed.
	//
	// This member is required.
	AnalyzedAt *time.Time

	// The condition in the analyzed policy statement that resulted in a finding.
	//
	// This member is required.
	Condition map[string]string

	// The time at which the finding was generated.
	//
	// This member is required.
	CreatedAt *time.Time

	// The ID of the finding.
	//
	// This member is required.
	Id *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource identified in the finding.
	//
	// This member is required.
	ResourceType ResourceType

	// The current status of the finding.
	//
	// This member is required.
	Status FindingStatus

	// The time at which the finding was updated.
	//
	// This member is required.
	UpdatedAt *time.Time

	// The action in the analyzed policy statement that an external principal has
	// permission to use.
	Action []string

	// An error.
	Error *string

	// Indicates whether the policy that generated the finding allows public access to
	// the resource.
	IsPublic *bool

	// The external principal that access to a resource within the zone of trust.
	Principal map[string]string

	// The resource that an external principal has access to.
	Resource *string

	// The sources of the finding. This indicates how the access that generated the
	// finding is granted. It is populated for Amazon S3 bucket findings.
	Sources []FindingSource
	// contains filtered or unexported fields
}

Contains information about a finding.

type FindingChangeType 

type FindingChangeType string
const (
	FindingChangeTypeChanged   FindingChangeType = "CHANGED"
	FindingChangeTypeNew       FindingChangeType = "NEW"
	FindingChangeTypeUnchanged FindingChangeType = "UNCHANGED"
)

Enum values for FindingChangeType

func (FindingChangeType) Values 

func (FindingChangeType) Values() []FindingChangeType

Values returns all known values for FindingChangeType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type FindingSource 

type FindingSource struct {

	// Indicates the type of access that generated the finding.
	//
	// This member is required.
	Type FindingSourceType

	// Includes details about how the access that generated the finding is granted.
	// This is populated for Amazon S3 bucket findings.
	Detail *FindingSourceDetail
	// contains filtered or unexported fields
}

The source of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.

type FindingSourceDetail 

type FindingSourceDetail struct {

	// The account of the cross-account access point that generated the finding.
	AccessPointAccount *string

	// The ARN of the access point that generated the finding. The ARN format depends
	// on whether the ARN represents an access point or a multi-region access point.
	AccessPointArn *string
	// contains filtered or unexported fields
}

Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.

type FindingSourceType 

type FindingSourceType string
const (
	FindingSourceTypePolicy               FindingSourceType = "POLICY"
	FindingSourceTypeBucketAcl            FindingSourceType = "BUCKET_ACL"
	FindingSourceTypeS3AccessPoint        FindingSourceType = "S3_ACCESS_POINT"
	FindingSourceTypeS3AccessPointAccount FindingSourceType = "S3_ACCESS_POINT_ACCOUNT"
)

Enum values for FindingSourceType

func (FindingSourceType) Values 

func (FindingSourceType) Values() []FindingSourceType

Values returns all known values for FindingSourceType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type FindingStatus 

type FindingStatus string
const (
	FindingStatusActive   FindingStatus = "ACTIVE"
	FindingStatusArchived FindingStatus = "ARCHIVED"
	FindingStatusResolved FindingStatus = "RESOLVED"
)

Enum values for FindingStatus

func (FindingStatus) Values 

func (FindingStatus) Values() []FindingStatus

Values returns all known values for FindingStatus. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type FindingStatusUpdate 

type FindingStatusUpdate string
const (
	FindingStatusUpdateActive   FindingStatusUpdate = "ACTIVE"
	FindingStatusUpdateArchived FindingStatusUpdate = "ARCHIVED"
)

Enum values for FindingStatusUpdate

func (FindingStatusUpdate) Values 

func (FindingStatusUpdate) Values() []FindingStatusUpdate

Values returns all known values for FindingStatusUpdate. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type FindingSummary 

type FindingSummary struct {

	// The time at which the resource-based policy that generated the finding was
	// analyzed.
	//
	// This member is required.
	AnalyzedAt *time.Time

	// The condition in the analyzed policy statement that resulted in a finding.
	//
	// This member is required.
	Condition map[string]string

	// The time at which the finding was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The ID of the finding.
	//
	// This member is required.
	Id *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource that the external principal has access to.
	//
	// This member is required.
	ResourceType ResourceType

	// The status of the finding.
	//
	// This member is required.
	Status FindingStatus

	// The time at which the finding was most recently updated.
	//
	// This member is required.
	UpdatedAt *time.Time

	// The action in the analyzed policy statement that an external principal has
	// permission to use.
	Action []string

	// The error that resulted in an Error finding.
	Error *string

	// Indicates whether the finding reports a resource that has a policy that allows
	// public access.
	IsPublic *bool

	// The external principal that has access to a resource within the zone of trust.
	Principal map[string]string

	// The resource that the external principal has access to.
	Resource *string

	// The sources of the finding. This indicates how the access that generated the
	// finding is granted. It is populated for Amazon S3 bucket findings.
	Sources []FindingSource
	// contains filtered or unexported fields
}

Contains information about a finding.

type GeneratedPolicy 

type GeneratedPolicy struct {

	// The text to use as the content for the new policy. The policy is created using
	// the CreatePolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html)
	// action.
	//
	// This member is required.
	Policy *string
	// contains filtered or unexported fields
}

Contains the text for the generated policy.

type GeneratedPolicyProperties 

type GeneratedPolicyProperties struct {

	// The ARN of the IAM entity (user or role) for which you are generating a policy.
	//
	// This member is required.
	PrincipalArn *string

	// Lists details about the Trail used to generated policy.
	CloudTrailProperties *CloudTrailProperties

	// This value is set to true if the generated policy contains all possible actions
	// for a service that IAM Access Analyzer identified from the CloudTrail trail that
	// you specified, and false otherwise.
	IsComplete *bool
	// contains filtered or unexported fields
}

Contains the generated policy details.

type GeneratedPolicyResult 

type GeneratedPolicyResult struct {

	// A GeneratedPolicyProperties object that contains properties of the generated
	// policy.
	//
	// This member is required.
	Properties *GeneratedPolicyProperties

	// The text to use as the content for the new policy. The policy is created using
	// the CreatePolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html)
	// action.
	GeneratedPolicies []GeneratedPolicy
	// contains filtered or unexported fields
}

Contains the text for the generated policy and its details.

type IamRoleConfiguration 

type IamRoleConfiguration struct {

	// The proposed trust policy for the IAM role.
	TrustPolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an IAM role. You can propose a configuration for a new IAM role or an existing IAM role that you own by specifying the trust policy. If the configuration is for a new IAM role, you must specify the trust policy. If the configuration is for an existing IAM role that you own and you do not propose the trust policy, the access preview uses the existing trust policy for the role. The proposed trust policy cannot be an empty string. For more information about role trust policy limits, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) .

type InlineArchiveRule 

type InlineArchiveRule struct {

	// The condition and values for a criterion.
	//
	// This member is required.
	Filter map[string]Criterion

	// The name of the rule.
	//
	// This member is required.
	RuleName *string
	// contains filtered or unexported fields
}

An criterion statement in an archive rule. Each archive rule may have multiple criteria.

type InternalServerException 

type InternalServerException struct {
	Message *string

	ErrorCodeOverride *string

	RetryAfterSeconds *int32
	// contains filtered or unexported fields
}

Internal server error.

func (*InternalServerException) Error 

func (e *InternalServerException) Error() string

func (*InternalServerException) ErrorCode 

func (e *InternalServerException) ErrorCode() string

func (*InternalServerException) ErrorFault 

func (e *InternalServerException) ErrorFault() smithy.ErrorFault

func (*InternalServerException) ErrorMessage 

func (e *InternalServerException) ErrorMessage() string

type InternetConfiguration 

type InternetConfiguration struct {
	// contains filtered or unexported fields
}

This configuration sets the network origin for the Amazon S3 access point or multi-region access point to Internet .

type JobDetails 

type JobDetails struct {

	// The JobId that is returned by the StartPolicyGeneration operation. The JobId
	// can be used with GetGeneratedPolicy to retrieve the generated policies or used
	// with CancelPolicyGeneration to cancel the policy generation request.
	//
	// This member is required.
	JobId *string

	// A timestamp of when the job was started.
	//
	// This member is required.
	StartedOn *time.Time

	// The status of the job request.
	//
	// This member is required.
	Status JobStatus

	// A timestamp of when the job was completed.
	CompletedOn *time.Time

	// The job error for the policy generation request.
	JobError *JobError
	// contains filtered or unexported fields
}

Contains details about the policy generation request.

type JobError 

type JobError struct {

	// The job error code.
	//
	// This member is required.
	Code JobErrorCode

	// Specific information about the error. For example, which service quota was
	// exceeded or which resource was not found.
	//
	// This member is required.
	Message *string
	// contains filtered or unexported fields
}

Contains the details about the policy generation error.

type JobErrorCode 

type JobErrorCode string
const (
	JobErrorCodeAuthorizationError        JobErrorCode = "AUTHORIZATION_ERROR"
	JobErrorCodeResourceNotFoundError     JobErrorCode = "RESOURCE_NOT_FOUND_ERROR"
	JobErrorCodeServiceQuotaExceededError JobErrorCode = "SERVICE_QUOTA_EXCEEDED_ERROR"
	JobErrorCodeServiceError              JobErrorCode = "SERVICE_ERROR"
)

Enum values for JobErrorCode

func (JobErrorCode) Values 

func (JobErrorCode) Values() []JobErrorCode

Values returns all known values for JobErrorCode. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type JobStatus 

type JobStatus string
const (
	JobStatusInProgress JobStatus = "IN_PROGRESS"
	JobStatusSucceeded  JobStatus = "SUCCEEDED"
	JobStatusFailed     JobStatus = "FAILED"
	JobStatusCanceled   JobStatus = "CANCELED"
)

Enum values for JobStatus

func (JobStatus) Values 

func (JobStatus) Values() []JobStatus

Values returns all known values for JobStatus. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type KmsGrantConfiguration 

type KmsGrantConfiguration struct {

	// The principal that is given permission to perform the operations that the grant
	// permits.
	//
	// This member is required.
	GranteePrincipal *string

	// The Amazon Web Services account under which the grant was issued. The account
	// is used to propose KMS grants issued by accounts other than the owner of the
	// key.
	//
	// This member is required.
	IssuingAccount *string

	// A list of operations that the grant permits.
	//
	// This member is required.
	Operations []KmsGrantOperation

	// Use this structure to propose allowing cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations)
	// in the grant only when the operation request includes the specified encryption
	// context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context)
	// .
	Constraints *KmsGrantConstraints

	// The principal that is given permission to retire the grant by using RetireGrant (https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html)
	// operation.
	RetiringPrincipal *string
	// contains filtered or unexported fields
}

A proposed grant configuration for a KMS key. For more information, see CreateGrant (https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html) .

type KmsGrantConstraints 

type KmsGrantConstraints struct {

	// A list of key-value pairs that must match the encryption context in the
	// cryptographic operation (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations)
	// request. The grant allows the operation only when the encryption context in the
	// request is the same as the encryption context specified in this constraint.
	EncryptionContextEquals map[string]string

	// A list of key-value pairs that must be included in the encryption context of
	// the cryptographic operation (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations)
	// request. The grant allows the cryptographic operation only when the encryption
	// context in the request includes the key-value pairs specified in this
	// constraint, although it can include additional key-value pairs.
	EncryptionContextSubset map[string]string
	// contains filtered or unexported fields
}

Use this structure to propose allowing cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) in the grant only when the operation request includes the specified encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) . You can specify only one type of encryption context. An empty map is treated as not specified. For more information, see GrantConstraints (https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html) .

type KmsGrantOperation 

type KmsGrantOperation string
const (
	KmsGrantOperationCreateGrant                         KmsGrantOperation = "CreateGrant"
	KmsGrantOperationDecrypt                             KmsGrantOperation = "Decrypt"
	KmsGrantOperationDescribeKey                         KmsGrantOperation = "DescribeKey"
	KmsGrantOperationEncrypt                             KmsGrantOperation = "Encrypt"
	KmsGrantOperationGenerateDataKey                     KmsGrantOperation = "GenerateDataKey"
	KmsGrantOperationGenerateDataKeyPair                 KmsGrantOperation = "GenerateDataKeyPair"
	KmsGrantOperationGenerateDataKeyPairWithoutPlaintext KmsGrantOperation = "GenerateDataKeyPairWithoutPlaintext"
	KmsGrantOperationGenerateDataKeyWithoutPlaintext     KmsGrantOperation = "GenerateDataKeyWithoutPlaintext"
	KmsGrantOperationGetPublicKey                        KmsGrantOperation = "GetPublicKey"
	KmsGrantOperationReencryptFrom                       KmsGrantOperation = "ReEncryptFrom"
	KmsGrantOperationReencryptTo                         KmsGrantOperation = "ReEncryptTo"
	KmsGrantOperationRetireGrant                         KmsGrantOperation = "RetireGrant"
	KmsGrantOperationSign                                KmsGrantOperation = "Sign"
	KmsGrantOperationVerify                              KmsGrantOperation = "Verify"
)

Enum values for KmsGrantOperation

func (KmsGrantOperation) Values 

func (KmsGrantOperation) Values() []KmsGrantOperation

Values returns all known values for KmsGrantOperation. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type KmsKeyConfiguration 

type KmsKeyConfiguration struct {

	// A list of proposed grant configurations for the KMS key. If the proposed grant
	// configuration is for an existing key, the access preview uses the proposed list
	// of grant configurations in place of the existing grants. Otherwise, the access
	// preview uses the existing grants for the key.
	Grants []KmsGrantConfiguration

	// Resource policy configuration for the KMS key. The only valid value for the
	// name of the key policy is default . For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default)
	// .
	KeyPolicies map[string]string
	// contains filtered or unexported fields
}

Proposed access control configuration for a KMS key. You can propose a configuration for a new KMS key or an existing KMS key that you own by specifying the key policy and KMS grant configuration. If the configuration is for an existing key and you do not specify the key policy, the access preview uses the existing policy for the key. If the access preview is for a new resource and you do not specify the key policy, then the access preview uses the default key policy. The proposed key policy cannot be an empty string. For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) . For more information about key policy limits, see Resource quotas (https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html) .

type Locale 

type Locale string
const (
	LocaleDe   Locale = "DE"
	LocaleEn   Locale = "EN"
	LocaleEs   Locale = "ES"
	LocaleFr   Locale = "FR"
	LocaleIt   Locale = "IT"
	LocaleJa   Locale = "JA"
	LocaleKo   Locale = "KO"
	LocalePtBr Locale = "PT_BR"
	LocaleZhCn Locale = "ZH_CN"
	LocaleZhTw Locale = "ZH_TW"
)

Enum values for Locale

func (Locale) Values 

func (Locale) Values() []Locale

Values returns all known values for Locale. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type Location 

type Location struct {

	// A path in a policy, represented as a sequence of path elements.
	//
	// This member is required.
	Path []PathElement

	// A span in a policy.
	//
	// This member is required.
	Span *Span
	// contains filtered or unexported fields
}

A location in a policy that is represented as a path through the JSON representation and a corresponding span.

type NetworkOriginConfiguration 

type NetworkOriginConfiguration interface {
	// contains filtered or unexported methods
}

The proposed InternetConfiguration or VpcConfiguration to apply to the Amazon S3 access point. VpcConfiguration does not apply to multi-region access points. You can make the access point accessible from the internet, or you can specify that all requests made through that access point must originate from a specific virtual private cloud (VPC). You can specify only one type of network configuration. For more information, see Creating access points (https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html) .

The following types satisfy this interface: 

NetworkOriginConfigurationMemberInternetConfiguration
NetworkOriginConfigurationMemberVpcConfiguration
Example (OutputUsage)

Code:play  

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.NetworkOriginConfiguration
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.NetworkOriginConfigurationMemberInternetConfiguration:
		_ = v.Value // Value is types.InternetConfiguration

	case *types.NetworkOriginConfigurationMemberVpcConfiguration:
		_ = v.Value // Value is types.VpcConfiguration

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type NetworkOriginConfigurationMemberInternetConfiguration 

type NetworkOriginConfigurationMemberInternetConfiguration struct {
	Value InternetConfiguration
	// contains filtered or unexported fields
}

The configuration for the Amazon S3 access point or multi-region access point with an Internet origin.

type NetworkOriginConfigurationMemberVpcConfiguration 

type NetworkOriginConfigurationMemberVpcConfiguration struct {
	Value VpcConfiguration
	// contains filtered or unexported fields
}

The proposed virtual private cloud (VPC) configuration for the Amazon S3 access point. VPC configuration does not apply to multi-region access points. For more information, see VpcConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html) .

type OrderBy 

type OrderBy string
const (
	OrderByAsc  OrderBy = "ASC"
	OrderByDesc OrderBy = "DESC"
)

Enum values for OrderBy

func (OrderBy) Values 

func (OrderBy) Values() []OrderBy

Values returns all known values for OrderBy. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type PathElement 

type PathElement interface {
	// contains filtered or unexported methods
}

A single element in a path through the JSON representation of a policy.

The following types satisfy this interface: 

PathElementMemberIndex
PathElementMemberKey
PathElementMemberSubstring
PathElementMemberValue
Example (OutputUsage)

Code:play  

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.PathElement
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.PathElementMemberIndex:
		_ = v.Value // Value is int32

	case *types.PathElementMemberKey:
		_ = v.Value // Value is string

	case *types.PathElementMemberSubstring:
		_ = v.Value // Value is types.Substring

	case *types.PathElementMemberValue:
		_ = v.Value // Value is string

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type PathElementMemberIndex 

type PathElementMemberIndex struct {
	Value int32
	// contains filtered or unexported fields
}

Refers to an index in a JSON array.

type PathElementMemberKey 

type PathElementMemberKey struct {
	Value string
	// contains filtered or unexported fields
}

Refers to a key in a JSON object.

type PathElementMemberSubstring 

type PathElementMemberSubstring struct {
	Value Substring
	// contains filtered or unexported fields
}

Refers to a substring of a literal string in a JSON object.

type PathElementMemberValue 

type PathElementMemberValue struct {
	Value string
	// contains filtered or unexported fields
}

Refers to the value associated with a given key in a JSON object.

type PolicyGeneration 

type PolicyGeneration struct {

	// The JobId that is returned by the StartPolicyGeneration operation. The JobId
	// can be used with GetGeneratedPolicy to retrieve the generated policies or used
	// with CancelPolicyGeneration to cancel the policy generation request.
	//
	// This member is required.
	JobId *string

	// The ARN of the IAM entity (user or role) for which you are generating a policy.
	//
	// This member is required.
	PrincipalArn *string

	// A timestamp of when the policy generation started.
	//
	// This member is required.
	StartedOn *time.Time

	// The status of the policy generation request.
	//
	// This member is required.
	Status JobStatus

	// A timestamp of when the policy generation was completed.
	CompletedOn *time.Time
	// contains filtered or unexported fields
}

Contains details about the policy generation status and properties.

type PolicyGenerationDetails 

type PolicyGenerationDetails struct {

	// The ARN of the IAM entity (user or role) for which you are generating a policy.
	//
	// This member is required.
	PrincipalArn *string
	// contains filtered or unexported fields
}

Contains the ARN details about the IAM entity for which the policy is generated.

type PolicyType 

type PolicyType string
const (
	PolicyTypeIdentityPolicy       PolicyType = "IDENTITY_POLICY"
	PolicyTypeResourcePolicy       PolicyType = "RESOURCE_POLICY"
	PolicyTypeServiceControlPolicy PolicyType = "SERVICE_CONTROL_POLICY"
)

Enum values for PolicyType

func (PolicyType) Values 

func (PolicyType) Values() []PolicyType

Values returns all known values for PolicyType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type Position 

type Position struct {

	// The column of the position, starting from 0.
	//
	// This member is required.
	Column *int32

	// The line of the position, starting from 1.
	//
	// This member is required.
	Line *int32

	// The offset within the policy that corresponds to the position, starting from 0.
	//
	// This member is required.
	Offset *int32
	// contains filtered or unexported fields
}

A position in a policy.

type RdsDbClusterSnapshotAttributeValue 

type RdsDbClusterSnapshotAttributeValue interface {
	// contains filtered or unexported methods
}

The values for a manual Amazon RDS DB cluster snapshot attribute.

The following types satisfy this interface: 

RdsDbClusterSnapshotAttributeValueMemberAccountIds
Example (OutputUsage)

Code:play  

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.RdsDbClusterSnapshotAttributeValue
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.RdsDbClusterSnapshotAttributeValueMemberAccountIds:
		_ = v.Value // Value is []string

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type RdsDbClusterSnapshotAttributeValueMemberAccountIds 

type RdsDbClusterSnapshotAttributeValueMemberAccountIds struct {
	Value []string
	// contains filtered or unexported fields
}

The Amazon Web Services account IDs that have access to the manual Amazon RDS DB cluster snapshot. If the value all is specified, then the Amazon RDS DB cluster snapshot is public and can be copied or restored by all Amazon Web Services accounts.

type RdsDbClusterSnapshotConfiguration 

type RdsDbClusterSnapshotConfiguration struct {

	// The names and values of manual DB cluster snapshot attributes. Manual DB
	// cluster snapshot attributes are used to authorize other Amazon Web Services
	// accounts to restore a manual DB cluster snapshot. The only valid value for
	// AttributeName for the attribute map is restore
	Attributes map[string]RdsDbClusterSnapshotAttributeValue

	// The KMS key identifier for an encrypted Amazon RDS DB cluster snapshot. The KMS
	// key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
	//
	//   - If the configuration is for an existing Amazon RDS DB cluster snapshot and
	//   you do not specify the kmsKeyId , or you specify an empty string, then the
	//   access preview uses the existing kmsKeyId of the snapshot.
	//   - If the access preview is for a new resource and you do not specify the
	//   specify the kmsKeyId , then the access preview considers the snapshot as
	//   unencrypted.
	KmsKeyId *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon RDS DB cluster snapshot. You can propose a configuration for a new Amazon RDS DB cluster snapshot or an Amazon RDS DB cluster snapshot that you own by specifying the RdsDbClusterSnapshotAttributeValue and optional KMS encryption key. For more information, see ModifyDBClusterSnapshotAttribute (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html) .

type RdsDbSnapshotAttributeValue 

type RdsDbSnapshotAttributeValue interface {
	// contains filtered or unexported methods
}

The name and values of a manual Amazon RDS DB snapshot attribute. Manual DB snapshot attributes are used to authorize other Amazon Web Services accounts to restore a manual DB snapshot.

The following types satisfy this interface: 

RdsDbSnapshotAttributeValueMemberAccountIds
Example (OutputUsage)

Code:play  

package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.RdsDbSnapshotAttributeValue
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.RdsDbSnapshotAttributeValueMemberAccountIds:
		_ = v.Value // Value is []string

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

type RdsDbSnapshotAttributeValueMemberAccountIds 

type RdsDbSnapshotAttributeValueMemberAccountIds struct {
	Value []string
	// contains filtered or unexported fields
}

The Amazon Web Services account IDs that have access to the manual Amazon RDS DB snapshot. If the value all is specified, then the Amazon RDS DB snapshot is public and can be copied or restored by all Amazon Web Services accounts.

type RdsDbSnapshotConfiguration 

type RdsDbSnapshotConfiguration struct {

	// The names and values of manual DB snapshot attributes. Manual DB snapshot
	// attributes are used to authorize other Amazon Web Services accounts to restore a
	// manual DB snapshot. The only valid value for attributeName for the attribute
	// map is restore.
	Attributes map[string]RdsDbSnapshotAttributeValue

	// The KMS key identifier for an encrypted Amazon RDS DB snapshot. The KMS key
	// identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
	//   - If the configuration is for an existing Amazon RDS DB snapshot and you do
	//   not specify the kmsKeyId , or you specify an empty string, then the access
	//   preview uses the existing kmsKeyId of the snapshot.
	//   - If the access preview is for a new resource and you do not specify the
	//   specify the kmsKeyId , then the access preview considers the snapshot as
	//   unencrypted.
	KmsKeyId *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon RDS DB snapshot. You can propose a configuration for a new Amazon RDS DB snapshot or an Amazon RDS DB snapshot that you own by specifying the RdsDbSnapshotAttributeValue and optional KMS encryption key. For more information, see ModifyDBSnapshotAttribute (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html) .

type ReasonCode 

type ReasonCode string
const (
	ReasonCodeAwsServiceAccessDisabled           ReasonCode = "AWS_SERVICE_ACCESS_DISABLED"
	ReasonCodeDelegatedAdministratorDeregistered ReasonCode = "DELEGATED_ADMINISTRATOR_DEREGISTERED"
	ReasonCodeOrganizationDeleted                ReasonCode = "ORGANIZATION_DELETED"
	ReasonCodeServiceLinkedRoleCreationFailed    ReasonCode = "SERVICE_LINKED_ROLE_CREATION_FAILED"
)

Enum values for ReasonCode

func (ReasonCode) Values 

func (ReasonCode) Values() []ReasonCode

Values returns all known values for ReasonCode. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type ResourceNotFoundException 

type ResourceNotFoundException struct {
	Message *string

	ErrorCodeOverride *string

	ResourceId   *string
	ResourceType *string
	// contains filtered or unexported fields
}

The specified resource could not be found.

func (*ResourceNotFoundException) Error 

func (e *ResourceNotFoundException) Error() string

func (*ResourceNotFoundException) ErrorCode 

func (e *ResourceNotFoundException) ErrorCode() string

func (*ResourceNotFoundException) ErrorFault 

func (e *ResourceNotFoundException) ErrorFault() smithy.ErrorFault

func (*ResourceNotFoundException) ErrorMessage 

func (e *ResourceNotFoundException) ErrorMessage() string

type ResourceType 

type ResourceType string
const (
	ResourceTypeAwsS3Bucket             ResourceType = "AWS::S3::Bucket"
	ResourceTypeAwsIamRole              ResourceType = "AWS::IAM::Role"
	ResourceTypeAwsSqsQueue             ResourceType = "AWS::SQS::Queue"
	ResourceTypeAwsLambdaFunction       ResourceType = "AWS::Lambda::Function"
	ResourceTypeAwsLambdaLayerversion   ResourceType = "AWS::Lambda::LayerVersion"
	ResourceTypeAwsKmsKey               ResourceType = "AWS::KMS::Key"
	ResourceTypeAwsSecretsmanagerSecret ResourceType = "AWS::SecretsManager::Secret"
	ResourceTypeAwsEfsFilesystem        ResourceType = "AWS::EFS::FileSystem"
	ResourceTypeAwsEc2Snapshot          ResourceType = "AWS::EC2::Snapshot"
	ResourceTypeAwsEcrRepository        ResourceType = "AWS::ECR::Repository"
	ResourceTypeAwsRdsDbsnapshot        ResourceType = "AWS::RDS::DBSnapshot"
	ResourceTypeAwsRdsDbclustersnapshot ResourceType = "AWS::RDS::DBClusterSnapshot"
	ResourceTypeAwsSnsTopic             ResourceType = "AWS::SNS::Topic"
)

Enum values for ResourceType

func (ResourceType) Values 

func (ResourceType) Values() []ResourceType

Values returns all known values for ResourceType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type S3AccessPointConfiguration 

type S3AccessPointConfiguration struct {

	// The access point or multi-region access point policy.
	AccessPointPolicy *string

	// The proposed Internet and VpcConfiguration to apply to this Amazon S3 access
	// point. VpcConfiguration does not apply to multi-region access points. If the
	// access preview is for a new resource and neither is specified, the access
	// preview uses Internet for the network origin. If the access preview is for an
	// existing resource and neither is specified, the access preview uses the exiting
	// network origin.
	NetworkOrigin NetworkOriginConfiguration

	// The proposed S3PublicAccessBlock configuration to apply to this Amazon S3
	// access point or multi-region access point.
	PublicAccessBlock *S3PublicAccessBlockConfiguration
	// contains filtered or unexported fields
}

The configuration for an Amazon S3 access point or multi-region access point for the bucket. You can propose up to 10 access points or multi-region access points per bucket. If the proposed Amazon S3 access point configuration is for an existing bucket, the access preview uses the proposed access point configuration in place of the existing access points. To propose an access point without a policy, you can provide an empty string as the access point policy. For more information, see Creating access points (https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html) . For more information about access point policy limits, see Access points restrictions and limitations (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html) .

type S3BucketAclGrantConfiguration 

type S3BucketAclGrantConfiguration struct {

	// The grantee to whom you’re assigning access rights.
	//
	// This member is required.
	Grantee AclGrantee

	// The permissions being granted.
	//
	// This member is required.
	Permission AclPermission
	// contains filtered or unexported fields
}

A proposed access control list grant configuration for an Amazon S3 bucket. For more information, see How to Specify an ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#setting-acls) .

type S3BucketConfiguration 

type S3BucketConfiguration struct {

	// The configuration of Amazon S3 access points or multi-region access points for
	// the bucket. You can propose up to 10 new access points per bucket.
	AccessPoints map[string]S3AccessPointConfiguration

	// The proposed list of ACL grants for the Amazon S3 bucket. You can propose up to
	// 100 ACL grants per bucket. If the proposed grant configuration is for an
	// existing bucket, the access preview uses the proposed list of grant
	// configurations in place of the existing grants. Otherwise, the access preview
	// uses the existing grants for the bucket.
	BucketAclGrants []S3BucketAclGrantConfiguration

	// The proposed bucket policy for the Amazon S3 bucket.
	BucketPolicy *string

	// The proposed block public access configuration for the Amazon S3 bucket.
	BucketPublicAccessBlock *S3PublicAccessBlockConfiguration
	// contains filtered or unexported fields
}

Proposed access control configuration for an Amazon S3 bucket. You can propose a configuration for a new Amazon S3 bucket or an existing Amazon S3 bucket that you own by specifying the Amazon S3 bucket policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and multi-region access points attached to the bucket. If the configuration is for an existing Amazon S3 bucket and you do not specify the Amazon S3 bucket policy, the access preview uses the existing policy attached to the bucket. If the access preview is for a new resource and you do not specify the Amazon S3 bucket policy, the access preview assumes a bucket without a policy. To propose deletion of an existing bucket policy, you can specify an empty string. For more information about bucket policy limits, see Bucket Policy Examples (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html) .

type S3PublicAccessBlockConfiguration 

type S3PublicAccessBlockConfiguration struct {

	// Specifies whether Amazon S3 should ignore public ACLs for this bucket and
	// objects in this bucket.
	//
	// This member is required.
	IgnorePublicAcls *bool

	// Specifies whether Amazon S3 should restrict public bucket policies for this
	// bucket.
	//
	// This member is required.
	RestrictPublicBuckets *bool
	// contains filtered or unexported fields
}

The PublicAccessBlock configuration to apply to this Amazon S3 bucket. If the proposed configuration is for an existing Amazon S3 bucket and the configuration is not specified, the access preview uses the existing setting. If the proposed configuration is for a new bucket and the configuration is not specified, the access preview uses false . If the proposed configuration is for a new access point or multi-region access point and the access point BPA configuration is not specified, the access preview uses true . For more information, see PublicAccessBlockConfiguration (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html) .

type SecretsManagerSecretConfiguration 

type SecretsManagerSecretConfiguration struct {

	// The proposed ARN, key ID, or alias of the KMS key.
	KmsKeyId *string

	// The proposed resource policy defining who can access or manage the secret.
	SecretPolicy *string
	// contains filtered or unexported fields
}

The configuration for a Secrets Manager secret. For more information, see CreateSecret (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html) . You can propose a configuration for a new secret or an existing secret that you own by specifying the secret policy and optional KMS encryption key. If the configuration is for an existing secret and you do not specify the secret policy, the access preview uses the existing policy for the secret. If the access preview is for a new resource and you do not specify the policy, the access preview assumes a secret without a policy. To propose deletion of an existing policy, you can specify an empty string. If the proposed configuration is for a new secret and you do not specify the KMS key ID, the access preview uses the Amazon Web Services managed key aws/secretsmanager . If you specify an empty string for the KMS key ID, the access preview uses the Amazon Web Services managed key of the Amazon Web Services account. For more information about secret policy limits, see Quotas for Secrets Manager. (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html) .

type ServiceQuotaExceededException 

type ServiceQuotaExceededException struct {
	Message *string

	ErrorCodeOverride *string

	ResourceId   *string
	ResourceType *string
	// contains filtered or unexported fields
}

Service quote met error.

func (*ServiceQuotaExceededException) Error 

func (e *ServiceQuotaExceededException) Error() string

func (*ServiceQuotaExceededException) ErrorCode 

func (e *ServiceQuotaExceededException) ErrorCode() string

func (*ServiceQuotaExceededException) ErrorFault 

func (e *ServiceQuotaExceededException) ErrorFault() smithy.ErrorFault

func (*ServiceQuotaExceededException) ErrorMessage 

func (e *ServiceQuotaExceededException) ErrorMessage() string

type SnsTopicConfiguration 

type SnsTopicConfiguration struct {

	// The JSON policy text that defines who can access an Amazon SNS topic. For more
	// information, see Example cases for Amazon SNS access control (https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html)
	// in the Amazon SNS Developer Guide.
	TopicPolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon SNS topic. You can propose a configuration for a new Amazon SNS topic or an existing Amazon SNS topic that you own by specifying the policy. If the configuration is for an existing Amazon SNS topic and you do not specify the Amazon SNS policy, then the access preview uses the existing Amazon SNS policy for the topic. If the access preview is for a new resource and you do not specify the policy, then the access preview assumes an Amazon SNS topic without a policy. To propose deletion of an existing Amazon SNS topic policy, you can specify an empty string for the Amazon SNS policy. For more information, see Topic (https://docs.aws.amazon.com/sns/latest/api/API_Topic.html) .

type SortCriteria 

type SortCriteria struct {

	// The name of the attribute to sort on.
	AttributeName *string

	// The sort order, ascending or descending.
	OrderBy OrderBy
	// contains filtered or unexported fields
}

The criteria used to sort.

type Span 

type Span struct {

	// The end position of the span (exclusive).
	//
	// This member is required.
	End *Position

	// The start position of the span (inclusive).
	//
	// This member is required.
	Start *Position
	// contains filtered or unexported fields
}

A span in a policy. The span consists of a start position (inclusive) and end position (exclusive).

type SqsQueueConfiguration 

type SqsQueueConfiguration struct {

	// The proposed resource policy for the Amazon SQS queue.
	QueuePolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon SQS queue. You can propose a configuration for a new Amazon SQS queue or an existing Amazon SQS queue that you own by specifying the Amazon SQS policy. If the configuration is for an existing Amazon SQS queue and you do not specify the Amazon SQS policy, the access preview uses the existing Amazon SQS policy for the queue. If the access preview is for a new resource and you do not specify the policy, the access preview assumes an Amazon SQS queue without a policy. To propose deletion of an existing Amazon SQS queue policy, you can specify an empty string for the Amazon SQS policy. For more information about Amazon SQS policy limits, see Quotas related to policies (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-policies.html) .

type StatusReason 

type StatusReason struct {

	// The reason code for the current status of the analyzer.
	//
	// This member is required.
	Code ReasonCode
	// contains filtered or unexported fields
}

Provides more details about the current status of the analyzer. For example, if the creation for the analyzer fails, a Failed status is returned. For an analyzer with organization as the type, this failure can be due to an issue with creating the service-linked roles required in the member accounts of the Amazon Web Services organization.

type Substring 

type Substring struct {

	// The length of the substring.
	//
	// This member is required.
	Length *int32

	// The start index of the substring, starting from 0.
	//
	// This member is required.
	Start *int32
	// contains filtered or unexported fields
}

A reference to a substring of a literal string in a JSON document.

type ThrottlingException 

type ThrottlingException struct {
	Message *string

	ErrorCodeOverride *string

	RetryAfterSeconds *int32
	// contains filtered or unexported fields
}

Throttling limit exceeded error.

func (*ThrottlingException) Error 

func (e *ThrottlingException) Error() string

func (*ThrottlingException) ErrorCode 

func (e *ThrottlingException) ErrorCode() string

func (*ThrottlingException) ErrorFault 

func (e *ThrottlingException) ErrorFault() smithy.ErrorFault

func (*ThrottlingException) ErrorMessage 

func (e *ThrottlingException) ErrorMessage() string

type Trail 

type Trail struct {

	// Specifies the ARN of the trail. The format of a trail ARN is
	// arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail .
	//
	// This member is required.
	CloudTrailArn *string

	// Possible values are true or false . If set to true , IAM Access Analyzer
	// retrieves CloudTrail data from all regions to analyze and generate a policy.
	AllRegions *bool

	// A list of regions to get CloudTrail data from and analyze to generate a policy.
	Regions []string
	// contains filtered or unexported fields
}

Contains details about the CloudTrail trail being analyzed to generate a policy.

type TrailProperties 

type TrailProperties struct {

	// Specifies the ARN of the trail. The format of a trail ARN is
	// arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail .
	//
	// This member is required.
	CloudTrailArn *string

	// Possible values are true or false . If set to true , IAM Access Analyzer
	// retrieves CloudTrail data from all regions to analyze and generate a policy.
	AllRegions *bool

	// A list of regions to get CloudTrail data from and analyze to generate a policy.
	Regions []string
	// contains filtered or unexported fields
}

Contains details about the CloudTrail trail being analyzed to generate a policy.

type Type 

type Type string
const (
	TypeAccount      Type = "ACCOUNT"
	TypeOrganization Type = "ORGANIZATION"
)

Enum values for Type

func (Type) Values 

func (Type) Values() []Type

Values returns all known values for Type. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type UnknownUnionMember 

type UnknownUnionMember struct {
	Tag   string
	Value []byte
	// contains filtered or unexported fields
}

UnknownUnionMember is returned when a union member is returned over the wire, but has an unknown tag.

type ValidatePolicyFinding 

type ValidatePolicyFinding struct {

	// A localized message that explains the finding and provides guidance on how to
	// address it.
	//
	// This member is required.
	FindingDetails *string

	// The impact of the finding. Security warnings report when the policy allows
	// access that we consider overly permissive. Errors report when a part of the
	// policy is not functional. Warnings report non-security issues when a policy does
	// not conform to policy writing best practices. Suggestions recommend stylistic
	// improvements in the policy that do not impact access.
	//
	// This member is required.
	FindingType ValidatePolicyFindingType

	// The issue code provides an identifier of the issue associated with this finding.
	//
	// This member is required.
	IssueCode *string

	// A link to additional documentation about the type of finding.
	//
	// This member is required.
	LearnMoreLink *string

	// The list of locations in the policy document that are related to the finding.
	// The issue code provides a summary of an issue identified by the finding.
	//
	// This member is required.
	Locations []Location
	// contains filtered or unexported fields
}

A finding in a policy. Each finding is an actionable recommendation that can be used to improve the policy.

type ValidatePolicyFindingType 

type ValidatePolicyFindingType string
const (
	ValidatePolicyFindingTypeError           ValidatePolicyFindingType = "ERROR"
	ValidatePolicyFindingTypeSecurityWarning ValidatePolicyFindingType = "SECURITY_WARNING"
	ValidatePolicyFindingTypeSuggestion      ValidatePolicyFindingType = "SUGGESTION"
	ValidatePolicyFindingTypeWarning         ValidatePolicyFindingType = "WARNING"
)

Enum values for ValidatePolicyFindingType

func (ValidatePolicyFindingType) Values 

func (ValidatePolicyFindingType) Values() []ValidatePolicyFindingType

Values returns all known values for ValidatePolicyFindingType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type ValidatePolicyResourceType 

type ValidatePolicyResourceType string
const (
	ValidatePolicyResourceTypeS3Bucket                  ValidatePolicyResourceType = "AWS::S3::Bucket"
	ValidatePolicyResourceTypeS3AccessPoint             ValidatePolicyResourceType = "AWS::S3::AccessPoint"
	ValidatePolicyResourceTypeS3MultiRegionAccessPoint  ValidatePolicyResourceType = "AWS::S3::MultiRegionAccessPoint"
	ValidatePolicyResourceTypeS3ObjectLambdaAccessPoint ValidatePolicyResourceType = "AWS::S3ObjectLambda::AccessPoint"
	ValidatePolicyResourceTypeRoleTrust                 ValidatePolicyResourceType = "AWS::IAM::AssumeRolePolicyDocument"
)

Enum values for ValidatePolicyResourceType

func (ValidatePolicyResourceType) Values 

func (ValidatePolicyResourceType) Values() []ValidatePolicyResourceType

Values returns all known values for ValidatePolicyResourceType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type ValidationException 

type ValidationException struct {
	Message *string

	ErrorCodeOverride *string

	Reason    ValidationExceptionReason
	FieldList []ValidationExceptionField
	// contains filtered or unexported fields
}

Validation exception error.

func (*ValidationException) Error 

func (e *ValidationException) Error() string

func (*ValidationException) ErrorCode 

func (e *ValidationException) ErrorCode() string

func (*ValidationException) ErrorFault 

func (e *ValidationException) ErrorFault() smithy.ErrorFault

func (*ValidationException) ErrorMessage 

func (e *ValidationException) ErrorMessage() string

type ValidationExceptionField 

type ValidationExceptionField struct {

	// A message about the validation exception.
	//
	// This member is required.
	Message *string

	// The name of the validation exception.
	//
	// This member is required.
	Name *string
	// contains filtered or unexported fields
}

Contains information about a validation exception.

type ValidationExceptionReason 

type ValidationExceptionReason string
const (
	ValidationExceptionReasonUnknownOperation      ValidationExceptionReason = "unknownOperation"
	ValidationExceptionReasonCannotParse           ValidationExceptionReason = "cannotParse"
	ValidationExceptionReasonFieldValidationFailed ValidationExceptionReason = "fieldValidationFailed"
	ValidationExceptionReasonOther                 ValidationExceptionReason = "other"
)

Enum values for ValidationExceptionReason

func (ValidationExceptionReason) Values 

func (ValidationExceptionReason) Values() []ValidationExceptionReason

Values returns all known values for ValidationExceptionReason. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.

type VpcConfiguration 

type VpcConfiguration struct {

	// If this field is specified, this access point will only allow connections from
	// the specified VPC ID.
	//
	// This member is required.
	VpcId *string
	// contains filtered or unexported fields
}

The proposed virtual private cloud (VPC) configuration for the Amazon S3 access point. VPC configuration does not apply to multi-region access points. For more information, see VpcConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html) .

Source Files

enums.go errors.go types.go

Version
v1.20.1
Published
Aug 1, 2023
Platform
windows/amd64
Imports
4 packages
Last checked
2 weeks ago

Tools for package owners.