types

type AccessControlList struct {

	// Specifies whether the ACL grants the general public with read access
	// permissions for the bucket.
	AllowsPublicReadAccess *bool

	// Specifies whether the ACL grants the general public with write access
	// permissions for the bucket.
	AllowsPublicWriteAccess *bool
	// contains filtered or unexported fields
}

type AccessDeniedException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type AccountDetail struct {

	// The Amazon Web Services account ID for the account.
	//
	// This member is required.
	AccountId *string

	// The email address for the account.
	//
	// This member is required.
	Email *string
	// contains filtered or unexported fields
}

type AccountLevelPermissions struct {

	// The block public access settings for the Amazon Web Services account that owns
	// the bucket.
	BlockPublicAccess *BlockPublicAccess
	// contains filtered or unexported fields
}

type AdminAccount struct {

	// The Amazon Web Services account ID for the account.
	AccountId *string

	// The current status of the account as the delegated Amazon Macie administrator
	// account for the organization.
	Status AdminStatus
	// contains filtered or unexported fields
}

type AdminStatus string

type AllowListCriteria struct {

	// The regular expression (regex) that defines the text pattern to ignore. The
	// expression can contain as many as 512 characters.
	Regex *string

	// The location and name of the S3 object that lists specific text to ignore.
	S3WordsList *S3WordsList
	// contains filtered or unexported fields
}

type AllowListStatus struct {

	// The current status of the allow list. If the list's criteria specify a regular
	// expression (regex), this value is typically OK. Amazon Macie can compile the
	// expression. If the list's criteria specify an S3 object, possible values are:
	//   - OK - Macie can retrieve and parse the contents of the object.
	//   - S3_OBJECT_ACCESS_DENIED - Macie isn't allowed to access the object or the
	//   object is encrypted with a customer managed KMS key that Macie isn't allowed to
	//   use. Check the bucket policy and other permissions settings for the bucket and
	//   the object. If the object is encrypted, also ensure that it's encrypted with a
	//   key that Macie is allowed to use.
	//   - S3_OBJECT_EMPTY - Macie can retrieve the object but the object doesn't
	//   contain any content. Ensure that the object contains the correct entries. Also
	//   ensure that the list's criteria specify the correct bucket and object names.
	//   - S3_OBJECT_NOT_FOUND - The object doesn't exist in Amazon S3. Ensure that
	//   the list's criteria specify the correct bucket and object names.
	//   - S3_OBJECT_OVERSIZE - Macie can retrieve the object. However, the object
	//   contains too many entries or its storage size exceeds the quota for an allow
	//   list. Try breaking the list into multiple files and ensure that each file
	//   doesn't exceed any quotas. Then configure list settings in Macie for each file.
	//   - S3_THROTTLED - Amazon S3 throttled the request to retrieve the object. Wait
	//   a few minutes and then try again.
	//   - S3_USER_ACCESS_DENIED - Amazon S3 denied the request to retrieve the
	//   object. If the specified object exists, you're not allowed to access it or it's
	//   encrypted with an KMS key that you're not allowed to use. Work with your Amazon
	//   Web Services administrator to ensure that the list's criteria specify the
	//   correct bucket and object names, and you have read access to the bucket and the
	//   object. If the object is encrypted, also ensure that it's encrypted with a key
	//   that you're allowed to use.
	//   - UNKNOWN_ERROR - A transient or internal error occurred when Macie attempted
	//   to retrieve or parse the object. Wait a few minutes and then try again. A list
	//   can also have this status if it's encrypted with a key that Amazon S3 and Macie
	//   can't access or use.
	//
	// This member is required.
	Code AllowListStatusCode

	// A brief description of the status of the allow list. Amazon Macie uses this
	// value to provide additional information about an error that occurred when Macie
	// tried to access and use the list's criteria.
	Description *string
	// contains filtered or unexported fields
}

type AllowListStatusCode string

type AllowListSummary struct {

	// The Amazon Resource Name (ARN) of the allow list.
	Arn *string

	// The date and time, in UTC and extended ISO 8601 format, when the allow list was
	// created in Amazon Macie.
	CreatedAt *time.Time

	// The custom description of the allow list.
	Description *string

	// The unique identifier for the allow list.
	Id *string

	// The custom name of the allow list.
	Name *string

	// The date and time, in UTC and extended ISO 8601 format, when the allow list's
	// settings were most recently changed in Amazon Macie.
	UpdatedAt *time.Time
	// contains filtered or unexported fields
}

type AllowsUnencryptedObjectUploads string

type ApiCallDetails struct {

	// The name of the operation that was invoked most recently and produced the
	// finding.
	Api *string

	// The URL of the Amazon Web Service that provides the operation, for example:
	// s3.amazonaws.com.
	ApiServiceName *string

	// The first date and time, in UTC and extended ISO 8601 format, when any
	// operation was invoked and produced the finding.
	FirstSeen *time.Time

	// The most recent date and time, in UTC and extended ISO 8601 format, when the
	// specified operation (api) was invoked and produced the finding.
	LastSeen *time.Time
	// contains filtered or unexported fields
}

type AssumedRole struct {

	// The Amazon Web Services access key ID that identifies the credentials.
	AccessKeyId *string

	// The unique identifier for the Amazon Web Services account that owns the entity
	// that was used to get the credentials.
	AccountId *string

	// The Amazon Resource Name (ARN) of the entity that was used to get the
	// credentials.
	Arn *string

	// The unique identifier for the entity that was used to get the credentials.
	PrincipalId *string

	// The details of the session that was created for the credentials, including the
	// entity that issued the session.
	SessionContext *SessionContext
	// contains filtered or unexported fields
}

type AutomatedDiscoveryStatus string

type AvailabilityCode string

type AwsAccount struct {

	// The unique identifier for the Amazon Web Services account.
	AccountId *string

	// The unique identifier for the entity that performed the action.
	PrincipalId *string
	// contains filtered or unexported fields
}

type AwsService struct {

	// The name of the Amazon Web Service that performed the action.
	InvokedBy *string
	// contains filtered or unexported fields
}

type BatchGetCustomDataIdentifierSummary struct {

	// The Amazon Resource Name (ARN) of the custom data identifier.
	Arn *string

	// The date and time, in UTC and extended ISO 8601 format, when the custom data
	// identifier was created.
	CreatedAt *time.Time

	// Specifies whether the custom data identifier was deleted. If you delete a
	// custom data identifier, Amazon Macie doesn't delete it permanently. Instead, it
	// soft deletes the identifier.
	Deleted *bool

	// The custom description of the custom data identifier.
	Description *string

	// The unique identifier for the custom data identifier.
	Id *string

	// The custom name of the custom data identifier.
	Name *string
	// contains filtered or unexported fields
}

type BlockPublicAccess struct {

	// Specifies whether Amazon S3 blocks public access control lists (ACLs) for the
	// bucket and objects in the bucket.
	BlockPublicAcls *bool

	// Specifies whether Amazon S3 blocks public bucket policies for the bucket.
	BlockPublicPolicy *bool

	// Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in
	// the bucket.
	IgnorePublicAcls *bool

	// Specifies whether Amazon S3 restricts public bucket policies for the bucket.
	RestrictPublicBuckets *bool
	// contains filtered or unexported fields
}

type BucketCountByEffectivePermission struct {

	// The total number of buckets that allow the general public to have read or write
	// access to the bucket.
	PubliclyAccessible *int64

	// The total number of buckets that allow the general public to have read access
	// to the bucket.
	PubliclyReadable *int64

	// The total number of buckets that allow the general public to have write access
	// to the bucket.
	PubliclyWritable *int64

	// The total number of buckets that Amazon Macie wasn't able to evaluate
	// permissions settings for. Macie can't determine whether these buckets are
	// publicly accessible.
	Unknown *int64
	// contains filtered or unexported fields
}

type BucketCountByEncryptionType struct {

	// The total number of buckets whose default encryption settings are configured to
	// encrypt new objects with an KMS key, either an Amazon Web Services managed key
	// or a customer managed key. By default, these buckets encrypt new objects
	// automatically using DSSE-KMS or SSE-KMS encryption.
	KmsManaged *int64

	// The total number of buckets whose default encryption settings are configured to
	// encrypt new objects with an Amazon S3 managed key. By default, these buckets
	// encrypt new objects automatically using SSE-S3 encryption.
	S3Managed *int64

	// The total number of buckets that don't specify default server-side encryption
	// behavior for new objects. Default encryption settings aren't configured for
	// these buckets.
	Unencrypted *int64

	// The total number of buckets that Amazon Macie doesn't have current encryption
	// metadata for. Macie can't provide current data about the default encryption
	// settings for these buckets.
	Unknown *int64
	// contains filtered or unexported fields
}

type BucketCountBySharedAccessType struct {

	// The total number of buckets that are shared with one or more of the following
	// or any combination of the following: an Amazon CloudFront OAI, a CloudFront OAC,
	// or an Amazon Web Services account that isn't in the same Amazon Macie
	// organization.
	External *int64

	// The total number of buckets that are shared with one or more Amazon Web
	// Services accounts in the same Amazon Macie organization. These buckets aren't
	// shared with Amazon CloudFront OAIs or OACs.
	Internal *int64

	// The total number of buckets that aren't shared with other Amazon Web Services
	// accounts, Amazon CloudFront OAIs, or CloudFront OACs.
	NotShared *int64

	// The total number of buckets that Amazon Macie wasn't able to evaluate shared
	// access settings for. Macie can't determine whether these buckets are shared with
	// other Amazon Web Services accounts, Amazon CloudFront OAIs, or CloudFront OACs.
	Unknown *int64
	// contains filtered or unexported fields
}

type BucketCountPolicyAllowsUnencryptedObjectUploads struct {

	// The total number of buckets that don't have a bucket policy or have a bucket
	// policy that doesn't require server-side encryption of new objects. If a bucket
	// policy exists, the policy doesn't require PutObject requests to include a valid
	// server-side encryption header: the x-amz-server-side-encryption header with a
	// value of AES256 or aws:kms, or the
	// x-amz-server-side-encryption-customer-algorithm header with a value of AES256.
	AllowsUnencryptedObjectUploads *int64

	// The total number of buckets whose bucket policies require server-side
	// encryption of new objects. PutObject requests for these buckets must include a
	// valid server-side encryption header: the x-amz-server-side-encryption header
	// with a value of AES256 or aws:kms, or the
	// x-amz-server-side-encryption-customer-algorithm header with a value of AES256.
	DeniesUnencryptedObjectUploads *int64

	// The total number of buckets that Amazon Macie wasn't able to evaluate
	// server-side encryption requirements for. Macie can't determine whether the
	// bucket policies for these buckets require server-side encryption of new objects.
	Unknown *int64
	// contains filtered or unexported fields
}

type BucketCriteriaAdditionalProperties struct {

	// The value for the property matches (equals) the specified value. If you specify
	// multiple values, Amazon Macie uses OR logic to join the values.
	Eq []string

	// The value for the property is greater than the specified value.
	Gt *int64

	// The value for the property is greater than or equal to the specified value.
	Gte *int64

	// The value for the property is less than the specified value.
	Lt *int64

	// The value for the property is less than or equal to the specified value.
	Lte *int64

	// The value for the property doesn't match (doesn't equal) the specified value.
	// If you specify multiple values, Amazon Macie uses OR logic to join the values.
	Neq []string

	// The name of the bucket begins with the specified value.
	Prefix *string
	// contains filtered or unexported fields
}

type BucketLevelPermissions struct {

	// The permissions settings of the access control list (ACL) for the bucket. This
	// value is null if an ACL hasn't been defined for the bucket.
	AccessControlList *AccessControlList

	// The block public access settings for the bucket.
	BlockPublicAccess *BlockPublicAccess

	// The permissions settings of the bucket policy for the bucket. This value is
	// null if a bucket policy hasn't been defined for the bucket.
	BucketPolicy *BucketPolicy
	// contains filtered or unexported fields
}

type BucketMetadata struct {

	// The unique identifier for the Amazon Web Services account that owns the bucket.
	AccountId *string

	// Specifies whether the bucket policy for the bucket requires server-side
	// encryption of objects when objects are added to the bucket. Possible values are:
	//
	//   - FALSE - The bucket policy requires server-side encryption of new objects.
	//   PutObject requests must include a valid server-side encryption header.
	//   - TRUE - The bucket doesn't have a bucket policy or it has a bucket policy
	//   that doesn't require server-side encryption of new objects. If a bucket policy
	//   exists, it doesn't require PutObject requests to include a valid server-side
	//   encryption header.
	//   - UNKNOWN - Amazon Macie can't determine whether the bucket policy requires
	//   server-side encryption of new objects.
	// Valid server-side encryption headers are: x-amz-server-side-encryption with a
	// value of AES256 or aws:kms, and x-amz-server-side-encryption-customer-algorithm
	// with a value of AES256.
	AllowsUnencryptedObjectUploads AllowsUnencryptedObjectUploads

	// The Amazon Resource Name (ARN) of the bucket.
	BucketArn *string

	// The date and time, in UTC and extended ISO 8601 format, when the bucket was
	// created. This value can also indicate when changes such as edits to the bucket's
	// policy were most recently made to the bucket.
	BucketCreatedAt *time.Time

	// The name of the bucket.
	BucketName *string

	// The total number of objects that Amazon Macie can analyze in the bucket. These
	// objects use a supported storage class and have a file name extension for a
	// supported file or storage format.
	ClassifiableObjectCount *int64

	// The total storage size, in bytes, of the objects that Amazon Macie can analyze
	// in the bucket. These objects use a supported storage class and have a file name
	// extension for a supported file or storage format. If versioning is enabled for
	// the bucket, Macie calculates this value based on the size of the latest version
	// of each applicable object in the bucket. This value doesn't reflect the storage
	// size of all versions of each applicable object in the bucket.
	ClassifiableSizeInBytes *int64

	// The error code for an error that prevented Amazon Macie from retrieving and
	// processing information about the bucket and the bucket's objects. If this value
	// is ACCESS_DENIED, Macie doesn't have permission to retrieve the information. For
	// example, the bucket has a restrictive bucket policy and Amazon S3 denied the
	// request. If this value is null, Macie was able to retrieve and process the
	// information.
	ErrorCode BucketMetadataErrorCode

	// A brief description of the error (errorCode) that prevented Amazon Macie from
	// retrieving and processing information about the bucket and the bucket's objects.
	// This value is null if Macie was able to retrieve and process the information.
	ErrorMessage *string

	// Specifies whether any one-time or recurring classification jobs are configured
	// to analyze data in the bucket, and, if so, the details of the job that ran most
	// recently.
	JobDetails *JobDetails

	// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most
	// recently analyzed data in the bucket while performing automated sensitive data
	// discovery for your account. This value is null if automated sensitive data
	// discovery is currently disabled for your account.
	LastAutomatedDiscoveryTime *time.Time

	// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most
	// recently retrieved bucket or object metadata from Amazon S3 for the bucket.
	LastUpdated *time.Time

	// The total number of objects in the bucket.
	ObjectCount *int64

	// The total number of objects in the bucket, grouped by server-side encryption
	// type. This includes a grouping that reports the total number of objects that
	// aren't encrypted or use client-side encryption.
	ObjectCountByEncryptionType *ObjectCountByEncryptionType

	// Specifies whether the bucket is publicly accessible due to the combination of
	// permissions settings that apply to the bucket, and provides information about
	// those settings.
	PublicAccess *BucketPublicAccess

	// The Amazon Web Services Region that hosts the bucket.
	Region *string

	// Specifies whether the bucket is configured to replicate one or more objects to
	// buckets for other Amazon Web Services accounts and, if so, which accounts.
	ReplicationDetails *ReplicationDetails

	// The sensitivity score for the bucket, ranging from -1 (classification error) to
	// 100 (sensitive). This value is null if automated sensitive data discovery is
	// currently disabled for your account.
	SensitivityScore *int32

	// The default server-side encryption settings for the bucket.
	ServerSideEncryption *BucketServerSideEncryption

	// Specifies whether the bucket is shared with another Amazon Web Services
	// account, an Amazon CloudFront origin access identity (OAI), or a CloudFront
	// origin access control (OAC). Possible values are:
	//   - EXTERNAL - The bucket is shared with one or more of the following or any
	//   combination of the following: a CloudFront OAI, a CloudFront OAC, or an Amazon
	//   Web Services account that isn't part of your Amazon Macie organization.
	//   - INTERNAL - The bucket is shared with one or more Amazon Web Services
	//   accounts that are part of your Amazon Macie organization. It isn't shared with a
	//   CloudFront OAI or OAC.
	//   - NOT_SHARED - The bucket isn't shared with another Amazon Web Services
	//   account, a CloudFront OAI, or a CloudFront OAC.
	//   - UNKNOWN - Amazon Macie wasn't able to evaluate the shared access settings
	//   for the bucket.
	// An Amazon Macie organization is a set of Macie accounts that are centrally
	// managed as a group of related accounts through Organizations or by Macie
	// invitation.
	SharedAccess SharedAccess

	// The total storage size, in bytes, of the bucket. If versioning is enabled for
	// the bucket, Amazon Macie calculates this value based on the size of the latest
	// version of each object in the bucket. This value doesn't reflect the storage
	// size of all versions of each object in the bucket.
	SizeInBytes *int64

	// The total storage size, in bytes, of the objects that are compressed (.gz,
	// .gzip, .zip) files in the bucket. If versioning is enabled for the bucket,
	// Amazon Macie calculates this value based on the size of the latest version of
	// each applicable object in the bucket. This value doesn't reflect the storage
	// size of all versions of each applicable object in the bucket.
	SizeInBytesCompressed *int64

	// An array that specifies the tags (keys and values) that are associated with the
	// bucket.
	Tags []KeyValuePair

	// The total number of objects that Amazon Macie can't analyze in the bucket.
	// These objects don't use a supported storage class or don't have a file name
	// extension for a supported file or storage format.
	UnclassifiableObjectCount *ObjectLevelStatistics

	// The total storage size, in bytes, of the objects that Amazon Macie can't
	// analyze in the bucket. These objects don't use a supported storage class or
	// don't have a file name extension for a supported file or storage format.
	UnclassifiableObjectSizeInBytes *ObjectLevelStatistics

	// Specifies whether versioning is enabled for the bucket.
	Versioning *bool
	// contains filtered or unexported fields
}

type BucketMetadataErrorCode string

type BucketPermissionConfiguration struct {

	// The account-level permissions settings that apply to the bucket.
	AccountLevelPermissions *AccountLevelPermissions

	// The bucket-level permissions settings for the bucket.
	BucketLevelPermissions *BucketLevelPermissions
	// contains filtered or unexported fields
}

type BucketPolicy struct {

	// Specifies whether the bucket policy allows the general public to have read
	// access to the bucket.
	AllowsPublicReadAccess *bool

	// Specifies whether the bucket policy allows the general public to have write
	// access to the bucket.
	AllowsPublicWriteAccess *bool
	// contains filtered or unexported fields
}

type BucketPublicAccess struct {

	// Specifies whether the bucket is publicly accessible due to the combination of
	// permissions settings that apply to the bucket. Possible values are:
	//   - NOT_PUBLIC - The bucket isn't publicly accessible.
	//   - PUBLIC - The bucket is publicly accessible.
	//   - UNKNOWN - Amazon Macie can't determine whether the bucket is publicly
	//   accessible.
	EffectivePermission EffectivePermission

	// The account-level and bucket-level permissions settings for the bucket.
	PermissionConfiguration *BucketPermissionConfiguration
	// contains filtered or unexported fields
}

type BucketServerSideEncryption struct {

	// The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS key
	// that's used by default to encrypt objects that are added to the bucket. This
	// value is null if the bucket is configured to use an Amazon S3 managed key to
	// encrypt new objects.
	KmsMasterKeyId *string

	// The server-side encryption algorithm that's used by default to encrypt objects
	// that are added to the bucket. Possible values are:
	//   - AES256 - New objects use SSE-S3 encryption. They're encrypted with an
	//   Amazon S3 managed key.
	//   - aws:kms - New objects use SSE-KMS encryption. They're encrypted with an KMS
	//   key (kmsMasterKeyId), either an Amazon Web Services managed key or a customer
	//   managed key.
	//   - aws:kms:dsse - New objects use DSSE-KMS encryption. They're encrypted with
	//   an KMS key (kmsMasterKeyId), either an Amazon Web Services managed key or a
	//   customer managed key.
	//   - NONE - The bucket's default encryption settings don't specify server-side
	//   encryption behavior for new objects.
	Type Type
	// contains filtered or unexported fields
}

type BucketSortCriteria struct {

	// The name of the bucket property to sort the results by. This value can be one
	// of the following properties that Amazon Macie defines as bucket metadata:
	// accountId, bucketName, classifiableObjectCount, classifiableSizeInBytes,
	// objectCount, sensitivityScore, or sizeInBytes.
	AttributeName *string

	// The sort order to apply to the results, based on the value specified by the
	// attributeName property. Valid values are: ASC, sort the results in ascending
	// order; and, DESC, sort the results in descending order.
	OrderBy OrderBy
	// contains filtered or unexported fields
}

type BucketStatisticsBySensitivity struct {

	// The aggregated statistical data for all buckets that have a sensitivity score
	// of -1.
	ClassificationError *SensitivityAggregations

	// The aggregated statistical data for all buckets that have a sensitivity score
	// of 50.
	NotClassified *SensitivityAggregations

	// The aggregated statistical data for all buckets that have a sensitivity score
	// of 1-49.
	NotSensitive *SensitivityAggregations

	// The aggregated statistical data for all buckets that have a sensitivity score
	// of 51-100.
	Sensitive *SensitivityAggregations
	// contains filtered or unexported fields
}

type Cell struct {

	// The location of the cell, as an absolute cell reference, that contains the
	// sensitive data, for example Sheet2!C5 for cell C5 on Sheet2 in a Microsoft Excel
	// workbook. This value is null for CSV and TSV files.
	CellReference *string

	// The column number of the column that contains the sensitive data. For a
	// Microsoft Excel workbook, this value correlates to the alphabetical character(s)
	// for a column identifier, for example: 1 for column A, 2 for column B, and so on.
	Column *int64

	// The name of the column that contains the sensitive data, if available.
	ColumnName *string

	// The row number of the row that contains the sensitive data.
	Row *int64
	// contains filtered or unexported fields
}

type ClassificationDetails struct {

	// The path to the folder or file in Amazon S3 that contains the corresponding
	// sensitive data discovery result for the finding. If a finding applies to a large
	// archive or compressed file, this value is the path to a folder. Otherwise, this
	// value is the path to a file.
	DetailedResultsLocation *string

	// The Amazon Resource Name (ARN) of the classification job that produced the
	// finding. This value is null if the origin of the finding (originType) is
	// AUTOMATED_SENSITIVE_DATA_DISCOVERY.
	JobArn *string

	// The unique identifier for the classification job that produced the finding.
	// This value is null if the origin of the finding (originType) is
	// AUTOMATED_SENSITIVE_DATA_DISCOVERY.
	JobId *string

	// Specifies how Amazon Macie found the sensitive data that produced the finding.
	// Possible values are: SENSITIVE_DATA_DISCOVERY_JOB, for a classification job;
	// and, AUTOMATED_SENSITIVE_DATA_DISCOVERY, for automated sensitive data discovery.
	OriginType OriginType

	// The status and other details of the finding.
	Result *ClassificationResult
	// contains filtered or unexported fields
}

type ClassificationExportConfiguration struct {

	// The S3 bucket to store data classification results in, and the encryption
	// settings to use when storing results in that bucket.
	S3Destination *S3Destination
	// contains filtered or unexported fields
}

type ClassificationResult struct {

	// Specifies whether Amazon Macie detected additional occurrences of sensitive
	// data in the S3 object. A finding includes location data for a maximum of 15
	// occurrences of sensitive data. This value can help you determine whether to
	// investigate additional occurrences of sensitive data in an object. You can do
	// this by referring to the corresponding sensitive data discovery result for the
	// finding (classificationDetails.detailedResultsLocation).
	AdditionalOccurrences *bool

	// The custom data identifiers that detected the sensitive data and the number of
	// occurrences of the data that they detected.
	CustomDataIdentifiers *CustomDataIdentifiers

	// The type of content, as a MIME type, that the finding applies to. For example,
	// application/gzip, for a GNU Gzip compressed archive file, or application/pdf,
	// for an Adobe Portable Document Format file.
	MimeType *string

	// The category, types, and number of occurrences of the sensitive data that
	// produced the finding.
	SensitiveData []SensitiveDataItem

	// The total size, in bytes, of the data that the finding applies to.
	SizeClassified *int64

	// The status of the finding.
	Status *ClassificationResultStatus
	// contains filtered or unexported fields
}

type ClassificationResultStatus struct {

	// The status of the finding. Possible values are:
	//   - COMPLETE - Amazon Macie successfully completed its analysis of the S3
	//   object that the finding applies to.
	//   - PARTIAL - Macie analyzed only a subset of the data in the S3 object that
	//   the finding applies to. For example, the object is an archive file that contains
	//   files in an unsupported format.
	//   - SKIPPED - Macie wasn't able to analyze the S3 object that the finding
	//   applies to. For example, the object is a file that uses an unsupported format.
	Code *string

	// A brief description of the status of the finding. This value is null if the
	// status (code) of the finding is COMPLETE. Amazon Macie uses this value to notify
	// you of any errors, warnings, or considerations that might impact your analysis
	// of the finding and the affected S3 object. Possible values are:
	//   - ARCHIVE_CONTAINS_UNPROCESSED_FILES - The object is an archive file and
	//   Macie extracted and analyzed only some or none of the files in the archive. To
	//   determine which files Macie analyzed, if any, refer to the corresponding
	//   sensitive data discovery result for the finding
	//   (classificationDetails.detailedResultsLocation).
	//   - ARCHIVE_EXCEEDS_SIZE_LIMIT - The object is an archive file whose total
	//   storage size exceeds the size quota for this type of archive.
	//   - ARCHIVE_NESTING_LEVEL_OVER_LIMIT - The object is an archive file whose
	//   nested depth exceeds the quota for the maximum number of nested levels that
	//   Macie analyzes for this type of archive.
	//   - ARCHIVE_TOTAL_BYTES_EXTRACTED_OVER_LIMIT - The object is an archive file
	//   that exceeds the quota for the maximum amount of data that Macie extracts and
	//   analyzes for this type of archive.
	//   - ARCHIVE_TOTAL_DOCUMENTS_PROCESSED_OVER_LIMIT - The object is an archive
	//   file that contains more than the maximum number of files that Macie extracts and
	//   analyzes for this type of archive.
	//   - FILE_EXCEEDS_SIZE_LIMIT - The storage size of the object exceeds the size
	//   quota for this type of file.
	//   - INVALID_ENCRYPTION - The object is encrypted using server-side encryption
	//   but Macie isn't allowed to use the key. Macie can't decrypt and analyze the
	//   object.
	//   - INVALID_KMS_KEY - The object is encrypted with an KMS key that was disabled
	//   or is being deleted. Macie can't decrypt and analyze the object.
	//   - INVALID_OBJECT_STATE - The object doesn't use a supported Amazon S3 storage
	//   class.
	//   - JSON_NESTING_LEVEL_OVER_LIMIT - The object contains JSON data and the
	//   nested depth of the data exceeds the quota for the number of nested levels that
	//   Macie analyzes for this type of file.
	//   - MALFORMED_FILE - The object is a malformed or corrupted file. An error
	//   occurred when Macie attempted to detect the file's type or extract data from the
	//   file.
	//   - MALFORMED_OR_FILE_SIZE_EXCEEDS_LIMIT - The object is a Microsoft Office
	//   file that is malformed or exceeds the size quota for this type of file. If the
	//   file is malformed, an error occurred when Macie attempted to extract data from
	//   the file.
	//   - NO_SUCH_BUCKET_AVAILABLE - The object was in a bucket that was deleted
	//   shortly before or when Macie attempted to analyze the object.
	//   - OBJECT_VERSION_MISMATCH - The object was changed while Macie was analyzing
	//   it.
	//   - OOXML_UNCOMPRESSED_RATIO_EXCEEDS_LIMIT - The object is an Office Open XML
	//   file whose compression ratio exceeds the compression quota for this type of
	//   file.
	//   - OOXML_UNCOMPRESSED_SIZE_EXCEEDS_LIMIT - The object is an Office Open XML
	//   file that exceeds the size quota for this type of file.
	//   - PERMISSION_DENIED - Macie isn't allowed to access the object. The object's
	//   permissions settings prevent Macie from analyzing the object.
	//   - SOURCE_OBJECT_NO_LONGER_AVAILABLE - The object was deleted shortly before
	//   or when Macie attempted to analyze it.
	//   - TIME_CUT_OFF_REACHED - Macie started analyzing the object but additional
	//   analysis would exceed the time quota for analyzing an object.
	//   - UNABLE_TO_PARSE_FILE - The object is a file that contains structured data
	//   and an error occurred when Macie attempted to parse the data.
	//   - UNSUPPORTED_FILE_TYPE_EXCEPTION - The object is a file that uses an
	//   unsupported file or storage format.
	// For information about quotas, supported storage classes, and supported file and
	// storage formats, see Quotas (https://docs.aws.amazon.com/macie/latest/user/macie-quotas.html)
	// and Supported storage classes and formats (https://docs.aws.amazon.com/macie/latest/user/discovery-supported-storage.html)
	// in the Amazon Macie User Guide.
	Reason *string
	// contains filtered or unexported fields
}

type ClassificationScopeSummary struct {

	// The unique identifier for the classification scope.
	Id *string

	// The name of the classification scope: automated-sensitive-data-discovery.
	Name *string
	// contains filtered or unexported fields
}

type ClassificationScopeUpdateOperation string

type ConflictException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type CriteriaBlockForJob struct {

	// An array of conditions, one for each condition that determines which buckets to
	// include or exclude from the job. If you specify more than one condition, Amazon
	// Macie uses AND logic to join the conditions.
	And []CriteriaForJob
	// contains filtered or unexported fields
}

type CriteriaForJob struct {

	// A property-based condition that defines a property, operator, and one or more
	// values for including or excluding buckets from the job.
	SimpleCriterion *SimpleCriterionForJob

	// A tag-based condition that defines an operator and tag keys, tag values, or tag
	// key and value pairs for including or excluding buckets from the job.
	TagCriterion *TagCriterionForJob
	// contains filtered or unexported fields
}

type CriterionAdditionalProperties struct {

	// The value for the property matches (equals) the specified value. If you specify
	// multiple values, Macie uses OR logic to join the values.
	Eq []string

	// The value for the property exclusively matches (equals an exact match for) all
	// the specified values. If you specify multiple values, Amazon Macie uses AND
	// logic to join the values. You can use this operator with the following
	// properties: customDataIdentifiers.detections.arn,
	// customDataIdentifiers.detections.name, resourcesAffected.s3Bucket.tags.key,
	// resourcesAffected.s3Bucket.tags.value, resourcesAffected.s3Object.tags.key,
	// resourcesAffected.s3Object.tags.value, sensitiveData.category, and
	// sensitiveData.detections.type.
	EqExactMatch []string

	// The value for the property is greater than the specified value.
	Gt *int64

	// The value for the property is greater than or equal to the specified value.
	Gte *int64

	// The value for the property is less than the specified value.
	Lt *int64

	// The value for the property is less than or equal to the specified value.
	Lte *int64

	// The value for the property doesn't match (doesn't equal) the specified value.
	// If you specify multiple values, Macie uses OR logic to join the values.
	Neq []string
	// contains filtered or unexported fields
}

type Currency string

type CustomDataIdentifierSummary struct {

	// The Amazon Resource Name (ARN) of the custom data identifier.
	Arn *string

	// The date and time, in UTC and extended ISO 8601 format, when the custom data
	// identifier was created.
	CreatedAt *time.Time

	// The custom description of the custom data identifier.
	Description *string

	// The unique identifier for the custom data identifier.
	Id *string

	// The custom name of the custom data identifier.
	Name *string
	// contains filtered or unexported fields
}

type CustomDataIdentifiers struct {

	// The custom data identifiers that detected the data, and the number of
	// occurrences of the data that each identifier detected.
	Detections []CustomDetection

	// The total number of occurrences of the data that was detected by the custom
	// data identifiers and produced the finding.
	TotalCount *int64
	// contains filtered or unexported fields
}

type CustomDetection struct {

	// The unique identifier for the custom data identifier.
	Arn *string

	// The total number of occurrences of the sensitive data that the custom data
	// identifier detected.
	Count *int64

	// The name of the custom data identifier.
	Name *string

	// The location of 1-15 occurrences of the sensitive data that the custom data
	// identifier detected. A finding includes location data for a maximum of 15
	// occurrences of sensitive data.
	Occurrences *Occurrences
	// contains filtered or unexported fields
}

type DailySchedule struct {
	// contains filtered or unexported fields
}

type DataIdentifierSeverity string

type DataIdentifierType string

type DayOfWeek string

type DefaultDetection struct {

	// The total number of occurrences of the type of sensitive data that was detected.
	Count *int64

	// The location of 1-15 occurrences of the sensitive data that was detected. A
	// finding includes location data for a maximum of 15 occurrences of sensitive
	// data.
	Occurrences *Occurrences

	// The type of sensitive data that was detected. For example, AWS_CREDENTIALS,
	// PHONE_NUMBER, or ADDRESS.
	Type *string
	// contains filtered or unexported fields
}

type DetectedDataDetails struct {

	// An occurrence of the specified type of sensitive data. Each occurrence contains
	// 1-128 characters.
	//
	// This member is required.
	Value *string
	// contains filtered or unexported fields
}

type Detection struct {

	// If the sensitive data was detected by a custom data identifier, the Amazon
	// Resource Name (ARN) of the custom data identifier that detected the data.
	// Otherwise, this value is null.
	Arn *string

	// The total number of occurrences of the sensitive data.
	Count *int64

	// The unique identifier for the custom data identifier or managed data identifier
	// that detected the sensitive data. For additional details about a specified
	// managed data identifier, see Using managed data identifiers (https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html)
	// in the Amazon Macie User Guide.
	Id *string

	// The name of the custom data identifier or managed data identifier that detected
	// the sensitive data. For a managed data identifier, this value is the same as the
	// unique identifier (id).
	Name *string

	// Specifies whether occurrences of this type of sensitive data are excluded
	// (true) or included (false) in the bucket's sensitivity score.
	Suppressed *bool

	// The type of data identifier that detected the sensitive data. Possible values
	// are: CUSTOM, for a custom data identifier; and, MANAGED, for a managed data
	// identifier.
	Type DataIdentifierType
	// contains filtered or unexported fields
}

type DomainDetails struct {

	// The name of the domain.
	DomainName *string
	// contains filtered or unexported fields
}

type EffectivePermission string

type EncryptionType string

type ErrorCode string

type FederatedUser struct {

	// The Amazon Web Services access key ID that identifies the credentials.
	AccessKeyId *string

	// The unique identifier for the Amazon Web Services account that owns the entity
	// that was used to get the credentials.
	AccountId *string

	// The Amazon Resource Name (ARN) of the entity that was used to get the
	// credentials.
	Arn *string

	// The unique identifier for the entity that was used to get the credentials.
	PrincipalId *string

	// The details of the session that was created for the credentials, including the
	// entity that issued the session.
	SessionContext *SessionContext
	// contains filtered or unexported fields
}

type Finding struct {

	// The unique identifier for the Amazon Web Services account that the finding
	// applies to. This is typically the account that owns the affected resource.
	AccountId *string

	// Specifies whether the finding is archived (suppressed).
	Archived *bool

	// The category of the finding. Possible values are: CLASSIFICATION, for a
	// sensitive data finding; and, POLICY, for a policy finding.
	Category FindingCategory

	// The details of a sensitive data finding. This value is null for a policy
	// finding.
	ClassificationDetails *ClassificationDetails

	// The total number of occurrences of the finding. For sensitive data findings,
	// this value is always 1. All sensitive data findings are considered unique.
	Count *int64

	// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie
	// created the finding.
	CreatedAt *time.Time

	// The description of the finding.
	Description *string

	// The unique identifier for the finding. This is a random string that Amazon
	// Macie generates and assigns to a finding when it creates the finding.
	Id *string

	// The Amazon Web Services partition that Amazon Macie created the finding in.
	Partition *string

	// The details of a policy finding. This value is null for a sensitive data
	// finding.
	PolicyDetails *PolicyDetails

	// The Amazon Web Services Region that Amazon Macie created the finding in.
	Region *string

	// The resources that the finding applies to.
	ResourcesAffected *ResourcesAffected

	// Specifies whether the finding is a sample finding. A sample finding is a
	// finding that uses example data to demonstrate what a finding might contain.
	Sample *bool

	// The version of the schema that was used to define the data structures in the
	// finding.
	SchemaVersion *string

	// The severity level and score for the finding.
	Severity *Severity

	// The brief description of the finding.
	Title *string

	// The type of the finding.
	Type FindingType

	// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie last
	// updated the finding. For sensitive data findings, this value is the same as the
	// value for the createdAt property. All sensitive data findings are considered
	// new.
	UpdatedAt *time.Time
	// contains filtered or unexported fields
}

type FindingAction struct {

	// The type of action that occurred for the affected resource. This value is
	// typically AWS_API_CALL, which indicates that an entity invoked an API operation
	// for the resource.
	ActionType FindingActionType

	// The invocation details of the API operation that an entity invoked for the
	// affected resource, if the value for the actionType property is AWS_API_CALL.
	ApiCallDetails *ApiCallDetails
	// contains filtered or unexported fields
}

type FindingActionType string

type FindingActor struct {

	// The domain name of the device that the entity used to perform the action on the
	// affected resource.
	DomainDetails *DomainDetails

	// The IP address of the device that the entity used to perform the action on the
	// affected resource. This object also provides information such as the owner and
	// geographic location for the IP address.
	IpAddressDetails *IpAddressDetails

	// The type and other characteristics of the entity that performed the action on
	// the affected resource.
	UserIdentity *UserIdentity
	// contains filtered or unexported fields
}

type FindingCategory string

type FindingCriteria struct {

	// A condition that specifies the property, operator, and one or more values to
	// use to filter the results.
	Criterion map[string]CriterionAdditionalProperties
	// contains filtered or unexported fields
}

type FindingPublishingFrequency string

type FindingStatisticsSortAttributeName string

type FindingStatisticsSortCriteria struct {

	// The grouping to sort the results by. Valid values are: count, sort the results
	// by the number of findings in each group of results; and, groupKey, sort the
	// results by the name of each group of results.
	AttributeName FindingStatisticsSortAttributeName

	// The sort order to apply to the results, based on the value for the property
	// specified by the attributeName property. Valid values are: ASC, sort the results
	// in ascending order; and, DESC, sort the results in descending order.
	OrderBy OrderBy
	// contains filtered or unexported fields
}

type FindingType string

type FindingsFilterAction string

type FindingsFilterListItem struct {

	// The action that's performed on findings that match the filter criteria.
	// Possible values are: ARCHIVE, suppress (automatically archive) the findings;
	// and, NOOP, don't perform any action on the findings.
	Action FindingsFilterAction

	// The Amazon Resource Name (ARN) of the filter.
	Arn *string

	// The unique identifier for the filter.
	Id *string

	// The custom name of the filter.
	Name *string

	// A map of key-value pairs that specifies which tags (keys and values) are
	// associated with the filter.
	Tags map[string]string
	// contains filtered or unexported fields
}

type GroupBy string

type GroupCount struct {

	// The total number of findings in the group of query results.
	Count *int64

	// The name of the property that defines the group in the query results, as
	// specified by the groupBy property in the query request.
	GroupKey *string
	// contains filtered or unexported fields
}

type IamUser struct {

	// The unique identifier for the Amazon Web Services account that's associated
	// with the IAM user who performed the action.
	AccountId *string

	// The Amazon Resource Name (ARN) of the principal that performed the action. The
	// last section of the ARN contains the name of the user who performed the action.
	Arn *string

	// The unique identifier for the IAM user who performed the action.
	PrincipalId *string

	// The username of the IAM user who performed the action.
	UserName *string
	// contains filtered or unexported fields
}

type InternalServerException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type Invitation struct {

	// The Amazon Web Services account ID for the account that sent the invitation.
	AccountId *string

	// The unique identifier for the invitation.
	InvitationId *string

	// The date and time, in UTC and extended ISO 8601 format, when the invitation was
	// sent.
	InvitedAt *time.Time

	// The status of the relationship between the account that sent the invitation and
	// the account that received the invitation.
	RelationshipStatus RelationshipStatus
	// contains filtered or unexported fields
}

type IpAddressDetails struct {

	// The Internet Protocol version 4 (IPv4) address of the device.
	IpAddressV4 *string

	// The city that the IP address originated from.
	IpCity *IpCity

	// The country that the IP address originated from.
	IpCountry *IpCountry

	// The geographic coordinates of the location that the IP address originated from.
	IpGeoLocation *IpGeoLocation

	// The registered owner of the IP address.
	IpOwner *IpOwner
	// contains filtered or unexported fields
}

type IpCity struct {

	// The name of the city.
	Name *string
	// contains filtered or unexported fields
}

type IpCountry struct {

	// The two-character code, in ISO 3166-1 alpha-2 format, for the country that the
	// IP address originated from. For example, US for the United States.
	Code *string

	// The name of the country that the IP address originated from.
	Name *string
	// contains filtered or unexported fields
}

type IpGeoLocation struct {

	// The latitude coordinate of the location, rounded to four decimal places.
	Lat *float64

	// The longitude coordinate of the location, rounded to four decimal places.
	Lon *float64
	// contains filtered or unexported fields
}

type IpOwner struct {

	// The autonomous system number (ASN) for the autonomous system that included the
	// IP address.
	Asn *string

	// The organization identifier that's associated with the autonomous system number
	// (ASN) for the autonomous system that included the IP address.
	AsnOrg *string

	// The name of the internet service provider (ISP) that owned the IP address.
	Isp *string

	// The name of the organization that owned the IP address.
	Org *string
	// contains filtered or unexported fields
}

type IsDefinedInJob string

type IsMonitoredByJob string

type JobComparator string

type JobDetails struct {

	// Specifies whether any one-time or recurring jobs are configured to analyze data
	// in the bucket. Possible values are:
	//   - TRUE - The bucket is explicitly included in the bucket definition
	//   (S3BucketDefinitionForJob) for one or more jobs and at least one of those jobs
	//   has a status other than CANCELLED. Or the bucket matched the bucket criteria
	//   (S3BucketCriteriaForJob) for at least one job that previously ran.
	//   - FALSE - The bucket isn't explicitly included in the bucket definition
	//   (S3BucketDefinitionForJob) for any jobs, all the jobs that explicitly include
	//   the bucket in their bucket definitions have a status of CANCELLED, or the bucket
	//   didn't match the bucket criteria (S3BucketCriteriaForJob) for any jobs that
	//   previously ran.
	//   - UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job
	//   data for the bucket.
	IsDefinedInJob IsDefinedInJob

	// Specifies whether any recurring jobs are configured to analyze data in the
	// bucket. Possible values are:
	//   - TRUE - The bucket is explicitly included in the bucket definition
	//   (S3BucketDefinitionForJob) for one or more recurring jobs or the bucket matches
	//   the bucket criteria (S3BucketCriteriaForJob) for one or more recurring jobs. At
	//   least one of those jobs has a status other than CANCELLED.
	//   - FALSE - The bucket isn't explicitly included in the bucket definition
	//   (S3BucketDefinitionForJob) for any recurring jobs, the bucket doesn't match the
	//   bucket criteria (S3BucketCriteriaForJob) for any recurring jobs, or all the
	//   recurring jobs that are configured to analyze data in the bucket have a status
	//   of CANCELLED.
	//   - UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job
	//   data for the bucket.
	IsMonitoredByJob IsMonitoredByJob

	// The unique identifier for the job that ran most recently and is configured to
	// analyze data in the bucket, either the latest run of a recurring job or the only
	// run of a one-time job. This value is typically null if the value for the
	// isDefinedInJob property is FALSE or UNKNOWN.
	LastJobId *string

	// The date and time, in UTC and extended ISO 8601 format, when the job
	// (lastJobId) started. If the job is a recurring job, this value indicates when
	// the most recent run started. This value is typically null if the value for the
	// isDefinedInJob property is FALSE or UNKNOWN.
	LastJobRunTime *time.Time
	// contains filtered or unexported fields
}

type JobScheduleFrequency struct {

	// Specifies a daily recurrence pattern for running the job.
	DailySchedule *DailySchedule

	// Specifies a monthly recurrence pattern for running the job.
	MonthlySchedule *MonthlySchedule

	// Specifies a weekly recurrence pattern for running the job.
	WeeklySchedule *WeeklySchedule
	// contains filtered or unexported fields
}

type JobScopeTerm struct {

	// A property-based condition that defines a property, operator, and one or more
	// values for including or excluding objects from the job.
	SimpleScopeTerm *SimpleScopeTerm

	// A tag-based condition that defines the operator and tag keys or tag key and
	// value pairs for including or excluding objects from the job.
	TagScopeTerm *TagScopeTerm
	// contains filtered or unexported fields
}

type JobScopingBlock struct {

	// An array of conditions, one for each property- or tag-based condition that
	// determines which objects to include or exclude from the job. If you specify more
	// than one condition, Amazon Macie uses AND logic to join the conditions.
	And []JobScopeTerm
	// contains filtered or unexported fields
}

type JobStatus string

type JobSummary struct {

	// The property- and tag-based conditions that determine which S3 buckets are
	// included or excluded from the job's analysis. Each time the job runs, the job
	// uses these criteria to determine which buckets to analyze. A job's definition
	// can contain a bucketCriteria object or a bucketDefinitions array, not both.
	BucketCriteria *S3BucketCriteriaForJob

	// An array of objects, one for each Amazon Web Services account that owns
	// specific S3 buckets for the job to analyze. Each object specifies the account ID
	// for an account and one or more buckets to analyze for that account. A job's
	// definition can contain a bucketDefinitions array or a bucketCriteria object, not
	// both.
	BucketDefinitions []S3BucketDefinitionForJob

	// The date and time, in UTC and extended ISO 8601 format, when the job was
	// created.
	CreatedAt *time.Time

	// The unique identifier for the job.
	JobId *string

	// The current status of the job. Possible values are:
	//   - CANCELLED - You cancelled the job or, if it's a one-time job, you paused
	//   the job and didn't resume it within 30 days.
	//   - COMPLETE - For a one-time job, Amazon Macie finished processing the data
	//   specified for the job. This value doesn't apply to recurring jobs.
	//   - IDLE - For a recurring job, the previous scheduled run is complete and the
	//   next scheduled run is pending. This value doesn't apply to one-time jobs.
	//   - PAUSED - Macie started running the job but additional processing would
	//   exceed the monthly sensitive data discovery quota for your account or one or
	//   more member accounts that the job analyzes data for.
	//   - RUNNING - For a one-time job, the job is in progress. For a recurring job,
	//   a scheduled run is in progress.
	//   - USER_PAUSED - You paused the job. If you paused the job while it had a
	//   status of RUNNING and you don't resume it within 30 days of pausing it, the job
	//   or job run will expire and be cancelled, depending on the job's type. To check
	//   the expiration date, refer to the UserPausedDetails.jobExpiresAt property.
	JobStatus JobStatus

	// The schedule for running the job. Possible values are:
	//   - ONE_TIME - The job runs only once.
	//   - SCHEDULED - The job runs on a daily, weekly, or monthly basis.
	JobType JobType

	// Specifies whether any account- or bucket-level access errors occurred when the
	// job ran. For a recurring job, this value indicates the error status of the job's
	// most recent run.
	LastRunErrorStatus *LastRunErrorStatus

	// The custom name of the job.
	Name *string

	// If the current status of the job is USER_PAUSED, specifies when the job was
	// paused and when the job or job run will expire and be cancelled if it isn't
	// resumed. This value is present only if the value for jobStatus is USER_PAUSED.
	UserPausedDetails *UserPausedDetails
	// contains filtered or unexported fields
}

type JobType string

type KeyValuePair struct {

	// One part of a key-value pair that comprises a tag. A tag key is a general label
	// that acts as a category for more specific tag values.
	Key *string

	// One part of a key-value pair that comprises a tag. A tag value acts as a
	// descriptor for a tag key. A tag value can be an empty string.
	Value *string
	// contains filtered or unexported fields
}

type LastRunErrorStatus struct {

	// Specifies whether any account- or bucket-level access errors occurred when the
	// job ran. For a recurring job, this value indicates the error status of the job's
	// most recent run. Possible values are:
	//   - ERROR - One or more errors occurred. Amazon Macie didn't process all the
	//   data specified for the job.
	//   - NONE - No errors occurred. Macie processed all the data specified for the
	//   job.
	Code LastRunErrorStatusCode
	// contains filtered or unexported fields
}

type LastRunErrorStatusCode string

type ListJobsFilterCriteria struct {

	// An array of objects, one for each condition that determines which jobs to
	// exclude from the results.
	Excludes []ListJobsFilterTerm

	// An array of objects, one for each condition that determines which jobs to
	// include in the results.
	Includes []ListJobsFilterTerm
	// contains filtered or unexported fields
}

type ListJobsFilterKey string

type ListJobsFilterTerm struct {

	// The operator to use to filter the results.
	Comparator JobComparator

	// The property to use to filter the results.
	Key ListJobsFilterKey

	// An array that lists one or more values to use to filter the results.
	Values []string
	// contains filtered or unexported fields
}

type ListJobsSortAttributeName string

type ListJobsSortCriteria struct {

	// The property to sort the results by.
	AttributeName ListJobsSortAttributeName

	// The sort order to apply to the results, based on the value for the property
	// specified by the attributeName property. Valid values are: ASC, sort the results
	// in ascending order; and, DESC, sort the results in descending order.
	OrderBy OrderBy
	// contains filtered or unexported fields
}

type MacieStatus string

type ManagedDataIdentifierSelector string

type ManagedDataIdentifierSummary struct {

	// The category of sensitive data that the managed data identifier detects:
	// CREDENTIALS, for credentials data such as private keys or Amazon Web Services
	// secret access keys; FINANCIAL_INFORMATION, for financial data such as credit
	// card numbers; or, PERSONAL_INFORMATION, for personal health information, such as
	// health insurance identification numbers, or personally identifiable information,
	// such as passport numbers.
	Category SensitiveDataItemCategory

	// The unique identifier for the managed data identifier. This is a string that
	// describes the type of sensitive data that the managed data identifier detects.
	// For example: OPENSSH_PRIVATE_KEY for OpenSSH private keys, CREDIT_CARD_NUMBER
	// for credit card numbers, or USA_PASSPORT_NUMBER for US passport numbers.
	Id *string
	// contains filtered or unexported fields
}

type MatchingBucket struct {

	// The unique identifier for the Amazon Web Services account that owns the bucket.
	AccountId *string

	// The name of the bucket.
	BucketName *string

	// The total number of objects that Amazon Macie can analyze in the bucket. These
	// objects use a supported storage class and have a file name extension for a
	// supported file or storage format.
	ClassifiableObjectCount *int64

	// The total storage size, in bytes, of the objects that Amazon Macie can analyze
	// in the bucket. These objects use a supported storage class and have a file name
	// extension for a supported file or storage format. If versioning is enabled for
	// the bucket, Macie calculates this value based on the size of the latest version
	// of each applicable object in the bucket. This value doesn't reflect the storage
	// size of all versions of each applicable object in the bucket.
	ClassifiableSizeInBytes *int64

	// The error code for an error that prevented Amazon Macie from retrieving and
	// processing information about the bucket and the bucket's objects. If this value
	// is ACCESS_DENIED, Macie doesn't have permission to retrieve the information. For
	// example, the bucket has a restrictive bucket policy and Amazon S3 denied the
	// request. If this value is null, Macie was able to retrieve and process the
	// information.
	ErrorCode BucketMetadataErrorCode

	// A brief description of the error (errorCode) that prevented Amazon Macie from
	// retrieving and processing information about the bucket and the bucket's objects.
	// This value is null if Macie was able to retrieve and process the information.
	ErrorMessage *string

	// Specifies whether any one-time or recurring classification jobs are configured
	// to analyze objects in the bucket, and, if so, the details of the job that ran
	// most recently.
	JobDetails *JobDetails

	// The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most
	// recently analyzed data in the bucket while performing automated sensitive data
	// discovery for your account. This value is null if automated sensitive data
	// discovery is currently disabled for your account.
	LastAutomatedDiscoveryTime *time.Time

	// The total number of objects in the bucket.
	ObjectCount *int64

	// The total number of objects in the bucket, grouped by server-side encryption
	// type. This includes a grouping that reports the total number of objects that
	// aren't encrypted or use client-side encryption.
	ObjectCountByEncryptionType *ObjectCountByEncryptionType

	// The current sensitivity score for the bucket, ranging from -1 (classification
	// error) to 100 (sensitive). This value is null if automated sensitive data
	// discovery is currently disabled for your account.
	SensitivityScore *int32

	// The total storage size, in bytes, of the bucket. If versioning is enabled for
	// the bucket, Amazon Macie calculates this value based on the size of the latest
	// version of each object in the bucket. This value doesn't reflect the storage
	// size of all versions of each object in the bucket.
	SizeInBytes *int64

	// The total storage size, in bytes, of the objects that are compressed (.gz,
	// .gzip, .zip) files in the bucket. If versioning is enabled for the bucket,
	// Amazon Macie calculates this value based on the size of the latest version of
	// each applicable object in the bucket. This value doesn't reflect the storage
	// size of all versions of each applicable object in the bucket.
	SizeInBytesCompressed *int64

	// The total number of objects that Amazon Macie can't analyze in the bucket.
	// These objects don't use a supported storage class or don't have a file name
	// extension for a supported file or storage format.
	UnclassifiableObjectCount *ObjectLevelStatistics

	// The total storage size, in bytes, of the objects that Amazon Macie can't
	// analyze in the bucket. These objects don't use a supported storage class or
	// don't have a file name extension for a supported file or storage format.
	UnclassifiableObjectSizeInBytes *ObjectLevelStatistics
	// contains filtered or unexported fields
}

type MatchingResource struct {

	// The details of an S3 bucket that Amazon Macie monitors and analyzes.
	MatchingBucket *MatchingBucket
	// contains filtered or unexported fields
}

type Member struct {

	// The Amazon Web Services account ID for the account.
	AccountId *string

	// The Amazon Web Services account ID for the administrator account.
	AdministratorAccountId *string

	// The Amazon Resource Name (ARN) of the account.
	Arn *string

	// The email address for the account. This value is null if the account is
	// associated with the administrator account through Organizations.
	Email *string

	// The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie
	// membership invitation was last sent to the account. This value is null if a
	// Macie membership invitation hasn't been sent to the account.
	InvitedAt *time.Time

	// (Deprecated) The Amazon Web Services account ID for the administrator account.
	// This property has been replaced by the administratorAccountId property and is
	// retained only for backward compatibility.
	MasterAccountId *string

	// The current status of the relationship between the account and the
	// administrator account.
	RelationshipStatus RelationshipStatus

	// A map of key-value pairs that specifies which tags (keys and values) are
	// associated with the account in Amazon Macie.
	Tags map[string]string

	// The date and time, in UTC and extended ISO 8601 format, of the most recent
	// change to the status of the relationship between the account and the
	// administrator account.
	UpdatedAt *time.Time
	// contains filtered or unexported fields
}

type MonthlySchedule struct {

	// The numeric day of the month when Amazon Macie runs the job. This value can be
	// an integer from 1 through 31. If this value exceeds the number of days in a
	// certain month, Macie doesn't run the job that month. Macie runs the job only
	// during months that have the specified day. For example, if this value is 31 and
	// a month has only 30 days, Macie doesn't run the job that month. To run the job
	// every month, specify a value that's less than 29.
	DayOfMonth *int32
	// contains filtered or unexported fields
}

type ObjectCountByEncryptionType struct {

	// The total number of objects that are encrypted with customer-provided keys. The
	// objects use server-side encryption with customer-provided keys (SSE-C).
	CustomerManaged *int64

	// The total number of objects that are encrypted with KMS keys, either Amazon Web
	// Services managed keys or customer managed keys. The objects use dual-layer
	// server-side encryption or server-side encryption with KMS keys (DSSE-KMS or
	// SSE-KMS).
	KmsManaged *int64

	// The total number of objects that are encrypted with Amazon S3 managed keys. The
	// objects use server-side encryption with Amazon S3 managed keys (SSE-S3).
	S3Managed *int64

	// The total number of objects that use client-side encryption or aren't encrypted.
	Unencrypted *int64

	// The total number of objects that Amazon Macie doesn't have current encryption
	// metadata for. Macie can't provide current data about the encryption settings for
	// these objects.
	Unknown *int64
	// contains filtered or unexported fields
}

type ObjectLevelStatistics struct {

	// The total storage size (in bytes) or number of objects that Amazon Macie can't
	// analyze because the objects don't have a file name extension for a supported
	// file or storage format.
	FileType *int64

	// The total storage size (in bytes) or number of objects that Amazon Macie can't
	// analyze because the objects use an unsupported storage class.
	StorageClass *int64

	// The total storage size (in bytes) or number of objects that Amazon Macie can't
	// analyze because the objects use an unsupported storage class or don't have a
	// file name extension for a supported file or storage format.
	Total *int64
	// contains filtered or unexported fields
}

type Occurrences struct {

	// An array of objects, one for each occurrence of sensitive data in a Microsoft
	// Excel workbook, CSV file, or TSV file. This value is null for all other types of
	// files. Each Cell object specifies a cell or field that contains the sensitive
	// data.
	Cells []Cell

	// An array of objects, one for each occurrence of sensitive data in an email
	// message or a non-binary text file such as an HTML, TXT, or XML file. Each Range
	// object specifies a line or inclusive range of lines that contains the sensitive
	// data, and the position of the data on the specified line or lines. This value is
	// often null for file types that are supported by Cell, Page, or Record objects.
	// Exceptions are the location of sensitive data in: unstructured sections of an
	// otherwise structured file, such as a comment in a file; a malformed file that
	// Amazon Macie analyzes as plain text; and, a CSV or TSV file that has any column
	// names that contain sensitive data.
	LineRanges []Range

	// Reserved for future use.
	OffsetRanges []Range

	// An array of objects, one for each occurrence of sensitive data in an Adobe
	// Portable Document Format file. This value is null for all other types of files.
	// Each Page object specifies a page that contains the sensitive data.
	Pages []Page

	// An array of objects, one for each occurrence of sensitive data in an Apache
	// Avro object container, Apache Parquet file, JSON file, or JSON Lines file. This
	// value is null for all other types of files. For an Avro object container or
	// Parquet file, each Record object specifies a record index and the path to a
	// field in a record that contains the sensitive data. For a JSON or JSON Lines
	// file, each Record object specifies the path to a field or array that contains
	// the sensitive data. For a JSON Lines file, it also specifies the index of the
	// line that contains the data.
	Records []Record
	// contains filtered or unexported fields
}

type OrderBy string

type OriginType string

type Page struct {

	// Reserved for future use.
	LineRange *Range

	// Reserved for future use.
	OffsetRange *Range

	// The page number of the page that contains the sensitive data.
	PageNumber *int64
	// contains filtered or unexported fields
}

type PolicyDetails struct {

	// The action that produced the finding.
	Action *FindingAction

	// The entity that performed the action that produced the finding.
	Actor *FindingActor
	// contains filtered or unexported fields
}

type Range struct {

	// The number of lines from the beginning of the file to the end of the sensitive
	// data.
	End *int64

	// The number of lines from the beginning of the file to the beginning of the
	// sensitive data.
	Start *int64

	// The number of characters, with spaces and starting from 1, from the beginning
	// of the first line that contains the sensitive data (start) to the beginning of
	// the sensitive data.
	StartColumn *int64
	// contains filtered or unexported fields
}

type Record struct {

	// The path, as a JSONPath expression, to the sensitive data. For an Avro object
	// container or Parquet file, this is the path to the field in the record
	// (recordIndex) that contains the data. For a JSON or JSON Lines file, this is the
	// path to the field or array that contains the data. If the data is a value in an
	// array, the path also indicates which value contains the data. If Amazon Macie
	// detects sensitive data in the name of any element in the path, Macie omits this
	// field. If the name of an element exceeds 240 characters, Macie truncates the
	// name by removing characters from the beginning of the name. If the resulting
	// full path exceeds 250 characters, Macie also truncates the path, starting with
	// the first element in the path, until the path contains 250 or fewer characters.
	JsonPath *string

	// For an Avro object container or Parquet file, the record index, starting from
	// 0, for the record that contains the sensitive data. For a JSON Lines file, the
	// line index, starting from 0, for the line that contains the sensitive data. This
	// value is always 0 for JSON files.
	RecordIndex *int64
	// contains filtered or unexported fields
}

type RelationshipStatus string

type ReplicationDetails struct {

	// Specifies whether the bucket is configured to replicate one or more objects to
	// any destination.
	Replicated *bool

	// Specifies whether the bucket is configured to replicate one or more objects to
	// a bucket for an Amazon Web Services account that isn't part of your Amazon Macie
	// organization. An Amazon Macie organization is a set of Macie accounts that are
	// centrally managed as a group of related accounts through Organizations or by
	// Macie invitation.
	ReplicatedExternally *bool

	// An array of Amazon Web Services account IDs, one for each Amazon Web Services
	// account that owns a bucket that the bucket is configured to replicate one or
	// more objects to.
	ReplicationAccounts []string
	// contains filtered or unexported fields
}

type ResourceNotFoundException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type ResourceProfileArtifact struct {

	// The Amazon Resource Name (ARN) of the object.
	//
	// This member is required.
	Arn *string

	// The status of the analysis. Possible values are:
	//   - COMPLETE - Amazon Macie successfully completed its analysis of the object.
	//   - PARTIAL - Macie analyzed only a subset of data in the object. For example,
	//   the object is an archive file that contains files in an unsupported format.
	//   - SKIPPED - Macie wasn't able to analyze the object. For example, the object
	//   is a malformed file.
	//
	// This member is required.
	ClassificationResultStatus *string

	// Specifies whether Amazon Macie found sensitive data in the object.
	Sensitive *bool
	// contains filtered or unexported fields
}

type ResourceStatistics struct {

	// The total amount of data, in bytes, that Amazon Macie has analyzed in the
	// bucket.
	TotalBytesClassified *int64

	// The total number of occurrences of sensitive data that Amazon Macie has found
	// in the bucket's objects. This includes occurrences that are currently suppressed
	// by the sensitivity scoring settings for the bucket (totalDetectionsSuppressed).
	TotalDetections *int64

	// The total number of occurrences of sensitive data that are currently suppressed
	// by the sensitivity scoring settings for the bucket. These represent occurrences
	// of sensitive data that Amazon Macie found in the bucket's objects, but the
	// occurrences were manually suppressed. By default, suppressed occurrences are
	// excluded from the bucket's sensitivity score.
	TotalDetectionsSuppressed *int64

	// The total number of objects that Amazon Macie has analyzed in the bucket.
	TotalItemsClassified *int64

	// The total number of the bucket's objects that Amazon Macie has found sensitive
	// data in.
	TotalItemsSensitive *int64

	// The total number of objects that Amazon Macie wasn't able to analyze in the
	// bucket due to an object-level issue or error. For example, an object is a
	// malformed file. This value includes objects that Macie wasn't able to analyze
	// for reasons reported by other statistics in the ResourceStatistics object.
	TotalItemsSkipped *int64

	// The total number of objects that Amazon Macie wasn't able to analyze in the
	// bucket because the objects are encrypted with a key that Macie can't access. The
	// objects use server-side encryption with customer-provided keys (SSE-C).
	TotalItemsSkippedInvalidEncryption *int64

	// The total number of objects that Amazon Macie wasn't able to analyze in the
	// bucket because the objects are encrypted with KMS keys that were disabled, are
	// scheduled for deletion, or were deleted.
	TotalItemsSkippedInvalidKms *int64

	// The total number of objects that Amazon Macie wasn't able to analyze in the
	// bucket due to the permissions settings for the objects or the permissions
	// settings for the keys that were used to encrypt the objects.
	TotalItemsSkippedPermissionDenied *int64
	// contains filtered or unexported fields
}

type ResourcesAffected struct {

	// The details of the S3 bucket that the finding applies to.
	S3Bucket *S3Bucket

	// The details of the S3 object that the finding applies to.
	S3Object *S3Object
	// contains filtered or unexported fields
}

type RetrievalConfiguration struct {

	// The access method that's used to retrieve sensitive data from affected S3
	// objects. Valid values are: ASSUME_ROLE, assume an IAM role that is in the
	// affected Amazon Web Services account and delegates access to Amazon Macie
	// (roleName); and, CALLER_CREDENTIALS, use the credentials of the IAM user who
	// requests the sensitive data.
	//
	// This member is required.
	RetrievalMode RetrievalMode

	// The external ID to specify in the trust policy for the IAM role to assume when
	// retrieving sensitive data from affected S3 objects (roleName). This value is
	// null if the value for retrievalMode is CALLER_CREDENTIALS. This ID is a unique
	// alphanumeric string that Amazon Macie generates automatically after you
	// configure it to assume an IAM role. For a Macie administrator to retrieve
	// sensitive data from an affected S3 object for a member account, the trust policy
	// for the role in the member account must include an sts:ExternalId condition that
	// requires this ID.
	ExternalId *string

	// The name of the IAM role that is in the affected Amazon Web Services account
	// and Amazon Macie is allowed to assume when retrieving sensitive data from
	// affected S3 objects for the account. This value is null if the value for
	// retrievalMode is CALLER_CREDENTIALS.
	RoleName *string
	// contains filtered or unexported fields
}

type RetrievalMode string

type RevealConfiguration struct {

	// The status of the configuration for the Amazon Macie account. In a response,
	// possible values are: ENABLED, the configuration is currently enabled for the
	// account; and, DISABLED, the configuration is currently disabled for the account.
	// In a request, valid values are: ENABLED, enable the configuration for the
	// account; and, DISABLED, disable the configuration for the account. If you
	// disable the configuration, you also permanently delete current settings that
	// specify how to access affected S3 objects. If your current access method is
	// ASSUME_ROLE, Macie also deletes the external ID and role name currently
	// specified for the configuration. These settings can't be recovered after they're
	// deleted.
	//
	// This member is required.
	Status RevealStatus

	// The Amazon Resource Name (ARN), ID, or alias of the KMS key to use to encrypt
	// sensitive data that's retrieved. The key must be an existing, customer managed,
	// symmetric encryption key that's enabled in the same Amazon Web Services Region
	// as the Amazon Macie account. If this value specifies an alias, it must include
	// the following prefix: alias/. If this value specifies a key that's owned by
	// another Amazon Web Services account, it must specify the ARN of the key or the
	// ARN of the key's alias.
	KmsKeyId *string
	// contains filtered or unexported fields
}

type RevealRequestStatus string

type RevealStatus string

type S3Bucket struct {

	// Specifies whether the bucket policy for the bucket requires server-side
	// encryption of objects when objects are added to the bucket. Possible values are:
	//
	//   - FALSE - The bucket policy requires server-side encryption of new objects.
	//   PutObject requests must include a valid server-side encryption header.
	//   - TRUE - The bucket doesn't have a bucket policy or it has a bucket policy
	//   that doesn't require server-side encryption of new objects. If a bucket policy
	//   exists, it doesn't require PutObject requests to include a valid server-side
	//   encryption header.
	//   - UNKNOWN - Amazon Macie can't determine whether the bucket policy requires
	//   server-side encryption of new objects.
	// Valid server-side encryption headers are: x-amz-server-side-encryption with a
	// value of AES256 or aws:kms, and x-amz-server-side-encryption-customer-algorithm
	// with a value of AES256.
	AllowsUnencryptedObjectUploads AllowsUnencryptedObjectUploads

	// The Amazon Resource Name (ARN) of the bucket.
	Arn *string

	// The date and time, in UTC and extended ISO 8601 format, when the bucket was
	// created. This value can also indicate when changes such as edits to the bucket's
	// policy were most recently made to the bucket, relative to when the finding was
	// created or last updated.
	CreatedAt *time.Time

	// The default server-side encryption settings for the bucket.
	DefaultServerSideEncryption *ServerSideEncryption

	// The name of the bucket.
	Name *string

	// The display name and canonical user ID for the Amazon Web Services account that
	// owns the bucket.
	Owner *S3BucketOwner

	// The permissions settings that determine whether the bucket is publicly
	// accessible.
	PublicAccess *BucketPublicAccess

	// The tags that are associated with the bucket.
	Tags []KeyValuePair
	// contains filtered or unexported fields
}

type S3BucketCriteriaForJob struct {

	// The property- and tag-based conditions that determine which buckets to exclude
	// from the job.
	Excludes *CriteriaBlockForJob

	// The property- and tag-based conditions that determine which buckets to include
	// in the job.
	Includes *CriteriaBlockForJob
	// contains filtered or unexported fields
}

type S3BucketDefinitionForJob struct {

	// The unique identifier for the Amazon Web Services account that owns the buckets.
	//
	// This member is required.
	AccountId *string

	// An array that lists the names of the buckets.
	//
	// This member is required.
	Buckets []string
	// contains filtered or unexported fields
}

type S3BucketOwner struct {

	// The display name of the account that owns the bucket.
	DisplayName *string

	// The canonical user ID for the account that owns the bucket.
	Id *string
	// contains filtered or unexported fields
}

type S3ClassificationScope struct {

	// The S3 buckets that are excluded.
	//
	// This member is required.
	Excludes *S3ClassificationScopeExclusion
	// contains filtered or unexported fields
}

type S3ClassificationScopeExclusion struct {

	// An array of strings, one for each S3 bucket that is excluded. Each string is
	// the full name of an excluded bucket.
	//
	// This member is required.
	BucketNames []string
	// contains filtered or unexported fields
}

type S3ClassificationScopeExclusionUpdate struct {

	// Depending on the value specified for the update operation
	// (ClassificationScopeUpdateOperation), an array of strings that: lists the names
	// of buckets to add or remove from the list, or specifies a new set of bucket
	// names that overwrites all existing names in the list. Each string must be the
	// full name of an S3 bucket. Values are case sensitive.
	//
	// This member is required.
	BucketNames []string

	// Specifies how to apply the changes to the exclusion list. Valid values are:
	//   - ADD - Append the specified bucket names to the current list.
	//   - REMOVE - Remove the specified bucket names from the current list.
	//   - REPLACE - Overwrite the current list with the specified list of bucket
	//   names. If you specify this value, Amazon Macie removes all existing names from
	//   the list and adds all the specified names to the list.
	//
	// This member is required.
	Operation ClassificationScopeUpdateOperation
	// contains filtered or unexported fields
}

type S3ClassificationScopeUpdate struct {

	// The names of the S3 buckets to add or remove from the list.
	//
	// This member is required.
	Excludes *S3ClassificationScopeExclusionUpdate
	// contains filtered or unexported fields
}

type S3Destination struct {

	// The name of the bucket.
	//
	// This member is required.
	BucketName *string

	// The Amazon Resource Name (ARN) of the customer managed KMS key to use for
	// encryption of the results. This must be the ARN of an existing, symmetric
	// encryption KMS key that's enabled in the same Amazon Web Services Region as the
	// bucket.
	//
	// This member is required.
	KmsKeyArn *string

	// The path prefix to use in the path to the location in the bucket. This prefix
	// specifies where to store classification results in the bucket.
	KeyPrefix *string
	// contains filtered or unexported fields
}

type S3JobDefinition struct {

	// The property- and tag-based conditions that determine which S3 buckets to
	// include or exclude from the analysis. Each time the job runs, the job uses these
	// criteria to determine which buckets contain objects to analyze. A job's
	// definition can contain a bucketCriteria object or a bucketDefinitions array, not
	// both.
	BucketCriteria *S3BucketCriteriaForJob

	// An array of objects, one for each Amazon Web Services account that owns
	// specific S3 buckets to analyze. Each object specifies the account ID for an
	// account and one or more buckets to analyze for that account. A job's definition
	// can contain a bucketDefinitions array or a bucketCriteria object, not both.
	BucketDefinitions []S3BucketDefinitionForJob

	// The property- and tag-based conditions that determine which S3 objects to
	// include or exclude from the analysis. Each time the job runs, the job uses these
	// criteria to determine which objects to analyze.
	Scoping *Scoping
	// contains filtered or unexported fields
}

type S3Object struct {

	// The Amazon Resource Name (ARN) of the bucket that contains the object.
	BucketArn *string

	// The entity tag (ETag) that identifies the affected version of the object. If
	// the object was overwritten or changed after Amazon Macie produced the finding,
	// this value might be different from the current ETag for the object.
	ETag *string

	// The file name extension of the object. If the object doesn't have a file name
	// extension, this value is "".
	Extension *string

	// The full name (key) of the object, including the object's prefix if applicable.
	Key *string

	// The date and time, in UTC and extended ISO 8601 format, when the object was
	// last modified.
	LastModified *time.Time

	// The full path to the affected object, including the name of the affected bucket
	// and the object's name (key).
	Path *string

	// Specifies whether the object is publicly accessible due to the combination of
	// permissions settings that apply to the object.
	PublicAccess *bool

	// The type of server-side encryption that was used to encrypt the object.
	ServerSideEncryption *ServerSideEncryption

	// The total storage size, in bytes, of the object.
	Size *int64

	// The storage class of the object.
	StorageClass StorageClass

	// The tags that are associated with the object.
	Tags []KeyValuePair

	// The identifier for the affected version of the object.
	VersionId *string
	// contains filtered or unexported fields
}

type S3WordsList struct {

	// The full name of the S3 bucket that contains the object.
	//
	// This member is required.
	BucketName *string

	// The full name (key) of the object.
	//
	// This member is required.
	ObjectKey *string
	// contains filtered or unexported fields
}

type ScopeFilterKey string

type Scoping struct {

	// The property- and tag-based conditions that determine which objects to exclude
	// from the analysis.
	Excludes *JobScopingBlock

	// The property- and tag-based conditions that determine which objects to include
	// in the analysis.
	Includes *JobScopingBlock
	// contains filtered or unexported fields
}

type SearchResourcesBucketCriteria struct {

	// The property- and tag-based conditions that determine which buckets to exclude
	// from the results.
	Excludes *SearchResourcesCriteriaBlock

	// The property- and tag-based conditions that determine which buckets to include
	// in the results.
	Includes *SearchResourcesCriteriaBlock
	// contains filtered or unexported fields
}

type SearchResourcesComparator string

type SearchResourcesCriteria struct {

	// A property-based condition that defines a property, operator, and one or more
	// values for including or excluding resources from the results.
	SimpleCriterion *SearchResourcesSimpleCriterion

	// A tag-based condition that defines an operator and tag keys, tag values, or tag
	// key and value pairs for including or excluding resources from the results.
	TagCriterion *SearchResourcesTagCriterion
	// contains filtered or unexported fields
}

type SearchResourcesCriteriaBlock struct {

	// An array of objects, one for each property- or tag-based condition that
	// includes or excludes resources from the query results. If you specify more than
	// one condition, Amazon Macie uses AND logic to join the conditions.
	And []SearchResourcesCriteria
	// contains filtered or unexported fields
}

type SearchResourcesSimpleCriterion struct {

	// The operator to use in the condition. Valid values are EQ (equals) and NE (not
	// equals).
	Comparator SearchResourcesComparator

	// The property to use in the condition.
	Key SearchResourcesSimpleCriterionKey

	// An array that lists one or more values to use in the condition. If you specify
	// multiple values, Amazon Macie uses OR logic to join the values. Valid values for
	// each supported property (key) are:
	//   - ACCOUNT_ID - A string that represents the unique identifier for the Amazon
	//   Web Services account that owns the resource.
	//   - S3_BUCKET_EFFECTIVE_PERMISSION - A string that represents an enumerated
	//   value that Macie defines for the BucketPublicAccess.effectivePermission (https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketpublicaccess-effectivepermission)
	//   property of an S3 bucket.
	//   - S3_BUCKET_NAME - A string that represents the name of an S3 bucket.
	//   - S3_BUCKET_SHARED_ACCESS - A string that represents an enumerated value that
	//   Macie defines for the BucketMetadata.sharedAccess (https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketmetadata-sharedaccess)
	//   property of an S3 bucket.
	// Values are case sensitive. Also, Macie doesn't support use of partial values or
	// wildcard characters in values.
	Values []string
	// contains filtered or unexported fields
}

type SearchResourcesSimpleCriterionKey string

type SearchResourcesSortAttributeName string

type SearchResourcesSortCriteria struct {

	// The property to sort the results by.
	AttributeName SearchResourcesSortAttributeName

	// The sort order to apply to the results, based on the value for the property
	// specified by the attributeName property. Valid values are: ASC, sort the results
	// in ascending order; and, DESC, sort the results in descending order.
	OrderBy OrderBy
	// contains filtered or unexported fields
}

type SearchResourcesTagCriterion struct {

	// The operator to use in the condition. Valid values are EQ (equals) and NE (not
	// equals).
	Comparator SearchResourcesComparator

	// The tag keys, tag values, or tag key and value pairs to use in the condition.
	TagValues []SearchResourcesTagCriterionPair
	// contains filtered or unexported fields
}

type SearchResourcesTagCriterionPair struct {

	// The value for the tag key to use in the condition.
	Key *string

	// The tag value to use in the condition.
	Value *string
	// contains filtered or unexported fields
}

type SecurityHubConfiguration struct {

	// Specifies whether to publish sensitive data findings to Security Hub. If you
	// set this value to true, Amazon Macie automatically publishes all sensitive data
	// findings that weren't suppressed by a findings filter. The default value is
	// false.
	//
	// This member is required.
	PublishClassificationFindings *bool

	// Specifies whether to publish policy findings to Security Hub. If you set this
	// value to true, Amazon Macie automatically publishes all new and updated policy
	// findings that weren't suppressed by a findings filter. The default value is
	// true.
	//
	// This member is required.
	PublishPolicyFindings *bool
	// contains filtered or unexported fields
}

type SensitiveDataItem struct {

	// The category of sensitive data that was detected. For example: CREDENTIALS, for
	// credentials data such as private keys or Amazon Web Services secret access keys;
	// FINANCIAL_INFORMATION, for financial data such as credit card numbers; or,
	// PERSONAL_INFORMATION, for personal health information, such as health insurance
	// identification numbers, or personally identifiable information, such as passport
	// numbers.
	Category SensitiveDataItemCategory

	// An array of objects, one for each type of sensitive data that was detected.
	// Each object reports the number of occurrences of a specific type of sensitive
	// data that was detected, and the location of up to 15 of those occurrences.
	Detections []DefaultDetection

	// The total number of occurrences of the sensitive data that was detected.
	TotalCount *int64
	// contains filtered or unexported fields
}

type SensitiveDataItemCategory string

type SensitivityAggregations struct {

	// The total storage size, in bytes, of all the objects that Amazon Macie can
	// analyze in the buckets. These objects use a supported storage class and have a
	// file name extension for a supported file or storage format. If versioning is
	// enabled for any of the buckets, this value is based on the size of the latest
	// version of each applicable object in the buckets. This value doesn't reflect the
	// storage size of all versions of all applicable objects in the buckets.
	ClassifiableSizeInBytes *int64

	// The total number of buckets that are publicly accessible due to a combination
	// of permissions settings for each bucket.
	PubliclyAccessibleCount *int64

	// The total number of buckets.
	TotalCount *int64

	// The total storage size, in bytes, of the buckets. If versioning is enabled for
	// any of the buckets, this value is based on the size of the latest version of
	// each object in the buckets. This value doesn't reflect the storage size of all
	// versions of the objects in the buckets.
	TotalSizeInBytes *int64
	// contains filtered or unexported fields
}

type SensitivityInspectionTemplateExcludes struct {

	// An array of unique identifiers, one for each managed data identifier to
	// exclude. To retrieve a list of valid values, use the ListManagedDataIdentifiers
	// operation.
	ManagedDataIdentifierIds []string
	// contains filtered or unexported fields
}

type SensitivityInspectionTemplateIncludes struct {

	// An array of unique identifiers, one for each allow list to include.
	AllowListIds []string

	// An array of unique identifiers, one for each custom data identifier to include.
	CustomDataIdentifierIds []string

	// An array of unique identifiers, one for each managed data identifier to
	// include. Amazon Macie uses these managed data identifiers in addition to managed
	// data identifiers that are subsequently released and recommended for automated
	// sensitive data discovery. To retrieve a list of valid values for the managed
	// data identifiers that are currently available, use the
	// ListManagedDataIdentifiers operation.
	ManagedDataIdentifierIds []string
	// contains filtered or unexported fields
}

type SensitivityInspectionTemplatesEntry struct {

	// The unique identifier for the sensitivity inspection template.
	Id *string

	// The name of the sensitivity inspection template:
	// automated-sensitive-data-discovery.
	Name *string
	// contains filtered or unexported fields
}

type ServerSideEncryption struct {

	// The server-side encryption algorithm that's used when storing data in the
	// bucket or object. If default encryption settings aren't configured for the
	// bucket or the object isn't encrypted using server-side encryption, this value is
	// NONE.
	EncryptionType EncryptionType

	// The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS key
	// that's used to encrypt data in the bucket or the object. This value is null if
	// an KMS key isn't used to encrypt the data.
	KmsMasterKeyId *string
	// contains filtered or unexported fields
}

type ServiceLimit struct {

	// Specifies whether the account has met the quota that corresponds to the metric
	// specified by the UsageByAccount.type field in the response.
	IsServiceLimited *bool

	// The unit of measurement for the value specified by the value field.
	Unit Unit

	// The value for the metric specified by the UsageByAccount.type field in the
	// response.
	Value *int64
	// contains filtered or unexported fields
}

type ServiceQuotaExceededException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type SessionContext struct {

	// The date and time when the credentials were issued, and whether the credentials
	// were authenticated with a multi-factor authentication (MFA) device.
	Attributes *SessionContextAttributes

	// The source and type of credentials that were issued to the entity.
	SessionIssuer *SessionIssuer
	// contains filtered or unexported fields
}

type SessionContextAttributes struct {

	// The date and time, in UTC and ISO 8601 format, when the credentials were issued.
	CreationDate *time.Time

	// Specifies whether the credentials were authenticated with a multi-factor
	// authentication (MFA) device.
	MfaAuthenticated *bool
	// contains filtered or unexported fields
}

type SessionIssuer struct {

	// The unique identifier for the Amazon Web Services account that owns the entity
	// that was used to get the credentials.
	AccountId *string

	// The Amazon Resource Name (ARN) of the source account, Identity and Access
	// Management (IAM) user, or role that was used to get the credentials.
	Arn *string

	// The unique identifier for the entity that was used to get the credentials.
	PrincipalId *string

	// The source of the temporary security credentials, such as Root, IAMUser, or
	// Role.
	Type *string

	// The name or alias of the user or role that issued the session. This value is
	// null if the credentials were obtained from a root account that doesn't have an
	// alias.
	UserName *string
	// contains filtered or unexported fields
}

type Severity struct {

	// The qualitative representation of the finding's severity, ranging from Low
	// (least severe) to High (most severe).
	Description SeverityDescription

	// The numerical representation of the finding's severity, ranging from 1 (least
	// severe) to 3 (most severe).
	Score *int64
	// contains filtered or unexported fields
}

type SeverityDescription string

type SeverityLevel struct {

	// The minimum number of occurrences of text that must match the custom data
	// identifier's detection criteria in order to produce a finding with the specified
	// severity (severity).
	//
	// This member is required.
	OccurrencesThreshold *int64

	// The severity to assign to a finding: if the number of occurrences is greater
	// than or equal to the specified threshold (occurrencesThreshold); and, if
	// applicable, the number of occurrences is less than the threshold for the next
	// consecutive severity level for the custom data identifier, moving from LOW to
	// HIGH.
	//
	// This member is required.
	Severity DataIdentifierSeverity
	// contains filtered or unexported fields
}

type SharedAccess string

type SimpleCriterionForJob struct {

	// The operator to use in the condition. Valid values are EQ (equals) and NE (not
	// equals).
	Comparator JobComparator

	// The property to use in the condition.
	Key SimpleCriterionKeyForJob

	// An array that lists one or more values to use in the condition. If you specify
	// multiple values, Amazon Macie uses OR logic to join the values. Valid values for
	// each supported property (key) are:
	//   - ACCOUNT_ID - A string that represents the unique identifier for the Amazon
	//   Web Services account that owns the bucket.
	//   - S3_BUCKET_EFFECTIVE_PERMISSION - A string that represents an enumerated
	//   value that Macie defines for the BucketPublicAccess.effectivePermission (https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketpublicaccess-effectivepermission)
	//   property of a bucket.
	//   - S3_BUCKET_NAME - A string that represents the name of a bucket.
	//   - S3_BUCKET_SHARED_ACCESS - A string that represents an enumerated value that
	//   Macie defines for the BucketMetadata.sharedAccess (https://docs.aws.amazon.com/macie/latest/APIReference/datasources-s3.html#datasources-s3-prop-bucketmetadata-sharedaccess)
	//   property of a bucket.
	// Values are case sensitive. Also, Macie doesn't support use of partial values or
	// wildcard characters in these values.
	Values []string
	// contains filtered or unexported fields
}

type SimpleCriterionKeyForJob string

type SimpleScopeTerm struct {

	// The operator to use in the condition. Valid values for each supported property
	// (key) are:
	//   - OBJECT_EXTENSION - EQ (equals) or NE (not equals)
	//   - OBJECT_KEY - STARTS_WITH
	//   - OBJECT_LAST_MODIFIED_DATE - EQ (equals), GT (greater than), GTE (greater
	//   than or equals), LT (less than), LTE (less than or equals), or NE (not equals)
	//   - OBJECT_SIZE - EQ (equals), GT (greater than), GTE (greater than or equals),
	//   LT (less than), LTE (less than or equals), or NE (not equals)
	Comparator JobComparator

	// The object property to use in the condition.
	Key ScopeFilterKey

	// An array that lists the values to use in the condition. If the value for the
	// key property is OBJECT_EXTENSION or OBJECT_KEY, this array can specify multiple
	// values and Amazon Macie uses OR logic to join the values. Otherwise, this array
	// can specify only one value. Valid values for each supported property (key) are:
	//   - OBJECT_EXTENSION - A string that represents the file name extension of an
	//   object. For example: docx or pdf
	//   - OBJECT_KEY - A string that represents the key prefix (folder name or path)
	//   of an object. For example: logs or awslogs/eventlogs. This value applies a
	//   condition to objects whose keys (names) begin with the specified value.
	//   - OBJECT_LAST_MODIFIED_DATE - The date and time (in UTC and extended ISO 8601
	//   format) when an object was created or last changed, whichever is latest. For
	//   example: 2023-09-24T14:31:13Z
	//   - OBJECT_SIZE - An integer that represents the storage size (in bytes) of an
	//   object.
	// Macie doesn't support use of wildcard characters in these values. Also, string
	// values are case sensitive.
	Values []string
	// contains filtered or unexported fields
}

type SortCriteria struct {

	// The name of the property to sort the results by. Valid values are: count,
	// createdAt, policyDetails.action.apiCallDetails.firstSeen,
	// policyDetails.action.apiCallDetails.lastSeen, resourcesAffected, severity.score,
	// type, and updatedAt.
	AttributeName *string

	// The sort order to apply to the results, based on the value for the property
	// specified by the attributeName property. Valid values are: ASC, sort the results
	// in ascending order; and, DESC, sort the results in descending order.
	OrderBy OrderBy
	// contains filtered or unexported fields
}

type Statistics struct {

	// The approximate number of objects that the job has yet to process during its
	// current run.
	ApproximateNumberOfObjectsToProcess *float64

	// The number of times that the job has run.
	NumberOfRuns *float64
	// contains filtered or unexported fields
}

type StorageClass string

type SuppressDataIdentifier struct {

	// The unique identifier for the custom data identifier or managed data identifier
	// that detected the type of sensitive data to exclude or include in the score.
	Id *string

	// The type of data identifier that detected the sensitive data. Possible values
	// are: CUSTOM, for a custom data identifier; and, MANAGED, for a managed data
	// identifier.
	Type DataIdentifierType
	// contains filtered or unexported fields
}

type TagCriterionForJob struct {

	// The operator to use in the condition. Valid values are EQ (equals) and NE (not
	// equals).
	Comparator JobComparator

	// The tag keys, tag values, or tag key and value pairs to use in the condition.
	TagValues []TagCriterionPairForJob
	// contains filtered or unexported fields
}

type TagCriterionPairForJob struct {

	// The value for the tag key to use in the condition.
	Key *string

	// The tag value to use in the condition.
	Value *string
	// contains filtered or unexported fields
}

type TagScopeTerm struct {

	// The operator to use in the condition. Valid values are EQ (equals) or NE (not
	// equals).
	Comparator JobComparator

	// The object property to use in the condition. The only valid value is TAG.
	Key *string

	// The tag keys or tag key and value pairs to use in the condition. To specify
	// only tag keys in a condition, specify the keys in this array and set the value
	// for each associated tag value to an empty string.
	TagValues []TagValuePair

	// The type of object to apply the condition to.
	Target TagTarget
	// contains filtered or unexported fields
}

type TagTarget string

type TagValuePair struct {

	// The value for the tag key to use in the condition.
	Key *string

	// The tag value, associated with the specified tag key (key), to use in the
	// condition. To specify only a tag key for a condition, specify the tag key for
	// the key property and set this value to an empty string.
	Value *string
	// contains filtered or unexported fields
}

type ThrottlingException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type TimeRange string

type Type string

type UnavailabilityReasonCode string

type Unit string

type UnprocessableEntityException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type UnprocessedAccount struct {

	// The Amazon Web Services account ID for the account that the request applies to.
	AccountId *string

	// The source of the issue or delay in processing the request.
	ErrorCode ErrorCode

	// The reason why the request hasn't been processed.
	ErrorMessage *string
	// contains filtered or unexported fields
}

type UpdateRetrievalConfiguration struct {

	// The access method to use when retrieving sensitive data from affected S3
	// objects. Valid values are: ASSUME_ROLE, assume an IAM role that is in the
	// affected Amazon Web Services account and delegates access to Amazon Macie; and,
	// CALLER_CREDENTIALS, use the credentials of the IAM user who requests the
	// sensitive data. If you specify ASSUME_ROLE, also specify the name of an existing
	// IAM role for Macie to assume (roleName). If you change this value from
	// ASSUME_ROLE to CALLER_CREDENTIALS for an existing configuration, Macie
	// permanently deletes the external ID and role name currently specified for the
	// configuration. These settings can't be recovered after they're deleted.
	//
	// This member is required.
	RetrievalMode RetrievalMode

	// The name of the IAM role that is in the affected Amazon Web Services account
	// and Amazon Macie is allowed to assume when retrieving sensitive data from
	// affected S3 objects for the account. The trust and permissions policies for the
	// role must meet all requirements for Macie to assume the role.
	RoleName *string
	// contains filtered or unexported fields
}

type UsageByAccount struct {

	// The type of currency that the value for the metric (estimatedCost) is reported
	// in.
	Currency Currency

	// The estimated value for the metric.
	EstimatedCost *string

	// The current value for the quota that corresponds to the metric specified by the
	// type field.
	ServiceLimit *ServiceLimit

	// The name of the metric. Possible values are: AUTOMATED_OBJECT_MONITORING, to
	// monitor S3 objects for automated sensitive data discovery;
	// AUTOMATED_SENSITIVE_DATA_DISCOVERY, to analyze S3 objects for automated
	// sensitive data discovery; DATA_INVENTORY_EVALUATION, to monitor S3 buckets; and,
	// SENSITIVE_DATA_DISCOVERY, to run classification jobs.
	Type UsageType
	// contains filtered or unexported fields
}

type UsageRecord struct {

	// The unique identifier for the Amazon Web Services account that the data applies
	// to.
	AccountId *string

	// The date and time, in UTC and extended ISO 8601 format, when the free trial of
	// automated sensitive data discovery started for the account. If the account is a
	// member account in an organization, this value is the same as the value for the
	// organization's Amazon Macie administrator account.
	AutomatedDiscoveryFreeTrialStartDate *time.Time

	// The date and time, in UTC and extended ISO 8601 format, when the Amazon Macie
	// free trial started for the account.
	FreeTrialStartDate *time.Time

	// An array of objects that contains usage data and quotas for the account. Each
	// object contains the data for a specific usage metric and the corresponding
	// quota.
	Usage []UsageByAccount
	// contains filtered or unexported fields
}

type UsageStatisticsFilter struct {

	// The operator to use in the condition. If the value for the key property is
	// accountId, this value must be CONTAINS. If the value for the key property is any
	// other supported field, this value can be EQ, GT, GTE, LT, LTE, or NE.
	Comparator UsageStatisticsFilterComparator

	// The field to use in the condition.
	Key UsageStatisticsFilterKey

	// An array that lists values to use in the condition, based on the value for the
	// field specified by the key property. If the value for the key property is
	// accountId, this array can specify multiple values. Otherwise, this array can
	// specify only one value. Valid values for each supported field are:
	//   - accountId - The unique identifier for an Amazon Web Services account.
	//   - freeTrialStartDate - The date and time, in UTC and extended ISO 8601
	//   format, when the Amazon Macie free trial started for an account.
	//   - serviceLimit - A Boolean (true or false) value that indicates whether an
	//   account has reached its monthly quota.
	//   - total - A string that represents the current estimated cost for an account.
	Values []string
	// contains filtered or unexported fields
}

type UsageStatisticsFilterComparator string

type UsageStatisticsFilterKey string

type UsageStatisticsSortBy struct {

	// The field to sort the results by.
	Key UsageStatisticsSortKey

	// The sort order to apply to the results, based on the value for the field
	// specified by the key property. Valid values are: ASC, sort the results in
	// ascending order; and, DESC, sort the results in descending order.
	OrderBy OrderBy
	// contains filtered or unexported fields
}

type UsageStatisticsSortKey string

type UsageTotal struct {

	// The type of currency that the value for the metric (estimatedCost) is reported
	// in.
	Currency Currency

	// The estimated value for the metric.
	EstimatedCost *string

	// The name of the metric. Possible values are: AUTOMATED_OBJECT_MONITORING, to
	// monitor S3 objects for automated sensitive data discovery;
	// AUTOMATED_SENSITIVE_DATA_DISCOVERY, to analyze S3 objects for automated
	// sensitive data discovery; DATA_INVENTORY_EVALUATION, to monitor S3 buckets; and,
	// SENSITIVE_DATA_DISCOVERY, to run classification jobs.
	Type UsageType
	// contains filtered or unexported fields
}

type UsageType string

type UserIdentity struct {

	// If the action was performed with temporary security credentials that were
	// obtained using the AssumeRole operation of the Security Token Service (STS) API,
	// the identifiers, session context, and other details about the identity.
	AssumedRole *AssumedRole

	// If the action was performed using the credentials for another Amazon Web
	// Services account, the details of that account.
	AwsAccount *AwsAccount

	// If the action was performed by an Amazon Web Services account that belongs to
	// an Amazon Web Service, the name of the service.
	AwsService *AwsService

	// If the action was performed with temporary security credentials that were
	// obtained using the GetFederationToken operation of the Security Token Service
	// (STS) API, the identifiers, session context, and other details about the
	// identity.
	FederatedUser *FederatedUser

	// If the action was performed using the credentials for an Identity and Access
	// Management (IAM) user, the name and other details about the user.
	IamUser *IamUser

	// If the action was performed using the credentials for your Amazon Web Services
	// account, the details of your account.
	Root *UserIdentityRoot

	// The type of entity that performed the action.
	Type UserIdentityType
	// contains filtered or unexported fields
}

type UserIdentityRoot struct {

	// The unique identifier for the Amazon Web Services account.
	AccountId *string

	// The Amazon Resource Name (ARN) of the principal that performed the action. The
	// last section of the ARN contains the name of the user or role that performed the
	// action.
	Arn *string

	// The unique identifier for the entity that performed the action.
	PrincipalId *string
	// contains filtered or unexported fields
}

type UserIdentityType string

type UserPausedDetails struct {

	// The date and time, in UTC and extended ISO 8601 format, when the job or job run
	// will expire and be cancelled if you don't resume it first.
	JobExpiresAt *time.Time

	// The Amazon Resource Name (ARN) of the Health event that Amazon Macie sent to
	// notify you of the job or job run's pending expiration and cancellation. This
	// value is null if a job has been paused for less than 23 days.
	JobImminentExpirationHealthEventArn *string

	// The date and time, in UTC and extended ISO 8601 format, when you paused the job.
	JobPausedAt *time.Time
	// contains filtered or unexported fields
}

type ValidationException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WeeklySchedule struct {

	// The day of the week when Amazon Macie runs the job.
	DayOfWeek DayOfWeek
	// contains filtered or unexported fields
}