Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
- Operations
- ApplyArchiveRule
- CancelPolicyGeneration
- CreateAccessPreview
- CreateAnalyzer
- CreateArchiveRule
- DeleteAnalyzer
- DeleteArchiveRule
- GetAccessPreview
- GetAnalyzedResource
- GetAnalyzer
- GetArchiveRule
- GetFinding
- GetGeneratedPolicy
- ListAccessPreviewFindings
- ListAccessPreviews
- ListAnalyzedResources
- ListAnalyzers
- ListArchiveRules
- ListFindings
- ListPolicyGenerations
- ListTagsForResource
- StartPolicyGeneration
- StartResourceScan
- TagResource
- UntagResource
- UpdateArchiveRule
- UpdateFindings
- ValidatePolicy
- Types
- AccessPreview
- AccessPreviewFinding
- AccessPreviewStatusReason
- AccessPreviewSummary
- AclGrantee
- AnalyzedResource
- AnalyzedResourceSummary
- AnalyzerSummary
- ArchiveRuleSummary
- CloudTrailDetails
- CloudTrailProperties
- Configuration
- Criterion
- EbsSnapshotConfiguration
- EcrRepositoryConfiguration
- EfsFileSystemConfiguration
- Finding
- FindingSource
- FindingSourceDetail
- FindingSummary
- GeneratedPolicy
- GeneratedPolicyProperties
- GeneratedPolicyResult
- IamRoleConfiguration
- InlineArchiveRule
- InternetConfiguration
- JobDetails
- JobError
- KmsGrantConfiguration
- KmsGrantConstraints
- KmsKeyConfiguration
- Location
- NetworkOriginConfiguration
- PathElement
- PolicyGeneration
- PolicyGenerationDetails
- Position
- RdsDbClusterSnapshotAttributeValue
- RdsDbClusterSnapshotConfiguration
- RdsDbSnapshotAttributeValue
- RdsDbSnapshotConfiguration
- S3AccessPointConfiguration
- S3BucketAclGrantConfiguration
- S3BucketConfiguration
- S3PublicAccessBlockConfiguration
- SecretsManagerSecretConfiguration
- SnsTopicConfiguration
- SortCriteria
- Span
- SqsQueueConfiguration
- StatusReason
- Substring
- Trail
- TrailProperties
- ValidatePolicyFinding
- VpcConfiguration
Synopsis
- applyArchiveRule_clientToken :: Lens' ApplyArchiveRule (Maybe Text)
- applyArchiveRule_analyzerArn :: Lens' ApplyArchiveRule Text
- applyArchiveRule_ruleName :: Lens' ApplyArchiveRule Text
- cancelPolicyGeneration_jobId :: Lens' CancelPolicyGeneration Text
- cancelPolicyGenerationResponse_httpStatus :: Lens' CancelPolicyGenerationResponse Int
- createAccessPreview_clientToken :: Lens' CreateAccessPreview (Maybe Text)
- createAccessPreview_analyzerArn :: Lens' CreateAccessPreview Text
- createAccessPreview_configurations :: Lens' CreateAccessPreview (HashMap Text Configuration)
- createAccessPreviewResponse_httpStatus :: Lens' CreateAccessPreviewResponse Int
- createAccessPreviewResponse_id :: Lens' CreateAccessPreviewResponse Text
- createAnalyzer_archiveRules :: Lens' CreateAnalyzer (Maybe [InlineArchiveRule])
- createAnalyzer_clientToken :: Lens' CreateAnalyzer (Maybe Text)
- createAnalyzer_tags :: Lens' CreateAnalyzer (Maybe (HashMap Text Text))
- createAnalyzer_analyzerName :: Lens' CreateAnalyzer Text
- createAnalyzer_type :: Lens' CreateAnalyzer Type
- createAnalyzerResponse_arn :: Lens' CreateAnalyzerResponse (Maybe Text)
- createAnalyzerResponse_httpStatus :: Lens' CreateAnalyzerResponse Int
- createArchiveRule_clientToken :: Lens' CreateArchiveRule (Maybe Text)
- createArchiveRule_analyzerName :: Lens' CreateArchiveRule Text
- createArchiveRule_ruleName :: Lens' CreateArchiveRule Text
- createArchiveRule_filter :: Lens' CreateArchiveRule (HashMap Text Criterion)
- deleteAnalyzer_clientToken :: Lens' DeleteAnalyzer (Maybe Text)
- deleteAnalyzer_analyzerName :: Lens' DeleteAnalyzer Text
- deleteArchiveRule_clientToken :: Lens' DeleteArchiveRule (Maybe Text)
- deleteArchiveRule_analyzerName :: Lens' DeleteArchiveRule Text
- deleteArchiveRule_ruleName :: Lens' DeleteArchiveRule Text
- getAccessPreview_accessPreviewId :: Lens' GetAccessPreview Text
- getAccessPreview_analyzerArn :: Lens' GetAccessPreview Text
- getAccessPreviewResponse_httpStatus :: Lens' GetAccessPreviewResponse Int
- getAccessPreviewResponse_accessPreview :: Lens' GetAccessPreviewResponse AccessPreview
- getAnalyzedResource_analyzerArn :: Lens' GetAnalyzedResource Text
- getAnalyzedResource_resourceArn :: Lens' GetAnalyzedResource Text
- getAnalyzedResourceResponse_resource :: Lens' GetAnalyzedResourceResponse (Maybe AnalyzedResource)
- getAnalyzedResourceResponse_httpStatus :: Lens' GetAnalyzedResourceResponse Int
- getAnalyzer_analyzerName :: Lens' GetAnalyzer Text
- getAnalyzerResponse_httpStatus :: Lens' GetAnalyzerResponse Int
- getAnalyzerResponse_analyzer :: Lens' GetAnalyzerResponse AnalyzerSummary
- getArchiveRule_analyzerName :: Lens' GetArchiveRule Text
- getArchiveRule_ruleName :: Lens' GetArchiveRule Text
- getArchiveRuleResponse_httpStatus :: Lens' GetArchiveRuleResponse Int
- getArchiveRuleResponse_archiveRule :: Lens' GetArchiveRuleResponse ArchiveRuleSummary
- getFinding_analyzerArn :: Lens' GetFinding Text
- getFinding_id :: Lens' GetFinding Text
- getFindingResponse_finding :: Lens' GetFindingResponse (Maybe Finding)
- getFindingResponse_httpStatus :: Lens' GetFindingResponse Int
- getGeneratedPolicy_includeResourcePlaceholders :: Lens' GetGeneratedPolicy (Maybe Bool)
- getGeneratedPolicy_includeServiceLevelTemplate :: Lens' GetGeneratedPolicy (Maybe Bool)
- getGeneratedPolicy_jobId :: Lens' GetGeneratedPolicy Text
- getGeneratedPolicyResponse_httpStatus :: Lens' GetGeneratedPolicyResponse Int
- getGeneratedPolicyResponse_jobDetails :: Lens' GetGeneratedPolicyResponse JobDetails
- getGeneratedPolicyResponse_generatedPolicyResult :: Lens' GetGeneratedPolicyResponse GeneratedPolicyResult
- listAccessPreviewFindings_filter :: Lens' ListAccessPreviewFindings (Maybe (HashMap Text Criterion))
- listAccessPreviewFindings_maxResults :: Lens' ListAccessPreviewFindings (Maybe Int)
- listAccessPreviewFindings_nextToken :: Lens' ListAccessPreviewFindings (Maybe Text)
- listAccessPreviewFindings_accessPreviewId :: Lens' ListAccessPreviewFindings Text
- listAccessPreviewFindings_analyzerArn :: Lens' ListAccessPreviewFindings Text
- listAccessPreviewFindingsResponse_nextToken :: Lens' ListAccessPreviewFindingsResponse (Maybe Text)
- listAccessPreviewFindingsResponse_httpStatus :: Lens' ListAccessPreviewFindingsResponse Int
- listAccessPreviewFindingsResponse_findings :: Lens' ListAccessPreviewFindingsResponse [AccessPreviewFinding]
- listAccessPreviews_maxResults :: Lens' ListAccessPreviews (Maybe Int)
- listAccessPreviews_nextToken :: Lens' ListAccessPreviews (Maybe Text)
- listAccessPreviews_analyzerArn :: Lens' ListAccessPreviews Text
- listAccessPreviewsResponse_nextToken :: Lens' ListAccessPreviewsResponse (Maybe Text)
- listAccessPreviewsResponse_httpStatus :: Lens' ListAccessPreviewsResponse Int
- listAccessPreviewsResponse_accessPreviews :: Lens' ListAccessPreviewsResponse [AccessPreviewSummary]
- listAnalyzedResources_maxResults :: Lens' ListAnalyzedResources (Maybe Int)
- listAnalyzedResources_nextToken :: Lens' ListAnalyzedResources (Maybe Text)
- listAnalyzedResources_resourceType :: Lens' ListAnalyzedResources (Maybe ResourceType)
- listAnalyzedResources_analyzerArn :: Lens' ListAnalyzedResources Text
- listAnalyzedResourcesResponse_nextToken :: Lens' ListAnalyzedResourcesResponse (Maybe Text)
- listAnalyzedResourcesResponse_httpStatus :: Lens' ListAnalyzedResourcesResponse Int
- listAnalyzedResourcesResponse_analyzedResources :: Lens' ListAnalyzedResourcesResponse [AnalyzedResourceSummary]
- listAnalyzers_maxResults :: Lens' ListAnalyzers (Maybe Int)
- listAnalyzers_nextToken :: Lens' ListAnalyzers (Maybe Text)
- listAnalyzers_type :: Lens' ListAnalyzers (Maybe Type)
- listAnalyzersResponse_nextToken :: Lens' ListAnalyzersResponse (Maybe Text)
- listAnalyzersResponse_httpStatus :: Lens' ListAnalyzersResponse Int
- listAnalyzersResponse_analyzers :: Lens' ListAnalyzersResponse [AnalyzerSummary]
- listArchiveRules_maxResults :: Lens' ListArchiveRules (Maybe Int)
- listArchiveRules_nextToken :: Lens' ListArchiveRules (Maybe Text)
- listArchiveRules_analyzerName :: Lens' ListArchiveRules Text
- listArchiveRulesResponse_nextToken :: Lens' ListArchiveRulesResponse (Maybe Text)
- listArchiveRulesResponse_httpStatus :: Lens' ListArchiveRulesResponse Int
- listArchiveRulesResponse_archiveRules :: Lens' ListArchiveRulesResponse [ArchiveRuleSummary]
- listFindings_filter :: Lens' ListFindings (Maybe (HashMap Text Criterion))
- listFindings_maxResults :: Lens' ListFindings (Maybe Int)
- listFindings_nextToken :: Lens' ListFindings (Maybe Text)
- listFindings_sort :: Lens' ListFindings (Maybe SortCriteria)
- listFindings_analyzerArn :: Lens' ListFindings Text
- listFindingsResponse_nextToken :: Lens' ListFindingsResponse (Maybe Text)
- listFindingsResponse_httpStatus :: Lens' ListFindingsResponse Int
- listFindingsResponse_findings :: Lens' ListFindingsResponse [FindingSummary]
- listPolicyGenerations_maxResults :: Lens' ListPolicyGenerations (Maybe Natural)
- listPolicyGenerations_nextToken :: Lens' ListPolicyGenerations (Maybe Text)
- listPolicyGenerations_principalArn :: Lens' ListPolicyGenerations (Maybe Text)
- listPolicyGenerationsResponse_nextToken :: Lens' ListPolicyGenerationsResponse (Maybe Text)
- listPolicyGenerationsResponse_httpStatus :: Lens' ListPolicyGenerationsResponse Int
- listPolicyGenerationsResponse_policyGenerations :: Lens' ListPolicyGenerationsResponse [PolicyGeneration]
- listTagsForResource_resourceArn :: Lens' ListTagsForResource Text
- listTagsForResourceResponse_tags :: Lens' ListTagsForResourceResponse (Maybe (HashMap Text Text))
- listTagsForResourceResponse_httpStatus :: Lens' ListTagsForResourceResponse Int
- startPolicyGeneration_clientToken :: Lens' StartPolicyGeneration (Maybe Text)
- startPolicyGeneration_cloudTrailDetails :: Lens' StartPolicyGeneration (Maybe CloudTrailDetails)
- startPolicyGeneration_policyGenerationDetails :: Lens' StartPolicyGeneration PolicyGenerationDetails
- startPolicyGenerationResponse_httpStatus :: Lens' StartPolicyGenerationResponse Int
- startPolicyGenerationResponse_jobId :: Lens' StartPolicyGenerationResponse Text
- startResourceScan_resourceOwnerAccount :: Lens' StartResourceScan (Maybe Text)
- startResourceScan_analyzerArn :: Lens' StartResourceScan Text
- startResourceScan_resourceArn :: Lens' StartResourceScan Text
- tagResource_resourceArn :: Lens' TagResource Text
- tagResource_tags :: Lens' TagResource (HashMap Text Text)
- tagResourceResponse_httpStatus :: Lens' TagResourceResponse Int
- untagResource_resourceArn :: Lens' UntagResource Text
- untagResource_tagKeys :: Lens' UntagResource [Text]
- untagResourceResponse_httpStatus :: Lens' UntagResourceResponse Int
- updateArchiveRule_clientToken :: Lens' UpdateArchiveRule (Maybe Text)
- updateArchiveRule_analyzerName :: Lens' UpdateArchiveRule Text
- updateArchiveRule_ruleName :: Lens' UpdateArchiveRule Text
- updateArchiveRule_filter :: Lens' UpdateArchiveRule (HashMap Text Criterion)
- updateFindings_clientToken :: Lens' UpdateFindings (Maybe Text)
- updateFindings_ids :: Lens' UpdateFindings (Maybe [Text])
- updateFindings_resourceArn :: Lens' UpdateFindings (Maybe Text)
- updateFindings_analyzerArn :: Lens' UpdateFindings Text
- updateFindings_status :: Lens' UpdateFindings FindingStatusUpdate
- validatePolicy_locale :: Lens' ValidatePolicy (Maybe Locale)
- validatePolicy_maxResults :: Lens' ValidatePolicy (Maybe Int)
- validatePolicy_nextToken :: Lens' ValidatePolicy (Maybe Text)
- validatePolicy_validatePolicyResourceType :: Lens' ValidatePolicy (Maybe ValidatePolicyResourceType)
- validatePolicy_policyDocument :: Lens' ValidatePolicy Text
- validatePolicy_policyType :: Lens' ValidatePolicy PolicyType
- validatePolicyResponse_nextToken :: Lens' ValidatePolicyResponse (Maybe Text)
- validatePolicyResponse_httpStatus :: Lens' ValidatePolicyResponse Int
- validatePolicyResponse_findings :: Lens' ValidatePolicyResponse [ValidatePolicyFinding]
- accessPreview_statusReason :: Lens' AccessPreview (Maybe AccessPreviewStatusReason)
- accessPreview_id :: Lens' AccessPreview Text
- accessPreview_analyzerArn :: Lens' AccessPreview Text
- accessPreview_configurations :: Lens' AccessPreview (HashMap Text Configuration)
- accessPreview_createdAt :: Lens' AccessPreview UTCTime
- accessPreview_status :: Lens' AccessPreview AccessPreviewStatus
- accessPreviewFinding_action :: Lens' AccessPreviewFinding (Maybe [Text])
- accessPreviewFinding_condition :: Lens' AccessPreviewFinding (Maybe (HashMap Text Text))
- accessPreviewFinding_error :: Lens' AccessPreviewFinding (Maybe Text)
- accessPreviewFinding_existingFindingId :: Lens' AccessPreviewFinding (Maybe Text)
- accessPreviewFinding_existingFindingStatus :: Lens' AccessPreviewFinding (Maybe FindingStatus)
- accessPreviewFinding_isPublic :: Lens' AccessPreviewFinding (Maybe Bool)
- accessPreviewFinding_principal :: Lens' AccessPreviewFinding (Maybe (HashMap Text Text))
- accessPreviewFinding_resource :: Lens' AccessPreviewFinding (Maybe Text)
- accessPreviewFinding_sources :: Lens' AccessPreviewFinding (Maybe [FindingSource])
- accessPreviewFinding_id :: Lens' AccessPreviewFinding Text
- accessPreviewFinding_resourceType :: Lens' AccessPreviewFinding ResourceType
- accessPreviewFinding_createdAt :: Lens' AccessPreviewFinding UTCTime
- accessPreviewFinding_changeType :: Lens' AccessPreviewFinding FindingChangeType
- accessPreviewFinding_status :: Lens' AccessPreviewFinding FindingStatus
- accessPreviewFinding_resourceOwnerAccount :: Lens' AccessPreviewFinding Text
- accessPreviewStatusReason_code :: Lens' AccessPreviewStatusReason AccessPreviewStatusReasonCode
- accessPreviewSummary_statusReason :: Lens' AccessPreviewSummary (Maybe AccessPreviewStatusReason)
- accessPreviewSummary_id :: Lens' AccessPreviewSummary Text
- accessPreviewSummary_analyzerArn :: Lens' AccessPreviewSummary Text
- accessPreviewSummary_createdAt :: Lens' AccessPreviewSummary UTCTime
- accessPreviewSummary_status :: Lens' AccessPreviewSummary AccessPreviewStatus
- aclGrantee_id :: Lens' AclGrantee (Maybe Text)
- aclGrantee_uri :: Lens' AclGrantee (Maybe Text)
- analyzedResource_actions :: Lens' AnalyzedResource (Maybe [Text])
- analyzedResource_error :: Lens' AnalyzedResource (Maybe Text)
- analyzedResource_sharedVia :: Lens' AnalyzedResource (Maybe [Text])
- analyzedResource_status :: Lens' AnalyzedResource (Maybe FindingStatus)
- analyzedResource_resourceArn :: Lens' AnalyzedResource Text
- analyzedResource_resourceType :: Lens' AnalyzedResource ResourceType
- analyzedResource_createdAt :: Lens' AnalyzedResource UTCTime
- analyzedResource_analyzedAt :: Lens' AnalyzedResource UTCTime
- analyzedResource_updatedAt :: Lens' AnalyzedResource UTCTime
- analyzedResource_isPublic :: Lens' AnalyzedResource Bool
- analyzedResource_resourceOwnerAccount :: Lens' AnalyzedResource Text
- analyzedResourceSummary_resourceArn :: Lens' AnalyzedResourceSummary Text
- analyzedResourceSummary_resourceOwnerAccount :: Lens' AnalyzedResourceSummary Text
- analyzedResourceSummary_resourceType :: Lens' AnalyzedResourceSummary ResourceType
- analyzerSummary_lastResourceAnalyzed :: Lens' AnalyzerSummary (Maybe Text)
- analyzerSummary_lastResourceAnalyzedAt :: Lens' AnalyzerSummary (Maybe UTCTime)
- analyzerSummary_statusReason :: Lens' AnalyzerSummary (Maybe StatusReason)
- analyzerSummary_tags :: Lens' AnalyzerSummary (Maybe (HashMap Text Text))
- analyzerSummary_arn :: Lens' AnalyzerSummary Text
- analyzerSummary_name :: Lens' AnalyzerSummary Text
- analyzerSummary_type :: Lens' AnalyzerSummary Type
- analyzerSummary_createdAt :: Lens' AnalyzerSummary UTCTime
- analyzerSummary_status :: Lens' AnalyzerSummary AnalyzerStatus
- archiveRuleSummary_ruleName :: Lens' ArchiveRuleSummary Text
- archiveRuleSummary_filter :: Lens' ArchiveRuleSummary (HashMap Text Criterion)
- archiveRuleSummary_createdAt :: Lens' ArchiveRuleSummary UTCTime
- archiveRuleSummary_updatedAt :: Lens' ArchiveRuleSummary UTCTime
- cloudTrailDetails_endTime :: Lens' CloudTrailDetails (Maybe UTCTime)
- cloudTrailDetails_trails :: Lens' CloudTrailDetails [Trail]
- cloudTrailDetails_accessRole :: Lens' CloudTrailDetails Text
- cloudTrailDetails_startTime :: Lens' CloudTrailDetails UTCTime
- cloudTrailProperties_trailProperties :: Lens' CloudTrailProperties [TrailProperties]
- cloudTrailProperties_startTime :: Lens' CloudTrailProperties UTCTime
- cloudTrailProperties_endTime :: Lens' CloudTrailProperties UTCTime
- configuration_ebsSnapshot :: Lens' Configuration (Maybe EbsSnapshotConfiguration)
- configuration_ecrRepository :: Lens' Configuration (Maybe EcrRepositoryConfiguration)
- configuration_efsFileSystem :: Lens' Configuration (Maybe EfsFileSystemConfiguration)
- configuration_iamRole :: Lens' Configuration (Maybe IamRoleConfiguration)
- configuration_kmsKey :: Lens' Configuration (Maybe KmsKeyConfiguration)
- configuration_rdsDbClusterSnapshot :: Lens' Configuration (Maybe RdsDbClusterSnapshotConfiguration)
- configuration_rdsDbSnapshot :: Lens' Configuration (Maybe RdsDbSnapshotConfiguration)
- configuration_s3Bucket :: Lens' Configuration (Maybe S3BucketConfiguration)
- configuration_secretsManagerSecret :: Lens' Configuration (Maybe SecretsManagerSecretConfiguration)
- configuration_snsTopic :: Lens' Configuration (Maybe SnsTopicConfiguration)
- configuration_sqsQueue :: Lens' Configuration (Maybe SqsQueueConfiguration)
- criterion_contains :: Lens' Criterion (Maybe (NonEmpty Text))
- criterion_eq :: Lens' Criterion (Maybe (NonEmpty Text))
- criterion_exists :: Lens' Criterion (Maybe Bool)
- criterion_neq :: Lens' Criterion (Maybe (NonEmpty Text))
- ebsSnapshotConfiguration_groups :: Lens' EbsSnapshotConfiguration (Maybe [Text])
- ebsSnapshotConfiguration_kmsKeyId :: Lens' EbsSnapshotConfiguration (Maybe Text)
- ebsSnapshotConfiguration_userIds :: Lens' EbsSnapshotConfiguration (Maybe [Text])
- ecrRepositoryConfiguration_repositoryPolicy :: Lens' EcrRepositoryConfiguration (Maybe Text)
- efsFileSystemConfiguration_fileSystemPolicy :: Lens' EfsFileSystemConfiguration (Maybe Text)
- finding_action :: Lens' Finding (Maybe [Text])
- finding_error :: Lens' Finding (Maybe Text)
- finding_isPublic :: Lens' Finding (Maybe Bool)
- finding_principal :: Lens' Finding (Maybe (HashMap Text Text))
- finding_resource :: Lens' Finding (Maybe Text)
- finding_sources :: Lens' Finding (Maybe [FindingSource])
- finding_id :: Lens' Finding Text
- finding_resourceType :: Lens' Finding ResourceType
- finding_condition :: Lens' Finding (HashMap Text Text)
- finding_createdAt :: Lens' Finding UTCTime
- finding_analyzedAt :: Lens' Finding UTCTime
- finding_updatedAt :: Lens' Finding UTCTime
- finding_status :: Lens' Finding FindingStatus
- finding_resourceOwnerAccount :: Lens' Finding Text
- findingSource_detail :: Lens' FindingSource (Maybe FindingSourceDetail)
- findingSource_type :: Lens' FindingSource FindingSourceType
- findingSourceDetail_accessPointAccount :: Lens' FindingSourceDetail (Maybe Text)
- findingSourceDetail_accessPointArn :: Lens' FindingSourceDetail (Maybe Text)
- findingSummary_action :: Lens' FindingSummary (Maybe [Text])
- findingSummary_error :: Lens' FindingSummary (Maybe Text)
- findingSummary_isPublic :: Lens' FindingSummary (Maybe Bool)
- findingSummary_principal :: Lens' FindingSummary (Maybe (HashMap Text Text))
- findingSummary_resource :: Lens' FindingSummary (Maybe Text)
- findingSummary_sources :: Lens' FindingSummary (Maybe [FindingSource])
- findingSummary_id :: Lens' FindingSummary Text
- findingSummary_resourceType :: Lens' FindingSummary ResourceType
- findingSummary_condition :: Lens' FindingSummary (HashMap Text Text)
- findingSummary_createdAt :: Lens' FindingSummary UTCTime
- findingSummary_analyzedAt :: Lens' FindingSummary UTCTime
- findingSummary_updatedAt :: Lens' FindingSummary UTCTime
- findingSummary_status :: Lens' FindingSummary FindingStatus
- findingSummary_resourceOwnerAccount :: Lens' FindingSummary Text
- generatedPolicy_policy :: Lens' GeneratedPolicy Text
- generatedPolicyProperties_cloudTrailProperties :: Lens' GeneratedPolicyProperties (Maybe CloudTrailProperties)
- generatedPolicyProperties_isComplete :: Lens' GeneratedPolicyProperties (Maybe Bool)
- generatedPolicyProperties_principalArn :: Lens' GeneratedPolicyProperties Text
- generatedPolicyResult_generatedPolicies :: Lens' GeneratedPolicyResult (Maybe [GeneratedPolicy])
- generatedPolicyResult_properties :: Lens' GeneratedPolicyResult GeneratedPolicyProperties
- iamRoleConfiguration_trustPolicy :: Lens' IamRoleConfiguration (Maybe Text)
- inlineArchiveRule_ruleName :: Lens' InlineArchiveRule Text
- inlineArchiveRule_filter :: Lens' InlineArchiveRule (HashMap Text Criterion)
- jobDetails_completedOn :: Lens' JobDetails (Maybe UTCTime)
- jobDetails_jobError :: Lens' JobDetails (Maybe JobError)
- jobDetails_jobId :: Lens' JobDetails Text
- jobDetails_status :: Lens' JobDetails JobStatus
- jobDetails_startedOn :: Lens' JobDetails UTCTime
- jobError_code :: Lens' JobError JobErrorCode
- jobError_message :: Lens' JobError Text
- kmsGrantConfiguration_constraints :: Lens' KmsGrantConfiguration (Maybe KmsGrantConstraints)
- kmsGrantConfiguration_retiringPrincipal :: Lens' KmsGrantConfiguration (Maybe Text)
- kmsGrantConfiguration_operations :: Lens' KmsGrantConfiguration [KmsGrantOperation]
- kmsGrantConfiguration_granteePrincipal :: Lens' KmsGrantConfiguration Text
- kmsGrantConfiguration_issuingAccount :: Lens' KmsGrantConfiguration Text
- kmsGrantConstraints_encryptionContextEquals :: Lens' KmsGrantConstraints (Maybe (HashMap Text Text))
- kmsGrantConstraints_encryptionContextSubset :: Lens' KmsGrantConstraints (Maybe (HashMap Text Text))
- kmsKeyConfiguration_grants :: Lens' KmsKeyConfiguration (Maybe [KmsGrantConfiguration])
- kmsKeyConfiguration_keyPolicies :: Lens' KmsKeyConfiguration (Maybe (HashMap Text Text))
- location_path :: Lens' Location [PathElement]
- location_span :: Lens' Location Span
- networkOriginConfiguration_internetConfiguration :: Lens' NetworkOriginConfiguration (Maybe InternetConfiguration)
- networkOriginConfiguration_vpcConfiguration :: Lens' NetworkOriginConfiguration (Maybe VpcConfiguration)
- pathElement_index :: Lens' PathElement (Maybe Int)
- pathElement_key :: Lens' PathElement (Maybe Text)
- pathElement_substring :: Lens' PathElement (Maybe Substring)
- pathElement_value :: Lens' PathElement (Maybe Text)
- policyGeneration_completedOn :: Lens' PolicyGeneration (Maybe UTCTime)
- policyGeneration_jobId :: Lens' PolicyGeneration Text
- policyGeneration_principalArn :: Lens' PolicyGeneration Text
- policyGeneration_status :: Lens' PolicyGeneration JobStatus
- policyGeneration_startedOn :: Lens' PolicyGeneration UTCTime
- policyGenerationDetails_principalArn :: Lens' PolicyGenerationDetails Text
- position_line :: Lens' Position Int
- position_column :: Lens' Position Int
- position_offset :: Lens' Position Int
- rdsDbClusterSnapshotAttributeValue_accountIds :: Lens' RdsDbClusterSnapshotAttributeValue (Maybe [Text])
- rdsDbClusterSnapshotConfiguration_attributes :: Lens' RdsDbClusterSnapshotConfiguration (Maybe (HashMap Text RdsDbClusterSnapshotAttributeValue))
- rdsDbClusterSnapshotConfiguration_kmsKeyId :: Lens' RdsDbClusterSnapshotConfiguration (Maybe Text)
- rdsDbSnapshotAttributeValue_accountIds :: Lens' RdsDbSnapshotAttributeValue (Maybe [Text])
- rdsDbSnapshotConfiguration_attributes :: Lens' RdsDbSnapshotConfiguration (Maybe (HashMap Text RdsDbSnapshotAttributeValue))
- rdsDbSnapshotConfiguration_kmsKeyId :: Lens' RdsDbSnapshotConfiguration (Maybe Text)
- s3AccessPointConfiguration_accessPointPolicy :: Lens' S3AccessPointConfiguration (Maybe Text)
- s3AccessPointConfiguration_networkOrigin :: Lens' S3AccessPointConfiguration (Maybe NetworkOriginConfiguration)
- s3AccessPointConfiguration_publicAccessBlock :: Lens' S3AccessPointConfiguration (Maybe S3PublicAccessBlockConfiguration)
- s3BucketAclGrantConfiguration_permission :: Lens' S3BucketAclGrantConfiguration AclPermission
- s3BucketAclGrantConfiguration_grantee :: Lens' S3BucketAclGrantConfiguration AclGrantee
- s3BucketConfiguration_accessPoints :: Lens' S3BucketConfiguration (Maybe (HashMap Text S3AccessPointConfiguration))
- s3BucketConfiguration_bucketAclGrants :: Lens' S3BucketConfiguration (Maybe [S3BucketAclGrantConfiguration])
- s3BucketConfiguration_bucketPolicy :: Lens' S3BucketConfiguration (Maybe Text)
- s3BucketConfiguration_bucketPublicAccessBlock :: Lens' S3BucketConfiguration (Maybe S3PublicAccessBlockConfiguration)
- s3PublicAccessBlockConfiguration_ignorePublicAcls :: Lens' S3PublicAccessBlockConfiguration Bool
- s3PublicAccessBlockConfiguration_restrictPublicBuckets :: Lens' S3PublicAccessBlockConfiguration Bool
- secretsManagerSecretConfiguration_kmsKeyId :: Lens' SecretsManagerSecretConfiguration (Maybe Text)
- secretsManagerSecretConfiguration_secretPolicy :: Lens' SecretsManagerSecretConfiguration (Maybe Text)
- snsTopicConfiguration_topicPolicy :: Lens' SnsTopicConfiguration (Maybe Text)
- sortCriteria_attributeName :: Lens' SortCriteria (Maybe Text)
- sortCriteria_orderBy :: Lens' SortCriteria (Maybe OrderBy)
- span_start :: Lens' Span Position
- span_end :: Lens' Span Position
- sqsQueueConfiguration_queuePolicy :: Lens' SqsQueueConfiguration (Maybe Text)
- statusReason_code :: Lens' StatusReason ReasonCode
- substring_start :: Lens' Substring Int
- substring_length :: Lens' Substring Int
- trail_allRegions :: Lens' Trail (Maybe Bool)
- trail_regions :: Lens' Trail (Maybe [Text])
- trail_cloudTrailArn :: Lens' Trail Text
- trailProperties_allRegions :: Lens' TrailProperties (Maybe Bool)
- trailProperties_regions :: Lens' TrailProperties (Maybe [Text])
- trailProperties_cloudTrailArn :: Lens' TrailProperties Text
- validatePolicyFinding_findingDetails :: Lens' ValidatePolicyFinding Text
- validatePolicyFinding_findingType :: Lens' ValidatePolicyFinding ValidatePolicyFindingType
- validatePolicyFinding_issueCode :: Lens' ValidatePolicyFinding Text
- validatePolicyFinding_learnMoreLink :: Lens' ValidatePolicyFinding Text
- validatePolicyFinding_locations :: Lens' ValidatePolicyFinding [Location]
- vpcConfiguration_vpcId :: Lens' VpcConfiguration Text
Operations
ApplyArchiveRule
applyArchiveRule_clientToken :: Lens' ApplyArchiveRule (Maybe Text) Source #
A client token.
applyArchiveRule_analyzerArn :: Lens' ApplyArchiveRule Text Source #
The Amazon resource name (ARN) of the analyzer.
applyArchiveRule_ruleName :: Lens' ApplyArchiveRule Text Source #
The name of the rule to apply.
CancelPolicyGeneration
cancelPolicyGeneration_jobId :: Lens' CancelPolicyGeneration Text Source #
The JobId
that is returned by the StartPolicyGeneration
operation.
The JobId
can be used with GetGeneratedPolicy
to retrieve the
generated policies or used with CancelPolicyGeneration
to cancel the
policy generation request.
cancelPolicyGenerationResponse_httpStatus :: Lens' CancelPolicyGenerationResponse Int Source #
The response's http status code.
CreateAccessPreview
createAccessPreview_clientToken :: Lens' CreateAccessPreview (Maybe Text) Source #
A client token.
createAccessPreview_analyzerArn :: Lens' CreateAccessPreview Text Source #
The
ARN of the account analyzer
used to generate the access preview. You can only create an access
preview for analyzers with an Account
type and Active
status.
createAccessPreview_configurations :: Lens' CreateAccessPreview (HashMap Text Configuration) Source #
Access control configuration for your resource that is used to generate the access preview. The access preview includes findings for external access allowed to the resource with the proposed access control configuration. The configuration must contain exactly one element.
createAccessPreviewResponse_httpStatus :: Lens' CreateAccessPreviewResponse Int Source #
The response's http status code.
createAccessPreviewResponse_id :: Lens' CreateAccessPreviewResponse Text Source #
The unique ID for the access preview.
CreateAnalyzer
createAnalyzer_archiveRules :: Lens' CreateAnalyzer (Maybe [InlineArchiveRule]) Source #
Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
createAnalyzer_clientToken :: Lens' CreateAnalyzer (Maybe Text) Source #
A client token.
createAnalyzer_tags :: Lens' CreateAnalyzer (Maybe (HashMap Text Text)) Source #
The tags to apply to the analyzer.
createAnalyzer_analyzerName :: Lens' CreateAnalyzer Text Source #
The name of the analyzer to create.
createAnalyzer_type :: Lens' CreateAnalyzer Type Source #
The type of analyzer to create. Only ACCOUNT and ORGANIZATION analyzers are supported. You can create only one analyzer per account per Region. You can create up to 5 analyzers per organization per Region.
createAnalyzerResponse_arn :: Lens' CreateAnalyzerResponse (Maybe Text) Source #
The ARN of the analyzer that was created by the request.
createAnalyzerResponse_httpStatus :: Lens' CreateAnalyzerResponse Int Source #
The response's http status code.
CreateArchiveRule
createArchiveRule_clientToken :: Lens' CreateArchiveRule (Maybe Text) Source #
A client token.
createArchiveRule_analyzerName :: Lens' CreateArchiveRule Text Source #
The name of the created analyzer.
createArchiveRule_ruleName :: Lens' CreateArchiveRule Text Source #
The name of the rule to create.
createArchiveRule_filter :: Lens' CreateArchiveRule (HashMap Text Criterion) Source #
The criteria for the rule.
DeleteAnalyzer
deleteAnalyzer_clientToken :: Lens' DeleteAnalyzer (Maybe Text) Source #
A client token.
deleteAnalyzer_analyzerName :: Lens' DeleteAnalyzer Text Source #
The name of the analyzer to delete.
DeleteArchiveRule
deleteArchiveRule_clientToken :: Lens' DeleteArchiveRule (Maybe Text) Source #
A client token.
deleteArchiveRule_analyzerName :: Lens' DeleteArchiveRule Text Source #
The name of the analyzer that associated with the archive rule to delete.
deleteArchiveRule_ruleName :: Lens' DeleteArchiveRule Text Source #
The name of the rule to delete.
GetAccessPreview
getAccessPreview_accessPreviewId :: Lens' GetAccessPreview Text Source #
The unique ID for the access preview.
getAccessPreview_analyzerArn :: Lens' GetAccessPreview Text Source #
The ARN of the analyzer used to generate the access preview.
getAccessPreviewResponse_httpStatus :: Lens' GetAccessPreviewResponse Int Source #
The response's http status code.
getAccessPreviewResponse_accessPreview :: Lens' GetAccessPreviewResponse AccessPreview Source #
An object that contains information about the access preview.
GetAnalyzedResource
getAnalyzedResource_analyzerArn :: Lens' GetAnalyzedResource Text Source #
The ARN of the analyzer to retrieve information from.
getAnalyzedResource_resourceArn :: Lens' GetAnalyzedResource Text Source #
The ARN of the resource to retrieve information about.
getAnalyzedResourceResponse_resource :: Lens' GetAnalyzedResourceResponse (Maybe AnalyzedResource) Source #
An AnalyzedResource
object that contains information that IAM Access
Analyzer found when it analyzed the resource.
getAnalyzedResourceResponse_httpStatus :: Lens' GetAnalyzedResourceResponse Int Source #
The response's http status code.
GetAnalyzer
getAnalyzer_analyzerName :: Lens' GetAnalyzer Text Source #
The name of the analyzer retrieved.
getAnalyzerResponse_httpStatus :: Lens' GetAnalyzerResponse Int Source #
The response's http status code.
getAnalyzerResponse_analyzer :: Lens' GetAnalyzerResponse AnalyzerSummary Source #
An AnalyzerSummary
object that contains information about the
analyzer.
GetArchiveRule
getArchiveRule_analyzerName :: Lens' GetArchiveRule Text Source #
The name of the analyzer to retrieve rules from.
getArchiveRule_ruleName :: Lens' GetArchiveRule Text Source #
The name of the rule to retrieve.
getArchiveRuleResponse_httpStatus :: Lens' GetArchiveRuleResponse Int Source #
The response's http status code.
getArchiveRuleResponse_archiveRule :: Lens' GetArchiveRuleResponse ArchiveRuleSummary Source #
Undocumented member.
GetFinding
getFinding_analyzerArn :: Lens' GetFinding Text Source #
The ARN of the analyzer that generated the finding.
getFinding_id :: Lens' GetFinding Text Source #
The ID of the finding to retrieve.
getFindingResponse_finding :: Lens' GetFindingResponse (Maybe Finding) Source #
A finding
object that contains finding details.
getFindingResponse_httpStatus :: Lens' GetFindingResponse Int Source #
The response's http status code.
GetGeneratedPolicy
getGeneratedPolicy_includeResourcePlaceholders :: Lens' GetGeneratedPolicy (Maybe Bool) Source #
The level of detail that you want to generate. You can specify whether to generate policies with placeholders for resource ARNs for actions that support resource level granularity in policies.
For example, in the resource section of a policy, you can receive a
placeholder such as "Resource":"arn:aws:s3:::${BucketName}"
instead of "*"
.
getGeneratedPolicy_includeServiceLevelTemplate :: Lens' GetGeneratedPolicy (Maybe Bool) Source #
The level of detail that you want to generate. You can specify whether to generate service-level policies.
IAM Access Analyzer uses iam:servicelastaccessed
to identify services
that have been used recently to create this service-level template.
getGeneratedPolicy_jobId :: Lens' GetGeneratedPolicy Text Source #
The JobId
that is returned by the StartPolicyGeneration
operation.
The JobId
can be used with GetGeneratedPolicy
to retrieve the
generated policies or used with CancelPolicyGeneration
to cancel the
policy generation request.
getGeneratedPolicyResponse_httpStatus :: Lens' GetGeneratedPolicyResponse Int Source #
The response's http status code.
getGeneratedPolicyResponse_jobDetails :: Lens' GetGeneratedPolicyResponse JobDetails Source #
A GeneratedPolicyDetails
object that contains details about the
generated policy.
getGeneratedPolicyResponse_generatedPolicyResult :: Lens' GetGeneratedPolicyResponse GeneratedPolicyResult Source #
A GeneratedPolicyResult
object that contains the generated policies
and associated details.
ListAccessPreviewFindings
listAccessPreviewFindings_filter :: Lens' ListAccessPreviewFindings (Maybe (HashMap Text Criterion)) Source #
Criteria to filter the returned findings.
listAccessPreviewFindings_maxResults :: Lens' ListAccessPreviewFindings (Maybe Int) Source #
The maximum number of results to return in the response.
listAccessPreviewFindings_nextToken :: Lens' ListAccessPreviewFindings (Maybe Text) Source #
A token used for pagination of results returned.
listAccessPreviewFindings_accessPreviewId :: Lens' ListAccessPreviewFindings Text Source #
The unique ID for the access preview.
listAccessPreviewFindings_analyzerArn :: Lens' ListAccessPreviewFindings Text Source #
The ARN of the analyzer used to generate the access.
listAccessPreviewFindingsResponse_nextToken :: Lens' ListAccessPreviewFindingsResponse (Maybe Text) Source #
A token used for pagination of results returned.
listAccessPreviewFindingsResponse_httpStatus :: Lens' ListAccessPreviewFindingsResponse Int Source #
The response's http status code.
listAccessPreviewFindingsResponse_findings :: Lens' ListAccessPreviewFindingsResponse [AccessPreviewFinding] Source #
A list of access preview findings that match the specified filter criteria.
ListAccessPreviews
listAccessPreviews_maxResults :: Lens' ListAccessPreviews (Maybe Int) Source #
The maximum number of results to return in the response.
listAccessPreviews_nextToken :: Lens' ListAccessPreviews (Maybe Text) Source #
A token used for pagination of results returned.
listAccessPreviews_analyzerArn :: Lens' ListAccessPreviews Text Source #
The ARN of the analyzer used to generate the access preview.
listAccessPreviewsResponse_nextToken :: Lens' ListAccessPreviewsResponse (Maybe Text) Source #
A token used for pagination of results returned.
listAccessPreviewsResponse_httpStatus :: Lens' ListAccessPreviewsResponse Int Source #
The response's http status code.
listAccessPreviewsResponse_accessPreviews :: Lens' ListAccessPreviewsResponse [AccessPreviewSummary] Source #
A list of access previews retrieved for the analyzer.
ListAnalyzedResources
listAnalyzedResources_maxResults :: Lens' ListAnalyzedResources (Maybe Int) Source #
The maximum number of results to return in the response.
listAnalyzedResources_nextToken :: Lens' ListAnalyzedResources (Maybe Text) Source #
A token used for pagination of results returned.
listAnalyzedResources_resourceType :: Lens' ListAnalyzedResources (Maybe ResourceType) Source #
The type of resource.
listAnalyzedResources_analyzerArn :: Lens' ListAnalyzedResources Text Source #
The ARN of the analyzer to retrieve a list of analyzed resources from.
listAnalyzedResourcesResponse_nextToken :: Lens' ListAnalyzedResourcesResponse (Maybe Text) Source #
A token used for pagination of results returned.
listAnalyzedResourcesResponse_httpStatus :: Lens' ListAnalyzedResourcesResponse Int Source #
The response's http status code.
listAnalyzedResourcesResponse_analyzedResources :: Lens' ListAnalyzedResourcesResponse [AnalyzedResourceSummary] Source #
A list of resources that were analyzed.
ListAnalyzers
listAnalyzers_maxResults :: Lens' ListAnalyzers (Maybe Int) Source #
The maximum number of results to return in the response.
listAnalyzers_nextToken :: Lens' ListAnalyzers (Maybe Text) Source #
A token used for pagination of results returned.
listAnalyzers_type :: Lens' ListAnalyzers (Maybe Type) Source #
The type of analyzer.
listAnalyzersResponse_nextToken :: Lens' ListAnalyzersResponse (Maybe Text) Source #
A token used for pagination of results returned.
listAnalyzersResponse_httpStatus :: Lens' ListAnalyzersResponse Int Source #
The response's http status code.
listAnalyzersResponse_analyzers :: Lens' ListAnalyzersResponse [AnalyzerSummary] Source #
The analyzers retrieved.
ListArchiveRules
listArchiveRules_maxResults :: Lens' ListArchiveRules (Maybe Int) Source #
The maximum number of results to return in the request.
listArchiveRules_nextToken :: Lens' ListArchiveRules (Maybe Text) Source #
A token used for pagination of results returned.
listArchiveRules_analyzerName :: Lens' ListArchiveRules Text Source #
The name of the analyzer to retrieve rules from.
listArchiveRulesResponse_nextToken :: Lens' ListArchiveRulesResponse (Maybe Text) Source #
A token used for pagination of results returned.
listArchiveRulesResponse_httpStatus :: Lens' ListArchiveRulesResponse Int Source #
The response's http status code.
listArchiveRulesResponse_archiveRules :: Lens' ListArchiveRulesResponse [ArchiveRuleSummary] Source #
A list of archive rules created for the specified analyzer.
ListFindings
listFindings_filter :: Lens' ListFindings (Maybe (HashMap Text Criterion)) Source #
A filter to match for the findings to return.
listFindings_maxResults :: Lens' ListFindings (Maybe Int) Source #
The maximum number of results to return in the response.
listFindings_nextToken :: Lens' ListFindings (Maybe Text) Source #
A token used for pagination of results returned.
listFindings_sort :: Lens' ListFindings (Maybe SortCriteria) Source #
The sort order for the findings returned.
listFindings_analyzerArn :: Lens' ListFindings Text Source #
The ARN of the analyzer to retrieve findings from.
listFindingsResponse_nextToken :: Lens' ListFindingsResponse (Maybe Text) Source #
A token used for pagination of results returned.
listFindingsResponse_httpStatus :: Lens' ListFindingsResponse Int Source #
The response's http status code.
listFindingsResponse_findings :: Lens' ListFindingsResponse [FindingSummary] Source #
A list of findings retrieved from the analyzer that match the filter criteria specified, if any.
ListPolicyGenerations
listPolicyGenerations_maxResults :: Lens' ListPolicyGenerations (Maybe Natural) Source #
The maximum number of results to return in the response.
listPolicyGenerations_nextToken :: Lens' ListPolicyGenerations (Maybe Text) Source #
A token used for pagination of results returned.
listPolicyGenerations_principalArn :: Lens' ListPolicyGenerations (Maybe Text) Source #
The ARN of the IAM entity (user or role) for which you are generating a
policy. Use this with ListGeneratedPolicies
to filter the results to
only include results for a specific principal.
listPolicyGenerationsResponse_nextToken :: Lens' ListPolicyGenerationsResponse (Maybe Text) Source #
A token used for pagination of results returned.
listPolicyGenerationsResponse_httpStatus :: Lens' ListPolicyGenerationsResponse Int Source #
The response's http status code.
listPolicyGenerationsResponse_policyGenerations :: Lens' ListPolicyGenerationsResponse [PolicyGeneration] Source #
A PolicyGeneration
object that contains details about the generated
policy.
ListTagsForResource
listTagsForResource_resourceArn :: Lens' ListTagsForResource Text Source #
The ARN of the resource to retrieve tags from.
listTagsForResourceResponse_tags :: Lens' ListTagsForResourceResponse (Maybe (HashMap Text Text)) Source #
The tags that are applied to the specified resource.
listTagsForResourceResponse_httpStatus :: Lens' ListTagsForResourceResponse Int Source #
The response's http status code.
StartPolicyGeneration
startPolicyGeneration_clientToken :: Lens' StartPolicyGeneration (Maybe Text) Source #
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, the subsequent retries with the same client token return the result from the original successful request and they have no additional effect.
If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
startPolicyGeneration_cloudTrailDetails :: Lens' StartPolicyGeneration (Maybe CloudTrailDetails) Source #
A CloudTrailDetails
object that contains details about a Trail
that
you want to analyze to generate policies.
startPolicyGeneration_policyGenerationDetails :: Lens' StartPolicyGeneration PolicyGenerationDetails Source #
Contains the ARN of the IAM entity (user or role) for which you are generating a policy.
startPolicyGenerationResponse_httpStatus :: Lens' StartPolicyGenerationResponse Int Source #
The response's http status code.
startPolicyGenerationResponse_jobId :: Lens' StartPolicyGenerationResponse Text Source #
The JobId
that is returned by the StartPolicyGeneration
operation.
The JobId
can be used with GetGeneratedPolicy
to retrieve the
generated policies or used with CancelPolicyGeneration
to cancel the
policy generation request.
StartResourceScan
startResourceScan_resourceOwnerAccount :: Lens' StartResourceScan (Maybe Text) Source #
The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning account is the account in which the resource was created.
startResourceScan_analyzerArn :: Lens' StartResourceScan Text Source #
The ARN of the analyzer to use to scan the policies applied to the specified resource.
startResourceScan_resourceArn :: Lens' StartResourceScan Text Source #
The ARN of the resource to scan.
TagResource
tagResource_resourceArn :: Lens' TagResource Text Source #
The ARN of the resource to add the tag to.
tagResource_tags :: Lens' TagResource (HashMap Text Text) Source #
The tags to add to the resource.
tagResourceResponse_httpStatus :: Lens' TagResourceResponse Int Source #
The response's http status code.
UntagResource
untagResource_resourceArn :: Lens' UntagResource Text Source #
The ARN of the resource to remove the tag from.
untagResource_tagKeys :: Lens' UntagResource [Text] Source #
The key for the tag to add.
untagResourceResponse_httpStatus :: Lens' UntagResourceResponse Int Source #
The response's http status code.
UpdateArchiveRule
updateArchiveRule_clientToken :: Lens' UpdateArchiveRule (Maybe Text) Source #
A client token.
updateArchiveRule_analyzerName :: Lens' UpdateArchiveRule Text Source #
The name of the analyzer to update the archive rules for.
updateArchiveRule_ruleName :: Lens' UpdateArchiveRule Text Source #
The name of the rule to update.
updateArchiveRule_filter :: Lens' UpdateArchiveRule (HashMap Text Criterion) Source #
A filter to match for the rules to update. Only rules that match the filter are updated.
UpdateFindings
updateFindings_clientToken :: Lens' UpdateFindings (Maybe Text) Source #
A client token.
updateFindings_ids :: Lens' UpdateFindings (Maybe [Text]) Source #
The IDs of the findings to update.
updateFindings_resourceArn :: Lens' UpdateFindings (Maybe Text) Source #
The ARN of the resource identified in the finding.
updateFindings_analyzerArn :: Lens' UpdateFindings Text Source #
The ARN of the analyzer that generated the findings to update.
updateFindings_status :: Lens' UpdateFindings FindingStatusUpdate Source #
The state represents the action to take to update the finding Status.
Use ARCHIVE
to change an Active finding to an Archived finding. Use
ACTIVE
to change an Archived finding to an Active finding.
ValidatePolicy
validatePolicy_locale :: Lens' ValidatePolicy (Maybe Locale) Source #
The locale to use for localizing the findings.
validatePolicy_maxResults :: Lens' ValidatePolicy (Maybe Int) Source #
The maximum number of results to return in the response.
validatePolicy_nextToken :: Lens' ValidatePolicy (Maybe Text) Source #
A token used for pagination of results returned.
validatePolicy_validatePolicyResourceType :: Lens' ValidatePolicy (Maybe ValidatePolicyResourceType) Source #
The type of resource to attach to your resource policy. Specify a value
for the policy validation resource type only if the policy type is
RESOURCE_POLICY
. For example, to validate a resource policy to attach
to an Amazon S3 bucket, you can choose AWS::S3::Bucket
for the policy
validation resource type.
For resource types not supported as valid values, IAM Access Analyzer runs policy checks that apply to all resource policies. For example, to validate a resource policy to attach to a KMS key, do not specify a value for the policy validation resource type and IAM Access Analyzer will run policy checks that apply to all resource policies.
validatePolicy_policyDocument :: Lens' ValidatePolicy Text Source #
The JSON policy document to use as the content for the policy.
validatePolicy_policyType :: Lens' ValidatePolicy PolicyType Source #
The type of policy to validate. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups. They also include service-control policies (SCPs) that are attached to an Amazon Web Services organization, organizational unit (OU), or an account.
Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy.
validatePolicyResponse_nextToken :: Lens' ValidatePolicyResponse (Maybe Text) Source #
A token used for pagination of results returned.
validatePolicyResponse_httpStatus :: Lens' ValidatePolicyResponse Int Source #
The response's http status code.
validatePolicyResponse_findings :: Lens' ValidatePolicyResponse [ValidatePolicyFinding] Source #
The list of findings in a policy returned by IAM Access Analyzer based on its suite of policy checks.
Types
AccessPreview
accessPreview_statusReason :: Lens' AccessPreview (Maybe AccessPreviewStatusReason) Source #
Provides more details about the current status of the access preview.
For example, if the creation of the access preview fails, a Failed
status is returned. This failure can be due to an internal issue with
the analysis or due to an invalid resource configuration.
accessPreview_id :: Lens' AccessPreview Text Source #
The unique ID for the access preview.
accessPreview_analyzerArn :: Lens' AccessPreview Text Source #
The ARN of the analyzer used to generate the access preview.
accessPreview_configurations :: Lens' AccessPreview (HashMap Text Configuration) Source #
A map of resource ARNs for the proposed resource configuration.
accessPreview_createdAt :: Lens' AccessPreview UTCTime Source #
The time at which the access preview was created.
accessPreview_status :: Lens' AccessPreview AccessPreviewStatus Source #
The status of the access preview.
Creating
- The access preview creation is in progress.Completed
- The access preview is complete. You can preview findings for external access to the resource.Failed
- The access preview creation has failed.
AccessPreviewFinding
accessPreviewFinding_action :: Lens' AccessPreviewFinding (Maybe [Text]) Source #
The action in the analyzed policy statement that an external principal has permission to perform.
accessPreviewFinding_condition :: Lens' AccessPreviewFinding (Maybe (HashMap Text Text)) Source #
The condition in the analyzed policy statement that resulted in a finding.
accessPreviewFinding_error :: Lens' AccessPreviewFinding (Maybe Text) Source #
An error.
accessPreviewFinding_existingFindingId :: Lens' AccessPreviewFinding (Maybe Text) Source #
The existing ID of the finding in IAM Access Analyzer, provided only for existing findings.
accessPreviewFinding_existingFindingStatus :: Lens' AccessPreviewFinding (Maybe FindingStatus) Source #
The existing status of the finding, provided only for existing findings.
accessPreviewFinding_isPublic :: Lens' AccessPreviewFinding (Maybe Bool) Source #
Indicates whether the policy that generated the finding allows public access to the resource.
accessPreviewFinding_principal :: Lens' AccessPreviewFinding (Maybe (HashMap Text Text)) Source #
The external principal that has access to a resource within the zone of trust.
accessPreviewFinding_resource :: Lens' AccessPreviewFinding (Maybe Text) Source #
The resource that an external principal has access to. This is the resource associated with the access preview.
accessPreviewFinding_sources :: Lens' AccessPreviewFinding (Maybe [FindingSource]) Source #
The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
accessPreviewFinding_id :: Lens' AccessPreviewFinding Text Source #
The ID of the access preview finding. This ID uniquely identifies the element in the list of access preview findings and is not related to the finding ID in Access Analyzer.
accessPreviewFinding_resourceType :: Lens' AccessPreviewFinding ResourceType Source #
The type of the resource that can be accessed in the finding.
accessPreviewFinding_createdAt :: Lens' AccessPreviewFinding UTCTime Source #
The time at which the access preview finding was created.
accessPreviewFinding_changeType :: Lens' AccessPreviewFinding FindingChangeType Source #
Provides context on how the access preview finding compares to existing access identified in IAM Access Analyzer.
New
- The finding is for newly-introduced access.Unchanged
- The preview finding is an existing finding that would remain unchanged.Changed
- The preview finding is an existing finding with a change in status.
For example, a Changed
finding with preview status Resolved
and
existing status Active
indicates the existing Active
finding would
become Resolved
as a result of the proposed permissions change.
accessPreviewFinding_status :: Lens' AccessPreviewFinding FindingStatus Source #
The preview status of the finding. This is what the status of the
finding would be after permissions deployment. For example, a Changed
finding with preview status Resolved
and existing status Active
indicates the existing Active
finding would become Resolved
as a
result of the proposed permissions change.
accessPreviewFinding_resourceOwnerAccount :: Lens' AccessPreviewFinding Text Source #
The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning account is the account in which the resource was created.
AccessPreviewStatusReason
accessPreviewStatusReason_code :: Lens' AccessPreviewStatusReason AccessPreviewStatusReasonCode Source #
The reason code for the current status of the access preview.
AccessPreviewSummary
accessPreviewSummary_statusReason :: Lens' AccessPreviewSummary (Maybe AccessPreviewStatusReason) Source #
Undocumented member.
accessPreviewSummary_id :: Lens' AccessPreviewSummary Text Source #
The unique ID for the access preview.
accessPreviewSummary_analyzerArn :: Lens' AccessPreviewSummary Text Source #
The ARN of the analyzer used to generate the access preview.
accessPreviewSummary_createdAt :: Lens' AccessPreviewSummary UTCTime Source #
The time at which the access preview was created.
accessPreviewSummary_status :: Lens' AccessPreviewSummary AccessPreviewStatus Source #
The status of the access preview.
Creating
- The access preview creation is in progress.Completed
- The access preview is complete and previews the findings for external access to the resource.Failed
- The access preview creation has failed.
AclGrantee
aclGrantee_id :: Lens' AclGrantee (Maybe Text) Source #
The value specified is the canonical user ID of an Amazon Web Services account.
aclGrantee_uri :: Lens' AclGrantee (Maybe Text) Source #
Used for granting permissions to a predefined group.
AnalyzedResource
analyzedResource_actions :: Lens' AnalyzedResource (Maybe [Text]) Source #
The actions that an external principal is granted permission to use by the policy that generated the finding.
analyzedResource_error :: Lens' AnalyzedResource (Maybe Text) Source #
An error message.
analyzedResource_sharedVia :: Lens' AnalyzedResource (Maybe [Text]) Source #
Indicates how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.
analyzedResource_status :: Lens' AnalyzedResource (Maybe FindingStatus) Source #
The current status of the finding generated from the analyzed resource.
analyzedResource_resourceArn :: Lens' AnalyzedResource Text Source #
The ARN of the resource that was analyzed.
analyzedResource_resourceType :: Lens' AnalyzedResource ResourceType Source #
The type of the resource that was analyzed.
analyzedResource_createdAt :: Lens' AnalyzedResource UTCTime Source #
The time at which the finding was created.
analyzedResource_analyzedAt :: Lens' AnalyzedResource UTCTime Source #
The time at which the resource was analyzed.
analyzedResource_updatedAt :: Lens' AnalyzedResource UTCTime Source #
The time at which the finding was updated.
analyzedResource_isPublic :: Lens' AnalyzedResource Bool Source #
Indicates whether the policy that generated the finding grants public access to the resource.
analyzedResource_resourceOwnerAccount :: Lens' AnalyzedResource Text Source #
The Amazon Web Services account ID that owns the resource.
AnalyzedResourceSummary
analyzedResourceSummary_resourceArn :: Lens' AnalyzedResourceSummary Text Source #
The ARN of the analyzed resource.
analyzedResourceSummary_resourceOwnerAccount :: Lens' AnalyzedResourceSummary Text Source #
The Amazon Web Services account ID that owns the resource.
analyzedResourceSummary_resourceType :: Lens' AnalyzedResourceSummary ResourceType Source #
The type of resource that was analyzed.
AnalyzerSummary
analyzerSummary_lastResourceAnalyzed :: Lens' AnalyzerSummary (Maybe Text) Source #
The resource that was most recently analyzed by the analyzer.
analyzerSummary_lastResourceAnalyzedAt :: Lens' AnalyzerSummary (Maybe UTCTime) Source #
The time at which the most recently analyzed resource was analyzed.
analyzerSummary_statusReason :: Lens' AnalyzerSummary (Maybe StatusReason) Source #
The statusReason
provides more details about the current status of the
analyzer. For example, if the creation for the analyzer fails, a
Failed
status is returned. For an analyzer with organization as the
type, this failure can be due to an issue with creating the
service-linked roles required in the member accounts of the Amazon Web
Services organization.
analyzerSummary_tags :: Lens' AnalyzerSummary (Maybe (HashMap Text Text)) Source #
The tags added to the analyzer.
analyzerSummary_arn :: Lens' AnalyzerSummary Text Source #
The ARN of the analyzer.
analyzerSummary_name :: Lens' AnalyzerSummary Text Source #
The name of the analyzer.
analyzerSummary_type :: Lens' AnalyzerSummary Type Source #
The type of analyzer, which corresponds to the zone of trust chosen for the analyzer.
analyzerSummary_createdAt :: Lens' AnalyzerSummary UTCTime Source #
A timestamp for the time at which the analyzer was created.
analyzerSummary_status :: Lens' AnalyzerSummary AnalyzerStatus Source #
The status of the analyzer. An Active
analyzer successfully monitors
supported resources and generates new findings. The analyzer is
Disabled
when a user action, such as removing trusted access for
Identity and Access Management Access Analyzer from Organizations,
causes the analyzer to stop generating new findings. The status is
Creating
when the analyzer creation is in progress and Failed
when
the analyzer creation has failed.
ArchiveRuleSummary
archiveRuleSummary_ruleName :: Lens' ArchiveRuleSummary Text Source #
The name of the archive rule.
archiveRuleSummary_filter :: Lens' ArchiveRuleSummary (HashMap Text Criterion) Source #
A filter used to define the archive rule.
archiveRuleSummary_createdAt :: Lens' ArchiveRuleSummary UTCTime Source #
The time at which the archive rule was created.
archiveRuleSummary_updatedAt :: Lens' ArchiveRuleSummary UTCTime Source #
The time at which the archive rule was last updated.
CloudTrailDetails
cloudTrailDetails_endTime :: Lens' CloudTrailDetails (Maybe UTCTime) Source #
The end of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with a timestamp after this time are not considered to generate a policy. If this is not included in the request, the default value is the current time.
cloudTrailDetails_trails :: Lens' CloudTrailDetails [Trail] Source #
A Trail
object that contains settings for a trail.
cloudTrailDetails_accessRole :: Lens' CloudTrailDetails Text Source #
The ARN of the service role that IAM Access Analyzer uses to access your CloudTrail trail and service last accessed information.
cloudTrailDetails_startTime :: Lens' CloudTrailDetails UTCTime Source #
The start of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with a timestamp before this time are not considered to generate a policy.
CloudTrailProperties
cloudTrailProperties_trailProperties :: Lens' CloudTrailProperties [TrailProperties] Source #
A TrailProperties
object that contains settings for trail properties.
cloudTrailProperties_startTime :: Lens' CloudTrailProperties UTCTime Source #
The start of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with a timestamp before this time are not considered to generate a policy.
cloudTrailProperties_endTime :: Lens' CloudTrailProperties UTCTime Source #
The end of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with a timestamp after this time are not considered to generate a policy. If this is not included in the request, the default value is the current time.
Configuration
configuration_ebsSnapshot :: Lens' Configuration (Maybe EbsSnapshotConfiguration) Source #
The access control configuration is for an Amazon EBS volume snapshot.
configuration_ecrRepository :: Lens' Configuration (Maybe EcrRepositoryConfiguration) Source #
The access control configuration is for an Amazon ECR repository.
configuration_efsFileSystem :: Lens' Configuration (Maybe EfsFileSystemConfiguration) Source #
The access control configuration is for an Amazon EFS file system.
configuration_iamRole :: Lens' Configuration (Maybe IamRoleConfiguration) Source #
The access control configuration is for an IAM role.
configuration_kmsKey :: Lens' Configuration (Maybe KmsKeyConfiguration) Source #
The access control configuration is for a KMS key.
configuration_rdsDbClusterSnapshot :: Lens' Configuration (Maybe RdsDbClusterSnapshotConfiguration) Source #
The access control configuration is for an Amazon RDS DB cluster snapshot.
configuration_rdsDbSnapshot :: Lens' Configuration (Maybe RdsDbSnapshotConfiguration) Source #
The access control configuration is for an Amazon RDS DB snapshot.
configuration_s3Bucket :: Lens' Configuration (Maybe S3BucketConfiguration) Source #
The access control configuration is for an Amazon S3 Bucket.
configuration_secretsManagerSecret :: Lens' Configuration (Maybe SecretsManagerSecretConfiguration) Source #
The access control configuration is for a Secrets Manager secret.
configuration_snsTopic :: Lens' Configuration (Maybe SnsTopicConfiguration) Source #
The access control configuration is for an Amazon SNS topic
configuration_sqsQueue :: Lens' Configuration (Maybe SqsQueueConfiguration) Source #
The access control configuration is for an Amazon SQS queue.
Criterion
criterion_contains :: Lens' Criterion (Maybe (NonEmpty Text)) Source #
A "contains" operator to match for the filter used to create the rule.
criterion_eq :: Lens' Criterion (Maybe (NonEmpty Text)) Source #
An "equals" operator to match for the filter used to create the rule.
criterion_exists :: Lens' Criterion (Maybe Bool) Source #
An "exists" operator to match for the filter used to create the rule.
criterion_neq :: Lens' Criterion (Maybe (NonEmpty Text)) Source #
A "not equals" operator to match for the filter used to create the rule.
EbsSnapshotConfiguration
ebsSnapshotConfiguration_groups :: Lens' EbsSnapshotConfiguration (Maybe [Text]) Source #
The groups that have access to the Amazon EBS volume snapshot. If the
value all
is specified, then the Amazon EBS volume snapshot is public.
- If the configuration is for an existing Amazon EBS volume snapshot
and you do not specify the
groups
, then the access preview uses the existing sharedgroups
for the snapshot. - If the access preview is for a new resource and you do not specify
the
groups
, then the access preview considers the snapshot without anygroups
. - To propose deletion of existing shared
groups
, you can specify an empty list forgroups
.
ebsSnapshotConfiguration_kmsKeyId :: Lens' EbsSnapshotConfiguration (Maybe Text) Source #
The KMS key identifier for an encrypted Amazon EBS volume snapshot. The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
- If the configuration is for an existing Amazon EBS volume snapshot
and you do not specify the
kmsKeyId
, or you specify an empty string, then the access preview uses the existingkmsKeyId
of the snapshot. - If the access preview is for a new resource and you do not specify
the
kmsKeyId
, the access preview considers the snapshot as unencrypted.
ebsSnapshotConfiguration_userIds :: Lens' EbsSnapshotConfiguration (Maybe [Text]) Source #
The IDs of the Amazon Web Services accounts that have access to the Amazon EBS volume snapshot.
- If the configuration is for an existing Amazon EBS volume snapshot
and you do not specify the
userIds
, then the access preview uses the existing shareduserIds
for the snapshot. - If the access preview is for a new resource and you do not specify
the
userIds
, then the access preview considers the snapshot without anyuserIds
. - To propose deletion of existing shared
accountIds
, you can specify an empty list foruserIds
.
EcrRepositoryConfiguration
ecrRepositoryConfiguration_repositoryPolicy :: Lens' EcrRepositoryConfiguration (Maybe Text) Source #
The JSON repository policy text to apply to the Amazon ECR repository. For more information, see Private repository policy examples in the Amazon ECR User Guide.
EfsFileSystemConfiguration
efsFileSystemConfiguration_fileSystemPolicy :: Lens' EfsFileSystemConfiguration (Maybe Text) Source #
The JSON policy definition to apply to the Amazon EFS file system. For more information on the elements that make up a file system policy, see Amazon EFS Resource-based policies.
Finding
finding_action :: Lens' Finding (Maybe [Text]) Source #
The action in the analyzed policy statement that an external principal has permission to use.
finding_isPublic :: Lens' Finding (Maybe Bool) Source #
Indicates whether the policy that generated the finding allows public access to the resource.
finding_principal :: Lens' Finding (Maybe (HashMap Text Text)) Source #
The external principal that access to a resource within the zone of trust.
finding_resource :: Lens' Finding (Maybe Text) Source #
The resource that an external principal has access to.
finding_sources :: Lens' Finding (Maybe [FindingSource]) Source #
The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
finding_resourceType :: Lens' Finding ResourceType Source #
The type of the resource identified in the finding.
finding_condition :: Lens' Finding (HashMap Text Text) Source #
The condition in the analyzed policy statement that resulted in a finding.
finding_status :: Lens' Finding FindingStatus Source #
The current status of the finding.
finding_resourceOwnerAccount :: Lens' Finding Text Source #
The Amazon Web Services account ID that owns the resource.
FindingSource
findingSource_detail :: Lens' FindingSource (Maybe FindingSourceDetail) Source #
Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.
findingSource_type :: Lens' FindingSource FindingSourceType Source #
Indicates the type of access that generated the finding.
FindingSourceDetail
findingSourceDetail_accessPointAccount :: Lens' FindingSourceDetail (Maybe Text) Source #
The account of the cross-account access point that generated the finding.
findingSourceDetail_accessPointArn :: Lens' FindingSourceDetail (Maybe Text) Source #
The ARN of the access point that generated the finding. The ARN format depends on whether the ARN represents an access point or a multi-region access point.
FindingSummary
findingSummary_action :: Lens' FindingSummary (Maybe [Text]) Source #
The action in the analyzed policy statement that an external principal has permission to use.
findingSummary_error :: Lens' FindingSummary (Maybe Text) Source #
The error that resulted in an Error finding.
findingSummary_isPublic :: Lens' FindingSummary (Maybe Bool) Source #
Indicates whether the finding reports a resource that has a policy that allows public access.
findingSummary_principal :: Lens' FindingSummary (Maybe (HashMap Text Text)) Source #
The external principal that has access to a resource within the zone of trust.
findingSummary_resource :: Lens' FindingSummary (Maybe Text) Source #
The resource that the external principal has access to.
findingSummary_sources :: Lens' FindingSummary (Maybe [FindingSource]) Source #
The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
findingSummary_id :: Lens' FindingSummary Text Source #
The ID of the finding.
findingSummary_resourceType :: Lens' FindingSummary ResourceType Source #
The type of the resource that the external principal has access to.
findingSummary_condition :: Lens' FindingSummary (HashMap Text Text) Source #
The condition in the analyzed policy statement that resulted in a finding.
findingSummary_createdAt :: Lens' FindingSummary UTCTime Source #
The time at which the finding was created.
findingSummary_analyzedAt :: Lens' FindingSummary UTCTime Source #
The time at which the resource-based policy that generated the finding was analyzed.
findingSummary_updatedAt :: Lens' FindingSummary UTCTime Source #
The time at which the finding was most recently updated.
findingSummary_status :: Lens' FindingSummary FindingStatus Source #
The status of the finding.
findingSummary_resourceOwnerAccount :: Lens' FindingSummary Text Source #
The Amazon Web Services account ID that owns the resource.
GeneratedPolicy
generatedPolicy_policy :: Lens' GeneratedPolicy Text Source #
The text to use as the content for the new policy. The policy is created using the CreatePolicy action.
GeneratedPolicyProperties
generatedPolicyProperties_cloudTrailProperties :: Lens' GeneratedPolicyProperties (Maybe CloudTrailProperties) Source #
Lists details about the Trail
used to generated policy.
generatedPolicyProperties_isComplete :: Lens' GeneratedPolicyProperties (Maybe Bool) Source #
This value is set to true
if the generated policy contains all
possible actions for a service that IAM Access Analyzer identified from
the CloudTrail trail that you specified, and false
otherwise.
generatedPolicyProperties_principalArn :: Lens' GeneratedPolicyProperties Text Source #
The ARN of the IAM entity (user or role) for which you are generating a policy.
GeneratedPolicyResult
generatedPolicyResult_generatedPolicies :: Lens' GeneratedPolicyResult (Maybe [GeneratedPolicy]) Source #
The text to use as the content for the new policy. The policy is created using the CreatePolicy action.
generatedPolicyResult_properties :: Lens' GeneratedPolicyResult GeneratedPolicyProperties Source #
A GeneratedPolicyProperties
object that contains properties of the
generated policy.
IamRoleConfiguration
iamRoleConfiguration_trustPolicy :: Lens' IamRoleConfiguration (Maybe Text) Source #
The proposed trust policy for the IAM role.
InlineArchiveRule
inlineArchiveRule_ruleName :: Lens' InlineArchiveRule Text Source #
The name of the rule.
inlineArchiveRule_filter :: Lens' InlineArchiveRule (HashMap Text Criterion) Source #
The condition and values for a criterion.
InternetConfiguration
JobDetails
jobDetails_completedOn :: Lens' JobDetails (Maybe UTCTime) Source #
A timestamp of when the job was completed.
jobDetails_jobError :: Lens' JobDetails (Maybe JobError) Source #
The job error for the policy generation request.
jobDetails_jobId :: Lens' JobDetails Text Source #
The JobId
that is returned by the StartPolicyGeneration
operation.
The JobId
can be used with GetGeneratedPolicy
to retrieve the
generated policies or used with CancelPolicyGeneration
to cancel the
policy generation request.
jobDetails_status :: Lens' JobDetails JobStatus Source #
The status of the job request.
jobDetails_startedOn :: Lens' JobDetails UTCTime Source #
A timestamp of when the job was started.
JobError
jobError_code :: Lens' JobError JobErrorCode Source #
The job error code.
jobError_message :: Lens' JobError Text Source #
Specific information about the error. For example, which service quota was exceeded or which resource was not found.
KmsGrantConfiguration
kmsGrantConfiguration_constraints :: Lens' KmsGrantConfiguration (Maybe KmsGrantConstraints) Source #
Use this structure to propose allowing cryptographic operations in the grant only when the operation request includes the specified encryption context.
kmsGrantConfiguration_retiringPrincipal :: Lens' KmsGrantConfiguration (Maybe Text) Source #
The principal that is given permission to retire the grant by using RetireGrant operation.
kmsGrantConfiguration_operations :: Lens' KmsGrantConfiguration [KmsGrantOperation] Source #
A list of operations that the grant permits.
kmsGrantConfiguration_granteePrincipal :: Lens' KmsGrantConfiguration Text Source #
The principal that is given permission to perform the operations that the grant permits.
kmsGrantConfiguration_issuingAccount :: Lens' KmsGrantConfiguration Text Source #
The Amazon Web Services account under which the grant was issued. The account is used to propose KMS grants issued by accounts other than the owner of the key.
KmsGrantConstraints
kmsGrantConstraints_encryptionContextEquals :: Lens' KmsGrantConstraints (Maybe (HashMap Text Text)) Source #
A list of key-value pairs that must match the encryption context in the cryptographic operation request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.
kmsGrantConstraints_encryptionContextSubset :: Lens' KmsGrantConstraints (Maybe (HashMap Text Text)) Source #
A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.
KmsKeyConfiguration
kmsKeyConfiguration_grants :: Lens' KmsKeyConfiguration (Maybe [KmsGrantConfiguration]) Source #
A list of proposed grant configurations for the KMS key. If the proposed grant configuration is for an existing key, the access preview uses the proposed list of grant configurations in place of the existing grants. Otherwise, the access preview uses the existing grants for the key.
kmsKeyConfiguration_keyPolicies :: Lens' KmsKeyConfiguration (Maybe (HashMap Text Text)) Source #
Resource policy configuration for the KMS key. The only valid value for
the name of the key policy is default
. For more information, see
Default key policy.
Location
location_path :: Lens' Location [PathElement] Source #
A path in a policy, represented as a sequence of path elements.
NetworkOriginConfiguration
networkOriginConfiguration_internetConfiguration :: Lens' NetworkOriginConfiguration (Maybe InternetConfiguration) Source #
The configuration for the Amazon S3 access point or multi-region access
point with an Internet
origin.
networkOriginConfiguration_vpcConfiguration :: Lens' NetworkOriginConfiguration (Maybe VpcConfiguration) Source #
Undocumented member.
PathElement
pathElement_index :: Lens' PathElement (Maybe Int) Source #
Refers to an index in a JSON array.
pathElement_key :: Lens' PathElement (Maybe Text) Source #
Refers to a key in a JSON object.
pathElement_substring :: Lens' PathElement (Maybe Substring) Source #
Refers to a substring of a literal string in a JSON object.
pathElement_value :: Lens' PathElement (Maybe Text) Source #
Refers to the value associated with a given key in a JSON object.
PolicyGeneration
policyGeneration_completedOn :: Lens' PolicyGeneration (Maybe UTCTime) Source #
A timestamp of when the policy generation was completed.
policyGeneration_jobId :: Lens' PolicyGeneration Text Source #
The JobId
that is returned by the StartPolicyGeneration
operation.
The JobId
can be used with GetGeneratedPolicy
to retrieve the
generated policies or used with CancelPolicyGeneration
to cancel the
policy generation request.
policyGeneration_principalArn :: Lens' PolicyGeneration Text Source #
The ARN of the IAM entity (user or role) for which you are generating a policy.
policyGeneration_status :: Lens' PolicyGeneration JobStatus Source #
The status of the policy generation request.
policyGeneration_startedOn :: Lens' PolicyGeneration UTCTime Source #
A timestamp of when the policy generation started.
PolicyGenerationDetails
policyGenerationDetails_principalArn :: Lens' PolicyGenerationDetails Text Source #
The ARN of the IAM entity (user or role) for which you are generating a policy.
Position
position_offset :: Lens' Position Int Source #
The offset within the policy that corresponds to the position, starting from 0.
RdsDbClusterSnapshotAttributeValue
rdsDbClusterSnapshotAttributeValue_accountIds :: Lens' RdsDbClusterSnapshotAttributeValue (Maybe [Text]) Source #
The Amazon Web Services account IDs that have access to the manual
Amazon RDS DB cluster snapshot. If the value all
is specified, then
the Amazon RDS DB cluster snapshot is public and can be copied or
restored by all Amazon Web Services accounts.
- If the configuration is for an existing Amazon RDS DB cluster
snapshot and you do not specify the
accountIds
inRdsDbClusterSnapshotAttributeValue
, then the access preview uses the existing sharedaccountIds
for the snapshot. - If the access preview is for a new resource and you do not specify
the specify the
accountIds
inRdsDbClusterSnapshotAttributeValue
, then the access preview considers the snapshot without any attributes. - To propose deletion of existing shared
accountIds
, you can specify an empty list foraccountIds
in theRdsDbClusterSnapshotAttributeValue
.
RdsDbClusterSnapshotConfiguration
rdsDbClusterSnapshotConfiguration_attributes :: Lens' RdsDbClusterSnapshotConfiguration (Maybe (HashMap Text RdsDbClusterSnapshotAttributeValue)) Source #
The names and values of manual DB cluster snapshot attributes. Manual DB
cluster snapshot attributes are used to authorize other Amazon Web
Services accounts to restore a manual DB cluster snapshot. The only
valid value for AttributeName
for the attribute map is restore
rdsDbClusterSnapshotConfiguration_kmsKeyId :: Lens' RdsDbClusterSnapshotConfiguration (Maybe Text) Source #
The KMS key identifier for an encrypted Amazon RDS DB cluster snapshot. The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
- If the configuration is for an existing Amazon RDS DB cluster
snapshot and you do not specify the
kmsKeyId
, or you specify an empty string, then the access preview uses the existingkmsKeyId
of the snapshot. - If the access preview is for a new resource and you do not specify
the specify the
kmsKeyId
, then the access preview considers the snapshot as unencrypted.
RdsDbSnapshotAttributeValue
rdsDbSnapshotAttributeValue_accountIds :: Lens' RdsDbSnapshotAttributeValue (Maybe [Text]) Source #
The Amazon Web Services account IDs that have access to the manual
Amazon RDS DB snapshot. If the value all
is specified, then the Amazon
RDS DB snapshot is public and can be copied or restored by all Amazon
Web Services accounts.
- If the configuration is for an existing Amazon RDS DB snapshot and
you do not specify the
accountIds
inRdsDbSnapshotAttributeValue
, then the access preview uses the existing sharedaccountIds
for the snapshot. - If the access preview is for a new resource and you do not specify
the specify the
accountIds
inRdsDbSnapshotAttributeValue
, then the access preview considers the snapshot without any attributes. - To propose deletion of an existing shared
accountIds
, you can specify an empty list foraccountIds
in theRdsDbSnapshotAttributeValue
.
RdsDbSnapshotConfiguration
rdsDbSnapshotConfiguration_attributes :: Lens' RdsDbSnapshotConfiguration (Maybe (HashMap Text RdsDbSnapshotAttributeValue)) Source #
The names and values of manual DB snapshot attributes. Manual DB
snapshot attributes are used to authorize other Amazon Web Services
accounts to restore a manual DB snapshot. The only valid value for
attributeName
for the attribute map is restore.
rdsDbSnapshotConfiguration_kmsKeyId :: Lens' RdsDbSnapshotConfiguration (Maybe Text) Source #
The KMS key identifier for an encrypted Amazon RDS DB snapshot. The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
- If the configuration is for an existing Amazon RDS DB snapshot and
you do not specify the
kmsKeyId
, or you specify an empty string, then the access preview uses the existingkmsKeyId
of the snapshot. - If the access preview is for a new resource and you do not specify
the specify the
kmsKeyId
, then the access preview considers the snapshot as unencrypted.
S3AccessPointConfiguration
s3AccessPointConfiguration_accessPointPolicy :: Lens' S3AccessPointConfiguration (Maybe Text) Source #
The access point or multi-region access point policy.
s3AccessPointConfiguration_networkOrigin :: Lens' S3AccessPointConfiguration (Maybe NetworkOriginConfiguration) Source #
The proposed Internet
and VpcConfiguration
to apply to this Amazon
S3 access point. VpcConfiguration
does not apply to multi-region
access points. If the access preview is for a new resource and neither
is specified, the access preview uses Internet
for the network origin.
If the access preview is for an existing resource and neither is
specified, the access preview uses the exiting network origin.
s3AccessPointConfiguration_publicAccessBlock :: Lens' S3AccessPointConfiguration (Maybe S3PublicAccessBlockConfiguration) Source #
The proposed S3PublicAccessBlock
configuration to apply to this Amazon
S3 access point or multi-region access point.
S3BucketAclGrantConfiguration
s3BucketAclGrantConfiguration_permission :: Lens' S3BucketAclGrantConfiguration AclPermission Source #
The permissions being granted.
s3BucketAclGrantConfiguration_grantee :: Lens' S3BucketAclGrantConfiguration AclGrantee Source #
The grantee to whom you’re assigning access rights.
S3BucketConfiguration
s3BucketConfiguration_accessPoints :: Lens' S3BucketConfiguration (Maybe (HashMap Text S3AccessPointConfiguration)) Source #
The configuration of Amazon S3 access points or multi-region access points for the bucket. You can propose up to 10 new access points per bucket.
s3BucketConfiguration_bucketAclGrants :: Lens' S3BucketConfiguration (Maybe [S3BucketAclGrantConfiguration]) Source #
The proposed list of ACL grants for the Amazon S3 bucket. You can propose up to 100 ACL grants per bucket. If the proposed grant configuration is for an existing bucket, the access preview uses the proposed list of grant configurations in place of the existing grants. Otherwise, the access preview uses the existing grants for the bucket.
s3BucketConfiguration_bucketPolicy :: Lens' S3BucketConfiguration (Maybe Text) Source #
The proposed bucket policy for the Amazon S3 bucket.
s3BucketConfiguration_bucketPublicAccessBlock :: Lens' S3BucketConfiguration (Maybe S3PublicAccessBlockConfiguration) Source #
The proposed block public access configuration for the Amazon S3 bucket.
S3PublicAccessBlockConfiguration
s3PublicAccessBlockConfiguration_ignorePublicAcls :: Lens' S3PublicAccessBlockConfiguration Bool Source #
Specifies whether Amazon S3 should ignore public ACLs for this bucket and objects in this bucket.
s3PublicAccessBlockConfiguration_restrictPublicBuckets :: Lens' S3PublicAccessBlockConfiguration Bool Source #
Specifies whether Amazon S3 should restrict public bucket policies for this bucket.
SecretsManagerSecretConfiguration
secretsManagerSecretConfiguration_kmsKeyId :: Lens' SecretsManagerSecretConfiguration (Maybe Text) Source #
The proposed ARN, key ID, or alias of the KMS key.
secretsManagerSecretConfiguration_secretPolicy :: Lens' SecretsManagerSecretConfiguration (Maybe Text) Source #
The proposed resource policy defining who can access or manage the secret.
SnsTopicConfiguration
snsTopicConfiguration_topicPolicy :: Lens' SnsTopicConfiguration (Maybe Text) Source #
The JSON policy text that defines who can access an Amazon SNS topic. For more information, see Example cases for Amazon SNS access control in the Amazon SNS Developer Guide.
SortCriteria
sortCriteria_attributeName :: Lens' SortCriteria (Maybe Text) Source #
The name of the attribute to sort on.
sortCriteria_orderBy :: Lens' SortCriteria (Maybe OrderBy) Source #
The sort order, ascending or descending.
Span
SqsQueueConfiguration
sqsQueueConfiguration_queuePolicy :: Lens' SqsQueueConfiguration (Maybe Text) Source #
The proposed resource policy for the Amazon SQS queue.
StatusReason
statusReason_code :: Lens' StatusReason ReasonCode Source #
The reason code for the current status of the analyzer.
Substring
Trail
trail_allRegions :: Lens' Trail (Maybe Bool) Source #
Possible values are true
or false
. If set to true
, IAM Access
Analyzer retrieves CloudTrail data from all regions to analyze and
generate a policy.
trail_regions :: Lens' Trail (Maybe [Text]) Source #
A list of regions to get CloudTrail data from and analyze to generate a policy.
trail_cloudTrailArn :: Lens' Trail Text Source #
Specifies the ARN of the trail. The format of a trail ARN is
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
.
TrailProperties
trailProperties_allRegions :: Lens' TrailProperties (Maybe Bool) Source #
Possible values are true
or false
. If set to true
, IAM Access
Analyzer retrieves CloudTrail data from all regions to analyze and
generate a policy.
trailProperties_regions :: Lens' TrailProperties (Maybe [Text]) Source #
A list of regions to get CloudTrail data from and analyze to generate a policy.
trailProperties_cloudTrailArn :: Lens' TrailProperties Text Source #
Specifies the ARN of the trail. The format of a trail ARN is
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
.
ValidatePolicyFinding
validatePolicyFinding_findingDetails :: Lens' ValidatePolicyFinding Text Source #
A localized message that explains the finding and provides guidance on how to address it.
validatePolicyFinding_findingType :: Lens' ValidatePolicyFinding ValidatePolicyFindingType Source #
The impact of the finding.
Security warnings report when the policy allows access that we consider overly permissive.
Errors report when a part of the policy is not functional.
Warnings report non-security issues when a policy does not conform to policy writing best practices.
Suggestions recommend stylistic improvements in the policy that do not impact access.
validatePolicyFinding_issueCode :: Lens' ValidatePolicyFinding Text Source #
The issue code provides an identifier of the issue associated with this finding.
validatePolicyFinding_learnMoreLink :: Lens' ValidatePolicyFinding Text Source #
A link to additional documentation about the type of finding.
validatePolicyFinding_locations :: Lens' ValidatePolicyFinding [Location] Source #
The list of locations in the policy document that are related to the finding. The issue code provides a summary of an issue identified by the finding.
VpcConfiguration
vpcConfiguration_vpcId :: Lens' VpcConfiguration Text Source #
If this field is specified, this access point will only allow connections from the specified VPC ID.