types

package
v1.37.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 13, 2025 License: Apache-2.0 Imports: 4 Imported by: 16

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Access added in v1.24.0 

type Access struct {

	// A list of actions for the access permissions. Any strings that can be used as
	// an action in an IAM policy can be used in the list of actions to check.
	Actions []string

	// A list of resources for the access permissions. Any strings that can be used as
	// an Amazon Resource Name (ARN) in an IAM policy can be used in the list of
	// resources to check. You can only use a wildcard in the portion of the ARN that
	// specifies the resource ID.
	Resources []string
	// contains filtered or unexported fields
}

Contains information about actions and resources that define permissions to check against a policy.

type AccessCheckPolicyType added in v1.24.0 

type AccessCheckPolicyType string
const (
	AccessCheckPolicyTypeIdentityPolicy AccessCheckPolicyType = "IDENTITY_POLICY"
	AccessCheckPolicyTypeResourcePolicy AccessCheckPolicyType = "RESOURCE_POLICY"
)

Enum values for AccessCheckPolicyType

func (AccessCheckPolicyType) Values added in v1.24.0 

func (AccessCheckPolicyType) Values() []AccessCheckPolicyType

Values returns all known values for AccessCheckPolicyType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AccessCheckResourceType added in v1.30.0 

type AccessCheckResourceType string
const (
	AccessCheckResourceTypeDynamodbTable            AccessCheckResourceType = "AWS::DynamoDB::Table"
	AccessCheckResourceTypeDynamodbStream           AccessCheckResourceType = "AWS::DynamoDB::Stream"
	AccessCheckResourceTypeEfsFilesystem            AccessCheckResourceType = "AWS::EFS::FileSystem"
	AccessCheckResourceTypeOpensearchserviceDomain  AccessCheckResourceType = "AWS::OpenSearchService::Domain"
	AccessCheckResourceTypeKinesisDataStream        AccessCheckResourceType = "AWS::Kinesis::Stream"
	AccessCheckResourceTypeKinesisStreamConsumer    AccessCheckResourceType = "AWS::Kinesis::StreamConsumer"
	AccessCheckResourceTypeKmsKey                   AccessCheckResourceType = "AWS::KMS::Key"
	AccessCheckResourceTypeLambdaFunction           AccessCheckResourceType = "AWS::Lambda::Function"
	AccessCheckResourceTypeS3Bucket                 AccessCheckResourceType = "AWS::S3::Bucket"
	AccessCheckResourceTypeS3AccessPoint            AccessCheckResourceType = "AWS::S3::AccessPoint"
	AccessCheckResourceTypeS3expressDirectorybucket AccessCheckResourceType = "AWS::S3Express::DirectoryBucket"
	AccessCheckResourceTypeS3Glacier                AccessCheckResourceType = "AWS::S3::Glacier"
	AccessCheckResourceTypeS3OutpostsBucket         AccessCheckResourceType = "AWS::S3Outposts::Bucket"
	AccessCheckResourceTypeS3OutpostsAccessPoint    AccessCheckResourceType = "AWS::S3Outposts::AccessPoint"
	AccessCheckResourceTypeSecretsmanagerSecret     AccessCheckResourceType = "AWS::SecretsManager::Secret"
	AccessCheckResourceTypeSnsTopic                 AccessCheckResourceType = "AWS::SNS::Topic"
	AccessCheckResourceTypeSqsQueue                 AccessCheckResourceType = "AWS::SQS::Queue"
	AccessCheckResourceTypeRoleTrust                AccessCheckResourceType = "AWS::IAM::AssumeRolePolicyDocument"
)

Enum values for AccessCheckResourceType

func (AccessCheckResourceType) Values added in v1.30.0 

func (AccessCheckResourceType) Values() []AccessCheckResourceType

Values returns all known values for AccessCheckResourceType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AccessDeniedException 

type AccessDeniedException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

You do not have sufficient access to perform this action.

func (*AccessDeniedException) Error 

func (e *AccessDeniedException) Error() string

func (*AccessDeniedException) ErrorCode 

func (e *AccessDeniedException) ErrorCode() string

func (*AccessDeniedException) ErrorFault 

func (e *AccessDeniedException) ErrorFault() smithy.ErrorFault

func (*AccessDeniedException) ErrorMessage 

func (e *AccessDeniedException) ErrorMessage() string

type AccessPreview added in v1.2.0 

type AccessPreview struct {

	// The ARN of the analyzer used to generate the access preview.
	//
	// This member is required.
	AnalyzerArn *string

	// A map of resource ARNs for the proposed resource configuration.
	//
	// This member is required.
	Configurations map[string]Configuration

	// The time at which the access preview was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The unique ID for the access preview.
	//
	// This member is required.
	Id *string

	// The status of the access preview.
	//
	//   - Creating - The access preview creation is in progress.
	//
	//   - Completed - The access preview is complete. You can preview findings for
	//   external access to the resource.
	//
	//   - Failed - The access preview creation has failed.
	//
	// This member is required.
	Status AccessPreviewStatus

	// Provides more details about the current status of the access preview.
	//
	// For example, if the creation of the access preview fails, a Failed status is
	// returned. This failure can be due to an internal issue with the analysis or due
	// to an invalid resource configuration.
	StatusReason *AccessPreviewStatusReason
	// contains filtered or unexported fields
}

Contains information about an access preview.

type AccessPreviewFinding added in v1.2.0 

type AccessPreviewFinding struct {

	// Provides context on how the access preview finding compares to existing access
	// identified in IAM Access Analyzer.
	//
	//   - New - The finding is for newly-introduced access.
	//
	//   - Unchanged - The preview finding is an existing finding that would remain
	//   unchanged.
	//
	//   - Changed - The preview finding is an existing finding with a change in status.
	//
	// For example, a Changed finding with preview status Resolved and existing status
	// Active indicates the existing Active finding would become Resolved as a result
	// of the proposed permissions change.
	//
	// This member is required.
	ChangeType FindingChangeType

	// The time at which the access preview finding was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The ID of the access preview finding. This ID uniquely identifies the element
	// in the list of access preview findings and is not related to the finding ID in
	// Access Analyzer.
	//
	// This member is required.
	Id *string

	// The Amazon Web Services account ID that owns the resource. For most Amazon Web
	// Services resources, the owning account is the account in which the resource was
	// created.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource that can be accessed in the finding.
	//
	// This member is required.
	ResourceType ResourceType

	// The preview status of the finding. This is what the status of the finding would
	// be after permissions deployment. For example, a Changed finding with preview
	// status Resolved and existing status Active indicates the existing Active
	// finding would become Resolved as a result of the proposed permissions change.
	//
	// This member is required.
	Status FindingStatus

	// The action in the analyzed policy statement that an external principal has
	// permission to perform.
	Action []string

	// The condition in the analyzed policy statement that resulted in a finding.
	Condition map[string]string

	// An error.
	Error *string

	// The existing ID of the finding in IAM Access Analyzer, provided only for
	// existing findings.
	ExistingFindingId *string

	// The existing status of the finding, provided only for existing findings.
	ExistingFindingStatus FindingStatus

	// Indicates whether the policy that generated the finding allows public access to
	// the resource.
	IsPublic *bool

	// The external principal that has access to a resource within the zone of trust.
	Principal map[string]string

	// The resource that an external principal has access to. This is the resource
	// associated with the access preview.
	Resource *string

	// The type of restriction applied to the finding by the resource owner with an
	// Organizations resource control policy (RCP).
	ResourceControlPolicyRestriction ResourceControlPolicyRestriction

	// The sources of the finding. This indicates how the access that generated the
	// finding is granted. It is populated for Amazon S3 bucket findings.
	Sources []FindingSource
	// contains filtered or unexported fields
}

An access preview finding generated by the access preview.

type AccessPreviewStatus added in v1.2.0 

type AccessPreviewStatus string
const (
	AccessPreviewStatusCompleted AccessPreviewStatus = "COMPLETED"
	AccessPreviewStatusCreating  AccessPreviewStatus = "CREATING"
	AccessPreviewStatusFailed    AccessPreviewStatus = "FAILED"
)

Enum values for AccessPreviewStatus

func (AccessPreviewStatus) Values added in v1.2.0 

func (AccessPreviewStatus) Values() []AccessPreviewStatus

Values returns all known values for AccessPreviewStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AccessPreviewStatusReason added in v1.2.0 

type AccessPreviewStatusReason struct {

	// The reason code for the current status of the access preview.
	//
	// This member is required.
	Code AccessPreviewStatusReasonCode
	// contains filtered or unexported fields
}

Provides more details about the current status of the access preview. For example, if the creation of the access preview fails, a Failed status is returned. This failure can be due to an internal issue with the analysis or due to an invalid proposed resource configuration.

type AccessPreviewStatusReasonCode added in v1.2.0 

type AccessPreviewStatusReasonCode string
const (
	AccessPreviewStatusReasonCodeInternalError        AccessPreviewStatusReasonCode = "INTERNAL_ERROR"
	AccessPreviewStatusReasonCodeInvalidConfiguration AccessPreviewStatusReasonCode = "INVALID_CONFIGURATION"
)

Enum values for AccessPreviewStatusReasonCode

func (AccessPreviewStatusReasonCode) Values added in v1.2.0 

func (AccessPreviewStatusReasonCode) Values() []AccessPreviewStatusReasonCode

Values returns all known values for AccessPreviewStatusReasonCode. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AccessPreviewSummary added in v1.2.0 

type AccessPreviewSummary struct {

	// The ARN of the analyzer used to generate the access preview.
	//
	// This member is required.
	AnalyzerArn *string

	// The time at which the access preview was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The unique ID for the access preview.
	//
	// This member is required.
	Id *string

	// The status of the access preview.
	//
	//   - Creating - The access preview creation is in progress.
	//
	//   - Completed - The access preview is complete and previews the findings for
	//   external access to the resource.
	//
	//   - Failed - The access preview creation has failed.
	//
	// This member is required.
	Status AccessPreviewStatus

	// Provides more details about the current status of the access preview. For
	// example, if the creation of the access preview fails, a Failed status is
	// returned. This failure can be due to an internal issue with the analysis or due
	// to an invalid proposed resource configuration.
	StatusReason *AccessPreviewStatusReason
	// contains filtered or unexported fields
}

Contains a summary of information about an access preview.

type AclGrantee added in v1.2.0 

type AclGrantee interface {
	// contains filtered or unexported methods
}

You specify each grantee as a type-value pair using one of these types. You can specify only one type of grantee. For more information, see PutBucketAcl.

The following types satisfy this interface: 

AclGranteeMemberId
AclGranteeMemberUri
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.AclGrantee
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.AclGranteeMemberId:
		_ = v.Value // Value is string

	case *types.AclGranteeMemberUri:
		_ = v.Value // Value is string

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type AclGranteeMemberId added in v1.2.0 

type AclGranteeMemberId struct {
	Value string
	// contains filtered or unexported fields
}

The value specified is the canonical user ID of an Amazon Web Services account.

type AclGranteeMemberUri added in v1.2.0 

type AclGranteeMemberUri struct {
	Value string
	// contains filtered or unexported fields
}

Used for granting permissions to a predefined group.

type AclPermission added in v1.2.0 

type AclPermission string
const (
	AclPermissionRead        AclPermission = "READ"
	AclPermissionWrite       AclPermission = "WRITE"
	AclPermissionReadAcp     AclPermission = "READ_ACP"
	AclPermissionWriteAcp    AclPermission = "WRITE_ACP"
	AclPermissionFullControl AclPermission = "FULL_CONTROL"
)

Enum values for AclPermission

func (AclPermission) Values added in v1.2.0 

func (AclPermission) Values() []AclPermission

Values returns all known values for AclPermission. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AnalysisRule added in v1.36.0 

type AnalysisRule struct {

	// A list of rules for the analyzer containing criteria to exclude from analysis.
	// Entities that meet the rule criteria will not generate findings.
	Exclusions []AnalysisRuleCriteria
	// contains filtered or unexported fields
}

Contains information about analysis rules for the analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule.

type AnalysisRuleCriteria added in v1.36.0 

type AnalysisRuleCriteria struct {

	// A list of Amazon Web Services account IDs to apply to the analysis rule
	// criteria. The accounts cannot include the organization analyzer owner account.
	// Account IDs can only be applied to the analysis rule criteria for
	// organization-level analyzers. The list cannot include more than 2,000 account
	// IDs.
	AccountIds []string

	// An array of key-value pairs to match for your resources. You can use the set of
	// Unicode letters, digits, whitespace, _ , . , / , = , + , and - .
	//
	// For the tag key, you can specify a value that is 1 to 128 characters in length
	// and cannot be prefixed with aws: .
	//
	// For the tag value, you can specify a value that is 0 to 256 characters in
	// length. If the specified tag value is 0 characters, the rule is applied to all
	// principals with the specified tag key.
	ResourceTags []map[string]string
	// contains filtered or unexported fields
}

The criteria for an analysis rule for an analyzer. The criteria determine which entities will generate findings.

type AnalyzedResource 

type AnalyzedResource struct {

	// The time at which the resource was analyzed.
	//
	// This member is required.
	AnalyzedAt *time.Time

	// The time at which the finding was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// Indicates whether the policy that generated the finding grants public access to
	// the resource.
	//
	// This member is required.
	IsPublic *bool

	// The ARN of the resource that was analyzed.
	//
	// This member is required.
	ResourceArn *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource that was analyzed.
	//
	// This member is required.
	ResourceType ResourceType

	// The time at which the finding was updated.
	//
	// This member is required.
	UpdatedAt *time.Time

	// The actions that an external principal is granted permission to use by the
	// policy that generated the finding.
	Actions []string

	// An error message.
	Error *string

	// Indicates how the access that generated the finding is granted. This is
	// populated for Amazon S3 bucket findings.
	SharedVia []string

	// The current status of the finding generated from the analyzed resource.
	Status FindingStatus
	// contains filtered or unexported fields
}

Contains details about the analyzed resource.

type AnalyzedResourceSummary 

type AnalyzedResourceSummary struct {

	// The ARN of the analyzed resource.
	//
	// This member is required.
	ResourceArn *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of resource that was analyzed.
	//
	// This member is required.
	ResourceType ResourceType
	// contains filtered or unexported fields
}

Contains the ARN of the analyzed resource.

type AnalyzerConfiguration added in v1.24.0 

type AnalyzerConfiguration interface {
	// contains filtered or unexported methods
}

Contains information about the configuration of an analyzer for an Amazon Web Services organization or account.

The following types satisfy this interface: 

AnalyzerConfigurationMemberUnusedAccess
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.AnalyzerConfiguration
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.AnalyzerConfigurationMemberUnusedAccess:
		_ = v.Value // Value is types.UnusedAccessConfiguration

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type AnalyzerConfigurationMemberUnusedAccess added in v1.24.0 

type AnalyzerConfigurationMemberUnusedAccess struct {
	Value UnusedAccessConfiguration
	// contains filtered or unexported fields
}

Specifies the configuration of an unused access analyzer for an Amazon Web Services organization or account.

type AnalyzerStatus 

type AnalyzerStatus string
const (
	AnalyzerStatusActive   AnalyzerStatus = "ACTIVE"
	AnalyzerStatusCreating AnalyzerStatus = "CREATING"
	AnalyzerStatusDisabled AnalyzerStatus = "DISABLED"
	AnalyzerStatusFailed   AnalyzerStatus = "FAILED"
)

Enum values for AnalyzerStatus

func (AnalyzerStatus) Values added in v0.29.0 

func (AnalyzerStatus) Values() []AnalyzerStatus

Values returns all known values for AnalyzerStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type AnalyzerSummary 

type AnalyzerSummary struct {

	// The ARN of the analyzer.
	//
	// This member is required.
	Arn *string

	// A timestamp for the time at which the analyzer was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The name of the analyzer.
	//
	// This member is required.
	Name *string

	// The status of the analyzer. An Active analyzer successfully monitors supported
	// resources and generates new findings. The analyzer is Disabled when a user
	// action, such as removing trusted access for Identity and Access Management
	// Access Analyzer from Organizations, causes the analyzer to stop generating new
	// findings. The status is Creating when the analyzer creation is in progress and
	// Failed when the analyzer creation has failed.
	//
	// This member is required.
	Status AnalyzerStatus

	// The type of analyzer, which corresponds to the zone of trust chosen for the
	// analyzer.
	//
	// This member is required.
	Type Type

	// Specifies whether the analyzer is an external access or unused access analyzer.
	Configuration AnalyzerConfiguration

	// The resource that was most recently analyzed by the analyzer.
	LastResourceAnalyzed *string

	// The time at which the most recently analyzed resource was analyzed.
	LastResourceAnalyzedAt *time.Time

	// The statusReason provides more details about the current status of the
	// analyzer. For example, if the creation for the analyzer fails, a Failed status
	// is returned. For an analyzer with organization as the type, this failure can be
	// due to an issue with creating the service-linked roles required in the member
	// accounts of the Amazon Web Services organization.
	StatusReason *StatusReason

	// The tags added to the analyzer.
	Tags map[string]string
	// contains filtered or unexported fields
}

Contains information about the analyzer.

type ArchiveRuleSummary 

type ArchiveRuleSummary struct {

	// The time at which the archive rule was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// A filter used to define the archive rule.
	//
	// This member is required.
	Filter map[string]Criterion

	// The name of the archive rule.
	//
	// This member is required.
	RuleName *string

	// The time at which the archive rule was last updated.
	//
	// This member is required.
	UpdatedAt *time.Time
	// contains filtered or unexported fields
}

Contains information about an archive rule. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.

type CheckAccessNotGrantedResult added in v1.24.0 

type CheckAccessNotGrantedResult string
const (
	CheckAccessNotGrantedResultPass CheckAccessNotGrantedResult = "PASS"
	CheckAccessNotGrantedResultFail CheckAccessNotGrantedResult = "FAIL"
)

Enum values for CheckAccessNotGrantedResult

func (CheckAccessNotGrantedResult) Values added in v1.24.0 

func (CheckAccessNotGrantedResult) Values() []CheckAccessNotGrantedResult

Values returns all known values for CheckAccessNotGrantedResult. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type CheckNoNewAccessResult added in v1.24.0 

type CheckNoNewAccessResult string
const (
	CheckNoNewAccessResultPass CheckNoNewAccessResult = "PASS"
	CheckNoNewAccessResultFail CheckNoNewAccessResult = "FAIL"
)

Enum values for CheckNoNewAccessResult

func (CheckNoNewAccessResult) Values added in v1.24.0 

func (CheckNoNewAccessResult) Values() []CheckNoNewAccessResult

Values returns all known values for CheckNoNewAccessResult. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type CheckNoPublicAccessResult added in v1.30.0 

type CheckNoPublicAccessResult string
const (
	CheckNoPublicAccessResultPass CheckNoPublicAccessResult = "PASS"
	CheckNoPublicAccessResultFail CheckNoPublicAccessResult = "FAIL"
)

Enum values for CheckNoPublicAccessResult

func (CheckNoPublicAccessResult) Values added in v1.30.0 

func (CheckNoPublicAccessResult) Values() []CheckNoPublicAccessResult

Values returns all known values for CheckNoPublicAccessResult. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type CloudTrailDetails added in v1.3.0 

type CloudTrailDetails struct {

	// The ARN of the service role that IAM Access Analyzer uses to access your
	// CloudTrail trail and service last accessed information.
	//
	// This member is required.
	AccessRole *string

	// The start of the time range for which IAM Access Analyzer reviews your
	// CloudTrail events. Events with a timestamp before this time are not considered
	// to generate a policy.
	//
	// This member is required.
	StartTime *time.Time

	// A Trail object that contains settings for a trail.
	//
	// This member is required.
	Trails []Trail

	// The end of the time range for which IAM Access Analyzer reviews your CloudTrail
	// events. Events with a timestamp after this time are not considered to generate a
	// policy. If this is not included in the request, the default value is the current
	// time.
	EndTime *time.Time
	// contains filtered or unexported fields
}

Contains information about CloudTrail access.

type CloudTrailProperties added in v1.3.0 

type CloudTrailProperties struct {

	// The end of the time range for which IAM Access Analyzer reviews your CloudTrail
	// events. Events with a timestamp after this time are not considered to generate a
	// policy. If this is not included in the request, the default value is the current
	// time.
	//
	// This member is required.
	EndTime *time.Time

	// The start of the time range for which IAM Access Analyzer reviews your
	// CloudTrail events. Events with a timestamp before this time are not considered
	// to generate a policy.
	//
	// This member is required.
	StartTime *time.Time

	// A TrailProperties object that contains settings for trail properties.
	//
	// This member is required.
	TrailProperties []TrailProperties
	// contains filtered or unexported fields
}

Contains information about CloudTrail access.

type Configuration added in v1.2.0 

type Configuration interface {
	// contains filtered or unexported methods
}

Access control configuration structures for your resource. You specify the configuration as a type-value pair. You can specify only one type of access control configuration.

The following types satisfy this interface: 

ConfigurationMemberDynamodbStream
ConfigurationMemberDynamodbTable
ConfigurationMemberEbsSnapshot
ConfigurationMemberEcrRepository
ConfigurationMemberEfsFileSystem
ConfigurationMemberIamRole
ConfigurationMemberKmsKey
ConfigurationMemberRdsDbClusterSnapshot
ConfigurationMemberRdsDbSnapshot
ConfigurationMemberS3Bucket
ConfigurationMemberS3ExpressDirectoryBucket
ConfigurationMemberSecretsManagerSecret
ConfigurationMemberSnsTopic
ConfigurationMemberSqsQueue
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.Configuration
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.ConfigurationMemberDynamodbStream:
		_ = v.Value // Value is types.DynamodbStreamConfiguration

	case *types.ConfigurationMemberDynamodbTable:
		_ = v.Value // Value is types.DynamodbTableConfiguration

	case *types.ConfigurationMemberEbsSnapshot:
		_ = v.Value // Value is types.EbsSnapshotConfiguration

	case *types.ConfigurationMemberEcrRepository:
		_ = v.Value // Value is types.EcrRepositoryConfiguration

	case *types.ConfigurationMemberEfsFileSystem:
		_ = v.Value // Value is types.EfsFileSystemConfiguration

	case *types.ConfigurationMemberIamRole:
		_ = v.Value // Value is types.IamRoleConfiguration

	case *types.ConfigurationMemberKmsKey:
		_ = v.Value // Value is types.KmsKeyConfiguration

	case *types.ConfigurationMemberRdsDbClusterSnapshot:
		_ = v.Value // Value is types.RdsDbClusterSnapshotConfiguration

	case *types.ConfigurationMemberRdsDbSnapshot:
		_ = v.Value // Value is types.RdsDbSnapshotConfiguration

	case *types.ConfigurationMemberS3Bucket:
		_ = v.Value // Value is types.S3BucketConfiguration

	case *types.ConfigurationMemberS3ExpressDirectoryBucket:
		_ = v.Value // Value is types.S3ExpressDirectoryBucketConfiguration

	case *types.ConfigurationMemberSecretsManagerSecret:
		_ = v.Value // Value is types.SecretsManagerSecretConfiguration

	case *types.ConfigurationMemberSnsTopic:
		_ = v.Value // Value is types.SnsTopicConfiguration

	case *types.ConfigurationMemberSqsQueue:
		_ = v.Value // Value is types.SqsQueueConfiguration

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type ConfigurationMemberDynamodbStream added in v1.29.0 

type ConfigurationMemberDynamodbStream struct {
	Value DynamodbStreamConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for a DynamoDB stream.

type ConfigurationMemberDynamodbTable added in v1.29.0 

type ConfigurationMemberDynamodbTable struct {
	Value DynamodbTableConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for a DynamoDB table or index.

type ConfigurationMemberEbsSnapshot added in v1.17.0 

type ConfigurationMemberEbsSnapshot struct {
	Value EbsSnapshotConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon EBS volume snapshot.

type ConfigurationMemberEcrRepository added in v1.17.0 

type ConfigurationMemberEcrRepository struct {
	Value EcrRepositoryConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon ECR repository.

type ConfigurationMemberEfsFileSystem added in v1.17.0 

type ConfigurationMemberEfsFileSystem struct {
	Value EfsFileSystemConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon EFS file system.

type ConfigurationMemberIamRole added in v1.2.0 

type ConfigurationMemberIamRole struct {
	Value IamRoleConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an IAM role.

type ConfigurationMemberKmsKey added in v1.2.0 

type ConfigurationMemberKmsKey struct {
	Value KmsKeyConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for a KMS key.

type ConfigurationMemberRdsDbClusterSnapshot added in v1.17.0 

type ConfigurationMemberRdsDbClusterSnapshot struct {
	Value RdsDbClusterSnapshotConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon RDS DB cluster snapshot.

type ConfigurationMemberRdsDbSnapshot added in v1.17.0 

type ConfigurationMemberRdsDbSnapshot struct {
	Value RdsDbSnapshotConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon RDS DB snapshot.

type ConfigurationMemberS3Bucket added in v1.2.0 

type ConfigurationMemberS3Bucket struct {
	Value S3BucketConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon S3 bucket.

type ConfigurationMemberS3ExpressDirectoryBucket added in v1.25.0 

type ConfigurationMemberS3ExpressDirectoryBucket struct {
	Value S3ExpressDirectoryBucketConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon S3 directory bucket.

type ConfigurationMemberSecretsManagerSecret added in v1.2.0 

type ConfigurationMemberSecretsManagerSecret struct {
	Value SecretsManagerSecretConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for a Secrets Manager secret.

type ConfigurationMemberSnsTopic added in v1.17.0 

type ConfigurationMemberSnsTopic struct {
	Value SnsTopicConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon SNS topic

type ConfigurationMemberSqsQueue added in v1.2.0 

type ConfigurationMemberSqsQueue struct {
	Value SqsQueueConfiguration
	// contains filtered or unexported fields
}

The access control configuration is for an Amazon SQS queue.

type ConflictException 

type ConflictException struct {
	Message *string

	ErrorCodeOverride *string

	ResourceId   *string
	ResourceType *string
	// contains filtered or unexported fields
}

A conflict exception error.

func (*ConflictException) Error 

func (e *ConflictException) Error() string

func (*ConflictException) ErrorCode 

func (e *ConflictException) ErrorCode() string

func (*ConflictException) ErrorFault 

func (e *ConflictException) ErrorFault() smithy.ErrorFault

func (*ConflictException) ErrorMessage 

func (e *ConflictException) ErrorMessage() string

type Criterion 

type Criterion struct {

	// A "contains" operator to match for the filter used to create the rule.
	Contains []string

	// An "equals" operator to match for the filter used to create the rule.
	Eq []string

	// An "exists" operator to match for the filter used to create the rule.
	Exists *bool

	// A "not equals" operator to match for the filter used to create the rule.
	Neq []string
	// contains filtered or unexported fields
}

The criteria to use in the filter that defines the archive rule. For more information on available filter keys, see IAM Access Analyzer filter keys.

type DynamodbStreamConfiguration added in v1.29.0 

type DynamodbStreamConfiguration struct {

	// The proposed resource policy defining who can access or manage the DynamoDB
	// stream.
	StreamPolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for a DynamoDB stream. You can propose a configuration for a new DynamoDB stream or an existing DynamoDB stream that you own by specifying the policy for the DynamoDB stream. For more information, see PutResourcePolicy.

  • If the configuration is for an existing DynamoDB stream and you do not specify the DynamoDB policy, then the access preview uses the existing DynamoDB policy for the stream.

  • If the access preview is for a new resource and you do not specify the policy, then the access preview assumes a DynamoDB stream without a policy.

  • To propose deletion of an existing DynamoDB stream policy, you can specify an empty string for the DynamoDB policy.

type DynamodbTableConfiguration added in v1.29.0 

type DynamodbTableConfiguration struct {

	// The proposed resource policy defining who can access or manage the DynamoDB
	// table.
	TablePolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for a DynamoDB table or index. You can propose a configuration for a new DynamoDB table or index or an existing DynamoDB table or index that you own by specifying the policy for the DynamoDB table or index. For more information, see PutResourcePolicy.

  • If the configuration is for an existing DynamoDB table or index and you do not specify the DynamoDB policy, then the access preview uses the existing DynamoDB policy for the table or index.

  • If the access preview is for a new resource and you do not specify the policy, then the access preview assumes a DynamoDB table without a policy.

  • To propose deletion of an existing DynamoDB table or index policy, you can specify an empty string for the DynamoDB policy.

type EbsSnapshotConfiguration added in v1.17.0 

type EbsSnapshotConfiguration struct {

	// The groups that have access to the Amazon EBS volume snapshot. If the value all
	// is specified, then the Amazon EBS volume snapshot is public.
	//
	//   - If the configuration is for an existing Amazon EBS volume snapshot and you
	//   do not specify the groups , then the access preview uses the existing shared
	//   groups for the snapshot.
	//
	//   - If the access preview is for a new resource and you do not specify the
	//   groups , then the access preview considers the snapshot without any groups .
	//
	//   - To propose deletion of existing shared groups , you can specify an empty
	//   list for groups .
	Groups []string

	// The KMS key identifier for an encrypted Amazon EBS volume snapshot. The KMS key
	// identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
	//
	//   - If the configuration is for an existing Amazon EBS volume snapshot and you
	//   do not specify the kmsKeyId , or you specify an empty string, then the access
	//   preview uses the existing kmsKeyId of the snapshot.
	//
	//   - If the access preview is for a new resource and you do not specify the
	//   kmsKeyId , the access preview considers the snapshot as unencrypted.
	KmsKeyId *string

	// The IDs of the Amazon Web Services accounts that have access to the Amazon EBS
	// volume snapshot.
	//
	//   - If the configuration is for an existing Amazon EBS volume snapshot and you
	//   do not specify the userIds , then the access preview uses the existing shared
	//   userIds for the snapshot.
	//
	//   - If the access preview is for a new resource and you do not specify the
	//   userIds , then the access preview considers the snapshot without any userIds .
	//
	//   - To propose deletion of existing shared accountIds , you can specify an empty
	//   list for userIds .
	UserIds []string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon EBS volume snapshot. You can propose a configuration for a new Amazon EBS volume snapshot or an Amazon EBS volume snapshot that you own by specifying the user IDs, groups, and optional KMS encryption key. For more information, see ModifySnapshotAttribute.

type EcrRepositoryConfiguration added in v1.17.0 

type EcrRepositoryConfiguration struct {

	// The JSON repository policy text to apply to the Amazon ECR repository. For more
	// information, see [Private repository policy examples]in the Amazon ECR User Guide.
	//
	// [Private repository policy examples]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html
	RepositoryPolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon ECR repository. You can propose a configuration for a new Amazon ECR repository or an existing Amazon ECR repository that you own by specifying the Amazon ECR policy. For more information, see Repository.

  • If the configuration is for an existing Amazon ECR repository and you do not specify the Amazon ECR policy, then the access preview uses the existing Amazon ECR policy for the repository.

  • If the access preview is for a new resource and you do not specify the policy, then the access preview assumes an Amazon ECR repository without a policy.

  • To propose deletion of an existing Amazon ECR repository policy, you can specify an empty string for the Amazon ECR policy.

type EfsFileSystemConfiguration added in v1.17.0 

type EfsFileSystemConfiguration struct {

	// The JSON policy definition to apply to the Amazon EFS file system. For more
	// information on the elements that make up a file system policy, see [Amazon EFS Resource-based policies].
	//
	// [Amazon EFS Resource-based policies]: https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies
	FileSystemPolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon EFS file system. You can propose a configuration for a new Amazon EFS file system or an existing Amazon EFS file system that you own by specifying the Amazon EFS policy. For more information, see Using file systems in Amazon EFS.

  • If the configuration is for an existing Amazon EFS file system and you do not specify the Amazon EFS policy, then the access preview uses the existing Amazon EFS policy for the file system.

  • If the access preview is for a new resource and you do not specify the policy, then the access preview assumes an Amazon EFS file system without a policy.

  • To propose deletion of an existing Amazon EFS file system policy, you can specify an empty string for the Amazon EFS policy.

type ExternalAccessDetails added in v1.24.0 

type ExternalAccessDetails struct {

	// The condition in the analyzed policy statement that resulted in an external
	// access finding.
	//
	// This member is required.
	Condition map[string]string

	// The action in the analyzed policy statement that an external principal has
	// permission to use.
	Action []string

	// Specifies whether the external access finding is public.
	IsPublic *bool

	// The external principal that has access to a resource within the zone of trust.
	Principal map[string]string

	// The type of restriction applied to the finding by the resource owner with an
	// Organizations resource control policy (RCP).
	ResourceControlPolicyRestriction ResourceControlPolicyRestriction

	// The sources of the external access finding. This indicates how the access that
	// generated the finding is granted. It is populated for Amazon S3 bucket findings.
	Sources []FindingSource
	// contains filtered or unexported fields
}

Contains information about an external access finding.

type ExternalAccessFindingsStatistics added in v1.37.0 

type ExternalAccessFindingsStatistics struct {

	// The total number of active cross-account and public findings for each resource
	// type of the specified external access analyzer.
	ResourceTypeStatistics map[string]ResourceTypeDetails

	// The number of active findings for the specified external access analyzer.
	TotalActiveFindings *int32

	// The number of archived findings for the specified external access analyzer.
	TotalArchivedFindings *int32

	// The number of resolved findings for the specified external access analyzer.
	TotalResolvedFindings *int32
	// contains filtered or unexported fields
}

Provides aggregate statistics about the findings for the specified external access analyzer.

type Finding 

type Finding struct {

	// The time at which the resource was analyzed.
	//
	// This member is required.
	AnalyzedAt *time.Time

	// The condition in the analyzed policy statement that resulted in a finding.
	//
	// This member is required.
	Condition map[string]string

	// The time at which the finding was generated.
	//
	// This member is required.
	CreatedAt *time.Time

	// The ID of the finding.
	//
	// This member is required.
	Id *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource identified in the finding.
	//
	// This member is required.
	ResourceType ResourceType

	// The current status of the finding.
	//
	// This member is required.
	Status FindingStatus

	// The time at which the finding was updated.
	//
	// This member is required.
	UpdatedAt *time.Time

	// The action in the analyzed policy statement that an external principal has
	// permission to use.
	Action []string

	// An error.
	Error *string

	// Indicates whether the policy that generated the finding allows public access to
	// the resource.
	IsPublic *bool

	// The external principal that has access to a resource within the zone of trust.
	Principal map[string]string

	// The resource that an external principal has access to.
	Resource *string

	// The type of restriction applied to the finding by the resource owner with an
	// Organizations resource control policy (RCP).
	ResourceControlPolicyRestriction ResourceControlPolicyRestriction

	// The sources of the finding. This indicates how the access that generated the
	// finding is granted. It is populated for Amazon S3 bucket findings.
	Sources []FindingSource
	// contains filtered or unexported fields
}

Contains information about a finding.

type FindingAggregationAccountDetails added in v1.37.0 

type FindingAggregationAccountDetails struct {

	// The ID of the Amazon Web Services account for which unused access finding
	// details are provided.
	Account *string

	// Provides the number of active findings for each type of unused access for the
	// specified Amazon Web Services account.
	Details map[string]int32

	// The number of active unused access findings for the specified Amazon Web
	// Services account.
	NumberOfActiveFindings *int32
	// contains filtered or unexported fields
}

Contains information about the findings for an Amazon Web Services account in an organization unused access analyzer.

type FindingChangeType added in v1.2.0 

type FindingChangeType string
const (
	FindingChangeTypeChanged   FindingChangeType = "CHANGED"
	FindingChangeTypeNew       FindingChangeType = "NEW"
	FindingChangeTypeUnchanged FindingChangeType = "UNCHANGED"
)

Enum values for FindingChangeType

func (FindingChangeType) Values added in v1.2.0 

func (FindingChangeType) Values() []FindingChangeType

Values returns all known values for FindingChangeType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type FindingDetails added in v1.24.0 

type FindingDetails interface {
	// contains filtered or unexported methods
}

Contains information about an external access or unused access finding. Only one parameter can be used in a FindingDetails object.

The following types satisfy this interface: 

FindingDetailsMemberExternalAccessDetails
FindingDetailsMemberUnusedIamRoleDetails
FindingDetailsMemberUnusedIamUserAccessKeyDetails
FindingDetailsMemberUnusedIamUserPasswordDetails
FindingDetailsMemberUnusedPermissionDetails
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.FindingDetails
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.FindingDetailsMemberExternalAccessDetails:
		_ = v.Value // Value is types.ExternalAccessDetails

	case *types.FindingDetailsMemberUnusedIamRoleDetails:
		_ = v.Value // Value is types.UnusedIamRoleDetails

	case *types.FindingDetailsMemberUnusedIamUserAccessKeyDetails:
		_ = v.Value // Value is types.UnusedIamUserAccessKeyDetails

	case *types.FindingDetailsMemberUnusedIamUserPasswordDetails:
		_ = v.Value // Value is types.UnusedIamUserPasswordDetails

	case *types.FindingDetailsMemberUnusedPermissionDetails:
		_ = v.Value // Value is types.UnusedPermissionDetails

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type FindingDetailsMemberExternalAccessDetails added in v1.24.0 

type FindingDetailsMemberExternalAccessDetails struct {
	Value ExternalAccessDetails
	// contains filtered or unexported fields
}

The details for an external access analyzer finding.

type FindingDetailsMemberUnusedIamRoleDetails added in v1.24.0 

type FindingDetailsMemberUnusedIamRoleDetails struct {
	Value UnusedIamRoleDetails
	// contains filtered or unexported fields
}

The details for an unused access analyzer finding with an unused IAM role finding type.

type FindingDetailsMemberUnusedIamUserAccessKeyDetails added in v1.24.0 

type FindingDetailsMemberUnusedIamUserAccessKeyDetails struct {
	Value UnusedIamUserAccessKeyDetails
	// contains filtered or unexported fields
}

The details for an unused access analyzer finding with an unused IAM user access key finding type.

type FindingDetailsMemberUnusedIamUserPasswordDetails added in v1.24.0 

type FindingDetailsMemberUnusedIamUserPasswordDetails struct {
	Value UnusedIamUserPasswordDetails
	// contains filtered or unexported fields
}

The details for an unused access analyzer finding with an unused IAM user password finding type.

type FindingDetailsMemberUnusedPermissionDetails added in v1.24.0 

type FindingDetailsMemberUnusedPermissionDetails struct {
	Value UnusedPermissionDetails
	// contains filtered or unexported fields
}

The details for an unused access analyzer finding with an unused permission finding type.

type FindingSource 

type FindingSource struct {

	// Indicates the type of access that generated the finding.
	//
	// This member is required.
	Type FindingSourceType

	// Includes details about how the access that generated the finding is granted.
	// This is populated for Amazon S3 bucket findings.
	Detail *FindingSourceDetail
	// contains filtered or unexported fields
}

The source of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.

type FindingSourceDetail 

type FindingSourceDetail struct {

	// The account of the cross-account access point that generated the finding.
	AccessPointAccount *string

	// The ARN of the access point that generated the finding. The ARN format depends
	// on whether the ARN represents an access point or a multi-region access point.
	AccessPointArn *string
	// contains filtered or unexported fields
}

Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.

type FindingSourceType 

type FindingSourceType string
const (
	FindingSourceTypePolicy               FindingSourceType = "POLICY"
	FindingSourceTypeBucketAcl            FindingSourceType = "BUCKET_ACL"
	FindingSourceTypeS3AccessPoint        FindingSourceType = "S3_ACCESS_POINT"
	FindingSourceTypeS3AccessPointAccount FindingSourceType = "S3_ACCESS_POINT_ACCOUNT"
)

Enum values for FindingSourceType

func (FindingSourceType) Values added in v0.29.0 

func (FindingSourceType) Values() []FindingSourceType

Values returns all known values for FindingSourceType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type FindingStatus 

type FindingStatus string
const (
	FindingStatusActive   FindingStatus = "ACTIVE"
	FindingStatusArchived FindingStatus = "ARCHIVED"
	FindingStatusResolved FindingStatus = "RESOLVED"
)

Enum values for FindingStatus

func (FindingStatus) Values added in v0.29.0 

func (FindingStatus) Values() []FindingStatus

Values returns all known values for FindingStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type FindingStatusUpdate 

type FindingStatusUpdate string
const (
	FindingStatusUpdateActive   FindingStatusUpdate = "ACTIVE"
	FindingStatusUpdateArchived FindingStatusUpdate = "ARCHIVED"
)

Enum values for FindingStatusUpdate

func (FindingStatusUpdate) Values added in v0.29.0 

func (FindingStatusUpdate) Values() []FindingStatusUpdate

Values returns all known values for FindingStatusUpdate. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type FindingSummary 

type FindingSummary struct {

	// The time at which the resource-based policy that generated the finding was
	// analyzed.
	//
	// This member is required.
	AnalyzedAt *time.Time

	// The condition in the analyzed policy statement that resulted in a finding.
	//
	// This member is required.
	Condition map[string]string

	// The time at which the finding was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The ID of the finding.
	//
	// This member is required.
	Id *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource that the external principal has access to.
	//
	// This member is required.
	ResourceType ResourceType

	// The status of the finding.
	//
	// This member is required.
	Status FindingStatus

	// The time at which the finding was most recently updated.
	//
	// This member is required.
	UpdatedAt *time.Time

	// The action in the analyzed policy statement that an external principal has
	// permission to use.
	Action []string

	// The error that resulted in an Error finding.
	Error *string

	// Indicates whether the finding reports a resource that has a policy that allows
	// public access.
	IsPublic *bool

	// The external principal that has access to a resource within the zone of trust.
	Principal map[string]string

	// The resource that the external principal has access to.
	Resource *string

	// The type of restriction applied to the finding by the resource owner with an
	// Organizations resource control policy (RCP).
	ResourceControlPolicyRestriction ResourceControlPolicyRestriction

	// The sources of the finding. This indicates how the access that generated the
	// finding is granted. It is populated for Amazon S3 bucket findings.
	Sources []FindingSource
	// contains filtered or unexported fields
}

Contains information about a finding.

type FindingSummaryV2 added in v1.24.0 

type FindingSummaryV2 struct {

	// The time at which the resource-based policy or IAM entity that generated the
	// finding was analyzed.
	//
	// This member is required.
	AnalyzedAt *time.Time

	// The time at which the finding was created.
	//
	// This member is required.
	CreatedAt *time.Time

	// The ID of the finding.
	//
	// This member is required.
	Id *string

	// The Amazon Web Services account ID that owns the resource.
	//
	// This member is required.
	ResourceOwnerAccount *string

	// The type of the resource that the external principal has access to.
	//
	// This member is required.
	ResourceType ResourceType

	// The status of the finding.
	//
	// This member is required.
	Status FindingStatus

	// The time at which the finding was most recently updated.
	//
	// This member is required.
	UpdatedAt *time.Time

	// The error that resulted in an Error finding.
	Error *string

	// The type of the external access or unused access finding.
	FindingType FindingType

	// The resource that the external principal has access to.
	Resource *string
	// contains filtered or unexported fields
}

Contains information about a finding.

type FindingType added in v1.24.0 

type FindingType string
const (
	FindingTypeExternalAccess         FindingType = "ExternalAccess"
	FindingTypeUnusedIamRole          FindingType = "UnusedIAMRole"
	FindingTypeUnusedIamUserAccessKey FindingType = "UnusedIAMUserAccessKey"
	FindingTypeUnusedIamUserPassword  FindingType = "UnusedIAMUserPassword"
	FindingTypeUnusedPermission       FindingType = "UnusedPermission"
)

Enum values for FindingType

func (FindingType) Values added in v1.24.0 

func (FindingType) Values() []FindingType

Values returns all known values for FindingType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type FindingsStatistics added in v1.37.0 

type FindingsStatistics interface {
	// contains filtered or unexported methods
}

Contains information about the aggregate statistics for an external or unused access analyzer. Only one parameter can be used in a FindingsStatistics object.

The following types satisfy this interface: 

FindingsStatisticsMemberExternalAccessFindingsStatistics
FindingsStatisticsMemberUnusedAccessFindingsStatistics
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.FindingsStatistics
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.FindingsStatisticsMemberExternalAccessFindingsStatistics:
		_ = v.Value // Value is types.ExternalAccessFindingsStatistics

	case *types.FindingsStatisticsMemberUnusedAccessFindingsStatistics:
		_ = v.Value // Value is types.UnusedAccessFindingsStatistics

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type FindingsStatisticsMemberExternalAccessFindingsStatistics added in v1.37.0 

type FindingsStatisticsMemberExternalAccessFindingsStatistics struct {
	Value ExternalAccessFindingsStatistics
	// contains filtered or unexported fields
}

The aggregate statistics for an external access analyzer.

type FindingsStatisticsMemberUnusedAccessFindingsStatistics added in v1.37.0 

type FindingsStatisticsMemberUnusedAccessFindingsStatistics struct {
	Value UnusedAccessFindingsStatistics
	// contains filtered or unexported fields
}

The aggregate statistics for an unused access analyzer.

type GeneratedPolicy added in v1.3.0 

type GeneratedPolicy struct {

	// The text to use as the content for the new policy. The policy is created using
	// the [CreatePolicy]action.
	//
	// [CreatePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
	//
	// This member is required.
	Policy *string
	// contains filtered or unexported fields
}

Contains the text for the generated policy.

type GeneratedPolicyProperties added in v1.3.0 

type GeneratedPolicyProperties struct {

	// The ARN of the IAM entity (user or role) for which you are generating a policy.
	//
	// This member is required.
	PrincipalArn *string

	// Lists details about the Trail used to generated policy.
	CloudTrailProperties *CloudTrailProperties

	// This value is set to true if the generated policy contains all possible actions
	// for a service that IAM Access Analyzer identified from the CloudTrail trail that
	// you specified, and false otherwise.
	IsComplete *bool
	// contains filtered or unexported fields
}

Contains the generated policy details.

type GeneratedPolicyResult added in v1.3.0 

type GeneratedPolicyResult struct {

	// A GeneratedPolicyProperties object that contains properties of the generated
	// policy.
	//
	// This member is required.
	Properties *GeneratedPolicyProperties

	// The text to use as the content for the new policy. The policy is created using
	// the [CreatePolicy]action.
	//
	// [CreatePolicy]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html
	GeneratedPolicies []GeneratedPolicy
	// contains filtered or unexported fields
}

Contains the text for the generated policy and its details.

type IamRoleConfiguration added in v1.2.0 

type IamRoleConfiguration struct {

	// The proposed trust policy for the IAM role.
	TrustPolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an IAM role. You can propose a configuration for a new IAM role or an existing IAM role that you own by specifying the trust policy. If the configuration is for a new IAM role, you must specify the trust policy. If the configuration is for an existing IAM role that you own and you do not propose the trust policy, the access preview uses the existing trust policy for the role. The proposed trust policy cannot be an empty string. For more information about role trust policy limits, see IAM and STS quotas.

type InlineArchiveRule 

type InlineArchiveRule struct {

	// The condition and values for a criterion.
	//
	// This member is required.
	Filter map[string]Criterion

	// The name of the rule.
	//
	// This member is required.
	RuleName *string
	// contains filtered or unexported fields
}

An criterion statement in an archive rule. Each archive rule may have multiple criteria.

type InternalServerException 

type InternalServerException struct {
	Message *string

	ErrorCodeOverride *string

	RetryAfterSeconds *int32
	// contains filtered or unexported fields
}

Internal server error.

func (*InternalServerException) Error 

func (e *InternalServerException) Error() string

func (*InternalServerException) ErrorCode 

func (e *InternalServerException) ErrorCode() string

func (*InternalServerException) ErrorFault 

func (e *InternalServerException) ErrorFault() smithy.ErrorFault

func (*InternalServerException) ErrorMessage 

func (e *InternalServerException) ErrorMessage() string

type InternetConfiguration added in v1.2.0 

type InternetConfiguration struct {
	// contains filtered or unexported fields
}

This configuration sets the network origin for the Amazon S3 access point or multi-region access point to Internet .

type InvalidParameterException added in v1.24.0 

type InvalidParameterException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The specified parameter is invalid.

func (*InvalidParameterException) Error added in v1.24.0 

func (e *InvalidParameterException) Error() string

func (*InvalidParameterException) ErrorCode added in v1.24.0 

func (e *InvalidParameterException) ErrorCode() string

func (*InvalidParameterException) ErrorFault added in v1.24.0 

func (e *InvalidParameterException) ErrorFault() smithy.ErrorFault

func (*InvalidParameterException) ErrorMessage added in v1.24.0 

func (e *InvalidParameterException) ErrorMessage() string

type JobDetails added in v1.3.0 

type JobDetails struct {

	// The JobId that is returned by the StartPolicyGeneration operation. The JobId
	// can be used with GetGeneratedPolicy to retrieve the generated policies or used
	// with CancelPolicyGeneration to cancel the policy generation request.
	//
	// This member is required.
	JobId *string

	// A timestamp of when the job was started.
	//
	// This member is required.
	StartedOn *time.Time

	// The status of the job request.
	//
	// This member is required.
	Status JobStatus

	// A timestamp of when the job was completed.
	CompletedOn *time.Time

	// The job error for the policy generation request.
	JobError *JobError
	// contains filtered or unexported fields
}

Contains details about the policy generation request.

type JobError added in v1.3.0 

type JobError struct {

	// The job error code.
	//
	// This member is required.
	Code JobErrorCode

	// Specific information about the error. For example, which service quota was
	// exceeded or which resource was not found.
	//
	// This member is required.
	Message *string
	// contains filtered or unexported fields
}

Contains the details about the policy generation error.

type JobErrorCode added in v1.3.0 

type JobErrorCode string
const (
	JobErrorCodeAuthorizationError        JobErrorCode = "AUTHORIZATION_ERROR"
	JobErrorCodeResourceNotFoundError     JobErrorCode = "RESOURCE_NOT_FOUND_ERROR"
	JobErrorCodeServiceQuotaExceededError JobErrorCode = "SERVICE_QUOTA_EXCEEDED_ERROR"
	JobErrorCodeServiceError              JobErrorCode = "SERVICE_ERROR"
)

Enum values for JobErrorCode

func (JobErrorCode) Values added in v1.3.0 

func (JobErrorCode) Values() []JobErrorCode

Values returns all known values for JobErrorCode. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type JobStatus added in v1.3.0 

type JobStatus string
const (
	JobStatusInProgress JobStatus = "IN_PROGRESS"
	JobStatusSucceeded  JobStatus = "SUCCEEDED"
	JobStatusFailed     JobStatus = "FAILED"
	JobStatusCanceled   JobStatus = "CANCELED"
)

Enum values for JobStatus

func (JobStatus) Values added in v1.3.0 

func (JobStatus) Values() []JobStatus

Values returns all known values for JobStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type KmsGrantConfiguration added in v1.2.0 

type KmsGrantConfiguration struct {

	// The principal that is given permission to perform the operations that the grant
	// permits.
	//
	// This member is required.
	GranteePrincipal *string

	//  The Amazon Web Services account under which the grant was issued. The account
	// is used to propose KMS grants issued by accounts other than the owner of the
	// key.
	//
	// This member is required.
	IssuingAccount *string

	// A list of operations that the grant permits.
	//
	// This member is required.
	Operations []KmsGrantOperation

	// Use this structure to propose allowing [cryptographic operations] in the grant only when the operation
	// request includes the specified [encryption context].
	//
	// [cryptographic operations]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
	// [encryption context]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
	Constraints *KmsGrantConstraints

	// The principal that is given permission to retire the grant by using [RetireGrant] operation.
	//
	// [RetireGrant]: https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html
	RetiringPrincipal *string
	// contains filtered or unexported fields
}

A proposed grant configuration for a KMS key. For more information, see CreateGrant.

type KmsGrantConstraints added in v1.2.0 

type KmsGrantConstraints struct {

	// A list of key-value pairs that must match the encryption context in the [cryptographic operation]
	// request. The grant allows the operation only when the encryption context in the
	// request is the same as the encryption context specified in this constraint.
	//
	// [cryptographic operation]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
	EncryptionContextEquals map[string]string

	// A list of key-value pairs that must be included in the encryption context of
	// the [cryptographic operation]request. The grant allows the cryptographic operation only when the
	// encryption context in the request includes the key-value pairs specified in this
	// constraint, although it can include additional key-value pairs.
	//
	// [cryptographic operation]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
	EncryptionContextSubset map[string]string
	// contains filtered or unexported fields
}

Use this structure to propose allowing cryptographic operations in the grant only when the operation request includes the specified encryption context. You can specify only one type of encryption context. An empty map is treated as not specified. For more information, see GrantConstraints.

type KmsGrantOperation added in v1.2.0 

type KmsGrantOperation string
const (
	KmsGrantOperationCreateGrant                         KmsGrantOperation = "CreateGrant"
	KmsGrantOperationDecrypt                             KmsGrantOperation = "Decrypt"
	KmsGrantOperationDescribeKey                         KmsGrantOperation = "DescribeKey"
	KmsGrantOperationEncrypt                             KmsGrantOperation = "Encrypt"
	KmsGrantOperationGenerateDataKey                     KmsGrantOperation = "GenerateDataKey"
	KmsGrantOperationGenerateDataKeyPair                 KmsGrantOperation = "GenerateDataKeyPair"
	KmsGrantOperationGenerateDataKeyPairWithoutPlaintext KmsGrantOperation = "GenerateDataKeyPairWithoutPlaintext"
	KmsGrantOperationGenerateDataKeyWithoutPlaintext     KmsGrantOperation = "GenerateDataKeyWithoutPlaintext"
	KmsGrantOperationGetPublicKey                        KmsGrantOperation = "GetPublicKey"
	KmsGrantOperationReencryptFrom                       KmsGrantOperation = "ReEncryptFrom"
	KmsGrantOperationReencryptTo                         KmsGrantOperation = "ReEncryptTo"
	KmsGrantOperationRetireGrant                         KmsGrantOperation = "RetireGrant"
	KmsGrantOperationSign                                KmsGrantOperation = "Sign"
	KmsGrantOperationVerify                              KmsGrantOperation = "Verify"
)

Enum values for KmsGrantOperation

func (KmsGrantOperation) Values added in v1.2.0 

func (KmsGrantOperation) Values() []KmsGrantOperation

Values returns all known values for KmsGrantOperation. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type KmsKeyConfiguration added in v1.2.0 

type KmsKeyConfiguration struct {

	// A list of proposed grant configurations for the KMS key. If the proposed grant
	// configuration is for an existing key, the access preview uses the proposed list
	// of grant configurations in place of the existing grants. Otherwise, the access
	// preview uses the existing grants for the key.
	Grants []KmsGrantConfiguration

	// Resource policy configuration for the KMS key. The only valid value for the
	// name of the key policy is default . For more information, see [Default key policy].
	//
	// [Default key policy]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
	KeyPolicies map[string]string
	// contains filtered or unexported fields
}

Proposed access control configuration for a KMS key. You can propose a configuration for a new KMS key or an existing KMS key that you own by specifying the key policy and KMS grant configuration. If the configuration is for an existing key and you do not specify the key policy, the access preview uses the existing policy for the key. If the access preview is for a new resource and you do not specify the key policy, then the access preview uses the default key policy. The proposed key policy cannot be an empty string. For more information, see Default key policy. For more information about key policy limits, see Resource quotas.

type Locale added in v1.2.0 

type Locale string
const (
	LocaleDe   Locale = "DE"
	LocaleEn   Locale = "EN"
	LocaleEs   Locale = "ES"
	LocaleFr   Locale = "FR"
	LocaleIt   Locale = "IT"
	LocaleJa   Locale = "JA"
	LocaleKo   Locale = "KO"
	LocalePtBr Locale = "PT_BR"
	LocaleZhCn Locale = "ZH_CN"
	LocaleZhTw Locale = "ZH_TW"
)

Enum values for Locale

func (Locale) Values added in v1.2.0 

func (Locale) Values() []Locale

Values returns all known values for Locale. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type Location added in v1.2.0 

type Location struct {

	// A path in a policy, represented as a sequence of path elements.
	//
	// This member is required.
	Path []PathElement

	// A span in a policy.
	//
	// This member is required.
	Span *Span
	// contains filtered or unexported fields
}

A location in a policy that is represented as a path through the JSON representation and a corresponding span.

type NetworkOriginConfiguration added in v1.2.0 

type NetworkOriginConfiguration interface {
	// contains filtered or unexported methods
}

The proposed InternetConfiguration or VpcConfiguration to apply to the Amazon S3 access point. VpcConfiguration does not apply to multi-region access points. You can make the access point accessible from the internet, or you can specify that all requests made through that access point must originate from a specific virtual private cloud (VPC). You can specify only one type of network configuration. For more information, see Creating access points.

The following types satisfy this interface: 

NetworkOriginConfigurationMemberInternetConfiguration
NetworkOriginConfigurationMemberVpcConfiguration
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.NetworkOriginConfiguration
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.NetworkOriginConfigurationMemberInternetConfiguration:
		_ = v.Value // Value is types.InternetConfiguration

	case *types.NetworkOriginConfigurationMemberVpcConfiguration:
		_ = v.Value // Value is types.VpcConfiguration

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type NetworkOriginConfigurationMemberInternetConfiguration added in v1.2.0 

type NetworkOriginConfigurationMemberInternetConfiguration struct {
	Value InternetConfiguration
	// contains filtered or unexported fields
}

The configuration for the Amazon S3 access point or multi-region access point with an Internet origin.

type NetworkOriginConfigurationMemberVpcConfiguration added in v1.2.0 

type NetworkOriginConfigurationMemberVpcConfiguration struct {
	Value VpcConfiguration
	// contains filtered or unexported fields
}

The proposed virtual private cloud (VPC) configuration for the Amazon S3 access point. VPC configuration does not apply to multi-region access points. For more information, see VpcConfiguration.

type OrderBy 

type OrderBy string
const (
	OrderByAsc  OrderBy = "ASC"
	OrderByDesc OrderBy = "DESC"
)

Enum values for OrderBy

func (OrderBy) Values added in v0.29.0 

func (OrderBy) Values() []OrderBy

Values returns all known values for OrderBy. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type PathElement added in v1.2.0 

type PathElement interface {
	// contains filtered or unexported methods
}

A single element in a path through the JSON representation of a policy.

The following types satisfy this interface: 

PathElementMemberIndex
PathElementMemberKey
PathElementMemberSubstring
PathElementMemberValue
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.PathElement
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.PathElementMemberIndex:
		_ = v.Value // Value is int32

	case *types.PathElementMemberKey:
		_ = v.Value // Value is string

	case *types.PathElementMemberSubstring:
		_ = v.Value // Value is types.Substring

	case *types.PathElementMemberValue:
		_ = v.Value // Value is string

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type PathElementMemberIndex added in v1.2.0 

type PathElementMemberIndex struct {
	Value int32
	// contains filtered or unexported fields
}

Refers to an index in a JSON array.

type PathElementMemberKey added in v1.2.0 

type PathElementMemberKey struct {
	Value string
	// contains filtered or unexported fields
}

Refers to a key in a JSON object.

type PathElementMemberSubstring added in v1.2.0 

type PathElementMemberSubstring struct {
	Value Substring
	// contains filtered or unexported fields
}

Refers to a substring of a literal string in a JSON object.

type PathElementMemberValue added in v1.2.0 

type PathElementMemberValue struct {
	Value string
	// contains filtered or unexported fields
}

Refers to the value associated with a given key in a JSON object.

type PolicyGeneration added in v1.3.0 

type PolicyGeneration struct {

	// The JobId that is returned by the StartPolicyGeneration operation. The JobId
	// can be used with GetGeneratedPolicy to retrieve the generated policies or used
	// with CancelPolicyGeneration to cancel the policy generation request.
	//
	// This member is required.
	JobId *string

	// The ARN of the IAM entity (user or role) for which you are generating a policy.
	//
	// This member is required.
	PrincipalArn *string

	// A timestamp of when the policy generation started.
	//
	// This member is required.
	StartedOn *time.Time

	// The status of the policy generation request.
	//
	// This member is required.
	Status JobStatus

	// A timestamp of when the policy generation was completed.
	CompletedOn *time.Time
	// contains filtered or unexported fields
}

Contains details about the policy generation status and properties.

type PolicyGenerationDetails added in v1.3.0 

type PolicyGenerationDetails struct {

	// The ARN of the IAM entity (user or role) for which you are generating a policy.
	//
	// This member is required.
	PrincipalArn *string
	// contains filtered or unexported fields
}

Contains the ARN details about the IAM entity for which the policy is generated.

type PolicyType added in v1.2.0 

type PolicyType string
const (
	PolicyTypeIdentityPolicy        PolicyType = "IDENTITY_POLICY"
	PolicyTypeResourcePolicy        PolicyType = "RESOURCE_POLICY"
	PolicyTypeServiceControlPolicy  PolicyType = "SERVICE_CONTROL_POLICY"
	PolicyTypeResourceControlPolicy PolicyType = "RESOURCE_CONTROL_POLICY"
)

Enum values for PolicyType

func (PolicyType) Values added in v1.2.0 

func (PolicyType) Values() []PolicyType

Values returns all known values for PolicyType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type Position added in v1.2.0 

type Position struct {

	// The column of the position, starting from 0.
	//
	// This member is required.
	Column *int32

	// The line of the position, starting from 1.
	//
	// This member is required.
	Line *int32

	// The offset within the policy that corresponds to the position, starting from 0.
	//
	// This member is required.
	Offset *int32
	// contains filtered or unexported fields
}

A position in a policy.

type RdsDbClusterSnapshotAttributeValue added in v1.17.0 

type RdsDbClusterSnapshotAttributeValue interface {
	// contains filtered or unexported methods
}

The values for a manual Amazon RDS DB cluster snapshot attribute.

The following types satisfy this interface: 

RdsDbClusterSnapshotAttributeValueMemberAccountIds
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.RdsDbClusterSnapshotAttributeValue
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.RdsDbClusterSnapshotAttributeValueMemberAccountIds:
		_ = v.Value // Value is []string

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type RdsDbClusterSnapshotAttributeValueMemberAccountIds added in v1.17.0 

type RdsDbClusterSnapshotAttributeValueMemberAccountIds struct {
	Value []string
	// contains filtered or unexported fields
}

The Amazon Web Services account IDs that have access to the manual Amazon RDS DB cluster snapshot. If the value all is specified, then the Amazon RDS DB cluster snapshot is public and can be copied or restored by all Amazon Web Services accounts.

  • If the configuration is for an existing Amazon RDS DB cluster snapshot and you do not specify the accountIds in RdsDbClusterSnapshotAttributeValue , then the access preview uses the existing shared accountIds for the snapshot.

  • If the access preview is for a new resource and you do not specify the specify the accountIds in RdsDbClusterSnapshotAttributeValue , then the access preview considers the snapshot without any attributes.

  • To propose deletion of existing shared accountIds , you can specify an empty list for accountIds in the RdsDbClusterSnapshotAttributeValue .

type RdsDbClusterSnapshotConfiguration added in v1.17.0 

type RdsDbClusterSnapshotConfiguration struct {

	// The names and values of manual DB cluster snapshot attributes. Manual DB
	// cluster snapshot attributes are used to authorize other Amazon Web Services
	// accounts to restore a manual DB cluster snapshot. The only valid value for
	// AttributeName for the attribute map is restore
	Attributes map[string]RdsDbClusterSnapshotAttributeValue

	// The KMS key identifier for an encrypted Amazon RDS DB cluster snapshot. The KMS
	// key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
	//
	//   - If the configuration is for an existing Amazon RDS DB cluster snapshot and
	//   you do not specify the kmsKeyId , or you specify an empty string, then the
	//   access preview uses the existing kmsKeyId of the snapshot.
	//
	//   - If the access preview is for a new resource and you do not specify the
	//   specify the kmsKeyId , then the access preview considers the snapshot as
	//   unencrypted.
	KmsKeyId *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon RDS DB cluster snapshot. You can propose a configuration for a new Amazon RDS DB cluster snapshot or an Amazon RDS DB cluster snapshot that you own by specifying the RdsDbClusterSnapshotAttributeValue and optional KMS encryption key. For more information, see ModifyDBClusterSnapshotAttribute.

type RdsDbSnapshotAttributeValue added in v1.17.0 

type RdsDbSnapshotAttributeValue interface {
	// contains filtered or unexported methods
}

The name and values of a manual Amazon RDS DB snapshot attribute. Manual DB snapshot attributes are used to authorize other Amazon Web Services accounts to restore a manual DB snapshot.

The following types satisfy this interface: 

RdsDbSnapshotAttributeValueMemberAccountIds
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.RdsDbSnapshotAttributeValue
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.RdsDbSnapshotAttributeValueMemberAccountIds:
		_ = v.Value // Value is []string

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type RdsDbSnapshotAttributeValueMemberAccountIds added in v1.17.0 

type RdsDbSnapshotAttributeValueMemberAccountIds struct {
	Value []string
	// contains filtered or unexported fields
}

The Amazon Web Services account IDs that have access to the manual Amazon RDS DB snapshot. If the value all is specified, then the Amazon RDS DB snapshot is public and can be copied or restored by all Amazon Web Services accounts.

  • If the configuration is for an existing Amazon RDS DB snapshot and you do not specify the accountIds in RdsDbSnapshotAttributeValue , then the access preview uses the existing shared accountIds for the snapshot.

  • If the access preview is for a new resource and you do not specify the specify the accountIds in RdsDbSnapshotAttributeValue , then the access preview considers the snapshot without any attributes.

  • To propose deletion of an existing shared accountIds , you can specify an empty list for accountIds in the RdsDbSnapshotAttributeValue .

type RdsDbSnapshotConfiguration added in v1.17.0 

type RdsDbSnapshotConfiguration struct {

	// The names and values of manual DB snapshot attributes. Manual DB snapshot
	// attributes are used to authorize other Amazon Web Services accounts to restore a
	// manual DB snapshot. The only valid value for attributeName for the attribute
	// map is restore.
	Attributes map[string]RdsDbSnapshotAttributeValue

	// The KMS key identifier for an encrypted Amazon RDS DB snapshot. The KMS key
	// identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
	//
	//   - If the configuration is for an existing Amazon RDS DB snapshot and you do
	//   not specify the kmsKeyId , or you specify an empty string, then the access
	//   preview uses the existing kmsKeyId of the snapshot.
	//
	//   - If the access preview is for a new resource and you do not specify the
	//   specify the kmsKeyId , then the access preview considers the snapshot as
	//   unencrypted.
	KmsKeyId *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon RDS DB snapshot. You can propose a configuration for a new Amazon RDS DB snapshot or an Amazon RDS DB snapshot that you own by specifying the RdsDbSnapshotAttributeValue and optional KMS encryption key. For more information, see ModifyDBSnapshotAttribute.

type ReasonCode 

type ReasonCode string
const (
	ReasonCodeAwsServiceAccessDisabled           ReasonCode = "AWS_SERVICE_ACCESS_DISABLED"
	ReasonCodeDelegatedAdministratorDeregistered ReasonCode = "DELEGATED_ADMINISTRATOR_DEREGISTERED"
	ReasonCodeOrganizationDeleted                ReasonCode = "ORGANIZATION_DELETED"
	ReasonCodeServiceLinkedRoleCreationFailed    ReasonCode = "SERVICE_LINKED_ROLE_CREATION_FAILED"
)

Enum values for ReasonCode

func (ReasonCode) Values added in v0.29.0 

func (ReasonCode) Values() []ReasonCode

Values returns all known values for ReasonCode. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ReasonSummary added in v1.24.0 

type ReasonSummary struct {

	// A description of the reasoning of a result of checking for access.
	Description *string

	// The identifier for the reason statement.
	StatementId *string

	// The index number of the reason statement.
	StatementIndex *int32
	// contains filtered or unexported fields
}

Contains information about the reasoning why a check for access passed or failed.

type RecommendationError added in v1.30.0 

type RecommendationError struct {

	// The error code for a failed retrieval of a recommendation for a finding.
	//
	// This member is required.
	Code *string

	// The error message for a failed retrieval of a recommendation for a finding.
	//
	// This member is required.
	Message *string
	// contains filtered or unexported fields
}

Contains information about the reason that the retrieval of a recommendation for a finding failed.

type RecommendationType added in v1.30.0 

type RecommendationType string
const (
	RecommendationTypeUnusedPermissionRecommendation RecommendationType = "UnusedPermissionRecommendation"
)

Enum values for RecommendationType

func (RecommendationType) Values added in v1.30.0 

func (RecommendationType) Values() []RecommendationType

Values returns all known values for RecommendationType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type RecommendedRemediationAction added in v1.30.0 

type RecommendedRemediationAction string
const (
	RecommendedRemediationActionCreatePolicy RecommendedRemediationAction = "CREATE_POLICY"
	RecommendedRemediationActionDetachPolicy RecommendedRemediationAction = "DETACH_POLICY"
)

Enum values for RecommendedRemediationAction

func (RecommendedRemediationAction) Values added in v1.30.0 

func (RecommendedRemediationAction) Values() []RecommendedRemediationAction

Values returns all known values for RecommendedRemediationAction. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type RecommendedStep added in v1.30.0 

type RecommendedStep interface {
	// contains filtered or unexported methods
}

Contains information about a recommended step for an unused access analyzer finding.

The following types satisfy this interface: 

RecommendedStepMemberUnusedPermissionsRecommendedStep
Example (OutputUsage) 
package main

import (
	"fmt"
	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)

func main() {
	var union types.RecommendedStep
	// type switches can be used to check the union value
	switch v := union.(type) {
	case *types.RecommendedStepMemberUnusedPermissionsRecommendedStep:
		_ = v.Value // Value is types.UnusedPermissionsRecommendedStep

	case *types.UnknownUnionMember:
		fmt.Println("unknown tag:", v.Tag)

	default:
		fmt.Println("union is nil or unknown type")

	}
}

Output:

type RecommendedStepMemberUnusedPermissionsRecommendedStep added in v1.30.0 

type RecommendedStepMemberUnusedPermissionsRecommendedStep struct {
	Value UnusedPermissionsRecommendedStep
	// contains filtered or unexported fields
}

A recommended step for an unused permissions finding.

type ResourceControlPolicyRestriction added in v1.35.0 

type ResourceControlPolicyRestriction string
const (
	ResourceControlPolicyRestrictionApplicable          ResourceControlPolicyRestriction = "APPLICABLE"
	ResourceControlPolicyRestrictionFailedToEvaluateRcp ResourceControlPolicyRestriction = "FAILED_TO_EVALUATE_RCP"
	ResourceControlPolicyRestrictionNotApplicable       ResourceControlPolicyRestriction = "NOT_APPLICABLE"
)

Enum values for ResourceControlPolicyRestriction

func (ResourceControlPolicyRestriction) Values added in v1.35.0 

func (ResourceControlPolicyRestriction) Values() []ResourceControlPolicyRestriction

Values returns all known values for ResourceControlPolicyRestriction. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ResourceNotFoundException 

type ResourceNotFoundException struct {
	Message *string

	ErrorCodeOverride *string

	ResourceId   *string
	ResourceType *string
	// contains filtered or unexported fields
}

The specified resource could not be found.

func (*ResourceNotFoundException) Error 

func (e *ResourceNotFoundException) Error() string

func (*ResourceNotFoundException) ErrorCode 

func (e *ResourceNotFoundException) ErrorCode() string

func (*ResourceNotFoundException) ErrorFault 

func (e *ResourceNotFoundException) ErrorFault() smithy.ErrorFault

func (*ResourceNotFoundException) ErrorMessage 

func (e *ResourceNotFoundException) ErrorMessage() string

type ResourceType 

type ResourceType string
const (
	ResourceTypeAwsS3Bucket                 ResourceType = "AWS::S3::Bucket"
	ResourceTypeAwsIamRole                  ResourceType = "AWS::IAM::Role"
	ResourceTypeAwsSqsQueue                 ResourceType = "AWS::SQS::Queue"
	ResourceTypeAwsLambdaFunction           ResourceType = "AWS::Lambda::Function"
	ResourceTypeAwsLambdaLayerversion       ResourceType = "AWS::Lambda::LayerVersion"
	ResourceTypeAwsKmsKey                   ResourceType = "AWS::KMS::Key"
	ResourceTypeAwsSecretsmanagerSecret     ResourceType = "AWS::SecretsManager::Secret"
	ResourceTypeAwsEfsFilesystem            ResourceType = "AWS::EFS::FileSystem"
	ResourceTypeAwsEc2Snapshot              ResourceType = "AWS::EC2::Snapshot"
	ResourceTypeAwsEcrRepository            ResourceType = "AWS::ECR::Repository"
	ResourceTypeAwsRdsDbsnapshot            ResourceType = "AWS::RDS::DBSnapshot"
	ResourceTypeAwsRdsDbclustersnapshot     ResourceType = "AWS::RDS::DBClusterSnapshot"
	ResourceTypeAwsSnsTopic                 ResourceType = "AWS::SNS::Topic"
	ResourceTypeAwsS3expressDirectorybucket ResourceType = "AWS::S3Express::DirectoryBucket"
	ResourceTypeAwsDynamodbTable            ResourceType = "AWS::DynamoDB::Table"
	ResourceTypeAwsDynamodbStream           ResourceType = "AWS::DynamoDB::Stream"
	ResourceTypeAwsIamUser                  ResourceType = "AWS::IAM::User"
)

Enum values for ResourceType

func (ResourceType) Values added in v0.29.0 

func (ResourceType) Values() []ResourceType

Values returns all known values for ResourceType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ResourceTypeDetails added in v1.37.0 

type ResourceTypeDetails struct {

	// The total number of active cross-account findings for the resource type.
	TotalActiveCrossAccount *int32

	// The total number of active public findings for the resource type.
	TotalActivePublic *int32
	// contains filtered or unexported fields
}

Contains information about the total number of active cross-account and public findings for a resource type of an external access analyzer.

type S3AccessPointConfiguration added in v1.2.0 

type S3AccessPointConfiguration struct {

	// The access point or multi-region access point policy.
	AccessPointPolicy *string

	// The proposed Internet and VpcConfiguration to apply to this Amazon S3 access
	// point. VpcConfiguration does not apply to multi-region access points. If the
	// access preview is for a new resource and neither is specified, the access
	// preview uses Internet for the network origin. If the access preview is for an
	// existing resource and neither is specified, the access preview uses the exiting
	// network origin.
	NetworkOrigin NetworkOriginConfiguration

	// The proposed S3PublicAccessBlock configuration to apply to this Amazon S3
	// access point or multi-region access point.
	PublicAccessBlock *S3PublicAccessBlockConfiguration
	// contains filtered or unexported fields
}

The configuration for an Amazon S3 access point or multi-region access point for the bucket. You can propose up to 10 access points or multi-region access points per bucket. If the proposed Amazon S3 access point configuration is for an existing bucket, the access preview uses the proposed access point configuration in place of the existing access points. To propose an access point without a policy, you can provide an empty string as the access point policy. For more information, see Creating access points. For more information about access point policy limits, see Access points restrictions and limitations.

type S3BucketAclGrantConfiguration added in v1.2.0 

type S3BucketAclGrantConfiguration struct {

	// The grantee to whom you’re assigning access rights.
	//
	// This member is required.
	Grantee AclGrantee

	// The permissions being granted.
	//
	// This member is required.
	Permission AclPermission
	// contains filtered or unexported fields
}

A proposed access control list grant configuration for an Amazon S3 bucket. For more information, see How to Specify an ACL.

type S3BucketConfiguration added in v1.2.0 

type S3BucketConfiguration struct {

	// The configuration of Amazon S3 access points or multi-region access points for
	// the bucket. You can propose up to 10 new access points per bucket.
	AccessPoints map[string]S3AccessPointConfiguration

	// The proposed list of ACL grants for the Amazon S3 bucket. You can propose up to
	// 100 ACL grants per bucket. If the proposed grant configuration is for an
	// existing bucket, the access preview uses the proposed list of grant
	// configurations in place of the existing grants. Otherwise, the access preview
	// uses the existing grants for the bucket.
	BucketAclGrants []S3BucketAclGrantConfiguration

	// The proposed bucket policy for the Amazon S3 bucket.
	BucketPolicy *string

	// The proposed block public access configuration for the Amazon S3 bucket.
	BucketPublicAccessBlock *S3PublicAccessBlockConfiguration
	// contains filtered or unexported fields
}

Proposed access control configuration for an Amazon S3 bucket. You can propose a configuration for a new Amazon S3 bucket or an existing Amazon S3 bucket that you own by specifying the Amazon S3 bucket policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and multi-region access points attached to the bucket. If the configuration is for an existing Amazon S3 bucket and you do not specify the Amazon S3 bucket policy, the access preview uses the existing policy attached to the bucket. If the access preview is for a new resource and you do not specify the Amazon S3 bucket policy, the access preview assumes a bucket without a policy. To propose deletion of an existing bucket policy, you can specify an empty string. For more information about bucket policy limits, see Bucket Policy Examples.

type S3ExpressDirectoryBucketConfiguration added in v1.25.0 

type S3ExpressDirectoryBucketConfiguration struct {

	// The proposed bucket policy for the Amazon S3 directory bucket.
	BucketPolicy *string
	// contains filtered or unexported fields
}

Proposed access control configuration for an Amazon S3 directory bucket. You can propose a configuration for a new Amazon S3 directory bucket or an existing Amazon S3 directory bucket that you own by specifying the Amazon S3 bucket policy. If the configuration is for an existing Amazon S3 directory bucket and you do not specify the Amazon S3 bucket policy, the access preview uses the existing policy attached to the directory bucket. If the access preview is for a new resource and you do not specify the Amazon S3 bucket policy, the access preview assumes an directory bucket without a policy. To propose deletion of an existing bucket policy, you can specify an empty string. For more information about Amazon S3 directory bucket policies, see Example directory bucket policies for S3 Express One Zone.

type S3PublicAccessBlockConfiguration added in v1.2.0 

type S3PublicAccessBlockConfiguration struct {

	//  Specifies whether Amazon S3 should ignore public ACLs for this bucket and
	// objects in this bucket.
	//
	// This member is required.
	IgnorePublicAcls *bool

	//  Specifies whether Amazon S3 should restrict public bucket policies for this
	// bucket.
	//
	// This member is required.
	RestrictPublicBuckets *bool
	// contains filtered or unexported fields
}

The PublicAccessBlock configuration to apply to this Amazon S3 bucket. If the proposed configuration is for an existing Amazon S3 bucket and the configuration is not specified, the access preview uses the existing setting. If the proposed configuration is for a new bucket and the configuration is not specified, the access preview uses false . If the proposed configuration is for a new access point or multi-region access point and the access point BPA configuration is not specified, the access preview uses true . For more information, see PublicAccessBlockConfiguration.

type SecretsManagerSecretConfiguration added in v1.2.0 

type SecretsManagerSecretConfiguration struct {

	// The proposed ARN, key ID, or alias of the KMS key.
	KmsKeyId *string

	// The proposed resource policy defining who can access or manage the secret.
	SecretPolicy *string
	// contains filtered or unexported fields
}

The configuration for a Secrets Manager secret. For more information, see CreateSecret.

You can propose a configuration for a new secret or an existing secret that you own by specifying the secret policy and optional KMS encryption key. If the configuration is for an existing secret and you do not specify the secret policy, the access preview uses the existing policy for the secret. If the access preview is for a new resource and you do not specify the policy, the access preview assumes a secret without a policy. To propose deletion of an existing policy, you can specify an empty string. If the proposed configuration is for a new secret and you do not specify the KMS key ID, the access preview uses the Amazon Web Services managed key aws/secretsmanager . If you specify an empty string for the KMS key ID, the access preview uses the Amazon Web Services managed key of the Amazon Web Services account. For more information about secret policy limits, see Quotas for Secrets Manager..

type ServiceQuotaExceededException 

type ServiceQuotaExceededException struct {
	Message *string

	ErrorCodeOverride *string

	ResourceId   *string
	ResourceType *string
	// contains filtered or unexported fields
}

Service quote met error.

func (*ServiceQuotaExceededException) Error 

func (e *ServiceQuotaExceededException) Error() string

func (*ServiceQuotaExceededException) ErrorCode 

func (e *ServiceQuotaExceededException) ErrorCode() string

func (*ServiceQuotaExceededException) ErrorFault 

func (e *ServiceQuotaExceededException) ErrorFault() smithy.ErrorFault

func (*ServiceQuotaExceededException) ErrorMessage 

func (e *ServiceQuotaExceededException) ErrorMessage() string

type SnsTopicConfiguration added in v1.17.0 

type SnsTopicConfiguration struct {

	// The JSON policy text that defines who can access an Amazon SNS topic. For more
	// information, see [Example cases for Amazon SNS access control]in the Amazon SNS Developer Guide.
	//
	// [Example cases for Amazon SNS access control]: https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html
	TopicPolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon SNS topic. You can propose a configuration for a new Amazon SNS topic or an existing Amazon SNS topic that you own by specifying the policy. If the configuration is for an existing Amazon SNS topic and you do not specify the Amazon SNS policy, then the access preview uses the existing Amazon SNS policy for the topic. If the access preview is for a new resource and you do not specify the policy, then the access preview assumes an Amazon SNS topic without a policy. To propose deletion of an existing Amazon SNS topic policy, you can specify an empty string for the Amazon SNS policy. For more information, see Topic.

type SortCriteria 

type SortCriteria struct {

	// The name of the attribute to sort on.
	AttributeName *string

	// The sort order, ascending or descending.
	OrderBy OrderBy
	// contains filtered or unexported fields
}

The criteria used to sort.

type Span added in v1.2.0 

type Span struct {

	// The end position of the span (exclusive).
	//
	// This member is required.
	End *Position

	// The start position of the span (inclusive).
	//
	// This member is required.
	Start *Position
	// contains filtered or unexported fields
}

A span in a policy. The span consists of a start position (inclusive) and end position (exclusive).

type SqsQueueConfiguration added in v1.2.0 

type SqsQueueConfiguration struct {

	//  The proposed resource policy for the Amazon SQS queue.
	QueuePolicy *string
	// contains filtered or unexported fields
}

The proposed access control configuration for an Amazon SQS queue. You can propose a configuration for a new Amazon SQS queue or an existing Amazon SQS queue that you own by specifying the Amazon SQS policy. If the configuration is for an existing Amazon SQS queue and you do not specify the Amazon SQS policy, the access preview uses the existing Amazon SQS policy for the queue. If the access preview is for a new resource and you do not specify the policy, the access preview assumes an Amazon SQS queue without a policy. To propose deletion of an existing Amazon SQS queue policy, you can specify an empty string for the Amazon SQS policy. For more information about Amazon SQS policy limits, see Quotas related to policies.

type Status added in v1.30.0 

type Status string
const (
	StatusSucceeded  Status = "SUCCEEDED"
	StatusFailed     Status = "FAILED"
	StatusInProgress Status = "IN_PROGRESS"
)

Enum values for Status

func (Status) Values added in v1.30.0 

func (Status) Values() []Status

Values returns all known values for Status. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type StatusReason 

type StatusReason struct {

	// The reason code for the current status of the analyzer.
	//
	// This member is required.
	Code ReasonCode
	// contains filtered or unexported fields
}

Provides more details about the current status of the analyzer. For example, if the creation for the analyzer fails, a Failed status is returned. For an analyzer with organization as the type, this failure can be due to an issue with creating the service-linked roles required in the member accounts of the Amazon Web Services organization.

type Substring added in v1.2.0 

type Substring struct {

	// The length of the substring.
	//
	// This member is required.
	Length *int32

	// The start index of the substring, starting from 0.
	//
	// This member is required.
	Start *int32
	// contains filtered or unexported fields
}

A reference to a substring of a literal string in a JSON document.

type ThrottlingException 

type ThrottlingException struct {
	Message *string

	ErrorCodeOverride *string

	RetryAfterSeconds *int32
	// contains filtered or unexported fields
}

Throttling limit exceeded error.

func (*ThrottlingException) Error 

func (e *ThrottlingException) Error() string

func (*ThrottlingException) ErrorCode 

func (e *ThrottlingException) ErrorCode() string

func (*ThrottlingException) ErrorFault 

func (e *ThrottlingException) ErrorFault() smithy.ErrorFault

func (*ThrottlingException) ErrorMessage 

func (e *ThrottlingException) ErrorMessage() string

type Trail added in v1.3.0 

type Trail struct {

	// Specifies the ARN of the trail. The format of a trail ARN is
	// arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail .
	//
	// This member is required.
	CloudTrailArn *string

	// Possible values are true or false . If set to true , IAM Access Analyzer
	// retrieves CloudTrail data from all regions to analyze and generate a policy.
	AllRegions *bool

	// A list of regions to get CloudTrail data from and analyze to generate a policy.
	Regions []string
	// contains filtered or unexported fields
}

Contains details about the CloudTrail trail being analyzed to generate a policy.

type TrailProperties added in v1.3.0 

type TrailProperties struct {

	// Specifies the ARN of the trail. The format of a trail ARN is
	// arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail .
	//
	// This member is required.
	CloudTrailArn *string

	// Possible values are true or false . If set to true , IAM Access Analyzer
	// retrieves CloudTrail data from all regions to analyze and generate a policy.
	AllRegions *bool

	// A list of regions to get CloudTrail data from and analyze to generate a policy.
	Regions []string
	// contains filtered or unexported fields
}

Contains details about the CloudTrail trail being analyzed to generate a policy.

type Type 

type Type string
const (
	TypeAccount                  Type = "ACCOUNT"
	TypeOrganization             Type = "ORGANIZATION"
	TypeAccountUnusedAccess      Type = "ACCOUNT_UNUSED_ACCESS"
	TypeOrganizationUnusedAccess Type = "ORGANIZATION_UNUSED_ACCESS"
)

Enum values for Type

func (Type) Values added in v0.29.0 

func (Type) Values() []Type

Values returns all known values for Type. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type UnknownUnionMember added in v1.2.0 

type UnknownUnionMember struct {
	Tag   string
	Value []byte
	// contains filtered or unexported fields
}

UnknownUnionMember is returned when a union member is returned over the wire, but has an unknown tag.

type UnprocessableEntityException added in v1.24.0 

type UnprocessableEntityException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

The specified entity could not be processed.

func (*UnprocessableEntityException) Error added in v1.24.0 

func (e *UnprocessableEntityException) Error() string

func (*UnprocessableEntityException) ErrorCode added in v1.24.0 

func (e *UnprocessableEntityException) ErrorCode() string

func (*UnprocessableEntityException) ErrorFault added in v1.24.0 

func (e *UnprocessableEntityException) ErrorFault() smithy.ErrorFault

func (*UnprocessableEntityException) ErrorMessage added in v1.24.0 

func (e *UnprocessableEntityException) ErrorMessage() string

type UnusedAccessConfiguration added in v1.24.0 

type UnusedAccessConfiguration struct {

	// Contains information about analysis rules for the analyzer. Analysis rules
	// determine which entities will generate findings based on the criteria you define
	// when you create the rule.
	AnalysisRule *AnalysisRule

	// The specified access age in days for which to generate findings for unused
	// access. For example, if you specify 90 days, the analyzer will generate findings
	// for IAM entities within the accounts of the selected organization for any access
	// that hasn't been used in 90 or more days since the analyzer's last scan. You can
	// choose a value between 1 and 365 days.
	UnusedAccessAge *int32
	// contains filtered or unexported fields
}

Contains information about an unused access analyzer.

type UnusedAccessFindingsStatistics added in v1.37.0 

type UnusedAccessFindingsStatistics struct {

	// A list of one to ten Amazon Web Services accounts that have the most active
	// findings for the unused access analyzer.
	TopAccounts []FindingAggregationAccountDetails

	// The total number of active findings for the unused access analyzer.
	TotalActiveFindings *int32

	// The total number of archived findings for the unused access analyzer.
	TotalArchivedFindings *int32

	// The total number of resolved findings for the unused access analyzer.
	TotalResolvedFindings *int32

	// A list of details about the total number of findings for each type of unused
	// access for the analyzer.
	UnusedAccessTypeStatistics []UnusedAccessTypeStatistics
	// contains filtered or unexported fields
}

Provides aggregate statistics about the findings for the specified unused access analyzer.

type UnusedAccessTypeStatistics added in v1.37.0 

type UnusedAccessTypeStatistics struct {

	// The total number of findings for the specified unused access type.
	Total *int32

	// The type of unused access.
	UnusedAccessType *string
	// contains filtered or unexported fields
}

Contains information about the total number of findings for a type of unused access.

type UnusedAction added in v1.24.0 

type UnusedAction struct {

	// The action for which the unused access finding was generated.
	//
	// This member is required.
	Action *string

	// The time at which the action was last accessed.
	LastAccessed *time.Time
	// contains filtered or unexported fields
}

Contains information about an unused access finding for an action. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing.

type UnusedIamRoleDetails added in v1.24.0 

type UnusedIamRoleDetails struct {

	// The time at which the role was last accessed.
	LastAccessed *time.Time
	// contains filtered or unexported fields
}

Contains information about an unused access finding for an IAM role. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing.

type UnusedIamUserAccessKeyDetails added in v1.24.0 

type UnusedIamUserAccessKeyDetails struct {

	// The ID of the access key for which the unused access finding was generated.
	//
	// This member is required.
	AccessKeyId *string

	// The time at which the access key was last accessed.
	LastAccessed *time.Time
	// contains filtered or unexported fields
}

Contains information about an unused access finding for an IAM user access key. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing.

type UnusedIamUserPasswordDetails added in v1.24.0 

type UnusedIamUserPasswordDetails struct {

	// The time at which the password was last accessed.
	LastAccessed *time.Time
	// contains filtered or unexported fields
}

Contains information about an unused access finding for an IAM user password. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing.

type UnusedPermissionDetails added in v1.24.0 

type UnusedPermissionDetails struct {

	// The namespace of the Amazon Web Services service that contains the unused
	// actions.
	//
	// This member is required.
	ServiceNamespace *string

	// A list of unused actions for which the unused access finding was generated.
	Actions []UnusedAction

	// The time at which the permission was last accessed.
	LastAccessed *time.Time
	// contains filtered or unexported fields
}

Contains information about an unused access finding for a permission. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing.

type UnusedPermissionsRecommendedStep added in v1.30.0 

type UnusedPermissionsRecommendedStep struct {

	// A recommendation of whether to create or detach a policy for an unused
	// permissions finding.
	//
	// This member is required.
	RecommendedAction RecommendedRemediationAction

	// If the recommended action for the unused permissions finding is to detach a
	// policy, the ID of an existing policy to be detached.
	ExistingPolicyId *string

	// The time at which the existing policy for the unused permissions finding was
	// last updated.
	PolicyUpdatedAt *time.Time

	// If the recommended action for the unused permissions finding is to replace the
	// existing policy, the contents of the recommended policy to replace the policy
	// specified in the existingPolicyId field.
	RecommendedPolicy *string
	// contains filtered or unexported fields
}

Contains information about the action to take for a policy in an unused permissions finding.

type ValidatePolicyFinding added in v1.2.0 

type ValidatePolicyFinding struct {

	// A localized message that explains the finding and provides guidance on how to
	// address it.
	//
	// This member is required.
	FindingDetails *string

	// The impact of the finding.
	//
	// Security warnings report when the policy allows access that we consider overly
	// permissive.
	//
	// Errors report when a part of the policy is not functional.
	//
	// Warnings report non-security issues when a policy does not conform to policy
	// writing best practices.
	//
	// Suggestions recommend stylistic improvements in the policy that do not impact
	// access.
	//
	// This member is required.
	FindingType ValidatePolicyFindingType

	// The issue code provides an identifier of the issue associated with this finding.
	//
	// This member is required.
	IssueCode *string

	// A link to additional documentation about the type of finding.
	//
	// This member is required.
	LearnMoreLink *string

	// The list of locations in the policy document that are related to the finding.
	// The issue code provides a summary of an issue identified by the finding.
	//
	// This member is required.
	Locations []Location
	// contains filtered or unexported fields
}

A finding in a policy. Each finding is an actionable recommendation that can be used to improve the policy.

type ValidatePolicyFindingType added in v1.2.0 

type ValidatePolicyFindingType string
const (
	ValidatePolicyFindingTypeError           ValidatePolicyFindingType = "ERROR"
	ValidatePolicyFindingTypeSecurityWarning ValidatePolicyFindingType = "SECURITY_WARNING"
	ValidatePolicyFindingTypeSuggestion      ValidatePolicyFindingType = "SUGGESTION"
	ValidatePolicyFindingTypeWarning         ValidatePolicyFindingType = "WARNING"
)

Enum values for ValidatePolicyFindingType

func (ValidatePolicyFindingType) Values added in v1.2.0 

func (ValidatePolicyFindingType) Values() []ValidatePolicyFindingType

Values returns all known values for ValidatePolicyFindingType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ValidatePolicyResourceType added in v1.10.0 

type ValidatePolicyResourceType string
const (
	ValidatePolicyResourceTypeS3Bucket                  ValidatePolicyResourceType = "AWS::S3::Bucket"
	ValidatePolicyResourceTypeS3AccessPoint             ValidatePolicyResourceType = "AWS::S3::AccessPoint"
	ValidatePolicyResourceTypeS3MultiRegionAccessPoint  ValidatePolicyResourceType = "AWS::S3::MultiRegionAccessPoint"
	ValidatePolicyResourceTypeS3ObjectLambdaAccessPoint ValidatePolicyResourceType = "AWS::S3ObjectLambda::AccessPoint"
	ValidatePolicyResourceTypeRoleTrust                 ValidatePolicyResourceType = "AWS::IAM::AssumeRolePolicyDocument"
	ValidatePolicyResourceTypeDynamodbTable             ValidatePolicyResourceType = "AWS::DynamoDB::Table"
)

Enum values for ValidatePolicyResourceType

func (ValidatePolicyResourceType) Values added in v1.10.0 

func (ValidatePolicyResourceType) Values() []ValidatePolicyResourceType

Values returns all known values for ValidatePolicyResourceType. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type ValidationException 

type ValidationException struct {
	Message *string

	ErrorCodeOverride *string

	Reason    ValidationExceptionReason
	FieldList []ValidationExceptionField
	// contains filtered or unexported fields
}

Validation exception error.

func (*ValidationException) Error 

func (e *ValidationException) Error() string

func (*ValidationException) ErrorCode 

func (e *ValidationException) ErrorCode() string

func (*ValidationException) ErrorFault 

func (e *ValidationException) ErrorFault() smithy.ErrorFault

func (*ValidationException) ErrorMessage 

func (e *ValidationException) ErrorMessage() string

type ValidationExceptionField 

type ValidationExceptionField struct {

	// A message about the validation exception.
	//
	// This member is required.
	Message *string

	// The name of the validation exception.
	//
	// This member is required.
	Name *string
	// contains filtered or unexported fields
}

Contains information about a validation exception.

type ValidationExceptionReason 

type ValidationExceptionReason string
const (
	ValidationExceptionReasonUnknownOperation      ValidationExceptionReason = "unknownOperation"
	ValidationExceptionReasonCannotParse           ValidationExceptionReason = "cannotParse"
	ValidationExceptionReasonFieldValidationFailed ValidationExceptionReason = "fieldValidationFailed"
	ValidationExceptionReasonOther                 ValidationExceptionReason = "other"
	ValidationExceptionReasonNotSupported          ValidationExceptionReason = "notSupported"
)

Enum values for ValidationExceptionReason

func (ValidationExceptionReason) Values added in v0.29.0 

func (ValidationExceptionReason) Values() []ValidationExceptionReason

Values returns all known values for ValidationExceptionReason. Note that this can be expanded in the future, and so it is only as up to date as the client.

The ordering of this slice is not guaranteed to be stable across updates.

type VpcConfiguration added in v1.2.0 

type VpcConfiguration struct {

	//  If this field is specified, this access point will only allow connections from
	// the specified VPC ID.
	//
	// This member is required.
	VpcId *string
	// contains filtered or unexported fields
}

The proposed virtual private cloud (VPC) configuration for the Amazon S3 access point. VPC configuration does not apply to multi-region access points. For more information, see VpcConfiguration.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.