|
20 | 20 | "GetFinding": "<p>Retrieves information about the specified finding. GetFinding and GetFindingV2 both use <code>access-analyzer:GetFinding</code> in the <code>Action</code> element of an IAM policy statement. You must have permission to perform the <code>access-analyzer:GetFinding</code> action.</p>", |
21 | 21 | "GetFindingRecommendation": "<p>Retrieves information about a finding recommendation for the specified analyzer.</p>", |
22 | 22 | "GetFindingV2": "<p>Retrieves information about the specified finding. GetFinding and GetFindingV2 both use <code>access-analyzer:GetFinding</code> in the <code>Action</code> element of an IAM policy statement. You must have permission to perform the <code>access-analyzer:GetFinding</code> action.</p>", |
| 23 | + "GetFindingsStatistics": "<p>Retrieves a list of aggregated finding statistics for an external access or unused access analyzer.</p>", |
23 | 24 | "GetGeneratedPolicy": "<p>Retrieves the policy that was generated using <code>StartPolicyGeneration</code>. </p>", |
24 | 25 | "ListAccessPreviewFindings": "<p>Retrieves a list of access preview findings generated by the specified access preview.</p>", |
25 | 26 | "ListAccessPreviews": "<p>Retrieves a list of access previews for the specified analyzer.</p>", |
|
163 | 164 | "Access$resources": "<p>A list of resources for the access permissions. Any strings that can be used as an Amazon Resource Name (ARN) in an IAM policy can be used in the list of resources to check. You can only use a wildcard in the portion of the ARN that specifies the resource ID.</p>" |
164 | 165 | } |
165 | 166 | }, |
| 167 | + "AccountAggregations": { |
| 168 | + "base": null, |
| 169 | + "refs": { |
| 170 | + "UnusedAccessFindingsStatistics$topAccounts": "<p>A list of one to ten Amazon Web Services accounts that have the most active findings for the unused access analyzer.</p>" |
| 171 | + } |
| 172 | + }, |
166 | 173 | "AccountIdsList": { |
167 | 174 | "base": null, |
168 | 175 | "refs": { |
|
260 | 267 | "GetFindingRecommendationRequest$analyzerArn": "<p>The <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources\">ARN of the analyzer</a> used to generate the finding recommendation.</p>", |
261 | 268 | "GetFindingRequest$analyzerArn": "<p>The <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources\">ARN of the analyzer</a> that generated the finding.</p>", |
262 | 269 | "GetFindingV2Request$analyzerArn": "<p>The <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources\">ARN of the analyzer</a> that generated the finding.</p>", |
| 270 | + "GetFindingsStatisticsRequest$analyzerArn": "<p>The <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources\">ARN of the analyzer</a> used to generate the statistics.</p>", |
263 | 271 | "ListAccessPreviewFindingsRequest$analyzerArn": "<p>The <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources\">ARN of the analyzer</a> used to generate the access.</p>", |
264 | 272 | "ListAccessPreviewsRequest$analyzerArn": "<p>The <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources\">ARN of the analyzer</a> used to generate the access preview.</p>", |
265 | 273 | "ListAnalyzedResourcesRequest$analyzerArn": "<p>The <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources\">ARN of the analyzer</a> to retrieve a list of analyzed resources from.</p>", |
|
580 | 588 | "FindingDetails$externalAccessDetails": "<p>The details for an external access analyzer finding.</p>" |
581 | 589 | } |
582 | 590 | }, |
| 591 | + "ExternalAccessFindingsStatistics": { |
| 592 | + "base": "<p>Provides aggregate statistics about the findings for the specified external access analyzer.</p>", |
| 593 | + "refs": { |
| 594 | + "FindingsStatistics$externalAccessFindingsStatistics": "<p>The aggregate statistics for an external access analyzer.</p>" |
| 595 | + } |
| 596 | + }, |
583 | 597 | "FilterCriteriaMap": { |
584 | 598 | "base": null, |
585 | 599 | "refs": { |
|
598 | 612 | "GetFindingResponse$finding": "<p>A <code>finding</code> object that contains finding details.</p>" |
599 | 613 | } |
600 | 614 | }, |
| 615 | + "FindingAggregationAccountDetails": { |
| 616 | + "base": "<p>Contains information about the findings for an Amazon Web Services account in an organization unused access analyzer.</p>", |
| 617 | + "refs": { |
| 618 | + "AccountAggregations$member": null |
| 619 | + } |
| 620 | + }, |
| 621 | + "FindingAggregationAccountDetailsMap": { |
| 622 | + "base": null, |
| 623 | + "refs": { |
| 624 | + "FindingAggregationAccountDetails$details": "<p>Provides the number of active findings for each type of unused access for the specified Amazon Web Services account.</p>" |
| 625 | + } |
| 626 | + }, |
601 | 627 | "FindingChangeType": { |
602 | 628 | "base": null, |
603 | 629 | "refs": { |
|
711 | 737 | "ListFindingsV2Response$findings": "<p>A list of findings retrieved from the analyzer that match the filter criteria specified, if any.</p>" |
712 | 738 | } |
713 | 739 | }, |
| 740 | + "FindingsStatistics": { |
| 741 | + "base": "<p>Contains information about the aggregate statistics for an external or unused access analyzer. Only one parameter can be used in a <code>FindingsStatistics</code> object.</p>", |
| 742 | + "refs": { |
| 743 | + "FindingsStatisticsList$member": null |
| 744 | + } |
| 745 | + }, |
| 746 | + "FindingsStatisticsList": { |
| 747 | + "base": null, |
| 748 | + "refs": { |
| 749 | + "GetFindingsStatisticsResponse$findingsStatistics": "<p>A group of external access or unused access findings statistics.</p>" |
| 750 | + } |
| 751 | + }, |
714 | 752 | "GenerateFindingRecommendationRequest": { |
715 | 753 | "base": null, |
716 | 754 | "refs": { |
|
828 | 866 | "refs": { |
829 | 867 | } |
830 | 868 | }, |
| 869 | + "GetFindingsStatisticsRequest": { |
| 870 | + "base": null, |
| 871 | + "refs": { |
| 872 | + } |
| 873 | + }, |
| 874 | + "GetFindingsStatisticsResponse": { |
| 875 | + "base": null, |
| 876 | + "refs": { |
| 877 | + } |
| 878 | + }, |
831 | 879 | "GetGeneratedPolicyRequest": { |
832 | 880 | "base": null, |
833 | 881 | "refs": { |
|
871 | 919 | "Integer": { |
872 | 920 | "base": null, |
873 | 921 | "refs": { |
| 922 | + "ExternalAccessFindingsStatistics$totalActiveFindings": "<p>The number of active findings for the specified external access analyzer.</p>", |
| 923 | + "ExternalAccessFindingsStatistics$totalArchivedFindings": "<p>The number of archived findings for the specified external access analyzer.</p>", |
| 924 | + "ExternalAccessFindingsStatistics$totalResolvedFindings": "<p>The number of resolved findings for the specified external access analyzer.</p>", |
| 925 | + "FindingAggregationAccountDetails$numberOfActiveFindings": "<p>The number of active unused access findings for the specified Amazon Web Services account.</p>", |
| 926 | + "FindingAggregationAccountDetailsMap$value": null, |
874 | 927 | "GetFindingV2Request$maxResults": "<p>The maximum number of results to return in the response.</p>", |
875 | 928 | "InternalServerException$retryAfterSeconds": "<p>The seconds to wait to retry.</p>", |
876 | 929 | "ListAccessPreviewFindingsRequest$maxResults": "<p>The maximum number of results to return in the response.</p>", |
|
885 | 938 | "Position$column": "<p>The column of the position, starting from 0.</p>", |
886 | 939 | "Position$offset": "<p>The offset within the policy that corresponds to the position, starting from 0.</p>", |
887 | 940 | "ReasonSummary$statementIndex": "<p>The index number of the reason statement.</p>", |
| 941 | + "ResourceTypeDetails$totalActivePublic": "<p>The total number of active public findings for the resource type.</p>", |
| 942 | + "ResourceTypeDetails$totalActiveCrossAccount": "<p>The total number of active cross-account findings for the resource type.</p>", |
888 | 943 | "Substring$start": "<p>The start index of the substring, starting from 0.</p>", |
889 | 944 | "Substring$length": "<p>The length of the substring.</p>", |
890 | 945 | "ThrottlingException$retryAfterSeconds": "<p>The seconds to wait to retry.</p>", |
891 | 946 | "UnusedAccessConfiguration$unusedAccessAge": "<p>The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 365 days.</p>", |
| 947 | + "UnusedAccessFindingsStatistics$totalActiveFindings": "<p>The total number of active findings for the unused access analyzer.</p>", |
| 948 | + "UnusedAccessFindingsStatistics$totalArchivedFindings": "<p>The total number of archived findings for the unused access analyzer.</p>", |
| 949 | + "UnusedAccessFindingsStatistics$totalResolvedFindings": "<p>The total number of resolved findings for the unused access analyzer.</p>", |
| 950 | + "UnusedAccessTypeStatistics$total": "<p>The total number of findings for the specified unused access type.</p>", |
892 | 951 | "ValidatePolicyRequest$maxResults": "<p>The maximum number of results to return in the response.</p>" |
893 | 952 | } |
894 | 953 | }, |
|
1431 | 1490 | "FindingSummary$resourceType": "<p>The type of the resource that the external principal has access to.</p>", |
1432 | 1491 | "FindingSummaryV2$resourceType": "<p>The type of the resource that the external principal has access to.</p>", |
1433 | 1492 | "GetFindingV2Response$resourceType": "<p>The type of the resource identified in the finding.</p>", |
1434 | | - "ListAnalyzedResourcesRequest$resourceType": "<p>The type of resource.</p>" |
| 1493 | + "ListAnalyzedResourcesRequest$resourceType": "<p>The type of resource.</p>", |
| 1494 | + "ResourceTypeStatisticsMap$key": null |
| 1495 | + } |
| 1496 | + }, |
| 1497 | + "ResourceTypeDetails": { |
| 1498 | + "base": "<p>Contains information about the total number of active cross-account and public findings for a resource type of an external access analyzer.</p>", |
| 1499 | + "refs": { |
| 1500 | + "ResourceTypeStatisticsMap$value": null |
| 1501 | + } |
| 1502 | + }, |
| 1503 | + "ResourceTypeStatisticsMap": { |
| 1504 | + "base": null, |
| 1505 | + "refs": { |
| 1506 | + "ExternalAccessFindingsStatistics$resourceTypeStatistics": "<p>The total number of active cross-account and public findings for each resource type of the specified external access analyzer.</p>" |
1435 | 1507 | } |
1436 | 1508 | }, |
1437 | 1509 | "RetiringPrincipal": { |
|
1625 | 1697 | "Finding$resource": "<p>The resource that an external principal has access to.</p>", |
1626 | 1698 | "Finding$resourceOwnerAccount": "<p>The Amazon Web Services account ID that owns the resource.</p>", |
1627 | 1699 | "Finding$error": "<p>An error.</p>", |
| 1700 | + "FindingAggregationAccountDetails$account": "<p>The ID of the Amazon Web Services account for which unused access finding details are provided.</p>", |
| 1701 | + "FindingAggregationAccountDetailsMap$key": null, |
1628 | 1702 | "FindingSourceDetail$accessPointArn": "<p>The ARN of the access point that generated the finding. The ARN format depends on whether the ARN represents an access point or a multi-region access point.</p>", |
1629 | 1703 | "FindingSourceDetail$accessPointAccount": "<p>The account of the cross-account access point that generated the finding.</p>", |
1630 | 1704 | "FindingSummary$resource": "<p>The resource that the external principal has access to.</p>", |
|
1667 | 1741 | "ThrottlingException$message": null, |
1668 | 1742 | "UnprocessableEntityException$message": null, |
1669 | 1743 | "UntagResourceRequest$resourceArn": "<p>The ARN of the resource to remove the tag from.</p>", |
| 1744 | + "UnusedAccessTypeStatistics$unusedAccessType": "<p>The type of unused access.</p>", |
1670 | 1745 | "UnusedAction$action": "<p>The action for which the unused access finding was generated.</p>", |
1671 | 1746 | "UnusedIamUserAccessKeyDetails$accessKeyId": "<p>The ID of the access key for which the unused access finding was generated.</p>", |
1672 | 1747 | "UnusedPermissionDetails$serviceNamespace": "<p>The namespace of the Amazon Web Services service that contains the unused actions.</p>", |
|
1755 | 1830 | "GetFindingV2Response$analyzedAt": "<p>The time at which the resource-based policy or IAM entity that generated the finding was analyzed.</p>", |
1756 | 1831 | "GetFindingV2Response$createdAt": "<p>The time at which the finding was created.</p>", |
1757 | 1832 | "GetFindingV2Response$updatedAt": "<p>The time at which the finding was updated.</p>", |
| 1833 | + "GetFindingsStatisticsResponse$lastUpdatedAt": "<p>The time at which the retrieval of the findings statistics was last updated. If the findings statistics have not been previously retrieved for the specified analyzer, this field will not be populated.</p>", |
1758 | 1834 | "JobDetails$startedOn": "<p>A timestamp of when the job was started.</p>", |
1759 | 1835 | "JobDetails$completedOn": "<p>A timestamp of when the job was completed.</p>", |
1760 | 1836 | "PolicyGeneration$startedOn": "<p>A timestamp of when the policy generation started.</p>", |
|
1847 | 1923 | "AnalyzerConfiguration$unusedAccess": "<p>Specifies the configuration of an unused access analyzer for an Amazon Web Services organization or account.</p>" |
1848 | 1924 | } |
1849 | 1925 | }, |
| 1926 | + "UnusedAccessFindingsStatistics": { |
| 1927 | + "base": "<p>Provides aggregate statistics about the findings for the specified unused access analyzer.</p>", |
| 1928 | + "refs": { |
| 1929 | + "FindingsStatistics$unusedAccessFindingsStatistics": "<p>The aggregate statistics for an unused access analyzer.</p>" |
| 1930 | + } |
| 1931 | + }, |
| 1932 | + "UnusedAccessTypeStatistics": { |
| 1933 | + "base": "<p>Contains information about the total number of findings for a type of unused access.</p>", |
| 1934 | + "refs": { |
| 1935 | + "UnusedAccessTypeStatisticsList$member": null |
| 1936 | + } |
| 1937 | + }, |
| 1938 | + "UnusedAccessTypeStatisticsList": { |
| 1939 | + "base": null, |
| 1940 | + "refs": { |
| 1941 | + "UnusedAccessFindingsStatistics$unusedAccessTypeStatistics": "<p>A list of details about the total number of findings for each type of unused access for the analyzer. </p>" |
| 1942 | + } |
| 1943 | + }, |
1850 | 1944 | "UnusedAction": { |
1851 | 1945 | "base": "<p>Contains information about an unused access finding for an action. IAM Access Analyzer charges for unused access analysis based on the number of IAM roles and users analyzed per month. For more details on pricing, see <a href=\"https://aws.amazon.com/iam/access-analyzer/pricing\">IAM Access Analyzer pricing</a>.</p>", |
1852 | 1946 | "refs": { |
|
0 commit comments