Documentation
¶
Index ¶
- type Access
- type AccessCheckPolicyType
- type AccessDeniedException
- type AccessPreview
- type AccessPreviewFinding
- type AccessPreviewStatus
- type AccessPreviewStatusReason
- type AccessPreviewStatusReasonCode
- type AccessPreviewSummary
- type AclGrantee
- type AclGranteeMemberId
- type AclGranteeMemberUri
- type AclPermission
- type AnalyzedResource
- type AnalyzedResourceSummary
- type AnalyzerConfiguration
- type AnalyzerConfigurationMemberUnusedAccess
- type AnalyzerStatus
- type AnalyzerSummary
- type ArchiveRuleSummary
- type CheckAccessNotGrantedResult
- type CheckNoNewAccessResult
- type CloudTrailDetails
- type CloudTrailProperties
- type Configuration
- type ConfigurationMemberDynamodbStream
- type ConfigurationMemberDynamodbTable
- type ConfigurationMemberEbsSnapshot
- type ConfigurationMemberEcrRepository
- type ConfigurationMemberEfsFileSystem
- type ConfigurationMemberIamRole
- type ConfigurationMemberKmsKey
- type ConfigurationMemberRdsDbClusterSnapshot
- type ConfigurationMemberRdsDbSnapshot
- type ConfigurationMemberS3Bucket
- type ConfigurationMemberS3ExpressDirectoryBucket
- type ConfigurationMemberSecretsManagerSecret
- type ConfigurationMemberSnsTopic
- type ConfigurationMemberSqsQueue
- type ConflictException
- type Criterion
- type DynamodbStreamConfiguration
- type DynamodbTableConfiguration
- type EbsSnapshotConfiguration
- type EcrRepositoryConfiguration
- type EfsFileSystemConfiguration
- type ExternalAccessDetails
- type Finding
- type FindingChangeType
- type FindingDetails
- type FindingDetailsMemberExternalAccessDetails
- type FindingDetailsMemberUnusedIamRoleDetails
- type FindingDetailsMemberUnusedIamUserAccessKeyDetails
- type FindingDetailsMemberUnusedIamUserPasswordDetails
- type FindingDetailsMemberUnusedPermissionDetails
- type FindingSource
- type FindingSourceDetail
- type FindingSourceType
- type FindingStatus
- type FindingStatusUpdate
- type FindingSummary
- type FindingSummaryV2
- type FindingType
- type GeneratedPolicy
- type GeneratedPolicyProperties
- type GeneratedPolicyResult
- type IamRoleConfiguration
- type InlineArchiveRule
- type InternalServerException
- type InternetConfiguration
- type InvalidParameterException
- type JobDetails
- type JobError
- type JobErrorCode
- type JobStatus
- type KmsGrantConfiguration
- type KmsGrantConstraints
- type KmsGrantOperation
- type KmsKeyConfiguration
- type Locale
- type Location
- type NetworkOriginConfiguration
- type NetworkOriginConfigurationMemberInternetConfiguration
- type NetworkOriginConfigurationMemberVpcConfiguration
- type OrderBy
- type PathElement
- type PathElementMemberIndex
- type PathElementMemberKey
- type PathElementMemberSubstring
- type PathElementMemberValue
- type PolicyGeneration
- type PolicyGenerationDetails
- type PolicyType
- type Position
- type RdsDbClusterSnapshotAttributeValue
- type RdsDbClusterSnapshotAttributeValueMemberAccountIds
- type RdsDbClusterSnapshotConfiguration
- type RdsDbSnapshotAttributeValue
- type RdsDbSnapshotAttributeValueMemberAccountIds
- type RdsDbSnapshotConfiguration
- type ReasonCode
- type ReasonSummary
- type ResourceNotFoundException
- type ResourceType
- type S3AccessPointConfiguration
- type S3BucketAclGrantConfiguration
- type S3BucketConfiguration
- type S3ExpressDirectoryBucketConfiguration
- type S3PublicAccessBlockConfiguration
- type SecretsManagerSecretConfiguration
- type ServiceQuotaExceededException
- type SnsTopicConfiguration
- type SortCriteria
- type Span
- type SqsQueueConfiguration
- type StatusReason
- type Substring
- type ThrottlingException
- type Trail
- type TrailProperties
- type Type
- type UnknownUnionMember
- type UnprocessableEntityException
- type UnusedAccessConfiguration
- type UnusedAction
- type UnusedIamRoleDetails
- type UnusedIamUserAccessKeyDetails
- type UnusedIamUserPasswordDetails
- type UnusedPermissionDetails
- type ValidatePolicyFinding
- type ValidatePolicyFindingType
- type ValidatePolicyResourceType
- type ValidationException
- type ValidationExceptionField
- type ValidationExceptionReason
- type VpcConfiguration
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Access ¶ added in v1.24.0
type Access struct {
// A list of actions for the access permissions. Any strings that can be used as
// an action in an IAM policy can be used in the list of actions to check.
//
// This member is required.
Actions []string
// contains filtered or unexported fields
}
Contains information about actions that define permissions to check against a policy.
type AccessCheckPolicyType ¶ added in v1.24.0
type AccessCheckPolicyType string
const ( AccessCheckPolicyTypeIdentityPolicy AccessCheckPolicyType = "IDENTITY_POLICY" AccessCheckPolicyTypeResourcePolicy AccessCheckPolicyType = "RESOURCE_POLICY" )
Enum values for AccessCheckPolicyType
func (AccessCheckPolicyType) Values ¶ added in v1.24.0
func (AccessCheckPolicyType) Values() []AccessCheckPolicyType
Values returns all known values for AccessCheckPolicyType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type AccessDeniedException ¶
type AccessDeniedException struct {
Message *string
ErrorCodeOverride *string
// contains filtered or unexported fields
}
You do not have sufficient access to perform this action.
func (*AccessDeniedException) Error ¶
func (e *AccessDeniedException) Error() string
func (*AccessDeniedException) ErrorCode ¶
func (e *AccessDeniedException) ErrorCode() string
func (*AccessDeniedException) ErrorFault ¶
func (e *AccessDeniedException) ErrorFault() smithy.ErrorFault
func (*AccessDeniedException) ErrorMessage ¶
func (e *AccessDeniedException) ErrorMessage() string
type AccessPreview ¶ added in v1.2.0
type AccessPreview struct {
// The ARN of the analyzer used to generate the access preview.
//
// This member is required.
AnalyzerArn *string
// A map of resource ARNs for the proposed resource configuration.
//
// This member is required.
Configurations map[string]Configuration
// The time at which the access preview was created.
//
// This member is required.
CreatedAt *time.Time
// The unique ID for the access preview.
//
// This member is required.
Id *string
// The status of the access preview.
// - Creating - The access preview creation is in progress.
// - Completed - The access preview is complete. You can preview findings for
// external access to the resource.
// - Failed - The access preview creation has failed.
//
// This member is required.
Status AccessPreviewStatus
// Provides more details about the current status of the access preview. For
// example, if the creation of the access preview fails, a Failed status is
// returned. This failure can be due to an internal issue with the analysis or due
// to an invalid resource configuration.
StatusReason *AccessPreviewStatusReason
// contains filtered or unexported fields
}
Contains information about an access preview.
type AccessPreviewFinding ¶ added in v1.2.0
type AccessPreviewFinding struct {
// Provides context on how the access preview finding compares to existing access
// identified in IAM Access Analyzer.
// - New - The finding is for newly-introduced access.
// - Unchanged - The preview finding is an existing finding that would remain
// unchanged.
// - Changed - The preview finding is an existing finding with a change in
// status.
// For example, a Changed finding with preview status Resolved and existing status
// Active indicates the existing Active finding would become Resolved as a result
// of the proposed permissions change.
//
// This member is required.
ChangeType FindingChangeType
// The time at which the access preview finding was created.
//
// This member is required.
CreatedAt *time.Time
// The ID of the access preview finding. This ID uniquely identifies the element
// in the list of access preview findings and is not related to the finding ID in
// Access Analyzer.
//
// This member is required.
Id *string
// The Amazon Web Services account ID that owns the resource. For most Amazon Web
// Services resources, the owning account is the account in which the resource was
// created.
//
// This member is required.
ResourceOwnerAccount *string
// The type of the resource that can be accessed in the finding.
//
// This member is required.
ResourceType ResourceType
// The preview status of the finding. This is what the status of the finding would
// be after permissions deployment. For example, a Changed finding with preview
// status Resolved and existing status Active indicates the existing Active
// finding would become Resolved as a result of the proposed permissions change.
//
// This member is required.
Status FindingStatus
// The action in the analyzed policy statement that an external principal has
// permission to perform.
Action []string
// The condition in the analyzed policy statement that resulted in a finding.
Condition map[string]string
// An error.
Error *string
// The existing ID of the finding in IAM Access Analyzer, provided only for
// existing findings.
ExistingFindingId *string
// The existing status of the finding, provided only for existing findings.
ExistingFindingStatus FindingStatus
// Indicates whether the policy that generated the finding allows public access to
// the resource.
IsPublic *bool
// The external principal that has access to a resource within the zone of trust.
Principal map[string]string
// The resource that an external principal has access to. This is the resource
// associated with the access preview.
Resource *string
// The sources of the finding. This indicates how the access that generated the
// finding is granted. It is populated for Amazon S3 bucket findings.
Sources []FindingSource
// contains filtered or unexported fields
}
An access preview finding generated by the access preview.
type AccessPreviewStatus ¶ added in v1.2.0
type AccessPreviewStatus string
const ( AccessPreviewStatusCompleted AccessPreviewStatus = "COMPLETED" AccessPreviewStatusCreating AccessPreviewStatus = "CREATING" AccessPreviewStatusFailed AccessPreviewStatus = "FAILED" )
Enum values for AccessPreviewStatus
func (AccessPreviewStatus) Values ¶ added in v1.2.0
func (AccessPreviewStatus) Values() []AccessPreviewStatus
Values returns all known values for AccessPreviewStatus. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type AccessPreviewStatusReason ¶ added in v1.2.0
type AccessPreviewStatusReason struct {
// The reason code for the current status of the access preview.
//
// This member is required.
Code AccessPreviewStatusReasonCode
// contains filtered or unexported fields
}
Provides more details about the current status of the access preview. For example, if the creation of the access preview fails, a Failed status is returned. This failure can be due to an internal issue with the analysis or due to an invalid proposed resource configuration.
type AccessPreviewStatusReasonCode ¶ added in v1.2.0
type AccessPreviewStatusReasonCode string
const ( AccessPreviewStatusReasonCodeInternalError AccessPreviewStatusReasonCode = "INTERNAL_ERROR" AccessPreviewStatusReasonCodeInvalidConfiguration AccessPreviewStatusReasonCode = "INVALID_CONFIGURATION" )
Enum values for AccessPreviewStatusReasonCode
func (AccessPreviewStatusReasonCode) Values ¶ added in v1.2.0
func (AccessPreviewStatusReasonCode) Values() []AccessPreviewStatusReasonCode
Values returns all known values for AccessPreviewStatusReasonCode. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type AccessPreviewSummary ¶ added in v1.2.0
type AccessPreviewSummary struct {
// The ARN of the analyzer used to generate the access preview.
//
// This member is required.
AnalyzerArn *string
// The time at which the access preview was created.
//
// This member is required.
CreatedAt *time.Time
// The unique ID for the access preview.
//
// This member is required.
Id *string
// The status of the access preview.
// - Creating - The access preview creation is in progress.
// - Completed - The access preview is complete and previews the findings for
// external access to the resource.
// - Failed - The access preview creation has failed.
//
// This member is required.
Status AccessPreviewStatus
// Provides more details about the current status of the access preview. For
// example, if the creation of the access preview fails, a Failed status is
// returned. This failure can be due to an internal issue with the analysis or due
// to an invalid proposed resource configuration.
StatusReason *AccessPreviewStatusReason
// contains filtered or unexported fields
}
Contains a summary of information about an access preview.
type AclGrantee ¶ added in v1.2.0
type AclGrantee interface {
// contains filtered or unexported methods
}
You specify each grantee as a type-value pair using one of these types. You can specify only one type of grantee. For more information, see PutBucketAcl (https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html) .
The following types satisfy this interface:
AclGranteeMemberId AclGranteeMemberUri
Example (OutputUsage) ¶
package main
import (
"fmt"
"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)
func main() {
var union types.AclGrantee
// type switches can be used to check the union value
switch v := union.(type) {
case *types.AclGranteeMemberId:
_ = v.Value // Value is string
case *types.AclGranteeMemberUri:
_ = v.Value // Value is string
case *types.UnknownUnionMember:
fmt.Println("unknown tag:", v.Tag)
default:
fmt.Println("union is nil or unknown type")
}
}
Output:
type AclGranteeMemberId ¶ added in v1.2.0
type AclGranteeMemberId struct {
Value string
// contains filtered or unexported fields
}
The value specified is the canonical user ID of an Amazon Web Services account.
type AclGranteeMemberUri ¶ added in v1.2.0
type AclGranteeMemberUri struct {
Value string
// contains filtered or unexported fields
}
Used for granting permissions to a predefined group.
type AclPermission ¶ added in v1.2.0
type AclPermission string
const ( AclPermissionRead AclPermission = "READ" AclPermissionWrite AclPermission = "WRITE" AclPermissionReadAcp AclPermission = "READ_ACP" AclPermissionWriteAcp AclPermission = "WRITE_ACP" AclPermissionFullControl AclPermission = "FULL_CONTROL" )
Enum values for AclPermission
func (AclPermission) Values ¶ added in v1.2.0
func (AclPermission) Values() []AclPermission
Values returns all known values for AclPermission. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type AnalyzedResource ¶
type AnalyzedResource struct {
// The time at which the resource was analyzed.
//
// This member is required.
AnalyzedAt *time.Time
// The time at which the finding was created.
//
// This member is required.
CreatedAt *time.Time
// Indicates whether the policy that generated the finding grants public access to
// the resource.
//
// This member is required.
IsPublic *bool
// The ARN of the resource that was analyzed.
//
// This member is required.
ResourceArn *string
// The Amazon Web Services account ID that owns the resource.
//
// This member is required.
ResourceOwnerAccount *string
// The type of the resource that was analyzed.
//
// This member is required.
ResourceType ResourceType
// The time at which the finding was updated.
//
// This member is required.
UpdatedAt *time.Time
// The actions that an external principal is granted permission to use by the
// policy that generated the finding.
Actions []string
// An error message.
Error *string
// populated for Amazon S3 bucket findings.
SharedVia []string
// The current status of the finding generated from the analyzed resource.
Status FindingStatus
// contains filtered or unexported fields
}
Contains details about the analyzed resource.
type AnalyzedResourceSummary ¶
type AnalyzedResourceSummary struct {
// The ARN of the analyzed resource.
//
// This member is required.
ResourceArn *string
// The Amazon Web Services account ID that owns the resource.
//
// This member is required.
ResourceOwnerAccount *string
// The type of resource that was analyzed.
//
// This member is required.
ResourceType ResourceType
// contains filtered or unexported fields
}
Contains the ARN of the analyzed resource.
type AnalyzerConfiguration ¶ added in v1.24.0
type AnalyzerConfiguration interface {
// contains filtered or unexported methods
}
Contains information about the configuration of an unused access analyzer for an Amazon Web Services organization or account.
The following types satisfy this interface:
AnalyzerConfigurationMemberUnusedAccess
Example (OutputUsage) ¶
package main
import (
"fmt"
"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)
func main() {
var union types.AnalyzerConfiguration
// type switches can be used to check the union value
switch v := union.(type) {
case *types.AnalyzerConfigurationMemberUnusedAccess:
_ = v.Value // Value is types.UnusedAccessConfiguration
case *types.UnknownUnionMember:
fmt.Println("unknown tag:", v.Tag)
default:
fmt.Println("union is nil or unknown type")
}
}
Output:
type AnalyzerConfigurationMemberUnusedAccess ¶ added in v1.24.0
type AnalyzerConfigurationMemberUnusedAccess struct {
Value UnusedAccessConfiguration
// contains filtered or unexported fields
}
Specifies the configuration of an unused access analyzer for an Amazon Web Services organization or account. External access analyzers do not support any configuration.
type AnalyzerStatus ¶
type AnalyzerStatus string
const ( AnalyzerStatusActive AnalyzerStatus = "ACTIVE" AnalyzerStatusCreating AnalyzerStatus = "CREATING" AnalyzerStatusDisabled AnalyzerStatus = "DISABLED" AnalyzerStatusFailed AnalyzerStatus = "FAILED" )
Enum values for AnalyzerStatus
func (AnalyzerStatus) Values ¶ added in v0.29.0
func (AnalyzerStatus) Values() []AnalyzerStatus
Values returns all known values for AnalyzerStatus. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type AnalyzerSummary ¶
type AnalyzerSummary struct {
// The ARN of the analyzer.
//
// This member is required.
Arn *string
// A timestamp for the time at which the analyzer was created.
//
// This member is required.
CreatedAt *time.Time
// The name of the analyzer.
//
// This member is required.
Name *string
// The status of the analyzer. An Active analyzer successfully monitors supported
// resources and generates new findings. The analyzer is Disabled when a user
// action, such as removing trusted access for Identity and Access Management
// Access Analyzer from Organizations, causes the analyzer to stop generating new
// findings. The status is Creating when the analyzer creation is in progress and
// Failed when the analyzer creation has failed.
//
// This member is required.
Status AnalyzerStatus
// The type of analyzer, which corresponds to the zone of trust chosen for the
// analyzer.
//
// This member is required.
Type Type
// Specifies whether the analyzer is an external access or unused access analyzer.
Configuration AnalyzerConfiguration
// The resource that was most recently analyzed by the analyzer.
LastResourceAnalyzed *string
// The time at which the most recently analyzed resource was analyzed.
LastResourceAnalyzedAt *time.Time
// The statusReason provides more details about the current status of the
// analyzer. For example, if the creation for the analyzer fails, a Failed status
// is returned. For an analyzer with organization as the type, this failure can be
// due to an issue with creating the service-linked roles required in the member
// accounts of the Amazon Web Services organization.
StatusReason *StatusReason
// The tags added to the analyzer.
Tags map[string]string
// contains filtered or unexported fields
}
Contains information about the analyzer.
type ArchiveRuleSummary ¶
type ArchiveRuleSummary struct {
// The time at which the archive rule was created.
//
// This member is required.
CreatedAt *time.Time
// A filter used to define the archive rule.
//
// This member is required.
Filter map[string]Criterion
// The name of the archive rule.
//
// This member is required.
RuleName *string
// The time at which the archive rule was last updated.
//
// This member is required.
UpdatedAt *time.Time
// contains filtered or unexported fields
}
Contains information about an archive rule.
type CheckAccessNotGrantedResult ¶ added in v1.24.0
type CheckAccessNotGrantedResult string
const ( CheckAccessNotGrantedResultPass CheckAccessNotGrantedResult = "PASS" CheckAccessNotGrantedResultFail CheckAccessNotGrantedResult = "FAIL" )
Enum values for CheckAccessNotGrantedResult
func (CheckAccessNotGrantedResult) Values ¶ added in v1.24.0
func (CheckAccessNotGrantedResult) Values() []CheckAccessNotGrantedResult
Values returns all known values for CheckAccessNotGrantedResult. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type CheckNoNewAccessResult ¶ added in v1.24.0
type CheckNoNewAccessResult string
const ( CheckNoNewAccessResultPass CheckNoNewAccessResult = "PASS" CheckNoNewAccessResultFail CheckNoNewAccessResult = "FAIL" )
Enum values for CheckNoNewAccessResult
func (CheckNoNewAccessResult) Values ¶ added in v1.24.0
func (CheckNoNewAccessResult) Values() []CheckNoNewAccessResult
Values returns all known values for CheckNoNewAccessResult. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type CloudTrailDetails ¶ added in v1.3.0
type CloudTrailDetails struct {
// The ARN of the service role that IAM Access Analyzer uses to access your
// CloudTrail trail and service last accessed information.
//
// This member is required.
AccessRole *string
// The start of the time range for which IAM Access Analyzer reviews your
// CloudTrail events. Events with a timestamp before this time are not considered
// to generate a policy.
//
// This member is required.
StartTime *time.Time
// A Trail object that contains settings for a trail.
//
// This member is required.
Trails []Trail
// The end of the time range for which IAM Access Analyzer reviews your CloudTrail
// events. Events with a timestamp after this time are not considered to generate a
// policy. If this is not included in the request, the default value is the current
// time.
EndTime *time.Time
// contains filtered or unexported fields
}
Contains information about CloudTrail access.
type CloudTrailProperties ¶ added in v1.3.0
type CloudTrailProperties struct {
// The end of the time range for which IAM Access Analyzer reviews your CloudTrail
// events. Events with a timestamp after this time are not considered to generate a
// policy. If this is not included in the request, the default value is the current
// time.
//
// This member is required.
EndTime *time.Time
// The start of the time range for which IAM Access Analyzer reviews your
// CloudTrail events. Events with a timestamp before this time are not considered
// to generate a policy.
//
// This member is required.
StartTime *time.Time
// A TrailProperties object that contains settings for trail properties.
//
// This member is required.
TrailProperties []TrailProperties
// contains filtered or unexported fields
}
Contains information about CloudTrail access.
type Configuration ¶ added in v1.2.0
type Configuration interface {
// contains filtered or unexported methods
}
Access control configuration structures for your resource. You specify the configuration as a type-value pair. You can specify only one type of access control configuration.
The following types satisfy this interface:
ConfigurationMemberDynamodbStream ConfigurationMemberDynamodbTable ConfigurationMemberEbsSnapshot ConfigurationMemberEcrRepository ConfigurationMemberEfsFileSystem ConfigurationMemberIamRole ConfigurationMemberKmsKey ConfigurationMemberRdsDbClusterSnapshot ConfigurationMemberRdsDbSnapshot ConfigurationMemberS3Bucket ConfigurationMemberS3ExpressDirectoryBucket ConfigurationMemberSecretsManagerSecret ConfigurationMemberSnsTopic ConfigurationMemberSqsQueue
Example (OutputUsage) ¶
package main
import (
"fmt"
"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)
func main() {
var union types.Configuration
// type switches can be used to check the union value
switch v := union.(type) {
case *types.ConfigurationMemberDynamodbStream:
_ = v.Value // Value is types.DynamodbStreamConfiguration
case *types.ConfigurationMemberDynamodbTable:
_ = v.Value // Value is types.DynamodbTableConfiguration
case *types.ConfigurationMemberEbsSnapshot:
_ = v.Value // Value is types.EbsSnapshotConfiguration
case *types.ConfigurationMemberEcrRepository:
_ = v.Value // Value is types.EcrRepositoryConfiguration
case *types.ConfigurationMemberEfsFileSystem:
_ = v.Value // Value is types.EfsFileSystemConfiguration
case *types.ConfigurationMemberIamRole:
_ = v.Value // Value is types.IamRoleConfiguration
case *types.ConfigurationMemberKmsKey:
_ = v.Value // Value is types.KmsKeyConfiguration
case *types.ConfigurationMemberRdsDbClusterSnapshot:
_ = v.Value // Value is types.RdsDbClusterSnapshotConfiguration
case *types.ConfigurationMemberRdsDbSnapshot:
_ = v.Value // Value is types.RdsDbSnapshotConfiguration
case *types.ConfigurationMemberS3Bucket:
_ = v.Value // Value is types.S3BucketConfiguration
case *types.ConfigurationMemberS3ExpressDirectoryBucket:
_ = v.Value // Value is types.S3ExpressDirectoryBucketConfiguration
case *types.ConfigurationMemberSecretsManagerSecret:
_ = v.Value // Value is types.SecretsManagerSecretConfiguration
case *types.ConfigurationMemberSnsTopic:
_ = v.Value // Value is types.SnsTopicConfiguration
case *types.ConfigurationMemberSqsQueue:
_ = v.Value // Value is types.SqsQueueConfiguration
case *types.UnknownUnionMember:
fmt.Println("unknown tag:", v.Tag)
default:
fmt.Println("union is nil or unknown type")
}
}
Output:
type ConfigurationMemberDynamodbStream ¶ added in v1.29.0
type ConfigurationMemberDynamodbStream struct {
Value DynamodbStreamConfiguration
// contains filtered or unexported fields
}
The access control configuration is for a DynamoDB stream.
type ConfigurationMemberDynamodbTable ¶ added in v1.29.0
type ConfigurationMemberDynamodbTable struct {
Value DynamodbTableConfiguration
// contains filtered or unexported fields
}
The access control configuration is for a DynamoDB table or index.
type ConfigurationMemberEbsSnapshot ¶ added in v1.17.0
type ConfigurationMemberEbsSnapshot struct {
Value EbsSnapshotConfiguration
// contains filtered or unexported fields
}
The access control configuration is for an Amazon EBS volume snapshot.
type ConfigurationMemberEcrRepository ¶ added in v1.17.0
type ConfigurationMemberEcrRepository struct {
Value EcrRepositoryConfiguration
// contains filtered or unexported fields
}
The access control configuration is for an Amazon ECR repository.
type ConfigurationMemberEfsFileSystem ¶ added in v1.17.0
type ConfigurationMemberEfsFileSystem struct {
Value EfsFileSystemConfiguration
// contains filtered or unexported fields
}
The access control configuration is for an Amazon EFS file system.
type ConfigurationMemberIamRole ¶ added in v1.2.0
type ConfigurationMemberIamRole struct {
Value IamRoleConfiguration
// contains filtered or unexported fields
}
The access control configuration is for an IAM role.
type ConfigurationMemberKmsKey ¶ added in v1.2.0
type ConfigurationMemberKmsKey struct {
Value KmsKeyConfiguration
// contains filtered or unexported fields
}
The access control configuration is for a KMS key.
type ConfigurationMemberRdsDbClusterSnapshot ¶ added in v1.17.0
type ConfigurationMemberRdsDbClusterSnapshot struct {
Value RdsDbClusterSnapshotConfiguration
// contains filtered or unexported fields
}
The access control configuration is for an Amazon RDS DB cluster snapshot.
type ConfigurationMemberRdsDbSnapshot ¶ added in v1.17.0
type ConfigurationMemberRdsDbSnapshot struct {
Value RdsDbSnapshotConfiguration
// contains filtered or unexported fields
}
The access control configuration is for an Amazon RDS DB snapshot.
type ConfigurationMemberS3Bucket ¶ added in v1.2.0
type ConfigurationMemberS3Bucket struct {
Value S3BucketConfiguration
// contains filtered or unexported fields
}
The access control configuration is for an Amazon S3 bucket.
type ConfigurationMemberS3ExpressDirectoryBucket ¶ added in v1.25.0
type ConfigurationMemberS3ExpressDirectoryBucket struct {
Value S3ExpressDirectoryBucketConfiguration
// contains filtered or unexported fields
}
The access control configuration is for an Amazon S3 directory bucket.
type ConfigurationMemberSecretsManagerSecret ¶ added in v1.2.0
type ConfigurationMemberSecretsManagerSecret struct {
Value SecretsManagerSecretConfiguration
// contains filtered or unexported fields
}
The access control configuration is for a Secrets Manager secret.
type ConfigurationMemberSnsTopic ¶ added in v1.17.0
type ConfigurationMemberSnsTopic struct {
Value SnsTopicConfiguration
// contains filtered or unexported fields
}
The access control configuration is for an Amazon SNS topic
type ConfigurationMemberSqsQueue ¶ added in v1.2.0
type ConfigurationMemberSqsQueue struct {
Value SqsQueueConfiguration
// contains filtered or unexported fields
}
The access control configuration is for an Amazon SQS queue.
type ConflictException ¶
type ConflictException struct {
Message *string
ErrorCodeOverride *string
ResourceId *string
ResourceType *string
// contains filtered or unexported fields
}
A conflict exception error.
func (*ConflictException) Error ¶
func (e *ConflictException) Error() string
func (*ConflictException) ErrorCode ¶
func (e *ConflictException) ErrorCode() string
func (*ConflictException) ErrorFault ¶
func (e *ConflictException) ErrorFault() smithy.ErrorFault
func (*ConflictException) ErrorMessage ¶
func (e *ConflictException) ErrorMessage() string
type Criterion ¶
type Criterion struct {
// A "contains" operator to match for the filter used to create the rule.
Contains []string
// An "equals" operator to match for the filter used to create the rule.
Eq []string
// An "exists" operator to match for the filter used to create the rule.
Exists *bool
// A "not equals" operator to match for the filter used to create the rule.
Neq []string
// contains filtered or unexported fields
}
The criteria to use in the filter that defines the archive rule. For more information on available filter keys, see IAM Access Analyzer filter keys (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html) .
type DynamodbStreamConfiguration ¶ added in v1.29.0
type DynamodbStreamConfiguration struct {
// The proposed resource policy defining who can access or manage the DynamoDB
// stream.
StreamPolicy *string
// contains filtered or unexported fields
}
The proposed access control configuration for a DynamoDB stream. You can propose a configuration for a new DynamoDB stream or an existing DynamoDB stream that you own by specifying the policy for the DynamoDB stream. For more information, see PutResourcePolicy (https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_PutResourcePolicy.html) .
- If the configuration is for an existing DynamoDB stream and you do not specify the DynamoDB policy, then the access preview uses the existing DynamoDB policy for the stream.
- If the access preview is for a new resource and you do not specify the policy, then the access preview assumes a DynamoDB stream without a policy.
- To propose deletion of an existing DynamoDB stream policy, you can specify an empty string for the DynamoDB policy.
type DynamodbTableConfiguration ¶ added in v1.29.0
type DynamodbTableConfiguration struct {
// The proposed resource policy defining who can access or manage the DynamoDB
// table.
TablePolicy *string
// contains filtered or unexported fields
}
The proposed access control configuration for a DynamoDB table or index. You can propose a configuration for a new DynamoDB table or index or an existing DynamoDB table or index that you own by specifying the policy for the DynamoDB table or index. For more information, see PutResourcePolicy (https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_PutResourcePolicy.html) .
- If the configuration is for an existing DynamoDB table or index and you do not specify the DynamoDB policy, then the access preview uses the existing DynamoDB policy for the table or index.
- If the access preview is for a new resource and you do not specify the policy, then the access preview assumes a DynamoDB table without a policy.
- To propose deletion of an existing DynamoDB table or index policy, you can specify an empty string for the DynamoDB policy.
type EbsSnapshotConfiguration ¶ added in v1.17.0
type EbsSnapshotConfiguration struct {
// The groups that have access to the Amazon EBS volume snapshot. If the value all
// is specified, then the Amazon EBS volume snapshot is public.
// - If the configuration is for an existing Amazon EBS volume snapshot and you
// do not specify the groups , then the access preview uses the existing shared
// groups for the snapshot.
// - If the access preview is for a new resource and you do not specify the
// groups , then the access preview considers the snapshot without any groups .
// - To propose deletion of existing shared groups , you can specify an empty
// list for groups .
Groups []string
// The KMS key identifier for an encrypted Amazon EBS volume snapshot. The KMS key
// identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
// - If the configuration is for an existing Amazon EBS volume snapshot and you
// do not specify the kmsKeyId , or you specify an empty string, then the access
// preview uses the existing kmsKeyId of the snapshot.
// - If the access preview is for a new resource and you do not specify the
// kmsKeyId , the access preview considers the snapshot as unencrypted.
KmsKeyId *string
// The IDs of the Amazon Web Services accounts that have access to the Amazon EBS
// volume snapshot.
// - If the configuration is for an existing Amazon EBS volume snapshot and you
// do not specify the userIds , then the access preview uses the existing shared
// userIds for the snapshot.
// - If the access preview is for a new resource and you do not specify the
// userIds , then the access preview considers the snapshot without any userIds .
// - To propose deletion of existing shared accountIds , you can specify an empty
// list for userIds .
UserIds []string
// contains filtered or unexported fields
}
The proposed access control configuration for an Amazon EBS volume snapshot. You can propose a configuration for a new Amazon EBS volume snapshot or an Amazon EBS volume snapshot that you own by specifying the user IDs, groups, and optional KMS encryption key. For more information, see ModifySnapshotAttribute (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html) .
type EcrRepositoryConfiguration ¶ added in v1.17.0
type EcrRepositoryConfiguration struct {
// The JSON repository policy text to apply to the Amazon ECR repository. For more
// information, see Private repository policy examples (https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html)
// in the Amazon ECR User Guide.
RepositoryPolicy *string
// contains filtered or unexported fields
}
The proposed access control configuration for an Amazon ECR repository. You can propose a configuration for a new Amazon ECR repository or an existing Amazon ECR repository that you own by specifying the Amazon ECR policy. For more information, see Repository (https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Repository.html) .
- If the configuration is for an existing Amazon ECR repository and you do not specify the Amazon ECR policy, then the access preview uses the existing Amazon ECR policy for the repository.
- If the access preview is for a new resource and you do not specify the policy, then the access preview assumes an Amazon ECR repository without a policy.
- To propose deletion of an existing Amazon ECR repository policy, you can specify an empty string for the Amazon ECR policy.
type EfsFileSystemConfiguration ¶ added in v1.17.0
type EfsFileSystemConfiguration struct {
// The JSON policy definition to apply to the Amazon EFS file system. For more
// information on the elements that make up a file system policy, see Amazon EFS
// Resource-based policies (https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies)
// .
FileSystemPolicy *string
// contains filtered or unexported fields
}
The proposed access control configuration for an Amazon EFS file system. You can propose a configuration for a new Amazon EFS file system or an existing Amazon EFS file system that you own by specifying the Amazon EFS policy. For more information, see Using file systems in Amazon EFS (https://docs.aws.amazon.com/efs/latest/ug/using-fs.html) .
- If the configuration is for an existing Amazon EFS file system and you do not specify the Amazon EFS policy, then the access preview uses the existing Amazon EFS policy for the file system.
- If the access preview is for a new resource and you do not specify the policy, then the access preview assumes an Amazon EFS file system without a policy.
- To propose deletion of an existing Amazon EFS file system policy, you can specify an empty string for the Amazon EFS policy.
type ExternalAccessDetails ¶ added in v1.24.0
type ExternalAccessDetails struct {
// The condition in the analyzed policy statement that resulted in an external
// access finding.
//
// This member is required.
Condition map[string]string
// The action in the analyzed policy statement that an external principal has
// permission to use.
Action []string
// Specifies whether the external access finding is public.
IsPublic *bool
// The external principal that has access to a resource within the zone of trust.
Principal map[string]string
// The sources of the external access finding. This indicates how the access that
// generated the finding is granted. It is populated for Amazon S3 bucket findings.
Sources []FindingSource
// contains filtered or unexported fields
}
Contains information about an external access finding.
type Finding ¶
type Finding struct {
// The time at which the resource was analyzed.
//
// This member is required.
AnalyzedAt *time.Time
// The condition in the analyzed policy statement that resulted in a finding.
//
// This member is required.
Condition map[string]string
// The time at which the finding was generated.
//
// This member is required.
CreatedAt *time.Time
// The ID of the finding.
//
// This member is required.
Id *string
// The Amazon Web Services account ID that owns the resource.
//
// This member is required.
ResourceOwnerAccount *string
// The type of the resource identified in the finding.
//
// This member is required.
ResourceType ResourceType
// The current status of the finding.
//
// This member is required.
Status FindingStatus
// The time at which the finding was updated.
//
// This member is required.
UpdatedAt *time.Time
// The action in the analyzed policy statement that an external principal has
// permission to use.
Action []string
// An error.
Error *string
// Indicates whether the policy that generated the finding allows public access to
// the resource.
IsPublic *bool
// The external principal that has access to a resource within the zone of trust.
Principal map[string]string
// The resource that an external principal has access to.
Resource *string
// The sources of the finding. This indicates how the access that generated the
// finding is granted. It is populated for Amazon S3 bucket findings.
Sources []FindingSource
// contains filtered or unexported fields
}
Contains information about a finding.
type FindingChangeType ¶ added in v1.2.0
type FindingChangeType string
const ( FindingChangeTypeChanged FindingChangeType = "CHANGED" FindingChangeTypeNew FindingChangeType = "NEW" FindingChangeTypeUnchanged FindingChangeType = "UNCHANGED" )
Enum values for FindingChangeType
func (FindingChangeType) Values ¶ added in v1.2.0
func (FindingChangeType) Values() []FindingChangeType
Values returns all known values for FindingChangeType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type FindingDetails ¶ added in v1.24.0
type FindingDetails interface {
// contains filtered or unexported methods
}
Contains information about an external access or unused access finding. Only one parameter can be used in a FindingDetails object.
The following types satisfy this interface:
FindingDetailsMemberExternalAccessDetails FindingDetailsMemberUnusedIamRoleDetails FindingDetailsMemberUnusedIamUserAccessKeyDetails FindingDetailsMemberUnusedIamUserPasswordDetails FindingDetailsMemberUnusedPermissionDetails
Example (OutputUsage) ¶
package main
import (
"fmt"
"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)
func main() {
var union types.FindingDetails
// type switches can be used to check the union value
switch v := union.(type) {
case *types.FindingDetailsMemberExternalAccessDetails:
_ = v.Value // Value is types.ExternalAccessDetails
case *types.FindingDetailsMemberUnusedIamRoleDetails:
_ = v.Value // Value is types.UnusedIamRoleDetails
case *types.FindingDetailsMemberUnusedIamUserAccessKeyDetails:
_ = v.Value // Value is types.UnusedIamUserAccessKeyDetails
case *types.FindingDetailsMemberUnusedIamUserPasswordDetails:
_ = v.Value // Value is types.UnusedIamUserPasswordDetails
case *types.FindingDetailsMemberUnusedPermissionDetails:
_ = v.Value // Value is types.UnusedPermissionDetails
case *types.UnknownUnionMember:
fmt.Println("unknown tag:", v.Tag)
default:
fmt.Println("union is nil or unknown type")
}
}
Output:
type FindingDetailsMemberExternalAccessDetails ¶ added in v1.24.0
type FindingDetailsMemberExternalAccessDetails struct {
Value ExternalAccessDetails
// contains filtered or unexported fields
}
The details for an external access analyzer finding.
type FindingDetailsMemberUnusedIamRoleDetails ¶ added in v1.24.0
type FindingDetailsMemberUnusedIamRoleDetails struct {
Value UnusedIamRoleDetails
// contains filtered or unexported fields
}
The details for an unused access analyzer finding with an unused IAM role finding type.
type FindingDetailsMemberUnusedIamUserAccessKeyDetails ¶ added in v1.24.0
type FindingDetailsMemberUnusedIamUserAccessKeyDetails struct {
Value UnusedIamUserAccessKeyDetails
// contains filtered or unexported fields
}
The details for an unused access analyzer finding with an unused IAM user access key finding type.
type FindingDetailsMemberUnusedIamUserPasswordDetails ¶ added in v1.24.0
type FindingDetailsMemberUnusedIamUserPasswordDetails struct {
Value UnusedIamUserPasswordDetails
// contains filtered or unexported fields
}
The details for an unused access analyzer finding with an unused IAM user password finding type.
type FindingDetailsMemberUnusedPermissionDetails ¶ added in v1.24.0
type FindingDetailsMemberUnusedPermissionDetails struct {
Value UnusedPermissionDetails
// contains filtered or unexported fields
}
The details for an unused access analyzer finding with an unused permission finding type.
type FindingSource ¶
type FindingSource struct {
// Indicates the type of access that generated the finding.
//
// This member is required.
Type FindingSourceType
// Includes details about how the access that generated the finding is granted.
// This is populated for Amazon S3 bucket findings.
Detail *FindingSourceDetail
// contains filtered or unexported fields
}
The source of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
type FindingSourceDetail ¶
type FindingSourceDetail struct {
// The account of the cross-account access point that generated the finding.
AccessPointAccount *string
// The ARN of the access point that generated the finding. The ARN format depends
// on whether the ARN represents an access point or a multi-region access point.
AccessPointArn *string
// contains filtered or unexported fields
}
Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.
type FindingSourceType ¶
type FindingSourceType string
const ( FindingSourceTypePolicy FindingSourceType = "POLICY" FindingSourceTypeBucketAcl FindingSourceType = "BUCKET_ACL" FindingSourceTypeS3AccessPoint FindingSourceType = "S3_ACCESS_POINT" FindingSourceTypeS3AccessPointAccount FindingSourceType = "S3_ACCESS_POINT_ACCOUNT" )
Enum values for FindingSourceType
func (FindingSourceType) Values ¶ added in v0.29.0
func (FindingSourceType) Values() []FindingSourceType
Values returns all known values for FindingSourceType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type FindingStatus ¶
type FindingStatus string
const ( FindingStatusActive FindingStatus = "ACTIVE" FindingStatusArchived FindingStatus = "ARCHIVED" FindingStatusResolved FindingStatus = "RESOLVED" )
Enum values for FindingStatus
func (FindingStatus) Values ¶ added in v0.29.0
func (FindingStatus) Values() []FindingStatus
Values returns all known values for FindingStatus. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type FindingStatusUpdate ¶
type FindingStatusUpdate string
const ( FindingStatusUpdateActive FindingStatusUpdate = "ACTIVE" FindingStatusUpdateArchived FindingStatusUpdate = "ARCHIVED" )
Enum values for FindingStatusUpdate
func (FindingStatusUpdate) Values ¶ added in v0.29.0
func (FindingStatusUpdate) Values() []FindingStatusUpdate
Values returns all known values for FindingStatusUpdate. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type FindingSummary ¶
type FindingSummary struct {
// The time at which the resource-based policy that generated the finding was
// analyzed.
//
// This member is required.
AnalyzedAt *time.Time
// The condition in the analyzed policy statement that resulted in a finding.
//
// This member is required.
Condition map[string]string
// The time at which the finding was created.
//
// This member is required.
CreatedAt *time.Time
// The ID of the finding.
//
// This member is required.
Id *string
// The Amazon Web Services account ID that owns the resource.
//
// This member is required.
ResourceOwnerAccount *string
// The type of the resource that the external principal has access to.
//
// This member is required.
ResourceType ResourceType
// The status of the finding.
//
// This member is required.
Status FindingStatus
// The time at which the finding was most recently updated.
//
// This member is required.
UpdatedAt *time.Time
// The action in the analyzed policy statement that an external principal has
// permission to use.
Action []string
// The error that resulted in an Error finding.
Error *string
// Indicates whether the finding reports a resource that has a policy that allows
// public access.
IsPublic *bool
// The external principal that has access to a resource within the zone of trust.
Principal map[string]string
// The resource that the external principal has access to.
Resource *string
// The sources of the finding. This indicates how the access that generated the
// finding is granted. It is populated for Amazon S3 bucket findings.
Sources []FindingSource
// contains filtered or unexported fields
}
Contains information about a finding.
type FindingSummaryV2 ¶ added in v1.24.0
type FindingSummaryV2 struct {
// The time at which the resource-based policy or IAM entity that generated the
// finding was analyzed.
//
// This member is required.
AnalyzedAt *time.Time
// The time at which the finding was created.
//
// This member is required.
CreatedAt *time.Time
// The ID of the finding.
//
// This member is required.
Id *string
// The Amazon Web Services account ID that owns the resource.
//
// This member is required.
ResourceOwnerAccount *string
// The type of the resource that the external principal has access to.
//
// This member is required.
ResourceType ResourceType
// The status of the finding.
//
// This member is required.
Status FindingStatus
// The time at which the finding was most recently updated.
//
// This member is required.
UpdatedAt *time.Time
// The error that resulted in an Error finding.
Error *string
// The type of the external access or unused access finding.
FindingType FindingType
// The resource that the external principal has access to.
Resource *string
// contains filtered or unexported fields
}
Contains information about a finding.
type FindingType ¶ added in v1.24.0
type FindingType string
const ( FindingTypeExternalAccess FindingType = "ExternalAccess" FindingTypeUnusedIamRole FindingType = "UnusedIAMRole" FindingTypeUnusedIamUserAccessKey FindingType = "UnusedIAMUserAccessKey" FindingTypeUnusedIamUserPassword FindingType = "UnusedIAMUserPassword" FindingTypeUnusedPermission FindingType = "UnusedPermission" )
Enum values for FindingType
func (FindingType) Values ¶ added in v1.24.0
func (FindingType) Values() []FindingType
Values returns all known values for FindingType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type GeneratedPolicy ¶ added in v1.3.0
type GeneratedPolicy struct {
// The text to use as the content for the new policy. The policy is created using
// the CreatePolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html)
// action.
//
// This member is required.
Policy *string
// contains filtered or unexported fields
}
Contains the text for the generated policy.
type GeneratedPolicyProperties ¶ added in v1.3.0
type GeneratedPolicyProperties struct {
// The ARN of the IAM entity (user or role) for which you are generating a policy.
//
// This member is required.
PrincipalArn *string
// Lists details about the Trail used to generated policy.
CloudTrailProperties *CloudTrailProperties
// This value is set to true if the generated policy contains all possible actions
// for a service that IAM Access Analyzer identified from the CloudTrail trail that
// you specified, and false otherwise.
IsComplete *bool
// contains filtered or unexported fields
}
Contains the generated policy details.
type GeneratedPolicyResult ¶ added in v1.3.0
type GeneratedPolicyResult struct {
// A GeneratedPolicyProperties object that contains properties of the generated
// policy.
//
// This member is required.
Properties *GeneratedPolicyProperties
// The text to use as the content for the new policy. The policy is created using
// the CreatePolicy (https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html)
// action.
GeneratedPolicies []GeneratedPolicy
// contains filtered or unexported fields
}
Contains the text for the generated policy and its details.
type IamRoleConfiguration ¶ added in v1.2.0
type IamRoleConfiguration struct {
// The proposed trust policy for the IAM role.
TrustPolicy *string
// contains filtered or unexported fields
}
The proposed access control configuration for an IAM role. You can propose a configuration for a new IAM role or an existing IAM role that you own by specifying the trust policy. If the configuration is for a new IAM role, you must specify the trust policy. If the configuration is for an existing IAM role that you own and you do not propose the trust policy, the access preview uses the existing trust policy for the role. The proposed trust policy cannot be an empty string. For more information about role trust policy limits, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) .
type InlineArchiveRule ¶
type InlineArchiveRule struct {
// The condition and values for a criterion.
//
// This member is required.
Filter map[string]Criterion
// The name of the rule.
//
// This member is required.
RuleName *string
// contains filtered or unexported fields
}
An criterion statement in an archive rule. Each archive rule may have multiple criteria.
type InternalServerException ¶
type InternalServerException struct {
Message *string
ErrorCodeOverride *string
RetryAfterSeconds *int32
// contains filtered or unexported fields
}
Internal server error.
func (*InternalServerException) Error ¶
func (e *InternalServerException) Error() string
func (*InternalServerException) ErrorCode ¶
func (e *InternalServerException) ErrorCode() string
func (*InternalServerException) ErrorFault ¶
func (e *InternalServerException) ErrorFault() smithy.ErrorFault
func (*InternalServerException) ErrorMessage ¶
func (e *InternalServerException) ErrorMessage() string
type InternetConfiguration ¶ added in v1.2.0
type InternetConfiguration struct {
// contains filtered or unexported fields
}
This configuration sets the network origin for the Amazon S3 access point or multi-region access point to Internet .
type InvalidParameterException ¶ added in v1.24.0
type InvalidParameterException struct {
Message *string
ErrorCodeOverride *string
// contains filtered or unexported fields
}
The specified parameter is invalid.
func (*InvalidParameterException) Error ¶ added in v1.24.0
func (e *InvalidParameterException) Error() string
func (*InvalidParameterException) ErrorCode ¶ added in v1.24.0
func (e *InvalidParameterException) ErrorCode() string
func (*InvalidParameterException) ErrorFault ¶ added in v1.24.0
func (e *InvalidParameterException) ErrorFault() smithy.ErrorFault
func (*InvalidParameterException) ErrorMessage ¶ added in v1.24.0
func (e *InvalidParameterException) ErrorMessage() string
type JobDetails ¶ added in v1.3.0
type JobDetails struct {
// The JobId that is returned by the StartPolicyGeneration operation. The JobId
// can be used with GetGeneratedPolicy to retrieve the generated policies or used
// with CancelPolicyGeneration to cancel the policy generation request.
//
// This member is required.
JobId *string
// A timestamp of when the job was started.
//
// This member is required.
StartedOn *time.Time
// The status of the job request.
//
// This member is required.
Status JobStatus
// A timestamp of when the job was completed.
CompletedOn *time.Time
// The job error for the policy generation request.
JobError *JobError
// contains filtered or unexported fields
}
Contains details about the policy generation request.
type JobError ¶ added in v1.3.0
type JobError struct {
// The job error code.
//
// This member is required.
Code JobErrorCode
// Specific information about the error. For example, which service quota was
// exceeded or which resource was not found.
//
// This member is required.
Message *string
// contains filtered or unexported fields
}
Contains the details about the policy generation error.
type JobErrorCode ¶ added in v1.3.0
type JobErrorCode string
const ( JobErrorCodeAuthorizationError JobErrorCode = "AUTHORIZATION_ERROR" JobErrorCodeResourceNotFoundError JobErrorCode = "RESOURCE_NOT_FOUND_ERROR" JobErrorCodeServiceQuotaExceededError JobErrorCode = "SERVICE_QUOTA_EXCEEDED_ERROR" JobErrorCodeServiceError JobErrorCode = "SERVICE_ERROR" )
Enum values for JobErrorCode
func (JobErrorCode) Values ¶ added in v1.3.0
func (JobErrorCode) Values() []JobErrorCode
Values returns all known values for JobErrorCode. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type JobStatus ¶ added in v1.3.0
type JobStatus string
type KmsGrantConfiguration ¶ added in v1.2.0
type KmsGrantConfiguration struct {
// The principal that is given permission to perform the operations that the grant
// permits.
//
// This member is required.
GranteePrincipal *string
// The Amazon Web Services account under which the grant was issued. The account
// is used to propose KMS grants issued by accounts other than the owner of the
// key.
//
// This member is required.
IssuingAccount *string
// A list of operations that the grant permits.
//
// This member is required.
Operations []KmsGrantOperation
// Use this structure to propose allowing cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations)
// in the grant only when the operation request includes the specified encryption
// context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context)
// .
Constraints *KmsGrantConstraints
// The principal that is given permission to retire the grant by using RetireGrant (https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html)
// operation.
RetiringPrincipal *string
// contains filtered or unexported fields
}
A proposed grant configuration for a KMS key. For more information, see CreateGrant (https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html) .
type KmsGrantConstraints ¶ added in v1.2.0
type KmsGrantConstraints struct {
// A list of key-value pairs that must match the encryption context in the
// cryptographic operation (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations)
// request. The grant allows the operation only when the encryption context in the
// request is the same as the encryption context specified in this constraint.
EncryptionContextEquals map[string]string
// A list of key-value pairs that must be included in the encryption context of
// the cryptographic operation (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations)
// request. The grant allows the cryptographic operation only when the encryption
// context in the request includes the key-value pairs specified in this
// constraint, although it can include additional key-value pairs.
EncryptionContextSubset map[string]string
// contains filtered or unexported fields
}
Use this structure to propose allowing cryptographic operations (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) in the grant only when the operation request includes the specified encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) . You can specify only one type of encryption context. An empty map is treated as not specified. For more information, see GrantConstraints (https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html) .
type KmsGrantOperation ¶ added in v1.2.0
type KmsGrantOperation string
const ( KmsGrantOperationCreateGrant KmsGrantOperation = "CreateGrant" KmsGrantOperationDecrypt KmsGrantOperation = "Decrypt" KmsGrantOperationDescribeKey KmsGrantOperation = "DescribeKey" KmsGrantOperationEncrypt KmsGrantOperation = "Encrypt" KmsGrantOperationGenerateDataKey KmsGrantOperation = "GenerateDataKey" KmsGrantOperationGenerateDataKeyPair KmsGrantOperation = "GenerateDataKeyPair" KmsGrantOperationGenerateDataKeyPairWithoutPlaintext KmsGrantOperation = "GenerateDataKeyPairWithoutPlaintext" KmsGrantOperationGenerateDataKeyWithoutPlaintext KmsGrantOperation = "GenerateDataKeyWithoutPlaintext" KmsGrantOperationGetPublicKey KmsGrantOperation = "GetPublicKey" KmsGrantOperationReencryptFrom KmsGrantOperation = "ReEncryptFrom" KmsGrantOperationReencryptTo KmsGrantOperation = "ReEncryptTo" KmsGrantOperationRetireGrant KmsGrantOperation = "RetireGrant" KmsGrantOperationSign KmsGrantOperation = "Sign" KmsGrantOperationVerify KmsGrantOperation = "Verify" )
Enum values for KmsGrantOperation
func (KmsGrantOperation) Values ¶ added in v1.2.0
func (KmsGrantOperation) Values() []KmsGrantOperation
Values returns all known values for KmsGrantOperation. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type KmsKeyConfiguration ¶ added in v1.2.0
type KmsKeyConfiguration struct {
// A list of proposed grant configurations for the KMS key. If the proposed grant
// configuration is for an existing key, the access preview uses the proposed list
// of grant configurations in place of the existing grants. Otherwise, the access
// preview uses the existing grants for the key.
Grants []KmsGrantConfiguration
// Resource policy configuration for the KMS key. The only valid value for the
// name of the key policy is default . For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default)
// .
KeyPolicies map[string]string
// contains filtered or unexported fields
}
Proposed access control configuration for a KMS key. You can propose a configuration for a new KMS key or an existing KMS key that you own by specifying the key policy and KMS grant configuration. If the configuration is for an existing key and you do not specify the key policy, the access preview uses the existing policy for the key. If the access preview is for a new resource and you do not specify the key policy, then the access preview uses the default key policy. The proposed key policy cannot be an empty string. For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) . For more information about key policy limits, see Resource quotas (https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html) .
type Locale ¶ added in v1.2.0
type Locale string
type Location ¶ added in v1.2.0
type Location struct {
// A path in a policy, represented as a sequence of path elements.
//
// This member is required.
Path []PathElement
// A span in a policy.
//
// This member is required.
Span *Span
// contains filtered or unexported fields
}
A location in a policy that is represented as a path through the JSON representation and a corresponding span.
type NetworkOriginConfiguration ¶ added in v1.2.0
type NetworkOriginConfiguration interface {
// contains filtered or unexported methods
}
The proposed InternetConfiguration or VpcConfiguration to apply to the Amazon S3 access point. VpcConfiguration does not apply to multi-region access points. You can make the access point accessible from the internet, or you can specify that all requests made through that access point must originate from a specific virtual private cloud (VPC). You can specify only one type of network configuration. For more information, see Creating access points (https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html) .
The following types satisfy this interface:
NetworkOriginConfigurationMemberInternetConfiguration NetworkOriginConfigurationMemberVpcConfiguration
Example (OutputUsage) ¶
package main
import (
"fmt"
"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)
func main() {
var union types.NetworkOriginConfiguration
// type switches can be used to check the union value
switch v := union.(type) {
case *types.NetworkOriginConfigurationMemberInternetConfiguration:
_ = v.Value // Value is types.InternetConfiguration
case *types.NetworkOriginConfigurationMemberVpcConfiguration:
_ = v.Value // Value is types.VpcConfiguration
case *types.UnknownUnionMember:
fmt.Println("unknown tag:", v.Tag)
default:
fmt.Println("union is nil or unknown type")
}
}
Output:
type NetworkOriginConfigurationMemberInternetConfiguration ¶ added in v1.2.0
type NetworkOriginConfigurationMemberInternetConfiguration struct {
Value InternetConfiguration
// contains filtered or unexported fields
}
The configuration for the Amazon S3 access point or multi-region access point with an Internet origin.
type NetworkOriginConfigurationMemberVpcConfiguration ¶ added in v1.2.0
type NetworkOriginConfigurationMemberVpcConfiguration struct {
Value VpcConfiguration
// contains filtered or unexported fields
}
The proposed virtual private cloud (VPC) configuration for the Amazon S3 access point. VPC configuration does not apply to multi-region access points. For more information, see VpcConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html) .
type PathElement ¶ added in v1.2.0
type PathElement interface {
// contains filtered or unexported methods
}
A single element in a path through the JSON representation of a policy.
The following types satisfy this interface:
PathElementMemberIndex PathElementMemberKey PathElementMemberSubstring PathElementMemberValue
Example (OutputUsage) ¶
package main
import (
"fmt"
"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)
func main() {
var union types.PathElement
// type switches can be used to check the union value
switch v := union.(type) {
case *types.PathElementMemberIndex:
_ = v.Value // Value is int32
case *types.PathElementMemberKey:
_ = v.Value // Value is string
case *types.PathElementMemberSubstring:
_ = v.Value // Value is types.Substring
case *types.PathElementMemberValue:
_ = v.Value // Value is string
case *types.UnknownUnionMember:
fmt.Println("unknown tag:", v.Tag)
default:
fmt.Println("union is nil or unknown type")
}
}
Output:
type PathElementMemberIndex ¶ added in v1.2.0
type PathElementMemberIndex struct {
Value int32
// contains filtered or unexported fields
}
Refers to an index in a JSON array.
type PathElementMemberKey ¶ added in v1.2.0
type PathElementMemberKey struct {
Value string
// contains filtered or unexported fields
}
Refers to a key in a JSON object.
type PathElementMemberSubstring ¶ added in v1.2.0
type PathElementMemberSubstring struct {
Value Substring
// contains filtered or unexported fields
}
Refers to a substring of a literal string in a JSON object.
type PathElementMemberValue ¶ added in v1.2.0
type PathElementMemberValue struct {
Value string
// contains filtered or unexported fields
}
Refers to the value associated with a given key in a JSON object.
type PolicyGeneration ¶ added in v1.3.0
type PolicyGeneration struct {
// The JobId that is returned by the StartPolicyGeneration operation. The JobId
// can be used with GetGeneratedPolicy to retrieve the generated policies or used
// with CancelPolicyGeneration to cancel the policy generation request.
//
// This member is required.
JobId *string
// The ARN of the IAM entity (user or role) for which you are generating a policy.
//
// This member is required.
PrincipalArn *string
// A timestamp of when the policy generation started.
//
// This member is required.
StartedOn *time.Time
// The status of the policy generation request.
//
// This member is required.
Status JobStatus
// A timestamp of when the policy generation was completed.
CompletedOn *time.Time
// contains filtered or unexported fields
}
Contains details about the policy generation status and properties.
type PolicyGenerationDetails ¶ added in v1.3.0
type PolicyGenerationDetails struct {
// The ARN of the IAM entity (user or role) for which you are generating a policy.
//
// This member is required.
PrincipalArn *string
// contains filtered or unexported fields
}
Contains the ARN details about the IAM entity for which the policy is generated.
type PolicyType ¶ added in v1.2.0
type PolicyType string
const ( PolicyTypeIdentityPolicy PolicyType = "IDENTITY_POLICY" PolicyTypeResourcePolicy PolicyType = "RESOURCE_POLICY" PolicyTypeServiceControlPolicy PolicyType = "SERVICE_CONTROL_POLICY" )
Enum values for PolicyType
func (PolicyType) Values ¶ added in v1.2.0
func (PolicyType) Values() []PolicyType
Values returns all known values for PolicyType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type Position ¶ added in v1.2.0
type Position struct {
// The column of the position, starting from 0.
//
// This member is required.
Column *int32
// The line of the position, starting from 1.
//
// This member is required.
Line *int32
// The offset within the policy that corresponds to the position, starting from 0.
//
// This member is required.
Offset *int32
// contains filtered or unexported fields
}
A position in a policy.
type RdsDbClusterSnapshotAttributeValue ¶ added in v1.17.0
type RdsDbClusterSnapshotAttributeValue interface {
// contains filtered or unexported methods
}
The values for a manual Amazon RDS DB cluster snapshot attribute.
The following types satisfy this interface:
RdsDbClusterSnapshotAttributeValueMemberAccountIds
Example (OutputUsage) ¶
package main
import (
"fmt"
"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)
func main() {
var union types.RdsDbClusterSnapshotAttributeValue
// type switches can be used to check the union value
switch v := union.(type) {
case *types.RdsDbClusterSnapshotAttributeValueMemberAccountIds:
_ = v.Value // Value is []string
case *types.UnknownUnionMember:
fmt.Println("unknown tag:", v.Tag)
default:
fmt.Println("union is nil or unknown type")
}
}
Output:
type RdsDbClusterSnapshotAttributeValueMemberAccountIds ¶ added in v1.17.0
type RdsDbClusterSnapshotAttributeValueMemberAccountIds struct {
Value []string
// contains filtered or unexported fields
}
The Amazon Web Services account IDs that have access to the manual Amazon RDS DB cluster snapshot. If the value all is specified, then the Amazon RDS DB cluster snapshot is public and can be copied or restored by all Amazon Web Services accounts.
- If the configuration is for an existing Amazon RDS DB cluster snapshot and you do not specify the accountIds in RdsDbClusterSnapshotAttributeValue , then the access preview uses the existing shared accountIds for the snapshot.
- If the access preview is for a new resource and you do not specify the specify the accountIds in RdsDbClusterSnapshotAttributeValue , then the access preview considers the snapshot without any attributes.
- To propose deletion of existing shared accountIds , you can specify an empty list for accountIds in the RdsDbClusterSnapshotAttributeValue .
type RdsDbClusterSnapshotConfiguration ¶ added in v1.17.0
type RdsDbClusterSnapshotConfiguration struct {
// The names and values of manual DB cluster snapshot attributes. Manual DB
// cluster snapshot attributes are used to authorize other Amazon Web Services
// accounts to restore a manual DB cluster snapshot. The only valid value for
// AttributeName for the attribute map is restore
Attributes map[string]RdsDbClusterSnapshotAttributeValue
// The KMS key identifier for an encrypted Amazon RDS DB cluster snapshot. The KMS
// key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
//
// - If the configuration is for an existing Amazon RDS DB cluster snapshot and
// you do not specify the kmsKeyId , or you specify an empty string, then the
// access preview uses the existing kmsKeyId of the snapshot.
// - If the access preview is for a new resource and you do not specify the
// specify the kmsKeyId , then the access preview considers the snapshot as
// unencrypted.
KmsKeyId *string
// contains filtered or unexported fields
}
The proposed access control configuration for an Amazon RDS DB cluster snapshot. You can propose a configuration for a new Amazon RDS DB cluster snapshot or an Amazon RDS DB cluster snapshot that you own by specifying the RdsDbClusterSnapshotAttributeValue and optional KMS encryption key. For more information, see ModifyDBClusterSnapshotAttribute (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBClusterSnapshotAttribute.html) .
type RdsDbSnapshotAttributeValue ¶ added in v1.17.0
type RdsDbSnapshotAttributeValue interface {
// contains filtered or unexported methods
}
The name and values of a manual Amazon RDS DB snapshot attribute. Manual DB snapshot attributes are used to authorize other Amazon Web Services accounts to restore a manual DB snapshot.
The following types satisfy this interface:
RdsDbSnapshotAttributeValueMemberAccountIds
Example (OutputUsage) ¶
package main
import (
"fmt"
"github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types"
)
func main() {
var union types.RdsDbSnapshotAttributeValue
// type switches can be used to check the union value
switch v := union.(type) {
case *types.RdsDbSnapshotAttributeValueMemberAccountIds:
_ = v.Value // Value is []string
case *types.UnknownUnionMember:
fmt.Println("unknown tag:", v.Tag)
default:
fmt.Println("union is nil or unknown type")
}
}
Output:
type RdsDbSnapshotAttributeValueMemberAccountIds ¶ added in v1.17.0
type RdsDbSnapshotAttributeValueMemberAccountIds struct {
Value []string
// contains filtered or unexported fields
}
The Amazon Web Services account IDs that have access to the manual Amazon RDS DB snapshot. If the value all is specified, then the Amazon RDS DB snapshot is public and can be copied or restored by all Amazon Web Services accounts.
- If the configuration is for an existing Amazon RDS DB snapshot and you do not specify the accountIds in RdsDbSnapshotAttributeValue , then the access preview uses the existing shared accountIds for the snapshot.
- If the access preview is for a new resource and you do not specify the specify the accountIds in RdsDbSnapshotAttributeValue , then the access preview considers the snapshot without any attributes.
- To propose deletion of an existing shared accountIds , you can specify an empty list for accountIds in the RdsDbSnapshotAttributeValue .
type RdsDbSnapshotConfiguration ¶ added in v1.17.0
type RdsDbSnapshotConfiguration struct {
// The names and values of manual DB snapshot attributes. Manual DB snapshot
// attributes are used to authorize other Amazon Web Services accounts to restore a
// manual DB snapshot. The only valid value for attributeName for the attribute
// map is restore.
Attributes map[string]RdsDbSnapshotAttributeValue
// The KMS key identifier for an encrypted Amazon RDS DB snapshot. The KMS key
// identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
// - If the configuration is for an existing Amazon RDS DB snapshot and you do
// not specify the kmsKeyId , or you specify an empty string, then the access
// preview uses the existing kmsKeyId of the snapshot.
// - If the access preview is for a new resource and you do not specify the
// specify the kmsKeyId , then the access preview considers the snapshot as
// unencrypted.
KmsKeyId *string
// contains filtered or unexported fields
}
The proposed access control configuration for an Amazon RDS DB snapshot. You can propose a configuration for a new Amazon RDS DB snapshot or an Amazon RDS DB snapshot that you own by specifying the RdsDbSnapshotAttributeValue and optional KMS encryption key. For more information, see ModifyDBSnapshotAttribute (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_ModifyDBSnapshotAttribute.html) .
type ReasonCode ¶
type ReasonCode string
const ( ReasonCodeAwsServiceAccessDisabled ReasonCode = "AWS_SERVICE_ACCESS_DISABLED" ReasonCodeDelegatedAdministratorDeregistered ReasonCode = "DELEGATED_ADMINISTRATOR_DEREGISTERED" ReasonCodeOrganizationDeleted ReasonCode = "ORGANIZATION_DELETED" ReasonCodeServiceLinkedRoleCreationFailed ReasonCode = "SERVICE_LINKED_ROLE_CREATION_FAILED" )
Enum values for ReasonCode
func (ReasonCode) Values ¶ added in v0.29.0
func (ReasonCode) Values() []ReasonCode
Values returns all known values for ReasonCode. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type ReasonSummary ¶ added in v1.24.0
type ReasonSummary struct {
// A description of the reasoning of a result of checking for access.
Description *string
// The identifier for the reason statement.
StatementId *string
// The index number of the reason statement.
StatementIndex *int32
// contains filtered or unexported fields
}
Contains information about the reasoning why a check for access passed or failed.
type ResourceNotFoundException ¶
type ResourceNotFoundException struct {
Message *string
ErrorCodeOverride *string
ResourceId *string
ResourceType *string
// contains filtered or unexported fields
}
The specified resource could not be found.
func (*ResourceNotFoundException) Error ¶
func (e *ResourceNotFoundException) Error() string
func (*ResourceNotFoundException) ErrorCode ¶
func (e *ResourceNotFoundException) ErrorCode() string
func (*ResourceNotFoundException) ErrorFault ¶
func (e *ResourceNotFoundException) ErrorFault() smithy.ErrorFault
func (*ResourceNotFoundException) ErrorMessage ¶
func (e *ResourceNotFoundException) ErrorMessage() string
type ResourceType ¶
type ResourceType string
const ( ResourceTypeAwsS3Bucket ResourceType = "AWS::S3::Bucket" ResourceTypeAwsIamRole ResourceType = "AWS::IAM::Role" ResourceTypeAwsSqsQueue ResourceType = "AWS::SQS::Queue" ResourceTypeAwsLambdaFunction ResourceType = "AWS::Lambda::Function" ResourceTypeAwsLambdaLayerversion ResourceType = "AWS::Lambda::LayerVersion" ResourceTypeAwsKmsKey ResourceType = "AWS::KMS::Key" ResourceTypeAwsSecretsmanagerSecret ResourceType = "AWS::SecretsManager::Secret" ResourceTypeAwsEfsFilesystem ResourceType = "AWS::EFS::FileSystem" ResourceTypeAwsEc2Snapshot ResourceType = "AWS::EC2::Snapshot" ResourceTypeAwsEcrRepository ResourceType = "AWS::ECR::Repository" ResourceTypeAwsRdsDbsnapshot ResourceType = "AWS::RDS::DBSnapshot" ResourceTypeAwsRdsDbclustersnapshot ResourceType = "AWS::RDS::DBClusterSnapshot" ResourceTypeAwsSnsTopic ResourceType = "AWS::SNS::Topic" ResourceTypeAwsS3expressDirectorybucket ResourceType = "AWS::S3Express::DirectoryBucket" ResourceTypeAwsDynamodbTable ResourceType = "AWS::DynamoDB::Table" ResourceTypeAwsDynamodbStream ResourceType = "AWS::DynamoDB::Stream" )
Enum values for ResourceType
func (ResourceType) Values ¶ added in v0.29.0
func (ResourceType) Values() []ResourceType
Values returns all known values for ResourceType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type S3AccessPointConfiguration ¶ added in v1.2.0
type S3AccessPointConfiguration struct {
// The access point or multi-region access point policy.
AccessPointPolicy *string
// The proposed Internet and VpcConfiguration to apply to this Amazon S3 access
// point. VpcConfiguration does not apply to multi-region access points. If the
// access preview is for a new resource and neither is specified, the access
// preview uses Internet for the network origin. If the access preview is for an
// existing resource and neither is specified, the access preview uses the exiting
// network origin.
NetworkOrigin NetworkOriginConfiguration
// The proposed S3PublicAccessBlock configuration to apply to this Amazon S3
// access point or multi-region access point.
PublicAccessBlock *S3PublicAccessBlockConfiguration
// contains filtered or unexported fields
}
The configuration for an Amazon S3 access point or multi-region access point for the bucket. You can propose up to 10 access points or multi-region access points per bucket. If the proposed Amazon S3 access point configuration is for an existing bucket, the access preview uses the proposed access point configuration in place of the existing access points. To propose an access point without a policy, you can provide an empty string as the access point policy. For more information, see Creating access points (https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html) . For more information about access point policy limits, see Access points restrictions and limitations (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points-restrictions-limitations.html) .
type S3BucketAclGrantConfiguration ¶ added in v1.2.0
type S3BucketAclGrantConfiguration struct {
// The grantee to whom you’re assigning access rights.
//
// This member is required.
Grantee AclGrantee
// The permissions being granted.
//
// This member is required.
Permission AclPermission
// contains filtered or unexported fields
}
A proposed access control list grant configuration for an Amazon S3 bucket. For more information, see How to Specify an ACL (https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#setting-acls) .
type S3BucketConfiguration ¶ added in v1.2.0
type S3BucketConfiguration struct {
// The configuration of Amazon S3 access points or multi-region access points for
// the bucket. You can propose up to 10 new access points per bucket.
AccessPoints map[string]S3AccessPointConfiguration
// The proposed list of ACL grants for the Amazon S3 bucket. You can propose up to
// 100 ACL grants per bucket. If the proposed grant configuration is for an
// existing bucket, the access preview uses the proposed list of grant
// configurations in place of the existing grants. Otherwise, the access preview
// uses the existing grants for the bucket.
BucketAclGrants []S3BucketAclGrantConfiguration
// The proposed bucket policy for the Amazon S3 bucket.
BucketPolicy *string
// The proposed block public access configuration for the Amazon S3 bucket.
BucketPublicAccessBlock *S3PublicAccessBlockConfiguration
// contains filtered or unexported fields
}
Proposed access control configuration for an Amazon S3 bucket. You can propose a configuration for a new Amazon S3 bucket or an existing Amazon S3 bucket that you own by specifying the Amazon S3 bucket policy, bucket ACLs, bucket BPA settings, Amazon S3 access points, and multi-region access points attached to the bucket. If the configuration is for an existing Amazon S3 bucket and you do not specify the Amazon S3 bucket policy, the access preview uses the existing policy attached to the bucket. If the access preview is for a new resource and you do not specify the Amazon S3 bucket policy, the access preview assumes a bucket without a policy. To propose deletion of an existing bucket policy, you can specify an empty string. For more information about bucket policy limits, see Bucket Policy Examples (https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html) .
type S3ExpressDirectoryBucketConfiguration ¶ added in v1.25.0
type S3ExpressDirectoryBucketConfiguration struct {
// The proposed bucket policy for the Amazon S3 directory bucket.
BucketPolicy *string
// contains filtered or unexported fields
}
Proposed access control configuration for an Amazon S3 directory bucket. You can propose a configuration for a new Amazon S3 directory bucket or an existing Amazon S3 directory bucket that you own by specifying the Amazon S3 bucket policy. If the configuration is for an existing Amazon S3 directory bucket and you do not specify the Amazon S3 bucket policy, the access preview uses the existing policy attached to the directory bucket. If the access preview is for a new resource and you do not specify the Amazon S3 bucket policy, the access preview assumes an directory bucket without a policy. To propose deletion of an existing bucket policy, you can specify an empty string. For more information about Amazon S3 directory bucket policies, see Example directory bucket policies for S3 Express One Zone (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html) .
type S3PublicAccessBlockConfiguration ¶ added in v1.2.0
type S3PublicAccessBlockConfiguration struct {
// Specifies whether Amazon S3 should ignore public ACLs for this bucket and
// objects in this bucket.
//
// This member is required.
IgnorePublicAcls *bool
// Specifies whether Amazon S3 should restrict public bucket policies for this
// bucket.
//
// This member is required.
RestrictPublicBuckets *bool
// contains filtered or unexported fields
}
The PublicAccessBlock configuration to apply to this Amazon S3 bucket. If the proposed configuration is for an existing Amazon S3 bucket and the configuration is not specified, the access preview uses the existing setting. If the proposed configuration is for a new bucket and the configuration is not specified, the access preview uses false . If the proposed configuration is for a new access point or multi-region access point and the access point BPA configuration is not specified, the access preview uses true . For more information, see PublicAccessBlockConfiguration (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-publicaccessblockconfiguration.html) .
type SecretsManagerSecretConfiguration ¶ added in v1.2.0
type SecretsManagerSecretConfiguration struct {
// The proposed ARN, key ID, or alias of the KMS key.
KmsKeyId *string
// The proposed resource policy defining who can access or manage the secret.
SecretPolicy *string
// contains filtered or unexported fields
}
The configuration for a Secrets Manager secret. For more information, see CreateSecret (https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html) . You can propose a configuration for a new secret or an existing secret that you own by specifying the secret policy and optional KMS encryption key. If the configuration is for an existing secret and you do not specify the secret policy, the access preview uses the existing policy for the secret. If the access preview is for a new resource and you do not specify the policy, the access preview assumes a secret without a policy. To propose deletion of an existing policy, you can specify an empty string. If the proposed configuration is for a new secret and you do not specify the KMS key ID, the access preview uses the Amazon Web Services managed key aws/secretsmanager . If you specify an empty string for the KMS key ID, the access preview uses the Amazon Web Services managed key of the Amazon Web Services account. For more information about secret policy limits, see Quotas for Secrets Manager. (https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html) .
type ServiceQuotaExceededException ¶
type ServiceQuotaExceededException struct {
Message *string
ErrorCodeOverride *string
ResourceId *string
ResourceType *string
// contains filtered or unexported fields
}
Service quote met error.
func (*ServiceQuotaExceededException) Error ¶
func (e *ServiceQuotaExceededException) Error() string
func (*ServiceQuotaExceededException) ErrorCode ¶
func (e *ServiceQuotaExceededException) ErrorCode() string
func (*ServiceQuotaExceededException) ErrorFault ¶
func (e *ServiceQuotaExceededException) ErrorFault() smithy.ErrorFault
func (*ServiceQuotaExceededException) ErrorMessage ¶
func (e *ServiceQuotaExceededException) ErrorMessage() string
type SnsTopicConfiguration ¶ added in v1.17.0
type SnsTopicConfiguration struct {
// The JSON policy text that defines who can access an Amazon SNS topic. For more
// information, see Example cases for Amazon SNS access control (https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html)
// in the Amazon SNS Developer Guide.
TopicPolicy *string
// contains filtered or unexported fields
}
The proposed access control configuration for an Amazon SNS topic. You can propose a configuration for a new Amazon SNS topic or an existing Amazon SNS topic that you own by specifying the policy. If the configuration is for an existing Amazon SNS topic and you do not specify the Amazon SNS policy, then the access preview uses the existing Amazon SNS policy for the topic. If the access preview is for a new resource and you do not specify the policy, then the access preview assumes an Amazon SNS topic without a policy. To propose deletion of an existing Amazon SNS topic policy, you can specify an empty string for the Amazon SNS policy. For more information, see Topic (https://docs.aws.amazon.com/sns/latest/api/API_Topic.html) .
type SortCriteria ¶
type SortCriteria struct {
// The name of the attribute to sort on.
AttributeName *string
// The sort order, ascending or descending.
OrderBy OrderBy
// contains filtered or unexported fields
}
The criteria used to sort.
type Span ¶ added in v1.2.0
type Span struct {
// The end position of the span (exclusive).
//
// This member is required.
End *Position
// The start position of the span (inclusive).
//
// This member is required.
Start *Position
// contains filtered or unexported fields
}
A span in a policy. The span consists of a start position (inclusive) and end position (exclusive).
type SqsQueueConfiguration ¶ added in v1.2.0
type SqsQueueConfiguration struct {
// The proposed resource policy for the Amazon SQS queue.
QueuePolicy *string
// contains filtered or unexported fields
}
The proposed access control configuration for an Amazon SQS queue. You can propose a configuration for a new Amazon SQS queue or an existing Amazon SQS queue that you own by specifying the Amazon SQS policy. If the configuration is for an existing Amazon SQS queue and you do not specify the Amazon SQS policy, the access preview uses the existing Amazon SQS policy for the queue. If the access preview is for a new resource and you do not specify the policy, the access preview assumes an Amazon SQS queue without a policy. To propose deletion of an existing Amazon SQS queue policy, you can specify an empty string for the Amazon SQS policy. For more information about Amazon SQS policy limits, see Quotas related to policies (https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-policies.html) .
type StatusReason ¶
type StatusReason struct {
// The reason code for the current status of the analyzer.
//
// This member is required.
Code ReasonCode
// contains filtered or unexported fields
}
Provides more details about the current status of the analyzer. For example, if the creation for the analyzer fails, a Failed status is returned. For an analyzer with organization as the type, this failure can be due to an issue with creating the service-linked roles required in the member accounts of the Amazon Web Services organization.
type Substring ¶ added in v1.2.0
type Substring struct {
// The length of the substring.
//
// This member is required.
Length *int32
// The start index of the substring, starting from 0.
//
// This member is required.
Start *int32
// contains filtered or unexported fields
}
A reference to a substring of a literal string in a JSON document.
type ThrottlingException ¶
type ThrottlingException struct {
Message *string
ErrorCodeOverride *string
RetryAfterSeconds *int32
// contains filtered or unexported fields
}
Throttling limit exceeded error.
func (*ThrottlingException) Error ¶
func (e *ThrottlingException) Error() string
func (*ThrottlingException) ErrorCode ¶
func (e *ThrottlingException) ErrorCode() string
func (*ThrottlingException) ErrorFault ¶
func (e *ThrottlingException) ErrorFault() smithy.ErrorFault
func (*ThrottlingException) ErrorMessage ¶
func (e *ThrottlingException) ErrorMessage() string
type Trail ¶ added in v1.3.0
type Trail struct {
// Specifies the ARN of the trail. The format of a trail ARN is
// arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail .
//
// This member is required.
CloudTrailArn *string
// Possible values are true or false . If set to true , IAM Access Analyzer
// retrieves CloudTrail data from all regions to analyze and generate a policy.
AllRegions *bool
// A list of regions to get CloudTrail data from and analyze to generate a policy.
Regions []string
// contains filtered or unexported fields
}
Contains details about the CloudTrail trail being analyzed to generate a policy.
type TrailProperties ¶ added in v1.3.0
type TrailProperties struct {
// Specifies the ARN of the trail. The format of a trail ARN is
// arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail .
//
// This member is required.
CloudTrailArn *string
// Possible values are true or false . If set to true , IAM Access Analyzer
// retrieves CloudTrail data from all regions to analyze and generate a policy.
AllRegions *bool
// A list of regions to get CloudTrail data from and analyze to generate a policy.
Regions []string
// contains filtered or unexported fields
}
Contains details about the CloudTrail trail being analyzed to generate a policy.
type Type ¶
type Type string
type UnknownUnionMember ¶ added in v1.2.0
type UnknownUnionMember struct {
Tag string
Value []byte
// contains filtered or unexported fields
}
UnknownUnionMember is returned when a union member is returned over the wire, but has an unknown tag.
type UnprocessableEntityException ¶ added in v1.24.0
type UnprocessableEntityException struct {
Message *string
ErrorCodeOverride *string
// contains filtered or unexported fields
}
The specified entity could not be processed.
func (*UnprocessableEntityException) Error ¶ added in v1.24.0
func (e *UnprocessableEntityException) Error() string
func (*UnprocessableEntityException) ErrorCode ¶ added in v1.24.0
func (e *UnprocessableEntityException) ErrorCode() string
func (*UnprocessableEntityException) ErrorFault ¶ added in v1.24.0
func (e *UnprocessableEntityException) ErrorFault() smithy.ErrorFault
func (*UnprocessableEntityException) ErrorMessage ¶ added in v1.24.0
func (e *UnprocessableEntityException) ErrorMessage() string
type UnusedAccessConfiguration ¶ added in v1.24.0
type UnusedAccessConfiguration struct {
// The specified access age in days for which to generate findings for unused
// access. For example, if you specify 90 days, the analyzer will generate findings
// for IAM entities within the accounts of the selected organization for any access
// that hasn't been used in 90 or more days since the analyzer's last scan. You can
// choose a value between 1 and 180 days.
UnusedAccessAge *int32
// contains filtered or unexported fields
}
Contains information about an unused access analyzer.
type UnusedAction ¶ added in v1.24.0
type UnusedAction struct {
// The action for which the unused access finding was generated.
//
// This member is required.
Action *string
// The time at which the action was last accessed.
LastAccessed *time.Time
// contains filtered or unexported fields
}
Contains information about an unused access finding for an action. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing (https://aws.amazon.com/iam/access-analyzer/pricing) .
type UnusedIamRoleDetails ¶ added in v1.24.0
type UnusedIamRoleDetails struct {
// The time at which the role was last accessed.
LastAccessed *time.Time
// contains filtered or unexported fields
}
Contains information about an unused access finding for an IAM role. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing (https://aws.amazon.com/iam/access-analyzer/pricing) .
type UnusedIamUserAccessKeyDetails ¶ added in v1.24.0
type UnusedIamUserAccessKeyDetails struct {
// The ID of the access key for which the unused access finding was generated.
//
// This member is required.
AccessKeyId *string
// The time at which the access key was last accessed.
LastAccessed *time.Time
// contains filtered or unexported fields
}
Contains information about an unused access finding for an IAM user access key. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing (https://aws.amazon.com/iam/access-analyzer/pricing) .
type UnusedIamUserPasswordDetails ¶ added in v1.24.0
type UnusedIamUserPasswordDetails struct {
// The time at which the password was last accessed.
LastAccessed *time.Time
// contains filtered or unexported fields
}
Contains information about an unused access finding for an IAM user password. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing (https://aws.amazon.com/iam/access-analyzer/pricing) .
type UnusedPermissionDetails ¶ added in v1.24.0
type UnusedPermissionDetails struct {
// The namespace of the Amazon Web Services service that contains the unused
// actions.
//
// This member is required.
ServiceNamespace *string
// A list of unused actions for which the unused access finding was generated.
Actions []UnusedAction
// The time at which the permission last accessed.
LastAccessed *time.Time
// contains filtered or unexported fields
}
Contains information about an unused access finding for a permission. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see IAM Access Analyzer pricing (https://aws.amazon.com/iam/access-analyzer/pricing) .
type ValidatePolicyFinding ¶ added in v1.2.0
type ValidatePolicyFinding struct {
// A localized message that explains the finding and provides guidance on how to
// address it.
//
// This member is required.
FindingDetails *string
// The impact of the finding. Security warnings report when the policy allows
// access that we consider overly permissive. Errors report when a part of the
// policy is not functional. Warnings report non-security issues when a policy does
// not conform to policy writing best practices. Suggestions recommend stylistic
// improvements in the policy that do not impact access.
//
// This member is required.
FindingType ValidatePolicyFindingType
// The issue code provides an identifier of the issue associated with this finding.
//
// This member is required.
IssueCode *string
// A link to additional documentation about the type of finding.
//
// This member is required.
LearnMoreLink *string
// The list of locations in the policy document that are related to the finding.
// The issue code provides a summary of an issue identified by the finding.
//
// This member is required.
Locations []Location
// contains filtered or unexported fields
}
A finding in a policy. Each finding is an actionable recommendation that can be used to improve the policy.
type ValidatePolicyFindingType ¶ added in v1.2.0
type ValidatePolicyFindingType string
const ( ValidatePolicyFindingTypeError ValidatePolicyFindingType = "ERROR" ValidatePolicyFindingTypeSecurityWarning ValidatePolicyFindingType = "SECURITY_WARNING" ValidatePolicyFindingTypeSuggestion ValidatePolicyFindingType = "SUGGESTION" ValidatePolicyFindingTypeWarning ValidatePolicyFindingType = "WARNING" )
Enum values for ValidatePolicyFindingType
func (ValidatePolicyFindingType) Values ¶ added in v1.2.0
func (ValidatePolicyFindingType) Values() []ValidatePolicyFindingType
Values returns all known values for ValidatePolicyFindingType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type ValidatePolicyResourceType ¶ added in v1.10.0
type ValidatePolicyResourceType string
const ( ValidatePolicyResourceTypeS3Bucket ValidatePolicyResourceType = "AWS::S3::Bucket" ValidatePolicyResourceTypeS3AccessPoint ValidatePolicyResourceType = "AWS::S3::AccessPoint" ValidatePolicyResourceTypeS3MultiRegionAccessPoint ValidatePolicyResourceType = "AWS::S3::MultiRegionAccessPoint" ValidatePolicyResourceTypeS3ObjectLambdaAccessPoint ValidatePolicyResourceType = "AWS::S3ObjectLambda::AccessPoint" ValidatePolicyResourceTypeRoleTrust ValidatePolicyResourceType = "AWS::IAM::AssumeRolePolicyDocument" ValidatePolicyResourceTypeDynamodbTable ValidatePolicyResourceType = "AWS::DynamoDB::Table" )
Enum values for ValidatePolicyResourceType
func (ValidatePolicyResourceType) Values ¶ added in v1.10.0
func (ValidatePolicyResourceType) Values() []ValidatePolicyResourceType
Values returns all known values for ValidatePolicyResourceType. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type ValidationException ¶
type ValidationException struct {
Message *string
ErrorCodeOverride *string
Reason ValidationExceptionReason
FieldList []ValidationExceptionField
// contains filtered or unexported fields
}
Validation exception error.
func (*ValidationException) Error ¶
func (e *ValidationException) Error() string
func (*ValidationException) ErrorCode ¶
func (e *ValidationException) ErrorCode() string
func (*ValidationException) ErrorFault ¶
func (e *ValidationException) ErrorFault() smithy.ErrorFault
func (*ValidationException) ErrorMessage ¶
func (e *ValidationException) ErrorMessage() string
type ValidationExceptionField ¶
type ValidationExceptionField struct {
// A message about the validation exception.
//
// This member is required.
Message *string
// The name of the validation exception.
//
// This member is required.
Name *string
// contains filtered or unexported fields
}
Contains information about a validation exception.
type ValidationExceptionReason ¶
type ValidationExceptionReason string
const ( ValidationExceptionReasonUnknownOperation ValidationExceptionReason = "unknownOperation" ValidationExceptionReasonCannotParse ValidationExceptionReason = "cannotParse" ValidationExceptionReasonFieldValidationFailed ValidationExceptionReason = "fieldValidationFailed" ValidationExceptionReasonOther ValidationExceptionReason = "other" )
Enum values for ValidationExceptionReason
func (ValidationExceptionReason) Values ¶ added in v0.29.0
func (ValidationExceptionReason) Values() []ValidationExceptionReason
Values returns all known values for ValidationExceptionReason. Note that this can be expanded in the future, and so it is only as up to date as the client. The ordering of this slice is not guaranteed to be stable across updates.
type VpcConfiguration ¶ added in v1.2.0
type VpcConfiguration struct {
// If this field is specified, this access point will only allow connections from
// the specified VPC ID.
//
// This member is required.
VpcId *string
// contains filtered or unexported fields
}
The proposed virtual private cloud (VPC) configuration for the Amazon S3 access point. VPC configuration does not apply to multi-region access points. For more information, see VpcConfiguration (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_VpcConfiguration.html) .
Source Files