Documentation ¶
Index ¶
- type AccessControlList
- type AccessDeniedException
- type AccountDetail
- type AccountLevelPermissions
- type AdminAccount
- type AdminStatus
- type AllowListCriteria
- type AllowListStatus
- type AllowListStatusCode
- type AllowListSummary
- type AllowsUnencryptedObjectUploads
- type ApiCallDetails
- type AssumedRole
- type AutoEnableMode
- type AutomatedDiscoveryAccount
- type AutomatedDiscoveryAccountStatus
- type AutomatedDiscoveryAccountUpdate
- type AutomatedDiscoveryAccountUpdateError
- type AutomatedDiscoveryAccountUpdateErrorCode
- type AutomatedDiscoveryMonitoringStatus
- type AutomatedDiscoveryStatus
- type AvailabilityCode
- type AwsAccount
- type AwsService
- type BatchGetCustomDataIdentifierSummary
- type BlockPublicAccess
- type BucketCountByEffectivePermission
- type BucketCountByEncryptionType
- type BucketCountBySharedAccessType
- type BucketCountPolicyAllowsUnencryptedObjectUploads
- type BucketCriteriaAdditionalProperties
- type BucketLevelPermissions
- type BucketMetadata
- type BucketMetadataErrorCode
- type BucketPermissionConfiguration
- type BucketPolicy
- type BucketPublicAccess
- type BucketServerSideEncryption
- type BucketSortCriteria
- type BucketStatisticsBySensitivity
- type Cell
- type ClassificationDetails
- type ClassificationExportConfiguration
- type ClassificationResult
- type ClassificationResultStatus
- type ClassificationScopeSummary
- type ClassificationScopeUpdateOperation
- type ConflictException
- type CriteriaBlockForJob
- type CriteriaForJob
- type CriterionAdditionalProperties
- type Currency
- type CustomDataIdentifierSummary
- type CustomDataIdentifiers
- type CustomDetection
- type DailySchedule
- type DataIdentifierSeverity
- type DataIdentifierType
- type DayOfWeek
- type DefaultDetection
- type DetectedDataDetails
- type Detection
- type DomainDetails
- type EffectivePermission
- type EncryptionType
- type ErrorCode
- type FederatedUser
- type Finding
- type FindingAction
- type FindingActionType
- type FindingActor
- type FindingCategory
- type FindingCriteria
- type FindingPublishingFrequency
- type FindingStatisticsSortAttributeName
- type FindingStatisticsSortCriteria
- type FindingType
- type FindingsFilterAction
- type FindingsFilterListItem
- type GroupBy
- type GroupCount
- type IamUser
- type InternalServerException
- type Invitation
- type IpAddressDetails
- type IpCity
- type IpCountry
- type IpGeoLocation
- type IpOwner
- type IsDefinedInJob
- type IsMonitoredByJob
- type JobComparator
- type JobDetails
- type JobScheduleFrequency
- type JobScopeTerm
- type JobScopingBlock
- type JobStatus
- type JobSummary
- type JobType
- type KeyValuePair
- type LastRunErrorStatus
- type LastRunErrorStatusCode
- type ListJobsFilterCriteria
- type ListJobsFilterKey
- type ListJobsFilterTerm
- type ListJobsSortAttributeName
- type ListJobsSortCriteria
- type MacieStatus
- type ManagedDataIdentifierSelector
- type ManagedDataIdentifierSummary
- type MatchingBucket
- type MatchingResource
- type Member
- type MonthlySchedule
- type ObjectCountByEncryptionType
- type ObjectLevelStatistics
- type Occurrences
- type OrderBy
- type OriginType
- type Page
- type PolicyDetails
- type Range
- type Record
- type RelationshipStatus
- type ReplicationDetails
- type ResourceNotFoundException
- type ResourceProfileArtifact
- type ResourceStatistics
- type ResourcesAffected
- type RetrievalConfiguration
- type RetrievalMode
- type RevealConfiguration
- type RevealRequestStatus
- type RevealStatus
- type S3Bucket
- type S3BucketCriteriaForJob
- type S3BucketDefinitionForJob
- type S3BucketOwner
- type S3ClassificationScope
- type S3ClassificationScopeExclusion
- type S3ClassificationScopeExclusionUpdate
- type S3ClassificationScopeUpdate
- type S3Destination
- type S3JobDefinition
- type S3Object
- type S3WordsList
- type ScopeFilterKey
- type Scoping
- type SearchResourcesBucketCriteria
- type SearchResourcesComparator
- type SearchResourcesCriteria
- type SearchResourcesCriteriaBlock
- type SearchResourcesSimpleCriterion
- type SearchResourcesSimpleCriterionKey
- type SearchResourcesSortAttributeName
- type SearchResourcesSortCriteria
- type SearchResourcesTagCriterion
- type SearchResourcesTagCriterionPair
- type SecurityHubConfiguration
- type SensitiveDataItem
- type SensitiveDataItemCategory
- type SensitivityAggregations
- type SensitivityInspectionTemplateExcludes
- type SensitivityInspectionTemplateIncludes
- type SensitivityInspectionTemplatesEntry
- type ServerSideEncryption
- type ServiceLimit
- type ServiceQuotaExceededException
- type SessionContext
- type SessionContextAttributes
- type SessionIssuer
- type Severity
- type SeverityDescription
- type SeverityLevel
- type SharedAccess
- type SimpleCriterionForJob
- type SimpleCriterionKeyForJob
- type SimpleScopeTerm
- type SortCriteria
- type Statistics
- type StorageClass
- type SuppressDataIdentifier
- type TagCriterionForJob
- type TagCriterionPairForJob
- type TagScopeTerm
- type TagTarget
- type TagValuePair
- type ThrottlingException
- type TimeRange
- type Type
- type UnavailabilityReasonCode
- type Unit
- type UnprocessableEntityException
- type UnprocessedAccount
- type UpdateRetrievalConfiguration
- type UsageByAccount
- type UsageRecord
- type UsageStatisticsFilter
- type UsageStatisticsFilterComparator
- type UsageStatisticsFilterKey
- type UsageStatisticsSortBy
- type UsageStatisticsSortKey
- type UsageTotal
- type UsageType
- type UserIdentity
- type UserIdentityRoot
- type UserIdentityType
- type UserPausedDetails
- type ValidationException
- type WeeklySchedule
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessControlList ¶
type AccessControlList struct { // Specifies whether the ACL grants the general public with read access // permissions for the bucket. AllowsPublicReadAccess *bool // Specifies whether the ACL grants the general public with write access // permissions for the bucket. AllowsPublicWriteAccess *bool // contains filtered or unexported fields }
Provides information about the permissions settings of the bucket-level access control list (ACL) for an S3 bucket.
type AccessDeniedException ¶
type AccessDeniedException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
Provides information about an error that occurred due to insufficient access to a specified resource.
func (*AccessDeniedException) Error ¶
func (e *AccessDeniedException) Error() string
func (*AccessDeniedException) ErrorCode ¶
func (e *AccessDeniedException) ErrorCode() string
func (*AccessDeniedException) ErrorFault ¶
func (e *AccessDeniedException) ErrorFault() smithy.ErrorFault
func (*AccessDeniedException) ErrorMessage ¶
func (e *AccessDeniedException) ErrorMessage() string
type AccountDetail ¶
type AccountDetail struct { // The Amazon Web Services account ID for the account. // // This member is required. AccountId *string // The email address for the account. // // This member is required. Email *string // contains filtered or unexported fields }
Specifies the details of an account to associate with an Amazon Macie administrator account.
type AccountLevelPermissions ¶
type AccountLevelPermissions struct { // The block public access settings for the Amazon Web Services account that owns // the bucket. BlockPublicAccess *BlockPublicAccess // contains filtered or unexported fields }
Provides information about the account-level permissions settings that apply to an S3 bucket.
type AdminAccount ¶
type AdminAccount struct { // The Amazon Web Services account ID for the account. AccountId *string // The current status of the account as the delegated Amazon Macie administrator // account for the organization. Status AdminStatus // contains filtered or unexported fields }
Provides information about the delegated Amazon Macie administrator account for an organization in Organizations.
type AdminStatus ¶
type AdminStatus string
const ( AdminStatusEnabled AdminStatus = "ENABLED" AdminStatusDisablingInProgress AdminStatus = "DISABLING_IN_PROGRESS" )
Enum values for AdminStatus
func (AdminStatus) Values ¶ added in v0.29.0
func (AdminStatus) Values() []AdminStatus
Values returns all known values for AdminStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type AllowListCriteria ¶ added in v1.23.0
type AllowListCriteria struct { // The regular expression (regex) that defines the text pattern to ignore. The // expression can contain as many as 512 characters. Regex *string // The location and name of the S3 object that lists specific text to ignore. S3WordsList *S3WordsList // contains filtered or unexported fields }
Specifies the criteria for an allow list. The criteria must specify a regular expression (regex) or an S3 object (s3WordsList). It can't specify both.
type AllowListStatus ¶ added in v1.23.0
type AllowListStatus struct { // The current status of the allow list. If the list's criteria specify a regular // expression (regex), this value is typically OK. Amazon Macie can compile the // expression. // // If the list's criteria specify an S3 object, possible values are: // // - OK - Macie can retrieve and parse the contents of the object. // // - S3_OBJECT_ACCESS_DENIED - Macie isn't allowed to access the object or the // object is encrypted with a customer managed KMS key that Macie isn't allowed to // use. Check the bucket policy and other permissions settings for the bucket and // the object. If the object is encrypted, also ensure that it's encrypted with a // key that Macie is allowed to use. // // - S3_OBJECT_EMPTY - Macie can retrieve the object but the object doesn't // contain any content. Ensure that the object contains the correct entries. Also // ensure that the list's criteria specify the correct bucket and object names. // // - S3_OBJECT_NOT_FOUND - The object doesn't exist in Amazon S3. Ensure that // the list's criteria specify the correct bucket and object names. // // - S3_OBJECT_OVERSIZE - Macie can retrieve the object. However, the object // contains too many entries or its storage size exceeds the quota for an allow // list. Try breaking the list into multiple files and ensure that each file // doesn't exceed any quotas. Then configure list settings in Macie for each file. // // - S3_THROTTLED - Amazon S3 throttled the request to retrieve the object. Wait // a few minutes and then try again. // // - S3_USER_ACCESS_DENIED - Amazon S3 denied the request to retrieve the // object. If the specified object exists, you're not allowed to access it or it's // encrypted with an KMS key that you're not allowed to use. Work with your Amazon // Web Services administrator to ensure that the list's criteria specify the // correct bucket and object names, and you have read access to the bucket and the // object. If the object is encrypted, also ensure that it's encrypted with a key // that you're allowed to use. // // - UNKNOWN_ERROR - A transient or internal error occurred when Macie attempted // to retrieve or parse the object. Wait a few minutes and then try again. A list // can also have this status if it's encrypted with a key that Amazon S3 and Macie // can't access or use. // // This member is required. Code AllowListStatusCode // A brief description of the status of the allow list. Amazon Macie uses this // value to provide additional information about an error that occurred when Macie // tried to access and use the list's criteria. Description *string // contains filtered or unexported fields }
Provides information about the current status of an allow list, which indicates whether Amazon Macie can access and use the list's criteria.
type AllowListStatusCode ¶ added in v1.23.0
type AllowListStatusCode string
const ( AllowListStatusCodeOk AllowListStatusCode = "OK" AllowListStatusCodeS3ObjectNotFound AllowListStatusCode = "S3_OBJECT_NOT_FOUND" AllowListStatusCodeS3UserAccessDenied AllowListStatusCode = "S3_USER_ACCESS_DENIED" AllowListStatusCodeS3ObjectAccessDenied AllowListStatusCode = "S3_OBJECT_ACCESS_DENIED" AllowListStatusCodeS3Throttled AllowListStatusCode = "S3_THROTTLED" AllowListStatusCodeS3ObjectOversize AllowListStatusCode = "S3_OBJECT_OVERSIZE" AllowListStatusCodeS3ObjectEmpty AllowListStatusCode = "S3_OBJECT_EMPTY" AllowListStatusCodeUnknownError AllowListStatusCode = "UNKNOWN_ERROR" )
Enum values for AllowListStatusCode
func (AllowListStatusCode) Values ¶ added in v1.23.0
func (AllowListStatusCode) Values() []AllowListStatusCode
Values returns all known values for AllowListStatusCode. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type AllowListSummary ¶ added in v1.23.0
type AllowListSummary struct { // The Amazon Resource Name (ARN) of the allow list. Arn *string // The date and time, in UTC and extended ISO 8601 format, when the allow list was // created in Amazon Macie. CreatedAt *time.Time // The custom description of the allow list. Description *string // The unique identifier for the allow list. Id *string // The custom name of the allow list. Name *string // The date and time, in UTC and extended ISO 8601 format, when the allow list's // settings were most recently changed in Amazon Macie. UpdatedAt *time.Time // contains filtered or unexported fields }
Provides a subset of information about an allow list.
type AllowsUnencryptedObjectUploads ¶ added in v1.4.0
type AllowsUnencryptedObjectUploads string
const ( AllowsUnencryptedObjectUploadsTrue AllowsUnencryptedObjectUploads = "TRUE" AllowsUnencryptedObjectUploadsFalse AllowsUnencryptedObjectUploads = "FALSE" AllowsUnencryptedObjectUploadsUnknown AllowsUnencryptedObjectUploads = "UNKNOWN" )
Enum values for AllowsUnencryptedObjectUploads
func (AllowsUnencryptedObjectUploads) Values ¶ added in v1.4.0
func (AllowsUnencryptedObjectUploads) Values() []AllowsUnencryptedObjectUploads
Values returns all known values for AllowsUnencryptedObjectUploads. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ApiCallDetails ¶
type ApiCallDetails struct { // The name of the operation that was invoked most recently and produced the // finding. Api *string // The URL of the Amazon Web Services service that provides the operation, for // example: s3.amazonaws.com. ApiServiceName *string // The first date and time, in UTC and extended ISO 8601 format, when any // operation was invoked and produced the finding. FirstSeen *time.Time // The most recent date and time, in UTC and extended ISO 8601 format, when the // specified operation (api) was invoked and produced the finding. LastSeen *time.Time // contains filtered or unexported fields }
Provides information about an API operation that an entity invoked for an affected resource.
type AssumedRole ¶
type AssumedRole struct { // The Amazon Web Services access key ID that identifies the credentials. AccessKeyId *string // The unique identifier for the Amazon Web Services account that owns the entity // that was used to get the credentials. AccountId *string // The Amazon Resource Name (ARN) of the entity that was used to get the // credentials. Arn *string // The unique identifier for the entity that was used to get the credentials. PrincipalId *string // The details of the session that was created for the credentials, including the // entity that issued the session. SessionContext *SessionContext // contains filtered or unexported fields }
Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the AssumeRole operation of the Security Token Service (STS) API.
type AutoEnableMode ¶ added in v1.39.0
type AutoEnableMode string
const ( AutoEnableModeAll AutoEnableMode = "ALL" AutoEnableModeNew AutoEnableMode = "NEW" AutoEnableModeNone AutoEnableMode = "NONE" )
Enum values for AutoEnableMode
func (AutoEnableMode) Values ¶ added in v1.39.0
func (AutoEnableMode) Values() []AutoEnableMode
Values returns all known values for AutoEnableMode. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type AutomatedDiscoveryAccount ¶ added in v1.39.0
type AutomatedDiscoveryAccount struct { // The Amazon Web Services account ID for the account. AccountId *string // The current status of automated sensitive data discovery for the account. // Possible values are: ENABLED, perform automated sensitive data discovery // activities for the account; and, DISABLED, don't perform automated sensitive // data discovery activities for the account. Status AutomatedDiscoveryAccountStatus // contains filtered or unexported fields }
Provides information about the status of automated sensitive data discovery for an Amazon Macie account.
type AutomatedDiscoveryAccountStatus ¶ added in v1.39.0
type AutomatedDiscoveryAccountStatus string
const ( AutomatedDiscoveryAccountStatusEnabled AutomatedDiscoveryAccountStatus = "ENABLED" AutomatedDiscoveryAccountStatusDisabled AutomatedDiscoveryAccountStatus = "DISABLED" )
Enum values for AutomatedDiscoveryAccountStatus
func (AutomatedDiscoveryAccountStatus) Values ¶ added in v1.39.0
func (AutomatedDiscoveryAccountStatus) Values() []AutomatedDiscoveryAccountStatus
Values returns all known values for AutomatedDiscoveryAccountStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type AutomatedDiscoveryAccountUpdate ¶ added in v1.39.0
type AutomatedDiscoveryAccountUpdate struct { // The Amazon Web Services account ID for the account. AccountId *string // The new status of automated sensitive data discovery for the account. Valid // values are: ENABLED, perform automated sensitive data discovery activities for // the account; and, DISABLED, don't perform automated sensitive data discovery // activities for the account. Status AutomatedDiscoveryAccountStatus // contains filtered or unexported fields }
Changes the status of automated sensitive data discovery for an Amazon Macie account.
type AutomatedDiscoveryAccountUpdateError ¶ added in v1.39.0
type AutomatedDiscoveryAccountUpdateError struct { // The Amazon Web Services account ID for the account that the request applied to. AccountId *string // The error code for the error that caused the request to fail for the account // (accountId). Possible values are: ACCOUNT_NOT_FOUND, the account doesn’t exist // or you're not the Amazon Macie administrator for the account; and, // ACCOUNT_PAUSED, Macie isn’t enabled for the account in the current Amazon Web // Services Region. ErrorCode AutomatedDiscoveryAccountUpdateErrorCode // contains filtered or unexported fields }
Provides information about a request that failed to change the status of automated sensitive data discovery for an Amazon Macie account.
type AutomatedDiscoveryAccountUpdateErrorCode ¶ added in v1.39.0
type AutomatedDiscoveryAccountUpdateErrorCode string
const ( AutomatedDiscoveryAccountUpdateErrorCodeAccountPaused AutomatedDiscoveryAccountUpdateErrorCode = "ACCOUNT_PAUSED" AutomatedDiscoveryAccountUpdateErrorCodeAccountNotFound AutomatedDiscoveryAccountUpdateErrorCode = "ACCOUNT_NOT_FOUND" )
Enum values for AutomatedDiscoveryAccountUpdateErrorCode
func (AutomatedDiscoveryAccountUpdateErrorCode) Values ¶ added in v1.39.0
Values returns all known values for AutomatedDiscoveryAccountUpdateErrorCode. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type AutomatedDiscoveryMonitoringStatus ¶ added in v1.39.0
type AutomatedDiscoveryMonitoringStatus string
const ( AutomatedDiscoveryMonitoringStatusMonitored AutomatedDiscoveryMonitoringStatus = "MONITORED" AutomatedDiscoveryMonitoringStatusNotMonitored AutomatedDiscoveryMonitoringStatus = "NOT_MONITORED" )
Enum values for AutomatedDiscoveryMonitoringStatus
func (AutomatedDiscoveryMonitoringStatus) Values ¶ added in v1.39.0
func (AutomatedDiscoveryMonitoringStatus) Values() []AutomatedDiscoveryMonitoringStatus
Values returns all known values for AutomatedDiscoveryMonitoringStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type AutomatedDiscoveryStatus ¶ added in v1.24.0
type AutomatedDiscoveryStatus string
const ( AutomatedDiscoveryStatusEnabled AutomatedDiscoveryStatus = "ENABLED" AutomatedDiscoveryStatusDisabled AutomatedDiscoveryStatus = "DISABLED" )
Enum values for AutomatedDiscoveryStatus
func (AutomatedDiscoveryStatus) Values ¶ added in v1.24.0
func (AutomatedDiscoveryStatus) Values() []AutomatedDiscoveryStatus
Values returns all known values for AutomatedDiscoveryStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type AvailabilityCode ¶ added in v1.22.0
type AvailabilityCode string
const ( AvailabilityCodeAvailable AvailabilityCode = "AVAILABLE" )
Enum values for AvailabilityCode
func (AvailabilityCode) Values ¶ added in v1.22.0
func (AvailabilityCode) Values() []AvailabilityCode
Values returns all known values for AvailabilityCode. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type AwsAccount ¶
type AwsAccount struct { // The unique identifier for the Amazon Web Services account. AccountId *string // The unique identifier for the entity that performed the action. PrincipalId *string // contains filtered or unexported fields }
Provides information about an Amazon Web Services account and entity that performed an action on an affected resource. The action was performed using the credentials for an Amazon Web Services account other than your own account.
type AwsService ¶
type AwsService struct { // The name of the Amazon Web Service that performed the action. InvokedBy *string // contains filtered or unexported fields }
Provides information about an Amazon Web Service that performed an action on an affected resource.
type BatchGetCustomDataIdentifierSummary ¶
type BatchGetCustomDataIdentifierSummary struct { // The Amazon Resource Name (ARN) of the custom data identifier. Arn *string // The date and time, in UTC and extended ISO 8601 format, when the custom data // identifier was created. CreatedAt *time.Time // Specifies whether the custom data identifier was deleted. If you delete a // custom data identifier, Amazon Macie doesn't delete it permanently. Instead, it // soft deletes the identifier. Deleted *bool // The custom description of the custom data identifier. Description *string // The unique identifier for the custom data identifier. Id *string // The custom name of the custom data identifier. Name *string // contains filtered or unexported fields }
Provides information about a custom data identifier.
type BlockPublicAccess ¶
type BlockPublicAccess struct { // Specifies whether Amazon S3 blocks public access control lists (ACLs) for the // bucket and objects in the bucket. BlockPublicAcls *bool // Specifies whether Amazon S3 blocks public bucket policies for the bucket. BlockPublicPolicy *bool // Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in // the bucket. IgnorePublicAcls *bool // Specifies whether Amazon S3 restricts public bucket policies for the bucket. RestrictPublicBuckets *bool // contains filtered or unexported fields }
Provides information about the block public access settings for an S3 bucket. These settings can apply to a bucket at the account or bucket level. For detailed information about each setting, see Blocking public access to your Amazon S3 storagein the Amazon Simple Storage Service User Guide.
type BucketCountByEffectivePermission ¶
type BucketCountByEffectivePermission struct { // The total number of buckets that allow the general public to have read or write // access to the bucket. PubliclyAccessible *int64 // The total number of buckets that allow the general public to have read access // to the bucket. PubliclyReadable *int64 // The total number of buckets that allow the general public to have write access // to the bucket. PubliclyWritable *int64 // The total number of buckets that Amazon Macie wasn't able to evaluate // permissions settings for. For example, the buckets' policies or a quota // prevented Macie from retrieving the requisite data. Macie can't determine // whether the buckets are publicly accessible. Unknown *int64 // contains filtered or unexported fields }
Provides information about the number of S3 buckets that are publicly accessible due to a combination of permissions settings for each bucket.
type BucketCountByEncryptionType ¶
type BucketCountByEncryptionType struct { // The total number of buckets whose default encryption settings are configured to // encrypt new objects with an KMS key, either an Amazon Web Services managed key // or a customer managed key. By default, these buckets encrypt new objects // automatically using DSSE-KMS or SSE-KMS encryption. KmsManaged *int64 // The total number of buckets whose default encryption settings are configured to // encrypt new objects with an Amazon S3 managed key. By default, these buckets // encrypt new objects automatically using SSE-S3 encryption. S3Managed *int64 // The total number of buckets that don't specify default server-side encryption // behavior for new objects. Default encryption settings aren't configured for // these buckets. Unencrypted *int64 // The total number of buckets that Amazon Macie doesn't have current encryption // metadata for. For example, the buckets' permissions settings or a quota // prevented Macie from retrieving the default encryption settings for the buckets. Unknown *int64 // contains filtered or unexported fields }
Provides information about the number of S3 buckets whose settings do or don't specify default server-side encryption behavior for objects that are added to the buckets. For detailed information about these settings, see Setting default server-side encryption behavior for Amazon S3 bucketsin the Amazon Simple Storage Service User Guide.
type BucketCountBySharedAccessType ¶
type BucketCountBySharedAccessType struct { // or any combination of the following: an Amazon CloudFront OAI, a CloudFront OAC, // or an Amazon Web Services account that isn't in the same Amazon Macie // organization. External *int64 // Services accounts in the same Amazon Macie organization. These buckets aren't // shared with Amazon CloudFront OAIs or OACs. Internal *int64 // accounts, Amazon CloudFront OAIs, or CloudFront OACs. NotShared *int64 // access settings for. For example, the buckets' permissions settings or a quota // prevented Macie from retrieving the requisite data. Macie can't determine // whether the buckets are shared with other Amazon Web Services accounts, Amazon // CloudFront OAIs, or CloudFront OACs. Unknown *int64 // contains filtered or unexported fields }
Provides information about the number of S3 buckets that are or aren't shared with other Amazon Web Services accounts, Amazon CloudFront origin access identities (OAIs), or CloudFront origin access controls (OACs). In this data, an Amazon Macie organization is defined as a set of Macie accounts that are centrally managed as a group of related accounts through Organizations or by Macie invitation.
type BucketCountPolicyAllowsUnencryptedObjectUploads ¶ added in v1.4.0
type BucketCountPolicyAllowsUnencryptedObjectUploads struct { // The total number of buckets that don't have a bucket policy or have a bucket // policy that doesn't require server-side encryption of new objects. If a bucket // policy exists, the policy doesn't require PutObject requests to include a valid // server-side encryption header: the x-amz-server-side-encryption header with a // value of AES256 or aws:kms, or the // x-amz-server-side-encryption-customer-algorithm header with a value of AES256. AllowsUnencryptedObjectUploads *int64 // The total number of buckets whose bucket policies require server-side // encryption of new objects. PutObject requests for these buckets must include a // valid server-side encryption header: the x-amz-server-side-encryption header // with a value of AES256 or aws:kms, or the // x-amz-server-side-encryption-customer-algorithm header with a value of AES256. DeniesUnencryptedObjectUploads *int64 // The total number of buckets that Amazon Macie wasn't able to evaluate // server-side encryption requirements for. For example, the buckets' permissions // settings or a quota prevented Macie from retrieving the requisite data. Macie // can't determine whether bucket policies for the buckets require server-side // encryption of new objects. Unknown *int64 // contains filtered or unexported fields }
Provides information about the number of S3 buckets whose bucket policies do or don't require server-side encryption of objects when objects are added to the buckets.
type BucketCriteriaAdditionalProperties ¶
type BucketCriteriaAdditionalProperties struct { // The value for the property matches (equals) the specified value. If you specify // multiple values, Amazon Macie uses OR logic to join the values. Eq []string // The value for the property is greater than the specified value. Gt *int64 // The value for the property is greater than or equal to the specified value. Gte *int64 // The value for the property is less than the specified value. Lt *int64 // The value for the property is less than or equal to the specified value. Lte *int64 // The value for the property doesn't match (doesn't equal) the specified value. // If you specify multiple values, Amazon Macie uses OR logic to join the values. Neq []string // The name of the bucket begins with the specified value. Prefix *string // contains filtered or unexported fields }
Specifies the operator to use in a property-based condition that filters the results of a query for information about S3 buckets.
type BucketLevelPermissions ¶
type BucketLevelPermissions struct { // The permissions settings of the access control list (ACL) for the bucket. This // value is null if an ACL hasn't been defined for the bucket. AccessControlList *AccessControlList // The block public access settings for the bucket. BlockPublicAccess *BlockPublicAccess // The permissions settings of the bucket policy for the bucket. This value is // null if a bucket policy hasn't been defined for the bucket. BucketPolicy *BucketPolicy // contains filtered or unexported fields }
Provides information about the bucket-level permissions settings for an S3 bucket.
type BucketMetadata ¶
type BucketMetadata struct { // The unique identifier for the Amazon Web Services account that owns the bucket. AccountId *string // Specifies whether the bucket policy for the bucket requires server-side // encryption of objects when objects are added to the bucket. Possible values are: // // - FALSE - The bucket policy requires server-side encryption of new objects. // PutObject requests must include a valid server-side encryption header. // // - TRUE - The bucket doesn't have a bucket policy or it has a bucket policy // that doesn't require server-side encryption of new objects. If a bucket policy // exists, it doesn't require PutObject requests to include a valid server-side // encryption header. // // - UNKNOWN - Amazon Macie can't determine whether the bucket policy requires // server-side encryption of new objects. // // Valid server-side encryption headers are: x-amz-server-side-encryption with a // value of AES256 or aws:kms, and x-amz-server-side-encryption-customer-algorithm // with a value of AES256. AllowsUnencryptedObjectUploads AllowsUnencryptedObjectUploads // Specifies whether automated sensitive data discovery is currently configured to // analyze objects in the bucket. Possible values are: MONITORED, the bucket is // included in analyses; and, NOT_MONITORED, the bucket is excluded from analyses. // If automated sensitive data discovery is disabled for your account, this value // is NOT_MONITORED. AutomatedDiscoveryMonitoringStatus AutomatedDiscoveryMonitoringStatus // The Amazon Resource Name (ARN) of the bucket. BucketArn *string // The date and time, in UTC and extended ISO 8601 format, when the bucket was // created. This value can also indicate when changes such as edits to the bucket's // policy were most recently made to the bucket. BucketCreatedAt *time.Time // The name of the bucket. BucketName *string // The total number of objects that Amazon Macie can analyze in the bucket. These // objects use a supported storage class and have a file name extension for a // supported file or storage format. ClassifiableObjectCount *int64 // The total storage size, in bytes, of the objects that Amazon Macie can analyze // in the bucket. These objects use a supported storage class and have a file name // extension for a supported file or storage format. // // If versioning is enabled for the bucket, Macie calculates this value based on // the size of the latest version of each applicable object in the bucket. This // value doesn't reflect the storage size of all versions of each applicable object // in the bucket. ClassifiableSizeInBytes *int64 // The code for an error or issue that prevented Amazon Macie from retrieving and // processing information about the bucket and the bucket's objects. Possible // values are: // // - ACCESS_DENIED - Macie doesn't have permission to retrieve the information. // For example, the bucket has a restrictive bucket policy and Amazon S3 denied the // request. // // - BUCKET_COUNT_EXCEEDS_QUOTA - Retrieving and processing the information // would exceed the quota for the number of buckets that Macie monitors for an // account (10,000). // // If this value is null, Macie was able to retrieve and process the information. ErrorCode BucketMetadataErrorCode // A brief description of the error or issue (errorCode) that prevented Amazon // Macie from retrieving and processing information about the bucket and the // bucket's objects. This value is null if Macie was able to retrieve and process // the information. ErrorMessage *string // Specifies whether any one-time or recurring classification jobs are configured // to analyze objects in the bucket, and, if so, the details of the job that ran // most recently. JobDetails *JobDetails // The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most // recently analyzed objects in the bucket while performing automated sensitive // data discovery. This value is null if this analysis hasn't occurred. LastAutomatedDiscoveryTime *time.Time // The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most // recently retrieved bucket or object metadata from Amazon S3 for the bucket. LastUpdated *time.Time // The total number of objects in the bucket. ObjectCount *int64 // The total number of objects in the bucket, grouped by server-side encryption // type. This includes a grouping that reports the total number of objects that // aren't encrypted or use client-side encryption. ObjectCountByEncryptionType *ObjectCountByEncryptionType // Specifies whether the bucket is publicly accessible due to the combination of // permissions settings that apply to the bucket, and provides information about // those settings. PublicAccess *BucketPublicAccess // The Amazon Web Services Region that hosts the bucket. Region *string // Specifies whether the bucket is configured to replicate one or more objects to // buckets for other Amazon Web Services accounts and, if so, which accounts. ReplicationDetails *ReplicationDetails // The sensitivity score for the bucket, ranging from -1 (classification error) to // 100 (sensitive). // // If automated sensitive data discovery has never been enabled for your account // or it's been disabled for your organization or standalone account for more than // 30 days, possible values are: 1, the bucket is empty; or, 50, the bucket stores // objects but it's been excluded from recent analyses. SensitivityScore *int32 // The default server-side encryption settings for the bucket. ServerSideEncryption *BucketServerSideEncryption // account, an Amazon CloudFront origin access identity (OAI), or a CloudFront // origin access control (OAC). Possible values are: // // - EXTERNAL - The bucket is shared with one or more of the following or any // combination of the following: a CloudFront OAI, a CloudFront OAC, or an Amazon // Web Services account that isn't part of your Amazon Macie organization. // // - INTERNAL - The bucket is shared with one or more Amazon Web Services // accounts that are part of your Amazon Macie organization. It isn't shared with a // CloudFront OAI or OAC. // // - NOT_SHARED - The bucket isn't shared with another Amazon Web Services // account, a CloudFront OAI, or a CloudFront OAC. // // - UNKNOWN - Amazon Macie wasn't able to evaluate the shared access settings // for the bucket. // // An Amazon Macie organization is a set of Macie accounts that are centrally // managed as a group of related accounts through Organizations or by Macie // invitation. SharedAccess SharedAccess // The total storage size, in bytes, of the bucket. // // If versioning is enabled for the bucket, Amazon Macie calculates this value // based on the size of the latest version of each object in the bucket. This value // doesn't reflect the storage size of all versions of each object in the bucket. SizeInBytes *int64 // The total storage size, in bytes, of the objects that are compressed (.gz, // .gzip, .zip) files in the bucket. // // If versioning is enabled for the bucket, Amazon Macie calculates this value // based on the size of the latest version of each applicable object in the bucket. // This value doesn't reflect the storage size of all versions of each applicable // object in the bucket. SizeInBytesCompressed *int64 // An array that specifies the tags (keys and values) that are associated with the // bucket. Tags []KeyValuePair // The total number of objects that Amazon Macie can't analyze in the bucket. // These objects don't use a supported storage class or don't have a file name // extension for a supported file or storage format. UnclassifiableObjectCount *ObjectLevelStatistics // The total storage size, in bytes, of the objects that Amazon Macie can't // analyze in the bucket. These objects don't use a supported storage class or // don't have a file name extension for a supported file or storage format. UnclassifiableObjectSizeInBytes *ObjectLevelStatistics // Specifies whether versioning is enabled for the bucket. Versioning *bool // contains filtered or unexported fields }
Provides statistical data and other information about an S3 bucket that Amazon Macie monitors and analyzes for your account. By default, object count and storage size values include data for object parts that are the result of incomplete multipart uploads. For more information, see How Macie monitors Amazon S3 data securityin the Amazon Macie User Guide.
If an error or issue prevents Macie from retrieving and processing metadata from Amazon S3 for the bucket or the bucket's objects, the value for the versioning property is false and the value for most other properties is null or UNKNOWN. Key exceptions are accountId, bucketArn, bucketCreatedAt, bucketName, lastUpdated, and region. To identify the cause, refer to the errorCode and errorMessage values.
type BucketMetadataErrorCode ¶ added in v1.11.0
type BucketMetadataErrorCode string
const ( BucketMetadataErrorCodeAccessDenied BucketMetadataErrorCode = "ACCESS_DENIED" BucketMetadataErrorCodeBucketCountExceedsQuota BucketMetadataErrorCode = "BUCKET_COUNT_EXCEEDS_QUOTA" )
Enum values for BucketMetadataErrorCode
func (BucketMetadataErrorCode) Values ¶ added in v1.11.0
func (BucketMetadataErrorCode) Values() []BucketMetadataErrorCode
Values returns all known values for BucketMetadataErrorCode. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type BucketPermissionConfiguration ¶
type BucketPermissionConfiguration struct { // The account-level permissions settings that apply to the bucket. AccountLevelPermissions *AccountLevelPermissions // The bucket-level permissions settings for the bucket. BucketLevelPermissions *BucketLevelPermissions // contains filtered or unexported fields }
Provides information about the account-level and bucket-level permissions settings for an S3 bucket.
type BucketPolicy ¶
type BucketPolicy struct { // Specifies whether the bucket policy allows the general public to have read // access to the bucket. AllowsPublicReadAccess *bool // Specifies whether the bucket policy allows the general public to have write // access to the bucket. AllowsPublicWriteAccess *bool // contains filtered or unexported fields }
Provides information about the permissions settings of the bucket policy for an S3 bucket.
type BucketPublicAccess ¶
type BucketPublicAccess struct { // Specifies whether the bucket is publicly accessible due to the combination of // permissions settings that apply to the bucket. Possible values are: // // - NOT_PUBLIC - The bucket isn't publicly accessible. // // - PUBLIC - The bucket is publicly accessible. // // - UNKNOWN - Amazon Macie can't determine whether the bucket is publicly // accessible. EffectivePermission EffectivePermission // The account-level and bucket-level permissions settings for the bucket. PermissionConfiguration *BucketPermissionConfiguration // contains filtered or unexported fields }
Provides information about the permissions settings that determine whether an S3 bucket is publicly accessible.
type BucketServerSideEncryption ¶ added in v1.2.0
type BucketServerSideEncryption struct { // The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS key // that's used by default to encrypt objects that are added to the bucket. This // value is null if the bucket is configured to use an Amazon S3 managed key to // encrypt new objects. KmsMasterKeyId *string // The server-side encryption algorithm that's used by default to encrypt objects // that are added to the bucket. Possible values are: // // - AES256 - New objects use SSE-S3 encryption. They're encrypted with an // Amazon S3 managed key. // // - aws:kms - New objects use SSE-KMS encryption. They're encrypted with an KMS // key (kmsMasterKeyId), either an Amazon Web Services managed key or a customer // managed key. // // - aws:kms:dsse - New objects use DSSE-KMS encryption. They're encrypted with // an KMS key (kmsMasterKeyId), either an Amazon Web Services managed key or a // customer managed key. // // - NONE - The bucket's default encryption settings don't specify server-side // encryption behavior for new objects. Type Type // contains filtered or unexported fields }
Provides information about the default server-side encryption settings for an S3 bucket. For detailed information about these settings, see Setting default server-side encryption behavior for Amazon S3 bucketsin the Amazon Simple Storage Service User Guide.
type BucketSortCriteria ¶
type BucketSortCriteria struct { // The name of the bucket property to sort the results by. This value can be one // of the following properties that Amazon Macie defines as bucket metadata: // accountId, bucketName, classifiableObjectCount, classifiableSizeInBytes, // objectCount, sensitivityScore, or sizeInBytes. AttributeName *string // The sort order to apply to the results, based on the value specified by the // attributeName property. Valid values are: ASC, sort the results in ascending // order; and, DESC, sort the results in descending order. OrderBy OrderBy // contains filtered or unexported fields }
Specifies criteria for sorting the results of a query for information about S3 buckets.
type BucketStatisticsBySensitivity ¶ added in v1.24.0
type BucketStatisticsBySensitivity struct { // The aggregated statistical data for all buckets that have a sensitivity score // of -1. ClassificationError *SensitivityAggregations // The aggregated statistical data for all buckets that have a sensitivity score // of 50. NotClassified *SensitivityAggregations // The aggregated statistical data for all buckets that have a sensitivity score // of 1-49. NotSensitive *SensitivityAggregations // The aggregated statistical data for all buckets that have a sensitivity score // of 51-100. Sensitive *SensitivityAggregations // contains filtered or unexported fields }
Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets, grouped by bucket sensitivity score (sensitivityScore). If automated sensitive data discovery is currently disabled for your account, the value for most of these metrics is 0.
type Cell ¶ added in v0.29.0
type Cell struct { // The location of the cell, as an absolute cell reference, that contains the // sensitive data, for example Sheet2!C5 for cell C5 on Sheet2 in a Microsoft Excel // workbook. This value is null for CSV and TSV files. CellReference *string // The column number of the column that contains the sensitive data. For a // Microsoft Excel workbook, this value correlates to the alphabetical character(s) // for a column identifier, for example: 1 for column A, 2 for column B, and so on. Column *int64 // The name of the column that contains the sensitive data, if available. ColumnName *string // The row number of the row that contains the sensitive data. Row *int64 // contains filtered or unexported fields }
Specifies the location of an occurrence of sensitive data in a Microsoft Excel workbook, CSV file, or TSV file.
type ClassificationDetails ¶
type ClassificationDetails struct { // The path to the folder or file in Amazon S3 that contains the corresponding // sensitive data discovery result for the finding. If a finding applies to a large // archive or compressed file, this value is the path to a folder. Otherwise, this // value is the path to a file. DetailedResultsLocation *string // The Amazon Resource Name (ARN) of the classification job that produced the // finding. This value is null if the origin of the finding (originType) is // AUTOMATED_SENSITIVE_DATA_DISCOVERY. JobArn *string // The unique identifier for the classification job that produced the finding. // This value is null if the origin of the finding (originType) is // AUTOMATED_SENSITIVE_DATA_DISCOVERY. JobId *string // Specifies how Amazon Macie found the sensitive data that produced the finding. // Possible values are: SENSITIVE_DATA_DISCOVERY_JOB, for a classification job; // and, AUTOMATED_SENSITIVE_DATA_DISCOVERY, for automated sensitive data discovery. OriginType OriginType // The status and other details of the finding. Result *ClassificationResult // contains filtered or unexported fields }
Provides information about a sensitive data finding and the details of the finding.
type ClassificationExportConfiguration ¶
type ClassificationExportConfiguration struct { // The S3 bucket to store data classification results in, and the encryption // settings to use when storing results in that bucket. S3Destination *S3Destination // contains filtered or unexported fields }
Specifies where to store data classification results, and the encryption settings to use when storing results in that location. The location must be an S3 general purpose bucket.
type ClassificationResult ¶
type ClassificationResult struct { // Specifies whether Amazon Macie detected additional occurrences of sensitive // data in the S3 object. A finding includes location data for a maximum of 15 // occurrences of sensitive data. // // This value can help you determine whether to investigate additional occurrences // of sensitive data in an object. You can do this by referring to the // corresponding sensitive data discovery result for the finding // (classificationDetails.detailedResultsLocation). AdditionalOccurrences *bool // The custom data identifiers that detected the sensitive data and the number of // occurrences of the data that they detected. CustomDataIdentifiers *CustomDataIdentifiers // The type of content, as a MIME type, that the finding applies to. For example, // application/gzip, for a GNU Gzip compressed archive file, or application/pdf, // for an Adobe Portable Document Format file. MimeType *string // The category, types, and number of occurrences of the sensitive data that // produced the finding. SensitiveData []SensitiveDataItem // The total size, in bytes, of the data that the finding applies to. SizeClassified *int64 // The status of the finding. Status *ClassificationResultStatus // contains filtered or unexported fields }
Provides the details of a sensitive data finding, including the types, number of occurrences, and locations of the sensitive data that was detected.
type ClassificationResultStatus ¶
type ClassificationResultStatus struct { // The status of the finding. Possible values are: // // - COMPLETE - Amazon Macie successfully completed its analysis of the S3 // object that the finding applies to. // // - PARTIAL - Macie analyzed only a subset of the data in the S3 object that // the finding applies to. For example, the object is an archive file that contains // files in an unsupported format. // // - SKIPPED - Macie wasn't able to analyze the S3 object that the finding // applies to. For example, the object is a file that uses an unsupported format. Code *string // A brief description of the status of the finding. This value is null if the // status (code) of the finding is COMPLETE. // // Amazon Macie uses this value to notify you of any errors, warnings, or // considerations that might impact your analysis of the finding and the affected // S3 object. Possible values are: // // - ARCHIVE_CONTAINS_UNPROCESSED_FILES - The object is an archive file and // Macie extracted and analyzed only some or none of the files in the archive. To // determine which files Macie analyzed, if any, refer to the corresponding // sensitive data discovery result for the finding // (classificationDetails.detailedResultsLocation). // // - ARCHIVE_EXCEEDS_SIZE_LIMIT - The object is an archive file whose total // storage size exceeds the size quota for this type of archive. // // - ARCHIVE_NESTING_LEVEL_OVER_LIMIT - The object is an archive file whose // nested depth exceeds the quota for the maximum number of nested levels that // Macie analyzes for this type of archive. // // - ARCHIVE_TOTAL_BYTES_EXTRACTED_OVER_LIMIT - The object is an archive file // that exceeds the quota for the maximum amount of data that Macie extracts and // analyzes for this type of archive. // // - ARCHIVE_TOTAL_DOCUMENTS_PROCESSED_OVER_LIMIT - The object is an archive // file that contains more than the maximum number of files that Macie extracts and // analyzes for this type of archive. // // - FILE_EXCEEDS_SIZE_LIMIT - The storage size of the object exceeds the size // quota for this type of file. // // - INVALID_ENCRYPTION - The object is encrypted using server-side encryption // but Macie isn't allowed to use the key. Macie can't decrypt and analyze the // object. // // - INVALID_KMS_KEY - The object is encrypted with an KMS key that was disabled // or is being deleted. Macie can't decrypt and analyze the object. // // - INVALID_OBJECT_STATE - The object doesn't use a supported Amazon S3 storage // class. // // - JSON_NESTING_LEVEL_OVER_LIMIT - The object contains JSON data and the // nested depth of the data exceeds the quota for the number of nested levels that // Macie analyzes for this type of file. // // - MALFORMED_FILE - The object is a malformed or corrupted file. An error // occurred when Macie attempted to detect the file's type or extract data from the // file. // // - MALFORMED_OR_FILE_SIZE_EXCEEDS_LIMIT - The object is a Microsoft Office // file that is malformed or exceeds the size quota for this type of file. If the // file is malformed, an error occurred when Macie attempted to extract data from // the file. // // - NO_SUCH_BUCKET_AVAILABLE - The object was in a bucket that was deleted // shortly before or when Macie attempted to analyze the object. // // - OBJECT_VERSION_MISMATCH - The object was changed while Macie was analyzing // it. // // - OOXML_UNCOMPRESSED_RATIO_EXCEEDS_LIMIT - The object is an Office Open XML // file whose compression ratio exceeds the compression quota for this type of // file. // // - OOXML_UNCOMPRESSED_SIZE_EXCEEDS_LIMIT - The object is an Office Open XML // file that exceeds the size quota for this type of file. // // - PERMISSION_DENIED - Macie isn't allowed to access the object. The object's // permissions settings prevent Macie from analyzing the object. // // - SOURCE_OBJECT_NO_LONGER_AVAILABLE - The object was deleted shortly before // or when Macie attempted to analyze it. // // - TIME_CUT_OFF_REACHED - Macie started analyzing the object but additional // analysis would exceed the time quota for analyzing an object. // // - UNABLE_TO_PARSE_FILE - The object is a file that contains structured data // and an error occurred when Macie attempted to parse the data. // // - UNSUPPORTED_FILE_TYPE_EXCEPTION - The object is a file that uses an // unsupported file or storage format. // // For information about quotas, supported storage classes, and supported file and // storage formats, see [Quotas]and [Supported storage classes and formats] in the Amazon Macie User Guide. // // [Quotas]: https://docs.aws.amazon.com/macie/latest/user/macie-quotas.html // [Supported storage classes and formats]: https://docs.aws.amazon.com/macie/latest/user/discovery-supported-storage.html Reason *string // contains filtered or unexported fields }
Provides information about the status of a sensitive data finding.
type ClassificationScopeSummary ¶ added in v1.24.0
type ClassificationScopeSummary struct { // The unique identifier for the classification scope. Id *string // The name of the classification scope: automated-sensitive-data-discovery. Name *string // contains filtered or unexported fields }
Provides information about the classification scope for an Amazon Macie account. Macie uses the scope's settings when it performs automated sensitive data discovery for the account.
type ClassificationScopeUpdateOperation ¶ added in v1.24.0
type ClassificationScopeUpdateOperation string
const ( ClassificationScopeUpdateOperationAdd ClassificationScopeUpdateOperation = "ADD" ClassificationScopeUpdateOperationReplace ClassificationScopeUpdateOperation = "REPLACE" ClassificationScopeUpdateOperationRemove ClassificationScopeUpdateOperation = "REMOVE" )
Enum values for ClassificationScopeUpdateOperation
func (ClassificationScopeUpdateOperation) Values ¶ added in v1.24.0
func (ClassificationScopeUpdateOperation) Values() []ClassificationScopeUpdateOperation
Values returns all known values for ClassificationScopeUpdateOperation. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ConflictException ¶
type ConflictException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
Provides information about an error that occurred due to a versioning conflict for a specified resource.
func (*ConflictException) Error ¶
func (e *ConflictException) Error() string
func (*ConflictException) ErrorCode ¶
func (e *ConflictException) ErrorCode() string
func (*ConflictException) ErrorFault ¶
func (e *ConflictException) ErrorFault() smithy.ErrorFault
func (*ConflictException) ErrorMessage ¶
func (e *ConflictException) ErrorMessage() string
type CriteriaBlockForJob ¶ added in v1.6.0
type CriteriaBlockForJob struct { // An array of conditions, one for each condition that determines which buckets to // include or exclude from the job. If you specify more than one condition, Amazon // Macie uses AND logic to join the conditions. And []CriteriaForJob // contains filtered or unexported fields }
Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job.
type CriteriaForJob ¶ added in v1.6.0
type CriteriaForJob struct { // A property-based condition that defines a property, operator, and one or more // values for including or excluding buckets from the job. SimpleCriterion *SimpleCriterionForJob // A tag-based condition that defines an operator and tag keys, tag values, or tag // key and value pairs for including or excluding buckets from the job. TagCriterion *TagCriterionForJob // contains filtered or unexported fields }
Specifies a property- or tag-based condition that defines criteria for including or excluding S3 buckets from a classification job.
type CriterionAdditionalProperties ¶
type CriterionAdditionalProperties struct { // The value for the property matches (equals) the specified value. If you specify // multiple values, Macie uses OR logic to join the values. Eq []string // The value for the property exclusively matches (equals an exact match for) all // the specified values. If you specify multiple values, Amazon Macie uses AND // logic to join the values. // // You can use this operator with the following properties: // customDataIdentifiers.detections.arn, customDataIdentifiers.detections.name, // resourcesAffected.s3Bucket.tags.key, resourcesAffected.s3Bucket.tags.value, // resourcesAffected.s3Object.tags.key, resourcesAffected.s3Object.tags.value, // sensitiveData.category, and sensitiveData.detections.type. EqExactMatch []string // The value for the property is greater than the specified value. Gt *int64 // The value for the property is greater than or equal to the specified value. Gte *int64 // The value for the property is less than the specified value. Lt *int64 // The value for the property is less than or equal to the specified value. Lte *int64 // The value for the property doesn't match (doesn't equal) the specified value. // If you specify multiple values, Macie uses OR logic to join the values. Neq []string // contains filtered or unexported fields }
Specifies the operator to use in a property-based condition that filters the results of a query for findings. For detailed information and examples of each operator, see Fundamentals of filtering findingsin the Amazon Macie User Guide.
type Currency ¶
type Currency string
const (
CurrencyUsd Currency = "USD"
)
Enum values for Currency
type CustomDataIdentifierSummary ¶
type CustomDataIdentifierSummary struct { // The Amazon Resource Name (ARN) of the custom data identifier. Arn *string // The date and time, in UTC and extended ISO 8601 format, when the custom data // identifier was created. CreatedAt *time.Time // The custom description of the custom data identifier. Description *string // The unique identifier for the custom data identifier. Id *string // The custom name of the custom data identifier. Name *string // contains filtered or unexported fields }
Provides information about a custom data identifier.
type CustomDataIdentifiers ¶
type CustomDataIdentifiers struct { // The custom data identifiers that detected the data, and the number of // occurrences of the data that each identifier detected. Detections []CustomDetection // The total number of occurrences of the data that was detected by the custom // data identifiers and produced the finding. TotalCount *int64 // contains filtered or unexported fields }
Provides information about custom data identifiers that produced a sensitive data finding, and the number of occurrences of the data that they detected for the finding.
type CustomDetection ¶
type CustomDetection struct { // The unique identifier for the custom data identifier. Arn *string // The total number of occurrences of the sensitive data that the custom data // identifier detected. Count *int64 // The name of the custom data identifier. Name *string // The location of 1-15 occurrences of the sensitive data that the custom data // identifier detected. A finding includes location data for a maximum of 15 // occurrences of sensitive data. Occurrences *Occurrences // contains filtered or unexported fields }
Provides information about a custom data identifier that produced a sensitive data finding, and the sensitive data that it detected for the finding.
type DailySchedule ¶
type DailySchedule struct {
// contains filtered or unexported fields
}
Specifies that a classification job runs once a day, every day. This is an empty object.
type DataIdentifierSeverity ¶ added in v1.13.0
type DataIdentifierSeverity string
const ( DataIdentifierSeverityLow DataIdentifierSeverity = "LOW" DataIdentifierSeverityMedium DataIdentifierSeverity = "MEDIUM" DataIdentifierSeverityHigh DataIdentifierSeverity = "HIGH" )
Enum values for DataIdentifierSeverity
func (DataIdentifierSeverity) Values ¶ added in v1.13.0
func (DataIdentifierSeverity) Values() []DataIdentifierSeverity
Values returns all known values for DataIdentifierSeverity. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type DataIdentifierType ¶ added in v1.24.0
type DataIdentifierType string
const ( DataIdentifierTypeCustom DataIdentifierType = "CUSTOM" DataIdentifierTypeManaged DataIdentifierType = "MANAGED" )
Enum values for DataIdentifierType
func (DataIdentifierType) Values ¶ added in v1.24.0
func (DataIdentifierType) Values() []DataIdentifierType
Values returns all known values for DataIdentifierType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type DayOfWeek ¶
type DayOfWeek string
const ( DayOfWeekSunday DayOfWeek = "SUNDAY" DayOfWeekMonday DayOfWeek = "MONDAY" DayOfWeekTuesday DayOfWeek = "TUESDAY" DayOfWeekWednesday DayOfWeek = "WEDNESDAY" DayOfWeekThursday DayOfWeek = "THURSDAY" DayOfWeekFriday DayOfWeek = "FRIDAY" DayOfWeekSaturday DayOfWeek = "SATURDAY" )
Enum values for DayOfWeek
type DefaultDetection ¶
type DefaultDetection struct { // The total number of occurrences of the type of sensitive data that was detected. Count *int64 // The location of 1-15 occurrences of the sensitive data that was detected. A // finding includes location data for a maximum of 15 occurrences of sensitive // data. Occurrences *Occurrences // The type of sensitive data that was detected. For example, AWS_CREDENTIALS, // PHONE_NUMBER, or ADDRESS. Type *string // contains filtered or unexported fields }
Provides information about a type of sensitive data that was detected by a managed data identifier and produced a sensitive data finding.
type DetectedDataDetails ¶ added in v1.22.0
type DetectedDataDetails struct { // An occurrence of the specified type of sensitive data. Each occurrence contains // 1-128 characters. // // This member is required. Value *string // contains filtered or unexported fields }
Specifies 1-10 occurrences of a specific type of sensitive data reported by a finding.
type Detection ¶ added in v1.24.0
type Detection struct { // If the sensitive data was detected by a custom data identifier, the Amazon // Resource Name (ARN) of the custom data identifier that detected the data. // Otherwise, this value is null. Arn *string // The total number of occurrences of the sensitive data. Count *int64 // The unique identifier for the custom data identifier or managed data identifier // that detected the sensitive data. For additional details about a specified // managed data identifier, see [Using managed data identifiers]in the Amazon Macie User Guide. // // [Using managed data identifiers]: https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html Id *string // The name of the custom data identifier or managed data identifier that detected // the sensitive data. For a managed data identifier, this value is the same as the // unique identifier (id). Name *string // Specifies whether occurrences of this type of sensitive data are excluded // (true) or included (false) in the bucket's sensitivity score, if the score is // calculated by Amazon Macie. Suppressed *bool // The type of data identifier that detected the sensitive data. Possible values // are: CUSTOM, for a custom data identifier; and, MANAGED, for a managed data // identifier. Type DataIdentifierType // contains filtered or unexported fields }
Provides information about a type of sensitive data that Amazon Macie found in an S3 bucket while performing automated sensitive data discovery for an account. The information also specifies the custom or managed data identifier that detected the data. This information is available only if automated sensitive data discovery has been enabled for the account.
type DomainDetails ¶
type DomainDetails struct { // The name of the domain. DomainName *string // contains filtered or unexported fields }
Provides information about the domain name of the device that an entity used to perform an action on an affected resource.
type EffectivePermission ¶
type EffectivePermission string
const ( EffectivePermissionPublic EffectivePermission = "PUBLIC" EffectivePermissionNotPublic EffectivePermission = "NOT_PUBLIC" EffectivePermissionUnknown EffectivePermission = "UNKNOWN" )
Enum values for EffectivePermission
func (EffectivePermission) Values ¶ added in v0.29.0
func (EffectivePermission) Values() []EffectivePermission
Values returns all known values for EffectivePermission. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type EncryptionType ¶
type EncryptionType string
const ( EncryptionTypeNone EncryptionType = "NONE" EncryptionTypeAes256 EncryptionType = "AES256" EncryptionTypeAwsKms EncryptionType = "aws:kms" EncryptionTypeUnknown EncryptionType = "UNKNOWN" EncryptionTypeAwsKmsDsse EncryptionType = "aws:kms:dsse" )
Enum values for EncryptionType
func (EncryptionType) Values ¶ added in v0.29.0
func (EncryptionType) Values() []EncryptionType
Values returns all known values for EncryptionType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ErrorCode ¶
type ErrorCode string
type FederatedUser ¶
type FederatedUser struct { // The Amazon Web Services access key ID that identifies the credentials. AccessKeyId *string // The unique identifier for the Amazon Web Services account that owns the entity // that was used to get the credentials. AccountId *string // The Amazon Resource Name (ARN) of the entity that was used to get the // credentials. Arn *string // The unique identifier for the entity that was used to get the credentials. PrincipalId *string // The details of the session that was created for the credentials, including the // entity that issued the session. SessionContext *SessionContext // contains filtered or unexported fields }
Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the GetFederationToken operation of the Security Token Service (STS) API.
type Finding ¶
type Finding struct { // The unique identifier for the Amazon Web Services account that the finding // applies to. This is typically the account that owns the affected resource. AccountId *string // Specifies whether the finding is archived (suppressed). Archived *bool // The category of the finding. Possible values are: CLASSIFICATION, for a // sensitive data finding; and, POLICY, for a policy finding. Category FindingCategory // The details of a sensitive data finding. This value is null for a policy // finding. ClassificationDetails *ClassificationDetails // The total number of occurrences of the finding. For sensitive data findings, // this value is always 1. All sensitive data findings are considered unique. Count *int64 // The date and time, in UTC and extended ISO 8601 format, when Amazon Macie // created the finding. CreatedAt *time.Time // The description of the finding. Description *string // The unique identifier for the finding. This is a random string that Amazon // Macie generates and assigns to a finding when it creates the finding. Id *string // The Amazon Web Services partition that Amazon Macie created the finding in. Partition *string // The details of a policy finding. This value is null for a sensitive data // finding. PolicyDetails *PolicyDetails // The Amazon Web Services Region that Amazon Macie created the finding in. Region *string // The resources that the finding applies to. ResourcesAffected *ResourcesAffected // Specifies whether the finding is a sample finding. A sample finding is a // finding that uses example data to demonstrate what a finding might contain. Sample *bool // The version of the schema that was used to define the data structures in the // finding. SchemaVersion *string // The severity level and score for the finding. Severity *Severity // The brief description of the finding. Title *string // The type of the finding. Type FindingType // The date and time, in UTC and extended ISO 8601 format, when Amazon Macie last // updated the finding. For sensitive data findings, this value is the same as the // value for the createdAt property. All sensitive data findings are considered // new. UpdatedAt *time.Time // contains filtered or unexported fields }
Provides the details of a finding.
type FindingAction ¶
type FindingAction struct { // The type of action that occurred for the affected resource. This value is // typically AWS_API_CALL, which indicates that an entity invoked an API operation // for the resource. ActionType FindingActionType // The invocation details of the API operation that an entity invoked for the // affected resource, if the value for the actionType property is AWS_API_CALL. ApiCallDetails *ApiCallDetails // contains filtered or unexported fields }
Provides information about an action that occurred for a resource and produced a policy finding.
type FindingActionType ¶
type FindingActionType string
const (
FindingActionTypeAwsApiCall FindingActionType = "AWS_API_CALL"
)
Enum values for FindingActionType
func (FindingActionType) Values ¶ added in v0.29.0
func (FindingActionType) Values() []FindingActionType
Values returns all known values for FindingActionType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type FindingActor ¶
type FindingActor struct { // The domain name of the device that the entity used to perform the action on the // affected resource. DomainDetails *DomainDetails // The IP address and related details about the device that the entity used to // perform the action on the affected resource. The details can include information // such as the owner and geographic location of the IP address. IpAddressDetails *IpAddressDetails // The type and other characteristics of the entity that performed the action on // the affected resource. This value is null if the action was performed by an // anonymous (unauthenticated) entity. UserIdentity *UserIdentity // contains filtered or unexported fields }
Provides information about an entity that performed an action that produced a policy finding for a resource.
type FindingCategory ¶
type FindingCategory string
const ( FindingCategoryClassification FindingCategory = "CLASSIFICATION" FindingCategoryPolicy FindingCategory = "POLICY" )
Enum values for FindingCategory
func (FindingCategory) Values ¶ added in v0.29.0
func (FindingCategory) Values() []FindingCategory
Values returns all known values for FindingCategory. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type FindingCriteria ¶
type FindingCriteria struct { // A condition that specifies the property, operator, and one or more values to // use to filter the results. Criterion map[string]CriterionAdditionalProperties // contains filtered or unexported fields }
Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.
type FindingPublishingFrequency ¶
type FindingPublishingFrequency string
const ( FindingPublishingFrequencyFifteenMinutes FindingPublishingFrequency = "FIFTEEN_MINUTES" FindingPublishingFrequencyOneHour FindingPublishingFrequency = "ONE_HOUR" FindingPublishingFrequencySixHours FindingPublishingFrequency = "SIX_HOURS" )
Enum values for FindingPublishingFrequency
func (FindingPublishingFrequency) Values ¶ added in v0.29.0
func (FindingPublishingFrequency) Values() []FindingPublishingFrequency
Values returns all known values for FindingPublishingFrequency. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type FindingStatisticsSortAttributeName ¶
type FindingStatisticsSortAttributeName string
const ( FindingStatisticsSortAttributeNameGroupKey FindingStatisticsSortAttributeName = "groupKey" FindingStatisticsSortAttributeNameCount FindingStatisticsSortAttributeName = "count" )
Enum values for FindingStatisticsSortAttributeName
func (FindingStatisticsSortAttributeName) Values ¶ added in v0.29.0
func (FindingStatisticsSortAttributeName) Values() []FindingStatisticsSortAttributeName
Values returns all known values for FindingStatisticsSortAttributeName. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type FindingStatisticsSortCriteria ¶
type FindingStatisticsSortCriteria struct { // The grouping to sort the results by. Valid values are: count, sort the results // by the number of findings in each group of results; and, groupKey, sort the // results by the name of each group of results. AttributeName FindingStatisticsSortAttributeName // The sort order to apply to the results, based on the value for the property // specified by the attributeName property. Valid values are: ASC, sort the results // in ascending order; and, DESC, sort the results in descending order. OrderBy OrderBy // contains filtered or unexported fields }
Specifies criteria for sorting the results of a query that retrieves aggregated statistical data about findings.
type FindingType ¶
type FindingType string
const ( FindingTypeSensitiveDataS3ObjectMultiple FindingType = "SensitiveData:S3Object/Multiple" FindingTypeSensitiveDataS3ObjectFinancial FindingType = "SensitiveData:S3Object/Financial" FindingTypeSensitiveDataS3ObjectPersonal FindingType = "SensitiveData:S3Object/Personal" FindingTypeSensitiveDataS3ObjectCredentials FindingType = "SensitiveData:S3Object/Credentials" FindingTypeSensitiveDataS3ObjectCustomIdentifier FindingType = "SensitiveData:S3Object/CustomIdentifier" FindingTypePolicyIAMUserS3BucketPublic FindingType = "Policy:IAMUser/S3BucketPublic" FindingTypePolicyIAMUserS3BucketReplicatedExternally FindingType = "Policy:IAMUser/S3BucketReplicatedExternally" FindingTypePolicyIAMUserS3BucketEncryptionDisabled FindingType = "Policy:IAMUser/S3BucketEncryptionDisabled" FindingTypePolicyIAMUserS3BlockPublicAccessDisabled FindingType = "Policy:IAMUser/S3BlockPublicAccessDisabled" )
Enum values for FindingType
func (FindingType) Values ¶ added in v0.29.0
func (FindingType) Values() []FindingType
Values returns all known values for FindingType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type FindingsFilterAction ¶
type FindingsFilterAction string
const ( FindingsFilterActionArchive FindingsFilterAction = "ARCHIVE" FindingsFilterActionNoop FindingsFilterAction = "NOOP" )
Enum values for FindingsFilterAction
func (FindingsFilterAction) Values ¶ added in v0.29.0
func (FindingsFilterAction) Values() []FindingsFilterAction
Values returns all known values for FindingsFilterAction. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type FindingsFilterListItem ¶
type FindingsFilterListItem struct { // The action that's performed on findings that match the filter criteria. // Possible values are: ARCHIVE, suppress (automatically archive) the findings; // and, NOOP, don't perform any action on the findings. Action FindingsFilterAction // The Amazon Resource Name (ARN) of the filter. Arn *string // The unique identifier for the filter. Id *string // The custom name of the filter. Name *string // A map of key-value pairs that specifies which tags (keys and values) are // associated with the filter. Tags map[string]string // contains filtered or unexported fields }
Provides information about a findings filter.
type GroupBy ¶
type GroupBy string
type GroupCount ¶
type GroupCount struct { // The total number of findings in the group of query results. Count *int64 // The name of the property that defines the group in the query results, as // specified by the groupBy property in the query request. GroupKey *string // contains filtered or unexported fields }
Provides a group of results for a query that retrieved aggregated statistical data about findings.
type IamUser ¶
type IamUser struct { // The unique identifier for the Amazon Web Services account that's associated // with the IAM user who performed the action. AccountId *string // The Amazon Resource Name (ARN) of the principal that performed the action. The // last section of the ARN contains the name of the user who performed the action. Arn *string // The unique identifier for the IAM user who performed the action. PrincipalId *string // The username of the IAM user who performed the action. UserName *string // contains filtered or unexported fields }
Provides information about an Identity and Access Management (IAM) user who performed an action on an affected resource.
type InternalServerException ¶
type InternalServerException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
func (*InternalServerException) Error ¶
func (e *InternalServerException) Error() string
func (*InternalServerException) ErrorCode ¶
func (e *InternalServerException) ErrorCode() string
func (*InternalServerException) ErrorFault ¶
func (e *InternalServerException) ErrorFault() smithy.ErrorFault
func (*InternalServerException) ErrorMessage ¶
func (e *InternalServerException) ErrorMessage() string
type Invitation ¶
type Invitation struct { // The Amazon Web Services account ID for the account that sent the invitation. AccountId *string // The unique identifier for the invitation. InvitationId *string // The date and time, in UTC and extended ISO 8601 format, when the invitation was // sent. InvitedAt *time.Time // The status of the relationship between the account that sent the invitation and // the account that received the invitation. RelationshipStatus RelationshipStatus // contains filtered or unexported fields }
Provides information about an Amazon Macie membership invitation.
type IpAddressDetails ¶
type IpAddressDetails struct { // The Internet Protocol version 4 (IPv4) address of the device. IpAddressV4 *string // The city that the IP address originated from. IpCity *IpCity // The country that the IP address originated from. IpCountry *IpCountry // The geographic coordinates of the location that the IP address originated from. IpGeoLocation *IpGeoLocation // The registered owner of the IP address. IpOwner *IpOwner // contains filtered or unexported fields }
Provides information about the IP address of the device that an entity used to perform an action on an affected resource.
type IpCity ¶
type IpCity struct { // The name of the city. Name *string // contains filtered or unexported fields }
Provides information about the city that an IP address originated from.
type IpCountry ¶
type IpCountry struct { // The two-character code, in ISO 3166-1 alpha-2 format, for the country that the // IP address originated from. For example, US for the United States. Code *string // The name of the country that the IP address originated from. Name *string // contains filtered or unexported fields }
Provides information about the country that an IP address originated from.
type IpGeoLocation ¶
type IpGeoLocation struct { // The latitude coordinate of the location, rounded to four decimal places. Lat *float64 // The longitude coordinate of the location, rounded to four decimal places. Lon *float64 // contains filtered or unexported fields }
Provides geographic coordinates that indicate where a specified IP address originated from.
type IpOwner ¶
type IpOwner struct { // The autonomous system number (ASN) for the autonomous system that included the // IP address. Asn *string // The organization identifier that's associated with the autonomous system number // (ASN) for the autonomous system that included the IP address. AsnOrg *string // The name of the internet service provider (ISP) that owned the IP address. Isp *string // The name of the organization that owned the IP address. Org *string // contains filtered or unexported fields }
Provides information about the registered owner of an IP address.
type IsDefinedInJob ¶ added in v0.30.0
type IsDefinedInJob string
const ( IsDefinedInJobTrue IsDefinedInJob = "TRUE" IsDefinedInJobFalse IsDefinedInJob = "FALSE" IsDefinedInJobUnknown IsDefinedInJob = "UNKNOWN" )
Enum values for IsDefinedInJob
func (IsDefinedInJob) Values ¶ added in v0.30.0
func (IsDefinedInJob) Values() []IsDefinedInJob
Values returns all known values for IsDefinedInJob. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type IsMonitoredByJob ¶ added in v0.30.0
type IsMonitoredByJob string
const ( IsMonitoredByJobTrue IsMonitoredByJob = "TRUE" IsMonitoredByJobFalse IsMonitoredByJob = "FALSE" IsMonitoredByJobUnknown IsMonitoredByJob = "UNKNOWN" )
Enum values for IsMonitoredByJob
func (IsMonitoredByJob) Values ¶ added in v0.30.0
func (IsMonitoredByJob) Values() []IsMonitoredByJob
Values returns all known values for IsMonitoredByJob. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type JobComparator ¶
type JobComparator string
const ( JobComparatorEq JobComparator = "EQ" JobComparatorGt JobComparator = "GT" JobComparatorGte JobComparator = "GTE" JobComparatorLt JobComparator = "LT" JobComparatorLte JobComparator = "LTE" JobComparatorNe JobComparator = "NE" JobComparatorContains JobComparator = "CONTAINS" JobComparatorStartsWith JobComparator = "STARTS_WITH" )
Enum values for JobComparator
func (JobComparator) Values ¶ added in v0.29.0
func (JobComparator) Values() []JobComparator
Values returns all known values for JobComparator. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type JobDetails ¶ added in v0.30.0
type JobDetails struct { // Specifies whether any one-time or recurring jobs are configured to analyze // objects in the bucket. Possible values are: // // - TRUE - The bucket is explicitly included in the bucket definition // (S3BucketDefinitionForJob) for one or more jobs and at least one of those jobs // has a status other than CANCELLED. Or the bucket matched the bucket criteria // (S3BucketCriteriaForJob) for at least one job that previously ran. // // - FALSE - The bucket isn't explicitly included in the bucket definition // (S3BucketDefinitionForJob) for any jobs, all the jobs that explicitly include // the bucket in their bucket definitions have a status of CANCELLED, or the bucket // didn't match the bucket criteria (S3BucketCriteriaForJob) for any jobs that // previously ran. // // - UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job // data for the bucket. IsDefinedInJob IsDefinedInJob // Specifies whether any recurring jobs are configured to analyze objects in the // bucket. Possible values are: // // - TRUE - The bucket is explicitly included in the bucket definition // (S3BucketDefinitionForJob) for one or more recurring jobs or the bucket matches // the bucket criteria (S3BucketCriteriaForJob) for one or more recurring jobs. At // least one of those jobs has a status other than CANCELLED. // // - FALSE - The bucket isn't explicitly included in the bucket definition // (S3BucketDefinitionForJob) for any recurring jobs, the bucket doesn't match the // bucket criteria (S3BucketCriteriaForJob) for any recurring jobs, or all the // recurring jobs that are configured to analyze data in the bucket have a status // of CANCELLED. // // - UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job // data for the bucket. IsMonitoredByJob IsMonitoredByJob // The unique identifier for the job that ran most recently and is configured to // analyze objects in the bucket, either the latest run of a recurring job or the // only run of a one-time job. // // This value is typically null if the value for the isDefinedInJob property is // FALSE or UNKNOWN. LastJobId *string // The date and time, in UTC and extended ISO 8601 format, when the job // (lastJobId) started. If the job is a recurring job, this value indicates when // the most recent run started. // // This value is typically null if the value for the isDefinedInJob property is // FALSE or UNKNOWN. LastJobRunTime *time.Time // contains filtered or unexported fields }
Specifies whether any one-time or recurring classification jobs are configured to analyze objects in an S3 bucket, and, if so, the details of the job that ran most recently.
type JobScheduleFrequency ¶
type JobScheduleFrequency struct { // Specifies a daily recurrence pattern for running the job. DailySchedule *DailySchedule // Specifies a monthly recurrence pattern for running the job. MonthlySchedule *MonthlySchedule // Specifies a weekly recurrence pattern for running the job. WeeklySchedule *WeeklySchedule // contains filtered or unexported fields }
Specifies the recurrence pattern for running a classification job.
type JobScopeTerm ¶
type JobScopeTerm struct { // A property-based condition that defines a property, operator, and one or more // values for including or excluding objects from the job. SimpleScopeTerm *SimpleScopeTerm // A tag-based condition that defines the operator and tag keys or tag key and // value pairs for including or excluding objects from the job. TagScopeTerm *TagScopeTerm // contains filtered or unexported fields }
Specifies a property- or tag-based condition that defines criteria for including or excluding S3 objects from a classification job. A JobScopeTerm object can contain only one simpleScopeTerm object or one tagScopeTerm object.
type JobScopingBlock ¶
type JobScopingBlock struct { // An array of conditions, one for each property- or tag-based condition that // determines which objects to include or exclude from the job. If you specify more // than one condition, Amazon Macie uses AND logic to join the conditions. And []JobScopeTerm // contains filtered or unexported fields }
Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job.
type JobStatus ¶
type JobStatus string
type JobSummary ¶
type JobSummary struct { // The property- and tag-based conditions that determine which S3 buckets are // included or excluded from the job's analysis. Each time the job runs, the job // uses these criteria to determine which buckets to analyze. A job's definition // can contain a bucketCriteria object or a bucketDefinitions array, not both. BucketCriteria *S3BucketCriteriaForJob // An array of objects, one for each Amazon Web Services account that owns // specific S3 buckets for the job to analyze. Each object specifies the account ID // for an account and one or more buckets to analyze for that account. A job's // definition can contain a bucketDefinitions array or a bucketCriteria object, not // both. BucketDefinitions []S3BucketDefinitionForJob // The date and time, in UTC and extended ISO 8601 format, when the job was // created. CreatedAt *time.Time // The unique identifier for the job. JobId *string // The current status of the job. Possible values are: // // - CANCELLED - You cancelled the job or, if it's a one-time job, you paused // the job and didn't resume it within 30 days. // // - COMPLETE - For a one-time job, Amazon Macie finished processing the data // specified for the job. This value doesn't apply to recurring jobs. // // - IDLE - For a recurring job, the previous scheduled run is complete and the // next scheduled run is pending. This value doesn't apply to one-time jobs. // // - PAUSED - Macie started running the job but additional processing would // exceed the monthly sensitive data discovery quota for your account or one or // more member accounts that the job analyzes data for. // // - RUNNING - For a one-time job, the job is in progress. For a recurring job, // a scheduled run is in progress. // // - USER_PAUSED - You paused the job. If you paused the job while it had a // status of RUNNING and you don't resume it within 30 days of pausing it, the job // or job run will expire and be cancelled, depending on the job's type. To check // the expiration date, refer to the UserPausedDetails.jobExpiresAt property. JobStatus JobStatus // The schedule for running the job. Possible values are: // // - ONE_TIME - The job runs only once. // // - SCHEDULED - The job runs on a daily, weekly, or monthly basis. JobType JobType // Specifies whether any account- or bucket-level access errors occurred when the // job ran. For a recurring job, this value indicates the error status of the job's // most recent run. LastRunErrorStatus *LastRunErrorStatus // The custom name of the job. Name *string // If the current status of the job is USER_PAUSED, specifies when the job was // paused and when the job or job run will expire and be cancelled if it isn't // resumed. This value is present only if the value for jobStatus is USER_PAUSED. UserPausedDetails *UserPausedDetails // contains filtered or unexported fields }
Provides information about a classification job, including the current status of the job.
type KeyValuePair ¶
type KeyValuePair struct { // One part of a key-value pair that comprises a tag. A tag key is a general label // that acts as a category for more specific tag values. Key *string // One part of a key-value pair that comprises a tag. A tag value acts as a // descriptor for a tag key. A tag value can be an empty string. Value *string // contains filtered or unexported fields }
Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.
type LastRunErrorStatus ¶ added in v0.30.0
type LastRunErrorStatus struct { // Specifies whether any account- or bucket-level access errors occurred when the // job ran. For a recurring job, this value indicates the error status of the job's // most recent run. Possible values are: // // - ERROR - One or more errors occurred. Amazon Macie didn't process all the // data specified for the job. // // - NONE - No errors occurred. Macie processed all the data specified for the // job. Code LastRunErrorStatusCode // contains filtered or unexported fields }
Specifies whether any account- or bucket-level access errors occurred when a classification job ran. For information about using logging data to investigate these errors, see Monitoring sensitive data discovery jobsin the Amazon Macie User Guide.
type LastRunErrorStatusCode ¶ added in v0.30.0
type LastRunErrorStatusCode string
const ( LastRunErrorStatusCodeNone LastRunErrorStatusCode = "NONE" LastRunErrorStatusCodeError LastRunErrorStatusCode = "ERROR" )
Enum values for LastRunErrorStatusCode
func (LastRunErrorStatusCode) Values ¶ added in v0.30.0
func (LastRunErrorStatusCode) Values() []LastRunErrorStatusCode
Values returns all known values for LastRunErrorStatusCode. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ListJobsFilterCriteria ¶
type ListJobsFilterCriteria struct { // An array of objects, one for each condition that determines which jobs to // exclude from the results. Excludes []ListJobsFilterTerm // An array of objects, one for each condition that determines which jobs to // include in the results. Includes []ListJobsFilterTerm // contains filtered or unexported fields }
Specifies criteria for filtering the results of a request for information about classification jobs.
type ListJobsFilterKey ¶
type ListJobsFilterKey string
const ( ListJobsFilterKeyJobType ListJobsFilterKey = "jobType" ListJobsFilterKeyJobStatus ListJobsFilterKey = "jobStatus" ListJobsFilterKeyCreatedAt ListJobsFilterKey = "createdAt" ListJobsFilterKeyName ListJobsFilterKey = "name" )
Enum values for ListJobsFilterKey
func (ListJobsFilterKey) Values ¶ added in v0.29.0
func (ListJobsFilterKey) Values() []ListJobsFilterKey
Values returns all known values for ListJobsFilterKey. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ListJobsFilterTerm ¶
type ListJobsFilterTerm struct { // The operator to use to filter the results. Comparator JobComparator // The property to use to filter the results. Key ListJobsFilterKey // An array that lists one or more values to use to filter the results. Values []string // contains filtered or unexported fields }
Specifies a condition that filters the results of a request for information about classification jobs. Each condition consists of a property, an operator, and one or more values.
type ListJobsSortAttributeName ¶
type ListJobsSortAttributeName string
const ( ListJobsSortAttributeNameCreatedAt ListJobsSortAttributeName = "createdAt" ListJobsSortAttributeNameJobStatus ListJobsSortAttributeName = "jobStatus" ListJobsSortAttributeNameName ListJobsSortAttributeName = "name" ListJobsSortAttributeNameJobType ListJobsSortAttributeName = "jobType" )
Enum values for ListJobsSortAttributeName
func (ListJobsSortAttributeName) Values ¶ added in v0.29.0
func (ListJobsSortAttributeName) Values() []ListJobsSortAttributeName
Values returns all known values for ListJobsSortAttributeName. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ListJobsSortCriteria ¶
type ListJobsSortCriteria struct { // The property to sort the results by. AttributeName ListJobsSortAttributeName // The sort order to apply to the results, based on the value for the property // specified by the attributeName property. Valid values are: ASC, sort the results // in ascending order; and, DESC, sort the results in descending order. OrderBy OrderBy // contains filtered or unexported fields }
Specifies criteria for sorting the results of a request for information about classification jobs.
type MacieStatus ¶
type MacieStatus string
const ( MacieStatusPaused MacieStatus = "PAUSED" MacieStatusEnabled MacieStatus = "ENABLED" )
Enum values for MacieStatus
func (MacieStatus) Values ¶ added in v0.29.0
func (MacieStatus) Values() []MacieStatus
Values returns all known values for MacieStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ManagedDataIdentifierSelector ¶ added in v1.10.0
type ManagedDataIdentifierSelector string
const ( ManagedDataIdentifierSelectorAll ManagedDataIdentifierSelector = "ALL" ManagedDataIdentifierSelectorExclude ManagedDataIdentifierSelector = "EXCLUDE" ManagedDataIdentifierSelectorInclude ManagedDataIdentifierSelector = "INCLUDE" ManagedDataIdentifierSelectorNone ManagedDataIdentifierSelector = "NONE" ManagedDataIdentifierSelectorRecommended ManagedDataIdentifierSelector = "RECOMMENDED" )
Enum values for ManagedDataIdentifierSelector
func (ManagedDataIdentifierSelector) Values ¶ added in v1.10.0
func (ManagedDataIdentifierSelector) Values() []ManagedDataIdentifierSelector
Values returns all known values for ManagedDataIdentifierSelector. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ManagedDataIdentifierSummary ¶ added in v1.10.0
type ManagedDataIdentifierSummary struct { // The category of sensitive data that the managed data identifier detects: // CREDENTIALS, for credentials data such as private keys or Amazon Web Services // secret access keys; FINANCIAL_INFORMATION, for financial data such as credit // card numbers; or, PERSONAL_INFORMATION, for personal health information, such as // health insurance identification numbers, or personally identifiable information, // such as passport numbers. Category SensitiveDataItemCategory // The unique identifier for the managed data identifier. This is a string that // describes the type of sensitive data that the managed data identifier detects. // For example: OPENSSH_PRIVATE_KEY for OpenSSH private keys, CREDIT_CARD_NUMBER // for credit card numbers, or USA_PASSPORT_NUMBER for US passport numbers. Id *string // contains filtered or unexported fields }
Provides information about a managed data identifier. For additional information, see Using managed data identifiersin the Amazon Macie User Guide.
type MatchingBucket ¶ added in v1.6.0
type MatchingBucket struct { // The unique identifier for the Amazon Web Services account that owns the bucket. AccountId *string // Specifies whether automated sensitive data discovery is currently configured to // analyze objects in the bucket. Possible values are: MONITORED, the bucket is // included in analyses; and, NOT_MONITORED, the bucket is excluded from analyses. // If automated sensitive data discovery is disabled for your account, this value // is NOT_MONITORED. AutomatedDiscoveryMonitoringStatus AutomatedDiscoveryMonitoringStatus // The name of the bucket. BucketName *string // The total number of objects that Amazon Macie can analyze in the bucket. These // objects use a supported storage class and have a file name extension for a // supported file or storage format. ClassifiableObjectCount *int64 // The total storage size, in bytes, of the objects that Amazon Macie can analyze // in the bucket. These objects use a supported storage class and have a file name // extension for a supported file or storage format. // // If versioning is enabled for the bucket, Macie calculates this value based on // the size of the latest version of each applicable object in the bucket. This // value doesn't reflect the storage size of all versions of each applicable object // in the bucket. ClassifiableSizeInBytes *int64 // The code for an error or issue that prevented Amazon Macie from retrieving and // processing information about the bucket and the bucket's objects. Possible // values are: // // - ACCESS_DENIED - Macie doesn't have permission to retrieve the information. // For example, the bucket has a restrictive bucket policy and Amazon S3 denied the // request. // // - BUCKET_COUNT_EXCEEDS_QUOTA - Retrieving and processing the information // would exceed the quota for the number of buckets that Macie monitors for an // account (10,000). // // If this value is null, Macie was able to retrieve and process the information. ErrorCode BucketMetadataErrorCode // A brief description of the error or issue (errorCode) that prevented Amazon // Macie from retrieving and processing information about the bucket and the // bucket's objects. This value is null if Macie was able to retrieve and process // the information. ErrorMessage *string // Specifies whether any one-time or recurring classification jobs are configured // to analyze objects in the bucket, and, if so, the details of the job that ran // most recently. JobDetails *JobDetails // The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most // recently analyzed objects in the bucket while performing automated sensitive // data discovery. This value is null if this analysis hasn't occurred. LastAutomatedDiscoveryTime *time.Time // The total number of objects in the bucket. ObjectCount *int64 // The total number of objects in the bucket, grouped by server-side encryption // type. This includes a grouping that reports the total number of objects that // aren't encrypted or use client-side encryption. ObjectCountByEncryptionType *ObjectCountByEncryptionType // The sensitivity score for the bucket, ranging from -1 (classification error) to // 100 (sensitive). // // If automated sensitive data discovery has never been enabled for your account // or it's been disabled for your organization or standalone account for more than // 30 days, possible values are: 1, the bucket is empty; or, 50, the bucket stores // objects but it's been excluded from recent analyses. SensitivityScore *int32 // The total storage size, in bytes, of the bucket. // // If versioning is enabled for the bucket, Amazon Macie calculates this value // based on the size of the latest version of each object in the bucket. This value // doesn't reflect the storage size of all versions of each object in the bucket. SizeInBytes *int64 // The total storage size, in bytes, of the objects that are compressed (.gz, // .gzip, .zip) files in the bucket. // // If versioning is enabled for the bucket, Amazon Macie calculates this value // based on the size of the latest version of each applicable object in the bucket. // This value doesn't reflect the storage size of all versions of each applicable // object in the bucket. SizeInBytesCompressed *int64 // The total number of objects that Amazon Macie can't analyze in the bucket. // These objects don't use a supported storage class or don't have a file name // extension for a supported file or storage format. UnclassifiableObjectCount *ObjectLevelStatistics // The total storage size, in bytes, of the objects that Amazon Macie can't // analyze in the bucket. These objects don't use a supported storage class or // don't have a file name extension for a supported file or storage format. UnclassifiableObjectSizeInBytes *ObjectLevelStatistics // contains filtered or unexported fields }
Provides statistical data and other information about an S3 bucket that Amazon Macie monitors and analyzes for your account. By default, object count and storage size values include data for object parts that are the result of incomplete multipart uploads. For more information, see How Macie monitors Amazon S3 data securityin the Amazon Macie User Guide.
If an error or issue prevents Macie from retrieving and processing information about the bucket or the bucket's objects, the value for many of these properties is null. Key exceptions are accountId and bucketName. To identify the cause, refer to the errorCode and errorMessage values.
type MatchingResource ¶ added in v1.6.0
type MatchingResource struct { // The details of an S3 bucket that Amazon Macie monitors and analyzes for your // account. MatchingBucket *MatchingBucket // contains filtered or unexported fields }
Provides statistical data and other information about an Amazon Web Services resource that Amazon Macie monitors and analyzes for your account.
type Member ¶
type Member struct { // The Amazon Web Services account ID for the account. AccountId *string // The Amazon Web Services account ID for the administrator account. AdministratorAccountId *string // The Amazon Resource Name (ARN) of the account. Arn *string // The email address for the account. This value is null if the account is // associated with the administrator account through Organizations. Email *string // The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie // membership invitation was last sent to the account. This value is null if a // Macie membership invitation hasn't been sent to the account. InvitedAt *time.Time // (Deprecated) The Amazon Web Services account ID for the administrator account. // This property has been replaced by the administratorAccountId property and is // retained only for backward compatibility. MasterAccountId *string // The current status of the relationship between the account and the // administrator account. RelationshipStatus RelationshipStatus // A map of key-value pairs that specifies which tags (keys and values) are // associated with the account in Amazon Macie. Tags map[string]string // The date and time, in UTC and extended ISO 8601 format, of the most recent // change to the status of the relationship between the account and the // administrator account. UpdatedAt *time.Time // contains filtered or unexported fields }
Provides information about an account that's associated with an Amazon Macie administrator account.
type MonthlySchedule ¶
type MonthlySchedule struct { // The numeric day of the month when Amazon Macie runs the job. This value can be // an integer from 1 through 31. // // If this value exceeds the number of days in a certain month, Macie doesn't run // the job that month. Macie runs the job only during months that have the // specified day. For example, if this value is 31 and a month has only 30 days, // Macie doesn't run the job that month. To run the job every month, specify a // value that's less than 29. DayOfMonth *int32 // contains filtered or unexported fields }
Specifies a monthly recurrence pattern for running a classification job.
type ObjectCountByEncryptionType ¶
type ObjectCountByEncryptionType struct { // The total number of objects that are encrypted with customer-provided keys. The // objects use server-side encryption with customer-provided keys (SSE-C). CustomerManaged *int64 // The total number of objects that are encrypted with KMS keys, either Amazon Web // Services managed keys or customer managed keys. The objects use dual-layer // server-side encryption or server-side encryption with KMS keys (DSSE-KMS or // SSE-KMS). KmsManaged *int64 // The total number of objects that are encrypted with Amazon S3 managed keys. The // objects use server-side encryption with Amazon S3 managed keys (SSE-S3). S3Managed *int64 // The total number of objects that use client-side encryption or aren't encrypted. Unencrypted *int64 // The total number of objects that Amazon Macie doesn't have current encryption // metadata for. Macie can't provide current data about the encryption settings for // these objects. Unknown *int64 // contains filtered or unexported fields }
Provides information about the number of objects that are in an S3 bucket and use certain types of server-side encryption, use client-side encryption, or aren't encrypted.
type ObjectLevelStatistics ¶ added in v0.29.0
type ObjectLevelStatistics struct { // The total storage size (in bytes) or number of objects that Amazon Macie can't // analyze because the objects don't have a file name extension for a supported // file or storage format. FileType *int64 // The total storage size (in bytes) or number of objects that Amazon Macie can't // analyze because the objects use an unsupported storage class. StorageClass *int64 // The total storage size (in bytes) or number of objects that Amazon Macie can't // analyze because the objects use an unsupported storage class or don't have a // file name extension for a supported file or storage format. Total *int64 // contains filtered or unexported fields }
Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.
type Occurrences ¶ added in v0.29.0
type Occurrences struct { // An array of objects, one for each occurrence of sensitive data in a Microsoft // Excel workbook, CSV file, or TSV file. This value is null for all other types of // files. // // Each Cell object specifies a cell or field that contains the sensitive data. Cells []Cell // An array of objects, one for each occurrence of sensitive data in an email // message or a non-binary text file such as an HTML, TXT, or XML file. Each Range // object specifies a line or inclusive range of lines that contains the sensitive // data, and the position of the data on the specified line or lines. // // This value is often null for file types that are supported by Cell, Page, or // Record objects. Exceptions are the location of sensitive data in: unstructured // sections of an otherwise structured file, such as a comment in a file; a // malformed file that Amazon Macie analyzes as plain text; and, a CSV or TSV file // that has any column names that contain sensitive data. LineRanges []Range // Reserved for future use. OffsetRanges []Range // An array of objects, one for each occurrence of sensitive data in an Adobe // Portable Document Format file. This value is null for all other types of files. // // Each Page object specifies a page that contains the sensitive data. Pages []Page // An array of objects, one for each occurrence of sensitive data in an Apache // Avro object container, Apache Parquet file, JSON file, or JSON Lines file. This // value is null for all other types of files. // // For an Avro object container or Parquet file, each Record object specifies a // record index and the path to a field in a record that contains the sensitive // data. For a JSON or JSON Lines file, each Record object specifies the path to a // field or array that contains the sensitive data. For a JSON Lines file, it also // specifies the index of the line that contains the data. Records []Record // contains filtered or unexported fields }
Specifies the location of 1-15 occurrences of sensitive data that was detected by a managed data identifier or a custom data identifier and produced a sensitive data finding.
type OriginType ¶ added in v1.21.0
type OriginType string
const ( OriginTypeSensitiveDataDiscoveryJob OriginType = "SENSITIVE_DATA_DISCOVERY_JOB" OriginTypeAutomatedSensitiveDataDiscovery OriginType = "AUTOMATED_SENSITIVE_DATA_DISCOVERY" )
Enum values for OriginType
func (OriginType) Values ¶ added in v1.21.0
func (OriginType) Values() []OriginType
Values returns all known values for OriginType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type Page ¶ added in v0.29.0
type Page struct { // Reserved for future use. LineRange *Range // Reserved for future use. OffsetRange *Range // The page number of the page that contains the sensitive data. PageNumber *int64 // contains filtered or unexported fields }
Specifies the location of an occurrence of sensitive data in an Adobe Portable Document Format file.
type PolicyDetails ¶
type PolicyDetails struct { // The action that produced the finding. Action *FindingAction // The entity that performed the action that produced the finding. Actor *FindingActor // contains filtered or unexported fields }
Provides the details of a policy finding.
type Range ¶ added in v0.29.0
type Range struct { // The number of lines from the beginning of the file to the end of the sensitive // data. End *int64 // The number of lines from the beginning of the file to the beginning of the // sensitive data. Start *int64 // The number of characters, with spaces and starting from 1, from the beginning // of the first line that contains the sensitive data (start) to the beginning of // the sensitive data. StartColumn *int64 // contains filtered or unexported fields }
Specifies the location of an occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file.
type Record ¶ added in v0.29.0
type Record struct { // The path, as a JSONPath expression, to the sensitive data. For an Avro object // container or Parquet file, this is the path to the field in the record // (recordIndex) that contains the data. For a JSON or JSON Lines file, this is the // path to the field or array that contains the data. If the data is a value in an // array, the path also indicates which value contains the data. // // If Amazon Macie detects sensitive data in the name of any element in the path, // Macie omits this field. If the name of an element exceeds 240 characters, Macie // truncates the name by removing characters from the beginning of the name. If the // resulting full path exceeds 250 characters, Macie also truncates the path, // starting with the first element in the path, until the path contains 250 or // fewer characters. JsonPath *string // For an Avro object container or Parquet file, the record index, starting from // 0, for the record that contains the sensitive data. For a JSON Lines file, the // line index, starting from 0, for the line that contains the sensitive data. This // value is always 0 for JSON files. RecordIndex *int64 // contains filtered or unexported fields }
Specifies the location of an occurrence of sensitive data in an Apache Avro object container, Apache Parquet file, JSON file, or JSON Lines file.
type RelationshipStatus ¶
type RelationshipStatus string
const ( RelationshipStatusEnabled RelationshipStatus = "Enabled" RelationshipStatusPaused RelationshipStatus = "Paused" RelationshipStatusInvited RelationshipStatus = "Invited" RelationshipStatusCreated RelationshipStatus = "Created" RelationshipStatusRemoved RelationshipStatus = "Removed" RelationshipStatusResigned RelationshipStatus = "Resigned" RelationshipStatusEmailVerificationInProgress RelationshipStatus = "EmailVerificationInProgress" RelationshipStatusEmailVerificationFailed RelationshipStatus = "EmailVerificationFailed" RelationshipStatusRegionDisabled RelationshipStatus = "RegionDisabled" RelationshipStatusAccountSuspended RelationshipStatus = "AccountSuspended" )
Enum values for RelationshipStatus
func (RelationshipStatus) Values ¶ added in v0.29.0
func (RelationshipStatus) Values() []RelationshipStatus
Values returns all known values for RelationshipStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ReplicationDetails ¶
type ReplicationDetails struct { // Specifies whether the bucket is configured to replicate one or more objects to // any destination. Replicated *bool // Specifies whether the bucket is configured to replicate one or more objects to // a bucket for an Amazon Web Services account that isn't part of your Amazon Macie // organization. An Amazon Macie organization is a set of Macie accounts that are // centrally managed as a group of related accounts through Organizations or by // Macie invitation. ReplicatedExternally *bool // An array of Amazon Web Services account IDs, one for each Amazon Web Services // account that owns a bucket that the bucket is configured to replicate one or // more objects to. ReplicationAccounts []string // contains filtered or unexported fields }
Provides information about settings that define whether one or more objects in an S3 bucket are replicated to S3 buckets for other Amazon Web Services accounts and, if so, which accounts.
type ResourceNotFoundException ¶
type ResourceNotFoundException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
Provides information about an error that occurred because a specified resource wasn't found.
func (*ResourceNotFoundException) Error ¶
func (e *ResourceNotFoundException) Error() string
func (*ResourceNotFoundException) ErrorCode ¶
func (e *ResourceNotFoundException) ErrorCode() string
func (*ResourceNotFoundException) ErrorFault ¶
func (e *ResourceNotFoundException) ErrorFault() smithy.ErrorFault
func (*ResourceNotFoundException) ErrorMessage ¶
func (e *ResourceNotFoundException) ErrorMessage() string
type ResourceProfileArtifact ¶ added in v1.24.0
type ResourceProfileArtifact struct { // The Amazon Resource Name (ARN) of the object. // // This member is required. Arn *string // The status of the analysis. Possible values are: // // - COMPLETE - Amazon Macie successfully completed its analysis of the object. // // - PARTIAL - Macie analyzed only a subset of data in the object. For example, // the object is an archive file that contains files in an unsupported format. // // - SKIPPED - Macie wasn't able to analyze the object. For example, the object // is a malformed file. // // This member is required. ClassificationResultStatus *string // Specifies whether Amazon Macie found sensitive data in the object. Sensitive *bool // contains filtered or unexported fields }
Provides information about an S3 object that Amazon Macie selected for analysis while performing automated sensitive data discovery for an account, and the status and results of the analysis. This information is available only if automated sensitive data discovery has been enabled for the account.
type ResourceStatistics ¶ added in v1.24.0
type ResourceStatistics struct { // The total amount of data, in bytes, that Amazon Macie has analyzed in the // bucket. TotalBytesClassified *int64 // The total number of occurrences of sensitive data that Amazon Macie has found // in the bucket's objects. This includes occurrences that are currently suppressed // by the sensitivity scoring settings for the bucket (totalDetectionsSuppressed). TotalDetections *int64 // The total number of occurrences of sensitive data that are currently suppressed // by the sensitivity scoring settings for the bucket. These represent occurrences // of sensitive data that Amazon Macie found in the bucket's objects, but the // occurrences were manually suppressed. By default, suppressed occurrences are // excluded from the bucket's sensitivity score. TotalDetectionsSuppressed *int64 // The total number of objects that Amazon Macie has analyzed in the bucket. TotalItemsClassified *int64 // The total number of the bucket's objects that Amazon Macie has found sensitive // data in. TotalItemsSensitive *int64 // The total number of objects that Amazon Macie wasn't able to analyze in the // bucket due to an object-level issue or error. For example, an object is a // malformed file. This value includes objects that Macie wasn't able to analyze // for reasons reported by other statistics in the ResourceStatistics object. TotalItemsSkipped *int64 // The total number of objects that Amazon Macie wasn't able to analyze in the // bucket because the objects are encrypted with a key that Macie can't access. The // objects use server-side encryption with customer-provided keys (SSE-C). TotalItemsSkippedInvalidEncryption *int64 // The total number of objects that Amazon Macie wasn't able to analyze in the // bucket because the objects are encrypted with KMS keys that were disabled, are // scheduled for deletion, or were deleted. TotalItemsSkippedInvalidKms *int64 // The total number of objects that Amazon Macie wasn't able to analyze in the // bucket due to the permissions settings for the objects or the permissions // settings for the keys that were used to encrypt the objects. TotalItemsSkippedPermissionDenied *int64 // contains filtered or unexported fields }
Provides statistical data for sensitive data discovery metrics that apply to an S3 bucket that Amazon Macie monitors and analyzes for an account, if automated sensitive data discovery has been enabled for the account. The data captures the results of automated sensitive data discovery activities that Macie has performed for the bucket.
type ResourcesAffected ¶
type ResourcesAffected struct { // The details of the S3 bucket that the finding applies to. S3Bucket *S3Bucket // The details of the S3 object that the finding applies to. S3Object *S3Object // contains filtered or unexported fields }
Provides information about the resources that a finding applies to.
type RetrievalConfiguration ¶ added in v1.33.0
type RetrievalConfiguration struct { // The access method that's used to retrieve sensitive data from affected S3 // objects. Valid values are: ASSUME_ROLE, assume an IAM role that is in the // affected Amazon Web Services account and delegates access to Amazon Macie // (roleName); and, CALLER_CREDENTIALS, use the credentials of the IAM user who // requests the sensitive data. // // This member is required. RetrievalMode RetrievalMode // The external ID to specify in the trust policy for the IAM role to assume when // retrieving sensitive data from affected S3 objects (roleName). This value is // null if the value for retrievalMode is CALLER_CREDENTIALS. // // This ID is a unique alphanumeric string that Amazon Macie generates // automatically after you configure it to assume an IAM role. For a Macie // administrator to retrieve sensitive data from an affected S3 object for a member // account, the trust policy for the role in the member account must include an // sts:ExternalId condition that requires this ID. ExternalId *string // The name of the IAM role that is in the affected Amazon Web Services account // and Amazon Macie is allowed to assume when retrieving sensitive data from // affected S3 objects for the account. This value is null if the value for // retrievalMode is CALLER_CREDENTIALS. RoleName *string // contains filtered or unexported fields }
Provides information about the access method and settings that are used to retrieve occurrences of sensitive data reported by findings.
type RetrievalMode ¶ added in v1.33.0
type RetrievalMode string
const ( RetrievalModeCallerCredentials RetrievalMode = "CALLER_CREDENTIALS" RetrievalModeAssumeRole RetrievalMode = "ASSUME_ROLE" )
Enum values for RetrievalMode
func (RetrievalMode) Values ¶ added in v1.33.0
func (RetrievalMode) Values() []RetrievalMode
Values returns all known values for RetrievalMode. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type RevealConfiguration ¶ added in v1.22.0
type RevealConfiguration struct { // The status of the configuration for the Amazon Macie account. In a response, // possible values are: ENABLED, the configuration is currently enabled for the // account; and, DISABLED, the configuration is currently disabled for the account. // In a request, valid values are: ENABLED, enable the configuration for the // account; and, DISABLED, disable the configuration for the account. // // If you disable the configuration, you also permanently delete current settings // that specify how to access affected S3 objects. If your current access method is // ASSUME_ROLE, Macie also deletes the external ID and role name currently // specified for the configuration. These settings can't be recovered after they're // deleted. // // This member is required. Status RevealStatus // The Amazon Resource Name (ARN), ID, or alias of the KMS key to use to encrypt // sensitive data that's retrieved. The key must be an existing, customer managed, // symmetric encryption key that's enabled in the same Amazon Web Services Region // as the Amazon Macie account. // // If this value specifies an alias, it must include the following prefix: alias/. // If this value specifies a key that's owned by another Amazon Web Services // account, it must specify the ARN of the key or the ARN of the key's alias. KmsKeyId *string // contains filtered or unexported fields }
Specifies the status of the Amazon Macie configuration for retrieving occurrences of sensitive data reported by findings, and the Key Management Service (KMS) key to use to encrypt sensitive data that's retrieved. When you enable the configuration for the first time, your request must specify an KMS key. Otherwise, an error occurs.
type RevealRequestStatus ¶ added in v1.22.0
type RevealRequestStatus string
const ( RevealRequestStatusSuccess RevealRequestStatus = "SUCCESS" RevealRequestStatusProcessing RevealRequestStatus = "PROCESSING" RevealRequestStatusError RevealRequestStatus = "ERROR" )
Enum values for RevealRequestStatus
func (RevealRequestStatus) Values ¶ added in v1.22.0
func (RevealRequestStatus) Values() []RevealRequestStatus
Values returns all known values for RevealRequestStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type RevealStatus ¶ added in v1.22.0
type RevealStatus string
const ( RevealStatusEnabled RevealStatus = "ENABLED" RevealStatusDisabled RevealStatus = "DISABLED" )
Enum values for RevealStatus
func (RevealStatus) Values ¶ added in v1.22.0
func (RevealStatus) Values() []RevealStatus
Values returns all known values for RevealStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type S3Bucket ¶
type S3Bucket struct { // Specifies whether the bucket policy for the bucket requires server-side // encryption of objects when objects are added to the bucket. Possible values are: // // - FALSE - The bucket policy requires server-side encryption of new objects. // PutObject requests must include a valid server-side encryption header. // // - TRUE - The bucket doesn't have a bucket policy or it has a bucket policy // that doesn't require server-side encryption of new objects. If a bucket policy // exists, it doesn't require PutObject requests to include a valid server-side // encryption header. // // - UNKNOWN - Amazon Macie can't determine whether the bucket policy requires // server-side encryption of new objects. // // Valid server-side encryption headers are: x-amz-server-side-encryption with a // value of AES256 or aws:kms, and x-amz-server-side-encryption-customer-algorithm // with a value of AES256. AllowsUnencryptedObjectUploads AllowsUnencryptedObjectUploads // The Amazon Resource Name (ARN) of the bucket. Arn *string // The date and time, in UTC and extended ISO 8601 format, when the bucket was // created. This value can also indicate when changes such as edits to the bucket's // policy were most recently made to the bucket, relative to when the finding was // created or last updated. CreatedAt *time.Time // The default server-side encryption settings for the bucket. DefaultServerSideEncryption *ServerSideEncryption // The name of the bucket. Name *string // The display name and canonical user ID for the Amazon Web Services account that // owns the bucket. Owner *S3BucketOwner // The permissions settings that determine whether the bucket is publicly // accessible. PublicAccess *BucketPublicAccess // The tags that are associated with the bucket. Tags []KeyValuePair // contains filtered or unexported fields }
Provides information about the S3 bucket that a finding applies to. If a quota prevented Amazon Macie from retrieving and processing all the bucket's information prior to generating the finding, the following values are UNKNOWN or null: allowsUnencryptedObjectUploads, defaultServerSideEncryption, publicAccess, and tags.
type S3BucketCriteriaForJob ¶ added in v1.6.0
type S3BucketCriteriaForJob struct { // The property- and tag-based conditions that determine which buckets to exclude // from the job. Excludes *CriteriaBlockForJob // The property- and tag-based conditions that determine which buckets to include // in the job. Includes *CriteriaBlockForJob // contains filtered or unexported fields }
Specifies property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job. Exclude conditions take precedence over include conditions.
type S3BucketDefinitionForJob ¶
type S3BucketDefinitionForJob struct { // The unique identifier for the Amazon Web Services account that owns the buckets. // // This member is required. AccountId *string // An array that lists the names of the buckets. // // This member is required. Buckets []string // contains filtered or unexported fields }
Specifies an Amazon Web Services account that owns S3 buckets for a classification job to analyze, and one or more specific buckets to analyze for that account.
type S3BucketOwner ¶
type S3BucketOwner struct { // The display name of the account that owns the bucket. DisplayName *string // The canonical user ID for the account that owns the bucket. Id *string // contains filtered or unexported fields }
Provides information about the Amazon Web Services account that owns an S3 bucket.
type S3ClassificationScope ¶ added in v1.24.0
type S3ClassificationScope struct { // The S3 buckets that are excluded. // // This member is required. Excludes *S3ClassificationScopeExclusion // contains filtered or unexported fields }
Specifies the S3 buckets that are excluded from automated sensitive data discovery for an Amazon Macie account.
type S3ClassificationScopeExclusion ¶ added in v1.24.0
type S3ClassificationScopeExclusion struct { // An array of strings, one for each S3 bucket that is excluded. Each string is // the full name of an excluded bucket. // // This member is required. BucketNames []string // contains filtered or unexported fields }
Specifies the names of the S3 buckets that are excluded from automated sensitive data discovery.
type S3ClassificationScopeExclusionUpdate ¶ added in v1.24.0
type S3ClassificationScopeExclusionUpdate struct { // Depending on the value specified for the update operation // (ClassificationScopeUpdateOperation), an array of strings that: lists the names // of buckets to add or remove from the list, or specifies a new set of bucket // names that overwrites all existing names in the list. Each string must be the // full name of an existing S3 bucket. Values are case sensitive. // // This member is required. BucketNames []string // Specifies how to apply the changes to the exclusion list. Valid values are: // // - ADD - Append the specified bucket names to the current list. // // - REMOVE - Remove the specified bucket names from the current list. // // - REPLACE - Overwrite the current list with the specified list of bucket // names. If you specify this value, Amazon Macie removes all existing names from // the list and adds all the specified names to the list. // // This member is required. Operation ClassificationScopeUpdateOperation // contains filtered or unexported fields }
Specifies S3 buckets to add or remove from the exclusion list defined by the classification scope for an Amazon Macie account.
type S3ClassificationScopeUpdate ¶ added in v1.24.0
type S3ClassificationScopeUpdate struct { // The names of the S3 buckets to add or remove from the list. // // This member is required. Excludes *S3ClassificationScopeExclusionUpdate // contains filtered or unexported fields }
Specifies changes to the list of S3 buckets that are excluded from automated sensitive data discovery for an Amazon Macie account.
type S3Destination ¶
type S3Destination struct { // The name of the bucket. This must be the name of an existing general purpose // bucket. // // This member is required. BucketName *string // The Amazon Resource Name (ARN) of the customer managed KMS key to use for // encryption of the results. This must be the ARN of an existing, symmetric // encryption KMS key that's enabled in the same Amazon Web Services Region as the // bucket. // // This member is required. KmsKeyArn *string // The path prefix to use in the path to the location in the bucket. This prefix // specifies where to store classification results in the bucket. KeyPrefix *string // contains filtered or unexported fields }
Specifies an S3 bucket to store data classification results in, and the encryption settings to use when storing results in that bucket.
type S3JobDefinition ¶
type S3JobDefinition struct { // The property- and tag-based conditions that determine which S3 buckets to // include or exclude from the analysis. Each time the job runs, the job uses these // criteria to determine which buckets contain objects to analyze. A job's // definition can contain a bucketCriteria object or a bucketDefinitions array, not // both. BucketCriteria *S3BucketCriteriaForJob // An array of objects, one for each Amazon Web Services account that owns // specific S3 buckets to analyze. Each object specifies the account ID for an // account and one or more buckets to analyze for that account. A job's definition // can contain a bucketDefinitions array or a bucketCriteria object, not both. BucketDefinitions []S3BucketDefinitionForJob // The property- and tag-based conditions that determine which S3 objects to // include or exclude from the analysis. Each time the job runs, the job uses these // criteria to determine which objects to analyze. Scoping *Scoping // contains filtered or unexported fields }
Specifies which S3 buckets contain the objects that a classification job analyzes, and the scope of that analysis. The bucket specification can be static (bucketDefinitions) or dynamic (bucketCriteria). If it's static, the job analyzes objects in the same predefined set of buckets each time the job runs. If it's dynamic, the job analyzes objects in any buckets that match the specified criteria each time the job starts to run.
type S3Object ¶
type S3Object struct { // The Amazon Resource Name (ARN) of the bucket that contains the object. BucketArn *string // The entity tag (ETag) that identifies the affected version of the object. If // the object was overwritten or changed after Amazon Macie produced the finding, // this value might be different from the current ETag for the object. ETag *string // The file name extension of the object. If the object doesn't have a file name // extension, this value is "". Extension *string // The full name (key) of the object, including the object's prefix if applicable. Key *string // The date and time, in UTC and extended ISO 8601 format, when the object was // last modified. LastModified *time.Time // The full path to the affected object, including the name of the affected bucket // and the object's name (key). Path *string // Specifies whether the object is publicly accessible due to the combination of // permissions settings that apply to the object. PublicAccess *bool // The type of server-side encryption that was used to encrypt the object. ServerSideEncryption *ServerSideEncryption // The total storage size, in bytes, of the object. Size *int64 // The storage class of the object. StorageClass StorageClass // The tags that are associated with the object. Tags []KeyValuePair // The identifier for the affected version of the object. VersionId *string // contains filtered or unexported fields }
Provides information about the S3 object that a finding applies to.
type S3WordsList ¶ added in v1.23.0
type S3WordsList struct { // The full name of the S3 bucket that contains the object. // // This member is required. BucketName *string // The full name (key) of the object. // // This member is required. ObjectKey *string // contains filtered or unexported fields }
Provides information about an S3 object that lists specific text to ignore.
type ScopeFilterKey ¶
type ScopeFilterKey string
const ( ScopeFilterKeyObjectExtension ScopeFilterKey = "OBJECT_EXTENSION" ScopeFilterKeyObjectLastModifiedDate ScopeFilterKey = "OBJECT_LAST_MODIFIED_DATE" ScopeFilterKeyObjectSize ScopeFilterKey = "OBJECT_SIZE" ScopeFilterKeyObjectKey ScopeFilterKey = "OBJECT_KEY" )
Enum values for ScopeFilterKey
func (ScopeFilterKey) Values ¶ added in v0.29.0
func (ScopeFilterKey) Values() []ScopeFilterKey
Values returns all known values for ScopeFilterKey. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type Scoping ¶
type Scoping struct { // The property- and tag-based conditions that determine which objects to exclude // from the analysis. Excludes *JobScopingBlock // The property- and tag-based conditions that determine which objects to include // in the analysis. Includes *JobScopingBlock // contains filtered or unexported fields }
Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job. Exclude conditions take precedence over include conditions.
type SearchResourcesBucketCriteria ¶ added in v1.6.0
type SearchResourcesBucketCriteria struct { // The property- and tag-based conditions that determine which buckets to exclude // from the results. Excludes *SearchResourcesCriteriaBlock // The property- and tag-based conditions that determine which buckets to include // in the results. Includes *SearchResourcesCriteriaBlock // contains filtered or unexported fields }
Specifies property- and tag-based conditions that define filter criteria for including or excluding S3 buckets from the query results. Exclude conditions take precedence over include conditions.
type SearchResourcesComparator ¶ added in v1.6.0
type SearchResourcesComparator string
const ( SearchResourcesComparatorEq SearchResourcesComparator = "EQ" SearchResourcesComparatorNe SearchResourcesComparator = "NE" )
Enum values for SearchResourcesComparator
func (SearchResourcesComparator) Values ¶ added in v1.6.0
func (SearchResourcesComparator) Values() []SearchResourcesComparator
Values returns all known values for SearchResourcesComparator. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type SearchResourcesCriteria ¶ added in v1.6.0
type SearchResourcesCriteria struct { // A property-based condition that defines a property, operator, and one or more // values for including or excluding resources from the results. SimpleCriterion *SearchResourcesSimpleCriterion // A tag-based condition that defines an operator and tag keys, tag values, or tag // key and value pairs for including or excluding resources from the results. TagCriterion *SearchResourcesTagCriterion // contains filtered or unexported fields }
Specifies a property- or tag-based filter condition for including or excluding Amazon Web Services resources from the query results.
type SearchResourcesCriteriaBlock ¶ added in v1.6.0
type SearchResourcesCriteriaBlock struct { // An array of objects, one for each property- or tag-based condition that // includes or excludes resources from the query results. If you specify more than // one condition, Amazon Macie uses AND logic to join the conditions. And []SearchResourcesCriteria // contains filtered or unexported fields }
Specifies property- and tag-based conditions that define filter criteria for including or excluding Amazon Web Services resources from the query results.
type SearchResourcesSimpleCriterion ¶ added in v1.6.0
type SearchResourcesSimpleCriterion struct { // The operator to use in the condition. Valid values are EQ (equals) and NE (not // equals). Comparator SearchResourcesComparator // The property to use in the condition. Key SearchResourcesSimpleCriterionKey // An array that lists one or more values to use in the condition. If you specify // multiple values, Amazon Macie uses OR logic to join the values. Valid values for // each supported property (key) are: // // - ACCOUNT_ID - A string that represents the unique identifier for the Amazon // Web Services account that owns the resource. // // - AUTOMATED_DISCOVERY_MONITORING_STATUS - A string that represents an // enumerated value that Macie defines for the [BucketMetadata.automatedDiscoveryMonitoringStatus]property of an S3 bucket. // // - S3_BUCKET_EFFECTIVE_PERMISSION - A string that represents an enumerated // value that Macie defines for the [BucketPublicAccess.effectivePermission]property of an S3 bucket. // // - S3_BUCKET_NAME - A string that represents the name of an S3 bucket. // // - S3_BUCKET_SHARED_ACCESS - A string that represents an enumerated value that // Macie defines for the [BucketMetadata.sharedAccess]property of an S3 bucket. // // Values are case sensitive. Also, Macie doesn't support use of partial values or // wildcard characters in values. // // [BucketMetadata.automatedDiscoveryMonitoringStatus]: https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketmetadata-automateddiscoverymonitoringstatus // [BucketMetadata.sharedAccess]: https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketmetadata-sharedaccess // [BucketPublicAccess.effectivePermission]: https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketpublicaccess-effectivepermission Values []string // contains filtered or unexported fields }
Specifies a property-based filter condition that determines which Amazon Web Services resources are included or excluded from the query results.
type SearchResourcesSimpleCriterionKey ¶ added in v1.6.0
type SearchResourcesSimpleCriterionKey string
const ( SearchResourcesSimpleCriterionKeyAccountId SearchResourcesSimpleCriterionKey = "ACCOUNT_ID" SearchResourcesSimpleCriterionKeyS3BucketName SearchResourcesSimpleCriterionKey = "S3_BUCKET_NAME" SearchResourcesSimpleCriterionKeyS3BucketEffectivePermission SearchResourcesSimpleCriterionKey = "S3_BUCKET_EFFECTIVE_PERMISSION" SearchResourcesSimpleCriterionKeyAutomatedDiscoveryMonitoringStatus SearchResourcesSimpleCriterionKey = "AUTOMATED_DISCOVERY_MONITORING_STATUS" )
Enum values for SearchResourcesSimpleCriterionKey
func (SearchResourcesSimpleCriterionKey) Values ¶ added in v1.6.0
func (SearchResourcesSimpleCriterionKey) Values() []SearchResourcesSimpleCriterionKey
Values returns all known values for SearchResourcesSimpleCriterionKey. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type SearchResourcesSortAttributeName ¶ added in v1.6.0
type SearchResourcesSortAttributeName string
const ( SearchResourcesSortAttributeNameAccountId SearchResourcesSortAttributeName = "ACCOUNT_ID" SearchResourcesSortAttributeNameResourceName SearchResourcesSortAttributeName = "RESOURCE_NAME" SearchResourcesSortAttributeNameS3ClassifiableObjectCount SearchResourcesSortAttributeName = "S3_CLASSIFIABLE_OBJECT_COUNT" SearchResourcesSortAttributeNameS3ClassifiableSizeInBytes SearchResourcesSortAttributeName = "S3_CLASSIFIABLE_SIZE_IN_BYTES" )
Enum values for SearchResourcesSortAttributeName
func (SearchResourcesSortAttributeName) Values ¶ added in v1.6.0
func (SearchResourcesSortAttributeName) Values() []SearchResourcesSortAttributeName
Values returns all known values for SearchResourcesSortAttributeName. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type SearchResourcesSortCriteria ¶ added in v1.6.0
type SearchResourcesSortCriteria struct { // The property to sort the results by. AttributeName SearchResourcesSortAttributeName // The sort order to apply to the results, based on the value for the property // specified by the attributeName property. Valid values are: ASC, sort the results // in ascending order; and, DESC, sort the results in descending order. OrderBy OrderBy // contains filtered or unexported fields }
Specifies criteria for sorting the results of a query for information about Amazon Web Services resources that Amazon Macie monitors and analyzes.
type SearchResourcesTagCriterion ¶ added in v1.6.0
type SearchResourcesTagCriterion struct { // The operator to use in the condition. Valid values are EQ (equals) and NE (not // equals). Comparator SearchResourcesComparator // The tag keys, tag values, or tag key and value pairs to use in the condition. TagValues []SearchResourcesTagCriterionPair // contains filtered or unexported fields }
Specifies a tag-based filter condition that determines which Amazon Web Services resources are included or excluded from the query results.
type SearchResourcesTagCriterionPair ¶ added in v1.6.0
type SearchResourcesTagCriterionPair struct { // The value for the tag key to use in the condition. Key *string // The tag value to use in the condition. Value *string // contains filtered or unexported fields }
Specifies a tag key, a tag value, or a tag key and value (as a pair) to use in a tag-based filter condition for a query. Tag keys and values are case sensitive. Also, Amazon Macie doesn't support use of partial values or wildcard characters in tag-based filter conditions.
type SecurityHubConfiguration ¶ added in v1.3.0
type SecurityHubConfiguration struct { // Specifies whether to publish sensitive data findings to Security Hub. If you // set this value to true, Amazon Macie automatically publishes all sensitive data // findings that weren't suppressed by a findings filter. The default value is // false. // // This member is required. PublishClassificationFindings *bool // Specifies whether to publish policy findings to Security Hub. If you set this // value to true, Amazon Macie automatically publishes all new and updated policy // findings that weren't suppressed by a findings filter. The default value is // true. // // This member is required. PublishPolicyFindings *bool // contains filtered or unexported fields }
Specifies configuration settings that determine which findings are published to Security Hub automatically. For information about how Macie publishes findings to Security Hub, see Evaluating findings with Security Hubin the Amazon Macie User Guide.
type SensitiveDataItem ¶
type SensitiveDataItem struct { // The category of sensitive data that was detected. For example: CREDENTIALS, for // credentials data such as private keys or Amazon Web Services secret access keys; // FINANCIAL_INFORMATION, for financial data such as credit card numbers; or, // PERSONAL_INFORMATION, for personal health information, such as health insurance // identification numbers, or personally identifiable information, such as passport // numbers. Category SensitiveDataItemCategory // An array of objects, one for each type of sensitive data that was detected. // Each object reports the number of occurrences of a specific type of sensitive // data that was detected, and the location of up to 15 of those occurrences. Detections []DefaultDetection // The total number of occurrences of the sensitive data that was detected. TotalCount *int64 // contains filtered or unexported fields }
Provides information about the category, types, and occurrences of sensitive data that produced a sensitive data finding.
type SensitiveDataItemCategory ¶
type SensitiveDataItemCategory string
const ( SensitiveDataItemCategoryFinancialInformation SensitiveDataItemCategory = "FINANCIAL_INFORMATION" SensitiveDataItemCategoryPersonalInformation SensitiveDataItemCategory = "PERSONAL_INFORMATION" SensitiveDataItemCategoryCredentials SensitiveDataItemCategory = "CREDENTIALS" SensitiveDataItemCategoryCustomIdentifier SensitiveDataItemCategory = "CUSTOM_IDENTIFIER" )
Enum values for SensitiveDataItemCategory
func (SensitiveDataItemCategory) Values ¶ added in v0.29.0
func (SensitiveDataItemCategory) Values() []SensitiveDataItemCategory
Values returns all known values for SensitiveDataItemCategory. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type SensitivityAggregations ¶ added in v1.24.0
type SensitivityAggregations struct { // The total storage size, in bytes, of all the objects that Amazon Macie can // analyze in the buckets. These objects use a supported storage class and have a // file name extension for a supported file or storage format. // // If versioning is enabled for any of the buckets, this value is based on the // size of the latest version of each applicable object in the buckets. This value // doesn't reflect the storage size of all versions of all applicable objects in // the buckets. ClassifiableSizeInBytes *int64 // The total number of buckets that are publicly accessible due to a combination // of permissions settings for each bucket. PubliclyAccessibleCount *int64 // The total number of buckets. TotalCount *int64 // The total storage size, in bytes, of the buckets. // // If versioning is enabled for any of the buckets, this value is based on the // size of the latest version of each object in the buckets. This value doesn't // reflect the storage size of all versions of the objects in the buckets. TotalSizeInBytes *int64 // contains filtered or unexported fields }
Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets. Each field contains aggregated data for all the buckets that have a sensitivity score (sensitivityScore) of a specified value or within a specified range (BucketStatisticsBySensitivity). If automated sensitive data discovery is currently disabled for your account, the value for most fields is 0.
type SensitivityInspectionTemplateExcludes ¶ added in v1.24.0
type SensitivityInspectionTemplateExcludes struct { // An array of unique identifiers, one for each managed data identifier to // exclude. To retrieve a list of valid values, use the ListManagedDataIdentifiers // operation. ManagedDataIdentifierIds []string // contains filtered or unexported fields }
Specifies managed data identifiers to exclude (not use) when performing automated sensitive data discovery. For information about the managed data identifiers that Amazon Macie currently provides, see Using managed data identifiersin the Amazon Macie User Guide.
type SensitivityInspectionTemplateIncludes ¶ added in v1.24.0
type SensitivityInspectionTemplateIncludes struct { // An array of unique identifiers, one for each allow list to include. AllowListIds []string // An array of unique identifiers, one for each custom data identifier to include. CustomDataIdentifierIds []string // An array of unique identifiers, one for each managed data identifier to include. // // Amazon Macie uses these managed data identifiers in addition to managed data // identifiers that are subsequently released and recommended for automated // sensitive data discovery. To retrieve a list of valid values for the managed // data identifiers that are currently available, use the // ListManagedDataIdentifiers operation. ManagedDataIdentifierIds []string // contains filtered or unexported fields }
Specifies the allow lists, custom data identifiers, and managed data identifiers to include (use) when performing automated sensitive data discovery. The configuration must specify at least one custom data identifier or managed data identifier. For information about the managed data identifiers that Amazon Macie currently provides, see Using managed data identifiersin the Amazon Macie User Guide.
type SensitivityInspectionTemplatesEntry ¶ added in v1.24.0
type SensitivityInspectionTemplatesEntry struct { // The unique identifier for the sensitivity inspection template. Id *string // The name of the sensitivity inspection template: // automated-sensitive-data-discovery. Name *string // contains filtered or unexported fields }
Provides information about the sensitivity inspection template for an Amazon Macie account.
type ServerSideEncryption ¶
type ServerSideEncryption struct { // The server-side encryption algorithm that's used when storing data in the // bucket or object. If default encryption settings aren't configured for the // bucket or the object isn't encrypted using server-side encryption, this value is // NONE. EncryptionType EncryptionType // The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS key // that's used to encrypt data in the bucket or the object. This value is null if // an KMS key isn't used to encrypt the data. KmsMasterKeyId *string // contains filtered or unexported fields }
Provides information about the default server-side encryption settings for an S3 bucket or the encryption settings for an S3 object.
type ServiceLimit ¶
type ServiceLimit struct { // Specifies whether the account has met the quota that corresponds to the metric // specified by the UsageByAccount.type field in the response. IsServiceLimited *bool // The unit of measurement for the value specified by the value field. Unit Unit // The value for the metric specified by the UsageByAccount.type field in the // response. Value *int64 // contains filtered or unexported fields }
Specifies a current quota for an Amazon Macie account.
type ServiceQuotaExceededException ¶
type ServiceQuotaExceededException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
Provides information about an error that occurred due to one or more service quotas for an account.
func (*ServiceQuotaExceededException) Error ¶
func (e *ServiceQuotaExceededException) Error() string
func (*ServiceQuotaExceededException) ErrorCode ¶
func (e *ServiceQuotaExceededException) ErrorCode() string
func (*ServiceQuotaExceededException) ErrorFault ¶
func (e *ServiceQuotaExceededException) ErrorFault() smithy.ErrorFault
func (*ServiceQuotaExceededException) ErrorMessage ¶
func (e *ServiceQuotaExceededException) ErrorMessage() string
type SessionContext ¶
type SessionContext struct { // The date and time when the credentials were issued, and whether the credentials // were authenticated with a multi-factor authentication (MFA) device. Attributes *SessionContextAttributes // The source and type of credentials that were issued to the entity. SessionIssuer *SessionIssuer // contains filtered or unexported fields }
Provides information about a session that was created for an entity that performed an action by using temporary security credentials.
type SessionContextAttributes ¶
type SessionContextAttributes struct { // The date and time, in UTC and ISO 8601 format, when the credentials were issued. CreationDate *time.Time // Specifies whether the credentials were authenticated with a multi-factor // authentication (MFA) device. MfaAuthenticated *bool // contains filtered or unexported fields }
Provides information about the context in which temporary security credentials were issued to an entity.
type SessionIssuer ¶
type SessionIssuer struct { // The unique identifier for the Amazon Web Services account that owns the entity // that was used to get the credentials. AccountId *string // The Amazon Resource Name (ARN) of the source account, Identity and Access // Management (IAM) user, or role that was used to get the credentials. Arn *string // The unique identifier for the entity that was used to get the credentials. PrincipalId *string // The source of the temporary security credentials, such as Root, IAMUser, or // Role. Type *string // The name or alias of the user or role that issued the session. This value is // null if the credentials were obtained from a root account that doesn't have an // alias. UserName *string // contains filtered or unexported fields }
Provides information about the source and type of temporary security credentials that were issued to an entity.
type Severity ¶
type Severity struct { // The qualitative representation of the finding's severity, ranging from Low // (least severe) to High (most severe). Description SeverityDescription // The numerical representation of the finding's severity, ranging from 1 (least // severe) to 3 (most severe). Score *int64 // contains filtered or unexported fields }
Provides the numerical and qualitative representations of a finding's severity.
type SeverityDescription ¶
type SeverityDescription string
const ( SeverityDescriptionLow SeverityDescription = "Low" SeverityDescriptionMedium SeverityDescription = "Medium" SeverityDescriptionHigh SeverityDescription = "High" )
Enum values for SeverityDescription
func (SeverityDescription) Values ¶ added in v0.29.0
func (SeverityDescription) Values() []SeverityDescription
Values returns all known values for SeverityDescription. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type SeverityLevel ¶ added in v1.13.0
type SeverityLevel struct { // The minimum number of occurrences of text that must match the custom data // identifier's detection criteria in order to produce a finding with the specified // severity (severity). // // This member is required. OccurrencesThreshold *int64 // The severity to assign to a finding: if the number of occurrences is greater // than or equal to the specified threshold (occurrencesThreshold); and, if // applicable, the number of occurrences is less than the threshold for the next // consecutive severity level for the custom data identifier, moving from LOW to // HIGH. // // This member is required. Severity DataIdentifierSeverity // contains filtered or unexported fields }
Specifies a severity level for findings that a custom data identifier produces. A severity level determines which severity is assigned to the findings, based on the number of occurrences of text that match the custom data identifier's detection criteria.
type SharedAccess ¶
type SharedAccess string
const ()
Enum values for SharedAccess
func (SharedAccess) Values ¶ added in v0.29.0
func (SharedAccess) Values() []SharedAccess
Values returns all known values for SharedAccess. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type SimpleCriterionForJob ¶ added in v1.6.0
type SimpleCriterionForJob struct { // The operator to use in the condition. Valid values are EQ (equals) and NE (not // equals). Comparator JobComparator // The property to use in the condition. Key SimpleCriterionKeyForJob // An array that lists one or more values to use in the condition. If you specify // multiple values, Amazon Macie uses OR logic to join the values. Valid values for // each supported property (key) are: // // - ACCOUNT_ID - A string that represents the unique identifier for the Amazon // Web Services account that owns the bucket. // // - S3_BUCKET_EFFECTIVE_PERMISSION - A string that represents an enumerated // value that Macie defines for the [BucketPublicAccess.effectivePermission]property of a bucket. // // - S3_BUCKET_NAME - A string that represents the name of a bucket. // // - S3_BUCKET_SHARED_ACCESS - A string that represents an enumerated value that // Macie defines for the [BucketMetadata.sharedAccess]property of a bucket. // // Values are case sensitive. Also, Macie doesn't support use of partial values or // wildcard characters in these values. // // [BucketMetadata.sharedAccess]: https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketmetadata-sharedaccess // [BucketPublicAccess.effectivePermission]: https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketpublicaccess-effectivepermission Values []string // contains filtered or unexported fields }
Specifies a property-based condition that determines whether an S3 bucket is included or excluded from a classification job.
type SimpleCriterionKeyForJob ¶ added in v1.6.0
type SimpleCriterionKeyForJob string
const ( SimpleCriterionKeyForJobAccountId SimpleCriterionKeyForJob = "ACCOUNT_ID" SimpleCriterionKeyForJobS3BucketName SimpleCriterionKeyForJob = "S3_BUCKET_NAME" SimpleCriterionKeyForJobS3BucketEffectivePermission SimpleCriterionKeyForJob = "S3_BUCKET_EFFECTIVE_PERMISSION" )
Enum values for SimpleCriterionKeyForJob
func (SimpleCriterionKeyForJob) Values ¶ added in v1.6.0
func (SimpleCriterionKeyForJob) Values() []SimpleCriterionKeyForJob
Values returns all known values for SimpleCriterionKeyForJob. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type SimpleScopeTerm ¶
type SimpleScopeTerm struct { // The operator to use in the condition. Valid values for each supported property // (key) are: // // - OBJECT_EXTENSION - EQ (equals) or NE (not equals) // // - OBJECT_KEY - STARTS_WITH // // - OBJECT_LAST_MODIFIED_DATE - EQ (equals), GT (greater than), GTE (greater // than or equals), LT (less than), LTE (less than or equals), or NE (not equals) // // - OBJECT_SIZE - EQ (equals), GT (greater than), GTE (greater than or equals), // LT (less than), LTE (less than or equals), or NE (not equals) Comparator JobComparator // The object property to use in the condition. Key ScopeFilterKey // An array that lists the values to use in the condition. If the value for the // key property is OBJECT_EXTENSION or OBJECT_KEY, this array can specify multiple // values and Amazon Macie uses OR logic to join the values. Otherwise, this array // can specify only one value. // // Valid values for each supported property (key) are: // // - OBJECT_EXTENSION - A string that represents the file name extension of an // object. For example: docx or pdf // // - OBJECT_KEY - A string that represents the key prefix (folder name or path) // of an object. For example: logs or awslogs/eventlogs. This value applies a // condition to objects whose keys (names) begin with the specified value. // // - OBJECT_LAST_MODIFIED_DATE - The date and time (in UTC and extended ISO 8601 // format) when an object was created or last changed, whichever is latest. For // example: 2023-09-24T14:31:13Z // // - OBJECT_SIZE - An integer that represents the storage size (in bytes) of an // object. // // Macie doesn't support use of wildcard characters in these values. Also, string // values are case sensitive. Values []string // contains filtered or unexported fields }
Specifies a property-based condition that determines whether an S3 object is included or excluded from a classification job.
type SortCriteria ¶
type SortCriteria struct { // The name of the property to sort the results by. Valid values are: count, // createdAt, policyDetails.action.apiCallDetails.firstSeen, // policyDetails.action.apiCallDetails.lastSeen, resourcesAffected, severity.score, // type, and updatedAt. AttributeName *string // The sort order to apply to the results, based on the value for the property // specified by the attributeName property. Valid values are: ASC, sort the results // in ascending order; and, DESC, sort the results in descending order. OrderBy OrderBy // contains filtered or unexported fields }
Specifies criteria for sorting the results of a request for findings.
type Statistics ¶
type Statistics struct { // The approximate number of objects that the job has yet to process during its // current run. ApproximateNumberOfObjectsToProcess *float64 // The number of times that the job has run. NumberOfRuns *float64 // contains filtered or unexported fields }
Provides processing statistics for a classification job.
type StorageClass ¶
type StorageClass string
const ( StorageClassStandard StorageClass = "STANDARD" StorageClassReducedRedundancy StorageClass = "REDUCED_REDUNDANCY" StorageClassStandardIa StorageClass = "STANDARD_IA" StorageClassIntelligentTiering StorageClass = "INTELLIGENT_TIERING" StorageClassDeepArchive StorageClass = "DEEP_ARCHIVE" StorageClassOnezoneIa StorageClass = "ONEZONE_IA" StorageClassGlacier StorageClass = "GLACIER" StorageClassGlacierIr StorageClass = "GLACIER_IR" StorageClassOutposts StorageClass = "OUTPOSTS" )
Enum values for StorageClass
func (StorageClass) Values ¶ added in v0.29.0
func (StorageClass) Values() []StorageClass
Values returns all known values for StorageClass. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type SuppressDataIdentifier ¶ added in v1.24.0
type SuppressDataIdentifier struct { // The unique identifier for the custom data identifier or managed data identifier // that detected the type of sensitive data to exclude from the score. Id *string // The type of data identifier that detected the sensitive data. Possible values // are: CUSTOM, for a custom data identifier; and, MANAGED, for a managed data // identifier. Type DataIdentifierType // contains filtered or unexported fields }
Specifies a custom data identifier or managed data identifier that detected a type of sensitive data to exclude from an S3 bucket's sensitivity score.
type TagCriterionForJob ¶ added in v1.6.0
type TagCriterionForJob struct { // The operator to use in the condition. Valid values are EQ (equals) and NE (not // equals). Comparator JobComparator // The tag keys, tag values, or tag key and value pairs to use in the condition. TagValues []TagCriterionPairForJob // contains filtered or unexported fields }
Specifies a tag-based condition that determines whether an S3 bucket is included or excluded from a classification job.
type TagCriterionPairForJob ¶ added in v1.6.0
type TagCriterionPairForJob struct { // The value for the tag key to use in the condition. Key *string // The tag value to use in the condition. Value *string // contains filtered or unexported fields }
Specifies a tag key, a tag value, or a tag key and value (as a pair) to use in a tag-based condition that determines whether an S3 bucket is included or excluded from a classification job. Tag keys and values are case sensitive. Also, Amazon Macie doesn't support use of partial values or wildcard characters in tag-based conditions.
type TagScopeTerm ¶
type TagScopeTerm struct { // The operator to use in the condition. Valid values are EQ (equals) or NE (not // equals). Comparator JobComparator // The object property to use in the condition. The only valid value is TAG. Key *string // The tag keys or tag key and value pairs to use in the condition. To specify // only tag keys in a condition, specify the keys in this array and set the value // for each associated tag value to an empty string. TagValues []TagValuePair // The type of object to apply the condition to. Target TagTarget // contains filtered or unexported fields }
Specifies a tag-based condition that determines whether an S3 object is included or excluded from a classification job.
type TagTarget ¶
type TagTarget string
const (
TagTargetS3Object TagTarget = "S3_OBJECT"
)
Enum values for TagTarget
type TagValuePair ¶
type TagValuePair struct { // The value for the tag key to use in the condition. Key *string // The tag value, associated with the specified tag key (key), to use in the // condition. To specify only a tag key for a condition, specify the tag key for // the key property and set this value to an empty string. Value *string // contains filtered or unexported fields }
Specifies a tag key or tag key and value pair to use in a tag-based condition that determines whether an S3 object is included or excluded from a classification job. Tag keys and values are case sensitive. Also, Amazon Macie doesn't support use of partial values or wildcard characters in tag-based conditions.
type ThrottlingException ¶
type ThrottlingException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
func (*ThrottlingException) Error ¶
func (e *ThrottlingException) Error() string
func (*ThrottlingException) ErrorCode ¶
func (e *ThrottlingException) ErrorCode() string
func (*ThrottlingException) ErrorFault ¶
func (e *ThrottlingException) ErrorFault() smithy.ErrorFault
func (*ThrottlingException) ErrorMessage ¶
func (e *ThrottlingException) ErrorMessage() string
type TimeRange ¶ added in v1.2.0
type TimeRange string
type Type ¶ added in v1.2.0
type Type string
type UnavailabilityReasonCode ¶ added in v1.22.0
type UnavailabilityReasonCode string
const ()
Enum values for UnavailabilityReasonCode
func (UnavailabilityReasonCode) Values ¶ added in v1.22.0
func (UnavailabilityReasonCode) Values() []UnavailabilityReasonCode
Values returns all known values for UnavailabilityReasonCode. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type UnprocessableEntityException ¶ added in v1.22.0
type UnprocessableEntityException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
Provides information about an error that occurred due to an unprocessable entity.
func (*UnprocessableEntityException) Error ¶ added in v1.22.0
func (e *UnprocessableEntityException) Error() string
func (*UnprocessableEntityException) ErrorCode ¶ added in v1.22.0
func (e *UnprocessableEntityException) ErrorCode() string
func (*UnprocessableEntityException) ErrorFault ¶ added in v1.22.0
func (e *UnprocessableEntityException) ErrorFault() smithy.ErrorFault
func (*UnprocessableEntityException) ErrorMessage ¶ added in v1.22.0
func (e *UnprocessableEntityException) ErrorMessage() string
type UnprocessedAccount ¶
type UnprocessedAccount struct { // The Amazon Web Services account ID for the account that the request applies to. AccountId *string // The source of the issue or delay in processing the request. ErrorCode ErrorCode // The reason why the request hasn't been processed. ErrorMessage *string // contains filtered or unexported fields }
Provides information about an account-related request that hasn't been processed.
type UpdateRetrievalConfiguration ¶ added in v1.33.0
type UpdateRetrievalConfiguration struct { // The access method to use when retrieving sensitive data from affected S3 // objects. Valid values are: ASSUME_ROLE, assume an IAM role that is in the // affected Amazon Web Services account and delegates access to Amazon Macie; and, // CALLER_CREDENTIALS, use the credentials of the IAM user who requests the // sensitive data. If you specify ASSUME_ROLE, also specify the name of an existing // IAM role for Macie to assume (roleName). // // If you change this value from ASSUME_ROLE to CALLER_CREDENTIALS for an existing // configuration, Macie permanently deletes the external ID and role name currently // specified for the configuration. These settings can't be recovered after they're // deleted. // // This member is required. RetrievalMode RetrievalMode // The name of the IAM role that is in the affected Amazon Web Services account // and Amazon Macie is allowed to assume when retrieving sensitive data from // affected S3 objects for the account. The trust and permissions policies for the // role must meet all requirements for Macie to assume the role. RoleName *string // contains filtered or unexported fields }
Specifies the access method and settings to use when retrieving occurrences of sensitive data reported by findings. If your request specifies an Identity and Access Management (IAM) role to assume, Amazon Macie verifies that the role exists and the attached policies are configured correctly. If there's an issue, Macie returns an error. For information about addressing the issue, see Configuration options for retrieving sensitive data samplesin the Amazon Macie User Guide.
type UsageByAccount ¶
type UsageByAccount struct { // The type of currency that the value for the metric (estimatedCost) is reported // in. Currency Currency // The estimated value for the metric. EstimatedCost *string // The current value for the quota that corresponds to the metric specified by the // type field. ServiceLimit *ServiceLimit // The name of the metric. Possible values are: AUTOMATED_OBJECT_MONITORING, to // monitor S3 objects for automated sensitive data discovery; // AUTOMATED_SENSITIVE_DATA_DISCOVERY, to analyze S3 objects for automated // sensitive data discovery; DATA_INVENTORY_EVALUATION, to monitor S3 buckets; and, // SENSITIVE_DATA_DISCOVERY, to run classification jobs. Type UsageType // contains filtered or unexported fields }
Provides data for a specific usage metric and the corresponding quota for an Amazon Macie account.
type UsageRecord ¶
type UsageRecord struct { // The unique identifier for the Amazon Web Services account that the data applies // to. AccountId *string // The date and time, in UTC and extended ISO 8601 format, when the free trial of // automated sensitive data discovery started for the account. This value is null // if automated sensitive data discovery hasn't been enabled for the account. AutomatedDiscoveryFreeTrialStartDate *time.Time // The date and time, in UTC and extended ISO 8601 format, when the Amazon Macie // free trial started for the account. FreeTrialStartDate *time.Time // An array of objects that contains usage data and quotas for the account. Each // object contains the data for a specific usage metric and the corresponding // quota. Usage []UsageByAccount // contains filtered or unexported fields }
Provides quota and aggregated usage data for an Amazon Macie account.
type UsageStatisticsFilter ¶
type UsageStatisticsFilter struct { // The operator to use in the condition. If the value for the key property is // accountId, this value must be CONTAINS. If the value for the key property is any // other supported field, this value can be EQ, GT, GTE, LT, LTE, or NE. Comparator UsageStatisticsFilterComparator // The field to use in the condition. Key UsageStatisticsFilterKey // An array that lists values to use in the condition, based on the value for the // field specified by the key property. If the value for the key property is // accountId, this array can specify multiple values. Otherwise, this array can // specify only one value. // // Valid values for each supported field are: // // - accountId - The unique identifier for an Amazon Web Services account. // // - freeTrialStartDate - The date and time, in UTC and extended ISO 8601 // format, when the Amazon Macie free trial started for an account. // // - serviceLimit - A Boolean (true or false) value that indicates whether an // account has reached its monthly quota. // // - total - A string that represents the current estimated cost for an account. Values []string // contains filtered or unexported fields }
Specifies a condition for filtering the results of a query for quota and usage data for one or more Amazon Macie accounts.
type UsageStatisticsFilterComparator ¶
type UsageStatisticsFilterComparator string
const ( UsageStatisticsFilterComparatorGt UsageStatisticsFilterComparator = "GT" UsageStatisticsFilterComparatorGte UsageStatisticsFilterComparator = "GTE" UsageStatisticsFilterComparatorLt UsageStatisticsFilterComparator = "LT" UsageStatisticsFilterComparatorLte UsageStatisticsFilterComparator = "LTE" UsageStatisticsFilterComparatorEq UsageStatisticsFilterComparator = "EQ" UsageStatisticsFilterComparatorNe UsageStatisticsFilterComparator = "NE" UsageStatisticsFilterComparatorContains UsageStatisticsFilterComparator = "CONTAINS" )
Enum values for UsageStatisticsFilterComparator
func (UsageStatisticsFilterComparator) Values ¶ added in v0.29.0
func (UsageStatisticsFilterComparator) Values() []UsageStatisticsFilterComparator
Values returns all known values for UsageStatisticsFilterComparator. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type UsageStatisticsFilterKey ¶
type UsageStatisticsFilterKey string
const ( UsageStatisticsFilterKeyAccountId UsageStatisticsFilterKey = "accountId" UsageStatisticsFilterKeyServiceLimit UsageStatisticsFilterKey = "serviceLimit" UsageStatisticsFilterKeyFreeTrialStartDate UsageStatisticsFilterKey = "freeTrialStartDate" UsageStatisticsFilterKeyTotal UsageStatisticsFilterKey = "total" )
Enum values for UsageStatisticsFilterKey
func (UsageStatisticsFilterKey) Values ¶ added in v0.29.0
func (UsageStatisticsFilterKey) Values() []UsageStatisticsFilterKey
Values returns all known values for UsageStatisticsFilterKey. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type UsageStatisticsSortBy ¶
type UsageStatisticsSortBy struct { // The field to sort the results by. Key UsageStatisticsSortKey // The sort order to apply to the results, based on the value for the field // specified by the key property. Valid values are: ASC, sort the results in // ascending order; and, DESC, sort the results in descending order. OrderBy OrderBy // contains filtered or unexported fields }
Specifies criteria for sorting the results of a query for Amazon Macie account quotas and usage data.
type UsageStatisticsSortKey ¶
type UsageStatisticsSortKey string
const ( UsageStatisticsSortKeyAccountId UsageStatisticsSortKey = "accountId" UsageStatisticsSortKeyTotal UsageStatisticsSortKey = "total" UsageStatisticsSortKeyServiceLimitValue UsageStatisticsSortKey = "serviceLimitValue" UsageStatisticsSortKeyFreeTrialStartDate UsageStatisticsSortKey = "freeTrialStartDate" )
Enum values for UsageStatisticsSortKey
func (UsageStatisticsSortKey) Values ¶ added in v0.29.0
func (UsageStatisticsSortKey) Values() []UsageStatisticsSortKey
Values returns all known values for UsageStatisticsSortKey. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type UsageTotal ¶
type UsageTotal struct { // The type of currency that the value for the metric (estimatedCost) is reported // in. Currency Currency // The estimated value for the metric. EstimatedCost *string // The name of the metric. Possible values are: AUTOMATED_OBJECT_MONITORING, to // monitor S3 objects for automated sensitive data discovery; // AUTOMATED_SENSITIVE_DATA_DISCOVERY, to analyze S3 objects for automated // sensitive data discovery; DATA_INVENTORY_EVALUATION, to monitor S3 buckets; and, // SENSITIVE_DATA_DISCOVERY, to run classification jobs. Type UsageType // contains filtered or unexported fields }
Provides aggregated data for an Amazon Macie usage metric. The value for the metric reports estimated usage data for an account for the preceding 30 days or the current calendar month to date, depending on the time period (timeRange) specified in the request.
type UsageType ¶
type UsageType string
const ( UsageTypeDataInventoryEvaluation UsageType = "DATA_INVENTORY_EVALUATION" UsageTypeSensitiveDataDiscovery UsageType = "SENSITIVE_DATA_DISCOVERY" UsageTypeAutomatedSensitiveDataDiscovery UsageType = "AUTOMATED_SENSITIVE_DATA_DISCOVERY" UsageTypeAutomatedObjectMonitoring UsageType = "AUTOMATED_OBJECT_MONITORING" )
Enum values for UsageType
type UserIdentity ¶
type UserIdentity struct { // If the action was performed with temporary security credentials that were // obtained using the AssumeRole operation of the Security Token Service (STS) API, // the identifiers, session context, and other details about the identity. AssumedRole *AssumedRole // If the action was performed using the credentials for another Amazon Web // Services account, the details of that account. AwsAccount *AwsAccount // If the action was performed by an Amazon Web Services account that belongs to // an Amazon Web Services service, the name of the service. AwsService *AwsService // If the action was performed with temporary security credentials that were // obtained using the GetFederationToken operation of the Security Token Service // (STS) API, the identifiers, session context, and other details about the // identity. FederatedUser *FederatedUser // If the action was performed using the credentials for an Identity and Access // Management (IAM) user, the name and other details about the user. IamUser *IamUser // If the action was performed using the credentials for your Amazon Web Services // account, the details of your account. Root *UserIdentityRoot // The type of entity that performed the action. Type UserIdentityType // contains filtered or unexported fields }
Provides information about the type and other characteristics of an entity that performed an action on an affected resource.
type UserIdentityRoot ¶
type UserIdentityRoot struct { // The unique identifier for the Amazon Web Services account. AccountId *string // The Amazon Resource Name (ARN) of the principal that performed the action. The // last section of the ARN contains the name of the user or role that performed the // action. Arn *string // The unique identifier for the entity that performed the action. PrincipalId *string // contains filtered or unexported fields }
Provides information about an Amazon Web Services account and entity that performed an action on an affected resource. The action was performed using the credentials for your Amazon Web Services account.
type UserIdentityType ¶
type UserIdentityType string
const ( UserIdentityTypeAssumedRole UserIdentityType = "AssumedRole" UserIdentityTypeIAMUser UserIdentityType = "IAMUser" UserIdentityTypeFederatedUser UserIdentityType = "FederatedUser" UserIdentityTypeRoot UserIdentityType = "Root" UserIdentityTypeAWSAccount UserIdentityType = "AWSAccount" UserIdentityTypeAWSService UserIdentityType = "AWSService" )
Enum values for UserIdentityType
func (UserIdentityType) Values ¶ added in v0.29.0
func (UserIdentityType) Values() []UserIdentityType
Values returns all known values for UserIdentityType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type UserPausedDetails ¶ added in v0.29.0
type UserPausedDetails struct { // The date and time, in UTC and extended ISO 8601 format, when the job or job run // will expire and be cancelled if you don't resume it first. JobExpiresAt *time.Time // The Amazon Resource Name (ARN) of the Health event that Amazon Macie sent to // notify you of the job or job run's pending expiration and cancellation. This // value is null if a job has been paused for less than 23 days. JobImminentExpirationHealthEventArn *string // The date and time, in UTC and extended ISO 8601 format, when you paused the job. JobPausedAt *time.Time // contains filtered or unexported fields }
Provides information about when a classification job was paused. For a one-time job, this object also specifies when the job will expire and be cancelled if it isn't resumed. For a recurring job, this object also specifies when the paused job run will expire and be cancelled if it isn't resumed. This object is present only if a job's current status (jobStatus) is USER_PAUSED. The information in this object applies only to a job that was paused while it had a status of RUNNING.
type ValidationException ¶
type ValidationException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
Provides information about an error that occurred due to a syntax error in a request.
func (*ValidationException) Error ¶
func (e *ValidationException) Error() string
func (*ValidationException) ErrorCode ¶
func (e *ValidationException) ErrorCode() string
func (*ValidationException) ErrorFault ¶
func (e *ValidationException) ErrorFault() smithy.ErrorFault
func (*ValidationException) ErrorMessage ¶
func (e *ValidationException) ErrorMessage() string
type WeeklySchedule ¶
type WeeklySchedule struct { // The day of the week when Amazon Macie runs the job. DayOfWeek DayOfWeek // contains filtered or unexported fields }
Specifies a weekly recurrence pattern for running a classification job.